Spomky-Labs /
jose
Complex classes like RSA often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use RSA, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 19 | final class RSA |
||
| 20 | { |
||
| 21 | /**#@+ |
||
| 22 | * @see self::encrypt() |
||
| 23 | * @see self::decrypt() |
||
| 24 | */ |
||
| 25 | /** |
||
| 26 | * Use {@link http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding Optimal Asymmetric Encryption Padding} |
||
| 27 | * (OAEP) for encryption / decryption. |
||
| 28 | * |
||
| 29 | * Uses sha1 by default. |
||
| 30 | * |
||
| 31 | * @see self::setHash() |
||
| 32 | * @see self::setMGFHash() |
||
| 33 | */ |
||
| 34 | const ENCRYPTION_OAEP = 1; |
||
| 35 | |||
| 36 | /** |
||
| 37 | * Use PKCS#1 padding. |
||
| 38 | * |
||
| 39 | * Although self::ENCRYPTION_OAEP offers more security, including PKCS#1 padding is necessary for purposes of backwards |
||
| 40 | * compatibility with protocols (like SSH-1) written before OAEP's introduction. |
||
| 41 | */ |
||
| 42 | const ENCRYPTION_PKCS1 = 2; |
||
| 43 | |||
| 44 | /** |
||
| 45 | * Do not use any padding. |
||
| 46 | * |
||
| 47 | * Although this method is not recommended it can none-the-less sometimes be useful if you're trying to decrypt some legacy |
||
| 48 | * stuff, if you're trying to diagnose why an encrypted message isn't decrypting, etc. |
||
| 49 | */ |
||
| 50 | const ENCRYPTION_NONE = 3; |
||
| 51 | /**#@-*/ |
||
| 52 | |||
| 53 | /**#@+ |
||
| 54 | * @see self::sign() |
||
| 55 | * @see self::verify() |
||
| 56 | * @see self::setHash() |
||
| 57 | */ |
||
| 58 | /** |
||
| 59 | * Use the Probabilistic Signature Scheme for signing. |
||
| 60 | * |
||
| 61 | * Uses sha1 by default. |
||
| 62 | * |
||
| 63 | * @see self::setSaltLength() |
||
| 64 | * @see self::setMGFHash() |
||
| 65 | */ |
||
| 66 | const SIGNATURE_PSS = 1; |
||
| 67 | /** |
||
| 68 | * Use the PKCS#1 scheme by default. |
||
| 69 | * |
||
| 70 | * Although self::SIGNATURE_PSS offers more security, including PKCS#1 signing is necessary for purposes of backwards |
||
| 71 | * compatibility with protocols (like SSH-2) written before PSS's introduction. |
||
| 72 | */ |
||
| 73 | const SIGNATURE_PKCS1 = 2; |
||
| 74 | /**#@-*/ |
||
| 75 | |||
| 76 | /**#@+ |
||
| 77 | * @see \phpseclib\Crypt\RSA::createKey() |
||
| 78 | */ |
||
| 79 | /** |
||
| 80 | * ASN1 Integer. |
||
| 81 | */ |
||
| 82 | const ASN1_INTEGER = 2; |
||
| 83 | /** |
||
| 84 | * ASN1 Bit String. |
||
| 85 | */ |
||
| 86 | const ASN1_BITSTRING = 3; |
||
| 87 | /** |
||
| 88 | * ASN1 Octet String. |
||
| 89 | */ |
||
| 90 | const ASN1_OCTETSTRING = 4; |
||
| 91 | /** |
||
| 92 | * ASN1 Object Identifier. |
||
| 93 | */ |
||
| 94 | const ASN1_OBJECT = 6; |
||
| 95 | /** |
||
| 96 | * ASN1 Sequence (with the constucted bit set). |
||
| 97 | */ |
||
| 98 | const ASN1_SEQUENCE = 48; |
||
| 99 | /**#@-*/ |
||
| 100 | |||
| 101 | /**#@+ |
||
| 102 | * @see \phpseclib\Crypt\RSA::__construct() |
||
| 103 | */ |
||
| 104 | /** |
||
| 105 | * To use the pure-PHP implementation. |
||
| 106 | */ |
||
| 107 | const MODE_INTERNAL = 1; |
||
| 108 | /** |
||
| 109 | * To use the OpenSSL library. |
||
| 110 | * |
||
| 111 | * (if enabled; otherwise, the internal implementation will be used) |
||
| 112 | */ |
||
| 113 | const MODE_OPENSSL = 2; |
||
| 114 | /**#@-*/ |
||
| 115 | |||
| 116 | /**#@+ |
||
| 117 | * @see \phpseclib\Crypt\RSA::createKey() |
||
| 118 | * @see \phpseclib\Crypt\RSA::setPrivateKeyFormat() |
||
| 119 | */ |
||
| 120 | /** |
||
| 121 | * PKCS#1 formatted private key. |
||
| 122 | * |
||
| 123 | * Used by OpenSSH |
||
| 124 | */ |
||
| 125 | const PRIVATE_FORMAT_PKCS1 = 0; |
||
| 126 | /** |
||
| 127 | * PuTTY formatted private key. |
||
| 128 | */ |
||
| 129 | const PRIVATE_FORMAT_PUTTY = 1; |
||
| 130 | /** |
||
| 131 | * XML formatted private key. |
||
| 132 | */ |
||
| 133 | const PRIVATE_FORMAT_XML = 2; |
||
| 134 | /** |
||
