bgrosse-midokura
commented
3 years ago This library was developed against Nimbus, that would be the reason why it follows its behavior. This could be configurable, though.
Closed jbis9051 closed 3 years ago
bgrosse-midokura
commented
3 years ago This library was developed against Nimbus, that would be the reason why it follows its behavior. This could be configurable, though.
jbis9051
commented
3 years ago @bgrosse-midokura Hmm. Maybe I should open an issue over there.
jbis9051
commented
3 years ago 
bufistov
commented
3 years ago It seems that N == PAD(N) by the PAD() definition in RFC?
jbis9051
commented
3 years ago It seems that N == PAD(N) by the PAD() definition in RFC?
Seems so:
test("#pad N test", async (t) => {
const srpRoutines = new SRPRoutines(new SRPParameters());
t.equals(
arrayBufferToBigInt(
await srpRoutines.hash(
bigIntToArrayBuffer(srpRoutines.parameters.primeGroup.N),
),
),
arrayBufferToBigInt(
await srpRoutines.hashPadded(
bigIntToArrayBuffer(srpRoutines.parameters.primeGroup.N),
),
),
);
});passes.
The code for computing K is:
https://github.com/midonet/tssrp6a/blob/4c88ce72caa0bcfe38fee881bdc92092c3c4f095/src/routines.ts#L47-L54
However, [RFC5054](https://datatracker.ietf.org/doc/html/rfc5054#section-2.6 says the following:
In the RFC, only g is padded however in the library both N and g are padded.
Is this incorrect or am I missing something?
Nimbus seems to do the same thing: https://bitbucket.org/connect2id/nimbus-srp/src/7a28da95af0317f99a9bcb88479e56fcf7b2a5cf/src/main/java/com/nimbusds/srp6/SRP6Routines.java#lines-50
As well as Mozilla https://github.com/mozilla/node-srp/blob/dd55cab369d811fb814484e3c60d72e0e8f868dc/lib/srp.js#L135
1Password pads nothing and notes it as a bug
https://github.com/1Password/srp/blob/c06b30ed95c1485878b18d85749e36013e78e024/internal.go#L43