def _needs_update(cls, hash, secret):
# mark bsdi_crypt hashes as deprecated if they have even rounds.
assert cls.identify(hash)
if isinstance(hash, unicode):
hash = hash.encode("ascii")
rounds = h64.decode_int24(hash[1:5])
return not rounds & 1
def raw_ext_crypt(secret, rounds, salt):
"ext_crypt() helper which returns checksum only"
#decode salt
try:
salt_value = h64.decode_int24(salt)
except ValueError: #pragma: no cover - always caught by class
raise ValueError("invalid salt")
#validate secret
if b('\x00') in secret: #pragma: no cover - always caught by class
#builtin linux crypt doesn't like this, so we don't either
#XXX: would make more sense to raise ValueError, but want to be compatible w/ stdlib crypt
raise ValueError("secret must be string without null bytes")
#convert secret string into an integer
key_value = _crypt_secret_to_key(secret)
idx = 8
end = len(secret)
while idx < end:
next = idx+8
key_value = mdes_encrypt_int_block(key_value, key_value) ^ \
_crypt_secret_to_key(secret[idx:next])
idx = next
#run data through des using input of 0
result = mdes_encrypt_int_block(key_value, 0, salt_value, rounds)
#run h64 encode on result
return h64.encode_dc_int64(result)
def from_string(cls, hash):
hash = to_unicode(hash, "ascii", "hash")
m = cls._hash_regex.match(hash)
if not m:
raise uh.exc.InvalidHashError(cls)
rounds, salt, chk = m.group("rounds", "salt", "chk")
return cls(rounds=h64.decode_int24(rounds.encode("ascii")), salt=salt, checksum=chk)
def _raw_bsdi_crypt(secret, rounds, salt):
"pure-python backend for bsdi_crypt"
# decode salt
try:
salt_value = h64.decode_int24(salt)
except ValueError: # pragma: no cover - always caught by class
raise ValueError("invalid salt")
# gotta do something - no official policy since this predates unicode
if isinstance(secret, unicode):
secret = secret.encode("utf-8")
assert isinstance(secret, bytes)
# forbidding NULL char because underlying crypt() rejects them too.
if _BNULL in secret:
raise uh.exc.NullPasswordError(bsdi_crypt)
# convert secret string into an integer
key_value = _bsdi_secret_to_key(secret)
# run data through des using input of 0
result = des_encrypt_int_block(key_value, 0, salt_value, rounds)
# run h64 encode on result
return h64big.encode_int64(result)
def _raw_bsdi_crypt(secret, rounds, salt):
"pure-python backend for bsdi_crypt"
# decode salt
try:
salt_value = h64.decode_int24(salt)
except ValueError: # pragma: no cover - always caught by class
raise ValueError("invalid salt")
# gotta do something - no official policy since this predates unicode
if isinstance(secret, unicode):
secret = secret.encode("utf-8")
assert isinstance(secret, bytes)
# forbidding NULL char because underlying crypt() rejects them too.
if _BNULL in secret:
raise uh.exc.NullPasswordError(bsdi_crypt)
# convert secret string into an integer
key_value = _bsdi_secret_to_key(secret)
# run data through des using input of 0
result = des_encrypt_int_block(key_value, 0, salt_value, rounds)
# run h64 encode on result
return h64big.encode_int64(result)
def _needs_update(cls, hash, secret):
# mark bsdi_crypt hashes as deprecated if they have even rounds.
assert cls.identify(hash)
if isinstance(hash, unicode):
hash = hash.encode("ascii")
rounds = h64.decode_int24(hash[1:5])
return not rounds & 1
def from_string(cls, hash):
hash = to_unicode(hash, "ascii", "hash")
m = cls._hash_regex.match(hash)
if not m:
raise uh.exc.InvalidHashError(cls)
rounds, salt, chk = m.group("rounds", "salt", "chk")
return cls(
rounds=h64.decode_int24(rounds.encode("ascii")),
salt=salt,
checksum=chk,
)
def from_string(cls, hash):
if not hash:
raise ValueError("no hash specified")
if isinstance(hash, bytes):
hash = hash.decode("ascii")
m = cls._pat.match(hash)
if not m:
raise ValueError("invalid ext-des-crypt hash")
rounds, salt, chk = m.group("rounds", "salt", "chk")
return cls(
rounds=h64.decode_int24(rounds.encode("ascii")),
salt=salt,
checksum=chk,
strict=bool(chk),
)
