Current File : //usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyo
�
��Xc@�s�dZddlmZmZddlZeje�ZddlZddl	Z	ddl
mZeZ
eaddlmZddlmZddlmZddlmZmZdd	lmZmZmZddljjZd
gZ yddl!Z
Wne"k
reZ
nXe#e
de�Z$e$rBe$�Z%e
j&j'Z(ndfd
��YZ%dZ(dej)ej*ej+ej,ej-ej.fd��YZ/de/fd��YZ0de/fd��YZ1de/fd��YZ2d
e0e/fd��YZ!dS(s�passlib.handlers.argon2 -- argon2 password hash wrapper

References
==========
* argon2
    - home: https://github.com/P-H-C/phc-winner-argon2
    - whitepaper: https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf
* argon2 cffi wrapper
    - pypi: https://pypi.python.org/pypi/argon2_cffi
    - home: https://github.com/hynek/argon2_cffi
* argon2 pure python
    - pypi: https://pypi.python.org/pypi/argon2pure
    - home: https://github.com/bwesterb/argon2pure
i(twith_statementtabsolute_importN(twarn(texc(t
MAX_UINT32(tto_bytes(tb64s_encodetb64s_decode(tutunicodet
bascii_to_strtargon2tPasswordHashert_default_settingscB�s,eZdZdZdZdZdZdZRS(s�
        dummy object to use as source of defaults when argon2 mod not present.
        synced w/ argon2 16.1 as of 2016-6-16
        iii(t__name__t
__module__t__doc__t	time_costtmemory_costtparallelismtsalt_lenthash_len(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR
:sit
_Argon2Commonc	B�s�eZdZdZd Zed�ZejZ	ed�ed
�fZ
ejZdZ
eZejZdZeZdZd"ZeZd#ZdZdZeZejZeZej Z eZ!d#Z"e#d#d#d#d#d#d#d#d��Z$e#d��Z%e#d��Z&e'j(de'j)�Z*e#d��Z+d�Z,ed#d#d#d�Z-e#d��Z.e#ed��Z/d�Z0dZ1e#d��Z2e#d#d#d��Z3RS($s&
    Base class which implements brunt of Argon2 code.
    This is then subclassed by the various backends,
    to override w/ backend-specific methods.

    When a backend is loaded, the bases of the 'argon2' class proper
    are modified to prepend the correct backend-specific subclass.
    Rtsaltt	salt_sizeRtroundsRRRtdigest_sizeRs$argon2is	$argon2i$s	$argon2d$iitlinearii����cK�s|dk	r4d|kr'td��n||d<n|dk	rhd|kr[td��n||d<n|dk	r�|dk	r�td��n|}n|dk	r�|dk	r�td��n|}ntt|�j|�}	|jd�}
|dk	rLt|tj�rt	|�}ntj
|	|dd	d
tddd|
�|	_n|dk	r�t|tj�ryt	|�}n|	j
|d|
�|	_n|	j|	j|	j�|dk	rt|tj�r�t	|�}n|d
kr|dkrtd|f��n||	_n|	S(NRs/'time_cost' and 'rounds' are mutually exclusiveRs1'salt_len' and 'salt_size' are mutually exclusives3'hash_len' and 'digest_size' are mutually exclusives8'checksum_size' and 'digest_size' are mutually exclusivetrelaxedtminitmaxtparamRii����s7max_threads (%d) must be -1 (unlimited), or at least 1.(tNonet	TypeErrortsuperRtusingtgett
isinstancetuhtnative_string_typestinttnorm_integerRt
checksum_sizet_norm_memory_costRt_validate_constraintsRt
ValueErrortmax_threads(tclsRRRRR*RR.tkwdstsubclsR((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR#�sH

		cC�s<d|}||kr8td|j|||f��ndS(NisO%s: memory_cost (%d) is too low, must be at least 8 * parallelism (8 * %d = %d)(R-tname(R/RRtmin_memory_cost((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR,�s

	cC�stj|�}|j|j�S(N(R&tto_unicode_for_identifyt
startswithtident_values(R/thash((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pytidentifyss�
        ^
        \$argon2(?P<type>[id])\$
        (?:
            v=(?P<version>\d+)
            \$
        )?
        m=(?P<memory_cost>\d+)
        ,
        t=(?P<time_cost>\d+)
        ,
        p=(?P<parallelism>\d+)
        (?:
            ,keyid=(?P<keyid>[^,$]+)
        )?
        (?:
            ,data=(?P<data>[^,$]+)
        )?
        (?:
            \$
            (?P<salt>[^$]+)
            (?:
                \$
                (?P<digest>.+)
            )?
        )?
        $
    cC�s]t|t�r!|jd�}nt|t�sEtj|d��n|jj|�}|sotj|��n|j	ddddddd	d
d�	\	}}}}}}}	}
}|r�t
d��n|d
|dkd|r�t|�nddt|�dt|�dt|�d
|
r&t|
�ndd	|	r>t|	�ndd|rVt|�nd�S(Nsutf-8R7ttypetversionRRRtkeyidtdataRtdigests&argon2 'keyid' parameter not supportedttype_dtdiRtchecksum(R%R	tencodetbytesRtExpectedStringErrort_hash_regextmatchtMalformedHashErrortgrouptNotImplementedErrorR(RR (R/R7tmR9R:RRRR;R<RR=((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pytfrom_string8s(-cC�s�t|j|j�}|j}|dkr4d}n
d|}|j}|ridtt|j��}nd}d|||j|j|j	|tt|j
��tt|j��fS(Nitsv=%d$s,data=s%s%sm=%d,t=%d,p=%d%s$%s$%s(tstrR6R>R:R<R
RRRRRR@(tselftidentR:tvstrR<tkdstr((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt	to_stringSs		
	cK�s�|jd�}|dk	r-t|�|_ntt|�j|�||_|dkr[n|j|�|_	|dkr|n|j
|�|_|dkr�n3t|t
�s�tjj|dd��n||_dS(NR@RBR<(R$R tlenR*R"Rt__init__R>t
_norm_versionR:R+RR%RBR&RtExpectedTypeErrorR<(RMR>R:RR<R0R@((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRSis 	cC�s�t|tj�s-tjj|dd��n|dkr[|dkr[td|f��n|j�}||jkr�td|j|||jf��n|S(NtintegerR:iisinvalid argon2 hash version: %dsk%s: hash version 0x%X not supported by %r backend (max version is 0x%X); try updating or switching backends(	R%R&t	int_typesRRUR-tget_backendtmax_versionR2(R/R:tbackend((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRT�sc	C�s%tj||d|jddd|�S(NRRRR(R&R)R3(R/RR((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR+�scK�s�t|�}|jrtS|j}|dks=||jkrI|j}n|j|kr\tS|j|jkrrtS|j|jkr�tSt	t
|�j|�S(N(R9R>tTruetmin_desired_versionR RYR:RR*R"Rt_calc_needs_update(RMR0R/tminver((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR]�s		s> -- recommend you install one (e.g. 'pip install argon2_cffi')cC�s3|j}|dkr/td|tjj�ntS(s�
        helper called by from backend mixin classes' _load_backend_mixin() --
        invoked after backend imports have been loaded, and performs
        feature detection & testing common to all backends.
        is6%r doesn't support argon2 v1.3, and should be upgraded(RYRR&RtPasslibSecurityWarningR[(t	mixin_clsR2tdryrunRY((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt_finalize_backend_mixin�s
	
cC�s�|j�}|dkr6|dk	r6|j|�}n|dk	r�|j|j|j�|dkr�|jdk	r�td��q�nt|�}|dkr�d|||f}nt	|�}t
j|d|��dS(s}
        internal helper invoked when backend has hash/verification error;
        used to adapt to passlib message.
        targon2_cffis8argon2_cffi backend doesn't support the 'data' parametersDecoding faileds%s reported: %s: hash=%rtreasonN(sDecoding failed(RXR RJR,RRR<RHRLtreprRRF(R/terrR7RMRZttextRd((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt_adapt_backend_error�s	(	ssalts	salt_sizessalt_lensroundss	time_costsmemory_costsparallelismsdigest_sizeshash_lenii���N(4RRRR2tsetting_kwdsRRNR
RR*R6Rtdefault_salt_sizet
min_salt_sizeRt
max_salt_sizeRtdefault_roundst
min_roundst
max_roundstrounds_costtmax_parallelismt_default_versionRYR R\R3R.tFalsetpure_use_threadsRR:RR>R<tclassmethodR#R,R8tretcompiletXRDRJRQRSRTR+R]t_no_backend_suggestionRbRh(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRIsd
						6	)	t
_NoBackendcB�s\eZdZed��Zed��Zejdddd�ed���Zd�Z	RS(	s�
    mixin used before any backend has been loaded.
    contains stubs that force loading of one of the available backends.
    cC�s|j�|j|�S(N(t_stub_requires_backendR7(R/tsecret((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR7s
cC�s|j�|j||�S(N(R{tverify(R/R|R7((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR}s
t
deprecateds1.7tremoveds2.0cC�s|j�|j||�S(N(R{tgenhash(R/R|tconfig((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR�s
cC�s |j�tt|�j|�S(N(R{R"Rt_calc_checksum(RMR|((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR�s
(
RRRRuR7R}R&tdeprecated_methodR�R�(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyRz�st_CffiBackendcB�sSeZdZed��Zed��Zed��Zed��Zd�ZRS(s
    argon2_cffi backend
    cC�sRtdkrtStjj}tjdtj|�||_|_	|j
||�S(NsOdetected 'argon2_cffi' backend, version %r, with support for 0x%x argon2 hashes(t_argon2_cffiR Rst	low_leveltARGON2_VERSIONtlogtdebugt__version__R:RYRb(R`R2RaRY((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt_load_backend_mixin0s	
cC�s�tj|�t|d�}ybttjjdtjjjd|j	d|j
d|jdt|j��d|j
d|��SWn(tjjk
r�}|j|��nXdS(	Nsutf-8R9RRRRRR|(R&tvalidate_secretRR
R�R�thash_secrettTypetIRRmRt_generate_saltR*t
exceptionstHashingErrorRh(R/R|Rf((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR7>s
				cC�s�tj|�t|d�}t|d�}|jd�rLtjjj}ntjjj}y tjj	|||�}t
SWnEtjjk
r�t
Stjjk
r�}|j|d|��nXdS(Nsutf-8tasciis	$argon2d$R7(R&R�RR5R�R�R�tDR�t
verify_secretR[R�tVerifyMismatchErrorRstVerificationErrorRh(R/R|R7R9tresultRf((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR}Qs
cC�stj|�t|d�}|j|�}|jrFtjjj}ntjjj	}yat
tjjd|d|jd|j
d|jdt|j�d|jd|d	|j��}Wn.tjjk
r�}|j|d
|��nX|jdkr|jdd
�}n|S(Nsutf-8R9RRRRRR|R:R7is$v=16$t$(R&R�RRJR>R�R�R�R�R�R
R�RRRRR*R:R�R�Rhtreplace(R/R|R�RMR9R�Rf((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR�fs*
					cC�std��dS(Ns-shouldn't be called under argon2_cffi backend(tAssertionError(RMR|((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR��s(	RRRRuR�R7R}R�R�(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR�(s t_PureBackendcB�s&eZdZed��Zd�ZRS(s
    argon2pure backend
    cC�s�yddlaWntk
r$tSXyddlm}Wntk
rZtjd�tSXtjd|�|s�tdt	j
�n||_|_|j
||�S(Ni(tARGON2_DEFAULT_VERSIONs\detected 'argon2pure' backend, but package is too old (passlib requires argon2pure >= 1.2.3)sBdetected 'argon2pure' backend, with support for 0x%x argon2 hashess�Using argon2pure backend, which is 100x+ slower than is required for adequate security. Installing argon2_cffi (via 'pip install argon2_cffi') is strongly recommended(t
argon2puret_argon2puretImportErrorRsR�R�twarningR�RRR_R:RYRb(R`R2RaRY((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR��s 


	
cC�stj|�t|d�}|jr1tj}n	tj}td|d|jd|j	d|j
d|jd|jd|d	|j
�}|jd
kr�|j|d<n|jr�t|d<n|jr�|j|d
<nytj|�SWn+tjk
r}|j|d|��nXdS(Nsutf-8tpasswordRRRRt
tag_lengtht	type_codeR:itthreadstuse_threadstassociated_dataRM(R&R�RR>R�tARGON2DtARGON2ItdictRRRRR*R:R.RtR[R<RtArgon2ErrorRh(RMR|R9R0Rf((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR��s0
								
	(RRRRuR�R�(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR��s%cB�s5eZdZdZeZied6ed6e	d6Z
RS(s[
    This class implements the Argon2 password hash [#argon2-home]_, and follows the :ref:`password-hash-api`.
    (This class only supports generating "Type I" argon2 hashes).

    Argon2 supports a variable-length salt, and variable time & memory cost,
    and a number of other configurable parameters.

    The :meth:`~passlib.ifc.PasswordHash.replace` method accepts the following optional keywords:

    :type salt: str
    :param salt:
        Optional salt string.
        If specified, the length must be between 0-1024 bytes.
        If not specified, one will be auto-generated (this is recommended).

    :type salt_size: int
    :param salt_size:
        Optional number of bytes to use when autogenerating new salts.

    :type rounds: int
    :param rounds:
        Optional number of rounds to use.
        This corresponds linearly to the amount of time hashing will take.

    :type time_cost: int
    :param time_cost:
        An alias for **rounds**, for compatibility with underlying argon2 library.

    :param int memory_cost:
        Defines the memory usage in kibibytes.
        This corresponds linearly to the amount of memory hashing will take.

    :param int parallelism:
        Defines the parallelization factor.
        *NOTE: this will affect the resulting hash value.*

    :param int digest_size:
        Length of the digest in bytes.

    :param int max_threads:
        Maximum number of threads that will be used.
        -1 means unlimited; otherwise hashing will use ``min(parallelism, max_threads)`` threads.

        .. note::

            This option is currently only honored by the argon2pure backend.

    :type relaxed: bool
    :param relaxed:
        By default, providing an invalid value for one of the other
        keywords will result in a :exc:`ValueError`. If ``relaxed=True``,
        and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning`
        will be issued instead. Correctable errors include ``rounds``
        that are too small or too large, and ``salt`` strings that are too long.

    .. todo::

        * Support configurable threading limits.
    RcR�(sargon2_cffis
argon2pureN(RRRtbackendsR[t_backend_mixin_targetRzR R�R�t_backend_mixin_map(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyR�s;(3Rt
__future__RRtloggingt	getLoggerRR�RvttypestwarningsRR R�R�tpasslibRtpasslib.crypto.digestRt
passlib.utilsRtpasslib.utils.binaryRRtpasslib.utils.compatRR	R
tpasslib.utils.handlerstutilsthandlersR&t__all__RR�tgetattrt_PasswordHasherR
R�R�RrtSubclassBackendMixintParallelismMixint	HasRoundst
HasRawSalttHasRawChecksumtGenericHandlerRRzR�R�(((s;/usr/lib/python2.7/site-packages/passlib/handlers/argon2.pyt<module>sB	

	
��*hQ