From f61bbe69fa3593c2a60bf296add756e920941eeb Mon Sep 17 00:00:00 2001 From: Tom Cocagne Date: Tue, 30 Nov 2010 16:18:44 -0500 Subject: added parameter error checking --- _ctsrp.py | 10 ++++++++++ _pysrp.py | 7 ++++++- _srp.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++------ test_srp.py | 28 ++++++++++++++++++++------ 4 files changed, 97 insertions(+), 13 deletions(-) diff --git a/_ctsrp.py b/_ctsrp.py index 57b8283..83eccb7 100644 --- a/_ctsrp.py +++ b/_ctsrp.py @@ -281,6 +281,8 @@ def get_ngk( hash_class, ng_type, n_hex, g_hex ): def gen_sv( username, password, hash_alg=SHA1, ng_type=NG_1024, n_hex=None, g_hex=None ): + if ng_type == NG_CUSTOM and (n_hex is None or g_hex is None): + raise ValueError("Both n_hex and g_hex are required when ng_type = NG_CUSTOM") s = BN_new() v = BN_new() x = BN_new() @@ -312,6 +314,8 @@ def gen_sv( username, password, hash_alg=SHA1, ng_type=NG_1024, n_hex=None, g_he class Verifier (object): def __init__(self, username, bytes_s, bytes_v, bytes_A, hash_alg=SHA1, ng_type=NG_1024, n_hex=None, g_hex=None): + if ng_type == NG_CUSTOM and (n_hex is None or g_hex is None): + raise ValueError("Both n_hex and g_hex are required when ng_type = NG_CUSTOM") self.A = BN_new() self.B = BN_new() self.K = None @@ -369,6 +373,8 @@ class Verifier (object): def __del__(self): + if not hasattr(self, 'A'): + return # __init__ threw exception. no clean up required BN_free(self.A) BN_free(self.B) BN_free(self.S) @@ -414,6 +420,8 @@ class Verifier (object): class User (object): def __init__(self, username, password, hash_alg=SHA1, ng_type=NG_1024, n_hex=None, g_hex=None): + if ng_type == NG_CUSTOM and (n_hex is None or g_hex is None): + raise ValueError("Both n_hex and g_hex are required when ng_type = NG_CUSTOM") self.username = username self.password = password self.a = BN_new() @@ -447,6 +455,8 @@ class User (object): def __del__(self): + if not hasattr(self, 'a'): + return # __init__ threw exception. no clean up required BN_free(self.a) BN_free(self.A) BN_free(self.B) diff --git a/_pysrp.py b/_pysrp.py index 4674227..2f21bba 100644 --- a/_pysrp.py +++ b/_pysrp.py @@ -148,6 +148,8 @@ def gen_x( hash_class, salt, username, password ): def gen_sv( username, password, hash_alg=SHA1, ng_type=NG_1024, n_hex=None, g_hex=None ): + if ng_type == NG_CUSTOM and (n_hex is None or g_hex is None): + raise ValueError("Both n_hex and g_hex are required when ng_type = NG_CUSTOM") hash_class = _hash_map[ hash_alg ] N,g = get_ng( ng_type, n_hex, g_hex ) _s = long_to_bytes( get_random( 4 ) ) @@ -181,6 +183,8 @@ def calculate_H_AMK( hash_class, A, M, K ): class Verifier (object): def __init__(self, username, bytes_s, bytes_v, bytes_A, hash_alg=SHA1, ng_type=NG_1024, n_hex=None, g_hex=None): + if ng_type == NG_CUSTOM and (n_hex is None or g_hex is None): + raise ValueError("Both n_hex and g_hex are required when ng_type = NG_CUSTOM") self.s = bytes_to_long(bytes_s) self.v = bytes_to_long(bytes_v) self.I = username @@ -241,7 +245,8 @@ class Verifier (object): class User (object): def __init__(self, username, password, hash_alg=SHA1, ng_type=NG_1024, n_hex=None, g_hex=None): - + if ng_type == NG_CUSTOM and (n_hex is None or g_hex is None): + raise ValueError("Both n_hex and g_hex are required when ng_type = NG_CUSTOM") N,g = get_ng( ng_type, n_hex, g_hex ) hash_class = _hash_map[ hash_alg ] k = H( hash_class, N, g ) diff --git a/_srp.c b/_srp.c index 1ea3f5e..46b1de2 100644 --- a/_srp.c +++ b/_srp.c @@ -929,9 +929,26 @@ static int ver_init( PyVerifier *self, PyObject *args, PyObject *kwds ) return -1; } - /* The srp_verifier_new command is computationally intensive... ~15ms on a - * 3Ghz x86 CPU. Allowing multiple, simultaneous calls here may speed - * things up for multi-cpu machines + if ( hash_alg < SRP_SHA1 || hash_alg > SRP_SHA512 ) + { + PyErr_SetString(PyExc_ValueError, "Invalid Hash Algorithm"); + return -1; + } + + if ( ng_type < SRP_NG_1024 || ng_type > SRP_NG_CUSTOM ) + { + PyErr_SetString(PyExc_ValueError, "Invalid