Module srp::client [] [src]

SRP client implementation.


First create SRP client struct by passing to it SRP parameters (shared between client and server) and RNG instance (OS RNG is recommended):

let srp_params = SrpParams{n, g, k};
let mut rng = rand::os::OsRng::new().unwrap();
let client = SrpClient::<Sha256>::new(&srp_params, &mut rng);

Next send handshake data (username and a_pub) to the server and receive salt and b_pub:

let a_pub = client.get_a_pub();
let (salt, b_pub) = conn.send_handshake(username, a_pub);

Compute private key using salt with any password hashing function. You can use method from SRP-6a, but it's recommended to use specialized password hashing algorithm instead (e.g. PBKDF2, argon2 or scrypt). Next create verifier instance, note that get_verifier consumes client and can return error in case of malicious b_pub.

let private_key = srp6a_private_key::<Sha256>(username, password, salt);
let verifier = client.get_verifier(&private_key, &b_pub)?;

Finally verify the server: first generate user proof, send it to the server and verify server proof in the reply. Note that verify_server method will return error in case of incorrect server reply.

let user_proof = verifier.get_proof();
let server_proof = conn.send_proof(user_proof);
let key = verifier.verify_server(server_proof)?;

key contains shared secret key between user and the server. Alternatively you can directly extract shared secret key using get_key() method and handle authentification through different (secure!) means (e.g. by using authentificated cipher mode).

For user registration on the server first generate salt (e.g. 32 bytes long) and get password verifier which depends on private key. Send useranme, salt and password verifier over protected channel to protect against MitM for registration.

let pwd_verifier = SrpClient::<Sha256>::register(&private_key, &srp_params);
conn.send_registration_data(username, salt, pwd_verifier);



SRP client state before handshake with the server.


SRP client state after handshake with the server.



Compute user private key as described in the SRP6a. Consider using proper password hashing algorithm instead.