Spomky-Labs /
jose
Complex classes like RSA often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use RSA, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 19 | final class RSA |
||
| 20 | { |
||
| 21 | /**#@+ |
||
| 22 | * @see self::encrypt() |
||
| 23 | * @see self::decrypt() |
||
| 24 | */ |
||
| 25 | /** |
||
| 26 | * Use {@link http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding Optimal Asymmetric Encryption Padding} |
||
| 27 | * (OAEP) for encryption / decryption. |
||
| 28 | * |
||
| 29 | * Uses sha1 by default. |
||
| 30 | * |
||
| 31 | * @see self::setHash() |
||
| 32 | * @see self::setMGFHash() |
||
| 33 | */ |
||
| 34 | const ENCRYPTION_OAEP = 1; |
||
| 35 | |||
| 36 | /** |
||
| 37 | * Use PKCS#1 padding. |
||
| 38 | * |
||
| 39 | * Although self::ENCRYPTION_OAEP offers more security, including PKCS#1 padding is necessary for purposes of backwards |
||
| 40 | * compatibility with protocols (like SSH-1) written before OAEP's introduction. |
||
| 41 | */ |
||
| 42 | const ENCRYPTION_PKCS1 = 2; |
||
| 43 | |||
| 44 | /**#@-*/ |
||
| 45 | |||
| 46 | /**#@+ |
||
| 47 | * @see self::sign() |
||
| 48 | * @see self::verify() |
||
| 49 | * @see self::setHash() |
||
| 50 | */ |
||
| 51 | /** |
||
| 52 | * Use the Probabilistic Signature Scheme for signing. |
||
| 53 | * |
||
| 54 | * Uses sha1 by default. |
||
| 55 | * |
||
| 56 | * @see self::setSaltLength() |
||
| 57 | * @see self::setMGFHash() |
||
| 58 | */ |
||
| 59 | const SIGNATURE_PSS = 1; |
||
| 60 | /** |
||
| 61 | * Use the PKCS#1 scheme by default. |
||
| 62 | * |
||
| 63 | * Although self::SIGNATURE_PSS offers more security, including PKCS#1 signing is necessary for purposes of backwards |
||
| 64 | * compatibility with protocols (like SSH-2) written before PSS's introduction. |
||
| 65 | */ |
||
| 66 | const SIGNATURE_PKCS1 = 2; |
||
| 67 | /**#@-*/ |
||
| 68 | |||
| 69 | /**#@+ |
||
| 70 | * @see \phpseclib\Crypt\RSA::createKey() |
||
| 71 | */ |
||
| 72 | /** |
||
| 73 | * ASN1 Integer. |
||
| 74 | */ |
||
| 75 | const ASN1_INTEGER = 2; |
||
| 76 | /** |
||
| 77 | * ASN1 Bit String. |
||
| 78 | */ |
||
| 79 | const ASN1_BITSTRING = 3; |
||
| 80 | /** |
||
| 81 | * ASN1 Octet String. |
||
| 82 | */ |
||
| 83 | const ASN1_OCTETSTRING = 4; |
||
| 84 | /** |
||
| 85 | * ASN1 Object Identifier. |
||
| 86 | */ |
||
| 87 | const ASN1_OBJECT = 6; |
||
| 88 | /** |
||
| 89 | * ASN1 Sequence (with the constucted bit set). |
||
| 90 | */ |
||
| 91 | const ASN1_SEQUENCE = 48; |
||
| 92 | /**#@-*/ |
||
| 93 | |||
| 94 | /**#@+ |
||
| 95 | * @see \phpseclib\Crypt\RSA::__construct() |
||
| 96 | */ |
||
| 97 | /** |
||
| 98 | * To use the pure-PHP implementation. |
||
| 99 | */ |
||
| 100 | const MODE_INTERNAL = 1; |
||
| 101 | /** |
||
| 102 | * To use the OpenSSL library. |
||
| 103 | * |
||
| 104 | * (if enabled; otherwise, the internal implementation will be used) |
||
| 105 | */ |
||
| 106 | const MODE_OPENSSL = 2; |
||
| 107 | /**#@-*/ |
||
| 108 | |||
| 109 | /**#@+ |
||
| 110 | * @see \phpseclib\Crypt\RSA::createKey() |
||
| 111 | * @see \phpseclib\Crypt\RSA::setPrivateKeyFormat() |
||
| 112 | */ |
||
| 113 | /** |
||
| 114 | * PKCS#1 formatted private key. |
||
| 115 | * |
||
| 116 | * Used by OpenSSH |
||
| 117 | */ |
||
| 118 | const PRIVATE_FORMAT_PKCS1 = 0; |
||
| 119 | /** |
||
| 120 | * PuTTY formatted private key. |
||
| 121 | */ |
||
| 122 | const PRIVATE_FORMAT_PUTTY = 1; |
||
| 123 | /** |
||
| 124 | * XML formatted private key. |
||
| 125 | */ |
||
| 126 | const PRIVATE_FORMAT_XML = 2; |
||
| 127 | /** |
||
| 128 | * PKCS#8 formatted private key. |
||
| 129 | */ |
||
| 130 | const PRIVATE_FORMAT_PKCS8 = 8; |
||
| 131 | /**#@-*/ |
||
| 132 | |||
| 133 | /**#@+ |
||
| 134 | * @see \phpseclib\Crypt\RSA::createKey() |
||
| 135 | * @see \phpseclib\Crypt\RSA::setPublicKeyFormat() |
||
| 136 | */ |
||
| 137 | /** |
||
| 138 | * Raw public key. |
||
| 139 | * |
||
| 140 | * An array containing two \Jose\Util\BigInteger objects. |
||
| 141 | * |
||
| 142 | * The exponent can be indexed with any of the following: |
||
| 143 | * |
||
| 144 | * 0, e, exponent, publicExponent |
||
| 145 | * |
||
| 146 | * The modulus can be indexed with any of the following: |
||
| 147 | * |
||
| 148 | * 1, n, modulo, modulus |
||
| 149 | */ |
||
| 150 | const PUBLIC_FORMAT_RAW = 3; |
||
| 151 | /** |
||
| 152 | * PKCS#1 formatted public key (raw). |
||
| 153 | * |
||
| 154 | * Used by File/X509.php |
||
| 155 | * |
||
| 156 | * Has the following header: |
||
| 157 | * |
||
| 158 | * -----BEGIN RSA PUBLIC KEY----- |
||
| 159 | * |
||
| 160 | * Analogous to ssh-keygen's pem format (as specified by -m) |
||
| 161 | */ |
||
| 162 | const PUBLIC_FORMAT_PKCS1 = 4; |
||
| 163 | const PUBLIC_FORMAT_PKCS1_RAW = 4; |
||
| 164 | /** |
||
| 165 | * XML formatted public key. |
||
| 166 | */ |
||
| 167 | const PUBLIC_FORMAT_XML = 5; |
||
| 168 | /** |
||
| 169 | * OpenSSH formatted public key. |
||
| 170 | * |
||
| 171 | * Place in $HOME/.ssh/authorized_keys |
||
| 172 | */ |
||
| 173 | const PUBLIC_FORMAT_OPENSSH = 6; |
||
| 174 | /** |
||
| 175 | * PKCS#1 formatted public key (encapsulated). |
||
| 176 | * |
||
| 177 | * Used by PHP's openssl_public_encrypt() and openssl's rsautl (when -pubin is set) |
||
| 178 | * |
||
| 179 | * Has the following header: |
||
| 180 | * |
||
| 181 | * -----BEGIN PUBLIC KEY----- |
||
| 182 | * |
||
| 183 | * Analogous to ssh-keygen's pkcs8 format (as specified by -m). Although PKCS8 |
||
| 184 | * is specific to private keys it's basically creating a DER-encoded wrapper |
||
| 185 | * for keys. This just extends that same concept to public keys (much like ssh-keygen) |
||
| 186 | */ |
||
| 187 | const PUBLIC_FORMAT_PKCS8 = 7; |
||
| 188 | /**#@-*/ |
||
| 189 | |||
| 190 | /** |
||
| 191 | * Precomputed Zero. |
||
| 192 | * |
||
| 193 | * @var array |
||
| 194 | */ |
||
| 195 | private $zero; |
||
| 196 | |||
| 197 | /** |
||
| 198 | * Precomputed One. |
||
| 199 | * |
||
| 200 | * @var array |
||
| 201 | */ |
||
| 202 | private $one; |
||
| 203 | |||
| 204 | /** |
||
| 205 | * Private Key Format. |
||
| 206 | * |
||
| 207 | * @var int |
||
| 208 | */ |
||
| 209 | private $privateKeyFormat = self::PRIVATE_FORMAT_PKCS1; |
||
| 210 | |||
| 211 | /** |
||
| 212 | * Public Key Format. |
||
| 213 | * |
||
| 214 | * @var int |
||
| 215 | */ |
||
| 216 | private $publicKeyFormat = self::PUBLIC_FORMAT_PKCS8; |
||
| 217 | |||
| 218 | /** |
||
| 219 | * Modulus (ie. n). |
||
| 220 | * |
||
| 221 | * @var \Jose\Util\BigInteger |
||
| 222 | */ |
||
| 223 | private $modulus; |
||
| 224 | |||
| 225 | /** |
||
| 226 | * Modulus length. |
||
| 227 | * |
||
| 228 | * @var \Jose\Util\BigInteger |
||
| 229 | */ |
||
| 230 | private $k; |
||
| 231 | |||
| 232 | /** |
||
| 233 | * Exponent (ie. e or d). |
||
| 234 | * |
||
| 235 | * @var \Jose\Util\BigInteger |
||
| 236 | */ |
||
| 237 | private $exponent; |
||
| 238 | |||
| 239 | /** |
||
| 240 | * Primes for Chinese Remainder Theorem (ie. p and q). |
||
| 241 | * |
||
| 242 | * @var array |
||
| 243 | */ |
||
| 244 | private $primes; |
||
| 245 | |||
| 246 | /** |
||
| 247 | * Exponents for Chinese Remainder Theorem (ie. dP and dQ). |
||
| 248 | * |
||
| 249 | * @var array |
||
| 250 | */ |
||
| 251 | private $exponents; |
||
| 252 | |||
| 253 | /** |
||
| 254 | * Coefficients for Chinese Remainder Theorem (ie. qInv). |
||
| 255 | * |
||
| 256 | * @var array |
||
| 257 | */ |
||
| 258 | private $coefficients; |
||
| 259 | |||
| 260 | /** |
||
| 261 | * Hash name. |
||
| 262 | * |
||
| 263 | * @var string |
||
| 264 | */ |
||
| 265 | private $hashName; |
||
| 266 | |||
| 267 | /** |
||
| 268 | * Hash function. |
||
| 269 | * |
||
| 270 | * @var \Jose\Util\Hash |
||
| 271 | */ |
||
| 272 | private $hash; |
||
| 273 | |||
| 274 | /** |
||
| 275 | * Length of hash function output. |
||
| 276 | * |
||
| 277 | * @var int |
||
| 278 | */ |
||
| 279 | private $hLen; |
||
| 280 | |||
| 281 | /** |
||
| 282 | * Length of salt. |
||
| 283 | * |
||
| 284 | * @var int |
||
| 285 | */ |
||
| 286 | private $sLen; |
||
| 287 | |||
| 288 | /** |
||
| 289 | * Hash function for the Mask Generation Function. |
||
| 290 | * |
||
| 291 | * @var \Jose\Util\Hash |
||
| 292 | */ |
||
| 293 | private $mgfHash; |
||
| 294 | |||
| 295 | /** |
||
| 296 | * Length of MGF hash function output. |
||
| 297 | * |
||
| 298 | * @var int |
||
| 299 | */ |
||
| 300 | private $mgfHLen; |
||
| 301 | |||
| 302 | /** |
||
| 303 | * Encryption mode. |
||
| 304 | * |
||
| 305 | * @var int |
||
| 306 | */ |
||
| 307 | private $encryptionMode = self::ENCRYPTION_OAEP; |
||
| 308 | |||
| 309 | /** |
||
| 310 | * Signature mode. |
||
| 311 | * |
||
| 312 | * @var int |
||
| 313 | */ |
||
| 314 | private $signatureMode = self::SIGNATURE_PSS; |
||
| 315 | |||
| 316 | /** |
||
| 317 | * Public Exponent. |
||
| 318 | * |
||
| 319 | * @var mixed |
||
| 320 | */ |
||
| 321 | private $publicExponent = false; |
||
| 322 | |||
| 323 | /** |
||
| 324 | * Password. |
||
| 325 | * |
||
| 326 | * @var string |
||
| 327 | */ |
||
| 328 | private $password = false; |
||
| 329 | |||
| 330 | /** |
||
| 331 | * Components. |
||
| 332 | * |
||
| 333 | * For use with parsing XML formatted keys. PHP's XML Parser functions use utilized - instead of PHP's DOM functions - |
||
| 334 | * because PHP's XML Parser functions work on PHP4 whereas PHP's DOM functions - although surperior - don't. |
||
| 335 | * |
||
| 336 | * @see self::_start_element_handler() |
||
| 337 | * |
||
| 338 | * @var array |
||
| 339 | */ |
||
| 340 | private $components = []; |
||
| 341 | |||
| 342 | /** |
||
| 343 | * Current String. |
||
| 344 | * |
||
| 345 | * For use with parsing XML formatted keys. |
||
| 346 | * |
||
| 347 | * @see self::_character_handler() |
||
| 348 | * @see self::_stop_element_handler() |
||
| 349 | * |
||
| 350 | * @var mixed |
||
| 351 | */ |
||
| 352 | private $current; |
||
| 353 | |||
| 354 | /** |
||
| 355 | * OpenSSL configuration file name. |
||
| 356 | * |
||
| 357 | * Set to null to use system configuration file. |
||
| 358 | * |
||
| 359 | * @see self::createKey() |
||
| 360 | * |
||
| 361 | * @var mixed |
||
| 362 | * @Access public |
||
| 363 | */ |
||
| 364 | private $configFile; |
||
| 365 | |||
| 366 | /** |
||
| 367 | * Public key comment field. |
||
| 368 | * |
||
| 369 | * @var string |
||
| 370 | */ |
||
| 371 | private $comment = 'phpseclib-generated-key'; |
||
| 372 | |||
| 373 | /** |
||
| 374 | * The constructor. |
||
| 375 | * |
||
| 376 | * If you want to make use of the openssl extension, you'll need to set the mode manually, yourself. The reason |
||
| 377 | * \phpseclib\Crypt\RSA doesn't do it is because OpenSSL doesn't fail gracefully. openssl_pkey_new(), in particular, requires |
||
| 378 | * openssl.cnf be present somewhere and, unfortunately, the only real way to find out is too late. |
||
| 379 | */ |
||
| 380 | public function __construct() |
||
| 381 | { |
||
| 382 | $this->configFile = dirname(__FILE__).'/../openssl.cnf'; |
||
| 383 | |||
| 384 | if (!defined('CRYPT_RSA_MODE')) { |
||
| 385 | switch (true) { |
||
| 386 | // Math/BigInteger's openssl requirements are a little less stringent than Crypt/RSA's. in particular, |
||
| 387 | // Math/BigInteger doesn't require an openssl.cfg file whereas Crypt/RSA does. so if Math/BigInteger |
||
| 388 | // can't use OpenSSL it can be pretty trivially assumed, then, that Crypt/RSA can't either. |
||
| 389 | case defined('MATH_BIGINTEGER_OPENSSL_DISABLE'): |
||
| 390 | define('CRYPT_RSA_MODE', self::MODE_INTERNAL); |
||
| 391 | break; |
||
| 392 | case extension_loaded('openssl') && file_exists($this->configFile): |
||
| 393 | // some versions of XAMPP have mismatched versions of OpenSSL which causes it not to work |
||
| 394 | ob_start(); |
||
| 395 | @phpinfo(); |
||
|
|
|||
| 396 | $content = ob_get_contents(); |
||
| 397 | ob_end_clean(); |
||
| 398 | |||
| 399 | preg_match_all('#OpenSSL (Header|Library) Version(.*)#im', $content, $matches); |
||
| 400 | |||
| 401 | $versions = []; |
||
| 402 | if (!empty($matches[1])) { |
||
| 403 | for ($i = 0; $i < count($matches[1]); $i++) { |
||
| 404 | $fullVersion = trim(str_replace('=>', '', strip_tags($matches[2][$i]))); |
||
| 405 | |||
| 406 | // Remove letter part in OpenSSL version |
||
| 407 | if (!preg_match('/(\d+\.\d+\.\d+)/i', $fullVersion, $m)) { |
||
| 408 | $versions[$matches[1][$i]] = $fullVersion; |
||
| 409 | } else { |
||
| 410 | $versions[$matches[1][$i]] = $m[0]; |
||
| 411 | } |
||
| 412 | } |
||
| 413 | } |
||
| 414 | |||
| 415 | // it doesn't appear that OpenSSL versions were reported upon until PHP 5.3+ |
||
| 416 | switch (true) { |
||
| 417 | case !isset($versions['Header']): |
||
| 418 | case !isset($versions['Library']): |
||
| 419 | case $versions['Header'] == $versions['Library']: |
||
| 420 | define('CRYPT_RSA_MODE', self::MODE_OPENSSL); |
||
| 421 | break; |
||
| 422 | default: |
||
| 423 | define('CRYPT_RSA_MODE', self::MODE_INTERNAL); |
||
| 424 | define('MATH_BIGINTEGER_OPENSSL_DISABLE', true); |
||
| 425 | } |
||
| 426 | break; |
||
| 427 | default: |
||
| 428 | define('CRYPT_RSA_MODE', self::MODE_INTERNAL); |
||
| 429 | } |
||
| 430 | } |
||
| 431 | |||
| 432 | $this->zero = BigInteger::createFromDecimalString('0'); |
||
| 433 | $this->one = BigInteger::createFromDecimalString('1'); |
||
| 434 | |||
| 435 | $this->hash = new Hash('sha1'); |
||
| 436 | $this->hLen = 20; |
||
| 437 | $this->hashName = 'sha1'; |
||
| 438 | $this->mgfHash = new Hash('sha1'); |
||
| 439 | $this->mgfHLen = 20; |
||
| 440 | } |
||
| 441 | |||
| 442 | /** |
||
| 443 | * Break a public or private key down into its constituant components. |
||
| 444 | * |
||
| 445 | * @see self::_convertPublicKey() |
||
| 446 | * @see self::_convertPrivateKey() |
||
| 447 | * |
||
| 448 | * @param string $key |
||
| 449 | * @param int $type |
||
| 450 | * |
||
| 451 | * @return array |
||
| 452 | */ |
||
| 453 | private function _parseKey($key, $type) |
||
| 454 | { |
||
| 455 | if ($type != self::PUBLIC_FORMAT_RAW && !is_string($key)) { |
||
| 456 | return false; |
||
| 457 | } |
||
| 458 | |||
| 459 | switch ($type) { |
||
| 460 | case self::PUBLIC_FORMAT_RAW: |
||
| 461 | if (!is_array($key)) { |
||
| 462 | return false; |
||
| 463 | } |
||
| 464 | $components = []; |
||
| 465 | switch (true) { |
||
| 466 | case isset($key['e']): |
||
| 467 | $components['publicExponent'] = $key['e']->copy(); |
||
| 468 | break; |
||
| 469 | case isset($key['exponent']): |
||
| 470 | $components['publicExponent'] = $key['exponent']->copy(); |
||
| 471 | break; |
||
| 472 | case isset($key['publicExponent']): |
||
| 473 | $components['publicExponent'] = $key['publicExponent']->copy(); |
||
| 474 | break; |
||
| 475 | case isset($key[0]): |
||
| 476 | $components['publicExponent'] = $key[0]->copy(); |
||
| 477 | } |
||
| 478 | switch (true) { |
||
| 479 | case isset($key['n']): |
||
| 480 | $components['modulus'] = $key['n']->copy(); |
||
| 481 | break; |
||
| 482 | case isset($key['modulo']): |
||
| 483 | $components['modulus'] = $key['modulo']->copy(); |
||
| 484 | break; |
||
| 485 | case isset($key['modulus']): |
||
| 486 | $components['modulus'] = $key['modulus']->copy(); |
||
| 487 | break; |
||
| 488 | case isset($key[1]): |
||
| 489 | $components['modulus'] = $key[1]->copy(); |
||
| 490 | } |
||
| 491 | |||
| 492 | return isset($components['modulus']) && isset($components['publicExponent']) ? $components : false; |
||
| 493 | case self::PRIVATE_FORMAT_PKCS1: |
||
| 494 | case self::PRIVATE_FORMAT_PKCS8: |
||
| 495 | case self::PUBLIC_FORMAT_PKCS1: |
||
| 496 | /* Although PKCS#1 proposes a format that public and private keys can use, encrypting them is |
||
| 497 | "outside the scope" of PKCS#1. PKCS#1 then refers you to PKCS#12 and PKCS#15 if you're wanting to |
||
| 498 | protect private keys, however, that's not what OpenSSL* does. OpenSSL protects private keys by adding |
||
| 499 | two new "fields" to the key - DEK-Info and Proc-Type. These fields are discussed here: |
||
| 500 | |||
| 501 | http://tools.ietf.org/html/rfc1421#section-4.6.1.1 |
||
| 502 | http://tools.ietf.org/html/rfc1421#section-4.6.1.3 |
||
| 503 | |||
| 504 | DES-EDE3-CBC as an algorithm, however, is not discussed anywhere, near as I can tell. |
||
| 505 | DES-CBC and DES-EDE are discussed in RFC1423, however, DES-EDE3-CBC isn't, nor is its key derivation |
||
| 506 | function. As is, the definitive authority on this encoding scheme isn't the IETF but rather OpenSSL's |
||
| 507 | own implementation. ie. the implementation *is* the standard and any bugs that may exist in that |
||
| 508 | implementation are part of the standard, as well. |
||
| 509 | |||
| 510 | * OpenSSL is the de facto standard. It's utilized by OpenSSH and other projects */ |
||
| 511 | if (preg_match('#DEK-Info: (.+),(.+)#', $key, $matches)) { |
||
| 512 | $iv = pack('H*', trim($matches[2])); |
||
| 513 | $symkey = pack('H*', md5($this->password.substr($iv, 0, 8))); // symkey is short for symmetric key |
||
| 514 | $symkey .= pack('H*', md5($symkey.$this->password.substr($iv, 0, 8))); |
||
| 515 | // remove the Proc-Type / DEK-Info sections as they're no longer needed |
||
| 516 | $key = preg_replace('#^(?:Proc-Type|DEK-Info): .*#m', '', $key); |
||
| 517 | $ciphertext = $this->_extractBER($key); |
||
| 518 | if ($ciphertext === false) { |
||
| 519 | $ciphertext = $key; |
||
| 520 | } |
||
| 521 | switch ($matches[1]) { |
||
| 522 | case 'AES-256-CBC': |
||
| 523 | $crypto = new AES(); |
||
| 524 | break; |
||
| 525 | case 'AES-128-CBC': |
||
| 526 | $symkey = substr($symkey, 0, 16); |
||
| 527 | $crypto = new AES(); |
||
| 528 | break; |
||
| 529 | case 'DES-EDE3-CFB': |
||
| 530 | $crypto = new TripleDES(Base::MODE_CFB); |
||
| 531 | break; |
||
| 532 | case 'DES-EDE3-CBC': |
||
| 533 | $symkey = substr($symkey, 0, 24); |
||
| 534 | $crypto = new TripleDES(); |
||
| 535 | break; |
||
| 536 | case 'DES-CBC': |
||
| 537 | $crypto = new DES(); |
||
| 538 | break; |
||
| 539 | default: |
||
| 540 | return false; |
||
| 541 | } |
||
| 542 | $crypto->setKey($symkey); |
||
| 543 | $crypto->setIV($iv); |
||
| 544 | $decoded = $crypto->decrypt($ciphertext); |
||
| 545 | } else { |
||
| 546 | $decoded = $this->_extractBER($key); |
||
| 547 | } |
||
| 548 | |||
| 549 | if ($decoded !== false) { |
||
| 550 | $key = $decoded; |
||
| 551 | } |
||
| 552 | |||
| 553 | $components = []; |
||
| 554 | |||
| 555 | if (ord($this->_string_shift($key)) != self::ASN1_SEQUENCE) { |
||
| 556 | return false; |
||
| 557 | } |
||
| 558 | if ($this->_decodeLength($key) != strlen($key)) { |
||
| 559 | return false; |
||
| 560 | } |
||
| 561 | |||
| 562 | $tag = ord($this->_string_shift($key)); |
||
| 563 | /* intended for keys for which OpenSSL's asn1parse returns the following: |
||
| 564 | |||
| 565 | 0:d=0 hl=4 l= 631 cons: SEQUENCE |
||
| 566 | 4:d=1 hl=2 l= 1 prim: INTEGER :00 |
||
| 567 | 7:d=1 hl=2 l= 13 cons: SEQUENCE |
||
| 568 | 9:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption |
||
| 569 | 20:d=2 hl=2 l= 0 prim: NULL |
||
| 570 | 22:d=1 hl=4 l= 609 prim: OCTET STRING |
||
| 571 | |||
| 572 | ie. PKCS8 keys*/ |
||
| 573 | |||
| 574 | if ($tag == self::ASN1_INTEGER && substr($key, 0, 3) == "\x01\x00\x30") { |
||
| 575 | $this->_string_shift($key, 3); |
||
| 576 | $tag = self::ASN1_SEQUENCE; |
||
| 577 | } |
||
| 578 | |||
| 579 | if ($tag == self::ASN1_SEQUENCE) { |
||
| 580 | $temp = $this->_string_shift($key, $this->_decodeLength($key)); |
||
| 581 | if (ord($this->_string_shift($temp)) != self::ASN1_OBJECT) { |
||
| 582 | return false; |
||
| 583 | } |
||
| 584 | $length = $this->_decodeLength($temp); |
||
| 585 | switch ($this->_string_shift($temp, $length)) { |
||
| 586 | case "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01": // rsaEncryption |
||
| 587 | break; |
||
| 588 | case "\x2a\x86\x48\x86\xf7\x0d\x01\x05\x03": // pbeWithMD5AndDES-CBC |
||
| 589 | /* |
||
| 590 | PBEParameter ::= SEQUENCE { |
||
| 591 | salt OCTET STRING (SIZE(8)), |
||
| 592 | iterationCount INTEGER } |
||
| 593 | */ |
||
| 594 | if (ord($this->_string_shift($temp)) != self::ASN1_SEQUENCE) { |
||
| 595 | return false; |
||
| 596 | } |
||
| 597 | if ($this->_decodeLength($temp) != strlen($temp)) { |
||
| 598 | return false; |
||
| 599 | } |
||
| 600 | $this->_string_shift($temp); // assume it's an octet string |
||
| 601 | $salt = $this->_string_shift($temp, $this->_decodeLength($temp)); |
||
| 602 | if (ord($this->_string_shift($temp)) != self::ASN1_INTEGER) { |
||
| 603 | return false; |
||
| 604 | } |
||
| 605 | $this->_decodeLength($temp); |
||
| 606 | list(, $iterationCount) = unpack('N', str_pad($temp, 4, chr(0), STR_PAD_LEFT)); |
||
| 607 | $this->_string_shift($key); // assume it's an octet string |
||
| 608 | $length = $this->_decodeLength($key); |
||
| 609 | if (strlen($key) != $length) { |
||
| 610 | return false; |
||
| 611 | } |
||
| 612 | |||
| 613 | $crypto = new DES(); |
||
| 614 | $crypto->setPassword($this->password, 'pbkdf1', 'md5', $salt, $iterationCount); |
||
| 615 | $key = $crypto->decrypt($key); |
||
| 616 | if ($key === false) { |
||
| 617 | return false; |
||
| 618 | } |
||
| 619 | |||
| 620 | return $this->_parseKey($key, self::PRIVATE_FORMAT_PKCS1); |
||
| 621 | default: |
||
| 622 | return false; |
||
| 623 | } |
||
| 624 | /* intended for keys for which OpenSSL's asn1parse returns the following: |
||
| 625 | |||
| 626 | 0:d=0 hl=4 l= 290 cons: SEQUENCE |
||
| 627 | 4:d=1 hl=2 l= 13 cons: SEQUENCE |
||
| 628 | 6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption |
||
| 629 | 17:d=2 hl=2 l= 0 prim: NULL |
||
| 630 | 19:d=1 hl=4 l= 271 prim: BIT STRING */ |
||
| 631 | $tag = ord($this->_string_shift($key)); // skip over the BIT STRING / OCTET STRING tag |
||
| 632 | $this->_decodeLength($key); // skip over the BIT STRING / OCTET STRING length |
||
| 633 | // "The initial octet shall encode, as an unsigned binary integer wtih bit 1 as the least significant bit, the number of |
||
| 634 | // unused bits in the final subsequent octet. The number shall be in the range zero to seven." |
||
| 635 | // -- http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf (section 8.6.2.2) |
||
| 636 | if ($tag == self::ASN1_BITSTRING) { |
||
| 637 | $this->_string_shift($key); |
||
| 638 | } |
||
| 639 | if (ord($this->_string_shift($key)) != self::ASN1_SEQUENCE) { |
||
| 640 | return false; |
||
| 641 | } |
||
| 642 | if ($this->_decodeLength($key) != strlen($key)) { |
||
| 643 | return false; |
||
| 644 | } |
||
| 645 | $tag = ord($this->_string_shift($key)); |
||
| 646 | } |
||
| 647 | if ($tag != self::ASN1_INTEGER) { |
||
| 648 | return false; |
||
| 649 | } |
||
| 650 | |||
| 651 | $length = $this->_decodeLength($key); |
||
| 652 | $temp = $this->_string_shift($key, $length); |
||
| 653 | if (strlen($temp) != 1 || ord($temp) > 2) { |
||
| 654 | $components['modulus'] = BigInteger::createFromBinaryString($temp); |
||
| 655 | $this->_string_shift($key); // skip over self::ASN1_INTEGER |
||
| 656 | $length = $this->_decodeLength($key); |
||
| 657 | $components[$type == self::PUBLIC_FORMAT_PKCS1 ? 'publicExponent' : 'privateExponent'] = BigInteger::createFromBinaryString($this->_string_shift($key, $length)); |
||
| 658 | |||
| 659 | return $components; |
||
| 660 | } |
||
| 661 | if (ord($this->_string_shift($key)) != self::ASN1_INTEGER) { |
||
| 662 | return false; |
||
| 663 | } |
||
| 664 | $length = $this->_decodeLength($key); |
||
| 665 | $components['modulus'] = BigInteger::createFromBinaryString($this->_string_shift($key, $length)); |
||
| 666 | $this->_string_shift($key); |
||
| 667 | $length = $this->_decodeLength($key); |
||
| 668 | $components['publicExponent'] = BigInteger::createFromBinaryString($this->_string_shift($key, $length)); |
||
| 669 | $this->_string_shift($key); |
||
| 670 | $length = $this->_decodeLength($key); |
||
| 671 | $components['privateExponent'] = BigInteger::createFromBinaryString($this->_string_shift($key, $length)); |
||
| 672 | $this->_string_shift($key); |
||
| 673 | $length = $this->_decodeLength($key); |
||
| 674 | $components['primes'] = [1 => BigInteger::createFromBinaryString($this->_string_shift($key, $length))]; |
||
| 675 | $this->_string_shift($key); |
||
| 676 | $length = $this->_decodeLength($key); |
||
| 677 | $components['primes'][] = BigInteger::createFromBinaryString($this->_string_shift($key, $length)); |
||
| 678 | $this->_string_shift($key); |
||
| 679 | $length = $this->_decodeLength($key); |
||
| 680 | $components['exponents'] = [1 => BigInteger::createFromBinaryString($this->_string_shift($key, $length))]; |
||
| 681 | $this->_string_shift($key); |
||
| 682 | $length = $this->_decodeLength($key); |
||
| 683 | $components['exponents'][] = BigInteger::createFromBinaryString($this->_string_shift($key, $length)); |
||
| 684 | $this->_string_shift($key); |
||
| 685 | $length = $this->_decodeLength($key); |
||
| 686 | $components['coefficients'] = [2 => BigInteger::createFromBinaryString($this->_string_shift($key, $length))]; |
||
| 687 | |||
| 688 | if (!empty($key)) { |
||
| 689 | if (ord($this->_string_shift($key)) != self::ASN1_SEQUENCE) { |
||
| 690 | return false; |
||
| 691 | } |
||
| 692 | $this->_decodeLength($key); |
||
| 693 | while (!empty($key)) { |
||
| 694 | if (ord($this->_string_shift($key)) != self::ASN1_SEQUENCE) { |
||
| 695 | return false; |
||
| 696 | } |
||
| 697 | $this->_decodeLength($key); |
||
| 698 | $key = substr($key, 1); |
||
| 699 | $length = $this->_decodeLength($key); |
||
| 700 | $components['primes'][] = BigInteger::createFromBinaryString($this->_string_shift($key, $length)); |
||
| 701 | $this->_string_shift($key); |
||
| 702 | $length = $this->_decodeLength($key); |
||
| 703 | $components['exponents'][] = BigInteger::createFromBinaryString($this->_string_shift($key, $length)); |
||
| 704 | $this->_string_shift($key); |
||
| 705 | $length = $this->_decodeLength($key); |
||
| 706 | $components['coefficients'][] = BigInteger::createFromBinaryString($this->_string_shift($key, $length)); |
||
| 707 | } |
||
| 708 | } |
||
| 709 | |||
| 710 | return $components; |
||
| 711 | case self::PUBLIC_FORMAT_OPENSSH: |
||
| 712 | $parts = explode(' ', $key, 3); |
||
| 713 | |||
| 714 | $key = isset($parts[1]) ? base64_decode($parts[1]) : false; |
||
| 715 | if ($key === false) { |
||
| 716 | return false; |
||
| 717 | } |
||
| 718 | |||
| 719 | $comment = isset($parts[2]) ? $parts[2] : false; |
||
| 720 | |||
| 721 | $cleanup = substr($key, 0, 11) == "\0\0\0\7ssh-rsa"; |
||
| 722 | |||
| 723 | if (strlen($key) <= 4) { |
||
| 724 | return false; |
||
| 725 | } |
||
| 726 | extract(unpack('Nlength', $this->_string_shift($key, 4))); |
||
| 727 | $publicExponent = BigInteger::createFromBinaryString($this->_string_shift($key, $length)); |
||
| 728 | if (strlen($key) <= 4) { |
||
| 729 | return false; |
||
| 730 | } |
||
| 731 | extract(unpack('Nlength', $this->_string_shift($key, 4))); |
||
| 732 | $modulus = BigInteger::createFromBinaryString($this->_string_shift($key, $length)); |
||
| 733 | |||
| 734 | if ($cleanup && strlen($key)) { |
||
| 735 | if (strlen($key) <= 4) { |
||
| 736 | return false; |
||
| 737 | } |
||
| 738 | extract(unpack('Nlength', $this->_string_shift($key, 4))); |
||
| 739 | $realModulus = BigInteger::createFromBinaryString($this->_string_shift($key, $length)); |
||
| 740 | |||
| 741 | return strlen($key) ? false : [ |
||
| 742 | 'modulus' => $realModulus, |
||
| 743 | 'publicExponent' => $modulus, |
||
| 744 | 'comment' => $comment, |
||
| 745 | ]; |
||
| 746 | } else { |
||
| 747 | return strlen($key) ? false : [ |
||
| 748 | 'modulus' => $modulus, |
||
| 749 | 'publicExponent' => $publicExponent, |
||
| 750 | 'comment' => $comment, |
||
| 751 | ]; |
||
| 752 | } |
||
| 753 | // http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue |
||
| 754 | // http://en.wikipedia.org/wiki/XML_Signature |
||
| 755 | case self::PRIVATE_FORMAT_XML: |
||
| 756 | case self::PUBLIC_FORMAT_XML: |
||
| 757 | $this->components = []; |
||
| 758 | |||
| 759 | $xml = xml_parser_create('UTF-8'); |
||
| 760 | xml_set_object($xml, $this); |
||
| 761 | xml_set_element_handler($xml, '_start_element_handler', '_stop_element_handler'); |
||
| 762 | xml_set_character_data_handler($xml, '_data_handler'); |
||
| 763 | // add <xml></xml> to account for "dangling" tags like <BitStrength>...</BitStrength> that are sometimes added |
||
| 764 | if (!xml_parse($xml, '<xml>'.$key.'</xml>')) { |
||
| 765 | return false; |
||
| 766 | } |
||
| 767 | |||
| 768 | return isset($this->components['modulus']) && isset($this->components['publicExponent']) ? $this->components : false; |
||
| 769 | // from PuTTY's SSHPUBK.C |
||
| 770 | case self::PRIVATE_FORMAT_PUTTY: |
||
| 771 | $components = []; |
||
| 772 | $key = preg_split('#\r\n|\r|\n#', $key); |
||
| 773 | $type = trim(preg_replace('#PuTTY-User-Key-File-2: (.+)#', '$1', $key[0])); |
||
| 774 | if ($type != 'ssh-rsa') { |
||
| 775 | return false; |
||
| 776 | } |
||
| 777 | $encryption = trim(preg_replace('#Encryption: (.+)#', '$1', $key[1])); |
||
| 778 | $comment = trim(preg_replace('#Comment: (.+)#', '$1', $key[2])); |
||
| 779 | |||
| 780 | $publicLength = trim(preg_replace('#Public-Lines: (\d+)#', '$1', $key[3])); |
||
| 781 | $public = base64_decode(implode('', array_map('trim', array_slice($key, 4, $publicLength)))); |
||
| 782 | $public = substr($public, 11); |
||
| 783 | extract(unpack('Nlength', $this->_string_shift($public, 4))); |
||
| 784 | $components['publicExponent'] = BigInteger::createFromBinaryString($this->_string_shift($public, $length)); |
||
| 785 | extract(unpack('Nlength', $this->_string_shift($public, 4))); |
||
| 786 | $components['modulus'] = BigInteger::createFromBinaryString($this->_string_shift($public, $length)); |
||
| 787 | |||
| 788 | $privateLength = trim(preg_replace('#Private-Lines: (\d+)#', '$1', $key[$publicLength + 4])); |
||
| 789 | $private = base64_decode(implode('', array_map('trim', array_slice($key, $publicLength + 5, $privateLength)))); |
||
| 790 | |||
| 791 | switch ($encryption) { |
||
| 792 | case 'aes256-cbc': |
||
| 793 | $symkey = ''; |
||
| 794 | $sequence = 0; |
||
| 795 | while (strlen($symkey) < 32) { |
||
| 796 | $temp = pack('Na*', $sequence++, $this->password); |
||
| 797 | $symkey .= pack('H*', sha1($temp)); |
||
| 798 | } |
||
| 799 | $symkey = substr($symkey, 0, 32); |
||
| 800 | $crypto = new AES(); |
||
| 801 | } |
||
| 802 | |||
| 803 | if ($encryption != 'none') { |
||
| 804 | $crypto->setKey($symkey); |
||
| 805 | $crypto->disablePadding(); |
||
| 806 | $private = $crypto->decrypt($private); |
||
| 807 | if ($private === false) { |
||
| 808 | return false; |
||
| 809 | } |
||
| 810 | } |
||
| 811 | |||
| 812 | extract(unpack('Nlength', $this->_string_shift($private, 4))); |
||
| 813 | if (strlen($private) < $length) { |
||
| 814 | return false; |
||
| 815 | } |
||
| 816 | $components['privateExponent'] = BigInteger::createFromBinaryString($this->_string_shift($private, $length), true); |
||
| 817 | extract(unpack('Nlength', $this->_string_shift($private, 4))); |
||
| 818 | if (strlen($private) < $length) { |
||
| 819 | return false; |
||
| 820 | } |
||
| 821 | $components['primes'] = [1 => BigInteger::createFromBinaryString($this->_string_shift($private, $length), true)]; |
||
| 822 | extract(unpack('Nlength', $this->_string_shift($private, 4))); |
||
| 823 | if (strlen($private) < $length) { |
||
| 824 | return false; |
||
| 825 | } |
||
| 826 | $components['primes'][] = BigInteger::createFromBinaryString($this->_string_shift($private, $length), true); |
||
| 827 | |||
| 828 | $temp = $components['primes'][1]->subtract($this->one); |
||
| 829 | $components['exponents'] = [1 => $components['publicExponent']->modInverse($temp)]; |
||
| 830 | $temp = $components['primes'][2]->subtract($this->one); |
||
| 831 | $components['exponents'][] = $components['publicExponent']->modInverse($temp); |
||
| 832 | |||
| 833 | extract(unpack('Nlength', $this->_string_shift($private, 4))); |
||
| 834 | if (strlen($private) < $length) { |
||
| 835 | return false; |
||
| 836 | } |
||
| 837 | $components['coefficients'] = [2 => BigInteger::createFromBinaryString($this->_string_shift($private, $length), true)]; |
||
| 838 | |||
| 839 | return $components; |
||
| 840 | } |
||
| 841 | } |
||
| 842 | |||
| 843 | /** |
||
| 844 | * Start Element Handler. |
||
| 845 | * |
||
| 846 | * Called by xml_set_element_handler() |
||
| 847 | * |
||
| 848 | * @param resource $parser |
||
| 849 | * @param string $name |
||
| 850 | * @param array $attribs |
||
| 851 | */ |
||
| 852 | private function _start_element_handler($parser, $name, $attribs) |
||
| 882 | |||
| 883 | /** |
||
| 884 | * Stop Element Handler. |
||
| 885 | */ |
||
| 886 | private function _stop_element_handler() |
||
| 893 | |||
| 894 | /** |
||
| 895 | * Data Handler. |
||
| 896 | * |
||
| 897 | * Called by xml_set_character_data_handler() |
||
| 898 | * |
||
| 899 | * @param resource $parser |
||
| 900 | * @param string $data |
||
| 901 | */ |
||
| 902 | public function _data_handler($parser, $data) |
||
| 909 | |||
| 910 | /** |
||
| 911 | * Loads a public or private key. |
||
| 912 | * |
||
| 913 | * Returns true on success and false on failure (ie. an incorrect password was provided or the key was malformed) |
||
| 914 | * |
||
| 915 | * @param string $key |
||
| 916 | * @param int $type optional |
||
| 917 | */ |
||
| 918 | public function loadKey($key, $type = false) |
||
| 1022 | |||
| 1023 | /** |
||
| 1024 | * DER-decode the length. |
||
| 1025 | * |
||
| 1026 | * DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4. See |
||
| 1027 | * {@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 paragraph 8.1.3} for more information. |
||
| 1028 | * |
||
| 1029 | * @param string $string |
||
| 1030 | * |
||
| 1031 | * @return int |
||
| 1032 | */ |
||
| 1033 | private function _decodeLength(&$string) |
||
| 1044 | |||
| 1045 | /** |
||
| 1046 | * String Shift. |
||
| 1047 | * |
||
| 1048 | * Inspired by array_shift |
||
| 1049 | * |
||
| 1050 | * @param string $string |
||
| 1051 | * @param int $index |
||
| 1052 | * |
||
| 1053 | * @return string |
||
| 1054 | */ |
||
| 1055 | private function _string_shift(&$string, $index = 1) |
||
| 1062 | |||
| 1063 | /** |
||
| 1064 | * Determines which hashing function should be used. |
||
| 1065 | * |
||
| 1066 | * Used with signature production / verification and (if the encryption mode is self::ENCRYPTION_OAEP) encryption and |
||
| 1067 | * decryption. If $hash isn't supported, sha1 is used. |
||
| 1068 | * |
||
| 1069 | * @param string $hash |
||
| 1070 | */ |
||
| 1071 | public function setHash($hash) |
||
| 1091 | |||
| 1092 | /** |
||
| 1093 | * Determines which hashing function should be used for the mask generation function. |
||
| 1094 | * |
||
| 1095 | * The mask generation function is used by self::ENCRYPTION_OAEP and self::SIGNATURE_PSS and although it's |
||
| 1096 | * best if Hash and MGFHash are set to the same thing this is not a requirement. |
||
| 1097 | * |
||
| 1098 | * @param string $hash |
||
| 1099 | */ |
||
| 1100 | public function setMGFHash($hash) |
||
| 1120 | |||
| 1121 | /** |
||
| 1122 | * Determines the salt length. |
||
| 1123 | * |
||
| 1124 | * To quote from {@link http://tools.ietf.org/html/rfc3447#page-38 RFC3447#page-38}: |
||
| 1125 | * |
||
| 1126 | * Typical salt lengths in octets are hLen (the length of the output |
||
| 1127 | * of the hash function Hash) and 0. |
||
| 1128 | * |
||
| 1129 | * @param int $format |
||
| 1130 | */ |
||
| 1131 | public function setSaltLength($sLen) |
||
| 1135 | |||
| 1136 | /** |
||
| 1137 | * Integer-to-Octet-String primitive. |
||
| 1138 | * |
||
| 1139 | * See {@link http://tools.ietf.org/html/rfc3447#section-4.1 RFC3447#section-4.1}. |
||
| 1140 | * |
||
| 1141 | * @param \Jose\Util\BigInteger $x |
||
| 1142 | * @param int $xLen |
||
| 1143 | * |
||
| 1144 | * @return string |
||
| 1145 | */ |
||
| 1146 | private function _i2osp($x, $xLen) |
||
| 1157 | |||
| 1158 | /** |
||
| 1159 | * Octet-String-to-Integer primitive. |
||
| 1160 | * |
||
| 1161 | * See {@link http://tools.ietf.org/html/rfc3447#section-4.2 RFC3447#section-4.2}. |
||
| 1162 | * |
||
| 1163 | * @param string $x |
||
| 1164 | * |
||
| 1165 | * @return \Jose\Util\BigInteger |
||
| 1166 | */ |
||
| 1167 | private function _os2ip($x) |
||
| 1171 | |||
| 1172 | /** |
||
| 1173 | * Exponentiate with or without Chinese Remainder Theorem. |
||
| 1174 | * |
||
| 1175 | * See {@link http://tools.ietf.org/html/rfc3447#section-5.1.1 RFC3447#section-5.1.2}. |
||
| 1176 | * |
||
| 1177 | * @param \Jose\Util\BigInteger $x |
||
| 1178 | * |
||
| 1179 | * @return \Jose\Util\BigInteger |
||
| 1180 | */ |
||
| 1181 | private function _exponentiate($x) |
||
| 1248 | |||
| 1249 | /** |
||
| 1250 | * Performs RSA Blinding. |
||
| 1251 | * |
||
| 1252 | * Protects against timing attacks by employing RSA Blinding. |
||
| 1253 | * Returns $x->modPow($this->exponents[$i], $this->primes[$i]) |
||
| 1254 | * |
||
| 1255 | * @param \Jose\Util\BigInteger $x |
||
| 1256 | * @param \Jose\Util\BigInteger $r |
||
| 1257 | * @param int $i |
||
| 1258 | * |
||
| 1259 | * @return \Jose\Util\BigInteger |
||
| 1260 | */ |
||
| 1261 | private function _blind($x, $r, $i) |
||
| 1272 | |||
| 1273 | /** |
||
| 1274 | * Performs blinded RSA equality testing. |
||
