o _6d @sdZddlmZmZddlZeeZddlZddl Z ddl m Z dZ da ddlmZddlmZddlmZmZmZddlmZmZdd lmZmZmZmZmZddlm m!Z"d gZ#ed Z$ed Z%ed Z&e&e$e%fZ'e(e'Z)dZ*zddl+Z Wn e,ydZ Ynwe-e dsdZ*dZ n e-e dsdZ*dZ e-e dre .Z/e j0j1Z2n GdddZ3e3Z/dZ2Gddde"j4e"j5e"j6e"j7e"j8e"j9Z:Gddde:Z;Gddde:Z= 18.2.0PasswordHasherc@s$eZdZdZdZdZdZdZdZdS)_DummyCffiHashera dummy object to use as source of defaults when argon2_cffi isn't present. this tries to mimic the attributes of ``argon2.PasswordHasher()`` which the rest of this module reads. .. note:: values last synced w/ argon2 19.2 as of 2019-11-09 iN) __name__ __module__ __qualname____doc__ time_cost memory_cost parallelismsalt_lenhash_lenr$r$nC:\Users\jesus\OneDrive\Desktop\erpjis_fastapi\backend\jisbackend\Lib\site-packages\passlib/handlers/argon2.pyr]srcsjeZdZdZdZdZejZe j j dZ e j j dZ ej ZdZeZejZdZeZdZd ZeZd ZdZd Zd ZiZed dZ e!Z"ej#Z#eZ$ej%Z%e&ddZ'd Z(e) d.fdd Z*e)ddZ+e,-dZ.e)ddZ/e,-de,j0Z1e)ddZ2ddZ3d/fdd Z4e)dd Z5e)d!d"Z6e)d0d#d$Z7e)d%d&Z8fd'd(Z9d)Z:e)d*d+Z;e)d1d,d-Z<Z=S)2 _Argon2Commona& Base class which implements brunt of Argon2 code. This is then subclassed by the various backends, to override w/ backend-specific methods. When a backend is loaded, the bases of the 'argon2' class proper are modified to prepend the correct backend-specific subclass. r) salt salt_sizer"roundsrr r! digest_sizer#type)r,)r"rr#r+ZlineariNFcCs|t|jS)zj return tuple of types supported by this backend .. versionadded:: 1.7.2 ) get_backendtuple_backend_type_map)clsr$r$r% type_valuess z_Argon2Common.type_valuescCs |jtkS)zn flag indicating a Type D hash .. deprecated:: 1.7.2; will be removed in passlib 2.0 )r,TYPE_Dselfr$r$r%type_ds z_Argon2Common.type_dc  s`|durd| vr td|| d<|dur d| vrtd|| d<|dur.|dur,td|}|dur<|dur:td|}tt|jdi| } |durQ| || _| d} |durpt|tj rdt |}tj | |dt d | d | _ |durt|tj r~t |}| j|| d | _| | j| j|durt|tj rt |}|d kr|d krtd|f|| _| S)Nr*z/'time_cost' and 'rounds' are mutually exclusiver)z1'salt_len' and 'salt_size' are mutually exclusivez3'hash_len' and 'digest_size' are mutually exclusivez8'checksum_size' and 'digest_size' are mutually exclusiverelaxedrr+)minmaxparamr9)r9r.r/z7max_threads (%d) must be -1 (unlimited), or at least 1.r$) TypeErrorsuperr'using _norm_typer,get isinstanceuhZnative_string_typesint norm_integerr checksum_size_norm_memory_costr _validate_constraintsr! ValueError max_threads) r3r,r r"rr+rFr#rJkwdssubclsr9 __class__r$r%r?sP      z_Argon2Common.usingcCs*d|}||krtd|j|||fdS)Nr-zO%s: memory_cost (%d) is too low, must be at least 8 * parallelism (8 * %d = %d))rIname)r3r r!min_memory_costr$r$r%rHBsz#_Argon2Common._validate_constraintsz^\$argon2[a-z]+\$cCst|}|j|duSN)rCZto_unicode_for_identify _ident_regexmatch)r3hashr$r$r%identifyTs z_Argon2Common.identifys ^ \$argon2(?P[a-z]+)\$ (?: v=(?P\d+) \$ )? m=(?P\d+) , t=(?P\d+) , p=(?P\d+) (?: ,keyid=(?P[^,$]+) )? (?: ,data=(?P[^,$]+) )? (?: \$ (?P[^$]+) (?: \$ (?P.