U h_W@s(dZddlZddlZeeZddlmZddlm Z m Z m Z ddl m Z mZddlmZmZmZmZmZddlmZddlmmZdd d d gZd Zd dZddZddZddZ Gdddej!ej"ej#ej$Z%Gdd d ej"ej&ej#ej$Z'Gdd d ej#ej$Z(Gdd d ej!ej#ej$Z)dS)zFpasslib.handlers.des_crypt - traditional unix (DES) crypt and variantsN)warn) safe_crypt test_crypt to_unicode)h64h64big)byte_elem_valueu uascii_to_strunicodesuppress_cause)des_encrypt_int_block des_crypt bsdi_cryptbigcryptcrypt16cCstddt|ddDS)zconvert secret to 64-bit DES key. this only uses the first 8 bytes of the secret, and discards the high 8th bit of each byte at that. a null parity bit is inserted after every 7th bit of the output. css*|]"\}}t|d@d|d>VqdS)9N)r).0icr@./venv/lib/python3.8/site-packages/passlib/handlers/des_crypt.py (sz'_crypt_secret_to_key..Nr)sum enumerate)secretrrr_crypt_secret_to_keys rcCspt|dkstt|}t|tr.|d}t|ts[./a-z0-9]{2}) (?P[./a-z0-9]{11})? $cCs6t|dd}|dd|dd}}|||p0ddS)Nasciihashr r.checksum)r)clsr=r.chkrrr from_strings zdes_crypt.from_stringcCstd|j|jf}t|SNz%s%sr r.r?r selfr=rrr to_stringszdes_crypt.to_stringcCs|jr||||S)N) use_defaults_check_truncate_policyZ_calc_checksum_backendrFrrrr_calc_checksums zdes_crypt._calc_checksumZos_cryptZbuiltincCs"tddr||jdSdSdS)NtestZ abgOeLfPimXQoTFr_set_calc_checksum_backend_calc_checksum_os_cryptr@rrr_load_backend_os_crypts  z des_crypt._load_backend_os_cryptcCsTt||j}|dkr||S||jr6t|dkrHtj||j||ddS)N r )rr._calc_checksum_builtin startswithr#r*r+CryptBackendError)rFrr=rrrrPs   z!des_crypt._calc_checksum_os_cryptcCs||jdSNTrOrTrQrrr_load_backend_builtins zdes_crypt._load_backend_builtincCst||jddSNr<)r2r.r'decoderJrrrrTsz des_crypt._calc_checksum_builtinN)__name__ __module__ __qualname____doc__name setting_kwdsr* HASH64_CHARSchecksum_chars checksum_size min_salt_size max_salt_size salt_chars truncate_sizerecompiler XI _hash_regex classmethodrBrGrKbackendsrRrPrYrTrrrrrps,$      cseZdZdZdZdZdZejZ dZ Z ejZ dZ dZdZdZeed ejejBZed d Zd d ZdZefddZefddZfddZdZeddZddZ eddZ!ddZ"Z#S)ra This class implements the BSDi-Crypt password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 4 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 5001, must be between 1 and 16777215, inclusive. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 .. versionchanged:: 1.6 :meth:`hash` will now issue a warning if an even number of rounds is used (see :ref:`bsdi-crypt-security-issues` regarding weak DES keys). )r.r8r;iiZlinearz ^ _ (?P[./a-z0-9]{4}) (?P[./a-z0-9]{4}) (?P[./a-z0-9]{11})? $cCsVt|dd}|j|}|s(tj||ddd\}}}|t| d||dS)Nr<r=r8r.rA)r8r.r?) rrmmatchr*r+InvalidHashErrorgrouprr7r')r@r=mr8r.rArrrrB4s   zbsdi_crypt.from_stringcCs,tdt|jd|j|jf}t|S)Nz_%s%s%sr<)r rZ encode_int24r8r[r.r?r rErrrrGAs zbsdi_crypt.to_stringTc s.tt|jf|}|jd@s*tdtjj|S)NrqzHbsdi_crypt rounds should be odd, as even rounds may