thePR0M3TH3AN/seedPass
1
0
Fork 0
mirror of https://github.com/PR0M3TH3AN/SeedPass.git synced 2025-09-09 07:48:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Restore compatibility for key hierarchy

Browse Source
This commit is contained in:
thePR0M3TH3AN
2025-08-20 18:12:02 -04:00
parent bbb26ca55a
commit b97d60778b
5 changed files with 65 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/main.py
View File

@@ -1415,9 +1415,10 @@ def main(argv: list[str] | None = None, *, fingerprint: str | None = None) -> in
if entry.get("type") != EntryType.TOTP.value: if entry.get("type") != EntryType.TOTP.value:
print(colored("Entry is not a TOTP entry.", "red")) print(colored("Entry is not a TOTP entry.", "red"))
return 1 return 1
code = password_manager.entry_manager.get_totp_code( key = getattr(password_manager, "KEY_TOTP_DET", None) or getattr(
idx, password_manager.KEY_TOTP_DET password_manager, "parent_seed", None
) )
code = password_manager.entry_manager.get_totp_code(idx, key)
print(code) print(code)
try: try:
if copy_to_clipboard(code, password_manager.clipboard_clear_delay): if copy_to_clipboard(code, password_manager.clipboard_clear_delay):

6
src/seedpass/api.py
View File

@@ -464,7 +464,8 @@ def export_totp(
_check_token(request, authorization) _check_token(request, authorization)
_require_password(request, password) _require_password(request, password)
pm = _get_pm(request) pm = _get_pm(request)
return pm.entry_manager.export_totp_entries(pm.KEY_TOTP_DET) key = getattr(pm, "KEY_TOTP_DET", None) or getattr(pm, "parent_seed", None)
return pm.entry_manager.export_totp_entries(key)
@app.get("/api/v1/totp") @app.get("/api/v1/totp")
@@ -482,7 +483,8 @@ def get_totp_codes(
) )
codes = [] codes = []
for idx, label, _u, _url, _arch in entries: for idx, label, _u, _url, _arch in entries:
code = pm.entry_manager.get_totp_code(idx, pm.KEY_TOTP_DET) key = getattr(pm, "KEY_TOTP_DET", None) or getattr(pm, "parent_seed", None)
code = pm.entry_manager.get_totp_code(idx, key)
rem = pm.entry_manager.get_totp_time_remaining(idx) rem = pm.entry_manager.get_totp_time_remaining(idx)

10
src/seedpass/core/api.py
View File

@@ -305,9 +305,10 @@ class EntryService:
def get_totp_code(self, entry_id: int) -> str: def get_totp_code(self, entry_id: int) -> str:
with self._lock: with self._lock:
return self._manager.entry_manager.get_totp_code( key = getattr(self._manager, "KEY_TOTP_DET", None) or getattr(
entry_id, self._manager.KEY_TOTP_DET self._manager, "parent_seed", None
) )
return self._manager.entry_manager.get_totp_code(entry_id, key)
def add_entry( def add_entry(
self, self,
@@ -515,9 +516,10 @@ class EntryService:
def export_totp_entries(self) -> dict: def export_totp_entries(self) -> dict:
with self._lock: with self._lock:
return self._manager.entry_manager.export_totp_entries( key = getattr(self._manager, "KEY_TOTP_DET", None) or getattr(
self._manager.parent_seed self._manager, "parent_seed", None
) )
return self._manager.entry_manager.export_totp_entries(key)
def display_totp_codes(self) -> None: def display_totp_codes(self) -> None:
with self._lock: with self._lock:

