mirror of
https://github.com/danog/fast-srp.git
synced 2024-11-26 20:04:49 +01:00
d8e2938064
* TypeScript and support using saved verifiers * Restored functionality of tests * Added HAP test vectors |
||
|---|---|---|
| .github/workflows | ||
| lib | ||
| src | ||
| .gitignore | ||
| LICENSE | ||
| package-lock.json | ||
| package.json | ||
| README.md | ||
| SRP Design.md | ||
| tsconfig.json | ||
fast-srp
Is a pure NodeJS implementation of the SRP6a protocol.
It's a derived work of Jed Parson's node-srp and Tom Wu's jsbn.
Creating the Verifier
import * as srp6a from 'fast-srp-hap';
/**
* Computes the verifier of a user. Only needed to add the user to the auth system.
*
* @param {string} I Username to compute verifier
* @param {string} P Password
* @return {Promise<{salt: Buffer, verifier: Buffer}>}
*/
async function srp6a_create_user(I: string, P: string) {
const salt = await srp6a.genKey(32);
return {
// The salt is required for authenticating the user later
salt,
verifier: srp6a.computeVerifier(srp6a.params[4096], salt, Buffer.from(I), Buffer.from(P)),
};
}
await srp6a_create_user('Zarmack Tanen', '*****').then(({salt, verifier}) => {
console.log('SRP6a verifier and salt of Zarmack Tanen user is %s and %s',
verifier.toString('hex'), salt.toString('hex'));
});
Server
import {Server, genKey, params} from 'fast-srp-hap';
(async () => {
// Get the user details from somewhere
const user = {
username: 'username', // Or a Buffer
// If we have the plaintext password
salt: await genKey(32),
password: 'password', // Or a Buffer
// If we have a saved verifier
salt: Buffer.from('...'),
verifier: Buffer.from('...'),
};
// Generate a secret key
const secret = await genKey(32);
const server = new Server(params[3076], user, secret); // For Apple SRP use params.hap
// ...
})();