[ Index ] |
PHP Cross Reference of DokuWiki |
[Source view] [Print] [Project Stats]
Pure-PHP PKCS#1 (v2.1) compliant implementation of RSA. PHP version 5
Author: | Jim Wigginton |
Copyright: | 2009 Jim Wigginton |
License: | http://www.opensource.org/licenses/mit-license.html MIT License |
Link: | http://phpseclib.sourceforge.net |
File Size: | 3342 lines (118 kb) |
Included or required: | 0 times |
Referenced: | 0 times |
Includes or requires: | 0 files |
RSA:: (60 methods):
__construct()
createKey()
_convertPrivateKey()
_convertPublicKey()
_parseKey()
getSize()
_start_element_handler()
_stop_element_handler()
_data_handler()
loadKey()
setPassword()
setPublicKey()
setPrivateKey()
getPublicKey()
getPublicKeyFingerprint()
getPrivateKey()
_getPrivatePublicKey()
__toString()
__clone()
_generateMinMax()
_decodeLength()
_encodeLength()
_string_shift()
setPrivateKeyFormat()
setPublicKeyFormat()
setHash()
setMGFHash()
setSaltLength()
_i2osp()
_os2ip()
_exponentiate()
_blind()
_equals()
_rsaep()
_rsadp()
_rsasp1()
_rsavp1()
_mgf1()
_rsaes_oaep_encrypt()
_rsaes_oaep_decrypt()
_raw_encrypt()
_rsaes_pkcs1_v1_5_encrypt()
_rsaes_pkcs1_v1_5_decrypt()
_emsa_pss_encode()
_emsa_pss_verify()
_rsassa_pss_sign()
_rsassa_pss_verify()
_emsa_pkcs1_v1_5_encode()
_emsa_pkcs1_v1_5_encode_without_null()
_rsassa_pkcs1_v1_5_sign()
_rsassa_pkcs1_v1_5_verify()
setEncryptionMode()
setSignatureMode()
setComment()
getComment()
encrypt()
decrypt()
sign()
verify()
_extractBER()
__construct() X-Ref |
The constructor If you want to make use of the openssl extension, you'll need to set the mode manually, yourself. The reason \phpseclib\Crypt\RSA doesn't do it is because OpenSSL doesn't fail gracefully. openssl_pkey_new(), in particular, requires openssl.cnf be present somewhere and, unfortunately, the only real way to find out is too late. return: \phpseclib\Crypt\RSA |
createKey($bits = 1024, $timeout = false, $partial = array() X-Ref |
Create public / private key pair Returns an array with the following three elements: - 'privatekey': The private key. - 'publickey': The public key. - 'partialkey': A partially computed key (if the execution time exceeded $timeout). Will need to be passed back to \phpseclib\Crypt\RSA::createKey() as the third parameter for further processing. param: int $bits param: int $timeout param: array $partial |
_convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients) X-Ref |
Convert a private key to the appropriate format. return: string see: self::setPrivateKeyFormat() param: Math_BigInteger $n param: Math_BigInteger $e param: Math_BigInteger $d param: array<int,Math_BigInteger> $primes param: array<int,Math_BigInteger> $exponents param: array<int,Math_BigInteger> $coefficients |
_convertPublicKey($n, $e) X-Ref |
Convert a public key to the appropriate format return: string|array<string,Math_BigInteger> see: self::setPublicKeyFormat() param: Math_BigInteger $n param: Math_BigInteger $e |
_parseKey($key, $type) X-Ref |
Break a public or private key down into its constituant components return: array|bool see: self::_convertPublicKey() see: self::_convertPrivateKey() param: string|array $key param: int $type |
getSize() X-Ref |
No description |
_start_element_handler($parser, $name, $attribs) X-Ref |
Start Element Handler Called by xml_set_element_handler() param: resource $parser param: string $name param: array $attribs |
_stop_element_handler($parser, $name) X-Ref |
Stop Element Handler Called by xml_set_element_handler() param: resource $parser param: string $name |
_data_handler($parser, $data) X-Ref |
Data Handler Called by xml_set_character_data_handler() param: resource $parser param: string $data |
loadKey($key, $type = false) X-Ref |
Loads a public or private key Returns true on success and false on failure (ie. an incorrect password was provided or the key was malformed) return: bool param: string|RSA|array $key param: bool|int $type optional |
setPassword($password = false) X-Ref |
Sets the password Private keys can be encrypted with a password. To unset the password, pass in the empty string or false. Or rather, pass in $password such that empty($password) && !is_string($password) is true. see: self::createKey() see: self::loadKey() param: string $password |
