diff options
| author | Brian Warner <warner@lothar.com> | 2017-12-18 23:13:59 -0800 |
|---|---|---|
| committer | Brian Warner <warner@lothar.com> | 2017-12-18 23:13:59 -0800 |
| commit | 1eaedabe6a65abb67844c3da3be8bcdb0939159e (patch) | |
| tree | 8533e79e960d8775e32dd4adf316d1ac46bf7b6f | |
| parent | 3e322cb85003f7bca198da316148b19face7e59d (diff) | |
| download | PAKEs-1eaedabe6a65abb67844c3da3be8bcdb0939159e.tar.xz | |
format everything with rustfmt
| -rw-r--r-- | benches/spake2.rs | 19 | ||||
| -rw-r--r-- | src/lib.rs | 53 | ||||
| -rw-r--r-- | src/spake2.rs | 317 |
3 files changed, 227 insertions, 162 deletions
diff --git a/benches/spake2.rs b/benches/spake2.rs index dbe25dd..d945d5a 100644 --- a/benches/spake2.rs +++ b/benches/spake2.rs @@ -4,7 +4,7 @@ extern crate bencher; extern crate spake2; use bencher::Bencher; -use spake2::{SPAKE2, Ed25519Group}; +use spake2::{Ed25519Group, SPAKE2}; fn spake2_start(bench: &mut Bencher) { bench.iter(|| { @@ -26,19 +26,18 @@ fn spake2_finish(bench: &mut Bencher) { }*/ fn spake2_start_and_finish(bench: &mut Bencher) { - let (_, msg2) = SPAKE2::<Ed25519Group>::start_b(b"password", - b"idA", b"idB"); + let (_, msg2) = SPAKE2::<Ed25519Group>::start_b(b"password", b"idA", b"idB"); let msg2_slice = msg2.as_slice(); bench.iter(|| { - let (s1, _) = SPAKE2::<Ed25519Group>::start_a(b"password", - b"idA", b"idB"); + let (s1, _) = SPAKE2::<Ed25519Group>::start_a(b"password", b"idA", b"idB"); s1.finish(msg2_slice) }) } - -benchmark_group!(benches, - spake2_start, - //spake2_finish, - spake2_start_and_finish); +benchmark_group!( + benches, + spake2_start, + //spake2_finish, + spake2_start_and_finish +); benchmark_main!(benches); @@ -1,9 +1,8 @@ - -extern crate rand; extern crate curve25519_dalek; -extern crate sha2; extern crate hkdf; extern crate num_bigint; +extern crate rand; +extern crate sha2; //extern crate hex; @@ -15,14 +14,12 @@ extern crate hex; #[cfg(test)] mod tests { - use spake2::{SPAKE2, SPAKEErr, Ed25519Group, ErrorType}; + use spake2::{Ed25519Group, ErrorType, SPAKE2, SPAKEErr}; #[test] fn test_basic() { - let (s1, msg1) = SPAKE2::<Ed25519Group>::start_a(b"password", - b"idA", b"idB"); - let (s2, msg2) = SPAKE2::<Ed25519Group>::start_b(b"password", - b"idA", b"idB"); + let (s1, msg1) = SPAKE2::<Ed25519Group>::start_a(b"password", b"idA", b"idB"); + let (s2, msg2) = SPAKE2::<Ed25519Group>::start_b(b"password", b"idA", b"idB"); let key1 = s1.finish(msg2.as_slice()).unwrap(); let key2 = s2.finish(msg1.as_slice()).unwrap(); assert_eq!(key1, key2); @@ -30,10 +27,8 @@ mod tests { #[test] fn test_mismatch() { - let (s1, msg1) = SPAKE2::<Ed25519Group>::start_a(b"password", - b"idA", b"idB"); - let (s2, msg2) = SPAKE2::<Ed25519Group>::start_b(b"password2", - b"idA", b"idB"); + let (s1, msg1) = SPAKE2::<Ed25519Group>::start_a(b"password", b"idA", b"idB"); + let (s2, msg2) = SPAKE2::<Ed25519Group>::start_b(b"password2", b"idA", b"idB"); let key1 = s1.finish(msg2.as_slice()).unwrap(); let key2 = s2.finish(msg1.as_slice()).unwrap(); assert_ne!