a fWc>@s8dZddlmZddlZddlZeeZz(ddlmZ e j dkrPe ddZ Wne yhdZ Yn0ddl Z ddlZddlmZddlmZzddlmZWne ydZYn0dd lmZdd lmZmZmZmZmZmZdd lmZm Z m!Z!m"Z"m#Z#dd l$m%Z%gd Z&dZ'dZ(gdZ)ddddddddddddddddZ*ddZ+iZ,dd Z-d!d"Z.dVd%d&Z/e,j0e/_1dWd'd(Z2Gd)d*d*eZ3d#a4e5gd+Z6dXd,d-Z7eej89d.re7ed/d0ed1DZ:ed2d0ed1DZ;dYd3d4ZZ?d[d8d9Zej89d:p(d;Z@e"r\e@dd?ZCd@dAZDdBZEnve@dCvrddlmZddDlmFZFeFdEkZGiZHdFd?ZCdGZEn:e@dHvsJddIlImJZKddJlmLZLdKd?ZCdLdAZDdMZEe@eEkrdZZ dNdOerdPnde rdQnddReEfDZMdPeMvr dSZNndQeMvr0dTZNndUZNdS)\zlpasslib.crypto.digest -- crytographic helpers used by the password hashes in passlib .. versionadded:: 1.7 )divisionN) pbkdf2_hmachashlibz*ignoring pure-python hashlib.pbkdf2_hmac())Struct)warn)exc) join_bytes to_native_strjoin_byte_valuesto_bytes SequenceMixinas_bool)irange int_typesunicode_or_bytes_typesPY3 error_from)memoized_property) lookup_hashHashInfonorm_hash_name compile_hmacpbkdf1rll) )md2r)md5r)sha1zsha-1)sha224zsha-224zsha2-224)sha256zsha-256zsha2-256)sha384zsha-384zsha2-384)sha512zsha-512zsha2-512)blake2bzblake-2b)blake2szblake-2s)md4r")Z ripemd160z ripemd-160Zripemd)@) r#)r#)r#)r#)0r$)r()r%)r)h)r#H)r&)r r!r"rrrrrsha3_224sha3_256sha3_384sha3_512rZshake128Zshake256cCs<i}ttjtdgBD]}t|}|j|jf||j<q|S)z internal helper used to generate ``_fallback_info`` dict. currently only run manually to update the above list; not invoked at runtime. r")sortedrZalgorithms_availablesetr digest_size block_sizename)outZalginfor:9/usr/lib/python3.9/site-packages/passlib/crypto/digest.py_gen_fallback_infozs r<c Cs|}t|tst|dd}tdd|}|dr\|dd}|dr\|dd }d d }||}|rt|St d |}|r| d dd\}}}|r||7}|}|r|d|7}|r|d7}||7}||}|r|St d|||n |}| dd}t d|||||fS)aA internal helper used by :func:`lookup_hash` -- normalize arbitrary hash name to hashlib format. if name not recognized, returns dummy record and issues a warning. :arg name: unnormalized name :returns: tuple with 2+ elements: ``(hashlib_name, iana_name|None, ... 0+ aliases)``. zutf-8z hash namez[_ /]-zscram-Nz-pluscSstD]}||vr|SqdSN)_known_hash_names)r7rowr:r:r; check_tablesz&_get_hash_aliases..check_tablez8(?i)^(?P[a-z]+)-?(?P\d)?-?(?P\d{3,4})?$r7revsize_z0normalizing unrecognized hash name %r => %r / %rz;normalizing unrecognized hash name and format %r => %r / %r) isinstancestrr resubstriplower startswithendswithmatchgrouplogr9replaceZwarning) r7ZorigrCresultm iana_namerDrEZ hashlib_namer:r:r;_get_hash_aliasessF         rVcsds2dvr2z ttWSty0Yn0tjzdWntyXYn,0d fdd }|_d|_d|_|Sdkrd d l m }|Sd S) a internal helper used by :func:`lookup_hash` -- lookup hash constructor by name :arg name: name (normalized to hashlib format, e.g. ``"sha256"``) :returns: hash constructor, e.g. ``hashlib.sha256()``; or None if hash can't be located. rF)newZ algorithmscs |Sr@r:msgr7Z new_ssl_hashr:r;constsz_get_hash_const..constrzMwrapper for hashlib.new(%r), generated by passlib.crypto.digest.lookup_hash()r"r)r"N)rX) rMgetattrrAttributeErrorrW ValueError__name__ __module____doc__Zpasslib.crypto._md4r")r7r\r"r:r[r;_get_hash_consts*     rcFTc s^t}z ||WSttfy$Yn0|r.d}d}t|trt|}|dsTJ|krtt|d}|||<|St}|rtrt vrd fdd }n^t|t r|St |r|}t|j }|dt}|durn||urnd}nt |d d t |||d }|dur|||<|rZ|D]4r$|d|fvsNJd ||<q$|S)af Returns a :class:`HashInfo` record containing information about a given hash function. Can be used to look up a hash constructor by name, normalize hash name representation, etc. :arg digest: This can be any of: * A string containing a :mod:`!hashlib` digest name (e.g. ``"sha256"``), * A string containing an IANA-assigned hash name, * A digest constructor function (e.g. ``hashlib.sha256``). Case is ignored, underscores are converted to hyphens, and various other cleanups are made. :param required: By default (True), this function will throw an :exc:`~passlib.exc.UnknownHashError` if no hash constructor can be found, or if the hash is not actually available. If this flag is False, it will instead return a dummy :class:`!HashInfo` record which will defer throwing the error until it's constructor function is called. This is mainly used by :func:`norm_hash_name`. :param return_unknown: .. deprecated:: 1.7.3 deprecated, and will be removed in passlib 2.0. this acts like inverse of **required**. :returns HashInfo: :class:`HashInfo` instance containing information about specified digest. Multiple calls resolving to the same hash should always return the same :class:`!HashInfo` instance. FTrrequiredrXcstddS)Nz4%r disabled for fips by passlib set_mock_fips_mode())r_sourcer7r:r;r\Aszlookup_hash..constNzdigest name or constructordigest)r\namesrez%r already in cache)rX)_hash_info_cacheKeyError TypeErrorrGrrVrrcmock_fips_mode_fips_algorithmsrcallabler7rExpectedTypeErrorget) riZreturn_unknownrecacheZ cache_by_nameZ name_listr9r\Z other_constr:rhr;rsR&        rcCsRt|dd}|jr$td|jtj|dkr2|jS|dkr@|jStd|fdS)a<Normalize hash function name (convenience wrapper for :func:`lookup_hash`). :arg name: Original hash function name. This name can be a Python :mod:`~hashlib` digest name, a SCRAM mechanism name, IANA assigned hash name, etc. Case is ignored, and underscores are converted to hyphens. :param format: Naming convention to normalize to. Possible values are: * ``"hashlib"`` (the default) - normalizes name to be compatible with Python's :mod:`!hashlib`. * ``"iana"`` - normalizes name to IANA-assigned hash function name. For hashes which IANA hasn't assigned a name for, this issues a warning, and then uses a heuristic to return a "best guess" name. :returns: Hash name, returned as native :class:`!str`. Frdznorm_hash_name(): rZianazunknown format: %rN) runknownr error_textrPasslibRuntimeWarningr7rUr_)r7formatr9r:r:r;rss rc@sneZdZdZdZdZdZdZdZdZ dZ dZ dddZ dd Z d d Zed d ZeddZeddZdS)ra Record containing information about a given hash algorithm, as returned :func:`lookup_hash`. This class exposes the following attributes: .. autoattribute:: const .. autoattribute:: digest_size .. autoattribute:: block_size .. autoattribute:: name .. autoattribute:: iana_name .. autoattribute:: aliases .. autoattribute:: supported This object can also be treated a 3-element sequence containing ``(const, digest_size, block_size)``. Nr:FTc s6|d_|d_|dd_fdd}|durj|tvrPd}nd}d _||dSz |}Wn\ty}zDd t|vrd }nd t|j |f}||WYd}~dSd}~00|_ |j _ |j _ t ||j kr td j|jjkr2tdj||jftjdS)a initialize new instance. :arg const: hash constructor :arg names: list of 2+ names. should be list of ``(name, iana_name, ... 0+ aliases)``. names must be lower-case. only iana name may be None. rNcsZdfdd }r"|ds"J_|_zt\__WntyTYn0dS)zc helper that installs stub constructor which throws specified error . rXcstdSr@)rZUnknownHashErrorrf)rZr7r:r;r\sz8HashInfo.__init__..use_stub_const..constzshouldn't get hereN)rX)rur\_fallback_infor5r6rl)rZr\r7reselfrYr;use_stub_consts z)HashInfo.__init__..use_stub_constzunsupported hash: %rzunknown hash: %rTzdisabled for fipsz%r hash disabled for fipsz)internal error in %r constructor (%s: %s)z"%r constructor failed sanity checkzEinconsistent digest name: %r resolved to %r, which reports name as %r)r7rUaliasesrArtr_rHrLtyper`r\r5r6lenri RuntimeErrorrrrv)r|r\rjrer}rZhasherrr:r{r;__init__s<      zHashInfo.