a fWc(U@sdZddlZddlZeeZddlmZmZm Z m Z ddl m Z ddl mZmZmZmZddlmmZddgZdZd Zd Zd Zdd dZedZedZedZGdddejej ej!ej"Z#Gddde#Z$Gddde#Z%dS)z9passlib.handlers.sha2_crypt - SHA256-Crypt / SHA512-CryptN) safe_crypt test_crypt repeat_string to_unicode)h64)byte_elem_valueu uascii_to_strunicode sha512_crypt sha256_crypt))rrr)rrrrr)rrr)rrrrr)rrrr)rrrrr)  r rr  rrr )@*rrr+rrr,-rrr.r r"r/0r'r$r&1r)r+r(23r.r-r4r/ r56!rr7"#r89$r!r#:%&r%;<'r*r,=()r>?Fcst|tr|d}t|ts"Jt|vr>tj|r8tnt t |}d|krZdksdnJdt|tsvJd|d}t |}|dksJd|rt j }t }n t j}t}||||}|||} | j} | t|||} | r| | d @r|n|| d L} q| } |d kr8t||||} n>||}|j}|d } | rh||| d 8} qNt||} t | |ksJ||d t| d d |}t ||ksJd| | }| |}| |||| || ||gfddtD}| }t|d\}}|rP|D]&\}}|||||}q|d 8}q|r|d ?}|d |D]&\}}|||||}qj|d @r||||d }t||dS)aperform raw sha256-crypt / sha512-crypt this function provides a pure-python implementation of the internals for the SHA256-Crypt and SHA512-Crypt algorithms; it doesn't handle any of the parsing/validation of the hash strings themselves. :arg pwd: password chars/bytes to hash :arg salt: salt chars to use :arg rounds: linear rounds cost :arg use_512: use sha512-crypt instead of sha256-crypt mode :returns: encoded checksum chars zutf-8ɚ;zinvalid roundszsalt not unicodeasciir%zsalt too larger`r#rNzsalt_len somehow > hash_len!cs g|]\}}||fqSrT).0evenoddZpermsrT?/usr/lib/python3.9/site-packages/passlib/handlers/sha2_crypt.py z#_raw_sha2_crypt..r0) isinstancer encodebytes_BNULLuhexcZNullPasswordErrorr r lenhashlibZsha512_512_transpose_mapZsha256_256_transpose_mapdigestupdaterr_c_digest_offsetsdivmodrZencode_transposed_bytesdecode)pwdsaltroundsZuse_512Zpwd_lenZsalt_lenZ hash_constZ transpose_mapZdbZa_ctxZ a_ctx_updateidaZdpZtmp_ctxZtmp_ctx_updateZdsZdp_dpZdp_dsdataZdcZblockstailrVrWpairsrTrXrY_raw_sha2_crypt8sl!       $.     rszrounds=$0cseZdZdZdZejZdZejZ dZ dZ dZ dZ dZdZdfd d Zd d Zd dZeddZddZdZdZeddZddZeddZddZZS) _SHA2_CommonzBclass containing common code shared by sha256_crypt & sha512_crypt)rlrmimplicit_roundsZ salt_sizer#rPrQZlinearFNc s8tt|jfi||dur.|jo,|jdk}||_dS)N)superrv__init__Z use_defaultsrmrw)selfrwkwds __class__rTrYrzsz_SHA2_Common.__init__cCs|j||jdudSN)Zrelaxed)Z _norm_saltchecksum)r{rlrTrTrY _parse_saltsz_SHA2_Common._parse_saltcCs|j||jdudSr)Z _norm_roundsr)r{rmrTrTrY _parse_rounds#sz_SHA2_Common._parse_roundscCst|dd}|j}||s(tj|t|dks8J|ddt}|dt rtt dkshJ| ddd}|t r|t krtj |t |}d}nd}d}t|d kr|\}}n&t|d kr|d}d}n tj|||||pd|d S) NrRhashrrr&FrxTrr)rmrlrrw)rident startswithr`raZInvalidHashErrorrbsplit_UDOLLAR_UROUNDSpop_UZEROZZeroPaddedRoundsErrorintZMalformedHashError)clsrrpartsrmrwrlZchkrTrTrY from_string's6        z_SHA2_Common.from_stringcCs^|jdkr2|jr2td|j|j|jp*tdf}n$td|j|j|j|jpPtdf}t|S)Nrxz%s%s$%sz%srounds=%d$%s$%s)rmrwrrrlrr )r{rrTrTrY to_stringTs z_SHA2_Common.to_string)Zos_cryptZbuiltincCs"t|jr||jdSdSdS)NTF)r _test_hash_set_calc_checksum_backend_calc_checksum_os_cryptrrTrTrY_load_backend_os_cryptis  z#_SHA2_Common._load_backend_os_cryptcCsf|}t||}|dur$||S|j}||jrH|| dtkrXtj ||||| dS)Nr) rr_calc_checksum_builtin checksum_sizerrrr`raZCryptBackendError)r{secretZconfigrcsrTrTrYrqs  z$_SHA2_Common._calc_checksum_os_cryptcCs||jdS)NT)rrrrTrTrY_load_backend_builtins z"_SHA2_Common._load_backend_builtincCst||j|j|jS)N)rsrlrm _cdb_use_512)r{rrTrTrYrs z#_SHA2_Common._calc_checksum_builtin)N)__name__ __module__ __qualname____doc__Z setting_kwdsr`Z HASH64_CHARSZchecksum_charsZ max_salt_sizeZ salt_charsZ min_roundsZ max_roundsZ rounds_costrZ_rounds_prefixrwrzrr classmethodrrZbackendsrrrrr __classcell__rTrTr}rYrvs2 ,   rvc@s(eZdZdZdZedZdZdZdZ dS)r aKThis class implements the SHA256-Crypt password hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 0-16 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 535000, must be between 1000 and 999999999, inclusive. .. note:: per the official specification, when the rounds parameter is set to 5000, it may be omitted from the hash string. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 .. commented out, currently only supported by :meth:`hash`, and not via :meth:`using`: :type implicit_rounds: bool :param implicit_rounds: this is an internal option which generally doesn't need to be touched. this flag determines whether the hash should omit the rounds parameter when encoding it to a string; this is only permitted by the spec for rounds=5000, and the flag is ignored otherwise. the spec requires the two different encodings be preserved as they are, instead of normalizing them. z$5$r1i))testz?$5$rounds=1000$test$QmQADEXMG8POI5WDsaeho0P36yK3Tcrgboabng6bkb/N) rrrrnamerrrdefault_roundsrrTrTrTrYr s .c@s,eZdZdZdZedZdZdZdZ dZ dS)r aKThis class implements the SHA512-Crypt password hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 0-16 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 656000, must be between 1000 and 999999999, inclusive. .. note:: per the official specification, when the rounds parameter is set to 5000, it may be omitted from the hash string. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 .. commented out, currently only supported by :meth:`hash`, and not via :meth:`using`: :type implicit_rounds: bool :param implicit_rounds: this is an internal option which generally doesn't need to be touched. this flag determines whether the hash should omit the rounds parameter when encoding it to a string; this is only permitted by the spec for rounds=5000, and the flag is ignored otherwise. the spec requires the two different encodings be preserved as they are, instead of normalizing them. z$6$VTi )rzj$6$rounds=1000$test$2M/Lx6MtobqjLjobw0Wmo4Q5OFx5nVLJvmgseatA6oMnyWeBdRDx4DU.1H3eGmse6pgsOgDisWBGI5c7TZauS0N) rrrrrrrrrrrrTrTrTrYr s/)F)&rrcZloggingZ getLoggerrlogZ passlib.utilsrrrrZpasslib.utils.binaryrZpasslib.utils.compatrrr r Zpasslib.utils.handlersZutilshandlersr`__all__r_rhrerdrsrrrZHasManyBackendsZ HasRoundsZHasSaltZGenericHandlerrvr r rTrTrTrYs0    BB