ó èŽXc@ÀsñdZddlmZmZddlZejeƒZddlZddl Z ddl m Z e Z e addlmZddlmZddlmZddlmZmZdd lmZmZmZddljjZd gZ yddl!Z Wne"k re Z nXe#e d e ƒZ$e$rBe$ƒZ%e j&j'Z(nd fd „ƒYZ%dZ(dej)ej*ej+ej,ej-ej.fd„ƒYZ/de/fd„ƒYZ0de/fd„ƒYZ1de/fd„ƒYZ2d e0e/fd„ƒYZ!dS(sápasslib.handlers.argon2 -- argon2 password hash wrapper References ========== * argon2 - home: https://github.com/P-H-C/phc-winner-argon2 - whitepaper: https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf * argon2 cffi wrapper - pypi: https://pypi.python.org/pypi/argon2_cffi - home: https://github.com/hynek/argon2_cffi * argon2 pure python - pypi: https://pypi.python.org/pypi/argon2pure - home: https://github.com/bwesterb/argon2pure i(twith_statementtabsolute_importN(twarn(texc(t MAX_UINT32(tto_bytes(t b64s_encodet b64s_decode(tutunicodet bascii_to_strtargon2tPasswordHashert_default_settingscBÀs,eZdZdZdZdZdZdZRS(s† dummy object to use as source of defaults when argon2 mod not present. synced w/ argon2 16.1 as of 2016-6-16 iii(t__name__t __module__t__doc__t time_costt memory_costt parallelismtsalt_lenthash_len(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR :s it _Argon2Commonc BÀs—eZdZdZd Zed ƒZejZ ed ƒed ƒfZ ej Z dZ eZejZdZeZdZd"ZeZd#ZdZdZeZejZeZej Z eZ!d#Z"e#d#d#d#d#d#d#d#d„ƒZ$e#d„ƒZ%e#d„ƒZ&e'j(de'j)ƒZ*e#d„ƒZ+d„Z,ed#d#d#d„Z-e#d„ƒZ.e#ed„ƒZ/d„Z0dZ1e#d„ƒZ2e#d#d#d„ƒZ3RS($s& Base class which implements brunt of Argon2 code. This is then subclassed by the various backends, to override w/ backend-specific methods. When a backend is loaded, the bases of the 'argon2' class proper are modified to prepend the correct backend-specific subclass. R tsaltt salt_sizeRtroundsRRRt digest_sizeRs$argon2is $argon2i$s $argon2d$iitlineariiÿÿÿÿc KÀs|dk r4d|kr'tdƒ‚n||d[id])\$ (?: v=(?P\d+) \$ )? m=(?P\d+) , t=(?P\d+) , p=(?P\d+) (?: ,keyid=(?P[^,$]+) )? (?: ,data=(?P[^,$]+) )? (?: \$ (?P[^$]+) (?: \$ (?P.+) )? )? $ c CÀs|t|tƒr!|jdƒ}nt|tƒsEtj|dƒ‚n|jj|ƒ}|sotj|ƒ‚n|j ddddddd d d ƒ \ }}}}}}} } } |dksÐt d|fƒ‚|råt dƒ‚n|d|d kd|r t |ƒnddt |ƒdt |ƒdt |ƒd | rEt | ƒndd | r]t | ƒndd| rut | ƒndƒS(Nsutf-8R7ttypetversionRRRtkeyidtdataRtdigesttitdsunexpected type code: %rs&argon2 'keyid' parameter not supportedttype_diRtchecksum(R>R?(R%R tencodetbytesRtExpectedStringErrort _hash_regextmatchtMalformedHashErrortgrouptAssertionErrortNotImplementedErrorR(RR ( R/R7tmR9R:RRRR;R<RR=((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt from_string8s*-    c CÀs¶t|j|jƒ}|j}|dkr4d}n d|}|j}|ridtt|jƒƒ}nd}d|||j|j|j |tt|j ƒƒtt|j ƒƒfS(Nitsv=%d$s,data=s%s%sm=%d,t=%d,p=%d%s$%s$%s( tstrR6R@R:R<R RRRRRRA(tselftidentR:tvstrR<tkdstr((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt to_stringSs      cKÀs7|jdƒ}|dk r-t|ƒ|_ntt|ƒj|||_|dkr‚tj ||j |j ddƒs”t ‚n|j |ƒ|_ |dkrÊtj ||j |jddƒsÜt ‚n|j|ƒ|_ |dkr|jdks3t ‚n3t|tƒs*tjj|ddƒ‚n||_dS(NRARR:RRCR<(R$R tlenR*R"Rt__init__R@R&tvalidate_default_valueR:t _norm_versionRIRR+R<R%RCRtExpectedTypeError(ROR@R:RR<R0RA((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRUis$     cCÀsŸt|tjƒs-tjj|ddƒ‚n|dkr[|dkr[td|fƒ‚n|jƒ}||jkr›td|j|||jfƒ‚n|S(NtintegerR:iisinvalid argon2 hash version: %dsk%s: hash version 0x%X not supported by %r backend (max version is 0x%X); try updating or switching backends( R%R&t int_typesRRXR-t get_backendt max_versionR2(R/R:tbackend((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRW’s c CÀs%tj||d|jddd|ƒS(NRRRR(R&R)R3(R/RR((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR+£scKÀsžt|ƒ}|jrtS|j}|dks=||jkrI|j}n|j|kr\tS|j|jkrrtS|j|jkrˆtSt t |ƒj |S(N( R9R@tTruetmin_desired_versionR R\R:RR*R"Rt_calc_needs_update(ROR0R/tminver((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR`²s    s> -- recommend you install one (e.g. 'pip install argon2_cffi')cCÀsT|j}t|tƒr$|dks*t‚|dkrPtd|tjjƒntS(sØ helper called by from backend mixin classes' _load_backend_mixin() -- invoked after backend imports have been loaded, and performs feature detection & testing common to all backends. iis6%r doesn't support argon2 v1.3, and should be upgraded( R\R%R(RIRR&RtPasslibSecurityWarningR^(t mixin_clsR2tdryrunR\((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt_finalize_backend_mixinÉs  !  cCÀsØ|jƒ}|dkr6|dk r6|j|ƒ}n|dk r…|j|j|jƒ|dkr…|jdk r…tdƒ‚q…nt|ƒ}|dkr³d|||f}n t |ƒ}t j |d|ƒ‚dS(s} internal helper invoked when backend has hash/verification error; used to adapt to passlib message. t argon2_cffis8argon2_cffi backend doesn't support the 'data' parametersDecoding faileds%s reported: %s: hash=%rtreasonN(sDecoding failed( R[R RLR,RRR<RJRNtreprRRG(R/terrR7ROR]ttextRg((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt_adapt_backend_error×s     ( ssalts salt_sizessalt_lensroundss time_costs memory_costs parallelisms digest_sizeshash_leniiÿÿÿN(4RRRR2t setting_kwdsRRPR RR*R6Rtdefault_salt_sizet min_salt_sizeRt max_salt_sizeRtdefault_roundst min_roundst max_roundst rounds_costtmax_parallelismt_default_versionR\R R_R3R.tFalsetpure_use_threadsRR:RR@R<t classmethodR#R,R8tretcompiletXRERLRSRURWR+R`t_no_backend_suggestionReRk(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRIsd         6 ) t _NoBackendcBÀs\eZdZed„ƒZed„ƒZejddddƒed„ƒƒZd„Z RS( s€ mixin used before any backend has been loaded. contains stubs that force loading of one of the available backends. cCÀs|jƒ|j|ƒS(N(t_stub_requires_backendR7(R/tsecret((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR7s cCÀs|jƒ|j||ƒS(N(R~tverify(R/RR7((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR€ s t deprecateds1.7tremoveds2.0cCÀs|jƒ|j||ƒS(N(R~tgenhash(R/Rtconfig((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRƒs cCÀs |jƒtt|ƒj|ƒS(N(R~R"R t_calc_checksum(ROR((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR…s ( RRRRxR7R€R&tdeprecated_methodRƒR…(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR}þs t _CffiBackendcBÀsSeZdZed„ƒZed„ƒZed„ƒZed„ƒZd„ZRS(s argon2_cffi backend cCÀsRtdkrtStjj}tjdtj|ƒ||_|_ |j ||ƒS(NsOdetected 'argon2_cffi' backend, version %r, with support for 0x%x argon2 hashes( t _argon2_cffiR Rvt low_leveltARGON2_VERSIONtlogtdebugt __version__R:R\Re(RcR2RdR\((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt_load_backend_mixin0s    cCÀs­tj|ƒt|dƒ}ybttjjdtjjjd|j d|j d|j dt|j ƒƒd|j d|ƒƒSWn(tjjk r¨}|j|ƒ‚nXdS( Nsutf-8R9RRRRRR(R&tvalidate_secretRR RˆR‰t hash_secrettTypetIRRpRt_generate_saltR*t exceptionst HashingErrorRk(R/RRi((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR7>s     cCÀsÙtj|ƒt|dƒ}t|dƒ}|jdƒrLtjjj}ntjjj}y2tjj |||ƒ}|t ksˆt ‚t SWnEtj j k r§tStj jk rÔ}|j|d|ƒ‚nXdS(Nsutf-8tasciis $argon2d$R7(R&RRR5RˆR‰R‘tDR’t verify_secretR^RIR”tVerifyMismatchErrorRvtVerificationErrorRk(R/RR7R9tresultRi((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR€Qs cCÀstj|ƒt|dƒ}|j|ƒ}|jrFtjjj}ntjjj }yat tjj d|d|j d|j d|jdt|jƒd|jd|d |jƒƒ}Wn.tjjk ræ}|j|d |ƒ‚nX|jd kr |jd d ƒ}n|S(Nsutf-8R9RRRRRRR:R7is$v=16$t$(R&RRRLR@RˆR‰R‘R—R’R RRRRRR*R:R”R•Rktreplace(R/RR„ROR9R›Ri((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRƒfs*      cCÀstdƒ‚dS(Ns-shouldn't be called under argon2_cffi backend(RI(ROR((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR…†s( RRRRxRŽR7R€RƒR…(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR‡(s  t _PureBackendcBÀs&eZdZed„ƒZd„ZRS(s argon2pure backend cCÀs¤yddlaWntk r$tSXyddlm}Wntk rZtjdƒtSXtjd|ƒ|s„tdt j ƒn||_ |_ |j ||ƒS(Ni(tARGON2_DEFAULT_VERSIONs\detected 'argon2pure' backend, but package is too old (passlib requires argon2pure >= 1.2.3)sBdetected 'argon2pure' backend, with support for 0x%x argon2 hashess¦Using argon2pure backend, which is 100x+ slower than is required for adequate security. Installing argon2_cffi (via 'pip install argon2_cffi') is strongly recommended(t argon2puret _argon2puret ImportErrorRvRŸR‹twarningRŒRRRbR:R\Re(RcR2RdR\((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRŽ˜s      cCÀstj|ƒt|dƒ}|jr1tj}n tj}td|d|jd|j d|j d|j d|j d|d |j ƒ}|jd kr¤|j|d sB        ÿ´*hQ