CCOM4030
/
artesanias
Watch 5
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Repositorio del curso CCOM4030 el semestre B91 del proyecto Artesanías con el Instituto de Cultura
8 Commits
9 Branches
Branch: Sprint1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'Sprint1'
${ noResults }
artesanias/node_modules/ssh2-streams/lib/keyParser.js

keyParser.js 47KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455 
  1. // TODO:

  2. //    * utilize `crypto.create(Private|Public)Key()` and `keyObject.export()`

  3. //    * handle multi-line header values (OpenSSH)?

  4. //    * more thorough validation?

  5. 

  6. var crypto = require('crypto');

  7. var cryptoSign = crypto.sign;

  8. var cryptoVerify = crypto.verify;

  9. var createSign = crypto.createSign;

  10. var createVerify = crypto.createVerify;

  11. var createDecipheriv = crypto.createDecipheriv;

  12. var createHash = crypto.createHash;

  13. var createHmac = crypto.createHmac;

  14. var supportedOpenSSLCiphers = crypto.getCiphers();

  15. 

  16. var utils;

  17. var Ber = require('asn1').Ber;

  18. var bcrypt_pbkdf = require('bcrypt-pbkdf').pbkdf;

  19. 

  20. var bufferHelpers = require('./buffer-helpers');

  21. var readUInt32BE = bufferHelpers.readUInt32BE;

  22. var writeUInt32BE = bufferHelpers.writeUInt32BE;

  23. var constants = require('./constants');

  24. var SUPPORTED_CIPHER = constants.ALGORITHMS.SUPPORTED_CIPHER;

  25. var CIPHER_INFO = constants.CIPHER_INFO;

  26. var SSH_TO_OPENSSL = constants.SSH_TO_OPENSSL;

  27. var EDDSA_SUPPORTED = constants.EDDSA_SUPPORTED;

  28. 

  29. var SYM_HASH_ALGO = Symbol('Hash Algorithm');

  30. var SYM_PRIV_PEM = Symbol('Private key PEM');

  31. var SYM_PUB_PEM = Symbol('Public key PEM');

  32. var SYM_PUB_SSH = Symbol('Public key SSH');

  33. var SYM_DECRYPTED = Symbol('Decrypted Key');

  34. 

  35. // Create OpenSSL cipher name -> SSH cipher name conversion table

  36. var CIPHER_INFO_OPENSSL = Object.create(null);

  37. (function() {

  38.   var keys = Object.keys(CIPHER_INFO);

  39.   for (var i = 0; i < keys.length; ++i) {

  40.     var cipherName = SSH_TO_OPENSSL[keys[i]];

  41.     if (!cipherName || CIPHER_INFO_OPENSSL[cipherName])

  42.       continue;

  43.     CIPHER_INFO_OPENSSL[cipherName] = CIPHER_INFO[keys[i]];

  44.   }

  45. })();

  46. 

  47. var trimStart = (function() {

  48.   if (typeof String.prototype.trimStart === 'function') {

  49.     return function trimStart(str) {

  50.       return str.trimStart();

  51.     };

  52.   }

  53. 

  54.   return function trimStart(str) {

  55.     var start = 0;

  56.     for (var i = 0; i < str.length; ++i) {

  57.       switch (str.charCodeAt(i)) {

  58.         case 32: // ' '

  59.         case 9: // '\t'

  60.         case 13: // '\r'

  61.         case 10: // '\n'

  62.         case 12: // '\f'

  63.           ++start;

  64.           continue;

  65.       }

  66.       break;

  67.     }

  68.     if (start === 0)

  69.       return str;

  70.     return str.slice(start);

  71.   };

  72. })();

  73. 

  74. function makePEM(type, data) {

  75.   data = data.toString('base64');

  76.   return '-----BEGIN ' + type + ' KEY-----\n'

  77.          + data.replace(/.{64}/g, '$&\n')

  78.          + (data.length % 64 ? '\n' : '')

  79.          + '-----END ' + type + ' KEY-----';

  80. }

  81. 

  82. function combineBuffers(buf1, buf2) {

  83.   var result = Buffer.allocUnsafe(buf1.length + buf2.length);

  84.   buf1.copy(result, 0);

  85.   buf2.copy(result, buf1.length);

  86.   return result;

  87. }

  88. 

  89. function skipFields(buf, nfields) {

  90.   var bufLen = buf.length;

  91.   var pos = (buf._pos || 0);

  92.   for (var i = 0; i < nfields; ++i) {

  93.     var left = (bufLen - pos);

  94.     if (pos >= bufLen || left < 4)

  95.       return false;

  96.     var len = readUInt32BE(buf, pos);

  97.     if (left < 4 + len)

  98.       return false;

  99.     pos += 4 + len;

  100.   }

  101.   buf._pos = pos;

  102.   return true;

  103. }

  104. 

  105. function genOpenSSLRSAPub(n, e) {

  106.   var asnWriter = new Ber.Writer();

  107.   asnWriter.startSequence();

  108.     // algorithm

  109.     asnWriter.startSequence();

  110.       asnWriter.writeOID('1.2.840.113549.1.1.1'); // rsaEncryption

  111.       // algorithm parameters (RSA has none)

  112.       asnWriter.writeNull();

  113.     asnWriter.endSequence();

  114. 

  115.     // subjectPublicKey

  116.     asnWriter.startSequence(Ber.BitString);

  117.       asnWriter.writeByte(0x00);

  118.       asnWriter.startSequence();

  119.         asnWriter.writeBuffer(n, Ber.Integer);

  120.         asnWriter.writeBuffer(e, Ber.Integer);

  121.       asnWriter.endSequence();

  122.     asnWriter.endSequence();

  123.   asnWriter.endSequence();

  124.   return makePEM('PUBLIC', asnWriter.buffer);

  125. }

  126. 

  127. function genOpenSSHRSAPub(n, e) {

  128.   var publicKey = Buffer.allocUnsafe(4 + 7 // "ssh-rsa"

  129.                                      + 4 + n.length

  130.                                      + 4 + e.length);

  131. 

  132.   writeUInt32BE(publicKey, 7, 0);

  133.   publicKey.write('ssh-rsa', 4, 7, 'ascii');

  134. 

  135.   var i = 4 + 7;

  136.   writeUInt32BE(publicKey, e.length, i);

  137.   e.copy(publicKey, i += 4);

  138. 

  139.   writeUInt32BE(publicKey, n.length, i += e.length);

  140.   n.copy(publicKey, i + 4);

  141. 

  142.   return publicKey;

  143. }

  144. 

  145. var genOpenSSLRSAPriv = (function() {

  146.   function genRSAASN1Buf(n, e, d, p, q, dmp1, dmq1, iqmp) {

  147.     var asnWriter = new Ber.Writer();

  148.     asnWriter.startSequence();

  149.       asnWriter.writeInt(0x00, Ber.Integer);

  150.       asnWriter.writeBuffer(n, Ber.Integer);

  151.       asnWriter.writeBuffer(e, Ber.Integer);

  152.       asnWriter.writeBuffer(d, Ber.Integer);

  153.       asnWriter.writeBuffer(p, Ber.Integer);

  154.       asnWriter.writeBuffer(q, Ber.Integer);

  155.       asnWriter.writeBuffer(dmp1, Ber.Integer);

  156.       asnWriter.writeBuffer(dmq1, Ber.Integer);

  157.       asnWriter.writeBuffer(iqmp, Ber.Integer);

  158.     asnWriter.endSequence();

  159.     return asnWriter.buffer;

  160.   }

  161. 

  162.   function bigIntFromBuffer(buf) {

  163.     return BigInt('0x' + buf.toString('hex'));

  164.   }

  165. 

  166.   function bigIntToBuffer(bn) {

  167.     var hex = bn.toString(16);

  168.     if ((hex.length & 1) !== 0) {

  169.       hex = '0' + hex;

  170.     } else {

  171.       var sigbit = hex.charCodeAt(0);

  172.       // BER/DER integers require leading zero byte to denote a positive value

  173.       // when first byte >= 0x80

  174.       if (sigbit === 56 || (sigbit >= 97 && sigbit <= 102))

  175.         hex = '00' + hex;

  176.     }

  177.     return Buffer.from(hex, 'hex');

  178.   }

  179. 

