From e7d85aa1b6e18fb68b23dfe34bf6cb970ba3d15f Mon Sep 17 00:00:00 2001
From: siddharth ravikumar <s@ricketyspace.net>
Date: Wed, 29 Jun 2022 20:47:28 -0400
Subject: lib: srp: update session key mac

Use `HmacSha256`.
---
 lib/srp.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/srp.go b/lib/srp.go
index 892ba8c..2c165fc 100644
--- a/lib/srp.go
+++ b/lib/srp.go
@@ -254,7 +254,10 @@ func (u *SRPUser) ComputeSessionKey(a *big.Int) error {
 }
 
 func (u *SRPUser) SessionKeyMacVerify(mac []byte) bool {
-	return u.h.MacVerify(u.salt, u.sk, mac)
+	if BytesEqual(HmacSha256(u.sk, u.salt), mac) {
+		return true
+	}
+	return false
 }
 
 func (u *SRPUser) LoggedIn() bool {
@@ -487,5 +490,5 @@ func (s *SRPClientSession) SessionKeyMac(salt []byte) ([]byte, error) {
 	if len(salt) < 1 {
 		return nil, CPError{"salt is invalid"}
 	}
-	return s.h.Mac(salt, s.sk), nil
+	return HmacSha256(s.sk, salt), nil
 }
-- 
cgit v1.2.3