def register(self, login, password):
if (login == '' or password == ''):
return 2
try:
#On se connecte à la boîte à monsieurs
conn = psycopg2.connect(
"dbname=puissance5 user=puissance5 password=Disco<3")
#On vérifie que le monsieur n'est pas déjà dans la boîte
cur = conn.cursor()
cur.execute("SELECT * FROM users WHERE login=%s;", (login, ))
if cur.rowcount:
return 1
#Le monsieur n'est pas dans la boîte, on commence par hacher son mot de passe avec un algo overkill : PBKDF2_SHA1
hash = pbkdf2_sha1.encrypt(password)
#On met le monsieur dans la boîte
cur.execute("INSERT INTO users (login, password) VALUES (%s, %s);",
(login, hash))
conn.commit()
cur.close()
conn.close()
except Exception as e:
print("Echec de la création du nouvel utilisateur : \n", e)
return 3
return 0
def register(self, login, password):
if (login == '' or password == ''):
return 2
try:
#On se connecte à la boîte à monsieurs
conn = psycopg2.connect("dbname=puissance5 user=puissance5 password=Disco<3")
#On vérifie que le monsieur n'est pas déjà dans la boîte
cur = conn.cursor()
cur.execute("SELECT * FROM users WHERE login=%s;", (login,))
if cur.rowcount:
return 1
#Le monsieur n'est pas dans la boîte, on commence par hacher son mot de passe avec un algo overkill : PBKDF2_SHA1
hash = pbkdf2_sha1.encrypt(password)
#On met le monsieur dans la boîte
cur.execute("INSERT INTO users (login, password) VALUES (%s, %s);", (login, hash))
conn.commit()
cur.close()
conn.close()
except Exception as e:
print("Echec de la création du nouvel utilisateur : \n", e)
return 3
return 0
def new(password, server=defaultServer, clientId=None, username="******"):
"""
Encrypts a new @password by interacting with the Pythia service.
@clientId: If specified, this value is used. If omitted, a suitable
value is selected.
@returns a tuple of required values to verify the password: (w,t,z,p)
where:
@w: client ID (key selector)
@t: tweak (randomly generated user ID)
@z: protected passwords
@p: server public key bound to clientId - used to verify future
proofs from this server.
"""
# Set the client ID
if not clientId:
w = secureRandom()
else:
w = clientId
if ersatzHash == True:
ersatzPw = "ersatz"
ersatzHashGen = ersatzlib.ErsatzHashGenerator(hash.pbkdf2_sha1,\
username, password, \
ersatzPw, rounds=5000)
#create ersatz salt
t = ersatzHashGen._compute_ersatz_salt(password, ersatzPw)
ersatzHashGen.salt = t
a = ersatzHashGen._compute_ersatz_hash(password)
a = passlib.utils.ab64_decode(a)
#create ersatz input
ersatzInput = ersatzHashGen._ersatzfy_input(password)
z, p = query(ersatzInput, w, t, server)
z = vpop.wrap(
pyrelic.vpop.update(vpop.unwrapY(z), long(a.encode('hex'), 16)))
#do the Z^a nonsense, where a is the pbkdf2
else:
t = secureRandom()
hashedPW = pbkdf2_sha1.encrypt(password, salt=t, rounds=5000)
z, p = query(hashedPW, w, t, server)
z = vpop.wrap(
pyrelic.vpop.update(vpop.unwrapY(z),
long(hashedPW.encode('hex'), 16)))
#t = secureRandom()
#z,p = query(password, w, t, server)
return w, t, z, p
def hash_password(username, password):
count = 0
salt = ''
for char in username:
# every second character is added to salt
if count % 2 == 0:
salt += char
count += 1
salt = bytes(salt)
hashed_password = pbkdf2_sha1.encrypt(
password,
salt=salt,
)
return hashed_password
def check(password, w, t, z, p, server=defaultServer, username="******"):
"""
Checks an existing @password against the Pythia server using the
values (w,t,z,p).
@returns: True if the password passes authentication; False otherwise.
"""
if ersatzHash:
ersatzHashGen = ersatzlib.ErsatzHashGenerator(hash.pbkdf2_sha1,\
username, password, \
"ersatz", rounds=5000)
ersatzHashGen.salt = t
ersatzInput = ersatzHashGen._ersatzfy_input(password)
#check true password
zPrime1, _ = query(ersatzInput, w, t, previousPubkey=p, server=server)
zPrime2, _ = query(password, w, t, previousPubkey=p, server=server)
#create ersatz salt
a = passlib.utils.ab64_decode(
ersatzHashGen._compute_ersatz_hash(password))
zPrime1 = vpop.wrap(
pyrelic.vpop.update(vpop.unwrapY(zPrime1),
long(a.encode('hex'), 16)))
a = passlib.utils.ab64_decode(
hash.pbkdf2_sha1.encrypt(password, salt=t, rounds=5000))
zPrime2 = vpop.wrap(
pyrelic.vpop.update(vpop.unwrapY(zPrime2),
long(a.encode('hex'), 16)))
if z == zPrime1:
return 1
elif z == zPrime2:
return 2
else:
return 0
#check ersatz password
else:
hashedPW = pbkdf2_sha1.encrypt(password, salt=t, rounds=5000)
zPrime, _ = query(hashedPW, w, t, previousPubkey=p, server=server)
zPrime = vpop.wrap(
pyrelic.vpop.update(vpop.unwrapY(zPrime),
long(hashedPW.encode('hex'), 16)))
#zPrime,_ = query(password, w, t, previousPubkey=p, server=server)
return z == zPrime
def new(password, server=defaultServer, clientId=None, username="******"):
"""
Encrypts a new @password by interacting with the Pythia service.
@clientId: If specified, this value is used. If omitted, a suitable
value is selected.
@returns a tuple of required values to verify the password: (w,t,z,p)
where:
@w: client ID (key selector)
@t: tweak (randomly generated user ID)
@z: protected passwords
@p: server public key bound to clientId - used to verify future
proofs from this server.
"""
# Set the client ID
if not clientId:
w = secureRandom()
else:
w = clientId
if ersatzHash == True:
ersatzPw = "ersatz"
ersatzHashGen = ersatzlib.ErsatzHashGenerator(hash.pbkdf2_sha1,\
username, password, \
ersatzPw, rounds=5000)
#create ersatz salt
t = ersatzHashGen._compute_ersatz_salt(password,ersatzPw)
ersatzHashGen.salt = t
a = ersatzHashGen._compute_ersatz_hash(password)
a = passlib.utils.ab64_decode(a)
#create ersatz input
ersatzInput = ersatzHashGen._ersatzfy_input(password)
z,p = query(ersatzInput, w, t, server)
z = vpop.wrap(pyrelic.vpop.update(vpop.unwrapY(z), long(a.encode('hex'),16)))
#do the Z^a nonsense, where a is the pbkdf2
else:
t = secureRandom()
hashedPW = pbkdf2_sha1.encrypt(password, salt=t, rounds=5000)
z,p = query(hashedPW, w, t, server)
z = vpop.wrap(pyrelic.vpop.update(vpop.unwrapY(z), long(hashedPW.encode('hex'),16)))
#t = secureRandom()
#z,p = query(password, w, t, server)
return w, t, z, p
def check(password, w, t, z, p, server=defaultServer, username="******"):
"""
Checks an existing @password against the Pythia server using the
values (w,t,z,p).
@returns: True if the password passes authentication; False otherwise.
"""
if ersatzHash:
ersatzHashGen = ersatzlib.ErsatzHashGenerator(hash.pbkdf2_sha1,\
username, password, \
"ersatz", rounds=5000)
ersatzHashGen.salt = t
ersatzInput = ersatzHashGen._ersatzfy_input(password)
#check true password
zPrime1,_ = query(ersatzInput, w, t, previousPubkey=p, server=server)
zPrime2,_ = query(password, w, t, previousPubkey=p, server=server)
#create ersatz salt
a = passlib.utils.ab64_decode(ersatzHashGen._compute_ersatz_hash(password))
zPrime1 = vpop.wrap(pyrelic.vpop.update(vpop.unwrapY(zPrime1), long(a.encode('hex'),16)))
a = passlib.utils.ab64_decode(hash.pbkdf2_sha1.encrypt(password, salt=t, rounds=5000))
zPrime2 = vpop.wrap(pyrelic.vpop.update(vpop.unwrapY(zPrime2), long(a.encode('hex'),16)))
if z == zPrime1:
return 1
elif z == zPrime2:
return 2
else:
return 0
#check ersatz password
else:
hashedPW = pbkdf2_sha1.encrypt(password, salt=t, rounds=5000)
zPrime,_ = query(hashedPW, w, t, previousPubkey=p, server=server)
zPrime = vpop.wrap(pyrelic.vpop.update(vpop.unwrapY(zPrime), long(hashedPW.encode('hex'),16)))
#zPrime,_ = query(password, w, t, previousPubkey=p, server=server)
return z == zPrime
def register(self, login, password):
#On vérifie qu'il a bien entré des informations valides
if (login == '' or password == ''):
return 2
try:
#On obtient le verrou pour éviter les accès concurrents à la base de données
self.lock.acquire()
#On se connecte à la base de données
conn = psycopg2.connect("dbname=puissance5 user=puissance5 password=Disco<3")
#On vérifie que l'utilisateur n'existe pas déjà
cur = conn.cursor()
cur.execute("SELECT * FROM users WHERE login=%s;", (login,))
if cur.rowcount:
#L'utilisateur existe déjà
self.lock.release()
return 1
#L'utilisateur n'est pas dans la BDD, on commence par hacher son mot de passe avec un algo overkill : PBKDF2_SHA1
hash = pbkdf2_sha1.encrypt(password)
#On ajoute l'utilisateur à la base de données
cur.execute("INSERT INTO users (login, password) VALUES (%s, %s);", (login, hash))
conn.commit()
cur.close()
conn.close()
self.lock.release()
except Exception as e:
self.lock.release()
print("Echec de la création du nouvel utilisateur : \n", e)
return 3
return 0
