Generate a key pair for public key encryption
|
public static generateEncryptionKeyPair ( string &$secretKey = '' ) : |
||
| $secretKey | string | |
| return | ||
/**
* @covers \ParagonIE\Halite\Asymmetric\EncryptionSecretKey::derivePublicKey()
* @covers \ParagonIE\Halite\Asymmetric\SignatureSecretKey::derivePublicKey()
*/
public function testPublicDerivation()
{
$enc_kp = KeyFactory::generateEncryptionKeyPair();
$enc_secret = $enc_kp->getSecretKey();
$enc_public = $enc_kp->getPublicKey();
$this->assertEquals($enc_secret->derivePublicKey()->getRawKeyMaterial(), $enc_public->getRawKeyMaterial());
$sign_kp = KeyFactory::generateSignatureKeyPair();
$sign_secret = $sign_kp->getSecretKey();
$sign_public = $sign_kp->getPublicKey();
$this->assertEquals($sign_secret->derivePublicKey()->getRawKeyMaterial(), $sign_public->getRawKeyMaterial());
}
public function testSealFail()
{
\touch(__DIR__ . '/tmp/paragon_avatar.seal_fail.png');
\chmod(__DIR__ . '/tmp/paragon_avatar.seal_fail.png', 0777);
\touch(__DIR__ . '/tmp/paragon_avatar.open_fail.png');
\chmod(__DIR__ . '/tmp/paragon_avatar.open_fail.png', 0777);
$keypair = KeyFactory::generateEncryptionKeyPair();
$secretkey = $keypair->getSecretKey();
$publickey = $keypair->getPublicKey();
File::seal(__DIR__ . '/tmp/paragon_avatar.png', __DIR__ . '/tmp/paragon_avatar.seal_fail.png', $publickey);
$fp = \fopen(__DIR__ . '/tmp/paragon_avatar.seal_fail.png', 'ab');
\fwrite($fp, \Sodium\randombytes_buf(1));
fclose($fp);
try {
File::unseal(__DIR__ . '/tmp/paragon_avatar.seal_fail.png', __DIR__ . '/tmp/paragon_avatar.opened.png', $secretkey);
$this->fail('Possible authentication bypass in File::unseal()!');
} catch (CryptoException\InvalidMessage $e) {
$this->assertTrue($e instanceof CryptoException\InvalidMessage);
}
}
public function testKeyTypes()
{
$key = KeyFactory::generateAuthenticationKey();
$this->assertFalse($key->isAsymmetricKey());
$this->assertFalse($key->isEncryptionKey());
$this->assertTrue($key->isSecretKey());
$this->assertTrue($key->isSigningKey());
$this->assertFalse($key->isPublicKey());
$key = KeyFactory::generateEncryptionKey();
$this->assertFalse($key->isAsymmetricKey());
$this->assertTrue($key->isEncryptionKey());
$this->assertTrue($key->isSecretKey());
$this->assertFalse($key->isSigningKey());
$this->assertFalse($key->isPublicKey());
$keypair = KeyFactory::generateEncryptionKeyPair();
$enc_secret = $keypair->getSecretKey();
$enc_public = $keypair->getPublicKey();
$this->assertTrue($enc_secret->isAsymmetricKey());
$this->assertTrue($enc_secret->isEncryptionKey());
$this->assertTrue($enc_secret->isSecretKey());
$this->assertFalse($enc_secret->isSigningKey());
$this->assertFalse($enc_secret->isPublicKey());
$this->assertTrue($enc_public->isAsymmetricKey());
$this->assertTrue($enc_public->isEncryptionKey());
$this->assertFalse($enc_public->isSecretKey());
$this->assertFalse($enc_public->isSigningKey());
$this->assertTrue($enc_public->isPublicKey());
$keypair = KeyFactory::generateSignatureKeyPair();
$sign_secret = $keypair->getSecretKey();
$sign_public = $keypair->getPublicKey();
$this->assertTrue($sign_secret->isAsymmetricKey());
$this->assertFalse($sign_secret->isEncryptionKey());
$this->assertTrue($sign_secret->isSecretKey());
$this->assertTrue($sign_public->isSigningKey());
$this->assertFalse($sign_secret->isPublicKey());
$this->assertTrue($sign_public->isAsymmetricKey());
$this->assertFalse($sign_public->isEncryptionKey());
$this->assertFalse($sign_public->isSecretKey());
$this->assertTrue($sign_public->isSigningKey());
$this->assertTrue($sign_public->isPublicKey());
}
public function testSealFail()
{
if (\Sodium\library_version_major() < 7 || \Sodium\library_version_major() == 7 && \Sodium\library_version_minor() < 5) {
$this->markTestSkipped("Your version of libsodium is too old");
}
$alice = KeyFactory::generateEncryptionKeyPair();
$message = 'This is for your eyes only';
$sealed = Asymmetric::seal($message, $alice->getPublicKey(), true);
// Let's flip one bit, randomly:
$r = \Sodium\randombytes_uniform(\mb_strlen($sealed, '8bit'));
$amt = 1 << \Sodium\randombytes_uniform(8);
$sealed[$r] = \chr(\ord($sealed[$r]) ^ $amt);
// This should throw an exception
try {
$opened = Asymmetric::unseal($sealed, $alice->getSecretKey(), true);
$this->assertEquals($opened, $message);
$this->fail('This should have thrown an InvalidMessage exception!');
} catch (CryptoException\InvalidKey $e) {
$this->assertTrue($e instanceof CryptoException\InvalidKey);
} catch (CryptoException\InvalidMessage $e) {
$this->assertTrue($e instanceof CryptoException\InvalidMessage);
}
}
/**
* @covers File::seal()
* @covers File::unseal()
*/
public function testSealSmallFail()
{
$msg = 'File is too small to have been encrypted by Halite.';
$keypair = KeyFactory::generateEncryptionKeyPair();
$secretkey = $keypair->getSecretKey();
\file_put_contents(__DIR__ . '/tmp/empty.sealed.txt', '');
try {
File::unseal(__DIR__ . '/tmp/empty.sealed.txt', __DIR__ . '/tmp/empty.unsealed.txt', $secretkey);
$this->fail("This should scream bloody murder");
} catch (CryptoException\InvalidMessage $e) {
$this->assertEquals($e->getMessage(), $msg);
}
\file_put_contents(__DIR__ . '/tmp/empty.sealed.txt', "1A" . \str_repeat("", 95));
try {
File::unseal(__DIR__ . '/tmp/empty.sealed.txt', __DIR__ . '/tmp/empty.unsealed.txt', $secretkey);
$this->fail("This should scream bloody murder");
} catch (CryptoException\InvalidMessage $e) {
$this->assertEquals($e->getMessage(), $msg);
}
\unlink(__DIR__ . '/tmp/empty.sealed.txt');
\unlink(__DIR__ . '/tmp/empty.unsealed.txt');
}
/**
* Seal a (file handle)
*
* @param ReadOnlyFile $input
* @param MutableFile $output
* @param EncryptionPublicKey $publickey
* @return int
*/
protected static function sealData(ReadOnlyFile $input, MutableFile $output, EncryptionPublicKey $publickey) : int
{
// Generate a new keypair for this encryption
$eph_kp = KeyFactory::generateEncryptionKeyPair();
$eph_secret = $eph_kp->getSecretKey();
$eph_public = $eph_kp->getPublicKey();
unset($eph_kp);
// Calculate the shared secret key
$key = AsymmetricCrypto::getSharedSecret($eph_secret, $publickey, true);
// Destroy the secre tkey after we have the shared secret
unset($eph_secret);
$config = self::getConfig(Halite::HALITE_VERSION_FILE, 'seal');
// Generate a nonce as per crypto_box_seal
$nonce = \Sodium\crypto_generichash($eph_public->getRawKeyMaterial() . $publickey->getRawKeyMaterial(), '', \Sodium\CRYPTO_STREAM_NONCEBYTES);
// Generate a random HKDF salt
$hkdfsalt = \Sodium\randombytes_buf($config->HKDF_SALT_LEN);
// Split the keys
list($encKey, $authKey) = self::splitKeys($key, $hkdfsalt, $config);
// We no longer need the original key after we split it
unset($key);
$output->writeBytes(Halite::HALITE_VERSION_FILE, Halite::VERSION_TAG_LEN);
$output->writeBytes($eph_public->getRawKeyMaterial(), \Sodium\CRYPTO_BOX_PUBLICKEYBYTES);
$output->writeBytes($hkdfsalt, $config->HKDF_SALT_LEN);
if ($config->USE_BLAKE2B) {
$mac = \Sodium\crypto_generichash_init($authKey);
\Sodium\crypto_generichash_update($mac, Halite::HALITE_VERSION_FILE);
\Sodium\crypto_generichash_update($mac, $eph_public->getRawKeyMaterial());
\Sodium\crypto_generichash_update($mac, $hkdfsalt);
} else {
$mac = \hash_init('sha256', HASH_HMAC, $authKey);
// We no longer need $authKey after we set up the hash context
unset($authKey);
\hash_update($mac, Halite::HALITE_VERSION_FILE);
\hash_update($mac, $eph_public->getRawKeyMaterial());
\hash_update($mac, $hkdfsalt);
}
\Sodium\memzero($authKey);
unset($eph_public);
return self::streamEncrypt($input, $output, new EncryptionKey($encKey), $nonce, $mac, $config);
}
case 'EncryptionKey':
$keys[$index] = KeyFactory::generateEncryptionKey();
KeyFactory::save($keys[$index], $path);
break;
case 'EncryptionSecretKey':
$kp = KeyFactory::generateEncryptionKeyPair();
$keys[$index] = $kp->getSecretKey();
KeyFactory::save($keys[$index], $path);
break;
case 'SignatureSecretKey':
$kp = KeyFactory::generateSignatureKeyPair();
$keys[$index] = $kp->getSecretKey();
KeyFactory::save($keys[$index], $path);
break;
case 'EncryptionKeyPair':
$keys[$index] = KeyFactory::generateEncryptionKeyPair();
KeyFactory::save($keys[$index], $path);
break;
case 'SignatureKeyPair':
$keys[$index] = KeyFactory::generateSignatureKeyPair();
KeyFactory::save($keys[$index], $path);
break;
default:
throw new \Error(\trk('errors.crypto.unknown_key_type', $keyConfig['type']));
}
}
}
// Now that we have a bunch of Keys stored in $keys, let's load them into
// our singleton.
$state->keyring = $keys;
};
/**
* Seal a (file handle)
*
* @param ReadOnlyFile $input
* @param MutableFile $output
* @param EncryptionPublicKey $publickey
*/
public static function sealStream(ReadOnlyFile $input, MutableFile $output, KeyInterface $publickey)
{
if (!$publickey instanceof EncryptionPublicKey) {
throw new \ParagonIE\Halite\Alerts\InvalidKey('Argument 3: Expected an instance of EncryptionPublicKey');
}
// Generate a new keypair for this encryption
$eph_kp = KeyFactory::generateEncryptionKeyPair();
$eph_secret = $eph_kp->getSecretKey();
$eph_public = $eph_kp->getPublicKey();
unset($eph_kp);
// Calculate the shared secret key
$key = AsymmetricCrypto::getSharedSecret($eph_secret, $publickey, true);
// Destroy the secre tkey after we have the shared secret
unset($eph_secret);
$config = self::getConfig(Halite::HALITE_VERSION_FILE, 'seal');
// Generate a nonce as per crypto_box_seal
$nonce = \Sodium\crypto_generichash($eph_public->get() . $publickey->get(), null, \Sodium\CRYPTO_STREAM_NONCEBYTES);
// Generate a random HKDF salt
$hkdfsalt = \Sodium\randombytes_buf($config->HKDF_SALT_LEN);
// Split the keys
list($encKey, $authKey) = self::splitKeys($key, $hkdfsalt, $config);
// We no longer need the original key after we split it
unset($key);
$mac = \hash_init('sha256', HASH_HMAC, $authKey);
// We no longer need to retain this after we've set up the hash context
unset($authKey);
$output->writeBytes(Halite::HALITE_VERSION_FILE, Halite::VERSION_TAG_LEN);
$output->writeBytes($eph_public->get(), \Sodium\CRYPTO_BOX_PUBLICKEYBYTES);
$output->writeBytes($hkdfsalt, $config->HKDF_SALT_LEN);
\hash_update($mac, Halite::HALITE_VERSION_FILE);
\hash_update($mac, $eph_public->get());
\hash_update($mac, $hkdfsalt);
unset($eph_public);
return self::streamEncrypt($input, $output, new EncryptionKey($encKey), $nonce, $mac, $config);
}
