diff options
author | Brian Warner <warner@lothar.com> | 2018-10-16 15:07:07 -0700 |
---|---|---|
committer | Brian Warner <warner@lothar.com> | 2018-10-16 15:11:15 -0700 |
commit | 5d9ca6ab306e713fc0282aebde5c9196ad86b7ab (patch) | |
tree | 18bfcce06f61da5aaee6c8f940d712c0b916dbed /srp/src/client.rs | |
parent | 6516978c0baa72df8ad0b6b66c07081eaa47cb18 (diff) | |
download | PAKEs-5d9ca6ab306e713fc0282aebde5c9196ad86b7ab.tar.xz |
reformat all code to match rustfmt-1.29.0
Diffstat (limited to 'srp/src/client.rs')
-rw-r--r-- | srp/src/client.rs | 73 |
1 files changed, 45 insertions, 28 deletions
diff --git a/srp/src/client.rs b/srp/src/client.rs index a47bb28..ed4a2f6 100644 --- a/srp/src/client.rs +++ b/srp/src/client.rs @@ -1,9 +1,9 @@ //! SRP client implementation. -//! +//! //! # Usage //! First create SRP client struct by passing to it SRP parameters (shared //! between client and server) and randomly generated `a`: -//! +//! //! ```ignore //! use srp::groups::G_2048; //! use sha2::Sha256; @@ -11,21 +11,21 @@ //! let a = rng.gen_iter::<u8>().take(64).collect::<Vec<u8>>(); //! let client = SrpClient::<Sha256>::new(&a, &G_2048); //! ``` -//! +//! //! Next send handshake data (username and `a_pub`) to the server and receive //! `salt` and `b_pub`: -//! +//! //! ```ignore //! let a_pub = client.get_a_pub(); //! let (salt, b_pub) = conn.send_handshake(username, a_pub); //! ``` -//! +//! //! Compute private key using `salt` with any password hashing function. //! You can use method from SRP-6a, but it's recommended to use specialized //! password hashing algorithm instead (e.g. PBKDF2, argon2 or scrypt). //! Next create verifier instance, note that `get_verifier` consumes client and //! can return error in case of malicious `b_pub`. -//! +//! //! ```ignore //! let private_key = srp_private_key::<Sha256>(username, password, salt); //! let verifier = client.get_verifier(&private_key, &b_pub)?; @@ -34,23 +34,23 @@ //! Finally verify the server: first generate user proof, //! send it to the server and verify server proof in the reply. Note that //! `verify_server` method will return error in case of incorrect server reply. -//! +//! //! ```ignore //! let user_proof = verifier.get_proof(); //! let server_proof = conn.send_proof(user_proof); //! let key = verifier.verify_server(server_proof)?; //! ``` -//! +//! //! `key` contains shared secret key between user and the server. Alternatively //! you can directly extract shared secret key using `get_key()` method and //! handle authentification through different (secure!) means (e.g. by using //! authentificated cipher mode). -//! +//! //! For user registration on the server first generate salt (e.g. 32 bytes long) //! and get password verifier which depends on private key. Send useranme, salt //! and password verifier over protected channel to protect against //! Man-in-the-middle (MITM) attack for registration. -//! +//! //! ```ignore //! let pwd_verifier = client.get_password_verifier(&private_key); //! conn.send_registration_data(username, salt, pwd_verifier); @@ -59,9 +59,9 @@ //let buf = rng.gen_iter::<u8>().take(l).collect::<Vec<u8>>(); use std::marker::PhantomData; -use num::{BigUint, Zero}; use digest::Digest; use generic_array::GenericArray; +use num::{BigUint, Zero}; use tools::powm; use types::{SrpAuthError, SrpGroup}; @@ -73,7 +73,7 @@ pub struct SrpClient<'a, D: Digest> { a: BigUint, a_pub: BigUint, - d: PhantomData<D> + d: PhantomData<D>, } /// SRP client state after handshake with the server. @@ -85,9 +85,11 @@ pub struct SrpClientVerifier<D: Digest> { /// Compute user private key as described in the RFC 5054. Consider using proper /// password hashing algorithm instead. -pub fn srp_private_key<D: Digest>(username: &[u8], password: &[u8], salt: &[u8]) - -> GenericArray<u8, D::OutputSize> -{ +pub fn srp_private_key<D: Digest>( + username: &[u8], + password: &[u8], + salt: &[u8], +) -> GenericArray<u8, D::OutputSize> { let p = { let mut d = D::new(); d.input(username); @@ -107,7 +109,12 @@ impl<'a, D: Digest> SrpClient<'a, D> { let a = BigUint::from_bytes_be(a); let a_pub = params.powm(&a); - Self { params, a, a_pub, d: Default::default() } + Self { + params, + a, + a_pub, + d: Default::default(), + } } /// Get password verfier for user registration on the server @@ -117,9 +124,12 @@ impl<'a, D: Digest> SrpClient<'a, D> { v.to_bytes_be() } - fn calc_key(&self, b_pub: &BigUint, x: &BigUint, u: &BigUint) - -> GenericArray<u8, D::OutputSize> - { + fn calc_key( + &self, + b_pub: &BigUint, + x: &BigUint, + u: &BigUint, + ) -> GenericArray<u8, D::OutputSize> { let n = &self.params.n; let k = self.params.compute_k::<D>(); let interm = (k * self.params.powm(x)) % n; @@ -130,14 +140,16 @@ impl<'a, D: Digest> SrpClient<'a, D> { (n + b_pub - &interm) % n }; // S = |B - kg^x| ^ (a + ux) - let s = powm(&v, &(&self.a + (u*x) % n ), n); + let s = powm(&v, &(&self.a + (u * x) % n), n); D::digest(&s.to_bytes_be()) } /// Process server reply to the handshake. - pub fn process_reply(self, private_key: &[u8], b_pub: &[u8]) - -> Result<SrpClientVerifier<D>, SrpAuthError> - { + pub fn process_reply( + self, + private_key: &[u8], + b_pub: &[u8], + ) -> Result<SrpClientVerifier<D>, SrpAuthError> { let u = { let mut d = D::new(); d.input(&self.a_pub.to_bytes_be()); @@ -149,7 +161,9 @@ impl<'a, D: Digest> SrpClient<'a, D> { // Safeguard against malicious B if &b_pub % &self.params.n == BigUint::zero() { - return Err(SrpAuthError{ description: "Malicious b_pub value" }) + return Err(SrpAuthError { + description: "Malicious b_pub value", + }); } let x = BigUint::from_bytes_be(private_key); @@ -200,11 +214,14 @@ impl<D: Digest> SrpClientVerifier<D> { /// Verify server reply to verification data. It will return shared secret /// key in case of success. - pub fn verify_server(self, reply: &[u8]) - -> Result<GenericArray<u8, D::OutputSize>, SrpAuthError> - { + pub fn verify_server( + self, + reply: &[u8], + ) -> Result<GenericArray<u8, D::OutputSize>, SrpAuthError> { if self.server_proof.as_slice() != reply { - Err(SrpAuthError{ description: "Incorrect server proof" }) + Err(SrpAuthError { + description: "Incorrect server proof", + }) } else { Ok(self.key) } |