diff --git a/phpseclib/Net/SSH1.php b/phpseclib/Net/SSH1.php index f1c53492..44cbe803 100644 --- a/phpseclib/Net/SSH1.php +++ b/phpseclib/Net/SSH1.php @@ -1302,6 +1302,7 @@ class SSH1 /* $rsa = new RSA(); $rsa->load($key, 'raw'); + $rsa->setHash('sha1'); return $rsa->encrypt($m, RSA::PADDING_PKCS1); */ diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index f006cf33..cc09dd43 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -2306,6 +2306,7 @@ class SSH2 } $packet = $part1 . chr(1) . $part2; + $privatekey->setHash('sha1'); $signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet), RSA::PADDING_PKCS1); $signature = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($signature), $signature); $packet.= pack('Na*', strlen($signature), $signature); @@ -4054,6 +4055,7 @@ class SSH2 $rsa = new RSA(); $rsa->load(array('e' => $e, 'n' => $n), 'raw'); + $rsa->setHash('sha1'); if (!$rsa->verify($this->exchange_hash, $signature, RSA::PADDING_PKCS1)) { //user_error('Bad server signature'); return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE); diff --git a/phpseclib/System/SSH/Agent/Identity.php b/phpseclib/System/SSH/Agent/Identity.php index 30ab11d1..612c414e 100644 --- a/phpseclib/System/SSH/Agent/Identity.php +++ b/phpseclib/System/SSH/Agent/Identity.php @@ -115,6 +115,22 @@ class Identity return $this->key->getPublicKey($type); } + /** + * Sets the hash + * + * ssh-agent only supports signatures with sha1 hashes but to maintain BC with RSA.php this function exists + * + * @param string $hash optional + * @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported + * @access public + */ + function setHash($hash = 'sha1') + { + if ($hash != 'sha1') { + throw new UnsupportedAlgorithmException('ssh-agent can only be used with the sha1 hash'); + } + } + /** * Create a signature * @@ -130,7 +146,7 @@ class Identity function sign($message, $padding = RSA::PADDING_PKCS1) { if ($padding != RSA::PADDING_PKCS1 && $padding != RSA::PADDING_RELAXED_PKCS1) { - throw new \UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures'); + throw new UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures'); } // the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE