def from_string(cls, hash):
hash = to_native_str(hash, "ascii", "hash")
if not hash.startswith("$scram$"):
raise uh.exc.InvalidHashError(cls)
parts = hash[7:].split("$")
if len(parts) != 3:
raise uh.exc.MalformedHashError(cls)
rounds_str, salt_str, chk_str = parts
# decode rounds
rounds = int(rounds_str)
if rounds_str != str(rounds): # forbid zero padding, etc.
raise uh.exc.MalformedHashError(cls)
# decode salt
try:
salt = ab64_decode(salt_str.encode("ascii"))
except TypeError:
raise uh.exc.MalformedHashError(cls)
# decode algs/digest list
if not chk_str:
# scram hashes MUST have something here.
raise uh.exc.MalformedHashError(cls)
elif "=" in chk_str:
# comma-separated list of 'alg=digest' pairs
algs = None
chkmap = {}
for pair in chk_str.split(","):
alg, digest = pair.split("=")
try:
chkmap[alg] = ab64_decode(digest.encode("ascii"))
except TypeError:
raise uh.exc.MalformedHashError(cls)
else:
# comma-separated list of alg names, no digests
algs = chk_str
chkmap = None
# return new object
return cls(
rounds=rounds,
salt=salt,
checksum=chkmap,
algs=algs,
)
def from_string(cls, hash):
hash = to_native_str(hash, "ascii", "hash")
if not hash.startswith("$scram$"):
raise uh.exc.InvalidHashError(cls)
parts = hash[7:].split("$")
if len(parts) != 3:
raise uh.exc.MalformedHashError(cls)
rounds_str, salt_str, chk_str = parts
# decode rounds
rounds = int(rounds_str)
if rounds_str != str(rounds): # forbid zero padding, etc.
raise uh.exc.MalformedHashError(cls)
# decode salt
try:
salt = ab64_decode(salt_str.encode("ascii"))
except TypeError:
raise uh.exc.MalformedHashError(cls)
# decode algs/digest list
if not chk_str:
# scram hashes MUST have something here.
raise uh.exc.MalformedHashError(cls)
elif "=" in chk_str:
# comma-separated list of 'alg=digest' pairs
algs = None
chkmap = {}
for pair in chk_str.split(","):
alg, digest = pair.split("=")
try:
chkmap[alg] = ab64_decode(digest.encode("ascii"))
except TypeError:
raise uh.exc.MalformedHashError(cls)
else:
# comma-separated list of alg names, no digests
algs = chk_str
chkmap = None
# return new object
return cls(
rounds=rounds,
salt=salt,
checksum=chkmap,
algs=algs,
)
def salt_and_checksum_text(text, salt_text=None):
salt = None
if salt_text:
salt = ab64_decode(salt_text.encode('utf-8'))
hash_ = pbkdf2_sha512.encrypt(text, salt=salt)
digest, rounds, salt, checksum = hash_[1:].split('$')
return (salt, checksum)
def generate_key( passphrase, salt ): assert len(passphrase) > 0 # add salt to passphrase and to sha512_crypt's salt crypt_salt = ab64_encode(sha512(salt).digest())[:16] passphrase += salt assert len(crypt_salt) == 16 key = sha512_crypt.encrypt(passphrase, rounds = PASSPHRASE_ROUNDS, salt = crypt_salt) assert len(key) > 86 # get just the hash back key = ab64_decode(key[-86:]) assert len(key) == 64 return key
def generate_key(passphrase, salt):
assert len(passphrase) > 0
# add salt to passphrase and to sha512_crypt's salt
crypt_salt = ab64_encode(sha512(salt).digest())[:16]
passphrase += salt
assert len(crypt_salt) == 16
key = sha512_crypt.encrypt(passphrase,
rounds=PASSPHRASE_ROUNDS,
salt=crypt_salt)
assert len(key) > 86
# get just the hash back
key = ab64_decode(key[-86:])
assert len(key) == 64
return key
def from_string(cls, hash):
rounds, salt, chk = uh.parse_mc3(hash, cls.ident, handler=cls)
salt = ab64_decode(salt.encode("ascii"))
if chk:
chk = ab64_decode(chk.encode("ascii"))
return cls(rounds=rounds, salt=salt, checksum=chk)
def from_string(cls, hash):
rounds, salt, chk = uh.parse_mc3(hash, cls.ident, handler=cls)
salt = ab64_decode(salt.encode("ascii"))
if chk:
chk = ab64_decode(chk.encode("ascii"))
return cls(rounds=rounds, salt=salt, checksum=chk)
def _ersatzfy_input(self, inPassword): return self._sxor(self._hdf(self._formatPassword(inPassword)),\ ab64_decode(self.salt))[0:len(self.ersatzPassword)]
iteration = sys.argv[6]
clientProofToFound = sys.argv[7]
normalizedPassword = utils.saslprep(unicode(password))
clientInitMessage = "n=" + username + ",r=" + clientNonce
serverInitReply = "r=" + clientNonce + serverNonce + ",s=" + serverSalt + ",i=" + iteration
clientFinal = "c=biws,r=" + clientNonce + serverNonce
saltedPassword = pbkdf2_sha1.using(
rounds=iteration,
salt=serverSalt.decode("base64")).hash(normalizedPassword).split('$')[-1]
clientKey = hmac.new(utils.ab64_decode(saltedPassword), "Client Key",
hashlib.sha1)
storedKey = hashlib.sha1(clientKey.digest())
authMessage = clientInitMessage + "," + serverInitReply + "," + clientFinal
clientSignature = hmac.new(storedKey.digest(), authMessage, hashlib.sha1)
clientProof = binascii.hexlify("".join(
chr(ord(c1) ^ ord(c2))
for c1, c2 in zip(binascii.unhexlify(clientKey.hexdigest()),
binascii.unhexlify(clientSignature.hexdigest()))))
if clientProof.decode("hex") == binascii.a2b_base64(clientProofToFound):
print "match with " + password
