Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #43 from ddealmei/fix-srp-vuln
Fix side channel leaks
  • Loading branch information
cocagne committed Feb 1, 2021
2 parents 34bc95e + 485561a commit dba5264
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions srp/_ctsrp.py
Expand Up @@ -201,6 +201,9 @@ def load_func( name, args, returns = ctypes.c_int):
load_func( 'BN_CTX_new', [] , BN_CTX )
load_func( 'BN_CTX_free', [ BN_CTX ], None )

load_func( 'BN_set_flags', [ BIGNUM, ctypes.c_int ], None )
BN_FLG_CONSTTIME = 0x04

load_func( 'BN_cmp', [ BIGNUM, BIGNUM ], ctypes.c_int )

load_func( 'BN_num_bits', [ BIGNUM ], ctypes.c_int )
Expand Down Expand Up @@ -292,6 +295,7 @@ def calculate_x( hash_class, dest, salt, username, password ):
username = six.b('')
up = hash_class(username + six.b(':') + password).digest()
H_bn_str( hash_class, dest, salt, up )
BN_set_flags(dest, BN_FLG_CONSTTIME)


def update_hash( ctx, n ):
Expand Down Expand Up @@ -430,6 +434,7 @@ def __init__(self, username, bytes_s, bytes_v, bytes_A, hash_alg=SHA1, ng_type=
bytes_to_bn( self.b, bytes_b )
else:
BN_rand(self.b, 256, 0, 0)
BN_set_flags(self.b, BN_FLG_CONSTTIME)

# B = kv + g^b
BN_mul(self.tmp1, k, self.v, self.ctx)
Expand Down Expand Up @@ -541,6 +546,7 @@ def __init__(self, username, password, hash_alg=SHA1, ng_type=NG_2048, n_hex=Non
if bytes_A:
bytes_to_bn( self.A, bytes_A )
else:
BN_set_flags(self.a, BN_FLG_CONSTTIME)
BN_mod_exp(self.A, g, self.a, N, self.ctx)


Expand Down

0 comments on commit dba5264

Please sign in to comment.