1 files changed, 20 insertions, 21 deletions

diff --git a/cryptech_backup b/cryptech_backup
index 76cdfbb..be70f8b 100755
--- a/cryptech_backup
+++ b/cryptech_backup
@@ -48,6 +48,8 @@ import sys
 import json
 import uuid
 import atexit
+import base64
+import struct
 import getpass
 import argparse
 
@@ -145,11 +147,11 @@ def defcmd(subparsers, func):
     return subparser
 
 
-def b64(bytes):
-    return bytes.encode("base64").splitlines()
+def b64(der):
+    return base64.b64encode(der).splitlines()
 
 def b64join(lines):
-    return "".join(lines).decode("base64")
+    return base64.b64decode("".join(lines))
 
 
 def cmd_setup(args, hsm):
@@ -209,7 +211,7 @@ def key_flag_names(flags):
                  token            = HAL_KEY_FLAG_TOKEN,
                  public           = HAL_KEY_FLAG_PUBLIC,
                  exportable       = HAL_KEY_FLAG_EXPORTABLE)
-    return ", ".join(sorted(k for k, v in names.iteritems() if (flags & v) != 0))
+    return ", ".join(sorted(k for k, v in names.items() if (flags & v) != 0))
 
 
 def cmd_export(args, hsm):
@@ -284,10 +286,10 @@ def cmd_import(args, hsm):
             flags =         k.get("flags",  0)
             if pkcs8 and kek:
                 with kekek.import_pkey(pkcs8 = pkcs8, kek = kek, flags = flags) as pkey:
-                    print "Imported {} as {}".format(k["uuid"], pkey.uuid)
+                    print("Imported {} as {}".format(k["uuid"], pkey.uuid))
             elif spki:
                 with hsm.pkey_load(der = spki, flags = flags) as pkey:
-                    print "Loaded {} as {}".format(k["uuid"], pkey.uuid)
+                    print("Loaded {} as {}".format(k["uuid"], pkey.uuid))
 
         if soft_key:
             kekek.delete()
@@ -316,22 +318,20 @@ class AESKeyWrapWithPadding(object):
     @staticmethod
     def _start_stop(start, stop):               # Syntactic sugar
         step = -1 if start > stop else 1
-        return xrange(start, stop + step, step)
+        return range(start, stop + step, step)
 
     @staticmethod
     def _xor(R0, t):
-        from struct import pack, unpack
-        return pack(">Q", unpack(">Q", R0)[0] ^ t)
+        return struct.pack(">Q", struct.unpack(">Q", R0)[0] ^ t)
 
     def wrap(self, Q):
         "RFC 5649 section 4.1."
-        from struct import pack
         m = len(Q)                              # Plaintext length
         if m % 8 != 0:                          # Pad Q if needed
-            Q += "\x00" * (8 - (m % 8))
-        R = [pack(">LL", 0xa65959a6, m)]        # Magic MSB(32,A), build LSB(32,A)
+            Q += b"\x00" * (8 - (m % 8))
+        R = [struct.pack(">LL", 0xa65959a6, m)] # Magic MSB(32,A), build LSB(32,A)
         R.extend(Q[i : i + 8]                   # Append Q
-                 for i in xrange(0, len(Q), 8))
+                 for i in range(0, len(Q), 8))
         n = len(R) - 1
         if n == 1:
             R[0], R[1] = self._encrypt(R[0], R[1])
@@ -342,16 +342,15 @@ class AESKeyWrapWithPadding(object):
                     R[0], R[i] = self._encrypt(R[0], R[i])
                     R[0] = self._xor(R[0], n * j + i)
         assert len(R) == (n + 1) and all(len(r) == 8 for r in R)
-        return "".join(R)
+        return b"".join(R)
 
     def unwrap(self, C):
         "RFC 5649 section 4.2."
-        from struct import unpack
         if len(C) % 8 != 0:
             raise self.UnwrapError("Ciphertext length {} is not an integral number of blocks"
                                    .format(len(C)))
         n = (len(C) / 8) - 1
-        R = [C[i : i + 8] for i in xrange(0, len(C), 8)]
+        R = [C[i : i + 8] for i in range(0, len(C), 8)]
         if n == 1:
             R[0], R[1] = self._decrypt(R[0], R[1])
         else:
@@ -360,15 +359,15 @@ class AESKeyWrapWithPadding(object):
                 for i in self._start_stop(n, 1):
                     R[0] = self._xor(R[0], n * j + i)
                     R[0], R[i] = self._decrypt(R[0], R[i])
-        magic, m = unpack(">LL", R[0])
+        magic, m = struct.unpack(">LL", R[0])
         if magic != 0xa65959a6:
             raise self.UnwrapError("Magic value in AIV should have been 0xa65959a6, was 0x{:02x}"
                               .format(magic))
         if m <= 8 * (n - 1) or m > 8 * n:
             raise self.UnwrapError("Length encoded in AIV out of range: m {}, n {}".format(m, n))
-        R = "".join(R[1:])
+        R = b"".join(R[1:])
         assert len(R) ==  8 * n
-        if any(r != "\x00" for r in R[m:]):
+        if any(r != b"\x00" for r in R[m:]):
             raise self.UnwrapError("Nonzero trailing bytes {}".format(R[m:].encode("hex")))
         return R[:m]
 
@@ -379,7 +378,7 @@ class SoftKEKEK(object):
     Requires PyCrypto on about every other line.
     """
 
-    oid_aesKeyWrap = "\x60\x86\x48\x01\x65\x03\x04\x01\x30"
+    oid_aesKeyWrap = b"\x60\x86\x48\x01\x65\x03\x04\x01\x30"
 
     def parse_EncryptedPrivateKeyInfo(self, der):
         from Crypto.Util.asn1 import DerObject, DerSequence, DerOctetString, DerObjectId
@@ -399,7 +398,7 @@ class SoftKEKEK(object):
         from Crypto.Util.asn1 import DerSequence, DerOctetString
         return DerSequence([
             DerSequence([
-                chr(0x06) + chr(len(self.oid_aesKeyWrap)) + self.oid_aesKeyWrap
+                struct.pack("BB", 0x06, len(self.oid_aesKeyWrap)) + self.oid_aesKeyWrap
             ]).encode(),
             DerOctetString(der).encode()
         ]).encode()