Use cryptography instead of pycrypto

pycrypto is no longer maintained [1]. This patch rewrites functions
using pycrypto and replaces them with the cryptography equivalent

[1] http://lists.openstack.org/pipermail/openstack-dev/2017-March/113568.html

Change-Id: I375b5876ec2f4c4f32b9f6b3f41d209a59a0f615

kolla_ansible/cmd/genpwd.py

@@ -19,7 +19,9 @@ import random
 import string
 import sys
 
-from Crypto.PublicKey import RSA
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives import serialization
 from hashlib import md5
 from hashlib import sha256
 from oslo_utils import uuidutils
@@ -35,9 +37,20 @@ if PROJECT_ROOT not in sys.path:
 
 
 def generate_RSA(bits=4096):
-    new_key = RSA.generate(bits, os.urandom)
+    new_key = rsa.generate_private_key(
-    private_key = new_key.exportKey("PEM")
+        public_exponent=65537,
-    public_key = new_key.publickey().exportKey("OpenSSH")
+        key_size=bits,
+        backend=default_backend()
+    )
+    private_key = new_key.private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.PKCS8,
+        encryption_algorithm=serialization.NoEncryption()
+    )
+    public_key = new_key.public_key().public_bytes(
+        encoding=serialization.Encoding.OpenSSH,
+        format=serialization.PublicFormat.OpenSSH
+    )
     return private_key, public_key
 
 

requirements.txt

@@ -10,3 +10,4 @@ oslo.utils>=3.20.0 # Apache-2.0
 setuptools!=24.0.0,!=34.0.0,!=34.0.1,!=34.0.2,!=34.0.3,!=34.1.0,!=34.1.1,!=34.2.0,!=34.3.0,!=34.3.1,!=34.3.2,>=16.0 # PSF/ZPL
 PyYAML>=3.10.0 # MIT
 netaddr!=0.7.16,>=0.7.13 # BSD
+cryptography>=1.6 # BSD/Apache-2.0