derivepassphrase.git

@@ -182,14 +182,14 @@ def derive_master_keys_keys(password: str | bytes, iterations: int) -> KeyPair:

 def decrypt_master_keys_data(data: bytes, keys: KeyPair) -> MasterKeys:

-    """Decrypt the master keys data.

+    r"""Decrypt the master keys data.

     The master keys data contains:

     - a 16-byte IV,

-    - a 96-byte AES256-CBC-encrypted payload (using PKCS7 padding on the

-      inside), and

-    - a 32-byte MAC of the preceding 112 bytes.

+    - a 96-byte AES256-CBC-encrypted payload, plus 16 further bytes of

+      PKCS7 padding, and

+    - a 32-byte MAC of the preceding 128 bytes.

     The decrypted payload itself consists of three 32-byte keys: the

     hashing, encryption and signing keys, in that order.

@@ -199,8 +199,8 @@ def decrypt_master_keys_data(data: bytes, keys: KeyPair) -> MasterKeys:

     cryptographic procedure, the MAC can be verified before attempting

     to decrypt the payload.

-    Because the payload size is both fixed and a multiple of the

-    cipher blocksize, in this case, the PKCS7 padding is a no-op.

+    Because the payload size is both fixed and a multiple of the cipher

+    blocksize, in this case, the PKCS7 padding always is `b'\x10' * 16`.

     Args:

         data:

@@ -247,6 +247,7 @@ def decrypt_master_keys_data(data: bytes, keys: KeyPair) -> MasterKeys:

     )

     actual_mac.verify(claimed_mac)

+    try:

         iv, payload = struct.unpack(

             f'{IV_SIZE}s {len(ciphertext) - IV_SIZE}s', ciphertext

         )

@@ -260,15 +261,12 @@ def decrypt_master_keys_data(data: bytes, keys: KeyPair) -> MasterKeys:

         plaintext = bytearray()

         plaintext.extend(unpadder.update(padded_plaintext))

         plaintext.extend(unpadder.finalize())

-    if len(plaintext) != 3 * KEY_SIZE:

-        msg = (

-            f'Expecting 3 encrypted keys at {3 * KEY_SIZE} bytes total, '

-            f'but found {len(plaintext)} instead'

-        )

-        raise ValueError(msg)

         hashing_key, encryption_key, signing_key = struct.unpack(

             f'{KEY_SIZE}s {KEY_SIZE}s {KEY_SIZE}s', plaintext

         )

+    except (ValueError, struct.error) as exc:

+        msg = 'Invalid encrypted master keys payload'

+        raise ValueError(msg) from exc

     return {

         'hashing_key': hashing_key,

         'encryption_key': encryption_key,

@@ -277,24 +275,24 @@ def decrypt_master_keys_data(data: bytes, keys: KeyPair) -> MasterKeys:

 def decrypt_session_keys(data: bytes, master_keys: MasterKeys) -> KeyPair:

-    """Decrypt the bucket item's session keys.

+    r"""Decrypt the bucket item's session keys.

     The bucket item's session keys are single-use keys for encrypting

     and signing a single item in the storage bucket.  The encrypted

     session key data consists of:

     - a 16-byte IV,

-    - a 64-byte AES256-CBC-encrypted payload (using PKCS7 padding on the

-      inside), and

-    - a 32-byte MAC of the preceding 80 bytes.

+    - a 64-byte AES256-CBC-encrypted payload, plus 16 further bytes of

+      PKCS7 padding, and

+    - a 32-byte MAC of the preceding 96 bytes.

     The encrypted payload is encrypted with the master encryption key,

     and the MAC is created with the master signing key.  As per standard

     cryptographic procedure, the MAC can be verified before attempting

     to decrypt the payload.

-    Because the payload size is both fixed and a multiple of the

-    cipher blocksize, in this case, the PKCS7 padding is a no-op.

+    Because the payload size is both fixed and a multiple of the cipher

+    blocksize, in this case, the PKCS7 padding always is `b'\x10' * 16`.

     Args:

         data:

@@ -341,6 +339,7 @@ def decrypt_session_keys(data: bytes, master_keys: MasterKeys) -> KeyPair:

     )

     actual_mac.verify(claimed_mac)

+    try:

         iv, payload = struct.unpack(

             f'{IV_SIZE}s {len(ciphertext) - IV_SIZE}s', ciphertext

         )

@@ -354,11 +353,13 @@ def decrypt_session_keys(data: bytes, master_keys: MasterKeys) -> KeyPair:

         plaintext = bytearray()

         plaintext.extend(unpadder.update(padded_plaintext))

         plaintext.extend(unpadder.finalize())

-

-    session_encryption_key, session_signing_key, inner_payload = struct.unpack(

-        f'{KEY_SIZE}s {KEY_SIZE}s {len(plaintext) - 2 * KEY_SIZE}s',

-        plaintext,

+        session_encryption_key, session_signing_key = struct.unpack(

+            f'{KEY_SIZE}s {KEY_SIZE}s', plaintext

         )

+    except (ValueError, struct.error) as exc:

+        msg = 'Invalid encrypted session keys payload'

+        raise ValueError(msg) from exc

+

     session_keys: KeyPair = {

         'encryption_key': session_encryption_key,

         'signing_key': session_signing_key,

@@ -381,12 +382,6 @@ def decrypt_session_keys(data: bytes, master_keys: MasterKeys) -> KeyPair:

         repr(session_keys['signing_key'].hex(' ')),

     )

-    if inner_payload:

-        logger.debug(

-            'ignoring misplaced inner payload bytes.fromhex(%s)',

-            repr(inner_payload.hex(' ')),

-        )

-

     return session_keys

@@ -398,7 +393,7 @@ def decrypt_contents(data: bytes, session_keys: KeyPair) -> bytes:

     - a 16-byte IV,

     - a variable-sized AES256-CBC-encrypted payload (using PKCS7 padding

       on the inside), and

-    - a 32-byte MAC of the preceding 80 bytes.

+    - a 32-byte MAC of the preceding bytes.

     The encrypted payload is encrypted with the bucket item's session

     encryption key, and the MAC is created with the bucket item's

@@ -726,16 +721,24 @@ def export_storeroom_data(  # noqa: C901,PLR0912,PLR0914,PLR0915

                 json_content.decode('utf-8'),

             )

             _store(config_structure, path, json_content)

-    for _dir, namelist in dirs_to_check.items():

+    # Sorted order is important; see `mabye_obj` below.

+    for _dir, namelist in sorted(dirs_to_check.items()):

         namelist = [x.rstrip('/') for x in namelist]  # noqa: PLW2901

-        try:

-            obj = config_structure

+        obj: dict[Any, Any] = config_structure

         for part in _dir.split('/'):

             if part:

-                    obj = obj[part]

-        except KeyError as exc:

-            msg = f'Cannot traverse storage path: {_dir!r}'

-            raise RuntimeError(msg) from exc

+                # Because we iterate paths in sorted order, parent

+                # directories are encountered before child directories.

+                # So parent directories always exist (lest we would have

+                # aborted earlier).

+                #

+                # Of course, the type checker doesn't necessarily know

+                # this, so we need to use assertions anyway.

+                maybe_obj = obj.get(part)

+                assert isinstance(

+                    maybe_obj, dict

+                ), f'Cannot traverse storage path {_dir!r}'

+                obj = maybe_obj

         if set(obj.keys()) != set(namelist):

             msg = f'Object key mismatch for path {_dir!r}'

             raise RuntimeError(msg)

@@ -1026,7 +1026,7 @@ _VAULT_STOREROOM_BROKEN_DIR_CONFIG_ZIPPED_JAVASCRIPT_SOURCE = """

 // Executed in the top-level directory of the vault project code, in Node.js.

 const storeroom = require('storeroom')

 const Store = require('./lib/store.js')

-let store = new Store(storeroom.createFileAdapter('./broken-dir', 'vault key'))

+let store = new Store(storeroom.createFileAdapter('./broken-dir'), 'vault key')

 await store._storeroom.put('/services/array/', ['entry1','entry2'])

 // The resulting "broken-dir" was then zipped manually.

 """

@@ -1067,6 +1067,157 @@ AgAAAAAAAAABAAAApIHtAgAAMWFQSwECHgMUAAIACAB4ox9ZGgj3mrkBAAAXAgAAAgAAAAAAAAAB

 AAAApIHIBAAAMWVQSwUGAAAAAAQABADDAAAAoQYAAAAA

 """

+_VAULT_STOREROOM_BROKEN_DIR_CONFIG_ZIPPED2_JAVASCRIPT_SOURCE = """

+// Executed in the top-level directory of the vault project code, in Node.js.

+const storeroom = require('storeroom')

+const Store = require('./lib/store.js')

+let store = new Store(storeroom.createFileAdapter('./broken-dir'), 'vault key')

+await store._storeroom.put('/services/array/', 'not a directory index')

+// The resulting "broken-dir" was then zipped manually.

