def _get_verifier(self, username):
"""Obtain the password verifier data to use for the given user.
This method returns a tuple (algorithm, salt, verifier) giving
the necessary information to verify the user's password. If no
information is available for the user then a tuple of Nones is
returned.
"""
# If we have a get_verifier callback, use it directly.
if self.get_verifier is not None:
verifier = self.get_verifier(username)
if verifier is not None and verifier[0] is not None:
return verifier
# Otherwise, we need to calculate it from the password.
if self.get_password is not None:
password = self.get_password(username)
if password is not None:
algorithm = "SRP-1024-SHA1"
salt = hashlib.sha1(username + self.realm).hexdigest()[:8]
verifier = calculate_verifier(
{
"username": username,
"algorithm": algorithm,
"salt": salt,
}, password)
return (algorithm, salt, verifier)
# If that didn't work out, they have no verifier.
return (None, None, None)
def _get_verifier(self, username):
"""Obtain the password verifier data to use for the given user.
This method returns a tuple (algorithm, salt, verifier) giving
the necessary information to verify the user's password. If no
information is available for the user then a tuple of Nones is
returned.
"""
# If we have a get_verifier callback, use it directly.
if self.get_verifier is not None:
verifier = self.get_verifier(username)
if verifier is not None and verifier[0] is not None:
return verifier
# Otherwise, we need to calculate it from the password.
if self.get_password is not None:
password = self.get_password(username)
if password is not None:
algorithm = "SRP-1024-SHA1"
salt = hashlib.sha1(username + self.realm).hexdigest()[:8]
verifier = calculate_verifier({
"username": username,
"algorithm": algorithm,
"salt": salt,
}, password)
return (algorithm, salt, verifier)
# If that didn't work out, they have no verifier.
return (None, None, None)
def get_verifier(username):
params = {
"username": username,
"algorithm": "SRP-1024-SHA1",
"salt": "SALTIPUS REX",
}
verifier = calculate_verifier(params, "testing")
return (params["algorithm"], params["salt"], verifier)
def get_verifier(username):
params = {
"username": username,
"algorithm": "SRP-1024-SHA1",
"salt": "SALTIPUS REX",
}
verifier = calculate_verifier(params, "testing")
return (params["algorithm"], params["salt"], verifier)
def get_verifier(username):
algorithm = "SRP-1024-SHA1"
salt = "SALTIMUS PRIME"
verifier = calculate_verifier({
"username": username,
"algorithm": algorithm,
"salt": salt,
}, get_password(username))
return (algorithm, salt, verifier)
def get_verifier(username):
algorithm = "SRP-1024-SHA1"
salt = "SALTIMUS PRIME"
verifier = calculate_verifier(
{
"username": username,
"algorithm": algorithm,
"salt": salt,
}, get_password(username))
return (algorithm, salt, verifier)
def test_rfc5054_example(self):
# Input parameters as defined in the RFC.
username = "******"
password = "******"
algorithm = "SRP-1024-SHA1"
salt = "BEB25379 D1A8581E B5A72767 3A2441EE"
salt = salt.replace(" ", "").decode("hex")
params = {
"algorithm": algorithm,
"username": username,
"salt": salt,
}
a = """
60975527 035CF2AD 1989806F 0407210B C81EDC04 E2762A56 AFD529DD
DA2D4393
"""
a = a.replace(" ", "").replace("\n", "").decode("hex")
a = int_from_bytes(a)
b = """
E487CB59 D31AC550 471E81F0 0F6928E0 1DDA08E9 74A004F4 9E61F5D1
05284D20
"""
b = b.replace(" ", "").replace("\n", "").decode("hex")
b = int_from_bytes(b)
# Sanity-check algorithm paramters.
(N, g, k, hashmod, _) = ALGORITHMS[algorithm]
self.assertEquals(
int_to_bytes(k).encode("hex").upper(),
"7556AA045AEF2CDD07ABAF0F665C3E818913186F")
# Check calculation of x and v
salted = salt + hashmod(username + ":" + password).digest()
x = int_from_bytes(hashmod(salted).digest())
self.assertEquals(
int_to_bytes(x).encode("hex").upper(),
"94B7555AABE9127CC58CCF4993DB6CF84D16C124")
v = calculate_verifier(params, password)
v_expected = """
7E273DE8 696FFC4F 4E337D05 B4B375BE B0DDE156 9E8FA00A 9886D812
9BADA1F1 822223CA 1A605B53 0E379BA4 729FDC59 F105B478 7E5186F5
C671085A 1447B52A 48CF1970 B4FB6F84 00BBF4CE BFBB1681 52E08AB5
EA53D15C 1AFF87B2 B9DA6E04 E058AD51 CC72BFC9 033B564E 26480D78
E955A5E2 9E7AB245 DB2BE315 E2099AFB
"""
self.assertEquals(
int_to_bytes(v).encode("hex").upper(),
v_expected.replace(" ", "").replace("\n", ""))
# Check calculation of A and B
B = calculate_server_pubkey(params, b, v)
B_expected = """
BD0C6151 2C692C0C B6D041FA 01BB152D 4916A1E7 7AF46AE1 05393011
BAF38964 DC46A067 0DD125B9 5A981652 236F99D9 B681CBF8 7837EC99
6C6DA044 53728610 D0C6DDB5 8B318885 D7D82C7F 8DEB75CE 7BD4FBAA
37089E6F 9C6059F3 88838E7A 00030B33 1EB76840 910440B1 B27AAEAE
EB4012B7 D7665238 A8E3FB00 4B117B58
"""
self.assertEquals(
int_to_bytes(B).encode("hex").upper(),
B_expected.replace(" ", "").replace("\n", ""))
A = calculate_client_pubkey(params, a)
A_expected = """
61D5E490 F6F1B795 47B0704C 436F523D D0E560F0 C64115BB 72557EC4
4352E890 3211C046 92272D8B 2D1A5358 A2CF1B6E 0BFCF99F 921530EC
8E393561 79EAE45E 42BA92AE ACED8251 71E1E8B9 AF6D9C03 E1327F44
BE087EF0 6530E69F 66615261 EEF54073 CA11CF58 58F0EDFD FE15EFEA
B349EF5D 76988A36 72FAC47B 0769447B
"""
self.assertEquals(
int_to_bytes(A).encode("hex").upper(),
A_expected.replace(" ", "").replace("\n", ""))
# Check calculation of shared secret
params["ckey"] = b64encode(int_to_bytes(A))
S = calculate_shared_secret(params, privkey=b, verifier=v)
S_expected = """
B0DC82BA BCF30674 AE450C02 87745E79 90A3381F 63B387AA F271A10D
233861E3 59B48220 F7C4693C 9AE12B0A 6F67809F 0876E2D0 13800D6C
41BB59B6 D5979B5C 00A172B4 A2A5903A 0BDCAF8A 709585EB 2AFAFA8F
3499B200 210DCC1F 10EB3394 3CD67FC8 8A2F39A4 BE5BEC4E C0A3212D
C346D7E4 74B29EDE 8A469FFE CA686E5A
"""
self.assertEquals(
int_to_bytes(S).encode("hex").upper(),
S_expected.replace(" ", "").replace("\n", ""))
def test_rfc5054_example(self):
# Input parameters as defined in the RFC.
username = "******"
password = "******"
algorithm = "SRP-1024-SHA1"
salt = "BEB25379 D1A8581E B5A72767 3A2441EE"
salt = salt.replace(" ", "").decode("hex")
params = {
"algorithm": algorithm,
"username": username,
"salt": salt,
}
a = """
60975527 035CF2AD 1989806F 0407210B C81EDC04 E2762A56 AFD529DD
DA2D4393
"""
a = a.replace(" ", "").replace("\n", "").decode("hex")
a = int_from_bytes(a)
b = """
E487CB59 D31AC550 471E81F0 0F6928E0 1DDA08E9 74A004F4 9E61F5D1
05284D20
"""
b = b.replace(" ", "").replace("\n", "").decode("hex")
b = int_from_bytes(b)
# Sanity-check algorithm paramters.
(N, g, k, hashmod, _) = ALGORITHMS[algorithm]
self.assertEquals(int_to_bytes(k).encode("hex").upper(),
"7556AA045AEF2CDD07ABAF0F665C3E818913186F")
# Check calculation of x and v
salted = salt + hashmod(username + ":" + password).digest()
x = int_from_bytes(hashmod(salted).digest())
self.assertEquals(int_to_bytes(x).encode("hex").upper(),
"94B7555AABE9127CC58CCF4993DB6CF84D16C124")
v = calculate_verifier(params, password)
v_expected = """
7E273DE8 696FFC4F 4E337D05 B4B375BE B0DDE156 9E8FA00A 9886D812
9BADA1F1 822223CA 1A605B53 0E379BA4 729FDC59 F105B478 7E5186F5
C671085A 1447B52A 48CF1970 B4FB6F84 00BBF4CE BFBB1681 52E08AB5
EA53D15C 1AFF87B2 B9DA6E04 E058AD51 CC72BFC9 033B564E 26480D78
E955A5E2 9E7AB245 DB2BE315 E2099AFB
"""
self.assertEquals(int_to_bytes(v).encode("hex").upper(),
v_expected.replace(" ", "").replace("\n", ""))
# Check calculation of A and B
B = calculate_server_pubkey(params, b, v)
B_expected = """
BD0C6151 2C692C0C B6D041FA 01BB152D 4916A1E7 7AF46AE1 05393011
BAF38964 DC46A067 0DD125B9 5A981652 236F99D9 B681CBF8 7837EC99
6C6DA044 53728610 D0C6DDB5 8B318885 D7D82C7F 8DEB75CE 7BD4FBAA
37089E6F 9C6059F3 88838E7A 00030B33 1EB76840 910440B1 B27AAEAE
EB4012B7 D7665238 A8E3FB00 4B117B58
"""
self.assertEquals(int_to_bytes(B).encode("hex").upper(),
B_expected.replace(" ", "").replace("\n", ""))
A = calculate_client_pubkey(params, a)
A_expected = """
61D5E490 F6F1B795 47B0704C 436F523D D0E560F0 C64115BB 72557EC4
4352E890 3211C046 92272D8B 2D1A5358 A2CF1B6E 0BFCF99F 921530EC
8E393561 79EAE45E 42BA92AE ACED8251 71E1E8B9 AF6D9C03 E1327F44
BE087EF0 6530E69F 66615261 EEF54073 CA11CF58 58F0EDFD FE15EFEA
B349EF5D 76988A36 72FAC47B 0769447B
"""
self.assertEquals(int_to_bytes(A).encode("hex").upper(),
A_expected.replace(" ", "").replace("\n", ""))
# Check calculation of shared secret
params["ckey"] = b64encode(int_to_bytes(A))
S = calculate_shared_secret(params, privkey=b, verifier=v)
S_expected = """
B0DC82BA BCF30674 AE450C02 87745E79 90A3381F 63B387AA F271A10D
233861E3 59B48220 F7C4693C 9AE12B0A 6F67809F 0876E2D0 13800D6C
41BB59B6 D5979B5C 00A172B4 A2A5903A 0BDCAF8A 709585EB 2AFAFA8F
3499B200 210DCC1F 10EB3394 3CD67FC8 8A2F39A4 BE5BEC4E C0A3212D
C346D7E4 74B29EDE 8A469FFE CA686E5A
"""
self.assertEquals(int_to_bytes(S).encode("hex").upper(),
S_expected.replace(" ", "").replace("\n", ""))