Struct wow_srp::server::SrpProof [−][src]
pub struct SrpProof { /* fields omitted */ }
Expand description
Contains the server public key, private key and salt. Second step of the server, next is SrpServer
.
This struct is created from the SrpVerifier::into_proof
method.
The server public key is generated from the verifier and a random private key.
The salt is the same as the SrpVerifier
.
The client also requires the large safe prime and the generator. These are static values that never change and therefore they have their own const variables.
The private key used is 32 bytes long.
See examples/server.rs
for the full example.
All byte arrays are little endian.
Example
The example cuts out stuff related to SrpVerifier
and SrpServer
.
let proof = verifier.into_proof(); let salt = proof.salt(); let server_public_key = proof.server_public_key(); // Not part of this struct, but used in the same network packet and tightly related. let large_safe_prime = LARGE_SAFE_PRIME_LITTLE_ENDIAN; let generator = GENERATOR; // Public key gotten from client let client_public_key = PublicKey::from_le_bytes(&client_public_key); let client_public_key = match client_public_key { Ok(c) => {c} Err(_) => { panic!("Public key is invalid. This is either _very_ rare or malicious.") } }; // Proof gotten from client let client_proof = [255u8; PROOF_LENGTH as usize]; let server = proof.into_server(client_public_key, client_proof); let server = match server { Ok(s) => {s} Err(_) => { panic!("Proofs do not match (password is incorrect). This is common.") } };
Implementations
Server public key used in calculations by both the server and client. Is sent to the client. Array is little endian.
Called B
in RFC2945.
Always 32 bytes (256 bits) in length since the packet sent to the client has a fixed width.
Salt value used for calculating verifier. Is sent to the client. Array is little endian.
Called s
, <salt from passwd file>
or <salt>
in RFC2945.
Always 32 bytes (256 bits) in length since the packet sent to the client has a fixed width.
Converts to an SrpServer
and server proof by using the client supplied public key and proof,
consuming the SrpProof
.
The server proof value must be sent to the client in order to prove that the server knows the
same password as the client.
The server proof is called M
in RFC2945,
and M2
in other litterature.
This is different from the paramter to SrpProof::into_server
which is referred to as M1
in other litterature, but both are referred to as M
in
RFC2945.
The server proof is a little endian array. The server proof is always 20 bytes (160 bits) because it’s a SHA-1 hash.
The PublicKey
is used instead of an array in order to break the validation of the
public key and the calculation of the proof into separate steps.
An invalid PublicKey
is more likely to be the result of the client deliberately sending
known invalid data while the MatchProofsError
just means that the entered password is incorrect.
The client_public_key
is called A
in RFC2945 and most other
literature. It is sometimes incorrectly called a
, but this refers to the client private key.
Private keys are never sent over the network, so if you see a
in a packet table it is referring
to the client public key and not the private key.
The client_proof
is called M
in RFC2945 and M1
in other
literature. This is different from the server proof returned from SrpProof::into_server
which is often called
M2
, but is still referred to as M
in RFC2945.
The client_proof
is always 20 bytes (160 bits) in length because it’s a SHA-1 hash.
Example
// This will panic because the public key, username, passwords and proofs are not related // Public key gotten from client let client_public_key = PublicKey::from_le_bytes(&client_public_key); let client_public_key = match client_public_key { Ok(c) => {c} Err(_) => { panic!("Public key is invalid. This is either _very_ rare or malicious.") } }; // Proof gotten from client let client_proof = [255u8; PROOF_LENGTH as usize]; let server = proof.into_server(client_public_key, client_proof); let server = match server { Ok(s) => {s} Err(_) => { panic!("Proofs do not match (password is incorrect). This is common.") } };
Errors
If the client_proof
does not match the internal server proof.