/usr/share/pyshared/passlib/handlers/fshp.py is in python-passlib 1.5.3-0ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 | """passlib.handlers.fshp
"""
#=========================================================
#imports
#=========================================================
#core
from base64 import b64encode, b64decode
import re
import logging; log = logging.getLogger(__name__)
from warnings import warn
#site
#libs
from passlib.utils import handlers as uh, bytes, b, to_hash_str
from passlib.utils.pbkdf2 import pbkdf1
#pkg
#local
__all__ = [
'fshp',
]
#=========================================================
#sha1-crypt
#=========================================================
class fshp(uh.HasRounds, uh.HasRawSalt, uh.HasRawChecksum, uh.GenericHandler):
"""This class implements the FSHP password hash, and follows the :ref:`password-hash-api`.
It supports a variable-length salt, and a variable number of rounds.
The :meth:`encrypt()` and :meth:`genconfig` methods accept the following optional keywords:
:param salt:
Optional raw salt string.
If not specified, one will be autogenerated (this is recommended).
:param salt_size:
Optional number of bytes to use when autogenerating new salts.
Defaults to 16 bytes, but can be any non-negative value.
:param rounds:
Optional number of rounds to use.
Defaults to 40000, must be between 1 and 4294967295, inclusive.
:param variant:
Optionally specifies variant of FSHP to use.
* ``0`` - uses SHA-1 digest (deprecated).
* ``1`` - uses SHA-2/256 digest (default).
* ``2`` - uses SHA-2/384 digest.
* ``3`` - uses SHA-2/512 digest.
"""
#=========================================================
#class attrs
#=========================================================
#--GenericHandler--
name = "fshp"
setting_kwds = ("salt", "salt_size", "rounds", "variant")
checksum_chars = uh.PADDED_B64_CHARS
#--HasRawSalt--
default_salt_size = 16 #current passlib default, FSHP uses 8
min_salt_size = 0
max_salt_size = None
#--HasRounds--
default_rounds = 16384 #current passlib default, FSHP uses 4096
min_rounds = 1 #set by FSHP
max_rounds = 4294967295 # 32-bit integer limit - not set by FSHP
rounds_cost = "linear"
#--variants--
default_variant = 1
_variant_info = {
#variant: (hash, digest size)
0: ("sha1", 20),
1: ("sha256", 32),
2: ("sha384", 48),
3: ("sha512", 64),
}
_variant_aliases = dict(
[(unicode(k),k) for k in _variant_info] +
[(v[0],k) for k,v in _variant_info.items()]
)
#=========================================================
#instance attrs
#=========================================================
variant = None
#=========================================================
#init
#=========================================================
def __init__(self, variant=None, strict=False, **kwds):
self.variant = self.norm_variant(variant, strict=strict)
super(fshp, self).__init__(strict=strict, **kwds)
@classmethod
def norm_variant(cls, variant, strict=False):
if variant is None:
if strict:
raise ValueError("no variant specified")
variant = cls.default_variant
if isinstance(variant, bytes):
variant = variant.decode("ascii")
if isinstance(variant, unicode):
try:
variant = cls._variant_aliases[variant]
except KeyError:
raise ValueError("invalid fshp variant")
if not isinstance(variant, int):
raise TypeError("fshp variant must be int or known alias")
if variant not in cls._variant_info:
raise TypeError("unknown fshp variant")
return variant
def norm_checksum(self, checksum, strict=False):
checksum = super(fshp, self).norm_checksum(checksum, strict)
if checksum is not None and len(checksum) != self._variant_info[self.variant][1]:
raise ValueError, "invalid checksum length for FSHP variant"
return checksum
@property
def _info(self):
return self._variant_info[self.variant]
#=========================================================
#formatting
#=========================================================
@classmethod
def identify(cls, hash):
return uh.identify_prefix(hash, u"{FSHP")
_fshp_re = re.compile(ur"^\{FSHP(\d+)\|(\d+)\|(\d+)\}([a-zA-Z0-9+/]+={0,3})$")
@classmethod
def from_string(cls, hash):
if not hash:
raise ValueError("no hash specified")
if isinstance(hash, bytes):
hash = hash.decode("ascii")
m = cls._fshp_re.match(hash)
if not m:
raise ValueError("not a valid FSHP hash")
variant, salt_size, rounds, data = m.group(1,2,3,4)
variant = int(variant)
salt_size = int(salt_size)
rounds = int(rounds)
try:
data = b64decode(data.encode("ascii"))
except ValueError:
raise ValueError("malformed FSHP hash")
salt = data[:salt_size]
chk = data[salt_size:]
return cls(checksum=chk, salt=salt, rounds=rounds,
variant=variant, strict=True)
def to_string(self):
chk = self.checksum
if not chk: #fill in stub checksum
chk = b('\x00') * self._info[1]
salt = self.salt
data = b64encode(salt+chk).decode("ascii")
hash = u"{FSHP%d|%d|%d}%s" % (self.variant, len(salt), self.rounds, data)
return to_hash_str(hash)
#=========================================================
#backend
#=========================================================
def calc_checksum(self, secret):
hash, klen = self._info
if isinstance(secret, unicode):
secret = secret.encode("utf-8")
#NOTE: for some reason, FSHP uses pbkdf1 with password & salt reversed.
# this has only a minimal impact on security,
# but it is worth noting this deviation.
return pbkdf1(
secret=self.salt,
salt=secret,
rounds=self.rounds,
keylen=klen,
hash=hash,
)
#=========================================================
#eoc
#=========================================================
#=========================================================
#eof
#=========================================================
|