[BUG] Panic in RegistrationFinalize: nil pointer dereference in (*Scalar).Copy

[openfinch]

Describe the bug

When calling RegistrationFinalize during the OPAQUE registration flow, the library panics with a runtime error: invalid memory address or nil pointer dereference in (*Scalar).Copy. This occurs even when passing the original RegistrationRequest pointer from RegisterStart directly to RegisterFinish, without serialization or copying.

Your setup

What version/commit of the project are you using?

	github.com/bytemare/opaque v0.10.1-0.20250508205515-fabe5d72a34b
	github.com/bytemare/ecc v0.9.0 // indirect
	github.com/bytemare/hash v0.5.2 // indirect
	github.com/bytemare/hash2curve v0.5.4 // indirect
	github.com/bytemare/ksf v0.3.0 // indirect
	github.com/bytemare/secp256k1 v0.3.0 // indirect

What version of go are you using?

$ go version
go version go1.24.4 linux/amd64

What does the go environment look like?

go env Output

AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='0'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE=''
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/home/jf/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/home/jf/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -fno-caret-diagnostics -Qunused-arguments -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2627748845=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/home/jf/Work/WeirdUpNorth/Labyrinth/go.mod'
GOMODCACHE='/home/jf/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/home/jf/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/home/jf/.proto/tools/go/1.24.4'
GOSUMDB='sum.golang.org'
GOTELEMETRY='on'
GOTELEMETRYDIR='/home/jf/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/home/jf/.proto/tools/go/1.24.4/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'

If relevant, what parameters or arguments are you using?

N/A – using the standard OPAQUE registration flow. Our OpaqueConfig is just o.DefaultConfiguration().

Reproducing

What did you do? Steps to reproduce the behavior:

1. Call RegisterStart and store the returned reg pointer.
2. Pass the same reg pointer to RegisterFinish along with the server's registration response.
3. Observe a panic in RegistrationFinalize.

Expected behavior

Registration should complete without a panic. The client should receive a valid registration record.

Additional context

• The panic occurs in (*Scalar).Copy called from internal/oprf.(*Client).Finalize.
• No serialization or copying of the reg object occurs between RegisterStart and RegisterFinish.
• Both bytemare/opaque and bytemare/ecc are at the latest main or recent commits.

This is a snippet from the networking.go module: https://gist.github.com/openfinch/fa19e74e3b50f91bb4dfe38f8aa1490f - The packet wrapper you see on lines 34, 60, 108 and 134 is a simple msgpack, and the code for this is shared between the client and server, so it doesn't look to be an encoding issue, but I'm open to be corrected.

Stack Trace

github.com/bytemare/ecc.(*Scalar).Copy(...)
    .../github.com/bytemare/ecc@v0.9.0/scalar.go:161
github.com/bytemare/opaque/internal/oprf.(*Client).Finalize
    .../github.com/bytemare/opaque@v0.10.1-.../internal/oprf/client.go:57 +0x1f
github.com/bytemare/opaque.(*Client).buildPRK
    .../github.com/bytemare/opaque@v0.10.1-.../client.go:69 +0x5b
github.com/bytemare/opaque.(*Client).RegistrationFinalize
    .../github.com/bytemare/opaque@v0.10.1-.../client.go:152 +0x7d
github.com/weirdupnorth/labyrinth/client/networking.(*ClientConnection).RegisterFinish
    .../client/networking/networking.go:234 +0x557

[bytemare]

Hi @openfinch,

I did not succeed in reproducing your bug. But from what I see in the code you posted in the gist and the stack trace, I think the panic is because you don't use the same Client instance.

In your code below, you use two different client instances that you derive from the configuration.

func (c *ClientConnection) RegisterStart(username, password string) (*message.RegistrationRequest, []byte, error) {
...
        client, err := o.OpaqueConfig.Client()
	if err != nil {
		return nil, nil, fmt.Errorf("failed to create opaque client: %v", err)
	}
	reg := client.RegistrationInit([]byte(password))
	if err != nil {
		return nil, nil, fmt.Errorf("failed to create registration request: %v", err)
	}
...

func (c *ClientConnection) RegisterFinish(username, password string, reg *message.RegistrationRequest, registrationResponse []byte) error {
... 
	client, err := o.OpaqueConfig.Client()
	if err != nil {
		return fmt.Errorf("failed to create opaque client: %v", err)
	}
...
regRecord, _ := client.RegistrationFinalize(response, o.ClientRegistrationFinalizeOptions{
		ClientIdentity: []byte(username),
		ServerIdentity: []byte(c.ServerID),
	})

But RegistrationInit initiates a state that is then reused in RegistrationFinalize. That state contains the OPRF blind, used to protect the password. So when you call RegistrationFinalize without having called RegistrationInit on the same client before, the state does not exist, and has therefore nil pointers internally. This is was leads to the panic that you're encountering.

You'll find thorough examples in examples_test.go on how to use the clients and server properly. Let me know if the examples are not clear 😃

Here's a quick fix for your code:

func (c *ClientConnection) RegisterStart(username, password string) (*opaque.Client, []byte, error) {
...
	return client, regResp.RegistrationResponse, nil
}
...
func (c *ClientConnection) RegisterFinish(client *opaque.Client, username string, registrationResponse []byte) error {
...
        // Remove this part where you create a new client.
        client, err := o.OpaqueConfig.Client()
	if err != nil {
		return fmt.Errorf("failed to create opaque client: %v", err)
	}
...

Or you can embed the client in your ClientConnection.