srp: compute `K = H(S)` correctly. #166

zadlg · 2024-04-08T16:58:29Z

srp: compute K = H(S) correctly.

According to the specification section The SRP protocol, K (which corresponds
to the session key) is computed as follows:

K = H(S)

where H is the digest algorithm, and S is the common exponential value.

In the current implementation, K is equal to S, which does not follow
the SRP protocol specification.

This commit fixes this issue by computing the right value for K.

According to [the specification] section _The SRP protocol_, `K` (which corresponds to the session key) is computed as follows: ``` K = H(S) ``` where `H` is the digest algorithm, and `S` is the common exponential value. In the [current implementation], `K` is equal to `S`, which does not follow the SRP protocol specification. This commit fixes this issue by computing the right value for `K`. [the specification]: http://srp.stanford.edu/ndss.html#SECTION00032200000000000000 [current implementation]: https://github.com/RustCrypto/PAKEs/blob/8e46d6bfa24d44e6671616d730e978157b2b23e3/srp/src/client.rs#L211

tarcieri · 2024-05-10T00:11:28Z

See also #153 and #163, as well as RFC5054

zadlg · 2024-06-29T12:04:26Z

up

tarcieri · 2024-06-29T12:24:05Z

@zadlg your opinion on the existing PRs and any overlap and existing discussion would be appreciated

zadlg · 2024-06-29T13:16:27Z

Sorry, I didn't understand you were waiting for an answer from me.

I think the specification is quite clear, isn't it ?

tarcieri · 2024-06-29T13:30:46Z

Let me be a little more explicit:

zadlg marked this pull request as ready for review April 8, 2024 17:00

Provide feedback