From eee8d83ad1766b038b16102eb2006eaa7c21b4e5 Mon Sep 17 00:00:00 2001 From: Paul Guyot Date: Thu, 15 May 2014 16:29:34 +0200 Subject: Fix bug in SRP implementation SRP didn't work with smaller primes as user secret was improperly computed. Formula is: (B - (k * g^x)) ^ (a + (u * x)) % N Previously, the code computed a + (u * x) % N instead of a + (u * x). a typically is a 256 bits random number (RFC 5054 says it should be at least 256 bits), u and x are SHA1 signatures (160 bits). So a + (u * x) can differ from a + (u * x) % N for N primes smaller than 320 bits. --- lib/crypto/c_src/crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/crypto/c_src/crypto.c') diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index 3020cadc56..a2868850d7 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -2892,8 +2892,8 @@ static ERL_NIF_TERM srp_user_secret_nif(ErlNifEnv* env, int argc, const ERL_NIF_ /* a + (u * x) */ bn_exp2 = BN_new(); - BN_mod_mul(bn_result, bn_u, bn_exponent, bn_prime, bn_ctx); - BN_mod_add(bn_exp2, bn_a, bn_result, bn_prime, bn_ctx); + BN_mul(bn_result, bn_u, bn_exponent, bn_ctx); + BN_add(bn_exp2, bn_a, bn_result); /* (B - (k * g^x)) ^ (a + (u * x)) % N */ BN_mod_exp(bn_result, bn_base, bn_exp2, bn_prime, bn_ctx); -- cgit v1.2.3