o 5 h @sdZddlmZmZddlZeeZddlZddl Z ddl m Z dZ da ddlmZddlmZddlmZmZmZddlmZmZdd lmZmZmZmZmZddlm m!Z"d gZ#ed Z$ed Z%ed Z&e&e$e%fZ'e(e'Z)dZ*zddl+Z Wn e,ydZ Ynwe-e dsdZ*dZ n e-e dsdZ*dZ e-e dre .Z/e j0j1Z2n GdddZ3e3Z/dZ2Gddde"j4e"j5e"j6e"j7e"j8e"j9Z:Gddde:Z;Gddde:Z= 18.2.0PasswordHasherc@s$eZdZdZdZdZdZdZdZdS)_DummyCffiHashera dummy object to use as source of defaults when argon2_cffi isn't present. this tries to mimic the attributes of ``argon2.PasswordHasher()`` which the rest of this module reads. .. note:: values last synced w/ argon2 19.2 as of 2019-11-09 iN) __name__ __module__ __qualname____doc__ time_cost memory_cost parallelismsalt_lenhash_lenr$r$k/var/www/html/construction_image-detection-poc/venv/lib/python3.10/site-packages/passlib/handlers/argon2.pyr]srcsjeZdZdZdZdZejZe j j dZ e j j dZ ej ZdZeZejZdZeZdZd ZeZd ZdZd Zd ZiZed dZ e!Z"ej#Z#eZ$ej%Z%e&ddZ'd Z(e) d.fdd Z*e)ddZ+e,-dZ.e)ddZ/e,-de,j0Z1e)ddZ2ddZ3d/fdd Z4e)dd Z5e)d!d"Z6e)d0d#d$Z7e)d%d&Z8fd'd(Z9d)Z:e)d*d+Z;e)d1d,d-Z<Z=S)2 _Argon2Commona& Base class which implements brunt of Argon2 code. This is then subclassed by the various backends, to override w/ backend-specific methods. When a backend is loaded, the bases of the 'argon2' class proper are modified to prepend the correct backend-specific subclass. r) salt salt_sizer"roundsrr r! digest_sizer#type)r,)r"rr#r+lineariNFcCs|t|jS)zj return tuple of types supported by this backend .. versionadded:: 1.7.2 ) get_backendtuple_backend_type_map)clsr$r$r% type_valuess z_Argon2Common.type_valuescCs |jtkS)zn flag indicating a Type D hash .. deprecated:: 1.7.2; will be removed in passlib 2.0 )r,TYPE_Dselfr$r$r%type_ds z_Argon2Common.type_dc  s`|durd| vr td|| d<|dur d| vrtd|| d<|dur.|dur,td|}|dur<|dur:td|}tt|jdi| } |durQ| || _| d} |durpt|tj rdt |}tj | |dt d | d | _ |durt|tj r~t |}| j|| d | _| | j| j|durt|tj rt |}|d kr|d krtd|f|| _| S)Nr*z/'time_cost' and 'rounds' are mutually exclusiver)z1'salt_len' and 'salt_size' are mutually exclusivez3'hash_len' and 'digest_size' are mutually exclusivez8'checksum_size' and 'digest_size' are mutually exclusiverelaxedrr+)minmaxparamr:)r:r.r0z7max_threads (%d) must be -1 (unlimited), or at least 1.r$) TypeErrorsuperr'using _norm_typer,get isinstanceuhnative_string_typesint norm_integerr checksum_size_norm_memory_costr _validate_constraintsr! ValueError max_threads) r4r,r r"rr+rHr#rLkwdssubclsr: __class__r$r%r@sP      z_Argon2Common.usingcCs*d|}||krtd|j|||fdS)Nr-zO%s: memory_cost (%d) is too low, must be at least 8 * parallelism (8 * %d = %d))rKname)r4r r!min_memory_costr$r$r%rJBsz#_Argon2Common._validate_constraintsz^\$argon2[a-z]+\$cCst|}|j|duSN)rDto_unicode_for_identify _ident_regexmatch)r4hashr$r$r%identifyTs z_Argon2Common.identifys ^ \$argon2(?P[a-z]+)\$ (?: v=(?P\d+) \$ )? m=(?P\d+) , t=(?P\d+) , p=(?P\d+) (?: ,keyid=(?P[^,$]+) )? (?: ,data=(?P[^,$]+) )? (?: \$ (?P[^$]+) (?: \$ (?P.