diff --git a/srp/src/lib.rs b/srp/src/lib.rs index bec6c11..d4a2dac 100644 --- a/srp/src/lib.rs +++ b/srp/src/lib.rs @@ -25,10 +25,9 @@ //! |`a_pub = g^a` | — `a_pub`, `I` —> | (lookup `s`, `v` for given `I`) | //! |`x = PH(P, s)` | <— `b_pub`, `s` — | `b_pub = k*v + g^b` | //! |`u = H(a_pub ‖ b_pub)` | | `u = H(a_pub ‖ b_pub)` | -//! |`s = (b_pub - k*g^x)^(a+u*x)` | | `S = (b_pub - k*g^x)^(a+u*x)` | -//! |`K = H(s)` | | `K = H(s)` | -//! |`M1 = H(A ‖ B ‖ K)` | — `M1` —> | (verify `M1`) | -//! |(verify `M2`) | <— `M2` — | `M2 = H(A ‖ M1 ‖ K)` | +//! |`S = (b_pub - k*g^x)^(a+u*x)` | | `S = (b_pub - k*g^x)^(a+u*x)` | +//! |`M1 = H(A ‖ B ‖ S)` | — `M1` —> | (verify `M1`) | +//! |(verify `M2`) | <— `M2` — | `M2 = H(A ‖ M1 ‖ S)` | //! //! Variables and notations have the following meaning: //! diff --git a/srp/src/utils.rs b/srp/src/utils.rs index 0d77129..e11d842 100644 --- a/srp/src/utils.rs +++ b/srp/src/utils.rs @@ -27,8 +27,10 @@ pub fn compute_k(params: &SrpGroup) -> BigUint { BigUint::from_bytes_be(d.finalize().as_slice()) } -// M1 = H(A, B, K) this doesn't follow the spec but apparently no one does for M1 -// M1 should equal = H(H(N) XOR H(g) | H(U) | s | A | B | K) according to the spec +// M1 = H(A, B, S) follows SRP-6 required by a strict interpretation of RFC +// 5054; this doesn't follow RFC 2945, where +// M1 = H(H(N) XOR H(g) | H(U) | s | A | B | K) +// as RFC 5054 doesn't mandate its use. #[must_use] pub fn compute_m1(a_pub: &[u8], b_pub: &[u8], key: &[u8]) -> Output { let mut d = D::new(); @@ -38,7 +40,7 @@ pub fn compute_m1(a_pub: &[u8], b_pub: &[u8], key: &[u8]) -> Output(a_pub: &[u8], m1: &Output, key: &[u8]) -> Output { let mut d = D::new();