hbak_common: make nodes authenticate using their encryption passphrase without revealing it (hmac)

2 files changed, 8 insertions, 5 deletions

diff --git a/README.md b/README.md
index 67cb81f..77d9c90 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,10 @@ All backups will be encrypted before leaving the host they originated from.
 The nodes will also transmit encrypted metadata to handle multi-host setups,
 timestamps and storage locations.
 
-Nodes will mutually authenticate using pre-shared secrets.
+Nodes will mutually authenticate using an HMAC-derived symmetric key
+that the authenticator already knows and that can be computed by the
+client if it's sent a stored random value from the authenticator
+and knows the password.
 
 The backups themselves will be btrfs snapshots with some being fully exported
 and others being incremental with respect to the latest full backup at the time
diff --git a/hbak_common/src/config.rs b/hbak_common/src/config.rs
index ab011bc..fab152a 100644
--- a/hbak_common/src/config.rs
+++ b/hbak_common/src/config.rs
@@ -85,8 +85,6 @@ impl NodeConfig {
 pub struct RemoteNode {
     /// The network address and port of the node to push to.
     pub address: String,
-    /// The shared secret for mutual authentication.
-    pub secret: String,
     /// The volumes to interact with, see above for details.
     pub volumes: Vec<String>,
 }
@@ -97,8 +95,10 @@ pub struct RemoteNode {
 pub struct RemoteNodeAuth {
     /// The name of the remote node to apply the details to.
     pub node_name: String,
-    /// The shared secret for mutual authentication.
-    pub secret: String,
+    /// A random value used by the remote node to compute the HMAC shared secret.
+    pub verifier: Vec<u8>,
+    /// The HMAC hash of verifier and passphrase for mutual authentication.
+    pub hmac: Vec<u8>,
     /// The volumes the remote node is allowed to push.
     /// Must not include subvolumes owned by the local node.
     pub push: Vec<String>,