  180.   // Feature detect native BigInt availability and use it when possible

  181.   try {

  182.     var code = [

  183.       'return function genOpenSSLRSAPriv(n, e, d, iqmp, p, q) {',

  184.       '  var bn_d = bigIntFromBuffer(d);',

  185.       '  var dmp1 = bigIntToBuffer(bn_d % (bigIntFromBuffer(p) - 1n));',

  186.       '  var dmq1 = bigIntToBuffer(bn_d % (bigIntFromBuffer(q) - 1n));',

  187.       '  return makePEM(\'RSA PRIVATE\', '

  188.         + 'genRSAASN1Buf(n, e, d, p, q, dmp1, dmq1, iqmp));',

  189.       '};'

  190.     ].join('\n');

  191.     return new Function(

  192.       'bigIntFromBuffer, bigIntToBuffer, makePEM, genRSAASN1Buf',

  193.       code

  194.     )(bigIntFromBuffer, bigIntToBuffer, makePEM, genRSAASN1Buf);

  195.   } catch (ex) {

  196.     return (function() {

  197.       var BigInteger = require('./jsbn.js');

  198.       return function genOpenSSLRSAPriv(n, e, d, iqmp, p, q) {

  199.         var pbi = new BigInteger(p, 256);

  200.         var qbi = new BigInteger(q, 256);

  201.         var dbi = new BigInteger(d, 256);

  202.         var dmp1bi = dbi.mod(pbi.subtract(BigInteger.ONE));

  203.         var dmq1bi = dbi.mod(qbi.subtract(BigInteger.ONE));

  204.         var dmp1 = Buffer.from(dmp1bi.toByteArray());

  205.         var dmq1 = Buffer.from(dmq1bi.toByteArray());

  206.         return makePEM('RSA PRIVATE',

  207.                        genRSAASN1Buf(n, e, d, p, q, dmp1, dmq1, iqmp));

  208.       };

  209.     })();

  210.   }

  211. })();

  212. 

  213. function genOpenSSLDSAPub(p, q, g, y) {

  214.   var asnWriter = new Ber.Writer();

  215.   asnWriter.startSequence();

  216.     // algorithm

  217.     asnWriter.startSequence();

  218.       asnWriter.writeOID('1.2.840.10040.4.1'); // id-dsa

  219.       // algorithm parameters

  220.       asnWriter.startSequence();

  221.         asnWriter.writeBuffer(p, Ber.Integer);

  222.         asnWriter.writeBuffer(q, Ber.Integer);

  223.         asnWriter.writeBuffer(g, Ber.Integer);

  224.       asnWriter.endSequence();

  225.     asnWriter.endSequence();

  226. 

  227.     // subjectPublicKey

  228.     asnWriter.startSequence(Ber.BitString);

  229.       asnWriter.writeByte(0x00);

  230.       asnWriter.writeBuffer(y, Ber.Integer);

  231.     asnWriter.endSequence();

  232.   asnWriter.endSequence();

  233.   return makePEM('PUBLIC', asnWriter.buffer);

  234. }

  235. 

  236. function genOpenSSHDSAPub(p, q, g, y) {

  237.   var publicKey = Buffer.allocUnsafe(4 + 7 // ssh-dss

  238.                                      + 4 + p.length

  239.                                      + 4 + q.length

  240.                                      + 4 + g.length

  241.                                      + 4 + y.length);

  242. 

  243.   writeUInt32BE(publicKey, 7, 0);

  244.   publicKey.write('ssh-dss', 4, 7, 'ascii');

  245. 

  246.   var i = 4 + 7;

  247.   writeUInt32BE(publicKey, p.length, i);

  248.   p.copy(publicKey, i += 4);

  249. 

  250.   writeUInt32BE(publicKey, q.length, i += p.length);

  251.   q.copy(publicKey, i += 4);

  252. 

  253.   writeUInt32BE(publicKey, g.length, i += q.length);

  254.   g.copy(publicKey, i += 4);

  255. 

  256.   writeUInt32BE(publicKey, y.length, i += g.length);

  257.   y.copy(publicKey, i + 4);

  258. 

  259.   return publicKey;

  260. }

  261. 

  262. function genOpenSSLDSAPriv(p, q, g, y, x) {

  263.   var asnWriter = new Ber.Writer();

  264.   asnWriter.startSequence();

  265.     asnWriter.writeInt(0x00, Ber.Integer);

  266.     asnWriter.writeBuffer(p, Ber.Integer);

  267.     asnWriter.writeBuffer(q, Ber.Integer);

  268.     asnWriter.writeBuffer(g, Ber.Integer);

  269.     asnWriter.writeBuffer(y, Ber.Integer);

  270.     asnWriter.writeBuffer(x, Ber.Integer);

  271.   asnWriter.endSequence();

  272.   return makePEM('DSA PRIVATE', asnWriter.buffer);

  273. }

  274. 

  275. function genOpenSSLEdPub(pub) {

  276.   var asnWriter = new Ber.Writer();

  277.   asnWriter.startSequence();

  278.     // algorithm

  279.     asnWriter.startSequence();

  280.       asnWriter.writeOID('1.3.101.112'); // id-Ed25519

  281.     asnWriter.endSequence();

  282. 

  283.     // PublicKey

  284.     asnWriter.startSequence(Ber.BitString);

  285.       asnWriter.writeByte(0x00);

  286.       // XXX: hack to write a raw buffer without a tag -- yuck

  287.       asnWriter._ensure(pub.length);

  288.       pub.copy(asnWriter._buf, asnWriter._offset, 0, pub.length);

  289.       asnWriter._offset += pub.length;

  290.     asnWriter.endSequence();

  291.   asnWriter.endSequence();

  292.   return makePEM('PUBLIC', asnWriter.buffer);

  293. }

  294. 

  295. function genOpenSSHEdPub(pub) {

  296.   var publicKey = Buffer.allocUnsafe(4 + 11 // ssh-ed25519

  297.                                      + 4 + pub.length);

  298. 

  299.   writeUInt32BE(publicKey, 11, 0);

  300.   publicKey.write('ssh-ed25519', 4, 11, 'ascii');

  301. 

  302.   writeUInt32BE(publicKey, pub.length, 15);

  303.   pub.copy(publicKey, 19);

  304. 

  305.   return publicKey;

  306. }

  307. 

  308. function genOpenSSLEdPriv(priv) {

  309.   var asnWriter = new Ber.Writer();

  310.   asnWriter.startSequence();

  311.     // version

  312.     asnWriter.writeInt(0x00, Ber.Integer);

  313. 

  314.     // algorithm

  315.     asnWriter.startSequence();

  316.       asnWriter.writeOID('1.3.101.112'); // id-Ed25519

  317.     asnWriter.endSequence();

  318. 

  319.     // PrivateKey

  320.     asnWriter.startSequence(Ber.OctetString);

  321.       asnWriter.writeBuffer(priv, Ber.OctetString);

  322.     asnWriter.endSequence();

  323.   asnWriter.endSequence();

  324.   return makePEM('PRIVATE', asnWriter.buffer);

  325. }

  326. 

  327. function genOpenSSLECDSAPub(oid, Q) {

  328.   var asnWriter = new Ber.Writer();

  329.   asnWriter.startSequence();

  330.     // algorithm

  331.     asnWriter.startSequence();

  332.       asnWriter.writeOID('1.2.840.10045.2.1'); // id-ecPublicKey

  333.       // algorithm parameters (namedCurve)

  334.       asnWriter.writeOID(oid);

  335.     asnWriter.endSequence();

  336. 

  337.     // subjectPublicKey

  338.     asnWriter.startSequence(Ber.BitString);

  339.       asnWriter.writeByte(0x00);

  340.       // XXX: hack to write a raw buffer without a tag -- yuck

  341.       asnWriter._ensure(Q.length);

  342.       Q.copy(asnWriter._buf, asnWriter._offset, 0, Q.length);

  343.       asnWriter._offset += Q.length;

  344.       // end hack

  345.     asnWriter.endSequence();

  346.   asnWriter.endSequence();

  347.   return makePEM('PUBLIC', asnWriter.buffer);

  348. }

  349. 

  350. function genOpenSSHECDSAPub(oid, Q) {

  351.   var curveName;

  352.   switch (oid) {

  353.     case '1.2.840.10045.3.1.7':

  354.       // prime256v1/secp256r1

  355.       curveName = 'nistp256';

  356.       break;

  357.     case '1.3.132.0.34':

  358.       // secp384r1

  359.       curveName = 'nistp384';

  360.       break;

  361.     case '1.3.132.0.35':

  362.       // secp521r1

  363.       curveName = 'nistp521';

  364.       break;

  365.     default:

  366.       return;

  367.   }

  368. 

  369.   var publicKey = Buffer.allocUnsafe(4 + 19 // ecdsa-sha2-<curve name>

  370.                                      + 4 + 8 // <curve name>

  371.                                      + 4 + Q.length);

  372. 

  373.   writeUInt32BE(publicKey, 19, 0);

  374.   publicKey.write('ecdsa-sha2-' + curveName, 4, 19, 'ascii');

  375. 

  376.   writeUInt32BE(publicKey, 8, 23);

  377.   publicKey.write(curveName, 27, 8, 'ascii');

  378. 

  379.   writeUInt32BE(publicKey, Q.length, 35);

  380.   Q.copy(publicKey, 39);

  381. 

  382.   return publicKey;

  383. }

  384. 

  385. function genOpenSSLECDSAPriv(oid, pub, priv) {

  386.   var asnWriter = new Ber.Writer();

  387.   asnWriter.startSequence();

  388.     // version

  389.     asnWriter.writeInt(0x01, Ber.Integer);

  390.     // privateKey

  391.     asnWriter.writeBuffer(priv, Ber.OctetString);

  392.     // parameters (optional)

  393.     asnWriter.startSequence(0xA0);

  394.       asnWriter.writeOID(oid);

  395.     asnWriter.endSequence();

  396.     // publicKey (optional)

  397.     asnWriter.startSequence(0xA1);

  398.       asnWriter.startSequence(Ber.BitString);

  399.         asnWriter.writeByte(0x00);

  400.         // XXX: hack to write a raw buffer without a tag -- yuck

  401.         asnWriter._ensure(pub.length);

  402.         pub.copy(asnWriter._buf, asnWriter._offset, 0, pub.length);

  403.         asnWriter._offset += pub.length;

  404.         // end hack

  405.       asnWriter.endSequence();

  406.     asnWriter.endSequence();

  407.   asnWriter.endSequence();

  408.   return makePEM('EC PRIVATE', asnWriter.buffer);

  409. }

  410. 

  411. function genOpenSSLECDSAPubFromPriv(curveName, priv) {

  412.   var tempECDH = crypto.createECDH(curveName);

  413.   tempECDH.setPrivateKey(priv);

  414.   return tempECDH.getPublicKey();

  415. }

  416. 

  417. var baseKeySign = (function() {

  418.   if (typeof cryptoSign === 'function') {

  419.     return function sign(data) {

  420.       var pem = this[SYM_PRIV_PEM];

  421.       if (pem === null)

  422.         return new Error('No private key available');

  423.       try {

  424.         return cryptoSign(this[SYM_HASH_ALGO], data, pem);

  425.       } catch (ex) {

  426.         return ex;

  427.       }

  428.     };

  429.   } else {

  430.     function trySign(signature, privKey) {

  431.       try {

  432.         return signature.sign(privKey);

  433.       } catch (ex) {

  434.         return ex;

  435.       }

  436.     }

  437. 

  438.     return function sign(data) {

  439.       var pem = this[SYM_PRIV_PEM];

  440.       if (pem === null)

  441.         return new Error('No private key available');

  442.       var signature = createSign(this[SYM_HASH_ALGO]);

  443.       signature.update(data);

  444.       return trySign(signature, pem);

  445.     };

  446.   }

  447. })();

  448. 

  449. var baseKeyVerify = (function() {

  450.   if (typeof cryptoVerify === 'function') {

  451.     return function verify(data, signature) {

  452.       var pem = this[SYM_PUB_PEM];

  453.       if (pem === null)

  454.         return new Error('No public key available');

  455.       try {

  456.         return cryptoVerify(this[SYM_HASH_ALGO], data, pem, signature);

  457.       } catch (ex) {

  458.         return ex;

  459.       }

  460.     };

  461.   } else {

  462.     function tryVerify(verifier, pubKey, signature) {

  463.       try {

  464.         return verifier.verify(pubKey, signature);

  465.       } catch (ex) {

  466.         return ex;

  467.       }

  468.     }

  469. 

  470.     return function verify(data, signature) {

  471.       var pem = this[SYM_PUB_PEM];

  472.       if (pem === null)

  473.         return new Error('No public key available');

  474.       var verifier = createVerify(this[SYM_HASH_ALGO]);

  475.       verifier.update(data);

  476.       return tryVerify(verifier, pem, signature);

  477.     };

  478.   }

  479. })();

  480. 

  481. var BaseKey = {

  482.   sign: baseKeySign,

  483.   verify: baseKeyVerify,

  484.   getPrivatePEM: function getPrivatePEM() {

  485.     return this[SYM_PRIV_PEM];

  486.   },

  487.   getPublicPEM: function getPublicPEM() {

  488.     return this[SYM_PUB_PEM];

  489.   },

  490.   getPublicSSH: function getPublicSSH() {

  491.     return this[SYM_PUB_SSH];

  492.   },

  493. };

  494. 

  495. 

  496. 

  497. function OpenSSH_Private(type, comment, privPEM, pubPEM, pubSSH, algo, decrypted) {

  498.   this.type = type;

  499.   this.comment = comment;

  500.   this[SYM_PRIV_PEM] = privPEM;

  501.   this[SYM_PUB_PEM] = pubPEM;

  502.   this[SYM_PUB_SSH] = pubSSH;

  503.   this[SYM_HASH_ALGO] = algo;

  504.   this[SYM_DECRYPTED] = decrypted;

  505. }

  506. OpenSSH_Private.prototype = BaseKey;

  507. (function() {

  508.   var regexp = /^-----BEGIN OPENSSH PRIVATE KEY-----(?:\r\n|\n)([\s\S]+)(?:\r\n|\n)-----END OPENSSH PRIVATE KEY-----$/;

  509.   OpenSSH_Private.parse = function(str, passphrase) {

  510.     var m = regexp.exec(str);

  511.     if (m === null)

  512.       return null;

  513.     var ret;

  514.     var data = Buffer.from(m[1], 'base64');

  515.     if (data.length < 31) // magic (+ magic null term.) + minimum field lengths

  516.       return new Error('Malformed OpenSSH private key');

  517.     var magic = data.toString('ascii', 0, 15);

  518.     if (magic !== 'openssh-key-v1\0')

  519.       return new Error('Unsupported OpenSSH key magic: ' + magic);

  520. 

  521.     // avoid cyclic require by requiring on first use

  522.     if (!utils)

  523.       utils = require('./utils');

  524. 

  525.     var cipherName = utils.readString(data, 15, 'ascii');

  526.     if (cipherName === false)

  527.       return new Error('Malformed OpenSSH private key');

  528.     if (cipherName !== 'none' && SUPPORTED_CIPHER.indexOf(cipherName) === -1)

  529.       return new Error('Unsupported cipher for OpenSSH key: ' + cipherName);

  530. 

  531.     var kdfName = utils.readString(data, data._pos, 'ascii');

  532.     if (kdfName === false)

  533.       return new Error('Malformed OpenSSH private key');

  534.     if (kdfName !== 'none') {

  535.       if (cipherName === 'none')

  536.         return new Error('Malformed OpenSSH private key');

  537.       if (kdfName !== 'bcrypt')

  538.         return new Error('Unsupported kdf name for OpenSSH key: ' + kdfName);

  539.       if (!passphrase) {

  540.         return new Error(

  541.           'Encrypted private OpenSSH key detected, but no passphrase given'

  542.         );

  543.       }

  544.     } else if (cipherName !== 'none') {

  545.       return new Error('Malformed OpenSSH private key');

  546.     }

  547. 

  548.     var encInfo;

  549.     var cipherKey;

  550.     var cipherIV;

  551.     if (cipherName !== 'none')

  552.       encInfo = CIPHER_INFO[cipherName];

  553.     var kdfOptions = utils.readString(data, data._pos);

  554.     if (kdfOptions === false)

  555.       return new Error('Malformed OpenSSH private key');

  556.     if (kdfOptions.length) {

  557.       switch (kdfName) {

  558.         case 'none':

  559.           return new Error('Malformed OpenSSH private key');

  560.         case 'bcrypt':

  561.           /*

  562.             string salt

  563.             uint32 rounds

  564.           */

  565.           var salt = utils.readString(kdfOptions, 0);

  566.           if (salt === false || kdfOptions._pos + 4 > kdfOptions.length)

  567.             return new Error('Malformed OpenSSH private key');

  568.           var rounds = readUInt32BE(kdfOptions, kdfOptions._pos);

  569.           var gen = Buffer.allocUnsafe(encInfo.keyLen + encInfo.ivLen);

  570.           var r = bcrypt_pbkdf(passphrase,

  571.                                passphrase.length,

  572.                                salt,

  573.                                salt.length,

  574.                                gen,

  575.                                gen.length,

  576.                                rounds);

  577.           if (r !== 0)

  578.             return new Error('Failed to generate information to decrypt key');

  579.           cipherKey = gen.slice(0, encInfo.keyLen);

  580.           cipherIV = gen.slice(encInfo.keyLen);

  581.           break;

  582.       }

  583.     } else if (kdfName !== 'none') {

  584.       return new Error('Malformed OpenSSH private key');

  585.     }

  586. 

  587.     var keyCount = utils.readInt(data, data._pos);

  588.     if (keyCount === false)

  589.       return new Error('Malformed OpenSSH private key');

  590.     data._pos += 4;

  591. 

  592.     if (keyCount > 0) {

  593.       // TODO: place sensible limit on max `keyCount`

  594. 

  595.       // Read public keys first

  596.       for (var i = 0; i < keyCount; ++i) {

  597.         var pubData = utils.readString(data, data._pos);

  598.         if (pubData === false)

  599.           return new Error('Malformed OpenSSH private key');

  600.         var type = utils.readString(pubData, 0, 'ascii');

  601.         if (type === false)

  602.           return new Error('Malformed OpenSSH private key');

  603.       }

  604. 

  605.       var privBlob = utils.readString(data, data._pos);

  606.       if (privBlob === false)

  607.         return new Error('Malformed OpenSSH private key');

  608. 

  609.       if (cipherKey !== undefined) {

  610.         // encrypted private key(s)

  611.         if (privBlob.length < encInfo.blockLen

  612.             || (privBlob.length % encInfo.blockLen) !== 0) {

  613.           return new Error('Malformed OpenSSH private key');

  614.         }

  615.         try {

  616.           var options = { authTagLength: encInfo.authLen };

  617.           var decipher = createDecipheriv(SSH_TO_OPENSSL[cipherName],

  618.                                           cipherKey,

  619.                                           cipherIV,

  620.                                           options);

  621.           if (encInfo.authLen > 0) {

  622.             if (data.length - data._pos < encInfo.authLen)

  623.               return new Error('Malformed OpenSSH private key');

  624.             decipher.setAuthTag(

  625.               data.slice(data._pos, data._pos += encInfo.authLen)

  626.             );

  627.           }

  628.           privBlob = combineBuffers(decipher.update(privBlob),

  629.                                     decipher.final());

  630.         } catch (ex) {

  631.           return ex;

  632.         }

  633.       }

  634.       // Nothing should we follow the private key(s), except a possible

  635.       // authentication tag for relevant ciphers

  636.       if (data._pos !== data.length)

  637.         return new Error('Malformed OpenSSH private key');

  638. 

  639.       ret = parseOpenSSHPrivKeys(privBlob, keyCount, cipherKey !== undefined);

  640.     } else {

  641.       ret = [];

  642.     }

  643.     return ret;

  644.   };

  645. 

  646.   function parseOpenSSHPrivKeys(data, nkeys, decrypted) {

  647.     var keys = [];

  648.     /*

  649.       uint32	checkint

  650.       uint32	checkint

  651.       string	privatekey1

  652.       string	comment1

  653.       string	privatekey2

  654.       string	comment2

  655.       ...

  656.       string	privatekeyN

  657.       string	commentN

  658.       char	1

  659.       char	2

  660.       char	3

  661.       ...

  662.       char	padlen % 255

  663.     */

  664.     if (data.length < 8)

  665.       return new Error('Malformed OpenSSH private key');

  666.     var check1 = readUInt32BE(data, 0);

  667.     var check2 = readUInt32BE(data, 4);

  668.     if (check1 !== check2) {

  669.       if (decrypted)

  670.         return new Error('OpenSSH key integrity check failed -- bad passphrase?');

  671.       return new Error('OpenSSH key integrity check failed');

  672.     }

  673.     data._pos = 8;

  674.     var i;

  675.     var oid;

  676.     for (i = 0; i < nkeys; ++i) {

  677.       var algo = undefined;

  678.       var privPEM = undefined;

  679.       var pubPEM = undefined;

  680.       var pubSSH = undefined;

  681.       // The OpenSSH documentation for the key format actually lies, the entirety

  682.       // of the private key content is not contained with a string field, it's

  683.       // actually the literal contents of the private key, so to be able to find

  684.       // the end of the key data you need to know the layout/format of each key

  685.       // type ...

  686.       var type = utils.readString(data, data._pos, 'ascii');

  687.       if (type === false)

  688.         return new Error('Malformed OpenSSH private key');

  689. 

  690.       switch (type) {

  691.         case 'ssh-rsa':

  692.           /*

  693.             string  n -- public

  694.             string  e -- public

  695.             string  d -- private

  696.             string  iqmp -- private

  697.             string  p -- private

  698.             string  q -- private

  699.           */

  700.           var n = utils.readString(data, data._pos);

  701.           if (n === false)

  702.             return new Error('Malformed OpenSSH private key');

  703.           var e = utils.readString(data, data._pos);

  704.           if (e === false)

  705.             return new Error('Malformed OpenSSH private key');

  706.           var d = utils.readString(data, data._pos);

  707.           if (d === false)

  708.             return new Error('Malformed OpenSSH private key');

  709.           var iqmp = utils.readString(data, data._pos);

  710.           if (iqmp === false)

  711.             return new Error('Malformed OpenSSH private key');

  712.           var p = utils.readString(data, data._pos);

  713.           if (p === false)

  714.             return new Error('Malformed OpenSSH private key');

  715.           var q = utils.readString(data, data._pos);

  716.           if (q === false)

  717.             return new Error('Malformed OpenSSH private key');

  718. 

  719.           pubPEM = genOpenSSLRSAPub(n, e);

  720.           pubSSH = genOpenSSHRSAPub(n, e);

  721.           privPEM = genOpenSSLRSAPriv(n, e, d, iqmp, p, q);

  722.           algo = 'sha1';

  723.           break;

  724.         case 'ssh-dss':

  725.           /*

  726.             string  p -- public

  727.             string  q -- public

  728.             string  g -- public

  729.             string  y -- public

  730.             string  x -- private

  731.           */

  732.           var p = utils.readString(data, data._pos);

  733.           if (p === false)

  734.             return new Error('Malformed OpenSSH private key');

  735.           var q = utils.readString(data, data._pos);

  736.           if (q === false)

  737.             return new Error('Malformed OpenSSH private key');

  738.           var g = utils.readString(data, data._pos);

  739.           if (g === false)

  740.             return new Error('Malformed OpenSSH private key');

  741.           var y = utils.readString(data, data._pos);

  742.           if (y === false)

  743.             return new Error('Malformed OpenSSH private key');

  744.           var x = utils.readString(data, data._pos);

  745.           if (x === false)

  746.             return new Error('Malformed OpenSSH private key');

  747. 

  748.           pubPEM = genOpenSSLDSAPub(p, q, g, y);

  749.           pubSSH = genOpenSSHDSAPub(p, q, g, y);

  750.           privPEM = genOpenSSLDSAPriv(p, q, g, y, x);

  751.           algo = 'sha1';

  752.           break;

  753.         case 'ssh-ed25519':

  754.           if (!EDDSA_SUPPORTED)

  755.             return new Error('Unsupported OpenSSH private key type: ' + type);

  756.           /*

  757.             * string  public key

  758.             * string  private key + public key

  759.           */

  760.           var edpub = utils.readString(data, data._pos);

  761.           if (edpub === false || edpub.length !== 32)

  762.             return new Error('Malformed OpenSSH private key');

  763.           var edpriv = utils.readString(data, data._pos);

  764.           if (edpriv === false || edpriv.length !== 64)

  765.             return new Error('Malformed OpenSSH private key');

  766. 

  767.           pubPEM = genOpenSSLEdPub(edpub);

  768.           pubSSH = genOpenSSHEdPub(edpub);

  769.           privPEM = genOpenSSLEdPriv(edpriv.slice(0, 32));

  770.           algo = null;

  771.           break;

  772.         case 'ecdsa-sha2-nistp256':

  773.           algo = 'sha256';

  774.           oid = '1.2.840.10045.3.1.7';

  775.         case 'ecdsa-sha2-nistp384':

  776.           if (algo === undefined) {

  777.             algo = 'sha384';

  778.             oid = '1.3.132.0.34';

  779.           }

  780.         case 'ecdsa-sha2-nistp521':

  781.           if (algo === undefined) {

  782.             algo = 'sha512';

  783.             oid = '1.3.132.0.35';

  784.           }

  785.           /*

  786.             string  curve name

  787.             string  Q -- public

  788.             string  d -- private

  789.           */

  790.           // TODO: validate curve name against type

  791.           if (!skipFields(data, 1)) // Skip curve name

  792.             return new Error('Malformed OpenSSH private key');

  793.           var ecpub = utils.readString(data, data._pos);

  794.           if (ecpub === false)

  795.             return new Error('Malformed OpenSSH private key');

  796.           var ecpriv = utils.readString(data, data._pos);

  797.           if (ecpriv === false)

  798.             return new Error('Malformed OpenSSH private key');

  799. 

  800.           pubPEM = genOpenSSLECDSAPub(oid, ecpub);

  801.           pubSSH = genOpenSSHECDSAPub(oid, ecpub);

  802.           privPEM = genOpenSSLECDSAPriv(oid, ecpub, ecpriv);

  803.           break;

  804.         default:

  805.           return new Error('Unsupported OpenSSH private key type: ' + type);

  806.       }

  807. 

  808.       var privComment = utils.readString(data, data._pos, 'utf8');

  809.       if (privComment === false)

  810.         return new Error('Malformed OpenSSH private key');

  811. 

  812.       keys.push(

  813.         new OpenSSH_Private(type, privComment, privPEM, pubPEM, pubSSH, algo,

  814.                             decrypted)

  815.       );

  816.     }

  817.     var cnt = 0;

  818.     for (i = data._pos; i < data.length; ++i) {

  819.       if (data[i] !== (++cnt % 255))

  820.         return new Error('Malformed OpenSSH private key');

  821.     }

  822. 

  823.     return keys;

  824.   }

  825. })();

  826. 

  827. 

  828. 

  829. function OpenSSH_Old_Private(type, comment, privPEM, pubPEM, pubSSH, algo, decrypted) {

  830.   this.type = type;

  831.   this.comment = comment;

  832.   this[SYM_PRIV_PEM] = privPEM;

  833.   this[SYM_PUB_PEM] = pubPEM;

  834.   this[SYM_PUB_SSH] = pubSSH;

  835.   this[SYM_HASH_ALGO] = algo;

  836.   this[SYM_DECRYPTED] = decrypted;

  837. }

  838. OpenSSH_Old_Private.prototype = BaseKey;

  839. (function() {

  840.   var regexp = /^-----BEGIN (RSA|DSA|EC) PRIVATE KEY-----(?:\r\n|\n)((?:[^:]+:\s*[\S].*(?:\r\n|\n))*)([\s\S]+)(?:\r\n|\n)-----END (RSA|DSA|EC) PRIVATE KEY-----$/;

  841.   OpenSSH_Old_Private.parse = function(str, passphrase) {

  842.     var m = regexp.exec(str);

  843.     if (m === null)

  844.       return null;

  845.     var privBlob = Buffer.from(m[3], 'base64');

  846.     var headers = m[2];

  847.     var decrypted = false;

  848.     if (headers !== undefined) {

  849.       // encrypted key

  850.       headers = headers.split(/\r\n|\n/g);

  851.       for (var i = 0; i < headers.length; ++i) {

  852.         var header = headers[i];

  853.         var sepIdx = header.indexOf(':');

  854.         if (header.slice(0, sepIdx) === 'DEK-Info') {

  855.           var val = header.slice(sepIdx + 2);

  856.           sepIdx = val.indexOf(',');

  857.           if (sepIdx === -1)

  858.             continue;

  859.           var cipherName = val.slice(0, sepIdx).toLowerCase();

  860.           if (supportedOpenSSLCiphers.indexOf(cipherName) === -1) {

  861.             return new Error(

  862.               'Cipher ('

  863.               + cipherName

  864.               + ') not supported for encrypted OpenSSH private key'

  865.             );

  866.           }

  867.           var encInfo = CIPHER_INFO_OPENSSL[cipherName];

  868.           if (!encInfo) {

  869.             return new Error(

  870.               'Cipher ('

  871.               + cipherName

  872.               + ') not supported for encrypted OpenSSH private key'

  873.             );

  874.           }

  875.           var cipherIV = Buffer.from(val.slice(sepIdx + 1), 'hex');

  876.           if (cipherIV.length !== encInfo.ivLen)

  877.             return new Error('Malformed encrypted OpenSSH private key');

  878.           if (!passphrase) {

  879.             return new Error(

  880.               'Encrypted OpenSSH private key detected, but no passphrase given'

  881.             );

  882.           }

  883.           var cipherKey = createHash('md5')

  884.                             .update(passphrase)

  885.                             .update(cipherIV.slice(0, 8))

  886.                             .digest();

  887.           while (cipherKey.length < encInfo.keyLen) {

  888.             cipherKey = combineBuffers(

  889.               cipherKey,

  890.               (createHash('md5')

  891.                 .update(cipherKey)

  892.                 .update(passphrase)

  893.                 .update(cipherIV)

  894.                 .digest()).slice(0, 8)

  895.             );

  896.           }

  897.           if (cipherKey.length > encInfo.keyLen)

  898.             cipherKey = cipherKey.slice(0, encInfo.keyLen);

  899.           try {

  900.             var decipher = createDecipheriv(cipherName, cipherKey, cipherIV);

  901.             decipher.setAutoPadding(false);

  902.             privBlob = combineBuffers(decipher.update(privBlob),

  903.                                       decipher.final());

  904.             decrypted = true;

  905.           } catch (ex) {

  906.             return ex;

  907.           }

  908.         }

  909.       }

  910.     }

  911. 

  912.     var type;

  913.     var privPEM;

  914.     var pubPEM;

  915.     var pubSSH;

  916.     var algo;

  917.     var reader;

  918.     var errMsg = 'Malformed OpenSSH private key';

  919.     if (decrypted)

  920.       errMsg += '. Bad passphrase?';

  921.     switch (m[1]) {

  922.       case 'RSA':

  923.         type = 'ssh-rsa';

  924.         privPEM = makePEM('RSA PRIVATE', privBlob);

  925.         try {

  926.           reader = new Ber.Reader(privBlob);

  927.           reader.readSequence();

  928.           reader.readInt(); // skip version

  929.           var n = reader.readString(Ber.Integer, true);

  930.           if (n === null)

  931.             return new Error(errMsg);

  932.           var e = reader.readString(Ber.Integer, true);

  933.           if (e === null)

  934.             return new Error(errMsg);

  935.           pubPEM = genOpenSSLRSAPub(n, e);

  936.           pubSSH = genOpenSSHRSAPub(n, e);

  937.         } catch (ex) {

  938.           return new Error(errMsg);

  939.         }

  940.         algo = 'sha1';

  941.         break;

  942.       case 'DSA':

  943.         type = 'ssh-dss';

  944.         privPEM = makePEM('DSA PRIVATE', privBlob);

  945.         try {

  946.           reader = new Ber.Reader(privBlob);

  947.           reader.readSequence();

  948.           reader.readInt(); // skip version

  949.           var p = reader.readString(Ber.Integer, true);

  950.           if (p === null)

  951.             return new Error(errMsg);

  952.           var q = reader.readString(Ber.Integer, true);

  953.           if (q === null)

  954.             return new Error(errMsg);

  955.           var g = reader.readString(Ber.Integer, true);

  956.           if (g === null)

  957.             return new Error(errMsg);

  958.           var y = reader.readString(Ber.Integer, true);

  959.           if (y === null)

  960.             return new Error(errMsg);

  961.           pubPEM = genOpenSSLDSAPub(p, q, g, y);

  962.           pubSSH = genOpenSSHDSAPub(p, q, g, y);

  963.         } catch (ex) {

  964.           return new Error(errMsg);

  965.         }

  966.         algo = 'sha1';

  967.         break;

  968.       case 'EC':

  969.         var ecSSLName;

  970.         var ecPriv;

  971.         try {

  972.           reader = new Ber.Reader(privBlob);

  973.           reader.readSequence();

  974.           reader.readInt(); // skip version

  975.           ecPriv = reader.readString(Ber.OctetString, true);

  976.           reader.readByte(); // Skip "complex" context type byte

  977.           var offset = reader.readLength(); // Skip context length

  978.           if (offset !== null) {

  979.             reader._offset = offset;

  980.             var oid = reader.readOID();

  981.             if (oid === null)

  982.               return new Error(errMsg);

  983.             switch (oid) {

  984.               case '1.2.840.10045.3.1.7':

  985.                 // prime256v1/secp256r1

  986.                 ecSSLName = 'prime256v1';

  987.                 type = 'ecdsa-sha2-nistp256';

  988.                 algo = 'sha256';

  989.                 break;

  990.               case '1.3.132.0.34':

  991.                 // secp384r1

  992.                 ecSSLName = 'secp384r1';

  993.                 type = 'ecdsa-sha2-nistp384';

  994.                 algo = 'sha384';

  995.                 break;

  996.               case '1.3.132.0.35':

  997.                 // secp521r1

  998.                 ecSSLName = 'secp521r1';

  999.                 type = 'ecdsa-sha2-nistp521';

  1000.                 algo = 'sha512';

  1001.                 break;

  1002.               default:

  1003.                 return new Error('Unsupported private key EC OID: ' + oid);

  1004.             }

  1005.           } else {

  1006.             return new Error(errMsg);

  1007.           }

  1008.         } catch (ex) {

  1009.           return new Error(errMsg);

  1010.         }

  1011.         privPEM = makePEM('EC PRIVATE', privBlob);

  1012.         var pubBlob = genOpenSSLECDSAPubFromPriv(ecSSLName, ecPriv);

  1013.         pubPEM = genOpenSSLECDSAPub(oid, pubBlob);

  1014.         pubSSH = genOpenSSHECDSAPub(oid, pubBlob);

  1015.         break;

  1016.     }

  1017. 

  1018.     return new OpenSSH_Old_Private(type, '', privPEM, pubPEM, pubSSH, algo,

  1019.                                    decrypted);

  1020.   };

  1021. })();

  1022. 

  1023. 

  1024. 

  1025. function PPK_Private(type, comment, privPEM, pubPEM, pubSSH, algo, decrypted) {

  1026.   this.type = type;

  1027.   this.comment = comment;

  1028.   this[SYM_PRIV_PEM] = privPEM;

  1029.   this[SYM_PUB_PEM] = pubPEM;

  1030.   this[SYM_PUB_SSH] = pubSSH;

  1031.   this[SYM_HASH_ALGO] = algo;

  1032.   this[SYM_DECRYPTED] = decrypted;

  1033. }

  1034. PPK_Private.prototype = BaseKey;

  1035. (function() {

  1036.   var EMPTY_PASSPHRASE = Buffer.alloc(0);

  1037.   var PPK_IV = Buffer.from([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);

  1038.   var PPK_PP1 = Buffer.from([0, 0, 0, 0]);

  1039.   var PPK_PP2 = Buffer.from([0, 0, 0, 1]);

  1040.   var regexp = /^PuTTY-User-Key-File-2: (ssh-(?:rsa|dss))\r?\nEncryption: (aes256-cbc|none)\r?\nComment: ([^\r\n]*)\r?\nPublic-Lines: \d+\r?\n([\s\S]+?)\r?\nPrivate-Lines: \d+\r?\n([\s\S]+?)\r?\nPrivate-MAC: ([^\r\n]+)/;

  1041.   PPK_Private.parse = function(str, passphrase) {

  1042.     var m = regexp.exec(str);

  1043.     if (m === null)

  1044.       return null;

  1045.     // m[1] = key type

  1046.     // m[2] = encryption type

  1047.     // m[3] = comment

  1048.     // m[4] = base64-encoded public key data:

  1049.     //         for "ssh-rsa":

  1050.     //          string "ssh-rsa"

  1051.     //          mpint  e    (public exponent)

  1052.     //          mpint  n    (modulus)

  1053.     //         for "ssh-dss":

  1054.     //          string "ssh-dss"

  1055.     //          mpint p     (modulus)

  1056.     //          mpint q     (prime)

  1057.     //          mpint g     (base number)

  1058.     //          mpint y     (public key parameter: g^x mod p)

  1059.     // m[5] = base64-encoded private key data:

  1060.     //         for "ssh-rsa":

  1061.     //          mpint  d    (private exponent)

  1062.     //          mpint  p    (prime 1)

  1063.     //          mpint  q    (prime 2)

  1064.     //          mpint  iqmp ([inverse of q] mod p)

  1065.     //         for "ssh-dss":

  1066.     //          mpint x     (private key parameter)

  1067.     // m[6] = SHA1 HMAC over:

  1068.     //          string  name of algorithm ("ssh-dss", "ssh-rsa")

  1069.     //          string  encryption type

  1070.     //          string  comment

  1071.     //          string  public key data

  1072.     //          string  private-plaintext (including the final padding)

  1073.     var cipherName = m[2];

  1074.     var encrypted = (cipherName !== 'none');

  1075.     if (encrypted && !passphrase) {

  1076.       return new Error(

  1077.         'Encrypted PPK private key detected, but no passphrase given'

  1078.       );

  1079.     }

  1080. 

  1081.     var privBlob = Buffer.from(m[5], 'base64');

  1082. 

  1083.     if (encrypted) {

  1084.       var encInfo = CIPHER_INFO[cipherName];

  1085.       var cipherKey = combineBuffers(

  1086.         createHash('sha1').update(PPK_PP1).update(passphrase).digest(),

  1087.         createHash('sha1').update(PPK_PP2).update(passphrase).digest()

  1088.       );

  1089.       if (cipherKey.length > encInfo.keyLen)

  1090.         cipherKey = cipherKey.slice(0, encInfo.keyLen);

  1091.       try {

  1092.         var decipher = createDecipheriv(SSH_TO_OPENSSL[cipherName],

  1093.                                         cipherKey,

  1094.                                         PPK_IV);

  1095.         decipher.setAutoPadding(false);

  1096.         privBlob = combineBuffers(decipher.update(privBlob),

  1097.                                   decipher.final());

  1098.         decrypted = true;

  1099.       } catch (ex) {

  1100.         return ex;

  1101.       }

  1102.     }

  1103. 

  1104.     var type = m[1];

  1105.     var comment = m[3];

  1106.     var pubBlob = Buffer.from(m[4], 'base64');

  1107. 

  1108.     var mac = m[6];

  1109.     var typeLen = type.length;

  1110.     var cipherNameLen = cipherName.length;

  1111.     var commentLen = Buffer.byteLength(comment);

  1112.     var pubLen = pubBlob.length;

  1113.     var privLen = privBlob.length;

  1114.     var macData = Buffer.allocUnsafe(4 + typeLen

  1115.                                      + 4 + cipherNameLen

  1116.                                      + 4 + commentLen

  1117.                                      + 4 + pubLen

  1118.                                      + 4 + privLen);

  1119.     var p = 0;

  1120. 

  1121.     writeUInt32BE(macData, typeLen, p);

  1122.     macData.write(type, p += 4, typeLen, 'ascii');

  1123.     writeUInt32BE(macData, cipherNameLen, p += typeLen);

  1124.     macData.write(cipherName, p += 4, cipherNameLen, 'ascii');

  1125.     writeUInt32BE(macData, commentLen, p += cipherNameLen);

  1126.     macData.write(comment, p += 4, commentLen, 'utf8');

  1127.     writeUInt32BE(macData, pubLen, p += commentLen);

  1128.     pubBlob.copy(macData, p += 4);

  1129.     writeUInt32BE(macData, privLen, p += pubLen);

  1130.     privBlob.copy(macData, p + 4);

  1131. 

  1132.     if (!passphrase)

  1133.       passphrase = EMPTY_PASSPHRASE;

  1134. 

  1135.     var calcMAC = createHmac('sha1',

  1136.                              createHash('sha1')

  1137.                                .update('putty-private-key-file-mac-key')

  1138.                                .update(passphrase)

  1139.                                .digest())

  1140.                     .update(macData)

  1141.                     .digest('hex');

  1142. 

  1143.     if (calcMAC !== mac) {

  1144.       if (encrypted) {

  1145.         return new Error(

  1146.           'PPK private key integrity check failed -- bad passphrase?'

  1147.         );

  1148.       } else {

  1149.         return new Error('PPK private key integrity check failed');

  1150.       }

  1151.     }

  1152. 

  1153.     // avoid cyclic require by requiring on first use

  1154.     if (!utils)

  1155.       utils = require('./utils');

  1156. 

  1157.     var pubPEM;

  1158.     var pubSSH;

  1159.     var privPEM;

  1160.     pubBlob._pos = 0;

  1161.     skipFields(pubBlob, 1); // skip (duplicate) key type

  1162.     switch (type) {

  1163.       case 'ssh-rsa':

  1164.         var e = utils.readString(pubBlob, pubBlob._pos);

  1165.         if (e === false)

  1166.           return new Error('Malformed PPK public key');

  1167.         var n = utils.readString(pubBlob, pubBlob._pos);

  1168.         if (n === false)

  1169.           return new Error('Malformed PPK public key');

  1170.         var d = utils.readString(privBlob, 0);

  1171.         if (d === false)

  1172.           return new Error('Malformed PPK private key');

  1173.         var p = utils.readString(privBlob, privBlob._pos);

  1174.         if (p === false)

  1175.           return new Error('Malformed PPK private key');

  1176.         var q = utils.readString(privBlob, privBlob._pos);

  1177.         if (q === false)

  1178.           return new Error('Malformed PPK private key');

  1179.         var iqmp = utils.readString(privBlob, privBlob._pos);

  1180.         if (iqmp === false)

  1181.           return new Error('Malformed PPK private key');

  1182.         pubPEM = genOpenSSLRSAPub(n, e);

  1183.         pubSSH = genOpenSSHRSAPub(n, e);

  1184.         privPEM = genOpenSSLRSAPriv(n, e, d, iqmp, p, q);

  1185.         break;

  1186.       case 'ssh-dss':

  1187.         var p = utils.readString(pubBlob, pubBlob._pos);

  1188.         if (p === false)

  1189.           return new Error('Malformed PPK public key');

  1190.         var q = utils.readString(pubBlob, pubBlob._pos);

  1191.         if (q === false)

  1192.           return new Error('Malformed PPK public key');

  1193.         var g = utils.readString(pubBlob, pubBlob._pos);

  1194.         if (g === false)

  1195.           return new Error('Malformed PPK public key');

  1196.         var y = utils.readString(pubBlob, pubBlob._pos);

  1197.         if (y === false)

  1198.           return new Error('Malformed PPK public key');

  1199.         var x = utils.readString(privBlob, 0);

  1200.         if (x === false)

  1201.           return new Error('Malformed PPK private key');

  1202. 

  1203.         pubPEM = genOpenSSLDSAPub(p, q, g, y);

  1204.         pubSSH = genOpenSSHDSAPub(p, q, g, y);

  1205.         privPEM = genOpenSSLDSAPriv(p, q, g, y, x);

  1206.         break;

  1207.     }

  1208. 

  1209.     return new PPK_Private(type, comment, privPEM, pubPEM, pubSSH, 'sha1',

  1210.                            encrypted);

  1211.   };

  1212. })();

  1213. 

  1214. 

  1215. function parseDER(data, baseType, comment, fullType) {

  1216.   // avoid cyclic require by requiring on first use

  1217.   if (!utils)

  1218.     utils = require('./utils');

  1219. 

  1220.   var algo;

  1221.   var pubPEM = null;

  1222.   var pubSSH = null;

  1223.   switch (baseType) {

  1224.     case 'ssh-rsa':

  1225.       var e = utils.readString(data, data._pos);

  1226.       if (e === false)

  1227.         return new Error('Malformed OpenSSH public key');

  1228.       var n = utils.readString(data, data._pos);

  1229.       if (n === false)

  1230.         return new Error('Malformed OpenSSH public key');

  1231.       pubPEM = genOpenSSLRSAPub(n, e);

  1232.       pubSSH = genOpenSSHRSAPub(n, e);

  1233.       algo = 'sha1';

  1234.       break;

  1235.     case 'ssh-dss':

  1236.       var p = utils.readString(data, data._pos);

  1237.       if (p === false)

  1238.         return new Error('Malformed OpenSSH public key');

  1239.       var q = utils.readString(data, data._pos);

  1240.       if (q === false)

  1241.         return new Error('Malformed OpenSSH public key');

  1242.       var g = utils.readString(data, data._pos);

  1243.       if (g === false)

  1244.         return new Error('Malformed OpenSSH public key');

  1245.       var y = utils.readString(data, data._pos);

  1246.       if (y === false)

  1247.         return new Error('Malformed OpenSSH public key');

  1248.       pubPEM = genOpenSSLDSAPub(p, q, g, y);

  1249.       pubSSH = genOpenSSHDSAPub(p, q, g, y);

  1250.       algo = 'sha1';

  1251.       break;

  1252.     case 'ssh-ed25519':

  1253.       var edpub = utils.readString(data, data._pos);

  1254.       if (edpub === false || edpub.length !== 32)

  1255.         return new Error('Malformed OpenSSH public key');

  1256.       pubPEM = genOpenSSLEdPub(edpub);

  1257.       pubSSH = genOpenSSHEdPub(edpub);

  1258.       algo = null;

  1259.       break;

  1260.     case 'ecdsa-sha2-nistp256':

  1261.       algo = 'sha256';

  1262.       oid = '1.2.840.10045.3.1.7';

  1263.     case 'ecdsa-sha2-nistp384':

  1264.       if (algo === undefined) {

  1265.         algo = 'sha384';

  1266.         oid = '1.3.132.0.34';

  1267.       }

  1268.     case 'ecdsa-sha2-nistp521':

  1269.       if (algo === undefined) {

  1270.         algo = 'sha512';

  1271.         oid = '1.3.132.0.35';

  1272.       }

  1273.       // TODO: validate curve name against type

  1274.       if (!skipFields(data, 1)) // Skip curve name

  1275.         return new Error('Malformed OpenSSH public key');

  1276.       var ecpub = utils.readString(data, data._pos);

  1277.       if (ecpub === false)

  1278.         return new Error('Malformed OpenSSH public key');

  1279.       pubPEM = genOpenSSLECDSAPub(oid, ecpub);

  1280.       pubSSH = genOpenSSHECDSAPub(oid, ecpub);

  1281.       break;

  1282.     default:

  1283.       return new Error('Unsupported OpenSSH public key type: ' + baseType);

  1284.   }

  1285. 

  1286.   return new OpenSSH_Public(fullType, comment, pubPEM, pubSSH, algo);

  1287. }

  1288. function OpenSSH_Public(type, comment, pubPEM, pubSSH, algo) {

  1289.   this.type = type;

  1290.   this.comment = comment;

  1291.   this[SYM_PRIV_PEM] = null;

  1292.   this[SYM_PUB_PEM] = pubPEM;

  1293.   this[SYM_PUB_SSH] = pubSSH;

  1294.   this[SYM_HASH_ALGO] = algo;

  1295.   this[SYM_DECRYPTED] = false;

  1296. }

  1297. OpenSSH_Public.prototype = BaseKey;

  1298. (function() {

  1299.   var regexp;

  1300.   if (EDDSA_SUPPORTED)

  1301.     regexp = /^(((?:ssh-(?:rsa|dss|ed25519))|ecdsa-sha2-nistp(?:256|384|521))(?:-cert-v0[01]@openssh.com)?) ([A-Z0-9a-z\/+=]+)(?:$|\s+([\S].*)?)$/;

  1302.   else

  1303.     regexp = /^(((?:ssh-(?:rsa|dss))|ecdsa-sha2-nistp(?:256|384|521))(?:-cert-v0[01]@openssh.com)?) ([A-Z0-9a-z\/+=]+)(?:$|\s+([\S].*)?)$/;

  1304.   OpenSSH_Public.parse = function(str) {

  1305.     var m = regexp.exec(str);

  1306.     if (m === null)

  1307.       return null;

  1308.     // m[1] = full type

  1309.     // m[2] = base type

  1310.     // m[3] = base64-encoded public key

  1311.     // m[4] = comment

  1312. 

  1313.     // avoid cyclic require by requiring on first use

  1314.     if (!utils)

  1315.       utils = require('./utils');

  1316. 

  1317.     var fullType = m[1];

  1318.     var baseType = m[2];

  1319.     var data = Buffer.from(m[3], 'base64');

  1320.     var comment = (m[4] || '');

  1321. 

  1322.     var type = utils.readString(data, data._pos, 'ascii');

  1323.     if (type === false || type.indexOf(baseType) !== 0)

  1324.       return new Error('Malformed OpenSSH public key');

  1325. 

  1326.     return parseDER(data, baseType, comment, fullType);

  1327.   };

  1328. })();

  1329. 

  1330. 

  1331. 

  1332. function RFC4716_Public(type, comment, pubPEM, pubSSH, algo) {

  1333.   this.type = type;

  1334.   this.comment = comment;

  1335.   this[SYM_PRIV_PEM] = null;

  1336.   this[SYM_PUB_PEM] = pubPEM;

  1337.   this[SYM_PUB_SSH] = pubSSH;

  1338.   this[SYM_HASH_ALGO] = algo;

  1339.   this[SYM_DECRYPTED] = false;

  1340. }

  1341. RFC4716_Public.prototype = BaseKey;

  1342. (function() {

  1343.   var regexp = /^---- BEGIN SSH2 PUBLIC KEY ----(?:\r\n|\n)((?:(?:[\x21-\x7E]+?):(?:(?:.*?\\\r?\n)*.*)(?:\r\n|\n))*)((?:[A-Z0-9a-z\/+=]+(?:\r\n|\n))+)---- END SSH2 PUBLIC KEY ----$/;

  1344.   var RE_HEADER = /^([\x21-\x7E]+?):((?:.*?\\\r?\n)*.*)$/gm;

  1345.   var RE_HEADER_ENDS = /\\\r?\n/g;

  1346.   RFC4716_Public.parse = function(str) {

  1347.     var m = regexp.exec(str);

  1348.     if (m === null)

  1349.       return null;

  1350.     // m[1] = header(s)

  1351.     // m[2] = base64-encoded public key

  1352. 

  1353.     var headers = m[1];

  1354.     var data = Buffer.from(m[2], 'base64');

  1355.     var comment = '';

  1356. 

  1357.     if (headers !== undefined) {

  1358.       while (m = RE_HEADER.exec(headers)) {

  1359.         if (m[1].toLowerCase() === 'comment') {

  1360.           comment = trimStart(m[2].replace(RE_HEADER_ENDS, ''));

  1361.           if (comment.length > 1

  1362.               && comment.charCodeAt(0) === 34/*'"'*/

  1363.               && comment.charCodeAt(comment.length - 1) === 34/*'"'*/) {

  1364.             comment = comment.slice(1, -1);

  1365.           }

  1366.         }

  1367.       }

  1368.     }

  1369. 

  1370.     // avoid cyclic require by requiring on first use

  1371.     if (!utils)

  1372.       utils = require('./utils');

  1373. 

  1374.     var type = utils.readString(data, 0, 'ascii');

  1375.     if (type === false)

  1376.       return new Error('Malformed RFC4716 public key');

  1377. 

  1378.     var pubPEM = null;

  1379.     var pubSSH = null;

  1380.     switch (type) {

  1381.       case 'ssh-rsa':

  1382.         var e = utils.readString(data, data._pos);

  1383.         if (e === false)

  1384.           return new Error('Malformed RFC4716 public key');

  1385.         var n = utils.readString(data, data._pos);

  1386.         if (n === false)

  1387.           return new Error('Malformed RFC4716 public key');

  1388.         pubPEM = genOpenSSLRSAPub(n, e);

  1389.         pubSSH = genOpenSSHRSAPub(n, e);

  1390.         break;

  1391.       case 'ssh-dss':

  1392.         var p = utils.readString(data, data._pos);

  1393.         if (p === false)

  1394.           return new Error('Malformed RFC4716 public key');

  1395.         var q = utils.readString(data, data._pos);

  1396.         if (q === false)

  1397.           return new Error('Malformed RFC4716 public key');

  1398.         var g = utils.readString(data, data._pos);

  1399.         if (g === false)

  1400.           return new Error('Malformed RFC4716 public key');

  1401.         var y = utils.readString(data, data._pos);

  1402.         if (y === false)

  1403.           return new Error('Malformed RFC4716 public key');

  1404.         pubPEM = genOpenSSLDSAPub(p, q, g, y);

  1405.         pubSSH = genOpenSSHDSAPub(p, q, g, y);

  1406.         break;

  1407.       default:

  1408.         return new Error('Malformed RFC4716 public key');

  1409.     }

  1410. 

  1411.     return new RFC4716_Public(type, comment, pubPEM, pubSSH, 'sha1');

  1412.   };

  1413. })();

  1414. 

  1415. 

  1416. 

  1417. module.exports = {

  1418.   parseDERKey: function parseDERKey(data, type) {

  1419.     return parseDER(data, type, '', type);

  1420.   },

  1421.   parseKey: function parseKey(data, passphrase) {

  1422.     if (Buffer.isBuffer(data))

  1423.       data = data.toString('utf8').trim();

  1424.     else if (typeof data !== 'string')

  1425.       return new Error('Key data must be a Buffer or string');

  1426.     else

  1427.       data = data.trim();

  1428. 

  1429.     // intentional !=

  1430.     if (passphrase != undefined) {

  1431.       if (typeof passphrase === 'string')

  1432.         passphrase = Buffer.from(passphrase);

  1433.       else if (!Buffer.isBuffer(passphrase))

  1434.         return new Error('Passphrase must be a string or Buffer when supplied');

  1435.     }

  1436. 

  1437.     var ret;

  1438. 

  1439.     // Private keys

  1440.     if ((ret = OpenSSH_Private.parse(data, passphrase)) !== null)

  1441.       return ret;

  1442.     if ((ret = OpenSSH_Old_Private.parse(data, passphrase)) !== null)

  1443.       return ret;

  1444.     if ((ret = PPK_Private.parse(data, passphrase)) !== null)

  1445.       return ret;

  1446. 

  1447.     // Public keys

  1448.     if ((ret = OpenSSH_Public.parse(data)) !== null)

  1449.       return ret;

  1450.     if ((ret = RFC4716_Public.parse(data)) !== null)

  1451.       return ret;

  1452. 

  1453.     return new Error('Unsupported key format');

  1454.   }

  1455. }