forked from coyim/otr3
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsmp.go
114 lines (96 loc) · 2.54 KB
/
smp.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
package otr3
import (
"math/big"
"github.com/coyim/gotrax"
)
type smp struct {
state smpState
question *string
secret *big.Int
s1 *smp1State
s2 *smp2State
s3 *smp3State
}
const smpVersion = 1
func (s *smp) wipe() {
s.state = nil
s.question = nil
wipeBigInt(s.secret)
s.secret = nil
s.s1 = nil
s.s2 = nil
s.s3 = nil
}
func (s *smp) ensureSMP() {
if s.state != nil {
return
}
s.state = smpStateExpect1{}
}
// SMPQuestion returns the current SMP question and ok if there is one, and not ok if there isn't one.
func (c *Conversation) SMPQuestion() (string, bool) {
if c.smp.question == nil {
return "", false
}
return *c.smp.question, true
}
func generateSMPSecret(initiatorFingerprint, recipientFingerprint, ssid, secret []byte, v otrVersion) *big.Int {
h := v.hash2Instance()
h.Write([]byte{smpVersion})
h.Write(initiatorFingerprint)
h.Write(recipientFingerprint)
h.Write(ssid)
h.Write(secret)
return new(big.Int).SetBytes(h.Sum(nil))
}
func generateDZKP(r, a, c *big.Int) *big.Int {
return subMod(r, mul(a, c), q)
}
func generateZKP(r, a *big.Int, ix byte, v otrVersion) (c, d *big.Int) {
c = hashMPIsBN(v.hash2Instance(), ix, modExp(g1, r))
d = generateDZKP(r, a, c)
return
}
func verifyZKP(d, gen, c *big.Int, ix byte, v otrVersion) bool {
r := modExp(g1, d)
s := modExp(gen, c)
t := hashMPIsBN(v.hash2Instance(), ix, mulMod(r, s, p))
return eq(c, t)
}
func verifyZKP2(g2, g3, d5, d6, pb, qb, cp *big.Int, ix byte, v otrVersion) bool {
l := mulMod(
modExp(g3, d5),
modExp(pb, cp),
p)
r := mulMod(mul(modExp(g1, d5),
modExp(g2, d6)),
modExp(qb, cp),
p)
t := hashMPIsBN(v.hash2Instance(), ix, l, r)
return eq(cp, t)
}
func verifyZKP3(cp, g2, g3, d5, d6, pa, qa *big.Int, ix byte, v otrVersion) bool {
l := mulMod(modExp(g3, d5), modExp(pa, cp), p)
r := mulMod(mul(modExp(g1, d5), modExp(g2, d6)), modExp(qa, cp), p)
t := hashMPIsBN(v.hash2Instance(), ix, l, r)
return eq(cp, t)
}
func verifyZKP4(cr, g3a, d7, qaqb, ra *big.Int, ix byte, v otrVersion) bool {
l := mulMod(modExp(g1, d7), modExp(g3a, cr), p)
r := mulMod(modExp(qaqb, d7), modExp(ra, cr), p)
t := hashMPIsBN(v.hash2Instance(), ix, l, r)
return eq(cr, t)
}
func genSMPTLV(tp uint16, mpis ...*big.Int) tlv {
data := make([]byte, 0, 1000)
// TODO: is this really correct? It seems like it's adding the length for MPIs two times
data = gotrax.AppendWord(data, uint32(len(mpis)))
data = gotrax.AppendMPIs(data, mpis...)
length := uint16(len(data))
out := tlv{
tlvType: tp,
tlvLength: length,
tlvValue: data,
}
return out
}