regenerate seeds on save

Author: Evidlo

CHANGELOG.rst

@@ -1,3 +1,7 @@
+- 2025-03-04
+------------------
+- fixed #219 - seeds not regenerated on save
+
 4.1.1 - 2025-03-04
 ------------------
 - fixed #410 - support empty string as password

pykeepass/kdbx_parsing/common.py

@@ -13,16 +13,21 @@
     Adapter,
     BitsSwapped,
     BitStruct,
+    Construct,
     Container,
     Flag,
     GreedyBytes,
     Int32ul,
     ListContainer,
     Mapping,
     Padding,
+    SizeofError,
     Switch,
+    stream_read_entire,
+    stream_write,
 )
 from Cryptodome.Cipher import AES, ChaCha20, Salsa20
+from Cryptodome.Random import get_random_bytes
 from Cryptodome.Util import Padding as CryptoPadding
 from lxml import etree
 
@@ -81,6 +86,28 @@ def _encode(self, obj, context, path):
 
         return ListContainer(l)
 
+    def _build(self, obj, stream, context, path):
+        obj2 = self._encode(obj, context, path)
+        buildret = self.subcon._build(obj2, stream, context, path)
+        if buildret is not None:
+            return self._decode(buildret, context, path)
+        return obj
+
+
+class RandomGreedyBytes(Construct):
+    """Parses like GreedyBytes, but generates random bytes of same length during build."""
+
+    def _parse(self, stream, context, path):
+        return stream_read_entire(stream, path)
+
+    def _build(self, obj, stream, context, path):
+        data = get_random_bytes(len(obj))
+        stream_write(stream, data, len(data), path)
+        return data
+
+    def _sizeof(self, context, path):
+        raise SizeofError(path=path)
+
 
 def Reparsed(subcon_out):
     class Reparsed(Adapter):

pykeepass/kdbx_parsing/kdbx.py

@@ -1,4 +1,5 @@
 from construct import Bytes, Check, Int16ul, RawCopy, Struct, Switch, this
+from construct import stream_seek, stream_tell, stream_read, stream_write
 
 from .kdbx3 import Body as Body3
 from .kdbx3 import DynamicHeader as DynamicHeader3
@@ -10,8 +11,19 @@
 def check_signature(ctx):
     return ctx.sig1 == b'\x03\xd9\xa2\x9a' and ctx.sig2 == b'\x67\xFB\x4B\xB5'
 
+
+class RawCopyRebuild(RawCopy):
+    """RawCopy that always rebuilds from .value, ignoring cached .data.
+    This ensures subcons like RandomGreedyBytes run on every build."""
+
+    def _build(self, obj, stream, context, path):
+        if 'data' in obj:
+            del obj['data']
+        return super()._build(obj, stream, context, path)
+
+
 KDBX = Struct(
-    "header" / RawCopy(
+    "header" / RawCopyRebuild(
         Struct(
             "sig1" / Bytes(4),
             "sig2" / Bytes(4),

pykeepass/kdbx_parsing/kdbx3.py

@@ -36,6 +36,7 @@
     Decompressed,
     DynamicDict,
     ProtectedStreamId,
+    RandomGreedyBytes,
     Reparsed,
     TwoFishPayload,
     Unprotect,
@@ -97,7 +98,12 @@ def compute_transformed(context):
             {'compression_flags': CompressionFlags,
              'cipher_id': CipherId,
              'transform_rounds': Int64ul,
-             'protected_stream_id': ProtectedStreamId
+             'protected_stream_id': ProtectedStreamId,
+             'master_seed': RandomGreedyBytes(),
+             'transform_seed': RandomGreedyBytes(),
+             'encryption_iv': RandomGreedyBytes(),
+             'protected_stream_key': RandomGreedyBytes(),
+             'stream_start_bytes': RandomGreedyBytes(),
              },
             default=GreedyBytes
         )

pykeepass/kdbx_parsing/kdbx4.py

@@ -42,6 +42,7 @@
     Decompressed,
     DynamicDict,
     ProtectedStreamId,
+    RandomGreedyBytes,
     Reparsed,
     TwoFishPayload,
     Unprotect,
@@ -129,7 +130,7 @@ def compute_header_hmac_hash(context):
              0x08: Flag,
              0x0C: Int32sl,
              0x0D: Int64sl,
-             0x42: GreedyBytes,
+             0x42: Switch(this.key, {'S': RandomGreedyBytes()}, default=GreedyBytes),
              0x18: GreedyString('utf-8')
              }
         )
@@ -173,7 +174,9 @@ def compute_header_hmac_hash(context):
             this.id,
             {'compression_flags': CompressionFlags,
              'kdf_parameters': VariantDictionary,
-             'cipher_id': CipherId
+             'cipher_id': CipherId,
+             'master_seed': RandomGreedyBytes(),
+             'encryption_iv': RandomGreedyBytes(),
              },
             default=GreedyBytes
         )
@@ -254,7 +257,9 @@ def compute_payload_block_hash(this):
         Int32ul,
         Switch(
             this.type,
-            {'protected_stream_id': ProtectedStreamId},
+            {'protected_stream_id': ProtectedStreamId,
+             'protected_stream_key': RandomGreedyBytes(),
+             },
             default=GreedyBytes
         )
     )

pykeepass/pykeepass.py

@@ -1,4 +1,5 @@
 import base64
+import io
 import logging
 import os
 import re
@@ -155,14 +156,18 @@ def save(self, filename=None, transformed_key=None):
             filename = self.filename
 
         if hasattr(filename, "write"):
+            # buffer stream writes to prevent corruption on failure
+            # (same principle as temp file for disk saves)
+            buffer = io.BytesIO()
             KDBX.build_stream(
                 self.kdbx,
-                filename,
+                buffer,
                 password=self.password,
                 keyfile=self.keyfile,
                 transformed_key=transformed_key,
                 decrypt=True
             )
+            filename.write(buffer.getvalue())
         else:
             # save to temporary file to prevent database clobbering
             # see issues 223, 101