+ i X Rt^RIt]P!]4t^RIHtHtHtH t ^RI H t H t ^RI HtHtHtHt^RIHtHt^RIHuHtR.t!RR]P4]P6]P8]P:4tR#)z:passlib.handlers.scram - hash for SCRAM credential storageN)consteqsaslprep to_native_str splitcomma) ab64_decode ab64_encode) bascii_to_str iteritemsunative_string_types) pbkdf2_hmacnorm_hash_namescramc&aa]tRt^toRtRtRt]!R4t^ t Rt Rt ^t Rt Rt.ROt.ROtRt]R4t]RRl4t]R 4t]R 4tR t]RV3R ll4tRV3R lltRRlt]R4tV3RltRRlt]RRl4tRtVt V;t!#)raThis class provides a format for storing SCRAM passwords, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: bytes :param salt: Optional salt bytes. If specified, the length must be between 0-1024 bytes. If not specified, a 12 byte salt will be autogenerated (this is recommended). :type salt_size: int :param salt_size: Optional number of bytes to use when autogenerating new salts. Defaults to 12 bytes, but can be any value between 0 and 1024. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 100000, but must be within ``range(1,1<<32)``. :type algs: list of strings :param algs: Specify list of digest algorithms to use. By default each scram hash will contain digests for SHA-1, SHA-256, and SHA-512. This can be overridden by specify either be a list such as ``["sha-1", "sha-256"]``, or a comma-separated string such as ``"sha-1, sha-256"``. Names are case insensitive, and may use :mod:`!hashlib` or `IANA `_ hash names. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. .. versionadded:: 1.6 In addition to the standard :ref:`password-hash-api` methods, this class also provides the following methods for manipulating Passlib scram hashes in ways useful for pluging into a SCRAM protocol stack: .. automethod:: extract_digest_info .. automethod:: extract_digest_algs .. automethod:: derive_digest $scram$iilinearNc \VR4pVPV4pVPpV'g \R4hVPVP WB,3#)aHreturn (salt, rounds, digest) for specific hash algorithm. :type hash: str :arg hash: :class:`!scram` hash stored for desired user :type alg: str :arg alg: Name of digest algorithm (e.g. ``"sha-1"``) requested by client. This value is run through :func:`~passlib.crypto.digest.norm_hash_name`, so it is case-insensitive, and can be the raw SCRAM mechanism name (e.g. ``"SCRAM-SHA-1"``), the IANA name, or the hashlib name. :raises KeyError: If the hash does not contain an entry for the requested digest algorithm. :returns: A tuple containing ``(salt, rounds, digest)``, where *digest* matches the raw bytes returned by SCRAM's :func:`Hi` function for the stored password, the provided *salt*, and the iteration count (*rounds*). *salt* and *digest* are both raw (unencoded) bytes. ianazscram hash contains no digests)r from_stringchecksum ValueErrorsaltrounds)clshashalgselfchkmaps&&& T/var/www/html/photoedit/myenv/lib/python3.14/site-packages/passlib/handlers/scram.pyextract_digest_infoscram.extract_digest_info|sM>S&)t$=> >yy$++v{22c VPV4PpVR8XdV#VUu.uFp\WB4NK up#uupi)aReturn names of all algorithms stored in a given hash. :type hash: str :arg hash: The :class:`!scram` hash to parse :type format: str :param format: This changes the naming convention used by the returned algorithm names. By default the names are IANA-compatible; possible values are ``"iana"`` or ``"hashlib"``. :returns: Returns a list of digest algorithms; e.g. ``["sha-1"]`` r)ralgsr )rrformatr#rs&&& rextract_digest_algsscram.extract_digest_algssB(t$)) V K;?