dkelly/nkode-protocol
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor client opaque

Browse Source
This commit is contained in:
Donovan
2025-12-16 14:07:03 -06:00
parent e29468e0b6
commit be95241ed4
8 changed files with 342 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
tests/in_memory_test.rs
View File

@@ -1,61 +1,31 @@
use std::sync::Arc;
use opaque_ke::rand::rngs::OsRng;
use tokio::sync::Mutex;
use nkode_protocol::opaque::client::{AuthenticationData, OpaqueAuthentication, ClientAuthError};
use nkode_protocol::opaque::client::{AuthenticationData, ClientAuthError, OpaqueAuthLogin, OpaqueAuthRegister};
use nkode_protocol::models::opaque::NKodeServerSetup;
use nkode_protocol::opaque::server::{Code, Key, OpaqueAuth};
use nkode_protocol::repository::opaque::in_memory::in_memory_auth_repo::InMemoryAuthRepo;
use nkode_protocol::repository::opaque::in_memory::in_memory_auth_session::InMemoryAuthSession;
use nkode_protocol::repository::opaque::in_memory::in_memory_transport::{InMemoryCodeServer, InMemoryKeyServer, InMemSharedServer};
use nkode_protocol::repository::opaque::in_memory::in_memory_transport::{InMemoryCodeServer, InMemoryKeyServer};
#[tokio::test]
async fn opaque_key_registration_and_login_roundtrip() {
let mut rng = OsRng;
let server_setup = NKodeServerSetup::new(&mut rng);
let mut server = InMemoryKeyServer::new(server_setup);
let auth = AuthenticationData::from_secret_key("a@b.com", b"supersecret16bytes");
OpaqueAuthentication::register(&auth, &mut server)
.await
.expect("registration should succeed");
let session_key = OpaqueAuthentication::login(&auth, &mut server)
let server = InMemoryKeyServer::new(server_setup);
let auth_reg = OpaqueAuthRegister::new(server.clone());
let auth_data = AuthenticationData::from_secret_key("a@b.com", b"supersecret16bytes");
auth_reg.register(&auth_data).await.expect("registration should succeed");
let login_reg = OpaqueAuthLogin::new(server);
let session_key =login_reg.login(&auth_data)
.await
.expect("login should succeed");
assert!(!session_key.is_empty());
}
#[tokio::test]
async fn opaque_code_registration_and_login_roundtrip() {
let mut rng = OsRng;
let server_setup = NKodeServerSetup::new(&mut rng);
let shared = Arc::new(Mutex::new(OpaqueAuth::new(
server_setup,
InMemoryAuthRepo::new(),
InMemoryAuthSession::new(),
)));
let mut key_server = InMemSharedServer::<Key>::new(shared.clone());
let mut code_server = InMemSharedServer::<Code>::new(shared.clone());
let email = "c@d.com";
let key_auth = AuthenticationData::from_secret_key(email, b"supersecret16bytes");
OpaqueAuthentication::register(&key_auth, &mut key_server)
.await
.expect("key registration should succeed");
let code = vec![1usize, 2, 3, 4, 5, 6];
let code_auth = AuthenticationData::from_code(email, &code);
OpaqueAuthentication::register(&code_auth, &mut code_server)
.await
.expect("code registration should succeed after key exists");
let session_key = OpaqueAuthentication::login(&code_auth, &mut code_server)
.await
.expect("login should succeed");
assert!(!session_key.is_empty());
}
#[tokio::test]
async fn opaque_login_fails_if_not_registered() {
let mut rng = OsRng;
let server_setup = NKodeServerSetup::new(&mut rng);
let mut server = InMemoryKeyServer::new(server_setup);
let server = InMemoryKeyServer::new(server_setup);
let auth = AuthenticationData::from_secret_key("nope@nope.com", b"supersecret16bytes");
let err = OpaqueAuthentication::login(&auth, &mut server)
let login_reg = OpaqueAuthLogin::new(server);
let err = login_reg.login(&auth)
.await
.expect_err("login should fail if user not registered");
match err {
@@ -69,8 +39,9 @@ async fn cannot_register_code_before_key() {
let mut rng = OsRng;
let server_setup = NKodeServerSetup::new(&mut rng);
let mut server = InMemoryCodeServer::new(server_setup);
let auth_reg = OpaqueAuthRegister::new(server.clone());
let auth = AuthenticationData::from_code("x@y.com", &[1usize,2,3,4]);
let err = OpaqueAuthentication::register(&auth, &mut server)
let err = auth_reg.register(&auth)
.await
.expect_err("should fail because key is not registered");
match err {