From e7d85aa1b6e18fb68b23dfe34bf6cb970ba3d15f Mon Sep 17 00:00:00 2001 From: siddharth ravikumar Date: Wed, 29 Jun 2022 20:47:28 -0400 Subject: lib: srp: update session key mac Use `HmacSha256`. --- lib/srp.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/srp.go b/lib/srp.go index 892ba8c..2c165fc 100644 --- a/lib/srp.go +++ b/lib/srp.go @@ -254,7 +254,10 @@ func (u *SRPUser) ComputeSessionKey(a *big.Int) error { } func (u *SRPUser) SessionKeyMacVerify(mac []byte) bool { - return u.h.MacVerify(u.salt, u.sk, mac) + if BytesEqual(HmacSha256(u.sk, u.salt), mac) { + return true + } + return false } func (u *SRPUser) LoggedIn() bool { @@ -487,5 +490,5 @@ func (s *SRPClientSession) SessionKeyMac(salt []byte) ([]byte, error) { if len(salt) < 1 { return nil, CPError{"salt is invalid"} } - return s.h.Mac(salt, s.sk), nil + return HmacSha256(s.sk, salt), nil } -- cgit v1.2.3