/** * before_request * Hook for PHP Requests * * @param $url * @param $headers * @param $data */ public function before_request(&$url, &$headers, &$data) { // generate a date string $date = new \DateTime('NOW', new \DateTimeZone("GMT")); $headers['Date'] = $date->format("D, d M Y H:i:s \\G\\M\\T"); // build up the data to be signed $request_data = $headers['Date'] . "\n" . $url . "\n"; if (!empty($data)) { $request_data .= http_build_query($data); } // get a signature for our request // private key is in hex form, needs to be converted into PrivateKey Object $generator = EccFactory::getNistCurves()->generator256(); $private_key = new PrivateKey($this->math_adapter, $generator, $this->math_adapter->hexDec($this->private_key)); $hash = $this->math_adapter->hexDec(hash("sha256", $request_data)); $signer = EccFactory::getSigner(); $randomK = RandomGeneratorFactory::getRandomGenerator()->generate($private_key->getPoint()->getOrder()); $signatureObj = $signer->sign($private_key, $hash, $randomK); $signature = $this->math_adapter->decHex($signatureObj->getR()) . $this->math_adapter->decHex($signatureObj->getS()); // apply the HTTP headers and send the request $headers['X-Service'] = $this->service_name; $headers['X-Signature'] = $signature; if ($this->debug) { echo "\n\nRequest Data\n\n"; echo "URL:\n"; var_dump($url); echo "HEADERS:\n"; var_dump($headers); echo "DATA:\n"; var_dump($data); } }
/** * @param string $content * @param Binary $key * @return string */ public function sign($content, Binary $key) { $math = MathAdapterFactory::getAdapter(); $inflatedPrivateKey = $this->deserializePrivate($key->getData(), $math); $rng = RandomGeneratorFactory::getRandomGenerator(); $hash = $this->hash($content); $signer = new Signer($math); $signature = $signer->sign($inflatedPrivateKey, $hash, $rng->generate($inflatedPrivateKey->getPoint()->getOrder())); return $signature->getR() . self::$SIGNATURE_GLUE . $signature->getS(); }
/** * @param CertificateSerializer $subjectSerializer * @param CertificateInfo $certificateInfo * @param PrivateKeyInterface $privateKey * @return Certificate */ public function createCertificate(CertificateSerializer $subjectSerializer, CertificateInfo $certificateInfo, PrivateKeyInterface $privateKey) { $domain = $this->domain; $dataHex = $subjectSerializer->getSignatureData($certificateInfo); $hash = $domain->getHasher()->hashDec($dataHex); $rng = RandomGeneratorFactory::getUrandomGenerator(); $k = $rng->generate($domain->getGenerator()->getOrder()); $signature = $this->domain->getSigner()->sign($privateKey, $hash, $k); return new Certificate($certificateInfo, $this->domain->getSigAlgorithm(), $signature); }
/** * @dataProvider getAdapters */ public function testGenerateKeyPairWithPredefinedSecret(MathAdapterInterface $adapter) { $commandTester = $this->getCommandTester(new GenerateKeyPairCommand(), 'genkey'); $expected = file_get_contents(__DIR__ . '/../../../data/generated-keypair.pem'); $secret = '105886814118965842118146815191867355142743831281343651404754056074495577342758'; $randomGenerator = $this->getMock($this->classRngInterface); $randomGenerator->expects($this->once())->method('generate')->willReturn($secret); MathAdapterFactory::forceAdapter($adapter); RandomGeneratorFactory::forceGenerator($randomGenerator); $commandTester->execute(array('--curve' => 'nist-p256')); $this->assertEquals($this->normalize($expected), $this->normalize($commandTester->getDisplay())); MathAdapterFactory::forceAdapter(null); RandomGeneratorFactory::forceGenerator(null); }
