h XdZddlZejeZddlmZmZmZm Z ddl m Z m Z ddl mZmZmZmZddlmZmZddlmcmZdgZGddej4ej6ej8ej:Zy) z:passlib.handlers.scram - hash for SCRAM credential storageN)consteqsaslprep to_native_str splitcomma) ab64_decode ab64_encode) bascii_to_str iteritemsunative_string_types) pbkdf2_hmacnorm_hash_namescramceZdZdZdZdZedZdZdZ dZ dZ dZ d Z gd Zgd Zd Zed ZeddZedZedZdZedfd Zdfd ZddZedZfdZddZeddZxZS)raZThis class provides a format for storing SCRAM passwords, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt bytes. If specified, the length must be between 0-1024 bytes. If not specified, a 12 byte salt will be autogenerated (this is recommended). :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to 12 bytes, but can be any value between 0 and 1024. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 100000, but must be within ``range(1,1<<32)``. :type algs: list of strings :param algs: Specify list of digest algorithms to use. By default each scram hash will contain digests for SHA-1, SHA-256, and SHA-512. This can be overridden by specify either be a list such as ``["sha-1", "sha-256"]``, or a comma-separated string such as ``"sha-1, sha-256"``. Names are case insensitive, and may use :mod:`!hashlib` or `IANA `_ hash names. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 In addition to the standard :ref:`password-hash-api` methods, this class also provides the following methods for manipulating Passlib scram hashes in ways useful for pluging into a SCRAM protocol stack: .. automethod:: extract_digest_info .. automethod:: extract_digest_algs .. automethod:: derive_digest )salt salt_sizeroundsalgs$scram$ iillinear)sha-1sha-256sha-512)rrzsha-224zsha-384rNct|d}|j|}|j}|s td|j|j ||fS)areturn (salt, rounds, digest) for specific hash algorithm. :type hash: str :arg hash: :class:`!scram` hash stored for desired user :type alg: str :arg alg: Name of digest algorithm (e.g. ``"sha-1"``) requested by client. This value is run through :func:`~passlib.crypto.digest.norm_hash_name`, so it is case-insensitive, and can be the raw SCRAM mechanism name (e.g. ``"SCRAM-SHA-1"``), the IANA name, or the hashlib name. :raises KeyError: If the hash does not contain an entry for the requested digest algorithm. :returns: A tuple containing ``(salt, rounds, digest)``, where *digest* matches the raw bytes returned by SCRAM's :func:`Hi` function for the stored password, the provided *salt*, and the iteration count (*rounds*). *salt* and *digest* are both raw (unencoded) bytes. ianazscram hash contains no digests)r from_stringchecksum ValueErrorrr)clshashalgselfchkmaps X/var/www/html/Resume-Scraper/venv/lib/python3.12/site-packages/passlib/handlers/scram.pyextract_digest_infozscram.extract_digest_info|sO>S&)t$=> >yy$++vc{22c|j|j}|dk(r|S|Dcgc]}t||c}Scc}w)aReturn names of all algorithms stored in a given hash. :type hash: str :arg hash: The :class:`!scram` hash to parse :type format: str :param format: This changes the naming convention used by the returned algorithm names. By default the names are IANA-compatible; possible values are ``"iana"`` or ``"hashlib"``. :returns: Returns a list of digest algorithms; e.g. ``["sha-1"]`` r)rrr)r!r"formatrr#s r&extract_digest_algszscram.extract_digest_algss@(t$)) V K;?@CN3/@ @@s=crt|tr|jd}t|t |||S)a;helper to create SaltedPassword digest for SCRAM. This performs the step in the SCRAM protocol described as:: SaltedPassword := Hi(Normalize(password), salt, i) :type password: unicode or utf-8 bytes :arg password: password to run through digest :type salt: bytes :arg salt: raw salt data :type rounds: int :arg rounds: number of iterations. :type alg: str :arg alg: name of digest to use (e.g. ``"sha-1"``). :returns: raw bytes of ``SaltedPassword`` zutf-8) isinstancebytesdecoder r)r!passwordrrr#s r& derive_digestzscram.derive_digests4. h &w/H3 2D&AAr(cdt|dd}|jdstjj ||ddj d}t |dk7rtjj||\}}}t|}|t|k7rtjj| t|jd}|stjj|d|vrMd}i} |j dD]4} | j d\} } t| jd| | <6n|}d} |||| | S#t$r tjj|wxYw#t$r tjj|wxYw) Nasciir"r$=,)rrrr) r startswithuhexcInvalidHashErrorsplitlenMalformedHashErrorintstrrencode TypeError) r!r"parts rounds_strsalt_strchk_strrrrr%pairr#digests r&rzscram.from_stringsT7F3y)&&))#. .QRs# u:?&&++C0 0(-% HgZ V $&&++C0 0 1xw78D &&++C0 0 G^DF c* 9"jjo V9"-fmmG.D"EF3K 9DF   / 1&&++C0 0 1!9&&33C889s>E*F)F)F/ctt|j}|jdj fd|j D}d|j ||fzS)Nr8c 3VK|] }|dtt|"yw)r7N)r r).0r#r%s r& z"scram.to_string..s, M+fSk*BC D s&)z$scram$%d$%s$%s)r rrrjoinrr)r$rrGr%s @r& to_stringzscram.to_string sV[34(( yy  !DKKw#???r(c n||J|}tt| di|}||j||_|S)N)superrusing _norm_algs default_algs)r!rUrkwdssubcls __class__s r&rSz scram.usingsM  ' 'Luc(040  #"%..">F  r(c tt| di||j}|&| t d|j |}||_ y|'|j |j }||_ y|jr3t|j}|j ||k(sJd|td||_ y)Nz+checksum & algs kwds are mutually exclusivezinvalid default algs: zno algs list specifiedrQ) rRr__init__r RuntimeErrorrTkeys use_defaultslistrUrCr)r$rrV digest_maprXs r&rZzscram.__init__+s eT#+d+]]  %"#PQQ??4(D  #??:??#45D    ))*D??4(D0 VPT2V V45 5 r(ct|ts!tjj |ddt |D]o\}}|t |dk7rtd|t|dkDrtd|t|trPtjj |ddd |vr td |S) Ndictrrz(malformed algorithm name in scram hash: z.SCRAM limits algorithm names to 9 characters: z raw bytesdigestsr-sha-1 must be in algorithm list of scram hash) r-rar:r;ExpectedTypeErrorr rr r>r.)r$rrelaxedr#rIs r&_norm_checksumzscram._norm_checksum>s(D)&&**8VZH H$X. OKCnS&11 "%"())3x!| 7:"=>>fe,ff..v{INN O ( "LM Mr(ct|tr t|}td|D}t d|Dr t dd|vr t d|S)znormalize algs parameterc34K|]}t|dyw)rN)rrLr#s r&rMz#scram._norm_algs..UsBcnS&1Bsc38K|]}t|dkDyw)rbN)r>rjs r&rMz#scram._norm_algs..Vs*cs3xz*sz-SCRAM limits alg names to max of 9 charactersrrd)r-r rsortedanyr )r!rs r&rTzscram._norm_algsPs\ d/ 0d#DBTBB *T* *LM M $ LM M r(c t|jj|jsyt t |di|S)NTrQ)setr issupersetrUrRr_calc_needs_update)r$rVrXs r&rqzscram._calc_needs_update`s;499~(():):;UD4.vs)d6456s)rrr1rar)r$rur#r"rrs ` @@@r&_calc_checksumzscram._calc_checksummsTyy!! fc2 299 r(c Ptj||j|}|j}|s&t d|j d|j d|rdx}}t |D]e\}} |j||} t| t| k7r&t d|dt| dt| t| | rd}dd}g|r |r t d |S|jD])}||vs|j||} t| ||cStd ) Nz expected z hash, got z config string insteadFz mis-sized z digest in scram hash: z != Tz4scram hash verified inconsistently, may be corruptedzsha-1 digest not found!) r:validate_secretrrr namer rvr>r _verify_algsAssertionError) r!rur"fullr$r%correctfailedr#rIothers r&verifyz scram.verify{s; 6"t$!hh23 3 $ $Gf(0 " V++FC8 v;#e*,$(+S[#e*&FGG5&)"G!F "6 "455(( 7&= //rsn@ 'g''1GF9QQ=##  N