/** * Verifies that the data and the signature belong to this public key. * Returns true on success, false on failure. * @param mixed $data The data to be verified * @param mixed $signature The signature of the data * @param string $algoritm Which algorithm to use for signing * @return boolean * @throws InvalidMessageDigestAlgorithmException */ public function verify($data, $signature, $algorithm = 'RSA-SHA256') { if (!in_array($algorithm, openssl_get_md_methods(true))) { throw new InvalidMessageDigestAlgorithmException("The digest algorithm '{$algorithm}' is not supported by this openssl implementation."); } return openssl_verify($data, $signature, $this->keyResource, $algorithm) == 1; }
public function getSupportedAlgs() { $results = array(); $hashes = array(); $hash_algos = openssl_get_md_methods(); if (in_array('SHA256', $hash_algos)) { $hashes[] = 256; } if (in_array('SHA384', $hash_algos)) { $hashes[] = 384; } if (in_array('SHA512', $hash_algos)) { $hashes[] = 512; } if (defined('OPENSSL_KEYTYPE_RSA')) { foreach ($hashes as $size) { $results[] = 'RS' . $size; } } if (defined('OPENSSL_KEYTYPE_EC')) { foreach ($hashes as $size) { $results[] = 'ES' . $size; } } return $results; }
/** * @throws \RuntimeException */ private function ensureSupport() { if (!function_exists('openssl_sign')) { throw new \RuntimeException('Openssl is required to use RSA encryption.'); } if (!in_array($this->getAlgorithm(), openssl_get_md_methods(true))) { throw new \RuntimeException('Algorithm "%s" is not supported.', $this->getAlgorithm()); } }
/** * @return string * @throws EncryptionNotSupported */ protected function getOpenSSLAlgorithm() { $algorithms = openssl_get_md_methods(); $algorithm = $this->getAlgorithm(); if (in_array($algorithm, $algorithms) === false) { throw new EncryptionNotSupported("Algorithm {$algorithm} is not supported."); } return $algorithm; }
/** * @throws \RuntimeException */ public function ensureSupport() { if (!function_exists('openssl_sign')) { throw new \RuntimeException('Openssl is required to use RSA encryption.'); } $supportedAlgorithms = openssl_get_md_methods(true); if (!in_array($this->getAlgorithm(), $supportedAlgorithms)) { throw new \RuntimeException('Algorithm "%s" is not supported on this system.', $this->getAlgorithm()); } }
private function getFavorite() { if (null !== $this->favorite) { return $this->favorite; } if (function_exists('hash_algos') && in_array($this->type, hash_algos(), true)) { return $this->favorite = 'hash'; } if (function_exists('openssl_get_md_methods') && in_array($this->type, openssl_get_md_methods(), true)) { return $this->favorite = 'openssl'; } }
/** * @return boolean */ private static function isAlgorithmSupported($algorithm) { if (!self::$supportedAlgorithms) { $supportedAlgorithms = openssl_get_md_methods(true); $constants = array('OPENSSL_ALGO_DSS1', 'OPENSSL_ALGO_SHA1', 'OPENSSL_ALGO_SHA224', 'OPENSSL_ALGO_SHA256', 'OPENSSL_ALGO_SHA384', 'OPENSSL_ALGO_SHA512', 'OPENSSL_ALGO_RMD160', 'OPENSSL_ALGO_MD5', 'OPENSSL_ALGO_MD4', 'OPENSSL_ALGO_MD2'); foreach ($constants as $constant) { if (defined($constant)) { $supportedAlgorithms[] = constant($constant); } } self::$supportedAlgorithms = $supportedAlgorithms; } return in_array($algorithm, self::$supportedAlgorithms); }
protected function getHashSelect($name) { $select = new \Zend\Form\Element\Select($name); $select->setAttributes(array('id' => $name)); $select->setLabel('Digest Algorithm'); $select->setEmptyOption('-- Select Digest Algorithm --'); $algos = openssl_get_md_methods(); $hashes = array(); foreach ($algos as $hash) { $upper = strtoupper($hash); if (defined('OPENSSL_ALGO_' . $upper)) { $hashes[$upper] = $upper; } } $select->setValueOptions($hashes); $select->setValue('SHA1'); return $select; }
public function __construct() { global $mtlda, $config; if (!$config->isPdfSigningEnabled()) { static::raiseError("PdfSigningController, pdf_signing not enabled in config.ini!"); return false; } if (!($this->pdf_cfg = $config->getPdfSigningConfiguration())) { static::raiseError("PdfSigningController, pdf_signing enabled but no valid [pdf_signing] section found!"); return false; } if (!($this->tsp_cfg = $config->getTimestampConfiguration())) { $this->tsp_cfg = array('tsp_algorithm' => 'SHA256'); } if (!isset($this->pdf_cfg['signature_algorithm']) || empty($this->pdf_cfg['signature_algorithm'])) { $this->pdf_cfg['signature_algorithm'] = 'SHA256'; } // check if tsp algorithm is supported by the local OpenSSL installation if (!preg_match('/^SHA(1|256)$/', $this->tsp_cfg['tsp_algorithm'])) { static::raiseError("TSP algorithm {$this->tsp_cfg['tsp_algorithm']} is not supported!"); return false; } $supported_alg = openssl_get_md_methods(true); if (empty($supported_alg) || !is_array($supported_alg)) { static::raiseError("Unable to retrive supported digest algorithms via openssl_get_md_methods()!"); return false; } $this->tsp_digest_algorithm = strtolower($this->tsp_cfg['tsp_algorithm']) . 'WithRSAEncryption'; if (!in_array($this->tsp_digest_algorithm, $supported_alg)) { static::raiseError("OpenSSL installation does not support {$this->tsp_digest_algorithm} digest algorithm!"); return false; } $fields = array('author', 'location', 'reason', 'contact', 'certificate', 'private_key'); foreach ($fields as $field) { if (!isset($this->pdf_cfg[$field]) || empty($this->pdf_cfg[$field])) { static::raiseError("PdfSigningController, {$field} not found in section [pdf_signing]!"); return false; } } }
protected function execute(InputInterface $input, OutputInterface $output) { $config = Factory::createConfig(); if ($config->get('disable-tls') === true) { $baseUrl = 'http://' . self::HOMEPAGE; } else { $baseUrl = 'https://' . self::HOMEPAGE; } $io = $this->getIO(); $remoteFilesystem = Factory::createRemoteFilesystem($io, $config); $versionsUtil = new Versions($config, $remoteFilesystem); // switch channel if requested foreach (array('stable', 'preview', 'snapshot') as $channel) { if ($input->getOption($channel)) { $versionsUtil->setChannel($channel); } } $cacheDir = $config->get('cache-dir'); $rollbackDir = $config->get('data-dir'); $home = $config->get('home'); $localFilename = realpath($_SERVER['argv'][0]) ?: $_SERVER['argv'][0]; if ($input->getOption('update-keys')) { return $this->fetchKeys($io, $config); } // check if current dir is writable and if not try the cache dir from settings $tmpDir = is_writable(dirname($localFilename)) ? dirname($localFilename) : $cacheDir; // check for permissions in local filesystem before start connection process if (!is_writable($tmpDir)) { throw new FilesystemException('Composer update failed: the "' . $tmpDir . '" directory used to download the temp file could not be written'); } if ($input->getOption('rollback')) { return $this->rollback($output, $rollbackDir, $localFilename); } $latest = $versionsUtil->getLatest(); $latestVersion = $latest['version']; $updateVersion = $input->getArgument('version') ?: $latestVersion; if (preg_match('{^[0-9a-f]{40}$}', $updateVersion) && $updateVersion !== $latestVersion) { $io->writeError('<error>You can not update to a specific SHA-1 as those phars are not available for download</error>'); return 1; } if (Composer::VERSION === $updateVersion) { $io->writeError('<info>You are already using composer version ' . $updateVersion . '.</info>'); // remove all backups except for the most recent, if any if ($input->getOption('clean-backups')) { $this->cleanBackups($rollbackDir, $this->getLastBackupVersion($rollbackDir)); } return 0; } $tempFilename = $tmpDir . '/' . basename($localFilename, '.phar') . '-temp.phar'; $backupFile = sprintf('%s/%s-%s%s', $rollbackDir, strtr(Composer::RELEASE_DATE, ' :', '_-'), preg_replace('{^([0-9a-f]{7})[0-9a-f]{33}$}', '$1', Composer::VERSION), self::OLD_INSTALL_EXT); $updatingToTag = !preg_match('{^[0-9a-f]{40}$}', $updateVersion); $io->write(sprintf("Updating to version <info>%s</info>.", $updateVersion)); $remoteFilename = $baseUrl . ($updatingToTag ? "/download/{$updateVersion}/composer.phar" : '/composer.phar'); $signature = $remoteFilesystem->getContents(self::HOMEPAGE, $remoteFilename . '.sig', false); $remoteFilesystem->copy(self::HOMEPAGE, $remoteFilename, $tempFilename, !$input->getOption('no-progress')); if (!file_exists($tempFilename) || !$signature) { $io->writeError('<error>The download of the new composer version failed for an unexpected reason</error>'); return 1; } // verify phar signature if (!extension_loaded('openssl') && $config->get('disable-tls')) { $io->writeError('<warning>Skipping phar signature verification as you have disabled OpenSSL via config.disable-tls</warning>'); } else { if (!extension_loaded('openssl')) { throw new \RuntimeException('The openssl extension is required for phar signatures to be verified but it is not available. ' . 'If you can not enable the openssl extension, you can disable this error, at your own risk, by setting the \'disable-tls\' option to true.'); } $sigFile = 'file://' . $home . '/' . ($updatingToTag ? 'keys.tags.pub' : 'keys.dev.pub'); if (!file_exists($sigFile)) { file_put_contents($home . '/keys.dev.pub', <<<DEVPUBKEY -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnBDHjZS6e0ZMoK3xTD7f FNCzlXjX/Aie2dit8QXA03pSrOTbaMnxON3hUL47Lz3g1SC6YJEMVHr0zYq4elWi i3ecFEgzLcj+pZM5X6qWu2Ozz4vWx3JYo1/a/HYdOuW9e3lwS8VtS0AVJA+U8X0A hZnBmGpltHhO8hPKHgkJtkTUxCheTcbqn4wGHl8Z2SediDcPTLwqezWKUfrYzu1f o/j3WFwFs6GtK4wdYtiXr+yspBZHO3y1udf8eFFGcb2V3EaLOrtfur6XQVizjOuk 8lw5zzse1Qp/klHqbDRsjSzJ6iL6F4aynBc6Euqt/8ccNAIz0rLjLhOraeyj4eNn 8iokwMKiXpcrQLTKH+RH1JCuOVxQ436bJwbSsp1VwiqftPQieN+tzqy+EiHJJmGf TBAbWcncicCk9q2md+AmhNbvHO4PWbbz9TzC7HJb460jyWeuMEvw3gNIpEo2jYa9 pMV6cVqnSa+wOc0D7pC9a6bne0bvLcm3S+w6I5iDB3lZsb3A9UtRiSP7aGSo7D72 8tC8+cIgZcI7k9vjvOqH+d7sdOU2yPCnRY6wFh62/g8bDnUpr56nZN1G89GwM4d4 r/TU7BQQIzsZgAiqOGXvVklIgAMiV0iucgf3rNBLjjeNEwNSTTG9F0CtQ+7JLwaE wSEuAuRm+pRqi8BRnQ/GKUcCAwEAAQ== -----END PUBLIC KEY----- DEVPUBKEY ); file_put_contents($home . '/keys.tags.pub', <<<TAGSPUBKEY -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0Vi/2K6apCVj76nCnCl2 MQUPdK+A9eqkYBacXo2wQBYmyVlXm2/n/ZsX6pCLYPQTHyr5jXbkQzBw8SKqPdlh vA7NpbMeNCz7wP/AobvUXM8xQuXKbMDTY2uZ4O7sM+PfGbptKPBGLe8Z8d2sUnTO bXtX6Lrj13wkRto7st/w/Yp33RHe9SlqkiiS4MsH1jBkcIkEHsRaveZzedUaxY0M mba0uPhGUInpPzEHwrYqBBEtWvP97t2vtfx8I5qv28kh0Y6t+jnjL1Urid2iuQZf noCMFIOu4vksK5HxJxxrN0GOmGmwVQjOOtxkwikNiotZGPR4KsVj8NnBrLX7oGuM nQvGciiu+KoC2r3HDBrpDeBVdOWxDzT5R4iI0KoLzFh2pKqwbY+obNPS2bj+2dgJ rV3V5Jjry42QOCBN3c88wU1PKftOLj2ECpewY6vnE478IipiEu7EAdK8Zwj2LmTr RKQUSa9k7ggBkYZWAeO/2Ag0ey3g2bg7eqk+sHEq5ynIXd5lhv6tC5PBdHlWipDK tl2IxiEnejnOmAzGVivE1YGduYBjN+mjxDVy8KGBrjnz1JPgAvgdwJ2dYw4Rsc/e