lib: add srp mac verification functions

2 files changed, 27 insertions, 0 deletions

diff --git a/lib/srp.go b/lib/srp.go
index a7f14e1..9fdd594 100644
--- a/lib/srp.go
+++ b/lib/srp.go
@@ -223,6 +223,10 @@ func (u *SRPUser) ComputeSessionKey(a *big.Int) error {
 	return nil
 }
 
+func (u *SRPUser) SessionKeyMacVerify(mac []byte) bool {
+	return u.h.MacVerify(u.salt, u.sk, mac)
+}
+
 func NewSRPClientSession(n, g, k, ident string) (*SRPClientSession, error) {
 	var ok bool
 
@@ -347,3 +351,13 @@ func (s *SRPClientSession) ComputeSessionKey(salt []byte,
 
 	return nil
 }
+
+func (s *SRPClientSession) SessionKeyMac(salt []byte) ([]byte, error) {
+	if len(s.sk) < 1 {
+		return nil, CPError{"sk is invalid"}
+	}
+	if len(salt) < 1 {
+		return nil, CPError{"salt is invalid"}
+	}
+	return s.h.Mac(salt, s.sk), nil
+}
diff --git a/lib/srp_test.go b/lib/srp_test.go
index 1445e01..edcc588 100644
--- a/lib/srp_test.go
+++ b/lib/srp_test.go
@@ -334,4 +334,17 @@ func TestSRPSessionKey(t *testing.T) {
 			" server_sk(%v): client_sk(%v)", user.sk, session.sk)
 		return
 	}
+
+	// Generate MAC of client session's session key
+	sMac, err := session.SessionKeyMac(user.salt)
+	if err != nil {
+		t.Errorf("unable to generate client session's mac: %v", err)
+		return
+	}
+
+	// Verify MAC with server.
+	if !user.SessionKeyMacVerify(sMac) {
+		t.Errorf("client session mac verify failed: %v", err)
+		return
+	}
 }