def register_record(record, key_type=None):
# type: (record.Record, int or None) -> bytes
data = {
'title': record.title or '',
'secret1': record.login or '',
'secret2': record.password or '',
'link': record.login_url or '',
'notes': record.notes or '',
'custom': record.custom_fields or '',
'folder': record.folder or ''
}
extra = None
udata = None
if record.attachments:
extra = {'files': record.attachments}
udata = {'file_id': [x['id'] for x in record.attachments]}
record_key = api.generate_aes_key() if key_type != 0 else _USER_DATA_KEY
rec_object = {
'record_uid': record.record_uid,
'revision': record.revision if
(0 < record.revision <= _REVISION) else _REVISION,
'version': 2 if key_type != 0 else 1,
'shared': key_type not in [0, 1],
'data': api.encrypt_aes(json.dumps(data).encode('utf-8'), record_key),
}
if extra:
rec_object['extra'] = api.encrypt_aes(
json.dumps(extra).encode('utf-8'), record_key)
if udata:
rec_object['udata'] = udata
_RECORDS.append(rec_object)
meta_data = {
'record_uid': record.record_uid,
'owner': key_type in [0, 1],
'can_share': key_type == 1,
'can_edit': key_type == 1,
'record_key_type': key_type
}
if key_type == 0:
_RECORD_METADATA.append(meta_data)
if key_type == 1:
meta_data['record_key'] = utils.base64_url_encode(
crypto.encrypt_aes_v1(record_key, _USER_DATA_KEY))
_RECORD_METADATA.append(meta_data)
elif key_type == 2:
meta_data['record_key'] = utils.base64_url_encode(
crypto.encrypt_rsa(record_key, _IMPORTED_PUBLIC_KEY))
_RECORD_METADATA.append(meta_data)
return record_key
def test_encrypt_aes_v1(self):
iv = utils.base64_url_decode('KvsOJmE4JNK1HwKSpkBeRw')
block = utils.base64_url_decode('6lf4FGVyhDRnRhJ91TrahjIW8lTqGA')
key = utils.base64_url_decode(
'pAZmcxEoV2chXsFQ6bzn7Lop8yO4F8ERIuS7XpFtr7Y')
enc = crypto.encrypt_aes_v1(block, key, iv)
encoded = utils.base64_url_encode(enc)
self.assertEqual(
encoded,
'KvsOJmE4JNK1HwKSpkBeR5R9YDms86uOb3wjNvc4LbUnZhKQtDxWifgA99tH2ZuP')
_SESSION_TOKEN = base64.urlsafe_b64encode(
os.urandom(64)).decode('utf-8').strip('=')
_DEVICE_ID = os.urandom(64)
_2FA_ONE_TIME_TOKEN = '123456'
_2FA_DEVICE_TOKEN = base64.urlsafe_b64encode(
os.urandom(32)).decode('utf-8').strip('=')
_IMPORTED_PRIVATE_KEY = RSA.importKey(_USER_PRIVATE_KEY, _PRIVATE_KEY_PASSWORD)
_DER_PRIVATE_KEY = _IMPORTED_PRIVATE_KEY.export_key(format='DER')
_ENCRYPTED_PRIVATE_KEY = api.encrypt_aes(_DER_PRIVATE_KEY, _USER_DATA_KEY)
_IMPORTED_PUBLIC_KEY = crypto.load_rsa_public_key(
base64.b64decode(_USER_PUBLIC_KEY))
_ENCODED_PUBLIC_KEY = utils.base64_url_encode(
crypto.unload_rsa_public_key(_IMPORTED_PUBLIC_KEY))
_V2_DERIVED_KEY = crypto.derive_keyhash_v2('data_key', _USER_PASSWORD,
_USER_SALT, _USER_ITERATIONS)
_dk = rest_api.encrypt_aes(_USER_DATA_KEY, _V2_DERIVED_KEY)
_ENCRYPTED_DATA_KEY = base64.urlsafe_b64encode(_dk).decode('utf-8').strip()
_V1_DERIVED_KEY = api.derive_key(_USER_PASSWORD, _USER_SALT, _USER_ITERATIONS)
_enc_iter = int.to_bytes(_USER_ITERATIONS,
length=3,
byteorder='big',
signed=False)
_enc_iv = os.urandom(16)
_cipher = AES.new(_V1_DERIVED_KEY, AES.MODE_CBC, _enc_iv)
_enc_dk = b'\x01' + _enc_iter + _USER_SALT + _enc_iv + _cipher.encrypt(
_USER_DATA_KEY + _USER_DATA_KEY)
def get_enterprise_data(params):
# type: (KeeperParams) -> dict
encrypted_tree_key = crypto.encrypt_aes_v1(_TREE_KEY, params.data_key) \
if _USE_DATA_KEY else crypto.encrypt_rsa(_TREE_KEY, _VAULT_ENV.public_key)
tree_key_type = 1 if _USE_DATA_KEY else 2
rs = {
'result': 'success',
'result_code': '',
'message': '',
'enterprise_name': 'Enterprise 1',
'tree_key': utils.base64_url_encode(encrypted_tree_key),
'key_type_id': tree_key_type
}
rs['nodes'] = [
{
'node_id': _NODE1_ID,
'encrypted_data': api.encrypt_aes(json.dumps({}).encode('utf-8'), _TREE_KEY)
},
{
'node_id': _NODE2_ID,
'parent_id': _NODE1_ID,
'encrypted_data': api.encrypt_aes(json.dumps({'displayname': 'Sub node 1'}).encode('utf-8'), _TREE_KEY)
}
]
rs['users'] = [
{
'enterprise_user_id': _USER1_ID,
'node_id': _NODE1_ID,
'username': params.user,
'encrypted_data': api.encrypt_aes(json.dumps({'displayname': 'User 1'}).encode('utf-8'), _TREE_KEY),
'status': 'active',
'lock': 0
},
{
'enterprise_user_id': _USER2_ID,
'node_id': _NODE2_ID,
'username': _USER2_EMAIL,
'encrypted_data': api.encrypt_aes(json.dumps({'displayname': 'User 2'}).encode('utf-8'), _TREE_KEY),
'status': 'active',
'lock': 1
}
]
rs['roles'] = [
{
'role_id': _ROLE1_ID,
'node_id': _NODE1_ID,
'encrypted_data': api.encrypt_aes(json.dumps({'displayname': _ROLE1_NAME}).encode('utf-8'), _TREE_KEY),
'visible_below': True,
'new_user_inherit': True
}
]
rs['managed_nodes'] = [
{
'role_id': _ROLE1_ID,
'managed_node_id': _NODE1_ID,
'cascade_node_management': True,
}
]
rs['role_users'] = [
{
'role_id': _ROLE1_ID,
'enterprise_user_id': _USER1_ID
}
]
rs['teams'] = [
{
'team_uid': _TEAM1_UID,
'name': _TEAM1_NAME,
'node_id': _NODE1_ID,
'restrict_sharing': False,
'restrict_edit': False,
'restrict_view': False,
},
{
'team_uid': _TEAM2_UID,
'name': _TEAM2_NAME,
'node_id': _NODE1_ID,
'restrict_sharing': False,
'restrict_edit': False,
'restrict_view': False,
}
]
rs['team_users'] = [
{
'team_uid': _TEAM1_UID,
'enterprise_user_id': _USER1_ID,
'user_type': 1
},
{
'team_uid': _TEAM1_UID,
'enterprise_user_id': _USER2_ID,
'user_type': 1
}
]
return rs