Server
public class Server
SRP Server; party that verifies the Client’s challenge/response against the known password verifier stored for a user.
-
Whether the session is authenticated, i.e. the password was verified by the server and proof of a valid session key was provided by the server. If
true
,sessionKey
is also available.Declaration
Swift
public private(set) var isAuthenticated = false
-
Initialize the Server SRP party. The username is provided by the Client. The salt and verificationKey have been stored prior to the authentication attempt.
Declaration
Swift
public init( username: String, salt: Data, verificationKey: Data, group: Group = .N2048, algorithm: Digest.Algorithm = .sha1, privateKey: Data? = nil)
Parameters
username
username (I) provided by the client.
salt
salt (s) stored for this username.
verificationKey
verification key (v) stored for this username.
group
which
Group
to use, must be the same for the client as well as the pre-stored verificationKey.algorithm
which
Digest.Algorithm
to use, again this must be the same for the client as well as the pre-stored verificationKey.privateKey
(optional) custom private key (a); if providing the private key of the
Server
, make sure to provide a good random key of at least 32 bytes. Default is to generate a private key of 128 bytes. You MUST not re-use the private key between sessions. However the private key might be shared when running multiple instances and an authentication session might be handled by multiple instances. -
Returns the challenge. This method is a no-op.
Declaration
Swift
public func getChallenge() -> (salt: Data, publicKey: Data)
Return Value
salt
(s) andpublicKey
(B) -
Verify that the client did generate the correct
sessionKey
from their password and the challenge we provided. We’ll generate thesessionKey
as well and proof the client we have posession of the password verifier and thus generated the samesessionKey
from that.Throws
AuthenticationFailure.invalidPublicKey
if the client’s public key is invalid (i.e. B % N is zero).AuthenticationFailure.keyProofMismatch
if the proof doesn’t match our own.
Declaration
Swift
public func verifySession(publicKey clientPublicKey: Data, keyProof clientKeyProof: Data) throws -> Data
Parameters
clientPublicKey
client’s public key
clientKeyProof
client’s proof of
sessionKey
Return Value
our proof of
sessionKey
(H(A|M|K)) -
The server’s public key (A). For every authentication session a new public key is generated.
Declaration
Swift
public var publicKey: Data
-
The server’s private key (a). For every authentication session a new random private key is generated.
Declaration
Swift
public var privateKey: Data
-
The session key (K) that is exchanged during authentication. This key can be used to encrypt further communication between client and server.
Declaration
Swift
public var sessionKey: Data?