/**
* Verifies that the data and the signature belong to this public key.
* Returns true on success, false on failure.
* @param mixed $data The data to be verified
* @param mixed $signature The signature of the data
* @param string $algoritm Which algorithm to use for signing
* @return boolean
* @throws InvalidMessageDigestAlgorithmException
*/
public function verify($data, $signature, $algorithm = 'RSA-SHA256')
{
if (!in_array($algorithm, openssl_get_md_methods(true))) {
throw new InvalidMessageDigestAlgorithmException("The digest algorithm '{$algorithm}' is not supported by this openssl implementation.");
}
return openssl_verify($data, $signature, $this->keyResource, $algorithm) == 1;
}
public function getSupportedAlgs()
{
$results = array();
$hashes = array();
$hash_algos = openssl_get_md_methods();
if (in_array('SHA256', $hash_algos)) {
$hashes[] = 256;
}
if (in_array('SHA384', $hash_algos)) {
$hashes[] = 384;
}
if (in_array('SHA512', $hash_algos)) {
$hashes[] = 512;
}
if (defined('OPENSSL_KEYTYPE_RSA')) {
foreach ($hashes as $size) {
$results[] = 'RS' . $size;
}
}
if (defined('OPENSSL_KEYTYPE_EC')) {
foreach ($hashes as $size) {
$results[] = 'ES' . $size;
}
}
return $results;
}
/**
* @throws \RuntimeException
*/
private function ensureSupport()
{
if (!function_exists('openssl_sign')) {
throw new \RuntimeException('Openssl is required to use RSA encryption.');
}
if (!in_array($this->getAlgorithm(), openssl_get_md_methods(true))) {
throw new \RuntimeException('Algorithm "%s" is not supported.', $this->getAlgorithm());
}
}
/**
* @return string
* @throws EncryptionNotSupported
*/
protected function getOpenSSLAlgorithm()
{
$algorithms = openssl_get_md_methods();
$algorithm = $this->getAlgorithm();
if (in_array($algorithm, $algorithms) === false) {
throw new EncryptionNotSupported("Algorithm {$algorithm} is not supported.");
}
return $algorithm;
}
/**
* @throws \RuntimeException
*/
public function ensureSupport()
{
if (!function_exists('openssl_sign')) {
throw new \RuntimeException('Openssl is required to use RSA encryption.');
}
$supportedAlgorithms = openssl_get_md_methods(true);
if (!in_array($this->getAlgorithm(), $supportedAlgorithms)) {
throw new \RuntimeException('Algorithm "%s" is not supported on this system.', $this->getAlgorithm());
}
}
private function getFavorite()
{
if (null !== $this->favorite) {
return $this->favorite;
}
if (function_exists('hash_algos') && in_array($this->type, hash_algos(), true)) {
return $this->favorite = 'hash';
}
if (function_exists('openssl_get_md_methods') && in_array($this->type, openssl_get_md_methods(), true)) {
return $this->favorite = 'openssl';
}
}
/**
* @return boolean
*/
private static function isAlgorithmSupported($algorithm)
{
if (!self::$supportedAlgorithms) {
$supportedAlgorithms = openssl_get_md_methods(true);
$constants = array('OPENSSL_ALGO_DSS1', 'OPENSSL_ALGO_SHA1', 'OPENSSL_ALGO_SHA224', 'OPENSSL_ALGO_SHA256', 'OPENSSL_ALGO_SHA384', 'OPENSSL_ALGO_SHA512', 'OPENSSL_ALGO_RMD160', 'OPENSSL_ALGO_MD5', 'OPENSSL_ALGO_MD4', 'OPENSSL_ALGO_MD2');
foreach ($constants as $constant) {
if (defined($constant)) {
$supportedAlgorithms[] = constant($constant);
}
}
self::$supportedAlgorithms = $supportedAlgorithms;
}
return in_array($algorithm, self::$supportedAlgorithms);
}
protected function getHashSelect($name)
{
$select = new \Zend\Form\Element\Select($name);
$select->setAttributes(array('id' => $name));
$select->setLabel('Digest Algorithm');
$select->setEmptyOption('-- Select Digest Algorithm --');
$algos = openssl_get_md_methods();
$hashes = array();
foreach ($algos as $hash) {
$upper = strtoupper($hash);
if (defined('OPENSSL_ALGO_' . $upper)) {
$hashes[$upper] = $upper;
}
}
$select->setValueOptions($hashes);
$select->setValue('SHA1');
return $select;
}
public function __construct()
{
global $mtlda, $config;
if (!$config->isPdfSigningEnabled()) {
static::raiseError("PdfSigningController, pdf_signing not enabled in config.ini!");
return false;
}
if (!($this->pdf_cfg = $config->getPdfSigningConfiguration())) {
static::raiseError("PdfSigningController, pdf_signing enabled but no valid [pdf_signing] section found!");
return false;
}
if (!($this->tsp_cfg = $config->getTimestampConfiguration())) {
$this->tsp_cfg = array('tsp_algorithm' => 'SHA256');
}
if (!isset($this->pdf_cfg['signature_algorithm']) || empty($this->pdf_cfg['signature_algorithm'])) {
$this->pdf_cfg['signature_algorithm'] = 'SHA256';
}
// check if tsp algorithm is supported by the local OpenSSL installation
if (!preg_match('/^SHA(1|256)$/', $this->tsp_cfg['tsp_algorithm'])) {
static::raiseError("TSP algorithm {$this->tsp_cfg['tsp_algorithm']} is not supported!");
return false;
}
$supported_alg = openssl_get_md_methods(true);
if (empty($supported_alg) || !is_array($supported_alg)) {
static::raiseError("Unable to retrive supported digest algorithms via openssl_get_md_methods()!");
return false;
}
$this->tsp_digest_algorithm = strtolower($this->tsp_cfg['tsp_algorithm']) . 'WithRSAEncryption';
if (!in_array($this->tsp_digest_algorithm, $supported_alg)) {
static::raiseError("OpenSSL installation does not support {$this->tsp_digest_algorithm} digest algorithm!");
return false;
}
$fields = array('author', 'location', 'reason', 'contact', 'certificate', 'private_key');
foreach ($fields as $field) {
if (!isset($this->pdf_cfg[$field]) || empty($this->pdf_cfg[$field])) {
static::raiseError("PdfSigningController, {$field} not found in section [pdf_signing]!");
return false;
}
}
}
protected function execute(InputInterface $input, OutputInterface $output)
{
$config = Factory::createConfig();
if ($config->get('disable-tls') === true) {
$baseUrl = 'http://' . self::HOMEPAGE;
} else {
$baseUrl = 'https://' . self::HOMEPAGE;
}
$io = $this->getIO();
$remoteFilesystem = Factory::createRemoteFilesystem($io, $config);
$versionsUtil = new Versions($config, $remoteFilesystem);
// switch channel if requested
foreach (array('stable', 'preview', 'snapshot') as $channel) {
if ($input->getOption($channel)) {
$versionsUtil->setChannel($channel);
}
}
$cacheDir = $config->get('cache-dir');
$rollbackDir = $config->get('data-dir');
$home = $config->get('home');
$localFilename = realpath($_SERVER['argv'][0]) ?: $_SERVER['argv'][0];
if ($input->getOption('update-keys')) {
return $this->fetchKeys($io, $config);
}
// check if current dir is writable and if not try the cache dir from settings
$tmpDir = is_writable(dirname($localFilename)) ? dirname($localFilename) : $cacheDir;
// check for permissions in local filesystem before start connection process
if (!is_writable($tmpDir)) {
throw new FilesystemException('Composer update failed: the "' . $tmpDir . '" directory used to download the temp file could not be written');
}
if ($input->getOption('rollback')) {
return $this->rollback($output, $rollbackDir, $localFilename);
}
$latest = $versionsUtil->getLatest();
$latestVersion = $latest['version'];
$updateVersion = $input->getArgument('version') ?: $latestVersion;
if (preg_match('{^[0-9a-f]{40}$}', $updateVersion) && $updateVersion !== $latestVersion) {
$io->writeError('<error>You can not update to a specific SHA-1 as those phars are not available for download</error>');
return 1;
}
if (Composer::VERSION === $updateVersion) {
$io->writeError('<info>You are already using composer version ' . $updateVersion . '.</info>');
// remove all backups except for the most recent, if any
if ($input->getOption('clean-backups')) {
$this->cleanBackups($rollbackDir, $this->getLastBackupVersion($rollbackDir));
}
return 0;
}
$tempFilename = $tmpDir . '/' . basename($localFilename, '.phar') . '-temp.phar';
$backupFile = sprintf('%s/%s-%s%s', $rollbackDir, strtr(Composer::RELEASE_DATE, ' :', '_-'), preg_replace('{^([0-9a-f]{7})[0-9a-f]{33}$}', '$1', Composer::VERSION), self::OLD_INSTALL_EXT);
$updatingToTag = !preg_match('{^[0-9a-f]{40}$}', $updateVersion);
$io->write(sprintf("Updating to version <info>%s</info>.", $updateVersion));
$remoteFilename = $baseUrl . ($updatingToTag ? "/download/{$updateVersion}/composer.phar" : '/composer.phar');
$signature = $remoteFilesystem->getContents(self::HOMEPAGE, $remoteFilename . '.sig', false);
$remoteFilesystem->copy(self::HOMEPAGE, $remoteFilename, $tempFilename, !$input->getOption('no-progress'));
if (!file_exists($tempFilename) || !$signature) {
$io->writeError('<error>The download of the new composer version failed for an unexpected reason</error>');
return 1;
}
// verify phar signature
if (!extension_loaded('openssl') && $config->get('disable-tls')) {
$io->writeError('<warning>Skipping phar signature verification as you have disabled OpenSSL via config.disable-tls</warning>');
} else {
if (!extension_loaded('openssl')) {
throw new \RuntimeException('The openssl extension is required for phar signatures to be verified but it is not available. ' . 'If you can not enable the openssl extension, you can disable this error, at your own risk, by setting the \'disable-tls\' option to true.');
}
$sigFile = 'file://' . $home . '/' . ($updatingToTag ? 'keys.tags.pub' : 'keys.dev.pub');
if (!file_exists($sigFile)) {
file_put_contents($home . '/keys.dev.pub', <<<DEVPUBKEY
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnBDHjZS6e0ZMoK3xTD7f
