session is handled by the class that includes SRP::Authentication - not the client

diff --git a/lib/srp/client.rb b/lib/srp/client.rb
index 667d5ba..be94072 100644 (file)
--- a/lib/srp/client.rb
+++ b/lib/srp/client.rb
@@ -19,10 +19,10 @@ module SRP
       x = calculate_x(username, password, salt)
       a = bigrand(32).hex
       aa = modpow(GENERATOR, a, PRIME_N) # A = g^a (mod N)
-      session = server.initialize_auth(aa)
-      u = calculate_u(aa, session.bb, PRIME_N)
-      client_s = calculate_client_s(x, a, session.bb, u)
-      server.authenticate(calculate_m(aa,session.bb,client_s), session)
+      bb = server.handshake(aa)
+      u = calculate_u(aa, bb, PRIME_N)
+      client_s = calculate_client_s(x, a, bb, u)
+      server.validate(calculate_m(aa, bb, client_s))
     end
 
     protected

diff --git a/test/auth_test.rb b/test/auth_test.rb
index b8c3c05..182722f 100644 (file)
--- a/test/auth_test.rb
+++ b/test/auth_test.rb
@@ -10,6 +10,16 @@ class User
     @salt = salt
     @verifier = verifier
   end
+
+  def handshake(aa)
+    @session = initialize_auth(aa)
+    return @session.bb
+  end
+
+  def validate(m)
+    authenticate(m, @session)
+  end
+
 end
 
 class AuthTest < Test::Unit::TestCase