Skip to content
/ SwiftSRP Public

Implementation of the Secure Remote Password protocol (SRP) - RFC 5054 for Swift

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

macmade/SwiftSRP

1 Branch0 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

macmademacmade
fix: Fixed linking in release mode
Nov 17, 2024
c96d80b · Nov 17, 2024

History

14 Commits
.github
.github
Nov 13, 2024
Submodules
Submodules
Nov 17, 2024
SwiftSRP-Tests
SwiftSRP-Tests
Nov 17, 2024
SwiftSRP.xcodeproj
SwiftSRP.xcodeproj
Nov 17, 2024
SwiftSRP
SwiftSRP
Nov 17, 2024
.gitignore
.gitignore
Nov 13, 2024
.gitmodules
.gitmodules
Nov 13, 2024
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
Nov 13, 2024
LICENSE
LICENSE
Nov 13, 2024
README.md
README.md
Nov 17, 2024

Repository files navigation

SwiftSRP

Build Status Issues Status License
Contact Sponsor

About

Implementation of the Secure Remote Password protocol (SRP) - RFC 5054 for Swift.

Supported Hash Algorithms:

  • SHA-1
  • SHA-224
  • SHA-256
  • SHA-384
  • SHA-512

Supported Group Parameters:

  • 1024 bits
  • 1536 bits
  • 2048 bits
  • 3072 bits
  • 4096 bits
  • 6144 bits
  • 8192 bits

Example Usage

import Foundation
import SwiftSRP

// Server storage
var salt:     Data!
var verifier: Data!

/* Registration */
// Create a SRP client for an identity, with a given hash algorithm and group type
let client = SRPClient( identity: account.identity, hashAlgorithm: .SHA256, groupType: .NG2048 )

// User registers with a password
client.setPassword( string: account.password )

// Client generates a salt
client.salt = SRPRandom.bytes( count: 16 )

// Client -> Server:
// Server receives salt and verifier from Client
// Client can then discard them
salt     = client.salt
verifier = client.v.bytes( endianness: .bigEndian )

/* Authentication */
let client = SRPClient( identity: account.identity, hashAlgorithm: .SHA256, groupType: .NG2048 )
let server = SRPServer( identity: account.identity, hashAlgorithm: .SHA256, groupType: .NG2048 )

// Server has stored salt and verifier during registration (see above)
server.v    = SRPBigNum( data: verifier, endianness: .bigEndian )
server.salt = salt

// Client -> Server:
// Server receives A from Client
server.A = client.A

// Server -> Client:
// Client receives B and salt from Server
client.B    = server.B
client.salt = server.salt

// User inputs a wrong password
client.setPassword( string: "salad" )

// Client and Server will not have matching M1 and M2, meaning the authentication failed
AssertFalse( client.M1 == server.M1 )
AssertFalse( client.M2 == server.M2 )

// User inputs the correct password
client.setPassword( string: account.password )

// With the correct password, Client and Server will have matching M1 and M2, meaning the authentication was successful
AssertTrue( client.M1 == server.M1 )
AssertTrue( client.M2 == server.M2 )

Requirements

This project requires OpenSSL.
A pre-built version of BoringSSL is provided for macOS in the Submodules/SRPXX/Submodules/BoringSSL/lib directory.

License

Project is released under the terms of the MIT License.

Repository Infos

Owner:          Jean-David Gadina - XS-Labs
Web:            www.xs-labs.com
Blog:           www.noxeos.com
Twitter:        @macmade
GitHub:         github.com/macmade
LinkedIn:       ch.linkedin.com/in/macmade/
StackOverflow:  stackoverflow.com/users/182676/macmade

About

Implementation of the Secure Remote Password protocol (SRP) - RFC 5054 for Swift

Topics

swift ssl authentication openssl srp srp-6a rfc-5054 secure-remote-password

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Sponsor this project

@macmade macmade JD Gadina
Sponsor
Learn more about GitHub Sponsors

Packages

No packages published

Languages