:py:mod:`dissect.hypervisor.util.envelope`
==========================================

.. py:module:: dissect.hypervisor.util.envelope


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.hypervisor.util.envelope.Envelope
   dissect.hypervisor.util.envelope.KeyStore




Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.hypervisor.util.envelope.HAS_PYSTANDALONE
   dissect.hypervisor.util.envelope.HAS_PYCRYPTODOME
   dissect.hypervisor.util.envelope.c_def
   dissect.hypervisor.util.envelope.c_envelope
   dissect.hypervisor.util.envelope.FILE_HEADER_MAGIC
   dissect.hypervisor.util.envelope.FOOTER_AEAD_MAGIC
   dissect.hypervisor.util.envelope.FOOTER_CRYPTO_MAGIC
   dissect.hypervisor.util.envelope.PBKDF2_SALT
   dissect.hypervisor.util.envelope.ENVELOPE_BLOCK_SIZE
   dissect.hypervisor.util.envelope.ENVELOPE_ATTRIBUTE_TYPE_MAP
   dissect.hypervisor.util.envelope.DECRYPT_CHUNK_SIZE
   dissect.hypervisor.util.envelope.EnvelopeAttribute


.. py:data:: HAS_PYSTANDALONE
   :value: True

   

.. py:data:: HAS_PYCRYPTODOME
   :value: True

   

.. py:data:: c_def
   :value: Multiline-String

    .. raw:: html

        <details><summary>Show Value</summary>

    .. code-block:: python

        """
        struct EnvelopeFileHeader {
            char    magic[21];
            char    _pad[483];
            uint32  size;
            uint32  version;
        };
        
        struct DataTransformAeadFooter {
            char    magic[23];
            char    _pad[9];
            char    data[4056];
            uint32  size;
            uint32  version;
        };
        
        struct DataTransformCryptoFooter {
            char    magic[25];
            char    _pad[479];
            uint32  padding;
            uint32  version;
        };
        
        enum AttributeType : uint8 {
            Invalid = 0x0,
            // These are guesses based on size and used attributes
            UInt8 = 0x1,
            UInt16 = 0x2,
            UInt32 = 0x3,
            UInt64 = 0x4,
            Int8 = 0x5,
            Int16 = 0x6,
            Int32 = 0x7,
            Int64 = 0x8,
            Float = 0x9,
            Double = 0xA,
            // These are certain
            String = 0xB,
            Bytes = 0xC
        };
        """

    .. raw:: html

        </details>

   

.. py:data:: c_envelope

   

.. py:data:: FILE_HEADER_MAGIC
   :value: b'DataTransformEnvelope'

   

.. py:data:: FOOTER_AEAD_MAGIC
   :value: b'DataTransformAeadFooter'

   

.. py:data:: FOOTER_CRYPTO_MAGIC
   :value: b'DataTransformCryptoFooter'

   

.. py:data:: PBKDF2_SALT
   :value: b'This is obfuscation, not encryption. If you want encryption, use TPM.'

   

.. py:data:: ENVELOPE_BLOCK_SIZE
   :value: 4096

   

.. py:data:: ENVELOPE_ATTRIBUTE_TYPE_MAP

   

.. py:data:: DECRYPT_CHUNK_SIZE

   

.. py:data:: EnvelopeAttribute

   

.. py:class:: Envelope(fh: BinaryIO)


   Implements an encryption envelope as used within ESXi.

   .. py:method:: decrypt(key: bytes, aad: bytes = None) -> bytes

      Decrypt the data in this envelope.

      :param key: decryption key to use
      :param aad: optional associated data to include for AEAD ciphers



.. py:class:: KeyStore(store: Dict[str, str])


   Implements a file based keystore as used in ESXi.

   .. py:property:: id
      :type: str


   .. py:property:: key
      :type: bytes


   .. py:method:: from_text(text: str)
      :classmethod:

      Parse a key store from a string.

      :param text: string to parse a key store from