From 92d0cd837e510e03cc051e4fde5781252c107f5c Mon Sep 17 00:00:00 2001 From: terrafrost Date: Fri, 17 Apr 2020 09:06:48 -0500 Subject: [PATCH] PKCS8: add extractEncryptionAlgorithm() method --- phpseclib/Crypt/Common/Formats/Keys/PKCS8.php | 81 ++++++++++++++----- 1 file changed, 62 insertions(+), 19 deletions(-) diff --git a/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php b/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php index 6625ec9b..638a58bf 100644 --- a/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php +++ b/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php @@ -332,25 +332,7 @@ abstract class PKCS8 extends PKCS */ protected static function load($key, $password = '') { - self::initialize_static_variables(); - - if (!Strings::is_stringable($key)) { - throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key)); - } - - if (self::$format != self::MODE_DER) { - $decoded = ASN1::extractBER($key); - if ($decoded !== false) { - $key = $decoded; - } elseif (self::$format == self::MODE_PEM) { - throw new \UnexpectedValueException('Expected base64-encoded PEM format but was unable to decode base64 text'); - } - } - - $decoded = ASN1::decodeBER($key); - if (empty($decoded)) { - throw new \RuntimeException('Unable to decode BER'); - } + $decoded = self::preParse($key); $meta = []; @@ -655,4 +637,65 @@ abstract class PKCS8 extends PKCS chunk_split(Base64::encode($key), 64) . "-----END PUBLIC KEY-----"; } + + /** + * Perform some preliminary parsing of the key + * + * @param string $key + * @return array + */ + private static function preParse(&$key) + { + self::initialize_static_variables(); + + if (!Strings::is_stringable($key)) { + throw new \UnexpectedValueException('Key should be a string - not a ' . gettype($key)); + } + + if (self::$format != self::MODE_DER) { + $decoded = ASN1::extractBER($key); + if ($decoded !== false) { + $key = $decoded; + } elseif (self::$format == self::MODE_PEM) { + throw new \UnexpectedValueException('Expected base64-encoded PEM format but was unable to decode base64 text'); + } + } + + $decoded = ASN1::decodeBER($key); + if (empty($decoded)) { + throw new \RuntimeException('Unable to decode BER'); + } + + return $decoded; + } + + /** + * Returns the encryption parameters used by the key + * + * @param string $key + * @return array + */ + public static function extractEncryptionAlgorithm($key) + { + $decoded = self::preParse($key); + + $r = ASN1::asn1map($decoded[0], ASN1\Maps\EncryptedPrivateKeyInfo::MAP); + if (!is_array($r)) { + throw new \RuntimeException('Unable to parse using EncryptedPrivateKeyInfo map'); + } + + if ($r['encryptionAlgorithm']['algorithm'] == 'id-PBES2') { + $decoded = ASN1::decodeBER($r['encryptionAlgorithm']['parameters']->element); + $r['encryptionAlgorithm']['parameters'] = ASN1::asn1map($decoded[0], ASN1\Maps\PBES2params::MAP); + + $kdf = &$r['encryptionAlgorithm']['parameters']['keyDerivationFunc']; + switch ($kdf['algorithm']) { + case 'id-PBKDF2': + $decoded = ASN1::decodeBER($kdf['parameters']->element); + $kdf['parameters'] = ASN1::asn1map($decoded[0], Maps\PBKDF2params::MAP); + } + } + + return $r['encryptionAlgorithm']; + } }