[NixPkgs.git] / pkgs / development / python-modules / python-u2flib-server / cryptography-37-compat.patch
| blob | beed33ab2a35674eb0c9ecaf1dc3c4438ab71e09 |
1 diff --git a/test/soft_u2f_v2.py b/test/soft_u2f_v2.py
2 index d011b1f..9a24bb9 100644
3 --- a/test/soft_u2f_v2.py
4 +++ b/test/soft_u2f_v2.py
5 @@ -112,9 +112,7 @@ class SoftU2FDevice(object):
6 CERT_PRIV, password=None, backend=default_backend())
7 cert = CERT
8 data = b'\x00' + app_param + client_param + key_handle + pub_key
9 - signer = cert_priv.signer(ec.ECDSA(hashes.SHA256()))
10 - signer.update(data)
11 - signature = signer.finalize()
12 + signature = cert_priv.sign(data, ec.ECDSA(hashes.SHA256()))
14 raw_response = (b'\x05' + pub_key + six.int2byte(len(key_handle)) +
15 key_handle + cert + signature)
16 @@ -163,9 +161,7 @@ class SoftU2FDevice(object):
17 counter = struct.pack('>I', self.counter)
19 data = app_param + touch + counter + client_param
20 - signer = priv_key.signer(ec.ECDSA(hashes.SHA256()))
21 - signer.update(data)
22 - signature = signer.finalize()
23 + signature = priv_key.sign(data, ec.ECDSA(hashes.SHA256()))
24 raw_response = touch + counter + signature
26 return SignResponse(
27 diff --git a/u2flib_server/attestation/resolvers.py b/u2flib_server/attestation/resolvers.py
28 index 034549f..cd59b10 100644
29 --- a/u2flib_server/attestation/resolvers.py
30 +++ b/u2flib_server/attestation/resolvers.py
31 @@ -86,27 +86,29 @@ class MetadataResolver(object):
32 cert_bytes = cert.tbs_certificate_bytes
34 if isinstance(pubkey, rsa.RSAPublicKey):
35 - verifier = pubkey.verifier(
36 - cert_signature,
37 - padding.PKCS1v15(),
38 - cert.signature_hash_algorithm
39 - )
40 + try:
41 + pubkey.verify(
42 + cert_signature,
43 + cert_bytes,
44 + padding.PKCS1v15(),
45 + cert.signature_hash_algorithm
46 + )
47 + return True
48 + except InvalidSignature:
49 + return False
50 elif isinstance(pubkey, ec.EllipticCurvePublicKey):
51 - verifier = pubkey.verifier(
52 - cert_signature,
53 - ec.ECDSA(cert.signature_hash_algorithm)
54 - )
55 + try:
56 + pubkey.verify(
57 + cert_signature,
58 + cert_bytes,
59 + ec.ECDSA(cert.signature_hash_algorithm)
60 + )
61 + return True
62 + except InvalidSignature:
63 + return False
64 else:
65 raise ValueError("Unsupported public key value")
67 - verifier.update(cert_bytes)
68 -
69 - try:
70 - verifier.verify()
71 - return True
72 - except InvalidSignature:
73 - return False
74 -
75 def resolve(self, cert):
76 if isinstance(cert, bytes):
77 cert = x509.load_der_x509_certificate(cert, default_backend())
78 diff --git a/u2flib_server/model.py b/u2flib_server/model.py
79 index 481be51..6ec01bb 100644
80 --- a/u2flib_server/model.py
81 +++ b/u2flib_server/model.py
82 @@ -175,12 +175,9 @@ class RegistrationData(object):
83 cert = x509.load_der_x509_certificate(self.certificate,
84 default_backend())
85 pubkey = cert.public_key()
86 - verifier = pubkey.verifier(self.signature, ec.ECDSA(hashes.SHA256()))
87 -
88 - verifier.update(b'\0' + app_param + chal_param + self.key_handle +
89 - self.pub_key)
90 + msg = (b'\0' + app_param + chal_param + self.key_handle + self.pub_key)
91 try:
92 - verifier.verify()
93 + pubkey.verify(self.signature, msg, ec.ECDSA(hashes.SHA256()))
94 except InvalidSignature:
95 raise ValueError('Attestation signature is invalid')
97 @@ -207,13 +204,9 @@ class SignatureData(object):
98 def verify(self, app_param, chal_param, der_pubkey):
99 pubkey = load_der_public_key(PUB_KEY_DER_PREFIX + der_pubkey,
100 default_backend())
101 - verifier = pubkey.verifier(self.signature, ec.ECDSA(hashes.SHA256()))
102 - verifier.update(app_param +
103 - six.int2byte(self.user_presence) +
104 - struct.pack('>I', self.counter) +
105 - chal_param)
106 + msg = app_param + six.int2byte(self.user_presence) + struct.pack('>I', self.counter) + chal_param
107 try:
108 - verifier.verify()
109 + pubkey.verify(self.signature, msg, ec.ECDSA(hashes.SHA256()))
110 except InvalidSignature:
111 raise ValueError('U2F signature is invalid')