| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| | |
As part of merge:
* various: reverted the py26 compat fixes from rev 5e2f92012412
* test utils: stripped out "has_real_subtest" compat from rev c732a9e2a582,
since now on py35+, which always has .subTest() method
|
| | |
| |
| |
| | |
this inherits from ValueError, and has same text, so backwards compatible.
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
now return a single unified InternalBackendError() class,
instead of AssertionError.
This change has a couple of parts:
* assert statements replaced with permanent checks,
since crypt() is unpredictable enough that we need to have this always on,
even if production runs code in "-O2" mode.
* added debug_only_repr() helper which allows including sensitive stuff
like salts & hash digests within error tracebacks -- will only do so
when global flag is enabled; and that's currently only set by unittest suite.
* added new InternalBackendError() exception class (a RuntimeError subclass);
which is raised instead of an AssertionError.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
when encoding issue is found, to separate this from an unexpected error
when calling crypt.crypt() (these will still raise MissingBackendError).
also tweaked internal safe_verify() helper to catch errors thrown by
os_crypt backend (MissingBackendError would previously slip through,
causing spurious UT failures)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
on FIPS systems (issue 116).
* lookup_hash():
- moved all hash consturctor error checks / handling into HashInfo object,
which simplifies lookup_hash() internals
- [minor] added "required" kwd, inverse of the now-deprecated "return_unknown" kwd
- [minor] now caches unknown/unsupported HashInfo records.
* HashInfo:
- now catches ValueErrors thrown by hash constructor,
and special-cased detection of "disabled for fips" errors.
- stub instances now have constructor that throws UnknownHashError,
instead of being None. calling code should detect stub instances via
the new "not info.supported" instead of testing for "info.const is None".
* create_hex_digest() now defaults to creating handlers w/ mock hash func
when it's not present (e.g. due to FIPS). this should let them be imported;
and defer the errors until they're actually used.
* added _set_mock_fips_mode() and some helps to make lookup_hash()
fake a FIPS mode system (per traceback provided in issue comments).
used this to make some preliminary UTs for the digest & hasher changes above.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PasswordHash
-------------
* .truncate_size now used to indicate general "max password size";
* .truncate_error now defined for all hashers, indicates .hash() policy
* added .truncate_verify_reject as companion, indicates corresponding .verify() policy.
HandlerTestCase
---------------
* expanded test functions to check all combinations of truncation policy flags
* fixed fuzzer so it doesn't generate passwords which would throw PasswordSizeError.
|
| |
|
|
| |
of places.
|
| |
|
|
| |
UsedTokenError now has a default message.
|
| |
|
|
| |
ValueError
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
application secrets
This reworks a large portion of the totp module's API, to make it fit better
with the needs of the applications it's been integrated into so far.
* Key encryption encapsulated in new OTPContext() class,
which not only handles encryption of keys, but supports
multiple application secrets, allowing migration to new secrets
(whether periodic, or after a breach).
This makes workflow of OTP object serialization *much* simpler.
* encryption format changed to use a simple dict, which gets embedded
into overall json data; eliminates need for custom binary format.
* BaseOTP.generate_next() has been renamed to .advance(),
to make it distinct from .generate(), and give better hinting
that it modifies the internal state
BaseOTP.verify_next() has been renamed to .consume() for similar reasons.
* All .verify() and .verify_next() methods have been modified
so they throw an InvalidTokenError if the token doesn't match,
instead of returning False.
This reduces the boilerplate needed to implement them,
as code already had to catch ValueErrors for malformed tokens & reused tokens.
- the HotpMatch / TotpMatch objects were adjusted to account
for fact that they're only used when token matches successfully.
* better exception hierarchy: added base TokenError,
as well as subclasses for specific cases (MalformedTokenError,
InvalidTokenError, UsedTokenError).
* renamed BaseOTP.dirty -> BaseOTP.changed
* BaseOTP now detects if encryption is old, and flags that re-encryption
+ re-serialization is needed.
* .from_string() / .to_string() renamed to .from_json() / .to_json()
to disambiguate with .from_uri() / .to_uri(), which also returns a string.
|
| |
|
|
| |
attribute to make displaying user-facing messages easier.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Added PasswordHash.truncate_size info attribute, to detect hashes
which truncate the password.
* All such hashes (bcrypt, des_crypt, some others) now accept a "truncate_error"
option, allowing them to be switched from silent truncation to throwing
an error instead. This option is also supported by CryptContext.
* tests/HandlerCase:
- removed .secret_size config flag, can now just read handler.truncate_size instead.
- reworked truncation tests to use new API, and test 'truncate_error' policy support.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and moved them to a separate passlib.crypto subpackage.
along with this move, made a few api cleanups:
* unified all code that's looking up hashes
to use new passlib.crypto.lookup_hash() wrapper, which takes
care of hash name normalization, loading fallback implementations,
and alg metadata inspection, all hidden behind a memoized function.
