diff options
author | Rob Austein <sra@hactrn.net> | 2020-05-25 19:33:38 -0400 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2020-05-25 19:33:38 -0400 |
commit | 1cd42f6d3332e1edf78b06bd7dcf51f5a1a7bb23 (patch) | |
tree | 1eca75f12e53763e223856d46bc1ab4224079086 /cryptech_backup | |
parent | aab1cf4d694b4d4fefa77f02b4c42d7683a2f43f (diff) |
Untested conversion to support Python 3
Diffstat (limited to 'cryptech_backup')
-rwxr-xr-x | cryptech_backup | 41 |
1 files changed, 20 insertions, 21 deletions
diff --git a/cryptech_backup b/cryptech_backup index 76cdfbb..be70f8b 100755 --- a/cryptech_backup +++ b/cryptech_backup @@ -48,6 +48,8 @@ import sys import json import uuid import atexit +import base64 +import struct import getpass import argparse @@ -145,11 +147,11 @@ def defcmd(subparsers, func): return subparser -def b64(bytes): - return bytes.encode("base64").splitlines() +def b64(der): + return base64.b64encode(der).splitlines() def b64join(lines): - return "".join(lines).decode("base64") + return base64.b64decode("".join(lines)) def cmd_setup(args, hsm): @@ -209,7 +211,7 @@ def key_flag_names(flags): token = HAL_KEY_FLAG_TOKEN, public = HAL_KEY_FLAG_PUBLIC, exportable = HAL_KEY_FLAG_EXPORTABLE) - return ", ".join(sorted(k for k, v in names.iteritems() if (flags & v) != 0)) + return ", ".join(sorted(k for k, v in names.items() if (flags & v) != 0)) def cmd_export(args, hsm): @@ -284,10 +286,10 @@ def cmd_import(args, hsm): flags = k.get("flags", 0) if pkcs8 and kek: with kekek.import_pkey(pkcs8 = pkcs8, kek = kek, flags = flags) as pkey: - print "Imported {} as {}".format(k["uuid"], pkey.uuid) + print("Imported {} as {}".format(k["uuid"], pkey.uuid)) elif spki: with hsm.pkey_load(der = spki, flags = flags) as pkey: - print "Loaded {} as {}".format(k["uuid"], pkey.uuid) + print("Loaded {} as {}".format(k["uuid"], pkey.uuid)) if soft_key: kekek.delete() @@ -316,22 +318,20 @@ class AESKeyWrapWithPadding(object): @staticmethod def _start_stop(start, stop): # Syntactic sugar step = -1 if start > stop else 1 - return xrange(start, stop + step, step) + return range(start, stop + step, step) @staticmethod def _xor(R0, t): - from struct import pack, unpack - return pack(">Q", unpack(">Q", R0)[0] ^ t) + return struct.pack(">Q", struct.unpack(">Q", R0)[0] ^ t) def wrap(self, Q): "RFC 5649 section 4.1." - from struct import pack m = len(Q) # Plaintext length if m % 8 != 0: # Pad Q if needed - Q += "\x00" * (8 - (m % 8)) - R = [pack(">LL", 0xa65959a6, m)] # Magic MSB(32,A), build LSB(32,A) + Q += b"\x00" * (8 - (m % 8)) + R = [struct.pack(">LL", 0xa65959a6, m)] # Magic MSB(32,A), build LSB(32,A) R.extend(Q[i : i + 8] # Append Q - for i in xrange(0, len(Q), 8)) + for i in range(0, len(Q), 8)) n = len(R) - 1 if n == 1: R[0], R[1] = self._encrypt(R[0], R[1]) @@ -342,16 +342,15 @@ class AESKeyWrapWithPadding(object): R[0], R[i] = self._encrypt(R[0], R[i]) R[0] = self._xor(R[0], n * j + i) assert len(R) == (n + 1) and all(len(r) == 8 for r in R) - return "".join(R) + return b"".join(R) def unwrap(self, C): "RFC 5649 section 4.2." - from struct import unpack if len(C) % 8 != 0: raise self.UnwrapError("Ciphertext length {} is not an integral number of blocks" .format(len(C))) n = (len(C) / 8) - 1 - R = [C[i : i + 8] for i in xrange(0, len(C), 8)] + R = [C[i : i + 8] for i in range(0, len(C), 8)] if n == 1: R[0], R[1] = self._decrypt(R[0], R[1]) else: @@ -360,15 +359,15 @@ class AESKeyWrapWithPadding(object): for i in self._start_stop(n, 1): R[0] = self._xor(R[0], n * j + i) R[0], R[i] = self._decrypt(R[0], R[i]) - magic, m = unpack(">LL", R[0]) + magic, m = struct.unpack(">LL", R[0]) if magic != 0xa65959a6: raise self.UnwrapError("Magic value in AIV should have been 0xa65959a6, was 0x{:02x}" .format(magic)) if m <= 8 * (n - 1) or m > 8 * n: raise self.UnwrapError("Length encoded in AIV out of range: m {}, n {}".format(m, n)) - R = "".join(R[1:]) + R = b"".join(R[1:]) assert len(R) == 8 * n - if any(r != "\x00" for r in R[m:]): + if any(r != b"\x00" for r in R[m:]): raise self.UnwrapError("Nonzero trailing bytes {}".format(R[m:].encode("hex"))) return R[:m] @@ -379,7 +378,7 @@ class SoftKEKEK(object): Requires PyCrypto on about every other line. """ - oid_aesKeyWrap = "\x60\x86\x48\x01\x65\x03\x04\x01\x30" + oid_aesKeyWrap = b"\x60\x86\x48\x01\x65\x03\x04\x01\x30" def parse_EncryptedPrivateKeyInfo(self, der): from Crypto.Util.asn1 import DerObject, DerSequence, DerOctetString, DerObjectId @@ -399,7 +398,7 @@ class SoftKEKEK(object): from Crypto.Util.asn1 import DerSequence, DerOctetString return DerSequence([ DerSequence([ - chr(0x06) + chr(len(self.oid_aesKeyWrap)) + self.oid_aesKeyWrap + struct.pack("BB", 0x06, len(self.oid_aesKeyWrap)) + self.oid_aesKeyWrap ]).encode(), DerOctetString(der).encode() ]).encode() |