mirror of
https://github.com/phpseclib/phpseclib.git
synced 2024-12-26 03:27:31 +00:00
add DSA implementation
This commit is contained in:
parent
9ae5206588
commit
eb459daeaf
@ -15,6 +15,8 @@
|
||||
|
||||
namespace phpseclib\Common\Functions;
|
||||
|
||||
use phpseclib\Math\BigInteger;
|
||||
|
||||
/**
|
||||
* Common String Functions
|
||||
*
|
||||
@ -56,4 +58,171 @@ abstract class Strings
|
||||
$string = substr($string, 0, -$index);
|
||||
return $substr;
|
||||
}
|
||||
|
||||
/**
|
||||
* Performs blinded equality testing on strings
|
||||
*
|
||||
* Protects against a particular type of timing attack described.
|
||||
*
|
||||
* See {@link http://codahale.com/a-lesson-in-timing-attacks/ A Lesson In Timing Attacks (or, Don't use MessageDigest.isEquals)}
|
||||
*
|
||||
* Thanks for the heads up singpolyma!
|
||||
*
|
||||
* @access public
|
||||
* @param string $x
|
||||
* @param string $y
|
||||
* @return bool
|
||||
*/
|
||||
public static function equals($x, $y)
|
||||
{
|
||||
if (strlen($x) != strlen($y)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$result = 0;
|
||||
for ($i = 0; $i < strlen($x); $i++) {
|
||||
$result |= ord($x[$i]) ^ ord($y[$i]);
|
||||
}
|
||||
|
||||
return $result == 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Parse SSH2-style string
|
||||
*
|
||||
* Returns either an array or a boolean if $data is malformed.
|
||||
*
|
||||
* Valid characters for $format are as follows:
|
||||
*
|
||||
* C = byte
|
||||
* b = boolean (true/false)
|
||||
* N = uint32
|
||||
* s = string
|
||||
* i = mpint
|
||||
* l = name-list
|
||||
*
|
||||
* uint64 is not supported.
|
||||
*
|
||||
* @param string $string
|
||||
* @param int $index
|
||||
* @access public
|
||||
* @return mixed
|
||||
*/
|
||||
public static function unpackSSH2($format, $data)
|
||||
{
|
||||
$result = [];
|
||||
for ($i = 0; $i < strlen($format); $i++) {
|
||||
switch ($format[$i]) {
|
||||
case 'C':
|
||||
case 'b':
|
||||
if (!strlen($data)) {
|
||||
return false;
|
||||
}
|
||||
break;
|
||||
case 'N':
|
||||
case 'i':
|
||||
case 's':
|
||||
case 'l':
|
||||
if (strlen($data) < 4) {
|
||||
return false;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
throw new \InvalidArgumentException('$format contains an invalid character');
|
||||
}
|
||||
switch ($format[$i]) {
|
||||
case 'C':
|
||||
$result[] = ord(self::shift($data));
|
||||
continue 2;
|
||||
case 'b':
|
||||
$result[] = ord(self::shift($data)) != 0;
|
||||
continue 2;
|
||||
case 'N':
|
||||
list(, $temp) = unpack('N', self::shift($data, 4));
|
||||
$result[] = $temp;
|
||||
continue 2;
|
||||
}
|
||||
list(, $length) = unpack('N', self::shift($data, 4));
|
||||
if (strlen($data) < $length) {
|
||||
return false;
|
||||
}
|
||||
$temp = self::shift($data, $length);
|
||||
switch ($format[$i]) {
|
||||
case 'i':
|
||||
$result[] = new BigInteger($temp, -256);
|
||||
break;
|
||||
case 's':
|
||||
$result[] = $temp;
|
||||
break;
|
||||
case 'l':
|
||||
$result[] = explode(',', $temp);
|
||||
}
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create SSH2-style string
|
||||
*
|
||||
* @param mixed $input..
|
||||
* @access public
|
||||
* @return mixed
|
||||
*/
|
||||
public static function packSSH2()
|
||||
{
|
||||
$elements = func_get_args();
|
||||
$format = $elements[0];
|
||||
array_shift($elements);
|
||||
if (strlen($format) != count($elements)) {
|
||||
throw new \InvalidArgumentException('There must be as many arguments as there are characters in the $format string');
|
||||
}
|
||||
$result = '';
|
||||
for ($i = 0; $i < strlen($format); $i++) {
|
||||
$element = $elements[$i];
|
||||
switch ($format[$i]) {
|
||||
case 'C':
|
||||
if (!is_int($element)) {
|
||||
throw new \InvalidArgumentException('Bytes must be represented as an integer between 0 and 255, inclusive.');
|
||||
}
|
||||
$result.= pack('C', $element);
|
||||
break;
|
||||
case 'b':
|
||||
if (!is_bool($element)) {
|
||||
throw new \InvalidArgumentException('A boolean parameter was expected.');
|
||||
}
|
||||
$result.= $element ? "\1" : "\0";
|
||||
break;
|
||||
case 'N':
|
||||
if (!is_int($element)) {
|
||||
throw new \InvalidArgumentException('An integer was expected.');
|
||||
}
|
||||
$result.= pack('N', $element);
|
||||
break;
|
||||
case 's':
|
||||
if (!is_string($element)) {
|
||||
throw new \InvalidArgumentException('A string was expected.');
|
||||
}
|
||||
$result.= pack('Na*', strlen($element), $element);
|
||||
break;
|
||||
case 'i':
|
||||
if (!$element instanceof BigInteger) {
|
||||
throw new \InvalidArgumentException('A phpseclib\Math\BigInteger object was expected.');
|
||||
}
|
||||
$element = $element->toBytes(true);
|
||||
$result.= pack('Na*', strlen($element), $element);
|
||||
break;
|
||||
case 'l':
|
||||
if (!is_array($element)) {
|
||||
throw new \InvalidArgumentException('An array was expected.');
|
||||
}
|
||||
$element = implode(',', $element);
|
||||
$result.= pack('Na*', strlen($element), $element);
|
||||
break;
|
||||
default:
|
||||
throw new \InvalidArgumentException('$format contains an invalid character');
|
||||
}
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
}
|
||||
|
660
phpseclib/Crypt/Common/AsymmetricKey.php
Normal file
660
phpseclib/Crypt/Common/AsymmetricKey.php
Normal file
@ -0,0 +1,660 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Base Class for all asymmetric key ciphers
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category Crypt
|
||||
* @package AsymmetricKey
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2016 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\Common;
|
||||
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Crypt\Hash;
|
||||
use ParagonIE\ConstantTime\Base64;
|
||||
|
||||
/**
|
||||
* Base Class for all stream cipher classes
|
||||
*
|
||||
* @package AsymmetricKey
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
*/
|
||||
abstract class AsymmetricKey
|
||||
{
|
||||
/**
|
||||
* Precomputed Zero
|
||||
*
|
||||
* @var \phpseclib\Math\BigInteger
|
||||
* @access private
|
||||
*/
|
||||
protected static $zero;
|
||||
|
||||
/**
|
||||
* Precomputed One
|
||||
*
|
||||
* @var \phpseclib\Math\BigInteger
|
||||
* @access private
|
||||
*/
|
||||
protected static $one;
|
||||
|
||||
/**
|
||||
* Engine
|
||||
*
|
||||
* This is only used for key generation. Valid values are RSA::ENGINE_INTERNAL and RSA::ENGINE_OPENSSL
|
||||
*
|
||||
* @var int
|
||||
* @access private
|
||||
*/
|
||||
protected static $engine = NULL;
|
||||
|
||||
/**
|
||||
* OpenSSL configuration file name.
|
||||
*
|
||||
* Set to null to use system configuration file.
|
||||
*
|
||||
* @see self::createKey()
|
||||
* @var mixed
|
||||
* @access public
|
||||
*/
|
||||
protected static $configFile;
|
||||
|
||||
/**
|
||||
* Supported plugins (lower case)
|
||||
*
|
||||
* @see self::initialize_static_variables()
|
||||
* @var array
|
||||
* @access private
|
||||
*/
|
||||
private static $plugins = [];
|
||||
|
||||
/**
|
||||
* Supported plugins (original case)
|
||||
*
|
||||
* @see self::initialize_static_variables()
|
||||
* @var array
|
||||
* @access private
|
||||
*/
|
||||
private static $origPlugins = [];
|
||||
|
||||
/**
|
||||
* Supported signature formats (lower case)
|
||||
*
|
||||
* @see self::initialize_static_variables()
|
||||
* @var array
|
||||
* @access private
|
||||
*/
|
||||
private static $signatureFormats = [];
|
||||
|
||||
/**
|
||||
* Supported signature formats (original case)
|
||||
*
|
||||
* @see self::initialize_static_variables()
|
||||
* @var array
|
||||
* @access private
|
||||
*/
|
||||
private static $signatureFileFormats = [];
|
||||
|
||||
/**
|
||||
* Password
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
protected $password = false;
|
||||
|
||||
/**
|
||||
* Loaded File Format
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
protected $format = false;
|
||||
|
||||
/**
|
||||
* Private Key Format
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
protected $privateKeyFormat = 'PKCS8';
|
||||
|
||||
/**
|
||||
* Public Key Format
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
protected $publicKeyFormat = 'PKCS8';
|
||||
|
||||
/**
|
||||
* Hash function
|
||||
*
|
||||
* @var \phpseclib\Crypt\Hash
|
||||
* @access private
|
||||
*/
|
||||
protected $hash;
|
||||
|
||||
/**
|
||||
* HMAC function
|
||||
*
|
||||
* @var \phpseclib\Crypt\Hash
|
||||
* @access private
|
||||
*/
|
||||
private $hmac;
|
||||
|
||||
/**#@+
|
||||
* @access private
|
||||
* @see self::__construct()
|
||||
*/
|
||||
/**
|
||||
* To use the pure-PHP implementation
|
||||
*/
|
||||
const ENGINE_INTERNAL = 1;
|
||||
/**
|
||||
* To use the OpenSSL library
|
||||
*
|
||||
* (if enabled; otherwise, the internal implementation will be used)
|
||||
*/
|
||||
const ENGINE_OPENSSL = 2;
|
||||
/**#@-*/
|
||||
|
||||
/**
|
||||
* The constructor
|
||||
*
|
||||
* @access public
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
self::initialize_static_variables();
|
||||
|
||||
$this->hash = new Hash('sha256');
|
||||
$this->hmac = new Hash('sha256');
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests engine validity
|
||||
*
|
||||
* @access public
|
||||
* @param int $val
|
||||
*/
|
||||
public static function isValidEngine($val)
|
||||
{
|
||||
switch ($val) {
|
||||
case self::ENGINE_OPENSSL:
|
||||
return extension_loaded('openssl') && file_exists(self::$configFile);
|
||||
case self::ENGINE_INTERNAL:
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the engine
|
||||
*
|
||||
* Only used in RSA::createKey. Valid values are RSA::ENGINE_OPENSSL and RSA::ENGINE_INTERNAL
|
||||
*
|
||||
* @access public
|
||||
* @param int $val
|
||||
*/
|
||||
public static function setPreferredEngine($val)
|
||||
{
|
||||
static::$engine = null;
|
||||
$candidateEngines = [
|
||||
$val,
|
||||
self::ENGINE_OPENSSL
|
||||
];
|
||||
foreach ($candidateEngines as $engine) {
|
||||
if (static::isValidEngine($engine)) {
|
||||
static::$engine = $engine;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!isset(static::$engine)) {
|
||||
static::$engine = self::ENGINE_INTERNAL;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the engine
|
||||
*
|
||||
* @access public
|
||||
* @return int
|
||||
*/
|
||||
public static function getEngine()
|
||||
{
|
||||
return self::$engine;
|
||||
}
|
||||
|
||||
/**
|
||||
* Initialize static variables
|
||||
*
|
||||
* @access private
|
||||
*/
|
||||
protected static function initialize_static_variables()
|
||||
{
|
||||
if (!isset(self::$zero)) {
|
||||
self::$zero= new BigInteger(0);
|
||||
self::$one = new BigInteger(1);
|
||||
self::$configFile = __DIR__ . '/../openssl.cnf';
|
||||
}
|
||||
|
||||
self::loadPlugins('Keys');
|
||||
if (static::ALGORITHM != 'RSA') {
|
||||
self::loadPlugins('Signature');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Load Plugins
|
||||
*
|
||||
* @params $format
|
||||
* @access private
|
||||
*/
|
||||
private static function loadPlugins($format)
|
||||
{
|
||||
if (!isset(self::$plugins[static::ALGORITHM][$format])) {
|
||||
self::$plugins[static::ALGORITHM][$format] = [];
|
||||
foreach (glob(__DIR__ . '/../' . static::ALGORITHM . '/' . $format . '/*.php') as $file) {
|
||||
$name = pathinfo($file, PATHINFO_FILENAME);
|
||||
$type = 'phpseclib\Crypt\\' . static::ALGORITHM . '\\' . $format . '\\' . $name;
|
||||
self::$plugins[static::ALGORITHM][$format][strtolower($name)] = $type;
|
||||
self::$origPlugins[static::ALGORITHM][$format][] = $name;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate Plugin
|
||||
*
|
||||
* @access private
|
||||
* @param string $format
|
||||
* @param string $type
|
||||
* @param string $method optional
|
||||
* @return mixed
|
||||
*/
|
||||
protected static function validatePlugin($format, $type, $method = NULL)
|
||||
{
|
||||
$type = strtolower($type);
|
||||
if (!isset(self::$plugins[static::ALGORITHM][$format][$type])) {
|
||||
return false;
|
||||
}
|
||||
$type = self::$plugins[static::ALGORITHM][$format][$type];
|
||||
if (isset($method) && !method_exists($type, $method)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $type;
|
||||
}
|
||||
|
||||
/**
|
||||
* Load the key
|
||||
*
|
||||
* @access private
|
||||
* @param string $key
|
||||
* @param string $type
|
||||
* @return array
|
||||
*/
|
||||
protected function load($key, $type)
|
||||
{
|
||||
$components = false;
|
||||
if ($type === false) {
|
||||
foreach (self::$plugins[static::ALGORITHM]['Keys'] as $format) {
|
||||
try {
|
||||
$components = $format::load($key, $this->password);
|
||||
} catch (\Exception $e) {
|
||||
$components = false;
|
||||
}
|
||||
if ($components !== false) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$format = strtolower($type);
|
||||
if (isset(self::$plugins[static::ALGORITHM]['Keys'][$format])) {
|
||||
$format = self::$plugins[static::ALGORITHM]['Keys'][$format];
|
||||
$components = $format::load($key, $this->password);
|
||||
}
|
||||
}
|
||||
|
||||
if ($components === false) {
|
||||
$this->format = false;
|
||||
return false;
|
||||
}
|
||||
|
||||
$this->format = $format;
|
||||
|
||||
return $components;
|
||||
}
|
||||
|
||||
/**
|
||||
* Load the public key
|
||||
*
|
||||
* @access private
|
||||
* @param string $key
|
||||
* @param string $type
|
||||
* @return array
|
||||
*/
|
||||
protected function setPublicKey($key, $type)
|
||||
{
|
||||
$components = false;
|
||||
if ($type === false) {
|
||||
foreach (self::$plugins[static::ALGORITHM]['Keys'] as $format) {
|
||||
if (!method_exists($format, 'savePublicKey')) {
|
||||
continue;
|
||||
}
|
||||
try {
|
||||
$components = $format::load($key, $this->password);
|
||||
} catch (\Exception $e) {
|
||||
$components = false;
|
||||
}
|
||||
if ($components !== false) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$format = strtolower($type);
|
||||
if (isset(self::$plugins[static::ALGORITHM]['Keys'][$format])) {
|
||||
$format = self::$plugins[static::ALGORITHM]['Keys'][$format];
|
||||
$components = $format::load($key, $this->password);
|
||||
}
|
||||
}
|
||||
|
||||
if ($components === false) {
|
||||
$this->format = false;
|
||||
return false;
|
||||
}
|
||||
|
||||
$this->format = $format;
|
||||
|
||||
return $components;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a list of supported formats.
|
||||
*
|
||||
* @access public
|
||||
* @return array
|
||||
*/
|
||||
public static function getSupportedKeyFormats()
|
||||
{
|
||||
self::initialize_static_variables();
|
||||
|
||||
return self::$plugins[static::ALGORITHM]['Keys'];
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a fileformat plugin
|
||||
*
|
||||
* The plugin needs to either already be loaded or be auto-loadable.
|
||||
* Loading a plugin whose shortname overwrite an existing shortname will overwrite the old plugin.
|
||||
*
|
||||
* @see self::load()
|
||||
* @param string $fullname
|
||||
* @access public
|
||||
* @return bool
|
||||
*/
|
||||
public static function addFileFormat($fullname)
|
||||
{
|
||||
self::initialize_static_variables();
|
||||
|
||||
if (class_exists($fullname)) {
|
||||
$meta = new \ReflectionClass($path);
|
||||
$shortname = $meta->getShortName();
|
||||
self::$plugins[static::ALGORITHM]['Keys'][strtolower($shortname)] = $fullname;
|
||||
self::$origPlugins[static::ALGORITHM]['Keys'][] = $shortname;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the public key's fingerprint
|
||||
*
|
||||
* The public key's fingerprint is returned, which is equivalent to running `ssh-keygen -lf rsa.pub`. If there is
|
||||
* no public key currently loaded, false is returned.
|
||||
* Example output (md5): "c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87" (as specified by RFC 4716)
|
||||
*
|
||||
* @access public
|
||||
* @param string $algorithm The hashing algorithm to be used. Valid options are 'md5' and 'sha256'. False is returned
|
||||
* for invalid values.
|
||||
* @return mixed
|
||||
*/
|
||||
public function getPublicKeyFingerprint($algorithm = 'md5')
|
||||
{
|
||||
$type = self::validatePlugin('Keys', 'OpenSSH', 'getBinaryOutput');
|
||||
if ($type === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$status = $type::getBinaryOutput();
|
||||
$type::setBinaryOutput(true);
|
||||
|
||||
$key = $this->getPublicKey('OpenSSH');
|
||||
if ($key === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$type::setBinaryOutput($status);
|
||||
|
||||
switch ($algorithm) {
|
||||
case 'sha256':
|
||||
$hash = new Hash('sha256');
|
||||
$base = Base64::encode($hash->hash($key));
|
||||
return substr($base, 0, strlen($base) - 1);
|
||||
case 'md5':
|
||||
return substr(chunk_split(md5($key), 2, ':'), 0, -1);
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* __toString() magic method
|
||||
*
|
||||
* @access public
|
||||
* @return string
|
||||
*/
|
||||
public function __toString()
|
||||
{
|
||||
try {
|
||||
$key = $this->getPrivateKey($this->privateKeyFormat);
|
||||
if (is_string($key)) {
|
||||
return $key;
|
||||
}
|
||||
$key = $this->getPublicKey($this->publicKeyFormat);
|
||||
return is_string($key) ? $key : '';
|
||||
} catch (\Exception $e) {
|
||||
return '';
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* __clone() magic method
|
||||
*
|
||||
* @access public
|
||||
* @return static
|
||||
*/
|
||||
public function __clone()
|
||||
{
|
||||
$key = new static();
|
||||
$key->load($this);
|
||||
return $key;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines the private key format
|
||||
*
|
||||
* @see self::__toString()
|
||||
* @access public
|
||||
* @param string $format
|
||||
*/
|
||||
public function setPrivateKeyFormat($format)
|
||||
{
|
||||
$this->privateKeyFormat = $format;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines the public key format
|
||||
*
|
||||
* @see self::__toString()
|
||||
* @access public
|
||||
* @param string $format
|
||||
*/
|
||||
public function setPublicKeyFormat($format)
|
||||
{
|
||||
$this->publicKeyFormat = $format;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the format of the loaded key.
|
||||
*
|
||||
* If the key that was loaded wasn't in a valid or if the key was auto-generated
|
||||
* with RSA::createKey() then this will return false.
|
||||
*
|
||||
* @see self::load()
|
||||
* @access public
|
||||
* @return mixed
|
||||
*/
|
||||
public function getLoadedFormat()
|
||||
{
|
||||
if ($this->format === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$meta = new \ReflectionClass($this->format);
|
||||
return $meta->getShortName();
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the password
|
||||
*
|
||||
* Private keys can be encrypted with a password. To unset the password, pass in the empty string or false.
|
||||
* Or rather, pass in $password such that empty($password) && !is_string($password) is true.
|
||||
*
|
||||
* @see self::createKey()
|
||||
* @see self::load()
|
||||
* @access public
|
||||
* @param string $password
|
||||
*/
|
||||
public function setPassword($password = false)
|
||||
{
|
||||
$this->password = $password;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines which hashing function should be used
|
||||
*
|
||||
* @access public
|
||||
* @param string $hash
|
||||
*/
|
||||
public function setHash($hash)
|
||||
{
|
||||
$this->hash = new Hash($hash);
|
||||
$this->hmac = new Hash($hash);
|
||||
}
|
||||
|
||||
/**
|
||||
* Compute the pseudorandom k for signature generation,
|
||||
* using the process specified for deterministic DSA.
|
||||
*
|
||||
* @access public
|
||||
* @param string $h1
|
||||
* @return string
|
||||
*/
|
||||
protected function computek($h1)
|
||||
{
|
||||
$v = str_repeat("\1", strlen($h1));
|
||||
|
||||
$k = str_repeat("\0", strlen($h1));
|
||||
|
||||
$x = $this->int2octets($this->x);
|
||||
$h1 = $this->bits2octets($h1);
|
||||
|
||||
$this->hmac->setKey($k);
|
||||
$k = $this->hmac->hash($v . "\0" . $x . $h1);
|
||||
$this->hmac->setKey($k);
|
||||
$v = $this->hmac->hash($v);
|
||||
$k = $this->hmac->hash($v . "\1" . $x . $h1);
|
||||
$this->hmac->setKey($k);
|
||||
$v = $this->hmac->hash($v);
|
||||
|
||||
$qlen = $this->q->getLengthInBytes();
|
||||
|
||||
while (true) {
|
||||
$t = '';
|
||||
while (strlen($t) < $qlen) {
|
||||
$v = $this->hmac->hash($v);
|
||||
$t = $t . $v;
|
||||
}
|
||||
$k = $this->bits2int($t);
|
||||
|
||||
if (!$k->equals(self::$zero) && $k->compare($this->q) < 0) {
|
||||
break;
|
||||
}
|
||||
$k = $this->hmac->hash($v . "\0");
|
||||
$this->hmac->setKey($k);
|
||||
$v = $this->hmac->hash($v);
|
||||
}
|
||||
|
||||
return $k;
|
||||
}
|
||||
|
||||
/**
|
||||
* Integer to Octet String
|
||||
*
|
||||
* @access private
|
||||
* @param \phpseclib\Math\BigInteger $v
|
||||
* @return string
|
||||
*/
|
||||
private function int2octets($v)
|
||||
{
|
||||
$out = $v->toBytes();
|
||||
$rolen = $this->q->getLengthInBytes();
|
||||
if (strlen($out) < $rolen) {
|
||||
return str_pad($out, $rolen, "\0", STR_PAD_LEFT);
|
||||
} else if (strlen($out) > $rolen) {
|
||||
return substr($out, -$rolen);
|
||||
} else {
|
||||
return $out;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Bit String to Integer
|
||||
*
|
||||
* @access private
|
||||
* @param string $in
|
||||
* @return \phpseclib\Math\BigInteger
|
||||
*/
|
||||
protected function bits2int($in)
|
||||
{
|
||||
$v = new BigInteger($in, 256);
|
||||
$vlen = strlen($in) << 3;
|
||||
$qlen = $this->q->getLength();
|
||||
if ($vlen > $qlen) {
|
||||
return $v->bitwise_rightShift($vlen - $qlen);
|
||||
}
|
||||
return $v;
|
||||
}
|
||||
|
||||
/**
|
||||
* Bit String to Octet String
|
||||
*
|
||||
* @access private
|
||||
* @param string $in
|
||||
* @return string
|
||||
*/
|
||||
private function bits2octets($in)
|
||||
{
|
||||
$z1 = $this->bits2int($in);
|
||||
$z2 = $z1->subtract($this->q);
|
||||
return $z2->compare(self::$zero) < 0 ?
