calculate
/
gentoo-overlay
7
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2028'
${ noResults }
gentoo-overlay/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-supp...

183 lines
6.3 KiB
Raw Permalink Blame History

From 99bb0c7430c9f954582eabd3a9581fe0db6f2e81 Mon Sep 17 00:00:00 2001
From: Pascal Ernster <git@hardfalcon.net>
Date: Mon, 22 Jul 2019 04:25:18 +0200
Subject: [PATCH] Replace libnacl with python-cryptography, add support for
algo 16 (Ed448)
Origin: https://github.com/dnsviz/dnsviz/pull/54
---
Dockerfile | 2 +-
README.md | 8 ++++----
contrib/dnsviz-py2.spec | 2 +-
contrib/dnsviz-py3.spec | 2 +-
dnsviz/crypto.py | 30 +++++++++++++++++++++++++-----
requirements.txt | 2 +-
setup.py | 2 +-
7 files changed, 34 insertions(+), 14 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index dc6a0d9e..61a319de 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@ FROM alpine:edge
RUN apk add python3 graphviz ttf-liberation libsodium bind bind-tools
RUN apk add --virtual builddeps linux-headers python3-dev graphviz-dev gcc libc-dev openssl-dev swig && \
- pip3 install pygraphviz m2crypto dnspython libnacl && \
+ pip3 install pygraphviz m2crypto dnspython cryptography && \
apk del builddeps
COPY . /tmp/dnsviz
diff --git a/README.md b/README.md
index e9dcda83..03d9c3dd 100644
--- a/README.md
+++ b/README.md
@@ -41,7 +41,7 @@ Instructions for running in a Docker container are also available
* M2Crypto (0.28.0 or later) - https://gitlab.com/m2crypto/m2crypto
-* libnacl - https://github.com/saltstack/libnacl
+* Cryptography (2.6 or later) - https://cryptography.io/
Note that the software versions listed above are known to work with the current
version of DNSViz. Other versions might also work well together, but might
@@ -85,7 +85,7 @@ $ source ~/myenv/bin/activate
```
(Note that this installs the dependencies that are python packages, but some of
these packages have non-python dependecies, such as Graphviz (required for
-pygraphviz) and libsodium (required for libnacl), that are not installed
+pygraphviz) and OpenSSL (required for Cryptography), that are not installed
automatically.)
Next download and install DNSViz from the Python Package Index (PyPI):
@@ -121,9 +121,9 @@ $ cp dist/dnsviz-*.tar.gz ~/rpmbuild/SOURCES/
$ cp contrib/dnsviz-py${PY_VERS}.spec ~/rpmbuild/SPECS/dnsviz.spec
```
-Install dnspython, pygraphviz, M2Crypto, and libnacl.
+Install dnspython, pygraphviz, M2Crypto, and Cryptography.
```
-$ sudo dnf install python${PY_VERS}-dns python${PY_VERS}-pygraphviz python${PY_VERS}-libnacl
+$ sudo dnf install python${PY_VERS}-dns python${PY_VERS}-pygraphviz python${PY_VERS}-cryptography
```
For python2:
```
diff --git a/contrib/dnsviz-py2.spec b/contrib/dnsviz-py2.spec
index 0bea597b..65033c95 100644
--- a/contrib/dnsviz-py2.spec
+++ b/contrib/dnsviz-py2.spec
@@ -15,7 +15,7 @@ BuildRequires: make
Requires: python2-pygraphviz >= 1.3
Requires: m2crypto >= 0.28.0
Requires: python2-dns >= 1.13
-Requires: python2-libnacl
+Requires: python2-cryptography
%description
DNSViz is a tool suite for analysis and visualization of Domain Name System
diff --git a/contrib/dnsviz-py3.spec b/contrib/dnsviz-py3.spec
index ef25f4b5..975f3e10 100644
--- a/contrib/dnsviz-py3.spec
+++ b/contrib/dnsviz-py3.spec
@@ -15,7 +15,7 @@ BuildRequires: make
Requires: python3-pygraphviz >= 1.3
Requires: python3-m2crypto >= 0.28.0
Requires: python3-dns >= 1.13
-Requires: python3-libnacl
+Requires: python3-cryptography
%description
DNSViz is a tool suite for analysis and visualization of Domain Name System
diff --git a/dnsviz/crypto.py b/dnsviz/crypto.py
index b011cbf3..283eac4d 100644
--- a/dnsviz/crypto.py
+++ b/dnsviz/crypto.py
@@ -55,7 +55,7 @@
'M2Crypto >= 0.21.1': (set([1,5,7,8,10]), set([1,2,4]), set([1])),
'M2Crypto >= 0.24.0': (set([3,6,13,14]), set(), set()),
'M2Crypto >= 0.24.0 and either openssl < 1.1.0 or openssl >= 1.1.0 plus the OpenSSL GOST Engine': (set([12]), set([3]), set()),
- 'libnacl': (set([15]), set(), set()),
+ 'cryptography': (set([15,16]), set(), set()),
}
_logged_modules = set()
@@ -72,12 +72,19 @@
_supported_digest_algs.update(set([1,2,4]))
try:
- from libnacl.sign import Verifier as ed25519Verifier
+ from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
except ImportError:
pass
else:
_supported_algs.add(15)
+try:
+ from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PublicKey
+except ImportError:
+ pass
+else:
+ _supported_algs.add(16)
+
GOST_PREFIX = b'\x30\x63\x30\x1c\x06\x06\x2a\x85\x03\x02\x02\x13\x30\x12\x06\x07\x2a\x85\x03\x02\x02\x23\x01\x06\x07\x2a\x85\x03\x02\x02\x1e\x01\x03\x43\x00\x04\x40'
GOST_ENGINE_NAME = b'gost'
GOST_DIGEST_NAME = b'GOST R 34.11-94'
@@ -386,10 +393,21 @@ def _validate_rrsig_ec(alg, sig, msg, key):
def _validate_rrsig_ed25519(alg, sig, msg, key):
try:
- verifier = ed25519Verifier(binascii.hexlify(key))
- return verifier.verify(sig + msg) == msg
- except ValueError:
+ verifier = Ed25519PublicKey.from_public_bytes(key)
+ verifier.verify(sig, msg)
+ except:
return False
+ else:
+ return True
+
+def _validate_rrsig_ed448(alg, sig, msg, key):
+ try:
+ verifier = Ed448PublicKey.from_public_bytes(key)
+ verifier.verify(sig, msg)
+ except:
+ return False
+ else:
+ return True
def validate_rrsig(alg, sig, msg, key):
if not alg_is_supported(alg):
@@ -407,6 +425,8 @@ def validate_rrsig(alg, sig, msg, key):
return _validate_rrsig_ec(alg, sig, msg, key)
elif alg in (15,):
return _validate_rrsig_ed25519(alg, sig, msg, key)
+ elif alg in (16,):
+ return _validate_rrsig_ed448(alg, sig, msg, key)
def get_digest_for_nsec3(val, salt, alg, iterations):
if not nsec3_alg_is_supported(alg):
diff --git a/requirements.txt b/requirements.txt
index d6b2de5e..af2be235 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,4 @@
dnspython
pygraphviz
m2crypto
-libnacl
+cryptography
diff --git a/setup.py b/setup.py
index ba1016e3..b531c025 100644
--- a/setup.py
+++ b/setup.py
@@ -135,7 +135,7 @@ def run(self):
'pygraphviz (>=1.1)',
'm2crypto (>=0.24.0)',
'dnspython (>=1.11)',
- 'libnacl',
+ 'cryptography (>=2.6)',
],
classifiers=[
'Development Status :: 5 - Production/Stable',
Reference in new issue View Git Blame Copy Permalink