OLD | NEW |
| (Empty) |
1 """Class for storing SRP password verifiers.""" | |
2 | |
3 from utils.cryptomath import * | |
4 from utils.compat import * | |
5 import mathtls | |
6 from BaseDB import BaseDB | |
7 | |
8 class VerifierDB(BaseDB): | |
9 """This class represent an in-memory or on-disk database of SRP | |
10 password verifiers. | |
11 | |
12 A VerifierDB can be passed to a server handshake to authenticate | |
13 a client based on one of the verifiers. | |
14 | |
15 This class is thread-safe. | |
16 """ | |
17 def __init__(self, filename=None): | |
18 """Create a new VerifierDB instance. | |
19 | |
20 @type filename: str | |
21 @param filename: Filename for an on-disk database, or None for | |
22 an in-memory database. If the filename already exists, follow | |
23 this with a call to open(). To create a new on-disk database, | |
24 follow this with a call to create(). | |
25 """ | |
26 BaseDB.__init__(self, filename, "verifier") | |
27 | |
28 def _getItem(self, username, valueStr): | |
29 (N, g, salt, verifier) = valueStr.split(" ") | |
30 N = base64ToNumber(N) | |
31 g = base64ToNumber(g) | |
32 salt = base64ToString(salt) | |
33 verifier = base64ToNumber(verifier) | |
34 return (N, g, salt, verifier) | |
35 | |
36 def __setitem__(self, username, verifierEntry): | |
37 """Add a verifier entry to the database. | |
38 | |
39 @type username: str | |
40 @param username: The username to associate the verifier with. | |
41 Must be less than 256 characters in length. Must not already | |
42 be in the database. | |
43 | |
44 @type verifierEntry: tuple | |
45 @param verifierEntry: The verifier entry to add. Use | |
46 L{tlslite.VerifierDB.VerifierDB.makeVerifier} to create a | |
47 verifier entry. | |
48 """ | |
49 BaseDB.__setitem__(self, username, verifierEntry) | |
50 | |
51 | |
52 def _setItem(self, username, value): | |
53 if len(username)>=256: | |
54 raise ValueError("username too long") | |
55 N, g, salt, verifier = value | |
56 N = numberToBase64(N) | |
57 g = numberToBase64(g) | |
58 salt = stringToBase64(salt) | |
59 verifier = numberToBase64(verifier) | |
60 valueStr = " ".join( (N, g, salt, verifier) ) | |
61 return valueStr | |
62 | |
63 def _checkItem(self, value, username, param): | |
64 (N, g, salt, verifier) = value | |
65 x = mathtls.makeX(salt, username, param) | |
66 v = powMod(g, x, N) | |
67 return (verifier == v) | |
68 | |
69 | |
70 def makeVerifier(username, password, bits): | |
71 """Create a verifier entry which can be stored in a VerifierDB. | |
72 | |
73 @type username: str | |
74 @param username: The username for this verifier. Must be less | |
75 than 256 characters in length. | |
76 | |
77 @type password: str | |
78 @param password: The password for this verifier. | |
79 | |
80 @type bits: int | |
81 @param bits: This values specifies which SRP group parameters | |
82 to use. It must be one of (1024, 1536, 2048, 3072, 4096, 6144, | |
83 8192). Larger values are more secure but slower. 2048 is a | |
84 good compromise between safety and speed. | |
85 | |
86 @rtype: tuple | |
87 @return: A tuple which may be stored in a VerifierDB. | |
88 """ | |
89 return mathtls.makeVerifier(username, password, bits) | |
90 makeVerifier = staticmethod(makeVerifier) | |
OLD | NEW |