function test_dh()
{
if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) {
$dh = new Auth_OpenID_DiffieHellman();
$ml =& Auth_OpenID_getMathLib();
$cpub = $dh->public;
$session = new Auth_OpenID_DiffieHellmanServerSession(new Auth_OpenID_DiffieHellman(), $cpub);
$this->request = new Auth_OpenID_AssociateRequest($session);
$response = $this->request->answer($this->assoc);
$this->assertEquals(Auth_OpenID::arrayGet($response->fields, "assoc_type"), "HMAC-SHA1");
$this->assertEquals(Auth_OpenID::arrayGet($response->fields, "assoc_handle"), $this->assoc->handle);
$this->assertFalse(Auth_OpenID::arrayGet($response->fields, "mac_key"));
$this->assertEquals(Auth_OpenID::arrayGet($response->fields, "session_type"), "DH-SHA1");
$this->assertTrue(Auth_OpenID::arrayGet($response->fields, "enc_mac_key"));
$this->assertTrue(Auth_OpenID::arrayGet($response->fields, "dh_server_public"));
$enc_key = base64_decode(Auth_OpenID::arrayGet($response->fields, "enc_mac_key"));
$spub = $ml->base64ToLong(Auth_OpenID::arrayGet($response->fields, "dh_server_public"));
$secret = $dh->xorSecret($spub, $enc_key);
$this->assertEquals($secret, $this->assoc->secret);
}
}
/**
* Perform the server side of the OpenID Diffie-Hellman association
*/
function serverAssociate($consumer_args, $assoc_secret)
{
$lib =& Auth_OpenID_getMathLib();
if (isset($consumer_args['openid.dh_modulus'])) {
$mod = $lib->base64ToLong($consumer_args['openid.dh_modulus']);
} else {
$mod = null;
}
if (isset($consumer_args['openid.dh_gen'])) {
$gen = $lib->base64ToLong($consumer_args['openid.dh_gen']);
} else {
$gen = null;
}
$cpub64 = @$consumer_args['openid.dh_consumer_public'];
if (!isset($cpub64)) {
return false;
}
$dh = new Auth_OpenID_DiffieHellman($mod, $gen);
$cpub = $lib->base64ToLong($cpub64);
$mac_key = $dh->xorSecret($cpub, $assoc_secret);
$enc_mac_key = base64_encode($mac_key);
$spub64 = $lib->longToBase64($dh->getPublicKey());
$server_args = array('session_type' => 'DH-SHA1', 'dh_server_public' => $spub64, 'enc_mac_key' => $enc_mac_key);
return $server_args;
}
function test_dhSHA256()
{
if (defined('Auth_OpenID_NO_MATH_SUPPORT') || !Auth_OpenID_SHA256_SUPPORTED) {
print "(Skipping test_dhSHA256)";
return;
}
$this->assoc = $this->signatory->createAssociation(false, 'HMAC-SHA256');
$consumer_dh = new Auth_OpenID_DiffieHellman();
$cpub = $consumer_dh->public;
$server_dh = new Auth_OpenID_DiffieHellman();
$session = new Auth_OpenID_DiffieHellmanSHA256ServerSession($server_dh, $cpub);
$this->request = new Auth_OpenID_AssociateRequest($session, 'HMAC-SHA256');
$response = $this->request->answer($this->assoc);
$this->assertFalse($response->fields->getArg(Auth_OpenID_OPENID_NS, "mac_key"));
$this->assertTrue($response->fields->getArg(Auth_OpenID_OPENID_NS, "enc_mac_key"));
$this->assertTrue($response->fields->getArg(Auth_OpenID_OPENID_NS, "dh_server_public"));
$fields = array('assoc_type' => 'HMAC-SHA256', 'assoc_handle' => $this->assoc->handle, 'session_type' => 'DH-SHA256');
foreach ($fields as $k => $v) {
$this->assertEquals($response->fields->getArg(Auth_OpenID_OPENID_NS, $k), $v);
}
$enc_key = base64_decode($response->fields->getArg(Auth_OpenID_OPENID_NS, "enc_mac_key"));
$lib =& Auth_OpenID_getMathLib();
$spub = $lib->base64ToLong($response->fields->getArg(Auth_OpenID_OPENID_NS, "dh_server_public"));
$secret = $consumer_dh->xorSecret($spub, $enc_key, 'Auth_OpenID_SHA256');
$s = base64_encode($secret);
$assoc_s = base64_encode($this->assoc->secret);
$this->assertEquals($s, $assoc_s);
}
