srp

package module
v0.0.0-...-2db53d6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 23, 2019 License: MIT Imports: 13 Imported by: 0

README

go-srp

NOTE: This is a port of node-srp to Go. I recommend reading their README for general information about the use of SRP.

Installation

go get github.com/getinsomnia/go-srp

Usage

View GoDoc for full details

To use SRP, first decide on they parameters you will use. Both client and server must use the same set.

params := srp.GetParams(2048)
Account Creation

To create a new account, generate a verifier from the client, and store it on the server.

verifier := srp.ComputeVerifier(params, salt, identity, password)
Login

From the client... generate a new secret key, initialize the client, and compute A. Once you have A, you can send A to the server.

secret1 := srp.GenKey()
client := NewClient(params, salt, identity, secret, a)
srpA := client.computeA()

sendToServer(srpA)

From the server... generate another secret key, initialize the server, and compute B. Once you have B, you can send B to the client.

secret2 := srp.GenKey()
server := NewServer(params, verifier, secret2)
srpB := client.computeB()

sendToClient(srpB)

Once the client received B from the server, it can compute M1 based on A and B. Once you have M1, send M1 to the server.

client.setB(srpB)
srpM1 := client.ComputeM1()
sendM1ToServer(srpM1)

Once the server receives M1, it can verify that it is correct. If checkM1() returns an error, authentication failed. If it succeeds it should be sent to the client.

srpM2, err := server.checkM1(srpM1)

Once the client receives M2, it can verify that it is correct, and know that authentication was successful.

err = client.CheckM2(serverM2)

Now that both client and server have completed a successful authentication, they can both compute K independently. K can now be used as either a key to encrypt communication or as a session ID.

clientK := client.ComputeK()
serverK := server.ComputeK()

Running Tests

go test

Tests include vectors from RFC 5054, Appendix B.

Licence

MIT

Documentation

Overview

Package srp is port of node-srp to Go.

To use SRP, first decide on they parameters you will use. Both client and server must use the same set.

params := srp.GetParams(4096)

From the client... generate a new secret key, initialize the client, and compute A. Once you have A, you can send A to the server.

secret1 := srp.GenKey()
client := NewClient(params, salt, identity, secret, a)
srpA := client.computeA()

sendToServer(srpA)

From the server... generate another secret key, initialize the server, and compute B. Once you have B, you can send B to the client.

secret2 := srp.GenKey()
server := NewServer(params, verifier, secret2)
srpB := client.computeB()

sendToClient(srpB)

Once the client received B from the server, it can compute M1 based on A and B. Once you have M1, send M1 to the server.

client.setB(srpB)
srpM1 := client.ComputeM1()
sendM1ToServer(srpM1)

Once the server receives M1, it can verify that it is correct. If checkM1() returns an error, authentication failed. If it succeeds it should be sent to the client.

srpM2, err := server.checkM1(srpM1)

Once the client receives M2, it can verify that it is correct, and know that authentication was successful.

err = client.CheckM2(serverM2)

Now that both client and server have completed a successful authentication, they can both compute K independently. K can now be used as either a key to encrypt communication or as a session ID.

clientK := client.ComputeK()
serverK := server.ComputeK()

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ComputeVerifier

func ComputeVerifier(params *SRPParams, salt, identity, password []byte) []byte

ComputeVerifier returns a verifier that is calculated as described in Section 3 of [SRP-RFC]

func GenKey

func GenKey() []byte

Types

type SRPClient

type SRPClient struct {
	Params     *SRPParams
	Secret1    *big.Int
	Multiplier *big.Int
	A          *big.Int
	X          *big.Int
	M1         []byte
	M2         []byte
	K          []byte
	// contains filtered or unexported fields
}

func NewClient

func NewClient(params *SRPParams, salt, identity, password, secret1 []byte) *SRPClient

func (*SRPClient) CheckM2

func (c *SRPClient) CheckM2(M2 []byte) error

func (*SRPClient) ComputeA

func (c *SRPClient) ComputeA() []byte

func (*SRPClient) ComputeK

func (c *SRPClient) ComputeK() []byte

func (*SRPClient) ComputeM1

func (c *SRPClient) ComputeM1() []byte

func (*SRPClient) SetB

func (c *SRPClient) SetB(Bb []byte)

type SRPParams

type SRPParams struct {
	G           *big.Int
	N           *big.Int
	Hash        crypto.Hash
	NLengthBits int
}

Map of bits to <g, N> tuple

func GetParams

func GetParams(G int) *SRPParams

type SRPServer

type SRPServer struct {
	Params   *SRPParams
	Verifier *big.Int
	Secret2  *big.Int
	B        *big.Int
	M1       []byte
	M2       []byte
	K        []byte
	// contains filtered or unexported fields
}

func NewServer

func NewServer(params *SRPParams, Vb []byte, S2b []byte) *SRPServer

func (*SRPServer) CheckM1

func (s *SRPServer) CheckM1(M1 []byte) ([]byte, error)

func (*SRPServer) ComputeB

func (s *SRPServer) ComputeB() []byte

func (*SRPServer) ComputeK

func (s *SRPServer) ComputeK() []byte

func (*SRPServer) SetA

func (s *SRPServer) SetA(A []byte)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL