adb2cc4c5e1b6353076c497fea8ab2e3d49da518
1 #
2 # Copyright (c) 2001 Bizar Software Pty Ltd (http://www.bizarsoftware.com.au/)
3 # This module is free software, and you may redistribute it and/or modify
4 # under the same terms as Python, so long as this copyright message and
5 # disclaimer are retained in their original form.
6 #
7 # IN NO EVENT SHALL BIZAR SOFTWARE PTY LTD BE LIABLE TO ANY PARTY FOR
8 # DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING
9 # OUT OF THE USE OF THIS CODE, EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE
10 # POSSIBILITY OF SUCH DAMAGE.
11 #
12 # BIZAR SOFTWARE PTY LTD SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
13 # BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
14 # FOR A PARTICULAR PURPOSE. THE CODE PROVIDED HEREUNDER IS ON AN "AS IS"
15 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
16 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
17 #
18 # $Id: password.py,v 1.15 2005-12-25 15:38:40 a1s Exp $
20 """Password handling (encoding, decoding).
21 """
22 __docformat__ = 'restructuredtext'
24 import re, string, random
25 from base64 import b64encode, b64decode
26 from roundup.anypy.hashlib_ import md5, sha1
27 try:
28 import crypt
29 except ImportError:
30 crypt = None
32 _bempty = ""
33 _bjoin = _bempty.join
35 def getrandbytes(count):
36 return _bjoin(chr(random.randint(0,255)) for i in xrange(count))
38 #NOTE: PBKDF2 hash is using this variant of base64 to minimize encoding size,
39 # and have charset that's compatible w/ unix crypt variants
40 def h64encode(data):
41 """encode using variant of base64"""
42 return b64encode(data, "./").strip("=\n")
44 def h64decode(data):
45 """decode using variant of base64"""
46 off = len(data) % 4
47 if off == 0:
48 return b64decode(data, "./")
49 elif off == 1:
50 raise ValueError("invalid bas64 input")
51 elif off == 2:
52 return b64decode(data + "==", "./")
53 else:
54 return b64decode(data + "=", "./")
56 try:
57 from M2Crypto.EVP import pbkdf2 as _pbkdf2
58 except ImportError:
59 #no m2crypto - make our own pbkdf2 function
60 from struct import pack
61 from hmac import HMAC
62 try:
63 from hashlib import sha1
64 except ImportError:
65 from sha import new as sha1
67 def xor_bytes(left, right):
68 "perform bitwise-xor of two byte-strings"
69 return _bjoin(chr(ord(l) ^ ord(r)) for l, r in zip(left, right))
71 def _pbkdf2(password, salt, rounds, keylen):
72 digest_size = 20 # sha1 generates 20-byte blocks
73 total_blocks = int((keylen+digest_size-1)/digest_size)
74 hmac_template = HMAC(password, None, sha1)
75 out = _bempty
76 for i in xrange(1, total_blocks+1):
77 hmac = hmac_template.copy()
78 hmac.update(salt + pack(">L",i))
79 block = tmp = hmac.digest()
80 for j in xrange(rounds-1):
81 hmac = hmac_template.copy()
82 hmac.update(tmp)
83 tmp = hmac.digest()
84 #TODO: need to speed up this call
85 block = xor_bytes(block, tmp)
86 out += block
87 return out[:keylen]
89 def pbkdf2(password, salt, rounds, keylen):
90 """pkcs#5 password-based key derivation v2.0
92 :arg password: passphrase to use to generate key (if unicode, converted to utf-8)
93 :arg salt: salt string to use when generating key (if unicode, converted to utf-8)
94 :param rounds: number of rounds to use to generate key
95 :arg keylen: number of bytes to generate
97 If M2Crypto is present, uses it's implementation as backend.
99 :returns:
100 raw bytes of generated key
101 """
102 if isinstance(password, unicode):
103 password = password.encode("utf-8")
104 if isinstance(salt, unicode):
105 salt = salt.encode("utf-8")
106 if keylen > 40:
107 #NOTE: pbkdf2 allows up to (2**31-1)*20 bytes,
108 # but m2crypto has issues on some platforms above 40,
109 # and such sizes aren't needed for a password hash anyways...
