mirror of
https://github.com/phpseclib/phpseclib.git
synced 2024-12-26 03:27:31 +00:00
Merge branch 'master' into cipher-revamp
This commit is contained in:
commit
ae1e5c13f9
@ -49,8 +49,6 @@
|
||||
|
||||
namespace phpseclib\Crypt;
|
||||
|
||||
use phpseclib\Crypt\Rijndael;
|
||||
|
||||
/**
|
||||
* Pure-PHP implementation of AES.
|
||||
*
|
||||
|
@ -36,8 +36,6 @@
|
||||
|
||||
namespace phpseclib\Crypt;
|
||||
|
||||
use phpseclib\Crypt\Hash;
|
||||
|
||||
/**
|
||||
* Base Class for all \phpseclib\Crypt\* cipher classes
|
||||
*
|
||||
@ -727,10 +725,13 @@ abstract class Base
|
||||
return !defined('OPENSSL_RAW_DATA') ? substr($result, 0, -$this->block_size) : $result;
|
||||
case self::MODE_CBC:
|
||||
$result = openssl_encrypt($plaintext, $this->cipher_name_openssl, $this->key, $this->openssl_options, $this->encryptIV);
|
||||
if (!defined('OPENSSL_RAW_DATA')) {
|
||||
$result = substr($result, 0, -$this->block_size);
|
||||
}
|
||||
if ($this->continuousBuffer) {
|
||||
$this->encryptIV = substr($result, -$this->block_size);
|
||||
}
|
||||
return !defined('OPENSSL_RAW_DATA') ? substr($result, 0, -$this->block_size) : $result;
|
||||
return $result;
|
||||
case self::MODE_CTR:
|
||||
return $this->_openssl_ctr_process($plaintext, $this->encryptIV, $this->enbuffer);
|
||||
case self::MODE_CFB:
|
||||
@ -1032,10 +1033,13 @@ abstract class Base
|
||||
if (!defined('OPENSSL_RAW_DATA')) {
|
||||
$padding = str_repeat(chr($this->block_size), $this->block_size) ^ substr($ciphertext, -$this->block_size);
|
||||
$ciphertext.= substr(openssl_encrypt($padding, $this->cipher_name_openssl_ecb, $this->key, true), 0, $this->block_size);
|
||||
$offset = 2 * $this->block_size;
|
||||
} else {
|
||||
$offset = $this->block_size;
|
||||
}
|
||||
$plaintext = openssl_decrypt($ciphertext, $this->cipher_name_openssl, $this->key, $this->openssl_options, $this->decryptIV);
|
||||
if ($this->continuousBuffer) {
|
||||
$this->decryptIV = substr($ciphertext, -$this->block_size);
|
||||
$this->decryptIV = substr($ciphertext, -$offset, $this->block_size);
|
||||
}
|
||||
break;
|
||||
case self::MODE_CTR:
|
||||
|
@ -37,8 +37,6 @@
|
||||
|
||||
namespace phpseclib\Crypt;
|
||||
|
||||
use phpseclib\Crypt\Base;
|
||||
|
||||
/**
|
||||
* Pure-PHP implementation of Blowfish.
|
||||
*
|
||||
|
@ -42,8 +42,6 @@
|
||||
|
||||
namespace phpseclib\Crypt;
|
||||
|
||||
use phpseclib\Crypt\Base;
|
||||
|
||||
/**
|
||||
* Pure-PHP implementation of DES.
|
||||
*
|
||||
|
@ -35,8 +35,6 @@
|
||||
|
||||
namespace phpseclib\Crypt;
|
||||
|
||||
use phpseclib\Crypt\Base;
|
||||
|
||||
/**
|
||||
* Pure-PHP implementation of RC2.
|
||||
*
|
||||
|
@ -44,8 +44,6 @@
|
||||
|
||||
namespace phpseclib\Crypt;
|
||||
|
||||
use phpseclib\Crypt\Base;
|
||||
|
||||
/**
|
||||
* Pure-PHP implementation of RC4.
|
||||
*
|
||||
|
@ -45,8 +45,8 @@
|
||||
|
||||
namespace phpseclib\Crypt;
|
||||
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\File\ASN1;
|
||||
use phpseclib\Math\BigInteger;
|
||||
|
||||
/**
|
||||
* Pure-PHP PKCS#1 compliant implementation of RSA.
|
||||
|
@ -14,10 +14,10 @@
|
||||
|
||||
namespace phpseclib\Crypt\RSA;
|
||||
|
||||
use phpseclib\Crypt\Base;
|
||||
use phpseclib\Crypt\AES;
|
||||
use phpseclib\Crypt\TripleDES;
|
||||
use phpseclib\Crypt\Base;
|
||||
use phpseclib\Crypt\DES;
|
||||
use phpseclib\Crypt\TripleDES;
|
||||
use phpseclib\Math\BigInteger;
|
||||
|
||||
/**
|
||||
|
@ -22,12 +22,11 @@
|
||||
|
||||
namespace phpseclib\Crypt\RSA;
|
||||
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Crypt\RSA\PKCS;
|
||||
use phpseclib\Crypt\Random;
|
||||
use phpseclib\Crypt\AES;
|
||||
use phpseclib\Crypt\TripleDES;
|
||||
use phpseclib\Crypt\DES;
|
||||
use phpseclib\Crypt\Random;
|
||||
use phpseclib\Crypt\TripleDES;
|
||||
use phpseclib\Math\BigInteger;
|
||||
|
||||
/**
|
||||
* PKCS#1 Formatted RSA Key Handler
|
||||
|
@ -24,10 +24,9 @@
|
||||
|
||||
namespace phpseclib\Crypt\RSA;
|
||||
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Crypt\RSA\PKCS;
|
||||
use phpseclib\Crypt\Random;
|
||||
use phpseclib\Crypt\DES;
|
||||
use phpseclib\Crypt\Random;
|
||||
use phpseclib\Math\BigInteger;
|
||||
|
||||
/**
|
||||
* PKCS#8 Formatted RSA Key Handler
|
||||
|
@ -14,10 +14,9 @@
|
||||
|
||||
namespace phpseclib\Crypt\RSA;
|
||||
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Crypt\AES;
|
||||
use phpseclib\Crypt\Hash;
|
||||
use phpseclib\Crypt\RSA\OpenSSH;
|
||||
use phpseclib\Math\BigInteger;
|
||||
|
||||
/**
|
||||
* PuTTY Formatted RSA Key Handler
|
||||
|
@ -24,14 +24,6 @@
|
||||
|
||||
namespace phpseclib\Crypt;
|
||||
|
||||
use phpseclib\Crypt\AES;
|
||||
use phpseclib\Crypt\Base;
|
||||
use phpseclib\Crypt\Blowfish;
|
||||
use phpseclib\Crypt\DES;
|
||||
use phpseclib\Crypt\RC4;
|
||||
use phpseclib\Crypt\TripleDES;
|
||||
use phpseclib\Crypt\Twofish;
|
||||
|
||||
/**
|
||||
* Pure-PHP Random Number Generator
|
||||
*
|
||||
@ -149,13 +141,13 @@ class Random
|
||||
session_start();
|
||||
|
||||
$v = $seed = $_SESSION['seed'] = pack('H*', sha1(
|
||||
serialize($_SERVER) .
|
||||
serialize($_POST) .
|
||||
serialize($_GET) .
|
||||
serialize($_COOKIE) .
|
||||
serialize($GLOBALS) .
|
||||
serialize($_SESSION) .
|
||||
serialize($_OLD_SESSION)
|
||||
(isset($_SERVER) ? self::safe_serialize($_SERVER) : '') .
|
||||
(isset($_POST) ? self::safe_serialize($_POST) : '') .
|
||||
(isset($_GET) ? self::safe_serialize($_GET) : '') .
|
||||
(isset($_COOKIE) ? self::safe_serialize($_COOKIE) : '') .
|
||||
self::safe_serialize($GLOBALS) .
|
||||
self::safe_serialize($_SESSION) .
|
||||
self::safe_serialize($_OLD_SESSION)
|
||||
));
|
||||
if (!isset($_SESSION['count'])) {
|
||||
$_SESSION['count'] = 0;
|
||||
@ -240,4 +232,36 @@ class Random
|
||||
}
|
||||
return substr($result, 0, $length);
|
||||
}
|
||||
|
||||
/**
|
||||
* Safely serialize variables
|
||||
*
|
||||
* If a class has a private __sleep() it'll emit a warning
|
||||
*
|
||||
* @param mixed $arr
|
||||
* @access public
|
||||
*/
|
||||
function safe_serialize(&$arr)
|
||||
{
|
||||
if (is_object($arr)) {
|
||||
return '';
|
||||
}
|
||||
if (!is_array($arr)) {
|
||||
return serialize($arr);
|
||||
}
|
||||
// prevent circular array recursion
|
||||
if (isset($arr['__phpseclib_marker'])) {
|
||||
return '';
|
||||
}
|
||||
$safearr = array();
|
||||
$arr['__phpseclib_marker'] = true;
|
||||
foreach (array_keys($arr) as $key) {
|
||||
// do not recurse on the '__phpseclib_marker' key itself, for smaller memory usage
|
||||
if ($key !== '__phpseclib_marker') {
|
||||
$safearr[$key] = self::safe_serialize($arr[$key]);
|
||||
}
|
||||
}
|
||||
unset($arr['__phpseclib_marker']);
|
||||
return serialize($safearr);
|
||||
}
|
||||
}
|
||||
|
@ -54,8 +54,6 @@
|
||||
|
||||
namespace phpseclib\Crypt;
|
||||
|
||||
use phpseclib\Crypt\Base;
|
||||
|
||||
/**
|
||||
* Pure-PHP implementation of Rijndael.
|
||||
*
|
||||
|
@ -36,9 +36,6 @@
|
||||
|
||||
namespace phpseclib\Crypt;
|
||||
|
||||
use phpseclib\Crypt\Base;
|
||||
use phpseclib\Crypt\DES;
|
||||
|
||||
/**
|
||||
* Pure-PHP implementation of Triple DES.
|
||||
*
|
||||
|
@ -37,8 +37,6 @@
|
||||
|
||||
namespace phpseclib\Crypt;
|
||||
|
||||
use phpseclib\Crypt\Base;
|
||||
|
||||
/**
|
||||
* Pure-PHP implementation of Twofish.
|
||||
*
|
||||
|
@ -27,12 +27,11 @@
|
||||
namespace phpseclib\File;
|
||||
|
||||
use phpseclib\Crypt\Hash;
|
||||
use phpseclib\Crypt\RSA;
|
||||
use phpseclib\Crypt\Random;
|
||||
use phpseclib\File\ASN1;
|
||||
use phpseclib\Crypt\RSA;
|
||||
use phpseclib\Exception\UnsupportedAlgorithmException;
|
||||
use phpseclib\File\ASN1\Element;
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Exception\UnsupportedAlgorithmException;
|
||||
|
||||
/**
|
||||
* Pure-PHP X.509 Parser
|
||||
@ -2201,9 +2200,7 @@ class X509
|
||||
*/
|
||||
function _decodeIP($ip)
|
||||
{
|
||||
$ip = base64_decode($ip);
|
||||
list(, $ip) = unpack('N', $ip);
|
||||
return long2ip($ip);
|
||||
return inet_ntop(base64_decode($ip));
|
||||
}
|
||||
|
||||
/**
|
||||
@ -2217,7 +2214,7 @@ class X509
|
||||
*/
|
||||
function _encodeIP($ip)
|
||||
{
|
||||
return base64_encode(pack('N', ip2long($ip)));
|
||||
return base64_encode(inet_pton($ip));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -32,8 +32,6 @@
|
||||
|
||||
namespace phpseclib\Net;
|
||||
|
||||
use phpseclib\Net\SSH1;
|
||||
use phpseclib\Net\SSH2;
|
||||
use phpseclib\Exception\FileNotFoundException;
|
||||
|
||||
/**
|
||||
|
@ -37,7 +37,6 @@
|
||||
|
||||
namespace phpseclib\Net;
|
||||
|
||||
use phpseclib\Net\SSH2;
|
||||
use phpseclib\Exception\FileNotFoundException;
|
||||
|
||||
/**
|
||||
|
@ -1306,6 +1306,7 @@ class SSH1
|
||||
/*
|
||||
$rsa = new RSA();
|
||||
$rsa->load($key, 'raw');
|
||||