| 135 | * PKCS#8 formatted private key. |
||
| 136 | */ |
||
| 137 | const PRIVATE_FORMAT_PKCS8 = 8; |
||
| 138 | /**#@-*/ |
||
| 139 | |||
| 140 | /**#@+ |
||
| 141 | * @see \phpseclib\Crypt\RSA::createKey() |
||
| 142 | * @see \phpseclib\Crypt\RSA::setPublicKeyFormat() |
||
| 143 | */ |
||
| 144 | /** |
||
| 145 | * Raw public key. |
||
| 146 | * |
||
| 147 | * An array containing two \Jose\Util\BigInteger objects. |
||
| 148 | * |
||
| 149 | * The exponent can be indexed with any of the following: |
||
| 150 | * |
||
| 151 | * 0, e, exponent, publicExponent |
||
| 152 | * |
||
| 153 | * The modulus can be indexed with any of the following: |
||
| 154 | * |
||
| 155 | * 1, n, modulo, modulus |
||
| 156 | */ |
||
| 157 | const PUBLIC_FORMAT_RAW = 3; |
||
| 158 | /** |
||
| 159 | * PKCS#1 formatted public key (raw). |
||
| 160 | * |
||
| 161 | * Used by File/X509.php |
||
| 162 | * |
||
| 163 | * Has the following header: |
||
| 164 | * |
||
| 165 | * -----BEGIN RSA PUBLIC KEY----- |
||
| 166 | * |
||
| 167 | * Analogous to ssh-keygen's pem format (as specified by -m) |
||
| 168 | */ |
||
| 169 | const PUBLIC_FORMAT_PKCS1 = 4; |
||
| 170 | const PUBLIC_FORMAT_PKCS1_RAW = 4; |
||
| 171 | /** |
||
| 172 | * XML formatted public key. |
||
| 173 | */ |
||
| 174 | const PUBLIC_FORMAT_XML = 5; |
||
| 175 | /** |
||
| 176 | * OpenSSH formatted public key. |
||
| 177 | * |
||
| 178 | * Place in $HOME/.ssh/authorized_keys |
||
| 179 | */ |
||
| 180 | const PUBLIC_FORMAT_OPENSSH = 6; |
||
| 181 | /** |
||
| 182 | * PKCS#1 formatted public key (encapsulated). |
||
| 183 | * |
||
| 184 | * Used by PHP's openssl_public_encrypt() and openssl's rsautl (when -pubin is set) |
||
| 185 | * |
||
| 186 | * Has the following header: |
||
| 187 | * |
||
| 188 | * -----BEGIN PUBLIC KEY----- |
||
| 189 | * |
||
| 190 | * Analogous to ssh-keygen's pkcs8 format (as specified by -m). Although PKCS8 |
||
| 191 | * is specific to private keys it's basically creating a DER-encoded wrapper |
||
| 192 | * for keys. This just extends that same concept to public keys (much like ssh-keygen) |
||
| 193 | */ |
||
| 194 | const PUBLIC_FORMAT_PKCS8 = 7; |
||
| 195 | /**#@-*/ |
||
| 196 | |||
| 197 | /** |
||
| 198 | * Precomputed Zero. |
||
| 199 | * |
||
| 200 | * @var array |
||
| 201 | */ |
||
| 202 | private $zero; |
||
| 203 | |||
| 204 | /** |
||
| 205 | * Precomputed One. |
||
| 206 | * |
||
| 207 | * @var array |
||
| 208 | */ |
||
| 209 | private $one; |
||
| 210 | |||
| 211 | /** |
||
| 212 | * Private Key Format. |
||
| 213 | * |
||
| 214 | * @var int |
||
| 215 | */ |
||
| 216 | private $privateKeyFormat = self::PRIVATE_FORMAT_PKCS1; |
||
| 217 | |||
| 218 | /** |
||
| 219 | * Public Key Format. |
||
| 220 | * |
||
| 221 | * @var int |
||
| 222 | */ |
||
| 223 | private $publicKeyFormat = self::PUBLIC_FORMAT_PKCS8; |
||
| 224 | |||
| 225 | /** |
||
| 226 | * Modulus (ie. n). |
||
| 227 | * |
||
| 228 | * @var \Jose\Util\BigInteger |
||
| 229 | */ |
||
| 230 | private $modulus; |
||
| 231 | |||
| 232 | /** |
||
| 233 | * Modulus length. |
||
| 234 | * |
||
| 235 | * @var \Jose\Util\BigInteger |
||
| 236 | */ |
||
| 237 | private $k; |
||
| 238 | |||
| 239 | /** |
||
| 240 | * Exponent (ie. e or d). |
||
| 241 | * |
||
| 242 | * @var \Jose\Util\BigInteger |
||
| 243 | */ |
||
| 244 | private $exponent; |
||
| 245 | |||
| 246 | /** |
||
| 247 | * Primes for Chinese Remainder Theorem (ie. p and q). |
||
| 248 | * |
||
| 249 | * @var array |
||
| 250 | */ |
||
| 251 | private $primes; |
||
| 252 | |||
| 253 | /** |
||
| 254 | * Exponents for Chinese Remainder Theorem (ie. dP and dQ). |
||
| 255 | * |
||
| 256 | * @var array |
||
| 257 | */ |
||
| 258 | private $exponents; |
||
| 259 | |||
| 260 | /** |
||
| 261 | * Coefficients for Chinese Remainder Theorem (ie. qInv). |
||
| 262 | * |
||
| 263 | * @var array |
||
| 264 | */ |
||
| 265 | private $coefficients; |
||
| 266 | |||
| 267 | /** |
||
| 268 | * Hash name. |
||
| 269 | * |
||
| 270 | * @var string |
||
| 271 | */ |
||
| 272 | private $hashName; |
||
| 273 | |||
| 274 | /** |
||
| 275 | * Hash function. |
||
| 276 | * |
||
| 277 | * @var \phpseclib\Crypt\Hash |
||
| 278 | */ |
||
| 279 | private $hash; |
||
| 280 | |||
| 281 | /** |
||
| 282 | * Length of hash function output. |
||
| 283 | * |
||
| 284 | * @var int |
||
| 285 | */ |
||
| 286 | private $hLen; |
||
| 287 | |||
| 288 | /** |
||
| 289 | * Length of salt. |
||
| 290 | * |
||
| 291 | * @var int |
||
| 292 | */ |
||
| 293 | private $sLen; |
||
| 294 | |||
| 295 | /** |
||
| 296 | * Hash function for the Mask Generation Function. |
||
| 297 | * |
||
| 298 | * @var \phpseclib\Crypt\Hash |
||
| 299 | */ |
||
| 300 | private $mgfHash; |
||
| 301 | |||
| 302 | /** |
||
| 303 | * Length of MGF hash function output. |
||
| 304 | * |
||
| 305 | * @var int |
||
| 306 | */ |
||
| 307 | private $mgfHLen; |
||
| 308 | |||
| 309 | /** |
||
| 310 | * Encryption mode. |
||
| 311 | * |
||
| 312 | * @var int |
||
| 313 | */ |
||
| 314 | private $encryptionMode = self::ENCRYPTION_OAEP; |
||
| 315 | |||
| 316 | /** |
||
| 317 | * Signature mode. |
||
| 318 | * |
||
| 319 | * @var int |
||
| 320 | */ |
||
| 321 | private $signatureMode = self::SIGNATURE_PSS; |
||
| 322 | |||
| 323 | /** |
||
| 324 | * Public Exponent. |
||
| 325 | * |
||
| 326 | * @var mixed |
||
| 327 | */ |
||
| 328 | private $publicExponent = false; |
||
| 329 | |||
| 330 | /** |
||
| 331 | * Password. |
||
| 332 | * |
||
| 333 | * @var string |
||
| 334 | */ |
||
| 335 | private $password = false; |
||
| 336 | |||
| 337 | /** |
||
| 338 | * Components. |
||
| 339 | * |
||
| 340 | * For use with parsing XML formatted keys. PHP's XML Parser functions use utilized - instead of PHP's DOM functions - |
||
| 341 | * because PHP's XML Parser functions work on PHP4 whereas PHP's DOM functions - although surperior - don't. |
||
| 342 | * |
||
| 343 | * @see self::_start_element_handler() |
||
| 344 | * |
||
| 345 | * @var array |
||
| 346 | */ |
||
| 347 | private $components = []; |
||
| 348 | |||
| 349 | /** |
||
| 350 | * Current String. |
||
| 351 | * |
||
| 352 | * For use with parsing XML formatted keys. |
||
| 353 | * |
||
| 354 | * @see self::_character_handler() |
||
| 355 | * @see self::_stop_element_handler() |
||
| 356 | * |
||
| 357 | * @var mixed |
||
| 358 | */ |
||
| 359 | private $current; |
||
| 360 | |||
| 361 | /** |
||
| 362 | * OpenSSL configuration file name. |
||
| 363 | * |
||
| 364 | * Set to null to use system configuration file. |
||
| 365 | * |
||
| 366 | * @see self::createKey() |
||
| 367 | * |
||
| 368 | * @var mixed |
||
| 369 | * @Access public |
||
| 370 | */ |
||
| 371 | private $configFile; |
||
| 372 | |||
| 373 | /** |
||
| 374 | * Public key comment field. |
||
| 375 | * |
||
| 376 | * @var string |
||
| 377 | */ |
||
| 378 | private $comment = 'phpseclib-generated-key'; |
||
| 379 | |||
| 380 | /** |
||
| 381 | * The constructor. |
||
| 382 | * |
||
| 383 | * If you want to make use of the openssl extension, you'll need to set the mode manually, yourself. The reason |
||
| 384 | * \phpseclib\Crypt\RSA doesn't do it is because OpenSSL doesn't fail gracefully. openssl_pkey_new(), in particular, requires |
||
| 385 | * openssl.cnf be present somewhere and, unfortunately, the only real way to find out is too late. |
||
| 386 | * |
||
| 387 | * @return \phpseclib\Crypt\RSA |
||
|
|
|||
| 388 | */ |
||
| 389 | public function __construct() |
||
| 450 | |||
| 451 | /** |
||
| 452 | * Break a public or private key down into its constituant components. |
||
| 453 | * |
||
| 454 | * @see self::_convertPublicKey() |
||
| 455 | * @see self::_convertPrivateKey() |
||
| 456 | * |
||
| 457 | * @param string $key |
||
| 458 | * @param int $type |
||
| 459 | * |
||
| 460 | * @return array |
||
| 461 | */ |
||
| 462 | private function _parseKey($key, $type) |
||
| 851 | |||
| 852 | /** |
||
| 853 | * Start Element Handler. |
||
| 854 | * |
||
| 855 | * Called by xml_set_element_handler() |
||
| 856 | * |
||
| 857 | * @param resource $parser |
||
| 858 | * @param string $name |
||
| 859 | * @param array $attribs |
||
| 860 | */ |
||
| 861 | private function _start_element_handler($parser, $name, $attribs) |
||
| 891 | |||
| 892 | /** |
||
| 893 | * Stop Element Handler. |
||
| 894 | * |
||
| 895 | * Called by xml_set_element_handler() |
||
| 896 | * |
||
| 897 | * @param resource $parser |
||
| 898 | * @param string $name |
||
| 899 | */ |
||
| 900 | private function _stop_element_handler($parser, $name) |
||
| 907 | |||
| 908 | /** |
||
| 909 | * Data Handler. |
||
| 910 | * |
||
| 911 | * Called by xml_set_character_data_handler() |
||
| 912 | * |
||
| 913 | * @param resource $parser |
||
| 914 | * @param string $data |
||
| 915 | */ |
||
| 916 | public function _data_handler($parser, $data) |
||
| 923 | |||
| 924 | /** |
||
| 925 | * Loads a public or private key. |
||
| 926 | * |
||
| 927 | * Returns true on success and false on failure (ie. an incorrect password was provided or the key was malformed) |
||
| 928 | * |
||
| 929 | * @param string $key |
||
| 930 | * @param int $type optional |
||
| 931 | */ |
||
| 932 | public function loadKey($key, $type = false) |
||
| 1036 | |||
| 1037 | /** |
||
| 1038 | * Generates the smallest and largest numbers requiring $bits bits. |
||
| 1039 | * |
||
| 1040 | * @param int $bits |
||
| 1041 | * |
||
| 1042 | * @return array |
||
| 1043 | */ |
||
| 1044 | private function _generateMinMax($bits) |
||
| 1062 | |||
| 1063 | /** |
||
| 1064 | * DER-decode the length. |
||
| 1065 | * |
||
| 1066 | * DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4. See |
||
| 1067 | * {@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 paragraph 8.1.3} for more information. |
||
| 1068 | * |
||
| 1069 | * @param string $string |
||
| 1070 | * |
||
| 1071 | * @return int |
||
| 1072 | */ |
||
| 1073 | private function _decodeLength(&$string) |
||
| 1084 | |||
| 1085 | /** |
||
| 1086 | * DER-encode the length. |
||
| 1087 | * |
||
| 1088 | * DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4. See |
||
| 1089 | * {@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 paragraph 8.1.3} for more information. |
||
| 1090 | * |
||
| 1091 | * @param int $length |
||
| 1092 | * |
||
| 1093 | * @return string |
||
| 1094 | */ |
||
| 1095 | private function _encodeLength($length) |
||
| 1105 | |||
| 1106 | /** |
||
| 1107 | * String Shift. |
||
| 1108 | * |
||
| 1109 | * Inspired by array_shift |
||
| 1110 | * |
||
| 1111 | * @param string $string |
||
| 1112 | * @param int $index |
||
| 1113 | * |
||
| 1114 | * @return string |
||
| 1115 | */ |
||
| 1116 | private function _string_shift(&$string, $index = 1) |
||
| 1123 | |||
| 1124 | /** |
||
| 1125 | * Determines which hashing function should be used. |
||
| 1126 | * |
||
| 1127 | * Used with signature production / verification and (if the encryption mode is self::ENCRYPTION_OAEP) encryption and |
||
| 1128 | * decryption. If $hash isn't supported, sha1 is used. |
||
| 1129 | * |
||
| 1130 | * @param string $hash |
||
| 1131 | */ |
||
| 1132 | public function setHash($hash) |
||
| 1152 | |||
| 1153 | /** |
||
| 1154 | * Determines which hashing function should be used for the mask generation function. |
||
| 1155 | * |
||
| 1156 | * The mask generation function is used by self::ENCRYPTION_OAEP and self::SIGNATURE_PSS and although it's |
||
| 1157 | * best if Hash and MGFHash are set to the same thing this is not a requirement. |
||
| 1158 | * |
||
| 1159 | * @param string $hash |
||
| 1160 | */ |
||
| 1161 | public function setMGFHash($hash) |
||
| 1181 | |||
| 1182 | /** |
||
| 1183 | * Determines the salt length. |
||
| 1184 | * |
||
| 1185 | * To quote from {@link http://tools.ietf.org/html/rfc3447#page-38 RFC3447#page-38}: |
||
| 1186 | * |
||
| 1187 | * Typical salt lengths in octets are hLen (the length of the output |
||
| 1188 | * of the hash function Hash) and 0. |
||
| 1189 | * |
||
| 1190 | * @param int $format |
||
| 1191 | */ |
||
| 1192 | public function setSaltLength($sLen) |
||
| 1196 | |||
| 1197 | /** |
||
| 1198 | * Integer-to-Octet-String primitive. |
||
| 1199 | * |
||
| 1200 | * See {@link http://tools.ietf.org/html/rfc3447#section-4.1 RFC3447#section-4.1}. |
||
| 1201 | * |
||
| 1202 | * @param \Jose\Util\BigInteger $x |
||
| 1203 | * @param int $xLen |
||
| 1204 | * |
||
| 1205 | * @return string |
||
| 1206 | */ |
||
| 1207 | private function _i2osp($x, $xLen) |
||
| 1218 | |||
| 1219 | /** |
||
| 1220 | * Octet-String-to-Integer primitive. |
||
| 1221 | * |
||
| 1222 | * See {@link http://tools.ietf.org/html/rfc3447#section-4.2 RFC3447#section-4.2}. |
||
| 1223 | * |
||
| 1224 | * @param string $x |
||
| 1225 | * |
||
| 1226 | * @return \Jose\Util\BigInteger |
||
| 1227 | */ |
||
| 1228 | private function _os2ip($x) |
||
| 1232 | |||
| 1233 | /** |
||
| 1234 | * Exponentiate with or without Chinese Remainder Theorem. |
||
| 1235 | * |
||
| 1236 | * See {@link http://tools.ietf.org/html/rfc3447#section-5.1.1 RFC3447#section-5.1.2}. |
||
| 1237 | * |
||
| 1238 | * @param \Jose\Util\BigInteger $x |
||
| 1239 | * |
||
| 1240 | * @return \Jose\Util\BigInteger |
||
| 1241 | */ |
||
| 1242 | private function _exponentiate($x) |
||
| 1309 | |||
| 1310 | /** |
||
| 1311 | * Performs RSA Blinding. |
||
| 1312 | * |
||
| 1313 | * Protects against timing attacks by employing RSA Blinding. |
||
| 1314 | * Returns $x->modPow($this->exponents[$i], $this->primes[$i]) |
||
| 1315 | * |
||
| 1316 | * @param \Jose\Util\BigInteger $x |
||
| 1317 | * @param \Jose\Util\BigInteger $r |
||
| 1318 | * @param int $i |
||
| 1319 | * |
||
| 1320 | * @return \Jose\Util\BigInteger |
||
| 1321 | */ |
||
| 1322 | private function _blind($x, $r, $i) |
||
| 1333 | |||
| 1334 | /** |
||
| 1335 | * Performs blinded RSA equality testing. |
||
| 1336 | * |
||
| 1337 | * Protects against a particular type of timing attack described. |
||
| 1338 | * |
||
| 1339 | * See {@link http://codahale.com/a-lesson-in-timing-attacks/ A Lesson In Timing Attacks (or, Don't use MessageDigest.isEquals)} |
||
| 1340 | * |
||
| 1341 | * Thanks for the heads up singpolyma! |
||
| 1342 | * |
||
| 1343 | * @param string $x |
||
| 1344 | * @param string $y |
||
| 1345 | * |
||
| 1346 | * @return bool |
||
| 1347 | */ |
||
| 1348 | private function _equals($x, $y) |
||
| 1361 | |||
| 1362 | /** |
||
| 1363 | * RSAEP. |
||
| 1364 | * |
||
| 1365 | * See {@link http://tools.ietf.org/html/rfc3447#section-5.1.1 RFC3447#section-5.1.1}. |
||
| 1366 | * |
||
| 1367 | * @param \Jose\Util\BigInteger $m |
||
| 1368 | * |
||
| 1369 | * @return \Jose\Util\BigInteger |
||
| 1370 | */ |
||
| 1371 | private function _rsaep($m) |
||
| 1381 | |||
| 1382 | /** |
||
| 1383 | * RSADP. |
||
| 1384 | * |
||
| 1385 | * See {@link http://tools.ietf.org/html/rfc3447#section-5.1.2 RFC3447#section-5.1.2}. |
||
| 1386 | * |
||
| 1387 | * @param \Jose\Util\BigInteger $c |
||
| 1388 | * |
||
| 1389 | * @return \Jose\Util\BigInteger |
||
| 1390 | */ |
||
| 1391 | private function _rsadp($c) |
||
| 1401 | |||
| 1402 | /** |
||
| 1403 | * RSASP1. |
||
| 1404 | * |
||
| 1405 | * See {@link http://tools.ietf.org/html/rfc3447#section-5.2.1 RFC3447#section-5.2.1}. |
||
| 1406 | * |
||
| 1407 | * @param \Jose\Util\BigInteger $m |
||
| 1408 | * |
||
| 1409 | * @return \Jose\Util\BigInteger |
||
| 1410 | */ |
||
| 1411 | private function _rsasp1($m) |
||
| 1421 | |||
| 1422 | /** |
||
| 1423 | * RSAVP1. |
||
| 1424 | * |
||
| 1425 | * See {@link http://tools.ietf.org/html/rfc3447#section-5.2.2 RFC3447#section-5.2.2}. |
||
| 1426 | * |
||
| 1427 | * @param \Jose\Util\BigInteger $s |
||
| 1428 | * |
||
| 1429 | * @return \Jose\Util\BigInteger |
||