TzCFWGk/HM6a4f0IzBWbJ5ot0PIi4amk07IotBXDWwqDiQTwyuGCym5EqWQ2BD95 RGv89BPD+2DLnJysngsvVaUCAwEAAQ== -----END PUBLIC KEY----- TAGSPUBKEY ); } $pubkeyid = openssl_pkey_get_public($sigFile); $algo = defined('OPENSSL_ALGO_SHA384') ? OPENSSL_ALGO_SHA384 : 'SHA384'; if (!in_array('SHA384', openssl_get_md_methods())) { throw new \RuntimeException('SHA384 is not supported by your openssl extension, could not verify the phar file integrity'); } $signature = json_decode($signature, true); $signature = base64_decode($signature['sha384']); $verified = 1 === openssl_verify(file_get_contents($tempFilename), $signature, $pubkeyid, $algo); openssl_free_key($pubkeyid); if (!$verified) { throw new \RuntimeException('The phar signature did not match the file you downloaded, this means your public keys are outdated or that the phar file is corrupt/has been modified'); } } // remove saved installations of composer if ($input->getOption('clean-backups')) { $this->cleanBackups($rollbackDir); } if ($err = $this->setLocalPhar($localFilename, $tempFilename, $backupFile)) { @unlink($tempFilename); $io->writeError('<error>The file is corrupted (' . $err->getMessage() . ').</error>'); $io->writeError('<error>Please re-run the self-update command to try again.</error>'); return 1; } if (file_exists($backupFile)) { $io->writeError('Use <info>composer self-update --rollback</info> to return to version ' . Composer::VERSION); } else { $io->writeError('<warning>A backup of the current version could not be written to ' . $backupFile . ', no rollback possible</warning>'); } }
<?php $digests = openssl_get_md_methods(); $digests_and_aliases = openssl_get_md_methods(true); $digest_aliases = array_diff($digests_and_aliases, $digests); print_r($digests); print_r($digest_aliases);
/** * installs composer to the current working directory */ function installComposer($version, $installDir, $filename, $quiet, $disableTls, $cafile, $channel) { $installPath = (is_dir($installDir) ? rtrim($installDir, '/') . '/' : '') . $filename; $installDir = realpath($installDir) ? realpath($installDir) : getcwd(); $file = $installDir . DIRECTORY_SEPARATOR . $filename; if (is_readable($file)) { @unlink($file); } $home = getHomeDir(); file_put_contents($home . '/keys.dev.pub', <<<DEVPUBKEY -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnBDHjZS6e0ZMoK3xTD7f FNCzlXjX/Aie2dit8QXA03pSrOTbaMnxON3hUL47Lz3g1SC6YJEMVHr0zYq4elWi i3ecFEgzLcj+pZM5X6qWu2Ozz4vWx3JYo1/a/HYdOuW9e3lwS8VtS0AVJA+U8X0A hZnBmGpltHhO8hPKHgkJtkTUxCheTcbqn4wGHl8Z2SediDcPTLwqezWKUfrYzu1f o/j3WFwFs6GtK4wdYtiXr+yspBZHO3y1udf8eFFGcb2V3EaLOrtfur6XQVizjOuk 8lw5zzse1Qp/klHqbDRsjSzJ6iL6F4aynBc6Euqt/8ccNAIz0rLjLhOraeyj4eNn 8iokwMKiXpcrQLTKH+RH1JCuOVxQ436bJwbSsp1VwiqftPQieN+tzqy+EiHJJmGf TBAbWcncicCk9q2md+AmhNbvHO4PWbbz9TzC7HJb460jyWeuMEvw3gNIpEo2jYa9 pMV6cVqnSa+wOc0D7pC9a6bne0bvLcm3S+w6I5iDB3lZsb3A9UtRiSP7aGSo7D72 8tC8+cIgZcI7k9vjvOqH+d7sdOU2yPCnRY6wFh62/g8bDnUpr56nZN1G89GwM4d4 r/TU7BQQIzsZgAiqOGXvVklIgAMiV0iucgf3rNBLjjeNEwNSTTG9F0CtQ+7JLwaE wSEuAuRm+pRqi8BRnQ/GKUcCAwEAAQ== -----END PUBLIC KEY----- DEVPUBKEY ); file_put_contents($home . '/keys.tags.pub', <<<TAGSPUBKEY -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0Vi/2K6apCVj76nCnCl2 MQUPdK+A9eqkYBacXo2wQBYmyVlXm2/n/ZsX6pCLYPQTHyr5jXbkQzBw8SKqPdlh vA7NpbMeNCz7wP/AobvUXM8xQuXKbMDTY2uZ4O7sM+PfGbptKPBGLe8Z8d2sUnTO bXtX6Lrj13wkRto7st/w/Yp33RHe9SlqkiiS4MsH1jBkcIkEHsRaveZzedUaxY0M mba0uPhGUInpPzEHwrYqBBEtWvP97t2vtfx8I5qv28kh0Y6t+jnjL1Urid2iuQZf noCMFIOu4vksK5HxJxxrN0GOmGmwVQjOOtxkwikNiotZGPR4KsVj8NnBrLX7oGuM nQvGciiu+KoC2r3HDBrpDeBVdOWxDzT5R4iI0KoLzFh2pKqwbY+obNPS2bj+2dgJ rV3V5Jjry42QOCBN3c88wU1PKftOLj2ECpewY6vnE478IipiEu7EAdK8Zwj2LmTr RKQUSa9k7ggBkYZWAeO/2Ag0ey3g2bg7eqk+sHEq5ynIXd5lhv6tC5PBdHlWipDK tl2IxiEnejnOmAzGVivE1YGduYBjN+mjxDVy8KGBrjnz1JPgAvgdwJ2dYw4Rsc/e TzCFWGk/HM6a4f0IzBWbJ5ot0PIi4amk07IotBXDWwqDiQTwyuGCym5EqWQ2BD95 RGv89BPD+2DLnJysngsvVaUCAwEAAQ== -----END PUBLIC KEY----- TAGSPUBKEY ); if (false === $disableTls && empty($cafile) && !HttpClient::getSystemCaRootBundlePath()) { $errorHandler = new ErrorHandler(); set_error_handler(array($errorHandler, 'handleError')); $target = $home . '/cacert.pem'; $write = file_put_contents($target, HttpClient::getPackagedCaFile(), LOCK_EX); @chmod($target, 0644); restore_error_handler(); if (!$write) { throw new RuntimeException('Unable to write bundled cacert.pem to: ' . $target); } $cafile = $target; } $httpClient = new HttpClient($disableTls, $cafile); $uriScheme = false === $disableTls ? 'https' : 'http'; if (!$version) { $versions = json_decode($httpClient->get($uriScheme . '://getcomposer.org/versions'), true); foreach ($versions[$channel] as $candidate) { if ($candidate['min-php'] <= PHP_VERSION_ID) { $version = $candidate['version']; $downloadUrl = $candidate['path']; break; } } if (!$version) { throw new RuntimeException('There is no version of Composer available for your PHP version (' . PHP_VERSION . ')'); } } else { $downloadUrl = "/download/{$version}/composer.phar"; } $retries = 3; while ($retries--) { if (!$quiet) { out("Downloading {$version}...", 'info'); } $url = "{$uriScheme}://getcomposer.org{$downloadUrl}"; $errorHandler = new ErrorHandler(); set_error_handler(array($errorHandler, 'handleError')); // download signature file if (false === $disableTls) { $signature = $httpClient->get($url . '.sig'); if (!$signature) { out('Download failed: ' . $errorHandler->message, 'error'); } else { $signature = json_decode($signature, true); $signature = base64_decode($signature['sha384']); } } $fh = fopen($file, 'w'); if (!$fh) { out('Could not create file ' . $file . ': ' . $errorHandler->message, 'error'); } if (!fwrite($fh, $httpClient->get($url))) { out('Download failed: ' . $errorHandler->message, 'error'); } fclose($fh); restore_error_handler(); if ($errorHandler->message) { continue; } try { // create a temp file ending in .phar since the Phar class only accepts that if ('.phar' !== substr($file, -5)) { copy($file, $file . '.tmp.phar'); $pharFile = $file . '.tmp.phar'; } else { $pharFile = $file; } // verify signature if (false === $disableTls) { $pubkeyid = openssl_pkey_get_public('file://' . $home . '/' . (preg_match('{^[0-9a-f]{40}$}', $version) ? 'keys.dev.pub' : 'keys.tags.pub')); $algo = defined('OPENSSL_ALGO_SHA384') ? OPENSSL_ALGO_SHA384 : 'SHA384'; if (!in_array('SHA384', openssl_get_md_methods())) { out('SHA384 is not supported by your openssl extension, could not verify the phar file integrity', 'error'); exit(1); } $verified = 1 === openssl_verify(file_get_contents($file), $signature, $pubkeyid, $algo); openssl_free_key($pubkeyid); if (!$verified) { out('Signature mismatch, could not verify the phar file integrity', 'error'); exit(1); } } // test the phar validity if (!ini_get('phar.readonly')) { $phar = new Phar($pharFile); // free the variable to unlock the file unset($phar); } // clean up temp file if needed if ($file !== $pharFile) { unlink($pharFile); } break; } catch (Exception $e) { if (!$e instanceof UnexpectedValueException && !$e instanceof PharException) { throw $e; } // clean up temp file if needed if ($file !== $pharFile) { unlink($pharFile); } unlink($file); if ($retries) { if (!$quiet) { out('The download is corrupt, retrying...', 'error'); } } else { out('The download is corrupt (' . $e->getMessage() . '), aborting.', 'error'); exit(1); } } } if ($errorHandler->message) { out('The download failed repeatedly, aborting.', 'error'); exit(1); } chmod($file, 0755); if (!$quiet) { out(PHP_EOL . "Composer successfully installed to: " . $file, 'success', false); out(PHP_EOL . "Use it: php {$installPath}", 'info'); } }
public static function getMdMethods($aliases = false) { return openssl_get_md_methods($aliases); }
/** * Set hash algorithm * * @param string $name * @throws InvalidArgumentException */ public function setHashAlgorithm($name) { switch (strtolower($name)) { case 'md2': // check if md2 digest is enabled on openssl just for backwards compatibility $digests = openssl_get_md_methods(); if (!in_array(strtoupper($name), $digests)) { throw new InvalidArgumentException('Openssl md2 digest is not enabled (deprecated)'); } $this->_hashAlgorithm = OPENSSL_ALGO_MD2; break; case 'md4': $this->_hashAlgorithm = OPENSSL_ALGO_MD4; break; case 'md5': $this->_hashAlgorithm = OPENSSL_ALGO_MD5; break; case 'sha1': $this->_hashAlgorithm = OPENSSL_ALGO_SHA1; break; case 'dss1': $this->_hashAlgorithm = OPENSSL_ALGO_DSS1; break; } }
/** * @param bool $aliases * * @return array */ public static function getDigestMethods(bool $aliases = FALSE) : array { return openssl_get_md_methods($aliases); }
/** * Generate a DKIM signature. * @access public * @param string $signHeader * @throws phpmailerException * @return string The DKIM signature value */ public function DKIM_Sign($signHeader) { if (!defined('PKCS7_TEXT')) { if ($this->exceptions) { throw new phpmailerException($this->lang('extension_missing') . 'openssl'); } return ''; } $privKeyStr = file_get_contents($this->DKIM_private); if ('' != $this->DKIM_passphrase) { $privKey = openssl_pkey_get_private($privKeyStr, $this->DKIM_passphrase); } else { $privKey = openssl_pkey_get_private($privKeyStr); } //Workaround for missing digest algorithms in old PHP & OpenSSL versions //@link http://stackoverflow.com/a/11117338/333340 if (version_compare(PHP_VERSION, '5.3.0') >= 0 and in_array('sha256WithRSAEncryption', openssl_get_md_methods(true))) { if (openssl_sign($signHeader, $signature, $privKey, 'sha256WithRSAEncryption')) { openssl_pkey_free($privKey); return base64_encode($signature); } } else { $pinfo = openssl_pkey_get_details($privKey); $hash = hash('sha256', $signHeader); //'Magic' constant for SHA256 from RFC3447 //@link https://tools.ietf.org/html/rfc3447#page-43 $t = '3031300d060960864801650304020105000420' . $hash; $pslen = $pinfo['bits'] / 8 - (strlen($t) / 2 + 3); $eb = pack('H*', '0001' . str_repeat('FF', $pslen) . '00' . $t); if (openssl_private_encrypt($eb, $signature, $privKey, OPENSSL_NO_PADDING)) { openssl_pkey_free($privKey); return base64_encode($signature); } } openssl_pkey_free($privKey); return ''; }
<?php $test_values = array(OPENSSL_ALGO_SHA1, OPENSSL_ALGO_MD5, OPENSSL_ALGO_MD4); function run_test($value) { $data = 'DATA TO SIGN'; $signature = 'SIGNATURE'; $key = openssl_pkey_new(); $private_key = openssl_get_privatekey($key); $public_key = openssl_pkey_get_details($key)['key']; try { var_dump(openssl_sign($data, $signature, $private_key, $value)); } catch (Exception $e) { echo $e->getMessage() . "\n"; } try { var_dump(openssl_verify($data, $signature, $public_key, $value)); } catch (Exception $e) { echo $e->getMessage() . "\n"; } openssl_free_key($key); } $test_values = array_merge($test_values, openssl_get_md_methods()); foreach ($test_values as $test_value) { run_test($test_value); }
