Documentation
¶
Overview ¶
Package srp provides an implementation of SRP-6a as detailed at: http://srp.stanford.edu/design.html
Index ¶
Examples ¶
Constants ¶
const ( DefaultSaltLength = 20 DefaultABSize = 256 )
Variables ¶
This section is empty.
Functions ¶
func RegisterGroup ¶
RegisterGroup will register a SRPGroup for use with SRP. This function must be called by only one goroutine at a time.
Types ¶
type ClientSession ¶
type ClientSession struct {
SRP *SRP
// contains filtered or unexported fields
}
ClientSession represents the client side of an SRP authentication session. ClientSession instances cannot be reused. Instances of ClientSession are NOT safe for concurrent use.
func (*ClientSession) ComputeAuthenticator ¶
func (cs *ClientSession) ComputeAuthenticator() []byte
ComputeAuthenticator computes an authenticator that is to be passed to the server for validation
func (*ClientSession) ComputeKey ¶
func (cs *ClientSession) ComputeKey(salt, B []byte) ([]byte, error)
ComputeKey computes the session key given the salt and the value of B.
func (*ClientSession) GetA ¶
func (cs *ClientSession) GetA() []byte
GetA returns the bytes of the A value that need to be given to the server.
func (*ClientSession) GetKey ¶
func (cs *ClientSession) GetKey() []byte
GetKey returns the previously computed key
func (*ClientSession) VerifyServerAuthenticator ¶
func (cs *ClientSession) VerifyServerAuthenticator(sauth []byte) bool
VerifyServerAuthenticator returns true if the authenticator returned by the server is valid
type KeyDerivationFunc ¶
type SRP ¶
type SRP struct {
SaltLength int // The size of the salt in bytes
ABSize uint // The size of a and b in bits
HashFunc HashFunc
KeyDerivationFunc KeyDerivationFunc
Group *SRPGroup
// contains filtered or unexported fields
}
SRP contains values that must be the the same for both the client and server. SaltLength and ABSize are defaulted by NewSRP but can be changed after an SRP instance is created. Instances of SRP are safe for concurrent use.
func NewSRP ¶
func NewSRP(group string, h HashFunc, kd KeyDerivationFunc) (*SRP, error)
NewSRP creates a new SRP context that will use the specified group and hash functions. If the KeyDeivationFunction is nil, then the HashFunc will be used instead. The set of supported groups are:
rfc5054.1024 rfc5054.1536 rfc5054.2048 rfc5054.3072 rfc5054.4096 rfc5054.6144 rfc5054.8192 stanford.1024 stanford.1536 stanford.2048 stanford.3072 stanford.4096 stanford.6144 stanford.8192
The rfc5054 groups are from RFC5054 The stanford groups where extracted from the stanford patch to OpenSSL.
Example ¶
username := []byte("example")
password := []byte("3x@mp1e")
srp, err := NewSRP("rfc5054.3072", sha256.New, nil)
if err != nil {
log.Fatal(err)
}
cs := srp.NewClientSession(username, password)
salt, v, err := srp.ComputeVerifier(password)
if err != nil {
log.Fatal(err)
}
ss := srp.NewServerSession(username, salt, v)
ckey, err := cs.ComputeKey(salt, ss.GetB())
if err != nil {
log.Fatal(err)
}
log.Printf("The Client's computed session key is: %v\n", ckey)
skey, err := ss.ComputeKey(cs.GetA())
if err != nil {
log.Fatal(err)
}
log.Printf("The Server's computed session key is: %v\n", skey)
cauth := cs.ComputeAuthenticator()
if !ss.VerifyClientAuthenticator(cauth) {
log.Fatal("Client Authenticator is not valid")
}
sauth := ss.ComputeAuthenticator(cauth)
if !cs.VerifyServerAuthenticator(sauth) {
log.Fatal("Server Authenticator is not valid")
}
if bytes.Equal(ckey, skey) {
log.Printf("Client's and Server's computed session key matches\n")
} else {
log.Fatal("Client's and Server's computed session key DOES NOT MATCH")
}
Output:
func (*SRP) ComputeVerifier ¶
ComputeVerifier generates a random salt and computes the verifier value that is associated with the user on the server.
func (*SRP) NewClientSession ¶
func (s *SRP) NewClientSession(username, password []byte) *ClientSession
NewClientSession creates a new ClientSession.
func (*SRP) NewServerSession ¶
func (s *SRP) NewServerSession(username, salt, verifier []byte) *ServerSession
NewServerSession creates a new ServerSession.
type ServerSession ¶
type ServerSession struct {
SRP *SRP
// contains filtered or unexported fields
}
ServerSession represents the client side of an SRP authentication session. ServerSession instances cannot be reused. Instances of ServerSession are NOT safe for concurrent use.
func (*ServerSession) ComputeAuthenticator ¶
func (ss *ServerSession) ComputeAuthenticator(cauth []byte) []byte
ComputeAuthenticator computes an authenticator to be passed to the client.
func (*ServerSession) ComputeKey ¶
func (ss *ServerSession) ComputeKey(A []byte) ([]byte, error)
ComputeKey computes the session key given the value of A.
func (*ServerSession) GetB ¶
func (ss *ServerSession) GetB() []byte
Return the bytes for the value of B.
func (*ServerSession) VerifyClientAuthenticator ¶
func (ss *ServerSession) VerifyClientAuthenticator(cauth []byte) bool
VerifyClientAuthenticator returns true if the client authenticator is valid.
Source Files
Directories