Library for Secure Remote Password (SRP) exchanges.
###SRP.generateVerifier(password, options)
Generate a new SRP verifier. Password is the plaintext password.
options is optional and can include:
identity:String. The SRP username to user. Mostly this is passed in for testing. Random UUID if not provided.salt:String. A salt to use. Mostly this is passed in for testing. Random UUID if not provided.- SRP parameters (see _defaults and paramsFromOptions below)
###SRP.Client
Generate a new SRP client object. Password is the plaintext password.
options is optional and can include:
a: client's private ephemeral value.Stringor BigInteger. Normally, this is picked randomly, but it can be passed in for testing.- SRP parameters (see _defaults and paramsFromOptions below)
###SRP.Client.startExchange()
Initiate an SRP exchange.
returns { A: 'client public ephemeral key. hex encoded integer.' }
###SRP.Client.prototype.respondToChallenge(challenge)
Respond to the server's challenge with a proof of password.
challenge is an object with
B: server public ephemeral key. hex encoded integer.identity: user's identity (SRP username).salt: user's salt.
returns { M: 'client proof of password. hex encoded integer.' }
throws an error if it got an invalid challenge.
###SRP.Client.verifyConfirmation(confirmation)
Verify server's confirmation message.
confirmation is an object with
HAMK: server's proof of password.
returns true or false.
###SRP.Server(verifier, options)
Generate a new SRP server object.
options is optional and can include:
b: server's private ephemeral value.StringorBigInteger. Normally, this is picked randomly, but it can be passed in for testing.- SRP parameters (see _defaults and paramsFromOptions below)
###SRP.Server.issueChallenge(request)
Issue a challenge to the client.
Takes a request from the client containing:
A: hex encoded int.
Returns a challenge with:
B: server public ephemeral key. hex encoded integer.identity: user's identity (SRP username).salt: user's salt.
Throws an error if issued a bad request.
###SRP.Server.verifyResponse(response)
Verify a response from the client and return confirmation.
Takes a challenge response from the client containing:
M: client proof of password. hex encoded int.
Returns a confirmation if the client's proof is good:
HAMK: server proof of password. hex encoded integer. ORnullif the client's proof doesn't match.
###_defaults
/**
* Default parameter values for SRP.
*
*/
var _defaults = {
hash: function (x) { return SHA256(x).toLowerCase(); },
N: new BigInteger("EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3", 16),
g: new BigInteger("2")
};
_defaults.k = new BigInteger(
_defaults.hash(
_defaults.N.toString(16) +
_defaults.g.toString(16)),
16);###paramsFromOptions
/**
* Process an options hash to create SRP parameters.
*
* Options can include:
* - hash: Function. Defaults to SHA256.
* - N: String or BigInteger. Defaults to 1024 bit value from RFC 5054
* - g: String or BigInteger. Defaults to 2.
* - k: String or BigInteger. Defaults to hash(N, g)
*/
var paramsFromOptions = function (options) {
if (!options) // fast path
return _defaults;
var ret = _.extend({}, _defaults);
_.each(['N', 'g', 'k'], function (p) {
if (options[p]) {
if (typeof options[p] === "string")
ret[p] = new BigInteger(options[p], 16);
else if (options[p] instanceof BigInteger)
ret[p] = options[p];
else
throw new Error("Invalid parameter: " + p);
}
});
if (options.hash)
ret.hash = function (x) { return options.hash(x).toLowerCase(); };
if (!options.k && (options.N || options.g || options.hash)) {
ret.k = ret.hash(ret.N.toString(16) + ret.g.toString(16));
}
return ret;
};