+) )? )? $ c Cst|tr |d}t|tst|d|j|}|s"t|| ddddddd d d \ }}}}}}} } } |r>t d || d |rIt |ndt |t |t || rYt | nd| r`t | nd| rit | dSddS)Nutf-8rTr,versionr rr!keyiddatar(digestz&argon2 'keyid' parameter not supportedasciir)r,rWr r*r!r(rYchecksum)rBr encodebytesrZExpectedStringError _hash_regexrSMalformedHashErrorgroupNotImplementedErrordecoderDr ) r3rTmr,rWr rr!rXrYr(rZr$r$r% from_strings2       z_Argon2Common.from_stringc Csv|j}|dkr d}nd|}|j}|rdtt|j}nd}dt|j||j|j|j|tt|j tt|j fS)Nrzv=%d$z,data=z"$argon2%s$%sm=%d,t=%d,p=%d%s$%s$%s) rWrYrr rr,r r*r!r(r\)r7rWZvstrrYZkdstrr$r$r% to_strings$  z_Argon2Common.to_stringc s|rtd|dus Jt}|d}|durt||_tt|jd i||dur9tj ||j |j dds8Jn| ||_ |durQtj ||j |j ddsPJn| ||_ |duritj ||j|jddshJn|||_|dur||jduszJdSt|tstj|dd||_dS) Nzoargon2 `type_d=True` keyword is deprecated, and will be removed in passlib 2.0; please use ``type="d"`` insteadr\r,)r<rWr r^rYr$)rr5rAlenrFr>r'__init__rCZvalidate_default_valuer,r@rW _norm_versionr rGrYrBr^rExpectedTypeError)r7r,r8rWr rYrKr\rMr$r%ris4        z_Argon2Common.__init__cCsbt|tstrt|tr|d}ntj|dd|tvr |S| }|tvr*|St d|f)Nr[strr,zunknown argon2 hash type: %r) rBr rr^rcrCrrk ALL_TYPES_SETlowerrI)r3valuetempr$r$r%r@s  z_Argon2Common._norm_typecCsht|tjstj|dd|dkr|dkrtd|f|}||jkr2td|j|||jf|S)NintegerrWr&rzinvalid argon2 hash version: %dzk%s: hash version 0x%X not supported by %r backend (max version is 0x%X); try updating or switching backends) rBrC int_typesrrkrIr0 max_versionrO)r3rWbackendr$r$r%rj s  z_Argon2Common._norm_versioncCstj|||jd|dS)Nr )r:r<r9)rCrErP)r3r r9r$r$r%rGs z_Argon2Common._norm_memory_costcCs8z|j|WStyYnwd||f}t|)z> helper to resolve backend constant from type z=unsupported argon2 hash (type %r not supported by %s backend))r2KeyErrorr0rI)r3romsgr$r$r%_get_backend_type%s   z_Argon2Common._get_backend_typec szt|}|j|jkr dS|j}|dus||jkr|j}|j|kr"dS|j|jkr*dS|j|jkr2dStt|jdi|S)NTr$) r,min_desired_versionrsrWr rFr>r'_calc_needs_update)r7rKr3ZminverrMr$r%ry7s    z _Argon2Common._calc_needs_updatez> -- recommend you install one (e.g. 'pip install argon2_cffi')cCsr|j}t|tr |dksJ|dkrtd|tjjtD] }||jvr*||_ dSqtd|tjj t |_ dS)z helper called by from backend mixin classes' _load_backend_mixin() -- invoked after backend imports have been loaded, and performs feature detection & testing common to all backends. rr&z6%r doesn't support argon2 v1.3, and should be upgradedz)%r lacks support for all known hash typesT) rsrBrDrrCrPasslibSecurityWarning ALL_TYPESr2r,ZPasslibRuntimeWarningTYPE_ID) mixin_clsrOdryrunrsr,r$r$r%_finalize_backend_mixinMs z%_Argon2Common._finalize_backend_mixincCs|}|dur|dur||}|dur*||j|j|dkr*|jdur*tdt|}|dvr:d|||f}nt|}t j ||d)z} internal helper invoked when backend has hash/verification error; used to adapt to passlib