Update copyright notices to...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 1) # SPDX-FileCopyrightText: 2025 Marco Ricci <software@the13thletter.info>
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 2) #
|
Update copyright notices to...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 3) # SPDX-License-Identifier: Zlib
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 4)
|
Add vault_native exporter f...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_native.py 5) """Exporter for the vault native configuration format (v0.2 or v0.3).
src/derivepassphrase/exporter/vault_native.py 6)
src/derivepassphrase/exporter/vault_native.py 7) The vault native formats are the configuration formats used by vault
src/derivepassphrase/exporter/vault_native.py 8) v0.2 and v0.3. The configuration is stored as a single encrypted file,
src/derivepassphrase/exporter/vault_native.py 9) which is encrypted and authenticated. v0.2 and v0.3 differ in some
src/derivepassphrase/exporter/vault_native.py 10) details concerning key derivation and expected format of internal
src/derivepassphrase/exporter/vault_native.py 11) structures, so they are *not* compatible. v0.2 additionally contains
src/derivepassphrase/exporter/vault_native.py 12) cryptographic weaknesses (API misuse of a key derivation function, and
src/derivepassphrase/exporter/vault_native.py 13) a low-entropy method of generating initialization vectors for CBC block
src/derivepassphrase/exporter/vault_native.py 14) encryption mode) and should thus be avoided if possible.
src/derivepassphrase/exporter/vault_native.py 15)
|
Generate nicer documentatio...
Marco Ricci authored 5 months ago
|
src/derivepassphrase/exporter/vault_native.py 16) The public interface is the [`export_vault_native_data`][] function.
src/derivepassphrase/exporter/vault_native.py 17) Multiple *non-public* classes are additionally documented here for
src/derivepassphrase/exporter/vault_native.py 18) didactical and educational reasons, but they are not part of the module
src/derivepassphrase/exporter/vault_native.py 19) API, are subject to change without notice (including removal), and
src/derivepassphrase/exporter/vault_native.py 20) should *not* be used or relied on.
|
Add vault_native exporter f...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_native.py 21)
src/derivepassphrase/exporter/vault_native.py 22) """
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 23)
|
Harmonize the interface for...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 24) # ruff: noqa: S303
src/derivepassphrase/exporter/vault_native.py 25)
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 26) from __future__ import annotations
src/derivepassphrase/exporter/vault_v03_and_below.py 27)
src/derivepassphrase/exporter/vault_v03_and_below.py 28) import abc
src/derivepassphrase/exporter/vault_v03_and_below.py 29) import base64
|
Harmonize the interface for...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 30) import importlib
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 31) import json
src/derivepassphrase/exporter/vault_v03_and_below.py 32) import logging
|
Harmonize the interface for...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 33) import os
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 34) import warnings
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 35) from typing import TYPE_CHECKING
src/derivepassphrase/exporter/vault_v03_and_below.py 36)
|
Make debug and info message...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 37) from derivepassphrase import _cli_msg as _msg
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 38) from derivepassphrase import exporter, vault
src/derivepassphrase/exporter/vault_v03_and_below.py 39)
src/derivepassphrase/exporter/vault_v03_and_below.py 40) if TYPE_CHECKING:
src/derivepassphrase/exporter/vault_v03_and_below.py 41) from typing import Any
src/derivepassphrase/exporter/vault_v03_and_below.py 42)
src/derivepassphrase/exporter/vault_v03_and_below.py 43) from typing_extensions import Buffer
|
Add preliminary tests for t...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 44)
src/derivepassphrase/exporter/vault_v03_and_below.py 45) if TYPE_CHECKING:
src/derivepassphrase/exporter/vault_v03_and_below.py 46) from cryptography import exceptions as crypt_exceptions
src/derivepassphrase/exporter/vault_v03_and_below.py 47) from cryptography import utils as crypt_utils
src/derivepassphrase/exporter/vault_v03_and_below.py 48) from cryptography.hazmat.primitives import ciphers, hashes, hmac, padding
src/derivepassphrase/exporter/vault_v03_and_below.py 49) from cryptography.hazmat.primitives.ciphers import algorithms, modes
src/derivepassphrase/exporter/vault_v03_and_below.py 50) from cryptography.hazmat.primitives.kdf import pbkdf2
src/derivepassphrase/exporter/vault_v03_and_below.py 51) else:
src/derivepassphrase/exporter/vault_v03_and_below.py 52) try:
|
Harmonize the interface for...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 53) importlib.import_module('cryptography')
|
Add preliminary tests for t...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 54) except ModuleNotFoundError as exc:
src/derivepassphrase/exporter/vault_v03_and_below.py 55)
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 56) class _DummyModule: # pragma: no cover
|
Add preliminary tests for t...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 57) def __init__(self, exc: type[Exception]) -> None:
src/derivepassphrase/exporter/vault_v03_and_below.py 58) self.exc = exc
src/derivepassphrase/exporter/vault_v03_and_below.py 59)
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 60) def __getattr__(self, name: str) -> Any: # noqa: ANN401
src/derivepassphrase/exporter/vault_v03_and_below.py 61) def func(*args: Any, **kwargs: Any) -> Any: # noqa: ANN401,ARG001
|
Add preliminary tests for t...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 62) raise self.exc
src/derivepassphrase/exporter/vault_v03_and_below.py 63)
src/derivepassphrase/exporter/vault_v03_and_below.py 64) return func
src/derivepassphrase/exporter/vault_v03_and_below.py 65)
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 66) crypt_exceptions = crypt_utils = _DummyModule(exc)
src/derivepassphrase/exporter/vault_v03_and_below.py 67) ciphers = hashes = hmac = padding = _DummyModule(exc)
src/derivepassphrase/exporter/vault_v03_and_below.py 68) algorithms = modes = pbkdf2 = _DummyModule(exc)
|
Add preliminary tests for t...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 69) STUBBED = True
src/derivepassphrase/exporter/vault_v03_and_below.py 70) else:
|
Harmonize the interface for...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 71) from cryptography import exceptions as crypt_exceptions
src/derivepassphrase/exporter/vault_native.py 72) from cryptography import utils as crypt_utils
src/derivepassphrase/exporter/vault_native.py 73) from cryptography.hazmat.primitives import (
src/derivepassphrase/exporter/vault_native.py 74) ciphers,
src/derivepassphrase/exporter/vault_native.py 75) hashes,
src/derivepassphrase/exporter/vault_native.py 76) hmac,
src/derivepassphrase/exporter/vault_native.py 77) padding,
src/derivepassphrase/exporter/vault_native.py 78) )
src/derivepassphrase/exporter/vault_native.py 79) from cryptography.hazmat.primitives.ciphers import algorithms, modes
src/derivepassphrase/exporter/vault_native.py 80) from cryptography.hazmat.primitives.kdf import pbkdf2
src/derivepassphrase/exporter/vault_native.py 81)
|
Add preliminary tests for t...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 82) STUBBED = False
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 83)
|
Add vault_native exporter f...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_native.py 84) __all__ = ('export_vault_native_data',)
src/derivepassphrase/exporter/vault_native.py 85)
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 86) logger = logging.getLogger(__name__)
src/derivepassphrase/exporter/vault_v03_and_below.py 87)
src/derivepassphrase/exporter/vault_v03_and_below.py 88)
|
Make debug and info message...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 89) def _h(bs: Buffer) -> str:
src/derivepassphrase/exporter/vault_native.py 90) return '<{}>'.format(memoryview(bs).hex(' '))
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 91)
src/derivepassphrase/exporter/vault_v03_and_below.py 92)
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 93) class VaultNativeConfigParser(abc.ABC):
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 94) """A base parser for vault's native configuration format.
src/derivepassphrase/exporter/vault_v03_and_below.py 95)
src/derivepassphrase/exporter/vault_v03_and_below.py 96) Certain details are specific to the respective vault versions, and
src/derivepassphrase/exporter/vault_v03_and_below.py 97) are abstracted out. This class by itself is not instantiable
src/derivepassphrase/exporter/vault_v03_and_below.py 98) because of this.
src/derivepassphrase/exporter/vault_v03_and_below.py 99)
src/derivepassphrase/exporter/vault_v03_and_below.py 100) """
src/derivepassphrase/exporter/vault_v03_and_below.py 101)
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 102) def __init__(self, contents: Buffer, password: str | Buffer) -> None:
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 103) """Initialize the parser.
src/derivepassphrase/exporter/vault_v03_and_below.py 104)
src/derivepassphrase/exporter/vault_v03_and_below.py 105) Args:
src/derivepassphrase/exporter/vault_v03_and_below.py 106) contents:
src/derivepassphrase/exporter/vault_v03_and_below.py 107) The binary contents of the encrypted configuration file.
src/derivepassphrase/exporter/vault_v03_and_below.py 108)
src/derivepassphrase/exporter/vault_v03_and_below.py 109) Note: On disk, these are usually stored in
src/derivepassphrase/exporter/vault_v03_and_below.py 110) base64-encoded form, not in the "raw" form as needed
src/derivepassphrase/exporter/vault_v03_and_below.py 111) here.
src/derivepassphrase/exporter/vault_v03_and_below.py 112)
src/derivepassphrase/exporter/vault_v03_and_below.py 113) password:
src/derivepassphrase/exporter/vault_v03_and_below.py 114) The vault master key/master passphrase the file is
src/derivepassphrase/exporter/vault_v03_and_below.py 115) encrypted with. Must be non-empty. See
|
Generate nicer documentatio...
Marco Ricci authored 5 months ago
|
src/derivepassphrase/exporter/vault_native.py 116) [`exporter.get_vault_key`][] for details.
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 117)
src/derivepassphrase/exporter/vault_v03_and_below.py 118) If this is a text string, then the UTF-8 encoding of the
src/derivepassphrase/exporter/vault_v03_and_below.py 119) string is used as the binary password.
src/derivepassphrase/exporter/vault_v03_and_below.py 120)
|
Update ruff to v0.8.x, refo...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 121) Raises:
src/derivepassphrase/exporter/vault_native.py 122) ValueError:
src/derivepassphrase/exporter/vault_native.py 123) The password must not be empty.
src/derivepassphrase/exporter/vault_native.py 124)
|
Add vault_native exporter f...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_native.py 125) Warning:
src/derivepassphrase/exporter/vault_native.py 126) Non-public class, provided for didactical and educational
src/derivepassphrase/exporter/vault_native.py 127) purposes only. Subject to change without notice, including
src/derivepassphrase/exporter/vault_native.py 128) removal.
src/derivepassphrase/exporter/vault_native.py 129)
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 130) """
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 131) if not password:
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 132) msg = 'Password must not be empty'
|
Update ruff to v0.8.x, refo...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 133) raise ValueError(msg)
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 134) self._contents = bytes(contents)
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 135) self._iv_size = 0
src/derivepassphrase/exporter/vault_v03_and_below.py 136) self._mac_size = 0
src/derivepassphrase/exporter/vault_v03_and_below.py 137) self._encryption_key = b''
src/derivepassphrase/exporter/vault_v03_and_below.py 138) self._encryption_key_size = 0
src/derivepassphrase/exporter/vault_v03_and_below.py 139) self._signing_key = b''
src/derivepassphrase/exporter/vault_v03_and_below.py 140) self._signing_key_size = 0
src/derivepassphrase/exporter/vault_v03_and_below.py 141) self._message = b''
src/derivepassphrase/exporter/vault_v03_and_below.py 142) self._message_tag = b''
src/derivepassphrase/exporter/vault_v03_and_below.py 143) self._iv = b''
src/derivepassphrase/exporter/vault_v03_and_below.py 144) self._payload = b''
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 145) self._password = password
src/derivepassphrase/exporter/vault_v03_and_below.py 146) self._sentinel: object = object()
src/derivepassphrase/exporter/vault_v03_and_below.py 147) self._data: Any = self._sentinel
src/derivepassphrase/exporter/vault_v03_and_below.py 148)
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 149) def __call__(self) -> Any: # noqa: ANN401
src/derivepassphrase/exporter/vault_v03_and_below.py 150) """Return the decrypted and parsed vault configuration.
src/derivepassphrase/exporter/vault_v03_and_below.py 151)
src/derivepassphrase/exporter/vault_v03_and_below.py 152) Raises:
src/derivepassphrase/exporter/vault_v03_and_below.py 153) cryptography.exceptions.InvalidSignature:
src/derivepassphrase/exporter/vault_v03_and_below.py 154) The encrypted configuration does not contain a valid
src/derivepassphrase/exporter/vault_v03_and_below.py 155) signature.
src/derivepassphrase/exporter/vault_v03_and_below.py 156) ValueError:
src/derivepassphrase/exporter/vault_v03_and_below.py 157) The format is invalid, in a non-cryptographic way. (For
src/derivepassphrase/exporter/vault_v03_and_below.py 158) example, it contains an unsupported version marker, or
src/derivepassphrase/exporter/vault_v03_and_below.py 159) unexpected extra contents, or invalid padding.)
src/derivepassphrase/exporter/vault_v03_and_below.py 160)
src/derivepassphrase/exporter/vault_v03_and_below.py 161) """
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 162) if self._data is self._sentinel:
src/derivepassphrase/exporter/vault_v03_and_below.py 163) self._parse_contents()
src/derivepassphrase/exporter/vault_v03_and_below.py 164) self._derive_keys()
src/derivepassphrase/exporter/vault_v03_and_below.py 165) self._check_signature()
src/derivepassphrase/exporter/vault_v03_and_below.py 166) self._data = self._decrypt_payload()
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 167) return self._data
src/derivepassphrase/exporter/vault_v03_and_below.py 168)
src/derivepassphrase/exporter/vault_v03_and_below.py 169) @staticmethod
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 170) def _pbkdf2(
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 171) password: str | Buffer, key_size: int, iterations: int
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 172) ) -> bytes:
|
Document internal functions...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 173) """Generate a key from a password.
src/derivepassphrase/exporter/vault_native.py 174)
src/derivepassphrase/exporter/vault_native.py 175) Uses PBKDF2 with HMAC-SHA1, with the vault UUID as a fixed salt
src/derivepassphrase/exporter/vault_native.py 176) value.
src/derivepassphrase/exporter/vault_native.py 177)
src/derivepassphrase/exporter/vault_native.py 178) Args:
src/derivepassphrase/exporter/vault_native.py 179) password:
src/derivepassphrase/exporter/vault_native.py 180) The password from which to derive the key.
src/derivepassphrase/exporter/vault_native.py 181) key_size:
src/derivepassphrase/exporter/vault_native.py 182) The size of the output string. The effective key size
src/derivepassphrase/exporter/vault_native.py 183) (in bytes) is thus half of this output string size.
src/derivepassphrase/exporter/vault_native.py 184) iterations:
src/derivepassphrase/exporter/vault_native.py 185) The PBKDF2 iteration count.
src/derivepassphrase/exporter/vault_native.py 186)
src/derivepassphrase/exporter/vault_native.py 187) Returns:
src/derivepassphrase/exporter/vault_native.py 188) The PBKDF2-derived key, encoded as a lowercase ASCII
src/derivepassphrase/exporter/vault_native.py 189) hexadecimal string.
src/derivepassphrase/exporter/vault_native.py 190)
src/derivepassphrase/exporter/vault_native.py 191) Danger: Insecure use of cryptography
src/derivepassphrase/exporter/vault_native.py 192) This function is insecure because it uses a fixed salt
src/derivepassphrase/exporter/vault_native.py 193) value, which is not secure against rainbow tables. It is
src/derivepassphrase/exporter/vault_native.py 194) further difficult to use because the effective key size is
src/derivepassphrase/exporter/vault_native.py 195) only half as large as the "size" parameter (output string
src/derivepassphrase/exporter/vault_native.py 196) size). Finally, though the use of SHA-1 in HMAC per se is
src/derivepassphrase/exporter/vault_native.py 197) not known to be insecure, SHA-1 is known not to be
src/derivepassphrase/exporter/vault_native.py 198) collision-resistant.
src/derivepassphrase/exporter/vault_native.py 199)
src/derivepassphrase/exporter/vault_native.py 200) """
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 201) if isinstance(password, str):
src/derivepassphrase/exporter/vault_v03_and_below.py 202) password = password.encode('utf-8')
src/derivepassphrase/exporter/vault_v03_and_below.py 203) raw_key = pbkdf2.PBKDF2HMAC(
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 204) algorithm=hashes.SHA1(),
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 205) length=key_size // 2,
src/derivepassphrase/exporter/vault_v03_and_below.py 206) salt=vault.Vault._UUID, # noqa: SLF001
src/derivepassphrase/exporter/vault_v03_and_below.py 207) iterations=iterations,
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 208) ).derive(bytes(password))
|
Emit new info messages and...
Marco Ricci authored 3 months ago
|
src/derivepassphrase/exporter/vault_native.py 209) result_key = raw_key.hex().lower().encode('ASCII')
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 210) logger.debug(
|
Make debug and info message...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 211) _msg.TranslatedString(
src/derivepassphrase/exporter/vault_native.py 212) _msg.DebugMsgTemplate.VAULT_NATIVE_PBKDF2_CALL,
src/derivepassphrase/exporter/vault_native.py 213) password=password,
src/derivepassphrase/exporter/vault_native.py 214) salt=vault.Vault._UUID, # noqa: SLF001
src/derivepassphrase/exporter/vault_native.py 215) iterations=iterations,
src/derivepassphrase/exporter/vault_native.py 216) key_size=key_size // 2,
src/derivepassphrase/exporter/vault_native.py 217) algorithm='sha1',
src/derivepassphrase/exporter/vault_native.py 218) raw_result=raw_key,
src/derivepassphrase/exporter/vault_native.py 219) result_key=result_key.decode('ASCII'),
src/derivepassphrase/exporter/vault_native.py 220) ),
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 221) )
|
Emit new info messages and...
Marco Ricci authored 3 months ago
|
src/derivepassphrase/exporter/vault_native.py 222) return result_key
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 223)
src/derivepassphrase/exporter/vault_v03_and_below.py 224) def _parse_contents(self) -> None:
|
Document internal functions...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 225) """Parse the contents into IV, payload and MAC.
src/derivepassphrase/exporter/vault_native.py 226)
src/derivepassphrase/exporter/vault_native.py 227) This operates on, and sets, multiple internal attributes of the
src/derivepassphrase/exporter/vault_native.py 228) parser.
src/derivepassphrase/exporter/vault_native.py 229)
src/derivepassphrase/exporter/vault_native.py 230) Raises:
src/derivepassphrase/exporter/vault_native.py 231) ValueError:
src/derivepassphrase/exporter/vault_native.py 232) The configuration file contents are clearly truncated.
src/derivepassphrase/exporter/vault_native.py 233)
src/derivepassphrase/exporter/vault_native.py 234) """
|
Make debug and info message...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 235) logger.info(
src/derivepassphrase/exporter/vault_native.py 236) _msg.TranslatedString(
src/derivepassphrase/exporter/vault_native.py 237) _msg.InfoMsgTemplate.VAULT_NATIVE_PARSING_IV_PAYLOAD_MAC,
src/derivepassphrase/exporter/vault_native.py 238) ),
src/derivepassphrase/exporter/vault_native.py 239) )
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 240)
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 241) if len(self._contents) < self._iv_size + 16 + self._mac_size:
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 242) msg = 'Invalid vault configuration file: file is truncated'
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 243) raise ValueError(msg)
src/derivepassphrase/exporter/vault_v03_and_below.py 244)
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 245) def cut(buffer: bytes, cutpoint: int) -> tuple[bytes, bytes]:
src/derivepassphrase/exporter/vault_v03_and_below.py 246) return buffer[:cutpoint], buffer[cutpoint:]
src/derivepassphrase/exporter/vault_v03_and_below.py 247)
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 248) cutpos1 = len(self._contents) - self._mac_size
src/derivepassphrase/exporter/vault_v03_and_below.py 249) cutpos2 = self._iv_size
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 250)
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 251) self._message, self._message_tag = cut(self._contents, cutpos1)
src/derivepassphrase/exporter/vault_v03_and_below.py 252) self._iv, self._payload = cut(self._message, cutpos2)
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 253)
src/derivepassphrase/exporter/vault_v03_and_below.py 254) logger.debug(
|
Make debug and info message...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 255) _msg.TranslatedString(
src/derivepassphrase/exporter/vault_native.py 256) _msg.DebugMsgTemplate.VAULT_NATIVE_PARSE_BUFFER,
src/derivepassphrase/exporter/vault_native.py 257) contents=_h(self._contents),
src/derivepassphrase/exporter/vault_native.py 258) iv=_h(self._iv),
src/derivepassphrase/exporter/vault_native.py 259) payload=_h(self._payload),
src/derivepassphrase/exporter/vault_native.py 260) mac=_h(self._message_tag),
src/derivepassphrase/exporter/vault_native.py 261) ),
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 262) )
src/derivepassphrase/exporter/vault_v03_and_below.py 263)
src/derivepassphrase/exporter/vault_v03_and_below.py 264) def _derive_keys(self) -> None:
|
Document internal functions...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 265) """Derive the signing and encryption keys.
src/derivepassphrase/exporter/vault_native.py 266)
src/derivepassphrase/exporter/vault_native.py 267) This is a bookkeeping method. The actual work is done in
src/derivepassphrase/exporter/vault_native.py 268) [`_generate_keys`][].
src/derivepassphrase/exporter/vault_native.py 269)
src/derivepassphrase/exporter/vault_native.py 270) """
|
Make debug and info message...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 271) logger.info(
src/derivepassphrase/exporter/vault_native.py 272) _msg.TranslatedString(
src/derivepassphrase/exporter/vault_native.py 273) _msg.InfoMsgTemplate.VAULT_NATIVE_DERIVING_KEYS,
src/derivepassphrase/exporter/vault_native.py 274) ),
src/derivepassphrase/exporter/vault_native.py 275) )
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 276) self._generate_keys()
|
Update ruff to v0.8.x, refo...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 277) assert len(self._encryption_key) == self._encryption_key_size, (
src/derivepassphrase/exporter/vault_native.py 278) 'Derived encryption key is invalid'
src/derivepassphrase/exporter/vault_native.py 279) )
src/derivepassphrase/exporter/vault_native.py 280) assert len(self._signing_key) == self._signing_key_size, (
src/derivepassphrase/exporter/vault_native.py 281) 'Derived signing key is invalid'
src/derivepassphrase/exporter/vault_native.py 282) )
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 283)
src/derivepassphrase/exporter/vault_v03_and_below.py 284) @abc.abstractmethod
src/derivepassphrase/exporter/vault_v03_and_below.py 285) def _generate_keys(self) -> None:
|
Document internal functions...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 286) """Derive the signing and encryption keys, and set the key sizes.
src/derivepassphrase/exporter/vault_native.py 287)
src/derivepassphrase/exporter/vault_native.py 288) Subclasses must override this, as the derivation system is
src/derivepassphrase/exporter/vault_native.py 289) version-specific. The default implementation raises an error.
src/derivepassphrase/exporter/vault_native.py 290)
src/derivepassphrase/exporter/vault_native.py 291) Raises:
src/derivepassphrase/exporter/vault_native.py 292) AssertionError:
src/derivepassphrase/exporter/vault_native.py 293) There is no default implementation.
src/derivepassphrase/exporter/vault_native.py 294)
src/derivepassphrase/exporter/vault_native.py 295) """
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 296) raise AssertionError
src/derivepassphrase/exporter/vault_v03_and_below.py 297)
src/derivepassphrase/exporter/vault_v03_and_below.py 298) def _check_signature(self) -> None:
|
Document internal functions...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 299) """Check for a valid MAC on the encrypted vault configuration.
src/derivepassphrase/exporter/vault_native.py 300)
src/derivepassphrase/exporter/vault_native.py 301) The MAC uses HMAC-SHA1, and thus is 32 bytes long, before
src/derivepassphrase/exporter/vault_native.py 302) encoding.
src/derivepassphrase/exporter/vault_native.py 303)
src/derivepassphrase/exporter/vault_native.py 304) Raises:
src/derivepassphrase/exporter/vault_native.py 305) ValueError:
src/derivepassphrase/exporter/vault_native.py 306) The MAC is invalid.
src/derivepassphrase/exporter/vault_native.py 307)
src/derivepassphrase/exporter/vault_native.py 308) """
|
Make debug and info message...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 309) logger.info(
src/derivepassphrase/exporter/vault_native.py 310) _msg.TranslatedString(
src/derivepassphrase/exporter/vault_native.py 311) _msg.InfoMsgTemplate.VAULT_NATIVE_CHECKING_MAC,
src/derivepassphrase/exporter/vault_native.py 312) ),
src/derivepassphrase/exporter/vault_native.py 313) )
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 314) mac = hmac.HMAC(self._signing_key, hashes.SHA256())
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 315) mac_input = self._hmac_input()
src/derivepassphrase/exporter/vault_v03_and_below.py 316) logger.debug(
|
Make debug and info message...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 317) _msg.TranslatedString(
src/derivepassphrase/exporter/vault_native.py 318) _msg.DebugMsgTemplate.VAULT_NATIVE_CHECKING_MAC_DETAILS,
src/derivepassphrase/exporter/vault_native.py 319) mac_input=_h(mac_input),
src/derivepassphrase/exporter/vault_native.py 320) mac=_h(self._message_tag),
src/derivepassphrase/exporter/vault_native.py 321) ),
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 322) )
src/derivepassphrase/exporter/vault_v03_and_below.py 323) mac.update(mac_input)
src/derivepassphrase/exporter/vault_v03_and_below.py 324) try:
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 325) mac.verify(self._message_tag)
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 326) except crypt_exceptions.InvalidSignature:
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 327) msg = 'File does not contain a valid signature'
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 328) raise ValueError(msg) from None
src/derivepassphrase/exporter/vault_v03_and_below.py 329)
src/derivepassphrase/exporter/vault_v03_and_below.py 330) @abc.abstractmethod
src/derivepassphrase/exporter/vault_v03_and_below.py 331) def _hmac_input(self) -> bytes:
|
Document internal functions...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 332) """Return the input the MAC is supposed to verify.
src/derivepassphrase/exporter/vault_native.py 333)
src/derivepassphrase/exporter/vault_native.py 334) Subclasses must override this, as the MAC-attested data is
src/derivepassphrase/exporter/vault_native.py 335) version-specific. The default implementation raises an error.
src/derivepassphrase/exporter/vault_native.py 336)
src/derivepassphrase/exporter/vault_native.py 337) Raises:
src/derivepassphrase/exporter/vault_native.py 338) AssertionError:
src/derivepassphrase/exporter/vault_native.py 339) There is no default implementation.
src/derivepassphrase/exporter/vault_native.py 340)
src/derivepassphrase/exporter/vault_native.py 341) """
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 342) raise AssertionError
src/derivepassphrase/exporter/vault_v03_and_below.py 343)
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 344) def _decrypt_payload(self) -> Any: # noqa: ANN401
|
Document internal functions...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 345) """Return the decrypted vault configuration.
src/derivepassphrase/exporter/vault_native.py 346)
src/derivepassphrase/exporter/vault_native.py 347) Requires [`_parse_contents`][] and [`_derive_keys`][] to have
src/derivepassphrase/exporter/vault_native.py 348) run, and relies on [`_check_signature`][] for tampering
src/derivepassphrase/exporter/vault_native.py 349) detection.
src/derivepassphrase/exporter/vault_native.py 350)
src/derivepassphrase/exporter/vault_native.py 351) """
|
Make debug and info message...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 352) logger.info(
src/derivepassphrase/exporter/vault_native.py 353) _msg.TranslatedString(
src/derivepassphrase/exporter/vault_native.py 354) _msg.InfoMsgTemplate.VAULT_NATIVE_DECRYPTING_CONTENTS,
src/derivepassphrase/exporter/vault_native.py 355) ),
src/derivepassphrase/exporter/vault_native.py 356) )
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 357) decryptor = self._make_decryptor()
src/derivepassphrase/exporter/vault_v03_and_below.py 358) padded_plaintext = bytearray()
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 359) padded_plaintext.extend(decryptor.update(self._payload))
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 360) padded_plaintext.extend(decryptor.finalize())
|
Make debug and info message...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 361) logger.debug(
src/derivepassphrase/exporter/vault_native.py 362) _msg.TranslatedString(
src/derivepassphrase/exporter/vault_native.py 363) _msg.DebugMsgTemplate.VAULT_NATIVE_PADDED_PLAINTEXT,
src/derivepassphrase/exporter/vault_native.py 364) contents=_h(padded_plaintext),
src/derivepassphrase/exporter/vault_native.py 365) ),
src/derivepassphrase/exporter/vault_native.py 366) )
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 367) unpadder = padding.PKCS7(self._iv_size * 8).unpadder()
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 368) plaintext = bytearray()
src/derivepassphrase/exporter/vault_v03_and_below.py 369) plaintext.extend(unpadder.update(padded_plaintext))
src/derivepassphrase/exporter/vault_v03_and_below.py 370) plaintext.extend(unpadder.finalize())
|
Make debug and info message...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 371) logger.debug(
src/derivepassphrase/exporter/vault_native.py 372) _msg.TranslatedString(
src/derivepassphrase/exporter/vault_native.py 373) _msg.DebugMsgTemplate.VAULT_NATIVE_PLAINTEXT,
src/derivepassphrase/exporter/vault_native.py 374) contents=_h(plaintext),
src/derivepassphrase/exporter/vault_native.py 375) ),
src/derivepassphrase/exporter/vault_native.py 376) )
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 377) return json.loads(plaintext)
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 378)
src/derivepassphrase/exporter/vault_v03_and_below.py 379) @abc.abstractmethod
src/derivepassphrase/exporter/vault_v03_and_below.py 380) def _make_decryptor(self) -> ciphers.CipherContext:
|
Document internal functions...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 381) """Return the cipher context object used for decryption.
