gazagnaire.org / ocaml-srp
SRP-6a Secure Remote Password protocol for OCaml
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

srp: add README content — usage examples, API overview

Thomas Gazagnaire e6ae205f f641db46

+45 -5
+45 -5
README.md
··· 1 - ## SRP - SRP-6a Secure Remote Password protocol 1 + ## SRP -- SRP-6a Secure Remote Password protocol 2 2 3 - Implementation of the SRP-6a protocol (RFC 5054) for password-authenticated key exchange. Includes support for the 3072-bit group used by HomeKit. 3 + Implementation of the SRP-6a protocol (RFC 5054) for password-authenticated 4 + key exchange. Includes support for the 3072-bit group used by HomeKit. 4 5 5 6 ## Installation 6 7 7 - `opam install srp` will install this library. 8 + ``` 9 + opam install srp 10 + ``` 11 + 12 + ## Usage 13 + 14 + ### Server setup (register a user) 15 + 16 + ```ocaml 17 + (* Server stores verifier, not the password *) 18 + let salt = (* random 16+ bytes *) in 19 + let verifier = 20 + Srp.compute_verifier ~salt ~username:"alice" ~password:"secret" 21 + ``` 22 + 23 + ### Client authentication 24 + 25 + ```ocaml 26 + (* Client side: generate A and ephemeral key *) 27 + let client = Srp.Client.v ~username:"alice" ~password:"secret" in 28 + let a_pub = Srp.Client.public client in 29 + (* Send (username, A) to server *) 30 + 31 + (* Server receives (username, A), looks up salt+verifier *) 32 + let server = Srp.Server.v ~verifier in 33 + let b_pub = Srp.Server.public server in 34 + (* Send (salt, B) to client *) 35 + 36 + (* Both derive shared session key *) 37 + let client_key = Srp.Client.session_key client ~salt ~b_pub in 38 + let server_key = Srp.Server.session_key server ~username:"alice" ~a_pub 39 + ``` 40 + 41 + ## API 42 + 43 + - `Srp.n` / `Srp.g` -- 3072-bit group parameters 44 + - `Srp.compute_verifier` -- Compute password verifier for server storage 45 + - `Srp.Client.v` / `Srp.Client.public` / `Srp.Client.session_key` -- Client state 46 + - `Srp.Server.v` / `Srp.Server.public` / `Srp.Server.session_key` -- Server state 8 47 9 48 ## Reference 10 49 11 - - [RFC 5054: Using the Secure Remote Password (SRP) Protocol for TLS Authentication](https://www.rfc-editor.org/rfc/rfc5054) 50 + - [RFC 5054](https://www.rfc-editor.org/rfc/rfc5054) -- Using SRP for TLS Authentication 12 51 13 - ## Documentation 52 + ## Licence 14 53 54 + ISC