"""Wrapper to the POSIX crypt library call and associated functionality."""

[0] Fix | Delete

[1] Fix | Delete

import sys as _sys

[2] Fix | Delete

[3] Fix | Delete

try:

[4] Fix | Delete

import _crypt

[5] Fix | Delete

except ModuleNotFoundError:

[6] Fix | Delete

if _sys.platform == 'win32':

[7] Fix | Delete

raise ImportError("The crypt module is not supported on Windows")

[8] Fix | Delete

else:

[9] Fix | Delete

raise ImportError("The required _crypt module was not built as part of CPython")

[10] Fix | Delete

[11] Fix | Delete

import string as _string

[12] Fix | Delete

from random import SystemRandom as _SystemRandom

[13] Fix | Delete

from collections import namedtuple as _namedtuple

[14] Fix | Delete

[15] Fix | Delete

[16] Fix | Delete

_saltchars = _string.ascii_letters + _string.digits + './'

[17] Fix | Delete

_sr = _SystemRandom()

[18] Fix | Delete

[19] Fix | Delete

[20] Fix | Delete

class _Method(_namedtuple('_Method', 'name ident salt_chars total_size')):

[21] Fix | Delete

[22] Fix | Delete

"""Class representing a salt method per the Modular Crypt Format or the

[23] Fix | Delete

legacy 2-character crypt method."""

[24] Fix | Delete

[25] Fix | Delete

def __repr__(self):

[26] Fix | Delete

return '<crypt.METHOD_{}>'.format(self.name)

[27] Fix | Delete

[28] Fix | Delete

[29] Fix | Delete

def mksalt(method=None, *, rounds=None):

[30] Fix | Delete

"""Generate a salt for the specified method.

[31] Fix | Delete

[32] Fix | Delete

If not specified, the strongest available method will be used.

[33] Fix | Delete

[34] Fix | Delete

"""

[35] Fix | Delete

if method is None:

[36] Fix | Delete

method = methods[0]

[37] Fix | Delete

if rounds is not None and not isinstance(rounds, int):

[38] Fix | Delete

raise TypeError(f'{rounds.__class__.__name__} object cannot be '

[39] Fix | Delete

f'interpreted as an integer')

[40] Fix | Delete

if not method.ident: # traditional

[41] Fix | Delete

s = ''

[42] Fix | Delete

else: # modular

[43] Fix | Delete

s = f'${method.ident}$'

[44] Fix | Delete

[45] Fix | Delete

if method.ident and method.ident[0] == '2': # Blowfish variants

[46] Fix | Delete

if rounds is None:

[47] Fix | Delete

log_rounds = 12

[48] Fix | Delete

else:

[49] Fix | Delete

log_rounds = int.bit_length(rounds-1)

[50] Fix | Delete

if rounds != 1 << log_rounds:

[51] Fix | Delete

raise ValueError('rounds must be a power of 2')

[52] Fix | Delete

if not 4 <= log_rounds <= 31:

[53] Fix | Delete

raise ValueError('rounds out of the range 2**4 to 2**31')

[54] Fix | Delete

s += f'{log_rounds:02d}$'

[55] Fix | Delete

elif method.ident in ('5', '6'): # SHA-2

[56] Fix | Delete

if rounds is not None:

[57] Fix | Delete

if not 1000 <= rounds <= 999_999_999:

[58] Fix | Delete

raise ValueError('rounds out of the range 1000 to 999_999_999')

[59] Fix | Delete

s += f'rounds={rounds}$'

[60] Fix | Delete

elif rounds is not None:

[61] Fix | Delete

raise ValueError(f"{method} doesn't support the rounds argument")

[62] Fix | Delete

[63] Fix | Delete

s += ''.join(_sr.choice(_saltchars) for char in range(method.salt_chars))

[64] Fix | Delete

return s

[65] Fix | Delete

[66] Fix | Delete

[67] Fix | Delete

def crypt(word, salt=None):

[68] Fix | Delete

"""Return a string representing the one-way hash of a password, with a salt

[69] Fix | Delete

prepended.

[70] Fix | Delete

[71] Fix | Delete

If ``salt`` is not specified or is ``None``, the strongest

[72] Fix | Delete

available method will be selected and a salt generated. Otherwise,

[73] Fix | Delete

``salt`` may be one of the ``crypt.METHOD_*`` values, or a string as

[74] Fix | Delete

returned by ``crypt.mksalt()``.

[75] Fix | Delete

[76] Fix | Delete

"""

[77] Fix | Delete

if salt is None or isinstance(salt, _Method):

[78] Fix | Delete

salt = mksalt(salt)

[79] Fix | Delete

return _crypt.crypt(word, salt)

[80] Fix | Delete

[81] Fix | Delete

[82] Fix | Delete

# available salting/crypto methods

[83] Fix | Delete

methods = []

[84] Fix | Delete

[85] Fix | Delete

def _add_method(name, *args, rounds=None):

[86] Fix | Delete

method = _Method(name, *args)

[87] Fix | Delete

globals()['METHOD_' + name] = method

[88] Fix | Delete

salt = mksalt(method, rounds=rounds)

[89] Fix | Delete

result = crypt('', salt)

[90] Fix | Delete

if result and len(result) == method.total_size:

[91] Fix | Delete

methods.append(method)

[92] Fix | Delete

return True

[93] Fix | Delete

return False

[94] Fix | Delete

[95] Fix | Delete

_add_method('SHA512', '6', 16, 106)

[96] Fix | Delete

_add_method('SHA256', '5', 16, 63)

[97] Fix | Delete

[98] Fix | Delete

# Choose the strongest supported version of Blowfish hashing.

[99] Fix | Delete

# Early versions have flaws. Version 'a' fixes flaws of

[100] Fix | Delete

# the initial implementation, 'b' fixes flaws of 'a'.

[101] Fix | Delete

# 'y' is the same as 'b', for compatibility

[102] Fix | Delete

# with openwall crypt_blowfish.

[103] Fix | Delete

for _v in 'b', 'y', 'a', '':

[104] Fix | Delete

if _add_method('BLOWFISH', '2' + _v, 22, 59 + len(_v), rounds=1<<4):

[105] Fix | Delete

break

[106] Fix | Delete

[107] Fix | Delete

_add_method('MD5', '1', 8, 34)

[108] Fix | Delete

_add_method('CRYPT', None, 2, 13)

[109] Fix | Delete

[110] Fix | Delete

del _v, _add_method

[111] Fix | Delete

[112] Fix | Delete