|
||||
$this->int2octets($z1) :
|
||||
$this->int2octets($z2);
|
||||
}
|
||||
}
|
139
phpseclib/Crypt/Common/Keys/OpenSSH.php
Normal file
139
phpseclib/Crypt/Common/Keys/OpenSSH.php
Normal file
@ -0,0 +1,139 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* OpenSSH Key Handler
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* Place in $HOME/.ssh/authorized_keys
|
||||
*
|
||||
* @category Crypt
|
||||
* @package Common
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2015 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\Common\Keys;
|
||||
|
||||
use ParagonIE\ConstantTime\Base64;
|
||||
use phpseclib\Common\Functions\Strings;
|
||||
|
||||
/**
|
||||
* OpenSSH Formatted RSA Key Handler
|
||||
*
|
||||
* @package Common
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class OpenSSH
|
||||
{
|
||||
/**
|
||||
* Default comment
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
protected static $comment = 'phpseclib-generated-key';
|
||||
|
||||
/**
|
||||
* Binary key flag
|
||||
*
|
||||
* @var bool
|
||||
* @access private
|
||||
*/
|
||||
protected static $binary = false;
|
||||
|
||||
/**
|
||||
* Sets the default comment
|
||||
*
|
||||
* @access public
|
||||
* @param string $comment
|
||||
*/
|
||||
public static function setComment($comment)
|
||||
{
|
||||
self::$comment = str_replace(["\r", "\n"], '', $comment);
|
||||
}
|
||||
|
||||
/**
|
||||
* Break a public or private key down into its constituent components
|
||||
*
|
||||
* $type can be either ssh-dss or ssh-rsa
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $type
|
||||
* @return array
|
||||
*/
|
||||
public static function load($key, $type)
|
||||
{
|
||||
if (!is_string($key)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$parts = explode(' ', $key, 3);
|
||||
|
||||
if (!isset($parts[1])) {
|
||||
$key = Base64::decode($parts[0]);
|
||||
$comment = isset($parts[1]) ? $parts[1] : false;
|
||||
} else {
|
||||
if ($parts[0] != $type) {
|
||||
return false;
|
||||
}
|
||||
$key = Base64::decode($parts[1]);
|
||||
$comment = isset($parts[2]) ? $parts[2] : false;
|
||||
}
|
||||
if ($key === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (substr($key, 0, 11) != "\0\0\0\7$type") {
|
||||
return false;
|
||||
}
|
||||
Strings::shift($key, 11);
|
||||
if (strlen($key) <= 4) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $key;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the comment for the key
|
||||
*
|
||||
* @access public
|
||||
* @return mixed
|
||||
*/
|
||||
public static function getComment($key)
|
||||
{
|
||||
$parts = explode(' ', $key, 3);
|
||||
|
||||
return isset($parts[2]) ? $parts[2] : false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Toggle between binary and printable keys
|
||||
*
|
||||
* Printable keys are what are generated by default. These are the ones that go in
|
||||
* $HOME/.ssh/authorized_key.
|
||||
*
|
||||
* @access public
|
||||
* @param bool $enabled
|
||||
*/
|
||||
public static function setBinaryOutput($enabled)
|
||||
{
|
||||
self::$binary = $enabled;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the current binary output value
|
||||
*
|
||||
* @access public
|
||||
* @return bool
|
||||
*/
|
||||
public static function getBinaryOutput()
|
||||
{
|
||||
return (bool) self::$binary;
|
||||
}
|
||||
}
|
80
phpseclib/Crypt/Common/Keys/PKCS.php
Normal file
80
phpseclib/Crypt/Common/Keys/PKCS.php
Normal file
@ -0,0 +1,80 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* PKCS Formatted Key Handler
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category Crypt
|
||||
* @package Common
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2015 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\Common\Keys;
|
||||
|
||||
/**
|
||||
* PKCS1 Formatted Key Handler
|
||||
*
|
||||
* @package RSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class PKCS
|
||||
{
|
||||
/**
|
||||
* Auto-detect the format
|
||||
*/
|
||||
const MODE_ANY = 0;
|
||||
/**
|
||||
* Require base64-encoded PEM's be supplied
|
||||
*/
|
||||
const MODE_PEM = 1;
|
||||
/**
|
||||
* Require raw DER's be supplied
|
||||
*/
|
||||
const MODE_DER = 2;
|
||||
/**#@-*/
|
||||
|
||||
/**
|
||||
* Is the key a base-64 encoded PEM, DER or should it be auto-detected?
|
||||
*
|
||||
* @access private
|
||||
* @param int
|
||||
*/
|
||||
protected static $format = self::MODE_ANY;
|
||||
|
||||
/**
|
||||
* Require base64-encoded PEM's be supplied
|
||||
*
|
||||
* @access public
|
||||
*/
|
||||
public static function requirePEM()
|
||||
{
|
||||
self::$format = self::MODE_PEM;
|
||||
}
|
||||
|
||||
/**
|
||||
* Require raw DER's be supplied
|
||||
*
|
||||
* @access public
|
||||
*/
|
||||
public static function requireDER()
|
||||
{
|
||||
self::$format = self::MODE_DER;
|
||||
}
|
||||
|
||||
/**
|
||||
* Accept any format and auto detect the format
|
||||
*
|
||||
* This is the default setting
|
||||
*
|
||||
* @access public
|
||||
*/
|
||||
public static function requireAny()
|
||||
{
|
||||
self::$format = self::MODE_ANY;
|
||||
}
|
||||
}
|
224
phpseclib/Crypt/Common/Keys/PKCS1.php
Normal file
224
phpseclib/Crypt/Common/Keys/PKCS1.php
Normal file
@ -0,0 +1,224 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* PKCS1 Formatted Key Handler
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category Crypt
|
||||
* @package Common
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2015 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\Common\Keys;
|
||||
|
||||
use ParagonIE\ConstantTime\Base64;
|
||||
use ParagonIE\ConstantTime\Hex;
|
||||
use phpseclib\Crypt\Common\BlockCipher;
|
||||
use phpseclib\Crypt\Random;
|
||||
use phpseclib\Crypt\AES;
|
||||
use phpseclib\Crypt\Base;
|
||||
use phpseclib\Crypt\DES;
|
||||
use phpseclib\Crypt\TripleDES;
|
||||
use phpseclib\File\ASN1;
|
||||
|
||||
/**
|
||||
* PKCS1 Formatted Key Handler
|
||||
*
|
||||
* @package RSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class PKCS1 extends PKCS
|
||||
{
|
||||
/**
|
||||
* Default encryption algorithm
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
private static $defaultEncryptionAlgorithm = 'AES-128-CBC';
|
||||
|
||||
/**
|
||||
* Sets the default encryption algorithm
|
||||
*
|
||||
* @access public
|
||||
* @param string $algo
|
||||
*/
|
||||
public static function setEncryptionAlgorithm($algo)
|
||||
{
|
||||
self::$defaultEncryptionAlgorithm = $algo;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the mode constant corresponding to the mode string
|
||||
*
|
||||
* @access public
|
||||
* @param string $mode
|
||||
* @return int
|
||||
* @throws \UnexpectedValueException if the block cipher mode is unsupported
|
||||
*/
|
||||
private static function getEncryptionMode($mode)
|
||||
{
|
||||
switch ($mode) {
|
||||
case 'CBC':
|
||||
return BlockCipher::MODE_CBC;
|
||||
case 'ECB':
|
||||
return BlockCipher::MODE_ECB;
|
||||
case 'CFB':
|
||||
return BlockCipher::MODE_CFB;
|
||||
case 'OFB':
|
||||
return BlockCipher::MODE_OFB;
|
||||
case 'CTR':
|
||||
return BlockCipher::MODE_CTR;
|
||||
}
|
||||
throw new \UnexpectedValueException('Unsupported block cipher mode of operation');
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a cipher object corresponding to a string
|
||||
*
|
||||
* @access public
|
||||
* @param string $algo
|
||||
* @return string
|
||||
* @throws \UnexpectedValueException if the encryption algorithm is unsupported
|
||||
*/
|
||||
private static function getEncryptionObject($algo)
|
||||
{
|
||||
$modes = '(CBC|ECB|CFB|OFB|CTR)';
|
||||
switch (true) {
|
||||
case preg_match("#^AES-(128|192|256)-$modes$#", $algo, $matches):
|
||||
$cipher = new AES(self::getEncryptionMode($matches[2]));
|
||||
$cipher->setKeyLength($matches[1]);
|
||||
return $cipher;
|
||||
case preg_match("#^DES-EDE3-$modes$#", $algo, $matches):
|
||||
return new TripleDES(self::getEncryptionMode($matches[1]));
|
||||
case preg_match("#^DES-$modes$#", $algo, $matches):
|
||||
return new DES(self::getEncryptionMode($matches[1]));
|
||||
default:
|
||||
throw new \UnexpectedValueException('Unsupported encryption algorithmn');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate a symmetric key for PKCS#1 keys
|
||||
*
|
||||
* @access private
|
||||
* @param string $password
|
||||
* @param string $iv
|
||||
* @param int $length
|
||||
* @return string
|
||||
*/
|
||||
private static function generateSymmetricKey($password, $iv, $length)
|
||||
{
|
||||
$symkey = '';
|
||||
$iv = substr($iv, 0, 8);
|
||||
while (strlen($symkey) < $length) {
|
||||
$symkey.= md5($symkey . $password . $iv, true);
|
||||
}
|
||||
return substr($symkey, 0, $length);
|
||||
}
|
||||
|
||||
/**
|
||||
* Break a public or private key down into its constituent components
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
*/
|
||||
protected static function load($key, $password)
|
||||
{
|
||||
if (!is_string($key)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Although PKCS#1 proposes a format that public and private keys can use, encrypting them is
|
||||
"outside the scope" of PKCS#1. PKCS#1 then refers you to PKCS#12 and PKCS#15 if you're wanting to
|
||||
protect private keys, however, that's not what OpenSSL* does. OpenSSL protects private keys by adding
|
||||
two new "fields" to the key - DEK-Info and Proc-Type. These fields are discussed here:
|
||||
|
||||
http://tools.ietf.org/html/rfc1421#section-4.6.1.1
|
||||
http://tools.ietf.org/html/rfc1421#section-4.6.1.3
|
||||
|
||||
DES-EDE3-CBC as an algorithm, however, is not discussed anywhere, near as I can tell.
|
||||
DES-CBC and DES-EDE are discussed in RFC1423, however, DES-EDE3-CBC isn't, nor is its key derivation
|
||||
function. As is, the definitive authority on this encoding scheme isn't the IETF but rather OpenSSL's
|
||||
own implementation. ie. the implementation *is* the standard and any bugs that may exist in that
|
||||
implementation are part of the standard, as well.
|
||||
|
||||
* OpenSSL is the de facto standard. It's utilized by OpenSSH and other projects */
|
||||
if (preg_match('#DEK-Info: (.+),(.+)#', $key, $matches)) {
|
||||
$iv = Hex::decode(trim($matches[2]));
|
||||
// remove the Proc-Type / DEK-Info sections as they're no longer needed
|
||||
$key = preg_replace('#^(?:Proc-Type|DEK-Info): .*#m', '', $key);
|
||||
$ciphertext = ASN1::extractBER($key);
|
||||
if ($ciphertext === false) {
|
||||
$ciphertext = $key;
|
||||
}
|
||||
$crypto = self::getEncryptionObject($matches[1]);
|
||||
$crypto->setKey(self::generateSymmetricKey($password, $iv, $crypto->getKeyLength() >> 3));
|
||||
$crypto->setIV($iv);
|
||||
$key = $crypto->decrypt($ciphertext);
|
||||
} else {
|
||||
if (self::$format != self::MODE_DER) {
|
||||
$decoded = ASN1::extractBER($key);
|
||||
if ($decoded !== false) {
|
||||
$key = $decoded;
|
||||
} elseif (self::$format == self::MODE_PEM) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $key;
|
||||
}
|
||||
|
||||
/**
|
||||
* Wrap a private key appropriately
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $type
|
||||
* @param string $password
|
||||
* @return string
|
||||
*/
|
||||
protected static function wrapPrivateKey($key, $type, $password)
|
||||
{
|
||||
if (empty($password) || !is_string($password)) {
|
||||
return "-----BEGIN $type PRIVATE KEY-----\r\n" .
|
||||
chunk_split(Base64::encode($key), 64) .
|
||||
"-----END $type PRIVATE KEY-----";
|
||||
}
|
||||
|
||||
$cipher = self::getEncryptionObject(self::$defaultEncryptionAlgorithm);
|
||||
$iv = Random::string($cipher->getBlockLength() >> 3);
|
||||
$cipher->setKey(self::generateSymmetricKey($password, $iv, $cipher->getKeyLength() >> 3));
|
||||
$cipher->setIV($iv);
|
||||
$iv = strtoupper(Hex::encode($iv));
|
||||
return "-----BEGIN $type PRIVATE KEY-----\r\n" .
|
||||
"Proc-Type: 4,ENCRYPTED\r\n" .
|
||||
"DEK-Info: " . self::$defaultEncryptionAlgorithm . ",$iv\r\n" .
|
||||
"\r\n" .
|
||||
chunk_split(Base64::encode($cipher->encrypt($key)), 64) .
|
||||
"-----END $type PRIVATE KEY-----";
|
||||
}
|
||||
|
||||
/**
|
||||
* Wrap a public key appropriately
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $type
|
||||
* @return string
|
||||
*/
|
||||
protected static function wrapPublicKey($key, $type)
|
||||
{
|
||||
return "-----BEGIN $type PUBLIC KEY-----\r\n" .
|
||||
chunk_split(Base64::encode($key), 64) .
|
||||
"-----END $type PUBLIC KEY-----";
|
||||
}
|
||||
}
|
609
phpseclib/Crypt/Common/Keys/PKCS8.php
Normal file
609
phpseclib/Crypt/Common/Keys/PKCS8.php
Normal file
@ -0,0 +1,609 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* PKCS#8 Formatted Key Handler
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* Used by PHP's openssl_public_encrypt() and openssl's rsautl (when -pubin is set)
|
||||
*
|
||||
* Processes keys with the following headers:
|
||||
*
|
||||
* -----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
* -----BEGIN PRIVATE KEY-----
|
||||
* -----BEGIN PUBLIC KEY-----
|
||||
*
|
||||
* Analogous to ssh-keygen's pkcs8 format (as specified by -m). Although PKCS8
|
||||
* is specific to private keys it's basically creating a DER-encoded wrapper
|
||||
* for keys. This just extends that same concept to public keys (much like ssh-keygen)
|
||||
*
|
||||
* @category Crypt
|
||||
* @package Common
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2015 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\Common\Keys;
|
||||
|
||||
use ParagonIE\ConstantTime\Base64;
|
||||
use phpseclib\Crypt\DES;
|
||||
use phpseclib\Crypt\RC2;
|
||||
use phpseclib\Crypt\RC4;
|
||||
use phpseclib\Crypt\AES;
|
||||
use phpseclib\Crypt\TripleDES;
|
||||
use phpseclib\Crypt\Common\BlockCipher;
|
||||
use phpseclib\Crypt\Random;
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\File\ASN1;
|
||||
use phpseclib\File\ASN1\Maps;
|
||||
use phpseclib\Exception\UnsupportedAlgorithmException;
|
||||
|
||||
/**
|
||||
* PKCS#8 Formatted Key Handler
|
||||
*
|
||||
* @package Common
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class PKCS8 extends PKCS
|
||||
{
|
||||
/**
|
||||
* Default encryption algorithm
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
private static $defaultEncryptionAlgorithm = 'id-PBES2';
|
||||
|
||||
/**
|
||||
* Default encryption scheme
|
||||
*
|
||||
* Only used when defaultEncryptionAlgorithm is id-PBES2
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
private static $defaultEncryptionScheme = 'aes128-CBC-PAD';
|
||||
|
||||
/**
|
||||
* Default PRF
|
||||
*
|
||||
* Only used when defaultEncryptionAlgorithm is id-PBES2
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
private static $defaultPRF = 'id-hmacWithSHA256';
|
||||
|
||||
/**
|
||||
* Default Iteration Count
|
||||
*
|
||||
* @var int
|
||||
* @access private
|
||||
*/
|
||||
private static $defaultIterationCount = 2048;
|
||||
|
||||
/**
|
||||
* OIDs loaded
|
||||
*
|
||||
* @var bool
|
||||
* @access private
|
||||
*/
|
||||
private static $oidsLoaded = false;
|
||||
|
||||
/**
|
||||
* Sets the default encryption algorithm
|
||||
*
|
||||
* @access public
|
||||
* @param string $algo
|
||||
*/
|
||||
public static function setEncryptionAlgorithm($algo)
|
||||
{
|
||||
self::$defaultEncryptionAlgorithm = $algo;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the default encryption algorithm for PBES2
|
||||
*
|
||||
* @access public
|
||||
* @param string $algo
|
||||
*/
|
||||
public static function setEncryptionScheme($algo)
|
||||
{
|
||||
self::$defaultEncryptionScheme = $algo;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the iteration count
|
||||
*
|
||||
* @access public
|
||||
* @param int $count
|
||||
*/
|
||||
public static function setIterationCount($count)
|
||||
{
|
||||
self::$defaultIterationCount = $count;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the PRF for PBES2
|
||||
*
|
||||
* @access public
|
||||
* @param string $algo
|
||||
*/
|
||||
public static function setPRF($algo)
|
||||
{
|
||||
self::$defaultPRF = $algo;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a SymmetricKey object based on a PBES1 $algo
|
||||
*
|
||||
* @access public
|
||||
* @param string $algo
|
||||
*/
|
||||
private static function getPBES1EncryptionObject($algo)
|
||||
{
|
||||
$algo = preg_match('#^pbeWith(?:MD2|MD5|SHA1|SHA)And(.*?)-CBC$#', $algo, $matches) ?
|
||||
$matches[1] :
|
||||
substr($algo, 13); // strlen('pbeWithSHAAnd') == 13
|
||||
|
||||
switch ($algo) {
|
||||
case 'DES':
|
||||
$cipher = new DES(BlockCipher::MODE_CBC);
|
||||
break;
|
||||
case 'RC2':
|
||||
$cipher = new RC2(BlockCipher::MODE_CBC);
|
||||
break;
|
||||
case '3-KeyTripleDES':
|
||||
$cipher = new TripleDES(BlockCipher::MODE_CBC);
|
||||
break;
|
||||
case '2-KeyTripleDES':
|
||||
$cipher = new TripleDES(BlockCipher::MODE_CBC);
|
||||
$cipher->setKeyLength(128);
|
||||
break;
|
||||
case '128BitRC2':
|
||||
$cipher = new RC2(BlockCipher::MODE_CBC);
|
||||
$cipher->setKeyLength(128);
|
||||
break;
|
||||
case '40BitRC2':
|
||||
$cipher = new RC2(BlockCipher::MODE_CBC);
|
||||
$cipher->setKeyLength(40);
|
||||
break;
|
||||
case '128BitRC4':
|
||||
$cipher = new RC4();
|
||||
$cipher->setKeyLength(128);
|
||||
break;
|
||||
case '40BitRC4':
|
||||
$cipher = new RC4();
|
||||
$cipher->setKeyLength(40);
|
||||
break;
|
||||
default:
|
||||
throw new UnsupportedAlgorithmException("$algo is not a supported algorithm");
|
||||
}
|
||||
|
||||
return $cipher;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a hash based on a PBES1 $algo
|
||||
*
|
||||
* @access public
|
||||
* @param string $algo
|
||||
*/
|
||||
private static function getPBES1Hash($algo)
|
||||
{
|
||||
if (preg_match('#^pbeWith(MD2|MD5|SHA1|SHA)And.*?-CBC$#', $algo, $matches)) {
|
||||
return $matches[1] == 'SHA' ? 'sha1' : $matches[1];
|
||||
}
|
||||
|
||||
return 'sha1';
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a KDF baesd on a PBES1 $algo
|
||||
*
|
||||
* @access public
|
||||
* @param string $algo
|
||||
*/
|
||||
private static function getPBES1KDF($algo)
|
||||
{
|
||||
switch ($algo) {
|
||||
case 'pbeWithMD2AndDES-CBC':
|
||||
case 'pbeWithMD2AndRC2-CBC':
|
||||
case 'pbeWithMD5AndDES-CBC':
|
||||
case 'pbeWithMD5AndRC2-CBC':
|
||||
case 'pbeWithSHA1AndDES-CBC':
|
||||
case 'pbeWithSHA1AndRC2-CBC':
|
||||
return 'pbkdf1';
|
||||
}
|
||||
|
||||
return 'pkcs12';
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a SymmetricKey object baesd on a PBES2 $algo
|
||||
*
|
||||
* @access public
|
||||
* @param string $algo
|
||||
*/
|
||||
private static function getPBES2EncryptionObject($algo)
|
||||
{
|
||||
switch ($algo) {
|
||||
case 'desCBC':
|
||||
$cipher = new TripleDES(BlockCipher::MODE_CBC);
|
||||
break;
|
||||
case 'des-EDE3-CBC':
|
||||
$cipher = new TripleDES(BlockCipher::MODE_CBC);
|
||||
break;
|
||||
case 'rc2CBC':
|
||||
$cipher = new RC2(BlockCipher::MODE_CBC);
|
||||
// in theory this can be changed
|
||||
$cipher->setKeyLength(128);
|
||||
break;
|
||||
case 'rc5-CBC-PAD':
|
||||
throw new UnsupportedAlgorithmException('rc5-CBC-PAD is not supported for PBES2 PKCS#8 keys');
|
||||
case 'aes128-CBC-PAD':
|
||||
case 'aes192-CBC-PAD':
|
||||
case 'aes256-CBC-PAD':
|
||||
$cipher = new AES(BlockCipher::MODE_CBC);
|
||||
$cipher->setKeyLength(substr($algo, 3, 3));
|
||||
break;
|
||||
default:
|
||||
throw new UnsupportedAlgorithmException("$algo is not supported");
|
||||
}
|
||||
|
||||
return $cipher;
|
||||
}
|
||||
|
||||
/**
|
||||
* Initialize static variables
|
||||
*
|
||||
* @access private
|
||||
*/
|
||||
private static function initialize_static_variables()
|
||||
{
|
||||
if (!static::$childOIDsLoaded) {
|
||||
ASN1::loadOIDs([static::OID_VALUE => static::OID_NAME]);
|
||||
static::$childOIDsLoaded = true;
|
||||
}
|
||||
if (!self::$oidsLoaded) {
|
||||
// from https://tools.ietf.org/html/rfc2898
|
||||
ASN1::loadOIDs([
|
||||
// PBES1 encryption schemes
|
||||
'1.2.840.113549.1.5.1' => 'pbeWithMD2AndDES-CBC',
|
||||
'1.2.840.113549.1.5.4' => 'pbeWithMD2AndRC2-CBC',
|
||||
'1.2.840.113549.1.5.3' => 'pbeWithMD5AndDES-CBC',
|
||||
'1.2.840.113549.1.5.6' => 'pbeWithMD5AndRC2-CBC',
|
||||
'1.2.840.113549.1.5.10'=> 'pbeWithSHA1AndDES-CBC',
|
||||
'1.2.840.113549.1.5.11'=> 'pbeWithSHA1AndRC2-CBC',
|
||||
|
||||
// from PKCS#12:
|
||||
// https://tools.ietf.org/html/rfc7292
|
||||
'1.2.840.113549.1.12.1.1' => 'pbeWithSHAAnd128BitRC4',
|
||||
'1.2.840.113549.1.12.1.2' => 'pbeWithSHAAnd40BitRC4',
|
||||
'1.2.840.113549.1.12.1.3' => 'pbeWithSHAAnd3-KeyTripleDES-CBC',
|
||||
'1.2.840.113549.1.12.1.4' => 'pbeWithSHAAnd2-KeyTripleDES-CBC',
|
||||
'1.2.840.113549.1.12.1.5' => 'pbeWithSHAAnd128BitRC2-CBC',
|
||||
'1.2.840.113549.1.12.1.6' => 'pbeWithSHAAnd40BitRC2-CBC',
|
||||
|
||||
'1.2.840.113549.1.5.12' => 'id-PBKDF2',
|
||||
'1.2.840.113549.1.5.13' => 'id-PBES2',
|
||||
'1.2.840.113549.1.5.14' => 'id-PBMAC1',
|
||||
|
||||
// from PKCS#5 v2.1:
|
||||
// http://www.rsa.com/rsalabs/pkcs/files/h11302-wp-pkcs5v2-1-password-based-cryptography-standard.pdf
|
||||
'1.2.840.113549.2.7' => 'id-hmacWithSHA1',
|
||||
'1.2.840.113549.2.8' => 'id-hmacWithSHA224',
|
||||
'1.2.840.113549.2.9' => 'id-hmacWithSHA256',
|
||||
'1.2.840.113549.2.10'=> 'id-hmacWithSHA384',
|
||||
'1.2.840.113549.2.11'=> 'id-hmacWithSHA512',
|
||||
'1.2.840.113549.2.12'=> 'id-hmacWithSHA512-224',
|
||||
'1.2.840.113549.2.13'=> 'id-hmacWithSHA512-256',
|
||||
|
||||
'1.3.14.3.2.7' => 'desCBC',
|
||||
'1.2.840.113549.3.7' => 'des-EDE3-CBC',
|
||||
'1.2.840.113549.3.2' => 'rc2CBC',
|
||||
'1.2.840.113549.3.9' => 'rc5-CBC-PAD',
|
||||
|
||||
'2.16.840.1.101.3.4.1.2' => 'aes128-CBC-PAD',
|
||||
'2.16.840.1.101.3.4.1.22'=> 'aes192-CBC-PAD',
|
||||
'2.16.840.1.101.3.4.1.42'=> 'aes256-CBC-PAD'
|
||||
]);
|
||||
self::$oidsLoaded = true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Break a public or private key down into its constituent components
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
*/
|
||||
protected static function load($key, $password = '')
|
||||
{
|
||||
self::initialize_static_variables();
|
||||
|
||||
if (!is_string($key)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (self::$format != self::MODE_DER) {
|
||||
$decoded = ASN1::extractBER($key);
|
||||
if ($decoded !== false) {
|
||||
$key = $decoded;
|
||||
} elseif (self::$format == self::MODE_PEM) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
$decoded = ASN1::decodeBER($key);
|
||||
if (empty($decoded)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$meta = [];
|
||||
|
||||
$decrypted = ASN1::asn1map($decoded[0], Maps\EncryptedPrivateKeyInfo::MAP);
|
||||
if (strlen($password) && is_array($decrypted)) {
|
||||
$algorithm = $decrypted['encryptionAlgorithm']['algorithm'];
|
||||
switch ($algorithm) {
|
||||
// PBES1
|
||||
case 'pbeWithMD2AndDES-CBC':
|
||||
case 'pbeWithMD2AndRC2-CBC':
|
||||
case 'pbeWithMD5AndDES-CBC':
|
||||
case 'pbeWithMD5AndRC2-CBC':
|
||||
case 'pbeWithSHA1AndDES-CBC':
|
||||
case 'pbeWithSHA1AndRC2-CBC':
|
||||
case 'pbeWithSHAAnd3-KeyTripleDES-CBC':
|
||||
case 'pbeWithSHAAnd2-KeyTripleDES-CBC':
|
||||
case 'pbeWithSHAAnd128BitRC2-CBC':
|
||||
case 'pbeWithSHAAnd40BitRC2-CBC':
|
||||
case 'pbeWithSHAAnd128BitRC4':
|
||||
case 'pbeWithSHAAnd40BitRC4':
|
||||
$cipher = self::getPBES1EncryptionObject($algorithm);
|
||||
$hash = self::getPBES1Hash($algorithm);
|
||||
$kdf = self::getPBES1KDF($algorithm);
|
||||
|
||||
$meta['meta']['algorithm'] = $algorithm;
|
||||
|
||||
$temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']);
|
||||
extract(ASN1::asn1map($temp[0], Maps\PBEParameter::MAP));
|
||||
$iterationCount = (int) $iterationCount->toString();
|
||||
$cipher->setPassword($password, $kdf, $hash, $salt, $iterationCount);
|
||||
$key = $cipher->decrypt($decrypted['encryptedData']);
|
||||
$decoded = ASN1::decodeBER($key);
|
||||
if (empty($decoded)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
break;
|
||||
case 'id-PBES2':
|
||||
$meta['meta']['algorithm'] = $algorithm;
|
||||
|
||||
$temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']);
|
||||
$temp = ASN1::asn1map($temp[0], Maps\PBES2params::MAP);
|
||||
extract($temp);
|
||||
|
||||
$cipher = self::getPBES2EncryptionObject($encryptionScheme['algorithm']);
|
||||
$meta['meta']['cipher'] = $encryptionScheme['algorithm'];
|
||||
|
||||
$temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']);
|
||||
$temp = ASN1::asn1map($temp[0], Maps\PBES2params::MAP);
|
||||
extract($temp);
|
||||
|
||||
if (!$cipher instanceof RC2) {
|
||||
$cipher->setIV($encryptionScheme['parameters']['octetString']);
|
||||
} else {
|
||||
$temp = ASN1::decodeBER($encryptionScheme['parameters']);
|
||||
extract(ASN1::asn1map($temp[0], Maps\RC2CBCParameter::MAP));
|
||||
$effectiveKeyLength = (int) $rc2ParametersVersion->toString();
|
||||
switch ($effectiveKeyLength) {
|
||||
case 160:
|
||||
$effectiveKeyLength = 40;
|
||||
break;
|
||||
case 120:
|
||||
$effectiveKeyLength = 64;
|
||||
break;
|
||||
case 58:
|
||||
$effectiveKeyLength = 128;
|
||||
break;
|
||||
//default: // should be >= 256
|
||||
}
|
||||
$cipher->setIV($iv);
|
||||
$cipher->setKeyLength($effectiveKeyLength);
|
||||
}
|
||||
|
||||
$meta['meta']['keyDerivationFunc'] = $keyDerivationFunc['algorithm'];
|
||||
switch ($keyDerivationFunc['algorithm']) {
|
||||
case 'id-PBKDF2':
|
||||
$temp = ASN1::decodeBER($keyDerivationFunc['parameters']);
|
||||
$prf = ['algorithm' => 'id-hmacWithSHA1'];
|
||||
$params = ASN1::asn1map($temp[0], Maps\PBKDF2params::MAP);
|
||||
extract($params);
|
||||
$meta['meta']['prf'] = $prf['algorithm'];
|
||||
$hash = str_replace('-', '/', substr($prf['algorithm'], 11));
|
||||
$params = [
|
||||
$password,
|
||||
'pbkdf2',
|
||||
$hash,
|
||||
$salt,
|
||||
(int) $iterationCount->toString()
|
||||
];
|
||||
if (isset($keyLength)) {
|
||||
$params[] = (int) $keyLength->toString();
|
||||
}
|
||||
call_user_func_array([$cipher, 'setPassword'], $params);
|
||||
$key = $cipher->decrypt($decrypted['encryptedData']);
|
||||
$decoded = ASN1::decodeBER($key);
|
||||
if (empty($decoded)) {
|
||||
return false;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
throw new UnsupportedAlgorithmException('Only PBKDF2 is supported for PBES2 PKCS#8 keys');
|
||||
}
|
||||
break;
|
||||
case 'id-PBMAC1':
|
||||
//$temp = ASN1::decodeBER($decrypted['encryptionAlgorithm']['parameters']);
|
||||
//$value = ASN1::asn1map($temp[0], Maps\PBMAC1params::MAP);
|
||||
// since i can't find any implementation that does PBMAC1 it is unsupported
|
||||
throw new UnsupportedAlgorithmException('Only PBES1 and PBES2 PKCS#8 keys are supported.');
|
||||
// at this point we'll assume that the key conforms to PublicKeyInfo
|
||||
}
|
||||
}
|
||||
|
||||
$private = ASN1::asn1map($decoded[0], Maps\PrivateKeyInfo::MAP);
|
||||
if (is_array($private)) {
|
||||
return $private['privateKeyAlgorithm']['algorithm'] == static::OID_NAME ?
