def testEncryptDecryptMAC():
"""
Verify that an encrypted plain text decrypts to the same text given the
same key and MAC Key.
plain_text should decrypt correctly using the same key and MAC key.
decrypt should raise an exception when using a different MAC key.
"""
plain_text = 'This is another test'
input_key = Bitwarden.makeKey('password', '*****@*****.**')
encrypt_key = Bitwarden.makeEncryptionKey(input_key)
whole_key = Bitwarden.decrypt(encrypt_key, input_key)
test_key = whole_key[:32]
mac_key1 = whole_key[32:64]
mac_key2 = whole_key[:32]
cipher_string = Bitwarden.encrypt(plain_text, test_key, mac_key1)
assert plain_text == Bitwarden.decrypt(cipher_string, test_key,
mac_key1).decode()
assert plain_text == Bitwarden.decrypt(
str(CipherString.parseString(cipher_string)), test_key,
mac_key1).decode()
with pytest.raises(InvalidMACException):
Bitwarden.decrypt(cipher_string, test_key, mac_key2)
Bitwarden.decrypt(str(CipherString.parseString(cipher_string)),
test_key, mac_key2)
def testEncryptDecrypt():
"""
Verify that an encrypted plain text decrypts to the same text given the
same key.
"""
plain_text = 'This is a test'
test_key = Bitwarden.makeKey('password', '*****@*****.**')
cipher_string = Bitwarden.encrypt(plain_text, test_key)
assert plain_text == Bitwarden.decrypt(cipher_string, test_key).decode()
assert plain_text == Bitwarden.decrypt(
str(CipherString.parseString(cipher_string)), test_key).decode()
def encryptDataUsingMasterKey(self, data, master_key):
"""
The user model contains an encrypted version of the encryption key.
First decrypt that key then encrypt the data
Args:
:param self: This user
:param data: The plain text to be encrypted
:param master_key: The master key
Returns:
str: The encrypted cipher string
"""
enc_key = Bitwarden.decrypt(self.key.encode(),
master_key[:32],
mac_key=master_key[32:64])
return Bitwarden.encrypt(data, enc_key[:32], mac_key=enc_key[32:64])
def updateMasterKey(self, old_password, new_password):
"""
This function updates the master key for the random encryption key. We
want to preserve this random encryption key. So we will decrypt with
the old key, then recrypt with the new key.
Args:
:param self: This user
:param old_password: The old master password
:param new_password: The new master password
"""
enc_key = Bitwarden.decrypt(
self.key, Bitwarden.makeKey(old_password, self.email), None)
self.key = Bitwarden.encrypt(
enc_key, Bitwarden.makeKey(new_password, self.email))
self.password_hash = Bitwarden.hashPassword(new_password, self.email)
self.security_stamp = funcs.generateSecureUUID()