reveal weak DES keys)superrusingdefault_roundsrr*r+ZPasslibSecurityWarning)r@kwdssubcls __class__rrrwNs  zbsdi_crypt.usingcstt|}|dBS)Nrq)rvr_generate_rounds)r@r8r{rrr}Wszbsdi_crypt._generate_roundsc s |jd@sdStt|jf|S)NrqT)r8rvr_calc_needs_update)rFryr{rrr~es zbsdi_crypt._calc_needs_updaterLcCs"tddr||jdSdSdS)NrMz_/...lLDAxARksGCHin.TFrNrQrrrrRts  z!bsdi_crypt._load_backend_os_cryptcCs^|}t||}|dkr$||S||ddrBt|dkrRtj||||ddS)N )rGrrTrUr#r*r+rV)rFrZconfigr=rrrrP|s  z"bsdi_crypt._calc_checksum_os_cryptcCs||jdSrWrXrQrrrrYs z bsdi_crypt._load_backend_builtincCst||j|jddSrZ)r9r8r.r'r[rJrrrrTsz!bsdi_crypt._calc_checksum_builtin)$r\r]r^r_r`rardr*rbrcrerfrgrxZ min_roundsZ max_roundsZ rounds_costrirjr rkrlrmrnrBrGZ_avoid_even_roundsrwr}r~rorRrPrYrT __classcell__rrr{rrs<#       csreZdZdZdZdZejZdZ Z ejZ e ede je jBZeddZddZdfd d Zd d ZZS)ragThis class implements the BigCrypt password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 22 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 )r.r zX ^ (?P[./a-z0-9]{2}) (?P([./a-z0-9]{11})+)? $cCsDt|dd}|j|}|s(tj||dd\}}|||dSNr<r=r.rAr>rrmrrr*r+rsrtr@r=rur.rArrrrBs    zbigcrypt.from_stringcCstd|j|jf}t|SrCrDrErrrrGszbigcrypt.to_stringFcs0tt|j||d}t|dr,tj||S)N)relaxedr;)rvr_norm_checksumr#r*r+rs)rFr?rr{rrrs  zbigcrypt._norm_checksumcCspt|tr|d}t||jd}d}t|}||krf|d}|t||||dd7}|}q2|dS)Nr!r<rri)r&r r'r2r.r#r[)rFrrAr3r4r5rrrrKs  zbigcrypt._calc_checksum)F)r\r]r^r_r`rar*rbrcrerfrgrirjr rkrlrmrnrBrGrrKrrrr{rrs    c@sheZdZdZdZdZdZejZ dZ Z ejZ dZ eedejejBZeddZd d Zd d Zd S)raThis class implements the crypt16 password hash, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 2 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :param bool truncate_error: By default, crypt16 will silently truncate passwords larger than 16 bytes. Setting ``truncate_error=True`` will cause :meth:`~passlib.ifc.PasswordHash.hash` to raise a :exc:`~passlib.exc.PasswordTruncateError` instead. .. versionadded:: 1.7 :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``salt`` strings that are too long. .. versionadded:: 1.6 r:r zU ^ (?P[./a-z0-9]{2}) (?P[./a-z0-9]{22})? $cCsDt|dd}|j|}|s(tj||dd\}}|||dSrrrrrrrB+s    zcrypt16.from_stringcCstd|j|jf}t|SrCrDrErrrrG4szcrypt16.to_stringcCst|tr|d}|jr$||zt|jd}Wn tk rZt tdYnXt |}t |d|d}t |dd}t |d|d}t |t |}|dS) Nr!r<zinvalid chars in saltrrrr)r&r r'rHrIrr%r. ValueErrorr rr rr-r[)rFrr/Zkey1Zresult1Zkey2Zresult2rArrrrK;s   zcrypt16._calc_checksumN)r\r]r^r_r`rardr*rbrcrerfrgrhrirjr rkrlrmrnrBrGrKrrrrrs$   )*r_riZloggingZ getLoggerr\logwarningsrZ passlib.utilsrrrZpasslib.utils.binaryrrZpasslib.utils.compatrr r r r Zpasslib.crypto.desr Zpasslib.utils.handlersZutilsZhandlersr*__all__r)rr2r6r9Z TruncateMixinZHasManyBackendsZHasSaltZGenericHandlerrZ HasRoundsrrrrrrrs2     $S