com.nimbusds.srp6

Class SRP6ServerSession

java.lang.Object

com.nimbusds.srp6.SRP6Session

com.nimbusds.srp6.SRP6ServerSession

All Implemented Interfaces:

Serializable

public class SRP6ServerSession
extends SRP6Session
implements Serializable

Stateful server-side Secure Remote Password (SRP-6a) authentication session. Handles the computing and storing of SRP-6a variables between the protocol steps as well as timeouts.

Usage:

• Create a new SRP-6a server session for each client authentication attempt.
• If you wish to use custom routines for the server evidence message 'M1' and / or the client evidence message 'M2' specify them at this point.
• Proceed to step one on receiving a valid user identity 'I' from the authenticating client. Respond with the server public value 'B' and password salt 's'. If the SRP-6a crypto parameters 'N', 'g' and 'H' were not agreed in advance between server and client append them to the response.
• Proceed to step two on receiving the public client value 'A' and evidence message 'M1'. If the client credentials are valid signal success and return the server evidence message 'M2'. The established session key 'S' may be retrieved to encrypt further communication with the client. Else signal an authentication failure to the client.

Author:

Vladimir Dzhuvinov, Bernard Wittwer

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	SRP6ServerSession.State Enumerates the states of a server-side SRP-6a authentication session.

Field Summary

Fields inherited from class com.nimbusds.srp6.SRP6Session

A, B, clientEvidenceRoutine, config, hashedKeysRoutine, k, lastActivity, M1, M2, random, s, S, serverEvidenceRoutine, timeout, u, userID

Constructor Summary

Constructors

Constructor and Description
SRP6ServerSession(SRP6CryptoParams config) Creates a new server-side SRP-6a authentication session and sets its state to SRP6ServerSession.State.INIT.
SRP6ServerSession(SRP6CryptoParams config, int timeout) Creates a new server-side SRP-6a authentication session and sets its state to SRP6ServerSession.State.INIT.

Method Summary

Methods

Modifier and Type	Method and Description
SRP6ServerSession.State	getState() Returns the current state of this SRP-6a authentication session.
BigInteger	mockStep1(String userID, BigInteger s, BigInteger v) Increments this SRP-6a authentication session to SRP6ServerSession.State.STEP_1 indicating a non-existing user identity 'I' with mock (simulated) salt 's' and password verifier 'v' values.
BigInteger	step1(String userID, BigInteger s, BigInteger v) Increments this SRP-6a authentication session to SRP6ServerSession.State.STEP_1.
BigInteger	step2(BigInteger A, BigInteger M1) Increments this SRP-6a authentication session to SRP6ServerSession.State.STEP_2.

Methods inherited from class com.nimbusds.srp6.SRP6Session

getAttribute, getClientEvidenceMessage, getClientEvidenceRoutine, getCryptoParams, getHashedKeysRoutine, getLastActivityTime, getPublicClientValue, getPublicServerValue, getSalt, getServerEvidenceMessage, getServerEvidenceRoutine, getSessionKey, getTimeout, getUserID, hasTimedOut, setAttribute, setClientEvidenceRoutine, setHashedKeysRoutine, setServerEvidenceRoutine, updateLastActivityTime

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SRP6ServerSession

public SRP6ServerSession(SRP6CryptoParams config,
                 int timeout)

Creates a new server-side SRP-6a authentication session and sets its state to SRP6ServerSession.State.INIT.

Parameters:

config - The SRP-6a crypto parameters configuration. Must not be null.

timeout - The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. If zero timeouts are disabled.

SRP6ServerSession

public SRP6ServerSession(SRP6CryptoParams config)

Creates a new server-side SRP-6a authentication session and sets its state to SRP6ServerSession.State.INIT. Session timeouts are disabled.

Parameters:

config - The SRP-6a crypto parameters configuration. Must not be null.

Method Detail

step1

public BigInteger step1(String userID,
               BigInteger s,
               BigInteger v)

Increments this SRP-6a authentication session to SRP6ServerSession.State.STEP_1.

Argument origin:

• From client: user identity 'I'.
• From server database: matching salt 's' and password verifier 'v' values.

Parameters:

userID - The identity 'I' of the authenticating user. Must not be null or empty.

s - The password salt 's'. Must not be null.

v - The password verifier 'v'. Must not be null.

Returns:

The server public value 'B'.

Throws:

IllegalStateException - If the mehod is invoked in a state other than SRP6ServerSession.State.INIT.

mockStep1

public BigInteger mockStep1(String userID,
                   BigInteger s,
                   BigInteger v)

Increments this SRP-6a authentication session to SRP6ServerSession.State.STEP_1 indicating a non-existing user identity 'I' with mock (simulated) salt 's' and password verifier 'v' values.

This method can be used to avoid informing the client at step one that the user identity is bad and throw instead a guaranteed general "bad credentials" SRP-6a exception at step two.

Argument origin:

• From client: user identity 'I'.
• Simulated by server, preferably consistently for the specified identity 'I': salt 's' and password verifier 'v' values.

Parameters:

userID - The identity 'I' of the authenticating user. Must not be null or empty.

s - The password salt 's'. Must not be null.

v - The password verifier 'v'. Must not be null.

Returns:

The server public value 'B'.

Throws:

IllegalStateException - If the method is invoked in a state other than SRP6ServerSession.State.INIT.

step2

public BigInteger step2(BigInteger A,
               BigInteger M1)
                 throws SRP6Exception

Increments this SRP-6a authentication session to SRP6ServerSession.State.STEP_2.

Argument origin:

• From client: public value 'A' and evidence message 'M1'.

Parameters:

A - The client public value. Must not be null.

M1 - The client evidence message. Must not be null.

Returns:

The server evidence message 'M2'.

Throws:

SRP6Exception - If the session has timed out, the client public value 'A' is invalid or the user credentials are invalid.

IllegalStateException - If the method is invoked in a state other than SRP6ServerSession.State.STEP_1.

getState

public SRP6ServerSession.State getState()

Returns the current state of this SRP-6a authentication session.

Returns:

The current state.