Super-small values of setTimeout (say, 0.01) can cause the timer to run negative. This eventually leads to negative values of $sec and $usec being passed to stream_select in the _get_channel_packet function, causing undefined behavior.

Specifically, I've seen it claim that a stream is readable when it isn't under these conditions.

This would ordinarily throw a warning, but your @ on stream_select masks that.

Adding in something like this just before you calculate $sec and $usec fixes it for me:

if ($this->curTimeout < 0.02) $this->curTimeout = 0.02;

Hello!

I try use phpseclib to upload files using sftp method (password auth).
When i using code from master repo i have error:

 Notice: Expected SSH_FXP_STATUS in /vendor/phpseclib/phpseclib/phpseclib/Net/SFTP.php on line 1370

When i used tagged 0.3.1 upload working, but is very slow (12mb in ~10minutes).

Any sugestion?

$sftp->mkdir('/var/www/vhost/easydev.pl/httpdocs/test');

creates var/www/vhost/easydev.pl/httpdocstest
after disabling _realpath function in mkdir, everything works as expected

When authenticating with SSH2 to a machine that allows keyboard-interactive logon with an empty password phpseclib doesn't authenticate. If I assume correctly it fails to understand it get's a prompt directly after the password.

Following notices/warnings and errors are present:

Warning: unpack(): Type C: not enough input, need 1, have 0 in phpseclib/Net/SSH2.php on line 1596
Warning: extract() expects parameter 1 to be array, boolean given in phpseclib/Net/SSH2.php on line 1596
PHP Notice: Undefined variable: type in phpseclib/Net/SSH2.php on line 1599
PHP Notice: Undefined variable: type in phpseclib/Net/SSH2.php on line 1657
PHP Notice: Undefined variable: type in phpseclib/Net/SSH2.php on line 1659

I have a script that uses phpseclib to connect to 900+ linux boxes. It runs remote commands and then inserts information into a database for inventory purposes. It's been working great up until couple of days ago, but for some reason started to hang on 4 machines.

It appears to be connecting, but hangs while executing remote commands and never times out and sits there until i manually stop it. Every other machine is working fine,

I am still able to manually ssh in all 4 machines, run commands, do whatever. they are all responding and there are no issues whatsoever.

$ssh = new Net_SSH2($host, 22, 30);
$ssh->setTimeout(30);

if (!$ssh->login('root', $key)) {
    echo $ssh->getLog();

} else {

    // bunch of commands defined here

     $response = array();
     foreach ($get_data as $type => $command) {
            $response[$type] = trim($ssh->exec($command));
        print_r($ssh->getLog());
        print_r($ssh->getErrors());

      }
       print_r($response);

}
$ssh->disconnect();

Logs produced are:

Array
(
    [0] => <-
    [1] => ->
    [2] => <- NET_SSH2_MSG_KEXINIT (0.0023s)
    [3] => -> NET_SSH2_MSG_KEXINIT (0s)
    [4] => -> NET_SSH2_MSG_KEXDH_INIT (0s)
    [5] => <- NET_SSH2_MSG_KEXDH_REPLY (0.0487s)
    [6] => -> NET_SSH2_MSG_NEWKEYS (0s)
    [7] => <- NET_SSH2_MSG_NEWKEYS (0s)
    [8] => -> NET_SSH2_MSG_SERVICE_REQUEST (0s)
    [9] => <- NET_SSH2_MSG_SERVICE_ACCEPT (0.0336s)
    [10] => -> NET_SSH2_MSG_USERAUTH_REQUEST (0s)
    [11] => <- NET_SSH2_MSG_USERAUTH_PK_OK (60) (0.012s)
    [12] => -> NET_SSH2_MSG_USERAUTH_REQUEST (0s)
    [13] => <- NET_SSH2_MSG_USERAUTH_SUCCESS (0.0026s)
    [14] => -> NET_SSH2_MSG_CHANNEL_OPEN (0s)
    [15] => <- NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION (0s)
    [16] => -> NET_SSH2_MSG_CHANNEL_REQUEST (0s)
    [17] => <- NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST (0s)
    [18] => <- NET_SSH2_MSG_CHANNEL_SUCCESS (0s)
    [19] => <- NET_SSH2_MSG_CHANNEL_DATA (0s)
    [20] => <- NET_SSH2_MSG_CHANNEL_EOF (0s)
    [21] => <- NET_SSH2_MSG_CHANNEL_REQUEST (0s)
    [22] => -> NET_SSH2_MSG_CHANNEL_EOF (0s)
    [23] => -> NET_SSH2_MSG_CHANNEL_CLOSE (0s)
    [24] => <- NET_SSH2_MSG_CHANNEL_CLOSE (0s)
)
Array
(
)
Array
(
    [0] => <-
    [1] => ->
    [2] => <- NET_SSH2_MSG_KEXINIT (0.0023s)
    [3] => -> NET_SSH2_MSG_KEXINIT (0s)
    [4] => -> NET_SSH2_MSG_KEXDH_INIT (0s)
    [5] => <- NET_SSH2_MSG_KEXDH_REPLY (0.0487s)
    [6] => -> NET_SSH2_MSG_NEWKEYS (0s)
    [7] => <- NET_SSH2_MSG_NEWKEYS (0s)
    [8] => -> NET_SSH2_MSG_SERVICE_REQUEST (0s)
    [9] => <- NET_SSH2_MSG_SERVICE_ACCEPT (0.0336s)
    [10] => -> NET_SSH2_MSG_USERAUTH_REQUEST (0s)
    [11] => <- NET_SSH2_MSG_USERAUTH_PK_OK (60) (0.012s)
    [12] => -> NET_SSH2_MSG_USERAUTH_REQUEST (0s)
    [13] => <- NET_SSH2_MSG_USERAUTH_SUCCESS (0.0026s)
    [14] => -> NET_SSH2_MSG_CHANNEL_OPEN (0s)
    [15] => <- NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION (0s)
    [16] => -> NET_SSH2_MSG_CHANNEL_REQUEST (0s)
    [17] => <- NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST (0s)
    [18] => <- NET_SSH2_MSG_CHANNEL_SUCCESS (0s)
    [19] => <- NET_SSH2_MSG_CHANNEL_DATA (0s)
    [20] => <- NET_SSH2_MSG_CHANNEL_EOF (0s)
    [21] => <- NET_SSH2_MSG_CHANNEL_REQUEST (0s)
    [22] => -> NET_SSH2_MSG_CHANNEL_EOF (0s)
    [23] => -> NET_SSH2_MSG_CHANNEL_CLOSE (0s)
    [24] => <- NET_SSH2_MSG_CHANNEL_CLOSE (0s)
    [25] => -> NET_SSH2_MSG_CHANNEL_OPEN (0s)
    [26] => <- NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION (0s)
    [27] => -> NET_SSH2_MSG_CHANNEL_REQUEST (0s)
    [28] => <- NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST (0s)
    [29] => <- NET_SSH2_MSG_CHANNEL_SUCCESS (0s)
    [30] => <- NET_SSH2_MSG_CHANNEL_DATA (0s)
    [31] => <- NET_SSH2_MSG_CHANNEL_REQUEST (0s)
    [32] => -> NET_SSH2_MSG_CHANNEL_EOF (0s)
    [33] => -> NET_SSH2_MSG_CHANNEL_CLOSE (0s)
    [34] => <- NET_SSH2_MSG_CHANNEL_EOF (0s)
    [35] => <- NET_SSH2_MSG_CHANNEL_CLOSE (0s)
)
Array
(
)

