sander/tuimail
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

manual refactor

Browse source
This commit is contained in:
Shautvast 2026-02-20 15:29:16 +01:00
parent dd9651a946
commit 6956fa8c01
1 changed files with 6 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
proton-bridge/src/srp.rs
View file

@ -42,10 +42,6 @@ fn to_le256(n: &BigUint) -> [u8; 256] {
out out
} }
/// Decode a little-endian byte slice into a BigUint.
fn from_le(b: &[u8]) -> BigUint {
BigUint::from_bytes_le(b)
}
// ── main entry point ──────────────────────────────────────────────────────── // ── main entry point ────────────────────────────────────────────────────────
@ -60,9 +56,9 @@ pub fn generate_proofs(
let b_bytes = B64.decode(server_ephemeral_b64).map_err(|e| e.to_string())?; let b_bytes = B64.decode(server_ephemeral_b64).map_err(|e| e.to_string())?;
let salt_bytes = B64.decode(salt_b64).map_err(|e| e.to_string())?; let salt_bytes = B64.decode(salt_b64).map_err(|e| e.to_string())?;
let n = from_le(&n_bytes); let n = BigUint::from_bytes_le(&n_bytes);
let g = BigUint::from(2u32); let g = BigUint::from(2u32);
let b = from_le(&b_bytes); let b = BigUint::from_bytes_le(&b_bytes);
// k = expandHash(g || N) mod N // k = expandHash(g || N) mod N
// go-srp uses fromInt(bitLength, N) — always exactly 256 bytes, not raw decoded bytes. // go-srp uses fromInt(bitLength, N) — always exactly 256 bytes, not raw decoded bytes.
@ -71,18 +67,18 @@ pub fn generate_proofs(
let mut kh = Vec::with_capacity(512); let mut kh = Vec::with_capacity(512);
kh.extend_from_slice(&g_le); kh.extend_from_slice(&g_le);
kh.extend_from_slice(&n_le); kh.extend_from_slice(&n_le);
let k = from_le(&expand_hash(&kh)) % &n; let k = BigUint::from_bytes_le(&expand_hash(&kh)) %&n;
// x = password hash (ProtonMail-specific, see hash_password) // x = password hash (ProtonMail-specific, see hash_password)
let x_bytes = hash_password(version, password, &salt_bytes, &n_bytes)?; let x_bytes = hash_password(version, password, &salt_bytes, &n_bytes)?;
let x = from_le(&x_bytes); let x = BigUint::from_bytes_le(&x_bytes);
// a: random secret with bitLength*2 < a < N-1 // a: random secret with bitLength*2 < a < N-1
let n_minus_one = &n - BigUint::from(1u32); let n_minus_one = &n - BigUint::from(1u32);
let a = loop { let a = loop {
let mut buf = [0u8; 256]; let mut buf = [0u8; 256];
rand::thread_rng().fill_bytes(&mut buf); rand::thread_rng().fill_bytes(&mut buf);
let candidate = from_le(&buf) % &n_minus_one; let candidate = BigUint::from_bytes_le(&buf) % &n_minus_one;
if candidate > BigUint::from(512u32) { if candidate > BigUint::from(512u32) {
break candidate; break candidate;
} }
@ -97,7 +93,7 @@ pub fn generate_proofs(
let mut ub = Vec::with_capacity(512); let mut ub = Vec::with_capacity(512);
ub.extend_from_slice(&a_bytes); ub.extend_from_slice(&a_bytes);
ub.extend_from_slice(&b_le); ub.extend_from_slice(&b_le);
let u = from_le(&expand_hash(&ub)); let u = BigUint::from_bytes_le(&expand_hash(&ub));
// v = g^x mod N // v = g^x mod N
let v = g.modpow(&x, &n); let v = g.modpow(&x, &n);