U §Ćq`Ić@sÖddlmZmZmZddlZddlmZddlmZ ddl m Z m Z ddlm Z ee jƒZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZer*e   e  !de  "”””dd…Ze  #”Ze  $”Ze  %”Ze  &”Ze  '”Ze  (”Ze  )”Ze  *”Ze  +”Ze  ,”Ze  -”Ze  .”Ze  /”Ze  0”Ze  1”Z2e  3”Z4e  5”Z6e  7”Z8e  9”Z:e  ;”Ze  ?”Z@e  A”ZBe   e  !de  C”””dd…ZDe  E”ZFe  G”ZHe  I”ZJe  K”ZLe  M”ZNe  O”ZPe  Q”ZRe  S”ZTe  U”ZVe  W”ZXe   e  !de  Y”””dd…ZZe  [”Z\e  ]”Z^e  _”Z`e  a”Zbe  c”Zde  e”Zfe  g”Zhe  i”Zje  k”Zle  m”ZneZoeZpeZqeZreZseZtdZud Zvd Zwd Zxexfd d „Zydd„Zzdexfdd„Z{eoepfdd„Z|dd„Z}dd„Z~dd„Zdd„Z€dd„ZeZ‚dS)é)Śabsolute_importŚdivisionŚprint_functionN)Ś integer_types)ŚffiŚlib)Śensureóśchar *é’’’?é?l’’’’icCst|dkdtjdt|dkdtjdt||d@dkdtjdt|dkdtjdt|t|kd t”tjdt|dd |>ktjd|d |}td }t|d ||ktjdd ||d d }t|t|ktjdt|tj|ktjdt|||kdtjddS)NrzInvalid block size©ZraisingzInvalid parallelization factoréz Cost factor must be a power of 2zCost factor must be at least 2zp*r is greater than {0}éé€éé éz7Memory limit would be exceeded with the choosen n, r, p)rŚexcŚ ValueErrorŚ SCRYPT_PR_MAXŚformatŚ UINT64_MAXŚsysŚmaxsize)ŚnŚrŚpŚmaxmemZBlenŚiZVlen©r śB/tmp/pip-target-nv4zd3e_/lib/python/nacl/bindings/crypto_pwhash.pyŚ_check_memory_occupation¢sF ’ ’’ ’ ž’ ’ ’’ žr"cCs°|dkr d}d}||dkrRd}|d|}tddƒD]}d||dkr6q¦q6nT||d}tddƒD]}d||dkrhq‚qh|dd|}|d kržd }||}|||fS) z/Python implementation of libsodium's pickparamsi€érrrr rrr )Śrange)ŚopslimitŚmemlimitrrZmaxnZn_log2Zmaxrpr r r!Ś nacl_bindings_pick_scrypt_paramsŹs$   r'é@c CsÖttdtjdtt|tƒtdtt|tƒtdtt|tƒtdtt|tƒtdtt|tƒtdt||||ƒt   d|”}t   |t |ƒ|t |ƒ|||||” }t|dkdtjdt  t  d|”|”dd…S)aš Derive a cryptographic key using the ``passwd`` and ``salt`` given as input. The work factor can be tuned by by picking different values for the parameters :param bytes passwd: :param bytes salt: :param bytes salt: *must* be *exactly* :py:const:`.SALTBYTES` long :param int dklen: :param int opslimit: :param int n: :param int r: block size, :param int p: the parallelism factor :param int maxmem: the maximum available memory available for scrypt's operations :rtype: bytes :raises nacl.exceptions.UnavailableError: If called when using a minimal build of libsodium. śNot available in minimal buildr z uint8_t[]rś$Unexpected failure in key derivationr N)rŚ&has_crypto_pwhash_scryptsalsa208sha256rŚUnavailableErrorŚ isinstancerŚ TypeErrorŚbytesr"rŚnewrŚ%crypto_pwhash_scryptsalsa208sha256_llŚlenŚ RuntimeErrorŚbufferŚcast) ŚpasswdŚsaltrrrZdklenrŚbufŚretr r r!r1čsDž ’ ’ ’ ’ ’  ż ’r1cCsPttdtjdt dt”}t ||t |ƒ||”}t|dkdtj dt  |”S)a„ Derive a cryptographic key using the ``passwd`` and ``salt`` given as input, returning a string representation which includes the salt and the tuning parameters. The returned string can be directly stored as a password hash. See :py:func:`.crypto_pwhash_scryptsalsa208sha256` for a short discussion about ``opslimit`` and ``memlimit`` values. :param bytes passwd: :param int opslimit: :param int memlimit: :return: serialized key hash, including salt and tuning parameters :rtype: bytes :raises nacl.exceptions.UnavailableError: If called when using a minimal build of libsodium. r)r śchar[]rz&Unexpected failure in password hashing) rr+rr,rr0ŚSCRYPT_STRBYTESrŚ&crypto_pwhash_scryptsalsa208sha256_strr2r3Śstring)r6r%r&r8r9r r r!r<sž ż ’r<cCsVttdtjdtt|ƒtdkdtjdt ||t|ƒ”}t|dkdtj ddS)a9 Verifies the ``passwd`` against the ``passwd_hash`` that was generated. Returns True or False depending on the success :param