|
||||
$private + $meta :
|
||||
false;
|
||||
}
|
||||
|
||||
// EncryptedPrivateKeyInfo and PublicKeyInfo have largely identical "signatures". the only difference
|
||||
// is that the former has an octet string and the later has a bit string. the first byte of a bit
|
||||
// string represents the number of bits in the last byte that are to be ignored but, currently,
|
||||
// bit strings wanting a non-zero amount of bits trimmed are not supported
|
||||
$public = ASN1::asn1map($decoded[0], Maps\PublicKeyInfo::MAP);
|
||||
if (is_array($public)) {
|
||||
if ($public['publicKey'][0] != "\0" || $public['publicKeyAlgorithm']['algorithm'] != static::OID_NAME) {
|
||||
return false;
|
||||
}
|
||||
$public['publicKey'] = substr($public['publicKey'], 1);
|
||||
return $public;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Wrap a private key appropriately
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $attr
|
||||
* @param mixed $params
|
||||
* @param string $password
|
||||
* @return string
|
||||
*/
|
||||
protected static function wrapPrivateKey($key, $attr, $params, $password)
|
||||
{
|
||||
self::initialize_static_variables();
|
||||
|
||||
$key = [
|
||||
'version' => 'v1',
|
||||
'privateKeyAlgorithm' => [
|
||||
'algorithm' => static::OID_NAME,
|
||||
'parameters' => $params
|
||||
],
|
||||
'privateKey' => $key
|
||||
];
|
||||
if (!empty($attr)) {
|
||||
$key['attributes'] = $attr;
|
||||
}
|
||||
$key = ASN1::encodeDER($key, Maps\PrivateKeyInfo::MAP);
|
||||
if (!empty($password) && is_string($password)) {
|
||||
$salt = Random::string(8);
|
||||
$iterationCount = self::$defaultIterationCount;
|
||||
|
||||
if (self::$defaultEncryptionAlgorithm == 'id-PBES2') {
|
||||
$crypto = self::getPBES2EncryptionObject(self::$defaultEncryptionScheme);
|
||||
$hash = str_replace('-', '/', substr(self::$defaultPRF, 11));
|
||||
$kdf = 'pbkdf2';
|
||||
$iv = Random::string($crypto->getBlockLength() >> 3);
|
||||
|
||||
$PBKDF2params = [
|
||||
'salt' => $salt,
|
||||
'iterationCount' => $iterationCount,
|
||||
'prf' => ['algorithm' => self::$defaultPRF, 'parameters' => null]
|
||||
];
|
||||
$PBKDF2params = ASN1::encodeDER($PBKDF2params, Maps\PBKDF2params::MAP);
|
||||
|
||||
if (!$crypto instanceof RC2) {
|
||||
$params = ['octetString' => $iv];
|
||||
} else {
|
||||
$params = [
|
||||
'rc2ParametersVersion' => 58,
|
||||
'iv' => $iv
|
||||
];
|
||||
$params = ASN1::encodeDER($params, Maps\RC2CBCParameter::MAP);
|
||||
$params = new ASN1\Element($params);
|
||||
}
|
||||
|
||||
$params = [
|
||||
'keyDerivationFunc' => [
|
||||
'algorithm' => 'id-PBKDF2',
|
||||
'parameters' => new ASN1\Element($PBKDF2params)
|
||||
],
|
||||
'encryptionScheme' => [
|
||||
'algorithm' => self::$defaultEncryptionScheme,
|
||||
'parameters' => $params
|
||||
]
|
||||
];
|
||||
$params = ASN1::encodeDER($params, Maps\PBES2params::MAP);
|
||||
|
||||
$crypto->setIV($iv);
|
||||
} else {
|
||||
$crypto = self::getPBES1EncryptionObject(self::$defaultEncryptionAlgorithm);
|
||||
$hash = self::getPBES1Hash(self::$defaultEncryptionAlgorithm);
|
||||
$kdf = self::getPBES1KDF(self::$defaultEncryptionAlgorithm);
|
||||
|
||||
$params = [
|
||||
'salt' => $salt,
|
||||
'iterationCount' => $iterationCount
|
||||
];
|
||||
$params = ASN1::encodeDER($params, Maps\PBEParameter::MAP);
|
||||
}
|
||||
$crypto->setPassword($password, $kdf, $hash, $salt, $iterationCount);
|
||||
$key = $crypto->encrypt($key);
|
||||
|
||||
$key = [
|
||||
'encryptionAlgorithm' => [
|
||||
'algorithm' => self::$defaultEncryptionAlgorithm,
|
||||
'parameters' => new ASN1\Element($params)
|
||||
],
|
||||
'encryptedData' => $key
|
||||
];
|
||||
|
||||
$key = ASN1::encodeDER($key, Maps\EncryptedPrivateKeyInfo::MAP);
|
||||
|
||||
return "-----BEGIN ENCRYPTED PRIVATE KEY-----\r\n" .
|
||||
chunk_split(Base64::encode($key), 64) .
|
||||
"-----END ENCRYPTED PRIVATE KEY-----";
|
||||
}
|
||||
|
||||
return "-----BEGIN PRIVATE KEY-----\r\n" .
|
||||
chunk_split(Base64::encode($key), 64) .
|
||||
"-----END PRIVATE KEY-----";
|
||||
}
|
||||
|
||||
/**
|
||||
* Wrap a public key appropriately
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param mixed $params
|
||||
* @return string
|
||||
*/
|
||||
protected static function wrapPublicKey($key, $params)
|
||||
{
|
||||
self::initialize_static_variables();
|
||||
|
||||
$key = [
|
||||
'publicKeyAlgorithm' => [
|
||||
'algorithm' => static::OID_NAME,
|
||||
'parameters' => $params
|
||||
],
|
||||
'publicKey' => "\0" . $key
|
||||
];
|
||||
|
||||
$key = ASN1::encodeDER($key, Maps\PublicKeyInfo::MAP);
|
||||
|
||||
return "-----BEGIN PUBLIC KEY-----\r\n" .
|
||||
chunk_split(Base64::encode($key), 64) .
|
||||
"-----END PUBLIC KEY-----";
|
||||
}
|
||||
}
|
230
phpseclib/Crypt/Common/Keys/PuTTY.php
Normal file
230
phpseclib/Crypt/Common/Keys/PuTTY.php
Normal file
@ -0,0 +1,230 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* PuTTY Formatted Key Handler
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category Crypt
|
||||
* @package Common
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2016 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\Common\Keys;
|
||||
|
||||
use ParagonIE\ConstantTime\Base64;
|
||||
use ParagonIE\ConstantTime\Hex;
|
||||
use phpseclib\Crypt\AES;
|
||||
use phpseclib\Crypt\Hash;
|
||||
use phpseclib\Crypt\Random;
|
||||
use phpseclib\Common\Functions\Strings;
|
||||
|
||||
/**
|
||||
* PuTTY Formatted Key Handler
|
||||
*
|
||||
* @package Common
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class PuTTY
|
||||
{
|
||||
/**
|
||||
* Default comment
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
private static $comment = 'phpseclib-generated-key';
|
||||
|
||||
/**
|
||||
* Sets the default comment
|
||||
*
|
||||
* @access public
|
||||
* @param string $comment
|
||||
*/
|
||||
public static function setComment($comment)
|
||||
{
|
||||
self::$comment = str_replace(["\r", "\n"], '', $comment);
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate a symmetric key for PuTTY keys
|
||||
*
|
||||
* @access public
|
||||
* @param string $password
|
||||
* @param int $length
|
||||
* @return string
|
||||
*/
|
||||
private static function generateSymmetricKey($password, $length)
|
||||
{
|
||||
$symkey = '';
|
||||
$sequence = 0;
|
||||
while (strlen($symkey) < $length) {
|
||||
$temp = pack('Na*', $sequence++, $password);
|
||||
$symkey.= Hex::decode(sha1($temp));
|
||||
}
|
||||
return substr($symkey, 0, $length);
|
||||
}
|
||||
|
||||
/**
|
||||
* Break a public or private key down into its constituent components
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $publicHandler
|
||||
* @param string $type
|
||||
* @param string $password
|
||||
* @return array
|
||||
*/
|
||||
protected static function load($key, $password)
|
||||
{
|
||||
if (!is_string($key)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (strpos($key, 'BEGIN SSH2 PUBLIC KEY')) {
|
||||
$data = preg_split('#[\r\n]+#', $key);
|
||||
$data = array_splice($data, 2, -1);
|
||||
$data = implode('', $data);
|
||||
|
||||
$components = call_user_func([static::PUBLIC_HANDLER, 'load'], $data);
|
||||
if ($components === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!preg_match('#Comment: "(.+)"#', $key, $matches)) {
|
||||
return false;
|
||||
}
|
||||
$components['comment'] = str_replace(['\\\\', '\"'], ['\\', '"'], $matches[1]);
|
||||
|
||||
return $components;
|
||||
}
|
||||
|
||||
$components = [];
|
||||
|
||||
$key = preg_split('#\r\n|\r|\n#', trim($key));
|
||||
$type = trim(preg_replace('#PuTTY-User-Key-File-2: (.+)#', '$1', $key[0]));
|
||||
if ($type != static::TYPE) {
|
||||
return false;
|
||||
}
|
||||
$encryption = trim(preg_replace('#Encryption: (.+)#', '$1', $key[1]));
|
||||
$components['comment'] = trim(preg_replace('#Comment: (.+)#', '$1', $key[2]));
|
||||
|
||||
$publicLength = trim(preg_replace('#Public-Lines: (\d+)#', '$1', $key[3]));
|
||||
$public = Base64::decode(implode('', array_map('trim', array_slice($key, 4, $publicLength))));
|
||||
|
||||
$source = Strings::packSSH2('ssss', static::TYPE, $encryption, $components['comment'], $public);
|
||||
|
||||
extract(unpack('Nlength', Strings::shift($public, 4)));
|
||||
if (Strings::shift($public, $length) != static::TYPE) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$components['public'] = $public;
|
||||
|
||||
$privateLength = trim(preg_replace('#Private-Lines: (\d+)#', '$1', $key[$publicLength + 4]));
|
||||
$private = Base64::decode(implode('', array_map('trim', array_slice($key, $publicLength + 5, $privateLength))));
|
||||
|
||||
switch ($encryption) {
|
||||
case 'aes256-cbc':
|
||||
$symkey = self::generateSymmetricKey($password, 32);
|
||||
$crypto = new AES(AES::MODE_CBC);
|
||||
}
|
||||
|
||||
$hashkey = 'putty-private-key-file-mac-key';
|
||||
|
||||
if ($encryption != 'none') {
|
||||
$hashkey.= $password;
|
||||
$crypto->setKey($symkey);
|
||||
$crypto->setIV(str_repeat("\0", $crypto->getBlockLength() >> 3));
|
||||
$crypto->disablePadding();
|
||||
$private = $crypto->decrypt($private);
|
||||
}
|
||||
|
||||
$source.= Strings::packSSH2('s', $private);
|
||||
|
||||
$hash = new Hash('sha1');
|
||||
$hash->setKey(sha1($hashkey, true));
|
||||
$hmac = trim(preg_replace('#Private-MAC: (.+)#', '$1', $key[$publicLength + $privateLength + 5]));
|
||||
$hmac = Hex::decode($hmac);
|
||||
|
||||
if (!Strings::equals($hash->hash($source), $hmac)) {
|
||||
throw new \UnexpectedValueException('MAC validation error');
|
||||
}
|
||||
|
||||
$components['private'] = $private;
|
||||
|
||||
return $components;
|
||||
}
|
||||
|
||||
/**
|
||||
* Wrap a private key appropriately
|
||||
*
|
||||
* @access private
|
||||
* @param string $public
|
||||
* @param string $private
|
||||
* @param string $password
|
||||
* @return string
|
||||
*/
|
||||
protected static function wrapPrivateKey($public, $private, $password)
|
||||
{
|
||||
$key = "PuTTY-User-Key-File-2: " . static::TYPE . "\r\nEncryption: ";
|
||||
$encryption = (!empty($password) || is_string($password)) ? 'aes256-cbc' : 'none';
|
||||
$key.= $encryption;
|
||||
$key.= "\r\nComment: " . self::$comment . "\r\n";
|
||||
|
||||
$public = Strings::packSSH2('s', static::TYPE) . $public;
|
||||
|
||||
$source = Strings::packSSH2('ssss', static::TYPE, $encryption, self::$comment, $public);
|
||||
|
||||
$public = Base64::encode($public);
|
||||
$key.= "Public-Lines: " . ((strlen($public) + 63) >> 6) . "\r\n";
|
||||
$key.= chunk_split($public, 64);
|
||||
|
||||
if (empty($password) && !is_string($password)) {
|
||||
$source.= Strings::packSSH2('s', $private);
|
||||
$hashkey = 'putty-private-key-file-mac-key';
|
||||
} else {
|
||||
$private.= Random::string(16 - (strlen($private) & 15));
|
||||
$source.= Strings::packSSH2('s', $private);
|
||||
$crypto = new AES(AES::MODE_CBC);
|
||||
|
||||
$crypto->setKey(self::generateSymmetricKey($password, 32));
|
||||
$crypto->setIV(str_repeat("\0", $crypto->getBlockLength() >> 3));
|
||||
$crypto->disablePadding();
|
||||
$private = $crypto->encrypt($private);
|
||||
$hashkey = 'putty-private-key-file-mac-key' . $password;
|
||||
}
|
||||
|
||||
$private = Base64::encode($private);
|
||||
$key.= 'Private-Lines: ' . ((strlen($private) + 63) >> 6) . "\r\n";
|
||||
$key.= chunk_split($private, 64);
|
||||
$hash = new Hash('sha1');
|
||||
$hash->setKey(sha1($hashkey, true));
|
||||
$key.= 'Private-MAC: ' . Hex::encode($hash->hash($source)) . "\r\n";
|
||||
|
||||
return $key;
|
||||
}
|
||||
|
||||
/**
|
||||
* Wrap a public key appropriately
|
||||
*
|
||||
* This is basically the format described in RFC 4716 (https://tools.ietf.org/html/rfc4716)
|
||||
*
|
||||
* @access private
|
||||
* @param string $key
|
||||
* @return string
|
||||
*/
|
||||
protected static function wrapPublicKey($key)
|
||||
{
|
||||
$key = pack('Na*a*', strlen(static::TYPE), static::TYPE, $key);
|
||||
$key = "---- BEGIN SSH2 PUBLIC KEY ----\r\n" .
|
||||
'Comment: "' . str_replace(['\\', '"'], ['\\\\', '\"'], self::$comment) . "\"\r\n" .
|
||||
chunk_split(Base64::encode($key), 64) .
|
||||
'---- END SSH2 PUBLIC KEY ----';
|
||||
return $key;
|
||||
}
|
||||
}
|
67
phpseclib/Crypt/Common/Signature/Raw.php
Normal file
67
phpseclib/Crypt/Common/Signature/Raw.php
Normal file
@ -0,0 +1,67 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Raw Signature Handler
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* Handles signatures as arrays
|
||||
*
|
||||
* @category Crypt
|
||||
* @package Common
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2016 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\Common\Signature;
|
||||
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Common\Functions\Strings;
|
||||
|
||||
/**
|
||||
* Raw Signature Handler
|
||||
*
|
||||
* @package Common
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class Raw
|
||||
{
|
||||
/**
|
||||
* Loads a signature
|
||||
*
|
||||
* @access public
|
||||
* @param array $key
|
||||
* @return array
|
||||
*/
|
||||
public static function load($sig)
|
||||
{
|
||||
switch (true) {
|
||||
case !is_array($sig):
|
||||
case !isset($sig['r']) || !isset($sig['s']):
|
||||
case !$sig['r'] instanceof BigInteger:
|
||||
case !$sig['s'] instanceof BigInteger:
|
||||
return false;
|
||||
}
|
||||
|
||||
return [
|
||||
'r' => $key['r'],
|
||||
's' => $key['s']
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a signature in the appropriate format
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $r
|
||||
* @param \phpseclib\Math\BigInteger $s
|
||||
* @return string
|
||||
*/
|
||||
public static function save(BigInteger $r, BigInteger $s)
|
||||
{
|
||||
return compact('r', 's');
|
||||
}
|
||||
}
|
500
phpseclib/Crypt/DSA.php
Normal file
500
phpseclib/Crypt/DSA.php
Normal file
@ -0,0 +1,500 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Pure-PHP FIPS 186-4 compliant implementation of DSA.