/** * @param \Jose\Object\JWKInterface $key * @param string $data * * @return string */ private function getPHPECCSignature(JWKInterface $key, $data) { $p = $this->getGenerator(); $d = $this->convertBase64ToGmp($key->get('d')); $hash = $this->convertHexToGmp(hash($this->getHashAlgorithm(), $data)); $k = RandomGeneratorFactory::getRandomGenerator()->generate($p->getOrder()); $signer = EccFactory::getSigner(); $private_key = $p->getPrivateKeyFrom($d); $signature = $signer->sign($private_key, $hash, $k); $part_length = $this->getSignaturePartLength(); $R = str_pad($this->convertDecToHex($signature->getR()), $part_length, '0', STR_PAD_LEFT); $S = str_pad($this->convertDecToHex($signature->getS()), $part_length, '0', STR_PAD_LEFT); return $this->convertHexToBin($R . $S); }
/** * * @dataProvider getAdapters */ public function testSecp256r1EquivalenceToNistP192(MathAdapterInterface $adapter) { $secpFactory = EccFactory::getSecgCurves($adapter); $nistFactory = EccFactory::getNistCurves($adapter); $signer = new Signer($adapter); $secret = $adapter->hexDec('DC51D3866A15BACDE33D96F992FCA99DA7E6EF0934E7097559C27F1614C88A7F'); $secpKey = $secpFactory->generator256r1()->getPrivateKeyFrom($secret); $nistKey = $nistFactory->generator256()->getPrivateKeyFrom($secret); $randomK = RandomGeneratorFactory::getRandomGenerator()->generate($secpKey->getPoint()->getOrder()); $message = RandomGeneratorFactory::getRandomGenerator()->generate($secpKey->getPoint()->getOrder()); $sigSecp = $signer->sign($secpKey, $message, $randomK); $sigNist = $signer->sign($nistKey, $message, $randomK); $this->assertEquals($sigNist->getR(), $sigSecp->getR()); $this->assertEquals($sigNist->getS(), $sigSecp->getS()); }
public function testIsConsistent() { $math = new Gmp(); $rbg = RandomGeneratorFactory::getUrandomGenerator(); $serializer = new DerSignatureSerializer(); for ($i = 2; $i <= 521; $i++) { $max = $math->sub($math->pow(2, $i), 1); $r = $rbg->generate($max); $s = $rbg->generate($max); $signature = new Signature($r, $s); $serialized = $serializer->serialize($signature); $parsed = $serializer->parse($serialized); $this->assertEquals($signature, $parsed); } }
/** * {@inheritdoc} */ public function sign(JWKInterface $key, $data) { $this->checkKey($key); if (!$key->has('d')) { throw new \InvalidArgumentException('The EC key is not private'); } $p = $this->getGenerator(); $d = $this->convertBase64ToDec($key->get('d')); $hash = $this->convertHexToDec(hash($this->getHashAlgorithm(), $data)); $k = RandomGeneratorFactory::getRandomGenerator()->generate($p->getOrder()); $signer = EccFactory::getSigner(); $private_key = $p->getPrivateKeyFrom($d); $signature = $signer->sign($private_key, $hash, $k); $part_length = $this->getSignaturePartLength(); $R = str_pad($this->convertDecToHex($signature->getR()), $part_length, '0', STR_PAD_LEFT); $S = str_pad($this->convertDecToHex($signature->getS()), $part_length, '0', STR_PAD_LEFT); return $this->convertHextoBin($R . $S); }
/** * @dataProvider getHmacTestSet * @param GeneratorPoint $G * @param integer $size * @param string $privKey * @param string $algo * @param string $message * @param string $eK expected K hex * @param string $eR expected R hex * @param string $eS expected S hex */ public function testHmacSignatures(GeneratorPoint $G, $size, $privKey, $algo, $message, $eK, $eR, $eS) { //echo "Try {$test->curve} / {$test->algorithm} / '{$test->message}'\n"; $math = $G->getAdapter(); // Initialize private key and message hash (decimal) $privateKey = $G->getPrivateKeyFrom($math->hexDec($privKey)); $hashHex = hash($algo, $message); $messageHash = $math->hexDec($hashHex); // Derive K $drbg = RandomGeneratorFactory::getHmacRandomGenerator($privateKey, $messageHash, $algo); $k = $drbg->generate($G->getOrder()); $this->assertEquals($k, $math->hexdec($eK), 'k'); $hexSize = strlen($hashHex); $hashBits = $math->baseConvert($messageHash, 10, 2); if (strlen($hashBits) < $hexSize * 4) { $hashBits = str_pad($hashBits, $hexSize * 4, '0', STR_PAD_LEFT); } $messageHash = $math->baseConvert(substr($hashBits, 0, NumberSize::bnNumBits($math, $G->getOrder())), 2, 10); $signer = new Signer($math); $sig = $signer->sign($privateKey, $messageHash, $k); // Should be consistent $this->assertTrue($signer->verify($privateKey->getPublicKey(), $sig, $messageHash)); // R and S should be correct $sR = $math->hexDec($eR); $sS = $math->hexDec($eS); $this->assertSame($sR, $sig->getR(), "r {$sR} == " . $sig->getR()); $this->assertSame($sS, $sig->getS(), "s {$sR} == " . $sig->getS()); }
/** * @param MathAdapterInterface $adapter * @param CurveFpInterface $curve * @param int|string $x * @param int|string $y * @param null $order * @param RandomNumberGeneratorInterface $generator */ public function __construct(MathAdapterInterface $adapter, CurveFpInterface $curve, $x, $y, $order = null, RandomNumberGeneratorInterface $generator = null) { $this->generator = $generator ?: RandomGeneratorFactory::getRandomGenerator(); parent::__construct($adapter, $curve, $x, $y, $order); }
<?php require "../vendor/autoload.php"; use Mdanter\Ecc\Serializer\PublicKey\DerPublicKeySerializer; use Mdanter\X509\Serializer\Certificates\CertificateSubjectSerializer; use Mdanter\X509\Serializer\Signature\DerSignatureSerializer; $curveName = 'secp256k1'; $hasherName = 'sha512'; $serialNo = 0; $math = \Mdanter\Ecc\EccFactory::getAdapter(); $f = new \Mdanter\X509\Factory(); $domain = $f->getDomain($math, $curveName, $hasherName); $G = $domain->getGenerator(); $randomInt = \Mdanter\Ecc\Random\RandomGeneratorFactory::getUrandomGenerator()->generate($G->getOrder()); $k = $G->getPrivateKeyFrom($randomInt); $issuerDetails = ['commonName' => 'test CA']; $issuerSubject = new \Mdanter\X509\Certificates\CertificateSubject($issuerDetails); $ca = $f->getCA($math, $domain, $issuerSubject); $serializer = new \Mdanter\X509\Serializer\Certificates\CertificateSerializer(new CertificateSubjectSerializer(), new DerPublicKeySerializer(), new DerSignatureSerializer()); $validityStart = new DateTime('now'); $validityEnd = new DateTime('now'); $validityEnd->modify("+1 year"); $info = new \Mdanter\X509\Certificates\CertificateInfo(0, $domain->getSigAlgorithm(), $issuerSubject, $issuerSubject, $k->getPublicKey(), $validityStart, $validityEnd); $usage = new \Mdanter\X509\Extensions\Extension\KeyUsage(null); $usage->addKeyUsage(0); $usage->addKeyUsage(1); $usage->addKeyUsage(5); var_dump($usage->getBitString()); $certificate = $ca->createCertificate($serializer, $info, $k); echo $serializer->serialize($certificate);
<?php require "../vendor/autoload.php"; $curveName = 'nist-p521'; $hashAlgo = 'sha256'; $factory = new Mdanter\X509\Factory(); $adapter = \Mdanter\Ecc\EccFactory::getAdapter(); $domain = $factory->getDomain($adapter, $curveName, $hashAlgo); $rbg = \Mdanter\Ecc\Random\RandomGeneratorFactory::getUrandomGenerator(); $G = \Mdanter\Ecc\Curves\CurveFactory::getGeneratorByName($curveName); $randomInt = $rbg->generate($G->getOrder()); $k = $G->getPrivateKeyFrom($randomInt); $Q = $k->getPublicKey(); $subjectDetails = ['commonName' => '127.0.0.1']; $subject = new Mdanter\X509\Certificates\CertificateSubject($subjectDetails); $csr = $factory->getCsr($domain, $subject, $k); $csrSerializer = new \Mdanter\X509\Serializer\Certificates\CsrSerializer(new \Mdanter\X509\Serializer\Certificates\CertificateSubjectSerializer(), new \Mdanter\Ecc\Serializer\PublicKey\DerPublicKeySerializer($adapter), new \Mdanter\X509\Serializer\Signature\DerSignatureSerializer()); $serialized = $csrSerializer->serialize($csr); echo $serialized;
