thePR0M3TH3AN/seedPass
1
0
Fork 0
mirror of https://github.com/PR0M3TH3AN/SeedPass.git synced 2025-09-10 08:19:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c9ad16f15070aaa51721d605b71e34724b695911
seedPass/src/tests/test_decrypt_messages.py
thePR0M3TH3AN 28f552313f test: align legacy migration handling
2025-08-11 19:35:03 -04:00

59 lines
2.0 KiB
Python
Raw Blame History

import base64
import hashlib
import unicodedata
import pytest
from cryptography.fernet import InvalidToken
from helpers import TEST_PASSWORD, TEST_SEED
from seedpass.core.encryption import (
EncryptionManager,
LegacyFormatRequiresMigrationError,
)
from utils.key_derivation import derive_index_key
def test_wrong_password_message(tmp_path):
key = derive_index_key(TEST_SEED)
mgr = EncryptionManager(key, tmp_path)
payload = mgr.encrypt_data(b"secret")
wrong_key = bytearray(key)
wrong_key[0] ^= 1
wrong_mgr = EncryptionManager(bytes(wrong_key), tmp_path)
with pytest.raises(InvalidToken, match="invalid key or corrupt file") as exc:
wrong_mgr.decrypt_data(payload, context="index")
assert "index" in str(exc.value)
def test_legacy_file_requires_migration_message(tmp_path, monkeypatch):
def _fast_legacy_key(password: str, iterations: int = 100_000) -> bytes:
normalized = unicodedata.normalize("NFKD", password).strip().encode("utf-8")
key = hashlib.pbkdf2_hmac("sha256", normalized, b"", 1, dklen=32)
return base64.urlsafe_b64encode(key)
monkeypatch.setattr(
"seedpass.core.encryption._derive_legacy_key_from_password", _fast_legacy_key
)
legacy_key = _fast_legacy_key(TEST_PASSWORD)
legacy_mgr = EncryptionManager(legacy_key, tmp_path)
token = legacy_mgr.fernet.encrypt(b"secret")
new_mgr = EncryptionManager(derive_index_key(TEST_SEED), tmp_path)
with pytest.raises(LegacyFormatRequiresMigrationError, match="index") as exc:
new_mgr.decrypt_data(token, context="index")
assert "index" in str(exc.value)
def test_corrupted_data_message(tmp_path):
key = derive_index_key(TEST_SEED)
mgr = EncryptionManager(key, tmp_path)
payload = bytearray(mgr.encrypt_data(b"secret"))
payload[-1] ^= 0xFF
with pytest.raises(InvalidToken, match="invalid key or corrupt file") as exc:
mgr.decrypt_data(bytes(payload), context="index")
assert "index" in str(exc.value)
Reference in New Issue View Git Blame Copy Permalink