/**
* before_request
* Hook for PHP Requests
*
* @param $url
* @param $headers
* @param $data
*/
public function before_request(&$url, &$headers, &$data)
{
// generate a date string
$date = new \DateTime('NOW', new \DateTimeZone("GMT"));
$headers['Date'] = $date->format("D, d M Y H:i:s \\G\\M\\T");
// build up the data to be signed
$request_data = $headers['Date'] . "\n" . $url . "\n";
if (!empty($data)) {
$request_data .= http_build_query($data);
}
// get a signature for our request
// private key is in hex form, needs to be converted into PrivateKey Object
$generator = EccFactory::getNistCurves()->generator256();
$private_key = new PrivateKey($this->math_adapter, $generator, $this->math_adapter->hexDec($this->private_key));
$hash = $this->math_adapter->hexDec(hash("sha256", $request_data));
$signer = EccFactory::getSigner();
$randomK = RandomGeneratorFactory::getRandomGenerator()->generate($private_key->getPoint()->getOrder());
$signatureObj = $signer->sign($private_key, $hash, $randomK);
$signature = $this->math_adapter->decHex($signatureObj->getR()) . $this->math_adapter->decHex($signatureObj->getS());
// apply the HTTP headers and send the request
$headers['X-Service'] = $this->service_name;
$headers['X-Signature'] = $signature;
if ($this->debug) {
echo "\n\nRequest Data\n\n";
echo "URL:\n";
var_dump($url);
echo "HEADERS:\n";
var_dump($headers);
echo "DATA:\n";
var_dump($data);
}
}
/**
* @param string $content
* @param Binary $key
* @return string
*/
public function sign($content, Binary $key)
{
$math = MathAdapterFactory::getAdapter();
$inflatedPrivateKey = $this->deserializePrivate($key->getData(), $math);
$rng = RandomGeneratorFactory::getRandomGenerator();
$hash = $this->hash($content);
$signer = new Signer($math);
$signature = $signer->sign($inflatedPrivateKey, $hash, $rng->generate($inflatedPrivateKey->getPoint()->getOrder()));
return $signature->getR() . self::$SIGNATURE_GLUE . $signature->getS();
}
/**
* @param CertificateSerializer $subjectSerializer
* @param CertificateInfo $certificateInfo
* @param PrivateKeyInterface $privateKey
* @return Certificate
*/
public function createCertificate(CertificateSerializer $subjectSerializer, CertificateInfo $certificateInfo, PrivateKeyInterface $privateKey)
{
$domain = $this->domain;
$dataHex = $subjectSerializer->getSignatureData($certificateInfo);
$hash = $domain->getHasher()->hashDec($dataHex);
$rng = RandomGeneratorFactory::getUrandomGenerator();
$k = $rng->generate($domain->getGenerator()->getOrder());
$signature = $this->domain->getSigner()->sign($privateKey, $hash, $k);
return new Certificate($certificateInfo, $this->domain->getSigAlgorithm(), $signature);
}
/**
* @dataProvider getAdapters
*/
public function testGenerateKeyPairWithPredefinedSecret(MathAdapterInterface $adapter)
{
$commandTester = $this->getCommandTester(new GenerateKeyPairCommand(), 'genkey');
$expected = file_get_contents(__DIR__ . '/../../../data/generated-keypair.pem');
$secret = '105886814118965842118146815191867355142743831281343651404754056074495577342758';
$randomGenerator = $this->getMock($this->classRngInterface);
$randomGenerator->expects($this->once())->method('generate')->willReturn($secret);
MathAdapterFactory::forceAdapter($adapter);
RandomGeneratorFactory::forceGenerator($randomGenerator);
$commandTester->execute(array('--curve' => 'nist-p256'));
$this->assertEquals($this->normalize($expected), $this->normalize($commandTester->getDisplay()));
MathAdapterFactory::forceAdapter(null);
RandomGeneratorFactory::forceGenerator(null);
}
/**
* @param \Jose\Object\JWKInterface $key
* @param string $data
*
* @return string
*/
private function getPHPECCSignature(JWKInterface $key, $data)
{
$p = $this->getGenerator();
$d = $this->convertBase64ToGmp($key->get('d'));
$hash = $this->convertHexToGmp(hash($this->getHashAlgorithm(), $data));
$k = RandomGeneratorFactory::getRandomGenerator()->generate($p->getOrder());
$signer = EccFactory::getSigner();
$private_key = $p->getPrivateKeyFrom($d);
$signature = $signer->sign($private_key, $hash, $k);
$part_length = $this->getSignaturePartLength();
$R = str_pad($this->convertDecToHex($signature->getR()), $part_length, '0', STR_PAD_LEFT);
$S = str_pad($this->convertDecToHex($signature->getS()), $part_length, '0', STR_PAD_LEFT);
return $this->convertHexToBin($R . $S);
}
/**
*
* @dataProvider getAdapters
*/
public function testSecp256r1EquivalenceToNistP192(MathAdapterInterface $adapter)
{
$secpFactory = EccFactory::getSecgCurves($adapter);
$nistFactory = EccFactory::getNistCurves($adapter);
$signer = new Signer($adapter);
$secret = $adapter->hexDec('DC51D3866A15BACDE33D96F992FCA99DA7E6EF0934E7097559C27F1614C88A7F');
$secpKey = $secpFactory->generator256r1()->getPrivateKeyFrom($secret);
$nistKey = $nistFactory->generator256()->getPrivateKeyFrom($secret);
$randomK = RandomGeneratorFactory::getRandomGenerator()->generate($secpKey->getPoint()->getOrder());
$message = RandomGeneratorFactory::getRandomGenerator()->generate($secpKey->getPoint()->getOrder());
$sigSecp = $signer->sign($secpKey, $message, $randomK);
$sigNist = $signer->sign($nistKey, $message, $randomK);
$this->assertEquals($sigNist->getR(), $sigSecp->getR());
$this->assertEquals($sigNist->getS(), $sigSecp->getS());
}
public function testIsConsistent()
{
$math = new Gmp();
$rbg = RandomGeneratorFactory::getUrandomGenerator();
$serializer = new DerSignatureSerializer();
for ($i = 2; $i <= 521; $i++) {
$max = $math->sub($math->pow(2, $i), 1);
$r = $rbg->generate($max);
$s = $rbg->generate($max);
$signature = new Signature($r, $s);
$serialized = $serializer->serialize($signature);
$parsed = $serializer->parse($serialized);
$this->assertEquals($signature, $parsed);
}
}
/**
* {@inheritdoc}
*/
public function sign(JWKInterface $key, $data)
{
$this->checkKey($key);
if (!$key->has('d')) {
throw new \InvalidArgumentException('The EC key is not private');
}
$p = $this->getGenerator();
$d = $this->convertBase64ToDec($key->get('d'));
$hash = $this->convertHexToDec(hash($this->getHashAlgorithm(), $data));
$k = RandomGeneratorFactory::getRandomGenerator()->generate($p->getOrder());
$signer = EccFactory::getSigner();
$private_key = $p->getPrivateKeyFrom($d);
$signature = $signer->sign($private_key, $hash, $k);
$part_length = $this->getSignaturePartLength();
$R = str_pad($this->convertDecToHex($signature->getR()), $part_length, '0', STR_PAD_LEFT);
$S = str_pad($this->convertDecToHex($signature->getS()), $part_length, '0', STR_PAD_LEFT);
return $this->convertHextoBin($R . $S);
}
/**
* @dataProvider getHmacTestSet
* @param GeneratorPoint $G
* @param integer $size
* @param string $privKey
* @param string $algo
* @param string $message
* @param string $eK expected K hex
* @param string $eR expected R hex
* @param string $eS expected S hex
*/
public function testHmacSignatures(GeneratorPoint $G, $size, $privKey, $algo, $message, $eK, $eR, $eS)
{
//echo "Try {$test->curve} / {$test->algorithm} / '{$test->message}'\n";
$math = $G->getAdapter();
// Initialize private key and message hash (decimal)
$privateKey = $G->getPrivateKeyFrom($math->hexDec($privKey));
