示例#1
0
// NewSession sets up a new session. The Last field should be sent
// to the client. The returned public key should be sent to the
// user for generating a shared MAC key. The authenticator should ensure
// some mechanism for expiring sessions exists.
func NewSession(pub []byte) (*Authenticator, []byte, error) {
	next := util.RandBytes(sessionLength)
	if next == nil {
		return nil, nil, errors.New("auth: PRNG failure")
	}

	ephemeral, err := public.GenerateKey()
	if err != nil || !ephemeral.Valid() {
		return nil, nil, errors.New("auth: failed to set up session key")
	}

	// Validated that the key was correct previously.
	ephemeralPublic, _ := public.MarshalPublic(ephemeral.PublicKey)

	peer, err := public.UnmarshalPublic(pub)
	if err != nil {
		return nil, nil, err
	}

	shared := public.KeyExchange(ephemeral, peer)

	return &Authenticator{
		Type:   TypeSession,
		Last:   hex.EncodeToString(next),
		Secret: shared,
	}, ephemeralPublic, nil
}
示例#2
0
// KeySession sets up a new session from the user's private key and the
// server's ephemeral public key.
func KeySession(priv, pub []byte) (*Session, bool) {
	privKey, err := public.UnmarshalPrivate(priv)
	if err != nil {
		return nil, false
	}
	defer privKey.Zero()

	pubKey, err := public.UnmarshalPublic(pub)
	if err != nil {
		return nil, false
	}

	shared := public.KeyExchange(privKey, pubKey)
	return &Session{shared: shared}, true
}
示例#3
0
func testCreateOTP(t *testing.T) string {
	if sessionAuth == nil {
		t.Fatal("auth: session not established")
	}

	last, err := hex.DecodeString(sessionAuth.Last)
	if err != nil {
		t.Fatalf("%v", err)
	}

	sessionPublic, err := public.UnmarshalPublic(sessionPub)
	if err != nil {
		t.Fatalf("%v", err)
	}

	shared := public.KeyExchange(peerPrivate, sessionPublic)

	h := hmac.New(sha256.New, shared)
	h.Write(last)
	last = append(last, h.Sum(nil)...)
	return hex.EncodeToString(last)
}