src/derivepassphrase/exporter/vault_native.py 382)
src/derivepassphrase/exporter/vault_native.py 383) Subclasses must override this, as the cipher setup is
src/derivepassphrase/exporter/vault_native.py 384) version-specific. The default implementation raises an error.
src/derivepassphrase/exporter/vault_native.py 385)
src/derivepassphrase/exporter/vault_native.py 386) Raises:
src/derivepassphrase/exporter/vault_native.py 387) AssertionError:
src/derivepassphrase/exporter/vault_native.py 388) There is no default implementation.
src/derivepassphrase/exporter/vault_native.py 389)
src/derivepassphrase/exporter/vault_native.py 390) """
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 391) raise AssertionError
src/derivepassphrase/exporter/vault_v03_and_below.py 392)
src/derivepassphrase/exporter/vault_v03_and_below.py 393)
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 394) class VaultNativeV03ConfigParser(VaultNativeConfigParser):
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 395) """A parser for vault's native configuration format (v0.3).
src/derivepassphrase/exporter/vault_v03_and_below.py 396)
src/derivepassphrase/exporter/vault_v03_and_below.py 397) This is the modern, pre-storeroom configuration format.
src/derivepassphrase/exporter/vault_v03_and_below.py 398)
|
Add vault_native exporter f...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_native.py 399) Warning:
src/derivepassphrase/exporter/vault_native.py 400) Non-public class, provided for didactical and educational
src/derivepassphrase/exporter/vault_native.py 401) purposes only. Subject to change without notice, including
src/derivepassphrase/exporter/vault_native.py 402) removal.
src/derivepassphrase/exporter/vault_native.py 403)
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 404) """
src/derivepassphrase/exporter/vault_v03_and_below.py 405)
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 406) KEY_SIZE = 32
|
Document internal functions...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 407) """
src/derivepassphrase/exporter/vault_native.py 408) Key size for both the encryption and the signing key, including the
src/derivepassphrase/exporter/vault_native.py 409) encoding as a hexadecimal string. (The effective cryptographic
src/derivepassphrase/exporter/vault_native.py 410) strength is half of this value.)
src/derivepassphrase/exporter/vault_native.py 411) """
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 412)
|
Add vault_native exporter f...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_native.py 413) def __init__(self, *args: Any, **kwargs: Any) -> None: # noqa: ANN401
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 414) super().__init__(*args, **kwargs)
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 415) self._iv_size = 16
src/derivepassphrase/exporter/vault_v03_and_below.py 416) self._mac_size = 32
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 417)
src/derivepassphrase/exporter/vault_v03_and_below.py 418) def _generate_keys(self) -> None:
|
Document internal functions...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 419) """Derive the signing and encryption keys, and set the key sizes.
src/derivepassphrase/exporter/vault_native.py 420)
src/derivepassphrase/exporter/vault_native.py 421) Version 0.3 vault configurations use a constant key size; see
src/derivepassphrase/exporter/vault_native.py 422) [`KEY_SIZE`][]. The encryption and signing keys differ in how
src/derivepassphrase/exporter/vault_native.py 423) many rounds of PBKDF2 they use (100 and 200, respectively).
src/derivepassphrase/exporter/vault_native.py 424)
src/derivepassphrase/exporter/vault_native.py 425) Danger: Insecure use of cryptography
src/derivepassphrase/exporter/vault_native.py 426) This function makes use of the insecure function
src/derivepassphrase/exporter/vault_native.py 427) [`VaultNativeConfigParser._pbkdf2`][], without any attempts
src/derivepassphrase/exporter/vault_native.py 428) at mitigating its insecurity. It further uses `_pbkdf2`
src/derivepassphrase/exporter/vault_native.py 429) with the low iteration count of 100 and 200 rounds, which is
src/derivepassphrase/exporter/vault_native.py 430) *drastically* insufficient to defend against password
src/derivepassphrase/exporter/vault_native.py 431) guessing attacks using GPUs or ASICs. We provide this
src/derivepassphrase/exporter/vault_native.py 432) function for the purpose of interoperability with existing
src/derivepassphrase/exporter/vault_native.py 433) vault installations. Do not rely on this system to keep
src/derivepassphrase/exporter/vault_native.py 434) your vault configuration secure against access by even
src/derivepassphrase/exporter/vault_native.py 435) moderately determined attackers!
src/derivepassphrase/exporter/vault_native.py 436)
src/derivepassphrase/exporter/vault_native.py 437) """
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 438) self._encryption_key = self._pbkdf2(self._password, self.KEY_SIZE, 100)
src/derivepassphrase/exporter/vault_v03_and_below.py 439) self._signing_key = self._pbkdf2(self._password, self.KEY_SIZE, 200)
src/derivepassphrase/exporter/vault_v03_and_below.py 440) self._encryption_key_size = self._signing_key_size = self.KEY_SIZE
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 441)
src/derivepassphrase/exporter/vault_v03_and_below.py 442) def _hmac_input(self) -> bytes:
|
Document internal functions...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 443) """Return the input the MAC is supposed to verify.
src/derivepassphrase/exporter/vault_native.py 444)
src/derivepassphrase/exporter/vault_native.py 445) This includes hexadecimal encoding of the message payload.
src/derivepassphrase/exporter/vault_native.py 446)
src/derivepassphrase/exporter/vault_native.py 447) """
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 448) return self._message.hex().lower().encode('ASCII')
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 449)
src/derivepassphrase/exporter/vault_v03_and_below.py 450) def _make_decryptor(self) -> ciphers.CipherContext:
|
Document internal functions...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 451) """Return the cipher context object used for decryption.
src/derivepassphrase/exporter/vault_native.py 452)
src/derivepassphrase/exporter/vault_native.py 453) This is a standard AES256-CBC cipher context using the
src/derivepassphrase/exporter/vault_native.py 454) previously derived encryption key and the IV declared in the
src/derivepassphrase/exporter/vault_native.py 455) (MAC-verified) message payload.
src/derivepassphrase/exporter/vault_native.py 456)
src/derivepassphrase/exporter/vault_native.py 457) """
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 458) return ciphers.Cipher(
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 459) algorithms.AES256(self._encryption_key), modes.CBC(self._iv)
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 460) ).decryptor()
src/derivepassphrase/exporter/vault_v03_and_below.py 461)
src/derivepassphrase/exporter/vault_v03_and_below.py 462)
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 463) class VaultNativeV02ConfigParser(VaultNativeConfigParser):
|
Fix the docstring of the va...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 464) """A parser for vault's native configuration format (v0.2).
src/derivepassphrase/exporter/vault_v03_and_below.py 465)
src/derivepassphrase/exporter/vault_v03_and_below.py 466) This is the classic configuration format. Compared to v0.3, it
src/derivepassphrase/exporter/vault_v03_and_below.py 467) contains an (accidental) API misuse for the generation of the master
src/derivepassphrase/exporter/vault_v03_and_below.py 468) keys, a low-entropy method of generating initialization vectors for
src/derivepassphrase/exporter/vault_v03_and_below.py 469) the AES-CBC encryption step, and extra layers of base64 encoding.
src/derivepassphrase/exporter/vault_v03_and_below.py 470) Because of these significantly weakened confidentiality guarantees,
src/derivepassphrase/exporter/vault_v03_and_below.py 471) v0.2 configurations should be upgraded to at least v0.3 as soon as
src/derivepassphrase/exporter/vault_v03_and_below.py 472) possible.
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 473)
|
Add vault_native exporter f...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_native.py 474) Warning:
src/derivepassphrase/exporter/vault_native.py 475) Non-public class, provided for didactical and educational
src/derivepassphrase/exporter/vault_native.py 476) purposes only. Subject to change without notice, including
src/derivepassphrase/exporter/vault_native.py 477) removal.
src/derivepassphrase/exporter/vault_native.py 478)
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 479) """
src/derivepassphrase/exporter/vault_v03_and_below.py 480)
|
Add vault_native exporter f...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_native.py 481) def __init__(self, *args: Any, **kwargs: Any) -> None: # noqa: ANN401
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 482) super().__init__(*args, **kwargs)
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 483) self._iv_size = 16
src/derivepassphrase/exporter/vault_v03_and_below.py 484) self._mac_size = 64
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 485)
src/derivepassphrase/exporter/vault_v03_and_below.py 486) def _parse_contents(self) -> None:
|
Document internal functions...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 487) """Parse the contents into IV, payload and MAC.
src/derivepassphrase/exporter/vault_native.py 488)
src/derivepassphrase/exporter/vault_native.py 489) Like the base class implementation, this operates on, and sets,
src/derivepassphrase/exporter/vault_native.py 490) multiple internal attributes of the parser. In version 0.2
src/derivepassphrase/exporter/vault_native.py 491) vault configurations, the payload is encoded in base64 and the
src/derivepassphrase/exporter/vault_native.py 492) message tag (MAC) is encoded in hexadecimal, so unlike the base
src/derivepassphrase/exporter/vault_native.py 493) class implementation, we additionally decode the payload and the
src/derivepassphrase/exporter/vault_native.py 494) MAC.
src/derivepassphrase/exporter/vault_native.py 495)
src/derivepassphrase/exporter/vault_native.py 496) Raises:
src/derivepassphrase/exporter/vault_native.py 497) ValueError:
src/derivepassphrase/exporter/vault_native.py 498) The configuration file contents are clearly truncated,
src/derivepassphrase/exporter/vault_native.py 499) or the payload or the message tag cannot be decoded
src/derivepassphrase/exporter/vault_native.py 500) properly.
src/derivepassphrase/exporter/vault_native.py 501)
src/derivepassphrase/exporter/vault_native.py 502) """
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 503) super()._parse_contents()
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 504) self._payload = base64.standard_b64decode(self._payload)
src/derivepassphrase/exporter/vault_v03_and_below.py 505) self._message_tag = bytes.fromhex(self._message_tag.decode('ASCII'))
|
Make debug and info message...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 506) logger.debug(
src/derivepassphrase/exporter/vault_native.py 507) _msg.TranslatedString(
src/derivepassphrase/exporter/vault_native.py 508) _msg.DebugMsgTemplate.VAULT_NATIVE_V02_PAYLOAD_MAC_POSTPROCESSING,
src/derivepassphrase/exporter/vault_native.py 509) payload=_h(self._payload),
src/derivepassphrase/exporter/vault_native.py 510) mac=_h(self._message_tag),
src/derivepassphrase/exporter/vault_native.py 511) ),
src/derivepassphrase/exporter/vault_native.py 512) )
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 513)
src/derivepassphrase/exporter/vault_v03_and_below.py 514) def _generate_keys(self) -> None:
|
Document internal functions...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 515) """Derive the signing and encryption keys, and set the key sizes.
src/derivepassphrase/exporter/vault_native.py 516)
src/derivepassphrase/exporter/vault_native.py 517) Version 0.2 vault configurations use 8-byte encryption keys and
src/derivepassphrase/exporter/vault_native.py 518) 16-byte signing keys, including the hexadecimal encoding. They
src/derivepassphrase/exporter/vault_native.py 519) both use 16 rounds of PBKDF2. This is due to an oversight in
src/derivepassphrase/exporter/vault_native.py 520) vault, where the author mistakenly supplied the intended
src/derivepassphrase/exporter/vault_native.py 521) iteration count as the key size, and the key size as the
src/derivepassphrase/exporter/vault_native.py 522) iteration count.
src/derivepassphrase/exporter/vault_native.py 523)
src/derivepassphrase/exporter/vault_native.py 524) Danger: Insecure use of cryptography
src/derivepassphrase/exporter/vault_native.py 525) This function makes use of the insecure function
src/derivepassphrase/exporter/vault_native.py 526) [`VaultNativeConfigParser._pbkdf2`][], without any attempts
src/derivepassphrase/exporter/vault_native.py 527) at mitigating its insecurity. It further uses `_pbkdf2`
src/derivepassphrase/exporter/vault_native.py 528) with the low iteration count of 16 rounds, which is
src/derivepassphrase/exporter/vault_native.py 529) *drastically* insufficient to defend against password
src/derivepassphrase/exporter/vault_native.py 530) guessing attacks using GPUs or ASICs, and generates the
src/derivepassphrase/exporter/vault_native.py 531) encryption key as a truncation of the signing key. We
src/derivepassphrase/exporter/vault_native.py 532) provide this function for the purpose of interoperability
src/derivepassphrase/exporter/vault_native.py 533) with existing vault installations. Do not rely on this
src/derivepassphrase/exporter/vault_native.py 534) system to keep your vault configuration secure against
src/derivepassphrase/exporter/vault_native.py 535) access by even moderately determined attackers!
src/derivepassphrase/exporter/vault_native.py 536)
src/derivepassphrase/exporter/vault_native.py 537) """
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 538) self._encryption_key = self._pbkdf2(self._password, 8, 16)
src/derivepassphrase/exporter/vault_v03_and_below.py 539) self._signing_key = self._pbkdf2(self._password, 16, 16)
src/derivepassphrase/exporter/vault_v03_and_below.py 540) self._encryption_key_size = 8
src/derivepassphrase/exporter/vault_v03_and_below.py 541) self._signing_key_size = 16
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 542)
src/derivepassphrase/exporter/vault_v03_and_below.py 543) def _hmac_input(self) -> bytes:
|
Document internal functions...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 544) """Return the input the MAC is supposed to verify.
src/derivepassphrase/exporter/vault_native.py 545)
src/derivepassphrase/exporter/vault_native.py 546) This includes hexadecimal encoding of the message payload.
src/derivepassphrase/exporter/vault_native.py 547)
src/derivepassphrase/exporter/vault_native.py 548) """
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 549) return base64.standard_b64encode(self._message)
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 550)
|
Expose the `EVP_BytesToKey`...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 551) @staticmethod
src/derivepassphrase/exporter/vault_native.py 552) def _evp_bytestokey_md5_one_iteration_no_salt(
src/derivepassphrase/exporter/vault_native.py 553) data: bytes, key_size: int, iv_size: int
src/derivepassphrase/exporter/vault_native.py 554) ) -> tuple[bytes, bytes]:
src/derivepassphrase/exporter/vault_native.py 555) """Reimplement OpenSSL's `EVP_BytesToKey` with fixed parameters.
src/derivepassphrase/exporter/vault_native.py 556)
src/derivepassphrase/exporter/vault_native.py 557) `EVP_BytesToKey` in general is a key derivation function,
src/derivepassphrase/exporter/vault_native.py 558) i.e., a function that derives key material from an input
src/derivepassphrase/exporter/vault_native.py 559) byte string. `EVP_BytesToKey` conceptually splits the
src/derivepassphrase/exporter/vault_native.py 560) derived key material into an encryption key and an
src/derivepassphrase/exporter/vault_native.py 561) initialization vector (IV).
src/derivepassphrase/exporter/vault_native.py 562)
src/derivepassphrase/exporter/vault_native.py 563) Note: Algorithm description
src/derivepassphrase/exporter/vault_native.py 564) `EVP_BytesToKey` takes an input byte string, two output
src/derivepassphrase/exporter/vault_native.py 565) size (encryption key size and IV size), a message digest
src/derivepassphrase/exporter/vault_native.py 566) function, a salt value and an iteration count. The
src/derivepassphrase/exporter/vault_native.py 567) derived key material is calculated in blocks, each of
src/derivepassphrase/exporter/vault_native.py 568) which is the output of (iterated application of) the
src/derivepassphrase/exporter/vault_native.py 569) message digest function. The input to the message
src/derivepassphrase/exporter/vault_native.py 570) digest function is the concatenation of the previous
src/derivepassphrase/exporter/vault_native.py 571) block (if any) with the input byte string and the salt
src/derivepassphrase/exporter/vault_native.py 572) value (if any):
src/derivepassphrase/exporter/vault_native.py 573)
src/derivepassphrase/exporter/vault_native.py 574) ~~~~ python
src/derivepassphrase/exporter/vault_native.py 575)
src/derivepassphrase/exporter/vault_native.py 576) data = block_input = b''.join([
src/derivepassphrase/exporter/vault_native.py 577) previous_block, input_string, salt
src/derivepassphrase/exporter/vault_native.py 578) ])
src/derivepassphrase/exporter/vault_native.py 579) for i in range(iteration_count):
src/derivepassphrase/exporter/vault_native.py 580) data = message_digest(data)
src/derivepassphrase/exporter/vault_native.py 581) block = data
src/derivepassphrase/exporter/vault_native.py 582)
src/derivepassphrase/exporter/vault_native.py 583) ~~~~
src/derivepassphrase/exporter/vault_native.py 584)
src/derivepassphrase/exporter/vault_native.py 585) We use as many blocks as are necessary to cover the
src/derivepassphrase/exporter/vault_native.py 586) total output byte string size. The first few bytes
src/derivepassphrase/exporter/vault_native.py 587) (dictated by the encryption key size) form the
src/derivepassphrase/exporter/vault_native.py 588) encryption key, the other bytes (dictated by the IV
src/derivepassphrase/exporter/vault_native.py 589) size) form the IV.
src/derivepassphrase/exporter/vault_native.py 590)
src/derivepassphrase/exporter/vault_native.py 591) We implement exactly the subset of `EVP_BytesToKey` that the
src/derivepassphrase/exporter/vault_native.py 592) Node.js `crypto` library (v21 series and older) uses in its
src/derivepassphrase/exporter/vault_native.py 593) implementation of `crypto.createCipher("aes256", password)`.
src/derivepassphrase/exporter/vault_native.py 594) Specifically, the message digest function is fixed to MD5,
src/derivepassphrase/exporter/vault_native.py 595) the salt is always empty, and the iteration count is fixed
src/derivepassphrase/exporter/vault_native.py 596) at one.
src/derivepassphrase/exporter/vault_native.py 597)
src/derivepassphrase/exporter/vault_native.py 598)
src/derivepassphrase/exporter/vault_native.py 599) Returns:
src/derivepassphrase/exporter/vault_native.py 600) A 2-tuple containing the derived encryption key and the
src/derivepassphrase/exporter/vault_native.py 601) derived initialization vector.
src/derivepassphrase/exporter/vault_native.py 602)
src/derivepassphrase/exporter/vault_native.py 603) Danger: Insecure use of cryptography
src/derivepassphrase/exporter/vault_native.py 604) This function reimplements the OpenSSL function
src/derivepassphrase/exporter/vault_native.py 605) `EVP_BytesToKey`, which generates cryptographically weak
src/derivepassphrase/exporter/vault_native.py 606) keys, without any attempts at mitigating its insecurity. We
src/derivepassphrase/exporter/vault_native.py 607) provide this function for the purpose of interoperability
src/derivepassphrase/exporter/vault_native.py 608) with existing vault installations. Do not rely on this
src/derivepassphrase/exporter/vault_native.py 609) system to keep your vault configuration secure against
src/derivepassphrase/exporter/vault_native.py 610) access by even moderately determined attackers!
src/derivepassphrase/exporter/vault_native.py 611)
src/derivepassphrase/exporter/vault_native.py 612) """
src/derivepassphrase/exporter/vault_native.py 613) total_size = key_size + iv_size
src/derivepassphrase/exporter/vault_native.py 614) buffer = bytearray()
src/derivepassphrase/exporter/vault_native.py 615) last_block = b''
src/derivepassphrase/exporter/vault_native.py 616) salt = b''
src/derivepassphrase/exporter/vault_native.py 617) logger.debug(
src/derivepassphrase/exporter/vault_native.py 618) _msg.TranslatedString(
src/derivepassphrase/exporter/vault_native.py 619) _msg.DebugMsgTemplate.VAULT_NATIVE_EVP_BYTESTOKEY_INIT,
src/derivepassphrase/exporter/vault_native.py 620) data=_h(data),
src/derivepassphrase/exporter/vault_native.py 621) salt=_h(salt),
src/derivepassphrase/exporter/vault_native.py 622) key_size=key_size,
src/derivepassphrase/exporter/vault_native.py 623) iv_size=iv_size,
src/derivepassphrase/exporter/vault_native.py 624) buffer_length=len(buffer),
src/derivepassphrase/exporter/vault_native.py 625) buffer=_h(buffer),
src/derivepassphrase/exporter/vault_native.py 626) ),
src/derivepassphrase/exporter/vault_native.py 627) )
src/derivepassphrase/exporter/vault_native.py 628) while len(buffer) < total_size:
src/derivepassphrase/exporter/vault_native.py 629) with warnings.catch_warnings():
src/derivepassphrase/exporter/vault_native.py 630) warnings.simplefilter(
src/derivepassphrase/exporter/vault_native.py 631) 'ignore', crypt_utils.CryptographyDeprecationWarning
src/derivepassphrase/exporter/vault_native.py 632) )
src/derivepassphrase/exporter/vault_native.py 633) block = hashes.Hash(hashes.MD5())
src/derivepassphrase/exporter/vault_native.py 634) block.update(last_block)
src/derivepassphrase/exporter/vault_native.py 635) block.update(data)
src/derivepassphrase/exporter/vault_native.py 636) block.update(salt)
src/derivepassphrase/exporter/vault_native.py 637) last_block = block.finalize()
src/derivepassphrase/exporter/vault_native.py 638) buffer.extend(last_block)
src/derivepassphrase/exporter/vault_native.py 639) logger.debug(
src/derivepassphrase/exporter/vault_native.py 640) _msg.TranslatedString(
src/derivepassphrase/exporter/vault_native.py 641) _msg.DebugMsgTemplate.VAULT_NATIVE_EVP_BYTESTOKEY_ROUND,
src/derivepassphrase/exporter/vault_native.py 642) buffer_length=len(buffer),
src/derivepassphrase/exporter/vault_native.py 643) buffer=_h(buffer),
src/derivepassphrase/exporter/vault_native.py 644) ),
src/derivepassphrase/exporter/vault_native.py 645) )
src/derivepassphrase/exporter/vault_native.py 646) logger.debug(
src/derivepassphrase/exporter/vault_native.py 647) _msg.TranslatedString(
src/derivepassphrase/exporter/vault_native.py 648) _msg.DebugMsgTemplate.VAULT_NATIVE_EVP_BYTESTOKEY_RESULT,
src/derivepassphrase/exporter/vault_native.py 649) enc_key=_h(buffer[:key_size]),
src/derivepassphrase/exporter/vault_native.py 650) iv=_h(buffer[key_size:total_size]),
src/derivepassphrase/exporter/vault_native.py 651) ),
src/derivepassphrase/exporter/vault_native.py 652) )
src/derivepassphrase/exporter/vault_native.py 653) return bytes(buffer[:key_size]), bytes(buffer[key_size:total_size])
src/derivepassphrase/exporter/vault_native.py 654)
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 655) def _make_decryptor(self) -> ciphers.CipherContext:
|
Document internal functions...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 656) """Return the cipher context object used for decryption.
