Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFC5054 - Fixed an issue when calculating M, producing bad values #25

Merged
merged 1 commit into from
Nov 9, 2024

Conversation

macmade
Copy link
Contributor

@macmade macmade commented Nov 6, 2024

When calculating M, RFC5054 requires the generator g to be padded.
This is handled inside srp_user_process_challenge by using H_nn_rfc5054.
However, padding was missing in calculate_M, since hashing is done differently, with an xor.

@cocagne
Copy link
Owner

cocagne commented Nov 7, 2024 via email

@macmade
Copy link
Contributor Author

macmade commented Nov 8, 2024

Thanks for the reply, Tom.

My pull requests follow changes in Apple’s iCloud authentication.
You may have seen discussions around that on some other projects using your Python library, such as pyiCloud:
picklepete/pyicloud#456

Our software, iMazing, uses an endpoint on iCloud to allow users to retrieve high-resolution photos if they’re unavailable on the device.

iCloud authentication is now SRP6a, with extra derivation on the password using PBKDF2.

We replaced our old implementation with your C library. This required a few changes, such as:

  • An option to not hash the username when calculating X.
  • A way to set the password after the SRPUser structure has been created since the server communicates PBKDF2 iterations along with the salt.
  • A way to retrieve H_AMK from the SRPUser structure since the server requires M2 to be passed with M1.

These were already present in the Python version.

Even after these changes, authentication still did not work on our side.
So, I compared the Python and C implementations. I used fixed values for a, b, salt, etc., and noticed the value of M1 was different between the two.

Adding padding in G solved the issue; the two implementations now gave the same result for M1.
Testing the whole process again, iCloud authentication was also now possible.

I hope this clarifies the reason for my pull requests.
Don't hesitate if you need more details.

@cocagne
Copy link
Owner

cocagne commented Nov 9, 2024 via email

@cocagne cocagne merged commit b1a6ebc into cocagne:rfc5054_compat Nov 9, 2024
@macmade
Copy link
Contributor Author

macmade commented Nov 9, 2024

Thank you very much for merging these, and for your library!
Wish you a good weekend!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants