pollutri
/
res_levis_API
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
1 Branch
203 MiB
 
 
 
 
Tree: 1141c5ca64
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1141c5ca64'
${ noResults }
res_levis_API/lib/python3.6/site-packages/passlib/utils/pbkdf2.py

194 lines
6.7 KiB
Raw Blame History 

  1. """passlib.pbkdf2 - PBKDF2 support

  2. 

  3. this module is getting increasingly poorly named.

  4. maybe rename to "kdf" since it's getting more key derivation functions added.

  5. """

  6. #=============================================================================

  7. # imports

  8. #=============================================================================

  9. from __future__ import division

  10. # core

  11. import logging; log = logging.getLogger(__name__)

  12. # site

  13. # pkg

  14. from passlib.exc import ExpectedTypeError

  15. from passlib.utils.decor import deprecated_function

  16. from passlib.utils.compat import native_string_types

  17. from passlib.crypto.digest import norm_hash_name, lookup_hash, pbkdf1 as _pbkdf1, pbkdf2_hmac, compile_hmac

  18. # local

  19. __all__ = [

  20.     # hash utils

  21.     "norm_hash_name",

  22. 

  23.     # prf utils

  24.     "get_prf",

  25. 

  26.     # kdfs

  27.     "pbkdf1",

  28.     "pbkdf2",

  29. ]

  30. 

  31. #=============================================================================

  32. # issue deprecation warning for module

  33. #=============================================================================

  34. from warnings import warn

  35. 

  36. warn("the module 'passlib.utils.pbkdf2' is deprecated as of Passlib 1.7, "

  37.      "and will be removed in Passlib 2.0, please use 'passlib.crypto' instead",

  38.      DeprecationWarning)

  39. 

  40. #=============================================================================

  41. # hash helpers

  42. #=============================================================================

  43. 

  44. norm_hash_name = deprecated_function(deprecated="1.7", removed="1.8", func_module=__name__,

  45.     replacement="passlib.crypto.digest.norm_hash_name")(norm_hash_name)

  46. 

  47. #=============================================================================

  48. # prf lookup

  49. #=============================================================================

  50. 

  51. #: cache mapping prf name/func -> (func, digest_size)

  52. _prf_cache = {}

  53. 

  54. #: list of accepted prefixes

  55. _HMAC_PREFIXES = ("hmac_", "hmac-")

  56. 

  57. def get_prf(name):

  58.     """Lookup pseudo-random family (PRF) by name.

  59. 

  60.     :arg name:

  61.         This must be the name of a recognized prf.

  62.         Currently this only recognizes names with the format

  63.         :samp:`hmac-{digest}`, where :samp:`{digest}`

  64.         is the name of a hash function such as

  65.         ``md5``, ``sha256``, etc.

  66. 

  67.         todo: restore text about callables.

  68. 

  69.     :raises ValueError: if the name is not known

  70.     :raises TypeError: if the name is not a callable or string

  71. 

  72.     :returns:

  73.         a tuple of :samp:`({prf_func}, {digest_size})`, where:

  74. 

  75.         * :samp:`{prf_func}` is a function implementing

  76.           the specified PRF, and has the signature

  77.           ``prf_func(secret, message) -> digest``.

  78. 

  79.         * :samp:`{digest_size}` is an integer indicating

  80.           the number of bytes the function returns.

  81. 

  82.     Usage example::

  83. 

  84.         >>> from passlib.utils.pbkdf2 import get_prf

  85.         >>> hmac_sha256, dsize = get_prf("hmac-sha256")

  86.         >>> hmac_sha256

  87.         <function hmac_sha256 at 0x1e37c80>

  88.         >>> dsize

  89.         32

  90.         >>> digest = hmac_sha256('password', 'message')

  91. 

  92.     .. deprecated:: 1.7

  93. 

  94.         This function is deprecated, and will be removed in Passlib 2.0.

  95.         This only related replacement is :func:`passlib.crypto.digest.compile_hmac`.

  96.     """

  97.     global _prf_cache

  98.     if name in _prf_cache:

  99.         return _prf_cache[name]

  100.     if isinstance(name, native_string_types):

  101.         if not name.startswith(_HMAC_PREFIXES):

  102.             raise ValueError("unknown prf algorithm: %r" % (name,))

  103.         digest = lookup_hash(name[5:]).name

  104.         def hmac(key, msg):

  105.             return compile_hmac(digest, key)(msg)

  106.         record = (hmac, hmac.digest_info.digest_size)

  107.     elif callable(name):

  108.         # assume it's a callable, use it directly

  109.         digest_size = len(name(b'x', b'y'))

  110.         record = (name, digest_size)

  111.     else:

  112.         raise ExpectedTypeError(name, "str or callable", "prf name")

  113.     _prf_cache[name] = record

  114.     return record

  115. 

  116. #=============================================================================

  117. # pbkdf1 support

  118. #=============================================================================

  119. def pbkdf1(secret, salt, rounds, keylen=None, hash="sha1"):

  120.     """pkcs#5 password-based key derivation v1.5

  121. 

  122.     :arg secret: passphrase to use to generate key

  123.     :arg salt: salt string to use when generating key

  124.     :param rounds: number of rounds to use to generate key

  125.     :arg keylen: number of bytes to generate (if ``None``, uses digest's native size)

  126.     :param hash:

  127.         hash function to use. must be name of a hash recognized by hashlib.

  128. 

  129.     :returns:

  130.         raw bytes of generated key

  131. 

  132.     .. note::

  133. 

  134.         This algorithm has been deprecated, new code should use PBKDF2.

  135.         Among other limitations, ``keylen`` cannot be larger

  136.         than the digest size of the specified hash.

  137. 

  138.     .. deprecated:: 1.7

  139. 

  140.         This has been relocated to :func:`passlib.crypto.digest.pbkdf1`,

  141.         and this version will be removed in Passlib 2.0.

  142.         *Note the call signature has changed.*

  143.     """

  144.     return _pbkdf1(hash, secret, salt, rounds, keylen)

  145. 

  146. #=============================================================================

  147. # pbkdf2

  148. #=============================================================================

  149. def pbkdf2(secret, salt, rounds, keylen=None, prf="hmac-sha1"):

  150.     """pkcs#5 password-based key derivation v2.0

  151. 

  152.     :arg secret:

  153.         passphrase to use to generate key

  154. 

  155.     :arg salt:

  156.         salt string to use when generating key

  157. 

  158.     :param rounds:

  159.         number of rounds to use to generate key

  160. 

  161.     :arg keylen:

  162.         number of bytes to generate.

  163.         if set to ``None``, will use digest size of selected prf.

  164. 

  165.     :param prf:

  166.         psuedo-random family to use for key strengthening.

  167.         this must be a string starting with ``"hmac-"``, followed by the name of a known digest.

  168.         this defaults to ``"hmac-sha1"`` (the only prf explicitly listed in

  169.         the PBKDF2 specification)

  170. 

  171.         .. rst-class:: warning

  172. 

  173.         .. versionchanged 1.7:

  174. 

  175.             This argument no longer supports arbitrary PRF callables --

  176.             These were rarely / never used, and created too many unwanted codepaths.

  177. 

  178.     :returns:

  179.         raw bytes of generated key

  180. 

  181.     .. deprecated:: 1.7

  182. 

  183.         This has been deprecated in favor of :func:`passlib.crypto.digest.pbkdf2_hmac`,

  184.         and will be removed in Passlib 2.0.  *Note the call signature has changed.*

  185.     """

  186.     if callable(prf) or (isinstance(prf, native_string_types) and not prf.startswith(_HMAC_PREFIXES)):

  187.         raise NotImplementedError("non-HMAC prfs are not supported as of Passlib 1.7")

  188.     digest = prf[5:]

  189.     return pbkdf2_hmac(digest, secret, salt, rounds, keylen)

  190. 

  191. #=============================================================================

  192. # eof

  193. #=============================================================================