#crypto #aws #cognito

cognito_srp

AWS cognito Secure Remote Password (SRP) client implementation

3 releases

Uses new Rust 2021

0.1.2 Aug 15, 2022
0.1.1 Aug 14, 2022
0.1.0 Aug 13, 2022

#280 in Cryptography

MIT license

16KB
277 lines

cognito_srp

Pure Rust implementation of AWS cognito SRP password authenticated key-exchange algorithm.

The library is a port of Python warrant library's cryptography with a different interface.

The library is not production ready.

Security Warning

The code has not been audited for security risks and the implementation might not be correct.

USE AT YOUR OWN RISK!

Minimum Supported Rust Version

Rust 1.56 or higher.

License

Crate is licensed under

Usage

Instantiate a SrpClient, use get_auth_params function for the SDK cognito idp initiate_auth challenge response flow initiate step

Use process_challenge to generate the response to the server challenge.

    let srp_client = SrpClient::new();

    let srp_client = SrpClient::new(
        "COGNITO_USERNAME",
        "COGNITO_PASSWORD",
        "COGNITO_POOL_ID",
        "COGNITO_CLIENT_ID",
        None,
    );

    let auth_init_res = cognito_client
        .initiate_auth()
        .auth_flow(AuthFlowType::UserSrpAuth)
        .client_id("cognito client id".to_string())
        .set_auth_parameters(Some(srp_client.get_auth_params().unwrap()))
        .send()
        .await;

    let auth_init_out = auth_init_res.unwrap();

    let challenge_params =
        auth_init_out
            .challenge_parameters
            .unwrap();
    let challenge_responses =
        srp_client.process_challenge(challenge_params).unwrap();

    let password_challenge_result = cognito_client
        .respond_to_auth_challenge()
        .set_challenge_responses(Some(challenge_responses))
        .client_id("cognito client id".to_string())
        .challenge_name(ChallengeNameType::PasswordVerifier)
        .send()
        .await;

    let password_challenge_response = password_challenge_result.unwrap();

A comprehensive example integrating with AWS SDK for rust is available here: https://github.com/lucdew/cognito-srp-auth

Tests

Only tested manually without any client secret.

Dependencies

~3–4MB
~93K SLoC