mirror of
https://github.com/phpseclib/phpseclib.git
synced 2024-12-28 12:10:59 +00:00
SSH: fix broken public key auth
This commit is contained in:
parent
750f7652c7
commit
c2110f68a0
@ -1302,6 +1302,7 @@ class SSH1
|
|||||||
/*
|
/*
|
||||||
$rsa = new RSA();
|
$rsa = new RSA();
|
||||||
$rsa->load($key, 'raw');
|
$rsa->load($key, 'raw');
|
||||||
|
$rsa->setHash('sha1');
|
||||||
return $rsa->encrypt($m, RSA::PADDING_PKCS1);
|
return $rsa->encrypt($m, RSA::PADDING_PKCS1);
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -2306,6 +2306,7 @@ class SSH2
|
|||||||
}
|
}
|
||||||
|
|
||||||
$packet = $part1 . chr(1) . $part2;
|
$packet = $part1 . chr(1) . $part2;
|
||||||
|
$privatekey->setHash('sha1');
|
||||||
$signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet), RSA::PADDING_PKCS1);
|
$signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet), RSA::PADDING_PKCS1);
|
||||||
$signature = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($signature), $signature);
|
$signature = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($signature), $signature);
|
||||||
$packet.= pack('Na*', strlen($signature), $signature);
|
$packet.= pack('Na*', strlen($signature), $signature);
|
||||||
@ -4054,6 +4055,7 @@ class SSH2
|
|||||||
|
|
||||||
$rsa = new RSA();
|
$rsa = new RSA();
|
||||||
$rsa->load(array('e' => $e, 'n' => $n), 'raw');
|
$rsa->load(array('e' => $e, 'n' => $n), 'raw');
|
||||||
|
$rsa->setHash('sha1');
|
||||||
if (!$rsa->verify($this->exchange_hash, $signature, RSA::PADDING_PKCS1)) {
|
if (!$rsa->verify($this->exchange_hash, $signature, RSA::PADDING_PKCS1)) {
|
||||||
//user_error('Bad server signature');
|
//user_error('Bad server signature');
|
||||||
return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
|
return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
|
||||||
|
@ -115,6 +115,22 @@ class Identity
|
|||||||
return $this->key->getPublicKey($type);
|
return $this->key->getPublicKey($type);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets the hash
|
||||||
|
*
|
||||||
|
* ssh-agent only supports signatures with sha1 hashes but to maintain BC with RSA.php this function exists
|
||||||
|
*
|
||||||
|
* @param string $hash optional
|
||||||
|
* @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported
|
||||||
|
* @access public
|
||||||
|
*/
|
||||||
|
function setHash($hash = 'sha1')
|
||||||
|
{
|
||||||
|
if ($hash != 'sha1') {
|
||||||
|
throw new UnsupportedAlgorithmException('ssh-agent can only be used with the sha1 hash');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a signature
|
* Create a signature
|
||||||
*
|
*
|
||||||
@ -130,7 +146,7 @@ class Identity
|
|||||||
function sign($message, $padding = RSA::PADDING_PKCS1)
|
function sign($message, $padding = RSA::PADDING_PKCS1)
|
||||||
{
|
{
|
||||||
if ($padding != RSA::PADDING_PKCS1 && $padding != RSA::PADDING_RELAXED_PKCS1) {
|
if ($padding != RSA::PADDING_PKCS1 && $padding != RSA::PADDING_RELAXED_PKCS1) {
|
||||||
throw new \UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures');
|
throw new UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures');
|
||||||
}
|
}
|
||||||
|
|
||||||
// the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE
|
// the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE
|
||||||
|
Loading…
Reference in New Issue
Block a user