diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/srp.go | 14 | ||||
| -rw-r--r-- | lib/srp_test.go | 13 |
2 files changed, 27 insertions, 0 deletions
@@ -223,6 +223,10 @@ func (u *SRPUser) ComputeSessionKey(a *big.Int) error { return nil } +func (u *SRPUser) SessionKeyMacVerify(mac []byte) bool { + return u.h.MacVerify(u.salt, u.sk, mac) +} + func NewSRPClientSession(n, g, k, ident string) (*SRPClientSession, error) { var ok bool @@ -347,3 +351,13 @@ func (s *SRPClientSession) ComputeSessionKey(salt []byte, return nil } + +func (s *SRPClientSession) SessionKeyMac(salt []byte) ([]byte, error) { + if len(s.sk) < 1 { + return nil, CPError{"sk is invalid"} + } + if len(salt) < 1 { + return nil, CPError{"salt is invalid"} + } + return s.h.Mac(salt, s.sk), nil +} diff --git a/lib/srp_test.go b/lib/srp_test.go index 1445e01..edcc588 100644 --- a/lib/srp_test.go +++ b/lib/srp_test.go @@ -334,4 +334,17 @@ func TestSRPSessionKey(t *testing.T) { " server_sk(%v): client_sk(%v)", user.sk, session.sk) return } + + // Generate MAC of client session's session key + sMac, err := session.SessionKeyMac(user.salt) + if err != nil { + t.Errorf("unable to generate client session's mac: %v", err) + return + } + + // Verify MAC with server. + if !user.SessionKeyMacVerify(sMac) { + t.Errorf("client session mac verify failed: %v", err) + return + } } |