Crate srp [−] [src]

Secure Remote Password (SRP) protocol implementation.

This implementation uses little-endian serialization of big integers and is generic over hash functions using Digest trait, so you will need to choose a hash function, e.g. Sha256 from sha2 crate. Additionally this crate allows to use a specialized password hashing algorithms for private key computation instead of method described in the SRP literature.

Currently compatability with over implementations was not tested.

Usage

Add srp dependecy to your Cargo.toml:

[dependencies]
rand = "0.3"

and this to your crate root:

extern crate srp;

Next read documentation for client and server modules.

Algorithm description

Here we briefly describe implemented algroithm. For additionall information refer to SRP literature. All arithmetic is done modulo N, where N is a large safe prime (N = 2q+1, where q is prime).

Client		Server
	— `I` —>	(lookup `s`, `v`)
`x = PH(P, s)`	<— `s`, `v` —
`a_pub = g^a`	— `a_pub` —>	`b_pub = k*v + g^b`
`u = H(a_pub \|\| b_pub)`	<— `b_pub` —	`u = H(a_pub \|\| b_pub)`
`s = (b_pub - kg^x)^(a+ux)`		`S = (b_pub - kg^x)^(a+ux)`
`K = H(s)`		`K = H(s)`
`M1 = H(A \|\| B \|\| K)`	— `M1` —>	(verify `M1`)
(verify `M2`)	<— `M2` —	`M2 = H(A \|\| M1 \|\| K)`

|| denotes concatenation, variables and notations have the following meaning:

I — user identity (username)
P — user password
H — one-way hash function
HP — password hashing algroithm, in the SRP described as H(s || I || P) or H(s || P)
^ — (modular) exponentiation
x — user private key
s — salt generated by user and stored on the server
v — password verifier equal to g^x and stored on the server
a, b — secret ephemeral values
A, B — Public ephemeral values
u — scrambling parameter
g — a generator modulo N
k — multiplier parameter (k = H(N || g) in SRP-6a)

Modules

client	SRP client implementation.
server	SRP server implementation
types	Additional SRP types.

Constants

PRIME

1024 bit prime number which can be used as n in the SrpParams.