ó èŽXc@ÀsñdZddlmZmZddlZejeƒZddlZddl Z ddl m Z e Z e addlmZddlmZddlmZddlmZmZdd lmZmZmZddljjZd gZ yddl!Z Wne"k re Z nXe#e d e ƒZ$e$rBe$ƒZ%e j&j'Z(nd fd „ƒYZ%dZ(dej)ej*ej+ej,ej-ej.fd„ƒYZ/de/fd„ƒYZ0de/fd„ƒYZ1de/fd„ƒYZ2d e0e/fd„ƒYZ!dS(sápasslib.handlers.argon2 -- argon2 password hash wrapper References ========== * argon2 - home: https://github.com/P-H-C/phc-winner-argon2 - whitepaper: https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf * argon2 cffi wrapper - pypi: https://pypi.python.org/pypi/argon2_cffi - home: https://github.com/hynek/argon2_cffi * argon2 pure python - pypi: https://pypi.python.org/pypi/argon2pure - home: https://github.com/bwesterb/argon2pure i(twith_statementtabsolute_importN(twarn(texc(t MAX_UINT32(tto_bytes(t b64s_encodet b64s_decode(tutunicodet bascii_to_strtargon2tPasswordHashert_default_settingscBÀs,eZdZdZdZdZdZdZRS(s† dummy object to use as source of defaults when argon2 mod not present. synced w/ argon2 16.1 as of 2016-6-16 iii(t__name__t __module__t__doc__t time_costt memory_costt parallelismtsalt_lenthash_len(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR :s it _Argon2Commonc BÀs—eZdZdZd Zed ƒZejZ ed ƒed ƒfZ ej Z dZ eZejZdZeZdZd"ZeZd#ZdZdZeZejZeZej Z eZ!d#Z"e#d#d#d#d#d#d#d#d„ƒZ$e#d„ƒZ%e#d„ƒZ&e'j(de'j)ƒZ*e#d„ƒZ+d„Z,ed#d#d#d„Z-e#d„ƒZ.e#ed„ƒZ/d„Z0dZ1e#d„ƒZ2e#d#d#d„ƒZ3RS($s& Base class which implements brunt of Argon2 code. This is then subclassed by the various backends, to override w/ backend-specific methods. When a backend is loaded, the bases of the 'argon2' class proper are modified to prepend the correct backend-specific subclass. R tsaltt salt_sizeRtroundsRRRt digest_sizeRs$argon2is $argon2i$s $argon2d$iitlineariiÿÿÿÿc KÀs|dk r4d|kr'tdƒ‚n||d[id])\$ (?: v=(?P\d+) \$ )? m=(?P\d+) , t=(?P\d+) , p=(?P\d+) (?: ,keyid=(?P[^,$]+) )? (?: ,data=(?P[^,$]+) )? (?: \$ (?P[^$]+) (?: \$ (?P.+) )? )? $ c CÀs]t|tƒr!|jdƒ}nt|tƒsEtj|dƒ‚n|jj|ƒ}|sotj|ƒ‚n|j ddddddd d d ƒ \ }}}}}}} } } |rÆt d ƒ‚n|d |dkd|rêt |ƒnddt |ƒdt |ƒdt |ƒd | r&t | ƒndd | r>t | ƒndd| rVt | ƒndƒS(Nsutf-8R7ttypetversionRRRtkeyidtdataRtdigests&argon2 'keyid' parameter not supportedttype_dtdiRtchecksum(R%R tencodetbytesRtExpectedStringErrort _hash_regextmatchtMalformedHashErrortgrouptNotImplementedErrorR(RR ( R/R7tmR9R:RRRR;R<RR=((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt from_string8s(-    c CÀs¶t|j|jƒ}|j}|dkr4d}n d|}|j}|ridtt|jƒƒ}nd}d|||j|j|j |tt|j ƒƒtt|j ƒƒfS(Nitsv=%d$s,data=s%s%sm=%d,t=%d,p=%d%s$%s$%s( tstrR6R>R:R<R RRRRRR@(tselftidentR:tvstrR<tkdstr((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt to_stringSs      cKÀsÔ|jdƒ}|dk r-t|ƒ|_ntt|ƒj|||_|dkr[n|j|ƒ|_ |dkr|n|j |ƒ|_ |dkrn3t |t ƒsÇtjj|ddƒ‚n||_dS(NR@RBR<(R$R tlenR*R"Rt__init__R>t _norm_versionR:R+RR%RBR&RtExpectedTypeErrorR<(RMR>R:RR<R0R@((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRSis      cCÀsŸt|tjƒs-tjj|ddƒ‚n|dkr[|dkr[td|fƒ‚n|jƒ}||jkr›td|j|||jfƒ‚n|S(NtintegerR:iisinvalid argon2 hash version: %dsk%s: hash version 0x%X not supported by %r backend (max version is 0x%X); try updating or switching backends( R%R&t int_typesRRUR-t get_backendt max_versionR2(R/R:tbackend((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRT’s c CÀs%tj||d|jddd|ƒS(NRRRR(R&R)R3(R/RR((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR+£scKÀsžt|ƒ}|jrtS|j}|dks=||jkrI|j}n|j|kr\tS|j|jkrrtS|j|jkrˆtSt t |ƒj |S(N( R9R>tTruetmin_desired_versionR RYR:RR*R"Rt_calc_needs_update(RMR0R/tminver((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR]²s    s> -- recommend you install one (e.g. 