Edit report at https://bugs.php.net/bug.php?id=38917&edit=1
ID: 38917
Comment by: jason dot gerfen at gmail dot com
Reported by: zeph at purotesto dot it
Summary: OpenSSL: signing function for spkac
Status: Open
Type: Feature/Change Request
Package: OpenSSL related
Operating System: Irrilevant
PHP Version: trunk
Block user comment: N
Private report: N
New Comment:
<form id="spkac" name="spkac" method="post" action="openssl-spki.php">
<keygen name="spki-key" keytype="rsa" challenge="testing"></keygen>
<input type="submit">
</form>
<?php
if (!empty($_POST['spki-key'])) {
echo '<pre>'; print_r($_POST['spki-key']); echo '</pre>';
}
if (empty($_POST['spki-key'])){
echo "Generating private key...";
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
echo "done<br/>";
echo "============================<br/>";
}
if (empty($_POST['spki-key'])){
echo "Creating SPKAC...<br/>";
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'wtfd00d');
echo "<pre>".$spki."</pre>";
}
echo "<br/>done<br/>";
echo "============================<br/>";
}
echo "Verifying SPKAC...<br/>";
if (function_exists('openssl_spki_verify')){
$y = (empty($_POST['spki-key'])) ?
openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_verify($_POST['spki-key']);
var_dump($y);
}
echo "<br/>============================<br/>";
echo "Exporting challenge from SPKAC...<br/>";
if (function_exists('openssl_spki_export_challenge')){
$x = (empty($_POST['spki-key'])) ?
openssl_spki_export_challenge(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_export_challenge($_POST['spki-key']);
echo $x;
}
echo "<br/>done<br/>";
echo "============================<br/>";
echo "Exporting public key from SPKAC...<br/>";
if (function_exists('openssl_spki_export')){
$z = (empty($_POST['spki-key'])) ?
openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_export($_POST['spki-key']);
echo '<pre>'; print_r($z); echo '</pre>';
}
echo "<br/>============================<br/>";
echo "SPKAC details...<br/>";
if (function_exists('openssl_spki_details')){
$w = (empty($_POST['spki-key'])) ?
openssl_spki_details(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_details($_POST['spki-key']);
echo '<pre>'; print_r($w); echo '</pre>';
}
echo "done<br/>";
echo "============================<br/>";
if (empty($_POST['spki-key'])){
openssl_free_key($key);
}
?>
Previous Comments:
------------------------------------------------------------------------
[2011-12-13 17:04:07] [email protected]
Hi!
Thanks for the patch, please add some test cases as well (phpt format) so we
can
easily valid the new functions.
Also be sure that the patched ssl can still be built against older openssl
version
as we still support them (0.9.x serie for trunk and 5.4).
------------------------------------------------------------------------
[2011-12-13 16:56:43] jason dot gerfen at gmail dot com
Since I have not seen any changes on this I am going to post the patch to php-
internals list.
------------------------------------------------------------------------
[2011-12-08 10:57:03] jason dot gerfen at gmail dot com
I modified the test case and fixed a slight memory problem that would
occasionally take place when allocating memory for the openssl_spki_new()
return value.
echo "Generating private key...";
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
echo "done\n";
echo "============================\n";
echo "Creating SPKAC...\n";
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'wtfd00d');
echo $spki;
}
echo "done\n";
echo "============================\n";
echo "SPKAC details...\n";
if (function_exists('openssl_spki_details')){
$x = (empty($_POST['spki-key'])) ?
openssl_spki_details(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_details($_POST['spki-key']);
var_dump($x);
}
echo "done\n";
echo "============================\n";
echo "Verifying SPKAC...\n";
if (function_exists('openssl_spki_verify')){
$y = (empty($_POST['spki-key'])) ?
openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_verify($_POST['spki-key']);
var_dump($y);
}
echo "\n============================\n";
echo "Exporting public key from SPKAC...\n";
if (function_exists('openssl_spki_export')){
$z = (empty($_POST['spki-key'])) ?
openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_export($_POST['spki-key']);
var_dump($z);
}
------------------------------------------------------------------------
[2011-12-06 11:28:50] jason dot gerfen at gmail dot com
Here is a patch to implement three new functions to help with verification of
the SPKAC HTML keygen element.
To patch:
1. Download PHP-5.3.8
2. Download patch from here (spki.patch)
3. Apply patch
%> patch -p0 < spki.patch
4. Configure and compiled PHP
%> ./configure --with-openssl=/path/to/openssl
%> make && make install
Test script:
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'password');
echo $spki.'\n\r';
}
if (function_exists('openssl_spki_verify')){
echo openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)).'\n\r';
}
if (function_exists('openssl_spki_export')){
echo openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)).'\n\r';
}
------------------------------------------------------------------------
[2011-12-03 02:55:06] jason dot gerfen at gmail dot com
Not sure how to go about submitting a patch I am working on to address this.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=38917
--
Edit this bug report at https://bugs.php.net/bug.php?id=38917&edit=1