+"""

+VAULT_STOREROOM_BROKEN_DIR_CONFIG_ZIPPED2 = b"""

+UEsDBAoAAAAAAM6NSVmrcHdV5gAAAOYAAAAFAAAALmtleXN7InZlcnNpb24iOjF9CkV3ZS9LZkJp

+L0V0OUcrZmxYM3gxaFU4ZjE4YlE3S253bHoxN0IxSDE3cUhVOGdWK2RpWWY5MTdFZ0YrSStidEpZ

+VXBzWVZVck45OC9uLzdsZnl2NUdGVEg2NWZxVy93YjlOc2MxeEZ4ck43Q3p4eTZ5MVAxZzFPb2VK

+b0RZU3J6YXlwT0E2M3pidmk0ZTRiREMyNXhPTXl5NHBoMDFGeGdnQmpSNnpUcmR2UDk2UlZQd0I5

+WitOZkZWZUlXT1NQN254ZFNYMGdFbkZ4SDBmWDkzNTFaTTZnPVBLAwQKAAAAAADOjUlZJg3/BhcC

+AAAXAgAAAgAAADBieyJ2ZXJzaW9uIjoxfQpBVXJJMjNDQ2VpcW14cUZRMlV4SUpBaUoxNEtyUzh2

+SXpIa2xROURBaFRlVHNFMmxPVUg4WUhTcUk1cXRGSHBqY3c1WkRkZmRtUlEwQXVGRjllY3lkam14

+dDdUemRYLzNmNFUvTGlVV2dLRmQ1K1FEN3BlVlE1bWpqeHNlUEpHTDlhTWlKaGxSUVB4SmtUbjBx

+U2poM1RUT0ZZbVAzV0JkdlUyWnF2RzhaSDk2cU1WcnZsQ0dMRmZTc2svVXlvcHZKdENONUVXcTRZ

+SDUwNFNiejFIUVhWd2RjejlrS1BuR3J6SVA4ZmZtZnhXQ0U0TmtLb0ZPQXZuNkZvS3FZdGlGbFE9

+PQpBVXBMUVMrMG9VeEZTeCtxbTB3SUtyM1MvTVJxYWJJTFlEUnY0aHlBMVE2TGR2Nlk0UmJ0enVz

+NzRBc0cxbVhhenlRU2hlZVowdk0xM2ZyTFA4YlV0VHBaRyszNXF1eUhLM2NaWVJRZUxKM0JzejZz

+b0xaQjNZTkpNenFxTTQrdzM1U0FZZ2lMU1NkN05NeWVrTHNhRUIzRDFOajlTRk85K3NGNEpFMWVL

+UXpNMkltNk9qOUNVQjZUSTV3UitibksxN1BnY2RaeTZUMVRMWElVREVxcDg4dWdsWmRFTVcrNU9k

+aE5ZbXEzZERWVWV4UnJpM1AwUmVBSi9KMGdJNkNoUUE9PVBLAwQKAAAAAADOjUlZTNfdphcCAAAX

+AgAAAgAAADBmeyJ2ZXJzaW9uIjoxfQpBWVJqOVpIUktGUEVKOHM2YVY2TkRoTk5jQlZ5cGVYUmdz

+cnBldFQ0cGhJRGROWFdGYzRia0daYkJxMngwRDFkcVNjYWk5UzEveDZ2K28zRE0rVEF2OVE3ZFVR

+QWVKR3RmRkhJZDZxWW0ybEdNSnF5WTRNWm14aE9YdXliend0V3Q4Mnhvb041QTZNcWpINmxKQllD

+UUN3ZEJjb3RER0EwRnlnVTEzeHV2WnIzT1puZnFFRGRqbzMxNkw5aExDN1RxMTYwUHpBOXJOSDMz

+ZkNBcUhIVXZiYlFQQWErekw1d3dEN3FlWkY2MHdJaEwvRmk5L3JhNGJDcHZRNC9ORWpRd3c9PQpB

+WWNGUDB1Y2xMMHh3ZDM2UXZXbm4wWXFsOU5WV0s3c05CMTdjdmM3N3VDZ0J2OE9XYkR5UHk5d05h

+R2NQQzdzcVdZdHpZRlBHR0taVjhVUzA1YTVsV1BabDNGVFNuQXNtekxPelBlcFZxaitleDU3aEsx

+QnV1bHkrUCtYQkE0YUtsaDM3c0RJL3I0UE1BVlJuMDNoSDJ5dEhDMW9PbjF0V1M5Q1NLV1pSMThh

+djdTT0RBMVBNRnFYTmZKZVNTaVJiQ2htbDdOcFVLbjlXSGJZandybDlqN0JSdy9kWjhNQldCb3Ns

+Nlc1dGZtdnJMVHhGRFBXYUgzSUp0T0czMEI1M3c9PVBLAwQKAAAAAADOjUlZn9rNID8CAAA/AgAA

+AgAAADFkeyJ2ZXJzaW9uIjoxfQpBYWFBb3lqaGljVDZ4eXh1c0U0RVlDZCtxbE81Z0dEYTBNSFVS

+MmgrSW9QMHV4UkY3b1BRS2czOHlQUEN3Ny9MYVJLQ0dQZ0RyZ2RpTWJTeUwzZ3ZNMFhseVpVMVBW

+QVJvNEFETU9lbXgrOWhtS0hjQWNKMG5EeW5oSkhGYTYyb2xyQUNxekZzblhKNVBSeEVTVzVEbUh0

+Ui9nRm5Wa1FvalhyVW4ybmpYMjVVanZQaXhlMU96Y0daMmQ0MjdVTGdnY1hqMkhSdjJiZldDNDUw

+SGFXS3FDckZlYWlrQ2xkUUM2WGV3SkxZUjdvQUY3UjVha2ttK3M2MXNCRTVCaTg0QmJLWHluc1NG

+ejE0TXFrd2JMK1VMYVk9CkFUT3dqTUFpa3Q4My9NTW5KRXQ2b3EyNFN4KzJKNDc2K2gyTmEzbHUr

+MDg0cjlBT25aaUk0TmlYV0N1Q0lzakEzcTBwUHFJS1VXZHlPQW9uM2VHY0huZUppWUtVYllBaUJI

+MVNmbnhQQkMzZkFMRklybkQ4Y0VqeGpPcUFUaTQ5dE1mRmtib0dNQ3dEdFY0V3NJL0tLUlRCOFd1

+MnNXK2J0V3QzVWlvZG9ZeUVLTDk3ekNNemZqdGptejF4SDhHTXY5WDVnaG9NSW5RQVNvYlRreVZ4

+dWo5YnlDazdNbU0vK21ZL3AwZE9oYVY0Nncwcm04UGlvWEtzdzR4bXB3ditDWC9PRXV3Uy9meDJT

+Y0lOQnNuYVRiWT1QSwECHgMKAAAAAADOjUlZq3B3VeYAAADmAAAABQAAAAAAAAAAAAAApIEAAAAA

+LmtleXNQSwECHgMKAAAAAADOjUlZJg3/BhcCAAAXAgAAAgAAAAAAAAAAAAAApIEJAQAAMGJQSwEC

+HgMKAAAAAADOjUlZTNfdphcCAAAXAgAAAgAAAAAAAAAAAAAApIFAAwAAMGZQSwECHgMKAAAAAADO

+jUlZn9rNID8CAAA/AgAAAgAAAAAAAAAAAAAApIF3BQAAMWRQSwUGAAAAAAQABADDAAAA1gcAAAAA

+"""

+

+_VAULT_STOREROOM_BROKEN_DIR_CONFIG_ZIPPED3_JAVASCRIPT_SOURCE = """

+// Executed in the top-level directory of the vault project code, in Node.js.

+const storeroom = require('storeroom')

+const Store = require('./lib/store.js')

+let store = new Store(storeroom.createFileAdapter('./broken-dir'), 'vault key')

+await store._storeroom.put('/services/array/', [null, 1, true, [], {}])

+// The resulting "broken-dir" was then zipped manually.

+"""

+VAULT_STOREROOM_BROKEN_DIR_CONFIG_ZIPPED3 = b"""

+UEsDBAoAAAAAAEOPSVnVlcff5gAAAOYAAAAFAAAALmtleXN7InZlcnNpb24iOjF9CkV4dVBHUDBi

+YkxrUVdvWnV5ZUJQRy8xdmM2MCt6MThOa3BsS09ydFAvUTVnQmxkYVpIOG10dTE5VWZFNGdGRGRj

+eHJtWUd4eXZDZFNqcVlOaDh4cTlzM3VydkdRTWFwcnhtdlZGZUxoSW4zZnVlTDAweEk0ZmlLenZN

+MmthUlRsNWNORGh3eUNlWVk4dzhBcXNhYjNyVWVsOEE0eVQ0cHU2d2tmQ3dTWUdqeG5HR29EcWJK

+VnVJVWNpZVBEcU9PTzU2b0MyMG9lT01adFVkTUtxV28zYnFZPVBLAwQKAAAAAABDj0lZ77OVHxcC

+AAAXAgAAAgAAADBjeyJ2ZXJzaW9uIjoxfQpBZllFQVVobEkyU2lZeGlrdWh0RzRNbUN3L1V2THBN

+VVhwVlB0NlRwdzRyNGdocVJhbGZWZ0hxUHFtbTczSnltdFFrNnZnR2JRdUpiQmVlYjYwOHNrMGk4

+ZFJVZjNwdlc2SnUyejljQkdwOG5mTFpTdlNad1lLN09UK2gzSDNDcmoxbXNicEZUcHVldW81NXc1

+dGdYMnBuWXNWTVcrczdjaHEyMUIya2lIVEZrdGt1MXlaRzhPYkVUQjNCOFNGODVVbi9CUjFEMHJ1

+ME9zOWl4ZWM2VmNTMitTZndtNnNtSlk2ZW9ZNTJzOGJNRGdYMndjQ0srREdkOEo2VWp0NG5OQVE9

+PQpBUWlPRnRZcmJybWUycEwxRFpGT1BjU0RHOUN2cVkvbHhTWGIwaVJUdmtIWFc2bEtHL0p4RUtU

+d3RTc0RTeDhsMTUvaHRmbWpOQ2tuTzhLVEFoKzhRQm5FbjZ0a2x5Y3BmeEIrTUxLRjFCM1Q1bjcv

+T0VUMExMdmgxU2k1bnRRNXhTUHZZNWtXeUMyZjhXUXFZb3FSNU5JVENMeDV6dWNsQ3dGb2kvVXc4

+OWNNWjM1MHBSbThzUktJbjJFeDUrQ1JwS3ZHdnBHbFJaTmk5VHZmVkNic1FCalR3MC9aeklTdzVQ

+NW9BVWE2U1ExUVFnNHg4VUNkY0s2QUNLaFluY0d4TVE9PVBLAwQKAAAAAABDj0lZGk9LVj8CAAA/

+AgAAAgAAADE0eyJ2ZXJzaW9uIjoxfQpBY1g2NVpMUWk4ck9pUlIyWGEwQlFHQVhQVWF2aHNJVGVY

+c2dzRk9OUmFTRzJCQlg0SGxJRHpwRUd5aDUrZ2czZVRwWDFNOERua3pMeTVzcWRkMFpmK3padTgz

+Qm52Y1JPREVIVDllUW91YUtPTWltdlRYanNuSXAxUHo5VGY1TlRkRjNJVTd2V1lhUDg4WTI5NG1i

+c1VVL2RKVTZqZ3ZDbUw2cE1VZ28xUU12bGJnaVp3cDV1RDFQZXlrSXdKVWdJSEgxTEpnYi9xU2tW

+c25leW1XY1RXR0NobzRvZGx3S2hJWmFCelhvNFhlN2U1V2I2VHA3Rkk5VUpVcmZIRTAvcVdrZUZE

+VmxlazY3cUx3ZFZXcU9DdFk9CkFhSGR0QjhydmQ0U3N4ZmJ5eU1OOHIzZEoxeHA5NmFIRTQvalNi

+Z05hZWttaDkyb2ROM1F4MUlqYXZsYVkxeEt1eFF3KzlwTHFIcTF5a1JSRjQzL2RVWGFIRk5UU0NX

+OVFsdmd3KzMwa1ZhSEdXRllvbFRnRWE4djQ3b3VrbGlmc01PZGM0YVNKb2R4ZUFJcVc3Q1cwdDVR

+b2RUbWREUXpqc3phZkQ4R2VOd2NFQjdGMHI2RzNoZEJlQndxd3Z6eENVYnpSUmU5bEQ3NjQ3RFp1

+bEo1U3c4amlvV0paTW40NlZhV3BYUXk4UnNva3hHaW00WUpybUZIQ2JkVU9qSWJsUmQ1Z3VhUDNU

+M0NxeHRPdC94b1BhOD1QSwMECgAAAAAAQ49JWVJM8QYXAgAAFwIAAAIAAAAxNnsidmVyc2lvbiI6

+MX0KQVlCWDF6M21qUlQrand4M2FyNkFpemxnalJZbUM0ZHg5NkxVQVBTVHNMWXJKVHFtWnd5N0Jy

+OFlCcElVamorMHdlT3lNaUtLVnFwaER3RXExNWFqUmlSZUVEQURTVHZwWmlLZUlnZjR5elUzZXNP

+eDJ2U2J1bXhTK0swUGZVa2tsSy9TRmRiU3EvUHFMRjBDRTVCMXNyKzJLYTB2WlJmak94R3VFeFRD

+RXozN0ZlWDNNR3NCNkhZVHEzaUJWcUR6NVB6eHpCWWM5Kyt6RitLS1RnMVp2NGRtRmVQTC9JSEY5

+WnV6TWlqRXdCRkE3WnJ0dkRqd3ZYcWtsMVpsR0c4eUV3PT0KQVhUWkRLVnNleldpR1RMUVZqa2hX

+bXBnK05MYlM0M2MxZEpvK2xGcC9yWUJYZkw3Wll5cGdjWE5IWXNzd01nc2VSSTAzNmt6bGZkdGNa

+bTdiUUN6M2JuQmZ6ZlorZFFuT2Y5STVSU2l0QzB2UmsydkQrOFdwbmRPSzNucGY5S0VpWklOSzVq

+TEZGTTJDTkNmQzBabXNRUlF3T0k2N3l5ZHhjVnFDMXBnWHV6QXRXamlsSUpnN0p6eUtsY3BJUGJu

+SUc0UzRSUlhIdW1wZnpoeWFZWkd6T0FDamRSYTZIMWJxYkJkZXFaSHMvQXJvM25mVjdlbjhxSUE5

+aVUrbnNweXFnPT1QSwECHgMKAAAAAABDj0lZ1ZXH3+YAAADmAAAABQAAAAAAAAAAAAAApIEAAAAA

+LmtleXNQSwECHgMKAAAAAABDj0lZ77OVHxcCAAAXAgAAAgAAAAAAAAAAAAAApIEJAQAAMGNQSwEC

+HgMKAAAAAABDj0lZGk9LVj8CAAA/AgAAAgAAAAAAAAAAAAAApIFAAwAAMTRQSwECHgMKAAAAAABD

+j0lZUkzxBhcCAAAXAgAAAgAAAAAAAAAAAAAApIGfBQAAMTZQSwUGAAAAAAQABADDAAAA1gcAAAAA

+"""

+

+_VAULT_STOREROOM_BROKEN_DIR_CONFIG_ZIPPED4_JAVASCRIPT_SOURCE = """

+// Executed in the top-level directory of the vault project code, in Node.js.

+const storeroom = require('storeroom')

+const Store = require('./lib/store.js')

+let store = new Store(storeroom.createFileAdapter('./broken-dir'), 'vault key')

+await store._storeroom.put('/dir/subdir/', [])

+await store._storeroom.put('/dir/', [])

+// The resulting "broken-dir" was then zipped manually.

+"""

+VAULT_STOREROOM_BROKEN_DIR_CONFIG_ZIPPED4 = b"""

+UEsDBAoAAAAAAE+5SVloORS+5gAAAOYAAAAFAAAALmtleXN7InZlcnNpb24iOjF9CkV6dWRoNkRQ

+YTlNSWFabHZ5TytVYTFuamhjV2hIaTFBU0lKYW5zcXBxVlA0blN2V0twUzdZOUc2bjFSbi8vUnVM

+VitwcHp5SC9RQk83R0hFenNVMzdCUzFwUmVVeGhxUVlVTE56OXZvQ0crM1ZaL3VncU44dDJiU05m

+Nyt5K3hiNng2aVlFUmNZYTJ0UkhzZVdIc0laTE9ha2lDb0lRVGV3cndwYjVMM2pnd0E3SXBzaDkz

+QkxHSzM5dXNYNmo0R0I2WkRUeW5JcGk4V3JkbDhnWVZCN0tVPVBLAwQKAAAAAABPuUlZ663uUhcC

+AAAXAgAAAgAAADAzeyJ2ZXJzaW9uIjoxfQpBV2wzS2gzd21ZSFVZZU1RR3BLSVowdVd1VXFna09h

+YmRjNzNYYXVsZTNtVS9sN2Zvd1AyS21jbFp3ZDM5V3lYVzRTcEw4R0l4YStDZW51S3V0Wm5nb0FR

+bWlnaUJUbkFaais5TENCcGNIWlZNY2RBVkgxKzBFNGpsanZ1UkVwZ0tPS05LZjRsTUl1QnZ4VmFB

+ZkdwNHJYNEZ4MmpPSlk1Y3NQZzBBRFBoZVAwN29GWVQ3alorSUNEK1AxNGZPdWpwMGRUeDRrTDIy

+LzlqalRDNXBCNVF5NW5iOUx3Zk5DUWViSUVpaTZpbU0vRmFrK1dtV05tMndqMERSTEc4RHY3ZkE9

+PQpBU0c3NTNGTVVwWmxjK3E1YXRzcC93OUNqN2JPOFlpY24wZHg2UGloTmwzUS9WSjVVeGJmU3l0

+ZDFDNDBRU2xXeTJqOTJDWUd3VER6eEdBMXVnb0FCYi9kTllTelVwbHJFb3BuUVphYXdsdTVwV2x0

+Y1E5WTcveWN4S2E4b0JaaGY3RkFYcGo2c01wUW9zNzI5VFVabFd4UmI4VFRtN2FrVnR1OXcvYXlK

+RS9reDh4ZUYxSGJlc3Q4N1IxTGg2ODd3dS9XVUN2ZjNXYXo1VjNnZWY0RnpUTXg0bkpqSlZOd0U0

+SzAxUTlaVzQ0bmVvbExPUVI1MkZDeDZvbml3RW9tenc9PVBLAwQKAAAAAABPuUlZRXky4CsCAAAr

+AgAAAgAAADEweyJ2ZXJzaW9uIjoxfQpBWmlYWVlvNUdCY2d5dkFRaGtyK2ZjUkdVSkdabDd2dE5w

+T2Mrd1VzbXJhQWhRN3dKdlYraGhKcTlrcWNKQnBWU0gyUTBTTVVhb29iNjBJM1NYNUNtTkJRU2FH

+M3prd0Y0T2F4TnpCZUh0NFlpaDd4Y3p2ak4xR0hISDJQYW0xam05K09ja3JLVmNMVURtNXRKb2ZC

+Z1E4Q2NwMGZMVkdEaURjNWF0MjVMc2piQVcvNkZFSnJ5VVBHWis4UVdYRmlWMGdtVVZybVc3VUFy

+dGhJQitWNTdZS1BORi95Nng2OU43UTFQbmp1cUczdlpybzljMEJ3d012NWoyc3BMMTJHcTdzTDZE

+alB1d0dHbnB2MkVZQTFLbmc9CkFTdjQwUkgzRmxzbGVlU1NjRlZNRmh3dEx6eEYxK2xpcmxEL29X

+alJLQ05qVWZhUVpJTWpqMWRoVkhOakNUTWhWZ1ZONkl3b04xTnFOMEV6cmdhaTFBWnNiMm9UczYw

+QkI1UGh0U0hhQ2U2WllUeE1JemFPS2FIK0w2eHhtaXIrTlQxNTRXS0x5amJMams3MU1na3Nwa0Yy

+WDBJMnlaWW5IUUM0bmdEL24yZzRtSVI2Q1hWL0JOUXNzeTBEeXdGLzN6eGRRYWw5cFBtVk1qYnFu

+cHY5SFNqRTg4S25naVpBWFhJWU1OVGF2L3Q3Y3dEWGdNekhKTlU0Y2xnVUtIQVZ3QT09UEsDBAoA

+AAAAAE+5SVkPfKx9FwIAABcCAAACAAAAMWR7InZlcnNpb24iOjF9CkFYbHNLRzQwZG5ibTJvcXdY

+U2ZrSWp3Mmxpa0lDS3hVOXU3TU52VkZ1NEJ2R1FVVitSVVdsS3MxL25TSlBtM2U2OTRvVHdoeDFo

+RFF3U0M5U0QvbXd5bnpjSTloUnRCUWVXMkVMOVU5L1ZGcHFsVWY3Z1ZOMHZ0ZWpXYnV4QnhsZlRD

+Tys4SFBwU2Zaa2VOUld5R2JNdzBFSU9LTmxRYjk3OUF0c1g3THR0NytaTkJnakZHYkZxaHdwa3kx

+WUNDVng1UmNZZ2tma2ZjWnVncGpzc1RzNVFvK1p3QXBEcDZ4V3JjSHMxUDhvNktBRzAwcjZZbkNM

+N2ErU1dwZmVNTUJhZz09CkFadVF0cFZMWmVvb292NkdyQlpnb3B6VmRGUXBlK1h6QXZuZ2dPVnZM

+VWtCYVF2akl5K1VLdXVUVlFoQ1JiMVp6dGZQL2dsNnoxOEsyZW5sQlo2bGJTZnoxTlBWeUVzYXB3

+dDVpUVh4azd5UkJlZks1cFlsNTduUXlmcFZQbzlreFpnOVdHTkV3NVJ5MkExemhnNGl6TWxLRmJh

+UjZFZ0FjQ3NFOXAveGRLa29ZNjhOUlZmNXJDM3lMQjc3ZWgyS1hCUld2WDNZcE9XdW00OGtsbmtI

+akJjMFpiQmUrT3NZb3d5cXpoRFA2ZGQxRlFnMlFjK09vc3B4V0sycld4M01HZz09UEsBAh4DCgAA

+AAAAT7lJWWg5FL7mAAAA5gAAAAUAAAAAAAAAAAAAAKSBAAAAAC5rZXlzUEsBAh4DCgAAAAAAT7lJ

+Weut7lIXAgAAFwIAAAIAAAAAAAAAAAAAAKSBCQEAADAzUEsBAh4DCgAAAAAAT7lJWUV5MuArAgAA

+KwIAAAIAAAAAAAAAAAAAAKSBQAMAADEwUEsBAh4DCgAAAAAAT7lJWQ98rH0XAgAAFwIAAAIAAAAA

+AAAAAAAAAKSBiwUAADFkUEsFBgAAAAAEAAQAwwAAAMIHAAAAAA==

+"""

+

 CANNOT_LOAD_CRYPTOGRAPHY = (

     'Cannot load the required Python module "cryptography".'

