123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404 |
- // Copyright 2015 Joyent, Inc.
-
- module.exports = {
- bufferSplit: bufferSplit,
- addRSAMissing: addRSAMissing,
- calculateDSAPublic: calculateDSAPublic,
- calculateED25519Public: calculateED25519Public,
- calculateX25519Public: calculateX25519Public,
- mpNormalize: mpNormalize,
- mpDenormalize: mpDenormalize,
- ecNormalize: ecNormalize,
- countZeros: countZeros,
- assertCompatible: assertCompatible,
- isCompatible: isCompatible,
- opensslKeyDeriv: opensslKeyDeriv,
- opensshCipherInfo: opensshCipherInfo,
- publicFromPrivateECDSA: publicFromPrivateECDSA,
- zeroPadToLength: zeroPadToLength,
- writeBitString: writeBitString,
- readBitString: readBitString,
- pbkdf2: pbkdf2
- };
-
- var assert = require('assert-plus');
- var Buffer = require('safer-buffer').Buffer;
- var PrivateKey = require('./private-key');
- var Key = require('./key');
- var crypto = require('crypto');
- var algs = require('./algs');
- var asn1 = require('asn1');
-
- var ec = require('ecc-jsbn/lib/ec');
- var jsbn = require('jsbn').BigInteger;
- var nacl = require('tweetnacl');
-
- var MAX_CLASS_DEPTH = 3;
-
- function isCompatible(obj, klass, needVer) {
- if (obj === null || typeof (obj) !== 'object')
- return (false);
- if (needVer === undefined)
- needVer = klass.prototype._sshpkApiVersion;
- if (obj instanceof klass &&
- klass.prototype._sshpkApiVersion[0] == needVer[0])
- return (true);
- var proto = Object.getPrototypeOf(obj);
- var depth = 0;
- while (proto.constructor.name !== klass.name) {
- proto = Object.getPrototypeOf(proto);
- if (!proto || ++depth > MAX_CLASS_DEPTH)
- return (false);
- }
- if (proto.constructor.name !== klass.name)
- return (false);
- var ver = proto._sshpkApiVersion;
- if (ver === undefined)
- ver = klass._oldVersionDetect(obj);
- if (ver[0] != needVer[0] || ver[1] < needVer[1])
- return (false);
- return (true);
- }
-
- function assertCompatible(obj, klass, needVer, name) {
- if (name === undefined)
- name = 'object';
- assert.ok(obj, name + ' must not be null');
- assert.object(obj, name + ' must be an object');
- if (needVer === undefined)
- needVer = klass.prototype._sshpkApiVersion;
- if (obj instanceof klass &&
- klass.prototype._sshpkApiVersion[0] == needVer[0])
- return;
- var proto = Object.getPrototypeOf(obj);
- var depth = 0;
- while (proto.constructor.name !== klass.name) {
- proto = Object.getPrototypeOf(proto);
- assert.ok(proto && ++depth <= MAX_CLASS_DEPTH,
- name + ' must be a ' + klass.name + ' instance');
- }
- assert.strictEqual(proto.constructor.name, klass.name,
- name + ' must be a ' + klass.name + ' instance');
- var ver = proto._sshpkApiVersion;
- if (ver === undefined)
- ver = klass._oldVersionDetect(obj);
- assert.ok(ver[0] == needVer[0] && ver[1] >= needVer[1],
- name + ' must be compatible with ' + klass.name + ' klass ' +
- 'version ' + needVer[0] + '.' + needVer[1]);
- }
-
- var CIPHER_LEN = {
- 'des-ede3-cbc': { key: 24, iv: 8 },
- 'aes-128-cbc': { key: 16, iv: 16 },
- 'aes-256-cbc': { key: 32, iv: 16 }
- };
- var PKCS5_SALT_LEN = 8;
-
- function opensslKeyDeriv(cipher, salt, passphrase, count) {
- assert.buffer(salt, 'salt');
- assert.buffer(passphrase, 'passphrase');
- assert.number(count, 'iteration count');
-
- var clen = CIPHER_LEN[cipher];
- assert.object(clen, 'supported cipher');
-
- salt = salt.slice(0, PKCS5_SALT_LEN);
-
- var D, D_prev, bufs;
- var material = Buffer.alloc(0);
- while (material.length < clen.key + clen.iv) {
- bufs = [];
- if (D_prev)
- bufs.push(D_prev);
- bufs.push(passphrase);
- bufs.push(salt);
- D = Buffer.concat(bufs);
- for (var j = 0; j < count; ++j)
- D = crypto.createHash('md5').update(D).digest();
- material = Buffer.concat([material, D]);
- D_prev = D;
- }
-
- return ({
- key: material.slice(0, clen.key),
- iv: material.slice(clen.key, clen.key + clen.iv)
- });
- }
-
- /* See: RFC2898 */
- function pbkdf2(hashAlg, salt, iterations, size, passphrase) {
- var hkey = Buffer.alloc(salt.length + 4);
- salt.copy(hkey);
-
- var gen = 0, ts = [];
- var i = 1;
- while (gen < size) {
- var t = T(i++);
- gen += t.length;
- ts.push(t);
- }
- return (Buffer.concat(ts).slice(0, size));
-
- function T(I) {
- hkey.writeUInt32BE(I, hkey.length - 4);
-
- var hmac = crypto.createHmac(hashAlg, passphrase);
- hmac.update(hkey);
-
- var Ti = hmac.digest();
- var Uc = Ti;
- var c = 1;
- while (c++ < iterations) {
- hmac = crypto.createHmac(hashAlg, passphrase);
- hmac.update(Uc);
- Uc = hmac.digest();
- for (var x = 0; x < Ti.length; ++x)
- Ti[x] ^= Uc[x];
- }
- return (Ti);
- }
- }
-
- /* Count leading zero bits on a buffer */
- function countZeros(buf) {
- var o = 0, obit = 8;
- while (o < buf.length) {
- var mask = (1 << obit);
- if ((buf[o] & mask) === mask)
- break;
- obit--;
- if (obit < 0) {
- o++;
- obit = 8;
- }
- }
- return (o*8 + (8 - obit) - 1);
- }
-
- function bufferSplit(buf, chr) {
- assert.buffer(buf);
- assert.string(chr);
-
- var parts = [];
- var lastPart = 0;
- var matches = 0;
- for (var i = 0; i < buf.length; ++i) {
- if (buf[i] === chr.charCodeAt(matches))
- ++matches;
- else if (buf[i] === chr.charCodeAt(0))
- matches = 1;
- else
- matches = 0;
-
- if (matches >= chr.length) {
- var newPart = i + 1;
- parts.push(buf.slice(lastPart, newPart - matches));
- lastPart = newPart;
- matches = 0;
- }
- }
- if (lastPart <= buf.length)
- parts.push(buf.slice(lastPart, buf.length));
-
- return (parts);
- }
-
- function ecNormalize(buf, addZero) {
- assert.buffer(buf);
- if (buf[0] === 0x00 && buf[1] === 0x04) {
- if (addZero)
- return (buf);
- return (buf.slice(1));
- } else if (buf[0] === 0x04) {
- if (!addZero)
- return (buf);
- } else {
- while (buf[0] === 0x00)
- buf = buf.slice(1);
- if (buf[0] === 0x02 || buf[0] === 0x03)
- throw (new Error('Compressed elliptic curve points ' +
- 'are not supported'));
- if (buf[0] !== 0x04)
- throw (new Error('Not a valid elliptic curve point'));
- if (!addZero)
- return (buf);
- }
- var b = Buffer.alloc(buf.length + 1);
- b[0] = 0x0;
- buf.copy(b, 1);
- return (b);
- }
-
- function readBitString(der, tag) {
- if (tag === undefined)
- tag = asn1.Ber.BitString;
- var buf = der.readString(tag, true);
- assert.strictEqual(buf[0], 0x00, 'bit strings with unused bits are ' +
- 'not supported (0x' + buf[0].toString(16) + ')');
- return (buf.slice(1));
- }
-
- function writeBitString(der, buf, tag) {
- if (tag === undefined)
- tag = asn1.Ber.BitString;
- var b = Buffer.alloc(buf.length + 1);
- b[0] = 0x00;
- buf.copy(b, 1);
- der.writeBuffer(b, tag);
- }
-
- function mpNormalize(buf) {
- assert.buffer(buf);
- while (buf.length > 1 && buf[0] === 0x00 && (buf[1] & 0x80) === 0x00)
- buf = buf.slice(1);
- if ((buf[0] & 0x80) === 0x80) {
- var b = Buffer.alloc(buf.length + 1);
- b[0] = 0x00;
- buf.copy(b, 1);
- buf = b;
- }
- return (buf);
- }
-
- function mpDenormalize(buf) {
- assert.buffer(buf);
- while (buf.length > 1 && buf[0] === 0x00)
- buf = buf.slice(1);
- return (buf);
- }
-
- function zeroPadToLength(buf, len) {
- assert.buffer(buf);
- assert.number(len);
- while (buf.length > len) {
- assert.equal(buf[0], 0x00);
- buf = buf.slice(1);
- }
- while (buf.length < len) {
- var b = Buffer.alloc(buf.length + 1);
- b[0] = 0x00;
- buf.copy(b, 1);
- buf = b;
- }
- return (buf);
- }
-
- function bigintToMpBuf(bigint) {
- var buf = Buffer.from(bigint.toByteArray());
- buf = mpNormalize(buf);
- return (buf);
- }
-
- function calculateDSAPublic(g, p, x) {
- assert.buffer(g);
- assert.buffer(p);
- assert.buffer(x);
- g = new jsbn(g);
- p = new jsbn(p);
- x = new jsbn(x);
- var y = g.modPow(x, p);
- var ybuf = bigintToMpBuf(y);
- return (ybuf);
- }
-
- function calculateED25519Public(k) {
- assert.buffer(k);
-
- var kp = nacl.sign.keyPair.fromSeed(new Uint8Array(k));
- return (Buffer.from(kp.publicKey));
- }
-
- function calculateX25519Public(k) {
- assert.buffer(k);
-
- var kp = nacl.box.keyPair.fromSeed(new Uint8Array(k));
- return (Buffer.from(kp.publicKey));
- }
-
- function addRSAMissing(key) {
- assert.object(key);
- assertCompatible(key, PrivateKey, [1, 1]);
-
- var d = new jsbn(key.part.d.data);
- var buf;
-
- if (!key.part.dmodp) {
- var p = new jsbn(key.part.p.data);
- var dmodp = d.mod(p.subtract(1));
-
- buf = bigintToMpBuf(dmodp);
- key.part.dmodp = {name: 'dmodp', data: buf};
- key.parts.push(key.part.dmodp);
- }
- if (!key.part.dmodq) {
- var q = new jsbn(key.part.q.data);
- var dmodq = d.mod(q.subtract(1));
-
- buf = bigintToMpBuf(dmodq);
- key.part.dmodq = {name: 'dmodq', data: buf};
- key.parts.push(key.part.dmodq);
- }
- }
-
- function publicFromPrivateECDSA(curveName, priv) {
- assert.string(curveName, 'curveName');
- assert.buffer(priv);
- var params = algs.curves[curveName];
- var p = new jsbn(params.p);
- var a = new jsbn(params.a);
- var b = new jsbn(params.b);
- var curve = new ec.ECCurveFp(p, a, b);
- var G = curve.decodePointHex(params.G.toString('hex'));
-
- var d = new jsbn(mpNormalize(priv));
- var pub = G.multiply(d);
- pub = Buffer.from(curve.encodePointHex(pub), 'hex');
-
- var parts = [];
- parts.push({name: 'curve', data: Buffer.from(curveName)});
- parts.push({name: 'Q', data: pub});
-
- var key = new Key({type: 'ecdsa', curve: curve, parts: parts});
- return (key);
- }
-
- function opensshCipherInfo(cipher) {
- var inf = {};
- switch (cipher) {
- case '3des-cbc':
- inf.keySize = 24;
- inf.blockSize = 8;
- inf.opensslName = 'des-ede3-cbc';
- break;
- case 'blowfish-cbc':
- inf.keySize = 16;
- inf.blockSize = 8;
- inf.opensslName = 'bf-cbc';
- break;
- case 'aes128-cbc':
- case 'aes128-ctr':
- case 'aes128-gcm@openssh.com':
- inf.keySize = 16;
- inf.blockSize = 16;
- inf.opensslName = 'aes-128-' + cipher.slice(7, 10);
- break;
- case 'aes192-cbc':
- case 'aes192-ctr':
- case 'aes192-gcm@openssh.com':
- inf.keySize = 24;
- inf.blockSize = 16;
- inf.opensslName = 'aes-192-' + cipher.slice(7, 10);
- break;
- case 'aes256-cbc':
- case 'aes256-ctr':
- case 'aes256-gcm@openssh.com':
- inf.keySize = 32;
- inf.blockSize = 16;
- inf.opensslName = 'aes-256-' + cipher.slice(7, 10);
- break;
- default:
- throw (new Error(
- 'Unsupported openssl cipher "' + cipher + '"'));
- }
- return (inf);
- }
|