Newer
Older
15001
15002
15003
15004
15005
15006
15007
15008
15009
15010
15011
15012
15013
15014
15015
15016
15017
15018
15019
15020
15021
15022
15023
15024
15025
15026
15027
15028
15029
15030
15031
15032
15033
15034
15035
15036
15037
15038
15039
15040
15041
15042
15043
15044
15045
15046
15047
15048
15049
15050
15051
15052
15053
15054
15055
15056
15057
15058
15059
15060
15061
15062
15063
15064
15065
15066
15067
15068
15069
15070
15071
15072
15073
15074
15075
15076
15077
15078
15079
15080
15081
15082
15083
15084
15085
15086
15087
15088
15089
15090
15091
15092
15093
15094
15095
15096
15097
15098
15099
15100
15101
15102
15103
15104
15105
15106
15107
15108
15109
15110
15111
15112
15113
15114
15115
15116
15117
15118
15119
15120
15121
15122
15123
15124
15125
15126
15127
15128
15129
15130
15131
15132
15133
15134
15135
15136
15137
15138
15139
15140
15141
15142
15143
15144
15145
15146
15147
15148
15149
15150
15151
15152
15153
15154
15155
15156
15157
15158
15159
15160
15161
15162
15163
15164
15165
15166
15167
15168
15169
15170
15171
15172
15173
15174
15175
15176
15177
15178
15179
15180
15181
15182
15183
15184
15185
15186
15187
15188
15189
15190
15191
15192
15193
15194
15195
15196
15197
15198
15199
15200
15201
15202
15203
15204
15205
15206
15207
15208
15209
15210
15211
15212
15213
15214
15215
15216
15217
15218
15219
15220
15221
15222
15223
15224
15225
15226
15227
15228
15229
15230
15231
15232
15233
15234
15235
15236
15237
15238
15239
15240
15241
15242
15243
15244
15245
15246
15247
15248
15249
15250
15251
15252
15253
15254
15255
15256
15257
15258
15259
15260
15261
15262
15263
15264
15265
15266
15267
15268
15269
15270
15271
15272
15273
15274
15275
15276
15277
15278
15279
15280
15281
15282
15283
15284
15285
15286
15287
15288
15289
15290
15291
15292
15293
15294
15295
15296
15297
15298
15299
15300
15301
15302
15303
15304
15305
15306
15307
15308
15309
15310
15311
15312
15313
15314
15315
15316
15317
15318
15319
15320
15321
15322
15323
15324
15325
15326
15327
15328
15329
15330
15331
15332
15333
15334
15335
15336
15337
15338
15339
15340
15341
15342
15343
15344
15345
15346
15347
15348
15349
15350
15351
15352
15353
15354
15355
15356
15357
15358
15359
15360
15361
15362
15363
15364
15365
15366
15367
15368
15369
15370
15371
15372
15373
15374
15375
15376
15377
15378
15379
15380
15381
15382
15383
15384
15385
15386
15387
15388
15389
15390
15391
15392
15393
15394
15395
15396
15397
15398
15399
15400
15401
15402
15403
15404
15405
15406
15407
15408
15409
15410
15411
15412
15413
15414
15415
15416
15417
15418
15419
15420
15421
15422
15423
15424
15425
15426
15427
15428
15429
15430
15431
15432
15433
15434
15435
15436
15437
15438
15439
15440
15441
15442
15443
15444
15445
15446
15447
15448
15449
15450
15451
15452
15453
15454
15455
15456
15457
15458
15459
15460
15461
15462
15463
15464
15465
15466
15467
15468
15469
15470
15471
15472
15473
15474
15475
15476
15477
15478
15479
15480
15481
15482
15483
15484
15485
15486
15487
15488
15489
15490
15491
15492
15493
15494
15495
15496
15497
15498
15499
15500
15501
15502
15503
15504
15505
15506
15507
15508
15509
15510
15511
15512
15513
15514
15515
15516
15517
15518
15519
15520
15521
15522
15523
15524
15525
15526
15527
15528
15529
15530
15531
15532
15533
15534
15535
15536
15537
15538
15539
15540
15541
15542
15543
15544
15545
15546
15547
15548
15549
15550
15551
15552
15553
15554
15555
15556
15557
15558
15559
15560
15561
15562
15563
15564
15565
15566
15567
15568
15569
15570
15571
15572
15573
15574
15575
15576
15577
15578
15579
15580
15581
15582
15583
15584
15585
15586
15587
15588
15589
15590
15591
15592
15593
15594
15595
15596
15597
15598
15599
15600
15601
15602
15603
15604
15605
15606
15607
15608
15609
15610
15611
15612
15613
15614
15615
15616
15617
15618
15619
15620
15621
15622
15623
15624
15625
15626
15627
15628
15629
15630
15631
15632
15633
15634
15635
15636
15637
15638
15639
15640
15641
15642
15643
15644
15645
15646
15647
15648
15649
15650
15651
15652
15653
15654
15655
15656
15657
15658
15659
15660
15661
15662
15663
15664
15665
15666
15667
15668
15669
15670
15671
15672
15673
15674
15675
15676
15677
15678
15679
15680
15681
15682
15683
15684
15685
15686
15687
15688
15689
15690
15691
15692
15693
15694
15695