$hashHex = hash($algo, $message);
$messageHash = $math->hexDec($hashHex);
// Derive K
$drbg = RandomGeneratorFactory::getHmacRandomGenerator($privateKey, $messageHash, $algo);
$k = $drbg->generate($G->getOrder());
$this->assertEquals($k, $math->hexdec($eK), 'k');
$hexSize = strlen($hashHex);
$hashBits = $math->baseConvert($messageHash, 10, 2);
if (strlen($hashBits) < $hexSize * 4) {
$hashBits = str_pad($hashBits, $hexSize * 4, '0', STR_PAD_LEFT);
}
$messageHash = $math->baseConvert(substr($hashBits, 0, NumberSize::bnNumBits($math, $G->getOrder())), 2, 10);
$signer = new Signer($math);
$sig = $signer->sign($privateKey, $messageHash, $k);
// Should be consistent
$this->assertTrue($signer->verify($privateKey->getPublicKey(), $sig, $messageHash));
// R and S should be correct
$sR = $math->hexDec($eR);
$sS = $math->hexDec($eS);
$this->assertSame($sR, $sig->getR(), "r {$sR} == " . $sig->getR());
$this->assertSame($sS, $sig->getS(), "s {$sR} == " . $sig->getS());
}
/**
* @param MathAdapterInterface $adapter
* @param CurveFpInterface $curve
* @param int|string $x
* @param int|string $y
* @param null $order
* @param RandomNumberGeneratorInterface $generator
*/
public function __construct(MathAdapterInterface $adapter, CurveFpInterface $curve, $x, $y, $order = null, RandomNumberGeneratorInterface $generator = null)
{
$this->generator = $generator ?: RandomGeneratorFactory::getRandomGenerator();
parent::__construct($adapter, $curve, $x, $y, $order);
}
<?php
require "../vendor/autoload.php";
use Mdanter\Ecc\Serializer\PublicKey\DerPublicKeySerializer;
use Mdanter\X509\Serializer\Certificates\CertificateSubjectSerializer;
use Mdanter\X509\Serializer\Signature\DerSignatureSerializer;
$curveName = 'secp256k1';
$hasherName = 'sha512';
$serialNo = 0;
$math = \Mdanter\Ecc\EccFactory::getAdapter();
$f = new \Mdanter\X509\Factory();
$domain = $f->getDomain($math, $curveName, $hasherName);
$G = $domain->getGenerator();
$randomInt = \Mdanter\Ecc\Random\RandomGeneratorFactory::getUrandomGenerator()->generate($G->getOrder());
$k = $G->getPrivateKeyFrom($randomInt);
$issuerDetails = ['commonName' => 'test CA'];
$issuerSubject = new \Mdanter\X509\Certificates\CertificateSubject($issuerDetails);
$ca = $f->getCA($math, $domain, $issuerSubject);
$serializer = new \Mdanter\X509\Serializer\Certificates\CertificateSerializer(new CertificateSubjectSerializer(), new DerPublicKeySerializer(), new DerSignatureSerializer());
$validityStart = new DateTime('now');
$validityEnd = new DateTime('now');
$validityEnd->modify("+1 year");
$info = new \Mdanter\X509\Certificates\CertificateInfo(0, $domain->getSigAlgorithm(), $issuerSubject, $issuerSubject, $k->getPublicKey(), $validityStart, $validityEnd);
$usage = new \Mdanter\X509\Extensions\Extension\KeyUsage(null);
$usage->addKeyUsage(0);
$usage->addKeyUsage(1);
$usage->addKeyUsage(5);
var_dump($usage->getBitString());
$certificate = $ca->createCertificate($serializer, $info, $k);
echo $serializer->serialize($certificate);
<?php require "../vendor/autoload.php"; $curveName = 'nist-p521'; $hashAlgo = 'sha256'; $factory = new Mdanter\X509\Factory(); $adapter = \Mdanter\Ecc\EccFactory::getAdapter(); $domain = $factory->getDomain($adapter, $curveName, $hashAlgo); $rbg = \Mdanter\Ecc\Random\RandomGeneratorFactory::getUrandomGenerator(); $G = \Mdanter\Ecc\Curves\CurveFactory::getGeneratorByName($curveName); $randomInt = $rbg->generate($G->getOrder()); $k = $G->getPrivateKeyFrom($randomInt); $Q = $k->getPublicKey(); $subjectDetails = ['commonName' => '127.0.0.1']; $subject = new Mdanter\X509\Certificates\CertificateSubject($subjectDetails); $csr = $factory->getCsr($domain, $subject, $k); $csrSerializer = new \Mdanter\X509\Serializer\Certificates\CsrSerializer(new \Mdanter\X509\Serializer\Certificates\CertificateSubjectSerializer(), new \Mdanter\Ecc\Serializer\PublicKey\DerPublicKeySerializer($adapter), new \Mdanter\X509\Serializer\Signature\DerSignatureSerializer()); $serialized = $csrSerializer->serialize($csr); echo $serialized;
/**
* @param EcDomain $domain
* @param CertificateSubject $subject
* @param PrivateKeyInterface $privateKey
* @return Csr
*/
public static function getCsr(EcDomain $domain, CertificateSubject $subject, PrivateKeyInterface $privateKey)
{
$subjectSerializer = new CertificateSubjectSerializer();
$serialized = $subjectSerializer->serialize($subject);
return new Csr($domain, $subject, $privateKey->getPublicKey(), $domain->getSigner()->sign($privateKey, $domain->getHasher()->hashDec($serialized), RandomGeneratorFactory::getUrandomGenerator()->generate($domain->getGenerator()->getOrder())));
}
/**
* @dataProvider getDeterministicSign2Data
*/
public function testDeterministicSign2($curve, $size, $algo, $privKey, $message, $eK, $eR, $eS)
{
//echo "Try {$test->curve} / {$test->algorithm} / '{$test->message}'\n";
$G = CurveFactory::getGeneratorByName($curve);
// Initialize private key and message hash (decimal)
$privateKey = $G->getPrivateKeyFrom($this->math->hexDec($privKey));
$hashHex = hash($algo, $message);
$messageHash = $this->math->hexDec($hashHex);
// Derive K
$drbg = RandomGeneratorFactory::getHmacRandomGenerator($privateKey, $messageHash, $algo);
$k = $drbg->generate($G->getOrder());
$this->assertEquals($this->math->hexdec($eK), $k, 'k');
$hexSize = strlen($hashHex);
$hashBits = $this->math->baseConvert($messageHash, 10, 2);
if (strlen($hashBits) < $hexSize * 4) {
$hashBits = str_pad($hashBits, $hexSize * 4, '0', STR_PAD_LEFT);
}
$messageHash = $this->math->baseConvert(substr($hashBits, 0, $size), 2, 10);
$signer = new Signer($this->math);
$sig = $signer->sign($privateKey, $messageHash, $k);
// R and S should be correct
$sR = $this->math->hexDec($eR);
$sS = $this->math->hexDec($eS);
$this->assertTrue($signer->verify($privateKey->getPublicKey(), $sig, $messageHash));
$this->assertSame($sR, $sig->getR(), 'r');
$this->assertSame($sS, $sig->getS(), 's');
}
/**
* @param EcAdapterInterface $ecAdapter
* @param PrivateKeyInterface $privateKey
* @param Buffer $messageHash
* @param string $algo
*/
public function __construct(EcAdapterInterface $ecAdapter, PrivateKeyInterface $privateKey, Buffer $messageHash, $algo = 'sha256')
{
$mdPk = new MdPrivateKey($ecAdapter->getMath(), $ecAdapter->getGenerator(), $privateKey->getInt());
$this->ecAdapter = $ecAdapter;
$this->hmac = RandomGeneratorFactory::getHmacRandomGenerator($mdPk, $messageHash->getInt(), $algo);
}
/**
* {@inheritdoc}
*/
public function createHash(string $payload, Key $key, RandomNumberGeneratorInterface $generator = null) : string
{
$privateKey = $this->parser->getPrivateKey($key);
$generator = $generator ?: RandomGeneratorFactory::getRandomGenerator();
return $this->createSignatureHash($this->signer->sign($privateKey, $this->createSigningHash($payload), $generator->generate($privateKey->getPoint()->getOrder())));
}
public function getAdaptersWithRand()
{
$rngs = array(array(RandomGeneratorFactory::getUrandomGenerator()));
if (!defined('HHVM_VERSION')) {
$rngs[] = array(RandomGeneratorFactory::getGmpRandomGenerator(false, true));
}
return $this->_getAdapters($rngs);
}
