def _encode_int(self, value, bits):
pad = -bits % 6
bits += pad
if self.big:
itr = irange(bits - 6, -6, -6)
value <<= pad
else:
itr = irange(0, bits, 6)
return join_byte_elems(
imap(self._encode64, (value >> off & 63 for off in itr)))
def pbkdf2_hmac(digest, secret, salt, rounds, keylen=None):
secret = to_bytes(secret, param='secret')
salt = to_bytes(salt, param='salt')
digest_info = lookup_hash(digest)
digest_size = digest_info.digest_size
if not isinstance(rounds, int_types):
raise exc.ExpectedTypeError(rounds, 'int', 'rounds')
if rounds < 1:
raise ValueError('rounds must be at least 1')
if keylen is None:
keylen = digest_size
else:
if not isinstance(keylen, int_types):
raise exc.ExpectedTypeError(keylen, 'int or None', 'keylen')
else:
if keylen < 1:
raise ValueError('keylen must be at least 1')
block_count = (keylen + digest_size - 1) // digest_size
if block_count > MAX_UINT32:
raise OverflowError('keylen too long for digest')
if digest_info.supported_by_fastpbkdf2:
return _fast_pbkdf2_hmac(digest_info.name, secret, salt,
rounds, keylen)
if digest_info.supported_by_hashlib_pbkdf2:
return _stdlib_pbkdf2_hmac(digest_info.name, secret, salt, rounds,
keylen)
keyed_hmac = compile_hmac(digest, secret)
calc_block = _get_pbkdf2_looper(digest_size)
return join_bytes(
calc_block(keyed_hmac, keyed_hmac(salt + _pack_uint32(i)), rounds)
for i in irange(1, block_count + 1))[:keylen]
def pbkdf1(digest, secret, salt, rounds, keylen=None):
const, digest_size, block_size = lookup_hash(digest)
secret = to_bytes(secret, param='secret')
salt = to_bytes(salt, param='salt')
if not isinstance(rounds, int_types):
raise exc.ExpectedTypeError(rounds, 'int', 'rounds')
if rounds < 1:
raise ValueError('rounds must be at least 1')
if keylen is None:
keylen = digest_size
else:
if not isinstance(keylen, int_types):
raise exc.ExpectedTypeError(keylen, 'int or None', 'keylen')
else:
if keylen < 0:
raise ValueError('keylen must be at least 0')
else:
if keylen > digest_size:
raise ValueError(
'keylength too large for digest: %r > %r' %
(keylen, digest_size))
block = secret + salt
for _ in irange(rounds):
block = const(block).digest()
return block[:keylen]
def test_codec(self):
engine = self.engine
from otp.ai.passlib.utils import getrandbytes, getrandstr
rng = self.getRandom()
saw_zero = False
for i in irange(500):
size = rng.randint(1 if saw_zero else 0, 12)
if not size:
saw_zero = True
enc_size = (4 * size + 2) // 3
raw = getrandbytes(rng, size)
encoded = engine.encode_bytes(raw)
self.assertEqual(len(encoded), enc_size)
result = engine.decode_bytes(encoded)
self.assertEqual(result, raw)
if size % 4 == 1:
size += rng.choice([-1, 1, 2])
raw_size = 3 * size // 4
encoded = getrandstr(rng, engine.bytemap, size)
raw = engine.decode_bytes(encoded)
self.assertEqual(len(raw), raw_size, 'encoded %d:' % size)
result = engine.encode_bytes(raw)
if size % 4:
self.assertEqual(result[:-1], encoded[:-1])
else:
self.assertEqual(result, encoded)
def _pbkdf2_looper(keyed_hmac, digest, rounds):
hexlify = _hexlify
accum = int(hexlify(digest), 16)
for _ in irange(rounds - 1):
digest = keyed_hmac(digest)
accum ^= int(hexlify(digest), 16)
return int_to_bytes(accum, len(digest))
def _get_pbkdf2_looper(digest_size):
try:
return _looper_cache[digest_size]
except KeyError:
pass
if _have_64_bit and not digest_size & 7:
count = digest_size >> 3
fmt = '=%dQ' % count
else:
if not digest_size & 3:
if _have_64_bit:
count = digest_size >> 3
fmt = '=%dQI' % count
count += 1
else:
count = digest_size >> 2
fmt = '=%dI' % count
else:
raise NotImplementedError('unsupported digest size: %d' %
digest_size)
struct = Struct(fmt)
tdict = dict(digest_size=digest_size,
accum_vars=(', ').join('acc_%d' % i
for i in irange(count)),
digest_vars=(', ').join('dig_%d' % i
for i in irange(count)))
source = (
"def helper(keyed_hmac, digest, rounds):\n '''pbkdf2 loop helper for digest_size={digest_size}'''\n unpack_digest = struct.unpack\n {accum_vars} = unpack_digest(digest)\n for _ in irange(1, rounds):\n digest = keyed_hmac(digest)\n {digest_vars} = unpack_digest(digest)\n"
).format(**tdict)
for i in irange(count):
source += ' acc_%d ^= dig_%d\n' % (i, i)
source += (' return struct.pack({accum_vars})\n').format(
**tdict)
code = compile(
source,
'<generated by passlib.crypto.digest._get_pbkdf2_looper()>',
'exec')
gdict = dict(irange=irange, struct=struct)
ldict = dict()
eval(code, gdict, ldict)
helper = ldict['helper']
_looper_cache[digest_size] = helper
return helper
def _pbkdf2_looper(digest_size, keyed_hmac, digest, rounds):
from_bytes = int.from_bytes
BIG = 'big'
accum = from_bytes(digest, BIG)
for _ in irange(rounds - 1):
digest = keyed_hmac(digest)
accum ^= from_bytes(digest, BIG)
return accum.to_bytes(digest_size, BIG)
def __call__(self, returns=None):
if returns is None:
return next(self)
if isinstance(returns, int_types):
return [ next(self) for _ in irange(returns) ]
if returns is iter:
return self
raise exc.ExpectedTypeError(returns, '<None>, int, or <iter>', 'returns')
return
def render_encipher(write, indent=0):
for i in irange(0, 15, 2):
write(
indent,
' # Feistel substitution on left word (round %(i)d)\n r ^= %(left)s ^ p%(i1)d\n\n # Feistel substitution on right word (round %(i1)d)\n l ^= %(right)s ^ p%(i2)d\n ',
i=i,
i1=i + 1,
i2=i + 2,
left=BFSTR,
right=BFSTR.replace('l', 'r'))
def assert_rounds_range(self, context, scheme, lower, upper):
handler = context.handler(scheme)
salt = handler.default_salt_chars[0:1] * handler.max_salt_size
seen = set()
for i in irange(300):
h = context.genconfig(scheme, salt=salt)
r = handler.from_string(h).rounds
seen.add(r)
self.assertEqual(min(seen), lower, 'vary_rounds had wrong lower limit:')
self.assertEqual(max(seen), upper, 'vary_rounds had wrong upper limit:')
def des_cbc_encrypt(key,
value,
iv='\x00\x00\x00\x00\x00\x00\x00\x00',
pad='\x00'):
value += pad * (-len(value) % 8)
hash = iv
for offset in irange(0, len(value), 8):
chunk = xor_bytes(hash, value[offset:offset + 8])
hash = des_encrypt_block(key, chunk)
return hash
def _calc_checksum_builtin(self, secret):
if isinstance(secret, unicode):
secret = secret.encode('utf-8')
if _BNULL in secret:
raise uh.exc.NullPasswordError(self)
rounds = self.rounds
result = (u('%s$sha1$%s') % (self.salt, rounds)).encode('ascii')
keyed_hmac = compile_hmac('sha1', secret)
for _ in irange(rounds):
result = keyed_hmac(result)
return h64.encode_transposed_bytes(result,
self._chk_offsets).decode('ascii')
def write_expand_function(write, indent=0):
write(
indent,
' def expand(self, key_words):\n """unrolled version of blowfish key expansion"""\n ##assert len(key_words) >= 18, "size of key_words must be >= 18"\n\n P, S = self.P, self.S\n S0, S1, S2, S3 = S\n\n #=============================================================\n # integrate key\n #=============================================================\n '
)
for i in irange(18):
write(indent + 1,
' p%(i)d = P[%(i)d] ^ key_words[%(i)d]\n ',
i=i)
write(
indent + 1,
'\n #=============================================================\n # update P\n #=============================================================\n\n #------------------------------------------------\n # update P[0] and P[1]\n #------------------------------------------------\n l, r = p0, 0\n\n '
)
render_encipher(write, indent + 1)
write(indent + 1, '\n p0, p1 = l, r = r ^ p17, l\n\n ')
