aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2017-03-20 13:21:47 -0400
committerRob Austein <sra@hactrn.net>2017-03-20 13:21:47 -0400
commite4a0429d37c6d94518041c8fae7a9a1d49bd7c2f (patch)
tree9ff25e60ffe2232460a2660417be94b584c40c55
parentd56b6a3974ea81ec672d01f763710165004729d8 (diff)
Use PyCrypto instead of Cryptlib to supply AES-ECB function.
Nothing wrong with Cryptlib, but we'll need an AES Keywrap implementation to test key backup in our PyCrypto-based test harness, so converting this implementation to PyCrypto is simplest overall.
-rw-r--r--aes_keywrap.py32
1 files changed, 13 insertions, 19 deletions
diff --git a/aes_keywrap.py b/aes_keywrap.py
index 75aaa88..1d0be29 100644
--- a/aes_keywrap.py
+++ b/aes_keywrap.py
@@ -2,7 +2,7 @@
"""
Python prototype of an AES Key Wrap implementation, RFC 5649 flavor
-per Russ, using Cryptlib to supply the AES code.
+per Russ, using PyCrypto to supply the AES code.
"""
# Terminology mostly follows the RFC, including variable names.
@@ -15,9 +15,9 @@ per Russ, using Cryptlib to supply the AES code.
# 64-bit blocks.
-from cryptlib_py import *
from struct import pack, unpack
-import atexit
+from Crypto.Cipher import AES
+from array import array
verbose = False
@@ -88,7 +88,7 @@ class Buffer(array):
class KEK(object):
"""
- Key encryption key, based on a Cryptlib encryption context.
+ Key encryption key, based on a PyCrypto encryption context.
This can work with either Block objects or Python arrays.
@@ -98,10 +98,7 @@ class KEK(object):
"""
def __init__(self, key):
- self.ctx = cryptCreateContext(CRYPT_UNUSED, CRYPT_ALGO_AES)
- atexit.register(cryptDestroyContext, self.ctx)
- self.ctx.CTXINFO_MODE = CRYPT_MODE_ECB
- self.ctx.CTXINFO_KEY = key
+ self.ctx = AES.new(key, AES.MODE_ECB)
def encrypt_block(self, i1, i2):
"""
@@ -109,9 +106,9 @@ class KEK(object):
with AES-ECB, return the result split back into 64-bit blocks.
"""
- aes_block = array("B", pack(">QQ", i1, i2))
- cryptEncrypt(self.ctx, aes_block)
- o1, o2 = tuple(Block(b) for b in unpack(">QQ", aes_block.tostring()))
+ aes_block = pack(">QQ", i1, i2)
+ aes_block = self.ctx.encrypt(aes_block)
+ o1, o2 = tuple(Block(b) for b in unpack(">QQ", aes_block))
if verbose:
print " Encrypt: %s | %s => %s | %s" % tuple(b.to_hex() for b in (i1, i2, o1, o2))
return o1, o2
@@ -123,7 +120,7 @@ class KEK(object):
"""
aes_block = b1 + b2
- cryptEncrypt(self.ctx, aes_block)
+ aes_block = self.ctx.encrypt(aes_block.tostring())
return Buffer(aes_block[:8]), Buffer(aes_block[8:])
def decrypt_block(self, i1, i2):
@@ -132,9 +129,9 @@ class KEK(object):
with AES-ECB, return the result split back into 64-bit blocks.
"""
- aes_block = array("B", pack(">QQ", i1, i2))
- cryptDecrypt(self.ctx, aes_block)
- o1, o2 = tuple(Block(b) for b in unpack(">QQ", aes_block.tostring()))
+ aes_block = pack(">QQ", i1, i2)
+ aes_block = self.ctx.decrypt(aes_block)
+ o1, o2 = tuple(Block(b) for b in unpack(">QQ", aes_block))
if verbose:
print " Decrypt: %s | %s => %s | %s" % tuple(b.to_hex() for b in (i1, i2, o1, o2))
return o1, o2
@@ -146,7 +143,7 @@ class KEK(object):
"""
aes_block = b1 + b2
- cryptDecrypt(self.ctx, aes_block)
+ aes_block = self.ctx.decrypt(aes_block.tostring())
return Buffer(aes_block[:8]), Buffer(aes_block[8:])
@@ -506,9 +503,6 @@ if __name__ == "__main__":
args = parser.parse_args()
verbose = args.verbose
- cryptInit()
- atexit.register(cryptEnd)
-
if args.under_test in ("long", "both"):
print "Testing with Block (Python long) implementation"
print