Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
ethersphere
ethersphere / gateway-proxy deb
Repository URL to install this package:
|
Version:
0.6.0 ▾
|
gateway-proxy
/
usr
/
share
/
gateway-proxy
/
app
/
node_modules
/
ssh2
/
lib
/
protocol
/
keyParser.js
|
|---|
// TODO:
// * utilize `crypto.create(Private|Public)Key()` and `keyObject.export()`
// * handle multi-line header values (OpenSSH)?
// * more thorough validation?
'use strict';
const {
createDecipheriv,
createECDH,
createHash,
createHmac,
createSign,
createVerify,
getCiphers,
sign: sign_,
verify: verify_,
} = require('crypto');
const supportedOpenSSLCiphers = getCiphers();
const { Ber } = require('asn1');
const bcrypt_pbkdf = require('bcrypt-pbkdf').pbkdf;
const { CIPHER_INFO } = require('./crypto.js');
const { eddsaSupported, SUPPORTED_CIPHER } = require('./constants.js');
const {
bufferSlice,
makeBufferParser,
readString,
readUInt32BE,
writeUInt32BE,
} = require('./utils.js');
const SYM_HASH_ALGO = Symbol('Hash Algorithm');
const SYM_PRIV_PEM = Symbol('Private key PEM');
const SYM_PUB_PEM = Symbol('Public key PEM');
const SYM_PUB_SSH = Symbol('Public key SSH');
const SYM_DECRYPTED = Symbol('Decrypted Key');
// Create OpenSSL cipher name -> SSH cipher name conversion table
const CIPHER_INFO_OPENSSL = Object.create(null);
{
const keys = Object.keys(CIPHER_INFO);
for (let i = 0; i < keys.length; ++i) {
const cipherName = CIPHER_INFO[keys[i]].sslName;
if (!cipherName || CIPHER_INFO_OPENSSL[cipherName])
continue;
CIPHER_INFO_OPENSSL[cipherName] = CIPHER_INFO[keys[i]];
}
}
const binaryKeyParser = makeBufferParser();
function makePEM(type, data) {
data = data.base64Slice(0, data.length);
let formatted = data.replace(/.{64}/g, '$&\n');
if (data.length & 63)
formatted += '\n';
return `-----BEGIN ${type} KEY-----\n${formatted}-----END ${type} KEY-----`;
}
function combineBuffers(buf1, buf2) {
const result = Buffer.allocUnsafe(buf1.length + buf2.length);
result.set(buf1, 0);
result.set(buf2, buf1.length);
return result;
}
function skipFields(buf, nfields) {
const bufLen = buf.length;
let pos = (buf._pos || 0);
for (let i = 0; i < nfields; ++i) {
const left = (bufLen - pos);
if (pos >= bufLen || left < 4)
return false;
const len = readUInt32BE(buf, pos);
if (left < 4 + len)
return false;
pos += 4 + len;
}
buf._pos = pos;
return true;
}
function genOpenSSLRSAPub(n, e) {
const asnWriter = new Ber.Writer();
asnWriter.startSequence();
// algorithm
asnWriter.startSequence();
asnWriter.writeOID('1.2.840.113549.1.1.1'); // rsaEncryption
// algorithm parameters (RSA has none)
asnWriter.writeNull();
asnWriter.endSequence();
// subjectPublicKey
asnWriter.startSequence(Ber.BitString);
asnWriter.writeByte(0x00);
asnWriter.startSequence();
asnWriter.writeBuffer(n, Ber.Integer);
asnWriter.writeBuffer(e, Ber.Integer);
asnWriter.endSequence();
asnWriter.endSequence();
asnWriter.endSequence();
return makePEM('PUBLIC', asnWriter.buffer);
}
function genOpenSSHRSAPub(n, e) {
const publicKey = Buffer.allocUnsafe(4 + 7 + 4 + e.length + 4 + n.length);
writeUInt32BE(publicKey, 7, 0);
publicKey.utf8Write('ssh-rsa', 4, 7);
let i = 4 + 7;
writeUInt32BE(publicKey, e.length, i);
publicKey.set(e, i += 4);
writeUInt32BE(publicKey, n.length, i += e.length);
publicKey.set(n, i + 4);
return publicKey;
}
const genOpenSSLRSAPriv = (() => {
function genRSAASN1Buf(n, e, d, p, q, dmp1, dmq1, iqmp) {
const asnWriter = new Ber.Writer();
asnWriter.startSequence();
asnWriter.writeInt(0x00, Ber.Integer);
asnWriter.writeBuffer(n, Ber.Integer);
asnWriter.writeBuffer(e, Ber.Integer);
asnWriter.writeBuffer(d, Ber.Integer);
asnWriter.writeBuffer(p, Ber.Integer);
asnWriter.writeBuffer(q, Ber.Integer);
asnWriter.writeBuffer(dmp1, Ber.Integer);
asnWriter.writeBuffer(dmq1, Ber.Integer);
asnWriter.writeBuffer(iqmp, Ber.Integer);
asnWriter.endSequence();
return asnWriter.buffer;
}
function bigIntFromBuffer(buf) {
return BigInt(`0x${buf.hexSlice(0, buf.length)}`);
}
function bigIntToBuffer(bn) {
let hex = bn.toString(16);
if ((hex.length & 1) !== 0) {
hex = `0${hex}`;
} else {
const sigbit = hex.charCodeAt(0);
// BER/DER integers require leading zero byte to denote a positive value
// when first byte >= 0x80
if (sigbit === 56/* '8' */
|| sigbit === 57/* '9' */
|| (sigbit >= 97/* 'a' */ && sigbit <= 102/* 'f' */)) {
hex = `00${hex}`;
}
}
return Buffer.from(hex, 'hex');
}
return function genOpenSSLRSAPriv(n, e, d, iqmp, p, q) {
const bn_d = bigIntFromBuffer(d);
const dmp1 = bigIntToBuffer(bn_d % (bigIntFromBuffer(p) - 1n));
const dmq1 = bigIntToBuffer(bn_d % (bigIntFromBuffer(q) - 1n));
return makePEM('RSA PRIVATE',
genRSAASN1Buf(n, e, d, p, q, dmp1, dmq1, iqmp));
};
})();
function genOpenSSLDSAPub(p, q, g, y) {
const asnWriter = new Ber.Writer();
asnWriter.startSequence();
// algorithm
asnWriter.startSequence();
asnWriter.writeOID('1.2.840.10040.4.1'); // id-dsa
// algorithm parameters
