octoleo
/
phpseclib
mirror of https://github.com/phpseclib/phpseclib.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use paragonie/constant_time_encoding

This commit is contained in:
Paragon Initiative Enterprises 2016-05-12 16:28:40 -04:00
parent a2130ff111
commit 0e8fa93676
19 changed files with 219 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
composer.json
View File

@ -51,6 +51,7 @@
}
],
"require": {
"paragonie/constant_time_encoding": "^1|^2",
"paragonie/random_compat": "^1.4|^2.0",
"php": ">=5.3.3"
},

131
composer.lock generated
View File

@ -4,9 +4,71 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "deb73cf7e6004dbc2550a38c4082df2d",
"content-hash": "39f9dd8d2c209ff69eebbb83e367257e",
"hash": "b54600d5b96647f1c6f4db8b67f9dd49",
"content-hash": "bbcd086ca303cc52841266906eb6e174",
"packages": [
{
"name": "paragonie/constant_time_encoding",
"version": "v1.0.0",
"source": {
"type": "git",
"url": "https://github.com/paragonie/constant_time_encoding.git",
"reference": "fdb1e311153233315e0f7699711e3845d81ed00f"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/constant_time_encoding/zipball/fdb1e311153233315e0f7699711e3845d81ed00f",
"reference": "fdb1e311153233315e0f7699711e3845d81ed00f",
"shasum": ""
},
"require": {
"php": "^5.3|^7"
},
"require-dev": {
"paragonie/random_compat": "^1.4|^2.0",
"phpunit/phpunit": "4.*|5.*"
},
"type": "library",
"autoload": {
"psr-4": {
"ParagonIE\\ConstantTime\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "security@paragonie.com",
"homepage": "https://paragonie.com",
"role": "Maintainer"
},
{
"name": "Steve 'Sc00bz' Thomas",
"email": "steve@tobtu.com",
"homepage": "https://www.tobtu.com",
"role": "Original Developer"
}
],
"description": "Constant-time Implementations of RFC 4648 Encoding (Base-64, Base-32, Base-16)",
"keywords": [
"base16",
"base32",
"base32_decode",
"base32_encode",
"base64",
"base64_decode",
"base64_encode",
"bin2hex",
"encoding",
"hex",
"hex2bin",
"rfc4648"
],
"time": "2016-04-08 16:58:39"
},
{
"name": "paragonie/random_compat",
"version": "v2.0.2",
@ -561,21 +623,24 @@
},
{
"name": "phpunit/php-timer",
"version": "1.0.7",
"version": "1.0.8",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/php-timer.git",
"reference": "3e82f4e9fc92665fafd9157568e4dcb01d014e5b"
"reference": "38e9124049cf1a164f1e4537caf19c99bf1eb260"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/3e82f4e9fc92665fafd9157568e4dcb01d014e5b",
"reference": "3e82f4e9fc92665fafd9157568e4dcb01d014e5b",
"url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/38e9124049cf1a164f1e4537caf19c99bf1eb260",
"reference": "38e9124049cf1a164f1e4537caf19c99bf1eb260",
"shasum": ""
},
"require": {
"php": ">=5.3.3"
},
"require-dev": {
"phpunit/phpunit": "~4|~5"
},
"type": "library",
"autoload": {
"classmap": [
@ -598,7 +663,7 @@
"keywords": [
"timer"
],
"time": "2015-06-21 08:01:12"
"time": "2016-05-12 18:03:57"
},
{
"name": "phpunit/php-token-stream",
@ -998,16 +1063,16 @@
},
{
"name": "sebastian/environment",
"version": "1.3.5",
"version": "1.3.6",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/environment.git",
"reference": "dc7a29032cf72b54f36dac15a1ca5b3a1b6029bf"
"reference": "2292b116f43c272ff4328083096114f84ea46a56"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/environment/zipball/dc7a29032cf72b54f36dac15a1ca5b3a1b6029bf",
"reference": "dc7a29032cf72b54f36dac15a1ca5b3a1b6029bf",
"url": "https://api.github.com/repos/sebastianbergmann/environment/zipball/2292b116f43c272ff4328083096114f84ea46a56",
"reference": "2292b116f43c272ff4328083096114f84ea46a56",
"shasum": ""
},
"require": {
@ -1044,7 +1109,7 @@
"environment",
"hhvm"
],
"time": "2016-02-26 18:40:46"
"time": "2016-05-04 07:59:13"
},
{
"name": "sebastian/exporter",
@ -1331,16 +1396,16 @@
},
{
"name": "symfony/console",
"version": "v2.8.4",
"version": "v2.8.6",
"source": {
"type": "git",
"url": "https://github.com/symfony/console.git",
"reference": "9a5aef5fc0d4eff86853d44202b02be8d5a20154"
"reference": "48221d3de4dc22d2cd57c97e8b9361821da86609"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/console/zipball/9a5aef5fc0d4eff86853d44202b02be8d5a20154",
"reference": "9a5aef5fc0d4eff86853d44202b02be8d5a20154",
"url": "https://api.github.com/repos/symfony/console/zipball/48221d3de4dc22d2cd57c97e8b9361821da86609",
"reference": "48221d3de4dc22d2cd57c97e8b9361821da86609",
"shasum": ""
},
"require": {
@ -1387,20 +1452,20 @@
],
"description": "Symfony Console Component",
"homepage": "https://symfony.com",
"time": "2016-03-17 09:19:04"
"time": "2016-04-26 12:00:47"
},
{
"name": "symfony/filesystem",
"version": "v2.8.4",
"version": "v2.8.6",
"source": {
"type": "git",
"url": "https://github.com/symfony/filesystem.git",
"reference": "f08ffdf229252cd2745558cb2112df43903bcae4"
"reference": "dee379131dceed90a429e951546b33edfe7dccbb"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/filesystem/zipball/f08ffdf229252cd2745558cb2112df43903bcae4",
"reference": "f08ffdf229252cd2745558cb2112df43903bcae4",
"url": "https://api.github.com/repos/symfony/filesystem/zipball/dee379131dceed90a429e951546b33edfe7dccbb",
"reference": "dee379131dceed90a429e951546b33edfe7dccbb",
"shasum": ""
},
"require": {
@ -1436,11 +1501,11 @@
],
"description": "Symfony Filesystem Component",
"homepage": "https://symfony.com",
"time": "2016-03-27 10:20:16"
"time": "2016-04-12 18:01:21"
},
{
"name": "symfony/finder",
"version": "v2.8.4",
"version": "v2.8.6",
"source": {
"type": "git",
"url": "https://github.com/symfony/finder.git",
@ -1548,16 +1613,16 @@
},
{
"name": "symfony/process",
"version": "v2.8.4",
"version": "v2.8.6",
"source": {
"type": "git",
"url": "https://github.com/symfony/process.git",
"reference": "fb467471952ef5cf8497c029980e556b47545333"
"reference": "1276bd9be89be039748cf753a2137f4ef149cd74"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/process/zipball/fb467471952ef5cf8497c029980e556b47545333",
"reference": "fb467471952ef5cf8497c029980e556b47545333",
"url": "https://api.github.com/repos/symfony/process/zipball/1276bd9be89be039748cf753a2137f4ef149cd74",
"reference": "1276bd9be89be039748cf753a2137f4ef149cd74",
"shasum": ""
},
"require": {
@ -1593,20 +1658,20 @@
],
"description": "Symfony Process Component",
"homepage": "https://symfony.com",
"time": "2016-03-23 13:11:46"
"time": "2016-04-14 15:22:22"
},
{
"name": "symfony/yaml",
"version": "v2.8.4",
"version": "v2.8.6",
"source": {
"type": "git",
"url": "https://github.com/symfony/yaml.git",
"reference": "584e52cb8f788a887553ba82db6caacb1d6260bb"
"reference": "e4fbcc65f90909c999ac3b4dfa699ee6563a9940"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/yaml/zipball/584e52cb8f788a887553ba82db6caacb1d6260bb",
"reference": "584e52cb8f788a887553ba82db6caacb1d6260bb",
"url": "https://api.github.com/repos/symfony/yaml/zipball/e4fbcc65f90909c999ac3b4dfa699ee6563a9940",
"reference": "e4fbcc65f90909c999ac3b4dfa699ee6563a9940",
"shasum": ""
},
"require": {
@ -1642,7 +1707,7 @@
],
"description": "Symfony Yaml Component",
"homepage": "https://symfony.com",
"time": "2016-03-04 07:54:35"
"time": "2016-03-29 19:00:15"
},
{
"name": "twig/twig",

5
phpseclib/Crypt/Base.php
View File

@ -35,6 +35,7 @@
*/
namespace phpseclib\Crypt;
use ParagonIE\ConstantTime\Hex;
/**
* Base Class for all \phpseclib\Crypt\* cipher classes
@ -2578,10 +2579,10 @@ abstract class Base
$len = strlen($bytes);
for ($i = 0; $i < $len; $i+=20) {
$t = substr($bytes, $i, 20);
$hash = pack('H*', sha1($hash));
$hash = Hex::decode($hash);
$result .= $t ^ $hash;
}
return $result . pack('H*', sha1($hash));
return $result . Hex::decode(sha1($hash));
}
}
}

24
phpseclib/Crypt/RSA.php
View File

@ -45,6 +45,8 @@
namespace phpseclib\Crypt;
use ParagonIE\ConstantTime\Base64;
use ParagonIE\ConstantTime\Hex;
use phpseclib\File\ASN1;
use phpseclib\Math\BigInteger;
@ -1033,7 +1035,7 @@ class RSA
switch ($algorithm) {
case 'sha256':
$hash = new Hash('sha256');
$base = base64_encode($hash->hash($RSAPublicKey));
$base = Base64::encode($hash->hash($RSAPublicKey));
return substr($base, 0, strlen($base) - 1);
case 'md5':
return substr(chunk_split(md5($RSAPublicKey), 2, ':'), 0, -1);
@ -1951,32 +1953,32 @@ class RSA
// see http://tools.ietf.org/html/rfc3447#page-43
switch ($this->hashName) {
case 'md2':
$t = pack('H*', '3020300c06082a864886f70d020205000410');
$t = Hex::decode('3020300c06082a864886f70d020205000410');
break;
case 'md5':
$t = pack('H*', '3020300c06082a864886f70d020505000410');
$t = Hex::decode('3020300c06082a864886f70d020505000410');
break;
case 'sha1':
$t = pack('H*', '3021300906052b0e03021a05000414');
$t = Hex::decode('3021300906052b0e03021a05000414');
break;
case 'sha256':
$t = pack('H*', '3031300d060960864801650304020105000420');
$t = Hex::decode('3031300d060960864801650304020105000420');
break;
case 'sha384':
$t = pack('H*', '3041300d060960864801650304020205000430');
$t = Hex::decode('3041300d060960864801650304020205000430');
break;
case 'sha512':
$t = pack('H*', '3051300d060960864801650304020305000440');
$t = Hex::decode('3051300d060960864801650304020305000440');
break;
// from https://www.emc.com/collateral/white-papers/h11300-pkcs-1v2-2-rsa-cryptography-standard-wp.pdf#page=40
case 'sha224':
$t = pack('H*', '302d300d06096086480165030402040500041c');
$t = Hex::decode('302d300d06096086480165030402040500041c');
break;
case 'sha512/224':
$t = pack('H*', '302d300d06096086480165030402050500041c');
$t = Hex::decode('302d300d06096086480165030402050500041c');
break;
case 'sha512/256':
$t = pack('H*', '3031300d060960864801650304020605000420');
$t = Hex::decode('3031300d060960864801650304020605000420');
}
$t.= $h;
$tLen = strlen($t);
@ -2166,7 +2168,7 @@ class RSA
$hash = new Hash($decoded['digestAlgorithm']['algorithm']);
$em = $hash->hash($m);
$em2 = base64_decode($decoded['digest']);
$em2 = Base64::decode($decoded['digest']);
return $this->_equals($em, $em2);
}

