Current File : //usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyc
�
��Xc@�s�dZddlmZmZddlZeje�ZddlZddl	Z	ddl
mZeZ
eaddlmZddlmZddlmZddlmZmZdd	lmZmZmZddljjZd
gZ yddl!Z
Wne"k
reZ
nXe#e
de�Z$e$rBe$�Z%e
j&j'Z(ndfd
��YZ%dZ(dej)ej*ej+ej,ej-ej.fd��YZ/de/fd��YZ0de/fd��YZ1de/fd��YZ2d
e0e/fd��YZ!dS(s�passlib.handlers.argon2 -- argon2 password hash wrapper

References
==========
* argon2
    - home: https://github.com/P-H-C/phc-winner-argon2
    - whitepaper: https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf
* argon2 cffi wrapper
    - pypi: https://pypi.python.org/pypi/argon2_cffi
    - home: https://github.com/hynek/argon2_cffi
* argon2 pure python
    - pypi: https://pypi.python.org/pypi/argon2pure
    - home: https://github.com/bwesterb/argon2pure
i(twith_statementtabsolute_importN(twarn(texc(t
MAX_UINT32(tto_bytes(tb64s_encodetb64s_decode(tutunicodet
bascii_to_strtargon2tPasswordHashert_default_settingscB�s,eZdZdZdZdZdZdZRS(s�
        dummy object to use as source of defaults when argon2 mod not present.
        synced w/ argon2 16.1 as of 2016-6-16
        iii(t__name__t
__module__t__doc__t	time_costtmemory_costtparallelismtsalt_lenthash_len(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR
:sit
_Argon2Commonc	B�s�eZdZdZd Zed�ZejZ	ed�ed
�fZ
ejZdZ
eZejZdZeZdZd"ZeZd#ZdZdZeZejZeZej Z eZ!d#Z"e#d#d#d#d#d#d#d#d��Z$e#d��Z%e#d��Z&e'j(de'j)�Z*e#d��Z+d�Z,ed#d#d#d�Z-e#d��Z.e#ed��Z/d�Z0dZ1e#d��Z2e#d#d#d��Z3RS($s&
    Base class which implements brunt of Argon2 code.
    This is then subclassed by the various backends,
    to override w/ backend-specific methods.

    When a backend is loaded, the bases of the 'argon2' class proper
    are modified to prepend the correct backend-specific subclass.
    Rtsaltt	salt_sizeRtroundsRRRtdigest_sizeRs$argon2is	$argon2i$s	$argon2d$iitlinearii����cK�s|dk	r4d|kr'td��n||d<n|dk	rhd|kr[td��n||d<n|dk	r�|dk	r�td��n|}n|dk	r�|dk	r�td��n|}ntt|�j|�}	|jd�}
|dk	rLt|tj�rt	|�}ntj
|	|dd	d
tddd|
�|	_n|dk	r�t|tj�ryt	|�}n|	j
|d|
�|	_n|	j|	j|	j�|dk	rt|tj�r�t	|�}n|d
kr|dkrtd|f��n||	_n|	S(NRs/'time_cost' and 'rounds' are mutually exclusiveRs1'salt_len' and 'salt_size' are mutually exclusives3'hash_len' and 'digest_size' are mutually exclusives8'checksum_size' and 'digest_size' are mutually exclusivetrelaxedtminitmaxtparamRii����s7max_threads (%d) must be -1 (unlimited), or at least 1.(tNonet	TypeErrortsuperRtusingtgett
isinstancetuhtnative_string_typestinttnorm_integerRt
checksum_sizet_norm_memory_costRt_validate_constraintsRt
ValueErrortmax_threads(tclsRRRRR*RR.tkwdstsubclsR((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR#�sH

		cC�s<d|}||kr8td|j|||f��ndS(NisO%s: memory_cost (%d) is too low, must be at least 8 * parallelism (8 * %d = %d)(R-tname(R/RRtmin_memory_cost((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR,�s