asnWriter.startSequence();
asnWriter.writeBuffer(p, Ber.Integer);
asnWriter.writeBuffer(q, Ber.Integer);
asnWriter.writeBuffer(g, Ber.Integer);
asnWriter.endSequence();
asnWriter.endSequence();
// subjectPublicKey
asnWriter.startSequence(Ber.BitString);
asnWriter.writeByte(0x00);
asnWriter.writeBuffer(y, Ber.Integer);
asnWriter.endSequence();
asnWriter.endSequence();
return makePEM('PUBLIC', asnWriter.buffer);
}
function genOpenSSHDSAPub(p, q, g, y) {
const publicKey = Buffer.allocUnsafe(
4 + 7 + 4 + p.length + 4 + q.length + 4 + g.length + 4 + y.length
);
writeUInt32BE(publicKey, 7, 0);
publicKey.utf8Write('ssh-dss', 4, 7);
let i = 4 + 7;
writeUInt32BE(publicKey, p.length, i);
publicKey.set(p, i += 4);
writeUInt32BE(publicKey, q.length, i += p.length);
publicKey.set(q, i += 4);
writeUInt32BE(publicKey, g.length, i += q.length);
publicKey.set(g, i += 4);
writeUInt32BE(publicKey, y.length, i += g.length);
publicKey.set(y, i + 4);
return publicKey;
}
function genOpenSSLDSAPriv(p, q, g, y, x) {
const asnWriter = new Ber.Writer();
asnWriter.startSequence();
asnWriter.writeInt(0x00, Ber.Integer);
asnWriter.writeBuffer(p, Ber.Integer);
asnWriter.writeBuffer(q, Ber.Integer);
asnWriter.writeBuffer(g, Ber.Integer);
asnWriter.writeBuffer(y, Ber.Integer);
asnWriter.writeBuffer(x, Ber.Integer);
asnWriter.endSequence();
return makePEM('DSA PRIVATE', asnWriter.buffer);
}
function genOpenSSLEdPub(pub) {
const asnWriter = new Ber.Writer();
asnWriter.startSequence();
// algorithm
asnWriter.startSequence();
asnWriter.writeOID('1.3.101.112'); // id-Ed25519
asnWriter.endSequence();
// PublicKey
asnWriter.startSequence(Ber.BitString);
asnWriter.writeByte(0x00);
// XXX: hack to write a raw buffer without a tag -- yuck
asnWriter._ensure(pub.length);
asnWriter._buf.set(pub, asnWriter._offset);
asnWriter._offset += pub.length;
asnWriter.endSequence();
asnWriter.endSequence();
return makePEM('PUBLIC', asnWriter.buffer);
}
function genOpenSSHEdPub(pub) {
const publicKey = Buffer.allocUnsafe(4 + 11 + 4 + pub.length);
writeUInt32BE(publicKey, 11, 0);
publicKey.utf8Write('ssh-ed25519', 4, 11);
writeUInt32BE(publicKey, pub.length, 15);
publicKey.set(pub, 19);
return publicKey;
}
function genOpenSSLEdPriv(priv) {
const asnWriter = new Ber.Writer();
asnWriter.startSequence();
// version
asnWriter.writeInt(0x00, Ber.Integer);
// algorithm
asnWriter.startSequence();
asnWriter.writeOID('1.3.101.112'); // id-Ed25519
asnWriter.endSequence();
// PrivateKey
asnWriter.startSequence(Ber.OctetString);
asnWriter.writeBuffer(priv, Ber.OctetString);
asnWriter.endSequence();
asnWriter.endSequence();
return makePEM('PRIVATE', asnWriter.buffer);
}
function genOpenSSLECDSAPub(oid, Q) {
const asnWriter = new Ber.Writer();
asnWriter.startSequence();
// algorithm
asnWriter.startSequence();
asnWriter.writeOID('1.2.840.10045.2.1'); // id-ecPublicKey
// algorithm parameters (namedCurve)
asnWriter.writeOID(oid);
asnWriter.endSequence();
// subjectPublicKey
asnWriter.startSequence(Ber.BitString);
asnWriter.writeByte(0x00);
// XXX: hack to write a raw buffer without a tag -- yuck
asnWriter._ensure(Q.length);
asnWriter._buf.set(Q, asnWriter._offset);
asnWriter._offset += Q.length;
// end hack
asnWriter.endSequence();
asnWriter.endSequence();
return makePEM('PUBLIC', asnWriter.buffer);
}
function genOpenSSHECDSAPub(oid, Q) {
let curveName;
switch (oid) {
case '1.2.840.10045.3.1.7':
// prime256v1/secp256r1
curveName = 'nistp256';
break;
case '1.3.132.0.34':
// secp384r1
curveName = 'nistp384';
break;
case '1.3.132.0.35':
// secp521r1
curveName = 'nistp521';
break;
default:
return;
}
const publicKey = Buffer.allocUnsafe(4 + 19 + 4 + 8 + 4 + Q.length);
writeUInt32BE(publicKey, 19, 0);
publicKey.utf8Write(`ecdsa-sha2-${curveName}`, 4, 19);
writeUInt32BE(publicKey, 8, 23);
publicKey.utf8Write(curveName, 27, 8);
writeUInt32BE(publicKey, Q.length, 35);
publicKey.set(Q, 39);
return publicKey;
}
function genOpenSSLECDSAPriv(oid, pub, priv) {
const asnWriter = new Ber.Writer();
asnWriter.startSequence();
// version
asnWriter.writeInt(0x01, Ber.Integer);
// privateKey
asnWriter.writeBuffer(priv, Ber.OctetString);
// parameters (optional)
asnWriter.startSequence(0xA0);
asnWriter.writeOID(oid);
asnWriter.endSequence();
// publicKey (optional)
asnWriter.startSequence(0xA1);
asnWriter.startSequence(Ber.BitString);
asnWriter.writeByte(0x00);
// XXX: hack to write a raw buffer without a tag -- yuck
asnWriter._ensure(pub.length);
asnWriter._buf.set(pub, asnWriter._offset);
asnWriter._offset += pub.length;
// end hack
asnWriter.endSequence();
asnWriter.endSequence();
asnWriter.endSequence();
return makePEM('EC PRIVATE', asnWriter.buffer);
}
function genOpenSSLECDSAPubFromPriv(curveName, priv) {
const tempECDH = createECDH(curveName);
tempECDH.setPrivateKey(priv);
return tempECDH.getPublicKey();
}
const BaseKey = {
sign: (() => {
if (typeof sign_ === 'function') {
return function sign(data, algo) {
const pem = this[SYM_PRIV_PEM];
if (pem === null)
return new Error('No private key available');
if (!algo || typeof algo !== 'string')
algo = this[SYM_HASH_ALGO];
try {
return sign_(algo, data, pem);
} catch (ex) {
return ex;
}
};
}
return function sign(data, algo) {
const pem = this[SYM_PRIV_PEM];
if (pem === null)
return new Error('No private key available');
if (!algo || typeof algo !== 'string')
algo = this[SYM_HASH_ALGO];
const signature = createSign(algo);
signature.update(data);
try {
return signature.sign(pem);
} catch (ex) {
return ex;
}
};
})(),
verify: (() => {
if (typeof verify_ === 'function') {
return function verify(data, signature, algo) {
const pem = this[SYM_PUB_PEM];
if (pem === null)
return new Error('No public key available');
if (!algo || typeof algo !== 'string')
algo = this[SYM_HASH_ALGO];
try {
return verify_(algo, data, pem, signature);
} catch (ex) {
return ex;
}
};
}
return function verify(data, signature, algo) {
const pem = this[SYM_PUB_PEM];
if (pem === null)
return new Error('No public key available');
if (!algo || typeof algo !== 'string')
algo = this[SYM_HASH_ALGO];
const verifier = createVerify(algo);
verifier.update(data);
try {
return verifier.verify(pem, signature);
} catch (ex) {
return ex;
}
};
})(),
isPrivateKey: function isPrivateKey() {
return (this[SYM_PRIV_PEM] !== null);
},
getPrivatePEM: function getPrivatePEM() {
return this[SYM_PRIV_PEM];
},
getPublicPEM: function getPublicPEM() {
return this[SYM_PUB_PEM];
},
getPublicSSH: function getPublicSSH() {
return this[SYM_PUB_SSH];
},
equals: function equals(key) {
const parsed = parseKey(key);
if (parsed instanceof Error)
return false;
return (
this.type === parsed.type
&& this[SYM_PRIV_PEM] === parsed[SYM_PRIV_PEM]
&& this[SYM_PUB_PEM] === parsed[SYM_PUB_PEM]
&& this[SYM_PUB_SSH] === parsed[SYM_PUB_SSH]
);
},
};
function OpenSSH_Private(type, comment, privPEM, pubPEM, pubSSH, algo,
decrypted) {
this.type = type;
this.comment = comment;
this[SYM_PRIV_PEM] = privPEM;
this[SYM_PUB_PEM] = pubPEM;
this[SYM_PUB_SSH] = pubSSH;
this[SYM_HASH_ALGO] = algo;
this[SYM_DECRYPTED] = decrypted;
}
OpenSSH_Private.prototype = BaseKey;
{
const regexp = /^-----BEGIN OPENSSH PRIVATE KEY-----(?:\r\n|\n)([\s\S]+)(?:\r\n|\n)-----END OPENSSH PRIVATE KEY-----$/;
OpenSSH_Private.parse = (str, passphrase) => {
const m = regexp.exec(str);
if (m === null)
return null;
let ret;
const data = Buffer.from(m[1], 'base64');
if (data.length < 31) // magic (+ magic null term.) + minimum field lengths
return new Error('Malformed OpenSSH private key');
const magic = data.utf8Slice(0, 15);
if (magic !== 'openssh-key-v1\0')
return new Error(`Unsupported OpenSSH key magic: ${magic}`);
const cipherName = readString(data, 15, true);
if (cipherName === undefined)
return new Error('Malformed OpenSSH private key');
if (cipherName !== 'none' && SUPPORTED_CIPHER.indexOf(cipherName) === -1)
return new Error(`Unsupported cipher for OpenSSH key: ${cipherName}`);
const kdfName = readString(data, data._pos, true);
if (kdfName === undefined)
return new Error('Malformed OpenSSH private key');
if (kdfName !== 'none') {
if (cipherName === 'none')
return new Error('Malformed OpenSSH private key');
if (kdfName !== 'bcrypt')
return new Error(`Unsupported kdf name for OpenSSH key: ${kdfName}`);
if (!passphrase) {
return new Error(
'Encrypted private OpenSSH key detected, but no passphrase given'
);
}
} else if (cipherName !== 'none') {
return new Error('Malformed OpenSSH private key');
}
let encInfo;
let cipherKey;
let cipherIV;
if (cipherName !== 'none')
encInfo = CIPHER_INFO[cipherName];
const kdfOptions = readString(data, data._pos);
if (kdfOptions === undefined)
return new Error('Malformed OpenSSH private key');
if (kdfOptions.length) {
switch (kdfName) {
case 'none':
return new Error('Malformed OpenSSH private key');
case 'bcrypt':
/*
string salt
uint32 rounds
*/
const salt = readString(kdfOptions, 0);
if (salt === undefined || kdfOptions._pos + 4 > kdfOptions.length)
return new Error('Malformed OpenSSH private key');
const rounds = readUInt32BE(kdfOptions, kdfOptions._pos);
const gen = Buffer.allocUnsafe(encInfo.keyLen + encInfo.ivLen);
const r = bcrypt_pbkdf(passphrase,
passphrase.length,
salt,
salt.length,
gen,
gen.length,
rounds);
if (r !== 0)
return new Error('Failed to generate information to decrypt key');
cipherKey = bufferSlice(gen, 0, encInfo.keyLen);
cipherIV = bufferSlice(gen, encInfo.keyLen, gen.length);
break;
}
} else if (kdfName !== 'none') {
return new Error('Malformed OpenSSH private key');
}
if (data._pos + 3 >= data.length)
return new Error('Malformed OpenSSH private key');
const keyCount = readUInt32BE(data, data._pos);
data._pos += 4;
if (keyCount > 0) {
// TODO: place sensible limit on max `keyCount`
// Read public keys first
for (let i = 0; i < keyCount; ++i) {
const pubData = readString(data, data._pos);
if (pubData === undefined)
