gentoo auto-resync : 26:05:2023 - 15:09:32

author: V3n3RiX <venerix@koprulu.sector> 2023-05-26 15:09:32 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2023-05-26 15:09:32 +0100
commit: f3a881e4cb31d574a107320b2f04e2d1f0ddf551 (patch)
tree: 0fb407d14cee6b3da0742b5060c92e9accb07fe0 /dev-python/spake2
parent: 720452fca3cdf447b4c65bc3bb363032a983309e (diff)
3 files changed, 121 insertions, 3 deletions
diff --git a/dev-python/spake2/Manifest b/dev-python/spake2/Manifest
index 713e65a50125..2a6b57ef5652 100644
--- a/dev-python/spake2/Manifest
+++ b/dev-python/spake2/Manifest
@@ -1,3 +1,4 @@
+AUX spake2-0.8-do_not_use_hkdf_package.patch 4380 BLAKE2B afc8222c1c562947c4b9ae6be90b7cb0f6f441f0d02677160f54c7c88b0752f2bdd09599ba04ba131cca4c8481c5abb44079ab63ec36788d5937d18cb2c82fcc SHA512 41156d8b43570158b042802c951ab74a84f618c4dc6ed9edc31c3c28dee972a2b80166b9fcae29ca9aa5a5596ca352f42e58f9c6834cfb2bfd5ba2ce093bd82c
 DIST spake2-0.8.gh.tar.gz 62425 BLAKE2B 64215362af26fff0785fdabf4282f7111a4cc917750827075b616f009cb1fa6373fc2325382c26b43c051aa5b94e414ca2a5223d9ab666289eb2d04723b15cb5 SHA512 908c377c831f4a11551973ca917b113d51a66c533d35fd19b2692fdb7e575ed2a5045d9b632bc55c37b68ad092f01dff5da191e9dfbfb5599b72844788438d68
-EBUILD spake2-0.8.ebuild 635 BLAKE2B 51a609794569458dffe2f3c288d26a19bb4efc12d5f9b8b91509be35495ac334ff03acad560a1424f180dd5e0da943b22120a1ff7a452934a97a44a53ecf9179 SHA512 c38a16bb40a5cd7dca004c2f4cac7cb26c5f62e8ca63444a3701cdae3a1c27aac49d6dcb4ad695b62ea101c5841a6dcffa472f690f7b7516e84e784eda124e65
+EBUILD spake2-0.8-r1.ebuild 706 BLAKE2B fd6666eae0ac5ac41ba406ee8c70c3268b15b9b3ecca06f63556641d308efb65ec9e68d7848f161995d49978bfabb8aa5fa514673731a1da21f3c67033f99006 SHA512 97cf1ef487b6e5d9af080f9d65e13eb741da884ac89fd3a23963d65420ee601e50d8501da8bf68d8ae24071434dfb33b7afac58f51cf0d87005436251a0249f6
 MISC metadata.xml 401 BLAKE2B a80b9d771ec1251af6e16f012257a7d1150644cdba64052ff5b70d282c6f27fa57685f675409a3edf30b2c2bc24c85f74b3dd8460999f8497a72e93653183abc SHA512 ecfbcd80d35348bbb1a5469bcca1b06a86ca6fe736d443707e00859400318e5c9bb399e5acf2faaf2771301518741ec93124277f6bf1834454b4406392cf0ea4
diff --git a/dev-python/spake2/files/spake2-0.8-do_not_use_hkdf_package.patch b/dev-python/spake2/files/spake2-0.8-do_not_use_hkdf_package.patch
new file mode 100644
index 000000000000..40e9e17a6843
--- /dev/null
+++ b/dev-python/spake2/files/spake2-0.8-do_not_use_hkdf_package.patch
@@ -0,0 +1,113 @@
+From 930bfabc17748ea3772e6a40b04e84fc4aafcf04 Mon Sep 17 00:00:00 2001
+From: meejah <meejah@meejah.ca>
+Date: Wed, 9 Nov 2022 23:42:33 -0700
+Subject: [PATCH 1/2] use cryptography's HKDF implementation
+
+---
+ setup.py                       |  2 +-
+ src/spake2/ed25519_basic.py    |  2 +-
+ src/spake2/groups.py           | 21 ++++++++++++++-------
+ src/spake2/test/test_compat.py |  9 +++++----
+ 4 files changed, 21 insertions(+), 13 deletions(-)
+
+diff --git a/setup.py b/setup.py
+index 660f055..ba3cc28 100755
+--- a/setup.py
++++ b/setup.py
+@@ -79,5 +79,5 @@ def abbrev(t):
+           "Programming Language :: Python :: 3.6",
+           "Topic :: Security :: Cryptography",
+           ],
+-      install_requires=["hkdf"],
++      install_requires=["cryptography"],
+       )
+diff --git a/src/spake2/ed25519_basic.py b/src/spake2/ed25519_basic.py
+index 1890be7..dbab56d 100644
+--- a/src/spake2/ed25519_basic.py
++++ b/src/spake2/ed25519_basic.py
+@@ -273,7 +273,7 @@ def arbitrary_element(seed): # unknown DL
+     # oversized string (128 bits more than the field size), then reducing
+     # down to Q. But it's comforting, and it's the same technique we use for
+     # converting passwords/seeds to scalars (which *does* need uniformity).
+-    hseed = expand_arbitrary_element_seed(seed, (256/8)+16)
++    hseed = expand_arbitrary_element_seed(seed, int((256/8)+16))
+     y = int(binascii.hexlify(hseed), 16) % Q
+ 
+     # we try successive Y values until we find a valid point
