a fŸWc(Uã@sèdZddlZddlZe e¡ZddlmZmZm Z m Z ddl m Z ddl mZmZmZmZddlmmZddgZdZd Zd Zd Zdd d„ZedƒZedƒZedƒZGdd„dejej ej!ej"ƒZ#Gdd„de#ƒZ$Gdd„de#ƒZ%dS)z9passlib.handlers.sha2_crypt - SHA256-Crypt / SHA512-CryptéN)Ú safe_cryptÚ test_cryptÚ repeat_stringÚ to_unicode)Úh64)Úbyte_elem_valueÚuÚ uascii_to_strÚunicodeÚ sha512_cryptÚ sha256_cryptó))ré©éé©rr)rérr©rr)érrr)rrrrr)rrrr)rrrrr) éé ré réréé éé réréréééééééééééééé éé)@é*rrré+rrré,é-rrré.r r"ré/é0r'r$r&é1r)r+r(é2é3r.r-ré4r/é ré5é6é!rré7é"é#ré8é9é$r!r#é:é%é&r%é;é<é'r*r,é=é(é)ré>é?FcsJt|tƒr| d¡}t|vr0tj |r*tnt¡‚t |ƒ}| d¡}t |ƒ}|rZt j }t }n t j }t}||||ƒ ¡}|||ƒ} | j} | t||ƒƒ|} | r¾| | d@r®|n|ƒ| dL} qœ|  ¡} |dkræt|||ƒ ¡|ƒ} n<||ƒ}|j}|d} | r||ƒ| d8} qüt| ¡|ƒ} ||dt| dƒƒ ¡d|…}| | }| |}| |||| || ||g‰‡fdd „tDƒ}| }t|d ƒ\}}|rÔ|D]&\}}|||||ƒ ¡ƒ ¡}q |d8}q–|r8|d?}|d|…D]&\}}|||||ƒ ¡ƒ ¡}qî|d@r8||||dƒ ¡}t ||¡ d¡S) aßperform raw sha256-crypt / sha512-crypt this function provides a pure-python implementation of the internals for the SHA256-Crypt and SHA512-Crypt algorithms; it doesn't handle any of the parsing/validation of the hash strings themselves. :arg pwd: password chars/bytes to hash :arg salt: salt chars to use :arg rounds: linear rounds cost :arg use_512: use sha512-crypt instead of sha256-crypt mode :returns: encoded checksum chars zutf-8Úasciiré`r#rNcs g|]\}}ˆ|ˆ|f‘qS©rR)Ú.0ÚevenÚodd©ZpermsrRú?/usr/lib/python3.9/site-packages/passlib/handlers/sha2_crypt.pyÚ Ûóz#_raw_sha2_crypt..r0)Ú isinstancer ÚencodeÚ_BNULLÚuhÚexcZNullPasswordErrorr r ÚlenÚhashlibZsha512Ú_512_transpose_mapZsha256Ú_256_transpose_mapÚdigestÚupdaterrÚ_c_digest_offsetsÚdivmodrZencode_transposed_bytesÚdecode)ÚpwdÚsaltÚroundsZuse_512Zpwd_lenZsalt_lenZ hash_constZ transpose_mapZdbZa_ctxZ a_ctx_updateÚiÚdaZdpZtmp_ctxZtmp_ctx_updateZdsZdp_dpZdp_dsÚdataZdcZblocksÚtailrTrUÚpairsrRrVrWÚ_raw_sha2_crypt8s`!      $/     rpzrounds=ú$Ú0cs¢eZdZdZdZejZdZejZ dZ dZ dZ dZ dZdZd‡fd d „ Zd d „Zd d„Zedd„ƒZdd„ZdZdZedd„ƒZdd„Zedd„ƒZdd„Z‡ZS)Ú _SHA2_CommonzBclass containing common code shared by sha256_crypt & sha512_crypt)rirjÚimplicit_roundsZ salt_sizer#ièiÿÉš;ZlinearFNc s8tt|ƒjfi|¤Ž|dur.|jo,|jdk}||_dS)Néˆ)ÚsuperrsÚ__init__Z use_defaultsrjrt)ÚselfrtÚkwds©Ú __class__rRrWrwsz_SHA2_Common.__init__cCs|j||jdudS©N)Zrelaxed)Z _norm_saltÚchecksum)rxrirRrRrWÚ _parse_saltsz_SHA2_Common._parse_saltcCs|j||jdudSr|)Z _norm_roundsr})rxrjrRrRrWÚ _parse_rounds#sz_SHA2_Common._parse_roundscCsÞt|ddƒ}|j}| |¡s(tj |¡‚|dd… t¡}|d t¡r†|  d¡dd…}| t ¡rx|t krxtj  |¡‚t |ƒ}d}nd}d}t |ƒd kr¤|\}}n&t |ƒd kr¾|d}d}n tj |¡‚||||pÖd|d S) NrPÚhashrrr&FruTrr)rjrir}rt)rÚidentÚ startswithr]r^ZInvalidHashErrorÚsplitÚ_UDOLLARÚ_UROUNDSÚpopÚ_UZEROZZeroPaddedRoundsErrorÚintr_ZMalformedHashError)Úclsr€rÚpartsrjrtriZchkrRrRrWÚ from_string's2        üz_SHA2_Common.from_stringcCs^|jdkr2|jr2tdƒ|j|j|jp*tdƒf}n$tdƒ|j|j|j|jpPtdƒf}t|ƒS)Nruz%s%s$%sÚz%srounds=%d$%s$%s)rjrtrrrir}r )rxr€rRrRrWÚ to_stringTs ÿÿz_SHA2_Common.to_string)Zos_cryptZbuiltincCs"t|jŽr| |j¡dSdSdS)NTF)rÚ _test_hashÚ_set_calc_checksum_backendÚ_calc_checksum_os_crypt©r‰rRrRrWÚ_load_backend_os_cryptis  z#_SHA2_Common._load_backend_os_cryptcCsf| ¡}t||ƒ}|dur$| |¡S|j}| |j¡rH|| dtkrXtj  |||¡‚|| d…S)Nr) rrÚ_calc_checksum_builtinÚ checksum_sizer‚rr„r]r^ZCryptBackendError)rxÚsecretZconfigr€ÚcsrRrRrWrqs  z$_SHA2_Common._calc_checksum_os_cryptcCs| |j¡dS)NT)rr“r‘rRrRrWÚ_load_backend_builtin‚s z"_SHA2_Common._load_backend_builtincCst||j|j|jƒS)N)rprirjÚ _cdb_use_512)rxr•rRrRrWr“‡s ÿz#_SHA2_Common._calc_checksum_builtin)N)Ú__name__Ú __module__Ú __qualname__Ú__doc__Z setting_kwdsr]Z HASH64_CHARSZchecksum_charsZ max_salt_sizeZ salt_charsZ min_roundsZ max_roundsZ rounds_costr˜Z_rounds_prefixrtrwr~rÚ classmethodr‹rZbackendsrŽr’rr—r“Ú __classcell__rRrRrzrWrsýs2 ,   rsc@s(eZdZdZdZedƒZdZdZdZ dS)r aKThis class implements the SHA256-Crypt password hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 0-16 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 535000, must be between 1000 and 999999999, inclusive. .. note:: per the official specification, when the rounds parameter is set to 5000, it may be omitted from the hash string. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 .. commented out, currently only supported by :meth:`hash`, and not via :meth:`using`: :type implicit_rounds: bool :param implicit_rounds: this is an internal option which generally doesn't need to be touched. this flag determines whether the hash should omit the rounds parameter when encoding it to a string; this is only permitted by the spec for rounds=5000, and the flag is ignored otherwise. the spec requires the two different encodings be preserved as they are, instead of normalizing them. z$5$r1iØ))Útestz?$5$rounds=1000$test$QmQADEXMG8POI5WDsaeho0P36yK3Tcrgboabng6bkb/N) r™ršr›rœÚnamerrr”Údefault_roundsrŽrRrRrRrWr s .c@s,eZdZdZdZedƒZdZdZdZ dZ dS)r aKThis class implements the SHA512-Crypt password hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 0-16 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 656000, must be between 1000 and 999999999, inclusive. .. note:: per the official specification, when the rounds parameter is set to 5000, it may be omitted from the hash string. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 .. commented out, currently only supported by :meth:`hash`, and not via :meth:`using`: :type implicit_rounds: bool :param implicit_rounds: this is an internal option which generally doesn't need to be touched. this flag determines whether the hash should omit the rounds parameter when encoding it to a string; this is only permitted by the spec for rounds=5000, and the flag is ignored otherwise. the spec requires the two different encodings be preserved as they are, instead of normalizing them. z$6$éVTi€ )rŸzj$6$rounds=1000$test$2M/Lx6MtobqjLjobw0Wmo4Q5OFx5nVLJvmgseatA6oMnyWeBdRDx4DU.1H3eGmse6pgsOgDisWBGI5c7TZauS0N) r™ršr›rœr rrr”r˜r¡rŽrRrRrRrWr Ñs/)F)&rœr`ZloggingZ getLoggerr™ÚlogZ passlib.utilsrrrrZpasslib.utils.binaryrZpasslib.utils.compatrrr r Zpasslib.utils.handlersZutilsÚhandlersr]Ú__all__r\rerbrarpr…r„r‡ZHasManyBackendsZ HasRoundsZHasSaltZGenericHandlerrsr r rRrRrRrWÚs0 þ   BÿB