Any idea on how to fix this?

With the implementation of X.509, it seems that adding PGP encryption isn't a too-distant future possibility.

https://github.com/singpolyma/openpgp-php
https://github.com/roundcube/roundcubemail/tree/master/plugins/enigma/lib/Crypt

hehe ;)

thx for the fix: #12

but this is not right too ;)

1. plz change the order, first check "class_exits" and than "function_exists" -> class will always not exists, so the autoloader will call, after the autoloader has load the file, the class dosn't exists anymore, so will check with "function_exists" and it will return "true" and all will fine, so change it to:

/**
* Include Crypt_Random
*/
// the class_exists() will only be called if the crypt_random function hasn't been defined and
// will trigger a call to __autoload() if you're wanting to auto-load classes
if (!class_exists('Crypt_Random') && !function_exists('crypt_random')) {
    require_once('Crypt/Random.php');
}

1. you ask about, how to use my autoloader ? i know, it is a "abstract" class, so you can't initalisise a instance of it and you dont need it and you dont need to extend it, just call it static ;) in my case (Symfony 2):

PHPSecLibAutoloader::registerAutoload($appRoot.'/../vendor/phpseclib/phpseclib/');

so always think about "KIS" -> keep it simple ;):P

greez,
sky...

I'd put in a pull request, but I'm not sure if this is something this project desires. user_error is un-catchable, so using phpseclib in a framework like Yii is pretty tough should there be any errors (Yii will throw up a big error page).

I went ahead and forked this repo and made the necessary changes at slowbro/phpseclib - but I have a feeling these changes will cause a lot of headache for anyone upgrading.

What are your guys' thoughts on this? Do you desire Exceptions to be part of phpseclib? I'd love to help this project out in any way possible- I've been using it for years now and it's been a huge help!

-Katelyn

hello,

It seems that the optional parameter int($length) do not work with the SFTP function get() in the last version from github (phpseclib/phpseclib).

Test script:

[code]
include('phpseclib/SFTP.php');

$host = '192.168.1.100';
$port = '22';
$user = '***';
$pass = ***';
$path = '/home/warhawk/application-x-executable.png';

$sftp = new Net_SFTP('192.168.1.100');
if (!$sftp->login($user, $pass)) {
exit('Login Failed');
}

echo strlen($sftp->get( $path, FALSE, 0, 8192 ));
[/code]

Expected result:

8192

Actual result:

12351 (filesize)

Best regards,
warhawk3407

Currently it seems to be impossible to hash, say a 1 GiB file, if it doesn't fit into PHP memory. Progressive hashing would allow the file to be hashed piece by piece as it is read.

I would like to add a configuration parameter for open persistent connection.

I tried this code from : http://phpseclib.sourceforge.net/ssh/examples.html

I am getting this output:

Warning: unpack(): Type N: not enough input, need 4, have 0 in /opt/capstone/phpseclibtest/Net/SSH2.php on line 974 Warning: unpack(): Type N: not enough input, need 4, have 0 in /opt/capstone/phpseclibtest/Net/SSH2.php on line 977 Warning: unpack(): Type N: not enough input, need 4, have 0 in /opt/capstone/phpseclibtest/Net/SSH2.php on line 980 Warning: unpack(): Type N: not enough input, need 4, have 0 in /opt/capstone/phpseclibtest/Net/SSH2.php on line 983 Warning: unpack(): Type N: not enough input, need 4, have 0 in /opt/capstone/phpseclibtest/Net/SSH2.php on line 986 Warning: unpack(): Type N: not enough input, need 4, have 0 in /opt/capstone/phpseclibtest/Net/SSH2.php on line 989 Warning: unpack(): Type N: not enough input, need 4, have 0 in /opt/capstone/phpseclibtest/Net/SSH2.php on line 992 Warning: unpack(): Type N: not enough input, need 4, have 0 in /opt/capstone/phpseclibtest/Net/SSH2.php on line 995 Warning: unpack(): Type N: not enough input, need 4, have 0 in /opt/capstone/phpseclibtest/Net/SSH2.php on line 998 Warning: unpack(): Type C: not enough input, need 1, have 0 in /opt/capstone/phpseclibtest/Net/SSH2.php on line 1001 Warning: extract() expects parameter 1 to be array, boolean given in /opt/capstone/phpseclibtest/Net/SSH2.php on line 1001 Notice: Undefined variable: first_kex_packet_follows in /opt/capstone/phpseclibtest/Net/SSH2.php on line 1002 Login Failed

