Package de.bsvrz.sys.funclib.srp6
Class SRP6ClientSession
java.lang.Object
de.bsvrz.sys.funclib.srp6.SRP6Session
de.bsvrz.sys.funclib.srp6.SRP6ClientSession
- All Implemented Interfaces:
Serializable
Stateful client-side Secure Remote Password (SRP-6a) authentication session.
Handles the computing and storing of SRP-6a variables between the protocol
steps as well as timeouts.
Usage:
- Create a new SRP-6a client session for each authentication attempt.
- If you wish to use custom routines for the password key 'x', the server evidence message 'M1', and / or the client evidence message 'M2' specify them at this point.
- Proceed to
step one
by recording the input user identity 'I' (submitted to the server) and password 'P'. - Proceed to
step two
on receiving the password salt 's' and the public server value 'B' from the server. At this point the SRP-6a crypto parameters 'N', 'g' and 'H' must also be specified. These can either be agreed in advance between server and client or suggested by the server in its step one response. - Proceed to
step three
on receiving the server evidence message 'M2'.
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic enum
Enumerates the states of a client-side SRP-6a authentication session. -
Field Summary
Fields inherited from class de.bsvrz.sys.funclib.srp6.SRP6Session
A, B, clientEvidenceRoutine, config, hashedKeysRoutine, k, lastActivity, M1, M2, random, s, S, serverEvidenceRoutine, srp6Routines, timeout, u, userID
-
Constructor Summary
ConstructorsConstructorDescriptionCreates a new client-side SRP-6a authentication session and sets its state toSRP6ClientSession.State.INIT
.SRP6ClientSession
(int timeout) Creates a new client-side SRP-6a authentication session and sets its state toSRP6ClientSession.State.INIT
. -
Method Summary
Modifier and TypeMethodDescriptiongetState()
Returns the current state of this SRP-6a authentication session.Gets the custom routine for the password key 'x' computation.void
setXRoutine
(XRoutine routine) Sets a custom routine for the password key 'x' computation.void
Records the identity 'I' and password 'P' of the authenticating user.step2
(SRP6CryptoParams config, BigInteger s, BigInteger B) Receives the password salt 's' and public value 'B' from the server.void
step3
(BigInteger M2) Receives the server evidence message 'M1'.Methods inherited from class de.bsvrz.sys.funclib.srp6.SRP6Session
getAttribute, getClientEvidenceMessage, getClientEvidenceRoutine, getCryptoParams, getHashedKeysRoutine, getLastActivityTime, getPublicClientValue, getPublicServerValue, getSalt, getServerEvidenceMessage, getServerEvidenceRoutine, getSessionKey, getSessionKeyHash, getTimeout, getUserID, hasTimedOut, setAttribute, setClientEvidenceRoutine, setHashedKeysRoutine, setServerEvidenceRoutine, updateLastActivityTime
-
Constructor Details
-
SRP6ClientSession
public SRP6ClientSession(int timeout) Creates a new client-side SRP-6a authentication session and sets its state toSRP6ClientSession.State.INIT
.- Parameters:
timeout
- The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. If zero timeouts are disabled.
-
SRP6ClientSession
public SRP6ClientSession()Creates a new client-side SRP-6a authentication session and sets its state toSRP6ClientSession.State.INIT
. Session timeouts are disabled.
-
-
Method Details
-
setXRoutine
Sets a custom routine for the password key 'x' computation. Note that the custom routine must be set prior toSRP6ClientSession.State.STEP_2
.- Parameters:
routine
- The password key 'x' routine ornull
to use thedefault one
instead.
-
getXRoutine
Gets the custom routine for the password key 'x' computation.- Returns:
- The routine instance or
null
if the defaultdefault one
is used.
-
step1
Records the identity 'I' and password 'P' of the authenticating user. The session is incremented toSRP6ClientSession.State.STEP_1
.Argument origin:
- From user: user identity 'I' and password 'P'.
- Parameters:
userID
- The identity 'I' of the authenticating user, UTF-8 encoded. Must not benull
or empty.password
- The user password 'P', UTF-8 encoded. Must not benull
.- Throws:
IllegalStateException
- If the method is invoked in a state other thanSRP6ClientSession.State.INIT
.
-
step2
public SRP6ClientCredentials step2(SRP6CryptoParams config, BigInteger s, BigInteger B) throws SRP6Exception Receives the password salt 's' and public value 'B' from the server. The SRP-6a crypto parameters are also set. The session is incremented toSRP6ClientSession.State.STEP_2
.Argument origin:
- From server: password salt 's', public value 'B'.
- From server or pre-agreed: crypto parameters prime 'N', generator 'g' and hash function 'H'.
- Parameters:
config
- The SRP-6a crypto parameters. Must not benull
.s
- The password salt 's'. Must not benull
.B
- The public server value 'B'. Must not benull
.- Returns:
- The client credentials consisting of the client public key 'A' and the client evidence message 'M1'.
- Throws:
IllegalStateException
- If the method is invoked in a state other thanSRP6ClientSession.State.STEP_1
.SRP6Exception
- If the session has timed out or the public server value 'B' is invalid.
-
step3
Receives the server evidence message 'M1'. The session is incremented toSRP6ClientSession.State.STEP_3
.Argument origin:
- From server: evidence message 'M2'.
- Parameters:
M2
- The server evidence message 'M2'. Must not benull
.- Throws:
IllegalStateException
- If the method is invoked in a state other thanSRP6ClientSession.State.STEP_2
.SRP6Exception
- If the session has timed out or the server evidence message 'M2' is invalid.
-
getState
Returns the current state of this SRP-6a authentication session.- Returns:
- The current state.
-