Helix SwarmHelix Swarm

Rsa.php

  • //
  • guest/
  • thomas_gray/
  • jambox/
  • main/
  • swarm/
  • library/
  • Zend/
  • Crypt/
  • PublicKey/
  • Rsa.php #1
  • View
  • Commits
  • Open Download .zip Download (10 KB) 
  1. <?php
  2. /**
  3.  * Zend Framework (http://framework.zend.com/)
  4.  *
  5.  * @link      http://github.com/zendframework/zf2 for the canonical source repository
  6.  * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
  7.  * @license   http://framework.zend.com/license/new-bsd New BSD License
  8.  */
  9.  
  10. namespace Zend\Crypt\PublicKey;
  11.  
  12. use Traversable;
  13. use Zend\Crypt\PublicKey\Rsa\Exception;
  14. use Zend\Stdlib\ArrayUtils;
  15.  
  16. /**
  17.  * Implementation of the RSA public key encryption algorithm.
  18.  */
  19. class Rsa
  20. {
  21.     const MODE_AUTO   = 1;
  22.     const MODE_BASE64 = 2;
  23.     const MODE_RAW    = 3;
  24.  
  25.     /**
  26.      * @var RsaOptions
  27.      */
  28.     protected $options = null;
  29.  
  30.     /**
  31.      * RSA instance factory
  32.      *
  33.      * @param  array|Traversable $options
  34.      * @return Rsa
  35.      * @throws Rsa\Exception\RuntimeException
  36.      * @throws Rsa\Exception\InvalidArgumentException
  37.      */
  38.     public static function factory($options)
  39.     {
  40.         if (!extension_loaded('openssl')) {
  41.             throw new Exception\RuntimeException(
  42.                 'Can not create Zend\Crypt\PublicKey\Rsa; openssl extension to be loaded'
  43.             );
  44.         }
  45.  
  46.         if ($options instanceof Traversable) {
  47.             $options = ArrayUtils::iteratorToArray($options);
  48.         } elseif (!is_array($options)) {
  49.             throw new Exception\InvalidArgumentException(
  50.                 'The options parameter must be an array or a Traversable'
  51.             );
  52.         }
  53.  
  54.         $privateKey = null;
  55.         $passPhrase = isset($options['pass_phrase']) ? $options['pass_phrase'] : null;
  56.         if (isset($options['private_key'])) {
  57.             if (is_file($options['private_key'])) {
  58.                 $privateKey = Rsa\PrivateKey::fromFile($options['private_key'], $passPhrase);
  59.             } elseif (is_string($options['private_key'])) {
  60.                 $privateKey = new Rsa\PrivateKey($options['private_key'], $passPhrase);
  61.             } else {
  62.                 throw new Exception\InvalidArgumentException(
  63.                     'Parameter "private_key" must be PEM formatted string or path to key file'
  64.                 );
  65.             }
  66.             unset($options['private_key']);
  67.         }
  68.  
  69.         $publicKey = null;
  70.         if (isset($options['public_key'])) {
  71.             if (is_file($options['public_key'])) {
  72.                 $publicKey = Rsa\PublicKey::fromFile($options['public_key']);
  73.             } elseif (is_string($options['public_key'])) {
  74.                 $publicKey = new Rsa\PublicKey($options['public_key']);
  75.             } else {
  76.                 throw new Exception\InvalidArgumentException(
  77.                     'Parameter "public_key" must be PEM/certificate string or path to key/certificate file'
  78.                 );
  79.             }
  80.             unset($options['public_key']);
  81.         }
  82.  
  83.         $options = new RsaOptions($options);
  84.         if ($privateKey instanceof Rsa\PrivateKey) {
  85.             $options->setPrivateKey($privateKey);
  86.         }
  87.         if ($publicKey instanceof Rsa\PublicKey) {
  88.             $options->setPublicKey($publicKey);
  89.         }
  90.  
  91.         return new Rsa($options);
  92.     }
  93.  
