Client Class Reference
Client
public class Client<H> where H : HashFunctionSRP Client; the party that initializes the authentication and must proof possession of the correct password.
-
Undocumented
Declaration
Swift
let a: BigUInt -
Undocumented
Declaration
Swift
let A: BigUInt -
Undocumented
Declaration
Swift
let group: Group -
Undocumented
Declaration
Swift
typealias impl = Implementation<H> -
Undocumented
Declaration
Swift
let username: String -
Undocumented
Declaration
Swift
var password: String? -
Undocumented
Declaration
Swift
var precomputedX: BigUInt? -
Undocumented
Declaration
Swift
var HAMK: Data? -
Undocumented
Declaration
Swift
var K: Data? -
Whether the session is authenticated, i.e. the password was verified by the server and proof of a valid session key was provided by the server. If
true,sessionKeyis also available.Declaration
Swift
public private(set) var isAuthenticated: Bool { get } -
Initialize the Client SRP party with a password.
Declaration
Swift
public convenience init( username: String, password: String, group: Group = .N3072, privateKey: Data? = nil)Parameters
usernameuser’s username.
passworduser’s password.
groupwhich
Groupto use, must be the same for the server as well as the pre-stored verificationKey.privateKey(optional) custom private key (a); if providing the private key of the
Client, make sure to provide a good random key of at least 32 bytes. Default is to generate a private key of 128 bytes. You MUST not re-use the private key between sessions. -
Initialize the Client SRP party with a precomputed x.
Declaration
Swift
public convenience init( username: String, precomputedX: Data, group: Group = .N3072, privateKey: Data? = nil)Parameters
usernameuser’s username.
precomputedXprecomputed SRP x.
groupwhich
Groupto use, must be the same for the server as well as the pre-stored verificationKey.privateKey(optional) custom private key (a); if providing the private key of the
Client, make sure to provide a good random key of at least 32 bytes. Default is to generate a private key of 128 bytes. You MUST not re-use the private key between sessions. -
Process the challenge provided by the server. This sets the
sessionKeyand generates proof that it generated the correct key from the password and the challenge. After the server has also proven the validity of their key, thesessionKeycan be used.Throws
AuthenticationFailure.invalidPublicKeyif the server’s public key is invalid (i.e. B % N is zero).Declaration
Swift
public func processChallenge(salt: Data, publicKey serverPublicKey: Data) throws -> (clientVerify: Data, sessionKey: SymmetricKey)Parameters
saltuser-specific salt (s)
publicKeyserver’s public key (B)
Return Value
key proof (M)
-
After the server has verified that the password is correct, it will send proof of the derived session key. This is verified on our end and finalizes the authentication session. After this step, the
sessionKeyis available.Throws
AuthenticationFailure.missingChallengeif this method is called before callingprocessChallenge.AuthenticationFailure.keyProofMismatchif the proof doesn’t match our own.
Declaration
Swift
public func verifySession(keyProof serverKeyProof: Data) throwsParameters
HAMKproof of the server that it derived the same session key.
-
The client’s public key (A). For every authentication session a new public key is generated.
Declaration
Swift
public var publicKey: Data { get } -
The client’s private key (a). For every authentication session a new random private key is generated.
Declaration
Swift
public var privateKey: Data { get } -
The session key (K) that is exchanged during authentication. This key can be used to encrypt further communication between client and server.
Declaration
Swift
public var sessionKey: Data? { get }