[][src]Module srp::client

SRP client implementation.

Usage

First create SRP client struct by passing to it SRP parameters (shared between client and server) and randomly generated a:

This example is not tested
use srp::groups::G_2048;
use sha2::Sha256;

let mut a = [0u8; 64];
rng.fill_bytes(&mut a);
let client = SrpClient::<Sha256>::new(&a, &G_2048);

Next send handshake data (username and a_pub) to the server and receive salt and b_pub:

This example is not tested
let a_pub = client.get_a_pub();
let (salt, b_pub) = conn.send_handshake(username, a_pub);

Compute private key using salt with any password hashing function. You can use method from SRP-6a, but it's recommended to use specialized password hashing algorithm instead (e.g. PBKDF2, argon2 or scrypt). Next create verifier instance, note that get_verifier consumes client and can return error in case of malicious b_pub.

This example is not tested
let private_key = srp_private_key::<Sha256>(username, password, salt);
let verifier = client.get_verifier(&private_key, &b_pub)?;

Finally verify the server: first generate user proof, send it to the server and verify server proof in the reply. Note that verify_server method will return error in case of incorrect server reply.

This example is not tested
let user_proof = verifier.get_proof();
let server_proof = conn.send_proof(user_proof);
let key = verifier.verify_server(server_proof)?;

key contains shared secret key between user and the server. Alternatively you can directly extract shared secret key using get_key() method and handle authentication through different (secure!) means (e.g. by using authenticated cipher mode).

For user registration on the server first generate salt (e.g. 32 bytes long) and get password verifier which depends on private key. Send useranme, salt and password verifier over protected channel to protect against Man-in-the-middle (MITM) attack for registration.

This example is not tested
let pwd_verifier = client.get_password_verifier(&private_key);
conn.send_registration_data(username, salt, pwd_verifier);

Structs

SrpClient

SRP client state before handshake with the server.

SrpClientVerifier

SRP client state after handshake with the server.

Functions

srp_private_key

Compute user private key as described in the RFC 5054. Consider using proper password hashing algorithm instead.