// Copyright 2018 Joyent, Inc.
|
|
|
|
module.exports = {
|
|
read: read,
|
|
write: write
|
|
};
|
|
|
|
var assert = require('assert-plus');
|
|
var asn1 = require('asn1');
|
|
var crypto = require('crypto');
|
|
var Buffer = require('safer-buffer').Buffer;
|
|
var algs = require('../algs');
|
|
var utils = require('../utils');
|
|
var Key = require('../key');
|
|
var PrivateKey = require('../private-key');
|
|
|
|
var pkcs1 = require('./pkcs1');
|
|
var pkcs8 = require('./pkcs8');
|
|
var sshpriv = require('./ssh-private');
|
|
var rfc4253 = require('./rfc4253');
|
|
|
|
var errors = require('../errors');
|
|
|
|
var OID_PBES2 = '1.2.840.113549.1.5.13';
|
|
var OID_PBKDF2 = '1.2.840.113549.1.5.12';
|
|
|
|
var OID_TO_CIPHER = {
|
|
'1.2.840.113549.3.7': '3des-cbc',
|
|
'2.16.840.1.101.3.4.1.2': 'aes128-cbc',
|
|
'2.16.840.1.101.3.4.1.42': 'aes256-cbc'
|
|
};
|
|
var CIPHER_TO_OID = {};
|
|
Object.keys(OID_TO_CIPHER).forEach(function (k) {
|
|
CIPHER_TO_OID[OID_TO_CIPHER[k]] = k;
|
|
});
|
|
|
|
var OID_TO_HASH = {
|
|
'1.2.840.113549.2.7': 'sha1',
|
|
'1.2.840.113549.2.9': 'sha256',
|
|
'1.2.840.113549.2.11': 'sha512'
|
|
};
|
|
var HASH_TO_OID = {};
|
|
Object.keys(OID_TO_HASH).forEach(function (k) {
|
|
HASH_TO_OID[OID_TO_HASH[k]] = k;
|
|
});
|
|
|
|
/*
|
|
* For reading we support both PKCS#1 and PKCS#8. If we find a private key,
|
|
* we just take the public component of it and use that.
|
|
*/
|
|
function read(buf, options, forceType) {
|
|
var input = buf;
|
|
if (typeof (buf) !== 'string') {
|
|
assert.buffer(buf, 'buf');
|
|
buf = buf.toString('ascii');
|
|
}
|
|
|
|
var lines = buf.trim().split(/[\r\n]+/g);
|
|
|
|
var m;
|
|
var si = -1;
|
|
while (!m && si < lines.length) {
|
|
m = lines[++si].match(/*JSSTYLED*/
|
|
/[-]+[ ]*BEGIN ([A-Z0-9][A-Za-z0-9]+ )?(PUBLIC|PRIVATE) KEY[ ]*[-]+/);
|
|
}
|
|
assert.ok(m, 'invalid PEM header');
|
|
|
|
var m2;
|
|
var ei = lines.length;
|
|
while (!m2 && ei > 0) {
|
|
m2 = lines[--ei].match(/*JSSTYLED*/
|
|
/[-]+[ ]*END ([A-Z0-9][A-Za-z0-9]+ )?(PUBLIC|PRIVATE) KEY[ ]*[-]+/);
|
|
}
|
|
assert.ok(m2, 'invalid PEM footer');
|
|
|
|
/* Begin and end banners must match key type */
|
|
assert.equal(m[2], m2[2]);
|
|
var type = m[2].toLowerCase();
|
|
|
|
var alg;
|
|
if (m[1]) {
|
|
/* They also must match algorithms, if given */
|
|
assert.equal(m[1], m2[1], 'PEM header and footer mismatch');
|
|
alg = m[1].trim();
|
|
}
|
|
|
|
lines = lines.slice(si, ei + 1);
|
|
|
|
var headers = {};
|
|
while (true) {
|
|
lines = lines.slice(1);
|
|
m = lines[0].match(/*JSSTYLED*/
|
|
/^([A-Za-z0-9-]+): (.+)$/);
|
|
if (!m)
|
|
break;
|
|
headers[m[1].toLowerCase()] = m[2];
|
|
}
|
|
|
|
/* Chop off the first and last lines */
