Merge branch 'master' into cipher-revamp

This commit is contained in:
terrafrost 2016-02-20 21:44:00 -06:00
commit ae1e5c13f9
24 changed files with 134 additions and 62 deletions

View File

@ -49,8 +49,6 @@
namespace phpseclib\Crypt;
use phpseclib\Crypt\Rijndael;
/**
* Pure-PHP implementation of AES.
*

View File

@ -36,8 +36,6 @@
namespace phpseclib\Crypt;
use phpseclib\Crypt\Hash;
/**
* Base Class for all \phpseclib\Crypt\* cipher classes
*
@ -727,10 +725,13 @@ abstract class Base
return !defined('OPENSSL_RAW_DATA') ? substr($result, 0, -$this->block_size) : $result;
case self::MODE_CBC:
$result = openssl_encrypt($plaintext, $this->cipher_name_openssl, $this->key, $this->openssl_options, $this->encryptIV);
if (!defined('OPENSSL_RAW_DATA')) {
$result = substr($result, 0, -$this->block_size);
}
if ($this->continuousBuffer) {
$this->encryptIV = substr($result, -$this->block_size);
}
return !defined('OPENSSL_RAW_DATA') ? substr($result, 0, -$this->block_size) : $result;
return $result;
case self::MODE_CTR:
return $this->_openssl_ctr_process($plaintext, $this->encryptIV, $this->enbuffer);
case self::MODE_CFB:
@ -1032,10 +1033,13 @@ abstract class Base
if (!defined('OPENSSL_RAW_DATA')) {
$padding = str_repeat(chr($this->block_size), $this->block_size) ^ substr($ciphertext, -$this->block_size);
$ciphertext.= substr(openssl_encrypt($padding, $this->cipher_name_openssl_ecb, $this->key, true), 0, $this->block_size);
$offset = 2 * $this->block_size;
} else {
$offset = $this->block_size;
}
$plaintext = openssl_decrypt($ciphertext, $this->cipher_name_openssl, $this->key, $this->openssl_options, $this->decryptIV);
if ($this->continuousBuffer) {
$this->decryptIV = substr($ciphertext, -$this->block_size);
$this->decryptIV = substr($ciphertext, -$offset, $this->block_size);
}
break;
case self::MODE_CTR:

View File

@ -37,8 +37,6 @@
namespace phpseclib\Crypt;
use phpseclib\Crypt\Base;
/**
* Pure-PHP implementation of Blowfish.
*

View File

@ -42,8 +42,6 @@
namespace phpseclib\Crypt;
use phpseclib\Crypt\Base;
/**
* Pure-PHP implementation of DES.
*

View File

@ -35,8 +35,6 @@
namespace phpseclib\Crypt;
use phpseclib\Crypt\Base;
/**
* Pure-PHP implementation of RC2.
*

View File

@ -44,8 +44,6 @@
namespace phpseclib\Crypt;
use phpseclib\Crypt\Base;
/**
* Pure-PHP implementation of RC4.
*

View File

@ -45,8 +45,8 @@
namespace phpseclib\Crypt;
use phpseclib\Math\BigInteger;
use phpseclib\File\ASN1;
use phpseclib\Math\BigInteger;
/**
* Pure-PHP PKCS#1 compliant implementation of RSA.

View File

@ -14,10 +14,10 @@
namespace phpseclib\Crypt\RSA;
use phpseclib\Crypt\Base;
use phpseclib\Crypt\AES;
use phpseclib\Crypt\TripleDES;
use phpseclib\Crypt\Base;
use phpseclib\Crypt\DES;
use phpseclib\Crypt\TripleDES;
use phpseclib\Math\BigInteger;
/**

View File

@ -22,12 +22,11 @@
namespace phpseclib\Crypt\RSA;
use phpseclib\Math\BigInteger;
use phpseclib\Crypt\RSA\PKCS;
use phpseclib\Crypt\Random;
use phpseclib\Crypt\AES;
use phpseclib\Crypt\TripleDES;
use phpseclib\Crypt\DES;
use phpseclib\Crypt\Random;
use phpseclib\Crypt\TripleDES;
use phpseclib\Math\BigInteger;
/**
* PKCS#1 Formatted RSA Key Handler

View File

@ -24,10 +24,9 @@
namespace phpseclib\Crypt\RSA;
use phpseclib\Math\BigInteger;
use phpseclib\Crypt\RSA\PKCS;
use phpseclib\Crypt\Random;
use phpseclib\Crypt\DES;
use phpseclib\Crypt\Random;
use phpseclib\Math\BigInteger;
/**
* PKCS#8 Formatted RSA Key Handler

View File

@ -14,10 +14,9 @@
namespace phpseclib\Crypt\RSA;
use phpseclib\Math\BigInteger;
use phpseclib\Crypt\AES;
use phpseclib\Crypt\Hash;
use phpseclib\Crypt\RSA\OpenSSH;
use phpseclib\Math\BigInteger;
/**
* PuTTY Formatted RSA Key Handler

View File

@ -24,14 +24,6 @@
namespace phpseclib\Crypt;
use phpseclib\Crypt\AES;
use phpseclib\Crypt\Base;
use phpseclib\Crypt\Blowfish;
use phpseclib\Crypt\DES;
use phpseclib\Crypt\RC4;
use phpseclib\Crypt\TripleDES;
use phpseclib\Crypt\Twofish;
/**
* Pure-PHP Random Number Generator
*
@ -149,13 +141,13 @@ class Random
session_start();
$v = $seed = $_SESSION['seed'] = pack('H*', sha1(
serialize($_SERVER) .
serialize($_POST) .
serialize($_GET) .
serialize($_COOKIE) .
serialize($GLOBALS) .
serialize($_SESSION) .
serialize($_OLD_SESSION)
(isset($_SERVER) ? self::safe_serialize($_SERVER) : '') .
(isset($_POST) ? self::safe_serialize($_POST) : '') .
(isset($_GET) ? self::safe_serialize($_GET) : '') .
(isset($_COOKIE) ? self::safe_serialize($_COOKIE) : '') .
self::safe_serialize($GLOBALS) .
self::safe_serialize($_SESSION) .
self::safe_serialize($_OLD_SESSION)
));
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
@ -240,4 +232,36 @@ class Random
}
return substr($result, 0, $length);
}
/**
* Safely serialize variables
*
* If a class has a private __sleep() it'll emit a warning
*
* @param mixed $arr
* @access public
*/
function safe_serialize(&$arr)
{
if (is_object($arr)) {
return '';
}
if (!is_array($arr)) {
return serialize($arr);
}
// prevent circular array recursion
if (isset($arr['__phpseclib_marker'])) {
return '';
}
$safearr = array();
$arr['__phpseclib_marker'] = true;
foreach (array_keys($arr) as $key) {
// do not recurse on the '__phpseclib_marker' key itself, for smaller memory usage
if ($key !== '__phpseclib_marker') {
$safearr[$key] = self::safe_serialize($arr[$key]);
}
}
unset($arr['__phpseclib_marker']);
return serialize($safearr);
}
}

View File

@ -54,8 +54,6 @@
namespace phpseclib\Crypt;
use phpseclib\Crypt\Base;
/**
* Pure-PHP implementation of Rijndael.
*

View File

@ -36,9 +36,6 @@
namespace phpseclib\Crypt;
use phpseclib\Crypt\Base;
use phpseclib\Crypt\DES;
/**
* Pure-PHP implementation of Triple DES.
*

View File

@ -37,8 +37,6 @@
namespace phpseclib\Crypt;
use phpseclib\Crypt\Base;
/**
* Pure-PHP implementation of Twofish.
*

View File

@ -27,12 +27,11 @@
namespace phpseclib\File;
use phpseclib\Crypt\Hash;
use phpseclib\Crypt\RSA;
use phpseclib\Crypt\Random;
use phpseclib\File\ASN1;
use phpseclib\Crypt\RSA;
use phpseclib\Exception\UnsupportedAlgorithmException;
use phpseclib\File\ASN1\Element;
use phpseclib\Math\BigInteger;
use phpseclib\Exception\UnsupportedAlgorithmException;
/**
* Pure-PHP X.509 Parser
@ -2201,9 +2200,7 @@ class X509
*/
function _decodeIP($ip)
{
$ip = base64_decode($ip);
list(, $ip) = unpack('N', $ip);
return long2ip($ip);
return inet_ntop(base64_decode($ip));
}
/**
@ -2217,7 +2214,7 @@ class X509
*/
function _encodeIP($ip)
{
return base64_encode(pack('N', ip2long($ip)));
return base64_encode(inet_pton($ip));
}
/**

View File

@ -32,8 +32,6 @@
namespace phpseclib\Net;
use phpseclib\Net\SSH1;
use phpseclib\Net\SSH2;
use phpseclib\Exception\FileNotFoundException;
/**

View File

@ -37,7 +37,6 @@
namespace phpseclib\Net;
use phpseclib\Net\SSH2;
use phpseclib\Exception\FileNotFoundException;
/**

View File

@ -1306,6 +1306,7 @@ class SSH1
/*
$rsa = new RSA();
$rsa->load($key, 'raw');
$rsa->setHash('sha1');
return $rsa->encrypt($m, RSA::PADDING_PKCS1);
*/

View File

@ -1171,7 +1171,7 @@ class SSH2
'diffie-hellman-group-exchange-sha1', // RFC 4419
'diffie-hellman-group-exchange-sha256', // RFC 4419
);
if (!class_exists('\Sodium')) {
if (!function_exists('\\Sodium\\library_version_major')) {
$kex_algorithms = array_diff(
$kex_algorithms,
array('curve25519-sha256@libssh.org')
@ -2310,6 +2310,7 @@ class SSH2
}
$packet = $part1 . chr(1) . $part2;
$privatekey->setHash('sha1');
$signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet), RSA::PADDING_PKCS1);
$signature = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($signature), $signature);
$packet.= pack('Na*', strlen($signature), $signature);
@ -4058,6 +4059,7 @@ class SSH2
$rsa = new RSA();
$rsa->load(array('e' => $e, 'n' => $n), 'raw');
$rsa->setHash('sha1');
if (!$rsa->verify($this->exchange_hash, $signature, RSA::PADDING_PKCS1)) {
//user_error('Bad server signature');
return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);

View File

@ -34,8 +34,8 @@
namespace phpseclib\System\SSH;
use phpseclib\Crypt\RSA;
use phpseclib\System\SSH\Agent\Identity;
use phpseclib\Exception\BadConfigurationException;
use phpseclib\System\SSH\Agent\Identity;
/**
* Pure-PHP ssh-agent client identity factory

View File

@ -15,9 +15,9 @@
namespace phpseclib\System\SSH\Agent;
use phpseclib\System\SSH\Agent;
use phpseclib\Crypt\RSA;
use phpseclib\Exception\UnsupportedAlgorithmException;
use phpseclib\System\SSH\Agent;
/**
* Pure-PHP ssh-agent client identity object
@ -115,6 +115,22 @@ class Identity
return $this->key->getPublicKey($type);
}
/**
* Sets the hash
*
* ssh-agent only supports signatures with sha1 hashes but to maintain BC with RSA.php this function exists
*
* @param string $hash optional
* @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported
* @access public
*/
function setHash($hash = 'sha1')
{
if ($hash != 'sha1') {
throw new UnsupportedAlgorithmException('ssh-agent can only be used with the sha1 hash');
}
}
/**
* Create a signature
*
@ -130,7 +146,7 @@ class Identity
function sign($message, $padding = RSA::PADDING_PKCS1)
{
if ($padding != RSA::PADDING_PKCS1 && $padding != RSA::PADDING_RELAXED_PKCS1) {
throw new \UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures');
throw new UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures');
}
// the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE

View File

@ -382,4 +382,20 @@ abstract class Unit_Crypt_AES_TestCase extends PhpseclibTestCase
$this->assertSame($ciphertext, 'fd4250c0d234aa7e1aa592820aa8406b');
$this->assertSame($aes->getKeyLength(), 256);
}
/**
* @group github938
*/
public function testContinuousBuffer()
{
$aes = new AES();
$aes->disablePadding();
$aes->enableContinuousBuffer();
$aes->setIV(pack('H*', '0457bdb4a6712986688349a29eb82535'));
$aes->setKey(pack('H*', '00d596e2c8189b2592fac358e7396ad2'));
$aes->decrypt(pack('H*', '9aa234ea7c750a8109a0f32d768b964e'));
$plaintext = $aes->decrypt(pack('H*', '0457bdb4a6712986688349a29eb82535'));
$expected = pack('H*', '6572617574689e1be8d2d8d43c594cf3');
$this->assertSame($plaintext, $expected);
}
}

View File

@ -225,4 +225,39 @@ aBtsWpliLSex/HHhtRW9AkBGcq67zKmEpJ9kXcYLEjJii3flFS+Ct/rNm+Hhm1l7
$this->assertEquals($x509->getOID('id-sha256'), '2.16.840.1.101.3.4.2.1');
$this->assertEquals($x509->getOID('zzz'), 'zzz');
}
public function testIPAddressSubjectAltNamesDecoding()
{
$test = '-----BEGIN CERTIFICATE-----
MIIEcTCCAlmgAwIBAgIBDjANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBQuU2Vj
dXJlIElzc3VpbmcgQ0EgMTAeFw0xNjAxMjUyMzIwMjZaFw0yMTAxMjYyMzIwMjZa
MBoxGDAWBgNVBAMMDzIwNC4xNTIuMjAwLjI1MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM9lMPiYQ26L5qXR1rlUXM0Z3DeRhDsJ/9NadLFJnvxKCV5L
M9rlrThpK6V5VbgPgEwKVLXGtJoGSEUkLd4roJ25ZTH08GcYszWyp8nLPQRovYnN
+aeE1aefnHcpt524f0Es9NFXh0uwRWV3ZCWSwN+mo9Qo6507KZq+q34if7/q9+De
O5RJumVQWc9OCjCt6pQBnBua9oCAca+SIHftOdgWXqVw+Xvl6/dLeF70jJD43P00
+bdAnGDgBdgO+p+K+XrOCaCWMcCsRX5xiK4hUG54UM5ayBST+McyfjsKxpO2djPg
FlSL0RLg+Nj8WehANUUuaNU874Pp3FV5GTI0ZbUCAwEAAaOBvDCBuTAMBgNVHRMB
Af8EAjAAMAsGA1UdDwQEAwIF4DATBgNVHSUEDDAKBggrBgEFBQcDATAhBgNVHREE
GjAYhwTMmMj6hxAgAQRw8wkACQAAAAAAAAADMEMGA1UdHwQ8MDowOKA2oDSGMmh0
dHA6Ly9jcmwuc2VjdXJlb2JzY3VyZS5jb20vP2FjdGlvbj1jcmwmY2E9aXNzdWUx
MB8GA1UdIwQYMBaAFOJWVCX4poZSBzemgihf9dAhFNHJMA0GCSqGSIb3DQEBCwUA
A4ICAQAce9whx4InRtzk1to6oeRxTCbeNDjNFuTkotphSws4hDoaz3nyFLSYyMT4
aKFnNP9AmMS5nEXphtP4HP9wAluTcAFMuip0rDJjiRA/khIE27KurO6cg1faFWHl
6lh6xnEf9UFZZzTLsXt2miBiMb8olgPrBuVFWjPZ/ConesJRZRFqMd5mfntXC+2V
zRcXdtwp9h/Am/WuvjsG/gBAPdeRNKffCokIcgfvffd2oklSDD0T9baG2MTgaxnX
oG6e5saWjoN8bLWuCJpvjA7aErXQwXUyXx1nrTWQ1TCR2N+M62X7e07jZLKSAECP
v6SqZ9/LDmCacVQbfg4wDC/gbpjDSKaD5fkusH6leXleWQ7X8Z03LsKvVq43a71z
jO61kkiFAh3CegWsY+TSYjZxDq58xGMiE7y/fK+SHQXDLyY7HU4eky2l3DSy8bXQ
p64vTJ/OmAcXVNUASfBCNw0kpxuFjlxers/+6zheowB1RIKo0xvSRC4cEDRl/jFA
b7WUT/MIe6B1r0v1gxHnFG2bFI/MhTT9V+tICOLo7+69z4jf/OFkzjYvqq2QWPgc
sE3f2TNnmKFRJx67bEMoaaWLIR94Yuq/TWB6dTiWwk9meZkGG3OjQg/YbO6vl/Am
NDEuGt30Vl2de7G1glnhaceB6Q9KfH7p2gAwNP9JMTtx3PtEcA==
-----END CERTIFICATE-----';
$x509 = new X509();
$cert = $x509->loadX509($test);
$this->assertEquals($cert['tbsCertificate']['extensions'][3]['extnValue'][0]['iPAddress'], '204.152.200.250');
$this->assertEquals($cert['tbsCertificate']['extensions'][3]['extnValue'][1]['iPAddress'], '2001:470:f309:9::3');
}
}