Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/idlesign/srptools

Tools to implement Secure Remote Password (SRP) authentication
https://github.com/idlesign/srptools

authentication python rfc-2945 rfc-5054 security srp

Last synced: 4 days ago
JSON representation

Tools to implement Secure Remote Password (SRP) authentication

Awesome Lists containing this project

README 

        
srptools

========

https://github.com/idlesign/srptools



|release| |lic| |coverage|



.. |release| image:: https://img.shields.io/pypi/v/srptools.svg

    :target: https://pypi.python.org/pypi/srptools



.. |lic| image:: https://img.shields.io/pypi/l/srptools.svg

    :target: https://pypi.python.org/pypi/srptools



.. |coverage| image:: https://img.shields.io/coveralls/idlesign/srptools/master.svg

    :target: https://coveralls.io/r/idlesign/srptools



Description

-----------



*Tools to implement Secure Remote Password (SRP) authentication*



SRP is a secure password-based authentication and key-exchange protocol -

a password-authenticated key agreement protocol (PAKE).



This package contains protocol implementation for Python 2 and 3.



You may import it into you applications and use its API or you may use

``srptools`` command-line utility (CLI):



CLI usage

---------



Command-line utility requires ``click`` package to be installed.



Basic scenario:



.. code-block::



    > srptools get_user_data_triplet

    > srptools server get_private_and_public

    > srptools client get_private_and_public

    > srptools client get_session_data

    > srptools server get_session_data



Help is available:



.. code-block::



    > srptools --help



API usage

---------



Preliminary step. Agree on communication details:



.. code-block:: python



    from srptools import SRPContext



    context = SRPContext('alice', 'password123')

    username, password_verifier, salt = context.get_user_data_triplet()

    prime = context.prime

    gen = context.generator



Simplified workflow:



.. code-block:: python



    from srptools import SRPContext, SRPServerSession, SRPClientSession



    # Receive username from client and generate server public.

    server_session = SRPServerSession(SRPContext(username, prime=prime, generator=gen), password_verifier)

    server_public = server_session.public



    # Receive server public and salt and process them.

    client_session = SRPClientSession(SRPContext('alice', 'password123', prime=prime, generator=gen))

    client_session.process(server_public, salt)

    # Generate client public and session key.

    client_public = client_session.public



    # Process client public and compare session keys.

    server_session.process(client_public, salt)



    assert server_session.key == client_session.key



Extended workflow



.. code-block:: python



    from srptools import SRPContext, SRPServerSession, SRPClientSession



    # Receive username from client and generate server public.

    server_session = SRPServerSession(SRPContext(username, prime=prime, generator=gen), password_verifier)

    server_public = server_session.public



    # Receive server public and salt and process them.

    client_session = SRPClientSession(SRPContext('alice', 'password123', prime=prime, generator=gen))

    client_session.process(server_public, salt)

    # Generate client public and session key proof.

    client_public = client_session.public

    client_session_key_proof = client_session.key_proof



    # Process client public and verify session key proof.

    server_session.process(client_public, salt)

    assert server_session.verify_proof(client_session_key_proof)

    # Generate session key proof hash.

    server_session_key_proof_hash = client_session.key_proof_hash



    # Verify session key proof hash received from server.

    assert client_session.verify_proof(server_session_key_proof_hash)



Usage hints

-----------



* ``srptools.constants`` contains basic constants which can be used with ``SRPContext`` for server and client to agree

  upon communication details.

* ``.process()`` methods of session classes may raise ``SRPException`` in certain circumstances. Auth process on

  such occasions must be stopped.

* ``.private`` attribute of session classes may be used to restore sessions:

    .. code-block:: python



        server_private = server_session.private



        # Restore session on new request.

        server_session = SRPServerSession(context, password_verifier, private=server_private)



* ``SRPContext`` is rather flexible, so you can implement some custom server/client session logic with its help.

* Basic values are represented as hex strings but base64 encoded values are also supported:



    .. code-block:: python



        server_public = server_session.public_b64



        # Receive server public and salt and process them.

        client_session = SRPClientSession(SRPContext('alice', 'password123', prime=prime, generator=gen))

        client_session.process(server_public, salt, base64=True)



        # Use srptools.hex_from_b64() to represent base64 value as hex.

        server_public_hex = hex_from_b64(server_public)



Links

-----

* RFC 2945 - The SRP Authentication and Key Exchange System

    https://tools.ietf.org/html/rfc2945



* RFC 5054 - Using the Secure Remote Password (SRP) Protocol for TLS Authentication

    https://tools.ietf.org/html/rfc5054