* deprecated pbkdf2() in favor of pbkdf2_hmac() -- only real use,
and new signature matches stdlib function. additionally,
this version is a bit faster, due to some assumptions that
can be made due to the PRF always being HMAC based.
* added compile_hmac() helper which does an even more efficient
job of pre-compiling a keyed HMAC function; this helped speed up pbkdf2 a bit more.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
bcrypt
------
* added support & UT for $2b$ hash format.
not making it the default yet, for backward compat.
* large refactor of how bcrypt backends are loaded:
instead of per-backend workarounds within each _calc_checksum_<backend>()
function: now using runtime detection of specific capabilities & workarounds,
that runs whenever set_backend() is called, combined with consolidated
workaround code within _calc_checksum(), controlled by the flags
set by set_backend().
this detection now looks for:
- the 8bit bug: throws a PasslibSecurityError
- the wraparound bug: issues warning, sets flag enabling a workaround.
- support for 2/2y/2b: if backend lacks support for particular variants,
sets flag enabling workaround to add support.
* os_crypt backend now just issues error if it can't handle a password encoding;
rather than trying fallbacks first -- edge case anyways, and likely
to not have any fallbacks when it does happen. simplifies backend code.
* added UTs to make sure wraparound-vulnerable passwords are hashed correctly
(as a 72char string, not a 1-3 char string that's repeated).
* internal blowfish code's ident parsing clarified.
other
-----
* added exc.PasslibSecurityError for fatal runtime errors.
* test framework: os_crypt backends no longer expected to use
*any* backend as fallback, just ones with lower priority than os_crypt.
* test framework: crypt_stub() wrapper now subclasses the handler,
so it can use an independant backend, instead of changing global
backend for duration of call (made parallel testing hard)
docs
----
* added entry to bcrypt page, writing down wraparound bug details,
and how passlib is handling it.
* all versions of pybcrypt & bcryptor seem to be vulnerable to wraparound bug.
starting process of deprecating these backends: marked bcrypt backend
as 'preferred' throughout the documentation.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TOTP module reworked drastically. Should have committed this a long time ago.
Now have what is (hopefully) the final API for the TOTP module.
* Supports TOTP & HOTP
* Supports URI rendering & parsing
* Highlevel methods to handle state management, client clock skew estimation, etc.
* Unittests mostly complete (a few edge cases)
* Persistent serialization supports encrypting secrets with a password,
to mitigate exposure of storage medium.
* Basic API documentation.
Should be suitable for following use-cases:
* lowlevel methods for implementing HOTP/TOTP on server
* highlevel methods for implementing HOTP/TOTP on server,
and letting them handle details of tracking client state.
* methods for implementing an HOTP / TOTP client.
|
| | |
|
| |
|
|
| |
comment 7) (transplant of r1f5b8860b743 from default branch)
|
| |
|
|
|
|
|
|
|
|
|
| |
* added some backwards-compat & error handling notes to CryptContext,
as suggested by Thomas Waldmann (https://code.google.com/p/passlib/issues/detail?id=27#c2)
* clarified alg descriptions and internal comments for lmhash, md5_crypt, cisco, et al
* deprecated_method() decorator now checks if ".. deprecated::" stanza already present in docstring
* hash_needs_update() won't be removed until release 2.0
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
directly
|
| |
|
|
|
|
|
| |
* test os_crypt backend has functional fallback
* test handler methods accept all unicode/bytes combinations for secret & hash
* fixed some incorrect error messages & types being caught & raised
* other minor cleanups
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* passing a non-string secret or non-string hash to any
CryptContext or handler method will now reliably result
in a TypeError.
previously, passing hash=None to many handler identify() and verify()
methods would return False, while others would raise a TypeError.
other handler methods would alternately throw ValueError or TypeError
when passed a value that wasn't unicode or bytes.
the various CryptContext methods also behaved inconsistently,
depending on the behavior of the underlying handler.
all of these behaviors are gone, they should all raise the same TypeError.
* redid many of the from_string() methods to verify the hash type.
* moved secret type & size validation to GenericHandler's encrypt/genhash/verify methods.
this cheaply made the secret validation global to all hashes, and lets
_calc_digest() implementations trust that the secret is valid.
* updated the CryptContext and handler unittests to verify the above behavior is adhered to.
|
| |
|
|
| |
messages
|
| |
|
|
| |
chars; to prevent DOS issues.
|
| |
|
|
|
|
|
| |
* added code to shoehorn $2$-support wrapper for bcryptor backend
* added PasslibSecurityWarning when builtin backend is enabled
(still considered whether it should be enabled by default)
* py3 compat fix for repair_unused
|
| | |
|
| | |
|
|
|
classes to make filtering easier
|
