Clear up parameters to checkParams by validating that the generator i…

…s 2 and not requiring modulusMinusOne

srp.go

@@ -247,7 +247,11 @@ func computeMultiplier(generator, modulus *big.Int, bitLength int) (*saferith.Na
 	return new(saferith.Nat).SetBig(multiplier, bitLength), nil
 }
 
-func checkParams(bitLength int, ephemeral, generatorTwo, modulus *big.Int, modulusMinusOne *big.Int) error {
+func checkParams(bitLength int, ephemeral, generator, modulus *big.Int) error {
+
+	if !generator.IsInt64() || generator.Int64() != 2 {
+		return errors.New("go-srp: SRP generator must always be 2")
+	}
 
 	if modulus.BitLen() != bitLength {
 		return errors.New("go-srp: SRP modulus has incorrect size")
@@ -263,6 +267,7 @@ func checkParams(bitLength int, ephemeral, generatorTwo, modulus *big.Int, modul
 		return errors.New("go-srp: SRP modulus is not 3 mod 8")
 	}
 
+	modulusMinusOne := big.NewInt(0).Sub(modulus, big.NewInt(1))
 	if ephemeral.Cmp(big.NewInt(1)) <= 0 || ephemeral.Cmp(modulusMinusOne) >= 0 {
 		return errors.New("go-srp: SRP server ephemeral is out of bounds")
 	}
@@ -283,7 +288,7 @@ func checkParams(bitLength int, ephemeral, generatorTwo, modulus *big.Int, modul
 	// condition, that 2^((N-1)/2) = -1 (mod N), is a single exponentiation
 	// and doubles as a test / guarantee that 2 is a generator of the whole group
 	// (and not a square).
-	if big.NewInt(0).Exp(generatorTwo, halfModulus, modulus).Cmp(modulusMinusOne) != 0 {
+	if big.NewInt(0).Exp(generator, halfModulus, modulus).Cmp(modulusMinusOne) != 0 {
 		return errors.New("pm-srp: SRP modulus is not prime")
 	}
 
@@ -425,7 +430,7 @@ func (s *Auth) GenerateProofs(bitLength int) (*Proofs, error) {
 		bitLength,
 		serverEphemeralInt,
 		generatorInt,
-		modulusInt, modulusMinusOneInt,
+		modulusInt,
 	)
 	if err != nil {
 		return nil, err