danog/tgseclib
1
0
Fork 0
mirror of https://github.com/danog/tgseclib.git synced 2024-11-26 20:24:39 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into cipher-revamp

Browse Source
This commit is contained in:
terrafrost 2016-02-20 21:44:00 -06:00
commit ae1e5c13f9
24 changed files with 134 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
phpseclib/Crypt/AES.php
View File

@ -49,8 +49,6 @@
namespace phpseclib\Crypt; namespace phpseclib\Crypt;
use phpseclib\Crypt\Rijndael;
/** /**
* Pure-PHP implementation of AES. * Pure-PHP implementation of AES.
* *

12
phpseclib/Crypt/Base.php
View File

@ -36,8 +36,6 @@
namespace phpseclib\Crypt; namespace phpseclib\Crypt;
use phpseclib\Crypt\Hash;
/** /**
* Base Class for all \phpseclib\Crypt\* cipher classes * Base Class for all \phpseclib\Crypt\* cipher classes
* *
@ -727,10 +725,13 @@ abstract class Base
return !defined('OPENSSL_RAW_DATA') ? substr($result, 0, -$this->block_size) : $result; return !defined('OPENSSL_RAW_DATA') ? substr($result, 0, -$this->block_size) : $result;
case self::MODE_CBC: case self::MODE_CBC:
$result = openssl_encrypt($plaintext, $this->cipher_name_openssl, $this->key, $this->openssl_options, $this->encryptIV); $result = openssl_encrypt($plaintext, $this->cipher_name_openssl, $this->key, $this->openssl_options, $this->encryptIV);
if (!defined('OPENSSL_RAW_DATA')) {
$result = substr($result, 0, -$this->block_size);
}
if ($this->continuousBuffer) { if ($this->continuousBuffer) {
$this->encryptIV = substr($result, -$this->block_size); $this->encryptIV = substr($result, -$this->block_size);
} }
return !defined('OPENSSL_RAW_DATA') ? substr($result, 0, -$this->block_size) : $result; return $result;
case self::MODE_CTR: case self::MODE_CTR:
return $this->_openssl_ctr_process($plaintext, $this->encryptIV, $this->enbuffer); return $this->_openssl_ctr_process($plaintext, $this->encryptIV, $this->enbuffer);
case self::MODE_CFB: case self::MODE_CFB:
@ -1032,10 +1033,13 @@ abstract class Base
if (!defined('OPENSSL_RAW_DATA')) { if (!defined('OPENSSL_RAW_DATA')) {
$padding = str_repeat(chr($this->block_size), $this->block_size) ^ substr($ciphertext, -$this->block_size); $padding = str_repeat(chr($this->block_size), $this->block_size) ^ substr($ciphertext, -$this->block_size);
$ciphertext.= substr(openssl_encrypt($padding, $this->cipher_name_openssl_ecb, $this->key, true), 0, $this->block_size); $ciphertext.= substr(openssl_encrypt($padding, $this->cipher_name_openssl_ecb, $this->key, true), 0, $this->block_size);
$offset = 2 * $this->block_size;
} else {
$offset = $this->block_size;
} }
$plaintext = openssl_decrypt($ciphertext, $this->cipher_name_openssl, $this->key, $this->openssl_options, $this->decryptIV); $plaintext = openssl_decrypt($ciphertext, $this->cipher_name_openssl, $this->key, $this->openssl_options, $this->decryptIV);
if ($this->continuousBuffer) { if ($this->continuousBuffer) {
$this->decryptIV = substr($ciphertext, -$this->block_size); $this->decryptIV = substr($ciphertext, -$offset, $this->block_size);
} }
break; break;
case self::MODE_CTR: case self::MODE_CTR:

2
phpseclib/Crypt/Blowfish.php
View File

@ -37,8 +37,6 @@
namespace phpseclib\Crypt; namespace phpseclib\Crypt;
use phpseclib\Crypt\Base;
/** /**
* Pure-PHP implementation of Blowfish. * Pure-PHP implementation of Blowfish.
* *

2
phpseclib/Crypt/DES.php
View File

@ -42,8 +42,6 @@
namespace phpseclib\Crypt; namespace phpseclib\Crypt;
use phpseclib\Crypt\Base;
/** /**
* Pure-PHP implementation of DES. * Pure-PHP implementation of DES.
* *

2
phpseclib/Crypt/RC2.php
View File

@ -35,8 +35,6 @@
namespace phpseclib\Crypt; namespace phpseclib\Crypt;
use phpseclib\Crypt\Base;
/** /**
* Pure-PHP implementation of RC2. * Pure-PHP implementation of RC2.
* *

2
phpseclib/Crypt/RC4.php
View File

@ -44,8 +44,6 @@
namespace phpseclib\Crypt; namespace phpseclib\Crypt;
use phpseclib\Crypt\Base;
/** /**
* Pure-PHP implementation of RC4. * Pure-PHP implementation of RC4.
* *

2
phpseclib/Crypt/RSA.php
View File

@ -45,8 +45,8 @@
namespace phpseclib\Crypt; namespace phpseclib\Crypt;
use phpseclib\Math\BigInteger;
use phpseclib\File\ASN1; use phpseclib\File\ASN1;
use phpseclib\Math\BigInteger;
/** /**
* Pure-PHP PKCS#1 compliant implementation of RSA. * Pure-PHP PKCS#1 compliant implementation of RSA.

4
phpseclib/Crypt/RSA/PKCS.php
View File

@ -14,10 +14,10 @@
namespace phpseclib\Crypt\RSA; namespace phpseclib\Crypt\RSA;
use phpseclib\Crypt\Base;
use phpseclib\Crypt\AES; use phpseclib\Crypt\AES;
use phpseclib\Crypt\TripleDES; use phpseclib\Crypt\Base;
use phpseclib\Crypt\DES; use phpseclib\Crypt\DES;
use phpseclib\Crypt\TripleDES;
use phpseclib\Math\BigInteger; use phpseclib\Math\BigInteger;
/** /**

7
phpseclib/Crypt/RSA/PKCS1.php
View File

@ -22,12 +22,11 @@
namespace phpseclib\Crypt\RSA; namespace phpseclib\Crypt\RSA;
use phpseclib\Math\BigInteger;
use phpseclib\Crypt\RSA\PKCS;
use phpseclib\Crypt\Random;
use phpseclib\Crypt\AES; use phpseclib\Crypt\AES;
use phpseclib\Crypt\TripleDES;
use phpseclib\Crypt\DES; use phpseclib\Crypt\DES;
use phpseclib\Crypt\Random;
use phpseclib\Crypt\TripleDES;
use phpseclib\Math\BigInteger;
/** /**
* PKCS#1 Formatted RSA Key Handler * PKCS#1 Formatted RSA Key Handler

5
phpseclib/Crypt/RSA/PKCS8.php
View File

@ -24,10 +24,9 @@
namespace phpseclib\Crypt\RSA; namespace phpseclib\Crypt\RSA;
use phpseclib\Math\BigInteger;
use phpseclib\Crypt\RSA\PKCS;
use phpseclib\Crypt\Random;
use phpseclib\Crypt\DES; use phpseclib\Crypt\DES;
use phpseclib\Crypt\Random;
use phpseclib\Math\BigInteger;
/** /**
* PKCS#8 Formatted RSA Key Handler * PKCS#8 Formatted RSA Key Handler

3
phpseclib/Crypt/RSA/PuTTY.php
View File

@ -14,10 +14,9 @@
namespace phpseclib\Crypt\RSA; namespace phpseclib\Crypt\RSA;
use phpseclib\Math\BigInteger;
use phpseclib\Crypt\AES; use phpseclib\Crypt\AES;
use phpseclib\Crypt\Hash; use phpseclib\Crypt\Hash;
use phpseclib\Crypt\RSA\OpenSSH; use phpseclib\Math\BigInteger;
/** /**
* PuTTY Formatted RSA Key Handler * PuTTY Formatted RSA Key Handler