110 raise ValueError, "key length too large"
111 if rounds < 1:
112 raise ValueError, "rounds must be positive number"
113 return _pbkdf2(password, salt, rounds, keylen)
115 class PasswordValueError(ValueError):
116 """ The password value is not valid """
117 pass
119 def pbkdf2_unpack(pbkdf2):
120 """ unpack pbkdf2 encrypted password into parts,
121 assume it has format "{rounds}${salt}${digest}
122 """
123 if isinstance(pbkdf2, unicode):
124 pbkdf2 = pbkdf2.encode("ascii")
125 try:
126 rounds, salt, digest = pbkdf2.split("$")
127 except ValueError:
128 raise PasswordValueError, "invalid PBKDF2 hash (wrong number of separators)"
129 if rounds.startswith("0"):
130 raise PasswordValueError, "invalid PBKDF2 hash (zero-padded rounds)"
131 try:
132 rounds = int(rounds)
133 except ValueError:
134 raise PasswordValueError, "invalid PBKDF2 hash (invalid rounds)"
135 raw_salt = h64decode(salt)
136 return rounds, salt, raw_salt, digest
138 def encodePassword(plaintext, scheme, other=None):
139 """Encrypt the plaintext password.
140 """
141 if plaintext is None:
142 plaintext = ""
143 if scheme == "PBKDF2":
144 if other:
145 rounds, salt, raw_salt, digest = pbkdf2_unpack(other)
146 else:
147 raw_salt = getrandbytes(20)
148 salt = h64encode(raw_salt)
149 #FIXME: find way to access config, so default rounds
150 # can be altered for faster/slower hosts via config.ini
151 rounds = 10000
152 if rounds < 1000:
153 raise PasswordValueError, "invalid PBKDF2 hash (rounds too low)"
154 raw_digest = pbkdf2(plaintext, raw_salt, rounds, 20)
155 return "%d$%s$%s" % (rounds, salt, h64encode(raw_digest))
156 elif scheme == 'SHA':
157 s = sha1(plaintext).hexdigest()
158 elif scheme == 'MD5':
159 s = md5(plaintext).hexdigest()
160 elif scheme == 'crypt' and crypt is not None:
161 if other is not None:
162 salt = other
163 else:
164 saltchars = './0123456789'+string.letters
165 salt = random.choice(saltchars) + random.choice(saltchars)
166 s = crypt.crypt(plaintext, salt)
167 elif scheme == 'plaintext':
168 s = plaintext
169 else:
170 raise PasswordValueError, 'unknown encryption scheme %r'%scheme
171 return s
173 def generatePassword(length=8):
174 chars = string.letters+string.digits
175 return ''.join([random.choice(chars) for x in range(length)])
177 class JournalPassword:
178 """ Password dummy instance intended for journal operation.
179 We do not store passwords in the journal any longer. The dummy
180 version only reads the encryption scheme from the given
181 encrypted password.
182 """
183 default_scheme = 'PBKDF2' # new encryptions use this scheme
184 pwre = re.compile(r'{(\w+)}(.+)')
186 def __init__ (self, encrypted=''):
187 if isinstance(encrypted, self.__class__):
188 self.scheme = encrypted.scheme or self.default_scheme
189 else:
190 m = self.pwre.match(encrypted)
191 if m:
192 self.scheme = m.group(1)
193 else:
194 self.scheme = self.default_scheme
195 self.password = ''
197 def dummystr(self):
198 """ return dummy string to store in journal
199 - reports scheme, but nothing else
200 """
201 return "{%s}*encrypted*" % (self.scheme,)
203 __str__ = dummystr
205 def __cmp__(self, other):
206 """Compare this password against another password."""
207 # check to see if we're comparing instances
208 if isinstance(other, self.__class__):
209 if self.scheme != other.scheme:
210 return cmp(self.scheme, other.scheme)
211 return cmp(self.password, other.password)
213 # assume password is plaintext
214 if self.password is None:
215 raise ValueError, 'Password not set'
216 return cmp(self.password, encodePassword(other, self.scheme,
217 self.password or None))
219 class Password(JournalPassword):
220 """The class encapsulates a Password property type value in the database.
