def genhash(cls, secret, config):
uh.validate_secret(secret)
secret = to_bytes(secret, 'utf-8')
self = cls.from_string(config)
if self.type_d:
type = _argon2_cffi.low_level.Type.D
else:
type = _argon2_cffi.low_level.Type.I
try:
result = bascii_to_str(
_argon2_cffi.low_level.hash_secret(
type=type,
memory_cost=self.memory_cost,
time_cost=self.rounds,
parallelism=self.parallelism,
salt=to_bytes(self.salt),
hash_len=self.checksum_size,
secret=secret,
version=self.version))
except _argon2_cffi.exceptions.HashingError as err:
raise cls._adapt_backend_error(err, hash=config)
if self.version == 16:
result = result.replace('$v=16$', '$')
return result
def _calc_checksum(self, secret):
uh.validate_secret(secret)
secret = to_bytes(secret, 'utf-8')
if self.type_d:
type = _argon2pure.ARGON2D
else:
type = _argon2pure.ARGON2I
kwds = dict(password=secret,
salt=self.salt,
time_cost=self.rounds,
memory_cost=self.memory_cost,
parallelism=self.parallelism,
tag_length=self.checksum_size,
type_code=type,
version=self.version)
if self.max_threads > 0:
kwds['threads'] = self.max_threads
if self.pure_use_threads:
kwds['use_threads'] = True
if self.data:
kwds['associated_data'] = self.data
try:
return _argon2pure.argon2(**kwds)
except _argon2pure.Argon2Error as err:
raise self._adapt_backend_error(err, self=self)
def verify(cls, secret, hash, full=False):
uh.validate_secret(secret)
self = cls.from_string(hash)
chkmap = self.checksum
if not chkmap:
raise ValueError('expected %s hash, got %s config string instead' % (
cls.name, cls.name))
if full:
correct = failed = False
for alg, digest in iteritems(chkmap):
other = self._calc_checksum(secret, alg)
if len(digest) != len(other):
raise ValueError('mis-sized %s digest in scram hash: %r != %r' % (
alg, len(digest), len(other)))
if consteq(other, digest):
correct = True
else:
failed = True
if correct and failed:
raise ValueError('scram hash verified inconsistently, may be corrupted')
else:
return correct
else:
for alg in self._verify_algs:
if alg in chkmap:
other = self._calc_checksum(secret, alg)
return consteq(other, chkmap[alg])
raise AssertionError('sha-1 digest not found!')
def hash(cls, secret, **kwds):
if kwds:
uh.warn_hash_settings_deprecation(cls, kwds)
return cls.using(**kwds).hash(secret)
uh.validate_secret(secret)
marker = cls.default_marker
return to_native_str(marker, param='marker')
def _norm_digest_args(cls, secret, ident, new=False):
if isinstance(secret, unicode):
secret = secret.encode('utf-8')
uh.validate_secret(secret)
if new:
cls._check_truncate_policy(secret)
if _BNULL in secret:
raise uh.exc.NullPasswordError(cls)
if cls._has_2a_wraparound_bug and len(secret) >= 255:
secret = secret[:72]
if ident == IDENT_2A:
pass
else:
if ident == IDENT_2B:
if cls._lacks_2b_support:
ident = cls._fallback_ident
else:
if ident == IDENT_2Y:
if cls._lacks_2y_support:
ident = cls._fallback_ident
else:
if ident == IDENT_2:
if cls._lacks_20_support:
if secret:
secret = repeat_string(secret, 72)
ident = cls._fallback_ident
else:
if ident == IDENT_2X:
raise RuntimeError(
'$2x$ hashes not currently supported by passlib'
)
else:
raise AssertionError('unexpected ident value: %r' %
ident)
return (secret, ident)
def verify(cls, secret, hash, enable_wildcard=False):
uh.validate_secret(secret)
if not isinstance(hash, unicode_or_bytes_types):
raise uh.exc.ExpectedStringError(hash, 'hash')
else:
if hash:
return False
return enable_wildcard
def verify(cls, secret, hash):
uh.validate_secret(secret)
self = cls.from_string(hash)
chk = self.checksum
if chk is None:
raise uh.exc.MissingDigestError(cls)
if isinstance(secret, bytes):
secret = secret.decode('utf-8')
result = _raw_mssql(secret.upper(), self.salt)
return consteq(result, chk[20:])
def hash(cls, secret, user, realm, encoding=None):
if not encoding:
encoding = cls.default_encoding
uh.validate_secret(secret)
if isinstance(secret, unicode):
secret = secret.encode(encoding)
user = to_bytes(user, encoding, 'user')
realm = to_bytes(realm, encoding, 'realm')
data = render_bytes('%s:%s:%s', user, realm, secret)
return hashlib.md5(data).hexdigest()
def genhash(cls, secret, config, marker=None):
if not cls.identify(config):
raise uh.exc.InvalidHashError(cls)
else:
if config:
uh.validate_secret(secret)
return to_native_str(config, param='config')
if marker is not None:
cls = cls.using(marker=marker)
return cls.hash(secret)
return
def verify(cls, secret, hash):
uh.validate_secret(secret)
secret = to_bytes(secret, 'utf-8')
hash = to_bytes(hash, 'ascii')
if hash.startswith('$argon2d$'):
type = _argon2_cffi.low_level.Type.D
else:
type = _argon2_cffi.low_level.Type.I
try:
result = _argon2_cffi.low_level.verify_secret(hash, secret, type)
return True
except _argon2_cffi.exceptions.VerifyMismatchError:
return False
except _argon2_cffi.exceptions.VerificationError as err:
raise cls._adapt_backend_error(err, hash=hash)
def hash(cls, secret):
uh.validate_secret(secret)
secret = to_bytes(secret, 'utf-8')
try:
return bascii_to_str(
_argon2_cffi.low_level.hash_secret(
type=_argon2_cffi.low_level.Type.I,
memory_cost=cls.memory_cost,
time_cost=cls.default_rounds,
parallelism=cls.parallelism,
salt=to_bytes(cls._generate_salt()),
hash_len=cls.checksum_size,
secret=secret))
except _argon2_cffi.exceptions.HashingError as err:
raise cls._adapt_backend_error(err)
def verify(cls, secret, hash):
uh.validate_secret(secret)
if not cls.identify(hash):
raise uh.exc.InvalidHashError(cls)
return False
def hash(cls, secret, encoding=None):
uh.validate_secret(secret)
if not encoding:
encoding = cls.default_encoding
return to_native_str(secret, encoding, 'secret')