54
phpseclib/Crypt/Random.php
View File

@ -24,14 +24,6 @@
namespace phpseclib\Crypt; namespace phpseclib\Crypt;
use phpseclib\Crypt\AES;
use phpseclib\Crypt\Base;
use phpseclib\Crypt\Blowfish;
use phpseclib\Crypt\DES;
use phpseclib\Crypt\RC4;
use phpseclib\Crypt\TripleDES;
use phpseclib\Crypt\Twofish;
/** /**
* Pure-PHP Random Number Generator * Pure-PHP Random Number Generator
* *
@ -149,13 +141,13 @@ class Random
session_start(); session_start();
$v = $seed = $_SESSION['seed'] = pack('H*', sha1( $v = $seed = $_SESSION['seed'] = pack('H*', sha1(
serialize($_SERVER) . (isset($_SERVER) ? self::safe_serialize($_SERVER) : '') .
serialize($_POST) . (isset($_POST) ? self::safe_serialize($_POST) : '') .
serialize($_GET) . (isset($_GET) ? self::safe_serialize($_GET) : '') .
serialize($_COOKIE) . (isset($_COOKIE) ? self::safe_serialize($_COOKIE) : '') .
serialize($GLOBALS) . self::safe_serialize($GLOBALS) .
serialize($_SESSION) . self::safe_serialize($_SESSION) .
serialize($_OLD_SESSION) self::safe_serialize($_OLD_SESSION)
)); ));
if (!isset($_SESSION['count'])) { if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0; $_SESSION['count'] = 0;
@ -240,4 +232,36 @@ class Random
} }
return substr($result, 0, $length); return substr($result, 0, $length);
} }
/**
* Safely serialize variables
*
* If a class has a private __sleep() it'll emit a warning
*
* @param mixed $arr
* @access public
*/
function safe_serialize(&$arr)
{
if (is_object($arr)) {
return '';
}
if (!is_array($arr)) {
return serialize($arr);
}
// prevent circular array recursion
if (isset($arr['__phpseclib_marker'])) {
return '';
}
$safearr = array();
$arr['__phpseclib_marker'] = true;
foreach (array_keys($arr) as $key) {
// do not recurse on the '__phpseclib_marker' key itself, for smaller memory usage
if ($key !== '__phpseclib_marker') {
$safearr[$key] = self::safe_serialize($arr[$key]);
}
}
unset($arr['__phpseclib_marker']);
return serialize($safearr);
}
} }

2
phpseclib/Crypt/Rijndael.php
View File

@ -54,8 +54,6 @@
namespace phpseclib\Crypt; namespace phpseclib\Crypt;
use phpseclib\Crypt\Base;
/** /**
* Pure-PHP implementation of Rijndael. * Pure-PHP implementation of Rijndael.
* *

3
phpseclib/Crypt/TripleDES.php
View File

@ -36,9 +36,6 @@
namespace phpseclib\Crypt; namespace phpseclib\Crypt;
use phpseclib\Crypt\Base;
use phpseclib\Crypt\DES;
/** /**
* Pure-PHP implementation of Triple DES. * Pure-PHP implementation of Triple DES.
* *

2
phpseclib/Crypt/Twofish.php
View File

@ -37,8 +37,6 @@
namespace phpseclib\Crypt; namespace phpseclib\Crypt;
use phpseclib\Crypt\Base;
/** /**
* Pure-PHP implementation of Twofish. * Pure-PHP implementation of Twofish.
* *

11
phpseclib/File/X509.php
View File

@ -27,12 +27,11 @@
namespace phpseclib\File; namespace phpseclib\File;
use phpseclib\Crypt\Hash; use phpseclib\Crypt\Hash;
use phpseclib\Crypt\RSA;
use phpseclib\Crypt\Random; use phpseclib\Crypt\Random;
use phpseclib\File\ASN1; use phpseclib\Crypt\RSA;
use phpseclib\Exception\UnsupportedAlgorithmException;
use phpseclib\File\ASN1\Element; use phpseclib\File\ASN1\Element;
use phpseclib\Math\BigInteger; use phpseclib\Math\BigInteger;
use phpseclib\Exception\UnsupportedAlgorithmException;
/** /**
* Pure-PHP X.509 Parser * Pure-PHP X.509 Parser
@ -2201,9 +2200,7 @@ class X509
*/ */
function _decodeIP($ip) function _decodeIP($ip)
{ {
$ip = base64_decode($ip); return inet_ntop(base64_decode($ip));
list(, $ip) = unpack('N', $ip);
return long2ip($ip);
} }
/** /**
@ -2217,7 +2214,7 @@ class X509
*/ */
function _encodeIP($ip) function _encodeIP($ip)
{ {
return base64_encode(pack('N', ip2long($ip))); return base64_encode(inet_pton($ip));
} }
/** /**

2
phpseclib/Net/SCP.php
View File

@ -32,8 +32,6 @@
namespace phpseclib\Net; namespace phpseclib\Net;
use phpseclib\Net\SSH1;
use phpseclib\Net\SSH2;
use phpseclib\Exception\FileNotFoundException; use phpseclib\Exception\FileNotFoundException;
/** /**

1
phpseclib/Net/SFTP.php
View File

@ -37,7 +37,6 @@
namespace phpseclib\Net; namespace phpseclib\Net;
use phpseclib\Net\SSH2;
use phpseclib\Exception\FileNotFoundException; use phpseclib\Exception\FileNotFoundException;
/** /**

1
phpseclib/Net/SSH1.php
View File

@ -1306,6 +1306,7 @@ class SSH1
/* /*
$rsa = new RSA(); $rsa = new RSA();
$rsa->load($key, 'raw'); $rsa->load($key, 'raw');
$rsa->setHash('sha1');
return $rsa->encrypt($m, RSA::PADDING_PKCS1); return $rsa->encrypt($m, RSA::PADDING_PKCS1);
*/ */

4
phpseclib/Net/SSH2.php
View File

@ -1171,7 +1171,7 @@ class SSH2
'diffie-hellman-group-exchange-sha1', // RFC 4419 'diffie-hellman-group-exchange-sha1', // RFC 4419
'diffie-hellman-group-exchange-sha256', // RFC 4419 'diffie-hellman-group-exchange-sha256', // RFC 4419
); );
if (!class_exists('\Sodium')) { if (!function_exists('\\Sodium\\library_version_major')) {
$kex_algorithms = array_diff( $kex_algorithms = array_diff(
$kex_algorithms, $kex_algorithms,
array('curve25519-sha256@libssh.org') array('curve25519-sha256@libssh.org')
@ -2310,6 +2310,7 @@ class SSH2
} }
$packet = $part1 . chr(1) . $part2; $packet = $part1 . chr(1) . $part2;
$privatekey->setHash('sha1');
$signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet), RSA::PADDING_PKCS1); $signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet), RSA::PADDING_PKCS1);
$signature = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($signature), $signature); $signature = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($signature), $signature);
$packet.= pack('Na*', strlen($signature), $signature); $packet.= pack('Na*', strlen($signature), $signature);
@ -4058,6 +4059,7 @@ class SSH2
$rsa = new RSA(); $rsa = new RSA();
$rsa->load(array('e' => $e, 'n' => $n), 'raw'); $rsa->load(array('e' => $e, 'n' => $n), 'raw');
$rsa->setHash('sha1');
if (!$rsa->verify($this->exchange_hash, $signature, RSA::PADDING_PKCS1)) { if (!$rsa->verify($this->exchange_hash, $signature, RSA::PADDING_PKCS1)) {
//user_error('Bad server signature'); //user_error('Bad server signature');
return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE); return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);