|
|
lines = lines.slice(0, -1).join('');
|
|
buf = Buffer.from(lines, 'base64');
|
|
|
|
var cipher, key, iv;
|
|
if (headers['proc-type']) {
|
|
var parts = headers['proc-type'].split(',');
|
|
if (parts[0] === '4' && parts[1] === 'ENCRYPTED') {
|
|
if (typeof (options.passphrase) === 'string') {
|
|
options.passphrase = Buffer.from(
|
|
options.passphrase, 'utf-8');
|
|
}
|
|
if (!Buffer.isBuffer(options.passphrase)) {
|
|
throw (new errors.KeyEncryptedError(
|
|
options.filename, 'PEM'));
|
|
} else {
|
|
parts = headers['dek-info'].split(',');
|
|
assert.ok(parts.length === 2);
|
|
cipher = parts[0].toLowerCase();
|
|
iv = Buffer.from(parts[1], 'hex');
|
|
key = utils.opensslKeyDeriv(cipher, iv,
|
|
options.passphrase, 1).key;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (alg && alg.toLowerCase() === 'encrypted') {
|
|
var eder = new asn1.BerReader(buf);
|
|
var pbesEnd;
|
|
eder.readSequence();
|
|
|
|
eder.readSequence();
|
|
pbesEnd = eder.offset + eder.length;
|
|
|
|
var method = eder.readOID();
|
|
if (method !== OID_PBES2) {
|
|
throw (new Error('Unsupported PEM/PKCS8 encryption ' +
|
|
'scheme: ' + method));
|
|
}
|
|
|
|
eder.readSequence(); /* PBES2-params */
|
|
|
|
eder.readSequence(); /* keyDerivationFunc */
|
|
var kdfEnd = eder.offset + eder.length;
|
|
var kdfOid = eder.readOID();
|
|
if (kdfOid !== OID_PBKDF2)
|
|
throw (new Error('Unsupported PBES2 KDF: ' + kdfOid));
|
|
eder.readSequence();
|
|
var salt = eder.readString(asn1.Ber.OctetString, true);
|
|
var iterations = eder.readInt();
|
|
var hashAlg = 'sha1';
|
|
if (eder.offset < kdfEnd) {
|
|
eder.readSequence();
|
|
var hashAlgOid = eder.readOID();
|
|
hashAlg = OID_TO_HASH[hashAlgOid];
|
|
if (hashAlg === undefined) {
|
|
throw (new Error('Unsupported PBKDF2 hash: ' +
|
|
hashAlgOid));
|
|
}
|
|
}
|
|
eder._offset = kdfEnd;
|
|
|
|
eder.readSequence(); /* encryptionScheme */
|
|
var cipherOid = eder.readOID();
|
|
cipher = OID_TO_CIPHER[cipherOid];
|
|
if (cipher === undefined) {
|
|
throw (new Error('Unsupported PBES2 cipher: ' +
|
|
cipherOid));
|
|
}
|
|
iv = eder.readString(asn1.Ber.OctetString, true);
|
|
|
|
eder._offset = pbesEnd;
|
|
buf = eder.readString(asn1.Ber.OctetString, true);
|
|
|
|
if (typeof (options.passphrase) === 'string') {
|
|
options.passphrase = Buffer.from(
|
|
options.passphrase, 'utf-8');
|
|
}
|
|
if (!Buffer.isBuffer(options.passphrase)) {
|
|
throw (new errors.KeyEncryptedError(
|
|
options.filename, 'PEM'));
|
|
}
|
|
|
|
var cinfo = utils.opensshCipherInfo(cipher);
|
|
|
|
cipher = cinfo.opensslName;
|
|
key = utils.pbkdf2(hashAlg, salt, iterations, cinfo.keySize,
|
|
options.passphrase);
|
|
alg = undefined;
|
|
}
|
|
|
|