/** * @param EcDomain $domain * @param CertificateSubject $subject * @param PrivateKeyInterface $privateKey * @return Csr */ public static function getCsr(EcDomain $domain, CertificateSubject $subject, PrivateKeyInterface $privateKey) { $subjectSerializer = new CertificateSubjectSerializer(); $serialized = $subjectSerializer->serialize($subject); return new Csr($domain, $subject, $privateKey->getPublicKey(), $domain->getSigner()->sign($privateKey, $domain->getHasher()->hashDec($serialized), RandomGeneratorFactory::getUrandomGenerator()->generate($domain->getGenerator()->getOrder()))); }
/** * @dataProvider getDeterministicSign2Data */ public function testDeterministicSign2($curve, $size, $algo, $privKey, $message, $eK, $eR, $eS) { //echo "Try {$test->curve} / {$test->algorithm} / '{$test->message}'\n"; $G = CurveFactory::getGeneratorByName($curve); // Initialize private key and message hash (decimal) $privateKey = $G->getPrivateKeyFrom($this->math->hexDec($privKey)); $hashHex = hash($algo, $message); $messageHash = $this->math->hexDec($hashHex); // Derive K $drbg = RandomGeneratorFactory::getHmacRandomGenerator($privateKey, $messageHash, $algo); $k = $drbg->generate($G->getOrder()); $this->assertEquals($this->math->hexdec($eK), $k, 'k'); $hexSize = strlen($hashHex); $hashBits = $this->math->baseConvert($messageHash, 10, 2); if (strlen($hashBits) < $hexSize * 4) { $hashBits = str_pad($hashBits, $hexSize * 4, '0', STR_PAD_LEFT); } $messageHash = $this->math->baseConvert(substr($hashBits, 0, $size), 2, 10); $signer = new Signer($this->math); $sig = $signer->sign($privateKey, $messageHash, $k); // R and S should be correct $sR = $this->math->hexDec($eR); $sS = $this->math->hexDec($eS); $this->assertTrue($signer->verify($privateKey->getPublicKey(), $sig, $messageHash)); $this->assertSame($sR, $sig->getR(), 'r'); $this->assertSame($sS, $sig->getS(), 's'); }
/** * @param EcAdapterInterface $ecAdapter * @param PrivateKeyInterface $privateKey * @param Buffer $messageHash * @param string $algo */ public function __construct(EcAdapterInterface $ecAdapter, PrivateKeyInterface $privateKey, Buffer $messageHash, $algo = 'sha256') { $mdPk = new MdPrivateKey($ecAdapter->getMath(), $ecAdapter->getGenerator(), $privateKey->getInt()); $this->ecAdapter = $ecAdapter; $this->hmac = RandomGeneratorFactory::getHmacRandomGenerator($mdPk, $messageHash->getInt(), $algo); }
/** * {@inheritdoc} */ public function createHash(string $payload, Key $key, RandomNumberGeneratorInterface $generator = null) : string { $privateKey = $this->parser->getPrivateKey($key); $generator = $generator ?: RandomGeneratorFactory::getRandomGenerator(); return $this->createSignatureHash($this->signer->sign($privateKey, $this->createSigningHash($payload), $generator->generate($privateKey->getPoint()->getOrder()))); }
public function getAdaptersWithRand() { $rngs = array(array(RandomGeneratorFactory::getUrandomGenerator())); if (!defined('HHVM_VERSION')) { $rngs[] = array(RandomGeneratorFactory::getGmpRandomGenerator(false, true)); } return $this->_getAdapters($rngs); }