blob: 49ab96e1400bebe8dbdd62ce15d6911809a247a1 [file] [log] [blame]
Brett Cannondaa57992011-02-22 21:48:06 +00001"""Wrapper to the POSIX crypt library call and associated functionality."""
Sean Reifscheidere2dfefb2011-02-22 10:55:44 +00002
3import _crypt
Christian Heimesafa29732012-06-27 15:36:46 +02004import string as _string
5from random import SystemRandom as _SystemRandom
6from collections import namedtuple as _namedtuple
Sean Reifscheidere2dfefb2011-02-22 10:55:44 +00007
8
Christian Heimesafa29732012-06-27 15:36:46 +02009_saltchars = _string.ascii_letters + _string.digits + './'
10_sr = _SystemRandom()
Brett Cannondaa57992011-02-22 21:48:06 +000011
12
Christian Heimesafa29732012-06-27 15:36:46 +020013class _Method(_namedtuple('_Method', 'name ident salt_chars total_size')):
Brett Cannondaa57992011-02-22 21:48:06 +000014
15 """Class representing a salt method per the Modular Crypt Format or the
16 legacy 2-character crypt method."""
Sean Reifscheidere2dfefb2011-02-22 10:55:44 +000017
18 def __repr__(self):
Brett Cannondaa57992011-02-22 21:48:06 +000019 return '<crypt.METHOD_{}>'.format(self.name)
20
21
Brett Cannondaa57992011-02-22 21:48:06 +000022def mksalt(method=None):
23 """Generate a salt for the specified method.
24
25 If not specified, the strongest available method will be used.
26
27 """
28 if method is None:
29 method = methods[0]
30 s = '${}$'.format(method.ident) if method.ident else ''
Victor Stinner7f7b9412013-08-14 01:39:14 +020031 s += ''.join(_sr.choice(_saltchars) for char in range(method.salt_chars))
Brett Cannondaa57992011-02-22 21:48:06 +000032 return s
33
34
35def crypt(word, salt=None):
36 """Return a string representing the one-way hash of a password, with a salt
37 prepended.
38
39 If ``salt`` is not specified or is ``None``, the strongest
40 available method will be selected and a salt generated. Otherwise,
41 ``salt`` may be one of the ``crypt.METHOD_*`` values, or a string as
42 returned by ``crypt.mksalt()``.
43
44 """
45 if salt is None or isinstance(salt, _Method):
46 salt = mksalt(salt)
47 return _crypt.crypt(word, salt)
Sean Reifscheidere2dfefb2011-02-22 10:55:44 +000048
49
50# available salting/crypto methods
Brett Cannondaa57992011-02-22 21:48:06 +000051METHOD_CRYPT = _Method('CRYPT', None, 2, 13)
52METHOD_MD5 = _Method('MD5', '1', 8, 34)
53METHOD_SHA256 = _Method('SHA256', '5', 16, 63)
54METHOD_SHA512 = _Method('SHA512', '6', 16, 106)
Sean Reifscheidere2dfefb2011-02-22 10:55:44 +000055
Brett Cannoncfbcdbb2011-02-22 21:55:51 +000056methods = []
57for _method in (METHOD_SHA512, METHOD_SHA256, METHOD_MD5):
58 _result = crypt('', _method)
59 if _result and len(_result) == _method.total_size:
60 methods.append(_method)
61methods.append(METHOD_CRYPT)
62del _result, _method