Beispiel #1
0
 def test_transform_key(self):
     self.assertEquals(transform_key(sha256(b'a'), sha256(b'b'), 1),
         b'"$\xe6\x83\xb7\xbf\xa9|\x82W\x01J\xce=\xaa\x8d{\x18\x99|0\x1f'
         b'\xbbLT4"F\x83\xd0\xc8\xf9')
     self.assertEquals(transform_key(sha256(b'a'), sha256(b'b'), 2000),
         b'@\xe5Y\x98\xf7\x97$\x0b\x91!\xbefX\xe8\xb6\xbb\t\xefX>\xb3E\x85'
         b'\xedz\x15\x9c\x96\x03K\x8a\xa1')
Beispiel #2
0
 def test_aes_cbc_decrypt(self):
     self.assertEquals(aes_cbc_decrypt('datamustbe16byte', sha256(b'b'),
         'ivmustbe16bytesl'),
         b'x]\xb5\xa6\xe3\x10\xf4\x88\x91_\x03\xc6\xb9\xfb`)')
     self.assertEquals(aes_cbc_decrypt('datamustbe16byte', sha256(b'c'),
         'ivmustbe16bytesl'),
         b'\x06\x91 \xd9\\\xd8\x14\xa0\xdc\xd7\x82\xa0\x92\xfb\xe8l')
Beispiel #3
0
 def _make_master_key(self):
     """
     Make the master key by (1) combining the credentials to create 
     a composite hash, (2) transforming the hash using the transform seed
     for a specific number of rounds and (3) finally hashing the result in 
     combination with the master seed.
     """
     super(KDB4File, self)._make_master_key()
     composite = sha256(b''.join(self.keys))
     tkey = transform_key(composite, 
         self.header.TransformSeed, 
         self.header.TransformRounds)
     self.master_key = sha256(self.header.MasterSeed + tkey)
Beispiel #4
0
    def _write_header(self, stream):
        """Serialize the header fields from self.header into a byte stream, prefix
        with file signature and version before writing header and out-buffer
        to `stream`.

        Note, that `stream` is flushed, but not closed!"""
        header = self._header()

        # write header to stream
        stream.write(header)

        headerHash = base64.b64encode(sha256(header))
        self.obj_root.Meta.HeaderHash = headerHash

        # create HeaderHash if it does not exist
        if len(self.obj_root.Meta.xpath("HeaderHash")) < 1:
            etree.SubElement(self.obj_root.Meta, "HeaderHash")

        # reload out_buffer because we just changed the HeaderHash
        self.protect()
        self.out_buffer = io.BytesIO(self.pretty_print())

        # zip or not according to header setting
        if self.header.CompressionFlags == 1:
            self._zip()

        self._encrypt();

        # write encrypted block to stream
        stream.write(self.out_buffer)
        stream.flush()
Beispiel #5
0
 def __init__(self, unprotect=True):
     self._salsa_buffer = bytearray()
     self.salsa = Salsa20(
         sha256(self.header.ProtectedStreamKey), 
         KDB4_SALSA20_IV)
     
     self.in_buffer.seek(0)
     self.tree = objectify.parse(self.in_buffer)
     self.obj_root = self.tree.getroot()
     
     if unprotect:
         self.unprotect()
Beispiel #6
0
 def _decrypt(self, stream):
     super(KDB3File, self)._decrypt(stream)
     
     data = aes_cbc_decrypt(stream.read(), self.master_key, 
         self.header.EncryptionIV)
     data = unpad(data)
     
     if self.header.ContentHash == sha256(data):
         # put data in bytes io
         self.in_buffer = io.BytesIO(data)
         # set successful decryption flag
         self.opened = True
     else:
         raise IOError('Master key invalid.')
Beispiel #7
0
def load_plain_keyfile(filename):
    """
    A "plain" keyfile is a file containing only the key.
    Any other file (JPEG, MP3, ...) can also be used as keyfile.
    """
    with open(filename, 'rb') as f:
        key = f.read()
        # if the length is 32 bytes we assume it is the key
        if len(key) == 32:
            return key
        # if the length is 64 bytes we assume the key is hex encoded
        if len(key) == 64:
            return key.decode('hex')
        # anything else may be a file to hash for the key
        return sha256(key)
    raise IOError('Could not read keyfile.')
Beispiel #8
0
    def _write_header(self, stream):
        """Serialize the header fields from self.header into a byte stream, prefix
        with file signature and version before writing header and out-buffer
        to `stream`.
        
        Note, that `stream` is flushed, but not closed!"""
        # serialize header to stream
        header = bytearray()
        # write file signature
        header.extend(struct.pack('<II', *KDB4_SIGNATURE))
        # and version
        header.extend(struct.pack('<hh', 0, 3))
        
        field_ids = list(self.header.keys())
        field_ids.sort()
        field_ids.reverse() # field_id 0 must be last
        for field_id in field_ids:
            value = self.header.b[field_id]
            length = len(value)
            header.extend(struct.pack('<b', field_id))
            header.extend(struct.pack('<h', length))
            header.extend(struct.pack('{}s'.format(length), value))
        

        # write header to stream
        stream.write(header)
        
        headerHash = base64.b64encode(sha256(header))
        self.obj_root.Meta.HeaderHash = headerHash
        
        # create HeaderHash if it does not exist
        if len(self.obj_root.Meta.xpath("HeaderHash")) < 1:
            etree.SubElement(self.obj_root.Meta, "HeaderHash")

        # reload out_buffer because we just changed the HeaderHash
        self.protect()
        self.out_buffer = io.BytesIO(self.pretty_print())

        # zip or not according to header setting
        if self.header.CompressionFlags == 1:
            self._zip()

        self._encrypt();
        
        # write encrypted block to stream
        stream.write(self.out_buffer)
        stream.flush()
Beispiel #9
0
 def _make_master_key(self):
     """
     Make the master key by (1) combining the credentials to create 
     a composite hash, (2) transforming the hash using the transform seed
     for a specific number of rounds and (3) finally hashing the result in 
     combination with the master seed.
     """
     super(KDB3File, self)._make_master_key()
     #print "masterkey:", ''.join(self.keys).encode('hex')
     #composite = sha256(''.join(self.keys))
     #TODO python-keepass does not support keyfiles, there seems to be a
     # different way to hash those keys in kdb3
     composite = self.keys[0]
     tkey = transform_key(composite, 
         self.header.MasterSeed2, 
         self.header.KeyEncRounds)
     self.master_key = sha256(self.header.MasterSeed + tkey)
Beispiel #10
0
 def test_sha256(self):
     self.assertEquals(sha256(b''),
         b"\xe3\xb0\xc4B\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99o\xb9$'\xaeA"
         b"\xe4d\x9b\x93L\xa4\x95\x99\x1bxR\xb8U")
     self.assertEquals(len(sha256(b'')), 32)
     self.assertEquals(len(sha256(b'asdf')), 32)
Beispiel #11
0
 def add_credentials(self, **credentials):
     if 'password' in credentials:
         self.add_key_hash(sha256(credentials['password'].encode('utf-8')))
     if 'keyfile' in credentials:
         self.add_key_hash(load_keyfile(credentials['keyfile']))