def from_string(cls, hash): hash = to_native_str(hash, "ascii", "hash") if not hash.startswith("$scram$"): raise uh.exc.InvalidHashError(cls) parts = hash[7:].split("$") if len(parts) != 3: raise uh.exc.MalformedHashError(cls) rounds_str, salt_str, chk_str = parts # decode rounds rounds = int(rounds_str) if rounds_str != str(rounds): # forbid zero padding, etc. raise uh.exc.MalformedHashError(cls) # decode salt try: salt = ab64_decode(salt_str.encode("ascii")) except TypeError: raise uh.exc.MalformedHashError(cls) # decode algs/digest list if not chk_str: # scram hashes MUST have something here. raise uh.exc.MalformedHashError(cls) elif "=" in chk_str: # comma-separated list of 'alg=digest' pairs algs = None chkmap = {} for pair in chk_str.split(","): alg, digest = pair.split("=") try: chkmap[alg] = ab64_decode(digest.encode("ascii")) except TypeError: raise uh.exc.MalformedHashError(cls) else: # comma-separated list of alg names, no digests algs = chk_str chkmap = None # return new object return cls( rounds=rounds, salt=salt, checksum=chkmap, algs=algs, )
def salt_and_checksum_text(text, salt_text=None): salt = None if salt_text: salt = ab64_decode(salt_text.encode('utf-8')) hash_ = pbkdf2_sha512.encrypt(text, salt=salt) digest, rounds, salt, checksum = hash_[1:].split('$') return (salt, checksum)
def generate_key( passphrase, salt ): assert len(passphrase) > 0 # add salt to passphrase and to sha512_crypt's salt crypt_salt = ab64_encode(sha512(salt).digest())[:16] passphrase += salt assert len(crypt_salt) == 16 key = sha512_crypt.encrypt(passphrase, rounds = PASSPHRASE_ROUNDS, salt = crypt_salt) assert len(key) > 86 # get just the hash back key = ab64_decode(key[-86:]) assert len(key) == 64 return key
def generate_key(passphrase, salt): assert len(passphrase) > 0 # add salt to passphrase and to sha512_crypt's salt crypt_salt = ab64_encode(sha512(salt).digest())[:16] passphrase += salt assert len(crypt_salt) == 16 key = sha512_crypt.encrypt(passphrase, rounds=PASSPHRASE_ROUNDS, salt=crypt_salt) assert len(key) > 86 # get just the hash back key = ab64_decode(key[-86:]) assert len(key) == 64 return key
def from_string(cls, hash): rounds, salt, chk = uh.parse_mc3(hash, cls.ident, handler=cls) salt = ab64_decode(salt.encode("ascii")) if chk: chk = ab64_decode(chk.encode("ascii")) return cls(rounds=rounds, salt=salt, checksum=chk)
def _ersatzfy_input(self, inPassword): return self._sxor(self._hdf(self._formatPassword(inPassword)),\ ab64_decode(self.salt))[0:len(self.ersatzPassword)]
iteration = sys.argv[6] clientProofToFound = sys.argv[7] normalizedPassword = utils.saslprep(unicode(password)) clientInitMessage = "n=" + username + ",r=" + clientNonce serverInitReply = "r=" + clientNonce + serverNonce + ",s=" + serverSalt + ",i=" + iteration clientFinal = "c=biws,r=" + clientNonce + serverNonce saltedPassword = pbkdf2_sha1.using( rounds=iteration, salt=serverSalt.decode("base64")).hash(normalizedPassword).split('$')[-1] clientKey = hmac.new(utils.ab64_decode(saltedPassword), "Client Key", hashlib.sha1) storedKey = hashlib.sha1(clientKey.digest()) authMessage = clientInitMessage + "," + serverInitReply + "," + clientFinal clientSignature = hmac.new(storedKey.digest(), authMessage, hashlib.sha1) clientProof = binascii.hexlify("".join( chr(ord(c1) ^ ord(c2)) for c1, c2 in zip(binascii.unhexlify(clientKey.hexdigest()), binascii.unhexlify(clientSignature.hexdigest())))) if clientProof.decode("hex") == binascii.a2b_base64(clientProofToFound): print "match with " + password