aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/client.rs212
-rw-r--r--src/groups.rs56
-rw-r--r--src/groups/1024.bin3
-rw-r--r--src/groups/1536.bin1
-rw-r--r--src/groups/2048.bin2
-rw-r--r--src/groups/3072.binbin384 -> 0 bytes
-rw-r--r--src/groups/4096.binbin512 -> 0 bytes
-rw-r--r--src/groups/6144.binbin768 -> 0 bytes
-rw-r--r--src/groups/8192.binbin1024 -> 0 bytes
-rw-r--r--src/k_sha1_1024.bin1
-rw-r--r--src/lib.rs79
-rw-r--r--src/prime.bin1
-rw-r--r--src/server.rs136
-rw-r--r--src/tools.rs19
-rw-r--r--src/types.rs64
15 files changed, 0 insertions, 574 deletions
diff --git a/src/client.rs b/src/client.rs
deleted file mode 100644
index 4348f4f..0000000
--- a/src/client.rs
+++ /dev/null
@@ -1,212 +0,0 @@
-//! SRP client implementation.
-//!
-//! # Usage
-//! First create SRP client struct by passing to it SRP parameters (shared
-//! between client and server) and randomly generated `a`:
-//!
-//! ```ignore
-//! use srp::groups::G_2048;
-//! use sha2::Sha256;
-//!
-//! let a = rng.gen_iter::<u8>().take(64).collect::<Vec<u8>>();
-//! let client = SrpClient::<Sha256>::new(&a, &G_2048);
-//! ```
-//!
-//! Next send handshake data (username and `a_pub`) to the server and receive
-//! `salt` and `b_pub`:
-//!
-//! ```ignore
-//! let a_pub = client.get_a_pub();
-//! let (salt, b_pub) = conn.send_handshake(username, a_pub);
-//! ```
-//!
-//! Compute private key using `salt` with any password hashing function.
-//! You can use method from SRP-6a, but it's recommended to use specialized
-//! password hashing algorithm instead (e.g. PBKDF2, argon2 or scrypt).
-//! Next create verifier instance, note that `get_verifier` consumes client and
-//! can return error in case of malicious `b_pub`.
-//!
-//! ```ignore
-//! let private_key = srp_private_key::<Sha256>(username, password, salt);
-//! let verifier = client.get_verifier(&private_key, &b_pub)?;
-//! ```
-//!
-//! Finally verify the server: first generate user proof,
-//! send it to the server and verify server proof in the reply. Note that
-//! `verify_server` method will return error in case of incorrect server reply.
-//!
-//! ```ignore
-//! let user_proof = verifier.get_proof();
-//! let server_proof = conn.send_proof(user_proof);
-//! let key = verifier.verify_server(server_proof)?;
-//! ```
-//!
-//! `key` contains shared secret key between user and the server. Alternatively
-//! you can directly extract shared secret key using `get_key()` method and
-//! handle authentification through different (secure!) means (e.g. by using
-//! authentificated cipher mode).
-//!
-//! For user registration on the server first generate salt (e.g. 32 bytes long)
-//! and get password verifier which depends on private key. Send useranme, salt
-//! and password verifier over protected channel to protect against MitM for
-//! registration.
-//!
-//! ```ignore
-//! let pwd_verifier = client.get_password_verifier(&private_key);
-//! conn.send_registration_data(username, salt, pwd_verifier);
-//! ```
-
-//let buf = rng.gen_iter::<u8>().take(l).collect::<Vec<u8>>();
-use std::marker::PhantomData;
-
-use num::{BigUint, Zero};
-use digest::Digest;
-use generic_array::GenericArray;
-
-use tools::powm;
-use types::{SrpAuthError, SrpGroup};
-
-/// SRP client state before handshake with the server.
-pub struct SrpClient<'a, D: Digest> {
- params: &'a SrpGroup,
-
- a: BigUint,
- a_pub: BigUint,
-
- d: PhantomData<D>
-}
-
-/// SRP client state after handshake with the server.
-pub struct SrpClientVerifier<D: Digest> {
- proof: GenericArray<u8, D::OutputSize>,
- server_proof: GenericArray<u8, D::OutputSize>,
- key: GenericArray<u8, D::OutputSize>,
-}
-
-/// Compute user private key as described in the RFC 5054. Consider using proper
-/// password hashing algorithm instead.
