Move from Crypto to Cryptodome

Author: Roland Hedberg

script/jwk_create.py

@@ -1,6 +1,6 @@
 #!/usr/bin/env python
 import json
-from Crypto.PublicKey import RSA
+from Cryptodome.PublicKey import RSA
 import argparse
 import os
 from jwkest.jwk import RSAKey

src/jwkest/PBKDF2.py

@@ -81,9 +81,9 @@
 from random import randint
 
 try:
-    # Use PyCrypto (if available)
-    from Crypto.Hash import HMAC, SHA as SHA1
-
+    # Use PyCryptoDome (if available)
+    from Cryptodome.Hash import HMAC
+    from Cryptodome.Hash import SHA as SHA1
 except ImportError:
     # PyCrypto not available.  Use the Python standard library.
     import hmac as HMAC

src/jwkest/aes_gcm.py

@@ -23,18 +23,20 @@
 """
 from __future__ import print_function
 from __future__ import division
+
 try:
     from builtins import str
     from builtins import hex
     from builtins import range
     from builtins import object
 except ImportError:
     pass
-#from past.utils import old_div
+# from past.utils import old_div
 
-from Crypto.Cipher import AES
-from Crypto.Util import Counter
-from Crypto.Util.number import long_to_bytes, bytes_to_long
+from Cryptodome.Cipher import AES
+from Cryptodome.Util import Counter
+from Cryptodome.Util.number import bytes_to_long
+from Cryptodome.Util.number import long_to_bytes
 
 
 # GF(2^128) defined by 1 + a + a^2 + a^7 + a^128
@@ -74,8 +76,8 @@ def __init__(self, master_key):
         self.change_key(master_key)
 
     def change_key(self, master_key):
-        #RLB: Need to allow 192-, 256-bit keys
-        #if master_key >= (1 << 128):
+        # RLB: Need to allow 192-, 256-bit keys
+        # if master_key >= (1 << 128):
         #    raise InvalidInputException('Master key should be 128-bit')
 
         self._master_key = long_to_bytes(master_key, 16)
@@ -146,7 +148,7 @@ def encrypt(self, init_value, plaintext, auth_data=b''):
 
             if 0 != len_plaintext % 16:
                 padded_plaintext = plaintext + \
-                    b'\x00' * (16 - len_plaintext % 16)
+                                   b'\x00' * (16 - len_plaintext % 16)
             else:
                 padded_plaintext = plaintext
             ciphertext = aes_ctr.encrypt(padded_plaintext)[:len_plaintext]
@@ -157,7 +159,7 @@ def encrypt(self, init_value, plaintext, auth_data=b''):
         auth_tag = self.__ghash(auth_data, ciphertext)
         # print 'GHASH\t', hex(auth_tag)
         auth_tag ^= bytes_to_long(self._aes_ecb.encrypt(
-                                  long_to_bytes((init_value << 32) | 1, 16)))
+            long_to_bytes((init_value << 32) | 1, 16)))
 
         # assert len(ciphertext) == len(plaintext)
         assert auth_tag < (1 << 128)
@@ -171,8 +173,8 @@ def decrypt(self, init_value, ciphertext, auth_tag, auth_data=b''):
 
         if auth_tag != self.__ghash(
                 auth_data, ciphertext) ^ bytes_to_long(
-                self._aes_ecb.encrypt(
-                    long_to_bytes((init_value << 32) | 1, 16))):
+            self._aes_ecb.encrypt(
+                long_to_bytes((init_value << 32) | 1, 16))):
             raise InvalidTagException
 
         len_ciphertext = len(ciphertext)
@@ -186,7 +188,7 @@ def decrypt(self, init_value, ciphertext, auth_tag, auth_data=b''):
 
             if 0 != len_ciphertext % 16:
                 padded_ciphertext = ciphertext + \
-                    b'\x00' * (16 - len_ciphertext % 16)
+                                    b'\x00' * (16 - len_ciphertext % 16)
             else:
                 padded_ciphertext = ciphertext
             plaintext = aes_ctr.decrypt(padded_ciphertext)[:len_ciphertext]

src/jwkest/aes_key_wrap.py

@@ -16,15 +16,16 @@
 PyCrypto's AES.
 """
 from __future__ import division
-from Crypto.Cipher.AES import MODE_ECB
 
 try:
     from builtins import hex
     from builtins import range
 except ImportError:
     pass
+
 import struct
-from Crypto.Cipher import AES
+from Cryptodome.Cipher.AES import MODE_ECB
+from Cryptodome.Cipher import AES
 