	cC�stj|�}|j|j�S(N(R&tto_unicode_for_identifyt
startswithtident_values(R/thash((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pytidentifyss�
        ^
        \$argon2(?P<type>[id])\$
        (?:
            v=(?P<version>\d+)
            \$
        )?
        m=(?P<memory_cost>\d+)
        ,
        t=(?P<time_cost>\d+)
        ,
        p=(?P<parallelism>\d+)
        (?:
            ,keyid=(?P<keyid>[^,$]+)
        )?
        (?:
            ,data=(?P<data>[^,$]+)
        )?
        (?:
            \$
            (?P<salt>[^$]+)
            (?:
                \$
                (?P<digest>.+)
            )?
        )?
        $
    cC�s|t|t�r!|jd�}nt|t�sEtj|d��n|jj|�}|sotj|��n|j	ddddddd	d
d�	\	}}}}}}}	}
}|dks�t
d|f��|r�td��n|d|d
kd|r	t|�nddt|�dt|�dt|�d
|
rEt
|
�ndd	|	r]t
|	�ndd|rut
|�nd�S(Nsutf-8R7ttypetversionRRRtkeyidtdataRtdigesttitdsunexpected type code: %rs&argon2 'keyid' parameter not supportedttype_diRtchecksum(R>R?(R%R	tencodetbytesRtExpectedStringErrort_hash_regextmatchtMalformedHashErrortgrouptAssertionErrortNotImplementedErrorR(RR (R/R7tmR9R:RRRR;R<RR=((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pytfrom_string8s*-cC�s�t|j|j�}|j}|dkr4d}n
d|}|j}|ridtt|j��}nd}d|||j|j|j	|tt|j
��tt|j��fS(Nitsv=%d$s,data=s%s%sm=%d,t=%d,p=%d%s$%s$%s(tstrR6R@R:R<R
RRRRRRA(tselftidentR:tvstrR<tkdstr((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt	to_stringSs		
	cK�s7|jd�}|dk	r-t|�|_ntt|�j|�||_|dkr�tj	||j
|jdd�s�t�n|j|�|_
|dkr�tj	||j
|jdd�s�t�n|j|�|_
|dkr|jdks3t�n3t|t�s*tjj|dd��n||_dS(NRARR:RRCR<(R$R tlenR*R"Rt__init__R@R&tvalidate_default_valueR:t
_norm_versionRIRR+R<R%RCRtExpectedTypeError(ROR@R:RR<R0RA((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRUis$	cC�s�t|tj�s-tjj|dd��n|dkr[|dkr[td|f��n|j�}||jkr�td|j|||jf��n|S(NtintegerR:iisinvalid argon2 hash version: %dsk%s: hash version 0x%X not supported by %r backend (max version is 0x%X); try updating or switching backends(	R%R&t	int_typesRRXR-tget_backendtmax_versionR2(R/R:tbackend((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRW�sc	C�s%tj||d|jddd|�S(NRRRR(R&R)R3(R/RR((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR+�scK�s�t|�}|jrtS|j}|dks=||jkrI|j}n|j|kr\tS|j|jkrrtS|j|jkr�tSt	t
|�j|�S(N(R9R@tTruetmin_desired_versionR R\R:RR*R"Rt_calc_needs_update(ROR0R/tminver((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR`�s		s> -- recommend you install one (e.g. 'pip install argon2_cffi')cC�sT|j}t|t�r$|dks*t�|dkrPtd|tjj�ntS(s�
        helper called by from backend mixin classes' _load_backend_mixin() --
        invoked after backend imports have been loaded, and performs
        feature detection & testing common to all backends.
        iis6%r doesn't support argon2 v1.3, and should be upgraded(	R\R%R(RIRR&RtPasslibSecurityWarningR^(t	mixin_clsR2tdryrunR\((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt_finalize_backend_mixin�s	!
cC�s�|j�}|dkr6|dk	r6|j|�}n|dk	r�|j|j|j�|dkr�|jdk	r�td��q�nt|�}|dkr�d|||f}nt	|�}t
j|d|��dS(s}
        internal helper invoked when backend has hash/verification error;
        used to adapt to passlib message.
        targon2_cffis8argon2_cffi backend doesn't support the 'data' parametersDecoding faileds%s reported: %s: hash=%rtreasonN(sDecoding failed(R[R RLR,RRR<RJRNtreprRRG(R/terrR7ROR]ttextRg((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt_adapt_backend_error�s	(	ssalts	salt_sizessalt_lensroundss	time_costsmemory_costsparallelismsdigest_sizeshash_lenii���N(4RRRR2tsetting_kwdsRRPR
RR*R6Rtdefault_salt_sizet
min_salt_sizeRt
max_salt_sizeRtdefault_roundst
min_roundst
max_roundstrounds_costtmax_parallelismt_default_versionR\R R_R3R.tFalsetpure_use_threadsRR:RR@R<tclassmethodR#R,R8tretcompiletXRERLRSRURWR+R`t_no_backend_suggestionReRk(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRIsd
						6	)	t
_NoBackendcB�s\eZdZed��Zed��Zejdddd�ed���Zd�Z	RS(	s�
    mixin used before any backend has been loaded.
    contains stubs that force loading of one of the available backends.
    cC�s|j�|j|�S(N(t_stub_requires_backendR7(R/tsecret((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR7s
cC�s|j�|j||�S(N(R~tverify(R/RR7((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR�s
t
deprecateds1.7tremoveds2.0cC�s|j�|j||�S(N(R~tgenhash(R/Rtconfig((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR�s
cC�s |j�tt|�j|�S(N(R~R"Rt_calc_checksum(ROR((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR�s
(
RRRRxR7R�R&tdeprecated_methodR�R�(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR}�st_CffiBackendcB�sSeZdZed��Zed��Zed��Zed��Zd�ZRS(s
    argon2_cffi backend
    cC�sRtdkrtStjj}tjdtj|�||_|_	|j
||�S(NsOdetected 'argon2_cffi' backend, version %r, with support for 0x%x argon2 hashes(t_argon2_cffiR Rvt	low_leveltARGON2_VERSIONtlogtdebugt__version__R:R\Re(RcR2RdR\((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt_load_backend_mixin0s	
cC�s�tj|�t|d�}ybttjjdtjjjd|j	d|j
d|jdt|j��d|j
d|��SWn(tjjk
r�}|j|��nXdS(	Nsutf-8R9RRRRRR(R&tvalidate_secretRR
R�R�thash_secrettTypetIRRpRt_generate_saltR*t
exceptionstHashingErrorRk(R/RRi((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR7>s
				cC�s�tj|�t|d�}t|d�}|jd�rLtjjj}ntjjj}y2tjj	|||�}|t
ks�t�t
SWnEtjj
k
r�tStjjk
r�}|j|d|��nXdS(Nsutf-8tasciis	$argon2d$R7(R&R�RR5R�R�R�tDR�t
verify_secretR^RIR�tVerifyMismatchErrorRvtVerificationErrorRk(R/RR7R9tresultRi((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR�Qs
cC�stj|�t|d�}|j|�}|jrFtjjj}ntjjj	}yat
tjjd|d|jd|j
d|jdt|j�d|jd|d	|j��}Wn.tjjk
r�}|j|d
|��nX|jdkr|jdd
�}n|S(Nsutf-8R9RRRRRRR:R7is$v=16$t$(R&R�RRLR@R�R�R�R�R�R
R�RRRRR*R:R�R�Rktreplace(R/RR�ROR9R�Ri((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR�fs*
					cC�std��dS(Ns-shouldn't be called under argon2_cffi backend(RI(ROR((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR��s(	RRRRxR�R7R�R�R�(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR�(s t_PureBackendcB�s&eZdZed��Zd�ZRS(s
    argon2pure backend
    cC�s�yddlaWntk
r$tSXyddlm}Wntk
rZtjd�tSXtjd|�|s�tdt	j
�n||_|_|j
||�S(Ni(tARGON2_DEFAULT_VERSIONs\detected 'argon2pure' backend, but package is too old (passlib requires argon2pure >= 1.2.3)sBdetected 'argon2pure' backend, with support for 0x%x argon2 hashess�Using argon2pure backend, which is 100x+ slower than is required for adequate security. Installing argon2_cffi (via 'pip install argon2_cffi') is strongly recommended(t
argon2puret_argon2puretImportErrorRvR�R�twarningR�RRRbR:R\Re(RcR2RdR\((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR��s 


	
cC�stj|�t|d�}|jr1tj}n	tj}td|d|jd|j	d|j
d|jd|jd|d	|j
�}|jd
kr�|j|d<n|jr�t|d<n|jr�|j|d
<nytj|�SWn+tjk
r}|j|d|��nXdS(Nsutf-8tpasswordRRRRt
tag_lengtht	type_codeR:itthreadstuse_threadstassociated_dataRO(R&R�RR@R�tARGON2DtARGON2ItdictRRRRR*R:R.RwR^R<RtArgon2ErrorRk(RORR9R0Ri((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR��s0
								
	(RRRRxR�R�(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR��s%cB�s5eZdZdZeZied6ed6e	d6Z
RS(s[
    This class implements the Argon2 password hash [#argon2-home]_, and follows the :ref:`password-hash-api`.
    (This class only supports generating "Type I" argon2 hashes).

    Argon2 supports a variable-length salt, and variable time & memory cost,
    and a number of other configurable parameters.

    The :meth:`~passlib.ifc.PasswordHash.replace` method accepts the following optional keywords:

    :type salt: str
    :param salt:
        Optional salt string.
        If specified, the length must be between 0-1024 bytes.
        If not specified, one will be auto-generated (this is recommended).

    :type salt_size: int
    :param salt_size:
        Optional number of bytes to use when autogenerating new salts.

    :type rounds: int
    :param rounds:
        Optional number of rounds to use.
        This corresponds linearly to the amount of time hashing will take.

    :type time_cost: int
    :param time_cost:
        An alias for **rounds**, for compatibility with underlying argon2 library.

    :param int memory_cost:
        Defines the memory usage in kibibytes.
        This corresponds linearly to the amount of memory hashing will take.

    :param int parallelism:
        Defines the parallelization factor.
        *NOTE: this will affect the resulting hash value.*

    :param int digest_size:
        Length of the digest in bytes.

    :param int max_threads:
        Maximum number of threads that will be used.
        -1 means unlimited; otherwise hashing will use ``min(parallelism, max_threads)`` threads.

        .. note::

            This option is currently only honored by the argon2pure backend.

    :type relaxed: bool
    :param relaxed:
        By default, providing an invalid value for one of the other
        keywords will result in a :exc:`ValueError`. If ``relaxed=True``,
        and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning`
        will be issued instead. Correctable errors include ``rounds``
        that are too small or too large, and ``salt`` strings that are too long.

    .. todo::

        * Support configurable threading limits.
    RfR�(sargon2_cffis
argon2pureN(RRRtbackendsR^t_backend_mixin_targetR}R R�R�t_backend_mixin_map(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR�s;(3Rt
__future__RRtloggingt	getLoggerRR�RyttypestwarningsRR R�R�tpasslibRtpasslib.crypto.digestRt
passlib.utilsRtpasslib.utils.binaryRRtpasslib.utils.compatRR	R
tpasslib.utils.handlerstutilsthandlersR&t__all__RR�tgetattrt_PasswordHasherR
R�R�RutSubclassBackendMixintParallelismMixint	HasRoundst
HasRawSalttHasRawChecksumtGenericHandlerRR}R�R�(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt<module>sB	

	
��*hQ