octoleo/phpseclib
1
0
Fork 0
mirror of https://github.com/phpseclib/phpseclib.git synced 2024-11-16 10:15:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Keys/OpenSSH: throw an exception if you try to encrypt

Browse Source
This commit is contained in:
terrafrost 2020-01-18 18:52:47 -06:00
parent 0e1dff2be7
commit bed8be26d7
4 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php
View File

@ -20,6 +20,7 @@ namespace phpseclib3\Crypt\Common\Formats\Keys;
use ParagonIE\ConstantTime\Base64; use ParagonIE\ConstantTime\Base64;
use phpseclib3\Common\Functions\Strings; use phpseclib3\Common\Functions\Strings;
use phpseclib3\Crypt\Random; use phpseclib3\Crypt\Random;
use phpseclib3\Exception\UnsupportedFormatException;
/** /**
* OpenSSH Formatted RSA Key Handler * OpenSSH Formatted RSA Key Handler
@ -195,10 +196,16 @@ abstract class OpenSSH
* @access public * @access public
* @param string $publicKey * @param string $publicKey
* @param string $privateKey * @param string $privateKey
* @param string $password
* @param array $options
* @return string * @return string
*/ */
protected static function wrapPrivateKey($publicKey, $privateKey, $options) protected static function wrapPrivateKey($publicKey, $privateKey, $password, $options)
{ {
if (!empty($password) || is_string($password)) {
throw new UnsupportedFormatException('Encrypted OpenSSH private keys are not supported');
}
list(, $checkint) = unpack('N', Random::string(4)); list(, $checkint) = unpack('N', Random::string(4));
$comment = isset($options['comment']) ? $options['comment'] : self::$comment; $comment = isset($options['comment']) ? $options['comment'] : self::$comment;

2
phpseclib/Crypt/DSA/Formats/Keys/OpenSSH.php
View File

@ -121,6 +121,6 @@ abstract class OpenSSH extends Progenitor
$publicKey = self::savePublicKey($p, $q, $g, $y, ['binary' => true]); $publicKey = self::savePublicKey($p, $q, $g, $y, ['binary' => true]);
$privateKey = Strings::packSSH2('si5', 'ssh-dss', $p, $q, $g, $y, $x); $privateKey = Strings::packSSH2('si5', 'ssh-dss', $p, $q, $g, $y, $x);
return self::wrapPrivateKey($publicKey, $privateKey, $options); return self::wrapPrivateKey($publicKey, $privateKey, $password, $options);
} }
} }

4
phpseclib/Crypt/EC/Formats/Keys/OpenSSH.php
View File

@ -201,7 +201,7 @@ abstract class OpenSSH extends Progenitor
$publicKey = Strings::packSSH2('ss', 'ssh-ed25519', $pubKey); $publicKey = Strings::packSSH2('ss', 'ssh-ed25519', $pubKey);
$privateKey = Strings::packSSH2('sss', 'ssh-ed25519', $pubKey, $privateKey->secret . $pubKey); $privateKey = Strings::packSSH2('sss', 'ssh-ed25519', $pubKey, $privateKey->secret . $pubKey);
return self::wrapPrivateKey($publicKey, $privateKey, $options); return self::wrapPrivateKey($publicKey, $privateKey, $password, $options);
} }
$alias = self::getAlias($curve); $alias = self::getAlias($curve);
@ -211,6 +211,6 @@ abstract class OpenSSH extends Progenitor
$privateKey = Strings::packSSH2('sssi', 'ecdsa-sha2-' . $alias, $alias, $points, $privateKey); $privateKey = Strings::packSSH2('sssi', 'ecdsa-sha2-' . $alias, $alias, $points, $privateKey);
return self::wrapPrivateKey($publicKey, $privateKey, $options); return self::wrapPrivateKey($publicKey, $privateKey, $password, $options);
} }
} }

2
phpseclib/Crypt/RSA/Formats/Keys/OpenSSH.php
View File

@ -135,6 +135,6 @@ abstract class OpenSSH extends Progenitor
$publicKey = self::savePublicKey($n, $e, ['binary' => true]); $publicKey = self::savePublicKey($n, $e, ['binary' => true]);
$privateKey = Strings::packSSH2('si6', 'ssh-rsa', $n, $e, $d, $coefficients[2], $primes[1], $primes[2]); $privateKey = Strings::packSSH2('si6', 'ssh-rsa', $n, $e, $d, $coefficients[2], $primes[1], $primes[2]);
return self::wrapPrivateKey($publicKey, $privateKey, $options); return self::wrapPrivateKey($publicKey, $privateKey, $password, $options);
} }
} }