Permalink
Browse files

debugging client verification now agrees with the example values from…

… the spec
  • Loading branch information...
1 parent 5ce3ee9 commit 00ee7083c54dce1462d8f10a35de59af8e145d75 @substack committed Mar 6, 2011
Showing with 14 additions and 6 deletions.
  1. +14 −6 dss.js
View
20 dss.js
@@ -74,7 +74,6 @@ DSS.fromFields = function (fields) {
}
DSS.prototype.valid = function () {
- return true; // don't actually check >_<
var y = this.fields.g.powm(this.fields.x, this.fields.p);
return y.toString() === this.fields.y.toString();
};
@@ -114,20 +113,29 @@ DSS.prototype.challenge = function (kexdh, params) {
var g = this.fields.g;
var q = this.fields.q;
+ var y = this.fields.y; // public key
+
var r = g.powm(K, p).mod(q);
- assert.ok(r !== 0);
+ assert.ok(r.lt(q) && r.gt(0));
- return function sign (buf) {
- if (!Buffer.isBuffer(buf)) throw new Error('not a buffer');
+ return function sign (M) {
+ if (!Buffer.isBuffer(M)) throw new Error('not a buffer');
var s = K.invertm(q)
.mul(
- bigint.fromBuffer(sha1(buf))
+ bigint.fromBuffer(sha1(M))
.add(x.mul(r))
)
.mod(q)
;
- assert.ok(!s.eq(0));
+ assert.ok(s.lt(q) && s.gt(0));
+
+ // verification that the client will do:
+ var w = s.invertm(q);
+ var u1 = bigint.fromBuffer(sha1(M)).mul(w).mod(q);
+ var u2 = r.mul(w).mod(q);
+ var v = g.powm(u1, p).mul(y.powm(u2, p)).mod(p).mod(q);
+ assert.ok(v.eq(r), v + ' != ' + r);
return Buffers([
r.toBuffer(),

0 comments on commit 00ee708

Please sign in to comment.