'pip install argon2_cffi')cCÀs3|j}|dkr/td|tjjƒntS(sØ helper called by from backend mixin classes' _load_backend_mixin() -- invoked after backend imports have been loaded, and performs feature detection & testing common to all backends. is6%r doesn't support argon2 v1.3, and should be upgraded(RYRR&RtPasslibSecurityWarningR[(t mixin_clsR2tdryrunRY((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt_finalize_backend_mixinÉs    cCÀsØ|jƒ}|dkr6|dk r6|j|ƒ}n|dk r…|j|j|jƒ|dkr…|jdk r…tdƒ‚q…nt|ƒ}|dkr³d|||f}n t |ƒ}t j |d|ƒ‚dS(s} internal helper invoked when backend has hash/verification error; used to adapt to passlib message. t argon2_cffis8argon2_cffi backend doesn't support the 'data' parametersDecoding faileds%s reported: %s: hash=%rtreasonN(sDecoding failed( RXR RJR,RRR<RHRLtreprRRF(R/terrR7RMRZttextRd((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt_adapt_backend_error×s     ( ssalts salt_sizessalt_lensroundss time_costs memory_costs parallelisms digest_sizeshash_leniiÿÿÿN(4RRRR2t setting_kwdsRRNR RR*R6Rtdefault_salt_sizet min_salt_sizeRt max_salt_sizeRtdefault_roundst min_roundst max_roundst rounds_costtmax_parallelismt_default_versionRYR R\R3R.tFalsetpure_use_threadsRR:RR>R<t classmethodR#R,R8tretcompiletXRDRJRQRSRTR+R]t_no_backend_suggestionRbRh(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRIsd         6 ) t _NoBackendcBÀs\eZdZed„ƒZed„ƒZejddddƒed„ƒƒZd„Z RS( s€ mixin used before any backend has been loaded. contains stubs that force loading of one of the available backends. cCÀs|jƒ|j|ƒS(N(t_stub_requires_backendR7(R/tsecret((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR7s cCÀs|jƒ|j||ƒS(N(R{tverify(R/R|R7((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR} s t deprecateds1.7tremoveds2.0cCÀs|jƒ|j||ƒS(N(R{tgenhash(R/R|tconfig((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR€s cCÀs |jƒtt|ƒj|ƒS(N(R{R"R t_calc_checksum(RMR|((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR‚s ( RRRRuR7R}R&tdeprecated_methodR€R‚(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRzþs t _CffiBackendcBÀsSeZdZed„ƒZed„ƒZed„ƒZed„ƒZd„ZRS(s argon2_cffi backend cCÀsRtdkrtStjj}tjdtj|ƒ||_|_ |j ||ƒS(NsOdetected 'argon2_cffi' backend, version %r, with support for 0x%x argon2 hashes( t _argon2_cffiR Rst low_leveltARGON2_VERSIONtlogtdebugt __version__R:RYRb(R`R2RaRY((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt_load_backend_mixin0s    cCÀs­tj|ƒt|dƒ}ybttjjdtjjjd|j d|j d|j dt|j ƒƒd|j d|ƒƒSWn(tjjk r¨}|j|ƒ‚nXdS( Nsutf-8R9RRRRRR|(R&tvalidate_secretRR R…R†t hash_secrettTypetIRRmRt_generate_saltR*t exceptionst HashingErrorRh(R/R|Rf((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR7>s     cCÀsÇtj|ƒt|dƒ}t|dƒ}|jdƒrLtjjj}ntjjj}y tjj |||ƒ}t SWnEtj j k r•t Stj jk rÂ}|j|d|ƒ‚nXdS(Nsutf-8tasciis $argon2d$R7(R&RŒRR5R…R†RŽtDRt verify_secretR[R‘tVerifyMismatchErrorRstVerificationErrorRh(R/R|R7R9tresultRf((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR}Qs cCÀstj|ƒt|dƒ}|j|ƒ}|jrFtjjj}ntjjj }yat tjj d|d|j d|j d|jdt|jƒd|jd|d |jƒƒ}Wn.tjjk ræ}|j|d |ƒ‚nX|jd kr |jd d ƒ}n|S(Nsutf-8R9RRRRRR|R:R7is$v=16$t$(R&RŒRRJR>R…R†RŽR”RR