def _get_challenge_params(self, request, params=None, nonce=None):
     """Generate a fresh set of challenge parameters."""
     # Parse the parameters from the incoming request.
     # We're only looking for username, so don't bother validating
     # any other parameters that may be present.
     if params is None:
         params = parse_authz_header(request)
         if params is None:
             return {}
     # If they didn't provide the username, they get a blank challenge.
     # This is the first request in the handshake.
     username = params.get("username")
     if username is None:
         return {}
     # If they did provide the username, then they need to know the
     # salt, server-side key, etc.  This is the second request.
     (algorithm, salt, verifier) = self._get_verifier(username)
     if verifier is None:
         return {}
     new_params = {}
     new_params["algorithm"] = algorithm
     new_params["salt"] = salt
     # Generate new nonce if needed
     if nonce is None:
         nonce = self.nonce_manager.generate_nonce(request)
     new_params["nonce"] = nonce
     # Calculate the corresponding server public key.
     privkey = self._get_privkey(nonce)
     pubkey = calculate_server_pubkey(params, privkey, verifier)
     new_params["skey"] = b64encode(int_to_bytes(pubkey))
     # That'll do it.
     return new_params
Exemplo n.º 2
0
 def _get_challenge_params(self, request, params=None, nonce=None):
     """Generate a fresh set of challenge parameters."""
     # Parse the parameters from the incoming request.
     # We're only looking for username, so don't bother validating
     # any other parameters that may be present.
     if params is None:
         params = parse_authz_header(request)
         if params is None:
             return {}
     # If they didn't provide the username, they get a blank challenge.
     # This is the first request in the handshake.
     username = params.get("username")
     if username is None:
         return {}
     # If they did provide the username, then they need to know the
     # salt, server-side key, etc.  This is the second request.
     (algorithm, salt, verifier) = self._get_verifier(username)
     if verifier is None:
         return {}
     new_params = {}
     new_params["algorithm"] = algorithm
     new_params["salt"] = salt
     # Generate new nonce if needed
     if nonce is None:
         nonce = self.nonce_manager.generate_nonce(request)
     new_params["nonce"] = nonce
     # Calculate the corresponding server public key.
     privkey = self._get_privkey(nonce)
     pubkey = calculate_server_pubkey(params, privkey, verifier)
     new_params["skey"] = b64encode(int_to_bytes(pubkey))
     # That'll do it.
     return new_params
 def test_rfc5054_example(self):
     # Input parameters as defined in the RFC.
     username = "******"
     password = "******"
     algorithm = "SRP-1024-SHA1"
     salt = "BEB25379 D1A8581E B5A72767 3A2441EE"
     salt = salt.replace(" ", "").decode("hex")
     params = {
         "algorithm": algorithm,
         "username": username,
         "salt": salt,
     }
     a = """
        60975527 035CF2AD 1989806F 0407210B C81EDC04 E2762A56 AFD529DD
        DA2D4393
     """
     a = a.replace(" ", "").replace("\n", "").decode("hex")
     a = int_from_bytes(a)
     b = """
        E487CB59 D31AC550 471E81F0 0F6928E0 1DDA08E9 74A004F4 9E61F5D1
        05284D20
     """
     b = b.replace(" ", "").replace("\n", "").decode("hex")
     b = int_from_bytes(b)
