Merge pull request #508 from cnelissen/RandomAsClass

Promote Crypt/Random.php to a fully qualified class

* cnelissen/RandomAsClass:
  Removed includes for Random.php and fixed up user_error message
  Renamed Random::crypt_random_string to Random::string
  Regenerated lock file
  Namespaced Crypt\Random
  Code sniff fix
  Initial commit

Conflicts:
	composer.lock

composer.json

@@ -69,10 +69,7 @@
         },
         "psr-4": {
             "phpseclib\\": "phpseclib/"
-        },
-        "files": [
-            "phpseclib/Crypt/Random.php"
-        ]
+        }
     },
     "extra": {
         "branch-alias": {

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "hash": "d659616f5490402339feb6595340aeec",
+    "hash": "4f12b7267ae2893c231aa139d04f1dfd",
     "packages": [],
     "packages-dev": [
         {

phpseclib/Crypt/RSA.php

@@ -67,19 +67,9 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+use \phpseclib\Crypt\Random;
 use \phpseclib\Math\BigInteger;
 
-/**
- * Include Crypt_Random
- */
-// the class_exists() will only be called if the crypt_random_string function hasn't been defined and
-// will trigger a call to __autoload() if you're wanting to auto-load classes
-// call function_exists() a second time to stop the include_once from being called outside
-// of the auto loader
-if (!function_exists('crypt_random_string')) {
-    include_once 'Random.php';
-}
-
 /**
  * Include Crypt_Hash
  */
@@ -798,7 +788,7 @@ class Crypt_RSA
                     $source.= pack('Na*', strlen($private), $private);
                     $hashkey = 'putty-private-key-file-mac-key';
                 } else {
-                    $private.= crypt_random_string(16 - (strlen($private) & 15));
+                    $private.= Random::string(16 - (strlen($private) & 15));
                     $source.= pack('Na*', strlen($private), $private);
                     if (!class_exists('Crypt_AES')) {
                         include_once 'Crypt/AES.php';
@@ -864,7 +854,7 @@ class Crypt_RSA
                     );
                     $RSAPrivateKey = pack('Ca*a*', CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey);
                     if (!empty($this->password) || is_string($this->password)) {
-                        $salt = crypt_random_string(8);
+                        $salt = Random::string(8);
                         $iterationCount = 2048;
 
                         if (!class_exists('Crypt_DES')) {
@@ -904,7 +894,7 @@ class Crypt_RSA
                 }
 
                 if (!empty($this->password) || is_string($this->password)) {
-                    $iv = crypt_random_string(8);
+                    $iv = Random::string(8);
                     $symkey = pack('H*', md5($this->password . $iv)); // symkey is short for symmetric key
                     $symkey.= substr(pack('H*', md5($symkey . $this->password . $iv)), 0, 8);
                     if (!class_exists('Crypt_TripleDES')) {
@@ -2306,7 +2296,7 @@ class Crypt_RSA
         $lHash = $this->hash->hash($l);
         $ps = str_repeat(chr(0), $this->k - $mLen - 2 * $this->hLen - 2);
         $db = $lHash . $ps . chr(1) . $m;
-        $seed = crypt_random_string($this->hLen);
+        $seed = Random::string($this->hLen);
         $dbMask = $this->_mgf1($seed, $this->k - $this->hLen - 1);
         $maskedDB = $db ^ $dbMask;
         $seedMask = $this->_mgf1($maskedDB, $this->hLen);
@@ -2424,7 +2414,7 @@ class Crypt_RSA
         $psLen = $this->k - $mLen - 3;
         $ps = '';
         while (strlen($ps) != $psLen) {
-            $temp = crypt_random_string($psLen - strlen($ps));
+            $temp = Random::string($psLen - strlen($ps));
             $temp = str_replace("\x00", '', $temp);
             $ps.= $temp;
         }
@@ -2530,7 +2520,7 @@ class Crypt_RSA
             return false;
         }
 
