lib: bastardize srp implementation

So that it can be exploited by the zero key attack (challenge 37).
author: siddharth ravikumar <s@ricketyspace.net> 2022-05-30 14:51:46 -0400
committer: siddharth ravikumar <s@ricketyspace.net> 2022-05-30 14:51:46 -0400
commit: 33628f019faf7fdf4dd763ebe29b9e64fcc0a01c (patch)
tree: 7feaf3247dea3bcc32fc05820a95bd62d270e6fb
parent: 2ca1e4a3fb16c67d41fc88d694eda53963eacf42 (diff)
1 files changed, 0 insertions, 10 deletions
diff --git a/lib/srp.go b/lib/srp.go
index 6fd8111..aa3a956 100644
--- a/lib/srp.go
+++ b/lib/srp.go
@@ -203,10 +203,6 @@ func (u *SRPUser) SetScramblingParam(a *big.Int) error {
 }
 
 func (u *SRPUser) ComputeSessionKey(a *big.Int) error {
-	if a.Cmp(big.NewInt(0)) != 1 {
-		return CPError{"a is invalid"}
-	}
-
 	// v^u
 	vu := new(big.Int)
 	vu.Exp(u.v, u.u, u.n)
@@ -355,9 +351,6 @@ func (s *SRPClientSession) ComputeSessionKey(salt []byte,
 	if len(salt) < 1 {
 		return CPError{"salt invalid"}
 	}
-	if len(pass) < 1 {
-		return CPError{"pass invalid"}
-	}
 
 	// salt+pass
 	sp := make([]byte, 0)
@@ -408,9 +401,6 @@ func (s *SRPClientSession) SetSessionKey(key []byte) {
 }
 
 func (s *SRPClientSession) SessionKeyMac(salt []byte) ([]byte, error) {
-	if len(s.sk) < 1 {
-		return nil, CPError{"sk is invalid"}
-	}
 	if len(salt) < 1 {
 		return nil, CPError{"salt is invalid"}
 	}
author	siddharth ravikumar <s@ricketyspace.net>	2022-05-30 14:51:46 -0400
committer	siddharth ravikumar <s@ricketyspace.net>	2022-05-30 14:51:46 -0400
commit	33628f019faf7fdf4dd763ebe29b9e64fcc0a01c (patch)
tree	7feaf3247dea3bcc32fc05820a95bd62d270e6fb
parent	2ca1e4a3fb16c67d41fc88d694eda53963eacf42 (diff)