diff options
-rw-r--r-- | .hgignore | 19 | ||||
-rw-r--r-- | _ctsrp.py | 442 | ||||
-rw-r--r-- | _pysrp.py | 225 | ||||
-rw-r--r-- | _srp.c | 1137 | ||||
-rw-r--r-- | doc/conf.py | 194 | ||||
-rw-r--r-- | doc/srp.rst | 127 | ||||
-rwxr-xr-x | setup.py | 16 | ||||
-rw-r--r-- | srp.py | 36 | ||||
-rw-r--r-- | test_srp.py | 76 |
9 files changed, 2272 insertions, 0 deletions
diff --git a/.hgignore b/.hgignore new file mode 100644 index 0000000..ece540b --- /dev/null +++ b/.hgignore @@ -0,0 +1,19 @@ +syntax: re +# This line is a comment, and will be skipped. +# Empty lines are skipped too. + +# Backup files left behind by the Emacs editor. +/*~ + +\.pyc$ + +# Lock files used by the Emacs editor. +# Notice that the "#" character is quoted with a backslash. +# This prevents it from being interpreted as starting a comment. +.*\#.* + +\.so$ +\.o$ + +.*old_.* +\.orig$ diff --git a/_ctsrp.py b/_ctsrp.py new file mode 100644 index 0000000..4675591 --- /dev/null +++ b/_ctsrp.py @@ -0,0 +1,442 @@ + # N A large safe prime (N = 2q+1, where q is prime)
+ # All arithmetic is done modulo N.
+ # g A generator modulo N
+ # k Multiplier parameter (k = H(N, g) in SRP-6a, k = 3 for legacy SRP-6)
+ # s User's salt
+ # I Username
+ # p Cleartext Password
+ # H() One-way hash function
+ # ^ (Modular) Exponentiation
+ # u Random scrambling parameter
+ # a,b Secret ephemeral values
+ # A,B Public ephemeral values
+ # x Private key (derived from p and s)
+ # v Password verifier
+
+import os
+import sys
+import hashlib
+import random
+import ctypes
+import atexit
+import time
+
+
+SHA256_DIGEST_LENGTH = 32
+
+N_HEX = "AC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73"
+G_HEX = "2"
+HNxorg = None
+
+dlls = list()
+
+if 'win' in sys.platform:
+ for d in ('libeay32.dll', 'libssl32.dll', 'ssleay32.dll'):
+ try:
+ dlls.append( ctypes.cdll.LoadLibrary(d) )
+ except:
+ pass
+else:
+ dlls.append( ctypes.cdll.LoadLibrary('libssl.so') )
+
+
+class BIGNUM_Struct (ctypes.Structure):
+ _fields_ = [ ("d", ctypes.c_void_p),
+ ("top", ctypes.c_int),
+ ("dmax", ctypes.c_int),
+ ("neg", ctypes.c_int),
+ ("flags", ctypes.c_int) ]
+
+
+class BN_CTX_Struct (ctypes.Structure):
+ _fields_ = [ ("_", ctypes.c_byte) ]
+
+
+BIGNUM = ctypes.POINTER( BIGNUM_Struct )
+BN_CTX = ctypes.POINTER( BN_CTX_Struct )
+
+
+def load_func( name, args, returns = ctypes.c_int):
+ d = sys.modules[ __name__ ].__dict__
+ f = None
+
+ for dll in dlls:
+ try:
+ f = getattr(dll, name)
+ f.argtypes = args
+ f.restype = returns
+ d[ name ] = f
+ return
+ except:
+ pass
+ raise ImportError('Unable to load required functions from SSL dlls')
+
+
+load_func( 'BN_new', [], BIGNUM )
+load_func( 'BN_free', [ BIGNUM ], None )
+load_func( 'BN_init', [ BIGNUM ], None )
+load_func( 'BN_clear', [ BIGNUM ], None )
+
+load_func( 'BN_CTX_new', [] , BN_CTX )
+load_func( 'BN_CTX_init', [ BN_CTX ], None )
+load_func( 'BN_CTX_free', [ BN_CTX ], None )
+
+load_func( 'BN_cmp', [ BIGNUM, BIGNUM ], ctypes.c_int )
+
+load_func( 'BN_num_bits', [ BIGNUM ], ctypes.c_int )
+
+load_func( 'BN_add', [ BIGNUM, BIGNUM, BIGNUM ] )
+load_func( 'BN_sub', [ BIGNUM, BIGNUM, BIGNUM ] )
+load_func( 'BN_mul', [ BIGNUM, BIGNUM, BIGNUM, BN_CTX ] )
+load_func( 'BN_div', [ BIGNUM, BIGNUM, BIGNUM, BIGNUM, BN_CTX ] )
+load_func( 'BN_mod_exp', [ BIGNUM, BIGNUM, BIGNUM, BIGNUM, BN_CTX ] )
+
+load_func( 'BN_rand', [ BIGNUM, ctypes.c_int, ctypes.c_int, ctypes.c_int ] )
+
+load_func( 'BN_bn2bin', [ BIGNUM, ctypes.c_char_p ] )
+load_func( 'BN_bin2bn', [ ctypes.c_char_p, ctypes.c_int, BIGNUM ], BIGNUM )
+
+load_func( 'BN_hex2bn', [ ctypes.POINTER(BIGNUM), ctypes.c_char_p ] )
+load_func( 'BN_bn2hex', [ BIGNUM ], ctypes.c_char_p )
+
+load_func( 'CRYPTO_free', [ ctypes.c_char_p ] )
+
+load_func( 'RAND_seed', [ ctypes.c_char_p, ctypes.c_int ] )
+
+
+def BN_num_bytes(a):
+ return ((BN_num_bits(a)+7)/8)
+
+
+def BN_mod(rem,m,d,ctx):
+ return BN_div(None, rem, m, d, ctx)
+
+
+def BN_is_zero( n ):
+ return n[0].top == 0
+
+
+def bn_to_bytes( n ):
+ b = ctypes.create_string_buffer( BN_num_bytes(n) )
+ BN_bn2bin(n, b)
+ return b.raw
+
+
+def bytes_to_bn( dest_bn, bytes ):
+ BN_bin2bn(bytes, len(bytes), dest_bn)
+
+
+def H_str( dest_bn, s ):
+ d = hashlib.sha256(s).digest()
+ buff = ctypes.create_string_buffer( s )
+ BN_bin2bn(d, len(d), dest)
+
+
+def H_bn( dest, n ):
+ bin = ctypes.create_string_buffer( BN_num_bytes(n) )
+ BN_bn2bin(n, bin)
+ d = hashlib.sha256( bin.raw ).digest()
+ BN_bin2bn(d, len(d), dest)
+
+
+def H_bn_bn( dest, n1, n2 ):
+ h = hashlib.sha256()
+ bin1 = ctypes.create_string_buffer( BN_num_bytes(n1) )
+ bin2 = ctypes.create_string_buffer( BN_num_bytes(n2) )
+ BN_bn2bin(n1, bin1)
+ BN_bn2bin(n2, bin2)
+ h.update( bin1.raw )
+ h.update( bin2.raw )
+ d = h.digest()
+ BN_bin2bn(d, len(d), dest)
+
+
+def H_bn_str( dest, n, s ):
+ h = hashlib.sha256()
+ bin = ctypes.create_string_buffer( BN_num_bytes(n) )
+ BN_bn2bin(n, bin)
+ h.update( bin.raw )
+ h.update( s )
+ d = h.digest()
+ BN_bin2bn(d, len(d), dest)
+
+
+def calculate_x( dest, salt, username, password ):
+ up = hashlib.sha256('%s:%s' % (username, password )).digest()
+ H_bn_str( dest, salt, up )
+
+
+def update_hash( ctx, n ):
+ buff = ctypes.create_string_buffer( BN_num_bytes(n) )
+ BN_bn2bin(n, buff)
+ ctx.update( buff.raw )
+
+
+def calculate_M( I, s, A, B, K ):
+ h = hashlib.sha256()
+ h.update( HNxorg )
+ h.update( hashlib.sha256(I).digest() )
+ update_hash( h, s )
+ update_hash( h, A )
+ update_hash( h, B )
+ h.update( K )
+ return h.digest()
+
+
+def calculate_H_AMK( A, M, K ):
+ h = hashlib.sha256()
+ update_hash( h, A )
+ h.update( M )
+ h.update( K )
+ return h.digest()
+
+
+def calculate_HN_xor_Hg():
+ global HNxorg
+
+ bN = ctypes.create_string_buffer( BN_num_bytes(N) )
+ bg = ctypes.create_string_buffer( BN_num_bytes(g) )
+
+ BN_bn2bin(N, bN)
+ BN_bn2bin(g, bg)
+
+ hN = hashlib.sha256( bN.raw ).digest()
+ hg = hashlib.sha256( bg.raw ).digest()
+
+ HNxorg = ''.join( chr( ord(hN[i]) ^ ord(hg[i]) ) for i in range(0,len(hN)) )
+
+
+def gen_sv( username, password ):
+ s = BN_new()
+ v = BN_new()
+ x = BN_new()
+ ctx = BN_CTX_new()
+
+ BN_rand(s, 32, -1, 0);
+
+ calculate_x(x, s, username, password )
+
+ BN_mod_exp(v, g, x, N, ctx)
+
+ salt = bn_to_bytes( s )
+ verifier = bn_to_bytes( v )
+
+ BN_free(s)
+ BN_free(v)
+ BN_free(x)
+ BN_CTX_free(ctx)
+
+ return salt, verifier
+
+
+
+class Verifier (object):
+ def __init__(self, username, bytes_s, bytes_v, bytes_A):
+ self.A = BN_new()
+ self.B = BN_new()
+ self.K = None
+ self.S = BN_new()
+ self.u = BN_new()
+ self.b = BN_new()
+ self.s = BN_new()
+ self.v = BN_new()
+ self.tmp1 = BN_new()
+ self.tmp2 = BN_new()
+ self.ctx = BN_CTX_new()
+ self.I = username
+ self.M = None
+ self.H_AMK = None
+ self._authenticated = False
+
+ self.safety_failed = False
+
+ bytes_to_bn( self.s, bytes_s )
+ bytes_to_bn( self.v, bytes_v )
+ bytes_to_bn( self.A, bytes_A )
+
+ # SRP-6a safety check
+ BN_mod(self.tmp1, self.A, N, self.ctx)
+
+ if BN_is_zero(self.tmp1):
+ self.safety_failed = True
+ else:
+ BN_rand(self.b, 256, -1, 0)
+
+ # B = kv + g^b
+ BN_mul(self.tmp1, k, self.v, self.ctx)
+ BN_mod_exp(self.tmp2, g, self.b, N, self.ctx)
+ BN_add(self.B, self.tmp1, self.tmp2)
+
+ H_bn_bn(self.u, self.A, self.B)
+
+ # S = (A *(v^u)) ^ b
+ BN_mod_exp(self.tmp1, self.v, self.u, N, self.ctx)
+ BN_mul(self.tmp2, self.A, self.tmp1, self.ctx)
+ BN_mod_exp(self.S, self.tmp2, self.b, N, self.ctx)
+
+ self.K = hashlib.sha256( bn_to_bytes(self.S) ).digest()
+
+ self.M = calculate_M( self.I, self.s, self.A, self.B, self.K )
+ self.H_AMK = calculate_H_AMK( self.A, self.M, self.K )
+
+
+ def __del__(self):
+ BN_free(self.A)
+ BN_free(self.B)
+ BN_free(self.S)
+ BN_free(self.u)
+ BN_free(self.b)
+ BN_free(self.s)
+ BN_free(self.v)
+ BN_free(self.tmp1)
+ BN_free(self.tmp2)
+ BN_CTX_free(self.ctx)
+
+
+ def authenticated(self):
+ return self._authenticated
+
+
+ def get_username(self):
+ return self.I
+
+
+ def get_session_key(self):
+ return self.K if self._authenticated else None
+
+
+ # returns (bytes_s, bytes_B) on success, (None,None) if SRP-6a safety check fails
+ def get_challenge(self):
+ if self.safety_failed:
+ return None, None
+ else:
+ return (bn_to_bytes(self.s), bn_to_bytes(self.B))
+
+
+ def verify_session(self, user_M):
+ if user_M == self.M:
+ self._authenticated = True
+ return self.H_AMK
+
+
+
+
+class User (object):
+ def __init__(self, username, password):
+ self.username = username
+ self.password = password
+ self.a = BN_new()
+ self.A = BN_new()
+ self.B = BN_new()
+ self.s = BN_new()
+ self.S = BN_new()
+ self.u = BN_new()
+ self.x = BN_new()
+ self.v = BN_new()
+ self.tmp1 = BN_new()
+ self.tmp2 = BN_new()
+ self.tmp3 = BN_new()
+ self.ctx = BN_CTX_new()
+ self.M = None
+ self.K = None
+ self.H_AMK = None
+ self._authenticated = False
+
+ BN_rand(self.a, 256, -1, 0)
+
+ BN_mod_exp(self.A, g, self.a, N, self.ctx)
+
+
+ def __del__(self):
+ BN_free(self.a)
+ BN_free(self.A)
+ BN_free(self.B)
+ BN_free(self.s)
+ BN_free(self.S)
+ BN_free(self.u)
+ BN_free(self.x)
+ BN_free(self.v)
+ BN_free(self.tmp1)
+ BN_free(self.tmp2)
+ BN_free(self.tmp3)
+ BN_CTX_free(self.ctx)
+
+
+ def authenticated(self):
+ return self._authenticated
+
+
+ def get_username(self):
+ return self.username
+
+
+ def get_session_key(self):
+ return self.K if self._authenticated else None
+
+
+ def start_authentication(self):
+ return (self.username, bn_to_bytes(self.A))
+
+
+ # Returns M or None if SRP-6a safety check is violated
+ def process_challenge(self, bytes_s, bytes_B):
+
+ bytes_to_bn( self.s, bytes_s )
+ bytes_to_bn( self.B, bytes_B )
+
+ # SRP-6a safety check
+ if BN_is_zero(self.B):
+ return None
+
+ H_bn_bn(self.u, self.A, self.B)
+
+ # SRP-6a safety check
+ if BN_is_zero(self.u):
+ return None
+
+ calculate_x( self.x, self.s, self.username, self.password )
+
+ BN_mod_exp(self.v, g, self.x, N, self.ctx)
+
+ # S = (B - k*(g^x)) ^ (a + ux)
+
+ BN_mul(self.tmp1, self.u, self.x, self.ctx)
+ BN_add(self.tmp2, self.a, self.tmp1) # tmp2 = (a + ux)
+ BN_mod_exp(self.tmp1, g, self.x, N, self.ctx)
+ BN_mul(self.tmp3, k, self.tmp1, self.ctx) # tmp3 = k*(g^x)
+ BN_sub(self.tmp1, self.B, self.tmp3) # tmp1 = (B - K*(g^x))
+ BN_mod_exp(self.S, self.tmp1, self.tmp2, N, self.ctx)
+
+ self.K = hashlib.sha256( bn_to_bytes(self.S) ).digest()
+ self.M = calculate_M( self.username, self.s, self.A, self.B, self.K )
+ self.H_AMK = calculate_H_AMK( self.A, self.M, self.K )
+
+ return self.M
+
+
+ def verify_session(self, host_HAMK):
+ if self.H_AMK == host_HAMK:
+ self._authenticated = True
+
+#---------------------------------------------------------
+# Init
+#
+N = BN_new()
+g = BN_new()
+k = BN_new()
+HNxorg = None
+
+BN_hex2bn( N, N_HEX )
+BN_hex2bn( g, G_HEX )
+H_bn_bn(k, N, g)
+
+calculate_HN_xor_Hg()
+
+RAND_seed( os.urandom(32), 32 )
+
+def cleanup():
+ BN_free( N )
+ BN_free( g )
+ BN_free( k )
+
+atexit.register( cleanup )
diff --git a/_pysrp.py b/_pysrp.py new file mode 100644 index 0000000..8a89e71 --- /dev/null +++ b/_pysrp.py @@ -0,0 +1,225 @@ + # N A large safe prime (N = 2q+1, where q is prime) + # All arithmetic is done modulo N. + # g A generator modulo N + # k Multiplier parameter (k = H(N, g) in SRP-6a, k = 3 for legacy SRP-6) + # s User's salt + # I Username + # p Cleartext Password + # H() One-way hash function + # ^ (Modular) Exponentiation + # u Random scrambling parameter + # a,b Secret ephemeral values + # A,B Public ephemeral values + # x Private key (derived from p and s) + # v Password verifier + +import hashlib +import os +import binascii + + +def bytes_to_long(s): + n = ord(s[0]) + for b in ( ord(x) for x in s[1:] ): + n = (n << 8) | b + return n + + +def long_to_bytes(n): + l = list() + x = 0 + off = 0 + while x != n: + b = (n >> off) & 0xFF + l.append( chr(b) ) + x = x | (b << off) + off += 8 + l.reverse() + return ''.join(l) + + +def get_random( nbytes ): + return bytes_to_long( os.urandom( nbytes ) ) + + +def old_H( s1, s2 = '', s3=''): + if isinstance(s1, (long, int)): + s1 = long_to_bytes(s1) + if s2 and isinstance(s2, (long, int)): + s2 = long_to_bytes(s2) + if s3 and isinstance(s3, (long, int)): + s3 = long_to_bytes(s3) + s = s1 + s2 + s3 + return long(hashlib.sha256(s).hexdigest(), 16) + + +def H( *args, **kwargs ): + h = hashlib.sha256() + + for s in args: + if s is not None: + h.update( long_to_bytes(s) if isinstance(s, (long, int)) else s ) + + return long( h.hexdigest(), 16 ) + + + +N = 0xAC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73; +g = 2; +k = H(N,g) + +hN = hashlib.sha256( long_to_bytes(N) ).digest() +hg = hashlib.sha256( long_to_bytes(g) ).digest() + +HNxorg = ''.join( chr( ord(hN[i]) ^ ord(hg[i]) ) for i in range(0,len(hN)) ) + + + +def gen_x( salt, username, password ): + return H( salt, H( username + ':' + password ) ) + + + + +def gen_sv( username, password ): + _s = long_to_bytes( get_random( 4 ) ) + _v = long_to_bytes( pow(g, gen_x( _s, username, password ), N) ) + + return _s, _v + + + +def calculate_M( I, s, A, B, K ): + h = hashlib.sha256() + h.update( HNxorg ) + h.update( hashlib.sha256(I).digest() ) + h.update( long_to_bytes(s) ) + h.update( long_to_bytes(A) ) + h.update( long_to_bytes(B) ) + h.update( K ) + return h.digest() + + +def calculate_H_AMK( A, M, K ): + h = hashlib.sha256() + h.update( long_to_bytes(A) ) + h.update( M ) + h.update( K ) + return h.digest() + + + + +class Verifier (object): + + def __init__(self, username, bytes_s, bytes_v, bytes_A): + self.s = bytes_to_long(bytes_s) + self.v = bytes_to_long(bytes_v) + self.I = username + self.K = None + self._authenticated = False + + self.A = bytes_to_long(bytes_A) + + # SRP-6a safety check + self.safety_failed = self.A % N == 0 + + if not self.safety_failed: + + self.b = get_random( 32 ) + self.B = (k*self.v + pow(g, self.b, N)) % N + self.u = H(self.A, self.B) + self.S = pow(self.A*pow(self.v, self.u, N ), self.b, N) + self.K = hashlib.sha256( long_to_bytes(self.S) ).digest() + self.M = calculate_M( self.I, self.s, self.A, self.B, self.K ) + self.H_AMK = calculate_H_AMK(self.A, self.M, self.K) + + + def authenticated(self): + return self._authenticated + + + def get_username(self): + return self.I + + + def get_session_key(self): + return self.K if self._authenticated else None + + # returns (bytes_s, bytes_B) on success, (None,None) if SRP-6a safety check fails + def get_challenge(self): + if self.safety_failed: + return None,None + else: + return (long_to_bytes(self.s), long_to_bytes(self.B)) + + # returns H_AMK on success, None on failure + def verify_session(self, user_M): + if not self.safety_failed and user_M == self.M: + self._authenticated = True + return self.H_AMK + + + + +class User (object): + def __init__(self, username, password): + self.I = username + self.p = password + self.a = get_random( 32 ) + self.A = pow(g, self.a, N) + self.v = None + self.M = None + self.K = None + self.H_AMK = None + self._authenticated = False + + + def authenticated(self): + return self._authenticated + + + def get_username(self): + return self.username + + + def get_session_key(self): + return self.K if self._authenticated else None + + + def start_authentication(self): + return (self.I, long_to_bytes(self.A)) + + + # Returns M or None if SRP-6a safety check is violated + def process_challenge(self, bytes_s, bytes_B): + + self.s = bytes_to_long( bytes_s ) + self.B = bytes_to_long( bytes_B ) + + # SRP-6a safety check + if (self.B % N) == 0: + return None + + self.u = H( self.A, self.B ) + + # SRP-6a safety check + if self.u == 0: + return None + + self.x = gen_x( self.s, self.I, self.p ) + + self.v = pow(g, self.x, N) + + self.S = pow((self.B - k*self.v), (self.a + self.u*self.x), N) + + self.K = hashlib.sha256( long_to_bytes(self.S) ).digest() + self.M = calculate_M( self.I, self.s, self.A, self.B, self.K ) + self.H_AMK = calculate_H_AMK(self.A, self.M, self.K) + + return self.M + + + def verify_session(self, host_HAMK): + if self.H_AMK == host_HAMK: + self._authenticated = True @@ -0,0 +1,1137 @@ +#include <Python.h> +#include <stdlib.h> +#include <string.h> +#include <stdio.h> + +#include <openssl/bn.h> +#include <openssl/sha.h> +#include <openssl/crypto.h> +#include <openssl/rand.h> + +/* 2048-bit prime & generator pair from RFC 5054 */ +#define N_HEX "AC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73" +#define G_HEX "2" + + +static const BIGNUM * N = 0; +static const BIGNUM * g = 0; +static const BIGNUM * k = 0; + + +struct SRPVerifier +{ + const char * username; + const unsigned char * bytes_B; + int authenticated; + + unsigned char M [SHA256_DIGEST_LENGTH]; + unsigned char H_AMK [SHA256_DIGEST_LENGTH]; + unsigned char session_key [SHA256_DIGEST_LENGTH]; +}; + + +struct SRPUser +{ + BIGNUM *a; + BIGNUM *A; + BIGNUM *S; + + const unsigned char * bytes_A; + int authenticated; + + const char * username; + const unsigned char * password; + int password_len; + + unsigned char M [SHA256_DIGEST_LENGTH]; + unsigned char H_AMK [SHA256_DIGEST_LENGTH]; + unsigned char session_key [SHA256_DIGEST_LENGTH]; +}; + + +/****************************************************************************** + * + * SRP Internal Helper Functions + * + *****************************************************************************/ + +/* +static BIGNUM * H_s( const char * s ) +{ + unsigned char buff[ SHA256_DIGEST_LENGTH ]; + SHA256( (const unsigned char *)s, strlen(s), buff ); + return BN_bin2bn(buff, SHA256_DIGEST_LENGTH, NULL); +} + + +static BIGNUM * H_n( const BIGNUM * n ) +{ + unsigned char buff[ SHA256_DIGEST_LENGTH ]; + int nbytes = BN_num_bytes(n); + unsigned char * bin = (unsigned char *) malloc( nbytes ); + BN_bn2bin(n, bin); + SHA256( bin, nbytes, buff ); + free(bin); + return BN_bin2bn(buff, SHA256_DIGEST_LENGTH, NULL); +} +*/ + +static BIGNUM * H_nn( const BIGNUM * n1, const BIGNUM * n2 ) +{ + unsigned char buff[ SHA256_DIGEST_LENGTH ]; + int len_n1 = BN_num_bytes(n1); + int len_n2 = BN_num_bytes(n2); + int nbytes = len_n1 + len_n2; + unsigned char * bin = (unsigned char *) malloc( nbytes ); + BN_bn2bin(n1, bin); + BN_bn2bin(n2, bin + len_n1); + SHA256( bin, nbytes, buff ); + free(bin); + return BN_bin2bn(buff, SHA256_DIGEST_LENGTH, NULL); +} + + +static BIGNUM * H_ns( const BIGNUM * n, + const unsigned char * bytes, + int len_bytes ) +{ + unsigned char buff[ SHA256_DIGEST_LENGTH ]; + int len_n = BN_num_bytes(n); + int nbytes = len_n + len_bytes; + unsigned char * bin = (unsigned char *) malloc( nbytes ); + BN_bn2bin(n, bin); + memcpy( bin + len_n, bytes, len_bytes ); + SHA256( bin, nbytes, buff ); + free(bin); + return BN_bin2bn(buff, SHA256_DIGEST_LENGTH, NULL); +} + + +static BIGNUM * calculate_x( const BIGNUM * salt, + const char * username, + const unsigned char * password, + int password_len ) +{ + unsigned char ucp_hash[SHA256_DIGEST_LENGTH]; + SHA256_CTX ctx; + + SHA256_Init( &ctx ); + + SHA256_Update( &ctx, username, strlen(username) ); + SHA256_Update( &ctx, ":", 1 ); + SHA256_Update( &ctx, password, password_len ); + + SHA256_Final( ucp_hash, &ctx ); + + return H_ns( salt, ucp_hash, sizeof(ucp_hash) ); +} + + +static void update_hash( SHA256_CTX *ctx, const BIGNUM * n ) +{ + unsigned long len = BN_num_bytes(n); + unsigned char * n_bytes = (unsigned char *) malloc( len ); + BN_bn2bin(n, n_bytes); + SHA256_Update(ctx, n_bytes, len); + free( n_bytes ); +} + + +static void hash_num( const BIGNUM * n, unsigned char * dest ) +{ + int nbytes = BN_num_bytes(n); + unsigned char * bin = (unsigned char *) malloc( nbytes ); + BN_bn2bin(n, bin); + SHA256( bin, nbytes, dest ); + free( bin ); +} + + +static void calculate_M( unsigned char * dest, + const char * I, + const BIGNUM * s, + const BIGNUM * A, + const BIGNUM * B, + const unsigned char * K ) +{ + unsigned char H_N[ SHA256_DIGEST_LENGTH ]; + unsigned char H_g[ SHA256_DIGEST_LENGTH ]; + unsigned char H_I[ SHA256_DIGEST_LENGTH ]; + unsigned char H_xor[ SHA256_DIGEST_LENGTH ]; + SHA256_CTX ctx; + int i = 0; + + hash_num( N, H_N ); + hash_num( g, H_g ); + + SHA256((const unsigned char *)I, strlen(I), H_I); + + for (i=0; i < SHA256_DIGEST_LENGTH; i++ ) + H_xor[i] = H_N[i] ^ H_g[i]; + + SHA256_Init( &ctx ); + + SHA256_Update( &ctx, H_xor, sizeof(H_xor) ); + SHA256_Update( &ctx, H_I, sizeof(H_I) ); + update_hash( &ctx, s ); + update_hash( &ctx, A ); + update_hash( &ctx, B ); + SHA256_Update( &ctx, K, SHA256_DIGEST_LENGTH ); + + SHA256_Final( dest, &ctx ); +} + + +static void calculate_H_AMK( unsigned char * dest, + const BIGNUM * A, + const unsigned char * M, + const unsigned char * K ) +{ + SHA256_CTX ctx; + + SHA256_Init( &ctx ); + + update_hash( &ctx, A ); + SHA256_Update( &ctx, M, SHA256_DIGEST_LENGTH); + SHA256_Update( &ctx, K, SHA256_DIGEST_LENGTH); + + SHA256_Final( dest, &ctx ); +} + + +/****************************************************************************** + * + * SRP "external" API + * + *****************************************************************************/ + +static void srp_init( const char * random_seed, int seed_len ) +{ + BIGNUM *tN = BN_new(); + BIGNUM *tg = BN_new(); + + BN_hex2bn( &tN, N_HEX ); + BN_hex2bn( &tg, G_HEX ); + + N = tN; + g = tg; + + k = H_nn(N,g); + + RAND_seed( random_seed, seed_len ); +} + +static void srp_fini( void ) +{ + BN_free((BIGNUM *)N); + BN_free((BIGNUM *)g); + BN_free((BIGNUM *)k); + + N = 0; + g = 0; +} + + +static void srp_gen_sv( const char * username, + const unsigned char * password, int len_password, + const unsigned char ** bytes_s, int * len_s, + const unsigned char ** bytes_v, int * len_v ) +{ + BIGNUM * s = BN_new(); + BIGNUM * v = BN_new(); + BIGNUM * x = 0; + BN_CTX *ctx = BN_CTX_new(); + + BN_rand(s, 32, -1, 0); + + x = calculate_x( s, username, password, len_password ); + + BN_mod_exp(v, g, x, N, ctx); + + *len_s = BN_num_bytes(s); + *len_v = BN_num_bytes(v); + + *bytes_s = (const unsigned char *) malloc( *len_s ); + *bytes_v = (const unsigned char *) malloc( *len_v ); + + BN_bn2bin(s, (unsigned char *) *bytes_s); + BN_bn2bin(v, (unsigned char *) *bytes_v); + + BN_free(s); + BN_free(v); + BN_free(x); + BN_CTX_free(ctx); +} + + +/* Out: bytes_B, len_B. + * + * On failure, bytes_B will be set to NULL and len_B will be set to 0 + */ +static struct SRPVerifier * srp_verifier_new( const char * username, + const unsigned char * bytes_s, int len_s, + const unsigned char * bytes_v, int len_v, + const unsigned char * bytes_A, int len_A, + const unsigned char ** bytes_B, int * len_B) +{ + BIGNUM *s = BN_bin2bn(bytes_s, len_s, NULL); + BIGNUM *v = BN_bin2bn(bytes_v, len_v, NULL); + BIGNUM *A = BN_bin2bn(bytes_A, len_A, NULL); + BIGNUM *u = 0; + BIGNUM *B = BN_new(); + BIGNUM *S = BN_new(); + BIGNUM *b = BN_new(); + BIGNUM *tmp1 = BN_new(); + BIGNUM *tmp2 = BN_new(); + BN_CTX *ctx = BN_CTX_new(); + int ulen = strlen(username) + 1; + + struct SRPVerifier * ver; + + ver = (struct SRPVerifier *) malloc( sizeof(struct SRPVerifier) ); + + ver->username = (char *) malloc( ulen ); + + memcpy( (char*)ver->username, username, ulen ); + + ver->authenticated = 0; + + /* SRP-6a safety check */ + BN_mod(tmp1, A, N, ctx); + if ( !BN_is_zero(tmp1) ) + { + BN_rand(b, 256, -1, 0); + + /* B = kv + g^b */ + BN_mul(tmp1, k, v, ctx); + BN_mod_exp(tmp2, g, b, N, ctx); + BN_add(B, tmp1, tmp2); + + u = H_nn(A,B); + + /* S = (A *(v^u)) ^ b */ + BN_mod_exp(tmp1, v, u, N, ctx); + BN_mul(tmp2, A, tmp1, ctx); + BN_mod_exp(S, tmp2, b, N, ctx); + + hash_num(S, ver->session_key); + + calculate_M( ver->M, username, s, A, B, ver->session_key ); + calculate_H_AMK( ver->H_AMK, A, ver->M, ver->session_key ); + + *len_B = BN_num_bytes(B); + *bytes_B = malloc( *len_B ); + + BN_bn2bin( B, (unsigned char *) *bytes_B ); + + ver->bytes_B = *bytes_B; + } + else + { + *len_B = 0; + *bytes_B = NULL; + } + + BN_free(s); + BN_free(v); + BN_free(A); + if (u) BN_free(u); + BN_free(B); + BN_free(S); + BN_free(b); + BN_free(tmp1); + BN_free(tmp2); + BN_CTX_free(ctx); + + return ver; +} + + +static void srp_verifier_delete( struct SRPVerifier * ver ) +{ + free( (char *) ver->username ); + free( (unsigned char *) ver->bytes_B ); + free( ver ); +} + + +static int srp_verifier_is_authenticated( struct SRPVerifier * ver ) +{ + return ver->authenticated; +} + + +static const char * srp_verifier_get_username( struct SRPVerifier * ver ) +{ + return ver->username; +} + + +/* Key length is SHA256_DIGEST_LENGTH */ +static const unsigned char * +srp_verifier_get_session_key( struct SRPVerifier * ver ) +{ + return ver->session_key; +} + + +/* user_M must be exactly SHA256_DIGEST_LENGTH bytes in size */ +static void srp_verifier_verify_session( struct SRPVerifier * ver, + const unsigned char * user_M, + const unsigned char ** bytes_HAMK ) +{ + if ( memcmp( ver->M, user_M, SHA256_DIGEST_LENGTH ) == 0 ) + { + ver->authenticated = 1; + *bytes_HAMK = ver->H_AMK; + } + else + *bytes_HAMK = NULL; +} + + +/*******************************************************************************/ + +static struct SRPUser * srp_user_new( const char * username, + const unsigned char * bytes_password, + int len_password ) +{ + struct SRPUser *usr; + int ulen = strlen(username) + 1; + + usr = (struct SRPUser *) malloc( sizeof(struct SRPUser) ); + + usr->a = BN_new(); + usr->A = BN_new(); + usr->S = BN_new(); + + usr->username = (const char *) malloc(ulen); + usr->password = (const unsigned char *) malloc(len_password); + usr->password_len = len_password; + + memcpy((char *)usr->username, username, ulen); + memcpy((char *)usr->password, bytes_password, len_password); + + usr->bytes_A = 0; + + return usr; +} + + +static void srp_user_delete( struct SRPUser * usr ) +{ + BN_free( usr->a ); + BN_free( usr->A ); + BN_free( usr->S ); + + free((char *)usr->username); + free((char *)usr->password); + + if (usr->bytes_A) + free( (char *)usr->bytes_A ); + + free( usr ); +} + + +static int srp_user_is_authenticated( struct SRPUser * usr) +{ + return usr->authenticated; +} + + +static const char * srp_user_get_username( struct SRPUser * usr ) +{ + return usr->username; +} + + +/* Key length is SHA256_DIGEST_LENGTH */ +static const unsigned char * srp_user_get_session_key( struct SRPUser * usr ) +{ + return usr->session_key; +} + + +/* Output: username, bytes_A, len_A */ +static void srp_user_start_authentication( struct SRPUser * usr, + const char ** username, + const unsigned char ** bytes_A, + int * len_A ) +{ + BN_CTX *ctx = BN_CTX_new(); + + BN_rand(usr->a, 256, -1, 0); + + BN_mod_exp(usr->A, g, usr->a, N, ctx); + + BN_CTX_free(ctx); + + *len_A = BN_num_bytes(usr->A); + *bytes_A = malloc( *len_A ); + + BN_bn2bin( usr->A, (unsigned char *) *bytes_A ); + + usr->bytes_A = *bytes_A; + *username = usr->username; +} + + +/* Output: bytes_M. Buffer length is SHA256_DIGEST_LENGTH */ +static void srp_user_process_challenge( struct SRPUser * usr, + const unsigned char * bytes_s, + int len_s, + const unsigned char * bytes_B, + int len_B, + const unsigned char ** bytes_M ) +{ + BIGNUM *s = BN_bin2bn(bytes_s, len_s, NULL); + BIGNUM *B = BN_bin2bn(bytes_B, len_B, NULL); + BIGNUM *u = 0; + BIGNUM *x = 0; + BIGNUM *v = BN_new(); + BIGNUM *tmp1 = BN_new(); + BIGNUM *tmp2 = BN_new(); + BIGNUM *tmp3 = BN_new(); + BN_CTX *ctx = BN_CTX_new(); + + u = H_nn(usr->A,B); + + x = calculate_x( s, usr->username, usr->password, usr->password_len ); + + /* SRP-6a safety check */ + if ( !BN_is_zero(B) && !BN_is_zero(u) ) + { + BN_mod_exp(v, g, x, N, ctx); + + /* S = (B - k*(g^x)) ^ (a + ux) */ + BN_mul(tmp1, u, x, ctx); + BN_add(tmp2, usr->a, tmp1); /* tmp2 = (a + ux) */ + BN_mod_exp(tmp1, g, x, N, ctx); + BN_mul(tmp3, k, tmp1, ctx); /* tmp3 = k*(g^x) */ + BN_sub(tmp1, B, tmp3); /* tmp1 = (B - K*(g^x)) */ + BN_mod_exp(usr->S, tmp1, tmp2, N, ctx); + + hash_num(usr->S, usr->session_key); + + calculate_M( usr->M, usr->username, s, usr->A, B, usr->session_key ); + calculate_H_AMK( usr->H_AMK, usr->A, usr->M, usr->session_key ); + + *bytes_M = usr->M; + } + else + { + *bytes_M = NULL; + } + + BN_free(s); + BN_free(B); + BN_free(u); + BN_free(x); + BN_free(v); + BN_free(tmp1); + BN_free(tmp2); + BN_free(tmp3); + BN_CTX_free(ctx); +} + +/* bytes_HAMK must be exactly SHA256_DIGEST_LENGTH bytes in size */ +static void srp_user_verify_session( struct SRPUser * usr, + const unsigned char * bytes_HAMK ) +{ + if ( memcmp( usr->H_AMK, bytes_HAMK, SHA256_DIGEST_LENGTH ) == 0 ) + usr->authenticated = 1; +} + + +/****************************************************************************** + * + * Python Module + * + *****************************************************************************/ + +typedef struct +{ + PyObject_HEAD + struct SRPVerifier * ver; + const unsigned char * bytes_B; + const unsigned char * bytes_s; + int len_B; + int len_s; +}PyVerifier; + + +typedef struct +{ + PyObject_HEAD + struct SRPUser * usr; +}PyUser; + + +static void ver_dealloc( PyVerifier * self ) +{ + if ( self->ver != NULL ) + srp_verifier_delete( self->ver ); + + if ( self->bytes_s != NULL ) + free( (char *)self->bytes_s ); + + self->ob_type->tp_free( (PyObject *) self ); +} + + +static void usr_dealloc( PyUser * self ) +{ + if ( self->usr != NULL ) + srp_user_delete( self->usr ); + self->ob_type->tp_free( (PyObject *) self ); +} + + +static PyObject * ver_new(PyTypeObject *type, PyObject *args, PyObject *kwds) +{ + PyVerifier *self = (PyVerifier *) type->tp_alloc(type, 0); + + if (!self) + return NULL; + + self->ver = NULL; + self->bytes_B = NULL; + self->bytes_s = NULL; + self->len_B = 0; + self->len_s = 0; + + return (PyObject *) self; +} + + +static PyObject * usr_new(PyTypeObject *type, PyObject *args, PyObject *kwds) +{ + PyUser *self = (PyUser *) type->tp_alloc(type, 0); + + if (!self) + return NULL; + + self->usr = NULL; + + return (PyObject *) self; +} + + +static int ver_init( PyVerifier *self, PyObject *args, PyObject *kwds ) +{ + const char *username; + const unsigned char *bytes_s, *bytes_v, *bytes_A; + int len_s, len_v, len_A; + + if ( self->ver != NULL ) + { + PyErr_SetString(PyExc_TypeError, "Type cannot be re-initialized"); + return -1; + } + + if ( ! PyArg_ParseTuple(args, "st#t#t#", &username, + &bytes_s, &len_s, + &bytes_v, &len_v, + &bytes_A, &len_A) ) + { + return -1; + } + + /* The srp_verifier_new command is computationally intensive... ~15ms on a + * 3Ghz x86 CPU. Allowing multiple, simultaneous calls here may speed + * things up for multi-cpu machines + */ + Py_BEGIN_ALLOW_THREADS + self->ver = srp_verifier_new( username, + bytes_s, len_s, + bytes_v, len_v, + bytes_A, len_A, + &self->bytes_B, &self->len_B ); + Py_END_ALLOW_THREADS + + if ( self->bytes_B == NULL ) + { + PyErr_SetString(PyExc_Exception, "SRP-6a safety check violated"); + return -1; + } + + self->bytes_s = malloc( len_s ); + self->len_s = len_s; + + memcpy( (char *)self->bytes_s, bytes_s, len_s ); + + return 0; +} + + +static int usr_init( PyUser *self, PyObject *args, PyObject *kwds ) +{ + const char *username; + const unsigned char *bytes_password; + int len_password; + + if ( self->usr != NULL ) + { + PyErr_SetString(PyExc_TypeError, "Type cannot be re-initialized"); + return -1; + } + + if ( ! PyArg_ParseTuple(args, "st#", &username, + &bytes_password, + &len_password) ) + { + return -1; + } + + + self->usr = srp_user_new( username, bytes_password, len_password ); + + return 0; +} + + +static PyObject * ver_is_authenticated( PyVerifier * self ) +{ + if ( self->ver == NULL ) { + PyErr_SetString(PyExc_Exception, "Type not initialized"); + return NULL; + } + if ( srp_verifier_is_authenticated(self->ver) ) + Py_RETURN_TRUE; + else + Py_RETURN_FALSE; +} + + +static PyObject * usr_is_authenticated( PyUser * self ) +{ + if ( self->usr == NULL ) { + PyErr_SetString(PyExc_Exception, "Type not initialized"); + return NULL; + } + if ( srp_user_is_authenticated(self->usr) ) + Py_RETURN_TRUE; + else + Py_RETURN_FALSE; +} + + +static PyObject * ver_get_username( PyVerifier * self ) +{ + if ( self->ver == NULL ) { + PyErr_SetString(PyExc_Exception, "Type not initialized"); + return NULL; + } + + return PyString_FromString( srp_verifier_get_username(self->ver) ); +} + + +static PyObject * usr_get_username( PyUser * self ) +{ + if ( self->usr == NULL ) { + PyErr_SetString(PyExc_Exception, "Type not initialized"); + return NULL; + } + + return PyString_FromString( srp_user_get_username(self->usr) ); +} + + +static PyObject * ver_get_session_key( PyVerifier * self ) +{ + if ( self->ver == NULL ) { + PyErr_SetString(PyExc_Exception, "Type not initialized"); + return NULL; + } + if ( srp_verifier_is_authenticated(self->ver) ) + { + const char * u = (const char *)srp_verifier_get_session_key(self->ver); + return PyString_FromStringAndSize(u, SHA256_DIGEST_LENGTH); + } + else + Py_RETURN_NONE; +} + + +static PyObject * usr_get_session_key( PyUser * self ) +{ + if ( self->usr == NULL ) { + PyErr_SetString(PyExc_Exception, "Type not initialized"); + return NULL; + } + if ( srp_user_is_authenticated(self->usr) ) + { + const char * u = (const char *) srp_user_get_session_key(self->usr); + return PyString_FromStringAndSize(u, SHA256_DIGEST_LENGTH); + } + else + Py_RETURN_NONE; +} + + +static PyObject * ver_get_challenge( PyVerifier * self ) +{ + if ( self->ver == NULL ) { + PyErr_SetString(PyExc_Exception, "Type not initialized"); + return NULL; + } + if ( self->bytes_B == NULL ) { + PyErr_SetString(PyExc_Exception, "SRP-6a security check failed"); + return NULL; + } + + return Py_BuildValue("s#s#", self->bytes_s, + self->len_s, + self->bytes_B, + self->len_B); +} + + +static PyObject * ver_verify_session( PyVerifier * self, PyObject * args ) +{ + const unsigned char * bytes_M; + const unsigned char * bytes_HAMK; + int len_M; + + if ( self->ver == NULL ) { + PyErr_SetString(PyExc_Exception, "Type not initialized"); + return NULL; + } + + if ( ! PyArg_ParseTuple(args, "t#", &bytes_M, &len_M) ) + { + return NULL; + } + + if ( len_M != SHA256_DIGEST_LENGTH ) + Py_RETURN_NONE; + + srp_verifier_verify_session( self->ver, bytes_M, &bytes_HAMK ); + + if ( bytes_HAMK == NULL ) + Py_RETURN_NONE; + else + return PyString_FromStringAndSize((const char *) bytes_HAMK, + SHA256_DIGEST_LENGTH); +} + + +static PyObject * usr_start_authentication( PyUser * self ) +{ + const char * username; + const unsigned char * bytes_A; + int len_A; + + if ( self->usr == NULL ) { + PyErr_SetString(PyExc_Exception, "Type not initialized"); + return NULL; + } + + srp_user_start_authentication( self->usr, &username, &bytes_A, &len_A ); + + return Py_BuildValue("ss#", username, bytes_A, len_A); +} + + +static PyObject * usr_process_challenge( PyUser * self, PyObject * args ) +{ + const unsigned char * bytes_s, *bytes_B; + int len_s, len_B; + const unsigned char * bytes_M; + + if ( self->usr == NULL ) { + PyErr_SetString(PyExc_Exception, "Type not initialized"); + return NULL; + } + + if ( ! PyArg_ParseTuple(args, "t#t#", &bytes_s, &len_s, &bytes_B, + &len_B) ) + { + return NULL; + } + + /* The srp_user_process_challenge command is computationally intensive... + * ~20ms on a 2Ghz x86 CPU. Allowing multiple, simultaneous calls here will + * speed things up for multi-cpu machines. + */ + Py_BEGIN_ALLOW_THREADS + srp_user_process_challenge( self->usr, bytes_s, len_s, bytes_B, len_B, + &bytes_M ); + Py_END_ALLOW_THREADS + + if (bytes_M == NULL) + Py_RETURN_NONE; + else + return PyString_FromStringAndSize((const char *) bytes_M, + SHA256_DIGEST_LENGTH); +} + + +static PyObject * usr_verify_session( PyUser * self, PyObject * args ) +{ + const unsigned char * bytes_HAMK; + int len_HAMK; + + if ( self->usr == NULL ) { + PyErr_SetString(PyExc_Exception, "Type not initialized"); + return NULL; + } + + if ( ! PyArg_ParseTuple(args, "t#", &bytes_HAMK, &len_HAMK) ) + { + return NULL; + } + + if ( len_HAMK == SHA256_DIGEST_LENGTH ) + srp_user_verify_session( self->usr, bytes_HAMK ); + + Py_RETURN_NONE; +} + + +static PyObject * py_gen_sv( PyObject *self, PyObject *args ) +{ + const char *username; + const unsigned char *bytes_password, *bytes_s, *bytes_v; + int len_password, len_s, len_v; + PyObject *ret; + + if ( ! PyArg_ParseTuple(args, "st#", &username, &bytes_password, + &len_password) ) + return NULL; + + + srp_gen_sv( username, bytes_password, len_password, &bytes_s, &len_s, + &bytes_v, &len_v ); + + ret = Py_BuildValue("s#s#", bytes_s, len_s, bytes_v, len_v); + + free((char*)bytes_s); + free((char*)bytes_v); + + return ret; +} + + +/***********************************************************************************/ +static PyMethodDef PyVerifier_methods[] = { + {"authenticated", (PyCFunction) ver_is_authenticated, METH_NOARGS, + PyDoc_STR("Returns boolean indicating whether the session is " + "authenticated or not") + }, + {"get_username", (PyCFunction) ver_get_username, METH_NOARGS, + PyDoc_STR("Returns the username the Verifier instance is bound to.") + }, + {"get_session_key", (PyCFunction) ver_get_session_key, METH_NOARGS, + PyDoc_STR("Returns the session key for an authenticated session. " + "Returns None if the session is not authenticated.") + }, + {"get_challenge", (PyCFunction) ver_get_challenge, METH_NOARGS, + PyDoc_STR("Returns: (s,B) or None. The salt & challenge that " + "should be sent to the user or None if the SRP-6a " + "safety check fails.") + }, + {"verify_session", (PyCFunction) ver_verify_session, METH_VARARGS, + PyDoc_STR("Verifies the user based on their reply to " + "the challenge") + }, + {NULL} /* Sentinel */ +}; + + +static PyMethodDef PyUser_methods[] = { + {"authenticated", (PyCFunction) usr_is_authenticated, METH_NOARGS, + PyDoc_STR("Returns boolean indicating whether the session is " + "authenticated or not") + }, + {"get_username", (PyCFunction) usr_get_username, METH_NOARGS, + PyDoc_STR("Returns the username the User instance is bound to.") + }, + {"get_session_key", (PyCFunction) usr_get_session_key, METH_NOARGS, + PyDoc_STR("Returns the session key for an authenticated session. " + "Returns None if the session is not authenticated.") + }, + {"start_authentication", (PyCFunction) usr_start_authentication, + METH_NOARGS, + PyDoc_STR("Returns (username,A). The username and initial " + "authentication challenge to send to the verifier") + }, + {"process_challenge", (PyCFunction) usr_process_challenge, METH_VARARGS, + PyDoc_STR("Returns the reply to send to the server or None if the " + "SRP-6a safety check fails") + }, + {"verify_session", (PyCFunction) usr_verify_session, METH_VARARGS, + PyDoc_STR("Verifies the server based on its reply to the users " + "challenge response") + }, + {NULL} /* Sentinel */ +}; + + +static PyMethodDef srp_module_methods[] = { + {"gen_sv", (PyCFunction) py_gen_sv, METH_VARARGS, + PyDoc_STR("Returns (s,v): Generates a salt + verifier for the " + "given username and password") + }, + {NULL} /* Sentinel */ +}; + + +static PyTypeObject PyVerifier_Type = { + PyVarObject_HEAD_INIT(NULL, 0) + "_srp.Verifier", /*tp_name*/ + sizeof(PyVerifier), /*tp_basicsize*/ + 0, /*tp_itemsize*/ + /* methods */ + (destructor)ver_dealloc, /*tp_dealloc*/ + 0, /*tp_print*/ + 0, /*tp_getattr*/ + 0, /*tp_setattr*/ + 0, /*tp_compare*/ + 0, /*tp_repr*/ + 0, /*tp_as_number*/ + 0, /*tp_as_sequence*/ + 0, /*tp_as_mapping*/ + 0, /*tp_hash*/ + 0, /*tp_call*/ + 0, /*tp_str*/ + 0, /*tp_getattro*/ + 0, /*tp_setattro*/ + 0, /*tp_as_buffer*/ + Py_TPFLAGS_DEFAULT, /*tp_flags*/ + "SRP-6a verfier", /*tp_doc*/ + 0, /*tp_traverse*/ + 0, /*tp_clear*/ + 0, /*tp_richcompare*/ + 0, /*tp_weaklistoffset*/ + 0, /*tp_iter*/ + 0, /*tp_iternext*/ + PyVerifier_methods, /*tp_methods*/ + 0, /*tp_members*/ + 0, /*tp_getset*/ + 0, /*tp_base*/ + 0, /*tp_dict*/ + 0, /*tp_descr_get*/ + 0, /*tp_descr_set*/ + 0, /*tp_dictoffset*/ + (initproc)ver_init, /*tp_init*/ + 0, /*tp_alloc*/ + ver_new, /*tp_new*/ + 0, /*tp_free*/ + 0, /*tp_is_gc*/ +}; + + +static PyTypeObject PyUser_Type = { + PyVarObject_HEAD_INIT(NULL, 0) + "_srp.User", /*tp_name*/ + sizeof(PyUser), /*tp_basicsize*/ + 0, /*tp_itemsize*/ + /* methods */ + (destructor)usr_dealloc, /*tp_dealloc*/ + 0, /*tp_print*/ + 0, /*tp_getattr*/ + 0, /*tp_setattr*/ + 0, /*tp_compare*/ + 0, /*tp_repr*/ + 0, /*tp_as_number*/ + 0, /*tp_as_sequence*/ + 0, /*tp_as_mapping*/ + 0, /*tp_hash*/ + 0, /*tp_call*/ + 0, /*tp_str*/ + 0, /*tp_getattro*/ + 0, /*tp_setattro*/ + 0, /*tp_as_buffer*/ + Py_TPFLAGS_DEFAULT, /*tp_flags*/ + "SRP-6a User", /*tp_doc*/ + 0, /*tp_traverse*/ + 0, /*tp_clear*/ + 0, /*tp_richcompare*/ + 0, /*tp_weaklistoffset*/ + 0, /*tp_iter*/ + 0, /*tp_iternext*/ + PyUser_methods, /*tp_methods*/ + 0, /*tp_members*/ + 0, /*tp_getset*/ + 0, /*tp_base*/ + 0, /*tp_dict*/ + 0, /*tp_descr_get*/ + 0, /*tp_descr_set*/ + 0, /*tp_dictoffset*/ + (initproc)usr_init, /*tp_init*/ + 0, /*tp_alloc*/ + usr_new, /*tp_new*/ + 0, /*tp_free*/ + 0, /*tp_is_gc*/ +}; + + +PyMODINIT_FUNC +init_srp(void) +{ + int init_ok = 0; + PyObject *m = NULL; + PyObject *os = NULL; + PyObject *py_urandom = NULL; + + os = PyImport_ImportModule("os"); + + if (os == NULL) + return; + + py_urandom = PyObject_GetAttrString(os, "urandom"); + + if ( py_urandom && PyCallable_Check(py_urandom) ) + { + PyObject *args = Py_BuildValue("(i)", 32); + if ( args ) + { + PyObject *randstr = PyObject_CallObject(py_urandom, args); + if ( randstr && PyString_Check(randstr)) + { + char *buff = NULL; + Py_ssize_t slen = 0; + if (!PyString_AsStringAndSize(randstr, &buff, &slen)) + { + srp_init( buff, slen ); + init_ok = 1; + } + } + Py_XDECREF(randstr); + } + Py_XDECREF(args); + } + + Py_XDECREF(os); + Py_XDECREF(py_urandom); + + if (!init_ok) + { + PyErr_SetString(PyExc_ImportError, "Initialization failed"); + return; + } + + if ( Py_AtExit( &srp_fini ) ) + { + PyErr_SetString(PyExc_ImportError, "Failed to register atexit handler"); + return; + } + + + if (PyType_Ready(&PyVerifier_Type) < 0 || PyType_Ready(&PyUser_Type)) + return; + + m = Py_InitModule3("_srp", srp_module_methods,"SRP-6a implementation"); + + if (m == NULL) + return; + + Py_INCREF(&PyVerifier_Type); + Py_INCREF(&PyUser_Type); + + PyModule_AddObject(m, "Verifier", (PyObject*) &PyVerifier_Type ); + PyModule_AddObject(m, "User", (PyObject*) &PyUser_Type ); +}
\ No newline at end of file diff --git a/doc/conf.py b/doc/conf.py new file mode 100644 index 0000000..7d22afa --- /dev/null +++ b/doc/conf.py @@ -0,0 +1,194 @@ +# -*- coding: utf-8 -*- +# +# srp documentation build configuration file, created by +# sphinx-quickstart on Mon Aug 30 23:18:19 2010. +# +# This file is execfile()d with the current directory set to its containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +import sys, os + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +#sys.path.append(os.path.abspath('.')) + +# -- General configuration ----------------------------------------------------- + +# Add any Sphinx extension module names here, as strings. They can be extensions +# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. +extensions = [] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix of source filenames. +source_suffix = '.rst' + +# The encoding of source files. +#source_encoding = 'utf-8' + +# The master toctree document. +master_doc = 'srp' + +# General information about the project. +project = u'srp' +copyright = u'2010, Tom Cocagne' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +version = '0.9' +# The full version, including alpha/beta/rc tags. +release = '0.9' + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +#language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +#today = '' +# Else, today_fmt is used as the format for a strftime call. +#today_fmt = '%B %d, %Y' + +# List of documents that shouldn't be included in the build. +#unused_docs = [] + +# List of directories, relative to source directory, that shouldn't be searched +# for source files. +exclude_trees = ['_build'] + +# The reST default role (used for this markup: `text`) to use for all documents. +#default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +#add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +#add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +#show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +#modindex_common_prefix = [] + + +# -- Options for HTML output --------------------------------------------------- + +# The theme to use for HTML and HTML Help pages. Major themes that come with +# Sphinx are currently 'default' and 'sphinxdoc'. +html_theme = 'default' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +#html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +#html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# "<project> v<release> documentation". +#html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +#html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +#html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +#html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +#html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +#html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +#html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +#html_additional_pages = {} + +# If false, no module index is generated. +#html_use_modindex = True + +# If false, no index is generated. +#html_use_index = True + +# If true, the index is split into individual pages for each letter. +#html_split_index = False + +# If true, links to the reST sources are added to the pages. +#html_show_sourcelink = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a <link> tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +#html_use_opensearch = '' + +# If nonempty, this is the file name suffix for HTML files (e.g. ".xhtml"). +#html_file_suffix = '' + +# Output file base name for HTML help builder. +htmlhelp_basename = 'srpdoc' + + +# -- Options for LaTeX output -------------------------------------------------- + +# The paper size ('letter' or 'a4'). +#latex_paper_size = 'letter' + +# The font size ('10pt', '11pt' or '12pt'). +#latex_font_size = '10pt' + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, author, documentclass [howto/manual]). +latex_documents = [ + ('srp', 'srp.tex', u'srp Documentation', + u'Tom Cocagne', 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +#latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +#latex_use_parts = False + +# Additional stuff for the LaTeX preamble. +#latex_preamble = '' + +# Documents to append as an appendix to all manuals. +#latex_appendices = [] + +# If false, no module index is generated. +#latex_use_modindex = True diff --git a/doc/srp.rst b/doc/srp.rst new file mode 100644 index 0000000..8cfd780 --- /dev/null +++ b/doc/srp.rst @@ -0,0 +1,127 @@ +:mod:`srp` --- Secure Remote Password +===================================== + +.. module:: srp + :synopsis: Secure Remote Password + +.. moduleauthor:: Tom Cocagne <tom.cocagne@gmail.com> + +.. sectionauthor:: Tom Cocagne <tom.cocagne@gmail.com> + + +This module provides an implementation of the Secure Remote Password +Protocol. It may be used for secure, mutual authentication across an +unsecured network connection. With SRP, the user's password is never +sent across the network and a successful authentication results in a +cryptographically secure shared key that may be used for symmetric key +encryption. + +The SRP authentication requires that the server store a salt and verification +key that is computed from user's password. While care should be taken +to protect the verification key from disclosure, the protocol remains +reasonably secure even in the event that an attacker obtains it as a +computationally infeasible brute-force dictionary attack would be required +to derive the users password. + +See http://srp.stanford.edu/ for a full description of the SRP protocol. + +Functions +--------- + +.. function:: gen_sv ( username, password ) + + Generates a salt and verifier for the given username and password. + Returns (salt_bytes, verifier_bytes) + + +:class:`Verifier` Objects +------------------------- + +A :class:`Verifier` object is used to verify the identity of a remote +user. + +.. class:: Verifier( username, bytes_s, bytes_v, bytes_A ) + + *username* Name of the remote user being authenticated. + + *bytes_s* Salt generated by :func:`gen_sv`. + + *bytes_v* Verifier generated by :func:`gen_sv`. + + *bytes_A* Challenge from the remote user. Generated by + :meth:`User.start_authentication` + + .. method:: authenticated() + + Returns True if the authentication succeeded. False + otherwise. + + .. method:: get_username() + + Returns the name of the user this :class:`Verifier` object is for. + + .. method:: get_session_key() + + Returns the session key for an authenticated user or None if the + authentication failed or has not yet completed. + + .. method:: get_challenge() + + Returns (bytes_s, bytes_B) on success or (None, None) if + authentication has failed. + + .. method:: verify_session( user_M ) + + Completes the :class:`Verifier` side of the authentication + process. If the authentication succeded the return result, + bytes_H_AMK should be returned to the remote user. On failure, + this method returns None. + + +:class:`User` Objects +------------------------- + +A :class:`User` object is used to perform mutual authentication with a +remote :class:`Verifier`. Successful authentication requires not only +that the :class:`User` be provided with a valid username/password but +also that the remote :class:`Verifier` have a salt & verifier for that +username/password pair. + +.. class:: User( username, password ) + + *username* Name of the user being authenticated. + + *password* Password for the user. + + .. method:: authenticated() + + Returns True if authentication succeeded. False + otherwise. + + .. method:: get_username() + + Returns the username passed to the constructor. + + .. method:: get_session_key() + + Returns the session key if authentication succeeded or None if the + authentication failed or has not yet completed. + + .. method:: start_authentication() + + Returns (username, bytes_A). These should be passed to the + constructor of the remote :class:`Verifer` + + .. method:: process_challenge( bytes_s, bytes_B ) + + Processes the challenge returned + by :meth:`Verifier.get_challenge` on success this method + returns bytes_M that should be sent + to :meth:`Verifier.verify_session` if authentication failed, + it returns None. + + .. method:: verify_session( bytes_H_AMK ) + + Completes the :class:`User` side of the authentication + process. If the authentication succeded :meth:`authenticated` will + return True
\ No newline at end of file diff --git a/setup.py b/setup.py new file mode 100755 index 0000000..0973908 --- /dev/null +++ b/setup.py @@ -0,0 +1,16 @@ +#!/usr/bin/env python + +from distutils.core import setup +from distutils.extension import Extension + +py_modules = ['_pysrp', '_ctsrp', 'srp'] + +ext_modules = [ Extension('_srp', ['_srp.c',], libraries = ['ssl',]), ] + +setup(name = 'srp', + version = '0.9', + description = 'Secure Remote Password Protocol', + author = 'Tom Cocagne', + author_email = 'tom.cocagne@gmail.com', + py_modules = py_modules, + ext_modules = ext_modules)
\ No newline at end of file @@ -0,0 +1,36 @@ +
+User = None
+Verifier = None
+gen_sv = None
+
+try:
+ import _srp
+ User = _srp.User
+ Verifier = _srp.Verifier
+ gen_sv = _srp.gen_sv
+except ImportError:
+ pass
+
+if not User:
+ try:
+ import _ctsrp
+ User = _ctsrp.User
+ Verifier = _ctsrp.Verifier
+ gen_sv = _ctsrp.gen_sv
+ except ImportError:
+ pass
+
+if not User:
+ import _pysrp
+ User = _pysrp.User
+ Verifier = _pysrp.Verifier
+ gen_sv = _pysrp.gen_sv
+
+
+
+
+
+
+
+
+
\ No newline at end of file diff --git a/test_srp.py b/test_srp.py new file mode 100644 index 0000000..cbfa54a --- /dev/null +++ b/test_srp.py @@ -0,0 +1,76 @@ +#!/usr/bin/python + +NTHREADS = 2 +NTEST = 10 + +import _pysrp +User = _pysrp.User +Verifier = _pysrp.Verifier +gen_sv = _pysrp.gen_sv + +import _ctsrp +#User = _ctsrp.User +#Verifier = _ctsrp.Verifier +#gen_sv = _ctsrp.gen_sv + +import _srp +#User = _srp.User +#Verifier = _srp.Verifier +#gen_sv = _srp.gen_sv + +import srp +#User = srp.User +#Verifier = srp.Verifier +#gen_sv = srp.gen_sv + +username = 'testuser' +password = 'testpassword' + +_s, _v = gen_sv( username, password ) + +def test_one(): + usr = User( username, password ) + uname, A = usr.start_authentication() + + # username, A => server + svr = Verifier( uname, _s, _v, A ) + s,B = svr.get_challenge() + + # s,B => client + M = usr.process_challenge( s, B ) + + # M => server + HAMK = svr.verify_session( M ) + + # HAMK => client + usr.verify_session( HAMK ) + + if not svr.authenticated() or not usr.authenticated(): + raise Exception('Authentication failed!') + +#--------------------------------------------------------------- + +import time +import thread + +NTESTED = 0 + +def test_thread(): + global NTESTED + while NTESTED < NTEST: + test_one() + NTESTED += 1 + +start = time.time() +while NTHREADS > 1: + thread.start_new_thread( test_thread, () ) + NTHREADS -= 1 +test_thread() +duration = time.time() - start + +# Pause briefly to ensure no background threads are still executing +time.sleep(0.1) + +print 'Total time: ', duration +print 'Time per call: ', duration/NTEST + |