Commit 4b72b07d authored by Ian Goldberg's avatar Ian Goldberg

Clarify the DSA computation in the protocol specs.

Thanks to Adam Langley <agl@imperialviolet.org> and Hannes Mehnert
<hannes@mehnert.org> for the report.
Acked-by: 's avatarHannes Mehnert <hannes@mehnert.org>
Acked-by: 's avatarDavid Goulet <dgoulet@ev0ke.net>

Fixes #61
parent 70541ed0
......@@ -7,6 +7,11 @@
* Protocol-v3.html: Remove a stray "DRAFT" from the <title> tag.
* Protocol-v2.html:
* Protocol-v3.html: Clarify the DSA computation in the protocol
specs. Thanks to Adam Langley <agl@imperialviolet.org> and
Hannes Mehnert <hannes@mehnert.org> for the report.
2014-11-29
* README:
......
......@@ -471,8 +471,8 @@ following data, using the key m1:<dl>
<dt>keyid<sub>B</sub> (INT)</dt>
<dt>sig<sub>B</sub>(M<sub>B</sub>) (SIG)</dt>
<dd>This is the signature, using the private part of the key
pub<sub>B</sub>, of the 32-byte M<sub>B</sub> (which does not need to be
hashed again to produce the signature).</dd>
pub<sub>B</sub>, of the 32-byte M<sub>B</sub> (taken modulo q instead of
being truncated (as described in FIPS-186), and not hashed again).</dd>
</dl></li>
<li>Encrypt X<sub>B</sub> using AES128-CTR with key c and initial
counter value 0.</li>
......
......@@ -508,8 +508,8 @@ following data, using the key m1:<dl>
<dt>keyid<sub>B</sub> (INT)</dt>
<dt>sig<sub>B</sub>(M<sub>B</sub>) (SIG)</dt>
<dd>This is the signature, using the private part of the key
pub<sub>B</sub>, of the 32-byte M<sub>B</sub> (which does not need to be
hashed again to produce the signature).</dd>
pub<sub>B</sub>, of the 32-byte M<sub>B</sub> (taken modulo q instead of
being truncated (as described in FIPS-186), and not hashed again).</dd>
</dl></li>
<li>Encrypt X<sub>B</sub> using AES128-CTR with key c and initial
counter value 0.</li>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment