Exemplo n.º 1
  * Returns the server public host key.
  * Caching this the first time you connect to a server and checking the result on subsequent connections
  * is recommended.  Returns false if the server signature is not signed correctly with the public host key.
  * @return Mixed
  * @access public
 function getServerPublicHostKey()
     if (!($this->bitmap & self::MASK_CONSTRUCTOR)) {
         if (!$this->_connect()) {
             return false;
     $signature = $this->signature;
     $server_public_host_key = $this->server_public_host_key;
     extract(unpack('Nlength', $this->_string_shift($server_public_host_key, 4)));
     $this->_string_shift($server_public_host_key, $length);
     if ($this->signature_validated) {
         return $this->bitmap ? $this->signature_format . ' ' . base64_encode($this->server_public_host_key) : false;
     $this->signature_validated = true;
     switch ($this->signature_format) {
         case 'ssh-dss':
             $zero = new BigInteger();
             $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
             $p = new BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
             $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
             $q = new BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
             $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
             $g = new BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
             $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
             $y = new BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
             /* The value for 'dss_signature_blob' is encoded as a string containing
                r, followed by s (which are 160-bit integers, without lengths or
                padding, unsigned, and in network byte order). */
             $temp = unpack('Nlength', $this->_string_shift($signature, 4));
             if ($temp['length'] != 40) {
                 user_error('Invalid signature');
                 return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
             $r = new BigInteger($this->_string_shift($signature, 20), 256);
             $s = new BigInteger($this->_string_shift($signature, 20), 256);
             switch (true) {
                 case $r->equals($zero):
                 case $r->compare($q) >= 0:
                 case $s->equals($zero):
                 case $s->compare($q) >= 0:
                     user_error('Invalid signature');
                     return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
             $w = $s->modInverse($q);
             $u1 = $w->multiply(new BigInteger(sha1($this->exchange_hash), 16));
             list(, $u1) = $u1->divide($q);
             $u2 = $w->multiply($r);
             list(, $u2) = $u2->divide($q);
             $g = $g->modPow($u1, $p);
             $y = $y->modPow($u2, $p);
             $v = $g->multiply($y);
             list(, $v) = $v->divide($p);
             list(, $v) = $v->divide($q);
             if (!$v->equals($r)) {
                 user_error('Bad server signature');
                 return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
         case 'ssh-rsa':
             $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
             $e = new BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
             $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
             $rawN = $this->_string_shift($server_public_host_key, $temp['length']);
             $n = new BigInteger($rawN, -256);
             $nLength = strlen(ltrim($rawN, ""));
             $temp = unpack('Nlength', $this->_string_shift($signature, 4));
             $signature = $this->_string_shift($signature, $temp['length']);
             $rsa = new RSA();
             $rsa->loadKey(array('e' => $e, 'n' => $n), RSA::PUBLIC_FORMAT_RAW);
             if (!$rsa->verify($this->exchange_hash, $signature)) {
                 user_error('Bad server signature');
                 return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
             $temp = unpack('Nlength', $this->_string_shift($signature, 4));
             $s = new BigInteger($this->_string_shift($signature, $temp['length']), 256);
             // validate an RSA signature per "8.2 RSASSA-PKCS1-v1_5", "5.2.2 RSAVP1", and "9.1 EMSA-PSS" in the
             // following URL:
             // ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf
             // also, see SSHRSA.c (rsa2_verifysig) in PuTTy's source.
             if ($s->compare(new BigInteger()) < 0 || $s->compare($n->subtract(new BigInteger(1))) > 0) {
                 user_error('Invalid signature');
                 return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
             $s = $s->modPow($e, $n);
             $s = $s->toBytes();
             $h = pack('N4H*', 0x302130, 0x906052b, 0xe03021a, 0x5000414, sha1($this->exchange_hash));
             $h = chr(0x1) . str_repeat(chr(0xff), $nLength - 2 - strlen($h)) . $h;
             if ($s != $h) {
                 user_error('Bad server signature');
                 return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
             user_error('Unsupported signature format');
             return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
     return $this->signature_format . ' ' . base64_encode($this->server_public_host_key);
Exemplo n.º 2
  * Performs modular exponentiation.
  * Here's an example:
  * <code>
  * <?php
  *    $a = new \phpseclib\Math\BigInteger('10');
  *    $b = new \phpseclib\Math\BigInteger('20');
  *    $c = new \phpseclib\Math\BigInteger('30');
  *    $c = $a->modPow($b, $c);
  *    echo $c->toString(); // outputs 10
  * ?>
  * </code>
  * @param \phpseclib\Math\BigInteger $e
  * @param \phpseclib\Math\BigInteger $n
  * @return \phpseclib\Math\BigInteger
  * @access public
  * @internal The most naive approach to modular exponentiation has very unreasonable requirements, and
  *    and although the approach involving repeated squaring does vastly better, it, too, is impractical
  *    for our purposes.  The reason being that division - by far the most complicated and time-consuming
  *    of the basic operations (eg. +,-,*,/) - occurs multiple times within it.
  *    Modular reductions resolve this issue.  Although an individual modular reduction takes more time
  *    then an individual division, when performed in succession (with the same modulo), they're a lot faster.
  *    The two most commonly used modular reductions are Barrett and Montgomery reduction.  Montgomery reduction,
  *    although faster, only works when the gcd of the modulo and of the base being used is 1.  In RSA, when the
  *    base is a power of two, the modulo - a product of two primes - is always going to have a gcd of 1 (because
  *    the product of two odd numbers is odd), but what about when RSA isn't used?
  *    In contrast, Barrett reduction has no such constraint.  As such, some bigint implementations perform a
  *    Barrett reduction after every operation in the modpow function.  Others perform Barrett reductions when the
  *    modulo is even and Montgomery reductions when the modulo is odd.  BigInteger.java's modPow method, however,
  *    uses a trick involving the Chinese Remainder Theorem to factor the even modulo into two numbers - one odd and
  *    the other, a power of two - and recombine them, later.  This is the method that this modPow function uses.
  *    {@link http://islab.oregonstate.edu/papers/j34monex.pdf Montgomery Reduction with Even Modulus} elaborates.
 function modPow($e, $n)
     $n = $this->bitmask !== false && $this->bitmask->compare($n) < 0 ? $this->bitmask : $n->abs();
     if ($e->compare(new static()) < 0) {
         $e = $e->abs();
         $temp = $this->modInverse($n);
         if ($temp === false) {
             return false;
         return $this->_normalize($temp->modPow($e, $n));
     if (MATH_BIGINTEGER_MODE == self::MODE_GMP) {
         $temp = new static();
         $temp->value = gmp_powm($this->value, $e->value, $n->value);
         return $this->_normalize($temp);
     if ($this->compare(new static()) < 0 || $this->compare($n) > 0) {
         list(, $temp) = $this->divide($n);
         return $temp->modPow($e, $n);
         $components = array('modulus' => $n->toBytes(true), 'publicExponent' => $e->toBytes(true));
         $components = array('modulus' => pack('Ca*a*', 2, $this->_encodeASN1Length(strlen($components['modulus'])), $components['modulus']), 'publicExponent' => pack('Ca*a*', 2, $this->_encodeASN1Length(strlen($components['publicExponent'])), $components['publicExponent']));
         $RSAPublicKey = pack('Ca*a*a*', 48, $this->_encodeASN1Length(strlen($components['modulus']) + strlen($components['publicExponent'])), $components['modulus'], $components['publicExponent']);
         $rsaOID = pack('H*', '300d06092a864886f70d0101010500');
         // hex version of MA0GCSqGSIb3DQEBAQUA
         $RSAPublicKey = chr(0) . $RSAPublicKey;
         $RSAPublicKey = chr(3) . $this->_encodeASN1Length(strlen($RSAPublicKey)) . $RSAPublicKey;
         $encapsulated = pack('Ca*a*', 48, $this->_encodeASN1Length(strlen($rsaOID . $RSAPublicKey)), $rsaOID . $RSAPublicKey);
         $RSAPublicKey = "-----BEGIN PUBLIC KEY-----\r\n" . chunk_split(base64_encode($encapsulated)) . '-----END PUBLIC KEY-----';
         $plaintext = str_pad($this->toBytes(), strlen($n->toBytes(true)) - 1, "", STR_PAD_LEFT);
         if (openssl_public_encrypt($plaintext, $result, $RSAPublicKey, OPENSSL_NO_PADDING)) {
             return new static($result, 256);
         $temp = new static();
         $temp->value = bcpowmod($this->value, $e->value, $n->value, 0);
         return $this->_normalize($temp);
     if (empty($e->value)) {
         $temp = new static();
         $temp->value = array(1);
         return $this->_normalize($temp);
     if ($e->value == array(1)) {
         list(, $temp) = $this->divide($n);
         return $this->_normalize($temp);
     if ($e->value == array(2)) {
         $temp = new static();
         $temp->value = $this->_square($this->value);
         list(, $temp) = $temp->divide($n);
         return $this->_normalize($temp);
     return $this->_normalize($this->_slidingWindow($e, $n, self::BARRETT));
     // the following code, although not callable, can be run independently of the above code
     // although the above code performed better in my benchmarks the following could might
     // perform better under different circumstances. in lieu of deleting it it's just been
     // made uncallable
     // is the modulo odd?
     if ($n->value[0] & 1) {
         return $this->_normalize($this->_slidingWindow($e, $n, self::MONTGOMERY));
     // if it's not, it's even
     // find the lowest set bit (eg. the max pow of 2 that divides $n)
     for ($i = 0; $i < count($n->value); ++$i) {
         if ($n->value[$i]) {
             $temp = decbin($n->value[$i]);
             $j = strlen($temp) - strrpos($temp, '1') - 1;
             $j += 26 * $i;
     // at this point, 2^$j * $n/(2^$j) == $n
     $mod1 = $n->copy();
     $mod2 = new static();
     $mod2->value = array(1);
     $part1 = $mod1->value != array(1) ? $this->_slidingWindow($e, $mod1, self::MONTGOMERY) : new static();
     $part2 = $this->_slidingWindow($e, $mod2, self::POWEROF2);
     $y1 = $mod2->modInverse($mod1);
     $y2 = $mod1->modInverse($mod2);
     $result = $part1->multiply($mod2);
     $result = $result->multiply($y1);
     $temp = $part2->multiply($mod1);
     $temp = $temp->multiply($y2);
     $result = $result->add($temp);
     list(, $result) = $result->divide($n);
     return $this->_normalize($result);
Exemplo n.º 3
     * Get the index of a revoked certificate.
     * @param array $rclist
     * @param string $serial
     * @param bool $create optional
     * @access private
     * @return int|false
    function _revokedCertificate(&$rclist, $serial, $create = false)
        $serial = new BigInteger($serial);

        foreach ($rclist as $i => $rc) {
            if (!($serial->compare($rc['userCertificate']))) {
                return $i;

        if (!$create) {
            return false;

        $i = count($rclist);
        $rclist[] = array('userCertificate' => $serial,
                          'revocationDate'  => $this->_timeField(@date('D, d M Y H:i:s O')));
        return $i;
Exemplo n.º 4
  * Connect to an SSHv1 server
  * @return Boolean
  * @access private
 function _connect()
     $this->fsock = @fsockopen($this->host, $this->port, $errno, $errstr, $this->connectionTimeout);
     if (!$this->fsock) {
         user_error(rtrim("Cannot connect to {$this->host}:{$this->port}. Error {$errno}. {$errstr}"));
         return false;
     $this->server_identification = $init_line = fgets($this->fsock, 255);
     if (defined('NET_SSH1_LOGGING')) {
         $this->_append_log('<-', $this->server_identification);
         $this->_append_log('->', $this->identifier . "\r\n");
     if (!preg_match('#SSH-([0-9\\.]+)-(.+)#', $init_line, $parts)) {
         user_error('Can only connect to SSH servers');
         return false;
     if ($parts[1][0] != 1) {
         user_error("Cannot connect to SSH {$parts['1']} servers");
         return false;
     fputs($this->fsock, $this->identifier . "\r\n");
     $response = $this->_get_binary_packet();
     if ($response[self::RESPONSE_TYPE] != NET_SSH1_SMSG_PUBLIC_KEY) {
         user_error('Expected SSH_SMSG_PUBLIC_KEY');
         return false;
     $anti_spoofing_cookie = $this->_string_shift($response[self::RESPONSE_DATA], 8);
     $this->_string_shift($response[self::RESPONSE_DATA], 4);
     $temp = unpack('nlen', $this->_string_shift($response[self::RESPONSE_DATA], 2));
     $server_key_public_exponent = new BigInteger($this->_string_shift($response[self::RESPONSE_DATA], ceil($temp['len'] / 8)), 256);
     $this->server_key_public_exponent = $server_key_public_exponent;
     $temp = unpack('nlen', $this->_string_shift($response[self::RESPONSE_DATA], 2));
     $server_key_public_modulus = new BigInteger($this->_string_shift($response[self::RESPONSE_DATA], ceil($temp['len'] / 8)), 256);
     $this->server_key_public_modulus = $server_key_public_modulus;
     $this->_string_shift($response[self::RESPONSE_DATA], 4);
     $temp = unpack('nlen', $this->_string_shift($response[self::RESPONSE_DATA], 2));
     $host_key_public_exponent = new BigInteger($this->_string_shift($response[self::RESPONSE_DATA], ceil($temp['len'] / 8)), 256);
     $this->host_key_public_exponent = $host_key_public_exponent;
     $temp = unpack('nlen', $this->_string_shift($response[self::RESPONSE_DATA], 2));
     $host_key_public_modulus = new BigInteger($this->_string_shift($response[self::RESPONSE_DATA], ceil($temp['len'] / 8)), 256);
     $this->host_key_public_modulus = $host_key_public_modulus;
     $this->_string_shift($response[self::RESPONSE_DATA], 4);
     // get a list of the supported ciphers
     extract(unpack('Nsupported_ciphers_mask', $this->_string_shift($response[self::RESPONSE_DATA], 4)));
     foreach ($this->supported_ciphers as $mask => $name) {
         if (($supported_ciphers_mask & 1 << $mask) == 0) {
     // get a list of the supported authentications
     extract(unpack('Nsupported_authentications_mask', $this->_string_shift($response[self::RESPONSE_DATA], 4)));
     foreach ($this->supported_authentications as $mask => $name) {
         if (($supported_authentications_mask & 1 << $mask) == 0) {
     $session_id = pack('H*', md5($host_key_public_modulus->toBytes() . $server_key_public_modulus->toBytes() . $anti_spoofing_cookie));
     $session_key = Random::string(32);
     $double_encrypted_session_key = $session_key ^ str_pad($session_id, 32, chr(0));
     if ($server_key_public_modulus->compare($host_key_public_modulus) < 0) {
         $double_encrypted_session_key = $this->_rsa_crypt($double_encrypted_session_key, array($server_key_public_exponent, $server_key_public_modulus));
         $double_encrypted_session_key = $this->_rsa_crypt($double_encrypted_session_key, array($host_key_public_exponent, $host_key_public_modulus));
     } else {
         $double_encrypted_session_key = $this->_rsa_crypt($double_encrypted_session_key, array($host_key_public_exponent, $host_key_public_modulus));
         $double_encrypted_session_key = $this->_rsa_crypt($double_encrypted_session_key, array($server_key_public_exponent, $server_key_public_modulus));
     $cipher = isset($this->supported_ciphers[$this->cipher]) ? $this->cipher : self::CIPHER_3DES;
     $data = pack('C2a*na*N', NET_SSH1_CMSG_SESSION_KEY, $cipher, $anti_spoofing_cookie, 8 * strlen($double_encrypted_session_key), $double_encrypted_session_key, 0);
     if (!$this->_send_binary_packet($data)) {
         user_error('Error sending SSH_CMSG_SESSION_KEY');
         return false;
     switch ($cipher) {
         //case self::CIPHER_NONE:
         //    $this->crypto = new \phpseclib\Crypt\Null();
         //    break;
         case self::CIPHER_DES:
             $this->crypto = new DES();
             $this->crypto->setKey(substr($session_key, 0, 8));
         case self::CIPHER_3DES:
             $this->crypto = new TripleDES(TripleDES::MODE_3CBC);
             $this->crypto->setKey(substr($session_key, 0, 24));
             //case self::CIPHER_RC4:
             //    $this->crypto = new RC4();
             //    $this->crypto->enableContinuousBuffer();
             //    $this->crypto->setKey(substr($session_key, 0,  16));
             //    break;
     $response = $this->_get_binary_packet();
     if ($response[self::RESPONSE_TYPE] != NET_SSH1_SMSG_SUCCESS) {
         user_error('Expected SSH_SMSG_SUCCESS');
         return false;
     $this->bitmap = self::MASK_CONNECTED;
     return true;
Exemplo n.º 5
  * RSAVP1
  * See {@link http://tools.ietf.org/html/rfc3447#section-5.2.2 RFC3447#section-5.2.2}.
  * @access private
  * @param BigInteger $s        	
  * @return BigInteger
 function _rsavp1($s)
     if ($s->compare($this->zero) < 0 || $s->compare($this->modulus) > 0) {
         user_error('Signature representative out of range');
         return false;
     return $this->_exponentiate($s);
Exemplo n.º 6
  * Generate a random prime number.
  * If there's not a prime within the given range, false will be returned.
  * If more than $timeout seconds have elapsed, give up and return false.
  * @param \phpseclib\Math\BigInteger $min
  * @param \phpseclib\Math\BigInteger $max
  * @param int $timeout
  * @return Math_BigInteger|false
  * @access public
  * @internal See {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap4.pdf#page=15 HAC 4.44}.
 static function randomPrime(BigInteger $min, BigInteger $max, $timeout = false)
     $compare = $max->compare($min);
     if (!$compare) {
         return $min->isPrime() ? $min : false;
     } elseif ($compare < 0) {
         // if $min is bigger then $max, swap $min and $max
         $temp = $max;
         $max = $min;
         $min = $temp;
     static $one, $two;
     if (!isset($one)) {
         $one = new static(1);
         $two = new static(2);
     $start = time();
     $x = self::random($min, $max);
     // gmp_nextprime() requires PHP 5 >= 5.2.0 per <http://php.net/gmp-nextprime>.
     if (MATH_BIGINTEGER_MODE == self::MODE_GMP && extension_loaded('gmp')) {
         $p = new static();
         $p->value = gmp_nextprime($x->value);
         if ($p->compare($max) <= 0) {
             return $p;
         if (!$min->equals($x)) {
             $x = $x->subtract($one);
         return self::randomPrime($min, $x);
     if ($x->equals($two)) {
         return $x;
     if ($x->compare($max) > 0) {
         // if $x > $max then $max is even and if $min == $max then no prime number exists between the specified range
         if ($min->equals($max)) {
             return false;
         $x = clone $min;
     $initial_x = clone $x;
     while (true) {
         if ($timeout !== false && time() - $start > $timeout) {
             return false;
         if ($x->isPrime()) {
             return $x;
         $x = $x->add($two);
         if ($x->compare($max) > 0) {
             $x = clone $min;
             if ($x->equals($two)) {
                 return $x;
         if ($x->equals($initial_x)) {
             return false;
Exemplo n.º 7
 public static function sha1($input)
     $number = new BigInteger(sha1($input, true), -256);
     $zero = new BigInteger(0);
     return ($zero->compare($number) <= 0 ? "" : "-") . ltrim($number->toHex(), "0");
Exemplo n.º 8
  * RSAVP1
  * See {@link http://tools.ietf.org/html/rfc3447#section-5.2.2 RFC3447#section-5.2.2}.
  * @access private
  * @param \phpseclib\Math\BigInteger $s
  * @return bool|\phpseclib\Math\BigInteger
 function _rsavp1($s)
     if ($s->compare(self::$zero) < 0 || $s->compare($this->modulus) > 0) {
         return false;
     return $this->_exponentiate($s);
Exemplo n.º 9
  * RSAVP1
  * See {@link http://tools.ietf.org/html/rfc3447#section-5.2.2 RFC3447#section-5.2.2}.
  * @access private
  * @param \phpseclib\Math\BigInteger $s
  * @throws \OutOfRangeException if $s < 0 or $s > $this->modulus
  * @return \phpseclib\Math\BigInteger
 function _rsavp1($s)
     if ($s->compare(self::$zero) < 0 || $s->compare($this->modulus) > 0) {
         throw new \OutOfRangeException('Signature representative out of range');
     return $this->_exponentiate($s);