gazagnaire.org / ocaml-srp
SRP-6a Secure Remote Password protocol for OCaml
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Update README.md package index

Thomas Gazagnaire 105ccd45 13ec3ccc

+22 -10
+22 -10
lib/srp.ml
··· 80 80 let compute_k () = 81 81 let n_bytes = bytes_of_z n in 82 82 let g_bytes = bytes_of_z ~pad:(String.length n_bytes) g in 83 - z_of_bytes (hash (n_bytes ^ g_bytes)) 83 + z_of_bytes (hash (String.concat "" [ n_bytes; g_bytes ])) 84 84 85 85 (** Compute x = H(salt | H(username | ":" | password)) *) 86 86 let compute_x ~salt ~username ~password = 87 - let inner = hash (username ^ ":" ^ password) in 88 - z_of_bytes (hash (salt ^ inner)) 87 + let inner = hash (String.concat "" [ username; ":"; password ]) in 88 + z_of_bytes (hash (String.concat "" [ salt; inner ])) 89 89 90 90 (** Compute verifier v = g^x mod N *) 91 91 let compute_verifier ~salt ~username ~password = ··· 117 117 else Ok () 118 118 in 119 119 let k = compute_k () in 120 - let u = z_of_bytes (hash (pad_z t.big_a ^ pad_z big_b)) in 120 + let u = 121 + z_of_bytes (hash (String.concat "" [ pad_z t.big_a; pad_z big_b ])) 122 + in 121 123 let* () = 122 124 if Z.(equal u zero) then Error (`Msg "Invalid u value") else Ok () 123 125 in ··· 132 134 let compute_proof t ~salt ~big_b ~session_key = 133 135 let h_user = hash t.username in 134 136 hash 135 - (hash_xor_ng ^ h_user ^ salt ^ pad_z t.big_a ^ pad_z big_b ^ session_key) 137 + (String.concat "" 138 + [ hash_xor_ng; h_user; salt; pad_z t.big_a; pad_z big_b; session_key ]) 136 139 137 140 let verify_proof t ~m1 ~m2 ~session_key = 138 - let expected = hash (pad_z t.big_a ^ m1 ^ session_key) in 141 + let expected = hash (String.concat "" [ pad_z t.big_a; m1; session_key ]) in 139 142 String.equal expected m2 140 143 end 141 144 ··· 166 169 if Z.(equal (big_a mod n) zero) then Error (`Msg "Invalid A value") 167 170 else Ok () 168 171 in 169 - let u = z_of_bytes (hash (pad_z big_a ^ pad_z t.big_b)) in 172 + let u = 173 + z_of_bytes (hash (String.concat "" [ pad_z big_a; pad_z t.big_b ])) 174 + in 170 175 let* () = 171 176 if Z.(equal u zero) then Error (`Msg "Invalid u value") else Ok () 172 177 in ··· 178 183 let h_user = hash t.username in 179 184 let expected = 180 185 hash 181 - (hash_xor_ng ^ h_user ^ t.salt ^ pad_z big_a ^ pad_z t.big_b 182 - ^ session_key) 186 + (String.concat "" 187 + [ 188 + hash_xor_ng; 189 + h_user; 190 + t.salt; 191 + pad_z big_a; 192 + pad_z t.big_b; 193 + session_key; 194 + ]) 183 195 in 184 196 String.equal expected m1 185 197 186 198 let compute_proof _t ~big_a ~m1 ~session_key = 187 - hash (pad_z big_a ^ m1 ^ session_key) 199 + hash (String.concat "" [ pad_z big_a; m1; session_key ]) 188 200 end