From c1b70c21cbccc119ab4b6e212462301a1cedf431 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sat, 16 Jan 2021 09:59:45 -0600 Subject: [PATCH 1/3] RSA: the salt length isn't saved for new keys --- phpseclib/Crypt/RSA/PrivateKey.php | 2 +- phpseclib/Crypt/RSA/PublicKey.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/phpseclib/Crypt/RSA/PrivateKey.php b/phpseclib/Crypt/RSA/PrivateKey.php index 2830d982..5205ce63 100644 --- a/phpseclib/Crypt/RSA/PrivateKey.php +++ b/phpseclib/Crypt/RSA/PrivateKey.php @@ -512,7 +512,7 @@ class PrivateKey extends RSA implements Common\PrivateKey $options+= [ 'hash' => $this->hash->getHash(), 'MGFHash' => $this->mgfHash->getHash(), - 'saltLength' => $this->sLen + 'saltLength' => $this->getSaltLength() ]; } else { throw new UnsupportedFormatException('The PSS format can only be used when the signature method has been explicitly set to PSS'); diff --git a/phpseclib/Crypt/RSA/PublicKey.php b/phpseclib/Crypt/RSA/PublicKey.php index 4a080d7c..3475ad99 100644 --- a/phpseclib/Crypt/RSA/PublicKey.php +++ b/phpseclib/Crypt/RSA/PublicKey.php @@ -475,7 +475,7 @@ class PublicKey extends RSA implements Common\PublicKey $options+= [ 'hash' => $this->hash->getHash(), 'MGFHash' => $this->mgfHash->getHash(), - 'saltLength' => $this->sLen + 'saltLength' => $this->getSaltLength() ]; } else { throw new UnsupportedFormatException('The PSS format can only be used when the signature method has been explicitly set to PSS'); From 131459996b00793b67c50c76c77fcd37c9eec5a1 Mon Sep 17 00:00:00 2001 From: Jan Slabon Date: Fri, 15 Jan 2021 11:30:55 +0100 Subject: [PATCH 2/3] Added support for absent parameters field in PSS keys See [here](https://tools.ietf.org/html/rfc4055#section-3.1) for details. --- phpseclib/Crypt/RSA/Formats/Keys/PSS.php | 17 +++++-- tests/Unit/Crypt/RSA/LoadKeyTest.php | 60 ++++++++++++++++++++++++ 2 files changed, 72 insertions(+), 5 deletions(-) diff --git a/phpseclib/Crypt/RSA/Formats/Keys/PSS.php b/phpseclib/Crypt/RSA/Formats/Keys/PSS.php index c1cc7f89..813653ae 100644 --- a/phpseclib/Crypt/RSA/Formats/Keys/PSS.php +++ b/phpseclib/Crypt/RSA/Formats/Keys/PSS.php @@ -120,11 +120,16 @@ abstract class PSS extends Progenitor $result = $components + PKCS1::load($key[$type . 'Key']); - $decoded = ASN1::decodeBER($key[$type . 'KeyAlgorithm']['parameters']); - if ($decoded === false) { - throw new \UnexpectedValueException('Unable to decode parameters'); + if (isset($key[$type . 'KeyAlgorithm']['parameters'])) { + $decoded = ASN1::decodeBER($key[$type . 'KeyAlgorithm']['parameters']); + if ($decoded === false) { + throw new \UnexpectedValueException('Unable to decode parameters'); + } + $params = ASN1::asn1map($decoded[0], Maps\RSASSA_PSS_params::MAP); + } else { + $params = []; } - $params = ASN1::asn1map($decoded[0], Maps\RSASSA_PSS_params::MAP); + if (isset($params['maskGenAlgorithm']['parameters'])) { $decoded = ASN1::decodeBER($params['maskGenAlgorithm']['parameters']); if ($decoded === false) { @@ -144,7 +149,9 @@ abstract class PSS extends Progenitor $result['hash'] = str_replace('id-', '', $params['hashAlgorithm']['algorithm']); $result['MGFHash'] = str_replace('id-', '', $params['maskGenAlgorithm']['parameters']['algorithm']); - $result['saltLength'] = (int) $params['saltLength']->toString(); + if (isset($params['saltLength'])) { + $result['saltLength'] = (int) $params['saltLength']->toString(); + } if (isset($key['meta'])) { $result['meta'] = $key['meta']; diff --git a/tests/Unit/Crypt/RSA/LoadKeyTest.php b/tests/Unit/Crypt/RSA/LoadKeyTest.php index 64a7e669..1ce80ded 100644 --- a/tests/Unit/Crypt/RSA/LoadKeyTest.php +++ b/tests/Unit/Crypt/RSA/LoadKeyTest.php @@ -246,6 +246,66 @@ ZQIDAQAB $this->assertInstanceOf(PublicKey::class, $rsa); } + + public function testPubKeyPssWithoutParams() + { + // extracted from a SubjectPublicKeyInfo of a CSR created by OpenSSL + $key = '-----BEGIN PUBLIC KEY----- +MIIBIDALBgkqhkiG9w0BAQoDggEPADCCAQoCggEBANHPPf5tjTmEHtQvzi6+rItj +G3OUvh6Nihc9bXSu0xNFjl/9TdyIXstRUG/Lh07isHgZFEfXn4pmm/iZIQh09ACg +TjEau8rpcLB0BS9dDgTh8hvgkbdxWR2UPxk34bFcdgIplckslAfB4+/ebL+ObvUa +W3sZosTq3D6/qh0fujGZg/EKLJcNCHI27XMiAT5yWztSjHWwQm7LBwJ5uKlFLEDC +Z/+LIV/vPEIMfE6lA/+OnLKwVFB540eXQPuWar1ARHXN8PpiCqJHanddYMA5l/Cw +5R7kJ+CBoHzaPePXjB9V1bfzEBzBHb2ddiSjum+qtLWuH0Q7B8gPX9EjxIwuCzMC +AwEAAQ== +-----END PUBLIC KEY-----'; + $key = str_replace(["\r", "\n", "\r\n"], ' ', $key); + + $rsa = PublicKeyLoader::load($key); + + $this->assertInstanceOf(PublicKey::class, $rsa); + $this->assertIsString("$rsa"); + } + + public function testPrivateKeyPssWithoutParams() + { + $key = '-----BEGIN PRIVATE KEY----- +MIIEugIBADALBgkqhkiG9w0BAQoEggSmMIIEogIBAAKCAQEA0c89/m2NOYQe1C/O +Lr6si2Mbc5S+Ho2KFz1tdK7TE0WOX/1N3Ihey1FQb8uHTuKweBkUR9efimab+Jkh +CHT0AKBOMRq7yulwsHQFL10OBOHyG+CRt3FZHZQ/GTfhsVx2AimVySyUB8Hj795s +v45u9RpbexmixOrcPr+qHR+6MZmD8Qoslw0IcjbtcyIBPnJbO1KMdbBCbssHAnm4 +qUUsQMJn/4shX+88Qgx8TqUD/46csrBUUHnjR5dA+5ZqvUBEdc3w+mIKokdqd11g +wDmX8LDlHuQn4IGgfNo949eMH1XVt/MQHMEdvZ12JKO6b6q0ta4fRDsHyA9f0SPE +jC4LMwIDAQABAoIBAFPuTMWAO7Obh92oNhn7CvlDr1KgWSHNy0UavLOl0ChwddEu +erxTDWDWaZAfYkSLaL7SgYtv1ZG/FHvxfgZtCsNJXZ5FLISyt/LOpthYqGgJnxnJ +z2EMBfNQP6Gt+ipCa67XxeTRYXJs/OsTFnvW1cpVPe1TxwpxTaQIdlvqOkjmgCci +TRzH+Acj8unWDHAJpQkCOvmi+25sE0BMQYWnsfMSzm63Yk3SeZLIJKqoUdZhYMZU +6FK2DMDNR4TZps7s50MFlZfUUJfzgb4Hb4miiKzLPhf4q7rxS4VzrvUQ/81ySCwi +1LaSw5HoH1YMDT6rwcHMwHhzhu8X2CKlNIrri8ECgYEA7aiZAxmlY28LWcXHqqhZ +Yky76vLy/mbs0TfAVK2pSqyFhaGZe5daAJSIrVcZEEgAwR6/ZLITTWBuGdsHw6vF +GtSvkElLhopmQEs73kKqeBFLhpTqYXYVW0txi3jdWElie8fZa/Oa/sFLEeNsibQu +fbVWWGakf9458FDuR0i2k+ECgYEA4gBu2u6xkJzqOzOjBg5tNhxmzcPyt4Ds3ryA +e+C5hVCotd1EX6HZRPYjLEys0yUhiXDAn7ViEdtiXt9RYfpK+OKLGeTZ7pMCyZW+ +Yhc0i2XYqWSKUH3iNonp8B0JSkfEQBY2KlA7b5YZQZkr/Ml/WtoKeicHLBcdVxqa +t7krQZMCgYBMU7GQxVPQs4E5u8N8k8ThRTO1KYHRIs08BGPIzl1oli/r0xKwFtPZ +C9s5kJeEGxvi6jUd6fM5DpdNxoKf3TLYgyY/eMrA0wIz8/WuVErbdPKErp733izN +vVUiLhcom6j9iBnUCdDlsL6jaB8burqTtQGeMpjyWDTTcaqVSk0ZAQKBgCqc1EoZ +eYd/3rZc7R8mNzddsZCYorow5/izaDJzU+esJrNrzgmOFc5n7ofayTdip+knRlqW +s7AUQn8K8mhb7ijxZjLysJjIRV1HC8epAnJKOMjvuRimM7H+3Qo2H1tPHtTKm1nt +GNfYYFi7Dc0zHP0/YXxYwYRxs0mKLaP4mQxbAoGARHngPhGC0yM5KqxNrkHPVjLq +CHQy+e9GTPXtDLC3D7HAYyyzKqy4mdBDzMeLqA3a+iT2PXjn4w5zOEW8GAcRYRtG +3EyvclPmWtmCpU5xqD8ieFtQhMeW/XzJHjTXlcncz0PCkGVoQiuRvXWNAukNPg0D +BocC2CO6SNi4Qjr3NlM= +-----END PRIVATE KEY-----'; + + $key = str_replace(["\r", "\n", "\r\n"], ' ', $key); + + $rsa = PublicKeyLoader::load($key); + + $this->assertInstanceOf(PrivateKey::class, $rsa); + $this->assertIsString("$rsa"); + } + public function testPubPrivateKey() { $key = '-----BEGIN RSA PUBLIC KEY----- From e5a226f6be3db2b5e5ae8a86f7137c7a8da19f3a Mon Sep 17 00:00:00 2001 From: Jan Slabon Date: Fri, 15 Jan 2021 11:55:08 +0100 Subject: [PATCH 3/3] Added support of keys with PSS algorithm-identifier --- phpseclib/Crypt/RSA.php | 1 + tests/Unit/Crypt/RSA/LoadKeyTest.php | 58 ++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index 28309e5b..7671e858 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -1298,6 +1298,7 @@ class Crypt_RSA $length = $this->_decodeLength($temp); switch ($this->_string_shift($temp, $length)) { case "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01": // rsaEncryption + case "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0A": // rsaPSS break; case "\x2a\x86\x48\x86\xf7\x0d\x01\x05\x03": // pbeWithMD5AndDES-CBC /* diff --git a/tests/Unit/Crypt/RSA/LoadKeyTest.php b/tests/Unit/Crypt/RSA/LoadKeyTest.php index 18a93619..3b624e66 100644 --- a/tests/Unit/Crypt/RSA/LoadKeyTest.php +++ b/tests/Unit/Crypt/RSA/LoadKeyTest.php @@ -227,6 +227,64 @@ ZQIDAQAB $this->assertFalse($rsa->getPrivateKey()); } + public function testPubKeyPssWithoutParams() + { + $rsa = new Crypt_RSA(); + + // extracted from a SubjectPublicKeyInfo of a CSR created by OpenSSL + $key = '-----BEGIN PUBLIC KEY----- +MIIBIDALBgkqhkiG9w0BAQoDggEPADCCAQoCggEBANHPPf5tjTmEHtQvzi6+rItj +G3OUvh6Nihc9bXSu0xNFjl/9TdyIXstRUG/Lh07isHgZFEfXn4pmm/iZIQh09ACg +TjEau8rpcLB0BS9dDgTh8hvgkbdxWR2UPxk34bFcdgIplckslAfB4+/ebL+ObvUa +W3sZosTq3D6/qh0fujGZg/EKLJcNCHI27XMiAT5yWztSjHWwQm7LBwJ5uKlFLEDC +Z/+LIV/vPEIMfE6lA/+OnLKwVFB540eXQPuWar1ARHXN8PpiCqJHanddYMA5l/Cw +5R7kJ+CBoHzaPePXjB9V1bfzEBzBHb2ddiSjum+qtLWuH0Q7B8gPX9EjxIwuCzMC +AwEAAQ== +-----END PUBLIC KEY-----'; + + $this->assertTrue($rsa->loadKey($key)); + $this->assertIsString($rsa->getPublicKey()); + $this->assertFalse($rsa->getPrivateKey()); + } + + public function testPrivateKeyPssWithoutParams() + { + $rsa = new Crypt_RSA(); + + $key = '-----BEGIN PRIVATE KEY----- +MIIEugIBADALBgkqhkiG9w0BAQoEggSmMIIEogIBAAKCAQEA0c89/m2NOYQe1C/O +Lr6si2Mbc5S+Ho2KFz1tdK7TE0WOX/1N3Ihey1FQb8uHTuKweBkUR9efimab+Jkh +CHT0AKBOMRq7yulwsHQFL10OBOHyG+CRt3FZHZQ/GTfhsVx2AimVySyUB8Hj795s +v45u9RpbexmixOrcPr+qHR+6MZmD8Qoslw0IcjbtcyIBPnJbO1KMdbBCbssHAnm4 +qUUsQMJn/4shX+88Qgx8TqUD/46csrBUUHnjR5dA+5ZqvUBEdc3w+mIKokdqd11g +wDmX8LDlHuQn4IGgfNo949eMH1XVt/MQHMEdvZ12JKO6b6q0ta4fRDsHyA9f0SPE +jC4LMwIDAQABAoIBAFPuTMWAO7Obh92oNhn7CvlDr1KgWSHNy0UavLOl0ChwddEu +erxTDWDWaZAfYkSLaL7SgYtv1ZG/FHvxfgZtCsNJXZ5FLISyt/LOpthYqGgJnxnJ +z2EMBfNQP6Gt+ipCa67XxeTRYXJs/OsTFnvW1cpVPe1TxwpxTaQIdlvqOkjmgCci +TRzH+Acj8unWDHAJpQkCOvmi+25sE0BMQYWnsfMSzm63Yk3SeZLIJKqoUdZhYMZU +6FK2DMDNR4TZps7s50MFlZfUUJfzgb4Hb4miiKzLPhf4q7rxS4VzrvUQ/81ySCwi +1LaSw5HoH1YMDT6rwcHMwHhzhu8X2CKlNIrri8ECgYEA7aiZAxmlY28LWcXHqqhZ +Yky76vLy/mbs0TfAVK2pSqyFhaGZe5daAJSIrVcZEEgAwR6/ZLITTWBuGdsHw6vF +GtSvkElLhopmQEs73kKqeBFLhpTqYXYVW0txi3jdWElie8fZa/Oa/sFLEeNsibQu +fbVWWGakf9458FDuR0i2k+ECgYEA4gBu2u6xkJzqOzOjBg5tNhxmzcPyt4Ds3ryA +e+C5hVCotd1EX6HZRPYjLEys0yUhiXDAn7ViEdtiXt9RYfpK+OKLGeTZ7pMCyZW+ +Yhc0i2XYqWSKUH3iNonp8B0JSkfEQBY2KlA7b5YZQZkr/Ml/WtoKeicHLBcdVxqa +t7krQZMCgYBMU7GQxVPQs4E5u8N8k8ThRTO1KYHRIs08BGPIzl1oli/r0xKwFtPZ +C9s5kJeEGxvi6jUd6fM5DpdNxoKf3TLYgyY/eMrA0wIz8/WuVErbdPKErp733izN +vVUiLhcom6j9iBnUCdDlsL6jaB8burqTtQGeMpjyWDTTcaqVSk0ZAQKBgCqc1EoZ +eYd/3rZc7R8mNzddsZCYorow5/izaDJzU+esJrNrzgmOFc5n7ofayTdip+knRlqW +s7AUQn8K8mhb7ijxZjLysJjIRV1HC8epAnJKOMjvuRimM7H+3Qo2H1tPHtTKm1nt +GNfYYFi7Dc0zHP0/YXxYwYRxs0mKLaP4mQxbAoGARHngPhGC0yM5KqxNrkHPVjLq +CHQy+e9GTPXtDLC3D7HAYyyzKqy4mdBDzMeLqA3a+iT2PXjn4w5zOEW8GAcRYRtG +3EyvclPmWtmCpU5xqD8ieFtQhMeW/XzJHjTXlcncz0PCkGVoQiuRvXWNAukNPg0D +BocC2CO6SNi4Qjr3NlM= +-----END PRIVATE KEY-----'; + + $this->assertTrue($rsa->loadKey($key)); + $this->assertIsString($rsa->getPublicKey()); + $this->assertIsString($rsa->getPrivateKey()); + } + public function testSSHPubKey() { $rsa = new Crypt_RSA();