aboutsummaryrefslogtreecommitdiff
path: root/cryptech_backup
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2020-05-25 19:33:38 -0400
committerRob Austein <sra@hactrn.net>2020-05-25 19:33:38 -0400
commit1cd42f6d3332e1edf78b06bd7dcf51f5a1a7bb23 (patch)
tree1eca75f12e53763e223856d46bc1ab4224079086 /cryptech_backup
parentaab1cf4d694b4d4fefa77f02b4c42d7683a2f43f (diff)
Untested conversion to support Python 3
Diffstat (limited to 'cryptech_backup')
-rwxr-xr-xcryptech_backup41
1 files changed, 20 insertions, 21 deletions
diff --git a/cryptech_backup b/cryptech_backup
index 76cdfbb..be70f8b 100755
--- a/cryptech_backup
+++ b/cryptech_backup
@@ -48,6 +48,8 @@ import sys
import json
import uuid
import atexit
+import base64
+import struct
import getpass
import argparse
@@ -145,11 +147,11 @@ def defcmd(subparsers, func):
return subparser
-def b64(bytes):
- return bytes.encode("base64").splitlines()
+def b64(der):
+ return base64.b64encode(der).splitlines()
def b64join(lines):
- return "".join(lines).decode("base64")
+ return base64.b64decode("".join(lines))
def cmd_setup(args, hsm):
@@ -209,7 +211,7 @@ def key_flag_names(flags):
token = HAL_KEY_FLAG_TOKEN,
public = HAL_KEY_FLAG_PUBLIC,
exportable = HAL_KEY_FLAG_EXPORTABLE)
- return ", ".join(sorted(k for k, v in names.iteritems() if (flags & v) != 0))
+ return ", ".join(sorted(k for k, v in names.items() if (flags & v) != 0))
def cmd_export(args, hsm):
@@ -284,10 +286,10 @@ def cmd_import(args, hsm):
flags = k.get("flags", 0)
if pkcs8 and kek:
with kekek.import_pkey(pkcs8 = pkcs8, kek = kek, flags = flags) as pkey:
- print "Imported {} as {}".format(k["uuid"], pkey.uuid)
+ print("Imported {} as {}".format(k["uuid"], pkey.uuid))
elif spki:
with hsm.pkey_load(der = spki, flags = flags) as pkey:
- print "Loaded {} as {}".format(k["uuid"], pkey.uuid)
+ print("Loaded {} as {}".format(k["uuid"], pkey.uuid))
if soft_key:
kekek.delete()
@@ -316,22 +318,20 @@ class AESKeyWrapWithPadding(object):
@staticmethod
def _start_stop(start, stop): # Syntactic sugar
step = -1 if start > stop else 1
- return xrange(start, stop + step, step)
+ return range(start, stop + step, step)
@staticmethod
def _xor(R0, t):
- from struct import pack, unpack
- return pack(">Q", unpack(">Q", R0)[0] ^ t)
+ return struct.pack(">Q", struct.unpack(">Q", R0)[0] ^ t)
def wrap(self, Q):
"RFC 5649 section 4.1."
- from struct import pack
m = len(Q) # Plaintext length
if m % 8 != 0: # Pad Q if needed
- Q += "\x00" * (8 - (m % 8))
- R = [pack(">LL", 0xa65959a6, m)] # Magic MSB(32,A), build LSB(32,A)
+ Q += b"\x00" * (8 - (m % 8))
+ R = [struct.pack(">LL", 0xa65959a6, m)] # Magic MSB(32,A), build LSB(32,A)
R.extend(Q[i : i + 8] # Append Q
- for i in xrange(0, len(Q), 8))
+ for i in range(0, len(Q), 8))
n = len(R) - 1
if n == 1:
R[0], R[1] = self._encrypt(R[0], R[1])
@@ -342,16 +342,15 @@ class AESKeyWrapWithPadding(object):
R[0], R[i] = self._encrypt(R[0], R[i])
R[0] = self._xor(R[0], n * j + i)
assert len(R) == (n + 1) and all(len(r) == 8 for r in R)
- return "".join(R)
+ return b"".join(R)
def unwrap(self, C):
"RFC 5649 section 4.2."
- from struct import unpack
if len(C) % 8 != 0:
raise self.UnwrapError("Ciphertext length {} is not an integral number of blocks"
.format(len(C)))
n = (len(C) / 8) - 1
- R = [C[i : i + 8] for i in xrange(0, len(C), 8)]
+ R = [C[i : i + 8] for i in range(0, len(C), 8)]
if n == 1:
R[0], R[1] = self._decrypt(R[0], R[1])
else:
@@ -360,15 +359,15 @@ class AESKeyWrapWithPadding(object):
for i in self._start_stop(n, 1):
R[0] = self._xor(R[0], n * j + i)
R[0], R[i] = self._decrypt(R[0], R[i])
- magic, m = unpack(">LL", R[0])
+ magic, m = struct.unpack(">LL", R[0])
if magic != 0xa65959a6:
raise self.UnwrapError("Magic value in AIV should have been 0xa65959a6, was 0x{:02x}"
.format(magic))
if m <= 8 * (n - 1) or m > 8 * n:
raise self.UnwrapError("Length encoded in AIV out of range: m {}, n {}".format(m, n))
- R = "".join(R[1:])
+ R = b"".join(R[1:])
assert len(R) == 8 * n
- if any(r != "\x00" for r in R[m:]):
+ if any(r != b"\x00" for r in R[m:]):
raise self.UnwrapError("Nonzero trailing bytes {}".format(R[m:].encode("hex")))
return R[:m]
@@ -379,7 +378,7 @@ class SoftKEKEK(object):
Requires PyCrypto on about every other line.
"""
- oid_aesKeyWrap = "\x60\x86\x48\x01\x65\x03\x04\x01\x30"
+ oid_aesKeyWrap = b"\x60\x86\x48\x01\x65\x03\x04\x01\x30"
def parse_EncryptedPrivateKeyInfo(self, der):
from Crypto.Util.asn1 import DerObject, DerSequence, DerOctetString, DerObjectId
@@ -399,7 +398,7 @@ class SoftKEKEK(object):
from Crypto.Util.asn1 import DerSequence, DerOctetString
return DerSequence([
DerSequence([
- chr(0x06) + chr(len(self.oid_aesKeyWrap)) + self.oid_aesKeyWrap
+ struct.pack("BB", 0x06, len(self.oid_aesKeyWrap)) + self.oid_aesKeyWrap
]).encode(),
DerOctetString(der).encode()
]).encode()