def _test_dh(self):
dh1 = DiffieHellman.fromDefaults()
dh2 = DiffieHellman.fromDefaults()
secret1 = dh1.getSharedSecret(dh2.public)
secret2 = dh2.getSharedSecret(dh1.public)
assert secret1 == secret2
return secret1
def test1():
dh1 = DiffieHellman.fromDefaults()
dh2 = DiffieHellman.fromDefaults()
secret1 = dh1.getSharedSecret(dh2.public)
secret2 = dh2.getSharedSecret(dh1.public)
assert secret1 == secret2
return secret1
def test_exchange_dynamic(self):
# Test complete key exchange with random values
# Consumer part
consumer_dh = DiffieHellman.fromDefaults()
consumer_public_key = consumer_dh.public_key
# Server part
secret = toBase64(os.urandom(32))
server_dh = DiffieHellman.fromDefaults()
mac_key = server_dh.xor_secret(consumer_public_key, secret, hashes.SHA256())
server_public_key = server_dh.public_key
# Consumer part
shared_secret = consumer_dh.xor_secret(server_public_key, mac_key, hashes.SHA256())
# Check secret was negotiated correctly
self.assertEqual(secret, shared_secret)
def test_exchange_dynamic(self):
# Test complete key exchange with random values
# Consumer part
consumer_dh = DiffieHellman.fromDefaults()
consumer_public_key = consumer_dh.public_key
# Server part
secret = toBase64(os.urandom(32))
server_dh = DiffieHellman.fromDefaults()
mac_key = server_dh.xor_secret(consumer_public_key, secret,
hashes.SHA256())
server_public_key = server_dh.public_key
# Consumer part
shared_secret = consumer_dh.xor_secret(server_public_key, mac_key,
hashes.SHA256())
# Check secret was negotiated correctly
self.assertEqual(secret, shared_secret)
def test_get_shared_secret_consumer(self):
consumer_dh = DiffieHellman.fromDefaults()
self.setup_keys(consumer_dh, self.consumer_public_key,
self.consumer_private_key)
self.assertEqual(
consumer_dh._get_shared_secret(self.server_public_key),
base64.b64decode(self.shared_secret))
def test_public(self):
dh = DiffieHellman.fromDefaults()
self.setup_keys(dh, self.server_public_key, self.server_private_key)
warning_msg = "Attribute 'public' is deprecated. Use 'public_key' instead."
with ShouldWarn(DeprecationWarning(warning_msg)):
warnings.simplefilter('always')
self.assertEqual(dh.public, base64ToLong(self.server_public_key))
def test_exchange_server_static(self):
# Test key exchange - server part with static values
server_dh = DiffieHellman.fromDefaults()
self.setup_keys(server_dh, self.server_public_key, self.server_private_key)
self.assertEqual(server_dh.xor_secret(self.consumer_public_key, self.secret, hashes.SHA256()), self.mac_key)
self.assertEqual(server_dh.public_key, self.server_public_key)
def test_public(self):
dh = DiffieHellman.fromDefaults()
self.setup_keys(dh, self.server_public_key, self.server_private_key)
warning_msg = "Attribute 'public' is deprecated. Use 'public_key' instead."
with ShouldWarn(DeprecationWarning(warning_msg)):
warnings.simplefilter('always')
self.assertEqual(dh.public, base64ToLong(self.server_public_key))
def test_exchange_dynamic(self):
# Test complete key exchange with random values
# Consumer part
consumer_dh = DiffieHellman.fromDefaults()
consumer_public_key = consumer_dh.public_key
# Server part
secret = os.urandom(32)
server_dh = DiffieHellman.fromDefaults()
mac_key = server_dh.xorSecret(base64ToLong(consumer_public_key),
secret, sha256)
server_public_key = server_dh.public_key
# Consumer part
shared_secret = consumer_dh.xorSecret(base64ToLong(server_public_key),
mac_key, sha256)
# Check secret was negotiated correctly
self.assertEqual(secret, shared_secret)
def test_exchange_consumer_static(self):
# Test key exchange - consumer part with static values
consumer_dh = DiffieHellman.fromDefaults()
self.setup_keys(consumer_dh, self.consumer_public_key, self.consumer_private_key)
shared_secret = consumer_dh.xor_secret(self.server_public_key, self.mac_key, hashes.SHA256())
# Check secret was negotiated correctly
self.assertEqual(shared_secret, self.secret)
def test_getSharedSecret(self):
# Test the deprecated method
consumer_dh = DiffieHellman.fromDefaults()
self.setup_keys(consumer_dh, self.consumer_public_key, self.consumer_private_key)
warning_msg = "Method 'getSharedSecret' is deprecated in favor of '_get_shared_secret'."
