Struct wow_srp::server::SrpVerifier
source · pub struct SrpVerifier { /* private fields */ }
srp-default-math
or srp-fast-math
only.Expand description
Creates and contains the username, password verifier, and salt values.
First step of the server, next is SrpProof
.
These are values that should be stored in the database. Do NOT store raw passwords in the database.
The salt is a randomly generated 32 byte array of random data used as salt for the password verifier. The verifier is the result of SHA-1 hashing a combination of the username, password and salt. The salt is sent over the network for the client to use. The password verifier is used for generating the server public key, and should never leave the server. The private key is not exposed through any of the structs.
All byte arrays are little endian.
§Example
use wow_srp::normalized_string::NormalizedString;
use wow_srp::{error::NormalizedStringError, SALT_LENGTH, PASSWORD_VERIFIER_LENGTH};
use wow_srp::server::SrpVerifier;
// Create salt and password verifier values for signup page
fn to_database() -> Result<(), NormalizedStringError> {
// See NormalizedString for specifics.
let username = NormalizedString::new("Alice")?;
let password = NormalizedString::new("password123")?;
let verifier = SrpVerifier::from_username_and_password(username, password);
assert_eq!("ALICE", verifier.username());
// Salt is randomly chosen and password_verifier depends on salt so we can't assert_eq
// Store these values in the database for future authentication
let password_verifier = verifier.password_verifier();
let salt = verifier.salt();
Ok(())
}
// Authenticate client logging into game server
fn from_database() -> Result<(), NormalizedStringError> {
// Get these from the database
let username = NormalizedString::new("Alice")?;
let password_verifier = [0u8; PASSWORD_VERIFIER_LENGTH as usize];
let salt = [0u8; SALT_LENGTH as usize];
let verifier = SrpVerifier::from_database_values(username, password_verifier, salt);
// Next step is continuing into the state machine, see into_proof() and SrpProof for more.
let proof = verifier.into_proof();
Ok(())
}
Implementations§
source§impl SrpVerifier
impl SrpVerifier
sourcepub fn username(&self) -> &str
pub fn username(&self) -> &str
The normalized_string
representation of the username,
see that for more details.
Called U
and <username>
in RFC2945.
sourcepub const fn password_verifier(&self) -> &[u8; 32]
pub const fn password_verifier(&self) -> &[u8; 32]
The password verifier. Should not be used except for when saving to the database. Array is little endian.
Called v
and <password verifier>
in RFC2945.
Always 32 bytes (256 bits) in length
since the value is generated through
the remainder of a 32 byte value.
sourcepub const fn salt(&self) -> &[u8; 32]
pub const fn salt(&self) -> &[u8; 32]
Salt value used for calculating verifier. Is sent to the client. Array is little endian.
Called s
, <salt from passwd file>
and <salt>
in RFC2945.
Always 32 bytes (256 bits) in length since the packet sent to
the client has a fixed width.
sourcepub fn from_username_and_password(
username: NormalizedString,
password: NormalizedString
) -> Self
pub fn from_username_and_password( username: NormalizedString, password: NormalizedString ) -> Self
See normalized_string
for more information on the format.
Only use this for generating verifiers and salts to save to the database.
Never use this by saving raw usernames and passwords on the database.
sourcepub const fn from_database_values(
username: NormalizedString,
password_verifier: [u8; 32],
salt: [u8; 32]
) -> Self
pub const fn from_database_values( username: NormalizedString, password_verifier: [u8; 32], salt: [u8; 32] ) -> Self
See normalized_string
for more information on the string format.
Both arrays are little endian.
sourcepub fn into_proof(self) -> SrpProof
pub fn into_proof(self) -> SrpProof
Converts to an SrpProof
, consuming the SrpVerifier
.
§Panics
- Panics if the RNG returns an error. If RNG does not work the authentication server should not continue functioning and therefore panics.
- Very rarely panic if the server generated public key is invalid.
There are only two invalid states for the randomly generated server public key:
- All zeros.
- Exactly the same as the large safe prime.
This is 2 out of 2^256
possible states. The chances of this occurring naturally are very slim.
It is significantly more likely that the RNG of the system has been compromised in which case
authentication is not possible.
Trait Implementations§
source§impl Clone for SrpVerifier
impl Clone for SrpVerifier
source§fn clone(&self) -> SrpVerifier
fn clone(&self) -> SrpVerifier
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl Debug for SrpVerifier
impl Debug for SrpVerifier
source§impl Hash for SrpVerifier
impl Hash for SrpVerifier
source§impl Ord for SrpVerifier
impl Ord for SrpVerifier
source§fn cmp(&self, other: &SrpVerifier) -> Ordering
fn cmp(&self, other: &SrpVerifier) -> Ordering
1.21.0 · source§fn max(self, other: Self) -> Selfwhere
Self: Sized,
fn max(self, other: Self) -> Selfwhere
Self: Sized,
source§impl PartialEq for SrpVerifier
impl PartialEq for SrpVerifier
source§fn eq(&self, other: &SrpVerifier) -> bool
fn eq(&self, other: &SrpVerifier) -> bool
self
and other
values to be equal, and is used
by ==
.source§impl PartialOrd for SrpVerifier
impl PartialOrd for SrpVerifier
source§fn partial_cmp(&self, other: &SrpVerifier) -> Option<Ordering>
fn partial_cmp(&self, other: &SrpVerifier) -> Option<Ordering>
1.0.0 · source§fn le(&self, other: &Rhs) -> bool
fn le(&self, other: &Rhs) -> bool
self
and other
) and is used by the <=
operator. Read more