for i in irange(2, 18, 2):
write(
indent + 1,
' #------------------------------------------------\n # update P[%(i)d] and P[%(i1)d]\n #------------------------------------------------\n l ^= p0\n\n ',
i=i,
i1=i + 1)
render_encipher(write, indent + 1)
write(
indent + 1,
' p%(i)d, p%(i1)d = l, r = r ^ p17, l\n\n ',
i=i,
i1=i + 1)
write(
indent + 1,
'\n #------------------------------------------------\n # save changes to original P array\n #------------------------------------------------\n P[:] = (p0, p1, p2, p3, p4, p5, p6, p7, p8, p9,\n p10, p11, p12, p13, p14, p15, p16, p17)\n\n #=============================================================\n # update S\n #=============================================================\n\n for box in S:\n j = 0\n while j < 256:\n l ^= p0\n\n '
)
render_encipher(write, indent + 3)
write(
indent + 3,
'\n box[j], box[j+1] = l, r = r ^ p17, l\n j += 2\n '
)
def test_90_bcrypt_padding(self):
self.require_TEST_MODE('full')
bcrypt = self.handler
corr_desc = '.*incorrectly set padding bits'
def check_padding(hash):
self.assertTrue(
hash[28] in '.Oeu',
'unused bits incorrectly set in hash: %r' % (hash, ))
for i in irange(6):
check_padding(bcrypt.genconfig())
for i in irange(3):
check_padding(bcrypt.using(rounds=bcrypt.min_rounds).hash('bob'))
with self.assertWarningList(['salt too large', corr_desc]):
hash = bcrypt.genconfig(salt='.' * 21 + 'A.',
rounds=5,
relaxed=True)
self.assertEqual(hash, '$2b$05$' + '.' * 53)
samples = self.known_incorrect_padding
for pwd, bad, good in samples:
with self.assertWarningList([corr_desc]):
self.assertEqual(bcrypt.genhash(pwd, bad), good)
with self.assertWarningList([]):
self.assertEqual(bcrypt.genhash(pwd, good), good)
with self.assertWarningList([corr_desc]):
self.assertTrue(bcrypt.verify(pwd, bad))
with self.assertWarningList([]):
self.assertTrue(bcrypt.verify(pwd, good))
with self.assertWarningList([corr_desc]):
self.assertEqual(bcrypt.normhash(bad), good)
with self.assertWarningList([]):
self.assertEqual(bcrypt.normhash(good), good)
self.assertEqual(bcrypt.normhash('$md5$abc'), '$md5$abc')
def test_04_check_password(self):
ht = apache.HtpasswdFile.from_string(self.sample_05)
self.assertRaises(TypeError, ht.check_password, 1, 'pass9')
self.assertTrue(ht.check_password('user9', 'pass9') is None)
for i in irange(1, 7):
i = str(i)
try:
self.assertTrue(ht.check_password('user' + i, 'pass' + i))
self.assertTrue(
ht.check_password('user' + i, 'pass9') is False)
except MissingBackendError:
if i == '5':
continue
raise
self.assertRaises(ValueError, ht.check_password, 'user:'******'pass')
with self.assertWarningList(['verify\\(\\) is deprecated'] * 2):
self.assertTrue(ht.verify('user1', 'pass1'))
self.assertFalse(ht.verify('user1', 'pass2'))
return
def _process(self, block):
X = struct.unpack('<16I', block)
orig = self._state
state = list(orig)
for a, b, c, d, k, s in self._round1:
t = state[a] + F(state[b], state[c], state[d]) + X[k] & MASK_32
state[a] = (t << s & MASK_32) + (t >> 32 - s)
for a, b, c, d, k, s in self._round2:
t = state[a] + G(state[b], state[c],
state[d]) + X[k] + 1518500249 & MASK_32
state[a] = (t << s & MASK_32) + (t >> 32 - s)
for a, b, c, d, k, s in self._round3:
t = state[a] + (state[b] ^ state[c]
^ state[d]) + X[k] + 1859775393 & MASK_32
state[a] = (t << s & MASK_32) + (t >> 32 - s)
for i in irange(4):
orig[i] = orig[i] + state[i] & MASK_32
def check_int_pair(self, bits, encoded_pairs):
rng = self.getRandom()
engine = self.engine
encode = getattr(engine, 'encode_int%s' % bits)
decode = getattr(engine, 'decode_int%s' % bits)
pad = -bits % 6
chars = (bits + pad) // 6
upper = 1 << bits
for value, encoded in encoded_pairs:
result = encode(value)
self.assertIsInstance(result, bytes)
self.assertEqual(result, encoded)
self.assertRaises(ValueError, encode, -1)
self.assertRaises(ValueError, encode, upper)
for value, encoded in encoded_pairs:
self.assertEqual(decode(encoded), value, 'encoded %r:' % (encoded,))
m = self.m
self.assertRaises(ValueError, decode, m(0) * (chars + 1))
self.assertRaises(ValueError, decode, m(0) * (chars - 1))
self.assertRaises(ValueError, decode, self.bad_byte * chars)
self.assertRaises(TypeError, decode, engine.charmap[0])
self.assertRaises(TypeError, decode, None)
from otp.ai.passlib.utils import getrandstr
for i in irange(100):
value = rng.randint(0, upper - 1)
encoded = encode(value)
self.assertEqual(len(encoded), chars)
self.assertEqual(decode(encoded), value)
encoded = getrandstr(rng, engine.bytemap, chars)
value = decode(encoded)
self.assertGreaterEqual(value, 0, 'decode %r out of bounds:' % encoded)
self.assertLess(value, upper, 'decode %r out of bounds:' % encoded)
result = encode(value)
if pad:
self.assertEqual(result[:-2], encoded[:-2])
else:
self.assertEqual(result, encoded)
return
def test_04_check_password(self):
ht = apache.HtdigestFile.from_string(self.sample_01)
self.assertRaises(TypeError, ht.check_password, 1, 'realm', 'pass5')
self.assertRaises(TypeError, ht.check_password, 'user', 1, 'pass5')
self.assertIs(ht.check_password('user5', 'realm', 'pass5'), None)
for i in irange(1, 5):
i = str(i)
self.assertTrue(ht.check_password('user' + i, 'realm', 'pass' + i))
self.assertIs(ht.check_password('user' + i, 'realm', 'pass5'),
False)
self.assertRaises(TypeError, ht.check_password, 'user5', 'pass5')
ht.default_realm = 'realm'
self.assertTrue(ht.check_password('user1', 'pass1'))
self.assertIs(ht.check_password('user5', 'pass5'), None)
with self.assertWarningList(['verify\\(\\) is deprecated'] * 2):
self.assertTrue(ht.verify('user1', 'realm', 'pass1'))
self.assertFalse(ht.verify('user1', 'realm', 'pass2'))
self.assertRaises(ValueError, ht.check_password, 'user:'******'realm',
'pass')
return
from hashlib import md5
import re, logging
log = logging.getLogger(__name__)
from warnings import warn
from otp.ai.passlib.utils import to_unicode
from otp.ai.passlib.utils.binary import h64
from otp.ai.passlib.utils.compat import byte_elem_value, irange, u, uascii_to_str, unicode, str_to_bascii
import otp.ai.passlib.utils.handlers as uh
__all__ = [
'sun_md5_crypt']
MAGIC_HAMLET = "To be, or not to be,--that is the question:--\nWhether 'tis nobler in the mind to suffer\nThe slings and arrows of outrageous fortune\nOr to take arms against a sea of troubles,\nAnd by opposing end them?--To die,--to sleep,--\nNo more; and by a sleep to say we end\nThe heartache, and the thousand natural shocks\nThat flesh is heir to,--'tis a consummation\nDevoutly to be wish'd. To die,--to sleep;--\nTo sleep! perchance to dream:--ay, there's the rub;\nFor in that sleep of death what dreams may come,\nWhen we have shuffled off this mortal coil,\nMust give us pause: there's the respect\nThat makes calamity of so long life;\nFor who would bear the whips and scorns of time,\nThe oppressor's wrong, the proud man's contumely,\nThe pangs of despis'd love, the law's delay,\nThe insolence of office, and the spurns\nThat patient merit of the unworthy takes,\nWhen he himself might his quietus make\nWith a bare bodkin? who would these fardels bear,\nTo grunt and sweat under a weary life,\nBut that the dread of something after death,--\nThe undiscover'd country, from whose bourn\nNo traveller returns,--puzzles the will,\nAnd makes us rather bear those ills we have\nThan fly to others that we know not of?\nThus conscience does make cowards of us all;\nAnd thus the native hue of resolution\nIs sicklied o'er with the pale cast of thought;\nAnd enterprises of great pith and moment,\nWith this regard, their currents turn awry,\nAnd lose the name of action.--Soft you now!\nThe fair Ophelia!--Nymph, in thy orisons\nBe all my sins remember'd.\n\x00"
xr = irange(7)
_XY_ROUNDS = [
tuple((i, i, i + 3) for i in xr),
tuple((i, i + 1, i + 4) for i in xr),
tuple((i, i + 8, i + 11 & 15) for i in xr),
tuple((i, i + 9 & 15, i + 12 & 15) for i in xr)]
del xr
def raw_sun_md5_crypt(secret, rounds, salt):
global MAGIC_HAMLET
if rounds <= 0:
rounds = 0
real_rounds = 4096 + rounds
result = md5(secret + salt).digest()
X_ROUNDS_0, X_ROUNDS_1, Y_ROUNDS_0, Y_ROUNDS_1 = _XY_ROUNDS
round = 0
while round < real_rounds:
rval = [ byte_elem_value(c) for c in result ].__getitem__
x = 0
xrounds = X_ROUNDS_1 if rval(round >> 3 & 15) >> (round & 7) & 1 else X_ROUNDS_0
def varlist(name, count):
return (', ').join(name + str(x) for x in irange(count))
def __next__(self):
words = (self.rng.choice(self.words) for _ in irange(self.length))
return self.sep.join(words)
def group_string(value, sep='-'):
klen = len(value)
size = _get_group_size(klen)
return sep.join(value[o:o + size] for o in irange(0, klen, size))
return _uint64_struct.pack(value)
def _unpack64(value):
return _uint64_struct.unpack(value)[0]
def _pack56(value):
return _uint64_struct.pack(value)[1:]
def _unpack56(value):
return _uint64_struct.unpack('\x00' + value)[0]
_EXPAND_ITER = irange(49, -7, -7)
def expand_des_key(key):
if isinstance(key, bytes):
if len(key) != 7:
raise ValueError('key must be 7 bytes in size')
else:
if isinstance(key, int_types):
if key < 0 or key > INT_56_MASK:
raise ValueError('key must be 56-bit non-negative integer')
return _unpack64(expand_des_key(_pack56(key)))
raise exc.ExpectedTypeError(key, 'bytes or int', 'key')
key = _unpack56(key)
return join_byte_values(
(key >> shift & 127) << 1 for shift in _EXPAND_ITER)
'ab64_decode', 'b64s_encode', 'b64s_decode', 'b32encode', 'b32decode',
'Base64Engine', 'LazyBase64Engine', 'h64', 'h64big', 'bcrypt64'
]
BASE64_CHARS = u(
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')
AB64_CHARS = u(
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./')
HASH64_CHARS = u(
'./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz')
BCRYPT_CHARS = u(
'./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789')
PADDED_BASE64_CHARS = BASE64_CHARS + u('=')
HEX_CHARS = u('0123456789abcdefABCDEF')
UPPER_HEX_CHARS = u('0123456789ABCDEF')
LOWER_HEX_CHARS = u('0123456789abcdef')
ALL_BYTE_VALUES = join_byte_values(irange(256))
B_EMPTY = ''
B_NULL = '\x00'
B_EQUAL = '='
_TRANSLATE_SOURCE = list(iter_byte_chars(ALL_BYTE_VALUES))
def compile_byte_translation(mapping, source=None):
if source is None:
target = _TRANSLATE_SOURCE[:]
else:
target = list(iter_byte_chars(source))
for k, v in mapping.items():
if isinstance(k, unicode_or_bytes_types):
k = ord(k)
if isinstance(v, unicode):
return
@memoized_property
def supported_by_hashlib_pbkdf2(self):
if not _stdlib_pbkdf2_hmac:
return
try:
_stdlib_pbkdf2_hmac(self.name, 'p', 's', 1)
return True
except ValueError:
return False
return
_TRANS_5C = join_byte_values(x ^ 92 for x in irange(256))
_TRANS_36 = join_byte_values(x ^ 54 for x in irange(256))
def compile_hmac(digest, key, multipart=False):
digest_info = lookup_hash(digest)
const, digest_size, block_size = digest_info
if not isinstance(key, bytes):
key = to_bytes(key, param='key')
klen = len(key)
if klen > block_size:
key = const(key).digest()
klen = digest_size
if klen < block_size:
key += '\x00' * (block_size - klen)
_inner_copy = const(key.translate(_TRANS_36)).copy