 )

@@ -17,6 +17,17 @@ from derivepassphrase.exporter import storeroom, vault_native

 cryptography = pytest.importorskip('cryptography', minversion='38.0')

+from cryptography.hazmat.primitives import (  # noqa: E402

+    ciphers,

+    hashes,

+    hmac,

+    padding,

+)

+from cryptography.hazmat.primitives.ciphers import (  # noqa: E402

+    algorithms,

+    modes,

+)

+

 if TYPE_CHECKING:

     from collections.abc import Callable

     from typing import Any

@@ -284,22 +295,93 @@ class TestStoreroom:

             with pytest.raises(RuntimeError, match=err_msg):

                 storeroom.export_storeroom_data()

+    @pytest.mark.parametrize(

+        ['zipped_config', 'error_text'],

+        [

+            pytest.param(

+                tests.VAULT_STOREROOM_BROKEN_DIR_CONFIG_ZIPPED,

+                'Object key mismatch',

+                id='VAULT_STOREROOM_BROKEN_DIR_CONFIG_ZIPPED',

+            ),

+            pytest.param(

+                tests.VAULT_STOREROOM_BROKEN_DIR_CONFIG_ZIPPED2,

+                'Directory index is not actually an index',

+                id='VAULT_STOREROOM_BROKEN_DIR_CONFIG_ZIPPED2',

+            ),

+            pytest.param(

+                tests.VAULT_STOREROOM_BROKEN_DIR_CONFIG_ZIPPED3,

+                'Directory index is not actually an index',

+                id='VAULT_STOREROOM_BROKEN_DIR_CONFIG_ZIPPED3',

+            ),

+            pytest.param(

+                tests.VAULT_STOREROOM_BROKEN_DIR_CONFIG_ZIPPED4,

+                'Object key mismatch',

+                id='VAULT_STOREROOM_BROKEN_DIR_CONFIG_ZIPPED4',

+            ),

+        ],

+    )

     def test_403_export_storeroom_data_bad_directory_listing(

         self,

         monkeypatch: pytest.MonkeyPatch,

+        zipped_config: bytes,

+        error_text: str,

     ) -> None:

         runner = click.testing.CliRunner(mix_stderr=False)

         with (

             tests.isolated_vault_exporter_config(

                 monkeypatch=monkeypatch,

                 runner=runner,

-                vault_config=tests.VAULT_STOREROOM_BROKEN_DIR_CONFIG_ZIPPED,

+                vault_config=zipped_config,

                 vault_key=tests.VAULT_MASTER_KEY,

             ),

-            pytest.raises(RuntimeError, match='Object key mismatch'),

+            pytest.raises(RuntimeError, match=error_text),

         ):

             storeroom.export_storeroom_data()

+    def test_404_decrypt_keys_wrong_data_length(self) -> None:

+        payload = (

+            b"Any text here, as long as it isn't "

+            b'exactly 64 or 96 bytes long.'

+        )

+        assert len(payload) not in frozenset({

+            2 * storeroom.KEY_SIZE,

+            3 * storeroom.KEY_SIZE,

+        })

+        key = b'DEADBEEFdeadbeefDeAdBeEfdEaDbEeF'

+        padder = padding.PKCS7(storeroom.IV_SIZE * 8).padder()

+        plaintext = bytearray(padder.update(payload))

+        plaintext.extend(padder.finalize())

+        iv = b'deadbeefDEADBEEF'

+        assert len(iv) == storeroom.IV_SIZE

+        encryptor = ciphers.Cipher(

+            algorithms.AES256(key), modes.CBC(iv)

+        ).encryptor()

+        ciphertext = bytearray(encryptor.update(plaintext))

+        ciphertext.extend(encryptor.finalize())

+        mac_obj = hmac.HMAC(key, hashes.SHA256())

+        mac_obj.update(iv)

+        mac_obj.update(ciphertext)

+        data = iv + bytes(ciphertext) + mac_obj.finalize()

+        with pytest.raises(

+            ValueError,

+            match=r'Invalid encrypted master keys payload',

+        ):

+            storeroom.decrypt_master_keys_data(

+                data, {'encryption_key': key, 'signing_key': key}

+            )

+        with pytest.raises(

+            ValueError,

+            match=r'Invalid encrypted session keys payload',

+        ):

+            storeroom.decrypt_session_keys(

+                data,

+                {

+                    'hashing_key': key,

+                    'encryption_key': key,

+                    'signing_key': key,

+                },

+            )

+

 class TestVaultNativeConfig:

     @pytest.mark.parametrize(