VerifierDB.py - This Python class represents a database for…

/gdata/tlslite/VerifierDB.py

http://radioappz.googlecode.com/ · Python · 90 lines · 34 code · 9 blank · 47 comment · 1 complexity · e8e717ad82ac120c2cef86a5f9b9048b MD5 · raw file


"""Class for storing SRP password verifiers."""

from utils.cryptomath import *
from utils.compat import *
import mathtls
from BaseDB import BaseDB

class VerifierDB(BaseDB):
    """This class represent an in-memory or on-disk database of SRP
    password verifiers.

    A VerifierDB can be passed to a server handshake to authenticate
    a client based on one of the verifiers.

    This class is thread-safe.
    """
    def __init__(self, filename=None):
        """Create a new VerifierDB instance.

        @type filename: str
        @param filename: Filename for an on-disk database, or None for
        an in-memory database.  If the filename already exists, follow
        this with a call to open().  To create a new on-disk database,
        follow this with a call to create().
        """
        BaseDB.__init__(self, filename, "verifier")

    def _getItem(self, username, valueStr):
        (N, g, salt, verifier) = valueStr.split(" ")
        N = base64ToNumber(N)
        g = base64ToNumber(g)
        salt = base64ToString(salt)
        verifier = base64ToNumber(verifier)
        return (N, g, salt, verifier)

    def __setitem__(self, username, verifierEntry):
        """Add a verifier entry to the database.

        @type username: str
        @param username: The username to associate the verifier with.
        Must be less than 256 characters in length.  Must not already
        be in the database.

        @type verifierEntry: tuple
        @param verifierEntry: The verifier entry to add.  Use
        L{tlslite.VerifierDB.VerifierDB.makeVerifier} to create a
        verifier entry.
        """
        BaseDB.__setitem__(self, username, verifierEntry)


    def _setItem(self, username, value):
        if len(username)>=256:
            raise ValueError("username too long")
        N, g, salt, verifier = value
        N = numberToBase64(N)
        g = numberToBase64(g)
        salt = stringToBase64(salt)
        verifier = numberToBase64(verifier)
        valueStr = " ".join( (N, g, salt, verifier)  )
        return valueStr

    def _checkItem(self, value, username, param):
        (N, g, salt, verifier) = value
        x = mathtls.makeX(salt, username, param)
        v = powMod(g, x, N)
        return (verifier == v)


    def makeVerifier(username, password, bits):
        """Create a verifier entry which can be stored in a VerifierDB.

        @type username: str
        @param username: The username for this verifier.  Must be less
        than 256 characters in length.

        @type password: str
        @param password: The password for this verifier.

        @type bits: int
        @param bits: This values specifies which SRP group parameters
        to use.  It must be one of (1024, 1536, 2048, 3072, 4096, 6144,
        8192).  Larger values are more secure but slower.  2048 is a
        good compromise between safety and speed.

        @rtype: tuple
        @return: A tuple which may be stored in a VerifierDB.
        """
        return mathtls.makeVerifier(username, password, bits)
    makeVerifier = staticmethod(makeVerifier)

Summary ✨

This Python class represents a database for storing SRP (Secure Remote Password) password verifiers. It allows users to store and retrieve verifier entries, which can be used for authentication purposes. The class is thread-safe and provides methods for creating new verifiers based on user input and password.

Tech Fingerprint

Standard Library: Math

Alerts (2)

'import *' Avoid to prevent namespace pollution; import specific names or use aliases
3 4