| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| | |
As part of merge:
* various: reverted the py26 compat fixes from rev 5e2f92012412
* test utils: stripped out "has_real_subtest" compat from rev c732a9e2a582,
since now on py35+, which always has .subTest() method
|
| | | |
|
| | |
| |
| |
| | |
this inherits from ValueError, and has same text, so backwards compatible.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
join_byte_values() wrappers
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
"native_string_types" aliases
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| | |
added HashInfo().unknown helper attr to reduce spam in norm_hash_name(),
made some internal vars less ambiguous
|
| | |
| |
| |
| | |
so stats can be gathered retreived even if hash isn't available (e.g. FIPS mode)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
on FIPS systems (issue 116).
* lookup_hash():
- moved all hash consturctor error checks / handling into HashInfo object,
which simplifies lookup_hash() internals
- [minor] added "required" kwd, inverse of the now-deprecated "return_unknown" kwd
- [minor] now caches unknown/unsupported HashInfo records.
* HashInfo:
- now catches ValueErrors thrown by hash constructor,
and special-cased detection of "disabled for fips" errors.
- stub instances now have constructor that throws UnknownHashError,
instead of being None. calling code should detect stub instances via
the new "not info.supported" instead of testing for "info.const is None".
* create_hex_digest() now defaults to creating handlers w/ mock hash func
when it's not present (e.g. due to FIPS). this should let them be imported;
and defer the errors until they're actually used.
* added _set_mock_fips_mode() and some helps to make lookup_hash()
fake a FIPS mode system (per traceback provided in issue comments).
used this to make some preliminary UTs for the digest & hasher changes above.
|
| | |
| |
| |
| |
| | |
removing some aliases that weren't needed anymore,
and adding some new ones.
|
| |\ \
| |/ |
|
| | | |
|
| |/
|
|
|
|
|
| |
realized can do this now that we're requiring python3 >= 3.3.
had to keep u() helper around for u(r"") instances, since py3 doesn't have ur"".
but switched it to use ascii decoding for py2, to make sure things are clean.
|
| |
|
|
|
|
|
|
|
|
| |
* reworked backends so they're more pluggable.
* added _has_backend() helper for UTs to use, instead of _load_backend()
hack, which wasn't respecting dryrun flag.
this is mainly in preparation for issue 86: adding backend to support stdlib's
hashlib.scrypt().
|
| |
|
|
| |
about invalid escape sequences (e.g. "\s")
|
| |
|
|
| |
submodule
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* moved a bunch of pages into 'docs/narr' narrative subsection.
added placeholder pages in old locations, to minimize inbound link breakage.
* split history into separate pages, was getting way too long.
removed toplevel CHANGES file, not feasible under new structure.
* passlib.ifc split into reference & tutorial portions,
tutorial allowed subsuming a bunch of other hash-usage examples.
* added standard fragments for warning about insecure hashes,
added them to top of a LOT of hash doc pages.
* updated references, various layout tweaks
|
| | |
|
| | |
|
| |
|
|
|
| |
(a border case anyways), and hashlib or fastpbkdf2 are much better choices
for this use case.
|
| |
|
|
|
|
|
| |
* digest code now checks for fastpbkdf2 & hashlib backends
* tests: added some more test vectors from fastpbkdf2
* to match hashlib, now throwing OverflowError on large keylens, not ValueError.
* to match hashlib, now throwing ValueError on keylen=0, previously returned b""
|
| | |
|
| |
|
|
|
|
| |
benchmark tests.
this includes some temp code, committing to test on various systems.
|
| |
|
|
|
|
|
|
|
|
| |
which provides a more generic & flexible framework than HasManyBackends.
* has_backend() now a wrapper for set_backend(), which now accepts a dryrun flag.
* loaders can now return arbitrary objects, classes can control how they operate.
* loaders can now be dryrun aware.
* bcrypt hasher, scrypt hasher, and scrypt module updated to use new api
* fuzz tester now correctly restored backend after use
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scrypt kdf code
- relocated scrypt kdf code to passlib.crypto.scrypt
- py3 compat fixes
- split UTs out into separate file
- removed "non-power of 2" support, not needed.
- added wrapper which can toggle between builtin backend,
and extenrnal scrypt package.
- factored out n/r/p validation code so it can be used independantly
of calling kdf itself.
* passlib.handlers.scrypt: added scrypt handler which wraps the kdf.
- added some custom test strings, as well as adapted some reference values
from the scrypt whitepaper.
- added documentation page
- integrated scrypt kdf wrapper w/ hash's HasManyBackends api
|
| | |
|
|
|
and moved them to a separate passlib.crypto subpackage.
along with this move, made a few api cleanups:
* unified all code that's looking up hashes
to use new passlib.crypto.lookup_hash() wrapper, which takes
care of hash name normalization, loading fallback implementations,
and alg metadata inspection, all hidden behind a memoized function.
* deprecated pbkdf2() in favor of pbkdf2_hmac() -- only real use,
and new signature matches stdlib function. additionally,
this version is a bit faster, due to some assumptions that
can be made due to the PRF always being HMAC based.
* added compile_hmac() helper which does an even more efficient
job of pre-compiling a keyed HMAC function; this helped speed up pbkdf2 a bit more.
|
