srp: refactor groups and errors (#233)

Factors apart the junk drawer `types` module, moving the `SrpGroup` type
into the `groups` module, and renaming the remaining `types` module into
an `errors` module.

Author: tarcieri

srp/src/client.rs

@@ -107,7 +107,8 @@ use digest::{Digest, Output};
 use subtle::ConstantTimeEq;
 
 use crate::{
-    types::{SrpAuthError, SrpGroup},
+    SrpGroup,
+    errors::SrpAuthError,
     utils::{compute_hash, compute_k, compute_m1, compute_m1_rfc5054, compute_m2, compute_u},
 };
 

srp/src/errors.rs

@@ -0,0 +1,26 @@
+//! Error types.
+
+use alloc::string::String;
+use core::{error, fmt};
+
+/// SRP authentication error.
+#[derive(Debug, Clone, Eq, PartialEq)]
+pub enum SrpAuthError {
+    IllegalParameter(String),
+    BadRecordMac(String),
+}
+
+impl fmt::Display for SrpAuthError {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match self {
+            Self::IllegalParameter(param) => {
+                write!(f, "illegal_parameter: bad '{param}' value")
+            }
+            Self::BadRecordMac(param) => {
+                write!(f, "bad_record_mac: incorrect '{param}'  proof")
+            }
+        }
+    }
+}
+
+impl error::Error for SrpAuthError {}

srp/src/groups.rs

@@ -4,10 +4,30 @@
 //! groups. Additionally, it is not recommended to use `G_1024` and `G_1536`,
 //! they are provided only for compatibility with the legacy software.
 
-use crate::types::SrpGroup;
-use crypto_bigint::BoxedUint;
+use crypto_bigint::{
+    BoxedUint, Odd, Resize,
+    modular::{BoxedMontyForm, BoxedMontyParams},
+};
 use once_cell::sync::Lazy;
 
+/// Group used for SRP computations
+#[derive(Debug, Clone, Eq, PartialEq)]
+pub struct SrpGroup {
+    /// A large safe prime (N = 2q+1, where q is prime)
+    pub n: BoxedMontyParams,
+    /// A generator modulo N
+    pub g: BoxedMontyForm,
+}
+
+impl SrpGroup {
+    /// Initialize a new group from the given boxed integers.
+    pub fn new(n: BoxedUint, g: BoxedUint) -> Self {
+        let n = BoxedMontyParams::new(Odd::new(n).expect("n should be odd"));
+        let g = BoxedMontyForm::new(g.resize(n.bits_precision()), &n);
+        Self { n, g }
+    }
+}
+
 pub static G_1024: Lazy<SrpGroup> = Lazy::new(|| {
     SrpGroup::new(
         BoxedUint::from_be_slice_vartime(include_bytes!("groups/1024.bin")),
@@ -43,16 +63,15 @@ pub static G_4096: Lazy<SrpGroup> = Lazy::new(|| {
     )
 });
 
-pub static G_6144: Lazy<SrpGroup> = Lazy::new(|| {
-    SrpGroup::new(
-        BoxedUint::from_be_slice_vartime(include_bytes!("groups/6144.bin")),
-        BoxedUint::from_be_slice_vartime(&[5]),
-    )
-});
+#[cfg(test)]
+mod tests {
+    use crate::groups::G_1024;
+    use crate::utils::compute_k;
+    use sha1::Sha1;
 
-pub static G_8192: Lazy<SrpGroup> = Lazy::new(|| {
-    SrpGroup::new(
-        BoxedUint::from_be_slice_vartime(include_bytes!("groups/8192.bin")),
-        BoxedUint::from_be_slice_vartime(&[19]),
-    )
-});
+    #[test]
+    fn test_k_1024_sha1() {
+        let k = compute_k::<Sha1>(&G_1024).to_be_bytes_trimmed_vartime();
+        assert_eq!(&*k, include_bytes!("test/k_sha1_1024.bin"));
+    }
+}

srp/src/lib.rs

@@ -58,7 +58,9 @@
 extern crate alloc;
 
 pub mod client;
+pub mod errors;
 pub mod groups;
 pub mod server;
-pub mod types;
 pub mod utils;
+
+pub use groups::SrpGroup;

srp/src/server.rs

@@ -85,7 +85,8 @@ use digest::{Digest, Output};
 use subtle::ConstantTimeEq;
 
 use crate::{
-    types::{SrpAuthError, SrpGroup},
+    SrpGroup,
+    errors::SrpAuthError,
     utils::{compute_hash, compute_k, compute_m1, compute_m1_rfc5054, compute_m2, compute_u},
 };
 

srp/src/types.rs

@@ -2,7 +2,7 @@ use alloc::vec::Vec;
 use crypto_bigint::BoxedUint;
 use digest::{Digest, Output};
 
-use crate::types::SrpGroup;
+use crate::groups::SrpGroup;
 
 // u = H(PAD(A) | PAD(B))
 #[must_use]