| 1275 | * |
||
| 1276 | * Protects against a particular type of timing attack described. |
||
| 1277 | * |
||
| 1278 | * See {@link http://codahale.com/a-lesson-in-timing-attacks/ A Lesson In Timing Attacks (or, Don't use MessageDigest.isEquals)} |
||
| 1279 | * |
||
| 1280 | * Thanks for the heads up singpolyma! |
||
| 1281 | * |
||
| 1282 | * @param string $x |
||
| 1283 | * @param string $y |
||
| 1284 | * |
||
| 1285 | * @return bool |
||
| 1286 | */ |
||
| 1287 | private function _equals($x, $y) |
||
| 1300 | |||
| 1301 | /** |
||
| 1302 | * RSAEP. |
||
| 1303 | * |
||
| 1304 | * See {@link http://tools.ietf.org/html/rfc3447#section-5.1.1 RFC3447#section-5.1.1}. |
||
| 1305 | * |
||
| 1306 | * @param \Jose\Util\BigInteger $m |
||
| 1307 | * |
||
| 1308 | * @return \Jose\Util\BigInteger |
||
| 1309 | */ |
||
| 1310 | private function _rsaep($m) |
||
| 1320 | |||
| 1321 | /** |
||
| 1322 | * RSADP. |
||
| 1323 | * |
||
| 1324 | * See {@link http://tools.ietf.org/html/rfc3447#section-5.1.2 RFC3447#section-5.1.2}. |
||
| 1325 | * |
||
| 1326 | * @param \Jose\Util\BigInteger $c |
||
| 1327 | * |
||
| 1328 | * @return \Jose\Util\BigInteger |
||
| 1329 | */ |
||
| 1330 | private function _rsadp($c) |
||
| 1340 | |||
| 1341 | /** |
||
| 1342 | * RSASP1. |
||
| 1343 | * |
||
| 1344 | * See {@link http://tools.ietf.org/html/rfc3447#section-5.2.1 RFC3447#section-5.2.1}. |
||
| 1345 | * |
||
| 1346 | * @param \Jose\Util\BigInteger $m |
||
| 1347 | * |
||
| 1348 | * @return \Jose\Util\BigInteger |
||
| 1349 | */ |
||
| 1350 | private function _rsasp1($m) |
||
| 1360 | |||
| 1361 | /** |
||
| 1362 | * RSAVP1. |
||
| 1363 | * |
||
| 1364 | * See {@link http://tools.ietf.org/html/rfc3447#section-5.2.2 RFC3447#section-5.2.2}. |
||
| 1365 | * |
||
| 1366 | * @param \Jose\Util\BigInteger $s |
||
| 1367 | * |
||
| 1368 | * @return \Jose\Util\BigInteger |
||
| 1369 | */ |
||
| 1370 | private function _rsavp1($s) |
||
| 1380 | |||
| 1381 | /** |
||
| 1382 | * MGF1. |
||
| 1383 | * |
||
| 1384 | * See {@link http://tools.ietf.org/html/rfc3447#appendix-B.2.1 RFC3447#appendix-B.2.1}. |
||
| 1385 | * |
||
| 1386 | * @param string $mgfSeed |
||
| 1387 | * @param int $mgfLen |
||
| 1388 | * |
||
| 1389 | * @return string |
||
| 1390 | */ |
||
| 1391 | private function _mgf1($mgfSeed, $maskLen) |
||
| 1404 | |||
| 1405 | /** |
||
| 1406 | * RSAES-OAEP-ENCRYPT. |
||
| 1407 | * |
||
| 1408 | * See {@link http://tools.ietf.org/html/rfc3447#section-7.1.1 RFC3447#section-7.1.1} and |
||
| 1409 | * {http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding OAES}. |
||
| 1410 | * |
||
| 1411 | * @param string $m |
||
| 1412 | * @param string $l |
||
| 1413 | * |
||
| 1414 | * @return string |
||
| 1415 | */ |
||
| 1416 | private function _rsaes_oaep_encrypt($m, $l = '') |
||
| 1453 | |||
| 1454 | /** |
||
| 1455 | * RSAES-OAEP-DECRYPT. |
||
| 1456 | * |
||
| 1457 | * See {@link http://tools.ietf.org/html/rfc3447#section-7.1.2 RFC3447#section-7.1.2}. The fact that the error |
||
| 1458 | * messages aren't distinguishable from one another hinders debugging, but, to quote from RFC3447#section-7.1.2: |
||
| 1459 | * |
||
| 1460 | * Note. Care must be taken to ensure that an opponent cannot |
||
| 1461 | * distinguish the different error conditions in Step 3.g, whether by |
||
| 1462 | * error message or timing, or, more generally, learn partial |
||
| 1463 | * information about the encoded message EM. Otherwise an opponent may |
||
| 1464 | * be able to obtain useful information about the decryption of the |
||
| 1465 | * ciphertext C, leading to a chosen-ciphertext attack such as the one |
||
| 1466 | * observed by Manger [36]. |
||
| 1467 | * |
||
| 1468 | * As for $l... to quote from {@link http://tools.ietf.org/html/rfc3447#page-17 RFC3447#page-17}: |
||
| 1469 | * |
||
| 1470 | * Both the encryption and the decryption operations of RSAES-OAEP take |
||
| 1471 | * the value of a label L as input. In this version of PKCS #1, L is |
||
| 1472 | * the empty string; other uses of the label are outside the scope of |
||
| 1473 | * this document. |
||
| 1474 | * |
||
| 1475 | * @param string $c |
||
| 1476 | * @param string $l |
||
| 1477 | * |
||
| 1478 | * @return string |
||
| 1479 | */ |
||
| 1480 | private function _rsaes_oaep_decrypt($c, $l = '') |
||
| 1532 | |||
| 1533 | /** |
||
| 1534 | * RSAES-PKCS1-V1_5-ENCRYPT. |
||
| 1535 | * |
||
| 1536 | * See {@link http://tools.ietf.org/html/rfc3447#section-7.2.1 RFC3447#section-7.2.1}. |
||
| 1537 | * |
||
| 1538 | * @param string $m |
||
| 1539 | * |
||
| 1540 | * @return string |
||
| 1541 | */ |
||
| 1542 | private function _rsaes_pkcs1_v1_5_encrypt($m) |
||
| 1581 | |||
| 1582 | /** |
||
| 1583 | * RSAES-PKCS1-V1_5-DECRYPT. |
||
| 1584 | * |
||
| 1585 | * See {@link http://tools.ietf.org/html/rfc3447#section-7.2.2 RFC3447#section-7.2.2}. |
||
| 1586 | * |
||
| 1587 | * For compatibility purposes, this function departs slightly from the description given in RFC3447. |
||
| 1588 | * The reason being that RFC2313#section-8.1 (PKCS#1 v1.5) states that ciphertext's encrypted by the |
||
| 1589 | * private key should have the second byte set to either 0 or 1 and that ciphertext's encrypted by the |
||
| 1590 | * public key should have the second byte set to 2. In RFC3447 (PKCS#1 v2.1), the second byte is supposed |
||
| 1591 | * to be 2 regardless of which key is used. For compatibility purposes, we'll just check to make sure the |
||
| 1592 | * second byte is 2 or less. If it is, we'll accept the decrypted string as valid. |
||
| 1593 | * |
||
| 1594 | * As a consequence of this, a private key encrypted ciphertext produced with \phpseclib\Crypt\RSA may not decrypt |
||
| 1595 | * with a strictly PKCS#1 v1.5 compliant RSA implementation. Public key encrypted ciphertext's should but |
||
| 1596 | * not private key encrypted ciphertext's. |
||
| 1597 | * |
||
| 1598 | * @param string $c |
||
| 1599 | * |
||
| 1600 | * @return string |
||
| 1601 | */ |
||
| 1602 | private function _rsaes_pkcs1_v1_5_decrypt($c) |
||
| 1645 | |||
| 1646 | /** |
||
| 1647 | * EMSA-PSS-ENCODE. |
||
| 1648 | * |
||
| 1649 | * See {@link http://tools.ietf.org/html/rfc3447#section-9.1.1 RFC3447#section-9.1.1}. |
||
| 1650 | * |
||
