srp6-server-session/new srp6-server-session/step1 srp6-server-session/step2
(srp6-server-session/new group-id)Create srp6 server session object along with `group-id`.
(srp6-server-session/step1 srp6-obj verifier hash rng)Takes a verifier (generated by srp6-generate-verifier) along with the group-id, and output a value B which is provided to the client.
(srp6-server-session/step2 srp6-obj A)Takes the parameter A generated by srp6-client-agree, and return the shared secret key.
In the event of an impersonation attack (or wrong username/password, etc) no error occurs, but the key returned will be different on the two sides. The two sides must verify each other, for example by using the shared secret to key an HMAC and then exchanging authenticated messages.
(srp6-generate-verifier identifier password salt group-id hash)Generates a new verifier using the specified `password` and `salt`. This is stored by the server. The salt must also be stored. Later, the given username(`identifier`) and `password` are used to by the client during the key agreement step.
(srp6-client-agree username password group-id hash salt B &opt rng)The client receives these parameters from the server, except for the `username` and `password` which are provided by the user. The parameter B is the output of step1.
The client agreement step outputs a shared symmetric key along with the parameter A which is returned to the server (and allows it the compute the shared key).