An implementation of SRP-6a as documented in RFC 5054 and RFC 2945. It also exports modified versions of routines allowing it to be used with AWS Cognito which uses a variation of SRP.
Generate the verifier:
package main
import "github.com/bodgit/srp"
func main() {
g, err := srp.GetGroup(1024)
if err != nil {
panic(err)
}
s, err := srp.NewSRP(crypto.SHA1, g)
if err != nil {
panic(err)
}
i, err := s.NewISV("username", "password")
if err != nil {
panic(err)
}
// Marshal and store i on the server against the identity
}Example client:
package main
import "github.com/bodgit/srp"
func main() {
g, err := srp.GetGroup(1024)
if err != nil {
panic(err)
}
s, err := srp.NewSRP(crypto.SHA1, g)
if err != nil {
panic(err)
}
client, err := s.NewClient("username", "password")
if err != nil {
panic(err)
}
// Send identity and client.A() to the server, receive salt and B
m1, err := client.Compute(salt, b)
if err != nil {
panic(err)
}
// Send m1 to the server, receive m2
if err := client.Check(m2); err != nil {
panic(err)
}
// Use client.Key()
}Example server:
package main
import "github.com/bodgit/srp"
func main() {
g, err := srp.GetGroup(1024)
if err != nil {
panic(err)
}
s, err := srp.NewSRP(crypto.SHA1, g)
if err != nil {
panic(err)
}
// Receive identity and A from client, lookup/unmarshal ISV i
server, err := s.NewServer(i, a)
if err != nil {
panic(err)
}
// Send server.Salt() and server.B() to the client, receive m1
m2, err := server.Check(m1)
if err != nil {
panic(err)
}
// Send m2 to the client, use server.Key()
}- https://github.com/opencoff/go-srp - Calculates verifier value differently compared to RFC so session keys never match
- https://github.com/Kong/go-srp - Calculates proof values differently compared to RFC but session keys match
- https://github.com/posterity/srp - Interoperates fine
The last two implementations however assume that the client knows their salt value from the start rather than waiting for the server to provide it which doesn't match the behaviour documented in the RFC.