Hi there

define('CRYPT_AES_MODE',CRYPT_AES_MODE_INTERNAL);
$aes = new Crypt_AES(CRYPT_AES_MODE_CFB);
$aes->enableContinuousBuffer();
$plaintext = '12345678901234567';
for($i=0; $i<strlen($plaintext); $i++) {
 echo $aes->Decrypt($aes->Encrypt($plaintext[$i]));
}

Output is:
1234567890123456E

Expected:
12345678901234567

(When using CRYPT_AES_MODE_MCRYPT it works)

Any idea?
Thank you

Hello,

It seems that since the latest commit, nlist() has a bug with an undefined var filetype.

Here is my xdebug log:

Notice: Undefined variable: filetype in C:\wamp\www\php_dev\phpseclib\SFTP.php on line 1898 Call Stack \# Time Memory Function Location 1 0.0005 250488 {main}( ) ..\test.php:0 2 0.3487 3785240 Net_SFTP->nlist( ) ..\test.php:23 3 0.3487 3785320 Net_SFTP->_list( ) ..\SFTP.php:642 4 0.3507 3794440 Net_SFTP->_parseAttributes( ) ..\SFTP.php:722

Test Script (test.php):
[code]
include('phpseclib/SFTP.php');

$host = '192.168.1.100';
$port = '22';
$user = '***';
$pass = ***';
$path = '/home/warhawk/';

$sftp = new Net_SFTP($host, $port);
if (!$sftp->login($user, $pass)) {
exit('Login Failed');
}

print_r($sftp->nlist($path));
[/code]

Best regards,
warhawk3407

I'm using this fine library to transfer files and/or run commands that return a lot of data. As such, I needed to show a progress indicator in my own script. Although phpseclib reads asynchronously, the exec() (and some other methods) block the whole script until it finishes.

I was able to get around this issue by overloading the _get_channel_packet method to update the progress indicator.

This makes it apparent that this class misses a feature, that of events. It would be nice if one could use the following code:

// connect & login
$ssh = new Net_SSH2($host);
$ssh->login($user, $pass);

// get file size
$size = explode(' ', str_replace(chr(9), ' ', $ssh->exec('ls -al data.zip')));
$size = (int)$size[4];
$curr = 0;

// get file async with progress
$ssh->on('read_part', function($buffer)use($size, $curr){
    $curr += strlen($buffer);
    echo number_format($curr / $size * 100, 2).'%';
    return $buffer; // give the developer a chance to mess with the buffer, or clear it if necessary*
});
$data = $ssh->exec('cat data.zip');

// clear event handler
$ssh->on('read_part');

PS: Sometimes I would want to print out the data returned from the remote host directly (or save it into a file).
*This is especially the case where I'm receiving a huge file; it's better to save the chunks into a file than leave it memory (to be returned later on by ->exec()).

Most of the Crypt_* files contain an PBKDF2 implementation in the setPassword() function. All these implementations are similar to each other, almost copy/paste.

Especially add Elliptic Curve Diffie-Hellman Key Exchange to Net_SSH2.
http://tools.ietf.org/html/rfc5656

Hello, phpseclib-guys

As i mentioned in IRC, i experienced some problems with using the pear-channel of phpseclib today. I couldn't discover the channel via pear channel-discover, because it failed with:

Error: No version number found in tag
Discovering channel phpseclib.sourceforgen.net over http:// failed with message: channel-add: invalid channel.xml file
Trying to discover channel phpseclib.sourceforgen.net over https:// instead
Discovery of channel "phpseclib.sourceforgen.net" failed (channel-add: Cannot open "https://phpseclib.sourceforgen.net/channel.xml" (Connection to `phpseclib.sourceforgen.net:443' failed: Connection refused))

After that i tried to channel-discover pear.phing.info, just to verify it's not a problem with my pear installation. This worked.

I tried to get phpseclib.sourceforge.net/channel.xml via wget -> worked
I tried to get phpseclib.sourceforge.net/channel.xml via curl -> didn't work

I verified this bug by asking a friend if he could reproduce the scenario from another internet connection. Same behaviour there.

My Setup:
Debian squeeze
wget 1.12
curl 7.12.0
pear 1.9.1 (also tested with 1.9.4)

My Friend's setup:
Arch
wget 1.14
curl 7.28.1
pear 1.9.4

But now to the funny and confusing part:

If i do the following, it works:
Step 1: wget http://phpseclib.sourceforge.net/channel.xml
Step 2: pear channel-discover phpseclib.sourceforge.net

In the output of wget we can see a few HTTP-redirects to the final channel.xml-file:

--2013-01-19 19:41:52-- http://phpseclib.sourceforge.net/channel.xml
Resolving phpseclib.sourceforge.net... 216.34.181.96
Connecting to phpseclib.sourceforge.net|216.34.181.96|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: /QQRRN/channel.xml [following]
--2013-01-19 19:41:52-- http://phpseclib.sourceforge.net/QQRRN/channel.xml
Connecting to phpseclib.sourceforge.net|216.34.181.96|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: /channel.xml [following]
--2013-01-19 19:41:52-- http://phpseclib.sourceforge.net/channel.xml
Connecting to phpseclib.sourceforge.net|216.34.181.96|:80... connected.
HTTP request sent, awaiting response... 200 OK

curl itself (which is used by pear) does not follow redirections by default (the commandline tool is able to do that via the switch -L). Maybe this is a problem of sourceforge and their internal organization.
We cannot exactly figure out, why wgetting the channel.xml first solves the problem, but we assume it's kind of a cache-issue.
It would be nice to see this problem solved. I hope our investigations are of help, we invested quite some time figuring stuff out. :P

Greets grindhold and devkral

Hi,

Crypt_Blowfish from phpseclib http://phpseclib.sourceforge.net/pear.htm conflicts with Crypt_Blowfish from PEAR http://pear.php.net/package/Crypt_Blowfish/

Could it be renamed?

Regards

David

I know phpseclib has been around for ages, and it's been an awesome library.

However, given the age of the project, and the changes that have happened in the PHP core/community over the course of time, is there any chance for updating the code base to follow PSR-0 (possibly 1 & 2 as well) - and updating the code to be more PHP 5.4 friendly?

Some examples of what I mean by PHP 5.4 friendly are:

• Using constants as class-members, rather than globals. This allows for autoloading of the class without having to have included it before hand (the constants wouldn't be available otherwise)
• Namespaces instead of PEAR-style class names
• 100% Utilization of composer & packagist
• Assumption of autoloading

All just examples, some of which have been fully implemented (or are being implemented). If these types of things can be implemented, I'm more than willing to contribute a lot of it as well.

Hi Terra,
as mentioned last time there is a small non-urgent memory related bug in mode CTR and OFB using
enableContinuousBuffer() filling $[en|de]buffer over.

All block cipher affected.

To demonstrate it using DES:

define('CRYPT_DES_MODE', CRYPT_DES_MODE_INTERNAL);
$cipher_mode_ctr = new Crypt_DES(CRYPT_DES_MODE_CTR);
$cipher_mode_ctr->enableContinuousBuffer();

$cipher_mode_ofb = new Crypt_DES(CRYPT_DES_MODE_OFB);
$cipher_mode_ofb->enableContinuousBuffer();
while (1) {
    $cipher_mode_ctr->encrypt('a');
    echo 'encrypt, mode: ctr, strlen(enbuffer[encrypted]):  '.strlen($cipher_mode_ctr->enbuffer['encrypted'])."\n";

    $cipher_mode_ctr->decrypt('a');
    echo 'decrypt, mode: ctr, strlen(debuffer[ciphertext]): '.strlen($cipher_mode_ctr->debuffer['ciphertext'])."\n";

    $cipher_mode_ofb->encrypt('a');
    echo 'encrypt, mode: ofb, strlen(enbuffer[xor]):        '.strlen($cipher_mode_ofb->enbuffer['xor'])."\n";

    $cipher_mode_ofb->decrypt('a');
    echo 'decrypt, mode: ofb, strlen(debuffer[xor]):        '.strlen($cipher_mode_ofb->debuffer['xor'])."\n";
}

I was not able to fix it.
Maybe you can check it if you have time.

Schöne Grüße
Hans-Jürgen :-)

hiho!

thx for the fix: #11

but that miss the mark :( for the spl-autoloading it is needing that a class is requested, so only the "function_exists" don't call the autoloader. please let the "class_extists" for the random function, like i wrote:

/**
 * Include Crypt_Random
 */
if (!class_exists('Crypt_Random') && !function_exists('crypt_random')) {
    require_once('Crypt/Random.php');
}

so will call the spl-autoloader and all works fine ;) thx!

greez & thx,
sky...

This is more of a feature request, but it would be nice if "stdin: is not a tty" was removed from the output automatically. I don't have access to .bashrc, and so I have to manually remove this error:

str_replace( 'stdin: is not a tty', '', $ssh->exec('pwd') );

This is pretty lame/clunky.

Thanks for your consideration.

Hi,

We are using phpseclib for our internal app deployment and we just updated to the latest version of the library (master branch) and everything seemed to be fine.

But on some servers something goes wrong.

The deployment itself works fine (connecting/mkdir/upload/delete) but it generated this PHP error:

Severity: Warning
Message: mcrypt_generic(): 343 is not a valid MCrypt resource
Filename: Crypt/RC4.php
Line Number: 360

When we revert back to the old version of the library, every single server works fine:
@Version $Id: SSH2.php,v 1.53 2010-10-24 01:24:30 terrafrost Exp $

Note: Using a password as the authentication method.

Not sure if i am providing enough information to properly debug this.

Thanks!

In v0.3.1 in the file Net/SFTP.php on line 1570 the variable "$status" is reported as being used before being set. I noticed that where used in other methods it is preceded with the "extract()" function. I've commented out the lines in my own copy to allow the script to run.

require PROJECT_ROOT.'/lib/Net/SFTP.php';
require PROJECT_ROOT.'/lib/Crypt/RSA.php';
define('NET_SFTP_LOGGING', NET_SFTP_LOG_SIMPLE);

$key    = new Crypt_RSA();
$key->loadKey( file_get_contents('/root/.ssh/id_rsa') );

$sftp   = new Net_SFTP( 'etc.etc.businesstone.net' );
if( !$sftp->login('myusername', $key) )
    //  login error handler

When using pear channel to install Crypt_random using:

pear channel-discover phpseclib.sourceforge.net
pear install phpseclib/Crypt_Random

I get

Validation Error: Invalid tag order in , found expected one of "extension"
Parsing of package.xml from file "/var/tmp/pearTrjZRy/package.xml" failed
Download of "phpseclib/Crypt_Random" succeeded, but it is not a valid package archive
Error: cannot download "phpseclib/Crypt_Random"

pear version returns:
PEAR Version: 1.9.4
PHP Version: 5.3.3
Zend Engine Version: 2.3.0

This is the latest version on RHEL 6.4

I was able to get around by forcing the 0.3.1 install:
pear install http://phpseclib.sourceforge.net//get/Crypt_Random-0.3.1.tgz

Hi there,

there is, imho, an inconsistency in the current Crypt_AES implementation using 160-bits or 224-bits keys.

If i understand phpseclib right, Crypt_AES, as a Crypt_Rijndael class extension, is also meant to support 160-bits or 224-bits keys, as Crypt_Rijndael does... as an AES extention feature... even if it's not official defined in AES.

Personaly, i like this idea (supporting 160/224-bits keys), as a AES/Rijndael cipher extention.

But...
For the phpseclib users there is an inconsistency in this.

Because phpseclib internaly use, if available, the mcrypt php-extention, otherwise it's internal implementation of AES.

So in case of MODE_MCRYPT ... mcrypt is not able to use 160/224-bits keys, so this keys will be \0 padded to the next possible length of 192/256bits.
while phpseclib, in MODE_INTERNAL, is able to use the 160/224-bits keys.

This results in different ciphertexts, depends of the availibility of mcrypt.

This script will demonstrate it:
(Note: runkit is required to run it, or you have to rewrite it and call it twice, one time with MODE_MCRYPT and one time with MODE_INTERNAL)

require_once('Crypt/AES.php');

$key = '12345678901234567890'; // 160bits key
$plaintext = str_repeat('a', 16);


define('CRYPT_AES_MODE', CRYPT_AES_MODE_INTERNAL);
$aes = new Crypt_AES(CRYPT_AES_MODE_ECB);
$aes->setKey($key);
// $aes->setKeyLength(160);
echo 'MODE_INTERNAL  [keylen='.strlen($key).']: ' . md5($aes->encrypt($plaintext)) . "\n";


runkit_constant_remove('CRYPT_AES_MODE');
define('CRYPT_AES_MODE', CRYPT_AES_MODE_MCRYPT);
$aes = new Crypt_AES(CRYPT_AES_MODE_ECB);
$aes->setKey($key); 
// $aes->setKeyLength(160);
echo 'MODE_MCRYPT    [keylen='.strlen($key).']: ' . md5($aes->encrypt($plaintext)) . "\n";

Output:

MODE_INTERNAL  [keylen=20]: e4ad60ab5ad1d195e73896145957e4d7
MODE_MCRYPT    [keylen=20]: 3c7845a06c42b499a350edece42720d5

Expected (if a 160-bits key should be supported):

MODE_INTERNAL  [keylen=20]: e4ad60ab5ad1d195e73896145957e4d7
MODE_MCRYPT    [keylen=20]: e4ad60ab5ad1d195e73896145957e4d7

It's possible to avoid this inconsistency in different ways.

One way might be to give up the 160/224-bits keys support/extention in Crypt_AES. (which, personally, i not prefere)

Another way might be, internaly, switch always, whether mcrypt is available or not, at runtime, to MODE_INTERNAL if using 160/224-bits keys in Crypt_AES to ensure always the same ciphertext.
(This i prefere)

And/Or additional: Only handle 160/224-bits keys if setKeyLength() explicit is set to 160 or 224. If not, then phpseclib should \0 pad this 160/224-bits keys to 192/256 bits as mcrypt it does.

I think that would be the best way. Only handle 160/224-bits keys as real 160/224-bits keys, and therefore switching to (the slower) MODE_INTERNAL, if setKeyLength(160|224) is explicit called for 160/224-bits keys.

What do you think about this issue?

If this is an issue have to fix it, i will do the work when times permit (in the Crypt_Base branch... because since Crypt_Base it's, internaly, much easyer to switch, at run time, between MODE_INTERNAL and MODE_MCRYPT vice versa)

I have figured out the issue. In order to get a valid certificate, you MUST call $x509->setSerialNumber("0"). Otherwise phpseclib will insert a 0-length integer into the certificate (which is illegal BER encoding). You should change the default behavior. (By valid I mean something that will not produce 'Invalid Certificate' when used with an SSL connection).

Or you should at least change the sample code on the website to make setting the serial mandatory:

include('File/X509.php');
include('Crypt/RSA.php');

// create private key / x.509 cert for stunnel / website
$privKey = new Crypt_RSA();
extract($privKey->createKey());
$privKey->loadKey($privatekey);

$pubKey = new Crypt_RSA();
$pubKey->loadKey($publickey);
$pubKey->setPublicKey();

$subject = new File_X509();
$subject->setDNProp('id-at-organizationName', 'phpseclib demo cert');
//$subject->removeDNProp('id-at-organizationName');
$subject->setPublicKey($pubKey);

$issuer = new File_X509();
$issuer->setPrivateKey($privKey);
$issuer->setDN($subject->getDN());

$x509 = new File_X509();
//$x509->setStartDate('-1 month'); // default: now
//$x509->setEndDate('+1 year'); // default: +1 year

$result = $x509->sign($issuer, $subject);
echo "the stunnel.pem contents are as follows:\r\n\r\n";
echo $privKey->getPrivateKey();
echo "\r\n";
echo $x509->saveX509($result);
echo "\r\n";
?>

Certificate example:

-----BEGIN CERTIFICATE-----
MIIB7jCCAVmgAwIBAgIAMAsGCSqGSIb3DQEBBTAeMRwwGgYDVQQKDBNwaHBzZWNs
aWIgZGVtbyBjZXJ0MCIYDzIwMTMwNjI5MTYyNTA4WhgPMjAxNDA2MjkxNjI1MDha
MB4xHDAaBgNVBAoME3BocHNlY2xpYiBkZW1vIGNlcnQwgZ0wCwYJKoZIhvcNAQEB
A4GNADCBiQKBgQDMIXyqM/wQYzkz/2bUf8VD07ViR02PF0eKp7h9WeqM+RD0Csl9
dbNLpnwJq8SVA6oPcWLzT5IvdQhDk55m+TLx1prdSniWouiYZ21IkbmZhwdpTR8q
lezHDXowxe5+ehZGPHZxLZvcaaaf6jMf67+8e45IxH5zYbkGg1s6+LG5zwIDAQAB
oz8wPTALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU68SW
ll6RhoQt5PbLgLE1aXlv0NEwCwYJKoZIhvcNAQEFA4GBAGNJaiqQV90RqFJTFGMZ
xaAQOzlHjZ09WGbHGoQ/PNPqwOB2RBUEaBkmOW5/Ync5GuZx6HE6KwseEqQ3w1BB
QND5HkgELtN8adH/fn382tGhQN67MGhZ0xekiZwrsE3FJ7AsfrojtRu4sqeR/BrZ
vIZ68dpTBJn8/xwfHBxZveMt
-----END CERTIFICATE-----

hiho...

i have written a autoloader for phpseclib for symfony 2. here are the code:

namespace SkyDiablo\PHPSecLibBundle;

abstract class PHPSecLibAutoloader {

    static $phpseclibPath;
    private static $classPrefix = array(
        'Crypt',
        'File',
        'Math',
        'Net'
    );

    public static function autoload($class) {
        $classParts = explode('_', $class, 2);
        if (is_array($classParts) && count($classParts) == 2) {
            $folder = $classParts[0];
            $className = $classParts[1];
            if (in_array($folder, static::$classPrefix)) {
                $path = static::$phpseclibPath . $folder . '/' . $className . '.php';
                if (file_exists($path)) {
                    require $path;
                }
            }
        }
    }

    public static function registerAutoload($phpseclibPath) {
        static::$phpseclibPath = $phpseclibPath;
        spl_autoload_register(array('SkyDiablo\PHPSecLibBundle\PHPSecLibAutoloader', 'autoload'));
    }

}

all works fine! except to include the "Random.php", look at "Net_SSH2" class, there will by it include like this:

/**
 * Include Crypt_Random
 */
if (!class_exists('Crypt_Random')) {
    require_once('Crypt/Random.php');
}

but "Crypt_Random" isn't a class and so, the "if" will always go to the "require_once"... in my way, this crash:

Failed opening required 'Crypt/Random.php' 

so my advice, just add a function_exists call like this:

/**
 * Include Crypt_Random
 */
if (!class_exists('Crypt_Random') && !function_exists('crypt_random')) {
    require_once('Crypt/Random.php');
}

this fix the issue and all are happy :D this autoloader works too with this patch: #10

greez & thx,
sky...

Not sure how to recompile PHP with GMP support on travis. You can not install it via pecl and probably can not install it via aptitude.

Also see travis-ci/travis-ci#511 (comment)

http://php.net/manual/en/language.oop5.decon.php

__construct() is the preferred naming, and naming after the class is a fallback "old style".

Also:

"As of PHP 5.3.3, methods with the same name as the last element of a namespaced class name will no longer be treated as constructor. "

While you are not using namespaces presently, it would be better to be proactive.

In validateDate(), two notices are produced:

Notice: Undefined index: generalTime in [...]/File/X509.php on line 1559
Notice: Undefined index: generalTime in [...]/File/X509.php on line 1564

Lines to modify :

$notBefore = @$this->currentCert['tbsCertificate']['validity']['notBefore']['generalTime'];
//[...]
$notAfter = @$this->currentCert['tbsCertificate']['validity']['notAfter']['generalTime'];

In Rijndael.php:766 (and: 865, 887) and in the other ciphermods...
shouldn't it be: if (strlen($buffer['xor'])) instaed of if (!empty($buffer['xor'])) ?

Because if $buffer['xor'] = chr(48) then !empty($buffer['xor']) returns false, while true is expected.

I generate a X509 file and use setStartDate and setEndDate functions but it my be not work with validity. So I changed:
function setStartDate($date)
{
$this->startDate = @Date('M j H:i:s Y T', @strtotime($date));
}
to
function setStartDate($date)
{
$this->startDate = @Date('D, j M y H:i:s O', @strtotime($date));
}
and it worked fine!
setEndDate function is the same!

How do i fix this? Removing banners from ssh hosts is not an option.

PHP Notice:  Cannot connect to host.example.com Banner timeout in /path/to/Net/SSH2.php on line 793

thanks.

PHP Notice: Undefined variable: status in php-seclib-0.3.1/Net/SFTP.php on line 1570

This is a continuation of my earlier question.

When I do $ssh->exec("cat file.zip"), the download file is somehow corrupted.

Unfortunately, I can't check what exactly is going wrong (I'll try to write a testcase soon).

Could this be because of non-standard characters (binary data) passing through SSH?

I got an "undefined index -1" notice in SSH2.php when I used phpseclib in my CakePHP code integrated through composer (autoloading).
While the pretty much same code with a simple include/require didn't throw that notice.
Anyway I think I've found a simple solution.
Going to create a pull request for that...

While working on the 5.3+ branch with kea, I decided to make some more unit tests for Crypt_* so I know I'm not just breaking everything.

I stumbled upon an error that's actually in your master- with DES and MODE_OFB. I think this trickles into TripleDES (I am getting some failures with it MODE_3CBC- but I will save that for another issue!)

Test code, straight(ish) from the docs:

<?php
$cipher = new Crypt_DES(CRYPT_DES_MODE_OFB);
$cipher->setKey('abcdefgh');
$plaintext = "supersecret";

var_dump($cipher->decrypt($cipher->encrypt($plaintext)));

Expected:
string(11) "supersecret"

Given:
bool(false)

All other modes in Crypt_DES work as expected- only OFB has this error.

phpseclib / Crypt / DES.php

line:294
function Crypt_DES($mode = CRYPT_MODE_DES_CBC)

should be ====>

function Crypt_DES($mode = CRYPT_DES_MODE_CBC)

When i try to copy a remote file to a local filesystem, this error pops up:

Notice: Undefined variable: status in C:\xampp\htdocs\phpseclib\Net\SFTP.php on line 1572.

the test script is:
[code]
set_include_path(get_include_path() . PATH_SEPARATOR . 'phpseclib');

include('Net/SFTP.php');

$sftp = new Net_SFTP('192.168.10.5');
if (!$sftp->login('_', '_***')) {
exit('Login Failed');
}

$sftp->get('../_///_**/INPUTS/inputID109.csv', 'C:\temp\teste.csv');
[/code]

Am I doing something wrong?

Hi there
finished, as discussed last time, with class Crypt_Base()... the base cipher class.
Currently it is available here: https://github.com/petrich/phpseclib/tree/Crypt_Base

100% compatible to the current phpseclib Crypt/_.php's and strong tested
on Win/_nix, 32/64bit, php4, php 5.0 / 5.1 / 5.2 / 5.3 / 5.4 / 5.5

Maybe you can test it in your dev env also. But it should work all out of the box.
What do you think? From my side, it's ready to merge.

Advantages:

• Better code maintaining
• Reducing source code of each Crypt/*.php... averagely about 40% for each cipher
• Mode of operatons generalized: Adding new modes, or bugfixing/optimizing current ones, affects all block ciphers
• Easyer to add new Crypt/*.php ciphers

Disadvantages:

• one additional require_once('Base.php') for each Crypt/*.php

Beside implementing Crypt_Base(), i could optimized the performance of each cipher up to 70% and, for the most, reducing memory usage of the cipher $objects... up to 95%.

Below my benchmark results for each cipher compared to the current ones:

The benchmark script was encrypting and decrypting 1MB of data, each time with- and without enabledContinuousBuffer().
Memory usage was checked after creating concurrently 100 x new $cipher() objects.

Results compared to the current phpseclib, in %
-----------------------------------------------
Crypt_AES / Crypt_Rijndael:
en/decrypt     : + 3% faster  [disabledContinuousBuffer()]
en/decrypt [CB]: + 3% faster  [CB = enabledContinuousBuffer(), partitionsize: randomly 1-50 bytes]
Memory usage   : -95% 
Source codesize: -60% [AES.php]
Source codesize: -20% [Rijndael.php]

Crypt_RC4:
en/decrypt     : +23% faster
en/decrypt [CB]: +50% faster
Memory usage   : +10%
Source codesize: -30%

Blowfish:
en/decrypt     : + 2% faster
en/decrypt [CB]: +70% faster
Memory usage   : + 1%
Source codesize: -50%

Twofish:
en/decrypt     : +15% faster
en/decrypt [CB]: +35% faster
Memory usage   : +2%
Sourcecode size: -40%

3DES:
en/decrypt     : +28% faster (update)
en/decrypt [CB]: +40% faster (update)
Memory usage   : -60%
Sourcecode size: -60%

DES:
en/decrypt     : + 3% faster
en/decrypt [CB]: +18% faster
Memory usage   : -20%
Sourcecode size: -30%



Benchmark result values with the new phpseclib [with Crypt_Base()]:
-------------------------------------------------------------------
Crypt_AES:       1MB en/decrypt time usage: 2.76
Crypt_AES:       1MB en/decrypt time usage: 4.47    [enableContinuousBuffer() random 1-50 byte buffer]
Crypt_AES:       Memory usage 100 objects:  0.9 MB

Crypt_RC4:       1MB en/decrypt time usage: 1.93
Crypt_RC4:       1MB en/decrypt time usage: 2.15    [enableContinuousBuffer() random 1-50 byte buffer]
Crypt_RC4:       Memory usage 100 objects:  2.3 MB

Crypt_Blowfish:  1MB en/decrypt time usage: 2.7
Crypt_Blowfish:  1MB en/decrypt time usage: 3.8    [enableContinuousBuffer() random 1-50 byte buffer]
Crypt_Blowfish:  Memory usage 100 objects:  8.6 MB

Crypt_Twofish:   1MB en/decrypt time usage: 3.01
Crypt_Twofish:   1MB en/decrypt time usage: 4.77    [enableContinuousBuffer() random 1-50 byte buffer]
Crypt_Twofish:   Memory usage 100 objects:  5.6 MB

Crypt_TripleDES: 1MB en/decrypt time usage: 15.72 (update)
Crypt_TripleDES: 1MB en/decrypt time usage: 20.21 (update)    [enableContinuousBuffer() random 1-50 byte buffer]
Crypt_TripleDES: Memory usage 100 objects:  1.7 MB

Crypt_DES:       1MB en/decrypt time usage: 6.53
Crypt_DES:       1MB en/decrypt time usage: 8.47    [enableContinuousBuffer() random 1-50 byte buffer]
Crypt_DES:       Memory usage 100 objects:  0.8 MB

chksum = b3bb9dc8be3adb67389f8a7649eda025



Benchmark result values with the current phpseclib:
---------------------------------------------------
Crypt_AES:       1MB en/decrypt time usage: 2.85
Crypt_AES:       1MB en/decrypt time usage: 4.62    [enableContinuousBuffer() random 1-50 byte buffer]
Crypt_AES:       Memory usage 100 objects:  21.4 MB

Crypt_RC4:       1MB en/decrypt time usage: 2.52
Crypt_RC4:       1MB en/decrypt time usage: 4.44    [enableContinuousBuffer() random 1-50 byte buffer]
Crypt_RC4:       Memory usage 100 objects:  2.1 MB

Crypt_Blowfish:  1MB en/decrypt time usage: 2.78
Crypt_Blowfish:  1MB en/decrypt time usage: 12.17    [enableContinuousBuffer() random 1-50 byte buffer]
Crypt_Blowfish:  Memory usage 100 objects:  8.5 MB

Crypt_Twofish:   1MB en/decrypt time usage: 3.5
Crypt_Twofish:   1MB en/decrypt time usage: 7.36    [enableContinuousBuffer() random 1-50 byte buffer]
Crypt_Twofish:   Memory usage 100 objects:  5.5 MB

Crypt_TripleDES: 1MB en/decrypt time usage: 21.85
Crypt_TripleDES: 1MB en/decrypt time usage: 34.15    [enableContinuousBuffer() random 1-50 byte buffer]
Crypt_TripleDES: Memory usage 100 objects:  4.2 MB

Crypt_DES:       1MB en/decrypt time usage: 6.74
Crypt_DES:       1MB en/decrypt time usage: 10.34    [enableContinuousBuffer() random 1-50 byte buffer]
Crypt_DES:       Memory usage 100 objects:  1 MB

chksum = b3bb9dc8be3adb67389f8a7649eda025

Benchmark script used:

require_once('Crypt/AES.php');
require_once('Crypt/Twofish.php');
require_once('Crypt/Blowfish.php');
require_once('Crypt/TripleDES.php');
require_once('Crypt/RC4.php');

define('CRYPT_AES_MODE',      CRYPT_AES_MODE_INTERNAL);
define('CRYPT_BLOWFISH_MODE', CRYPT_BLOWFISH_MODE_INTERNAL);
define('CRYPT_TWOFISH_MODE',  CRYPT_TWOFISH_MODE_INTERNAL);
define('CRYPT_DES_MODE',      CRYPT_DES_MODE_INTERNAL);
define('CRYPT_RC4_MODE',      CRYPT_RC4_MODE_INTERNAL);

$chk = md5('a');
foreach (array('Crypt_AES', 'Crypt_RC4', 'Crypt_Blowfish', 'Crypt_Twofish', 'Crypt_TripleDES', 'Crypt_DES') as $classname) 
 {
    $s = microtime(true);
    $cipher = new $classname();
    $cipher->setKey('1234567890123456');
    $cipher->decrypt($cipher->encrypt(str_repeat('a', 1024 * 1024)));
    $e = microtime(true); 
    echo str_pad("$classname:", 16) . " 1MB en/decrypt time usage: " . round($e - $s, 2) . "\n";


    $cipher->enableContinuousBuffer();
    $s = microtime(true);
    $bytes = 1024 * 1024;
    mt_srand(1);
    while ($bytes > 0) {
        $len = mt_rand(1, 50);
        $bytes-= $len;
        $cipher->decrypt($cipher->encrypt($buf = str_repeat('a', $len)));
    }
    $e = microtime(true); 
    echo str_pad("$classname:", 16) . " 1MB en/decrypt time usage: " . round($e - $s, 2) . "    [enableContinuousBuffer() random 1-50 byte buffer]\n";


    $cipher->disableContinuousBuffer();
    $max_obj = 100;
    $objs = array();
    $mem_s = memory_get_usage();
    for ($i = 0; $i < $max_obj; $i++) {
        $objs[$i] = new $classname();
        $objs[$i]->setKey('1234567890123456');
        $objs[$i]->decrypt($objs[$i]->encrypt(str_repeat('a', mt_rand(1, 10000))));
    }
    $mem_e = memory_get_usage();
    $objs = array();
    echo str_pad("$classname:", 16) . " Memory usage $max_obj objects:  " . round(($mem_e - $mem_s) / 1024 / 1024, 1) . " MB\n";


    $cipher->disablePadding();
    $chk = md5($cipher->encrypt($chk));
    $cipher->setKey($chk);
    $chk = md5($cipher->decrypt($chk));
    foreach (array('ECB','CBC','CTR','OFB','CFB') as $mode) 
    {
        $cipher = new $classname(constant('CRYPT_AES_MODE_' . $mode));
        $cipher->setKey($chk);
        $cipher->disablePadding();
        $chk = md5($cipher->encrypt($chk));
        $chk = md5($cipher->decrypt($chk));

        $cipher->enableContinuousBuffer();
        $chk = md5($cipher->encrypt($chk));
        $chk = md5($cipher->decrypt($chk));
    }
    echo "\n";
 }
echo "chksum = ".md5($chk)."\n\n";
exit;

[- 23. May: 3DES stats updated: additional 20% speedup. re: https://github.com/phpseclib/phpseclib/commit/f596c577cf3a666be3818316562db90aced09330 & https://github.com/petrich/phpseclib/commit/72fa880aa2e3cbfc644115ef174516095661471e ]

From http://www.frostjedi.com/phpbb3/viewtopic.php?f=46&t=168240 :

Good job on this library.
There is one issue however, when using spl_autoload_register(). I respect the fact you want it to be compatible with php4, but it should not prevent it to be fully compatible with php5.
phpseclib uses a lot class_exists(), but it does not have the second parameter. So whenever a class does not exists autoload is called before phpseclib does the require_once, which results in several php alerts firing.
Could you make it so, on php5, the second parameter is false by default, or make it an option for using this library. This will make the library compatible on all projects.

Thank you in advance for fixing this

What are your thoughts?

In SFTP like the chmod function. Useful for syncing operations.

So pre-patch and post-patch performance can be compared.

I've just pushed Crypt/RC2.php
As far as I've tested it, it works properly in mcrypt(), inline and internal modes.
If you want to test it further or to improve it, please feel free to do so :-)
Cheers,
Patrick

More poking around. Smack me if I'm just doin' it wrong but it appears Crypt_TripleDES with MODE_3CBC is broken.

Test code:

<?php
$cipher = new Crypt_TripleDES(CRYPT_DES_MODE_3CBC);
$cipher->setKey('abcdefghijklmnopqrstuvwx');
$plaintext = "supersecret12345";
var_dump($cipher->decrypt($cipher->encrypt($plaintext)));

Expected:
string(16) "supersecret12345"

Given:
bool(false)