Formats
9 months ago
.htaccess
9 months ago
Parameters.php
9 months ago
PrivateKey.php
9 months ago
PublicKey.php
9 months ago
index.html
9 months ago
web.config
9 months ago
PrivateKey.php
151 lines
| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * DSA Private Key |
| 5 | * |
| 6 | * @author Jim Wigginton <terrafrost@php.net> |
| 7 | * @copyright 2015 Jim Wigginton |
| 8 | * @license http://www.opensource.org/licenses/mit-license.html MIT License |
| 9 | * @link http://phpseclib.sourceforge.net |
| 10 | */ |
| 11 | |
| 12 | declare(strict_types=1); |
| 13 | |
| 14 | namespace phpseclib3\Crypt\DSA; |
| 15 | |
| 16 | use phpseclib3\Crypt\Common; |
| 17 | use phpseclib3\Crypt\DSA; |
| 18 | use phpseclib3\Crypt\DSA\Formats\Signature\ASN1 as ASN1Signature; |
| 19 | use phpseclib3\Math\BigInteger; |
| 20 | |
| 21 | /** |
| 22 | * DSA Private Key |
| 23 | * |
| 24 | * @author Jim Wigginton <terrafrost@php.net> |
| 25 | */ |
| 26 | final class PrivateKey extends DSA implements Common\PrivateKey |
| 27 | { |
| 28 | use Common\Traits\PasswordProtected; |
| 29 | |
| 30 | /** |
| 31 | * DSA secret exponent x |
| 32 | * |
| 33 | * @var BigInteger |
| 34 | */ |
| 35 | protected $x; |
| 36 | |
| 37 | /** |
| 38 | * Returns the public key |
| 39 | * |
| 40 | * If you do "openssl rsa -in private.rsa -pubout -outform PEM" you get a PKCS8 formatted key |
| 41 | * that contains a publicKeyAlgorithm AlgorithmIdentifier and a publicKey BIT STRING. |
| 42 | * An AlgorithmIdentifier contains an OID and a parameters field. With RSA public keys this |
| 43 | * parameters field is NULL. With DSA PKCS8 public keys it is not - it contains the p, q and g |
| 44 | * variables. The publicKey BIT STRING contains, simply, the y variable. This can be verified |
| 45 | * by getting a DSA PKCS8 public key: |
| 46 | * |
| 47 | * "openssl dsa -in private.dsa -pubout -outform PEM" |
| 48 | * |
| 49 | * ie. just swap out rsa with dsa in the rsa command above. |
| 50 | * |
| 51 | * A PKCS1 public key corresponds to the publicKey portion of the PKCS8 key. In the case of RSA |
| 52 | * the publicKey portion /is/ the key. In the case of DSA it is not. You cannot verify a signature |
| 53 | * without the parameters and the PKCS1 DSA public key format does not include the parameters. |
| 54 | * |
| 55 | * @see self::getPrivateKey() |
| 56 | */ |
| 57 | public function getPublicKey() |
| 58 | { |
| 59 | $type = self::validatePlugin('Keys', 'PKCS8', 'savePublicKey'); |
| 60 | |
| 61 | if (!isset($this->y)) { |
| 62 | $this->y = $this->g->powMod($this->x, $this->p); |
| 63 | } |
| 64 | |
| 65 | $key = $type::savePublicKey($this->p, $this->q, $this->g, $this->y); |
| 66 | |
| 67 | return DSA::loadFormat('PKCS8', $key) |
| 68 | ->withHash($this->hash->getHash()) |
| 69 | ->withSignatureFormat($this->shortFormat); |
| 70 | } |
| 71 | |
| 72 | /** |
| 73 | * Create a signature |
| 74 | * |
| 75 | * @see self::verify() |
| 76 | * @param string $message |
| 77 | */ |
| 78 | public function sign($message): string |
| 79 | { |
| 80 | $format = $this->sigFormat; |
| 81 | |
| 82 | if (self::$engines['OpenSSL'] && in_array($this->hash->getHash(), openssl_get_md_methods())) { |
| 83 | $signature = ''; |
| 84 | $result = openssl_sign($message, $signature, $this->toString('PKCS8'), $this->hash->getHash()); |
| 85 | |
| 86 | if ($result) { |
| 87 | if ($this->shortFormat == 'ASN1') { |
| 88 | return $signature; |
| 89 | } |
| 90 | |
| 91 | extract(ASN1Signature::load($signature)); |
| 92 | |
| 93 | return $format::save($r, $s); |
| 94 | } |
| 95 | } |
| 96 | |
| 97 | $h = $this->hash->hash($message); |
| 98 | $h = $this->bits2int($h); |
| 99 | |
| 100 | while (true) { |
| 101 | $k = BigInteger::randomRange(self::$one, $this->q->subtract(self::$one)); |
| 102 | $r = $this->g->powMod($k, $this->p); |
| 103 | [, $r] = $r->divide($this->q); |
| 104 | if ($r->equals(self::$zero)) { |
| 105 | continue; |
| 106 | } |
| 107 | $kinv = $k->modInverse($this->q); |
| 108 | $temp = $h->add($this->x->multiply($r)); |
| 109 | $temp = $kinv->multiply($temp); |
| 110 | [, $s] = $temp->divide($this->q); |
| 111 | if (!$s->equals(self::$zero)) { |
| 112 | break; |
| 113 | } |
| 114 | } |
| 115 | |
| 116 | // the following is an RFC6979 compliant implementation of deterministic DSA |
| 117 | // it's unused because it's mainly intended for use when a good CSPRNG isn't |
| 118 | // available. if phpseclib's CSPRNG isn't good then even key generation is |
| 119 | // suspect |
| 120 | /* |
| 121 | $h1 = $this->hash->hash($message); |
| 122 | $k = $this->computek($h1); |
| 123 | $r = $this->g->powMod($k, $this->p); |
| 124 | list(, $r) = $r->divide($this->q); |
| 125 | $kinv = $k->modInverse($this->q); |
| 126 | $h1 = $this->bits2int($h1); |
| 127 | $temp = $h1->add($this->x->multiply($r)); |
| 128 | $temp = $kinv->multiply($temp); |
| 129 | list(, $s) = $temp->divide($this->q); |
| 130 | */ |
| 131 | |
| 132 | return $format::save($r, $s); |
| 133 | } |
| 134 | |
| 135 | /** |
| 136 | * Returns the private key |
| 137 | * |
| 138 | * @param array $options optional |
| 139 | */ |
| 140 | public function toString(string $type, array $options = []): string |
| 141 | { |
| 142 | $type = self::validatePlugin('Keys', $type, 'savePrivateKey'); |
| 143 | |
| 144 | if (!isset($this->y)) { |
| 145 | $this->y = $this->g->powMod($this->x, $this->p); |
| 146 | } |
| 147 | |
| 148 | return $type::savePrivateKey($this->p, $this->q, $this->g, $this->y, $this->x, $this->password, $options); |
| 149 | } |
| 150 | } |
| 151 |