/** * PBKDF2 key derivation function as defined by RSA's PKCS #5: https://www.ietf.org/rfc/rfc2898.txt. * * Test vectors can be found here: https://www.ietf.org/rfc/rfc6070.txt * * This implementation of PBKDF2 was originally created by https://defuse.ca * With improvements by http://www.variations-of-shadow.com * * @param string $password the password * @param string $salt a salt that is unique to the password * @param string $keyLength the length of the derived key in bytes * @param string $count iteration count. Higher is better, but slower. Recommended: At least 1000 * @param string $algorithm the hash algorithm to use. Recommended: SHA256 * @param string $binaryUnsafe if true, the key is returned in raw binary format. Hex encoded otherwise * * @return string the key derived from the password and salt * * @throws \InvalidArgumentException invalid arguments have been passed * @throws HashingException the error occurred while generating the requested hashing algorithm */ public static function pbkdf2($password, $salt, $keyLength, $count, $algorithm = self::SHA1, $binaryUnsafe = false) { if (!is_integer($count) || $count <= 0) { throw new \InvalidArgumentException('The iteration number for the PBKDF2 function must be a positive non-zero integer', 2); } if (!is_integer($keyLength) || $keyLength <= 0) { throw new \InvalidArgumentException('The resulting key length for the PBKDF2 function must be a positive non-zero integer', 2); } if (!is_string($algorithm) || strlen($algorithm) <= 0) { throw new \InvalidArgumentException('The hashing algorithm for the PBKDF2 function must be a non-empty string', 2); } //an algorithm is represented as a string of only lowercase chars $algorithm = strtolower($algorithm); //the raw output of the max legth (beyond the $keyLength algorithm) $output = ''; if (function_exists('openssl_pbkdf2')) { /* execute the native openssl_pbkdf2 */ //check if the algorithm is valid if (!in_array($algorithm, openssl_get_md_methods(true), true)) { throw new HashingException('Invalid algorithm: the choosen algorithm is not valid for the PBKDF2 function', 2); } $output = openssl_pbkdf2($password, $salt, $keyLength, $count, $algorithm); } elseif (function_exists('hash_pbkdf2')) { /* execute the native hash_pbkdf2 */ //check if the algorithm is valid if (!in_array($algorithm, hash_algos(), true)) { throw new HashingException('Invalid algorithm: the choosen algorithm is not valid for the PBKDF2 function', 2); } // The output length is in NIBBLES (4-bits) if $binaryUnsafe is false! if (!$binaryUnsafe) { $keyLength = $keyLength * 2; } return hash_pbkdf2($algorithm, $password, $salt, $count, $keyLength, $binaryUnsafe); } else { /* use an hack to emulate openssl_pbkdf2 */ //check if the algorithm is valid if (!in_array($algorithm, hash_algos(), true)) { throw new HashingException('Invalid algorithm: the choosen algorithm is not valid for the PBKDF2 function', 2); } $hashLength = strlen(hash($algorithm, '', true)); $blockCount = ceil($keyLength / $hashLength); for ($i = 1; $i <= $blockCount; ++$i) { // $i encoded as 4 bytes, big endian. $last = $salt . pack('N', $i); // first iteration $last = $xorsum = hash_hmac($algorithm, $last, $password, true); // perform the other $count - 1 iterations for ($j = 1; $j < $count; ++$j) { $xorsum ^= $last = hash_hmac($algorithm, $last, $password, true); } $output .= $xorsum; } } return $binaryUnsafe ? substr($output, 0, $keyLength) : bin2hex(substr($output, 0, $keyLength)); }