Expand description
Secure Remote Password (SRP) protocol implementation.
This implementation is generic over hash functions using
Digest trait, so you will need to choose a hash
function, e.g. Sha256 from sha2 crate.
Additionally this crate allows to use a specialized password hashing
algorithm for private key computation instead of method described in the
SRP literature.
Compatibility with over implementations was not yet tested.
Usage
Add srp dependecy to your Cargo.toml:
[dependencies]
rand = "0.3"and this to your crate root:
extern crate srp;Next read documentation for client and
server modules.
Algorithm description
Here we briefly describe implemented algroithm. For additionall information
refer to SRP literature. All arithmetic is done modulo N, where N is a
large safe prime (N = 2q+1, where q is prime). Additionally g MUST be
a generator modulo N. It’s STRONGLY recommended to use SRP parameters
provided by this crate in the groups module.
| Client | Data transfer | Server |
|---|---|---|
a_pub = g^a | — a_pub, I —> | (lookup s, v for given I) |
x = PH(P, s) | <— b_pub, s — | b_pub = k*v + g^b |
u = H(a_pub ‖ b_pub) | u = H(a_pub ‖ b_pub) | |
s = (b_pub - k*g^x)^(a+u*x) | S = (b_pub - k*g^x)^(a+u*x) | |
K = H(s) | K = H(s) | |
M1 = H(A ‖ B ‖ K) | — M1 —> | (verify M1) |
(verify M2) | <— M2 — | M2 = H(A ‖ M1 ‖ K) |
Variables and notations have the following meaning:
I— user identity (username)P— user passwordH— one-way hash functionPH— password hashing algroithm, in the RFC 5054 described asH(s ‖ H(I ‖ ":" ‖ P))^— (modular) exponentiation‖— concatenationx— user private keys— salt generated by user and stored on the serverv— password verifier equal tog^xand stored on the servera,b— secret ephemeral values (at least 256 bits in length)A,B— Public ephemeral valuesu— scrambling parameterk— multiplier parameter (k = H(N || g)in SRP-6a)