srp 0.7.0-rc.2

#![no_std]
#![cfg_attr(docsrs, feature(doc_cfg))]
#![doc = include_str!("../README.md")]
#![doc(
    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg"
)]
#![allow(clippy::many_single_char_names)]
#![forbid(unsafe_code)]
#![warn(
    clippy::checked_conversions,
    clippy::integer_division_remainder_used,
    clippy::mod_module_files,
    clippy::panic,
    clippy::panic_in_result_fn,
    clippy::std_instead_of_alloc,
    clippy::std_instead_of_core,
    clippy::unwrap_used,
    missing_copy_implementations,
    missing_debug_implementations,
    missing_docs,
    rust_2018_idioms,
    trivial_casts,
    trivial_numeric_casts,
    unused_lifetimes,
    unused_qualifications
)]

//! # Usage
//! See [`Client`] and [`Server`] types for usage information.
//!
//! # Algorithm description
//! Here we briefly describe implemented algorithm. For additional information refer to SRP
//! literature. All arithmetic is done modulo `N`, where `N` is a large safe prime
//! (`N = 2q + 1`, where `q` is prime).
//!
//! Additionally, `g` MUST be a generator modulo `N`. It's STRONGLY recommended to use SRP
//! parameters provided by this crate under the [`groups`] module, and available as various
//! type aliases e.g. [`ClientG2048`] and [`ServerG2048`].
//!
//! |       Client           |   Data transfer   |      Server                     |
//! |------------------------|-------------------|---------------------------------|
//! |`a_pub = g^a`           | — `a_pub`, `I` —> | (lookup `s`, `v` for given `I`) |
//! |`x = PH(P, s)`          | <— `b_pub`, `s` — | `b_pub = k*v + g^b`             |
//! |`u = H(a_pub ‖ b_pub)`  |                   | `u = H(a_pub ‖ b_pub)`          |
//! |`s = (b_pub - k*g^x)^(a+u*x)` |             | `S = (b_pub - k*g^x)^(a+u*x)`   |
//! |`K = H(s)`              |                   | `K = H(s)`                      |
//! |`M1 = H(A ‖ B ‖ K)`     |     — `M1` —>     | (verify `M1`)                   |
//! |(verify `M2`)           |    <— `M2` —      | `M2 = H(A ‖ M1 ‖ K)`            |
//!
//! Variables and notations have the following meaning:
//!
//! - `I` — user identity (username)
//! - `P` — user password
//! - `H` — one-way hash function
//! - `PH` — password hashing algorithm, in the RFC 5054 described as
//! `H(s ‖ H(I ‖ ":" ‖ P))`
//! - `^` — (modular) exponentiation
//! - `‖` — concatenation
//! - `x` — user private key
//! - `s` — salt generated by user and stored on the server
//! - `v` — password verifier equal to `g^x` and stored on the server
//! - `a`, `b` — secret ephemeral values (at least 256 bits in length)
//! - `A`, `B` — Public ephemeral values
//! - `u` — scrambling parameter
//! - `k` — multiplier parameter (`k = H(N || g)` in SRP-6a)
//!
//! [1]: https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol
//! [2]: https://tools.ietf.org/html/rfc5054

#[macro_use]
extern crate alloc;

pub mod groups;
#[doc(hidden)]
pub mod utils;

mod client;
mod errors;
mod server;

pub use bigint;
pub use client::{Client, ClientG2048, ClientG3072, ClientG4096, ClientVerifier};
pub use common;
pub use errors::AuthError;
pub use groups::Group;
pub use server::{Server, ServerG2048, ServerG3072, ServerG4096, ServerVerifier};

#[allow(deprecated)]
pub use {
    client::{ClientG1024, ClientG1536, LegacyClientVerifier},
    server::{LegacyServerVerifier, ServerG1024, ServerG1536},
};

#[cfg(feature = "rand_core")]
pub use common::Generate;
#[cfg(feature = "rand_core")]
pub use common::rand_core;

/// 384-bit ephemeral secret (usable as `a` or `b`).
///
/// Should be large enough for use with any of the groups defined in this crate.
pub type EphemeralSecret = [u8; 48];

/// 256-bit salt value.
pub type Salt = [u8; 16];