diff options
author | Kali Kaneko (leap communications) <kali@leap.se> | 2016-03-04 01:26:58 -0400 |
---|---|---|
committer | Kali Kaneko (leap communications) <kali@leap.se> | 2016-03-04 01:26:58 -0400 |
commit | 05a15eb66ce7912094361e78e81d073e88cae21b (patch) | |
tree | eaabed069b065c49f6d479dbe59b75611e7c8eab | |
parent | 4cb031e3de822e95d1d16105e786329c686b91c4 (diff) |
hide srpauth implementation details
-rw-r--r-- | bonafide/src/leap/bonafide/_srp.py | 48 | ||||
-rw-r--r-- | bonafide/src/leap/bonafide/session.py | 25 |
2 files changed, 37 insertions, 36 deletions
diff --git a/bonafide/src/leap/bonafide/_srp.py b/bonafide/src/leap/bonafide/_srp.py index 1c711f3..38f657b 100644 --- a/bonafide/src/leap/bonafide/_srp.py +++ b/bonafide/src/leap/bonafide/_srp.py @@ -31,41 +31,45 @@ class SRPAuthMechanism(object): Implement a protocol-agnostic SRP Authentication mechanism. """ - def initialize(self, username, password): - srp_user = srp.User(username, password, - srp.SHA256, srp.NG_1024) - _, A = srp_user.start_authentication() - return srp_user, A - - def get_handshake_params(self, username, A): - return {'login': bytes(username), 'A': binascii.hexlify(A)} - - def process_handshake(self, srp_user, handshake_response): + def __init__(self, username, password): + self.username = username + self.srp_user = srp.User(username, password, + srp.SHA256, srp.NG_1024) + _, A = self.srp_user.start_authentication() + self.A = A + self.M = None + self.M2 = None + + def get_handshake_params(self): + return {'login': bytes(self.username), + 'A': binascii.hexlify(self.A)} + + def process_handshake(self, handshake_response): challenge = json.loads(handshake_response) self._check_for_errors(challenge) salt = challenge.get('salt', None) B = challenge.get('B', None) unhex_salt, unhex_B = self._unhex_salt_B(salt, B) - M = srp_user.process_challenge(unhex_salt, unhex_B) - return M + self.M = self.srp_user.process_challenge(unhex_salt, unhex_B) - def get_authentication_params(self, M, A): + def get_authentication_params(self): # It looks A is not used server side - return {'client_auth': binascii.hexlify(M), 'A': binascii.hexlify(A)} + return {'client_auth': binascii.hexlify(self.M), + 'A': binascii.hexlify(self.A)} def process_authentication(self, authentication_response): auth = json.loads(authentication_response) self._check_for_errors(auth) uuid = auth.get('id', None) token = auth.get('token', None) - M2 = auth.get('M2', None) - self._check_auth_params(uuid, token, M2) - return uuid, token, M2 - - def verify_authentication(self, srp_user, M2): - unhex_M2 = _safe_unhexlify(M2) - srp_user.verify_session(unhex_M2) - assert srp_user.authenticated() + self.M2 = auth.get('M2', None) + self._check_auth_params(uuid, token, self.M2) + return uuid, token + + def verify_authentication(self): + unhex_M2 = _safe_unhexlify(self.M2) + self.srp_user.verify_session(unhex_M2) + assert self.srp_user.authenticated() def _check_for_errors(self, response): if 'errors' in response: diff --git a/bonafide/src/leap/bonafide/session.py b/bonafide/src/leap/bonafide/session.py index 547f0dd..ec1587f 100644 --- a/bonafide/src/leap/bonafide/session.py +++ b/bonafide/src/leap/bonafide/session.py @@ -61,9 +61,10 @@ class Session(object): def _initialize_session(self): self._agent = cookieAgentFactory(self._provider_cert) - self._srp_auth = _srp.SRPAuthMechanism() + username = self.username or '' + password = self.password or '' + self._srp_auth = _srp.SRPAuthMechanism(username, password) self._srp_signup = _srp.SRPSignupMechanism() - self._srp_user = None self._token = None self._uuid = None @@ -79,36 +80,30 @@ class Session(object): @property def is_authenticated(self): - if not self._srp_user: - return False - return self._srp_user.authenticated() + return self._srp_auth.srp_user.authenticated() @defer.inlineCallbacks def authenticate(self): - srpuser, A = self._srp_auth.initialize( - self.username, self.password) - self._srp_user = srpuser - uri = self._api.get_handshake_uri() met = self._api.get_handshake_method() log.msg("%s to %s" % (met, uri)) - params = self._srp_auth.get_handshake_params(self.username, A) + params = self._srp_auth.get_handshake_params() handshake = yield self._request(self._agent, uri, values=params, method=met) - M = self._srp_auth.process_handshake(srpuser, handshake) + self._srp_auth.process_handshake(handshake) uri = self._api.get_authenticate_uri(login=self.username) met = self._api.get_authenticate_method() log.msg("%s to %s" % (met, uri)) - params = self._srp_auth.get_authentication_params(M, A) + params = self._srp_auth.get_authentication_params() auth = yield self._request(self._agent, uri, values=params, method=met) - uuid, token, M2 = self._srp_auth.process_authentication(auth) - self._srp_auth.verify_authentication(srpuser, M2) + uuid, token = self._srp_auth.process_authentication(auth) + self._srp_auth.verify_authentication() self._uuid = uuid self._token = token @@ -120,6 +115,8 @@ class Session(object): uri = self._api.get_logout_uri() met = self._api.get_logout_method() auth = yield self._request(self._agent, uri, method=met) + print 'AUTH', auth + print 'resetting user/pass' self.username = None self.password = None self._initialize_session() |