def test_ec_encryption(self):
private_key = crypto.load_ec_private_key(
utils.base64_url_decode(_test_ec_private_key))
decrypted_data = crypto.decrypt_ec(
utils.base64_url_decode(_test_ec_encrypted_data), private_key)
data = utils.base64_url_decode(_test_random_data)
self.assertEqual(decrypted_data, data)
def test_derive_key_hash_v1(self):
password = '******'
salt = utils.base64_url_decode('Ozv5_XSBgw-XSrDosp8Y1A')
iterations = 1000
expected_key = utils.base64_url_decode(
'nu911pKhOIeX_lToXa4uIUuMPg1pj_3ZGpGmd7OjvRs')
key_hash = crypto.derive_keyhash_v1(password, salt, iterations)
self.assertEqual(key_hash, expected_key)
def test_decrypt_aes_v1(self):
data = utils.base64_url_decode(
'KvsOJmE4JNK1HwKSpkBeR5R9YDms86uOb3wjNvc4LbUnZhKQtDxWifgA99tH2ZuP')
key = utils.base64_url_decode(
'pAZmcxEoV2chXsFQ6bzn7Lop8yO4F8ERIuS7XpFtr7Y')
data = crypto.decrypt_aes_v1(data, key)
self.assertEqual(
data, utils.base64_url_decode('6lf4FGVyhDRnRhJ91TrahjIW8lTqGA'))
def test_encrypt_rsa(self):
data = crypto.get_random_bytes(100)
puk = crypto.load_rsa_public_key(
utils.base64_url_decode(_test_public_key))
enc_data = crypto.encrypt_rsa(data, puk)
prk = crypto.load_rsa_private_key(
utils.base64_url_decode(_test_private_key))
dec_data = crypto.decrypt_rsa(enc_data, prk)
self.assertEqual(data, dec_data)
def test_derive_key_hash_v2(self):
password = '******'
salt = utils.base64_url_decode('Ozv5_XSBgw-XSrDosp8Y1A')
iterations = 1000
expected_key = utils.base64_url_decode(
'rXE9OHv_gcvUHdWuBIkyLsRDXT1oddQCzf6PrIECl2g')
domain = '1oZZl0fKjU4'
key_hash = crypto.derive_keyhash_v2(domain, password, salt, iterations)
self.assertEqual(key_hash, expected_key)
def test_encrypt_aes_v1(self):
iv = utils.base64_url_decode('KvsOJmE4JNK1HwKSpkBeRw')
block = utils.base64_url_decode('6lf4FGVyhDRnRhJ91TrahjIW8lTqGA')
key = utils.base64_url_decode(
'pAZmcxEoV2chXsFQ6bzn7Lop8yO4F8ERIuS7XpFtr7Y')
enc = crypto.encrypt_aes_v1(block, key, iv)
encoded = utils.base64_url_encode(enc)
self.assertEqual(
encoded,
'KvsOJmE4JNK1HwKSpkBeR5R9YDms86uOb3wjNvc4LbUnZhKQtDxWifgA99tH2ZuP')
def test_encrypt_aes_v2(self):
key = utils.base64_url_decode(
'c-EeCGlAO7F9QoJThlFBrhSCLYMe1H6GtKP-rezDnik')
data = utils.base64_url_decode(
'nm-8mRG7xYwUG2duaOZzw-ttuqfetWjVIzoridJF0EJOGlDLs1ZWQ7F9mOJ0Hxuy'
+
'dFyojxdxVo1fGwbfwf0Jew07HhGGE5UZ_s57rQvhizDW3F3z9a7EqHRon0EilCbMhIzE'
)
nonce = utils.base64_url_decode('Nt9_Y37C_43eRCRQ')
enc_data = crypto.encrypt_aes_v2(data, key, nonce)
expected_data = utils.base64_url_decode(
'Nt9_Y37C_43eRCRQCptb64zFaJVLcXF1udabOr_fyGXkpjpYeCAI7zVQD4JjewB' +
'CP1Xp7D6dx-pxdRWkhDEnVhJ3fzezi8atmmzvf2ICfkDK0IHHB8iNSx_R1Ru8Tozb-IdavT3wKi7nKSJLDdt-dk-Mw7bCewpZtg4wY-1UQw'
)
self.assertEqual(enc_data, expected_data)
dec_data = crypto.decrypt_aes_v2(enc_data, key)
self.assertEqual(dec_data, data)
def query_enterprise(params): # type: (KeeperParams) -> None
params.enterprise = get_enterprise_data(params)
if params.enterprise:
encrypted_tree_key = utils.base64_url_decode(
params.enterprise['tree_key'])
params.enterprise['unencrypted_tree_key'] = crypto.decrypt_aes_v1(
encrypted_tree_key, params.data_key)
tree_key = params.enterprise['unencrypted_tree_key']
for key in params.enterprise:
o = params.enterprise[key]
if not isinstance(o, list):
continue
for elem in o:
if not isinstance(elem, dict):
continue
if 'encrypted_data' in elem:
decrypted_data = crypto.decrypt_aes_v1(
utils.base64_url_decode(elem['encrypted_data']),
tree_key)
elem['data'] = json.loads(
decrypted_data.decode('utf-8'))
def test_download_attachment_command(self):
params = get_synced_params()
cmd = recordv2.RecordDownloadAttachmentCommand()
records = [
x for x in params.record_cache.values()
if len(x['extra_unencrypted']) > 10
]
rec = records[0]
record_uid = rec['record_uid']
extra = json.loads(rec['extra_unencrypted'].decode('utf-8'))
attachments = {
} # type: dict[any, tuple[attachment.AttachmentDownloadRequest, bytes]]
for file in extra['files']:
atta_id = file['id'] # type: str
key = utils.base64_url_decode(file['key'])
body_encoded = crypto.encrypt_aes_v1(os.urandom(file['size']), key)
rq = attachment.AttachmentDownloadRequest()
rq.title = 'Title'
rq.url = f'https://keepersecurity.com/files/{atta_id}'
rq.is_gcm_encrypted = False
rq.encryption_key = key
attachments[atta_id] = (rq, body_encoded)
def prepare_download(params, record_uid):
return (x[0] for x in attachments.values())
def requests_get(url, **kwargs):
body = next(
(x[1] for x in attachments.values() if x[0].url == url), None)
if not body:
raise Exception(f'URL \"{url}\" not found.')
rs = mock.Mock()
rs.status_code = 200
stream = io.BytesIO(body)
rs.raw = stream
rs.__enter__ = mock.Mock(return_value=rs)
rs.__exit__ = mock.Mock(return_value=None)
return rs
with mock.patch('keepercommander.attachment.prepare_attachment_download', side_effect=prepare_download), \
mock.patch('requests.get', side_effect=requests_get), \
mock.patch('builtins.open', mock.mock_open()), \
mock.patch('os.path.abspath', return_value='/file_name'):
cmd.execute(params, record=record_uid)