Switch to direct usage of bcrypt

Continue the journey deprecating abandoned passlib. Move bcrypt hashing to `bcrypt` library directly - for `bcrypt` hash type simply passthrough to the `bcrypt` lib - `bcrypt-sha256` implement the same format and processing as `passlib` does to guarantee backwards compatibility. Change-Id: I1b7ce09638d2d5501494326f8c01162279a85896
2024-09-23 13:26:25 +02:00 · 2024-09-23 13:26:25 +02:00 · 364e8bb712
commit 364e8bb712
parent 4c4bd6e1d1
3 changed files with 231 additions and 5 deletions
--- a/keystone/common/password_hashers/bcrypt.py
+++ b/keystone/common/password_hashers/bcrypt.py
@ -0,0 +1,156 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import base64
+import hmac
+
+import bcrypt
+
+from keystone import exception
+
+
+class Bcrypt:
+    """passlib transition class for implementing bcrypt password hashing"""
+
+    name: str = "bcrypt"
+    ident_values: set[str] = {"$2$", "$2a$", "$2b$", "$2x$", "$2y$"}
+
+    @staticmethod
+    def hash(
+        password: bytes,
+        rounds: int = 12,
+        **kwargs,
+    ) -> str:
+        """Generate password hash string with ident and params
+
+        https://pypi.org/project/bcrypt/
+
+        :param bytes password: Password to be hashed.
+        :param int round: Count of rounds.
+
+        :returns: String in format `$2b${rounds}${salt}{digest}`
+        """
+        salt: bytes = bcrypt.gensalt(rounds)
+        digest: bytes = bcrypt.hashpw(password, salt)
+        return digest.decode("ascii")
+
+    @staticmethod
+    def verify(password: bytes, hashed: str) -> bool:
+        """Verify hashing password would be equal to the `hashed` value
+
+        :param bytes password: Password to verify
+        :param string hashed: Hashed password. Used to extract hashing
+            parameters
+
+        :returns: boolean whether hashing password with the same parameters
+            would match hashed value
+        """
+        return bcrypt.checkpw(password, hashed.encode("ascii"))
+
+
+class Bcrypt_sha256:
+    """passlib transition class for bcrypt_sha256 password hashing"""
+
+    name: str = "bcrypt_sha256"
+    ident_values: set[str] = {"$2a$", "$2b$"}
+    prefix: str = "$bcrypt-sha256$"
+
+    @staticmethod
+    def hash(
+        password: bytes,
+        rounds: int = 12,
+        **kwargs,
+    ) -> str:
+        """Generate password hash string with ident and params
+
+        https://pypi.org/project/bcrypt/
+
+        :param bytes password: Password to be hashed.
+        :param int round: Count of rounds.
+
+        :returns: String in format
+            `$bcrypt-sha256$r={rounds},t={ident},v={version}${salt}${digest}`
+        """
+        # generate salt with ident and options
+        salt_with_opts: bytes = bcrypt.gensalt(rounds)
+        # get the pure salt
+        salt: bytes = salt_with_opts[-22:]
+        # make a `str` salt
+        salt_str: str = salt.decode("ascii")
+
+        # NOTE(gtema): passlib calculates sha256 hmac digest of the password
+        # with the key set to salt
+        # Calculate password hmac digest with salt as key
+        hmac_digest: bytes = base64.b64encode(
+            hmac.digest(salt, password, "sha256")
+        )
+
+        # calculate bcrypt hash
+        hashed: str = bcrypt.hashpw(hmac_digest, salt_with_opts).decode(
+            "ascii"
+        )
+        # get the digest part of the hash
+        digest: str = hashed[-31:]
+
+        # Construct `passlib` compatible format of the bcrypt-sha256 hash
+        return f"{Bcrypt_sha256.prefix}v=2,t=2b,r={rounds}${salt_str}${digest}"
+
+    @staticmethod
+    def verify(password: bytes, hashed: str) -> bool:
+        """Verify hashing password would be equal to the `hashed` value
+
+        :param bytes password: Password to verify
+        :param string hashed: Hashed password. Used to extract hashing
+            parameters
+
+        :returns: boolean whether hashing password with the same parameters
+            would match hashed value
+        """
+        opts: dict = {}
+        data: str = hashed
+        # Strip the ident from the hashed value
+        if hashed.startswith(Bcrypt_sha256.prefix):
+            data = hashed[len(Bcrypt_sha256.prefix) :]
+        # split hashed string to extract parameters
+        parts: list[str] = data.split("$")
+        salt: str
+        digest: str
+
+        if len(parts) == 3:
+            params, salt, digest = parts
+        else:
+            raise exception.PasswordValidationError("malformed password hash")
+
+        for param in params.split(","):
+            if param.startswith("r="):
+                # Extract rounds passlib applied
+                opts["r"] = int(param[2:])
+            if param.startswith("t="):
+                # indent applied during hashing
+                opts["t"] = param[2:]
+
+        # Calculate password hmac digest with salt as key
+        hmac_digest: bytes = base64.b64encode(
+            hmac.digest(salt.encode("ascii"), password, "sha256")
+        )
+
+        # Normalize salt to whatever bcrypt expects it to be
+        new_salt: str = f"${opts['t']}${opts['r']}${salt}"
+
+        # verify_digest: str = bcrypt.hashpw(
+        #     hmac_digest.encode("ascii"), new_salt.encode("ascii")
+        # )[-31:].decode("ascii")
+
+        # Invoke bcrypt checkpw with the re-calculated salt
+        return bcrypt.checkpw(
+            hmac_digest, f"{new_salt}{digest}".encode("ascii")
+        )
--- a/keystone/common/password_hashing.py
+++ b/keystone/common/password_hashing.py
@ -18,6 +18,7 @@ import itertools
 from oslo_log import log
 import passlib.hash

+from keystone.common.password_hashers import bcrypt
 from keystone.common.password_hashers import scrypt
 import keystone.conf
 from keystone import exception
@ -28,11 +29,11 @@ LOG = log.getLogger(__name__)

 SUPPORTED_HASHERS = frozenset(
    [
-        passlib.hash.bcrypt,
-        passlib.hash.bcrypt_sha256,
        passlib.hash.pbkdf2_sha512,
        passlib.hash.sha512_crypt,
        scrypt.Scrypt,
+        bcrypt.Bcrypt,
+        bcrypt.Bcrypt_sha256,
    ]
 )

@ -170,5 +171,9 @@ def hash_password(password: str) -> str:
        if CONF.identity.salt_bytesize:
            params["salt_size"] = CONF.identity.salt_bytesize
        return scrypt.Scrypt.hash(password_utf8, **params)
+    elif hasher is bcrypt.Bcrypt:
+        return bcrypt.Bcrypt.hash(password_utf8, **params)
+    elif hasher is bcrypt.Bcrypt_sha256:
+        return bcrypt.Bcrypt_sha256.hash(password_utf8, **params)

    return hasher.using(**params).hash(password_utf8)
--- a/keystone/tests/unit/common/test_password_hashing.py
+++ b/keystone/tests/unit/common/test_password_hashing.py
@ -26,6 +26,7 @@ CONF = keystone.conf.CONF

 class TestPasswordHashing(unit.BaseTestCase):
    OPTIONAL = object()
+    ITERATIONS: int = 10

    def setUp(self):
        super().setUp()
@ -38,10 +39,10 @@ class TestPasswordHashing(unit.BaseTestCase):
        )
        self.config_fixture.config(group="identity", max_password_length="96")
        # Few iterations to test different inputs
-        for _ in range(10):
+        for _ in range(self.ITERATIONS):
            password: str = "".join(  # type: ignore
                secrets.choice(string.printable)
-                for i in range(random.randint(1, 96))
+                for i in range(random.randint(1, 72))
            )
            hashed = password_hashing.hash_password(password)
            self.assertTrue(password_hashing.check_password(password, hashed))
@ -57,7 +58,7 @@ class TestPasswordHashing(unit.BaseTestCase):
        )
        self.config_fixture.config(group="identity", max_password_length="96")
        # Few iterations to test different inputs
-        for _ in range(10):
+        for _ in range(self.ITERATIONS):
            # Would be nice to check all pass lengths from 1 till max, but it
            # takes too much time, thus using rand to pick up the password
            # length
@ -69,3 +70,67 @@ class TestPasswordHashing(unit.BaseTestCase):
            self.assertTrue(
                password_hashing.check_password(password, hashed_passlib)
            )
+
+    def test_bcrypt(self):
+        self.config_fixture.config(strict_password_check=True)
+        self.config_fixture.config(
+            group="identity", password_hash_algorithm="bcrypt"
+        )
+        self.config_fixture.config(group="identity", max_password_length="72")
+        # Few iterations to test different inputs
+        for _ in range(self.ITERATIONS):
+            password: str = "".join(  # type: ignore
+                secrets.choice(string.printable)
+                for i in range(random.randint(1, 72))
+            )
+            hashed = password_hashing.hash_password(password)
+            self.assertTrue(password_hashing.check_password(password, hashed))
+
+    def test_bcrypt_passlib_compat(self):
+        self.config_fixture.config(strict_password_check=True)
+        self.config_fixture.config(
+            group="identity", password_hash_algorithm="bcrypt"
+        )
+        self.config_fixture.config(group="identity", max_password_length="72")
+        # Few iterations to test different inputs
+        for _ in range(self.ITERATIONS):
+            password: str = "".join(  # type: ignore
+                secrets.choice(string.printable)
+                for i in range(random.randint(1, 72))
+            )
+            hashed_passlib = passlib.hash.bcrypt.hash(password)
+            self.assertTrue(
+                password_hashing.check_password(password, hashed_passlib)
+            )
+
+    def test_bcrypt_sha256(self):
+        self.config_fixture.config(strict_password_check=True)
+        self.config_fixture.config(
+            group="identity", password_hash_algorithm="bcrypt_sha256"
+        )
+        self.config_fixture.config(group="identity", max_password_length="96")
+        # Few iterations to test different inputs
+        for _ in range(self.ITERATIONS):
+            password: str = "".join(  # type: ignore
+                secrets.choice(string.printable)
+                for i in range(random.randint(1, 96))
+            )
+            hashed = password_hashing.hash_password(password)
+            self.assertTrue(password_hashing.check_password(password, hashed))
+
+    def test_bcrypt_sha256_passlib_compat(self):
+        self.config_fixture.config(strict_password_check=True)
+        self.config_fixture.config(
+            group="identity", password_hash_algorithm="bcrypt_sha256"
+        )
+        self.config_fixture.config(group="identity", max_password_length="96")
+        # Few iterations to test different inputs
+        for _ in range(self.ITERATIONS):
+            password: str = "".join(  # type: ignore
+                secrets.choice(string.printable)
+                for i in range(random.randint(1, 96))
+            )
+            hashed_passlib = passlib.hash.bcrypt_sha256.hash(password)
+            self.assertTrue(
+                password_hashing.check_password(password, hashed_passlib)
+            )