implemented nimbus and thinbus srp client types, removed tests

.swiftpm/xcode/xcuserdata/kbkarimov.xcuserdatad/xcschemes/xcschememanagement.plist

@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>SchemeUserState</key>
+	<dict>
+		<key>Demo (Playground) 1.xcscheme</key>
+		<dict>
+			<key>isShown</key>
+			<false/>
+			<key>orderHint</key>
+			<integer>1</integer>
+		</dict>
+		<key>Demo (Playground) 2.xcscheme</key>
+		<dict>
+			<key>isShown</key>
+			<false/>
+			<key>orderHint</key>
+			<integer>2</integer>
+		</dict>
+		<key>Demo (Playground).xcscheme</key>
+		<dict>
+			<key>isShown</key>
+			<false/>
+			<key>orderHint</key>
+			<integer>0</integer>
+		</dict>
+	</dict>
+</dict>
+</plist>

CHANGELOG.md

@@ -1,3 +1,7 @@
+## 3.2.0 - 2021-02-25
+### Changes
+- Implemented Nimbus and Thinbus client compatibility
+
 ## 3.1.0 - 2018-10-20
 ### Changes
 - Upgrade BlueCryptor to 1.x for Xcode 10 compatibility

README.md

@@ -5,8 +5,6 @@ Secure Remote Password is a authentication protocol to prove your identity to
 another party, using a password, but without ever revealing that password to
 other parties. Not even the party you are proving your identity. See [Secure Remote Password protocol][5] for more information on this protocol.
 
-![CI status](https://github.com/Bouke/SRP/workflows/Test/badge.svg)
-
 ## Example usage
 
 ```swift
@@ -63,14 +61,8 @@ low failure rates due to the randomness this protocol includes.
 
 * Python: ❌ [srp][2] is not compatible; it doesn't correctly calculate `k`.
 * Python: ✅ [srptools][3] is compatible.
-
-## Development
-
-### Testing
-
-This project includes unit tests. A few compiler flags are required to run the tests swiftly:
-
-    swift test -c release -Xswiftc -enable-testing
+* Nimbus: ✅ [nimbus][7] is compatible.
+* Thinbus: ✅ [thinbus][8] is compatible.
 
 ## References
 
@@ -79,11 +71,14 @@ This project includes unit tests. A few compiler flags are required to run the t
 
 ## Credits
 
-This library was written by [Bouke Haarsma][4].
+This library was written originally by [Bouke Haarsma][4] and improved by [Karim Karimov][6].
 
 [0]: https://tools.ietf.org/html/rfc2945
 [1]: https://tools.ietf.org/html/rfc5054
 [2]: https://pypi.python.org/pypi/srp
 [3]: https://pypi.python.org/pypi/srptools
 [4]: https://twitter.com/BoukeHaarsma
 [5]: https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol
+[6]: https://github.com/kerimovscreations
+[7]: https://connect2id.com/products/nimbus-srp
+[8]: https://github.com/simbo1905/thinbus-srp-npm

Sources/Client.swift

@@ -36,7 +36,7 @@ public class Client {
         if let privateKey = privateKey {
             a = BigUInt(privateKey)
         } else {
-            a = BigUInt(Data(bytes: try! Random.generate(byteCount: 128)))
+            a = BigUInt(Data(try! Random.generate(byteCount: max(32, group.getNSize()))))
         }
         // A = g^a % N
         A = group.g.power(a, modulus: group.N)
@@ -112,7 +112,7 @@ public class Client {
     /// - Returns: key proof (M)
     /// - Throws: `AuthenticationFailure.invalidPublicKey` if the server's 
     ///     public key is invalid (i.e. B % N is zero).
-    public func processChallenge(salt: Data, publicKey serverPublicKey: Data) throws -> Data {
+    public func processChallenge(clientType: ClientType, salt: Data, publicKey serverPublicKey: Data) throws -> Data {
         let H = Digest.hasher(algorithm)
         let N = group.N
 
@@ -121,15 +121,29 @@ public class Client {
         guard B % N != 0 else {
             throw AuthenticationFailure.invalidPublicKey
         }
-
-        let u = calculate_u(group: group, algorithm: algorithm, A: publicKey, B: serverPublicKey)
+
         let k = calculate_k(group: group, algorithm: algorithm)
-        let x = self.precomputedX ?? calculate_x(algorithm: algorithm, salt: salt, username: username, password: password!)
-        let v = calculate_v(group: group, x: x)
 
+        let u: BigUInt
+        let x: BigUInt
+
+        switch clientType {
+        case .nimbus:
+            u = calculate_u(group: group, algorithm: algorithm, A: publicKey, B: serverPublicKey)
+            x = self.precomputedX ?? calculate_x_nimbus(algorithm: algorithm, salt: salt, password: password!)
+        case .thinbus:
+            u = calculate_u_thinbus(group: group, algorithm: algorithm, A: publicKey, B: serverPublicKey)
+            x = self.precomputedX ?? calculate_x_thinbus(group: group, algorithm: algorithm, salt: salt, username: username, password: password!)
+        case .srptools:
+            u = calculate_u(group: group, algorithm: algorithm, A: publicKey, B: serverPublicKey)
+            x = self.precomputedX ?? calculate_x(algorithm: algorithm, salt: salt, username: username, password: password!)
+        }
+
+        let v = calculate_v(group: group, x: x)
+
         // shared secret
         // S = (B - kg^x) ^ (a + ux)
-        // Note that v = g^x, and that B - kg^x might become negative, which 
+        // Note that v = g^x, and that B - kg^x might become negative, which
         // cannot be stored in BigUInt. So we'll add N to B_ and make sure kv
         // isn't greater than N.
         let S = (B + N - k * v % N).power(a + u * x, modulus: N)
@@ -138,7 +152,16 @@ public class Client {
         K = H(S.serialize())
 
         // client verification
-        let M = calculate_M(group: group, algorithm: algorithm, username: username, salt: salt, A: publicKey, B: serverPublicKey, K: K!)
+        let M: Data
+
+        switch clientType {
+        case .nimbus:
+            M = calculate_M_nimbus(group: group, algorithm: algorithm, A: publicKey, B: serverPublicKey, S: S.serialize())
+        case .thinbus:
+            M = calculate_M_thinbus(group: group, algorithm: algorithm, A: publicKey, B: serverPublicKey, S: S.serialize())
+        case .srptools:
+            M = calculate_M(group: group, algorithm: algorithm, username: username, salt: salt, A: publicKey, B: serverPublicKey, K: K!)
+        }
 
         // server verification
         HAMK = calculate_HAMK(algorithm: algorithm, A: publicKey, M: M, K: K!)

Sources/ClientType.swift

@@ -0,0 +1,12 @@
+//
+//  File.swift
+//  
+//
+//  Created by Karim Karimov on 25.02.21.
+//
+
+import Foundation
+
+public enum ClientType {
+    case nimbus, thinbus, srptools
+}

Sources/Data+Extensions.swift

@@ -15,3 +15,21 @@ func + (lhs: Data, rhs: Data) -> Data {
     result.append(rhs)
     return result
 }
+
+extension Data {
+    public var hexadecimalString : String {
+        var str = ""
+        enumerateBytes { buffer, index, stop in
+            for byte in buffer {
+                str.append(String(format:"%02x",byte))
+            }
+        }
+        return str
+    }
+}
+
+extension NSData {
+    public var hexadecimalString : String {
+        return (self as Data).hexadecimalString
+    }
+}

Sources/Group.swift

@@ -26,6 +26,9 @@ import BigInt
 ///        Network and Distributed Systems Security, San Diego, CA,
 ///        pp. 97-111.
 public enum Group {
+    /// 256-bits group
+    case N256
+
     /// 1024-bits group
     case N1024
 
@@ -71,6 +74,10 @@ public enum Group {
 
     var N: BigUInt {
         switch self {
+        case .N256:
+            return BigUInt(
+                "115B8B692E0E045692CF280B436735C77A5A9E8A9E7ED56C965F87DB5B2A2ECE3",
+                radix: 16)!
         case .N1024:
             return BigUInt(
                 "EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C" +
@@ -216,9 +223,15 @@ public enum Group {
             return custom.N
         }
     }
+
+    public func getNSize() -> Int {
+        return N.serialize().count
+    }
 
     var g: BigUInt {
         switch self {
+        case .N256:
+            return BigUInt(2)
         case .N1024:
             return BigUInt(2)
         case .N1536: