/gdata/tlslite/VerifierDB.py
Python | 90 lines | 34 code | 9 blank | 47 comment | 1 complexity | e8e717ad82ac120c2cef86a5f9b9048b MD5 | raw file
1"""Class for storing SRP password verifiers.""" 2 3from utils.cryptomath import * 4from utils.compat import * 5import mathtls 6from BaseDB import BaseDB 7 8class VerifierDB(BaseDB): 9 """This class represent an in-memory or on-disk database of SRP 10 password verifiers. 11 12 A VerifierDB can be passed to a server handshake to authenticate 13 a client based on one of the verifiers. 14 15 This class is thread-safe. 16 """ 17 def __init__(self, filename=None): 18 """Create a new VerifierDB instance. 19 20 @type filename: str 21 @param filename: Filename for an on-disk database, or None for 22 an in-memory database. If the filename already exists, follow 23 this with a call to open(). To create a new on-disk database, 24 follow this with a call to create(). 25 """ 26 BaseDB.__init__(self, filename, "verifier") 27 28 def _getItem(self, username, valueStr): 29 (N, g, salt, verifier) = valueStr.split(" ") 30 N = base64ToNumber(N) 31 g = base64ToNumber(g) 32 salt = base64ToString(salt) 33 verifier = base64ToNumber(verifier) 34 return (N, g, salt, verifier) 35 36 def __setitem__(self, username, verifierEntry): 37 """Add a verifier entry to the database. 38 39 @type username: str 40 @param username: The username to associate the verifier with. 41 Must be less than 256 characters in length. Must not already 42 be in the database. 43 44 @type verifierEntry: tuple 45 @param verifierEntry: The verifier entry to add. Use 46 L{tlslite.VerifierDB.VerifierDB.makeVerifier} to create a 47 verifier entry. 48 """ 49 BaseDB.__setitem__(self, username, verifierEntry) 50 51 52 def _setItem(self, username, value): 53 if len(username)>=256: 54 raise ValueError("username too long") 55 N, g, salt, verifier = value 56 N = numberToBase64(N) 57 g = numberToBase64(g) 58 salt = stringToBase64(salt) 59 verifier = numberToBase64(verifier) 60 valueStr = " ".join( (N, g, salt, verifier) ) 61 return valueStr 62 63 def _checkItem(self, value, username, param): 64 (N, g, salt, verifier) = value 65 x = mathtls.makeX(salt, username, param) 66 v = powMod(g, x, N) 67 return (verifier == v) 68 69 70 def makeVerifier(username, password, bits): 71 """Create a verifier entry which can be stored in a VerifierDB. 72 73 @type username: str 74 @param username: The username for this verifier. Must be less 75 than 256 characters in length. 76 77 @type password: str 78 @param password: The password for this verifier. 79 80 @type bits: int 81 @param bits: This values specifies which SRP group parameters 82 to use. It must be one of (1024, 1536, 2048, 3072, 4096, 6144, 83 8192). Larger values are more secure but slower. 2048 is a 84 good compromise between safety and speed. 85 86 @rtype: tuple 87 @return: A tuple which may be stored in a VerifierDB. 88 """ 89 return mathtls.makeVerifier(username, password, bits) 90 makeVerifier = staticmethod(makeVerifier)