summaryrefslogtreecommitdiffstats
path: root/third_party/waf/waflib/extras/dpapi.py
blob: b94d4823581898597f71e6c86110fc7049d27643 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#! /usr/bin/env python
# encoding: utf-8
# Matt Clarkson, 2012

'''
DPAPI access library (http://msdn.microsoft.com/en-us/library/ms995355.aspx)
This file uses code originally created by Crusher Joe:
http://article.gmane.org/gmane.comp.python.ctypes/420
And modified by Wayne Koorts:
http://stackoverflow.com/questions/463832/using-dpapi-with-python
'''

from ctypes import windll, byref, cdll, Structure, POINTER, c_char, c_buffer
from ctypes.wintypes import DWORD
from waflib.Configure import conf

LocalFree = windll.kernel32.LocalFree
memcpy = cdll.msvcrt.memcpy
CryptProtectData = windll.crypt32.CryptProtectData
CryptUnprotectData = windll.crypt32.CryptUnprotectData
CRYPTPROTECT_UI_FORBIDDEN = 0x01
try:
	extra_entropy = 'cl;ad13 \0al;323kjd #(adl;k$#ajsd'.encode('ascii')
except AttributeError:
	extra_entropy = 'cl;ad13 \0al;323kjd #(adl;k$#ajsd'

class DATA_BLOB(Structure):
	_fields_ = [
		('cbData', DWORD),
		('pbData', POINTER(c_char))
	]

def get_data(blob_out):
	cbData = int(blob_out.cbData)
	pbData = blob_out.pbData
	buffer = c_buffer(cbData)
	memcpy(buffer, pbData, cbData)
	LocalFree(pbData)
	return buffer.raw

@conf
def dpapi_encrypt_data(self, input_bytes, entropy = extra_entropy):
	'''
	Encrypts data and returns byte string

	:param input_bytes: The data to be encrypted
	:type input_bytes: String or Bytes
	:param entropy: Extra entropy to add to the encryption process (optional)
	:type entropy: String or Bytes
	'''
	if not isinstance(input_bytes, bytes) or not isinstance(entropy, bytes):
		self.fatal('The inputs to dpapi must be bytes')
	buffer_in      = c_buffer(input_bytes, len(input_bytes))
	buffer_entropy = c_buffer(entropy, len(entropy))
	blob_in        = DATA_BLOB(len(input_bytes), buffer_in)
	blob_entropy   = DATA_BLOB(len(entropy), buffer_entropy)
	blob_out       = DATA_BLOB()

	if CryptProtectData(byref(blob_in), 'python_data', byref(blob_entropy), 
		None, None, CRYPTPROTECT_UI_FORBIDDEN, byref(blob_out)):
		return get_data(blob_out)
	else:
		self.fatal('Failed to decrypt data')

@conf
def dpapi_decrypt_data(self, encrypted_bytes, entropy = extra_entropy):
	'''
	Decrypts data and returns byte string

	:param encrypted_bytes: The encrypted data
	:type encrypted_bytes: Bytes
	:param entropy: Extra entropy to add to the encryption process (optional)
	:type entropy: String or Bytes
	'''
	if not isinstance(encrypted_bytes, bytes) or not isinstance(entropy, bytes):
		self.fatal('The inputs to dpapi must be bytes')
	buffer_in      = c_buffer(encrypted_bytes, len(encrypted_bytes))
	buffer_entropy = c_buffer(entropy, len(entropy))
	blob_in        = DATA_BLOB(len(encrypted_bytes), buffer_in)
	blob_entropy   = DATA_BLOB(len(entropy), buffer_entropy)
	blob_out       = DATA_BLOB()
	if CryptUnprotectData(byref(blob_in), None, byref(blob_entropy), None,
		None, CRYPTPROTECT_UI_FORBIDDEN, byref(blob_out)):
		return get_data(blob_out)
	else:
		self.fatal('Failed to decrypt data')