X509: set parameter field to null for RSA keys

2024-09-28 15:19:02 +00:00 · 2015-06-28 11:32:42 -05:00 · 2015-06-28 11:32:42 -05:00 · 46a3c0fbbb
commit 46a3c0fbbb
parent 1ad66ad1ea
3 changed files with 52 additions and 2 deletions
--- a/phpseclib/File/ASN1.php
+++ b/phpseclib/File/ASN1.php
@ -897,7 +897,7 @@ class File_ASN1
                }

                foreach ($mapping['children'] as $key => $child) {
-                    if (!isset($source[$key])) {
+                    if (!array_key_exists($key, $source)) {
                        if (!isset($child['optional'])) {
                            return false;
                        }
--- a/phpseclib/File/X509.php
+++ b/phpseclib/File/X509.php
@ -1505,6 +1505,13 @@ class File_X509
                    case 'rsaEncryption':
                        $cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']
                            = base64_encode("\0" . base64_decode(preg_replace('#-.+-|[\r\n]#', '', $cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'])));
+                        /* "[For RSA keys] the parameters field MUST have ASN.1 type NULL for this algorithm identifier."
+                           -- https://tools.ietf.org/html/rfc3279#section-2.3.1
+
+                           given that and the fact that RSA keys appear ot be the only key type for which the parameters field can be blank,
+                           it seems like perhaps the ASN.1 description ought not say the parameters field is OPTIONAL, but whatever.
+                         */
+                        $cert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['parameters'] = null;
                }
        }

--- a/tests/Unit/File/X509/X509Test.php
+++ b/tests/Unit/File/X509/X509Test.php
@ -96,7 +96,50 @@ IOkKcGQRCMha8X2e7GmlpdWC1ycenlbN0nbVeSv3JUMcafC4+Q==
        $this->assertCount(5, $result['tbsCertificate']['extensions']);
    }

-    function encodeOID($oid)
+    /**
+     * @group github705
+     */
+    public function testSaveNullRSAParam()
+    {
+        $privKey = new Crypt_RSA();
+        $privKey->loadKey('-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDMswfEpAgnUDWA74zZw5XcPsWh1ly1Vk99tsqwoFDkLF7jvXy1
+dDLHYfuquvfxCgcp8k/4fQhx4ubR8bbGgEq9B05YRnViK0R0iBB5Ui4IaxWYYhKE
+8xqAEH2fL+/7nsqqNFKkEN9KeFwc7WbMY49U2adlMrpBdRjk1DqIEW3QTwIDAQAB
+AoGBAJ+83cT/1DUJjJcPWLTeweVbPtJp+3Ku5d1OdaGbmURVs764scbP5Ihe2AuF
+V9LLZoe/RdS9jYeB72nJ3D3PA4JVYYgqMOnJ8nlUMNQ+p0yGl5TqQk6EKLI8MbX5
+kQEazNqFXsiWVQXubAd5wjtb6g0n0KD3zoT/pWLES7dtUFexAkEA89h5+vbIIl2P
+H/NnkPie2NWYDZ1YiMGHFYxPDwsd9KCZMSbrLwAhPg9bPgqIeVNfpwxrzeksS6D9
+P98tJt335QJBANbnCe+LhDSrkpHMy9aOG2IdbLGG63MSRUCPz8v2gKPq3kYXDxq6
+Y1iqF8N5g0k5iirHD2qlWV5Q+nuGvFTafCMCQQC1wQiC0IkyXEw/Q31RqI82Dlcs
+5rhEDwQyQof3LZEhcsdcxKaOPOmKSYX4A3/f9w4YBIEiVQfoQ1Ig1qfgDZklAkAT
+TQDJcOBY0qgBTEFqbazr7PScJR/0X8m0eLYS/XqkPi3kYaHLpr3RcsVbmwg9hVtx
+aBtsWpliLSex/HHhtRW9AkBGcq67zKmEpJ9kXcYLEjJii3flFS+Ct/rNm+Hhm1l7
+4vca9v/F2hGVJuHIMJ8mguwYlNYzh2NqoIDJTtgOkBmt
+-----END RSA PRIVATE KEY-----');
+
+        $pubKey = new Crypt_RSA();
+        $pubKey->loadKey($privKey->getPublicKey());
+        $pubKey->setPublicKey();
+
+        $subject = new File_X509();
+        $subject->setDNProp('id-at-organizationName', 'phpseclib demo cert');
+        $subject->setPublicKey($pubKey);
+
+        $issuer = new File_X509();
+        $issuer->setPrivateKey($privKey);
+        $issuer->setDN($subject->getDN());
+
+        $x509 = new File_X509();
+
+        $result = $x509->sign($issuer, $subject);
+        $cert = $x509->saveX509($result);
+        $cert = $x509->loadX509($cert);
+
+        $this->assetArrayHasKey('parameters', $cert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']);
+    }
+
+    private function encodeOID($oid)
    {
        if ($oid === false) {
            user_error('Invalid OID');