示例#1
0
def gen_mac_login():
    optestlib.p_debug('\n** Mac login details for accounts table')
    enc_login = {'email': Email, 'personalKey': SecretKey}

    muk = {
        'k': optestlib.opb64e(sym_keys['mp']),
        'key_ops': ['encrypt', 'decrypt'],
        'alg': 'A256GCM',
        'ext': True,
        'key': 'oct',
        'kid': 'mp'
    }

    srp = {
        'hexX': optestlib.opb64e(sym_keys['srp-x']),
        'params': {
            'method': alg_srp,
            'iterations': p2c_srp,
            'alg': alg_muk,
            'salt': optestlib.opb64e(p2s_srp)
        }
    }

    enc_login['masterUnlockKey'] = muk
    enc_login['SRPComputedXDictionary'] = srp

    optestlib.p_str("mac enc_login contents:", json.dumps(enc_login, indent=4))

    return enc_login
示例#2
0
def gen_rsa_key(ekid, pub=None, priv=None):

    if priv == None:
        new_priv = RSA.generate(2048)
        jwk_priv = RSAKey(key=new_priv).to_dict()
        iv = None
    else:
        iv = optestlib.opb64d(priv['iv'])
        jwk_priv = priv['key']

    if pub == None:
        new_pub = new_priv.publickey()
        jwk_pub = RSAKey(key=new_pub).to_dict()
    else:
        jwk_pub = pub

    jwk_priv['alg'] = 'RSA-OAEP'
    jwk_priv['key_ops'] = ['decrypt']
    jwk_priv['kid'] = ekid

    jwk_pub['key_ops'] = ['encrypt']
    jwk_pub['alg'] = 'RSA-OAEP'
    jwk_pub['ext'] = True
    jwk_pub['kid'] = ekid

    optestlib.p_str("New Private key", json.dumps(jwk_priv, indent=4))

    pri_keys[ekid] = jwk_priv
    pub_keys[ekid] = jwk_pub

    key_dat_str = json.dumps(jwk_priv)

    optestlib.p_debug('\n*** Encrypting pri key with AES kid %s' % ekid)

    iv, ct = optestlib.enc_aes_gcm(key_dat_str, sym_keys[ekid], iv=iv)

    optestlib.p_data('IV', iv, dump=False)
    optestlib.p_data('KEY', sym_keys[ekid], dump=False)
    optestlib.p_data('Ciphertext', ct, dump=False)

    priv_out = {
        'kid': ekid,
        'cty': 'b5+jwk+json',
        'enc': 'A256GCM',
        'data': optestlib.opb64e(ct),
        'iv': optestlib.opb64e(iv)
    }

    optestlib.p_str("New Public key", json.dumps(jwk_pub, indent=4))

    return jwk_pub, priv_out
示例#3
0
def enc_mac_login(kid, mac_login_data):
    out_pt = json.dumps(mac_login_data)

    iv = read_default('mac_enc_login_iv')
    iv, ct = optestlib.enc_aes_gcm(out_pt, sym_keys[kid], iv=iv)

    out = {
        'iv': optestlib.opb64e(iv),
        'data': optestlib.opb64e(ct),
        'enc': 'A256GCM',
        'cty': 'b5+jwk+json',
        'kid': kid
    }

    optestlib.p_str('Encrypted macOS enc_login:', out)

    return out
示例#4
0
def gen_sym_key(ekid, new_kid=None, iv=None, k=None):
    out = {'kid': ekid, 'cty': 'b5+jwk+json'}

    if new_kid != None:
        kid = new_kid
    else:
        kid = gen_uuid()

    if k != None:
        new_key = k
    else:
        new_key = get_random_bytes(32)

    key_dat = {
        'alg': 'A256GCM',
        'ext': True,
        'key_ops': ['decrypt', 'encrypt'],
        'kty': 'oct',
        'kid': kid
    }

    key_dat['k'] = optestlib.opb64e(new_key)

    key_dat_str = json.dumps(key_dat)
    optestlib.p_str("New symmetric key", json.dumps(key_dat, indent=4))

    sym_keys[kid] = new_key
    if ekid == 'mp':
        #        sym_keys['mk'] = new_key

        optestlib.p_debug('\n*** Encrypting sym key with AES kid %s' % ekid)
        iv, ct = optestlib.enc_aes_gcm(key_dat_str, sym_keys[ekid], iv=iv)

        optestlib.p_data('IV', iv, dump=False)
        optestlib.p_data('KEY', sym_keys[ekid], dump=False)
        optestlib.p_data('Ciphertext', ct, dump=False)

        out['iv'] = optestlib.opb64e(iv)
        out['data'] = optestlib.opb64e(ct)
        out['enc'] = 'A256GCM'

    else:  # only the primary sym_key is itself AES encrypted, rest by RSA
        optestlib.p_debug('\n*** Encrypting sym key with RSA kid %s\n' % ekid)

        jwkj = '{"keys": [%s]}' % json.dumps(pub_keys[ekid])
        jwk = load_jwks(jwkj)[0]
        optestlib.p_str('Public key e:', jwk.e)
        optestlib.p_str('Public key n:', jwk.n)
        RSA_Key = RSA.construct((jwk.n, jwk.e))

        C = PKCS1_OAEP.new(RSA_Key)
        ct = C.encrypt(key_dat_str)

        out['enc'] = 'RSA-OAEP'
        out['data'] = optestlib.opb64e(ct)
        optestlib.p_debug('')
        optestlib.p_data('RSA-OAEP ciphertext', ct, dump=False)

    return kid, out
示例#5
0
enc_master_key_data = optestlib.get_binary(
    "  Enter master_key_data (hex or base64): ")

enc_overview_key_data = optestlib.get_binary(
    "  Enter overview_key_data (hex or base64): ")

mk, mk_hmac, ok, ok_hmac = optestlib.get_local_vault_keys(
    password, salt, enc_master_key_data, enc_overview_key_data)

print "\n* Derived/Decrypted/Derived Vault Keys"

optestlib.p_data('Master Key', mk, dump=False)
optestlib.p_data('Master HMAC Key', mk_hmac, dump=False)
optestlib.p_data('Overview Key', ok, dump=False)
optestlib.p_data('Overview HMAC Key', ok_hmac, dump=False)

print "\n(Base-64 versions for convenience:"

optestlib.p_str('Master key', optestlib.opb64e(mk))
optestlib.p_str('Master HMAC key', optestlib.opb64e(mk_hmac))
optestlib.p_str('Overview key', optestlib.opb64e(ok))
optestlib.p_str('Overview HMAC key', optestlib.opb64e(ok_hmac))

enc_login_data = optestlib.get_binary(
    "\nEnter encrypted login data (from accounts table) (hex / base64): ")

PT = optestlib.decrypt_opdata(enc_login_data, mk, mk_hmac)

optestlib.p_str('Decrypted enc_login', PT)
示例#6
0
m_hmac = optestlib.get_binary(
    "Enter master HMAC key (base-64 or hex encoded): ")
o_key = optestlib.get_binary(
    "Enter overview encryption key (base-64 or hex encoded): ")
o_hmac = optestlib.get_binary(
    "Enter master HMAC key (base-64 or hex encoded): ")

o_data = optestlib.get_binary('Enter overview data (base-64 or hex): ')
i_key_data_enc = optestlib.get_binary('Enter item key data (base-64 or hex): ')
i_data = optestlib.get_binary('Enter item detail data (base-64 or hex): ')

print "\n* Decrypting item overview\n"

o_pt = optestlib.decrypt_opdata(o_data, o_key, o_hmac)

optestlib.p_str('Item Overview', o_pt)

print "\n* Decrypting item keys\n"

i_key_data = optestlib.decrypt_verify_cbc(i_key_data_enc, m_key, m_hmac)
i_key = i_key_data[0:32]
i_hmac = i_key_data[32:]

optestlib.p_data('Item Key', i_key)
optestlib.p_data('Item HMAC', i_hmac)

print "\n* Decrypting item details\n"

i_pt = optestlib.decrypt_opdata(i_data, i_key, i_hmac)
optestlib.p_str('Item Details', o_pt)
示例#7
0
#
# David Schuetz
# November 2018
#
# https://github.com/dschuetz/1password
#
# Given EMK blob from Windows "1Password10.sqlite" database,
#   and user's primary account Master Password,
#   decrypts EMK blob to produce master encryption and HMAC keys
#

import optestlib

bin_emk = optestlib.get_binary(
    'Enter EMK data (from config table) in base-64 or hex:  ')

password = raw_input("\nEnter the master password: ")

PT = optestlib.decrypt_emk(bin_emk, password)

enc_key = PT[0:32]
hmac_key = PT[32:]

optestlib.p_data('Master Enc Key', enc_key)
optestlib.p_str('(base-64)', optestlib.opb64e(enc_key))
optestlib.p_data('Master HMAC Key', hmac_key)
optestlib.p_str('(base-64)', optestlib.opb64e(hmac_key))

optestlib.p_str('Enc+HMAC together', optestlib.opb64e(enc_key + hmac_key))
示例#8
0
#
# Given email, Secret Key, Master Password, and elements from "enc_sym_key"
#   from the primary account's first keyset ("encrypted_by = mp"),
#   computes 1Password 2SKD result for MUK and SRP-X
#

import optestlib

secret_key = raw_input(
    "\nEnter the account's Secret Key (A3-xxx....): ").upper()

password = raw_input("\nEnter the master password:"******"\nEnter the email address: ")

p2s = optestlib.get_binary(
    "\nEnter the 'p2s' parameter (salt, base-64 or hex encoded): ")

p2c = raw_input("\nEnter the 'p2c' parameter (iterations count): ")
p2c = int(p2c)

algo = raw_input(
    "\nEnter the 'alg' parameter\n  (PBES2g-HS256 for MUK, SRPg-4096 for SRP-x) (note: case sensitive): "
)

print "\n"

muk = optestlib.compute_2skd(secret_key, password, email, p2s, p2c, algo)

optestlib.p_str('\nBase-64 Encoded result:', optestlib.opb64e(muk))