message. N argon2_cffiz8argon2_cffi backend doesn't support the 'data' parameter)zDecoding failedz%s reported: %s: hash=%r)reason) r0rerHr r!rYrbrlreprrr`)r3errrTr7rttextrr$r$r%_adapt_backend_errorgs z"_Argon2Common._adapt_backend_error)NNNNNNNN)NFNNN)F)NN)>rrrrrOZ setting_kwds_default_settingsr#rFrCGenericHandlerZ_always_parse_settingsZ_unparsed_settingsr"Zdefault_salt_sizeZ min_salt_sizerZ max_salt_sizerdefault_roundsZ min_rounds max_roundsZ rounds_costZmax_parallelism_default_versionrsrxrPrJpure_use_threadsr2rr4r|r,r!rWr propertyr8rY classmethodr?rHrecompilerRrUXr_rergrir@rjrGrwryZ_no_backend_suggestionrr __classcell__r$r$rMr%r'ss   ;    2      r'csReZdZdZeddZeddZejddded d Z fd d Z Z S) _NoBackendz mixin used before any backend has been loaded. contains stubs that force loading of one of the available backends. cCs|||SrQ)_stub_requires_backendrT)r3secretr$r$r%rTs z_NoBackend.hashcC||||SrQ)rverify)r3rrTr$r$r%rs z_NoBackend.verifyz1.7z2.0) deprecatedremovedcCrrQ)rgenhash)r3rconfigr$r$r%rs z_NoBackend.genhashcs|tt||SrQ)rr>r_calc_checksumr7rrMr$r%rsz_NoBackend._calc_checksum) rrrrrrTrrCZdeprecated_methodrrrr$r$rMr%rs    rc@sZeZdZdZeddZeddZeddeDZ edd Z ed d Z d d Z dS) _CffiBackendz argon2_cffi backend c Cs|tusJtdurtrttdStjj}tdtj |tj }i}t D]"}z t || ||<Wq&tyH|ttfvsFJd|Yq&w||_||_|_|||S)NFzOdetected 'argon2_cffi' backend, version %r, with support for 0x%x argon2 hashesunexpected missing type: %r)r _argon2_cffi_argon2_cffi_errorrZPasslibSecurityErrorrARGON2_VERSIONlogdebug __version__rr{getattrupperAttributeErrorTYPE_Ir5r2rWrsr)r}rOr~rsZTypeEnumtype_mapr,r$r$r%_load_backend_mixins(     z _CffiBackend._load_backend_mixinc Cstt|t|d}zttjj||j|j |j |j t| |j |dWStjjy9}z||d}~ww)NrV)r,r rr!r(r#r)rCvalidate_secretrrrr hash_secretrwr,r rr!Z_generate_saltrF exceptions HashingErrorr)r3rrr$r$r%rTs      z_CffiBackend.hashccs$|] }td|d|fVqdS)s $argon2%s$r[N)r r]).0r,r$r$r% sz_CffiBackend.c Cst|t|d}t|d}|j|dd|ddt}||}ztj |||}|dus4JWdStj j yBYdStj j yV}z|j||dd}~ww)NrVr[r.$TFrT)rCrr_byte_ident_maprAfindrrwrrZ verify_secretrZVerifyMismatchErrorZVerificationErrorr)r3rrTr, type_coderesultrr$r$r%rs   "  z_CffiBackend.verifyc Cst|t|d}||}zttjj||j |j |j |j t|j |j||jd}WntjjyB}z|j||dd}~ww|jdkrN|dd}|S)NrV)r,r rr!r(r#rrWrrz$v=16$$)rCrrrerrrrrwr,r r*r!r(rFrWrrrreplace)r3rrr7rrr$r$r%rs*        z_CffiBackend.genhashcCstd)Nz-shouldn't be called under argon2_cffi backend)AssertionErrorrr$r$r%r*sz_CffiBackend._calc_checksumN) rrrrrrrTdictr{rrrrr$r$r$r%rs     rc@s$eZdZdZeddZddZdS) _PureBackendz argon2pure backend c Cs|tusJzddlaWn tyYdSwzddlm}Wnty.tdYdSwtd||s=tdt j i}t D]$}z t td| ||<WqAtye|ttfvscJd|YqAw||_||_|_|||S) NrF)ARGON2_DEFAULT_VERSIONz\detected 'argon2pure' backend, but package is too old (passlib requires argon2pure >= 1.2.3)zBdetected 'argon2pure' backend, with support for 0x%x argon2 