commit: dedba7f86ed4bbce0dd5c750cecaec5d0c3a1acf Author: Christopher Byrne <salah.coronya <AT> gmail <DOT> com> AuthorDate: Fri Jan 26 02:27:08 2024 +0000 Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org> CommitDate: Mon Mar 4 14:53:40 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dedba7f8
dev-python/tpm2-pytss: support Python 3.12, dev-python/cryptography >= 42 Closes: https://bugs.gentoo.org/922900 Closes: https://bugs.gentoo.org/923240 Signed-off-by: Christopher Byrne <salah.coronya <AT> gmail.com> Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org> ...ypto-fix-_MyRSAPrivateNumbers-with-crypto.patch | 73 ++++++++++++++++++++++ ...e-pcr_set_auth_value-and-pcr_set_auth_pol.patch | 40 ++++++++++++ dev-python/tpm2-pytss/tpm2-pytss-2.1.0-r2.ebuild | 48 ++++++++++++++ 3 files changed, 161 insertions(+) diff --git a/dev-python/tpm2-pytss/files/tpm2-pytss-2.1.0-internal-crypto-fix-_MyRSAPrivateNumbers-with-crypto.patch b/dev-python/tpm2-pytss/files/tpm2-pytss-2.1.0-internal-crypto-fix-_MyRSAPrivateNumbers-with-crypto.patch new file mode 100644 index 000000000000..4aaecd935c22 --- /dev/null +++ b/dev-python/tpm2-pytss/files/tpm2-pytss-2.1.0-internal-crypto-fix-_MyRSAPrivateNumbers-with-crypto.patch @@ -0,0 +1,73 @@ +From 0fbb9d099370c0a7031dd13990986538f586836a Mon Sep 17 00:00:00 2001 +From: Erik Larsson <[email protected]> +Date: Fri, 26 Jan 2024 12:01:41 +0100 +Subject: [PATCH 3/3] internal/crypto: fix _MyRSAPrivateNumbers with + cryptograpy >= 42.0.1 + +RSAPrivateNumbers was moved to a rust implementation in 42.0.1. +So inheritance is no longer possible, so turn the class into a +wrapper instead of a subclass. + +Fixes #561 + +Signed-off-by: Erik Larsson <[email protected]> +--- + src/tpm2_pytss/internal/crypto.py | 21 +++++++++------------ + 1 file changed, 9 insertions(+), 12 deletions(-) + +diff --git a/src/tpm2_pytss/internal/crypto.py b/src/tpm2_pytss/internal/crypto.py +index 93e5181..42030c5 100644 +--- a/src/tpm2_pytss/internal/crypto.py ++++ b/src/tpm2_pytss/internal/crypto.py +@@ -23,7 +23,7 @@ from cryptography.hazmat.primitives.ciphers.algorithms import AES, Camellia + from cryptography.hazmat.primitives.ciphers import modes, Cipher, CipherAlgorithm + from cryptography.hazmat.backends import default_backend + from cryptography.exceptions import UnsupportedAlgorithm, InvalidSignature +-from typing import Tuple, Type ++from typing import Tuple, Type, Any + import secrets + import sys + +@@ -220,7 +220,7 @@ def public_to_key(obj): + return key + + +-class _MyRSAPrivateNumbers(rsa.RSAPrivateNumbers): ++class _MyRSAPrivateNumbers: + def __init__(self, p: int, n: int, e: int, pubnums: rsa.RSAPublicNumbers): + + q = n // p +@@ -231,7 +231,12 @@ class _MyRSAPrivateNumbers(rsa.RSAPrivateNumbers): + dmq1 = rsa.rsa_crt_dmq1(d, q) + iqmp = rsa.rsa_crt_iqmp(p, q) + +- super().__init__(p, q, d, dmp1, dmq1, iqmp, pubnums) ++ self._private_numbers = rsa.RSAPrivateNumbers( ++ p, q, d, dmp1, dmq1, iqmp, pubnums ++ ) ++ ++ def private_key(self, *args: Any, **kwargs: Any) -> rsa.RSAPrivateKey: ++ return self._private_numbers.private_key(*args, **kwargs) + + @staticmethod + def _xgcd(a: int, b: int) -> Tuple[int, int, int]: +@@ -251,15 +256,7 @@ class _MyRSAPrivateNumbers(rsa.RSAPrivateNumbers): + # + @staticmethod + def _modinv(a, m): +- +- if sys.version_info < (3, 8): +- g, x, y = _MyRSAPrivateNumbers._xgcd(a, m) +- if g != 1: +- raise Exception("modular inverse does not exist") +- else: +- return x % m +- else: +- return pow(a, -1, m) ++ return pow(a, -1, m) + + @staticmethod + def _generate_d(p, q, e, n): +-- +2.43.0 + diff --git a/dev-python/tpm2-pytss/files/tpm2-pytss-2.1.0-test-disable-pcr_set_auth_value-and-pcr_set_auth_pol.patch b/dev-python/tpm2-pytss/files/tpm2-pytss-2.1.0-test-disable-pcr_set_auth_value-and-pcr_set_auth_pol.patch new file mode 100644 index 000000000000..6e99688b76ba --- /dev/null +++ b/dev-python/tpm2-pytss/files/tpm2-pytss-2.1.0-test-disable-pcr_set_auth_value-and-pcr_set_auth_pol.patch @@ -0,0 +1,40 @@ +From c55775c30c06bf3a3066b4047cb51cb42f1e403d Mon Sep 17 00:00:00 2001 +From: Erik Larsson <[email protected]> +Date: Sat, 6 Jan 2024 06:25:54 +0100 +Subject: [PATCH 2/3] test: disable pcr_set_auth_value and pcr_set_auth_policy + tests for swtpm + +Since [commit][1] in libtpms setting auth values/policies for PCRs are no longer supported. + +[1]: https://github.com/stefanberger/libtpms/commit/af4fc0e66df6d012c61aee7c418148fb261d77a9 + +Signed-off-by: Erik Larsson <[email protected]> +--- + test/test_esapi.py | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/test/test_esapi.py b/test/test_esapi.py +index 269a43b..e0b6d35 100644 +--- a/test/test_esapi.py ++++ b/test/test_esapi.py +@@ -3585,6 +3585,8 @@ class TestEsys(TSS2_EsapiTest): + self.ectx.pcr_allocate(pcrsels, session3=object()) + + def test_pcr_set_auth_policy(self): ++ if getattr(self.tcti, "name", "") == "swtpm": ++ self.skipTest("pcr_set_auth_policy not supported by swtpm") + + policy = b"0123456789ABCDEF0123456789ABCDEF" + self.ectx.pcr_set_auth_policy(policy, TPM2_ALG.SHA256, ESYS_TR.PCR20) +@@ -3630,6 +3632,8 @@ class TestEsys(TSS2_EsapiTest): + ) + + def test_pcr_set_auth_value(self): ++ if getattr(self.tcti, "name", "") == "swtpm": ++ self.skipTest("pcr_set_auth_value not supported by swtpm") + + self.ectx.pcr_set_auth_value(ESYS_TR.PCR20, b"password") + self.ectx.tr_set_auth(ESYS_TR.PCR20, b"password") +-- +2.43.0 + diff --git a/dev-python/tpm2-pytss/tpm2-pytss-2.1.0-r2.ebuild b/dev-python/tpm2-pytss/tpm2-pytss-2.1.0-r2.ebuild new file mode 100644 index 000000000000..0ec096900a00 --- /dev/null +++ b/dev-python/tpm2-pytss/tpm2-pytss-2.1.0-r2.ebuild @@ -0,0 +1,48 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 +EAPI=8 + +DISTUTILS_EXT=1 +DISTUTILS_USE_PEP517=setuptools +PYPI_NO_NORMALIZE=1 +PYTHON_COMPAT=( python3_{10..12} ) + +inherit distutils-r1 pypi + +DESCRIPTION="Python bindings for TSS" +HOMEPAGE=" + https://pypi.org/project/tpm2-pytss + https://github.com/tpm2-software/tpm2-pytss +" + +LICENSE="BSD-2" +SLOT="0" +KEYWORDS="~amd64" + +IUSE="+fapi test" + +RDEPEND="${PYTHON_DEPS} + app-crypt/tpm2-tss:=[fapi=] + fapi? ( >=app-crypt/tpm2-tss-3.0.3:= ) + dev-python/cffi[${PYTHON_USEDEP}] + dev-python/asn1crypto[${PYTHON_USEDEP}] + dev-python/cryptography[${PYTHON_USEDEP}] + dev-python/pycparser[${PYTHON_USEDEP}] + dev-python/pyyaml[${PYTHON_USEDEP}]" + +DEPEND="${RDEPEND} + test? ( app-crypt/swtpm )" + +BDEPEND="${PYTHON_DEPS} + dev-python/setuptools-scm[${PYTHON_USEDEP}] + dev-python/pkgconfig[${PYTHON_USEDEP}]" + +PATCHES=( + "${FILESDIR}/${PN}-2.1.0-test-add-check-for-renamed-cryptography-types.patch" + "${FILESDIR}/${PN}-2.1.0-internal-crypto-fix-_MyRSAPrivateNumbers-with-crypto.patch" + "${FILESDIR}/${PN}-2.1.0-test-disable-pcr_set_auth_value-and-pcr_set_auth_pol.patch" + ) + +export SETUPTOOLS_SCM_PRETEND_VERSION=${PV} + +distutils_enable_tests pytest
