From 33628f019faf7fdf4dd763ebe29b9e64fcc0a01c Mon Sep 17 00:00:00 2001 From: siddharth ravikumar Date: Mon, 30 May 2022 14:51:46 -0400 Subject: lib: bastardize srp implementation So that it can be exploited by the zero key attack (challenge 37). --- lib/srp.go | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'lib') diff --git a/lib/srp.go b/lib/srp.go index 6fd8111..aa3a956 100644 --- a/lib/srp.go +++ b/lib/srp.go @@ -203,10 +203,6 @@ func (u *SRPUser) SetScramblingParam(a *big.Int) error { } func (u *SRPUser) ComputeSessionKey(a *big.Int) error { - if a.Cmp(big.NewInt(0)) != 1 { - return CPError{"a is invalid"} - } - // v^u vu := new(big.Int) vu.Exp(u.v, u.u, u.n) @@ -355,9 +351,6 @@ func (s *SRPClientSession) ComputeSessionKey(salt []byte, if len(salt) < 1 { return CPError{"salt invalid"} } - if len(pass) < 1 { - return CPError{"pass invalid"} - } // salt+pass sp := make([]byte, 0) @@ -408,9 +401,6 @@ func (s *SRPClientSession) SetSessionKey(key []byte) { } func (s *SRPClientSession) SessionKeyMac(salt []byte) ([]byte, error) { - if len(s.sk) < 1 { - return nil, CPError{"sk is invalid"} - } if len(salt) < 1 { return nil, CPError{"salt is invalid"} } -- cgit v1.2.3