if (cipher && key && iv) {
|
|
var cipherStream = crypto.createDecipheriv(cipher, key, iv);
|
|
var chunk, chunks = [];
|
|
cipherStream.once('error', function (e) {
|
|
if (e.toString().indexOf('bad decrypt') !== -1) {
|
|
throw (new Error('Incorrect passphrase ' +
|
|
'supplied, could not decrypt key'));
|
|
}
|
|
throw (e);
|
|
});
|
|
cipherStream.write(buf);
|
|
cipherStream.end();
|
|
while ((chunk = cipherStream.read()) !== null)
|
|
chunks.push(chunk);
|
|
buf = Buffer.concat(chunks);
|
|
}
|
|
|
|
/* The new OpenSSH internal format abuses PEM headers */
|
|
if (alg && alg.toLowerCase() === 'openssh')
|
|
return (sshpriv.readSSHPrivate(type, buf, options));
|
|
if (alg && alg.toLowerCase() === 'ssh2')
|
|
return (rfc4253.readType(type, buf, options));
|
|
|
|
var der = new asn1.BerReader(buf);
|
|
der.originalInput = input;
|
|
|
|
/*
|
|
* All of the PEM file types start with a sequence tag, so chop it
|
|
* off here
|
|
*/
|
|
der.readSequence();
|
|
|
|
/* PKCS#1 type keys name an algorithm in the banner explicitly */
|
|
if (alg) {
|
|
if (forceType)
|
|
assert.strictEqual(forceType, 'pkcs1');
|
|
return (pkcs1.readPkcs1(alg, type, der));
|
|
} else {
|
|
if (forceType)
|
|
assert.strictEqual(forceType, 'pkcs8');
|
|
return (pkcs8.readPkcs8(alg, type, der));
|
|
}
|
|
}
|
|
|
|
function write(key, options, type) {
|
|
assert.object(key);
|
|
|
|
var alg = {
|
|
'ecdsa': 'EC',
|
|
'rsa': 'RSA',
|
|
'dsa': 'DSA',
|
|
'ed25519': 'EdDSA'
|
|
}[key.type];
|
|
var header;
|
|
|
|
var der = new asn1.BerWriter();
|
|
|
|
if (PrivateKey.isPrivateKey(key)) {
|
|
if (type && type === 'pkcs8') {
|
|
header = 'PRIVATE KEY';
|
|
pkcs8.writePkcs8(der, key);
|
|
} else {
|
|
if (type)
|
|
assert.strictEqual(type, 'pkcs1');
|
|
header = alg + ' PRIVATE KEY';
|
|
pkcs1.writePkcs1(der, key);
|
|
}
|
|
|
|
} else if (Key.isKey(key)) {
|
|
if (type && type === 'pkcs1') {
|
|
header = alg + ' PUBLIC KEY';
|
|
pkcs1.writePkcs1(der, key);
|
|
} else {
|
|
if (type)
|
|
assert.strictEqual(type, 'pkcs8');
|
|
header = 'PUBLIC KEY';
|
|
pkcs8.writePkcs8(der, key);
|
|
}
|
|
|
|
} else {
|
|
throw (new Error('key is not a Key or PrivateKey'));
|
|
}
|
|
|
|
var tmp = der.buffer.toString('base64');
|
|
var len = tmp.length + (tmp.length / 64) +
|
|
18 + 16 + header.length*2 + 10;
|
|
var buf = Buffer.alloc(len);
|
|
var o = 0;
|
|
o += buf.write('-----BEGIN ' + header + '-----\n', o);
|
|
for (var i = 0; i < tmp.length; ) {
|
|
var limit = i + 64;
|
|
if (limit > tmp.length)
|
|
limit = tmp.length;
|
|
o += buf.write(tmp.slice(i, limit), o);
|
|
buf[o++] = 10;
|
|
i = limit;
|
|
}
|
|
o += buf.write('-----END ' + header + '-----\n', o);
|
|
|
|
return (buf.slice(0, o));
|
|
}
|