gnu.crypto.sasl.srp (GNU cryptographic primitives and tools, version 2.1.0)

Interface Summary
SRPRegistry	A list of key names designating the values exchanged between the server and client in an SRP communication authentication phase.

Class Summary
CALG	A Factory class that returns CALG (Confidentiality Algorithm) instances that operate as described in the draft-burdis-cat-sasl-srp-08. The designated CALG block cipher should be used in OFB (Output Feedback Block) mode in the ISO variant, as described in The Handbook of Applied Cryptography, algorithm 7.20. Let `k` be the block size of the chosen symmetric key block cipher algorithm; e.g. for AES this is `128` bits or `16` octets.
ClientStore	The client-side implementation of the SRP security context store.
IALG	A Factory class that returns IALG (Integrity Algorithm) instances that operate as described in the draft-burdis-cat-sasl-srp-04 and later.
KDF	The SASL-SRP KDF implementation, which is also used, depending on how it was instantiated, as a secure Pseudo Random Number Generator.
PasswordFile	The implementation of SRP password files. For SRP, there are three (3) files: The password configuration file: tpasswd.conf.
SecurityContext	A package-private placeholder for an SRP security context.
ServerStore	The server-side implementation of the SRP security context store.
SRP	A Factory class that returns SRP Singletons that know all SRP-related mathematical computations and protocol-related operations for both the client- and server-sides.
SRPAuthInfoProvider	The SRP mechanism authentication information provider implementation.
SRPClient	The SASL-SRP client-side mechanism.
SRPServer	The SASL-SRP server-side mechanism.
StoreEntry	A simple timing-related object for use by SRP re-use code.

Package gnu.crypto.sasl.srp Description:

Provides the implementations of the SASL SRP mechanism, as specified in draft-burdis-cat-srp-sasl.

Package overview

The Secure Remote Password ( SRP) is a password-based, zero-knowledge, authentication and key-exchange protocol developed by Thomas Wu. It has good performance, is not plaintext-equivalent and maintains perfect forward secrecy. It provides authentication (optionally mutual authentication) and the negotiation of a session key.

The mechanism described in the IETF Draft, and implemented in this library, is based on the SRP-6 protocol, described in "SRP Protocol Design" and "SRP: The Open Source Password Authentication Standard". SRP-6 is an improved version of the original SRP protocol (also called SRP-3) described in RFC-2945.

Protocol description overview

In this mechanism, the following exchange occurs when a new session is negotiated between the client and the server. It will also occur when the client requests re-use of the parameters of a previous session and either the server does not support such re-use or no longer considers the previous session to be valid:

Where:

U: is the authentication identity (username),
I: is the authorisation identity (userid),
sid: is the identifier of a previous session whose parameters the client wishes to re-use,
cn: is the client's nonce used in deriving a new shared context key from the shared context key of the previous session,
0x00: is an octet indicating that the previous session parameters will NOT be re-used,
N: is the safe prime modulus,
g: is the generator,
s: is the user's password salt,
B: is the server's ephemeral public key,
L: is the options list indicating available security services,
A: is the client's ephemeral public key,
M1: is the client's evidence that the shared key K is known,
o: is the options list indicating chosen security services,
cIV: is the client's initial vector for the chosen encryption algorithm,
M2: is the server's evidence that the shared key K is known,
sIV: is the server's initial vector for the chosen encryption algorithm,
sid: is the identifier the server gives to this session for possible later re-use of the negotiated parameters,
ttl: is the time period for which this session's parameters may be re-usable.

On the other hand, the following exchange occurs when the client requests that the parameters negotiated in a previous session be re-used in this session, but with a newly derived shared context key, and the server agrees:

Where:

0xFF: is an octet indicating that the previous session parameters will be re-used,
sn: is the server's nonce used in deriving a new shared context key from the shared context key of the previous session.