Skip to content

Commit

Permalink
Merge pull request #13 from liip-forks/fix-rsa-caching
Browse files Browse the repository at this point in the history 
made RSA caching optional
  • Loading branch information
@paragonie-scott
paragonie-scott authored Jun 14, 2017
2 parents 860d221 + a50c024 commit e212e5a
Showing 1 changed file with 54 additions and 25 deletions.
79 changes: 54 additions & 25 deletions src/EasyRSA.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
namespace ParagonIE\EasyRSA;

// PHPSecLib:
use ParagonIE\EasyRSA\Exception\InvalidKeyException;
use \phpseclib\Crypt\RSA;
// defuse/php-encryption:
use \ParagonIE\ConstantTime\Base64;
Expand All @@ -16,6 +17,39 @@ class EasyRSA implements EasyRSAInterface
const SEPARATOR = '$';
const VERSION_TAG = "EzR2";

static private $rsa;

/**
* Set RSA to use in between calls
*
* @param RSA|null $rsa
*/
public static function setRsa(RSA $rsa = null)
{
self::$rsa = $rsa;
}

/**
* Get RSA
*
* @param int $mode
*
* @return RSA
*/
public static function getRsa($mode)
{
if (self::$rsa) {
$rsa = self::$rsa;
} else {
$rsa = new RSA();
$rsa->setMGFHash('sha256');
}

$rsa->setSignatureMode($mode);

return $rsa;
}

/**
* KEM+DEM approach to RSA encryption.
*
Expand Down Expand Up @@ -123,14 +157,13 @@ public static function decrypt($ciphertext, PrivateKey $rsaPrivateKey)
*/
public static function sign($message, PrivateKey $rsaPrivateKey)
{
static $rsa = null;
if (!$rsa) {
$rsa = new RSA();
$rsa->setSignatureMode(RSA::SIGNATURE_PSS);
$rsa->setMGFHash('sha256');
$rsa = self::getRsa(RSA::SIGNATURE_PSS);

$return = $rsa->loadKey($rsaPrivateKey->getKey());
if ($return === false) {
throw new InvalidKeyException('Signing failed due to invalid key');
}

$rsa->loadKey($rsaPrivateKey->getKey());
return $rsa->sign($message);
}

Expand All @@ -144,14 +177,13 @@ public static function sign($message, PrivateKey $rsaPrivateKey)
*/
public static function verify($message, $signature, PublicKey $rsaPublicKey)
{
static $rsa = null;
if (!$rsa) {
$rsa = new RSA();
$rsa->setSignatureMode(RSA::SIGNATURE_PSS);
$rsa->setMGFHash('sha256');
$rsa = self::getRsa(RSA::SIGNATURE_PSS);

$return = $rsa->loadKey($rsaPublicKey->getKey());
if ($return === false) {
throw new InvalidKeyException('Verification failed due to invalid key');
}

$rsa->loadKey($rsaPublicKey->getKey());
return $rsa->verify($message, $signature);
}

Expand All @@ -165,14 +197,13 @@ public static function verify($message, $signature, PublicKey $rsaPublicKey)
*/
protected static function rsaEncrypt($plaintext, PublicKey $rsaPublicKey)
{
static $rsa = null;
if (!$rsa) {
$rsa = new RSA();
$rsa->setEncryptionMode(RSA::ENCRYPTION_OAEP);
$rsa->setMGFHash('sha256');
$rsa = self::getRsa(RSA::ENCRYPTION_OAEP);

$return = $rsa->loadKey($rsaPublicKey->getKey());
if ($return === false) {
throw new InvalidKeyException('Ecryption failed due to invalid key');
}

$rsa->loadKey($rsaPublicKey->getKey());
return $rsa->encrypt($plaintext);
}

Expand All @@ -186,14 +217,12 @@ protected static function rsaEncrypt($plaintext, PublicKey $rsaPublicKey)
*/
protected static function rsaDecrypt($ciphertext, PrivateKey $rsaPrivateKey)
{
static $rsa = null;
if (!$rsa) {
$rsa = new RSA();
$rsa->setEncryptionMode(RSA::ENCRYPTION_OAEP);
$rsa->setMGFHash('sha256');
}
$rsa = self::getRsa(RSA::ENCRYPTION_OAEP);

$rsa->loadKey($rsaPrivateKey->getKey());
$return = $rsa->loadKey($rsaPrivateKey->getKey());
if ($return === false) {
throw new InvalidKeyException('Decryption failed due to invalid key');
}

$return = @$rsa->decrypt($ciphertext);
if ($return === false) {
Expand Down

0 comments on commit e212e5a

Please sign in to comment.