RRRRRR*R:R‘R’Rhtreplace(R/R|RRMR9R˜Rf((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR€fs*      cCÀstdƒ‚dS(Ns-shouldn't be called under argon2_cffi backend(tAssertionError(RMR|((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR‚†s( RRRRuR‹R7R}R€R‚(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR„(s  t _PureBackendcBÀs&eZdZed„ƒZd„ZRS(s argon2pure backend cCÀs¤yddlaWntk r$tSXyddlm}Wntk rZtjdƒtSXtjd|ƒ|s„tdt j ƒn||_ |_ |j ||ƒS(Ni(tARGON2_DEFAULT_VERSIONs\detected 'argon2pure' backend, but package is too old (passlib requires argon2pure >= 1.2.3)sBdetected 'argon2pure' backend, with support for 0x%x argon2 hashess¦Using argon2pure backend, which is 100x+ slower than is required for adequate security. Installing argon2_cffi (via 'pip install argon2_cffi') is strongly recommended(t argon2puret _argon2puret ImportErrorRsRRˆtwarningR‰RRR_R:RYRb(R`R2RaRY((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR‹˜s      cCÀstj|ƒt|dƒ}|jr1tj}n tj}td|d|jd|j d|j d|j d|j d|d |j ƒ}|jd kr¤|j|d RŸtARGON2DtARGON2ItdictRRRRR*R:R.RtR[R<R t Argon2ErrorRh(RMR|R9R0Rf((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR‚½s0             (RRRRuR‹R‚(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRœs%cBÀs5eZdZdZeZied6ed6e d6Z RS(s[ This class implements the Argon2 password hash [#argon2-home]_, and follows the :ref:`password-hash-api`. (This class only supports generating "Type I" argon2 hashes). Argon2 supports a variable-length salt, and variable time & memory cost, and a number of other configurable parameters. The :meth:`~passlib.ifc.PasswordHash.replace` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If specified, the length must be between 0-1024 bytes. If not specified, one will be auto-generated (this is recommended). :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. :type rounds: int :param rounds: Optional number of rounds to use. This corresponds linearly to the amount of time hashing will take. :type time_cost: int :param time_cost: An alias for **rounds**, for compatibility with underlying argon2 library. :param int memory_cost: Defines the memory usage in kibibytes. This corresponds linearly to the amount of memory hashing will take. :param int parallelism: Defines the parallelization factor. *NOTE: this will affect the resulting hash value.* :param int digest_size: Length of the digest in bytes. :param int max_threads: Maximum number of threads that will be used. -1 means unlimited; otherwise hashing will use ``min(parallelism, max_threads)`` threads. .. note:: This option is currently only honored by the argon2pure backend. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. todo:: * Support configurable threading limits. RcRž(s argon2_cffis argon2pureN( RRRtbackendsR[t_backend_mixin_targetRzR R„Rœt_backend_mixin_map(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR ás; (3Rt __future__RRtloggingt getLoggerRRˆRvttypestwarningsRR R…RŸtpasslibRtpasslib.crypto.digestRt passlib.utilsRtpasslib.utils.binaryRRtpasslib.utils.compatRR R tpasslib.utils.handlerstutilsthandlersR&t__all__R R tgetattrt_PasswordHasherR R†R‡RrtSubclassBackendMixintParallelismMixint HasRoundst HasRawSalttHasRawChecksumtGenericHandlerRRzR„Rœ(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pytsB        ÿ´*hQ