Skip to content

Commit d322663

Browse files
commonismcommonism
committed
hatch run types:check
1 parent 395435e commit d322663

2 files changed

Lines changed: 27 additions & 20 deletions

File tree

src/vaultwarden/models/bitwarden.py

Lines changed: 15 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -66,13 +66,15 @@ def api_client(self) -> BitwardenAPIClient:
6666

6767
def decode_bytes(
6868
value: Any, handler: ValidatorFunctionWrapHandler, info: ValidationInfo
69-
) -> str:
70-
for key in info.context["cctx"][::-1]:
69+
) -> bytes:
70+
context: dict = cast(dict, info.context)
71+
keys: list[bytes] = cast(list[bytes], context.get("cctx"))
72+
for key in keys[::-1]:
7173
try:
7274
return decrypt(handler(value), key)
7375
except Exception:
7476
continue
75-
77+
raise ValueError(f"No key found")
7678

7779
def decode_string(
7880
value: Any, handler: ValidatorFunctionWrapHandler, info: ValidationInfo
@@ -224,14 +226,17 @@ def set_key(
224226
info: ValidationInfo,
225227
) -> Self:
226228
if (key := data.get("key")) is not None:
227-
info.context["cctx"].append(
228-
decrypt(key, info.context["cctx"][0])
229+
context = cast(dict, info.context)
230+
cctx = cast(list[bytes], context.get("cctx"))
231+
232+
cctx.append(
233+
decrypt(key, cctx[0])
229234
)
230235

231236
v = handler(data)
232237

233238
if key is not None:
234-
info.context["cctx"].pop()
239+
cctx.pop()
235240

236241
return v
237242

@@ -280,7 +285,7 @@ def update_collection(self, collections: list[UUID]):
280285

281286

282287
class Login(_CipherBase):
283-
Type: Literal[1]
288+
Type: Literal[CipherType.Login]
284289

285290
login: LoginData | None = None
286291
secureNote: None = None
@@ -291,7 +296,7 @@ class Login(_CipherBase):
291296

292297

293298
class SecureNote(_CipherBase):
294-
Type: Literal[2]
299+
Type: Literal[CipherType.SecureNote]
295300

296301
login: None = None
297302
secureNote: SecureNoteProperty | None = None
@@ -302,7 +307,7 @@ class SecureNote(_CipherBase):
302307

303308

304309
class Card(_CipherBase):
305-
Type: Literal[3]
310+
Type: Literal[CipherType.Card]
306311

307312
login: None = None
308313
card: None = None
@@ -313,7 +318,7 @@ class Card(_CipherBase):
313318

314319

315320
class Identity(_CipherBase):
316-
Type: Literal[4]
321+
Type: Literal[CipherType.Identity]
317322

318323
login: None = None
319324
secureNote: None = None

src/vaultwarden/utils/crypto.py

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,14 @@
1414
from hashlib import pbkdf2_hmac, sha256
1515
from hmac import new as hmac_new
1616
from secrets import token_bytes
17+
import typing
1718

1819
from Crypto.Cipher import AES, PKCS1_OAEP
1920
from Crypto.PublicKey import RSA
2021
from hkdf import hkdf_expand
2122

23+
if typing.TYPE_CHECKING:
24+
import vaultwarden.models.bitwarden
2225

2326
class CIPHERS(IntEnum):
2427
sym = 2
@@ -115,24 +118,26 @@ def is_encrypted(cipher_string):
115118
return True
116119

117120

118-
def make_master_key(password: str, salt: str, kdf: "vaultwarden.models.bitwarden.Kdf"):
121+
def make_master_key(password_: str, salt_: str, kdf: "vaultwarden.models.bitwarden.Kdf"):
119122
import vaultwarden.models.bitwarden
120123

121-
assert isinstance(salt, str)
122-
assert isinstance(password, str)
124+
assert isinstance(salt_, str)
125+
assert isinstance(password_, str)
123126

124-
salt = salt.lower()
125-
password = password.encode("utf-8")
126-
salt = salt.encode("utf-8")
127+
password = password_.encode("utf-8")
128+
salt = salt_.lower().encode("utf-8")
127129

128130
match kdf.Kdf:
129131
case vaultwarden.models.bitwarden.KdfType.Pbkdf2:
132+
assert kdf.KdfIterations is not None
130133
return pbkdf2_hmac("sha256", password, salt, kdf.KdfIterations)
131134
case vaultwarden.models.bitwarden.KdfType.Argon2id:
132135
# c.f.
133136
# https://github.com/vaultwarden/vw_web_builds/blob/355bddc6c9d5c110e55fe74c5fcfa86ddd85572c/libs/common/src/platform/services/key-generation.service.ts#L55-L75
134137
import argon2
135-
138+
assert kdf.KdfIterations is not None
139+
assert kdf.KdfMemory is not None
140+
assert kdf.KdfParallelism is not None
136141
hsalt = hashlib.new("sha256", salt).digest()
137142
v = argon2.low_level.hash_secret_raw(
138143
password,
@@ -144,9 +149,6 @@ def make_master_key(password: str, salt: str, kdf: "vaultwarden.models.bitwarden
144149
type=argon2.Type.ID,
145150
)
146151
return v
147-
case _:
148-
return None
149-
150152

151153
def hash_password(password, salt, iterations=ITERATIONS):
152154
"""base64-encode a wrapped, stretched password+salt(email) for signup/login"""

0 commit comments

Comments
 (0)