15696
15697
15698
15699
15700
15701
15702
15703
15704
15705
15706
15707
15708
15709
15710
15711
15712
15713
15714
15715
15716
15717
15718
15719
15720
15721
15722
15723
15724
15725
15726
15727
15728
15729
15730
15731
15732
15733
15734
15735
15736
15737
15738
15739
15740
15741
15742
15743
15744
15745
15746
15747
15748
15749
15750
15751
15752
15753
15754
15755
15756
15757
15758
15759
15760
15761
15762
15763
15764
15765
15766
15767
15768
15769
15770
15771
15772
15773
15774
15775
15776
15777
15778
15779
15780
15781
15782
15783
15784
15785
15786
15787
15788
15789
15790
15791
15792
15793
15794
15795
15796
15797
15798
15799
15800
15801
15802
15803
15804
15805
15806
15807
15808
15809
15810
15811
15812
15813
15814
15815
15816
15817
15818
15819
15820
15821
15822
15823
15824
15825
15826
15827
15828
15829
15830
15831
15832
15833
15834
15835
15836
15837
15838
15839
15840
15841
15842
15843
15844
15845
15846
15847
15848
15849
15850
15851
15852
15853
15854
15855
15856
15857
15858
15859
15860
15861
15862
15863
15864
15865
15866
15867
15868
15869
15870
15871
15872
15873
15874
15875
15876
15877
15878
15879
15880
15881
15882
15883
15884
15885
15886
15887
15888
15889
15890
15891
15892
15893
15894
15895
15896
15897
15898
15899
15900
15901
15902
15903
15904
15905
15906
15907
15908
15909
15910
15911
15912
15913
15914
15915
15916
15917
15918
15919
15920
15921
15922
15923
15924
15925
15926
15927
15928
15929
15930
15931
15932
15933
15934
15935
15936
15937
15938
15939
15940
15941
15942
15943
15944
15945
15946
15947
15948
15949
15950
15951
15952
15953
15954
15955
15956
15957
15958
15959
15960
15961
15962
15963
15964
15965
15966
15967
15968
15969
15970
15971
15972
15973
15974
15975
15976
15977
15978
15979
15980
15981
15982
15983
15984
15985
15986
15987
15988
15989
15990
15991
15992
15993
15994
15995
15996
15997
15998
15999
16000
case State.New:
if (c !== ' ') parsed.scheme += c;
else state = State.Params;
break;
case State.Params:
switch (Number(substate)) {
case ParamsState.Name:
var code = c.charCodeAt(0);
// restricted name of A-Z / a-z
if ((code >= 0x41 && code <= 0x5a) || // A-Z
(code >= 0x61 && code <= 0x7a)) { // a-z
tmpName += c;
} else if (c === '=') {
if (tmpName.length === 0)
throw new InvalidHeaderError('bad param format');
substate = ParamsState.Quote;
} else {
throw new InvalidHeaderError('bad param format');
}
break;
case ParamsState.Quote:
if (c === '"') {
tmpValue = '';
substate = ParamsState.Value;
} else {
throw new InvalidHeaderError('bad param format');
}
break;
case ParamsState.Value:
if (c === '"') {
parsed.params[tmpName] = tmpValue;
substate = ParamsState.Comma;
} else {
tmpValue += c;
}
break;
case ParamsState.Comma:
if (c === ',') {
tmpName = '';
substate = ParamsState.Name;
} else {
throw new InvalidHeaderError('bad param format');
}
break;
default:
throw new Error('Invalid substate');
}
break;
default:
throw new Error('Invalid substate');
}
}
if (!parsed.params.headers || parsed.params.headers === '') {
if (request.headers['x-date']) {
parsed.params.headers = ['x-date'];
} else {
parsed.params.headers = ['date'];
}
} else {
parsed.params.headers = parsed.params.headers.split(' ');
}
// Minimally validate the parsed object
if (!parsed.scheme || parsed.scheme !== 'Signature')
throw new InvalidHeaderError('scheme was not "Signature"');
if (!parsed.params.keyId)
throw new InvalidHeaderError('keyId was not specified');
if (!parsed.params.algorithm)
throw new InvalidHeaderError('algorithm was not specified');
if (!parsed.params.signature)
throw new InvalidHeaderError('signature was not specified');
// Check the algorithm against the official list
parsed.params.algorithm = parsed.params.algorithm.toLowerCase();
try {
validateAlgorithm(parsed.params.algorithm);
} catch (e) {
if (e instanceof InvalidAlgorithmError)
throw (new InvalidParamsError(parsed.params.algorithm + ' is not ' +
'supported'));
else
throw (e);
}
// Build the signingString
for (i = 0; i < parsed.params.headers.length; i++) {
var h = parsed.params.headers[i].toLowerCase();
parsed.params.headers[i] = h;
if (h === 'request-line') {
if (!options.strict) {
/*
* We allow headers from the older spec drafts if strict parsing isn't
* specified in options.
