diff options
Diffstat (limited to 'src/leap/bitmask/bonafide/_srp.py')
-rw-r--r-- | src/leap/bitmask/bonafide/_srp.py | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/src/leap/bitmask/bonafide/_srp.py b/src/leap/bitmask/bonafide/_srp.py index b0dd83ff..34a75a56 100644 --- a/src/leap/bitmask/bonafide/_srp.py +++ b/src/leap/bitmask/bonafide/_srp.py @@ -101,9 +101,7 @@ class SRPSignupMechanism(object): """ def get_signup_params(self, username, password): - salt, verifier = srp.create_salted_verification_key( - bytes(username), bytes(password), - srp.SHA256, srp.NG_1024) + salt, verifier = _get_salt_verifier(username, password) user_data = { 'user[login]': username, 'user[password_salt]': binascii.hexlify(salt), @@ -121,6 +119,25 @@ class SRPSignupMechanism(object): return username +class SRPPasswordChangeMechanism(object): + + """ + Implement a protocol-agnostic SRP passord change mechanism. + """ + + def get_password_params(self, username, password): + salt, verifier = _get_salt_verifier(username, password) + user_data = { + 'user[password_salt]': binascii.hexlify(salt), + 'user[password_verifier]': binascii.hexlify(verifier)} + return user_data + + +def _get_salt_verifier(username, password): + return srp.create_salted_verification_key(bytes(username), bytes(password), + srp.SHA256, srp.NG_1024) + + def _safe_unhexlify(val): return binascii.unhexlify(val) \ if (len(val) % 2 == 0) else binascii.unhexlify('0' + val) |