Merge pull request #13 from phpseclib/master

sync
This commit is contained in:
Hans-Jürgen Petrich 2013-05-12 22:16:48 -07:00
commit c16de4f2d5
10 changed files with 142 additions and 71 deletions

View File

@ -17,13 +17,13 @@
* <?php * <?php
* include('Crypt/Blowfish.php'); * include('Crypt/Blowfish.php');
* *
* $Blowfish = new Crypt_Blowfish(); * $blowfish = new Crypt_Blowfish();
* *
* $Blowfish->setKey('12345678901234567890123456789012'); * $blowfish->setKey('12345678901234567890123456789012');
* *
* $plaintext = str_repeat('a', 1024); * $plaintext = str_repeat('a', 1024);
* *
* echo $Blowfish->decrypt($Blowfish->encrypt($plaintext)); * echo $blowfish->decrypt($blowfish->encrypt($plaintext));
* ?> * ?>
* </code> * </code>
* *
@ -436,7 +436,8 @@ class Crypt_Blowfish {
0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6
); );
/** P-Array consists of 18 32-bit subkeys /**
* P-Array consists of 18 32-bit subkeys
* *
* @var array $parray * @var array $parray
* @access private * @access private
@ -447,7 +448,10 @@ class Crypt_Blowfish {
0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b
); );
/** The BCTX-working Array, holds the expanded key [p] and the key-depended s-boxes [sb] /**
* The BCTX-working Array
*
* Holds the expanded key [p] and the key-depended s-boxes [sb]
* *
* @var array $bctx * @var array $bctx
* @access private * @access private
@ -598,7 +602,8 @@ class Crypt_Blowfish {
} }
} }
/** This functions encrypt the block. /**
* Encrypt the block.
* *
* @access private * @access private
* @param int $Xl left uInt32 part of the block * @param int $Xl left uInt32 part of the block

View File

@ -14,7 +14,7 @@
* - {@link http://en.wikipedia.org/wiki/RC4 - Wikipedia: RC4} * - {@link http://en.wikipedia.org/wiki/RC4 - Wikipedia: RC4}
* *
* RC4 is also known as ARCFOUR or ARC4. The reason is elaborated upon at Wikipedia. This class is named RC4 and not * RC4 is also known as ARCFOUR or ARC4. The reason is elaborated upon at Wikipedia. This class is named RC4 and not
* ARCFOUR or ARC4 because RC4 is how it is refered to in the SSH1 specification. * ARCFOUR or ARC4 because RC4 is how it is referred to in the SSH1 specification.
* *
* Here's a short example of how to use this library: * Here's a short example of how to use this library:
* <code> * <code>

View File

@ -449,6 +449,14 @@ class Crypt_RSA {
*/ */
var $configFile; var $configFile;
/**
* Public key comment field.
*
* @var String
* @access private
*/
var $comment = 'phpseclib-generated-key';
/** /**
* The constructor * The constructor
* *
@ -473,10 +481,6 @@ class Crypt_RSA {
} }
} }
if (!defined('CRYPT_RSA_COMMENT')) {
define('CRYPT_RSA_COMMENT', 'phpseclib-generated-key');
}
$this->zero = new Math_BigInteger(); $this->zero = new Math_BigInteger();
$this->one = new Math_BigInteger(1); $this->one = new Math_BigInteger(1);
@ -720,13 +724,13 @@ class Crypt_RSA {
$key = "PuTTY-User-Key-File-2: ssh-rsa\r\nEncryption: "; $key = "PuTTY-User-Key-File-2: ssh-rsa\r\nEncryption: ";
$encryption = (!empty($this->password) || is_string($this->password)) ? 'aes256-cbc' : 'none'; $encryption = (!empty($this->password) || is_string($this->password)) ? 'aes256-cbc' : 'none';
$key.= $encryption; $key.= $encryption;
$key.= "\r\nComment: " . CRYPT_RSA_COMMENT . "\r\n"; $key.= "\r\nComment: " . $this->comment . "\r\n";
$public = pack('Na*Na*Na*', $public = pack('Na*Na*Na*',
strlen('ssh-rsa'), 'ssh-rsa', strlen($raw['publicExponent']), $raw['publicExponent'], strlen($raw['modulus']), $raw['modulus'] strlen('ssh-rsa'), 'ssh-rsa', strlen($raw['publicExponent']), $raw['publicExponent'], strlen($raw['modulus']), $raw['modulus']
); );
$source = pack('Na*Na*Na*Na*', $source = pack('Na*Na*Na*Na*',
strlen('ssh-rsa'), 'ssh-rsa', strlen($encryption), $encryption, strlen('ssh-rsa'), 'ssh-rsa', strlen($encryption), $encryption,
strlen(CRYPT_RSA_COMMENT), CRYPT_RSA_COMMENT, strlen($public), $public strlen($this->comment), $this->comment, strlen($public), $public
); );
$public = base64_encode($public); $public = base64_encode($public);
$key.= "Public-Lines: " . ((strlen($public) + 32) >> 6) . "\r\n"; $key.= "Public-Lines: " . ((strlen($public) + 32) >> 6) . "\r\n";
@ -853,7 +857,7 @@ class Crypt_RSA {
// mpint e // mpint e
// mpint n // mpint n
$RSAPublicKey = pack('Na*Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($publicExponent), $publicExponent, strlen($modulus), $modulus); $RSAPublicKey = pack('Na*Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($publicExponent), $publicExponent, strlen($modulus), $modulus);
$RSAPublicKey = 'ssh-rsa ' . base64_encode($RSAPublicKey) . ' ' . CRYPT_RSA_COMMENT; $RSAPublicKey = 'ssh-rsa ' . base64_encode($RSAPublicKey) . ' ' . $this->comment;
return $RSAPublicKey; return $RSAPublicKey;
default: // eg. CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW or CRYPT_RSA_PUBLIC_FORMAT_PKCS1 default: // eg. CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW or CRYPT_RSA_PUBLIC_FORMAT_PKCS1
@ -1128,11 +1132,15 @@ class Crypt_RSA {
return $components; return $components;
case CRYPT_RSA_PUBLIC_FORMAT_OPENSSH: case CRYPT_RSA_PUBLIC_FORMAT_OPENSSH:
$key = base64_decode(preg_replace('#^ssh-rsa | .+$#', '', $key)); $parts = explode(' ', $key, 3);
$key = isset($parts[1]) ? base64_decode($parts[1]) : false;
if ($key === false) { if ($key === false) {
return false; return false;
} }
$comment = isset($parts[2]) ? $parts[2] : false;
$cleanup = substr($key, 0, 11) == "\0\0\0\7ssh-rsa"; $cleanup = substr($key, 0, 11) == "\0\0\0\7ssh-rsa";
if (strlen($key) <= 4) { if (strlen($key) <= 4) {
@ -1154,12 +1162,14 @@ class Crypt_RSA {
$realModulus = new Math_BigInteger($this->_string_shift($key, $length), -256); $realModulus = new Math_BigInteger($this->_string_shift($key, $length), -256);
return strlen($key) ? false : array( return strlen($key) ? false : array(
'modulus' => $realModulus, 'modulus' => $realModulus,
'publicExponent' => $modulus 'publicExponent' => $modulus,
'comment' => $comment
); );
} else { } else {
return strlen($key) ? false : array( return strlen($key) ? false : array(
'modulus' => $modulus, 'modulus' => $modulus,
'publicExponent' => $publicExponent 'publicExponent' => $publicExponent,
'comment' => $comment
); );
} }
// http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue // http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue
@ -1187,6 +1197,7 @@ class Crypt_RSA {
return false; return false;
} }
$encryption = trim(preg_replace('#Encryption: (.+)#', '$1', $key[1])); $encryption = trim(preg_replace('#Encryption: (.+)#', '$1', $key[1]));
$comment = trim(preg_replace('#Comment: (.+)#', '$1', $key[2]));
$publicLength = trim(preg_replace('#Public-Lines: (\d+)#', '$1', $key[3])); $publicLength = trim(preg_replace('#Public-Lines: (\d+)#', '$1', $key[3]));
$public = base64_decode(implode('', array_map('trim', array_slice($key, 4, $publicLength)))); $public = base64_decode(implode('', array_map('trim', array_slice($key, 4, $publicLength))));
@ -1380,6 +1391,9 @@ class Crypt_RSA {
return false; return false;
} }
if (isset($components['comment']) && $components['comment'] !== false) {
$this->comment = $components['comment'];
}
$this->modulus = $components['modulus']; $this->modulus = $components['modulus'];
$this->k = strlen($this->modulus->toBytes()); $this->k = strlen($this->modulus->toBytes());
$this->exponent = isset($components['privateExponent']) ? $components['privateExponent'] : $components['publicExponent']; $this->exponent = isset($components['privateExponent']) ? $components['privateExponent'] : $components['publicExponent'];
@ -2530,6 +2544,28 @@ class Crypt_RSA {
$this->signatureMode = $mode; $this->signatureMode = $mode;
} }
/**
* Set public key comment.
*
* @access public
* @param String $comment
*/
function setComment($comment)
{
$this->comment = $comment;
}
/**
* Get public key comment.
*
* @access public
* @return String
*/
function getComment()
{
return $this->comment;
}
/** /**
* Encryption * Encryption
* *

View File

@ -642,7 +642,7 @@ class Crypt_Rijndael {
* Sets the key length * Sets the key length
* *
* Valid key lengths are 128, 160, 192, 224, and 256. If the length is less than 128, it will be rounded up to * Valid key lengths are 128, 160, 192, 224, and 256. If the length is less than 128, it will be rounded up to
* 128. If the length is greater then 128 and invalid, it will be rounded down to the closest valid amount. * 128. If the length is greater than 128 and invalid, it will be rounded down to the closest valid amount.
* *
* @access public * @access public
* @param Integer $length * @param Integer $length
@ -720,7 +720,7 @@ class Crypt_Rijndael {
* Sets the block length * Sets the block length
* *
* Valid block lengths are 128, 160, 192, 224, and 256. If the length is less than 128, it will be rounded up to * Valid block lengths are 128, 160, 192, 224, and 256. If the length is less than 128, it will be rounded up to
* 128. If the length is greater then 128 and invalid, it will be rounded down to the closest valid amount. * 128. If the length is greater than 128 and invalid, it will be rounded down to the closest valid amount.
* *
* @access public * @access public
* @param Integer $length * @param Integer $length

View File

@ -4330,7 +4330,7 @@ class File_X509 {
{ {
/* /*
X.509 certs are assumed to be base64 encoded but sometimes they'll have additional things in them above and beyond the ceritificate. ie. X.509 certs are assumed to be base64 encoded but sometimes they'll have additional things in them above and beyond the ceritificate. ie.
some may have the following preceeding the -----BEGIN CERTIFICATE----- line: some may have the following preceding the -----BEGIN CERTIFICATE----- line:
Bag Attributes Bag Attributes
localKeyID: 01 00 00 00 localKeyID: 01 00 00 00

View File

@ -222,7 +222,7 @@ class Math_BigInteger {
var $bitmask = false; var $bitmask = false;
/** /**
* Mode independant value used for serialization. * Mode independent value used for serialization.
* *
* If the bcmath or gmp extensions are installed $this->value will be a non-serializable resource, hence the need for * If the bcmath or gmp extensions are installed $this->value will be a non-serializable resource, hence the need for
* a variable that'll be serializable regardless of whether or not extensions are being used. Unlike $this->value, * a variable that'll be serializable regardless of whether or not extensions are being used. Unlike $this->value,
@ -414,7 +414,7 @@ class Math_BigInteger {
case 10: case 10:
case -10: case -10:
// (?<!^)(?:-).*: find any -'s that aren't at the beginning and then any characters that follow that // (?<!^)(?:-).*: find any -'s that aren't at the beginning and then any characters that follow that
// (?<=^|-)0*: find any 0's that are preceeded by the start of the string or by a - (ie. octals) // (?<=^|-)0*: find any 0's that are preceded by the start of the string or by a - (ie. octals)
// [^-0-9].*: find any non-numeric characters and then any characters that follow that // [^-0-9].*: find any non-numeric characters and then any characters that follow that
$x = preg_replace('#(?<!^)(?:-).*|(?<=^|-)0*|[^-0-9].*#', '', $x); $x = preg_replace('#(?<!^)(?:-).*|(?<=^|-)0*|[^-0-9].*#', '', $x);

View File

@ -201,7 +201,7 @@ class Net_SCP {
return false; return false;
} }
$size = filesize($data); $size = filesize($data);
for ($i = 0; $i < $length; $i++) { for ($i = 0; $i < $size; $i += $this->packet_size) {
$this->_send(fgets($fp, $this->packet_size)); $this->_send(fgets($fp, $this->packet_size));
} }
fclose($fp); fclose($fp);

View File

@ -1059,9 +1059,9 @@ class Net_SFTP extends Net_SSH2 {
$atime = $time; $atime = $time;
} }
$flags = NET_SFTP_OPEN_CREATE | NET_SFTP_OPEN_EXCL; $flags = NET_SFTP_OPEN_WRITE | NET_SFTP_OPEN_CREATE | NET_SFTP_OPEN_EXCL;
$attr = pack('N3', NET_SFTP_ATTR_ACCESSTIME, $time, $atime); $attr = pack('N3', NET_SFTP_ATTR_ACCESSTIME, $time, $atime);
$packet = pack('Na*N2', strlen($filename), $filename, $flags, $attr); $packet = pack('Na*Na*', strlen($filename), $filename, $flags, $attr);
if (!$this->_send_sftp_packet(NET_SFTP_OPEN, $packet)) { if (!$this->_send_sftp_packet(NET_SFTP_OPEN, $packet)) {
return false; return false;
} }
@ -1649,7 +1649,6 @@ class Net_SFTP extends Net_SSH2 {
} }
$size = (1 << 20) < $length || $length < 0 ? 1 << 20 : $length; $size = (1 << 20) < $length || $length < 0 ? 1 << 20 : $length;
$start = $offset;
while (true) { while (true) {
$packet = pack('Na*N3', strlen($handle), $handle, 0, $offset, $size); $packet = pack('Na*N3', strlen($handle), $handle, 0, $offset, $size);
if (!$this->_send_sftp_packet(NET_SFTP_READ, $packet)) { if (!$this->_send_sftp_packet(NET_SFTP_READ, $packet)) {

View File

@ -262,7 +262,7 @@ class Net_SFTP_Stream {
} }
} }
$this->pos = $this->mode[0] != 'a' ? 0 : $size; $this->pos = $this->mode[0] != 'a' ? 0 : $this->size;
return true; return true;
} }
@ -297,7 +297,7 @@ class Net_SFTP_Stream {
return 0; return 0;
} }
// seems that PHP calls stream_read in 8k chunks // seems that PHP calls stream_read in 8k chunks
call_user_func($this->notification, STREAM_NOTIFY_PROGRESS, STREAM_NOTIFY_SEVERITY_INFO, '', 0, strlen($result), $size); call_user_func($this->notification, STREAM_NOTIFY_PROGRESS, STREAM_NOTIFY_SEVERITY_INFO, '', 0, strlen($result), $this->size);
} }
if (empty($result)) { // ie. false or empty string if (empty($result)) { // ie. false or empty string

