/phpseclib/Crypt/RSA.php
PHP | 2590 lines | 1323 code | 261 blank | 1006 comment | 218 complexity | 6077839b987a6cbb5d5dd55932037249 MD5 | raw file
Large files files are truncated, but you can click here to view the full file
- <?php
- /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
- /**
- * Pure-PHP PKCS#1 (v2.1) compliant implementation of RSA.
- *
- * PHP versions 4 and 5
- *
- * Here's an example of how to encrypt and decrypt text with this library:
- * <code>
- * <?php
- * include('Crypt/RSA.php');
- *
- * $rsa = new Crypt_RSA();
- * extract($rsa->createKey());
- *
- * $plaintext = 'terrafrost';
- *
- * $rsa->loadKey($privatekey);
- * $ciphertext = $rsa->encrypt($plaintext);
- *
- * $rsa->loadKey($publickey);
- * echo $rsa->decrypt($ciphertext);
- * ?>
- * </code>
- *
- * Here's an example of how to create signatures and verify signatures with this library:
- * <code>
- * <?php
- * include('Crypt/RSA.php');
- *
- * $rsa = new Crypt_RSA();
- * extract($rsa->createKey());
- *
- * $plaintext = 'terrafrost';
- *
- * $rsa->loadKey($privatekey);
- * $signature = $rsa->sign($plaintext);
- *
- * $rsa->loadKey($publickey);
- * echo $rsa->verify($plaintext, $signature) ? 'verified' : 'unverified';
- * ?>
- * </code>
- *
- * LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- *
- * @category Crypt
- * @package Crypt_RSA
- * @author Jim Wigginton <terrafrost@php.net>
- * @copyright MMIX Jim Wigginton
- * @license http://www.opensource.org/licenses/mit-license.html MIT License
- * @version $Id: RSA.php,v 1.19 2010/09/12 21:58:54 terrafrost Exp $
- * @link http://phpseclib.sourceforge.net
- */
- namespace phpseclib;
- /**
- * Pure-PHP PKCS#1 compliant implementation of RSA.
- *
- * @author Jim Wigginton <terrafrost@php.net>
- * @version 0.1.0
- * @access public
- * @package Crypt_RSA
- */
- class Crypt_RSA {
- /**#@+
- * @access public
- * @see Crypt_RSA::encrypt()
- * @see Crypt_RSA::decrypt()
- */
- /**
- * Use {@link http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding Optimal Asymmetric Encryption Padding}
- * (OAEP) for encryption / decryption.
- *
- * Uses sha1 by default.
- *
- * @see Crypt_RSA::setHash()
- * @see Crypt_RSA::setMGFHash()
- */
- const ENCRYPTION_OAEP = 1;
- /**
- * Use PKCS#1 padding.
- *
- * Although self::ENCRYPTION_OAEP offers more security, including PKCS#1 padding is necessary for purposes of backwards
- * compatability with protocols (like SSH-1) written before OAEP's introduction.
- */
- const ENCRYPTION_PKCS1 = 2;
- /**#@-*/
- /**#@+
- * @access public
- * @see Crypt_RSA::sign()
- * @see Crypt_RSA::verify()
- * @see Crypt_RSA::setHash()
- */
- /**
- * Use the Probabilistic Signature Scheme for signing
- *
- * Uses sha1 by default.
- *
- * @see Crypt_RSA::setSaltLength()
- * @see Crypt_RSA::setMGFHash()
- */
- const SIGNATURE_PSS = 1;
- /**
- * Use the PKCS#1 scheme by default.
- *
- * Although self::SIGNATURE_PSS offers more security, including PKCS#1 signing is necessary for purposes of backwards
- * compatability with protocols (like SSH-2) written before PSS's introduction.
- */
- const SIGNATURE_PKCS1 = 2;
- /**#@-*/
- /**#@+
- * @access private
- * @see Crypt_RSA::createKey()
- */
- /**
- * ASN1 Integer
- */
- const ASN1_INTEGER = 2;
- /**
- * ASN1 Bit String
- */
- const ASN1_BITSTRING = 3;
- /**
- * ASN1 Sequence (with the constucted bit set)
- */
- const ASN1_SEQUENCE = 48;
- /**#@-*/
- /**#@+
- * @access private
- * @see Crypt_RSA::Crypt_RSA()
- */
- /**
- * To use the pure-PHP implementation
- */
- const MODE_INTERNAL = 1;
- /**
- * To use the OpenSSL library
- *
- * (if enabled; otherwise, the internal implementation will be used)
- */
- const MODE_OPENSSL = 2;
- /**#@-*/
- /**#@+
- * @access public
- * @see Crypt_RSA::createKey()
- * @see Crypt_RSA::setPrivateKeyFormat()
- */
- /**
- * PKCS#1 formatted private key
- *
- * Used by OpenSSH
- */
- const PRIVATE_FORMAT_PKCS1 = 0;
- /**
- * PuTTY formatted private key
- */
- const PRIVATE_FORMAT_PUTTY = 1;
- /**
- * XML formatted private key
- */
- const PRIVATE_FORMAT_XML = 2;
- /**#@-*/
- /**#@+
- * @access public
- * @see Crypt_RSA::createKey()
- * @see Crypt_RSA::setPublicKeyFormat()
- */
- /**
- * Raw public key
- *
- * An array containing two Math_BigInteger objects.
