1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
package otr3
import "math/big"
type smp1State struct {
a2, a3 *big.Int
r2, r3 *big.Int
msg smp1Message
}
type smp1Message struct {
g2a, g3a *big.Int
c2, c3 *big.Int
d2, d3 *big.Int
hasQuestion bool
question string
}
func (m smp1Message) tlv() tlv {
t := genSMPTLV(uint16(tlvTypeSMP1), m.g2a, m.c2, m.d2, m.g3a, m.c3, m.d3)
if m.hasQuestion {
t.tlvType = tlvTypeSMP1WithQuestion
t.tlvValue = append(append([]byte(m.question), 0), t.tlvValue...)
t.tlvLength = uint16(len(t.tlvValue))
}
return t
}
func (c *Conversation) generateSMP1Parameters() (s smp1State, err error) {
b := make([]byte, c.version.parameterLength())
var err1, err2, err3, err4 error
s.a2, err1 = c.randMPI(b)
s.a3, err2 = c.randMPI(b)
s.r2, err3 = c.randMPI(b)
s.r3, err4 = c.randMPI(b)
return s, firstError(err1, err2, err3, err4)
}
func generateSMP1Message(s smp1State, v otrVersion) (m smp1Message) {
m.g2a = modExp(g1, s.a2)
m.g3a = modExp(g1, s.a3)
m.c2, m.d2 = generateZKP(s.r2, s.a2, 1, v)
m.c3, m.d3 = generateZKP(s.r3, s.a3, 2, v)
return
}
func (c *Conversation) generateSMP1() (s smp1State, err error) {
if s, err = c.generateSMP1Parameters(); err != nil {
return s, err
}
s.msg = generateSMP1Message(s, c.version)
return
}
func (c *Conversation) verifySMP1(msg smp1Message) error {
if !c.version.isGroupElement(msg.g2a) {
return newOtrError("g2a is an invalid group element")
}
if !c.version.isGroupElement(msg.g3a) {
return newOtrError("g3a is an invalid group element")
}
if !verifyZKP(msg.d2, msg.g2a, msg.c2, 1, c.version) {
return newOtrError("c2 is not a valid zero knowledge proof")
}
if !verifyZKP(msg.d3, msg.g3a, msg.c3, 2, c.version) {
return newOtrError("c3 is not a valid zero knowledge proof")
}
return nil
}
|
