diff --git a/CHANGELOG.md b/CHANGELOG.md index fd021f38..8795ea35 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,9 +6,9 @@ - Random: fix issues with serialize() (#932) - RC2: fix issue with decrypting - RC4: fix issue with key not being truncated correctly -- SFTP: nlist() on a non-existant directory resulted in error +- SFTP: nlist() on a non-existent directory resulted in error - SFTP: add is_writable, is_writeable, is_readable -- RSA: fix PHP4 compatability issue +- RSA: fix PHP4 compatibility issue ## 1.0.1 - 2016-01-18 @@ -85,7 +85,7 @@ - truncate - improved file type detection - put() can write to te middle of a file - - mkdir accepts the same paramters that PHP's mkdir does + - mkdir accepts the same parameters that PHP's mkdir does - the ability to upload/download 2GB files - across-the-board speedups for the various encryption algorithms - multi-factor authentication support for Net_SSH2 diff --git a/phpseclib/Crypt/Base.php b/phpseclib/Crypt/Base.php index a6616816..58a5fc47 100644 --- a/phpseclib/Crypt/Base.php +++ b/phpseclib/Crypt/Base.php @@ -1314,7 +1314,7 @@ class Crypt_Base * PHP's OpenSSL bindings do not operate in continuous mode so we'll wrap around it. Since the keystream * for CTR is the same for both encrypting and decrypting this function is re-used by both Crypt_Base::encrypt() * and Crypt_Base::decrypt(). Also, OpenSSL doesn't implement CTR for all of it's symmetric ciphers so this - * function will emulate CTR with ECB when necesary. + * function will emulate CTR with ECB when necessary. * * @see self::encrypt() * @see self::decrypt() @@ -2549,7 +2549,7 @@ class Crypt_Base * is stored, classwide (!), here for reusing. * * The string-based index of $function is a classwide - * uniqe value representing, at least, the $mode of + * unique value representing, at least, the $mode of * operation (or more... depends of the optimizing level) * for which $mode the lambda function was created. * diff --git a/phpseclib/Crypt/DES.php b/phpseclib/Crypt/DES.php index 36a54fd0..4c574018 100644 --- a/phpseclib/Crypt/DES.php +++ b/phpseclib/Crypt/DES.php @@ -1375,7 +1375,7 @@ class Crypt_DES extends Crypt_Base // After that, we'll still create very fast optimized code but not the hi-ultimative code, for each $mode one $gen_hi_opt_code = (bool)( count($lambda_functions) < 10 ); - // Generation of a uniqe hash for our generated code + // Generation of a unique hash for our generated code $code_hash = "Crypt_DES, $des_rounds, {$this->mode}"; if ($gen_hi_opt_code) { // For hi-optimized code, we create for each combination of diff --git a/phpseclib/Crypt/RC2.php b/phpseclib/Crypt/RC2.php index e0932e28..1d10a8af 100644 --- a/phpseclib/Crypt/RC2.php +++ b/phpseclib/Crypt/RC2.php @@ -666,7 +666,7 @@ class Crypt_RC2 extends Crypt_Base // (Currently, for Crypt_RC2, one generated $lambda_function cost on php5.5@32bit ~60kb unfreeable mem and ~100kb on php5.5@64bit) $gen_hi_opt_code = (bool)(count($lambda_functions) < 10); - // Generation of a uniqe hash for our generated code + // Generation of a unique hash for our generated code $code_hash = "Crypt_RC2, {$this->mode}"; if ($gen_hi_opt_code) { $code_hash = str_pad($code_hash, 32) . $this->_hashInlineCryptFunction($this->key); diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index ade9b33d..4ce9d62e 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -138,7 +138,6 @@ define('CRYPT_RSA_SIGNATURE_PSS', 1); * compatibility with protocols (like SSH-2) written before PSS's introduction. */ define('CRYPT_RSA_SIGNATURE_PKCS1', 2); -/**#@-*/ /**#@+ * @access private diff --git a/phpseclib/Crypt/Twofish.php b/phpseclib/Crypt/Twofish.php index c0b2c6fd..7125f6a0 100644 --- a/phpseclib/Crypt/Twofish.php +++ b/phpseclib/Crypt/Twofish.php @@ -746,7 +746,7 @@ class Crypt_Twofish extends Crypt_Base // (Currently, for Crypt_Twofish, one generated $lambda_function cost on php5.5@32bit ~140kb unfreeable mem and ~240kb on php5.5@64bit) $gen_hi_opt_code = (bool)(count($lambda_functions) < 10); - // Generation of a uniqe hash for our generated code + // Generation of a unique hash for our generated code $code_hash = "Crypt_Twofish, {$this->mode}"; if ($gen_hi_opt_code) { $code_hash = str_pad($code_hash, 32) . $this->_hashInlineCryptFunction($this->key); diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index 91d90429..f1bb94fb 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -261,7 +261,7 @@ class File_X509 /** * The signature subject * - * There's no guarantee File_X509 is going to reencode an X.509 cert in the same way it was originally + * There's no guarantee File_X509 is going to re-encode an X.509 cert in the same way it was originally * encoded so we take save the portion of the original cert that the signature would have made for. * * @var string @@ -3134,7 +3134,7 @@ class File_X509 $asn1 = new File_ASN1(); - // OpenSSL produces SPKAC's that are preceeded by the string SPKAC= + // OpenSSL produces SPKAC's that are preceded by the string SPKAC= $temp = preg_replace('#(?:SPKAC=)|[ \r\n\\\]#', '', $spkac); $temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) : false; if ($temp != false) { @@ -3224,7 +3224,7 @@ class File_X509 return $spkac; // case FILE_X509_FORMAT_PEM: default: - // OpenSSL's implementation of SPKAC requires the SPKAC be preceeded by SPKAC= and since there are pretty much + // OpenSSL's implementation of SPKAC requires the SPKAC be preceded by SPKAC= and since there are pretty much // no other SPKAC decoders phpseclib will use that same format return 'SPKAC=' . base64_encode($spkac); } diff --git a/phpseclib/Math/BigInteger.php b/phpseclib/Math/BigInteger.php index cd495a2a..9b2d8bf7 100644 --- a/phpseclib/Math/BigInteger.php +++ b/phpseclib/Math/BigInteger.php @@ -2496,7 +2496,7 @@ class Math_BigInteger * * Say you have 693 and 609. The GCD is 21. Bezout's identity states that there exist integers x and y such that * 693*x + 609*y == 21. In point of fact, there are actually an infinite number of x and y combinations and which - * combination is returned is dependant upon which mode is in use. See + * combination is returned is dependent upon which mode is in use. See * {@link http://en.wikipedia.org/wiki/B%C3%A9zout%27s_identity Bezout's identity - Wikipedia} for more information. * * Here's an example: diff --git a/phpseclib/Net/SFTP.php b/phpseclib/Net/SFTP.php index b01fdc86..35e6d36b 100644 --- a/phpseclib/Net/SFTP.php +++ b/phpseclib/Net/SFTP.php @@ -380,7 +380,7 @@ class Net_SFTP extends Net_SSH2 ); // http://tools.ietf.org/html/draft-ietf-secsh-filexfer-04#section-6.3 // the flag definitions change somewhat in SFTPv5+. if SFTPv5+ support is added to this library, maybe name - // the array for that $this->open5_flags and similarily alter the constant names. + // the array for that $this->open5_flags and similarly alter the constant names. $this->open_flags = array( 0x00000001 => 'NET_SFTP_OPEN_READ', 0x00000002 => 'NET_SFTP_OPEN_WRITE', diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index 2fd2a8f9..623e7f3a 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -400,7 +400,7 @@ class Net_SSH2 var $server_public_host_key; /** - * Session identifer + * Session identifier * * "The exchange hash H from the first key exchange is additionally * used as the session identifier, which is a unique identifier for @@ -2478,7 +2478,7 @@ class Net_SSH2 // RFC4254 defines the (client) window size as "bytes the other party can send before it must wait for the window to // be adjusted". 0x7FFFFFFF is, at 2GB, the max size. technically, it should probably be decremented, but, - // honestly, if you're transfering more than 2GB, you probably shouldn't be using phpseclib, anyway. + // honestly, if you're transferring more than 2GB, you probably shouldn't be using phpseclib, anyway. // see http://tools.ietf.org/html/rfc4254#section-5.2 for more info $this->window_size_server_to_client[NET_SSH2_CHANNEL_EXEC] = $this->window_size; // 0x8000 is the maximum max packet size, per http://tools.ietf.org/html/rfc4253#section-6.1, although since PuTTy diff --git a/phpseclib/System/SSH/Agent/Identity.php b/phpseclib/System/SSH/Agent/Identity.php new file mode 100644 index 00000000..95e091db --- /dev/null +++ b/phpseclib/System/SSH/Agent/Identity.php @@ -0,0 +1,170 @@ + + * @copyright 2009 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + * @internal See http://api.libssh.org/rfc/PROTOCOL.agent + */ + +namespace phpseclib\System\SSH\Agent; + +use phpseclib\Crypt\RSA; +use phpseclib\Exception\UnsupportedAlgorithmException; +use phpseclib\System\SSH\Agent; + +/** + * Pure-PHP ssh-agent client identity object + * + * Instantiation should only be performed by \phpseclib\System\SSH\Agent class. + * This could be thought of as implementing an interface that phpseclib\Crypt\RSA + * implements. ie. maybe a Net_SSH_Auth_PublicKey interface or something. + * The methods in this interface would be getPublicKey and sign since those are the + * methods phpseclib looks for to perform public key authentication. + * + * @package SSH\Agent + * @author Jim Wigginton + * @access internal + */ +class Identity +{ + /** + * Key Object + * + * @var \phpseclib\Crypt\RSA + * @access private + * @see self::getPublicKey() + */ + var $key; + + /** + * Key Blob + * + * @var string + * @access private + * @see self::sign() + */ + var $key_blob; + + /** + * Socket Resource + * + * @var resource + * @access private + * @see self::sign() + */ + var $fsock; + + /** + * Default Constructor. + * + * @param resource $fsock + * @return \phpseclib\System\SSH\Agent\Identity + * @access private + */ + function __construct($fsock) + { + $this->fsock = $fsock; + } + + /** + * Set Public Key + * + * Called by \phpseclib\System\SSH\Agent::requestIdentities() + * + * @param \phpseclib\Crypt\RSA $key + * @access private + */ + function setPublicKey($key) + { + $this->key = $key; + $this->key->setPublicKey(); + } + + /** + * Set Public Key + * + * Called by \phpseclib\System\SSH\Agent::requestIdentities(). The key blob could be extracted from $this->key + * but this saves a small amount of computation. + * + * @param string $key_blob + * @access private + */ + function setPublicKeyBlob($key_blob) + { + $this->key_blob = $key_blob; + } + + /** + * Get Public Key + * + * Wrapper for $this->key->getPublicKey() + * + * @param int $type optional + * @return mixed + * @access public + */ + function getPublicKey($type = 'PKCS8') + { + return $this->key->getPublicKey($type); + } + + /** + * Sets the hash + * + * ssh-agent only supports signatures with sha1 hashes but to maintain BC with RSA.php this function exists + * + * @param string $hash optional + * @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported + * @access public + */ + function setHash($hash = 'sha1') + { + if ($hash != 'sha1') { + throw new UnsupportedAlgorithmException('ssh-agent can only be used with the sha1 hash'); + } + } + + /** + * Create a signature + * + * See "2.6.2 Protocol 2 private key signature request" + * + * @param string $message + * @param int $padding optional + * @return string + * @throws \RuntimeException on connection errors + * @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported + * @access public + */ + function sign($message, $padding = RSA::PADDING_PKCS1) + { + if ($padding != RSA::PADDING_PKCS1 && $padding != RSA::PADDING_RELAXED_PKCS1) { + throw new UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures'); + } + + // the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE + $packet = pack('CNa*Na*N', Agent::SSH_AGENTC_SIGN_REQUEST, strlen($this->key_blob), $this->key_blob, strlen($message), $message, 0); + $packet = pack('Na*', strlen($packet), $packet); + if (strlen($packet) != fputs($this->fsock, $packet)) { + throw new \RuntimeException('Connection closed during signing'); + } + + $length = current(unpack('N', fread($this->fsock, 4))); + $type = ord(fread($this->fsock, 1)); + if ($type != Agent::SSH_AGENT_SIGN_RESPONSE) { + throw new \RuntimeException('Unable to retrieve signature'); + } + + $signature_blob = fread($this->fsock, $length - 1); + // the only other signature format defined - ssh-dss - is the same length as ssh-rsa + // the + 12 is for the other various SSH added length fields + return substr($signature_blob, strlen('ssh-rsa') + 12); + } +} diff --git a/tests/Unit/Crypt/RC2Test.php b/tests/Unit/Crypt/RC2Test.php index 2fa2c0d3..0ad664bb 100644 --- a/tests/Unit/Crypt/RC2Test.php +++ b/tests/Unit/Crypt/RC2Test.php @@ -70,7 +70,7 @@ class Unit_Crypt_RC2Test extends PhpseclibTestCase // now, to OpenSSL's credit, null padding is internally consistent with OpenSSL. OpenSSL only supports fixed length keys. For rc2, rc4 and // bf (blowfish), all keys are 128 bits (or are null padded / truncated accordingly). to use 40-bit or 64-bit keys with RC4 with OpenSSL you - // don't use the rc4 algorithm - you use the rc4-40 or rc4-64 algorithm. and similarily, it's not aes-cbc that you use - it's either aes-128-cbc + // don't use the rc4 algorithm - you use the rc4-40 or rc4-64 algorithm. and similarly, it's not aes-cbc that you use - it's either aes-128-cbc // or aes-192-cbc or aes-256-cbc. this is in contrast to mcrypt, which (with the exception of RC2) actually supports variable and arbitrary // length keys.