Crate srp [−] [src]
Secure Remote Password (SRP) protocol implementation.
This implementation uses little-endian serialization of big integers and is
generic over hash functions using Digest
trait, so you will need to choose
a hash function, e.g. Sha256
from sha2
crate. Additionally this crate
allows to use a specialized password hashing algorithms for private key
computation instead of method described in the SRP literature.
Currently compatability with over implementations was not tested.
Usage
Add srp
dependecy to your Cargo.toml
:
[dependencies]
rand = "0.3"
and this to your crate root:
extern crate srp;
Next read documentation for client
and
server
modules.
Algorithm description
Here we briefly describe implemented algroithm. For additionall information
refer to SRP literature. All arithmetic is done modulo N
, where N
is a
large safe prime (N = 2q+1
, where q
is prime).
Client | Server | |
---|---|---|
— I —> |
(lookup s , v ) |
|
x = PH(P, s) |
<— s , v — |
|
a_pub = g^a |
— a_pub —> |
b_pub = k*v + g^b |
u = H(a_pub || b_pub) |
<— b_pub — |
u = H(a_pub || b_pub) |
s = (b_pub - k*g^x)^(a+u*x) |
S = (b_pub - k*g^x)^(a+u*x) |
|
K = H(s) |
K = H(s) |
|
M1 = H(A || B || K) |
— M1 —> |
(verify M1 ) |
(verify M2 ) |
<— M2 — |
M2 = H(A || M1 || K) |
||
denotes concatenation, variables and notations have the following
meaning:
I
— user identity (username)P
— user passwordH
— one-way hash functionHP
— password hashing algroithm, in the SRP described asH(s || I || P)
orH(s || P)
^
— (modular) exponentiationx
— user private keys
— salt generated by user and stored on the serverv
— password verifier equal tog^x
and stored on the servera
,b
— secret ephemeral valuesA
,B
— Public ephemeral valuesu
— scrambling parameterg
— a generator moduloN
k
— multiplier parameter (k = H(N || g)
in SRP-6a)
Modules
client |
SRP client implementation. |
server |
SRP server implementation |
types |
Additional SRP types. |
Constants
PRIME |
1024 bit prime number which can be used as |