Replace PyCrypto with tinyaes for encryption support #4652
Conversation
naufraghi
force-pushed
the
2365-replace-pycrypto-with-tinyaes
branch
3 times, most recently
from
2187fd2
to
a8410a7
Compare
naufraghi
changed the title
|
The new code is much simpler to read, and after so many months there is finally a possible replacement for that critical code part (that I failed to do it myself, twice ^^). 💪 |
|
Do we need a similar PR for the master too? |
naufraghi
force-pushed
the
2365-replace-pycrypto-with-tinyaes
branch
from
a8410a7
to
ce127b9
Compare
|
Hmm, I'll wait a bit more, I'm adding some test to the library, I'd prefer to point a stable release in |
naufraghi
changed the title
Nope, target |
|
@naufraghi will review this later today when on PC. This looks good at the moment. I will point out that I can't actually merge this - you need @bjones1 for that. Oh and don't target master. Only stable releases get pushed to that branch. We want develop. |
|
Sorry for the review requests, I was just inspecting the the GitHub gui 🙄 |
|
@naufraghi not a problem. I've got to say, this looks good. I'm going to suggest that seeing as you said you don't want the bounty, it goes to the PyInstaller team to fund @htgoebel. |
There was a problem hiding this comment.
You need to add a changelog entry, as per https://pyinstaller.readthedocs.io/en/stable/development/changelog-entries.html. It can be a bit confusing - see the news folder for some examples. Also:
- edit the README
- And the docs. Remove PyCrypto references
naufraghi
force-pushed
the
2365-replace-pycrypto-with-tinyaes
branch
2 times, most recently
from
bd95389
to
3c52c69
Compare
|
Added |
There was a problem hiding this comment.
You need to change the requirements version spec - https://travis-ci.org/pyinstaller/pyinstaller/jobs/651427755#L480.
As to your last comment, the when you push to origin, the CI runs automatically.
|
I use to let the reviewer resolve the discussions, but I can close myself the ones I think I have resolved, let me know the preferred workflow. |
|
Sorry, I lack the time to review this. |
|
@htgoebel Can you please review? |
naufraghi
force-pushed
the
2365-replace-pycrypto-with-tinyaes
branch
from
5b7c14e
to
ff6f3f5
Compare
|
Rebased, just to check everything still works, and we have some unrelated error on macOS and nightly. |
|
@naufraghi I've restarted the failing build. It's running. FYI we're just waiting for @htgoebel to review and merge. |
|
@htgoebel can you look at this PR now? It should be ready to merge, we just need final review. |
This re-enables encrypting the Python bytecode (option ``--key``). `tinyaes <https://github.com/naufraghi/tinyaes-py>`_ is a minimal AES-only library that wraps the C library `tiny-AES-c <https://github.com/kokke/tiny-AES-c>`_. Currently the library wraps only the CTR mode that can be used in PyInstaller instead of the CFB mode used before. Reading various sources, CFB is `somewhat similar to CBC <https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_Feedback_(CFB)>`_ and CTR is suggested as a go-to stream cipher (see <https://crypto.stackexchange.com/questions/6029> and links) that can be used instead of CBC. Closes pyinstaller#2365.
htgoebel
force-pushed
the
2365-replace-pycrypto-with-tinyaes
branch
from
ff6f3f5
to
455c57f
Compare
|
@htgoebel, can I merge this? |
|
@naufraghi thanks for this feature/bugfix! |
pyinstaller#4652) This re-enables encrypting the Python bytecode (`--key`) by replacing PyCrypto with tinyaes. tinyaes is a minimal AES-only library that wraps the C library tiny-AES-c. See https://github.com/naufraghi/tinyaes-py for source code. Closes pyinstaller#2365.
tinyaes is a minimal AES-only library that wraps the C library tiny-AES-c.
Currently the library wraps only the CTR mode that can be used in PyInstaller instead of the CFB mode used before.
Reading various sources, CFB is somewhat similar to CBC and CTR is suggested as a go-to stream cipher (https://crypto.stackexchange.com/questions/6029/aes-cbc-mode-or-aes-ctr-mode-recommended and links) that can be used instead of CBC.
See the issue comments for more discussion #2365 (comment)
Closes #2365