mirror of
https://github.com/phpseclib/phpseclib.git
synced 2024-12-25 11:20:03 +00:00
RSA: rm ENCRYPTION_PKCS15_COMPAT mode
This commit is contained in:
parent
881fbd78ee
commit
0b231cc53b
@ -109,12 +109,6 @@ abstract class RSA extends AsymmetricKey
|
||||
* stuff, if you're trying to diagnose why an encrypted message isn't decrypting, etc.
|
||||
*/
|
||||
const ENCRYPTION_NONE = 4;
|
||||
/**
|
||||
* Use PKCS#1 padding with PKCS1 v1.5 compatibility
|
||||
*
|
||||
* A PKCS1 v2.1 encrypted message may not successfully decrypt with a PKCS1 v1.5 implementation (such as OpenSSL).
|
||||
*/
|
||||
const ENCRYPTION_PKCS15_COMPAT = 8;
|
||||
/**#@-*/
|
||||
|
||||
/**#@+
|
||||
@ -747,8 +741,7 @@ abstract class RSA extends AsymmetricKey
|
||||
$masks = [
|
||||
self::ENCRYPTION_OAEP,
|
||||
self::ENCRYPTION_PKCS1,
|
||||
self::ENCRYPTION_NONE,
|
||||
self::ENCRYPTION_PKCS15_COMPAT
|
||||
self::ENCRYPTION_NONE
|
||||
];
|
||||
$numSelected = 0;
|
||||
$selected = 0;
|
||||
|
@ -324,17 +324,6 @@ class PrivateKey extends RSA implements Common\PrivateKey
|
||||
*
|
||||
* See {@link http://tools.ietf.org/html/rfc3447#section-7.2.2 RFC3447#section-7.2.2}.
|
||||
*
|
||||
* For compatibility purposes, this function departs slightly from the description given in RFC3447.
|
||||
* The reason being that RFC2313#section-8.1 (PKCS#1 v1.5) states that ciphertext's encrypted by the
|
||||
* private key should have the second byte set to either 0 or 1 and that ciphertext's encrypted by the
|
||||
* public key should have the second byte set to 2. In RFC3447 (PKCS#1 v2.1), the second byte is supposed
|
||||
* to be 2 regardless of which key is used. For compatibility purposes, we'll just check to make sure the
|
||||
* second byte is 2 or less. If it is, we'll accept the decrypted string as valid.
|
||||
*
|
||||
* As a consequence of this, a private key encrypted ciphertext produced with \phpseclib3\Crypt\RSA may not decrypt
|
||||
* with a strictly PKCS#1 v1.5 compliant RSA implementation. Public key encrypted ciphertext's should but
|
||||
* not private key encrypted ciphertext's.
|
||||
*
|
||||
* @access private
|
||||
* @param string $c
|
||||
* @return bool|string
|
||||
|
@ -329,12 +329,6 @@ class PublicKey extends RSA implements Common\PublicKey
|
||||
$ps.= $temp;
|
||||
}
|
||||
$type = 2;
|
||||
// see the comments of _rsaes_pkcs1_v1_5_decrypt() to understand why this is being done
|
||||
if ($pkcs15_compat && (!isset($this->publicExponent) || $this->exponent !== $this->publicExponent)) {
|
||||
$type = 1;
|
||||
// "The padding string PS shall consist of k-3-||D|| octets. ... for block type 01, they shall have value FF"
|
||||
$ps = str_repeat("\xFF", $psLen);
|
||||
}
|
||||
$em = chr(0) . chr($type) . $ps . chr(0) . $m;
|
||||
|
||||
// RSA encryption
|
||||
@ -450,10 +444,8 @@ class PublicKey extends RSA implements Common\PublicKey
|
||||
switch ($this->encryptionPadding) {
|
||||
case self::ENCRYPTION_NONE:
|
||||
return $this->raw_encrypt($plaintext);
|
||||
case self::ENCRYPTION_PKCS15_COMPAT:
|
||||
case self::ENCRYPTION_PKCS1:
|
||||
$pkcs15_compat = $this->encryptionPadding & self::ENCRYPTION_PKCS15_COMPAT;
|
||||
return $this->rsaes_pkcs1_v1_5_encrypt($plaintext, $pkcs15_compat);
|
||||
return $this->rsaes_pkcs1_v1_5_encrypt($plaintext);
|
||||
//case self::ENCRYPTION_OAEP:
|
||||
default:
|
||||
return $this->rsaes_oaep_encrypt($plaintext);
|
||||
|
Loading…
Reference in New Issue
Block a user