easy_srp/
lib.rs

1//! Easy to use wrapper around the `srp` crate for SRP6 authentication
2//! 
3//! See the `README.md` for more information about the usage of this crate. The
4//! tests at the end of this file may also provide a good starting point for
5//! how to use the client- and server-workflows.
6
7#[cfg(feature = "client")]
8mod client;
9
10#[cfg(feature = "client")]
11pub use client::{*};
12
13#[cfg(feature = "server")]
14mod server;
15
16#[cfg(feature = "server")]
17pub use server::{*};
18
19pub mod groups;
20pub mod types;
21pub mod messages;
22pub(crate) mod util;
23
24#[cfg(test)]
25mod test {
26  #![allow(unused_variables)]
27
28  use base64::Engine;
29  use sha2::Sha256;
30  use crate::{ClientStep1Result, ClientStep3Params, ClientStep3Result, 
31    GenerateVerifierParams, ServerStep2Params, ServerStep2Result, 
32    ServerStep4Params, ServerStep4Result};
33
34  #[test]
35  pub fn test_salt_none() {
36    use sha2::Sha256;
37    use crate::groups::G_4096;
38    use crate::client::{ClientRegistrationWorkflow, GenerateVerifierParams};
39    
40    let verifier_wf = ClientRegistrationWorkflow::<Sha256>::new(&G_4096);
41    
42    let username = "lorem".to_string();
43    let password = "ipsum".to_string();
44    
45    let verifier = verifier_wf.generate_verifier(GenerateVerifierParams {
46      username: username.clone(),
47      password: password.clone(),
48      salt: None
49    }).expect("could not generate verifier.");
50
51    assert!(!verifier.salt.is_empty());
52  }
53
54  #[test]
55  pub fn test_salt_default_size() {
56    use sha2::Sha256;
57    use crate::groups::G_4096;
58    use crate::client::{ClientRegistrationWorkflow, GenerateVerifierParams};
59    
60    let verifier_wf = ClientRegistrationWorkflow::<Sha256>::new(&G_4096);
61    
62    let username = "lorem".to_string();
63    let password = "ipsum".to_string();
64    
65    let verifier = verifier_wf.generate_verifier(GenerateVerifierParams {
66      username: username.clone(),
67      password: password.clone(),
68      salt: None
69    }).expect("could not generate verifier.");
70
71    assert!(!verifier.salt.is_empty());
72    assert!(verifier.salt.len() >= 8);
73  }
74
75  #[test]
76  pub fn test_salt_some() {
77    use sha2::Sha256;
78    use crate::groups::G_4096;
79    use crate::client::{ClientRegistrationWorkflow, GenerateVerifierParams};
80    
81    let verifier_wf = ClientRegistrationWorkflow::<Sha256>::new(&G_4096);
82    
83    let username = "lorem".to_string();
84    let password = "ipsum".to_string();
85    let salt = vec![1u8, 2u8, 4u8, 8u8, 16u8, 32u8, 64u8, 128u8, 7u8, 31u8];
86
87    let verifier = verifier_wf.generate_verifier(GenerateVerifierParams {
88      username: username.clone(),
89      password: password.clone(),
90      salt: Some(salt.clone())
91    }).expect("could not generate verifier.");
92
93    assert!(verifier.salt.len() == salt.len());
94    assert!(verifier.salt.as_slice() == salt.as_slice());
95  }
96
97  #[test]
98  pub fn test_verifier_generation() {
99    use sha2::Sha256;
100    use crate::groups::G_4096;
101    use crate::client::{ClientRegistrationWorkflow, GenerateVerifierParams};
102    
103    let verifier_wf = ClientRegistrationWorkflow::<Sha256>::new(&G_4096);
104    
105    let username = "lorem".to_string();
106    let password = "ipsum".to_string();
107    
108    let verifier = verifier_wf.generate_verifier(GenerateVerifierParams {
109      username: username.clone(),
110      password: password.clone(),
111      salt: None
112    }).expect("could not generate verifier.");
113  }
114
115  #[test]
116  pub fn test_full_workflow() {
117    let test_group = &crate::groups::G_4096;
118    let verifier_wf = crate::client::ClientRegistrationWorkflow::<Sha256>::new(test_group);
119
120    let username = "lorem".to_string();
121    let password = "ipsum".to_string();
122
123    let verifier = verifier_wf.generate_verifier(GenerateVerifierParams {
124      username: username.clone(),
125      password: password.clone(),
126      salt: None
127    }).expect("could not generate verifier.");
128
129    let client_wf = crate::client::ClientAuthenticationWorkflow::<Sha256>::new(test_group);
130    let step1_result: ClientStep1Result = client_wf.step1().expect("could not compute step1");
131
132    let server_wf = crate::server::ServerAuthenticationWorkflow::<Sha256>::new(test_group);
133    let step2_result: ServerStep2Result = server_wf.step2(ServerStep2Params {
134      // client_public_a: step1_result.client_public_a.as_slice(),
135      stored_verifier: verifier.verifier.as_slice()
136    }).expect("could not compute step2");
137
138    let step3_result: ClientStep3Result<Sha256> = client_wf.step3(ClientStep3Params {
139      client_a: step1_result.client_private_a.as_slice(),
140      username: username.clone(),
141      password: password.clone(),
142      salt: verifier.salt.as_slice(),
143      server_public_b: step2_result.server_public_b.as_slice()
144    }).expect("could not compute step3");
145
146    let step4_result: ServerStep4Result<Sha256> = server_wf.step4(ServerStep4Params {
147      client_public_a: step1_result.client_public_a.as_slice(),
148      server_private_b: step2_result.server_private_b.as_slice(),
149      stored_verifier: verifier.verifier.as_slice(),
150      client_proof: step3_result.proof()
151    }).expect("could not compute step4");
152
153    step4_result.verify_client(step3_result.proof())
154      .expect("could not verify client.");
155
156    step3_result.verify_server(step4_result.proof())
157      .expect("could not verify server.");
158
159    let client_key = step3_result.key();
160    let server_key = step4_result.key();
161
162    let engine = base64::engine::general_purpose::STANDARD_NO_PAD;
163    println!("client_key: {}", engine.encode(client_key));
164    println!("server_key: {}", engine.encode(server_key));
165    
166  }
167}
easy_srp/lib.rs

easy_srp/
lib.rs
