Swift Python Other
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Sources Fix #10 - make not about calculating B irt errata May 26, 2018
Tests Support for a precomputed SRP x Feb 9, 2018
.gitignore Use fork of BigInt for 4.1 compatibility May 26, 2018
.jazzy.yaml jazzy ♪♫ documentation Mar 4, 2017
.swift-version Increase swift version May 26, 2018
.travis.yml Don’t fail Python on travis Sep 16, 2017
Gemfile Gemfile needed to run jazzy Mar 8, 2017
LICENSE
Makefile Merge branch 'swift4' Sep 16, 2017
Package.swift Use fork of BigInt for 4.1 compatibility May 26, 2018
README.md Release version 3 Sep 16, 2017
remote.py Only use stderr for errors in tests Sep 15, 2017

README.md

Secure Remote Password (SRP) for Swift

Secure Remote Password is a authentication protocol to prove your identity to another party, using a password, but without ever revealing that password to other parties. Not even the party you are proving your identity. See Secure Remote Password protocol for more information on this protocol.

Build Status

Example usage

// This is a database of users, along with their salted verification keys
let userStore: [String: (salt: Data, verificationKey: Data)] = [
    "alice": createSaltedVerificationKey(username: "alice", password: "password123"),
    "bob": createSaltedVerificationKey(username: "bob", password: "qwerty12345"),
]

// Alice wants to authenticate, she sends her username to the server.
let client = Client(username: "alice", password: "password123")
let (username, clientPublicKey) = client.startAuthentication()

let server = Server(
    username: username,
    salt: userStore[username]!.salt,
    verificationKey: userStore[username]!.verificationKey)

// The server shares Alice's salt and its public key (the challenge).
let (salt, serverPublicKey) = server.getChallenge()

// Alice generates a sessionKey and proofs she generated the correct
// session key based on her password and the challenge.
let clientKeyProof = try client.processChallenge(salt: salt, publicKey: serverPublicKey)

// The server verifies Alices' proof and generates their proof.
let serverKeyProof = try server.verifySession(publicKey: clientPublicKey, keyProof: clientKeyProof)

// The client verifies the server's proof.
try client.verifySession(keyProof: serverKeyProof)

// At this point, authentication has completed.
assert(server.isAuthenticated)
assert(client.isAuthenticated)

// Both now have the same session key. This key can be used to encrypt
// further communication between client and server.
assert(server.sessionKey == client.sessionKey)

More information can be found in the documentation.

Swift Compatibility

Swift 4 is required with version 3 of this package. Use version 2 if you need Swift 3 compatibility.

Compatibility with other implementations

I like to believe this implementation does correctly implements the RFC. However not all implementations do and might result in not being able to authenticate accross implementations. And subtle differences might result in low failure rates due to the randomness this protocol includes.

  • Python: srp is not compatible; it doesn't correctly calculate k.
  • Python: srptools is compatible.

References

Credits

This library was written by Bouke Haarsma.