Client
public class Client
SRP Client; the party that initializes the authentication and must proof possession of the correct password.
-
Whether the session is authenticated, i.e. the password was verified by the server and proof of a valid session key was provided by the server. If
true
,sessionKey
is also available.Declaration
Swift
public private(set) var isAuthenticated = false
-
Initialize the Client SRP party.
Declaration
Swift
public init( username: String, password: String, group: Group = .N2048, algorithm: Digest.Algorithm = .sha1, privateKey: Data? = nil)
Parameters
username
user’s username.
password
user’s password.
group
which
Group
to use, must be the same for the server as well as the pre-stored verificationKey.algorithm
which
Digest.Algorithm
to use, again this must be the same for the server as well as the pre-stored verificationKey.privateKey
(optional) custom private key (a); if providing the private key of the
Client
, make sure to provide a good random key of at least 32 bytes. Default is to generate a private key of 128 bytes. You MUST not re-use the private key between sessions. -
Starts authentication. This method is a no-op.
Declaration
Swift
public func startAuthentication() -> (username: String, publicKey: Data)
Return Value
username
(I) andpublicKey
(A) -
Process the challenge provided by the server. This sets the
sessionKey
and generates proof that it generated the correct key from the password and the challenge. After the server has also proven the validity of their key, thesessionKey
can be used.Throws
AuthenticationFailure.invalidPublicKey
if the server’s public key is invalid (i.e. B % N is zero).Declaration
Swift
public func processChallenge(salt: Data, publicKey serverPublicKey: Data) throws -> Data
Parameters
salt
user-specific salt (s)
publicKey
server’s public key (B)
Return Value
key proof (M)
-
After the server has verified that the password is correct, it will send proof of the derived session key. This is verified on our end and finalizes the authentication session. After this step, the
sessionKey
is available.Throws
AuthenticationFailure.missingChallenge
if this method is called before callingprocessChallenge
.AuthenticationFailure.keyProofMismatch
if the proof doesn’t match our own.
Declaration
Swift
public func verifySession(keyProof serverKeyProof: Data) throws
Parameters
HAMK
proof of the server that it derived the same session key.
-
The client’s public key (A). For every authentication session a new public key is generated.
Declaration
Swift
public var publicKey: Data
-
The client’s private key (a). For every authentication session a new random private key is generated.
Declaration
Swift
public var privateKey: Data
-
The session key (K) that is exchanged during authentication. This key can be used to encrypt further communication between client and server.
Declaration
Swift
public var sessionKey: Data?