Пример #1
0
 /**
  * Convert a private key to the appropriate format.
  *
  * @access private
  * @see setPrivateKeyFormat()
  * @param String $RSAPrivateKey
  * @return String
  */
 function _convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients)
 {
     $signed = $this->privateKeyFormat != self::PRIVATE_FORMAT_XML;
     $num_primes = count($primes);
     $raw = array('version' => $num_primes == 2 ? chr(0) : chr(1), 'modulus' => $n->toBytes($signed), 'publicExponent' => $e->toBytes($signed), 'privateExponent' => $d->toBytes($signed), 'prime1' => $primes[1]->toBytes($signed), 'prime2' => $primes[2]->toBytes($signed), 'exponent1' => $exponents[1]->toBytes($signed), 'exponent2' => $exponents[2]->toBytes($signed), 'coefficient' => $coefficients[2]->toBytes($signed));
     // if the format in question does not support multi-prime rsa and multi-prime rsa was used,
     // call _convertPublicKey() instead.
     switch ($this->privateKeyFormat) {
         case self::PRIVATE_FORMAT_XML:
             if ($num_primes != 2) {
                 return false;
             }
             return "<RSAKeyValue>\r\n" . '  <Modulus>' . base64_encode($raw['modulus']) . "</Modulus>\r\n" . '  <Exponent>' . base64_encode($raw['publicExponent']) . "</Exponent>\r\n" . '  <P>' . base64_encode($raw['prime1']) . "</P>\r\n" . '  <Q>' . base64_encode($raw['prime2']) . "</Q>\r\n" . '  <DP>' . base64_encode($raw['exponent1']) . "</DP>\r\n" . '  <DQ>' . base64_encode($raw['exponent2']) . "</DQ>\r\n" . '  <InverseQ>' . base64_encode($raw['coefficient']) . "</InverseQ>\r\n" . '  <D>' . base64_encode($raw['privateExponent']) . "</D>\r\n" . '</RSAKeyValue>';
             break;
         case self::PRIVATE_FORMAT_PUTTY:
             if ($num_primes != 2) {
                 return false;
             }
             $key = "PuTTY-User-Key-File-2: ssh-rsa\r\nEncryption: ";
             $encryption = !empty($this->password) || is_string($this->password) ? 'aes256-cbc' : 'none';
             $key .= $encryption;
             $key .= "\r\nComment: " . $this->comment . "\r\n";
             $public = pack('Na*Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($raw['publicExponent']), $raw['publicExponent'], strlen($raw['modulus']), $raw['modulus']);
             $source = pack('Na*Na*Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($encryption), $encryption, strlen($this->comment), $this->comment, strlen($public), $public);
             $public = base64_encode($public);
             $key .= "Public-Lines: " . (strlen($public) + 63 >> 6) . "\r\n";
             $key .= chunk_split($public, 64);
             $private = pack('Na*Na*Na*Na*', strlen($raw['privateExponent']), $raw['privateExponent'], strlen($raw['prime1']), $raw['prime1'], strlen($raw['prime2']), $raw['prime2'], strlen($raw['coefficient']), $raw['coefficient']);
             if (empty($this->password) && !is_string($this->password)) {
                 $source .= pack('Na*', strlen($private), $private);
                 $hashkey = 'putty-private-key-file-mac-key';
             } else {
                 $private .= Random::string(16 - (strlen($private) & 15));
                 $source .= pack('Na*', strlen($private), $private);
                 $sequence = 0;
                 $symkey = '';
                 while (strlen($symkey) < 32) {
                     $temp = pack('Na*', $sequence++, $this->password);
                     $symkey .= pack('H*', sha1($temp));
                 }
                 $symkey = substr($symkey, 0, 32);
                 $crypto = new AES();
                 $crypto->setKey($symkey);
                 $crypto->disablePadding();
                 $private = $crypto->encrypt($private);
                 $hashkey = 'putty-private-key-file-mac-key' . $this->password;
             }
             $private = base64_encode($private);
             $key .= 'Private-Lines: ' . (strlen($private) + 63 >> 6) . "\r\n";
             $key .= chunk_split($private, 64);
             $hash = new Hash('sha1');
             $hash->setKey(pack('H*', sha1($hashkey)));
             $key .= 'Private-MAC: ' . bin2hex($hash->hash($source)) . "\r\n";
             return $key;
         default:
             // eg. self::PRIVATE_FORMAT_PKCS1
             $components = array();
             foreach ($raw as $name => $value) {
                 $components[$name] = pack('Ca*a*', self::ASN1_INTEGER, $this->_encodeLength(strlen($value)), $value);
             }
             $RSAPrivateKey = implode('', $components);
             if ($num_primes > 2) {
                 $OtherPrimeInfos = '';
                 for ($i = 3; $i <= $num_primes; $i++) {
                     // OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo
                     //
                     // OtherPrimeInfo ::= SEQUENCE {
                     //     prime             INTEGER,  -- ri
                     //     exponent          INTEGER,  -- di
                     //     coefficient       INTEGER   -- ti
                     // }
                     $OtherPrimeInfo = pack('Ca*a*', self::ASN1_INTEGER, $this->_encodeLength(strlen($primes[$i]->toBytes(true))), $primes[$i]->toBytes(true));
                     $OtherPrimeInfo .= pack('Ca*a*', self::ASN1_INTEGER, $this->_encodeLength(strlen($exponents[$i]->toBytes(true))), $exponents[$i]->toBytes(true));
                     $OtherPrimeInfo .= pack('Ca*a*', self::ASN1_INTEGER, $this->_encodeLength(strlen($coefficients[$i]->toBytes(true))), $coefficients[$i]->toBytes(true));
                     $OtherPrimeInfos .= pack('Ca*a*', self::ASN1_SEQUENCE, $this->_encodeLength(strlen($OtherPrimeInfo)), $OtherPrimeInfo);
                 }
                 $RSAPrivateKey .= pack('Ca*a*', self::ASN1_SEQUENCE, $this->_encodeLength(strlen($OtherPrimeInfos)), $OtherPrimeInfos);
             }
             $RSAPrivateKey = pack('Ca*a*', self::ASN1_SEQUENCE, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey);
             if ($this->privateKeyFormat == self::PRIVATE_FORMAT_PKCS8) {
                 $rsaOID = pack('H*', '300d06092a864886f70d0101010500');
                 // hex version of MA0GCSqGSIb3DQEBAQUA
                 $RSAPrivateKey = pack('Ca*a*Ca*a*', self::ASN1_INTEGER, "", $rsaOID, 4, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey);
                 $RSAPrivateKey = pack('Ca*a*', self::ASN1_SEQUENCE, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey);
                 if (!empty($this->password) || is_string($this->password)) {
                     $salt = Random::string(8);
                     $iterationCount = 2048;
                     $crypto = new DES();
                     $crypto->setPassword($this->password, 'pbkdf1', 'md5', $salt, $iterationCount);
                     $RSAPrivateKey = $crypto->encrypt($RSAPrivateKey);
                     $parameters = pack('Ca*a*Ca*N', self::ASN1_OCTETSTRING, $this->_encodeLength(strlen($salt)), $salt, self::ASN1_INTEGER, $this->_encodeLength(4), $iterationCount);
                     $pbeWithMD5AndDES_CBC = "*†H†÷\r";
                     $encryptionAlgorithm = pack('Ca*a*Ca*a*', self::ASN1_OBJECT, $this->_encodeLength(strlen($pbeWithMD5AndDES_CBC)), $pbeWithMD5AndDES_CBC, self::ASN1_SEQUENCE, $this->_encodeLength(strlen($parameters)), $parameters);
                     $RSAPrivateKey = pack('Ca*a*Ca*a*', self::ASN1_SEQUENCE, $this->_encodeLength(strlen($encryptionAlgorithm)), $encryptionAlgorithm, self::ASN1_OCTETSTRING, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey);
                     $RSAPrivateKey = pack('Ca*a*', self::ASN1_SEQUENCE, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey);
                     $RSAPrivateKey = "-----BEGIN ENCRYPTED PRIVATE KEY-----\r\n" . chunk_split(base64_encode($RSAPrivateKey), 64) . '-----END ENCRYPTED PRIVATE KEY-----';
                 } else {
                     $RSAPrivateKey = "-----BEGIN PRIVATE KEY-----\r\n" . chunk_split(base64_encode($RSAPrivateKey), 64) . '-----END PRIVATE KEY-----';
                 }
                 return $RSAPrivateKey;
             }
             if (!empty($this->password) || is_string($this->password)) {
                 $iv = Random::string(8);
                 $symkey = pack('H*', md5($this->password . $iv));
                 // symkey is short for symmetric key
                 $symkey .= substr(pack('H*', md5($symkey . $this->password . $iv)), 0, 8);
                 $des = new TripleDES();
                 $des->setKey($symkey);
                 $des->setIV($iv);
                 $iv = strtoupper(bin2hex($iv));
                 $RSAPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\r\n" . "Proc-Type: 4,ENCRYPTED\r\n" . "DEK-Info: DES-EDE3-CBC,{$iv}\r\n" . "\r\n" . chunk_split(base64_encode($des->encrypt($RSAPrivateKey)), 64) . '-----END RSA PRIVATE KEY-----';
             } else {
                 $RSAPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\r\n" . chunk_split(base64_encode($RSAPrivateKey), 64) . '-----END RSA PRIVATE KEY-----';
             }
             return $RSAPrivateKey;
     }
 }
Пример #2
0
 /**
  * Convert a private key to the appropriate format.
