octoleo/phpseclib
1
0
Fork 0
mirror of https://github.com/phpseclib/phpseclib.git synced 2024-09-28 07:09:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

SSH: fix broken public key auth

Browse Source
This commit is contained in:
terrafrost 2016-02-03 23:54:55 -06:00
parent 750f7652c7
commit c2110f68a0
3 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
phpseclib/Net/SSH1.php
View File

@ -1302,6 +1302,7 @@ class SSH1
/* /*
$rsa = new RSA(); $rsa = new RSA();
$rsa->load($key, 'raw'); $rsa->load($key, 'raw');
$rsa->setHash('sha1');
return $rsa->encrypt($m, RSA::PADDING_PKCS1); return $rsa->encrypt($m, RSA::PADDING_PKCS1);
*/ */

2
phpseclib/Net/SSH2.php
View File

@ -2306,6 +2306,7 @@ class SSH2
} }
$packet = $part1 . chr(1) . $part2; $packet = $part1 . chr(1) . $part2;
$privatekey->setHash('sha1');
$signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet), RSA::PADDING_PKCS1); $signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet), RSA::PADDING_PKCS1);
$signature = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($signature), $signature); $signature = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($signature), $signature);
$packet.= pack('Na*', strlen($signature), $signature); $packet.= pack('Na*', strlen($signature), $signature);
@ -4054,6 +4055,7 @@ class SSH2
$rsa = new RSA(); $rsa = new RSA();
$rsa->load(array('e' => $e, 'n' => $n), 'raw'); $rsa->load(array('e' => $e, 'n' => $n), 'raw');
$rsa->setHash('sha1');
if (!$rsa->verify($this->exchange_hash, $signature, RSA::PADDING_PKCS1)) { if (!$rsa->verify($this->exchange_hash, $signature, RSA::PADDING_PKCS1)) {
//user_error('Bad server signature'); //user_error('Bad server signature');
return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE); return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);

18
phpseclib/System/SSH/Agent/Identity.php
View File

@ -115,6 +115,22 @@ class Identity
return $this->key->getPublicKey($type); return $this->key->getPublicKey($type);
} }
/**
* Sets the hash
*
* ssh-agent only supports signatures with sha1 hashes but to maintain BC with RSA.php this function exists
*
* @param string $hash optional
* @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported
* @access public
*/
function setHash($hash = 'sha1')
{
if ($hash != 'sha1') {
throw new UnsupportedAlgorithmException('ssh-agent can only be used with the sha1 hash');
}
}
/** /**
* Create a signature * Create a signature
* *
@ -130,7 +146,7 @@ class Identity
function sign($message, $padding = RSA::PADDING_PKCS1) function sign($message, $padding = RSA::PADDING_PKCS1)
{ {
if ($padding != RSA::PADDING_PKCS1 && $padding != RSA::PADDING_RELAXED_PKCS1) { if ($padding != RSA::PADDING_PKCS1 && $padding != RSA::PADDING_RELAXED_PKCS1) {
throw new \UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures'); throw new UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures');
} }
// the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE // the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE