2011-02-22 17:48:06 -04:00
|
|
|
"""Wrapper to the POSIX crypt library call and associated functionality."""
|
2011-02-22 06:55:44 -04:00
|
|
|
|
|
|
|
import _crypt
|
2012-06-27 10:36:46 -03:00
|
|
|
import string as _string
|
|
|
|
from random import SystemRandom as _SystemRandom
|
|
|
|
from collections import namedtuple as _namedtuple
|
2011-02-22 06:55:44 -04:00
|
|
|
|
|
|
|
|
2012-06-27 10:36:46 -03:00
|
|
|
_saltchars = _string.ascii_letters + _string.digits + './'
|
|
|
|
_sr = _SystemRandom()
|
2011-02-22 06:55:44 -04:00
|
|
|
|
|
|
|
|
2012-06-27 10:36:46 -03:00
|
|
|
class _Method(_namedtuple('_Method', 'name ident salt_chars total_size')):
|
2011-02-22 06:55:44 -04:00
|
|
|
|
2011-02-22 17:48:06 -04:00
|
|
|
"""Class representing a salt method per the Modular Crypt Format or the
|
|
|
|
legacy 2-character crypt method."""
|
2011-02-22 06:55:44 -04:00
|
|
|
|
2011-02-22 17:48:06 -04:00
|
|
|
def __repr__(self):
|
|
|
|
return '<crypt.METHOD_{}>'.format(self.name)
|
2011-02-22 06:55:44 -04:00
|
|
|
|
|
|
|
|
2017-10-24 13:36:17 -03:00
|
|
|
def mksalt(method=None, *, log_rounds=12):
|
2011-02-22 17:48:06 -04:00
|
|
|
"""Generate a salt for the specified method.
|
2011-02-22 06:55:44 -04:00
|
|
|
|
2011-02-22 17:48:06 -04:00
|
|
|
If not specified, the strongest available method will be used.
|
2011-02-22 06:55:44 -04:00
|
|
|
|
2011-02-22 17:48:06 -04:00
|
|
|
"""
|
|
|
|
if method is None:
|
|
|
|
method = methods[0]
|
2017-10-24 13:36:17 -03:00
|
|
|
if not method.ident:
|
|
|
|
s = ''
|
|
|
|
elif method.ident[0] == '2':
|
|
|
|
s = f'${method.ident}${log_rounds:02d}$'
|
|
|
|
else:
|
|
|
|
s = f'${method.ident}$'
|
2013-08-13 20:39:14 -03:00
|
|
|
s += ''.join(_sr.choice(_saltchars) for char in range(method.salt_chars))
|
2011-02-22 17:48:06 -04:00
|
|
|
return s
|
2011-02-22 06:55:44 -04:00
|
|
|
|
|
|
|
|
2011-02-22 17:48:06 -04:00
|
|
|
def crypt(word, salt=None):
|
|
|
|
"""Return a string representing the one-way hash of a password, with a salt
|
|
|
|
prepended.
|
|
|
|
|
|
|
|
If ``salt`` is not specified or is ``None``, the strongest
|
2011-02-22 06:55:44 -04:00
|
|
|
available method will be selected and a salt generated. Otherwise,
|
|
|
|
``salt`` may be one of the ``crypt.METHOD_*`` values, or a string as
|
2011-02-22 17:48:06 -04:00
|
|
|
returned by ``crypt.mksalt()``.
|
|
|
|
|
|
|
|
"""
|
|
|
|
if salt is None or isinstance(salt, _Method):
|
|
|
|
salt = mksalt(salt)
|
|
|
|
return _crypt.crypt(word, salt)
|
|
|
|
|
|
|
|
|
|
|
|
# available salting/crypto methods
|
2011-02-22 17:55:51 -04:00
|
|
|
methods = []
|
2017-10-24 13:36:17 -03:00
|
|
|
|
|
|
|
def _add_method(name, *args):
|
|
|
|
method = _Method(name, *args)
|
|
|
|
globals()['METHOD_' + name] = method
|
|
|
|
salt = mksalt(method, log_rounds=4)
|
|
|
|
result = crypt('', salt)
|
|
|
|
if result and len(result) == method.total_size:
|
|
|
|
methods.append(method)
|
|
|
|
return True
|
|
|
|
return False
|
|
|
|
|
|
|
|
_add_method('SHA512', '6', 16, 106)
|
|
|
|
_add_method('SHA256', '5', 16, 63)
|
|
|
|
|
|
|
|
# Choose the strongest supported version of Blowfish hashing.
|
|
|
|
# Early versions have flaws. Version 'a' fixes flaws of
|
|
|
|
# the initial implementation, 'b' fixes flaws of 'a'.
|
|
|
|
# 'y' is the same as 'b', for compatibility
|
|
|
|
# with openwall crypt_blowfish.
|
|
|
|
for _v in 'b', 'y', 'a', '':
|
|
|
|
if _add_method('BLOWFISH', '2' + _v, 22, 59 + len(_v)):
|
|
|
|
break
|
|
|
|
|
|
|
|
_add_method('MD5', '1', 8, 34)
|
|
|
|
_add_method('CRYPT', None, 2, 13)
|
|
|
|
|
|
|
|
del _v, _add_method
|