From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 8ED9F158041 for ; Mon, 4 Mar 2024 14:54:32 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B970CE2A24; Mon, 4 Mar 2024 14:54:31 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 956BCE2A24 for ; Mon, 4 Mar 2024 14:54:31 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id A2A81343026 for ; Mon, 4 Mar 2024 14:54:30 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 4324EB3D for ; Mon, 4 Mar 2024 14:54:29 +0000 (UTC) From: "Joonas Niilola" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Joonas Niilola" Message-ID: <1709564020.dedba7f86ed4bbce0dd5c750cecaec5d0c3a1acf.juippis@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: dev-python/tpm2-pytss/files/, dev-python/tpm2-pytss/ X-VCS-Repository: repo/gentoo X-VCS-Files: dev-python/tpm2-pytss/files/tpm2-pytss-2.1.0-internal-crypto-fix-_MyRSAPrivateNumbers-with-crypto.patch dev-python/tpm2-pytss/files/tpm2-pytss-2.1.0-test-disable-pcr_set_auth_value-and-pcr_set_auth_pol.patch dev-python/tpm2-pytss/tpm2-pytss-2.1.0-r2.ebuild X-VCS-Directories: dev-python/tpm2-pytss/files/ dev-python/tpm2-pytss/ X-VCS-Committer: juippis X-VCS-Committer-Name: Joonas Niilola X-VCS-Revision: dedba7f86ed4bbce0dd5c750cecaec5d0c3a1acf X-VCS-Branch: master Date: Mon, 4 Mar 2024 14:54:29 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 9f32f74e-88e2-4c5b-b745-0baf9f5d341e X-Archives-Hash: 78df14ea82e005896f5f4f80581e5a18 commit: dedba7f86ed4bbce0dd5c750cecaec5d0c3a1acf Author: Christopher Byrne gmail com> AuthorDate: Fri Jan 26 02:27:08 2024 +0000 Commit: Joonas Niilola gentoo org> CommitDate: Mon Mar 4 14:53:40 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dedba7f8 dev-python/tpm2-pytss: support Python 3.12, dev-python/cryptography >= 42 Closes: https://bugs.gentoo.org/922900 Closes: https://bugs.gentoo.org/923240 Signed-off-by: Christopher Byrne gmail.com> Signed-off-by: Joonas Niilola gentoo.org> ...ypto-fix-_MyRSAPrivateNumbers-with-crypto.patch | 73 ++++++++++++++++++++++ ...e-pcr_set_auth_value-and-pcr_set_auth_pol.patch | 40 ++++++++++++ dev-python/tpm2-pytss/tpm2-pytss-2.1.0-r2.ebuild | 48 ++++++++++++++ 3 files changed, 161 insertions(+) diff --git a/dev-python/tpm2-pytss/files/tpm2-pytss-2.1.0-internal-crypto-fix-_MyRSAPrivateNumbers-with-crypto.patch b/dev-python/tpm2-pytss/files/tpm2-pytss-2.1.0-internal-crypto-fix-_MyRSAPrivateNumbers-with-crypto.patch new file mode 100644 index 000000000000..4aaecd935c22 --- /dev/null +++ b/dev-python/tpm2-pytss/files/tpm2-pytss-2.1.0-internal-crypto-fix-_MyRSAPrivateNumbers-with-crypto.patch @@ -0,0 +1,73 @@ +From 0fbb9d099370c0a7031dd13990986538f586836a Mon Sep 17 00:00:00 2001 +From: Erik Larsson +Date: Fri, 26 Jan 2024 12:01:41 +0100 +Subject: [PATCH 3/3] internal/crypto: fix _MyRSAPrivateNumbers with + cryptograpy >= 42.0.1 + +RSAPrivateNumbers was moved to a rust implementation in 42.0.1. +So inheritance is no longer possible, so turn the class into a +wrapper instead of a subclass. + +Fixes #561 + +Signed-off-by: Erik Larsson +--- + src/tpm2_pytss/internal/crypto.py | 21 +++++++++------------ + 1 file changed, 9 insertions(+), 12 deletions(-) + +diff --git a/src/tpm2_pytss/internal/crypto.py b/src/tpm2_pytss/internal/crypto.py +index 93e5181..42030c5 100644 +--- a/src/tpm2_pytss/internal/crypto.py ++++ b/src/tpm2_pytss/internal/crypto.py +@@ -23,7 +23,7 @@ from cryptography.hazmat.primitives.ciphers.algorithms import AES, Camellia + from cryptography.hazmat.primitives.ciphers import modes, Cipher, CipherAlgorithm + from cryptography.hazmat.backends import default_backend + from cryptography.exceptions import UnsupportedAlgorithm, InvalidSignature +-from typing import Tuple, Type ++from typing import Tuple, Type, Any + import secrets + import sys + +@@ -220,7 +220,7 @@ def public_to_key(obj): + return key + + +-class _MyRSAPrivateNumbers(rsa.RSAPrivateNumbers): ++class _MyRSAPrivateNumbers: + def __init__(self, p: int, n: int, e: int, pubnums: rsa.RSAPublicNumbers): + + q = n // p +@@ -231,7 +231,12 @@ class _MyRSAPrivateNumbers(rsa.RSAPrivateNumbers): + dmq1 = rsa.rsa_crt_dmq1(d, q) + iqmp = rsa.rsa_crt_iqmp(p, q) + +- super().__init__(p, q, d, dmp1, dmq1, iqmp, pubnums) ++ self._private_numbers = rsa.RSAPrivateNumbers( ++ p, q, d, dmp1, dmq1, iqmp, pubnums ++ ) ++ ++ def private_key(self, *args: Any, **kwargs: Any) -> rsa.RSAPrivateKey: ++ return self._private_numbers.private_key(*args, **kwargs) + + @staticmethod + def _xgcd(a: int, b: int) -> Tuple[int, int, int]: +@@ -251,15 +256,7 @@ class _MyRSAPrivateNumbers(rsa.RSAPrivateNumbers): + # + @staticmethod + def _modinv(a, m): +- +- if sys.version_info < (3, 8): +- g, x, y = _MyRSAPrivateNumbers._xgcd(a, m) +- if g != 1: +- raise Exception("modular inverse does not exist") +- else: +- return x % m +- else: +- return pow(a, -1, m) ++ return pow(a, -1, m) + + @staticmethod + def _generate_d(p, q, e, n): +-- +2.43.0 + diff --git a/dev-python/tpm2-pytss/files/tpm2-pytss-2.1.0-test-disable-pcr_set_auth_value-and-pcr_set_auth_pol.patch b/dev-python/tpm2-pytss/files/tpm2-pytss-2.1.0-test-disable-pcr_set_auth_value-and-pcr_set_auth_pol.patch new file mode 100644 index 000000000000..6e99688b76ba --- /dev/null +++ b/dev-python/tpm2-pytss/files/tpm2-pytss-2.1.0-test-disable-pcr_set_auth_value-and-pcr_set_auth_pol.patch @@ -0,0 +1,40 @@ +From c55775c30c06bf3a3066b4047cb51cb42f1e403d Mon Sep 17 00:00:00 2001 +From: Erik Larsson +Date: Sat, 6 Jan 2024 06:25:54 +0100 +Subject: [PATCH 2/3] test: disable pcr_set_auth_value and pcr_set_auth_policy + tests for swtpm + +Since [commit][1] in libtpms setting auth values/policies for PCRs are no longer supported. + +[1]: https://github.com/stefanberger/libtpms/commit/af4fc0e66df6d012c61aee7c418148fb261d77a9 + +Signed-off-by: Erik Larsson +--- + test/test_esapi.py | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/test/test_esapi.py b/test/test_esapi.py +index 269a43b..e0b6d35 100644 +--- a/test/test_esapi.py ++++ b/test/test_esapi.py +@@ -3585,6 +3585,8 @@ class TestEsys(TSS2_EsapiTest): + self.ectx.pcr_allocate(pcrsels, session3=object()) + + def test_pcr_set_auth_policy(self): ++ if getattr(self.tcti, "name", "") == "swtpm": ++ self.skipTest("pcr_set_auth_policy not supported by swtpm") + + policy = b"0123456789ABCDEF0123456789ABCDEF" + self.ectx.pcr_set_auth_policy(policy, TPM2_ALG.SHA256, ESYS_TR.PCR20) +@@ -3630,6 +3632,8 @@ class TestEsys(TSS2_EsapiTest): + ) + + def test_pcr_set_auth_value(self): ++ if getattr(self.tcti, "name", "") == "swtpm": ++ self.skipTest("pcr_set_auth_value not supported by swtpm") + + self.ectx.pcr_set_auth_value(ESYS_TR.PCR20, b"password") + self.ectx.tr_set_auth(ESYS_TR.PCR20, b"password") +-- +2.43.0 + diff --git a/dev-python/tpm2-pytss/tpm2-pytss-2.1.0-r2.ebuild b/dev-python/tpm2-pytss/tpm2-pytss-2.1.0-r2.ebuild new file mode 100644 index 000000000000..0ec096900a00 --- /dev/null +++ b/dev-python/tpm2-pytss/tpm2-pytss-2.1.0-r2.ebuild @@ -0,0 +1,48 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 +EAPI=8 + +DISTUTILS_EXT=1 +DISTUTILS_USE_PEP517=setuptools +PYPI_NO_NORMALIZE=1 +PYTHON_COMPAT=( python3_{10..12} ) + +inherit distutils-r1 pypi + +DESCRIPTION="Python bindings for TSS" +HOMEPAGE=" + https://pypi.org/project/tpm2-pytss + https://github.com/tpm2-software/tpm2-pytss +" + +LICENSE="BSD-2" +SLOT="0" +KEYWORDS="~amd64" + +IUSE="+fapi test" + +RDEPEND="${PYTHON_DEPS} + app-crypt/tpm2-tss:=[fapi=] + fapi? ( >=app-crypt/tpm2-tss-3.0.3:= ) + dev-python/cffi[${PYTHON_USEDEP}] + dev-python/asn1crypto[${PYTHON_USEDEP}] + dev-python/cryptography[${PYTHON_USEDEP}] + dev-python/pycparser[${PYTHON_USEDEP}] + dev-python/pyyaml[${PYTHON_USEDEP}]" + +DEPEND="${RDEPEND} + test? ( app-crypt/swtpm )" + +BDEPEND="${PYTHON_DEPS} + dev-python/setuptools-scm[${PYTHON_USEDEP}] + dev-python/pkgconfig[${PYTHON_USEDEP}]" + +PATCHES=( + "${FILESDIR}/${PN}-2.1.0-test-add-check-for-renamed-cryptography-types.patch" + "${FILESDIR}/${PN}-2.1.0-internal-crypto-fix-_MyRSAPrivateNumbers-with-crypto.patch" + "${FILESDIR}/${PN}-2.1.0-test-disable-pcr_set_auth_value-and-pcr_set_auth_pol.patch" + ) + +export SETUPTOOLS_SCM_PRETEND_VERSION=${PV} + +distutils_enable_tests pytest