Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Issues with computing shared secret of Diffie Hellman key for OpenID

I'm attempting to create a stateful library for OpenID to be used as a Wordpress plugin, I'm running into a issue when I attempt to compute the secret value using the openssl function openssl_dh_compute_key. Curious if anyone has some steps I could try, hints, etc...

Thanks!

The constants...

const DH_DEFAULT_PRIME = "dcf93a0b883972ec0e19989ac5a2ce310e1d37717e8d9571bb7623731866e61ef75a2e27898b057f9891c2e27a639c3f29b60814581cd3b2ca3986d2683705577d45c2e7e52dc81c7a171876e5cea74b1448bfdfaf18828efd2519f14e45e3826634af1949e5b535cc829a483b8a76223e5d490a257f05bdff16f2fb22c583ab";
const DH_DEFAULT_GENERATOR = '02';

Creating my Diffie-Hellman key

private function createDHKey($priv_key = false) {
    if (!$priv_key) {
        $details = array();
        $details['p'] = pack('H*', self::DH_DEFAULT_PRIME);
        $details['g'] = pack('H*', self::DH_DEFAULT_GENERATOR);
        $this->dh = openssl_pkey_new(array(
            'dh' => $details,
        ));
        if ($this->dh) {
            return true;
        } else {
            error('OpenSSL failed to export your private key, ensure you have a valid configuration file, and PHP can find it.');
        }
    } else {
        $this->dh = openssl_pkey_get_private($priv_key);
        return false;
    }
}

First run of function

Recalling exported private key

The Ag== at the button of both images is the base64 encoded value of dh['g'].

I then save the generated private key into a database to persist, which allows me to later re-create the key via the openssl_pkey_get_private function.

However, taking the returned openid.dh_server_public from the association request, and passing it, and my key re-created from the private key results in a false for

var_dump(openssl_dh_compute_key($this->op_pubkey, $this->dh));
like image 804
Jamie Avatar asked Oct 07 '22 12:10

Jamie


1 Answers

Alright, well you know what they say about coming back to a problem later. All of my "personal" code was fine, it was a misunderstanding of what the openssl_dh_compute_key was expecting for the public key, and how the OP's public key is passed...

dh_server_public
   Value: base64(btwoc(g ^ xb mod p))
   Description: The OP's Diffie-Hellman public key.

So, when I re-read that for the 4th or 5th time it finally clicked.

"Hey, if my key is in binary form, I bet the openssl function is expecting binary.."

So, the additional missing step ended up being base64 decoding...

openssl_dh_compute_key(base64_decode($this->op_pubkey), $this->dh);
like image 182
Jamie Avatar answered Oct 13 '22 01:10

Jamie