node_modules/node-forge/lib/ssh.js - nifi-fds - Git at Google

 /**
  * Functions to output keys in SSH-friendly formats.
  *
  * This is part of the Forge project which may be used under the terms of
  * either the BSD License or the GNU General Public License (GPL) Version 2.
  *
  * See: https://github.com/digitalbazaar/forge/blob/cbebca3780658703d925b61b2caffb1d263a6c1d/LICENSE
  *
  * @author https://github.com/shellac
  */
 var forge = require('./forge');
 require('./aes');
 require('./hmac');
 require('./md5');
 require('./sha1');
 require('./util');

 var ssh = module.exports = forge.ssh = forge.ssh || {};

 /**
  * Encodes (and optionally encrypts) a private RSA key as a Putty PPK file.
  *
  * @param privateKey the key.
  * @param passphrase a passphrase to protect the key (falsy for no encryption).
  * @param comment a comment to include in the key file.
  *
  * @return the PPK file as a string.
  */
 ssh.privateKeyToPutty = function(privateKey, passphrase, comment) {
   comment = comment || '';
   passphrase = passphrase || '';
   var algorithm = 'ssh-rsa';
   var encryptionAlgorithm = (passphrase === '') ? 'none' : 'aes256-cbc';

   var ppk = 'PuTTY-User-Key-File-2: ' + algorithm + '\r\n';
   ppk += 'Encryption: ' + encryptionAlgorithm + '\r\n';
   ppk += 'Comment: ' + comment + '\r\n';

   // public key into buffer for ppk
   var pubbuffer = forge.util.createBuffer();
   _addStringToBuffer(pubbuffer, algorithm);
   _addBigIntegerToBuffer(pubbuffer, privateKey.e);
   _addBigIntegerToBuffer(pubbuffer, privateKey.n);

   // write public key
   var pub = forge.util.encode64(pubbuffer.bytes(), 64);
   var length = Math.floor(pub.length / 66) + 1; // 66 = 64 + \r\n
   ppk += 'Public-Lines: ' + length + '\r\n';
   ppk += pub;

   // private key into a buffer
   var privbuffer = forge.util.createBuffer();
   _addBigIntegerToBuffer(privbuffer, privateKey.d);
   _addBigIntegerToBuffer(privbuffer, privateKey.p);
   _addBigIntegerToBuffer(privbuffer, privateKey.q);
   _addBigIntegerToBuffer(privbuffer, privateKey.qInv);

   // optionally encrypt the private key
   var priv;
   if(!passphrase) {
     // use the unencrypted buffer
     priv = forge.util.encode64(privbuffer.bytes(), 64);
   } else {
     // encrypt RSA key using passphrase
     var encLen = privbuffer.length() + 16 - 1;
     encLen -= encLen % 16;

     // pad private key with sha1-d data -- needs to be a multiple of 16
     var padding = _sha1(privbuffer.bytes());

     padding.truncate(padding.length() - encLen + privbuffer.length());
     privbuffer.putBuffer(padding);

     var aeskey = forge.util.createBuffer();
     aeskey.putBuffer(_sha1('\x00\x00\x00\x00', passphrase));
     aeskey.putBuffer(_sha1('\x00\x00\x00\x01', passphrase));

     // encrypt some bytes using CBC mode
     // key is 40 bytes, so truncate *by* 8 bytes
     var cipher = forge.aes.createEncryptionCipher(aeskey.truncate(8), 'CBC');
     cipher.start(forge.util.createBuffer().fillWithByte(0, 16));
     cipher.update(privbuffer.copy());
     cipher.finish();
     var encrypted = cipher.output;

     // Note: this appears to differ from Putty -- is forge wrong, or putty?
     // due to padding we finish as an exact multiple of 16
     encrypted.truncate(16); // all padding

     priv = forge.util.encode64(encrypted.bytes(), 64);
   }

   // output private key
   length = Math.floor(priv.length / 66) + 1; // 64 + \r\n
   ppk += '\r\nPrivate-Lines: ' + length + '\r\n';
   ppk += priv;

