;Xc@@sdZddlZddlZejeZddlmZmZm Z m Z ddl m Z ddl mZmZmZmZddljjZddgZdZdQdRdSdTdUdVdWdXdYdZd[d\d]d^d_d`dadbdcdddefZdfZdgZedIZedJZedKZedLZdMej ej!ej"ej#fdNYZ$de$fdOYZ%de$fdPYZ&dS(hs9passlib.handlers.sha2_crypt - SHA256-Crypt / SHA512-CryptiN(t safe_cryptt test_cryptt repeat_stringt to_unicode(th64(tbyte_elem_valuetut uascii_to_strtunicodet sha512_cryptt sha256_crypttiiiiiiii i iii ii iiiiiiiiiiiiiiii iii*i+i,i-i.i/i0i1i2i3i4i i5i6i!i7i"i#i8i9i$i:i%i&i;i<i'i=i(i)i>i?cCs<t|tr!|jd}nt|krNtjj|rBtntnt |}|jd}t |}|rt j }t }nt j }t}||||j}|||} | j} | t|||} x.| r| | d@r|n|| dL} qW| j} |dkrSt|||j|} nU||}|j}|d} x| r||| d8} quWt|j|} ||dt| dj| }| | }| |}| |||| || ||g}gtD] \}}||||f^q}| }t|d\}}xQ|rx:|D]2\}}|||||jj}q`W|d8}qSW|r#|d?}x>|| D]2\}}|||||jj}qW|d@r#||||dj}q#ntj||jdS(sperform raw sha256-crypt / sha512-crypt this function provides a pure-python implementation of the internals for the SHA256-Crypt and SHA512-Crypt algorithms; it doesn't handle any of the parsing/validation of the hash strings themselves. :arg pwd: password chars/bytes to hash :arg salt: salt chars to use :arg rounds: linear rounds cost :arg use_512: use sha512-crypt instead of sha256-crypt mode :returns: encoded checksum chars sutf-8tasciiii`iii*(t isinstanceRtencodet_BNULLtuhtexctNullPasswordErrorR R tlenthashlibtsha512t_512_transpose_maptsha256t_256_transpose_maptdigesttupdateRRt_c_digest_offsetstdivmodRtencode_transposed_bytestdecode(tpwdtsalttroundstuse_512tpwd_lentsalt_lent hash_constt transpose_maptdbta_ctxt a_ctx_updatetitdatdpttmp_ctxttmp_ctx_updatetdstdp_dptdp_dstpermsteventoddtdatatdctblocksttailtpairs((s?/usr/lib/python2.7/site-packages/passlib/handlers/sha2_crypt.pyt_raw_sha2_crypt8s`! !         "     (/  $- * * $srounds=t$t0t _SHA2_CommoncBseZdZdZejZdZejZdZ dZ dZ e Z dZe Zdd Zd Zd Zed Zd ZdZdZedZdZedZdZRS(sBclass containing common code shared by sha256_crypt & sha512_cryptR R!timplicit_roundst salt_sizeiiiɚ;tlinearcKsJtt|j||dkr=|jo7|jdk}n||_dS(Ni(tsuperR=t__init__tNonet use_defaultsR!R>(tselfR>tkwds((s?/usr/lib/python2.7/site-packages/passlib/handlers/sha2_crypt.pyRBs cCs|j|d|jdkS(Ntrelaxed(t _norm_salttchecksumRC(RER ((s?/usr/lib/python2.7/site-packages/passlib/handlers/sha2_crypt.pyt _parse_saltscCs|j|d|jdkS(NRG(t _norm_roundsRIRC(RER!((s?/usr/lib/python2.7/site-packages/passlib/handlers/sha2_crypt.pyt _parse_rounds#sc CsFt|dd}|j}|j|s?tjj|n|djt}|djtr|j dd}|jt r|t krtjj |nt |}t }n d}t}t|dkr|\}}n7t|dkr|d}d}ntjj||d |d |d |p<dd |S( NR thashiiiiiiR!R RIR>(Rtidentt startswithRRtInvalidHashErrortsplitt_UDOLLARt_UROUNDStpopt_UZEROtZeroPaddedRoundsErrortinttFalsetTrueRRCtMalformedHashError(tclsRMRNtpartsR!R>R tchk((s?/usr/lib/python2.7/site-packages/passlib/handlers/sha2_crypt.pyt from_string's0       cCs|jdkrI|jrItd|j|j|jp?tdf}n4td|j|j|j|jpvtdf}t|S(Nis%s%s$%sts%srounds=%d$%s$%s(R!R>RRNR RIR(RERM((s?/usr/lib/python2.7/site-packages/passlib/handlers/sha2_crypt.pyt to_stringTs tos_crypttbuiltincCs+t|jr#|j|jtStSdS(N(Rt _test_hasht_set_calc_checksum_backendt_calc_checksum_os_cryptRYRX(R[((s?/usr/lib/python2.7/site-packages/passlib/handlers/sha2_crypt.pyt_load_backend_os_cryptiscCs>t||j}|r-|j}|| S|j|SdS(N(RR`t checksum_sizet_calc_checksum_builtin(REtsecretRMtcs((s?/usr/lib/python2.7/site-packages/passlib/handlers/sha2_crypt.pyReqs   cCs|j|jtS(N(RdRhRY(R[((s?/usr/lib/python2.7/site-packages/passlib/handlers/sha2_crypt.pyt_load_backend_builtinscCst||j|j|jS(N(R:R R!t _cdb_use_512(RERi((s?/usr/lib/python2.7/site-packages/passlib/handlers/sha2_crypt.pyRhs(ssaltsroundssimplicit_roundsR?N(RaRb(t__name__t __module__t__doc__t setting_kwdsRt HASH64_CHARStchecksum_charst max_salt_sizet salt_charst min_roundst max_roundst rounds_costRXRlRCt_rounds_prefixR>RBRJRLt classmethodR^R`tbackendsRcRfReRkRh(((s?/usr/lib/python2.7/site-packages/passlib/handlers/sha2_crypt.pyR=s,     -  cBs2eZdZdZedZdZdZdZRS(s.This class implements the SHA256-Crypt password hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 0-16 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 535000, must be between 1000 and 999999999, inclusive. :type implicit_rounds: bool :param implicit_rounds: this is an internal option which generally doesn't need to be touched. this flag determines whether the hash should omit the rounds parameter when encoding it to a string; this is only permitted by the spec for rounds=5000, and the flag is ignored otherwise. the spec requires the two different encodings be preserved as they are, instead of normalizing them. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 R s$5$i+i)ttests?$5$rounds=1000$test$QmQADEXMG8POI5WDsaeho0P36yK3Tcrgboabng6bkb/(R{s?$5$rounds=1000$test$QmQADEXMG8POI5WDsaeho0P36yK3Tcrgboabng6bkb/( RmRnRotnameRRNRgtdefault_roundsRc(((s?/usr/lib/python2.7/site-packages/passlib/handlers/sha2_crypt.pyR s $ cBs8eZdZdZedZdZeZdZ dZ RS(s.This class implements the SHA512-Crypt password hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 0-16 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 656000, must be between 1000 and 999999999, inclusive. :type implicit_rounds: bool :param implicit_rounds: this is an internal option which generally doesn't need to be touched. this flag determines whether the hash should omit the rounds parameter when encoding it to a string; this is only permitted by the spec for rounds=5000, and the flag is ignored otherwise. the spec requires the two different encodings be preserved as they are, instead of normalizing them. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 R s$6$iVi R{sj$6$rounds=1000$test$2M/Lx6MtobqjLjobw0Wmo4Q5OFx5nVLJvmgseatA6oMnyWeBdRDx4DU.1H3eGmse6pgsOgDisWBGI5c7TZauS0(stestsj$6$rounds=1000$test$2M/Lx6MtobqjLjobw0Wmo4Q5OFx5nVLJvmgseatA6oMnyWeBdRDx4DU.1H3eGmse6pgsOgDisWBGI5c7TZauS0( RmRnRoR|RRNRgRYRlR}Rc(((s?/usr/lib/python2.7/site-packages/passlib/handlers/sha2_crypt.pyR s$ (ii(ii(ii(ii(ii(ii(ii(ii(ii(ii(ii(ii(ii(ii(ii(ii(ii(ii(ii(ii(ii( ii ii iiiii ii iiiiiiiiiiiiiiiiiii ii(@i*iiii+iiii,i-iiii.iiii/i0iiii1iiii2i3ii i i4ii i i5i6i!i i i7i"i#ii8i9i$iii:i%i&ii;i<i'iii=i(i)ii>i?('RoRtloggingt getLoggerRmtlogt passlib.utilsRRRRtpasslib.utils.binaryRtpasslib.utils.compatRRRRtpasslib.utils.handlerstutilsthandlersRt__all__RRRRRXR:RSRRRUtHasManyBackendst HasRoundstHasSalttGenericHandlerR=R R (((s?/usr/lib/python2.7/site-packages/passlib/handlers/sha2_crypt.pyts6  ""     ;