pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / development / python-modules / python-u2flib-server / cryptography-37-compat.patch
at master 4.6 kB view raw
1diff --git a/test/soft_u2f_v2.py b/test/soft_u2f_v2.py 2index d011b1f..9a24bb9 100644 3--- a/test/soft_u2f_v2.py 4+++ b/test/soft_u2f_v2.py 5@@ -112,9 +112,7 @@ class SoftU2FDevice(object): 6 CERT_PRIV, password=None, backend=default_backend()) 7 cert = CERT 8 data = b'\x00' + app_param + client_param + key_handle + pub_key 9- signer = cert_priv.signer(ec.ECDSA(hashes.SHA256())) 10- signer.update(data) 11- signature = signer.finalize() 12+ signature = cert_priv.sign(data, ec.ECDSA(hashes.SHA256())) 13 14 raw_response = (b'\x05' + pub_key + six.int2byte(len(key_handle)) + 15 key_handle + cert + signature) 16@@ -163,9 +161,7 @@ class SoftU2FDevice(object): 17 counter = struct.pack('>I', self.counter) 18 19 data = app_param + touch + counter + client_param 20- signer = priv_key.signer(ec.ECDSA(hashes.SHA256())) 21- signer.update(data) 22- signature = signer.finalize() 23+ signature = priv_key.sign(data, ec.ECDSA(hashes.SHA256())) 24 raw_response = touch + counter + signature 25 26 return SignResponse( 27diff --git a/u2flib_server/attestation/resolvers.py b/u2flib_server/attestation/resolvers.py 28index 034549f..cd59b10 100644 29--- a/u2flib_server/attestation/resolvers.py 30+++ b/u2flib_server/attestation/resolvers.py 31@@ -86,27 +86,29 @@ class MetadataResolver(object): 32 cert_bytes = cert.tbs_certificate_bytes 33 34 if isinstance(pubkey, rsa.RSAPublicKey): 35- verifier = pubkey.verifier( 36- cert_signature, 37- padding.PKCS1v15(), 38- cert.signature_hash_algorithm 39- ) 40+ try: 41+ pubkey.verify( 42+ cert_signature, 43+ cert_bytes, 44+ padding.PKCS1v15(), 45+ cert.signature_hash_algorithm 46+ ) 47+ return True 48+ except InvalidSignature: 49+ return False 50 elif isinstance(pubkey, ec.EllipticCurvePublicKey): 51- verifier = pubkey.verifier( 52- cert_signature, 53- ec.ECDSA(cert.signature_hash_algorithm) 54- ) 55+ try: 56+ pubkey.verify( 57+ cert_signature, 58+ cert_bytes, 59+ ec.ECDSA(cert.signature_hash_algorithm) 60+ ) 61+ return True 62+ except InvalidSignature: 63+ return False 64 else: 65 raise ValueError("Unsupported public key value") 66 67- verifier.update(cert_bytes) 68- 69- try: 70- verifier.verify() 71- return True 72- except InvalidSignature: 73- return False 74- 75 def resolve(self, cert): 76 if isinstance(cert, bytes): 77 cert = x509.load_der_x509_certificate(cert, default_backend()) 78diff --git a/u2flib_server/model.py b/u2flib_server/model.py 79index 481be51..6ec01bb 100644 80--- a/u2flib_server/model.py 81+++ b/u2flib_server/model.py 82@@ -175,12 +175,9 @@ class RegistrationData(object): 83 cert = x509.load_der_x509_certificate(self.certificate, 84 default_backend()) 85 pubkey = cert.public_key() 86- verifier = pubkey.verifier(self.signature, ec.ECDSA(hashes.SHA256())) 87- 88- verifier.update(b'\0' + app_param + chal_param + self.key_handle + 89- self.pub_key) 90+ msg = (b'\0' + app_param + chal_param + self.key_handle + self.pub_key) 91 try: 92- verifier.verify() 93+ pubkey.verify(self.signature, msg, ec.ECDSA(hashes.SHA256())) 94 except InvalidSignature: 95 raise ValueError('Attestation signature is invalid') 96 97@@ -207,13 +204,9 @@ class SignatureData(object): 98 def verify(self, app_param, chal_param, der_pubkey): 99 pubkey = load_der_public_key(PUB_KEY_DER_PREFIX + der_pubkey, 100 default_backend()) 101- verifier = pubkey.verifier(self.signature, ec.ECDSA(hashes.SHA256())) 102- verifier.update(app_param + 103- six.int2byte(self.user_presence) + 104- struct.pack('>I', self.counter) + 105- chal_param) 106+ msg = app_param + six.int2byte(self.user_presence) + struct.pack('>I', self.counter) + chal_param 107 try: 108- verifier.verify() 109+ pubkey.verify(self.signature, msg, ec.ECDSA(hashes.SHA256())) 110 except InvalidSignature: 111 raise ValueError('U2F signature is invalid') 112