Example #1
0
 /**
  * Sign a message with our private key
  * 
  * @param string $message Message to sign
  * @param Contract\CryptoKeyInterface $privatekey
  * @param boolean $raw Don't hex encode the output?
  * 
  * @return string Signature (detached)
  */
 public static function sign($message, Contract\CryptoKeyInterface $privatekey, $raw = false)
 {
     if (!$privatekey->isSigningKey()) {
         throw new CryptoAlert\InvalidKey('Expected a signing key');
     }
     if (!$privatekey->isSecretKey()) {
         throw new CryptoAlert\InvalidKey('Expected a secret key');
     }
     $signed = \Sodium\crypto_sign_detached($message, $privatekey->get());
     if ($raw) {
         return $signed;
     }
     return \Sodium\bin2hex($signed);
 }
Example #2
0
 /**
  * Sign a message with our private key
  * 
  * @param string $message Message to sign
  * @param SignatureSecretKey $privateKey
  * @param boolean $raw Don't hex encode the output?
  * @return string Signature (detached)
  */
 public static function sign(string $message, SignatureSecretKey $privateKey, bool $raw = false) : string
 {
     $signed = \Sodium\crypto_sign_detached($message, $privateKey->getRawKeyMaterial());
     if ($raw) {
         return $signed;
     }
     return \Sodium\bin2hex($signed);
 }
Example #3
0
 /**
  * @param string $message
  * @param string $signer_private
  * @return string The signature of the message.
  * @throws InvalidTypeException
  */
 public static function sign($message, $signer_private)
 {
     # Test to make sure all the required variables are strings.
     Helpers::isString($message, 'PublicKeyEncryption', 'sign');
     Helpers::isString($signer_private, 'PublicKeyEncryption', 'sign');
     return base64_encode(Helpers::bin2hex(\Sodium\crypto_sign_detached($message, $signer_private)));
 }
Example #4
0
 /**
  * Sign a message with our private key
  * 
  * @param string $message Message to sign
  * @param SignatureSecretKey $privateKey
  * @param boolean $raw Don't hex encode the output?
  * 
  * @return string Signature (detached)
  * 
  * @throws CryptoException\InvalidKey
  */
 public static function sign($message, Contract\KeyInterface $privateKey, $raw = false)
 {
     if (!$privateKey instanceof SignatureSecretKey) {
         throw new CryptoException\InvalidKey('Argument 2: Expected an instance of SignatureSecretKey');
     }
     $signed = \Sodium\crypto_sign_detached($message, $privateKey->get());
     if ($raw) {
         return $signed;
     }
     return \Sodium\bin2hex($signed);
 }
Example #5
0
 /**
  * Check if a password is known by the knownpassword.org API.
  *
  * @param string $password      	The password to check.
  * @param string $passwordFormat    The format of the given password (Blake2b, Sha512, Cleartext) [Default: Blake2b].
  * @return mixed               		Exception on error, true if the password is known and false if the password is unknown.
  * @access public
  */
 public function checkPassword($password, $passwordFormat = "Blake2b")
 {
     $apiData = array();
     switch ($passwordFormat) {
         case "Blake2b":
             $apiData = array("Blake2b" => $password);
             break;
         case "Sha512":
             $apiData = array("Sha512" => $password);
             break;
         case "Cleartext":
             $apiData = array("Cleartext" => $password);
             break;
         default:
             throw new \Exception("Unknown passwordFormat.");
     }
     $nonce = \Sodium\randombytes_buf(24);
     $signature = \Sodium\crypto_sign_detached($nonce, $this->_privatekey);
     $clearJson = json_encode($apiData);
     $encryptionNonce = \Sodium\randombytes_buf(\Sodium\CRYPTO_BOX_NONCEBYTES);
     $encryptionKeyPair = \Sodium\crypto_box_keypair();
     $encryptionSecretkey = \Sodium\crypto_box_secretkey($encryptionKeyPair);
     $encryptionPublickey = \Sodium\crypto_box_publickey($encryptionKeyPair);
     $encryptionKeyPair = \Sodium\crypto_box_keypair_from_secretkey_and_publickey($encryptionSecretkey, $this->_serverEncryptionPublicKey);
     $ciphertext = \Sodium\crypto_box($clearJson, $encryptionNonce, $encryptionKeyPair);
     $encryptedApiData = array("PublicKey" => \Sodium\bin2hex($encryptionPublickey), "Nonce" => \Sodium\bin2hex($encryptionNonce), "Ciphertext" => \Sodium\bin2hex($ciphertext));
     $data_string = json_encode($encryptedApiData);
     $ch = curl_init($this->_apiurl . "/checkpassword");
     curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
     curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
     curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
     curl_setopt($ch, CURLOPT_HEADER, 1);
     curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
     curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json', 'Content-Length: ' . strlen($data_string), 'User-Agent: ' . 'Laravel 5', 'X-Public: ' . \Sodium\bin2hex($this->_publickey), 'X-Nonce: ' . \Sodium\bin2hex($nonce), 'X-Signature: ' . \Sodium\bin2hex($signature)));
     if (!($result = curl_exec($ch))) {
         throw new \Exception("Request failed");
     }
     $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
     $header = substr($result, 0, $header_size);
     $headers = $this->get_headers_from_curl_response($header);
     if (array_key_exists("http_code", $headers[0]) && array_key_exists("X-Powered-By", $headers[0]) && array_key_exists("X-Signature", $headers[0])) {
         $httpCode = $headers[0]["http_code"];
         $responsePowered = $headers[0]["X-Powered-By"];
         $responseSignature = $headers[0]["X-Signature"];
         $responseNonce = $headers[0]["X-Nonce"];
         if ($httpCode === "HTTP/1.1 200 OK" || $httpCode === "HTTP/2.0 200 OK") {
             if ($responsePowered === "bitbeans") {
                 // validate the response signature
                 if (!\Sodium\crypto_sign_verify_detached(\Sodium\hex2bin($responseSignature), \Sodium\crypto_generichash(\Sodium\hex2bin($responseNonce), null, 64), $this->_serverSignaturePublicKey)) {
                     throw new \Exception("Invalid signature");
                 }
             } else {
                 throw new \Exception("Invalid server");
             }
         } else {
             throw new \Exception("Invalid response code");
         }
     } else {
         throw new \Exception("Invalid header");
     }
     $result = substr($result, $header_size);
     curl_close($ch);
     $resultJson = json_decode($result);
     $decryptionKeyPair = \Sodium\crypto_box_keypair_from_secretkey_and_publickey($encryptionSecretkey, \Sodium\hex2bin($resultJson->{'publicKey'}));
     $plaintext = \Sodium\crypto_box_open(\Sodium\hex2bin($resultJson->{'ciphertext'}), \Sodium\hex2bin($resultJson->{'nonce'}), $decryptionKeyPair);
     if ($plaintext === FALSE) {
         throw new \Exception("Malformed message or invalid MAC");
     }
     $plaintextJson = json_decode($plaintext);
     return !$plaintextJson->{'FoundPassword'};
 }
Example #6
0
 /**
  * Sign a message with our private key
  * 
  * @param string $message Message to sign
  * @param SignatureSecretKey $privateKey
  * @param mixed $encoding Which encoding scheme to use?
  * @return string Signature (detached)
  */
 public static function sign(string $message, SignatureSecretKey $privateKey, $encoding = Halite::ENCODE_BASE64URLSAFE) : string
 {
     $signed = \Sodium\crypto_sign_detached($message, $privateKey->getRawKeyMaterial());
     $encoder = Halite::chooseEncoder($encoding);
     if ($encoder) {
         return $encoder($signed);
     }
     return $signed;
 }