From 0b26d9abc5234d179236236f32c7fa2f68fbdb62 Mon Sep 17 00:00:00 2001 From: Neeraj Gupta <254676+ua741@users.noreply.github.com> Date: Thu, 16 Jan 2025 16:06:09 +0530 Subject: [PATCH] Add missing padding --- server/go.mod | 11 ++++++----- server/go.sum | 10 ++++++++++ server/pkg/srp/server.go | 9 +++++---- server/pkg/srp/srp.go | 4 ++-- 4 files changed, 23 insertions(+), 11 deletions(-) diff --git a/server/go.mod b/server/go.mod index 2bd1aec5d8..0f7c79c462 100644 --- a/server/go.mod +++ b/server/go.mod @@ -1,6 +1,6 @@ module github.com/ente-io/museum -go 1.23 +go 1.23.3 require ( firebase.google.com/go v3.13.0+incompatible @@ -36,9 +36,9 @@ require ( github.com/ua-parser/uap-go v0.0.0-20211112212520-00c877edfe0f github.com/ulule/limiter/v3 v3.8.0 github.com/zsais/go-gin-prometheus v0.1.0 - golang.org/x/crypto v0.21.0 - golang.org/x/sync v0.8.0 - golang.org/x/text v0.17.0 + golang.org/x/crypto v0.31.0 + golang.org/x/sync v0.10.0 + golang.org/x/text v0.21.0 google.golang.org/api v0.114.0 gopkg.in/natefinch/lumberjack.v2 v2.0.0 ) @@ -57,6 +57,7 @@ require ( github.com/google/go-tpm v0.9.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect github.com/klauspost/cpuid/v2 v2.2.4 // indirect + github.com/opencoff/go-srp v0.6.3 // indirect github.com/pelletier/go-toml/v2 v2.0.8 // indirect github.com/twitchyliquid64/golang-asm v0.15.1 // indirect github.com/x448/float16 v0.8.4 // indirect @@ -112,7 +113,7 @@ require ( go.opencensus.io v0.24.0 // indirect golang.org/x/net v0.21.0 // indirect golang.org/x/oauth2 v0.7.0 // indirect - golang.org/x/sys v0.18.0 // indirect + golang.org/x/sys v0.28.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect diff --git a/server/go.sum b/server/go.sum index 4c0036a202..1cb26a1869 100644 --- a/server/go.sum +++ b/server/go.sum @@ -486,6 +486,8 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= +github.com/opencoff/go-srp v0.6.3 h1:JE+5Hh+rdMP1GRfZGaHoy+5fD0ZPlEjLNSV2JGKJH1E= +github.com/opencoff/go-srp v0.6.3/go.mod h1:O8yY2mSOngnnGjaEA+EcWxR73rt4bpwkmL3We+wu3OI= github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI= @@ -657,6 +659,8 @@ golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -769,6 +773,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -836,6 +842,8 @@ golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -847,6 +855,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/server/pkg/srp/server.go b/server/pkg/srp/server.go index 860724411e..9b7ed46584 100644 --- a/server/pkg/srp/server.go +++ b/server/pkg/srp/server.go @@ -4,6 +4,7 @@ import ( "bytes" "errors" "fmt" + "github.com/sirupsen/logrus" "math/big" ) @@ -25,6 +26,7 @@ func NewServer(params *SRPParams, Vb []byte, S2b []byte) *SRPServer { secret2 := intFromBytes(S2b) Bb := getB(params, multiplier, V, secret2) + logrus.Infof("NewServer: length of Bb %d, Vb %d, S2b %d", len(Bb), len(Vb), len(S2b)) B := intFromBytes(Bb) return &SRPServer{ @@ -40,9 +42,6 @@ func (s *SRPServer) ComputeB() []byte { } func (s *SRPServer) SetA(A []byte) { - if len(A) != 512 { - panic("invalid client-supplied 'A', must be 1..N-1") - } AInt := intFromBytes(A) U := getu(s.Params, AInt, s.B) S := serverGetS(s.Params, s.Verifier, AInt, s.Secret2, U) @@ -51,6 +50,8 @@ func (s *SRPServer) SetA(A []byte) { s.M1 = getM1(s.Params, A, padToN(s.B, s.Params), S) s.M2 = getM2(s.Params, A, s.M1, s.K) + logrus.Infof("SetA: length of A %d, M1 %d, M2 %d, K %d, S %d", len(A), len(s.M1), len(s.M2), len(s.K), len(S)) + s.u = U // only for tests s.s = intFromBytes(S) // only for tests } @@ -60,7 +61,7 @@ func (s *SRPServer) CheckM1(M1 []byte) ([]byte, error) { return nil, fmt.Errorf("client m1 length (%d) is different from server m1 length %d", len(M1), len(s.M1)) } if !bytes.Equal(s.M1, M1) { - return nil, errors.New("Client did not use the same password") + return nil, errors.New("client did not use the same password") } else { return s.M2, nil } diff --git a/server/pkg/srp/srp.go b/server/pkg/srp/srp.go index 194df956c1..7bc539dd9b 100644 --- a/server/pkg/srp/srp.go +++ b/server/pkg/srp/srp.go @@ -74,8 +74,8 @@ func getK(params *SRPParams, S []byte) []byte { func getu(params *SRPParams, A, B *big.Int) *big.Int { hashU := params.Hash.New() - hashU.Write(A.Bytes()) - hashU.Write(B.Bytes()) + hashU.Write(padToN(A, params)) + hashU.Write(padToN(B, params)) return hashToInt(hashU) }