derivepassphrase.git

@@ -81,7 +81,6 @@ detached = false

 [tool.hatch.envs.types]

 extra-dependencies = [

   "mypy>=1.0.0",

-  "pytest",

 ]

 [tool.hatch.envs.types.scripts]

 check = "mypy --install-types --non-interactive {args:src/derivepassphrase tests}"

@@ -115,3 +114,13 @@ exclude_also = [

   "raise NotImplementedError",

   'assert False',

 ]

+

+[tool.ruff]

+line-length = 79

+src = ["src"]

+

+[tool.ruff.format]

+quote-style = 'single'

+

+[tool.ruff.lint.pydocstyle]

+convention = 'google'

@@ -810,7 +810,7 @@ def derivepassphrase(

             with outfile:

                 json.dump(configuration, outfile)

         except OSError as e:

-            ctx.fail('cannot write config: {e.strerror}')

+            ctx.fail(f'cannot write config: {e.strerror}')

     else:

         configuration = get_config()

         # This block could be type checked more stringently, but this

@@ -874,7 +874,7 @@ def derivepassphrase(

             _save_config(configuration)

         else:

             if not service:

-                raise click.UsageError(f'SERVICE is required')

+                raise click.UsageError('SERVICE is required')

             kwargs: dict[str, Any] = {k: v for k, v in settings.items()

                                       if k in service_keys and v is not None}

             # If either --key or --phrase are given, use that setting.

@@ -885,7 +885,10 @@ def derivepassphrase(

             # these above cases, set the phrase via

             # derivepassphrase.Vault.phrase_from_key if a key is

             # given. Finally, if nothing is set, error out.

-            key_to_phrase = lambda key: dpp.Vault.phrase_from_key(

+            def key_to_phrase(

+                key: str | bytes | bytearray

+            ) -> bytes | bytearray:

+                return dpp.Vault.phrase_from_key(

                     base64.standard_b64decode(key))

             if use_key or use_phrase:

                 if use_key:

@@ -157,7 +157,8 @@ class SSHAgentClient:

         Examples:

             >>> bytes(SSHAgentClient.unstring(b'\x00\x00\x00\x07ssh-rsa'))

             b'ssh-rsa'

-            >>> bytes(SSHAgentClient.unstring(SSHAgentClient.string(b'ssh-ed25519')))

+            >>> bytes(SSHAgentClient.unstring(

+            ...     SSHAgentClient.string(b'ssh-ed25519')))

             b'ssh-ed25519'

         """

@@ -41,7 +41,7 @@ idwcakUGCekJD/vCEml2AAAAG3Rlc3Qga2V5IHdpdGhvdXQgcGFzc3BocmFzZQEC

 -----END OPENSSH PRIVATE KEY-----

 ''',

         'public_key': rb'''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIF4gWgm1gJIXw//Mkhv5MEwidwcakUGCekJD/vCEml2 test key without passphrase

-''',

+''',  # noqa: E501

         'public_key_data': bytes.fromhex('''

             00 00 00 0b 73 73 68 2d 65 64 32 35 35 31 39

             00 00 00 20

@@ -56,7 +56,7 @@ idwcakUGCekJD/vCEml2AAAAG3Rlc3Qga2V5IHdpdGhvdXQgcGFzc3BocmFzZQEC

             0d 08 1f ec f8 73 9b 8c 5f 55 39 16 7c 53 54 2c

             1e 52 bb 30 ed 7f 89 e2 2f 69 51 55 d8 9e a6 02

         '''),

-        'derived_passphrase': rb'8JgZgGwal9UmA27M42WPhmYHExkTCSEzM/nkNlMdr/0NCB/s+HObjF9VORZ8U1QsHlK7MO1/ieIvaVFV2J6mAg==',

+        'derived_passphrase': rb'8JgZgGwal9UmA27M42WPhmYHExkTCSEzM/nkNlMdr/0NCB/s+HObjF9VORZ8U1QsHlK7MO1/ieIvaVFV2J6mAg==',  # noqa: E501

     },

     # Currently only supported by PuTTY (which is deficient in other

     # niceties of the SSH agent and the agent's client).

@@ -73,7 +73,7 @@ dGhvdXQgcGFzc3BocmFzZQECAwQFBgcICQ==

 -----END OPENSSH PRIVATE KEY-----

 ''',

         'public_key': rb'''ssh-ed448 AAAACXNzaC1lZDQ0OAAAADni9nLTT1a7zATGO8RveGq0vPUY7/53m+YZRsStZDgBQ72ZgtPMckdzabiz7JbM/b0JzcRzGLMsbwA= test key without passphrase

-''',

+''',  # noqa: E501

         'public_key_data': bytes.fromhex('''

             00 00 00 09 73 73 68 2d 65 64 34 34 38

             00 00 00 39

@@ -94,7 +94,7 @@ dGhvdXQgcGFzc3BocmFzZQECAwQFBgcICQ==

             db bd 77 7c 80 20 7f 3a 48 61 f6 1f ae a9 5e 53

             7b e0 9d 93 1e ea dc eb b5 cd 56 4c ea 8f 08 00

         '''),

-        'derived_passphrase': rb'Bob0ZKSmutnDIsSTSZn8Ed5nlwjy2Lc8LBPnxRwekqYO2C9tgQOCAONy5DJtctJtMoQ/zKkeVywAmrOZ3kXazi7R2+WJ8zW+JFiQxsoE8NuIgNu9d3yAIH86SGH2H66pXlN74J2THurc67XNVkzqjwgA',

+        'derived_passphrase': rb'Bob0ZKSmutnDIsSTSZn8Ed5nlwjy2Lc8LBPnxRwekqYO2C9tgQOCAONy5DJtctJtMoQ/zKkeVywAmrOZ3kXazi7R2+WJ8zW+JFiQxsoE8NuIgNu9d3yAIH86SGH2H66pXlN74J2THurc67XNVkzqjwgA',  # noqa: E501

     },

     'rsa': {

         'private_key': rb'''-----BEGIN OPENSSH PRIVATE KEY-----

@@ -137,7 +137,7 @@ Bgp6142WnSCQAAABt0ZXN0IGtleSB3aXRob3V0IHBhc3NwaHJhc2UB

 -----END OPENSSH PRIVATE KEY-----

 ''',

         'public_key': rb'''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxoe7pezhxWy4NI0mUwKqg9WCYOAS+IjxN9eYcqpfcmQiojcuy9XsiN/xYJ1O94SrsKS5mEia2xHnYA4RUChTyYNcM2v6cnnBQ/N/VQhpGMN7SVxdbhKUXTWFCwbjBgO6rGyHB6WtoH8vd7TOEPt+NgcXwhsWyoaUUdYTA62V+GF9vEmxMaC4ubgDz+B0QkPnauSoNxmkhcIe0lsLNb1pClZyz88PDnKXCX/d0HuN/HJ+sbPg7dCvOyqFYSyKn3uY6bCXqoIdurxXzH3O7z0P8f5sbmKOrGGKNuNxVRbeVl/D/3uDL0nqsbfUc1qvkfwbJwtMXC4IV6kOZMSk2BAsqh7x48gQ+rhYeEVSi8F3CWs4HJQoqrGt7K9a3mCSlMBHP70u3w6ME7eumoryxlUofewTd17ZEkzdX08l2ZlKzZvwQUrc+xQZ2Uw8z2mfW6Ti4gi0pYGaig7Ke4PwuXpo/C5YAWfeXycsvJZ2uaYRjMdZeJGNAnHLUGLkBscw5aI8= test key without passphrase

-''',

+''',  # noqa: E501

         'public_key_data': bytes.fromhex('''

             00 00 00 07 73 73 68 2d 72 73 61

             00 00 00 03 01 00 01

@@ -195,7 +195,7 @@ Bgp6142WnSCQAAABt0ZXN0IGtleSB3aXRob3V0IHBhc3NwaHJhc2UB

             de 69 2c 48 62 d9 fd d1 9b 6b b0 49 db d3 ff 38

             e7 10 d9 2d ce 9f 0d 5e 09 7b 37 d2 7b c3 bf ce

 '''),

-        'derived_passphrase': rb'ohB8Lva7U6h0KqEZma2Bvnmc7dadCU5uxRhIM5B3mWj3ngNazU4Y64l9haLurkqS9m/Ouf6GfyprMdpuGv6ipYi4RH+hdnOz7HW10Ka5FZdlCRN9lCHR+10PiyMEd8LDVSKxoAmK9Tgq1n8bhymgJdMlb8tkYQeY3BTFhPiSJF5QEWtJ5fDMKcspqRnYp3EfkQsFsQFLwl8ApbYhv/gsnWebRzsKSWt5Lfwd7Ayw5Sci1an408P530ho6fvvPNwmv8/qKUMBpuPFUZX0Zm2KVeJH7OgwRUyuR+fJpCGLZLq2iPYh+HO5yxGheHWSxlrlZP7tQtmVmeYrbzwWPCh0pHIvDT8sM2eqNRmO57URL7P3asUC4m+jQuNiGZkD6qUg56HjvMgGo7V81nZd329gRoMqCADW09mkwUGM+GBWRYHaO6IWH55OdYMX2sNTwz4ZpBu80im4eGEreOaxUrDV7N5pLEhi2f3Rm2uwSdvT/zjnENktzp8NXgl7N9J7w7/O',

+        'derived_passphrase': rb'ohB8Lva7U6h0KqEZma2Bvnmc7dadCU5uxRhIM5B3mWj3ngNazU4Y64l9haLurkqS9m/Ouf6GfyprMdpuGv6ipYi4RH+hdnOz7HW10Ka5FZdlCRN9lCHR+10PiyMEd8LDVSKxoAmK9Tgq1n8bhymgJdMlb8tkYQeY3BTFhPiSJF5QEWtJ5fDMKcspqRnYp3EfkQsFsQFLwl8ApbYhv/gsnWebRzsKSWt5Lfwd7Ayw5Sci1an408P530ho6fvvPNwmv8/qKUMBpuPFUZX0Zm2KVeJH7OgwRUyuR+fJpCGLZLq2iPYh+HO5yxGheHWSxlrlZP7tQtmVmeYrbzwWPCh0pHIvDT8sM2eqNRmO57URL7P3asUC4m+jQuNiGZkD6qUg56HjvMgGo7V81nZd329gRoMqCADW09mkwUGM+GBWRYHaO6IWH55OdYMX2sNTwz4ZpBu80im4eGEreOaxUrDV7N5pLEhi2f3Rm2uwSdvT/zjnENktzp8NXgl7N9J7w7/O',  # noqa: E501

     },

 }

@@ -224,7 +224,7 @@ u7HfrQhdOiKSa+ZO9AAojbURqrLDRfBJa5dXn2AAAAFQDJHfenj4EJ9WkehpdJatPBlqCW

 -----END OPENSSH PRIVATE KEY-----

 ''',

         'public_key': rb'''ssh-dss AAAAB3NzaC1kc3MAAACBALsoBleoEY1UsFA+twxgCg1bngGEPxoiF7sENZjMlyxoy3vZUpKSC5nz5dHudFrQL9mwGL64mnR2nHL1kxM5Zfi7lg8x5BxcR0YTFkh+KYapI4CzLp8KV3Yh8lklkTFwKaF71KyOx3dhIA8lGW45cVBz3kxmhHmEzCUgMPxDOsTtAAAAFQD32c5k6B3tocxUahelQQFyfseiywAAAIAuvYCDeHEzesp3HNVTDx9fRVU9c77f4qvyEZ7Qpz/s3BVoFUvUZDx96cG5bKekBRsfTCjeHXCQH/yFfqn5Lxye7msgGVS5U3AvD9shiiEr3wt+pNgr9X6DooP7ybfjC8SJdmarLBjnifZuSxyHU2q+P+02kvMTFLH9dLSRIzVqKAAAAIBtA1E9xUS4YOsRx/7GDm2AB6M9cE9ev8myz4KGTriSbeaKsxiMBbJZi1VyBP7uE5jG1hGKfwvIwuopGaprRDlSu8N8KGAuG+wb1hJv8ynDmqbw+IdJp/CGRrP+17f7yEqiCqh7ux360IXToikmvmTvQAKI21Eaqyw0XwSWuXV59g== test key without passphrase

-''',

+''',  # noqa: E501

         'public_key_data': bytes.fromhex('''

             00 00 00 07 73 73 68 2d 64 73 73

             00 00 00 81 00

@@ -272,7 +272,7 @@ dGhvdXQgcGFzc3BocmFzZQECAwQ=

 -----END OPENSSH PRIVATE KEY-----

 ''',

         'public_key': rb'''ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMttTTMPCyTYO+n5Vgiuw1V/mBbDPZLdJnxNvGJBGSmcZJWrIigck4lz41Ai0BrvGUn/xnqB/PntndqlSRowmbo= test key without passphrase

-''',

+''',  # noqa: E501

         'public_key_data': bytes.fromhex('''

             00 00 00 13 65 63 64 73 61 2d 73 68 61 32 2d 6e

             69 73 74 70 32 35 36

@@ -299,7 +299,7 @@ JAu0J3Q+cypZuKQVAAAAMQD5sTy8p+B1cn/DhOmXquui1BcxvASqzzevkBlbQoBa73y04B

 -----END OPENSSH PRIVATE KEY-----

 ''',

         'public_key': rb'''ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKCQ6OQC+ru/m8e6PcoEvj8QBZyfmFkPIpxvJXR4EwYWruEpdCVmohqEtWp4xHRCqaTE0nauXLZUdxed6re9n718ixYI51iTlY/c1k/O/3XVefvBsSQLtCd0PnMqWbikFQ== test key without passphrase

-''',

+''',  # noqa: E501

         'public_key_data': bytes.fromhex('''

             00 00 00 13

             65 63 64 73 61 2d 73 68 61 32 2d 6e 69 73 74 70

@@ -335,7 +335,7 @@ DUMMY_PHRASE_FROM_KEY1_RAW = (

     b'\x1d\xaf\xfd\r\x08\x1f\xec\xf8s\x9b\x8c_U9\x16|ST,'

     b'\x1eR\xbb0\xed\x7f\x89\xe2/iQU\xd8\x9e\xa6\x02'

 )

-DUMMY_PHRASE_FROM_KEY1 = b'8JgZgGwal9UmA27M42WPhmYHExkTCSEzM/nkNlMdr/0NCB/s+HObjF9VORZ8U1QsHlK7MO1/ieIvaVFV2J6mAg=='

+DUMMY_PHRASE_FROM_KEY1 = b'8JgZgGwal9UmA27M42WPhmYHExkTCSEzM/nkNlMdr/0NCB/s+HObjF9VORZ8U1QsHlK7MO1/ieIvaVFV2J6mAg=='  # noqa: E501

 skip_if_no_agent = pytest.mark.skipif(

     not os.environ.get('SSH_AUTH_SOCK'), reason='running SSH agent required')

@@ -137,11 +137,10 @@ class TestVault:

         assert v._estimate_sufficient_hash_length(8.0) >= entropy

     def test_222_hash_length_estimation(self) -> None:

-        v = Vault(phrase=self.phrase)

-        v2 = Vault(phrase=self.phrase, lower=0, upper=0, number=0,

+        v = Vault(phrase=self.phrase, lower=0, upper=0, number=0,

                    symbol=0, space=1, length=1)

-        assert v2._entropy() == 0.0

-        assert v2._estimate_sufficient_hash_length() > 0

+        assert v._entropy() == 0.0

+        assert v._estimate_sufficient_hash_length() > 0

     @pytest.mark.parametrize(['service', 'expected'], [

         (b'google', google_phrase),

@@ -763,7 +763,7 @@ Our menu:

 Your selection? (1-10, leave empty to abort): 9

 A fine choice: Spam, spam, spam, spam, spam, spam, baked beans, spam, spam, spam and spam

 (Note: Vikings strictly optional.)

-''', 'driver program produced unexpected output'

+''', 'driver program produced unexpected output'  # noqa: E501

         result = runner.invoke(driver, ['--heading='], input='',

                                catch_exceptions=True)

         assert result.exit_code > 0, 'driver program succeeded?!'

@@ -778,7 +778,7 @@ A fine choice: Spam, spam, spam, spam, spam, spam, baked beans, spam, spam, spam

 [8] Spam, spam, spam, egg and spam

 [9] Spam, spam, spam, spam, spam, spam, baked beans, spam, spam, spam and spam

 [10] Lobster thermidor aux crevettes with a mornay sauce garnished with truffle paté, brandy and a fried egg on top and spam

-Your selection? (1-10, leave empty to abort): \n''', (

+Your selection? (1-10, leave empty to abort): \n''', (  # noqa: E501

             'driver program produced unexpected output'

         )

         assert isinstance(result.exception, IndexError), (

@@ -800,7 +800,8 @@ Your selection? (1-10, leave empty to abort): \n''', (

             else:

                 click.echo('Great!')

         runner = click.testing.CliRunner(mix_stderr=True)

-        result = runner.invoke(driver, ['Will replace with spam. Confirm, y/n?'],

+        result = runner.invoke(driver,

+                               ['Will replace with spam. Confirm, y/n?'],

                                input='y')

         assert result.exit_code == 0, 'driver program failed'

         assert result.stdout == '''\

@@ -825,7 +826,8 @@ Boo.

     def test_103_prompt_for_passphrase(self, monkeypatch: Any) -> None:

         monkeypatch.setattr(click, 'prompt',

-                            lambda *a, **kw: json.dumps({'args': a, 'kwargs': kw}))

+                            lambda *a, **kw:

+                                json.dumps({'args': a, 'kwargs': kw}))

         res = json.loads(cli._prompt_for_passphrase())

         assert 'args' in res and 'kwargs' in res, (

             'missing arguments to passphrase prompt'

@@ -919,4 +921,4 @@ Boo.

         except Exception as e:  # pragma: no cover

             exception = e

         finally:

-            assert exception == None, 'exception querying suitable SSH keys'

+            assert exception is None, 'exception querying suitable SSH keys'

@@ -88,7 +88,8 @@ class TestSequin:

     def test_211_shifting(self):

         seq = sequin.Sequin([1, 0, 1, 0, 0, 1, 0, 0, 0, 1], is_bitstring=True)

-        assert seq.bases == {2: collections.deque([1, 0, 1, 0, 0, 1, 0, 0, 0, 1])}

+        assert seq.bases == {2: collections.deque([

+            1, 0, 1, 0, 0, 1, 0, 0, 0, 1])}

         #

         assert seq._all_or_nothing_shift(3) == (1, 0, 1)

         assert seq._all_or_nothing_shift(3) == (0, 0, 1)

@@ -124,7 +124,7 @@ class TestAgentInteraction:

     def test_200_sign_data_via_agent(self, keytype, data_dict):

         private_key = data_dict['private_key']

         try:

-            result = subprocess.run(['ssh-add', '-t', '30', '-q', '-'],

+            _ = subprocess.run(['ssh-add', '-t', '30', '-q', '-'],

                                input=private_key, check=True,

                                capture_output=True)

         except subprocess.CalledProcessError as e:

@@ -161,7 +161,7 @@ class TestAgentInteraction:

     def test_201_sign_data_via_agent_unsupported(self, keytype, data_dict):

         private_key = data_dict['private_key']

         try:

-            result = subprocess.run(['ssh-add', '-t', '30', '-q', '-'],

+            _ = subprocess.run(['ssh-add', '-t', '30', '-q', '-'],

                                input=private_key, check=True,

                                capture_output=True)

         except subprocess.CalledProcessError as e:  # pragma: no cover

@@ -178,7 +178,7 @@ class TestAgentInteraction:

             key_comment_pairs = {bytes(k): bytes(c)

                                  for k, c in client.list_keys()}

             public_key_data = data_dict['public_key_data']

-            expected_signature = data_dict['expected_signature']

+            _ = data_dict['expected_signature']

             if public_key_data not in key_comment_pairs:  # pragma: no cover

                 pytest.skip('prerequisite SSH key not loaded')

             signature = bytes(client.sign(

@@ -211,7 +211,7 @@ class TestAgentInteraction:

             keys = [pair.key for pair in tests.list_keys_singleton()

                     if key_is_suitable(pair.key)]

             index = '1'

-            text = f'Use this key? yes\n'

+            text = 'Use this key? yes\n'

         else:

             monkeypatch.setattr(ssh_agent_client.SSHAgentClient,

                                 'list_keys', tests.list_keys)