FNCzlXjX/Aie2dit8QXA03pSrOTbaMnxON3hUL47Lz3g1SC6YJEMVHr0zYq4elWi
i3ecFEgzLcj+pZM5X6qWu2Ozz4vWx3JYo1/a/HYdOuW9e3lwS8VtS0AVJA+U8X0A
hZnBmGpltHhO8hPKHgkJtkTUxCheTcbqn4wGHl8Z2SediDcPTLwqezWKUfrYzu1f
o/j3WFwFs6GtK4wdYtiXr+yspBZHO3y1udf8eFFGcb2V3EaLOrtfur6XQVizjOuk
8lw5zzse1Qp/klHqbDRsjSzJ6iL6F4aynBc6Euqt/8ccNAIz0rLjLhOraeyj4eNn
8iokwMKiXpcrQLTKH+RH1JCuOVxQ436bJwbSsp1VwiqftPQieN+tzqy+EiHJJmGf
TBAbWcncicCk9q2md+AmhNbvHO4PWbbz9TzC7HJb460jyWeuMEvw3gNIpEo2jYa9
pMV6cVqnSa+wOc0D7pC9a6bne0bvLcm3S+w6I5iDB3lZsb3A9UtRiSP7aGSo7D72
8tC8+cIgZcI7k9vjvOqH+d7sdOU2yPCnRY6wFh62/g8bDnUpr56nZN1G89GwM4d4
r/TU7BQQIzsZgAiqOGXvVklIgAMiV0iucgf3rNBLjjeNEwNSTTG9F0CtQ+7JLwaE
wSEuAuRm+pRqi8BRnQ/GKUcCAwEAAQ==
-----END PUBLIC KEY-----
DEVPUBKEY
);
file_put_contents($home . '/keys.tags.pub', <<<TAGSPUBKEY
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0Vi/2K6apCVj76nCnCl2
MQUPdK+A9eqkYBacXo2wQBYmyVlXm2/n/ZsX6pCLYPQTHyr5jXbkQzBw8SKqPdlh
vA7NpbMeNCz7wP/AobvUXM8xQuXKbMDTY2uZ4O7sM+PfGbptKPBGLe8Z8d2sUnTO
bXtX6Lrj13wkRto7st/w/Yp33RHe9SlqkiiS4MsH1jBkcIkEHsRaveZzedUaxY0M
mba0uPhGUInpPzEHwrYqBBEtWvP97t2vtfx8I5qv28kh0Y6t+jnjL1Urid2iuQZf
noCMFIOu4vksK5HxJxxrN0GOmGmwVQjOOtxkwikNiotZGPR4KsVj8NnBrLX7oGuM
nQvGciiu+KoC2r3HDBrpDeBVdOWxDzT5R4iI0KoLzFh2pKqwbY+obNPS2bj+2dgJ
rV3V5Jjry42QOCBN3c88wU1PKftOLj2ECpewY6vnE478IipiEu7EAdK8Zwj2LmTr
RKQUSa9k7ggBkYZWAeO/2Ag0ey3g2bg7eqk+sHEq5ynIXd5lhv6tC5PBdHlWipDK
tl2IxiEnejnOmAzGVivE1YGduYBjN+mjxDVy8KGBrjnz1JPgAvgdwJ2dYw4Rsc/e
TzCFWGk/HM6a4f0IzBWbJ5ot0PIi4amk07IotBXDWwqDiQTwyuGCym5EqWQ2BD95
RGv89BPD+2DLnJysngsvVaUCAwEAAQ==
-----END PUBLIC KEY-----
TAGSPUBKEY
);
}
$pubkeyid = openssl_pkey_get_public($sigFile);
$algo = defined('OPENSSL_ALGO_SHA384') ? OPENSSL_ALGO_SHA384 : 'SHA384';
if (!in_array('SHA384', openssl_get_md_methods())) {
throw new \RuntimeException('SHA384 is not supported by your openssl extension, could not verify the phar file integrity');
}
$signature = json_decode($signature, true);
$signature = base64_decode($signature['sha384']);
$verified = 1 === openssl_verify(file_get_contents($tempFilename), $signature, $pubkeyid, $algo);
openssl_free_key($pubkeyid);
if (!$verified) {
throw new \RuntimeException('The phar signature did not match the file you downloaded, this means your public keys are outdated or that the phar file is corrupt/has been modified');
}
}
// remove saved installations of composer
if ($input->getOption('clean-backups')) {
$this->cleanBackups($rollbackDir);
}
if ($err = $this->setLocalPhar($localFilename, $tempFilename, $backupFile)) {
@unlink($tempFilename);
$io->writeError('<error>The file is corrupted (' . $err->getMessage() . ').</error>');
$io->writeError('<error>Please re-run the self-update command to try again.</error>');
return 1;
}
if (file_exists($backupFile)) {
$io->writeError('Use <info>composer self-update --rollback</info> to return to version ' . Composer::VERSION);
} else {
$io->writeError('<warning>A backup of the current version could not be written to ' . $backupFile . ', no rollback possible</warning>');
}
}
<?php $digests = openssl_get_md_methods(); $digests_and_aliases = openssl_get_md_methods(true); $digest_aliases = array_diff($digests_and_aliases, $digests); print_r($digests); print_r($digest_aliases);
/**
* installs composer to the current working directory
*/
function installComposer($version, $installDir, $filename, $quiet, $disableTls, $cafile, $channel)
{
$installPath = (is_dir($installDir) ? rtrim($installDir, '/') . '/' : '') . $filename;
$installDir = realpath($installDir) ? realpath($installDir) : getcwd();
$file = $installDir . DIRECTORY_SEPARATOR . $filename;
if (is_readable($file)) {
@unlink($file);
}
$home = getHomeDir();
file_put_contents($home . '/keys.dev.pub', <<<DEVPUBKEY
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnBDHjZS6e0ZMoK3xTD7f
FNCzlXjX/Aie2dit8QXA03pSrOTbaMnxON3hUL47Lz3g1SC6YJEMVHr0zYq4elWi
i3ecFEgzLcj+pZM5X6qWu2Ozz4vWx3JYo1/a/HYdOuW9e3lwS8VtS0AVJA+U8X0A
hZnBmGpltHhO8hPKHgkJtkTUxCheTcbqn4wGHl8Z2SediDcPTLwqezWKUfrYzu1f
o/j3WFwFs6GtK4wdYtiXr+yspBZHO3y1udf8eFFGcb2V3EaLOrtfur6XQVizjOuk
8lw5zzse1Qp/klHqbDRsjSzJ6iL6F4aynBc6Euqt/8ccNAIz0rLjLhOraeyj4eNn
8iokwMKiXpcrQLTKH+RH1JCuOVxQ436bJwbSsp1VwiqftPQieN+tzqy+EiHJJmGf
TBAbWcncicCk9q2md+AmhNbvHO4PWbbz9TzC7HJb460jyWeuMEvw3gNIpEo2jYa9
pMV6cVqnSa+wOc0D7pC9a6bne0bvLcm3S+w6I5iDB3lZsb3A9UtRiSP7aGSo7D72
8tC8+cIgZcI7k9vjvOqH+d7sdOU2yPCnRY6wFh62/g8bDnUpr56nZN1G89GwM4d4
r/TU7BQQIzsZgAiqOGXvVklIgAMiV0iucgf3rNBLjjeNEwNSTTG9F0CtQ+7JLwaE
wSEuAuRm+pRqi8BRnQ/GKUcCAwEAAQ==
-----END PUBLIC KEY-----
DEVPUBKEY
);
file_put_contents($home . '/keys.tags.pub', <<<TAGSPUBKEY
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0Vi/2K6apCVj76nCnCl2
MQUPdK+A9eqkYBacXo2wQBYmyVlXm2/n/ZsX6pCLYPQTHyr5jXbkQzBw8SKqPdlh
vA7NpbMeNCz7wP/AobvUXM8xQuXKbMDTY2uZ4O7sM+PfGbptKPBGLe8Z8d2sUnTO
bXtX6Lrj13wkRto7st/w/Yp33RHe9SlqkiiS4MsH1jBkcIkEHsRaveZzedUaxY0M
mba0uPhGUInpPzEHwrYqBBEtWvP97t2vtfx8I5qv28kh0Y6t+jnjL1Urid2iuQZf
noCMFIOu4vksK5HxJxxrN0GOmGmwVQjOOtxkwikNiotZGPR4KsVj8NnBrLX7oGuM
nQvGciiu+KoC2r3HDBrpDeBVdOWxDzT5R4iI0KoLzFh2pKqwbY+obNPS2bj+2dgJ
rV3V5Jjry42QOCBN3c88wU1PKftOLj2ECpewY6vnE478IipiEu7EAdK8Zwj2LmTr
RKQUSa9k7ggBkYZWAeO/2Ag0ey3g2bg7eqk+sHEq5ynIXd5lhv6tC5PBdHlWipDK
tl2IxiEnejnOmAzGVivE1YGduYBjN+mjxDVy8KGBrjnz1JPgAvgdwJ2dYw4Rsc/e
TzCFWGk/HM6a4f0IzBWbJ5ot0PIi4amk07IotBXDWwqDiQTwyuGCym5EqWQ2BD95
RGv89BPD+2DLnJysngsvVaUCAwEAAQ==
-----END PUBLIC KEY-----
TAGSPUBKEY
);
if (false === $disableTls && empty($cafile) && !HttpClient::getSystemCaRootBundlePath()) {
$errorHandler = new ErrorHandler();
set_error_handler(array($errorHandler, 'handleError'));
$target = $home . '/cacert.pem';
$write = file_put_contents($target, HttpClient::getPackagedCaFile(), LOCK_EX);
@chmod($target, 0644);
restore_error_handler();
if (!$write) {
throw new RuntimeException('Unable to write bundled cacert.pem to: ' . $target);
}
$cafile = $target;
}
$httpClient = new HttpClient($disableTls, $cafile);
$uriScheme = false === $disableTls ? 'https' : 'http';
if (!$version) {
$versions = json_decode($httpClient->get($uriScheme . '://getcomposer.org/versions'), true);
foreach ($versions[$channel] as $candidate) {
if ($candidate['min-php'] <= PHP_VERSION_ID) {
$version = $candidate['version'];
$downloadUrl = $candidate['path'];
break;
}
}
if (!$version) {
throw new RuntimeException('There is no version of Composer available for your PHP version (' . PHP_VERSION . ')');
}
} else {
$downloadUrl = "/download/{$version}/composer.phar";
}
$retries = 3;
while ($retries--) {
if (!$quiet) {
out("Downloading {$version}...", 'info');
}
$url = "{$uriScheme}://getcomposer.org{$downloadUrl}";
$errorHandler = new ErrorHandler();
set_error_handler(array($errorHandler, 'handleError'));
// download signature file
if (false === $disableTls) {
$signature = $httpClient->get($url . '.sig');
if (!$signature) {
out('Download failed: ' . $errorHandler->message, 'error');
} else {
$signature = json_decode($signature, true);
$signature = base64_decode($signature['sha384']);
}
}
$fh = fopen($file, 'w');
if (!$fh) {
out('Could not create file ' . $file . ': ' . $errorHandler->message, 'error');
}
if (!fwrite($fh, $httpClient->get($url))) {
out('Download failed: ' . $errorHandler->message, 'error');
}
fclose($fh);
restore_error_handler();
if ($errorHandler->message) {
continue;
}
try {
// create a temp file ending in .phar since the Phar class only accepts that
if ('.phar' !== substr($file, -5)) {
copy($file, $file . '.tmp.phar');
$pharFile = $file . '.tmp.phar';
} else {
$pharFile = $file;
}
// verify signature
if (false === $disableTls) {
$pubkeyid = openssl_pkey_get_public('file://' . $home . '/' . (preg_match('{^[0-9a-f]{40}$}', $version) ? 'keys.dev.pub' : 'keys.tags.pub'));
$algo = defined('OPENSSL_ALGO_SHA384') ? OPENSSL_ALGO_SHA384 : 'SHA384';
if (!in_array('SHA384', openssl_get_md_methods())) {
out('SHA384 is not supported by your openssl extension, could not verify the phar file integrity', 'error');
exit(1);
}
$verified = 1 === openssl_verify(file_get_contents($file), $signature, $pubkeyid, $algo);
openssl_free_key($pubkeyid);
if (!$verified) {
out('Signature mismatch, could not verify the phar file integrity', 'error');
exit(1);
}
}
// test the phar validity
if (!ini_get('phar.readonly')) {
$phar = new Phar($pharFile);
// free the variable to unlock the file
unset($phar);
}
// clean up temp file if needed
if ($file !== $pharFile) {
unlink($pharFile);
}
break;
} catch (Exception $e) {
if (!$e instanceof UnexpectedValueException && !$e instanceof PharException) {
throw $e;
}
// clean up temp file if needed
if ($file !== $pharFile) {
unlink($pharFile);
}
unlink($file);
if ($retries) {
if (!$quiet) {
out('The download is corrupt, retrying...', 'error');
}
} else {
out('The download is corrupt (' . $e->getMessage() . '), aborting.', 'error');
exit(1);
}
}
}
if ($errorHandler->message) {
out('The download failed repeatedly, aborting.', 'error');
exit(1);
}
chmod($file, 0755);
if (!$quiet) {
out(PHP_EOL . "Composer successfully installed to: " . $file, 'success', false);
out(PHP_EOL . "Use it: php {$installPath}", 'info');
}
}
public static function getMdMethods($aliases = false)
{
return openssl_get_md_methods($aliases);
}
/**
* Set hash algorithm
*
* @param string $name
* @throws InvalidArgumentException
*/
public function setHashAlgorithm($name)
