I am trying to communicate with a web service that is developed by .NET, and I am writing my client in PHP. One of the headache right now, is generating the SignatureValue and for SignedInfo.
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>CwMGnFZklO7XsDfFguzl0tw7iHM=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>nXJEN8p1nupMA/00TK03VZlADkU=</SignatureValue>
There was an Entropy sent to the server and and Entropy received from the server... Sent to server:
<t:Entropy>
<t:BinarySecret u:Id="uuid-6d32fbfc-2a74-422f-8b0b-3089db58f6ec-1"
Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">
grrlUUfhuNwlvQzQ4bV6TT3wA8ieZPltIf4+H7nIvCE=
</t:BinarySecret>
</t:Entropy>
received from server:
<t:Entropy>
<t:BinarySecret u:Id="uuid-8aebe294-15d0-4233-a3b1-ddd9a0d43d98-4"
Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">
YLABh3ZmZyiO5gvVLZe9J4JPd9w59KGeTFwE85XlzxE=
</t:BinarySecret>
</t:Entropy>
From what I read, I am suppose to use PSHA1 to generate a shared key and then run HMAC_SHA1 on the conocalized SignedInfo to generate signed value. Using these two entropies, the expected value is nXJEN8p1nupMA/00TK03VZlADkU= but I could never generate that...
My parameter to psha1_derive is psha1_derive($entropySentByMe (as $secret), 'WS-SecureConversationWS-SecureConversation', $entropyReturnedByServer (as $seed), '' (as timestamp), and length is 32 (256 bits));
If anyone has more information on how to use PSHA1 to derive the shared key or how to generate the signature value, please let me know!