function Auth_OpenID_DiffieHellman($mod = null, $gen = null,
$private = null, $lib = null)
{
if ($lib === null) {
$this->lib =& Auth_OpenID_getMathLib();
} else {
$this->lib =& $lib;
}
if ($mod === null) {
$this->mod = $this->lib->init(Auth_OpenID_getDefaultMod());
} else {
$this->mod = $mod;
}
if ($gen === null) {
$this->gen = $this->lib->init(Auth_OpenID_getDefaultGen());
} else {
$this->gen = $gen;
}
if ($private === null) {
$r = $this->lib->rand($this->mod);
$this->private = $this->lib->add($r, 1);
} else {
$this->private = $private;
}
$this->public = $this->lib->powmod($this->gen, $this->private,
$this->mod);
}
function runTest()
{
$lib =& Auth_OpenID_getMathLib();
$shared = $lib->init($this->shared);
$dh1 = new Auth_OpenID_DiffieHellman(null, null, $this->p1);
$dh2 = new Auth_OpenID_DiffieHellman(null, null, $this->p2);
$sh1 = $dh1->getSharedSecret($dh2->getPublicKey());
$sh2 = $dh2->getSharedSecret($dh1->getPublicKey());
$this->assertEquals($lib->cmp($shared, $sh1), 0);
$this->assertEquals($lib->cmp($shared, $sh2), 0);
}
function answer($secret)
{
$lib =& Auth_OpenID_getMathLib();
$mac_key = $this->dh->xorSecret($this->consumer_pubkey, $secret,
$this->hash_func);
return array(
'dh_server_public' =>
$lib->longToBase64($this->dh->public),
'enc_mac_key' => base64_encode($mac_key));
}
/**
* Perform the server side of the OpenID Diffie-Hellman association
*/
function serverAssociate($consumer_args, $assoc_secret)
{
$lib =& Auth_OpenID_getMathLib();
if (isset($consumer_args['openid.dh_modulus'])) {
$mod = $lib->base64ToLong($consumer_args['openid.dh_modulus']);
} else {
$mod = null;
}
if (isset($consumer_args['openid.dh_gen'])) {
$gen = $lib->base64ToLong($consumer_args['openid.dh_gen']);
} else {
$gen = null;
}
$cpub64 = @$consumer_args['openid.dh_consumer_public'];
if (!isset($cpub64)) {
return false;
}
$dh = new Auth_OpenID_DiffieHellman($mod, $gen);
$cpub = $lib->base64ToLong($cpub64);
$mac_key = $dh->xorSecret($cpub, $assoc_secret);
$enc_mac_key = base64_encode($mac_key);
$spub64 = $lib->longToBase64($dh->getPublicKey());
$server_args = array('session_type' => 'DH-SHA1', 'dh_server_public' => $spub64, 'enc_mac_key' => $enc_mac_key);
return $server_args;
}
function extractSecret($response)
{
if (!$response->hasKey(Auth_OpenID_OPENID_NS, 'dh_server_public')) {
return null;
}
if (!$response->hasKey(Auth_OpenID_OPENID_NS, 'enc_mac_key')) {
return null;
}
$math = Auth_OpenID_getMathLib();
$spub = $math->base64ToLong($response->getArg(Auth_OpenID_OPENID_NS, 'dh_server_public'));
$enc_mac_key = base64_decode($response->getArg(Auth_OpenID_OPENID_NS, 'enc_mac_key'));
return $this->dh->xorSecret($spub, $enc_mac_key, $this->hash_func);
}
function answer($assoc)
{
$ml =& Auth_OpenID_getMathLib();
$response = new Auth_OpenID_ServerResponse($this);
$response->fields = array('expires_in' => $assoc->getExpiresIn(), 'assoc_type' => 'HMAC-SHA1', 'assoc_handle' => $assoc->handle);
$r = $this->session->answer($assoc->secret);
foreach ($r as $k => $v) {
$response->fields[$k] = $v;
}
if ($this->session->session_type != 'plaintext') {
$response->fields['session_type'] = $this->session->session_type;
}
return $response;
}
function Auth_OpenID_include_init()
{
if (Auth_OpenID_getMathLib() === null) {
Auth_OpenID_setNoMathSupport();
}
}
/**
* Status code returned when there were no OpenID arguments
* passed. This code indicates that the caller should return a 200 OK
* response and display an HTML page that says that this is an OpenID
* server endpoint.
*
* @see Auth_OpenID_Server
*/
define('Auth_OpenID_DO_ABOUT', 'do_about');
/**
* Defines for regexes and format checking.
*/
define('Auth_OpenID_letters', "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
define('Auth_OpenID_digits', "0123456789");
define('Auth_OpenID_punct', "!\"#\$%&'()*+,-./:;<=>?@[\\]^_`{|}~");
if (Auth_OpenID_getMathLib() === null) {
Auth_OpenID_setNoMathSupport();
}
/**
* The OpenID utility function class.
*
* @package OpenID
* @access private
*/
class Auth_OpenID
{
/**
* Return true if $thing is an Auth_OpenID_FailureResponse object;
* false if not.
*
* @access private
function setUp()
{
// Pre-compute DH with small prime so tests run quickly.
$this->server_dh = new Auth_OpenID_DiffieHellman(100389557, 2);
$this->consumer_dh = new Auth_OpenID_DiffieHellman(100389557, 2);
$lib =& Auth_OpenID_getMathLib();
$cls = $this->session_cls;
$this->consumer_session = new $cls($this->consumer_dh);
// base64(btwoc(g ^ xb mod p))
$this->dh_server_public = $lib->longToBase64($this->server_dh->public);
$this->secret = Auth_OpenID_CryptUtil::randomString($this->consumer_session->secret_size);
$this->enc_mac_key = base64_encode($this->server_dh->xorSecret($this->consumer_dh->public, $this->secret, $this->consumer_session->hash_func));
$this->msg = new Auth_OpenID_Message($this->message_namespace);
}
function test_dh()
{
if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) {
$dh = new Auth_OpenID_DiffieHellman();
$ml =& Auth_OpenID_getMathLib();
$cpub = $dh->public;
$session = new Auth_OpenID_DiffieHellmanServerSession(new Auth_OpenID_DiffieHellman(), $cpub);
$this->request = new Auth_OpenID_AssociateRequest($session);
$response = $this->request->answer($this->assoc);
$this->assertEquals(Auth_OpenID::arrayGet($response->fields, "assoc_type"), "HMAC-SHA1");
$this->assertEquals(Auth_OpenID::arrayGet($response->fields, "assoc_handle"), $this->assoc->handle);
$this->assertFalse(Auth_OpenID::arrayGet($response->fields, "mac_key"));
$this->assertEquals(Auth_OpenID::arrayGet($response->fields, "session_type"), "DH-SHA1");
$this->assertTrue(Auth_OpenID::arrayGet($response->fields, "enc_mac_key"));
$this->assertTrue(Auth_OpenID::arrayGet($response->fields, "dh_server_public"));
$enc_key = base64_decode(Auth_OpenID::arrayGet($response->fields, "enc_mac_key"));
$spub = $ml->base64ToLong(Auth_OpenID::arrayGet($response->fields, "dh_server_public"));
$secret = $dh->xorSecret($spub, $enc_key);
$this->assertEquals($secret, $this->assoc->secret);
}
}
function extractSecret($response)
{
if (!array_key_exists('dh_server_public', $response)) {
return null;
}
if (!array_key_exists('enc_mac_key', $response)) {
return null;
}
$math =& Auth_OpenID_getMathLib();
$spub = $math->base64ToLong($response['dh_server_public']);
$enc_mac_key = base64_decode($response['enc_mac_key']);
return $this->dh->xorSecret($spub, $enc_mac_key);
}
/**
* Status code returned when there were no OpenID arguments
* passed. This code indicates that the caller should return a 200 OK
* response and display an HTML page that says that this is an OpenID
* server endpoint.
*
* @see Auth_OpenID_Server
*/
define('Auth_OpenID_DO_ABOUT', 'do_about');
/**
* Defines for regexes and format checking.
*/
define('Auth_OpenID_letters', "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
define('Auth_OpenID_digits', "0123456789");
define('Auth_OpenID_punct', "!\"#\$%&'()*+,-./:;<=>?@[\\]^_`{|}~");
if (Auth_OpenID_getMathLib() === null && !defined('Auth_OpenID_NO_MATH_SUPPORT')) {
define('Auth_OpenID_NO_MATH_SUPPORT', true);
}
/**
* The OpenID utility function class.
*
* @package OpenID
* @access private
*/
class Auth_OpenID
{
/**
* Return true if $thing is an Auth_OpenID_FailureResponse object;
* false if not.
*
* @access private
function test_dhSHA256()
{
if (defined('Auth_OpenID_NO_MATH_SUPPORT') || !Auth_OpenID_SHA256_SUPPORTED) {
print "(Skipping test_dhSHA256)";
return;
}
$this->assoc = $this->signatory->createAssociation(false, 'HMAC-SHA256');
$consumer_dh = new Auth_OpenID_DiffieHellman();
$cpub = $consumer_dh->public;
$server_dh = new Auth_OpenID_DiffieHellman();
$session = new Auth_OpenID_DiffieHellmanSHA256ServerSession($server_dh, $cpub);
$this->request = new Auth_OpenID_AssociateRequest($session, 'HMAC-SHA256');
$response = $this->request->answer($this->assoc);
$this->assertFalse($response->fields->getArg(Auth_OpenID_OPENID_NS, "mac_key"));
$this->assertTrue($response->fields->getArg(Auth_OpenID_OPENID_NS, "enc_mac_key"));
$this->assertTrue($response->fields->getArg(Auth_OpenID_OPENID_NS, "dh_server_public"));
$fields = array('assoc_type' => 'HMAC-SHA256', 'assoc_handle' => $this->assoc->handle, 'session_type' => 'DH-SHA256');
foreach ($fields as $k => $v) {
$this->assertEquals($response->fields->getArg(Auth_OpenID_OPENID_NS, $k), $v);
}
$enc_key = base64_decode($response->fields->getArg(Auth_OpenID_OPENID_NS, "enc_mac_key"));
$lib =& Auth_OpenID_getMathLib();
$spub = $lib->base64ToLong($response->fields->getArg(Auth_OpenID_OPENID_NS, "dh_server_public"));
$secret = $consumer_dh->xorSecret($spub, $enc_key, 'Auth_OpenID_SHA256');
$s = base64_encode($secret);
$assoc_s = base64_encode($this->assoc->secret);
$this->assertEquals($s, $assoc_s);
}
function Tests_Auth_OpenID_BigMath($name)
{
$this->setName($name);
if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) {
$this->addTestSuite('Tests_Auth_OpenID_BigInt');
$this->_addB64Tests();
$this->_addBinLongTests();
$test = new Tests_Auth_OpenID_Rand(Auth_OpenID_getMathLib());
$test->setName('Big number rand');
$this->addTest($test);
}
}
