PHP中P_SHA1算法的实现

2021-12-24 00:00:00 encryption web-services php soap

我们正在尝试实现一个函数 P_SHA1 表示 PHP.用 Python 编写的函数的模式.但是,不幸的是,有些东西不能正常工作.下面是JAVA中的实现函数:http://ws.apache.org/wss4j/xref/org/apache/ws/security/conversation/dkalgo/P_SHA1.html

we are trying to implement a function P_SHA1 means PHP. The pattern of the function written in Python. But, unfortunately, something is not working properly. Here is the implementation function in JAVA: http://ws.apache.org/wss4j/xref/org/apache/ws/security/conversation/dkalgo/P_SHA1.html

我们的代码:

<?php
  $newSeed    = $label . $seed; // concat as strings
  // $p_sha1
  $psha1 = p_hash('sha1', $secret, $newSeed, $length);
  $string = arrayToBytes($psha1);
  /**
  * P_SHA1 crypto alg calculation
  *
  * @return array of bytes - key
  **/
  function p_hash($algo, $secret, $seed, $length) {
    $bytes = array_fill(0, $length, 0); 
    $tmp = null;
    $A = $seed;
    $index = 0;

    while (1) {
      // hmac sha1: secret + seed
      $A = hash_hmac($algo, $secret, $A, true);

      // hmac sha1: secret + 1st hash + seed
      $output = hash_hmac($algo, $secret, ($A . $seed), true);

      foreach (bytesToArray($output) as $c) {
          if ($index >= $length) {
              return $bytes;
          }

          $bytes[$index] = $c;
          $index++;
      }
    }
    return $bytes;
}

function bytesToArray($bytes) { return unpack('C*', $bytes); }
function arrayToBytes($array) { return call_user_func_array("pack", array_merge(array("C*"), $array)); }
?>

也许有人知道我在哪里可以找到现成的解决方案?或者任何人都可以帮助编写脚本以使其正常工作?

Maybe someone knows where I can find a ready-made solution? Or anyone can help make a script to work properly?

推荐答案

这是基于 回复通过签名 FS" SOAP 消息请求.我已经成功地使用它来签署 SOAP 请求并获得我想要的响应.

This is based on the C# method included in a reply to "signing SOAP message request via ADFS". I have successfully used it to sign SOAP requests and get the response I want.

function psha1($clientSecret, $serverSecret, $sizeBits = 256)
{
    $sizeBytes = $sizeBits / 8;

    $hmacKey = $clientSecret;
    $hashSize = 160; // HMAC_SHA1 length is always 160
    $bufferSize = $hashSize / 8 + strlen($serverSecret);
    $i = 0;

    $b1 = $serverSecret;
    $b2 = "";
    $temp = null;
    $psha = array();

    while ($i < $sizeBytes) {
        $b1 = hash_hmac('SHA1', $b1, $hmacKey, true);
        $b2 = $b1 . $serverSecret;
        $temp = hash_hmac('SHA1', $b2, $hmacKey, true);

        for ($j = 0; $j < strlen($temp); $j++) {
            if ($i < $sizeBytes) {
                $psha[$i] = $temp[$j];
                $i++;
            } else {
                break;
            }
        }
    }

    return implode("", $psha);
}

需要注意的重要一点是,客户端机密和服务器机密在传递给此函数之前应该进行 base64 解码.

One thing of importance to note is that the client secret and server secret should be base64 decoded before being passed to this function.

相关文章