I'm implementing SHS in C++ by following the spec/paper, but I'm also looking at the JS code here and the C code in shs1-c. I just noticed a discrepancy:
The spec defines: H = Ap | sign{A}(K|Bp|hash(a · b)) (p.11)
But the code here and in shs1.c concatenates A's public key (Ap) at the end:
Obviously one is not better than the other. But as the latter is what's actually in use, it would be a good idea to update the actual spec to match. (And a footnote could be added to mention the already-known discrepancy in the server challenge, i.e. #7.)
I'm implementing SHS in C++ by following the spec/paper, but I'm also looking at the JS code here and the C code in shs1-c. I just noticed a discrepancy:
H = Ap | sign{A}(K|Bp|hash(a · b))(p.11)shs1.cconcatenates A's public key (Ap) at the end:https://github.com/auditdrivencrypto/secret-handshake/blob/7a465d19f9c36fa2bb2cf6f4e5271bbd68d2cd74/crypto.js#L128
Obviously one is not better than the other. But as the latter is what's actually in use, it would be a good idea to update the actual spec to match. (And a footnote could be added to mention the already-known discrepancy in the server challenge, i.e. #7.)