Brad Fitzpatrick (brad) wrote,
Brad Fitzpatrick
brad

DSA and OpenID

Since OpenID depends on DSA, I'm learning the state of the DSA perl modules pretty well. I'm making my Net::OpenID::* modules depend not on a particular module, but on the presence of any of:

openssl binary -- kinda lame from Perl, having to fork, but most people have it.

Crypt::DSA -- Ben's module. Used to be a bitch to install because of the PARI dependency, but somebody else got frustrated with how hard it was to use Crypt::DSA and wrote a fake Math::Pari interface in pure perl using Math::BigInt, which Ben then merged. The only remaining part not coverted was primality testing, which wasn't working in Pure Perl. Lot of debugging and code lifting later, I got Ben a version that worked in pure Perl, but was just pretty damn slow at generating new keys. (primality testing was slow) So instead I just fork off to openssl, if found, to generate the DSA params unless the PurePerl => 1 option is given. I also sent Ben a patch to read a PEM key from a scalar, rather than from disk, but Convert::PEM will only parse the ASN1 schema for DSAPrivateKeys, not the public key one. I read the openssl souce and found the ASN1 schema for public keys, but it appears it's a union on one of two formats, and I'm not quite sure yet how to deal with that in Convert::ASN1. Later.

Crypt::OpenSSL::DSA -- my module of choice, since it's so damn simple to install, and fast, since it uses the openssl libraries. But supersat found it was sometimes generating bogus signatures that only it would verify because it used strlen() instead of the Perl SV* macros to get at the length of a buffer. And sha1() produces 20 byte digests with nulls. So here's a patch for that which I sent off to the author, complete with more tests to validate both null-embedded and regular digests against the openssl binaries.

Fun, fun.

And all this before I can actually get real work done. That said, I got out a first draft of Net::OpenID::Consumer last night. [release announcement]
Tags: openid, perl, tech
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 7 comments