setPublicKey($key = false, $type = false) X-Ref |
Defines the public key Some private key formats define the public exponent and some don't. Those that don't define it are problematic when used in certain contexts. For example, in SSH-2, RSA authentication works by sending the public key along with a message signed by the private key to the server. The SSH-2 server looks the public key up in an index of public keys and if it's present then proceeds to verify the signature. Problem is, if your private key doesn't include the public exponent this won't work unless you manually add the public exponent. phpseclib tries to guess if the key being used is the public key but in the event that it guesses incorrectly you might still want to explicitly set the key as being public. Do note that when a new key is loaded the index will be cleared. Returns true on success, false on failure return: bool see: self::getPublicKey() param: string $key optional param: int $type optional |
setPrivateKey($key = false, $type = false) X-Ref |
Defines the private key If phpseclib guessed a private key was a public key and loaded it as such it might be desirable to force phpseclib to treat the key as a private key. This function will do that. Do note that when a new key is loaded the index will be cleared. Returns true on success, false on failure return: bool see: self::getPublicKey() param: string $key optional param: int $type optional |
getPublicKey($type = self::PUBLIC_FORMAT_PKCS8) X-Ref |
Returns the public key The public key is only returned under two circumstances - if the private key had the public key embedded within it or if the public key was set via setPublicKey(). If the currently loaded key is supposed to be the public key this function won't return it since this library, for the most part, doesn't distinguish between public and private keys. see: self::getPublicKey() param: int $type optional |
getPublicKeyFingerprint($algorithm = 'md5') X-Ref |
Returns the public key's fingerprint The public key's fingerprint is returned, which is equivalent to running `ssh-keygen -lf rsa.pub`. If there is no public key currently loaded, false is returned. Example output (md5): "c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87" (as specified by RFC 4716) return: mixed param: string $algorithm The hashing algorithm to be used. Valid options are 'md5' and 'sha256'. False is returned |
getPrivateKey($type = self::PUBLIC_FORMAT_PKCS1) X-Ref |
Returns the private key The private key is only returned if the currently loaded key contains the constituent prime numbers. return: mixed see: self::getPublicKey() param: int $type optional |
_getPrivatePublicKey($mode = self::PUBLIC_FORMAT_PKCS8) X-Ref |
Returns a minimalistic private key Returns the private key without the prime number constituants. Structurally identical to a public key that hasn't been set as the public key see: self::getPrivateKey() param: int $mode optional |
__toString() X-Ref |
__toString() magic method return: string |
__clone() X-Ref |
__clone() magic method return: Crypt_RSA |
_generateMinMax($bits) X-Ref |
Generates the smallest and largest numbers requiring $bits bits return: array param: int $bits |
_decodeLength(&$string) X-Ref |
DER-decode the length DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4. See {@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 paragraph 8.1.3} for more information. return: int param: string $string |
_encodeLength($length) X-Ref |
DER-encode the length DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4. See {@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 paragraph 8.1.3} for more information. return: string param: int $length |
_string_shift(&$string, $index = 1) X-Ref |
String Shift Inspired by array_shift return: string param: string $string param: int $index |
setPrivateKeyFormat($format) X-Ref |
Determines the private key format see: self::createKey() param: int $format |
setPublicKeyFormat($format) X-Ref |
Determines the public key format see: self::createKey() param: int $format |
setHash($hash) X-Ref |
Determines which hashing function should be used Used with signature production / verification and (if the encryption mode is self::ENCRYPTION_OAEP) encryption and decryption. If $hash isn't supported, sha1 is used. param: string $hash |
