Added SRPClient.calculateServerProof (#12)

* Added SRPClient.calculateServerProof * Update github action
adam-fowler · Oct 27, 2024 · 982c378 · 982c378
1 parent f5c7fb5
commit 982c378
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 16 deletions.
diff --git a/.github/workflows/swift.yml b/.github/workflows/swift.yml
@@ -15,7 +15,7 @@ jobs:
   macOS:
     runs-on: macOS-latest
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 1
     - name: Build
@@ -27,12 +27,12 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        image: ['swift:5.7', 'swift:5.8', 'swift:5.9']
+        image: ['swift:5.9', 'swift:5.10', 'swift:6.0']
     container:
       image: ${{ matrix.image }}
     steps:
     - name: Checkout
-      uses: actions/checkout@v1
+      uses: actions/checkout@v4
       with:
         fetch-depth: 1
     - name: Test

diff --git a/Sources/SRP/client.swift b/Sources/SRP/client.swift
@@ -93,22 +93,39 @@ public struct SRPClient<H: HashFunction> {
         return SRP<H>.calculateClientProof(configuration: configuration, username: username, salt: salt, clientPublicKey: clientPublicKey, serverPublicKey: serverPublicKey, hashSharedSecret: hashSharedSecret)
     }
 
-    /// If the server returns that the client verification code was valiid it will also return a server verification code that the client can use to verify the server is correct
+    /// If the server returns that the client verification code was valid it will also return a server 
+    /// verification code that the client can use to verify the server is correct. This is the calculation 
+    /// to verify it is correct
     ///
     /// - Parameters:
-    ///   - code: Verification code returned by server
-    ///   - state: Authentication state
-    /// - Throws: `requiresVerificationKey`, `invalidServerCode`
-    public func verifyServerProof(serverProof: [UInt8], clientProof: [UInt8], clientKeys: SRPKeyPair, sharedSecret: SRPKey) throws {
+    ///   - clientPublicKey: Client public key
+    ///   - clientProof: Client proof
+    ///   - sharedSecret: Shared secret
+    public func calculateServerProof(clientPublicKey: SRPKey, clientProof: [UInt8], sharedSecret: SRPKey) -> [UInt8] {
         let hashSharedSecret = [UInt8](H.hash(data: sharedSecret.bytes))
         // get out version of server proof
-        let HAMK = SRP<H>.calculateServerVerification(clientPublicKey: clientKeys.public, clientProof: clientProof, sharedSecret: hashSharedSecret)
+        return SRP<H>.calculateServerVerification(clientPublicKey: clientPublicKey, clientProof: clientProof, sharedSecret: hashSharedSecret)
+    }
+
+    /// If the server returns that the client verification code was valid it will also return a server 
+    /// verification code that the client can use to verify the server is correct
+    ///
+    /// - Parameters:
+    ///   - clientProof: Server proof
+    ///   - clientProof: Client proof
+    ///   - clientKeys: Client keys
+    ///   - sharedSecret: Shared secret
+    /// - Throws: `requiresVerificationKey`, `invalidServerCode`
+    public func verifyServerProof(serverProof: [UInt8], clientProof: [UInt8], clientKeys: SRPKeyPair, sharedSecret: SRPKey) throws {
+        // get our version of server proof
+        let HAMK = calculateServerProof(clientPublicKey: clientKeys.public, clientProof: clientProof, sharedSecret: sharedSecret)
         // is it the same
         guard serverProof == HAMK else { throw SRPClientError.invalidServerCode }
     }
 
-    /// Generate salt and password verifier from username and password. When creating your user instead of passing your password to the server, you
-    /// pass the salt and password verifier values. In this way the server never knows your password so can never leak it.
+    /// Generate salt and password verifier from username and password. When creating your user instead of 
+    /// passing your password to the server, you pass the salt and password verifier values. In this way the 
+    /// server never knows your password so can never leak it.
     ///
     /// - Parameters:
     ///   - username: username

diff --git a/Sources/SRP/server.swift b/Sources/SRP/server.swift
@@ -66,10 +66,10 @@ public struct SRPServer<H: HashFunction> {
     /// verify proof that client has shared secret and return a server verification proof. If verification fails a `invalidClientCode` error is thrown
     ///
     /// - Parameters:
-    ///   - code: verification code sent by user
-    ///   - username: username
-    ///   - salt: salt stored with user
-    ///   - state: authentication state.
+    ///   - proof: Client proof
+    ///   - clientPublicKey: Client public key
+    ///   - serverPublicKey: Server public key
+    ///   - sharedSecret: Shared secret
     /// - Throws: invalidClientCode
     /// - Returns: The server verification code
     public func verifySimpleClientProof(proof: [UInt8], clientPublicKey: SRPKey, serverPublicKey: SRPKey, sharedSecret: SRPKey) throws -> [UInt8] {
@@ -88,7 +88,9 @@ public struct SRPServer<H: HashFunction> {
     ///   - code: verification code sent by user
     ///   - username: username
     ///   - salt: salt stored with user
-    ///   - state: authentication state.
+    ///   - clientPublicKey: Client public key
+    ///   - serverPublicKey: Server public key
+    ///   - sharedSecret: Shared secret
     /// - Throws: invalidClientCode
     /// - Returns: The server verification code
     public func verifyClientProof(proof: [UInt8], username: String, salt: [UInt8], clientPublicKey: SRPKey, serverPublicKey: SRPKey, sharedSecret: SRPKey) throws -> [UInt8] {