dh question

[Brad Fitzpatrick]

Repling to myself, this is what I've got so far on the server side for
the "get_authkey" mode:

sub _mode_get_authkey {
    my Net::OpenID::Server $self = shift;

    my ($secret_handle, $secret, $good_for) =
        $self->_allocate_new_secret;

    my $now = time();
    my %prop;

    $prop{'auth_type'}     = "hmac-sha1";
    $prop{'secret_handle'} = $secret_handle;
    $prop{'secret_expiry'} = _time_to_w3c($now);
    $prop{'server_time'}   = _time_to_w3c($now + $good_for);

    if ($self->args("openid.enc") eq "dh") {
        my $dh = Crypt::DH->new;
        $dh->p($self->args("openid.dh.p"));
        $dh->g($self->args("openid.dh.g"));
        $dh->generate_keys;
        my $dh_sec = $dh->compute_secret($self->args("openid.dh.gx"));

        $prop{'openid.dh.gy'} = $dh->pub_key;
        $prop{'enc'}          = "dh";
        $prop{'enc_secret'}   = sha1($secret) ^ sha1($dh_sec);

    } else {
        $prop{'secret'} = $secret;
    }

    return $self->_serialized_props(\%prop);
}


But obviously all those dh.* parameters aren't un-base64'ed and
base64'd where appropriate, and the Math::BigInt objects going to/from
Crypt::DH aren't properly serialized/deserialized as well.

I can finish this up once I get a confirmation that it's
base64(base256-MSB(big number)).  Which should also go into the spec,
because it wasn't obvious to me at least.  Maybe it's a crypto
convention, but assume most implementors won't be crypto people.

Thanks!
Brad


On Tue, 7 Jun 2005, Brad Fitzpatrick wrote:

> I'm adding DH/HMAC support to the Perl modules, and I have a question:
>
> # openid.enc_secret = H(gx ^ y mod p) XOR secret(handle)
>
> When I run H() on gx^y mod p, what are the actual bytes I'm running H()
> on?
>
>    -- base-256, MSB?
>        -- adding extra 0 bits to beginning to pad to byte boundary
>    -- decimal string?
>    -- hex string?
>    -- base64 string?  (of what bytes, again)
>
> I assume base-256, MSB, but let me know.
>
> - Brad
>
>