| 1430 | */ |
||
| 1431 | private function _rsavp1($s) |
||
| 1441 | |||
| 1442 | /** |
||
| 1443 | * MGF1. |
||
| 1444 | * |
||
| 1445 | * See {@link http://tools.ietf.org/html/rfc3447#appendix-B.2.1 RFC3447#appendix-B.2.1}. |
||
| 1446 | * |
||
| 1447 | * @param string $mgfSeed |
||
| 1448 | * @param int $mgfLen |
||
| 1449 | * |
||
| 1450 | * @return string |
||
| 1451 | */ |
||
| 1452 | private function _mgf1($mgfSeed, $maskLen) |
||
| 1465 | |||
| 1466 | /** |
||
| 1467 | * RSAES-OAEP-ENCRYPT. |
||
| 1468 | * |
||
| 1469 | * See {@link http://tools.ietf.org/html/rfc3447#section-7.1.1 RFC3447#section-7.1.1} and |
||
| 1470 | * {http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding OAES}. |
||
| 1471 | * |
||
| 1472 | * @param string $m |
||
| 1473 | * @param string $l |
||
| 1474 | * |
||
| 1475 | * @return string |
||
| 1476 | */ |
||
| 1477 | private function _rsaes_oaep_encrypt($m, $l = '') |
||
| 1514 | |||
| 1515 | /** |
||
| 1516 | * RSAES-OAEP-DECRYPT. |
||
| 1517 | * |
||
| 1518 | * See {@link http://tools.ietf.org/html/rfc3447#section-7.1.2 RFC3447#section-7.1.2}. The fact that the error |
||
| 1519 | * messages aren't distinguishable from one another hinders debugging, but, to quote from RFC3447#section-7.1.2: |
||
| 1520 | * |
||
| 1521 | * Note. Care must be taken to ensure that an opponent cannot |
||
| 1522 | * distinguish the different error conditions in Step 3.g, whether by |
||
| 1523 | * error message or timing, or, more generally, learn partial |
||
| 1524 | * information about the encoded message EM. Otherwise an opponent may |
||
| 1525 | * be able to obtain useful information about the decryption of the |
||
| 1526 | * ciphertext C, leading to a chosen-ciphertext attack such as the one |
||
| 1527 | * observed by Manger [36]. |
||
| 1528 | * |
||
| 1529 | * As for $l... to quote from {@link http://tools.ietf.org/html/rfc3447#page-17 RFC3447#page-17}: |
||
| 1530 | * |
||
| 1531 | * Both the encryption and the decryption operations of RSAES-OAEP take |
||
| 1532 | * the value of a label L as input. In this version of PKCS #1, L is |
||
| 1533 | * the empty string; other uses of the label are outside the scope of |
||
| 1534 | * this document. |
||
| 1535 | * |
||
| 1536 | * @param string $c |
||
| 1537 | * @param string $l |
||
| 1538 | * |
||
| 1539 | * @return string |
||
| 1540 | */ |
||
| 1541 | private function _rsaes_oaep_decrypt($c, $l = '') |
||
| 1593 | |||
| 1594 | /** |
||
| 1595 | * Raw Encryption / Decryption. |
||
| 1596 | * |
||
| 1597 | * Doesn't use padding and is not recommended. |
||
| 1598 | * |
||
| 1599 | * @param string $m |
||
| 1600 | * |
||
| 1601 | * @return string |
||
| 1602 | */ |
||
| 1603 | private function _raw_encrypt($m) |
||
| 1610 | |||
| 1611 | /** |
||
| 1612 | * RSAES-PKCS1-V1_5-ENCRYPT. |
||
| 1613 | * |
||
| 1614 | * See {@link http://tools.ietf.org/html/rfc3447#section-7.2.1 RFC3447#section-7.2.1}. |
||
| 1615 | * |
||
| 1616 | * @param string $m |
||
| 1617 | * |
||
| 1618 | * @return string |
||
| 1619 | */ |
||
| 1620 | private function _rsaes_pkcs1_v1_5_encrypt($m) |
||
| 1659 | |||
| 1660 | /** |
||
| 1661 | * RSAES-PKCS1-V1_5-DECRYPT. |
||
| 1662 | * |
||
| 1663 | * See {@link http://tools.ietf.org/html/rfc3447#section-7.2.2 RFC3447#section-7.2.2}. |
||
| 1664 | * |
||
| 1665 | * For compatibility purposes, this function departs slightly from the description given in RFC3447. |
||
| 1666 | * The reason being that RFC2313#section-8.1 (PKCS#1 v1.5) states that ciphertext's encrypted by the |
||
| 1667 | * private key should have the second byte set to either 0 or 1 and that ciphertext's encrypted by the |
||
| 1668 | * public key should have the second byte set to 2. In RFC3447 (PKCS#1 v2.1), the second byte is supposed |
||
| 1669 | * to be 2 regardless of which key is used. For compatibility purposes, we'll just check to make sure the |
||
