From 33628f019faf7fdf4dd763ebe29b9e64fcc0a01c Mon Sep 17 00:00:00 2001
From: siddharth ravikumar <s@ricketyspace.net>
Date: Mon, 30 May 2022 14:51:46 -0400
Subject: lib: bastardize srp implementation

So that it can be exploited by the zero key attack (challenge 37).
---
 lib/srp.go | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/lib/srp.go b/lib/srp.go
index 6fd8111..aa3a956 100644
--- a/lib/srp.go
+++ b/lib/srp.go
@@ -203,10 +203,6 @@ func (u *SRPUser) SetScramblingParam(a *big.Int) error {
 }
 
 func (u *SRPUser) ComputeSessionKey(a *big.Int) error {
-	if a.Cmp(big.NewInt(0)) != 1 {
-		return CPError{"a is invalid"}
-	}
-
 	// v^u
 	vu := new(big.Int)
 	vu.Exp(u.v, u.u, u.n)
@@ -355,9 +351,6 @@ func (s *SRPClientSession) ComputeSessionKey(salt []byte,
 	if len(salt) < 1 {
 		return CPError{"salt invalid"}
 	}
-	if len(pass) < 1 {
-		return CPError{"pass invalid"}
-	}
 
 	// salt+pass
 	sp := make([]byte, 0)
@@ -408,9 +401,6 @@ func (s *SRPClientSession) SetSessionKey(key []byte) {
 }
 
 func (s *SRPClientSession) SessionKeyMac(salt []byte) ([]byte, error) {
-	if len(s.sk) < 1 {
-		return nil, CPError{"sk is invalid"}
-	}
 	if len(salt) < 1 {
 		return nil, CPError{"salt is invalid"}
 	}
-- 
cgit v1.2.3