def test_dataDecrypt_3des_sha1(self):
r = ("95bb351da2ee8c4463c5092a931feba5"
"613f7bbf1570ecdefd887d5bae9dc18f"
"a95724c1976c22012fae9cdbf6f70c4a"
"aab721b9a87e17d725d9dd110f933977"
"7df1b807c90af31a").decode("hex")
e = "3fe9c8cffc26443a41ec4a54daf11be86bec0ecb".decode("hex")
iv = "d43b01cc0590035e567e07b44b6ccead".decode("hex")
c = ("a2dec8f74d35c7c8de819041309ea0da"
"720868aa714d72ea94dbb8449b6aec31"
"58af336a27e482ee14fc79af2de4c98b"
"fd0d1114168c6d1b54deb513cc7e5bd6"
"aa7871e9f7b46965").decode("hex")
self.assertEquals(crypto.dataDecrypt(crypto.CryptoAlgo(0x6603), crypto.CryptoAlgo(0x8009), r, e, iv, 1), c)
self.assertEquals(crypto.dataDecrypt(crypto.CryptoAlgo(0x6603), crypto.CryptoAlgo(0x8004), r, e, iv, 1), c)
def decryptWithKey(self, pwdhash):
"""Decrypts the masterkey with the given encryption key. This function
also extracts the HMAC part of the decrypted stuff and compare it with
the computed one.
Note that, once successfully decrypted, the masterkey will not be
decrypted anymore; this function will simply return.
"""
if self.decrypted:
return
if not self.ciphertext:
return
# Compute encryption key
cleartxt = crypto.dataDecrypt(self.cipherAlgo, self.hashAlgo,
self.ciphertext, pwdhash, self.iv,
self.rounds)
self.key = cleartxt[-64:]
self.hmacSalt = cleartxt[:16]
self.hmac = cleartxt[16:16 + self.hashAlgo.digestLength]
self.hmacComputed = crypto.DPAPIHmac(self.hashAlgo, pwdhash,
self.hmacSalt, self.key)
self.decrypted = self.hmac == self.hmacComputed
if self.decrypted:
self.key_hash = hashlib.sha1(self.key).digest()
def test_dataDecrypt_aes256_sha512(self):
r = ("ac23e4d5efcb8979f05fbcb275832a8d"
"ee9576fbaae76a4de7ead2f313e84bf7"
"e4be7940b49319463c8cd25a1b4a67c1"
"5adfbb02e2bbe42c24cd44bec3b9740b"
"45ebcce3a2ef2788867c28168bf93ea0"
"48844897f2854df5ac4eb000f72c3a6f"
"25c65d5347e73c77120cfc3150c87e57"
"52a017510c1486e71a9d0c32b79f333f"
"2d0cda0ecc20774cbed8ca071aab9768").decode("hex")
e = "84e40ab5bab2c5a2965fd185d60cf92fe2c1c9d2".decode("hex")
iv = "1f63ff38751365ec54748b13d962698e".decode("hex")
c = ("d23ad4bb1e254c67e2ff2902de8683b3"
"ca5dc108b821333e2d5059ac6f26db1a"
"7826abdc93feadcf76aa4db9c0ce32ed"
"0b261f95f6960a81195231b91a9dd20b"
"d6a6c5fb8aa6a008b11992d5c191d0b0"
"63dd99a8e4dc85330db0996aedd2a270"
"6405201ed74831e084f3b18fc5fdd209"
"497a2f95c2a4004e54ec731e045d9d38"
"1861c37760c9d9581662adb67f85255e").decode("hex")
self.assertEquals(
crypto.dataDecrypt(crypto.CryptoAlgo(0x6610),
crypto.CryptoAlgo(0x800e), r, e, iv, 5600), c)
def test_dataDecrypt_3des_sha1(self):
r = ("95bb351da2ee8c4463c5092a931feba5"
"613f7bbf1570ecdefd887d5bae9dc18f"
"a95724c1976c22012fae9cdbf6f70c4a"
"aab721b9a87e17d725d9dd110f933977"
"7df1b807c90af31a").decode("hex")
e = "3fe9c8cffc26443a41ec4a54daf11be86bec0ecb".decode("hex")
iv = "d43b01cc0590035e567e07b44b6ccead".decode("hex")
c = ("a2dec8f74d35c7c8de819041309ea0da"
"720868aa714d72ea94dbb8449b6aec31"
"58af336a27e482ee14fc79af2de4c98b"
"fd0d1114168c6d1b54deb513cc7e5bd6"
"aa7871e9f7b46965").decode("hex")
self.assertEquals(crypto.dataDecrypt(crypto.CryptoAlgo(0x6603), crypto.CryptoAlgo(0x8009), r, e, iv, 1), c)
self.assertEquals(crypto.dataDecrypt(crypto.CryptoAlgo(0x6603), crypto.CryptoAlgo(0x8004), r, e, iv, 1), c)
def decryptWithKey(self, enckey):
"""Decrypts this credhist entry using the given encryption key."""
cleartxt = crypto.dataDecrypt(self.cipherAlgo, self.hashAlgo, self.encrypted,
enckey, self.iv, self.rounds)
self.pwdhash = cleartxt[:self.shaHashLen]
self.ntlm = cleartxt[self.shaHashLen:self.shaHashLen + self.ntHashLen].rstrip("\x00")
if len(self.ntlm) != 16:
self.ntlm = None
def decryptWithKey(self, enckey):
"""Decrypts this credhist entry using the given encryption key."""
cleartxt = crypto.dataDecrypt(self.cipherAlgo, self.hashAlgo, self.encrypted,
enckey, self.iv, self.rounds)
self.pwdhash = cleartxt[:self.shaHashLen]
self.ntlm = cleartxt[self.shaHashLen:self.shaHashLen + self.ntHashLen].rstrip(b"\x00")
if len(self.ntlm) != 16:
self.ntlm = None
def test_dataDecrypt_aes256_sha512(self):
r = ("ac23e4d5efcb8979f05fbcb275832a8d"
"ee9576fbaae76a4de7ead2f313e84bf7"
"e4be7940b49319463c8cd25a1b4a67c1"
"5adfbb02e2bbe42c24cd44bec3b9740b"
"45ebcce3a2ef2788867c28168bf93ea0"
"48844897f2854df5ac4eb000f72c3a6f"
"25c65d5347e73c77120cfc3150c87e57"
"52a017510c1486e71a9d0c32b79f333f"
"2d0cda0ecc20774cbed8ca071aab9768").decode("hex")
e = "84e40ab5bab2c5a2965fd185d60cf92fe2c1c9d2".decode("hex")
iv = "1f63ff38751365ec54748b13d962698e".decode("hex")
c = ("d23ad4bb1e254c67e2ff2902de8683b3"
"ca5dc108b821333e2d5059ac6f26db1a"
"7826abdc93feadcf76aa4db9c0ce32ed"
"0b261f95f6960a81195231b91a9dd20b"
"d6a6c5fb8aa6a008b11992d5c191d0b0"
"63dd99a8e4dc85330db0996aedd2a270"
"6405201ed74831e084f3b18fc5fdd209"
"497a2f95c2a4004e54ec731e045d9d38"
"1861c37760c9d9581662adb67f85255e").decode("hex")
self.assertEquals(crypto.dataDecrypt(crypto.CryptoAlgo(0x6610), crypto.CryptoAlgo(0x800e), r, e, iv, 5600), c)
def decryptWithKey(self, pwdhash):
"""Decrypts the masterkey with the given encryption key. This function
also extracts the HMAC part of the decrypted stuff and compare it with
the computed one.
Note that, once successfully decrypted, the masterkey will not be
decrypted anymore; this function will simply return.
"""
if self.decrypted:
return
if not self.ciphertext:
return
## Compute encryption key
cleartxt = crypto.dataDecrypt(self.cipherAlgo, self.hashAlgo, self.ciphertext,
pwdhash, self.iv, self.rounds)
self.key = cleartxt[-64:]
self.hmacSalt = cleartxt[:16]
self.hmac = cleartxt[16:16 + self.hashAlgo.digestLength]
self.hmacComputed = crypto.DPAPIHmac(self.hashAlgo, pwdhash,
self.hmacSalt, self.key)
self.decrypted = self.hmac == self.hmacComputed
if self.decrypted:
self.key_hash = hashlib.sha1(self.key).digest()