| 1670 | * second byte is 2 or less. If it is, we'll accept the decrypted string as valid. |
||
| 1671 | * |
||
| 1672 | * As a consequence of this, a private key encrypted ciphertext produced with \phpseclib\Crypt\RSA may not decrypt |
||
| 1673 | * with a strictly PKCS#1 v1.5 compliant RSA implementation. Public key encrypted ciphertext's should but |
||
| 1674 | * not private key encrypted ciphertext's. |
||
| 1675 | * |
||
| 1676 | * @param string $c |
||
| 1677 | * |
||
| 1678 | * @return string |
||
| 1679 | */ |
||
| 1680 | private function _rsaes_pkcs1_v1_5_decrypt($c) |
||
| 1723 | |||
| 1724 | /** |
||
| 1725 | * EMSA-PSS-ENCODE. |
||
| 1726 | * |
||
| 1727 | * See {@link http://tools.ietf.org/html/rfc3447#section-9.1.1 RFC3447#section-9.1.1}. |
||
| 1728 | * |
||
| 1729 | * @param string $m |
||
| 1730 | * @param int $emBits |
||
| 1731 | */ |
||
| 1732 | private function _emsa_pss_encode($m, $emBits) |
||
| 1759 | |||
| 1760 | /** |
||
| 1761 | * EMSA-PSS-VERIFY. |
||
| 1762 | * |
||
| 1763 | * See {@link http://tools.ietf.org/html/rfc3447#section-9.1.2 RFC3447#section-9.1.2}. |
||
| 1764 | * |
||
| 1765 | * @param string $m |
||
| 1766 | * @param string $em |
||
| 1767 | * @param int $emBits |
||
| 1768 | * |
||
| 1769 | * @return string |
||
| 1770 | */ |
||
| 1771 | private function _emsa_pss_verify($m, $em, $emBits) |
||
| 1807 | |||
| 1808 | /** |
||
| 1809 | * RSASSA-PSS-SIGN. |
||
| 1810 | * |
||
| 1811 | * See {@link http://tools.ietf.org/html/rfc3447#section-8.1.1 RFC3447#section-8.1.1}. |
||
| 1812 | * |
||
| 1813 | * @param string $m |
||
| 1814 | * |
||
| 1815 | * @return string |
||
| 1816 | */ |
||
| 1817 | private function _rsassa_pss_sign($m) |
||
| 1833 | |||
| 1834 | /** |
||
| 1835 | * RSASSA-PSS-VERIFY. |
||
| 1836 | * |
||
| 1837 | * See {@link http://tools.ietf.org/html/rfc3447#section-8.1.2 RFC3447#section-8.1.2}. |
||
| 1838 | * |
||
| 1839 | * @param string $m |
||
| 1840 | * @param string $s |
||
| 1841 | * |
||
| 1842 | * @return string |
||
| 1843 | */ |
||
| 1844 | private function _rsassa_pss_verify($m, $s) |
||
| 1876 | |||
| 1877 | /** |
||
| 1878 | * EMSA-PKCS1-V1_5-ENCODE. |
||
| 1879 | * |
||
| 1880 | * See {@link http://tools.ietf.org/html/rfc3447#section-9.2 RFC3447#section-9.2}. |
||
| 1881 | * |
||
| 1882 | * @param string $m |
||
| 1883 | * @param int $emLen |
||
| 1884 | * |
||
| 1885 | * @return string |
||
| 1886 | */ |
||
| 1887 | private function _emsa_pkcs1_v1_5_encode($m, $emLen) |
||
| 1929 | |||
| 1930 | /** |
||
| 1931 | * RSASSA-PKCS1-V1_5-SIGN. |
||
| 1932 | * |
||
| 1933 | * See {@link http://tools.ietf.org/html/rfc3447#section-8.2.1 RFC3447#section-8.2.1}. |
||
| 1934 | * |
||
| 1935 | * @param string $m |
||
| 1936 | * |
||
| 1937 | * @return string |
||
| 1938 | */ |
||
| 1939 | private function _rsassa_pkcs1_v1_5_sign($m) |
||
| 1960 | |||
| 1961 | /** |
||
| 1962 | * RSASSA-PKCS1-V1_5-VERIFY. |
||
| 1963 | * |
||
| 1964 | * See {@link http://tools.ietf.org/html/rfc3447#section-8.2.2 RFC3447#section-8.2.2}. |
||
| 1965 | * |
||
| 1966 | * @param string $m |
||
| 1967 | * |
||
| 1968 | * @return string |
||
| 1969 | */ |
||
| 1970 | private function _rsassa_pkcs1_v1_5_verify($m, $s) |
||
| 2008 | |||
| 2009 | /** |
||
| 2010 | * Set Encryption Mode. |
||
| 2011 | * |
||
| 2012 | * Valid values include self::ENCRYPTION_OAEP and self::ENCRYPTION_PKCS1. |
||
| 2013 | * |
||
| 2014 | * @param int $mode |
||
| 2015 | */ |
||
| 2016 | public function setEncryptionMode($mode) |
||
| 2020 | |||
| 2021 | /** |
||
| 2022 | * Set Signature Mode. |
||
| 2023 | * |
||
| 2024 | * Valid values include self::SIGNATURE_PSS and self::SIGNATURE_PKCS1 |
||
| 2025 | * |
||
| 2026 | * @param int $mode |
||
| 2027 | */ |
||
| 2028 | public function setSignatureMode($mode) |
||
| 2032 | |||
| 2033 | /** |
||
| 2034 | * Encryption. |
||
| 2035 | * |
||
| 2036 | * Both self::ENCRYPTION_OAEP and self::ENCRYPTION_PKCS1 both place limits on how long $plaintext can be. |
||
| 2037 | * If $plaintext exceeds those limits it will be broken up so that it does and the resultant ciphertext's will |
||
| 2038 | * be concatenated together. |
||
| 2039 | * |
||
| 2040 | * @see self::decrypt() |
||
| 2041 | * |
||
| 2042 | * @param string $plaintext |
||
| 2043 | * |
||
| 2044 | * @return string |
||
| 2045 | */ |
||
| 2046 | public function encrypt($plaintext) |
||
| 2086 | |||
| 2087 | /** |
||
| 2088 | * Decryption. |
||
| 2089 | * |
||
| 2090 | * @see self::encrypt() |
||
| 2091 | * |
||
| 2092 | * @param string $plaintext |
||
| 2093 | * |
||
| 2094 | * @return string |
||
| 2095 | */ |
||
| 2096 | public function decrypt($ciphertext) |
||
| 2129 | |||
| 2130 | /** |
||
| 2131 | * Create a signature. |
||
| 2132 | * |
||
| 2133 | * @see self::verify() |
||
| 2134 | * |
||
| 2135 | * @param string $message |
||
| 2136 | * |
||
| 2137 | * @return string |
||
| 2138 | */ |
||
| 2139 | public function sign($message) |
||
| 2153 | |||
| 2154 | /** |
||
| 2155 | * Verifies a signature. |
||
| 2156 | * |
||
| 2157 | * @see self::sign() |
||
| 2158 | * |
||
| 2159 | * @param string $message |
||
| 2160 | * @param string $signature |
||
| 2161 | * |
||
| 2162 | * @return bool |
||
| 2163 | */ |
||
| 2164 | public function verify($message, $signature) |
||
| 2178 | |||
| 2179 | /** |
||
| 2180 | * Extract raw BER from Base64 encoding. |
||
| 2181 | * |
||
| 2182 | * @param string $str |
||
| 2183 | * |
||
| 2184 | * @return string |
||
| 2185 | */ |
||
| 2186 | private function _extractBER($str) |
||
| 2206 | |||
| 2207 | /** |
||
| 2208 | * Defines the public key. |
||
| 2209 | * |
||
| 2210 | * Some private key formats define the public exponent and some don't. Those that don't define it are problematic when |
||
| 2211 | * used in certain contexts. For example, in SSH-2, RSA authentication works by sending the public key along with a |
||
| 2212 | * message signed by the private key to the server. The SSH-2 server looks the public key up in an index of public keys |
||
| 2213 | * and if it's present then proceeds to verify the signature. Problem is, if your private key doesn't include the public |
||
| 2214 | * exponent this won't work unless you manually add the public exponent. phpseclib tries to guess if the key being used |
||
| 2215 | * is the public key but in the event that it guesses incorrectly you might still want to explicitly set the key as being |
||
| 2216 | * public. |
||
| 2217 | * |
||
| 2218 | * Do note that when a new key is loaded the index will be cleared. |
||
| 2219 | * |
||
| 2220 | * Returns true on success, false on failure |
||
| 2221 | * |
||
| 2222 | * @see self::getPublicKey() |
||
| 2223 | * |
||
| 2224 | * @param string $key optional |
||
| 2225 | * @param int $type optional |
||
| 2226 | * |
||
| 2227 | * @return bool |
||
| 2228 | */ |
||
| 2229 | private function setPublicKey($key = false, $type = false) |
||
| 2274 | |||
| 2275 | /** |
||
| 2276 | * Defines the private key. |
||
| 2277 | * |
||
| 2278 | * If phpseclib guessed a private key was a public key and loaded it as such it might be desirable to force |
||
| 2279 | * phpseclib to treat the key as a private key. This function will do that. |
||
| 2280 | * |
||
| 2281 | * Do note that when a new key is loaded the index will be cleared. |
||
| 2282 | * |
||
| 2283 | * Returns true on success, false on failure |
||
| 2284 | * |
||
| 2285 | * @see self::getPublicKey() |
||
| 2286 | * |
||
| 2287 | * @param string $key optional |
||
| 2288 | * @param int $type optional |
||
| 2289 | * |
||
| 2290 | * @return bool |
||
| 2291 | */ |
||
| 2292 | private function setPrivateKey($key = false, $type = false) |
||
| 2311 | } |
||
| 2312 |
Loading history...
Adding a
@returnannotation to a constructor is not recommended, since a constructor does not have a meaningful return value.Please refer to the PHP core documentation on constructors.