Brett Cannon | daa5799 | 2011-02-22 21:48:06 +0000 | [diff] [blame] | 1 | """Wrapper to the POSIX crypt library call and associated functionality.""" |
Sean Reifscheider | e2dfefb | 2011-02-22 10:55:44 +0000 | [diff] [blame] | 2 | |
| 3 | import _crypt |
Christian Heimes | afa2973 | 2012-06-27 15:36:46 +0200 | [diff] [blame] | 4 | import string as _string |
| 5 | from random import SystemRandom as _SystemRandom |
| 6 | from collections import namedtuple as _namedtuple |
Sean Reifscheider | e2dfefb | 2011-02-22 10:55:44 +0000 | [diff] [blame] | 7 | |
| 8 | |
Christian Heimes | afa2973 | 2012-06-27 15:36:46 +0200 | [diff] [blame] | 9 | _saltchars = _string.ascii_letters + _string.digits + './' |
| 10 | _sr = _SystemRandom() |
Brett Cannon | daa5799 | 2011-02-22 21:48:06 +0000 | [diff] [blame] | 11 | |
| 12 | |
Christian Heimes | afa2973 | 2012-06-27 15:36:46 +0200 | [diff] [blame] | 13 | class _Method(_namedtuple('_Method', 'name ident salt_chars total_size')): |
Brett Cannon | daa5799 | 2011-02-22 21:48:06 +0000 | [diff] [blame] | 14 | |
| 15 | """Class representing a salt method per the Modular Crypt Format or the |
| 16 | legacy 2-character crypt method.""" |
Sean Reifscheider | e2dfefb | 2011-02-22 10:55:44 +0000 | [diff] [blame] | 17 | |
| 18 | def __repr__(self): |
Brett Cannon | daa5799 | 2011-02-22 21:48:06 +0000 | [diff] [blame] | 19 | return '<crypt.METHOD_{}>'.format(self.name) |
| 20 | |
| 21 | |
Brett Cannon | daa5799 | 2011-02-22 21:48:06 +0000 | [diff] [blame] | 22 | def mksalt(method=None): |
| 23 | """Generate a salt for the specified method. |
| 24 | |
| 25 | If not specified, the strongest available method will be used. |
| 26 | |
| 27 | """ |
| 28 | if method is None: |
| 29 | method = methods[0] |
| 30 | s = '${}$'.format(method.ident) if method.ident else '' |
Victor Stinner | 7f7b941 | 2013-08-14 01:39:14 +0200 | [diff] [blame] | 31 | s += ''.join(_sr.choice(_saltchars) for char in range(method.salt_chars)) |
Brett Cannon | daa5799 | 2011-02-22 21:48:06 +0000 | [diff] [blame] | 32 | return s |
| 33 | |
| 34 | |
| 35 | def crypt(word, salt=None): |
| 36 | """Return a string representing the one-way hash of a password, with a salt |
| 37 | prepended. |
| 38 | |
| 39 | If ``salt`` is not specified or is ``None``, the strongest |
| 40 | available method will be selected and a salt generated. Otherwise, |
| 41 | ``salt`` may be one of the ``crypt.METHOD_*`` values, or a string as |
| 42 | returned by ``crypt.mksalt()``. |
| 43 | |
| 44 | """ |
| 45 | if salt is None or isinstance(salt, _Method): |
| 46 | salt = mksalt(salt) |
| 47 | return _crypt.crypt(word, salt) |
Sean Reifscheider | e2dfefb | 2011-02-22 10:55:44 +0000 | [diff] [blame] | 48 | |
| 49 | |
| 50 | # available salting/crypto methods |
Brett Cannon | daa5799 | 2011-02-22 21:48:06 +0000 | [diff] [blame] | 51 | METHOD_CRYPT = _Method('CRYPT', None, 2, 13) |
| 52 | METHOD_MD5 = _Method('MD5', '1', 8, 34) |
| 53 | METHOD_SHA256 = _Method('SHA256', '5', 16, 63) |
| 54 | METHOD_SHA512 = _Method('SHA512', '6', 16, 106) |
Sean Reifscheider | e2dfefb | 2011-02-22 10:55:44 +0000 | [diff] [blame] | 55 | |
Brett Cannon | cfbcdbb | 2011-02-22 21:55:51 +0000 | [diff] [blame] | 56 | methods = [] |
| 57 | for _method in (METHOD_SHA512, METHOD_SHA256, METHOD_MD5): |
| 58 | _result = crypt('', _method) |
| 59 | if _result and len(_result) == _method.total_size: |
| 60 | methods.append(_method) |
| 61 | methods.append(METHOD_CRYPT) |
| 62 | del _result, _method |