deriveSessionKey method
Derives the session key from the user's ephemeral public key.
Note: This method is optional and should only be called if your SRP usage requires early access to the session key (e.g., if the user's session verifier is encrypted with the session key). In most cases, call verifySession instead, which derives the session key automatically as part of verification.
Parameters:
ephemeralUserPublicKey: The user's ephemeral public key (A) received from the user during authentication
Returns: The derived session key (K) as a byte array
Throws:
- InvalidParameterException if the ephemeral user public key is invalid (A % N == 0), which may indicate an attack attempt
Side effects: Securely erases the verification key and ephemeral private key after deriving the session key.
Important: Even after calling this method, you must still call verifySession to complete authentication and verify the user's identity.
Implementation
Future<Uint8List> deriveSessionKey({required Uint8List ephemeralUserPublicKey}) async {
verifyEphemeralKey(ephemeralUserPublicKey.toBigInt(), safePrime, 'A (user)');
// u = H(A,B)
final randomScramblingParameter = (await _hashRfc5054(
[ephemeralUserPublicKey, _ephemeralServerPublicKey!]
)).toBigInt();
// Av^u
final base = ephemeralUserPublicKey.toBigInt() * _verifierKey.modPow(randomScramblingParameter, safePrime);
// (Av^u) ^ b
final power = base.modPow(_ephemeralServerPrivateKey!, safePrime).toByteList();
// K = H((Av^u) ^ b)
_sessionKey = await _hashFunction.hash(power);
// Delete items that are no longer needed.
_verifierKey = BigInt.zero;
_ephemeralServerPrivateKey = BigInt.zero;
return Uint8List.fromList(_sessionKey!);
}