diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index dd18bc26..a0fbc285 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -742,17 +742,18 @@ class Crypt_RSA */ function _convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients) { + $signed = $this->privateKeyFormat != CRYPT_RSA_PRIVATE_FORMAT_XML; $num_primes = count($primes); $raw = array( 'version' => $num_primes == 2 ? chr(0) : chr(1), // two-prime vs. multi - 'modulus' => $n->toBytes(true), - 'publicExponent' => $e->toBytes(true), - 'privateExponent' => $d->toBytes(true), - 'prime1' => $primes[1]->toBytes(true), - 'prime2' => $primes[2]->toBytes(true), - 'exponent1' => $exponents[1]->toBytes(true), - 'exponent2' => $exponents[2]->toBytes(true), - 'coefficient' => $coefficients[2]->toBytes(true) + 'modulus' => $n->toBytes($signed), + 'publicExponent' => $e->toBytes($signed), + 'privateExponent' => $d->toBytes($signed), + 'prime1' => $primes[1]->toBytes($signed), + 'prime2' => $primes[2]->toBytes($signed), + 'exponent1' => $exponents[1]->toBytes($signed), + 'exponent2' => $exponents[2]->toBytes($signed), + 'coefficient' => $coefficients[2]->toBytes($signed) ); // if the format in question does not support multi-prime rsa and multi-prime rsa was used, @@ -941,8 +942,10 @@ class Crypt_RSA */ function _convertPublicKey($n, $e) { - $modulus = $n->toBytes(true); - $publicExponent = $e->toBytes(true); + $signed = $this->publicKeyFormat != CRYPT_RSA_PUBLIC_FORMAT_XML; + + $modulus = $n->toBytes($signed); + $publicExponent = $e->toBytes($signed); switch ($this->publicKeyFormat) { case CRYPT_RSA_PUBLIC_FORMAT_RAW: diff --git a/tests/Unit/Crypt/RSA/LoadKeyTest.php b/tests/Unit/Crypt/RSA/LoadKeyTest.php index 9402ab42..6506c478 100644 --- a/tests/Unit/Crypt/RSA/LoadKeyTest.php +++ b/tests/Unit/Crypt/RSA/LoadKeyTest.php @@ -259,4 +259,46 @@ Ao8eayMp6FcvNucIpUndo1X8dKMv3Y26ZQIDAQAB $this->assertGreaterThanOrEqual(1, strlen("$rsa")); $this->assertFalse($rsa->getPublicKey()); } + + /** + * make phpseclib generated XML keys be unsigned. this may need to be reverted + * if it is later learned that XML keys are, in fact, supposed to be signed + * @group github468 + */ + public function testUnsignedXML() + { + $rsa = new Crypt_RSA(); + + $key = ' + v5OxcEgxPUfa701NpxnScCmlRkbwSGBiTWobHkIWZEB+AlRTHaVoZg/D8l6YzR7VdQidG6gF+nuUMjY75dBXgY/XcyVq0Hccf1jTfgARuNuq4GGG3hnCJVi2QsOgcf9R7TeXn+p1RKIhjQoWCiEQeEBTotNbJhcabNcPGSEJw+s= + AQAB +'; + + $rsa->loadKey($key); + $rsa->setPublicKey(); + $newkey = $rsa->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_XML); + + $this->assertSame(preg_replace('#\s#', '', $key), preg_replace('#\s#', '', $newkey)); + } + + /** + * @group github468 + */ + public function testSignedPKCS1() + { + $rsa = new Crypt_RSA(); + + $key = '-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/k7FwSDE9R9rvTU2nGdJwKaVG +RvBIYGJNahseQhZkQH4CVFMdpWhmD8PyXpjNHtV1CJ0bqAX6e5QyNjvl0FeBj9dz +JWrQdxx/WNN+ABG426rgYYbeGcIlWLZCw6Bx/1HtN5ef6nVEoiGNChYKIRB4QFOi +01smFxps1w8ZIQnD6wIDAQAB +-----END PUBLIC KEY-----'; + + $rsa->loadKey($key); + $rsa->setPublicKey(); + $newkey = $rsa->getPublicKey(); + + $this->assertSame(preg_replace('#\s#', '', $key), preg_replace('#\s#', '', $newkey)); + } }