[ Index ]

PHP Cross Reference of DokuWiki

title

Body

[close]

/vendor/phpseclib/phpseclib/phpseclib/System/SSH/Agent/ -> Identity.php (source)

   1  <?php
   2  /**
   3   * Pure-PHP ssh-agent client.
   4   *
   5   * PHP version 5
   6   *
   7   * @category  System
   8   * @package   SSH\Agent
   9   * @author    Jim Wigginton <terrafrost@php.net>
  10   * @copyright 2009 Jim Wigginton
  11   * @license   http://www.opensource.org/licenses/mit-license.html  MIT License
  12   * @link      http://phpseclib.sourceforge.net
  13   * @internal  See http://api.libssh.org/rfc/PROTOCOL.agent
  14   */
  15  
  16  namespace phpseclib\System\SSH\Agent;
  17  
  18  use phpseclib\System\SSH\Agent;
  19  
  20  /**
  21   * Pure-PHP ssh-agent client identity object
  22   *
  23   * Instantiation should only be performed by \phpseclib\System\SSH\Agent class.
  24   * This could be thought of as implementing an interface that phpseclib\Crypt\RSA
  25   * implements. ie. maybe a Net_SSH_Auth_PublicKey interface or something.
  26   * The methods in this interface would be getPublicKey and sign since those are the
  27   * methods phpseclib looks for to perform public key authentication.
  28   *
  29   * @package SSH\Agent
  30   * @author  Jim Wigginton <terrafrost@php.net>
  31   * @access  internal
  32   */
  33  class Identity
  34  {
  35      /**@+
  36       * Signature Flags
  37       *
  38       * See https://tools.ietf.org/html/draft-miller-ssh-agent-00#section-5.3
  39       *
  40       * @access private
  41       */
  42      const SSH_AGENT_RSA2_256 = 2;
  43      const SSH_AGENT_RSA2_512 = 4;
  44      /**#@-*/
  45  
  46      /**
  47       * Key Object
  48       *
  49       * @var \phpseclib\Crypt\RSA
  50       * @access private
  51       * @see self::getPublicKey()
  52       */
  53      var $key;
  54  
  55      /**
  56       * Key Blob
  57       *
  58       * @var string
  59       * @access private
  60       * @see self::sign()
  61       */
  62      var $key_blob;
  63  
  64      /**
  65       * Socket Resource
  66       *
  67       * @var resource
  68       * @access private
  69       * @see self::sign()
  70       */
  71      var $fsock;
  72  
  73      /**
  74       * Signature flags
  75       *
  76       * @var int
  77       * @access private
  78       * @see self::sign()
  79       * @see self::setHash()
  80       */
  81      var $flags = 0;
  82  
  83      /**
  84       * Default Constructor.
  85       *
  86       * @param resource $fsock
  87       * @return \phpseclib\System\SSH\Agent\Identity
  88       * @access private
  89       */
  90      function __construct($fsock)
  91      {
  92          $this->fsock = $fsock;
  93      }
  94  
  95      /**
  96       * Set Public Key
  97       *
  98       * Called by \phpseclib\System\SSH\Agent::requestIdentities()
  99       *
 100       * @param \phpseclib\Crypt\RSA $key
 101       * @access private
 102       */
 103      function setPublicKey($key)
 104      {
 105          $this->key = $key;
 106          $this->key->setPublicKey();
 107      }
 108  
 109      /**
 110       * Set Public Key
 111       *
 112       * Called by \phpseclib\System\SSH\Agent::requestIdentities(). The key blob could be extracted from $this->key
 113       * but this saves a small amount of computation.
 114       *
 115       * @param string $key_blob
 116       * @access private
 117       */
 118      function setPublicKeyBlob($key_blob)
 119      {
 120          $this->key_blob = $key_blob;
 121      }
 122  
 123      /**
 124       * Get Public Key
 125       *
 126       * Wrapper for $this->key->getPublicKey()
 127       *
 128       * @param int $format optional
 129       * @return mixed
 130       * @access public
 131       */
 132      function getPublicKey($format = null)
 133      {
 134          return !isset($format) ? $this->key->getPublicKey() : $this->key->getPublicKey($format);
 135      }
 136  
 137      /**
 138       * Set Signature Mode
 139       *
 140       * Doesn't do anything as ssh-agent doesn't let you pick and choose the signature mode. ie.
 141       * ssh-agent's only supported mode is \phpseclib\Crypt\RSA::SIGNATURE_PKCS1
 142       *
 143       * @param int $mode
 144       * @access public
 145       */
 146      function setSignatureMode($mode)
 147      {
 148      }
 149  
 150      /**
 151       * Set Hash
 152       *
 153       * ssh-agent doesn't support using hashes for RSA other than SHA1
 154       *
 155       * @param string $hash
 156       * @access public
 157       */
 158      function setHash($hash)
 159      {
 160          $this->flags = 0;
 161          switch ($hash) {
 162              case 'sha1':
 163                  break;
 164              case 'sha256':
 165                  $this->flags = self::SSH_AGENT_RSA2_256;
 166                  break;
 167              case 'sha512':
 168                  $this->flags = self::SSH_AGENT_RSA2_512;
 169                  break;
 170              default:
 171                  user_error('The only supported hashes for RSA are sha1, sha256 and sha512');
 172          }
 173      }
 174  
 175      /**
 176       * Create a signature
 177       *
 178       * See "2.6.2 Protocol 2 private key signature request"
 179       *
 180       * @param string $message
 181       * @return string
 182       * @access public
 183       */
 184      function sign($message)
 185      {
 186          // the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE
 187          $packet = pack('CNa*Na*N', Agent::SSH_AGENTC_SIGN_REQUEST, strlen($this->key_blob), $this->key_blob, strlen($message), $message, $this->flags);
 188          $packet = pack('Na*', strlen($packet), $packet);
 189          if (strlen($packet) != fputs($this->fsock, $packet)) {
 190              user_error('Connection closed during signing');
 191          }
 192  
 193          $length = current(unpack('N', fread($this->fsock, 4)));
 194          $type = ord(fread($this->fsock, 1));
 195          if ($type != Agent::SSH_AGENT_SIGN_RESPONSE) {
 196              user_error('Unable to retrieve signature');
 197          }
 198  
 199          $signature_blob = fread($this->fsock, $length - 1);
 200          $length = current(unpack('N', $this->_string_shift($signature_blob, 4)));
 201          if ($length != strlen($signature_blob)) {
 202              user_error('Malformed signature blob');
 203          }
 204          $length = current(unpack('N', $this->_string_shift($signature_blob, 4)));
 205          if ($length > strlen($signature_blob) + 4) {
 206              user_error('Malformed signature blob');
 207          }
 208          $type = $this->_string_shift($signature_blob, $length);
 209          $this->_string_shift($signature_blob, 4);
 210  
 211          return $signature_blob;
 212      }
 213  
 214      /**
 215       * String Shift
 216       *
 217       * Inspired by array_shift
 218       *
 219       * @param string $string
 220       * @param int $index
 221       * @return string
 222       * @access private
 223       */
 224      function _string_shift(&$string, $index = 1)
 225      {
 226          $substr = substr($string, 0, $index);
 227          $string = substr($string, $index);
 228          return $substr;
 229      }
 230  }