Mercurial Repositories > eric / file diff

diff: Utilities/crypto/py3PBKDF2.py

Utilities/crypto/py3PBKDF2.py

changeset 1127
b1802ebe0066
child 1130
3e9f0330f833
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Utilities/crypto/py3PBKDF2.py	Sun Jun 19 15:19:46 2011 +0200
@@ -0,0 +1,147 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2002 - 2011 Detlev Offenbach <detlev@die-offenbachs.de>
+#
+
+"""
+Module implementing PBKDF2 functions.
+"""
+
+import hashlib
+import hmac
+import os
+import base64
+
+Hashes = {
+    "sha1": hashlib.sha1,
+    "sha224": hashlib.sha224,
+    "sha256": hashlib.sha256,
+    "sha384": hashlib.sha384,
+    "sha512": hashlib.sha512,
+    "md5": hashlib.md5,
+}
+
+Delimiter = "$"
+
+def pbkdf2(password, salt, iterations, digestMod):
+    """
+    Module function to hash a password according to the PBKDF2 specification.
+    
+    @param password clear text password (bytes)
+    @param salt salt value (bytes)
+    @param iterations number of times hash function should be applied (integer)
+    @param digestMod hash function
+    @return hashed password (bytes)
+    """
+    hash = password
+    for i in range(iterations):
+        hash = hmac.new(salt, hash, digestMod).digest()
+    return hash
+
+
+def hashPasswordTuple(password, digestMod=hashlib.sha512, iterations=10000, saltSize=32):
+    """
+    Module function to hash a password according to the PBKDF2 specification.
+    
+    @param password clear text password (string)
+    @param digestMod hash function
+    @param iterations number of times hash function should be applied (integer)
+    @param saltSize size of the salt (integer)
+    @return tuple of digestname (string), number of iterations (integer),
+        salt (bytes) and hashed password (bytes)
+    """
+    salt = os.urandom(saltSize)
+    password = password.encode("utf-8")
+    hash = pbkdf2(password, salt, iterations, digestMod)
+    digestname = digestMod.__name__.replace("openssl_", "")
+    return digestname, iterations, salt, hash
+
+
+def hashPassword(password, digestMod=hashlib.sha512, iterations=10000, saltSize=32):
+    """
+    Module function to hash a password according to the PBKDF2 specification.
+    
+    @param password clear text password (string)
+    @param digestMod hash function
+    @param iterations number of times hash function should be applied (integer)
+    @param saltSize size of the salt (integer)
+    @return hashed password entry according to PBKDF2 specification (string)
+    """
+    digestname, iterations, salt, hash = \
+        hashPasswordTuple(password, digestMod, iterations, saltSize)
+    return Delimiter.join([
+        digestname,
+        str(iterations),
+        base64.b64encode(salt).decode("ascii"),
+        base64.b64encode(hash).decode("ascii")
+    ])
+
+
+def verifyPassword(password, hash):
+    """
+    Module function to verify a password against a hash encoded password.
+    
+    @param password clear text password (string)
+    @param hash hash encoded password in the form
+        'digestmod$iterations$salt$hashed_password' as produced by the
+        hashPassword function (string)
+    @return flag indicating a successfull verification (boolean)
+    @exception ValueError the hash is not of the expected format or the
+        digest is not one of the known ones
+    """
+    try:
+        digestname, iterations, salt, pwHash = hash.split(Delimiter)
+    except ValueError:
+        raise ValueError(
+            "Expected hash encoded password in format "\
+            "'digestmod{0}iterations{0}salt{0}hashed_password".format(Delimiter))
+    
+    if digestname not in Hashes.keys():
+        raise ValueError(
+            "Unsupported hash algorithm '{0}' for hash encoded password '{1}'.".format(
+            digestname, hash))
+    
+    iterations = int(iterations)
+    salt = base64.b64decode(salt.encode("ascii"))
+    pwHash = base64.b64decode(pwHash.encode("ascii"))
+    password = password.encode("utf-8")
+    return pwHash == pbkdf2(password, salt, iterations, Hashes[digestname])
+
+
+def rehashPassword(password, hashParameters):
+    """
+    Module function to recreate a password hash given the hash parameters.
+    
+    @param password clear text password (string)
+    @param hashParameters hash parameters in the form
+        'digestmod$iterations$salt' (string)
+    @return hashed password (bytes)
+    @exception ValueError the hash parameters string is not of the expected format
+        or the digest is not one of the known ones
+    """
+    try:
+        digestname, iterations, salt = hashParameters.split(Delimiter)
+    except ValueError:
+        raise ValueError(
+            "Expected hash parameters string in format "\
+            "'digestmod{0}iterations{0}salt".format(Delimiter))
+    
+    if digestname not in Hashes.keys():
+        raise ValueError(
+            "Unsupported hash algorithm '{0}' for hash parameters '{1}'.".format(
+            digestname, hash))
+    
+    iterations = int(iterations)
+    salt = base64.b64decode(salt.encode("ascii"))
+    password = password.encode("utf-8")
+    return pbkdf2(password, salt, iterations, Hashes[digestname])
+
+
+if __name__ == "__main__":
+    import sys
+    pw = "secret_password"
+    print(len(hashPasswordTuple(pw)[-1]))
+    pwHash = hashPassword(pw)
+    print(pwHash)
+    print(verifyPassword(pw, pwHash))
+    sys.exit(0)

Mercurial Repository: eric

eric ide

mercurial