-        $salt = crypt_random_string($sLen);
+        $salt = Random::string($sLen);
         $m2 = "\0\0\0\0\0\0\0\0" . $mHash . $salt;
         $h = $this->hash->hash($m2);
         $ps = str_repeat(chr(0), $emLen - $sLen - $this->hLen - 2);

phpseclib/Crypt/Random.php

@@ -3,9 +3,6 @@
 /**
  * Random Number Generator
  *
- * The idea behind this function is that it can be easily replaced with your own crypt_random_string()
- * function. eg. maybe you have a better source of entropy for creating the initial states or whatever.
- *
  * PHP versions 4 and 5
  *
  * Here's a short example of how to use this library:
@@ -13,7 +10,7 @@
  * <?php
  *    include 'Crypt/Random.php';
  *
- *    echo bin2hex(crypt_random_string(8));
+ *    echo bin2hex(Random::string(8));
  * ?>
  * </code>
  *
@@ -36,24 +33,24 @@
  * THE SOFTWARE.
  *
  * @category  Crypt
- * @package   Crypt_Random
+ * @package   Random
  * @author    Jim Wigginton <terrafrost@php.net>
  * @copyright MMVII Jim Wigginton
  * @license   http://www.opensource.org/licenses/mit-license.html  MIT License
  * @link      http://phpseclib.sourceforge.net
  */
 
-// laravel is a PHP framework that utilizes phpseclib. laravel workbenches may, independently,
-// have phpseclib as a requirement as well. if you're developing such a program you may encounter
-// a "Cannot redeclare crypt_random_string()" error.
-if (!function_exists('crypt_random_string')) {
-    /**
-     * "Is Windows" test
-     *
-     * @access private
-     */
-    define('CRYPT_RANDOM_IS_WINDOWS', strtoupper(substr(PHP_OS, 0, 3)) === 'WIN');
+namespace phpseclib\Crypt;
 
+/**
+ * Pure-PHP Random Number Generator
+ *
+ * @package Random
+ * @author  Jim Wigginton <terrafrost@php.net>
+ * @access  public
+ */
+class Random
+{
     /**
      * Generate a random string.
      *
@@ -65,9 +62,9 @@ if (!function_exists('crypt_random_string')) {
      * @return String
      * @access public
      */
-    function crypt_random_string($length)
+    static function string($length)
     {
-        if (CRYPT_RANDOM_IS_WINDOWS) {
+        if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
             // method 1. prior to PHP 5.3 this would call rand() on windows hence the function_exists('class_alias') call.
             // ie. class_alias is a function that was introduced in PHP 5.3
             if (function_exists('mcrypt_create_iv') && function_exists('class_alias')) {
@@ -231,7 +228,7 @@ if (!function_exists('crypt_random_string')) {
                     $crypto = new Crypt_RC4();
                     break;
                 default:
-                    user_error('crypt_random_string requires at least one symmetric cipher be loaded');
+                    user_error(__CLASS__ . ' requires at least one symmetric cipher be loaded');
                     return false;
             }
 

phpseclib/File/X509.php

@@ -3475,7 +3475,7 @@ class File_X509
                         // "A challenge string that is submitted along with the public key. Defaults to an empty string if not specified."
                         // both Firefox and OpenSSL ("openssl spkac -key private.key") behave this way
                         // we could alternatively do this instead if we ignored the specs:
-                        // crypt_random_string(8) & str_repeat("\x7F", 8)
+                        // Random::string(8) & str_repeat("\x7F", 8)
                         'challenge' => !empty($this->challenge) ? $this->challenge : ''
                     ),
                 'signatureAlgorithm' => array('algorithm' => $signatureAlgorithm),

phpseclib/Math/BigInteger.php

@@ -68,6 +68,8 @@
 
 namespace phpseclib\Math;
 
+use \phpseclib\Crypt\Random;
+
 /**#@+
  * Reduction constants
  *
@@ -3021,7 +3023,7 @@ class BigInteger
     /**
      * Generates a random BigInteger
      *
-     * Byte length is equal to $length. Uses crypt_random if it's loaded and mt_rand if it's not.
+     * Byte length is equal to $length. Uses Crypt\Random if it's loaded and mt_rand if it's not.
      *
      * @param Integer $length
      * @return \phpseclib\Math\BigInteger
@@ -3029,8 +3031,8 @@ class BigInteger
      */
     function _random_number_helper($size)
     {
-        if (function_exists('crypt_random_string')) {
-            $random = crypt_random_string($size);
+        if (class_exists('phpseclib\Crypt\Random')) {
+            $random = Random::string($size);
         } else {
             $random = '';
 

phpseclib/Net/SSH1.php

@@ -64,6 +64,7 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+use \phpseclib\Crypt\Random;
 use \phpseclib\Math\BigInteger;
 
