diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index 58f7f0d1..1bce5ba2 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -512,11 +512,6 @@ class X509 ); } - if ($algorithm == 'rsaEncryption') { - $cert['signatureAlgorithm']['parameters'] = null; - $cert['tbsCertificate']['signature']['parameters'] = null; - } - $filters = []; $type_utf8_string = ['type' => ASN1::TYPE_UTF8_STRING]; $filters['tbsCertificate']['signature']['parameters'] = $type_utf8_string; @@ -2879,7 +2874,10 @@ class X509 case 'sha256': case 'sha384': case 'sha512': - return ['algorithm' => $key->getHash()->__toString() . 'WithRSAEncryption']; + return [ + 'algorithm' => $key->getHash()->__toString() . 'WithRSAEncryption', + 'parameters' => null + ]; } throw new UnsupportedAlgorithmException('The only supported hash algorithms for RSA are: md2, md5, sha1, sha224, sha256, sha384, sha512'); } diff --git a/tests/Unit/File/X509/CSRTest.php b/tests/Unit/File/X509/CSRTest.php index 2b50519f..a0229bca 100644 --- a/tests/Unit/File/X509/CSRTest.php +++ b/tests/Unit/File/X509/CSRTest.php @@ -126,7 +126,7 @@ U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ $x509->setDN(['cn' => 'website.com']); $x509->saveCSR($x509->signCSR(), X509::FORMAT_DER); self::assertSame( - 'MIIBUzCBvwIBADAWMRQwEgYDVQQDDAt3ZWJzaXRlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqhirpDtQ3u84WY+vh9KrY05FccEwqbynuHgmdBT6q4tHG9iWX1yfw4GEher1KcJiRvMFUGSo3hnIwzi+VJbLrrBZ3As1gUO0SjVEnrJkETEhpFW9f94/rJGelLVvubtPZRzbI+rUOdbNUj6wgZHnWzX9E6dBmzCQ8keHvU9OGWcCAwEAAaAAMAsGCSqGSIb3DQEBBQOBgQAruS36X6T32X3kim5csJ/0iY+kS8MBt3D3geHLZx6ZAHI7olklEaGONJp+xajT3xMwKS3Anwe8Xpmqcn8+hAOJdZG0xHF2+S/T469UX32uiPtCiNvRC2RJo57wMj3X+2BCjC0WseYb6WHurnhu7u8zWcA3TEGyxyo+FDjMjFWsZA==', + 'MIIBVTCBvwIBADAWMRQwEgYDVQQDDAt3ZWJzaXRlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqhirpDtQ3u84WY+vh9KrY05FccEwqbynuHgmdBT6q4tHG9iWX1yfw4GEher1KcJiRvMFUGSo3hnIwzi+VJbLrrBZ3As1gUO0SjVEnrJkETEhpFW9f94/rJGelLVvubtPZRzbI+rUOdbNUj6wgZHnWzX9E6dBmzCQ8keHvU9OGWcCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBACu5LfpfpPfZfeSKblywn/SJj6RLwwG3cPeB4ctnHpkAcjuiWSURoY40mn7FqNPfEzApLcCfB7xemapyfz6EA4l1kbTEcXb5L9Pjr1Rffa6I+0KI29ELZEmjnvAyPdf7YEKMLRax5hvpYe6ueG7u7zNZwDdMQbLHKj4UOMyMVaxk', base64_encode($x509->saveCSR($x509->signCSR(), X509::FORMAT_DER)) ); } diff --git a/tests/Unit/File/X509/X509Test.php b/tests/Unit/File/X509/X509Test.php index a9daef76..a4e8406f 100644 --- a/tests/Unit/File/X509/X509Test.php +++ b/tests/Unit/File/X509/X509Test.php @@ -1406,4 +1406,78 @@ JYhGgW6KsKViE0hzQB8dSAcNcfwQPSKzOd02crXdJ7uYvZZK9prN83Oe1iDaizeA $this->expectException(\RuntimeException::class); $x509->getPublicKey(); } + + /** + * @group github2051 + */ + public function testRSACertWithECSDASig() + { + // a secp256r1 key + $CAPrivKey = PublicKeyLoader::load('-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgYZs/Y9XurjuN8SQ5 +7Fyy1mTgHjFsdt0/3mOH7pfUbh6hRANCAASnmS1cmSu9dHOYrBg9aJRBs3PLPK62 +u0s8T1gmnGIpKMyrHC3Sh6V2UczDODqpMXYiAsP6iPhiaq/3MmuhA0UA +-----END PRIVATE KEY-----'); + $CAPubKey = $CAPrivKey->getPublicKey(); + + $CASubject = new X509(); + $CASubject->setDNProp('id-at-organizationName', 'phpseclib CA cert'); + $CASubject->setPublicKey($CAPubKey); + + $CAIssuer = new X509(); + $CAIssuer->setPrivateKey($CAPrivKey); + $CAIssuer->setDN($CASubject->getDN()); + + $x509 = new X509(); + $x509->setEndDate('lifetime'); + $x509->makeCA(); + $result = $x509->sign($CAIssuer, $CASubject); + + // a 2048-bit private key + $privKey = PublicKeyLoader::load('-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDCgThSXWv0segP +h6PkuQOp8Hl7vB/M6KBrpY+igKOG5IbXO6Fkhw/1nmgswa4tUu9b8Co9/HPDX/0X +owHoZuriLQluPdFAl9TJsiL4Etjui/vCzmvtAHlC6N8MjhpXJj/1gdX3sEwhTfnw +zAqQrR7SxIcoX4zHxHfQxsbR9my6x4HYSKVOEmJtDcTenaDXVqrHfzsc7FIAouSd +UL2TxrgalyrKZce50iF/1SoXLvD0XxXgJZhVkMzcsycNMf4a5+xDQOaAl31DeSYT +/x2CamRVBE3F+Tg1cegXBm6Dxhl5+TXgAhduFlBqlp8BMGlpE2lDdNpBYbDKGJs7 +LMdV+pN7AgMBAAECggEADHgvTax6ks3jBDfcbHnl/7uQdjvJyB+zxSLwkejwUuIM +uPi0MJcuET+OCyyBh5tVCA5eDupD26coOR80rJsIfOaJP72L0DnLpQCcGE5RBP4J +zmRAbAnHPGBkiFAF5Udo+0rPFlmBj/MJToQuOzc2DioWRiLWCiqQydwse+Jx9wld +rJQ5WJfDGWV1T4nm88uzCDoMST6/7drwXNtyAEUHglcxnTj76t5AJ9YfI6FTiK64 +8tTjBr2f7D0uTsCw7ueDynNTTwGIvyH1UaLTfrdTq/Cfki8ztyCvPgBItgVlgAD5 +s85XXE4hqWKRgxJTG0OExyxeSLMpvbsVU/60Y/PcuQKBgQDlr2x77yuz3tIkXO+j +50exlhCH5/iuAQ9vw8QUQlde63B86U9/Y8SYS0kd1CdmHPNaeve4frmleY1iWAfC +AUAUaccKONlNbcVgcBzv7HXK+QmhRCb7EGGKFeb1O3oc1t8F1FRCa3hCtPchAVbu +PGIL6E3VwO36XYDXfS+jAZVIQwKBgQDYyfd+WYCM6YixDKZAGgfLSU/1sdt4lDGe +elObx0XeO+8kylqbk41WI92a4pQRnpZgHiyx48dsfa0vEO0zkGmfANxO/g6RxUTZ +zW3qGj8njhtsY6ymmHj+Ncu9/lnY6EpfCVSelxsVz+5XufjZfWNHj8mdEWDzFkuZ +BmcjQPlQaQKBgQDHfv3wC4Xe/ktx8BLpPuojkh8bnF1/7UXWIqh9nD29ISwcIp29 +HQ/V45ZHRU1PQRgR37qoUdG3q4MlByb92A4rbNDHzSbZPN3x7I8FyVFqkbJOkx50 +dP7zbCClohpnUC54Jrtk0WmsLvhzf3FdDa9vfj+UyLUq/+n3wTEOGULrdwKBgAGT +FfUY+VIMsC15BgwZJE1Zrvb937Y0fVfFU64h+GPw03/U6GuQ2snxYL6rPqASIs13 +6qMwIFatYwCggtiJB/tbqj34omp0oFdkopO8tRC4e4KCBtL+8IIIKf6rRkPJDCE8 +lBzCxDOYWwbQFvqdaocuiCxX3/hkBRCLd1xOMIFhAoGAanaZkg7wogxseU0CDQWr +ek+8xhvMsVmSs20JhR0WWUxNxZblKCJOMTzDnNxTajl8OeGfHLJER20aubB08/Fh +3XTCUzLk69tfwhvGTVorZ+bQTAM1X18nzD89J03g/IaHxxR/nyB39Yq8yqNvuP0D +Zf+6b317dHQhk60gz+CIt8s= +-----END PRIVATE KEY-----'); + $privKey = $privKey->withPadding(RSA::SIGNATURE_PKCS1); + $pubKey = $privKey->getPublicKey(); + + $subject = new X509(); + $subject->setDomain('whatever.com'); + $subject->setPublicKey($pubKey); + + $x509 = new X509(); + $x509->setEndDate('lifetime'); + $result = $x509->sign($CAIssuer, $subject); + $cert = $x509->saveX509($result); + + $x509 = new X509(); + $cert = $x509->loadX509($cert); + + $this->assertFalse(isset($cert['signatureAlgorithm']['parameters'])); + $this->assertFalse(isset($cert['tbsCertificate']['signature']['parameters'])); + } }