-pub fn srp_private_key<D: Digest>(username: &[u8], password: &[u8], salt: &[u8])
- -> GenericArray<u8, D::OutputSize>
-{
- let p = {
- let mut d = D::new();
- d.input(username);
- d.input(b":");
- d.input(password);
- d.result()
- };
- let mut d = D::new();
- d.input(salt);
- d.input(&p);
- d.result()
-}
-
-impl<'a, D: Digest> SrpClient<'a, D> {
- /// Create new SRP client instance.
- pub fn new(a: &[u8], params: &'a SrpGroup) -> Self {
- let a = BigUint::from_bytes_be(a);
- let a_pub = params.powm(&a);
-
- Self { params, a, a_pub, d: Default::default() }
- }
-
- /// Get password verfier for user registration on the server
- pub fn get_password_verifier(&self, private_key: &[u8]) -> Vec<u8> {
- let x = BigUint::from_bytes_be(&private_key);
- let v = self.params.powm(&x);
- v.to_bytes_be()
- }
-
- fn calc_key(&self, b_pub: &BigUint, x: &BigUint, u: &BigUint)
- -> GenericArray<u8, D::OutputSize>
- {
- let n = &self.params.n;
- let k = self.params.compute_k::<D>();
- let interm = (k * self.params.powm(x)) % n;
- // Because we do operation in modulo N we can get: (kv + g^b) < kv
- let v = if b_pub > &interm {
- (b_pub - &interm) % n
- } else {
- (n + b_pub - &interm) % n
- };
- // S = |B - kg^x| ^ (a + ux)
- let s = powm(&v, &(&self.a + (u*x) % n ), n);
- D::digest(&s.to_bytes_be())
- }
-
- /// Process server reply to the handshake.
- pub fn process_reply(self, private_key: &[u8], b_pub: &[u8])
- -> Result<SrpClientVerifier<D>, SrpAuthError>
- {
- let u = {
- let mut d = D::new();
- d.input(&self.a_pub.to_bytes_be());
- d.input(b_pub);
- BigUint::from_bytes_be(&d.result())
- };
-
- let b_pub = BigUint::from_bytes_be(b_pub);
-
- // Safeguard against malicious B
- if &b_pub % &self.params.n == BigUint::zero() {
- return Err(SrpAuthError{ description: "Malicious b_pub value" })
- }
-
- let x = BigUint::from_bytes_be(&private_key);
- let key = self.calc_key(&b_pub, &x, &u);
- // M1 = H(A, B, K)
- let proof = {
- let mut d = D::new();
- d.input(&self.a_pub.to_bytes_be());
- d.input(&b_pub.to_bytes_be());
- d.input(&key);
- d.result()
- };
-
- // M2 = H(A, M1, K)
- let server_proof = {
- let mut d = D::new();
- d.input(&self.a_pub.to_bytes_be());
- d.input(&proof);
- d.input(&key);
- d.result()
- };
-
- Ok(SrpClientVerifier {
- proof: proof,
- server_proof: server_proof,
- key: key,
- })
- }
-
- /// Get public ephemeral value for handshaking with the server.
- pub fn get_a_pub(&self) -> Vec<u8> {
- self.a_pub.to_bytes_be()
- }
-}
-
-impl<D: Digest> SrpClientVerifier<D> {
- /// Get shared secret key without authenticating server, e.g. for using with
- /// authenticated encryption modes. DO NOT USE this method without
- /// some kind of secure authentification.
- pub fn get_key(self) -> GenericArray<u8, D::OutputSize> {
- self.key
- }
-
- /// Verification data for sending to the server.
- pub fn get_proof(&self) -> GenericArray<u8, D::OutputSize> {
- self.proof.clone()
- }
-
- /// Verify server reply to verification data. It will return shared secret
- /// key in case of success.
- pub fn verify_server(self, reply: &[u8])
- -> Result<GenericArray<u8, D::OutputSize>, SrpAuthError>
- {
- if self.server_proof.as_slice() != reply {
- Err(SrpAuthError{ description: "Incorrect server proof" })
- } else {
- Ok(self.key)
- }
- }
-}
diff --git a/src/groups.rs b/src/groups.rs
deleted file mode 100644
index 246134e..0000000
--- a/src/groups.rs
+++ /dev/null
@@ -1,56 +0,0 @@
-//! Groups from [RFC 5054](https://tools.ietf.org/html/rfc5054)
-//!
-//! It is strongly recommended to use them instead of custom generated
-//! groups. Additionally it is not recommended to use `G_1024` and `G_1536`,
-//! they are provided only for compatability with the legacy software.
-use types::SrpGroup;
-use num::BigUint;
-
-lazy_static! {
- pub static ref G_1024: SrpGroup = SrpGroup {
- n: BigUint::from_bytes_be(include_bytes!("groups/1024.bin")),
- g: BigUint::from_bytes_be(&[2]),
- };
-}
-
-lazy_static! {
- pub static ref G_1536: SrpGroup = SrpGroup {
- n: BigUint::from_bytes_be(include_bytes!("groups/1536.bin")),
- g: BigUint::from_bytes_be(&[2]),
- };
-}
-
-lazy_static! {
- pub static ref G_2048: SrpGroup = SrpGroup {
- n: BigUint::from_bytes_be(include_bytes!("groups/2048.bin")),
- g: BigUint::from_bytes_be(&[2]),
- };
-}
-
-lazy_static! {
- pub static ref G_3072: SrpGroup = SrpGroup {
- n: BigUint::from_bytes_be(include_bytes!("groups/3072.bin")),
- g: BigUint::from_bytes_be(&[5]),
- };
-}
-
-lazy_static! {
- pub static ref G_4096: SrpGroup = SrpGroup {
- n: BigUint::from_bytes_be(include_bytes!("groups/4096.bin")),
- g: BigUint::from_bytes_be(&[5]),
- };
-}
-
-lazy_static! {
- pub static ref G_6144: SrpGroup = SrpGroup {
- n: BigUint::from_bytes_be(include_bytes!("groups/6144.bin")),
- g: BigUint::from_bytes_be(&[5]),
- };
-}
-
-lazy_static! {
- pub static ref G_8192: SrpGroup = SrpGroup {
- n: BigUint::from_bytes_be(include_bytes!("groups/8192.bin")),
- g: BigUint::from_bytes_be(&[19]),
- };
-}
diff --git a/src/groups/1024.bin b/src/groups/1024.bin
deleted file mode 100644
index 7ce0aa3..0000000
--- a/src/groups/1024.bin
+++ /dev/null
@@ -1,3 +0,0 @@
-
-֜3
-`rau< 1L%evtt8;H֒PI\`]״aTֶΎi]IU){)ffWh<rl/nQ8vC[/ \ No newline at end of file
diff --git a/src/groups/1536.bin b/src/groups/1536.bin
deleted file mode 100644
index c3a5972..0000000
--- a/src/groups/1536.bin
+++ /dev/null
@@ -1 +0,0 @@
-<9'z*{ۥLaKM_O_Un'QƩK`z)X;CU"|gЁ4ȹy` 㺶=GTűvN?KSݝ>+n94'/=$Ćew.C}lBsJ̷|&J㩾/鸵).Z^G碌$BI#Mv5 \ No newline at end of file
diff --git a/src/groups/2048.bin b/src/groups/2048.bin
deleted file mode 100644
index 23207c6..0000000
--- a/src/groups/2048.bin
+++ /dev/null
@@ -1,2 +0,0 @@
-kA2Jf^X/re1=`Ps)˴큓uwg=#K1 HP9ig`:f)/ Uy^ t
-tsYA>(Dkw;ʗ:#v zCldҹF[2wHTE#$}^z'u,/xa`'z毇NsS){*VÂq5؟z5#mR_Tuer֎Js \ No newline at end of file
diff --git a/src/groups/3072.bin b/src/groups/3072.bin
deleted file mode 100644
index 7e1a84d..0000000
--- a/src/groups/3072.bin
+++ /dev/null
Binary files differ
diff --git a/src/groups/4096.bin b/src/groups/4096.bin
deleted file mode 100644
index 82463c0..0000000
--- a/src/groups/4096.bin
+++ /dev/null
Binary files differ
diff --git a/src/groups/6144.bin b/src/groups/6144.bin
deleted file mode 100644
index 83a559a..0000000
--- a/src/groups/6144.bin
+++ /dev/null
Binary files differ
diff --git a/src/groups/8192.bin b/src/groups/8192.bin
deleted file mode 100644
index b1f32ac..0000000
--- a/src/groups/8192.bin
+++ /dev/null
Binary files differ
diff --git a/src/k_sha1_1024.bin b/src/k_sha1_1024.bin
deleted file mode 100644
index 4408438..0000000
--- a/src/k_sha1_1024.bin
+++ /dev/null
@@ -1 +0,0 @@
-uVZ,f\>o \ No newline at end of file
diff --git a/src/lib.rs b/src/lib.rs
deleted file mode 100644
index df11ae9..0000000
--- a/src/lib.rs
+++ /dev/null
@@ -1,79 +0,0 @@
-//! [Secure Remote Password][1] (SRP) protocol implementation.
-//!
-//! This implementation is generic over hash functions using
-//! [`Digest`](https://docs.rs/digest) trait, so you will need to choose a hash
-//! function, e.g. `Sha256` from [`sha2`](https://crates.io/crates/sha2) crate.
-//! Additionally this crate allows to use a specialized password hashing
-//! algorithm for private key computation instead of method described in the
-//! SRP literature.
-//!
-//! Compatability with over implementations was not yet tested.
-//!
-//! # Usage
-//! Add `srp` dependecy to your `Cargo.toml`:
-//!
-//! ```toml
-//! [dependencies]
-//! rand = "0.3"
-//! ```
-//!
-//! and this to your crate root:
-//!
-//! ```rust
-//! extern crate srp;
-//! ```
-//!
-//! Next read documentation for [`client`](client/index.html) and
-//! [`server`](server/index.html) modules.
-//!
-//! # Algorithm description
-//! Here we briefly describe implemented algroithm. For additionall information
-//! refer to SRP literature. All arithmetic is done modulo `N`, where `N` is a
-//! large safe prime (`N = 2q+1`, where `q` is prime). Additionally `g` MUST be
-//! a generator modulo `N`. It's STRONGLY recommended to use SRP parameters
-//! provided by this crate in the [`groups`](groups/index.html) module.
-//!
-//! Client | | Server
-//! ------------------------|---------------|------------------------
-//! | — `I` —> | (lookup `s`, `v`)
-//! `x = PH(P, s)` | <— `s`, `v` — |
-//! `a_pub = g^a` | — `a_pub` —> | `b_pub = k*v + g^b`
-//! `u = H(a_pub || b_pub)` | <— `b_pub` — | `u = H(a_pub || b_pub)`
-//! `s = (b_pub - k*g^x)^(a+u*x)` | | `S = (b_pub - k*g^x)^(a+u*x)`
-//! `K = H(s)` | | `K = H(s)`
-//! `M1 = H(A || B || K)` | — `M1` —> | (verify `M1`)
-//! (verify `M2`) | <— `M2` — | `M2 = H(A || M1 || K)`
-//!
-//! `||` denotes concatenation, variables and notations have the following
-//! meaning:
-//!
-//! - `I` — user identity (username)
-//! - `P` — user password
-//! - `H` — one-way hash function
-//! - `PH` — password hashing algroithm, in the RFC 5054 described as
-//! `H(s || H(I || ":" || P))`
-//! - `^` — (modular) exponentiation
-//! - `x` — user private key
-//! - `s` — salt generated by user and stored on the server
-//! - `v` — password verifier equal to `g^x` and stored on the server
-//! - `a`, `b` — secret ephemeral values (at least 256 bits in length)
-//! - `A`, `B` — Public ephemeral values
-//! - `u` — scrambling parameter
-//! - `k` — multiplier parameter (`k = H(N || g)` in SRP-6a)
-//!
-//! [1]: https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol
-//! [2]: https://tools.ietf.org/html/rfc5054
-extern crate num;
-extern crate digest;
-extern crate generic_array;
-#[macro_use]
-extern crate lazy_static;
-
-#[cfg(test)]
-extern crate sha_1;
-
-mod tools;
-pub mod client;
-pub mod server;
-pub mod types;
-pub mod groups;
diff --git a/src/prime.bin b/src/prime.bin
deleted file mode 100644
index d2109b7..0000000
--- a/src/prime.bin
+++ /dev/null
@@ -1 +0,0 @@
-_ P<=èyCp^ >Hhw Bb{+2,ZuHEXrӋto 'Tw;䪗Dl'$2/ A-tcK2-懘2u7 \ No newline at end of file
diff --git a/src/server.rs b/src/server.rs
deleted file mode 100644
index 137d6b3..0000000
--- a/src/server.rs
+++ /dev/null
@@ -1,136 +0,0 @@
-//! SRP server implementation
-//!
-//! # Usage
-//! First receive user's username and public value `a_pub`, retrieve from a
-//! database `UserRecord` for a given username, generate `b` (e.g. 512 bits
-//! long) and initialize SRP server instance:
-//!
-//! ```ignore
-//! use srp::groups::G_2048;
-//!
-//! let (username, a_pub) = conn.receive_handshake();
-//! let user = db.retrieve_user_record(username);
-//! let b = rng.gen_iter::<u8>().take(64).collect::<Vec<u8>>();
-//! let server = SrpServer::<Sha256>::new(&user, &a_pub, &b, &G_2048)?;
-//! ```
-//!
-//! Next send to user `b_pub` and `salt` from user record:
-//!
-//! ```ignore
-//! let b_pub = server.get_b_pub();
-//! conn.reply_to_handshake(&user.salt, b_pub);
-//! ```
-//!
-//! And finally recieve user proof, verify it and send server proof in the
-//! reply:
-//!
-//! ```ignore
-//! let user_proof = conn.receive_proof();
-//! let server_proof = server.verify(user_proof)?;
-//! conn.send_proof(server_proof);
-//! ```
-//!
-//! To get the shared secret use `get_key` method. As alternative to using
-//! `verify` method it's also possible to use this key for authentificated
-//! encryption.
-use std::marker::PhantomData;
-
-use num::{BigUint, Zero};
-use digest::Digest;
-use generic_array::GenericArray;
-
-use tools::powm;
-use types::{SrpAuthError, SrpGroup};
-
-/// Data provided by users upon registration, usually stored in the database.
-pub struct UserRecord<'a> {
- pub username: &'a [u8],
- pub salt: &'a [u8],
- /// Password verifier
- pub verifier: &'a [u8],
-}
-
-/// SRP server state
-pub struct SrpServer<D: Digest> {
- b: BigUint,
- a_pub: BigUint,
- b_pub: BigUint,
-
- key: GenericArray<u8, D::OutputSize>,
-
- d: PhantomData<D>
-}
-
-impl< D: Digest> SrpServer< D> {
- /// Create new server state.
- pub fn new(user: &UserRecord, a_pub: &[u8], b: &[u8], params: &SrpGroup)
- -> Result<Self, SrpAuthError>
- {
- let a_pub = BigUint::from_bytes_be(a_pub);
- // Safeguard against malicious A
- if &a_pub % &params.n == BigUint::zero() {
- return Err(SrpAuthError { description: "Malicious a_pub value" })
- }
- let v = BigUint::from_bytes_be(user.verifier);
- let b = BigUint::from_bytes_be(b) % &params.n;
- let k = params.compute_k::<D>();
- // kv + g^b
- let interm = (k * &v) % &params.n;
- let b_pub = (interm + &params.powm(&b)) % &params.n;
- // H(A || B)
- let u = {
- let mut d = D::new();
- d.input(&a_pub.to_bytes_be());
- d.input(&b_pub.to_bytes_be());
- d.result()
- };
- let d = Default::default();
- //(Av^u) ^ b
- let key = {
- let u = BigUint::from_bytes_be(&u);
- let t = (&a_pub * powm(&v, &u, &params.n)) % &params.n;
- let s = powm(&t, &b, &params.n);
- D::digest(&s.to_bytes_be())
- };
- Ok(Self { b, a_pub, b_pub, key, d})
- }
-
- /// Get private `b` value. (see `new_with_b` documentation)
- pub fn get_b(&self) -> Vec<u8> {
- self.b.to_bytes_be()
- }
-
- /// Get public `b_pub` value for sending to the user.
- pub fn get_b_pub(&self) -> Vec<u8> {
- self.b_pub.to_bytes_be()
- }
-
- /// Get shared secret between user and the server. (do not forget to verify
- /// that keys are the same!)
- pub fn get_key(&self) -> GenericArray<u8, D::OutputSize> {
- self.key.clone()
- }
-
- /// Process user proof of having the same shared secret and compute
- /// server proof for sending to the user.
- pub fn verify(&self, user_proof: &[u8])
- -> Result<GenericArray<u8, D::OutputSize>, SrpAuthError>
- {
- // M = H(A, B, K)
- let mut d = D::new();
- d.input(&self.a_pub.to_bytes_be());
- d.input(&self.b_pub.to_bytes_be());
- d.input(&self.key);
-
- if user_proof == d.result().as_slice() {
- // H(A, M, K)
- let mut d = D::new();
- d.input(&self.a_pub.to_bytes_be());
- d.input(user_proof);
- d.input(&self.key);
- Ok(d.result())
- } else {
- Err(SrpAuthError { description: "Incorrect user proof" })
- }
- }
-}
diff --git a/src/tools.rs b/src/tools.rs
deleted file mode 100644
index 8cb6910..0000000
--- a/src/tools.rs
+++ /dev/null
@@ -1,19 +0,0 @@
-use num::BigUint;
-
-pub fn powm(base: &BigUint, exp: &BigUint, modulus: &BigUint) -> BigUint {
- let zero = BigUint::new(vec![0]);
- let one = BigUint::new(vec![1]);
- let two = BigUint::new(vec![2]);
- let mut exp = exp.clone();
- let mut result = one.clone();
- let mut base = base % modulus;
-
- while exp > zero {
- if &exp % &two == one {
- result = (result * &base) % modulus;
- }
- exp = exp >> 1;
- base = (&base * &base) % modulus;
- }
- result
-}
diff --git a/src/types.rs b/src/types.rs
deleted file mode 100644
index 810132c..0000000
--- a/src/types.rs
+++ /dev/null
@@ -1,64 +0,0 @@
-//! Additional SRP types.
-use std::{fmt, error};
-use num::BigUint;
-use tools::powm;
-use digest::Digest;
-
-/// SRP authentification error.
-#[derive(Debug, Copy, Clone, Eq, PartialEq)]
-pub struct SrpAuthError {
- pub(crate) description: &'static str
-}
-
-impl fmt::Display for SrpAuthError {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
- write!(f, "SRP authentification error")
- }
-}
-
-impl error::Error for SrpAuthError {
- fn description(&self) -> &str {
- self.description
- }
-}
-
-/// Group used for SRP computations
-#[derive(Debug, Clone, Eq, PartialEq)]
-pub struct SrpGroup {
- /// A large safe prime (N = 2q+1, where q is prime)
- pub n: BigUint,
- /// A generator modulo N
- pub g: BigUint,
-}
-
-impl SrpGroup {
- pub(crate) fn powm(&self, v: &BigUint) -> BigUint {
- powm(&self.g, v, &self.n)
- }
-
- /// Compute `k` with given hash function and return SRP parameters
- pub(crate) fn compute_k<D: Digest>(&self) -> BigUint {
- let n = self.n.to_bytes_be();
- let g_bytes = self.g.to_bytes_be();
- let mut buf = vec![0u8; n.len()];
- let l = n.len() - g_bytes.len();
- buf[l..].copy_from_slice(&g_bytes);
-
- let mut d = D::new();
- d.input(&n);
- d.input(&buf);
- BigUint::from_bytes_be(&d.result())
- }
-}
-
-#[cfg(test)]
-mod tests {
- use ::groups::G_1024;
- use sha_1::Sha1;
-
- #[test]
- fn test_k_1024_sha1() {
- let k = G_1024.compute_k::<Sha1>().to_bytes_be();
- assert_eq!(&k, include_bytes!("k_sha1_1024.bin"));
- }
-}
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-11 13:52:15 +0000