[−][src]Crate srp
Secure Remote Password (SRP) protocol implementation.
This implementation is generic over hash functions using
Digest
trait, so you will need to choose a hash
function, e.g. Sha256
from sha2
crate.
Additionally this crate allows to use a specialized password hashing
algorithm for private key computation instead of method described in the
SRP literature.
Compatibility with over implementations was not yet tested.
Usage
Add srp
dependecy to your Cargo.toml
:
[dependencies]
srp = "0.4"
and this to your crate root:
extern crate srp;
Next read documentation for client
and
server
modules.
Algorithm description
Here we briefly describe implemented algroithm. For additionall information
refer to SRP literature. All arithmetic is done modulo N
, where N
is a
large safe prime (N = 2q+1
, where q
is prime). Additionally g
MUST be
a generator modulo N
. It's STRONGLY recommended to use SRP parameters
provided by this crate in the groups
module.
Client | Data transfer | Server |
---|---|---|
a_pub = g^a | — a_pub , I —> | (lookup s , v for given I ) |
x = PH(P, s) | <— b_pub , s — | b_pub = k*v + g^b |
u = H(a_pub ‖ b_pub) | u = H(a_pub ‖ b_pub) | |
s = (b_pub - k*g^x)^(a+u*x) | S = (b_pub - k*g^x)^(a+u*x) | |
K = H(s) | K = H(s) | |
M1 = H(A ‖ B ‖ K) | — M1 —> | (verify M1 ) |
(verify M2 ) | <— M2 — | M2 = H(A ‖ M1 ‖ K) |
Variables and notations have the following meaning:
I
— user identity (username)P
— user passwordH
— one-way hash functionPH
— password hashing algroithm, in the RFC 5054 described asH(s ‖ H(I ‖ ":" ‖ P))
^
— (modular) exponentiation‖
— concatenationx
— user private keys
— salt generated by user and stored on the serverv
— password verifier equal tog^x
and stored on the servera
,b
— secret ephemeral values (at least 256 bits in length)A
,B
— Public ephemeral valuesu
— scrambling parameterk
— multiplier parameter (k = H(N || g)
in SRP-6a)
Modules
client | SRP client implementation. |
groups | Groups from RFC 5054 |
server | SRP server implementation |
types | Additional SRP types. |