@4CN3/4@ @@sAc |\V\4'dVPR4p\V\ V4W#4#)ahelper to create SaltedPassword digest for SCRAM. This performs the step in the SCRAM protocol described as:: SaltedPassword := Hi(Normalize(password), salt, i) :type password: unicode or utf-8 bytes :arg password: password to run through digest :type salt: bytes :arg salt: raw salt data :type rounds: int :arg rounds: number of iterations. :type alg: str :arg alg: name of digest to use (e.g. ``"sha-1"``). :returns: raw bytes of ``SaltedPassword`` zutf-8) isinstancebytesdecoder r)rpasswordrrrs&&&&&r derive_digestscram.derive_digests5. h & &w/H3 2DAAr!c\VRR4pVPR4'g \PP V4hVR,P R4p\ V4^8wd \PPV4hVwr4p\V4pV\V48wd \PPV4h\VPR44pT'g \PPT4hRT9dNRp/p TP R4F3p T P R4wr\T PR44Y&K5 MTpRp T!TTT TR7# \d!\PPT4hi;i \d!\PPT4hi;i) asciirr:NN$=N,)rrrr#) r startswithuhexcInvalidHashErrorsplitlenMalformedHashErrorintstrrencode TypeError) rrparts rounds_strsalt_strchk_strrrr#rpairrdigests && rrscram.from_stringsT7F3y))&&))#. .Rs# u:?&&++C0 0(-% gZ V $&&++C0 0 1xw78D &&++C0 0 G^DF c*"jjo 9"-fmmG.D"EFK+DF   / 1&&++C0 0 1!9&&33C889s E0?F0+F+G ca\\VP44pVPoRP V3RlVP 44pRVP W3,#)r3c 3h<"TF'pV: R\\SV,44: 2xK) R#5i)r2N)rr).0rrs& r "scram.to_string..s+  M+fSk*BC D s/2z$scram$%d$%s$%s)rrrrjoinr#r)rrrBrs& @r to_stringscram.to_string sT[34(( yy  !DKK#???r!c |<Ve VeQhTp\\V` !R/VBpVeVPV4VnV#)N)superrusing _norm_algs default_algs)rrSr#kwdssubcls __class__s&&&, rrQ scram.usingsP  ' ''Luc(040  #"%..">F  r!c <\\V` !R/VBVPpVe"Ve \ R4hVP V4pMxVe!VP VP 44pMTVP'd8\VP4pVP V4V8Xg QRV: 24hM \R4hWn R#)Nz+checksum & algs kwds are mutually exclusivezinvalid default algs: zno algs list specifiedrO) rPr__init__r RuntimeErrorrRkeys use_defaultslistrSr>r#)rr#rT digest_maprVs&&, rrYscram.__init__+s eT#+d+]]  %"#PQQ??4(D  #??:??#45D    ))*D??4(D0 VPT2V V045 5 r!c\V\4'g"\PP VRR4h\ V4F{wr4V\ VR48wd\RV: 24h\V4^ 8d\RV: 24h\V\4'dK\\PP VRR4h RV9d \R4hV#) dictrrz(malformed algorithm name in scram hash: z.SCRAM limits algorithm names to 9 characters: z raw bytesdigestssha-1-sha-1 must be in algorithm list of scram hash) r(rar5r6ExpectedTypeErrorr r rr9r))rrrelaxedrrDs&&& r_norm_checksumscram._norm_checksum>s(D))&&**8VZH H$X.KCnS&11 "%"())3x!| 7:"=>>fe,,ff..v{INN/ ( "LM Mr!c \V\4'd \V4p\RV44p\;QJdRV4F 'gK RM RM !RV44'd \ R4hRV9d \ R4hV#)znormalize algs parameterc3:"TFp\VR4xK R#5i)rN)r rHrs& rrI#scram._norm_algs..UsBTcnS&11Tsc3>"TFp\V4^ 8xK R#5i) N)r9rks& rrIrlVs*Tcs3xzTsTFz-SCRAM limits alg names to max of 9 charactersrcrd)r(r rsortedanyr)rr#s&&rrRscram._norm_algsPsr d/ 0 0d#DBTBB 3*T*333*T* * *LM M $ LM M r!c <\VP4PVP4'gR#\\ V`!R/VB#)TrO)setr# issupersetrSrPr_calc_needs_update)rrTrVs&,rruscram._calc_needs_update`s>499~(():):;;UD4<"TFpVS!SSSV43xK R#5iNrO)rHrrrrsecrets& rrI'scram._calc_checksum..vs($Cd6456$s)rrr,rar#)rrzrrrrs&f&@@@r_calc_checksumscram._calc_checksummsTyy!! fc2 299 r!c \P!V4VPV4pVPpV'g)\ RVP : RVP : R24hV'dR;rg\ V4FowrVPW4p \V 4\V 48wd*\ RV: R\V 4: R\V 4: 24h\W4'dRpKmRpKq V'dV'd \ R4hV#VPF.pW9gK VPW4p \WV,4u# \R 4h) z expected z hash, got z config string insteadFz mis-sized z digest in scram hash: z != Tz4scram hash verified inconsistently, may be corruptedzsha-1 digest not found!) r5validate_secretrrrnamer r|r9r _verify_algsAssertionError) rrzrfullrrcorrectfailedrrDothers &&&& rverify scram.verify{s& 6"t$!hh23 3 $ $G(0 ++F8 v;#e*,$(+S[#e*&FGG5))"G!F 16 "455((= //rsk@ g''1GF9QQ=##  N