def encode(client_nonce: bytes, password: bytes, salt: bytes,
algo_name: str, server_nonce: bytes) -> bytes:
"""
Encodes user/password/salt information in the following way: SHA2(SHA2(password + user) + salt).
:param client_nonce: The client nonce
:type client_nonce: bytes
:param password: The connecting user's password
:type password: bytes
:param salt: salt sent by the server
:type salt: bytes
:param algo_name: Algorithm name such as "SHA256" etc.
:type algo_name: str
:param server_nonce: random number generated by server
:type server_nonce: bytes
:return: the digest
:rtype: bytes
"""
try:
hl1: "_Hash" = hashlib_new(name=algo_name)
except ImportError:
raise InterfaceError(
"Unable to encode password with extensible hashing: {}".format(
algo_name))
hl1.update(password)
hl1.update(salt)
pass_digest1: bytes = hl1.digest() # SHA2(user + password)
hl2: "_Hash" = hashlib_new(name=algo_name)
hl2.update(pass_digest1)
hl2.update(server_nonce)
hl2.update(client_nonce)
pass_digest2 = hl2.digest() # SHA2(SHA2(password + user) + salt)
return pass_digest2
def HashNtPasswordHash(self, PasswordHash):
# Generate the double hash'ed Hash
md4 = hashlib_new('md4')
md4.update(PasswordHash)
PasswordHashHash = md4.digest()
return PasswordHashHash
def NtPasswordHash(self, Password):
# MD4 the password with right encoding
Password = Password.encode('utf-16le')
md4 = hashlib_new('md4')
md4.update(Password)
PasswordHash = md4.digest()
return PasswordHash
def calculateFileHash(fname, algorithm='md5'):
m = hashlib_new(algorithm)
fobj = open(fname, 'rb')
while True:
d = fobj.read(8096)
if not d:
break
m.update(d)
fobj.close()
return m.hexdigest()
def ntowf_v1(input_bytes: ByteString) -> bytes:
"""
Compute the NT hash of a byte string.
See also:
[MS-NLMP]: NTLM v1 Authentication | Microsoft Docs
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/464551a8-9fc4-428e-b3d3-bc5bfb2e73a5
:param input_bytes: A byte string whose corresponding NT hash to compute.
:return: The NT hash corresponding to the input bytes.
"""
return hashlib_new(name='md4', data=input_bytes).digest()
def ripemd160(h, hex=False, encoding=None):
h = get_bytes(h, encoding=encoding)
a = hashlib_new('ripemd160')
a.update(h)
return a.hexdigest() if hex else a.digest()
def ripemd160(h, hex=False):
if isinstance(h, str):
h = bytes_from_hex(h)
a = hashlib_new('ripemd160')
a.update(h)
return a.hexdigest() if hex else a.digest()
def get_connection_data(uri=None, **settings):
""" Generate a dictionary of connection data for an optional URI plus
additional connection settings.
:param uri:
:param settings:
:return:
"""
data = {
"host": None,
"password": None,
"port": None,
"scheme": None,
"secure": None,
"verified": None,
"user": None,
"user_agent": None,
}
# apply uri
uri = coalesce(uri, NEO4J_URI)
if uri is not None:
parsed = urlsplit(uri)
if parsed.scheme is not None:
data["scheme"] = parsed.scheme
if data["scheme"] in ["https"]:
data["secure"] = True
elif data["scheme"] in ["http"]:
data["secure"] = False
data["user"] = coalesce(parsed.username, data["user"])
data["password"] = coalesce(parsed.password, data["password"])
data["host"] = coalesce(parsed.hostname, data["host"])
data["port"] = coalesce(parsed.port, data["port"])
# apply auth (this can override `uri`)
if "auth" in settings and settings["auth"] is not None:
data["user"], data["password"] = settings["auth"]
elif NEO4J_AUTH is not None:
data["user"], _, data["password"] = NEO4J_AUTH.partition(":")
# apply components (these can override `uri` and `auth`)
data["user_agent"] = coalesce(settings.get("user_agent"), NEO4J_USER_AGENT,
data["user_agent"])
data["secure"] = coalesce(settings.get("secure"), data["secure"],
NEO4J_SECURE)
data["verified"] = coalesce(settings.get("verified"), data["verified"],
NEO4J_VERIFIED)
data["scheme"] = coalesce(settings.get("scheme"), data["scheme"])
data["user"] = coalesce(settings.get("user"), data["user"])
data["password"] = coalesce(settings.get("password"), data["password"])
data["host"] = coalesce(settings.get("host"), data["host"])
data["port"] = coalesce(settings.get("port"), data["port"])
# apply correct scheme for security
if data["secure"] is True and data["scheme"] == "http":
data["scheme"] = "https"
if data["secure"] is False and data["scheme"] == "https":
data["scheme"] = "http"
# apply default port for scheme
if data["scheme"] and not data["port"]:
if data["scheme"] == "http":
data["port"] = DEFAULT_HTTP_PORT
elif data["scheme"] == "https":
data["port"] = DEFAULT_HTTPS_PORT
elif data["scheme"] in ["bolt", "bolt+routing"]:
data["port"] = DEFAULT_BOLT_PORT
# apply other defaults
if not data["user_agent"]:
data["user_agent"] = http_user_agent() if data["scheme"] in [
"http", "https"
] else bolt_user_agent()
if data["secure"] is None:
data["secure"] = DEFAULT_SECURE
if data["verified"] is None:
data["verified"] = DEFAULT_VERIFIED
if not data["scheme"]:
data["scheme"] = DEFAULT_SCHEME
if data["scheme"] == "http":
data["secure"] = False
data["verified"] = False
if data["scheme"] == "https":
data["secure"] = True
data["verified"] = True
if not data["user"]:
data["user"] = DEFAULT_USER
if not data["password"]:
data["password"] = DEFAULT_PASSWORD
if not data["host"]:
data["host"] = DEFAULT_HOST
if not data["port"]:
data["port"] = DEFAULT_BOLT_PORT
# apply composites
data["auth"] = (data["user"], data["password"])
data["uri"] = "%s://%s:%s" % (data["scheme"], data["host"], data["port"])
h = hashlib_new("md5")
for key in sorted(data):
h.update(bstr(data[key]))
data["hash"] = h.hexdigest()
return data
def hash160(hexnum): # take hex, return hex - OP_HASH160
return hashlib_new('ripemd160',
sha256(unhexlify(hexnum)).digest()).hexdigest()
def hash160(string):
"""A thin wrapper around hashlib to compute the hash160 (SHA256 followed by RIPEMD160)"""
intermed = sha256(string).digest()
return hashlib_new('ripemd160', intermed).digest()
def pubhex2hexaddr(pubhex):
step1 = sha256(unhexlify(pubhex)).digest()
return hashlib_new('ripemd160',step1).hexdigest()
def _hash(msg, algo):
hash = hashlib_new(algo)
hash.update(msg)
return hash.digest()