PHPSecLib removed and Support for RSA key without all primes added (#115

)

.travis.yml

@@ -20,9 +20,9 @@ before_script:
     - mkdir -p build/logs
 
 script:
-    - vendor/bin/phpunit --coverage-clover build/logs/clover.xml
+    - vendor/bin/phpunit --verbose --coverage-clover build/logs/clover.xml
 
-after_success:
+after_script:
     - vendor/bin/coveralls --no-interaction
     - php ./examples/Encrypt1.php
     - php ./examples/Encrypt2.php

composer.json

@@ -25,12 +25,11 @@
         }
     },
     "require": {
-        "php": ">=5.6",
+        "php": "^5.6|^7.0",
         "lib-openssl": "*",
         "spomky-labs/base64url": "^1.0",
         "spomky-labs/aes-key-wrap": "^2.0",
         "spomky-labs/php-aes-gcm": "^1.0",
-        "phpseclib/phpseclib": "^2.0",
         "beberlei/assert": "^2.0",
         "symfony/polyfill-mbstring": "^1.1",
         "symfony/polyfill-php70": "^1.1",

src/Algorithm/KeyEncryption/RSA.php

@@ -14,28 +14,43 @@
 use Assert\Assertion;
 use Jose\KeyConverter\RSAKey;
 use Jose\Object\JWKInterface;
-use phpseclib\Crypt\RSA as PHPSecLibRSA;
+use Jose\Util\RSA as JoseRSA;
 
 /**
  * Class RSA.
  */
 abstract class RSA implements KeyEncryptionInterface
 {
+    /**
+     * Optimal Asymmetric Encryption Padding (OAEP).
+     */
+    const ENCRYPTION_OAEP = 1;
+
+    /**
+     * Use PKCS#1 padding.
+     */
+    const ENCRYPTION_PKCS1 = 2;
+
     /**
      * {@inheritdoc}
      */
     public function encryptKey(JWKInterface $key, $cek, array $complete_headers, array &$additional_headers)
     {
         $this->checkKey($key);
 
-        $pem = RSAKey::toPublic(new RSAKey($key))->toPEM();
-        $rsa = $this->getRsaObject();
-        $rsa->loadKey($pem, PHPSecLibRSA::PRIVATE_FORMAT_PKCS1);
+        $pub = RSAKey::toPublic(new RSAKey($key));
+
+        if (self::ENCRYPTION_OAEP === $this->getEncryptionMode()) {
+            $encrypted = JoseRSA::encrypt($pub, $cek, $this->getHashAlgorithm());
+            Assertion::string($encrypted, 'Unable to encrypt the data.');
 
-        $encrypted = $rsa->encrypt($cek);
-        Assertion::string($encrypted, 'Unable to encrypt the data.');
+            return $encrypted;
+        } else {
+            $res = openssl_public_encrypt($cek, $encrypted, $pub->toPEM(), OPENSSL_PKCS1_PADDING | OPENSSL_RAW_DATA);
+            Assertion::true($res, 'Unable to encrypt the data.');
 
-        return $encrypted;
+            return $encrypted;
+        }
     }
 
     /**
@@ -46,14 +61,19 @@ public function decryptKey(JWKInterface $key, $encrypted_key, array $header)
         $this->checkKey($key);
         Assertion::true($key->has('d'), 'The key is not a private key');
 
-        $pem = (new RSAKey($key))->toPEM();
-        $rsa = $this->getRsaObject();
-        $rsa->loadKey($pem, PHPSecLibRSA::PRIVATE_FORMAT_PKCS1);
+        $priv = new RSAKey($key);
+
+        if (self::ENCRYPTION_OAEP === $this->getEncryptionMode()) {
+            $decrypted = JoseRSA::decrypt($priv, $encrypted_key, $this->getHashAlgorithm());
+            Assertion::string($decrypted, 'Unable to decrypt the data.');
 
-        $decrypted = $rsa->decrypt($encrypted_key);
-        Assertion::string($decrypted, 'Unable to decrypt the data.');
+            return $decrypted;
+        } else {
+            $res = openssl_private_decrypt($encrypted_key, $decrypted, $priv->toPEM(), OPENSSL_PKCS1_PADDING | OPENSSL_RAW_DATA);
+            Assertion::true($res, 'Unable to decrypt the data.');
 
-        return $decrypted;
+            return $decrypted;
+        }
     }
 
     /**
@@ -64,22 +84,6 @@ public function getKeyManagementMode()
         return self::MODE_ENCRYPT;
     }
 
-    /**
-     * @return \phpseclib\Crypt\RSA
-     */
-    private function getRsaObject()
-    {
-        $rsa = new PHPSecLibRSA();
-        $encryption_mode = $this->getEncryptionMode();
-        $rsa->setEncryptionMode($encryption_mode);
-        if (PHPSecLibRSA::ENCRYPTION_OAEP === $encryption_mode) {
-            $rsa->setHash($this->getHashAlgorithm());
-            $rsa->setMGFHash($this->getHashAlgorithm());
-        }
-
-        return $rsa;
-    }
-
     /**
      * @param JWKInterface $key
      */

src/Algorithm/KeyEncryption/RSA15.php

@@ -11,8 +11,6 @@
 
 namespace Jose\Algorithm\KeyEncryption;
 
-use phpseclib\Crypt\RSA as PHPSecLibRSA;
-
 /**
  * Class RSA15.
  */
@@ -23,7 +21,7 @@ final class RSA15 extends RSA
      */
     protected function getEncryptionMode()
     {
-        return PHPSecLibRSA::ENCRYPTION_PKCS1;
+        return self::ENCRYPTION_PKCS1;
     }
 
     /**

src/Algorithm/KeyEncryption/RSAOAEP.php

@@ -11,8 +11,6 @@
 
 namespace Jose\Algorithm\KeyEncryption;
 
-use phpseclib\Crypt\RSA as PHPSecLibRSA;
-
 /**
  * Class RSAOAEP.
  */
@@ -23,7 +21,7 @@ final class RSAOAEP extends RSA
      */
     protected function getEncryptionMode()
     {
-        return PHPSecLibRSA::ENCRYPTION_OAEP;
+        return self::ENCRYPTION_OAEP;
     }
 
     /**

src/Algorithm/KeyEncryption/RSAOAEP256.php

@@ -11,8 +11,6 @@
 
 namespace Jose\Algorithm\KeyEncryption;
 
-use phpseclib\Crypt\RSA as PHPSecLibRSA;
-
 /**
  * Class RSAOAEP256.
  */
@@ -23,7 +21,7 @@ final class RSAOAEP256 extends RSA
      */
     public function getEncryptionMode()
     {
-        return PHPSecLibRSA::ENCRYPTION_OAEP;
+        return self::ENCRYPTION_OAEP;
     }
 
     /**

src/Algorithm/Signature/ECDSA.php

@@ -123,7 +123,7 @@ public function verify(JWKInterface $key, $data, $signature)
      * @param string                    $R
      * @param string                    $S
      *
-     * @return boolean
+     * @return bool
      */
     private function verifyOpenSSLSignature(JWKInterface $key, $data, $R, $S)
     {
@@ -144,7 +144,7 @@ private function verifyOpenSSLSignature(JWKInterface $key, $data, $R, $S)
      * @param string                    $R
      * @param string                    $S
      *
-     * @return boolean
+     * @return bool
      */
     private function verifyPHPECCSignature(JWKInterface $key, $data, $R, $S)
     {

src/Algorithm/Signature/RSA.php

@@ -15,20 +15,20 @@
 use Jose\Algorithm\SignatureAlgorithmInterface;
 use Jose\KeyConverter\RSAKey;
 use Jose\Object\JWKInterface;
-use phpseclib\Crypt\RSA as PHPSecLibRSA;
+use Jose\Util\RSA as JoseRSA;
 
 /**
  * Class RSA.
  */
 abstract class RSA implements SignatureAlgorithmInterface
 {
     /**
-     * Probabilistic Signature Scheme
+     * Probabilistic Signature Scheme.
      */
     const SIGNATURE_PSS = 1;
 
     /**
-     * Use the PKCS#1
+     * Use the PKCS#1.
      */
     const SIGNATURE_PKCS1 = 2;
 
@@ -49,15 +49,14 @@ public function verify(JWKInterface $key, $input, $signature)
     {
         $this->checkKey($key);
 
-        $pem = RSAKey::toPublic(new RSAKey($key))->toPEM();
+        $pub = RSAKey::toPublic(new RSAKey($key));
 
         if ($this->getSignatureMethod() === self::SIGNATURE_PSS) {
-            $rsa = $this->getRsaObject();
-            $rsa->loadKey($pem, PHPSecLibRSA::PRIVATE_FORMAT_PKCS1);
 
-            return $rsa->verify($input, $signature);
+            return JoseRSA::verify($pub, $input, $signature, $this->getAlgorithm());
         } else {
-            return 1 === openssl_verify($input, $signature, $pem, $this->getAlgorithm());
+
+            return 1 === openssl_verify($input, $signature, $pub->toPEM(), $this->getAlgorithm());
         }
     }
 
@@ -69,17 +68,15 @@ public function sign(JWKInterface $key, $input)
         $this->checkKey($key);
         Assertion::true($key->has('d'), 'The key is not a private key');
 
-        $pem = (new RSAKey($key))->toPEM();
+        $priv = new RSAKey($key);
 
         if ($this->getSignatureMethod() === self::SIGNATURE_PSS) {
-            $rsa = $this->getRsaObject();
-            $rsa->loadKey($pem, PHPSecLibRSA::PRIVATE_FORMAT_PKCS1);
-            $result = $rsa->sign($input);
+            $result = JoseRSA::sign($priv, $input, $this->getAlgorithm());
             Assertion::string($result, 'An error occurred during the creation of the signature');
 
             return $result;
         } else {
-            $result = openssl_sign($input, $signature, $pem, $this->getAlgorithm());
+            $result = openssl_sign($input, $signature, $priv->toPEM(), $this->getAlgorithm());
             Assertion::true($result, 'Unable to sign');
 
             return $signature;
@@ -93,18 +90,4 @@ private function checkKey(JWKInterface $key)
     {
         Assertion::eq($key->get('kty'), 'RSA', 'Wrong key type.');
     }
-
-    /**
-     * @return \phpseclib\Crypt\RSA
-     */
-    private function getRsaObject()
-    {
-        $rsa = new PHPSecLibRSA();
-        $rsa->setHash($this->getAlgorithm());
-        $rsa->setMGFHash($this->getAlgorithm());
-        $rsa->setSaltLength(0);
-        $rsa->setSignatureMode(PHPSecLibRSA::SIGNATURE_PSS);
-
-        return $rsa;
-    }
 }

src/Behaviour/EncrypterTrait.php

@@ -186,7 +186,7 @@ private function areKeyManagementModesCompatible($current, $new)
         $dir = Algorithm\KeyEncryptionAlgorithmInterface::MODE_DIRECT;
         $enc = Algorithm\KeyEncryptionAlgorithmInterface::MODE_ENCRYPT;
         $wrap = Algorithm\KeyEncryptionAlgorithmInterface::MODE_WRAP;
-        $supported_key_management_mode_combinations = [$enc.$enc     => true,$enc.$wrap    => true,$wrap.$enc    => true,$wrap.$wrap   => true,$agree.$agree => false,$agree.$dir   => false,$agree.$enc   => false,$agree.$wrap  => false,$dir.$agree   => false,$dir.$dir     => false,$dir.$enc     => false,$dir.$wrap    => false,$enc.$agree   => false,$enc.$dir     => false,$wrap.$agree  => false,$wrap.$dir    => false,];
+        $supported_key_management_mode_combinations = [$enc.$enc     => true, $enc.$wrap    => true, $wrap.$enc    => true, $wrap.$wrap   => true, $agree.$agree => false, $agree.$dir   => false, $agree.$enc   => false, $agree.$wrap  => false, $dir.$agree   => false, $dir.$dir     => false, $dir.$enc     => false, $dir.$wrap    => false, $enc.$agree   => false, $enc.$dir     => false, $wrap.$agree  => false, $wrap.$dir    => false];
 
         if (array_key_exists($current.$new, $supported_key_management_mode_combinations)) {
             return $supported_key_management_mode_combinations[$current.$new];

src/Decrypter.php

@@ -38,7 +38,8 @@ public static function createDecrypter(array $key_encryption_algorithms, array $
      * @param string[]|\Jose\Algorithm\ContentEncryptionAlgorithmInterface[] $content_encryption_algorithms
      * @param string[]|\Jose\Compression\CompressionInterface[]              $compression_methods
      */
-    public function __construct(array $key_encryption_algorithms, array $content_encryption_algorithms, array $compression_methods) {
+    public function __construct(array $key_encryption_algorithms, array $content_encryption_algorithms, array $compression_methods)
+    {
         $this->setKeyEncryptionAlgorithms($key_encryption_algorithms);
         $this->setContentEncryptionAlgorithms($content_encryption_algorithms);
         $this->setCompressionMethods($compression_methods);

src/Encrypter.php

@@ -195,7 +195,7 @@ private function getEncryptedKeyFromKeyAgreementAndKeyWrappingAlgorithm(array $c
      */
     private function getEncryptedKeyFromKeyEncryptionAlgorithm(array $complete_headers, $cek, Algorithm\KeyEncryption\KeyEncryptionInterface $key_encryption_algorithm, Object\JWKInterface $recipient_key, array &$additional_headers)
     {
-        return $key_encryption_algorithm->encryptKey($recipient_key,  $cek, $complete_headers, $additional_headers);
+        return $key_encryption_algorithm->encryptKey($recipient_key, $cek, $complete_headers, $additional_headers);
     }
 
     /**