[OpenID] Random failures when validating signatures

Shane B Weeden sweeden at au1.ibm.com
Fri Nov 14 00:37:46 UTC 2008


I had two bugs in my Java implementation early on with the same symptom.

One was to do with BigInteger.xor returning a negative (so for some of the 
data types I switched to byte[] and did thing manually).

The other was more subtle. When generating a random private key dor my 
association "y", I wasn't always making sure that:

1 <= y < p-1

This was much harder to track down. (see 
http://openid.net/specs/openid-authentication-1_1.html section 4.1.3)

Hope this helps.

Regards,
Shane.





Breno de Medeiros <breno at google.com> 
Sent by: general-bounces at openid.net
14/11/2008 10:09 AM

To
Richard Davies <richard at richarddavies.us>
cc
general at openid.net
Subject
Re: [OpenID] Random failures when validating signatures






I would introduce tests to ensure that the BigIntegers are positive
everywhere, just to make sure.

On Thu, Nov 13, 2008 at 4:06 PM, Richard Davies
<richard at richarddavies.us> wrote:
> On Nov 13, 9:30 am, Richard Davies <rich... at richarddavies.us> wrote:
>> Oh. Good suggestion. I have a btwoc() function to convert my integers
>> into strings, but I don't think I was paying particular attention to
>> how I was "unbtwoc()" the server_public value. I'll take a look at
>> that. Thanks.
>
> I'm using Java BigIntegers to store my numbers. As far as I can tell,
> it looks like this class stores them internally in the same format
> that btwoc() produces. In other words, the BigInteger.toByteArray()
> method seems to be equivalent to btwoc(). And when I create a
> BigInteger from a byte array (such as the server_public value), it
> correctly accounts for the leading 0 byte to make the number positive.
> So, as far as I can tell, I am handling the signed numbers correctly
> because BigInteger handles those details for me behind the scenes.
>
> So I'm back to square one. About half of the time, it's reporting that
> the signature is invalid and I'm not where where I'm messing up in the
> validation process. I still think it may be a character encoding
> issue, but I'm not sure. Any other suggestions?
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>



-- 
--Breno

+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081114/f7802adc/attachment-0002.htm>


More information about the general mailing list