From 5bc572e2ced12d78a262a1c556d0b5acf7a3ae22 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Mon, 14 Feb 2022 20:42:29 -0600 Subject: [PATCH] EC/PKCS8: OpenSSL didn't like phpseclib formed Ed25519 private keys Tested with openssl pkey -in private.pem -pubout -text on OpenSSL 1.1.1f 31 Mar 2020 --- phpseclib/Crypt/Common/Formats/Keys/PKCS8.php | 6 ++++-- phpseclib/Crypt/EC/Formats/Keys/PKCS8.php | 3 +-- tests/Unit/Crypt/EC/KeyTest.php | 14 ++++++-------- 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php b/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php index 4364324d..4f1db684 100644 --- a/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php +++ b/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php @@ -523,11 +523,13 @@ abstract class PKCS8 extends PKCS $key = [ 'version' => 'v1', 'privateKeyAlgorithm' => [ - 'algorithm' => is_string(static::OID_NAME) ? static::OID_NAME : $oid, - 'parameters' => $params + 'algorithm' => is_string(static::OID_NAME) ? static::OID_NAME : $oid ], 'privateKey' => $key ]; + if ($oid != 'id-Ed25519' && $oid != 'id-Ed448') { + $key['privateKeyAlgorithm']['parameters'] = $params; + } if (!empty($attr)) { $key['attributes'] = $attr; } diff --git a/phpseclib/Crypt/EC/Formats/Keys/PKCS8.php b/phpseclib/Crypt/EC/Formats/Keys/PKCS8.php index a2d0ff28..346c8117 100644 --- a/phpseclib/Crypt/EC/Formats/Keys/PKCS8.php +++ b/phpseclib/Crypt/EC/Formats/Keys/PKCS8.php @@ -226,8 +226,7 @@ abstract class PKCS8 extends Progenitor [], null, $password, - $curve instanceof Ed25519 ? 'id-Ed25519' : 'id-Ed448', - "\0" . $curve->encodePoint($publicKey) + $curve instanceof Ed25519 ? 'id-Ed25519' : 'id-Ed448' ); } diff --git a/tests/Unit/Crypt/EC/KeyTest.php b/tests/Unit/Crypt/EC/KeyTest.php index db3651a3..cbe96a09 100644 --- a/tests/Unit/Crypt/EC/KeyTest.php +++ b/tests/Unit/Crypt/EC/KeyTest.php @@ -271,9 +271,11 @@ MCwwBwYDK2VwBQADIQAZv0QJaYTN/oVBusFn3DuWyFCGqjC2tssMXDitcDFm4Q== public function testEd25519PrivateKey() { // without public key (public key should be derived) - $key = PublicKeyLoader::load('-----BEGIN PRIVATE KEY----- + $expected = '-----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC ------END PRIVATE KEY-----'); +-----END PRIVATE KEY-----'; + $key = PublicKeyLoader::load($expected); + $this->assertSameNL($expected, $key->toString('PKCS8')); $this->assertSameNL('Ed25519', $key->getCurve()); $this->assertSameNL('Ed25519', $key->getPublicKey()->getCurve()); @@ -289,14 +291,10 @@ Z9w7lshQhqowtrbLDFw4rXAxZuE= // the above key not only omits NULL - it also includes a // unstructuredName attribute with a value of "Curdle Chairs" // that the following key does not have - $expected = '-----BEGIN PRIVATE KEY----- + $key = PublicKeyLoader::load('-----BEGIN PRIVATE KEY----- MFMCAQEwBwYDK2VwBQAEIgQg1O5y2/kTWErVttjx92n4rTr+fCjL8dT74Jeoj0R1 WEKBIQAZv0QJaYTN/oVBusFn3DuWyFCGqjC2tssMXDitcDFm4Q== ------END PRIVATE KEY-----'; - $this->assertSameNL($expected, $key->toString('PKCS8')); - - $expected = EC::createKey('Ed25519')->toString('PKCS8'); - $key = PublicKeyLoader::load($expected); +-----END PRIVATE KEY-----'); $this->assertSameNL('Ed25519', $key->getCurve()); $this->assertSameNL('Ed25519', $key->getPublicKey()->getCurve()); }