Secure Remote Password (SRP) for Swift
// This is a database of users, along with their salted verification keys let userStore: [String: (salt: Data, verificationKey: Data)] = [ "alice": createSaltedVerificationKey(username: "alice", password: "password123"), "bob": createSaltedVerificationKey(username: "bob", password: "qwerty12345"), ] // Alice wants to authenticate, she sends her username to the server. let client = Client(username: "alice", password: "password123") let (username, clientPublicKey) = client.startAuthentication() let server = Server( username: username, salt: userStore[username]!.salt, verificationKey: userStore[username]!.verificationKey) // The server shares Alice's salt and its public key (the challenge). let (salt, serverPublicKey) = server.getChallenge() // Alice generates a sessionKey and proofs she generated the correct // session key based on her password and the challenge. let clientKeyProof = try client.processChallenge(salt: salt, publicKey: serverPublicKey) // The server verifies Alices' proof and generates their proof. let serverKeyProof = try server.verifySession(publicKey: clientPublicKey, keyProof: clientKeyProof) // The client verifies the server's proof. try client.verifySession(keyProof: serverKeyProof) // At this point, authentication has completed. assert(server.isAuthenticated) assert(client.isAuthenticated) // Both now have the same session key. This key can be used to encrypt // further communication between client and server. assert(server.sessionKey == client.sessionKey)
More information can be found in the documentation.
- RFC 2945 - The SRP Authentication and Key Exchange System
- RFC 5054 - Using the Secure Remote Password (SRP) Protocol for TLS Authentication
This library was written by Bouke Haarsma.