RSA: updates per Joey3000

This commit is contained in:
terrafrost 2016-01-03 13:01:53 -06:00
parent 806249c7e9
commit d5a359b41e
2 changed files with 39 additions and 21 deletions

View File

@ -45,8 +45,6 @@
namespace phpseclib\Crypt; namespace phpseclib\Crypt;
use phpseclib\Crypt\Hash;
use phpseclib\Crypt\Random;
use phpseclib\Math\BigInteger; use phpseclib\Math\BigInteger;
use phpseclib\File\ASN1; use phpseclib\File\ASN1;
@ -1683,6 +1681,7 @@ class RSA
* *
* @access private * @access private
* @param string $m * @param string $m
* @param bool $pkcs15_compat optional
* @throws \OutOfBoundsException if strlen($m) > $this->k - 11 * @throws \OutOfBoundsException if strlen($m) > $this->k - 11
* @return string * @return string
*/ */
@ -1870,7 +1869,7 @@ class RSA
* *
* @access private * @access private
* @param string $m * @param string $m
* @return string * @return bool|string
*/ */
function _rsassa_pss_sign($m) function _rsassa_pss_sign($m)
{ {
@ -1940,9 +1939,6 @@ class RSA
function _emsa_pkcs1_v1_5_encode($m, $emLen) function _emsa_pkcs1_v1_5_encode($m, $emLen)
{ {
$h = $this->hash->hash($m); $h = $this->hash->hash($m);
if ($h === false) {
return false;
}
// see http://tools.ietf.org/html/rfc3447#page-43 // see http://tools.ietf.org/html/rfc3447#page-43
switch ($this->hashName) { switch ($this->hashName) {
@ -1986,7 +1982,7 @@ class RSA
* @access private * @access private
* @param string $m * @param string $m
* @throws \LengthException if the RSA modulus is too short * @throws \LengthException if the RSA modulus is too short
* @return string * @return bool|string
*/ */
function _rsassa_pkcs1_v1_5_sign($m) function _rsassa_pkcs1_v1_5_sign($m)
{ {
@ -1994,9 +1990,10 @@ class RSA
// If the encoding operation outputs "intended encoded message length too short," output "RSA modulus // If the encoding operation outputs "intended encoded message length too short," output "RSA modulus
// too short" and stop. // too short" and stop.
try {
$em = $this->_emsa_pkcs1_v1_5_encode($m, $this->k); $em = $this->_emsa_pkcs1_v1_5_encode($m, $this->k);
if ($em === false) { } catch (\LengthException $e) {
return false; throw new \LengthException('RSA modulus too short');
} }
// RSA signature // RSA signature
@ -2017,8 +2014,9 @@ class RSA
* *
* @access private * @access private
* @param string $m * @param string $m
* @param string $s
* @throws \LengthException if the RSA modulus is too short * @throws \LengthException if the RSA modulus is too short
* @return bool|string * @return bool
*/ */
function _rsassa_pkcs1_v1_5_verify($m, $s) function _rsassa_pkcs1_v1_5_verify($m, $s)
{ {
@ -2069,7 +2067,8 @@ class RSA
* *
* @access private * @access private
* @param string $m * @param string $m
* @return bool|string * @param string $s
* @return bool
*/ */
function _rsassa_pkcs1_v1_5_relaxed_verify($m, $s) function _rsassa_pkcs1_v1_5_relaxed_verify($m, $s)
{ {
@ -2166,8 +2165,8 @@ class RSA
* @see self::decrypt() * @see self::decrypt()
* @access public * @access public
* @param string $plaintext * @param string $plaintext
* @param int $padding * @param int $padding optional
* @return string * @return bool|string
* @throws \LengthException if the RSA modulus is too short * @throws \LengthException if the RSA modulus is too short
*/ */
function encrypt($plaintext, $padding = self::PADDING_OAEP) function encrypt($plaintext, $padding = self::PADDING_OAEP)
@ -2177,7 +2176,11 @@ class RSA
$plaintext = str_split($plaintext, $this->k); $plaintext = str_split($plaintext, $this->k);
$ciphertext = ''; $ciphertext = '';
foreach ($plaintext as $m) { foreach ($plaintext as $m) {
$ciphertext.= $this->_raw_encrypt($m); $temp = $this->_raw_encrypt($m);
if ($temp === false) {
return false;
}
$ciphertext.= $temp;
} }
return $ciphertext; return $ciphertext;
case self::PADDING_PKCS15_COMPAT: case self::PADDING_PKCS15_COMPAT:
@ -2190,7 +2193,11 @@ class RSA
$plaintext = str_split($plaintext, $length); $plaintext = str_split($plaintext, $length);
$ciphertext = ''; $ciphertext = '';
foreach ($plaintext as $m) { foreach ($plaintext as $m) {
$ciphertext.= $this->_rsaes_pkcs1_v1_5_encrypt($m, $padding == self::PADDING_PKCS15_COMPAT); $temp = $this->_rsaes_pkcs1_v1_5_encrypt($m, $padding == self::PADDING_PKCS15_COMPAT);
if ($temp === false) {
return false;
}
$ciphertext.= $temp;
} }
return $ciphertext; return $ciphertext;
//case self::PADDING_OAEP: //case self::PADDING_OAEP:
@ -2203,7 +2210,11 @@ class RSA
$plaintext = str_split($plaintext, $length); $plaintext = str_split($plaintext, $length);
$ciphertext = ''; $ciphertext = '';
foreach ($plaintext as $m) { foreach ($plaintext as $m) {
$ciphertext.= $this->_rsaes_oaep_encrypt($m); $temp = $this->_rsaes_oaep_encrypt($m);
if ($temp === false) {
return false;
}
$ciphertext.= $temp;
} }
return $ciphertext; return $ciphertext;
} }
@ -2215,7 +2226,7 @@ class RSA
* @see self::encrypt() * @see self::encrypt()
* @access public * @access public
* @param string $plaintext * @param string $plaintext
* @param int|bool $padding * @param int $padding optional
* @return string * @return string
*/ */
function decrypt($ciphertext, $padding = self::PADDING_OAEP) function decrypt($ciphertext, $padding = self::PADDING_OAEP)
@ -2258,7 +2269,7 @@ class RSA
* @see self::verify() * @see self::verify()
* @access public * @access public
* @param string $message * @param string $message
* @param int $padding * @param int $padding optional
* @return string * @return string
*/ */
function sign($message, $padding = self::PADDING_PSS) function sign($message, $padding = self::PADDING_PSS)
@ -2284,7 +2295,7 @@ class RSA
* @access public * @access public
* @param string $message * @param string $message
* @param string $signature * @param string $signature
* @param int|bool $padding * @param int $padding optional
* @return bool * @return bool
*/ */
function verify($message, $signature, $padding = self::PADDING_PSS) function verify($message, $signature, $padding = self::PADDING_PSS)

