/**
* @expectedException \RuntimeException
* @expectedExceptionMessage Unknown cipher method
*/
public function testInvalidCipher()
{
$privateKey = CurveFactory::getGeneratorByName('nistp256')->getPrivateKeyFrom(gmp_init(100));
$iv = random_bytes(16);
$method = 'not-a-known-cipher';
new EncryptedPrivateKey($privateKey, $method, $iv);
}
/**
* @param string $name
* @return bool
*/
public function checkCurveSupported($name)
{
try {
CurveFactory::getCurveByName($name);
return true;
} catch (\Exception $e) {
return false;
}
}
/**
* @param ObjectIdentifier $oid
* @return \Mdanter\Ecc\Primitives\GeneratorPoint
*/
public static function getGeneratorFromOid(ObjectIdentifier $oid)
{
$oidString = $oid->getContent();
$invertedMap = array_flip(self::$oidMap);
if (array_key_exists($oidString, $invertedMap)) {
return CurveFactory::getGeneratorByName($invertedMap[$oidString]);
}
throw new \RuntimeException('Invalid data: unsupported generator.');
}
/**
* @param string $curveName
* @return \Mdanter\Ecc\Primitives\GeneratorPoint
*/
public static function generator($curveName)
{
switch ($curveName) {
case NistCurve::NAME_P256:
case NistCurve::NAME_P384:
case NistCurve::NAME_P521:
return CurveFactory::getGeneratorByName($curveName);
default:
throw new \InvalidArgumentException('Unknown or unsupported generator');
}
}
private static function getServerP256()
{
$generator = CurveFactory::getGeneratorByName('nist-p256');
$privateKeySerializer = new PemPrivateKeySerializer(new DerPrivateKeySerializer());
$privateKey = $generator->createPrivateKey();
$privateKeyStr = $privateKeySerializer->serialize($privateKey);
$publicKeySerializer = new PemPublicKeySerializer(new DerPublicKeySerializer());
$publicKey = $privateKey->getPublicKey();
$publicKeyStr = $publicKeySerializer->serialize($publicKey);
return array('private' => $privateKeyStr, 'public' => $publicKeyStr);
}
/**
* @param InputInterface $input
* @param OutputInterface $output
* @return void
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$curveName = $input->getOption('curve');
if (!$curveName) {
throw new \InvalidArgumentException('Curve name is required. Use "list-curves" to get available names.');
}
$generator = CurveFactory::getGeneratorByName($curveName);
if ($output instanceof ConsoleOutputInterface) {
$output->getErrorOutput()->writeln('Using curve "' . $curveName . "'");
}
$privKeySerializer = $this->getPrivateKeySerializer($input, 'out');
$pubKeySerializer = $this->getPublicKeySerializer($input, 'out');
$privKey = $generator->createPrivateKey();
$output->writeln($privKeySerializer->serialize($privKey));
$pubKey = $privKey->getPublicKey();
$output->writeln($pubKeySerializer->serialize($pubKey));
}
/**
* @return array
*/
public function getHmacTestSet()
{
$yaml = new Yaml();
$files = $this->getFiles();
$datasets = [];
foreach ($files as $file) {
$data = $yaml->parse($file);
if (!isset($data['hmac'])) {
continue;
}
$generator = CurveFactory::getGeneratorByName($data['name']);
foreach ($data['hmac'] as $sig) {
$datasets[] = [$generator, isset($sig['size']) ? $sig['size'] : 0, $sig['key'], $sig['algo'], $sig['message'], strtolower($sig['k']), strtolower($sig['r']), strtolower($sig['s'])];
}
}
return $datasets;
}
/**
* {@inheritdoc}
*/
public static function createECKey(array $values)
{
Assertion::keyExists($values, 'crv', 'The curve is not set.');
$curve = $values['crv'];
if (function_exists('openssl_get_curve_names')) {
$args = ['curve_name' => self::getOpensslName($curve), 'private_key_type' => OPENSSL_KEYTYPE_EC];
$key = openssl_pkey_new($args);
$res = openssl_pkey_export($key, $out);
Assertion::true($res, 'Unable to create the key');
$rsa = new ECKey($out);
$values = array_merge($values, $rsa->toArray());
return new JWK($values);
} else {
$curve_name = self::getNistName($curve);
$generator = CurveFactory::getGeneratorByName($curve_name);
$private_key = $generator->createPrivateKey();
$values = array_merge($values, ['kty' => 'EC', 'crv' => $curve, 'x' => self::encodeValue($private_key->getPublicKey()->getPoint()->getX()), 'y' => self::encodeValue($private_key->getPublicKey()->getPoint()->getY()), 'd' => self::encodeValue($private_key->getSecret())]);
}
return new JWK($values);
}
<?php require "../vendor/autoload.php"; $curveName = 'nist-p521'; $hashAlgo = 'sha256'; $factory = new Mdanter\X509\Factory(); $adapter = \Mdanter\Ecc\EccFactory::getAdapter(); $domain = $factory->getDomain($adapter, $curveName, $hashAlgo); $rbg = \Mdanter\Ecc\Random\RandomGeneratorFactory::getUrandomGenerator(); $G = \Mdanter\Ecc\Curves\CurveFactory::getGeneratorByName($curveName); $randomInt = $rbg->generate($G->getOrder()); $k = $G->getPrivateKeyFrom($randomInt); $Q = $k->getPublicKey(); $subjectDetails = ['commonName' => '127.0.0.1']; $subject = new Mdanter\X509\Certificates\CertificateSubject($subjectDetails); $csr = $factory->getCsr($domain, $subject, $k); $csrSerializer = new \Mdanter\X509\Serializer\Certificates\CsrSerializer(new \Mdanter\X509\Serializer\Certificates\CertificateSubjectSerializer(), new \Mdanter\Ecc\Serializer\PublicKey\DerPublicKeySerializer($adapter), new \Mdanter\X509\Serializer\Signature\DerSignatureSerializer()); $serialized = $csrSerializer->serialize($csr); echo $serialized;
/**
* @param MathAdapterInterface|null $adapter
* @param string $curveName
* @param string $hashAlgorithm
* @return EcDomain
*/
public static function getDomain(MathAdapterInterface $adapter, $curveName, $hashAlgorithm)
{
$adapter = $adapter ?: EccFactory::getAdapter();
return new EcDomain($adapter, CurveFactory::getCurveByName($curveName), CurveFactory::getGeneratorByName($curveName), new Hasher($adapter, $hashAlgorithm));
}
/**
* @dataProvider getDeterministicSign2Data
*/
public function testDeterministicSign2($curve, $size, $algo, $privKey, $message, $eK, $eR, $eS)
{
//echo "Try {$test->curve} / {$test->algorithm} / '{$test->message}'\n";
$G = CurveFactory::getGeneratorByName($curve);
// Initialize private key and message hash (decimal)
$privateKey = $G->getPrivateKeyFrom($this->math->hexDec($privKey));
$hashHex = hash($algo, $message);
$messageHash = $this->math->hexDec($hashHex);
// Derive K
$drbg = RandomGeneratorFactory::getHmacRandomGenerator($privateKey, $messageHash, $algo);
$k = $drbg->generate($G->getOrder());
$this->assertEquals($this->math->hexdec($eK), $k, 'k');
$hexSize = strlen($hashHex);
$hashBits = $this->math->baseConvert($messageHash, 10, 2);
if (strlen($hashBits) < $hexSize * 4) {
$hashBits = str_pad($hashBits, $hexSize * 4, '0', STR_PAD_LEFT);
}
$messageHash = $this->math->baseConvert(substr($hashBits, 0, $size), 2, 10);
$signer = new Signer($this->math);
$sig = $signer->sign($privateKey, $messageHash, $k);
// R and S should be correct
$sR = $this->math->hexDec($eR);
$sS = $this->math->hexDec($eS);
$this->assertTrue($signer->verify($privateKey->getPublicKey(), $sig, $messageHash));
$this->assertSame($sR, $sig->getR(), 'r');
$this->assertSame($sS, $sig->getS(), 's');
}
