|
| 1 | +//! SRP-6a (RFC 5054 compatatible) |
| 2 | +//! |
| 3 | +//! This module contains the [`ServerSession`] type and the client side functions. |
| 4 | +//! |
| 5 | +//! # Examples |
| 6 | +//! |
| 7 | +//! ``` |
| 8 | +//! use botan::RandomNumberGenerator; |
| 9 | +//! use botan::{ServerSession, generate_srp6_verifier, srp6_client_agree}; |
| 10 | +//! |
| 11 | +//! let mut rng = RandomNumberGenerator::new_system().expect("Failed to create a random number generator"); |
| 12 | +//! let mut server = ServerSession::new().expect("Failed to create a SRP6 server session"); |
| 13 | +//! let salt = rng.read(24).expect("Failed to generate salt"); |
| 14 | +//! let verifier = generate_srp6_verifier("alice", "password123", &salt, "modp/srp/1024", "SHA-512").expect("Failed to generate SRP6 verifier"); |
| 15 | +//! let b_pub = server.step1(&verifier, "modp/srp/1024", "SHA-512", &rng).expect("Failed to calculate server B value"); |
| 16 | +//! let (a_pub, client_key) = srp6_client_agree("alice", "password123", "modp/srp/1024", "SHA-512", &salt, &b_pub, &rng).expect("Failed to generate client key"); |
| 17 | +//! let server_key = server.step2(&a_pub).expect("Failed to generate server key"); |
| 18 | +//! assert_eq!(client_key, server_key); |
| 19 | +//! ``` |
| 20 | +
|
| 21 | +use crate::{utils::*, RandomNumberGenerator}; |
| 22 | +use botan_sys::*; |
| 23 | + |
| 24 | +/// An SRP-6 server session |
| 25 | +#[derive(Debug)] |
| 26 | +pub struct ServerSession { |
| 27 | + obj: botan_srp6_server_session_t, |
| 28 | +} |
| 29 | + |
| 30 | +botan_impl_drop!(ServerSession, botan_srp6_server_session_destroy); |
| 31 | + |
| 32 | +impl ServerSession { |
| 33 | + /// Returns a new server session object. |
| 34 | + /// |
| 35 | + /// # Errors |
| 36 | + /// |
| 37 | + /// Returns [`ErrorType::OutOfMemory`] if memory is exhausted |
| 38 | + pub fn new() -> Result<Self> { |
| 39 | + Ok(Self { |
| 40 | + obj: botan_init!(botan_srp6_server_session_init)?, |
| 41 | + }) |
| 42 | + } |
| 43 | + |
| 44 | + /// Server side step 1. Returns SRP-6 B value. |
| 45 | + /// |
| 46 | + /// # Arguments |
| 47 | + /// |
| 48 | + /// `verifier`: the verification value saved from client registration |
| 49 | + /// `group_id`: the SRP group id |
| 50 | + /// `hash_id`: the SRP hash in use |
| 51 | + /// `rng`: a random number generator |
| 52 | + /// |
| 53 | + /// # Errors |
| 54 | + /// |
| 55 | + /// Returns [`ErrorType::BadParameter`] if SRP group/hash id is invalid. |
| 56 | + pub fn step1( |
| 57 | + &mut self, |
| 58 | + verifier: &[u8], |
| 59 | + group_id: &str, |
| 60 | + hash_id: &str, |
| 61 | + rng: &RandomNumberGenerator, |
| 62 | + ) -> Result<Vec<u8>> { |
| 63 | + let group_id = make_cstr(group_id)?; |
| 64 | + let hash_id = make_cstr(hash_id)?; |
| 65 | + call_botan_ffi_returning_vec_u8(128, &|b_pub, b_pub_len| unsafe { |
| 66 | + botan_srp6_server_session_step1( |
| 67 | + self.obj, |
| 68 | + verifier.as_ptr(), |
| 69 | + verifier.len(), |
| 70 | + group_id.as_ptr(), |
| 71 | + hash_id.as_ptr(), |
| 72 | + rng.handle(), |
| 73 | + b_pub, |
| 74 | + b_pub_len, |
| 75 | + ) |
| 76 | + }) |
| 77 | + } |
| 78 | + |
| 79 | + /// Server side step 2. Returns shared symmetric key. |
| 80 | + /// |
| 81 | + /// # Arguments |
| 82 | + /// |
| 83 | + /// `a_pub`: the client's value |
| 84 | + /// |
| 85 | + /// # Errors |
| 86 | + /// |
| 87 | + /// Returns [`ErrorType::BadParameter`] if the A value is invalid. |
| 88 | + pub fn step2(&self, a_pub: &[u8]) -> Result<Vec<u8>> { |
| 89 | + call_botan_ffi_returning_vec_u8(128, &|key, key_len| unsafe { |
| 90 | + botan_srp6_server_session_step2(self.obj, a_pub.as_ptr(), a_pub.len(), key, key_len) |
| 91 | + }) |
| 92 | + } |
| 93 | +} |
| 94 | + |
| 95 | +/// Returns a new SRP-6 verifier. |
| 96 | +/// |
| 97 | +/// `identifier`: a username or other client identifier |
| 98 | +/// `password`: the secret used to authenticate user |
| 99 | +/// `salt`: a randomly chosen value, at least 128 bits long |
| 100 | +/// `group_id`: the SRP group id |
| 101 | +/// `hash_id`: the SRP hash in use |
| 102 | +/// |
| 103 | +/// # Error |
| 104 | +/// |
| 105 | +/// Returns [`ErrorType::BadParameter`] if SRP group/hash id is invalid. |
| 106 | +/// Returns [`ErrorType::BadParameter`] if salt is too short. |
| 107 | +pub fn generate_srp6_verifier( |
| 108 | + identifier: &str, |
| 109 | + password: &str, |
| 110 | + salt: &[u8], |
| 111 | + group_id: &str, |
| 112 | + hash_id: &str, |
| 113 | +) -> Result<Vec<u8>> { |
| 114 | + if salt.len() * 8 < 128 { |
| 115 | + return Err(Error::with_message( |
| 116 | + ErrorType::BadParameter, |
| 117 | + "Salt is too short".to_string(), |
| 118 | + )); |
| 119 | + } |
| 120 | + |
| 121 | + let identifier = make_cstr(identifier)?; |
| 122 | + let password = make_cstr(password)?; |
| 123 | + let group_id = make_cstr(group_id)?; |
| 124 | + let hash_id = make_cstr(hash_id)?; |
| 125 | + |
| 126 | + call_botan_ffi_returning_vec_u8(128, &|verifier, verifier_len| unsafe { |
| 127 | + botan_generate_srp6_verifier( |
| 128 | + identifier.as_ptr(), |
| 129 | + password.as_ptr(), |
| 130 | + salt.as_ptr(), |
| 131 | + salt.len(), |
| 132 | + group_id.as_ptr(), |
| 133 | + hash_id.as_ptr(), |
| 134 | + verifier, |
| 135 | + verifier_len, |
| 136 | + ) |
| 137 | + }) |
| 138 | +} |
| 139 | + |
| 140 | +/// SRP6a Client side. Returns the client public key and the shared secret key. |
| 141 | +/// |
| 142 | +/// `username`: the username we are attempting login for |
| 143 | +/// `password`: the password we are attempting to use |
| 144 | +/// `salt`: the salt value sent by the server |
| 145 | +/// `group_id`: specifies the shared SRP group |
| 146 | +/// `hash_id`: specifies a secure hash function |
| 147 | +/// `b_pub`: is the server's public value |
| 148 | +/// `rng`: rng is a random number generator |
| 149 | +/// |
| 150 | +/// # Error |
| 151 | +/// |
| 152 | +/// Returns [`ErrorType::BadParameter`] if SRP group/hash id is invalid. |
| 153 | +/// Returns [`ErrorType::BadParameter`] if the B value is invalid. |
| 154 | +pub fn srp6_client_agree( |
| 155 | + username: &str, |
| 156 | + password: &str, |
| 157 | + group_id: &str, |
| 158 | + hash_id: &str, |
| 159 | + salt: &[u8], |
| 160 | + b_pub: &[u8], |
| 161 | + rng: &RandomNumberGenerator, |
| 162 | +) -> Result<(Vec<u8>, Vec<u8>)> { |
| 163 | + let username = make_cstr(username)?; |
| 164 | + let password = make_cstr(password)?; |
| 165 | + let group_id = make_cstr(group_id)?; |
| 166 | + let hash_id = make_cstr(hash_id)?; |
| 167 | + |
| 168 | + call_botan_ffi_returning_vec_u8_pair(128, 128, &|a, a_len, key, key_len| unsafe { |
| 169 | + botan_srp6_client_agree( |
| 170 | + username.as_ptr(), |
| 171 | + password.as_ptr(), |
| 172 | + group_id.as_ptr(), |
| 173 | + hash_id.as_ptr(), |
| 174 | + salt.as_ptr(), |
| 175 | + salt.len(), |
| 176 | + b_pub.as_ptr(), |
| 177 | + b_pub.len(), |
| 178 | + rng.handle(), |
| 179 | + a, |
| 180 | + a_len, |
| 181 | + key, |
| 182 | + key_len, |
| 183 | + ) |
| 184 | + }) |
| 185 | +} |
0 commit comments