I'm attempting to create a stateful library for OpenID to be used as a Wordpress plugin, I'm running into a issue when I attempt to compute the secret value using the openssl function openssl_dh_compute_key. Curious if anyone has some steps I could try, hints, etc...
Thanks!
The constants...
const DH_DEFAULT_PRIME = "dcf93a0b883972ec0e19989ac5a2ce310e1d37717e8d9571bb7623731866e61ef75a2e27898b057f9891c2e27a639c3f29b60814581cd3b2ca3986d2683705577d45c2e7e52dc81c7a171876e5cea74b1448bfdfaf18828efd2519f14e45e3826634af1949e5b535cc829a483b8a76223e5d490a257f05bdff16f2fb22c583ab";
const DH_DEFAULT_GENERATOR = '02';
Creating my Diffie-Hellman key
private function createDHKey($priv_key = false) {
if (!$priv_key) {
$details = array();
$details['p'] = pack('H*', self::DH_DEFAULT_PRIME);
$details['g'] = pack('H*', self::DH_DEFAULT_GENERATOR);
$this->dh = openssl_pkey_new(array(
'dh' => $details,
));
if ($this->dh) {
return true;
} else {
error('OpenSSL failed to export your private key, ensure you have a valid configuration file, and PHP can find it.');
}
} else {
$this->dh = openssl_pkey_get_private($priv_key);
return false;
}
}
The Ag== at the button of both images is the base64 encoded value of dh['g'].
I then save the generated private key into a database to persist, which allows me to later re-create the key via the openssl_pkey_get_private function.
However, taking the returned openid.dh_server_public from the association request, and passing it, and my key re-created from the private key results in a false for
var_dump(openssl_dh_compute_key($this->op_pubkey, $this->dh));
Alright, well you know what they say about coming back to a problem later. All of my "personal" code was fine, it was a misunderstanding of what the openssl_dh_compute_key was expecting for the public key, and how the OP's public key is passed...
dh_server_public
Value: base64(btwoc(g ^ xb mod p))
Description: The OP's Diffie-Hellman public key.
So, when I re-read that for the 4th or 5th time it finally clicked.
"Hey, if my key is in binary form, I bet the openssl function is expecting binary.."
So, the additional missing step ended up being base64 decoding...
openssl_dh_compute_key(base64_decode($this->op_pubkey), $this->dh);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With