You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

297 lines
9.9 KiB

4 years ago
  1. #!/usr/bin/python
  2. # -*- coding: ascii -*-
  3. ###########################################################################
  4. # pbkdf2 - PKCS#5 v2.0 Password-Based Key Derivation
  5. #
  6. # Copyright (C) 2007-2011 Dwayne C. Litzenberger <dlitz@dlitz.net>
  7. #
  8. # Permission is hereby granted, free of charge, to any person obtaining
  9. # a copy of this software and associated documentation files (the
  10. # "Software"), to deal in the Software without restriction, including
  11. # without limitation the rights to use, copy, modify, merge, publish,
  12. # distribute, sublicense, and/or sell copies of the Software, and to
  13. # permit persons to whom the Software is furnished to do so, subject to
  14. # the following conditions:
  15. #
  16. # The above copyright notice and this permission notice shall be
  17. # included in all copies or substantial portions of the Software.
  18. #
  19. # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  20. # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  21. # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  22. # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  23. # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  24. # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  25. # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  26. #
  27. # Country of origin: Canada
  28. #
  29. ###########################################################################
  30. # Sample PBKDF2 usage:
  31. # from Crypto.Cipher import AES
  32. # from pbkdf2 import PBKDF2
  33. # import os
  34. #
  35. # salt = os.urandom(8) # 64-bit salt
  36. # key = PBKDF2("This passphrase is a secret.", salt).read(32) # 256-bit key
  37. # iv = os.urandom(16) # 128-bit IV
  38. # cipher = AES.new(key, AES.MODE_CBC, iv)
  39. # ...
  40. #
  41. # Sample crypt() usage:
  42. # from pbkdf2 import crypt
  43. # pwhash = crypt("secret")
  44. # alleged_pw = raw_input("Enter password: ")
  45. # if pwhash == crypt(alleged_pw, pwhash):
  46. # print "Password good"
  47. # else:
  48. # print "Invalid password"
  49. #
  50. ###########################################################################
  51. __version__ = "1.3"
  52. __all__ = ['PBKDF2', 'crypt']
  53. from struct import pack
  54. from random import randint
  55. import string
  56. import sys
  57. try:
  58. # Use PyCrypto (if available).
  59. from Crypto.Hash import HMAC, SHA as SHA1
  60. except ImportError:
  61. # PyCrypto not available. Use the Python standard library.
  62. import hmac as HMAC
  63. try:
  64. from hashlib import sha1 as SHA1
  65. except ImportError:
  66. # hashlib not available. Use the old sha module.
  67. import sha as SHA1
  68. #
  69. # Python 2.1 thru 3.2 compatibility
  70. #
  71. if sys.version_info[0] == 2:
  72. _0xffffffffL = long(1) << 32
  73. def isunicode(s):
  74. return isinstance(s, unicode)
  75. def isbytes(s):
  76. return isinstance(s, str)
  77. def isinteger(n):
  78. return isinstance(n, (int, long))
  79. def b(s):
  80. return s
  81. def binxor(a, b):
  82. return "".join([chr(ord(x) ^ ord(y)) for (x, y) in zip(a, b)])
  83. def b64encode(data, chars="+/"):
  84. tt = string.maketrans("+/", chars)
  85. return data.encode('base64').replace("\n", "").translate(tt)
  86. from binascii import b2a_hex
  87. else:
  88. _0xffffffffL = 0xffffffff
  89. def isunicode(s):
  90. return isinstance(s, str)
  91. def isbytes(s):
  92. return isinstance(s, bytes)
  93. def isinteger(n):
  94. return isinstance(n, int)
  95. def callable(obj):
  96. return hasattr(obj, '__call__')
  97. def b(s):
  98. return s.encode("latin-1")
  99. def binxor(a, b):
  100. return bytes([x ^ y for (x, y) in zip(a, b)])
  101. from base64 import b64encode as _b64encode
  102. def b64encode(data, chars="+/"):
  103. if isunicode(chars):
  104. return _b64encode(data, chars.encode('utf-8')).decode('utf-8')
  105. else:
  106. return _b64encode(data, chars)
  107. from binascii import b2a_hex as _b2a_hex
  108. def b2a_hex(s):
  109. return _b2a_hex(s).decode('us-ascii')
  110. xrange = range
  111. class PBKDF2(object):
  112. """PBKDF2.py : PKCS#5 v2.0 Password-Based Key Derivation
  113. This implementation takes a passphrase and a salt (and optionally an
  114. iteration count, a digest module, and a MAC module) and provides a
  115. file-like object from which an arbitrarily-sized key can be read.
  116. If the passphrase and/or salt are unicode objects, they are encoded as
  117. UTF-8 before they are processed.
  118. The idea behind PBKDF2 is to derive a cryptographic key from a
  119. passphrase and a salt.
  120. PBKDF2 may also be used as a strong salted password hash. The
  121. 'crypt' function is provided for that purpose.
  122. Remember: Keys generated using PBKDF2 are only as strong as the
  123. passphrases they are derived from.
  124. """
  125. def __init__(self, passphrase, salt, iterations=1000,
  126. digestmodule=SHA1, macmodule=HMAC):
  127. self.__macmodule = macmodule
  128. self.__digestmodule = digestmodule
  129. self._setup(passphrase, salt, iterations, self._pseudorandom)
  130. def _pseudorandom(self, key, msg):
  131. """Pseudorandom function. e.g. HMAC-SHA1"""
  132. return self.__macmodule.new(key=key, msg=msg,
  133. digestmod=self.__digestmodule).digest()
  134. def read(self, bytes):
  135. """Read the specified number of key bytes."""
  136. if self.closed:
  137. raise ValueError("file-like object is closed")
  138. size = len(self.__buf)
  139. blocks = [self.__buf]
  140. i = self.__blockNum
  141. while size < bytes:
  142. i += 1
  143. if i > _0xffffffffL or i < 1:
  144. # We could return "" here, but
  145. raise OverflowError("derived key too long")
  146. block = self.__f(i)
  147. blocks.append(block)
  148. size += len(block)
  149. buf = b("").join(blocks)
  150. retval = buf[:bytes]
  151. self.__buf = buf[bytes:]
  152. self.__blockNum = i
  153. return retval
  154. def __f(self, i):
  155. # i must fit within 32 bits
  156. assert 1 <= i <= _0xffffffffL
  157. U = self.__prf(self.__passphrase, self.__salt + pack("!L", i))
  158. result = U
  159. for j in xrange(2, 1+self.__iterations):
  160. U = self.__prf(self.__passphrase, U)
  161. result = binxor(result, U)
  162. return result
  163. def hexread(self, octets):
  164. """Read the specified number of octets. Return them as hexadecimal.
  165. Note that len(obj.hexread(n)) == 2*n.
  166. """
  167. return b2a_hex(self.read(octets))
  168. def _setup(self, passphrase, salt, iterations, prf):
  169. # Sanity checks:
  170. # passphrase and salt must be str or unicode (in the latter
  171. # case, we convert to UTF-8)
  172. if isunicode(passphrase):
  173. passphrase = passphrase.encode("UTF-8")
  174. elif not isbytes(passphrase):
  175. raise TypeError("passphrase must be str or unicode")
  176. if isunicode(salt):
  177. salt = salt.encode("UTF-8")
  178. elif not isbytes(salt):
  179. raise TypeError("salt must be str or unicode")
  180. # iterations must be an integer >= 1
  181. if not isinteger(iterations):
  182. raise TypeError("iterations must be an integer")
  183. if iterations < 1:
  184. raise ValueError("iterations must be at least 1")
  185. # prf must be callable
  186. if not callable(prf):
  187. raise TypeError("prf must be callable")
  188. self.__passphrase = passphrase
  189. self.__salt = salt
  190. self.__iterations = iterations
  191. self.__prf = prf
  192. self.__blockNum = 0
  193. self.__buf = b("")
  194. self.closed = False
  195. def close(self):
  196. """Close the stream."""
  197. if not self.closed:
  198. del self.__passphrase
  199. del self.__salt
  200. del self.__iterations
  201. del self.__prf
  202. del self.__blockNum
  203. del self.__buf
  204. self.closed = True
  205. def crypt(word, salt=None, iterations=None):
  206. """PBKDF2-based unix crypt(3) replacement.
  207. The number of iterations specified in the salt overrides the 'iterations'
  208. parameter.
  209. The effective hash length is 192 bits.
  210. """
  211. # Generate a (pseudo-)random salt if the user hasn't provided one.
  212. if salt is None:
  213. salt = _makesalt()
  214. # salt must be a string or the us-ascii subset of unicode
  215. if isunicode(salt):
  216. salt = salt.encode('us-ascii').decode('us-ascii')
  217. elif isbytes(salt):
  218. salt = salt.decode('us-ascii')
  219. else:
  220. raise TypeError("salt must be a string")
  221. # word must be a string or unicode (in the latter case, we convert to UTF-8)
  222. if isunicode(word):
  223. word = word.encode("UTF-8")
  224. elif not isbytes(word):
  225. raise TypeError("word must be a string or unicode")
  226. # Try to extract the real salt and iteration count from the salt
  227. if salt.startswith("$p5k2$"):
  228. (iterations, salt, dummy) = salt.split("$")[2:5]
  229. if iterations == "":
  230. iterations = 400
  231. else:
  232. converted = int(iterations, 16)
  233. if iterations != "%x" % converted: # lowercase hex, minimum digits
  234. raise ValueError("Invalid salt")
  235. iterations = converted
  236. if not (iterations >= 1):
  237. raise ValueError("Invalid salt")
  238. # Make sure the salt matches the allowed character set
  239. allowed = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./"
  240. for ch in salt:
  241. if ch not in allowed:
  242. raise ValueError("Illegal character %r in salt" % (ch,))
  243. if iterations is None or iterations == 400:
  244. iterations = 400
  245. salt = "$p5k2$$" + salt
  246. else:
  247. salt = "$p5k2$%x$%s" % (iterations, salt)
  248. rawhash = PBKDF2(word, salt, iterations).read(24)
  249. return salt + "$" + b64encode(rawhash, "./")
  250. # Add crypt as a static method of the PBKDF2 class
  251. # This makes it easier to do "from PBKDF2 import PBKDF2" and still use
  252. # crypt.
  253. PBKDF2.crypt = staticmethod(crypt)
  254. def _makesalt():
  255. """Return a 48-bit pseudorandom salt for crypt().
  256. This function is not suitable for generating cryptographic secrets.
  257. """
  258. binarysalt = b("").join([pack("@H", randint(0, 0xffff)) for i in range(3)])
  259. return b64encode(binarysalt, "./")
  260. # vim:set ts=4 sw=4 sts=4 expandtab: