Is K computed properly?

[jbis9051]

The code for computing K is:

tssrp6a/src/routines.ts

Lines 47 to 54 in 4c88ce7

	public computeK(): BigInteger {
	return wordArrayToBigInteger(
	this.hashPadded(
	bigIntegerToWordArray(this.parameters.N),
	bigIntegerToWordArray(this.parameters.g),
	),
	);
	}

However, [RFC5054](https://datatracker.ietf.org/doc/html/rfc5054#section-2.6 says the following:

k = SHA1(N | PAD(g))

In the RFC, only g is padded however in the library both N and g are padded.

Is this incorrect or am I missing something?

---

Nimbus seems to do the same thing: https://bitbucket.org/connect2id/nimbus-srp/src/7a28da95af0317f99a9bcb88479e56fcf7b2a5cf/src/main/java/com/nimbusds/srp6/SRP6Routines.java#lines-50

As well as Mozilla https://github.com/mozilla/node-srp/blob/dd55cab369d811fb814484e3c60d72e0e8f868dc/lib/srp.js#L135

1Password pads nothing and notes it as a bug

https://github.com/1Password/srp/blob/c06b30ed95c1485878b18d85749e36013e78e024/internal.go#L43

[bgrosse-midokura]

This library was developed against Nimbus, that would be the reason why it follows its behavior.
This could be configurable, though.

[jbis9051]

@bgrosse-midokura Hmm. Maybe I should open an issue over there.

[jbis9051]

Related issue: https://bitbucket.org/connect2id/nimbus-srp/issues/26/is-k-computed-properly

[bufistov]

It seems that N == PAD(N) by the PAD() definition in RFC?

[jbis9051]

It seems that N == PAD(N) by the PAD() definition in RFC?

Seems so:

test("#pad N test", async (t) => {
  const srpRoutines = new SRPRoutines(new SRPParameters());
  t.equals(
    arrayBufferToBigInt(
      await srpRoutines.hash(
        bigIntToArrayBuffer(srpRoutines.parameters.primeGroup.N),
      ),
    ),
    arrayBufferToBigInt(
      await srpRoutines.hashPadded(
        bigIntToArrayBuffer(srpRoutines.parameters.primeGroup.N),
      ),
    ),
  );
});

passes.