include username in client proof

3 files changed, 9 insertions, 0 deletions

diff --git a/srp/src/client.rs b/srp/src/client.rs
index 263e5f3..eed1153 100644
--- a/srp/src/client.rs
+++ b/srp/src/client.rs
@@ -204,6 +204,7 @@ impl<'a, D: Digest> SrpClient<'a, D> {
 
         let m1 = compute_m1::<D>(
             self.params,
+            identity_hash.as_slice(),
             &a_pub.to_bytes_be(),
             &b_pub.to_bytes_be(),
             &key.to_bytes_be(),
diff --git a/srp/src/server.rs b/srp/src/server.rs
index b7d3eff..e1eb331 100644
--- a/srp/src/server.rs
+++ b/srp/src/server.rs
@@ -124,6 +124,7 @@ impl<'a, D: Digest> SrpServer<'a, D> {
     /// v is the provided during initial user registration
     pub fn process_reply(
         &self,
+        username: &str,
         b: &[u8],
         v: &[u8],
         a_pub: &[u8],
@@ -142,10 +143,15 @@ impl<'a, D: Digest> SrpServer<'a, D> {
 
         let u = compute_u::<D>(&a_pub.to_bytes_be(), &b_pub.to_bytes_be());
 
+        let mut d = D::new();
+        d.update(username);
+        let identity_hash = d.finalize();
+
         let key = self.compute_premaster_secret(&a_pub, &v, &u, &b);
 
         let m1 = compute_m1::<D>(
             self.params,
+            identity_hash.as_slice(),
             &a_pub.to_bytes_be(),
             &b_pub.to_bytes_be(),
             &key.to_bytes_be(),
diff --git a/srp/src/utils.rs b/srp/src/utils.rs
index 2bd7639..d053f5d 100644
--- a/srp/src/utils.rs
+++ b/srp/src/utils.rs
@@ -28,6 +28,7 @@ pub fn compute_k<D: Digest>(params: &SrpGroup) -> BigUint {
 // M1 = H(H(N) XOR H(g) | H(U) | s | A | B | K)
 pub fn compute_m1<D: Digest>(
     params: &SrpGroup,
+    identity_hash: &[u8],
     a_pub: &[u8],
     b_pub: &[u8],
     key: &[u8],
@@ -44,6 +45,7 @@ pub fn compute_m1<D: Digest>(
 
     let mut d = D::new();
     d.update(ng_xor);
+    d.update(identity_hash);
     d.update(a_pub);
     d.update(b_pub);
     d.update(key);