From 713393c8ad1c53042491007567343054a805f364 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sat, 6 Sep 2014 11:13:11 -0500 Subject: [PATCH] RSA: make XML keys use unsigned integers PKCS1 / PKCS8 keys need *signed* integers because of section 8.3.3 at http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#page=7 --- phpseclib/Crypt/RSA.php | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index dd18bc26..95617510 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -742,17 +742,18 @@ class Crypt_RSA */ function _convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients) { + $unsigned = $this->privateKeyFormat == CRYPT_RSA_PRIVATE_FORMAT_XML; $num_primes = count($primes); $raw = array( 'version' => $num_primes == 2 ? chr(0) : chr(1), // two-prime vs. multi - 'modulus' => $n->toBytes(true), - 'publicExponent' => $e->toBytes(true), - 'privateExponent' => $d->toBytes(true), - 'prime1' => $primes[1]->toBytes(true), - 'prime2' => $primes[2]->toBytes(true), - 'exponent1' => $exponents[1]->toBytes(true), - 'exponent2' => $exponents[2]->toBytes(true), - 'coefficient' => $coefficients[2]->toBytes(true) + 'modulus' => $n->toBytes($unsigned), + 'publicExponent' => $e->toBytes($unsigned), + 'privateExponent' => $d->toBytes($unsigned), + 'prime1' => $primes[1]->toBytes($unsigned), + 'prime2' => $primes[2]->toBytes($unsigned), + 'exponent1' => $exponents[1]->toBytes($unsigned), + 'exponent2' => $exponents[2]->toBytes($unsigned), + 'coefficient' => $coefficients[2]->toBytes($unsigned) ); // if the format in question does not support multi-prime rsa and multi-prime rsa was used, @@ -941,8 +942,10 @@ class Crypt_RSA */ function _convertPublicKey($n, $e) { - $modulus = $n->toBytes(true); - $publicExponent = $e->toBytes(true); + $unsigned = $this->publicKeyFormat == CRYPT_RSA_PUBLIC_FORMAT_XML; + + $modulus = $n->toBytes($unsigned); + $publicExponent = $e->toBytes($unsigned); switch ($this->publicKeyFormat) { case CRYPT_RSA_PUBLIC_FORMAT_RAW: