From 207cd0f4ea0ae9b8065975925848184a39c3cf67 Mon Sep 17 00:00:00 2001 From: Brice Figureau Date: Sat, 19 Oct 2019 15:30:39 +0200 Subject: [PATCH 1/2] (#1423) make PSS verification work for non power of 2 keys RFC3447 doesn't require RSA public keys to be power of 2 keys. The actual validation code doesn't work when trying to verify a PSS signature generated with a non power of two key. This small patch adds support for such keys. --- phpseclib/Crypt/RSA.php | 6 +++--- tests/Unit/Crypt/RSA/ModeTest.php | 21 +++++++++++++++++++++ 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index ac3cf0b9..2fea3a92 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -2846,7 +2846,7 @@ class Crypt_RSA // if $m is larger than two million terrabytes and you're using sha1, PKCS#1 suggests a "Label too long" error // be output. - $emLen = ($emBits + 1) >> 3; // ie. ceil($emBits / 8); + $emLen = ($emBits + 7) >> 3; // ie. ceil($emBits / 8); $sLen = $this->sLen !== null ? $this->sLen : $this->hLen; $mHash = $this->hash->hash($m); @@ -2924,7 +2924,7 @@ class Crypt_RSA // RSA verification - $modBits = 8 * $this->k; + $modBits = strlen($this->modulus->toBits()); $s2 = $this->_os2ip($s); $m2 = $this->_rsavp1($s2); @@ -2932,7 +2932,7 @@ class Crypt_RSA user_error('Invalid signature'); return false; } - $em = $this->_i2osp($m2, $modBits >> 3); + $em = $this->_i2osp($m2, $this->k); if ($em === false) { user_error('Invalid signature'); return false; diff --git a/tests/Unit/Crypt/RSA/ModeTest.php b/tests/Unit/Crypt/RSA/ModeTest.php index 2e62dade..fce48110 100644 --- a/tests/Unit/Crypt/RSA/ModeTest.php +++ b/tests/Unit/Crypt/RSA/ModeTest.php @@ -94,4 +94,25 @@ U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ $rsa->loadKey($rsa->getPublicKey()); $this->assertTrue($rsa->verify($plaintext, $sig)); } + + /** + * @group github1423 + */ + public function testPSSSigsWithNonPowerOf2Key() + { + $pub = '-----BEGIN PUBLIC KEY----- +MF0wDQYJKoZIhvcNAQEBBQADTAAwSQJCAmdYuOvii3I6ya3q/zSeZFoJprgF9fIq +k12yS6pCS3c+1wZ9cYFVtgfpSL4XpylLe9EnRT2GRVYCqUkR4AUeTuvnAgMBAAE= +-----END PUBLIC KEY-----'; + + $rsa = new Crypt_RSA(); + $rsa->loadKey($pub); + $rsa->setHash('sha256'); + $rsa->setSaltLength(32); + $rsa->setMGFHash('sha256'); + + $sig = base64_decode(strtr('Ad022bD-UCmWpBNMtsYJjG0FVxML-FFlN4IKrByP8rwjVzV_D-YqSjc_oW6LrooV7jbtEF5803YLn8lllyzDnw00', '-_', '+/')); + $payload = 'eyJraWQiOiJ0RkMyVUloRnBUTV9FYTNxY09kX01xUVQxY0JCbTlrRkxTRGZlSmhzUkc4IiwiYWxnIjoiUFMyNTYifQ.eyJhcHAiOiJhY2NvdW50cG9ydGFsIiwic3ViIjoiNTliOGM4YzA5NTVhNDA5MDg2MGRmYmM3ZGQwMjVjZWEiLCJjbGlkIjoiZTQ5ZTA2N2JiMTFjNDcyMmEzNGIyYjNiOGE2YTYzNTUiLCJhbSI6InBhc3N3b3JkIiwicCI6ImVOcDFrRUZQd3pBTWhmXC9QdEVOYU5kQkc2bUZDNHNpbENNNXU0aTNXMHFSS0hFVDU5V1JzcXpZRUp4XC84M3ZQbkIxcUg3Rm5CZVNabEtNME9saGVZVUVWTXlHOEVUOEZnWDI4dkdqWG4wWkcrV2hSK01rWVBicGZacHI2U3E0N0RFYjBLYkRFT21CSUZuOTZKN1ZDaWg1Q2p4dWNRZDJmdHJlMCt2cSthZFFObUluK0poWEl0UlBvQ0xya1wvZ05VV3N3T09vSVwva0Q5ZVk4c05jRHFPUzNkanFWb3RPU21oRUo5b0hZZmFqZmpSRzFGSWpGRFwvOExtT2pKbVF3d0tBMnQ0aXJBQ2NncHo0dzBuN3BtXC84YXV2T0dFM2twVFZ2d0IzdzlQZk1YZnJJUTBhejRsaEtIdVBUMU42XC9sb1FJPSIsImlhaSI6IjU5YjhjOGMwOTU1YTQwOTA4NjBkZmJjN2RkMDI1Y2VhIiwiY2xzdmMiOiJhY2NvdW50cG9ydGFsIiwibHB2IjoxNTQ3Njc1NDM4LCJ0IjoicyIsImljIjp0cnVlLCJleHAiOjE1NDc3MDQyMzgsImlhdCI6MTU0NzY3NTQzOCwianRpIjoiZTE0N2UzM2UzNzVhNDkyNWJjMzdjZTRjMDIwMmJjNDYifQ'; + $this->assertTrue($rsa->verify($payload, $sig)); + } } From 941230c2df3618ab809d81b2013b6087b7689320 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 20 Oct 2019 13:38:45 -0500 Subject: [PATCH 2/2] RSA: adustments for 2.0 branch --- tests/Unit/Crypt/RSA/ModeTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Unit/Crypt/RSA/ModeTest.php b/tests/Unit/Crypt/RSA/ModeTest.php index 97af5c45..788878b2 100644 --- a/tests/Unit/Crypt/RSA/ModeTest.php +++ b/tests/Unit/Crypt/RSA/ModeTest.php @@ -105,7 +105,7 @@ MF0wDQYJKoZIhvcNAQEBBQADTAAwSQJCAmdYuOvii3I6ya3q/zSeZFoJprgF9fIq k12yS6pCS3c+1wZ9cYFVtgfpSL4XpylLe9EnRT2GRVYCqUkR4AUeTuvnAgMBAAE= -----END PUBLIC KEY-----'; - $rsa = new Crypt_RSA(); + $rsa = new RSA(); $rsa->loadKey($pub); $rsa->setHash('sha256'); $rsa->setSaltLength(32);