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* Here's an example of how to create signatures and verify signatures with this library:
|
||||
* <code>
|
||||
* <?php
|
||||
* include 'vendor/autoload.php';
|
||||
*
|
||||
* extract(\phpseclib\Crypt\DSA::createKey());
|
||||
*
|
||||
* $plaintext = 'terrafrost';
|
||||
*
|
||||
* $signature = $privatekey->sign($plaintext, 'ASN1');
|
||||
*
|
||||
* echo $publickey->verify($plaintext, $signature) ? 'verified' : 'unverified';
|
||||
* ?>
|
||||
* </code>
|
||||
*
|
||||
* @category Crypt
|
||||
* @package DSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2016 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt;
|
||||
|
||||
use ParagonIE\ConstantTime\Base64;
|
||||
use phpseclib\File\ASN1;
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Crypt\Common\AsymmetricKey;
|
||||
use phpseclib\Common\Functions\Strings;
|
||||
|
||||
/**
|
||||
* Pure-PHP FIPS 186-4 compliant implementation of DSA.
|
||||
*
|
||||
* @package DSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
class DSA extends AsymmetricKey
|
||||
{
|
||||
/**
|
||||
* Algorithm Name
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
const ALGORITHM = 'DSA';
|
||||
|
||||
/**
|
||||
* DSA Prime P
|
||||
*
|
||||
* @var \phpseclib\Math\BigInteger
|
||||
* @access private
|
||||
*/
|
||||
private $p;
|
||||
|
||||
/**
|
||||
* DSA Group Order q
|
||||
*
|
||||
* Prime divisor of p-1
|
||||
*
|
||||
* @var \phpseclib\Math\BigInteger
|
||||
* @access private
|
||||
*/
|
||||
protected $q;
|
||||
|
||||
/**
|
||||
* DSA Group Generator G
|
||||
*
|
||||
* @var \phpseclib\Math\BigInteger
|
||||
* @access private
|
||||
*/
|
||||
private $g;
|
||||
|
||||
/**
|
||||
* DSA secret exponent x
|
||||
*
|
||||
* @var \phpseclib\Math\BigInteger
|
||||
* @access private
|
||||
*/
|
||||
protected $x;
|
||||
|
||||
/**
|
||||
* DSA public key value y
|
||||
*
|
||||
* @var \phpseclib\Math\BigInteger
|
||||
* @access private
|
||||
*/
|
||||
private $y;
|
||||
|
||||
/**
|
||||
* Parameters Format
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
private $parametersFormat = 'PKCS1';
|
||||
|
||||
/**
|
||||
* Create DSA parameters
|
||||
*
|
||||
* @access public
|
||||
* @param int $L
|
||||
* @param int $N
|
||||
* @return \phpseclib\Crypt\DSA
|
||||
*/
|
||||
static function createParameters($L = 2048, $N = 224)
|
||||
{
|
||||
self::initialize_static_variables();
|
||||
|
||||
switch (true) {
|
||||
case $N == 160:
|
||||
/*
|
||||
in FIPS 186-1 and 186-2 N was fixed at 160 whereas K had an upper bound of 1024.
|
||||
RFC 4253 (SSH Transport Layer Protocol) references FIPS 186-2 and as such most
|
||||
SSH DSA implementations only support keys with an N of 160.
|
||||
puttygen let's you set the size of L (but not the size of N) and uses 2048 as the
|
||||
default L value. that's not really compliant with any of the FIPS standards, however,
|
||||
for the purposes of maintaining compatibility with puttygen, we'll support it
|
||||
*/
|
||||
//case ($L >= 512 || $L <= 1024) && (($L & 0x3F) == 0) && $N == 160:
|
||||
// FIPS 186-3 changed this as follows:
|
||||
//case $L == 1024 && $N == 160:
|
||||
case $L == 2048 && $N == 224:
|
||||
case $L == 2048 && $N == 256:
|
||||
case $L == 3072 && $N == 256:
|
||||
break;
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
|
||||
$two = new BigInteger(2);
|
||||
|
||||
$q = BigInteger::randomPrime($N);
|
||||
$divisor = $q->multiply($two);
|
||||
|
||||
do {
|
||||
$x = BigInteger::random($L);
|
||||
list(, $c) = $x->divide($divisor);
|
||||
$p = $x->subtract($c->subtract(self::$one));
|
||||
} while ($p->getLength() != $L || !$p->isPrime());
|
||||
|
||||
$p_1 = $p->subtract(self::$one);
|
||||
list($e) = $p_1->divide($q);
|
||||
|
||||
// quoting http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf#page=50 ,
|
||||
// "h could be obtained from a random number generator or from a counter that
|
||||
// changes after each use". PuTTY (sshdssg.c) starts h off at 1 and increments
|
||||
// it on each loop. wikipedia says "commonly h = 2 is used" so we'll just do that
|
||||
$h = clone $two;
|
||||
while (true) {
|
||||
$g = $h->powMod($e, $p);
|
||||
if (!$g->equals(self::$one)) {
|
||||
break;
|
||||
}
|
||||
$h = $h->add(self::$one);
|
||||
}
|
||||
|
||||
$dsa = new DSA();
|
||||
$dsa->p = $p;
|
||||
$dsa->q = $q;
|
||||
$dsa->g = $g;
|
||||
|
||||
return $dsa;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create public / private key pair.
|
||||
*
|
||||
* This method is a bit polymorphic. It can take a DSA object (eg. pre-loaded with parameters),
|
||||
* L / N as two distinct parameters or no parameters (at which point L and N will be generated
|
||||
* with this method)
|
||||
*
|
||||
* Returns an array with the following two elements:
|
||||
* - 'privatekey': The private key.
|
||||
* - 'publickey': The public key.
|
||||
*
|
||||
* @access public
|
||||
* @return \phpseclib\Crypt\DSA
|
||||
*/
|
||||
static function createKey()
|
||||
{
|
||||
self::initialize_static_variables();
|
||||
|
||||
$args = func_get_args();
|
||||
if (count($args) == 2 && is_int($args[0]) && is_int($args[1])) {
|
||||
$private = self::createParameters($args[0], $args[1]);
|
||||
} else if (count($args) == 1 && $args[0] instanceof DSA) {
|
||||
$private = clone $args[0];
|
||||
} else if (!count($args)) {
|
||||
$private = self::createParameters();
|
||||
} else {
|
||||
throw new \InvalidArgumentException('Valid parameters are either two integers (L and N), a single DSA object or no parameters at all.');
|
||||
}
|
||||
|
||||
$private->x = BigInteger::randomRange(self::$one, $private->q->subtract(self::$one));
|
||||
$private->y = $private->g->powMod($private->x, $private->p);
|
||||
|
||||
$public = clone $private;
|
||||
unset($public->x);
|
||||
|
||||
return ['privatekey' => $private, 'publickey' => $public];
|
||||
}
|
||||
|
||||
/**
|
||||
* Loads a public or private key
|
||||
*
|
||||
* Returns true on success and false on failure (ie. an incorrect password was provided or the key was malformed)
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param int $type optional
|
||||
*/
|
||||
public function load($key, $type = false)
|
||||
{
|
||||
if ($key instanceof DSA) {
|
||||
$this->privateKeyFormat = $key->privateKeyFormat;
|
||||
$this->publicKeyFormat = $key->publicKeyFormat;
|
||||
$this->format = $key->format;
|
||||
$this->p = $key->p;
|
||||
$this->q = $key->q;
|
||||
$this->g = $key->g;
|
||||
$this->x = $key->x;
|
||||
$this->y = $key->y;
|
||||
$this->parametersFormat = $key->parametersFormat;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
$components = parent::load($key, $type);
|
||||
if ($components === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($components['p'])) {
|
||||
switch (true) {
|
||||
case isset($this->p) && !$this->p->equals($components['p']):
|
||||
case isset($this->q) && !$this->q->equals($components['q']):
|
||||
case isset($this->g) && !$this->g->equals($components['g']):
|
||||
$this->x = $this->y = null;
|
||||
}
|
||||
|
||||
$this->p = $components['p'];
|
||||
$this->q = $components['q'];
|
||||
$this->g = $components['g'];
|
||||
}
|
||||
|
||||
if (isset($components['x'])) {
|
||||
$this->x = $components['x'];
|
||||
}
|
||||
|
||||
if (isset($components['y'])) {
|
||||
$this->y = $components['y'];
|
||||
}
|
||||
//} else if (isset($components['x'])) {
|
||||
// $this->y = $this->g->powMod($this->x, $this->p);
|
||||
//}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the key size
|
||||
*
|
||||
* More specifically, this L (the length of DSA Prime P) and N (the length of DSA Group Order q)
|
||||
*
|
||||
* @access public
|
||||
* @return array
|
||||
*/
|
||||
public function getLength()
|
||||
{
|
||||
return isset($this->p) ?
|
||||
['L' => $this->p->getLength(), 'N' => $this->q->getLength()] :
|
||||
['L' => 0, 'N' => 0];
|
||||
}
|
||||
|
||||
/**
|
||||
* __toString() magic method
|
||||
*
|
||||
* @access public
|
||||
* @return string
|
||||
*/
|
||||
public function __toString()
|
||||
{
|
||||
$key = parent::__toString();
|
||||
if (!empty($key)) {
|
||||
return $key;
|
||||
}
|
||||
|
||||
try {
|
||||
$key = $this->getParameters($this->parametersFormat);
|
||||
return is_string($key) ? $key : '';
|
||||
} catch (\Exception $e) {
|
||||
return '';
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the private key
|
||||
*
|
||||
* PKCS1 DSA private keys contain x and y. PKCS8 DSA private keys just contain x
|
||||
* but y can be derived from x.
|
||||
*
|
||||
* @see self::getPublicKey()
|
||||
* @access public
|
||||
* @param string $type optional
|
||||
* @return mixed
|
||||
*/
|
||||
public function getPrivateKey($type = 'PKCS8')
|
||||
{
|
||||
$type = self::validatePlugin('Keys', $type, 'savePrivateKey');
|
||||
if ($type === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!isset($this->x)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!isset($this->y)) {
|
||||
$this->y = $this->g->powMod($this->x, $this->p);
|
||||
}
|
||||
|
||||
return $type::savePrivateKey($this->p, $this->q, $this->g, $this->y, $this->x, $this->password);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the public key
|
||||
*
|
||||
* If you do "openssl rsa -in private.rsa -pubout -outform PEM" you get a PKCS8 formatted key
|
||||
* that contains a publicKeyAlgorithm AlgorithmIdentifier and a publicKey BIT STRING.
|
||||
* An AlgorithmIdentifier contains an OID and a parameters field. With RSA public keys this
|
||||
* parameters field is NULL. With DSA PKCS8 public keys it is not - it contains the p, q and g
|
||||
* variables. The publicKey BIT STRING contains, simply, the y variable. This can be verified
|
||||
* by getting a DSA PKCS8 public key:
|
||||
*
|
||||
* "openssl dsa -in private.dsa -pubout -outform PEM"
|
||||
*
|
||||
* ie. just swap out rsa with dsa in the rsa command above.
|
||||
*
|
||||
* A PKCS1 public key corresponds to the publicKey portion of the PKCS8 key. In the case of RSA
|
||||
* the publicKey portion /is/ the key. In the case of DSA it is not. You cannot verify a signature
|
||||
* without the parameters and the PKCS1 DSA public key format does not include the parameters.
|
||||
*
|
||||
* @see self::getPrivateKey()
|
||||
* @access public
|
||||
* @param string $type optional
|
||||
* @return mixed
|
||||
*/
|
||||
public function getPublicKey($type = 'PKCS8')
|
||||
{
|
||||
$type = self::validatePlugin('Keys', $type, 'savePublicKey');
|
||||
if ($type === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!isset($this->y)) {
|
||||
if (!isset($this->x) || !isset($this->p)) {
|
||||
return false;
|
||||
}
|
||||
$this->y = $this->g->powMod($this->x, $this->p);
|
||||
}
|
||||
|
||||
return $type::savePublicKey($this->p, $this->q, $this->g, $this->y);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the parameters
|
||||
*
|
||||
* A public / private key is only returned if the currently loaded "key" contains an x or y
|
||||
* value.
|
||||
*
|
||||
* @see self::getPublicKey()
|
||||
* @see self::getPrivateKey()
|
||||
* @access public
|
||||
* @param string $type optional
|
||||
* @return mixed
|
||||
*/
|
||||
public function getParameters($type = 'PKCS1')
|
||||
{
|
||||
$type = self::validatePlugin('Keys', $type, 'saveParameters');
|
||||
if ($type === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!isset($this->p) || !isset($this->q) || !isset($this->g)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $type::saveParameters($this->p, $this->q, $this->g);
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a signature
|
||||
*
|
||||
* @see self::verify()
|
||||
* @access public
|
||||
* @param string $message
|
||||
* @param string $format optional
|
||||
* @return mixed
|
||||
*/
|
||||
function sign($message, $format = 'Raw')
|
||||
{
|
||||
$format = self::validatePlugin('Signature', $format);
|
||||
if ($format === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (empty($this->x) || empty($this->p)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
while (true) {
|
||||
$k = BigInteger::randomRange(self::$one, $this->q->subtract(self::$one));
|
||||
$r = $this->g->powMod($k, $this->p);
|
||||
list(, $r) = $r->divide($this->q);
|
||||
if ($r->equals(self::$zero)) {
|
||||
continue;
|
||||
}
|
||||
$kinv = $k->modInverse($this->q);
|
||||
$h = $this->hash->hash($message);
|
||||
$h = $this->bits2int($h);
|
||||
$temp = $h->add($this->x->multiply($r));
|
||||
$temp = $kinv->multiply($temp);
|
||||
list(, $s) = $temp->divide($this->q);
|
||||
if (!$s->equals(self::$zero)) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// the following is an RFC6979 compliant implementation of deterministic DSA
|
||||
// it's unused because it's mainly intended for use when a good CSPRNG isn't
|
||||
// available. if phpseclib's CSPRNG isn't good then even key generation is
|
||||
// suspect
|
||||
/*
|
||||
$h1 = $this->hash->hash($message);
|
||||
$k = $this->computek($h1);
|
||||
$r = $this->g->powMod($k, $this->p);
|
||||
list(, $r) = $r->divide($this->q);
|
||||
$kinv = $k->modInverse($this->q);
|
||||
$h1 = $this->bits2int($h1);
|
||||
$temp = $h1->add($this->x->multiply($r));
|
||||
$temp = $kinv->multiply($temp);
|
||||
list(, $s) = $temp->divide($this->q);
|
||||
*/
|
||||
|
||||
return $format::save($r, $s);
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify a signature
|
||||
*
|
||||
* @see self::verify()
|
||||
* @access public
|
||||
* @param string $message
|
||||
* @param string $format optional
|
||||
* @return mixed
|
||||
*/
|
||||
function verify($message, $signature, $format = 'Raw')
|
||||
{
|
||||
$format = self::validatePlugin('Signature', $format);
|
||||
if ($format === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$params = $format::load($signature);
|
||||
if ($params === false || count($params) != 2) {
|
||||
return false;
|
||||
}
|
||||
extract($params);
|
||||
|
||||
if (empty($this->y) || empty($this->p)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$q_1 = $this->q->subtract(self::$one);
|
||||
if (!$r->between(self::$one, $q_1) || !$s->between(self::$one, $q_1)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$w = $s->modInverse($this->q);
|
||||
$h = $this->hash->hash($message);
|
||||
$h = $this->bits2int($h);
|
||||
list(, $u1) = $h->multiply($w)->divide($this->q);
|
||||
list(, $u2) = $r->multiply($w)->divide($this->q);
|
||||
$v1 = $this->g->powMod($u1, $this->p);
|
||||
$v2 = $this->y->powMod($u2, $this->p);
|
||||
list(, $v) = $v1->multiply($v2)->divide($this->p);
|
||||
list(, $v) = $v->divide($this->q);
|
||||
|
||||
return Strings::equals($v->toBytes(), $r->toBytes());
|
||||
}
|
||||
}
|
92
phpseclib/Crypt/DSA/Keys/OpenSSH.php
Normal file
92
phpseclib/Crypt/DSA/Keys/OpenSSH.php
Normal file
@ -0,0 +1,92 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* OpenSSH Formatted DSA Key Handler
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* Place in $HOME/.ssh/authorized_keys
|
||||
*
|
||||
* @category Crypt
|
||||
* @package DSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2015 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\DSA\Keys;
|
||||
|
||||
use ParagonIE\ConstantTime\Base64;
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Common\Functions\Strings;
|
||||
use phpseclib\Crypt\Common\Keys\OpenSSH as Progenitor;
|
||||
|
||||
/**
|
||||
* OpenSSH Formatted DSA Key Handler
|
||||
*
|
||||
* @package DSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class OpenSSH extends Progenitor
|
||||
{
|
||||
/**
|
||||
* Break a public or private key down into its constituent components
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
$key = parent::load($key, 'ssh-dss');
|
||||
if ($key === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$result = Strings::unpackSSH2('iiii', $key);
|
||||
if ($result === false) {
|
||||
return false;
|
||||
}
|
||||
list($p, $q, $g, $y) = $result;
|
||||
|
||||
$comment = parent::getComment($key);
|
||||
|
||||
return compact('p', 'q', 'g', 'y', 'comment');
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a public key to the appropriate format
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $p
|
||||
* @param \phpseclib\Math\BigInteger $q
|
||||
* @param \phpseclib\Math\BigInteger $g
|
||||
* @param \phpseclib\Math\BigInteger $y
|
||||
* @return string
|
||||
*/
|
||||
public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y)
|
||||
{
|
||||
if ($q->getLength() != 160) {
|
||||
throw new \InvalidArgumentException('SSH only supports keys with an N (length of Group Order q) of 160');
|
||||
}
|
||||
|
||||
// from <http://tools.ietf.org/html/rfc4253#page-15>:
|
||||
// string "ssh-dss"
|
||||
// mpint p
|
||||
// mpint q
|
||||
// mpint g
|
||||
// mpint y
|
||||
$DSAPublicKey = Strings::packSSH2('siiii', 'ssh-dss', $p, $q, $g, $y);
|
||||
|
||||
if (self::$binary) {
|
||||
return $DSAPublicKey;
|
||||
}
|
||||
|
||||
$DSAPublicKey = 'ssh-dss ' . Base64::encode($DSAPublicKey) . ' ' . self::$comment;
|
||||
|
||||
return $DSAPublicKey;
|
||||
}
|
||||
}
|
149
phpseclib/Crypt/DSA/Keys/PKCS1.php
Normal file
149
phpseclib/Crypt/DSA/Keys/PKCS1.php
Normal file
@ -0,0 +1,149 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* PKCS#1 Formatted DSA Key Handler
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* Used by File/X509.php
|
||||
*
|
||||
* Processes keys with the following headers:
|
||||
*
|
||||
* -----BEGIN DSA PRIVATE KEY-----
|
||||
* -----BEGIN DSA PUBLIC KEY-----
|
||||
* -----BEGIN DSA PARAMETERS-----
|
||||
*
|
||||
* Analogous to ssh-keygen's pem format (as specified by -m)
|
||||
*
|
||||
* @category Crypt
|
||||
* @package DSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2015 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\DSA\Keys;
|
||||
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Crypt\Common\Keys\PKCS1 as Progenitor;
|
||||
use phpseclib\File\ASN1;
|
||||
use phpseclib\File\ASN1\Maps;
|
||||
use ParagonIE\ConstantTime\Base64;
|
||||
|
||||
/**
|
||||
* PKCS#1 Formatted RSA Key Handler
|
||||
*
|
||||
* @package RSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class PKCS1 extends Progenitor
|
||||
{
|
||||
/**
|
||||
* Break a public or private key down into its constituent components
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
if (!is_string($key)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$key = parent::load($key, $password);
|
||||
if ($key === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$decoded = ASN1::decodeBER($key);
|
||||
if (empty($decoded)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$key = ASN1::asn1map($decoded[0], Maps\DSAParams::MAP);
|
||||
if (is_array($key)) {
|
||||
return $key;
|
||||
}
|
||||
|
||||
$key = ASN1::asn1map($decoded[0], Maps\DSAPrivateKey::MAP);
|
||||
if (is_array($key)) {
|
||||
return $key;
|
||||
}
|
||||
|
||||
$key = ASN1::asn1map($decoded[0], Maps\DSAPublicKey::MAP);
|
||||
return is_array($key) ? $key : false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert DSA parameters to the appropriate format
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $p
|
||||
* @param \phpseclib\Math\BigInteger $q
|
||||
* @param \phpseclib\Math\BigInteger $g
|
||||
* @return string
|
||||
*/
|
||||
public static function saveParameters(BigInteger $p, BigInteger $q, BigInteger $g)
|
||||
{
|
||||
$key = [
|
||||
'p' => $p,
|
||||
'q' => $q,
|
||||
'g' => $g
|
||||
];
|
||||
|
||||
$key = ASN1::encodeDER($key, Maps\DSAParams::MAP);
|
||||
|
||||
return "-----BEGIN DSA PARAMETERS-----\r\n" .
|
||||
chunk_split(Base64::encode($key), 64) .
|
||||
"-----END DSA PARAMETERS-----\r\n";
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a private key to the appropriate format.
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $p
|
||||
* @param \phpseclib\Math\BigInteger $q
|
||||
* @param \phpseclib\Math\BigInteger $g
|
||||
* @param \phpseclib\Math\BigInteger $x
|
||||
* @param \phpseclib\Math\BigInteger $y
|
||||
* @param string $password optional
|
||||
* @return string
|
||||
*/
|
||||
public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, $password = '')
|
||||
{
|
||||
$key = [
|
||||
'version' => 0,
|
||||
'p' => $p,
|
||||
'q' => $q,
|
||||
'g' => $g,
|
||||
'y' => $y,
|
||||
'x' => $x
|
||||
];
|
||||
|
||||
$key = ASN1::encodeDER($key, Maps\DSAPrivateKey::MAP);
|
||||
|
||||
return self::wrapPrivateKey($key, 'DSA', $password);
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a public key to the appropriate format
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $p
|
||||
* @param \phpseclib\Math\BigInteger $q
|
||||
* @param \phpseclib\Math\BigInteger $g
|
||||
* @param \phpseclib\Math\BigInteger $y
|
||||
* @return string
|
||||
*/
|
||||
public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y)
|
||||
{
|
||||
$key = ASN1::encodeDER($y, Maps\DSAPublicKey::MAP);
|
||||
|
||||
return self::wrapPublicKey($key, 'DSA');
|
||||
}
|
||||
}
|
169
phpseclib/Crypt/DSA/Keys/PKCS8.php
Normal file
169
phpseclib/Crypt/DSA/Keys/PKCS8.php
Normal file
@ -0,0 +1,169 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* PKCS#8 Formatted DSA Key Handler
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* Processes keys with the following headers:
|
||||
*
|
||||
* -----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
* -----BEGIN PRIVATE KEY-----
|
||||
* -----BEGIN PUBLIC KEY-----
|
||||
*
|
||||
* Analogous to ssh-keygen's pkcs8 format (as specified by -m). Although PKCS8
|
||||
* is specific to private keys it's basically creating a DER-encoded wrapper
|
||||
* for keys. This just extends that same concept to public keys (much like ssh-keygen)
|
||||
*
|
||||
* @category Crypt
|
||||
* @package DSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2015 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\DSA\Keys;
|
||||
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Crypt\Common\Keys\PKCS8 as Progenitor;
|
||||
use phpseclib\File\ASN1;
|
||||
use phpseclib\File\ASN1\Maps;
|
||||
|
||||
/**
|
||||
* PKCS#8 Formatted DSA Key Handler
|
||||
*
|
||||
* @package DSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class PKCS8 extends Progenitor
|
||||
{
|
||||
/**
|
||||
* OID Name
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
const OID_NAME = 'id-dsa';
|
||||
|
||||
/**
|
||||
* OID Value
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
const OID_VALUE = '1.2.840.10040.4.1';
|
||||
|
||||
/**
|
||||
* Child OIDs loaded
|
||||
*
|
||||
* @var bool
|
||||
* @access private
|
||||
*/
|
||||
protected static $childOIDsLoaded = false;
|
||||
|
||||
/**
|
||||
* Break a public or private key down into its constituent components
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
if (!is_string($key)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$isPublic = strpos($key, 'PUBLIC') !== false;
|
||||
|
||||
$key = parent::load($key, $password);
|
||||
if ($key === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$type = isset($key['privateKey']) ? 'privateKey' : 'publicKey';
|
||||
|
||||
switch (true) {
|
||||
case !$isPublic && $type == 'publicKey':
|
||||
case $isPublic && $type == 'privateKey':
|
||||
return false;
|
||||
}
|
||||
|
||||
$decoded = ASN1::decodeBER($key[$type . 'Algorithm']['parameters']->element);
|
||||
if (empty($decoded)) {
|
||||
return false;
|
||||
}
|
||||
$components = ASN1::asn1map($decoded[0], Maps\DSAParams::MAP);
|
||||
if (!is_array($components)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$decoded = ASN1::decodeBER($key[$type]);
|
||||
if (empty($decoded)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$var = $type == 'privateKey' ? 'x' : 'y';
|
||||
$components[$var] = ASN1::asn1map($decoded[0], Maps\DSAPublicKey::MAP);
|
||||
if (!$components[$var] instanceof BigInteger) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($key['meta'])) {
|
||||
$components['meta'] = $key['meta'];
|
||||
}
|
||||
|
||||
return $components;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a private key to the appropriate format.
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $p
|
||||
* @param \phpseclib\Math\BigInteger $q
|
||||
* @param \phpseclib\Math\BigInteger $g
|
||||
* @param \phpseclib\Math\BigInteger $x
|
||||
* @param \phpseclib\Math\BigInteger $y
|
||||
* @param string $password optional
|
||||
* @return string
|
||||
*/
|
||||
public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, $password = '')
|
||||
{
|
||||
$params = [
|
||||
'p' => $p,
|
||||
'q' => $q,
|
||||
'g' => $g
|
||||
];
|
||||
$params = ASN1::encodeDER($params, Maps\DSAParams::MAP);
|
||||
$params = new ASN1\Element($params);
|
||||
$key = ASN1::encodeDER($x, Maps\DSAPublicKey::MAP);
|
||||
return self::wrapPrivateKey($key, [], $params, $password);
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a public key to the appropriate format
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $p
|
||||
* @param \phpseclib\Math\BigInteger $q
|
||||
* @param \phpseclib\Math\BigInteger $g
|
||||
* @param \phpseclib\Math\BigInteger $y
|
||||
* @return string
|
||||
*/
|
||||
public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y)
|
||||
{
|
||||
$params = [
|
||||
'p' => $p,
|
||||
'q' => $q,
|
||||
'g' => $g
|
||||
];
|
||||
$params = ASN1::encodeDER($params, Maps\DSAParams::MAP);
|
||||
$params = new ASN1\Element($params);
|
||||
$key = ASN1::encodeDER($y, Maps\DSAPublicKey::MAP);
|
||||
return self::wrapPublicKey($key, $params);
|
||||
}
|
||||
}
|
129
phpseclib/Crypt/DSA/Keys/PuTTY.php
Normal file
129
phpseclib/Crypt/DSA/Keys/PuTTY.php
Normal file
@ -0,0 +1,129 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* PuTTY Formatted DSA Key Handler
|
||||
*
|
||||
* puttygen does not generate DSA keys with an N of anything other than 160, however,
|
||||
* it can still load them and convert them. PuTTY will load them, too, but SSH servers
|
||||
* won't accept them. Since PuTTY formatted keys are primarily used with SSH this makes
|
||||
* keys with N > 160 kinda useless, hence this handlers not supporting such keys.
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category Crypt
|
||||
* @package DSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2015 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\DSA\Keys;
|
||||
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Common\Functions\Strings;
|
||||
use phpseclib\Crypt\Common\Keys\PuTTY as Progenitor;
|
||||
|
||||
/**
|
||||
* PuTTY Formatted DSA Key Handler
|
||||
*
|
||||
* @package RSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class PuTTY extends Progenitor
|
||||
{
|
||||
/**
|
||||
* Public Handler
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
const PUBLIC_HANDLER = 'phpseclib\Crypt\DSA\Keys\OpenSSH';
|
||||
|
||||
/**
|
||||
* Algorithm Identifier
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
const TYPE = 'ssh-dss';
|
||||
|
||||
/**
|
||||
* Break a public or private key down into its constituent components
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
$components = parent::load($key, $password);
|
||||
if ($components === false || !isset($components['private'])) {
|
||||
return $components;
|
||||
}
|
||||
extract($components);
|
||||
unset($components['public'], $components['private']);
|
||||
|
||||
$result = Strings::unpackSSH2('iiii', $public);
|
||||
if ($result === false) {
|
||||
return false;
|
||||
}
|
||||
list($p, $q, $g, $y) = $result;
|
||||
|
||||
$result = Strings::unpackSSH2('i', $private);
|
||||
if ($result === false) {
|
||||
return false;
|
||||
}
|
||||
list($x) = $result;
|
||||
|
||||
return compact('p', 'q', 'g', 'y', 'x', 'comment');
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a private key to the appropriate format.
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $p
|
||||
* @param \phpseclib\Math\BigInteger $q
|
||||
* @param \phpseclib\Math\BigInteger $g
|
||||
* @param \phpseclib\Math\BigInteger $y
|
||||
* @param \phpseclib\Math\BigInteger $x
|
||||
* @param array $primes
|
||||
* @param array $exponents
|
||||
* @param array $coefficients
|
||||
* @param string $password optional
|
||||
* @return string
|
||||
*/
|
||||
public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, $password = '')
|
||||
{
|
||||
if ($q->getLength() != 160) {
|
||||
throw new \InvalidArgumentException('SSH only supports keys with an N (length of Group Order q) of 160');
|
||||
}
|
||||
|
||||
$public = Strings::packSSH2('iiii', $p, $q, $g, $y);
|
||||
$private = Strings::packSSH2('i', $x);
|
||||
|
||||
return self::wrapPrivateKey($public, $private, $password);
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a public key to the appropriate format
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $p
|
||||
* @param \phpseclib\Math\BigInteger $q
|
||||
* @param \phpseclib\Math\BigInteger $g
|
||||
* @param \phpseclib\Math\BigInteger $y
|
||||
* @return string
|
||||
*/
|
||||
public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y)
|
||||
{
|
||||
if ($q->getLength() != 160) {
|
||||
throw new \InvalidArgumentException('SSH only supports keys with an N (length of Group Order q) of 160');
|
||||
}
|
||||
|
||||
return self::wrapPublicKey(Strings::packSSH2('iiii', $p, $q, $g, $y));
|
||||
}
|
||||
}
|
95
phpseclib/Crypt/DSA/Keys/Raw.php
Normal file
95
phpseclib/Crypt/DSA/Keys/Raw.php
Normal file
@ -0,0 +1,95 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Raw DSA Key Handler
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* Reads and creates arrays as DSA keys
|
||||
*
|
||||
* @category Crypt
|
||||
* @package DSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2015 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\DSA\Keys;
|
||||
|
||||
use phpseclib\Math\BigInteger;
|
||||
|
||||
/**
|
||||
* Raw DSA Key Handler
|
||||
*
|
||||
* @package DSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class Raw
|
||||
{
|
||||
/**
|
||||
* Break a public or private key down into its constituent components
|
||||
*
|
||||
* @access public
|
||||
* @param array $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
if (!is_array($key)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
switch (true) {
|
||||
case !isset($key['p']) || !isset($key['q']) || !isset($key['g']):
|
||||
case !$key['p'] instanceof BigInteger:
|
||||
case !$key['q'] instanceof BigInteger:
|
||||
case !$key['g'] instanceof BigInteger:
|
||||
case !isset($key['x']) && !isset($key['y']):
|
||||
case isset($key['x']) && !$key['x'] instanceof BigInteger:
|
||||
case isset($key['y']) && !$key['y'] instanceof BigInteger:
|
||||
return false;
|
||||
}
|
||||
|
||||
$options = ['p' => 1, 'q' => 1, 'g' => 1, 'x' => 1, 'y' => 1];
|
||||
|
||||
return array_intersect_key($key, $options);
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a private key to the appropriate format.
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $p
|
||||
* @param \phpseclib\Math\BigInteger $q
|
||||
* @param \phpseclib\Math\BigInteger $g
|
||||
* @param \phpseclib\Math\BigInteger $y
|
||||
* @param \phpseclib\Math\BigInteger $x
|
||||
* @param array $primes
|
||||
* @param array $exponents
|
||||
* @param array $coefficients
|
||||
* @param string $password optional
|
||||
* @return string
|
||||
*/
|
||||
public static function savePrivateKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y, BigInteger $x, $password = '')
|
||||
{
|
||||
return compact('p', 'q', 'g', 'y', 'x');
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a public key to the appropriate format
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $p
|
||||
* @param \phpseclib\Math\BigInteger $q
|
||||
* @param \phpseclib\Math\BigInteger $g
|
||||
* @param \phpseclib\Math\BigInteger $y
|
||||
* @return string
|
||||
*/
|
||||
public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y)
|
||||
{
|
||||
return compact('p', 'q', 'g', 'y');
|
||||
}
|
||||
}
|
129
phpseclib/Crypt/DSA/Keys/XML.php
Normal file
129
phpseclib/Crypt/DSA/Keys/XML.php
Normal file
@ -0,0 +1,129 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* XML Formatted DSA Key Handler
|
||||
*
|
||||
* While XKMS defines a private key format for RSA it does not do so for DSA. Quoting that standard:
|
||||
*
|
||||
* "[XKMS] does not specify private key parameters for the DSA signature algorithm since the algorithm only
|
||||
* supports signature modes and so the application of server generated keys and key recovery is of limited
|
||||
* value"
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category Crypt
|
||||
* @package DSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2015 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\DSA\Keys;
|
||||
|
||||
use ParagonIE\ConstantTime\Base64;
|
||||
use phpseclib\Math\BigInteger;
|
||||
|
||||
/**
|
||||
* XML Formatted DSA Key Handler
|
||||
*
|
||||
* @package DSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class XML
|
||||
{
|
||||
/**
|
||||
* Break a public or private key down into its constituent components
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
if (!is_string($key)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$use_errors = libxml_use_internal_errors(true);
|
||||
|
||||
$dom = new \DOMDocument();
|
||||
if (!$dom->loadXML('<xml>' . $key . '</xml>')) {
|
||||
return false;
|
||||
}
|
||||
$xpath = new \DOMXPath($dom);
|
||||
$keys = ['p', 'q', 'g', 'y', 'j', 'seed', 'pgencounter'];
|
||||
foreach ($keys as $key) {
|
||||
// $dom->getElementsByTagName($key) is case-sensitive
|
||||
$temp = $xpath->query("//*[translate(local-name(), 'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='$key']");
|
||||
if (!$temp->length) {
|
||||
continue;
|
||||
}
|
||||
$value = new BigInteger(Base64::decode($temp->item(0)->nodeValue), 256);
|
||||
switch ($key) {
|
||||
case 'p': // a prime modulus meeting the [DSS] requirements
|
||||
// Parameters P, Q, and G can be public and common to a group of users. They might be known
|
||||
// from application context. As such, they are optional but P and Q must either both appear
|
||||
// or both be absent
|
||||
$components['p'] = $value;
|
||||
break;
|
||||
case 'q': // an integer in the range 2**159 < Q < 2**160 which is a prime divisor of P-1
|
||||
$components['q'] = $value;
|
||||
break;
|
||||
case 'g': // an integer with certain properties with respect to P and Q
|
||||
$components['g'] = $value;
|
||||
break;
|
||||
case 'y': // G**X mod P (where X is part of the private key and not made public)
|
||||
$components['y'] = $value;
|
||||
// the remaining options do not do anything
|
||||
case 'j': // (P - 1) / Q
|
||||
// Parameter J is available for inclusion solely for efficiency as it is calculatable from
|
||||
// P and Q
|
||||
case 'seed': // a DSA prime generation seed
|
||||
// Parameters seed and pgenCounter are used in the DSA prime number generation algorithm
|
||||
// specified in [DSS]. As such, they are optional but must either both be present or both
|
||||
// be absent
|
||||
case 'pgencounter': // a DSA prime generation counter
|
||||
}
|
||||
}
|
||||
|
||||
libxml_use_internal_errors($use_errors);
|
||||
|
||||
if (!isset($components['y'])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
switch (true) {
|
||||
case !isset($components['p']):
|
||||
case !isset($components['q']):
|
||||
case !isset($components['g']):
|
||||
return ['y' => $components['y']];
|
||||
}
|
||||
|
||||
return $components;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a public key to the appropriate format
|
||||
*
|
||||
* See https://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $p
|
||||
* @param \phpseclib\Math\BigInteger $q
|
||||
* @param \phpseclib\Math\BigInteger $g
|
||||
* @param \phpseclib\Math\BigInteger $y
|
||||
* @return string
|
||||
*/
|
||||
public static function savePublicKey(BigInteger $p, BigInteger $q, BigInteger $g, BigInteger $y)
|
||||
{
|
||||
return "<DSAKeyValue>\r\n" .
|
||||
' <P>' . Base64::encode($p->toBytes()) . "</P>\r\n" .
|
||||
' <Q>' . Base64::encode($q->toBytes()) . "</Q>\r\n" .
|
||||
' <G>' . Base64::encode($g->toBytes()) . "</G>\r\n" .
|
||||
' <Y>' . Base64::encode($y->toBytes()) . "</Y>\r\n" .
|
||||
'</DSAKeyValue>';
|
||||
}
|
||||
}
|
68
phpseclib/Crypt/DSA/Signature/PKCS.php
Normal file
68
phpseclib/Crypt/DSA/Signature/PKCS.php
Normal file
@ -0,0 +1,68 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* PKCS Signature Handler
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* Handles signatures in the format described in
|
||||
* https://tools.ietf.org/html/rfc3279#section-2.2.2
|
||||
*
|
||||
* @category Crypt
|
||||
* @package Common
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2016 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\DSA\Signature;
|
||||
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\File\ASN1;
|
||||
use phpseclib\File\ASN1\Maps;
|
||||
|
||||
/**
|
||||
* PKCS Signature Handler
|
||||
*
|
||||
* @package Common
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class PKCS
|
||||
{
|
||||
/**
|
||||
* Loads a signature
|
||||
*
|
||||
* @access public
|
||||
* @param array $key
|
||||
* @return array
|
||||
*/
|
||||
public static function load($sig)
|
||||
{
|
||||
if (!is_string($sig)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$decoded = ASN1::decodeBER($sig);
|
||||
if (empty($decoded)) {
|
||||
return false;
|
||||
}
|
||||
$components = ASN1::asn1map($decoded[0], Maps\DssSigValue::MAP);
|
||||
|
||||
return $components;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a signature in the appropriate format
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $r
|
||||
* @param \phpseclib\Math\BigInteger $s
|
||||
* @return string
|
||||
*/
|
||||
public static function save(BigInteger $r, BigInteger $s)
|
||||
{
|
||||
return ASN1::encodeDER(compact('r', 's'), Maps\DssSigValue::MAP);
|
||||
}
|
||||
}
|
29
phpseclib/Crypt/DSA/Signature/Raw.php
Normal file
29
phpseclib/Crypt/DSA/Signature/Raw.php
Normal file
@ -0,0 +1,29 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Raw DSA Signature Handler
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category Crypt
|
||||
* @package DSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2016 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\DSA\Signature;
|
||||
|
||||
use phpseclib\Crypt\Common\Signature\Raw as Progenitor;
|
||||
|
||||
/**
|
||||
* Raw DSA Signature Handler
|
||||
*
|
||||
* @package DSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class Raw extends Progenitor
|
||||
{
|
||||
}
|
75
phpseclib/Crypt/DSA/Signature/SSH2.php
Normal file
75
phpseclib/Crypt/DSA/Signature/SSH2.php
Normal file
@ -0,0 +1,75 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* SSH2 Signature Handler
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* Handles signatures in the format used by SSH2
|
||||
*
|
||||
* @category Crypt
|
||||
* @package Common
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2016 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\DSA\Signature;
|
||||
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Common\Functions\Strings;
|
||||
|
||||
/**
|
||||
* SSH2 Signature Handler
|
||||
*
|
||||
* @package Common
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class SSH2
|
||||
{
|
||||
/**
|
||||
* Loads a signature
|
||||
*
|
||||
* @access public
|
||||
* @param array $key
|
||||
* @return array
|
||||
*/
|
||||
public static function load($sig)
|
||||
{
|
||||
if (!is_string($sig)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$result = Strings::unpackSSH2('ss', $sig);
|
||||
if ($result === false) {
|
||||
return false;
|
||||
}
|
||||
list($type, $blob) = $result;
|
||||
if ($type != 'ssh-dss' || strlen($blob) != 40) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return [
|
||||
'r' => new BigInteger(substr($blob, 0, 20), 256),
|
||||
's' => new BigInteger(substr($blob, 20), 256)
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a signature in the appropriate format
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $r
|
||||
* @param \phpseclib\Math\BigInteger $s
|
||||
* @return string
|
||||
*/
|
||||
public static function save(BigInteger $r, BigInteger $s)
|
||||
{
|
||||
if ($r->getLength() != 160 || $s->getLength != 160) {
|
||||
return false;
|
||||
}
|
||||
return Strings::pack('ss', $r, $s);
|
||||
}
|
||||
}
|
@ -50,6 +50,8 @@ use phpseclib\File\ASN1;
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Common\Functions\Strings;
|
||||
use phpseclib\File\ASN1\Maps\DigestInfo;
|
||||
use phpseclib\Crypt\Common\AsymmetricKey;
|
||||
use phpseclib\Exception\UnsupportedAlgorithmException;
|
||||
|
||||
/**
|
||||
* Pure-PHP PKCS#1 compliant implementation of RSA.
|
||||
@ -58,8 +60,16 @@ use phpseclib\File\ASN1\Maps\DigestInfo;
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
class RSA
|
||||
class RSA extends AsymmetricKey
|
||||
{
|
||||
/**
|
||||
* Algorithm Name
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
const ALGORITHM = 'RSA';
|
||||
|
||||
/**#@+
|
||||
* @access public
|
||||
* @see self::encrypt()
|
||||
@ -119,54 +129,6 @@ class RSA
|
||||
const PADDING_RELAXED_PKCS1 = 5;
|
||||
/**#@-*/
|
||||
|
||||
/**#@+
|
||||
* @access private
|
||||
* @see self::__construct()
|
||||
*/
|
||||
/**
|
||||
* To use the pure-PHP implementation
|
||||
*/
|
||||
const ENGINE_INTERNAL = 1;
|
||||
/**
|
||||
* To use the OpenSSL library
|
||||
*
|
||||
* (if enabled; otherwise, the internal implementation will be used)
|
||||
*/
|
||||
const ENGINE_OPENSSL = 2;
|
||||
/**#@-*/
|
||||
|
||||
/**
|
||||
* Precomputed Zero
|
||||
*
|
||||
* @var \phpseclib\Math\BigInteger
|
||||
* @access private
|
||||
*/
|
||||
private static $zero;
|
||||
|
||||
/**
|
||||
* Precomputed One
|
||||
*
|
||||
* @var \phpseclib\Math\BigInteger
|
||||
* @access private
|
||||
*/
|
||||
private static $one;
|
||||
|
||||
/**
|
||||
* Private Key Format
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
private $privateKeyFormat = 'PKCS8';
|
||||
|
||||
/**
|
||||
* Public Key Format
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
private $publicKeyFormat = 'PKCS8';
|
||||
|
||||
/**
|
||||
* Modulus (ie. n)
|
||||
*
|
||||
@ -223,14 +185,6 @@ class RSA
|
||||
*/
|
||||
private $hashName;
|
||||
|
||||
/**
|
||||
* Hash function
|
||||
*
|
||||
* @var \phpseclib\Crypt\Hash
|
||||
* @access private
|
||||
*/
|
||||
private $hash;
|
||||
|
||||
/**
|
||||
* Length of hash function output
|
||||
*
|
||||
@ -271,51 +225,6 @@ class RSA
|
||||
*/
|
||||
private $publicExponent = false;
|
||||
|
||||
/**
|
||||
* Password
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
private $password = false;
|
||||
|
||||
/**
|
||||
* Loaded File Format
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
private $format = false;
|
||||
|
||||
/**
|
||||
* OpenSSL configuration file name.
|
||||
*
|
||||
* Set to null to use system configuration file.
|
||||
*
|
||||
* @see self::createKey()
|
||||
* @var mixed
|
||||
* @access public
|
||||
*/
|
||||
private static $configFile;
|
||||
|
||||
/**
|
||||
* Supported file formats (lower case)
|
||||
*
|
||||
* @see self::initialize_static_variables()
|
||||
* @var array
|
||||
* @access private
|
||||
*/
|
||||
private static $fileFormats = false;
|
||||
|
||||
/**
|
||||
* Supported file formats (original case)
|
||||
*
|
||||
* @see self::initialize_static_variables()
|
||||
* @var array
|
||||
* @access private
|
||||
*/
|
||||
private static $origFileFormats = false;
|
||||
|
||||
/**
|
||||
* Public exponent
|
||||
*
|
||||
@ -340,40 +249,6 @@ class RSA
|
||||
*/
|
||||
private static $smallestPrime = 4096;
|
||||
|
||||
/**
|
||||
* Engine
|
||||
*
|
||||
* This is only used for key generation. Valid values are RSA::ENGINE_INTERNAL and RSA::ENGINE_OPENSSL
|
||||
*
|
||||
* @var int
|
||||
* @access private
|
||||
*/
|
||||
private static $engine = NULL;
|
||||
|
||||
/**
|
||||
* Initialize static variables
|
||||
*
|
||||
* @access private
|
||||
*/
|
||||
private static function initialize_static_variables()
|
||||
{
|
||||
if (!isset(self::$zero)) {
|
||||
self::$zero= new BigInteger(0);
|
||||
self::$one = new BigInteger(1);
|
||||
self::$configFile = __DIR__ . '/../openssl.cnf';
|
||||
|
||||
if (self::$fileFormats === false) {
|
||||
self::$fileFormats = [];
|
||||
foreach (glob(__DIR__ . '/RSA/*.php') as $file) {
|
||||
$name = pathinfo($file, PATHINFO_FILENAME);
|
||||
$type = 'phpseclib\Crypt\RSA\\' . $name;
|
||||
self::$fileFormats[strtolower($name)] = $type;
|
||||
self::$origFileFormats[] = $name;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* The constructor
|
||||
*
|
||||
@ -386,9 +261,9 @@ class RSA
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
self::initialize_static_variables();
|
||||
parent::__construct();
|
||||
|
||||
$this->hash = new Hash('sha256');
|
||||
//$this->hash = new Hash('sha256');
|
||||
$this->hLen = $this->hash->getLengthInBytes();
|
||||
$this->hashName = 'sha256';
|
||||
$this->mgfHash = new Hash('sha256');
|
||||
@ -421,73 +296,15 @@ class RSA
|
||||
self::$smallestPrime = $val;
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests engine validity
|
||||
*
|
||||
* @access public
|
||||
* @param int $val
|
||||
*/
|
||||
public static function isValidEngine($val)
|
||||
{
|
||||
switch ($val) {
|
||||
case self::ENGINE_OPENSSL:
|
||||
return extension_loaded('openssl') && file_exists(self::$configFile);
|
||||
case self::ENGINE_INTERNAL:
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the engine
|
||||
*
|
||||
* Only used in RSA::createKey. Valid values are RSA::ENGINE_OPENSSL and RSA::ENGINE_INTERNAL
|
||||
*
|
||||
* @access public
|
||||
* @param int $val
|
||||
*/
|
||||
public static function setPreferredEngine($val)
|
||||
{
|
||||
self::$engine = null;
|
||||
$candidateEngines = [
|
||||
$val,
|
||||
self::ENGINE_OPENSSL
|
||||
];
|
||||
foreach ($candidateEngines as $engine) {
|
||||
if (self::isValidEngine($engine)) {
|
||||
self::$engine = $engine;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!isset(self::$engine)) {
|
||||
self::$engine = self::ENGINE_INTERNAL;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the engine
|
||||
*
|
||||
* @access public
|
||||
* @return int
|
||||
*/
|
||||
public static function getEngine($val)
|
||||
{
|
||||
return self::$engine;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create public / private key pair
|
||||
*
|
||||
* Returns an array with the following three elements:
|
||||
* Returns an array with the following two elements:
|
||||
* - 'privatekey': The private key.
|
||||
* - 'publickey': The public key.
|
||||
* - 'partialkey': A partially computed key (if the execution time exceeded $timeout).
|
||||
* Will need to be passed back to \phpseclib\Crypt\RSA::createKey() as the third parameter for further processing.
|
||||
*
|
||||
* @access public
|
||||
* @param int $bits
|
||||
* @param int $timeout
|
||||
* @param array $p
|
||||
*/
|
||||
public static function createKey($bits = 2048)
|
||||
@ -513,16 +330,13 @@ class RSA
|
||||
$publickeyarr = openssl_pkey_get_details($rsa);
|
||||
$publickey = new RSA();
|
||||
$publickey->load($publickeyarr['key']);
|
||||
$publickey->setPublicKey();
|
||||
|
||||
// clear the buffer of error strings stemming from a minimalistic openssl.cnf
|
||||
while (openssl_error_string() !== false) {
|
||||
}
|
||||
|
||||
return [
|
||||
'privatekey' => $privatekey,
|
||||
'publickey' => $publickey,
|
||||
'partialkey' => false
|
||||
];
|
||||
return compact('privatekey', 'publickey');
|
||||
}
|
||||
|
||||
static $e;
|
||||
@ -614,47 +428,9 @@ class RSA
|
||||
$publickey->modulus = $n;
|
||||
$publickey->k = $bits >> 3;
|
||||
$publickey->exponent = $e;
|
||||
$publickey->publicExponent = $e;
|
||||
|
||||
return [
|
||||
'privatekey' => $privatekey,
|
||||
'publickey' => $publickey
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a fileformat plugin
|
||||
*
|
||||
* The plugin needs to either already be loaded or be auto-loadable.
|
||||
* Loading a plugin whose shortname overwrite an existing shortname will overwrite the old plugin.
|
||||
*
|
||||
* @see self::load()
|
||||
* @param string $fullname
|
||||
* @access public
|
||||
* @return bool
|
||||
*/
|
||||
public static function addFileFormat($fullname)
|
||||
{
|
||||
self::initialize_static_variables();
|
||||
|
||||
if (class_exists($fullname)) {
|
||||
$meta = new \ReflectionClass($path);
|
||||
$shortname = $meta->getShortName();
|
||||
self::$fileFormats[strtolower($shortname)] = $fullname;
|
||||
self::$origFileFormats[] = $shortname;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a list of supported formats.
|
||||
*
|
||||
* @access public
|
||||
* @return array
|
||||
*/
|
||||
public static function getSupportedFormats()
|
||||
{
|
||||
self::initialize_static_variables();
|
||||
|
||||
return self::$origFileFormats;
|
||||
return compact('privatekey', 'publickey');
|
||||
}
|
||||
|
||||
/**
|
||||
@ -671,6 +447,7 @@ class RSA
|
||||
if ($key instanceof RSA) {
|
||||
$this->privateKeyFormat = $key->privateKeyFormat;
|
||||
$this->publicKeyFormat = $key->publicKeyFormat;
|
||||
$this->format = $key->format;
|
||||
$this->k = $key->k;
|
||||
$this->hLen = $key->hLen;
|
||||
$this->sLen = $key->sLen;
|
||||
@ -711,33 +488,11 @@ class RSA
|
||||
return true;
|
||||
}
|
||||
|
||||
$components = false;
|
||||
if ($type === false) {
|
||||
foreach (self::$fileFormats as $format) {
|
||||
try {
|
||||
$components = $format::load($key, $this->password);
|
||||
} catch (\Exception $e) {
|
||||
$components = false;
|
||||
}
|
||||
if ($components !== false) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$format = strtolower($type);
|
||||
if (isset(self::$fileFormats[$format])) {
|
||||
$format = self::$fileFormats[$format];
|
||||
$components = $format::load($key, $this->password);
|
||||
}
|
||||
}
|
||||
|
||||
$components = parent::load($key, $type);
|
||||
if ($components === false) {
|
||||
$this->format = false;
|
||||
return false;
|
||||
}
|
||||
|
||||
$this->format = $format;
|
||||
|
||||
$this->modulus = $components['modulus'];
|
||||
$this->k = $this->modulus->getLengthInBytes();
|
||||
$this->exponent = isset($components['privateExponent']) ? $components['privateExponent'] : $components['publicExponent'];
|
||||
@ -760,26 +515,6 @@ class RSA
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the format of the loaded key.
|
||||
*
|
||||
* If the key that was loaded wasn't in a valid or if the key was auto-generated
|
||||
* with RSA::createKey() then this will return false.
|
||||
*
|
||||
* @see self::load()
|
||||
* @access public
|
||||
* @return mixed
|
||||
*/
|
||||
public function getLoadedFormat()
|
||||
{
|
||||
if ($this->format === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$meta = new \ReflectionClass($this->format);
|
||||
return $meta->getShortName();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the private key
|
||||
*
|
||||
@ -790,14 +525,10 @@ class RSA
|
||||
* @param string $type optional
|
||||
* @return mixed
|
||||
*/
|
||||
public function getPrivateKey($type = 'PKCS1')
|
||||
public function getPrivateKey($type = 'PKCS8')
|
||||
{
|
||||
$type = strtolower($type);
|
||||
if (!isset(self::$fileFormats[$type])) {
|
||||
return false;
|
||||
}
|
||||
$type = self::$fileFormats[$type];
|
||||
if (!method_exists($type, 'savePrivateKey')) {
|
||||
$type = self::validatePlugin('Keys', $type, 'savePrivateKey');
|
||||
if ($type === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -836,6 +567,35 @@ class RSA
|
||||
*/
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a minimalistic private key
|
||||
*
|
||||
* Returns the private key without the prime number constituants. Structurally identical to a public key that
|
||||
* hasn't been set as the public key
|
||||
*
|
||||
* @see self::getPrivateKey()
|
||||
* @access private
|
||||
* @param string $type optional
|
||||
* @return mixed
|
||||
*/
|
||||
protected function getPrivatePublicKey($type = 'PKCS8')
|
||||
{
|
||||
$type = self::validatePlugin('Keys', $type, 'savePublicKey');
|
||||
if ($type === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (empty($this->modulus) || empty($this->exponent)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$oldFormat = $this->publicKeyFormat;
|
||||
$this->publicKeyFormat = $type;
|
||||
$temp = $type::savePublicKey($this->modulus, $this->exponent);
|
||||
$this->publicKeyFormat = $oldFormat;
|
||||
return $temp;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the key size
|
||||
*
|
||||
@ -849,22 +609,6 @@ class RSA
|
||||
return !isset($this->modulus) ? 0 : $this->modulus->getLength();
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the password
|
||||
*
|
||||
* Private keys can be encrypted with a password. To unset the password, pass in the empty string or false.
|
||||
* Or rather, pass in $password such that empty($password) && !is_string($password) is true.
|
||||
*
|
||||
* @see self::createKey()
|
||||
* @see self::load()
|
||||
* @access public
|
||||
* @param string $password
|
||||
*/
|
||||
public function setPassword($password = false)
|
||||
{
|
||||
$this->password = $password;
|
||||
}
|
||||
|
||||
/**
|
||||
* Defines the public key
|
||||
*
|
||||
@ -898,40 +642,11 @@ class RSA
|
||||
return true;
|
||||
}
|
||||
|
||||
$components = false;
|
||||
if ($type === false) {
|
||||
foreach (self::$fileFormats as $format) {
|
||||
if (!method_exists($format, 'savePublicKey')) {
|
||||
continue;
|
||||
}
|
||||
try {
|
||||
$components = $format::load($key, $this->password);
|
||||
} catch (\Exception $e) {
|
||||
$components = false;
|
||||
}
|
||||
if ($components !== false) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$format = strtolower($type);
|
||||
if (isset(self::$fileFormats[$format])) {
|
||||
$format = self::$fileFormats[$format];
|
||||
try {
|
||||
$components = $format::load($key, $this->password);
|
||||
} catch (\Exception $e) {
|
||||
$components = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$components = parent::setPublicKey($key, $type);
|
||||
if ($components === false) {
|
||||
$this->format = false;
|
||||
return false;
|
||||
}
|
||||
|
||||
$this->format = $format;
|
||||
|
||||
if (empty($this->modulus) || !$this->modulus->equals($components['modulus'])) {
|
||||
$this->modulus = $components['modulus'];
|
||||
$this->exponent = $this->publicExponent = $components['publicExponent'];
|
||||
@ -991,12 +706,8 @@ class RSA
|
||||
*/
|
||||
public function getPublicKey($type = 'PKCS8')
|
||||
{
|
||||
$type = strtolower($type);
|
||||
if (!isset(self::$fileFormats[$type])) {
|
||||
return false;
|
||||
}
|
||||
$type = self::$fileFormats[$type];
|
||||
if (!method_exists($type, 'savePublicKey')) {
|
||||
$type = self::validatePlugin('Keys', $type, 'savePublicKey');
|
||||
if ($type === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -1007,75 +718,6 @@ class RSA
|
||||
return $type::savePublicKey($this->modulus, $this->publicExponent);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the public key's fingerprint
|
||||
*
|
||||
* The public key's fingerprint is returned, which is equivalent to running `ssh-keygen -lf rsa.pub`. If there is
|
||||
* no public key currently loaded, false is returned.
|
||||
* Example output (md5): "c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87" (as specified by RFC 4716)
|
||||
*
|
||||
* @access public
|
||||
* @param string $algorithm The hashing algorithm to be used. Valid options are 'md5' and 'sha256'. False is returned
|
||||
* for invalid values.
|
||||
* @return mixed
|
||||
*/
|
||||
public function getPublicKeyFingerprint($algorithm = 'md5')
|
||||
{
|
||||
if (empty($this->modulus) || empty($this->publicExponent)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$modulus = $this->modulus->toBytes(true);
|
||||
$publicExponent = $this->publicExponent->toBytes(true);
|
||||
|
||||
$RSAPublicKey = pack('Na*Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($publicExponent), $publicExponent, strlen($modulus), $modulus);
|
||||
|
||||
switch ($algorithm) {
|
||||
case 'sha256':
|
||||
$hash = new Hash('sha256');
|
||||
$base = Base64::encode($hash->hash($RSAPublicKey));
|
||||
return substr($base, 0, strlen($base) - 1);
|
||||
case 'md5':
|
||||
return substr(chunk_split(md5($RSAPublicKey), 2, ':'), 0, -1);
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a minimalistic private key
|
||||
*
|
||||
* Returns the private key without the prime number constituants. Structurally identical to a public key that
|
||||
* hasn't been set as the public key
|
||||
*
|
||||
* @see self::getPrivateKey()
|
||||
* @access private
|
||||
* @param string $type optional
|
||||
* @return mixed
|
||||
*/
|
||||
private function getPrivatePublicKey($type = 'PKCS8')
|
||||
{
|
||||
$type = strtolower($type);
|
||||
if (!isset(self::$fileFormats[$type])) {
|
||||
return false;
|
||||
}
|
||||
$type = self::$fileFormats[$type];
|
||||
if (!method_exists($type, 'savePublicKey')) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (empty($this->modulus) || empty($this->exponent)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$oldFormat = $this->publicKeyFormat;
|
||||
$this->publicKeyFormat = $type;
|
||||
$temp = $type::savePublicKey($this->modulus, $this->exponent);
|
||||
$this->publicKeyFormat = $oldFormat;
|
||||
return $temp;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* __toString() magic method
|
||||
*
|
||||
@ -1096,48 +738,11 @@ class RSA
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* __clone() magic method
|
||||
*
|
||||
* @access public
|
||||
* @return \phpseclib\Crypt\RSA
|
||||
*/
|
||||
public function __clone()
|
||||
{
|
||||
$key = new RSA();
|
||||
$key->load($this);
|
||||
return $key;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines the private key format
|
||||
*
|
||||
* @see self::__toString()
|
||||
* @access public
|
||||
* @param string $format
|
||||
*/
|
||||
public function setPrivateKeyFormat($format)
|
||||
{
|
||||
$this->privateKeyFormat = $format;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines the public key format
|
||||
*
|
||||
* @see self::__toString()
|
||||
* @access public
|
||||
* @param string $format
|
||||
*/
|
||||
public function setPublicKeyFormat($format)
|
||||
{
|
||||
$this->publicKeyFormat = $format;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines which hashing function should be used
|
||||
*
|
||||
* Used with signature production / verification and (if the encryption mode is self::PADDING_OAEP) encryption and
|
||||
* decryption. If $hash isn't supported, sha256 is used.
|
||||
* decryption.
|
||||
*
|
||||
* @access public
|
||||
* @param string $hash
|
||||
@ -1145,7 +750,7 @@ class RSA
|
||||
public function setHash($hash)
|
||||
{
|
||||
// \phpseclib\Crypt\Hash supports algorithms that PKCS#1 doesn't support. md5-96 and sha1-96, for example.
|
||||
switch ($hash) {
|
||||
switch (strtolower($hash)) {
|
||||
case 'md2':
|
||||
case 'md5':
|
||||
case 'sha1':
|
||||
@ -1159,8 +764,9 @@ class RSA
|
||||
$this->hashName = $hash;
|
||||
break;
|
||||
default:
|
||||
$this->hash = new Hash('sha256');
|
||||
$this->hashName = 'sha256';
|
||||
throw new UnsupportedAlgorithmException(
|
||||
'The only supported hash algorithms are: md2, md5, sha1, sha256, sha384, sha512, sha224, sha512/224, sha512/256'
|
||||
);
|
||||
}
|
||||
$this->hLen = $this->hash->getLengthInBytes();
|
||||
}
|
||||
@ -1352,34 +958,6 @@ class RSA
|
||||
return $x;
|
||||
}
|
||||
|
||||
/**
|
||||
* Performs blinded RSA equality testing
|
||||
*
|
||||
* Protects against a particular type of timing attack described.
|
||||
*
|
||||
* See {@link http://codahale.com/a-lesson-in-timing-attacks/ A Lesson In Timing Attacks (or, Don't use MessageDigest.isEquals)}
|
||||
*
|
||||
* Thanks for the heads up singpolyma!
|
||||
*
|
||||
* @access private
|
||||
* @param string $x
|
||||
* @param string $y
|
||||
* @return bool
|
||||
*/
|
||||
private static function equals($x, $y)
|
||||
{
|
||||
if (strlen($x) != strlen($y)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$result = 0;
|
||||
for ($i = 0; $i < strlen($x); $i++) {
|
||||
$result |= ord($x[$i]) ^ ord($y[$i]);
|
||||
}
|
||||
|
||||
return $result == 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* RSAEP
|
||||
*
|
||||
@ -1578,7 +1156,7 @@ class RSA
|
||||
$db = $maskedDB ^ $dbMask;
|
||||
$lHash2 = substr($db, 0, $this->hLen);
|
||||
$m = substr($db, $this->hLen);
|
||||
if (!self::equals($lHash, $lHash2)) {
|
||||
if (!Strings::equals($lHash, $lHash2)) {
|
||||
return false;
|
||||
}
|
||||
$m = ltrim($m, chr(0));
|
||||
@ -1796,7 +1374,7 @@ class RSA
|
||||
$salt = substr($db, $temp + 1); // should be $sLen long
|
||||
$m2 = "\0\0\0\0\0\0\0\0" . $mHash . $salt;
|
||||
$h2 = $this->hash->hash($m2);
|
||||
return self::equals($h, $h2);
|
||||
return Strings::equals($h, $h2);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1990,7 +1568,7 @@ class RSA
|
||||
}
|
||||
|
||||
// Compare
|
||||
return self::equals($em, $em2);
|
||||
return Strings::equals($em, $em2);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -2080,7 +1658,7 @@ class RSA
|
||||
$em = $hash->hash($m);
|
||||
$em2 = $decoded['digest'];
|
||||
|
||||
return self::equals($em, $em2);
|
||||
return Strings::equals($em, $em2);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -17,7 +17,7 @@
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\RSA;
|
||||
namespace phpseclib\Crypt\RSA\Keys;
|
||||
|
||||
use ParagonIE\ConstantTime\Base64;
|
||||
use phpseclib\Math\BigInteger;
|
||||
@ -173,6 +173,10 @@ abstract class MSBLOB
|
||||
*/
|
||||
public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, $primes, $exponents, $coefficients, $password = '')
|
||||
{
|
||||
if (count($primes) != 2) {
|
||||
throw new \InvalidArgumentException('MSBLOB does not support multi-prime RSA keys');
|
||||
}
|
||||
|
||||
$n = strrev($n->toBytes());
|
||||
$e = str_pad(strrev($e->toBytes()), 4, "\0");
|
||||
$key = pack('aavV', chr(self::PRIVATEKEYBLOB), chr(2), 0, self::CALG_RSA_KEYX);
|
83
phpseclib/Crypt/RSA/Keys/OpenSSH.php
Normal file
83
phpseclib/Crypt/RSA/Keys/OpenSSH.php
Normal file
@ -0,0 +1,83 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* OpenSSH Formatted RSA Key Handler
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* Place in $HOME/.ssh/authorized_keys
|
||||
*
|
||||
* @category Crypt
|
||||
* @package RSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2015 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\RSA\Keys;
|
||||
|
||||
use ParagonIE\ConstantTime\Base64;
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Common\Functions\Strings;
|
||||
use phpseclib\Crypt\Common\Keys\OpenSSH as Progenitor;
|
||||
|
||||
/**
|
||||
* OpenSSH Formatted RSA Key Handler
|
||||
*
|
||||
* @package RSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class OpenSSH extends Progenitor
|
||||
{
|
||||
/**
|
||||
* Break a public or private key down into its constituent components
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
$key = parent::load($key, 'ssh-rsa');
|
||||
if ($key === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$result = Strings::unpackSSH2('ii', $key);
|
||||
if ($result === false) {
|
||||
return false;
|
||||
}
|
||||
list($publicExponent, $modulus) = $result;
|
||||
|
||||
return [
|
||||
'isPublicKey' => true,
|
||||
'modulus' => $modulus,
|
||||
'publicExponent' => $publicExponent,
|
||||
'comment' => parent::getComment($key)
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a public key to the appropriate format
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $n
|
||||
* @param \phpseclib\Math\BigInteger $e
|
||||
* @return string
|
||||
*/
|
||||
public static function savePublicKey(BigInteger $n, BigInteger $e)
|
||||
{
|
||||
$RSAPublicKey = Strings::packSSH2('sii', 'ssh-rsa', $e, $n);
|
||||
|
||||
if (self::$binary) {
|
||||
return $RSAPublicKey;
|
||||
}
|
||||
|
||||
$RSAPublicKey = 'ssh-rsa ' . Base64::encode($RSAPublicKey) . ' ' . self::$comment;
|
||||
|
||||
return $RSAPublicKey;
|
||||
}
|
||||
}
|
@ -22,10 +22,10 @@
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\RSA;
|
||||
namespace phpseclib\Crypt\RSA\Keys;
|
||||
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Crypt\Common\PKCS1 as Progenitor;
|
||||
use phpseclib\Crypt\Common\Keys\PKCS1 as Progenitor;
|
||||
use phpseclib\File\ASN1;
|
||||
use phpseclib\File\ASN1\Maps;
|
||||
|
@ -25,10 +25,10 @@
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\RSA;
|
||||
namespace phpseclib\Crypt\RSA\Keys;
|
||||
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Crypt\Common\PKCS8 as Progenitor;
|
||||
use phpseclib\Crypt\Common\Keys\PKCS8 as Progenitor;
|
||||
use phpseclib\File\ASN1;
|
||||
|
||||
/**
|
||||
@ -40,6 +40,30 @@ use phpseclib\File\ASN1;
|
||||
*/
|
||||
abstract class PKCS8 extends Progenitor
|
||||
{
|
||||
/**
|
||||
* OID Name
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
const OID_NAME = 'rsaEncryption';
|
||||
|
||||
/**
|
||||
* OID Value
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
const OID_VALUE = '1.2.840.113549.1.1.1';
|
||||
|
||||
/**
|
||||
* Child OIDs loaded
|
||||
*
|
||||
* @var bool
|
||||
* @access private
|
||||
*/
|
||||
protected static $childOIDsLoaded = false;
|
||||
|
||||
/**
|
||||
* Break a public or private key down into its constituent components
|
||||
*
|
||||
@ -50,6 +74,10 @@ abstract class PKCS8 extends Progenitor
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
if (!is_string($key)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$components = ['isPublicKey' => strpos($key, 'PUBLIC') !== false];
|
||||
|
||||
$key = parent::load($key, $password);
|
||||
@ -59,10 +87,6 @@ abstract class PKCS8 extends Progenitor
|
||||
|
||||
$type = isset($key['privateKey']) ? 'private' : 'public';
|
||||
|
||||
if ($key[$type . 'KeyAlgorithm']['algorithm'] != '1.2.840.113549.1.1.1') {
|
||||
return false;
|
||||
}
|
||||
|
||||
$result = $components + PKCS1::load($key[$type . 'Key']);
|
||||
|
||||
if (isset($key['meta'])) {
|
||||
@ -89,7 +113,7 @@ abstract class PKCS8 extends Progenitor
|
||||
{
|
||||
$key = PKCS1::savePrivateKey($n, $e, $d, $primes, $exponents, $coefficients);
|
||||
$key = ASN1::extractBER($key);
|
||||
return self::wrapPrivateKey($key, '1.2.840.113549.1.1.1', [], $password);
|
||||
return self::wrapPrivateKey($key, [], null, $password);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -104,6 +128,6 @@ abstract class PKCS8 extends Progenitor
|
||||
{
|
||||
$key = PKCS1::savePublicKey($n, $e);
|
||||
$key = ASN1::extractBER($key);
|
||||
return self::wrapPublicKey($key, '1.2.840.113549.1.1.1');
|
||||
return self::wrapPublicKey($key, null);
|
||||
}
|
||||
}
|
129
phpseclib/Crypt/RSA/Keys/PuTTY.php
Normal file
129
phpseclib/Crypt/RSA/Keys/PuTTY.php
Normal file
@ -0,0 +1,129 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* PuTTY Formatted RSA Key Handler
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category Crypt
|
||||
* @package RSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2015 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\RSA\Keys;
|
||||
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Common\Functions\Strings;
|
||||
use phpseclib\Crypt\Common\Keys\PuTTY as Progenitor;
|
||||
|
||||
/**
|
||||
* PuTTY Formatted RSA Key Handler
|
||||
*
|
||||
* @package RSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class PuTTY extends Progenitor
|
||||
{
|
||||
/**
|
||||
* Public Handler
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
const PUBLIC_HANDLER = 'phpseclib\Crypt\RSA\Keys\OpenSSH';
|
||||
|
||||
/**
|
||||
* Algorithm Identifier
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
const TYPE = 'ssh-rsa';
|
||||
|
||||
/**
|
||||
* Break a public or private key down into its constituent components
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
static $one;
|
||||
if (!isset($one)) {
|
||||
$one = new BigInteger(1);
|
||||
}
|
||||
|
||||
$components = parent::load($key, $password);
|
||||
if ($components === false || !isset($components['private'])) {
|
||||
return $components;
|
||||
}
|
||||
extract($components);
|
||||
unset($components['public'], $components['private']);
|
||||
|
||||
$isPublicKey = false;
|
||||
|
||||
$result = Strings::unpackSSH2('ii', $public);
|
||||
if ($result === false) {
|
||||
return false;
|
||||
}
|
||||
list($publicExponent, $modulus) = $result;
|
||||
|
||||
$result = Strings::unpackSSH2('iiii', $private);
|
||||
if ($result === false) {
|
||||
return false;
|
||||
}
|
||||
$primes = $coefficients = [];
|
||||
list($privateExponent, $primes[1], $primes[2], $coefficients[2]) = $result;
|
||||
|
||||
$temp = $primes[1]->subtract($one);
|
||||
$exponents = [1 => $publicExponent->modInverse($temp)];
|
||||
$temp = $primes[2]->subtract($one);
|
||||
$exponents[] = $publicExponent->modInverse($temp);
|
||||
|
||||
return compact('publicExponent', 'modulus', 'privateExponent', 'primes', 'coefficients', 'exponents', 'comment', 'isPublicKey');
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a private key to the appropriate format.
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $n
|
||||
* @param \phpseclib\Math\BigInteger $e
|
||||
* @param \phpseclib\Math\BigInteger $d
|
||||
* @param array $primes
|
||||
* @param array $exponents
|
||||
* @param array $coefficients
|
||||
* @param string $password optional
|
||||
* @return string
|
||||
*/
|
||||
public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, $primes, $exponents, $coefficients, $password = '')
|
||||
{
|
||||
if (count($primes) != 2) {
|
||||
throw new \InvalidArgumentException('PuTTY does not support multi-prime RSA keys');
|
||||
}
|
||||
|
||||
$public = Strings::packSSH2('ii', $e, $n);
|
||||
$private = Strings::packSSH2('iiii', $d, $primes[1], $primes[2], $coefficients[2]);
|
||||
|
||||
return self::wrapPrivateKey($public, $private, $password);
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a public key to the appropriate format
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $n
|
||||
* @param \phpseclib\Math\BigInteger $e
|
||||
* @return string
|
||||
*/
|
||||
public static function savePublicKey(BigInteger $n, BigInteger $e)
|
||||
{
|
||||
return self::wrapPublicKey(Strings::packSSH2($e, $n));
|
||||
}
|
||||
}
|
@ -23,7 +23,7 @@
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\RSA;
|
||||
namespace phpseclib\Crypt\RSA\Keys;
|
||||
|
||||
use phpseclib\Math\BigInteger;
|
||||
|
@ -18,7 +18,7 @@
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\RSA;
|
||||
namespace phpseclib\Crypt\RSA\Keys;
|
||||
|
||||
use ParagonIE\ConstantTime\Base64;
|
||||
use phpseclib\Math\BigInteger;
|
||||
@ -116,7 +116,7 @@ abstract class XML
|
||||
public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, $primes, $exponents, $coefficients, $password = '')
|
||||
{
|
||||
if (count($primes) != 2) {
|
||||
return false;
|
||||
throw new \InvalidArgumentException('XML does not support multi-prime RSA keys');
|
||||
}
|
||||
return "<RSAKeyValue>\r\n" .
|
||||
' <Modulus>' . Base64::encode($n->toBytes()) . "</Modulus>\r\n" .
|
@ -1,126 +0,0 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* OpenSSH Formatted RSA Key Handler
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* Place in $HOME/.ssh/authorized_keys
|
||||
*
|
||||
* @category Crypt
|
||||
* @package RSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2015 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\RSA;
|
||||
|
||||
use ParagonIE\ConstantTime\Base64;
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Common\Functions\Strings;
|
||||
|
||||
/**
|
||||
* OpenSSH Formatted RSA Key Handler
|
||||
*
|
||||
* @package RSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class OpenSSH
|
||||
{
|
||||
/**
|
||||
* Default comment
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
private static $comment = 'phpseclib-generated-key';
|
||||
|
||||
/**
|
||||
* Sets the default comment
|
||||
*
|
||||
* @access public
|
||||
* @param string $comment
|
||||
*/
|
||||
public static function setComment($comment)
|
||||
{
|
||||
self::$comment = str_replace(["\r", "\n"], '', $comment);
|
||||
}
|
||||
|
||||
/**
|
||||
* Break a public or private key down into its constituent components
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
if (!is_string($key)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$parts = explode(' ', $key, 3);
|
||||
|
||||
$key = isset($parts[1]) ? Base64::decode($parts[1]) : Base64::decode($parts[0]);
|
||||
if ($key === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$comment = isset($parts[2]) ? $parts[2] : false;
|
||||
|
||||
if (substr($key, 0, 11) != "\0\0\0\7ssh-rsa") {
|
||||
return false;
|
||||
}
|
||||
Strings::shift($key, 11);
|
||||
if (strlen($key) <= 4) {
|
||||
return false;
|
||||
}
|
||||
extract(unpack('Nlength', Strings::shift($key, 4)));
|
||||
if (strlen($key) <= $length) {
|
||||
return false;
|
||||
}
|
||||
$publicExponent = new BigInteger(Strings::shift($key, $length), -256);
|
||||
if (strlen($key) <= 4) {
|
||||
return false;
|
||||
}
|
||||
extract(unpack('Nlength', Strings::shift($key, 4)));
|
||||
if (strlen($key) != $length) {
|
||||
return false;
|
||||
}
|
||||
$modulus = new BigInteger(Strings::shift($key, $length), -256);
|
||||
|
||||
return [
|
||||
'isPublicKey' => true,
|
||||
'modulus' => $modulus,
|
||||
'publicExponent' => $publicExponent,
|
||||
'comment' => $comment
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a public key to the appropriate format
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $n
|
||||
* @param \phpseclib\Math\BigInteger $e
|
||||
* @return string
|
||||
*/
|
||||
public static function savePublicKey(BigInteger $n, BigInteger $e)
|
||||
{
|
||||
$publicExponent = $e->toBytes(true);
|
||||
$modulus = $n->toBytes(true);
|
||||
|
||||
// from <http://tools.ietf.org/html/rfc4253#page-15>:
|
||||
// string "ssh-rsa"
|
||||
// mpint e
|
||||
// mpint n
|
||||
$RSAPublicKey = pack('Na*Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($publicExponent), $publicExponent, strlen($modulus), $modulus);
|
||||
$RSAPublicKey = 'ssh-rsa ' . Base64::encode($RSAPublicKey) . ' ' . self::$comment;
|
||||
|
||||
return $RSAPublicKey;
|
||||
}
|
||||
}
|
@ -1,295 +0,0 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* PuTTY Formatted RSA Key Handler
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category Crypt
|
||||
* @package RSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2015 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\Crypt\RSA;
|
||||
|
||||
use ParagonIE\ConstantTime\Base64;
|
||||
use ParagonIE\ConstantTime\Hex;
|
||||
use phpseclib\Crypt\AES;
|
||||
use phpseclib\Crypt\Hash;
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Common\Functions\Strings;
|
||||
|
||||
/**
|
||||
* PuTTY Formatted RSA Key Handler
|
||||
*
|
||||
* @package RSA
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class PuTTY
|
||||
{
|
||||
/**
|
||||
* Default comment
|
||||
*
|
||||
* @var string
|
||||
* @access private
|
||||
*/
|
||||
private static $comment = 'phpseclib-generated-key';
|
||||
|
||||
/**
|
||||
* Sets the default comment
|
||||
*
|
||||
* @access public
|
||||
* @param string $comment
|
||||
*/
|
||||
public static function setComment($comment)
|
||||
{
|
||||
self::$comment = str_replace(["\r", "\n"], '', $comment);
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate a symmetric key for PuTTY keys
|
||||
*
|
||||
* @access public
|
||||
* @param string $password
|
||||
* @param string $iv
|
||||
* @param int $length
|
||||
* @return string
|
||||
*/
|
||||
public static function generateSymmetricKey($password, $length)
|
||||
{
|
||||
$symkey = '';
|
||||
$sequence = 0;
|
||||
while (strlen($symkey) < $length) {
|
||||
$temp = pack('Na*', $sequence++, $password);
|
||||
$symkey.= Hex::decode(sha1($temp));
|
||||
}
|
||||
return substr($symkey, 0, $length);
|
||||
}
|
||||
|
||||
/**
|
||||
* Break a public or private key down into its constituent components
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
if (!is_string($key)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
static $one;
|
||||
if (!isset($one)) {
|
||||
$one = new BigInteger(1);
|
||||
}
|
||||
|
||||
if (strpos($key, 'BEGIN SSH2 PUBLIC KEY')) {
|
||||
$data = preg_split('#[\r\n]+#', $key);
|
||||
$data = array_splice($data, 2, -1);
|
||||
$data = implode('', $data);
|
||||
|
||||
$components = OpenSSH::load($data);
|
||||
if ($components === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!preg_match('#Comment: "(.+)"#', $key, $matches)) {
|
||||
return false;
|
||||
}
|
||||
$components['comment'] = str_replace(['\\\\', '\"'], ['\\', '"'], $matches[1]);
|
||||
|
||||
return $components;
|
||||
}
|
||||
|
||||
$components = ['isPublicKey' => false];
|
||||
$key = preg_split('#\r\n|\r|\n#', $key);
|
||||
$type = trim(preg_replace('#PuTTY-User-Key-File-2: (.+)#', '$1', $key[0]));
|
||||
if ($type != 'ssh-rsa') {
|
||||
return false;
|
||||
}
|
||||
$encryption = trim(preg_replace('#Encryption: (.+)#', '$1', $key[1]));
|
||||
$components['comment'] = trim(preg_replace('#Comment: (.+)#', '$1', $key[2]));
|
||||
|
||||
$publicLength = trim(preg_replace('#Public-Lines: (\d+)#', '$1', $key[3]));
|
||||
$public = Base64::decode(implode('', array_map('trim', array_slice($key, 4, $publicLength))));
|
||||
$public = substr($public, 11);
|
||||
extract(unpack('Nlength', Strings::shift($public, 4)));
|
||||
$components['publicExponent'] = new BigInteger(Strings::shift($public, $length), -256);
|
||||
extract(unpack('Nlength', Strings::shift($public, 4)));
|
||||
$components['modulus'] = new BigInteger(Strings::shift($public, $length), -256);
|
||||
|
||||
$privateLength = trim(preg_replace('#Private-Lines: (\d+)#', '$1', $key[$publicLength + 4]));
|
||||
$private = Base64::decode(implode('', array_map('trim', array_slice($key, $publicLength + 5, $privateLength))));
|
||||
|
||||
switch ($encryption) {
|
||||
case 'aes256-cbc':
|
||||
$symkey = static::generateSymmetricKey($password, 32);
|
||||
$crypto = new AES(AES::MODE_CBC);
|
||||
}
|
||||
|
||||
if ($encryption != 'none') {
|
||||
$crypto->setKey($symkey);
|
||||
$crypto->setIV(str_repeat("\0", $crypto->getBlockLength() >> 3));
|
||||
$crypto->disablePadding();
|
||||
$private = $crypto->decrypt($private);
|
||||
}
|
||||
|
||||
extract(unpack('Nlength', Strings::shift($private, 4)));
|
||||
if (strlen($private) < $length) {
|
||||
return false;
|
||||
}
|
||||
$components['privateExponent'] = new BigInteger(Strings::shift($private, $length), -256);
|
||||
extract(unpack('Nlength', Strings::shift($private, 4)));
|
||||
if (strlen($private) < $length) {
|
||||
return false;
|
||||
}
|
||||
$components['primes'] = [1 => new BigInteger(Strings::shift($private, $length), -256)];
|
||||
extract(unpack('Nlength', Strings::shift($private, 4)));
|
||||
if (strlen($private) < $length) {
|
||||
return false;
|
||||
}
|
||||
$components['primes'][] = new BigInteger(Strings::shift($private, $length), -256);
|
||||
|
||||
$temp = $components['primes'][1]->subtract($one);
|
||||
$components['exponents'] = [1 => $components['publicExponent']->modInverse($temp)];
|
||||
$temp = $components['primes'][2]->subtract($one);
|
||||
$components['exponents'][] = $components['publicExponent']->modInverse($temp);
|
||||
|
||||
extract(unpack('Nlength', Strings::shift($private, 4)));
|
||||
if (strlen($private) < $length) {
|
||||
return false;
|
||||
}
|
||||
$components['coefficients'] = [2 => new BigInteger(Strings::shift($private, $length), -256)];
|
||||
|
||||
return $components;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a private key to the appropriate format.
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $n
|
||||
* @param \phpseclib\Math\BigInteger $e
|
||||
* @param \phpseclib\Math\BigInteger $d
|
||||
* @param array $primes
|
||||
* @param array $exponents
|
||||
* @param array $coefficients
|
||||
* @param string $password optional
|
||||
* @return string
|
||||
*/
|
||||
public static function savePrivateKey(BigInteger $n, BigInteger $e, BigInteger $d, $primes, $exponents, $coefficients, $password = '')
|
||||
{
|
||||
if (count($primes) != 2) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$raw = [
|
||||
'modulus' => $n->toBytes(true),
|
||||
'publicExponent' => $e->toBytes(true),
|
||||
'privateExponent' => $d->toBytes(true),
|
||||
'prime1' => $primes[1]->toBytes(true),
|
||||
'prime2' => $primes[2]->toBytes(true),
|
||||
'exponent1' => $exponents[1]->toBytes(true),
|
||||
'exponent2' => $exponents[2]->toBytes(true),
|
||||
'coefficient' => $coefficients[2]->toBytes(true)
|
||||
];
|
||||
|
||||
$key = "PuTTY-User-Key-File-2: ssh-rsa\r\nEncryption: ";
|
||||
$encryption = (!empty($password) || is_string($password)) ? 'aes256-cbc' : 'none';
|
||||
$key.= $encryption;
|
||||
$key.= "\r\nComment: " . self::$comment . "\r\n";
|
||||
$public = pack(
|
||||
'Na*Na*Na*',
|
||||
strlen('ssh-rsa'),
|
||||
'ssh-rsa',
|
||||
strlen($raw['publicExponent']),
|
||||
$raw['publicExponent'],
|
||||
strlen($raw['modulus']),
|
||||
$raw['modulus']
|
||||
);
|
||||
$source = pack(
|
||||
'Na*Na*Na*Na*',
|
||||
strlen('ssh-rsa'),
|
||||
'ssh-rsa',
|
||||
strlen($encryption),
|
||||
$encryption,
|
||||
strlen(self::$comment),
|
||||
self::$comment,
|
||||
strlen($public),
|
||||
$public
|
||||
);
|
||||
$public = Base64::encode($public);
|
||||
$key.= "Public-Lines: " . ((strlen($public) + 63) >> 6) . "\r\n";
|
||||
$key.= chunk_split($public, 64);
|
||||
$private = pack(
|
||||
'Na*Na*Na*Na*',
|
||||
strlen($raw['privateExponent']),
|
||||
$raw['privateExponent'],
|
||||
strlen($raw['prime1']),
|
||||
$raw['prime1'],
|
||||
strlen($raw['prime2']),
|
||||
$raw['prime2'],
|
||||
strlen($raw['coefficient']),
|
||||
$raw['coefficient']
|
||||
);
|
||||
if (empty($password) && !is_string($password)) {
|
||||
$source.= pack('Na*', strlen($private), $private);
|
||||
$hashkey = 'putty-private-key-file-mac-key';
|
||||
} else {
|
||||
$private.= Random::string(16 - (strlen($private) & 15));
|
||||
$source.= pack('Na*', strlen($private), $private);
|
||||
$crypto = new AES();
|
||||
|
||||
$crypto->setKey(static::generateSymmetricKey($password, 32));
|
||||
$crypto->setIV(str_repeat("\0", $crypto->getBlockLength() >> 3));
|
||||
$crypto->disablePadding();
|
||||
$private = $crypto->encrypt($private);
|
||||
$hashkey = 'putty-private-key-file-mac-key' . $password;
|
||||
}
|
||||
|
||||
$private = Base64::encode($private);
|
||||
$key.= 'Private-Lines: ' . ((strlen($private) + 63) >> 6) . "\r\n";
|
||||
$key.= chunk_split($private, 64);
|
||||
$hash = new Hash('sha1');
|
||||
$hash->setKey(sha1($hashkey, true));
|
||||
$key.= 'Private-MAC: ' . Hex::encode($hash->hash($source)) . "\r\n";
|
||||
|
||||
return $key;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a public key to the appropriate format
|
||||
*
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $n
|
||||
* @param \phpseclib\Math\BigInteger $e
|
||||
* @return string
|
||||
*/
|
||||
public static function savePublicKey(BigInteger $n, BigInteger $e)
|
||||
{
|
||||
$n = $n->toBytes(true);
|
||||
$e = $e->toBytes(true);
|
||||
|
||||
$key = pack(
|
||||
'Na*Na*Na*',
|
||||
strlen('ssh-rsa'),
|
||||
'ssh-rsa',
|
||||
strlen($e),
|
||||
$e,
|
||||
strlen($n),
|
||||
$n
|
||||
);
|
||||
$key = "---- BEGIN SSH2 PUBLIC KEY ----\r\n" .
|
||||
'Comment: "' . str_replace(['\\', '"'], ['\\\\', '\"'], self::$comment) . "\"\r\n" .
|
||||
chunk_split(Base64::encode($key), 64) .
|
||||
'---- END SSH2 PUBLIC KEY ----';
|
||||
|
||||
return $key;
|
||||
}
|
||||
}
|
37
phpseclib/File/ASN1/Maps/DSAParams.php
Normal file
37
phpseclib/File/ASN1/Maps/DSAParams.php
Normal file
@ -0,0 +1,37 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* DSAParams
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category File
|
||||
* @package ASN1
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2016 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\File\ASN1\Maps;
|
||||
|
||||
use phpseclib\File\ASN1;
|
||||
|
||||
/**
|
||||
* DSAParams
|
||||
*
|
||||
* @package ASN1
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class DSAParams
|
||||
{
|
||||
const MAP = [
|
||||
'type' => ASN1::TYPE_SEQUENCE,
|
||||
'children' => [
|
||||
'p' => ['type' => ASN1::TYPE_INTEGER],
|
||||
'q' => ['type' => ASN1::TYPE_INTEGER],
|
||||
'g' => ['type' => ASN1::TYPE_INTEGER]
|
||||
]
|
||||
];
|
||||
}
|
40
phpseclib/File/ASN1/Maps/DSAPrivateKey.php
Normal file
40
phpseclib/File/ASN1/Maps/DSAPrivateKey.php
Normal file
@ -0,0 +1,40 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* DSAPrivateKey
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category File
|
||||
* @package ASN1
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2016 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\File\ASN1\Maps;
|
||||
|
||||
use phpseclib\File\ASN1;
|
||||
|
||||
/**
|
||||
* DSAPrivateKey
|
||||
*
|
||||
* @package ASN1
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class DSAPrivateKey
|
||||
{
|
||||
const MAP = [
|
||||
'type' => ASN1::TYPE_SEQUENCE,
|
||||
'children' => [
|
||||
'version' => ['type' => ASN1::TYPE_INTEGER],
|
||||
'p' => ['type' => ASN1::TYPE_INTEGER],
|
||||
'q' => ['type' => ASN1::TYPE_INTEGER],
|
||||
'g' => ['type' => ASN1::TYPE_INTEGER],
|
||||
'y' => ['type' => ASN1::TYPE_INTEGER],
|
||||
'x' => ['type' => ASN1::TYPE_INTEGER]
|
||||
]
|
||||
];
|
||||
}
|
30
phpseclib/File/ASN1/Maps/DSAPublicKey.php
Normal file
30
phpseclib/File/ASN1/Maps/DSAPublicKey.php
Normal file
@ -0,0 +1,30 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* DSAPublicKey
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category File
|
||||
* @package ASN1
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2016 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\File\ASN1\Maps;
|
||||
|
||||
use phpseclib\File\ASN1;
|
||||
|
||||
/**
|
||||
* DSAPublicKey
|
||||
*
|
||||
* @package ASN1
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class DSAPublicKey
|
||||
{
|
||||
const MAP = ['type' => ASN1::TYPE_INTEGER];
|
||||
}
|
36
phpseclib/File/ASN1/Maps/DssSigValue.php
Normal file
36
phpseclib/File/ASN1/Maps/DssSigValue.php
Normal file
@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* DssSigValue
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category File
|
||||
* @package ASN1
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2016 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\File\ASN1\Maps;
|
||||
|
||||
use phpseclib\File\ASN1;
|
||||
|
||||
/**
|
||||
* DssSigValue
|
||||
*
|
||||
* @package ASN1
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class DssSigValue
|
||||
{
|
||||
const MAP = [
|
||||
'type' => ASN1::TYPE_SEQUENCE,
|
||||
'children' => [
|
||||
'r' => ['type' => ASN1::TYPE_INTEGER],
|
||||
's' => ['type' => ASN1::TYPE_INTEGER]
|
||||
]
|
||||
];
|
||||
}
|
@ -26,7 +26,6 @@ use phpseclib\File\ASN1;
|
||||
*/
|
||||
abstract class RSAPublicKey
|
||||
{
|
||||
// version must be multi if otherPrimeInfos present
|
||||
const MAP = [
|
||||
'type' => ASN1::TYPE_SEQUENCE,
|
||||
'children' => [
|
||||
|
@ -3867,4 +3867,17 @@ class BigInteger
|
||||
{
|
||||
return strlen($this->toBytes());
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests BigInteger to see if it is between two integers, inclusive
|
||||
*
|
||||
* @param \phpseclib\Math\BigInteger $min
|
||||
* @param \phpseclib\Math\BigInteger $max
|
||||
* @access public
|
||||
* @return boolean
|
||||
*/
|
||||
function between(BigInteger $min, BigInteger $max)
|
||||
{
|
||||
return $this->compare($min) >= 0 && $this->compare($max) <= 0;
|
||||
}
|
||||
}
|
||||
|
50
tests/Unit/Crypt/DSA/CreateKeyTest.php
Normal file
50
tests/Unit/Crypt/DSA/CreateKeyTest.php
Normal file
@ -0,0 +1,50 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2015 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
*/
|
||||
|
||||
use phpseclib\Crypt\DSA;
|
||||
|
||||
/**
|
||||
* @requires PHP 7.0
|
||||
*/
|
||||
class Unit_Crypt_DSA_CreateKeyTest extends PhpseclibTestCase
|
||||
{
|
||||
public function testCreateParameters()
|
||||
{
|
||||
$dsa = DSA::createParameters();
|
||||
$this->assertInstanceOf('\phpseclib\Crypt\DSA', $dsa);
|
||||
$this->assertRegexp('#BEGIN DSA PARAMETERS#', "$dsa");
|
||||
|
||||
$dsa = DSA::createParameters(100, 100);
|
||||
$this->assertFalse($dsa);
|
||||
|
||||
$dsa = DSA::createParameters(512, 160);
|
||||
$this->assertInstanceOf('\phpseclib\Crypt\DSA', $dsa);
|
||||
$this->assertRegexp('#BEGIN DSA PARAMETERS#', "$dsa");
|
||||
|
||||
return $dsa;
|
||||
}
|
||||
|
||||
/**
|
||||
