forked from mirror/waf
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
88 lines
2.9 KiB
Python
88 lines
2.9 KiB
Python
#! /usr/bin/env python
|
|
# encoding: utf-8
|
|
# Matt Clarkson, 2012
|
|
|
|
'''
|
|
DPAPI access library (http://msdn.microsoft.com/en-us/library/ms995355.aspx)
|
|
This file uses code originally created by Crusher Joe:
|
|
http://article.gmane.org/gmane.comp.python.ctypes/420
|
|
And modified by Wayne Koorts:
|
|
http://stackoverflow.com/questions/463832/using-dpapi-with-python
|
|
'''
|
|
|
|
from ctypes import windll, byref, cdll, Structure, POINTER, c_char, c_buffer
|
|
from ctypes.wintypes import DWORD
|
|
from waflib.Configure import conf
|
|
|
|
LocalFree = windll.kernel32.LocalFree
|
|
memcpy = cdll.msvcrt.memcpy
|
|
CryptProtectData = windll.crypt32.CryptProtectData
|
|
CryptUnprotectData = windll.crypt32.CryptUnprotectData
|
|
CRYPTPROTECT_UI_FORBIDDEN = 0x01
|
|
try:
|
|
extra_entropy = 'cl;ad13 \0al;323kjd #(adl;k$#ajsd'.encode('ascii')
|
|
except AttributeError:
|
|
extra_entropy = 'cl;ad13 \0al;323kjd #(adl;k$#ajsd'
|
|
|
|
class DATA_BLOB(Structure):
|
|
_fields_ = [
|
|
('cbData', DWORD),
|
|
('pbData', POINTER(c_char))
|
|
]
|
|
|
|
def get_data(blob_out):
|
|
cbData = int(blob_out.cbData)
|
|
pbData = blob_out.pbData
|
|
buffer = c_buffer(cbData)
|
|
memcpy(buffer, pbData, cbData)
|
|
LocalFree(pbData)
|
|
return buffer.raw
|
|
|
|
@conf
|
|
def dpapi_encrypt_data(self, input_bytes, entropy = extra_entropy):
|
|
'''
|
|
Encrypts data and returns byte string
|
|
|
|
:param input_bytes: The data to be encrypted
|
|
:type input_bytes: String or Bytes
|
|
:param entropy: Extra entropy to add to the encryption process (optional)
|
|
:type entropy: String or Bytes
|
|
'''
|
|
if not isinstance(input_bytes, bytes) or not isinstance(entropy, bytes):
|
|
self.fatal('The inputs to dpapi must be bytes')
|
|
buffer_in = c_buffer(input_bytes, len(input_bytes))
|
|
buffer_entropy = c_buffer(entropy, len(entropy))
|
|
blob_in = DATA_BLOB(len(input_bytes), buffer_in)
|
|
blob_entropy = DATA_BLOB(len(entropy), buffer_entropy)
|
|
blob_out = DATA_BLOB()
|
|
|
|
if CryptProtectData(byref(blob_in), 'python_data', byref(blob_entropy),
|
|
None, None, CRYPTPROTECT_UI_FORBIDDEN, byref(blob_out)):
|
|
return get_data(blob_out)
|
|
else:
|
|
self.fatal('Failed to decrypt data')
|
|
|
|
@conf
|
|
def dpapi_decrypt_data(self, encrypted_bytes, entropy = extra_entropy):
|
|
'''
|
|
Decrypts data and returns byte string
|
|
|
|
:param encrypted_bytes: The encrypted data
|
|
:type encrypted_bytes: Bytes
|
|
:param entropy: Extra entropy to add to the encryption process (optional)
|
|
:type entropy: String or Bytes
|
|
'''
|
|
if not isinstance(encrypted_bytes, bytes) or not isinstance(entropy, bytes):
|
|
self.fatal('The inputs to dpapi must be bytes')
|
|
buffer_in = c_buffer(encrypted_bytes, len(encrypted_bytes))
|
|
buffer_entropy = c_buffer(entropy, len(entropy))
|
|
blob_in = DATA_BLOB(len(encrypted_bytes), buffer_in)
|
|
blob_entropy = DATA_BLOB(len(entropy), buffer_entropy)
|
|
blob_out = DATA_BLOB()
|
|
if CryptUnprotectData(byref(blob_in), None, byref(blob_entropy), None,
|
|
None, CRYPTPROTECT_UI_FORBIDDEN, byref(blob_out)):
|
|
return get_data(blob_out)
|
|
else:
|
|
self.fatal('Failed to decrypt data')
|
|
|