diff options
| author | tailor <cygnus@janrain.com> | 2006-02-14 23:55:17 +0000 |
|---|---|---|
| committer | tailor <cygnus@janrain.com> | 2006-02-14 23:55:17 +0000 |
| commit | 1e6f1844a1d17bc067210dfb1a8988917c6ce8a6 (patch) | |
| tree | bc489733413d4256e585d8f7f5c01d1f2549dae1 /Auth/OpenID | |
| parent | ecce27920ed37b53efe31d451b21c94ae90919d8 (diff) | |
| download | php-openid-1e6f1844a1d17bc067210dfb1a8988917c6ce8a6.zip php-openid-1e6f1844a1d17bc067210dfb1a8988917c6ce8a6.tar.gz php-openid-1e6f1844a1d17bc067210dfb1a8988917c6ce8a6.tar.bz2 | |
[project @ Moved CryptUtil functions into an Auth_OpenID_CryptUtil class.]
Diffstat (limited to 'Auth/OpenID')
| -rw-r--r-- | Auth/OpenID/BigMath.php | 2 | ||||
| -rw-r--r-- | Auth/OpenID/Consumer.php | 4 | ||||
| -rw-r--r-- | Auth/OpenID/CryptUtil.php | 141 | ||||
| -rw-r--r-- | Auth/OpenID/FileStore.php | 2 | ||||
| -rw-r--r-- | Auth/OpenID/SQLStore.php | 3 | ||||
| -rw-r--r-- | Auth/OpenID/Server.php | 4 |
6 files changed, 80 insertions, 76 deletions
diff --git a/Auth/OpenID/BigMath.php b/Auth/OpenID/BigMath.php index 8f37989..6fdbfab 100644 --- a/Auth/OpenID/BigMath.php +++ b/Auth/OpenID/BigMath.php @@ -158,7 +158,7 @@ class Auth_OpenID_MathLibrary { } do { - $bytes = "\x00" . Auth_OpenID_getBytes($nbytes); + $bytes = "\x00" . Auth_OpenID_CryptUtil::getBytes($nbytes); $n = $this->binaryToLong($bytes); // Keep looping if this value is in the low duplicated range } while ($this->cmp($n, $duplicate) < 0); diff --git a/Auth/OpenID/Consumer.php b/Auth/OpenID/Consumer.php index b601cf4..be4e790 100644 --- a/Auth/OpenID/Consumer.php +++ b/Auth/OpenID/Consumer.php @@ -702,8 +702,8 @@ class Auth_OpenID_Consumer { */ function _generateNonce() { - return Auth_OpenID_randomString(Auth_OpenID_NONCE_LEN, - $this->nonce_chrs); + return Auth_OpenID_CryptUtil::randomString(Auth_OpenID_NONCE_LEN, + $this->nonce_chrs); } /** diff --git a/Auth/OpenID/CryptUtil.php b/Auth/OpenID/CryptUtil.php index 79af8c7..3048f09 100644 --- a/Auth/OpenID/CryptUtil.php +++ b/Auth/OpenID/CryptUtil.php @@ -23,86 +23,89 @@ if (!defined('Auth_OpenID_RAND_SOURCE')) { define('Auth_OpenID_RAND_SOURCE', '/dev/urandom'); } -/** - * Get the specified number of random bytes. - * - * Attempts to use a cryptographically secure (not predictable) source - * of randomness if available. If there is no high-entropy randomness - * source available, it will fail. As a last resort, for non-critical - * systems, define <code>Auth_OpenID_RAND_SOURCE</code> as - * <code>null</code>, and the code will fall back on a pseudo-random - * number generator. - * - * @param int $num_bytes The length of the return value - * @return string $bytes random bytes - */ -function Auth_OpenID_getBytes($num_bytes) -{ - static $f = null; - $bytes = ''; - if ($f === null) { - if (Auth_OpenID_RAND_SOURCE === null) { - trigger_error("Using insecure randomness source", E_USER_NOTICE); - $f = false; - } else { - $f = @fopen(Auth_OpenID_RAND_SOURCE, "r"); - if ($f === false) { - $msg = 'Define Auth_OpenID_RAND_SOURCE as null to continue ' . - 'with an insecure random number generator.'; - trigger_error($msg, E_USER_ERROR); +class Auth_OpenID_CryptUtil { + /** + * Get the specified number of random bytes. + * + * Attempts to use a cryptographically secure (not predictable) + * source of randomness if available. If there is no high-entropy + * randomness source available, it will fail. As a last resort, + * for non-critical systems, define + * <code>Auth_OpenID_RAND_SOURCE</code> as <code>null</code>, and + * the code will fall back on a pseudo-random number generator. + * + * @param int $num_bytes The length of the return value + * @return string $bytes random bytes + */ + function getBytes($num_bytes) + { + static $f = null; + $bytes = ''; + if ($f === null) { + if (Auth_OpenID_RAND_SOURCE === null) { + trigger_error("Using insecure randomness source", + E_USER_NOTICE); + $f = false; + } else { + $f = @fopen(Auth_OpenID_RAND_SOURCE, "r"); + if ($f === false) { + $msg = 'Define Auth_OpenID_RAND_SOURCE as null to ' . + ' continue with an insecure random number generator.'; + trigger_error($msg, E_USER_ERROR); + } } } - } - if ($f === false) { - // pseudorandom used - $bytes = ''; - for ($i = 0; $i < $num_bytes; $i += 4) { - $bytes .= pack('L', mt_rand()); + if ($f === false) { + // pseudorandom used + $bytes = ''; + for ($i = 0; $i < $num_bytes; $i += 4) { + $bytes .= pack('L', mt_rand()); + } + $bytes = substr($bytes, 0, $num_bytes); + } else { + $bytes = fread($f, $num_bytes); } - $bytes = substr($bytes, 0, $num_bytes); - } else { - $bytes = fread($f, $num_bytes); + return $bytes; } - return $bytes; -} -/** - * Produce a string of length random bytes, chosen from chrs. If - * $chrs is null, the resulting string may contain any characters. - * - * @param integer $length The length of the resulting - * randomly-generated string - * @param string $chrs A string of characters from which to choose - * to build the new string - * @return string $result A string of randomly-chosen characters - * from $chrs - */ -function Auth_OpenID_randomString($length, $population = null) -{ - if ($population === null) { - return Auth_OpenID_getBytes($length); - } + /** + * Produce a string of length random bytes, chosen from chrs. If + * $chrs is null, the resulting string may contain any characters. + * + * @param integer $length The length of the resulting + * randomly-generated string + * @param string $chrs A string of characters from which to choose + * to build the new string + * @return string $result A string of randomly-chosen characters + * from $chrs + */ + function randomString($length, $population = null) + { + if ($population === null) { + return Auth_OpenID_CryptUtil::getBytes($length); + } - $popsize = strlen($population); + $popsize = strlen($population); - if ($popsize > 256) { - $msg = 'More than 256 characters supplied to ' . __FUNCTION__; - trigger_error($msg, E_USER_ERROR); - } + if ($popsize > 256) { + $msg = 'More than 256 characters supplied to ' . __FUNCTION__; + trigger_error($msg, E_USER_ERROR); + } - $duplicate = 256 % $popsize; + $duplicate = 256 % $popsize; - $str = ""; - for ($i = 0; $i < $length; $i++) { - do { - $n = ord(Auth_OpenID_getBytes(1)); - } while ($n < $duplicate); + $str = ""; + for ($i = 0; $i < $length; $i++) { + do { + $n = ord(Auth_OpenID_CryptUtil::getBytes(1)); + } while ($n < $duplicate); - $n %= $popsize; - $str .= $population[$n]; - } + $n %= $popsize; + $str .= $population[$n]; + } - return $str; + return $str; + } } ?>
\ No newline at end of file diff --git a/Auth/OpenID/FileStore.php b/Auth/OpenID/FileStore.php index 75379f3..c682ee5 100644 --- a/Auth/OpenID/FileStore.php +++ b/Auth/OpenID/FileStore.php @@ -159,7 +159,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { return null; } - $auth_key = Auth_OpenID_randomString($this->AUTH_KEY_LEN); + $auth_key = Auth_OpenID_CryptUtil::randomString($this->AUTH_KEY_LEN); list($file_obj, $tmp) = $this->_mktemp(); diff --git a/Auth/OpenID/SQLStore.php b/Auth/OpenID/SQLStore.php index 7811923..b5237dd 100644 --- a/Auth/OpenID/SQLStore.php +++ b/Auth/OpenID/SQLStore.php @@ -353,7 +353,8 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { { $value = $this->_get_auth(); if (!$value) { - $auth_key = Auth_OpenID_randomString($this->AUTH_KEY_LEN); + $auth_key = + Auth_OpenID_CryptUtil::randomString($this->AUTH_KEY_LEN); $auth_key_s = $this->blobEncode($auth_key); $this->_create_auth($auth_key_s); diff --git a/Auth/OpenID/Server.php b/Auth/OpenID/Server.php index ce7b512..980cd9b 100644 --- a/Auth/OpenID/Server.php +++ b/Auth/OpenID/Server.php @@ -393,13 +393,13 @@ class Auth_OpenID_Server { function createAssociation($assoc_type) { if ($assoc_type == 'HMAC-SHA1') { - $secret = Auth_OpenID_getBytes(20); + $secret = Auth_OpenID_CryptUtil::getBytes(20); } else { // XXX: log return false; } - $uniq = base64_encode(Auth_OpenID_getBytes(4)); + $uniq = base64_encode(Auth_OpenID_CryptUtil::getBytes(4)); $handle = sprintf('{%s}{%x}{%s}', $assoc_type, time(), $uniq); $ltime = $this->association_lifetime; |