View File

@ -16,6 +16,8 @@
namespace phpseclib\System\SSH\Agent; namespace phpseclib\System\SSH\Agent;
use phpseclib\System\SSH\Agent; use phpseclib\System\SSH\Agent;
use phpseclib\Crypt\RSA;
use phpseclib\Exception\UnsupportedAlgorithmException;
/** /**
* Pure-PHP ssh-agent client identity object * Pure-PHP ssh-agent client identity object
@ -122,10 +124,15 @@ class Identity
* @param int|bool $padding * @param int|bool $padding
* @return string * @return string
* @throws \RuntimeException on connection errors * @throws \RuntimeException on connection errors
* @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported
* @access public * @access public
*/ */
function sign($message, $padding = false) function sign($message, $padding = RSA::PADDING_PSS)
{ {
if ($padding != RSA::PADDING_PKCS1 && $padding != RSA::PADDING_RELAXED_PKCS1) {
throw new \UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures');
}
// the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE // the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE
$packet = pack('CNa*Na*N', Agent::SSH_AGENTC_SIGN_REQUEST, strlen($this->key_blob), $this->key_blob, strlen($message), $message, 0); $packet = pack('CNa*Na*N', Agent::SSH_AGENTC_SIGN_REQUEST, strlen($this->key_blob), $this->key_blob, strlen($message), $message, 0);
$packet = pack('Na*', strlen($packet), $packet); $packet = pack('Na*', strlen($packet), $packet);