1
2
3
4 """Class for storing SRP password verifiers."""
5
6 from .utils.cryptomath import *
7 from .utils.compat import *
8 from tlslite import mathtls
9 from .basedb import BaseDB
10
12 """This class represent an in-memory or on-disk database of SRP
13 password verifiers.
14
15 A VerifierDB can be passed to a server handshake to authenticate
16 a client based on one of the verifiers.
17
18 This class is thread-safe.
19 """
21 """Create a new VerifierDB instance.
22
23 @type filename: str
24 @param filename: Filename for an on-disk database, or None for
25 an in-memory database. If the filename already exists, follow
26 this with a call to open(). To create a new on-disk database,
27 follow this with a call to create().
28 """
29 BaseDB.__init__(self, filename, b"verifier")
30
38
40 """Add a verifier entry to the database.
41
42 @type username: str
43 @param username: The username to associate the verifier with.
44 Must be less than 256 characters in length. Must not already
45 be in the database.
46
47 @type verifierEntry: tuple
48 @param verifierEntry: The verifier entry to add. Use
49 L{tlslite.verifierdb.VerifierDB.makeVerifier} to create a
50 verifier entry.
51 """
52 BaseDB.__setitem__(self, username, verifierEntry)
53
54
65
67 (N, g, salt, verifier) = value
68 x = mathtls.makeX(salt, username, param)
69 v = powMod(g, x, N)
70 return (verifier == v)
71
72
74 """Create a verifier entry which can be stored in a VerifierDB.
75
76 @type username: str
77 @param username: The username for this verifier. Must be less
78 than 256 characters in length.
79
80 @type password: str
81 @param password: The password for this verifier.
82
83 @type bits: int
84 @param bits: This values specifies which SRP group parameters
85 to use. It must be one of (1024, 1536, 2048, 3072, 4096, 6144,
86 8192). Larger values are more secure but slower. 2048 is a
87 good compromise between safety and speed.
88
89 @rtype: tuple
90 @return: A tuple which may be stored in a VerifierDB.
91 """
92 if isinstance(username, str):
93 usernameBytes = bytearray(username, "utf-8")
94 else:
95 usernameBytes = bytearray(username)
96 if isinstance(password, str):
97 passwordBytes = bytearray(password, "utf-8")
98 else:
99 passwordBytes = bytearray(password)
100 return mathtls.makeVerifier(usernameBytes, passwordBytes, bits)
101 makeVerifier = staticmethod(makeVerifier)
102