Compare to how Java's BigInteger adds a leading zero byte to <div>make sure 2s complement form is always positive. Perhaps</div><div>CF is similar?</div><div><br></div><div>At any rate, this is a can o' worms. Perhaps this can be of value, or further</div>
<div>cause confusion (even though it is an ASN.1 class, there is bit of explaining</div><div>text + code related to this problem): </div><div><a href="https://svn.apache.org/repos/asf/incubator/tsik/trunk/src/org/apache/tsik/xmlsig/Asn1.java">https://svn.apache.org/repos/asf/incubator/tsik/trunk/src/org/apache/tsik/xmlsig/Asn1.java</a></div>
<div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: Times; "><pre style="white-space: pre-wrap; "><span class="Apple-style-span" style="border-collapse: separate; font-family: arial; font-size: 13px; white-space: normal;"><br>
</span></pre><pre style="white-space: pre-wrap; "><span class="Apple-style-span" style="border-collapse: separate; font-family: arial; font-size: 13px; white-space: normal; ">On Thu, Nov 13, 2008 at 9:22 AM, Breno de Medeiros <span dir="ltr"><<a href="mailto:breno@google.com">breno@google.com</a>></span> wrote:</span><br>
</pre></span><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="Ih2E3d">On Thu, Nov 13, 2008 at 9:08 AM, Breno de Medeiros <<a href="mailto:breno@google.com">breno@google.com</a>> wrote:<br>
> See<br>
><br>
> ==quote<br>
> 4.2. Integer Representations<br>
><br>
> Arbitrary precision integers MUST be encoded as big-endian signed<br>
> two's complement binary strings. Henceforth, "btwoc" is a function<br>
> that takes an arbitrary precision integer and returns its shortest<br>
> big-endian two's complement representation. All integers that are used<br>
> with Diffie-Hellman Key Exchange are positive. This means that the<br>
> left-most bit of the two's complement representation MUST be zero. If<br>
> it is not, implementations MUST add a zero byte at the front of the<br>
> string.<br>
> ==/quote<br>
><br>
> This applies, for instance, to the nonce.<br>
<br>
</div>Sorry, that is not true. It does not apply to the nonce, but it would<br>
cause you to interpret the "server_public" value incorrectly, and<br>
compute the wrong mac key 50% of the time.<br>
<div><div></div><div class="Wj3C7c"><br>
><br>
><br>
><br>
> On Thu, Nov 13, 2008 at 9:04 AM, Richard Davies<br>
> <<a href="mailto:richard@richarddavies.us">richard@richarddavies.us</a>> wrote:<br>
>> I'm not sure... could you please elaborate on what I need to do in<br>
>> regards to handling signed types correctly. Thanks.<br>
>><br>
>> On Nov 13, 8:50 am, Breno de Medeiros <<a href="mailto:br...@google.com">br...@google.com</a>> wrote:<br>
>>> Are you handling signed types correctly? This would cause a 50/50 error rate.<br>
>> _______________________________________________<br>
>> general mailing list<br>
>> <a href="mailto:general@openid.net">general@openid.net</a><br>
>> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
>><br>
><br>
><br>
><br>
> --<br>
> --Breno<br>
><br>
> +1 (650) 214-1007 desk<br>
> +1 (408) 212-0135 (Grand Central)<br>
> MTV-41-3 : 383-A<br>
> PST (GMT-8) / PDT(GMT-7)<br>
><br>
<br>
<br>
<br>
--<br>
--Breno<br>
<br>
+1 (650) 214-1007 desk<br>
+1 (408) 212-0135 (Grand Central)<br>
MTV-41-3 : 383-A<br>
PST (GMT-8) / PDT(GMT-7)<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br></div></div>