diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-06-27 11:53:42 -0500 |
|---|---|---|
| committer | lvh <_@lvh.io> | 2016-06-27 11:53:42 -0500 |
| commit | 394882d070390f25caeebb5fa27b73bc7666c7e4 (patch) | |
| tree | 714e21bbbd9c8e26887b99dd3b0d5ca4d340838d /src/bcrypt | |
| parent | 2cc711262fc0353efcbe6f7b4d855fe3bd404c10 (diff) | |
| download | py-bcrypt-git-394882d070390f25caeebb5fa27b73bc7666c7e4.tar.gz | |
Convert bcrypt to use OpenBSD code (#68)
* swap to using openbsd bcrypt
* we should probably call this 3.0
* update tests to handle slight change in behavior, test better
* strip out code we're not using
* define this for linux
* py3 fix
* add a changelog to the readme
* maybe work with windows
* portable endian header, replace swaps, other windows fixes
* handle older windows compilers properly, handle glibc < 2.9, retab
* remove a todo, that's definitely the limit
* make these definitions conditional since some BSDs may already have them
* add $2a$ tests from crypt_blowfish-1.3
* update readme to note supported prefixes
* almost pointless commit
* add support for $2y$
test vectors from openwall crypt-blowfish1.3
Diffstat (limited to 'src/bcrypt')
| -rw-r--r-- | src/bcrypt/__about__.py | 8 | ||||
| -rw-r--r-- | src/bcrypt/__init__.py | 28 |
2 files changed, 23 insertions, 13 deletions
diff --git a/src/bcrypt/__about__.py b/src/bcrypt/__about__.py index 6456a01..cb68fb3 100644 --- a/src/bcrypt/__about__.py +++ b/src/bcrypt/__about__.py @@ -26,10 +26,10 @@ __title__ = "bcrypt" __summary__ = "Modern password hashing for your software and your servers" __uri__ = "https://github.com/pyca/bcrypt/" -__version__ = "2.0.0" +__version__ = "3.0.0.dev1" -__author__ = "Donald Stufft" -__email__ = "donald@stufft.io" +__author__ = "The Python Cryptographic Authority developers" +__email__ = "cryptography-dev@python.org" __license__ = "Apache License, Version 2.0" -__copyright__ = "Copyright 2013 Donald Stufft" +__copyright__ = "Copyright 2013-2016 {0}".format(__author__) diff --git a/src/bcrypt/__init__.py b/src/bcrypt/__init__.py index f09db91..2c503da 100644 --- a/src/bcrypt/__init__.py +++ b/src/bcrypt/__init__.py @@ -17,6 +17,7 @@ from __future__ import absolute_import from __future__ import division import os +import re import six @@ -35,22 +36,29 @@ __all__ = [ ] +_normalize_re = re.compile(b"^\$2y\$") + + +def _normalize_prefix(salt): + return _normalize_re.sub(b"$2b$", salt) + + def gensalt(rounds=12, prefix=b"2b"): if prefix not in (b"2a", b"2b"): raise ValueError("Supported prefixes are b'2a' or b'2b'") + if rounds < 4 or rounds > 31: + raise ValueError("Invalid rounds") + salt = os.urandom(16) output = _bcrypt.ffi.new("unsigned char[]", 30) + _bcrypt.lib.encode_base64(output, salt, len(salt)) - retval = _bcrypt.lib.crypt_gensalt_rn( - b"$" + prefix + b"$", rounds, salt, len(salt), output, len(output), + return ( + b"$" + prefix + b"$" + ("%2.2u" % rounds).encode("ascii") + b"$" + + _bcrypt.ffi.string(output) ) - if not retval: - raise ValueError("Invalid rounds") - - return _bcrypt.ffi.string(output) - def hashpw(password, salt): if isinstance(password, six.text_type) or isinstance(salt, six.text_type): @@ -59,10 +67,12 @@ def hashpw(password, salt): if b"\x00" in password: raise ValueError("password may not contain NUL bytes") + salt = _normalize_prefix(salt) + hashed = _bcrypt.ffi.new("unsigned char[]", 128) - retval = _bcrypt.lib.crypt_rn(password, salt, hashed, len(hashed)) + retval = _bcrypt.lib.bcrypt_hashpass(password, salt, hashed, len(hashed)) - if not retval: + if retval != 0: raise ValueError("Invalid salt") return _bcrypt.ffi.string(hashed) |