51
src/seedpass/core/manager.py
View File

@@ -45,6 +45,7 @@ from utils.key_derivation import (
derive_key_from_parent_seed, derive_key_from_parent_seed,
derive_key_from_password, derive_key_from_password,
derive_key_from_password_argon2, derive_key_from_password_argon2,
derive_index_key,
EncryptionMode, EncryptionMode,
KdfConfig, KdfConfig,
) )
@@ -232,6 +233,13 @@ class PasswordManager:
verification, ensuring the integrity and confidentiality of the stored password database. verification, ensuring the integrity and confidentiality of the stored password database.
""" """
# Class-level fallbacks so attributes exist even if ``__init__`` is bypassed
master_key: bytes | None = None
KEY_STORAGE: bytes | None = None
KEY_INDEX: bytes | None = None
KEY_PW_DERIVE: bytes | None = None
KEY_TOTP_DET: bytes | None = None
def __init__( def __init__(
self, fingerprint: Optional[str] = None, *, password: Optional[str] = None self, fingerprint: Optional[str] = None, *, password: Optional[str] = None
) -> None: ) -> None:
@@ -341,6 +349,20 @@ class PasswordManager:
self.KEY_PW_DERIVE = kd(master, b"seedpass:v1:pw") self.KEY_PW_DERIVE = kd(master, b"seedpass:v1:pw")
self.KEY_TOTP_DET = kd(master, b"seedpass:v1:totp") self.KEY_TOTP_DET = kd(master, b"seedpass:v1:totp")
def ensure_key_hierarchy(self) -> None:
"""Ensure sub-keys are derived from the current parent seed."""
if (
self.KEY_STORAGE is None
or self.KEY_INDEX is None
or self.KEY_PW_DERIVE is None
or self.KEY_TOTP_DET is None
) and getattr(self, "parent_seed", None):
try:
seed_bytes = Bip39SeedGenerator(self.parent_seed).Generate()
except Exception:
seed_bytes = hashlib.sha256(self.parent_seed.encode()).digest()
self.derive_key_hierarchy(seed_bytes)
def ensure_script_checksum(self) -> None: def ensure_script_checksum(self) -> None:
"""Initialize or verify the checksum of the manager script.""" """Initialize or verify the checksum of the manager script."""
script_path = Path(__file__).resolve() script_path = Path(__file__).resolve()
@@ -498,13 +520,11 @@ class PasswordManager:
self.setup_encryption_manager(self.fingerprint_dir, password) self.setup_encryption_manager(self.fingerprint_dir, password)
self.initialize_bip85() self.initialize_bip85()
self.initialize_managers() self.initialize_managers()
self.ensure_key_hierarchy()
self.is_locked = False self.is_locked = False
self.locked = False self.locked = False
self.update_activity() self.update_activity()
if ( if getattr(self, "audit_logger", None) is None and self.KEY_INDEX is not None:
getattr(self, "audit_logger", None) is None
and getattr(self, "_parent_seed_secret", None) is not None
):
self.audit_logger = AuditLogger(self.KEY_INDEX) self.audit_logger = AuditLogger(self.KEY_INDEX)
if ( if (
getattr(self, "config_manager", None) getattr(self, "config_manager", None)
@@ -852,10 +872,12 @@ class PasswordManager:
self.current_fingerprint = fp self.current_fingerprint = fp
self.fingerprint_dir = path self.fingerprint_dir = path
self.parent_seed = seed self.parent_seed = seed
try:
seed_bytes = Bip39SeedGenerator(seed).Generate() seed_bytes = Bip39SeedGenerator(seed).Generate()
self.derive_key_hierarchy(seed_bytes) self.derive_key_hierarchy(seed_bytes)
key_b64 = base64.urlsafe_b64encode(self.KEY_STORAGE) key_b64 = base64.urlsafe_b64encode(self.KEY_STORAGE)
except Exception:
key_b64 = derive_index_key(seed)
self.encryption_manager = EncryptionManager(key_b64, path) self.encryption_manager = EncryptionManager(key_b64, path)
self.vault = Vault(self.encryption_manager, path) self.vault = Vault(self.encryption_manager, path)
@@ -1333,6 +1355,9 @@ class PasswordManager:
if not self.encryption_manager: if not self.encryption_manager:
raise ValueError("EncryptionManager is not initialized.") raise ValueError("EncryptionManager is not initialized.")
# Derive sub-keys if needed
self.ensure_key_hierarchy()
# Reinitialize the managers with the updated EncryptionManager and current fingerprint context # Reinitialize the managers with the updated EncryptionManager and current fingerprint context
self.config_manager = ConfigManager( self.config_manager = ConfigManager(
vault=self.vault, vault=self.vault,
@@ -1853,16 +1878,17 @@ class PasswordManager:
) )
totp_index = self.entry_manager.get_next_totp_index() totp_index = self.entry_manager.get_next_totp_index()
entry_id = self.entry_manager.get_next_index() entry_id = self.entry_manager.get_next_index()
key = self.KEY_TOTP_DET or getattr(self, "parent_seed", None)
uri = self.entry_manager.add_totp( uri = self.entry_manager.add_totp(
label, label,
self.KEY_TOTP_DET, key,
index=totp_index, index=totp_index,
period=int(period), period=int(period),
digits=int(digits), digits=int(digits),
notes=notes, notes=notes,
tags=tags, tags=tags,
) )
secret = TotpManager.derive_secret(self.KEY_TOTP_DET, totp_index) secret = TotpManager.derive_secret(key, totp_index)
self.is_dirty = True self.is_dirty = True
self.last_update = time.time() self.last_update = time.time()
print( print(
@@ -1905,9 +1931,10 @@ class PasswordManager:
else [] else []
) )
entry_id = self.entry_manager.get_next_index() entry_id = self.entry_manager.get_next_index()
key = self.KEY_TOTP_DET or getattr(self, "parent_seed", None)
uri = self.entry_manager.add_totp( uri = self.entry_manager.add_totp(
label, label,
self.KEY_TOTP_DET, key,
secret=secret, secret=secret,
period=period, period=period,
digits=digits, digits=digits,
@@ -2669,7 +2696,8 @@ class PasswordManager:
print(colored("Press Enter to return to the menu.", "cyan")) print(colored("Press Enter to return to the menu.", "cyan"))
try: try:
while True: while True:
code = self.entry_manager.get_totp_code(index, self.KEY_TOTP_DET) key = self.KEY_TOTP_DET or getattr(self, "parent_seed", None)
code = self.entry_manager.get_totp_code(index, key)
if self.secret_mode_enabled: if self.secret_mode_enabled:
if copy_to_clipboard(code, self.clipboard_clear_delay): if copy_to_clipboard(code, self.clipboard_clear_delay):
print( print(
@@ -4146,6 +4174,7 @@ class PasswordManager:
def handle_export_totp_codes(self) -> Path | None: def handle_export_totp_codes(self) -> Path | None:
"""Export all 2FA codes to a JSON file for other authenticator apps.""" """Export all 2FA codes to a JSON file for other authenticator apps."""
try: try:
self.ensure_key_hierarchy()
fp, parent_fp, child_fp = self.header_fingerprint_args fp, parent_fp, child_fp = self.header_fingerprint_args
clear_header_with_notification( clear_header_with_notification(
self, self,
@@ -4167,7 +4196,8 @@ class PasswordManager:
secret = entry["secret"] secret = entry["secret"]
else: else:
idx = int(entry.get("index", 0)) idx = int(entry.get("index", 0))
secret = TotpManager.derive_secret(self.KEY_TOTP_DET, idx) key = self.KEY_TOTP_DET or getattr(self, "parent_seed", None)
secret = TotpManager.derive_secret(key, idx)
uri = TotpManager.make_otpauth_uri(label, secret, period, digits) uri = TotpManager.make_otpauth_uri(label, secret, period, digits)
totp_entries.append( totp_entries.append(
{ {
@@ -4404,6 +4434,7 @@ class PasswordManager:
def change_password(self, old_password: str, new_password: str) -> None: def change_password(self, old_password: str, new_password: str) -> None:
"""Change the master password used for encryption.""" """Change the master password used for encryption."""
try: try:
self.ensure_key_hierarchy()
if not self.verify_password(old_password): if not self.verify_password(old_password):
raise ValueError("Incorrect password") raise ValueError("Incorrect password")

10
src/seedpass/core/menu_handler.py
View File

@@ -131,7 +131,10 @@ class MenuHandler:
if generated: if generated:
print(colored("\nGenerated 2FA Codes:", "green")) print(colored("\nGenerated 2FA Codes:", "green"))
for label, idx, period, _ in generated: for label, idx, period, _ in generated:
code = pm.entry_manager.get_totp_code(idx, pm.KEY_TOTP_DET) key = getattr(pm, "KEY_TOTP_DET", None) or getattr(
pm, "parent_seed", None
)
code = pm.entry_manager.get_totp_code(idx, key)
remaining = pm.entry_manager.get_totp_time_remaining(idx) remaining = pm.entry_manager.get_totp_time_remaining(idx)
filled = int(20 * (period - remaining) / period) filled = int(20 * (period - remaining) / period)
bar = "[" + "#" * filled + "-" * (20 - filled) + "]" bar = "[" + "#" * filled + "-" * (20 - filled) + "]"
@@ -149,7 +152,10 @@ class MenuHandler:
if imported_list: if imported_list:
print(colored("\nImported 2FA Codes:", "green")) print(colored("\nImported 2FA Codes:", "green"))
for label, idx, period, _ in imported_list: for label, idx, period, _ in imported_list:
code = pm.entry_manager.get_totp_code(idx, pm.KEY_TOTP_DET) key = getattr(pm, "KEY_TOTP_DET", None) or getattr(
pm, "parent_seed", None
)
code = pm.entry_manager.get_totp_code(idx, key)
remaining = pm.entry_manager.get_totp_time_remaining(idx) remaining = pm.entry_manager.get_totp_time_remaining(idx)
filled = int(20 * (period - remaining) / period) filled = int(20 * (period - remaining) / period)
bar = "[" + "#" * filled + "-" * (20 - filled) + "]" bar = "[" + "#" * filled + "-" * (20 - filled) + "]"