src/derivepassphrase/exporter/vault_native.py 657)
src/derivepassphrase/exporter/vault_native.py 658) This is a standard AES256-CBC cipher context. The encryption key
src/derivepassphrase/exporter/vault_native.py 659) and the IV are derived via the OpenSSL `EVP_BytesToKey` function
src/derivepassphrase/exporter/vault_native.py 660) (using MD5, no salt, and one iteration). This is what the
src/derivepassphrase/exporter/vault_native.py 661) Node.js `crypto` library (v21 series and older) used in its
src/derivepassphrase/exporter/vault_native.py 662) implementation of `crypto.createCipher("aes256", password)`.
src/derivepassphrase/exporter/vault_native.py 663)
src/derivepassphrase/exporter/vault_native.py 664) Danger: Insecure use of cryptography
src/derivepassphrase/exporter/vault_native.py 665) This function makes use of (an implementation of) the
src/derivepassphrase/exporter/vault_native.py 666) OpenSSL function `EVP_BytesToKey`, which generates
src/derivepassphrase/exporter/vault_native.py 667) cryptographically weak keys, without any attempts at
src/derivepassphrase/exporter/vault_native.py 668) mitigating its insecurity. We provide this function for the
src/derivepassphrase/exporter/vault_native.py 669) purpose of interoperability with existing vault
src/derivepassphrase/exporter/vault_native.py 670) installations. Do not rely on this system to keep your
src/derivepassphrase/exporter/vault_native.py 671) vault configuration secure against access by even moderately
src/derivepassphrase/exporter/vault_native.py 672) determined attackers!
src/derivepassphrase/exporter/vault_native.py 673)
src/derivepassphrase/exporter/vault_native.py 674) """
|
Apply new ruff ruleset to c...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 675) data = base64.standard_b64encode(self._iv + self._encryption_key)
|
Expose the `EVP_BytesToKey`...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 676) encryption_key, iv = self._evp_bytestokey_md5_one_iteration_no_salt(
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 677) data, key_size=32, iv_size=16
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 678) )
src/derivepassphrase/exporter/vault_v03_and_below.py 679) return ciphers.Cipher(
src/derivepassphrase/exporter/vault_v03_and_below.py 680) algorithms.AES256(encryption_key), modes.CBC(iv)
src/derivepassphrase/exporter/vault_v03_and_below.py 681) ).decryptor()
src/derivepassphrase/exporter/vault_v03_and_below.py 682)
src/derivepassphrase/exporter/vault_v03_and_below.py 683)
|
Harmonize the interface for...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 684) @exporter.register_export_vault_config_data_handler('v0.2', 'v0.3')
|
Consolidate ExportVaultConf...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 685) def export_vault_native_data( # noqa: D417
|
Harmonize the interface for...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 686) path: str | bytes | os.PathLike | None = None,
|
Add vault_native exporter f...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_native.py 687) key: str | Buffer | None = None,
src/derivepassphrase/exporter/vault_native.py 688) *,
|
Harmonize the interface for...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 689) format: str, # noqa: A002
|
Add vault_native exporter f...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_native.py 690) ) -> Any: # noqa: ANN401
src/derivepassphrase/exporter/vault_native.py 691) """Export the full configuration stored in vault native format.
src/derivepassphrase/exporter/vault_native.py 692)
|
Consolidate ExportVaultConf...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 693) See [`exporter.ExportVaultConfigDataFunction`][] for an explanation
src/derivepassphrase/exporter/vault_native.py 694) of the call signature, and the exceptions to expect.
|
Add vault_native exporter f...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_native.py 695)
|
Consolidate ExportVaultConf...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 696) Other Args:
src/derivepassphrase/exporter/vault_native.py 697) format:
src/derivepassphrase/exporter/vault_native.py 698) The only supported formats are `v0.2` and `v0.3`.
|
Add vault_native exporter f...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_native.py 699)
|
Consolidate ExportVaultConf...
Marco Ricci authored 1 month ago
|
src/derivepassphrase/exporter/vault_native.py 700) """ # noqa: DOC201,DOC501
|
Harmonize the interface for...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 701) # Trigger import errors if necessary.
src/derivepassphrase/exporter/vault_native.py 702) importlib.import_module('cryptography')
src/derivepassphrase/exporter/vault_native.py 703) if path is None:
src/derivepassphrase/exporter/vault_native.py 704) path = exporter.get_vault_path()
src/derivepassphrase/exporter/vault_native.py 705) with open(path, 'rb') as infile:
src/derivepassphrase/exporter/vault_native.py 706) contents = base64.standard_b64decode(infile.read())
|
Add vault_native exporter f...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_native.py 707) if key is None:
src/derivepassphrase/exporter/vault_native.py 708) key = exporter.get_vault_key()
|
Harmonize the interface for...
Marco Ricci authored 2 months ago
|
src/derivepassphrase/exporter/vault_native.py 709) parser_class: type[VaultNativeConfigParser] | None = {
src/derivepassphrase/exporter/vault_native.py 710) 'v0.2': VaultNativeV02ConfigParser,
src/derivepassphrase/exporter/vault_native.py 711) 'v0.3': VaultNativeV03ConfigParser,
src/derivepassphrase/exporter/vault_native.py 712) }.get(format)
src/derivepassphrase/exporter/vault_native.py 713) if parser_class is None: # pragma: no cover
src/derivepassphrase/exporter/vault_native.py 714) msg = exporter.INVALID_VAULT_NATIVE_CONFIGURATION_FORMAT.format(
src/derivepassphrase/exporter/vault_native.py 715) fmt=format
src/derivepassphrase/exporter/vault_native.py 716) )
src/derivepassphrase/exporter/vault_native.py 717) raise ValueError(msg)
src/derivepassphrase/exporter/vault_native.py 718) try:
src/derivepassphrase/exporter/vault_native.py 719) return parser_class(contents, key)()
src/derivepassphrase/exporter/vault_native.py 720) except ValueError as exc:
src/derivepassphrase/exporter/vault_native.py 721) raise exporter.NotAVaultConfigError(
src/derivepassphrase/exporter/vault_native.py 722) os.fsdecode(path),
src/derivepassphrase/exporter/vault_native.py 723) format=format,
src/derivepassphrase/exporter/vault_native.py 724) ) from exc
|
Add vault_native exporter f...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_native.py 725)
src/derivepassphrase/exporter/vault_native.py 726)
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 727) if __name__ == '__main__':
src/derivepassphrase/exporter/vault_v03_and_below.py 728) import os
src/derivepassphrase/exporter/vault_v03_and_below.py 729)
src/derivepassphrase/exporter/vault_v03_and_below.py 730) logging.basicConfig(level=('DEBUG' if os.getenv('DEBUG') else 'WARNING'))
|
Move vault key and path det...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 731) with open(exporter.get_vault_path(), 'rb') as infile:
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 732) contents = base64.standard_b64decode(infile.read())
|
Move vault key and path det...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 733) password = exporter.get_vault_key()
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 734) try:
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 735) config = VaultNativeV03ConfigParser(contents, password)()
|
Add prototype for "vault v0...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 736) except ValueError:
|
Rename vault v0.2/v0.3 clas...
Marco Ricci authored 6 months ago
|
src/derivepassphrase/exporter/vault_v03_and_below.py 737) config = VaultNativeV02ConfigParser(contents, password)()
|