From dca95ac66281def77990a9dcf41e23a5cf11b50a Mon Sep 17 00:00:00 2001 From: klemens Date: Sun, 31 Jul 2016 14:41:23 +0200 Subject: [PATCH 1/6] spelling fixes --- CHANGELOG.md | 6 +- phpseclib/Crypt/Base.php | 4 +- phpseclib/Crypt/DES.php | 2 +- phpseclib/Crypt/RC2.php | 2 +- phpseclib/Crypt/RSA.php | 1 - phpseclib/Crypt/Twofish.php | 2 +- phpseclib/File/X509.php | 6 +- phpseclib/Math/BigInteger.php | 2 +- phpseclib/Net/SFTP.php | 2 +- phpseclib/Net/SSH2.php | 4 +- phpseclib/System/SSH/Agent/Identity.php | 170 ++++++++++++++++++++++++ tests/Unit/Crypt/RC2Test.php | 2 +- 12 files changed, 186 insertions(+), 17 deletions(-) create mode 100644 phpseclib/System/SSH/Agent/Identity.php diff --git a/CHANGELOG.md b/CHANGELOG.md index fd021f38..8795ea35 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,9 +6,9 @@ - Random: fix issues with serialize() (#932) - RC2: fix issue with decrypting - RC4: fix issue with key not being truncated correctly -- SFTP: nlist() on a non-existant directory resulted in error +- SFTP: nlist() on a non-existent directory resulted in error - SFTP: add is_writable, is_writeable, is_readable -- RSA: fix PHP4 compatability issue +- RSA: fix PHP4 compatibility issue ## 1.0.1 - 2016-01-18 @@ -85,7 +85,7 @@ - truncate - improved file type detection - put() can write to te middle of a file - - mkdir accepts the same paramters that PHP's mkdir does + - mkdir accepts the same parameters that PHP's mkdir does - the ability to upload/download 2GB files - across-the-board speedups for the various encryption algorithms - multi-factor authentication support for Net_SSH2 diff --git a/phpseclib/Crypt/Base.php b/phpseclib/Crypt/Base.php index a6616816..58a5fc47 100644 --- a/phpseclib/Crypt/Base.php +++ b/phpseclib/Crypt/Base.php @@ -1314,7 +1314,7 @@ class Crypt_Base * PHP's OpenSSL bindings do not operate in continuous mode so we'll wrap around it. Since the keystream * for CTR is the same for both encrypting and decrypting this function is re-used by both Crypt_Base::encrypt() * and Crypt_Base::decrypt(). Also, OpenSSL doesn't implement CTR for all of it's symmetric ciphers so this - * function will emulate CTR with ECB when necesary. + * function will emulate CTR with ECB when necessary. * * @see self::encrypt() * @see self::decrypt() @@ -2549,7 +2549,7 @@ class Crypt_Base * is stored, classwide (!), here for reusing. * * The string-based index of $function is a classwide - * uniqe value representing, at least, the $mode of + * unique value representing, at least, the $mode of * operation (or more... depends of the optimizing level) * for which $mode the lambda function was created. * diff --git a/phpseclib/Crypt/DES.php b/phpseclib/Crypt/DES.php index 36a54fd0..4c574018 100644 --- a/phpseclib/Crypt/DES.php +++ b/phpseclib/Crypt/DES.php @@ -1375,7 +1375,7 @@ class Crypt_DES extends Crypt_Base // After that, we'll still create very fast optimized code but not the hi-ultimative code, for each $mode one $gen_hi_opt_code = (bool)( count($lambda_functions) < 10 ); - // Generation of a uniqe hash for our generated code + // Generation of a unique hash for our generated code $code_hash = "Crypt_DES, $des_rounds, {$this->mode}"; if ($gen_hi_opt_code) { // For hi-optimized code, we create for each combination of diff --git a/phpseclib/Crypt/RC2.php b/phpseclib/Crypt/RC2.php index e0932e28..1d10a8af 100644 --- a/phpseclib/Crypt/RC2.php +++ b/phpseclib/Crypt/RC2.php @@ -666,7 +666,7 @@ class Crypt_RC2 extends Crypt_Base // (Currently, for Crypt_RC2, one generated $lambda_function cost on php5.5@32bit ~60kb unfreeable mem and ~100kb on php5.5@64bit) $gen_hi_opt_code = (bool)(count($lambda_functions) < 10); - // Generation of a uniqe hash for our generated code + // Generation of a unique hash for our generated code $code_hash = "Crypt_RC2, {$this->mode}"; if ($gen_hi_opt_code) { $code_hash = str_pad($code_hash, 32) . $this->_hashInlineCryptFunction($this->key); diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index ade9b33d..4ce9d62e 