diff options
Diffstat (limited to 'src/lib.rs')
| -rw-r--r-- | src/lib.rs | 41 |
1 files changed, 22 insertions, 19 deletions
@@ -1,12 +1,13 @@ //! [Secure Remote Password][1] (SRP) protocol implementation. //! -//! This implementation uses little-endian serialization of big integers and is -//! generic over hash functions using `Digest` trait, so you will need to choose -//! a hash function, e.g. `Sha256` from `sha2` crate. Additionally this crate -//! allows to use a specialized password hashing algorithms for private key -//! computation instead of method described in the SRP literature. +//! This implementation is generic over hash functions using +//! [`Digest`](https://docs.rs/digest) trait, so you will need to choose a hash +//! function, e.g. `Sha256` from [`sha2`](https://crates.io/crates/sha2) crate. +//! Additionally this crate allows to use a specialized password hashing +//! algorithm for private key computation instead of method described in the +//! SRP literature. //! -//! Currently compatability with over implementations was not tested. +//! Compatability with over implementations was not yet tested. //! //! # Usage //! Add `srp` dependecy to your `Cargo.toml`: @@ -28,10 +29,12 @@ //! # Algorithm description //! Here we briefly describe implemented algroithm. For additionall information //! refer to SRP literature. All arithmetic is done modulo `N`, where `N` is a -//! large safe prime (`N = 2q+1`, where `q` is prime). +//! large safe prime (`N = 2q+1`, where `q` is prime). Additionally `g` MUST be +//! a generator modulo `N`. It's STRONGLY recommended to use SRP parameters +//! provided by this crate in the [`groups`](groups/index.html) module. //! -//! Client | | Server -//! -------|-------|-------- +//! Client | | Server +//! ------------------------|---------------|------------------------ //! | — `I` —> | (lookup `s`, `v`) //! `x = PH(P, s)` | <— `s`, `v` — | //! `a_pub = g^a` | — `a_pub` —> | `b_pub = k*v + g^b` @@ -47,30 +50,30 @@ //! - `I` — user identity (username) //! - `P` — user password //! - `H` — one-way hash function -//! - `HP` — password hashing algroithm, in the SRP described as -//! `H(s || I || P)` or `H(s || P)` +//! - `PH` — password hashing algroithm, in the RFC 5054 described as +//! `H(s || H(I || ":" || P))` //! - `^` — (modular) exponentiation //! - `x` — user private key //! - `s` — salt generated by user and stored on the server //! - `v` — password verifier equal to `g^x` and stored on the server -//! - `a`, `b` — secret ephemeral values +//! - `a`, `b` — secret ephemeral values (at least 256 bits in length) //! - `A`, `B` — Public ephemeral values //! - `u` — scrambling parameter -//! - `g` — a generator modulo `N` //! - `k` — multiplier parameter (`k = H(N || g)` in SRP-6a) //! //! [1]: https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol +//! [2]: https://tools.ietf.org/html/rfc5054 extern crate num; extern crate digest; extern crate generic_array; -extern crate rand; +#[macro_use] +extern crate lazy_static; + +#[cfg(test)] +extern crate sha_1; mod tools; pub mod client; pub mod server; pub mod types; - -/// 1024 bit prime number which can be used as `n` in the `SrpParams`. -/// -/// For conversion to `BigUint` use `BigUint::from_bytes_le(SRP_PRIME)`. -pub const PRIME: &'static [u8] = include_bytes!("prime.bin"); +pub mod groups; |