Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Normal
Revision Log

source: trip-planner-front/node_modules/sshpk/lib/utils.js@ 6c1585f

Last change on this file since 6c1585f was 6a3a178, checked in by Ema <ema_spirova@…>, 3 years ago
initial commit
Property mode set to `100644`
File size: 9.6 KB

Rev	Line
[6a3a178]	1	// Copyright 2015 Joyent, Inc.
	2
	3	module.exports = {
	4	bufferSplit: bufferSplit,
	5	addRSAMissing: addRSAMissing,
	6	calculateDSAPublic: calculateDSAPublic,
	7	calculateED25519Public: calculateED25519Public,
	8	calculateX25519Public: calculateX25519Public,
	9	mpNormalize: mpNormalize,
	10	mpDenormalize: mpDenormalize,
	11	ecNormalize: ecNormalize,
	12	countZeros: countZeros,
	13	assertCompatible: assertCompatible,
	14	isCompatible: isCompatible,
	15	opensslKeyDeriv: opensslKeyDeriv,
	16	opensshCipherInfo: opensshCipherInfo,
	17	publicFromPrivateECDSA: publicFromPrivateECDSA,
	18	zeroPadToLength: zeroPadToLength,
	19	writeBitString: writeBitString,
	20	readBitString: readBitString,
	21	pbkdf2: pbkdf2
	22	};
	23
	24	var assert = require('assert-plus');
	25	var Buffer = require('safer-buffer').Buffer;
	26	var PrivateKey = require('./private-key');
	27	var Key = require('./key');
	28	var crypto = require('crypto');
	29	var algs = require('./algs');
	30	var asn1 = require('asn1');
	31
	32	var ec = require('ecc-jsbn/lib/ec');
	33	var jsbn = require('jsbn').BigInteger;
	34	var nacl = require('tweetnacl');
	35
	36	var MAX_CLASS_DEPTH = 3;
	37
	38	function isCompatible(obj, klass, needVer) {
	39	if (obj === null \|\| typeof (obj) !== 'object')
	40	return (false);
	41	if (needVer === undefined)
	42	needVer = klass.prototype._sshpkApiVersion;
	43	if (obj instanceof klass &&
	44	klass.prototype._sshpkApiVersion[0] == needVer[0])
	45	return (true);
	46	var proto = Object.getPrototypeOf(obj);
	47	var depth = 0;
	48	while (proto.constructor.name !== klass.name) {
	49	proto = Object.getPrototypeOf(proto);
	50	if (!proto \|\| ++depth > MAX_CLASS_DEPTH)
	51	return (false);
	52	}
	53	if (proto.constructor.name !== klass.name)
	54	return (false);
	55	var ver = proto._sshpkApiVersion;
	56	if (ver === undefined)
	57	ver = klass._oldVersionDetect(obj);
	58	if (ver[0] != needVer[0] \|\| ver[1] < needVer[1])
	59	return (false);
	60	return (true);
	61	}
	62
	63	function assertCompatible(obj, klass, needVer, name) {
	64	if (name === undefined)
	65	name = 'object';
	66	assert.ok(obj, name + ' must not be null');
	67	assert.object(obj, name + ' must be an object');
	68	if (needVer === undefined)
	69	needVer = klass.prototype._sshpkApiVersion;
	70	if (obj instanceof klass &&
	71	klass.prototype._sshpkApiVersion[0] == needVer[0])
	72	return;
	73	var proto = Object.getPrototypeOf(obj);
	74	var depth = 0;
	75	while (proto.constructor.name !== klass.name) {
	76	proto = Object.getPrototypeOf(proto);
	77	assert.ok(proto && ++depth <= MAX_CLASS_DEPTH,
	78	name + ' must be a ' + klass.name + ' instance');
	79	}
	80	assert.strictEqual(proto.constructor.name, klass.name,
	81	name + ' must be a ' + klass.name + ' instance');
	82	var ver = proto._sshpkApiVersion;
	83	if (ver === undefined)
	84	ver = klass._oldVersionDetect(obj);
	85	assert.ok(ver[0] == needVer[0] && ver[1] >= needVer[1],
	86	name + ' must be compatible with ' + klass.name + ' klass ' +
	87	'version ' + needVer[0] + '.' + needVer[1]);
	88	}
	89
	90	var CIPHER_LEN = {
	91	'des-ede3-cbc': { key: 24, iv: 8 },
	92	'aes-128-cbc': { key: 16, iv: 16 },
	93	'aes-256-cbc': { key: 32, iv: 16 }
	94	};
	95	var PKCS5_SALT_LEN = 8;
	96
	97	function opensslKeyDeriv(cipher, salt, passphrase, count) {
	98	assert.buffer(salt, 'salt');
	99	assert.buffer(passphrase, 'passphrase');
	100	assert.number(count, 'iteration count');
	101
	102	var clen = CIPHER_LEN[cipher];
	103	assert.object(clen, 'supported cipher');
	104
	105	salt = salt.slice(0, PKCS5_SALT_LEN);
	106
	107	var D, D_prev, bufs;
	108	var material = Buffer.alloc(0);
	109	while (material.length < clen.key + clen.iv) {
	110	bufs = [];
	111	if (D_prev)
	112	bufs.push(D_prev);
	113	bufs.push(passphrase);
	114	bufs.push(salt);
	115	D = Buffer.concat(bufs);
	116	for (var j = 0; j < count; ++j)
	117	D = crypto.createHash('md5').update(D).digest();
	118	material = Buffer.concat([material, D]);
	119	D_prev = D;
	120	}
	121
	122	return ({
	123	key: material.slice(0, clen.key),
	124	iv: material.slice(clen.key, clen.key + clen.iv)
	125	});
	126	}
	127
	128	/* See: RFC2898 */
	129	function pbkdf2(hashAlg, salt, iterations, size, passphrase) {
	130	var hkey = Buffer.alloc(salt.length + 4);
	131	salt.copy(hkey);
	132
	133	var gen = 0, ts = [];
	134	var i = 1;
	135	while (gen < size) {
	136	var t = T(i++);
	137	gen += t.length;
	138	ts.push(t);
	139	}
	140	return (Buffer.concat(ts).slice(0, size));
	141
	142	function T(I) {
	143	hkey.writeUInt32BE(I, hkey.length - 4);
	144
	145	var hmac = crypto.createHmac(hashAlg, passphrase);
	146	hmac.update(hkey);
	147
	148	var Ti = hmac.digest();
	149	var Uc = Ti;
	150	var c = 1;
	151	while (c++ < iterations) {
	152	hmac = crypto.createHmac(hashAlg, passphrase);
	153	hmac.update(Uc);
	154	Uc = hmac.digest();
	155	for (var x = 0; x < Ti.length; ++x)
	156	Ti[x] ^= Uc[x];
	157	}
	158	return (Ti);
	159	}
	160	}
	161
	162	/* Count leading zero bits on a buffer */
	163	function countZeros(buf) {
	164	var o = 0, obit = 8;
	165	while (o < buf.length) {
	166	var mask = (1 << obit);
	167	if ((buf[o] & mask) === mask)
	168	break;
	169	obit--;
	170	if (obit < 0) {
	171	o++;
	172	obit = 8;
	173	}
	174	}
	175	return (o*8 + (8 - obit) - 1);
	176	}
	177
	178	function bufferSplit(buf, chr) {
	179	assert.buffer(buf);
	180	assert.string(chr);
	181
	182	var parts = [];
	183	var lastPart = 0;
	184	var matches = 0;
	185	for (var i = 0; i < buf.length; ++i) {
	186	if (buf[i] === chr.charCodeAt(matches))
	187	++matches;
	188	else if (buf[i] === chr.charCodeAt(0))
	189	matches = 1;
	190	else
	191	matches = 0;
	192
	193	if (matches >= chr.length) {
	194	var newPart = i + 1;
	195	parts.push(buf.slice(lastPart, newPart - matches));
	196	lastPart = newPart;
	197	matches = 0;
	198	}
	199	}
	200	if (lastPart <= buf.length)
	201	parts.push(buf.slice(lastPart, buf.length));
	202
	203	return (parts);
	204	}
	205
	206	function ecNormalize(buf, addZero) {
	207	assert.buffer(buf);
	208	if (buf[0] === 0x00 && buf[1] === 0x04) {
	209	if (addZero)
	210	return (buf);
	211	return (buf.slice(1));
	212	} else if (buf[0] === 0x04) {
	213	if (!addZero)
	214	return (buf);
	215	} else {
	216	while (buf[0] === 0x00)
	217	buf = buf.slice(1);
	218	if (buf[0] === 0x02 \|\| buf[0] === 0x03)
	219	throw (new Error('Compressed elliptic curve points ' +
	220	'are not supported'));
	221	if (buf[0] !== 0x04)
	222	throw (new Error('Not a valid elliptic curve point'));
	223	if (!addZero)
	224	return (buf);
	225	}
	226	var b = Buffer.alloc(buf.length + 1);
	227	b[0] = 0x0;
	228	buf.copy(b, 1);
	229	return (b);
	230	}
	231
	232	function readBitString(der, tag) {
	233	if (tag === undefined)
	234	tag = asn1.Ber.BitString;
	235	var buf = der.readString(tag, true);
	236	assert.strictEqual(buf[0], 0x00, 'bit strings with unused bits are ' +
	237	'not supported (0x' + buf[0].toString(16) + ')');
	238	return (buf.slice(1));
	239	}
	240
	241	function writeBitString(der, buf, tag) {
	242	if (tag === undefined)
	243	tag = asn1.Ber.BitString;
	244	var b = Buffer.alloc(buf.length + 1);
	245	b[0] = 0x00;
	246	buf.copy(b, 1);
	247	der.writeBuffer(b, tag);
	248	}
	249
	250	function mpNormalize(buf) {
	251	assert.buffer(buf);
	252	while (buf.length > 1 && buf[0] === 0x00 && (buf[1] & 0x80) === 0x00)
	253	buf = buf.slice(1);
	254	if ((buf[0] & 0x80) === 0x80) {
	255	var b = Buffer.alloc(buf.length + 1);
	256	b[0] = 0x00;
	257	buf.copy(b, 1);
	258	buf = b;
	259	}
	260	return (buf);
	261	}
	262
	263	function mpDenormalize(buf) {
	264	assert.buffer(buf);
	265	while (buf.length > 1 && buf[0] === 0x00)
	266	buf = buf.slice(1);
	267	return (buf);
	268	}
	269
	270	function zeroPadToLength(buf, len) {
	271	assert.buffer(buf);
	272	assert.number(len);
	273	while (buf.length > len) {
	274	assert.equal(buf[0], 0x00);
	275	buf = buf.slice(1);
	276	}
	277	while (buf.length < len) {
	278	var b = Buffer.alloc(buf.length + 1);
	279	b[0] = 0x00;
	280	buf.copy(b, 1);
	281	buf = b;
	282	}
	283	return (buf);
	284	}
	285
	286	function bigintToMpBuf(bigint) {
	287	var buf = Buffer.from(bigint.toByteArray());
	288	buf = mpNormalize(buf);
	289	return (buf);
	290	}
	291
	292	function calculateDSAPublic(g, p, x) {
	293	assert.buffer(g);
	294	assert.buffer(p);
	295	assert.buffer(x);
	296	g = new jsbn(g);
	297	p = new jsbn(p);
	298	x = new jsbn(x);
	299	var y = g.modPow(x, p);
	300	var ybuf = bigintToMpBuf(y);
	301	return (ybuf);
	302	}
	303
	304	function calculateED25519Public(k) {
	305	assert.buffer(k);
	306
	307	var kp = nacl.sign.keyPair.fromSeed(new Uint8Array(k));
	308	return (Buffer.from(kp.publicKey));
	309	}
	310
	311	function calculateX25519Public(k) {
	312	assert.buffer(k);
	313
	314	var kp = nacl.box.keyPair.fromSeed(new Uint8Array(k));
	315	return (Buffer.from(kp.publicKey));
	316	}
	317
	318	function addRSAMissing(key) {
	319	assert.object(key);
	320	assertCompatible(key, PrivateKey, [1, 1]);
	321
	322	var d = new jsbn(key.part.d.data);
	323	var buf;
	324
	325	if (!key.part.dmodp) {
	326	var p = new jsbn(key.part.p.data);
	327	var dmodp = d.mod(p.subtract(1));
	328
	329	buf = bigintToMpBuf(dmodp);
	330	key.part.dmodp = {name: 'dmodp', data: buf};
	331	key.parts.push(key.part.dmodp);
	332	}
	333	if (!key.part.dmodq) {
	334	var q = new jsbn(key.part.q.data);
	335	var dmodq = d.mod(q.subtract(1));
	336
	337	buf = bigintToMpBuf(dmodq);
	338	key.part.dmodq = {name: 'dmodq', data: buf};
	339	key.parts.push(key.part.dmodq);
	340	}
	341	}
	342
	343	function publicFromPrivateECDSA(curveName, priv) {
	344	assert.string(curveName, 'curveName');
	345	assert.buffer(priv);
	346	var params = algs.curves[curveName];
	347	var p = new jsbn(params.p);
	348	var a = new jsbn(params.a);
	349	var b = new jsbn(params.b);
	350	var curve = new ec.ECCurveFp(p, a, b);
	351	var G = curve.decodePointHex(params.G.toString('hex'));
	352
	353	var d = new jsbn(mpNormalize(priv));
	354	var pub = G.multiply(d);
	355	pub = Buffer.from(curve.encodePointHex(pub), 'hex');
	356
	357	var parts = [];
	358	parts.push({name: 'curve', data: Buffer.from(curveName)});
	359	parts.push({name: 'Q', data: pub});
	360
	361	var key = new Key({type: 'ecdsa', curve: curve, parts: parts});
	362	return (key);
	363	}
	364
	365	function opensshCipherInfo(cipher) {
	366	var inf = {};
	367	switch (cipher) {
	368	case '3des-cbc':
	369	inf.keySize = 24;
	370	inf.blockSize = 8;
	371	inf.opensslName = 'des-ede3-cbc';
	372	break;
	373	case 'blowfish-cbc':
	374	inf.keySize = 16;
	375	inf.blockSize = 8;
	376	inf.opensslName = 'bf-cbc';
	377	break;
	378	case 'aes128-cbc':
	379	case 'aes128-ctr':
	380	case 'aes128-gcm@openssh.com':
	381	inf.keySize = 16;
	382	inf.blockSize = 16;
	383	inf.opensslName = 'aes-128-' + cipher.slice(7, 10);
	384	break;
	385	case 'aes192-cbc':
	386	case 'aes192-ctr':
	387	case 'aes192-gcm@openssh.com':
	388	inf.keySize = 24;
	389	inf.blockSize = 16;
	390	inf.opensslName = 'aes-192-' + cipher.slice(7, 10);
	391	break;
	392	case 'aes256-cbc':
	393	case 'aes256-ctr':
	394	case 'aes256-gcm@openssh.com':
	395	inf.keySize = 32;
	396	inf.blockSize = 16;
	397	inf.opensslName = 'aes-256-' + cipher.slice(7, 10);
	398	break;
	399	default:
	400	throw (new Error(
	401	'Unsupported openssl cipher "' + cipher + '"'));
	402	}
	403	return (inf);
	404	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: