U øÐLa(Uã@sèdZddlZddlZe e¡ZddlmZmZm Z m Z ddl m Z ddl mZmZmZmZddlmmZddgZdZd Zd Zd Zdd d„ZedƒZedƒZedƒZGdd„dejej ej!ej"ƒZ#Gdd„de#ƒZ$Gdd„de#ƒZ%dS)z9passlib.handlers.sha2_crypt - SHA256-Crypt / SHA512-CryptéN)Ú safe_cryptÚ test_cryptÚ repeat_stringÚ to_unicode)Úh64)Úbyte_elem_valueÚuÚ uascii_to_strÚunicodeÚ sha512_cryptÚ sha256_cryptó))ré©éé©rr)rérr©rr)érrr)rrrrr)rrrr)rrrrr) éé ré réréé éé réréréééééééééééééé éé)@é*rrré+rrré,é-rrré.r r"ré/é0r'r$r&é1r)r+r(é2é3r.r-ré4r/é ré5é6é!rré7é"é#ré8é9é$r!r#é:é%é&r%é;é<é'r*r,é=é(é)ré>é?FcsÆt|tƒr| d¡}t|tƒs"t‚t|kr>tj |r8t nt ¡‚t |ƒ}d|krZdksdntdƒ‚t|tƒsvtdƒ‚| d¡}t |ƒ}|dks˜tdƒ‚|r¨t j }t}n t j}t}||||ƒ ¡}|||ƒ} | j} | t||ƒƒ|} | r| | d @rþ|n|ƒ| d L} qê|  ¡} |d kr8t|||ƒ ¡|ƒ} n>||ƒ}|j}|d } | rh||ƒ| d 8} qNt| ¡|ƒ} t | ƒ|ksˆt‚||d t| d ƒƒ ¡d |…}t |ƒ|ksÂtdƒ‚| | }| |}| |||| || ||g‰‡fdd„tDƒ}| }t|dƒ\}}|rP|D]&\}}|||||ƒ ¡ƒ ¡}q|d 8}q|r´|d ?}|d |…D]&\}}|||||ƒ ¡ƒ ¡}qj|d @r´||||d ƒ ¡}t ||¡ d¡S)aßperform raw sha256-crypt / sha512-crypt this function provides a pure-python implementation of the internals for the SHA256-Crypt and SHA512-Crypt algorithms; it doesn't handle any of the parsing/validation of the hash strings themselves. :arg pwd: password chars/bytes to hash :arg salt: salt chars to use :arg rounds: linear rounds cost :arg use_512: use sha512-crypt instead of sha256-crypt mode :returns: encoded checksum chars zutf-8éèéÿÉš;zinvalid roundszsalt not unicodeÚasciir%zsalt too largeré`r#rNzsalt_len somehow > hash_len!cs g|]\}}ˆ|ˆ|f‘qS©rT)Ú.0ÚevenÚodd©ZpermsrTú?/tmp/pip-unpacked-wheel-8v2dfbvt/passlib/handlers/sha2_crypt.pyÚ Ûsz#_raw_sha2_crypt..r0)Ú isinstancer ÚencodeÚbytesÚAssertionErrorÚ_BNULLÚuhÚexcZNullPasswordErrorr r ÚlenÚhashlibÚsha512Ú_512_transpose_mapÚsha256Ú_256_transpose_mapÚdigestÚupdaterrÚ_c_digest_offsetsÚdivmodrZencode_transposed_bytesÚdecode)ÚpwdÚsaltÚroundsZuse_512Zpwd_lenZsalt_lenZ hash_constZ transpose_mapÚdbZa_ctxZ a_ctx_updateÚiÚdaZdpZtmp_ctxZtmp_ctx_updateZdsZdp_dpZdp_dsÚdataÚdcÚblocksÚtailrVrWÚpairsrTrXrYÚ_raw_sha2_crypt8sl!       $.     rxzrounds=ú$Ú0cs¢eZdZdZdZejZdZejZ dZ dZ dZ dZ dZdZd‡fd d „ Zd d „Zd d„Zedd„ƒZdd„ZdZdZedd„ƒZdd„Zedd„ƒZdd„Z‡ZS)Ú _SHA2_CommonzBclass containing common code shared by sha256_crypt & sha512_crypt)rnroÚimplicit_roundsZ salt_sizer#rPrQZlinearFNc s4tt|ƒjf|Ž|dkr*|jo(|jdk}||_dS)Néˆ)Úsuperr{Ú__init__Z use_defaultsror|)Úselfr|Úkwds©Ú __class__rTrYrsz_SHA2_Common.__init__cCs|j||jdkdS©N)Zrelaxed)Z _norm_saltÚchecksum)r€rnrTrTrYÚ _parse_saltsz_SHA2_Common._parse_saltcCs|j||jdkdSr„)Z _norm_roundsr…)r€rorTrTrYÚ _parse_rounds#sz_SHA2_Common._parse_roundscCsþt|ddƒ}|j}| |¡s(tj |¡‚t|ƒdks8t‚|dd… t ¡}|d t ¡r¦tt ƒdksht‚|  d¡dd…}| t ¡r˜|t kr˜tj  |¡‚t|ƒ}d}nd}d}t|ƒd krÄ|\}}n&t|ƒd krÞ|d}d}n tj |¡‚||||pöd|d S) NrRÚhashrrr&Fr}Trr)rornr…r|)rÚidentÚ startswithr`raZInvalidHashErrorrbr^ÚsplitÚ_UDOLLARÚ_UROUNDSÚpopÚ_UZEROZZeroPaddedRoundsErrorÚintZMalformedHashError)Úclsrˆr‰Úpartsror|rnZchkrTrTrYÚ from_string's6        üz_SHA2_Common.from_stringcCs^|jdkr2|jr2tdƒ|j|j|jp*tdƒf}n$tdƒ|j|j|j|jpPtdƒf}t|ƒS)Nr}z%s%s$%sÚz%srounds=%d$%s$%s)ror|rr‰rnr…r )r€rˆrTrTrYÚ to_stringTs ÿ ÿz_SHA2_Common.to_string)Zos_cryptÚbuiltincCs"t|jŽr| |j¡dSdSdS)NTF)rÚ _test_hashÚ_set_calc_checksum_backendÚ_calc_checksum_os_crypt©r‘rTrTrYÚ_load_backend_os_cryptis  z#_SHA2_Common._load_backend_os_cryptcCsf| ¡}t||ƒ}|dkr$| |¡S|j}| |j¡rH|| dtkrXtj  |||¡‚|| d…S)Nr) r•rÚ_calc_checksum_builtinÚ checksum_sizerŠr‰rŒr`raZCryptBackendError)r€ÚsecretÚconfigrˆÚcsrTrTrYr™qs  z$_SHA2_Common._calc_checksum_os_cryptcCs| |j¡dS)NT)r˜rœršrTrTrYÚ_load_backend_builtin‚s z"_SHA2_Common._load_backend_builtincCst||j|j|jƒS)N)rxrnroÚ _cdb_use_512)r€ržrTrTrYrœ‡s ÿz#_SHA2_Common._calc_checksum_builtin)N)Ú__name__Ú __module__Ú __qualname__Ú__doc__Z setting_kwdsr`Z HASH64_CHARSZchecksum_charsZ max_salt_sizeZ salt_charsZ min_roundsZ max_roundsZ rounds_costr¢Z_rounds_prefixr|rr†r‡Ú classmethodr“r•Úbackendsr—r›r™r¡rœÚ __classcell__rTrTr‚rYr{ýs2 ,   r{c@s(eZdZdZdZedƒZdZdZdZ dS)r aKThis class implements the SHA256-Crypt password hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 0-16 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 535000, must be between 1000 and 999999999, inclusive. .. note:: per the official specification, when the rounds parameter is set to 5000, it may be omitted from the hash string. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 .. commented out, currently only supported by :meth:`hash`, and not via :meth:`using`: :type implicit_rounds: bool :param implicit_rounds: this is an internal option which generally doesn't need to be touched. this flag determines whether the hash should omit the rounds parameter when encoding it to a string; this is only permitted by the spec for rounds=5000, and the flag is ignored otherwise. the spec requires the two different encodings be preserved as they are, instead of normalizing them. z$5$r1iØ))Útestz?$5$rounds=1000$test$QmQADEXMG8POI5WDsaeho0P36yK3Tcrgboabng6bkb/N) r£r¤r¥r¦Únamerr‰rÚdefault_roundsr—rTrTrTrYr s .c@s,eZdZdZdZedƒZdZdZdZ dZ dS)r aKThis class implements the SHA512-Crypt password hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 0-16 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 656000, must be between 1000 and 999999999, inclusive. .. note:: per the official specification, when the rounds parameter is set to 5000, it may be omitted from the hash string. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 .. commented out, currently only supported by :meth:`hash`, and not via :meth:`using`: :type implicit_rounds: bool :param implicit_rounds: this is an internal option which generally doesn't need to be touched. this flag determines whether the hash should omit the rounds parameter when encoding it to a string; this is only permitted by the spec for rounds=5000, and the flag is ignored otherwise. the spec requires the two different encodings be preserved as they are, instead of normalizing them. z$6$éVTi€ )rªzj$6$rounds=1000$test$2M/Lx6MtobqjLjobw0Wmo4Q5OFx5nVLJvmgseatA6oMnyWeBdRDx4DU.1H3eGmse6pgsOgDisWBGI5c7TZauS0N) r£r¤r¥r¦r«rr‰rr¢r¬r—rTrTrTrYr Ñs/)F)&r¦rcÚloggingÚ getLoggerr£ÚlogZ passlib.utilsrrrrZpasslib.utils.binaryrZpasslib.utils.compatrrr r Zpasslib.utils.handlersÚutilsÚhandlersr`Ú__all__r_rjrgrerxrrŒrZHasManyBackendsZ HasRoundsZHasSaltZGenericHandlerr{r r rTrTrTrYÚs2  þ   BÿB