with ShouldWarn(DeprecationWarning(warning_msg)):
warnings.simplefilter('always')
self.assertEqual(consumer_dh.getSharedSecret(self.server_public_key), base64ToLong(self.shared_secret))
def test_modulus(self):
dh = DiffieHellman.fromDefaults()
modulus = int('155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698'
'188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681'
'476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848'
'253359305585439638443')
warning_msg = "Modulus property will return base64 encoded string."
with ShouldWarn(DeprecationWarning(warning_msg)):
warnings.simplefilter('always')
self.assertEqual(dh.modulus, modulus)
def test_exchange_consumer_static(self):
# Test key exchange - consumer part with static values
consumer_dh = DiffieHellman.fromDefaults()
self.setup_keys(consumer_dh, self.consumer_public_key,
self.consumer_private_key)
shared_secret = consumer_dh.xor_secret(self.server_public_key,
self.mac_key, hashes.SHA256())
# Check secret was negotiated correctly
self.assertEqual(shared_secret, self.secret)
def test_exchange_server_static(self):
# Test key exchange - server part with static values
server_dh = DiffieHellman.fromDefaults()
self.setup_keys(server_dh, self.server_public_key,
self.server_private_key)
self.assertEqual(
server_dh.xor_secret(self.consumer_public_key, self.secret,
hashes.SHA256()), self.mac_key)
self.assertEqual(server_dh.public_key, self.server_public_key)
def test_public():
f = file(os.path.join(os.path.dirname(__file__), 'dhpriv'))
dh = DiffieHellman.fromDefaults()
try:
for line in f:
parts = line.strip().split(' ')
dh._setPrivate(int(parts[0]))
assert dh.public == int(parts[1])
finally:
f.close()
def test_modulus(self):
dh = DiffieHellman.fromDefaults()
modulus = int(
'155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698'
'188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681'
'476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848'
'253359305585439638443')
warning_msg = "Modulus property will return base64 encoded string."
with ShouldWarn(DeprecationWarning(warning_msg)):
warnings.simplefilter('always')
self.assertEqual(dh.modulus, modulus)
def test_dh(self):
from openid.dh import DiffieHellman
from openid.server.server import DiffieHellmanServerSession
consumer_dh = DiffieHellman.fromDefaults()
cpub = consumer_dh.public
session = DiffieHellmanServerSession(DiffieHellman.fromDefaults(), cpub)
self.request = server.AssociateRequest(session)
response = self.request.answer(self.assoc)
rfg = response.fields.get
self.failUnlessEqual(rfg("assoc_type"), "HMAC-SHA1")
self.failUnlessEqual(rfg("assoc_handle"), self.assoc.handle)
self.failIf(rfg("mac_key"))
self.failUnlessEqual(rfg("session_type"), "DH-SHA1")
self.failUnless(rfg("enc_mac_key"))
self.failUnless(rfg("dh_server_public"))
enc_key = rfg("enc_mac_key").decode('base64')
spub = cryptutil.base64ToLong(rfg("dh_server_public"))
secret = consumer_dh.xorSecret(spub, enc_key)
self.failUnlessEqual(secret, self.assoc.secret)
def test_getSharedSecret(self):
# Test the deprecated method
consumer_dh = DiffieHellman.fromDefaults()
self.setup_keys(consumer_dh, self.consumer_public_key,
self.consumer_private_key)
warning_msg = "Method 'getSharedSecret' is deprecated in favor of '_get_shared_secret'."
with ShouldWarn(DeprecationWarning(warning_msg)):
warnings.simplefilter('always')
self.assertEqual(
consumer_dh.getSharedSecret(self.server_public_key),
base64ToLong(self.shared_secret))
def test_public(self):
f = file(os.path.join(os.path.dirname(__file__), 'dhpriv'))
dh = DiffieHellman.fromDefaults()
try:
for line in f:
parts = line.strip().split(' ')
dh._setPrivate(long(parts[0]))
assert dh.public == long(parts[1])
finally:
f.close()
def fromQuery(cls, query):
"""
@param query: The associate request's query parameters
@type query: {str:str}
@returntype: L{DiffieHellmanServerSession}
@raises ProtocolError: When parameters required to establish the
session are missing.
"""
dh_modulus = query.get('openid.dh_modulus')
dh_gen = query.get('openid.dh_gen')
if (dh_modulus is None and dh_gen is not None
or dh_gen is None and dh_modulus is not None):
if dh_modulus is None:
missing = 'modulus'
else:
missing = 'generator'
raise ProtocolError('If non-default modulus or generator is '
'supplied, both must be supplied. Missing %s' %
(missing, ))
if dh_modulus or dh_gen:
dh_modulus = cryptutil.base64ToLong(dh_modulus)
dh_gen = cryptutil.base64ToLong(dh_gen)
dh = DiffieHellman(dh_modulus, dh_gen)
else:
dh = DiffieHellman.fromDefaults()
consumer_pubkey = query.get('openid.dh_consumer_public')
if consumer_pubkey is None:
raise ProtocolError("Public key for DH-SHA1 session "
"not found in query %s" % (query, ))
consumer_pubkey = cryptutil.base64ToLong(consumer_pubkey)
return cls(dh, consumer_pubkey)
def test_xorSecret(self):
# Test key exchange - deprecated method
server_dh = DiffieHellman.fromDefaults()
self.setup_keys(server_dh, self.server_public_key, self.server_private_key)
def sha256(value):
digest = hashes.Hash(hashes.SHA256(), backend=default_backend())
digest.update(value)
return digest.finalize()
warning_msg = "Method 'xorSecret' is deprecated, use 'xor_secret' instead."
with ShouldWarn(DeprecationWarning(warning_msg)):
warnings.simplefilter('always')
secret = server_dh.xorSecret(base64ToLong(self.consumer_public_key), base64.b64decode(self.secret), sha256)
self.assertEqual(secret, base64.b64decode(self.mac_key))
def test_xorSecret(self):
# Test key exchange - deprecated method
server_dh = DiffieHellman.fromDefaults()
self.setup_keys(server_dh, self.server_public_key,
self.server_private_key)
def sha256(value):
digest = hashes.Hash(hashes.SHA256(), backend=default_backend())
digest.update(value)
return digest.finalize()
warning_msg = "Method 'xorSecret' is deprecated, use 'xor_secret' instead."
with ShouldWarn(DeprecationWarning(warning_msg)):
warnings.simplefilter('always')
secret = server_dh.xorSecret(
base64ToLong(self.consumer_public_key),
base64.b64decode(self.secret), sha256)
self.assertEqual(secret, base64.b64decode(self.mac_key))
def fromQuery(cls, query):
"""
@param query: The associate request's query parameters
@type query: {str:str}
@returntype: L{DiffieHellmanServerSession}
@raises ProtocolError: When parameters required to establish the
session are missing.
"""
dh_modulus = query.get('openid.dh_modulus')
dh_gen = query.get('openid.dh_gen')
if (dh_modulus is None and dh_gen is not None or
dh_gen is None and dh_modulus is not None):
if dh_modulus is None:
missing = 'modulus'
else:
missing = 'generator'
raise ProtocolError('If non-default modulus or generator is '
'supplied, both must be supplied. Missing %s'
% (missing,))
if dh_modulus or dh_gen:
dh_modulus = cryptutil.base64ToLong(dh_modulus)
dh_gen = cryptutil.base64ToLong(dh_gen)
dh = DiffieHellman(dh_modulus, dh_gen)
else:
dh = DiffieHellman.fromDefaults()
consumer_pubkey = query.get('openid.dh_consumer_public')
if consumer_pubkey is None:
raise ProtocolError("Public key for DH-SHA1 session "
"not found in query %s" % (query,))
consumer_pubkey = cryptutil.base64ToLong(consumer_pubkey)
return cls(dh, consumer_pubkey)
def test_generator(self):
dh = DiffieHellman.fromDefaults()
warning_msg = "Generator property will return base64 encoded string."
with ShouldWarn(DeprecationWarning(warning_msg)):
warnings.simplefilter('always')
self.assertEqual(dh.generator, 2)
def test_public_key(self):
dh = DiffieHellman.fromDefaults()
self.setup_keys(dh, self.server_public_key, self.server_private_key)
self.assertEqual(dh.public_key, self.server_public_key)
def test_generator(self):
dh = DiffieHellman.fromDefaults()
warning_msg = "Generator property will return base64 encoded string."
with ShouldWarn(DeprecationWarning(warning_msg)):
warnings.simplefilter('always')
self.assertEqual(dh.generator, 2)
def test_parameters(self):
dh = DiffieHellman.fromDefaults()
self.assertEqual(dh.parameters, (DEFAULT_DH_MODULUS, DEFAULT_DH_GENERATOR))
def test_init_int(self):
dh = DiffieHellman(base64ToLong(DEFAULT_DH_MODULUS), base64ToLong(DEFAULT_DH_GENERATOR))
self.assertTrue(dh.usingDefaultValues())
def test_generator(self):
dh = DiffieHellman.fromDefaults()
self.assertEqual(dh.generator, DEFAULT_DH_GENERATOR)
def test_modulus(self):
dh = DiffieHellman.fromDefaults()
self.assertEqual(dh.modulus, DEFAULT_DH_MODULUS)
def test_parameters(self):
dh = DiffieHellman.fromDefaults()
self.assertEqual(dh.parameters,
(DEFAULT_DH_MODULUS, DEFAULT_DH_GENERATOR))
def createNonstandardConsumerDH():
nonstandard_dh = DiffieHellman(1315291, 2)
return DiffieHellmanSHA1ConsumerSession(nonstandard_dh)
def test_init(self):
dh = DiffieHellman(DEFAULT_DH_MODULUS, DEFAULT_DH_GENERATOR)
self.assertTrue(dh.usingDefaultValues())
def test_public_key(self):
dh = DiffieHellman.fromDefaults()
self.setup_keys(dh, self.server_public_key, self.server_private_key)
self.assertEqual(dh.public_key, self.server_public_key)
def test_init_int(self):
dh = DiffieHellman(base64ToLong(DEFAULT_DH_MODULUS),
base64ToLong(DEFAULT_DH_GENERATOR))
self.assertTrue(dh.usingDefaultValues())
def test_get_shared_secret_consumer(self):
consumer_dh = DiffieHellman.fromDefaults()
self.setup_keys(consumer_dh, self.consumer_public_key, self.consumer_private_key)
self.assertEqual(consumer_dh._get_shared_secret(self.server_public_key), base64.b64decode(self.shared_secret))
def createNonstandardConsumerDH():
nonstandard_dh = DiffieHellman('FBHb', DEFAULT_DH_GENERATOR)
return DiffieHellmanSHA1ConsumerSession(nonstandard_dh)
def test_init(self):
dh = DiffieHellman(DEFAULT_DH_MODULUS, DEFAULT_DH_GENERATOR)
self.assertTrue(dh.usingDefaultValues())
def test_get_shared_secret_server(self):
server_dh = DiffieHellman.fromDefaults()
self.setup_keys(server_dh, self.server_public_key,
self.server_private_key)
self.assertEqual(server_dh.get_shared_secret(self.consumer_public_key),
self.shared_secret)
def __init__(self, dh=None):
if dh is None:
dh = DiffieHellman.fromDefaults()
self.dh = dh