17db96d56Sopenharmony_ci"""Wrapper to the POSIX crypt library call and associated functionality."""
27db96d56Sopenharmony_ci
37db96d56Sopenharmony_ciimport sys as _sys
47db96d56Sopenharmony_ci
57db96d56Sopenharmony_citry:
67db96d56Sopenharmony_ci    import _crypt
77db96d56Sopenharmony_ciexcept ModuleNotFoundError:
87db96d56Sopenharmony_ci    if _sys.platform == 'win32':
97db96d56Sopenharmony_ci        raise ImportError("The crypt module is not supported on Windows")
107db96d56Sopenharmony_ci    else:
117db96d56Sopenharmony_ci        raise ImportError("The required _crypt module was not built as part of CPython")
127db96d56Sopenharmony_ci
137db96d56Sopenharmony_ciimport errno
147db96d56Sopenharmony_ciimport string as _string
157db96d56Sopenharmony_ciimport warnings
167db96d56Sopenharmony_cifrom random import SystemRandom as _SystemRandom
177db96d56Sopenharmony_cifrom collections import namedtuple as _namedtuple
187db96d56Sopenharmony_ci
197db96d56Sopenharmony_ci
207db96d56Sopenharmony_ciwarnings._deprecated(__name__, remove=(3, 13))
217db96d56Sopenharmony_ci
227db96d56Sopenharmony_ci
237db96d56Sopenharmony_ci_saltchars = _string.ascii_letters + _string.digits + './'
247db96d56Sopenharmony_ci_sr = _SystemRandom()
257db96d56Sopenharmony_ci
267db96d56Sopenharmony_ci
277db96d56Sopenharmony_ciclass _Method(_namedtuple('_Method', 'name ident salt_chars total_size')):
287db96d56Sopenharmony_ci
297db96d56Sopenharmony_ci    """Class representing a salt method per the Modular Crypt Format or the
307db96d56Sopenharmony_ci    legacy 2-character crypt method."""
317db96d56Sopenharmony_ci
327db96d56Sopenharmony_ci    def __repr__(self):
337db96d56Sopenharmony_ci        return '<crypt.METHOD_{}>'.format(self.name)
347db96d56Sopenharmony_ci
357db96d56Sopenharmony_ci
367db96d56Sopenharmony_cidef mksalt(method=None, *, rounds=None):
377db96d56Sopenharmony_ci    """Generate a salt for the specified method.
387db96d56Sopenharmony_ci
397db96d56Sopenharmony_ci    If not specified, the strongest available method will be used.
407db96d56Sopenharmony_ci
417db96d56Sopenharmony_ci    """
427db96d56Sopenharmony_ci    if method is None:
437db96d56Sopenharmony_ci        method = methods[0]
447db96d56Sopenharmony_ci    if rounds is not None and not isinstance(rounds, int):
457db96d56Sopenharmony_ci        raise TypeError(f'{rounds.__class__.__name__} object cannot be '
467db96d56Sopenharmony_ci                        f'interpreted as an integer')
477db96d56Sopenharmony_ci    if not method.ident:  # traditional
487db96d56Sopenharmony_ci        s = ''
497db96d56Sopenharmony_ci    else:  # modular
507db96d56Sopenharmony_ci        s = f'${method.ident}$'
517db96d56Sopenharmony_ci
527db96d56Sopenharmony_ci    if method.ident and method.ident[0] == '2':  # Blowfish variants
537db96d56Sopenharmony_ci        if rounds is None:
547db96d56Sopenharmony_ci            log_rounds = 12
557db96d56Sopenharmony_ci        else:
567db96d56Sopenharmony_ci            log_rounds = int.bit_length(rounds-1)
577db96d56Sopenharmony_ci            if rounds != 1 << log_rounds:
587db96d56Sopenharmony_ci                raise ValueError('rounds must be a power of 2')
597db96d56Sopenharmony_ci            if not 4 <= log_rounds <= 31:
607db96d56Sopenharmony_ci                raise ValueError('rounds out of the range 2**4 to 2**31')
617db96d56Sopenharmony_ci        s += f'{log_rounds:02d}$'
627db96d56Sopenharmony_ci    elif method.ident in ('5', '6'):  # SHA-2
637db96d56Sopenharmony_ci        if rounds is not None:
647db96d56Sopenharmony_ci            if not 1000 <= rounds <= 999_999_999:
657db96d56Sopenharmony_ci                raise ValueError('rounds out of the range 1000 to 999_999_999')
667db96d56Sopenharmony_ci            s += f'rounds={rounds}$'
677db96d56Sopenharmony_ci    elif rounds is not None:
687db96d56Sopenharmony_ci        raise ValueError(f"{method} doesn't support the rounds argument")
697db96d56Sopenharmony_ci
707db96d56Sopenharmony_ci    s += ''.join(_sr.choice(_saltchars) for char in range(method.salt_chars))
717db96d56Sopenharmony_ci    return s
727db96d56Sopenharmony_ci
737db96d56Sopenharmony_ci
747db96d56Sopenharmony_cidef crypt(word, salt=None):
757db96d56Sopenharmony_ci    """Return a string representing the one-way hash of a password, with a salt
767db96d56Sopenharmony_ci    prepended.
777db96d56Sopenharmony_ci
787db96d56Sopenharmony_ci    If ``salt`` is not specified or is ``None``, the strongest
797db96d56Sopenharmony_ci    available method will be selected and a salt generated.  Otherwise,
807db96d56Sopenharmony_ci    ``salt`` may be one of the ``crypt.METHOD_*`` values, or a string as
817db96d56Sopenharmony_ci    returned by ``crypt.mksalt()``.
827db96d56Sopenharmony_ci
837db96d56Sopenharmony_ci    """
847db96d56Sopenharmony_ci    if salt is None or isinstance(salt, _Method):
857db96d56Sopenharmony_ci        salt = mksalt(salt)
867db96d56Sopenharmony_ci    return _crypt.crypt(word, salt)
877db96d56Sopenharmony_ci
887db96d56Sopenharmony_ci
897db96d56Sopenharmony_ci#  available salting/crypto methods
907db96d56Sopenharmony_cimethods = []
917db96d56Sopenharmony_ci
927db96d56Sopenharmony_cidef _add_method(name, *args, rounds=None):
937db96d56Sopenharmony_ci    method = _Method(name, *args)
947db96d56Sopenharmony_ci    globals()['METHOD_' + name] = method
957db96d56Sopenharmony_ci    salt = mksalt(method, rounds=rounds)
967db96d56Sopenharmony_ci    result = None
977db96d56Sopenharmony_ci    try:
987db96d56Sopenharmony_ci        result = crypt('', salt)
997db96d56Sopenharmony_ci    except OSError as e:
1007db96d56Sopenharmony_ci        # Not all libc libraries support all encryption methods.
1017db96d56Sopenharmony_ci        if e.errno in {errno.EINVAL, errno.EPERM, errno.ENOSYS}:
1027db96d56Sopenharmony_ci            return False
1037db96d56Sopenharmony_ci        raise
1047db96d56Sopenharmony_ci    if result and len(result) == method.total_size:
1057db96d56Sopenharmony_ci        methods.append(method)
1067db96d56Sopenharmony_ci        return True
1077db96d56Sopenharmony_ci    return False
1087db96d56Sopenharmony_ci
1097db96d56Sopenharmony_ci_add_method('SHA512', '6', 16, 106)
1107db96d56Sopenharmony_ci_add_method('SHA256', '5', 16, 63)
1117db96d56Sopenharmony_ci
1127db96d56Sopenharmony_ci# Choose the strongest supported version of Blowfish hashing.
1137db96d56Sopenharmony_ci# Early versions have flaws.  Version 'a' fixes flaws of
1147db96d56Sopenharmony_ci# the initial implementation, 'b' fixes flaws of 'a'.
1157db96d56Sopenharmony_ci# 'y' is the same as 'b', for compatibility
1167db96d56Sopenharmony_ci# with openwall crypt_blowfish.
1177db96d56Sopenharmony_cifor _v in 'b', 'y', 'a', '':
1187db96d56Sopenharmony_ci    if _add_method('BLOWFISH', '2' + _v, 22, 59 + len(_v), rounds=1<<4):
1197db96d56Sopenharmony_ci        break
1207db96d56Sopenharmony_ci
1217db96d56Sopenharmony_ci_add_method('MD5', '1', 8, 34)
1227db96d56Sopenharmony_ci_add_method('CRYPT', None, 2, 13)
1237db96d56Sopenharmony_ci
1247db96d56Sopenharmony_cidel _v, _add_method
125