     # Sanity-check algorithm paramters.
     (N, g, k, hashmod, _) = ALGORITHMS[algorithm]
     self.assertEquals(
         int_to_bytes(k).encode("hex").upper(),
         "7556AA045AEF2CDD07ABAF0F665C3E818913186F")
     # Check calculation of x and v
     salted = salt + hashmod(username + ":" + password).digest()
     x = int_from_bytes(hashmod(salted).digest())
     self.assertEquals(
         int_to_bytes(x).encode("hex").upper(),
         "94B7555AABE9127CC58CCF4993DB6CF84D16C124")
     v = calculate_verifier(params, password)
     v_expected = """
        7E273DE8 696FFC4F 4E337D05 B4B375BE B0DDE156 9E8FA00A 9886D812
        9BADA1F1 822223CA 1A605B53 0E379BA4 729FDC59 F105B478 7E5186F5
        C671085A 1447B52A 48CF1970 B4FB6F84 00BBF4CE BFBB1681 52E08AB5
        EA53D15C 1AFF87B2 B9DA6E04 E058AD51 CC72BFC9 033B564E 26480D78
        E955A5E2 9E7AB245 DB2BE315 E2099AFB
     """
     self.assertEquals(
         int_to_bytes(v).encode("hex").upper(),
         v_expected.replace(" ", "").replace("\n", ""))
     # Check calculation of A and B
     B = calculate_server_pubkey(params, b, v)
     B_expected = """
        BD0C6151 2C692C0C B6D041FA 01BB152D 4916A1E7 7AF46AE1 05393011
        BAF38964 DC46A067 0DD125B9 5A981652 236F99D9 B681CBF8 7837EC99
        6C6DA044 53728610 D0C6DDB5 8B318885 D7D82C7F 8DEB75CE 7BD4FBAA
        37089E6F 9C6059F3 88838E7A 00030B33 1EB76840 910440B1 B27AAEAE
        EB4012B7 D7665238 A8E3FB00 4B117B58
     """
     self.assertEquals(
         int_to_bytes(B).encode("hex").upper(),
         B_expected.replace(" ", "").replace("\n", ""))
     A = calculate_client_pubkey(params, a)
     A_expected = """
        61D5E490 F6F1B795 47B0704C 436F523D D0E560F0 C64115BB 72557EC4
        4352E890 3211C046 92272D8B 2D1A5358 A2CF1B6E 0BFCF99F 921530EC
        8E393561 79EAE45E 42BA92AE ACED8251 71E1E8B9 AF6D9C03 E1327F44
        BE087EF0 6530E69F 66615261 EEF54073 CA11CF58 58F0EDFD FE15EFEA
        B349EF5D 76988A36 72FAC47B 0769447B
     """
     self.assertEquals(
         int_to_bytes(A).encode("hex").upper(),
         A_expected.replace(" ", "").replace("\n", ""))
     # Check calculation of shared secret
     params["ckey"] = b64encode(int_to_bytes(A))
     S = calculate_shared_secret(params, privkey=b, verifier=v)
     S_expected = """
        B0DC82BA BCF30674 AE450C02 87745E79 90A3381F 63B387AA F271A10D
        233861E3 59B48220 F7C4693C 9AE12B0A 6F67809F 0876E2D0 13800D6C
        41BB59B6 D5979B5C 00A172B4 A2A5903A 0BDCAF8A 709585EB 2AFAFA8F
        3499B200 210DCC1F 10EB3394 3CD67FC8 8A2F39A4 BE5BEC4E C0A3212D
        C346D7E4 74B29EDE 8A469FFE CA686E5A
     """
     self.assertEquals(
         int_to_bytes(S).encode("hex").upper(),
         S_expected.replace(" ", "").replace("\n", ""))
 def test_int_to_bytes(self):
     for i in xrange(20):
         n = int(os.urandom(10).encode("hex"), 16)
         self.assertEquals(int_from_bytes(int_to_bytes(n)), n)
 def test_rfc5054_example(self):
     # Input parameters as defined in the RFC.
     username = "******"
     password = "******"
     algorithm = "SRP-1024-SHA1"
     salt = "BEB25379 D1A8581E B5A72767 3A2441EE"
     salt = salt.replace(" ", "").decode("hex")
     params = {
         "algorithm": algorithm,
         "username": username,
         "salt": salt,
     }
     a = """
        60975527 035CF2AD 1989806F 0407210B C81EDC04 E2762A56 AFD529DD
        DA2D4393
     """
     a = a.replace(" ", "").replace("\n", "").decode("hex")
     a = int_from_bytes(a)
     b = """
        E487CB59 D31AC550 471E81F0 0F6928E0 1DDA08E9 74A004F4 9E61F5D1
        05284D20
     """
     b = b.replace(" ", "").replace("\n", "").decode("hex")
     b = int_from_bytes(b)
     # Sanity-check algorithm paramters.
     (N, g, k, hashmod, _) = ALGORITHMS[algorithm]
     self.assertEquals(int_to_bytes(k).encode("hex").upper(),
                       "7556AA045AEF2CDD07ABAF0F665C3E818913186F")
     # Check calculation of x and v
     salted = salt + hashmod(username + ":" + password).digest()
     x = int_from_bytes(hashmod(salted).digest())
     self.assertEquals(int_to_bytes(x).encode("hex").upper(),
                       "94B7555AABE9127CC58CCF4993DB6CF84D16C124")
     v = calculate_verifier(params, password)
     v_expected = """
        7E273DE8 696FFC4F 4E337D05 B4B375BE B0DDE156 9E8FA00A 9886D812
        9BADA1F1 822223CA 1A605B53 0E379BA4 729FDC59 F105B478 7E5186F5
        C671085A 1447B52A 48CF1970 B4FB6F84 00BBF4CE BFBB1681 52E08AB5
        EA53D15C 1AFF87B2 B9DA6E04 E058AD51 CC72BFC9 033B564E 26480D78
        E955A5E2 9E7AB245 DB2BE315 E2099AFB
     """
     self.assertEquals(int_to_bytes(v).encode("hex").upper(),
                       v_expected.replace(" ", "").replace("\n", ""))
     # Check calculation of A and B
     B = calculate_server_pubkey(params, b, v)
     B_expected = """
        BD0C6151 2C692C0C B6D041FA 01BB152D 4916A1E7 7AF46AE1 05393011
        BAF38964 DC46A067 0DD125B9 5A981652 236F99D9 B681CBF8 7837EC99
        6C6DA044 53728610 D0C6DDB5 8B318885 D7D82C7F 8DEB75CE 7BD4FBAA
        37089E6F 9C6059F3 88838E7A 00030B33 1EB76840 910440B1 B27AAEAE
        EB4012B7 D7665238 A8E3FB00 4B117B58
     """
     self.assertEquals(int_to_bytes(B).encode("hex").upper(),
                       B_expected.replace(" ", "").replace("\n", ""))
     A = calculate_client_pubkey(params, a)
     A_expected = """
        61D5E490 F6F1B795 47B0704C 436F523D D0E560F0 C64115BB 72557EC4
        4352E890 3211C046 92272D8B 2D1A5358 A2CF1B6E 0BFCF99F 921530EC
        8E393561 79EAE45E 42BA92AE ACED8251 71E1E8B9 AF6D9C03 E1327F44
        BE087EF0 6530E69F 66615261 EEF54073 CA11CF58 58F0EDFD FE15EFEA
        B349EF5D 76988A36 72FAC47B 0769447B
     """
     self.assertEquals(int_to_bytes(A).encode("hex").upper(),
                       A_expected.replace(" ", "").replace("\n", ""))
     # Check calculation of shared secret
     params["ckey"] = b64encode(int_to_bytes(A))
     S = calculate_shared_secret(params, privkey=b, verifier=v)
     S_expected = """
        B0DC82BA BCF30674 AE450C02 87745E79 90A3381F 63B387AA F271A10D
        233861E3 59B48220 F7C4693C 9AE12B0A 6F67809F 0876E2D0 13800D6C
        41BB59B6 D5979B5C 00A172B4 A2A5903A 0BDCAF8A 709585EB 2AFAFA8F
        3499B200 210DCC1F 10EB3394 3CD67FC8 8A2F39A4 BE5BEC4E C0A3212D
        C346D7E4 74B29EDE 8A469FFE CA686E5A
     """
     self.assertEquals(int_to_bytes(S).encode("hex").upper(),
                       S_expected.replace(" ", "").replace("\n", ""))
 def test_int_to_bytes(self):
     for i in xrange(20):
         n = int(os.urandom(10).encode("hex"), 16)
         self.assertEquals(int_from_bytes(int_to_bytes(n)), n)