   // MAC
   var mackey = _sha1('putty-private-key-file-mac-key', passphrase);

   var macbuffer = forge.util.createBuffer();
   _addStringToBuffer(macbuffer, algorithm);
   _addStringToBuffer(macbuffer, encryptionAlgorithm);
   _addStringToBuffer(macbuffer, comment);
   macbuffer.putInt32(pubbuffer.length());
   macbuffer.putBuffer(pubbuffer);
   macbuffer.putInt32(privbuffer.length());
   macbuffer.putBuffer(privbuffer);

   var hmac = forge.hmac.create();
   hmac.start('sha1', mackey);
   hmac.update(macbuffer.bytes());

   ppk += '\r\nPrivate-MAC: ' + hmac.digest().toHex() + '\r\n';

   return ppk;
 };

 /**
  * Encodes a public RSA key as an OpenSSH file.
  *
  * @param key the key.
  * @param comment a comment.
  *
  * @return the public key in OpenSSH format.
  */
 ssh.publicKeyToOpenSSH = function(key, comment) {
   var type = 'ssh-rsa';
   comment = comment || '';

   var buffer = forge.util.createBuffer();
   _addStringToBuffer(buffer, type);
   _addBigIntegerToBuffer(buffer, key.e);
   _addBigIntegerToBuffer(buffer, key.n);

   return type + ' ' + forge.util.encode64(buffer.bytes()) + ' ' + comment;
 };

 /**
  * Encodes a private RSA key as an OpenSSH file.
  *
  * @param key the key.
  * @param passphrase a passphrase to protect the key (falsy for no encryption).
  *
  * @return the public key in OpenSSH format.
  */
 ssh.privateKeyToOpenSSH = function(privateKey, passphrase) {
   if(!passphrase) {
     return forge.pki.privateKeyToPem(privateKey);
   }
   // OpenSSH private key is just a legacy format, it seems
   return forge.pki.encryptRsaPrivateKey(privateKey, passphrase,
     {legacy: true, algorithm: 'aes128'});
 };

 /**
  * Gets the SSH fingerprint for the given public key.
  *
  * @param options the options to use.
  *          [md] the message digest object to use (defaults to forge.md.md5).
  *          [encoding] an alternative output encoding, such as 'hex'
  *            (defaults to none, outputs a byte buffer).
  *          [delimiter] the delimiter to use between bytes for 'hex' encoded
  *            output, eg: ':' (defaults to none).
  *
  * @return the fingerprint as a byte buffer or other encoding based on options.
  */
 ssh.getPublicKeyFingerprint = function(key, options) {
   options = options || {};
   var md = options.md || forge.md.md5.create();

   var type = 'ssh-rsa';
   var buffer = forge.util.createBuffer();
   _addStringToBuffer(buffer, type);
   _addBigIntegerToBuffer(buffer, key.e);
   _addBigIntegerToBuffer(buffer, key.n);

   // hash public key bytes
   md.start();
   md.update(buffer.getBytes());
   var digest = md.digest();
   if(options.encoding === 'hex') {
     var hex = digest.toHex();
     if(options.delimiter) {
       return hex.match(/.{2}/g).join(options.delimiter);
     }
     return hex;
   } else if(options.encoding === 'binary') {
     return digest.getBytes();
   } else if(options.encoding) {
     throw new Error('Unknown encoding "' + options.encoding + '".');
   }
   return digest;
 };

 /**
  * Adds len(val) then val to a buffer.
  *
  * @param buffer the buffer to add to.
  * @param val a big integer.
  */
 function _addBigIntegerToBuffer(buffer, val) {
   var hexVal = val.toString(16);
   // ensure 2s complement +ve
   if(hexVal[0] >= '8') {
     hexVal = '00' + hexVal;
   }
   var bytes = forge.util.hexToBytes(hexVal);
   buffer.putInt32(bytes.length);
   buffer.putBytes(bytes);
 }

 /**
  * Adds len(val) then val to a buffer.
  *
  * @param buffer the buffer to add to.
  * @param val a string.
  */
 function _addStringToBuffer(buffer, val) {
   buffer.putInt32(val.length);
   buffer.putString(val);
 }

 /**
  * Hashes the arguments into one value using SHA-1.
  *
  * @return the sha1 hash of the provided arguments.
  */
 function _sha1() {
   var sha = forge.md.sha1.create();
   var num = arguments.length;
   for (var i = 0; i < num; ++i) {
     sha.update(arguments[i]);
   }
   return sha.digest();
 }
	/**
	* Functions to output keys in SSH-friendly formats.
	*
	* This is part of the Forge project which may be used under the terms of
	* either the BSD License or the GNU General Public License (GPL) Version 2.
	*
	* See: https://github.com/digitalbazaar/forge/blob/cbebca3780658703d925b61b2caffb1d263a6c1d/LICENSE
	*
	* @author https://github.com/shellac
	*/
	var forge = require('./forge');
	require('./aes');
	require('./hmac');
	require('./md5');
	require('./sha1');
	require('./util');

	var ssh = module.exports = forge.ssh = forge.ssh \|\| {};

	/**
	* Encodes (and optionally encrypts) a private RSA key as a Putty PPK file.
	*
	* @param privateKey the key.
	* @param passphrase a passphrase to protect the key (falsy for no encryption).
	* @param comment a comment to include in the key file.
	*
	* @return the PPK file as a string.
	*/
	ssh.privateKeyToPutty = function(privateKey, passphrase, comment) {
	comment = comment \|\| '';
	passphrase = passphrase \|\| '';
	var algorithm = 'ssh-rsa';
	var encryptionAlgorithm = (passphrase === '') ? 'none' : 'aes256-cbc';

	var ppk = 'PuTTY-User-Key-File-2: ' + algorithm + '\r\n';
	ppk += 'Encryption: ' + encryptionAlgorithm + '\r\n';
	ppk += 'Comment: ' + comment + '\r\n';

	// public key into buffer for ppk
	var pubbuffer = forge.util.createBuffer();
	_addStringToBuffer(pubbuffer, algorithm);
	_addBigIntegerToBuffer(pubbuffer, privateKey.e);
	_addBigIntegerToBuffer(pubbuffer, privateKey.n);

	// write public key
	var pub = forge.util.encode64(pubbuffer.bytes(), 64);
	var length = Math.floor(pub.length / 66) + 1; // 66 = 64 + \r\n
	ppk += 'Public-Lines: ' + length + '\r\n';
	ppk += pub;

	// private key into a buffer
	var privbuffer = forge.util.createBuffer();
	_addBigIntegerToBuffer(privbuffer, privateKey.d);
	_addBigIntegerToBuffer(privbuffer, privateKey.p);
	_addBigIntegerToBuffer(privbuffer, privateKey.q);
	_addBigIntegerToBuffer(privbuffer, privateKey.qInv);

	// optionally encrypt the private key
	var priv;
	if(!passphrase) {
	// use the unencrypted buffer
	priv = forge.util.encode64(privbuffer.bytes(), 64);
	} else {
	// encrypt RSA key using passphrase
	var encLen = privbuffer.length() + 16 - 1;
	encLen -= encLen % 16;

	// pad private key with sha1-d data -- needs to be a multiple of 16
	var padding = _sha1(privbuffer.bytes());

	padding.truncate(padding.length() - encLen + privbuffer.length());
	privbuffer.putBuffer(padding);

	var aeskey = forge.util.createBuffer();
	aeskey.putBuffer(_sha1('\x00\x00\x00\x00', passphrase));
	aeskey.putBuffer(_sha1('\x00\x00\x00\x01', passphrase));

	// encrypt some bytes using CBC mode
	// key is 40 bytes, so truncate by 8 bytes
	var cipher = forge.aes.createEncryptionCipher(aeskey.truncate(8), 'CBC');
	cipher.start(forge.util.createBuffer().fillWithByte(0, 16));
	cipher.update(privbuffer.copy());
	cipher.finish();
	var encrypted = cipher.output;

	// Note: this appears to differ from Putty -- is forge wrong, or putty?
	// due to padding we finish as an exact multiple of 16
	encrypted.truncate(16); // all padding

	priv = forge.util.encode64(encrypted.bytes(), 64);
	}

	// output private key
	length = Math.floor(priv.length / 66) + 1; // 64 + \r\n
	ppk += '\r\nPrivate-Lines: ' + length + '\r\n';
	ppk += priv;

