| // Copyright 2018 Joyent, Inc. |
| |
| module.exports = { |
| read: read, |
| write: write |
| }; |
| |
| var assert = require('assert-plus'); |
| var asn1 = require('asn1'); |
| var crypto = require('crypto'); |
| var Buffer = require('safer-buffer').Buffer; |
| var algs = require('../algs'); |
| var utils = require('../utils'); |
| var Key = require('../key'); |
| var PrivateKey = require('../private-key'); |
| |
| var pkcs1 = require('./pkcs1'); |
| var pkcs8 = require('./pkcs8'); |
| var sshpriv = require('./ssh-private'); |
| var rfc4253 = require('./rfc4253'); |
| |
| var errors = require('../errors'); |
| |
| var OID_PBES2 = '1.2.840.113549.1.5.13'; |
| var OID_PBKDF2 = '1.2.840.113549.1.5.12'; |
| |
| var OID_TO_CIPHER = { |
| '1.2.840.113549.3.7': '3des-cbc', |
| '2.16.840.1.101.3.4.1.2': 'aes128-cbc', |
| '2.16.840.1.101.3.4.1.42': 'aes256-cbc' |
| }; |
| var CIPHER_TO_OID = {}; |
| Object.keys(OID_TO_CIPHER).forEach(function (k) { |
| CIPHER_TO_OID[OID_TO_CIPHER[k]] = k; |
| }); |
| |
| var OID_TO_HASH = { |
| '1.2.840.113549.2.7': 'sha1', |
| '1.2.840.113549.2.9': 'sha256', |
| '1.2.840.113549.2.11': 'sha512' |
| }; |
| var HASH_TO_OID = {}; |
| Object.keys(OID_TO_HASH).forEach(function (k) { |
| HASH_TO_OID[OID_TO_HASH[k]] = k; |
| }); |
| |
| /* |
| * For reading we support both PKCS#1 and PKCS#8. If we find a private key, |
| * we just take the public component of it and use that. |
| */ |
| function read(buf, options, forceType) { |
| var input = buf; |
| if (typeof (buf) !== 'string') { |
| assert.buffer(buf, 'buf'); |
| buf = buf.toString('ascii'); |
| } |
| |
| var lines = buf.trim().split(/[\r\n]+/g); |
| |
| var m; |
| var si = -1; |
| while (!m && si < lines.length) { |
| m = lines[++si].match(/*JSSTYLED*/ |
| /[-]+[ ]*BEGIN ([A-Z0-9][A-Za-z0-9]+ )?(PUBLIC|PRIVATE) KEY[ ]*[-]+/); |
| } |
| assert.ok(m, 'invalid PEM header'); |
| |
| var m2; |
| var ei = lines.length; |
| while (!m2 && ei > 0) { |
| m2 = lines[--ei].match(/*JSSTYLED*/ |
| /[-]+[ ]*END ([A-Z0-9][A-Za-z0-9]+ )?(PUBLIC|PRIVATE) KEY[ ]*[-]+/); |
| } |
| assert.ok(m2, 'invalid PEM footer'); |
| |
| /* Begin and end banners must match key type */ |
| assert.equal(m[2], m2[2]); |
| var type = m[2].toLowerCase(); |
| |
| var alg; |
| if (m[1]) { |
| /* They also must match algorithms, if given */ |
| assert.equal(m[1], m2[1], 'PEM header and footer mismatch'); |
| alg = m[1].trim(); |
| } |
| |
| lines = lines.slice(si, ei + 1); |
| |
| var headers = {}; |
| while (true) { |
| lines = lines.slice(1); |
| m = lines[0].match(/*JSSTYLED*/ |
| /^([A-Za-z0-9-]+): (.+)$/); |
| if (!m) |
| break; |
| headers[m[1].toLowerCase()] = m[2]; |
| } |
| |
| /* Chop off the first and last lines */ |
| lines = lines.slice(0, -1).join(''); |
| buf = Buffer.from(lines, 'base64'); |
| |
| var cipher, key, iv; |
| if (headers['proc-type']) { |
| var parts = headers['proc-type'].split(','); |
| if (parts[0] === '4' && parts[1] === 'ENCRYPTED') { |
| if (typeof (options.passphrase) === 'string') { |
| options.passphrase = Buffer.from( |
| options.passphrase, 'utf-8'); |
| } |
| if (!Buffer.isBuffer(options.passphrase)) { |
| throw (new errors.KeyEncryptedError( |
| options.filename, 'PEM')); |
| } else { |
| parts = headers['dek-info'].split(','); |
| assert.ok(parts.length === 2); |
| cipher = parts[0].toLowerCase(); |
| iv = Buffer.from(parts[1], 'hex'); |
| key = utils.opensslKeyDeriv(cipher, iv, |
| options.passphrase, 1).key; |
| } |
| } |
| } |
| |
| if (alg && alg.toLowerCase() === 'encrypted') { |
| var eder = new asn1.BerReader(buf); |
| var pbesEnd; |
| eder.readSequence(); |
| |
| eder.readSequence(); |
| pbesEnd = eder.offset + eder.length; |
| |
| var method = eder.readOID(); |
| if (method !== OID_PBES2) { |
| throw (new Error('Unsupported PEM/PKCS8 encryption ' + |
| 'scheme: ' + method)); |
| } |
| |
| eder.readSequence(); /* PBES2-params */ |
| |
| eder.readSequence(); /* keyDerivationFunc */ |
| var kdfEnd = eder.offset + eder.length; |
| var kdfOid = eder.readOID(); |
| if (kdfOid !== OID_PBKDF2) |
