Server

public class Server

SRP Server; party that verifies the Client’s challenge/response against the known password verifier stored for a user.

  • Whether the session is authenticated, i.e. the password was verified by the server and proof of a valid session key was provided by the server. If true, sessionKey is also available.

    Declaration

    Swift

    public private(set) var isAuthenticated = false

  • Initialize the Server SRP party. The username is provided by the Client. The salt and verificationKey have been stored prior to the authentication attempt.

    Declaration

    Swift

    public init(
        username: String,
        salt: Data,
        verificationKey: Data,
        group: Group = .N2048,
        algorithm: Digest.Algorithm = .sha1,
        privateKey: Data? = nil)

    Parameters

    username

    username (I) provided by the client.
    salt

    salt (s) stored for this username.
    verificationKey

    verification key (v) stored for this username.
    group

    which Group to use, must be the same for the client as well as the pre-stored verificationKey.
    algorithm

    which Digest.Algorithm to use, again this must be the same for the client as well as the pre-stored verificationKey.
    privateKey

    (optional) custom private key (a); if providing the private key of the Server, make sure to provide a good random key of at least 32 bytes. Default is to generate a private key of 128 bytes. You MUST not re-use the private key between sessions. However the private key might be shared when running multiple instances and an authentication session might be handled by multiple instances.

  • Returns the challenge. This method is a no-op.

    Declaration

    Swift

    public func getChallenge() -> (salt: Data, publicKey: Data)

    Return Value

    salt (s) and publicKey (B)

  • Verify that the client did generate the correct sessionKey from their password and the challenge we provided. We’ll generate the sessionKey as well and proof the client we have posession of the password verifier and thus generated the same sessionKey from that.

    Throws

    Declaration

    Swift

    public func verifySession(publicKey clientPublicKey: Data, keyProof clientKeyProof: Data) throws -> Data

    Parameters

    clientPublicKey

    client’s public key
    clientKeyProof

    client’s proof of sessionKey

    Return Value

    our proof of sessionKey (H(A|M|K))

  • The server’s public key (A). For every authentication session a new public key is generated.

    Declaration

    Swift

    public var publicKey: Data

  • The server’s private key (a). For every authentication session a new random private key is generated.

    Declaration

    Swift

    public var privateKey: Data

  • The session key (K) that is exchanged during authentication. This key can be used to encrypt further communication between client and server.

    Declaration

    Swift

    public var sessionKey: Data?