srp6a.test.ts

import { SRPParameters } from "../src/parameters";
import { SRPRoutines } from "../src/routines";
import { SRPClientSession } from "../src/session-client";
import { SRPServerSession } from "../src/session-server";
import {
  createVerifierAndSalt,
  generateRandomString,
  stringToArrayBuffer,
} from "../src/utils";
import { test } from "./tests";

const testParameters = new SRPParameters();
class SRP6aRoutines extends SRPRoutines {
  public computeIdentityHash(I: string, P: string): Promise<ArrayBuffer> {
    return this.hash(stringToArrayBuffer(`${I}:${P}`));
  }
}
const srp6aRoutines = new SRP6aRoutines(testParameters);

test("#SRP6aSession success", async (t) => {
  t.plan(1);

  const testUsername = generateRandomString(10);
  const testPassword = generateRandomString(15);

  // Sign up
  // salt and verifier are generated by client during signup
  // verifier is read from server storage for server.step1
  const { s: salt, v: verifier } = await createVerifierAndSalt(
    srp6aRoutines,
    testUsername,
    testPassword,
  );

  // Sign in
  const srp6aClient = await new SRPClientSession(srp6aRoutines).step1(
    testUsername,
    testPassword,
  );

  // server gets identifier from client, salt+verifier from db (from signup)
  const server = await new SRPServerSession(srp6aRoutines).step1(
    testUsername,
    salt,
    verifier,
  );

  // client gets challenge B from server step1 and sends prove M1 to server
  const srp6aClient_step2 = await srp6aClient.step2(salt, server.B);

  // servers checks client prove M1 and sends server prove M2 to client
  const M2 = await server.step2(srp6aClient_step2.A, srp6aClient_step2.M1);

  // client ensures server identity
  await srp6aClient_step2.step3(M2);
  t.pass(`user:${testUsername}, password:${testPassword}, salt: ${salt}`);
});

test("#SRP6aSession config mismatch", async (t) => {
  t.plan(1);

  const testUsername = "testUser";
  const testPassword = "testPassword";

  const defaultRoutines = new SRPRoutines(testParameters);

  // Sign up is done using SRP6a verifier
  const { s: salt, v: verifier } = await createVerifierAndSalt(
    srp6aRoutines,
    testUsername,
    testPassword,
  );

  // Sign in
  const defaultClient = await new SRPClientSession(defaultRoutines).step1(
    testUsername,
    testPassword,
  );

  // server gets identifier from client, salt+verifier from db (from signup)
  const serverSession = await new SRPServerSession(srp6aRoutines).step1(
    testUsername,
    salt,
    verifier,
  );

  // client gets challenge B from server step1 and sends prove M1 to server
  const { A, M1 } = await defaultClient.step2(salt, serverSession.B);

  await t.rejects(() => serverSession.step2(A, M1), /bad client credentials/i);
});