[ Index ]

PHP Cross Reference of DokuWiki

title

Body

[close]

/vendor/phpseclib/phpseclib/phpseclib/Crypt/ -> RSA.php (summary)

Pure-PHP PKCS#1 (v2.1) compliant implementation of RSA. PHP version 5

Author: Jim Wigginton
Copyright: 2009 Jim Wigginton
License: http://www.opensource.org/licenses/mit-license.html MIT License
Link: http://phpseclib.sourceforge.net
File Size: 3342 lines (118 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 1 class

RSA:: (60 methods):
  __construct()
  createKey()
  _convertPrivateKey()
  _convertPublicKey()
  _parseKey()
  getSize()
  _start_element_handler()
  _stop_element_handler()
  _data_handler()
  loadKey()
  setPassword()
  setPublicKey()
  setPrivateKey()
  getPublicKey()
  getPublicKeyFingerprint()
  getPrivateKey()
  _getPrivatePublicKey()
  __toString()
  __clone()
  _generateMinMax()
  _decodeLength()
  _encodeLength()
  _string_shift()
  setPrivateKeyFormat()
  setPublicKeyFormat()
  setHash()
  setMGFHash()
  setSaltLength()
  _i2osp()
  _os2ip()
  _exponentiate()
  _blind()
  _equals()
  _rsaep()
  _rsadp()
  _rsasp1()
  _rsavp1()
  _mgf1()
  _rsaes_oaep_encrypt()
  _rsaes_oaep_decrypt()
  _raw_encrypt()
  _rsaes_pkcs1_v1_5_encrypt()
  _rsaes_pkcs1_v1_5_decrypt()
  _emsa_pss_encode()
  _emsa_pss_verify()
  _rsassa_pss_sign()
  _rsassa_pss_verify()
  _emsa_pkcs1_v1_5_encode()
  _emsa_pkcs1_v1_5_encode_without_null()
  _rsassa_pkcs1_v1_5_sign()
  _rsassa_pkcs1_v1_5_verify()
  setEncryptionMode()
  setSignatureMode()
  setComment()
  getComment()
  encrypt()
  decrypt()
  sign()
  verify()
  _extractBER()


Class: RSA  - X-Ref

Pure-PHP PKCS#1 compliant implementation of RSA.

__construct()   X-Ref
The constructor

If you want to make use of the openssl extension, you'll need to set the mode manually, yourself.  The reason
\phpseclib\Crypt\RSA doesn't do it is because OpenSSL doesn't fail gracefully.  openssl_pkey_new(), in particular, requires
openssl.cnf be present somewhere and, unfortunately, the only real way to find out is too late.

return: \phpseclib\Crypt\RSA

createKey($bits = 1024, $timeout = false, $partial = array()   X-Ref
Create public / private key pair

Returns an array with the following three elements:
- 'privatekey': The private key.
- 'publickey':  The public key.
- 'partialkey': A partially computed key (if the execution time exceeded $timeout).
Will need to be passed back to \phpseclib\Crypt\RSA::createKey() as the third parameter for further processing.

param: int $bits
param: int $timeout
param: array $partial

_convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients)   X-Ref
Convert a private key to the appropriate format.

return: string
see: self::setPrivateKeyFormat()
param: Math_BigInteger $n
param: Math_BigInteger $e
param: Math_BigInteger $d
param: array<int,Math_BigInteger> $primes
param: array<int,Math_BigInteger> $exponents
param: array<int,Math_BigInteger> $coefficients

_convertPublicKey($n, $e)   X-Ref
Convert a public key to the appropriate format

return: string|array<string,Math_BigInteger>
see: self::setPublicKeyFormat()
param: Math_BigInteger $n
param: Math_BigInteger $e

_parseKey($key, $type)   X-Ref
Break a public or private key down into its constituant components

return: array|bool
see: self::_convertPublicKey()
see: self::_convertPrivateKey()
param: string|array $key
param: int $type

getSize()   X-Ref
No description

_start_element_handler($parser, $name, $attribs)   X-Ref
Start Element Handler

Called by xml_set_element_handler()

param: resource $parser
param: string $name
param: array $attribs

_stop_element_handler($parser, $name)   X-Ref
Stop Element Handler

Called by xml_set_element_handler()

param: resource $parser
param: string $name

_data_handler($parser, $data)   X-Ref
Data Handler

Called by xml_set_character_data_handler()

param: resource $parser
param: string $data

loadKey($key, $type = false)   X-Ref
Loads a public or private key

Returns true on success and false on failure (ie. an incorrect password was provided or the key was malformed)

return: bool
param: string|RSA|array $key
param: bool|int $type optional

setPassword($password = false)   X-Ref
Sets the password

Private keys can be encrypted with a password.  To unset the password, pass in the empty string or false.
Or rather, pass in $password such that empty($password) && !is_string($password) is true.

see: self::createKey()
see: self::loadKey()
param: string $password

setPublicKey($key = false, $type = false)   X-Ref
Defines the public key

Some private key formats define the public exponent and some don't.  Those that don't define it are problematic when
used in certain contexts.  For example, in SSH-2, RSA authentication works by sending the public key along with a
message signed by the private key to the server.  The SSH-2 server looks the public key up in an index of public keys
and if it's present then proceeds to verify the signature.  Problem is, if your private key doesn't include the public
exponent this won't work unless you manually add the public exponent. phpseclib tries to guess if the key being used
is the public key but in the event that it guesses incorrectly you might still want to explicitly set the key as being
public.

Do note that when a new key is loaded the index will be cleared.

Returns true on success, false on failure

return: bool
see: self::getPublicKey()
param: string $key optional
param: int $type optional

setPrivateKey($key = false, $type = false)   X-Ref
Defines the private key

If phpseclib guessed a private key was a public key and loaded it as such it might be desirable to force
phpseclib to treat the key as a private key. This function will do that.

Do note that when a new key is loaded the index will be cleared.

Returns true on success, false on failure

return: bool
see: self::getPublicKey()
param: string $key optional
param: int $type optional

getPublicKey($type = self::PUBLIC_FORMAT_PKCS8)   X-Ref
Returns the public key

The public key is only returned under two circumstances - if the private key had the public key embedded within it
or if the public key was set via setPublicKey().  If the currently loaded key is supposed to be the public key this
function won't return it since this library, for the most part, doesn't distinguish between public and private keys.

see: self::getPublicKey()
param: int $type optional

getPublicKeyFingerprint($algorithm = 'md5')   X-Ref
Returns the public key's fingerprint

The public key's fingerprint is returned, which is equivalent to running `ssh-keygen -lf rsa.pub`. If there is
no public key currently loaded, false is returned.
Example output (md5): "c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87" (as specified by RFC 4716)

return: mixed
param: string $algorithm The hashing algorithm to be used. Valid options are 'md5' and 'sha256'. False is returned

getPrivateKey($type = self::PUBLIC_FORMAT_PKCS1)   X-Ref
Returns the private key

The private key is only returned if the currently loaded key contains the constituent prime numbers.

return: mixed
see: self::getPublicKey()
param: int $type optional

_getPrivatePublicKey($mode = self::PUBLIC_FORMAT_PKCS8)   X-Ref
Returns a minimalistic private key

Returns the private key without the prime number constituants.  Structurally identical to a public key that
hasn't been set as the public key

see: self::getPrivateKey()
param: int $mode optional

__toString()   X-Ref
__toString() magic method

return: string

__clone()   X-Ref
__clone() magic method

return: Crypt_RSA

_generateMinMax($bits)   X-Ref
Generates the smallest and largest numbers requiring $bits bits

return: array
param: int $bits

_decodeLength(&$string)   X-Ref
DER-decode the length

DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4.  See
{@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 paragraph 8.1.3} for more information.

return: int
param: string $string

_encodeLength($length)   X-Ref
DER-encode the length

DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4.  See
{@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 paragraph 8.1.3} for more information.

return: string
param: int $length

_string_shift(&$string, $index = 1)   X-Ref
String Shift

Inspired by array_shift

return: string
param: string $string
param: int $index

setPrivateKeyFormat($format)   X-Ref
Determines the private key format

see: self::createKey()
param: int $format

setPublicKeyFormat($format)   X-Ref
Determines the public key format

see: self::createKey()
param: int $format

setHash($hash)   X-Ref
Determines which hashing function should be used

Used with signature production / verification and (if the encryption mode is self::ENCRYPTION_OAEP) encryption and
decryption.  If $hash isn't supported, sha1 is used.

param: string $hash

setMGFHash($hash)   X-Ref
Determines which hashing function should be used for the mask generation function

The mask generation function is used by self::ENCRYPTION_OAEP and self::SIGNATURE_PSS and although it's
best if Hash and MGFHash are set to the same thing this is not a requirement.

param: string $hash

setSaltLength($sLen)   X-Ref
Determines the salt length

To quote from {@link http://tools.ietf.org/html/rfc3447#page-38 RFC3447#page-38}:

Typical salt lengths in octets are hLen (the length of the output
of the hash function Hash) and 0.

param: int $sLen

_i2osp($x, $xLen)   X-Ref
Integer-to-Octet-String primitive

See {@link http://tools.ietf.org/html/rfc3447#section-4.1 RFC3447#section-4.1}.

return: string
param: \phpseclib\Math\BigInteger $x
param: int $xLen

_os2ip($x)   X-Ref
Octet-String-to-Integer primitive

See {@link http://tools.ietf.org/html/rfc3447#section-4.2 RFC3447#section-4.2}.

return: \phpseclib\Math\BigInteger
param: int|string|resource $x

_exponentiate($x)   X-Ref
Exponentiate with or without Chinese Remainder Theorem

See {@link http://tools.ietf.org/html/rfc3447#section-5.1.1 RFC3447#section-5.1.2}.

return: \phpseclib\Math\BigInteger
param: \phpseclib\Math\BigInteger $x

_blind($x, $r, $i)   X-Ref
Performs RSA Blinding

Protects against timing attacks by employing RSA Blinding.
Returns $x->modPow($this->exponents[$i], $this->primes[$i])

return: \phpseclib\Math\BigInteger
param: \phpseclib\Math\BigInteger $x
param: \phpseclib\Math\BigInteger $r
param: int $i

_equals($x, $y)   X-Ref
Performs blinded RSA equality testing

Protects against a particular type of timing attack described.

See {@link http://codahale.com/a-lesson-in-timing-attacks/ A Lesson In Timing Attacks (or, Don't use MessageDigest.isEquals)}

Thanks for the heads up singpolyma!

return: bool
param: string $x
param: string $y

_rsaep($m)   X-Ref
RSAEP

See {@link http://tools.ietf.org/html/rfc3447#section-5.1.1 RFC3447#section-5.1.1}.

return: \phpseclib\Math\BigInteger
param: \phpseclib\Math\BigInteger $m

_rsadp($c)   X-Ref
RSADP

See {@link http://tools.ietf.org/html/rfc3447#section-5.1.2 RFC3447#section-5.1.2}.

return: \phpseclib\Math\BigInteger
param: \phpseclib\Math\BigInteger $c

_rsasp1($m)   X-Ref
RSASP1

See {@link http://tools.ietf.org/html/rfc3447#section-5.2.1 RFC3447#section-5.2.1}.

return: \phpseclib\Math\BigInteger
param: \phpseclib\Math\BigInteger $m

_rsavp1($s)   X-Ref
RSAVP1

See {@link http://tools.ietf.org/html/rfc3447#section-5.2.2 RFC3447#section-5.2.2}.

return: \phpseclib\Math\BigInteger
param: \phpseclib\Math\BigInteger $s

_mgf1($mgfSeed, $maskLen)   X-Ref
MGF1

See {@link http://tools.ietf.org/html/rfc3447#appendix-B.2.1 RFC3447#appendix-B.2.1}.

return: string
param: string $mgfSeed
param: int $maskLen

_rsaes_oaep_encrypt($m, $l = '')   X-Ref
RSAES-OAEP-ENCRYPT

See {@link http://tools.ietf.org/html/rfc3447#section-7.1.1 RFC3447#section-7.1.1} and
{http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding OAES}.

return: string
param: string $m
param: string $l

_rsaes_oaep_decrypt($c, $l = '')   X-Ref
RSAES-OAEP-DECRYPT

See {@link http://tools.ietf.org/html/rfc3447#section-7.1.2 RFC3447#section-7.1.2}.  The fact that the error
messages aren't distinguishable from one another hinders debugging, but, to quote from RFC3447#section-7.1.2:

Note.  Care must be taken to ensure that an opponent cannot
distinguish the different error conditions in Step 3.g, whether by
error message or timing, or, more generally, learn partial
information about the encoded message EM.  Otherwise an opponent may
be able to obtain useful information about the decryption of the
ciphertext C, leading to a chosen-ciphertext attack such as the one
observed by Manger [36].

As for $l...  to quote from {@link http://tools.ietf.org/html/rfc3447#page-17 RFC3447#page-17}:

Both the encryption and the decryption operations of RSAES-OAEP take
the value of a label L as input.  In this version of PKCS #1, L is
the empty string; other uses of the label are outside the scope of
this document.

return: string
param: string $c
param: string $l

_raw_encrypt($m)   X-Ref
Raw Encryption / Decryption

Doesn't use padding and is not recommended.

return: string
param: string $m

_rsaes_pkcs1_v1_5_encrypt($m)   X-Ref
RSAES-PKCS1-V1_5-ENCRYPT

See {@link http://tools.ietf.org/html/rfc3447#section-7.2.1 RFC3447#section-7.2.1}.

return: string
param: string $m

_rsaes_pkcs1_v1_5_decrypt($c)   X-Ref
RSAES-PKCS1-V1_5-DECRYPT

See {@link http://tools.ietf.org/html/rfc3447#section-7.2.2 RFC3447#section-7.2.2}.

For compatibility purposes, this function departs slightly from the description given in RFC3447.
The reason being that RFC2313#section-8.1 (PKCS#1 v1.5) states that ciphertext's encrypted by the
private key should have the second byte set to either 0 or 1 and that ciphertext's encrypted by the
public key should have the second byte set to 2.  In RFC3447 (PKCS#1 v2.1), the second byte is supposed
to be 2 regardless of which key is used.  For compatibility purposes, we'll just check to make sure the
second byte is 2 or less.  If it is, we'll accept the decrypted string as valid.

As a consequence of this, a private key encrypted ciphertext produced with \phpseclib\Crypt\RSA may not decrypt
with a strictly PKCS#1 v1.5 compliant RSA implementation.  Public key encrypted ciphertext's should but
not private key encrypted ciphertext's.

return: string
param: string $c

_emsa_pss_encode($m, $emBits)   X-Ref
EMSA-PSS-ENCODE

See {@link http://tools.ietf.org/html/rfc3447#section-9.1.1 RFC3447#section-9.1.1}.

param: string $m
param: int $emBits

_emsa_pss_verify($m, $em, $emBits)   X-Ref
EMSA-PSS-VERIFY

See {@link http://tools.ietf.org/html/rfc3447#section-9.1.2 RFC3447#section-9.1.2}.

return: string
param: string $m
param: string $em
param: int $emBits

_rsassa_pss_sign($m)   X-Ref
RSASSA-PSS-SIGN

See {@link http://tools.ietf.org/html/rfc3447#section-8.1.1 RFC3447#section-8.1.1}.

return: string
param: string $m

_rsassa_pss_verify($m, $s)   X-Ref
RSASSA-PSS-VERIFY

See {@link http://tools.ietf.org/html/rfc3447#section-8.1.2 RFC3447#section-8.1.2}.

return: string
param: string $m
param: string $s

_emsa_pkcs1_v1_5_encode($m, $emLen)   X-Ref
EMSA-PKCS1-V1_5-ENCODE

See {@link http://tools.ietf.org/html/rfc3447#section-9.2 RFC3447#section-9.2}.

return: string
param: string $m
param: int $emLen

_emsa_pkcs1_v1_5_encode_without_null($m, $emLen)   X-Ref
EMSA-PKCS1-V1_5-ENCODE (without NULL)

Quoting https://tools.ietf.org/html/rfc8017#page-65,

"The parameters field associated with id-sha1, id-sha224, id-sha256,
id-sha384, id-sha512, id-sha512/224, and id-sha512/256 should
generally be omitted, but if present, it shall have a value of type
NULL"

return: string
param: string $m
param: int $emLen

_rsassa_pkcs1_v1_5_sign($m)   X-Ref
RSASSA-PKCS1-V1_5-SIGN

See {@link http://tools.ietf.org/html/rfc3447#section-8.2.1 RFC3447#section-8.2.1}.

return: string
param: string $m

_rsassa_pkcs1_v1_5_verify($m, $s)   X-Ref
RSASSA-PKCS1-V1_5-VERIFY

See {@link http://tools.ietf.org/html/rfc3447#section-8.2.2 RFC3447#section-8.2.2}.

return: string
param: string $m
param: string $s

setEncryptionMode($mode)   X-Ref
Set Encryption Mode

Valid values include self::ENCRYPTION_OAEP and self::ENCRYPTION_PKCS1.

param: int $mode

setSignatureMode($mode)   X-Ref
Set Signature Mode

Valid values include self::SIGNATURE_PSS and self::SIGNATURE_PKCS1

param: int $mode

setComment($comment)   X-Ref
Set public key comment.

param: string $comment

getComment()   X-Ref
Get public key comment.

return: string

encrypt($plaintext)   X-Ref
Encryption

Both self::ENCRYPTION_OAEP and self::ENCRYPTION_PKCS1 both place limits on how long $plaintext can be.
If $plaintext exceeds those limits it will be broken up so that it does and the resultant ciphertext's will
be concatenated together.

return: string
see: self::decrypt()
param: string $plaintext

decrypt($ciphertext)   X-Ref
Decryption

return: string
see: self::encrypt()
param: string $ciphertext

sign($message)   X-Ref
Create a signature

return: string
see: self::verify()
param: string $message

verify($message, $signature)   X-Ref
Verifies a signature

return: bool
see: self::sign()
param: string $message
param: string $signature

_extractBER($str)   X-Ref
Extract raw BER from Base64 encoding

return: string
param: string $str