diff --git a/composer.json b/composer.json index f0ae071..37f93c9 100644 --- a/composer.json +++ b/composer.json @@ -29,7 +29,7 @@ "php": "^7.1|^8", "ext-gmp": "*", "defuse/php-encryption": "^2.1", - "paragonie/ecc": "^2", + "paragonie/ecc": "^2.1", "paragonie/sodium_compat": "^1|^2", "paragonie/constant_time_encoding": "^2.1" }, diff --git a/src/Curve25519/X25519.php b/src/Curve25519/X25519.php index 7122883..3e0a737 100644 --- a/src/Curve25519/X25519.php +++ b/src/Curve25519/X25519.php @@ -96,7 +96,7 @@ public function createMultiPartyKey(): PublicKeyInterface * Sets the sender's key. * * @param PrivateKeyInterface $key - * @return void + * @return self * @throws \SodiumException * @throws \TypeError */ @@ -109,13 +109,14 @@ public function setSenderKey(PrivateKeyInterface $key) } else { throw new \TypeError('Only libsodium keys are allowed'); } + return $this; } /** * Sets the recipient key. * * @param PublicKeyInterface $key - * @return void + * @return self * @throws \SodiumException * @throws \TypeError */ @@ -128,5 +129,6 @@ public function setRecipientKey(PublicKeyInterface $key) } else { throw new \TypeError('Only libsodium keys are allowed'); } + return $this; } } diff --git a/src/ECDSA/HedgedRandomNumberGenerator.php b/src/ECDSA/HedgedRandomNumberGenerator.php index 087f5fb..9c7fcf9 100644 --- a/src/ECDSA/HedgedRandomNumberGenerator.php +++ b/src/ECDSA/HedgedRandomNumberGenerator.php @@ -141,7 +141,7 @@ public function generate(\GMP $max): \GMP $v = hash_hmac($this->algorithm, $v, $k, true); $t = ''; - for (;;) { + for ($tries = 0; $tries < 1024; ++$tries) { $toff = gmp_init(0, 10); while ($this->math->cmp($toff, $rlen) < 0) { $v = hash_hmac($this->algorithm, $v, $k, true); diff --git a/src/EasyECC.php b/src/EasyECC.php index ed16272..78f9c3d 100644 --- a/src/EasyECC.php +++ b/src/EasyECC.php @@ -11,6 +11,7 @@ use Mdanter\Ecc\EccFactory; use Mdanter\Ecc\Math\GmpMathInterface; use Mdanter\Ecc\Primitives\GeneratorPoint; +use Mdanter\Ecc\Random\RandomGeneratorFactory; use Mdanter\Ecc\Serializer\PublicKey\DerPublicKeySerializer; use Mdanter\Ecc\Serializer\Signature\DerSignatureSerializer; use Mdanter\Ecc\Util\NumberSize; @@ -76,13 +77,19 @@ public function __construct(string $curve = self::DEFAULT_CURVE) break; case 'P256': $this->adapter = EccFactory::getAdapter(); - $this->generator = EccFactory::getNistCurves()->generator256(); + $this->generator = EccFactory::getNistCurves()->generator256( + RandomGeneratorFactory::getRandomGenerator(), + true + ); $this->hashAlgo = 'sha256'; $this->hasher = new SignHasher($this->hashAlgo, $this->adapter); break; case 'P384': $this->adapter = EccFactory::getAdapter(); - $this->generator = EccFactory::getNistCurves()->generator384(); + $this->generator = EccFactory::getNistCurves()->generator384( + RandomGeneratorFactory::getRandomGenerator(), + true + ); $this->hashAlgo = 'sha384'; $this->hasher = new SignHasher($this->hashAlgo, $this->adapter); break; @@ -320,12 +327,18 @@ public static function getGenerator( return CurveFactory::getGeneratorByName('secp256k1'); case 'P256': if ($constantTime) { - return EccFactory::getNistCurves(new ConstantTimeMath())->generator256(); + return EccFactory::getNistCurves(new ConstantTimeMath())->generator256( + RandomGeneratorFactory::getRandomGenerator(), + true + ); } return EccFactory::getNistCurves()->generator256(); case 'P384': if ($constantTime) { - return EccFactory::getNistCurves(new ConstantTimeMath())->generator384(); + return EccFactory::getNistCurves(new ConstantTimeMath())->generator384( + RandomGeneratorFactory::getRandomGenerator(), + true + ); } return EccFactory::getNistCurves()->generator384(); case 'P521':