[OpenID] Random failures when validating signatures
Hans Granqvist
hans at granqvist.com
Thu Nov 13 17:29:40 UTC 2008
Compare to how Java's BigInteger adds a leading zero byte to make sure 2s
complement form is always positive. Perhaps
CF is similar?
At any rate, this is a can o' worms. Perhaps this can be of value, or
further
cause confusion (even though it is an ASN.1 class, there is bit of
explaining
text + code related to this problem):
https://svn.apache.org/repos/asf/incubator/tsik/trunk/src/org/apache/tsik/xmlsig/Asn1.java
On Thu, Nov 13, 2008 at 9:22 AM, Breno de Medeiros <breno at google.com> wrote:
On Thu, Nov 13, 2008 at 9:08 AM, Breno de Medeiros <breno at google.com> wrote:
> > See
> >
> > ==quote
> > 4.2. Integer Representations
> >
> > Arbitrary precision integers MUST be encoded as big-endian signed
> > two's complement binary strings. Henceforth, "btwoc" is a function
> > that takes an arbitrary precision integer and returns its shortest
> > big-endian two's complement representation. All integers that are used
> > with Diffie-Hellman Key Exchange are positive. This means that the
> > left-most bit of the two's complement representation MUST be zero. If
> > it is not, implementations MUST add a zero byte at the front of the
> > string.
> > ==/quote
> >
> > This applies, for instance, to the nonce.
>
> Sorry, that is not true. It does not apply to the nonce, but it would
> cause you to interpret the "server_public" value incorrectly, and
> compute the wrong mac key 50% of the time.
>
> >
> >
> >
> > On Thu, Nov 13, 2008 at 9:04 AM, Richard Davies
> > <richard at richarddavies.us> wrote:
> >> I'm not sure... could you please elaborate on what I need to do in
> >> regards to handling signed types correctly. Thanks.
> >>
> >> On Nov 13, 8:50 am, Breno de Medeiros <br... at google.com> wrote:
> >>> Are you handling signed types correctly? This would cause a 50/50 error
> rate.
> >> _______________________________________________
> >> general mailing list
> >> general at openid.net
> >> http://openid.net/mailman/listinfo/general
> >>
> >
> >
> >
> > --
> > --Breno
> >
> > +1 (650) 214-1007 desk
> > +1 (408) 212-0135 (Grand Central)
> > MTV-41-3 : 383-A
> > PST (GMT-8) / PDT(GMT-7)
> >
>
>
>
> --
> --Breno
>
> +1 (650) 214-1007 desk
> +1 (408) 212-0135 (Grand Central)
> MTV-41-3 : 383-A
> PST (GMT-8) / PDT(GMT-7)
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081113/b648beda/attachment-0002.htm>
More information about the general
mailing list