OLD | NEW |
| 1 # Author: Trevor Perrin |
| 2 # See the LICENSE file for legal information regarding use of this file. |
| 3 |
1 """Class for storing SRP password verifiers.""" | 4 """Class for storing SRP password verifiers.""" |
2 | 5 |
3 from utils.cryptomath import * | 6 from .utils.cryptomath import * |
4 from utils.compat import * | 7 from .utils.compat import * |
5 import mathtls | 8 from tlslite import mathtls |
6 from basedb import BaseDB | 9 from .basedb import BaseDB |
7 | 10 |
8 class VerifierDB(BaseDB): | 11 class VerifierDB(BaseDB): |
9 """This class represent an in-memory or on-disk database of SRP | 12 """This class represent an in-memory or on-disk database of SRP |
10 password verifiers. | 13 password verifiers. |
11 | 14 |
12 A VerifierDB can be passed to a server handshake to authenticate | 15 A VerifierDB can be passed to a server handshake to authenticate |
13 a client based on one of the verifiers. | 16 a client based on one of the verifiers. |
14 | 17 |
15 This class is thread-safe. | 18 This class is thread-safe. |
16 """ | 19 """ |
17 def __init__(self, filename=None): | 20 def __init__(self, filename=None): |
18 """Create a new VerifierDB instance. | 21 """Create a new VerifierDB instance. |
19 | 22 |
20 @type filename: str | 23 @type filename: str |
21 @param filename: Filename for an on-disk database, or None for | 24 @param filename: Filename for an on-disk database, or None for |
22 an in-memory database. If the filename already exists, follow | 25 an in-memory database. If the filename already exists, follow |
23 this with a call to open(). To create a new on-disk database, | 26 this with a call to open(). To create a new on-disk database, |
24 follow this with a call to create(). | 27 follow this with a call to create(). |
25 """ | 28 """ |
26 BaseDB.__init__(self, filename, "verifier") | 29 BaseDB.__init__(self, filename, "verifier") |
27 | 30 |
28 def _getItem(self, username, valueStr): | 31 def _getItem(self, username, valueStr): |
29 (N, g, salt, verifier) = valueStr.split(" ") | 32 (N, g, salt, verifier) = valueStr.split(" ") |
30 N = base64ToNumber(N) | 33 N = bytesToNumber(a2b_base64(N)) |
31 g = base64ToNumber(g) | 34 g = bytesToNumber(a2b_base64(g)) |
32 salt = base64ToString(salt) | 35 salt = a2b_base64(salt) |
33 verifier = base64ToNumber(verifier) | 36 verifier = bytesToNumber(a2b_base64(verifier)) |
34 return (N, g, salt, verifier) | 37 return (N, g, salt, verifier) |
35 | 38 |
36 def __setitem__(self, username, verifierEntry): | 39 def __setitem__(self, username, verifierEntry): |
37 """Add a verifier entry to the database. | 40 """Add a verifier entry to the database. |
38 | 41 |
39 @type username: str | 42 @type username: str |
40 @param username: The username to associate the verifier with. | 43 @param username: The username to associate the verifier with. |
41 Must be less than 256 characters in length. Must not already | 44 Must be less than 256 characters in length. Must not already |
42 be in the database. | 45 be in the database. |
43 | 46 |
44 @type verifierEntry: tuple | 47 @type verifierEntry: tuple |
45 @param verifierEntry: The verifier entry to add. Use | 48 @param verifierEntry: The verifier entry to add. Use |
46 L{tlslite.VerifierDB.VerifierDB.makeVerifier} to create a | 49 L{tlslite.verifierdb.VerifierDB.makeVerifier} to create a |
47 verifier entry. | 50 verifier entry. |
48 """ | 51 """ |
49 BaseDB.__setitem__(self, username, verifierEntry) | 52 BaseDB.__setitem__(self, username, verifierEntry) |
50 | 53 |
51 | 54 |
52 def _setItem(self, username, value): | 55 def _setItem(self, username, value): |
53 if len(username)>=256: | 56 if len(username)>=256: |
54 raise ValueError("username too long") | 57 raise ValueError("username too long") |
55 N, g, salt, verifier = value | 58 N, g, salt, verifier = value |
56 N = numberToBase64(N) | 59 N = b2a_base64(numberToByteArray(N)) |
57 g = numberToBase64(g) | 60 g = b2a_base64(numberToByteArray(g)) |
58 salt = stringToBase64(salt) | 61 salt = b2a_base64(salt) |
59 verifier = numberToBase64(verifier) | 62 verifier = b2a_base64(numberToByteArray(verifier)) |
60 valueStr = " ".join( (N, g, salt, verifier) ) | 63 valueStr = " ".join( (N, g, salt, verifier) ) |
61 return valueStr | 64 return valueStr |
62 | 65 |
63 def _checkItem(self, value, username, param): | 66 def _checkItem(self, value, username, param): |
64 (N, g, salt, verifier) = value | 67 (N, g, salt, verifier) = value |
65 x = mathtls.makeX(salt, username, param) | 68 x = mathtls.makeX(salt, username, param) |
66 v = powMod(g, x, N) | 69 v = powMod(g, x, N) |
67 return (verifier == v) | 70 return (verifier == v) |
68 | 71 |
69 | 72 |
70 def makeVerifier(username, password, bits): | 73 def makeVerifier(username, password, bits): |
71 """Create a verifier entry which can be stored in a VerifierDB. | 74 """Create a verifier entry which can be stored in a VerifierDB. |
72 | 75 |
73 @type username: str | 76 @type username: str |
74 @param username: The username for this verifier. Must be less | 77 @param username: The username for this verifier. Must be less |
75 than 256 characters in length. | 78 than 256 characters in length. |
76 | 79 |
77 @type password: str | 80 @type password: str |
78 @param password: The password for this verifier. | 81 @param password: The password for this verifier. |
79 | 82 |
80 @type bits: int | 83 @type bits: int |
81 @param bits: This values specifies which SRP group parameters | 84 @param bits: This values specifies which SRP group parameters |
82 to use. It must be one of (1024, 1536, 2048, 3072, 4096, 6144, | 85 to use. It must be one of (1024, 1536, 2048, 3072, 4096, 6144, |
83 8192). Larger values are more secure but slower. 2048 is a | 86 8192). Larger values are more secure but slower. 2048 is a |
84 good compromise between safety and speed. | 87 good compromise between safety and speed. |
85 | 88 |
86 @rtype: tuple | 89 @rtype: tuple |
87 @return: A tuple which may be stored in a VerifierDB. | 90 @return: A tuple which may be stored in a VerifierDB. |
88 """ | 91 """ |
89 return mathtls.makeVerifier(username, password, bits) | 92 usernameBytes = bytearray(username, "utf-8") |
| 93 passwordBytes = bytearray(password, "utf-8") |
| 94 return mathtls.makeVerifier(usernameBytes, passwordBytes, bits) |
90 makeVerifier = staticmethod(makeVerifier) | 95 makeVerifier = staticmethod(makeVerifier) |
OLD | NEW |