function test_cryptrand()
{
// It's possible, but HIGHLY unlikely that a correct
// implementation will fail by returning the same number twice
$s = Auth_OpenID_CryptUtil::getBytes(32);
$t = Auth_OpenID_CryptUtil::getBytes(32);
$this->assertEquals(Auth_OpenID::bytes($s), 32);
$this->assertEquals(Auth_OpenID::bytes($t), 32);
$this->assertFalse($s == $t);
}
function OpenID_MemcStore($prefix_part = null)
{
global $wgMemc, $wgDBname;
if (isset($prefix_part)) {
$this->prefix = $prefix_part . ':';
}
$auth_key = Auth_OpenID_CryptUtil::randomString($this->AUTH_KEY_LEN);
$k = $this->_authKeyKey();
$res = $wgMemc->add($k, $auth_key);
}
function Auth_OpenID_mkNonce($when = null)
{
// Generate a nonce with the current timestamp
$salt = Auth_OpenID_CryptUtil::randomString(6, Auth_OpenID_Nonce_CHRS);
if ($when === null) {
$when = gmmktime();
}
$time_str = gmstrftime(Auth_OpenID_Nonce_TIME_FMT, $when);
return $time_str . $salt;
}
function Auth_OpenID_mkNonce($when = null)
{
// Generate a nonce with the current timestamp
$salt = Auth_OpenID_CryptUtil::randomString(6, Auth_OpenID_Nonce_CHRS);
if ($when === null) {
// It's safe to call time() with no arguments; it returns a
// GMT unix timestamp on PHP 4 and PHP 5. gmmktime() with no
// args returns a local unix timestamp on PHP 4, so don't use
// that.
$when = time();
}
$time_str = gmstrftime(Auth_OpenID_Nonce_TIME_FMT, $when);
return $time_str . $salt;
}
/**
* Produce a string of length random bytes, chosen from chrs. If
* $chrs is null, the resulting string may contain any characters.
*
* @param integer $length The length of the resulting
* randomly-generated string
* @param string $chrs A string of characters from which to choose
* to build the new string
* @return string $result A string of randomly-chosen characters
* from $chrs
*/
function randomString($length, $population = null)
{
if ($population === null) {
return Auth_OpenID_CryptUtil::getBytes($length);
}
$popsize = strlen($population);
if ($popsize > 256) {
$msg = 'More than 256 characters supplied to ' . __FUNCTION__;
trigger_error($msg, E_USER_ERROR);
}
$duplicate = 256 % $popsize;
$str = "";
for ($i = 0; $i < $length; $i++) {
do {
$n = ord(Auth_OpenID_CryptUtil::getBytes(1));
} while ($n < $duplicate);
$n %= $popsize;
$str .= $population[$n];
}
return $str;
}
/**
* Make a new association.
*/
function createAssociation($dumb = true, $assoc_type = 'HMAC-SHA1')
{
$secret = Auth_OpenID_CryptUtil::getBytes(
Auth_OpenID_getSecretSize($assoc_type));
$uniq = base64_encode(Auth_OpenID_CryptUtil::getBytes(4));
$handle = sprintf('{%s}{%x}{%s}', $assoc_type, intval(time()), $uniq);
$assoc = Auth_OpenID_Association::fromExpiresIn(
$this->SECRET_LIFETIME, $handle, $secret, $assoc_type);
if ($dumb) {
$key = $this->dumb_key;
} else {
$key = $this->normal_key;
}
$this->store->storeAssociation($key, $assoc);
return $assoc;
}
/**
* Returns a random number in the specified range. This function
* accepts $start, $stop, and $step values of arbitrary magnitude
* and will utilize the local large-number math library when
* available.
*
* @param integer $start The start of the range, or the minimum
* random number to return
* @param integer $stop The end of the range, or the maximum
* random number to return
* @param integer $step The step size, such that $result - ($step
* * N) = $start for some N
* @return integer $result The resulting randomly-generated number
*/
function rand($stop)
{
static $duplicate_cache = array();
// Used as the key for the duplicate cache
$rbytes = $this->longToBinary($stop);
if (array_key_exists($rbytes, $duplicate_cache)) {
list($duplicate, $nbytes) = $duplicate_cache[$rbytes];
} else {
if ($rbytes[0] == "") {
$nbytes = Auth_OpenID::bytes($rbytes) - 1;
} else {
$nbytes = Auth_OpenID::bytes($rbytes);
}
$mxrand = $this->pow(256, $nbytes);
// If we get a number less than this, then it is in the
// duplicated range.
$duplicate = $this->mod($mxrand, $stop);
if (count($duplicate_cache) > 10) {
$duplicate_cache = array();
}
$duplicate_cache[$rbytes] = array($duplicate, $nbytes);
}
do {
$bytes = "" . Auth_OpenID_CryptUtil::getBytes($nbytes);
$n = $this->binaryToLong($bytes);
// Keep looping if this value is in the low duplicated range
} while ($this->cmp($n, $duplicate) < 0);
return $this->mod($n, $stop);
}
/**
* util function: current nonce
*/
private static function generate_nonce() {
$mt = microtime();
$rand = mt_rand();
$md5 = md5($mt . $rand);
$r = Auth_OpenID_CryptUtil::randomString(32,"abcdef01234567890");
//print '<h1>microtime:: '.$mt.' random:: '.$rand.' md5:: '.$md5.'</h1>';
return $r;// md5s look nicer than numbers
}
/**
* Generates an association with the specified parameters.
*/
function genAssoc($now, $issued = 0, $lifetime = 600)
{
$sec = Auth_OpenID_CryptUtil::randomString(20);
$hdl = Auth_OpenID_CryptUtil::randomString(128, $this->allowed_handle);
return new Auth_OpenID_Association($hdl, $sec, $now + $issued, $lifetime, 'HMAC-SHA1');
}
function setUp()
{
// Pre-compute DH with small prime so tests run quickly.
$this->server_dh = new Auth_OpenID_DiffieHellman(100389557, 2);
$this->consumer_dh = new Auth_OpenID_DiffieHellman(100389557, 2);
$lib =& Auth_OpenID_getMathLib();
$cls = $this->session_cls;
$this->consumer_session = new $cls($this->consumer_dh);
// base64(btwoc(g ^ xb mod p))
$this->dh_server_public = $lib->longToBase64($this->server_dh->public);
$this->secret = Auth_OpenID_CryptUtil::randomString($this->consumer_session->secret_size);
$this->enc_mac_key = base64_encode($this->server_dh->xorSecret($this->consumer_dh->public, $this->secret, $this->consumer_session->hash_func));
$this->msg = new Auth_OpenID_Message($this->message_namespace);
}
/**
* Confirm that the signature of these fields matches the
* signature contained in the data.
*
* @access private
*/
function checkMessageSignature($message)
{
$sig = $message->getArg(Auth_OpenID_OPENID_NS, 'sig');
if (!$sig || Auth_OpenID::isFailure($sig)) {
return false;
}
$calculated_sig = $this->getMessageSignature($message);
return Auth_OpenID_CryptUtil::constEq($calculated_sig, $sig);
}
/**
* @access private
*/
function _createNonce()
{
$nonce = Auth_OpenID_CryptUtil::randomString($this->nonce_len, $this->nonce_chrs);
$this->store->storeNonce($nonce);
return $nonce;
}
function getAuthKey()
{
$value = $this->_get_auth();
if (!$value) {
$auth_key = Auth_OpenID_CryptUtil::randomString($this->AUTH_KEY_LEN);
$auth_key_s = $this->blobEncode($auth_key);
$this->_create_auth($auth_key_s);
} else {
$auth_key_s = $value;
$auth_key = $this->blobDecode($auth_key_s);
}
$this->connection->commit();
if (strlen($auth_key) != $this->AUTH_KEY_LEN) {
$fmt = "Expected %d-byte string for auth key. Got key of length %d";
trigger_error(sprintf($fmt, $this->AUTH_KEY_LEN, strlen($auth_key)), E_USER_WARNING);
return null;
}
return $auth_key;
}
/**
* Confirm that the signature of these fields matches the
* signature contained in the data.
*
* @access private
*/
function checkMessageSignature($message)
{
// var_dump($message);
// var_dump("--------------------------");
//var_dump(Auth_OpenID_OPENID_NS);
$sig = $message->getArg(Auth_OpenID_OPENID_NS, 'sig');
// var_dump($sig);
// var_dump("*************************");
if (!$sig || Auth_OpenID::isFailure($sig)) {
return false;
}
//file_put_contents("log.txt","sig: ". $sig . "\n", FILE_APPEND);
$calculated_sig = $this->getMessageSignature($message);
// file_put_contents("log.txt", "cal_sig: " . $calculated_sig . "\n", FILE_APPEND);
// file_put_contents("log.txt", Auth_OpenID_CryptUtil::constEq($calculated_sig, $sig) . "\n", FILE_APPEND);
return Auth_OpenID_CryptUtil::constEq($calculated_sig, $sig);
}
/**
* Generate a new random auth key and safely store it in the
* location specified by $this->auth_key_name.
*
* @return string $key
*/
function createAuthKey()
{
if (!$this->active) {
trigger_error("FileStore no longer active", E_USER_ERROR);
return null;
}
$auth_key = Auth_OpenID_CryptUtil::randomString($this->AUTH_KEY_LEN);
list($file_obj, $tmp) = $this->_mktemp();
fwrite($file_obj, $auth_key);
fflush($file_obj);
fclose($file_obj);
if (function_exists('link')) {
// Posix filesystem
$saved = link($tmp, $this->auth_key_name);
Auth_OpenID_FileStore::_removeIfPresent($tmp);
} else {
// Windows filesystem
$saved = rename($tmp, $this->auth_key_name);
}
if (!$saved) {
// The link failed, either because we lack the permission,
// or because the file already exists; try to read the key
// in case the file already existed.
$auth_key = $this->readAuthKey();
}
return $auth_key;
}
