Merge branch 'master' into chacha20
This commit is contained in:
terrafrost
commit
aa4c6e686a
|
|
@ -60,35 +60,6 @@ abstract class Strings
|
|||
return $substr;
|
||||
}
|
||||
|
||||
/**
|
||||
* Performs blinded equality testing on strings
|
||||
*
|
||||
* Protects against a particular type of timing attack described.
|
||||
*
|
||||
* See {@link http://codahale.com/a-lesson-in-timing-attacks/ A Lesson In Timing Attacks (or, Don't use MessageDigest.isEquals)}
|
||||
*
|
||||
* Thanks for the heads up singpolyma!
|
||||
*
|
||||
* @access public
|
||||
* @param string $x
|
||||
* @param string $y
|
||||
* @return bool
|
||||
*/
|
||||
public static function equals($x, $y)
|
||||
{
|
||||
if (strlen($x) != strlen($y)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$result = "\0";
|
||||
$x^= $y;
|
||||
for ($i = 0; $i < strlen($x); $i++) {
|
||||
$result|= $x[$i];
|
||||
}
|
||||
|
||||
return $result === "\0";
|
||||
}
|
||||
|
||||
/**
|
||||
* Parse SSH2-style string
|
||||
*
|
||||
|
|
|
|||
|
|
@ -155,7 +155,7 @@ abstract class PuTTY
|
|||
$hmac = trim(preg_replace('#Private-MAC: (.+)#', '$1', $key[$publicLength + $privateLength + 5]));
|
||||
$hmac = Hex::decode($hmac);
|
||||
|
||||
if (!Strings::equals($hash->hash($source), $hmac)) {
|
||||
if (!hash_equals($hash->hash($source), $hmac)) {
|
||||
throw new \UnexpectedValueException('MAC validation error');
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -453,23 +453,11 @@ abstract class SymmetricKey
|
|||
* @see self::encrypt()
|
||||
* @see self::decrypt()
|
||||
* @see self::setupInlineCrypt()
|
||||
* @see self::$use_inline_crypt
|
||||
* @var Callback
|
||||
* @access private
|
||||
*/
|
||||
protected $inline_crypt;
|
||||
|
||||
/**
|
||||
* Holds whether performance-optimized $inline_crypt() can/should be used.
|
||||
*
|
||||
* @see self::encrypt()
|
||||
* @see self::decrypt()
|
||||
* @see self::inline_crypt
|
||||
* @var mixed
|
||||
* @access private
|
||||
*/
|
||||
protected $use_inline_crypt;
|
||||
|
||||
/**
|
||||
* If OpenSSL can be used in ECB but not in CTR we can emulate CTR
|
||||
*
|
||||
|
|
|
|||
|
|
@ -93,15 +93,6 @@ class RC4 extends StreamCipher
|
|||
*/
|
||||
protected $cipher_name_mcrypt = 'arcfour';
|
||||
|
||||
/**
|
||||
* Holds whether performance-optimized $inline_crypt() can/should be used.
|
||||
*
|
||||
* @see \phpseclib\Crypt\Common\SymmetricKey::inline_crypt
|
||||
* @var mixed
|
||||
* @access private
|
||||
*/
|
||||
protected $use_inline_crypt = false; // currently not available
|
||||
|
||||
/**
|
||||
* The Key
|
||||
*
|
||||
|
|
|
|||
|
|
@ -1236,7 +1236,7 @@ class RSA extends AsymmetricKey
|
|||
$db = $maskedDB ^ $dbMask;
|
||||
$lHash2 = substr($db, 0, $this->hLen);
|
||||
$m = substr($db, $this->hLen);
|
||||
$hashesMatch = Strings::equals($lHash, $lHash2);
|
||||
$hashesMatch = hash_equals($lHash, $lHash2);
|
||||
$leadingZeros = 1;
|
||||
$patternMatch = 0;
|
||||
$offset = 0;
|
||||
|
|
@ -1463,7 +1463,7 @@ class RSA extends AsymmetricKey
|
|||
$salt = substr($db, $temp + 1); // should be $sLen long
|
||||
$m2 = "\0\0\0\0\0\0\0\0" . $mHash . $salt;
|
||||
$h2 = $this->hash->hash($m2);
|
||||
return Strings::equals($h, $h2);
|
||||
return hash_equals($h, $h2);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1657,7 +1657,7 @@ class RSA extends AsymmetricKey
|
|||
}
|
||||
|
||||
// Compare
|
||||
return Strings::equals($em, $em2);
|
||||
return hash_equals($em, $em2);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1747,7 +1747,7 @@ class RSA extends AsymmetricKey
|
|||
$em = $hash->hash($m);
|
||||
$em2 = $decoded['digest'];
|
||||
|
||||
return Strings::equals($em, $em2);
|
||||
return hash_equals($em, $em2);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -55,7 +55,6 @@ use phpseclib\Crypt\Hash;
|
|||
use phpseclib\Crypt\Random;
|
||||
use phpseclib\Crypt\RC4;
|
||||
use phpseclib\Crypt\Rijndael;
|
||||
use phpseclib\Crypt\AES;
|
||||
use phpseclib\Crypt\RSA;
|
||||
use phpseclib\Crypt\TripleDES;
|
||||
use phpseclib\Crypt\Twofish;
|
||||
|
|
@ -2192,7 +2191,7 @@ class SSH2
|
|||
return new RC4();
|
||||
case 'aes128-gcm@openssh.com':
|
||||
case 'aes256-gcm@openssh.com':
|
||||
return new AES('gcm');
|
||||
return new Rijndael('gcm');
|
||||
case 'chacha20-poly1305@openssh.com':
|
||||
return new ChaCha20();
|
||||
}
|
||||
|
|
@ -3412,7 +3411,7 @@ class SSH2
|
|||
return false;
|
||||
}
|
||||
foreach ($this->auth as $auth) {
|
||||
$result = call_user_func_array(array(&$this, 'parent::login'), $auth);
|
||||
$result = $this->login(...$auth);
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
|
@ -3906,7 +3905,7 @@ class SSH2
|
|||
$response = $this->binary_packet_buffer;
|
||||
$this->binary_packet_buffer = false;
|
||||
} else {
|
||||
$read = array($this->fsock);
|
||||
$read = [$this->fsock];
|
||||
$write = $except = null;
|
||||
|
||||
if (!$this->curTimeout) {
|
||||
|
|
@ -3993,7 +3992,7 @@ class SSH2
|
|||
return $data;
|
||||
}
|
||||
if (!isset($this->channel_buffers[$channel])) {
|
||||
$this->channel_buffers[$channel] = array();
|
||||
$this->channel_buffers[$channel] = [];
|
||||
}
|
||||
$this->channel_buffers[$channel][] = $data;
|
||||
|
||||
|
|
@ -4222,7 +4221,7 @@ class SSH2
|
|||
$this->encrypt->invocation_counter
|
||||
);
|
||||
Strings::increment_str($this->encrypt->invocation_counter);
|
||||
$this->encrypt->setAAD($temp = substr($packet, 0, 4));
|
||||
$this->encrypt->setAAD($temp = ($packet & "\xFF\xFF\xFF\xFF"));
|
||||
$packet = $temp . $this->encrypt->encrypt(substr($packet, 4));
|
||||
break;
|
||||
case 'chacha20-poly1305@openssh.com':
|
||||
|
|
@ -4231,7 +4230,7 @@ class SSH2
|
|||
$this->encrypt->setNonce($nonce);
|
||||
$this->lengthEncrypt->setNonce($nonce);
|
||||
|
||||
$length = $this->lengthEncrypt->encrypt(substr($packet, 0, 4));
|
||||
$length = $this->lengthEncrypt->encrypt($packet & "\xFF\xFF\xFF\xFF");
|
||||
|
||||
$this->encrypt->setCounter(0);
|
||||
// this is the same approach that's implemented in Salsa20::createPoly1305Key()
|
||||
|
|
|
|||
Loading…
Reference in New Issue