mirror of
https://github.com/phpseclib/phpseclib.git
synced 2024-06-10 04:12:23 +00:00
Merge branch '2.0'
This commit is contained in:
terrafrost
commit
e006f5b326
|
|
@ -2570,7 +2570,9 @@ class SSH2
|
|||
$this->agent = $agent;
|
||||
$keys = $agent->requestIdentities();
|
||||
foreach ($keys as $key) {
|
||||
echo "so far\n";
|
||||
if ($this->privatekey_login($username, $key)) {
|
||||
echo "so good!?\n";
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
@ -2664,24 +2666,19 @@ class SSH2
|
|||
}
|
||||
|
||||
$packet = $part1 . chr(1) . $part2;
|
||||
if ($privatekey instanceof AgentIdentity) {
|
||||
$hash = 'sha1';
|
||||
$type = 'ssh-rsa';
|
||||
} else {
|
||||
switch ($this->signature_format) {
|
||||
case 'rsa-sha2-512':
|
||||
$hash = 'sha512';
|
||||
$type = 'rsa-sha2-512';
|
||||
break;
|
||||
case 'rsa-sha2-256':
|
||||
$hash = 'sha256';
|
||||
$type = 'rsa-sha2-256';
|
||||
break;
|
||||
//case 'ssh-rsa':
|
||||
default:
|
||||
$hash = 'sha1';
|
||||
$type = 'ssh-rsa';
|
||||
}
|
||||
switch ($this->signature_format) {
|
||||
case 'rsa-sha2-512':
|
||||
$hash = 'sha512';
|
||||
$type = 'rsa-sha2-512';
|
||||
break;
|
||||
case 'rsa-sha2-256':
|
||||
$hash = 'sha256';
|
||||
$type = 'rsa-sha2-256';
|
||||
break;
|
||||
//case 'ssh-rsa':
|
||||
default:
|
||||
$hash = 'sha1';
|
||||
$type = 'ssh-rsa';
|
||||
}
|
||||
$privatekey->setHash($hash);
|
||||
$signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet), RSA::PADDING_PKCS1);
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ namespace phpseclib\System\SSH\Agent;
|
|||
use phpseclib\Crypt\RSA;
|
||||
use phpseclib\Exception\UnsupportedAlgorithmException;
|
||||
use phpseclib\System\SSH\Agent;
|
||||
use phpseclib\Common\Functions\Strings;
|
||||
|
||||
/**
|
||||
* Pure-PHP ssh-agent client identity object
|
||||
|
|
@ -35,6 +36,17 @@ use phpseclib\System\SSH\Agent;
|
|||
*/
|
||||
class Identity
|
||||
{
|
||||
/**@+
|
||||
* Signature Flags
|
||||
*
|
||||
* See https://tools.ietf.org/html/draft-miller-ssh-agent-00#section-5.3
|
||||
*
|
||||
* @access private
|
||||
*/
|
||||
const SSH_AGENT_RSA2_256 = 2;
|
||||
const SSH_AGENT_RSA2_512 = 4;
|
||||
/**#@-*/
|
||||
|
||||
/**
|
||||
* Key Object
|
||||
*
|
||||
|
|
@ -62,6 +74,16 @@ class Identity
|
|||
*/
|
||||
private $fsock;
|
||||
|
||||
/**
|
||||
* Signature flags
|
||||
*
|
||||
* @var int
|
||||
* @access private
|
||||
* @see self::sign()
|
||||
* @see self::setHash()
|
||||
*/
|
||||
var $flags = 0;
|
||||
|
||||
/**
|
||||
* Default Constructor.
|
||||
*
|
||||
|
|
@ -124,10 +146,20 @@ class Identity
|
|||
* @param string $hash optional
|
||||
* @access public
|
||||
*/
|
||||
public function setHash($hash = 'sha1')
|
||||
public function setHash($hash)
|
||||
{
|
||||
if ($hash != 'sha1') {
|
||||
throw new UnsupportedAlgorithmException('ssh-agent can only be used with the sha1 hash');
|
||||
$this->flags = 0;
|
||||
switch ($hash) {
|
||||
case 'sha1':
|
||||
break;
|
||||
case 'sha256':
|
||||
$this->flags = self::SSH_AGENT_RSA2_256;
|
||||
break;
|
||||
case 'sha512':
|
||||
$this->flags = self::SSH_AGENT_RSA2_512;
|
||||
break;
|
||||
default:
|
||||
throw new UnsupportedAlgorithmException('The only supported hashes for RSA are sha1, sha256 and sha512');
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -150,7 +182,7 @@ class Identity
|
|||
}
|
||||
|
||||
// the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE
|
||||
$packet = pack('CNa*Na*N', Agent::SSH_AGENTC_SIGN_REQUEST, strlen($this->key_blob), $this->key_blob, strlen($message), $message, 0);
|
||||
$packet = pack('CNa*Na*N', Agent::SSH_AGENTC_SIGN_REQUEST, strlen($this->key_blob), $this->key_blob, strlen($message), $message, $this->flags);
|
||||
$packet = pack('Na*', strlen($packet), $packet);
|
||||
if (strlen($packet) != fputs($this->fsock, $packet)) {
|
||||
throw new \RuntimeException('Connection closed during signing');
|
||||
|
|
@ -163,8 +195,17 @@ class Identity
|
|||
}
|
||||
|
||||
$signature_blob = fread($this->fsock, $length - 1);
|
||||
// the only other signature format defined - ssh-dss - is the same length as ssh-rsa
|
||||
// the + 12 is for the other various SSH added length fields
|
||||
return substr($signature_blob, strlen('ssh-rsa') + 12);
|
||||
$length = current(unpack('N', Strings::shift($signature_blob, 4)));
|
||||
if ($length != strlen($signature_blob)) {
|
||||
throw new \RuntimeException('Malformed signature blob');
|
||||
}
|
||||
$length = current(unpack('N', Strings::shift($signature_blob, 4)));
|
||||
if ($length > strlen($signature_blob) + 4) {
|
||||
throw new \RuntimeException('Malformed signature blob');
|
||||
}
|
||||
$type = Strings::shift($signature_blob, $length);
|
||||
Strings::shift($signature_blob, 4);
|
||||
|
||||
return $signature_blob;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user