diff options
| -rw-r--r-- | doc/manual/srp.rst | 36 |
1 files changed, 32 insertions, 4 deletions
diff --git a/doc/manual/srp.rst b/doc/manual/srp.rst index 74b67d890..071f3ea19 100644 --- a/doc/manual/srp.rst +++ b/doc/manual/srp.rst @@ -8,7 +8,11 @@ password based key exchange protocol A SRP client provides what is called a SRP *verifier* to the server. This verifier is based on a password, but the password cannot be easily derived from the verifier. Later, the client and server can -perform an SRP exchange, in which +perform an SRP exchange, which results in a shared key. + +SRP works in a discrete logarithm group. Special parameter sets for +SRP6 are defined, denoted in the library as "modp/srp/<size>", for +example "modp/srp/2048". .. warning:: @@ -17,7 +21,6 @@ perform an SRP exchange, in which impersonate the server to the client, so verifiers should be carefully protected. - .. cpp:function:: BigInt generate_srp6_verifier( \ const std::string& identifier, \ const std::string& password, \ @@ -25,6 +28,26 @@ perform an SRP exchange, in which const std::string& group_id, \ const std::string& hash_id) + Generates a new verifier using the specified password and salt. + This is stored by the server. The salt must also be stored. + +.. cpp:function:: std::string srp6_group_identifier( \ + const BigInt& N, const BigInt& g) + +.. cpp:class:: SRP6_Server_Session + + .. cpp:function:: BigInt step1(const BigInt& v, \ + const std::string& group_id, \ + const std::string& hash_id, \ + RandomNumberGenerator& rng) + + Takes a verifier (generated by generate_srp6_verifier) + along with the group_id (which must match + + .. cpp:function:: SymmetricKey step2(const BigInt& A) + + Takes the parameter A generated by srp6_client_agree, + and return the shared secret key. .. cpp:function:: std::pair<BigInt,SymmetricKey> srp6_client_agree( \ const std::string& username, \ @@ -35,5 +58,10 @@ perform an SRP exchange, in which const BigInt& B, \ RandomNumberGenerator& rng) -.. cpp:function:: std::string srp6_group_identifier( \ - const BigInt& N, const BigInt& g) + The client receives these parameters from the server, except for + the username and password which are provided by the user. The + parameter B is the output of `step1`. + + The client agreement step outputs a shared symmetric key along + with the parameter A which is returned to the server (and allows + it the compute the shared key). |