View File

@ -119,6 +119,13 @@ if (!class_exists('Crypt_Twofish')) {
require_once('Crypt/Twofish.php'); require_once('Crypt/Twofish.php');
} }
/**
* Include Crypt_Blowfish
*/
if (!class_exists('Crypt_Blowfish')) {
require_once('Crypt/Blowfish.php');
}
/**#@+ /**#@+
* Execution Bitmap Masks * Execution Bitmap Masks
* *
@ -584,7 +591,7 @@ class Net_SSH2 {
/** /**
* The Window Size * The Window Size
* *
* Bytes the other party can send before it must wait for the window to be adjusted (0x7FFFFFFF = 4GB) * Bytes the other party can send before it must wait for the window to be adjusted (0x7FFFFFFF = 2GB)
* *
* @var Integer * @var Integer
* @see Net_SSH2::_send_channel_packet() * @see Net_SSH2::_send_channel_packet()
@ -984,6 +991,8 @@ class Net_SSH2 {
'aes192-ctr', // RECOMMENDED AES with 192-bit key 'aes192-ctr', // RECOMMENDED AES with 192-bit key
'aes256-ctr', // RECOMMENDED AES with 256-bit key 'aes256-ctr', // RECOMMENDED AES with 256-bit key
'blowfish-ctr', // OPTIONAL Blowfish in SDCTR mode
'twofish128-ctr', // OPTIONAL Twofish in SDCTR mode, with 128-bit key 'twofish128-ctr', // OPTIONAL Twofish in SDCTR mode, with 128-bit key
'twofish192-ctr', // OPTIONAL Twofish with 192-bit key 'twofish192-ctr', // OPTIONAL Twofish with 192-bit key
'twofish256-ctr', // OPTIONAL Twofish with 256-bit key 'twofish256-ctr', // OPTIONAL Twofish with 256-bit key
@ -992,6 +1001,8 @@ class Net_SSH2 {
'aes192-cbc', // OPTIONAL AES with a 192-bit key 'aes192-cbc', // OPTIONAL AES with a 192-bit key
'aes256-cbc', // OPTIONAL AES in CBC mode, with a 256-bit key 'aes256-cbc', // OPTIONAL AES in CBC mode, with a 256-bit key
'blowfish-cbc', // OPTIONAL Blowfish in CBC mode
'twofish128-cbc', // OPTIONAL Twofish with a 128-bit key 'twofish128-cbc', // OPTIONAL Twofish with a 128-bit key
'twofish192-cbc', // OPTIONAL Twofish with a 192-bit key 'twofish192-cbc', // OPTIONAL Twofish with a 192-bit key
'twofish256-cbc', 'twofish256-cbc',
@ -1124,6 +1135,8 @@ class Net_SSH2 {
case 'aes128-ctr': case 'aes128-ctr':
case 'twofish128-cbc': case 'twofish128-cbc':
case 'twofish128-ctr': case 'twofish128-ctr':
case 'blowfish-cbc':
case 'blowfish-ctr':
$decryptKeyLength = 16; // eg. 128 / 8 $decryptKeyLength = 16; // eg. 128 / 8
break; break;
case 'arcfour': case 'arcfour':
@ -1166,6 +1179,8 @@ class Net_SSH2 {
case 'aes128-ctr': case 'aes128-ctr':
case 'twofish128-cbc': case 'twofish128-cbc':
case 'twofish128-ctr': case 'twofish128-ctr':
case 'blowfish-cbc':
case 'blowfish-ctr':
$encryptKeyLength = 16; $encryptKeyLength = 16;
break; break;
case 'arcfour': case 'arcfour':
@ -1338,6 +1353,14 @@ class Net_SSH2 {
$this->encrypt = new Crypt_AES(CRYPT_AES_MODE_CTR); $this->encrypt = new Crypt_AES(CRYPT_AES_MODE_CTR);
$this->encrypt_block_size = 16; // eg. 128 / 8 $this->encrypt_block_size = 16; // eg. 128 / 8
break; break;
case 'blowfish-cbc':
$this->encrypt = new Crypt_Blowfish();
$this->encrypt_block_size = 8;
break;
case 'blowfish-ctr':
$this->encrypt = new Crypt_Blowfish(CRYPT_BLOWFISH_MODE_CTR);
$this->encrypt_block_size = 8;
break;
case 'twofish128-cbc': case 'twofish128-cbc':
case 'twofish192-cbc': case 'twofish192-cbc':
case 'twofish256-cbc': case 'twofish256-cbc':
@ -1379,6 +1402,14 @@ class Net_SSH2 {
$this->decrypt = new Crypt_AES(CRYPT_AES_MODE_CTR); $this->decrypt = new Crypt_AES(CRYPT_AES_MODE_CTR);
$this->decrypt_block_size = 16; $this->decrypt_block_size = 16;
break; break;
case 'blowfish-cbc':
$this->decrypt = new Crypt_Blowfish();
$this->decrypt_block_size = 8;
break;
case 'blowfish-ctr':
$this->decrypt = new Crypt_Blowfish(CRYPT_BLOWFISH_MODE_CTR);
$this->decrypt_block_size = 8;
break;
case 'twofish128-cbc': case 'twofish128-cbc':
case 'twofish192-cbc': case 'twofish192-cbc':
case 'twofish256-cbc': case 'twofish256-cbc':
@ -1982,8 +2013,8 @@ class Net_SSH2 {
} }
// RFC4254 defines the (client) window size as "bytes the other party can send before it must wait for the window to // RFC4254 defines the (client) window size as "bytes the other party can send before it must wait for the window to
// be adjusted". 0x7FFFFFFF is, at 4GB, the max size. technically, it should probably be decremented, but, // be adjusted". 0x7FFFFFFF is, at 2GB, the max size. technically, it should probably be decremented, but,
// honestly, if you're transfering more than 4GB, you probably shouldn't be using phpseclib, anyway. // honestly, if you're transfering more than 2GB, you probably shouldn't be using phpseclib, anyway.
// see http://tools.ietf.org/html/rfc4254#section-5.2 for more info // see http://tools.ietf.org/html/rfc4254#section-5.2 for more info
$this->window_size_client_to_server[NET_SSH2_CHANNEL_EXEC] = 0x7FFFFFFF; $this->window_size_client_to_server[NET_SSH2_CHANNEL_EXEC] = 0x7FFFFFFF;
// 0x8000 is the maximum max packet size, per http://tools.ietf.org/html/rfc4253#section-6.1, although since PuTTy // 0x8000 is the maximum max packet size, per http://tools.ietf.org/html/rfc4253#section-6.1, although since PuTTy
@ -2743,7 +2774,7 @@ class Net_SSH2 {
case NET_SSH2_LOG_REALTIME_FILE: case NET_SSH2_LOG_REALTIME_FILE:
if (!isset($this->realtime_log_file)) { if (!isset($this->realtime_log_file)) {
// PHP doesn't seem to like using constants in fopen() // PHP doesn't seem to like using constants in fopen()
$filename = NET_SSH2_LOG_REALTIME_FILE; $filename = NET_SSH2_LOG_REALTIME_FILENAME;
$fp = fopen($filename, 'w'); $fp = fopen($filename, 'w');
$this->realtime_log_file = $fp; $this->realtime_log_file = $fp;
} }