ruby-openid 1.1.4 → 2.0.1

data/lib/openid/cryptutil.rb

@@ -0,0 +1,85 @@
+require "openid/util"
+require "digest/sha1"
+require "digest/sha2"
+require "hmac/sha1"
+require "hmac/sha2"
+
+module OpenID
+  # This module contains everything needed to perform low-level
+  # cryptograph and data manipulation tasks.
+  module CryptUtil
+
+    # Generate a random number, doing a little extra work to make it
+    # more likely that it's suitable for cryptography. If your system
+    # doesn't have /dev/urandom then this number is not
+    # cryptographically safe. See
+    # <http://www.cosine.org/2007/08/07/security-ruby-kernel-rand/>
+    # for more information.  max is the largest possible value of such
+    # a random number, where the result will be less than max.
+    def CryptUtil.rand(max)
+      Kernel.srand()
+      return Kernel.rand(max)
+    end
+
+    def CryptUtil.sha1(text)
+      return Digest::SHA1.digest(text)
+    end
+
+    def CryptUtil.hmac_sha1(key, text)
+      return HMAC::SHA1.digest(key, text)
+    end
+
+    def CryptUtil.sha256(text)
+      return Digest::SHA256.digest(text)
+    end
+
+    def CryptUtil.hmac_sha256(key, text)
+      return HMAC::SHA256.digest(key, text)
+    end
+
+    # Generate a random string of the given length, composed of the
+    # specified characters.  If chars is nil, generate a string
+    # composed of characters in the range 0..255.
+    def CryptUtil.random_string(length, chars=nil)
+      s = ""
+
+      unless chars.nil?
+        length.times { s << chars[rand(chars.length)] }
+      else
+        length.times { s << rand(256).chr }
+      end
+      return s
+    end
+
+    # Convert a number to its binary representation; return a string
+    # of bytes.
+    def CryptUtil.num_to_binary(n)
+      bits = n.to_s(2)
+      prepend = (8 - bits.length % 8)
+      bits = ('0' * prepend) + bits
+      return [bits].pack('B*')
+    end
+
+    # Convert a string of bytes into a number.
+    def CryptUtil.binary_to_num(s)
+      # taken from openid-ruby 0.0.1
+      s = "\000" * (4 - (s.length % 4)) + s
+      num = 0
+      s.unpack('N*').each do |x|
+        num <<= 32
+        num |= x
+      end
+      return num
+    end
+
+    # Encode a number as a base64-encoded byte string.
+    def CryptUtil.num_to_base64(l)
+      return OpenID::Util.to_base64(num_to_binary(l))
+    end
+
+    # Decode a base64 byte string to a number.
+    def CryptUtil.base64_to_num(s)
+      return binary_to_num(OpenID::Util.from_base64(s))
+    end
+  end
+end

data/lib/openid/dh.rb

@@ -1,4 +1,5 @@
 require "openid/util"
+require "openid/cryptutil"
 
 module OpenID
 
@@ -7,40 +8,76 @@ module OpenID
   #
   # Read more about Diffie-Hellman on wikipedia:
   # http://en.wikipedia.org/wiki/Diffie-Hellman
+
   class DiffieHellman
 
-    @@DEFAULT_MOD = 155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848253359305585439638443
-    @@DEFAULT_GEN = 2
+    # From the OpenID specification
+    @@default_mod = 155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848253359305585439638443
+    @@default_gen = 2
 
-    attr_reader :p, :g, :public
-    
-    def DiffieHellman.from_base64(p=nil, g=nil)
-      unless p.nil?
-        p = OpenID::Util.base64_to_num(p)
-      end
-      unless g.nil?
-        g = OpenID::Util.base64_to_num(g)
-      end
-      DiffieHellman.new(p, g)
+    attr_reader :modulus, :generator, :public
+
+    # A new DiffieHellman object, using the modulus and generator from
+    # the OpenID specification
+    def DiffieHellman.from_defaults
+      DiffieHellman.new(@@default_mod, @@default_gen)
     end
 
-    def initialize(p=nil, g=nil)
-      @p = p.nil? ? @@DEFAULT_MOD : p
-      @g = g.nil? ? @@DEFAULT_GEN : g
-      
-      @private = OpenID::Util.rand(@p-2) + 1
-      @public = OpenID::Util.powermod(@g, @private, @p)
+    def initialize(modulus=nil, generator=nil, priv=nil)
+      @modulus = modulus.nil? ? @@default_mod : modulus
+      @generator = generator.nil? ? @@default_gen : generator
+      set_private(priv.nil? ? OpenID::CryptUtil.rand(@modulus-2) + 1 : priv)
     end
 
     def get_shared_secret(composite)
-      OpenID::Util.powermod(composite, @private, @p)
+      DiffieHellman.powermod(composite, @private, @modulus)
     end
 
-    def xor_secrect(composite, secret)
+    def xor_secret(algorithm, composite, secret)
       dh_shared = get_shared_secret(composite)
-      sha1_dh_shared = OpenID::Util.sha1( \
-                          OpenID::Util.num_to_str(dh_shared))
-      return OpenID::Util.strxor(secret, sha1_dh_shared)
+      packed_dh_shared = OpenID::CryptUtil.num_to_binary(dh_shared)
+      hashed_dh_shared = algorithm.call(packed_dh_shared)
+      return DiffieHellman.strxor(secret, hashed_dh_shared)
+    end
+
+    def using_default_values?
+      @generator == @@default_gen && @modulus == @@default_mod
+    end
+
+    private
+    def set_private(priv)
+      @private = priv
+      @public = DiffieHellman.powermod(@generator, @private, @modulus)
+    end
+
+    def DiffieHellman.strxor(s, t)
+      if s.length != t.length
+        raise ArgumentError, "strxor: lengths don't match. " +
+          "Inputs were #{s.inspect} and #{t.inspect}"
+      end
+
+      indices = 0...(s.length)
+      chrs = indices.collect {|i| (s[i]^t[i]).chr}
+      chrs.join("")
+    end
+
+    # This code is taken from this post:
+    # <http://blade.nagaokaut.ac.jp/cgi-bin/scat.\rb/ruby/ruby-talk/19098>
+    # by Eric Lee Green.
+    def DiffieHellman.powermod(x, n, q)
+      counter=0
+      n_p=n
+      y_p=1
+      z_p=x
+      while n_p != 0
+        if n_p[0]==1
+          y_p=(y_p*z_p) % q
+        end
+        n_p = n_p >> 1
+        z_p = (z_p * z_p) % q
+        counter += 1
+      end
+      return y_p
     end
 
   end

data/lib/openid/extension.rb

@@ -0,0 +1,31 @@
+require 'openid/message'
+
+module OpenID
+  # An interface for OpenID extensions.
+  class Extension < Object
+
+    def initialize
+      @ns_uri = nil
+      @ns_alias = nil
+    end
+
+    # Get the string arguments that should be added to an OpenID
+    # message for this extension.
+    def get_extension_args
+      raise NotImplementedError
+    end
+
+    # Add the arguments from this extension to the provided
+    # message, or create a new message containing only those
+    # arguments.  Returns the message with added extension args.
+    def to_message(message = nil)
+      message = Message.new if message.nil?
+
+      message.namespaces.add_alias(@ns_uri, @ns_alias)
+      # XXX python ignores keyerror if m.ns.getAlias(uri) == alias
+
+      message.update_args(@ns_uri, get_extension_args)
+      return message
+    end
+  end
+end