	// MAC
	var mackey = _sha1('putty-private-key-file-mac-key', passphrase);

	var macbuffer = forge.util.createBuffer();
	_addStringToBuffer(macbuffer, algorithm);
	_addStringToBuffer(macbuffer, encryptionAlgorithm);
	_addStringToBuffer(macbuffer, comment);
	macbuffer.putInt32(pubbuffer.length());
	macbuffer.putBuffer(pubbuffer);
	macbuffer.putInt32(privbuffer.length());
	macbuffer.putBuffer(privbuffer);

	var hmac = forge.hmac.create();
	hmac.start('sha1', mackey);
	hmac.update(macbuffer.bytes());

	ppk += '\r\nPrivate-MAC: ' + hmac.digest().toHex() + '\r\n';

	return ppk;
	};

	/**
	* Encodes a public RSA key as an OpenSSH file.
	*
	* @param key the key.
	* @param comment a comment.
	*
	* @return the public key in OpenSSH format.
	*/
	ssh.publicKeyToOpenSSH = function(key, comment) {
	var type = 'ssh-rsa';
	comment = comment \|\| '';

	var buffer = forge.util.createBuffer();
	_addStringToBuffer(buffer, type);
	_addBigIntegerToBuffer(buffer, key.e);
	_addBigIntegerToBuffer(buffer, key.n);

	return type + ' ' + forge.util.encode64(buffer.bytes()) + ' ' + comment;
	};

	/**
	* Encodes a private RSA key as an OpenSSH file.
	*
	* @param key the key.
	* @param passphrase a passphrase to protect the key (falsy for no encryption).
	*
	* @return the public key in OpenSSH format.
	*/
	ssh.privateKeyToOpenSSH = function(privateKey, passphrase) {
	if(!passphrase) {
	return forge.pki.privateKeyToPem(privateKey);
	}
	// OpenSSH private key is just a legacy format, it seems
	return forge.pki.encryptRsaPrivateKey(privateKey, passphrase,
	{legacy: true, algorithm: 'aes128'});
	};

	/**
	* Gets the SSH fingerprint for the given public key.
	*
	* @param options the options to use.
	* [md] the message digest object to use (defaults to forge.md.md5).
	* [encoding] an alternative output encoding, such as 'hex'
	* (defaults to none, outputs a byte buffer).
	* [delimiter] the delimiter to use between bytes for 'hex' encoded
	* output, eg: ':' (defaults to none).
	*
	* @return the fingerprint as a byte buffer or other encoding based on options.
	*/
	ssh.getPublicKeyFingerprint = function(key, options) {
	options = options \|\| {};
	var md = options.md \|\| forge.md.md5.create();

	var type = 'ssh-rsa';
	var buffer = forge.util.createBuffer();
	_addStringToBuffer(buffer, type);
	_addBigIntegerToBuffer(buffer, key.e);
	_addBigIntegerToBuffer(buffer, key.n);

	// hash public key bytes
	md.start();
	md.update(buffer.getBytes());
	var digest = md.digest();
	if(options.encoding === 'hex') {
	var hex = digest.toHex();
	if(options.delimiter) {
	return hex.match(/.{2}/g).join(options.delimiter);
	}
	return hex;
	} else if(options.encoding === 'binary') {
	return digest.getBytes();
	} else if(options.encoding) {
	throw new Error('Unknown encoding "' + options.encoding + '".');
	}
	return digest;
	};

	/**
	* Adds len(val) then val to a buffer.
	*
	* @param buffer the buffer to add to.
	* @param val a big integer.
	*/
	function _addBigIntegerToBuffer(buffer, val) {
	var hexVal = val.toString(16);
	// ensure 2s complement +ve
	if(hexVal[0] >= '8') {
	hexVal = '00' + hexVal;
	}
	var bytes = forge.util.hexToBytes(hexVal);
	buffer.putInt32(bytes.length);
	buffer.putBytes(bytes);
	}

	/**
	* Adds len(val) then val to a buffer.
	*
	* @param buffer the buffer to add to.
	* @param val a string.
	*/
	function _addStringToBuffer(buffer, val) {
	buffer.putInt32(val.length);
	buffer.putString(val);
	}

	/**
	* Hashes the arguments into one value using SHA-1.
	*
	* @return the sha1 hash of the provided arguments.
	*/
	function _sha1() {
	var sha = forge.md.sha1.create();
	var num = arguments.length;
	for (var i = 0; i < num; ++i) {
	sha.update(arguments[i]);
	}
	return sha.digest();
	}