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -138,7 +138,6 @@ define('CRYPT_RSA_SIGNATURE_PSS', 1); * compatibility with protocols (like SSH-2) written before PSS's introduction. */ define('CRYPT_RSA_SIGNATURE_PKCS1', 2); -/**#@-*/ /**#@+ * @access private diff --git a/phpseclib/Crypt/Twofish.php b/phpseclib/Crypt/Twofish.php index c0b2c6fd..7125f6a0 100644 --- a/phpseclib/Crypt/Twofish.php +++ b/phpseclib/Crypt/Twofish.php @@ -746,7 +746,7 @@ class Crypt_Twofish extends Crypt_Base // (Currently, for Crypt_Twofish, one generated $lambda_function cost on php5.5@32bit ~140kb unfreeable mem and ~240kb on php5.5@64bit) $gen_hi_opt_code = (bool)(count($lambda_functions) < 10); - // Generation of a uniqe hash for our generated code + // Generation of a unique hash for our generated code $code_hash = "Crypt_Twofish, {$this->mode}"; if ($gen_hi_opt_code) { $code_hash = str_pad($code_hash, 32) . $this->_hashInlineCryptFunction($this->key); diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index 91d90429..f1bb94fb 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -261,7 +261,7 @@ class File_X509 /** * The signature subject * - * There's no guarantee File_X509 is going to reencode an X.509 cert in the same way it was originally + * There's no guarantee File_X509 is going to re-encode an X.509 cert in the same way it was originally * encoded so we take save the portion of the original cert that the signature would have made for. * * @var string @@ -3134,7 +3134,7 @@ class File_X509 $asn1 = new File_ASN1(); - // OpenSSL produces SPKAC's that are preceeded by the string SPKAC= + // OpenSSL produces SPKAC's that are preceded by the string SPKAC= $temp = preg_replace('#(?:SPKAC=)|[ \r\n\\\]#', '', $spkac); $temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) : false; if ($temp != false) { @@ -3224,7 +3224,7 @@ class File_X509 return $spkac; // case FILE_X509_FORMAT_PEM: default: - // OpenSSL's implementation of SPKAC requires the SPKAC be preceeded by SPKAC= and since there are pretty much + // OpenSSL's implementation of SPKAC requires the SPKAC be preceded by SPKAC= and since there are pretty much // no other SPKAC decoders phpseclib will use that same format return 'SPKAC=' . base64_encode($spkac); } diff --git a/phpseclib/Math/BigInteger.php b/phpseclib/Math/BigInteger.php index cd495a2a..9b2d8bf7 100644 --- a/phpseclib/Math/BigInteger.php +++ b/phpseclib/Math/BigInteger.php @@ -2496,7 +2496,7 @@ class Math_BigInteger * * Say you have 693 and 609. The GCD is 21. Bezout's identity states that there exist integers x and y such that * 693*x + 609*y == 21. In point of fact, there are actually an infinite number of x and y combinations and which - * combination is returned is dependant upon which mode is in use. See + * combination is returned is dependent upon which mode is in use. See * {@link http://en.wikipedia.org/wiki/B%C3%A9zout%27s_identity Bezout's identity - Wikipedia} for more information. * * Here's an example: diff --git a/phpseclib/Net/SFTP.php b/phpseclib/Net/SFTP.php index b01fdc86..35e6d36b 100644 --- a/phpseclib/Net/SFTP.php +++ b/phpseclib/Net/SFTP.php @@ -380,7 +380,7 @@ class Net_SFTP extends Net_SSH2 ); // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-04#section-6.3 // the flag definitions change somewhat in SFTPv5+. if SFTPv5+ support is added to this library, maybe name - // the array for that $this->open5_flags and similarily alter the constant names. + // the array for that $this->open5_flags and similarly alter the constant names. $this->open_flags = array( 0x00000001 => 'NET_SFTP_OPEN_READ', 0x00000002 => 'NET_SFTP_OPEN_WRITE', diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index 2fd2a8f9..623e7f3a 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -400,7 +400,7 @@ class Net_SSH2 var $server_public_host_key; /** - * Session identifer + * Session identifier * * "The exchange hash H from the first key exchange is additionally * used as the session identifier, which is a unique identifier for @@ -2478,7 +2478,7 @@ class Net_SSH2 // RFC4254 defines the (client) window size as "bytes the other party can send before it must wait for the window to // be adjusted". 0x7FFFFFFF is, at 2GB, the max size. technically, it should probably be decremented, but, - // honestly, if you're transfering more than 2GB, you probably shouldn't be using phpseclib, anyway. + // honestly, if you're transferring more than 2GB, you probably shouldn't be using phpseclib, anyway. // see http://tools.ietf.org/html/rfc4254#section-5.2 for more info $this->window_size_server_to_client[NET_SSH2_CHANNEL_EXEC] = $this->window_size; // 0x8000 is the maximum max packet size, per http://tools.ietf.org/html/rfc4253#section-6.1, although since PuTTy diff --git a/phpseclib/System/SSH/Agent/Identity.php b/phpseclib/System/SSH/Agent/Identity.php new file mode 100644 index 00000000..95e091db --- /dev/null +++ b/phpseclib/System/SSH/Agent/Identity.php @@ -0,0 +1,170 @@ + + * @copyright 2009 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + * @internal See http://api.libssh.org/rfc/PROTOCOL.agent + */ + +namespace phpseclib\System\SSH\Agent; + +use phpseclib\Crypt\RSA; +use phpseclib\Exception\UnsupportedAlgorithmException; +use phpseclib\System\SSH\Agent; + +/** + * Pure-PHP ssh-agent client identity object + * + * Instantiation should only be performed by \phpseclib\System\SSH\Agent class. + * This could be thought of as implementing an interface that phpseclib\Crypt\RSA + * implements. ie. maybe a Net_SSH_Auth_PublicKey interface or something. + * The methods in this interface would be getPublicKey and sign since those are the + * methods phpseclib looks for to perform public key authentication. + * + * @package SSH\Agent + * @author Jim Wigginton + * @access internal + */ +class Identity +{ + /** + * Key Object + * + * @var \phpseclib\Crypt\RSA + * @access private + * @see self::getPublicKey() + */ + var $key; + + /** + * Key Blob + * + * @var string + * @access private + * @see self::sign() + */ + var $key_blob; + + /** + * Socket Resource + * + * @var resource + * @access private + * @see self::sign() + */ + var $fsock; + + /** + * Default Constructor. + * + * @param resource $fsock + * @return \phpseclib\System\SSH\Agent\Identity + * @access private + */ + function __construct($fsock) + { + $this->fsock = $fsock; + } + + /** + * Set Public Key + * + * Called by \phpseclib\System\SSH\Agent::requestIdentities() + * + * @param \phpseclib\Crypt\RSA $key + * @access private + */ + function setPublicKey($key) + { + $this->key = $key; + $this->key->setPublicKey(); + } + + /** + * Set Public Key + * + * Called by \phpseclib\System\SSH\Agent::requestIdentities(). The key blob could be extracted from $this->key + * but this saves a small amount of computation. + * + * @param string $key_blob + * @access private + */ + function setPublicKeyBlob($key_blob) + { + $this->key_blob = $key_blob; + } + + /** + * Get Public Key + * + * Wrapper for $this->key->getPublicKey() + * + * @param int $type optional + * @return mixed + * @access public + */ + function getPublicKey($type = 'PKCS8') + { + return $this->key->getPublicKey($type); + } + + /** + * Sets the hash + * + * ssh-agent only supports signatures with sha1 hashes but to maintain BC with RSA.php this function exists + * + * @param string $hash optional + * @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported + * @access public + */ + function setHash($hash = 'sha1') + { + if ($hash != 'sha1') { + throw new UnsupportedAlgorithmException('ssh-agent can only be used with the sha1 hash'); + } + } + + /** + * Create a signature + * + * See "2.6.2 Protocol 2 private key signature request" + * + * @param string $message + * @param int $padding optional + * @return string + * @throws \RuntimeException on connection errors + * @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported + * @access public + */ + function sign($message, $padding = RSA::PADDING_PKCS1) + { + if ($padding != RSA::PADDING_PKCS1 && $padding != RSA::PADDING_RELAXED_PKCS1) { + throw new UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures'); + } + + // the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE + $packet = pack('CNa*Na*N', Agent::SSH_AGENTC_SIGN_REQUEST, strlen($this->key_blob), $this->key_blob, strlen($message), $message, 0); + $packet = pack('Na*', strlen($packet), $packet); + if (strlen($packet) != fputs($this->fsock, $packet)) { + throw new \RuntimeException('Connection closed during signing'); + } + + $length = current(unpack('N', fread($this->fsock, 4))); + $type = ord(fread($this->fsock, 1)); + if ($type != Agent::SSH_AGENT_SIGN_RESPONSE) { + throw new \RuntimeException('Unable to retrieve signature'); + } + + $signature_blob = fread($this->fsock, $length - 1); + // the only other signature format defined - ssh-dss - is the same length as ssh-rsa + // the + 12 is for the other various SSH added length fields + return substr($signature_blob, strlen('ssh-rsa') + 12); + } +} diff --git a/tests/Unit/Crypt/RC2Test.php b/tests/Unit/Crypt/RC2Test.php index 2fa2c0d3..0ad664bb 100644 --- a/tests/Unit/Crypt/RC2Test.php +++ b/tests/Unit/Crypt/RC2Test.php @@ -70,7 +70,7 @@ class Unit_Crypt_RC2Test extends PhpseclibTestCase // now, to OpenSSL's credit, null padding is internally consistent with OpenSSL. OpenSSL only supports fixed length keys. For rc2, rc4 and // bf (blowfish), all keys are 128 bits (or are null padded / truncated accordingly). to use 40-bit or 64-bit keys with RC4 with OpenSSL you - // don't use the rc4 algorithm - you use the rc4-40 or rc4-64 algorithm. and similarily, it's not aes-cbc that you use - it's either aes-128-cbc + // don't use the rc4 algorithm - you use the rc4-40 or rc4-64 algorithm. and similarly, it's not aes-cbc that you use - it's either aes-128-cbc // or aes-192-cbc or aes-256-cbc. this is in contrast to mcrypt, which (with the exception of RC2) actually supports variable and arbitrary // length keys. From dd23d91d411d812b2765c5bc3b8bd43fe58be0a2 Mon Sep 17 00:00:00 2001 From: klemens Date: Sun, 31 Jul 2016 14:41:23 +0200 Subject: [PATCH 2/6] spelling fixes --- CHANGELOG.md | 8 ++++---- phpseclib/Crypt/Base.php | 4 ++-- phpseclib/Crypt/DES.php | 2 +- phpseclib/Crypt/RC2.php | 2 +- phpseclib/Crypt/RSA.php | 2 +- phpseclib/Crypt/Twofish.php | 2 +- phpseclib/File/X509.php | 6 +++--- phpseclib/Math/BigInteger.php | 2 +- phpseclib/Net/SFTP.php | 2 +- phpseclib/Net/SSH2.php | 4 ++-- phpseclib/System/SSH/Agent/Identity.php | 2 +- tests/Unit/Crypt/RC2Test.php | 2 +- 12 files changed, 19 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c9f22fc7..daca0cca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ - Random: fix issues with serialize() (#932) - RC2: fix issue with decrypting - RC4: fix issue with key not being truncated correctly -- SFTP: nlist() on a non-existant directory resulted in error +- SFTP: nlist() on a non-existent directory resulted in error - SFTP: add is_writable, is_writeable, is_readable - X509: add IPv6 support for subjectaltname extension (#936) @@ -36,9 +36,9 @@ - Random: fix issues with serialize() (#932) - RC2: fix issue with decrypting - RC4: fix issue with key not being truncated correctly -- SFTP: nlist() on a non-existant directory resulted in error +- SFTP: nlist() on a non-existent directory resulted in error - SFTP: add is_writable, is_writeable, is_readable -- RSA: fix PHP4 compatability issue +- RSA: fix PHP4 compatibility issue ## 1.0.1 - 2016-01-18 @@ -115,7 +115,7 @@ - truncate - improved file type detection - put() can write to te middle of a file - - mkdir accepts the same paramters that PHP's mkdir does + - mkdir accepts the same parameters that PHP's mkdir does - the ability to upload/download 2GB files - across-the-board speedups for the various encryption algorithms - multi-factor authentication support for Net_SSH2 diff --git a/phpseclib/Crypt/Base.php b/phpseclib/Crypt/Base.php index e3cc7b87..f96e15fe 100644 --- a/phpseclib/Crypt/Base.php +++ b/phpseclib/Crypt/Base.php @@ -1308,7 +1308,7 @@ abstract class Base * PHP's OpenSSL bindings do not operate in continuous mode so we'll wrap around it. Since the keystream * for CTR is the same for both encrypting and decrypting this function is re-used by both Base::encrypt() * and Base::decrypt(). Also, OpenSSL doesn't implement CTR for all of it's symmetric ciphers so this - * function will emulate CTR with ECB when necesary. + * function will emulate CTR with ECB when necessary. * * @see self::encrypt() * @see self::decrypt() @@ -2537,7 +2537,7 @@ abstract class Base * is stored, classwide (!), here for reusing. * * The string-based index of $function is a classwide - * uniqe value representing, at least, the $mode of + * unique value representing, at least, the $mode of * operation (or more... depends of the optimizing level) * for which $mode the lambda function was created. * diff --git a/phpseclib/Crypt/DES.php b/phpseclib/Crypt/DES.php index 14273d28..e5b5e8dc 100644 --- a/phpseclib/Crypt/DES.php +++ b/phpseclib/Crypt/DES.php @@ -1312,7 +1312,7 @@ class DES extends Base // After that, we'll still create very fast optimized code but not the hi-ultimative code, for each $mode one $gen_hi_opt_code = (bool)( count($lambda_functions) < 10 ); - // Generation of a uniqe hash for our generated code + // Generation of a unique hash for our generated code $code_hash = "Crypt_DES, $des_rounds, {$this->mode}"; if ($gen_hi_opt_code) { // For hi-optimized code, we create for each combination of diff --git a/phpseclib/Crypt/RC2.php b/phpseclib/Crypt/RC2.php index 648cf96a..466245fe 100644 --- a/phpseclib/Crypt/RC2.php +++ b/phpseclib/Crypt/RC2.php @@ -581,7 +581,7 @@ class RC2 extends Base // (Currently, for Crypt_RC2, one generated $lambda_function cost on php5.5@32bit ~60kb unfreeable mem and ~100kb on php5.5@64bit) $gen_hi_opt_code = (bool)(count($lambda_functions) < 10); - // Generation of a uniqe hash for our generated code + // Generation of a unique hash for our generated code $code_hash = "Crypt_RC2, {$this->mode}"; if ($gen_hi_opt_code) { $code_hash = str_pad($code_hash, 32) . $this->_hashInlineCryptFunction($this->key); diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index 87a0a6e3..3afaf573 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -88,7 +88,7 @@ class RSA */ const PADDING_NONE = 3; /** - * Use PKCS#1 padding with PKCS1 v1.5 compatability + * Use PKCS#1 padding with PKCS1 v1.5 compatibility * * A PKCS1 v2.1 encrypted message may not successfully decrypt with a PKCS1 v1.5 implementation (such as OpenSSL). */ diff --git a/phpseclib/Crypt/Twofish.php b/phpseclib/Crypt/Twofish.php index e4d910db..a518737a 100644 --- a/phpseclib/Crypt/Twofish.php +++ b/phpseclib/Crypt/Twofish.php @@ -711,7 +711,7 @@ class Twofish extends Base // (Currently, for Crypt_Twofish, one generated $lambda_function cost on php5.5@32bit ~140kb unfreeable mem and ~240kb on php5.5@64bit) $gen_hi_opt_code = (bool)(count($lambda_functions) < 10); - // Generation of a uniqe hash for our generated code + // Generation of a unique hash for our generated code $code_hash = "Crypt_Twofish, {$this->mode}"; if ($gen_hi_opt_code) { $code_hash = str_pad($code_hash, 32) . $this->_hashInlineCryptFunction($this->key); diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index b49bc01d..fee55ed6 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -247,7 +247,7 @@ class X509 /** * The signature subject * - * There's no guarantee \phpseclib\File\X509 is going to reencode an X.509 cert in the same way it was originally + * There's no guarantee \phpseclib\File\X509 is going to re-encode an X.509 cert in the same way it was originally * encoded so we take save the portion of the original cert that the signature would have made for. * * @var string @@ -3105,7 +3105,7 @@ class X509 $asn1 = new ASN1(); - // OpenSSL produces SPKAC's that are preceeded by the string SPKAC= + // OpenSSL produces SPKAC's that are preceded by the string SPKAC= $temp = preg_replace('#(?:SPKAC=)|[ \r\n\\\]#', '', $spkac); $temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? Base64::decode($temp) : false; if ($temp != false) { @@ -3192,7 +3192,7 @@ class X509 return $spkac; // case self::FORMAT_PEM: default: - // OpenSSL's implementation of SPKAC requires the SPKAC be preceeded by SPKAC= and since there are pretty much + // OpenSSL's implementation of SPKAC requires the SPKAC be preceded by SPKAC= and since there are pretty much // no other SPKAC decoders phpseclib will use that same format return 'SPKAC=' . Base64::encode($spkac); } diff --git a/phpseclib/Math/BigInteger.php b/phpseclib/Math/BigInteger.php index 66fb48e4..901421a0 100644 --- a/phpseclib/Math/BigInteger.php +++ b/phpseclib/Math/BigInteger.php @@ -2405,7 +2405,7 @@ class BigInteger * * Say you have 693 and 609. The GCD is 21. Bezout's identity states that there exist integers x and y such that * 693*x + 609*y == 21. In point of fact, there are actually an infinite number of x and y combinations and which - * combination is returned is dependant upon which mode is in use. See + * combination is returned is dependent upon which mode is in use. See * {@link http://en.wikipedia.org/wiki/B%C3%A9zout%27s_identity Bezout's identity - Wikipedia} for more information. * * Here's an example: diff --git a/phpseclib/Net/SFTP.php b/phpseclib/Net/SFTP.php index 0f8bb58e..c2d6110a 100644 --- a/phpseclib/Net/SFTP.php +++ b/phpseclib/Net/SFTP.php @@ -342,7 +342,7 @@ class SFTP extends SSH2 ); // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-04#section-6.3 // the flag definitions change somewhat in SFTPv5+. if SFTPv5+ support is added to this library, maybe name - // the array for that $this->open5_flags and similarily alter the constant names. + // the array for that $this->open5_flags and similarly alter the constant names. $this->open_flags = array( 0x00000001 => 'NET_SFTP_OPEN_READ', 0x00000002 => 'NET_SFTP_OPEN_WRITE', diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index b8993075..f49bd286 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -397,7 +397,7 @@ class SSH2 var $server_public_host_key; /** - * Session identifer + * Session identifier * * "The exchange hash H from the first key exchange is additionally * used as the session identifier, which is a unique identifier for @@ -2395,7 +2395,7 @@ class SSH2 // RFC4254 defines the (client) window size as "bytes the other party can send before it must wait for the window to // be adjusted". 0x7FFFFFFF is, at 2GB, the max size. technically, it should probably be decremented, but, - // honestly, if you're transfering more than 2GB, you probably shouldn't be using phpseclib, anyway. + // honestly, if you're transferring more than 2GB, you probably shouldn't be using phpseclib, anyway. // see http://tools.ietf.org/html/rfc4254#section-5.2 for more info $this->window_size_server_to_client[self::CHANNEL_EXEC] = $this->window_size; // 0x8000 is the maximum max packet size, per http://tools.ietf.org/html/rfc4253#section-6.1, although since PuTTy diff --git a/phpseclib/System/SSH/Agent/Identity.php b/phpseclib/System/SSH/Agent/Identity.php index 612c414e..95e091db 100644 --- a/phpseclib/System/SSH/Agent/Identity.php +++ b/phpseclib/System/SSH/Agent/Identity.php @@ -159,7 +159,7 @@ class Identity $length = current(unpack('N', fread($this->fsock, 4))); $type = ord(fread($this->fsock, 1)); if ($type != Agent::SSH_AGENT_SIGN_RESPONSE) { - throw new \RuntimeException('Unable to retreive signature'); + throw new \RuntimeException('Unable to retrieve signature'); } $signature_blob = fread($this->fsock, $length - 1); diff --git a/tests/Unit/Crypt/RC2Test.php b/tests/Unit/Crypt/RC2Test.php index 93dbf458..0db4d1f0 100644 --- a/tests/Unit/Crypt/RC2Test.php +++ b/tests/Unit/Crypt/RC2Test.php @@ -71,7 +71,7 @@ class Unit_Crypt_RC2Test extends PhpseclibTestCase // now, to OpenSSL's credit, null padding is internally consistent with OpenSSL. OpenSSL only supports fixed length keys. For rc2, rc4 and // bf (blowfish), all keys are 128 bits (or are null padded / truncated accordingly). to use 40-bit or 64-bit keys with RC4 with OpenSSL you - // don't use the rc4 algorithm - you use the rc4-40 or