(key1, key2); @@ -41,37 +36,41 @@ mod tests { #[test] fn test_reflected_message() { - let (s1, msg1) = SPAKE2::<Ed25519Group>::start_a(b"password", - b"idA", b"idB"); + let (s1, msg1) = SPAKE2::<Ed25519Group>::start_a(b"password", b"idA", b"idB"); let r = s1.finish(msg1.as_slice()); - assert_eq!(r.unwrap_err(), SPAKEErr{kind: ErrorType::BadSide}); + assert_eq!( + r.unwrap_err(), + SPAKEErr { + kind: ErrorType::BadSide, + } + ); } #[test] fn test_bad_length() { - let (s1, msg1) = SPAKE2::<Ed25519Group>::start_a(b"password", - b"idA", b"idB"); - let mut msg2 = Vec::<u8>::with_capacity(msg1.len()+1); - msg2.resize(msg1.len()+1, 0u8); + let (s1, msg1) = SPAKE2::<Ed25519Group>::start_a(b"password", b"idA", b"idB"); + let mut msg2 = Vec::<u8>::with_capacity(msg1.len() + 1); + msg2.resize(msg1.len() + 1, 0u8); let r = s1.finish(&msg2); - assert_eq!(r.unwrap_err(), SPAKEErr{kind: ErrorType::WrongLength}); + assert_eq!( + r.unwrap_err(), + SPAKEErr { + kind: ErrorType::WrongLength, + } + ); } #[test] fn test_basic_symmetric() { - let (s1, msg1) = SPAKE2::<Ed25519Group>::start_symmetric(b"password", - b"idS"); - let (s2, msg2) = SPAKE2::<Ed25519Group>::start_symmetric(b"password", - b"idS"); + let (s1, msg1) = SPAKE2::<Ed25519Group>::start_symmetric(b"password", b"idS"); + let (s2, msg2) = SPAKE2::<Ed25519Group>::start_symmetric(b"password", b"idS"); let key1 = s1.finish(msg2.as_slice()).unwrap(); let key2 = s2.finish(msg1.as_slice()).unwrap(); assert_eq!(key1, key2); } - #[test] - fn it_works() { - } + fn it_works() {} #[test] #[should_panic(expected = "nope")] diff --git a/src/spake2.rs b/src/spake2.rs index e92f1c1..382e69d 100644 --- a/src/spake2.rs +++ b/src/spake2.rs @@ -4,8 +4,8 @@ use curve25519_dalek::scalar::Scalar as c2_Scalar; use curve25519_dalek::edwards::ExtendedPoint as c2_Element; use curve25519_dalek::constants::ED25519_BASEPOINT_POINT; use curve25519_dalek::edwards::CompressedEdwardsY; -use rand::{Rng, OsRng}; -use sha2::{Sha256, Digest}; +use rand::{OsRng, Rng}; +use sha2::{Digest, Sha256}; use hkdf::Hkdf; use num_bigint::BigUint; @@ -59,32 +59,33 @@ impl Group for Ed25519Group { // python -c "import binascii, spake2; b=binascii.hexlify(spake2.ParamsEd25519.M.to_bytes()); print(', '.join(['0x'+b[i:i+2] for i in range(0,len(b),2)]))" // 15cfd18e385952982b6a8f8c7854963b58e34388c8e6dae891db756481a02312 CompressedEdwardsY([ - 0x15, 0xcf, 0xd1, 0x8e, 0x38, 0x59, 0x52, 0x98, 0x2b, 0x6a, 0x8f, - 0x8c, 0x78, 0x54, 0x96, 0x3b, 0x58, 0xe3, 0x43, 0x88, 0xc8, 0xe6, - 0xda, 0xe8, 0x91, 0xdb, 0x75, 0x64, 0x81, 0xa0, 0x23, 0x12, - ]).decompress().unwrap() + 0x15, 0xcf, 0xd1, 0x8e, 0x38, 0x59, 0x52, 0x98, 0x2b, 0x6a, 0x8f, 0x8c, 0x78, 0x54, + 0x96, 0x3b, 0x58, 0xe3, 0x43, 0x88, 0xc8, 0xe6, 0xda, 0xe8, 0x91, 0xdb, 0x75, 0x64, + 0x81, 0xa0, 0x23, 0x12, + ]).decompress() + .unwrap() } fn const_n() -> c2_Element { // python -c "import binascii, spake2; b=binascii.hexlify(spake2.ParamsEd25519.N.to_bytes()); print(', '.join(['0x'+b[i:i+2] for i in range(0,len(b),2)]))" // f04f2e7eb734b2a8f8b472eaf9c3c632576ac64aea650b496a8a20ff00e583c3 CompressedEdwardsY([ - 0xf0, 0x4f, 0x2e, 0x7e, 0xb7, 0x34, 0xb2, 0xa8, 0xf8, 0xb4, 0x72, - 0xea, 0xf9, 0xc3, 0xc6, 0x32, 0x57, 0x6a, 0xc6, 0x4a, 0xea, 0x65, - 0x0b, 0x49, 0x6a, 0x8a, 0x20, 0xff, 0x00, 0xe5, 0x83, 0xc3, - ]).decompress().unwrap() - + 0xf0, 0x4f, 0x2e, 0x7e, 0xb7, 0x34, 0xb2, 0xa8, 0xf8, 0xb4, 0x72, 0xea, 0xf9, 0xc3, + 0xc6, 0x32, 0x57, 0x6a, 0xc6, 0x4a, 0xea, 0x65, 0x0b, 0x49, 0x6a, 0x8a, 0x20, 0xff, + 0x00, 0xe5, 0x83, 0xc3, + ]).decompress() + .unwrap() } fn const_s() -> c2_Element { // python -c "import binascii, spake2; b=binascii.hexlify(spake2.ParamsEd25519.S.to_bytes()); print(', '.join(['0x'+b[i:i+2] for i in range(0,len(b),2)]))" // 6f00dae87c1be1a73b5922ef431cd8f57879569c222d22b1cd71e8546ab8e6f1 CompressedEdwardsY([ - 0x6f, 0x00, 0xda, 0xe8, 0x7c, 0x1b, 0xe1, 0xa7, 0x3b, 0x59, 0x22, - 0xef, 0x43, 0x1c, 0xd8, 0xf5, 0x78, 0x79, 0x56, 0x9c, 0x22, 0x2d, - 0x22, 0xb1, 0xcd, 0x71, 0xe8, 0x54, 0x6a, 0xb8, 0xe6, 0xf1, - ]).decompress().unwrap() - + 0x6f, 0x00, 0xda, 0xe8, 0x7c, 0x1b, 0xe1, 0xa7, 0x3b, 0x59, 0x22, 0xef, 0x43, 0x1c, + 0xd8, 0xf5, 0x78, 0x79, 0x56, 0x9c, 0x22, 0x2d, 0x22, 0xb1, 0xcd, 0x71, 0xe8, 0x54, + 0x6a, 0xb8, 0xe6, 0xf1, + ]).decompress() + .unwrap() } fn hash_to_scalar(s: &[u8]) -> c2_Scalar { @@ -103,7 +104,9 @@ impl Group for Ed25519Group { 32 } fn bytes_to_element(b: &[u8]) -> Option<c2_Element> { - if b.len() != 32 { return None; } + if b.len() != 32 { + return None; + } //let mut bytes: [u8; 32] = let mut bytes = [0u8; 32]; bytes.copy_from_slice(b); @@ -141,12 +144,12 @@ fn ed25519_hash_to_scalar(s: &[u8]) -> c2_Scalar { // i = int(h, 16) // i % q - let okm = Hkdf::<Sha256>::new(s, b"").derive(b"SPAKE2 pw", 32+16); + let okm = Hkdf::<Sha256>::new(s, b"").derive(b"SPAKE2 pw", 32 + 16); //println!("expanded: {}{}", "................................", okm.iter().to_hex()); // ok let mut reducible = [0u8; 64]; // little-endian - for (i, x) in okm.iter().enumerate().take(32+16) { - reducible[32+16-1-i] = *x; + for (i, x) in okm.iter().enumerate().take(32 + 16) { + reducible[32 + 16 - 1 - i] = *x; } //println!("reducible: {}", reducible.iter().to_hex()); c2_Scalar::from_bytes_mod_order_wide(&reducible) @@ -156,9 +159,14 @@ fn ed25519_hash_to_scalar(s: &[u8]) -> c2_Scalar { //reduced } -fn ed25519_hash_ab(password_vec: &[u8], id_a: &[u8], id_b: &[u8], - first_msg: &[u8], second_msg: &[u8], key_bytes: &[u8]) - -> Vec<u8> { +fn ed25519_hash_ab( + password_vec: &[u8], + id_a: &[u8], + id_b: &[u8], + first_msg: &[u8], + second_msg: &[u8], + key_bytes: &[u8], +) -> Vec<u8> { assert_eq!(first_msg.len(), 32); assert_eq!(second_msg.len(), 32); // the transcript is fixed-length, made up of 6 32-byte values: @@ -168,7 +176,7 @@ fn ed25519_hash_ab(password_vec: &[u8], id_a: &[u8], id_b: &[u8], // byte 96-127 : X_msg // byte 128-159: Y_msg // byte 160-191: K_bytes - let mut transcript = [0u8; 6*32]; + let mut transcript = [0u8; 6 * 32]; let mut pw_hash = Sha256::new(); pw_hash.input(password_vec); @@ -187,16 +195,20 @@ fn ed25519_hash_ab(password_vec: &[u8], id_a: &[u8], id_b: &[u8], transcript[160..192].copy_from_slice(key_bytes); //println!("transcript: {:?}", transcript.iter().to_hex()); - + //let mut hash = G::TranscriptHash::default(); let mut hash = Sha256::new(); hash.input(&transcript); hash.result().to_vec() } -fn ed25519_hash_symmetric(password_vec: &[u8], id_s: &[u8], - msg_u: &[u8], msg_v: &[u8], key_bytes: &[u8]) - -> Vec<u8> { +fn ed25519_hash_symmetric( + password_vec: &[u8], + id_s: &[u8], + msg_u: &[u8], + msg_v: &[u8], + key_bytes: &[u8], +) -> Vec<u8> { assert_eq!(msg_u.len(), 32); assert_eq!(msg_v.len(), 32); // # since we don't know which side is which, we must sort the messages @@ -211,7 +223,7 @@ fn ed25519_hash_symmetric(password_vec: &[u8], id_s: &[u8], // byte 64-95 : X_msg // byte 96-127 : Y_msg // byte 128-159: K_bytes - let mut transcript = [0u8; 5*32]; + let mut transcript = [0u8; 5 * 32]; let mut pw_hash = Sha256::new(); pw_hash.input(password_vec); @@ -242,7 +254,8 @@ enum Side { B, Symmetric, } -pub struct SPAKE2<G: Group> { //where &G::Scalar: Neg { +pub struct SPAKE2<G: Group> { + //where &G::Scalar: Neg { side: Side, xy_scalar: G::Scalar, password_vec: Vec<u8>, @@ -254,10 +267,14 @@ pub struct SPAKE2<G: Group> { //where &G::Scalar: Neg { } impl<G: Group> SPAKE2<G> { - fn start_internal(side: Side, - password: &[u8], - id_a: &[u8], id_b: &[u8], id_s: &[u8], - xy_scalar: G::Scalar) -> (SPAKE2<G>, Vec<u8>) { + fn start_internal( + side: Side, + password: &[u8], + id_a: &[u8], + id_b: &[u8], + id_s: &[u8], + xy_scalar: G::Scalar, + ) -> (SPAKE2<G>, Vec<u8>) { //let password_scalar: G::Scalar = hash_to_scalar::<G::Scalar>(password); let password_scalar: G::Scalar = G::hash_to_scalar(password); @@ -269,8 +286,10 @@ impl<G: Group> SPAKE2<G> { Side::B => G::const_n(), Side::Symmetric => G::const_s(), }; - let m1: G::Element = G::add(&G::basepoint_mult(&xy_scalar), - &G::scalarmult(&blinding, &password_scalar)); + let m1: G::Element = G::add( + &G::basepoint_mult(&xy_scalar), + &G::scalarmult(&blinding, &password_scalar), + ); //let m1: G::Element = &G::basepoint_mult(&x) + &(blinding * &password_scalar); let msg1: Vec<u8> = G::element_to_bytes(&m1); let mut password_vec = Vec::new(); @@ -284,59 +303,66 @@ impl<G: Group> SPAKE2<G> { let mut msg_and_side = Vec::new(); msg_and_side.push(match side { - Side::A => 0x41, // 'A' - Side::B => 0x42, // 'B' + Side::A => 0x41, // 'A' + Side::B => 0x42, // 'B' Side::Symmetric => 0x53, // 'S' }); msg_and_side.extend_from_slice(&msg1); - (SPAKE2 { - side: side, - xy_scalar: xy_scalar, - password_vec: password_vec, // string - id_a: id_a_copy, - id_b: id_b_copy, - id_s: id_s_copy, - msg1: msg1.clone(), - password_scalar: password_scalar, // scalar - }, msg_and_side) + ( + SPAKE2 { + side: side, + xy_scalar: xy_scalar, + password_vec: password_vec, // string + id_a: id_a_copy, + id_b: id_b_copy, + id_s: id_s_copy, + msg1: msg1.clone(), + password_scalar: password_scalar, // scalar + }, + msg_and_side, + ) } - fn start_a_internal(password: &[u8], id_a: &[u8], id_b: &[u8], - xy_scalar: G::Scalar) -> (SPAKE2<G>, Vec<u8>) { - Self::start_internal(Side::A, - password, id_a, id_b, b"", xy_scalar) + fn start_a_internal( + password: &[u8], + id_a: &[u8], + id_b: &[u8], + xy_scalar: G::Scalar, + ) -> (SPAKE2<G>, Vec<u8>) { + Self::start_internal(Side::A, password, id_a, id_b, b"", xy_scalar) } - fn start_b_internal(password: &[u8], id_a: &[u8], id_b: &[u8], - xy_scalar: G::Scalar) -> (SPAKE2<G>, Vec<u8>) { - Self::start_internal(Side::B, - password, id_a, id_b, b"", xy_scalar) + fn start_b_internal( + password: &[u8], + id_a: &[u8], + id_b: &[u8], + xy_scalar: G::Scalar, + ) -> (SPAKE2<G>, Vec<u8>) { + Self::start_internal(Side::B, password, id_a, id_b, b"", xy_scalar) } - fn start_symmetric_internal(password: &[u8], id_s: &[u8], - xy_scalar: G::Scalar) -> (SPAKE2<G>, Vec<u8>) { - Self::start_internal(Side::Symmetric, - password, b"", b"", id_s, xy_scalar) + fn start_symmetric_internal( + password: &[u8], + id_s: &[u8], + xy_scalar: G::Scalar, + ) -> (SPAKE2<G>, Vec<u8>) { + Self::start_internal(Side::Symmetric, password, b"", b"", id_s, xy_scalar) } - - pub fn start_a(password: &[u8], id_a: &[u8], id_b: &[u8]) - -> (SPAKE2<G>, Vec<u8>) { + pub fn start_a(password: &[u8], id_a: &[u8], id_b: &[u8]) -> (SPAKE2<G>, Vec<u8>) { let mut cspring: OsRng = OsRng::new().unwrap(); let xy_scalar: G::Scalar = G::random_scalar(&mut cspring); Self::start_a_internal(password, id_a, id_b, xy_scalar) } - pub fn start_b(password: &[u8], id_a: &[u8], id_b: &[u8]) - -> (SPAKE2<G>, Vec<u8>) { + pub fn start_b(password: &[u8], id_a: &[u8], id_b: &[u8]) -> (SPAKE2<G>, Vec<u8>) { let mut cspring: OsRng = OsRng::new().unwrap(); let xy_scalar: G::Scalar = G::random_scalar(&mut cspring); Self::start_b_internal(password, id_a, id_b, xy_scalar) } - pub fn start_symmetric(password: &[u8], id_s: &[u8]) - -> (SPAKE2<G>, Vec<u8>) { + pub fn start_symmetric(password: &[u8], id_s: &[u8]) -> (SPAKE2<G>, Vec<u8>) { let mut cspring: OsRng = OsRng::new().unwrap(); let xy_scalar: G::Scalar = G::random_scalar(&mut cspring); Self::start_symmetric_internal(password, id_s, xy_scalar) @@ -344,28 +370,46 @@ impl<G: Group> SPAKE2<G> { pub fn finish(self, msg2: &[u8]) -> Result<Vec<u8>, SPAKEErr> { if msg2.len() != 1 + G::element_length() { - return Err(SPAKEErr{kind: ErrorType::WrongLength}); + return Err(SPAKEErr { + kind: ErrorType::WrongLength, + }); } let msg_side = msg2[0]; match self.side { Side::A => match msg_side { 0x42 => (), // 'B' - _ => return Err(SPAKEErr{kind: ErrorType::BadSide}), + _ => { + return Err(SPAKEErr { + kind: ErrorType::BadSide, + }) + } }, Side::B => match msg_side { 0x41 => (), // 'A' - _ => return Err(SPAKEErr{kind: ErrorType::BadSide}), + _ => { + return Err(SPAKEErr { + kind: ErrorType::BadSide, + }) + } }, Side::Symmetric => match msg_side { 0x53 => (), // 'S' - _ => return Err(SPAKEErr{kind: ErrorType::BadSide}), + _ => { + return Err(SPAKEErr { + kind: ErrorType::BadSide, + }) + } }, } let msg2_element = match G::bytes_to_element(&msg2[1..]) { Some(x) => x, - None => {return Err(SPAKEErr{kind: ErrorType::CorruptMessage})}, + None => { + return Err(SPAKEErr { + kind: ErrorType::CorruptMessage, + }) + } }; // a: K = (Y+N*(-pw))*x @@ -375,8 +419,7 @@ impl<G: Group> SPAKE2<G> { Side::B => G::const_m(), Side::Symmetric => G::const_s(), }; - let tmp1 = G::scalarmult(&unblinding, - &G::scalar_neg(&self.password_scalar)); + let tmp1 = G::scalarmult(&unblinding, &G::scalar_neg(&self.password_scalar)); let tmp2 = G::add(&msg2_element, &tmp1); let key_element = G::scalarmult(&tmp2, &self.xy_scalar); let key_bytes = G::element_to_bytes(&key_element); @@ -389,23 +432,33 @@ impl<G: Group> SPAKE2<G> { // note that both sides must use the same order Ok(match self.side { - Side::A => ed25519_hash_ab(&self.password_vec, - &self.id_a, &self.id_b, - self.msg1.as_slice(), &msg2[1..], - &key_bytes), - Side::B => ed25519_hash_ab(&self.password_vec, - &self.id_a, &self.id_b, - &msg2[1..], self.msg1.as_slice(), - &key_bytes), - Side::Symmetric => ed25519_hash_symmetric(&self.password_vec, - &self.id_s, - &self.msg1, &msg2[1..], - &key_bytes), + Side::A => ed25519_hash_ab( + &self.password_vec, + &self.id_a, + &self.id_b, + self.msg1.as_slice(), + &msg2[1..], + &key_bytes, + ), + Side::B => ed25519_hash_ab( + &self.password_vec, + &self.id_a, + &self.id_b, + &msg2[1..], + self.msg1.as_slice(), + &key_bytes, + ), + Side::Symmetric => ed25519_hash_symmetric( + &self.password_vec, + &self.id_s, + &self.msg1, + &msg2[1..], + &key_bytes, + ), }) } } - #[cfg(test)] mod test { /* This compares results against the python compatibility tests: @@ -414,7 +467,7 @@ mod test { "random_scalar()" function, which results in some particular scalar. */ use curve25519_dalek::constants::ED25519_BASEPOINT_POINT; - use spake2::{SPAKE2, Ed25519Group}; + use spake2::{Ed25519Group, SPAKE2}; use hex; use super::*; @@ -424,14 +477,15 @@ mod test { #[test] fn test_convert() { - let t1_decimal = b"2238329342913194256032495932344128051776374960164957527413114840482143558222"; + let t1_decimal = + b"2238329342913194256032495932344128051776374960164957527413114840482143558222"; let t1_scalar = decimal_to_scalar(t1_decimal); let t1_bytes = t1_scalar.to_bytes(); - let expected = - [0x4e, 0x5a, 0xb4, 0x34, 0x5d, 0x47, 0x08, 0x84, - 0x59, 0x13, 0xb4, 0x64, 0x1b, 0xc2, 0x7d, 0x52, - 0x52, 0xa5, 0x85, 0x10, 0x1b, 0xcc, 0x42, 0x44, - 0xd4, 0x49, 0xf4, 0xa8, 0x79, 0xd9, 0xf2, 0x04]; + let expected = [ + 0x4e, 0x5a, 0xb4, 0x34, 0x5d, 0x47, 0x08, 0x84, 0x59, 0x13, 0xb4, 0x64, 0x1b, 0xc2, + 0x7d, 0x52, 0x52, 0xa5, 0x85, 0x10, 0x1b, 0xcc, 0x42, 0x44, 0xd4, 0x49, 0xf4, 0xa8, + 0x79, 0xd9, 0xf2, 0x04, + ]; assert_eq!(t1_bytes, expected); //println!("t1_scalar is {:?}", t1_scalar); } @@ -450,7 +504,9 @@ mod test { #[test] fn test_password_to_scalar() { let password = b"password"; - let expected_pw_scalar = decimal_to_scalar(b"3515301705789368674385125653994241092664323519848410154015274772661223168839"); + let expected_pw_scalar = decimal_to_scalar( + b"3515301705789368674385125653994241092664323519848410154015274772661223168839", + ); let pw_scalar = Ed25519Group::hash_to_scalar(password); println!("exp: {:?}", hex::encode(expected_pw_scalar.as_bytes())); println!("got: {:?}", hex::encode(pw_scalar.as_bytes())); @@ -459,23 +515,19 @@ mod test { #[test] fn test_sizes() { - let (s1, msg1) = SPAKE2::<Ed25519Group>::start_a(b"password", b"idA", - b"idB"); - assert_eq!(msg1.len(), 1+32); - let (s2, msg2) = SPAKE2::<Ed25519Group>::start_b(b"password", b"idA", - b"idB"); - assert_eq!(msg2.len(), 1+32); + let (s1, msg1) = SPAKE2::<Ed25519Group>::start_a(b"password", b"idA", b"idB"); + assert_eq!(msg1.len(), 1 + 32); + let (s2, msg2) = SPAKE2::<Ed25519Group>::start_b(b"password", b"idA", b"idB"); + assert_eq!(msg2.len(), 1 + 32); let key1 = s1.finish(&msg2).unwrap(); let key2 = s2.finish(&msg1).unwrap(); assert_eq!(key1.len(), 32); assert_eq!(key2.len(), 32); - let (s1, msg1) = SPAKE2::<Ed25519Group>::start_symmetric(b"password", - b"idS"); - assert_eq!(msg1.len(), 1+32); - let (s2, msg2) = SPAKE2::<Ed25519Group>::start_symmetric(b"password", - b"idS"); - assert_eq!(msg2.len(), 1+32); + let (s1, msg1) = SPAKE2::<Ed25519Group>::start_symmetric(b"password", b"idS"); + assert_eq!(msg1.len(), 1 + 32); + let (s2, msg2) = SPAKE2::<Ed25519Group>::start_symmetric(b"password", b"idS"); + assert_eq!(msg2.len(), 1 + 32); let key1 = s1.finish(&msg2).unwrap(); let key2 = s2.finish(&msg1).unwrap(); assert_eq!(key1.len(), 32); @@ -486,10 +538,12 @@ mod test { fn test_hash_ab() { let key = ed25519_hash_ab( b"pw", - b"idA", b"idB", + b"idA", + b"idB", b"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", // len=32 b"YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY", - b"KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK"); + b"KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK", + ); let expected_key = "d59d9ba920f7092565cec747b08d5b2e981d553ac32fde0f25e5b4a4cfca3efd"; assert_eq!(hex::encode(key), expected_key); } @@ -497,24 +551,32 @@ mod test { #[test] fn test_hash_symmetric() { let key = ed25519_hash_symmetric( - b"pw", b"idSymmetric", + b"pw", + b"idSymmetric", b"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", b"YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY", - b"KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK"); + b"KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK", + ); let expected_key = "b0b31e4401aae37d91a9a8bf6fbb1298cafc005ff9142e3ffc5b9799fb11128b"; assert_eq!(hex::encode(key), expected_key); } #[test] fn test_asymmetric() { - let scalar_a = decimal_to_scalar(b"2611694063369306139794446498317402240796898290761098242657700742213257926693"); - let scalar_b = decimal_to_scalar(b"7002393159576182977806091886122272758628412261510164356026361256515836884383"); - let expected_pw_scalar = decimal_to_scalar(b"3515301705789368674385125653994241092664323519848410154015274772661223168839"); + let scalar_a = decimal_to_scalar( + b"2611694063369306139794446498317402240796898290761098242657700742213257926693", + ); + let scalar_b = decimal_to_scalar( + b"7002393159576182977806091886122272758628412261510164356026361256515836884383", + ); + let expected_pw_scalar = decimal_to_scalar( + b"3515301705789368674385125653994241092664323519848410154015274772661223168839", + ); println!("scalar_a is {}", hex::encode(scalar_a.as_bytes())); - let (s1, msg1) = SPAKE2::<Ed25519Group>::start_a_internal( - b"password", b"idA", b"idB", scalar_a); + let (s1, msg1) = + SPAKE2::<Ed25519Group>::start_a_internal(b"password", b"idA", b"idB", scalar_a); let expected_msg1 = "416fc960df73c9cf8ed7198b0c9534e2e96a5984bfc5edc023fd24dacf371f2af9"; println!(); @@ -527,22 +589,27 @@ mod test { println!("exp : {:?}", expected_msg1); println!(); - assert_eq!(hex::encode(expected_pw_scalar.as_bytes()), - hex::encode(s1.password_scalar.as_bytes())); + assert_eq!( + hex::encode(expected_pw_scalar.as_bytes()), + hex::encode(s1.password_scalar.as_bytes()) + ); assert_eq!(hex::encode(&msg1), expected_msg1); - let (s2, msg2) = SPAKE2::<Ed25519Group>::start_b_internal( - b"password", b"idA", b"idB", scalar_b); + let (s2, msg2) = + SPAKE2::<Ed25519Group>::start_b_internal(b"password", b"idA", b"idB", scalar_b); assert_eq!(expected_pw_scalar, s2.password_scalar); - assert_eq!(hex::encode(&msg2), - "42354e97b88406922b1df4bea1d7870f17aed3dba7c720b313edae315b00959309"); + assert_eq!( + hex::encode(&msg2), + "42354e97b88406922b1df4bea1d7870f17aed3dba7c720b313edae315b00959309" + ); let key1 = s1.finish(&msg2).unwrap(); let key2 = s2.finish(&msg1).unwrap(); assert_eq!(key1, key2); - assert_eq!(hex::encode(key1), - "712295de7219c675ddd31942184aa26e0a957cf216bc230d165b215047b520c1"); + assert_eq!( + hex::encode(key1), + "712295de7219c675ddd31942184aa26e0a957cf216bc230d165b215047b520c1" + ); } - } |