|
|
|
|
@ -18,7 +18,6 @@ def aes_decrypt_cbc(key, iv, data):
|
|
|
|
|
cipher = AES.new(key, AES.MODE_CBC, iv)
|
|
|
|
|
return cipher.decrypt(data)
|
|
|
|
|
|
|
|
|
|
prefix = b'v11'
|
|
|
|
|
salt = 'saltysalt'
|
|
|
|
|
derived_key_len = 128 // 8
|
|
|
|
|
num_iterations = 1003
|
|
|
|
|
@ -26,10 +25,14 @@ iv = b' ' * 16
|
|
|
|
|
|
|
|
|
|
def decrypt_encrypted_key(password, encrypted_key):
|
|
|
|
|
encrypted_key = bytes.fromhex(encrypted_key)
|
|
|
|
|
if not encrypted_key.startswith(prefix):
|
|
|
|
|
obs = encrypted_key[:len(prefix)]
|
|
|
|
|
logger.warning(f'expected {prefix} in password prefix but saw {obs}')
|
|
|
|
|
encrypted_key = encrypted_key[len(prefix):]
|
|
|
|
|
if encrypted_key.startswith(b'v10'):
|
|
|
|
|
encrypted_key = b'peanuts'
|
|
|
|
|
logger.warning(f'encryptedKey in config.json is encrypted using the default `peanuts` key')
|
|
|
|
|
elif encrypted_key.startswith(b'v11'):
|
|
|
|
|
encrypted_key = encrypted_key[3:]
|
|
|
|
|
else:
|
|
|
|
|
logger.warning(f'expected v10 or v11 in password prefix but saw {encrypted_key[:3]}')
|
|
|
|
|
encrypted_key = encrypted_key[3:]
|
|
|
|
|
|
|
|
|
|
kek = PBKDF2(password, salt, dkLen = derived_key_len, count = num_iterations, hmac_hash_module = SHA1)
|
|
|
|
|
decrypted_key = unpad(aes_decrypt_cbc(kek, iv, encrypted_key), block_size = 16).decode('ascii')
|
|
|
|
|
|