+diff --git a/src/spake2/groups.py b/src/spake2/groups.py
+index de4f75d..66b08e7 100644
+--- a/src/spake2/groups.py
++++ b/src/spake2/groups.py
+@@ -1,6 +1,7 @@
+ from __future__ import division
+ import hashlib
+-from hkdf import Hkdf
++from cryptography.hazmat.primitives.kdf import hkdf
++from cryptography.hazmat.primitives import hashes
+ from .six import integer_types
+ from .util import (size_bits, size_bytes, unbiased_randrange,
+                    bytes_to_number, number_to_bytes)
+@@ -63,9 +64,12 @@
+ 
+ 
+ def expand_password(data, num_bytes):
+-    h = Hkdf(salt=b"", input_key_material=data, hash=hashlib.sha256)
+-    info = b"SPAKE2 pw"
+-    return h.expand(info, num_bytes)
++    return hkdf.HKDF(
++        algorithm=hashes.SHA256(),
++        length=num_bytes,
++        salt=b"",
++        info=b"SPAKE2 pw"
++    ).derive(data)
+ 
+ def password_to_scalar(pw, scalar_size_bytes, q):
+     assert isinstance(pw, bytes)
+@@ -77,9 +81,12 @@ def password_to_scalar(pw, scalar_size_bytes, q):
+     return i % q
+ 
+ def expand_arbitrary_element_seed(data, num_bytes):
+-    h = Hkdf(salt=b"", input_key_material=data, hash=hashlib.sha256)
+-    info = b"SPAKE2 arbitrary element"
+-    return h.expand(info, num_bytes)
++    return hkdf.HKDF(
++        algorithm=hashes.SHA256(),
++        length=num_bytes,
++        salt=b"",
++        info=b"SPAKE2 arbitrary element"
++    ).derive(data)
+ 
+ class _Element:
+     def __init__(self, group, e):
+diff --git a/src/spake2/test/test_compat.py b/src/spake2/test/test_compat.py
+index 3c636be..1c1340c 100644
+--- a/src/spake2/test/test_compat.py
++++ b/src/spake2/test/test_compat.py
+@@ -1,7 +1,8 @@
+ import unittest
+ from binascii import hexlify, unhexlify
+ from hashlib import sha256
+-from hkdf import Hkdf
++from cryptography.hazmat.primitives.kdf import hkdf
++from cryptography.hazmat.primitives import hashes
+ from .myhkdf import HKDF as myHKDF
+ from spake2 import groups, ed25519_group
+ from spake2.spake2 import (SPAKE2_A, SPAKE2_B, SPAKE2_Symmetric,
+@@ -213,14 +214,14 @@ def test_vectors(self):
+     {"salt": "00", "IKM": "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "info": "", "L": 4, "OKM": "37ad2910"},
+     ]
+ 
+-class HKDF(unittest.TestCase):
++class TestHKDF(unittest.TestCase):
+     def test_vectors(self):
+         for vector in HKDF_TEST_VECTORS:
+             salt = unhexlify(vector["salt"].encode("ascii"))
+             IKM = unhexlify(vector["IKM"].encode("ascii"))
+             info = unhexlify(vector["info"].encode("ascii"))
+-            h = Hkdf(salt=salt, input_key_material=IKM, hash=sha256)
+-            digest = h.expand(info, vector["L"])
++            h = hkdf.HKDF(algorithm=hashes.SHA256(), length=vector["L"], salt=salt, info=info)
++            digest = h.derive(IKM)
+             self.assertEqual(digest, myHKDF(IKM, vector["L"], salt, info))
+             #print(hexlify(digest))
+             expected = vector["OKM"].encode("ascii")
diff --git a/dev-python/spake2/spake2-0.8.ebuild b/dev-python/spake2/spake2-0.8-r1.ebuild
index 8fa00484e842..ddda85a403a6 100644
--- a/dev-python/spake2/spake2-0.8.ebuild
+++ b/dev-python/spake2/spake2-0.8-r1.ebuild
@@ -18,7 +18,11 @@ KEYWORDS="~amd64 ~x86"
 S="${WORKDIR}/python-${P}"
 
 RDEPEND="
-	dev-python/more-itertools[${PYTHON_USEDEP}]
-	dev-python/hkdf[${PYTHON_USEDEP}]"
+	dev-python/cryptography[${PYTHON_USEDEP}]
+	dev-python/more-itertools[${PYTHON_USEDEP}]"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-do_not_use_hkdf_package.patch
+)
 
 distutils_enable_tests pytest
author	V3n3RiX <venerix@koprulu.sector>	2023-05-26 15:09:32 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2023-05-26 15:09:32 +0100
commit	f3a881e4cb31d574a107320b2f04e2d1f0ddf551 (patch)
tree	0fb407d14cee6b3da0742b5060c92e9accb07fe0 /dev-python/spake2
parent	720452fca3cdf447b4c65bc3bb363032a983309e (diff)