octoleo/phpseclib
1
0
Fork 0
mirror of https://github.com/phpseclib/phpseclib.git synced 2025-01-13 02:01:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

SSH2: more strictly adhere to RFC8332 for rsa-sha2-256/512

Browse Source
This commit is contained in:
terrafrost 2019-01-15 23:41:49 -06:00
parent a9c0e2d430
commit 055d6097af
1 changed files with 17 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
phpseclib/Net/SSH2.php
View File

@ -2687,6 +2687,21 @@ class Net_SSH2
$publickey['n'] $publickey['n']
); );
switch ($this->signature_format) {
case 'rsa-sha2-512':
$hash = 'sha512';
$signatureType = 'rsa-sha2-512';
break;
case 'rsa-sha2-256':
$hash = 'sha256';
$signatureType = 'rsa-sha2-256';
break;
//case 'ssh-rsa':
default:
$hash = 'sha1';
$signatureType = 'ssh-rsa';
}
$part1 = pack( $part1 = pack(
'CNa*Na*Na*', 'CNa*Na*Na*',
NET_SSH2_MSG_USERAUTH_REQUEST, NET_SSH2_MSG_USERAUTH_REQUEST,
@ -2697,7 +2712,7 @@ class Net_SSH2
strlen('publickey'), strlen('publickey'),
'publickey' 'publickey'
); );
$part2 = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($publickey), $publickey); $part2 = pack('Na*Na*', strlen($signatureType), $signatureType, strlen($publickey), $publickey);
$packet = $part1 . chr(0) . $part2; $packet = $part1 . chr(0) . $part2;
if (!$this->_send_binary_packet($packet)) { if (!$this->_send_binary_packet($packet)) {
@ -2738,23 +2753,9 @@ class Net_SSH2
$packet = $part1 . chr(1) . $part2; $packet = $part1 . chr(1) . $part2;
$privatekey->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); $privatekey->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
switch ($this->signature_format) {
case 'rsa-sha2-512':
$hash = 'sha512';
$type = 'rsa-sha2-512';
break;
case 'rsa-sha2-256':
$hash = 'sha256';
$type = 'rsa-sha2-256';
break;
//case 'ssh-rsa':
default:
$hash = 'sha1';
$type = 'ssh-rsa';
}
$privatekey->setHash($hash); $privatekey->setHash($hash);
$signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet)); $signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet));
$signature = pack('Na*Na*', strlen($type), $type, strlen($signature), $signature); $signature = pack('Na*Na*', strlen($signatureType), $signatureType, strlen($signature), $signature);
$packet.= pack('Na*', strlen($signature), $signature); $packet.= pack('Na*', strlen($signature), $signature);
if (!$this->_send_binary_packet($packet)) { if (!$this->_send_binary_packet($packet)) {