blob: 9401514ace277c5a6905742d28f6ee4616fa15ca (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
//! [Secure Remote Password][1] (SRP) protocol implementation.
//!
//! This implementation uses little-endian serialization of big integers and is
//! generic over hash functions using `Digest` trait, so you will need to choose
//! a hash function, e.g. `Sha256` from `sha2` crate. Additionally this crate
//! allows to use a specialized password hashing algorithms for private key
//! computation instead of method described in the SRP literature.
//!
//! Currently compatability with over implementations was not tested.
//!
//! # Algorithm description
//! Here we briefly describe implemented algroithm. For additionall information
//! refer to SRP literature. All arithmetic is done modulo `N`, where `N` is a
//! large safe prime (`N = 2q+1`, where `q` is prime).
//!
//! Client | | Server
//! -------|-------|--------
//! | — `I` —> | (lookup `s`, `v`)
//! `x = PH(P, s)` | <— `s`, `v` — |
//! `a_pub = g^a` | — `a_pub` —> | `b_pub = k*v + g^b`
//! `u = H(a_pub || b_pub)` | <— `b_pub` — | `u = H(a_pub || b_pub)`
//! `s = (b_pub - k*g^x)^(a+u*x)` | | `S = (b_pub - k*g^x)^(a+u*x)`
//! `K = H(s)` | | `K = H(s)`
//! `M1 = H(A || B || K)` | — `M1` —> | (verify `M1`)
//! (verify `M2`) | <— `M2` — | `M2 = H(A || M1 || K)`
//!
//! `||` denotes concatenation, variables and notations have the following
//! meaning:
//!
//! - `I` — user identity (username)
//! - `P` — user password
//! - `H` — one-way hash function
//! - `HP` — password hashing algroithm, in the SRP described as
//! `H(s || I || P)` or `H(s || P)`
//! - `^` — (modular) exponentiation
//! - `x` — user private key
//! - `s` — salt generated by user and stored on the server
//! - `v` — password verifier equal to `g^x` and stored on the server
//! - `a`, `b` — secret ephemeral values
//! - `A`, `B` — Public ephemeral values
//! - `u` — scrambling parameter
//! - `g` — a generator modulo `N`
//! - `k` — multiplier parameter (`k = H(N || g)` in SRP-6a)
//!
//! [1]: https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol
extern crate num;
extern crate digest;
extern crate generic_array;
extern crate rand;
mod tools;
pub mod client;
pub mod server;
pub mod types;
/// 1024 bit prime number which can be used as `n` in the `SrpParams`.
///
/// For conversion to `BigUint` use `BigUint::from_bytes_le(SRP_PRIME)`.
pub const PRIME: &'static [u8] = include_bytes!("prime.bin");
|
