function Auth_OpenID_DiffieHellman($mod = null, $gen = null, $private = null, $lib = null) { if ($lib === null) { $this->lib =& Auth_OpenID_getMathLib(); } else { $this->lib =& $lib; } if ($mod === null) { $this->mod = $this->lib->init(Auth_OpenID_getDefaultMod()); } else { $this->mod = $mod; } if ($gen === null) { $this->gen = $this->lib->init(Auth_OpenID_getDefaultGen()); } else { $this->gen = $gen; } if ($private === null) { $r = $this->lib->rand($this->mod); $this->private = $this->lib->add($r, 1); } else { $this->private = $private; } $this->public = $this->lib->powmod($this->gen, $this->private, $this->mod); }
function runTest() { $lib =& Auth_OpenID_getMathLib(); $shared = $lib->init($this->shared); $dh1 = new Auth_OpenID_DiffieHellman(null, null, $this->p1); $dh2 = new Auth_OpenID_DiffieHellman(null, null, $this->p2); $sh1 = $dh1->getSharedSecret($dh2->getPublicKey()); $sh2 = $dh2->getSharedSecret($dh1->getPublicKey()); $this->assertEquals($lib->cmp($shared, $sh1), 0); $this->assertEquals($lib->cmp($shared, $sh2), 0); }
function answer($secret) { $lib =& Auth_OpenID_getMathLib(); $mac_key = $this->dh->xorSecret($this->consumer_pubkey, $secret, $this->hash_func); return array( 'dh_server_public' => $lib->longToBase64($this->dh->public), 'enc_mac_key' => base64_encode($mac_key)); }
/** * Perform the server side of the OpenID Diffie-Hellman association */ function serverAssociate($consumer_args, $assoc_secret) { $lib =& Auth_OpenID_getMathLib(); if (isset($consumer_args['openid.dh_modulus'])) { $mod = $lib->base64ToLong($consumer_args['openid.dh_modulus']); } else { $mod = null; } if (isset($consumer_args['openid.dh_gen'])) { $gen = $lib->base64ToLong($consumer_args['openid.dh_gen']); } else { $gen = null; } $cpub64 = @$consumer_args['openid.dh_consumer_public']; if (!isset($cpub64)) { return false; } $dh = new Auth_OpenID_DiffieHellman($mod, $gen); $cpub = $lib->base64ToLong($cpub64); $mac_key = $dh->xorSecret($cpub, $assoc_secret); $enc_mac_key = base64_encode($mac_key); $spub64 = $lib->longToBase64($dh->getPublicKey()); $server_args = array('session_type' => 'DH-SHA1', 'dh_server_public' => $spub64, 'enc_mac_key' => $enc_mac_key); return $server_args; }
function extractSecret($response) { if (!$response->hasKey(Auth_OpenID_OPENID_NS, 'dh_server_public')) { return null; } if (!$response->hasKey(Auth_OpenID_OPENID_NS, 'enc_mac_key')) { return null; } $math = Auth_OpenID_getMathLib(); $spub = $math->base64ToLong($response->getArg(Auth_OpenID_OPENID_NS, 'dh_server_public')); $enc_mac_key = base64_decode($response->getArg(Auth_OpenID_OPENID_NS, 'enc_mac_key')); return $this->dh->xorSecret($spub, $enc_mac_key, $this->hash_func); }
function answer($assoc) { $ml =& Auth_OpenID_getMathLib(); $response = new Auth_OpenID_ServerResponse($this); $response->fields = array('expires_in' => $assoc->getExpiresIn(), 'assoc_type' => 'HMAC-SHA1', 'assoc_handle' => $assoc->handle); $r = $this->session->answer($assoc->secret); foreach ($r as $k => $v) { $response->fields[$k] = $v; } if ($this->session->session_type != 'plaintext') { $response->fields['session_type'] = $this->session->session_type; } return $response; }
function Auth_OpenID_include_init() { if (Auth_OpenID_getMathLib() === null) { Auth_OpenID_setNoMathSupport(); } }
/** * Status code returned when there were no OpenID arguments * passed. This code indicates that the caller should return a 200 OK * response and display an HTML page that says that this is an OpenID * server endpoint. * * @see Auth_OpenID_Server */ define('Auth_OpenID_DO_ABOUT', 'do_about'); /** * Defines for regexes and format checking. */ define('Auth_OpenID_letters', "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"); define('Auth_OpenID_digits', "0123456789"); define('Auth_OpenID_punct', "!\"#\$%&'()*+,-./:;<=>?@[\\]^_`{|}~"); if (Auth_OpenID_getMathLib() === null) { Auth_OpenID_setNoMathSupport(); } /** * The OpenID utility function class. * * @package OpenID * @access private */ class Auth_OpenID { /** * Return true if $thing is an Auth_OpenID_FailureResponse object; * false if not. * * @access private
function setUp() { // Pre-compute DH with small prime so tests run quickly. $this->server_dh = new Auth_OpenID_DiffieHellman(100389557, 2); $this->consumer_dh = new Auth_OpenID_DiffieHellman(100389557, 2); $lib =& Auth_OpenID_getMathLib(); $cls = $this->session_cls; $this->consumer_session = new $cls($this->consumer_dh); // base64(btwoc(g ^ xb mod p)) $this->dh_server_public = $lib->longToBase64($this->server_dh->public); $this->secret = Auth_OpenID_CryptUtil::randomString($this->consumer_session->secret_size); $this->enc_mac_key = base64_encode($this->server_dh->xorSecret($this->consumer_dh->public, $this->secret, $this->consumer_session->hash_func)); $this->msg = new Auth_OpenID_Message($this->message_namespace); }
function test_dh() { if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) { $dh = new Auth_OpenID_DiffieHellman(); $ml =& Auth_OpenID_getMathLib(); $cpub = $dh->public; $session = new Auth_OpenID_DiffieHellmanServerSession(new Auth_OpenID_DiffieHellman(), $cpub); $this->request = new Auth_OpenID_AssociateRequest($session); $response = $this->request->answer($this->assoc); $this->assertEquals(Auth_OpenID::arrayGet($response->fields, "assoc_type"), "HMAC-SHA1"); $this->assertEquals(Auth_OpenID::arrayGet($response->fields, "assoc_handle"), $this->assoc->handle); $this->assertFalse(Auth_OpenID::arrayGet($response->fields, "mac_key")); $this->assertEquals(Auth_OpenID::arrayGet($response->fields, "session_type"), "DH-SHA1"); $this->assertTrue(Auth_OpenID::arrayGet($response->fields, "enc_mac_key")); $this->assertTrue(Auth_OpenID::arrayGet($response->fields, "dh_server_public")); $enc_key = base64_decode(Auth_OpenID::arrayGet($response->fields, "enc_mac_key")); $spub = $ml->base64ToLong(Auth_OpenID::arrayGet($response->fields, "dh_server_public")); $secret = $dh->xorSecret($spub, $enc_key); $this->assertEquals($secret, $this->assoc->secret); } }
function extractSecret($response) { if (!array_key_exists('dh_server_public', $response)) { return null; } if (!array_key_exists('enc_mac_key', $response)) { return null; } $math =& Auth_OpenID_getMathLib(); $spub = $math->base64ToLong($response['dh_server_public']); $enc_mac_key = base64_decode($response['enc_mac_key']); return $this->dh->xorSecret($spub, $enc_mac_key); }
/** * Status code returned when there were no OpenID arguments * passed. This code indicates that the caller should return a 200 OK * response and display an HTML page that says that this is an OpenID * server endpoint. * * @see Auth_OpenID_Server */ define('Auth_OpenID_DO_ABOUT', 'do_about'); /** * Defines for regexes and format checking. */ define('Auth_OpenID_letters', "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"); define('Auth_OpenID_digits', "0123456789"); define('Auth_OpenID_punct', "!\"#\$%&'()*+,-./:;<=>?@[\\]^_`{|}~"); if (Auth_OpenID_getMathLib() === null && !defined('Auth_OpenID_NO_MATH_SUPPORT')) { define('Auth_OpenID_NO_MATH_SUPPORT', true); } /** * The OpenID utility function class. * * @package OpenID * @access private */ class Auth_OpenID { /** * Return true if $thing is an Auth_OpenID_FailureResponse object; * false if not. * * @access private
function test_dhSHA256() { if (defined('Auth_OpenID_NO_MATH_SUPPORT') || !Auth_OpenID_SHA256_SUPPORTED) { print "(Skipping test_dhSHA256)"; return; } $this->assoc = $this->signatory->createAssociation(false, 'HMAC-SHA256'); $consumer_dh = new Auth_OpenID_DiffieHellman(); $cpub = $consumer_dh->public; $server_dh = new Auth_OpenID_DiffieHellman(); $session = new Auth_OpenID_DiffieHellmanSHA256ServerSession($server_dh, $cpub); $this->request = new Auth_OpenID_AssociateRequest($session, 'HMAC-SHA256'); $response = $this->request->answer($this->assoc); $this->assertFalse($response->fields->getArg(Auth_OpenID_OPENID_NS, "mac_key")); $this->assertTrue($response->fields->getArg(Auth_OpenID_OPENID_NS, "enc_mac_key")); $this->assertTrue($response->fields->getArg(Auth_OpenID_OPENID_NS, "dh_server_public")); $fields = array('assoc_type' => 'HMAC-SHA256', 'assoc_handle' => $this->assoc->handle, 'session_type' => 'DH-SHA256'); foreach ($fields as $k => $v) { $this->assertEquals($response->fields->getArg(Auth_OpenID_OPENID_NS, $k), $v); } $enc_key = base64_decode($response->fields->getArg(Auth_OpenID_OPENID_NS, "enc_mac_key")); $lib =& Auth_OpenID_getMathLib(); $spub = $lib->base64ToLong($response->fields->getArg(Auth_OpenID_OPENID_NS, "dh_server_public")); $secret = $consumer_dh->xorSecret($spub, $enc_key, 'Auth_OpenID_SHA256'); $s = base64_encode($secret); $assoc_s = base64_encode($this->assoc->secret); $this->assertEquals($s, $assoc_s); }
function Tests_Auth_OpenID_BigMath($name) { $this->setName($name); if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) { $this->addTestSuite('Tests_Auth_OpenID_BigInt'); $this->_addB64Tests(); $this->_addBinLongTests(); $test = new Tests_Auth_OpenID_Rand(Auth_OpenID_getMathLib()); $test->setName('Big number rand'); $this->addTest($test); } }