Prime Number Constant"); + return -1; + } + + if ( ng_type == SRP_NG_CUSTOM && ( !n_hex || !g_hex ) ) + { + PyErr_SetString(PyExc_ValueError, "Both n_hex and g_hex are required when ng_type = NG_CUSTOM"); + return -1; + } + + /* The srp_verifier_new command is computationally intensive. Allowing multiple, + * simultaneous calls here will speed things up for multi-cpu machines */ Py_BEGIN_ALLOW_THREADS self->ver = srp_verifier_new( (SRP_HashAlgorithm) hash_alg, @@ -991,6 +1008,24 @@ static int usr_init( PyUser *self, PyObject *args, PyObject *kwds ) return -1; } + if ( hash_alg < SRP_SHA1 || hash_alg > SRP_SHA512 ) + { + PyErr_SetString(PyExc_ValueError, "Invalid Hash Algorithm"); + return -1; + } + + if ( ng_type < SRP_NG_1024 || ng_type > SRP_NG_CUSTOM ) + { + PyErr_SetString(PyExc_ValueError, "Invalid Prime Number Constant"); + return -1; + } + + if ( ng_type == SRP_NG_CUSTOM && ( !n_hex || !g_hex ) ) + { + PyErr_SetString(PyExc_ValueError, "Both n_hex and g_hex are required when ng_type = NG_CUSTOM"); + return -1; + } + self->usr = srp_user_new( (SRP_HashAlgorithm) hash_alg, (SRP_NGType) ng_type, @@ -1167,9 +1202,9 @@ static PyObject * usr_process_challenge( PyUser * self, PyObject * args ) return NULL; } - /* The srp_user_process_challenge command is computationally intensive... - * ~20ms on a 2Ghz x86 CPU. Allowing multiple, simultaneous calls here will - * speed things up for multi-cpu machines. + /* The srp_user_process_challenge command is computationally intensive. + * Allowing multiple, simultaneous calls here will speed things up on + * multi-cpu machines. */ Py_BEGIN_ALLOW_THREADS srp_user_process_challenge( self->usr, bytes_s, len_s, bytes_B, len_B, @@ -1228,6 +1263,24 @@ static PyObject * py_gen_sv( PyObject *self, PyObject *args, PyObject *kwds ) &g_hex) ) return NULL; + + if ( hash_alg < SRP_SHA1 || hash_alg > SRP_SHA512 ) + { + PyErr_SetString(PyExc_ValueError, "Invalid Hash Algorithm"); + return NULL; + } + + if ( ng_type < SRP_NG_1024 || ng_type > SRP_NG_CUSTOM ) + { + PyErr_SetString(PyExc_ValueError, "Invalid Prime Number Constant"); + return NULL; + } + + if ( ng_type == SRP_NG_CUSTOM && ( !n_hex || !g_hex ) ) + { + PyErr_SetString(PyExc_ValueError, "Both n_hex and g_hex are required when ng_type = NG_CUSTOM"); + return NULL; + } srp_gen_sv( (SRP_HashAlgorithm) hash_alg, (SRP_NGType) ng_type, diff --git a/test_srp.py b/test_srp.py index f983911..59b7435 100644 --- a/test_srp.py +++ b/test_srp.py @@ -13,13 +13,13 @@ g_mod = _pysrp import _ctsrp u_mod = _ctsrp -#v_mod = _ctsrp +v_mod = _ctsrp #g_mod = _ctsrp try: import _srp u_mod = _srp - v_mod = _srp +# v_mod = _srp g_mod = _srp except: print 'C-module not available' @@ -32,20 +32,36 @@ Verifier = v_mod.Verifier gen_sv = g_mod.gen_sv HASH = srp.SHA256 -NG = srp.NG_2048 +NG = srp.NG_CUSTOM username = 'testuser' password = 'testpassword' -_s, _v = gen_sv( username, password, hash_alg=HASH, ng_type=NG ) +n_hex = '' +g_hex = '' + +if NG == srp.NG_CUSTOM: + g_hex = "2" + n_hex = '''\ +AC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4\ +A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF60\ +95179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF\ +747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B907\ +8717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB37861\ +60279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DB\ +FBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73''' + + + +_s, _v = gen_sv( username, password, hash_alg=HASH, ng_type=NG, n_hex=n_hex, g_hex=g_hex ) def test_one(): - usr = User( username, password, hash_alg=HASH, ng_type=NG ) + usr = User( username, password, hash_alg=HASH, ng_type=NG, n_hex=n_hex, g_hex=g_hex ) uname, A = usr.start_authentication() # username, A => server - svr = Verifier( uname, _s, _v, A, hash_alg=HASH, ng_type=NG ) + svr = Verifier( uname, _s, _v, A, hash_alg=HASH, ng_type=NG, n_hex=n_hex, g_hex=g_hex ) s,B = svr.get_challenge() # s,B => client -- cgit v1.2.3