crda/crda-python-cryptography.patch

diff -up crda-3.18/utils/key2pub.py.cryptography crda-3.18/utils/key2pub.py
--- crda-3.18/utils/key2pub.py.cryptography	2014-12-11 00:51:29.000000000 +0100
+++ crda-3.18/utils/key2pub.py	2018-06-21 08:04:56.413699458 +0200
@@ -1,19 +1,20 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
 
 import sys
 try:
-       from M2Crypto import RSA
-except ImportError, e:
-       sys.stderr.write('ERROR: Failed to import the "M2Crypto" module: %s\n' % e.message)
-       sys.stderr.write('Please install the "M2Crypto" Python module.\n')
-       sys.stderr.write('On Debian GNU/Linux the package is called "python-m2crypto".\n')
+       from cryptography.hazmat.primitives.serialization import load_pem_public_key, load_pem_private_key
+       from cryptography.hazmat.primitives.asymmetric import rsa
+       from cryptography.hazmat.backends import default_backend
+except ImportError as e:
+       sys.stderr.write('ERROR: Failed to import the "cryptography" module: %s\n' % e.message)
+       sys.stderr.write('Please install the "cryptography" Python module.\n')
        sys.exit(1)
 
 def print_ssl_64(output, name, val):
-    while val[0] == '\0':
+    while val[0] == 0:
         val = val[1:]
     while len(val) % 8:
-        val = '\0' + val
+        val = b'\0' + val
     vnew = []
     while len(val):
         vnew.append((val[0], val[1], val[2], val[3], val[4], val[5], val[6], val[7]))
@@ -24,7 +25,7 @@ def print_ssl_64(output, name, val):
     for v1, v2, v3, v4, v5, v6, v7, v8 in vnew:
         if not idx:
             output.write('\t')
-        output.write('0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x, ' % (ord(v1), ord(v2), ord(v3), ord(v4), ord(v5), ord(v6), ord(v7), ord(v8)))
+        output.write('0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x, ' % (v1, v2, v3, v4, v5, v6, v7, v8))
         idx += 1
         if idx == 2:
             idx = 0
@@ -34,10 +35,10 @@ def print_ssl_64(output, name, val):
     output.write('};\n\n')
 
 def print_ssl_32(output, name, val):
-    while val[0] == '\0':
+    while val[0] == 0:
         val = val[1:]
     while len(val) % 4:
-        val = '\0' + val
+        val = b'\0' + val
     vnew = []
     while len(val):
         vnew.append((val[0], val[1], val[2], val[3], ))
@@ -48,7 +49,7 @@ def print_ssl_32(output, name, val):
     for v1, v2, v3, v4 in vnew:
         if not idx:
             output.write('\t')
-        output.write('0x%.2x%.2x%.2x%.2x, ' % (ord(v1), ord(v2), ord(v3), ord(v4)))
+        output.write('0x%.2x%.2x%.2x%.2x, ' % (v1, v2, v3, v4))
         idx += 1
         if idx == 4:
             idx = 0
@@ -80,21 +81,21 @@ struct pubkey {
 
 static struct pubkey keys[] = {
 ''')
-    for n in xrange(n + 1):
+    for n in range(n + 1):
         output.write('	KEYS(e_%d, n_%d),\n' % (n, n))
     output.write('};\n')
     pass
 
 def print_gcrypt(output, name, val):
     output.write('#include <stdint.h>\n')
-    while val[0] == '\0':
+    while val[0] == 0:
         val = val[1:]
     output.write('static const uint8_t %s[%d] = {\n' % (name, len(val)))
     idx = 0
     for v in val:
         if not idx:
             output.write('\t')
-        output.write('0x%.2x, ' % ord(v))
+        output.write('0x%.2x, ' % v)
         idx += 1
         if idx == 8:
             idx = 0
@@ -117,10 +118,12 @@ struct key_params {
 
 static const struct key_params keys[] = {
 ''')
-    for n in xrange(n + 1):
+    for n in range(n + 1):
         output.write('	KEYS(e_%d, n_%d),\n' % (n, n))
     output.write('};\n')
-    
+
+def int_to_bytes(x):
+    return x.to_bytes((x.bit_length() + 7) // 8, 'big')
 
 modes = {
     '--ssl': (print_ssl, print_ssl_keys),
@@ -134,8 +137,8 @@ try:
 except IndexError:
     mode = None
 
-if not mode in modes:
-    print 'Usage: %s [%s] input-file... output-file' % (sys.argv[0], '|'.join(modes.keys()))
+if not mode in modes or files == []:
+    print('Usage: %s [%s] input-file... output-file' % (sys.argv[0], '|'.join(modes.keys())))
     sys.exit(2)
 
 output = open(outfile, 'w')
@@ -143,13 +146,26 @@ output = open(outfile, 'w')
 # load key
 idx = 0
 for f in files:
-    try:
-        key = RSA.load_pub_key(f)
-    except RSA.RSAError:
-        key = RSA.load_key(f)
+    keyfile = open(f, 'rb')
+    data = keyfile.read()
+    keyfile.close()
 
-    modes[mode][0](output, 'e_%d' % idx, key.e[4:])
-    modes[mode][0](output, 'n_%d' % idx, key.n[4:])
+    try:
+        key = load_pem_public_key(data, backend=default_backend())
+    except ValueError:
+        try:
+            key = load_pem_private_key(data, password=None, backend=default_backend())
+        except ValueError:
+            print('Unreadable key file ' + f);
+            sys.exit(3)
+        if not isinstance(key, rsa.RSAPrivateKey):
+            continue
+        key = key.public_key()
+
+    if not isinstance(key, rsa.RSAPublicKey):
+        continue
+    modes[mode][0](output, 'e_%d' % idx, int_to_bytes(key.public_numbers().e))
+    modes[mode][0](output, 'n_%d' % idx, int_to_bytes(key.public_numbers().n))
     idx += 1
 
 modes[mode][1](output, idx - 1)