// Copyright 2015 Joyent, Inc.
|
|
|
|
module.exports = Signature;
|
|
|
|
var assert = require('assert-plus');
|
|
var Buffer = require('safer-buffer').Buffer;
|
|
var algs = require('./algs');
|
|
var crypto = require('crypto');
|
|
var errs = require('./errors');
|
|
var utils = require('./utils');
|
|
var asn1 = require('asn1');
|
|
var SSHBuffer = require('./ssh-buffer');
|
|
|
|
var InvalidAlgorithmError = errs.InvalidAlgorithmError;
|
|
var SignatureParseError = errs.SignatureParseError;
|
|
|
|
function Signature(opts) {
|
|
assert.object(opts, 'options');
|
|
assert.arrayOfObject(opts.parts, 'options.parts');
|
|
assert.string(opts.type, 'options.type');
|
|
|
|
var partLookup = {};
|
|
for (var i = 0; i < opts.parts.length; ++i) {
|
|
var part = opts.parts[i];
|
|
partLookup[part.name] = part;
|
|
}
|
|
|
|
this.type = opts.type;
|
|
this.hashAlgorithm = opts.hashAlgo;
|
|
this.curve = opts.curve;
|
|
this.parts = opts.parts;
|
|
this.part = partLookup;
|
|
}
|
|
|
|
Signature.prototype.toBuffer = function (format) {
|
|
if (format === undefined)
|
|
format = 'asn1';
|
|
assert.string(format, 'format');
|
|
|
|
var buf;
|
|
var stype = 'ssh-' + this.type;
|
|
|
|
switch (this.type) {
|
|
case 'rsa':
|
|
switch (this.hashAlgorithm) {
|
|
case 'sha256':
|
|
stype = 'rsa-sha2-256';
|
|
break;
|
|
case 'sha512':
|
|
stype = 'rsa-sha2-512';
|
|
break;
|
|
case 'sha1':
|
|
case undefined:
|
|
break;
|
|
default:
|
|
throw (new Error('SSH signature ' +
|
|
'format does not support hash ' +
|
|
'algorithm ' + this.hashAlgorithm));
|
|
}
|
|
if (format === 'ssh') {
|
|
buf = new SSHBuffer({});
|
|
buf.writeString(stype);
|
|
buf.writePart(this.part.sig);
|
|
return (buf.toBuffer());
|
|
} else {
|
|
return (this.part.sig.data);
|
|
}
|
|
break;
|
|
|
|
case 'ed25519':
|
|
if (format === 'ssh') {
|
|
buf = new SSHBuffer({});
|
|
buf.writeString(stype);
|
|
buf.writePart(this.part.sig);
|
|
return (buf.toBuffer());
|
|
} else {
|
|
return (this.part.sig.data);
|
|
}
|
|
break;
|
|
|
|
case 'dsa':
|
|
case 'ecdsa':
|
|
var r, s;
|
|
if (format === 'asn1') {
|
|
var der = new asn1.BerWriter();
|
|
der.startSequence();
|
|
r = utils.mpNormalize(this.part.r.data);
|
|
s = utils.mpNormalize(this.part.s.data);
|
|
der.writeBuffer(r, asn1.Ber.Integer);
|
|
der.writeBuffer(s, asn1.Ber.Integer);
|
|
der.endSequence();
|
|
return (der.buffer);
|
|
} else if (format === 'ssh' && this.type === 'dsa') {
|
|
buf = new SSHBuffer({});
|
|
buf.writeString('ssh-dss');
|
|
r = this.part.r.data;
|
|
if (r.length > 20 && r[0] === 0x00)
|
|
r = r.slice(1);
|
|
s = this.part.s.data;
|
|
if (s.length > 20 && s[0] === 0x00)
|
|
s = s.slice(1);
|
|
if ((this.hashAlgorithm &&
|
|
this.hashAlgorithm !== 'sha1') ||
|
|
r.length + s.length !== 40) {
|
|
throw (new Error('OpenSSH only supports ' +
|
|
'DSA signatures with SHA1 hash'));
|
|
}
|
|
buf.writeBuffer(Buffer.concat([r, s]));
|
|
return (buf.toBuffer());
|
|
} else if (format === 'ssh' && this.type === 'ecdsa') {
|
|
var inner = new SSHBuffer({});
|
|
r = this.part.r.data;
|
|
inner.writeBuffer(r);
|
|
inner.writePart(this.part.s);
|
|
|
|
buf = new SSHBuffer({});
|
|
/* XXX: find a more proper way to do this? */
|
|
var curve;
|
|
if (r[0] === 0x00)
|
|
r = r.slice(1);
|
|
var sz = r.length * 8;
|
|
if (sz === 256)
|
|
curve = 'nistp256';
|
|
else if (sz === 384)
|
|
curve = 'nistp384';
|
|
else if (sz === 528)
|
|
curve = 'nistp521';
|
|
buf.writeString('ecdsa-sha2-' + curve);
|
|
buf.writeBuffer(inner.toBuffer());
|
|
return (buf.toBuffer());
|
|
}
|
|
throw (new Error('Invalid signature format'));
|
|
default:
|
|
throw (new Error('Invalid signature data'));
|
|
}
|
|
};
|
|
|
|
Signature.prototype.toString = function (format) {
|
|
assert.optionalString(format, 'format');
|
|
return (this.toBuffer(format).toString('base64'));
|
|
};
|
|
|
|
Signature.parse = function (data, type, format) {
|
|
if (typeof (data) === 'string')
|
|
data = Buffer.from(data, 'base64');
|
|
assert.buffer(data, 'data');
|
|
assert.string(format, 'format');
|
|
assert.string(type, 'type');
|
|
|
|
var opts = {};
|
|
opts.type = type.toLowerCase();
|
|
opts.parts = [];
|
|
|
|
try {
|
|
assert.ok(data.length > 0, 'signature must not be empty');
|
|
switch (opts.type) {
|
|
case 'rsa':
|
|
return (parseOneNum(data, type, format, opts));
|
|
case 'ed25519':
|
|
return (parseOneNum(data, type, format, opts));
|
|
|
|
case 'dsa':
|
|
case 'ecdsa':
|
|
if (format === 'asn1')
|
|
return (parseDSAasn1(data, type, format, opts));
|
|
else if (opts.type === 'dsa')
|
|
return (parseDSA(data, type, format, opts));
|
|
else
|
|
return (parseECDSA(data, type, format, opts));
|
|
|
|
default:
|
|
throw (new InvalidAlgorithmError(type));
|
|
}
|
|
|
|
} catch (e) {
|
|
if (e instanceof InvalidAlgorithmError)
|
|
throw (e);
|
|
throw (new SignatureParseError(type, format, e));
|
|
}
|
|
};
|
|
|
|
function parseOneNum(data, type, format, opts) {
|
|
if (format === 'ssh') {
|
|
try {
|
|
var buf = new SSHBuffer({buffer: data});
|
|
var head = buf.readString();
|
|
} catch (e) {
|
|
/* fall through */
|
|
}
|
|
if (buf !== undefined) {
|
|
var msg = 'SSH signature does not match expected ' +
|
|
'type (expected ' + type + ', got ' + head + ')';
|
|
switch (head) {
|
|
case 'ssh-rsa':
|
|
assert.strictEqual(type, 'rsa', msg);
|
|
opts.hashAlgo = 'sha1';
|
|
break;
|
|
case 'rsa-sha2-256':
|
|
assert.strictEqual(type, 'rsa', msg);
|
|
opts.hashAlgo = 'sha256';
|
|
break;
|
|
case 'rsa-sha2-512':
|
|
assert.strictEqual(type, 'rsa', msg);
|
|
opts.hashAlgo = 'sha512';
|
|
break;
|
|
case 'ssh-ed25519':
|
|
assert.strictEqual(type, 'ed25519', msg);
|
|
opts.hashAlgo = 'sha512';
|
|
break;
|
|
default:
|
|
throw (new Error('Unknown SSH signature ' +
|
|
'type: ' + head));
|
|
}
|
|
var sig = buf.readPart();
|
|
assert.ok(buf.atEnd(), 'extra trailing bytes');
|
|
sig.name = 'sig';
|
|
opts.parts.push(sig);
|
|
return (new Signature(opts));
|
|
}
|
|
}
|
|
opts.parts.push({name: 'sig', data: data});
|
|
return (new Signature(opts));
|
|
}
|
|
|
|
function parseDSAasn1(data, type, format, opts) {
|
|
var der = new asn1.BerReader(data);
|
|
der.readSequence();
|
|
var r = der.readString(asn1.Ber.Integer, true);
|
|
var s = der.readString(asn1.Ber.Integer, true);
|
|
|
|
opts.parts.push({name: 'r', data: utils.mpNormalize(r)});
|
|
opts.parts.push({name: 's', data: utils.mpNormalize(s)});
|
|
|
|
return (new Signature(opts));
|
|
}
|
|
|
|
function parseDSA(data, type, format, opts) {
|
|
if (data.length != 40) {
|
|
var buf = new SSHBuffer({buffer: data});
|
|
var d = buf.readBuffer();
|
|
if (d.toString('ascii') === 'ssh-dss')
|
|
d = buf.readBuffer();
|
|
assert.ok(buf.atEnd(), 'extra trailing bytes');
|
|
assert.strictEqual(d.length, 40, 'invalid inner length');
|
|
data = d;
|
|
}
|
|
opts.parts.push({name: 'r', data: data.slice(0, 20)});
|
|
opts.parts.push({name: 's', data: data.slice(20, 40)});
|
|
return (new Signature(opts));
|
|
}
|
|
|
|
function parseECDSA(data, type, format, opts) {
|
|
var buf = new SSHBuffer({buffer: data});
|
|
|
|
var r, s;
|
|
var inner = buf.readBuffer();
|
|
var stype = inner.toString('ascii');
|
|
if (stype.slice(0, 6) === 'ecdsa-') {
|
|
var parts = stype.split('-');
|
|
assert.strictEqual(parts[0], 'ecdsa');
|
|
assert.strictEqual(parts[1], 'sha2');
|
|
opts.curve = parts[2];
|
|
switch (opts.curve) {
|
|
case 'nistp256':
|
|
opts.hashAlgo = 'sha256';
|
|
break;
|
|
case 'nistp384':
|
|
opts.hashAlgo = 'sha384';
|
|
break;
|
|
case 'nistp521':
|
|
opts.hashAlgo = 'sha512';
|
|
break;
|
|
default:
|
|
throw (new Error('Unsupported ECDSA curve: ' +
|
|
opts.curve));
|
|
}
|
|
inner = buf.readBuffer();
|
|
assert.ok(buf.atEnd(), 'extra trailing bytes on outer');
|
|
buf = new SSHBuffer({buffer: inner});
|
|
r = buf.readPart();
|
|
} else {
|
|
r = {data: inner};
|
|
}
|
|
|
|
s = buf.readPart();
|
|
assert.ok(buf.atEnd(), 'extra trailing bytes');
|
|
|
|
r.name = 'r';
|
|
s.name = 's';
|
|
|
|
opts.parts.push(r);
|
|
opts.parts.push(s);
|
|
return (new Signature(opts));
|
|
}
|
|
|
|
Signature.isSignature = function (obj, ver) {
|
|
return (utils.isCompatible(obj, Signature, ver));
|
|
};
|
|
|
|
/*
|
|
* API versions for Signature:
|
|
* [1,0] -- initial ver
|
|
* [2,0] -- support for rsa in full ssh format, compat with sshpk-agent
|
|
* hashAlgorithm property
|
|
* [2,1] -- first tagged version
|
|
*/
|
|
Signature.prototype._sshpkApiVersion = [2, 1];
|
|
|
|
Signature._oldVersionDetect = function (obj) {
|
|
assert.func(obj.toBuffer);
|
|
if (obj.hasOwnProperty('hashAlgorithm'))
|
|
return ([2, 0]);
|
|
return ([1, 0]);
|
|
};
|