| // Copyright 2017 Joyent, Inc. |
| |
| module.exports = { |
| read: read, |
| verify: verify, |
| sign: sign, |
| signAsync: signAsync, |
| write: write, |
| |
| /* Internal private API */ |
| fromBuffer: fromBuffer, |
| toBuffer: toBuffer |
| }; |
| |
| var assert = require('assert-plus'); |
| var SSHBuffer = require('../ssh-buffer'); |
| var crypto = require('crypto'); |
| var Buffer = require('safer-buffer').Buffer; |
| var algs = require('../algs'); |
| var Key = require('../key'); |
| var PrivateKey = require('../private-key'); |
| var Identity = require('../identity'); |
| var rfc4253 = require('./rfc4253'); |
| var Signature = require('../signature'); |
| var utils = require('../utils'); |
| var Certificate = require('../certificate'); |
| |
| function verify(cert, key) { |
| /* |
| * We always give an issuerKey, so if our verify() is being called then |
| * there was no signature. Return false. |
| */ |
| return (false); |
| } |
| |
| var TYPES = { |
| 'user': 1, |
| 'host': 2 |
| }; |
| Object.keys(TYPES).forEach(function (k) { TYPES[TYPES[k]] = k; }); |
| |
| var ECDSA_ALGO = /^ecdsa-sha2-([^@-]+)-cert-v01@openssh.com$/; |
| |
| function read(buf, options) { |
| if (Buffer.isBuffer(buf)) |
| buf = buf.toString('ascii'); |
| var parts = buf.trim().split(/[ \t\n]+/g); |
| if (parts.length < 2 || parts.length > 3) |
| throw (new Error('Not a valid SSH certificate line')); |
| |
| var algo = parts[0]; |
| var data = parts[1]; |
| |
| data = Buffer.from(data, 'base64'); |
| return (fromBuffer(data, algo)); |
| } |
| |
| function fromBuffer(data, algo, partial) { |
| var sshbuf = new SSHBuffer({ buffer: data }); |
| var innerAlgo = sshbuf.readString(); |
| if (algo !== undefined && innerAlgo !== algo) |
| throw (new Error('SSH certificate algorithm mismatch')); |
| if (algo === undefined) |
| algo = innerAlgo; |
| |
| var cert = {}; |
| cert.signatures = {}; |
| cert.signatures.openssh = {}; |
| |
| cert.signatures.openssh.nonce = sshbuf.readBuffer(); |
| |
| var key = {}; |
| var parts = (key.parts = []); |
| key.type = getAlg(algo); |
| |
| var partCount = algs.info[key.type].parts.length; |
| while (parts.length < partCount) |
| parts.push(sshbuf.readPart()); |
| assert.ok(parts.length >= 1, 'key must have at least one part'); |
| |
| var algInfo = algs.info[key.type]; |
| if (key.type === 'ecdsa') { |
| var res = ECDSA_ALGO.exec(algo); |
| assert.ok(res !== null); |
| assert.strictEqual(res[1], parts[0].data.toString()); |
| } |
| |
| for (var i = 0; i < algInfo.parts.length; ++i) { |
| parts[i].name = algInfo.parts[i]; |
| if (parts[i].name !== 'curve' && |
| algInfo.normalize !== false) { |
| var p = parts[i]; |
| p.data = utils.mpNormalize(p.data); |
| } |
| } |
| |
| cert.subjectKey = new Key(key); |
| |
| cert.serial = sshbuf.readInt64(); |
| |
| var type = TYPES[sshbuf.readInt()]; |
| assert.string(type, 'valid cert type'); |
| |
| cert.signatures.openssh.keyId = sshbuf.readString(); |
| |
| var principals = []; |
| var pbuf = sshbuf.readBuffer(); |
| var psshbuf = new SSHBuffer({ buffer: pbuf }); |
| while (!psshbuf.atEnd()) |
| principals.push(psshbuf.readString()); |
| if (principals.length === 0) |
| principals = ['*']; |
| |
| cert.subjects = principals.map(function (pr) { |
| if (type === 'user') |
| return (Identity.forUser(pr)); |
| else if (type === 'host') |
| return (Identity.forHost(pr)); |
| throw (new Error('Unknown identity type ' + type)); |
| }); |
| |
| cert.validFrom = int64ToDate(sshbuf.readInt64()); |
| cert.validUntil = int64ToDate(sshbuf.readInt64()); |
| |
| var exts = []; |
| var extbuf = new SSHBuffer({ buffer: sshbuf.readBuffer() }); |
| var ext; |
| while (!extbuf.atEnd()) { |
| ext = { critical: true }; |
| ext.name = extbuf.readString(); |
| ext.data = extbuf.readBuffer(); |
| exts.push(ext); |
| } |
| extbuf = new SSHBuffer({ buffer: sshbuf.readBuffer() }); |
| while (!extbuf.atEnd()) { |
| ext = { critical: false }; |
| ext.name = extbuf.readString(); |
| ext.data = extbuf.readBuffer(); |
| exts.push(ext); |
| } |
| cert.signatures.openssh.exts = exts; |
| |
| /* reserved */ |
| sshbuf.readBuffer(); |
| |
| var signingKeyBuf = sshbuf.readBuffer(); |
| cert.issuerKey = rfc4253.read(signingKeyBuf); |
| |
| /* |
| * OpenSSH certs don't give the identity of the issuer, just their |
| * public key. So, we use an Identity that matches anything. The |
| * isSignedBy() function will later tell you if the key matches. |
| */ |
| cert.issuer = Identity.forHost('**'); |
| |
| var sigBuf = sshbuf.readBuffer(); |
| cert.signatures.openssh.signature = |
| Signature.parse(sigBuf, cert.issuerKey.type, 'ssh'); |
| |
| if (partial !== undefined) { |
| partial.remainder = sshbuf.remainder(); |
| partial.consumed = sshbuf._offset; |
| } |
| |
| return (new Certificate(cert)); |
| } |
| |
| function int64ToDate(buf) { |
| var i = buf.readUInt32BE(0) * 4294967296; |
| i += buf.readUInt32BE(4); |
| var d = new Date(); |
| d.setTime(i * 1000); |
| d.sourceInt64 = buf; |
| return (d); |
| } |
| |
| function dateToInt64(date) { |
| if (date.sourceInt64 !== undefined) |
| return (date.sourceInt64); |
| var i = Math.round(date.getTime() / 1000); |
| var upper = Math.floor(i / 4294967296); |
| var lower = Math.floor(i % 4294967296); |
| var buf = Buffer.alloc(8); |
| buf.writeUInt32BE(upper, 0); |
| buf.writeUInt32BE(lower, 4); |
| return (buf); |
| } |
| |
| function sign(cert, key) { |
| if (cert.signatures.openssh === undefined) |
| cert.signatures.openssh = {}; |
| try { |
| var blob = toBuffer(cert, true); |
| } catch (e) { |
| delete (cert.signatures.openssh); |
| return (false); |
| } |
| var sig = cert.signatures.openssh; |
| var hashAlgo = undefined; |
| if (key.type === 'rsa' || key.type === 'dsa') |
| hashAlgo = 'sha1'; |
| var signer = key.createSign(hashAlgo); |
| signer.write(blob); |
| sig.signature = signer.sign(); |
| return (true); |
| } |
| |
| function signAsync(cert, signer, done) { |
| if (cert.signatures.openssh === undefined) |
| cert.signatures.openssh = {}; |
| try { |
| var blob = toBuffer(cert, true); |
| } catch (e) { |
| delete (cert.signatures.openssh); |
| done(e); |
| return; |
| } |
| var sig = cert.signatures.openssh; |
| |
| signer(blob, function (err, signature) { |
| if (err) { |
| done(err); |
| return; |
| } |
| try { |
| /* |
| * This will throw if the signature isn't of a |
| * type/algo that can be used for SSH. |
| */ |
| signature.toBuffer('ssh'); |
| } catch (e) { |
| done(e); |
| return; |
| } |
| sig.signature = signature; |
| done(); |
| }); |
| } |
| |
| function write(cert, options) { |
| if (options === undefined) |
| options = {}; |
| |
| var blob = toBuffer(cert); |
| var out = getCertType(cert.subjectKey) + ' ' + blob.toString('base64'); |
| if (options.comment) |
| out = out + ' ' + options.comment; |
| return (out); |
| } |
| |
| |
| function toBuffer(cert, noSig) { |
| assert.object(cert.signatures.openssh, 'signature for openssh format'); |
| var sig = cert.signatures.openssh; |
| |
| if (sig.nonce === undefined) |
| sig.nonce = crypto.randomBytes(16); |
| var buf = new SSHBuffer({}); |
| buf.writeString(getCertType(cert.subjectKey)); |
| buf.writeBuffer(sig.nonce); |
| |
| var key = cert.subjectKey; |
| var algInfo = algs.info[key.type]; |
| algInfo.parts.forEach(function (part) { |
| buf.writePart(key.part[part]); |
| }); |
| |
| buf.writeInt64(cert.serial); |
| |
| var type = cert.subjects[0].type; |
| assert.notStrictEqual(type, 'unknown'); |
| cert.subjects.forEach(function (id) { |
| assert.strictEqual(id.type, type); |
| }); |
| type = TYPES[type]; |
| buf.writeInt(type); |
| |
| if (sig.keyId === undefined) { |
| sig.keyId = cert.subjects[0].type + '_' + |
| (cert.subjects[0].uid || cert.subjects[0].hostname); |
| } |
| buf.writeString(sig.keyId); |
| |
| var sub = new SSHBuffer({}); |
| cert.subjects.forEach(function (id) { |
| if (type === TYPES.host) |
| sub.writeString(id.hostname); |
| else if (type === TYPES.user) |
| sub.writeString(id.uid); |
| }); |
| buf.writeBuffer(sub.toBuffer()); |
| |
| buf.writeInt64(dateToInt64(cert.validFrom)); |
| buf.writeInt64(dateToInt64(cert.validUntil)); |
| |
| var exts = sig.exts; |
| if (exts === undefined) |
| exts = []; |
| |
| var extbuf = new SSHBuffer({}); |
| exts.forEach(function (ext) { |
| if (ext.critical !== true) |
| return; |
| extbuf.writeString(ext.name); |
| extbuf.writeBuffer(ext.data); |
| }); |
| buf.writeBuffer(extbuf.toBuffer()); |
| |
| extbuf = new SSHBuffer({}); |
| exts.forEach(function (ext) { |
| if (ext.critical === true) |
| return; |
| extbuf.writeString(ext.name); |
| extbuf.writeBuffer(ext.data); |
| }); |
| buf.writeBuffer(extbuf.toBuffer()); |
| |
| /* reserved */ |
| buf.writeBuffer(Buffer.alloc(0)); |
| |
| sub = rfc4253.write(cert.issuerKey); |
| buf.writeBuffer(sub); |
| |
| if (!noSig) |
| buf.writeBuffer(sig.signature.toBuffer('ssh')); |
| |
| return (buf.toBuffer()); |
| } |
| |
| function getAlg(certType) { |
| if (certType === 'ssh-rsa-cert-v01@openssh.com') |
| return ('rsa'); |
| if (certType === 'ssh-dss-cert-v01@openssh.com') |
| return ('dsa'); |
| if (certType.match(ECDSA_ALGO)) |
| return ('ecdsa'); |
| if (certType === 'ssh-ed25519-cert-v01@openssh.com') |
| return ('ed25519'); |
| throw (new Error('Unsupported cert type ' + certType)); |
| } |
| |
| function getCertType(key) { |
| if (key.type === 'rsa') |
| return ('ssh-rsa-cert-v01@openssh.com'); |
| if (key.type === 'dsa') |
| return ('ssh-dss-cert-v01@openssh.com'); |
| if (key.type === 'ecdsa') |
| return ('ecdsa-sha2-' + key.curve + '-cert-v01@openssh.com'); |
| if (key.type === 'ed25519') |
| return ('ssh-ed25519-cert-v01@openssh.com'); |
| throw (new Error('Unsupported key type ' + key.type)); |
| } |