1
0
mirror of https://github.com/danog/phpseclib.git synced 2024-12-15 02:17:04 +01:00

Merge branch '3.0'

This commit is contained in:
terrafrost 2020-01-17 06:07:14 -06:00
commit 3efafb14b9

View File

@ -1531,8 +1531,8 @@ class SSH2
substr($this->kex_algorithm, 10); substr($this->kex_algorithm, 10);
$ourPrivate = EC::createKey($curve); $ourPrivate = EC::createKey($curve);
$ourPublicBytes = $ourPrivate->getPublicKey()->getEncodedCoordinates(); $ourPublicBytes = $ourPrivate->getPublicKey()->getEncodedCoordinates();
$clientKexInitMessage = NET_SSH2_MSG_KEX_ECDH_INIT; $clientKexInitMessage = 'NET_SSH2_MSG_KEX_ECDH_INIT';
$serverKexReplyMessage = NET_SSH2_MSG_KEX_ECDH_REPLY; $serverKexReplyMessage = 'NET_SSH2_MSG_KEX_ECDH_REPLY';
} else { } else {
if (strpos($this->kex_algorithm, 'diffie-hellman-group-exchange') === 0) { if (strpos($this->kex_algorithm, 'diffie-hellman-group-exchange') === 0) {
$dh_group_sizes_packed = pack( $dh_group_sizes_packed = pack(
@ -1547,6 +1547,7 @@ class SSH2
$dh_group_sizes_packed $dh_group_sizes_packed
); );
$this->send_binary_packet($packet); $this->send_binary_packet($packet);
$this->updateLogHistory('UNKNOWN (34)', 'NET_SSH2_MSG_KEXDH_GEX_REQUEST');
$response = $this->get_binary_packet(); $response = $this->get_binary_packet();
if ($response === false) { if ($response === false) {
@ -1558,6 +1559,7 @@ class SSH2
if ($type != NET_SSH2_MSG_KEXDH_GEX_GROUP) { if ($type != NET_SSH2_MSG_KEXDH_GEX_GROUP) {
throw new \UnexpectedValueException('Expected SSH_MSG_KEX_DH_GEX_GROUP'); throw new \UnexpectedValueException('Expected SSH_MSG_KEX_DH_GEX_GROUP');
} }
$this->updateLogHistory('NET_SSH2_MSG_KEXDH_REPLY', 'NET_SSH2_MSG_KEXDH_GEX_GROUP');
$prime = new BigInteger($primeBytes, -256); $prime = new BigInteger($primeBytes, -256);
$g = new BigInteger($gBytes, -256); $g = new BigInteger($gBytes, -256);
@ -1568,12 +1570,12 @@ class SSH2
); );
$params = DH::createParameters($prime, $g); $params = DH::createParameters($prime, $g);
$clientKexInitMessage = NET_SSH2_MSG_KEXDH_GEX_INIT; $clientKexInitMessage = 'NET_SSH2_MSG_KEXDH_GEX_INIT';
$serverKexReplyMessage = NET_SSH2_MSG_KEXDH_GEX_REPLY; $serverKexReplyMessage = 'NET_SSH2_MSG_KEXDH_GEX_REPLY';
} else { } else {
$params = DH::createParameters($this->kex_algorithm); $params = DH::createParameters($this->kex_algorithm);
$clientKexInitMessage = NET_SSH2_MSG_KEXDH_INIT; $clientKexInitMessage = 'NET_SSH2_MSG_KEXDH_INIT';
$serverKexReplyMessage = NET_SSH2_MSG_KEXDH_REPLY; $serverKexReplyMessage = 'NET_SSH2_MSG_KEXDH_REPLY';
} }
$keyLength = min($kexHash->getLengthInBytes(), max($encryptKeyLength, $decryptKeyLength)); $keyLength = min($kexHash->getLengthInBytes(), max($encryptKeyLength, $decryptKeyLength));
@ -1583,10 +1585,18 @@ class SSH2
$ourPublicBytes = $ourPublic->toBytes(true); $ourPublicBytes = $ourPublic->toBytes(true);
} }
$data = pack('CNa*', $clientKexInitMessage, strlen($ourPublicBytes), $ourPublicBytes); $data = pack('CNa*', constant($clientKexInitMessage), strlen($ourPublicBytes), $ourPublicBytes);
$this->send_binary_packet($data); $this->send_binary_packet($data);
switch ($clientKexInitMessage) {
case 'NET_SSH2_MSG_KEX_ECDH_INIT':
$this->updateLogHistory('NET_SSH2_MSG_KEXDH_INIT', 'NET_SSH2_MSG_KEX_ECDH_INIT');
break;
case 'NET_SSH2_MSG_KEXDH_GEX_INIT':
$this->updateLogHistory('UNKNOWN (32)', 'NET_SSH2_MSG_KEXDH_GEX_INIT');
}
$response = $this->get_binary_packet(); $response = $this->get_binary_packet();
if ($response === false) { if ($response === false) {
$this->bitmap = 0; $this->bitmap = 0;
@ -1603,8 +1613,15 @@ class SSH2
$this->signature $this->signature
) = Strings::unpackSSH2('Csss', $response); ) = Strings::unpackSSH2('Csss', $response);
if ($type != $serverKexReplyMessage) { if ($type != constant($serverKexReplyMessage)) {
throw new \UnexpectedValueException('Expected SSH_MSG_KEXDH_REPLY'); throw new \UnexpectedValueException("Expected $serverKexReplyMessage");
}
switch ($serverKexReplyMessage) {
case 'NET_SSH2_MSG_KEX_ECDH_REPLY':
$this->updateLogHistory('NET_SSH2_MSG_KEXDH_REPLY', 'NET_SSH2_MSG_KEX_ECDH_REPLY');
break;
case 'NET_SSH2_MSG_KEXDH_GEX_REPLY':
$this->updateLogHistory('UNKNOWN (33)', 'NET_SSH2_MSG_KEXDH_GEX_REPLY');
} }
$this->server_public_host_key = $server_public_host_key; $this->server_public_host_key = $server_public_host_key;
@ -2184,9 +2201,7 @@ class SSH2
list($type) = Strings::unpackSSH2('C', $response); list($type) = Strings::unpackSSH2('C', $response);
switch ($type) { switch ($type) {
case NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ: // in theory, the password can be changed case NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ: // in theory, the password can be changed
if (defined('NET_SSH2_LOGGING')) { $this->updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ');
$this->message_number_log[count($this->message_number_log) - 1] = 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ';
}
list($message) = Strings::unpackSSH2('s', $response); list($message) = Strings::unpackSSH2('s', $response);
$this->errors[] = 'SSH_MSG_USERAUTH_PASSWD_CHANGEREQ: ' . $message; $this->errors[] = 'SSH_MSG_USERAUTH_PASSWD_CHANGEREQ: ' . $message;
@ -2296,12 +2311,8 @@ class SSH2
// see http://tools.ietf.org/html/rfc4256#section-3.2 // see http://tools.ietf.org/html/rfc4256#section-3.2
if (strlen($this->last_interactive_response)) { if (strlen($this->last_interactive_response)) {
$this->last_interactive_response = ''; $this->last_interactive_response = '';
} elseif (defined('NET_SSH2_LOGGING') && NET_SSH2_LOGGING == self::LOG_COMPLEX) { } else {
$this->message_number_log[count($this->message_number_log) - 1] = str_replace( $this->updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_INFO_REQUEST');
'UNKNOWN',
'NET_SSH2_MSG_USERAUTH_INFO_REQUEST',
$this->message_number_log[count($this->message_number_log) - 1]
);
} }
if (!count($responses) && $num_prompts) { if (!count($responses) && $num_prompts) {
@ -2322,13 +2333,7 @@ class SSH2
$this->send_binary_packet($packet, $logged); $this->send_binary_packet($packet, $logged);
if (defined('NET_SSH2_LOGGING') && NET_SSH2_LOGGING == self::LOG_COMPLEX) { $this->updateLogHistory('UNKNOWN (61)', 'NET_SSH2_MSG_USERAUTH_INFO_RESPONSE');
$this->message_number_log[count($this->message_number_log) - 1] = str_replace(
'UNKNOWN',
'NET_SSH2_MSG_USERAUTH_INFO_RESPONSE',
$this->message_number_log[count($this->message_number_log) - 1]
);
}
/* /*
After receiving the response, the server MUST send either an After receiving the response, the server MUST send either an
@ -2462,13 +2467,7 @@ class SSH2
case NET_SSH2_MSG_USERAUTH_PK_OK: case NET_SSH2_MSG_USERAUTH_PK_OK:
// we'll just take it on faith that the public key blob and the public key algorithm name are as // we'll just take it on faith that the public key blob and the public key algorithm name are as
// they should be // they should be
if (defined('NET_SSH2_LOGGING') && NET_SSH2_LOGGING == self::LOG_COMPLEX) { $this->updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_PK_OK');
$this->message_number_log[count($this->message_number_log) - 1] = str_replace(
'UNKNOWN',
'NET_SSH2_MSG_USERAUTH_PK_OK',
$this->message_number_log[count($this->message_number_log) - 1]
);
}
} }
$packet = $part1 . chr(1) . $part2; $packet = $part1 . chr(1) . $part2;
@ -4838,4 +4837,22 @@ class SSH2
{ {
return self::$connections; return self::$connections;
} }
/*
* Update packet types in log history
*
* @param string $old
* @param string $new
* @access private
*/
private function updateLogHistory($old, $new)
{
if (defined('NET_SSH2_LOGGING') && NET_SSH2_LOGGING == self::LOG_COMPLEX) {
$this->message_number_log[count($this->message_number_log) - 1] = str_replace(
$old,
$new,
$this->message_number_log[count($this->message_number_log) - 1]
);
}
}
} }