octoleo/phpseclib
1
0
Fork 0
mirror of https://github.com/phpseclib/phpseclib.git synced 2024-09-22 04:29:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into chacha20

Browse Source
This commit is contained in:
terrafrost 2019-03-26 08:36:07 -05:00
commit aa4c6e686a
6 changed files with 11 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
phpseclib/Common/Functions/Strings.php
View File

@ -60,35 +60,6 @@ abstract class Strings
return $substr; return $substr;
} }
/**
* Performs blinded equality testing on strings
*
* Protects against a particular type of timing attack described.
*
* See {@link http://codahale.com/a-lesson-in-timing-attacks/ A Lesson In Timing Attacks (or, Don't use MessageDigest.isEquals)}
*
* Thanks for the heads up singpolyma!
*
* @access public
* @param string $x
* @param string $y
* @return bool
*/
public static function equals($x, $y)
{
if (strlen($x) != strlen($y)) {
return false;
}
$result = "\0";
$x^= $y;
for ($i = 0; $i < strlen($x); $i++) {
$result|= $x[$i];
}
return $result === "\0";
}
/** /**
* Parse SSH2-style string * Parse SSH2-style string
* *

2
phpseclib/Crypt/Common/Keys/PuTTY.php
View File

@ -155,7 +155,7 @@ abstract class PuTTY
$hmac = trim(preg_replace('#Private-MAC: (.+)#', '$1', $key[$publicLength + $privateLength + 5])); $hmac = trim(preg_replace('#Private-MAC: (.+)#', '$1', $key[$publicLength + $privateLength + 5]));
$hmac = Hex::decode($hmac); $hmac = Hex::decode($hmac);
if (!Strings::equals($hash->hash($source), $hmac)) { if (!hash_equals($hash->hash($source), $hmac)) {
throw new \UnexpectedValueException('MAC validation error'); throw new \UnexpectedValueException('MAC validation error');
} }

12
phpseclib/Crypt/Common/SymmetricKey.php
View File

@ -453,23 +453,11 @@ abstract class SymmetricKey
* @see self::encrypt() * @see self::encrypt()
* @see self::decrypt() * @see self::decrypt()
* @see self::setupInlineCrypt() * @see self::setupInlineCrypt()
* @see self::$use_inline_crypt
* @var Callback * @var Callback
* @access private * @access private
*/ */
protected $inline_crypt; protected $inline_crypt;
/**
* Holds whether performance-optimized $inline_crypt() can/should be used.
*
* @see self::encrypt()
* @see self::decrypt()
* @see self::inline_crypt
* @var mixed
* @access private
*/
protected $use_inline_crypt;
/** /**
* If OpenSSL can be used in ECB but not in CTR we can emulate CTR * If OpenSSL can be used in ECB but not in CTR we can emulate CTR
* *

9
phpseclib/Crypt/RC4.php
View File

@ -93,15 +93,6 @@ class RC4 extends StreamCipher
*/ */
protected $cipher_name_mcrypt = 'arcfour'; protected $cipher_name_mcrypt = 'arcfour';
/**
* Holds whether performance-optimized $inline_crypt() can/should be used.
*
* @see \phpseclib\Crypt\Common\SymmetricKey::inline_crypt
* @var mixed
* @access private
*/
protected $use_inline_crypt = false; // currently not available
/** /**
* The Key * The Key
* *

8
phpseclib/Crypt/RSA.php
View File

@ -1236,7 +1236,7 @@ class RSA extends AsymmetricKey
$db = $maskedDB ^ $dbMask; $db = $maskedDB ^ $dbMask;
$lHash2 = substr($db, 0, $this->hLen); $lHash2 = substr($db, 0, $this->hLen);
$m = substr($db, $this->hLen); $m = substr($db, $this->hLen);
$hashesMatch = Strings::equals($lHash, $lHash2); $hashesMatch = hash_equals($lHash, $lHash2);
$leadingZeros = 1; $leadingZeros = 1;
$patternMatch = 0; $patternMatch = 0;
$offset = 0; $offset = 0;
@ -1463,7 +1463,7 @@ class RSA extends AsymmetricKey
$salt = substr($db, $temp + 1); // should be $sLen long $salt = substr($db, $temp + 1); // should be $sLen long
$m2 = "\0\0\0\0\0\0\0\0" . $mHash . $salt; $m2 = "\0\0\0\0\0\0\0\0" . $mHash . $salt;
$h2 = $this->hash->hash($m2); $h2 = $this->hash->hash($m2);
return Strings::equals($h, $h2); return hash_equals($h, $h2);
} }
/** /**
@ -1657,7 +1657,7 @@ class RSA extends AsymmetricKey
} }
// Compare // Compare
return Strings::equals($em, $em2); return hash_equals($em, $em2);
} }
/** /**
@ -1747,7 +1747,7 @@ class RSA extends AsymmetricKey
$em = $hash->hash($m); $em = $hash->hash($m);
$em2 = $decoded['digest']; $em2 = $decoded['digest'];
return Strings::equals($em, $em2); return hash_equals($em, $em2);
} }
/** /**

13
phpseclib/Net/SSH2.php
View File

@ -55,7 +55,6 @@ use phpseclib\Crypt\Hash;
use phpseclib\Crypt\Random; use phpseclib\Crypt\Random;
use phpseclib\Crypt\RC4; use phpseclib\Crypt\RC4;
use phpseclib\Crypt\Rijndael; use phpseclib\Crypt\Rijndael;
use phpseclib\Crypt\AES;
use phpseclib\Crypt\RSA; use phpseclib\Crypt\RSA;
use phpseclib\Crypt\TripleDES; use phpseclib\Crypt\TripleDES;
use phpseclib\Crypt\Twofish; use phpseclib\Crypt\Twofish;
@ -2192,7 +2191,7 @@ class SSH2
return new RC4(); return new RC4();
case 'aes128-gcm@openssh.com': case 'aes128-gcm@openssh.com':
case 'aes256-gcm@openssh.com': case 'aes256-gcm@openssh.com':
return new AES('gcm'); return new Rijndael('gcm');
case 'chacha20-poly1305@openssh.com': case 'chacha20-poly1305@openssh.com':
return new ChaCha20(); return new ChaCha20();
} }
@ -3412,7 +3411,7 @@ class SSH2
return false; return false;
} }
foreach ($this->auth as $auth) { foreach ($this->auth as $auth) {
$result = call_user_func_array(array(&$this, 'parent::login'), $auth); $result = $this->login(...$auth);
} }
return $result; return $result;
} }
@ -3906,7 +3905,7 @@ class SSH2
$response = $this->binary_packet_buffer; $response = $this->binary_packet_buffer;
$this->binary_packet_buffer = false; $this->binary_packet_buffer = false;
} else { } else {
$read = array($this->fsock); $read = [$this->fsock];
$write = $except = null; $write = $except = null;
if (!$this->curTimeout) { if (!$this->curTimeout) {
@ -3993,7 +3992,7 @@ class SSH2
return $data; return $data;
} }
if (!isset($this->channel_buffers[$channel])) { if (!isset($this->channel_buffers[$channel])) {
$this->channel_buffers[$channel] = array(); $this->channel_buffers[$channel] = [];
} }
$this->channel_buffers[$channel][] = $data; $this->channel_buffers[$channel][] = $data;
@ -4222,7 +4221,7 @@ class SSH2
$this->encrypt->invocation_counter $this->encrypt->invocation_counter
); );
Strings::increment_str($this->encrypt->invocation_counter); Strings::increment_str($this->encrypt->invocation_counter);
$this->encrypt->setAAD($temp = substr($packet, 0, 4)); $this->encrypt->setAAD($temp = ($packet & "\xFF\xFF\xFF\xFF"));
$packet = $temp . $this->encrypt->encrypt(substr($packet, 4)); $packet = $temp . $this->encrypt->encrypt(substr($packet, 4));
break; break;
case 'chacha20-poly1305@openssh.com': case 'chacha20-poly1305@openssh.com':
@ -4231,7 +4230,7 @@ class SSH2
$this->encrypt->setNonce($nonce); $this->encrypt->setNonce($nonce);
$this->lengthEncrypt->setNonce($nonce); $this->lengthEncrypt->setNonce($nonce);
$length = $this->lengthEncrypt->encrypt(substr($packet, 0, 4)); $length = $this->lengthEncrypt->encrypt($packet & "\xFF\xFF\xFF\xFF");
$this->encrypt->setCounter(0); $this->encrypt->setCounter(0);
// this is the same approach that's implemented in Salsa20::createPoly1305Key() // this is the same approach that's implemented in Salsa20::createPoly1305Key()