def test_ab64_decode(self):
"""ab64_decode()"""
from passlib.utils.binary import ab64_decode
# accept bytes or unicode
self.assertEqual(ab64_decode(b"abc"), hb("69b7"))
self.assertEqual(ab64_decode(u("abc")), hb("69b7"))
# reject non-ascii unicode
self.assertRaises(ValueError, ab64_decode, u("ab\xff"))
# underlying a2b_ascii treats non-base64 chars as "Incorrect padding"
self.assertRaises(TypeError, ab64_decode, b"ab\xff")
self.assertRaises(TypeError, ab64_decode, b"ab!")
self.assertRaises(TypeError, ab64_decode, u("ab!"))
# insert correct padding, handle dirty padding bits
self.assertEqual(ab64_decode(b"abcd"), hb("69b71d")) # 0 mod 4
self.assertRaises(ValueError, ab64_decode, b"abcde") # 1 mod 4
self.assertEqual(ab64_decode(b"abcdef"), hb("69b71d79")) # 2 mod 4, dirty padding bits
self.assertEqual(ab64_decode(b"abcdeQ"), hb("69b71d79")) # 2 mod 4, clean padding bits
self.assertEqual(ab64_decode(b"abcdefg"), hb("69b71d79f8")) # 3 mod 4, clean padding bits
# support "./" or "+/" altchars
# (lets us transition to "+/" representation, merge w/ b64s_decode)
self.assertEqual(ab64_decode(b"ab+/"), hb("69bfbf"))
self.assertEqual(ab64_decode(b"ab./"), hb("69bfbf"))
def test_ab64_decode(self):
"""ab64_decode()"""
from passlib.utils.binary import ab64_decode
# accept bytes or unicode
self.assertEqual(ab64_decode(b"abc"), hb("69b7"))
self.assertEqual(ab64_decode(u("abc")), hb("69b7"))
# reject non-ascii unicode
self.assertRaises(ValueError, ab64_decode, u("ab\xff"))
# underlying a2b_ascii treats non-base64 chars as "Incorrect padding"
self.assertRaises(TypeError, ab64_decode, b"ab\xff")
self.assertRaises(TypeError, ab64_decode, b"ab!")
self.assertRaises(TypeError, ab64_decode, u("ab!"))
# insert correct padding, handle dirty padding bits
self.assertEqual(ab64_decode(b"abcd"), hb("69b71d")) # 0 mod 4
self.assertRaises(ValueError, ab64_decode, b"abcde") # 1 mod 4
self.assertEqual(ab64_decode(b"abcdef"), hb("69b71d79")) # 2 mod 4, dirty padding bits
self.assertEqual(ab64_decode(b"abcdeQ"), hb("69b71d79")) # 2 mod 4, clean padding bits
self.assertEqual(ab64_decode(b"abcdefg"), hb("69b71d79f8")) # 3 mod 4, clean padding bits
# support "./" or "+/" altchars
# (lets us transition to "+/" representation, merge w/ b64s_decode)
self.assertEqual(ab64_decode(b"ab+/"), hb("69bfbf"))
self.assertEqual(ab64_decode(b"ab./"), hb("69bfbf"))
def get_hasher(self):
ut = self.username_transformed
custom_salt = ab64_decode(cleanup(ut)) if ut else None
hasher = (pbkdf2_sha512.using(salt=custom_salt, rounds=1600)
if custom_salt else pbkdf2_sha512.using(rounds=1600,
salt_size=10))
return hasher
def from_string(cls, hash):
hash = to_native_str(hash, "ascii", "hash")
if not hash.startswith("$scram$"):
raise uh.exc.InvalidHashError(cls)
parts = hash[7:].split("$")
if len(parts) != 3:
raise uh.exc.MalformedHashError(cls)
rounds_str, salt_str, chk_str = parts
# decode rounds
rounds = int(rounds_str)
if rounds_str != str(rounds): # forbid zero padding, etc.
raise uh.exc.MalformedHashError(cls)
# decode salt
try:
salt = ab64_decode(salt_str.encode("ascii"))
except TypeError:
raise uh.exc.MalformedHashError(cls)
# decode algs/digest list
if not chk_str:
# scram hashes MUST have something here.
raise uh.exc.MalformedHashError(cls)
elif "=" in chk_str:
# comma-separated list of 'alg=digest' pairs
algs = None
chkmap = {}
for pair in chk_str.split(","):
alg, digest = pair.split("=")
try:
chkmap[alg] = ab64_decode(digest.encode("ascii"))
except TypeError:
raise uh.exc.MalformedHashError(cls)
else:
# comma-separated list of alg names, no digests
algs = chk_str
chkmap = None
# return new object
return cls(
rounds=rounds,
salt=salt,
checksum=chkmap,
algs=algs,
)
def from_string(cls, hash):
hash = to_native_str(hash, "ascii", "hash")
if not hash.startswith("$scram$"):
raise uh.exc.InvalidHashError(cls)
parts = hash[7:].split("$")
if len(parts) != 3:
raise uh.exc.MalformedHashError(cls)
rounds_str, salt_str, chk_str = parts
# decode rounds
rounds = int(rounds_str)
if rounds_str != str(rounds): # forbid zero padding, etc.
raise uh.exc.MalformedHashError(cls)
# decode salt
try:
salt = ab64_decode(salt_str.encode("ascii"))
except TypeError:
raise uh.exc.MalformedHashError(cls)
# decode algs/digest list
if not chk_str:
# scram hashes MUST have something here.
raise uh.exc.MalformedHashError(cls)
elif "=" in chk_str:
# comma-separated list of 'alg=digest' pairs
algs = None
chkmap = {}
for pair in chk_str.split(","):
alg, digest = pair.split("=")
try:
chkmap[alg] = ab64_decode(digest.encode("ascii"))
except TypeError:
raise uh.exc.MalformedHashError(cls)
else:
# comma-separated list of alg names, no digests
algs = chk_str
chkmap = None
# return new object
return cls(
rounds=rounds,
salt=salt,
checksum=chkmap,
algs=algs,
)
def couchdb_password_hash(password, salt, iterations=10):
salt = salt.encode('utf-8') if isinstance(salt, six.text_type) else salt
if not HAS_PASSLIB:
return '-hashed-{hash},{salt}'.format(
hash=hashlib.sha1(password + salt),
salt=salt
)
else:
dk = pbkdf2_sha1.using(rounds=iterations, salt=salt).hash(password)
decoded = binary.ab64_decode(dk.split('$')[-1])
return '-pbkdf2-{hash},{salt},{iterations}'.format(
hash=binascii.hexlify(decoded),
salt=salt,
iterations=iterations
)
def run(self, tmp=None, task_vars=dict()):
"""
Convert the "password" argument to a hashed password.
Then call the actual module to do the work.
"""
options = self._task.args.copy()
if 'password' in options:
plain = options['password']
digest = 'pbkdf2_sha512_osx'
kwargs = {}
if 'salt' in options:
kwargs['salt'] = ab64_decode(options['salt'])
options['password'] = do_encrypt(plain, digest, **kwargs)
return self._execute_module(module_name="osxpassword",
module_args=options,
task_vars=task_vars)
def run(self, tmp=None, task_vars=dict()):
"""
Convert the "password" argument to a hashed password.
Then call the actual module to do the work.
"""
options = self._task.args.copy()
if 'password' in options:
plain = options['password']
digest = 'pbkdf2_sha512_osx'
kwargs = {}
if 'salt' in options:
kwargs['salt'] = ab64_decode(options['salt'])
options['password'] = do_encrypt(plain, digest, **kwargs)
return self._execute_module(
module_name="osxpassword",
module_args=options,
task_vars=task_vars)
def from_string(cls, hash):
rounds, salt, chk = uh.parse_mc3(hash, cls.ident, handler=cls)
salt = ab64_decode(salt.encode("ascii"))
if chk:
chk = ab64_decode(chk.encode("ascii"))
return cls(rounds=rounds, salt=salt, checksum=chk)
def from_string(cls, hash):
rounds, salt, chk = uh.parse_mc3(hash, cls.ident, handler=cls)
salt = ab64_decode(salt.encode("ascii"))
if chk:
chk = ab64_decode(chk.encode("ascii"))
return cls(rounds=rounds, salt=salt, checksum=chk)
def couchdb_encrypt_password(password, salt, iterations=10):
salt = salt.encode('utf-8') if isinstance(salt, six.text_type) else salt
dk = pbkdf2_sha1.using(rounds=iterations, salt=salt).hash(password)
decoded = binary.ab64_decode(dk.split('$')[-1])
return '-pbkdf2-{hash},{salt},{iterations}'.format(
hash=binascii.hexlify(decoded), salt=salt, iterations=iterations)
password = gen_password(serial_number, salt, nonce)
if show_password:
print password
if plist:
# Remove the salt folder and it's contents
shutil.rmtree(os.path.dirname(salt_file))
# Show password during automation run - only useful for debugging
pbkdf2_sha512.checksum_size = checksum_size
hash = pbkdf2_sha512.encrypt(password,
rounds=rounds,
salt_size=salt_size)
shadow_hash_data = {
'SALTED-SHA512-PBKDF2': {
'entropy': buffer(Data(ab64_decode(hash.split('$')[4]))),
'salt': buffer(Data(ab64_decode(hash.split('$')[3]))),
'iterations': int(hash.split('$')[2])
}
}
shadow_hash_data_binary = write_plist(shadow_hash_data,
plist_format='binary')
user_plist = biplist.readPlist(plist_file)
try:
user_plist['ShadowHashData'][0] = shadow_hash_data_binary
except KeyError, error:
print error
sys.exit(1)
write_plist(user_plist, pathname=plist_file, plist_format='binary')
else:
sys.exit(0)