include salt in client proof

author HimbeerserverDE <himbeerserverde@gmail.com>

Fri, 17 Feb 2023 21:42:04 +0000 (22:42 +0100)

committer HimbeerserverDE <himbeerserverde@gmail.com>

Fri, 17 Feb 2023 21:42:04 +0000 (22:42 +0100)
author HimbeerserverDE <himbeerserverde@gmail.com>
Fri, 17 Feb 2023 21:42:04 +0000 (22:42 +0100)
committer HimbeerserverDE <himbeerserverde@gmail.com>
Fri, 17 Feb 2023 21:42:04 +0000 (22:42 +0100)
diff --git a/srp/src/client.rs b/srp/src/client.rs

index 845c6f8fe7d4a214e4d3009150eb4984122a60d1..dd2198226b156fc8c4909c6a75734dca51b6190f 100644 (file)
--- a/srp/src/client.rs
+++ b/srp/src/client.rs
@@ -209,6 +209,7 @@ impl<'a, D: Digest> SrpClient<'a, D> {
          let m1 = compute_m1::<D>(
              self.params,
              username_hash.as_slice(),
+            salt,
              &a_pub.to_bytes_be(),
              &b_pub.to_bytes_be(),
              &key.to_bytes_be(),
diff --git a/srp/src/server.rs b/srp/src/server.rs

index 08c047523d7a106c833fd1552895ff5f9fb0881b..e48c8e88eb5de2895ae1be773f38a8e443539083 100644 (file)
--- a/srp/src/server.rs
+++ b/srp/src/server.rs
@@ -121,11 +121,13 @@ impl<'a, D: Digest> SrpServer<'a, D> {
  
      /// Process client reply to the handshake.
      /// b is a random value,
+    /// s is the salt,
      /// v is the provided during initial user registration
      pub fn process_reply(
          &self,
          username: &str,
          b: &[u8],
+        s: &[u8],
          v: &[u8],
          a_pub: &[u8],
      ) -> Result<SrpServerVerifier<D>, SrpAuthError> {
@@ -152,6 +154,7 @@ impl<'a, D: Digest> SrpServer<'a, D> {
          let m1 = compute_m1::<D>(
              self.params,
              username_hash.as_slice(),
+            s,
              &a_pub.to_bytes_be(),
              &b_pub.to_bytes_be(),
              &key.to_bytes_be(),
diff --git a/srp/src/utils.rs b/srp/src/utils.rs

index d053f5d2c43cfef0a8a973c6c11e049b442f391c..5258c7abb7d75e9269a36f2718e8399360cd44c1 100644 (file)
--- a/srp/src/utils.rs
+++ b/srp/src/utils.rs
@@ -29,6 +29,7 @@ pub fn compute_k<D: Digest>(params: &SrpGroup) -> BigUint {
  pub fn compute_m1<D: Digest>(
      params: &SrpGroup,
      identity_hash: &[u8],
+    salt: &[u8],
      a_pub: &[u8],
      b_pub: &[u8],
      key: &[u8],
@@ -46,6 +47,7 @@ pub fn compute_m1<D: Digest>(
      let mut d = D::new();
      d.update(ng_xor);
      d.update(identity_hash);
+    d.update(salt);
      d.update(a_pub);
      d.update(b_pub);
      d.update(key);
author	HimbeerserverDE <himbeerserverde@gmail.com>
	Fri, 17 Feb 2023 21:42:04 +0000 (22:42 +0100)
committer	HimbeerserverDE <himbeerserverde@gmail.com>
	Fri, 17 Feb 2023 21:42:04 +0000 (22:42 +0100)
srp/src/client.rs		patch \| blob \| history
srp/src/server.rs		patch \| blob \| history
srp/src/utils.rs		patch \| blob \| history