hasheszUsing argon2pure backend, which is 100x+ slower than is required for adequate security. Installing argon2_cffi (via 'pip install argon2_cffi') is strongly recommendedZARGON2r)r argon2pure _argon2pure ImportErrorrrwarningrrrrzr{rrrrr5r2rWrsr)r}rOr~rsrr,r$r$r%r<s:        z _PureBackend._load_backend_mixinc Cst|t|d}t||j|j|j|j|j| |j |j d}|j dkr*|j |d<|j r1d|d<|jr9|j|d<z tjd i|WStjyV}z|j||dd}~ww) NrV)passwordr(rr r!Z tag_lengthrrWrthreadsTZ use_threadsZassociated_datar6r$)rCrrrr(r*r r!rFrwr,rWrJrrYrrZ Argon2Errorr)r7rrKrr$r$r%rns0     z_PureBackend._calc_checksumN)rrrrrrrr$r$r$r%r4s   1rc@s$eZdZdZdZdZeeedZ dS)ra This class implements the Argon2 password hash [#argon2-home]_, and follows the :ref:`password-hash-api`. Argon2 supports a variable-length salt, and variable time & memory cost, and a number of other configurable parameters. The :meth:`~passlib.ifc.PasswordHash.replace` method accepts the following optional keywords: :type type: str :param type: Specify the type of argon2 hash to generate. Can be one of "ID", "I", "D". This defaults to "ID" if supported by the backend, otherwise "I". :type salt: str :param salt: Optional salt string. If specified, the length must be between 0-1024 bytes. If not specified, one will be auto-generated (this is recommended). :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. :type rounds: int :param rounds: Optional number of rounds to use. This corresponds linearly to the amount of time hashing will take. :type time_cost: int :param time_cost: An alias for **rounds**, for compatibility with underlying argon2 library. :param int memory_cost: Defines the memory usage in kibibytes. This corresponds linearly to the amount of memory hashing will take. :param int parallelism: Defines the parallelization factor. *NOTE: this will affect the resulting hash value.* :param int digest_size: Length of the digest in bytes. :param int max_threads: Maximum number of threads that will be used. -1 means unlimited; otherwise hashing will use ``min(parallelism, max_threads)`` threads. .. note:: This option is currently only honored by the argon2pure backend. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionchanged:: 1.7.2 Added the "type" keyword, and support for type "D" and "ID" hashes. (Prior versions could verify type "D" hashes, but not generate them). .. todo:: * Support configurable threading limits. )rrT)NrrN) rrrrbackendsZ_backend_mixin_targetrrrZ_backend_mixin_mapr$r$r$r%rsP )>r __future__rrlogging getLoggerrrrtypeswarningsrrrZpasslibrZpasslib.crypto.digestrZ passlib.utilsrrr Zpasslib.utils.binaryr r Zpasslib.utils.compatr r rrrZpasslib.utils.handlersutilshandlersrC__all__rr5r|r{setrmrrrhasattrrrrrrrZSubclassBackendMixinZParallelismMixinZ HasRoundsZ HasRawSaltZHasRawChecksumrr'rrrr$r$r$r%sj             *|Z