- *
- * The exponent can be indexed with any of the following:
- *
- * 0, e, exponent, publicExponent
- *
- * The modulus can be indexed with any of the following:
- *
- * 1, n, modulo, modulus
- */
- const PUBLIC_FORMAT_RAW = 3;
- /**
- * PKCS#1 formatted public key (raw)
- *
- * Used by File/X509.php
- */
- const PUBLIC_FORMAT_PKCS1_RAW = 4;
- /**
- * XML formatted public key
- */
- const PUBLIC_FORMAT_XML = 5;
- /**
- * OpenSSH formatted public key
- *
- * Place in $HOME/.ssh/authorized_keys
- */
- const PUBLIC_FORMAT_OPENSSH = 6;
- /**
- * PKCS#1 formatted public key (encapsulated)
- *
- * Used by PHP's openssl_public_encrypt() and openssl's rsautl (when -pubin is set)
- */
- const PUBLIC_FORMAT_PKCS1 = 7;
- /**#@-*/
- //TODO: make this settable
- const EXPONENT = 65537;
- const SMALLEST_PRIME = 4096;
- const COMMENT = 'phpseclib-generated-key';
- /**
- * Precomputed Zero
- *
- * @var Array
- * @access private
- */
- var $zero;
- /**
- * Precomputed One
- *
- * @var Array
- * @access private
- */
- var $one;
- /**
- * Private Key Format
- *
- * @var Integer
- * @access private
- */
- var $privateKeyFormat = self::PRIVATE_FORMAT_PKCS1;
- /**
- * Public Key Format
- *
- * @var Integer
- * @access public
- */
- var $publicKeyFormat = self::PUBLIC_FORMAT_PKCS1;
- /**
- * Modulus (ie. n)
- *
- * @var Math_BigInteger
- * @access private
- */
- var $modulus;
- /**
- * Modulus length
- *
- * @var Math_BigInteger
- * @access private
- */
- var $k;
- /**
- * Exponent (ie. e or d)
- *
- * @var Math_BigInteger
- * @access private
- */
- var $exponent;
- /**
- * Primes for Chinese Remainder Theorem (ie. p and q)
- *
- * @var Array
- * @access private
- */
- var $primes;
- /**
- * Exponents for Chinese Remainder Theorem (ie. dP and dQ)
- *
- * @var Array
- * @access private
- */
- var $exponents;
- /**
- * Coefficients for Chinese Remainder Theorem (ie. qInv)
- *
- * @var Array
- * @access private
- */
- var $coefficients;
- /**
- * Hash name
- *
- * @var String
- * @access private
- */
- var $hashName;
- /**
- * Hash function
- *
- * @var Crypt_Hash
- * @access private
- */
- var $hash;
- /**
- * Length of hash function output
- *
- * @var Integer
- * @access private
- */
- var $hLen;
- /**
- * Length of salt
- *
- * @var Integer
- * @access private
- */
- var $sLen;
- /**
- * Hash function for the Mask Generation Function
- *
- * @var Crypt_Hash
- * @access private
- */
- var $mgfHash;
- /**
- * Length of MGF hash function output
- *
- * @var Integer
- * @access private
- */
- var $mgfHLen;
- /**
- * Encryption mode
- *
- * @var Integer
- * @access private
- */
- var $encryptionMode = self::ENCRYPTION_OAEP;
- /**
- * Signature mode
- *
- * @var Integer
- * @access private
- */
- var $signatureMode = self::SIGNATURE_PSS;
- /**
- * Public Exponent
- *
- * @var Mixed
- * @access private
- */
- var $publicExponent = false;
- /**
- * Password
- *
- * @var String
- * @access private
- */
- var $password = false;
- /**
- * Components
- *
- * For use with parsing XML formatted keys. PHP's XML Parser functions use utilized - instead of PHP's DOM functions -
- * because PHP's XML Parser functions work on PHP4 whereas PHP's DOM functions - although surperior - don't.
- *
- * @see Crypt_RSA::_start_element_handler()
- * @var Array
- * @access private
- */
- var $components = array();
- /**
- * Current String
- *
- * For use with parsing XML formatted keys.
- *
- * @see Crypt_RSA::_character_handler()
- * @see Crypt_RSA::_stop_element_handler()
- * @var Mixed
- * @access private
- */
- var $current;
- /**
- * Key Blinding
- */
- static $blinding = true;
- /**
- * The constructor
- *
- * If you want to make use of the openssl extension, you'll need to set the mode manually, yourself. The reason
- * Crypt_RSA doesn't do it is because OpenSSL doesn't fail gracefully. openssl_pkey_new(), in particular, requires
- * openssl.cnf be present somewhere and, unfortunately, the only real way to find out is too late.
- *
- * @return Crypt_RSA
- * @access public
- */
- function __construct()
- {
- if ( !defined('CRYPT_RSA_MODE') ) {
- switch (true) {
- case extension_loaded('openssl') && version_compare(PHP_VERSION, '4.2.0', '>='):
- define('CRYPT_RSA_MODE', self::MODE_OPENSSL);
- break;
- default:
- define('CRYPT_RSA_MODE', self::MODE_INTERNAL);
- }
- }
- $this->zero = new Math_BigInteger();
- $this->one = new Math_BigInteger(1);
- $this->hash = new Crypt_Hash('sha1');
- $this->hLen = $this->hash->getLength();
- $this->hashName = 'sha1';
- $this->mgfHash = new Crypt_Hash('sha1');
- $this->mgfHLen = $this->mgfHash->getLength();
- }
- /**
- * Create public / private key pair
- *
- * Returns an array with the following three elements:
- * - 'privatekey': The private key.
- * - 'publickey': The public key.
- * - 'partialkey': A partially computed key (if the execution time exceeded $timeout).
- * Will need to be passed back to Crypt_RSA::createKey() as the third parameter for further processing.