__init__cCsd|j|j|jfS)Nz/helper to detect if hash is supported by hashlib.pbkdf2_hmac()NrrrxTF)_stdlib_pbkdf2_hmacr7r_rr:r:r;supported_by_hashlib_pbkdf20s z$HashInfo.supported_by_hashlib_pbkdf2)T)r`ra __qualname__rbr7rUr~r\r5r6rurtrrrrrrrr:r:r:r;rs& L  r) rrrrrr/r0r1r2Z shake_128Z shake_256cCs|atdS)zW UT helper which monkeypatches lookup_hash() internals to replicate FIPS mode. N)rnr clear_cache)enabler:r:r;_set_mock_fips_mode_srZPASSLIB_MOCK_FIPS_MODEccs|]}|dAVqdS)\Nr:.0xr:r:r; qrXrccs|]}|dAVqdS)6Nr:rr:r:r;rrrXc st|}|\}}}|dks"Jdt|ts8t|dd}t|}||krX||}|}||krp|d||7}||tj||t j|rfdd}nfdd}||_ |S) a This function returns an efficient HMAC function, hardcoded with a specific digest & key. It can be used via ``hmac = compile_hmac(digest, key)``. :arg digest: digest name or constructor. :arg key: secret key as :class:`!bytes` or :class:`!unicode` (unicode will be encoded using utf-8). :param multipart: request a multipart constructor instead (see return description). :returns: By default, the returned function has the signature ``hmac(msg) -> digest output``. However, if ``multipart=True``, the returned function has the signature ``hmac() -> update, finalize``, where ``update(msg)`` may be called multiple times, and ``finalize() -> digest_output`` may be repeatedly called at any point to calculate the HMAC digest so far. The returned object will also have a ``digest_info`` attribute, containing a :class:`lookup_hash` instance for the specified digest. This function exists, and has the weird signature it does, in order to squeeze as provide as much efficiency as possible, by omitting much of the setup cost and features of the stdlib :mod:`hmac` module. r&zblock size too smallkeyZparamcsfdd}j|fS)z)generated by compile_hmac(multipart=True)cs}||Sr@updateri)outer) _outer_copyinnerr:r;finalizesz,compile_hmac..hmac..finalize)r)rZ _inner_copyr)rr;hmacszcompile_hmac..hmaccs,}||}|||S)zgenerated by compile_hmac()r)rZrrrr:r;rs  ) rrGbytesr rri translate _TRANS_36copy _TRANS_5C digest_info) rirZ multipartrr\r5r6Zklenrr:rr;rts$       rc Cst|\}}}t|dd}t|dd}t|ts>t|dd|dkrNtd|dur\|}nDt|tsvt|d d n*|d krtd n||krtd ||f||}t|D]} ||}q|d|S)a;pkcs#5 password-based key derivation v1.5 :arg digest: digest name or constructor. :arg secret: secret to use when generating the key. may be :class:`!bytes` or :class:`unicode` (encoded using UTF-8). :arg salt: salt string to use when generating key. may be :class:`!bytes` or :class:`unicode` (encoded using UTF-8). :param rounds: number of rounds to use to generate key. :arg keylen: number of bytes to generate (if omitted / ``None``, uses digest's native size) :returns: raw :class:`bytes` of generated key .. note:: This algorithm has been deprecated, new code should use PBKDF2. Among other limitations, ``keylen`` cannot be larger than the digest size of the specified hash. secretrsaltintroundsrxrounds must be at least 1N int or Nonekeylenrzkeylen must be at least 0z'keylength too large for digest: %r > %r) rr rGrrrqr_rri) rirrrrr\r5r6blockrFr:r:r;rs*      rz>Lcst|dd}tddt|}|j}tts>tdddkrNtd|dur\|}n*t|tsvt|d d n|dkrtd ||d|}|tkrt d |j rt |j ||S|j rt|j ||St||t|tfd dtd|dDd|S)apkcs#5 password-based key derivation v2.0 using HMAC + arbitrary digest. :arg digest: digest name or constructor. :arg secret: passphrase to use to generate key. may be :class:`!bytes` or :class:`unicode` (encoded using UTF-8). :arg salt: salt string to use when generating key. may be :class:`!bytes` or :class:`unicode` (encoded using UTF-8). :param rounds: number of rounds to use to generate key. :arg keylen: number of bytes to generate. if omitted / ``None``, will use digest's native output size. :returns: raw bytes of generated key .. versionchanged:: 1.7 This function will use the first available of the following backends: * `fastpbk2 `_ * :func:`hashlib.pbkdf2_hmac` (only available in py2 >= 2.7.8, and py3 >= 3.4) * builtin pure-python backend See :data:`passlib.crypto.digest.PBKDF2_BACKENDS` to determine which backend(s) are in use. rrrrrrxrNrrzkeylen must be at least 1zkeylen too long for digestc3s&|]}t|VqdSr@) _pack_uint32riZ calc_block keyed_hmacrrr:r;rcszpbkdf2_hmac..)r rr5rGrrrqr_ MAX_UINT32 OverflowErrorrrr7rrr_get_pbkdf2_looperrr)rirrrrrr5Z block_countr:rr;rs8$      rZPASSLIB_PBKDF2_BACKENDany)r from-bytes)partialcCs tt|Sr@)r_pbkdf2_looperr5r:r:r;rrsrcCsHtj}d}|||}t|dD]}||}||||N}q |||S)zk py3-only implementation of pbkdf2 inner loop; uses 'int.from_bytes' + integer XOR Zbigrx)r from_bytesrr )r5rrirrZBIGaccumrFr:r:r;rus rr)runpackr)sys_bitsr#c CsDz t|WStyYn0tr<|d@s<|d?}d|}nD|d@sttrb|d?}d|}|d7}q|d?}d|}n td|t|}t|d d d t|Dd d d t|Dd }djfi|}t|D]}|d||f7}q|djfi|7}t |dd}tt|d}t} t ||| | d} || _ | t|<| S)a) We want a helper function which performs equivalent of the following:: def helper(keyed_hmac, digest, rounds): accum = digest for _ in irange(rounds - 1): digest = keyed_hmac(digest) accum ^= digest return accum However, no efficient way to implement "bytes ^ bytes" in python. Instead, using approach where we dynamically compile a helper function based on digest size. Instead of a single `accum` var, this helper breaks the digest into a series of integers. It stores these in a series of`accum_` vars, and performs `accum ^= digest` by unpacking digest and perform xor for each "accum_ ^= digest_". this keeps everything in locals, avoiding excessive list creation, encoding or decoding, etc. :param digest_size: digest size to compile for, in bytes. (must be multiple of 4). :return: helper function with call signature outlined above. z=%dQz=%dQIrxryz=%dIzunsupported digest size: %dz, css|]}d|VqdS)zacc_%dNr:rr:r:r;rrXz%_get_pbkdf2_looper..css|]}d|VqdS)zdig_%dNr:rr:r:r;rrX)r5Z accum_varsZ digest_varsa def helper(keyed_hmac, digest, rounds): '''pbkdf2 loop helper for digest_size={digest_size}''' unpack_digest = struct.unpack {accum_vars} = unpack_digest(digest) for _ in irange(1, rounds): digest = keyed_hmac(digest) {digest_vars} = unpack_digest(digest) z acc_%d ^= dig_%d z% return struct.pack({accum_vars}) z9exec)rstructhelper) _looper_cacherl _have_64_bitNotImplementedErrorrdictjoinrrwcompileevalZ __source__) r5countZfmtrZtdictrgrcodeZgdictZldictrr:r:r;rsH           r)rhexlify)r) int_to_bytescCstSr@)rrr:r:r;rscCsLt}t||d}t|dD]}||}|t||dN}qt|t|S)Nr&rx)_hexlifyrrrr)rrirrrrFr:r:r;rs rcCsg|] }|r|qSr:r:)rbr:r:r; sr fastpbkdf2z hashlib-sslzbuiltin-rgffffff?rx)FT)r)T)F)N)N)OrbZ __future__rrZloggingZ getLoggerr`rQrrradebug ImportErrorrIosrrwarningsrrrZpasslibrZ passlib.utilsrr r r r r Zpasslib.utils.compatrrrrrZpasslib.utils.decorr__all__rZ MAX_UINT64rArzr<rkrVrcrclearrrrrnr4rorenvironrrrrrrpackrZ_force_backend functoolsrrrZ_builtin_backendrrrZbinasciirrrZPBKDF2_BACKENDSZPBKDF2_SPEED_FACTORr:r:r:r;s             $@1 v #1   P ?  h     f