From c85b356b1877887a97a7210d9045e7e52adb14a6 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Thu, 7 Jan 2016 07:00:26 -0600 Subject: [PATCH] RSA: more updates per Joey3000 --- phpseclib/Crypt/RSA.php | 34 +++++++++++-------------- phpseclib/System/SSH/Agent/Identity.php | 10 ++++---- 2 files changed, 20 insertions(+), 24 deletions(-) diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index 1cfdb6ff..a7d6d757 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -10,7 +10,7 @@ * mgfHash = new Hash($hash); break; default: - $this->mgfHash = new Hash('sha1'); + $this->mgfHash = new Hash('sha256'); } $this->mgfHLen = $this->mgfHash->getLength(); } @@ -1293,12 +1293,15 @@ class RSA * See {@link http://tools.ietf.org/html/rfc3447#section-4.1 RFC3447#section-4.1}. * * @access private - * @param \phpseclib\Math\BigInteger $x + * @param bool|\phpseclib\Math\BigInteger $x * @param int $xLen * @return bool|string */ function _i2osp($x, $xLen) { + if ($x === false) { + return false; + } $x = $x->toBytes(); if (strlen($x) > $xLen) { return false; @@ -1628,10 +1631,10 @@ class RSA $c = $this->_os2ip($c); $m = $this->_rsadp($c); - if ($m === false) { + $em = $this->_i2osp($m, $this->k); + if ($em === false) { return false; } - $em = $this->_i2osp($m, $this->k); // EME-OAEP decoding @@ -1665,7 +1668,7 @@ class RSA * * @access private * @param string $m - * @return string + * @return bool|string */ function _raw_encrypt($m) { @@ -1683,7 +1686,7 @@ class RSA * @param string $m * @param bool $pkcs15_compat optional * @throws \OutOfBoundsException if strlen($m) > $this->k - 11 - * @return string + * @return bool|string */ function _rsaes_pkcs1_v1_5_encrypt($m, $pkcs15_compat = false) { @@ -1755,11 +1758,10 @@ class RSA $c = $this->_os2ip($c); $m = $this->_rsadp($c); - - if ($m === false) { + $em = $this->_i2osp($m, $this->k); + if ($em === false) { return false; } - $em = $this->_i2osp($m, $this->k); // EME-PKCS1-v1_5 decoding @@ -1896,7 +1898,7 @@ class RSA * @access private * @param string $m * @param string $s - * @return string + * @return bool|string */ function _rsassa_pss_verify($m, $s) { @@ -1912,9 +1914,6 @@ class RSA $s2 = $this->_os2ip($s); $m2 = $this->_rsavp1($s2); - if ($m2 === false) { - return false; - } $em = $this->_i2osp($m2, $modBits >> 3); if ($em === false) { return false; @@ -2030,9 +2029,6 @@ class RSA $s = $this->_os2ip($s); $m2 = $this->_rsavp1($s); - if ($m2 === false) { - return false; - } $em = $this->_i2osp($m2, $this->k); if ($em === false) { return false; @@ -2227,7 +2223,7 @@ class RSA * @access public * @param string $plaintext * @param int $padding optional - * @return string + * @return bool|string */ function decrypt($ciphertext, $padding = self::PADDING_OAEP) { diff --git a/phpseclib/System/SSH/Agent/Identity.php b/phpseclib/System/SSH/Agent/Identity.php index c4fc659b..a074d4d0 100644 --- a/phpseclib/System/SSH/Agent/Identity.php +++ b/phpseclib/System/SSH/Agent/Identity.php @@ -106,13 +106,13 @@ class Identity * * Wrapper for $this->key->getPublicKey() * - * @param int $format optional + * @param int $type optional * @return mixed * @access public */ - function getPublicKey($format = null) + function getPublicKey($type = 'PKCS8') { - return !isset($format) ? $this->key->getPublicKey() : $this->key->getPublicKey($format); + return $this->key->getPublicKey($type); } /** @@ -121,13 +121,13 @@ class Identity * See "2.6.2 Protocol 2 private key signature request" * * @param string $message - * @param int|bool $padding + * @param int $padding optional * @return string * @throws \RuntimeException on connection errors * @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported * @access public */ - function sign($message, $padding = RSA::PADDING_PSS) + function sign($message, $padding = RSA::PADDING_PKCS1) { if ($padding != RSA::PADDING_PKCS1 && $padding != RSA::PADDING_RELAXED_PKCS1) { throw new \UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures');