mirror of
https://github.com/phpseclib/phpseclib.git
synced 2024-12-27 03:42:40 +00:00
Merge pull request #754 from bantu/ssh2-function-key_exchange-reduction
[1.0] SSH2: Add encryption_algorithm_to_key_size method. * bantu/ssh2-function-key_exchange-reduction: Add encryption_algorithm_to_key_size method.
This commit is contained in:
commit
ee16fd44ce
@ -1370,87 +1370,17 @@ class Net_SSH2
|
|||||||
// we don't initialize any crypto-objects, yet - we do that, later. for now, we need the lengths to make the
|
// we don't initialize any crypto-objects, yet - we do that, later. for now, we need the lengths to make the
|
||||||
// diffie-hellman key exchange as fast as possible
|
// diffie-hellman key exchange as fast as possible
|
||||||
$decrypt = $this->_array_intersect_first($encryption_algorithms, $this->encryption_algorithms_server_to_client);
|
$decrypt = $this->_array_intersect_first($encryption_algorithms, $this->encryption_algorithms_server_to_client);
|
||||||
switch ($decrypt) {
|
$decryptKeyLength = $this->_encryption_algorithm_to_key_size($decrypt);
|
||||||
case '3des-cbc':
|
if ($decryptKeyLength === null) {
|
||||||
case '3des-ctr':
|
user_error('No compatible server to client encryption algorithms found');
|
||||||
$decryptKeyLength = 24; // eg. 192 / 8
|
return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
|
||||||
break;
|
|
||||||
case 'aes256-cbc':
|
|
||||||
case 'aes256-ctr':
|
|
||||||
case 'twofish-cbc':
|
|
||||||
case 'twofish256-cbc':
|
|
||||||
case 'twofish256-ctr':
|
|
||||||
$decryptKeyLength = 32; // eg. 256 / 8
|
|
||||||
break;
|
|
||||||
case 'aes192-cbc':
|
|
||||||
case 'aes192-ctr':
|
|
||||||
case 'twofish192-cbc':
|
|
||||||
case 'twofish192-ctr':
|
|
||||||
$decryptKeyLength = 24; // eg. 192 / 8
|
|
||||||
break;
|
|
||||||
case 'aes128-cbc':
|
|
||||||
case 'aes128-ctr':
|
|
||||||
case 'twofish128-cbc':
|
|
||||||
case 'twofish128-ctr':
|
|
||||||
case 'blowfish-cbc':
|
|
||||||
case 'blowfish-ctr':
|
|
||||||
$decryptKeyLength = 16; // eg. 128 / 8
|
|
||||||
break;
|
|
||||||
case 'arcfour':
|
|
||||||
case 'arcfour128':
|
|
||||||
$decryptKeyLength = 16; // eg. 128 / 8
|
|
||||||
break;
|
|
||||||
case 'arcfour256':
|
|
||||||
$decryptKeyLength = 32; // eg. 128 / 8
|
|
||||||
break;
|
|
||||||
case 'none':
|
|
||||||
$decryptKeyLength = 0;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
user_error('No compatible server to client encryption algorithms found');
|
|
||||||
return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$encrypt = $this->_array_intersect_first($encryption_algorithms, $this->encryption_algorithms_client_to_server);
|
$encrypt = $this->_array_intersect_first($encryption_algorithms, $this->encryption_algorithms_client_to_server);
|
||||||
switch ($encrypt) {
|
$encryptKeyLength = $this->_encryption_algorithm_to_key_size($encrypt);
|
||||||
case '3des-cbc':
|
if ($encryptKeyLength === null) {
|
||||||
case '3des-ctr':
|
user_error('No compatible client to server encryption algorithms found');
|
||||||
$encryptKeyLength = 24;
|
return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
|
||||||
break;
|
|
||||||
case 'aes256-cbc':
|
|
||||||
case 'aes256-ctr':
|
|
||||||
case 'twofish-cbc':
|
|
||||||
case 'twofish256-cbc':
|
|
||||||
case 'twofish256-ctr':
|
|
||||||
$encryptKeyLength = 32;
|
|
||||||
break;
|
|
||||||
case 'aes192-cbc':
|
|
||||||
case 'aes192-ctr':
|
|
||||||
case 'twofish192-cbc':
|
|
||||||
case 'twofish192-ctr':
|
|
||||||
$encryptKeyLength = 24;
|
|
||||||
break;
|
|
||||||
case 'aes128-cbc':
|
|
||||||
case 'aes128-ctr':
|
|
||||||
case 'twofish128-cbc':
|
|
||||||
case 'twofish128-ctr':
|
|
||||||
case 'blowfish-cbc':
|
|
||||||
case 'blowfish-ctr':
|
|
||||||
$encryptKeyLength = 16;
|
|
||||||
break;
|
|
||||||
case 'arcfour':
|
|
||||||
case 'arcfour128':
|
|
||||||
$encryptKeyLength = 16;
|
|
||||||
break;
|
|
||||||
case 'arcfour256':
|
|
||||||
$encryptKeyLength = 32;
|
|
||||||
break;
|
|
||||||
case 'none':
|
|
||||||
$encryptKeyLength = 0;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
user_error('No compatible client to server encryption algorithms found');
|
|
||||||
return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$keyLength = $decryptKeyLength > $encryptKeyLength ? $decryptKeyLength : $encryptKeyLength;
|
$keyLength = $decryptKeyLength > $encryptKeyLength ? $decryptKeyLength : $encryptKeyLength;
|
||||||
@ -1964,6 +1894,45 @@ class Net_SSH2
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Maps an encryption algorithm name to the number of key bytes.
|
||||||
|
*
|
||||||
|
* @param String $algorithm Name of the encryption algorithm
|
||||||
|
* @return Mixed Number of bytes as an integer or null for unknown
|
||||||
|
* @access private
|
||||||
|
*/
|
||||||
|
function _encryption_algorithm_to_key_size($algorithm)
|
||||||
|
{
|
||||||
|
switch ($algorithm) {
|
||||||
|
case 'none':
|
||||||
|
return 0;
|
||||||
|
case 'aes128-cbc':
|
||||||
|
case 'aes128-ctr':
|
||||||
|
case 'arcfour':
|
||||||
|
case 'arcfour128':
|
||||||
|
case 'blowfish-cbc':
|
||||||
|
case 'blowfish-ctr':
|
||||||
|
case 'twofish128-cbc':
|
||||||
|
case 'twofish128-ctr':
|
||||||
|
return 16;
|
||||||
|
case '3des-cbc':
|
||||||
|
case '3des-ctr':
|
||||||
|
case 'aes192-cbc':
|
||||||
|
case 'aes192-ctr':
|
||||||
|
case 'twofish192-cbc':
|
||||||
|
case 'twofish192-ctr':
|
||||||
|
return 24;
|
||||||
|
case 'aes256-cbc':
|
||||||
|
case 'aes256-ctr':
|
||||||
|
case 'arcfour256':
|
||||||
|
case 'twofish-cbc':
|
||||||
|
case 'twofish256-cbc':
|
||||||
|
case 'twofish256-ctr':
|
||||||
|
return 32;
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Login
|
* Login
|
||||||
*
|
*
|
||||||
|
Loading…
Reference in New Issue
Block a user