function test_cryptrand() { // It's possible, but HIGHLY unlikely that a correct // implementation will fail by returning the same number twice $s = Auth_OpenID_CryptUtil::getBytes(32); $t = Auth_OpenID_CryptUtil::getBytes(32); $this->assertEquals(Auth_OpenID::bytes($s), 32); $this->assertEquals(Auth_OpenID::bytes($t), 32); $this->assertFalse($s == $t); }
function OpenID_MemcStore($prefix_part = null) { global $wgMemc, $wgDBname; if (isset($prefix_part)) { $this->prefix = $prefix_part . ':'; } $auth_key = Auth_OpenID_CryptUtil::randomString($this->AUTH_KEY_LEN); $k = $this->_authKeyKey(); $res = $wgMemc->add($k, $auth_key); }
function Auth_OpenID_mkNonce($when = null) { // Generate a nonce with the current timestamp $salt = Auth_OpenID_CryptUtil::randomString(6, Auth_OpenID_Nonce_CHRS); if ($when === null) { $when = gmmktime(); } $time_str = gmstrftime(Auth_OpenID_Nonce_TIME_FMT, $when); return $time_str . $salt; }
function Auth_OpenID_mkNonce($when = null) { // Generate a nonce with the current timestamp $salt = Auth_OpenID_CryptUtil::randomString(6, Auth_OpenID_Nonce_CHRS); if ($when === null) { // It's safe to call time() with no arguments; it returns a // GMT unix timestamp on PHP 4 and PHP 5. gmmktime() with no // args returns a local unix timestamp on PHP 4, so don't use // that. $when = time(); } $time_str = gmstrftime(Auth_OpenID_Nonce_TIME_FMT, $when); return $time_str . $salt; }
/** * Produce a string of length random bytes, chosen from chrs. If * $chrs is null, the resulting string may contain any characters. * * @param integer $length The length of the resulting * randomly-generated string * @param string $chrs A string of characters from which to choose * to build the new string * @return string $result A string of randomly-chosen characters * from $chrs */ function randomString($length, $population = null) { if ($population === null) { return Auth_OpenID_CryptUtil::getBytes($length); } $popsize = strlen($population); if ($popsize > 256) { $msg = 'More than 256 characters supplied to ' . __FUNCTION__; trigger_error($msg, E_USER_ERROR); } $duplicate = 256 % $popsize; $str = ""; for ($i = 0; $i < $length; $i++) { do { $n = ord(Auth_OpenID_CryptUtil::getBytes(1)); } while ($n < $duplicate); $n %= $popsize; $str .= $population[$n]; } return $str; }
/** * Make a new association. */ function createAssociation($dumb = true, $assoc_type = 'HMAC-SHA1') { $secret = Auth_OpenID_CryptUtil::getBytes( Auth_OpenID_getSecretSize($assoc_type)); $uniq = base64_encode(Auth_OpenID_CryptUtil::getBytes(4)); $handle = sprintf('{%s}{%x}{%s}', $assoc_type, intval(time()), $uniq); $assoc = Auth_OpenID_Association::fromExpiresIn( $this->SECRET_LIFETIME, $handle, $secret, $assoc_type); if ($dumb) { $key = $this->dumb_key; } else { $key = $this->normal_key; } $this->store->storeAssociation($key, $assoc); return $assoc; }
/** * Returns a random number in the specified range. This function * accepts $start, $stop, and $step values of arbitrary magnitude * and will utilize the local large-number math library when * available. * * @param integer $start The start of the range, or the minimum * random number to return * @param integer $stop The end of the range, or the maximum * random number to return * @param integer $step The step size, such that $result - ($step * * N) = $start for some N * @return integer $result The resulting randomly-generated number */ function rand($stop) { static $duplicate_cache = array(); // Used as the key for the duplicate cache $rbytes = $this->longToBinary($stop); if (array_key_exists($rbytes, $duplicate_cache)) { list($duplicate, $nbytes) = $duplicate_cache[$rbytes]; } else { if ($rbytes[0] == "") { $nbytes = Auth_OpenID::bytes($rbytes) - 1; } else { $nbytes = Auth_OpenID::bytes($rbytes); } $mxrand = $this->pow(256, $nbytes); // If we get a number less than this, then it is in the // duplicated range. $duplicate = $this->mod($mxrand, $stop); if (count($duplicate_cache) > 10) { $duplicate_cache = array(); } $duplicate_cache[$rbytes] = array($duplicate, $nbytes); } do { $bytes = "" . Auth_OpenID_CryptUtil::getBytes($nbytes); $n = $this->binaryToLong($bytes); // Keep looping if this value is in the low duplicated range } while ($this->cmp($n, $duplicate) < 0); return $this->mod($n, $stop); }
/** * util function: current nonce */ private static function generate_nonce() { $mt = microtime(); $rand = mt_rand(); $md5 = md5($mt . $rand); $r = Auth_OpenID_CryptUtil::randomString(32,"abcdef01234567890"); //print '<h1>microtime:: '.$mt.' random:: '.$rand.' md5:: '.$md5.'</h1>'; return $r;// md5s look nicer than numbers }
/** * Generates an association with the specified parameters. */ function genAssoc($now, $issued = 0, $lifetime = 600) { $sec = Auth_OpenID_CryptUtil::randomString(20); $hdl = Auth_OpenID_CryptUtil::randomString(128, $this->allowed_handle); return new Auth_OpenID_Association($hdl, $sec, $now + $issued, $lifetime, 'HMAC-SHA1'); }
function setUp() { // Pre-compute DH with small prime so tests run quickly. $this->server_dh = new Auth_OpenID_DiffieHellman(100389557, 2); $this->consumer_dh = new Auth_OpenID_DiffieHellman(100389557, 2); $lib =& Auth_OpenID_getMathLib(); $cls = $this->session_cls; $this->consumer_session = new $cls($this->consumer_dh); // base64(btwoc(g ^ xb mod p)) $this->dh_server_public = $lib->longToBase64($this->server_dh->public); $this->secret = Auth_OpenID_CryptUtil::randomString($this->consumer_session->secret_size); $this->enc_mac_key = base64_encode($this->server_dh->xorSecret($this->consumer_dh->public, $this->secret, $this->consumer_session->hash_func)); $this->msg = new Auth_OpenID_Message($this->message_namespace); }
/** * Confirm that the signature of these fields matches the * signature contained in the data. * * @access private */ function checkMessageSignature($message) { $sig = $message->getArg(Auth_OpenID_OPENID_NS, 'sig'); if (!$sig || Auth_OpenID::isFailure($sig)) { return false; } $calculated_sig = $this->getMessageSignature($message); return Auth_OpenID_CryptUtil::constEq($calculated_sig, $sig); }
/** * @access private */ function _createNonce() { $nonce = Auth_OpenID_CryptUtil::randomString($this->nonce_len, $this->nonce_chrs); $this->store->storeNonce($nonce); return $nonce; }
function getAuthKey() { $value = $this->_get_auth(); if (!$value) { $auth_key = Auth_OpenID_CryptUtil::randomString($this->AUTH_KEY_LEN); $auth_key_s = $this->blobEncode($auth_key); $this->_create_auth($auth_key_s); } else { $auth_key_s = $value; $auth_key = $this->blobDecode($auth_key_s); } $this->connection->commit(); if (strlen($auth_key) != $this->AUTH_KEY_LEN) { $fmt = "Expected %d-byte string for auth key. Got key of length %d"; trigger_error(sprintf($fmt, $this->AUTH_KEY_LEN, strlen($auth_key)), E_USER_WARNING); return null; } return $auth_key; }
/** * Confirm that the signature of these fields matches the * signature contained in the data. * * @access private */ function checkMessageSignature($message) { // var_dump($message); // var_dump("--------------------------"); //var_dump(Auth_OpenID_OPENID_NS); $sig = $message->getArg(Auth_OpenID_OPENID_NS, 'sig'); // var_dump($sig); // var_dump("*************************"); if (!$sig || Auth_OpenID::isFailure($sig)) { return false; } //file_put_contents("log.txt","sig: ". $sig . "\n", FILE_APPEND); $calculated_sig = $this->getMessageSignature($message); // file_put_contents("log.txt", "cal_sig: " . $calculated_sig . "\n", FILE_APPEND); // file_put_contents("log.txt", Auth_OpenID_CryptUtil::constEq($calculated_sig, $sig) . "\n", FILE_APPEND); return Auth_OpenID_CryptUtil::constEq($calculated_sig, $sig); }
/** * Generate a new random auth key and safely store it in the * location specified by $this->auth_key_name. * * @return string $key */ function createAuthKey() { if (!$this->active) { trigger_error("FileStore no longer active", E_USER_ERROR); return null; } $auth_key = Auth_OpenID_CryptUtil::randomString($this->AUTH_KEY_LEN); list($file_obj, $tmp) = $this->_mktemp(); fwrite($file_obj, $auth_key); fflush($file_obj); fclose($file_obj); if (function_exists('link')) { // Posix filesystem $saved = link($tmp, $this->auth_key_name); Auth_OpenID_FileStore::_removeIfPresent($tmp); } else { // Windows filesystem $saved = rename($tmp, $this->auth_key_name); } if (!$saved) { // The link failed, either because we lack the permission, // or because the file already exists; try to read the key // in case the file already existed. $auth_key = $this->readAuthKey(); } return $auth_key; }