UNPKG

@scirexs/srp6a

Version:

SRP-6a (Secure Remote Password) implementation in TypeScript for browser and server.

github.com/scirexs/srp6a

scirexs/srp6a

134 lines 5.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
export { addRandomDelay, authenticate, createDummyHello, createServerHello, extractClientHello, extractLoginEvidence, extractSignupCredentials, }; import { SRPConfig } from "../shared/crypto.js"; import { addRandomDelay } from "../shared/functions.js"; import type { AuthResult, ClientHello, CryptoKeyPair, CryptoSource, KeyPair, LoginEvidence, ServerHello, SignupCredentials } from "../shared/types.js"; /** * Creates server hello response for SRP6a authentication. * Generates server key pair and returns hello message along with the key pair for session use. * * @param salt - Salt value from user registration * @param verifier - Password verifier from user registration * @param config - SRP configuration object * @returns Promise that resolves to tuple containing [ServerHello message, KeyPair for the session] * * @example * ```ts * const userRecord = getUserFromDatabase(username); * const [hello, keyPair] = await createServerHello(userRecord.salt, userRecord.verifier, config); * // Send hello to client, store keyPair for authentication * ``` */ declare function createServerHello(salt: CryptoSource, verifier: CryptoSource, config: SRPConfig): Promise<[ServerHello, KeyPair]>; /** * Creates a dummy server hello response. * Generates a dummy salt and server key to prevent user enumeration attacks. * * @param config - SRP configuration object * @returns Dummy ServerHello message * * @example * ```ts * const userRecord = getUserFromDatabase(username); * if (!userRecord) { * const dummy = createDummyHello(config); * addRandomDelay(); * // Send dummy response to client * } * ``` */ declare function createDummyHello(config: SRPConfig): ServerHello; /** * Authenticates client evidence and generates server evidence for mutual authentication. * Verifies client's knowledge of password and computes server evidence if authentication succeeds. * * @param username - The username attempting to authenticate * @param salt - Salt value from user registration * @param verifier - Password verifier from user registration * @param pair - Server's key pair from hello phase * @param client - Client's public key from hello phase * @param evidence - Client evidence to verify * @param config - SRP configuration object * @returns Promise that resolves to AuthResult with result status and server evidence * @throws Error if client's public key is invalid * * @example * ```ts * const result = await authenticate( * username, * userRecord.salt, * userRecord.verifier, * serverKeyPair, * clientPublicKey, * clientEvidence, * config * ); * * if (result.success) { * // Authentication successful, send server evidence * return { success: true, evidence: result.evidence }; * } else { * // Authentication failed * return { success: false, evidence: "" }; * } * ``` */ declare function authenticate(username: string, salt: CryptoSource, verifier: CryptoSource, pair: KeyPair | CryptoKeyPair, client: CryptoSource, evidence: CryptoSource, config: SRPConfig): Promise<AuthResult>; /** * Extracts client signup information from HTTP request, if client used this library. * Parses the request body and validates that it contains required username and credential properties. * * @param request - HTTP request containing signup credential data * @returns Promise that resolves to SignupCredentials object containing username and credential data * @throws Error if request is not POST, not JSON, or missing required properties * * @example * ```ts * // In your HTTP handler * const { username, salt, verifier } = await extractSignupCredentials(request); * storeDatabase(username, salt, verifier); * ``` */ declare function extractSignupCredentials(request: Request): Promise<SignupCredentials>; /** * Extracts client hello information from HTTP request, if client used this library. * Parses the request body and validates that it contains required username and client properties. * * @param request - HTTP request containing client hello data * @returns Promise that resolves to ClientHello object containing username and client public key * @throws Error if request is not POST, not JSON, or missing required properties * * @example * ```ts * // In your HTTP handler * const { username, client } = await extractClientHello(request); * const userRecord = getUserFromDatabase(username); * const [hello, keyPair] = await createServerHello(userRecord.salt, userRecord.verifier, config); * ``` */ declare function extractClientHello(request: Request): Promise<ClientHello>; /** * Extracts login evidence from HTTP request, if client used this library. * Parses the request body and validates that it contains required username and evidence properties. * * @param request - HTTP request containing login evidence data * @returns Promise that resolves to LoginEvidence object containing username and client evidence * @throws Error if request is not POST, not JSON, or missing required properties * * @example * ```ts * // In your HTTP handler * const { username, evidence } = await extractLoginEvidence(request); * const userRecord = getUserFromDatabase(username); * const result = await authenticate( * username, * userRecord.salt, * userRecord.verifier, * storedKeyPair, * storedClientPublicKey, * evidence, * config * ); * ``` */ declare function extractLoginEvidence(request: Request): Promise<LoginEvidence>; //# sourceMappingURL=main.d.ts.map