XR_(UldZddlZddlZejeZddlmZmZm Z m Z ddl m Z ddl mZmZmZmZddlmcmZddgZdZd Zd Zd Zdd ZedZedZedZGddejej ej!ej"Z#Gdde#Z$Gdde#Z%dS)z9passlib.handlers.sha2_crypt - SHA256-Crypt / SHA512-CryptN) safe_crypt test_crypt repeat_string to_unicode)h64)byte_elem_valueu uascii_to_strunicode sha512_crypt sha256_crypt))rrr)rrrrr)rrr)rrrrr)rrrr)rrrrr)  r rr  rrr )@*rrr+rrr,-r rr.r!r#r/0r(r%r'1r*r,r)23r/r.r4r0 r56!rr7"#r89$r"r$:%&r&;<'r+r-=()r>?Fct|tr|d}t|tsJt|vr-t j|rtntt|}d|cxkrdks nJdt|ts Jd|d}t|}|dks Jd|rtj }t}ntj}t}|||z|z}|||z} | j} | t%|||} | r| | d zr|n|| d z} | | } |d kr/t%|||z|} nM||}|j}|d z } | r||| d z} | t%||} t| |ksJ||d t'| d zzd |}t||ks Jd| | z}| |z}| |||| z|| z||zgfdt(D}| }t+|d\}}|rM|D]C\}}|||||zz}D|d z}|M|r|d z }|d |D]C\}}|||||zz}D|d zr,||||d z}t-j||dS)aperform raw sha256-crypt / sha512-crypt this function provides a pure-python implementation of the internals for the SHA256-Crypt and SHA512-Crypt algorithms; it doesn't handle any of the parsing/validation of the hash strings themselves. :arg pwd: password chars/bytes to hash :arg salt: salt chars to use :arg rounds: linear rounds cost :arg use_512: use sha512-crypt instead of sha256-crypt mode :returns: encoded checksum chars zutf-8ɚ;zinvalid roundszsalt not unicodeasciir&zsalt too larger`r$rNzsalt_len somehow > hash_len!c6g|]\}}||fSrW).0evenoddpermss =/usr/lib/python3/dist-packages/passlib/handlers/sha2_crypt.py z#_raw_sha2_crypt..s* J J J94eDk5: & J J Jr1) isinstancer encodebytes_BNULLuhexcNullPasswordErrorr r lenhashlibsha512_512_transpose_mapsha256_256_transpose_mapdigestupdaterr_c_digest_offsetsdivmodrencode_transposed_bytesdecode)pwdsaltroundsuse_512pwd_lensalt_len hash_const transpose_mapdba_ctx a_ctx_updateidadptmp_ctxtmp_ctx_updatedsdp_dpdp_dsdatadcblockstailrYrZpairsr[s @r\_raw_sha2_cryptr8snB#w"jj!! c5 ! !!!! }}f&&w'P||LQQQ#hhG 6 & & & &Y & & & & &(8 & & & dG $ $88&8888 ;;w  D4yyH b===*=== +^ * ^ * C$J$ % % , , . .B JsTz " "E>++W 5 5 r77g     DBA!7!778 9 9 @ @ B B9H9 MB r77h    >   \ rEE rEE uRxB5 9E K J J J8I J J JD B&"%%LFD  K KID#C**R$Y"7"7">">"@"@@AAHHJJBB!    :afuf K KID#C**R$Y"7"7">">"@"@@AAHHJJBB !8 :BeQ/007799B  &r= 9 9 @ @ I IIr^zrounds=$0ceZdZdZdZejZdZejZ dZ dZ dZ dZ dZdZdfd Zd Zd Zed Zd ZdZdZedZdZedZdZxZS) _SHA2_CommonzBclass containing common code shared by sha256_crypt & sha512_crypt)rsrtimplicit_rounds salt_sizer$rRrSlinearFNc ~tt|jdi|||jo |jdk}||_dS)NrW)superr__init__ use_defaultsrtr)selfrkwds __class__s r\rz_SHA2_Common.__init__sN*lD!!*22T222  "#0HT[D5HO.r^c>|||jduSN)relaxed) _norm_saltchecksum)rrss r\ _parse_saltz_SHA2_Common._parse_saltstT]d-BCCCr^c>|||jduSr) _norm_roundsr)rrts r\ _parse_roundsz_SHA2_Common._parse_rounds#s"  $1F GGGr^c8t|dd}|j}||stj|t |dksJ|ddt}|dtrt tdksJ| ddd}|tr*|tkrtj |t|}d}nd}d}t |d kr|\}}n=t |d kr |d}d}ntj|||||pd| S) NrThashrrr'FrTrr)rtrsrr)rident startswithrcrdInvalidHashErrorrfsplit_UDOLLAR_UROUNDSpop_UZEROZeroPaddedRoundsErrorintMalformedHashError)clsrrpartsrtrrschks r\ from_stringz_SHA2_Common.from_string's$00 u%% /&))#.. .5zzQQRRx(( 8  x ( ( #x==A%%%%YYq\\!""%F  (( 8Vv-=-=f223777[[F#OOF"O u::??ID## ZZ1__8DCC&++C00 0s[D+  r^c|jdkr;|jr4td|j|j|jptdfz}n9td|j|j|j|jptdfz}t |S)Nrz%s%s$%sz%srounds=%d$%s$%s)rtrr rrsrr )rrs r\ to_stringz_SHA2_Common.to_stringTs ;$  4#7 Y<<4:ty#'=#9AbEE#;;DD())TZ-1Y 8N2-PPDT"""r^)os_cryptbuiltincZt|jr||jdSdS)NTF)r _test_hash_set_calc_checksum_backend_calc_checksum_os_cryptrs r\_load_backend_os_cryptz#_SHA2_Common._load_backend_os_cryptis2 s~ &   * *3+F G G G45r^c<|}t||}|||S|j}||jr|| dz t kr!tj ||||| dS)Nr) rr_calc_checksum_builtin checksum_sizerrrrcrdCryptBackendError)rsecretconfigrcss r\rz$_SHA2_Common._calc_checksum_os_cryptqs!!&&)) <..v66 6 tz** ?dB3q5kX.E.E&**4>> >RCDDzr^c:||jdS)NT)rrrs r\_load_backend_builtinz"_SHA2_Common._load_backend_builtins &&s'ABBBtr^cDt||j|j|jSN)rrsrt _cdb_use_512)rrs r\rz#_SHA2_Common._calc_checksum_builtins$vty$+#022 2r^r)__name__ __module__ __qualname____doc__ setting_kwdsrc HASH64_CHARSchecksum_chars max_salt_size salt_chars min_rounds max_rounds rounds_costr_rounds_prefixrrrr classmethodrrbackendsrrrrr __classcell__)rs@r\rrs/LL FL_NMJJJKLN O//////DDDHHH**[*X###'HJ[   "[2222222r^rc8eZdZdZdZedZdZdZdZ dS)r aKThis class implements the SHA256-Crypt password hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 0-16 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 535000, must be between 1000 and 999999999, inclusive. .. note:: per the official specification, when the rounds parameter is set to 5000, it may be omitted from the hash string. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 .. commented out, currently only supported by :meth:`hash`, and not via :meth:`using`: :type implicit_rounds: bool :param implicit_rounds: this is an internal option which generally doesn't need to be touched. this flag determines whether the hash should omit the rounds parameter when encoding it to a string; this is only permitted by the spec for rounds=5000, and the flag is ignored otherwise. the spec requires the two different encodings be preserved as they are, instead of normalizing them. z$5$r2i))testz?$5$rounds=1000$test$QmQADEXMG8POI5WDsaeho0P36yK3Tcrgboabng6bkb/N) rrrrnamer rrdefault_roundsrrWr^r\r r s>**\ D AeHHEMN :JJJr^c<eZdZdZdZedZdZdZdZ dZ dS)r aKThis class implements the SHA512-Crypt password hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 0-16 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 656000, must be between 1000 and 999999999, inclusive. .. note:: per the official specification, when the rounds parameter is set to 5000, it may be omitted from the hash string. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 .. commented out, currently only supported by :meth:`hash`, and not via :meth:`using`: :type implicit_rounds: bool :param implicit_rounds: this is an internal option which generally doesn't need to be touched. this flag determines whether the hash should omit the rounds parameter when encoding it to a string; this is only permitted by the spec for rounds=5000, and the flag is ignored otherwise. the spec requires the two different encodings be preserved as they are, instead of normalizing them. z$6$VTi )rzj$6$rounds=1000$test$2M/Lx6MtobqjLjobw0Wmo4Q5OFx5nVLJvmgseatA6oMnyWeBdRDx4DU.1H3eGmse6pgsOgDisWBGI5c7TZauS0N) rrrrrr rrrrrrWr^r\r r sC**^ D AeHHEMLN (JJJr^)F)&rrglogging getLoggerrlog passlib.utilsrrrrpasslib.utils.binaryrpasslib.utils.compatrr r r passlib.utils.handlersutilshandlersrc__all__rbrnrkrirrrrHasManyBackends HasRoundsHasSaltGenericHandlerrr r rWr^r\rs?? 'g'11444444444444$$$$$$888888888888#########   |J|J|J|JB 1Y<< 1S66 3L2L2L2L2L22%r|RZ$L2L2L2d9:9:9:9:9:<9:9:9:D=(=(=(=(=(<=(=(=(=(=(r^