From 46a3c0fbbbce879fb37e6f9f7416dec5dfe1c502 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 28 Jun 2015 11:32:42 -0500 Subject: [PATCH 1/3] X509: set parameter field to null for RSA keys --- phpseclib/File/ASN1.php | 2 +- phpseclib/File/X509.php | 7 +++++ tests/Unit/File/X509/X509Test.php | 45 ++++++++++++++++++++++++++++++- 3 files changed, 52 insertions(+), 2 deletions(-) diff --git a/phpseclib/File/ASN1.php b/phpseclib/File/ASN1.php index 430493c2..aab31f0f 100644 --- a/phpseclib/File/ASN1.php +++ b/phpseclib/File/ASN1.php @@ -897,7 +897,7 @@ class File_ASN1 } foreach ($mapping['children'] as $key => $child) { - if (!isset($source[$key])) { + if (!array_key_exists($key, $source)) { if (!isset($child['optional'])) { return false; } diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index 97902013..5ff29017 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -1505,6 +1505,13 @@ class File_X509 case 'rsaEncryption': $cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'] = base64_encode("\0" . base64_decode(preg_replace('#-.+-|[\r\n]#', '', $cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']))); + /* "[For RSA keys] the parameters field MUST have ASN.1 type NULL for this algorithm identifier." + -- https://tools.ietf.org/html/rfc3279#section-2.3.1 + + given that and the fact that RSA keys appear ot be the only key type for which the parameters field can be blank, + it seems like perhaps the ASN.1 description ought not say the parameters field is OPTIONAL, but whatever. + */ + $cert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['parameters'] = null; } } diff --git a/tests/Unit/File/X509/X509Test.php b/tests/Unit/File/X509/X509Test.php index ff53001c..c412dc62 100644 --- a/tests/Unit/File/X509/X509Test.php +++ b/tests/Unit/File/X509/X509Test.php @@ -96,7 +96,50 @@ IOkKcGQRCMha8X2e7GmlpdWC1ycenlbN0nbVeSv3JUMcafC4+Q== $this->assertCount(5, $result['tbsCertificate']['extensions']); } - function encodeOID($oid) + /** + * @group github705 + */ + public function testSaveNullRSAParam() + { + $privKey = new Crypt_RSA(); + $privKey->loadKey('-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDMswfEpAgnUDWA74zZw5XcPsWh1ly1Vk99tsqwoFDkLF7jvXy1 +dDLHYfuquvfxCgcp8k/4fQhx4ubR8bbGgEq9B05YRnViK0R0iBB5Ui4IaxWYYhKE +8xqAEH2fL+/7nsqqNFKkEN9KeFwc7WbMY49U2adlMrpBdRjk1DqIEW3QTwIDAQAB +AoGBAJ+83cT/1DUJjJcPWLTeweVbPtJp+3Ku5d1OdaGbmURVs764scbP5Ihe2AuF +V9LLZoe/RdS9jYeB72nJ3D3PA4JVYYgqMOnJ8nlUMNQ+p0yGl5TqQk6EKLI8MbX5 +kQEazNqFXsiWVQXubAd5wjtb6g0n0KD3zoT/pWLES7dtUFexAkEA89h5+vbIIl2P +H/NnkPie2NWYDZ1YiMGHFYxPDwsd9KCZMSbrLwAhPg9bPgqIeVNfpwxrzeksS6D9 +P98tJt335QJBANbnCe+LhDSrkpHMy9aOG2IdbLGG63MSRUCPz8v2gKPq3kYXDxq6 +Y1iqF8N5g0k5iirHD2qlWV5Q+nuGvFTafCMCQQC1wQiC0IkyXEw/Q31RqI82Dlcs +5rhEDwQyQof3LZEhcsdcxKaOPOmKSYX4A3/f9w4YBIEiVQfoQ1Ig1qfgDZklAkAT +TQDJcOBY0qgBTEFqbazr7PScJR/0X8m0eLYS/XqkPi3kYaHLpr3RcsVbmwg9hVtx +aBtsWpliLSex/HHhtRW9AkBGcq67zKmEpJ9kXcYLEjJii3flFS+Ct/rNm+Hhm1l7 +4vca9v/F2hGVJuHIMJ8mguwYlNYzh2NqoIDJTtgOkBmt +-----END RSA PRIVATE KEY-----'); + + $pubKey = new Crypt_RSA(); + $pubKey->loadKey($privKey->getPublicKey()); + $pubKey->setPublicKey(); + + $subject = new File_X509(); + $subject->setDNProp('id-at-organizationName', 'phpseclib demo cert'); + $subject->setPublicKey($pubKey); + + $issuer = new File_X509(); + $issuer->setPrivateKey($privKey); + $issuer->setDN($subject->getDN()); + + $x509 = new File_X509(); + + $result = $x509->sign($issuer, $subject); + $cert = $x509->saveX509($result); + $cert = $x509->loadX509($cert); + + $this->assetArrayHasKey('parameters', $cert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']); + } + + private function encodeOID($oid) { if ($oid === false) { user_error('Invalid OID'); From 2277c0fbacf3cb79cec2d4375d1faea298fa37f0 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 28 Jun 2015 11:40:34 -0500 Subject: [PATCH 2/3] Tests/X509: typo --- tests/Unit/File/X509/X509Test.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Unit/File/X509/X509Test.php b/tests/Unit/File/X509/X509Test.php index c412dc62..fcf94eee 100644 --- a/tests/Unit/File/X509/X509Test.php +++ b/tests/Unit/File/X509/X509Test.php @@ -136,7 +136,7 @@ aBtsWpliLSex/HHhtRW9AkBGcq67zKmEpJ9kXcYLEjJii3flFS+Ct/rNm+Hhm1l7 $cert = $x509->saveX509($result); $cert = $x509->loadX509($cert); - $this->assetArrayHasKey('parameters', $cert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']); + $this->assertArrayHasKey('parameters', $cert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']); } private function encodeOID($oid) From 2c8cb0b4261ae74e2d1db44d179c7702e1d5e3e2 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 28 Jun 2015 14:52:07 -0500 Subject: [PATCH 3/3] Tests/X509: CS adjustments --- tests/Unit/File/X509/X509Test.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/Unit/File/X509/X509Test.php b/tests/Unit/File/X509/X509Test.php index fcf94eee..40737d8c 100644 --- a/tests/Unit/File/X509/X509Test.php +++ b/tests/Unit/File/X509/X509Test.php @@ -83,7 +83,7 @@ IOkKcGQRCMha8X2e7GmlpdWC1ycenlbN0nbVeSv3JUMcafC4+Q== $asn1 = new File_ASN1(); - $value = $this->encodeOID('1.2.3.4'); + $value = $this->_encodeOID('1.2.3.4'); $ext = chr(FILE_ASN1_TYPE_OBJECT_IDENTIFIER) . $asn1->_encodeLength(strlen($value)) . $value; $value = 'zzzzzzzzz'; $ext.= chr(FILE_ASN1_TYPE_OCTET_STRING) . $asn1->_encodeLength(strlen($value)) . $value; @@ -139,7 +139,7 @@ aBtsWpliLSex/HHhtRW9AkBGcq67zKmEpJ9kXcYLEjJii3flFS+Ct/rNm+Hhm1l7 $this->assertArrayHasKey('parameters', $cert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']); } - private function encodeOID($oid) + private function _encodeOID($oid) { if ($oid === false) { user_error('Invalid OID');