/usr/share/gocode/src/github.com/twstrike/otr3/smp_msg2.go is in golang-github-twstrike-otr3-dev 0.0~git20161015.0.744856d-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 | package otr3
import "math/big"
type smp2State struct {
y *big.Int
b2, b3 *big.Int
r2, r3, r4, r5, r6 *big.Int
g3a *big.Int
g2, g3 *big.Int
pb, qb *big.Int
msg smp2Message
}
type smp2Message struct {
g2b, g3b *big.Int
c2, c3 *big.Int
d2, d3 *big.Int
pb, qb *big.Int
cp *big.Int
d5, d6 *big.Int
}
func (m smp2Message) tlv() tlv {
return genSMPTLV(uint16(tlvTypeSMP2), m.g2b, m.c2, m.d2, m.g3b, m.c3, m.d3, m.pb, m.qb, m.cp, m.d5, m.d6)
}
func (c *Conversation) generateSMP2Parameters() (s smp2State, err error) {
b := make([]byte, c.version.parameterLength())
var err1, err2, err3, err4, err5, err6, err7 error
s.b2, err1 = c.randMPI(b)
s.b3, err2 = c.randMPI(b)
s.r2, err3 = c.randMPI(b)
s.r3, err4 = c.randMPI(b)
s.r4, err5 = c.randMPI(b)
s.r5, err6 = c.randMPI(b)
s.r6, err7 = c.randMPI(b)
return s, firstError(err1, err2, err3, err4, err5, err6, err7)
}
func generateSMP2Message(s *smp2State, s1 smp1Message, v otrVersion) smp2Message {
var m smp2Message
m.g2b = modExp(g1, s.b2)
m.g3b = modExp(g1, s.b3)
m.c2, m.d2 = generateZKP(s.r2, s.b2, 3, v)
m.c3, m.d3 = generateZKP(s.r3, s.b3, 4, v)
s.g3a = s1.g3a
s.g2 = modExp(s1.g2a, s.b2)
s.g3 = modExp(s1.g3a, s.b3)
s.pb = modExp(s.g3, s.r4)
s.qb = mulMod(modExp(g1, s.r4), modExp(s.g2, s.y), p)
m.pb = s.pb
m.qb = s.qb
m.cp = hashMPIsBN(v.hash2Instance(), 5,
modExp(s.g3, s.r5),
mulMod(modExp(g1, s.r5), modExp(s.g2, s.r6), p))
m.d5 = subMod(s.r5, mul(s.r4, m.cp), q)
m.d6 = subMod(s.r6, mul(s.y, m.cp), q)
return m
}
func (c *Conversation) generateSMP2(secret *big.Int, s1 smp1Message) (s smp2State, err error) {
if s, err = c.generateSMP2Parameters(); err != nil {
return s, err
}
s.y = secret
s.msg = generateSMP2Message(&s, s1, c.version)
return
}
func (c *Conversation) verifySMP2(s1 *smp1State, msg smp2Message) error {
if !c.version.isGroupElement(msg.g2b) {
return newOtrError("g2b is an invalid group element")
}
if !c.version.isGroupElement(msg.g3b) {
return newOtrError("g3b is an invalid group element")
}
if !c.version.isGroupElement(msg.pb) {
return newOtrError("Pb is an invalid group element")
}
if !c.version.isGroupElement(msg.qb) {
return newOtrError("Qb is an invalid group element")
}
if !verifyZKP(msg.d2, msg.g2b, msg.c2, 3, c.version) {
return newOtrError("c2 is not a valid zero knowledge proof")
}
if !verifyZKP(msg.d3, msg.g3b, msg.c3, 4, c.version) {
return newOtrError("c3 is not a valid zero knowledge proof")
}
g2 := modExp(msg.g2b, s1.a2)
g3 := modExp(msg.g3b, s1.a3)
if !verifyZKP2(g2, g3, msg.d5, msg.d6, msg.pb, msg.qb, msg.cp, 5, c.version) {
return newOtrError("cP is not a valid zero knowledge proof")
}
return nil
}
|