com.nimbusds.srp6

Class SRP6ClientSession

java.lang.Object

com.nimbusds.srp6.SRP6Session

com.nimbusds.srp6.SRP6ClientSession

public class SRP6ClientSession
extends SRP6Session

Stateful client-side Secure Remote Password (SRP-6a) authentication session. Handles the computing and storing of SRP-6a variables between the protocol steps as well as timeouts.

Usage:

• Create a new SRP-6a client session for each authentication attempt.
• If you wish to use custom routines for the password key 'x', the server evidence message 'M1', and / or the client evidence message 'M2' specify them at this point.
• Proceed to step one by recording the input user identity 'I' (submitted to the server) and password 'P'.
• Proceed to step two on receiving the password salt 's' and the public server value 'B' from the server. At this point the SRP-6a crypto parameters 'N', 'g' and 'H' must also be specified. These can either be agreed in advance between server and client or suggested by the server in its step one response.
• Proceed to step three on receiving the server evidence message 'M2'.

Author:

Vladimir Dzhuvinov

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	SRP6ClientSession.State Enumerates the states of a client-side SRP-6a authentication session.

Field Summary

Fields inherited from class com.nimbusds.srp6.SRP6Session

A, B, clientEvidenceRoutine, config, digest, hashedKeysRoutine, k, lastActivity, M1, M2, random, s, S, serverEvidenceRoutine, timeout, u, userID

Constructor Summary

Constructors

Constructor and Description
SRP6ClientSession() Creates a new client-side SRP-6a authentication session and sets its state to SRP6ClientSession.State.INIT.
SRP6ClientSession(int timeout) Creates a new client-side SRP-6a authentication session and sets its state to SRP6ClientSession.State.INIT.

Method Summary

Methods

Modifier and Type	Method and Description
SRP6ClientSession.State	getState() Returns the current state of this SRP-6a authentication session.
XRoutine	getXRoutine() Gets the custom routine for the password key 'x' computation.
void	setXRoutine(XRoutine routine) Sets a custom routine for the password key 'x' computation.
void	step1(String userID, String password) Records the identity 'I' and password 'P' of the authenticating user.
SRP6ClientCredentials	step2(SRP6CryptoParams config, BigInteger s, BigInteger B) Receives the password salt 's' and public value 'B' from the server.
void	step3(BigInteger M2) Receives the server evidence message 'M1'.

Methods inherited from class com.nimbusds.srp6.SRP6Session

getAttribute, getClientEvidenceMessage, getClientEvidenceRoutine, getCryptoParams, getHashedKeysRoutine, getLastActivityTime, getPublicClientValue, getPublicServerValue, getSalt, getServerEvidenceMessage, getServerEvidenceRoutine, getSessionKey, getTimeout, getUserID, hasTimedOut, setAttribute, setClientEvidenceRoutine, setHashedKeysRoutine, setServerEvidenceRoutine, updateLastActivityTime

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SRP6ClientSession

public SRP6ClientSession(int timeout)

Creates a new client-side SRP-6a authentication session and sets its state to SRP6ClientSession.State.INIT.

Parameters:

timeout - The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. If zero timeouts are disabled.

SRP6ClientSession

public SRP6ClientSession()

Creates a new client-side SRP-6a authentication session and sets its state to SRP6ClientSession.State.INIT. Session timeouts are disabled.

Method Detail

setXRoutine

public void setXRoutine(XRoutine routine)

Sets a custom routine for the password key 'x' computation. Note that the custom routine must be set prior to SRP6ClientSession.State.STEP_2.

Parameters:

routine - The password key 'x' routine or null to use the default one instead.

getXRoutine

public XRoutine getXRoutine()

Gets the custom routine for the password key 'x' computation.

Returns:

The routine instance or null if the default default one is used.

step1

public void step1(String userID,
         String password)

Records the identity 'I' and password 'P' of the authenticating user. The session is incremented to SRP6ClientSession.State.STEP_1.

Argument origin:

• From user: user identity 'I' and password 'P'.

Parameters:

userID - The identity 'I' of the authenticating user, UTF-8 encoded. Must not be null or empty.

password - The user password 'P', UTF-8 encoded. Must not be null.

Throws:

IllegalStateException - If the method is invoked in a state other than SRP6ClientSession.State.INIT.

step2

public SRP6ClientCredentials step2(SRP6CryptoParams config,
                          BigInteger s,
                          BigInteger B)
                            throws SRP6Exception

Receives the password salt 's' and public value 'B' from the server. The SRP-6a crypto parameters are also set. The session is incremented to SRP6ClientSession.State.STEP_2.

Argument origin:

• From server: password salt 's', public value 'B'.
• From server or pre-agreed: crypto parameters prime 'N', generator 'g' and hash function 'H'.

Parameters:

config - The SRP-6a crypto parameters. Must not be null.

s - The password salt 's'. Must not be null.

B - The public server value 'B'. Must not be null.

Returns:

The client credentials consisting of the client public key 'A' and the client evidence message 'M1'.

Throws:

IllegalStateException - If the method is invoked in a state other than SRP6ClientSession.State.STEP_1.

SRP6Exception - If the session has timed out or the public server value 'B' is invalid.

step3

public void step3(BigInteger M2)
           throws SRP6Exception

Receives the server evidence message 'M1'. The session is incremented to SRP6ClientSession.State.STEP_3.

Argument origin:

• From server: evidence message 'M2'.

Parameters:

M2 - The server evidence message 'M2'. Must not be null.

Throws:

IllegalStateException - If the method is invoked in a state other than SRP6ClientSession.State.STEP_2.

SRP6Exception - If the session has timed out or the server evidence message 'M2' is invalid.

getState

public SRP6ClientSession.State getState()

Returns the current state of this SRP-6a authentication session.

Returns:

The current state.