PHP hackers wanted -- here's a seed

Brad Fitzpatrick brad at danga.com
Wed May 25 01:43:54 PDT 2005


PHP hackers,

The TypeKey auth code in PHP,

  http://www.uva.ne.jp/Auth_TypeKey/Auth_TypeKey.phps

does DSA verification using one of two PHP modules (gmp or bcmath).
While it expects all the parameters in raw form, not PEM/ASN.1, it
shouldn't be too hard to parse the ASN.1 either by hand or with some
library that google is totally failing to find for me.

The Crypt::DSA module needed raw 'r' and 's' parameters from the
signature, so I did this ghetto thing by hand:

        my ($len, $len_r, $len_s, $r, $s);
        unless ($sig =~ /^\x30/ &&
                ($len = ord(substr($sig,1,1))) &&
                substr($sig,2,1) eq "\x02" &&
                ($len_r =  ord(substr($sig,3,1))) &&
                ($r = substr($sig,4,$len_r)) &&
                substr($sig,4+$len_r,1) eq "\x02" &&
                ($len_s =  ord(substr($sig,5+$len_r,1))) &&
                ($s = substr($sig,6+$len_r,$len_s))) {
            return $self->_fail("asn1_parse_error", "Failed to parse ASN.1 signature");
        }

Which puts gets $r and $s from the DER-packed ASN1 of
SEQUENCE(INTEGER,INTEGER).  You can port that to PHP, then you just need
to decode the PEM file:

http://www.livejournal.com/misc/openid.bml?openid.mode=getpubkey

-----BEGIN PUBLIC KEY-----
MIIBtjCCASsGByqGSM44BAEwggEeAoGBANuhjw/GIilXNuvnf9q3ygn1XSzzRtql
3BpsWSRVwXA05G/d9pEBIH35ADEQ6F035f88OfuZYRlUZt6Zx5q4ReA4KXWdAIaA
snDem9vNYJM+O2yK5sh6yYC6AnDn+zx0gUyr9npXun2nfQcrrXT4b2/Q1mAzawTX
q51pCAaDVICVAhUA611/IduNCUoRyE4a4DZ5jUUfGlUCgYBtFIHm3xwTszWVyWzr
YpE6I7PGkgO6bHTLyH4ngmFbhLt3zCj5Kzi9ifRb906CStAsCQAH6x5BKGybq6hD
8JqJk0kaQ8CpHaCjXcFLAjaNxH5pHftfYq3F8waUkeAwvtIQpEL4UKaLaMqbTm3N
FxWoTcEZ2khdlgGbyNXTmDxN3gOBhAACgYAT/V4S6EYk8Sz25Lq1THXo20b0HH8B
F8bvrfeWL26j6zL+Xzxw2T2s6Jo1vSbhflyZ6mou9tjSTN5xNBbKWCGm7jljLEE2
l9P4G6t5+IIgzf3TFrnApYPSb75HmSVChWiafDkfETB1Ubu2BBmGr9DWMicSvage
nsxOWTm7SqJt1Q==
-----END PUBLIC KEY-----

Remove the BEGIN/END lines, put it all together, un-base64 it, and you
just got another DER-packed ASN.1, which I'm told is of schema:

(ASN1_DER
  (SEQUENCE
    (SEQUENCE
      (OBJECT dsaEncryption)
      (SEQUENCE
        (INTEGER p)
        (INTEGER q)
        (INTEGER g)))
    (BITSTRING
      (ASN1_DER
        (INTEGER y)))))

And indeed looks like that:

$ dumpasn1 ljpub
   0  438: SEQUENCE {
   4  299:   SEQUENCE {
   8    7:     OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
  17  286:     SEQUENCE {
  21  129:       INTEGER
         :         00 DB A1 8F 0F C6 22 29 57 36 EB E7 7F DA B7 CA
         :         09 F5 5D 2C F3 46 DA A5 DC 1A 6C 59 24 55 C1 70
         :         34 E4 6F DD F6 91 01 20 7D F9 00 31 10 E8 5D 37
         :         E5 FF 3C 39 FB 99 61 19 54 66 DE 99 C7 9A B8 45
         :         E0 38 29 75 9D 00 86 80 B2 70 DE 9B DB CD 60 93
         :         3E 3B 6C 8A E6 C8 7A C9 80 BA 02 70 E7 FB 3C 74
         :         81 4C AB F6 7A 57 BA 7D A7 7D 07 2B AD 74 F8 6F
         :         6F D0 D6 60 33 6B 04 D7 AB 9D 69 08 06 83 54 80
         :                 [ Another 1 bytes skipped ]
 153   21:       INTEGER
         :         00 EB 5D 7F 21 DB 8D 09 4A 11 C8 4E 1A E0 36 79
         :         8D 45 1F 1A 55
 176  128:       INTEGER
         :         6D 14 81 E6 DF 1C 13 B3 35 95 C9 6C EB 62 91 3A
         :         23 B3 C6 92 03 BA 6C 74 CB C8 7E 27 82 61 5B 84
         :         BB 77 CC 28 F9 2B 38 BD 89 F4 5B F7 4E 82 4A D0
         :         2C 09 00 07 EB 1E 41 28 6C 9B AB A8 43 F0 9A 89
         :         93 49 1A 43 C0 A9 1D A0 A3 5D C1 4B 02 36 8D C4
         :         7E 69 1D FB 5F 62 AD C5 F3 06 94 91 E0 30 BE D2
         :         10 A4 42 F8 50 A6 8B 68 CA 9B 4E 6D CD 17 15 A8
         :         4D C1 19 DA 48 5D 96 01 9B C8 D5 D3 98 3C 4D DE
         :       }
         :     }
 307  132:   BIT STRING, encapsulates {
 311  128:     INTEGER
         :       13 FD 5E 12 E8 46 24 F1 2C F6 E4 BA B5 4C 75 E8
         :       DB 46 F4 1C 7F 01 17 C6 EF AD F7 96 2F 6E A3 EB
         :       32 FE 5F 3C 70 D9 3D AC E8 9A 35 BD 26 E1 7E 5C
         :       99 EA 6A 2E F6 D8 D2 4C DE 71 34 16 CA 58 21 A6
         :       EE 39 63 2C 41 36 97 D3 F8 1B AB 79 F8 82 20 CD
         :       FD D3 16 B9 C0 A5 83 D2 6F BE 47 99 25 42 85 68
         :       9A 7C 39 1F 11 30 75 51 BB B6 04 19 86 AF D0 D6
         :       32 27 12 BD A8 1E 9E CC 4E 59 39 BB 4A A2 6D D5
         :     }
         :   }


Hopefully something in this email proves useful.

- Brad



More information about the yadis mailing list