def compare_password(self, password): """ compare the password of the password token the password token contains the unix hashed (hmac256) password format and is using the standard libcryp password hash compare. the iv is used as indicator for the new password format, which is :1: - legacy - the seed for some tokens contains the encrypted password insetead of decrypting the password and running the comparison, the new otp will be encrypted as well. :param password: the password - for the password token this is the to be compared password :return: boolean """ if self.iv == b":1:": return utils.compare_password(password, self.val.decode("utf-8")) # the legacy comparison: compare the ecrypted password enc_otp_key = utils.encrypt(password, self.iv, hsm=self.hsm) return compare(binascii.hexlify(enc_otp_key), binascii.hexlify(self.val))
def compare_password(self, password): ''' compare the password of the password token the password token contains the unix hashed (hmac256) password format and is using the standard libcryp password hash compare. the iv is used as indicator for the new password format, which is :1: - legacy - the seed for some tokens contains the encrypted password insetead of decrypting the password and running the comparison, the new otp will be encrypted as well. :param password: the password - for the password token this is the to be compared password :return: boolean ''' if self.iv == ':1:': crypted_password = libcrypt_password(password, self.val) # position independend string comparison result = True for tup1, tup2 in zip(crypted_password, self.val): result = result and (tup1 == tup2) return result # the legacy comparison: compare the ecrypted password enc_otp_key = encrypt(password, self.iv, hsm=self.hsm) return binascii.hexlify(enc_otp_key) == binascii.hexlify(self.val)
def encrypt(seed, iv=None, hsm=None): if not iv: iv = geturandom(16) enc_seed = encrypt(seed, iv, hsm=hsm) return iv, enc_seed
def compare(self, key): bhOtpKey = binascii.unhexlify(key) enc_otp_key = encrypt(bhOtpKey, self.iv, hsm=self.hsm) otpKeyEnc = binascii.hexlify(enc_otp_key) return (otpKeyEnc == self.val)
def encrypt(seed: str, iv=None, hsm=None): if not iv: iv = utils.geturandom(16) enc_seed = utils.encrypt(seed, iv, hsm=hsm) return iv, enc_seed