1# Author: Trevor Perrin
2# See the LICENSE file for legal information regarding use of this file.
3
4"""Class for storing SRP password verifiers."""
5
6from .utils.cryptomath import *
7from .utils.compat import *
8from tlslite import mathtls
9from .basedb import BaseDB
10
11class VerifierDB(BaseDB):
12    """This class represent an in-memory or on-disk database of SRP
13    password verifiers.
14
15    A VerifierDB can be passed to a server handshake to authenticate
16    a client based on one of the verifiers.
17
18    This class is thread-safe.
19    """
20    def __init__(self, filename=None):
21        """Create a new VerifierDB instance.
22
23        @type filename: str
24        @param filename: Filename for an on-disk database, or None for
25        an in-memory database.  If the filename already exists, follow
26        this with a call to open().  To create a new on-disk database,
27        follow this with a call to create().
28        """
29        BaseDB.__init__(self, filename, "verifier")
30
31    def _getItem(self, username, valueStr):
32        (N, g, salt, verifier) = valueStr.split(" ")
33        N = bytesToNumber(a2b_base64(N))
34        g = bytesToNumber(a2b_base64(g))
35        salt = a2b_base64(salt)
36        verifier = bytesToNumber(a2b_base64(verifier))
37        return (N, g, salt, verifier)
38
39    def __setitem__(self, username, verifierEntry):
40        """Add a verifier entry to the database.
41
42        @type username: str
43        @param username: The username to associate the verifier with.
44        Must be less than 256 characters in length.  Must not already
45        be in the database.
46
47        @type verifierEntry: tuple
48        @param verifierEntry: The verifier entry to add.  Use
49        L{tlslite.verifierdb.VerifierDB.makeVerifier} to create a
50        verifier entry.
51        """
52        BaseDB.__setitem__(self, username, verifierEntry)
53
54
55    def _setItem(self, username, value):
56        if len(username)>=256:
57            raise ValueError("username too long")
58        N, g, salt, verifier = value
59        N = b2a_base64(numberToByteArray(N))
60        g = b2a_base64(numberToByteArray(g))
61        salt = b2a_base64(salt)
62        verifier = b2a_base64(numberToByteArray(verifier))
63        valueStr = " ".join( (N, g, salt, verifier)  )
64        return valueStr
65
66    def _checkItem(self, value, username, param):
67        (N, g, salt, verifier) = value
68        x = mathtls.makeX(salt, username, param)
69        v = powMod(g, x, N)
70        return (verifier == v)
71
72
73    def makeVerifier(username, password, bits):
74        """Create a verifier entry which can be stored in a VerifierDB.
75
76        @type username: str
77        @param username: The username for this verifier.  Must be less
78        than 256 characters in length.
79
80        @type password: str
81        @param password: The password for this verifier.
82
83        @type bits: int
84        @param bits: This values specifies which SRP group parameters
85        to use.  It must be one of (1024, 1536, 2048, 3072, 4096, 6144,
86        8192).  Larger values are more secure but slower.  2048 is a
87        good compromise between safety and speed.
88
89        @rtype: tuple
90        @return: A tuple which may be stored in a VerifierDB.
91        """
92        usernameBytes = bytearray(username, "utf-8")
93        passwordBytes = bytearray(password, "utf-8")
94        return mathtls.makeVerifier(usernameBytes, passwordBytes, bits)
95    makeVerifier = staticmethod(makeVerifier)
96