diff options
| author | Brian Warner <warner@lothar.com> | 2018-10-16 15:14:26 -0700 |
|---|---|---|
| committer | Brian Warner <warner@lothar.com> | 2018-10-16 15:14:26 -0700 |
| commit | 04f891874c8ed66d124456d6a0189ecfc24bd597 (patch) | |
| tree | 18bfcce06f61da5aaee6c8f940d712c0b916dbed | |
| parent | 3fd70bba96746c323881aee4aab2b38ef2eb5b2e (diff) | |
| parent | 5d9ca6ab306e713fc0282aebde5c9196ad86b7ab (diff) | |
| download | PAKEs-04f891874c8ed66d124456d6a0189ecfc24bd597.tar.xz | |
Merge branch 'rustfmt'
| -rw-r--r-- | .travis.yml | 7 | ||||
| -rw-r--r-- | spake2/src/lib.rs | 2 | ||||
| -rw-r--r-- | spake2/src/spake2.rs | 6 | ||||
| -rw-r--r-- | srp/src/client.rs | 73 | ||||
| -rw-r--r-- | srp/src/groups.rs | 4 | ||||
| -rw-r--r-- | srp/src/lib.rs | 6 | ||||
| -rw-r--r-- | srp/src/server.rs | 54 | ||||
| -rw-r--r-- | srp/src/types.rs | 8 | ||||
| -rw-r--r-- | srp/tests/mod.rs | 15 |
9 files changed, 108 insertions, 67 deletions
diff --git a/.travis.yml b/.travis.yml index 88515a8..e12f111 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,6 +4,13 @@ rust: - beta - nightly matrix: + include: + - rust: 1.29.0 # lock down for consistent rustfmt behavior + env: RUSTFMT + install: + - rustup component add rustfmt-preview + script: + - cargo fmt -- --check allow_failures: - rust: nightly script: cargo test --release --verbose --all diff --git a/spake2/src/lib.rs b/spake2/src/lib.rs index c2858ba..d189d9c 100644 --- a/spake2/src/lib.rs +++ b/spake2/src/lib.rs @@ -13,7 +13,7 @@ pub use spake2::*; #[cfg(test)] mod tests { - use spake2::{Ed25519Group, ErrorType, Identity, Password, SPAKE2, SPAKEErr}; + use spake2::{Ed25519Group, ErrorType, Identity, Password, SPAKEErr, SPAKE2}; #[test] fn test_basic() { diff --git a/spake2/src/spake2.rs b/spake2/src/spake2.rs index a258c4c..8f90bdf 100644 --- a/spake2/src/spake2.rs +++ b/spake2/src/spake2.rs @@ -101,7 +101,7 @@ impl Group for Ed25519Group { 0x96, 0x3b, 0x58, 0xe3, 0x43, 0x88, 0xc8, 0xe6, 0xda, 0xe8, 0x91, 0xdb, 0x75, 0x64, 0x81, 0xa0, 0x23, 0x12, ]).decompress() - .unwrap() + .unwrap() } fn const_n() -> c2_Element { @@ -112,7 +112,7 @@ impl Group for Ed25519Group { 0xc6, 0x32, 0x57, 0x6a, 0xc6, 0x4a, 0xea, 0x65, 0x0b, 0x49, 0x6a, 0x8a, 0x20, 0xff, 0x00, 0xe5, 0x83, 0xc3, ]).decompress() - .unwrap() + .unwrap() } fn const_s() -> c2_Element { @@ -123,7 +123,7 @@ impl Group for Ed25519Group { 0xd8, 0xf5, 0x78, 0x79, 0x56, 0x9c, 0x22, 0x2d, 0x22, 0xb1, 0xcd, 0x71, 0xe8, 0x54, 0x6a, 0xb8, 0xe6, 0xf1, ]).decompress() - .unwrap() + .unwrap() } fn hash_to_scalar(s: &[u8]) -> c2_Scalar { diff --git a/srp/src/client.rs b/srp/src/client.rs index a47bb28..ed4a2f6 100644 --- a/srp/src/client.rs +++ b/srp/src/client.rs @@ -1,9 +1,9 @@ //! SRP client implementation. -//! +//! //! # Usage //! First create SRP client struct by passing to it SRP parameters (shared //! between client and server) and randomly generated `a`: -//! +//! //! ```ignore //! use srp::groups::G_2048; //! use sha2::Sha256; @@ -11,21 +11,21 @@ //! let a = rng.gen_iter::<u8>().take(64).collect::<Vec<u8>>(); //! let client = SrpClient::<Sha256>::new(&a, &G_2048); //! ``` -//! +//! //! Next send handshake data (username and `a_pub`) to the server and receive //! `salt` and `b_pub`: -//! +//! //! ```ignore //! let a_pub = client.get_a_pub(); //! let (salt, b_pub) = conn.send_handshake(username, a_pub); //! ``` -//! +//! //! Compute private key using `salt` with any password hashing function. //! You can use method from SRP-6a, but it's recommended to use specialized //! password hashing algorithm instead (e.g. PBKDF2, argon2 or scrypt). //! Next create verifier instance, note that `get_verifier` consumes client and //! can return error in case of malicious `b_pub`. -//! +//! //! ```ignore //! let private_key = srp_private_key::<Sha256>(username, password, salt); //! let verifier = client.get_verifier(&private_key, &b_pub)?; @@ -34,23 +34,23 @@ //! Finally verify the server: first generate user proof, //! send it to the server and verify server proof in the reply. Note that //! `verify_server` method will return error in case of incorrect server reply. -//! +//! //! ```ignore //! let user_proof = verifier.get_proof(); //! let server_proof = conn.send_proof(user_proof); //! let key = verifier.verify_server(server_proof)?; //! ``` -//! +//! //! `key` contains shared secret key between user and the server. Alternatively //! you can directly extract shared secret key using `get_key()` method and //! handle authentification through different (secure!) means (e.g. by using //! authentificated cipher mode). -//! +//! //! For user registration on the server first generate salt (e.g. 32 bytes long) //! and get password verifier which depends on private key. Send useranme, salt //! and password verifier over protected channel to protect against //! Man-in-the-middle (MITM) attack for registration. -//! +//! //! ```ignore //! let pwd_verifier = client.get_password_verifier(&private_key); //! conn.send_registration_data(username, salt, pwd_verifier); @@ -59,9 +59,9 @@ //let buf = rng.gen_iter::<u8>().take(l).collect::<Vec<u8>>(); use std::marker::PhantomData; -use num::{BigUint, Zero}; use digest::Digest; use generic_array::GenericArray; +use num::{BigUint, Zero}; use tools::powm; use types::{SrpAuthError, SrpGroup}; @@ -73,7 +73,7 @@ pub struct SrpClient<'a, D: Digest> { a: BigUint, a_pub: BigUint, - d: PhantomData<D> + d: PhantomData<D>, } /// SRP client state after handshake with the server. @@ -85,9 +85,11 @@ pub struct SrpClientVerifier<D: Digest> { /// Compute user private key as described in the RFC 5054. Consider using proper /// password hashing algorithm instead. -pub fn srp_private_key<D: Digest>(username: &[u8], password: &[u8], salt: &[u8]) - -> GenericArray<u8, D::OutputSize> -{ +pub fn srp_private_key<D: Digest>( + username: &[u8], + password: &[u8], + salt: &[u8], +) -> GenericArray<u8, D::OutputSize> { let p = { let mut d = D::new(); d.input(username); @@ -107,7 +109,12 @@ impl<'a, D: Digest> SrpClient<'a, D> { let a = BigUint::from_bytes_be(a); let a_pub = params.powm(&a); - Self { params, a, a_pub, d: Default::default() } + Self { + params, + a, + a_pub, + d: Default::default(), + } } /// Get password verfier for user registration on the server @@ -117,9 +124,12 @@ impl<'a, D: Digest> SrpClient<'a, D> { v.to_bytes_be() } - fn calc_key(&self, b_pub: &BigUint, x: &BigUint, u: &BigUint) - -> GenericArray<u8, D::OutputSize> - { + fn calc_key( + &self, + b_pub: &BigUint, + x: &BigUint, + u: &BigUint, + ) -> GenericArray<u8, D::OutputSize> { let n = &self.params.n; let k = self.params.compute_k::<D>(); let interm = (k * self.params.powm(x)) % n; @@ -130,14 +140,16 @@ impl<'a, D: Digest> SrpClient<'a, D> { (n + b_pub - &interm) % n }; // S = |B - kg^x| ^ (a + ux) - let s = powm(&v, &(&self.a + (u*x) % n ), n); + let s = powm(&v, &(&self.a + (u * x) % n), n); D::digest(&s.to_bytes_be()) } /// Process server reply to the handshake. - pub fn process_reply(self, private_key: &[u8], b_pub: &[u8]) - -> Result<SrpClientVerifier<D>, SrpAuthError> - { + pub fn process_reply( + self, + private_key: &[u8], + b_pub: &[u8], + ) -> Result<SrpClientVerifier<D>, SrpAuthError> { let u = { let mut d = D::new(); d.input(&self.a_pub.to_bytes_be()); @@ -149,7 +161,9 @@ impl<'a, D: Digest> SrpClient<'a, D> { // Safeguard against malicious B if &b_pub % &self.params.n == BigUint::zero() { - return Err(SrpAuthError{ description: "Malicious b_pub value" }) + return Err(SrpAuthError { + description: "Malicious b_pub value", + }); } let x = BigUint::from_bytes_be(private_key); @@ -200,11 +214,14 @@ impl<D: Digest> SrpClientVerifier<D> { /// Verify server reply to verification data. It will return shared secret /// key in case of success. - pub fn verify_server(self, reply: &[u8]) - -> Result<GenericArray<u8, D::OutputSize>, SrpAuthError> - { + pub fn verify_server( + self, + reply: &[u8], + ) -> Result<GenericArray<u8, D::OutputSize>, SrpAuthError> { if self.server_proof.as_slice() != reply { - Err(SrpAuthError{ description: "Incorrect server proof" }) + Err(SrpAuthError { + description: "Incorrect server proof", + }) } else { Ok(self.key) } diff --git a/srp/src/groups.rs b/srp/src/groups.rs index fbdeffb..90b5209 100644 --- a/srp/src/groups.rs +++ b/srp/src/groups.rs @@ -1,10 +1,10 @@ //! Groups from [RFC 5054](https://tools.ietf.org/html/rfc5054) -//! +//! //! It is strongly recommended to use them instead of custom generated //! groups. Additionally it is not recommended to use `G_1024` and `G_1536`, //! they are provided only for compatibility with the legacy software. -use types::SrpGroup; use num::BigUint; +use types::SrpGroup; lazy_static! { pub static ref G_1024: SrpGroup = SrpGroup { diff --git a/srp/src/lib.rs b/srp/src/lib.rs index 472b197..8e2f1f7 100644 --- a/srp/src/lib.rs +++ b/srp/src/lib.rs @@ -63,17 +63,17 @@ //! //! [1]: https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol //! [2]: https://tools.ietf.org/html/rfc5054 -extern crate num; extern crate digest; extern crate generic_array; +extern crate num; #[macro_use] extern crate lazy_static; #[cfg(test)] extern crate sha_1; -mod tools; pub mod client; +pub mod groups; pub mod server; +mod tools; pub mod types; -pub mod groups; diff --git a/srp/src/server.rs b/srp/src/server.rs index 137d6b3..a5d49ab 100644 --- a/srp/src/server.rs +++ b/srp/src/server.rs @@ -4,7 +4,7 @@ //! First receive user's username and public value `a_pub`, retrieve from a //! database `UserRecord` for a given username, generate `b` (e.g. 512 bits //! long) and initialize SRP server instance: -//! +//! //! ```ignore //! use srp::groups::G_2048; //! @@ -13,31 +13,31 @@ //! let b = rng.gen_iter::<u8>().take(64).collect::<Vec<u8>>(); //! let server = SrpServer::<Sha256>::new(&user, &a_pub, &b, &G_2048)?; //! ``` -//! +//! //! Next send to user `b_pub` and `salt` from user record: -//! +//! //! ```ignore //! let b_pub = server.get_b_pub(); //! conn.reply_to_handshake(&user.salt, b_pub); //! ``` -//! +//! //! And finally recieve user proof, verify it and send server proof in the //! reply: -//! +//! //! ```ignore //! let user_proof = conn.receive_proof(); //! let server_proof = server.verify(user_proof)?; //! conn.send_proof(server_proof); //! ``` -//! +//! //! To get the shared secret use `get_key` method. As alternative to using //! `verify` method it's also possible to use this key for authentificated //! encryption. use std::marker::PhantomData; -use num::{BigUint, Zero}; use digest::Digest; use generic_array::GenericArray; +use num::{BigUint, Zero}; use tools::powm; use types::{SrpAuthError, SrpGroup}; @@ -58,21 +58,26 @@ pub struct SrpServer<D: Digest> { key: GenericArray<u8, D::OutputSize>, - d: PhantomData<D> + d: PhantomData<D>, } -impl< D: Digest> SrpServer< D> { +impl<D: Digest> SrpServer<D> { /// Create new server state. - pub fn new(user: &UserRecord, a_pub: &[u8], b: &[u8], params: &SrpGroup) - -> Result<Self, SrpAuthError> - { + pub fn new( + user: &UserRecord, + a_pub: &[u8], + b: &[u8], + params: &SrpGroup, + ) -> Result<Self, SrpAuthError> { let a_pub = BigUint::from_bytes_be(a_pub); // Safeguard against malicious A if &a_pub % ¶ms.n == BigUint::zero() { - return Err(SrpAuthError { description: "Malicious a_pub value" }) + return Err(SrpAuthError { + description: "Malicious a_pub value", + }); } let v = BigUint::from_bytes_be(user.verifier); - let b = BigUint::from_bytes_be(b) % ¶ms.n; + let b = BigUint::from_bytes_be(b) % ¶ms.n; let k = params.compute_k::<D>(); // kv + g^b let interm = (k * &v) % ¶ms.n; @@ -87,12 +92,18 @@ impl< D: Digest> SrpServer< D> { let d = Default::default(); //(Av^u) ^ b let key = { - let u = BigUint::from_bytes_be(&u); + let u = BigUint::from_bytes_be(&u); let t = (&a_pub * powm(&v, &u, ¶ms.n)) % ¶ms.n; let s = powm(&t, &b, ¶ms.n); D::digest(&s.to_bytes_be()) }; - Ok(Self { b, a_pub, b_pub, key, d}) + Ok(Self { + b, + a_pub, + b_pub, + key, + d, + }) } /// Get private `b` value. (see `new_with_b` documentation) @@ -113,9 +124,10 @@ impl< D: Digest> SrpServer< D> { /// Process user proof of having the same shared secret and compute /// server proof for sending to the user. - pub fn verify(&self, user_proof: &[u8]) - -> Result<GenericArray<u8, D::OutputSize>, SrpAuthError> - { + pub fn verify( + &self, + user_proof: &[u8], + ) -> Result<GenericArray<u8, D::OutputSize>, SrpAuthError> { // M = H(A, B, K) let mut d = D::new(); d.input(&self.a_pub.to_bytes_be()); @@ -130,7 +142,9 @@ impl< D: Digest> SrpServer< D> { d.input(&self.key); Ok(d.result()) } else { - Err(SrpAuthError { description: "Incorrect user proof" }) + Err(SrpAuthError { + description: "Incorrect user proof", + }) } } } diff --git a/srp/src/types.rs b/srp/src/types.rs index 810132c..e8024fc 100644 --- a/srp/src/types.rs +++ b/srp/src/types.rs @@ -1,13 +1,13 @@ //! Additional SRP types. -use std::{fmt, error}; +use digest::Digest; use num::BigUint; +use std::{error, fmt}; use tools::powm; -use digest::Digest; /// SRP authentification error. #[derive(Debug, Copy, Clone, Eq, PartialEq)] pub struct SrpAuthError { - pub(crate) description: &'static str + pub(crate) description: &'static str, } impl fmt::Display for SrpAuthError { @@ -53,7 +53,7 @@ impl SrpGroup { #[cfg(test)] mod tests { - use ::groups::G_1024; + use groups::G_1024; use sha_1::Sha1; #[test] diff --git a/srp/tests/mod.rs b/srp/tests/mod.rs index 4389f82..d735480 100644 --- a/srp/tests/mod.rs +++ b/srp/tests/mod.rs @@ -1,13 +1,13 @@ extern crate num; -extern crate sha2; extern crate rand; +extern crate sha2; extern crate srp; -use sha2::Sha256; use rand::Rng; +use sha2::Sha256; +use srp::client::{srp_private_key, SrpClient}; use srp::groups::G_2048; -use srp::client::{SrpClient, srp_private_key }; use srp::server::{SrpServer, UserRecord}; fn auth_test(reg_pwd: &[u8], auth_pwd: &[u8]) { @@ -27,10 +27,13 @@ fn auth_test(reg_pwd: &[u8], auth_pwd: &[u8]) { let a_pub = client.get_a_pub(); // Server retrieve user record from db and processes handshake - let user = UserRecord { username, salt: &salt, verifier: &verif }; + let user = UserRecord { + username, + salt: &salt, + verifier: &verif, + }; let b = rng.gen_iter::<u8>().take(64).collect::<Vec<u8>>(); - let server = SrpServer::<Sha256>::new(&user, &a_pub, &b, &G_2048) - .unwrap(); + let server = SrpServer::<Sha256>::new(&user, &a_pub, &b, &G_2048).unwrap(); let (salt, b_pub) = (&user.salt, server.get_b_pub()); // Client processes handshake reply |