From 0b2c774b2d55688101e3b231552a29bd15b2cb1b Mon Sep 17 00:00:00 2001 From: PlayerG9 <68517540+PlayerG9@users.noreply.github.com> Date: Fri, 11 Oct 2024 21:26:56 +0200 Subject: [PATCH 1/9] added module for unix compatibility --- src/passwordlib/unix/__init__.py | 6 ++++++ src/passwordlib/unix/encrypt.py | 14 ++++++++++++++ src/passwordlib/unix/loading.py | 17 +++++++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 src/passwordlib/unix/__init__.py create mode 100644 src/passwordlib/unix/encrypt.py create mode 100644 src/passwordlib/unix/loading.py diff --git a/src/passwordlib/unix/__init__.py b/src/passwordlib/unix/__init__.py new file mode 100644 index 0000000..7f1cda6 --- /dev/null +++ b/src/passwordlib/unix/__init__.py @@ -0,0 +1,6 @@ +# -*- coding=utf-8 -*- +r""" +Compatibility for the widely used unix formats +""" +from . import encrypt +from . import loading diff --git a/src/passwordlib/unix/encrypt.py b/src/passwordlib/unix/encrypt.py new file mode 100644 index 0000000..5a0318d --- /dev/null +++ b/src/passwordlib/unix/encrypt.py @@ -0,0 +1,14 @@ +# -*- coding=utf-8 -*- +r""" + +""" + + +__all__ = ['encrypt_sha1'] + + +def encrypt_sha1(password: str): + from hashlib import sha1 + from base64 import b64encode + hashed = sha1(password.encode()).digest() + return "{SHA1}" + b64encode(hashed).decode() diff --git a/src/passwordlib/unix/loading.py b/src/passwordlib/unix/loading.py new file mode 100644 index 0000000..e6f34cf --- /dev/null +++ b/src/passwordlib/unix/loading.py @@ -0,0 +1,17 @@ +# -*- coding=utf-8 -*- +r""" + +""" +from ..core import LoadedTuple + + +__all__ = ['load_sha1'] + + +def load_sha1(dump: str) -> LoadedTuple: + from base64 import b64decode + if not dump.startswith("{SHA}"): + raise ValueError("Invalid dump format") + b64encoded = dump[6:] + hashed = b64decode(b64encoded) + return LoadedTuple(algorithm="sha1", iterations=-1, salt=b'', hashed=hashed) From a507811782eb918fa8d012311afeee3efc24c3b0 Mon Sep 17 00:00:00 2001 From: PlayerG9 <68517540+PlayerG9@users.noreply.github.com> Date: Sun, 13 Oct 2024 11:33:19 +0200 Subject: [PATCH 2/9] added library exception classes --- src/passwordlib/exceptions.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 src/passwordlib/exceptions.py diff --git a/src/passwordlib/exceptions.py b/src/passwordlib/exceptions.py new file mode 100644 index 0000000..855b8ae --- /dev/null +++ b/src/passwordlib/exceptions.py @@ -0,0 +1,19 @@ +# -*- coding=utf-8 -*- +r""" + +""" + + +__all__ = ['PasswordlibError', 'PWLibSyntaxError', 'PWLibBadPrefixError'] + + +class PasswordlibError(Exception): + pass + + +class PWLibSyntaxError(PasswordlibError): + pass + + +class PWLibBadPrefixError(PasswordlibError): + pass From 65251eddad2e96efbc16ea379bd41571062e7d23 Mon Sep 17 00:00:00 2001 From: PlayerG9 <68517540+PlayerG9@users.noreply.github.com> Date: Sun, 13 Oct 2024 11:33:37 +0200 Subject: [PATCH 3/9] added bcrypt --- src/passwordlib/unix/encrypt.py | 16 ++++++++++++++-- src/passwordlib/unix/loading.py | 17 +++++++++++++++-- 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/src/passwordlib/unix/encrypt.py b/src/passwordlib/unix/encrypt.py index 5a0318d..98728fc 100644 --- a/src/passwordlib/unix/encrypt.py +++ b/src/passwordlib/unix/encrypt.py @@ -2,13 +2,25 @@ r""" """ +import typing as t +from ..core import functions as fn __all__ = ['encrypt_sha1'] -def encrypt_sha1(password: str): +BCRYPT_PREFIX: t.TypeAlias = t.Union[t.Literal[b"2a"], t.Literal[b"2b"]] + + +def encrypt_bcrypt(password: t.AnyStr, rounds: int = 12, prefix: BCRYPT_PREFIX = "2b") -> str: + import bcrypt + password = fn.get_password_bytes(password) + return bcrypt.hashpw(password, bcrypt.gensalt(rounds=rounds, prefix=prefix)).decode() + + +def encrypt_sha1(password: t.AnyStr) -> str: from hashlib import sha1 from base64 import b64encode - hashed = sha1(password.encode()).digest() + password = fn.get_password_bytes(password) + hashed = sha1(password).digest() return "{SHA1}" + b64encode(hashed).decode() diff --git a/src/passwordlib/unix/loading.py b/src/passwordlib/unix/loading.py index e6f34cf..35ebb55 100644 --- a/src/passwordlib/unix/loading.py +++ b/src/passwordlib/unix/loading.py @@ -3,15 +3,28 @@ """ from ..core import LoadedTuple +from ..exceptions import * __all__ = ['load_sha1'] +def load_bcrypt(dump: str) -> LoadedTuple: + if dump[0] != "$": raise PWLibSyntaxError() + prefix, sep, rest = dump[1:].partition("$") + if sep is None: raise PWLibSyntaxError() + if prefix not in {"2", "2a", "2b", "2x", "2y"}: raise PWLibBadPrefixError("unknown prefix") + rounds, sep, rest = rest.partition("$") + if sep is None: raise PWLibSyntaxError() + iterations = int(rounds) + salt = rest[:22].encode() # note: salt is in a base-64 encoded format + hashed = rest[22:].encode() + return LoadedTuple(algorithm="bcrypt", iterations=iterations, salt=salt, hashed=hashed) + + def load_sha1(dump: str) -> LoadedTuple: from base64 import b64decode - if not dump.startswith("{SHA}"): - raise ValueError("Invalid dump format") + if not dump.startswith("{SHA}"): raise PWLibBadPrefixError("Invalid dump format") b64encoded = dump[6:] hashed = b64decode(b64encoded) return LoadedTuple(algorithm="sha1", iterations=-1, salt=b'', hashed=hashed) From b2e0d77df6ef2082463e0552ece66df5ac37718e Mon Sep 17 00:00:00 2001 From: PlayerG9 <68517540+PlayerG9@users.noreply.github.com> Date: Sun, 13 Oct 2024 11:36:01 +0200 Subject: [PATCH 4/9] added bcrypt to __all__ --- src/passwordlib/unix/encrypt.py | 2 +- src/passwordlib/unix/loading.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/passwordlib/unix/encrypt.py b/src/passwordlib/unix/encrypt.py index 98728fc..7944b0d 100644 --- a/src/passwordlib/unix/encrypt.py +++ b/src/passwordlib/unix/encrypt.py @@ -6,7 +6,7 @@ from ..core import functions as fn -__all__ = ['encrypt_sha1'] +__all__ = ['encrypt_bcrypt', 'encrypt_sha1'] BCRYPT_PREFIX: t.TypeAlias = t.Union[t.Literal[b"2a"], t.Literal[b"2b"]] diff --git a/src/passwordlib/unix/loading.py b/src/passwordlib/unix/loading.py index 35ebb55..5ba3bb8 100644 --- a/src/passwordlib/unix/loading.py +++ b/src/passwordlib/unix/loading.py @@ -6,7 +6,7 @@ from ..exceptions import * -__all__ = ['load_sha1'] +__all__ = ['load_bcrypt', 'load_sha1'] def load_bcrypt(dump: str) -> LoadedTuple: From 2682502b3aded8fe616b4d059107f7643144af83 Mon Sep 17 00:00:00 2001 From: PlayerG9 <68517540+PlayerG9@users.noreply.github.com> Date: Sun, 13 Oct 2024 11:41:00 +0200 Subject: [PATCH 5/9] code reformat for load_bcrypt --- src/passwordlib/unix/loading.py | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/passwordlib/unix/loading.py b/src/passwordlib/unix/loading.py index 5ba3bb8..9a2bcb8 100644 --- a/src/passwordlib/unix/loading.py +++ b/src/passwordlib/unix/loading.py @@ -10,15 +10,17 @@ def load_bcrypt(dump: str) -> LoadedTuple: - if dump[0] != "$": raise PWLibSyntaxError() - prefix, sep, rest = dump[1:].partition("$") - if sep is None: raise PWLibSyntaxError() + parts = dump.split("$") + if len(parts) == 4: raise PWLibSyntaxError("bad format") + + void, prefix, rounds, salt_and_hash = parts + if void: raise PWLibSyntaxError("dump does not start with '$'") if prefix not in {"2", "2a", "2b", "2x", "2y"}: raise PWLibBadPrefixError("unknown prefix") - rounds, sep, rest = rest.partition("$") - if sep is None: raise PWLibSyntaxError() + if not rounds.isdigit(): raise PWLibSyntaxError("rounds are not an integer") + iterations = int(rounds) - salt = rest[:22].encode() # note: salt is in a base-64 encoded format - hashed = rest[22:].encode() + salt = salt_and_hash[:22].encode() # note: salt is in a base-64 encoded format + hashed = salt_and_hash[22:].encode() return LoadedTuple(algorithm="bcrypt", iterations=iterations, salt=salt, hashed=hashed) From cafea263c3e603744b7ff9d1cc47407d3ecd7c0f Mon Sep 17 00:00:00 2001 From: PlayerG9 <68517540+PlayerG9@users.noreply.github.com> Date: Sun, 13 Oct 2024 11:41:51 +0200 Subject: [PATCH 6/9] fixed typo in comparison operator --- src/passwordlib/unix/loading.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/passwordlib/unix/loading.py b/src/passwordlib/unix/loading.py index 9a2bcb8..7b4979b 100644 --- a/src/passwordlib/unix/loading.py +++ b/src/passwordlib/unix/loading.py @@ -11,7 +11,7 @@ def load_bcrypt(dump: str) -> LoadedTuple: parts = dump.split("$") - if len(parts) == 4: raise PWLibSyntaxError("bad format") + if len(parts) != 4: raise PWLibSyntaxError("bad format") void, prefix, rounds, salt_and_hash = parts if void: raise PWLibSyntaxError("dump does not start with '$'") From e199abab10e7fd54759b16f77f47e30b153f26ad Mon Sep 17 00:00:00 2001 From: PlayerG9 <68517540+PlayerG9@users.noreply.github.com> Date: Sun, 13 Oct 2024 17:16:11 +0200 Subject: [PATCH 7/9] new unix.utils --- src/passwordlib/unix/utils.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 src/passwordlib/unix/utils.py diff --git a/src/passwordlib/unix/utils.py b/src/passwordlib/unix/utils.py new file mode 100644 index 0000000..a8c4af3 --- /dev/null +++ b/src/passwordlib/unix/utils.py @@ -0,0 +1,18 @@ +# -*- coding=utf-8 -*- +r""" + +""" +import os +import typing as t + + +__all__ = ['gen_salt_str'] + + +def gen_salt_str(length: int, *, characters: t.Sequence[str]) -> str: + r""" + :param length: length of the resulting salt + :param characters: characters to use in the salt + :return: generated salt + """ + return ''.join(characters[int(r / 256 * len(characters))] for r in os.urandom(length)) From 437569dbf0ec03b2a4b46a5de8e7002d2359c425 Mon Sep 17 00:00:00 2001 From: PlayerG9 <68517540+PlayerG9@users.noreply.github.com> Date: Sun, 13 Oct 2024 17:16:21 +0200 Subject: [PATCH 8/9] code reformat --- src/passwordlib/unix/encrypt.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/passwordlib/unix/encrypt.py b/src/passwordlib/unix/encrypt.py index 7944b0d..4fb1476 100644 --- a/src/passwordlib/unix/encrypt.py +++ b/src/passwordlib/unix/encrypt.py @@ -12,10 +12,11 @@ BCRYPT_PREFIX: t.TypeAlias = t.Union[t.Literal[b"2a"], t.Literal[b"2b"]] -def encrypt_bcrypt(password: t.AnyStr, rounds: int = 12, prefix: BCRYPT_PREFIX = "2b") -> str: +def encrypt_bcrypt(password: t.AnyStr, salt: str = None, rounds: int = 12, prefix: BCRYPT_PREFIX = "2b") -> str: import bcrypt password = fn.get_password_bytes(password) - return bcrypt.hashpw(password, bcrypt.gensalt(rounds=rounds, prefix=prefix)).decode() + salt = salt or bcrypt.gensalt(rounds=rounds, prefix=prefix) + return bcrypt.hashpw(password, salt=salt).decode() def encrypt_sha1(password: t.AnyStr) -> str: From 8633bc6189083008bd5b27eaf8782c76bf752c1d Mon Sep 17 00:00:00 2001 From: PlayerG9 <68517540+PlayerG9@users.noreply.github.com> Date: Sun, 13 Oct 2024 17:16:43 +0200 Subject: [PATCH 9/9] implemented unix-loading for sha256 --- src/passwordlib/unix/loading.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/passwordlib/unix/loading.py b/src/passwordlib/unix/loading.py index 7b4979b..9a742d3 100644 --- a/src/passwordlib/unix/loading.py +++ b/src/passwordlib/unix/loading.py @@ -24,6 +24,27 @@ def load_bcrypt(dump: str) -> LoadedTuple: return LoadedTuple(algorithm="bcrypt", iterations=iterations, salt=salt, hashed=hashed) +def load_sha256(dump: str) -> LoadedTuple: + parts = dump.split("$") + n_parts = len(parts) + if n_parts != 4 and n_parts != 5: raise PWLibSyntaxError("bad format") + + if n_parts == 4: + void, prefix, salt, checksum = parts + rounds = "rounds=5000" + else: + void, prefix, rounds, salt, checksum = parts + if void: raise PWLibSyntaxError("dump does not start with '$'") + if prefix != "5": raise PWLibSyntaxError("unknown prefix") + if not rounds.startswith("rounds=") or not rounds[7:].isdigit(): raise PWLibSyntaxError("bad rounds") + + iterations = int(rounds[7:]) + salt = salt.encode() + hashed = checksum.encode() + + return LoadedTuple(algorithm="sha256", iterations=iterations, salt=salt, hashed=hashed) + + def load_sha1(dump: str) -> LoadedTuple: from base64 import b64decode if not dump.startswith("{SHA}"): raise PWLibBadPrefixError("Invalid dump format")