| throw (new Error('Unsupported PBES2 KDF: ' + kdfOid)); |
| eder.readSequence(); |
| var salt = eder.readString(asn1.Ber.OctetString, true); |
| var iterations = eder.readInt(); |
| var hashAlg = 'sha1'; |
| if (eder.offset < kdfEnd) { |
| eder.readSequence(); |
| var hashAlgOid = eder.readOID(); |
| hashAlg = OID_TO_HASH[hashAlgOid]; |
| if (hashAlg === undefined) { |
| throw (new Error('Unsupported PBKDF2 hash: ' + |
| hashAlgOid)); |
| } |
| } |
| eder._offset = kdfEnd; |
| |
| eder.readSequence(); /* encryptionScheme */ |
| var cipherOid = eder.readOID(); |
| cipher = OID_TO_CIPHER[cipherOid]; |
| if (cipher === undefined) { |
| throw (new Error('Unsupported PBES2 cipher: ' + |
| cipherOid)); |
| } |
| iv = eder.readString(asn1.Ber.OctetString, true); |
| |
| eder._offset = pbesEnd; |
| buf = eder.readString(asn1.Ber.OctetString, true); |
| |
| if (typeof (options.passphrase) === 'string') { |
| options.passphrase = Buffer.from( |
| options.passphrase, 'utf-8'); |
| } |
| if (!Buffer.isBuffer(options.passphrase)) { |
| throw (new errors.KeyEncryptedError( |
| options.filename, 'PEM')); |
| } |
| |
| var cinfo = utils.opensshCipherInfo(cipher); |
| |
| cipher = cinfo.opensslName; |
| key = utils.pbkdf2(hashAlg, salt, iterations, cinfo.keySize, |
| options.passphrase); |
| alg = undefined; |
| } |
| |
| if (cipher && key && iv) { |
| var cipherStream = crypto.createDecipheriv(cipher, key, iv); |
| var chunk, chunks = []; |
| cipherStream.once('error', function (e) { |
| if (e.toString().indexOf('bad decrypt') !== -1) { |
| throw (new Error('Incorrect passphrase ' + |
| 'supplied, could not decrypt key')); |
| } |
| throw (e); |
| }); |
| cipherStream.write(buf); |
| cipherStream.end(); |
| while ((chunk = cipherStream.read()) !== null) |
| chunks.push(chunk); |
| buf = Buffer.concat(chunks); |
| } |
| |
| /* The new OpenSSH internal format abuses PEM headers */ |
| if (alg && alg.toLowerCase() === 'openssh') |
| return (sshpriv.readSSHPrivate(type, buf, options)); |
| if (alg && alg.toLowerCase() === 'ssh2') |
| return (rfc4253.readType(type, buf, options)); |
| |
| var der = new asn1.BerReader(buf); |
| der.originalInput = input; |
| |
| /* |
| * All of the PEM file types start with a sequence tag, so chop it |
| * off here |
| */ |
| der.readSequence(); |
| |
| /* PKCS#1 type keys name an algorithm in the banner explicitly */ |
| if (alg) { |
| if (forceType) |
| assert.strictEqual(forceType, 'pkcs1'); |
| return (pkcs1.readPkcs1(alg, type, der)); |
| } else { |
| if (forceType) |
| assert.strictEqual(forceType, 'pkcs8'); |
| return (pkcs8.readPkcs8(alg, type, der)); |
| } |
| } |
| |
| function write(key, options, type) { |
| assert.object(key); |
| |
| var alg = { |
| 'ecdsa': 'EC', |
| 'rsa': 'RSA', |
| 'dsa': 'DSA', |
| 'ed25519': 'EdDSA' |
| }[key.type]; |
| var header; |
| |
| var der = new asn1.BerWriter(); |
| |
| if (PrivateKey.isPrivateKey(key)) { |
| if (type && type === 'pkcs8') { |
| header = 'PRIVATE KEY'; |
| pkcs8.writePkcs8(der, key); |
| } else { |
| if (type) |
| assert.strictEqual(type, 'pkcs1'); |
| header = alg + ' PRIVATE KEY'; |
| pkcs1.writePkcs1(der, key); |
| } |
| |
| } else if (Key.isKey(key)) { |
| if (type && type === 'pkcs1') { |
| header = alg + ' PUBLIC KEY'; |
| pkcs1.writePkcs1(der, key); |
| } else { |
| if (type) |
| assert.strictEqual(type, 'pkcs8'); |
| header = 'PUBLIC KEY'; |
| pkcs8.writePkcs8(der, key); |
| } |
| |
| } else { |
| throw (new Error('key is not a Key or PrivateKey')); |
| } |
| |
| var tmp = der.buffer.toString('base64'); |
| var len = tmp.length + (tmp.length / 64) + |
| 18 + 16 + header.length*2 + 10; |
| var buf = Buffer.alloc(len); |
| var o = 0; |
| o += buf.write('-----BEGIN ' + header + '-----\n', o); |
| for (var i = 0; i < tmp.length; ) { |
| var limit = i + 64; |
| if (limit > tmp.length) |
| limit = tmp.length; |
| o += buf.write(tmp.slice(i, limit), o); |
| buf[o++] = 10; |
| i = limit; |
| } |
| o += buf.write('-----END ' + header + '-----\n', o); |
| |
| return (buf.slice(0, o)); |
| } |