/gdata/tlslite/VerifierDB.py

 1"""Class for storing SRP password verifiers."""
 2
 3from utils.cryptomath import *
 4from utils.compat import *
 5import mathtls
 6from BaseDB import BaseDB
 7
 8class VerifierDB(BaseDB):
 9    """This class represent an in-memory or on-disk database of SRP
10    password verifiers.
11
12    A VerifierDB can be passed to a server handshake to authenticate
13    a client based on one of the verifiers.
14
15    This class is thread-safe.
16    """
17    def __init__(self, filename=None):
18        """Create a new VerifierDB instance.
19
20        @type filename: str
21        @param filename: Filename for an on-disk database, or None for
22        an in-memory database.  If the filename already exists, follow
23        this with a call to open().  To create a new on-disk database,
24        follow this with a call to create().
25        """
26        BaseDB.__init__(self, filename, "verifier")
27
28    def _getItem(self, username, valueStr):
29        (N, g, salt, verifier) = valueStr.split(" ")
30        N = base64ToNumber(N)
31        g = base64ToNumber(g)
32        salt = base64ToString(salt)
33        verifier = base64ToNumber(verifier)
34        return (N, g, salt, verifier)
35
36    def __setitem__(self, username, verifierEntry):
37        """Add a verifier entry to the database.
38
39        @type username: str
40        @param username: The username to associate the verifier with.
41        Must be less than 256 characters in length.  Must not already
42        be in the database.
43
44        @type verifierEntry: tuple
45        @param verifierEntry: The verifier entry to add.  Use
46        L{tlslite.VerifierDB.VerifierDB.makeVerifier} to create a
47        verifier entry.
48        """
49        BaseDB.__setitem__(self, username, verifierEntry)
50
51
52    def _setItem(self, username, value):
53        if len(username)>=256:
54            raise ValueError("username too long")
55        N, g, salt, verifier = value
56        N = numberToBase64(N)
57        g = numberToBase64(g)
58        salt = stringToBase64(salt)
59        verifier = numberToBase64(verifier)
60        valueStr = " ".join( (N, g, salt, verifier)  )
61        return valueStr
62
63    def _checkItem(self, value, username, param):
64        (N, g, salt, verifier) = value
65        x = mathtls.makeX(salt, username, param)
66        v = powMod(g, x, N)
67        return (verifier == v)
68
69
70    def makeVerifier(username, password, bits):
71        """Create a verifier entry which can be stored in a VerifierDB.
72
73        @type username: str
74        @param username: The username for this verifier.  Must be less
75        than 256 characters in length.
76
77        @type password: str
78        @param password: The password for this verifier.
79
80        @type bits: int
81        @param bits: This values specifies which SRP group parameters
82        to use.  It must be one of (1024, 1536, 2048, 3072, 4096, 6144,
83        8192).  Larger values are more secure but slower.  2048 is a
84        good compromise between safety and speed.
85
86        @rtype: tuple
87        @return: A tuple which may be stored in a VerifierDB.
88        """
89        return mathtls.makeVerifier(username, password, bits)
90    makeVerifier = staticmethod(makeVerifier)