gnu.crypto.sasl.srp (GNU cryptographic primitives and tools, version 2.0.0)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

For the latest news and information visit
The GNU Crypto project

PREV PACKAGE NEXT PACKAGE

FRAMES NO FRAMES

Package gnu.crypto.sasl.srp

Provides the implementations of the SASL SRP mechanism, as specified in draft-burdis-cat-srp-sasl.

See:
Description

Interface Summary
SRPRegistry	A list of key names designating the values exchanged between the server and client in an SRP communication authentication phase.

Class Summary
CALG	A Factory class that returns CALG (Confidentiality Algorithm) instances that operate as described in the draft-burdis-cat-sasl-srp-08.
ClientStore	The client-side implementation of the SRP security context store.
IALG	A Factory class that returns IALG (Integrity Algorithm) instances that operate as described in the draft-burdis-cat-sasl-srp-04 and later.
KDF	The SASL-SRP KDF implementation, which is also used, depending on how it was instantiated, as a secure Pseudo Random Number Generator.
PasswordFile	The implementation of SRP-6 password files.
SecurityContext	A package-private placeholder for an SRP security context.
ServerStore	The server-side implementation of the SRP security context store.
SRP	A Factory class that returns SRP Singletons that know all SRP-related mathematical computations and protocol-related operations for both the client- and server-sides.
SRPAuthInfoProvider	The SRP mechanism authentication information provider implementation.
SRPClient	The SASL-SRP client-side mechanism.
SRPServer	The SASL-SRP server-side mechanism.
StoreEntry	A simple timing-related object for use by SRP re-use code.

Package gnu.crypto.sasl.srp Description

Provides the implementations of the SASL SRP mechanism, as specified in draft-burdis-cat-srp-sasl.

Package overview

The Secure Remote Password ( SRP) is a password-based, zero-knowledge, authentication and key-exchange protocol developed by Thomas Wu. It has good performance, is not plaintext-equivalent and maintains perfect forward secrecy. It provides authentication (optionally mutual authentication) and the negotiation of a session key.

The mechanism described in the IETF Draft, and implemented in this library, is based on the SRP-6 protocol, described in "SRP Protocol Design" and "SRP: The Open Source Password Authentication Standard". SRP-6 is an improved version of the original SRP protocol (also called SRP-3) described in RFC-2945.

Protocol description overview

In this mechanism, the following exchange occurs when a new session is negotiated between the client and the server. It will also occur when the client requests re-use of the parameters of a previous session and either the server does not support such re-use or no longer considers the previous session to be valid:

Where:

U: is the authentication identity (username),
I: is the authorisation identity (userid),
sid: is the identifier of a previous session whose parameters the client wishes to re-use,
cn: is the client's nonce used in deriving a new shared context key from the shared context key of the previous session,
0x00: is an octet indicating that the previous session parameters will NOT be re-used,
N: is the safe prime modulus,
g: is the generator,
s: is the user's password salt,
B: is the server's ephemeral public key,
L: is the options list indicating available security services,
A: is the client's ephemeral public key,
M1: is the client's evidence that the shared key K is known,
o: is the options list indicating chosen security services,
cIV: is the client's initial vector for the chosen encryption algorithm,
M2: is the server's evidence that the shared key K is known,
sIV: is the server's initial vector for the chosen encryption algorithm,
sid: is the identifier the server gives to this session for possible later re-use of the negotiated parameters,
ttl: is the time period for which this session's parameters may be re-usable.

On the other hand, the following exchange occurs when the client requests that the parameters negotiated in a previous session be re-used in this session, but with a newly derived shared context key, and the server agrees: