관리-도구

편집 파일: scram.cpython-39.pyc

����f�WcX����������������������@���s����d�Z�ddlZe�e�ZddlmZmZmZm	Z	�ddl
mZmZ�ddl
mZmZmZmZ�ddlmZmZ�ddlm��mZ�dgZG�dd��dejejejej�ZdS�)	z:passlib.handlers.scram - hash for SCRAM credential storage�����N)�consteq�saslprep�
to_native_str�
splitcomma)�ab64_decode�ab64_encode)�
bascii_to_str�	iteritems�u�native_string_types)�pbkdf2_hmac�norm_hash_name�scramc�����������������������s����e�Zd�ZdZd�ZdZed�ZdZdZ	dZ
dZdZd	Z
g�d
�Zg�d�ZdZed
d���Zed'dd��Zedd���Zedd���Zdd��Zed(��fdd�	�Zd)��fdd�	Zd*dd�Zedd ���Z��fd!d"�Zd+d#d$�Zed,d%d&��Z���ZS�)-r���aZ��This class provides a format for storing SCRAM passwords, and follows
    the :ref:`password-hash-api`.

It supports a variable-length salt, and a variable number of rounds.

The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords:

:type salt: bytes
    :param salt:
        Optional salt bytes.
        If specified, the length must be between 0-1024 bytes.
        If not specified, a 12 byte salt will be autogenerated
        (this is recommended).

:type salt_size: int
    :param salt_size:
        Optional number of bytes to use when autogenerating new salts.
        Defaults to 12 bytes, but can be any value between 0 and 1024.

:type rounds: int
    :param rounds:
        Optional number of rounds to use.
        Defaults to 100000, but must be within ``range(1,1<<32)``.

:type algs: list of strings
    :param algs:
        Specify list of digest algorithms to use.

By default each scram hash will contain digests for SHA-1,
        SHA-256, and SHA-512. This can be overridden by specify either be a
        list such as ``["sha-1", "sha-256"]``, or a comma-separated string
        such as ``"sha-1, sha-256"``. Names are case insensitive, and may
        use :mod:`!hashlib` or `IANA <http://www.iana.org/assignments/hash-function-text-names>`_
        hash names.

:type relaxed: bool
    :param relaxed:
        By default, providing an invalid value for one of the other
        keywords will result in a :exc:`ValueError`. If ``relaxed=True``,
        and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning`
        will be issued instead. Correctable errors include ``rounds``
        that are too small or too large, and ``salt`` strings that are too long.

.. versionadded:: 1.6

In addition to the standard :ref:`password-hash-api` methods,
    this class also provides the following methods for manipulating Passlib
    scram hashes in ways useful for pluging into a SCRAM protocol stack:

.. automethod:: extract_digest_info
    .. automethod:: extract_digest_algs
    .. automethod:: derive_digest
    )�saltZ	salt_size�rounds�algs�$scram$����i���i�������l������Zlinear)�sha-1�sha-256�sha-512)r���r���zsha-224zsha-384r���Nc�����������������C���s8���t�|d�}|��|�}|j}|s&td��|j|j||�fS�)a���return (salt, rounds, digest) for specific hash algorithm.

:type hash: str
        :arg hash:
            :class:`!scram` hash stored for desired user

:type alg: str
        :arg alg:
            Name of digest algorithm (e.g. ``"sha-1"``) requested by client.

This value is run through :func:`~passlib.crypto.digest.norm_hash_name`,
            so it is case-insensitive, and can be the raw SCRAM
            mechanism name (e.g. ``"SCRAM-SHA-1"``), the IANA name,
            or the hashlib name.

:raises KeyError:
            If the hash does not contain an entry for the requested digest
            algorithm.

:returns:
            A tuple containing ``(salt, rounds, digest)``,
            where *digest* matches the raw bytes returned by
            SCRAM's :func:`Hi` function for the stored password,
            the provided *salt*, and the iteration count (*rounds*).
            *salt* and *digest* are both raw (unencoded) bytes.
        �ianazscram hash contains no digests)r
����from_string�checksum�
ValueErrorr���r���)�cls�hash�alg�self�chkmap��r!����:/usr/lib/python3.9/site-packages/passlib/handlers/scram.py�extract_digest_info|���s����

zscram.extract_digest_infor���c��������������������s.���|���|�j}��dkr|S���fdd�|D��S�dS�)a���Return names of all algorithms stored in a given hash.

:type hash: str
        :arg hash:
            The :class:`!scram` hash to parse

:type format: str
        :param format:
            This changes the naming convention used by the
            returned algorithm names. By default the names
            are IANA-compatible; possible values are ``"iana"`` or ``"hashlib"``.

:returns:
            Returns a list of digest algorithms; e.g. ``["sha-1"]``
        r���c��������������������s���g�|�]}t�|����qS�r!����r
�����.0r�����formatr!���r"����
<listcomp>���������z-scram.extract_digest_algs.<locals>.<listcomp>N)r���r���)r���r���r(���r���r!���r'���r"����extract_digest_algs����s����zscram.extract_digest_algsc�����������������C���s&���t�|t�r|�d�}t|t|�||�S�)a;��helper to create SaltedPassword digest for SCRAM.

This performs the step in the SCRAM protocol described as::

SaltedPassword  := Hi(Normalize(password), salt, i)

:type password: unicode or utf-8 bytes
        :arg password: password to run through digest

:type salt: bytes
        :arg salt: raw salt data

:type rounds: int
        :arg rounds: number of iterations.

:type alg: str
        :arg alg: name of digest to use (e.g. ``"sha-1"``).

:returns:
            raw bytes of ``SaltedPassword``
        zutf-8)�
isinstance�bytes�decoder���r���)r����passwordr���r���r���r!���r!���r"����
derive_digest����s����

zscram.derive_digestc�����������
���	���C���s<��t�|dd�}|�d�s"tj�|���|dd����d�}t|�dkrLtj�|���|\}}}t|�}|t	|�krvtj�|���zt
|�d��}W�n�ty����tj�|���Y�n0�|s�tj�|���nrd|v��r$d�}i�}	|�d�D�]J}
|
�d�\}}zt
|�d��|	|<�W�q��t�y���tj�|���Y�q�0�q�n|}d�}	|�|||	|d	�S�)
N�asciir���r��������$�����=�,)r���r���r���r���)
r����
startswith�uh�excZInvalidHashError�split�lenZMalformedHashError�int�strr����encode�	TypeError)
r���r����partsZ
rounds_strZsalt_str�chk_strr���r���r���r ���Zpairr����digestr!���r!���r"���r�������sB����

�zscram.from_stringc��������������������s>���t�t|�j��}|�j��d���fdd�|�jD���}d|�j||f�S�)Nr6���c�����������������3���s&���|�]}d�|t�t��|���f�V��qdS�)z%s=%sN)r���r���r%����r ���r!���r"����	<genexpr>��s����z"scram.to_string.<locals>.<genexpr>z$scram$%d$%s$%s)r���r���r���r����joinr���r���)r���r���rA���r!���rC���r"����	to_string
��s�����zscram.to_stringc��������������������sF���|d�ur|d�u�sJ��|}t�t|��jf�i�|��}|d�urB|��|�|_|S��N)�superr����using�
_norm_algs�default_algs)r���rK���r����kwds�subcls��	__class__r!���r"���rI�����s����zscram.usingc��������������������s����t�t|��jf�i�|���|�j}|d�ur@|d�ur4td��|��|�}nN|d�urX|��|����}n6|�jr�t|�j	�}|��|�|ks�J�d|f���nt
d��||�_d�S�)Nz+checksum & algs kwds are mutually exclusivezinvalid default algs: %rzno algs list specified)rH���r����__init__r����RuntimeErrorrJ����keysZuse_defaults�listrK���r?���r���)r���r���rL���Z
digest_maprN���r!���r"���rP���+��s����
zscram.__init__Fc�����������������C���s����t�|t�stj�|dd��t|�D�]X\}}|t|d�krFtd|f���t|�dkr`td|f���t�|t	�s"tj�|dd��q"d	|vr�td
��|S�)N�dictr���r���z*malformed algorithm name in scram hash: %r�	���z0SCRAM limits algorithm names to 9 characters: %rz	raw bytesZdigestsr����-sha-1 must be in algorithm list of scram hash)
r,���rT���r8���r9���ZExpectedTypeErrorr	���r
���r���r;���r-���)r���r���Zrelaxedr���rB���r!���r!���r"����_norm_checksum>��s ����
��
zscram._norm_checksumc�����������������C���sR���t�|t�rt|�}tdd��|D���}tdd��|D���r>td��d|vrNtd��|S�)znormalize algs parameterc�����������������s���s���|�]}t�|d��V��qdS�)r���Nr$���r%���r!���r!���r"���rD���U��r*���z#scram._norm_algs.<locals>.<genexpr>c�����������������s���s���|�]}t�|�d�kV��qdS�)rU���N)r;���r%���r!���r!���r"���rD���V��r*���z-SCRAM limits alg names to max of 9 charactersr���rV���)r,���r���r����sorted�anyr���)r���r���r!���r!���r"���rJ���P��s����
zscram._norm_algsc��������������������s,���t�|�j��|�j�sdS�tt|��jf�i�|��S�)NT)�setr����
issupersetrK���rH���r����_calc_needs_update)r���rL���rN���r!���r"���r\���`��s����zscram._calc_needs_updatec��������������������sF���|�j��|�j�|�j��|r$�����|�S�t�����fdd�|�jD���S�d�S�)Nc�����������������3���s ���|�]}|�����|�fV��qd�S�rG���r!���r%����r���r���r����secretr!���r"���rD���v��s����z'scram._calc_checksum.<locals>.<genexpr>)r���r���r0���rT���r���)r���r^���r���r!���r]���r"����_calc_checksumm��s�����zscram._calc_checksumc�����������������C���s����t��|��|��|�}|j}|s2td|�j|�jf���|r�d�}}t|�D�]R\}}	|�||�}
t|	�t|
�kr�td|t|	�t|
�f���t	|
|	�r�d}qFd}qF|r�|r�td��q�|S�n:|j
D�]*}||v�r�|�||�}
t	|
||����S�q�td��d�S�)Nz.expected %s hash, got %s config string insteadFz+mis-sized %s digest in scram hash: %r != %rTz4scram hash verified inconsistently, may be corruptedzsha-1 digest not found!)r8���Zvalidate_secretr���r���r����namer	���r_���r;���r����_verify_algs�AssertionError)r���r^���r���Zfullr���r ���ZcorrectZfailedr���rB����otherr!���r!���r"����verify{��s4����

��

zscram.verify)r���)NN)N)F)N)F)�__name__�
__module__�__qualname__�__doc__r`���Zsetting_kwdsr
����identZdefault_salt_sizeZ
max_salt_sizeZdefault_roundsZ
min_roundsZ
max_roundsZrounds_costrK���ra���r����classmethodr#���r+���r0���r���rF���rI���rP���rW���rJ���r\���r_���rd����
__classcell__r!���r!���rN���r"���r������s@���A
%
 
/

)rh���ZloggingZ	getLoggerre����logZ
passlib.utilsr���r���r���r���Zpasslib.utils.binaryr���r���Zpasslib.utils.compatr���r	���r
���r���Zpasslib.crypto.digestr���r
���Zpasslib.utils.handlersZutils�handlersr8����__all__Z	HasRoundsZ
HasRawSaltZHasRawChecksumZGenericHandlerr���r!���r!���r!���r"����<module>���s����