You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

287 lines
9.0 KiB

  1. // Copyright 2017 Joyent, Inc.
  2. module.exports = {
  3. read: read,
  4. write: write
  5. };
  6. var assert = require('assert-plus');
  7. var Buffer = require('safer-buffer').Buffer;
  8. var Key = require('../key');
  9. var PrivateKey = require('../private-key');
  10. var utils = require('../utils');
  11. var SSHBuffer = require('../ssh-buffer');
  12. var Dhe = require('../dhe');
  13. var supportedAlgos = {
  14. 'rsa-sha1' : 5,
  15. 'rsa-sha256' : 8,
  16. 'rsa-sha512' : 10,
  17. 'ecdsa-p256-sha256' : 13,
  18. 'ecdsa-p384-sha384' : 14
  19. /*
  20. * ed25519 is hypothetically supported with id 15
  21. * but the common tools available don't appear to be
  22. * capable of generating/using ed25519 keys
  23. */
  24. };
  25. var supportedAlgosById = {};
  26. Object.keys(supportedAlgos).forEach(function (k) {
  27. supportedAlgosById[supportedAlgos[k]] = k.toUpperCase();
  28. });
  29. function read(buf, options) {
  30. if (typeof (buf) !== 'string') {
  31. assert.buffer(buf, 'buf');
  32. buf = buf.toString('ascii');
  33. }
  34. var lines = buf.split('\n');
  35. if (lines[0].match(/^Private-key-format\: v1/)) {
  36. var algElems = lines[1].split(' ');
  37. var algoNum = parseInt(algElems[1], 10);
  38. var algoName = algElems[2];
  39. if (!supportedAlgosById[algoNum])
  40. throw (new Error('Unsupported algorithm: ' + algoName));
  41. return (readDNSSECPrivateKey(algoNum, lines.slice(2)));
  42. }
  43. // skip any comment-lines
  44. var line = 0;
  45. /* JSSTYLED */
  46. while (lines[line].match(/^\;/))
  47. line++;
  48. // we should now have *one single* line left with our KEY on it.
  49. if ((lines[line].match(/\. IN KEY /) ||
  50. lines[line].match(/\. IN DNSKEY /)) && lines[line+1].length === 0) {
  51. return (readRFC3110(lines[line]));
  52. }
  53. throw (new Error('Cannot parse dnssec key'));
  54. }
  55. function readRFC3110(keyString) {
  56. var elems = keyString.split(' ');
  57. //unused var flags = parseInt(elems[3], 10);
  58. //unused var protocol = parseInt(elems[4], 10);
  59. var algorithm = parseInt(elems[5], 10);
  60. if (!supportedAlgosById[algorithm])
  61. throw (new Error('Unsupported algorithm: ' + algorithm));
  62. var base64key = elems.slice(6, elems.length).join();
  63. var keyBuffer = Buffer.from(base64key, 'base64');
  64. if (supportedAlgosById[algorithm].match(/^RSA-/)) {
  65. // join the rest of the body into a single base64-blob
  66. var publicExponentLen = keyBuffer.readUInt8(0);
  67. if (publicExponentLen != 3 && publicExponentLen != 1)
  68. throw (new Error('Cannot parse dnssec key: ' +
  69. 'unsupported exponent length'));
  70. var publicExponent = keyBuffer.slice(1, publicExponentLen+1);
  71. publicExponent = utils.mpNormalize(publicExponent);
  72. var modulus = keyBuffer.slice(1+publicExponentLen);
  73. modulus = utils.mpNormalize(modulus);
  74. // now, make the key
  75. var rsaKey = {
  76. type: 'rsa',
  77. parts: []
  78. };
  79. rsaKey.parts.push({ name: 'e', data: publicExponent});
  80. rsaKey.parts.push({ name: 'n', data: modulus});
  81. return (new Key(rsaKey));
  82. }
  83. if (supportedAlgosById[algorithm] === 'ECDSA-P384-SHA384' ||
  84. supportedAlgosById[algorithm] === 'ECDSA-P256-SHA256') {
  85. var curve = 'nistp384';
  86. var size = 384;
  87. if (supportedAlgosById[algorithm].match(/^ECDSA-P256-SHA256/)) {
  88. curve = 'nistp256';
  89. size = 256;
  90. }
  91. var ecdsaKey = {
  92. type: 'ecdsa',
  93. curve: curve,
  94. size: size,
  95. parts: [
  96. {name: 'curve', data: Buffer.from(curve) },
  97. {name: 'Q', data: utils.ecNormalize(keyBuffer) }
  98. ]
  99. };
  100. return (new Key(ecdsaKey));
  101. }
  102. throw (new Error('Unsupported algorithm: ' +
  103. supportedAlgosById[algorithm]));
  104. }
  105. function elementToBuf(e) {
  106. return (Buffer.from(e.split(' ')[1], 'base64'));
  107. }
  108. function readDNSSECRSAPrivateKey(elements) {
  109. var rsaParams = {};
  110. elements.forEach(function (element) {
  111. if (element.split(' ')[0] === 'Modulus:')
  112. rsaParams['n'] = elementToBuf(element);
  113. else if (element.split(' ')[0] === 'PublicExponent:')
  114. rsaParams['e'] = elementToBuf(element);
  115. else if (element.split(' ')[0] === 'PrivateExponent:')
  116. rsaParams['d'] = elementToBuf(element);
  117. else if (element.split(' ')[0] === 'Prime1:')
  118. rsaParams['p'] = elementToBuf(element);
  119. else if (element.split(' ')[0] === 'Prime2:')
  120. rsaParams['q'] = elementToBuf(element);
  121. else if (element.split(' ')[0] === 'Exponent1:')
  122. rsaParams['dmodp'] = elementToBuf(element);
  123. else if (element.split(' ')[0] === 'Exponent2:')
  124. rsaParams['dmodq'] = elementToBuf(element);
  125. else if (element.split(' ')[0] === 'Coefficient:')
  126. rsaParams['iqmp'] = elementToBuf(element);
  127. });
  128. // now, make the key
  129. var key = {
  130. type: 'rsa',
  131. parts: [
  132. { name: 'e', data: utils.mpNormalize(rsaParams['e'])},
  133. { name: 'n', data: utils.mpNormalize(rsaParams['n'])},
  134. { name: 'd', data: utils.mpNormalize(rsaParams['d'])},
  135. { name: 'p', data: utils.mpNormalize(rsaParams['p'])},
  136. { name: 'q', data: utils.mpNormalize(rsaParams['q'])},
  137. { name: 'dmodp',
  138. data: utils.mpNormalize(rsaParams['dmodp'])},
  139. { name: 'dmodq',
  140. data: utils.mpNormalize(rsaParams['dmodq'])},
  141. { name: 'iqmp',
  142. data: utils.mpNormalize(rsaParams['iqmp'])}
  143. ]
  144. };
  145. return (new PrivateKey(key));
  146. }
  147. function readDNSSECPrivateKey(alg, elements) {
  148. if (supportedAlgosById[alg].match(/^RSA-/)) {
  149. return (readDNSSECRSAPrivateKey(elements));
  150. }
  151. if (supportedAlgosById[alg] === 'ECDSA-P384-SHA384' ||
  152. supportedAlgosById[alg] === 'ECDSA-P256-SHA256') {
  153. var d = Buffer.from(elements[0].split(' ')[1], 'base64');
  154. var curve = 'nistp384';
  155. var size = 384;
  156. if (supportedAlgosById[alg] === 'ECDSA-P256-SHA256') {
  157. curve = 'nistp256';
  158. size = 256;
  159. }
  160. // DNSSEC generates the public-key on the fly (go calculate it)
  161. var publicKey = utils.publicFromPrivateECDSA(curve, d);
  162. var Q = publicKey.part['Q'].data;
  163. var ecdsaKey = {
  164. type: 'ecdsa',
  165. curve: curve,
  166. size: size,
  167. parts: [
  168. {name: 'curve', data: Buffer.from(curve) },
  169. {name: 'd', data: d },
  170. {name: 'Q', data: Q }
  171. ]
  172. };
  173. return (new PrivateKey(ecdsaKey));
  174. }
  175. throw (new Error('Unsupported algorithm: ' + supportedAlgosById[alg]));
  176. }
  177. function dnssecTimestamp(date) {
  178. var year = date.getFullYear() + ''; //stringify
  179. var month = (date.getMonth() + 1);
  180. var timestampStr = year + month + date.getUTCDate();
  181. timestampStr += '' + date.getUTCHours() + date.getUTCMinutes();
  182. timestampStr += date.getUTCSeconds();
  183. return (timestampStr);
  184. }
  185. function rsaAlgFromOptions(opts) {
  186. if (!opts || !opts.hashAlgo || opts.hashAlgo === 'sha1')
  187. return ('5 (RSASHA1)');
  188. else if (opts.hashAlgo === 'sha256')
  189. return ('8 (RSASHA256)');
  190. else if (opts.hashAlgo === 'sha512')
  191. return ('10 (RSASHA512)');
  192. else
  193. throw (new Error('Unknown or unsupported hash: ' +
  194. opts.hashAlgo));
  195. }
  196. function writeRSA(key, options) {
  197. // if we're missing parts, add them.
  198. if (!key.part.dmodp || !key.part.dmodq) {
  199. utils.addRSAMissing(key);
  200. }
  201. var out = '';
  202. out += 'Private-key-format: v1.3\n';
  203. out += 'Algorithm: ' + rsaAlgFromOptions(options) + '\n';
  204. var n = utils.mpDenormalize(key.part['n'].data);
  205. out += 'Modulus: ' + n.toString('base64') + '\n';
  206. var e = utils.mpDenormalize(key.part['e'].data);
  207. out += 'PublicExponent: ' + e.toString('base64') + '\n';
  208. var d = utils.mpDenormalize(key.part['d'].data);
  209. out += 'PrivateExponent: ' + d.toString('base64') + '\n';
  210. var p = utils.mpDenormalize(key.part['p'].data);
  211. out += 'Prime1: ' + p.toString('base64') + '\n';
  212. var q = utils.mpDenormalize(key.part['q'].data);
  213. out += 'Prime2: ' + q.toString('base64') + '\n';
  214. var dmodp = utils.mpDenormalize(key.part['dmodp'].data);
  215. out += 'Exponent1: ' + dmodp.toString('base64') + '\n';
  216. var dmodq = utils.mpDenormalize(key.part['dmodq'].data);
  217. out += 'Exponent2: ' + dmodq.toString('base64') + '\n';
  218. var iqmp = utils.mpDenormalize(key.part['iqmp'].data);
  219. out += 'Coefficient: ' + iqmp.toString('base64') + '\n';
  220. // Assume that we're valid as-of now
  221. var timestamp = new Date();
  222. out += 'Created: ' + dnssecTimestamp(timestamp) + '\n';
  223. out += 'Publish: ' + dnssecTimestamp(timestamp) + '\n';
  224. out += 'Activate: ' + dnssecTimestamp(timestamp) + '\n';
  225. return (Buffer.from(out, 'ascii'));
  226. }
  227. function writeECDSA(key, options) {
  228. var out = '';
  229. out += 'Private-key-format: v1.3\n';
  230. if (key.curve === 'nistp256') {
  231. out += 'Algorithm: 13 (ECDSAP256SHA256)\n';
  232. } else if (key.curve === 'nistp384') {
  233. out += 'Algorithm: 14 (ECDSAP384SHA384)\n';
  234. } else {
  235. throw (new Error('Unsupported curve'));
  236. }
  237. var base64Key = key.part['d'].data.toString('base64');
  238. out += 'PrivateKey: ' + base64Key + '\n';
  239. // Assume that we're valid as-of now
  240. var timestamp = new Date();
  241. out += 'Created: ' + dnssecTimestamp(timestamp) + '\n';
  242. out += 'Publish: ' + dnssecTimestamp(timestamp) + '\n';
  243. out += 'Activate: ' + dnssecTimestamp(timestamp) + '\n';
  244. return (Buffer.from(out, 'ascii'));
  245. }
  246. function write(key, options) {
  247. if (PrivateKey.isPrivateKey(key)) {
  248. if (key.type === 'rsa') {
  249. return (writeRSA(key, options));
  250. } else if (key.type === 'ecdsa') {
  251. return (writeECDSA(key, options));
  252. } else {
  253. throw (new Error('Unsupported algorithm: ' + key.type));
  254. }
  255. } else if (Key.isKey(key)) {
  256. /*
  257. * RFC3110 requires a keyname, and a keytype, which we
  258. * don't really have a mechanism for specifying such
  259. * additional metadata.
  260. */
  261. throw (new Error('Format "dnssec" only supports ' +
  262. 'writing private keys'));
  263. } else {
  264. throw (new Error('key is not a Key or PrivateKey'));
  265. }
  266. }