*/
parsed.signingString +=
request.method + ' ' + request.url + ' HTTP/' + request.httpVersion;
} else {
/* Strict parsing doesn't allow older draft headers. */
throw (new StrictParsingError('request-line is not a valid header ' +
'with strict parsing enabled.'));
}
} else if (h === '(request-target)') {
parsed.signingString +=
'(request-target): ' + request.method.toLowerCase() + ' ' +
request.url;
} else {
var value = request.headers[h];
if (value === undefined)
throw new MissingHeaderError(h + ' was not in the request');
parsed.signingString += h + ': ' + value;
}
if ((i + 1) < parsed.params.headers.length)
parsed.signingString += '\n';
}
// Check against the constraints
var date;
if (request.headers.date || request.headers['x-date']) {
if (request.headers['x-date']) {
date = new Date(request.headers['x-date']);
} else {
date = new Date(request.headers.date);
}
var now = new Date();
var skew = Math.abs(now.getTime() - date.getTime());
if (skew > options.clockSkew * 1000) {
throw new ExpiredRequestError('clock skew of ' +
(skew / 1000) +
's was greater than ' +
options.clockSkew + 's');
}
}
options.headers.forEach(function (hdr) {
// Remember that we already checked any headers in the params
// were in the request, so if this passes we're good.
if (parsed.params.headers.indexOf(hdr.toLowerCase()) < 0)
throw new MissingHeaderError(hdr + ' was not a signed header');
});
if (options.algorithms) {
if (options.algorithms.indexOf(parsed.params.algorithm) === -1)
throw new InvalidParamsError(parsed.params.algorithm +
' is not a supported algorithm');
}
parsed.algorithm = parsed.params.algorithm.toUpperCase();
parsed.keyId = parsed.params.keyId;
return parsed;
}
};
/***/ }),
/* 108 */
/***/ (function(module, exports, __webpack_require__) {
// Copyright (c) 2012, Mark Cavage. All rights reserved.
// Copyright 2015 Joyent, Inc.
var assert = __webpack_require__(109);
var Stream = __webpack_require__(100).Stream;
var util = __webpack_require__(9);
///--- Globals
/* JSSTYLED */
var UUID_REGEXP = /^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$/;
///--- Internal
function _capitalize(str) {
return (str.charAt(0).toUpperCase() + str.slice(1));
}
function _toss(name, expected, oper, arg, actual) {
throw new assert.AssertionError({
message: util.format('%s (%s) is required', name, expected),
actual: (actual === undefined) ? typeof (arg) : actual(arg),
expected: expected,
operator: oper || '===',
stackStartFunction: _toss.caller
});
}
function _getClass(arg) {
return (Object.prototype.toString.call(arg).slice(8, -1));
}
function noop() {
// Why even bother with asserts?
}
///--- Exports
var types = {
bool: {
check: function (arg) { return typeof (arg) === 'boolean'; }
},
func: {
check: function (arg) { return typeof (arg) === 'function'; }
},
string: {
check: function (arg) { return typeof (arg) === 'string'; }
},
object: {
check: function (arg) {
return typeof (arg) === 'object' && arg !== null;
}
},
number: {
check: function (arg) {
return typeof (arg) === 'number' && !isNaN(arg);
}
},
finite: {
check: function (arg) {
return typeof (arg) === 'number' && !isNaN(arg) && isFinite(arg);
}
},
buffer: {
check: function (arg) { return Buffer.isBuffer(arg); },
operator: 'Buffer.isBuffer'
},
array: {
check: function (arg) { return Array.isArray(arg); },
operator: 'Array.isArray'
},
stream: {
check: function (arg) { return arg instanceof Stream; },
operator: 'instanceof',
actual: _getClass
},
date: {
check: function (arg) { return arg instanceof Date; },
operator: 'instanceof',
actual: _getClass
},
regexp: {
check: function (arg) { return arg instanceof RegExp; },
operator: 'instanceof',
actual: _getClass
},
uuid: {
check: function (arg) {
return typeof (arg) === 'string' && UUID_REGEXP.test(arg);
},
operator: 'isUUID'
}
};
function _setExports(ndebug) {
var keys = Object.keys(types);
var out;
/* re-export standard assert */
if (process.env.NODE_NDEBUG) {
out = noop;
} else {
out = function (arg, msg) {
if (!arg) {
_toss(msg, 'true', arg);
}
};
}
/* standard checks */
keys.forEach(function (k) {
if (ndebug) {
out[k] = noop;
return;
}
var type = types[k];
out[k] = function (arg, msg) {
if (!type.check(arg)) {
_toss(msg, k, type.operator, arg, type.actual);
}
};
});
/* optional checks */
keys.forEach(function (k) {
var name = 'optional' + _capitalize(k);
if (ndebug) {
out[name] = noop;
return;
}
var type = types[k];
out[name] = function (arg, msg) {
if (arg === undefined || arg === null) {
return;
}
if (!type.check(arg)) {
_toss(msg, k, type.operator, arg, type.actual);
}
};
});
/* arrayOf checks */
keys.forEach(function (k) {
var name = 'arrayOf' + _capitalize(k);
if (ndebug) {
out[name] = noop;
return;
}
var type = types[k];
var expected = '[' + k + ']';
out[name] = function (arg, msg) {
if (!Array.isArray(arg)) {
_toss(msg, expected, type.operator, arg, type.actual);
}
var i;
for (i = 0; i < arg.length; i++) {
if (!type.check(arg[i])) {
_toss(msg, expected, type.operator, arg, type.actual);
}
}
};
});
/* optionalArrayOf checks */
keys.forEach(function (k) {
var name = 'optionalArrayOf' + _capitalize(k);
if (ndebug) {
out[name] = noop;
return;
}
var type = types[k];
var expected = '[' + k + ']';
out[name] = function (arg, msg) {
if (arg === undefined || arg === null) {
return;
}
if (!Array.isArray(arg)) {
_toss(msg, expected, type.operator, arg, type.actual);
}
var i;
for (i = 0; i < arg.length; i++) {
if (!type.check(arg[i])) {
_toss(msg, expected, type.operator, arg, type.actual);
}
}
};
});
/* re-export built-in assertions */
Object.keys(assert).forEach(function (k) {
if (k === 'AssertionError') {
out[k] = assert[k];
return;
}
if (ndebug) {
out[k] = noop;
return;
}
out[k] = assert[k];
});
/* export ourselves (for unit tests _only_) */
out._setExports = _setExports;
return out;
}
module.exports = _setExports(process.env.NODE_NDEBUG);
/***/ }),
/* 109 */
/***/ (function(module, exports) {
module.exports = require("assert");
/***/ }),
/* 110 */
/***/ (function(module, exports, __webpack_require__) {
// Copyright 2012 Joyent, Inc. All rights reserved.
var assert = __webpack_require__(108);
var sshpk = __webpack_require__(111);
var util = __webpack_require__(9);
var HASH_ALGOS = {
'sha1': true,
'sha256': true,
'sha512': true
};
var PK_ALGOS = {
'rsa': true,
'dsa': true,
'ecdsa': true
};
function HttpSignatureError(message, caller) {
if (Error.captureStackTrace)
Error.captureStackTrace(this, caller || HttpSignatureError);
this.message = message;
this.name = caller.name;
}
util.inherits(HttpSignatureError, Error);
function InvalidAlgorithmError(message) {
HttpSignatureError.call(this, message, InvalidAlgorithmError);
}
util.inherits(InvalidAlgorithmError, HttpSignatureError);
function validateAlgorithm(algorithm) {
var alg = algorithm.toLowerCase().split('-');
if (alg.length !== 2) {
throw (new InvalidAlgorithmError(alg[0].toUpperCase() + ' is not a ' +
'valid algorithm'));
}
if (alg[0] !== 'hmac' && !PK_ALGOS[alg[0]]) {
throw (new InvalidAlgorithmError(alg[0].toUpperCase() + ' type keys ' +
'are not supported'));
}
if (!HASH_ALGOS[alg[1]]) {
throw (new InvalidAlgorithmError(alg[1].toUpperCase() + ' is not a ' +
'supported hash algorithm'));
}
return (alg);
}
///--- API
module.exports = {
HASH_ALGOS: HASH_ALGOS,
PK_ALGOS: PK_ALGOS,
HttpSignatureError: HttpSignatureError,
InvalidAlgorithmError: InvalidAlgorithmError,
validateAlgorithm: validateAlgorithm,
/**
* Converts an OpenSSH public key (rsa only) to a PKCS#8 PEM file.
*
* The intent of this module is to interoperate with OpenSSL only,
* specifically the node crypto module's `verify` method.
*
* @param {String} key an OpenSSH public key.
* @return {String} PEM encoded form of the RSA public key.
* @throws {TypeError} on bad input.
* @throws {Error} on invalid ssh key formatted data.
*/
sshKeyToPEM: function sshKeyToPEM(key) {
assert.string(key, 'ssh_key');
var k = sshpk.parseKey(key, 'ssh');
return (k.toString('pem'));
},
/**
* Generates an OpenSSH fingerprint from an ssh public key.
*
* @param {String} key an OpenSSH public key.
* @return {String} key fingerprint.
* @throws {TypeError} on bad input.
* @throws {Error} if what you passed doesn't look like an ssh public key.
*/
fingerprint: function fingerprint(key) {
assert.string(key, 'ssh_key');
var k = sshpk.parseKey(key, 'ssh');
return (k.fingerprint('md5').toString('hex'));
},
/**
* Converts a PKGCS#8 PEM file to an OpenSSH public key (rsa)
*
* The reverse of the above function.
*/
pemToRsaSSHKey: function pemToRsaSSHKey(pem, comment) {
assert.equal('string', typeof (pem), 'typeof pem');
var k = sshpk.parseKey(pem, 'pem');
k.comment = comment;
return (k.toString('ssh'));
}
};
/***/ }),
/* 111 */
/***/ (function(module, exports, __webpack_require__) {
// Copyright 2015 Joyent, Inc.
var Key = __webpack_require__(112);
var Fingerprint = __webpack_require__(115);
var Signature = __webpack_require__(118);
var PrivateKey = __webpack_require__(117);
var Certificate = __webpack_require__(144);
var Identity = __webpack_require__(145);
var errs = __webpack_require__(116);
module.exports = {
/* top-level classes */
Key: Key,
parseKey: Key.parse,
Fingerprint: Fingerprint,
parseFingerprint: Fingerprint.parse,
Signature: Signature,
parseSignature: Signature.parse,
PrivateKey: PrivateKey,
parsePrivateKey: PrivateKey.parse,
generatePrivateKey: PrivateKey.generate,
Certificate: Certificate,
parseCertificate: Certificate.parse,
createSelfSignedCertificate: Certificate.createSelfSigned,
createCertificate: Certificate.create,
Identity: Identity,
identityFromDN: Identity.parseDN,
identityForHost: Identity.forHost,
identityForUser: Identity.forUser,
identityForEmail: Identity.forEmail,
identityFromArray: Identity.fromArray,
/* errors */
FingerprintFormatError: errs.FingerprintFormatError,
InvalidAlgorithmError: errs.InvalidAlgorithmError,
KeyParseError: errs.KeyParseError,
SignatureParseError: errs.SignatureParseError,
KeyEncryptedError: errs.KeyEncryptedError,
CertificateParseError: errs.CertificateParseError
};
/***/ }),
/* 112 */
/***/ (function(module, exports, __webpack_require__) {
// Copyright 2018 Joyent, Inc.
module.exports = Key;
var assert = __webpack_require__(108);
var algs = __webpack_require__(113);
var crypto = __webpack_require__(94);
var Fingerprint = __webpack_require__(115);
var Signature = __webpack_require__(118);
var DiffieHellman = __webpack_require__(130).DiffieHellman;
var errs = __webpack_require__(116);
var utils = __webpack_require__(119);
var PrivateKey = __webpack_require__(117);
var edCompat;
try {
edCompat = __webpack_require__(133);
} catch (e) {
/* Just continue through, and bail out if we try to use it. */
}
var InvalidAlgorithmError = errs.InvalidAlgorithmError;
var KeyParseError = errs.KeyParseError;
var formats = {};
formats['auto'] = __webpack_require__(134);
formats['pem'] = __webpack_require__(135);
formats['pkcs1'] = __webpack_require__(136);
formats['pkcs8'] = __webpack_require__(137);
formats['rfc4253'] = __webpack_require__(139);
formats['ssh'] = __webpack_require__(141);
formats['ssh-private'] = __webpack_require__(138);
formats['openssh'] = formats['ssh-private'];
formats['dnssec'] = __webpack_require__(142);
formats['putty'] = __webpack_require__(143);
formats['ppk'] = formats['putty'];
function Key(opts) {
assert.object(opts, 'options');
assert.arrayOfObject(opts.parts, 'options.parts');
assert.string(opts.type, 'options.type');
assert.optionalString(opts.comment, 'options.comment');
var algInfo = algs.info[opts.type];
if (typeof (algInfo) !== 'object')
throw (new InvalidAlgorithmError(opts.type));
var partLookup = {};
for (var i = 0; i < opts.parts.length; ++i) {
var part = opts.parts[i];
partLookup[part.name] = part;
}
this.type = opts.type;
this.parts = opts.parts;
this.part = partLookup;
this.comment = undefined;
this.source = opts.source;
/* for speeding up hashing/fingerprint operations */
this._rfc4253Cache = opts._rfc4253Cache;
this._hashCache = {};
var sz;
this.curve = undefined;
if (this.type === 'ecdsa') {
var curve = this.part.curve.data.toString();
this.curve = curve;
sz = algs.curves[curve].size;
} else if (this.type === 'ed25519' || this.type === 'curve25519') {
sz = 256;
this.curve = 'curve25519';
} else {
var szPart = this.part[algInfo.sizePart];
sz = szPart.data.length;
sz = sz * 8 - utils.countZeros(szPart.data);
}
this.size = sz;
}
Key.formats = formats;
Key.prototype.toBuffer = function (format, options) {
if (format === undefined)
format = 'ssh';
assert.string(format, 'format');
assert.object(formats[format], 'formats[format]');
assert.optionalObject(options, 'options');
if (format === 'rfc4253') {
if (this._rfc4253Cache === undefined)
this._rfc4253Cache = formats['rfc4253'].write(this);
return (this._rfc4253Cache);
}
return (formats[format].write(this, options));
};
Key.prototype.toString = function (format, options) {
return (this.toBuffer(format, options).toString());
};
Key.prototype.hash = function (algo, type) {
assert.string(algo, 'algorithm');
assert.optionalString(type, 'type');
if (type === undefined)
type = 'ssh';
algo = algo.toLowerCase();
if (algs.hashAlgs[algo] === undefined)
throw (new InvalidAlgorithmError(algo));
var cacheKey = algo + '||' + type;
if (this._hashCache[cacheKey])
return (this._hashCache[cacheKey]);
var buf;
if (type === 'ssh') {
buf = this.toBuffer('rfc4253');
} else if (type === 'spki') {
buf = formats.pkcs8.pkcs8ToBuffer(this);
} else {
throw (new Error('Hash type ' + type + ' not supported'));
}
var hash = crypto.createHash(algo).update(buf).digest();
this._hashCache[cacheKey] = hash;
return (hash);
};
Key.prototype.fingerprint = function (algo, type) {
if (algo === undefined)
algo = 'sha256';
if (type === undefined)
type = 'ssh';
assert.string(algo, 'algorithm');
assert.string(type, 'type');
var opts = {
type: 'key',
hash: this.hash(algo, type),
algorithm: algo,
hashType: type
};
return (new Fingerprint(opts));
};
Key.prototype.defaultHashAlgorithm = function () {
var hashAlgo = 'sha1';
if (this.type === 'rsa')
hashAlgo = 'sha256';
if (this.type === 'dsa' && this.size > 1024)
hashAlgo = 'sha256';
if (this.type === 'ed25519')
hashAlgo = 'sha512';
if (this.type === 'ecdsa') {
if (this.size <= 256)
hashAlgo = 'sha256';
else if (this.size <= 384)
hashAlgo = 'sha384';
else
hashAlgo = 'sha512';
}
return (hashAlgo);
};
Key.prototype.createVerify = function (hashAlgo) {
if (hashAlgo === undefined)
hashAlgo = this.defaultHashAlgorithm();
assert.string(hashAlgo, 'hash algorithm');
/* ED25519 is not supported by OpenSSL, use a javascript impl. */
if (this.type === 'ed25519' && edCompat !== undefined)
return (new edCompat.Verifier(this, hashAlgo));
if (this.type === 'curve25519')
throw (new Error('Curve25519 keys are not suitable for ' +
'signing or verification'));
var v, nm, err;
try {
nm = hashAlgo.toUpperCase();
v = crypto.createVerify(nm);
} catch (e) {
err = e;
}
if (v === undefined || (err instanceof Error &&
err.message.match(/Unknown message digest/))) {
nm = 'RSA-';
nm += hashAlgo.toUpperCase();
v = crypto.createVerify(nm);
}
assert.ok(v, 'failed to create verifier');
var oldVerify = v.verify.bind(v);
var key = this.toBuffer('pkcs8');
var curve = this.curve;
var self = this;
v.verify = function (signature, fmt) {
if (Signature.isSignature(signature, [2, 0])) {
if (signature.type !== self.type)
return (false);
if (signature.hashAlgorithm &&
signature.hashAlgorithm !== hashAlgo)
return (false);
if (signature.curve && self.type === 'ecdsa' &&
signature.curve !== curve)
return (false);
return (oldVerify(key, signature.toBuffer('asn1')));
} else if (typeof (signature) === 'string' ||
Buffer.isBuffer(signature)) {
return (oldVerify(key, signature, fmt));
/*
* Avoid doing this on valid arguments, walking the prototype
* chain can be quite slow.
*/
} else if (Signature.isSignature(signature, [1, 0])) {
throw (new Error('signature was created by too old ' +
'a version of sshpk and cannot be verified'));
} else {
throw (new TypeError('signature must be a string, ' +
'Buffer, or Signature object'));
}
};
return (v);
};
Key.prototype.createDiffieHellman = function () {
if (this.type === 'rsa')
throw (new Error('RSA keys do not support Diffie-Hellman'));
return (new DiffieHellman(this));
};
Key.prototype.createDH = Key.prototype.createDiffieHellman;
Key.parse = function (data, format, options) {
if (typeof (data) !== 'string')
assert.buffer(data, 'data');
if (format === undefined)
format = 'auto';
assert.string(format, 'format');
if (typeof (options) === 'string')
options = { filename: options };
assert.optionalObject(options, 'options');
if (options === undefined)
options = {};
assert.optionalString(options.filename, 'options.filename');
if (options.filename === undefined)
options.filename = '(unnamed)';
assert.object(formats[format], 'formats[format]');
try {
var k = formats[format].read(data, options);
if (k instanceof PrivateKey)
k = k.toPublic();
if (!k.comment)
k.comment = options.filename;
return (k);
} catch (e) {
if (e.name === 'KeyEncryptedError')
throw (e);
throw (new KeyParseError(options.filename, format, e));
}
};
Key.isKey = function (obj, ver) {
return (utils.isCompatible(obj, Key, ver));
};
/*
* API versions for Key:
* [1,0] -- initial ver, may take Signature for createVerify or may not
* [1,1] -- added pkcs1, pkcs8 formats
* [1,2] -- added auto, ssh-private, openssh formats
* [1,3] -- added defaultHashAlgorithm
* [1,4] -- added ed support, createDH
* [1,5] -- first explicitly tagged version
* [1,6] -- changed ed25519 part names
* [1,7] -- spki hash types
*/
Key.prototype._sshpkApiVersion = [1, 7];
Key._oldVersionDetect = function (obj) {
assert.func(obj.toBuffer);
assert.func(obj.fingerprint);
if (obj.createDH)
return ([1, 4]);
if (obj.defaultHashAlgorithm)
return ([1, 3]);
if (obj.formats['auto'])
return ([1, 2]);
if (obj.formats['pkcs1'])
return ([1, 1]);
return ([1, 0]);
};
/***/ }),
/* 113 */
/***/ (function(module, exports, __webpack_require__) {
// Copyright 2015 Joyent, Inc.
var Buffer = __webpack_require__(114).Buffer;
var algInfo = {
'dsa': {
parts: ['p', 'q', 'g', 'y'],
sizePart: 'p'
},
'rsa': {
parts: ['e', 'n'],
sizePart: 'n'
},
'ecdsa': {
parts: ['curve', 'Q'],
sizePart: 'Q'
},
'ed25519': {
parts: ['A'],
sizePart: 'A'
}
};
algInfo['curve25519'] = algInfo['ed25519'];
var algPrivInfo = {
'dsa': {
parts: ['p', 'q', 'g', 'y', 'x']
},
'rsa': {
parts: ['n', 'e', 'd', 'iqmp', 'p', 'q']
},
'ecdsa': {
parts: ['curve', 'Q', 'd']
},
'ed25519': {
parts: ['A', 'k']
}
};
algPrivInfo['curve25519'] = algPrivInfo['ed25519'];
var hashAlgs = {
'md5': true,
'sha1': true,
'sha256': true,
'sha384': true,
'sha512': true
};
/*
* Taken from
* http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf
*/
var curves = {
'nistp256': {
size: 256,
pkcs8oid: '1.2.840.10045.3.1.7',
p: Buffer.from(('00' +
'ffffffff 00000001 00000000 00000000' +
'00000000 ffffffff ffffffff ffffffff').
replace(/ /g, ''), 'hex'),
a: Buffer.from(('00' +
'FFFFFFFF 00000001 00000000 00000000' +
'00000000 FFFFFFFF FFFFFFFF FFFFFFFC').
replace(/ /g, ''), 'hex'),
b: Buffer.from((
'5ac635d8 aa3a93e7 b3ebbd55 769886bc' +
'651d06b0 cc53b0f6 3bce3c3e 27d2604b').
replace(/ /g, ''), 'hex'),
s: Buffer.from(('00' +
'c49d3608 86e70493 6a6678e1 139d26b7' +
'819f7e90').
replace(/ /g, ''), 'hex'),
n: Buffer.from(('00' +
'ffffffff 00000000 ffffffff ffffffff' +
'bce6faad a7179e84 f3b9cac2 fc632551').
replace(/ /g, ''), 'hex'),
G: Buffer.from(('04' +
'6b17d1f2 e12c4247 f8bce6e5 63a440f2' +
'77037d81 2deb33a0 f4a13945 d898c296' +
'4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16' +
'2bce3357 6b315ece cbb64068 37bf51f5').
replace(/ /g, ''), 'hex')
},
'nistp384': {
size: 384,
pkcs8oid: '1.3.132.0.34',
p: Buffer.from(('00' +
'ffffffff ffffffff ffffffff ffffffff' +
'ffffffff ffffffff ffffffff fffffffe' +
'ffffffff 00000000 00000000 ffffffff').
replace(/ /g, ''), 'hex'),
a: Buffer.from(('00' +
'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF' +
'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE' +
'FFFFFFFF 00000000 00000000 FFFFFFFC').
replace(/ /g, ''), 'hex'),
b: Buffer.from((
'b3312fa7 e23ee7e4 988e056b e3f82d19' +
'181d9c6e fe814112 0314088f 5013875a' +
'c656398d 8a2ed19d 2a85c8ed d3ec2aef').
replace(/ /g, ''), 'hex'),
s: Buffer.from(('00' +
'a335926a a319a27a 1d00896a 6773a482' +
'7acdac73').
replace(/ /g, ''), 'hex'),
n: Buffer.from(('00' +
'ffffffff ffffffff ffffffff ffffffff' +
'ffffffff ffffffff c7634d81 f4372ddf' +
'581a0db2 48b0a77a ecec196a ccc52973').
replace(/ /g, ''), 'hex'),
G: Buffer.from(('04' +
'aa87ca22 be8b0537 8eb1c71e f320ad74' +
'6e1d3b62 8ba79b98 59f741e0 82542a38' +
'5502f25d bf55296c 3a545e38 72760ab7' +
'3617de4a 96262c6f 5d9e98bf 9292dc29' +
'f8f41dbd 289a147c e9da3113 b5f0b8c0' +
'0a60b1ce 1d7e819d 7a431d7c 90ea0e5f').
replace(/ /g, ''), 'hex')
},
'nistp521': {
size: 521,
pkcs8oid: '1.3.132.0.35',
p: Buffer.from((
'01ffffff ffffffff ffffffff ffffffff' +
'ffffffff ffffffff ffffffff ffffffff' +
'ffffffff ffffffff ffffffff ffffffff' +
'ffffffff ffffffff ffffffff ffffffff' +
'ffff').replace(/ /g, ''), 'hex'),
a: Buffer.from(('01FF' +
'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF' +
'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF' +
'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF' +
'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFC').
replace(/ /g, ''), 'hex'),
b: Buffer.from(('51' +
'953eb961 8e1c9a1f 929a21a0 b68540ee' +
'a2da725b 99b315f3 b8b48991 8ef109e1' +
'56193951 ec7e937b 1652c0bd 3bb1bf07' +
'3573df88 3d2c34f1 ef451fd4 6b503f00').