| 1651 | * @param string $m |
||
| 1652 | * @param int $emBits |
||
| 1653 | */ |
||
| 1654 | private function _emsa_pss_encode($m, $emBits) |
||
| 1681 | |||
| 1682 | /** |
||
| 1683 | * EMSA-PSS-VERIFY. |
||
| 1684 | * |
||
| 1685 | * See {@link http://tools.ietf.org/html/rfc3447#section-9.1.2 RFC3447#section-9.1.2}. |
||
| 1686 | * |
||
| 1687 | * @param string $m |
||
| 1688 | * @param string $em |
||
| 1689 | * @param int $emBits |
||
| 1690 | * |
||
| 1691 | * @return string |
||
| 1692 | */ |
||
| 1693 | private function _emsa_pss_verify($m, $em, $emBits) |
||
| 1729 | |||
| 1730 | /** |
||
| 1731 | * RSASSA-PSS-SIGN. |
||
| 1732 | * |
||
| 1733 | * See {@link http://tools.ietf.org/html/rfc3447#section-8.1.1 RFC3447#section-8.1.1}. |
||
| 1734 | * |
||
| 1735 | * @param string $m |
||
| 1736 | * |
||
| 1737 | * @return string |
||
| 1738 | */ |
||
| 1739 | private function _rsassa_pss_sign($m) |
||
| 1755 | |||
| 1756 | /** |
||
| 1757 | * RSASSA-PSS-VERIFY. |
||
| 1758 | * |
||
| 1759 | * See {@link http://tools.ietf.org/html/rfc3447#section-8.1.2 RFC3447#section-8.1.2}. |
||
| 1760 | * |
||
| 1761 | * @param string $m |
||
| 1762 | * @param string $s |
||
| 1763 | * |
||
| 1764 | * @return string |
||
| 1765 | */ |
||
| 1766 | private function _rsassa_pss_verify($m, $s) |
||
| 1798 | |||
| 1799 | /** |
||
| 1800 | * EMSA-PKCS1-V1_5-ENCODE. |
||
| 1801 | * |
||
| 1802 | * See {@link http://tools.ietf.org/html/rfc3447#section-9.2 RFC3447#section-9.2}. |
||
| 1803 | * |
||
| 1804 | * @param string $m |
||
| 1805 | * @param int $emLen |
||
| 1806 | * |
||
| 1807 | * @return string |
||
| 1808 | */ |
||
| 1809 | private function _emsa_pkcs1_v1_5_encode($m, $emLen) |
||
| 1851 | |||
| 1852 | /** |
||
| 1853 | * RSASSA-PKCS1-V1_5-SIGN. |
||
| 1854 | * |
||
| 1855 | * See {@link http://tools.ietf.org/html/rfc3447#section-8.2.1 RFC3447#section-8.2.1}. |
||
| 1856 | * |
||
| 1857 | * @param string $m |
||
| 1858 | * |
||
| 1859 | * @return string |
||
| 1860 | */ |
||
| 1861 | private function _rsassa_pkcs1_v1_5_sign($m) |
||
| 1882 | |||
| 1883 | /** |
||
| 1884 | * RSASSA-PKCS1-V1_5-VERIFY. |
||
| 1885 | * |
||
| 1886 | * See {@link http://tools.ietf.org/html/rfc3447#section-8.2.2 RFC3447#section-8.2.2}. |
||
| 1887 | * |
||
| 1888 | * @param string $m |
||
| 1889 | * |
||
| 1890 | * @return string |
||
| 1891 | */ |
||
| 1892 | private function _rsassa_pkcs1_v1_5_verify($m, $s) |
||
| 1930 | |||
| 1931 | /** |
||
| 1932 | * Set Encryption Mode. |
||
| 1933 | * |
||
| 1934 | * Valid values include self::ENCRYPTION_OAEP and self::ENCRYPTION_PKCS1. |
||
| 1935 | * |
||
| 1936 | * @param int $mode |
||
| 1937 | */ |
||
| 1938 | public function setEncryptionMode($mode) |
||
| 1942 | |||
| 1943 | /** |
||
| 1944 | * Set Signature Mode. |
||
| 1945 | * |
||
| 1946 | * Valid values include self::SIGNATURE_PSS and self::SIGNATURE_PKCS1 |
||
| 1947 | * |
||
| 1948 | * @param int $mode |
||
| 1949 | */ |
||
| 1950 | public function setSignatureMode($mode) |
||
| 1954 | |||
| 1955 | /** |
||
| 1956 | * Encryption. |
||
| 1957 | * |
||
| 1958 | * Both self::ENCRYPTION_OAEP and self::ENCRYPTION_PKCS1 both place limits on how long $plaintext can be. |
||
| 1959 | * If $plaintext exceeds those limits it will be broken up so that it does and the resultant ciphertext's will |
||
| 1960 | * be concatenated together. |
||
| 1961 | * |
||
| 1962 | * @see self::decrypt() |
||
| 1963 | * |
||
| 1964 | * @param string $plaintext |
||
| 1965 | * |
||
| 1966 | * @return string |
||
| 1967 | */ |
||
| 1968 | public function encrypt($plaintext) |
||
| 2000 | |||
| 2001 | /** |
||
| 2002 | * Decryption. |
||
| 2003 | * |
||
| 2004 | * @see self::encrypt() |
||
| 2005 | * |
||
| 2006 | * @param string $plaintext |
||
| 2007 | * |
||
| 2008 | * @return string |
||
| 2009 | */ |
||
| 2010 | public function decrypt($ciphertext) |
||
| 2040 | |||
| 2041 | /** |
||
| 2042 | * Create a signature. |
||
| 2043 | * |
||
| 2044 | * @see self::verify() |
||
| 2045 | * |
||
| 2046 | * @param string $message |
||
| 2047 | * |
||
| 2048 | * @return string |
||
| 2049 | */ |
||
| 2050 | public function sign($message) |
||
| 2064 | |||
| 2065 | /** |
||
| 2066 | * Verifies a signature. |
||
| 2067 | * |
||
| 2068 | * @see self::sign() |
||
| 2069 | * |
||
| 2070 | * @param string $message |
||
| 2071 | * @param string $signature |
||
| 2072 | * |
||
| 2073 | * @return bool |
||
| 2074 | */ |
||
| 2075 | public function verify($message, $signature) |
||
| 2089 | |||
| 2090 | /** |
||
| 2091 | * Extract raw BER from Base64 encoding. |
||
| 2092 | * |
||
| 2093 | * @param string $str |
||
| 2094 | * |
||
| 2095 | * @return string |
||
| 2096 | */ |
||
| 2097 | private function _extractBER($str) |
||
| 2117 | |||
| 2118 | /** |
||
| 2119 | * Defines the public key. |
||
| 2120 | * |
||
| 2121 | * Some private key formats define the public exponent and some don't. Those that don't define it are problematic when |
||
| 2122 | * used in certain contexts. For example, in SSH-2, RSA authentication works by sending the public key along with a |
||
| 2123 | * message signed by the private key to the server. The SSH-2 server looks the public key up in an index of public keys |
||
| 2124 | * and if it's present then proceeds to verify the signature. Problem is, if your private key doesn't include the public |
||
| 2125 | * exponent this won't work unless you manually add the public exponent. phpseclib tries to guess if the key being used |
||
| 2126 | * is the public key but in the event that it guesses incorrectly you might still want to explicitly set the key as being |
||
| 2127 | * public. |
||
| 2128 | * |
||
| 2129 | * Do note that when a new key is loaded the index will be cleared. |
||
| 2130 | * |
||
| 2131 | * Returns true on success, false on failure |
||
| 2132 | * |
||
| 2133 | * @see self::getPublicKey() |
||
| 2134 | * |
||
| 2135 | * @param string $key optional |
||
| 2136 | * @param int $type optional |
||
| 2137 | * |
||
| 2138 | * @return bool |
||
| 2139 | */ |
||
| 2140 | private function setPublicKey($key = false, $type = false) |
||
| 2185 | } |
||
| 2186 |
Loading history...
If you suppress an error, we recommend checking for the error condition explicitly: