From 912f9015f066b135c577abcc5ae3c5cdf2d4672e Mon Sep 17 00:00:00 2001 From: tcocagne Date: Thu, 14 Mar 2013 22:23:04 -0500 Subject: Cleaned up code for rehosting on github --- LICENSE | 40 ++++++++++----------- README.md | 120 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ README.txt | 33 ----------------- 3 files changed, 138 insertions(+), 55 deletions(-) create mode 100644 README.md delete mode 100644 README.txt diff --git a/LICENSE b/LICENSE index 9431bf6..c08bbd0 100644 --- a/LICENSE +++ b/LICENSE @@ -1,25 +1,21 @@ -Copyright (c) 2010, Tom Cocagne -All rights reserved. +The MIT License (MIT) -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the Python Software Foundation nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. +Copyright (c) 2012 Tom Cocagne -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL TOM COCAGNE BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies +of the Software, and to permit persons to whom the Software is furnished to do +so, subject to the following conditions: +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..1aa227e --- /dev/null +++ b/README.md @@ -0,0 +1,120 @@ +pysrp +===== +Tom Cocagne <tom.cocagne@gmail.com> + +pysrp provides a Python implementation of the [Secure Remote Password +protocol](http://srp.stanford.edu/) (SRP). + + +SRP Overview +------------ + +SRP is a cryptographically strong authentication +protocol for password-based, mutual authentication over an insecure +network connection. + +Unlike other common challenge-response autentication protocols, such +as Kereros and SSL, SRP does not rely on an external infrastructure +of trusted key servers or certificate management. Instead, SRP server +applications use verification keys derived from each user's password +to determine the authenticity of a network connection. + +SRP provides mutual-authentication in that successful authentication +requires both sides of the connection to have knowledge of the +user's password. If the client side lacks the user's password or the +server side lacks the proper verification key, the authentication will +fail. + +Unlike SSL, SRP does not directly encrypt all data flowing through +the authenticated connection. However, successful authentication does +result in a cryptographically strong shared key that can be used +for symmetric-key encryption. + +For a full description of the pysrp package and the SRP protocol, please refer +to the [pysrp documentation](http://pythonhosted.org/srp/) + + +Usage Example +------------- + +```python +import srp + +# The salt and verifier returned from srp.create_salted_verification_key() should be +# stored on the server. +salt, vkey = srp.create_salted_verification_key( 'testuser', 'testpassword' ) + +class AuthenticationFailed (Exception): + pass + +# ~~~ Begin Authentication ~~~ + +usr = srp.User( 'testuser', 'testpassword' ) +uname, A = usr.start_authentication() + +# The authentication process can fail at each step from this +# point on. To comply with the SRP protocol, the authentication +# process should be aborted on the first failure. + +# Client => Server: username, A +svr = srp.Verifier( uname, salt, vkey, A ) +s,B = svr.get_challenge() + +if s is None or B is None: + raise AuthenticationFailed() + +# Server => Client: s, B +M = usr.process_challenge( s, B ) + +if M is None: + raise AuthenticationFailed() + +# Client => Server: M +HAMK = svr.verify_session( M ) + +if HAMK is None: + raise AuthenticationFailed() + +# Server => Client: HAMK +usr.verify_session( HAMK ) + +# At this point the authentication process is complete. + +assert usr.authenticated() +assert svr.authenticated() +``` + +Installation +------------ + +``` +$ pip install srp +``` + +Implementation +-------------- + +It consists of 3 modules: A pure Python implementation, A ctypes + +OpenSSL implementation, and a C extension module. The ctypes & +extension modules are approximately 10-20x faster than the pure Python +implementation and can take advantage of multiple CPUs. The extension +module will be used if available, otherwise the library will fall back +to the ctypes implementation followed by the pure Python +implementation. + +Note: The test_srp.py script prints the performance timings for each +combination of hash algorithm and prime number size. This may be of +use in deciding which pair of parameters to use in the unlikely +event that the defaults are unacceptable. + +Installation: + python setup.py install + +Documentation: + cd srp/doc + sphinx-build -b html . + +Validity & Performance Testing: + python setup.py build + python test_srp.py + diff --git a/README.txt b/README.txt deleted file mode 100644 index 4902c9f..0000000 --- a/README.txt +++ /dev/null @@ -1,33 +0,0 @@ - -This package provides an implementation of the Secure Remote -Password protocol (SRP). SRP is a cryptographically -strong authentication protocol for password-based, mutual -authentication over an insecure network connection. - -It consists of 3 modules: A pure Python implementation, A ctypes + -OpenSSL implementation, and a C extension module. The ctypes & -extension modules are approximately 10-20x faster than the pure Python -implementation and can take advantage of multiple CPUs. The extension -module will be used if available, otherwise the library will fall back -to the ctypes implementation followed by the pure Python -implementation. - -Note: The test_srp.py script prints the performance timings for each -combination of hash algorithm and prime number size. This may be of -use in deciding which pair of parameters to use in the unlikely -event that the defaults are unacceptable. - -Installation: - python setup.py install - -Validity & Performance Testing: - python setup.py build - python test_srp.py - -Documentation: - cd srp/doc - sphinx-build -b html . - - -** Note: The Sphinx documentation system is easy-installable: - easy-install sphinx -- cgit v1.2.3