SecureLogin

Crypt_RSA Class Reference

Public Member Functions

 Crypt_RSA ()
 createKey ($bits=1024, $timeout=false, $partial=array())
 _convertPrivateKey ($n, $e, $d, $primes, $exponents, $coefficients)
 _convertPublicKey ($n, $e)
 _parseKey ($key, $type)
 loadKey ($key, $type=CRYPT_RSA_PRIVATE_FORMAT_PKCS1)
 setPassword ($password)
 setPublicKey ($key, $type=CRYPT_RSA_PUBLIC_FORMAT_PKCS1)
 getPublicKey ($type=CRYPT_RSA_PUBLIC_FORMAT_PKCS1)
 _generateMinMax ($bits)
 _decodeLength (&$string)
 _encodeLength ($length)
 _string_shift (&$string, $index=1)
 setPrivateKeyFormat ($format)
 setPublicKeyFormat ($format)
 setHash ($hash)
 setMGFHash ($hash)
 setSaltLength ($sLen)
 _random ($bytes, $nonzero=false)
 _i2osp ($x, $xLen)
 _os2ip ($x)
 _exponentiate ($x)
 _blind ($x, $r, $i)
 _rsaep ($m)
 _rsadp ($c)
 _rsasp1 ($m)
 _rsavp1 ($s)
 _mgf1 ($mgfSeed, $maskLen)
 _rsaes_oaep_encrypt ($m, $l= '')
 _rsaes_oaep_decrypt ($c, $l= '')
 _rsaes_pkcs1_v1_5_encrypt ($m)
 _rsaes_pkcs1_v1_5_decrypt ($c)
 _emsa_pss_encode ($m, $emBits)
 _emsa_pss_verify ($m, $em, $emBits)
 _rsassa_pss_sign ($m)
 _rsassa_pss_verify ($m, $s)
 _emsa_pkcs1_v1_5_encode ($m, $emLen)
 _rsassa_pkcs1_v1_5_sign ($m)
 _rsassa_pkcs1_v1_5_verify ($m, $s)
 setEncryptionMode ($mode)
 setSignatureMode ($mode)
 encrypt ($plaintext)
 decrypt ($ciphertext)
 sign ($message)
 verify ($message, $signature)

Data Fields

 $zero
 $one
 $privateKeyFormat = CRYPT_RSA_PRIVATE_FORMAT_PKCS1
 $publicKeyFormat = CRYPT_RSA_PUBLIC_FORMAT_PKCS1
 $modulus
 $k
 $exponent
 $primes
 $exponents
 $coefficients
 $hashName
 $hash
 $hLen
 $sLen
 $mgfHash
 $mgfHLen
 $encryptionMode = CRYPT_RSA_ENCRYPTION_OAEP
 $signatureMode = CRYPT_RSA_SIGNATURE_PSS
 $publicExponent = false
 $password = ''

Member Function Documentation

_blind ( x,
r,
i 
)

Performs RSA Blinding

Protects against timing attacks by employing RSA Blinding. Returns $x->modPow($this->exponents[$i], $this->primes[$i])

private

Parameters:
Math_BigInteger$x
Math_BigInteger$r
Integer$i
Returns:
Math_BigInteger
_convertPrivateKey ( n,
e,
d,
primes,
exponents,
coefficients 
)

Convert a private key to the appropriate format.

private

See also:
setPrivateKeyFormat()
Parameters:
String$RSAPrivateKey
Returns:
String
_convertPublicKey ( n,
e 
)

Convert a public key to the appropriate format

private

See also:
setPublicKeyFormat()
Parameters:
String$RSAPrivateKey
Returns:
String
_decodeLength ( &$  string)

DER-decode the length

DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4. See X.690 § 8.1.3 for more information.

private

Parameters:
String$string
Returns:
Integer
_emsa_pkcs1_v1_5_encode ( m,
emLen 
)

EMSA-PKCS1-V1_5-ENCODE

See RFC3447#section-9.2.

private

Parameters:
String$m
Integer$emLen
Returns:
String
_emsa_pss_encode ( m,
emBits 
)

EMSA-PSS-ENCODE

See RFC3447#section-9.1.1.

private

Parameters:
String$m
Integer$emBits
_emsa_pss_verify ( m,
em,
emBits 
)

EMSA-PSS-VERIFY

See RFC3447#section-9.1.2.

private

Parameters:
String$m
String$em
Integer$emBits
Returns:
String
_encodeLength ( length)

DER-encode the length

DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4. See X.690 § 8.1.3 for more information.

private

Parameters:
Integer$length
Returns:
String
_exponentiate ( x)

Exponentiate with or without Chinese Remainder Theorem

See RFC3447#section-5.1.2.

private

Parameters:
Math_BigInteger$x
Returns:
Math_BigInteger
_generateMinMax ( bits)

Generates the smallest and largest numbers requiring $bits bits

private

Parameters:
Integer$bits
Returns:
Array
_i2osp ( x,
xLen 
)

Integer-to-Octet-String primitive

See RFC3447#section-4.1.

private

Parameters:
Math_BigInteger$x
Integer$xLen
Returns:
String
_mgf1 ( mgfSeed,
maskLen 
)

MGF1

See RFC3447#appendix-B.2.1.

private

Parameters:
String$mgfSeed
Integer$mgfLen
Returns:
String
_os2ip ( x)

Octet-String-to-Integer primitive

See RFC3447#section-4.2.

private

Parameters:
String$x
Returns:
Math_BigInteger
_parseKey ( key,
type 
)

Break a public or private key down into its constituant components

private

See also:
_convertPublicKey()
_convertPrivateKey()
Parameters:
String$key
Integer$type
Returns:
Array
_random ( bytes,
nonzero = false 
)

Generates a random string x bytes long

public

Parameters:
Integer$bytes
optionalInteger $nonzero
Returns:
String
_rsadp ( c)

RSADP

See RFC3447#section-5.1.2.

private

Parameters:
Math_BigInteger$c
Returns:
Math_BigInteger
_rsaep ( m)

RSAEP

See RFC3447#section-5.1.1.

private

Parameters:
Math_BigInteger$m
Returns:
Math_BigInteger
_rsaes_oaep_decrypt ( c,
l = '' 
)

RSAES-OAEP-DECRYPT

See RFC3447#section-7.1.2. The fact that the error messages aren't distinguishable from one another hinders debugging, but, to quote from RFC3447::section-7.1.2:

Note. Care must be taken to ensure that an opponent cannot distinguish the different error conditions in Step 3.g, whether by error message or timing, or, more generally, learn partial information about the encoded message EM. Otherwise an opponent may be able to obtain useful information about the decryption of the ciphertext C, leading to a chosen-ciphertext attack such as the one observed by Manger [36].

As for $l... to quote from RFC3447#page-17:

Both the encryption and the decryption operations of RSAES-OAEP take the value of a label L as input. In this version of PKCS #1, L is the empty string; other uses of the label are outside the scope of this document.

private

Parameters:
String$c
String$l
Returns:
String
_rsaes_oaep_encrypt ( m,
l = '' 
)

RSAES-OAEP-ENCRYPT

See RFC3447#section-7.1.1 and {http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding OAES}.

private

Parameters:
String$m
String$l
Returns:
String
_rsaes_pkcs1_v1_5_decrypt ( c)

RSAES-PKCS1-V1_5-DECRYPT

See RFC3447#section-7.2.2.

For compatability purposes, this function departs slightly from the description given in RFC3447. The reason being that RFC2313::section-8.1 (PKCS#1 v1.5) states that ciphertext's encrypted by the private key should have the second byte set to either 0 or 1 and that ciphertext's encrypted by the public key should have the second byte set to 2. In RFC3447 (PKCS#1 v2.1), the second byte is supposed to be 2 regardless of which key is used. for compatability purposes, we'll just check to make sure the second byte is 2 or less. If it is, we'll accept the decrypted string as valid.

As a consequence of this, a private key encrypted ciphertext produced with Crypt_RSA may not decrypt with a strictly PKCS#1 v1.5 compliant RSA implementation. Public key encrypted ciphertext's should but not private key encrypted ciphertext's.

private

Parameters:
String$c
Returns:
String
_rsaes_pkcs1_v1_5_encrypt ( m)

RSAES-PKCS1-V1_5-ENCRYPT

See RFC3447#section-7.2.1.

private

Parameters:
String$m
Returns:
String
_rsasp1 ( m)

RSASP1

See RFC3447#section-5.2.1.

private

Parameters:
Math_BigInteger$m
Returns:
Math_BigInteger
_rsassa_pkcs1_v1_5_sign ( m)

RSASSA-PKCS1-V1_5-SIGN

See RFC3447#section-8.2.1.

private

Parameters:
String$m
Returns:
String
_rsassa_pkcs1_v1_5_verify ( m,
s 
)

RSASSA-PKCS1-V1_5-VERIFY

See RFC3447#section-8.2.2.

private

Parameters:
String$m
Returns:
String
_rsassa_pss_sign ( m)

RSASSA-PSS-SIGN

See RFC3447#section-8.1.1.

private

Parameters:
String$m
Returns:
String
_rsassa_pss_verify ( m,
s 
)

RSASSA-PSS-VERIFY

See RFC3447#section-8.1.2.

private

Parameters:
String$m
String$s
Returns:
String
_rsavp1 ( s)

RSAVP1

See RFC3447#section-5.2.2.

private

Parameters:
Math_BigInteger$s
Returns:
Math_BigInteger
_string_shift ( &$  string,
index = 1 
)

String Shift

Inspired by array_shift

Parameters:
String$string
optionalInteger $index
Returns:
String private
createKey ( bits = 1024,
timeout = false,
partial = array() 
)

Create public / private key pair

Returns an array with the following three elements:

  • 'privatekey': The private key.
  • 'publickey': The public key.
  • 'partialkey': A partially computed key (if the execution time exceeded $timeout). Will need to be passed back to Crypt_RSA::createKey() as the third parameter for further processing.

public

Parameters:
optionalInteger $bits
optionalInteger $timeout
optionalMath_BigInteger $p
Crypt_RSA ( )

The constructor

If you want to make use of the openssl extension, you'll need to set the mode manually, yourself. The reason Crypt_RSA doesn't do it is because OpenSSL doesn't fail gracefully. openssl_pkey_new(), in particular, requires openssl.cnf be present somewhere and, unfortunately, the only real way to find out is too late.

Returns:
Crypt_RSA public
decrypt ( ciphertext)

Decryption

See also:
encrypt() public
Parameters:
String$plaintext
Returns:
String
encrypt ( plaintext)

Encryption

Both CRYPT_RSA_ENCRYPTION_OAEP and CRYPT_RSA_ENCRYPTION_PKCS1 both place limits on how long $plaintext can be. If $plaintext exceeds those limits it will be broken up so that it does and the resultant ciphertext's will be concatenated together.

See also:
decrypt() public
Parameters:
String$plaintext
Returns:
String
getPublicKey ( type = CRYPT_RSA_PUBLIC_FORMAT_PKCS1)

Returns the public key

The public key is only returned under two circumstances - if the private key had the public key embedded within it or if the public key was set via setPublicKey(). If the currently loaded key is supposed to be the public key this function won't return it since this library, for the most part, doesn't distinguish between public and private keys.

See also:
getPublicKey() public
Parameters:
String$key
Integer$typeoptional
loadKey ( key,
type = CRYPT_RSA_PRIVATE_FORMAT_PKCS1 
)

Loads a public or private key

Returns true on success and false on failure (ie. an incorrect password was provided or the key was malformed)

public

Parameters:
String$key
Integer$typeoptional
setEncryptionMode ( mode)

Set Encryption Mode

Valid values include CRYPT_RSA_ENCRYPTION_OAEP and CRYPT_RSA_ENCRYPTION_PKCS1.

public

Parameters:
Integer$mode
setHash ( hash)

Determines which hashing function should be used

Used with signature production / verification and (if the encryption mode is CRYPT_RSA_ENCRYPTION_OAEP) encryption and decryption. If $hash isn't supported, sha1 is used.

public

Parameters:
String$hash
setMGFHash ( hash)

Determines which hashing function should be used for the mask generation function

The mask generation function is used by CRYPT_RSA_ENCRYPTION_OAEP and CRYPT_RSA_SIGNATURE_PSS and although it's best if Hash and MGFHash are set to the same thing this is not a requirement.

public

Parameters:
String$hash
setPassword ( password)

Sets the password

Private keys can be encrypted with a password. To unset the password, pass in the empty string or false. Or rather, pass in $password such that empty($password) is true.

See also:
createKey()
loadKey() public
Parameters:
String$password
setPrivateKeyFormat ( format)

Determines the private key format

See also:
createKey() public
Parameters:
Integer$format
setPublicKey ( key,
type = CRYPT_RSA_PUBLIC_FORMAT_PKCS1 
)

Defines the public key

Some private key formats define the public exponent and some don't. Those that don't define it are problematic when used in certain contexts. For example, in SSH-2, RSA authentication works by sending the public key along with a message signed by the private key to the server. The SSH-2 server looks the public key up in an index of public keys and if it's present then proceeds to verify the signature. Problem is, if your private key doesn't include the public exponent this won't work unless you manually add the public exponent.

Do note that when a new key is loaded the index will be cleared.

Returns true on success, false on failure

See also:
getPublicKey() public
Parameters:
String$key
Integer$typeoptional
Returns:
Boolean
setPublicKeyFormat ( format)

Determines the public key format

See also:
createKey() public
Parameters:
Integer$format
setSaltLength ( sLen)

Determines the salt length

To quote from RFC3447#page-38:

Typical salt lengths in octets are hLen (the length of the output of the hash function Hash) and 0.

public

Parameters:
Integer$format
setSignatureMode ( mode)

Set Signature Mode

Valid values include CRYPT_RSA_SIGNATURE_PSS and CRYPT_RSA_SIGNATURE_PKCS1

public

Parameters:
Integer$mode
sign ( message)

Create a signature

See also:
verify() public
Parameters:
String$message
Returns:
String
verify ( message,
signature 
)

Verifies a signature

See also:
sign() public
Parameters:
String$message
String$signature
Returns:
Boolean

The documentation for this class was generated from the following file:
 All Data Structures Namespaces Files Functions Variables