passwd_hash: bytes :param passwd: bytes :rtype: boolean :raises nacl.exceptions.UnavailableError: If called when using a minimal build of libsodium. r)r rzInvalid password hashrśWrong passwordT) rr+rr,r2r;rrŚ-crypto_pwhash_scryptsalsa208sha256_str_verifyŚInvalidkeyError©Z passwd_hashr6r9r r r!r?Ds ž’žžr?cCsź|tkrn|tkr"t d t””‚n|tkr:t d t””‚|tkrTt d t””‚qę|tkręt d t””‚nx|tkrÜ|t krt d t ””‚n|t krØt d t ””‚|t krĀt d t ””‚qę|t kręt d t ””‚n t  d”‚dS)Nz#memlimit must be at least {0} bytesz"memlimit must be at most {0} byteszopslimit must be at least {0}zopslimit must be at most {0}zUnsupported algorithm)Ścrypto_pwhash_ALG_ARGON2I13Ś"crypto_pwhash_argon2i_MEMLIMIT_MINrrrŚ"crypto_pwhash_argon2i_MEMLIMIT_MAXŚ"crypto_pwhash_argon2i_OPSLIMIT_MINŚ"crypto_pwhash_argon2i_OPSLIMIT_MAXŚcrypto_pwhash_ALG_ARGON2ID13Ś#crypto_pwhash_argon2id_MEMLIMIT_MINŚ#crypto_pwhash_argon2id_MEMLIMIT_MAXŚ#crypto_pwhash_argon2id_OPSLIMIT_MINŚ#crypto_pwhash_argon2id_OPSLIMIT_MAXr.)r%r&Śalgr r r!Ś_check_argon2_limits_alg`sF’’’’’’’’rMc Cstt|tƒtjdtt|tƒtjdtt|tƒtjdtt|tƒtjdtt|tƒtjdt|ƒtkr€t d  t””‚|t kršt d  t ””‚n|t kr²t d  t ””‚t |||ƒt  d|”}t |||t|ƒ||||”}t|dkdtjdt  ||”dd…S) aŻ Derive a raw cryptographic key using the ``passwd`` and the ``salt`` given as input to the ``alg`` algorithm. :param outlen: the length of the derived key :type outlen: int :param passwd: The input password :type passwd: bytes :param opslimit: computational cost :type opslimit: int :param memlimit: memory cost :type memlimit: int :param alg: algorithm identifier :type alg: int :return: derived key :rtype: bytes r z#salt must be exactly {0} bytes longz+derived key must be at least {0} bytes longz*derived key must be at most {0} bytes longzunsigned char[]rr*N)rr-rrr.r/r2Ścrypto_pwhash_SALTBYTESrrŚcrypto_pwhash_BYTES_MINŚcrypto_pwhash_BYTES_MAXrMrr0rZ crypto_pwhashr3r4)Zoutlenr6r7r%r&rLŚoutbufr9r r r!Ścrypto_pwhash_algsV ’ ’ ’ ’ ’ ’’’’’  ’ ’rRcCs„tt|tƒtdtt|tƒtdtt|tƒtdt|||ƒt dd”}t  ||t |ƒ|||”}t|dkdt j dt  |”S)a Derive a cryptographic key using the ``passwd`` given as input and a random ``salt``, returning a string representation which includes the salt, the tuning parameters and the used algorithm. :param passwd: The input password :type passwd: bytes :param opslimit: computational cost :type opslimit: int :param memlimit: memory cost :type memlimit: int :param alg: The algorithm to use :type alg: int :return: serialized derived key and parameters :rtype: bytes r r:rrr*)rr-rr.r/rMrr0rŚcrypto_pwhash_str_algr2rr3r=)r6r%r&rLrQr9r r r!rS¹s( ’ ’ ’  ’ ’rScCsftt|tƒtdtt|tƒtdtt|ƒdkdtjdt ||t|ƒ”}t|dkdtj ddS)a4 Verifies the ``passwd`` against a given password hash. Returns True on success, raises InvalidkeyError on failure :param passwd_hash: saved password hash :type passwd_hash: bytes :param passwd: password to be checked :type passwd: bytes :return: success :rtype: boolean r éz#Hash must be at most 127 bytes longrr>T) rr-r/r.r2rrrŚcrypto_pwhash_str_verifyr@rAr r r!rUŽs ’ ’ žžrU)ƒŚ __future__rrrrŚsixrZnacl.exceptionsŚ exceptionsrZ nacl._sodiumrrrŚboolZ-PYNACL_HAS_CRYPTO_PWHASH_SCRYPTSALSA208SHA256r+Z,crypto_pwhash_scryptsalsa208sha256_STRPREFIXZ,crypto_pwhash_scryptsalsa208sha256_SALTBYTESZ+crypto_pwhash_scryptsalsa208sha256_STRBYTESZ-crypto_pwhash_scryptsalsa208sha256_PASSWD_MINZ-crypto_pwhash_scryptsalsa208sha256_PASSWD_MAXZ,crypto_pwhash_scryptsalsa208sha256_BYTES_MINZ,crypto_pwhash_scryptsalsa208sha256_BYTES_MAXZ/crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MINZ/crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MAXZ/crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MINZ/crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MAXZ7crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVEZ7crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVEZ5crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVEZ5crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVEr=r5Z,crypto_pwhash_scryptsalsa208sha256_strprefixZ,crypto_pwhash_scryptsalsa208sha256_saltbytesZ+crypto_pwhash_scryptsalsa208sha256_strbytesZ-crypto_pwhash_scryptsalsa208sha256_passwd_minZ-crypto_pwhash_scryptsalsa208sha256_passwd_maxZ,crypto_pwhash_scryptsalsa208sha256_bytes_minZ,crypto_pwhash_scryptsalsa208sha256_bytes_maxZ/crypto_pwhash_scryptsalsa208sha256_memlimit_minZ/crypto_pwhash_scryptsalsa208sha256_memlimit_maxZ/crypto_pwhash_scryptsalsa208sha256_opslimit_minZ/crypto_pwhash_scryptsalsa208sha256_opslimit_maxZ7crypto_pwhash_scryptsalsa208sha256_opslimit_interactiveZ7crypto_pwhash_scryptsalsa208sha256_memlimit_interactiveZ5crypto_pwhash_scryptsalsa208sha256_opslimit_sensitiveZ5crypto_pwhash_scryptsalsa208sha256_memlimit_sensitiveZcrypto_pwhash_alg_argon2i13rBZcrypto_pwhash_alg_argon2id13rGZcrypto_pwhash_alg_defaultZcrypto_pwhash_ALG_DEFAULTZcrypto_pwhash_saltbytesrNZcrypto_pwhash_strbytesZcrypto_pwhash_STRBYTESZcrypto_pwhash_passwd_minZcrypto_pwhash_PASSWD_MINZcrypto_pwhash_passwd_maxZcrypto_pwhash_PASSWD_MAXZcrypto_pwhash_bytes_minrOZcrypto_pwhash_bytes_maxrPZcrypto_pwhash_argon2i_strprefixZcrypto_pwhash_argon2i_STRPREFIXZ"crypto_pwhash_argon2i_memlimit_minrCZ"crypto_pwhash_argon2i_memlimit_maxrDZ"crypto_pwhash_argon2i_opslimit_minrEZ"crypto_pwhash_argon2i_opslimit_maxrFZ*crypto_pwhash_argon2i_opslimit_interactiveZ*crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVEZ*crypto_pwhash_argon2i_memlimit_interactiveZ*crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVEZ'crypto_pwhash_argon2i_opslimit_moderateZ'crypto_pwhash_argon2i_OPSLIMIT_MODERATEZ'crypto_pwhash_argon2i_memlimit_moderateZ'crypto_pwhash_argon2i_MEMLIMIT_MODERATEZ(crypto_pwhash_argon2i_opslimit_sensitiveZ(crypto_pwhash_argon2i_OPSLIMIT_SENSITIVEZ(crypto_pwhash_argon2i_memlimit_sensitiveZ(crypto_pwhash_argon2i_MEMLIMIT_SENSITIVEZ crypto_pwhash_argon2id_strprefixZ crypto_pwhash_argon2id_STRPREFIXZ#crypto_pwhash_argon2id_memlimit_minrHZ#crypto_pwhash_argon2id_memlimit_maxrIZ#crypto_pwhash_argon2id_opslimit_minrJZ#crypto_pwhash_argon2id_opslimit_maxrKZ+crypto_pwhash_argon2id_opslimit_interactiveZ+crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVEZ+crypto_pwhash_argon2id_memlimit_interactiveZ+crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVEZ(crypto_pwhash_argon2id_opslimit_moderateZ(crypto_pwhash_argon2id_OPSLIMIT_MODERATEZ(crypto_pwhash_argon2id_memlimit_moderateZ(crypto_pwhash_argon2id_MEMLIMIT_MODERATEZ)crypto_pwhash_argon2id_opslimit_sensitiveZ)crypto_pwhash_argon2id_OPSLIMIT_SENSITIVEZ)crypto_pwhash_argon2id_memlimit_sensitiveZ)crypto_pwhash_argon2id_MEMLIMIT_SENSITIVEZSCRYPT_OPSLIMIT_INTERACTIVEZSCRYPT_MEMLIMIT_INTERACTIVEZSCRYPT_OPSLIMIT_SENSITIVEZSCRYPT_MEMLIMIT_SENSITIVEZSCRYPT_SALTBYTESr;rZLOG2_UINT64_MAXrZSCRYPT_MAX_MEMr"r'r1r<r?rMrRrSrUZ crypto_pwhash_argon2i_str_verifyr r r r!Śs   ’ ’ ’’’’’’’’’’’’’’’ ’ ’’’’’’’’’’’ ’ ’’’’’’’’’’’’’’’’’ (’ 7ž &!8%