222 The encoding of the password is one if None, 'SHA', 'MD5' or 'plaintext'.
223 The encodePassword function is used to actually encode the password from
224 plaintext. The None encoding is used in legacy databases where no
225 encoding scheme is identified.
227 The scheme is stored with the encoded data in the database:
228 {scheme}data
230 Example usage:
231 >>> p = Password('sekrit')
232 >>> p == 'sekrit'
233 1
234 >>> p != 'not sekrit'
235 1
236 >>> 'sekrit' == p
237 1
238 >>> 'not sekrit' != p
239 1
240 """
241 #TODO: code to migrate from old password schemes.
243 deprecated_schemes = ["SHA", "MD5", "crypt", "plaintext"]
244 known_schemes = ["PBKDF2"] + deprecated_schemes
246 def __init__(self, plaintext=None, scheme=None, encrypted=None, strict=False):
247 """Call setPassword if plaintext is not None."""
248 if scheme is None:
249 scheme = self.default_scheme
250 if plaintext is not None:
251 self.setPassword (plaintext, scheme)
252 elif encrypted is not None:
253 self.unpack(encrypted, scheme, strict=strict)
254 else:
255 self.scheme = self.default_scheme
256 self.password = None
257 self.plaintext = None
259 def needs_migration(self):
260 """ Password has insecure scheme or other insecure parameters
261 and needs migration to new password scheme
262 """
263 if self.scheme in self.deprecated_schemes:
264 return True
265 rounds, salt, raw_salt, digest = pbkdf2_unpack(self.password)
266 if rounds < 1000:
267 return True
268 return False
270 def unpack(self, encrypted, scheme=None, strict=False):
271 """Set the password info from the scheme:<encryted info> string
272 (the inverse of __str__)
273 """
274 m = self.pwre.match(encrypted)
275 if m:
276 self.scheme = m.group(1)
277 self.password = m.group(2)
278 self.plaintext = None
279 else:
280 # currently plaintext - encrypt
281 self.setPassword(encrypted, scheme)
282 if strict and self.scheme not in self.known_schemes:
283 raise PasswordValueError, "unknown encryption scheme: %r" % (self.scheme,)
285 def setPassword(self, plaintext, scheme=None):
286 """Sets encrypts plaintext."""
287 if scheme is None:
288 scheme = self.default_scheme
289 self.scheme = scheme
290 self.password = encodePassword(plaintext, scheme)
291 self.plaintext = plaintext
293 def __str__(self):
294 """Stringify the encrypted password for database storage."""
295 if self.password is None:
296 raise ValueError, 'Password not set'
297 return '{%s}%s'%(self.scheme, self.password)
299 def test():
300 # SHA
301 p = Password('sekrit')
302 assert p == 'sekrit'
303 assert p != 'not sekrit'
304 assert 'sekrit' == p
305 assert 'not sekrit' != p
307 # MD5
308 p = Password('sekrit', 'MD5')
309 assert p == 'sekrit'
310 assert p != 'not sekrit'
311 assert 'sekrit' == p
312 assert 'not sekrit' != p
314 # crypt
315 p = Password('sekrit', 'crypt')
316 assert p == 'sekrit'
317 assert p != 'not sekrit'
318 assert 'sekrit' == p
319 assert 'not sekrit' != p
321 # PBKDF2 - low level function
322 from binascii import unhexlify
323 k = pbkdf2("password", "ATHENA.MIT.EDUraeburn", 1200, 32)
324 assert k == unhexlify("5c08eb61fdf71e4e4ec3cf6ba1f5512ba7e52ddbc5e5142f708a31e2e62b1e13")
326 # PBKDF2 - hash function
327 h = "5000$7BvbBq.EZzz/O0HuwX3iP.nAG3s$g3oPnFFaga2BJaX5PoPRljl4XIE"
328 assert encodePassword("sekrit", "PBKDF2", h) == h
330 # PBKDF2 - high level integration
331 p = Password('sekrit', 'PBKDF2')
332 assert p == 'sekrit'
333 assert p != 'not sekrit'
334 assert 'sekrit' == p
335 assert 'not sekrit' != p
337 if __name__ == '__main__':
338 test()
340 # vim: set filetype=python sts=4 sw=4 et si :