setMGFHash($hash) X-Ref |
Determines which hashing function should be used for the mask generation function The mask generation function is used by self::ENCRYPTION_OAEP and self::SIGNATURE_PSS and although it's best if Hash and MGFHash are set to the same thing this is not a requirement. param: string $hash |
setSaltLength($sLen) X-Ref |
Determines the salt length To quote from {@link http://tools.ietf.org/html/rfc3447#page-38 RFC3447#page-38}: Typical salt lengths in octets are hLen (the length of the output of the hash function Hash) and 0. param: int $sLen |
_i2osp($x, $xLen) X-Ref |
Integer-to-Octet-String primitive See {@link http://tools.ietf.org/html/rfc3447#section-4.1 RFC3447#section-4.1}. return: string param: \phpseclib\Math\BigInteger $x param: int $xLen |
_os2ip($x) X-Ref |
Octet-String-to-Integer primitive See {@link http://tools.ietf.org/html/rfc3447#section-4.2 RFC3447#section-4.2}. return: \phpseclib\Math\BigInteger param: int|string|resource $x |
_exponentiate($x) X-Ref |
Exponentiate with or without Chinese Remainder Theorem See {@link http://tools.ietf.org/html/rfc3447#section-5.1.1 RFC3447#section-5.1.2}. return: \phpseclib\Math\BigInteger param: \phpseclib\Math\BigInteger $x |
_blind($x, $r, $i) X-Ref |
Performs RSA Blinding Protects against timing attacks by employing RSA Blinding. Returns $x->modPow($this->exponents[$i], $this->primes[$i]) return: \phpseclib\Math\BigInteger param: \phpseclib\Math\BigInteger $x param: \phpseclib\Math\BigInteger $r param: int $i |
_equals($x, $y) X-Ref |
Performs blinded RSA equality testing Protects against a particular type of timing attack described. See {@link http://codahale.com/a-lesson-in-timing-attacks/ A Lesson In Timing Attacks (or, Don't use MessageDigest.isEquals)} Thanks for the heads up singpolyma! return: bool param: string $x param: string $y |
_rsaep($m) X-Ref |
RSAEP See {@link http://tools.ietf.org/html/rfc3447#section-5.1.1 RFC3447#section-5.1.1}. return: \phpseclib\Math\BigInteger param: \phpseclib\Math\BigInteger $m |
_rsadp($c) X-Ref |
RSADP See {@link http://tools.ietf.org/html/rfc3447#section-5.1.2 RFC3447#section-5.1.2}. return: \phpseclib\Math\BigInteger param: \phpseclib\Math\BigInteger $c |
_rsasp1($m) X-Ref |
RSASP1 See {@link http://tools.ietf.org/html/rfc3447#section-5.2.1 RFC3447#section-5.2.1}. return: \phpseclib\Math\BigInteger param: \phpseclib\Math\BigInteger $m |
_rsavp1($s) X-Ref |
RSAVP1 See {@link http://tools.ietf.org/html/rfc3447#section-5.2.2 RFC3447#section-5.2.2}. return: \phpseclib\Math\BigInteger param: \phpseclib\Math\BigInteger $s |
_mgf1($mgfSeed, $maskLen) X-Ref |
MGF1 See {@link http://tools.ietf.org/html/rfc3447#appendix-B.2.1 RFC3447#appendix-B.2.1}. return: string param: string $mgfSeed param: int $maskLen |
_rsaes_oaep_encrypt($m, $l = '') X-Ref |
RSAES-OAEP-ENCRYPT See {@link http://tools.ietf.org/html/rfc3447#section-7.1.1 RFC3447#section-7.1.1} and {http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding OAES}. return: string param: string $m param: string $l |
_rsaes_oaep_decrypt($c, $l = '') X-Ref |
RSAES-OAEP-DECRYPT See {@link http://tools.ietf.org/html/rfc3447#section-7.1.2 RFC3447#section-7.1.2}. The fact that the error messages aren't distinguishable from one another hinders debugging, but, to quote from RFC3447#section-7.1.2: Note. Care must be taken to ensure that an opponent cannot distinguish the different error conditions in Step 3.g, whether by error message or timing, or, more generally, learn partial information about the encoded message EM. Otherwise an opponent may be able to obtain useful information about the decryption of the ciphertext C, leading to a chosen-ciphertext attack such as the one observed by Manger [36]. As for $l... to quote from {@link http://tools.ietf.org/html/rfc3447#page-17 RFC3447#page-17}: Both the encryption and the decryption operations of RSAES-OAEP take the value of a label L as input. In this version of PKCS #1, L is the empty string; other uses of the label are outside the scope of this document. return: string param: string $c param: string $l |
_raw_encrypt($m) X-Ref |
Raw Encryption / Decryption Doesn't use padding and is not recommended. return: string param: string $m |
_rsaes_pkcs1_v1_5_encrypt($m) X-Ref |
RSAES-PKCS1-V1_5-ENCRYPT See {@link http://tools.ietf.org/html/rfc3447#section-7.2.1 RFC3447#section-7.2.1}. return: string param: string $m |
_rsaes_pkcs1_v1_5_decrypt($c) X-Ref |
RSAES-PKCS1-V1_5-DECRYPT See {@link http://tools.ietf.org/html/rfc3447#section-7.2.2 RFC3447#section-7.2.2}. For compatibility purposes, this function departs slightly from the description given in RFC3447. The reason being that RFC2313#section-8.1 (PKCS#1 v1.5) states that ciphertext's encrypted by the private key should have the second byte set to either 0 or 1 and that ciphertext's encrypted by the public key should have the second byte set to 2. In RFC3447 (PKCS#1 v2.1), the second byte is supposed to be 2 regardless of which key is used. For compatibility purposes, we'll just check to make sure the second byte is 2 or less. If it is, we'll accept the decrypted string as valid. As a consequence of this, a private key encrypted ciphertext produced with \phpseclib\Crypt\RSA may not decrypt with a strictly PKCS#1 v1.5 compliant RSA implementation. Public key encrypted ciphertext's should but not private key encrypted ciphertext's. return: string param: string $c |
_emsa_pss_encode($m, $emBits) X-Ref |
EMSA-PSS-ENCODE See {@link http://tools.ietf.org/html/rfc3447#section-9.1.1 RFC3447#section-9.1.1}. param: string $m param: int $emBits |
_emsa_pss_verify($m, $em, $emBits) X-Ref |
EMSA-PSS-VERIFY See {@link http://tools.ietf.org/html/rfc3447#section-9.1.2 RFC3447#section-9.1.2}. return: string param: string $m param: string $em param: int $emBits |
_rsassa_pss_sign($m) X-Ref |
RSASSA-PSS-SIGN See {@link http://tools.ietf.org/html/rfc3447#section-8.1.1 RFC3447#section-8.1.1}. return: string param: string $m |
_rsassa_pss_verify($m, $s) X-Ref |
RSASSA-PSS-VERIFY See {@link http://tools.ietf.org/html/rfc3447#section-8.1.2 RFC3447#section-8.1.2}. return: string param: string $m param: string $s |
_emsa_pkcs1_v1_5_encode($m, $emLen) X-Ref |
EMSA-PKCS1-V1_5-ENCODE See {@link http://tools.ietf.org/html/rfc3447#section-9.2 RFC3447#section-9.2}. return: string param: string $m param: int $emLen |
_emsa_pkcs1_v1_5_encode_without_null($m, $emLen) X-Ref |
EMSA-PKCS1-V1_5-ENCODE (without NULL) Quoting https://tools.ietf.org/html/rfc8017#page-65, "The parameters field associated with id-sha1, id-sha224, id-sha256, id-sha384, id-sha512, id-sha512/224, and id-sha512/256 should generally be omitted, but if present, it shall have a value of type NULL" return: string param: string $m param: int $emLen |
_rsassa_pkcs1_v1_5_sign($m) X-Ref |
RSASSA-PKCS1-V1_5-SIGN See {@link http://tools.ietf.org/html/rfc3447#section-8.2.1 RFC3447#section-8.2.1}. return: string param: string $m |
_rsassa_pkcs1_v1_5_verify($m, $s) X-Ref |
RSASSA-PKCS1-V1_5-VERIFY See {@link http://tools.ietf.org/html/rfc3447#section-8.2.2 RFC3447#section-8.2.2}. return: string param: string $m param: string $s |
setEncryptionMode($mode) X-Ref |
Set Encryption Mode Valid values include self::ENCRYPTION_OAEP and self::ENCRYPTION_PKCS1. param: int $mode |
setSignatureMode($mode) X-Ref |
Set Signature Mode Valid values include self::SIGNATURE_PSS and self::SIGNATURE_PKCS1 param: int $mode |
setComment($comment) X-Ref |
Set public key comment. param: string $comment |
getComment() X-Ref |
Get public key comment. return: string |
encrypt($plaintext) X-Ref |
Encryption Both self::ENCRYPTION_OAEP and self::ENCRYPTION_PKCS1 both place limits on how long $plaintext can be. If $plaintext exceeds those limits it will be broken up so that it does and the resultant ciphertext's will be concatenated together. return: string see: self::decrypt() param: string $plaintext |
decrypt($ciphertext) X-Ref |
Decryption return: string see: self::encrypt() param: string $ciphertext |
sign($message) X-Ref |
Create a signature return: string see: self::verify() param: string $message |
verify($message, $signature) X-Ref |
Verifies a signature return: bool see: self::sign() param: string $message param: string $signature |
_extractBER($str) X-Ref |
Extract raw BER from Base64 encoding return: string param: string $str |