From d6d21a2ff0b52b434a13dcbfd6456c9b899fb4a6 Mon Sep 17 00:00:00 2001 From: "yan.yihao 10263201" Date: Mon, 24 Nov 2025 15:54:28 +0800 Subject: [PATCH] internal/crypto: fix _MyRSAPrivateNumbers with cryptograpy >= 42.0.1 upstream: https://github.com/tpm2-software/tpm2-pytss/pull/562 --- ...fix-_MyRSAPrivateNumbers-with-crypto.patch | 73 +++++++++++++++++++ python-tpm2-pytss.spec | 7 +- ..._set_auth_value-and-pcr_set_auth_pol.patch | 40 ++++++++++ 3 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 internal-crypto-fix-_MyRSAPrivateNumbers-with-crypto.patch create mode 100644 test-disable-pcr_set_auth_value-and-pcr_set_auth_pol.patch diff --git a/internal-crypto-fix-_MyRSAPrivateNumbers-with-crypto.patch b/internal-crypto-fix-_MyRSAPrivateNumbers-with-crypto.patch new file mode 100644 index 0000000..e29deee --- /dev/null +++ b/internal-crypto-fix-_MyRSAPrivateNumbers-with-crypto.patch @@ -0,0 +1,73 @@ +From 83a72484ef63c507d6f12148a22865565a1af9f4 Mon Sep 17 00:00:00 2001 +From: Erik Larsson +Date: Fri, 26 Jan 2024 12:01:41 +0100 +Subject: [PATCH] internal/crypto: fix _MyRSAPrivateNumbers with cryptograpy >= + 42.0.1 + +RSAPrivateNumbers was moved to a rust implementation in 42.0.1. +So inheritance is no longer possible, so turn the class into a +wrapper instead of a subclass. + +Fixes #561 + +Signed-off-by: Erik Larsson +--- + src/tpm2_pytss/internal/crypto.py | 21 +++++++++------------ + 1 file changed, 9 insertions(+), 12 deletions(-) + +diff --git a/src/tpm2_pytss/internal/crypto.py b/src/tpm2_pytss/internal/crypto.py +index 93e5181..42030c5 100644 +--- a/src/tpm2_pytss/internal/crypto.py ++++ b/src/tpm2_pytss/internal/crypto.py +@@ -23,7 +23,7 @@ from cryptography.hazmat.primitives.ciphers.algorithms import AES, Camellia + from cryptography.hazmat.primitives.ciphers import modes, Cipher, CipherAlgorithm + from cryptography.hazmat.backends import default_backend + from cryptography.exceptions import UnsupportedAlgorithm, InvalidSignature +-from typing import Tuple, Type ++from typing import Tuple, Type, Any + import secrets + import sys + +@@ -220,7 +220,7 @@ def public_to_key(obj): + return key + + +-class _MyRSAPrivateNumbers(rsa.RSAPrivateNumbers): ++class _MyRSAPrivateNumbers: + def __init__(self, p: int, n: int, e: int, pubnums: rsa.RSAPublicNumbers): + + q = n // p +@@ -231,7 +231,12 @@ class _MyRSAPrivateNumbers(rsa.RSAPrivateNumbers): + dmq1 = rsa.rsa_crt_dmq1(d, q) + iqmp = rsa.rsa_crt_iqmp(p, q) + +- super().__init__(p, q, d, dmp1, dmq1, iqmp, pubnums) ++ self._private_numbers = rsa.RSAPrivateNumbers( ++ p, q, d, dmp1, dmq1, iqmp, pubnums ++ ) ++ ++ def private_key(self, *args: Any, **kwargs: Any) -> rsa.RSAPrivateKey: ++ return self._private_numbers.private_key(*args, **kwargs) + + @staticmethod + def _xgcd(a: int, b: int) -> Tuple[int, int, int]: +@@ -251,15 +256,7 @@ class _MyRSAPrivateNumbers(rsa.RSAPrivateNumbers): + # + @staticmethod + def _modinv(a, m): +- +- if sys.version_info < (3, 8): +- g, x, y = _MyRSAPrivateNumbers._xgcd(a, m) +- if g != 1: +- raise Exception("modular inverse does not exist") +- else: +- return x % m +- else: +- return pow(a, -1, m) ++ return pow(a, -1, m) + + @staticmethod + def _generate_d(p, q, e, n): +-- +2.43.5 + diff --git a/python-tpm2-pytss.spec b/python-tpm2-pytss.spec index ee5b4fc..bca44fe 100644 --- a/python-tpm2-pytss.spec +++ b/python-tpm2-pytss.spec @@ -1,4 +1,4 @@ -%define anolis_release 2 +%define anolis_release 3 %global pypi_name tpm2-pytss %global _name tpm2_pytss %bcond_with check @@ -12,6 +12,8 @@ License: BSD-2-Clause URL: https://github.com/tpm2-software/tpm2-pytss Source: %{pypi_source %{pypi_name}} Patch0: python-tpm2-pytss-1.2.0-openssl.patch +Patch1: internal-crypto-fix-_MyRSAPrivateNumbers-with-crypto.patch +Patch2: test-disable-pcr_set_auth_value-and-pcr_set_auth_pol.patch BuildRequires: python3-devel BuildRequires: tpm2-tss-devel >= 2.0.0 @@ -77,6 +79,9 @@ Doc files for python3-%{pypi_name} %doc README.md %changelog +* Mon Nov 24 2025 Yihao Yan - 1.2.0-3 +- internal/crypto: fix _MyRSAPrivateNumbers with cryptograpy >= 42.0.1 + * Wed Mar 27 2024 Bo Ren - 1.2.0-2 - Rebuild with python3.11 diff --git a/test-disable-pcr_set_auth_value-and-pcr_set_auth_pol.patch b/test-disable-pcr_set_auth_value-and-pcr_set_auth_pol.patch new file mode 100644 index 0000000..854d531 --- /dev/null +++ b/test-disable-pcr_set_auth_value-and-pcr_set_auth_pol.patch @@ -0,0 +1,40 @@ +From 99bd45f536e89be53fd78693c3f5becec7b891b8 Mon Sep 17 00:00:00 2001 +From: Erik Larsson +Date: Sat, 6 Jan 2024 06:25:54 +0100 +Subject: [PATCH] test: disable pcr_set_auth_value and pcr_set_auth_policy + tests for swtpm + +Since [commit][1] in libtpms setting auth values/policies for PCRs are no longer supported. + +[1]: https://github.com/stefanberger/libtpms/commit/af4fc0e66df6d012c61aee7c418148fb261d77a9 + +Signed-off-by: Erik Larsson +--- + test/test_esapi.py | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/test/test_esapi.py b/test/test_esapi.py +index 269a43b..e0b6d35 100644 +--- a/test/test_esapi.py ++++ b/test/test_esapi.py +@@ -3585,6 +3585,8 @@ class TestEsys(TSS2_EsapiTest): + self.ectx.pcr_allocate(pcrsels, session3=object()) + + def test_pcr_set_auth_policy(self): ++ if getattr(self.tcti, "name", "") == "swtpm": ++ self.skipTest("pcr_set_auth_policy not supported by swtpm") + + policy = b"0123456789ABCDEF0123456789ABCDEF" + self.ectx.pcr_set_auth_policy(policy, TPM2_ALG.SHA256, ESYS_TR.PCR20) +@@ -3630,6 +3632,8 @@ class TestEsys(TSS2_EsapiTest): + ) + + def test_pcr_set_auth_value(self): ++ if getattr(self.tcti, "name", "") == "swtpm": ++ self.skipTest("pcr_set_auth_value not supported by swtpm") + + self.ectx.pcr_set_auth_value(ESYS_TR.PCR20, b"password") + self.ectx.tr_set_auth(ESYS_TR.PCR20, b"password") +-- +2.43.5 + -- Gitee