Switch to direct usage of bcrypt

Continue the journey deprecating abandoned passlib. Move bcrypt hashing to `bcrypt` library directly - for `bcrypt` hash type simply passthrough to the `bcrypt` lib - `bcrypt-sha256` implement the same format and processing as `passlib` does to guarantee backwards compatibility. Change-Id: I1b7ce09638d2d5501494326f8c01162279a85896
2024-09-23 13:26:25 +02:00 · 2024-09-23 13:26:25 +02:00 · 364e8bb712
commit 364e8bb712
parent 4c4bd6e1d1
3 changed files with 231 additions and 5 deletions
--- a/keystone/common/password_hashers/bcrypt.py
+++ b/keystone/common/password_hashers/bcrypt.py
@ -0,0 +1,156 @@
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
 import base64
 import hmac
 import bcrypt
 from keystone import exception
 class Bcrypt:
    """passlib transition class for implementing bcrypt password hashing"""
    name: str = "bcrypt"
    ident_values: set[str] = {"$2$", "$2a$", "$2b$", "$2x$", "$2y$"}
    @staticmethod
    def hash(
        password: bytes,
        rounds: int = 12,
        **kwargs,
    ) -> str:
        """Generate password hash string with ident and params
        https://pypi.org/project/bcrypt/
        :param bytes password: Password to be hashed.
        :param int round: Count of rounds.
        :returns: String in format `$2b${rounds}${salt}{digest}`
        """
        salt: bytes = bcrypt.gensalt(rounds)
        digest: bytes = bcrypt.hashpw(password, salt)
        return digest.decode("ascii")
    @staticmethod
    def verify(password: bytes, hashed: str) -> bool:
        """Verify hashing password would be equal to the `hashed` value
        :param bytes password: Password to verify
        :param string hashed: Hashed password. Used to extract hashing
            parameters
        :returns: boolean whether hashing password with the same parameters
            would match hashed value
        """
        return bcrypt.checkpw(password, hashed.encode("ascii"))
 class Bcrypt_sha256:
    """passlib transition class for bcrypt_sha256 password hashing"""
    name: str = "bcrypt_sha256"
    ident_values: set[str] = {"$2a$", "$2b$"}
    prefix: str = "$bcrypt-sha256$"
    @staticmethod
    def hash(
        password: bytes,
        rounds: int = 12,
        **kwargs,
    ) -> str:
        """Generate password hash string with ident and params
        https://pypi.org/project/bcrypt/
        :param bytes password: Password to be hashed.
        :param int round: Count of rounds.
        :returns: String in format
            `$bcrypt-sha256$r={rounds},t={ident},v={version}${salt}${digest}`
        """
        # generate salt with ident and options
        salt_with_opts: bytes = bcrypt.gensalt(rounds)
        # get the pure salt
        salt: bytes = salt_with_opts[-22:]
        # make a `str` salt
        salt_str: str = salt.decode("ascii")
        # NOTE(gtema): passlib calculates sha256 hmac digest of the password
        # with the key set to salt
        # Calculate password hmac digest with salt as key
        hmac_digest: bytes = base64.b64encode(
            hmac.digest(salt, password, "sha256")
        )
        # calculate bcrypt hash
        hashed: str = bcrypt.hashpw(hmac_digest, salt_with_opts).decode(
            "ascii"
        )
        # get the digest part of the hash
        digest: str = hashed[-31:]
        # Construct `passlib` compatible format of the bcrypt-sha256 hash
        return f"{Bcrypt_sha256.prefix}v=2,t=2b,r={rounds}${salt_str}${digest}"
    @staticmethod
    def verify(password: bytes, hashed: str) -> bool:
        """Verify hashing password would be equal to the `hashed` value
        :param bytes password: Password to verify
        :param string hashed: Hashed password. Used to extract hashing
            parameters
        :returns: boolean whether hashing password with the same parameters
            would match hashed value
        """
        opts: dict = {}
        data: str = hashed
        # Strip the ident from the hashed value
        if hashed.startswith(Bcrypt_sha256.prefix):
            data = hashed[len(Bcrypt_sha256.prefix) :]
        # split hashed string to extract parameters
        parts: list[str] = data.split("$")
        salt: str
        digest: str
        if len(parts) == 3:
            params, salt, digest = parts
        else:
            raise exception.PasswordValidationError("malformed password hash")
        for param in params.split(","):
            if param.startswith("r="):
                # Extract rounds passlib applied
                opts["r"] = int(param[2:])
            if param.startswith("t="):
                # indent applied during hashing
                opts["t"] = param[2:]
        # Calculate password hmac digest with salt as key
        hmac_digest: bytes = base64.b64encode(
            hmac.digest(salt.encode("ascii"), password, "sha256")
        )
        # Normalize salt to whatever bcrypt expects it to be
        new_salt: str = f"${opts['t']}${opts['r']}${salt}"
        # verify_digest: str = bcrypt.hashpw(
        #     hmac_digest.encode("ascii"), new_salt.encode("ascii")
        # )[-31:].decode("ascii")
        # Invoke bcrypt checkpw with the re-calculated salt
        return bcrypt.checkpw(
            hmac_digest, f"{new_salt}{digest}".encode("ascii")
        )
--- a/keystone/common/password_hashing.py
+++ b/keystone/common/password_hashing.py
@ -18,6 +18,7 @@ import itertools
 from oslo_log import log
 import passlib.hash
 from keystone.common.password_hashers import bcrypt
 from keystone.common.password_hashers import scrypt
 import keystone.conf
 from keystone import exception
@ -28,11 +29,11 @@ LOG = log.getLogger(__name__)
 SUPPORTED_HASHERS = frozenset(
    [
        passlib.hash.bcrypt,
        passlib.hash.bcrypt_sha256,
        passlib.hash.pbkdf2_sha512,
        passlib.hash.sha512_crypt,
        scrypt.Scrypt,
        bcrypt.Bcrypt,
        bcrypt.Bcrypt_sha256,
    ]
 )
@ -170,5 +171,9 @@ def hash_password(password: str) -> str:
        if CONF.identity.salt_bytesize:
            params["salt_size"] = CONF.identity.salt_bytesize
        return scrypt.Scrypt.hash(password_utf8, **params)
    elif hasher is bcrypt.Bcrypt:
        return bcrypt.Bcrypt.hash(password_utf8, **params)
    elif hasher is bcrypt.Bcrypt_sha256:
        return bcrypt.Bcrypt_sha256.hash(password_utf8, **params)
    return hasher.using(**params).hash(password_utf8)
--- a/keystone/tests/unit/common/test_password_hashing.py
+++ b/keystone/tests/unit/common/test_password_hashing.py
@ -26,6 +26,7 @@ CONF = keystone.conf.CONF
 class TestPasswordHashing(unit.BaseTestCase):
    OPTIONAL = object()
    ITERATIONS: int = 10
    def setUp(self):
        super().setUp()
@ -38,10 +39,10 @@ class TestPasswordHashing(unit.BaseTestCase):
        )
        self.config_fixture.config(group="identity", max_password_length="96")
        # Few iterations to test different inputs
-        for _ in range(10):
+        for _ in range(self.ITERATIONS):
            password: str = "".join(  # type: ignore
                secrets.choice(string.printable)
-                for i in range(random.randint(1, 96))
+                for i in range(random.randint(1, 72))
            )
            hashed = password_hashing.hash_password(password)
            self.assertTrue(password_hashing.check_password(password, hashed))
@ -57,7 +58,7 @@ class TestPasswordHashing(unit.BaseTestCase):
        )
        self.config_fixture.config(group="identity", max_password_length="96")
        # Few iterations to test different inputs
-        for _ in range(10):
+        for _ in range(self.ITERATIONS):
            # Would be nice to check all pass lengths from 1 till max, but it
            # takes too much time, thus using rand to pick up the password
            # length
@ -69,3 +70,67 @@ class TestPasswordHashing(unit.BaseTestCase):
            self.assertTrue(
                password_hashing.check_password(password, hashed_passlib)
            )
    def test_bcrypt(self):
        self.config_fixture.config(strict_password_check=True)
        self.config_fixture.config(
            group="identity", password_hash_algorithm="bcrypt"
        )
        self.config_fixture.config(group="identity", max_password_length="72")
        # Few iterations to test different inputs
        for _ in range(self.ITERATIONS):
            password: str = "".join(  # type: ignore
                secrets.choice(string.printable)
                for i in range(random.randint(1, 72))
            )
            hashed = password_hashing.hash_password(password)
            self.assertTrue(password_hashing.check_password(password, hashed))
    def test_bcrypt_passlib_compat(self):
        self.config_fixture.config(strict_password_check=True)
        self.config_fixture.config(
            group="identity", password_hash_algorithm="bcrypt"
        )
        self.config_fixture.config(group="identity", max_password_length="72")
        # Few iterations to test different inputs
        for _ in range(self.ITERATIONS):
            password: str = "".join(  # type: ignore
                secrets.choice(string.printable)
                for i in range(random.randint(1, 72))
            )
            hashed_passlib = passlib.hash.bcrypt.hash(password)
            self.assertTrue(
                password_hashing.check_password(password, hashed_passlib)
            )
    def test_bcrypt_sha256(self):
        self.config_fixture.config(strict_password_check=True)
        self.config_fixture.config(
            group="identity", password_hash_algorithm="bcrypt_sha256"
        )
        self.config_fixture.config(group="identity", max_password_length="96")
        # Few iterations to test different inputs
        for _ in range(self.ITERATIONS):
            password: str = "".join(  # type: ignore
                secrets.choice(string.printable)
                for i in range(random.randint(1, 96))
            )
            hashed = password_hashing.hash_password(password)
            self.assertTrue(password_hashing.check_password(password, hashed))
    def test_bcrypt_sha256_passlib_compat(self):
        self.config_fixture.config(strict_password_check=True)
        self.config_fixture.config(
            group="identity", password_hash_algorithm="bcrypt_sha256"
        )
        self.config_fixture.config(group="identity", max_password_length="96")
        # Few iterations to test different inputs
        for _ in range(self.ITERATIONS):
            password: str = "".join(  # type: ignore
                secrets.choice(string.printable)
                for i in range(random.randint(1, 96))
            )
            hashed_passlib = passlib.hash.bcrypt_sha256.hash(password)
            self.assertTrue(
                password_hashing.check_password(password, hashed_passlib)
            )