def test_ab64_decode(self): """ab64_decode()""" from passlib.utils.binary import ab64_decode # accept bytes or unicode self.assertEqual(ab64_decode(b"abc"), hb("69b7")) self.assertEqual(ab64_decode(u("abc")), hb("69b7")) # reject non-ascii unicode self.assertRaises(ValueError, ab64_decode, u("ab\xff")) # underlying a2b_ascii treats non-base64 chars as "Incorrect padding" self.assertRaises(TypeError, ab64_decode, b"ab\xff") self.assertRaises(TypeError, ab64_decode, b"ab!") self.assertRaises(TypeError, ab64_decode, u("ab!")) # insert correct padding, handle dirty padding bits self.assertEqual(ab64_decode(b"abcd"), hb("69b71d")) # 0 mod 4 self.assertRaises(ValueError, ab64_decode, b"abcde") # 1 mod 4 self.assertEqual(ab64_decode(b"abcdef"), hb("69b71d79")) # 2 mod 4, dirty padding bits self.assertEqual(ab64_decode(b"abcdeQ"), hb("69b71d79")) # 2 mod 4, clean padding bits self.assertEqual(ab64_decode(b"abcdefg"), hb("69b71d79f8")) # 3 mod 4, clean padding bits # support "./" or "+/" altchars # (lets us transition to "+/" representation, merge w/ b64s_decode) self.assertEqual(ab64_decode(b"ab+/"), hb("69bfbf")) self.assertEqual(ab64_decode(b"ab./"), hb("69bfbf"))
def get_hasher(self): ut = self.username_transformed custom_salt = ab64_decode(cleanup(ut)) if ut else None hasher = (pbkdf2_sha512.using(salt=custom_salt, rounds=1600) if custom_salt else pbkdf2_sha512.using(rounds=1600, salt_size=10)) return hasher
def from_string(cls, hash): hash = to_native_str(hash, "ascii", "hash") if not hash.startswith("$scram$"): raise uh.exc.InvalidHashError(cls) parts = hash[7:].split("$") if len(parts) != 3: raise uh.exc.MalformedHashError(cls) rounds_str, salt_str, chk_str = parts # decode rounds rounds = int(rounds_str) if rounds_str != str(rounds): # forbid zero padding, etc. raise uh.exc.MalformedHashError(cls) # decode salt try: salt = ab64_decode(salt_str.encode("ascii")) except TypeError: raise uh.exc.MalformedHashError(cls) # decode algs/digest list if not chk_str: # scram hashes MUST have something here. raise uh.exc.MalformedHashError(cls) elif "=" in chk_str: # comma-separated list of 'alg=digest' pairs algs = None chkmap = {} for pair in chk_str.split(","): alg, digest = pair.split("=") try: chkmap[alg] = ab64_decode(digest.encode("ascii")) except TypeError: raise uh.exc.MalformedHashError(cls) else: # comma-separated list of alg names, no digests algs = chk_str chkmap = None # return new object return cls( rounds=rounds, salt=salt, checksum=chkmap, algs=algs, )
def couchdb_password_hash(password, salt, iterations=10): salt = salt.encode('utf-8') if isinstance(salt, six.text_type) else salt if not HAS_PASSLIB: return '-hashed-{hash},{salt}'.format( hash=hashlib.sha1(password + salt), salt=salt ) else: dk = pbkdf2_sha1.using(rounds=iterations, salt=salt).hash(password) decoded = binary.ab64_decode(dk.split('$')[-1]) return '-pbkdf2-{hash},{salt},{iterations}'.format( hash=binascii.hexlify(decoded), salt=salt, iterations=iterations )
def run(self, tmp=None, task_vars=dict()): """ Convert the "password" argument to a hashed password. Then call the actual module to do the work. """ options = self._task.args.copy() if 'password' in options: plain = options['password'] digest = 'pbkdf2_sha512_osx' kwargs = {} if 'salt' in options: kwargs['salt'] = ab64_decode(options['salt']) options['password'] = do_encrypt(plain, digest, **kwargs) return self._execute_module(module_name="osxpassword", module_args=options, task_vars=task_vars)
def run(self, tmp=None, task_vars=dict()): """ Convert the "password" argument to a hashed password. Then call the actual module to do the work. """ options = self._task.args.copy() if 'password' in options: plain = options['password'] digest = 'pbkdf2_sha512_osx' kwargs = {} if 'salt' in options: kwargs['salt'] = ab64_decode(options['salt']) options['password'] = do_encrypt(plain, digest, **kwargs) return self._execute_module( module_name="osxpassword", module_args=options, task_vars=task_vars)
def from_string(cls, hash): rounds, salt, chk = uh.parse_mc3(hash, cls.ident, handler=cls) salt = ab64_decode(salt.encode("ascii")) if chk: chk = ab64_decode(chk.encode("ascii")) return cls(rounds=rounds, salt=salt, checksum=chk)
def couchdb_encrypt_password(password, salt, iterations=10): salt = salt.encode('utf-8') if isinstance(salt, six.text_type) else salt dk = pbkdf2_sha1.using(rounds=iterations, salt=salt).hash(password) decoded = binary.ab64_decode(dk.split('$')[-1]) return '-pbkdf2-{hash},{salt},{iterations}'.format( hash=binascii.hexlify(decoded), salt=salt, iterations=iterations)
password = gen_password(serial_number, salt, nonce) if show_password: print password if plist: # Remove the salt folder and it's contents shutil.rmtree(os.path.dirname(salt_file)) # Show password during automation run - only useful for debugging pbkdf2_sha512.checksum_size = checksum_size hash = pbkdf2_sha512.encrypt(password, rounds=rounds, salt_size=salt_size) shadow_hash_data = { 'SALTED-SHA512-PBKDF2': { 'entropy': buffer(Data(ab64_decode(hash.split('$')[4]))), 'salt': buffer(Data(ab64_decode(hash.split('$')[3]))), 'iterations': int(hash.split('$')[2]) } } shadow_hash_data_binary = write_plist(shadow_hash_data, plist_format='binary') user_plist = biplist.readPlist(plist_file) try: user_plist['ShadowHashData'][0] = shadow_hash_data_binary except KeyError, error: print error sys.exit(1) write_plist(user_plist, pathname=plist_file, plist_format='binary') else: sys.exit(0)