예제 #1
0
    def derive_digest(cls, password, salt, rounds, alg):
        """helper to create SaltedPassword digest for SCRAM.

        This performs the step in the SCRAM protocol described as::

            SaltedPassword  := Hi(Normalize(password), salt, i)

        :type password: unicode or utf-8 bytes
        :arg password: password to run through digest

        :type salt: bytes
        :arg salt: raw salt data

        :type rounds: int
        :arg rounds: number of iterations.

        :type alg: str
        :arg alg: name of digest to use (e.g. ``"sha-1"``).

        :returns:
            raw bytes of ``SaltedPassword``
        """
        if isinstance(password, bytes):
            password = password.decode("utf-8")
        # NOTE: pbkdf2_hmac() will encode secret & salt using utf-8,
        #       and handle normalizing alg name.
        return pbkdf2_hmac(alg, saslprep(password), salt, rounds)
예제 #2
0
def pbkdf2(secret, salt, rounds, keylen=None, prf="hmac-sha1"):
    """pkcs#5 password-based key derivation v2.0

    :arg secret:
        passphrase to use to generate key

    :arg salt:
        salt string to use when generating key

    :param rounds:
        number of rounds to use to generate key

    :arg keylen:
        number of bytes to generate.
        if set to ``None``, will use digest size of selected prf.

    :param prf:
        psuedo-random family to use for key strengthening.
        this must be a string starting with ``"hmac-"``, followed by the name of a known digest.
        this defaults to ``"hmac-sha1"`` (the only prf explicitly listed in
        the PBKDF2 specification)

        .. rst-class:: warning

        .. versionchanged 1.7:

            This argument no longer supports arbitrary PRF callables --
            These were rarely / never used, and created too many unwanted codepaths.

    :returns:
        raw bytes of generated key

    .. deprecated:: 1.7

        This has been deprecated in favor of :func:`passlib.crypto.digest.pbkdf2_hmac`,
        and will be removed in Passlib 2.0.  *Note the call signature has changed.*
    """
    if callable(prf) or (isinstance(prf, native_string_types)
                         and not prf.startswith(_HMAC_PREFIXES)):
        raise NotImplementedError(
            "non-HMAC prfs are not supported as of Passlib 1.7")
    digest = prf[5:]
    return pbkdf2_hmac(digest, secret, salt, rounds, keylen)
예제 #3
0
 def _calc_checksum(self, secret):
     # NOTE: pbkdf2_hmac() will encode secret & salt using UTF8
     return pbkdf2_hmac(self._digest, secret, self.salt, self.rounds, self.checksum_size)
예제 #4
0
 def _calc_checksum(self, secret):
     # TODO: find out what grub's policy is re: unicode
     # NOTE: pbkdf2_hmac() will encode secret & salt using utf-8
     return pbkdf2_hmac("sha512", secret, self.salt, self.rounds, 64)
예제 #5
0
 def _calc_checksum(self, secret):
     # TODO: find out what crowd's policy is re: unicode
     # crowd seems to use a fixed number of rounds.
     # NOTE: pbkdf2_hmac() will encode secret & salt using utf-8
     return pbkdf2_hmac("sha1", secret, self.salt, 10000, 32)
예제 #6
0
 def _calc_checksum(self, secret):
     # NOTE: pbkdf2_hmac() will encode secret & salt using utf-8
     salt = self._get_config()
     result = pbkdf2_hmac("sha1", secret, salt, self.rounds, 24)
     return ab64_encode(result).decode("ascii")
예제 #7
0
 def _calc_checksum(self, secret):
     # NOTE: pbkdf2_hmac() will encode secret & salt using utf-8
     return pbkdf2_hmac("sha1", secret, self.salt, self.rounds, 20)
예제 #8
0
 def _calc_checksum(self, secret):
     # NOTE: secret & salt will be encoded using UTF-8 by pbkdf2_hmac()
     hash = pbkdf2_hmac(self._digest, secret, self.salt, self.rounds)
     return b64encode(hash).rstrip().decode("ascii")