Struct wow_srp::server::SrpProof [−][src]
pub struct SrpProof { /* fields omitted */ }Expand description
Contains the server public key, private key and salt. Second step of the server, next is SrpServer.
This struct is created from the SrpVerifier::into_proof method.
The server public key is generated from the verifier and a random private key.
The salt is the same as the SrpVerifier.
The client also requires the large safe prime and the generator. These are static values that never change and therefore they have their own const variables.
The private key used is 32 bytes long.
See examples/server.rs for the full example.
All byte arrays are little endian.
Example
The example cuts out stuff related to SrpVerifier and SrpServer.
let proof = verifier.into_proof(); let salt = proof.salt(); let server_public_key = proof.server_public_key(); // Not part of this struct, but used in the same network packet and tightly related. let large_safe_prime = LARGE_SAFE_PRIME_LITTLE_ENDIAN; let generator = GENERATOR; // Public key gotten from client let client_public_key = PublicKey::from_le_bytes(&client_public_key); let client_public_key = match client_public_key { Ok(c) => {c} Err(_) => { panic!("Public key is invalid. This is either _very_ rare or malicious.") } }; // Proof gotten from client let client_proof = [255u8; PROOF_LENGTH as usize]; let server = proof.into_server(client_public_key, client_proof); let server = match server { Ok(s) => {s} Err(_) => { panic!("Proofs do not match (password is incorrect). This is common.") } };
Implementations
Server public key used in calculations by both the server and client. Is sent to the client. Array is little endian.
Called B in RFC2945.
Always 32 bytes (256 bits) in length since the packet sent to the client has a fixed width.
Salt value used for calculating verifier. Is sent to the client. Array is little endian.
Called s, <salt from passwd file> or <salt> in RFC2945.
Always 32 bytes (256 bits) in length since the packet sent to the client has a fixed width.
Converts to an SrpServer and server proof by using the client supplied public key and proof,
consuming the SrpProof.
The server proof value must be sent to the client in order to prove that the server knows the
same password as the client.
The server proof is called M in RFC2945,
and M2 in other litterature.
This is different from the paramter to SrpProof::into_server which is referred to as M1
in other litterature, but both are referred to as M in
RFC2945.
The server proof is a little endian array. The server proof is always 20 bytes (160 bits) because it’s a SHA-1 hash.
The PublicKey is used instead of an array in order to break the validation of the
public key and the calculation of the proof into separate steps.
An invalid PublicKey is more likely to be the result of the client deliberately sending
known invalid data while the MatchProofsError just means that the entered password is incorrect.
The client_public_key is called A in RFC2945 and most other
literature. It is sometimes incorrectly called a, but this refers to the client private key.
Private keys are never sent over the network, so if you see a in a packet table it is referring
to the client public key and not the private key.
The client_proof is called M in RFC2945 and M1 in other
literature. This is different from the server proof returned from SrpProof::into_server which is often called
M2, but is still referred to as M in RFC2945.
The client_proof is always 20 bytes (160 bits) in length because it’s a SHA-1 hash.
Example
// This will panic because the public key, username, passwords and proofs are not related // Public key gotten from client let client_public_key = PublicKey::from_le_bytes(&client_public_key); let client_public_key = match client_public_key { Ok(c) => {c} Err(_) => { panic!("Public key is invalid. This is either _very_ rare or malicious.") } }; // Proof gotten from client let client_proof = [255u8; PROOF_LENGTH as usize]; let server = proof.into_server(client_public_key, client_proof); let server = match server { Ok(s) => {s} Err(_) => { panic!("Proofs do not match (password is incorrect). This is common.") } };
Errors
If the client_proof does not match the internal server proof.