  *
  * @access private
  * @see setPrivateKeyFormat()
  * @param String $RSAPrivateKey
  * @return String
  */
 function _convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients)
 {
     $num_primes = count($primes);
     $raw = array('version' => $num_primes == 2 ? chr(0) : chr(1), 'modulus' => $n->toBytes(true), 'publicExponent' => $e->toBytes(true), 'privateExponent' => $d->toBytes(true), 'prime1' => $primes[1]->toBytes(true), 'prime2' => $primes[2]->toBytes(true), 'exponent1' => $exponents[1]->toBytes(true), 'exponent2' => $exponents[2]->toBytes(true), 'coefficient' => $coefficients[2]->toBytes(true));
     // if the format in question does not support multi-prime rsa and multi-prime rsa was used,
     // call _convertPublicKey() instead.
     switch ($this->privateKeyFormat) {
         default:
             // eg. RSA_PRIVATE_FORMAT_PKCS1
             $components = array();
             foreach ($raw as $name => $value) {
                 $components[$name] = pack('Ca*a*', RSA_ASN1_INTEGER, $this->_encodeLength(strlen($value)), $value);
             }
             $RSAPrivateKey = implode('', $components);
             if ($num_primes > 2) {
                 $OtherPrimeInfos = '';
                 for ($i = 3; $i <= $num_primes; $i++) {
                     // OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo
                     //
                     // OtherPrimeInfo ::= SEQUENCE {
                     //     prime             INTEGER,  -- ri
                     //     exponent          INTEGER,  -- di
                     //     coefficient       INTEGER   -- ti
                     // }
                     $OtherPrimeInfo = pack('Ca*a*', RSA_ASN1_INTEGER, $this->_encodeLength(strlen($primes[$i]->toBytes(true))), $primes[$i]->toBytes(true));
                     $OtherPrimeInfo .= pack('Ca*a*', RSA_ASN1_INTEGER, $this->_encodeLength(strlen($exponents[$i]->toBytes(true))), $exponents[$i]->toBytes(true));
                     $OtherPrimeInfo .= pack('Ca*a*', RSA_ASN1_INTEGER, $this->_encodeLength(strlen($coefficients[$i]->toBytes(true))), $coefficients[$i]->toBytes(true));
                     $OtherPrimeInfos .= pack('Ca*a*', RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($OtherPrimeInfo)), $OtherPrimeInfo);
                 }
                 $RSAPrivateKey .= pack('Ca*a*', RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($OtherPrimeInfos)), $OtherPrimeInfos);
             }
             $RSAPrivateKey = pack('Ca*a*', RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey);
             if (!empty($this->password)) {
                 $iv = $this->_random(8);
                 $symkey = pack('H*', md5($this->password . $iv));
                 // symkey is short for symmetric key
                 $symkey .= substr(pack('H*', md5($symkey . $this->password . $iv)), 0, 8);
                 if (!class_exists('TripleDES')) {
                     require_once 'Crypt/TripleDES.php';
                 }
                 $des = new TripleDES();
                 $des->setKey($symkey);
                 $des->setIV($iv);
                 $iv = strtoupper(bin2hex($iv));
                 $RSAPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\r\n" . "Proc-Type: 4,ENCRYPTED\r\n" . "DEK-Info: DES-EDE3-CBC,{$iv}\r\n" . "\r\n" . chunk_split(base64_encode($des->encrypt($RSAPrivateKey))) . '-----END RSA PRIVATE KEY-----';
             } else {
                 $RSAPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\r\n" . chunk_split(base64_encode($RSAPrivateKey)) . '-----END RSA PRIVATE KEY-----';
             }
             return $RSAPrivateKey;
     }
 }