  94.     /**
  95.      * Class constructor
  96.      *
  97.      * @param  RsaOptions $options
  98.      * @throws Rsa\Exception\RuntimeException
  99.      */
  100.     public function __construct(RsaOptions $options = null)
  101.     {
  102.         if (!extension_loaded('openssl')) {
  103.             throw new Exception\RuntimeException(
  104.                 'Zend\Crypt\PublicKey\Rsa requires openssl extension to be loaded'
  105.             );
  106.         }
  107.  
  108.         if ($options === null) {
  109.             $this->options = new RsaOptions();
  110.         } else {
  111.             $this->options = $options;
  112.         }
  113.     }
  114.  
  115.     /**
  116.      * Set options
  117.      *
  118.      * @param RsaOptions $options
  119.      * @return Rsa
  120.      */
  121.     public function setOptions(RsaOptions $options)
  122.     {
  123.         $this->options = $options;
  124.         return $this;
  125.     }
  126.  
  127.     /**
  128.      * Get options
  129.      *
  130.      * @return RsaOptions
  131.      */
  132.     public function getOptions()
  133.     {
  134.         return $this->options;
  135.     }
  136.  
  137.     /**
  138.      * Return last openssl error(s)
  139.      *
  140.      * @return string
  141.      */
  142.     public function getOpensslErrorString()
  143.     {
  144.         $message = '';
  145.         while (false !== ($error = openssl_error_string())) {
  146.             $message .= $error . "\n";
  147.         }
  148.         return trim($message);
  149.     }
  150.  
  151.     /**
  152.      * Sign with private key
  153.      *
  154.      * @param  string     $data
  155.      * @param  Rsa\PrivateKey $privateKey
  156.      * @return string
  157.      * @throws Rsa\Exception\RuntimeException
  158.      */
  159.     public function sign($data, Rsa\PrivateKey $privateKey = null)
  160.     {
  161.         $signature = '';
  162.         if (null === $privateKey) {
  163.             $privateKey = $this->options->getPrivateKey();
  164.         }
  165.  
  166.         $result = openssl_sign(
  167.             $data,
  168.             $signature,
  169.             $privateKey->getOpensslKeyResource(),
  170.             $this->options->getOpensslSignatureAlgorithm()
  171.         );
  172.         if (false === $result) {
  173.             throw new Exception\RuntimeException(
  174.                 'Can not generate signature; openssl ' . $this->getOpensslErrorString()
  175.             );
  176.         }
  177.  
  178.         if ($this->options->getBinaryOutput()) {
  179.             return $signature;
  180.         }
  181.  
  182.         return base64_encode($signature);
  183.     }
  184.  
  185.     /**
  186.      * Verify signature with public key
  187.      *
  188.      * $signature can be encoded in base64 or not. $mode sets how the input must be processed:
  189.      *  - MODE_AUTO: Check if the $signature is encoded in base64. Not recommended for performance.
  190.      *  - MODE_BASE64: Decode $signature using base64 algorithm.
  191.      *  - MODE_RAW: $signature is not encoded.
  192.      *
  193.      * @param  string $data
  194.      * @param  string $signature
  195.      * @param  null|Rsa\PublicKey $publicKey
  196.      * @param  int                $mode Input encoding
  197.      * @return bool
  198.      * @throws Rsa\Exception\RuntimeException
  199.      * @see Rsa::MODE_AUTO
  200.      * @see Rsa::MODE_BASE64
  201.      * @see Rsa::MODE_RAW
  202.      */
  203.     public function verify(
  204.         $data,
  205.         $signature,
  206.         Rsa\PublicKey $publicKey = null,
  207.         $mode = self::MODE_AUTO
  208.     ) {
  209.         if (null === $publicKey) {
  210.             $publicKey = $this->options->getPublicKey();
  211.         }
  212.  
  213.         switch ($mode) {
  214.             case self::MODE_AUTO:
  215.                 // check if data is encoded in Base64
  216.                 $output = base64_decode($signature, true);
  217.                 if ((false !== $output) && ($signature === base64_encode($output))) {
  218.                     $signature = $output;
  219.                 }
  220.                 break;
  221.             case self::MODE_BASE64:
  222.                 $signature = base64_decode($signature);
  223.                 break;
  224.             case self::MODE_RAW:
  225.             default:
  226.                 break;
  227.         }
  228.  
  229.         $result = openssl_verify(
  230.             $data,
  231.             $signature,
  232.             $publicKey->getOpensslKeyResource(),
  233.             $this->options->getOpensslSignatureAlgorithm()
  234.         );
  235.         if (-1 === $result) {
  236.             throw new Exception\RuntimeException(
  237.                 'Can not verify signature; openssl ' . $this->getOpensslErrorString()
  238.             );
  239.         }
  240.  
  241.         return ($result === 1);
  242.     }
  243.  
  244.     /**
  245.      * Encrypt with private/public key
  246.      *
  247.      * @param  string          $data
  248.      * @param  Rsa\AbstractKey $key
  249.      * @return string
  250.      * @throws Rsa\Exception\InvalidArgumentException
  251.      */
  252.     public function encrypt($data, Rsa\AbstractKey $key = null)
  253.     {
  254.         if (null === $key) {
  255.             $key = $this->options->getPublicKey();
  256.         }
  257.  
  258.         if (null === $key) {
  259.             throw new Exception\InvalidArgumentException('No key specified for the decryption');
  260.         }
  261.  
  262.         $encrypted = $key->encrypt($data);
  263.  
  264.         if ($this->options->getBinaryOutput()) {
  265.             return $encrypted;
  266.         }
  267.  
  268.         return base64_encode($encrypted);
  269.     }
  270.  
  271.     /**
  272.      * Decrypt with private/public key
  273.      *
  274.      * $data can be encoded in base64 or not. $mode sets how the input must be processed:
  275.      *  - MODE_AUTO: Check if the $signature is encoded in base64. Not recommended for performance.
  276.      *  - MODE_BASE64: Decode $data using base64 algorithm.
  277.      *  - MODE_RAW: $data is not encoded.
  278.      *
  279.      * @param  string          $data
  280.      * @param  Rsa\AbstractKey $key
  281.      * @param  int             $mode Input encoding
  282.      * @return string
  283.      * @throws Rsa\Exception\InvalidArgumentException
  284.      * @see Rsa::MODE_AUTO
  285.      * @see Rsa::MODE_BASE64
  286.      * @see Rsa::MODE_RAW
  287.      */
  288.     public function decrypt(
  289.         $data,
  290.         Rsa\AbstractKey $key = null,
  291.         $mode = self::MODE_AUTO
  292.     ) {
  293.         if (null === $key) {
  294.             $key = $this->options->getPrivateKey();
  295.         }
  296.  
  297.         if (null === $key) {
  298.             throw new Exception\InvalidArgumentException('No key specified for the decryption');
  299.         }
  300.  
  301.         switch ($mode) {
  302.             case self::MODE_AUTO:
  303.                 // check if data is encoded in Base64
  304.                 $output = base64_decode($data, true);
  305.                 if ((false !== $output) && ($data === base64_encode($output))) {
  306.                     $data = $output;
  307.                 }
  308.                 break;
  309.             case self::MODE_BASE64:
  310.                 $data = base64_decode($data);
  311.                 break;
  312.             case self::MODE_RAW:
  313.             default:
  314.                 break;
  315.         }
  316.  
  317.         return $key->decrypt($data);
  318.     }
  319.  
  320.     /**
  321.      * Generate new private/public key pair
  322.      * @see RsaOptions::generateKeys()
  323.      *
  324.      * @param  array $opensslConfig
  325.      * @return Rsa
  326.      * @throws Rsa\Exception\RuntimeException
  327.      */
  328.     public function generateKeys(array $opensslConfig = array())
  329.     {
  330.         $this->options->generateKeys($opensslConfig);
  331.         return $this;
  332.     }
  333. }
# Change User Description Committed
#1 18334 Liz Lam initial add of jambox 9 years ago