• Stars
    star
    7
  • Rank 2,294,772 (Top 46 %)
  • Language
    Crystal
  • License
    MIT License
  • Created over 2 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Crystal implementation of the Secure Remote Password protocol (SRP-6a)

Secure Remote Password for Crystal Lang

CI

This is a pure Crystal implementation of the Secure Remote Password protocol (SRP-6a).

SRP is an authentication method that allows the use of user names and passwords over an insecure network connection without revealing the password. If the client side lacks the user's password or the server side lacks the proper verification key, the authentication will fail.

Unlike other common challenge-response autentication protocols, such as Kerberos and SSL, SRP does not rely on an external infrastructure of trusted key servers or certificate management.

HomeKit Accessory Protocol Specification (HAP)

HomeKit authentication is supported when using SHA-512, these changes are made to the SRP protocol:

  • SHA-512 is used as the hash function, replacing SHA-1
  • The Modulus, N, and Generator, g, are specified by the 3072-bit group of RFC 5054
  • The match, M, hash calculation is not padded

These changes improve security and are used as defaults

References

Installation

Add the dependency to your shard.yml:

  dependencies:
    secure-remote-password:
      github: spider-gazelle/secure-remote-password

Usage

require 'secure-remote-password'

username = "user"
password = "password"

# The username, verifier and salt should be stored in the server database
server_verifier = SecureRemotePassword::Verifier.new
auth = verifier.generate_user_verifier(username, password)
auth # => {username: username, verifier: ..., salt: ...}

# ~~~ Begin Authentication ~~~

client = SecureRemotePassword::Client.new(username, password)
client_a = client.start_authentication

# Send username and client_a to the server
# Client => Server: username, client_a

# Server retrieves user's verifier and salt from the database.
# auth = lookup_user(username)
salt = auth[:salt]
verifier = auth[:verifier]

# Server generates challenge for the client.
challenge, proof = server_verifier.get_challenge_and_proof(username, verifier, salt, client_a)

# Server sends the challenge containing salt and proof (B) to client.
# Server => Client: challenge.salt, challenge.proof (B)

# Client calculates match (M) as a response to the challenge.
client_m = client.process_challenge(challenge)

# Client => Server: username, client_m

# Verify challenge response M.
# The Verifier state is passed in proof (server should persist this during negotiation)
server_h_amk = verifier.verify_session(proof, client_m)
# is nil if authentication failed.


# At this point, the client and server should have a common session key
# that is secure (i.e. not known to an outside party).  To finish
# authentication, they must prove to each other that their keys are
# identical.


# server to send server_h_amk to the client
# Server => Client: server_h_amk

client.verify(server_h_amk) == true

Credit

The original SRP-6a work was done by lamikae in the srp-rb project. The HomeKit implementation by karlentwistle

More Repositories

1

spider-gazelle

A Rails esque web framework with a focus on speed and extensibility for crystal lang
Crystal
179
star
2

tasker

Scheduled tasks for crystal lang
Crystal
56
star
3

bindata

BinData - Parsing Binary Data in Crystal Lang
Crystal
48
star
4

ssh2.cr

libssh2 binding for Crystal language
Crystal
44
star
5

promise

Type aware promises for crystal lang
Crystal
42
star
6

action-controller

A rails-esque controller framework for crystal lang
Crystal
41
star
7

active-model

A rails-esque model framework for crystal lang
Crystal
28
star
8

rethinkdb-orm

RethinkDB ORM for Crystal lang
Crystal
24
star
9

crystal-mqtt

Crystal lang implementation of the MQTT protocol, a lightweight protocol for publish/subscribe messaging
Crystal
20
star
10

ffmpeg

ffmpeg crystal bindings
Crystal
19
star
11

crystal-ldap

a Crystal lang LDAP client
Crystal
18
star
12

qr-code

a QR Code implementation written in crystal lang
Crystal
17
star
13

crystal-snmp

SNMP implementation for crystal lang
Crystal
16
star
14

json-schema

Describe crystal-lang JSON serializable types with JSON Schema
Crystal
13
star
15

priority-queue

Priority Queue and Heap implementation for Crystal Lang
Crystal
13
star
16

bisect

Library for maintaining sorted Arrays
Crystal
12
star
17

pars

Parser combinator library for crystal-lang
Crystal
11
star
18

pinger

Microlibrary to perform ping requests with Crystal Lang
Crystal
11
star
19

telnet.cr

Telnet protocol helper for crystal lang
Crystal
11
star
20

crystal-openai

OpenAI ChatGPT, GPT-3, GPT-4, DALL·E, Whisper API Client for Crystal
Crystal
11
star
21

pg-orm

Postgres ORM for Crystal Lang
Crystal
10
star
22

inactive-support

Utilities for crystal-lang
Crystal
10
star
23

mdns

Crystal Lang mDNS and DNS-SD Support
Crystal
8
star
24

tensorflow_lite

tensorflow lite bindings for crystal lang
Crystal
8
star
25

ed25519

Ed25519 high-performance public-key signature system for crystal lang
Crystal
7
star
26

crystal-gpt

ChatGPT plugin template that allows you to focus on writing actions, automatically generating the required metadata
Crystal
7
star
27

connect-proxy

crystal lang connect / HTTP proxy implementation
Crystal
7
star
28

simple_retry

a tool for retrying code blocks
Crystal
6
star
29

crunits

Physical quantity and units of measure conversion and math for crystal lang
Crystal
6
star
30

secrets-env

Extension to the crystal lang ENV module to support reading secrets
Crystal
6
star
31

v4l2.cr

crystal lang video for linux device helpers / bindings
Crystal
5
star
32

log_helper

Extension for Crystal Log to aid logging key-value data
Crystal
5
star
33

cmac

Crystal implementation of the Cipher-based Message Authentication Code (CMAC)
Crystal
5
star
34

readers-writer

A simple readers writer lock for crystal lang
Crystal
5
star
35

worker_pool

a basic fiber pool implementation for crystal lang
Crystal
5
star
36

matter

A complete Crystal implementation of the Matter protocol specification (https://buildwithmatter.com). Includes full support for controller, device, commissioning, secure communications, device types, and cluster definitions.
Crystal
5
star
37

guide

Spider Gazelle Documentation
Python
4
star
38

ntlm

NTLM authentication for crystal lang
Crystal
4
star
39

digest-auth

HTTP digest auth for crystal lang
Crystal
4
star
40

eventbus

Listen for Postgres database change events and publish them to event listeners
Crystal
3
star
41

knx

KNX protocol support for crystal lang
Crystal
3
star
42

tokenizer

Simplified binary stream tokenization for crystal lang
Crystal
2
star
43

crystal-dtls

DTLS support for crystal lang
Crystal
2
star
44

stumpy_resize

resizes stumpy canvas images in pure crystal
Crystal
2
star
45

upload-signer

Provide API for generating pre-signed URLs for file uploads to cloud storage
Crystal
2
star
46

SPAKE2_plus

a crystal lang implementation of SPAKE2+, a Password Authenticated Key Exchange (PAKE) protocol
Crystal
2
star
47

stomp

crystal lang implementation of the STOMP protocol
Crystal
1
star
48

tlv

Matter TLV encoder/decoder
Crystal
1
star
49

gpio.cr

crystal lang bindings for linux gpiod
Crystal
1
star
50

HKDF

HMAC-based Extract-and-Expand Key Derivation Function (HKDF) for crystal lang
Crystal
1
star
51

panopticon

Distributed tracing for services built in crystal-lang
Crystal
1
star
52

tflite_image

image classification and feature detection with tflite and crystal lang
Crystal
1
star
53

tflite_pipeline

video processing AI pipeline leveraging tflite_image
Crystal
1
star
54

link-header

Crystal Lang HTTP Link Header Parser
Crystal
1
star