Commits

Thomas Jenkins committed bc1fe30

Fixed deprecated use of sha and md5 in bundled python libraries.

  • Participants
  • Parent commits 95ae131

Comments (0)

Files changed (3)

File src/bundle/AfSplitter.py

 
 The interface is simple. It consists of two functions:
 
-AFSplit(data, stripes, digestmod=sha)
-AFMerge(data, stripes, digestmod=sha)
+AFSplit(data, stripes, digesttype='sha1')
+AFMerge(data, stripes, digesttype='sha1')
 
 AFSplit operates on data and returns information splitted data.  AFMerge does
 just the opposite: uses the information stored in data to recover the original
 """
 
 
-import sha, string, math, struct
+import hashlib, string, math, struct
+
+# will need changed to use Crypto.Random (now in python-crypt git)
+# see: http://lists.dlitz.net/pipermail/pycrypto/2008q3/000020.html
 from Crypto.Util.randpool import RandomPool
 from Crypto.Cipher import XOR
 
 	"""Internal function to diffuse information inside a buffer"""
 
 	# Compute the number of full blocks, and the size of the leftover block
-	full_blocks = int(math.floor(float(len(block)) / float(digest.digest_size)))
-	padding = len(block) % digest.digest_size
+        digest_size = hashlib.new(digest).digest_size
+	full_blocks = int(math.floor(float(len(block)) / float(digest_size)))
+	padding = len(block) % digest_size
 
 	# hash the full blocks
 	ret = ""
 	for i in range(0, full_blocks):
-
-		hash = digest.new()
+                hash = hashlib.new(digest)
 		hash.update(struct.pack(">I", i))
-		hash.update(block[i*digest.digest_size:(i+1)*digest.digest_size])
+		hash.update(block[i*digest_size:(i+1)*digest_size])
 		ret += hash.digest()
 
 	# Hash the remaining data
 	if padding > 0:
-		hash = digest.new()
+                hash = hashlib.new(digest)
 		hash.update(struct.pack(">I", full_blocks))
-		hash.update(block[full_blocks * digest.digest_size:])
+		hash.update(block[full_blocks * digest_size:])
 		ret += hash.digest()[:padding]
 
 	return ret
 
-def AFSplit(data, stripes, digestmod=sha):
-	"""AF-Split data using digestmod.  Returned data size will be len(data) * stripes"""
+def AFSplit(data, stripes, digesttype='sha1'):
+	"""AF-Split data using digesttype.  Returned data size will be len(data) * stripes"""
 
 	blockSize = len(data)
 
 
 		ret += r
 		bufblock = _xor(r, bufblock)
-		bufblock = _diffuse(bufblock, blockSize, digestmod)
+		bufblock = _diffuse(bufblock, blockSize, digesttype)
 		rand.add_event(bufblock)
 
 	ret += _xor(bufblock, data)
 	return ret
 
-def AFMerge(data, stripes, digestmod=sha):
-	"""AF-Merge data using digestmod.  len(data) must be a multiple of stripes"""
+def AFMerge(data, stripes, digesttype='sha1'):
+	"""AF-Merge data using digesttype.  len(data) must be a multiple of stripes"""
 
 	if len(data) % stripes != 0:
 		raise "ERROR: data is not a multiple of strips"
 	bufblock = "\x00" * blockSize
 	for i in range(0, stripes - 1):
 		bufblock = _xor(data[i*blockSize:(i+1)*blockSize], bufblock)
-		bufblock = _diffuse(bufblock, blockSize, digestmod)
+		bufblock = _diffuse(bufblock, blockSize, digesttype)
 
 	return _xor(data[(stripes-1)*blockSize:], bufblock)

File src/bundle/PBKDFv2.py

 
 """
 
-import struct, string, math, sha, hmac # RFC2104
+import struct, string, math, hashlib, hmac # RFC2104
 from Crypto.Cipher import XOR
 
 ################ PBKDFv2
         self.hLen = 20
         
     ################ makeKey
-    def makeKey(self, P, S, c, dkLen, digestmod=sha):
+    def makeKey(self, P, S, c, dkLen, digesttype='sha1'):
         """
            Input:   P         password, an octet string
                     S         salt, an octet string
                     c         iteration count, a positive integer (>1000)
                     dkLen     intended length on octets of the derived key, a positive integer,
                               at most (2^32 - 1) * hLen
-                    digestmod Digest used, passed to hmac module
+                    digesttype Digest used, passed to hmac module
 
            Output   DK    derived key, a dkLen-octet string
            """
         # to compute the block
         T = ""
         for blockindex in range(int(l)):
-            T += self.F(P, S, c, blockindex, digestmod)
+            T += self.F(P, S, c, blockindex, digesttype)
         # Step 4 - extract the first dkLen octet to produce a derived key DK
         DK = T[:dkLen]
 
         # the first iteration; P is the key, and a concatination of
         # S and blocknumber is the message
 	istr = struct.pack(">I", i+1)
-	PRFMaster = hmac.new(P,digestmod=digest)
+	PRFMaster = hmac.new(P,digestmod=hashlib.new(digest))
 	PRF = PRFMaster.copy()
 	PRF.update(S)
 	PRF.update(istr)

File src/bundle/luks.py

 http://www.gnu.org/copyleft/gpl.html
 """
 
-import os, math, struct, stat, sha, md5
+import os, math, struct, stat, hashlib
 
+# will need changed to use Crypto.Random (now in python-crypt git)
+# see: http://lists.dlitz.net/pipermail/pycrypto/2008q3/000020.html
 from Crypto.Util.randpool import RandomPool
 from Crypto.Cipher import *
 from Crypto.Hash import *
 
 		# Check the hash and cipher
 		self.hashSpec = hashSpec.strip(" \x00")
-		self.hash = self._check_hash(self.hashSpec)
 		self._check_cipher(cipherName.strip(" \x00"), cipherMode.strip(" \x00"))
 		
 		# Load the key information
 			self.keys[i].load_from_str(self.file.read(48))
 
 		# set the digest to be the correct size
-		self.mkDigest = self.mkDigest[:self.hash.digest_size]
+		self.mkDigest = self.mkDigest[:hashlib.new(self.hashSpec).digest_size]
 
 		self.masterKey = None
 
 		self.mkDigestIterations = 10
 		self.keyBytes = masterSize
 		self.hashSpec = hashSpec
-		self.hash = self._check_hash(hashSpec)
 
 		rand = RandomPool(self.SALT_SIZE + 16 + masterSize)
 
 
 		# generate the master key digest
 		pbkdf = PBKDFv2.PBKDFv2()
-		self.mkDigest = pbkdf.makeKey(self.masterKey, self.mkDigestSalt, self.mkDigestIterations, self.hash.digest_size, self.hash)
+		self.mkDigest = pbkdf.makeKey(self.masterKey, self.mkDigestSalt, self.mkDigestIterations, haslib.new(self.hashSpec).digest_size, self.hashSpec)
 
 		# init the key information
 		currentSector = math.ceil(592.0 / self.SECTOR_SIZE)
 
 		# Hash the key using PBKDFv2
 		pbkdf = PBKDFv2.PBKDFv2()
-		derived_key = pbkdf.makeKey(password, key.passwordSalt, key.passwordIterations, self.keyBytes, self.hash)
+		derived_key = pbkdf.makeKey(password, key.passwordSalt, key.passwordIterations, self.keyBytes, self.hashSpec)
 
 		# Split the key into key.stripes
-		AfKey = AfSplitter.AFSplit(self.masterKey, key.stripes, self.hash)
+		AfKey = AfSplitter.AFSplit(self.masterKey, key.stripes, self.hashSpec)
 
 		AfKeySize = len(AfKey)
 		if AfKeySize != key.stripes * self.keyBytes:
 
 		# Hash the password using PBKDFv2
 		pbkdf = PBKDFv2.PBKDFv2()
-		derived_key = pbkdf.makeKey(password, key.passwordSalt, key.passwordIterations, self.keyBytes, self.hash)
+		derived_key = pbkdf.makeKey(password, key.passwordSalt, key.passwordIterations, self.keyBytes, self.hashSpec)
 
 		# Setup the IV generation to use this key
 		self.ivGen.set_key(derived_key)
 		AfKey = AfKey[0:AfKeySize]
 
 		# Merge the decrypted master key
-		masterKey = AfSplitter.AFMerge(AfKey, key.stripes, self.hash)
+		masterKey = AfSplitter.AFMerge(AfKey, key.stripes, self.hashSpec)
 
 		# Check if the password was the correct one, by checking the master key digest
-		checkDigest = pbkdf.makeKey(masterKey, self.mkDigestSalt, self.mkDigestIterations, self.hash.digest_size, self.hash)
+		checkDigest = pbkdf.makeKey(masterKey, self.mkDigestSalt, self.mkDigestIterations, hashlib.new(self.hashSpec).digest_size, self.hashSpec)
 		
 		# Since the header only stores DIGEST_SIZE (which is smaller than sha256 digest size)
 		#   trim the digest to DIGEST_SIZE
 			return struct.pack(self.LUKS_KEY_FORMAT, self.active, self.passwordIterations, \
                                     self.passwordSalt, self.keyMaterialOffset, self.stripes)
 
-	def _check_hash(self, hashSpec):
-		"""Internal function to check for a valid hash specification"""
-		if hashSpec == "sha1":
-			hash = sha
-		elif hashSpec == "sha256":
-			hash = SHA256
-		elif hashSpec == "md5":
-			hash = md5
-		elif hashSpec == "ripemd160":
-			hash = RIPEMD
-		else:
-			raise "invalid hash %s" % hashSpec
-
-		return hash
-
 	class _plain_iv_gen:
 		"""Internal class to represent cbc-plain cipherMode"""
 
 		# IV=E(SALT,sectornumber)
 		def __init__(self, str, cipher, luksParent):
 			self.hashSpec = str[1:]
-			self.hash = luksParent._check_hash(self.hashSpec)
 			self.cipher = cipher
 
 		def set_key(self, key):
-			h = self.hash.new(key)
+			h = hashlib.new(self.hashSpec, key)
 			self.salt = h.digest()
 			self.encr = self.cipher.new(self.salt, self.cipher.MODE_ECB)