+) )? )? $ c Cst|tr |d}t|tst|d|j|}|s"t|| ddddddd d d \ }}}}}}} } } |r>t d || d |rIt |ndt |t |t || rYt | nd| r`t | nd| rit | dSddS)Nutf-8rWr,versionr rr!keyiddatar(digestz&argon2 'keyid' parameter not supportedasciir)r,rZr r*r!r(r\checksum)rCr encodebytesrExpectedStringError _hash_regexrVMalformedHashErrorgroupNotImplementedErrordecoderFr ) r4rWmr,rZr rr!r[r\r(r]r$r$r% from_strings2       z_Argon2Common.from_stringc Csv|j}|dkr d}nd|}|j}|rdtt|j}nd}dt|j||j|j|j|tt|j tt|j fS)Nrzv=%d$z,data=z"$argon2%s$%sm=%d,t=%d,p=%d%s$%s$%s) rZr\rr rr,r r*r!r(r_)r8rZvstrr\kdstrr$r$r% to_strings$  z_Argon2Common.to_stringc s|rtd|dus Jt}|d}|durt||_tt|jd i||dur9tj ||j |j dds8Jn| ||_ |durQtj ||j |j ddsPJn| ||_ |duritj ||j|jddshJn|||_|dur||jduszJdSt|tstj|dd||_dS) Nzoargon2 `type_d=True` keyword is deprecated, and will be removed in passlib 2.0; please use ``type="d"`` insteadr_r,)r=rZr rar\r$)rr6rBlenrHr?r'__init__rDvalidate_default_valuer,rArZ _norm_versionr rIr\rCrarExpectedTypeError)r8r,r9rZr r\rMr_rOr$r%ros4        z_Argon2Common.__init__cCsbt|tstrt|tr|d}ntj|dd|tvr |S| }|tvr*|St d|f)Nr^strr,zunknown argon2 hash type: %r) rCr rrargrDrrr ALL_TYPES_SETlowerrK)r4valuetempr$r$r%rAs  z_Argon2Common._norm_typecCsht|tjstj|dd|dkr|dkrtd|f|}||jkr2td|j|||jf|S)NintegerrZr&rzinvalid argon2 hash version: %dzk%s: hash version 0x%X not supported by %r backend (max version is 0x%X); try updating or switching backends) rCrD int_typesrrrrKr1 max_versionrQ)r4rZbackendr$r$r%rq s  z_Argon2Common._norm_versioncCstj|||jd|dS)Nr )r;r=r:)rDrGrR)r4r r:r$r$r%rIs z_Argon2Common._norm_memory_costcCs8z|j|WStyYnwd||f}t|)z> helper to resolve backend constant from type z=unsupported argon2 hash (type %r not supported by %s backend))r3KeyErrorr1rK)r4rvmsgr$r$r%_get_backend_type%s   z_Argon2Common._get_backend_typec szt|}|j|jkr dS|j}|dus||jkr|j}|j|kr"dS|j|jkr*dS|j|jkr2dStt|jdi|S)NTr$) r,min_desired_versionrzrZr rHr?r'_calc_needs_update)r8rMr4minverrOr$r%r7s    z _Argon2Common._calc_needs_updatez> -- recommend you install one (e.g. 'pip install argon2_cffi')cCsr|j}t|tr |dksJ|dkrtd|tjjtD] }||jvr*||_ dSqtd|tjj t |_ dS)z helper called by from backend mixin classes' _load_backend_mixin() -- invoked after backend imports have been loaded, and performs feature detection & testing common to all backends. rr&z6%r doesn't support argon2 v1.3, and should be upgradedz)%r lacks support for all known hash typesT) rzrCrFrrDrPasslibSecurityWarning ALL_TYPESr3r,PasslibRuntimeWarningTYPE_ID) mixin_clsrQdryrunrzr,r$r$r%_finalize_backend_mixinMs z%_Argon2Common._finalize_backend_mixincCs|}|dur|dur||}|dur*||j|j|dkr*|jdur*tdt|}|dvr:d|||f}nt|}t j ||d)z} internal helper invoked when backend has hash/verification error; used to adapt to passlib message. N argon2_cffiz8argon2_cffi backend doesn't support the 'data' parameter)zDecoding failedz%s reported: %s: hash=%r)reason) r1rirJr r!r\rfrsreprrrd)r4errrWr8r{textrr$r$r%_adapt_backend_errorgs z"_Argon2Common._adapt_backend_error)NNNNNNNN)NFNNN)F)NN)>rrrrrQ setting_kwds_default_settingsr#rHrDGenericHandler_always_parse_settings_unparsed_settingsr"default_salt_size min_salt_sizer max_salt_sizerdefault_rounds min_rounds max_rounds rounds_costmax_parallelism_default_versionrzrrRrLpure_use_threadsr3rr5rr,r!rZr propertyr9r\ classmethodr@rJrecompilerUrXXrcrirmrorArqrIr~r_no_backend_suggestionrr __classcell__r$r$rOr%r'ss   ;    2      r'csReZdZdZeddZeddZejddded d Z fd d Z Z S) _NoBackendz mixin used before any backend has been loaded. contains stubs that force loading of one of the available backends. cCs|||SrS)_stub_requires_backendrW)r4secretr$r$r%rWs z_NoBackend.hashcC||||SrS)rverify)r4rrWr$r$r%rs z_NoBackend.verifyz1.7z2.0) deprecatedremovedcCrrS)rgenhash)r4rconfigr$r$r%rs z_NoBackend.genhashcs|tt||SrS)rr?r_calc_checksumr8rrOr$r%rsz_NoBackend._calc_checksum) rrrrrrWrrDdeprecated_methodrrrr$r$rOr%rs    rc@sZeZdZdZeddZeddZeddeDZ edd Z ed d Z d d Z dS) _CffiBackendz argon2_cffi backend c Cs|tusJtdurtrttdStjj}tdtj |tj }i}t D]"}z t || ||<Wq&tyH|ttfvsFJd|Yq&w||_||_|_|||S)NFzOdetected 'argon2_cffi' backend, version %r, with support for 0x%x argon2 hashesunexpected missing type: %r)r _argon2_cffi_argon2_cffi_errorrPasslibSecurityErrorrARGON2_VERSIONlogdebug __version__rrgetattrupperAttributeErrorTYPE_Ir6r3rZrzr)rrQrrzTypeEnumtype_mapr,r$r$r%_load_backend_mixins(     z _CffiBackend._load_backend_mixinc Cstt|t|d}zttjj||j|j |j |j t| |j |dWStjjy9}z||d}~ww)NrY)r,r rr!r(r#r)rDvalidate_secretrrrr hash_secretr~r,r rr!_generate_saltrH exceptions HashingErrorr)r4rrr$r$r%rWs      z_CffiBackend.hashccs$|] }td|d|fVqdS)s $argon2%s$r^N)r r`).0r,r$r$r% sz_CffiBackend.c Cst|t|d}t|d}|j|dd|ddt}||}ztj |||}|dus4JWdStj j yBYdStj j yV}z|j||dd}~ww)NrYr^r.$TFrW)rDrr_byte_ident_maprBfindrr~rr verify_secretrVerifyMismatchErrorVerificationErrorr)r4rrWr, type_coderesultrr$r$r%rs   "  z_CffiBackend.verifyc Cst|t|d}||}zttjj||j |j |j |j t|j |j||jd}WntjjyB}z|j||dd}~ww|jdkrN|dd}|S)NrY)r,r rr!r(r#rrZrrz$v=16$$)rDrrrirrrrr~r,r r*r!r(rHrZrrrreplace)r4rrr8rrr$r$r%rs*        z_CffiBackend.genhashcCstd)Nz-shouldn't be called under argon2_cffi backend)AssertionErrorrr$r$r%r*sz_CffiBackend._calc_checksumN) rrrrrrrWdictrrrrrr$r$r$r%rs     rc@s$eZdZdZeddZddZdS) _PureBackendz argon2pure backend c Cs|tusJzddlaWn tyYdSwzddlm}Wnty.tdYdSwtd||s=tdt j i}t D]$}z t td| ||<WqAtye|ttfvscJd|YqAw||_||_|_|||S) NrF)ARGON2_DEFAULT_VERSIONz\detected 'argon2pure' backend, but package is too old (passlib requires argon2pure >= 1.2.3)zBdetected 'argon2pure' backend, with support for 0x%x argon2 hasheszUsing argon2pure backend, which is 100x+ slower than is required for adequate security. Installing argon2_cffi (via 'pip install argon2_cffi') is strongly recommendedARGON2r)r argon2pure _argon2pure ImportErrorrrwarningrrrrrrrrrr6r3rZrzr)rrQrrzrr,r$r$r%r<s:        z _PureBackend._load_backend_mixinc Cst|t|d}t||j|j|j|j|j| |j |j d}|j dkr*|j |d<|j r1d|d<|jr9|j|d<z tjd i|WStjyV}z|j||dd}~ww) NrY)passwordr(rr r! tag_lengthrrZrthreadsT use_threadsassociated_datar7r$)rDrrrr(r*r r!rHr~r,rZrLrr\rr Argon2Errorr)r8rrMrr$r$r%rns0     z_PureBackend._calc_checksumN)rrrrrrrr$r$r$r%r4s   1rc@s$eZdZdZdZdZeeedZ dS)ra This class implements the Argon2 password hash [#argon2-home]_, and follows the :ref:`password-hash-api`. Argon2 supports a variable-length salt, and variable time & memory cost, and a number of other configurable parameters. The :meth:`~passlib.ifc.PasswordHash.replace` method accepts the following optional keywords: :type type: str :param type: Specify the type of argon2 hash to generate. Can be one of "ID", "I", "D". This defaults to "ID" if supported by the backend, otherwise "I". :type salt: str :param salt: Optional salt string. If specified, the length must be between 0-1024 bytes. If not specified, one will be auto-generated (this is recommended). :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. :type rounds: int :param rounds: Optional number of rounds to use. This corresponds linearly to the amount of time hashing will take. :type time_cost: int :param time_cost: An alias for **rounds**, for compatibility with underlying argon2 library. :param int memory_cost: Defines the memory usage in kibibytes. This corresponds linearly to the amount of memory hashing will take. :param int parallelism: Defines the parallelization factor. *NOTE: this will affect the resulting hash value.* :param int digest_size: Length of the digest in bytes. :param int max_threads: Maximum number of threads that will be used. -1 means unlimited; otherwise hashing will use ``min(parallelism, max_threads)`` threads. .. note:: This option is currently only honored by the argon2pure backend. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionchanged:: 1.7.2 Added the "type" keyword, and support for type "D" and "ID" hashes. (Prior versions could verify type "D" hashes, but not generate them). .. todo:: * Support configurable threading limits. )rrT)NrrN) rrrrbackends_backend_mixin_targetrrr_backend_mixin_mapr$r$r$r%rsP )>r __future__rrlogging getLoggerrrrtypeswarningsrrrpasslibrpasslib.crypto.digestr passlib.utilsrrr passlib.utils.binaryr r passlib.utils.compatr r rrrpasslib.utils.handlersutilshandlersrD__all__rr6rrsetrtrrrhasattrrrrrrrSubclassBackendMixinParallelismMixin HasRounds HasRawSaltHasRawChecksumrr'rrrr$r$r$r%sj             *|Z