Brett Cannon | daa5799 | 2011-02-22 21:48:06 +0000 | [diff] [blame] | 1 | """Wrapper to the POSIX crypt library call and associated functionality.""" |
Sean Reifscheider | e2dfefb | 2011-02-22 10:55:44 +0000 | [diff] [blame] | 2 | |
| 3 | import _crypt |
Brett Cannon | daa5799 | 2011-02-22 21:48:06 +0000 | [diff] [blame] | 4 | import string |
| 5 | from random import choice |
| 6 | from collections import namedtuple |
Sean Reifscheider | e2dfefb | 2011-02-22 10:55:44 +0000 | [diff] [blame] | 7 | |
| 8 | |
Brett Cannon | daa5799 | 2011-02-22 21:48:06 +0000 | [diff] [blame] | 9 | _saltchars = string.ascii_letters + string.digits + './' |
| 10 | |
| 11 | |
| 12 | class _Method(namedtuple('_Method', 'name ident salt_chars total_size')): |
| 13 | |
| 14 | """Class representing a salt method per the Modular Crypt Format or the |
| 15 | legacy 2-character crypt method.""" |
Sean Reifscheider | e2dfefb | 2011-02-22 10:55:44 +0000 | [diff] [blame] | 16 | |
| 17 | def __repr__(self): |
Brett Cannon | daa5799 | 2011-02-22 21:48:06 +0000 | [diff] [blame] | 18 | return '<crypt.METHOD_{}>'.format(self.name) |
| 19 | |
| 20 | |
| 21 | |
| 22 | def mksalt(method=None): |
| 23 | """Generate a salt for the specified method. |
| 24 | |
| 25 | If not specified, the strongest available method will be used. |
| 26 | |
| 27 | """ |
| 28 | if method is None: |
| 29 | method = methods[0] |
| 30 | s = '${}$'.format(method.ident) if method.ident else '' |
| 31 | s += ''.join(choice(_saltchars) for _ in range(method.salt_chars)) |
| 32 | return s |
| 33 | |
| 34 | |
| 35 | def crypt(word, salt=None): |
| 36 | """Return a string representing the one-way hash of a password, with a salt |
| 37 | prepended. |
| 38 | |
| 39 | If ``salt`` is not specified or is ``None``, the strongest |
| 40 | available method will be selected and a salt generated. Otherwise, |
| 41 | ``salt`` may be one of the ``crypt.METHOD_*`` values, or a string as |
| 42 | returned by ``crypt.mksalt()``. |
| 43 | |
| 44 | """ |
| 45 | if salt is None or isinstance(salt, _Method): |
| 46 | salt = mksalt(salt) |
| 47 | return _crypt.crypt(word, salt) |
Sean Reifscheider | e2dfefb | 2011-02-22 10:55:44 +0000 | [diff] [blame] | 48 | |
| 49 | |
| 50 | # available salting/crypto methods |
Brett Cannon | daa5799 | 2011-02-22 21:48:06 +0000 | [diff] [blame] | 51 | METHOD_CRYPT = _Method('CRYPT', None, 2, 13) |
| 52 | METHOD_MD5 = _Method('MD5', '1', 8, 34) |
| 53 | METHOD_SHA256 = _Method('SHA256', '5', 16, 63) |
| 54 | METHOD_SHA512 = _Method('SHA512', '6', 16, 106) |
Sean Reifscheider | e2dfefb | 2011-02-22 10:55:44 +0000 | [diff] [blame] | 55 | |
Brett Cannon | cfbcdbb | 2011-02-22 21:55:51 +0000 | [diff] [blame] | 56 | methods = [] |
| 57 | for _method in (METHOD_SHA512, METHOD_SHA256, METHOD_MD5): |
| 58 | _result = crypt('', _method) |
| 59 | if _result and len(_result) == _method.total_size: |
| 60 | methods.append(_method) |
| 61 | methods.append(METHOD_CRYPT) |
| 62 | del _result, _method |