octoleo/phpseclib
1
0
Fork 0
mirror of https://github.com/phpseclib/phpseclib.git synced 2025-01-14 10:53:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2003 from LeonMelis/3.0

Browse Source 
Fix support for Ed448 private keys in PKCS#8 format
This commit is contained in:
terrafrost 2024-05-25 14:42:46 -05:00 committed by GitHub
commit 541887c33a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 60 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
phpseclib/Crypt/EC/Formats/Keys/PKCS8.php
View File

@ -129,12 +129,21 @@ abstract class PKCS8 extends Progenitor
$components = []; $components = [];
if (isset($key['privateKey'])) { if (isset($key['privateKey'])) {
$components['curve'] = $key['privateKeyAlgorithm']['algorithm'] == 'id-Ed25519' ? new Ed25519() : new Ed448(); if ($key['privateKeyAlgorithm']['algorithm'] == 'id-Ed25519') {
$components['curve'] = new Ed25519();
// 0x04 == octet string // 0x04 == octet string
// 0x20 == length (32 bytes) // 0x20 == length (32 bytes)
if (substr($key['privateKey'], 0, 2) != "\x04\x20") { if (substr($key['privateKey'], 0, 2) != "\x04\x20") {
throw new \RuntimeException('The first two bytes of the private key field should be 0x0420'); throw new \RuntimeException('The first two bytes of the Ed25519 private key field should be 0x0420');
}
} else {
// Assume Ed448
$components['curve'] = new Ed448();
// 0x04 == octet string
// 0x39 == length (57 bytes)
if (substr($key['privateKey'], 0, 2) != "\x04\x39") {
throw new \RuntimeException('The first two bytes of the Ed448 private key field should be 0x0439');
}
} }
$arr = $components['curve']->extractSecret(substr($key['privateKey'], 2)); $arr = $components['curve']->extractSecret(substr($key['privateKey'], 2));
$components['dA'] = $arr['dA']; $components['dA'] = $arr['dA'];
@ -207,13 +216,24 @@ abstract class PKCS8 extends Progenitor
} }
if ($curve instanceof TwistedEdwardsCurve) { if ($curve instanceof TwistedEdwardsCurve) {
return self::wrapPrivateKey( if ($curve instanceof Ed25519) {
"\x04\x20" . $secret, return self::wrapPrivateKey(
[], "\x04\x20" . $secret,
null, [],
$password, null,
$curve instanceof Ed25519 ? 'id-Ed25519' : 'id-Ed448' $password,
); 'id-Ed25519'
);
} else {
// Assume Ed448
return self::wrapPrivateKey(
"\x04\x39" . $secret,
[],
null,
$password,
'id-Ed448'
);
}
} }
$publicKey = "\4" . $publicKey[0]->toBytes() . $publicKey[1]->toBytes(); $publicKey = "\4" . $publicKey[0]->toBytes() . $publicKey[1]->toBytes();

27
tests/Unit/Crypt/EC/KeyTest.php
View File

@ -297,6 +297,33 @@ WEKBIQAZv0QJaYTN/oVBusFn3DuWyFCGqjC2tssMXDitcDFm4Q==
$this->assertSameNL('Ed25519', $key->getPublicKey()->getCurve()); $this->assertSameNL('Ed25519', $key->getPublicKey()->getCurve());
} }
// Generate with:
// openssl genpkey -algorithm ed448 | openssl ec -pubout
public function testEd448PublicKey()
{
$expected = '-----BEGIN PUBLIC KEY-----
MEMwBQYDK2VxAzoAsA7zbld48IfDhm7Qd6FYrvnljtjhPRRqZi04NWyj8VXrWe1x
BMLQFJEE0JDmKayUWpUWsRXwmb6A
-----END PUBLIC KEY-----';
$key = PublicKeyLoader::load($expected);
$this->assertSameNL('Ed448', $key->getCurve());
$this->assertSameNL($expected, $key->toString('PKCS8'));
}
// Generate with:
// openssl genpkey -algorithm ed448
public function testEd448PrivateKey()
{
$expected = '-----BEGIN PRIVATE KEY-----
MEcCAQAwBQYDK2VxBDsEOettXaJYob4hJNKJNOD+FfMvdesLKNp0KwochI6AKmAb
tWhtkn99WOjd1PsGMh9zz2Vhdg3MwasOMQ==
-----END PRIVATE KEY-----';
$key = PublicKeyLoader::load($expected);
$this->assertSameNL($expected, $key->toString('PKCS8'));
$this->assertSameNL('Ed448', $key->getCurve());
$this->assertSameNL('Ed448', $key->getPublicKey()->getCurve());
}
public function testPuTTYnistp256() public function testPuTTYnistp256()
{ {
$key = PublicKeyLoader::load($expected = 'PuTTY-User-Key-File-2: ecdsa-sha2-nistp256 $key = PublicKeyLoader::load($expected = 'PuTTY-User-Key-File-2: ecdsa-sha2-nistp256