Struct wow_srp::server::SrpServer[][src]

pub struct SrpServer { /* fields omitted */ }
Expand description

The final step of authentication. Contains the session key, and reconnect logic.

This represents the final struct used in authentication, if this struct is constructed, the client is correctly authenticated and should be allowed to connect to the server. The session key is used internally in the struct for reconnection, and externally for decryption of packets.

This struct should be saved in session storage to allow for clients to reconnect. If a client disconnects and reconnects properly again, the old struct should be replaced with the new one because the session key will be different.

Created from SrpProof::into_server.

Examples

let username = "Alice";
let mut authenticated_clients = HashMap::new();

// Server is created from unseen elements
let mut server = proof.into_server(client_public_key, client_proof);
 let (server, server_proof) =  match server {
     Ok(s) => {s}
     Err(_) => return,
 };

// Add the server to session storage, for example a HashMap
authenticated_clients.insert(username, server);

// Client drops connection and tries to reconnect
let client = authenticated_clients.get_mut(username);
let mut client = match client {
    // Client does not have an active session, do not proceed
    None => return,
    // The username has an active session, but we still need to verify
    // that the host connecting actually was the host that previously
    // became authenticated.
    Some(c) => c,
};

// Send this to the client
let server_challenge_data = client.reconnect_challenge_data();

// Get client data and proof in the response

let should_allow_connection = client.verify_reconnection_attempt(client_challenge_data,
                                                                 client_proof);
if should_allow_connection {
    // The client has proven that it knows the session key,
    // continue with the connection
} else {
    // The client has proven nothing
    // Send an error back or do nothing
}

Implementations

Called S in RFC2945 and sometimes K or key in other literature.

After successful authentication both client and server will have the exact same session key without onlookers being able to figure it out. This is used for decrypting packets later.

The session key is always 40 bytes (320 bits) in length because it is created from 2 SHA-1 hashes of 20 bytes (160 bits).

Server data to be included in the reconnection challenge.

Must be sent to the client as random data for the reconnect challenge.

This is always 16 bytes since the field in the packet sent to the client has a fixed width.

Not mentioned in RFC2945 at all.

See verify_reconnection_attempt for more.

Computes a proof from the username, randomized client data, randomized server data, and session key. If the proofs match the client has the correct session key and should be allowed to reconnect.

Returns true if the proof matches and false if it does not. A false return value does not mean that the SrpServer should be removed from the list of active sessions, since anybody could send the reconnect packages and get all the way here knowing only the username.

After calling this the reconnect_challenge_data has been randomized again and will need to be sent to the client, you can not keep using the same data for all reconnection attempts.

It’s important to note that a true value does not mean that the client is the same, it just means that the session key the reconnecting client has is the same as the one that was originally computed.

Not mentioned in RFC2945 at all.

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Performs the conversion.

Performs the conversion.

Should always be Self

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.