aboutsummaryrefslogtreecommitdiff
path: root/srp/src/client.rs
diff options
context:
space:
mode:
authorBrian Warner <warner@lothar.com>2018-10-16 15:07:07 -0700
committerBrian Warner <warner@lothar.com>2018-10-16 15:11:15 -0700
commit5d9ca6ab306e713fc0282aebde5c9196ad86b7ab (patch)
tree18bfcce06f61da5aaee6c8f940d712c0b916dbed /srp/src/client.rs
parent6516978c0baa72df8ad0b6b66c07081eaa47cb18 (diff)
downloadPAKEs-5d9ca6ab306e713fc0282aebde5c9196ad86b7ab.tar.xz
reformat all code to match rustfmt-1.29.0
Diffstat (limited to 'srp/src/client.rs')
-rw-r--r--srp/src/client.rs73
1 files changed, 45 insertions, 28 deletions
diff --git a/srp/src/client.rs b/srp/src/client.rs
index a47bb28..ed4a2f6 100644
--- a/srp/src/client.rs
+++ b/srp/src/client.rs
@@ -1,9 +1,9 @@
//! SRP client implementation.
-//!
+//!
//! # Usage
//! First create SRP client struct by passing to it SRP parameters (shared
//! between client and server) and randomly generated `a`:
-//!
+//!
//! ```ignore
//! use srp::groups::G_2048;
//! use sha2::Sha256;
@@ -11,21 +11,21 @@
//! let a = rng.gen_iter::<u8>().take(64).collect::<Vec<u8>>();
//! let client = SrpClient::<Sha256>::new(&a, &G_2048);
//! ```
-//!
+//!
//! Next send handshake data (username and `a_pub`) to the server and receive
//! `salt` and `b_pub`:
-//!
+//!
//! ```ignore
//! let a_pub = client.get_a_pub();
//! let (salt, b_pub) = conn.send_handshake(username, a_pub);
//! ```
-//!
+//!
//! Compute private key using `salt` with any password hashing function.
//! You can use method from SRP-6a, but it's recommended to use specialized
//! password hashing algorithm instead (e.g. PBKDF2, argon2 or scrypt).
//! Next create verifier instance, note that `get_verifier` consumes client and
//! can return error in case of malicious `b_pub`.
-//!
+//!
//! ```ignore
//! let private_key = srp_private_key::<Sha256>(username, password, salt);
//! let verifier = client.get_verifier(&private_key, &b_pub)?;
@@ -34,23 +34,23 @@
//! Finally verify the server: first generate user proof,
//! send it to the server and verify server proof in the reply. Note that
//! `verify_server` method will return error in case of incorrect server reply.
-//!
+//!
//! ```ignore
//! let user_proof = verifier.get_proof();
//! let server_proof = conn.send_proof(user_proof);
//! let key = verifier.verify_server(server_proof)?;
//! ```
-//!
+//!
//! `key` contains shared secret key between user and the server. Alternatively
//! you can directly extract shared secret key using `get_key()` method and
//! handle authentification through different (secure!) means (e.g. by using
//! authentificated cipher mode).
-//!
+//!
//! For user registration on the server first generate salt (e.g. 32 bytes long)
//! and get password verifier which depends on private key. Send useranme, salt
//! and password verifier over protected channel to protect against
//! Man-in-the-middle (MITM) attack for registration.
-//!
+//!
//! ```ignore
//! let pwd_verifier = client.get_password_verifier(&private_key);
//! conn.send_registration_data(username, salt, pwd_verifier);
@@ -59,9 +59,9 @@
//let buf = rng.gen_iter::<u8>().take(l).collect::<Vec<u8>>();
use std::marker::PhantomData;
-use num::{BigUint, Zero};
use digest::Digest;
use generic_array::GenericArray;
+use num::{BigUint, Zero};
use tools::powm;
use types::{SrpAuthError, SrpGroup};
@@ -73,7 +73,7 @@ pub struct SrpClient<'a, D: Digest> {
a: BigUint,
a_pub: BigUint,
- d: PhantomData<D>
+ d: PhantomData<D>,
}
/// SRP client state after handshake with the server.
@@ -85,9 +85,11 @@ pub struct SrpClientVerifier<D: Digest> {
/// Compute user private key as described in the RFC 5054. Consider using proper
/// password hashing algorithm instead.
-pub fn srp_private_key<D: Digest>(username: &[u8], password: &[u8], salt: &[u8])
- -> GenericArray<u8, D::OutputSize>
-{
+pub fn srp_private_key<D: Digest>(
+ username: &[u8],
+ password: &[u8],
+ salt: &[u8],
+) -> GenericArray<u8, D::OutputSize> {
let p = {
let mut d = D::new();
d.input(username);
@@ -107,7 +109,12 @@ impl<'a, D: Digest> SrpClient<'a, D> {
let a = BigUint::from_bytes_be(a);
let a_pub = params.powm(&a);
- Self { params, a, a_pub, d: Default::default() }
+ Self {
+ params,
+ a,
+ a_pub,
+ d: Default::default(),
+ }
}
/// Get password verfier for user registration on the server
@@ -117,9 +124,12 @@ impl<'a, D: Digest> SrpClient<'a, D> {
v.to_bytes_be()
}
- fn calc_key(&self, b_pub: &BigUint, x: &BigUint, u: &BigUint)
- -> GenericArray<u8, D::OutputSize>
- {
+ fn calc_key(
+ &self,
+ b_pub: &BigUint,
+ x: &BigUint,
+ u: &BigUint,
+ ) -> GenericArray<u8, D::OutputSize> {
let n = &self.params.n;
let k = self.params.compute_k::<D>();
let interm = (k * self.params.powm(x)) % n;
@@ -130,14 +140,16 @@ impl<'a, D: Digest> SrpClient<'a, D> {
(n + b_pub - &interm) % n
};
// S = |B - kg^x| ^ (a + ux)
- let s = powm(&v, &(&self.a + (u*x) % n ), n);
+ let s = powm(&v, &(&self.a + (u * x) % n), n);
D::digest(&s.to_bytes_be())
}
/// Process server reply to the handshake.
- pub fn process_reply(self, private_key: &[u8], b_pub: &[u8])
- -> Result<SrpClientVerifier<D>, SrpAuthError>
- {
+ pub fn process_reply(
+ self,
+ private_key: &[u8],
+ b_pub: &[u8],
+ ) -> Result<SrpClientVerifier<D>, SrpAuthError> {
let u = {
let mut d = D::new();
d.input(&self.a_pub.to_bytes_be());
@@ -149,7 +161,9 @@ impl<'a, D: Digest> SrpClient<'a, D> {
// Safeguard against malicious B
if &b_pub % &self.params.n == BigUint::zero() {
- return Err(SrpAuthError{ description: "Malicious b_pub value" })
+ return Err(SrpAuthError {
+ description: "Malicious b_pub value",
+ });
}
let x = BigUint::from_bytes_be(private_key);
@@ -200,11 +214,14 @@ impl<D: Digest> SrpClientVerifier<D> {
/// Verify server reply to verification data. It will return shared secret
/// key in case of success.
- pub fn verify_server(self, reply: &[u8])
- -> Result<GenericArray<u8, D::OutputSize>, SrpAuthError>
- {
+ pub fn verify_server(
+ self,
+ reply: &[u8],
+ ) -> Result<GenericArray<u8, D::OutputSize>, SrpAuthError> {
if self.server_proof.as_slice() != reply {
- Err(SrpAuthError{ description: "Incorrect server proof" })
+ Err(SrpAuthError {
+ description: "Incorrect server proof",
+ })
} else {
Ok(self.key)
}