2
phpseclib/System/SSH/Agent.php
View File

@ -34,8 +34,8 @@
namespace phpseclib\System\SSH; namespace phpseclib\System\SSH;
use phpseclib\Crypt\RSA; use phpseclib\Crypt\RSA;
use phpseclib\System\SSH\Agent\Identity;
use phpseclib\Exception\BadConfigurationException; use phpseclib\Exception\BadConfigurationException;
use phpseclib\System\SSH\Agent\Identity;
/** /**
* Pure-PHP ssh-agent client identity factory * Pure-PHP ssh-agent client identity factory

20
phpseclib/System/SSH/Agent/Identity.php
View File

@ -15,9 +15,9 @@
namespace phpseclib\System\SSH\Agent; namespace phpseclib\System\SSH\Agent;
use phpseclib\System\SSH\Agent;
use phpseclib\Crypt\RSA; use phpseclib\Crypt\RSA;
use phpseclib\Exception\UnsupportedAlgorithmException; use phpseclib\Exception\UnsupportedAlgorithmException;
use phpseclib\System\SSH\Agent;
/** /**
* Pure-PHP ssh-agent client identity object * Pure-PHP ssh-agent client identity object
@ -115,6 +115,22 @@ class Identity
return $this->key->getPublicKey($type); return $this->key->getPublicKey($type);
} }
/**
* Sets the hash
*
* ssh-agent only supports signatures with sha1 hashes but to maintain BC with RSA.php this function exists
*
* @param string $hash optional
* @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported
* @access public
*/
function setHash($hash = 'sha1')
{
if ($hash != 'sha1') {
throw new UnsupportedAlgorithmException('ssh-agent can only be used with the sha1 hash');
}
}
/** /**
* Create a signature * Create a signature
* *
@ -130,7 +146,7 @@ class Identity
function sign($message, $padding = RSA::PADDING_PKCS1) function sign($message, $padding = RSA::PADDING_PKCS1)
{ {
if ($padding != RSA::PADDING_PKCS1 && $padding != RSA::PADDING_RELAXED_PKCS1) { if ($padding != RSA::PADDING_PKCS1 && $padding != RSA::PADDING_RELAXED_PKCS1) {
throw new \UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures'); throw new UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures');
} }
// the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE // the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE

16
tests/Unit/Crypt/AES/TestCase.php
View File

@ -382,4 +382,20 @@ abstract class Unit_Crypt_AES_TestCase extends PhpseclibTestCase
$this->assertSame($ciphertext, 'fd4250c0d234aa7e1aa592820aa8406b'); $this->assertSame($ciphertext, 'fd4250c0d234aa7e1aa592820aa8406b');
$this->assertSame($aes->getKeyLength(), 256); $this->assertSame($aes->getKeyLength(), 256);
} }
/**
* @group github938
*/
public function testContinuousBuffer()
{
$aes = new AES();
$aes->disablePadding();
$aes->enableContinuousBuffer();
$aes->setIV(pack('H*', '0457bdb4a6712986688349a29eb82535'));
$aes->setKey(pack('H*', '00d596e2c8189b2592fac358e7396ad2'));
$aes->decrypt(pack('H*', '9aa234ea7c750a8109a0f32d768b964e'));
$plaintext = $aes->decrypt(pack('H*', '0457bdb4a6712986688349a29eb82535'));
$expected = pack('H*', '6572617574689e1be8d2d8d43c594cf3');
$this->assertSame($plaintext, $expected);
}
} }

35
tests/Unit/File/X509/X509Test.php
View File

@ -225,4 +225,39 @@ aBtsWpliLSex/HHhtRW9AkBGcq67zKmEpJ9kXcYLEjJii3flFS+Ct/rNm+Hhm1l7
$this->assertEquals($x509->getOID('id-sha256'), '2.16.840.1.101.3.4.2.1'); $this->assertEquals($x509->getOID('id-sha256'), '2.16.840.1.101.3.4.2.1');
$this->assertEquals($x509->getOID('zzz'), 'zzz'); $this->assertEquals($x509->getOID('zzz'), 'zzz');
} }
public function testIPAddressSubjectAltNamesDecoding()
{
$test = '-----BEGIN CERTIFICATE-----
MIIEcTCCAlmgAwIBAgIBDjANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBQuU2Vj
dXJlIElzc3VpbmcgQ0EgMTAeFw0xNjAxMjUyMzIwMjZaFw0yMTAxMjYyMzIwMjZa
MBoxGDAWBgNVBAMMDzIwNC4xNTIuMjAwLjI1MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM9lMPiYQ26L5qXR1rlUXM0Z3DeRhDsJ/9NadLFJnvxKCV5L
M9rlrThpK6V5VbgPgEwKVLXGtJoGSEUkLd4roJ25ZTH08GcYszWyp8nLPQRovYnN
+aeE1aefnHcpt524f0Es9NFXh0uwRWV3ZCWSwN+mo9Qo6507KZq+q34if7/q9+De
O5RJumVQWc9OCjCt6pQBnBua9oCAca+SIHftOdgWXqVw+Xvl6/dLeF70jJD43P00
+bdAnGDgBdgO+p+K+XrOCaCWMcCsRX5xiK4hUG54UM5ayBST+McyfjsKxpO2djPg
FlSL0RLg+Nj8WehANUUuaNU874Pp3FV5GTI0ZbUCAwEAAaOBvDCBuTAMBgNVHRMB
Af8EAjAAMAsGA1UdDwQEAwIF4DATBgNVHSUEDDAKBggrBgEFBQcDATAhBgNVHREE
GjAYhwTMmMj6hxAgAQRw8wkACQAAAAAAAAADMEMGA1UdHwQ8MDowOKA2oDSGMmh0
dHA6Ly9jcmwuc2VjdXJlb2JzY3VyZS5jb20vP2FjdGlvbj1jcmwmY2E9aXNzdWUx
MB8GA1UdIwQYMBaAFOJWVCX4poZSBzemgihf9dAhFNHJMA0GCSqGSIb3DQEBCwUA
A4ICAQAce9whx4InRtzk1to6oeRxTCbeNDjNFuTkotphSws4hDoaz3nyFLSYyMT4
aKFnNP9AmMS5nEXphtP4HP9wAluTcAFMuip0rDJjiRA/khIE27KurO6cg1faFWHl
6lh6xnEf9UFZZzTLsXt2miBiMb8olgPrBuVFWjPZ/ConesJRZRFqMd5mfntXC+2V
zRcXdtwp9h/Am/WuvjsG/gBAPdeRNKffCokIcgfvffd2oklSDD0T9baG2MTgaxnX
oG6e5saWjoN8bLWuCJpvjA7aErXQwXUyXx1nrTWQ1TCR2N+M62X7e07jZLKSAECP
v6SqZ9/LDmCacVQbfg4wDC/gbpjDSKaD5fkusH6leXleWQ7X8Z03LsKvVq43a71z
jO61kkiFAh3CegWsY+TSYjZxDq58xGMiE7y/fK+SHQXDLyY7HU4eky2l3DSy8bXQ
p64vTJ/OmAcXVNUASfBCNw0kpxuFjlxers/+6zheowB1RIKo0xvSRC4cEDRl/jFA
b7WUT/MIe6B1r0v1gxHnFG2bFI/MhTT9V+tICOLo7+69z4jf/OFkzjYvqq2QWPgc
sE3f2TNnmKFRJx67bEMoaaWLIR94Yuq/TWB6dTiWwk9meZkGG3OjQg/YbO6vl/Am
NDEuGt30Vl2de7G1glnhaceB6Q9KfH7p2gAwNP9JMTtx3PtEcA==
-----END CERTIFICATE-----';
$x509 = new X509();
$cert = $x509->loadX509($test);
$this->assertEquals($cert['tbsCertificate']['extensions'][3]['extnValue'][0]['iPAddress'], '204.152.200.250');
$this->assertEquals($cert['tbsCertificate']['extensions'][3]['extnValue'][1]['iPAddress'], '2001:470:f309:9::3');
}
} }