123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290 |
- // Copyright 2018 Joyent, Inc.
-
- module.exports = {
- read: read,
- write: write
- };
-
- var assert = require('assert-plus');
- var asn1 = require('asn1');
- var crypto = require('crypto');
- var Buffer = require('safer-buffer').Buffer;
- var algs = require('../algs');
- var utils = require('../utils');
- var Key = require('../key');
- var PrivateKey = require('../private-key');
-
- var pkcs1 = require('./pkcs1');
- var pkcs8 = require('./pkcs8');
- var sshpriv = require('./ssh-private');
- var rfc4253 = require('./rfc4253');
-
- var errors = require('../errors');
-
- var OID_PBES2 = '1.2.840.113549.1.5.13';
- var OID_PBKDF2 = '1.2.840.113549.1.5.12';
-
- var OID_TO_CIPHER = {
- '1.2.840.113549.3.7': '3des-cbc',
- '2.16.840.1.101.3.4.1.2': 'aes128-cbc',
- '2.16.840.1.101.3.4.1.42': 'aes256-cbc'
- };
- var CIPHER_TO_OID = {};
- Object.keys(OID_TO_CIPHER).forEach(function (k) {
- CIPHER_TO_OID[OID_TO_CIPHER[k]] = k;
- });
-
- var OID_TO_HASH = {
- '1.2.840.113549.2.7': 'sha1',
- '1.2.840.113549.2.9': 'sha256',
- '1.2.840.113549.2.11': 'sha512'
- };
- var HASH_TO_OID = {};
- Object.keys(OID_TO_HASH).forEach(function (k) {
- HASH_TO_OID[OID_TO_HASH[k]] = k;
- });
-
- /*
- * For reading we support both PKCS#1 and PKCS#8. If we find a private key,
- * we just take the public component of it and use that.
- */
- function read(buf, options, forceType) {
- var input = buf;
- if (typeof (buf) !== 'string') {
- assert.buffer(buf, 'buf');
- buf = buf.toString('ascii');
- }
-
- var lines = buf.trim().split(/[\r\n]+/g);
-
- var m;
- var si = -1;
- while (!m && si < lines.length) {
- m = lines[++si].match(/*JSSTYLED*/
- /[-]+[ ]*BEGIN ([A-Z0-9][A-Za-z0-9]+ )?(PUBLIC|PRIVATE) KEY[ ]*[-]+/);
- }
- assert.ok(m, 'invalid PEM header');
-
- var m2;
- var ei = lines.length;
- while (!m2 && ei > 0) {
- m2 = lines[--ei].match(/*JSSTYLED*/
- /[-]+[ ]*END ([A-Z0-9][A-Za-z0-9]+ )?(PUBLIC|PRIVATE) KEY[ ]*[-]+/);
- }
- assert.ok(m2, 'invalid PEM footer');
-
- /* Begin and end banners must match key type */
- assert.equal(m[2], m2[2]);
- var type = m[2].toLowerCase();
-
- var alg;
- if (m[1]) {
- /* They also must match algorithms, if given */
- assert.equal(m[1], m2[1], 'PEM header and footer mismatch');
- alg = m[1].trim();
- }
-
- lines = lines.slice(si, ei + 1);
-
- var headers = {};
- while (true) {
- lines = lines.slice(1);
- m = lines[0].match(/*JSSTYLED*/
- /^([A-Za-z0-9-]+): (.+)$/);
- if (!m)
- break;
- headers[m[1].toLowerCase()] = m[2];
- }
-
- /* Chop off the first and last lines */
- lines = lines.slice(0, -1).join('');
- buf = Buffer.from(lines, 'base64');
-
- var cipher, key, iv;
- if (headers['proc-type']) {
- var parts = headers['proc-type'].split(',');
- if (parts[0] === '4' && parts[1] === 'ENCRYPTED') {
- if (typeof (options.passphrase) === 'string') {
- options.passphrase = Buffer.from(
- options.passphrase, 'utf-8');
- }
- if (!Buffer.isBuffer(options.passphrase)) {
- throw (new errors.KeyEncryptedError(
- options.filename, 'PEM'));
- } else {
- parts = headers['dek-info'].split(',');
- assert.ok(parts.length === 2);
- cipher = parts[0].toLowerCase();
- iv = Buffer.from(parts[1], 'hex');
- key = utils.opensslKeyDeriv(cipher, iv,
- options.passphrase, 1).key;
- }
- }
- }
-
- if (alg && alg.toLowerCase() === 'encrypted') {
- var eder = new asn1.BerReader(buf);
- var pbesEnd;
- eder.readSequence();
-
- eder.readSequence();
- pbesEnd = eder.offset + eder.length;
-
- var method = eder.readOID();
- if (method !== OID_PBES2) {
- throw (new Error('Unsupported PEM/PKCS8 encryption ' +
- 'scheme: ' + method));
- }
-
- eder.readSequence(); /* PBES2-params */
-
- eder.readSequence(); /* keyDerivationFunc */
- var kdfEnd = eder.offset + eder.length;
- var kdfOid = eder.readOID();
- if (kdfOid !== OID_PBKDF2)
- throw (new Error('Unsupported PBES2 KDF: ' + kdfOid));
- eder.readSequence();
- var salt = eder.readString(asn1.Ber.OctetString, true);
- var iterations = eder.readInt();
- var hashAlg = 'sha1';
- if (eder.offset < kdfEnd) {
- eder.readSequence();
- var hashAlgOid = eder.readOID();
- hashAlg = OID_TO_HASH[hashAlgOid];
- if (hashAlg === undefined) {
- throw (new Error('Unsupported PBKDF2 hash: ' +
- hashAlgOid));
- }
- }
- eder._offset = kdfEnd;
-
- eder.readSequence(); /* encryptionScheme */
- var cipherOid = eder.readOID();
- cipher = OID_TO_CIPHER[cipherOid];
- if (cipher === undefined) {
- throw (new Error('Unsupported PBES2 cipher: ' +
- cipherOid));
- }
- iv = eder.readString(asn1.Ber.OctetString, true);
-
- eder._offset = pbesEnd;
- buf = eder.readString(asn1.Ber.OctetString, true);
-
- if (typeof (options.passphrase) === 'string') {
- options.passphrase = Buffer.from(
- options.passphrase, 'utf-8');
- }
- if (!Buffer.isBuffer(options.passphrase)) {
- throw (new errors.KeyEncryptedError(
- options.filename, 'PEM'));
- }
-
- var cinfo = utils.opensshCipherInfo(cipher);
-
- cipher = cinfo.opensslName;
- key = utils.pbkdf2(hashAlg, salt, iterations, cinfo.keySize,
- options.passphrase);
- alg = undefined;
- }
-
- if (cipher && key && iv) {
- var cipherStream = crypto.createDecipheriv(cipher, key, iv);
- var chunk, chunks = [];
- cipherStream.once('error', function (e) {
- if (e.toString().indexOf('bad decrypt') !== -1) {
- throw (new Error('Incorrect passphrase ' +
- 'supplied, could not decrypt key'));
- }
- throw (e);
- });
- cipherStream.write(buf);
- cipherStream.end();
- while ((chunk = cipherStream.read()) !== null)
- chunks.push(chunk);
- buf = Buffer.concat(chunks);
- }
-
- /* The new OpenSSH internal format abuses PEM headers */
- if (alg && alg.toLowerCase() === 'openssh')
- return (sshpriv.readSSHPrivate(type, buf, options));
- if (alg && alg.toLowerCase() === 'ssh2')
- return (rfc4253.readType(type, buf, options));
-
- var der = new asn1.BerReader(buf);
- der.originalInput = input;
-
- /*
- * All of the PEM file types start with a sequence tag, so chop it
- * off here
- */
- der.readSequence();
-
- /* PKCS#1 type keys name an algorithm in the banner explicitly */
- if (alg) {
- if (forceType)
- assert.strictEqual(forceType, 'pkcs1');
- return (pkcs1.readPkcs1(alg, type, der));
- } else {
- if (forceType)
- assert.strictEqual(forceType, 'pkcs8');
- return (pkcs8.readPkcs8(alg, type, der));
- }
- }
-
- function write(key, options, type) {
- assert.object(key);
-
- var alg = {
- 'ecdsa': 'EC',
- 'rsa': 'RSA',
- 'dsa': 'DSA',
- 'ed25519': 'EdDSA'
- }[key.type];
- var header;
-
- var der = new asn1.BerWriter();
-
- if (PrivateKey.isPrivateKey(key)) {
- if (type && type === 'pkcs8') {
- header = 'PRIVATE KEY';
- pkcs8.writePkcs8(der, key);
- } else {
- if (type)
- assert.strictEqual(type, 'pkcs1');
- header = alg + ' PRIVATE KEY';
- pkcs1.writePkcs1(der, key);
- }
-
- } else if (Key.isKey(key)) {
- if (type && type === 'pkcs1') {
- header = alg + ' PUBLIC KEY';
- pkcs1.writePkcs1(der, key);
- } else {
- if (type)
- assert.strictEqual(type, 'pkcs8');
- header = 'PUBLIC KEY';
- pkcs8.writePkcs8(der, key);
- }
-
- } else {
- throw (new Error('key is not a Key or PrivateKey'));
- }
-
- var tmp = der.buffer.toString('base64');
- var len = tmp.length + (tmp.length / 64) +
- 18 + 16 + header.length*2 + 10;
- var buf = Buffer.alloc(len);
- var o = 0;
- o += buf.write('-----BEGIN ' + header + '-----\n', o);
- for (var i = 0; i < tmp.length; ) {
- var limit = i + 64;
- if (limit > tmp.length)
- limit = tmp.length;
- o += buf.write(tmp.slice(i, limit), o);
- buf[o++] = 10;
- i = limit;
- }
- o += buf.write('-----END ' + header + '-----\n', o);
-
- return (buf.slice(0, o));
- }
|