* @depends testCreateParameters
|
||||
*/
|
||||
public function testCreateKey($params)
|
||||
{
|
||||
extract(DSA::createKey());
|
||||
$this->assertInstanceOf('\phpseclib\Crypt\DSA', $privatekey);
|
||||
$this->assertInstanceOf('\phpseclib\Crypt\DSA', $publickey);
|
||||
|
||||
extract(DSA::createKey($params));
|
||||
$this->assertInstanceOf('\phpseclib\Crypt\DSA', $privatekey);
|
||||
$this->assertInstanceOf('\phpseclib\Crypt\DSA', $publickey);
|
||||
|
||||
extract(DSA::createKey(512, 160));
|
||||
$this->assertInstanceOf('\phpseclib\Crypt\DSA', $privatekey);
|
||||
$this->assertInstanceOf('\phpseclib\Crypt\DSA', $publickey);
|
||||
}
|
||||
}
|
||||
|
233
tests/Unit/Crypt/DSA/LoadKeyTest.php
Normal file
233
tests/Unit/Crypt/DSA/LoadKeyTest.php
Normal file
@ -0,0 +1,233 @@
|
||||
<?php
|
||||
/**
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2013 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
*/
|
||||
|
||||
use phpseclib\Crypt\DSA;
|
||||
use phpseclib\Crypt\DSA\Keys\PKCS1;
|
||||
use phpseclib\Crypt\DSA\Keys\PKCS8;
|
||||
use phpseclib\Crypt\DSA\Keys\PuTTY;
|
||||
use phpseclib\Math\BigInteger;
|
||||
|
||||
class Unit_Crypt_DSA_LoadKeyTest extends PhpseclibTestCase
|
||||
{
|
||||
public function testBadKey()
|
||||
{
|
||||
$dsa = new DSA();
|
||||
|
||||
$key = 'zzzzzzzzzzzzzz';
|
||||
|
||||
$this->assertFalse($dsa->load($key));
|
||||
}
|
||||
public function testPuTTYKey()
|
||||
{
|
||||
$dsa = new DSA();
|
||||
|
||||
$key = 'PuTTY-User-Key-File-2: ssh-dss
|
||||
Encryption: none
|
||||
Comment: dsa-key-20161223
|
||||
Public-Lines: 18
|
||||
AAAAB3NzaC1kc3MAAAEBAIsH1A8S7goEEneW6D/zJXh1zypZRlKlw7vNaJ7yXi9v
|
||||
qUkKnTSXK9lR4/nYy4SVTcVApY0sEU2RSDridLTy40ZeMPArH+sxR7lCSZ2AuNq9
|
||||
sQxu6VtYg1LKGekKYWC+r4TrZoTz2PUyrUd6sYBsYIX4ozbH2ITgYmYL9ONCrLbt
|
||||
4KsKO2EUE3xN3RHv8CkAp5BraCMw5z4vC43t0bcW63RN2mEvqWOqBFx5qe7uck4j
|
||||
pH7AvLyvwEye7t5KwJ8P1SMN72u4AWqyXqzLK3Ye0B7hQSFnbz0od4ps3EN+Irsu
|
||||
Kf20nkGgHKYJwenpIQwHz3xhBhtgiYCdQXb3ril1kd8AAAAVAJmhajsmmqwQqNkd
|
||||
k4JSJ/Y1SE11AAABADYHKKmAZ0OvCZ58m5CGPfuoX4h4nc5L0p3e0Sozcc9cJ5h3
|
||||
PvD18ggAf4cLoTpxETnXTFg+30shpKbr2WsE0Jrswe6V2bMaP7Hil6q3WWahLZx6
|
||||
9bEClnYCTlJkungzFjJmW+M7yd8xBHCBM6r83FKlLJjolJhHDL5DqX/uHP/9H0sl
|
||||
wncwALro1jTo3JU5oRdzMuLWf9P2MB7sEsoeWk2BOiil1BtKnItuObJgXUCCuaWB
|
||||
dPJyk4ZVMZZqr+vCnjocRrlQUwlMUG73Ze6KJKM1OgOKMt4PwaqD9oUaKq/gc+Eb
|
||||
UtCwVR6TEeIEkmazguvbAb6dSJ18TMZ07H6DJngAAAEAYE/7gKVb8P23zYzcfYOv
|
||||
3zG713/i/LAJ+dW3lQupyWkUnE8wDIht7DwKgcA/Vs73jG7SlqPjcMrNzBHjQE+y
|
||||
FVCP4xO+wDsh2wZ+KVppVkMljfGpp/0mQ0mQbrmTkaCNZc0ogXwtaI4r7Su2cCq0
|
||||
HMwrFJFFXXLaTZY49+lkrtP6q8WFOYJGK3WnrWvXyOe9Xnh2o8E1dQJ0RnshdOft
|
||||
j1KZ4JhOHnGKoz8+sKuchGVhs5VaMbJUur3cC8INaeKvtrEpwW/Ety5iy1iPyps9
|
||||
S9PlwN0KyVFGWdP2B4Gyj85IXCm3r+JNVoV5tVX9IUBTXnUor7YfWNncwWn56Lc+
|
||||
RQ==
|
||||
Private-Lines: 1
|
||||
AAAAFFMy7BG9rPXwzqZzIY/lqsHEILNf
|
||||
Private-MAC: 62b92ddd8b341b9414d640c24ba6ae929a78e039
|
||||
';
|
||||
|
||||
$dsa->setPrivateKeyFormat('PuTTY');
|
||||
$dsa->setPublicKeyFormat('PuTTY');
|
||||
|
||||
$this->assertTrue($dsa->load($key));
|
||||
$this->assertInternalType('string', "$dsa");
|
||||
$this->assertSame("$dsa", $dsa->getPrivateKey('PuTTY'));
|
||||
$this->assertInternalType('string', $dsa->getPublicKey('PuTTY'));
|
||||
$this->assertInternalType('string', $dsa->getParameters());
|
||||
|
||||
$dsa->setPassword('password');
|
||||
$this->assertGreaterThan(0, strlen("$dsa"));
|
||||
}
|
||||
|
||||
public function testPKCS1Key()
|
||||
{
|
||||
$dsa = new DSA();
|
||||
|
||||
$key = '-----BEGIN DSA PRIVATE KEY-----
|
||||
MIIDPQIBAAKCAQEAiwfUDxLuCgQSd5boP/MleHXPKllGUqXDu81onvJeL2+pSQqd
|
||||
NJcr2VHj+djLhJVNxUCljSwRTZFIOuJ0tPLjRl4w8Csf6zFHuUJJnYC42r2xDG7p
|
||||
W1iDUsoZ6QphYL6vhOtmhPPY9TKtR3qxgGxghfijNsfYhOBiZgv040Kstu3gqwo7
|
||||
YRQTfE3dEe/wKQCnkGtoIzDnPi8Lje3RtxbrdE3aYS+pY6oEXHmp7u5yTiOkfsC8
|
||||
vK/ATJ7u3krAnw/VIw3va7gBarJerMsrdh7QHuFBIWdvPSh3imzcQ34iuy4p/bSe
|
||||
QaAcpgnB6ekhDAfPfGEGG2CJgJ1BdveuKXWR3wIVAJmhajsmmqwQqNkdk4JSJ/Y1
|
||||
SE11AoIBADYHKKmAZ0OvCZ58m5CGPfuoX4h4nc5L0p3e0Sozcc9cJ5h3PvD18ggA
|
||||
f4cLoTpxETnXTFg+30shpKbr2WsE0Jrswe6V2bMaP7Hil6q3WWahLZx69bEClnYC
|
||||
TlJkungzFjJmW+M7yd8xBHCBM6r83FKlLJjolJhHDL5DqX/uHP/9H0slwncwALro
|
||||
1jTo3JU5oRdzMuLWf9P2MB7sEsoeWk2BOiil1BtKnItuObJgXUCCuaWBdPJyk4ZV
|
||||
MZZqr+vCnjocRrlQUwlMUG73Ze6KJKM1OgOKMt4PwaqD9oUaKq/gc+EbUtCwVR6T
|
||||
EeIEkmazguvbAb6dSJ18TMZ07H6DJngCggEAYE/7gKVb8P23zYzcfYOv3zG713/i
|
||||
/LAJ+dW3lQupyWkUnE8wDIht7DwKgcA/Vs73jG7SlqPjcMrNzBHjQE+yFVCP4xO+
|
||||
wDsh2wZ+KVppVkMljfGpp/0mQ0mQbrmTkaCNZc0ogXwtaI4r7Su2cCq0HMwrFJFF
|
||||
XXLaTZY49+lkrtP6q8WFOYJGK3WnrWvXyOe9Xnh2o8E1dQJ0RnshdOftj1KZ4JhO
|
||||
HnGKoz8+sKuchGVhs5VaMbJUur3cC8INaeKvtrEpwW/Ety5iy1iPyps9S9PlwN0K
|
||||
yVFGWdP2B4Gyj85IXCm3r+JNVoV5tVX9IUBTXnUor7YfWNncwWn56Lc+RQIUUzLs
|
||||
Eb2s9fDOpnMhj+WqwcQgs18=
|
||||
-----END DSA PRIVATE KEY-----';
|
||||
|
||||
$dsa->setPrivateKeyFormat('PKCS1');
|
||||
$dsa->setPublicKeyFormat('PKCS1');
|
||||
|
||||
$this->assertTrue($dsa->load($key));
|
||||
$this->assertInternalType('string', "$dsa");
|
||||
$this->assertSame("$dsa", $dsa->getPrivateKey('PKCS1'));
|
||||
$this->assertInternalType('string', $dsa->getPublicKey('PKCS1'));
|
||||
$this->assertInternalType('string', $dsa->getParameters());
|
||||
}
|
||||
|
||||
public function testParameters()
|
||||
{
|
||||
$dsa = new DSA();
|
||||
|
||||
$key = '-----BEGIN DSA PARAMETERS-----
|
||||
MIIBHgKBgQDandMycPZNOEwDXpIDSdFODWOQVO5tlnt38wK0X33TJh4wQdqOSiVF
|
||||
I+g+X8reP43ag3TEHu5bstrk6Znm7y1htTTvXQVTEwp6X3YHXbJG4Faul3g08Vud
|
||||
3gzV841wToVCMUinl0EOxMYP/CO9/Kvf66KACtqWITzJYBpwAeUKfwIVAM8e3xO8
|
||||
aityXVRiQRWeZtOI1yq9AoGAbmA+RzIZrtPx1mC5KzrpwgwgNHbbQBT83qeNKjEh
|
||||
N+S6A47iI5OVvpxd/ZwjdXoYo7D6RxR+3LNcT64DyYrBEZuzQzHeifaO6lBvDSNf
|
||||
L1cwyXx0KMaaampd34MzOIHbC44SHY+cE3aVVUsnmt6Ur1nQaVYVszl+AO6m8bPm
|
||||
4Vg=
|
||||
-----END DSA PARAMETERS-----';
|
||||
$key = str_replace(["\n", "\r"], '', $key);
|
||||
|
||||
$this->assertTrue($dsa->load($key));
|
||||
$this->assertSame($key, str_replace(["\n", "\r"], '', "$dsa"));
|
||||
$this->assertSame($key, str_replace(["\n", "\r"], '', $dsa->getParameters()));
|
||||
}
|
||||
|
||||
public function testPKCS8Public()
|
||||
{
|
||||
$dsa = new DSA();
|
||||
|
||||
$key = '-----BEGIN PUBLIC KEY-----
|
||||
MIIBtjCCASsGByqGSM44BAEwggEeAoGBANqd0zJw9k04TANekgNJ0U4NY5BU7m2W
|
||||
e3fzArRffdMmHjBB2o5KJUUj6D5fyt4/jdqDdMQe7luy2uTpmebvLWG1NO9dBVMT
|
||||
CnpfdgddskbgVq6XeDTxW53eDNXzjXBOhUIxSKeXQQ7Exg/8I738q9/rooAK2pYh
|
||||
PMlgGnAB5Qp/AhUAzx7fE7xqK3JdVGJBFZ5m04jXKr0CgYBuYD5HMhmu0/HWYLkr
|
||||
OunCDCA0dttAFPzep40qMSE35LoDjuIjk5W+nF39nCN1ehijsPpHFH7cs1xPrgPJ
|
||||
isERm7NDMd6J9o7qUG8NI18vVzDJfHQoxppqal3fgzM4gdsLjhIdj5wTdpVVSyea
|
||||
3pSvWdBpVhWzOX4A7qbxs+bhWAOBhAACgYBTpSKcKoVKw+hglVClqvqQdNKGC4a+
|
||||
XC4lOh2221ZrTgy/sN92vT7cdBn4ydHoth6/bD236L/FYfiX4S4mOczPhrv/l/2u
|
||||
ZpmyOpXM/0opRMIRdmqVW4ardBFNokmlqngwcbaptfRnk9W2cQtx0lmKy6X/vnis
|
||||
3AElwP86TYgBhw==
|
||||
-----END PUBLIC KEY-----';
|
||||
|
||||
$this->assertTrue($dsa->load($key));
|
||||
$this->assertInternalType('string', "$dsa");
|
||||
}
|
||||
|
||||
public function testPKCS8Private()
|
||||
{
|
||||
$dsa = new DSA();
|
||||
|
||||
$key = '-----BEGIN PRIVATE KEY-----
|
||||
MIIBSgIBADCCASsGByqGSM44BAEwggEeAoGBANqd0zJw9k04TANekgNJ0U4NY5BU
|
||||
7m2We3fzArRffdMmHjBB2o5KJUUj6D5fyt4/jdqDdMQe7luy2uTpmebvLWG1NO9d
|
||||
BVMTCnpfdgddskbgVq6XeDTxW53eDNXzjXBOhUIxSKeXQQ7Exg/8I738q9/rooAK
|
||||
2pYhPMlgGnAB5Qp/AhUAzx7fE7xqK3JdVGJBFZ5m04jXKr0CgYBuYD5HMhmu0/HW
|
||||
YLkrOunCDCA0dttAFPzep40qMSE35LoDjuIjk5W+nF39nCN1ehijsPpHFH7cs1xP
|
||||
rgPJisERm7NDMd6J9o7qUG8NI18vVzDJfHQoxppqal3fgzM4gdsLjhIdj5wTdpVV
|
||||
Syea3pSvWdBpVhWzOX4A7qbxs+bhWAQWAhQiF7sFfCtZ7oOgCb2aJ9ySC9sTug==
|
||||
-----END PRIVATE KEY-----';
|
||||
|
||||
$this->assertTrue($dsa->load($key));
|
||||
$this->assertInternalType('string', "$dsa");
|
||||
$this->assertSame("$dsa", $dsa->getPrivateKey());
|
||||
$this->assertInternalType('string', $dsa->getPublicKey());
|
||||
$this->assertInternalType('string', $dsa->getParameters());
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \UnexpectedValueException
|
||||
*/
|
||||
public function testPuTTYBadMAC()
|
||||
{
|
||||
$dsa = new DSA();
|
||||
|
||||
$key = 'PuTTY-User-Key-File-2: ssh-dss
|
||||
Encryption: none
|
||||
Comment: dsa-key-20161223
|
||||
Public-Lines: 18
|
||||
AAAAB3NzaC1kc3MAAAEBAIsH1A8S7goEEneW6D/zJXh1zypZRlKlw7vNaJ7yXi9v
|
||||
qUkKnTSXK9lR4/nYy4SVTcVApY0sEU2RSDridLTy40ZeMPArH+sxR7lCSZ2AuNq9
|
||||
sQxu6VtYg1LKGekKYWC+r4TrZoTz2PUyrUd6sYBsYIX4ozbH2ITgYmYL9ONCrLbt
|
||||
4KsKO2EUE3xN3RHv8CkAp5BraCMw5z4vC43t0bcW63RN2mEvqWOqBFx5qe7uck4j
|
||||
pH7AvLyvwEye7t5KwJ8P1SMN72u4AWqyXqzLK3Ye0B7hQSFnbz0od4ps3EN+Irsu
|
||||
Kf20nkGgHKYJwenpIQwHz3xhBhtgiYCdQXb3ril1kd8AAAAVAJmhajsmmqwQqNkd
|
||||
k4JSJ/Y1SE11AAABADYHKKmAZ0OvCZ58m5CGPfuoX4h4nc5L0p3e0Sozcc9cJ5h3
|
||||
PvD18ggAf4cLoTpxETnXTFg+30shpKbr2WsE0Jrswe6V2bMaP7Hil6q3WWahLZx6
|
||||
9bEClnYCTlJkungzFjJmW+M7yd8xBHCBM6r83FKlLJjolJhHDL5DqX/uHP/9H0sl
|
||||
wncwALro1jTo3JU5oRdzMuLWf9P2MB7sEsoeWk2BOiil1BtKnItuObJgXUCCuaWB
|
||||
dPJyk4ZVMZZqr+vCnjocRrlQUwlMUG73Ze6KJKM1OgOKMt4PwaqD9oUaKq/gc+Eb
|
||||
UtCwVR6TEeIEkmazguvbAb6dSJ18TMZ07H6DJngAAAEAYE/7gKVb8P23zYzcfYOv
|
||||
3zG713/i/LAJ+dW3lQupyWkUnE8wDIht7DwKgcA/Vs73jG7SlqPjcMrNzBHjQE+y
|
||||
FVCP4xO+wDsh2wZ+KVppVkMljfGpp/0mQ0mQbrmTkaCNZc0ogXwtaI4r7Su2cCq0
|
||||
HMwrFJFFXXLaTZY49+lkrtP6q8WFOYJGK3WnrWvXyOe9Xnh2o8E1dQJ0RnshdOft
|
||||
j1KZ4JhOHnGKoz8+sKuchGVhs5VaMbJUur3cC8INaeKvtrEpwW/Ety5iy1iPyps9
|
||||
S9PlwN0KyVFGWdP2B4Gyj85IXCm3r+JNVoV5tVX9IUBTXnUor7YfWNncwWn56Lc+
|
||||
RQ==
|
||||
Private-Lines: 1
|
||||
AAAAFFMy7BG9rPXwzqZzIY/lqsHEILNf
|
||||
Private-MAC: aaaaaadd8b341b9414d640c24ba6ae929a78e039
|
||||
';
|
||||
|
||||
$this->assertFalse($dsa->load($key));
|
||||
$dsa->load($key, 'PuTTY');
|
||||
}
|
||||
|
||||
public function testXML()
|
||||
{
|
||||
$dsa = new DSA();
|
||||
|
||||
$key = '-----BEGIN PUBLIC KEY-----
|
||||
MIIBtjCCASsGByqGSM44BAEwggEeAoGBANqd0zJw9k04TANekgNJ0U4NY5BU7m2W
|
||||
e3fzArRffdMmHjBB2o5KJUUj6D5fyt4/jdqDdMQe7luy2uTpmebvLWG1NO9dBVMT
|
||||
CnpfdgddskbgVq6XeDTxW53eDNXzjXBOhUIxSKeXQQ7Exg/8I738q9/rooAK2pYh
|
||||
PMlgGnAB5Qp/AhUAzx7fE7xqK3JdVGJBFZ5m04jXKr0CgYBuYD5HMhmu0/HWYLkr
|
||||
OunCDCA0dttAFPzep40qMSE35LoDjuIjk5W+nF39nCN1ehijsPpHFH7cs1xPrgPJ
|
||||
isERm7NDMd6J9o7qUG8NI18vVzDJfHQoxppqal3fgzM4gdsLjhIdj5wTdpVVSyea
|
||||
3pSvWdBpVhWzOX4A7qbxs+bhWAOBhAACgYBTpSKcKoVKw+hglVClqvqQdNKGC4a+
|
||||
XC4lOh2221ZrTgy/sN92vT7cdBn4ydHoth6/bD236L/FYfiX4S4mOczPhrv/l/2u
|
||||
ZpmyOpXM/0opRMIRdmqVW4ardBFNokmlqngwcbaptfRnk9W2cQtx0lmKy6X/vnis
|
||||
3AElwP86TYgBhw==
|
||||
-----END PUBLIC KEY-----';
|
||||
|
||||
$dsa->load($key);
|
||||
$xml = $dsa->getPublicKey('XML');
|
||||
$this->assertContains('DSAKeyValue', $xml);
|
||||
|
||||
$dsa = new DSA();
|
||||
$dsa->load($xml);
|
||||
$pkcs8 = $dsa->getPublicKey('PKCS8');
|
||||
|
||||
$this->assertSame(
|
||||
strtolower(preg_replace('#\s#', '', $pkcs8)),
|
||||
strtolower(preg_replace('#\s#', '', $key))
|
||||
);
|
||||
}
|
||||
}
|
115
tests/Unit/Crypt/DSA/SignatureTest.php
Normal file
115
tests/Unit/Crypt/DSA/SignatureTest.php
Normal file
@ -0,0 +1,115 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2015 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
*/
|
||||
|
||||
use phpseclib\Crypt\DSA;
|
||||
|
||||
class Unit_Crypt_DSA_SignatureTest extends PhpseclibTestCase
|
||||
{
|
||||
public function testPKCSSignature()
|
||||
{
|
||||
$message = 'hello, world!';
|
||||
|
||||
$dsa = new DSA();
|
||||
|
||||
$dsa->load('-----BEGIN DSA PRIVATE KEY-----
|
||||
MIIBvAIBAAKBgQDsGAHAM16bsPlwl7jaec4QMynYa0YLiLiOZC4mvH4UW/tRJxTz
|
||||
aV7eH1EtnP9D9J78x/07wKYs8zJEWCXmuq0UluQfjA47+pb68b/ucQTNeZHboNN9
|
||||
5oEi+8BCSK0y8G3uf3Y89qHvqa9Si6rP374MinEMrbVFm+UpsGflFcd83wIVALtJ
|
||||
ANi+lYG7xMKQ/bE4+bS8gemNAoGBAORowvirD7AB9x2SpdiME41+O4jVR8rs6+GX
|
||||
Ml3Hif6Yt1kem0CeraX9SNoyBNAzjD5TVMGIdGlgRr6GNreHeXMGWlvdDkvCACER
|
||||
ZEEtMsKZicm+yl6kR8AGHTCA/PBltHfyrFQd4n9I//UDqI4RjqzvpCXGQcVEsSDY
|
||||
CCBGBQJRAoGBALnHTAZlpoLJZuSBVtnMuRM3cSX43IkE9w9FveDV1jX5mmfK7yBV
|
||||
pQFV8eVJfk91ERQ4Dn6ePLUv2dRIt4a0S0qHqadgzyoFyqkmmUi1kNLyixtRqh+m
|
||||
2gXx0t63HEpZDbEPppdpnlppZquVQh7TyrKSXW9MTzUkQjFI9UY7kZeKAhQXiJgI
|
||||
kBniZHdFBAZBTE14YJUBkw==
|
||||
-----END DSA PRIVATE KEY-----');
|
||||
$signature = $dsa->sign($message, 'PKCS');
|
||||
|
||||
$dsa->load('-----BEGIN PUBLIC KEY-----
|
||||
MIIBuDCCASwGByqGSM44BAEwggEfAoGBAOwYAcAzXpuw+XCXuNp5zhAzKdhrRguI
|
||||
uI5kLia8fhRb+1EnFPNpXt4fUS2c/0P0nvzH/TvApizzMkRYJea6rRSW5B+MDjv6
|
||||
lvrxv+5xBM15kdug033mgSL7wEJIrTLwbe5/djz2oe+pr1KLqs/fvgyKcQyttUWb
|
||||
5SmwZ+UVx3zfAhUAu0kA2L6VgbvEwpD9sTj5tLyB6Y0CgYEA5GjC+KsPsAH3HZKl
|
||||
2IwTjX47iNVHyuzr4ZcyXceJ/pi3WR6bQJ6tpf1I2jIE0DOMPlNUwYh0aWBGvoY2
|
||||
t4d5cwZaW90OS8IAIRFkQS0ywpmJyb7KXqRHwAYdMID88GW0d/KsVB3if0j/9QOo
|
||||
jhGOrO+kJcZBxUSxINgIIEYFAlEDgYUAAoGBALnHTAZlpoLJZuSBVtnMuRM3cSX4
|
||||
3IkE9w9FveDV1jX5mmfK7yBVpQFV8eVJfk91ERQ4Dn6ePLUv2dRIt4a0S0qHqadg
|
||||
zyoFyqkmmUi1kNLyixtRqh+m2gXx0t63HEpZDbEPppdpnlppZquVQh7TyrKSXW9M
|
||||
TzUkQjFI9UY7kZeK
|
||||
-----END PUBLIC KEY-----');
|
||||
|
||||
$this->assertTrue($dsa->verify($message, $signature, 'PKCS'));
|
||||
$this->assertFalse($dsa->verify('foozbar', $signature, 'PKCS'));
|
||||
|
||||
// openssl dgst -dss1 -sign dsa_priv.pem foo.txt > sigfile.bin
|
||||
$signature = '302c021456d7e7da10d1538a6cd45dcb2b0ce15c28bac03402147e973a4de1e92e8a87ed5218c797952a3f854df5';
|
||||
$signature = pack('H*', $signature);
|
||||
|
||||
$dsa->setHash('sha1');
|
||||
|
||||
$this->assertTrue($dsa->verify("foobar\n", $signature, 'PKCS'));
|
||||
$this->assertFalse($dsa->verify('foozbar', $signature, 'PKCS'));
|
||||
|
||||
// openssl dgst -sha256 -sign dsa_priv.pem foo.txt > sigfile.bin
|
||||
$signature = '302e021500b131ec2682c4c0be13e6558ba3d64929ebc0ac420215009946300a03561cef50c0a51d0cd0a2c835e798fc';
|
||||
$signature = pack('H*', $signature);
|
||||
|
||||
$dsa->setHash('sha256');
|
||||
|
||||
$this->assertTrue($dsa->verify('abcdefghijklmnopqrstuvwxyz', $signature, 'PKCS'));
|
||||
$this->assertFalse($dsa->verify('zzzz', $signature, 'PKCS'));
|
||||
}
|
||||
|
||||
public function testRandomSignature()
|
||||
{
|
||||
$message = 'hello, world!';
|
||||
|
||||
$dsa = new DSA();
|
||||
|
||||
$dsa->load('-----BEGIN DSA PRIVATE KEY-----
|
||||
MIIBvAIBAAKBgQDsGAHAM16bsPlwl7jaec4QMynYa0YLiLiOZC4mvH4UW/tRJxTz
|
||||
aV7eH1EtnP9D9J78x/07wKYs8zJEWCXmuq0UluQfjA47+pb68b/ucQTNeZHboNN9
|
||||
5oEi+8BCSK0y8G3uf3Y89qHvqa9Si6rP374MinEMrbVFm+UpsGflFcd83wIVALtJ
|
||||
ANi+lYG7xMKQ/bE4+bS8gemNAoGBAORowvirD7AB9x2SpdiME41+O4jVR8rs6+GX
|
||||
Ml3Hif6Yt1kem0CeraX9SNoyBNAzjD5TVMGIdGlgRr6GNreHeXMGWlvdDkvCACER
|
||||
ZEEtMsKZicm+yl6kR8AGHTCA/PBltHfyrFQd4n9I//UDqI4RjqzvpCXGQcVEsSDY
|
||||
CCBGBQJRAoGBALnHTAZlpoLJZuSBVtnMuRM3cSX43IkE9w9FveDV1jX5mmfK7yBV
|
||||
pQFV8eVJfk91ERQ4Dn6ePLUv2dRIt4a0S0qHqadgzyoFyqkmmUi1kNLyixtRqh+m
|
||||
2gXx0t63HEpZDbEPppdpnlppZquVQh7TyrKSXW9MTzUkQjFI9UY7kZeKAhQXiJgI
|
||||
kBniZHdFBAZBTE14YJUBkw==
|
||||
-----END DSA PRIVATE KEY-----');
|
||||
$signature1 = $dsa->sign($message, 'PKCS');
|
||||
$signature2 = $dsa->sign($message, 'PKCS');
|
||||
|
||||
// phpseclib's DSA implementation uses a CSPRNG to generate the k parameter.
|
||||
// used correctly this should result in different signatures every time.
|
||||
// RFC6979 describes a deterministic DSA scheme wherein two signatures for the same
|
||||
// plaintext would yield the same value so if that were to be switched to then this
|
||||
// unit test would need to be updated
|
||||
$this->assertNotEquals($signature1, $signature2);
|
||||
|
||||
$this->assertTrue($dsa->verify($message, $signature1, 'PKCS'));
|
||||
$this->assertTrue($dsa->verify($message, $signature2, 'PKCS'));
|
||||
}
|
||||
|
||||
public function testSSHSignature()
|
||||
{
|
||||
$dsa = new DSA();
|
||||
$dsa->setHash('sha1');
|
||||
$dsa->load('AAAAB3NzaC1kc3MAAACBAPyzZzm4oqmY12lxmHwNcfYDNyXr38M1lU6xy9I792U1YSKgX27nUW9eXdJ8Mrn63Le5rrBRfg2Niycx' .
|
||||
'JF2IwDpwCi7YpIv79uwT3RtA0chQDS4vx8qi8BWBzy7PZC9hmqY62+mgfj8ooga1sr+JpMh+8r4j3KjPM+wE37khkgkvAAAAFQDn' .
|
||||
'19pBng6TajI/vdg7GPnxsitCqQAAAIEA6Pl1Z/TVdkc+HpfkAvcg2Q+yNtnVq7+26RCbRDO3b9Ocr+tZA9u23qnO3KDYeygzaLnI' .
|
||||
'gpErp61Bj70iIUldhXy2LFGZFEC9XiKmt/tQxSDKiBbj3bS3wKfHrAlElgjhqxiRh+GixgSsmCj96eJFXcsxPjQU81HR+WJ0ALV1' .
|
||||
'UnMAAACABRdNuqqe1Y68es8TIflV71P0J7Ci2BbbqAXRwYYKc9/7DrygwaN2UIbMXyOLuojeZgQPPoM9nkzd6QZo8M9apawVKKwD' .
|
||||
'GAUj2of+F9WVRxhE0ohTQBzD/3HqT80pQsX+rYcxuSx1cCtdMp4oLrrfKO2J4EiWUkaoSB7SdCaj+vU=');
|
||||
$message = pack('H*', '8bfc69a222c12ddf6bc6bf33c9cadc106af04feb');
|
||||
$signature = pack('H*', '000000077373682d64737300000028a7a2e55dc43e5e6145aa94daa0552ea479d1139d6d6ba50650b489e24e976593e73f76557813d6bc');
|
||||
|
||||
$this->assertTrue($dsa->verify($message, $signature, 'SSH2'));
|
||||
}
|
||||
}
|
@ -7,7 +7,7 @@
|
||||
*/
|
||||
|
||||
use phpseclib\Crypt\RSA;
|
||||
use phpseclib\Crypt\RSA\PKCS1;
|
||||
use phpseclib\Crypt\RSA\Keys\PKCS1;
|
||||
|
||||
class Unit_Crypt_RSA_CreateKeyTest extends PhpseclibTestCase
|
||||
{
|
||||
|
@ -6,9 +6,9 @@
|
||||
*/
|
||||
|
||||
use phpseclib\Crypt\RSA;
|
||||
use phpseclib\Crypt\RSA\PKCS1;
|
||||
use phpseclib\Crypt\RSA\PKCS8;
|
||||
use phpseclib\Crypt\RSA\PuTTY;
|
||||
use phpseclib\Crypt\RSA\Keys\PKCS1;
|
||||
use phpseclib\Crypt\RSA\Keys\PKCS8;
|
||||
use phpseclib\Crypt\RSA\Keys\PuTTY;
|
||||
use phpseclib\Math\BigInteger;
|
||||
|
||||
class Unit_Crypt_RSA_LoadKeyTest extends PhpseclibTestCase
|
||||
|
Loading…
Reference in New Issue
Block a user