summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/srp.go14
-rw-r--r--lib/srp_test.go13
2 files changed, 27 insertions, 0 deletions
diff --git a/lib/srp.go b/lib/srp.go
index a7f14e1..9fdd594 100644
--- a/lib/srp.go
+++ b/lib/srp.go
@@ -223,6 +223,10 @@ func (u *SRPUser) ComputeSessionKey(a *big.Int) error {
return nil
}
+func (u *SRPUser) SessionKeyMacVerify(mac []byte) bool {
+ return u.h.MacVerify(u.salt, u.sk, mac)
+}
+
func NewSRPClientSession(n, g, k, ident string) (*SRPClientSession, error) {
var ok bool
@@ -347,3 +351,13 @@ func (s *SRPClientSession) ComputeSessionKey(salt []byte,
return nil
}
+
+func (s *SRPClientSession) SessionKeyMac(salt []byte) ([]byte, error) {
+ if len(s.sk) < 1 {
+ return nil, CPError{"sk is invalid"}
+ }
+ if len(salt) < 1 {
+ return nil, CPError{"salt is invalid"}
+ }
+ return s.h.Mac(salt, s.sk), nil
+}
diff --git a/lib/srp_test.go b/lib/srp_test.go
index 1445e01..edcc588 100644
--- a/lib/srp_test.go
+++ b/lib/srp_test.go
@@ -334,4 +334,17 @@ func TestSRPSessionKey(t *testing.T) {
" server_sk(%v): client_sk(%v)", user.sk, session.sk)
return
}
+
+ // Generate MAC of client session's session key
+ sMac, err := session.SessionKeyMac(user.salt)
+ if err != nil {
+ t.Errorf("unable to generate client session's mac: %v", err)
+ return
+ }
+
+ // Verify MAC with server.
+ if !user.SessionKeyMacVerify(sMac) {
+ t.Errorf("client session mac verify failed: %v", err)
+ return
+ }
}
siddharth ravikumar snafu