Skip to content
/ SwiftSRP Public

Implementation of the Secure Remote Password protocol (SRP) - RFC 5054 for Swift

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

macmade/SwiftSRP

BranchesTags

Repository files navigation

SwiftSRP

Build Status Issues Status License
Contact Sponsor

About

Implementation of the Secure Remote Password protocol (SRP) - RFC 5054 for Swift.

Supported Hash Algorithms:

  • SHA-1
  • SHA-224
  • SHA-256
  • SHA-384
  • SHA-512

Supported Group Parameters:

  • 1024 bits
  • 1536 bits
  • 2048 bits
  • 3072 bits
  • 4096 bits
  • 6144 bits
  • 8192 bits

Example Usage

import Foundation
import SwiftSRP

// Server storage
var salt:     Data!
var verifier: Data!

/* Registration */
// Create a SRP client for an identity, with a given hash algorithm and group type
let client = SRPClient( identity: account.identity, hashAlgorithm: .SHA256, groupType: .NG2048 )

// User registers with a password
client.setPassword( string: account.password )

// Client generates a salt
client.salt = SRPRandom.bytes( count: 16 )

// Client -> Server:
// Server receives salt and verifier from Client
// Client can then discard them
salt     = client.salt
verifier = client.v.bytes( endianness: .bigEndian )

/* Authentication */
let client = SRPClient( identity: account.identity, hashAlgorithm: .SHA256, groupType: .NG2048 )
let server = SRPServer( identity: account.identity, hashAlgorithm: .SHA256, groupType: .NG2048 )

// Server has stored salt and verifier during registration (see above)
server.v    = SRPBigNum( data: verifier, endianness: .bigEndian )
server.salt = salt

// Client -> Server:
// Server receives A from Client
server.A = client.A

// Server -> Client:
// Client receives B and salt from Server
client.B    = server.B
client.salt = server.salt

// User inputs a wrong password
client.setPassword( string: "salad" )

// Client and Server will not have matching M1 and M2, meaning the authentication failed
AssertFalse( client.M1 == server.M1 )
AssertFalse( client.M2 == server.M2 )

// User inputs the correct password
client.setPassword( string: account.password )

// With the correct password, Client and Server will have matching M1 and M2, meaning the authentication was successful
AssertTrue( client.M1 == server.M1 )
AssertTrue( client.M2 == server.M2 )

Requirements

This project requires OpenSSL.
A pre-built version of BoringSSL is provided for macOS in the Submodules/SRPXX/Submodules/BoringSSL/lib directory.

License

Project is released under the terms of the MIT License.

Repository Infos

Owner:          Jean-David Gadina - XS-Labs
Web:            www.xs-labs.com
Blog:           www.noxeos.com
Twitter:        @macmade
GitHub:         github.com/macmade
LinkedIn:       ch.linkedin.com/in/macmade/
StackOverflow:  stackoverflow.com/users/182676/macmade

About

Implementation of the Secure Remote Password protocol (SRP) - RFC 5054 for Swift

Topics

swift ssl authentication openssl srp srp-6a rfc-5054 secure-remote-password

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Languages