diff --git a/pake.go b/pake.go index f43fb1e..138a287 100644 --- a/pake.go +++ b/pake.go @@ -39,6 +39,7 @@ type Pake struct { // Private variables curve EllipticCurve + P *big.Int // the order of the underlying field Pw []byte Vpwᵤ, Vpwᵥ *big.Int Upwᵤ, Upwᵥ *big.Int @@ -72,7 +73,7 @@ func AvailableCurves() []string { // the points on the elliptic curve. The role is set to either // 0 for the sender or 1 for the recipient. // The curve can be siec, p521, p256, p384 -func initCurve(curve string) (ellipticCurve EllipticCurve, Ux *big.Int, Uy *big.Int, Vx *big.Int, Vy *big.Int, err error) { +func initCurve(curve string) (ellipticCurve EllipticCurve, P *big.Int, Ux *big.Int, Uy *big.Int, Vx *big.Int, Vy *big.Int, err error) { switch curve { case "p521": ellipticCurve = elliptic.P521() @@ -80,24 +81,28 @@ func initCurve(curve string) (ellipticCurve EllipticCurve, Ux *big.Int, Uy *big. Uy, _ = new(big.Int).SetString("4032821203812196944795502391345776760852202059010382256134592838722123385325802540879231526503456158741518531456199762365161310489884151533417829496019094620", 10) Vx, _ = new(big.Int).SetString("1086685267857089638167386722555472967068468061489", 10) Vy, _ = new(big.Int).SetString("5010916268086655347194655708160715195931018676225831839835602465999566066450501167246678404591906342753230577187831311039273858772817427392089150297708931207", 10) + P = elliptic.P521().Params().P case "p256": ellipticCurve = elliptic.P256() Ux, _ = new(big.Int).SetString("793136080485469241208656611513609866400481671852", 10) Uy, _ = new(big.Int).SetString("59748757929350367369315811184980635230185250460108398961713395032485227207304", 10) Vx, _ = new(big.Int).SetString("1086685267857089638167386722555472967068468061489", 10) Vy, _ = new(big.Int).SetString("9157340230202296554417312816309453883742349874205386245733062928888341584123", 10) + P = elliptic.P256().Params().P case "p384": ellipticCurve = elliptic.P384() Ux, _ = new(big.Int).SetString("793136080485469241208656611513609866400481671852", 10) Uy, _ = new(big.Int).SetString("7854890799382392388170852325516804266858248936799429260403044177981810983054351714387874260245230531084533936948596", 10) Vx, _ = new(big.Int).SetString("1086685267857089638167386722555472967068468061489", 10) Vy, _ = new(big.Int).SetString("21898206562669911998235297167979083576432197282633635629145270958059347586763418294901448537278960988843108277491616", 10) + P = elliptic.P384().Params().P case "siec": ellipticCurve = siec.SIEC255() Ux, _ = new(big.Int).SetString("793136080485469241208656611513609866400481671853", 10) Uy, _ = new(big.Int).SetString("18458907634222644275952014841865282643645472623913459400556233196838128612339", 10) Vx, _ = new(big.Int).SetString("1086685267857089638167386722555472967068468061489", 10) Vy, _ = new(big.Int).SetString("19593504966619549205903364028255899745298716108914514072669075231742699650911", 10) + P = siec.SIEC255().Params().P default: err = errors.New("no such curve") return @@ -110,6 +115,7 @@ func initCurve(curve string) (ellipticCurve EllipticCurve, Ux *big.Int, Uy *big. err = fmt.Errorf("Vx/Vy not on curve") } } + return } @@ -119,7 +125,7 @@ func initCurve(curve string) (ellipticCurve EllipticCurve, Ux *big.Int, Uy *big. // The curve can be any elliptic curve. func InitCurve(pw []byte, role int, curve string) (p *Pake, err error) { p = new(Pake) - p.curve, p.Uᵤ, p.Uᵥ, p.Vᵤ, p.Vᵥ, err = initCurve(curve) + p.curve, p.P, p.Uᵤ, p.Uᵥ, p.Vᵤ, p.Vᵥ, err = initCurve(curve) if err != nil { return } @@ -193,7 +199,9 @@ func (p *Pake) Update(qBytes []byte) (err error) { p.Aαᵤ, p.Aαᵥ = p.curve.ScalarBaseMult(p.Aα) p.Yᵤ, p.Yᵥ = p.curve.Add(p.Vpwᵤ, p.Vpwᵥ, p.Aαᵤ, p.Aαᵥ) // "Y" // STEP: B computes Z - p.Zᵤ, p.Zᵥ = p.curve.Add(p.Xᵤ, p.Xᵥ, p.Upwᵤ, new(big.Int).Neg(p.Upwᵥ)) + v := new(big.Int).Neg(p.Upwᵥ) + v.Mod(v, p.P) + p.Zᵤ, p.Zᵥ = p.curve.Add(p.Xᵤ, p.Xᵥ, p.Upwᵤ, v) p.Zᵤ, p.Zᵥ = p.curve.ScalarMult(p.Zᵤ, p.Zᵥ, p.Aα) // STEP: B computes k // H(pw,id_P,id_Q,X,Y,Z) @@ -217,7 +225,9 @@ func (p *Pake) Update(qBytes []byte) (err error) { } // STEP: A computes Z - p.Zᵤ, p.Zᵥ = p.curve.Add(p.Yᵤ, p.Yᵥ, p.Vpwᵤ, new(big.Int).Neg(p.Vpwᵥ)) + v := new(big.Int).Neg(p.Vpwᵥ) + v.Mod(v, p.P) + p.Zᵤ, p.Zᵥ = p.curve.Add(p.Yᵤ, p.Yᵥ, p.Vpwᵤ, v) p.Zᵤ, p.Zᵥ = p.curve.ScalarMult(p.Zᵤ, p.Zᵥ, p.Aα) // STEP: A computes k // H(pw,id_P,id_Q,X,Y,Z)