corrade-nucleus-nucleons – Blame information for rev 22
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
22 | office | 1 | /** |
2 | * Functions to output keys in SSH-friendly formats. |
||
3 | * |
||
4 | * This is part of the Forge project which may be used under the terms of |
||
5 | * either the BSD License or the GNU General Public License (GPL) Version 2. |
||
6 | * |
||
7 | * See: https://github.com/digitalbazaar/forge/blob/cbebca3780658703d925b61b2caffb1d263a6c1d/LICENSE |
||
8 | * |
||
9 | * @author https://github.com/shellac |
||
10 | */ |
||
11 | var forge = require('./forge'); |
||
12 | require('./aes'); |
||
13 | require('./hmac'); |
||
14 | require('./md5'); |
||
15 | require('./sha1'); |
||
16 | require('./util'); |
||
17 | |||
18 | var ssh = module.exports = forge.ssh = forge.ssh || {}; |
||
19 | |||
20 | /** |
||
21 | * Encodes (and optionally encrypts) a private RSA key as a Putty PPK file. |
||
22 | * |
||
23 | * @param privateKey the key. |
||
24 | * @param passphrase a passphrase to protect the key (falsy for no encryption). |
||
25 | * @param comment a comment to include in the key file. |
||
26 | * |
||
27 | * @return the PPK file as a string. |
||
28 | */ |
||
29 | ssh.privateKeyToPutty = function(privateKey, passphrase, comment) { |
||
30 | comment = comment || ''; |
||
31 | passphrase = passphrase || ''; |
||
32 | var algorithm = 'ssh-rsa'; |
||
33 | var encryptionAlgorithm = (passphrase === '') ? 'none' : 'aes256-cbc'; |
||
34 | |||
35 | var ppk = 'PuTTY-User-Key-File-2: ' + algorithm + '\r\n'; |
||
36 | ppk += 'Encryption: ' + encryptionAlgorithm + '\r\n'; |
||
37 | ppk += 'Comment: ' + comment + '\r\n'; |
||
38 | |||
39 | // public key into buffer for ppk |
||
40 | var pubbuffer = forge.util.createBuffer(); |
||
41 | _addStringToBuffer(pubbuffer, algorithm); |
||
42 | _addBigIntegerToBuffer(pubbuffer, privateKey.e); |
||
43 | _addBigIntegerToBuffer(pubbuffer, privateKey.n); |
||
44 | |||
45 | // write public key |
||
46 | var pub = forge.util.encode64(pubbuffer.bytes(), 64); |
||
47 | var length = Math.floor(pub.length / 66) + 1; // 66 = 64 + \r\n |
||
48 | ppk += 'Public-Lines: ' + length + '\r\n'; |
||
49 | ppk += pub; |
||
50 | |||
51 | // private key into a buffer |
||
52 | var privbuffer = forge.util.createBuffer(); |
||
53 | _addBigIntegerToBuffer(privbuffer, privateKey.d); |
||
54 | _addBigIntegerToBuffer(privbuffer, privateKey.p); |
||
55 | _addBigIntegerToBuffer(privbuffer, privateKey.q); |
||
56 | _addBigIntegerToBuffer(privbuffer, privateKey.qInv); |
||
57 | |||
58 | // optionally encrypt the private key |
||
59 | var priv; |
||
60 | if(!passphrase) { |
||
61 | // use the unencrypted buffer |
||
62 | priv = forge.util.encode64(privbuffer.bytes(), 64); |
||
63 | } else { |
||
64 | // encrypt RSA key using passphrase |
||
65 | var encLen = privbuffer.length() + 16 - 1; |
||
66 | encLen -= encLen % 16; |
||
67 | |||
68 | // pad private key with sha1-d data -- needs to be a multiple of 16 |
||
69 | var padding = _sha1(privbuffer.bytes()); |
||
70 | |||
71 | padding.truncate(padding.length() - encLen + privbuffer.length()); |
||
72 | privbuffer.putBuffer(padding); |
||
73 | |||
74 | var aeskey = forge.util.createBuffer(); |
||
75 | aeskey.putBuffer(_sha1('\x00\x00\x00\x00', passphrase)); |
||
76 | aeskey.putBuffer(_sha1('\x00\x00\x00\x01', passphrase)); |
||
77 | |||
78 | // encrypt some bytes using CBC mode |
||
79 | // key is 40 bytes, so truncate *by* 8 bytes |
||
80 | var cipher = forge.aes.createEncryptionCipher(aeskey.truncate(8), 'CBC'); |
||
81 | cipher.start(forge.util.createBuffer().fillWithByte(0, 16)); |
||
82 | cipher.update(privbuffer.copy()); |
||
83 | cipher.finish(); |
||
84 | var encrypted = cipher.output; |
||
85 | |||
86 | // Note: this appears to differ from Putty -- is forge wrong, or putty? |
||
87 | // due to padding we finish as an exact multiple of 16 |
||
88 | encrypted.truncate(16); // all padding |
||
89 | |||
90 | priv = forge.util.encode64(encrypted.bytes(), 64); |
||
91 | } |
||
92 | |||
93 | // output private key |
||
94 | length = Math.floor(priv.length / 66) + 1; // 64 + \r\n |
||
95 | ppk += '\r\nPrivate-Lines: ' + length + '\r\n'; |
||
96 | ppk += priv; |
||
97 | |||
98 | // MAC |
||
99 | var mackey = _sha1('putty-private-key-file-mac-key', passphrase); |
||
100 | |||
101 | var macbuffer = forge.util.createBuffer(); |
||
102 | _addStringToBuffer(macbuffer, algorithm); |
||
103 | _addStringToBuffer(macbuffer, encryptionAlgorithm); |
||
104 | _addStringToBuffer(macbuffer, comment); |
||
105 | macbuffer.putInt32(pubbuffer.length()); |
||
106 | macbuffer.putBuffer(pubbuffer); |
||
107 | macbuffer.putInt32(privbuffer.length()); |
||
108 | macbuffer.putBuffer(privbuffer); |
||
109 | |||
110 | var hmac = forge.hmac.create(); |
||
111 | hmac.start('sha1', mackey); |
||
112 | hmac.update(macbuffer.bytes()); |
||
113 | |||
114 | ppk += '\r\nPrivate-MAC: ' + hmac.digest().toHex() + '\r\n'; |
||
115 | |||
116 | return ppk; |
||
117 | }; |
||
118 | |||
119 | /** |
||
120 | * Encodes a public RSA key as an OpenSSH file. |
||
121 | * |
||
122 | * @param key the key. |
||
123 | * @param comment a comment. |
||
124 | * |
||
125 | * @return the public key in OpenSSH format. |
||
126 | */ |
||
127 | ssh.publicKeyToOpenSSH = function(key, comment) { |
||
128 | var type = 'ssh-rsa'; |
||
129 | comment = comment || ''; |
||
130 | |||
131 | var buffer = forge.util.createBuffer(); |
||
132 | _addStringToBuffer(buffer, type); |
||
133 | _addBigIntegerToBuffer(buffer, key.e); |
||
134 | _addBigIntegerToBuffer(buffer, key.n); |
||
135 | |||
136 | return type + ' ' + forge.util.encode64(buffer.bytes()) + ' ' + comment; |
||
137 | }; |
||
138 | |||
139 | /** |
||
140 | * Encodes a private RSA key as an OpenSSH file. |
||
141 | * |
||
142 | * @param key the key. |
||
143 | * @param passphrase a passphrase to protect the key (falsy for no encryption). |
||
144 | * |
||
145 | * @return the public key in OpenSSH format. |
||
146 | */ |
||
147 | ssh.privateKeyToOpenSSH = function(privateKey, passphrase) { |
||
148 | if(!passphrase) { |
||
149 | return forge.pki.privateKeyToPem(privateKey); |
||
150 | } |
||
151 | // OpenSSH private key is just a legacy format, it seems |
||
152 | return forge.pki.encryptRsaPrivateKey(privateKey, passphrase, |
||
153 | {legacy: true, algorithm: 'aes128'}); |
||
154 | }; |
||
155 | |||
156 | /** |
||
157 | * Gets the SSH fingerprint for the given public key. |
||
158 | * |
||
159 | * @param options the options to use. |
||
160 | * [md] the message digest object to use (defaults to forge.md.md5). |
||
161 | * [encoding] an alternative output encoding, such as 'hex' |
||
162 | * (defaults to none, outputs a byte buffer). |
||
163 | * [delimiter] the delimiter to use between bytes for 'hex' encoded |
||
164 | * output, eg: ':' (defaults to none). |
||
165 | * |
||
166 | * @return the fingerprint as a byte buffer or other encoding based on options. |
||
167 | */ |
||
168 | ssh.getPublicKeyFingerprint = function(key, options) { |
||
169 | options = options || {}; |
||
170 | var md = options.md || forge.md.md5.create(); |
||
171 | |||
172 | var type = 'ssh-rsa'; |
||
173 | var buffer = forge.util.createBuffer(); |
||
174 | _addStringToBuffer(buffer, type); |
||
175 | _addBigIntegerToBuffer(buffer, key.e); |
||
176 | _addBigIntegerToBuffer(buffer, key.n); |
||
177 | |||
178 | // hash public key bytes |
||
179 | md.start(); |
||
180 | md.update(buffer.getBytes()); |
||
181 | var digest = md.digest(); |
||
182 | if(options.encoding === 'hex') { |
||
183 | var hex = digest.toHex(); |
||
184 | if(options.delimiter) { |
||
185 | return hex.match(/.{2}/g).join(options.delimiter); |
||
186 | } |
||
187 | return hex; |
||
188 | } else if(options.encoding === 'binary') { |
||
189 | return digest.getBytes(); |
||
190 | } else if(options.encoding) { |
||
191 | throw new Error('Unknown encoding "' + options.encoding + '".'); |
||
192 | } |
||
193 | return digest; |
||
194 | }; |
||
195 | |||
196 | /** |
||
197 | * Adds len(val) then val to a buffer. |
||
198 | * |
||
199 | * @param buffer the buffer to add to. |
||
200 | * @param val a big integer. |
||
201 | */ |
||
202 | function _addBigIntegerToBuffer(buffer, val) { |
||
203 | var hexVal = val.toString(16); |
||
204 | // ensure 2s complement +ve |
||
205 | if(hexVal[0] >= '8') { |
||
206 | hexVal = '00' + hexVal; |
||
207 | } |
||
208 | var bytes = forge.util.hexToBytes(hexVal); |
||
209 | buffer.putInt32(bytes.length); |
||
210 | buffer.putBytes(bytes); |
||
211 | } |
||
212 | |||
213 | /** |
||
214 | * Adds len(val) then val to a buffer. |
||
215 | * |
||
216 | * @param buffer the buffer to add to. |
||
217 | * @param val a string. |
||
218 | */ |
||
219 | function _addStringToBuffer(buffer, val) { |
||
220 | buffer.putInt32(val.length); |
||
221 | buffer.putString(val); |
||
222 | } |
||
223 | |||
224 | /** |
||
225 | * Hashes the arguments into one value using SHA-1. |
||
226 | * |
||
227 | * @return the sha1 hash of the provided arguments. |
||
228 | */ |
||
229 | function _sha1() { |
||
230 | var sha = forge.md.sha1.create(); |
||
231 | var num = arguments.length; |
||
232 | for (var i = 0; i < num; ++i) { |
||
233 | sha.update(arguments[i]); |
||
234 | } |
||
235 | return sha.digest(); |
||
236 | } |