Permalink
Browse files

parse ebuf out of the kexinit since it needs to be sent anyway, still…

… getting public/private key disagreement
  • Loading branch information...
1 parent dfb22d8 commit 9980ce1026aaf58d34e417e21f6bcc1f6508b2dd @substack committed Mar 3, 2011
Showing with 42 additions and 15 deletions.
  1. +28 −10 dss.js
  2. +14 −5 index.js
View
38 dss.js
@@ -18,7 +18,6 @@ var exports = module.exports = DSS;
function DSS (keys) {
if (!(this instanceof DSS)) return new DSS(keys);
-
if (!keys.public) throw new Error('Public key not specified');
if (!keys.private) throw new Error('Private key not specified');
@@ -27,16 +26,21 @@ function DSS (keys) {
this.fields = { x : bigint.fromBuffer(keys.private) };
var buffers = Binary.parse(keys.public)
+ .word32be('length.id').buffer('buffers.id', 'length.id')
.word32be('length.p').buffer('buffers.p', 'length.p')
.word32be('length.q').buffer('buffers.q', 'length.q')
.word32be('length.g').buffer('buffers.g', 'length.g')
.word32be('length.y').buffer('buffers.y', 'length.y')
.vars.buffers
;
- 'pqgy'.split('').forEach(function (name) {
+ if (buffers.id.toString() !== 'ssh-dss') {
+ throw new Error('id != "ssh-dss"');
+ }
+
+ 'pqgy'.split('').forEach((function (name) {
this.fields[name] = bigint.fromBuffer(buffers[name]);
- });
+ }).bind(this));
if (!this.valid()) throw new Error('Public and private keys disagree');
}
@@ -66,13 +70,23 @@ DSS.fromFields = function (fields) {
DSS.prototype.valid = function () {
var y = this.fields.g.powm(this.fields.x, this.fields.p);
+console.log(y);
+console.log(this.fields);
return y.toString() === this.fields.y.toString();
};
-DSS.prototype.challenge = function (ebuf, params) {
- var e = bigint.fromBuffer(ebuf);
- var K = e.powm(this.fields.y, this.fields.p).toBuffer('mpint');
- var f = this.fields.g.powm(this.fields.y, this.fields.p).toBuffer('mpint');
+DSS.prototype.challenge = function (params) {
+ var e = bigint.fromBuffer(
+ Binary.parse(params.client.kexinit)
+ .skip(1)
+ .word32be('length')
+ .buffer('e', 'length')
+ .vars.e
+ );
+ assert.eql(params.client.kexinit.slice(1), e.toBuffer('mpint'));
+
+ var K = e.powm(this.fields.y, this.fields.p);
+ var f = this.fields.g.powm(this.fields.y, this.fields.p);
var K_S = pack(this.keys.public);
@@ -83,11 +97,15 @@ DSS.prototype.challenge = function (ebuf, params) {
var sign = crypto.createSign('DSA');
- [ V_C, V_S, I_C, I_S, K_S, ebuf, f, K ]
- .forEach(function (buf) { sign.update(buf) });
+ [ V_C, V_S, I_C, I_S, K_S ].forEach(function (buf) {
+ sign.update(buf);
+ });
- var signed = new Buffer(sign.sign(this.keys.private, 'base64'), 'base64');
+ [ e, f, K ].forEach(function (n) {
+ sign.update(n.toBuffer('mpint'));
+ });
+ var signed = new Buffer(sign.sign(this.keys.private, 'base64'), 'base64');
return Buffers([ K_S, f.toBuffer('mpint'), signed ]).slice();
};
View
19 index.js
@@ -12,8 +12,8 @@ var exports = module.exports = function (keys) {
if (pub.algorithm !== priv.algorithm) {
throw new Error(
- 'key types '
- + [ pub.keyType, priv.keyType ]
+ 'public and private algorithms '
+ + [ pub.algorithm, priv.algorithm ]
.map(String).map(JSON.stringify).join(' and ')
+ ' disagree'
);
@@ -22,8 +22,11 @@ var exports = module.exports = function (keys) {
if (!algos[pub.algorithm]) {
throw new Error('Unsupported key type ' + pub.algorithm.toString());
}
-
- return algos[pub.algorithm]({ public : pub, private : priv });
+
+ return algos[pub.algorithm]({
+ public : new Buffer(pub.data, 'base64'),
+ private : new Buffer(priv.data, 'base64'),
+ });
};
var algos = exports.algorithms = {
@@ -40,8 +43,11 @@ exports.parse = function (contents) {
var ssh2 = body.match(/^-----BEGIN (\S+) (PRIVATE|PUBLIC) KEY-----\n/);
if (ssh2) {
+ var algo = ssh2[1].toLowerCase();
+ if (algo === 'dsa') algo = 'dss';
+
return {
- algorithm : ssh2[1].toLowerCase(),
+ algorithm : algo,
keyType : ssh2[2].toLowerCase(),
data : body.toString().split('\n')
.filter(function (line) {
@@ -55,6 +61,9 @@ exports.parse = function (contents) {
var openssh = body.match(/^ssh-(\S+)\s+(\S+)/);
if (openssh) {
+ var algo = openssh[1].toLowerCase();
+ if (algo === 'dsa') algo = 'dss';
+
return {
algorithm : openssh[1],
keyType : undefined,

0 comments on commit 9980ce1

Please sign in to comment.