PyPI - dissect.fve - Versions diffs - 4.1.dev2__tar.gz → 4.2.dev2__tar.gz - Mend

dissect.fve 4.1.dev2tar.gz → 4.2.dev2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (72) hide show

{dissect_fve-4.1.dev2 → dissect_fve-4.2.dev2}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
-Metadata-Version: 2.2
+Metadata-Version: 2.4
 Name: dissect.fve
-Version: 4.1.dev2
+Version: 4.2.dev2
 Summary: A Dissect module implementing a parsers for full volume encryption implementations, currently Linux Unified Key Setup (LUKS1 and LUKS2) and Microsoft's Bitlocker Disk Encryption
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3
@@ -24,7 +24,7 @@ License-File: LICENSE
 License-File: COPYRIGHT
 Requires-Dist: dissect.cstruct<5,>=4
 Requires-Dist: dissect.util<4,>=3
-Requires-Dist: pycryptodome
+Requires-Dist: pycryptodome==3.22.0
 Requires-Dist: argon2-cffi
 Provides-Extra: full
 Requires-Dist: dissect.target; extra == "full"
@@ -32,6 +32,7 @@ Requires-Dist: rich; extra == "full"
 Provides-Extra: dev
 Requires-Dist: dissect.cstruct<5.0.dev,>=4.0.dev; extra == "dev"
 Requires-Dist: dissect.util<4.0.dev,>=3.0.dev; extra == "dev"
+Dynamic: license-file
 # dissect.fve

{dissect_fve-4.1.dev2 → dissect_fve-4.2.dev2}/dissect/fve/bde/bde.py RENAMED Viewed

@@ -79,6 +79,8 @@ class BDE:
         if self._valid_eow_information:
             self.eow_information = self._valid_eow_information[0]
+        self._fvek_datum = None
+        self._fvek_type = None
         self._fvek = None
     @property
@@ -137,7 +139,7 @@ class BDE:
         """Return whether this volume can be unlocked with a BEK file."""
         return len(list(self.information.dataset.find_external_vmk())) != 0
-    def unlock(self, key: bytes) -> None:
+    def unlock(self, key: bytes) -> BDE:
         """Unlock this volume with the specified encryption key."""
         self.information.check_integrity(key)
@@ -149,27 +151,31 @@ class BDE:
         if not isinstance(fvek, KeyDatum):
             raise TypeError("Invalid unboxed FVEK")
-        self._fvek = fvek
+        self._fvek_datum = fvek
+        self._fvek_type = fvek.key_type
+        self._fvek = fvek.data
-    def unlock_with_clear_key(self) -> None:
+        return self
+    def unlock_with_clear_key(self) -> BDE:
         """Unlock this volume with the clear/obfuscated key."""
         vmk = self.information.dataset.find_clear_vmk()
         if not vmk:
             raise ValueError("No clear VMK found")
-        self.unlock(vmk.decrypt(vmk.clear_key()))
+        return self.unlock(vmk.decrypt(vmk.clear_key()))
-    def unlock_with_recovery_password(self, recovery_password: str, identifier: UUID | str | None = None) -> None:
+    def unlock_with_recovery_password(self, recovery_password: str, identifier: UUID | str | None = None) -> BDE:
         """Unlock this volume with the recovery password."""
         recovery_key = derive_recovery_key(recovery_password)
-        self._unlock_with_user_key(self.information.dataset.find_recovery_vmk(), recovery_key, identifier)
+        return self._unlock_with_user_key(self.information.dataset.find_recovery_vmk(), recovery_key, identifier)
-    def unlock_with_passphrase(self, passphrase: str, identifier: UUID | str | None = None) -> None:
+    def unlock_with_passphrase(self, passphrase: str, identifier: UUID | str | None = None) -> BDE:
         """Unlock this volume with the user passphrase."""
         user_key = derive_user_key(passphrase)
-        self._unlock_with_user_key(self.information.dataset.find_passphrase_vmk(), user_key, identifier)
+        return self._unlock_with_user_key(self.information.dataset.find_passphrase_vmk(), user_key, identifier)
-    def unlock_with_bek(self, bek_fh: BinaryIO) -> None:
+    def unlock_with_bek(self, bek_fh: BinaryIO) -> BDE:
         """Unlock this volume with a BEK file."""
         bek_ds = Dataset(bek_fh)
         startup_key = bek_ds.find_startup_key()
@@ -183,11 +189,17 @@ class BDE:
             raise ValueError("No compatible VMK found")
         decrypted_key = vmk.decrypt(startup_key.external_key())
-        self.unlock(decrypted_key)
+        return self.unlock(decrypted_key)
+    def unlock_with_fvek(self, key: bytes) -> BDE:
+        """Unlock this volume with a raw FVEK key."""
+        self._fvek_type = self.information.dataset.fvek_type
+        self._fvek = key
+        return self
     def _unlock_with_user_key(
         self, vmks: list[VmkInfoDatum], user_key: bytes, identifier: UUID | str | None = None
-    ) -> None:
+    ) -> BDE:
         decrypted_key = None
         for vmk in vmks:
             if identifier and str(identifier) != str(vmk.identifier):
@@ -207,7 +219,7 @@ class BDE:
         else:
             raise ValueError("No compatible VMK found")
-        self.unlock(decrypted_key)
+        return self.unlock(decrypted_key)
     def open(self) -> BitlockerStream:
         """Open this volume and return a readable (decrypted) stream."""
@@ -340,8 +352,8 @@ class BitlockerStream(AlignedStream):
         if self.bde.encrypted:
             self.encrypted = True
             self.cipher = create_cipher(
-                CIPHER_MAP[bde._fvek.key_type],
-                bde._fvek.data,
+                CIPHER_MAP[bde._fvek_type],
+                bde._fvek,
                 sector_size=self.sector_size,
                 iv_sector_size=self.sector_size,
             )

{dissect_fve-4.1.dev2 → dissect_fve-4.2.dev2}/dissect/fve/bde/information.py RENAMED Viewed

@@ -314,32 +314,7 @@ class Datum:
         header = c_bde.FVE_DATUM(fh)
         fh.seek(offset)
-        datum_type_map = {
-            FVE_DATUM_TYPE.KEY: KeyDatum,
-            FVE_DATUM_TYPE.UNICODE: UnicodeDatum,
-            FVE_DATUM_TYPE.STRETCH_KEY: StretchKeyDatum,
-            FVE_DATUM_TYPE.USE_KEY: UseKeyDatum,
-            FVE_DATUM_TYPE.AES_CCM_ENCRYPTED_KEY: AesCcmEncryptedDatum,
-            FVE_DATUM_TYPE.TPM_ENCRYPTED_BLOB: TpmEncryptedBlobDatum,
-            FVE_DATUM_TYPE.VALIDATION_INFO: ValidationInfoDatum,
-            FVE_DATUM_TYPE.VOLUME_MASTER_KEY_INFO: VmkInfoDatum,
-            FVE_DATUM_TYPE.EXTERNAL_INFO: ExternalInfoDatum,
-            FVE_DATUM_TYPE.UPDATE: UpdateDatum,
-            FVE_DATUM_TYPE.ERROR_LOG: ErrorLogDatum,
-            FVE_DATUM_TYPE.ASYMMETRIC_ENCRYPTED_KEY: AsymmetricEncryptedDatum,
-            FVE_DATUM_TYPE.EXPORTED_KEY: ExportedPublicKeyDatum,
-            FVE_DATUM_TYPE.PUBLIC_KEY_INFO: PublicKeyInfoDatum,
-            FVE_DATUM_TYPE.VIRTUALIZATION_INFO: VirtualizationInfoDatum,
-            FVE_DATUM_TYPE.SIMPLE_1: SimpleDatum,
-            FVE_DATUM_TYPE.SIMPLE_2: SimpleDatum,
-            FVE_DATUM_TYPE.CONCAT_HASH_KEY: ConcatHashKeyDatum,
-            FVE_DATUM_TYPE.SIMPLE_3: SimpleDatum,
-            FVE_DATUM_TYPE.SIMPLE_LARGE: SimpleLargeDatum,
-            FVE_DATUM_TYPE.BACKUP_INFO: BackupInfoDatum,
-        }
-        datum_type = FVE_DATUM_TYPE(header.Type)
-        return datum_type_map.get(datum_type, Datum)(fh)
+        return DATUM_TYPE_MAP.get(FVE_DATUM_TYPE(header.Type), Datum)(fh)
     @classmethod
     def from_bytes(cls, buf: bytes) -> Datum:
@@ -750,3 +725,28 @@ class AesCbc256HmacSha512EncryptedDatum(Datum):
     @property
     def data(self) -> bytes:
         return self._data[len(self.__struct__) :]
+DATUM_TYPE_MAP = {
+    FVE_DATUM_TYPE.KEY: KeyDatum,
+    FVE_DATUM_TYPE.UNICODE: UnicodeDatum,
+    FVE_DATUM_TYPE.STRETCH_KEY: StretchKeyDatum,
+    FVE_DATUM_TYPE.USE_KEY: UseKeyDatum,
+    FVE_DATUM_TYPE.AES_CCM_ENCRYPTED_KEY: AesCcmEncryptedDatum,
+    FVE_DATUM_TYPE.TPM_ENCRYPTED_BLOB: TpmEncryptedBlobDatum,
+    FVE_DATUM_TYPE.VALIDATION_INFO: ValidationInfoDatum,
+    FVE_DATUM_TYPE.VOLUME_MASTER_KEY_INFO: VmkInfoDatum,
+    FVE_DATUM_TYPE.EXTERNAL_INFO: ExternalInfoDatum,
+    FVE_DATUM_TYPE.UPDATE: UpdateDatum,
+    FVE_DATUM_TYPE.ERROR_LOG: ErrorLogDatum,
+    FVE_DATUM_TYPE.ASYMMETRIC_ENCRYPTED_KEY: AsymmetricEncryptedDatum,
+    FVE_DATUM_TYPE.EXPORTED_KEY: ExportedPublicKeyDatum,
+    FVE_DATUM_TYPE.PUBLIC_KEY_INFO: PublicKeyInfoDatum,
+    FVE_DATUM_TYPE.VIRTUALIZATION_INFO: VirtualizationInfoDatum,
+    FVE_DATUM_TYPE.SIMPLE_1: SimpleDatum,
+    FVE_DATUM_TYPE.SIMPLE_2: SimpleDatum,
+    FVE_DATUM_TYPE.CONCAT_HASH_KEY: ConcatHashKeyDatum,
+    FVE_DATUM_TYPE.SIMPLE_3: SimpleDatum,
+    FVE_DATUM_TYPE.SIMPLE_LARGE: SimpleLargeDatum,
+    FVE_DATUM_TYPE.BACKUP_INFO: BackupInfoDatum,
+}

{dissect_fve-4.1.dev2 → dissect_fve-4.2.dev2}/dissect.fve.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
-Metadata-Version: 2.2
+Metadata-Version: 2.4
 Name: dissect.fve
-Version: 4.1.dev2
+Version: 4.2.dev2
 Summary: A Dissect module implementing a parsers for full volume encryption implementations, currently Linux Unified Key Setup (LUKS1 and LUKS2) and Microsoft's Bitlocker Disk Encryption
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3
@@ -24,7 +24,7 @@ License-File: LICENSE
 License-File: COPYRIGHT
 Requires-Dist: dissect.cstruct<5,>=4
 Requires-Dist: dissect.util<4,>=3
-Requires-Dist: pycryptodome
+Requires-Dist: pycryptodome==3.22.0
 Requires-Dist: argon2-cffi
 Provides-Extra: full
 Requires-Dist: dissect.target; extra == "full"
@@ -32,6 +32,7 @@ Requires-Dist: rich; extra == "full"
 Provides-Extra: dev
 Requires-Dist: dissect.cstruct<5.0.dev,>=4.0.dev; extra == "dev"
 Requires-Dist: dissect.util<4.0.dev,>=3.0.dev; extra == "dev"
+Dynamic: license-file
 # dissect.fve

{dissect_fve-4.1.dev2 → dissect_fve-4.2.dev2}/dissect.fve.egg-info/requires.txt RENAMED Viewed

@@ -1,6 +1,6 @@
 dissect.cstruct<5,>=4
 dissect.util<4,>=3
-pycryptodome
+pycryptodome==3.22.0
 argon2-cffi
 [dev]

{dissect_fve-4.1.dev2 → dissect_fve-4.2.dev2}/pyproject.toml RENAMED Viewed

@@ -27,7 +27,7 @@ classifiers = [
 dependencies = [
     "dissect.cstruct>=4,<5",
     "dissect.util>=3,<4",
-    "pycryptodome",
+    "pycryptodome==3.22.0",
     "argon2-cffi",
 ]
 dynamic = ["version"]

