RSA key creation with length lower than 512 is now rejected

Spomky · Spomky · commit 6c764ae0fff8 · 2019-01-04T21:54:18.000+01:00
diff --git a/src/Component/KeyManagement/JWKFactory.php b/src/Component/KeyManagement/JWKFactory.php
@@ -34,16 +34,17 @@ public static function createRSAKey(int $size, array $values = []): JWK
             throw new \InvalidArgumentException('Invalid key size.');
         }
 
-        if (384 > $size) {
-            throw new \InvalidArgumentException('Key length is too short. It needs to be at least 384 bits.');
+        if (512 > $size) {
+            throw new \InvalidArgumentException('Key length is too short. It needs to be at least 512 bits.');
         }
 
         $key = \openssl_pkey_new([
             'private_key_bits' => $size,
             'private_key_type' => OPENSSL_KEYTYPE_RSA,
         ]);
-        \openssl_pkey_export($key, $out);
-        $rsa = RSAKey::createFromPEM($out);
+        $details = \openssl_pkey_get_details($key);
+        \openssl_free_key($key);
+        $rsa = RSAKey::createFromKeyDetails($details['rsa']);
         $values = \array_merge(
             $values,
             $rsa->toArray()
diff --git a/src/Component/KeyManagement/KeyConverter/RSAKey.php b/src/Component/KeyManagement/KeyConverter/RSAKey.php
@@ -38,55 +38,57 @@ private function __construct(array $data)
     /**
      * @return RSAKey
      */
-    public static function createFromPEM(string $pem): self
+    public static function createFromKeyDetails(array $details): self
     {
-        $data = self::loadPEM($pem);
+        $values = ['kty' => 'RSA'];
+        $keys = [
+            'n' => 'n',
+            'e' => 'e',
+            'd' => 'd',
+            'p' => 'p',
+            'q' => 'q',
+            'dp' => 'dmp1',
+            'dq' => 'dmq1',
+            'qi' => 'iqmp',
+        ];
+        foreach ($details as $key => $value) {
+            if (\in_array($key, $keys, true)) {
+                $value = Base64Url::encode($value);
+                $values[\array_search($key, $keys, true)] = $value;
+            }
+        }
 
-        return new self($data);
+        return new self($values);
     }
 
     /**
      * @return RSAKey
      */
-    public static function createFromJWK(JWK $jwk): self
-    {
-        return new self($jwk->all());
-    }
-
-    private static function loadPEM(string $data): array
+    public static function createFromPEM(string $pem): self
     {
-        $res = \openssl_pkey_get_private($data);
+        $res = \openssl_pkey_get_private($pem);
         if (false === $res) {
-            $res = \openssl_pkey_get_public($data);
+            $res = \openssl_pkey_get_public($pem);
         }
         if (false === $res) {
             throw new \InvalidArgumentException('Unable to load the key.');
         }
 
         $details = \openssl_pkey_get_details($res);
+        \openssl_free_key($res);
         if (!\array_key_exists('rsa', $details)) {
             throw new \InvalidArgumentException('Unable to load the key.');
         }
 
-        $values = ['kty' => 'RSA'];
-        $keys = [
-            'n' => 'n',
-            'e' => 'e',
-            'd' => 'd',
-            'p' => 'p',
-            'q' => 'q',
-            'dp' => 'dmp1',
-            'dq' => 'dmq1',
-            'qi' => 'iqmp',
-        ];
-        foreach ($details['rsa'] as $key => $value) {
-            if (\in_array($key, $keys, true)) {
-                $value = Base64Url::encode($value);
-                $values[\array_search($key, $keys, true)] = $value;
-            }
-        }
+        return self::createFromKeyDetails($details['rsa']);
+    }
 
-        return $values;
+    /**
+     * @return RSAKey
+     */
+    public static function createFromJWK(JWK $jwk): self
+    {
+        return new self($jwk->all());
     }
 
     public function isPublic(): bool
diff --git a/src/Component/KeyManagement/Tests/Keys/RSAKeysTest.php b/src/Component/KeyManagement/Tests/Keys/RSAKeysTest.php
@@ -280,9 +280,9 @@ public function convertPrivateKeyToPublic()
     /**
      * @test
      */
-    public function createRSAKey384Bits()
+    public function createRSAKey512Bits()
     {
-        $jwk = JWKFactory::createRSAKey(384);
+        $jwk = JWKFactory::createRSAKey(512);
 
         static::assertEquals('RSA', $jwk->get('kty'));
         static::assertTrue($jwk->has('p'));
