RSA: OAEP decryption didn't check labels correctly

2021-06-11 12:01:51 -05:00 · 2021-06-11 12:01:51 -05:00 · c3560c2d4d
parent 0a2dc24489
commit c3560c2d4d
2 changed files with 48 additions and 2 deletions
--- a/phpseclib/Crypt/RSA.php
+++ b/phpseclib/Crypt/RSA.php
@ -2664,9 +2664,9 @@ class Crypt_RSA
            $offset+= $patternMatch ? 0 : 1;
        }

-        // we do & instead of && to avoid https://en.wikipedia.org/wiki/Short-circuit_evaluation
+        // we do | instead of || to avoid https://en.wikipedia.org/wiki/Short-circuit_evaluation
        // to protect against timing attacks
-        if (!$hashesMatch & !$patternMatch) {
+        if (!$hashesMatch | !$patternMatch) {
            user_error('Decryption error');
            return false;
        }
--- a/tests/Unit/Crypt/RSA/ModeTest.php
+++ b/tests/Unit/Crypt/RSA/ModeTest.php
@ -137,4 +137,50 @@ E252896950917476ECE5E8FC27D5F053D6018D91B502C4787558A002B9283DA7', 16),
        $rsa->setHash('sha256');
        $this->assertTrue($rsa->verify($message, $signature));
    }
+
+    /**
+     * @group github1669
+     */
+    public function testOAEPWithLabel()
+    {
+        $publicKey = new Crypt_RSA();
+        $publicKey->loadKey('-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnkFHQbt801+kMnxn0VmMVljp8
+XdsbLEziLul3MwwckBDHwW6UDvYjN7vzJ/OM2RTxTbzilDcXJ37Zqz4qlDvXwSNm
+gIe+3dpuuRQRrJuJP6FD8zDTkRmg3QWOIIPBTzCqOtJKgWjFwMMxfCOBFEv6Ldn5
+Ac0i9ARl0/aNTWjvGwIDAQAB
+-----END PUBLIC KEY-----');
+
+        $privateKey = new Crypt_RSA();
+        $privateKey->loadKey('-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKeQUdBu3zTX6Qyf
+GfRWYxWWOnxd2xssTOIu6XczDByQEMfBbpQO9iM3u/Mn84zZFPFNvOKUNxcnftmr
+PiqUO9fBI2aAh77d2m65FBGsm4k/oUPzMNORGaDdBY4gg8FPMKo60kqBaMXAwzF8
+I4EUS/ot2fkBzSL0BGXT9o1NaO8bAgMBAAECgYAO2OPW8ywF86ervaFAHDN1YzVV
+db+HXdqGJB/9tuE42q8R9BrHNbgrkLGvrveOoGGRrBCzhuyGubIsuVat0SqoI6qE
+nB9uahaIBfF5FZ7+bNW5OfkgerUUYP1S1MGFxUqINnUY1YHITmo6pUKHsiJtP7si
+hnCT6uEx8LqVNf1quQJBANs+VCZVUDq6eMy3E/u03HiAB8cyqLVMVQ4cLyoiWmFl
+nEFzZwMd20ZMjtcxICiizW3dlDvyxWYKH93irL0JyM0CQQDDp/VFsh83vKICVvM9
+IZHwE/Z8vZA3eTkGbWmgnr6qaxqge3FU02kUvIHHlvLmXYIt30lTq0Rn+Lz+TGV/
+jDeHAkBHYSaSiGojhLx5og1+gKbbEIv3vbWRuTVj76cnZ6HXXfaelIzwRdMzMw+6
+XgMjV8XcRCzTy7ma/Cbd3cPxk/LtAkEAwkehMVexz/KrHI+icG1JMI9iDnNdJPhm
+O4+hdzCqOyanBfwNiSF0Encslze4ci8f+NTjRwWlo2hGomzRzFk7OQJAPPd/o0az
+kg9nF+JxLiz7hF+/6MLVZgIfw04u05ANtOSVVQP4UTmJ/tNAe3OBUQVlRQAJ1m3j
+zUlir0ACPypC1Q==
+-----END PRIVATE KEY-----');
+
+        $data = 'The quick brown fox jumps over the lazy dog';
+
+        $ciphertext = $publicKey->_rsaes_oaep_encrypt($data, 'whatever');
+
+        try {
+            $this->assertFalse($privateKey->decrypt($ciphertext));
+            $this->fail('Ciphertext should not have decrypted');
+        } catch (\Exception $e) {
+        }
+
+        $decrypted = $privateKey->_rsaes_oaep_decrypt($ciphertext, 'whatever');
+
+        $this->assertSame($data, $decrypted);
+    }
 }