a fWcBJ@sdZddlmZmZddlmZmZddlZee Z ddl m Z ddl mZmZddlmZmZmZmZddlmZddlmmZgd ZGd d d ejejejejZ d de fd dZ!e!dddeddZ"e!dddZ#e!dddZ$ej%de"ddddZ&ej%de#ddddZ'ej%d e$d!d"ddZ(d#Z)Gd$d%d%ejejejejZ*Gd&d'd'ejej+ejZ,Gd(d)d)ejejejZ-Gd*d+d+ejejejejZ.dS),z,passlib.handlers.pbkdf - PBKDF2 based hashes)hexlify unhexlify) b64encode b64decodeN) to_unicode) ab64_decode ab64_encode) str_to_basciiu uascii_to_strunicode) pbkdf2_hmac) pbkdf2_sha1 pbkdf2_sha256 pbkdf2_sha512cta_pbkdf2_sha1dlitz_pbkdf2_sha1grub_pbkdf2_sha512c@sReZdZdZdZejZdZdZ dZ dZ dZ dZ dZed d Zd d Zd dZdS)Pbkdf2DigestHandlerz1base class for various pbkdf2_{digest} algorithmssaltZ salt_sizeroundsNlinearcCsFtj||j|d\}}}t|d}|r8t|d}||||dS)N)handlerasciirrchecksum)uh parse_mc3identrencodeclshashrrchkr);/usr/lib/python3.9/site-packages/passlib/handlers/pbkdf2.py from_string?s zPbkdf2DigestHandler.from_stringcCs4t|jd}t|jd}t|j|j||SNr)rrdecoder r! render_mc3r#rselfrr(r)r)r* to_stringGszPbkdf2DigestHandler.to_stringcCst|j||j|j|jS)N)r _digestrr checksum_sizer0secretr)r)r*_calc_checksumLsz"Pbkdf2DigestHandler._calc_checksum)__name__ __module__ __qualname____doc__ setting_kwdsr! HASH64_CHARSZchecksum_charsdefault_salt_size max_salt_sizedefault_rounds min_rounds max_rounds rounds_costr2 classmethodr+r1r6r)r)r)r*rs  ri.cCsdd|}|durtd|f}t}t||ft|||||||ddddt||j|dd S) z;create new Pbkdf2DigestHandler subclass for a specific hashZpbkdf2_Nz $pbkdf2-%s$a$This class implements a generic ``PBKDF2-HMAC-%(digest)s``-based password hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt bytes. If specified, the length must be between 0-1024 bytes. If not specified, a %(dsc)d byte salt will be autogenerated (this is recommended). :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to %(dsc)d bytes, but can be any value between 0 and 1024. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to %(dr)d, but must be within ``range(1,1<<32)``. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 )digestZdscZdr)r8namer#r2r?r3Zencoded_checksum_sizer:)r rtypedictupperr=)Z hash_name digest_sizerr#modulerHbaser)r)r*create_pbkdf2_hashPs  rOsha1iz$pbkdf2$)r#Zsha256 iHqsha512@ialdap_pbkdf2_sha1z{PBKDF2}Tldap_pbkdf2_sha256z{PBKDF2-SHA256}z$pbkdf2-sha256$ldap_pbkdf2_sha512z{PBKDF2-SHA512}z$pbkdf2-sha512$s-_c@sZeZdZdZdZdZedZdZdZ dZ e j Z dZ dZd Zed d Zd d ZddZdS)raThis class implements Cryptacular's PBKDF2-based crypt algorithm, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt bytes. If specified, it may be any length. If not specified, a one will be autogenerated (this is recommended). :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to 16 bytes, but can be any value between 0 and 1024. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 60000, must be within ``range(1,1<<32)``. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 r$p5k2$rQrrrrrcCsLtj||jd|d\}}}t|dt}|r>t|dt}||||dS)Nr) rounds_baserrr)r!r"r#rr$ CTA_ALTCHARSr%r)r)r*r+s zcta_pbkdf2_sha1.from_stringcCs<t|jtd}t|jtd}tj|j|j||ddS)NrrrY) rrrZr-r r!r.r#rr/r)r)r*r1szcta_pbkdf2_sha1.to_stringcCstd||j|jdS)NrPrQr rrr4r)r)r*r6szcta_pbkdf2_sha1._calc_checksumN)r7r8r9r:rHr;r r#r3r=r>rr?r@rArBrCr+r1r6r)r)r)r*rs%  rc@sleZdZdZdZdZedZedZdZ dZ e j Z ejZdZdZd Zed d Zd d ZddZddZdS)raCThis class implements Dwayne Litzenberger's PBKDF2-based crypt algorithm, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If specified, it may be any length, but must use the characters in the regexp range ``[./0-9A-Za-z]``. If not specified, a 16 character salt will be autogenerated (this is recommended). :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to 16 bytes, but can be any value between 0 and 1024. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 60000, must be within ``range(1,1<<32)``. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 rrXz1000000000000000000000000000000000000000000000000=rrrrrcCs*tj||jdd|d\}}}||||dS)Nr)rYr?rr)r!r"r#r%r)r)r*r+9s  zdlitz_pbkdf2_sha1.from_stringcCs,|j}|dkrd}tj|j||j|jddSNr]rr[)rr!r.r#rr r0rr)r)r*r1?szdlitz_pbkdf2_sha1.to_stringcCs*|j}|dkrd}tj|j||jdddSr^)rr!r.r#rr_r)r)r* _get_configEszdlitz_pbkdf2_sha1._get_configcCs(|}td|||jd}t|dS)NrPr)r`r rrr-)r0r5rresultr)r)r*r6Nsz dlitz_pbkdf2_sha1._calc_checksumN)r7r8r9r:rHr;r r#Z_stub_checksumr=r>r!r<Z salt_charsrr?r@rArBrCr+r1r`r6r)r)r)r*rs"%   rc@sHeZdZdZdZdZedZdZdZ Z e ddZ dd Z d d Zd S) atlassian_pbkdf2_sha1aBThis class implements the PBKDF2 hash used by Atlassian. It supports a fixed-length salt, and a fixed number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt bytes. If specified, the length must be exactly 16 bytes. If not specified, a salt will be autogenerated (this is recommended). :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 )rz {PKCS5S2}rRrcCsht|dd}|j}||s(tj|t|t|dd}|dd|dd}}|||dS)Nrr'r)rr ) rr# startswithr!excZInvalidHashErrorrlenr$)r&r'r#datarr(r)r)r*r+{s   z!atlassian_pbkdf2_sha1.from_stringcCs(|j|j}|jt|d}t|Sr,)rr r#rr-r )r0rgr'r)r)r*r1s zatlassian_pbkdf2_sha1.to_stringcCstd||jddS)NrPi'rR)r rr4r)r)r*r6sz$atlassian_pbkdf2_sha1._calc_checksumN)r7r8r9r:rHr;r r#r3Z min_salt_sizer>rCr+r1r6r)r)r)r*rc[s rcc@sZeZdZdZdZdZedZdZdZ dZ e j Z dZ dZdZed d Zd d Zd dZdS)raThis class implements Grub's pbkdf2-hmac-sha512 hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt bytes. If specified, the length must be between 0-1024 bytes. If not specified, a 64 byte salt will be autogenerated (this is recommended). :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to 64 bytes, but can be any value between 0 and 1024. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 19000, but must be within ``range(1,1<<32)``. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 rzgrub.pbkdf2.sha512.rTrrrrcCsLtj||jtd|d\}}}t|d}|r>t|d}||||dS)N.)seprrr)r!r"r#r rr$r%r)r)r*r+s zgrub_pbkdf2_sha512.from_stringcCsDt|jd}t|jd}tj|j|j||t ddS)Nrrh)ri) rrr-rKr r!r.r#rr r/r)r)r*r1szgrub_pbkdf2_sha512.to_stringcCstd||j|jdS)NrSrTr\r4r)r)r*r6sz!grub_pbkdf2_sha512._calc_checksumN)r7r8r9r:rHr;r r#r3r=r>rr?r@rArBrCr+r1r6r)r)r)r*rs  r)/r:Zbinasciirrbase64rrZloggingZ getLoggerr7logZ passlib.utilsrZpasslib.utils.binaryrrZpasslib.utils.compatr r r r Zpasslib.crypto.digestr Zpasslib.utils.handlersZutilshandlersr!__all__Z HasRoundsZ HasRawSaltZHasRawChecksumZGenericHandlerrrOrrrZ PrefixWrapperrUrVrWrZrZHasSaltrrcrr)r)r)r*s,   33  `i8