- *
- * @access public
- * @param optional Integer $bits
- * @param optional Integer $timeout
- * @param optional Math_BigInteger $p
- */
- function createKey($bits = 1024, $timeout = false, $partial = array())
- {
- // OpenSSL uses 65537 as the exponent and requires RSA keys be 384 bits minimum
- if ( CRYPT_RSA_MODE == self::MODE_OPENSSL && $bits >= 384 && self::EXPONENT == 65537) {
- $rsa = openssl_pkey_new(array(
- 'private_key_bits' => $bits,
- 'config' => dirname(__FILE__) . '/../openssl.cnf'
- ));
- openssl_pkey_export($rsa, $privatekey, NULL, array('config' => dirname(__FILE__) . '/../openssl.cnf'));
- $publickey = openssl_pkey_get_details($rsa);
- $publickey = $publickey['key'];
- $privatekey = call_user_func_array(array($this, '_convertPrivateKey'), array_values($this->_parseKey($privatekey, self::PRIVATE_FORMAT_PKCS1)));
- $publickey = call_user_func_array(array($this, '_convertPublicKey'), array_values($this->_parseKey($publickey, self::PUBLIC_FORMAT_PKCS1)));
- // clear the buffer of error strings stemming from a minimalistic openssl.cnf
- while (openssl_error_string() !== false);
- return array(
- 'privatekey' => $privatekey,
- 'publickey' => $publickey,
- 'partialkey' => false
- );
- }
- static $e;
- if (!isset($e)) {
- $e = new Math_BigInteger(self::EXPONENT);
- }
- extract($this->_generateMinMax($bits));
- $absoluteMin = $min;
- $temp = $bits >> 1; // divide by two to see how many bits P and Q would be
- if ($temp > self::SMALLEST_PRIME) {
- $num_primes = floor($bits / self::SMALLEST_PRIME);
- $temp = self::SMALLEST_PRIME;
- } else {
- $num_primes = 2;
- }
- extract($this->_generateMinMax($temp + $bits % $temp));
- $finalMax = $max;
- extract($this->_generateMinMax($temp));
- $generator = new Math_BigInteger();
- $generator->setRandomGenerator('phpseclib\Crypt_Random::generateRandom');
- $n = $this->one->copy();
- if (!empty($partial)) {
- extract(unserialize($partial));
- } else {
- $exponents = $coefficients = $primes = array();
- $lcm = array(
- 'top' => $this->one->copy(),
- 'bottom' => false
- );
- }
- $start = time();
- $i0 = count($primes) + 1;
- do {
- for ($i = $i0; $i <= $num_primes; $i++) {
- if ($timeout !== false) {
- $timeout-= time() - $start;
- $start = time();
- if ($timeout <= 0) {
- return array(
- 'privatekey' => '',
- 'publickey' => '',
- 'partialkey' => serialize(array(
- 'primes' => $primes,
- 'coefficients' => $coefficients,
- 'lcm' => $lcm,
- 'exponents' => $exponents
- ))
- );
- }
- }
- if ($i == $num_primes) {
- list($min, $temp) = $absoluteMin->divide($n);
- if (!$temp->equals($this->zero)) {
- $min = $min->add($this->one); // ie. ceil()
- }
- $primes[$i] = $generator->randomPrime($min, $finalMax, $timeout);
- } else {
- $primes[$i] = $generator->randomPrime($min, $max, $timeout);
- }
- if ($primes[$i] === false) { // if we've reached the timeout
- if (count($primes) > 1) {
- $partialkey = '';
- } else {
- array_pop($primes);
- $partialkey = serialize(array(
- 'primes' => $primes,
- 'coefficients' => $coefficients,
- 'lcm' => $lcm,
- 'exponents' => $exponents
- ));
- }
- return array(
- 'privatekey' => '',
- 'publickey' => '',
- 'partialkey' => $partialkey
- );
- }
- // the first coefficient is calculated differently from the rest
- // ie. instead of being $primes[1]->modInverse($primes[2]), it's $primes[2]->modInverse($primes[1])
- if ($i > 2) {
- $coefficients[$i] = $n->modInverse($primes[$i]);
- }
- $n = $n->multiply($primes[$i]);
- $temp = $primes[$i]->subtract($this->one);
- // textbook RSA implementations use Euler's totient function instead of the least common multiple.
- // see http://en.wikipedia.org/wiki/Euler%27s_totient_function
- $lcm['top'] = $lcm['top']->multiply($temp);
- $lcm['bottom'] = $lcm['bottom'] === false ? $temp : $lcm['bottom']->gcd($temp);
- $exponents[$i] = $e->modInverse($temp);
- }
- list($lcm) = $lcm['top']->divide($lcm['bottom']);
- $gcd = $lcm->gcd($e);
- $i0 = 1;
- } while (!$gcd->equals($this->one));
- $d = $e->modInverse($lcm);
- $coefficients[2] = $primes[2]->modInverse($primes[1]);
- // from <http://tools.ietf.org/html/rfc3447#appendix-A.1.2>:
- // RSAPrivateKey ::= SEQUENCE {
- // version Version,
- // modulus INTEGER, -- n
- // publicExponent INTEGER, -- e
- // privateExponent INTEGER, -- d
- // prime1 INTEGER, -- p
- // prime2 INTEGER, -- q
- // exponent1 INTEGER, -- d mod (p-1)
- // exponent2 INTEGER, -- d mod (q-1)
- // coefficient INTEGER, -- (inverse of q) mod p
- // otherPrimeInfos OtherPrimeInfos OPTIONAL
- // }
- return array(
- 'privatekey' => $this->_convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients),
- 'publickey' => $this->_convertPublicKey($n, $e),
- 'partialkey' => false
- );
- }
- /**
- * Convert a private key to the appropriate format.
- *
- * @access private
- * @see setPrivateKeyFormat()
- * @param String $RSAPrivateKey
- * @return String
- */
- function _convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients)
- {
- $num_primes = count($primes);
- $raw = array(
- 'version' => $num_primes == 2 ? chr(0) : chr(1), // two-prime vs. multi
- 'modulus' => $n->toBytes(true),
- 'publicExponent' => $e->toBytes(true),
- 'privateExponent' => $d->toBytes(true),
- 'prime1' => $primes[1]->toBytes(true),
- 'prime2' => $primes[2]->toBytes(true),
- 'exponent1' => $exponents[1]->toBytes(true),
- 'exponent2' => $exponents[2]->toBytes(true),
- 'coefficient' => $coefficients[2]->toBytes(true)
- );
- // if the format in question does not support multi-prime rsa and multi-prime rsa was used,
- // call _convertPublicKey() instead.
- switch ($this->privateKeyFormat) {
- case self::PRIVATE_FORMAT_XML:
- if ($num_primes != 2) {
- return false;
- }
- return "<RSAKeyValue>\r\n" .
- ' <Modulus>' . base64_encode($raw['modulus']) . "</Modulus>\r\n" .
- ' <Exponent>' . base64_encode($raw['publicExponent']) . "</Exponent>\r\n" .
- ' <P>' . base64_encode($raw['prime1']) . "</P>\r\n" .
- ' <Q>' . base64_encode($raw['prime2']) . "</Q>\r\n" .
- ' <DP>' . base64_encode($raw['exponent1']) . "</DP>\r\n" .
- ' <DQ>' . base64_encode($raw['exponent2']) . "</DQ>\r\n" .
- ' <InverseQ>' . base64_encode($raw['coefficient']) . "</InverseQ>\r\n" .
- ' <D>' . base64_encode($raw['privateExponent']) . "</D>\r\n" .
- '</RSAKeyValue>';
- break;
- case self::PRIVATE_FORMAT_PUTTY:
- if ($num_primes != 2) {
- return false;
- }
- $key = "PuTTY-User-Key-File-2: ssh-rsa\r\nEncryption: ";
- $encryption = (!empty($this->password) || is_string($this->password)) ? 'aes256-cbc' : 'none';
- $key.= $encryption;
- $key.= "\r\nComment: " . self::COMMENT . "\r\n";
- $public = pack('Na*Na*Na*',
- strlen('ssh-rsa'), 'ssh-rsa', strlen($raw['publicExponent']), $raw['publicExponent'], strlen($raw['modulus']), $raw['modulus']
- );
- $source = pack('Na*Na*Na*Na*',
- strlen('ssh-rsa'), 'ssh-rsa', strlen($encryption), $encryption,
- strlen(self::COMMENT), self::COMMENT, strlen($public), $public
- );
- $public = base64_encode($public);
- $key.= "Public-Lines: " . ((strlen($public) + 32) >> 6) . "\r\n";
- $key.= chunk_split($public, 64);
- $private = pack('Na*Na*Na*Na*',
- strlen($raw['privateExponent']), $raw['privateExponent'], strlen($raw['prime1']), $raw['prime1'],
- strlen($raw['prime2']), $raw['prime2'], strlen($raw['coefficient']), $raw['coefficient']
- );
- if (empty($this->password) && !is_string($this->password)) {
- $source.= pack('Na*', strlen($private), $private);
- $hashkey = 'putty-private-key-file-mac-key';
- } else {
- $private.= $this->_random(16 - (strlen($private) & 15));
- $source.= pack('Na*', strlen($private), $private);
- $sequence = 0;
- $symkey = '';
- while (strlen($symkey) < 32) {
- $temp = pack('Na*', $sequence++, $this->password);
- $symkey.= pack('H*', sha1($temp));
- }
- $symkey = substr($symkey, 0, 32);
- $crypto = new Crypt_AES();
- $crypto->setKey($symkey);
- $crypto->disablePadding();
- $private = $crypto->encrypt($private);
- $hashkey = 'putty-private-key-file-mac-key' . $this->password;
- }
- $private = base64_encode($private);
- $key.= 'Private-Lines: ' . ((strlen($private) + 32) >> 6) . "\r\n";
- $key.= chunk_split($private, 64);
- $hash = new Crypt_Hash('sha1');
- $hash->setKey(pack('H*', sha1($hashkey)));
- $key.= 'Private-MAC: ' . bin2hex($hash->hash($source)) . "\r\n";
- return $key;
- default: // eg. self::PRIVATE_FORMAT_PKCS1
- $components = array();
- foreach ($raw as $name => $value) {
- $components[$name] = pack('Ca*a*', self::ASN1_INTEGER, $this->_encodeLength(strlen($value)), $value);
- }
- $RSAPrivateKey = implode('', $components);
- if ($num_primes > 2) {
- $OtherPrimeInfos = '';
- for ($i = 3; $i <= $num_primes; $i++) {
- // OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo
- //
- // OtherPrimeInfo ::= SEQUENCE {
- // prime INTEGER, -- ri
- // exponent INTEGER, -- di
- // coefficient INTEGER -- ti
- // }
- $OtherPrimeInfo = pack('Ca*a*', self::ASN1_INTEGER, $this->_encodeLength(strlen($primes[$i]->toBytes(true))), $primes[$i]->toBytes(true));
- $OtherPrimeInfo.= pack('Ca*a*', self::ASN1_INTEGER, $this->_encodeLength(strlen($exponents[$i]->toBytes(true))), $exponents[$i]->toBytes(true));
- $OtherPrimeInfo.= pack('Ca*a*', self::ASN1_INTEGER, $this->_encodeLength(strlen($coefficients[$i]->toBytes(true))), $coefficients[$i]->toBytes(true));
- $OtherPrimeInfos.= pack('Ca*a*', self::ASN1_SEQUENCE, $this->_encodeLength(strlen($OtherPrimeInfo)), $OtherPrimeInfo);
- }
- $RSAPrivateKey.= pack('Ca*a*', self::ASN1_SEQUENCE, $this->_encodeLength(strlen($OtherPrimeInfos)), $OtherPrimeInfos);
- }
- $RSAPrivateKey = pack('Ca*a*', self::ASN1_SEQUENCE, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey);
- if (!empty($this->password) || is_string($this->password)) {
- $iv = $this->_random(8);
- $symkey = pack('H*', md5($this->password . $iv)); // symkey is short for symmetric key
- $symkey.= substr(pack('H*', md5($symkey . $this->password . $iv)), 0, 8);
- $des = new Crypt_TripleDES();
- $des->setKey($symkey);
- $des->setIV($iv);
- $iv = strtoupper(bin2hex($iv));
- $RSAPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\r\n" .
- "Proc-Type: 4,ENCRYPTED\r\n" .
- "DEK-Info: DES-EDE3-CBC,$iv\r\n" .
- "\r\n" .
- chunk_split(base64_encode($des->encrypt($RSAPrivateKey))) .
- '-----END RSA PRIVATE KEY-----';
- } else {
- $RSAPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\r\n" .
- chunk_split(base64_encode($RSAPrivateKey)) .
- '-----END RSA PRIVATE KEY-----';
- }
- return $RSAPrivateKey;
- }
- }
- /**
- * Convert a public key to the appropriate format
- *
- * @access private
- * @see setPublicKeyFormat()
- * @param String $RSAPrivateKey
- * @return String
- */
- function _convertPublicKey($n, $e)
- {
- $modulus = $n->toBytes(true);
- $publicExponent = $e->toBytes(true);
- switch ($this->publicKeyFormat) {
- case self::PUBLIC_FORMAT_RAW:
- return array('e' => $e->copy(), 'n' => $n->copy());
- case self::PUBLIC_FORMAT_XML:
- return "<RSAKeyValue>\r\n" .
- ' <Modulus>' . base64_encode($modulus) . "</Modulus>\r\n" .
- ' <Exponent>' . base64_encode($publicExponent) . "</Exponent>\r\n" .
- '</RSAKeyValue>';
- break;
- case self::PUBLIC_FORMAT_OPENSSH:
- // from <http://tools.ietf.org/html/rfc4253#page-15>:
- // string "ssh-rsa"
- // mpint e
- // mpint n
- $RSAPublicKey = pack('Na*Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($publicExponent), $publicExponent, strlen($modulus), $modulus);
- $RSAPublicKey = 'ssh-rsa ' . base64_encode($RSAPublicKey) . ' ' . self::COMMENT;
- return $RSAPublicKey;
- default: // eg. self::PUBLIC_FORMAT_PKCS1_RAW or self::PUBLIC_FORMAT_PKCS1
- // from <http://tools.ietf.org/html/rfc3447#appendix-A.1.1>:
- // RSAPublicKey ::= SEQUENCE {
- // modulus INTEGER, -- n
- // publicExponent INTEGER -- e
- // }
- $components = array(
- 'modulus' => pack('Ca*a*', self::ASN1_INTEGER, $this->_encodeLength(strlen($modulus)), $modulus),
- 'publicExponent' => pack('Ca*a*', self::ASN1_INTEGER, $this->_encodeLength(strlen($publicExponent)), $publicExponent)
- );
- $RSAPublicKey = pack('Ca*a*a*',
- self::ASN1_SEQUENCE, $this->_encodeLength(strlen($components['modulus']) + strlen($components['publicExponent'])),
- $components['modulus'], $components['publicExponent']
- );
- if ($this->publicKeyFormat == self::PUBLIC_FORMAT_PKCS1) {
- // sequence(oid(1.2.840.113549.1.1.1), null)) = rsaEncryption.
- $rsaOID = pack('H*', '300d06092a864886f70d0101010500'); // hex version of MA0GCSqGSIb3DQEBAQUA
- $RSAPublicKey = chr(0) . $RSAPublicKey;
- $RSAPublicKey = chr(3) . $this->_encodeLength(strlen($RSAPublicKey)) . $RSAPublicKey;
- $RSAPublicKey = pack('Ca*a*',
- self::ASN1_SEQUENCE, $this->_encodeLength(strlen($rsaOID . $RSAPublicKey)), $rsaOID . $RSAPublicKey
- );
- }
- $RSAPublicKey = "-----BEGIN PUBLIC KEY-----\r\n" .
- chunk_split(base64_encode($RSAPublicKey)) .
- '-----END PUBLIC KEY-----';
- return $RSAPublicKey;
- }
- }
- /**
- * Break a public or private key down into its constituant components
- *
- * @access private
- * @see _convertPublicKey()
- * @see _convertPrivateKey()
- * @param String $key
- * @param Integer $type
- * @return Array
- */
- function _parseKey($key, $type)
- {
- if ($type != self::PUBLIC_FORMAT_RAW && !is_string($key)) {
- return false;
- }
- switch ($type) {
- case self::PUBLIC_FORMAT_RAW:
- if (!is_array($key)) {
- return false;
- }
- $components = array();
- switch (true) {
- case isset($key['e']):
- $components['publicExponent'] = $key['e']->copy();
- break;
- case isset($key['exponent']):
- $components['publicExponent'] = $key['exponent']->copy();
- break;
- case isset($key['publicExponent']):
- $components['publicExponent'] = $key['publicExponent']->copy();
- break;
- case isset($key[0]):
- $components['publicExponent'] = $key[0]->copy();
- }
- switch (true) {
- case isset($key['n']):
- $components['modulus'] = $key['n']->copy();
- break;
- case isset($key['modulo']):
- $components['modulus'] = $key['modulo']->copy();
- break;
- case isset($key['modulus']):
- $components['modulus'] = $key['modulus']->copy();
- break;
- case isset($key[1]):
- $components['modulus'] = $key[1]->copy();
- }
- return isset($components['modulus']) && isset($components['publicExponent']) ? $components : false;
- case self::PRIVATE_FORMAT_PKCS1:
- case self::PUBLIC_FORMAT_PKCS1:
- /* Although PKCS#1 proposes a format that public and private keys can use, encrypting them is
- "outside the scope" of PKCS#1. PKCS#1 then refers you to PKCS#12 and PKCS#15 if you're wanting to
- protect private keys, however, that's not what OpenSSL* does. OpenSSL protects private keys by adding
- two new "fields" to the key - DEK-Info and Proc-Type. These fields are discussed here:
- http://tools.ietf.org/html/rfc1421#section-4.6.1.1
- http://tools.ietf.org/html/rfc1421#section-4.6.1.3
- DES-EDE3-CBC as an algorithm, however, is not discussed anywhere, near as I can tell.
- DES-CBC and DES-EDE are discussed in RFC1423, however, DES-EDE3-CBC isn't, nor is its key derivation
- function. As is, the definitive authority on this encoding scheme isn't the IETF but rather OpenSSL's
- own implementation. ie. the implementation *is* the standard and any bugs that may exist in that
- implementation are part of the standard, as well.
- * OpenSSL is the de facto standard. It's utilized by OpenSSH and other projects */
- if (preg_match('#DEK-Info: (.+),(.+)#', $key, $matches)) {
- $iv = pack('H*', trim($matches[2]));
- $symkey = pack('H*', md5($this->password . substr($iv, 0, 8))); // symkey is short for symmetric key
- $symkey.= substr(pack('H*', md5($symkey . $this->password . $iv)), 0, 8);
- $ciphertext = preg_replace('#.+(\r|\n|\r\n)\1|[\r\n]|-.+-| #s', '', $key);
- $ciphertext = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $ciphertext) ? base64_decode($ciphertext) : false;
- if ($ciphertext === false) {
- $ciphertext = $key;
- }
- switch ($matches[1]) {
- case 'AES-128-CBC':
- $symkey = substr($symkey, 0, 16);
- $crypto = new Crypt_AES();
- break;
- case 'DES-EDE3-CFB':
- $crypto = new Crypt_TripleDES(Crypt_DES::MODE_CFB);
- break;
- case 'DES-EDE3-CBC':
- $crypto = new Crypt_TripleDES();
- break;
- case 'DES-CBC':
- $crypto = new Crypt_DES();
- break;
- default:
- return false;
- }
- $crypto->setKey($symkey);
- $crypto->setIV($iv);
- $decoded = $crypto->decrypt($ciphertext);
- } else {
- $decoded = preg_replace('#-.+-|[\r\n]| #', '', $key);
- $decoded = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $decoded) ? base64_decode($decoded) : false;
- }
- if ($decoded !== false) {
- $key = $decoded;
- }
- $components = array();
- if (ord($this->_string_shift($key)) != self::ASN1_SEQUENCE) {
- return false;
- }
- if ($this->_decodeLength($key) != strlen($key)) {
- return false;
- }
- $tag = ord($this->_string_shift($key));
- /* intended for keys for which OpenSSL's asn1parse returns the following:
- 0:d=0 hl=4 l= 631 cons: SEQUENCE
- 4:d=1 hl=2 l= 1 prim: INTEGER :00
- 7:d=1 hl=2 l= 13 cons: SEQUENCE
- 9:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
- 20:d=2 hl=2 l= 0 prim: NULL
- 22:d=1 hl=4 l= 609 prim: OCTET STRING */
- if ($tag == self::ASN1_INTEGER && substr($key, 0, 3) == "\x01\x00\x30") {
- $this->_string_shift($key, 3);
- $tag = self::ASN1_SEQUENCE;
- }
- if ($tag == self::ASN1_SEQUENCE) {
- /* intended for keys for which OpenSSL's asn1parse returns the following:
- 0:d=0 hl=4 l= 290 cons: SEQUENCE
- 4:d=1 hl=2 l= 13 cons: SEQUENCE
- 6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
- 17:d=2 hl=2 l= 0 prim: NULL
- 19:d=1 hl=4 l= 271 prim: BIT STRING */
- $this->_string_shift($key, $this->_decodeLength($key));
- $tag = ord($this->_string_shift($key)); // skip over the BIT STRING / OCTET STRING tag
- $this->_decodeLength($key); // skip over the BIT STRING / OCTET STRING length
- // "The initial octet shall encode, as an unsigned binary integer wtih bit 1 as the least significant bit, the number of
- // unused bits in the final subsequent octet. The number shall be in the range zero to seven."
- // -- http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf (section 8.6.2.2)
- if ($tag == self::ASN1_BITSTRING) {
- $this->_string_shift($key);
- }
- if (ord($this->_string_shift($key)) != self::ASN1_SEQUENCE) {
- return false;
- }
- if ($this->_decodeLength($key) != strlen($key)) {
- return false;
- }
- $tag = ord($this->_string_shift($key));
- }
- if ($tag != self::ASN1_INTEGER) {
- return false;
- }
- $length = $this->_decodeLength($key);
- $temp = $this->_string_shift($key, $length);
- if (strlen($temp) != 1 || ord($temp) > 2) {
- $components['modulus'] = new Math_BigInteger($temp, 256);
- $this->_string_shift($key); // skip over self::ASN1_INTEGER
- $length = $this->_decodeLength($key);
- $components[$type == self::PUBLIC_FORMAT_PKCS1 ? 'publicExponent' : 'privateExponent'] = new Math_BigInteger($this->_string_shift($key, $length), 256);
- return $components;
- }
- if (ord($this->_string_shift($key)) != self::ASN1_INTEGER) {
- return false;
- }
- $length = $this->_decodeLength($key);
- $components['modulus'] = new Math_BigInteger($this->_string_shift($key, $length), 256);
- $this->_string_shift($key);
- $length = $this->_decodeLength($key);
- $components['publicExponent'] = new Math_BigInteger($this->_string_shift($key, $length), 256);
- $this->_string_shift($key);
- $length = $this->_decodeLength($key);
- $components['privateExponent'] = new Math_BigInteger($this->_string_shift($key, $length), 256);
- $this->_string_shift($key);
- $length = $this->_decodeLength($key);
- $components['primes'] = array(1 => new Math_BigInteger($this->_string_shift($key, $length), 256));
- $this->_string_shift($key);
- $length = $this->_decodeLength($key);
- $components['primes'][] = new Math_BigInteger($this->_string_shift($key, $length), 256);
- $this->_string_shift($key);
- $length = $this->_decodeLength($key);
- $components['exponents'] = array(1 => new Math_BigInteger($this->_string_shift($key, $length), 256));
- $this->_string_shift($key);
- $length = $this->_decodeLength($key);
- $components['exponents'][] = new Math_BigInteger($this->_string_shift($key, $length), 256);
- $this->_string_shift($key);
- $length = $this->_decodeLength($key);
- $components['coefficients'] = array(2 => new Math_BigInteger($this->_string_shift($key, $length), 256));
- if (!empty($key)) {
- if (ord($this->_string_shift($key)) != self::ASN1_SEQUENCE) {
- return false;
- }
- $this->_decodeLength($key);
- while (!empty($key)) {
- if (ord($this->_string_shift($key)) != self::ASN1_SEQUENCE) {
- return false;
- }
- $this->_decodeLength($key);
- $key = substr($key, 1);
- $length = $this->_decodeLength($key);
- $components['primes'][] = new Math_BigInteger($this->_string_shift($key, $length), 256);
- $this->_string_shift($key);
- $length = $this->_decodeLength($key);
- $components['exponents'][] = new Math_BigInteger($this->_string_shift($key, $length), 256);
- $this->_string_shift($key);
- $length = $this->_decodeLength($key);
- $components['coefficients'][] = new Math_BigInteger($this->_string_shift($key, $length), 256);
- }
- }
- return $components;
- case self::PUBLIC_FORMAT_OPENSSH:
- $key = base64_decode(preg_replace('#^ssh-rsa | .+$#', '', $key));
- if ($key === false) {
- return false;
- }
- $cleanup = substr($key, 0, 11) == "\0\0\0\7ssh-rsa";
- if (strlen($key) <= 4) {
- return false;
- }
- extract(unpack('Nlength', $this->_string_shift($key, 4)));
- $publicExponent = new Math_BigInteger($this->_string_shift($key, $length), -256);
- if (strlen($key) <= 4) {
- return false;
- }
- extract(unpack('Nlength', $this->_string_shift($key, 4)));
- $modulus = new Math_BigInteger($this->_string_shift($key, $length), -256);
- if ($cleanup && strlen($key)) {
- if (strlen($key) <= 4) {
- return false;
- }
- extract(unpack('Nlength', $this->_string_shift($key, 4)));
- $realModulus = new Math_BigInteger($this->_string_shift($key, $length), -256);
- return strlen($key) ? false : array(
- 'modulus' => $realModulus,
- 'publicExponent' => $modulus
- );
- } else {
- return strlen($key) ? false : array(
- 'modulus' => $modulus,
- 'publicExponent' => $publicExponent
- );
- }
- // http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue
- // http://en.wikipedia.org/wiki/XML_Signature
- case self::PRIVATE_FORMAT_XML:
- case self::PUBLIC_FORMAT_XML:
- $this->components = array();
- $xml = xml_parser_create('UTF-8');
- xml_set_object($xml, $this);
- xml_set_element_handler($xml, '_start_element_handler', '_stop_element_handler');
- xml_set_character_data_handler($xml, '_data_handler');
- if (!xml_parse($xml, $key)) {
- return false;
- }
- return isset($this->components['modulus']) && isset($this->components['publicExponent']) ? $this->components : false;
- // from PuTTY's SSHPUBK.C
- case self::PRIVATE_FORMAT_PUTTY:
- $components = array();
- $key = preg_split('#\r\n|\r|\n#', $key);
- $type = trim(preg_replace('#PuTTY-User-Key-File-2: (.+)#', '$1', $key[0]));
- if ($type != 'ssh-rsa') {
- return false;
- }
- $encryption = trim(preg_replace('#Encryption: (.+)#', '$1', $key[1]));
- $publicLength = trim(preg_replace('#Public-Lines: (\d+)#', '$1', $key[3]));
- $public = base64_decode(implode('', array_map('trim', array_slice($key, 4, $publicLength))));
- $public = substr($public, 11);
- extract(unpack('Nlength', $this->_string_shift($public, 4)));
- $components['publicExponent'] = new Math_BigInteger($this->_string_shift($public, $length), -256);
- extract(unpack('Nlength', $this->_string_shift($public, 4)));
- $components['modulus'] = new Math_BigInteger($this->_string_shift($public, $length), -256);
- $privateLength = trim(preg_replace('#Private-Lines: (\d+)#', '$1', $key[$publicLength + 4]));
- $private = base64_decode(implode('', array_map('trim', array_slice($key, $publicLength + 5, $privateLength))));
- switch ($encryption) {
- case 'aes256-cbc':
- $symkey = '';
- $sequence = 0;
- while (strlen($symkey) < 32) {
- $temp = pack('Na*', $sequence++, $this->password);
- $symkey.= pack('H*', sha1($temp));
- }
- $symkey = substr($symkey, 0, 32);
- $crypto = new Crypt_AES();
- }
- if ($encryption != 'none') {
- $crypto->setKey($symkey);
- $crypto->disablePadding();
- $private = $crypto->decrypt($private);
- if ($private === false) {
- return false;
- }
- }
- extract(unpack('Nlength', $this->_string_shift($private, 4)));
- if (strlen($private) < $length) {
- return false;
- }
- $components['privateExponent'] = new Math_BigInteger($this->_string_shift($private, $length), -256);
- extract(unpack('Nlength', $this->_string_shift($private, 4)));
- if (strlen($private) < $length) {
- return false;
- }
- $components['primes'] = array(1 => new Math_BigInteger($this->_string_shift($private, $length), -256));
- extract(unpack('Nlength', $this->_string_shift($private, 4)));
- if (strlen($private) < $length) {
- return false;
- }
- $components['primes'][] = new Math_BigInteger($this->_string_shift($private, $length), -256);
- $temp = $components['primes'][1]->subtract($this->one);
- $components['exponents'] = array(1 => $components['publicExponent']->modInverse($temp));
- $temp = $components['primes'][2]->subtract($this->one);
- $components['exponents'][] = $components['publicExponent']->modInverse($temp);
- extract(unpack('Nlength', $this->_string_shift($private, 4)));
- if (strlen($private) < $length) {
- return false;
- }
- $components['coefficients'] = array(2 => new Math_BigInteger($this->_string_shift($private, $length), -256));
- return $components;
- }
- }
- /**
- * Returns the key size
- *
- * More specifically, this returns the size of the modulo in bits.
- *
- * @access public
- * @return Integer
- */
- function getSize()
- {
- return !isset($this->modulus) ? 0 : strlen($this->modulus->toBits());
- }
- /**
- * Start Element Handler
- *
- * Called by xml_set_element_handler()
- *
- * @access private
- * @param Resource $parser
- * @param String $name
- * @param Array $attribs
- */
- function _start_element_handler($parser, $name, $attribs)
- {
- //$name = strtoupper($name);
- switch ($name) {
- case 'MODULUS':
- $this->current = &$this->components['modulus'];
- break;
- case 'EXPONENT':
- $this->current = &$this->components['publicExponent'];
- break;
- case 'P':
- $this->current = &$this->components['primes'][1];
- break;
- case 'Q':
- $this->current = &$this->components['primes'][2];
- break;
- case 'DP':
- $this->current = &$this->components['exponents'][1];
- break;
- case 'DQ':
- $this->current = &$this->components['exponents'][2];
- break;
- case 'INVERSEQ':
- $this->current = &$this->components['coefficients'][2];
- break;
- case 'D':
- $this->current = &$this->components['privateExponent'];
- break;
- default:
- unset($this->current);
- }
- $this->current = '';
- }
- /**
- * Stop Element Handler
- *
- * Called by xml_set_element_handler()
- *
- * @access private
- * @param Resource $parser
- * @param String $name
- */
- function _stop_element_handler($parser, $name)
- {
- //$name = strtoupper($name);
- if ($name == 'RSAKEYVALUE') {
- return;
- }
- $this->current = new Math_BigInteger(base64_decode($this->current), 256);
- }
- /**
- * Data Handler
- *
- * Called by xml_set_character_data_handler()
- *
- * @access private
- * @param Resource $parser
- * @param String $data
- */
- function _data_handler($parser, $data)
- {
- if (!isset($this->current) || is_object($this->current)) {
- return;
- }
- $this->current.= trim($data);
- }
- /**
- * Loads a public or private key
- *
- * Returns true on success and false on failure (ie. an incorrect password was provided or the key was malformed)
- *
- * @access public
- * @param String $key
- * @param Integer $type optional
- */
- function loadKey($key, $type = false)
- {
- if ($type === false) {
- $types = array(
- self::PUBLIC_FORMAT_RAW,
- self::PRIVATE_FORMAT_PKCS1,
- self::PRIVATE_FORMAT_XML,
- self::PRIVATE_FORMAT_PUTTY,
- self::PUBLIC_FORMAT_OPENSSH
- );
- foreach ($types as $type) {
- $components = $this->_parseKey($key, $type);
- if ($components !== false) {
- break;
- }
- }
- } else {
- $components = $this->_parseKey($key, $type);
- }
- if ($components === false) {
- return false;
- }
- $this->modulus = $components['modulus'];
- $this->k = strlen($this->modulus->toBytes());
- $this->exponent = isset($components['privateExponent']) ? $components['privateExponent'] : $components['publicExponent'];
- if (isset($components['primes'])) {
- $this->primes = $components['primes'];
- $this->exponents …
Large files files are truncated, but you can click here to view the full file