srp

package
v0.0.0-...-25b80c2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 17, 2016 License: AGPL-3.0, Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package srp provides an implementation of SRP-6a as detailed at: http://srp.stanford.edu/design.html

Index

Examples

Constants

View Source 
const (
	DefaultSaltLength = 20
	DefaultABSize     = 256
)

Variables

This section is empty.

Functions

func RegisterGroup 

func RegisterGroup(name string, group *SRPGroup)

RegisterGroup will register a SRPGroup for use with SRP. This function must be called by only one goroutine at a time.

Types

type ClientSession 

type ClientSession struct {
	SRP *SRP
	// contains filtered or unexported fields
}

ClientSession represents the client side of an SRP authentication session. ClientSession instances cannot be reused. Instances of ClientSession are NOT safe for concurrent use.

func (*ClientSession) ComputeAuthenticator 

func (cs *ClientSession) ComputeAuthenticator() []byte

ComputeAuthenticator computes an authenticator that is to be passed to the server for validation

func (*ClientSession) ComputeKey 

func (cs *ClientSession) ComputeKey(salt, B []byte) ([]byte, error)

ComputeKey computes the session key given the salt and the value of B.

func (*ClientSession) GetA 

func (cs *ClientSession) GetA() []byte

GetA returns the bytes of the A value that need to be given to the server.

func (*ClientSession) GetKey 

func (cs *ClientSession) GetKey() []byte

GetKey returns the previously computed key

func (*ClientSession) VerifyServerAuthenticator 

func (cs *ClientSession) VerifyServerAuthenticator(sauth []byte) bool

VerifyServerAuthenticator returns true if the authenticator returned by the server is valid

type HashFunc 

type HashFunc func() hash.Hash

type KeyDerivationFunc 

type KeyDerivationFunc func(salt []byte, username []byte, password []byte) []byte

type SRP 

type SRP struct {
	SaltLength        int  // The size of the salt in bytes
	ABSize            uint // The size of a and b in bits
	HashFunc          HashFunc
	KeyDerivationFunc KeyDerivationFunc
	Group             *SRPGroup
	// contains filtered or unexported fields
}

SRP contains values that must be the the same for both the client and server. SaltLength and ABSize are defaulted by NewSRP but can be changed after an SRP instance is created. Instances of SRP are safe for concurrent use.

func NewSRP 

func NewSRP(group string, h HashFunc, kd KeyDerivationFunc) (*SRP, error)

NewSRP creates a new SRP context that will use the specified group and hash functions. If the KeyDeivationFunction is nil, then the HashFunc will be used instead. The set of supported groups are: 

rfc5054.1024
rfc5054.1536
rfc5054.2048
rfc5054.3072
rfc5054.4096
rfc5054.6144
rfc5054.8192
stanford.1024
stanford.1536
stanford.2048
stanford.3072
stanford.4096
stanford.6144
stanford.8192

The rfc5054 groups are from RFC5054 The stanford groups where extracted from the stanford patch to OpenSSL.

Example 
username := []byte("example")
password := []byte("3x@mp1e")

srp, err := NewSRP("openssl.1024", sha256.New, nil)
if err != nil {
	log.Fatal(err)
}

cs := srp.NewClientSession(username, password)
salt, v, err := srp.ComputeVerifier(username, password)
if err != nil {
	log.Fatal(err)
}

ss := srp.NewServerSession(username, salt, v)

ckey, err := cs.ComputeKey(salt, ss.GetB())
if err != nil {
	log.Fatal(err)
}
log.Printf("The Client's computed session key is: %v\n", ckey)

skey, err := ss.ComputeKey(cs.GetA())
if err != nil {
	log.Fatal(err)
}
log.Printf("The Server's computed session key is: %v\n", skey)

cauth := cs.ComputeAuthenticator()
if !ss.VerifyClientAuthenticator(cauth) {
	log.Print("Client Authenticator is not valid")
}
sauth := ss.ComputeAuthenticator(cauth)
if !cs.VerifyServerAuthenticator(sauth) {
	log.Print("Server Authenticator is not valid")
}

Output:

func (*SRP) ComputeVerifier 

func (s *SRP) ComputeVerifier(username []byte, password []byte) (salt []byte, verifier []byte, err error)

ComputeVerifier generates a random salt and computes the verifier value that is associated with the user on the server.

func (*SRP) NewClientSession 

func (s *SRP) NewClientSession(username, password []byte) *ClientSession

NewClientSession creates a new ClientSession.

func (*SRP) NewServerSession 

func (s *SRP) NewServerSession(username, salt, verifier []byte) *ServerSession

NewServerSession creates a new ServerSession.

type SRPGroup 

type SRPGroup struct {
	Size      int      // Size in bits
	Prime     *big.Int // N
	Generator *big.Int // g
}

func GetGroup 

func GetGroup(group string) (*SRPGroup, error)

GetGroup retrieves a registered SRPGroup (the prime N and the generator g) The pre-registered groups are: 1024, 1536, 2048, 3072, 4096, 6144, and 8192 This function must be called by only one goroutine at a time.

type ServerSession 

type ServerSession struct {
	SRP *SRP
	// contains filtered or unexported fields
}

ServerSession represents the client side of an SRP authentication session. ServerSession instances cannot be reused. Instances of ServerSession are NOT safe for concurrent use.

func (*ServerSession) ComputeAuthenticator 

func (ss *ServerSession) ComputeAuthenticator(cauth []byte) []byte

ComputeAuthenticator computes an authenticator to be passed to the client.

func (*ServerSession) ComputeKey 

func (ss *ServerSession) ComputeKey(A []byte) ([]byte, error)

ComputeKey computes the session key given the value of A.

func (*ServerSession) GetB 

func (ss *ServerSession) GetB() []byte

Return the bytes for the value of B.

func (*ServerSession) VerifyClientAuthenticator 

func (ss *ServerSession) VerifyClientAuthenticator(cauth []byte) bool

VerifyClientAuthenticator returns true if the client authenticator is valid.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.