 /**#@+
@@ -519,15 +520,6 @@ class Net_SSH1
      */
     function __construct($host, $port = 22, $timeout = 10, $cipher = NET_SSH1_CIPHER_3DES)
     {
-        // Include Crypt_Random
-        // the class_exists() will only be called if the crypt_random_string function hasn't been defined and
-        // will trigger a call to __autoload() if you're wanting to auto-load classes
-        // call function_exists() a second time to stop the include_once from being called outside
-        // of the auto loader
-        if (!function_exists('crypt_random_string') && !class_exists('Crypt_Random') && !function_exists('crypt_random_string')) {
-            include_once 'Crypt/Random.php';
-        }
-
         $this->protocol_flags = array(
             1  => 'NET_SSH1_MSG_DISCONNECT',
             2  => 'NET_SSH1_SMSG_PUBLIC_KEY',
@@ -635,7 +627,7 @@ class Net_SSH1
 
         $session_id = pack('H*', md5($host_key_public_modulus->toBytes() . $server_key_public_modulus->toBytes() . $anti_spoofing_cookie));
 
-        $session_key = crypt_random_string(32);
+        $session_key = Random::string(32);
         $double_encrypted_session_key = $session_key ^ str_pad($session_id, 32, chr(0));
 
         if ($server_key_public_modulus->compare($host_key_public_modulus) < 0) {
@@ -1183,7 +1175,7 @@ class Net_SSH1
 
         $length = strlen($data) + 4;
 
-        $padding = crypt_random_string(8 - ($length & 7));
+        $padding = Random::string(8 - ($length & 7));
 
         $orig = $data;
         $data = $padding . $data;
@@ -1369,7 +1361,7 @@ class Net_SSH1
         $length = strlen($modulus) - strlen($m) - 3;
         $random = '';
         while (strlen($random) != $length) {
-            $block = crypt_random_string($length - strlen($random));
+            $block = Random::string($length - strlen($random));
             $block = str_replace("\x00", '', $block);
             $random.= $block;
         }

phpseclib/Net/SSH2.php

@@ -66,6 +66,7 @@
  * @link      http://phpseclib.sourceforge.net
  */
 
+use \phpseclib\Crypt\Random;
 // Used to do Diffie-Hellman key exchange and DSA/RSA signature verification.
 use \phpseclib\Math\BigInteger;
 
@@ -855,10 +856,6 @@ class Net_SSH2
      */
     function __construct($host, $port = 22, $timeout = 10)
     {
-        if (!function_exists('crypt_random_string')) {
-            include_once 'Crypt/Random.php';
-        }
-
         if (!class_exists('Crypt_Hash')) {
             include_once 'Crypt/Hash.php';
         }
@@ -1202,7 +1199,7 @@ class Net_SSH2
             $compression_algorithms_server_to_client = $compression_algorithms_client_to_server = implode(',', $compression_algorithms);
         }
 
-        $client_cookie = crypt_random_string(16);
+        $client_cookie = Random::string(16);
 
         $response = $kexinit_payload_server;
         $this->_string_shift($response, 1); // skip past the message number (it should be SSH_MSG_KEXINIT)
@@ -3154,7 +3151,7 @@ class Net_SSH2
         $packet_length+= (($this->encrypt_block_size - 1) * $packet_length) % $this->encrypt_block_size;
         // subtracting strlen($data) is obvious - subtracting 5 is necessary because of packet_length and padding_length
         $padding_length = $packet_length - strlen($data) - 5;
-        $padding = crypt_random_string($padding_length);
+        $padding = Random::string($padding_length);
 
         // we subtract 4 from packet_length because the packet_length field isn't supposed to include itself
         $packet = pack('NCa*', $packet_length - 4, $padding_length, $data . $padding);