PassManager/src/cryptography/master_pass.py

import os

from cryptography.exceptions import InvalidKey
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt

MEMORY_USAGE = 2**14


def _get_kdf(salt: bytes) -> Scrypt:
    kdf = Scrypt(
        salt=salt,
        length=128,
        n=MEMORY_USAGE,
        r=8,
        p=1,
    )
    return kdf


def encrypt_master_pass(passwd: str) -> tuple[bytes, bytes]:
    """Hashes master password and return tuple of hashed password and salt"""
    salt = os.urandom(64)
    kdf = _get_kdf(salt)
    return kdf.derive(passwd.encode("utf-8")), salt


def check_master_pass(passwd: str, enc_pass: bytes, salt: bytes) -> bool:
    """Checks if the master password is correct"""
    kdf = _get_kdf(salt)
    try:
        kdf.verify(passwd.encode("utf-8"), enc_pass)
    except InvalidKey:
        return False
    else:
        return True