[−][src]Module srp::client
SRP client implementation.
Usage
First create SRP client struct by passing to it SRP parameters (shared
between client and server) and randomly generated a
:
use srp::groups::G_2048; use sha2::Sha256; let mut a = [0u8; 64]; rng.fill_bytes(&mut a); let client = SrpClient::<Sha256>::new(&a, &G_2048);
Next send handshake data (username and a_pub
) to the server and receive
salt
and b_pub
:
let a_pub = client.get_a_pub(); let (salt, b_pub) = conn.send_handshake(username, a_pub);
Compute private key using salt
with any password hashing function.
You can use method from SRP-6a, but it's recommended to use specialized
password hashing algorithm instead (e.g. PBKDF2, argon2 or scrypt).
Next create verifier instance, note that get_verifier
consumes client and
can return error in case of malicious b_pub
.
let private_key = srp_private_key::<Sha256>(username, password, salt); let verifier = client.get_verifier(&private_key, &b_pub)?;
Finally verify the server: first generate user proof,
send it to the server and verify server proof in the reply. Note that
verify_server
method will return error in case of incorrect server reply.
let user_proof = verifier.get_proof(); let server_proof = conn.send_proof(user_proof); let key = verifier.verify_server(server_proof)?;
key
contains shared secret key between user and the server. Alternatively
you can directly extract shared secret key using get_key()
method and
handle authentication through different (secure!) means (e.g. by using
authenticated cipher mode).
For user registration on the server first generate salt (e.g. 32 bytes long) and get password verifier which depends on private key. Send useranme, salt and password verifier over protected channel to protect against Man-in-the-middle (MITM) attack for registration.
let pwd_verifier = client.get_password_verifier(&private_key); conn.send_registration_data(username, salt, pwd_verifier);
Structs
SrpClient | SRP client state before handshake with the server. |
SrpClientVerifier | SRP client state after handshake with the server. |
Functions
srp_private_key | Compute user private key as described in the RFC 5054. Consider using proper password hashing algorithm instead. |