Beispiel #1
0
    def uid(self, auth_plugin_list, wire_crypt):
        def pack_cnct_param(k, v):
            if k != CNCT_specific_data:
                return bs([k] + [len(v)]) + v
            # specific_data split per 254 bytes
            b = b''
            i = 0
            while len(v) > 254:
                b += bs([k, 255, i]) + v[:254]
                v = v[254:]
                i += 1
            b += bs([k, len(v)+1, i]) + v
            return b

        if sys.platform == 'win32':
            user = os.environ['USERNAME']
            hostname = os.environ['COMPUTERNAME']
        else:
            user = os.environ.get('USER', '')
            hostname = socket.gethostname()
        r = b''

        if auth_plugin_list:
            specific_data = None
            if auth_plugin_list[0] == 'Srp':
                self.client_public_key, self.client_private_key = \
                                    srp.client_seed()
                specific_data = bytes_to_hex(
                                    srp.long2bytes(self.client_public_key))
            elif auth_plugin_list[0] == 'Legacy_Auth':
                enc_pass = get_crypt(self.password)
                if enc_pass:
                    specific_data = self.str_to_bytes(enc_pass)
            else:
                if not isinstance(auth_plugin_list, tuple):
                    raise OperationalError("Auth plugin list need tuple.")
                else:
                    raise OperationalError(
                        "Unknown auth plugin name '%s'" % (auth_plugin_list[0]))
            auth_plugin_list = [s.encode('utf-8') for s in auth_plugin_list]
            self.plugin_name = auth_plugin_list[0]
            self.plugin_list = b','.join(auth_plugin_list)
            if wire_crypt:
                client_crypt = int_to_bytes(1, 4)
            else:
                client_crypt = int_to_bytes(0, 4)

        if auth_plugin_list:
            r += pack_cnct_param(CNCT_login,
                                self.str_to_bytes(self.user.upper()))
            r += pack_cnct_param(CNCT_plugin_name, self.plugin_name)
            r += pack_cnct_param(CNCT_plugin_list, self.plugin_list)
            if specific_data:
                r += pack_cnct_param(CNCT_specific_data, specific_data)
            r += pack_cnct_param(CNCT_client_crypt, client_crypt)
        r += pack_cnct_param(CNCT_user, self.str_to_bytes(user))
        r += pack_cnct_param(CNCT_host, self.str_to_bytes(hostname))
        r += pack_cnct_param(CNCT_user_verification, b'')
        return r
    def uid(self, auth_plugin_name, wire_crypt):
        def pack_cnct_param(k, v):
            if k != CNCT_specific_data:
                return bs([k] + [len(v)]) + v
            # specific_data split per 254 bytes
            b = b''
            i = 0
            while len(v) > 254:
                b += bs([k, 255, i]) + v[:254]
                v = v[254:]
                i += 1
            b += bs([k, len(v) + 1, i]) + v
            return b

        auth_plugin_list = ('Srp256', 'Srp', 'Legacy_Auth')
        # get and calculate CNCT_xxxx values
        if sys.platform == 'win32':
            user = os.environ['USERNAME']
            hostname = os.environ['COMPUTERNAME']
        else:
            user = os.environ.get('USER', '')
            hostname = socket.gethostname()

        if auth_plugin_name in ('Srp256', 'Srp'):
            self.client_public_key, self.client_private_key = srp.client_seed()
            specific_data = bytes_to_hex(srp.long2bytes(
                self.client_public_key))
        elif auth_plugin_name == 'Legacy_Auth':
            assert crypt, "Legacy_Auth needs crypt module"
            specific_data = self.str_to_bytes(get_crypt(self.password))
        else:
            raise OperationalError("Unknown auth plugin name '%s'" %
                                   (auth_plugin_name, ))
        self.plugin_name = auth_plugin_name
        self.plugin_list = b','.join(
            [s.encode('utf-8') for s in auth_plugin_list])
        client_crypt = b'\x01\x00\x00\x00' if wire_crypt else b'\x00\x00\x00\x00'

        # set CNCT_xxxx values
        r = b''
        r += pack_cnct_param(CNCT_login, self.str_to_bytes(self.user))
        r += pack_cnct_param(CNCT_plugin_name,
                             self.str_to_bytes(self.plugin_name))
        r += pack_cnct_param(CNCT_plugin_list, self.plugin_list)
        r += pack_cnct_param(CNCT_specific_data, specific_data)
        r += pack_cnct_param(CNCT_client_crypt, client_crypt)

        r += pack_cnct_param(CNCT_user, self.str_to_bytes(user))
        r += pack_cnct_param(CNCT_host, self.str_to_bytes(hostname))
        r += pack_cnct_param(CNCT_user_verification, b'')
        return r
Beispiel #3
0
    def test_sha1(self):
        user = b'SYSDBA'
        password = b'masterkey'

        A, a = srp.client_seed(srp.DEBUG_PRIVATE_KEY)

        salt = srp.DEBUG_SALT
        v = srp.get_verifier(user, password, salt)
        B, b = srp.server_seed(v, srp.DEBUG_PRIVATE_KEY)

        serverKey = srp.server_session(user, password, salt, A, B, b)

        M, clientKey = srp.client_proof(user, password, salt, A, B, a, hashlib.sha1)
        self.assertEqual(clientKey, serverKey)
        self.assertEqual(M, binascii.unhexlify('8c12324bb6e9e683a3ee62e13905b95d69f028a9'))
Beispiel #4
0
    def test_sha256(self):
        user = b'SYSDBA'
        password = b'masterkey'

        A, a = srp.client_seed(srp.DEBUG_PRIVATE_KEY)

        salt = srp.DEBUG_SALT
        v = srp.get_verifier(user, password, salt)
        B, b = srp.server_seed(v, srp.DEBUG_PRIVATE_KEY)

        serverKey = srp.server_session(user, password, salt, A, B, b)

        M, clientKey = srp.client_proof(user, password, salt, A, B, a, hashlib.sha256)
        self.assertEqual(clientKey, serverKey)
        self.assertEqual(M, binascii.unhexlify('4675c18056c04b00cc2b991662324c22c6f08bb90beb3677416b03469a770308'))
Beispiel #5
0
    def uid(self, auth_plugin_name, wire_crypt):
        def pack_cnct_param(k, v):
            if k != CNCT_specific_data:
                return bs([k] + [len(v)]) + v
            # specific_data split per 254 bytes
            b = b''
            i = 0
            while len(v) > 254:
                b += bs([k, 255, i]) + v[:254]
                v = v[254:]
                i += 1
            b += bs([k, len(v)+1, i]) + v
            return b

        auth_plugin_list = ('Srp', 'Legacy_Auth')
        # get and calculate CNCT_xxxx values
        if sys.platform == 'win32':
            user = os.environ['USERNAME']
            hostname = os.environ['COMPUTERNAME']
        else:
            user = os.environ.get('USER', '')
            hostname = socket.gethostname()

        if auth_plugin_name == 'Srp':
            self.client_public_key, self.client_private_key = srp.client_seed()
            specific_data = bytes_to_hex(srp.long2bytes(self.client_public_key))
        elif auth_plugin_name == 'Legacy_Auth':
            assert crypt, "Legacy_Auth needs crypt module"
            specific_data = self.str_to_bytes(get_crypt(self.password))
        else:
            raise OperationalError("Unknown auth plugin name '%s'" % (auth_plugin_name,))
        self.plugin_name = auth_plugin_name
        self.plugin_list = b','.join([s.encode('utf-8') for s in auth_plugin_list])
        client_crypt = b'\x01\x00\x00\x00' if wire_crypt else b'\x00\x00\x00\x00'

        # set CNCT_xxxx values
        r = b''
        r += pack_cnct_param(CNCT_login, self.str_to_bytes(self.user.upper()))
        r += pack_cnct_param(CNCT_plugin_name, self.str_to_bytes(self.plugin_name))
        r += pack_cnct_param(CNCT_plugin_list, self.plugin_list)
        r += pack_cnct_param(CNCT_specific_data, specific_data)
        r += pack_cnct_param(CNCT_client_crypt, client_crypt)

        r += pack_cnct_param(CNCT_user, self.str_to_bytes(user))
        r += pack_cnct_param(CNCT_host, self.str_to_bytes(hostname))
        r += pack_cnct_param(CNCT_user_verification, b'')
        return r
Beispiel #6
0
    def test_sha1(self):
        user = b'SYSDBA'
        password = b'masterkey'

        A, a = srp.client_seed(srp.DEBUG_PRIVATE_KEY)

        salt = srp.DEBUG_SALT
        v = srp.get_verifier(user, password, salt)
        B, b = srp.server_seed(v, srp.DEBUG_PRIVATE_KEY)

        serverKey = srp.server_session(user, password, salt, A, B, b)

        M, clientKey = srp.client_proof(user, password, salt, A, B, a,
                                        hashlib.sha1)
        self.assertEqual(clientKey, serverKey)
        self.assertEqual(
            M, binascii.unhexlify('8c12324bb6e9e683a3ee62e13905b95d69f028a9'))
Beispiel #7
0
    def test_srp_key_exchange(self):
        user = b'sysdba'
        password = b'masterkey'
    
        # Client send A to Server
        A, a = srp.client_seed()
    
        # Server send B, salt to Client
        salt = srp.get_salt()
        v = srp.get_verifier(user, password, salt)
        B, b = srp.server_seed(v)
    
        serverKey = srp.server_session(user, password, salt, A, B, b)

        # Client send M to Server
        M, clientKey = srp.client_proof(user, password, salt, A, B, a)
    
        # Client and Server has same key
        self.assertEqual(clientKey, serverKey)
Beispiel #8
0
    def test_srp_key_exchange(self):
        user = b'sysdba'
        password = b'masterkey'
    
        # Client send A to Server
        A, a = srp.client_seed()
    
        # Server send B, salt to Client
        salt = srp.get_salt()
        v = srp.get_verifier(user, password, salt)
        B, b = srp.server_seed(v)
    
        serverKey = srp.server_session(user, password, salt, A, B, b)

        # Client send M to Server
        M, clientKey = srp.client_proof(user, password, salt, A, B, a)
    
        # Client and Server has same key
        self.assertEqual(clientKey, serverKey)
Beispiel #9
0
    def test_sha256(self):
        user = b'SYSDBA'
        password = b'masterkey'

        A, a = srp.client_seed(srp.DEBUG_PRIVATE_KEY)

        salt = srp.DEBUG_SALT
        v = srp.get_verifier(user, password, salt)
        B, b = srp.server_seed(v, srp.DEBUG_PRIVATE_KEY)

        serverKey = srp.server_session(user, password, salt, A, B, b)

        M, clientKey = srp.client_proof(user, password, salt, A, B, a,
                                        hashlib.sha256)
        self.assertEqual(clientKey, serverKey)
        self.assertEqual(
            M,
            binascii.unhexlify(
                '4675c18056c04b00cc2b991662324c22c6f08bb90beb3677416b03469a770308'
            ))