Documentation
¶
Overview ¶
Package srp implements SRP-6a per [1]. It uses the standard library and the golang extended library and nothing else.
This implementation is accurate as of Aug 2012 edition of the SRP specification [1].
To verify that the client has generated the same key "K", the client sends "M" -- a hash of all the data it has and it received from the server. To validate that the server also has the same value, it requires the server to send its own proof. In the SRP paper [1], the authors use:
M = H(H(N) xor H(g), H(I), s, A, B, K) M' = H(A, M, K)
We use a simpler construction:
M = H(K, A, B, I, s, N, g) M' = H(M, K)
In this implementation:
H = BLAKE2() k = H(N, g) x = H(s, I, P) I = anonymized form of user identity (BLAKE2 of value sent by client) P = hashed password (expands short passwords)
Per RFC-5054, we adopt the following padding convention:
k = H(N, pad(g)) u = H(pad(A), pad(B))
References:
[1] http://srp.stanford.edu/design.html [2] http://srp.stanford.edu/
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func MakeSRPVerifier ¶
MakeSRPVerifier decodes the encoded verifier into an SRP environment and Verifier instance. 'b' is an encoded verifier string previously returned by Verifier.Encode(). A caller of this function uses the identity provided by the SRP Client to lookup some DB to find the corresponding encoded verifier string; this encoded data contains enough information to create a valid SRP instance and Verifier instance.
func NewPrimeField ¶
Make a new prime field (safe prime & generator) that is 'nbits' long Return prime p, generator g
func ServerBegin ¶
ServerBegin processes the first message from an SRP client and returns a decoded identity string and client public key. The caller is expected to use the identity to lookup durable storage and find the corresponding encoded Verifier. This verifier is given to MakeSRPVerifier() to create an instance of SRP and Verifier.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client represents an SRP client instance
func (*Client) Credentials ¶
Credentials returns client public credentials to send to server Send <I, A> to server
func (*Client) Generate ¶
Generate validates the server public credentials and generate session key Return the mutual authenticator. NB: We don't send leak any information in error messages.
type SRP ¶
SRP represents an environment for the client and server to share certain properties; notably the hash function and prime-field size. The default hash function is Blake2b-256. Any valid hash function as documented in "crypto" can be used. There are two ways for creating an SRP environment:
New() NewWithHash()
func New ¶
New creates a new SRP environment using a 'bits' sized prime-field for use by SRP clients and Servers.The default hash function is Blake-2b-256.
func NewWithHash ¶
NewWithHash creates a new SRP environment using the hash function 'h' and 'bits' sized prime-field size.
type Verifier ¶
type Verifier struct {
// contains filtered or unexported fields
}
Verifier represents password verifier that resides on an SRP server.
func (*Verifier) Encode ¶
Encode the verifier into a portable format - returns a tuple <Identity, Verifier> as portable strings. The caller can store the Verifier against the Identity in non-volatile storage. An SRP client will supply Identity and its public key - whereupon, an SRP server will use the Identity as a key to lookup the rest of the encoded verifier data.
Source Files