"+" bug in mac_key?

[meepbear *]

>Thirdly - the DH public key (determined by the randomly selected private 
>key?) needs to be longer? GMP docs on the PHP site are very vague on what 
>the parameter to gmp_random actually means, so I'm guessing.
The documentation for gmp_random() isn't really any help at all. My current 
guess is that the number yields a maximum number of "x times y bits" where y 
seems to be 32 bit (on the machines I tested it on) but is in no way 
guaranteed to stay 32. I guess it could be 64 on a 64-bit processor but I 
don't have one of those to test with.
If you want to play it safe you can do gmp_random(15) (or the ugly way I 
ended up doing it which is to start with gmp_random(31) in a loop and 
decrement the parameter until the random number is smaller than the 
modulus).

>Secondly, I'm far from clear *what* I should be prepending (a zero-byte?) 
>to, to prevent sign errors. All arbitrary-precision numbers?  (I assume it 
>can't hurt to zero-pad anything that doesn't have the top bit set).
You can't just prepend a zero byte to every number since you need to 
reconstruct the exact same number that the server used originally or you'll 
end up with a different hash.

I think I remember that at some point you convert all the numbers to a 
hexadecimal string? In that case you look at the first character and if it's 
8,9,A-F you need to prepend a '0' (character since you're dealing with a 
string). Then for all numbers (high bit set or not) you need to look at the 
length and prepend another '0' in case the length is odd (2 hexadecimal 
characters = one byte).

So for instance if you receive (the following are hexadecimal, not decimal):

1) 55FF
- high bit not set: do nothing
- even number: do nothing

2) 55F
- high bit not set: do nothing
- odd number: preprend zero to get "055F"

3) D5FF
- high bit set: prepend zero to get "0D5FF"
- odd number: prepend zero to get "00D5FF"

Then if you pack() that number, you should get the proper result.

I hope that helped and didn't add to your confusion :).
If you like I can send you some sample data (DH server private keys, public 
keys + hashes) + how they are sent across HTTP and then you can just test 
against those since I know from personal experience that testing against a 
real OpenID server can be rather tricky when you can't verify anything but 
the end result.

>I suspect I'm asking what many will think rather basic questions here, but 
>this is ground with which I'm rather unfamiliar, is tricky to test, and 
>which seems to stretch PHP somewhat, for that matter.
PHP doesn't have native bigint support so that makes working with them 
rather clumsy, especially when you have to treat them as a string rather 
than a number.