1
0
mirror of https://github.com/danog/tgseclib.git synced 2024-11-30 04:39:02 +01:00

SSH2: eliminate some code re-use involving key exchanges for MACs

This commit is contained in:
terrafrost 2019-09-10 23:01:26 -05:00
parent 71ced69714
commit 2774e55ab2

View File

@ -1773,50 +1773,13 @@ class SSH2
throw new NoSupportedAlgorithmsException('No compatible client to server message authentication algorithms found');
}
if ($this->encrypt->usesNonce()) {
if (!$this->encrypt->usesNonce()) {
list($this->hmac_create, $createKeyLegth) = self::mac_algorithm_to_hash_instance($mac_algorithm);
} else {
$this->hmac_create = new \stdClass;
$this->hmac_create->name = $mac_algorithm;
$mac_algorithm = 'none';
}
$createKeyLength = 0; // ie. $mac_algorithm == 'none'
switch ($mac_algorithm) {
case 'umac-64@openssh.com':
case 'umac-64-etm@openssh.com':
$this->hmac_create = new Hash('umac-64');
$createKeyLength = 16;
break;
case 'umac-128@openssh.com':
case 'umac-128-etm@openssh.com':
$this->hmac_create = new Hash('umac-128');
$createKeyLength = 16;
break;
case 'hmac-sha2-512':
case 'hmac-sha2-512-etm@openssh.com':
$this->hmac_create = new Hash('sha512');
$createKeyLength = 64;
break;
case 'hmac-sha2-256':
case 'hmac-sha2-256-etm@openssh.com':
$this->hmac_create = new Hash('sha256');
$createKeyLength = 32;
break;
case 'hmac-sha1':
case 'hmac-sha1-etm@openssh.com':
$this->hmac_create = new Hash('sha1');
$createKeyLength = 20;
break;
case 'hmac-sha1-96':
$this->hmac_create = new Hash('sha1-96');
$createKeyLength = 20;
break;
case 'hmac-md5':
$this->hmac_create = new Hash('md5');
$createKeyLength = 16;
break;
case 'hmac-md5-96':
$this->hmac_create = new Hash('md5-96');
$createKeyLength = 16;
//$mac_algorithm = 'none';
$createKeyLength = 0;
}
if ($this->hmac_create instanceof Hash) {
@ -1835,59 +1798,15 @@ class SSH2
throw new NoSupportedAlgorithmsException('No compatible server to client message authentication algorithms found');
}
if ($this->decrypt->usesNonce()) {
if (!$this->decrypt->usesNonce()) {
list($this->hmac_check, $checkKeyLegth) = self::mac_algorithm_to_hash_instance($mac_algorithm);
$this->hmac_size = $this->getLengthInBytes();
} else {
$this->hmac_check = new \stdClass;
$this->hmac_check->name = $mac_algorithm;
$mac_algorithm = 'none';
}
$checkKeyLength = 0;
$this->hmac_size = 0;
switch ($mac_algorithm) {
case 'umac-64@openssh.com':
case 'umac-64-etm@openssh.com':
$this->hmac_check = new Hash('umac-64');
$checkKeyLength = 16;
$this->hmac_size = 8;
break;
case 'umac-128@openssh.com':
case 'umac-128-etm@openssh.com':
$this->hmac_check = new Hash('umac-128');
$checkKeyLength = 16;
$this->hmac_size = 16;
break;
case 'hmac-sha2-512':
case 'hmac-sha2-512-etm@openssh.com':
$this->hmac_check = new Hash('sha512');
$checkKeyLength = 64;
$this->hmac_size = 64;
break;
case 'hmac-sha2-256':
case 'hmac-sha2-256-etm@openssh.com':
$this->hmac_check = new Hash('sha256');
$checkKeyLength = 32;
$this->hmac_size = 32;
break;
case 'hmac-sha1':
case 'hmac-sha1-etm@openssh.com':
$this->hmac_check = new Hash('sha1');
$checkKeyLength = 20;
$this->hmac_size = 20;
break;
case 'hmac-sha1-96':
$this->hmac_check = new Hash('sha1-96');
$checkKeyLength = 20;
$this->hmac_size = 12;
break;
case 'hmac-md5':
$this->hmac_check = new Hash('md5');
$checkKeyLength = 16;
$this->hmac_size = 16;
break;
case 'hmac-md5-96':
$this->hmac_check = new Hash('md5-96');
$checkKeyLength = 16;
$this->hmac_size = 12;
//$mac_algorithm = 'none';
$checkKeyLength = 0;
$this->hmac_size = 0;
}
if ($this->hmac_check instanceof Hash) {
@ -1966,10 +1885,10 @@ class SSH2
/**
* Maps an encryption algorithm name to an instance of a subclass of
* \phpseclib\Crypt\Base.
* \phpseclib\Crypt\Common\SymmetricKey.
*
* @param string $algorithm Name of the encryption algorithm
* @return mixed Instance of \phpseclib\Crypt\Base or null for unknown
* @return mixed Instance of \phpseclib\Crypt\Common\SymmetricKey or null for unknown
* @access private
*/
private static function encryption_algorithm_to_crypt_instance($algorithm)
@ -2013,6 +1932,41 @@ class SSH2
return null;
}
/**
* Maps an encryption algorithm name to an instance of a subclass of
* \phpseclib\Crypt\Hash.
*
* @param string $algorithm Name of the encryption algorithm
* @return mixed Instance of \phpseclib\Crypt\Hash or null for unknown
* @access private
*/
private static function mac_algorithm_to_hash_instance($algorithm)
{
switch ($algorithm) {
case 'umac-64@openssh.com':
case 'umac-64-etm@openssh.com':
return [new Hash('umac-64'), 16];
case 'umac-128@openssh.com':
case 'umac-128-etm@openssh.com':
return [new Hash('umac-128'), 16];
case 'hmac-sha2-512':
case 'hmac-sha2-512-etm@openssh.com':
return [new Hash('sha512'), 64];
case 'hmac-sha2-256':
case 'hmac-sha2-256-etm@openssh.com':
return [new Hash('sha256'), 32];
case 'hmac-sha1':
case 'hmac-sha1-etm@openssh.com':
return [new Hash('sha1'), 20];
case 'hmac-sha1-96':
return [new Hash('sha1-96'), 20];
case 'hmac-md5':
return [new Hash('md5'), 16];
case 'hmac-md5-96':
return [new Hash('md5-96'), 16];
}
}
/*
* Tests whether or not proposed algorithm has a potential for issues
*