summaryrefslogtreecommitdiffstats
path: root/src/lib/tlslite/VerifierDB.py
diff options
context:
space:
mode:
authorNarayan Desai <desai@mcs.anl.gov>2007-03-12 16:22:51 +0000
committerNarayan Desai <desai@mcs.anl.gov>2007-03-12 16:22:51 +0000
commit6e5e9c8e969207e68665f12665a54768090897e4 (patch)
treede198777d5041073db4634a24ca37efad2a1017f /src/lib/tlslite/VerifierDB.py
parentac3eb44f16bc14e41ed62169ca36e9992509d7d6 (diff)
downloadbcfg2-6e5e9c8e969207e68665f12665a54768090897e4.tar.gz
bcfg2-6e5e9c8e969207e68665f12665a54768090897e4.tar.bz2
bcfg2-6e5e9c8e969207e68665f12665a54768090897e4.zip
Merged in certs branch in preparation for 0.9.3pre2
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@2928 ce84e21b-d406-0410-9b95-82705330c041
Diffstat (limited to 'src/lib/tlslite/VerifierDB.py')
-rwxr-xr-xsrc/lib/tlslite/VerifierDB.py90
1 files changed, 90 insertions, 0 deletions
diff --git a/src/lib/tlslite/VerifierDB.py b/src/lib/tlslite/VerifierDB.py
new file mode 100755
index 000000000..f706b1796
--- /dev/null
+++ b/src/lib/tlslite/VerifierDB.py
@@ -0,0 +1,90 @@
+"""Class for storing SRP password verifiers."""
+
+from utils.cryptomath import *
+from utils.compat import *
+import mathtls
+from BaseDB import BaseDB
+
+class VerifierDB(BaseDB):
+ """This class represent an in-memory or on-disk database of SRP
+ password verifiers.
+
+ A VerifierDB can be passed to a server handshake to authenticate
+ a client based on one of the verifiers.
+
+ This class is thread-safe.
+ """
+ def __init__(self, filename=None):
+ """Create a new VerifierDB instance.
+
+ @type filename: str
+ @param filename: Filename for an on-disk database, or None for
+ an in-memory database. If the filename already exists, follow
+ this with a call to open(). To create a new on-disk database,
+ follow this with a call to create().
+ """
+ BaseDB.__init__(self, filename, "verifier")
+
+ def _getItem(self, username, valueStr):
+ (N, g, salt, verifier) = valueStr.split(" ")
+ N = base64ToNumber(N)
+ g = base64ToNumber(g)
+ salt = base64ToString(salt)
+ verifier = base64ToNumber(verifier)
+ return (N, g, salt, verifier)
+
+ def __setitem__(self, username, verifierEntry):
+ """Add a verifier entry to the database.
+
+ @type username: str
+ @param username: The username to associate the verifier with.
+ Must be less than 256 characters in length. Must not already
+ be in the database.
+
+ @type verifierEntry: tuple
+ @param verifierEntry: The verifier entry to add. Use
+ L{tlslite.VerifierDB.VerifierDB.makeVerifier} to create a
+ verifier entry.
+ """
+ BaseDB.__setitem__(self, username, verifierEntry)
+
+
+ def _setItem(self, username, value):
+ if len(username)>=256:
+ raise ValueError("username too long")
+ N, g, salt, verifier = value
+ N = numberToBase64(N)
+ g = numberToBase64(g)
+ salt = stringToBase64(salt)
+ verifier = numberToBase64(verifier)
+ valueStr = " ".join( (N, g, salt, verifier) )
+ return valueStr
+
+ def _checkItem(self, value, username, param):
+ (N, g, salt, verifier) = value
+ x = mathtls.makeX(salt, username, param)
+ v = powMod(g, x, N)
+ return (verifier == v)
+
+
+ def makeVerifier(username, password, bits):
+ """Create a verifier entry which can be stored in a VerifierDB.
+
+ @type username: str
+ @param username: The username for this verifier. Must be less
+ than 256 characters in length.
+
+ @type password: str
+ @param password: The password for this verifier.
+
+ @type bits: int
+ @param bits: This values specifies which SRP group parameters
+ to use. It must be one of (1024, 1536, 2048, 3072, 4096, 6144,
+ 8192). Larger values are more secure but slower. 2048 is a
+ good compromise between safety and speed.
+
+ @rtype: tuple
+ @return: A tuple which may be stored in a VerifierDB.
+ """
+ return mathtls.makeVerifier(username, password, bits)
+ makeVerifier = staticmethod(makeVerifier) \ No newline at end of file