Add DH and DSA generators

Author: jderusse

Generator/DhKey/DhKeyGenerator.php

@@ -0,0 +1,50 @@
+<?php
+
+/*
+ * This file is part of the Acme PHP project.
+ *
+ * (c) Titouan Galopin <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace AcmePhp\Ssl\Generator\DhKey;
+
+use AcmePhp\Ssl\Generator\KeyOption;
+use AcmePhp\Ssl\Generator\OpensslPrivateKeyGeneratorTrait;
+use AcmePhp\Ssl\Generator\PrivateKeyGeneratorInterface;
+use Webmozart\Assert\Assert;
+
+/**
+ * Generate random DH private key using OpenSSL.
+ *
+ * @author Jérémy Derussé <[email protected]>
+ */
+class DhKeyGenerator implements PrivateKeyGeneratorInterface
+{
+    use OpensslPrivateKeyGeneratorTrait;
+
+    /**
+     * @param DhKeyOption|KeyOption $keyOption
+     */
+    public function generatePrivateKey(KeyOption $keyOption)
+    {
+        Assert::isInstanceOf($keyOption, DhKeyOption::class);
+
+        return $this->generatePrivateKeyFromOpensslOptions(
+            [
+                'private_key_type' => OPENSSL_KEYTYPE_DH,
+                'dh' => [
+                    'p' => $keyOption->getPrime(),
+                    'g' => $keyOption->getGenerator(),
+                ],
+            ]
+        );
+    }
+
+    public function supportsKeyOption(KeyOption $keyOption)
+    {
+        return $keyOption instanceof DhKeyOption;
+    }
+}

Generator/DhKey/DhKeyOption.php

@@ -0,0 +1,50 @@
+<?php
+
+/*
+ * This file is part of the Acme PHP project.
+ *
+ * (c) Titouan Galopin <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace AcmePhp\Ssl\Generator\DhKey;
+
+use AcmePhp\Ssl\Generator\KeyOption;
+
+class DhKeyOption implements KeyOption
+{
+    /** @var string */
+    private $generator;
+    /** @var string */
+    private $prime;
+
+    /**
+     * @param string $prime     Hexadecimal representation of the prime
+     * @param string $generator Hexadecimal representation of the generator: ie. 02
+     *
+     * @see https://tools.ietf.org/html/rfc3526 how to choose a prime and generator numbers
+     */
+    public function __construct($prime, $generator = '02')
+    {
+        $this->generator = pack('H*', $generator);
+        $this->prime = pack('H*', $prime);
+    }
+
+    /**
+     * @return string
+     */
+    public function getGenerator()
+    {
+        return $this->generator;
+    }
+
+    /**
+     * @return string
+     */
+    public function getPrime()
+    {
+        return $this->prime;
+    }
+}

Generator/DsaKey/DsaKeyGenerator.php

@@ -0,0 +1,47 @@
+<?php
+
+/*
+ * This file is part of the Acme PHP project.
+ *
+ * (c) Titouan Galopin <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace AcmePhp\Ssl\Generator\DsaKey;
+
+use AcmePhp\Ssl\Generator\KeyOption;
+use AcmePhp\Ssl\Generator\OpensslPrivateKeyGeneratorTrait;
+use AcmePhp\Ssl\Generator\PrivateKeyGeneratorInterface;
+use Webmozart\Assert\Assert;
+
+/**
+ * Generate random DSA private key using OpenSSL.
+ *
+ * @author Jérémy Derussé <[email protected]>
+ */
+class DsaKeyGenerator implements PrivateKeyGeneratorInterface
+{
+    use OpensslPrivateKeyGeneratorTrait;
+
+    /**
+     * @param DsaKeyOption|KeyOption $keyOption
+     */
+    public function generatePrivateKey(KeyOption $keyOption)
+    {
+        Assert::isInstanceOf($keyOption, DsaKeyOption::class);
+
+        return $this->generatePrivateKeyFromOpensslOptions(
+            [
+                'private_key_type' => OPENSSL_KEYTYPE_DSA,
+                'private_key_bits' => $keyOption->getBits(),
+            ]
+        );
+    }
+
+    public function supportsKeyOption(KeyOption $keyOption)
+    {
+        return $keyOption instanceof DsaKeyOption;
+    }
+}

Generator/DsaKey/DsaKeyOption.php

@@ -0,0 +1,36 @@
+<?php
+
+/*
+ * This file is part of the Acme PHP project.
+ *
+ * (c) Titouan Galopin <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace AcmePhp\Ssl\Generator\DsaKey;
+
+use AcmePhp\Ssl\Generator\KeyOption;
+use Webmozart\Assert\Assert;
+
+class DsaKeyOption implements KeyOption
+{
+    /** @var int */
+    private $bits;
+
+    public function __construct($bits = 2048)
+    {
+        Assert::integer($bits);
+
+        $this->bits = $bits;
+    }
+
+    /**
+     * @return int
+     */
+    public function getBits()
+    {
+        return $this->bits;
+    }
+}

Generator/EcKey/EcKeyGenerator.php

@@ -11,11 +11,9 @@
 
 namespace AcmePhp\Ssl\Generator\EcKey;
 
-use AcmePhp\Ssl\Exception\KeyGenerationException;
-use AcmePhp\Ssl\Exception\KeyPairGenerationException;
 use AcmePhp\Ssl\Generator\KeyOption;
+use AcmePhp\Ssl\Generator\OpensslPrivateKeyGeneratorTrait;
 use AcmePhp\Ssl\Generator\PrivateKeyGeneratorInterface;
-use AcmePhp\Ssl\PrivateKey;
 use Webmozart\Assert\Assert;
 
 /**
@@ -25,32 +23,21 @@
  */
 class EcKeyGenerator implements PrivateKeyGeneratorInterface
 {
+    use OpensslPrivateKeyGeneratorTrait;
+
     /**
      * @param EcKeyOption|KeyOption $keyOption
      */
     public function generatePrivateKey(KeyOption $keyOption)
     {
         Assert::isInstanceOf($keyOption, EcKeyOption::class);
 
-        $resource = openssl_pkey_new(
+        return $this->generatePrivateKeyFromOpensslOptions(
             [
                 'private_key_type' => OPENSSL_KEYTYPE_EC,
                 'curve_name' => $keyOption->getCurveName(),
             ]
         );
-
-        if (!$resource) {
-            throw new KeyGenerationException(
-                sprintf('OpenSSL key creation failed during generation with error: %s', openssl_error_string())
-            );
-        }
-        if (!openssl_pkey_export($resource, $privateKey)) {
-            throw new KeyPairGenerationException(
-                sprintf('OpenSSL key export failed during generation with error: %s', openssl_error_string())
-            );
-        }
-
-        return new PrivateKey($privateKey);
     }
 
     public function supportsKeyOption(KeyOption $keyOption)

Generator/KeyPairGenerator.php

@@ -13,6 +13,8 @@
 
 use AcmePhp\Ssl\Exception\KeyGenerationException;
 use AcmePhp\Ssl\Exception\KeyPairGenerationException;
+use AcmePhp\Ssl\Generator\DhKey\DhKeyGenerator;
+use AcmePhp\Ssl\Generator\DsaKey\DsaKeyGenerator;
 use AcmePhp\Ssl\Generator\EcKey\EcKeyGenerator;
 use AcmePhp\Ssl\Generator\RsaKey\RsaKeyGenerator;
 use AcmePhp\Ssl\Generator\RsaKey\RsaKeyOption;
@@ -34,6 +36,8 @@ public function __construct(PrivateKeyGeneratorInterface $generator = null)
             [
                 new RsaKeyGenerator(),
                 new EcKeyGenerator(),
+                new DhKeyGenerator(),
+                new DsaKeyGenerator(),
             ]
         );
     }

Generator/OpensslPrivateKeyGeneratorTrait.php

@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * This file is part of the Acme PHP project.
+ *
+ * (c) Titouan Galopin <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace AcmePhp\Ssl\Generator;
+
+use AcmePhp\Ssl\Exception\KeyGenerationException;
+use AcmePhp\Ssl\Exception\KeyPairGenerationException;
+use AcmePhp\Ssl\PrivateKey;
+
+trait OpensslPrivateKeyGeneratorTrait
+{
+    private function generatePrivateKeyFromOpensslOptions(array $opensslOptions)
+    {
+        $resource = openssl_pkey_new($opensslOptions);
+
+        if (!$resource) {
+            throw new KeyGenerationException(
+                sprintf('OpenSSL key creation failed during generation with error: %s', openssl_error_string())
+            );
+        }
+        if (!openssl_pkey_export($resource, $privateKey)) {
+            throw new KeyPairGenerationException(
+                sprintf('OpenSSL key export failed during generation with error: %s', openssl_error_string())
+            );
+        }
+
+        return new PrivateKey($privateKey);
+    }
+}

Generator/RsaKey/RsaKeyGenerator.php

@@ -11,11 +11,9 @@
 
 namespace AcmePhp\Ssl\Generator\RsaKey;
 
-use AcmePhp\Ssl\Exception\KeyGenerationException;
-use AcmePhp\Ssl\Exception\KeyPairGenerationException;
 use AcmePhp\Ssl\Generator\KeyOption;
+use AcmePhp\Ssl\Generator\OpensslPrivateKeyGeneratorTrait;
 use AcmePhp\Ssl\Generator\PrivateKeyGeneratorInterface;
-use AcmePhp\Ssl\PrivateKey;
 use Webmozart\Assert\Assert;
 
 /**
@@ -25,32 +23,21 @@
  */
 class RsaKeyGenerator implements PrivateKeyGeneratorInterface
 {
+    use OpensslPrivateKeyGeneratorTrait;
+
     /**
      * @param RsaKeyOption|KeyOption $keyOption
      */
     public function generatePrivateKey(KeyOption $keyOption)
     {
         Assert::isInstanceOf($keyOption, RsaKeyOption::class);
 
-        $resource = openssl_pkey_new(
+        return $this->generatePrivateKeyFromOpensslOptions(
             [
                 'private_key_type' => OPENSSL_KEYTYPE_RSA,
                 'private_key_bits' => $keyOption->getBits(),
             ]
         );
-
-        if (!$resource) {
-            throw new KeyGenerationException(
-                sprintf('OpenSSL key creation failed during generation with error: %s', openssl_error_string())
-            );
-        }
-        if (!openssl_pkey_export($resource, $privateKey)) {
-            throw new KeyPairGenerationException(
-                sprintf('OpenSSL key export failed during generation with error: %s', openssl_error_string())
-            );
-        }
-
-        return new PrivateKey($privateKey);
     }
 
     public function supportsKeyOption(KeyOption $keyOption)

Signer/DataSigner.php

@@ -63,36 +63,6 @@ public function signData($data, PrivateKey $privateKey, $algorithm = OPENSSL_ALG
         }
     }
 
-    /**
-     * Convert a ECDSA signature into DER.
-     *
-     * The code is a copy/paste from another lib (web-token/jwt-core) which is not compatible with php <= 7.0
-     *
-     * @see https://github.com/web-token/jwt-core/blob/master/Util/ECSignature.php
-     */
-    private function ECDSAtoDER($signature, $partLength)
-    {
-        $signature = \unpack('H*', $signature)[1];
-        if (\mb_strlen($signature, '8bit') !== 2 * $partLength) {
-            throw new DataSigningException('Invalid length.');
-        }
-        $R = \mb_substr($signature, 0, $partLength, '8bit');
-        $S = \mb_substr($signature, $partLength, null, '8bit');
-
-        $R = $this->preparePositiveInteger($R);
-        $Rl = \mb_strlen($R, '8bit') / 2;
-        $S = $this->preparePositiveInteger($S);
-        $Sl = \mb_strlen($S, '8bit') / 2;
-        $der = \pack(
-            'H*',
-            '30'.($Rl + $Sl + 4 > 128 ? '81' : '').\dechex($Rl + $Sl + 4)
-            .'02'.\dechex($Rl).$R
-            .'02'.\dechex($Sl).$S
-        );
-
-        return $der;
-    }
-
     /**
      * Convert a DER signature into ECDSA.
      *