def genhash(cls, secret, config): if config is not None and not cls.identify(config): raise ValueError("not a mysql-3.2.3 hash") #FIXME: no idea if mysql has a policy about handling unicode passwords if isinstance(secret, unicode): secret = secret.encode("utf-8") MASK_32 = 0xffffffff MASK_31 = 0x7fffffff nr1 = 0x50305735 nr2 = 0x12345671 add = 7 for c in secret: if c in b(' \t'): continue tmp = bord(c) nr1 ^= ((((nr1 & 63)+add)*tmp) + (nr1 << 8)) & MASK_32 nr2 = (nr2+((nr2 << 8) ^ nr1)) & MASK_32 add = (add+tmp) & MASK_32 hash = u"%08x%08x" % (nr1 & MASK_31, nr2 & MASK_31) return to_hash_str(hash)
def genhash(cls, secret, hash): if not cls.identify(hash): raise ValueError("not a unsalted-example hash") if isinstance(secret, unicode): secret = secret.encode("utf-8") data = b("boblious") + secret return to_hash_str(hashlib.sha1(data).hexdigest())
def to_string(self, native=True): if self.rounds == 5000 and self.implicit_rounds: hash = u"$6$%s$%s" % (self.salt, self.checksum or u'') else: hash = u"$6$rounds=%d$%s$%s" % (self.rounds, self.salt, self.checksum or u'') return to_hash_str(hash) if native else hash
def to_string(self, withchk=True): out = u'$p5k2$%x$%s' % (self.rounds, b64encode(self.salt, CTA_ALTCHARS).decode("ascii")) if withchk and self.checksum: out = u"%s$%s" % (out, b64encode(self.checksum, CTA_ALTCHARS).decode("ascii")) return to_hash_str(out)
def render_mc3(ident, rounds, salt, checksum, sep=u"$"): "format hash using 3-part modular crypt format; inverse of parse_mc3" if checksum: hash = u"%s%s%s%s%s%s" % (ident, rounds, sep, salt, sep, checksum) else: hash = u"%s%s%s%s" % (ident, rounds, sep, salt) return to_hash_str(hash)
def genhash(cls, secret, config, user): if config is not None and not cls.identify(config): raise ValueError("not an oracle-10g hash") if secret is None: raise TypeError("secret must be specified") if not user: raise ValueError("user keyword must be specified for this algorithm") #FIXME: not sure how oracle handles unicode. # online docs about 10g hash indicate it puts ascii chars # in a 2-byte encoding w/ the high bytenull. # they don't say how it handles other chars, # or what encoding. # # so for now, encoding secret & user to utf-16-be, # since that fits, # and if secret/user is bytes, we assume utf-8, and decode first. # # this whole mess really needs someone w/ an oracle system, # and some answers :) def encode(value): "encode according to guess at how oracle encodes strings (see note above)" #we can't trust what original encoding was. #user should have passed us unicode in the first place. #but try decoding as utf-8 just to work for most common case. value = to_unicode(value, "utf-8") return value.upper().encode("utf-16-be") input = encode(user) + encode(secret) hash = des_cbc_encrypt(ORACLE10_MAGIC, input) hash = des_cbc_encrypt(hash, input) return to_hash_str(hexlify(hash)).upper()
def to_string(self, withchk=True): out = u'$p5k2$%x$%s' % (self.rounds, b64encode( self.salt, CTA_ALTCHARS).decode("ascii")) if withchk and self.checksum: out = u"%s$%s" % (out, b64encode(self.checksum, CTA_ALTCHARS).decode("ascii")) return to_hash_str(out)
def to_string(self): chk = self.checksum if not chk: #fill in stub checksum chk = b('\x00') * self._info[1] salt = self.salt data = b64encode(salt+chk).decode("ascii") hash = u"{FSHP%d|%d|%d}%s" % (self.variant, len(salt), self.rounds, data) return to_hash_str(hash)
def to_string(self, withchk=True, native=True): if self.rounds == 400: out = u'$p5k2$$%s' % (self.salt,) else: out = u'$p5k2$%x$%s' % (self.rounds, self.salt) if withchk and self.checksum: out = u"%s$%s" % (out,self.checksum) return to_hash_str(out) if native else out
def genhash(cls, secret, hash): if hash is not None and not cls.identify(hash): raise ValueError("not a %s hash" % (cls.name, )) if secret is None: raise TypeError("no secret provided") if isinstance(secret, unicode): secret = secret.encode("utf-8") return to_hash_str(cls._hash_func(secret).hexdigest())
def to_string(self, withchk=True, native=True): if self.rounds == 400: out = u'$p5k2$$%s' % (self.salt, ) else: out = u'$p5k2$%x$%s' % (self.rounds, self.salt) if withchk and self.checksum: out = u"%s$%s" % (out, self.checksum) return to_hash_str(out) if native else out
def genhash(cls, secret, hash): if hash is not None and not cls.identify(hash): raise ValueError("not a %s hash" % (cls.name,)) if secret is None: raise TypeError("no secret provided") if isinstance(secret, unicode): secret = secret.encode("utf-8") return to_hash_str(cls._hash_func(secret).hexdigest())
def to_string(self, withchk=True): salt = adapted_b64_encode(self.salt).decode("ascii") if withchk and self.checksum: chk = adapted_b64_encode(self.checksum).decode("ascii") hash = u'%s%d$%s$%s' % (self.ident, self.rounds, salt, chk) else: hash = u'%s%d$%s' % (self.ident, self.rounds, salt) return to_hash_str(hash)
def to_string(self, withchk=True): salt = hexlify(self.salt).decode("ascii").upper() if withchk and self.checksum: chk = hexlify(self.checksum).decode("ascii").upper() hash = u'%s%d.%s.%s' % (self.ident, self.rounds, salt, chk) else: hash = u'%s%d.%s' % (self.ident, self.rounds, salt) return to_hash_str(hash)
def _yhsmto_string(base, self): hash = self.ident inner_str = super(base, self).to_string() inner_str = inner_str[len(self.ident):].rsplit('$', 1)[0] chk = b64encode(self.checksum).decode('ascii') hash += u'%s%s$%s$%s' % (_UKH, self.key_handle, inner_str, chk) return to_hash_str(hash)
def genhash(cls, secret, config, user): if config is not None and not cls.identify(config): raise ValueError("not a postgres-md5 hash") if not user: raise ValueError("user keyword must be specified for this algorithm") if isinstance(secret, unicode): secret = secret.encode("utf-8") if isinstance(user, unicode): user = user.encode("utf-8") hash = u"md5" + to_unicode(md5(secret + user).hexdigest()) return to_hash_str(hash)
def _wrap_hash(self, hash): "given orig hash; return one belonging to wrapper" #NOTE: should usually be native string. # (which does mean extra work under py2, but not py3) if isinstance(hash, bytes): hash = hash.decode('ascii') orig_prefix = self.orig_prefix if not hash.startswith(orig_prefix): raise ValueError("not a valid %s hash" % (self.wrapped.name,)) wrapped = self.prefix + hash[len(orig_prefix):] return to_hash_str(wrapped)
def test_00_static_handler(self): "test StaticHandler helper class" class d1(uh.StaticHandler): name = "d1" context_kwds = ("flag",) @classmethod def genhash(cls, secret, hash, flag=False): if isinstance(hash, bytes): hash = hash.decode("ascii") if hash not in (u"a", u"b"): raise ValueError return to_hash_str(u"b" if flag else u"a") # check default identify method self.assertTrue(d1.identify(u"a")) self.assertTrue(d1.identify(b("a"))) self.assertTrue(d1.identify(u"b")) self.assertFalse(d1.identify(u"c")) self.assertFalse(d1.identify(b("c"))) self.assertFalse(d1.identify(u"")) self.assertFalse(d1.identify(None)) # check default genconfig method self.assertIs(d1.genconfig(), None) d1._stub_config = u"b" self.assertEqual(d1.genconfig(), to_hash_str("b")) # check default verify method self.assertTrue(d1.verify("s", "a")) self.assertTrue(d1.verify("s", u"a")) self.assertFalse(d1.verify("s", "b")) self.assertFalse(d1.verify("s", u"b")) self.assertTrue(d1.verify("s", "b", flag=True)) self.assertRaises(ValueError, d1.verify, "s", "c") # check default encrypt method self.assertEqual(d1.encrypt("s"), to_hash_str("a")) self.assertEqual(d1.encrypt("s"), to_hash_str("a")) self.assertEqual(d1.encrypt("s", flag=True), to_hash_str("b"))
def test_00_static_handler(self): "test StaticHandler helper class" class d1(uh.StaticHandler): name = "d1" context_kwds = ("flag",) @classmethod def genhash(cls, secret, hash, flag=False): if isinstance(hash, bytes): hash = hash.decode("ascii") if hash not in (u'a',u'b'): raise ValueError return to_hash_str(u'b' if flag else u'a') #check default identify method self.assertTrue(d1.identify(u'a')) self.assertTrue(d1.identify(b('a'))) self.assertTrue(d1.identify(u'b')) self.assertFalse(d1.identify(u'c')) self.assertFalse(d1.identify(b('c'))) self.assertFalse(d1.identify(u'')) self.assertFalse(d1.identify(None)) #check default genconfig method self.assertIs(d1.genconfig(), None) d1._stub_config = u'b' self.assertEqual(d1.genconfig(), to_hash_str('b')) #check default verify method self.assertTrue(d1.verify('s','a')) self.assertTrue(d1.verify('s',u'a')) self.assertFalse(d1.verify('s','b')) self.assertFalse(d1.verify('s',u'b')) self.assertTrue(d1.verify('s', 'b', flag=True)) self.assertRaises(ValueError, d1.verify, 's', 'c') #check default encrypt method self.assertEqual(d1.encrypt('s'), to_hash_str('a')) self.assertEqual(d1.encrypt('s'), to_hash_str('a')) self.assertEqual(d1.encrypt('s', flag=True), to_hash_str('b'))
def to_string(self, withchk=True, native=True): ss = u"" if self.bare_salt else u"$" rounds = self.rounds if rounds > 0: out = u"$md5,rounds=%d$%s%s" % (rounds, self.salt, ss) else: out = u"$md5$%s%s" % (self.salt, ss) if withchk: chk = self.checksum if chk: out = u"%s$%s" % (out, chk) return to_hash_str(out) if native else out
def genhash(cls, secret, config, user): if config is not None and not cls.identify(config): raise ValueError("not a postgres-md5 hash") if not user: raise ValueError( "user keyword must be specified for this algorithm") if isinstance(secret, unicode): secret = secret.encode("utf-8") if isinstance(user, unicode): user = user.encode("utf-8") hash = u"md5" + to_unicode(md5(secret + user).hexdigest()) return to_hash_str(hash)
def to_string(self, withchk=True, native=True): ss = u'' if self.bare_salt else u'$' rounds = self.rounds if rounds > 0: out = u"$md5,rounds=%d$%s%s" % (rounds, self.salt, ss) else: out = u"$md5$%s%s" % (self.salt, ss) if withchk: chk = self.checksum if chk: out = u"%s$%s" % (out, chk) return to_hash_str(out) if native else out
def _yhsmto_string(base, self): hash = self.ident inner_str = super(base, self).to_string() inner_str = inner_str[len(self.ident):].rsplit('$', 1)[0] chk = b64encode(self.checksum).decode('ascii') hash += u'%s%s$%s$%s' % ( _UKH, self.key_handle, inner_str, chk ) return to_hash_str(hash)
def genhash(cls, secret, config): if config is not None and not cls.identify(config): raise ValueError("not a mysql-3.2.3 hash") #FIXME: no idea if mysql has a policy about handling unicode passwords if isinstance(secret, unicode): secret = secret.encode("utf-8") MASK_32 = 0xffffffff MASK_31 = 0x7fffffff nr1 = 0x50305735 nr2 = 0x12345671 add = 7 for c in secret: if c in b(' \t'): continue tmp = bord(c) nr1 ^= ((((nr1 & 63) + add) * tmp) + (nr1 << 8)) & MASK_32 nr2 = (nr2 + ((nr2 << 8) ^ nr1)) & MASK_32 add = (add + tmp) & MASK_32 hash = u"%08x%08x" % (nr1 & MASK_31, nr2 & MASK_31) return to_hash_str(hash)
def to_string(self): hash = self.ident + (self.checksum or self._stub_checksum) return to_hash_str(hash)
def to_string(self): hash = u"%s%s%s%s" % (self.ident, h64.encode_int6( self.rounds).decode("ascii"), self.salt, self.checksum or u'') return to_hash_str(hash)
def to_string(self): hash = u"@salt%s%s" % (self.salt, self.checksum or self._stub_checksum) return to_hash_str(hash)
def genhash(cls, secret, hash, flag=False): if isinstance(hash, bytes): hash = hash.decode("ascii") if hash not in (u"a", u"b"): raise ValueError return to_hash_str(u"b" if flag else u"a")
def genhash(cls, secret, config): if secret is None: raise TypeError("no secret provided") return to_hash_str(u"!")
def genhash(cls, secret, hash, enable_wildcard=False): if secret is None: raise TypeError("secret must be string") if hash is None: raise ValueError("no hash provided") return to_hash_str(hash)
def to_string(self): return to_hash_str(u'%s$%s' % (self.salt, self.checksum or u''))
def genhash(cls, secret, hash): if secret is None: raise TypeError("secret must be string") return to_hash_str(secret, "utf-8")
def genhash(cls, secret, hash): if hash is not None and not cls.identify(hash): raise ValueError("not a valid ldap_plaintext hash") if secret is None: raise TypeError("secret must be string") return to_hash_str(secret, "utf-8")
def to_string(self): data = (self.checksum or self._stub_checksum) + self.salt hash = self.ident + b64encode(data).decode("ascii") return to_hash_str(hash)
def to_string(self): hash = u"%s%s%s%s" % (self.ident, h64.encode_int6(self.rounds).decode("ascii"), self.salt, self.checksum or u'') return to_hash_str(hash)
def to_string(self, native=True): hash = u"%s%s" % (self.salt, self.checksum or u'') return to_hash_str(hash) if native else hash
def to_string(self): chk = self.checksum or self._stub_checksum out = u"%s%s$%s" % (self.ident, self.salt, chk) return to_hash_str(out)
def to_string(self): chk = (self.checksum or self._stub_checksum) hash = u"S:%s%s" % (chk.upper(), self.salt.upper()) return to_hash_str(hash)
def genhash(cls, secret, hash, flag=False): if isinstance(hash, bytes): hash = hash.decode("ascii") if hash not in (u'a',u'b'): raise ValueError return to_hash_str(u'b' if flag else u'a')
def to_string(self, native=True): out = u"$sha1$%d$%s" % (self.rounds, self.salt) if self.checksum: out += u"$" + self.checksum return to_hash_str(out) if native else out
def to_string(self, native=True): hash = u"_%s%s%s" % (h64.encode_int24(self.rounds).decode("ascii"), self.salt, self.checksum or u'') return to_hash_str(hash) if native else hash