8
phpseclib/Crypt/RSA/MSBLOB.php
View File

@ -18,6 +18,8 @@
namespace phpseclib\Crypt\RSA;
use ParagonIE\ConstantTime\Base64;
use ParagonIE\ConstantTime\Binary;
use phpseclib\Math\BigInteger;
/**
@ -76,7 +78,7 @@ class MSBLOB
return false;
}
$key = base64_decode($key);
$key = Base64::decode($key);
if (!is_string($key) || strlen($key) < 20) {
return false;
@ -182,7 +184,7 @@ class MSBLOB
$key.= strrev($coefficients[1]->toBytes());
$key.= strrev($d->toBytes());
return base64_encode($key);
return Base64::encode($key);
}
/**
@ -201,7 +203,7 @@ class MSBLOB
$key.= pack('VVa*', self::RSA1, 8 * strlen($n), $e);
$key.= $n;
return base64_encode($key);
return Base64::encode($key);
}
/**

5
phpseclib/Crypt/RSA/OpenSSH.php
View File

@ -16,6 +16,7 @@
namespace phpseclib\Crypt\RSA;
use ParagonIE\ConstantTime\Base64;
use phpseclib\Math\BigInteger;
/**
@ -62,7 +63,7 @@ class OpenSSH
$parts = explode(' ', $key, 3);
$key = isset($parts[1]) ? base64_decode($parts[1]) : base64_decode($parts[0]);
$key = isset($parts[1]) ? Base64::decode($parts[1]) : Base64::decode($parts[0]);
if ($key === false) {
return false;
}
@ -116,7 +117,7 @@ class OpenSSH
// mpint e
// mpint n
$RSAPublicKey = pack('Na*Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($publicExponent), $publicExponent, strlen($modulus), $modulus);
$RSAPublicKey = 'ssh-rsa ' . base64_encode($RSAPublicKey) . ' ' . self::$comment;
$RSAPublicKey = 'ssh-rsa ' . Base64::encode($RSAPublicKey) . ' ' . self::$comment;
return $RSAPublicKey;
}

8
phpseclib/Crypt/RSA/PKCS.php
View File

@ -14,6 +14,8 @@
namespace phpseclib\Crypt\RSA;
use ParagonIE\ConstantTime\Base64;
use ParagonIE\ConstantTime\Hex;
use phpseclib\Crypt\AES;
use phpseclib\Crypt\Base;
use phpseclib\Crypt\DES;
@ -144,7 +146,7 @@ abstract class PKCS
$symkey = '';
$iv = substr($iv, 0, 8);
while (strlen($symkey) < $length) {
$symkey.= pack('H*', md5($symkey . $password . $iv));
$symkey.= Hex::decode(md5($symkey . $password . $iv));
}
return substr($symkey, 0, $length);
}
@ -181,7 +183,7 @@ abstract class PKCS
* OpenSSL is the de facto standard. It's utilized by OpenSSH and other projects */
if (preg_match('#DEK-Info: (.+),(.+)#', $key, $matches)) {
$iv = pack('H*', trim($matches[2]));
$iv = Hex::decode(trim($matches[2]));
// remove the Proc-Type / DEK-Info sections as they're no longer needed
$key = preg_replace('#^(?:Proc-Type|DEK-Info): .*#m', '', $key);
$ciphertext = self::_extractBER($key);
@ -479,7 +481,7 @@ abstract class PKCS
$temp = preg_replace('#-+[^-]+-+#', '', $temp);
// remove new lines
$temp = str_replace(array("\r", "\n", ' '), '', $temp);
$temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) : false;
$temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? Base64::decode($temp) : false;
return $temp != false ? $temp : $str;
}
}

11
phpseclib/Crypt/RSA/PKCS1.php
View File

@ -22,7 +22,10 @@
namespace phpseclib\Crypt\RSA;
use ParagonIE\ConstantTime\Base64;
use ParagonIE\ConstantTime\Hex;
use phpseclib\Crypt\AES;
use phpseclib\Crypt\Base;
use phpseclib\Crypt\DES;
use phpseclib\Crypt\Random;
use phpseclib\Crypt\TripleDES;
@ -116,16 +119,16 @@ class PKCS1 extends PKCS
$iv = Random::string($cipher->getBlockLength() >> 3);
$cipher->setKey(self::generateSymmetricKey($password, $iv, $cipher->getKeyLength() >> 3));
$cipher->setIV($iv);
$iv = strtoupper(bin2hex($iv));
$iv = strtoupper(Hex::encode($iv));
$RSAPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\r\n" .
"Proc-Type: 4,ENCRYPTED\r\n" .
"DEK-Info: " . self::$defaultEncryptionAlgorithm . ",$iv\r\n" .
"\r\n" .
chunk_split(base64_encode($cipher->encrypt($RSAPrivateKey)), 64) .
chunk_split(Base64::encode($cipher->encrypt($RSAPrivateKey)), 64) .
'-----END RSA PRIVATE KEY-----';
} else {
$RSAPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\r\n" .
chunk_split(base64_encode($RSAPrivateKey), 64) .
chunk_split(Base64::encode($RSAPrivateKey), 64) .
'-----END RSA PRIVATE KEY-----';
}
@ -164,7 +167,7 @@ class PKCS1 extends PKCS
);
$RSAPublicKey = "-----BEGIN RSA PUBLIC KEY-----\r\n" .
chunk_split(base64_encode($RSAPublicKey), 64) .
chunk_split(Base64::encode($RSAPublicKey), 64) .
'-----END RSA PUBLIC KEY-----';
return $RSAPublicKey;

