From 350e0dc3582af9a0b8c51968937dc096ae786a4a Mon Sep 17 00:00:00 2001
From: HimbeerserverDE <himbeerserverde@gmail.com>
Date: Fri, 17 Feb 2023 22:30:28 +0100
Subject: include username in client proof

---
 srp/src/server.rs | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'srp/src/server.rs')

diff --git a/srp/src/server.rs b/srp/src/server.rs
index b7d3eff..e1eb331 100644
--- a/srp/src/server.rs
+++ b/srp/src/server.rs
@@ -124,6 +124,7 @@ impl<'a, D: Digest> SrpServer<'a, D> {
     /// v is the provided during initial user registration
     pub fn process_reply(
         &self,
+        username: &str,
         b: &[u8],
         v: &[u8],
         a_pub: &[u8],
@@ -142,10 +143,15 @@ impl<'a, D: Digest> SrpServer<'a, D> {
 
         let u = compute_u::<D>(&a_pub.to_bytes_be(), &b_pub.to_bytes_be());
 
+        let mut d = D::new();
+        d.update(username);
+        let identity_hash = d.finalize();
+
         let key = self.compute_premaster_secret(&a_pub, &v, &u, &b);
 
         let m1 = compute_m1::<D>(
             self.params,
+            identity_hash.as_slice(),
             &a_pub.to_bytes_be(),
             &b_pub.to_bytes_be(),
             &key.to_bytes_be(),
-- 
cgit v1.2.3