rc4-64 algorithm. and similarily, it's not aes-cbc that you use - it's either aes-128-cbc + // don't use the rc4 algorithm - you use the rc4-40 or rc4-64 algorithm. and similarly, it's not aes-cbc that you use - it's either aes-128-cbc // or aes-192-cbc or aes-256-cbc. this is in contrast to mcrypt, which (with the exception of RC2) actually supports variable and arbitrary // length keys. From 1a25aefa59ae58c4b0210f3a4f2273804db3c7c2 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Thu, 4 Aug 2016 00:55:21 -0500 Subject: [PATCH 3/6] cherry-picking last commit added new file --- phpseclib/System/SSH/Agent/Identity.php | 170 ------------------------ 1 file changed, 170 deletions(-) delete mode 100644 phpseclib/System/SSH/Agent/Identity.php diff --git a/phpseclib/System/SSH/Agent/Identity.php b/phpseclib/System/SSH/Agent/Identity.php deleted file mode 100644 index 95e091db..00000000 --- a/phpseclib/System/SSH/Agent/Identity.php +++ /dev/null @@ -1,170 +0,0 @@ - - * @copyright 2009 Jim Wigginton - * @license http://www.opensource.org/licenses/mit-license.html MIT License - * @link http://phpseclib.sourceforge.net - * @internal See http://api.libssh.org/rfc/PROTOCOL.agent - */ - -namespace phpseclib\System\SSH\Agent; - -use phpseclib\Crypt\RSA; -use phpseclib\Exception\UnsupportedAlgorithmException; -use phpseclib\System\SSH\Agent; - -/** - * Pure-PHP ssh-agent client identity object - * - * Instantiation should only be performed by \phpseclib\System\SSH\Agent class. - * This could be thought of as implementing an interface that phpseclib\Crypt\RSA - * implements. ie. maybe a Net_SSH_Auth_PublicKey interface or something. - * The methods in this interface would be getPublicKey and sign since those are the - * methods phpseclib looks for to perform public key authentication. - * - * @package SSH\Agent - * @author Jim Wigginton - * @access internal - */ -class Identity -{ - /** - * Key Object - * - * @var \phpseclib\Crypt\RSA - * @access private - * @see self::getPublicKey() - */ - var $key; - - /** - * Key Blob - * - * @var string - * @access private - * @see self::sign() - */ - var $key_blob; - - /** - * Socket Resource - * - * @var resource - * @access private - * @see self::sign() - */ - var $fsock; - - /** - * Default Constructor. - * - * @param resource $fsock - * @return \phpseclib\System\SSH\Agent\Identity - * @access private - */ - function __construct($fsock) - { - $this->fsock = $fsock; - } - - /** - * Set Public Key - * - * Called by \phpseclib\System\SSH\Agent::requestIdentities() - * - * @param \phpseclib\Crypt\RSA $key - * @access private - */ - function setPublicKey($key) - { - $this->key = $key; - $this->key->setPublicKey(); - } - - /** - * Set Public Key - * - * Called by \phpseclib\System\SSH\Agent::requestIdentities(). The key blob could be extracted from $this->key - * but this saves a small amount of computation. - * - * @param string $key_blob - * @access private - */ - function setPublicKeyBlob($key_blob) - { - $this->key_blob = $key_blob; - } - - /** - * Get Public Key - * - * Wrapper for $this->key->getPublicKey() - * - * @param int $type optional - * @return mixed - * @access public - */ - function getPublicKey($type = 'PKCS8') - { - return $this->key->getPublicKey($type); - } - - /** - * Sets the hash - * - * ssh-agent only supports signatures with sha1 hashes but to maintain BC with RSA.php this function exists - * - * @param string $hash optional - * @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported - * @access public - */ - function setHash($hash = 'sha1') - { - if ($hash != 'sha1') { - throw new UnsupportedAlgorithmException('ssh-agent can only be used with the sha1 hash'); - } - } - - /** - * Create a signature - * - * See "2.6.2 Protocol 2 private key signature request" - * - * @param string $message - * @param int $padding optional - * @return string - * @throws \RuntimeException on connection errors - * @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported - * @access public - */ - function sign($message, $padding = RSA::PADDING_PKCS1) - { - if ($padding != RSA::PADDING_PKCS1 && $padding != RSA::PADDING_RELAXED_PKCS1) { - throw new UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures'); - } - - // the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE - $packet = pack('CNa*Na*N', Agent::SSH_AGENTC_SIGN_REQUEST, strlen($this->key_blob), $this->key_blob, strlen($message), $message, 0); - $packet = pack('Na*', strlen($packet), $packet); - if (strlen($packet) != fputs($this->fsock, $packet)) { - throw new \RuntimeException('Connection closed during signing'); - } - - $length = current(unpack('N', fread($this->fsock, 4))); - $type = ord(fread($this->fsock, 1)); - if ($type != Agent::SSH_AGENT_SIGN_RESPONSE) { - throw new \RuntimeException('Unable to retrieve signature'); - } - - $signature_blob = fread($this->fsock, $length - 1); - // the only other signature format defined - ssh-dss - is the same length as ssh-rsa - // the + 12 is for the other various SSH added length fields - return substr($signature_blob, strlen('ssh-rsa') + 12); - } -} From 676c1982c77b3ce57dd82fe886a4304a92309d76 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Thu, 4 Aug 2016 00:59:07 -0500 Subject: [PATCH 4/6] fix bad merge --- phpseclib/Crypt/RSA.php | 4 ++-- phpseclib/File/X509.php | 6 +----- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index 0428b6ce..ef508a43 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -245,7 +245,7 @@ class RSA /** * Precomputed Zero * - * @var array + * @var \phpseclib\Math\BigInteger * @access private */ var $zero; @@ -253,7 +253,7 @@ class RSA /** * Precomputed One * - * @var array + * @var \phpseclib\Math\BigInteger * @access private */ var $one; diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index c19ade04..863d9e99 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -244,11 +244,7 @@ class X509 /** * The signature subject * -<<<<<<< HEAD - * There's no guarantee \phpseclib\File\X509 is going to reencode an X.509 cert in the same way it was originally -======= - * There's no guarantee File_X509 is going to re-encode an X.509 cert in the same way it was originally ->>>>>>> 1.0 + * There's no guarantee \phpseclib\File\X509 is going to re-encode an X.509 cert in the same way it was originally * encoded so we take save the portion of the original cert that the signature would have made for. * * @var string From 12f70270cdcf69610d1b816ed10d6bab2645e17d Mon Sep 17 00:00:00 2001 From: terrafrost Date: Thu, 4 Aug 2016 01:06:52 -0500 Subject: [PATCH 5/6] fix bad cherry pick --- phpseclib/Crypt/RSA.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index 4ce9d62e..23ba0d07 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -138,6 +138,7 @@ define('CRYPT_RSA_SIGNATURE_PSS', 1); * compatibility with protocols (like SSH-2) written before PSS's introduction. */ define('CRYPT_RSA_SIGNATURE_PKCS1', 2); +/**#@-*/ /**#@+ * @access private @@ -281,7 +282,7 @@ class Crypt_RSA /** * Precomputed Zero * - * @var array + * @var Math_BigInteger * @access private */ var $zero; @@ -289,7 +290,7 @@ class Crypt_RSA /** * Precomputed One * - * @var array + * @var Math_BigInteger * @access private */ var $one; From c20b661a4417cab29965581a5fabc4f42aba3f7d Mon Sep 17 00:00:00 2001 From: terrafrost Date: Thu, 11 Aug 2016 23:09:38 -0500 Subject: [PATCH 6/6] SSH2: don't check for carriage return in version id string --- phpseclib/Net/SSH2.php | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index c5f3d9a4..11580755 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -1058,10 +1058,20 @@ class SSH2 } $line.= "$temp\n"; - if (substr($line, -2) == "\r\n") { - break; - } + + // quoting RFC4253, "Implementers who wish to maintain + // compatibility with older, undocumented versions of this protocol may + // want to process the identification string without expecting the + // presence of the carriage return character for reasons described in + // Section 5 of this document." + + //if (substr($line, -2) == "\r\n") { + // break; + //} + + break; } + $data.= $line; }