diff options
author | Paul Guyot <pguyot@kallisys.net> | 2014-05-15 16:29:34 +0200 |
---|---|---|
committer | Paul Guyot <pguyot@kallisys.net> | 2014-05-15 16:38:12 +0200 |
commit | eee8d83ad1766b038b16102eb2006eaa7c21b4e5 (patch) | |
tree | c8f7734ed17a3f1dab16be45c8b2215be60e897a /lib/crypto/c_src/crypto.c | |
parent | 5ade234d37600ea80dbb309f431c615937ea253d (diff) | |
download | otp-eee8d83ad1766b038b16102eb2006eaa7c21b4e5.tar.gz otp-eee8d83ad1766b038b16102eb2006eaa7c21b4e5.tar.bz2 otp-eee8d83ad1766b038b16102eb2006eaa7c21b4e5.zip |
Fix bug in SRP implementation
SRP didn't work with smaller primes as user secret was improperly
computed.
Formula is: (B - (k * g^x)) ^ (a + (u * x)) % N
Previously, the code computed a + (u * x) % N instead of a + (u * x).
a typically is a 256 bits random number (RFC 5054 says it should be at
least 256 bits), u and x are SHA1 signatures (160 bits). So a + (u * x)
can differ from a + (u * x) % N for N primes smaller than 320 bits.
Diffstat (limited to 'lib/crypto/c_src/crypto.c')
-rw-r--r-- | lib/crypto/c_src/crypto.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index 3020cadc56..a2868850d7 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -2892,8 +2892,8 @@ static ERL_NIF_TERM srp_user_secret_nif(ErlNifEnv* env, int argc, const ERL_NIF_ /* a + (u * x) */ bn_exp2 = BN_new(); - BN_mod_mul(bn_result, bn_u, bn_exponent, bn_prime, bn_ctx); - BN_mod_add(bn_exp2, bn_a, bn_result, bn_prime, bn_ctx); + BN_mul(bn_result, bn_u, bn_exponent, bn_ctx); + BN_add(bn_exp2, bn_a, bn_result); /* (B - (k * g^x)) ^ (a + (u * x)) % N */ BN_mod_exp(bn_result, bn_base, bn_exp2, bn_prime, bn_ctx); |