Implementation of RSA algorithm under PHP

/*
* Implementation of the RSA algorithm
* (C) Copyright Edsko de Vries, Ireland
*
* Licensed under the GNU public License (GPL)
*
* This implementation has been verified against [3]
* (tested java/php interoperability).
*
* References:
* [1] "Applied Cryptography", Bruce Schneier, John Wiley & Sons, 1996
* [2] "Prime number hide-and-seek", Brian Raiter, Muppetlabs (online)
* [3] "The bouncy Castle Crypto Package" Legion bouncy of the Castle,
* (Open Source Cryptography Library for Java, online)
* [4] "PKCS #1: RSA Encryption Standard", RSA Laboratories technical Note,
* Version 1.5, revised November 1, 1993
*/

/*
* Functions that are meant to is used by the user of this PHP module.
*
* Notes:
*-$key and $modulus should is numbers in (decimal) string format
*-$message is expected to binary data
*-$keylength should be a multiple of 8, and should is in bits
*-For Rsa_encrypt/rsa_sign, the length of $message should not exceed
* ($keylength/8)-one (as mandated by [4]).
*-Rsa_encrypt and rsa_sign'll automatically add padding to the message.
* For Rsa_encrypt, this padding would consist of random values; For Rsa_sign,
* Padding would consist of the appropriate number of 0xFF values ([4])
*-Rsa_decrypt and rsa_verify'll automatically remove message padding.
*-Blocks for decoding (Rsa_decrypt, rsa_verify) should is exactly
* ($keylength/8) bytes long.
*-Rsa_encrypt and rsa_verify expect a public key; Rsa_decrypt and Rsa_sign
* Expect a private key.
*/

function Rsa_encrypt ($message, $public _key, $modulus, $keylength)
{
$padded = Add_pkcs1_padding ($message, True, $keylength/8);
$number = Binary_to_number ($padded);
$encrypted = Pow_mod ($number, $public _key, $modulus);
$result = Number_to_binary ($encrypted, $keylength/8);

return $result;
}

function Rsa_decrypt ($message, $private _key, $modulus, $keylength)
{
$number = Binary_to_number ($message);
$decrypted = Pow_mod ($number, $private _key, $modulus);
$result = Number_to_binary ($decrypted, $keylength/8);

Return remove_pkcs1_padding ($result, $keylength/8);
}

function Rsa_sign ($message, $private _key, $modulus, $keylength)
{
$padded = Add_pkcs1_padding ($message, False, $keylength/8);
$number = Binary_to_number ($padded);
$signed = Pow_mod ($number, $private _key, $modulus);
$result = Number_to_binary ($signed, $keylength/8);

return $result;
}

function Rsa_verify ($message, $public _key, $modulus, $keylength)
{
Return Rsa_decrypt ($message, $public _key, $modulus, $keylength);
}

/*
* Some Constants
*/

Define ("Bccomp_larger", 1);

/*
* The actual implementation.
* Requires Bcmath Support in PHP (compile with--enable-bcmath)
*/

//--
Calculate (p ^ q) mod R
//
We need some trickery to [2]:
(a) Avoid calculating (p ^ q) before (p ^ q) mod R, because for typical RSA
Applications, (p ^ q) is going to be _way_ too large.
(I mean, __way__ too large-won ' t fit in your computer ' s memory.)
(b) still be reasonably efficient.
//
We assume P, Q and R are all positive, and that R is Non-zero.
//
The more simple algorithm of multiplying $p by itself $q times, and
Applying "mod $r" at every-also-valid, but is O ($q), whereas
Algorithm is O (log $q). Big difference.
//
As far as I can, the algorithm I use is optimal; There is no redundancy
In the calculation of the partial results.
//--
function Pow_mod ($p, $q, $r)
{
Extract powers of 2 from $q
$factors = Array ();
$div = $q;
$power _of_two = 0;
while (Bccomp ($div, "0") = = Bccomp_larger)
{
$rem = Bcmod ($div, 2);
$div = Bcdiv ($div, 2);

if ($rem) Array_push ($factors, $power _of_two);
$power _of_two++;
}

Calculate partial results for each factor with the using each partial result as a
Starting point for the next. This depends of the factors of two being
Generated in increasing order.
$partial _results = Array ();
$part _res = $p;
$idx = 0;
foreach ($factors as $factor)
{
while ($idx < $factor)
{
$part _res = Bcpow ($part _res, "2");
$part _res = Bcmod ($part _res, $r);

$idx + +;
}

Array_pus ($partial _results, $part _res);
}

Calculate Final Result
$result = "1";
foreach ($partial _results as $part _res)
{
$result = Bcmul ($result, $part _res);
$result = Bcmod ($result, $r);
}

return $result;
}

//--
Function to add padding to a decrypted string
We need to know if it is a private or a public key operation [4]
//--
function add_pkcs1_padding ($data, $isPublicKey, $blocksize)
{
$pad _length = $blocksize-3-strlen ($data);

if ($isPublicKey)
{
$block _type = "\x02";

$padding = "";
for ($i = 0; $i < $pad _length; $i + +)
{
$rnd = Mt_rand (1, 255);
$padding. = Chr ($RND);
}
}
Else
{
$block _type = "\x01";
$padding = Str_repeat ("\xff", $pad _length);
}

Return "\x00". $block _type. $padding. "\x00". $data;
}

//--
Remove padding from a decrypted string
[4] for more details.
//--
function remove_pkcs1_padding ($data, $blocksize)
{
ASSERT (strlen ($data) = = $blocksize);
$data = substr ($data, 1);

We cannot deal with block type 0
if ($data {0} = = ' a ')
Die ("block type 0 not implemented.");

Then The block type must is 1 or 2
Assert (($data {0} = = "\x01") | | ($data {0} = = "\x02"));

Remove the padding
$offset = Strpos ($data, "n", 1);
Return substr ($data, $offset + 1);
}

//--
Convert binary data to a decimal number
//--
function Binary_to_number ($data)
{
$base = "256";
$radix = "1";
$result = "0";

for ($i = strlen ($data)-1; $i >= 0; $i--)
{
$digit = Ord ($data {$i});
$part _res = Bcmul ($digit, $radix);
$result = Bcadd ($result, $part _res);
$radix = Bcmul ($radix, $base);
}

return $result;
}

//--
Convert a number back into binary form
//--
function Number_to_binary ($number, $blocksize)
{
$base = "256";
$result = "";

$div = $number;
while ($div > 0)
{
$mod = Bcmod ($div, $base);
$div = Bcdiv ($div, $base);

$result = Chr ($mod). $result;
}

Return Str_pad ($result, $blocksize, "\x00", str_pad_left);
}
?>