Class SRP6ClientSession

java.lang.Object
de.bsvrz.sys.funclib.srp6.SRP6Session
de.bsvrz.sys.funclib.srp6.SRP6ClientSession
All Implemented Interfaces:
Serializable

public class SRP6ClientSession extends SRP6Session implements Serializable
Stateful client-side Secure Remote Password (SRP-6a) authentication session. Handles the computing and storing of SRP-6a variables between the protocol steps as well as timeouts.

Usage:

  • Create a new SRP-6a client session for each authentication attempt.
  • If you wish to use custom routines for the password key 'x', the server evidence message 'M1', and / or the client evidence message 'M2' specify them at this point.
  • Proceed to step one by recording the input user identity 'I' (submitted to the server) and password 'P'.
  • Proceed to step two on receiving the password salt 's' and the public server value 'B' from the server. At this point the SRP-6a crypto parameters 'N', 'g' and 'H' must also be specified. These can either be agreed in advance between server and client or suggested by the server in its step one response.
  • Proceed to step three on receiving the server evidence message 'M2'.
See Also:
  • Constructor Details

    • SRP6ClientSession

      public SRP6ClientSession(int timeout)
      Creates a new client-side SRP-6a authentication session and sets its state to SRP6ClientSession.State.INIT.
      Parameters:
      timeout - The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. If zero timeouts are disabled.
    • SRP6ClientSession

      public SRP6ClientSession()
      Creates a new client-side SRP-6a authentication session and sets its state to SRP6ClientSession.State.INIT. Session timeouts are disabled.
  • Method Details

    • setXRoutine

      public void setXRoutine(XRoutine routine)
      Sets a custom routine for the password key 'x' computation. Note that the custom routine must be set prior to SRP6ClientSession.State.STEP_2.
      Parameters:
      routine - The password key 'x' routine or null to use the default one instead.
    • getXRoutine

      public XRoutine getXRoutine()
      Gets the custom routine for the password key 'x' computation.
      Returns:
      The routine instance or null if the default default one is used.
    • step1

      public void step1(String userID, String password)
      Records the identity 'I' and password 'P' of the authenticating user. The session is incremented to SRP6ClientSession.State.STEP_1.

      Argument origin:

      • From user: user identity 'I' and password 'P'.
      Parameters:
      userID - The identity 'I' of the authenticating user, UTF-8 encoded. Must not be null or empty.
      password - The user password 'P', UTF-8 encoded. Must not be null.
      Throws:
      IllegalStateException - If the method is invoked in a state other than SRP6ClientSession.State.INIT.
    • step2

      Receives the password salt 's' and public value 'B' from the server. The SRP-6a crypto parameters are also set. The session is incremented to SRP6ClientSession.State.STEP_2.

      Argument origin:

      • From server: password salt 's', public value 'B'.
      • From server or pre-agreed: crypto parameters prime 'N', generator 'g' and hash function 'H'.
      Parameters:
      config - The SRP-6a crypto parameters. Must not be null.
      s - The password salt 's'. Must not be null.
      B - The public server value 'B'. Must not be null.
      Returns:
      The client credentials consisting of the client public key 'A' and the client evidence message 'M1'.
      Throws:
      IllegalStateException - If the method is invoked in a state other than SRP6ClientSession.State.STEP_1.
      SRP6Exception - If the session has timed out or the public server value 'B' is invalid.
    • step3

      public void step3(BigInteger M2) throws SRP6Exception
      Receives the server evidence message 'M1'. The session is incremented to SRP6ClientSession.State.STEP_3.

      Argument origin:

      • From server: evidence message 'M2'.
      Parameters:
      M2 - The server evidence message 'M2'. Must not be null.
      Throws:
      IllegalStateException - If the method is invoked in a state other than SRP6ClientSession.State.STEP_2.
      SRP6Exception - If the session has timed out or the server evidence message 'M2' is invalid.
    • getState

      public SRP6ClientSession.State getState()
      Returns the current state of this SRP-6a authentication session.
      Returns:
      The current state.