コード例 #1
0
def pbkdf2_hmac(digest, secret, salt, rounds, keylen=None):
    secret = to_bytes(secret, param='secret')
    salt = to_bytes(salt, param='salt')
    digest_info = lookup_hash(digest)
    digest_size = digest_info.digest_size
    if not isinstance(rounds, int_types):
        raise exc.ExpectedTypeError(rounds, 'int', 'rounds')
    if rounds < 1:
        raise ValueError('rounds must be at least 1')
    if keylen is None:
        keylen = digest_size
    else:
        if not isinstance(keylen, int_types):
            raise exc.ExpectedTypeError(keylen, 'int or None', 'keylen')
        else:
            if keylen < 1:
                raise ValueError('keylen must be at least 1')
            block_count = (keylen + digest_size - 1) // digest_size
            if block_count > MAX_UINT32:
                raise OverflowError('keylen too long for digest')
            if digest_info.supported_by_fastpbkdf2:
                return _fast_pbkdf2_hmac(digest_info.name, secret, salt,
                                         rounds, keylen)
        if digest_info.supported_by_hashlib_pbkdf2:
            return _stdlib_pbkdf2_hmac(digest_info.name, secret, salt, rounds,
                                       keylen)
    keyed_hmac = compile_hmac(digest, secret)
    calc_block = _get_pbkdf2_looper(digest_size)
    return join_bytes(
        calc_block(keyed_hmac, keyed_hmac(salt + _pack_uint32(i)), rounds)
        for i in irange(1, block_count + 1))[:keylen]
コード例 #2
0
ファイル: argon2.py プロジェクト: perpi06/ttoffline
    def genhash(cls, secret, config):
        uh.validate_secret(secret)
        secret = to_bytes(secret, 'utf-8')
        self = cls.from_string(config)
        if self.type_d:
            type = _argon2_cffi.low_level.Type.D
        else:
            type = _argon2_cffi.low_level.Type.I
        try:
            result = bascii_to_str(
                _argon2_cffi.low_level.hash_secret(
                    type=type,
                    memory_cost=self.memory_cost,
                    time_cost=self.rounds,
                    parallelism=self.parallelism,
                    salt=to_bytes(self.salt),
                    hash_len=self.checksum_size,
                    secret=secret,
                    version=self.version))
        except _argon2_cffi.exceptions.HashingError as err:
            raise cls._adapt_backend_error(err, hash=config)

        if self.version == 16:
            result = result.replace('$v=16$', '$')
        return result
コード例 #3
0
def pbkdf1(digest, secret, salt, rounds, keylen=None):
    const, digest_size, block_size = lookup_hash(digest)
    secret = to_bytes(secret, param='secret')
    salt = to_bytes(salt, param='salt')
    if not isinstance(rounds, int_types):
        raise exc.ExpectedTypeError(rounds, 'int', 'rounds')
    if rounds < 1:
        raise ValueError('rounds must be at least 1')
    if keylen is None:
        keylen = digest_size
    else:
        if not isinstance(keylen, int_types):
            raise exc.ExpectedTypeError(keylen, 'int or None', 'keylen')
        else:
            if keylen < 0:
                raise ValueError('keylen must be at least 0')
            else:
                if keylen > digest_size:
                    raise ValueError(
                        'keylength too large for digest: %r > %r' %
                        (keylen, digest_size))
    block = secret + salt
    for _ in irange(rounds):
        block = const(block).digest()

    return block[:keylen]
コード例 #4
0
ファイル: digests.py プロジェクト: perpi06/ttoffline
 def hash(cls, secret, user, realm, encoding=None):
     if not encoding:
         encoding = cls.default_encoding
     uh.validate_secret(secret)
     if isinstance(secret, unicode):
         secret = secret.encode(encoding)
     user = to_bytes(user, encoding, 'user')
     realm = to_bytes(realm, encoding, 'realm')
     data = render_bytes('%s:%s:%s', user, realm, secret)
     return hashlib.md5(data).hexdigest()
コード例 #5
0
 def generate(self):
     opts = super(_bcrypt_test.FuzzHashGenerator, self).generate()
     secret = opts['secret']
     other = opts['other']
     settings = opts['settings']
     ident = settings.get('ident')
     if ident == IDENT_2X:
         del settings['ident']
     else:
         if ident == IDENT_2 and other and repeat_string(
                 to_bytes(other), len(
                     to_bytes(secret))) == to_bytes(secret):
             opts['secret'], opts['other'] = self.random_password_pair()
     return opts
コード例 #6
0
ファイル: argon2.py プロジェクト: perpi06/ttoffline
 def hash(cls, secret):
     uh.validate_secret(secret)
     secret = to_bytes(secret, 'utf-8')
     try:
         return bascii_to_str(
             _argon2_cffi.low_level.hash_secret(
                 type=_argon2_cffi.low_level.Type.I,
                 memory_cost=cls.memory_cost,
                 time_cost=cls.default_rounds,
                 parallelism=cls.parallelism,
                 salt=to_bytes(cls._generate_salt()),
                 hash_len=cls.checksum_size,
                 secret=secret))
     except _argon2_cffi.exceptions.HashingError as err:
         raise cls._adapt_backend_error(err)
コード例 #7
0
ファイル: argon2.py プロジェクト: perpi06/ttoffline
 def verify(cls, secret, hash):
     uh.validate_secret(secret)
     secret = to_bytes(secret, 'utf-8')
     hash = to_bytes(hash, 'ascii')
     if hash.startswith('$argon2d$'):
         type = _argon2_cffi.low_level.Type.D
     else:
         type = _argon2_cffi.low_level.Type.I
     try:
         result = _argon2_cffi.low_level.verify_secret(hash, secret, type)
         return True
     except _argon2_cffi.exceptions.VerifyMismatchError:
         return False
     except _argon2_cffi.exceptions.VerificationError as err:
         raise cls._adapt_backend_error(err, hash=hash)
コード例 #8
0
ファイル: argon2.py プロジェクト: perpi06/ttoffline
 def _calc_checksum(self, secret):
     uh.validate_secret(secret)
     secret = to_bytes(secret, 'utf-8')
     if self.type_d:
         type = _argon2pure.ARGON2D
     else:
         type = _argon2pure.ARGON2I
     kwds = dict(password=secret,
                 salt=self.salt,
                 time_cost=self.rounds,
                 memory_cost=self.memory_cost,
                 parallelism=self.parallelism,
                 tag_length=self.checksum_size,
                 type_code=type,
                 version=self.version)
     if self.max_threads > 0:
         kwds['threads'] = self.max_threads
     if self.pure_use_threads:
         kwds['use_threads'] = True
     if self.data:
         kwds['associated_data'] = self.data
     try:
         return _argon2pure.argon2(**kwds)
     except _argon2pure.Argon2Error as err:
         raise self._adapt_backend_error(err, self=self)
コード例 #9
0
 def _calc_checksum(self, secret):
     secret = to_bytes(secret, param='secret')
     return _scrypt.scrypt(secret,
                           self.salt,
                           n=1 << self.rounds,
                           r=self.block_size,
                           p=self.parallelism,
                           keylen=self.checksum_size)
コード例 #10
0
 def check_bcrypt(secret, hash):
     secret = to_bytes(secret, self.FuzzHashGenerator.password_encoding)
     if hash.startswith(IDENT_2B):
         hash = IDENT_2A + hash[4:]
     else:
         if hash.startswith(IDENT_2):
             hash = IDENT_2A + hash[3:]
             if secret:
                 secret = repeat_string(secret, 72)
         else:
             if hash.startswith(
                     IDENT_2Y) and bcrypt.__version__ == '3.0.0':
                 hash = IDENT_2B + hash[4:]
         hash = to_bytes(hash)
         try:
             return bcrypt.hashpw(secret, hash) == hash
         except ValueError:
             raise ValueError('bcrypt rejected hash: %r (secret=%r)' %
                              (hash, secret))
コード例 #11
0
    def test_90_decode(self):
        from otp.ai.passlib.utils import to_unicode, to_bytes
        handler = self.handler
        for secret, hash in self.known_correct_hashes:
            usecret = to_unicode(secret)
            bsecret = to_bytes(secret)
            self.assertEqual(handler.decode(hash), usecret)
            self.assertEqual(handler.decode(hash, None), bsecret)

        self.assertRaises(UnicodeDecodeError, handler.decode, '0958EDC8A9F495F6F8A5FD', 'ascii')
        return
コード例 #12
0
 def test_13_whitespace(self):
     source = to_bytes(
         '\nuser2:pass2\nuser4:pass4\nuser7:pass7\r\n \t \nuser1:pass1\n # legacy users\n#user6:pass6\nuser5:pass5\n\n'
     )
     ht = apache.HtpasswdFile.from_string(source)
     self.assertEqual(sorted(ht.users()),
                      ['user1', 'user2', 'user4', 'user5', 'user7'])
     ht.set_hash('user4', 'althash4')
     self.assertEqual(sorted(ht.users()),
                      ['user1', 'user2', 'user4', 'user5', 'user7'])
     ht.set_hash('user6', 'althash6')
     self.assertEqual(
         sorted(ht.users()),
         ['user1', 'user2', 'user4', 'user5', 'user6', 'user7'])
     ht.delete('user7')
     self.assertEqual(sorted(ht.users()),
                      ['user1', 'user2', 'user4', 'user5', 'user6'])
     target = to_bytes(
         '\nuser2:pass2\nuser4:althash4\n \t \nuser1:pass1\n # legacy users\n#user6:pass6\nuser5:pass5\nuser6:althash6\n'
     )
     self.assertEqual(ht.to_string(), target)
コード例 #13
0
 def test_to_bytes(self):
     from otp.ai.passlib.utils import to_bytes
     self.assertEqual(to_bytes(u('abc')), 'abc')
     self.assertEqual(to_bytes(u('\x00\xff')), '\x00\xc3\xbf')
     self.assertEqual(to_bytes(u('\x00\xff'), 'latin-1'), '\x00\xff')
     self.assertRaises(ValueError, to_bytes, u('\x00\xff'), 'ascii')
     self.assertEqual(to_bytes('abc'), 'abc')
     self.assertEqual(to_bytes('\x00\xff'), '\x00\xff')
     self.assertEqual(to_bytes('\x00\xc3\xbf'), '\x00\xc3\xbf')
     self.assertEqual(to_bytes('\x00\xc3\xbf', 'latin-1'), '\x00\xc3\xbf')
     self.assertEqual(to_bytes('\x00\xc3\xbf', 'latin-1', '', 'utf-8'), '\x00\xff')
     self.assertRaises(AssertionError, to_bytes, 'abc', None)
     self.assertRaises(TypeError, to_bytes, None)
     return
コード例 #14
0
 def test_01_from_path(self):
     path = self.mktemp()
     set_file(path, self.sample_config_1s)
     policy = CryptPolicy.from_path(path)
     self.assertEqual(policy.to_dict(), self.sample_config_1pd)
     set_file(path, self.sample_config_1s.replace('\n', '\r\n'))
     policy = CryptPolicy.from_path(path)
     self.assertEqual(policy.to_dict(), self.sample_config_1pd)
     uc2 = to_bytes(self.sample_config_1s,
                    'utf-16',
                    source_encoding='utf-8')
     set_file(path, uc2)
     policy = CryptPolicy.from_path(path, encoding='utf-16')
     self.assertEqual(policy.to_dict(), self.sample_config_1pd)
コード例 #15
0
 def _parse_secret_pair(self, tag, value):
     if isinstance(tag, native_string_types):
         pass
     else:
         if isinstance(tag, int):
             tag = str(tag)
         else:
             raise TypeError('tag must be unicode/string: %r' % (tag, ))
     if not _tag_re.match(tag):
         raise ValueError('tag contains invalid characters: %r' % (tag, ))
     if not isinstance(value, bytes):
         value = to_bytes(value, param='secret %r' % (tag, ))
     if not value:
         raise ValueError('tag contains empty secret: %r' % (tag, ))
     return (tag, value)
コード例 #16
0
 def test_02_from_string(self):
     policy = CryptPolicy.from_string(self.sample_config_1s)
     self.assertEqual(policy.to_dict(), self.sample_config_1pd)
     policy = CryptPolicy.from_string(
         self.sample_config_1s.replace('\n', '\r\n'))
     self.assertEqual(policy.to_dict(), self.sample_config_1pd)
     data = to_unicode(self.sample_config_1s)
     policy = CryptPolicy.from_string(data)
     self.assertEqual(policy.to_dict(), self.sample_config_1pd)
     uc2 = to_bytes(self.sample_config_1s,
                    'utf-16',
                    source_encoding='utf-8')
     policy = CryptPolicy.from_string(uc2, encoding='utf-16')
     self.assertEqual(policy.to_dict(), self.sample_config_1pd)
     policy = CryptPolicy.from_string(self.sample_config_4s)
     self.assertEqual(policy.to_dict(), self.sample_config_4pd)
コード例 #17
0
 def load(self, source, update=False, section='passlib', encoding='utf-8'):
     parse_keys = True
     if isinstance(source, unicode_or_bytes_types):
         if PY3:
             source = to_unicode(source, encoding, param='source')
         else:
             source = to_bytes(source,
                               'utf-8',
                               source_encoding=encoding,
                               param='source')
         source = self._parse_ini_stream(
             NativeStringIO(source), section,
             '<string passed to CryptContext.load()>')
     else:
         if isinstance(source, CryptContext):
             source = dict(source._config.iter_config(resolve=True))
             parse_keys = False
         else:
             if not hasattr(source, 'items'):
                 raise ExpectedTypeError(source, 'string or dict', 'source')
     if parse_keys:
         parse = self._parse_config_key
         source = dict(
             (parse(key), value) for key, value in iteritems(source))
     if update and self._config is not None:
         if not source:
             return
         tmp = source
         source = dict(self._config.iter_config(resolve=True))
         source.update(tmp)
     config = _CryptConfig(source)
     self._config = config
     self._reset_dummy_verify()
     self._get_record = config.get_record
     self._identify_record = config.identify_record
     if config.context_kwds:
         self.__dict__.pop('_strip_unused_context_kwds', None)
     else:
         self._strip_unused_context_kwds = None
     return
コード例 #18
0
def compile_hmac(digest, key, multipart=False):
    digest_info = lookup_hash(digest)
    const, digest_size, block_size = digest_info
    if not isinstance(key, bytes):
        key = to_bytes(key, param='key')
    klen = len(key)
    if klen > block_size:
        key = const(key).digest()
        klen = digest_size
    if klen < block_size:
        key += '\x00' * (block_size - klen)
    _inner_copy = const(key.translate(_TRANS_36)).copy
    _outer_copy = const(key.translate(_TRANS_5C)).copy
    if multipart:

        def hmac():
            inner = _inner_copy()

            def finalize():
                outer = _outer_copy()
                outer.update(inner.digest())
                return outer.digest()

            return (inner.update, finalize)

    else:

        def hmac(msg):
            inner = _inner_copy()
            inner.update(msg)
            outer = _outer_copy()
            outer.update(inner.digest())
            return outer.digest()

    hmac.digest_info = digest_info
    return hmac
コード例 #19
0
ファイル: apache.py プロジェクト: perpi06/ttoffline
 def load_string(self, data):
     data = to_bytes(data, self.encoding, 'data')
     self._mtime = 0
     self._load_lines(BytesIO(data))
コード例 #20
0
 def _calc_checksum(self, secret):
     if isinstance(secret, unicode):
         secret = secret.encode('utf-8')
     user = to_bytes(self.user, 'utf-8', param='user')
     return str_to_uascii(md5(secret + user).hexdigest())