# NAME

Crypt::SRP - Secure Remote Protocol (SRP6a)

# SYNOPSIS

Example 1 - SRP login handshake:

    ###CLIENT###
    my $I = '...'; # login entered by user
    my $P = '...'; # password entered by user
    my $cli = Crypt::SRP->new('RFC5054-1024bit', 'SHA1');
    my ($A, $a) = $cli->client_compute_A;

    #  request[1] to server:  ---> /auth/srp_step1 ($I, $A) --->

                              ###SERVER###
                              my %USERS;  # sort of "user database"
                              my %TOKENS; # sort of temporary "token database"
                              my $v = $USERS{$I}->{verifier};
                              my $s = $USERS{$I}->{salt};
                              my $srv = Crypt::SRP->new('RFC5054-1024bit', 'SHA1');
                              return unless $srv->server_verify_A($A);
                              $srv->server_init($I, $v, $s);
                              my ($B, $b) = $srv->server_compute_B;
                              my $token = $srv->random_bytes(32);
                              $TOKENS{$token} = [$I, $A, $B, $b];

    #  response[1] from server:  <--- ($B, $s, $token) <---

    ###CLIENT###
    return unless $cli->client_verify_B($B);
    $cli->client_init($I, $P, $s);
    my $M1 = $cli->client_compute_M1;

    #  request[2] to server:  ---> /auth/srp_step2 ($M1, $token) --->

                              ###SERVER###
                              my $M2 = '';
                              return unless $M1 && $token && $TOKENS{$token};
                              my ($I, $A, $B, $b) = @{delete $TOKENS{$token}};
                              return unless $I && $A && $B && $b && $USERS{$I};
                              my $s = $USERS{$I}->{salt};
                              my $v = $USERS{$I}->{verifier};
                              return unless $s && $v;
                              my $srv = Crypt::SRP->new('RFC5054-1024bit', 'SHA1');
                              $srv->server_init($I, $v, $s, $A, $B, $b);
                              return unless $srv->server_verify_M1($M1);
                              $M2 = $srv->server_compute_M2;
                              my $K = $srv->get_secret_K; # shared secret

    #  response[2] from server:  <--- ($M2) <---

    ###CLIENT###
    if ($M2 && $cli->client_verify_M2($M2)) {
      my $K = $cli->get_secret_K; # shared secret
      print "SUCCESS";
    }
    else {
      print "ERROR";
    }

Example 2 - creating a new user and his/her password verifier:

    ###CLIENT###
    my $I = '...'; # login entered by user
    my $P = '...'; # password entered by user
    my $cli = Crypt::SRP->new('RFC5054-1024bit', 'SHA1');
    my ($v, $s) = $cli->compute_verifier_and_salt($I, $P);

    #  request to server:  ---> /auth/create_user [$I, $s, $v] --->

                              ###SERVER###
                              my %USERS;  # sort of "user database"
                              die "user already exists" unless $USERS{$I};
                              $USERS{$I}->{salt} = $s;
                              $USERS{$I}->{verifier} = $v;

Working sample implementation of SRP authentication on client and server side is available in `examples`
subdirectory:
[srp\_server.pl](https://metacpan.org/source/MIK/Crypt-SRP-0.015/examples/srp_server.pl),
[srp\_client.pl](https://metacpan.org/source/MIK/Crypt-SRP-0.015/examples/srp_client.pl).

# DESCRIPTION

More info about SRP protocol:

- [http://srp.stanford.edu/design.html](http://srp.stanford.edu/design.html)
- [https://en.wikipedia.org/wiki/Secure\_Remote\_Password\_protocol](https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol)
- [https://tools.ietf.org/html/rfc2945](https://tools.ietf.org/html/rfc2945)
- [https://tools.ietf.org/html/rfc5054](https://tools.ietf.org/html/rfc5054)

This module implements SRP version 6a.

# METHODS

Login and password ($I, $P) can be ASCII strings (without utf8 flag) or raw octets. If you want special
characters in login and/or password then you have to encode them from Perl's internal from like this:
`$I = encode('utf8', $I)` or `$P = encode('utf8', $P)`

All SRP related variables ($s, $v, $A, $a, $B, $b, $M1, $M2, $S, $K) are by defaults raw octets (no BigInts, no strings
with utf8 flag). However if you set new's optional parameter `$format` to `'hex'`, `'base64'` or `'base64url'` SRP
related input parameters (not `$I` or `$P`) are expected in given encoding and return values are converted into
the same encoding as well.

- new

        my $srp = Crypt::SRP->new();

        #or
        my $srp = Crypt::SRP->new({ group => $group, hash => $hash, format => $format });
        # group       - DEFAULT='RFC5054-2048bit'
        #               'RFC5054-1024bit' or 'RFC5054-1536bit' or 'RFC5054-2048bit' or
        #               'RFC5054-3072bit' or 'RFC5054-4096bit' or 'RFC5054-6144bit' or
        #               'RFC5054-8192bit' see rfc5054 (appendix A)
        # hash        - DEFAULT='SHA256'
        #               'SHA1' or 'SHA256' or 'SHA384' or 'SHA512'
        # format      - DEFAULT='raw'
        #               'raw' or 'hex' or 'base64' or 'base64url'
        # interleaved - DEFAULT=0
        #               indicates whether the final shared secret K will be computed
        #               as SHAx(S) or SHAx_Interleaved(S) see rfc2945 (3.1 Interleaved SHA)
        # saltlen     - DEFAULT=32
        #               default length (in bytes) for generated salt
        # srptools    - DEFAULT=0 (since v0.018)
        #               operate in a mode compatible with python package srptools
        # appletv     - DEFAULT=0 (since v0.018)
        #               operate in a mode compatible with SRP6a used by AppleTV / AirPlayAuth

        #or (OLD interface)
        my $srp = Crypt::SRP->new($group, $hash, $format, $interleaved, $default_salt_len);

- reset

        $srp->reset();
        #or
        $srp->reset({ group => $group, hash => $hash, format => $format });    # see new()
        #or
        $srp->reset($group, $hash, $format, $interleaved, $default_salt_len);  # see new()

        # returns $srp (itself)

- dump

        my $serialized_state = $srp->dump();

- load

        $srp->load($serialized_state);

- compute\_verifier

        my $v = $srp->compute_verifier($I, $P, $s);

- compute\_verifier\_and\_salt

        my ($v, $s) = $srp->compute_verifier_and_salt($I, $P);
        #or
        my ($v, $s) = $srp->compute_verifier_and_salt($I, $P, $s_len);

- client\_init

        $srp->client_init($I, $P, $s, $B);

        # returns $srp (itself)

- client\_compute\_A

        my ($A, $a) = $srp->client_compute_A();
        #or
        my ($A, $a) = $srp->client_compute_A($a_len);

- client\_compute\_M1

        my $M1 = $srp->client_compute_M1($B);

- client\_verify\_M2

        my $valid = $srp->client_verify_M2($M2);

- client\_verify\_B

        my $valid = client_verify_B($B);

- server\_init

        $srp->server_init($I, $v, $s);
        #or
        $srp->server_init($I, $v, $s, $A, $B, $b);
        # returns $srp (itself)

- server\_compute\_B

        my ($B, $b) = $srp->server_compute_B();
        #or
        my ($B, $b) = $srp->server_compute_B($b_len);

- server\_fake\_B\_s

        my ($B, $s) = $srp->server_fake_B_s($I);
        #or
        my ($B, $s) = $srp->server_fake_B_s($I, $nonce);
        #or
        my ($B, $s) = $srp->server_fake_B_s($I, $nonce, $s_len);

- server\_verify\_M1

        my $valid = $srp->server_verify_M1($M1);

- server\_compute\_M2

        my $M2 = $srp->server_compute_M2();

- server\_verify\_A

        my $valid = server_verify_A($A);

- get\_secret\_S

        my $S = $srp->get_secret_S();
        #or
        my $S = $srp->get_secret_S($format);
        # $format can me 'raw' or 'hex' or 'base64' or 'base64url'

- get\_secret\_K

        my $K = $srp->get_secret_K();
        #or
        my $K = $srp->get_secret_K($format);
        # $format can me 'raw' or 'hex' or 'base64' or 'base64url'

- random\_bytes

        my $rand = $srp->random_bytes();  # $rand formated according to $format passed to new()
        #or
        my $rand = $srp->random_bytes($len);

        my $rand = Crypt::SRP->random_bytes();  # $rand always raw bytes
        #or
        my $rand = Crypt::SRP->random_bytes($len);

# LICENSE

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

# COPYRIGHT

Copyright (c) 2012+ DCIT, a.s. [http://www.dcit.cz](http://www.dcit.cz) / Karel Miko