{
switch (strtolower($name)) {
case 'md2':
// check if md2 digest is enabled on openssl just for backwards compatibility
$digests = openssl_get_md_methods();
if (!in_array(strtoupper($name), $digests)) {
throw new InvalidArgumentException('Openssl md2 digest is not enabled (deprecated)');
}
$this->_hashAlgorithm = OPENSSL_ALGO_MD2;
break;
case 'md4':
$this->_hashAlgorithm = OPENSSL_ALGO_MD4;
break;
case 'md5':
$this->_hashAlgorithm = OPENSSL_ALGO_MD5;
break;
case 'sha1':
$this->_hashAlgorithm = OPENSSL_ALGO_SHA1;
break;
case 'dss1':
$this->_hashAlgorithm = OPENSSL_ALGO_DSS1;
break;
}
}
/**
* @param bool $aliases
*
* @return array
*/
public static function getDigestMethods(bool $aliases = FALSE) : array
{
return openssl_get_md_methods($aliases);
}
/**
* Generate a DKIM signature.
* @access public
* @param string $signHeader
* @throws phpmailerException
* @return string The DKIM signature value
*/
public function DKIM_Sign($signHeader)
{
if (!defined('PKCS7_TEXT')) {
if ($this->exceptions) {
throw new phpmailerException($this->lang('extension_missing') . 'openssl');
}
return '';
}
$privKeyStr = file_get_contents($this->DKIM_private);
if ('' != $this->DKIM_passphrase) {
$privKey = openssl_pkey_get_private($privKeyStr, $this->DKIM_passphrase);
} else {
$privKey = openssl_pkey_get_private($privKeyStr);
}
//Workaround for missing digest algorithms in old PHP & OpenSSL versions
//@link http://stackoverflow.com/a/11117338/333340
if (version_compare(PHP_VERSION, '5.3.0') >= 0 and in_array('sha256WithRSAEncryption', openssl_get_md_methods(true))) {
if (openssl_sign($signHeader, $signature, $privKey, 'sha256WithRSAEncryption')) {
openssl_pkey_free($privKey);
return base64_encode($signature);
}
} else {
$pinfo = openssl_pkey_get_details($privKey);
$hash = hash('sha256', $signHeader);
//'Magic' constant for SHA256 from RFC3447
//@link https://tools.ietf.org/html/rfc3447#page-43
$t = '3031300d060960864801650304020105000420' . $hash;
$pslen = $pinfo['bits'] / 8 - (strlen($t) / 2 + 3);
$eb = pack('H*', '0001' . str_repeat('FF', $pslen) . '00' . $t);
if (openssl_private_encrypt($eb, $signature, $privKey, OPENSSL_NO_PADDING)) {
openssl_pkey_free($privKey);
return base64_encode($signature);
}
}
openssl_pkey_free($privKey);
return '';
}
<?php
$test_values = array(OPENSSL_ALGO_SHA1, OPENSSL_ALGO_MD5, OPENSSL_ALGO_MD4);
function run_test($value)
{
$data = 'DATA TO SIGN';
$signature = 'SIGNATURE';
$key = openssl_pkey_new();
$private_key = openssl_get_privatekey($key);
$public_key = openssl_pkey_get_details($key)['key'];
try {
var_dump(openssl_sign($data, $signature, $private_key, $value));
} catch (Exception $e) {
echo $e->getMessage() . "\n";
}
try {
var_dump(openssl_verify($data, $signature, $public_key, $value));
} catch (Exception $e) {
echo $e->getMessage() . "\n";
}
openssl_free_key($key);
}
$test_values = array_merge($test_values, openssl_get_md_methods());
foreach ($test_values as $test_value) {
run_test($test_value);
}
/**
* PBKDF2 key derivation function as defined by RSA's PKCS #5: https://www.ietf.org/rfc/rfc2898.txt.
*
* Test vectors can be found here: https://www.ietf.org/rfc/rfc6070.txt
*
* This implementation of PBKDF2 was originally created by https://defuse.ca
* With improvements by http://www.variations-of-shadow.com
*
* @param string $password the password
* @param string $salt a salt that is unique to the password
* @param string $keyLength the length of the derived key in bytes
* @param string $count iteration count. Higher is better, but slower. Recommended: At least 1000
* @param string $algorithm the hash algorithm to use. Recommended: SHA256
* @param string $binaryUnsafe if true, the key is returned in raw binary format. Hex encoded otherwise
*
* @return string the key derived from the password and salt
*
* @throws \InvalidArgumentException invalid arguments have been passed
* @throws HashingException the error occurred while generating the requested hashing algorithm
*/
public static function pbkdf2($password, $salt, $keyLength, $count, $algorithm = self::SHA1, $binaryUnsafe = false)
{
if (!is_integer($count) || $count <= 0) {
throw new \InvalidArgumentException('The iteration number for the PBKDF2 function must be a positive non-zero integer', 2);
}
if (!is_integer($keyLength) || $keyLength <= 0) {
throw new \InvalidArgumentException('The resulting key length for the PBKDF2 function must be a positive non-zero integer', 2);
}
if (!is_string($algorithm) || strlen($algorithm) <= 0) {
throw new \InvalidArgumentException('The hashing algorithm for the PBKDF2 function must be a non-empty string', 2);
}
//an algorithm is represented as a string of only lowercase chars
$algorithm = strtolower($algorithm);
//the raw output of the max legth (beyond the $keyLength algorithm)
$output = '';
if (function_exists('openssl_pbkdf2')) {
/* execute the native openssl_pbkdf2 */
//check if the algorithm is valid
if (!in_array($algorithm, openssl_get_md_methods(true), true)) {
throw new HashingException('Invalid algorithm: the choosen algorithm is not valid for the PBKDF2 function', 2);
}
$output = openssl_pbkdf2($password, $salt, $keyLength, $count, $algorithm);
} elseif (function_exists('hash_pbkdf2')) {
/* execute the native hash_pbkdf2 */
//check if the algorithm is valid
if (!in_array($algorithm, hash_algos(), true)) {
throw new HashingException('Invalid algorithm: the choosen algorithm is not valid for the PBKDF2 function', 2);
}
// The output length is in NIBBLES (4-bits) if $binaryUnsafe is false!
if (!$binaryUnsafe) {
$keyLength = $keyLength * 2;
}
return hash_pbkdf2($algorithm, $password, $salt, $count, $keyLength, $binaryUnsafe);
} else {
/* use an hack to emulate openssl_pbkdf2 */
//check if the algorithm is valid
if (!in_array($algorithm, hash_algos(), true)) {
throw new HashingException('Invalid algorithm: the choosen algorithm is not valid for the PBKDF2 function', 2);
}
$hashLength = strlen(hash($algorithm, '', true));
$blockCount = ceil($keyLength / $hashLength);
for ($i = 1; $i <= $blockCount; ++$i) {
// $i encoded as 4 bytes, big endian.
$last = $salt . pack('N', $i);
// first iteration
$last = $xorsum = hash_hmac($algorithm, $last, $password, true);
// perform the other $count - 1 iterations
for ($j = 1; $j < $count; ++$j) {
$xorsum ^= $last = hash_hmac($algorithm, $last, $password, true);
}
$output .= $xorsum;
}
}
return $binaryUnsafe ? substr($output, 0, $keyLength) : bin2hex(substr($output, 0, $keyLength));
}
