summaryrefslogblamecommitdiffstats
path: root/lib/srp_test.go
blob: 9d34eeb7a3554153d43ecd1481176d2f0dba8a4a (plain) (tree)
1
2
3
4
5
6
7
8
9
10
                                                             








                               
















































                                                                  


























































                                                                      
 



































                                                                      















































                                                                      





























                                                                      

































































                                                                            





















































































                                                                                  












                                                                            
 




























































































                                                                                  
// Copyright © 2022 siddharth ravikumar <s@ricketyspace.net>
// SPDX-License-Identifier: ISC

package lib

import (
	"math/big"
	"testing"
)

func TestSRPServerRegisterUser(t *testing.T) {
	n := "7"
	g := "2"
	k := "3"

	bobIdent := "bob@ricketyspace.net"
	bobPass := "d59d6c93af0f37f272d924979"
	bob, err := NewSRPUser(n, g, k, bobIdent, bobPass)

	aliceIdent := "alice@ricketyspace.net"
	alicePass := "5ae262bcfaf6b4de5a3edc9ae"
	alice, err := NewSRPUser(n, g, k, aliceIdent, alicePass)

	server := new(SRPServer)
	err = server.RegisterUser(bob)
	if err != nil {
		t.Errorf("registering bob: %v", err)
	}
	if len(server.users) != 1 {
		t.Errorf("server has %v users", len(server.users))
	}
	err = server.RegisterUser(alice)
	if err != nil {
		t.Errorf("registering alice: %v", err)
	}
	if len(server.users) != 2 {
		t.Errorf("server has %v users", len(server.users))
	}

	err = server.RegisterUser(bob)
	if err == nil {
		t.Errorf("server registered bob again")
		return
	}
	if err.Error() != "user already registered" {
		t.Errorf("registration message: %v", err)
		return
	}
	err = server.RegisterUser(alice)
	if err == nil {
		t.Errorf("server registered alice again")
		return
	}
	if err.Error() != "user already registered" {
		t.Errorf("registration message: %v", err)
		return
	}
}

func TestNewSRPUser(t *testing.T) {
	n := StripSpaceChars(
		`ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024
                 e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd
                 3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec
                 6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f
                 24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361
                 c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552
                 bb9ed529077096966d670c354e4abc9804f1746c08ca237327fff
                 fffffffffffff`)
	g := "2"
	k := "3"
	ident := "s@ricketyspace.net"
	pass := "d59d6c93af0f37f272d924979"
	user, err := NewSRPUser(n, g, k, ident, pass)
	if err != nil {
		t.Errorf("Error: %v\n", err)
		return
	}

	// Check n.
	bigN, _ := new(big.Int).SetString(StripSpaceChars(n), 16)
	if user.n.Cmp(bigN) != 0 {
		t.Error("Error: n not set correctly\n")
		return
	}
	// Check g.
	bigG, _ := new(big.Int).SetString(StripSpaceChars(g), 16)
	if user.g.Cmp(bigG) != 0 {
		t.Error("Error: g not set correctly\n")
		return
	}
	// Check k.
	bigK, _ := new(big.Int).SetString(StripSpaceChars(k), 16)
	if user.k.Cmp(bigK) != 0 {
		t.Error("Error: k not set correctly\n")
		return
	}
	// Check ident.
	if user.ident != ident {
		t.Error("Error: user not set correctly\n")
		return
	}
	// Check salt.
	if len(user.salt) < 8 {
		t.Error("Error: salt not set correctly\n")
		return
	}
	// Check x.
	if user.x.Cmp(big.NewInt(1)) < 0 {
		t.Error("Error: x not set correctly\n")
		return
	}
	// Check v.
	if user.v.Cmp(big.NewInt(1)) < 0 {
		t.Error("Error: v not set correctly\n")
		return
	}
}

func TestSRPUserEphemeralKey(t *testing.T) {
	n := StripSpaceChars(
		`ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024
                 e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd
                 3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec
                 6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f
                 24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361
                 c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552
                 bb9ed529077096966d670c354e4abc9804f1746c08ca237327fff
                 fffffffffffff`)
	g := "2"
	k := "3"
	ident := "s@ricketyspace.net"
	pass := "d59d6c93af0f37f272d924979"
	user, err := NewSRPUser(n, g, k, ident, pass)
	if err != nil {
		t.Errorf("Error: %v\n", err)
		return
	}

	user.EphemeralKeyGen()
	if user.b.Cmp(big.NewInt(0)) != 1 {
		t.Errorf("Error: b is <= 0")
		return
	}
	pub, err := user.EphemeralKeyPub()
	if err != nil {
		t.Errorf("Error: %v\n", err)
		return
	}
	if pub.Cmp(big.NewInt(0)) != 1 {
		t.Errorf("Error: pub is <= 0")
		return
	}
}

func TestNewSRPClientSession(t *testing.T) {
	n := StripSpaceChars(
		`ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024
                 e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd
                 3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec
                 6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f
                 24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361
                 c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552
                 bb9ed529077096966d670c354e4abc9804f1746c08ca237327fff
                 fffffffffffff`)
	g := "2"
	k := "3"
	ident := "s@ricketyspace.net"
	session, err := NewSRPClientSession(n, g, k, ident)
	if err != nil {
		t.Errorf("Error: %v\n", err)
		return
	}

	// Check n.
	bigN, _ := new(big.Int).SetString(StripSpaceChars(n), 16)
	if session.n.Cmp(bigN) != 0 {
		t.Error("Error: n not set correctly\n")
		return
	}
	// Check g.
	bigG, _ := new(big.Int).SetString(StripSpaceChars(g), 16)
	if session.g.Cmp(bigG) != 0 {
		t.Error("Error: g not set correctly\n")
		return
	}
	// Check k.
	bigK, _ := new(big.Int).SetString(StripSpaceChars(k), 16)
	if session.k.Cmp(bigK) != 0 {
		t.Error("Error: k not set correctly\n")
		return
	}
	// Check ident.
	if session.ident != ident {
		t.Error("Error: user not set correctly\n")
		return
	}
	// Check a.
	if session.a.Cmp(big.NewInt(1)) < 0 {
		t.Error("Error: a not set correctly\n")
		return
	}
}

func TestSRPClientSessionEphemeralKeyPub(t *testing.T) {
	n := StripSpaceChars(
		`ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024
                 e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd
                 3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec
                 6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f
                 24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361
                 c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552
                 bb9ed529077096966d670c354e4abc9804f1746c08ca237327fff
                 fffffffffffff`)
	g := "2"
	k := "3"
	ident := "s@ricketyspace.net"
	session, err := NewSRPClientSession(n, g, k, ident)
	if err != nil {
		t.Errorf("Error: %v\n", err)
		return
	}

	pub, err := session.EphemeralKeyPub()
	if err != nil {
		t.Errorf("Error: %v\n", err)
		return
	}
	if pub.Cmp(big.NewInt(0)) != 1 {
		t.Errorf("Error: pub is <= 0")
		return
	}
}

func TestSRPScramblingParamter(t *testing.T) {
	n := StripSpaceChars(
		`ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024
                 e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd
                 3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec
                 6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f
                 24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361
                 c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552
                 bb9ed529077096966d670c354e4abc9804f1746c08ca237327fff
                 fffffffffffff`)
	g := "2"
	k := "3"
	ident := "s@ricketyspace.net"
	pass := "d59d6c93af0f37f272d924979"

	// Init srp server user.
	user, err := NewSRPUser(n, g, k, ident, pass)
	if err != nil {
		t.Errorf("Error: %v\n", err)
		return
	}

	// Get server's pub for user.
	user.EphemeralKeyGen()
	pubB, err := user.EphemeralKeyPub()
	if err != nil {
		t.Errorf("Error: %v\n", err)
		return
	}

	// Init srp client session.
	session, err := NewSRPClientSession(n, g, k, ident)
	if err != nil {
		t.Errorf("Error: %v\n", err)
		return
	}

	// Get client's pub for user.
	pubA, err := session.EphemeralKeyPub()
	if err != nil {
		t.Errorf("Error: %v\n", err)
		return
	}

	// Compute server's scrambling parameter for user.
	err = user.SetScramblingParam(pubA)
	if err != nil {
		t.Errorf("Error: %v\n", err)
		return
	}

	// Compute client's scrambling paramter for user.
	err = session.SetScramblingParam(pubB)
	if err != nil {
		t.Errorf("Error: %v\n", err)
		return
	}

	// The server's and client's scrambling parameter must be the
	// same.
	if user.u.Cmp(session.u) != 0 {
		t.Error("Error: scrambling parameter of server != client\n")
		return
	}
}

func TestSRPSessionKey(t *testing.T) {
	n := StripSpaceChars(
		`ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024
                 e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd
                 3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec
                 6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f
                 24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361
                 c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552
                 bb9ed529077096966d670c354e4abc9804f1746c08ca237327fff
                 fffffffffffff`)
	g := "2"
	k := "3"
	ident := "s@ricketyspace.net"
	pass := "d59d6c93af0f37f272d924979"

	// Init srp server user.
	user, err := NewSRPUser(n, g, k, ident, pass)
	if err != nil {
		t.Errorf("unable to create user on server: %v\n", err)
		return
	}

	// Get server's pub for user.
	user.EphemeralKeyGen()
	pubB, err := user.EphemeralKeyPub()
	if err != nil {
		t.Errorf("server ephemeral pub error: %v\n", err)
		return
	}

	// Init srp client session.
	session, err := NewSRPClientSession(n, g, k, ident)
	if err != nil {
		t.Errorf("unable to create client session: %v\n", err)
		return
	}

	// Get client's pub for user.
	pubA, err := session.EphemeralKeyPub()
	if err != nil {
		t.Errorf("client ephemeral pub error: %v\n", err)
		return
	}

	// Compute server's scrambling parameter for user.
	err = user.SetScramblingParam(pubA)
	if err != nil {
		t.Errorf("unable generate server scrambling parameter: %v\n", err)
		return
	}

	// Compute client's scrambling paramter for user.
	err = session.SetScramblingParam(pubB)
	if err != nil {
		t.Errorf("unable generate client scrambling parameter: %v\n", err)
		return
	}

	// The server's and client's scrambling parameter must be the
	// same.
	if user.u.Cmp(session.u) != 0 {
		t.Error("Error: scrambling parameter of server != client\n")
		return
	}

	// Compute server's session key for user.
	err = user.ComputeSessionKey(pubA)
	if err != nil {
		t.Errorf("unable to compute server's session key: %v", err)
		return
	}

	// Compute client's session key for for user.
	err = session.ComputeSessionKey(user.salt, pass, pubB)
	if err != nil {
		t.Errorf("unable to compute client's session key: %v", err)
		return
	}

	// Verify that the session key is the same.
	if !BytesEqual(user.sk, session.sk) {
		t.Errorf("server's and client's session key not equal:"+
			" server_sk(%v): client_sk(%v)", user.sk, session.sk)
		return
	}

	// Generate MAC of client session's session key
	sMac, err := session.SessionKeyMac(user.salt)
	if err != nil {
		t.Errorf("unable to generate client session's mac: %v", err)
		return
	}

	// Verify MAC with server.
	if !user.SessionKeyMacVerify(sMac) {
		t.Errorf("client session mac verify failed: %v", err)
		return
	}
}

func TestSimplifiedSRP(t *testing.T) {
	n := StripSpaceChars(
		`ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024
                 e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd
                 3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec
                 6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f
                 24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361
                 c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552
                 bb9ed529077096966d670c354e4abc9804f1746c08ca237327fff
                 fffffffffffff`)
	g := "2"
	k := "3"
	ident := "s@ricketyspace.net"
	pass := "d59d6c93af0f37f272d924979"

	// Init srp server user.
	user, err := NewSRPUser(n, g, k, ident, pass)
	if err != nil {
		t.Errorf("unable to create user on server: %v\n", err)
		return
	}

	// Get server's pub for user.
	user.EphemeralKeyGen()
	pubB, err := user.EphemeralKeyPubSimple()
	if err != nil {
		t.Errorf("server ephemeral pub error: %v\n", err)
		return
	}

	// Init srp client session.
	session, err := NewSRPClientSession(n, g, k, ident)
	if err != nil {
		t.Errorf("unable to create client session: %v\n", err)
		return
	}

	// Get client's pub for user.
	pubA, err := session.EphemeralKeyPub()
	if err != nil {
		t.Errorf("client ephemeral pub error: %v\n", err)
		return
	}

	// Compute server's scrambling parameter for user.
	err = user.SetScramblingParamSimple()
	if err != nil {
		t.Errorf("unable generate server scrambling parameter: %v\n", err)
		return
	}

	// Compute client's scrambling paramter for user.
	err = session.SetScramblingParamSimple(user.u.Bytes())
	if err != nil {
		t.Errorf("unable generate client scrambling parameter: %v\n", err)
		return
	}

	// Compute server's session key for user.
	err = user.ComputeSessionKey(pubA)
	if err != nil {
		t.Errorf("unable to compute server's session key: %v", err)
		return
	}

	// Compute client's session key for for user.
	err = session.ComputeSessionKeySimple(user.salt, pass, pubB)
	if err != nil {
		t.Errorf("unable to compute client's session key: %v", err)
		return
	}

	// Verify that the session key is the same.
	if !BytesEqual(user.sk, session.sk) {
		t.Errorf("server's and client's session key not equal:"+
			" server_sk(%v): client_sk(%v)", user.sk, session.sk)
		return
	}

	// Generate MAC of client session's session key
	sMac, err := session.SessionKeyMac(user.salt)
	if err != nil {
		t.Errorf("unable to generate client session's mac: %v", err)
		return
	}

	// Verify MAC with server.
	if !user.SessionKeyMacVerify(sMac) {
		t.Errorf("client session mac verify failed: %v", err)
		return
	}
}