Client

public class Client

SRP Client; the party that initializes the authentication and must proof possession of the correct password.

  • Whether the session is authenticated, i.e. the password was verified by the server and proof of a valid session key was provided by the server. If true, sessionKey is also available.

    Declaration

    Swift

    public private(set) var isAuthenticated = false

  • Initialize the Client SRP party.

    Declaration

    Swift

    public init(
        username: String,
        password: String,
        group: Group = .N2048,
        algorithm: Digest.Algorithm = .sha1,
        privateKey: Data? = nil)

    Parameters

    username

    user’s username.
    password

    user’s password.
    group

    which Group to use, must be the same for the server as well as the pre-stored verificationKey.
    algorithm

    which Digest.Algorithm to use, again this must be the same for the server as well as the pre-stored verificationKey.
    privateKey

    (optional) custom private key (a); if providing the private key of the Client, make sure to provide a good random key of at least 32 bytes. Default is to generate a private key of 128 bytes. You MUST not re-use the private key between sessions.

  • Starts authentication. This method is a no-op.

    Declaration

    Swift

    public func startAuthentication() -> (username: String, publicKey: Data)

    Return Value

    username (I) and publicKey (A)

  • Process the challenge provided by the server. This sets the sessionKey and generates proof that it generated the correct key from the password and the challenge. After the server has also proven the validity of their key, the sessionKey can be used.

    Throws

    AuthenticationFailure.invalidPublicKey if the server’s public key is invalid (i.e. B % N is zero).

    Declaration

    Swift

    public func processChallenge(salt: Data, publicKey serverPublicKey: Data) throws -> Data

    Parameters

    salt

    user-specific salt (s)
    publicKey

    server’s public key (B)

    Return Value

    key proof (M)

  • After the server has verified that the password is correct, it will send proof of the derived session key. This is verified on our end and finalizes the authentication session. After this step, the sessionKey is available.

    Throws

    Declaration

    Swift

    public func verifySession(keyProof serverKeyProof: Data) throws

    Parameters

    HAMK

    proof of the server that it derived the same session key.

  • The client’s public key (A). For every authentication session a new public key is generated.

    Declaration

    Swift

    public var publicKey: Data

  • The client’s private key (a). For every authentication session a new random private key is generated.

    Declaration

    Swift

    public var privateKey: Data

  • The session key (K) that is exchanged during authentication. This key can be used to encrypt further communication between client and server.

    Declaration

    Swift

    public var sessionKey: Data?