def uid(self, auth_plugin_list, wire_crypt): def pack_cnct_param(k, v): if k != CNCT_specific_data: return bs([k] + [len(v)]) + v # specific_data split per 254 bytes b = b'' i = 0 while len(v) > 254: b += bs([k, 255, i]) + v[:254] v = v[254:] i += 1 b += bs([k, len(v)+1, i]) + v return b if sys.platform == 'win32': user = os.environ['USERNAME'] hostname = os.environ['COMPUTERNAME'] else: user = os.environ.get('USER', '') hostname = socket.gethostname() r = b'' if auth_plugin_list: specific_data = None if auth_plugin_list[0] == 'Srp': self.client_public_key, self.client_private_key = \ srp.client_seed() specific_data = bytes_to_hex( srp.long2bytes(self.client_public_key)) elif auth_plugin_list[0] == 'Legacy_Auth': enc_pass = get_crypt(self.password) if enc_pass: specific_data = self.str_to_bytes(enc_pass) else: if not isinstance(auth_plugin_list, tuple): raise OperationalError("Auth plugin list need tuple.") else: raise OperationalError( "Unknown auth plugin name '%s'" % (auth_plugin_list[0])) auth_plugin_list = [s.encode('utf-8') for s in auth_plugin_list] self.plugin_name = auth_plugin_list[0] self.plugin_list = b','.join(auth_plugin_list) if wire_crypt: client_crypt = int_to_bytes(1, 4) else: client_crypt = int_to_bytes(0, 4) if auth_plugin_list: r += pack_cnct_param(CNCT_login, self.str_to_bytes(self.user.upper())) r += pack_cnct_param(CNCT_plugin_name, self.plugin_name) r += pack_cnct_param(CNCT_plugin_list, self.plugin_list) if specific_data: r += pack_cnct_param(CNCT_specific_data, specific_data) r += pack_cnct_param(CNCT_client_crypt, client_crypt) r += pack_cnct_param(CNCT_user, self.str_to_bytes(user)) r += pack_cnct_param(CNCT_host, self.str_to_bytes(hostname)) r += pack_cnct_param(CNCT_user_verification, b'') return r
def uid(self, auth_plugin_name, wire_crypt): def pack_cnct_param(k, v): if k != CNCT_specific_data: return bs([k] + [len(v)]) + v # specific_data split per 254 bytes b = b'' i = 0 while len(v) > 254: b += bs([k, 255, i]) + v[:254] v = v[254:] i += 1 b += bs([k, len(v) + 1, i]) + v return b auth_plugin_list = ('Srp256', 'Srp', 'Legacy_Auth') # get and calculate CNCT_xxxx values if sys.platform == 'win32': user = os.environ['USERNAME'] hostname = os.environ['COMPUTERNAME'] else: user = os.environ.get('USER', '') hostname = socket.gethostname() if auth_plugin_name in ('Srp256', 'Srp'): self.client_public_key, self.client_private_key = srp.client_seed() specific_data = bytes_to_hex(srp.long2bytes( self.client_public_key)) elif auth_plugin_name == 'Legacy_Auth': assert crypt, "Legacy_Auth needs crypt module" specific_data = self.str_to_bytes(get_crypt(self.password)) else: raise OperationalError("Unknown auth plugin name '%s'" % (auth_plugin_name, )) self.plugin_name = auth_plugin_name self.plugin_list = b','.join( [s.encode('utf-8') for s in auth_plugin_list]) client_crypt = b'\x01\x00\x00\x00' if wire_crypt else b'\x00\x00\x00\x00' # set CNCT_xxxx values r = b'' r += pack_cnct_param(CNCT_login, self.str_to_bytes(self.user)) r += pack_cnct_param(CNCT_plugin_name, self.str_to_bytes(self.plugin_name)) r += pack_cnct_param(CNCT_plugin_list, self.plugin_list) r += pack_cnct_param(CNCT_specific_data, specific_data) r += pack_cnct_param(CNCT_client_crypt, client_crypt) r += pack_cnct_param(CNCT_user, self.str_to_bytes(user)) r += pack_cnct_param(CNCT_host, self.str_to_bytes(hostname)) r += pack_cnct_param(CNCT_user_verification, b'') return r
def test_sha1(self): user = b'SYSDBA' password = b'masterkey' A, a = srp.client_seed(srp.DEBUG_PRIVATE_KEY) salt = srp.DEBUG_SALT v = srp.get_verifier(user, password, salt) B, b = srp.server_seed(v, srp.DEBUG_PRIVATE_KEY) serverKey = srp.server_session(user, password, salt, A, B, b) M, clientKey = srp.client_proof(user, password, salt, A, B, a, hashlib.sha1) self.assertEqual(clientKey, serverKey) self.assertEqual(M, binascii.unhexlify('8c12324bb6e9e683a3ee62e13905b95d69f028a9'))
def test_sha256(self): user = b'SYSDBA' password = b'masterkey' A, a = srp.client_seed(srp.DEBUG_PRIVATE_KEY) salt = srp.DEBUG_SALT v = srp.get_verifier(user, password, salt) B, b = srp.server_seed(v, srp.DEBUG_PRIVATE_KEY) serverKey = srp.server_session(user, password, salt, A, B, b) M, clientKey = srp.client_proof(user, password, salt, A, B, a, hashlib.sha256) self.assertEqual(clientKey, serverKey) self.assertEqual(M, binascii.unhexlify('4675c18056c04b00cc2b991662324c22c6f08bb90beb3677416b03469a770308'))
def uid(self, auth_plugin_name, wire_crypt): def pack_cnct_param(k, v): if k != CNCT_specific_data: return bs([k] + [len(v)]) + v # specific_data split per 254 bytes b = b'' i = 0 while len(v) > 254: b += bs([k, 255, i]) + v[:254] v = v[254:] i += 1 b += bs([k, len(v)+1, i]) + v return b auth_plugin_list = ('Srp', 'Legacy_Auth') # get and calculate CNCT_xxxx values if sys.platform == 'win32': user = os.environ['USERNAME'] hostname = os.environ['COMPUTERNAME'] else: user = os.environ.get('USER', '') hostname = socket.gethostname() if auth_plugin_name == 'Srp': self.client_public_key, self.client_private_key = srp.client_seed() specific_data = bytes_to_hex(srp.long2bytes(self.client_public_key)) elif auth_plugin_name == 'Legacy_Auth': assert crypt, "Legacy_Auth needs crypt module" specific_data = self.str_to_bytes(get_crypt(self.password)) else: raise OperationalError("Unknown auth plugin name '%s'" % (auth_plugin_name,)) self.plugin_name = auth_plugin_name self.plugin_list = b','.join([s.encode('utf-8') for s in auth_plugin_list]) client_crypt = b'\x01\x00\x00\x00' if wire_crypt else b'\x00\x00\x00\x00' # set CNCT_xxxx values r = b'' r += pack_cnct_param(CNCT_login, self.str_to_bytes(self.user.upper())) r += pack_cnct_param(CNCT_plugin_name, self.str_to_bytes(self.plugin_name)) r += pack_cnct_param(CNCT_plugin_list, self.plugin_list) r += pack_cnct_param(CNCT_specific_data, specific_data) r += pack_cnct_param(CNCT_client_crypt, client_crypt) r += pack_cnct_param(CNCT_user, self.str_to_bytes(user)) r += pack_cnct_param(CNCT_host, self.str_to_bytes(hostname)) r += pack_cnct_param(CNCT_user_verification, b'') return r
def test_sha1(self): user = b'SYSDBA' password = b'masterkey' A, a = srp.client_seed(srp.DEBUG_PRIVATE_KEY) salt = srp.DEBUG_SALT v = srp.get_verifier(user, password, salt) B, b = srp.server_seed(v, srp.DEBUG_PRIVATE_KEY) serverKey = srp.server_session(user, password, salt, A, B, b) M, clientKey = srp.client_proof(user, password, salt, A, B, a, hashlib.sha1) self.assertEqual(clientKey, serverKey) self.assertEqual( M, binascii.unhexlify('8c12324bb6e9e683a3ee62e13905b95d69f028a9'))
def test_srp_key_exchange(self): user = b'sysdba' password = b'masterkey' # Client send A to Server A, a = srp.client_seed() # Server send B, salt to Client salt = srp.get_salt() v = srp.get_verifier(user, password, salt) B, b = srp.server_seed(v) serverKey = srp.server_session(user, password, salt, A, B, b) # Client send M to Server M, clientKey = srp.client_proof(user, password, salt, A, B, a) # Client and Server has same key self.assertEqual(clientKey, serverKey)
def test_sha256(self): user = b'SYSDBA' password = b'masterkey' A, a = srp.client_seed(srp.DEBUG_PRIVATE_KEY) salt = srp.DEBUG_SALT v = srp.get_verifier(user, password, salt) B, b = srp.server_seed(v, srp.DEBUG_PRIVATE_KEY) serverKey = srp.server_session(user, password, salt, A, B, b) M, clientKey = srp.client_proof(user, password, salt, A, B, a, hashlib.sha256) self.assertEqual(clientKey, serverKey) self.assertEqual( M, binascii.unhexlify( '4675c18056c04b00cc2b991662324c22c6f08bb90beb3677416b03469a770308' ))