{dissect_fve-4.1.dev2 → dissect_fve-4.2.dev2}/tests/test_bde.py RENAMED Viewed

@@ -65,6 +65,20 @@ def _verify_bek_crypto(test_file: BinaryIO, bek_file: BinaryIO, fvek_type: c_bde
     _verify_crypto_stream(bde_obj)
+def _verify_raw_key_crypto(test_file: BinaryIO, raw_key: bytes, fvek_type: c_bde.FVE_KEY_TYPE) -> None:
+    bde_obj = bde.BDE(test_file)
+    assert bde_obj.encrypted
+    assert bde_obj.information.current_state == bde_obj.information.next_state == c_bde.FVE_STATE.ENCRYPTED
+    assert bde_obj.information.dataset.fvek_type == fvek_type
+    assert not bde_obj.unlocked
+    bde_obj.unlock_with_fvek(raw_key)
+    assert bde_obj.unlocked
+    _verify_crypto_stream(bde_obj)
 def test_bde_basic(bde_aes_128: BinaryIO) -> None:
     bde_obj = bde.BDE(bde_aes_128)
@@ -157,6 +171,46 @@ def test_bde_bek(test_file: str, bek_file: str, key_type: c_bde.FVE_KEY_TYPE) ->
         _verify_bek_crypto(fh, bek_fh, key_type)
+@pytest.mark.parametrize(
+    ("test_file", "raw_key", "key_type"),
+    [
+        (
+            "_data/bde/aes_128.bin.gz",
+            "84c3a3157e5f21dee140005220bc940e",
+            c_bde.FVE_KEY_TYPE.AES_128,
+        ),
+        (
+            "_data/bde/aes_256.bin.gz",
+            "dd3885ef9948c8dc6ad1b54a6c4a4b6fb74b44d1d9775ac7ed186c35f1b59022",
+            c_bde.FVE_KEY_TYPE.AES_256,
+        ),
+        (
+            "_data/bde/aes_128_diffuser.bin.gz",
+            "10730f695df62a49cd3aa1b1c9ae3edf2229c338a3740830e2b19d2b83f9cada268af0e0613921085edc89e1b804de354fd265acf4e5c410b47764bb9565666b",
+            c_bde.FVE_KEY_TYPE.AES_128_DIFFUSER,
+        ),
+        (
+            "_data/bde/aes_256_diffuser.bin.gz",
+            "3a600625f8fd5cc506cf8b30c8ca0600cc32f0c6b54c140789f7518c4fb5c71ba272f34f1a920d5be247298b5d233ce6199023c24d0aefec28717232f9894d1f",
+            c_bde.FVE_KEY_TYPE.AES_256_DIFFUSER,
+        ),
+        (
+            "_data/bde/aes-xts_128.bin.gz",
+            "4eb949c473f0edfc379ad041670ddb9c4da0abdb4482a2c8bb47250493aa1ed5",
+            c_bde.FVE_KEY_TYPE.AES_XTS_128,
+        ),
+        (
+            "_data/bde/aes-xts_256.bin.gz",
+            "c74002df41f5eadeee2549fc009233a2a510726ce08736aba2f84a52ac6e7bbc56b8a824a4dc26cf9c4c2926386319d17427998e045ebfdc789e328e0dc97da4",
+            c_bde.FVE_KEY_TYPE.AES_XTS_256,
+        ),
+    ],
+)
+def test_bde_raw_key(test_file: str, raw_key: str, key_type: c_bde.FVE_KEY_TYPE) -> None:
+    with contextlib.contextmanager(open_file_gz)(test_file) as fh:
+        _verify_raw_key_crypto(fh, bytes.fromhex(raw_key), key_type)
 def test_bde_vista(bde_vista: BinaryIO) -> None:
     bde_obj = bde.BDE(bde_vista)

{dissect_fve-4.1.dev2 → dissect_fve-4.2.dev2}/tox.ini RENAMED Viewed

@@ -35,6 +35,7 @@ deps =
     ruff==0.9.2
 commands =
     ruff format dissect tests
+    ruff check --fix dissect tests
 [testenv:lint]
 package = skip
@@ -55,12 +56,12 @@ deps =
     sphinx-design
     furo
 commands =
-    make -C tests/docs clean
-    make -C tests/docs html
+    make -C tests/_docs clean
+    make -C tests/_docs html
 [testenv:docs-linkcheck]
 allowlist_externals = make
 deps = {[testenv:docs-build]deps}
 commands =
-    make -C tests/docs clean
-    make -C tests/docs linkcheck
+    make -C tests/_docs clean
+    make -C tests/_docs linkcheck