support 2.0 keyfiles

Author: Evidlo

pykeepass/kdbx_parsing/common.py

@@ -119,7 +119,17 @@ def compute_key_composite(password=None, keyfile=None):
         try:
             with open(keyfile, 'r') as f:
                 tree = etree.parse(f).getroot()
-                keyfile_composite = base64.b64decode(tree.find('Key/Data').text)
+                version = tree.find('Meta/Version').text
+                data_element = tree.find('Key/Data')
+                if version.startswith('1.0'):
+                    keyfile_composite = base64.b64decode(data_element.text)
+                elif version.startswith('2.0'):
+                    # read keyfile data and convert to bytes
+                    keyfile_composite = bytes.fromhex(data_element.text.strip())
+                    # validate bytes against hash
+                    hash = bytes.fromhex(data_element.attrib['Hash'])
+                    hash_computed = hashlib.sha256(keyfile_composite).digest()[:4]
+                    assert hash == hash_computed, "Keyfile has invalid hash"
         # otherwise, try to read plain keyfile
         except (etree.XMLSyntaxError, UnicodeDecodeError):
             try:

tests/test4_keyx.kdbx

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8"?>
+<KeyFile>
+	<Meta>
+		<Version>2.0</Version>
+	</Meta>
+	<Key>
+		<Data Hash="F79BE54D">
+			30D73184 FBE1C7C4 B07EE4D6 BC4F118B
+			87577CAB 5CB8846F 5FD286FF F98BF9A9
+		</Data>
+	</Key>
+</KeyFile>