12
phpseclib/Crypt/RSA/PKCS8.php
View File

@ -24,6 +24,8 @@
namespace phpseclib\Crypt\RSA;
use ParagonIE\ConstantTime\Base64;
use ParagonIE\ConstantTime\Hex;
use phpseclib\Crypt\DES;
use phpseclib\Crypt\Random;
use phpseclib\Math\BigInteger;
@ -92,7 +94,7 @@ class PKCS8 extends PKCS
$RSAPrivateKey = pack('Ca*a*', self::ASN1_SEQUENCE, self::_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey);
$rsaOID = pack('H*', '300d06092a864886f70d0101010500'); // hex version of MA0GCSqGSIb3DQEBAQUA
$rsaOID = Hex::decode('300d06092a864886f70d0101010500'); // hex version of MA0GCSqGSIb3DQEBAQUA
$RSAPrivateKey = pack(
'Ca*a*Ca*a*',
self::ASN1_INTEGER,
@ -145,11 +147,11 @@ class PKCS8 extends PKCS
$RSAPrivateKey = pack('Ca*a*', self::ASN1_SEQUENCE, self::_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey);
$RSAPrivateKey = "-----BEGIN ENCRYPTED PRIVATE KEY-----\r\n" .
chunk_split(base64_encode($RSAPrivateKey), 64) .
chunk_split(Base64::encode($RSAPrivateKey), 64) .
'-----END ENCRYPTED PRIVATE KEY-----';
} else {
$RSAPrivateKey = "-----BEGIN PRIVATE KEY-----\r\n" .
chunk_split(base64_encode($RSAPrivateKey), 64) .
chunk_split(Base64::encode($RSAPrivateKey), 64) .
'-----END PRIVATE KEY-----';
}
@ -188,7 +190,7 @@ class PKCS8 extends PKCS
);
// sequence(oid(1.2.840.113549.1.1.1), null)) = rsaEncryption.
$rsaOID = pack('H*', '300d06092a864886f70d0101010500'); // hex version of MA0GCSqGSIb3DQEBAQUA
$rsaOID = Hex::decode('300d06092a864886f70d0101010500'); // hex version of MA0GCSqGSIb3DQEBAQUA
$RSAPublicKey = chr(0) . $RSAPublicKey;
$RSAPublicKey = chr(3) . self::_encodeLength(strlen($RSAPublicKey)) . $RSAPublicKey;
@ -200,7 +202,7 @@ class PKCS8 extends PKCS
);
$RSAPublicKey = "-----BEGIN PUBLIC KEY-----\r\n" .
chunk_split(base64_encode($RSAPublicKey), 64) .
chunk_split(Base64::encode($RSAPublicKey), 64) .
'-----END PUBLIC KEY-----';
return $RSAPublicKey;

18
phpseclib/Crypt/RSA/PuTTY.php
View File

@ -14,6 +14,8 @@
namespace phpseclib\Crypt\RSA;
use ParagonIE\ConstantTime\Base64;
use ParagonIE\ConstantTime\Hex;
use phpseclib\Crypt\AES;
use phpseclib\Crypt\Hash;
use phpseclib\Math\BigInteger;
@ -61,7 +63,7 @@ class PuTTY
$sequence = 0;
while (strlen($symkey) < $length) {
$temp = pack('Na*', $sequence++, $password);
$symkey.= pack('H*', sha1($temp));
$symkey.= Hex::decode(sha1($temp));
}
return substr($symkey, 0, $length);
}
@ -113,7 +115,7 @@ class PuTTY
$components['comment'] = trim(preg_replace('#Comment: (.+)#', '$1', $key[2]));
$publicLength = trim(preg_replace('#Public-Lines: (\d+)#', '$1', $key[3]));
$public = base64_decode(implode('', array_map('trim', array_slice($key, 4, $publicLength))));
$public = Base64::decode(implode('', array_map('trim', array_slice($key, 4, $publicLength))));
$public = substr($public, 11);
extract(unpack('Nlength', self::_string_shift($public, 4)));
$components['publicExponent'] = new BigInteger(self::_string_shift($public, $length), -256);
@ -121,7 +123,7 @@ class PuTTY
$components['modulus'] = new BigInteger(self::_string_shift($public, $length), -256);
$privateLength = trim(preg_replace('#Private-Lines: (\d+)#', '$1', $key[$publicLength + 4]));
$private = base64_decode(implode('', array_map('trim', array_slice($key, $publicLength + 5, $privateLength))));
$private = Base64::decode(implode('', array_map('trim', array_slice($key, $publicLength + 5, $privateLength))));
switch ($encryption) {
case 'aes256-cbc':
@ -240,7 +242,7 @@ class PuTTY
strlen($public),
$public
);
$public = base64_encode($public);
$public = Base64::encode($public);
$key.= "Public-Lines: " . ((strlen($public) + 63) >> 6) . "\r\n";
$key.= chunk_split($public, 64);
$private = pack(
@ -269,12 +271,12 @@ class PuTTY
$hashkey = 'putty-private-key-file-mac-key' . $password;
}
$private = base64_encode($private);
$private = Base64::encode($private);
$key.= 'Private-Lines: ' . ((strlen($private) + 63) >> 6) . "\r\n";
$key.= chunk_split($private, 64);
$hash = new Hash('sha1');
$hash->setKey(pack('H*', sha1($hashkey)));
$key.= 'Private-MAC: ' . bin2hex($hash->hash($source)) . "\r\n";
$hash->setKey(Hex::decode(sha1($hashkey)));
$key.= 'Private-MAC: ' . Hex::encode($hash->hash($source)) . "\r\n";
return $key;
}
@ -303,7 +305,7 @@ class PuTTY
);
$key = "---- BEGIN SSH2 PUBLIC KEY ----\r\n" .
'Comment: "' . str_replace(array('\\', '"'), array('\\\\', '\"'), self::$comment) . "\"\r\n";
chunk_split(base64_encode($key), 64) .
chunk_split(Base64::encode($key), 64) .
'---- END SSH2 PUBLIC KEY ----';
return $key;

23
phpseclib/Crypt/RSA/XML.php
View File

@ -19,6 +19,7 @@
namespace phpseclib\Crypt\RSA;
use ParagonIE\ConstantTime\Base64;
use phpseclib\Math\BigInteger;
/**
@ -65,7 +66,7 @@ class XML
if (!$temp->length) {
continue;
}
$value = new BigInteger(base64_decode($temp->item(0)->nodeValue), 256);
$value = new BigInteger(Base64::decode($temp->item(0)->nodeValue), 256);
switch ($key) {
case 'modulus':
$components['modulus'] = $value;
@ -117,14 +118,14 @@ class XML
return false;
}
return "<RSAKeyValue>\r\n" .
' <Modulus>' . base64_encode($n->toBytes()) . "</Modulus>\r\n" .
' <Exponent>' . base64_encode($e->toBytes()) . "</Exponent>\r\n" .
' <P>' . base64_encode($primes[1]->toBytes()) . "</P>\r\n" .
' <Q>' . base64_encode($primes[2]->toBytes()) . "</Q>\r\n" .
' <DP>' . base64_encode($exponents[1]->toBytes()) . "</DP>\r\n" .
' <DQ>' . base64_encode($exponents[2]->toBytes()) . "</DQ>\r\n" .
' <InverseQ>' . base64_encode($coefficients[2]->toBytes()) . "</InverseQ>\r\n" .
' <D>' . base64_encode($d->toBytes()) . "</D>\r\n" .
' <Modulus>' . Base64::encode($n->toBytes()) . "</Modulus>\r\n" .
' <Exponent>' . Base64::encode($e->toBytes()) . "</Exponent>\r\n" .
' <P>' . Base64::encode($primes[1]->toBytes()) . "</P>\r\n" .
' <Q>' . Base64::encode($primes[2]->toBytes()) . "</Q>\r\n" .
' <DP>' . Base64::encode($exponents[1]->toBytes()) . "</DP>\r\n" .
' <DQ>' . Base64::encode($exponents[2]->toBytes()) . "</DQ>\r\n" .
' <InverseQ>' . Base64::encode($coefficients[2]->toBytes()) . "</InverseQ>\r\n" .
' <D>' . Base64::encode($d->toBytes()) . "</D>\r\n" .
'</RSAKeyValue>';
}
@ -139,8 +140,8 @@ class XML
static function savePublicKey(BigInteger $n, BigInteger $e)
{
return "<RSAKeyValue>\r\n" .
' <Modulus>' . base64_encode($n->toBytes()) . "</Modulus>\r\n" .
' <Exponent>' . base64_encode($e->toBytes()) . "</Exponent>\r\n" .
' <Modulus>' . Base64::encode($n->toBytes()) . "</Modulus>\r\n" .
' <Exponent>' . Base64::encode($e->toBytes()) . "</Exponent>\r\n" .
'</RSAKeyValue>';
}
}

9
phpseclib/Crypt/Random.php
View File

@ -24,6 +24,9 @@
namespace phpseclib\Crypt;
use ParagonIE\ConstantTime\Base64;
use ParagonIE\ConstantTime\Hex;
/**
* Pure-PHP Random Number Generator
*
@ -93,7 +96,7 @@ class Random
session_cache_limiter('');
session_start();
$v = $seed = $_SESSION['seed'] = pack('H*', sha1(
$v = $seed = $_SESSION['seed'] = Hex::decode(sha1(
(isset($_SERVER) ? self::safe_serialize($_SERVER) : '') .
(isset($_POST) ? self::safe_serialize($_POST) : '') .
(isset($_GET) ? self::safe_serialize($_GET) : '') .
@ -132,8 +135,8 @@ class Random
// http://tools.ietf.org/html/rfc4253#section-7.2
//
// see the is_string($crypto) part for an example of how to expand the keys
$key = pack('H*', sha1($seed . 'A'));
$iv = pack('H*', sha1($seed . 'C'));
$key = Hex::decode(sha1($seed . 'A'));
$iv = Hex::decode(sha1($seed . 'C'));
// ciphers are used as per the nist.gov link below. also, see this link:
//

5
phpseclib/File/ASN1.php
View File

@ -23,6 +23,7 @@
namespace phpseclib\File;
use ParagonIE\ConstantTime\Base64;
use phpseclib\File\ASN1\Element;
use phpseclib\Math\BigInteger;
@ -733,7 +734,7 @@ class ASN1
return $values;
}
case self::TYPE_OCTET_STRING:
return base64_encode($decoded['content']);
return Base64::encode($decoded['content']);
case self::TYPE_NULL:
return '';
case self::TYPE_BOOLEAN:
@ -981,7 +982,7 @@ class ASN1
the number of unused bits in the final subsequent octet. The number shall be in the range zero to seven.
-- http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#page=16 */
$value = base64_decode($source);
$value = Base64::decode($source);
break;
case self::TYPE_OBJECT_IDENTIFIER:
$oid = preg_match('#(?:\d+\.)+#', $source) ? $source : array_search($source, $this->oids);

54
phpseclib/File/X509.php
View File

@ -26,6 +26,8 @@
namespace phpseclib\File;
use ParagonIE\ConstantTime\Base64;
use ParagonIE\ConstantTime\Hex;
use phpseclib\Crypt\Hash;
use phpseclib\Crypt\Random;
use phpseclib\Crypt\RSA;
@ -1497,7 +1499,7 @@ class X509
switch ($algorithm) {
case 'rsaEncryption':
$cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']
= base64_encode("\0" . base64_decode(preg_replace('#-.+-|[\r\n]#', '', $cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'])));
= Base64::encode("\0" . Base64::decode(preg_replace('#-.+-|[\r\n]#', '', $cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'])));
/* "[For RSA keys] the parameters field MUST have ASN.1 type NULL for this algorithm identifier."
-- https://tools.ietf.org/html/rfc3279#section-2.3.1
@ -1545,7 +1547,7 @@ class X509
return $cert;
// case self::FORMAT_PEM:
default:
return "-----BEGIN CERTIFICATE-----\r\n" . chunk_split(base64_encode($cert), 64) . '-----END CERTIFICATE-----';
return "-----BEGIN CERTIFICATE-----\r\n" . chunk_split(Base64::encode($cert), 64) . '-----END CERTIFICATE-----';
}
}
@ -1566,7 +1568,7 @@ class X509
for ($i = 0; $i < count($extensions); $i++) {
$id = $extensions[$i]['extnId'];
$value = &$extensions[$i]['extnValue'];
$value = base64_decode($value);
$value = Base64::decode($value);
$decoded = $asn1->decodeBER($value);
/* [extnValue] contains the DER encoding of an ASN.1 value
corresponding to the extension type identified by extnID */
@ -1593,7 +1595,7 @@ class X509
}
}
} else {
$value = base64_encode($value);
$value = Base64::encode($value);
}
}
}
@ -1659,7 +1661,7 @@ class X509
}
} else {
$temp = $asn1->encodeDER($value, $map, array('iPAddress' => array($this, '_encodeIP')));
$value = base64_encode($temp);
$value = Base64::encode($temp);
}
}
}
@ -1698,7 +1700,7 @@ class X509
$this->_mapInExtensions($values, $j, $asn1);
}
} elseif ($map) {
$values[$j] = base64_encode($value);
$values[$j] = Base64::encode($value);
}
}
}
@ -2067,7 +2069,7 @@ class X509
$signingCert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['algorithm'],
$signingCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'],
$this->currentCert['signatureAlgorithm']['algorithm'],
substr(base64_decode($this->currentCert['signature']), 1),
substr(Base64::decode($this->currentCert['signature']), 1),
$this->signatureSubject
);
case isset($this->currentCert['certificationRequestInfo']):
@ -2075,7 +2077,7 @@ class X509
$this->currentCert['certificationRequestInfo']['subjectPKInfo']['algorithm']['algorithm'],
$this->currentCert['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'],
$this->currentCert['signatureAlgorithm']['algorithm'],
substr(base64_decode($this->currentCert['signature']), 1),
substr(Base64::decode($this->currentCert['signature']), 1),
$this->signatureSubject
);
case isset($this->currentCert['publicKeyAndChallenge']):
@ -2083,7 +2085,7 @@ class X509
$this->currentCert['publicKeyAndChallenge']['spki']['algorithm']['algorithm'],
$this->currentCert['publicKeyAndChallenge']['spki']['subjectPublicKey'],
$this->currentCert['signatureAlgorithm']['algorithm'],
substr(base64_decode($this->currentCert['signature']), 1),
substr(Base64::decode($this->currentCert['signature']), 1),
$this->signatureSubject
);
case isset($this->currentCert['tbsCertList']):
@ -2109,7 +2111,7 @@ class X509
$signingCert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['algorithm'],
$signingCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'],
$this->currentCert['signatureAlgorithm']['algorithm'],
substr(base64_decode($this->currentCert['signature']), 1),
substr(Base64::decode($this->currentCert['signature']), 1),
$this->signatureSubject
);
default:
@ -2182,7 +2184,7 @@ class X509
// subjectPublicKey is stored as a bit string in X.509 certs. the first byte of a bit string represents how many bits
// in the last byte should be ignored. the following only supports non-zero stuff but as none of the X.509 certs Firefox
// uses as a cert authority actually use a non-zero bit I think it's safe to assume that none do.
chunk_split(base64_encode(substr(base64_decode($key), 1)), 64) .
chunk_split(Base64::encode(substr(Base64::decode($key), 1)), 64) .
'-----END RSA PUBLIC KEY-----';
default:
return $key;
@ -2200,7 +2202,7 @@ class X509
*/
function _decodeIP($ip)
{
return inet_ntop(base64_decode($ip));
return inet_ntop(Base64::decode($ip));
}
/**
@ -2214,7 +2216,7 @@ class X509
*/
function _encodeIP($ip)
{
return base64_encode(inet_pton($ip));
return Base64::encode(inet_pton($ip));
}
/**
@ -2536,7 +2538,7 @@ class X509
$hash = new Hash('sha1');
$hash = $hash->hash($dn);
extract(unpack('Vhash', $hash));
return strtolower(bin2hex(pack('N', $hash)));
return strtolower(Hex::encode(pack('N', $hash)));
}
// Default is to return a string.
@ -2923,7 +2925,7 @@ class X509
switch ($algorithm) {
case 'rsaEncryption':
$csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey']
= base64_encode("\0" . base64_decode(preg_replace('#-.+-|[\r\n]#', '', $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'])));
= Base64::encode("\0" . Base64::decode(preg_replace('#-.+-|[\r\n]#', '', $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'])));
}
}
@ -2945,7 +2947,7 @@ class X509
return $csr;
// case self::FORMAT_PEM:
default:
return "-----BEGIN CERTIFICATE REQUEST-----\r\n" . chunk_split(base64_encode($csr), 64) . '-----END CERTIFICATE REQUEST-----';
return "-----BEGIN CERTIFICATE REQUEST-----\r\n" . chunk_split(Base64::encode($csr), 64) . '-----END CERTIFICATE REQUEST-----';
}
}
@ -2976,7 +2978,7 @@ class X509
// OpenSSL produces SPKAC's that are preceeded by the string SPKAC=
$temp = preg_replace('#(?:SPKAC=)|[ \r\n\\\]#', '', $spkac);
$temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) : false;
$temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? Base64::decode($temp) : false;
if ($temp != false) {
$spkac = $temp;
}
@ -3047,7 +3049,7 @@ class X509
switch ($algorithm) {
case 'rsaEncryption':
$spkac['publicKeyAndChallenge']['spki']['subjectPublicKey']
= base64_encode("\0" . base64_decode(preg_replace('#-.+-|[\r\n]#', '', $spkac['publicKeyAndChallenge']['spki']['subjectPublicKey'])));
= Base64::encode("\0" . Base64::decode(preg_replace('#-.+-|[\r\n]#', '', $spkac['publicKeyAndChallenge']['spki']['subjectPublicKey'])));
}
}
@ -3063,7 +3065,7 @@ class X509
default:
// OpenSSL's implementation of SPKAC requires the SPKAC be preceeded by SPKAC= and since there are pretty much
// no other SPKAC decoders phpseclib will use that same format
return 'SPKAC=' . base64_encode($spkac);
return 'SPKAC=' . Base64::encode($spkac);
}
}
@ -3181,7 +3183,7 @@ class X509
return $crl;
// case self::FORMAT_PEM:
default:
return "-----BEGIN X509 CRL-----\r\n" . chunk_split(base64_encode($crl), 64) . '-----END X509 CRL-----';
return "-----BEGIN X509 CRL-----\r\n" . chunk_split(Base64::encode($crl), 64) . '-----END X509 CRL-----';
}
}
@ -3373,7 +3375,7 @@ class X509
);
if (!isset($subject->currentKeyIdentifier)) {
$this->setExtension('id-ce-subjectKeyIdentifier', base64_encode($this->computeKeyIdentifier($this->currentCert)), false, false);
$this->setExtension('id-ce-subjectKeyIdentifier', Base64::encode($this->computeKeyIdentifier($this->currentCert)), false, false);
}
}
@ -3668,7 +3670,7 @@ class X509
case 'sha512WithRSAEncryption':
$key->setHash(preg_replace('#WithRSAEncryption$#', '', $signatureAlgorithm));
$this->currentCert['signature'] = base64_encode("\0" . $key->sign($this->signatureSubject, RSA::PADDING_PKCS1));
$this->currentCert['signature'] = Base64::encode("\0" . $key->sign($this->signatureSubject, RSA::PADDING_PKCS1));
return $this->currentCert;
default:
throw new UnsupportedAlgorithmException('Signature algorithm unsupported');
@ -4181,7 +4183,7 @@ class X509
if (empty($value)) {
unset($this->currentKeyIdentifier);
} else {
$this->currentKeyIdentifier = base64_encode($value);
$this->currentKeyIdentifier = Base64::encode($value);
}
}
@ -4229,7 +4231,7 @@ class X509
if (empty($raw)) {
return false;
}
$raw = base64_decode($raw);
$raw = Base64::decode($raw);
// If the key is private, compute identifier from its corresponding public key.
$key = new RSA();
if (!$key->load($raw)) {
@ -4282,7 +4284,7 @@ class X509
if ($this->publicKey instanceof RSA) {
// the following two return statements do the same thing. i dunno.. i just prefer the later for some reason.
// the former is a good example of how to do fuzzing on the public key
//return new Element(base64_decode(preg_replace('#-.+-|[\r\n]#', '', $this->publicKey->getPublicKey())));
//return new Element(Base64::decode(preg_replace('#-.+-|[\r\n]#', '', $this->publicKey->getPublicKey())));
return array(
'algorithm' => array('algorithm' => 'rsaEncryption'),
'subjectPublicKey' => $this->publicKey->getPublicKey('PKCS1')
@ -4585,7 +4587,7 @@ class X509
$temp = preg_replace('#-+[^-]+-+#', '', $temp);
// remove new lines
$temp = str_replace(array("\r", "\n", ' '), '', $temp);
$temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) : false;
$temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? Base64::decode($temp) : false;
return $temp != false ? $temp : $str;
}

18
phpseclib/Math/BigInteger.php
View File

@ -50,6 +50,8 @@
namespace phpseclib\Math;
use ParagonIE\ConstantTime\Base64;
use ParagonIE\ConstantTime\Hex;
use phpseclib\Crypt\Random;
/**
@ -360,7 +362,7 @@ class BigInteger
switch (MATH_BIGINTEGER_MODE) {
case self::MODE_GMP:
$sign = $this->is_negative ? '-' : '';
$this->value = gmp_init($sign . '0x' . bin2hex($x));
$this->value = gmp_init($sign . '0x' . Hex::encode($x));
break;
case self::MODE_BCMATH:
// round $len to the nearest 4 (thanks, DavidMJ!)
@ -405,7 +407,7 @@ class BigInteger
$is_negative = false;
if ($base < 0 && hexdec($x[0]) >= 8) {
$this->is_negative = $is_negative = true;
$x = bin2hex(~pack('H*', $x));
$x = Hex::encode(~Hex::decode($x));
}
switch (MATH_BIGINTEGER_MODE) {
@ -416,13 +418,13 @@ class BigInteger
break;
case self::MODE_BCMATH:
$x = (strlen($x) & 1) ? '0' . $x : $x;
$temp = new static(pack('H*', $x), 256);
$temp = new static(Hex::decode($x), 256);
$this->value = $this->is_negative ? '-' . $temp->value : $temp->value;
$this->is_negative = false;
break;
default:
$x = (strlen($x) & 1) ? '0' . $x : $x;
$temp = new static(pack('H*', $x), 256);
$temp = new static(Hex::decode($x), 256);
$this->value = $temp->value;
}
@ -549,7 +551,7 @@ class BigInteger
$temp = gmp_strval(gmp_abs($this->value), 16);
$temp = (strlen($temp) & 1) ? '0' . $temp : $temp;
$temp = pack('H*', $temp);
$temp = Hex::decode($temp);
return $this->precision > 0 ?
substr(str_pad($temp, $this->precision >> 3, chr(0), STR_PAD_LEFT), -($this->precision >> 3)) :
@ -614,7 +616,7 @@ class BigInteger
*/
function toHex($twos_compliment = false)
{
return bin2hex($this->toBytes($twos_compliment));
return Hex::encode($this->toBytes($twos_compliment));
}
/**
@ -1643,7 +1645,7 @@ class BigInteger
$components['publicExponent']
);
$rsaOID = pack('H*', '300d06092a864886f70d0101010500'); // hex version of MA0GCSqGSIb3DQEBAQUA
$rsaOID = Hex::decode('300d06092a864886f70d0101010500'); // hex version of MA0GCSqGSIb3DQEBAQUA
$RSAPublicKey = chr(0) . $RSAPublicKey;
$RSAPublicKey = chr(3) . self::_encodeASN1Length(strlen($RSAPublicKey)) . $RSAPublicKey;
@ -1655,7 +1657,7 @@ class BigInteger
);
$RSAPublicKey = "-----BEGIN PUBLIC KEY-----\r\n" .
chunk_split(base64_encode($encapsulated)) .
chunk_split(Base64::encode($encapsulated)) .
'-----END PUBLIC KEY-----';
$plaintext = str_pad($this->toBytes(), strlen($n->toBytes(true)) - 1, "\0", STR_PAD_LEFT);

2
phpseclib/Net/SFTP.php
View File

@ -2643,7 +2643,7 @@ class SFTP extends SSH2
// IEEE 754 binary64 "double precision" on such platforms and
// as such can represent integers of at least 2^50 without loss
// of precision. Interpreted in filesize, 2^50 bytes = 1024 TiB.
$attr['size'] = hexdec(bin2hex($this->_string_shift($response, 8)));
$attr['size'] = hexdec(Hex::encode($this->_string_shift($response, 8)));
break;
case NET_SFTP_ATTR_UIDGID: // 0x00000002 (SFTPv3 only)
$attr+= unpack('Nuid/Ngid', $this->_string_shift($response, 8));

3
phpseclib/Net/SSH1.php
View File

@ -48,6 +48,7 @@
namespace phpseclib\Net;
use ParagonIE\ConstantTime\Hex;
use phpseclib\Crypt\DES;
use phpseclib\Crypt\Random;
use phpseclib\Crypt\TripleDES;
@ -609,7 +610,7 @@ class SSH1
}
}
$session_id = pack('H*', md5($host_key_public_modulus->toBytes() . $server_key_public_modulus->toBytes() . $anti_spoofing_cookie));
$session_id = Hex::decode(md5($host_key_public_modulus->toBytes() . $server_key_public_modulus->toBytes() . $anti_spoofing_cookie));
$session_key = Random::string(32);
$double_encrypted_session_key = $session_key ^ str_pad($session_id, 32, chr(0));

5
phpseclib/Net/SSH2.php
View File

@ -49,6 +49,7 @@
namespace phpseclib\Net;
use ParagonIE\ConstantTime\Base64;
use phpseclib\Crypt\Base;
use phpseclib\Crypt\Blowfish;
use phpseclib\Crypt\Hash;
@ -3980,7 +3981,7 @@ class SSH2
if ($this->signature_validated) {
return $this->bitmap ?
$this->signature_format . ' ' . base64_encode($this->server_public_host_key) :
$this->signature_format . ' ' . Base64::encode($this->server_public_host_key) :
false;
}
@ -4096,7 +4097,7 @@ class SSH2
throw new NoSupportedAlgorithmsException('Unsupported signature format');
}
return $this->signature_format . ' ' . base64_encode($this->server_public_host_key);
return $this->signature_format . ' ' . Base64::encode($this->server_public_host_key);
}
/**

3
phpseclib/System/SSH/Agent.php
View File

@ -33,6 +33,7 @@
namespace phpseclib\System\SSH;
use ParagonIE\ConstantTime\Base64;
use phpseclib\Crypt\RSA;
use phpseclib\Exception\BadConfigurationException;
use phpseclib\System\SSH\Agent\Identity;
@ -171,7 +172,7 @@ class Agent
for ($i = 0; $i < $keyCount; $i++) {
$length = current(unpack('N', fread($this->fsock, 4)));
$key_blob = fread($this->fsock, $length);
$key_str = 'ssh-rsa ' . base64_encode($key_blob);
$key_str = 'ssh-rsa ' . Base64::encode($key_blob);
$length = current(unpack('N', fread($this->fsock, 4)));
if ($length) {
$key_str.= ' ' . fread($this->fsock, $length);