Initial commit.

Author: jchv

.github/workflows/nodejs.yml

@@ -0,0 +1,24 @@
+name: Node.JS
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+    name: Run Build
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [18.x]
+    steps:
+    - uses: actions/checkout@v2
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v2
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: 'npm'
+    - run: npm ci
+    - run: npm run build

.github/workflows/publish.yml

@@ -0,0 +1,32 @@
+name: NPM.JS Publish
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions: 
+      contents: read
+      packages: write
+    strategy:
+      matrix:
+        node-version: [18.x]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@main
+      - name: Setup Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: ${{ matrix.node-version }}
+          registry-url: 'https://registry.npmjs.org'
+      - name: Install
+        run: npm ci
+      - name: Build
+        run: npm run build
+      - name: Publish Package
+        run: npm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.gitignore

@@ -0,0 +1,3 @@
+/node_modules
+/index.js
+/index.js.map

LICENSE

@@ -0,0 +1,15 @@
+ISC License
+
+Copyright © 2022, John Chadwick <john@jchw.io>
+
+Permission to use, copy, modify, and/or distribute this software for any purpose
+with or without fee is hereby granted, provided that the above copyright notice
+and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
+THIS SOFTWARE.

README.md

@@ -0,0 +1,16 @@
+# js-srp
+This is an implementation of the SRP-6a protocol with modifications to provide compatibility with [opencoff/go-srp](https://github.com/opencoff/go-srp). These differences are quoted here, from the [opencoff/go-srp README](https://github.com/opencoff/go-srp#differences-from-srp-6a-and-rfc-5054).
+
+> Differences from SRP-6a and RFC 5054
+>
+> We differ from the SRP-6a spec and RFC 5054 in a couple of key ways:
+>
+> - We hash the identity I; this provides some (minimal) protection against dictionary attacks on the username.
+> - We hash the user passphrase p; this expands shorter passphrase into longer ones and extends the alphabet used in the passphrase.
+> - We differ from RFC 5054 in our choice of hash function; we use Blake-2b. SHA-1 is getting long in the tooth, Blake2b is the current state-of-the art. Equivalently, one may use SHA3 (see below for using a user supplied hash function).
+
+The only difference is that Blake2b is not supported because it is not offered by WebCrypto; instead, you can choose between the overlapping supported hash functions between opencoff/go-srp and WebCrypto.
+
+Currently, only client functionality is implemented.
+
+This library does not have any external runtime dependencies. It requires a JavaScript runtime that supports w3c Typed Arrays, BigInt, and WebCrypto, which includes the majority of web browsers and JavaScript engines.