return new Error('Malformed OpenSSH private key');
const type = readString(pubData, 0, true);
if (type === undefined)
return new Error('Malformed OpenSSH private key');
}
let privBlob = readString(data, data._pos);
if (privBlob === undefined)
return new Error('Malformed OpenSSH private key');
if (cipherKey !== undefined) {
// Encrypted private key(s)
if (privBlob.length < encInfo.blockLen
|| (privBlob.length % encInfo.blockLen) !== 0) {
return new Error('Malformed OpenSSH private key');
}
try {
const options = { authTagLength: encInfo.authLen };
const decipher = createDecipheriv(encInfo.sslName,
cipherKey,
cipherIV,
options);
if (encInfo.authLen > 0) {
if (data.length - data._pos < encInfo.authLen)
return new Error('Malformed OpenSSH private key');
decipher.setAuthTag(
bufferSlice(data, data._pos, data._pos += encInfo.authLen)
);
}
privBlob = combineBuffers(decipher.update(privBlob),
decipher.final());
} catch (ex) {
return ex;
}
}
// Nothing should we follow the private key(s), except a possible
// authentication tag for relevant ciphers
if (data._pos !== data.length)
return new Error('Malformed OpenSSH private key');
ret = parseOpenSSHPrivKeys(privBlob, keyCount, cipherKey !== undefined);
} else {
ret = [];
}
if (ret instanceof Error)
return ret;
// This will need to change if/when OpenSSH ever starts storing multiple
// keys in their key files
return ret[0];
};
function parseOpenSSHPrivKeys(data, nkeys, decrypted) {
const keys = [];
/*
uint32 checkint
uint32 checkint
string privatekey1
string comment1
string privatekey2
string comment2
...
string privatekeyN
string commentN
char 1
char 2
char 3
...
char padlen % 255
*/
if (data.length < 8)
return new Error('Malformed OpenSSH private key');
const check1 = readUInt32BE(data, 0);
const check2 = readUInt32BE(data, 4);
if (check1 !== check2) {
if (decrypted) {
return new Error(
'OpenSSH key integrity check failed -- bad passphrase?'
);
}
return new Error('OpenSSH key integrity check failed');
}
data._pos = 8;
let i;
let oid;
for (i = 0; i < nkeys; ++i) {
let algo;
let privPEM;
let pubPEM;
let pubSSH;
// The OpenSSH documentation for the key format actually lies, the
// entirety of the private key content is not contained with a string
// field, it's actually the literal contents of the private key, so to be
// able to find the end of the key data you need to know the layout/format
// of each key type ...
const type = readString(data, data._pos, true);
if (type === undefined)
return new Error('Malformed OpenSSH private key');
switch (type) {
case 'ssh-rsa': {
/*
string n -- public
string e -- public
string d -- private
string iqmp -- private
string p -- private
string q -- private
*/
const n = readString(data, data._pos);
if (n === undefined)
return new Error('Malformed OpenSSH private key');
const e = readString(data, data._pos);
if (e === undefined)
return new Error('Malformed OpenSSH private key');
const d = readString(data, data._pos);
if (d === undefined)
return new Error('Malformed OpenSSH private key');
const iqmp = readString(data, data._pos);
if (iqmp === undefined)
return new Error('Malformed OpenSSH private key');
const p = readString(data, data._pos);
if (p === undefined)
return new Error('Malformed OpenSSH private key');
const q = readString(data, data._pos);
if (q === undefined)
return new Error('Malformed OpenSSH private key');
pubPEM = genOpenSSLRSAPub(n, e);
pubSSH = genOpenSSHRSAPub(n, e);
privPEM = genOpenSSLRSAPriv(n, e, d, iqmp, p, q);
algo = 'sha1';
break;
}
case 'ssh-dss': {
/*
string p -- public
string q -- public
string g -- public
string y -- public
string x -- private
*/
const p = readString(data, data._pos);
if (p === undefined)
return new Error('Malformed OpenSSH private key');
const q = readString(data, data._pos);
if (q === undefined)
return new Error('Malformed OpenSSH private key');
const g = readString(data, data._pos);
if (g === undefined)
return new Error('Malformed OpenSSH private key');
const y = readString(data, data._pos);
if (y === undefined)
return new Error('Malformed OpenSSH private key');
const x = readString(data, data._pos);
if (x === undefined)
return new Error('Malformed OpenSSH private key');
pubPEM = genOpenSSLDSAPub(p, q, g, y);
pubSSH = genOpenSSHDSAPub(p, q, g, y);
privPEM = genOpenSSLDSAPriv(p, q, g, y, x);
algo = 'sha1';
break;
}
case 'ssh-ed25519': {
if (!eddsaSupported)
return new Error(`Unsupported OpenSSH private key type: ${type}`);
/*
* string public key
* string private key + public key
*/
const edpub = readString(data, data._pos);
if (edpub === undefined || edpub.length !== 32)
return new Error('Malformed OpenSSH private key');
const edpriv = readString(data, data._pos);
if (edpriv === undefined || edpriv.length !== 64)
return new Error('Malformed OpenSSH private key');
pubPEM = genOpenSSLEdPub(edpub);
pubSSH = genOpenSSHEdPub(edpub);
privPEM = genOpenSSLEdPriv(bufferSlice(edpriv, 0, 32));
algo = null;
break;
}
case 'ecdsa-sha2-nistp256':
algo = 'sha256';
oid = '1.2.840.10045.3.1.7';
// FALLTHROUGH
case 'ecdsa-sha2-nistp384':
if (algo === undefined) {
algo = 'sha384';
oid = '1.3.132.0.34';
}
// FALLTHROUGH
case 'ecdsa-sha2-nistp521': {
if (algo === undefined) {
algo = 'sha512';
oid = '1.3.132.0.35';
}
/*
string curve name
string Q -- public
string d -- private
*/
// TODO: validate curve name against type
if (!skipFields(data, 1)) // Skip curve name
return new Error('Malformed OpenSSH private key');
const ecpub = readString(data, data._pos);
if (ecpub === undefined)
return new Error('Malformed OpenSSH private key');
const ecpriv = readString(data, data._pos);
if (ecpriv === undefined)
return new Error('Malformed OpenSSH private key');
pubPEM = genOpenSSLECDSAPub(oid, ecpub);
pubSSH = genOpenSSHECDSAPub(oid, ecpub);
privPEM = genOpenSSLECDSAPriv(oid, ecpub, ecpriv);
break;
}
default:
return new Error(`Unsupported OpenSSH private key type: ${type}`);
}
const privComment = readString(data, data._pos, true);
if (privComment === undefined)
return new Error('Malformed OpenSSH private key');
keys.push(
new OpenSSH_Private(type, privComment, privPEM, pubPEM, pubSSH, algo,
decrypted)
);
}
let cnt = 0;
for (i = data._pos; i < data.length; ++i) {
if (data[i] !== (++cnt % 255))
return new Error('Malformed OpenSSH private key');
}
return keys;
}
}
function OpenSSH_Old_Private(type, comment, privPEM, pubPEM, pubSSH, algo,
decrypted) {
this.type = type;
this.comment = comment;
this[SYM_PRIV_PEM] = privPEM;
this[SYM_PUB_PEM] = pubPEM;
this[SYM_PUB_SSH] = pubSSH;
this[SYM_HASH_ALGO] = algo;
this[SYM_DECRYPTED] = decrypted;
}
OpenSSH_Old_Private.prototype = BaseKey;
{
const regexp = /^-----BEGIN (RSA|DSA|EC) PRIVATE KEY-----(?:\r\n|\n)((?:[^:]+:\s*[\S].*(?:\r\n|\n))*)([\s\S]+)(?:\r\n|\n)-----END (RSA|DSA|EC) PRIVATE KEY-----$/;
OpenSSH_Old_Private.parse = (str, passphrase) => {
const m = regexp.exec(str);
if (m === null)
return null;
let privBlob = Buffer.from(m[3], 'base64');
let headers = m[2];
let decrypted = false;
if (headers !== undefined) {
// encrypted key
headers = headers.split(/\r\n|\n/g);
for (let i = 0; i < headers.length; ++i) {
const header = headers[i];
let sepIdx = header.indexOf(':');
if (header.slice(0, sepIdx) === 'DEK-Info') {
const val = header.slice(sepIdx + 2);
sepIdx = val.indexOf(',');
if (sepIdx === -1)
continue;
const cipherName = val.slice(0, sepIdx).toLowerCase();
if (supportedOpenSSLCiphers.indexOf(cipherName) === -1) {
return new Error(
`Cipher (${cipherName}) not supported `
+ 'for encrypted OpenSSH private key'
);
}
const encInfo = CIPHER_INFO_OPENSSL[cipherName];
if (!encInfo) {
return new Error(
`Cipher (${cipherName}) not supported `
+ 'for encrypted OpenSSH private key'
);
}
const cipherIV = Buffer.from(val.slice(sepIdx + 1), 'hex');
if (cipherIV.length !== encInfo.ivLen)
return new Error('Malformed encrypted OpenSSH private key');
if (!passphrase) {
return new Error(
'Encrypted OpenSSH private key detected, but no passphrase given'
);
}
const ivSlice = bufferSlice(cipherIV, 0, 8);
let cipherKey = createHash('md5')
.update(passphrase)
.update(ivSlice)
.digest();
while (cipherKey.length < encInfo.keyLen) {
cipherKey = combineBuffers(
cipherKey,
createHash('md5')
.update(cipherKey)
.update(passphrase)
.update(ivSlice)
.digest()
);
}
if (cipherKey.length > encInfo.keyLen)
cipherKey = bufferSlice(cipherKey, 0, encInfo.keyLen);
try {
const decipher = createDecipheriv(cipherName, cipherKey, cipherIV);
decipher.setAutoPadding(false);
privBlob = combineBuffers(decipher.update(privBlob),
decipher.final());
decrypted = true;
} catch (ex) {
return ex;
}
}
}
}
let type;
let privPEM;
let pubPEM;
let pubSSH;
let algo;
let reader;
let errMsg = 'Malformed OpenSSH private key';
if (decrypted)
errMsg += '. Bad passphrase?';
switch (m[1]) {
case 'RSA':
type = 'ssh-rsa';
privPEM = makePEM('RSA PRIVATE', privBlob);
try {
reader = new Ber.Reader(privBlob);
reader.readSequence();
reader.readInt(); // skip version
const n = reader.readString(Ber.Integer, true);
if (n === null)
return new Error(errMsg);
const e = reader.readString(Ber.Integer, true);
if (e === null)
return new Error(errMsg);
pubPEM = genOpenSSLRSAPub(n, e);
pubSSH = genOpenSSHRSAPub(n, e);
} catch {
return new Error(errMsg);
}
algo = 'sha1';
break;
case 'DSA':
type = 'ssh-dss';
privPEM = makePEM('DSA PRIVATE', privBlob);
try {
reader = new Ber.Reader(privBlob);
reader.readSequence();
reader.readInt(); // skip version
const p = reader.readString(Ber.Integer, true);
if (p === null)
return new Error(errMsg);
const q = reader.readString(Ber.Integer, true);
if (q === null)
return new Error(errMsg);
const g = reader.readString(Ber.Integer, true);
if (g === null)
return new Error(errMsg);
const y = reader.readString(Ber.Integer, true);
if (y === null)
return new Error(errMsg);
pubPEM = genOpenSSLDSAPub(p, q, g, y);
pubSSH = genOpenSSHDSAPub(p, q, g, y);
} catch {
return new Error(errMsg);
}
algo = 'sha1';
break;
case 'EC':
let ecSSLName;
let ecPriv;
let ecOID;
try {
reader = new Ber.Reader(privBlob);
reader.readSequence();
reader.readInt(); // skip version
ecPriv = reader.readString(Ber.OctetString, true);
reader.readByte(); // Skip "complex" context type byte
const offset = reader.readLength(); // Skip context length
if (offset !== null) {
reader._offset = offset;
ecOID = reader.readOID();
if (ecOID === null)
return new Error(errMsg);
switch (ecOID) {
case '1.2.840.10045.3.1.7':
// prime256v1/secp256r1
ecSSLName = 'prime256v1';
type = 'ecdsa-sha2-nistp256';
algo = 'sha256';
break;
case '1.3.132.0.34':
// secp384r1
ecSSLName = 'secp384r1';
type = 'ecdsa-sha2-nistp384';
algo = 'sha384';
break;
case '1.3.132.0.35':
// secp521r1
ecSSLName = 'secp521r1';
type = 'ecdsa-sha2-nistp521';
algo = 'sha512';
break;
default:
return new Error(`Unsupported private key EC OID: ${ecOID}`);
}
} else {
return new Error(errMsg);
}
} catch {
return new Error(errMsg);
}
privPEM = makePEM('EC PRIVATE', privBlob);
const pubBlob = genOpenSSLECDSAPubFromPriv(ecSSLName, ecPriv);
pubPEM = genOpenSSLECDSAPub(ecOID, pubBlob);
pubSSH = genOpenSSHECDSAPub(ecOID, pubBlob);
break;
}
return new OpenSSH_Old_Private(type, '', privPEM, pubPEM, pubSSH, algo,
decrypted);
};
}
function PPK_Private(type, comment, privPEM, pubPEM, pubSSH, algo, decrypted) {
this.type = type;
this.comment = comment;
this[SYM_PRIV_PEM] = privPEM;
this[SYM_PUB_PEM] = pubPEM;
this[SYM_PUB_SSH] = pubSSH;
this[SYM_HASH_ALGO] = algo;
this[SYM_DECRYPTED] = decrypted;
}
PPK_Private.prototype = BaseKey;
{
const EMPTY_PASSPHRASE = Buffer.alloc(0);
const PPK_IV = Buffer.from([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
const PPK_PP1 = Buffer.from([0, 0, 0, 0]);
const PPK_PP2 = Buffer.from([0, 0, 0, 1]);
const regexp = /^PuTTY-User-Key-File-2: (ssh-(?:rsa|dss))\r?\nEncryption: (aes256-cbc|none)\r?\nComment: ([^\r\n]*)\r?\nPublic-Lines: \d+\r?\n([\s\S]+?)\r?\nPrivate-Lines: \d+\r?\n([\s\S]+?)\r?\nPrivate-MAC: ([^\r\n]+)/;
PPK_Private.parse = (str, passphrase) => {
const m = regexp.exec(str);
if (m === null)
return null;
// m[1] = key type
// m[2] = encryption type
// m[3] = comment
// m[4] = base64-encoded public key data:
// for "ssh-rsa":
// string "ssh-rsa"
// mpint e (public exponent)
// mpint n (modulus)
// for "ssh-dss":
// string "ssh-dss"
// mpint p (modulus)
// mpint q (prime)
// mpint g (base number)
// mpint y (public key parameter: g^x mod p)
// m[5] = base64-encoded private key data:
// for "ssh-rsa":
// mpint d (private exponent)
// mpint p (prime 1)
// mpint q (prime 2)
// mpint iqmp ([inverse of q] mod p)
// for "ssh-dss":
// mpint x (private key parameter)
// m[6] = SHA1 HMAC over:
// string name of algorithm ("ssh-dss", "ssh-rsa")
// string encryption type
// string comment
// string public key data
// string private-plaintext (including the final padding)
const cipherName = m[2];
const encrypted = (cipherName !== 'none');
if (encrypted && !passphrase) {
return new Error(
'Encrypted PPK private key detected, but no passphrase given'
);
}
let privBlob = Buffer.from(m[5], 'base64');
if (encrypted) {
const encInfo = CIPHER_INFO[cipherName];
let cipherKey = combineBuffers(
createHash('sha1').update(PPK_PP1).update(passphrase).digest(),
createHash('sha1').update(PPK_PP2).update(passphrase).digest()
);
if (cipherKey.length > encInfo.keyLen)
cipherKey = bufferSlice(cipherKey, 0, encInfo.keyLen);
try {
const decipher = createDecipheriv(encInfo.sslName,
cipherKey,
PPK_IV);
decipher.setAutoPadding(false);
privBlob = combineBuffers(decipher.update(privBlob),
decipher.final());
} catch (ex) {
return ex;
}
}
const type = m[1];
const comment = m[3];
const pubBlob = Buffer.from(m[4], 'base64');
const mac = m[6];
const typeLen = type.length;
const cipherNameLen = cipherName.length;
const commentLen = Buffer.byteLength(comment);
const pubLen = pubBlob.length;
const privLen = privBlob.length;
const macData = Buffer.allocUnsafe(4 + typeLen
+ 4 + cipherNameLen
+ 4 + commentLen
+ 4 + pubLen
+ 4 + privLen);
let p = 0;
writeUInt32BE(macData, typeLen, p);
macData.utf8Write(type, p += 4, typeLen);
writeUInt32BE(macData, cipherNameLen, p += typeLen);
macData.utf8Write(cipherName, p += 4, cipherNameLen);
writeUInt32BE(macData, commentLen, p += cipherNameLen);
macData.utf8Write(comment, p += 4, commentLen);
writeUInt32BE(macData, pubLen, p += commentLen);
macData.set(pubBlob, p += 4);
writeUInt32BE(macData, privLen, p += pubLen);
macData.set(privBlob, p + 4);
if (!passphrase)
passphrase = EMPTY_PASSPHRASE;
const calcMAC = createHmac(
'sha1',
createHash('sha1')
.update('putty-private-key-file-mac-key')
.update(passphrase)
.digest()
).update(macData).digest('hex');
if (calcMAC !== mac) {
if (encrypted) {
return new Error(
'PPK private key integrity check failed -- bad passphrase?'
);
}
return new Error('PPK private key integrity check failed');
}
let pubPEM;
let pubSSH;
let privPEM;
pubBlob._pos = 0;
skipFields(pubBlob, 1); // skip (duplicate) key type
switch (type) {
case 'ssh-rsa': {
const e = readString(pubBlob, pubBlob._pos);
if (e === undefined)
return new Error('Malformed PPK public key');
const n = readString(pubBlob, pubBlob._pos);
if (n === undefined)
return new Error('Malformed PPK public key');
const d = readString(privBlob, 0);
if (d === undefined)
return new Error('Malformed PPK private key');
const p = readString(privBlob, privBlob._pos);
if (p === undefined)
return new Error('Malformed PPK private key');
const q = readString(privBlob, privBlob._pos);
if (q === undefined)
return new Error('Malformed PPK private key');
const iqmp = readString(privBlob, privBlob._pos);
if (iqmp === undefined)
return new Error('Malformed PPK private key');
pubPEM = genOpenSSLRSAPub(n, e);
pubSSH = genOpenSSHRSAPub(n, e);
privPEM = genOpenSSLRSAPriv(n, e, d, iqmp, p, q);
break;
}
case 'ssh-dss': {
const p = readString(pubBlob, pubBlob._pos);
if (p === undefined)
return new Error('Malformed PPK public key');
const q = readString(pubBlob, pubBlob._pos);
if (q === undefined)
return new Error('Malformed PPK public key');
const g = readString(pubBlob, pubBlob._pos);
if (g === undefined)
return new Error('Malformed PPK public key');
const y = readString(pubBlob, pubBlob._pos);
if (y === undefined)
return new Error('Malformed PPK public key');
const x = readString(privBlob, 0);
if (x === undefined)
return new Error('Malformed PPK private key');
pubPEM = genOpenSSLDSAPub(p, q, g, y);
pubSSH = genOpenSSHDSAPub(p, q, g, y);
privPEM = genOpenSSLDSAPriv(p, q, g, y, x);
break;
}
}
return new PPK_Private(type, comment, privPEM, pubPEM, pubSSH, 'sha1',
encrypted);
};
}
function OpenSSH_Public(type, comment, pubPEM, pubSSH, algo) {
this.type = type;
this.comment = comment;
this[SYM_PRIV_PEM] = null;
this[SYM_PUB_PEM] = pubPEM;
this[SYM_PUB_SSH] = pubSSH;
this[SYM_HASH_ALGO] = algo;
this[SYM_DECRYPTED] = false;
}
OpenSSH_Public.prototype = BaseKey;
{
let regexp;
if (eddsaSupported)
regexp = /^(((?:ssh-(?:rsa|dss|ed25519))|ecdsa-sha2-nistp(?:256|384|521))(?:-cert-v0[01]@openssh.com)?) ([A-Z0-9a-z/+=]+)(?:$|\s+([\S].*)?)$/;
else
regexp = /^(((?:ssh-(?:rsa|dss))|ecdsa-sha2-nistp(?:256|384|521))(?:-cert-v0[01]@openssh.com)?) ([A-Z0-9a-z/+=]+)(?:$|\s+([\S].*)?)$/;
OpenSSH_Public.parse = (str) => {
const m = regexp.exec(str);
if (m === null)
return null;
// m[1] = full type
// m[2] = base type
// m[3] = base64-encoded public key
// m[4] = comment
const fullType = m[1];
const baseType = m[2];
const data = Buffer.from(m[3], 'base64');
const comment = (m[4] || '');
const type = readString(data, data._pos, true);
if (type === undefined || type.indexOf(baseType) !== 0)
return new Error('Malformed OpenSSH public key');
return parseDER(data, baseType, comment, fullType);
};
}
function RFC4716_Public(type, comment, pubPEM, pubSSH, algo) {
this.type = type;
this.comment = comment;
this[SYM_PRIV_PEM] = null;
this[SYM_PUB_PEM] = pubPEM;
this[SYM_PUB_SSH] = pubSSH;
this[SYM_HASH_ALGO] = algo;
this[SYM_DECRYPTED] = false;
}
RFC4716_Public.prototype = BaseKey;
{
const regexp = /^---- BEGIN SSH2 PUBLIC KEY ----(?:\r?\n)((?:.{0,72}\r?\n)+)---- END SSH2 PUBLIC KEY ----$/;
const RE_DATA = /^[A-Z0-9a-z/+=\r\n]+$/;
const RE_HEADER = /^([\x21-\x39\x3B-\x7E]{1,64}): ((?:[^\\]*\\\r?\n)*[^\r\n]+)\r?\n/gm;
const RE_HEADER_ENDS = /\\\r?\n/g;
RFC4716_Public.parse = (str) => {
let m = regexp.exec(str);
if (m === null)
return null;
const body = m[1];
let dataStart = 0;
let comment = '';
while (m = RE_HEADER.exec(body)) {
const headerName = m[1];
const headerValue = m[2].replace(RE_HEADER_ENDS, '');
if (headerValue.length > 1024) {
RE_HEADER.lastIndex = 0;
return new Error('Malformed RFC4716 public key');
}
dataStart = RE_HEADER.lastIndex;
if (headerName.toLowerCase() === 'comment') {
comment = headerValue;
if (comment.length > 1
&& comment.charCodeAt(0) === 34/* '"' */
&& comment.charCodeAt(comment.length - 1) === 34/* '"' */) {
comment = comment.slice(1, -1);
}
}
}
let data = body.slice(dataStart);
if (!RE_DATA.test(data))
return new Error('Malformed RFC4716 public key');
data = Buffer.from(data, 'base64');
const type = readString(data, 0, true);
if (type === undefined)
return new Error('Malformed RFC4716 public key');
let pubPEM = null;
let pubSSH = null;
switch (type) {
case 'ssh-rsa': {
const e = readString(data, data._pos);
if (e === undefined)
return new Error('Malformed RFC4716 public key');
const n = readString(data, data._pos);
if (n === undefined)
return new Error('Malformed RFC4716 public key');
pubPEM = genOpenSSLRSAPub(n, e);
pubSSH = genOpenSSHRSAPub(n, e);
break;
}
case 'ssh-dss': {
const p = readString(data, data._pos);
if (p === undefined)
return new Error('Malformed RFC4716 public key');
const q = readString(data, data._pos);
if (q === undefined)
return new Error('Malformed RFC4716 public key');
const g = readString(data, data._pos);
if (g === undefined)
return new Error('Malformed RFC4716 public key');
const y = readString(data, data._pos);
if (y === undefined)
return new Error('Malformed RFC4716 public key');
pubPEM = genOpenSSLDSAPub(p, q, g, y);
pubSSH = genOpenSSHDSAPub(p, q, g, y);
break;
}
default:
return new Error('Malformed RFC4716 public key');
}
return new RFC4716_Public(type, comment, pubPEM, pubSSH, 'sha1');
};
}
function parseDER(data, baseType, comment, fullType) {
if (!isSupportedKeyType(baseType))
return new Error(`Unsupported OpenSSH public key type: ${baseType}`);
let algo;
let oid;
let pubPEM = null;
let pubSSH = null;
switch (baseType) {
case 'ssh-rsa': {
const e = readString(data, data._pos || 0);
if (e === undefined)
return new Error('Malformed OpenSSH public key');
const n = readString(data, data._pos);
if (n === undefined)
return new Error('Malformed OpenSSH public key');
pubPEM = genOpenSSLRSAPub(n, e);
pubSSH = genOpenSSHRSAPub(n, e);
algo = 'sha1';
break;
}
case 'ssh-dss': {
const p = readString(data, data._pos || 0);
if (p === undefined)
return new Error('Malformed OpenSSH public key');
const q = readString(data, data._pos);
if (q === undefined)
return new Error('Malformed OpenSSH public key');
const g = readString(data, data._pos);
if (g === undefined)
return new Error('Malformed OpenSSH public key');
const y = readString(data, data._pos);
if (y === undefined)
return new Error('Malformed OpenSSH public key');
pubPEM = genOpenSSLDSAPub(p, q, g, y);
pubSSH = genOpenSSHDSAPub(p, q, g, y);
algo = 'sha1';
break;
}
case 'ssh-ed25519': {
const edpub = readString(data, data._pos || 0);
if (edpub === undefined || edpub.length !== 32)
return new Error('Malformed OpenSSH public key');
pubPEM = genOpenSSLEdPub(edpub);
pubSSH = genOpenSSHEdPub(edpub);
algo = null;
break;
}
case 'ecdsa-sha2-nistp256':
algo = 'sha256';
oid = '1.2.840.10045.3.1.7';
// FALLTHROUGH
case 'ecdsa-sha2-nistp384':
if (algo === undefined) {
algo = 'sha384';
oid = '1.3.132.0.34';
}
// FALLTHROUGH
case 'ecdsa-sha2-nistp521': {
if (algo === undefined) {
algo = 'sha512';
oid = '1.3.132.0.35';
}
// TODO: validate curve name against type
if (!skipFields(data, 1)) // Skip curve name
return new Error('Malformed OpenSSH public key');
const ecpub = readString(data, data._pos || 0);
if (ecpub === undefined)
return new Error('Malformed OpenSSH public key');
pubPEM = genOpenSSLECDSAPub(oid, ecpub);
pubSSH = genOpenSSHECDSAPub(oid, ecpub);
break;
}
default:
return new Error(`Unsupported OpenSSH public key type: ${baseType}`);
}
return new OpenSSH_Public(fullType, comment, pubPEM, pubSSH, algo);
}
function isSupportedKeyType(type) {
switch (type) {
case 'ssh-rsa':
case 'ssh-dss':
case 'ecdsa-sha2-nistp256':
case 'ecdsa-sha2-nistp384':
case 'ecdsa-sha2-nistp521':
return true;
case 'ssh-ed25519':
if (eddsaSupported)
return true;
// FALLTHROUGH
default:
return false;
}
}
function isParsedKey(val) {
if (!val)
return false;
return (typeof val[SYM_DECRYPTED] === 'boolean');
}
function parseKey(data, passphrase) {
if (isParsedKey(data))
return data;
let origBuffer;
if (Buffer.isBuffer(data)) {
origBuffer = data;
data = data.utf8Slice(0, data.length).trim();
} else if (typeof data === 'string') {
data = data.trim();
} else {
return new Error('Key data must be a Buffer or string');
}
// eslint-disable-next-line eqeqeq
if (passphrase != undefined) {
if (typeof passphrase === 'string')
passphrase = Buffer.from(passphrase);
else if (!Buffer.isBuffer(passphrase))
return new Error('Passphrase must be a string or Buffer when supplied');
}
let ret;
// First try as printable string format (e.g. PEM)
// Private keys
if ((ret = OpenSSH_Private.parse(data, passphrase)) !== null)
return ret;
if ((ret = OpenSSH_Old_Private.parse(data, passphrase)) !== null)
return ret;
if ((ret = PPK_Private.parse(data, passphrase)) !== null)
return ret;
// Public keys
if ((ret = OpenSSH_Public.parse(data)) !== null)
return ret;
if ((ret = RFC4716_Public.parse(data)) !== null)
return ret;
// Finally try as a binary format if we were originally passed binary data
if (origBuffer) {
binaryKeyParser.init(origBuffer, 0);
const type = binaryKeyParser.readString(true);
if (type !== undefined) {
data = binaryKeyParser.readRaw();
if (data !== undefined) {
ret = parseDER(data, type, '', type);
// Ignore potentially useless errors in case the data was not actually
// in the binary format
if (ret instanceof Error)
ret = null;
}
}
binaryKeyParser.clear();
}
if (ret)
return ret;
return new Error('Unsupported key format');
}
module.exports = {
isParsedKey,
isSupportedKeyType,
parseDERKey: (data, type) => parseDER(data, type, '', type),
parseKey,
};