$rsa->setHash('sha1');
|
||||
return $rsa->encrypt($m, RSA::PADDING_PKCS1);
|
||||
*/
|
||||
|
||||
|
@ -1171,7 +1171,7 @@ class SSH2
|
||||
'diffie-hellman-group-exchange-sha1', // RFC 4419
|
||||
'diffie-hellman-group-exchange-sha256', // RFC 4419
|
||||
);
|
||||
if (!class_exists('\Sodium')) {
|
||||
if (!function_exists('\\Sodium\\library_version_major')) {
|
||||
$kex_algorithms = array_diff(
|
||||
$kex_algorithms,
|
||||
array('curve25519-sha256@libssh.org')
|
||||
@ -2310,6 +2310,7 @@ class SSH2
|
||||
}
|
||||
|
||||
$packet = $part1 . chr(1) . $part2;
|
||||
$privatekey->setHash('sha1');
|
||||
$signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet), RSA::PADDING_PKCS1);
|
||||
$signature = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($signature), $signature);
|
||||
$packet.= pack('Na*', strlen($signature), $signature);
|
||||
@ -4058,6 +4059,7 @@ class SSH2
|
||||
|
||||
$rsa = new RSA();
|
||||
$rsa->load(array('e' => $e, 'n' => $n), 'raw');
|
||||
$rsa->setHash('sha1');
|
||||
if (!$rsa->verify($this->exchange_hash, $signature, RSA::PADDING_PKCS1)) {
|
||||
//user_error('Bad server signature');
|
||||
return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
|
||||
|
@ -34,8 +34,8 @@
|
||||
namespace phpseclib\System\SSH;
|
||||
|
||||
use phpseclib\Crypt\RSA;
|
||||
use phpseclib\System\SSH\Agent\Identity;
|
||||
use phpseclib\Exception\BadConfigurationException;
|
||||
use phpseclib\System\SSH\Agent\Identity;
|
||||
|
||||
/**
|
||||
* Pure-PHP ssh-agent client identity factory
|
||||
|
@ -15,9 +15,9 @@
|
||||
|
||||
namespace phpseclib\System\SSH\Agent;
|
||||
|
||||
use phpseclib\System\SSH\Agent;
|
||||
use phpseclib\Crypt\RSA;
|
||||
use phpseclib\Exception\UnsupportedAlgorithmException;
|
||||
use phpseclib\System\SSH\Agent;
|
||||
|
||||
/**
|
||||
* Pure-PHP ssh-agent client identity object
|
||||
@ -115,6 +115,22 @@ class Identity
|
||||
return $this->key->getPublicKey($type);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the hash
|
||||
*
|
||||
* ssh-agent only supports signatures with sha1 hashes but to maintain BC with RSA.php this function exists
|
||||
*
|
||||
* @param string $hash optional
|
||||
* @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported
|
||||
* @access public
|
||||
*/
|
||||
function setHash($hash = 'sha1')
|
||||
{
|
||||
if ($hash != 'sha1') {
|
||||
throw new UnsupportedAlgorithmException('ssh-agent can only be used with the sha1 hash');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a signature
|
||||
*
|
||||
@ -130,7 +146,7 @@ class Identity
|
||||
function sign($message, $padding = RSA::PADDING_PKCS1)
|
||||
{
|
||||
if ($padding != RSA::PADDING_PKCS1 && $padding != RSA::PADDING_RELAXED_PKCS1) {
|
||||
throw new \UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures');
|
||||
throw new UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures');
|
||||
}
|
||||
|
||||
// the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE
|
||||
|
@ -382,4 +382,20 @@ abstract class Unit_Crypt_AES_TestCase extends PhpseclibTestCase
|
||||
$this->assertSame($ciphertext, 'fd4250c0d234aa7e1aa592820aa8406b');
|
||||
$this->assertSame($aes->getKeyLength(), 256);
|
||||
}
|
||||
|
||||
/**
|
||||
* @group github938
|
||||
*/
|
||||
public function testContinuousBuffer()
|
||||
{
|
||||
$aes = new AES();
|
||||
$aes->disablePadding();
|
||||
$aes->enableContinuousBuffer();
|
||||
$aes->setIV(pack('H*', '0457bdb4a6712986688349a29eb82535'));
|
||||
$aes->setKey(pack('H*', '00d596e2c8189b2592fac358e7396ad2'));
|
||||
$aes->decrypt(pack('H*', '9aa234ea7c750a8109a0f32d768b964e'));
|
||||
$plaintext = $aes->decrypt(pack('H*', '0457bdb4a6712986688349a29eb82535'));
|
||||
$expected = pack('H*', '6572617574689e1be8d2d8d43c594cf3');
|
||||
$this->assertSame($plaintext, $expected);
|
||||
}
|
||||
}
|
||||
|
@ -225,4 +225,39 @@ aBtsWpliLSex/HHhtRW9AkBGcq67zKmEpJ9kXcYLEjJii3flFS+Ct/rNm+Hhm1l7
|
||||
$this->assertEquals($x509->getOID('id-sha256'), '2.16.840.1.101.3.4.2.1');
|
||||
$this->assertEquals($x509->getOID('zzz'), 'zzz');
|
||||
}
|
||||
|
||||
public function testIPAddressSubjectAltNamesDecoding()
|
||||
{
|
||||
$test = '-----BEGIN CERTIFICATE-----
|
||||
MIIEcTCCAlmgAwIBAgIBDjANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBQuU2Vj
|
||||
dXJlIElzc3VpbmcgQ0EgMTAeFw0xNjAxMjUyMzIwMjZaFw0yMTAxMjYyMzIwMjZa
|
||||
MBoxGDAWBgNVBAMMDzIwNC4xNTIuMjAwLjI1MDCCASIwDQYJKoZIhvcNAQEBBQAD
|
||||
ggEPADCCAQoCggEBAM9lMPiYQ26L5qXR1rlUXM0Z3DeRhDsJ/9NadLFJnvxKCV5L
|
||||
M9rlrThpK6V5VbgPgEwKVLXGtJoGSEUkLd4roJ25ZTH08GcYszWyp8nLPQRovYnN
|
||||
+aeE1aefnHcpt524f0Es9NFXh0uwRWV3ZCWSwN+mo9Qo6507KZq+q34if7/q9+De
|
||||
O5RJumVQWc9OCjCt6pQBnBua9oCAca+SIHftOdgWXqVw+Xvl6/dLeF70jJD43P00
|
||||
+bdAnGDgBdgO+p+K+XrOCaCWMcCsRX5xiK4hUG54UM5ayBST+McyfjsKxpO2djPg
|
||||
FlSL0RLg+Nj8WehANUUuaNU874Pp3FV5GTI0ZbUCAwEAAaOBvDCBuTAMBgNVHRMB
|
||||
Af8EAjAAMAsGA1UdDwQEAwIF4DATBgNVHSUEDDAKBggrBgEFBQcDATAhBgNVHREE
|
||||
GjAYhwTMmMj6hxAgAQRw8wkACQAAAAAAAAADMEMGA1UdHwQ8MDowOKA2oDSGMmh0
|
||||
dHA6Ly9jcmwuc2VjdXJlb2JzY3VyZS5jb20vP2FjdGlvbj1jcmwmY2E9aXNzdWUx
|
||||
MB8GA1UdIwQYMBaAFOJWVCX4poZSBzemgihf9dAhFNHJMA0GCSqGSIb3DQEBCwUA
|
||||
A4ICAQAce9whx4InRtzk1to6oeRxTCbeNDjNFuTkotphSws4hDoaz3nyFLSYyMT4
|
||||
aKFnNP9AmMS5nEXphtP4HP9wAluTcAFMuip0rDJjiRA/khIE27KurO6cg1faFWHl
|
||||
6lh6xnEf9UFZZzTLsXt2miBiMb8olgPrBuVFWjPZ/ConesJRZRFqMd5mfntXC+2V
|
||||
zRcXdtwp9h/Am/WuvjsG/gBAPdeRNKffCokIcgfvffd2oklSDD0T9baG2MTgaxnX
|
||||
oG6e5saWjoN8bLWuCJpvjA7aErXQwXUyXx1nrTWQ1TCR2N+M62X7e07jZLKSAECP
|
||||
v6SqZ9/LDmCacVQbfg4wDC/gbpjDSKaD5fkusH6leXleWQ7X8Z03LsKvVq43a71z
|
||||
jO61kkiFAh3CegWsY+TSYjZxDq58xGMiE7y/fK+SHQXDLyY7HU4eky2l3DSy8bXQ
|
||||
p64vTJ/OmAcXVNUASfBCNw0kpxuFjlxers/+6zheowB1RIKo0xvSRC4cEDRl/jFA
|
||||
b7WUT/MIe6B1r0v1gxHnFG2bFI/MhTT9V+tICOLo7+69z4jf/OFkzjYvqq2QWPgc
|
||||
sE3f2TNnmKFRJx67bEMoaaWLIR94Yuq/TWB6dTiWwk9meZkGG3OjQg/YbO6vl/Am
|
||||
NDEuGt30Vl2de7G1glnhaceB6Q9KfH7p2gAwNP9JMTtx3PtEcA==
|
||||
-----END CERTIFICATE-----';
|
||||
|
||||
$x509 = new X509();
|
||||
$cert = $x509->loadX509($test);
|
||||
$this->assertEquals($cert['tbsCertificate']['extensions'][3]['extnValue'][0]['iPAddress'], '204.152.200.250');
|
||||
$this->assertEquals($cert['tbsCertificate']['extensions'][3]['extnValue'][1]['iPAddress'], '2001:470:f309:9::3');
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user