include username in client proof

author HimbeerserverDE <himbeerserverde@gmail.com>

Fri, 17 Feb 2023 21:30:28 +0000 (22:30 +0100)

committer HimbeerserverDE <himbeerserverde@gmail.com>

Fri, 17 Feb 2023 21:30:28 +0000 (22:30 +0100)
author HimbeerserverDE <himbeerserverde@gmail.com>
Fri, 17 Feb 2023 21:30:28 +0000 (22:30 +0100)
committer HimbeerserverDE <himbeerserverde@gmail.com>
Fri, 17 Feb 2023 21:30:28 +0000 (22:30 +0100)
diff --git a/srp/src/client.rs b/srp/src/client.rs

index 263e5f34b70cb34d1f883d320c1ddd1db1aaa254..eed115344dcaa7869c547c67c0bd115c60d17ce5 100644 (file)
--- a/srp/src/client.rs
+++ b/srp/src/client.rs
@@ -204,6 +204,7 @@ impl<'a, D: Digest> SrpClient<'a, D> {
  
          let m1 = compute_m1::<D>(
              self.params,
+            identity_hash.as_slice(),
              &a_pub.to_bytes_be(),
              &b_pub.to_bytes_be(),
              &key.to_bytes_be(),
diff --git a/srp/src/server.rs b/srp/src/server.rs

index b7d3eff90e242c993ad8d15bf68d9423fabcc9b8..e1eb331af3f55edef53a8f65b446dd8c912c23f9 100644 (file)
--- a/srp/src/server.rs
+++ b/srp/src/server.rs
@@ -124,6 +124,7 @@ impl<'a, D: Digest> SrpServer<'a, D> {
      /// v is the provided during initial user registration
      pub fn process_reply(
          &self,
+        username: &str,
          b: &[u8],
          v: &[u8],
          a_pub: &[u8],
@@ -142,10 +143,15 @@ impl<'a, D: Digest> SrpServer<'a, D> {
  
          let u = compute_u::<D>(&a_pub.to_bytes_be(), &b_pub.to_bytes_be());
  
+        let mut d = D::new();
+        d.update(username);
+        let identity_hash = d.finalize();
+
          let key = self.compute_premaster_secret(&a_pub, &v, &u, &b);
  
          let m1 = compute_m1::<D>(
              self.params,
+            identity_hash.as_slice(),
              &a_pub.to_bytes_be(),
              &b_pub.to_bytes_be(),
              &key.to_bytes_be(),
diff --git a/srp/src/utils.rs b/srp/src/utils.rs

index 2bd76394a8c5935ee9ba2280133581ab1e9296cc..d053f5d2c43cfef0a8a973c6c11e049b442f391c 100644 (file)
--- a/srp/src/utils.rs
+++ b/srp/src/utils.rs
@@ -28,6 +28,7 @@ pub fn compute_k<D: Digest>(params: &SrpGroup) -> BigUint {
  // M1 = H(H(N) XOR H(g) | H(U) | s | A | B | K)
  pub fn compute_m1<D: Digest>(
      params: &SrpGroup,
+    identity_hash: &[u8],
      a_pub: &[u8],
      b_pub: &[u8],
      key: &[u8],
@@ -44,6 +45,7 @@ pub fn compute_m1<D: Digest>(
  
      let mut d = D::new();
      d.update(ng_xor);
+    d.update(identity_hash);
      d.update(a_pub);
      d.update(b_pub);
      d.update(key);
author	HimbeerserverDE <himbeerserverde@gmail.com>
	Fri, 17 Feb 2023 21:30:28 +0000 (22:30 +0100)
committer	HimbeerserverDE <himbeerserverde@gmail.com>
	Fri, 17 Feb 2023 21:30:28 +0000 (22:30 +0100)
srp/src/client.rs		patch \| blob \| history
srp/src/server.rs		patch \| blob \| history
srp/src/utils.rs		patch \| blob \| history