1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
#!/usr/bin/env ruby
require './opaque.so'
include Opaque
idU = "idU"
idS = "idS"
pwd = "pwd"
context = "context"
# create a record "directly on the server"
rec, export_key = register(pwd, idU, idS)
# client initiates session
secU, pub = create_credential_request(pwd)
# server sets up session and responds with record
resp, skS, secS = create_credential_response(pub, rec, idU, idS, context)
# client recovers keys, sets up session
skU, authU, export_keyU = recover_credentials(resp, secU, context, idU, idS)
raise "fail" unless skS == skU
raise "fail" unless export_key == export_keyU
# server authenticates client explicitly
raise "fail" unless user_auth(secS, authU)
# start 4 step registration
m, secU = create_registration_request(pwd)
secS, pub = create_registration_response(m)
rec, export_key = finalize_request(secU, pub, idU, idS)
rec = store_user_record(secS, rec)
secU, pub = create_credential_request(pwd)
# server sets up session and responds with record
resp, skS, secS = create_credential_response(pub, rec, idU, idS, context)
# client recovers keys, sets up session
skU, authU, export_keyU = recover_credentials(resp, secU, context, idU, idS)
raise "fail" unless skS == skU
raise "fail" unless export_key == export_keyU
# server authenticates client explicitly
raise "fail" unless user_auth(secS, authU)
# start 4 step registration with 1k server setup
_, skS = create_server_keys()
m, secU = create_registration_request(pwd)
secS, pub = create_registration_response(m, skS)
rec, export_key = finalize_request(secU, pub, idU, idS)
rec = store_user_record(secS, rec)
secU, pub = create_credential_request(pwd)
# server sets up session and responds with record
resp, skS, secS = create_credential_response(pub, rec, idU, idS, context)
# client recovers keys, sets up session
skU, authU, export_keyU = recover_credentials(resp, secU, context, idU, idS)
raise "fail" unless skS == skU
raise "fail" unless export_key == export_keyU
# server authenticates client explicitly
raise "fail" unless user_auth(secS, authU)
print "all ok\n"
|
