/gdata/tlslite/VerifierDB.py

http://radioappz.googlecode.com/ · Python · 90 lines · 34 code · 9 blank · 47 comment · 1 complexity · e8e717ad82ac120c2cef86a5f9b9048b MD5 · raw file

  1. """Class for storing SRP password verifiers."""
  2. from utils.cryptomath import *
  3. from utils.compat import *
  4. import mathtls
  5. from BaseDB import BaseDB
  6. class VerifierDB(BaseDB):
  7. """This class represent an in-memory or on-disk database of SRP
  8. password verifiers.
  9. A VerifierDB can be passed to a server handshake to authenticate
  10. a client based on one of the verifiers.
  11. This class is thread-safe.
  12. """
  13. def __init__(self, filename=None):
  14. """Create a new VerifierDB instance.
  15. @type filename: str
  16. @param filename: Filename for an on-disk database, or None for
  17. an in-memory database. If the filename already exists, follow
  18. this with a call to open(). To create a new on-disk database,
  19. follow this with a call to create().
  20. """
  21. BaseDB.__init__(self, filename, "verifier")
  22. def _getItem(self, username, valueStr):
  23. (N, g, salt, verifier) = valueStr.split(" ")
  24. N = base64ToNumber(N)
  25. g = base64ToNumber(g)
  26. salt = base64ToString(salt)
  27. verifier = base64ToNumber(verifier)
  28. return (N, g, salt, verifier)
  29. def __setitem__(self, username, verifierEntry):
  30. """Add a verifier entry to the database.
  31. @type username: str
  32. @param username: The username to associate the verifier with.
  33. Must be less than 256 characters in length. Must not already
  34. be in the database.
  35. @type verifierEntry: tuple
  36. @param verifierEntry: The verifier entry to add. Use
  37. L{tlslite.VerifierDB.VerifierDB.makeVerifier} to create a
  38. verifier entry.
  39. """
  40. BaseDB.__setitem__(self, username, verifierEntry)
  41. def _setItem(self, username, value):
  42. if len(username)>=256:
  43. raise ValueError("username too long")
  44. N, g, salt, verifier = value
  45. N = numberToBase64(N)
  46. g = numberToBase64(g)
  47. salt = stringToBase64(salt)
  48. verifier = numberToBase64(verifier)
  49. valueStr = " ".join( (N, g, salt, verifier) )
  50. return valueStr
  51. def _checkItem(self, value, username, param):
  52. (N, g, salt, verifier) = value
  53. x = mathtls.makeX(salt, username, param)
  54. v = powMod(g, x, N)
  55. return (verifier == v)
  56. def makeVerifier(username, password, bits):
  57. """Create a verifier entry which can be stored in a VerifierDB.
  58. @type username: str
  59. @param username: The username for this verifier. Must be less
  60. than 256 characters in length.
  61. @type password: str
  62. @param password: The password for this verifier.
  63. @type bits: int
  64. @param bits: This values specifies which SRP group parameters
  65. to use. It must be one of (1024, 1536, 2048, 3072, 4096, 6144,
  66. 8192). Larger values are more secure but slower. 2048 is a
  67. good compromise between safety and speed.
  68. @rtype: tuple
  69. @return: A tuple which may be stored in a VerifierDB.
  70. """
  71. return mathtls.makeVerifier(username, password, bits)
  72. makeVerifier = staticmethod(makeVerifier)