1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
extern crate num;
extern crate sha2;
extern crate rand;
extern crate srp;
use num::BigUint;
use sha2::Sha256;
use rand::Rng;
use srp::types::SrpParams;
use srp::client::{ SrpClient, srp6a_private_key };
use srp::server::{SrpServer, UserRecord};
fn auth_test(reg_pwd: &[u8], auth_pwd: &[u8]) {
let mut rng = rand::os::OsRng::new().unwrap();
let username = "john".as_bytes();
let srp_params = SrpParams{
n: BigUint::from_bytes_le(srp::PRIME),
k: BigUint::from_bytes_be(&[1, 2, 3]),
g: BigUint::new(vec![2]),
};
// Client instance creation
let client = SrpClient::<Sha256>::new(&srp_params, &mut rng);
// Registration
let salt: [u8; 16] = rng.gen();
let reg_priv_key = srp6a_private_key::<Sha256>(username, reg_pwd, &salt);
let verif = client.get_password_verifier(®_priv_key);
// User sends handshake
let a_pub = client.get_a_pub();
// Server retrieve user record from db and processes handshake
let user = UserRecord { username, salt: &salt, verifier: &verif };
let server = SrpServer::<Sha256>::new(&user, &a_pub, &srp_params, &mut rng)
.unwrap();
let (salt, b_pub) = (&user.salt, server.get_b_pub());
// Client processes handshake reply
let auth_priv_key = srp6a_private_key::<Sha256>(username, auth_pwd, &salt);
let client2 = client.process_reply(&auth_priv_key, &b_pub).unwrap();
let proof = client2.get_proof();
// Server processes verification data
println!("Client verification");
let proof2 = server.verify(&proof).unwrap();
let server_key = server.get_key();
// Client verifies server
println!("Server verification");
let user_key = client2.verify_server(&proof2).unwrap();
assert_eq!(server_key, user_key, "server and client keys are not equal");
}
#[test]
fn good_password() {
auth_test("password".as_bytes(), "password".as_bytes());
}
#[test]
#[should_panic]
fn bad_password() {
auth_test("password".as_bytes(), "paSsword".as_bytes());
}
|
