diff --git a/composer.json b/composer.json index 59d3d5c1..da2e1c22 100644 --- a/composer.json +++ b/composer.json @@ -67,6 +67,9 @@ "ext-gmp": "Install the GMP (GNU Multiple Precision) extension in order to speed up arbitrary precision integer arithmetic operations." }, "autoload": { + "files": [ + "phpseclib/bootstrap.php" + ], "psr-4": { "phpseclib\\": "phpseclib/" } diff --git a/composer.lock b/composer.lock index 533bdf97..7fbfdcb1 100644 --- a/composer.lock +++ b/composer.lock @@ -4,21 +4,21 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "hash": "5f98ee3f3d86f0fac9934fec63c6cd03", + "hash": "deb73cf7e6004dbc2550a38c4082df2d", "content-hash": "39f9dd8d2c209ff69eebbb83e367257e", "packages": [ { "name": "paragonie/random_compat", - "version": "v2.0.1", + "version": "v2.0.2", "source": { "type": "git", "url": "https://github.com/paragonie/random_compat.git", - "reference": "76e90f747b769b347fe584e8015a014549107d35" + "reference": "088c04e2f261c33bed6ca5245491cfca69195ccf" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/paragonie/random_compat/zipball/76e90f747b769b347fe584e8015a014549107d35", - "reference": "76e90f747b769b347fe584e8015a014549107d35", + "url": "https://api.github.com/repos/paragonie/random_compat/zipball/088c04e2f261c33bed6ca5245491cfca69195ccf", + "reference": "088c04e2f261c33bed6ca5245491cfca69195ccf", "shasum": "" }, "require": { @@ -53,7 +53,7 @@ "pseudorandom", "random" ], - "time": "2016-03-18 20:36:13" + "time": "2016-04-03 06:00:07" } ], "packages-dev": [ @@ -1253,19 +1253,20 @@ }, { "name": "squizlabs/php_codesniffer", - "version": "2.5.1", + "version": "2.6.0", "source": { "type": "git", "url": "https://github.com/squizlabs/PHP_CodeSniffer.git", - "reference": "6731851d6aaf1d0d6c58feff1065227b7fda3ba8" + "reference": "1bcdf03b068a530ac1962ce671dead356eeba43b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/squizlabs/PHP_CodeSniffer/zipball/6731851d6aaf1d0d6c58feff1065227b7fda3ba8", - "reference": "6731851d6aaf1d0d6c58feff1065227b7fda3ba8", + "url": "https://api.github.com/repos/squizlabs/PHP_CodeSniffer/zipball/1bcdf03b068a530ac1962ce671dead356eeba43b", + "reference": "1bcdf03b068a530ac1962ce671dead356eeba43b", "shasum": "" }, "require": { + "ext-simplexml": "*", "ext-tokenizer": "*", "ext-xmlwriter": "*", "php": ">=5.1.2" @@ -1326,7 +1327,7 @@ "phpcs", "standards" ], - "time": "2016-01-19 23:39:10" + "time": "2016-04-03 22:58:34" }, { "name": "symfony/console", diff --git a/phpseclib/Crypt/Hash.php b/phpseclib/Crypt/Hash.php index 6c5c22a9..1b746037 100644 --- a/phpseclib/Crypt/Hash.php +++ b/phpseclib/Crypt/Hash.php @@ -33,6 +33,7 @@ namespace phpseclib\Crypt; +use phpseclib\Math\BigInteger; use phpseclib\Exception\UnsupportedAlgorithmException; /** @@ -79,6 +80,39 @@ class Hash */ var $key = false; + /** + * Initial Hash + * + * Used only for sha512/* + * + * @see self::_sha512() + * @var array + * @access private + */ + var $initial = false; + + /** + * Outer XOR (Internal HMAC) + * + * Used only for sha512/* + * + * @see self::hash() + * @var string + * @access private + */ + var $opad; + + /** + * Inner XOR (Internal HMAC) + * + * Used only for sha512/* + * + * @see self::hash() + * @var string + * @access private + */ + var $ipad; + /** * Default Constructor. * @@ -88,6 +122,9 @@ class Hash function __construct($hash = 'sha256') { $this->setHash($hash); + + $this->ipad = str_repeat(chr(0x36), 128); + $this->opad = str_repeat(chr(0x5C), 128); } /** @@ -126,10 +163,13 @@ class Hash { $this->hashParam = $hash = strtolower($hash); switch ($hash) { + case 'md2-96': case 'md5-96': case 'sha1-96': case 'sha256-96': case 'sha512-96': + case 'sha512/224-96': + case 'sha512/256-96': $hash = substr($hash, 0, -3); $this->length = 12; // 96 / 8 = 12 break; @@ -140,7 +180,11 @@ class Hash case 'sha1': $this->length = 20; break; + case 'sha512/224': + $this->length = 28; + break; case 'sha256': + case 'sha512/256': $this->length = 32; break; case 'sha384': @@ -171,6 +215,23 @@ class Hash ); } + if ($hash == 'sha512/224' || $hash == 'sha512/256') { + // from http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf#page=24 + $this->initial = $hash == 'sha512/256' ? + array( + '22312194FC2BF72C', '9F555FA3C84C64C2', '2393B86B6F53B151', '963877195940EABD', + '96283EE2A88EFFE3', 'BE5E1E2553863992', '2B0199FC2C85B8AA', '0EB72DDC81C52CA2' + ) : + array( + '8C3D37C819544DA2', '73E1996689DCD4D6', '1DFAB7AE32FF9C82', '679DD514582F9FCF', + '0F6D2B697BD44DA8', '77E36F7304C48942', '3F9D85A86A1D36C8', '1112E6AD91D692A1' + ); + for ($i = 0; $i < 8; $i++) { + $this->initial[$i] = new BigInteger($this->initial[$i], 16); + $this->initial[$i]->setPrecision(64); + } + } + $this->hash = $hash; } @@ -183,6 +244,28 @@ class Hash */ function hash($text) { + switch ($this->hash) { + case 'sha512/224': + case 'sha512/256': + if (empty($this->key) || !is_string($this->key)) { + return substr(self::_sha512($text, $this->initial), 0, $this->length); + } + /* "Applications that use keys longer than B bytes will first hash the key using H and then use the + resultant L byte string as the actual key to HMAC." + + -- http://tools.ietf.org/html/rfc2104#section-2 */ + $key = strlen($this->key) > $this->b ? self::_sha512($this->key, $this->initial) : $this->key; + + $key = str_pad($this->key, 128, chr(0)); // step 1 + $temp = $this->ipad ^ $this->key; // step 2 + $temp .= $text; // step 3 + $temp = self::_sha512($temp, $this->initial); // step 4 + $output = $this->opad ^ $this->key; // step 5 + $output.= $temp; // step 6 + $output = self::_sha512($output, $this->initial); // step 7 + + return substr($output, 0, $this->length); + } $output = !empty($this->key) || is_string($this->key) ? hash_hmac($this->hash, $text, $this->key, true) : hash($this->hash, $text, true); @@ -202,4 +285,178 @@ class Hash { return $this->length; } + + /** + * Pure-PHP implementation of SHA512 + * + * @access private + * @param string $m + */ + static function _sha512($m, $hash) + { + static $k; + + if (!isset($k)) { + // Initialize table of round constants + // (first 64 bits of the fractional parts of the cube roots of the first 80 primes 2..409) + $k = array( + '428a2f98d728ae22', '7137449123ef65cd', 'b5c0fbcfec4d3b2f', 'e9b5dba58189dbbc', + '3956c25bf348b538', '59f111f1b605d019', '923f82a4af194f9b', 'ab1c5ed5da6d8118', + 'd807aa98a3030242', '12835b0145706fbe', '243185be4ee4b28c', '550c7dc3d5ffb4e2', + '72be5d74f27b896f', '80deb1fe3b1696b1', '9bdc06a725c71235', 'c19bf174cf692694', + 'e49b69c19ef14ad2', 'efbe4786384f25e3', '0fc19dc68b8cd5b5', '240ca1cc77ac9c65', + '2de92c6f592b0275', '4a7484aa6ea6e483', '5cb0a9dcbd41fbd4', '76f988da831153b5', + '983e5152ee66dfab', 'a831c66d2db43210', 'b00327c898fb213f', 'bf597fc7beef0ee4', + 'c6e00bf33da88fc2', 'd5a79147930aa725', '06ca6351e003826f', '142929670a0e6e70', + '27b70a8546d22ffc', '2e1b21385c26c926', '4d2c6dfc5ac42aed', '53380d139d95b3df', + '650a73548baf63de', '766a0abb3c77b2a8', '81c2c92e47edaee6', '92722c851482353b', + 'a2bfe8a14cf10364', 'a81a664bbc423001', 'c24b8b70d0f89791', 'c76c51a30654be30', + 'd192e819d6ef5218', 'd69906245565a910', 'f40e35855771202a', '106aa07032bbd1b8', + '19a4c116b8d2d0c8', '1e376c085141ab53', '2748774cdf8eeb99', '34b0bcb5e19b48a8', + '391c0cb3c5c95a63', '4ed8aa4ae3418acb', '5b9cca4f7763e373', '682e6ff3d6b2b8a3', + '748f82ee5defb2fc', '78a5636f43172f60', '84c87814a1f0ab72', '8cc702081a6439ec', + '90befffa23631e28', 'a4506cebde82bde9', 'bef9a3f7b2c67915', 'c67178f2e372532b', + 'ca273eceea26619c', 'd186b8c721c0c207', 'eada7dd6cde0eb1e', 'f57d4f7fee6ed178', + '06f067aa72176fba', '0a637dc5a2c898a6', '113f9804bef90dae', '1b710b35131c471b', + '28db77f523047d84', '32caab7b40c72493', '3c9ebe0a15c9bebc', '431d67c49c100d4c', + '4cc5d4becb3e42b6', '597f299cfc657e2a', '5fcb6fab3ad6faec', '6c44198c4a475817' + ); + + for ($i = 0; $i < 80; $i++) { + $k[$i] = new BigInteger($k[$i], 16); + } + } + + // Pre-processing + $length = strlen($m); + // to round to nearest 112 mod 128, we'll add 128 - (length + (128 - 112)) % 128 + $m.= str_repeat(chr(0), 128 - (($length + 16) & 0x7F)); + $m[$length] = chr(0x80); + // we don't support hashing strings 512MB long + $m.= pack('N4', 0, 0, 0, $length << 3); + + // Process the message in successive 1024-bit chunks + $chunks = str_split($m, 128); + foreach ($chunks as $chunk) { + $w = array(); + for ($i = 0; $i < 16; $i++) { + $temp = new BigInteger(self::_string_shift($chunk, 8), 256); + $temp->setPrecision(64); + $w[] = $temp; + } + + // Extend the sixteen 32-bit words into eighty 32-bit words + for ($i = 16; $i < 80; $i++) { + $temp = array( + $w[$i - 15]->bitwise_rightRotate(1), + $w[$i - 15]->bitwise_rightRotate(8), + $w[$i - 15]->bitwise_rightShift(7) + ); + $s0 = $temp[0]->bitwise_xor($temp[1]); + $s0 = $s0->bitwise_xor($temp[2]); + $temp = array( + $w[$i - 2]->bitwise_rightRotate(19), + $w[$i - 2]->bitwise_rightRotate(61), + $w[$i - 2]->bitwise_rightShift(6) + ); + $s1 = $temp[0]->bitwise_xor($temp[1]); + $s1 = $s1->bitwise_xor($temp[2]); + $w[$i] = clone $w[$i - 16]; + $w[$i] = $w[$i]->add($s0); + $w[$i] = $w[$i]->add($w[$i - 7]); + $w[$i] = $w[$i]->add($s1); + } + + // Initialize hash value for this chunk + $a = clone $hash[0]; + $b = clone $hash[1]; + $c = clone $hash[2]; + $d = clone $hash[3]; + $e = clone $hash[4]; + $f = clone $hash[5]; + $g = clone $hash[6]; + $h = clone $hash[7]; + + // Main loop + for ($i = 0; $i < 80; $i++) { + $temp = array( + $a->bitwise_rightRotate(28), + $a->bitwise_rightRotate(34), + $a->bitwise_rightRotate(39) + ); + $s0 = $temp[0]->bitwise_xor($temp[1]); + $s0 = $s0->bitwise_xor($temp[2]); + $temp = array( + $a->bitwise_and($b), + $a->bitwise_and($c), + $b->bitwise_and($c) + ); + $maj = $temp[0]->bitwise_xor($temp[1]); + $maj = $maj->bitwise_xor($temp[2]); + $t2 = $s0->add($maj); + + $temp = array( + $e->bitwise_rightRotate(14), + $e->bitwise_rightRotate(18), + $e->bitwise_rightRotate(41) + ); + $s1 = $temp[0]->bitwise_xor($temp[1]); + $s1 = $s1->bitwise_xor($temp[2]); + $temp = array( + $e->bitwise_and($f), + $g->bitwise_and($e->bitwise_not()) + ); + $ch = $temp[0]->bitwise_xor($temp[1]); + $t1 = $h->add($s1); + $t1 = $t1->add($ch); + $t1 = $t1->add($k[$i]); + $t1 = $t1->add($w[$i]); + + $h = clone $g; + $g = clone $f; + $f = clone $e; + $e = $d->add($t1); + $d = clone $c; + $c = clone $b; + $b = clone $a; + $a = $t1->add($t2); + } + + // Add this chunk's hash to result so far + $hash = array( + $hash[0]->add($a), + $hash[1]->add($b), + $hash[2]->add($c), + $hash[3]->add($d), + $hash[4]->add($e), + $hash[5]->add($f), + $hash[6]->add($g), + $hash[7]->add($h) + ); + } + + // Produce the final hash value (big-endian) + // (\phpseclib\Crypt\Hash::hash() trims the output for hashes but not for HMACs. as such, we trim the output here) + $temp = $hash[0]->toBytes() . $hash[1]->toBytes() . $hash[2]->toBytes() . $hash[3]->toBytes() . + $hash[4]->toBytes() . $hash[5]->toBytes() . $hash[6]->toBytes() . $hash[7]->toBytes(); + + return $temp; + } + + /** + * String Shift + * + * Inspired by array_shift + * + * @param string $string + * @param int $index + * @return string + * @access private + */ + static function _string_shift(&$string, $index = 1) + { + $substr = substr($string, 0, $index); + $string = substr($string, $index); + return $substr; + } } diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index 641162fe..73636816 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -1232,6 +1232,9 @@ class RSA case 'sha256': case 'sha384': case 'sha512': + case 'sha224': + case 'sha512/224': + case 'sha512/256': $this->hash = new Hash($hash); $this->hashName = $hash; break; @@ -1261,6 +1264,9 @@ class RSA case 'sha256': case 'sha384': case 'sha512': + case 'sha224': + case 'sha512/224': + case 'sha512/256': $this->mgfHash = new Hash($hash); break; default: @@ -1961,6 +1967,16 @@ class RSA break; case 'sha512': $t = pack('H*', '3051300d060960864801650304020305000440'); + break; + // from https://www.emc.com/collateral/white-papers/h11300-pkcs-1v2-2-rsa-cryptography-standard-wp.pdf#page=40 + case 'sha224': + $t = pack('H*', '302d300d06096086480165030402040500041c'); + break; + case 'sha512/224': + $t = pack('H*', '302d300d06096086480165030402050500041c'); + break; + case 'sha512/256': + $t = pack('H*', '3031300d060960864801650304020605000420'); } $t.= $h; $tLen = strlen($t); @@ -2132,8 +2148,9 @@ class RSA '2.16.840.1.101.3.4.2.2' => 'sha384', '2.16.840.1.101.3.4.2.3' => 'sha512', // from PKCS1 v2.2 - //'2.16.840.1.101.3.4.2.5' => 'sha512/224', - //'2.16.840.1.101.3.4.2.6' => 'sha512/256', + '2.16.840.1.101.3.4.2.4' => 'sha224', + '2.16.840.1.101.3.4.2.5' => 'sha512/224', + '2.16.840.1.101.3.4.2.6' => 'sha512/256', ); $asn1->loadOIDs($oids); diff --git a/phpseclib/bootstrap.php b/phpseclib/bootstrap.php new file mode 100644 index 00000000..bd4ba0b5 --- /dev/null +++ b/phpseclib/bootstrap.php @@ -0,0 +1,20 @@ +