def host_begin(user, A, s, v):
"""Look the user up in the passwd database, calculate our version of
the session key, and return it along with a keyed hash of the values
used in the calculation as proof. The client must match this proof."""
n, g = pf
# We don't trust the client, who might be trying to send bogus data in
# order to break the protocol.
if A <= 0 or n <= A:
raise ImproperKeyValue
# Pick our random public keys.
B = 0
while B == 0:
b = random_long(ablen)
B = ((3*v) + pow(g, b, n)) % n
u = pow(g, random_long(tlen), n)
# Calculate the (private, shared secret) session key.
t = (A * pow(v, u, n)) % n
if t <= 1 or t + 1 == n:
raise ImproperKeyValue # WeakKeyValue -- could be our fault so retry
S = pow(t, b, n)
K = hash(S)
# Create the proof using a keyed hash.
m = _client_authenticator(K, n, g, user, s, A, B, u)
return (B, u, K, m)
def host_begin(user, A, s, v):
"""Look the user up in the passwd database, calculate our version of
the session key, and return it along with a keyed hash of the values
used in the calculation as proof. The client must match this proof."""
n, g = pf
# We don't trust the client, who might be trying to send bogus data in
# order to break the protocol.
if A <= 0 or n <= A:
raise ImproperKeyValue
# Pick our random public keys.
B = 0
while B == 0:
b = random_long(ablen)
B = ((3 * v) + pow(g, b, n)) % n
u = pow(g, random_long(tlen), n)
# Calculate the (private, shared secret) session key.
t = (A * pow(v, u, n)) % n
if t <= 1 or t + 1 == n:
raise ImproperKeyValue # WeakKeyValue -- could be our fault so retry
S = pow(t, b, n)
K = hash(S)
# Create the proof using a keyed hash.
m = _client_authenticator(K, n, g, user, s, A, B, u)
return (B, u, K, m)
def client_begin():
# Here we could optionally query the host for the pfid and salt, or
# indeed the pf itself plus salt. We'd have to verify that n and g
# are valid in the latter case, and we need a local copy anyway in the
# former.
pfid = 0
n, g = pf
# Pick a random number and send it to the host, who responds with
# the user's salt and more random numbers. Note that in the standard
# SRP implementation, u is derived from B.
a = random_long(ablen)
A = pow(g, a, n)
return (A, a, g, n)
def client_begin():
# Here we could optionally query the host for the pfid and salt, or
# indeed the pf itself plus salt. We'd have to verify that n and g
# are valid in the latter case, and we need a local copy anyway in the
# former.
pfid = 0
n, g = pf
# Pick a random number and send it to the host, who responds with
# the user's salt and more random numbers. Note that in the standard
# SRP implementation, u is derived from B.
a = random_long(ablen)
A = pow(g, a, n)
return (A, a, g, n)