| // Copyright 2015 Joyent, Inc. |
| |
| module.exports = Signature; |
| |
| var assert = require('assert-plus'); |
| var Buffer = require('safer-buffer').Buffer; |
| var algs = require('./algs'); |
| var crypto = require('crypto'); |
| var errs = require('./errors'); |
| var utils = require('./utils'); |
| var asn1 = require('asn1'); |
| var SSHBuffer = require('./ssh-buffer'); |
| |
| var InvalidAlgorithmError = errs.InvalidAlgorithmError; |
| var SignatureParseError = errs.SignatureParseError; |
| |
| function Signature(opts) { |
| assert.object(opts, 'options'); |
| assert.arrayOfObject(opts.parts, 'options.parts'); |
| assert.string(opts.type, 'options.type'); |
| |
| var partLookup = {}; |
| for (var i = 0; i < opts.parts.length; ++i) { |
| var part = opts.parts[i]; |
| partLookup[part.name] = part; |
| } |
| |
| this.type = opts.type; |
| this.hashAlgorithm = opts.hashAlgo; |
| this.curve = opts.curve; |
| this.parts = opts.parts; |
| this.part = partLookup; |
| } |
| |
| Signature.prototype.toBuffer = function (format) { |
| if (format === undefined) |
| format = 'asn1'; |
| assert.string(format, 'format'); |
| |
| var buf; |
| var stype = 'ssh-' + this.type; |
| |
| switch (this.type) { |
| case 'rsa': |
| switch (this.hashAlgorithm) { |
| case 'sha256': |
| stype = 'rsa-sha2-256'; |
| break; |
| case 'sha512': |
| stype = 'rsa-sha2-512'; |
| break; |
| case 'sha1': |
| case undefined: |
| break; |
| default: |
| throw (new Error('SSH signature ' + |
| 'format does not support hash ' + |
| 'algorithm ' + this.hashAlgorithm)); |
| } |
| if (format === 'ssh') { |
| buf = new SSHBuffer({}); |
| buf.writeString(stype); |
| buf.writePart(this.part.sig); |
| return (buf.toBuffer()); |
| } else { |
| return (this.part.sig.data); |
| } |
| break; |
| |
| case 'ed25519': |
| if (format === 'ssh') { |
| buf = new SSHBuffer({}); |
| buf.writeString(stype); |
| buf.writePart(this.part.sig); |
| return (buf.toBuffer()); |
| } else { |
| return (this.part.sig.data); |
| } |
| break; |
| |
| case 'dsa': |
| case 'ecdsa': |
| var r, s; |
| if (format === 'asn1') { |
| var der = new asn1.BerWriter(); |
| der.startSequence(); |
| r = utils.mpNormalize(this.part.r.data); |
| s = utils.mpNormalize(this.part.s.data); |
| der.writeBuffer(r, asn1.Ber.Integer); |
| der.writeBuffer(s, asn1.Ber.Integer); |
| der.endSequence(); |
| return (der.buffer); |
| } else if (format === 'ssh' && this.type === 'dsa') { |
| buf = new SSHBuffer({}); |
| buf.writeString('ssh-dss'); |
| r = this.part.r.data; |
| if (r.length > 20 && r[0] === 0x00) |
| r = r.slice(1); |
| s = this.part.s.data; |
| if (s.length > 20 && s[0] === 0x00) |
| s = s.slice(1); |
| if ((this.hashAlgorithm && |
| this.hashAlgorithm !== 'sha1') || |
| r.length + s.length !== 40) { |
| throw (new Error('OpenSSH only supports ' + |
| 'DSA signatures with SHA1 hash')); |
| } |
| buf.writeBuffer(Buffer.concat([r, s])); |
| return (buf.toBuffer()); |
| } else if (format === 'ssh' && this.type === 'ecdsa') { |
| var inner = new SSHBuffer({}); |
| r = this.part.r.data; |
| inner.writeBuffer(r); |
| inner.writePart(this.part.s); |
| |
| buf = new SSHBuffer({}); |
| /* XXX: find a more proper way to do this? */ |
| var curve; |
| if (r[0] === 0x00) |
| r = r.slice(1); |
| var sz = r.length * 8; |
| if (sz === 256) |
| curve = 'nistp256'; |
| else if (sz === 384) |
| curve = 'nistp384'; |
| else if (sz === 528) |
| curve = 'nistp521'; |
| buf.writeString('ecdsa-sha2-' + curve); |
| buf.writeBuffer(inner.toBuffer()); |
| return (buf.toBuffer()); |
| } |
| throw (new Error('Invalid signature format')); |
| default: |
| throw (new Error('Invalid signature data')); |
| } |
| }; |
| |
| Signature.prototype.toString = function (format) { |
| assert.optionalString(format, 'format'); |
| return (this.toBuffer(format).toString('base64')); |
| }; |
| |
| Signature.parse = function (data, type, format) { |
| if (typeof (data) === 'string') |
| data = Buffer.from(data, 'base64'); |
| assert.buffer(data, 'data'); |
| assert.string(format, 'format'); |
| assert.string(type, 'type'); |
| |
| var opts = {}; |
| opts.type = type.toLowerCase(); |
| opts.parts = []; |
| |
| try { |
| assert.ok(data.length > 0, 'signature must not be empty'); |
| switch (opts.type) { |
| case 'rsa': |
| return (parseOneNum(data, type, format, opts)); |
| case 'ed25519': |
| return (parseOneNum(data, type, format, opts)); |
| |
| case 'dsa': |
| case 'ecdsa': |
| if (format === 'asn1') |
| return (parseDSAasn1(data, type, format, opts)); |
| else if (opts.type === 'dsa') |
| return (parseDSA(data, type, format, opts)); |
| else |
| return (parseECDSA(data, type, format, opts)); |
| |
| default: |
| throw (new InvalidAlgorithmError(type)); |
| } |
| |
| } catch (e) { |
| if (e instanceof InvalidAlgorithmError) |
| throw (e); |
| throw (new SignatureParseError(type, format, e)); |
| } |
| }; |
| |
| function parseOneNum(data, type, format, opts) { |
| if (format === 'ssh') { |
| try { |
| var buf = new SSHBuffer({buffer: data}); |
| var head = buf.readString(); |
| } catch (e) { |
| /* fall through */ |
| } |
| if (buf !== undefined) { |
| var msg = 'SSH signature does not match expected ' + |
| 'type (expected ' + type + ', got ' + head + ')'; |
| switch (head) { |
| case 'ssh-rsa': |
| assert.strictEqual(type, 'rsa', msg); |
| opts.hashAlgo = 'sha1'; |
| break; |
| case 'rsa-sha2-256': |
| assert.strictEqual(type, 'rsa', msg); |
| opts.hashAlgo = 'sha256'; |
| break; |
| case 'rsa-sha2-512': |
| assert.strictEqual(type, 'rsa', msg); |
| opts.hashAlgo = 'sha512'; |
| break; |
| case 'ssh-ed25519': |
| assert.strictEqual(type, 'ed25519', msg); |
| opts.hashAlgo = 'sha512'; |
| break; |
| default: |
| throw (new Error('Unknown SSH signature ' + |
| 'type: ' + head)); |
| } |
| var sig = buf.readPart(); |
| assert.ok(buf.atEnd(), 'extra trailing bytes'); |
| sig.name = 'sig'; |
| opts.parts.push(sig); |
| return (new Signature(opts)); |
| } |
| } |
| opts.parts.push({name: 'sig', data: data}); |
| return (new Signature(opts)); |
| } |
| |
| function parseDSAasn1(data, type, format, opts) { |
| var der = new asn1.BerReader(data); |
| der.readSequence(); |
| var r = der.readString(asn1.Ber.Integer, true); |
| var s = der.readString(asn1.Ber.Integer, true); |
| |
| opts.parts.push({name: 'r', data: utils.mpNormalize(r)}); |
| opts.parts.push({name: 's', data: utils.mpNormalize(s)}); |
| |
| return (new Signature(opts)); |
| } |
| |
| function parseDSA(data, type, format, opts) { |
| if (data.length != 40) { |
| var buf = new SSHBuffer({buffer: data}); |
| var d = buf.readBuffer(); |
| if (d.toString('ascii') === 'ssh-dss') |
| d = buf.readBuffer(); |
| assert.ok(buf.atEnd(), 'extra trailing bytes'); |
| assert.strictEqual(d.length, 40, 'invalid inner length'); |
| data = d; |
| } |
| opts.parts.push({name: 'r', data: data.slice(0, 20)}); |
| opts.parts.push({name: 's', data: data.slice(20, 40)}); |
| return (new Signature(opts)); |
| } |
| |
| function parseECDSA(data, type, format, opts) { |
| var buf = new SSHBuffer({buffer: data}); |
| |
| var r, s; |
| var inner = buf.readBuffer(); |
| var stype = inner.toString('ascii'); |
| if (stype.slice(0, 6) === 'ecdsa-') { |
| var parts = stype.split('-'); |
| assert.strictEqual(parts[0], 'ecdsa'); |
| assert.strictEqual(parts[1], 'sha2'); |
| opts.curve = parts[2]; |
| switch (opts.curve) { |
| case 'nistp256': |
| opts.hashAlgo = 'sha256'; |
| break; |
| case 'nistp384': |
| opts.hashAlgo = 'sha384'; |
| break; |
| case 'nistp521': |
| opts.hashAlgo = 'sha512'; |
| break; |
| default: |
| throw (new Error('Unsupported ECDSA curve: ' + |
| opts.curve)); |
| } |
| inner = buf.readBuffer(); |
| assert.ok(buf.atEnd(), 'extra trailing bytes on outer'); |
| buf = new SSHBuffer({buffer: inner}); |
| r = buf.readPart(); |
| } else { |
| r = {data: inner}; |
| } |
| |
| s = buf.readPart(); |
| assert.ok(buf.atEnd(), 'extra trailing bytes'); |
| |
| r.name = 'r'; |
| s.name = 's'; |
| |
| opts.parts.push(r); |
| opts.parts.push(s); |
| return (new Signature(opts)); |
| } |
| |
| Signature.isSignature = function (obj, ver) { |
| return (utils.isCompatible(obj, Signature, ver)); |
| }; |
| |
| /* |
| * API versions for Signature: |
| * [1,0] -- initial ver |
| * [2,0] -- support for rsa in full ssh format, compat with sshpk-agent |
| * hashAlgorithm property |
| * [2,1] -- first tagged version |
| */ |
| Signature.prototype._sshpkApiVersion = [2, 1]; |
| |
| Signature._oldVersionDetect = function (obj) { |
| assert.func(obj.toBuffer); |
| if (obj.hasOwnProperty('hashAlgorithm')) |
| return ([2, 0]); |
| return ([1, 0]); |
| }; |