mirror of
https://github.com/danog/phpseclib.git
synced 2024-12-13 01:27:40 +01:00
RSA: updates per Joey3000
This commit is contained in:
parent
806249c7e9
commit
d5a359b41e
@ -45,8 +45,6 @@
|
|||||||
|
|
||||||
namespace phpseclib\Crypt;
|
namespace phpseclib\Crypt;
|
||||||
|
|
||||||
use phpseclib\Crypt\Hash;
|
|
||||||
use phpseclib\Crypt\Random;
|
|
||||||
use phpseclib\Math\BigInteger;
|
use phpseclib\Math\BigInteger;
|
||||||
use phpseclib\File\ASN1;
|
use phpseclib\File\ASN1;
|
||||||
|
|
||||||
@ -1683,6 +1681,7 @@ class RSA
|
|||||||
*
|
*
|
||||||
* @access private
|
* @access private
|
||||||
* @param string $m
|
* @param string $m
|
||||||
|
* @param bool $pkcs15_compat optional
|
||||||
* @throws \OutOfBoundsException if strlen($m) > $this->k - 11
|
* @throws \OutOfBoundsException if strlen($m) > $this->k - 11
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
@ -1870,7 +1869,7 @@ class RSA
|
|||||||
*
|
*
|
||||||
* @access private
|
* @access private
|
||||||
* @param string $m
|
* @param string $m
|
||||||
* @return string
|
* @return bool|string
|
||||||
*/
|
*/
|
||||||
function _rsassa_pss_sign($m)
|
function _rsassa_pss_sign($m)
|
||||||
{
|
{
|
||||||
@ -1940,9 +1939,6 @@ class RSA
|
|||||||
function _emsa_pkcs1_v1_5_encode($m, $emLen)
|
function _emsa_pkcs1_v1_5_encode($m, $emLen)
|
||||||
{
|
{
|
||||||
$h = $this->hash->hash($m);
|
$h = $this->hash->hash($m);
|
||||||
if ($h === false) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
// see http://tools.ietf.org/html/rfc3447#page-43
|
// see http://tools.ietf.org/html/rfc3447#page-43
|
||||||
switch ($this->hashName) {
|
switch ($this->hashName) {
|
||||||
@ -1986,7 +1982,7 @@ class RSA
|
|||||||
* @access private
|
* @access private
|
||||||
* @param string $m
|
* @param string $m
|
||||||
* @throws \LengthException if the RSA modulus is too short
|
* @throws \LengthException if the RSA modulus is too short
|
||||||
* @return string
|
* @return bool|string
|
||||||
*/
|
*/
|
||||||
function _rsassa_pkcs1_v1_5_sign($m)
|
function _rsassa_pkcs1_v1_5_sign($m)
|
||||||
{
|
{
|
||||||
@ -1994,9 +1990,10 @@ class RSA
|
|||||||
|
|
||||||
// If the encoding operation outputs "intended encoded message length too short," output "RSA modulus
|
// If the encoding operation outputs "intended encoded message length too short," output "RSA modulus
|
||||||
// too short" and stop.
|
// too short" and stop.
|
||||||
$em = $this->_emsa_pkcs1_v1_5_encode($m, $this->k);
|
try {
|
||||||
if ($em === false) {
|
$em = $this->_emsa_pkcs1_v1_5_encode($m, $this->k);
|
||||||
return false;
|
} catch (\LengthException $e) {
|
||||||
|
throw new \LengthException('RSA modulus too short');
|
||||||
}
|
}
|
||||||
|
|
||||||
// RSA signature
|
// RSA signature
|
||||||
@ -2017,8 +2014,9 @@ class RSA
|
|||||||
*
|
*
|
||||||
* @access private
|
* @access private
|
||||||
* @param string $m
|
* @param string $m
|
||||||
|
* @param string $s
|
||||||
* @throws \LengthException if the RSA modulus is too short
|
* @throws \LengthException if the RSA modulus is too short
|
||||||
* @return bool|string
|
* @return bool
|
||||||
*/
|
*/
|
||||||
function _rsassa_pkcs1_v1_5_verify($m, $s)
|
function _rsassa_pkcs1_v1_5_verify($m, $s)
|
||||||
{
|
{
|
||||||
@ -2069,7 +2067,8 @@ class RSA
|
|||||||
*
|
*
|
||||||
* @access private
|
* @access private
|
||||||
* @param string $m
|
* @param string $m
|
||||||
* @return bool|string
|
* @param string $s
|
||||||
|
* @return bool
|
||||||
*/
|
*/
|
||||||
function _rsassa_pkcs1_v1_5_relaxed_verify($m, $s)
|
function _rsassa_pkcs1_v1_5_relaxed_verify($m, $s)
|
||||||
{
|
{
|
||||||
@ -2166,8 +2165,8 @@ class RSA
|
|||||||
* @see self::decrypt()
|
* @see self::decrypt()
|
||||||
* @access public
|
* @access public
|
||||||
* @param string $plaintext
|
* @param string $plaintext
|
||||||
* @param int $padding
|
* @param int $padding optional
|
||||||
* @return string
|
* @return bool|string
|
||||||
* @throws \LengthException if the RSA modulus is too short
|
* @throws \LengthException if the RSA modulus is too short
|
||||||
*/
|
*/
|
||||||
function encrypt($plaintext, $padding = self::PADDING_OAEP)
|
function encrypt($plaintext, $padding = self::PADDING_OAEP)
|
||||||
@ -2177,7 +2176,11 @@ class RSA
|
|||||||
$plaintext = str_split($plaintext, $this->k);
|
$plaintext = str_split($plaintext, $this->k);
|
||||||
$ciphertext = '';
|
$ciphertext = '';
|
||||||
foreach ($plaintext as $m) {
|
foreach ($plaintext as $m) {
|
||||||
$ciphertext.= $this->_raw_encrypt($m);
|
$temp = $this->_raw_encrypt($m);
|
||||||
|
if ($temp === false) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$ciphertext.= $temp;
|
||||||
}
|
}
|
||||||
return $ciphertext;
|
return $ciphertext;
|
||||||
case self::PADDING_PKCS15_COMPAT:
|
case self::PADDING_PKCS15_COMPAT:
|
||||||
@ -2190,7 +2193,11 @@ class RSA
|
|||||||
$plaintext = str_split($plaintext, $length);
|
$plaintext = str_split($plaintext, $length);
|
||||||
$ciphertext = '';
|
$ciphertext = '';
|
||||||
foreach ($plaintext as $m) {
|
foreach ($plaintext as $m) {
|
||||||
$ciphertext.= $this->_rsaes_pkcs1_v1_5_encrypt($m, $padding == self::PADDING_PKCS15_COMPAT);
|
$temp = $this->_rsaes_pkcs1_v1_5_encrypt($m, $padding == self::PADDING_PKCS15_COMPAT);
|
||||||
|
if ($temp === false) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$ciphertext.= $temp;
|
||||||
}
|
}
|
||||||
return $ciphertext;
|
return $ciphertext;
|
||||||
//case self::PADDING_OAEP:
|
//case self::PADDING_OAEP:
|
||||||
@ -2203,7 +2210,11 @@ class RSA
|
|||||||
$plaintext = str_split($plaintext, $length);
|
$plaintext = str_split($plaintext, $length);
|
||||||
$ciphertext = '';
|
$ciphertext = '';
|
||||||
foreach ($plaintext as $m) {
|
foreach ($plaintext as $m) {
|
||||||
$ciphertext.= $this->_rsaes_oaep_encrypt($m);
|
$temp = $this->_rsaes_oaep_encrypt($m);
|
||||||
|
if ($temp === false) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$ciphertext.= $temp;
|
||||||
}
|
}
|
||||||
return $ciphertext;
|
return $ciphertext;
|
||||||
}
|
}
|
||||||
@ -2215,7 +2226,7 @@ class RSA
|
|||||||
* @see self::encrypt()
|
* @see self::encrypt()
|
||||||
* @access public
|
* @access public
|
||||||
* @param string $plaintext
|
* @param string $plaintext
|
||||||
* @param int|bool $padding
|
* @param int $padding optional
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
function decrypt($ciphertext, $padding = self::PADDING_OAEP)
|
function decrypt($ciphertext, $padding = self::PADDING_OAEP)
|
||||||
@ -2258,7 +2269,7 @@ class RSA
|
|||||||
* @see self::verify()
|
* @see self::verify()
|
||||||
* @access public
|
* @access public
|
||||||
* @param string $message
|
* @param string $message
|
||||||
* @param int $padding
|
* @param int $padding optional
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
function sign($message, $padding = self::PADDING_PSS)
|
function sign($message, $padding = self::PADDING_PSS)
|
||||||
@ -2284,7 +2295,7 @@ class RSA
|
|||||||
* @access public
|
* @access public
|
||||||
* @param string $message
|
* @param string $message
|
||||||
* @param string $signature
|
* @param string $signature
|
||||||
* @param int|bool $padding
|
* @param int $padding optional
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
function verify($message, $signature, $padding = self::PADDING_PSS)
|
function verify($message, $signature, $padding = self::PADDING_PSS)
|
||||||
|
@ -16,6 +16,8 @@
|
|||||||
namespace phpseclib\System\SSH\Agent;
|
namespace phpseclib\System\SSH\Agent;
|
||||||
|
|
||||||
use phpseclib\System\SSH\Agent;
|
use phpseclib\System\SSH\Agent;
|
||||||
|
use phpseclib\Crypt\RSA;
|
||||||
|
use phpseclib\Exception\UnsupportedAlgorithmException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pure-PHP ssh-agent client identity object
|
* Pure-PHP ssh-agent client identity object
|
||||||
@ -122,10 +124,15 @@ class Identity
|
|||||||
* @param int|bool $padding
|
* @param int|bool $padding
|
||||||
* @return string
|
* @return string
|
||||||
* @throws \RuntimeException on connection errors
|
* @throws \RuntimeException on connection errors
|
||||||
|
* @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported
|
||||||
* @access public
|
* @access public
|
||||||
*/
|
*/
|
||||||
function sign($message, $padding = false)
|
function sign($message, $padding = RSA::PADDING_PSS)
|
||||||
{
|
{
|
||||||
|
if ($padding != RSA::PADDING_PKCS1 && $padding != RSA::PADDING_RELAXED_PKCS1) {
|
||||||
|
throw new \UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures');
|
||||||
|
}
|
||||||
|
|
||||||
// the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE
|
// the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE
|
||||||
$packet = pack('CNa*Na*N', Agent::SSH_AGENTC_SIGN_REQUEST, strlen($this->key_blob), $this->key_blob, strlen($message), $message, 0);
|
$packet = pack('CNa*Na*N', Agent::SSH_AGENTC_SIGN_REQUEST, strlen($this->key_blob), $this->key_blob, strlen($message), $message, 0);
|
||||||
$packet = pack('Na*', strlen($packet), $packet);
|
$packet = pack('Na*', strlen($packet), $packet);
|
||||||
|
Loading…
Reference in New Issue
Block a user