Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: trip-planner-front/node_modules/sshpk/lib/utils.js@ ceaed42

Last change on this file since ceaed42 was 6a3a178, checked in by Ema <ema_spirova@…>, 3 years ago
initial commit
Property mode set to `100644`
File size: 9.6 KB

Line
1	// Copyright 2015 Joyent, Inc.
2
3	module.exports = {
4	bufferSplit: bufferSplit,
5	addRSAMissing: addRSAMissing,
6	calculateDSAPublic: calculateDSAPublic,
7	calculateED25519Public: calculateED25519Public,
8	calculateX25519Public: calculateX25519Public,
9	mpNormalize: mpNormalize,
10	mpDenormalize: mpDenormalize,
11	ecNormalize: ecNormalize,
12	countZeros: countZeros,
13	assertCompatible: assertCompatible,
14	isCompatible: isCompatible,
15	opensslKeyDeriv: opensslKeyDeriv,
16	opensshCipherInfo: opensshCipherInfo,
17	publicFromPrivateECDSA: publicFromPrivateECDSA,
18	zeroPadToLength: zeroPadToLength,
19	writeBitString: writeBitString,
20	readBitString: readBitString,
21	pbkdf2: pbkdf2
22	};
23
24	var assert = require('assert-plus');
25	var Buffer = require('safer-buffer').Buffer;
26	var PrivateKey = require('./private-key');
27	var Key = require('./key');
28	var crypto = require('crypto');
29	var algs = require('./algs');
30	var asn1 = require('asn1');
31
32	var ec = require('ecc-jsbn/lib/ec');
33	var jsbn = require('jsbn').BigInteger;
34	var nacl = require('tweetnacl');
35
36	var MAX_CLASS_DEPTH = 3;
37
38	function isCompatible(obj, klass, needVer) {
39	if (obj === null \|\| typeof (obj) !== 'object')
40	return (false);
41	if (needVer === undefined)
42	needVer = klass.prototype._sshpkApiVersion;
43	if (obj instanceof klass &&
44	klass.prototype._sshpkApiVersion[0] == needVer[0])
45	return (true);
46	var proto = Object.getPrototypeOf(obj);
47	var depth = 0;
48	while (proto.constructor.name !== klass.name) {
49	proto = Object.getPrototypeOf(proto);
50	if (!proto \|\| ++depth > MAX_CLASS_DEPTH)
51	return (false);
52	}
53	if (proto.constructor.name !== klass.name)
54	return (false);
55	var ver = proto._sshpkApiVersion;
56	if (ver === undefined)
57	ver = klass._oldVersionDetect(obj);
58	if (ver[0] != needVer[0] \|\| ver[1] < needVer[1])
59	return (false);
60	return (true);
61	}
62
63	function assertCompatible(obj, klass, needVer, name) {
64	if (name === undefined)
65	name = 'object';
66	assert.ok(obj, name + ' must not be null');
67	assert.object(obj, name + ' must be an object');
68	if (needVer === undefined)
69	needVer = klass.prototype._sshpkApiVersion;
70	if (obj instanceof klass &&
71	klass.prototype._sshpkApiVersion[0] == needVer[0])
72	return;
73	var proto = Object.getPrototypeOf(obj);
74	var depth = 0;
75	while (proto.constructor.name !== klass.name) {
76	proto = Object.getPrototypeOf(proto);
77	assert.ok(proto && ++depth <= MAX_CLASS_DEPTH,
78	name + ' must be a ' + klass.name + ' instance');
79	}
80	assert.strictEqual(proto.constructor.name, klass.name,
81	name + ' must be a ' + klass.name + ' instance');
82	var ver = proto._sshpkApiVersion;
83	if (ver === undefined)
84	ver = klass._oldVersionDetect(obj);
85	assert.ok(ver[0] == needVer[0] && ver[1] >= needVer[1],
86	name + ' must be compatible with ' + klass.name + ' klass ' +
87	'version ' + needVer[0] + '.' + needVer[1]);
88	}
89
90	var CIPHER_LEN = {
91	'des-ede3-cbc': { key: 24, iv: 8 },
92	'aes-128-cbc': { key: 16, iv: 16 },
93	'aes-256-cbc': { key: 32, iv: 16 }
94	};
95	var PKCS5_SALT_LEN = 8;
96
97	function opensslKeyDeriv(cipher, salt, passphrase, count) {
98	assert.buffer(salt, 'salt');
99	assert.buffer(passphrase, 'passphrase');
100	assert.number(count, 'iteration count');
101
102	var clen = CIPHER_LEN[cipher];
103	assert.object(clen, 'supported cipher');
104
105	salt = salt.slice(0, PKCS5_SALT_LEN);
106
107	var D, D_prev, bufs;
108	var material = Buffer.alloc(0);
109	while (material.length < clen.key + clen.iv) {
110	bufs = [];
111	if (D_prev)
112	bufs.push(D_prev);
113	bufs.push(passphrase);
114	bufs.push(salt);
115	D = Buffer.concat(bufs);
116	for (var j = 0; j < count; ++j)
117	D = crypto.createHash('md5').update(D).digest();
118	material = Buffer.concat([material, D]);
119	D_prev = D;
120	}
121
122	return ({
123	key: material.slice(0, clen.key),
124	iv: material.slice(clen.key, clen.key + clen.iv)
125	});
126	}
127
128	/* See: RFC2898 */
129	function pbkdf2(hashAlg, salt, iterations, size, passphrase) {
130	var hkey = Buffer.alloc(salt.length + 4);
131	salt.copy(hkey);
132
133	var gen = 0, ts = [];
134	var i = 1;
135	while (gen < size) {
136	var t = T(i++);
137	gen += t.length;
138	ts.push(t);
139	}
140	return (Buffer.concat(ts).slice(0, size));
141
142	function T(I) {
143	hkey.writeUInt32BE(I, hkey.length - 4);
144
145	var hmac = crypto.createHmac(hashAlg, passphrase);
146	hmac.update(hkey);
147
148	var Ti = hmac.digest();
149	var Uc = Ti;
150	var c = 1;
151	while (c++ < iterations) {
152	hmac = crypto.createHmac(hashAlg, passphrase);
153	hmac.update(Uc);
154	Uc = hmac.digest();
155	for (var x = 0; x < Ti.length; ++x)
156	Ti[x] ^= Uc[x];
157	}
158	return (Ti);
159	}
160	}
161
162	/* Count leading zero bits on a buffer */
163	function countZeros(buf) {
164	var o = 0, obit = 8;
165	while (o < buf.length) {
166	var mask = (1 << obit);
167	if ((buf[o] & mask) === mask)
168	break;
169	obit--;
170	if (obit < 0) {
171	o++;
172	obit = 8;
173	}
174	}
175	return (o*8 + (8 - obit) - 1);
176	}
177
178	function bufferSplit(buf, chr) {
179	assert.buffer(buf);
180	assert.string(chr);
181
182	var parts = [];
183	var lastPart = 0;
184	var matches = 0;
185	for (var i = 0; i < buf.length; ++i) {
186	if (buf[i] === chr.charCodeAt(matches))
187	++matches;
188	else if (buf[i] === chr.charCodeAt(0))
189	matches = 1;
190	else
191	matches = 0;
192
193	if (matches >= chr.length) {
194	var newPart = i + 1;
195	parts.push(buf.slice(lastPart, newPart - matches));
196	lastPart = newPart;
197	matches = 0;
198	}
199	}
200	if (lastPart <= buf.length)
201	parts.push(buf.slice(lastPart, buf.length));
202
203	return (parts);
204	}
205
206	function ecNormalize(buf, addZero) {
207	assert.buffer(buf);
208	if (buf[0] === 0x00 && buf[1] === 0x04) {
209	if (addZero)
210	return (buf);
211	return (buf.slice(1));
212	} else if (buf[0] === 0x04) {
213	if (!addZero)
214	return (buf);
215	} else {
216	while (buf[0] === 0x00)
217	buf = buf.slice(1);
218	if (buf[0] === 0x02 \|\| buf[0] === 0x03)
219	throw (new Error('Compressed elliptic curve points ' +
220	'are not supported'));
221	if (buf[0] !== 0x04)
222	throw (new Error('Not a valid elliptic curve point'));
223	if (!addZero)
224	return (buf);
225	}
226	var b = Buffer.alloc(buf.length + 1);
227	b[0] = 0x0;
228	buf.copy(b, 1);
229	return (b);
230	}
231
232	function readBitString(der, tag) {
233	if (tag === undefined)
234	tag = asn1.Ber.BitString;
235	var buf = der.readString(tag, true);
236	assert.strictEqual(buf[0], 0x00, 'bit strings with unused bits are ' +
237	'not supported (0x' + buf[0].toString(16) + ')');
238	return (buf.slice(1));
239	}
240
241	function writeBitString(der, buf, tag) {
242	if (tag === undefined)
243	tag = asn1.Ber.BitString;
244	var b = Buffer.alloc(buf.length + 1);
245	b[0] = 0x00;
246	buf.copy(b, 1);
247	der.writeBuffer(b, tag);
248	}
249
250	function mpNormalize(buf) {
251	assert.buffer(buf);
252	while (buf.length > 1 && buf[0] === 0x00 && (buf[1] & 0x80) === 0x00)
253	buf = buf.slice(1);
254	if ((buf[0] & 0x80) === 0x80) {
255	var b = Buffer.alloc(buf.length + 1);
256	b[0] = 0x00;
257	buf.copy(b, 1);
258	buf = b;
259	}
260	return (buf);
261	}
262
263	function mpDenormalize(buf) {
264	assert.buffer(buf);
265	while (buf.length > 1 && buf[0] === 0x00)
266	buf = buf.slice(1);
267	return (buf);
268	}
269
270	function zeroPadToLength(buf, len) {
271	assert.buffer(buf);
272	assert.number(len);
273	while (buf.length > len) {
274	assert.equal(buf[0], 0x00);
275	buf = buf.slice(1);
276	}
277	while (buf.length < len) {
278	var b = Buffer.alloc(buf.length + 1);
279	b[0] = 0x00;
280	buf.copy(b, 1);
281	buf = b;
282	}
283	return (buf);
284	}
285
286	function bigintToMpBuf(bigint) {
287	var buf = Buffer.from(bigint.toByteArray());
288	buf = mpNormalize(buf);
289	return (buf);
290	}
291
292	function calculateDSAPublic(g, p, x) {
293	assert.buffer(g);
294	assert.buffer(p);
295	assert.buffer(x);
296	g = new jsbn(g);
297	p = new jsbn(p);
298	x = new jsbn(x);
299	var y = g.modPow(x, p);
300	var ybuf = bigintToMpBuf(y);
301	return (ybuf);
302	}
303
304	function calculateED25519Public(k) {
305	assert.buffer(k);
306
307	var kp = nacl.sign.keyPair.fromSeed(new Uint8Array(k));
308	return (Buffer.from(kp.publicKey));
309	}
310
311	function calculateX25519Public(k) {
312	assert.buffer(k);
313
314	var kp = nacl.box.keyPair.fromSeed(new Uint8Array(k));
315	return (Buffer.from(kp.publicKey));
316	}
317
318	function addRSAMissing(key) {
319	assert.object(key);
320	assertCompatible(key, PrivateKey, [1, 1]);
321
322	var d = new jsbn(key.part.d.data);
323	var buf;
324
325	if (!key.part.dmodp) {
326	var p = new jsbn(key.part.p.data);
327	var dmodp = d.mod(p.subtract(1));
328
329	buf = bigintToMpBuf(dmodp);
330	key.part.dmodp = {name: 'dmodp', data: buf};
331	key.parts.push(key.part.dmodp);
332	}
333	if (!key.part.dmodq) {
334	var q = new jsbn(key.part.q.data);
335	var dmodq = d.mod(q.subtract(1));
336
337	buf = bigintToMpBuf(dmodq);
338	key.part.dmodq = {name: 'dmodq', data: buf};
339	key.parts.push(key.part.dmodq);
340	}
341	}
342
343	function publicFromPrivateECDSA(curveName, priv) {
344	assert.string(curveName, 'curveName');
345	assert.buffer(priv);
346	var params = algs.curves[curveName];
347	var p = new jsbn(params.p);
348	var a = new jsbn(params.a);
349	var b = new jsbn(params.b);
350	var curve = new ec.ECCurveFp(p, a, b);
351	var G = curve.decodePointHex(params.G.toString('hex'));
352
353	var d = new jsbn(mpNormalize(priv));
354	var pub = G.multiply(d);
355	pub = Buffer.from(curve.encodePointHex(pub), 'hex');
356
357	var parts = [];
358	parts.push({name: 'curve', data: Buffer.from(curveName)});
359	parts.push({name: 'Q', data: pub});
360
361	var key = new Key({type: 'ecdsa', curve: curve, parts: parts});
362	return (key);
363	}
364
365	function opensshCipherInfo(cipher) {
366	var inf = {};
367	switch (cipher) {
368	case '3des-cbc':
369	inf.keySize = 24;
370	inf.blockSize = 8;
371	inf.opensslName = 'des-ede3-cbc';
372	break;
373	case 'blowfish-cbc':
374	inf.keySize = 16;
375	inf.blockSize = 8;
376	inf.opensslName = 'bf-cbc';
377	break;
378	case 'aes128-cbc':
379	case 'aes128-ctr':
380	case 'aes128-gcm@openssh.com':
381	inf.keySize = 16;
382	inf.blockSize = 16;
383	inf.opensslName = 'aes-128-' + cipher.slice(7, 10);
384	break;
385	case 'aes192-cbc':
386	case 'aes192-ctr':
387	case 'aes192-gcm@openssh.com':
388	inf.keySize = 24;
389	inf.blockSize = 16;
390	inf.opensslName = 'aes-192-' + cipher.slice(7, 10);
391	break;
392	case 'aes256-cbc':
393	case 'aes256-ctr':
394	case 'aes256-gcm@openssh.com':
395	inf.keySize = 32;
396	inf.blockSize = 16;
397	inf.opensslName = 'aes-256-' + cipher.slice(7, 10);
398	break;
399	default:
400	throw (new Error(
401	'Unsupported openssl cipher "' + cipher + '"'));
402	}
403	return (inf);
404	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: