123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314 |
- // Copyright 2015 Joyent, Inc.
-
- module.exports = Signature;
-
- var assert = require('assert-plus');
- var Buffer = require('safer-buffer').Buffer;
- var algs = require('./algs');
- var crypto = require('crypto');
- var errs = require('./errors');
- var utils = require('./utils');
- var asn1 = require('asn1');
- var SSHBuffer = require('./ssh-buffer');
-
- var InvalidAlgorithmError = errs.InvalidAlgorithmError;
- var SignatureParseError = errs.SignatureParseError;
-
- function Signature(opts) {
- assert.object(opts, 'options');
- assert.arrayOfObject(opts.parts, 'options.parts');
- assert.string(opts.type, 'options.type');
-
- var partLookup = {};
- for (var i = 0; i < opts.parts.length; ++i) {
- var part = opts.parts[i];
- partLookup[part.name] = part;
- }
-
- this.type = opts.type;
- this.hashAlgorithm = opts.hashAlgo;
- this.curve = opts.curve;
- this.parts = opts.parts;
- this.part = partLookup;
- }
-
- Signature.prototype.toBuffer = function (format) {
- if (format === undefined)
- format = 'asn1';
- assert.string(format, 'format');
-
- var buf;
- var stype = 'ssh-' + this.type;
-
- switch (this.type) {
- case 'rsa':
- switch (this.hashAlgorithm) {
- case 'sha256':
- stype = 'rsa-sha2-256';
- break;
- case 'sha512':
- stype = 'rsa-sha2-512';
- break;
- case 'sha1':
- case undefined:
- break;
- default:
- throw (new Error('SSH signature ' +
- 'format does not support hash ' +
- 'algorithm ' + this.hashAlgorithm));
- }
- if (format === 'ssh') {
- buf = new SSHBuffer({});
- buf.writeString(stype);
- buf.writePart(this.part.sig);
- return (buf.toBuffer());
- } else {
- return (this.part.sig.data);
- }
- break;
-
- case 'ed25519':
- if (format === 'ssh') {
- buf = new SSHBuffer({});
- buf.writeString(stype);
- buf.writePart(this.part.sig);
- return (buf.toBuffer());
- } else {
- return (this.part.sig.data);
- }
- break;
-
- case 'dsa':
- case 'ecdsa':
- var r, s;
- if (format === 'asn1') {
- var der = new asn1.BerWriter();
- der.startSequence();
- r = utils.mpNormalize(this.part.r.data);
- s = utils.mpNormalize(this.part.s.data);
- der.writeBuffer(r, asn1.Ber.Integer);
- der.writeBuffer(s, asn1.Ber.Integer);
- der.endSequence();
- return (der.buffer);
- } else if (format === 'ssh' && this.type === 'dsa') {
- buf = new SSHBuffer({});
- buf.writeString('ssh-dss');
- r = this.part.r.data;
- if (r.length > 20 && r[0] === 0x00)
- r = r.slice(1);
- s = this.part.s.data;
- if (s.length > 20 && s[0] === 0x00)
- s = s.slice(1);
- if ((this.hashAlgorithm &&
- this.hashAlgorithm !== 'sha1') ||
- r.length + s.length !== 40) {
- throw (new Error('OpenSSH only supports ' +
- 'DSA signatures with SHA1 hash'));
- }
- buf.writeBuffer(Buffer.concat([r, s]));
- return (buf.toBuffer());
- } else if (format === 'ssh' && this.type === 'ecdsa') {
- var inner = new SSHBuffer({});
- r = this.part.r.data;
- inner.writeBuffer(r);
- inner.writePart(this.part.s);
-
- buf = new SSHBuffer({});
- /* XXX: find a more proper way to do this? */
- var curve;
- if (r[0] === 0x00)
- r = r.slice(1);
- var sz = r.length * 8;
- if (sz === 256)
- curve = 'nistp256';
- else if (sz === 384)
- curve = 'nistp384';
- else if (sz === 528)
- curve = 'nistp521';
- buf.writeString('ecdsa-sha2-' + curve);
- buf.writeBuffer(inner.toBuffer());
- return (buf.toBuffer());
- }
- throw (new Error('Invalid signature format'));
- default:
- throw (new Error('Invalid signature data'));
- }
- };
-
- Signature.prototype.toString = function (format) {
- assert.optionalString(format, 'format');
- return (this.toBuffer(format).toString('base64'));
- };
-
- Signature.parse = function (data, type, format) {
- if (typeof (data) === 'string')
- data = Buffer.from(data, 'base64');
- assert.buffer(data, 'data');
- assert.string(format, 'format');
- assert.string(type, 'type');
-
- var opts = {};
- opts.type = type.toLowerCase();
- opts.parts = [];
-
- try {
- assert.ok(data.length > 0, 'signature must not be empty');
- switch (opts.type) {
- case 'rsa':
- return (parseOneNum(data, type, format, opts));
- case 'ed25519':
- return (parseOneNum(data, type, format, opts));
-
- case 'dsa':
- case 'ecdsa':
- if (format === 'asn1')
- return (parseDSAasn1(data, type, format, opts));
- else if (opts.type === 'dsa')
- return (parseDSA(data, type, format, opts));
- else
- return (parseECDSA(data, type, format, opts));
-
- default:
- throw (new InvalidAlgorithmError(type));
- }
-
- } catch (e) {
- if (e instanceof InvalidAlgorithmError)
- throw (e);
- throw (new SignatureParseError(type, format, e));
- }
- };
-
- function parseOneNum(data, type, format, opts) {
- if (format === 'ssh') {
- try {
- var buf = new SSHBuffer({buffer: data});
- var head = buf.readString();
- } catch (e) {
- /* fall through */
- }
- if (buf !== undefined) {
- var msg = 'SSH signature does not match expected ' +
- 'type (expected ' + type + ', got ' + head + ')';
- switch (head) {
- case 'ssh-rsa':
- assert.strictEqual(type, 'rsa', msg);
- opts.hashAlgo = 'sha1';
- break;
- case 'rsa-sha2-256':
- assert.strictEqual(type, 'rsa', msg);
- opts.hashAlgo = 'sha256';
- break;
- case 'rsa-sha2-512':
- assert.strictEqual(type, 'rsa', msg);
- opts.hashAlgo = 'sha512';
- break;
- case 'ssh-ed25519':
- assert.strictEqual(type, 'ed25519', msg);
- opts.hashAlgo = 'sha512';
- break;
- default:
- throw (new Error('Unknown SSH signature ' +
- 'type: ' + head));
- }
- var sig = buf.readPart();
- assert.ok(buf.atEnd(), 'extra trailing bytes');
- sig.name = 'sig';
- opts.parts.push(sig);
- return (new Signature(opts));
- }
- }
- opts.parts.push({name: 'sig', data: data});
- return (new Signature(opts));
- }
-
- function parseDSAasn1(data, type, format, opts) {
- var der = new asn1.BerReader(data);
- der.readSequence();
- var r = der.readString(asn1.Ber.Integer, true);
- var s = der.readString(asn1.Ber.Integer, true);
-
- opts.parts.push({name: 'r', data: utils.mpNormalize(r)});
- opts.parts.push({name: 's', data: utils.mpNormalize(s)});
-
- return (new Signature(opts));
- }
-
- function parseDSA(data, type, format, opts) {
- if (data.length != 40) {
- var buf = new SSHBuffer({buffer: data});
- var d = buf.readBuffer();
- if (d.toString('ascii') === 'ssh-dss')
- d = buf.readBuffer();
- assert.ok(buf.atEnd(), 'extra trailing bytes');
- assert.strictEqual(d.length, 40, 'invalid inner length');
- data = d;
- }
- opts.parts.push({name: 'r', data: data.slice(0, 20)});
- opts.parts.push({name: 's', data: data.slice(20, 40)});
- return (new Signature(opts));
- }
-
- function parseECDSA(data, type, format, opts) {
- var buf = new SSHBuffer({buffer: data});
-
- var r, s;
- var inner = buf.readBuffer();
- var stype = inner.toString('ascii');
- if (stype.slice(0, 6) === 'ecdsa-') {
- var parts = stype.split('-');
- assert.strictEqual(parts[0], 'ecdsa');
- assert.strictEqual(parts[1], 'sha2');
- opts.curve = parts[2];
- switch (opts.curve) {
- case 'nistp256':
- opts.hashAlgo = 'sha256';
- break;
- case 'nistp384':
- opts.hashAlgo = 'sha384';
- break;
- case 'nistp521':
- opts.hashAlgo = 'sha512';
- break;
- default:
- throw (new Error('Unsupported ECDSA curve: ' +
- opts.curve));
- }
- inner = buf.readBuffer();
- assert.ok(buf.atEnd(), 'extra trailing bytes on outer');
- buf = new SSHBuffer({buffer: inner});
- r = buf.readPart();
- } else {
- r = {data: inner};
- }
-
- s = buf.readPart();
- assert.ok(buf.atEnd(), 'extra trailing bytes');
-
- r.name = 'r';
- s.name = 's';
-
- opts.parts.push(r);
- opts.parts.push(s);
- return (new Signature(opts));
- }
-
- Signature.isSignature = function (obj, ver) {
- return (utils.isCompatible(obj, Signature, ver));
- };
-
- /*
- * API versions for Signature:
- * [1,0] -- initial ver
- * [2,0] -- support for rsa in full ssh format, compat with sshpk-agent
- * hashAlgorithm property
- * [2,1] -- first tagged version
- */
- Signature.prototype._sshpkApiVersion = [2, 1];
-
- Signature._oldVersionDetect = function (obj) {
- assert.func(obj.toBuffer);
- if (obj.hasOwnProperty('hashAlgorithm'))
- return ([2, 0]);
- return ([1, 0]);
- };
|