def private_key(u, s, p):
"""Given the username, salt, and cleartext password, return the private
key, which is the long integer form of the hashed arguments."""
h = hash(s + hash(u + p))
x = string_to_long(h)
return x
def message_came_in(self, s, data):
socket = self.socket[s]
try:
msg = bdecode(data)
except ValueError:
self._send_error(s, None, 'garbage data')
self._close(s)
return
if socket['state'] == 0:
try:
pw = socket['pw'] = self.passwd.get(msg['user'])
except KeyError:
self._send_error(s, None, 'Bad user')
self._close(s)
return
socket['user'] = msg['user']
if msg['op'] == 'get hash':
self._send_msg(s, {'hash': sha.new('public hash check' + pw['secret']).digest()})
socket['state'] = 3
elif msg['op'] == 'secret auth':
self._secret_auth(s)
elif msg['op'] == 'srp auth':
self._srp_auth(s, msg)
else:
self._close(s)
elif socket['state'] == 1:
srp = socket['srp']
if srp['m'].digest() != msg['m']:
self._send_error(s, None, 'Bad password')
socket['state'] = 3
return
auth = SRP.host_authenticator(srp['K'], srp['A'], srp['m'].digest())
self._send_msg(s, {'auth': auth.digest()})
self.nh.set_hmac(s, srp['m'], auth)
socket['state'] = 2
elif socket['state'] == 2:
srp = socket['srp']
if msg['op'] == 'get secret':
secret = socket['pw']['secret']
esecret = crypt(secret, srp['K'])[0]
self._send_msg(s, {'secret': esecret})
socket['state'] = 3
elif msg['op'] == 'set password':
if socket['user'] == 'anonymous':
self._send_error(s, None, 'operation not permitted')
self._close(s)
return
v = string_to_long(crypt(msg['v'], srp['K'])[0])
self.passwd.define(socket['user'], v, msg['s'])
self._send_msg(s, {'ok': 1})
self._close(s)
elif socket['state'] == 3:
if msg['op'] == 'secret auth':
self._secret_auth(s)
elif msg['op'] == 'srp auth':
self._srp_auth(s, msg)
else:
self._close(s)
elif socket['state'] == 4:
pw = socket['pw']
if len(msg['salt']) < 20:
self._send_error(s, None, 'Bad salt length')
self._close(s)
return
if msg['salt'] + socket['salt'] == socket['salt'] + msg['salt']:
self._send_error(s, None, 'Bad salt')
self._close(s)
return
base = 'session key' + pw['secret'] + socket['salt'] + msg['salt']
key = sha.new(base).digest()
socket['m_in'] = hmac.new(key, '', sha)
base = 'session key' + pw['secret'] + msg['salt'] + socket['salt']
key = sha.new(base).digest()
socket['m_out'] = hmac.new(key, '', sha)
if msg['auth'] != socket['m_out'].digest():
self._send_error(s, None, 'Bad password')
socket['state'] = 3
return
self._send_msg(s, {'auth': socket['m_in'].digest()})
self.nh.set_hmac(s, socket['m_in'], socket['m_out'])
self._req_mode(s, 1)
self.socket[s] = [{}, {}, socket['user'], [], 1]
else:
self._close(s)
def message_came_in(self, s, data):
socket = self.socket[s]
try:
msg = bdecode(data)
except ValueError:
self._send_error(s, None, 'garbage data')
self._close(s)
return
if socket['state'] == 0:
try:
pw = socket['pw'] = self.passwd.get(msg['user'])
except KeyError:
self._send_error(s, None, 'Bad user')
self._close(s)
return
socket['user'] = msg['user']
if msg['op'] == 'get hash':
self._send_msg(s, {
'hash':
sha.new('public hash check' + pw['secret']).digest()
})
socket['state'] = 3
elif msg['op'] == 'secret auth':
self._secret_auth(s)
elif msg['op'] == 'srp auth':
self._srp_auth(s, msg)
else:
self._close(s)
elif socket['state'] == 1:
srp = socket['srp']
if srp['m'].digest() != msg['m']:
self._send_error(s, None, 'Bad password')
socket['state'] = 3
return
auth = SRP.host_authenticator(srp['K'], srp['A'],
srp['m'].digest())
self._send_msg(s, {'auth': auth.digest()})
self.nh.set_hmac(s, srp['m'], auth)
socket['state'] = 2
elif socket['state'] == 2:
srp = socket['srp']
if msg['op'] == 'get secret':
secret = socket['pw']['secret']
esecret = crypt(secret, srp['K'])[0]
self._send_msg(s, {'secret': esecret})
socket['state'] = 3
elif msg['op'] == 'set password':
if socket['user'] == 'anonymous':
self._send_error(s, None, 'operation not permitted')
self._close(s)
return
v = string_to_long(crypt(msg['v'], srp['K'])[0])
self.passwd.define(socket['user'], v, msg['s'])
self._send_msg(s, {'ok': 1})
self._close(s)
elif socket['state'] == 3:
if msg['op'] == 'secret auth':
self._secret_auth(s)
elif msg['op'] == 'srp auth':
self._srp_auth(s, msg)
else:
self._close(s)
elif socket['state'] == 4:
pw = socket['pw']
if len(msg['salt']) < 20:
self._send_error(s, None, 'Bad salt length')
self._close(s)
return
if msg['salt'] + socket['salt'] == socket['salt'] + msg['salt']:
self._send_error(s, None, 'Bad salt')
self._close(s)
return
base = 'session key' + pw['secret'] + socket['salt'] + msg['salt']
key = sha.new(base).digest()
socket['m_in'] = hmac.new(key, '', sha)
base = 'session key' + pw['secret'] + msg['salt'] + socket['salt']
key = sha.new(base).digest()
socket['m_out'] = hmac.new(key, '', sha)
if msg['auth'] != socket['m_out'].digest():
self._send_error(s, None, 'Bad password')
socket['state'] = 3
return
self._send_msg(s, {'auth': socket['m_in'].digest()})
self.nh.set_hmac(s, socket['m_in'], socket['m_out'])
self._req_mode(s, 1)
self.socket[s] = [{}, {}, socket['user'], [], 1]
else:
self._close(s)
def private_key(u, s, p):
"""Given the username, salt, and cleartext password, return the private
key, which is the long integer form of the hashed arguments."""
h = hash(s + hash(u + p))
x = string_to_long(h)
return x