 QUAD = struct.Struct('>Q')
 

src/jwkest/ecc.py

@@ -6,8 +6,13 @@
 from __future__ import absolute_import
 from __future__ import division
 
-from Crypto.Util.number import long_to_bytes, bytes_to_long
-from jwkest.elliptic import inv, mulp, sign_bit, y_from_x, muladdp
+from Cryptodome.Util.number import long_to_bytes
+from Cryptodome.Util.number import bytes_to_long
+from jwkest.elliptic import inv
+from jwkest.elliptic import mulp
+from jwkest.elliptic import sign_bit
+from jwkest.elliptic import muladdp
+from jwkest.elliptic import y_from_x
 from jwkest.curves import get_curve
 from random import getrandbits
 from math import ceil

src/jwkest/elliptic.py

@@ -349,8 +349,8 @@ def y_from_x(x, p, q, n, sign):
 
 
 if __name__ == "__main__":
-    from Crypto.Random.random import randint
-    from Crypto.Util.number import getPrime
+    from Cryptodome.Random.random import randint
+    from Cryptodome.Util.number import getPrime
     import time
 
     t = time.time()

src/jwkest/extra.py

@@ -6,11 +6,11 @@
 #from past.utils import old_div
 from math import ceil
 from struct import pack, unpack
-from Crypto.Cipher import AES
-from Crypto.Hash import SHA256
-from Crypto.Hash import SHA384
-from Crypto.Hash import SHA512
-from Crypto.Hash import HMAC
+from Cryptodome.Cipher import AES
+from Cryptodome.Hash import SHA256
+from Cryptodome.Hash import SHA384
+from Cryptodome.Hash import SHA512
+from Cryptodome.Hash import HMAC
 
 
 LENMET = {

src/jwkest/jwe.py

@@ -11,12 +11,12 @@
 import zlib
 import six
 
-from Crypto import Random
-from Crypto.Hash import SHA
-from Crypto.Util.number import bytes_to_long
-from Crypto.Util.number import long_to_bytes
-from Crypto.Cipher import PKCS1_v1_5
-from Crypto.Cipher import PKCS1_OAEP
+from Cryptodome import Random
+from Cryptodome.Hash import SHA
+from Cryptodome.Util.number import bytes_to_long
+from Cryptodome.Util.number import long_to_bytes
+from Cryptodome.Cipher import PKCS1_v1_5
+from Cryptodome.Cipher import PKCS1_OAEP
 
 from jwkest import b64d
 from jwkest import b64e

src/jwkest/jwk.py

@@ -8,10 +8,10 @@
 
 from binascii import a2b_base64
 
-from Crypto.PublicKey import RSA
-from Crypto.PublicKey.RSA import importKey
-from Crypto.PublicKey.RSA import RsaKey
-from Crypto.Util.asn1 import DerSequence
+from Cryptodome.PublicKey import RSA
+from Cryptodome.PublicKey.RSA import importKey
+from Cryptodome.PublicKey.RSA import RsaKey
+from Cryptodome.Util.asn1 import DerSequence
 
 from requests import request
 

src/jwkest/jws.py

@@ -14,13 +14,13 @@
 import logging
 
 import struct
-from Crypto.Hash import SHA256
-from Crypto.Hash import SHA384
-from Crypto.Hash import SHA512
-from Crypto.Hash import HMAC
-from Crypto.Signature import PKCS1_v1_5
-from Crypto.Signature import PKCS1_PSS
-from Crypto.Util.number import bytes_to_long
+from Cryptodome.Hash import SHA256
+from Cryptodome.Hash import SHA384
+from Cryptodome.Hash import SHA512
+from Cryptodome.Hash import HMAC
+from Cryptodome.Signature import PKCS1_v1_5
+from Cryptodome.Signature import PKCS1_PSS
+from Cryptodome.Util.number import bytes_to_long
 import sys
 
 from jwkest import b64d