Commits

Daniel Holth committed c216917

we seem destined to send unicode to password hashing modules...

  • Participants
  • Parent commits 8f3fc81

Comments (0)

Files changed (4)

+syntax: glob
+*~
+*.swp
+*.orig
+*.egg
+*.so
+.coverage
+
 syntax: regexp
 
 \.hgignore

File cryptacular/core/__init__.py

         return text
 else: # pragma NO COVERAGE
     def check_unicode(text):
-        if isinstance(text, str):
-            return text.encode('utf-8')
+        # In Python3, PyArg_ParseTuple("ss") in the builtin crypt module
+        # and our _bcrypt.c encodes unicode as utf-8, which falls short
+        # of dealing with bytes but is nearly what we want.
         return text
 
 

File cryptacular/pbkdf2/__init__.py

 class PBKDF2PasswordManager(object):
 
     SCHEME = "PBKDF2"
-    PREFIX = b"$p5k2$"
+    PREFIX = "$p5k2$"
     ROUNDS = 1<<12
 
     def encode(self, password, salt=None, rounds=None, keylen=20):
         rounds = rounds or self.ROUNDS
         password = check_unicode(password)
         key = _pbkdf2(password, salt, rounds, keylen)
-        hash =  self.PREFIX + \
-                ('%x' % rounds).encode('ascii') + b'$' + \
+        hash =  self.PREFIX.encode('iso8859-1') + \
+                ('%x' % rounds).encode('iso8859-1') + b'$' + \
                 urlsafe_b64encode(salt) + b'$' + \
                 urlsafe_b64encode(key)
-        return hash
+        return hash.decode('utf-8')
 
     def check(self, encoded, password):
         encoded = check_unicode(encoded)
         if not self.match(encoded):
             return False
-        iter, salt, key = encoded[len(self.PREFIX):].split(b'$')
+        iter, salt, key = encoded[len(self.PREFIX):].split('$')
         iter = int(iter, 16)
-        salt = urlsafe_b64decode(salt)
-        keylen = len(urlsafe_b64decode(key))
+        salt = urlsafe_b64decode(salt.encode('utf-8'))
+        keylen = len(urlsafe_b64decode(key.encode('utf-8')))
         hash = self.encode(password, salt, iter, keylen)
         return cryptacular.core._cmp(hash, encoded)
 

File cryptacular/pbkdf2/test_pbkdf2.py

     salt = urlsafe_b64decode(b'ZxK4ZBJCfQg=')
     text = "hashy the \N{SNOWMAN}"
     hash = manager.encode(text, salt)
-    eq_(hash, b'$p5k2$1000$ZxK4ZBJCfQg=$jJZVscWtO--p1-xIZl6jhO2LKR0=')
-    password = b"xyzzy"
+    eq_(hash, '$p5k2$1000$ZxK4ZBJCfQg=$jJZVscWtO--p1-xIZl6jhO2LKR0=')
+    password = "xyzzy"
     hash = manager.encode(password)
     assert manager.check(hash, password)
-    assert manager.check(hash.decode('utf-8'), password)
     assert not manager.check(password, password)
     assert_not_equal(manager.encode(password), manager.encode(password))
     hash = manager.encode(text, salt, rounds=1)
-    eq_(hash, b"$p5k2$1$ZxK4ZBJCfQg=$Kexp0NAVgxlDwoA-TS34o8o2Okg=")
+    eq_(hash, "$p5k2$1$ZxK4ZBJCfQg=$Kexp0NAVgxlDwoA-TS34o8o2Okg=")
     assert manager.check(hash, text)
 
 if __name__ == "__main__":