danog/phpseclib
1
0
Fork 0
mirror of https://github.com/danog/phpseclib.git synced 2024-12-02 17:52:59 +01:00
Code Issues Projects Releases Wiki Activity

SSH2: stop using more dynamic properties in SymmetricKey

Browse Source
This commit is contained in:
terrafrost 2022-02-01 21:17:10 -06:00
parent f900045772
commit 56973d40db
2 changed files with 24 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
phpseclib/Crypt/Common/SymmetricKey.php
View File

@ -213,9 +213,6 @@ abstract class SymmetricKey
self::ENGINE_OPENSSL_GCM => 'OpenSSL (GCM)' self::ENGINE_OPENSSL_GCM => 'OpenSSL (GCM)'
]; ];
/** @var string|false */
public $fixed;
/** /**
* The Encryption Mode * The Encryption Mode
* *

28
phpseclib/Net/SSH2.php
View File

@ -427,6 +427,16 @@ class SSH2
*/ */
private $decryptInvocationCounter; private $decryptInvocationCounter;
/**
* Fixed Part of Nonce
*
* Used by GCM
*
* @var string|null
* @access private
*/
private $decryptFixedPart;
/** /**
* Server to Client Length Encryption Object * Server to Client Length Encryption Object
* *
@ -463,6 +473,16 @@ class SSH2
*/ */
private $encryptInvocationCounter; private $encryptInvocationCounter;
/**
* Fixed Part of Nonce
*
* Used by GCM
*
* @var string|null
* @access private
*/
private $encryptFixedPart;
/** /**
* Client to Server Length Encryption Object * Client to Server Length Encryption Object
* *
@ -1926,7 +1946,7 @@ class SSH2
case 'aes128-gcm@openssh.com': case 'aes128-gcm@openssh.com':
case 'aes256-gcm@openssh.com': case 'aes256-gcm@openssh.com':
$nonce = $kexHash->hash($keyBytes . $this->exchange_hash . 'A' . $this->session_id); $nonce = $kexHash->hash($keyBytes . $this->exchange_hash . 'A' . $this->session_id);
$this->encrypt->fixed = substr($nonce, 0, 4); $this->encryptFixedPart = substr($nonce, 0, 4);
$this->encryptInvocationCounter = substr($nonce, 4, 8); $this->encryptInvocationCounter = substr($nonce, 4, 8);
case 'chacha20-poly1305@openssh.com': case 'chacha20-poly1305@openssh.com':
break; break;
@ -1971,7 +1991,7 @@ class SSH2
case 'aes256-gcm@openssh.com': case 'aes256-gcm@openssh.com':
// see https://tools.ietf.org/html/rfc5647#section-7.1 // see https://tools.ietf.org/html/rfc5647#section-7.1
$nonce = $kexHash->hash($keyBytes . $this->exchange_hash . 'B' . $this->session_id); $nonce = $kexHash->hash($keyBytes . $this->exchange_hash . 'B' . $this->session_id);
$this->decrypt->fixed = substr($nonce, 0, 4); $this->decryptFixedPart = substr($nonce, 0, 4);
$this->decryptInvocationCounter = substr($nonce, 4, 8); $this->decryptInvocationCounter = substr($nonce, 4, 8);
case 'chacha20-poly1305@openssh.com': case 'chacha20-poly1305@openssh.com':
break; break;
@ -3438,7 +3458,7 @@ class SSH2
case 'aes128-gcm@openssh.com': case 'aes128-gcm@openssh.com':
case 'aes256-gcm@openssh.com': case 'aes256-gcm@openssh.com':
$this->decrypt->setNonce( $this->decrypt->setNonce(
$this->decrypt->fixed . $this->decryptFixedPart .
$this->decryptInvocationCounter $this->decryptInvocationCounter
); );
Strings::increment_str($this->decryptInvocationCounter); Strings::increment_str($this->decryptInvocationCounter);
@ -4201,7 +4221,7 @@ class SSH2
case 'aes128-gcm@openssh.com': case 'aes128-gcm@openssh.com':
case 'aes256-gcm@openssh.com': case 'aes256-gcm@openssh.com':
$this->encrypt->setNonce( $this->encrypt->setNonce(
$this->encrypt->fixed . $this->encryptFixedPart .
$this->encryptInvocationCounter $this->encryptInvocationCounter
); );
Strings::increment_str($this->encryptInvocationCounter); Strings::increment_str($this->encryptInvocationCounter);