1 line
29 KiB
JSON
1 line
29 KiB
JSON
{"ast":null,"code":"// Copyright 2015 Joyent, Inc.\nmodule.exports = Signature;\n\nvar assert = require('assert-plus');\n\nvar Buffer = require('safer-buffer').Buffer;\n\nvar algs = require('./algs');\n\nvar crypto = require('crypto');\n\nvar errs = require('./errors');\n\nvar utils = require('./utils');\n\nvar asn1 = require('asn1');\n\nvar SSHBuffer = require('./ssh-buffer');\n\nvar InvalidAlgorithmError = errs.InvalidAlgorithmError;\nvar SignatureParseError = errs.SignatureParseError;\n\nfunction Signature(opts) {\n assert.object(opts, 'options');\n assert.arrayOfObject(opts.parts, 'options.parts');\n assert.string(opts.type, 'options.type');\n var partLookup = {};\n\n for (var i = 0; i < opts.parts.length; ++i) {\n var part = opts.parts[i];\n partLookup[part.name] = part;\n }\n\n this.type = opts.type;\n this.hashAlgorithm = opts.hashAlgo;\n this.curve = opts.curve;\n this.parts = opts.parts;\n this.part = partLookup;\n}\n\nSignature.prototype.toBuffer = function (format) {\n if (format === undefined) format = 'asn1';\n assert.string(format, 'format');\n var buf;\n var stype = 'ssh-' + this.type;\n\n switch (this.type) {\n case 'rsa':\n switch (this.hashAlgorithm) {\n case 'sha256':\n stype = 'rsa-sha2-256';\n break;\n\n case 'sha512':\n stype = 'rsa-sha2-512';\n break;\n\n case 'sha1':\n case undefined:\n break;\n\n default:\n throw new Error('SSH signature ' + 'format does not support hash ' + 'algorithm ' + this.hashAlgorithm);\n }\n\n if (format === 'ssh') {\n buf = new SSHBuffer({});\n buf.writeString(stype);\n buf.writePart(this.part.sig);\n return buf.toBuffer();\n } else {\n return this.part.sig.data;\n }\n\n break;\n\n case 'ed25519':\n if (format === 'ssh') {\n buf = new SSHBuffer({});\n buf.writeString(stype);\n buf.writePart(this.part.sig);\n return buf.toBuffer();\n } else {\n return this.part.sig.data;\n }\n\n break;\n\n case 'dsa':\n case 'ecdsa':\n var r, s;\n\n if (format === 'asn1') {\n var der = new asn1.BerWriter();\n der.startSequence();\n r = utils.mpNormalize(this.part.r.data);\n s = utils.mpNormalize(this.part.s.data);\n der.writeBuffer(r, asn1.Ber.Integer);\n der.writeBuffer(s, asn1.Ber.Integer);\n der.endSequence();\n return der.buffer;\n } else if (format === 'ssh' && this.type === 'dsa') {\n buf = new SSHBuffer({});\n buf.writeString('ssh-dss');\n r = this.part.r.data;\n if (r.length > 20 && r[0] === 0x00) r = r.slice(1);\n s = this.part.s.data;\n if (s.length > 20 && s[0] === 0x00) s = s.slice(1);\n\n if (this.hashAlgorithm && this.hashAlgorithm !== 'sha1' || r.length + s.length !== 40) {\n throw new Error('OpenSSH only supports ' + 'DSA signatures with SHA1 hash');\n }\n\n buf.writeBuffer(Buffer.concat([r, s]));\n return buf.toBuffer();\n } else if (format === 'ssh' && this.type === 'ecdsa') {\n var inner = new SSHBuffer({});\n r = this.part.r.data;\n inner.writeBuffer(r);\n inner.writePart(this.part.s);\n buf = new SSHBuffer({});\n /* XXX: find a more proper way to do this? */\n\n var curve;\n if (r[0] === 0x00) r = r.slice(1);\n var sz = r.length * 8;\n if (sz === 256) curve = 'nistp256';else if (sz === 384) curve = 'nistp384';else if (sz === 528) curve = 'nistp521';\n buf.writeString('ecdsa-sha2-' + curve);\n buf.writeBuffer(inner.toBuffer());\n return buf.toBuffer();\n }\n\n throw new Error('Invalid signature format');\n\n default:\n throw new Error('Invalid signature data');\n }\n};\n\nSignature.prototype.toString = function (format) {\n assert.optionalString(format, 'format');\n return this.toBuffer(format).toString('base64');\n};\n\nSignature.parse = function (data, type, format) {\n if (typeof data === 'string') data = Buffer.from(data, 'base64');\n assert.buffer(data, 'data');\n assert.string(format, 'format');\n assert.string(type, 'type');\n var opts = {};\n opts.type = type.toLowerCase();\n opts.parts = [];\n\n try {\n assert.ok(data.length > 0, 'signature must not be empty');\n\n switch (opts.type) {\n case 'rsa':\n return parseOneNum(data, type, format, opts);\n\n case 'ed25519':\n return parseOneNum(data, type, format, opts);\n\n case 'dsa':\n case 'ecdsa':\n if (format === 'asn1') return parseDSAasn1(data, type, format, opts);else if (opts.type === 'dsa') return parseDSA(data, type, format, opts);else return parseECDSA(data, type, format, opts);\n\n default:\n throw new InvalidAlgorithmError(type);\n }\n } catch (e) {\n if (e instanceof InvalidAlgorithmError) throw e;\n throw new SignatureParseError(type, format, e);\n }\n};\n\nfunction parseOneNum(data, type, format, opts) {\n if (format === 'ssh') {\n try {\n var buf = new SSHBuffer({\n buffer: data\n });\n var head = buf.readString();\n } catch (e) {\n /* fall through */\n }\n\n if (buf !== undefined) {\n var msg = 'SSH signature does not match expected ' + 'type (expected ' + type + ', got ' + head + ')';\n\n switch (head) {\n case 'ssh-rsa':\n assert.strictEqual(type, 'rsa', msg);\n opts.hashAlgo = 'sha1';\n break;\n\n case 'rsa-sha2-256':\n assert.strictEqual(type, 'rsa', msg);\n opts.hashAlgo = 'sha256';\n break;\n\n case 'rsa-sha2-512':\n assert.strictEqual(type, 'rsa', msg);\n opts.hashAlgo = 'sha512';\n break;\n\n case 'ssh-ed25519':\n assert.strictEqual(type, 'ed25519', msg);\n opts.hashAlgo = 'sha512';\n break;\n\n default:\n throw new Error('Unknown SSH signature ' + 'type: ' + head);\n }\n\n var sig = buf.readPart();\n assert.ok(buf.atEnd(), 'extra trailing bytes');\n sig.name = 'sig';\n opts.parts.push(sig);\n return new Signature(opts);\n }\n }\n\n opts.parts.push({\n name: 'sig',\n data: data\n });\n return new Signature(opts);\n}\n\nfunction parseDSAasn1(data, type, format, opts) {\n var der = new asn1.BerReader(data);\n der.readSequence();\n var r = der.readString(asn1.Ber.Integer, true);\n var s = der.readString(asn1.Ber.Integer, true);\n opts.parts.push({\n name: 'r',\n data: utils.mpNormalize(r)\n });\n opts.parts.push({\n name: 's',\n data: utils.mpNormalize(s)\n });\n return new Signature(opts);\n}\n\nfunction parseDSA(data, type, format, opts) {\n if (data.length != 40) {\n var buf = new SSHBuffer({\n buffer: data\n });\n var d = buf.readBuffer();\n if (d.toString('ascii') === 'ssh-dss') d = buf.readBuffer();\n assert.ok(buf.atEnd(), 'extra trailing bytes');\n assert.strictEqual(d.length, 40, 'invalid inner length');\n data = d;\n }\n\n opts.parts.push({\n name: 'r',\n data: data.slice(0, 20)\n });\n opts.parts.push({\n name: 's',\n data: data.slice(20, 40)\n });\n return new Signature(opts);\n}\n\nfunction parseECDSA(data, type, format, opts) {\n var buf = new SSHBuffer({\n buffer: data\n });\n var r, s;\n var inner = buf.readBuffer();\n var stype = inner.toString('ascii');\n\n if (stype.slice(0, 6) === 'ecdsa-') {\n var parts = stype.split('-');\n assert.strictEqual(parts[0], 'ecdsa');\n assert.strictEqual(parts[1], 'sha2');\n opts.curve = parts[2];\n\n switch (opts.curve) {\n case 'nistp256':\n opts.hashAlgo = 'sha256';\n break;\n\n case 'nistp384':\n opts.hashAlgo = 'sha384';\n break;\n\n case 'nistp521':\n opts.hashAlgo = 'sha512';\n break;\n\n default:\n throw new Error('Unsupported ECDSA curve: ' + opts.curve);\n }\n\n inner = buf.readBuffer();\n assert.ok(buf.atEnd(), 'extra trailing bytes on outer');\n buf = new SSHBuffer({\n buffer: inner\n });\n r = buf.readPart();\n } else {\n r = {\n data: inner\n };\n }\n\n s = buf.readPart();\n assert.ok(buf.atEnd(), 'extra trailing bytes');\n r.name = 'r';\n s.name = 's';\n opts.parts.push(r);\n opts.parts.push(s);\n return new Signature(opts);\n}\n\nSignature.isSignature = function (obj, ver) {\n return utils.isCompatible(obj, Signature, ver);\n};\n/*\n * API versions for Signature:\n * [1,0] -- initial ver\n * [2,0] -- support for rsa in full ssh format, compat with sshpk-agent\n * hashAlgorithm property\n * [2,1] -- first tagged version\n */\n\n\nSignature.prototype._sshpkApiVersion = [2, 1];\n\nSignature._oldVersionDetect = function (obj) {\n assert.func(obj.toBuffer);\n if (obj.hasOwnProperty('hashAlgorithm')) return [2, 0];\n return [1, 0];\n};","map":{"version":3,"sources":["/Users/tylerkoenig/Code/personal/react-scss2/node_modules/sshpk/lib/signature.js"],"names":["module","exports","Signature","assert","require","Buffer","algs","crypto","errs","utils","asn1","SSHBuffer","InvalidAlgorithmError","SignatureParseError","opts","object","arrayOfObject","parts","string","type","partLookup","i","length","part","name","hashAlgorithm","hashAlgo","curve","prototype","toBuffer","format","undefined","buf","stype","Error","writeString","writePart","sig","data","r","s","der","BerWriter","startSequence","mpNormalize","writeBuffer","Ber","Integer","endSequence","buffer","slice","concat","inner","sz","toString","optionalString","parse","from","toLowerCase","ok","parseOneNum","parseDSAasn1","parseDSA","parseECDSA","e","head","readString","msg","strictEqual","readPart","atEnd","push","BerReader","readSequence","d","readBuffer","split","isSignature","obj","ver","isCompatible","_sshpkApiVersion","_oldVersionDetect","func","hasOwnProperty"],"mappings":"AAAA;AAEAA,MAAM,CAACC,OAAP,GAAiBC,SAAjB;;AAEA,IAAIC,MAAM,GAAGC,OAAO,CAAC,aAAD,CAApB;;AACA,IAAIC,MAAM,GAAGD,OAAO,CAAC,cAAD,CAAP,CAAwBC,MAArC;;AACA,IAAIC,IAAI,GAAGF,OAAO,CAAC,QAAD,CAAlB;;AACA,IAAIG,MAAM,GAAGH,OAAO,CAAC,QAAD,CAApB;;AACA,IAAII,IAAI,GAAGJ,OAAO,CAAC,UAAD,CAAlB;;AACA,IAAIK,KAAK,GAAGL,OAAO,CAAC,SAAD,CAAnB;;AACA,IAAIM,IAAI,GAAGN,OAAO,CAAC,MAAD,CAAlB;;AACA,IAAIO,SAAS,GAAGP,OAAO,CAAC,cAAD,CAAvB;;AAEA,IAAIQ,qBAAqB,GAAGJ,IAAI,CAACI,qBAAjC;AACA,IAAIC,mBAAmB,GAAGL,IAAI,CAACK,mBAA/B;;AAEA,SAASX,SAAT,CAAmBY,IAAnB,EAAyB;AACxBX,EAAAA,MAAM,CAACY,MAAP,CAAcD,IAAd,EAAoB,SAApB;AACAX,EAAAA,MAAM,CAACa,aAAP,CAAqBF,IAAI,CAACG,KAA1B,EAAiC,eAAjC;AACAd,EAAAA,MAAM,CAACe,MAAP,CAAcJ,IAAI,CAACK,IAAnB,EAAyB,cAAzB;AAEA,MAAIC,UAAU,GAAG,EAAjB;;AACA,OAAK,IAAIC,CAAC,GAAG,CAAb,EAAgBA,CAAC,GAAGP,IAAI,CAACG,KAAL,CAAWK,MAA/B,EAAuC,EAAED,CAAzC,EAA4C;AAC3C,QAAIE,IAAI,GAAGT,IAAI,CAACG,KAAL,CAAWI,CAAX,CAAX;AACAD,IAAAA,UAAU,CAACG,IAAI,CAACC,IAAN,CAAV,GAAwBD,IAAxB;AACA;;AAED,OAAKJ,IAAL,GAAYL,IAAI,CAACK,IAAjB;AACA,OAAKM,aAAL,GAAqBX,IAAI,CAACY,QAA1B;AACA,OAAKC,KAAL,GAAab,IAAI,CAACa,KAAlB;AACA,OAAKV,KAAL,GAAaH,IAAI,CAACG,KAAlB;AACA,OAAKM,IAAL,GAAYH,UAAZ;AACA;;AAEDlB,SAAS,CAAC0B,SAAV,CAAoBC,QAApB,GAA+B,UAAUC,MAAV,EAAkB;AAChD,MAAIA,MAAM,KAAKC,SAAf,EACCD,MAAM,GAAG,MAAT;AACD3B,EAAAA,MAAM,CAACe,MAAP,CAAcY,MAAd,EAAsB,QAAtB;AAEA,MAAIE,GAAJ;AACA,MAAIC,KAAK,GAAG,SAAS,KAAKd,IAA1B;;AAEA,UAAQ,KAAKA,IAAb;AACA,SAAK,KAAL;AACC,cAAQ,KAAKM,aAAb;AACA,aAAK,QAAL;AACCQ,UAAAA,KAAK,GAAG,cAAR;AACA;;AACD,aAAK,QAAL;AACCA,UAAAA,KAAK,GAAG,cAAR;AACA;;AACD,aAAK,MAAL;AACA,aAAKF,SAAL;AACC;;AACD;AACC,gBAAO,IAAIG,KAAJ,CAAU,mBACb,+BADa,GAEb,YAFa,GAEE,KAAKT,aAFjB,CAAP;AAXD;;AAeA,UAAIK,MAAM,KAAK,KAAf,EAAsB;AACrBE,QAAAA,GAAG,GAAG,IAAIrB,SAAJ,CAAc,EAAd,CAAN;AACAqB,QAAAA,GAAG,CAACG,WAAJ,CAAgBF,KAAhB;AACAD,QAAAA,GAAG,CAACI,SAAJ,CAAc,KAAKb,IAAL,CAAUc,GAAxB;AACA,eAAQL,GAAG,CAACH,QAAJ,EAAR;AACA,OALD,MAKO;AACN,eAAQ,KAAKN,IAAL,CAAUc,GAAV,CAAcC,IAAtB;AACA;;AACD;;AAED,SAAK,SAAL;AACC,UAAIR,MAAM,KAAK,KAAf,EAAsB;AACrBE,QAAAA,GAAG,GAAG,IAAIrB,SAAJ,CAAc,EAAd,CAAN;AACAqB,QAAAA,GAAG,CAACG,WAAJ,CAAgBF,KAAhB;AACAD,QAAAA,GAAG,CAACI,SAAJ,CAAc,KAAKb,IAAL,CAAUc,GAAxB;AACA,eAAQL,GAAG,CAACH,QAAJ,EAAR;AACA,OALD,MAKO;AACN,eAAQ,KAAKN,IAAL,CAAUc,GAAV,CAAcC,IAAtB;AACA;;AACD;;AAED,SAAK,KAAL;AACA,SAAK,OAAL;AACC,UAAIC,CAAJ,EAAOC,CAAP;;AACA,UAAIV,MAAM,KAAK,MAAf,EAAuB;AACtB,YAAIW,GAAG,GAAG,IAAI/B,IAAI,CAACgC,SAAT,EAAV;AACAD,QAAAA,GAAG,CAACE,aAAJ;AACAJ,QAAAA,CAAC,GAAG9B,KAAK,CAACmC,WAAN,CAAkB,KAAKrB,IAAL,CAAUgB,CAAV,CAAYD,IAA9B,CAAJ;AACAE,QAAAA,CAAC,GAAG/B,KAAK,CAACmC,WAAN,CAAkB,KAAKrB,IAAL,CAAUiB,CAAV,CAAYF,IAA9B,CAAJ;AACAG,QAAAA,GAAG,CAACI,WAAJ,CAAgBN,CAAhB,EAAmB7B,IAAI,CAACoC,GAAL,CAASC,OAA5B;AACAN,QAAAA,GAAG,CAACI,WAAJ,CAAgBL,CAAhB,EAAmB9B,IAAI,CAACoC,GAAL,CAASC,OAA5B;AACAN,QAAAA,GAAG,CAACO,WAAJ;AACA,eAAQP,GAAG,CAACQ,MAAZ;AACA,OATD,MASO,IAAInB,MAAM,KAAK,KAAX,IAAoB,KAAKX,IAAL,KAAc,KAAtC,EAA6C;AACnDa,QAAAA,GAAG,GAAG,IAAIrB,SAAJ,CAAc,EAAd,CAAN;AACAqB,QAAAA,GAAG,CAACG,WAAJ,CAAgB,SAAhB;AACAI,QAAAA,CAAC,GAAG,KAAKhB,IAAL,CAAUgB,CAAV,CAAYD,IAAhB;AACA,YAAIC,CAAC,CAACjB,MAAF,GAAW,EAAX,IAAiBiB,CAAC,CAAC,CAAD,CAAD,KAAS,IAA9B,EACCA,CAAC,GAAGA,CAAC,CAACW,KAAF,CAAQ,CAAR,CAAJ;AACDV,QAAAA,CAAC,GAAG,KAAKjB,IAAL,CAAUiB,CAAV,CAAYF,IAAhB;AACA,YAAIE,CAAC,CAAClB,MAAF,GAAW,EAAX,IAAiBkB,CAAC,CAAC,CAAD,CAAD,KAAS,IAA9B,EACCA,CAAC,GAAGA,CAAC,CAACU,KAAF,CAAQ,CAAR,CAAJ;;AACD,YAAK,KAAKzB,aAAL,IACD,KAAKA,aAAL,KAAuB,MADvB,IAEAc,CAAC,CAACjB,MAAF,GAAWkB,CAAC,CAAClB,MAAb,KAAwB,EAF5B,EAEgC;AAC/B,gBAAO,IAAIY,KAAJ,CAAU,2BACb,+BADG,CAAP;AAEA;;AACDF,QAAAA,GAAG,CAACa,WAAJ,CAAgBxC,MAAM,CAAC8C,MAAP,CAAc,CAACZ,CAAD,EAAIC,CAAJ,CAAd,CAAhB;AACA,eAAQR,GAAG,CAACH,QAAJ,EAAR;AACA,OAjBM,MAiBA,IAAIC,MAAM,KAAK,KAAX,IAAoB,KAAKX,IAAL,KAAc,OAAtC,EAA+C;AACrD,YAAIiC,KAAK,GAAG,IAAIzC,SAAJ,CAAc,EAAd,CAAZ;AACA4B,QAAAA,CAAC,GAAG,KAAKhB,IAAL,CAAUgB,CAAV,CAAYD,IAAhB;AACAc,QAAAA,KAAK,CAACP,WAAN,CAAkBN,CAAlB;AACAa,QAAAA,KAAK,CAAChB,SAAN,CAAgB,KAAKb,IAAL,CAAUiB,CAA1B;AAEAR,QAAAA,GAAG,GAAG,IAAIrB,SAAJ,CAAc,EAAd,CAAN;AACA;;AACA,YAAIgB,KAAJ;AACA,YAAIY,CAAC,CAAC,CAAD,CAAD,KAAS,IAAb,EACCA,CAAC,GAAGA,CAAC,CAACW,KAAF,CAAQ,CAAR,CAAJ;AACD,YAAIG,EAAE,GAAGd,CAAC,CAACjB,MAAF,GAAW,CAApB;AACA,YAAI+B,EAAE,KAAK,GAAX,EACC1B,KAAK,GAAG,UAAR,CADD,KAEK,IAAI0B,EAAE,KAAK,GAAX,EACJ1B,KAAK,GAAG,UAAR,CADI,KAEA,IAAI0B,EAAE,KAAK,GAAX,EACJ1B,KAAK,GAAG,UAAR;AACDK,QAAAA,GAAG,CAACG,WAAJ,CAAgB,gBAAgBR,KAAhC;AACAK,QAAAA,GAAG,CAACa,WAAJ,CAAgBO,KAAK,CAACvB,QAAN,EAAhB;AACA,eAAQG,GAAG,CAACH,QAAJ,EAAR;AACA;;AACD,YAAO,IAAIK,KAAJ,CAAU,0BAAV,CAAP;;AACD;AACC,YAAO,IAAIA,KAAJ,CAAU,wBAAV,CAAP;AA3FD;AA6FA,CArGD;;AAuGAhC,SAAS,CAAC0B,SAAV,CAAoB0B,QAApB,GAA+B,UAAUxB,MAAV,EAAkB;AAChD3B,EAAAA,MAAM,CAACoD,cAAP,CAAsBzB,MAAtB,EAA8B,QAA9B;AACA,SAAQ,KAAKD,QAAL,CAAcC,MAAd,EAAsBwB,QAAtB,CAA+B,QAA/B,CAAR;AACA,CAHD;;AAKApD,SAAS,CAACsD,KAAV,GAAkB,UAAUlB,IAAV,EAAgBnB,IAAhB,EAAsBW,MAAtB,EAA8B;AAC/C,MAAI,OAAQQ,IAAR,KAAkB,QAAtB,EACCA,IAAI,GAAGjC,MAAM,CAACoD,IAAP,CAAYnB,IAAZ,EAAkB,QAAlB,CAAP;AACDnC,EAAAA,MAAM,CAAC8C,MAAP,CAAcX,IAAd,EAAoB,MAApB;AACAnC,EAAAA,MAAM,CAACe,MAAP,CAAcY,MAAd,EAAsB,QAAtB;AACA3B,EAAAA,MAAM,CAACe,MAAP,CAAcC,IAAd,EAAoB,MAApB;AAEA,MAAIL,IAAI,GAAG,EAAX;AACAA,EAAAA,IAAI,CAACK,IAAL,GAAYA,IAAI,CAACuC,WAAL,EAAZ;AACA5C,EAAAA,IAAI,CAACG,KAAL,GAAa,EAAb;;AAEA,MAAI;AACHd,IAAAA,MAAM,CAACwD,EAAP,CAAUrB,IAAI,CAAChB,MAAL,GAAc,CAAxB,EAA2B,6BAA3B;;AACA,YAAQR,IAAI,CAACK,IAAb;AACA,WAAK,KAAL;AACC,eAAQyC,WAAW,CAACtB,IAAD,EAAOnB,IAAP,EAAaW,MAAb,EAAqBhB,IAArB,CAAnB;;AACD,WAAK,SAAL;AACC,eAAQ8C,WAAW,CAACtB,IAAD,EAAOnB,IAAP,EAAaW,MAAb,EAAqBhB,IAArB,CAAnB;;AAED,WAAK,KAAL;AACA,WAAK,OAAL;AACC,YAAIgB,MAAM,KAAK,MAAf,EACC,OAAQ+B,YAAY,CAACvB,IAAD,EAAOnB,IAAP,EAAaW,MAAb,EAAqBhB,IAArB,CAApB,CADD,KAEK,IAAIA,IAAI,CAACK,IAAL,KAAc,KAAlB,EACJ,OAAQ2C,QAAQ,CAACxB,IAAD,EAAOnB,IAAP,EAAaW,MAAb,EAAqBhB,IAArB,CAAhB,CADI,KAGJ,OAAQiD,UAAU,CAACzB,IAAD,EAAOnB,IAAP,EAAaW,MAAb,EAAqBhB,IAArB,CAAlB;;AAEF;AACC,cAAO,IAAIF,qBAAJ,CAA0BO,IAA1B,CAAP;AAhBD;AAmBA,GArBD,CAqBE,OAAO6C,CAAP,EAAU;AACX,QAAIA,CAAC,YAAYpD,qBAAjB,EACC,MAAOoD,CAAP;AACD,UAAO,IAAInD,mBAAJ,CAAwBM,IAAxB,EAA8BW,MAA9B,EAAsCkC,CAAtC,CAAP;AACA;AACD,CArCD;;AAuCA,SAASJ,WAAT,CAAqBtB,IAArB,EAA2BnB,IAA3B,EAAiCW,MAAjC,EAAyChB,IAAzC,EAA+C;AAC9C,MAAIgB,MAAM,KAAK,KAAf,EAAsB;AACrB,QAAI;AACH,UAAIE,GAAG,GAAG,IAAIrB,SAAJ,CAAc;AAACsC,QAAAA,MAAM,EAAEX;AAAT,OAAd,CAAV;AACA,UAAI2B,IAAI,GAAGjC,GAAG,CAACkC,UAAJ,EAAX;AACA,KAHD,CAGE,OAAOF,CAAP,EAAU;AACX;AACA;;AACD,QAAIhC,GAAG,KAAKD,SAAZ,EAAuB;AACtB,UAAIoC,GAAG,GAAG,2CACN,iBADM,GACchD,IADd,GACqB,QADrB,GACgC8C,IADhC,GACuC,GADjD;;AAEA,cAAQA,IAAR;AACA,aAAK,SAAL;AACC9D,UAAAA,MAAM,CAACiE,WAAP,CAAmBjD,IAAnB,EAAyB,KAAzB,EAAgCgD,GAAhC;AACArD,UAAAA,IAAI,CAACY,QAAL,GAAgB,MAAhB;AACA;;AACD,aAAK,cAAL;AACCvB,UAAAA,MAAM,CAACiE,WAAP,CAAmBjD,IAAnB,EAAyB,KAAzB,EAAgCgD,GAAhC;AACArD,UAAAA,IAAI,CAACY,QAAL,GAAgB,QAAhB;AACA;;AACD,aAAK,cAAL;AACCvB,UAAAA,MAAM,CAACiE,WAAP,CAAmBjD,IAAnB,EAAyB,KAAzB,EAAgCgD,GAAhC;AACArD,UAAAA,IAAI,CAACY,QAAL,GAAgB,QAAhB;AACA;;AACD,aAAK,aAAL;AACCvB,UAAAA,MAAM,CAACiE,WAAP,CAAmBjD,IAAnB,EAAyB,SAAzB,EAAoCgD,GAApC;AACArD,UAAAA,IAAI,CAACY,QAAL,GAAgB,QAAhB;AACA;;AACD;AACC,gBAAO,IAAIQ,KAAJ,CAAU,2BACb,QADa,GACF+B,IADR,CAAP;AAlBD;;AAqBA,UAAI5B,GAAG,GAAGL,GAAG,CAACqC,QAAJ,EAAV;AACAlE,MAAAA,MAAM,CAACwD,EAAP,CAAU3B,GAAG,CAACsC,KAAJ,EAAV,EAAuB,sBAAvB;AACAjC,MAAAA,GAAG,CAACb,IAAJ,GAAW,KAAX;AACAV,MAAAA,IAAI,CAACG,KAAL,CAAWsD,IAAX,CAAgBlC,GAAhB;AACA,aAAQ,IAAInC,SAAJ,CAAcY,IAAd,CAAR;AACA;AACD;;AACDA,EAAAA,IAAI,CAACG,KAAL,CAAWsD,IAAX,CAAgB;AAAC/C,IAAAA,IAAI,EAAE,KAAP;AAAcc,IAAAA,IAAI,EAAEA;AAApB,GAAhB;AACA,SAAQ,IAAIpC,SAAJ,CAAcY,IAAd,CAAR;AACA;;AAED,SAAS+C,YAAT,CAAsBvB,IAAtB,EAA4BnB,IAA5B,EAAkCW,MAAlC,EAA0ChB,IAA1C,EAAgD;AAC/C,MAAI2B,GAAG,GAAG,IAAI/B,IAAI,CAAC8D,SAAT,CAAmBlC,IAAnB,CAAV;AACAG,EAAAA,GAAG,CAACgC,YAAJ;AACA,MAAIlC,CAAC,GAAGE,GAAG,CAACyB,UAAJ,CAAexD,IAAI,CAACoC,GAAL,CAASC,OAAxB,EAAiC,IAAjC,CAAR;AACA,MAAIP,CAAC,GAAGC,GAAG,CAACyB,UAAJ,CAAexD,IAAI,CAACoC,GAAL,CAASC,OAAxB,EAAiC,IAAjC,CAAR;AAEAjC,EAAAA,IAAI,CAACG,KAAL,CAAWsD,IAAX,CAAgB;AAAC/C,IAAAA,IAAI,EAAE,GAAP;AAAYc,IAAAA,IAAI,EAAE7B,KAAK,CAACmC,WAAN,CAAkBL,CAAlB;AAAlB,GAAhB;AACAzB,EAAAA,IAAI,CAACG,KAAL,CAAWsD,IAAX,CAAgB;AAAC/C,IAAAA,IAAI,EAAE,GAAP;AAAYc,IAAAA,IAAI,EAAE7B,KAAK,CAACmC,WAAN,CAAkBJ,CAAlB;AAAlB,GAAhB;AAEA,SAAQ,IAAItC,SAAJ,CAAcY,IAAd,CAAR;AACA;;AAED,SAASgD,QAAT,CAAkBxB,IAAlB,EAAwBnB,IAAxB,EAA8BW,MAA9B,EAAsChB,IAAtC,EAA4C;AAC3C,MAAIwB,IAAI,CAAChB,MAAL,IAAe,EAAnB,EAAuB;AACtB,QAAIU,GAAG,GAAG,IAAIrB,SAAJ,CAAc;AAACsC,MAAAA,MAAM,EAAEX;AAAT,KAAd,CAAV;AACA,QAAIoC,CAAC,GAAG1C,GAAG,CAAC2C,UAAJ,EAAR;AACA,QAAID,CAAC,CAACpB,QAAF,CAAW,OAAX,MAAwB,SAA5B,EACCoB,CAAC,GAAG1C,GAAG,CAAC2C,UAAJ,EAAJ;AACDxE,IAAAA,MAAM,CAACwD,EAAP,CAAU3B,GAAG,CAACsC,KAAJ,EAAV,EAAuB,sBAAvB;AACAnE,IAAAA,MAAM,CAACiE,WAAP,CAAmBM,CAAC,CAACpD,MAArB,EAA6B,EAA7B,EAAiC,sBAAjC;AACAgB,IAAAA,IAAI,GAAGoC,CAAP;AACA;;AACD5D,EAAAA,IAAI,CAACG,KAAL,CAAWsD,IAAX,CAAgB;AAAC/C,IAAAA,IAAI,EAAE,GAAP;AAAYc,IAAAA,IAAI,EAAEA,IAAI,CAACY,KAAL,CAAW,CAAX,EAAc,EAAd;AAAlB,GAAhB;AACApC,EAAAA,IAAI,CAACG,KAAL,CAAWsD,IAAX,CAAgB;AAAC/C,IAAAA,IAAI,EAAE,GAAP;AAAYc,IAAAA,IAAI,EAAEA,IAAI,CAACY,KAAL,CAAW,EAAX,EAAe,EAAf;AAAlB,GAAhB;AACA,SAAQ,IAAIhD,SAAJ,CAAcY,IAAd,CAAR;AACA;;AAED,SAASiD,UAAT,CAAoBzB,IAApB,EAA0BnB,IAA1B,EAAgCW,MAAhC,EAAwChB,IAAxC,EAA8C;AAC7C,MAAIkB,GAAG,GAAG,IAAIrB,SAAJ,CAAc;AAACsC,IAAAA,MAAM,EAAEX;AAAT,GAAd,CAAV;AAEA,MAAIC,CAAJ,EAAOC,CAAP;AACA,MAAIY,KAAK,GAAGpB,GAAG,CAAC2C,UAAJ,EAAZ;AACA,MAAI1C,KAAK,GAAGmB,KAAK,CAACE,QAAN,CAAe,OAAf,CAAZ;;AACA,MAAIrB,KAAK,CAACiB,KAAN,CAAY,CAAZ,EAAe,CAAf,MAAsB,QAA1B,EAAoC;AACnC,QAAIjC,KAAK,GAAGgB,KAAK,CAAC2C,KAAN,CAAY,GAAZ,CAAZ;AACAzE,IAAAA,MAAM,CAACiE,WAAP,CAAmBnD,KAAK,CAAC,CAAD,CAAxB,EAA6B,OAA7B;AACAd,IAAAA,MAAM,CAACiE,WAAP,CAAmBnD,KAAK,CAAC,CAAD,CAAxB,EAA6B,MAA7B;AACAH,IAAAA,IAAI,CAACa,KAAL,GAAaV,KAAK,CAAC,CAAD,CAAlB;;AACA,YAAQH,IAAI,CAACa,KAAb;AACA,WAAK,UAAL;AACCb,QAAAA,IAAI,CAACY,QAAL,GAAgB,QAAhB;AACA;;AACD,WAAK,UAAL;AACCZ,QAAAA,IAAI,CAACY,QAAL,GAAgB,QAAhB;AACA;;AACD,WAAK,UAAL;AACCZ,QAAAA,IAAI,CAACY,QAAL,GAAgB,QAAhB;AACA;;AACD;AACC,cAAO,IAAIQ,KAAJ,CAAU,8BACbpB,IAAI,CAACa,KADF,CAAP;AAXD;;AAcAyB,IAAAA,KAAK,GAAGpB,GAAG,CAAC2C,UAAJ,EAAR;AACAxE,IAAAA,MAAM,CAACwD,EAAP,CAAU3B,GAAG,CAACsC,KAAJ,EAAV,EAAuB,+BAAvB;AACAtC,IAAAA,GAAG,GAAG,IAAIrB,SAAJ,CAAc;AAACsC,MAAAA,MAAM,EAAEG;AAAT,KAAd,CAAN;AACAb,IAAAA,CAAC,GAAGP,GAAG,CAACqC,QAAJ,EAAJ;AACA,GAvBD,MAuBO;AACN9B,IAAAA,CAAC,GAAG;AAACD,MAAAA,IAAI,EAAEc;AAAP,KAAJ;AACA;;AAEDZ,EAAAA,CAAC,GAAGR,GAAG,CAACqC,QAAJ,EAAJ;AACAlE,EAAAA,MAAM,CAACwD,EAAP,CAAU3B,GAAG,CAACsC,KAAJ,EAAV,EAAuB,sBAAvB;AAEA/B,EAAAA,CAAC,CAACf,IAAF,GAAS,GAAT;AACAgB,EAAAA,CAAC,CAAChB,IAAF,GAAS,GAAT;AAEAV,EAAAA,IAAI,CAACG,KAAL,CAAWsD,IAAX,CAAgBhC,CAAhB;AACAzB,EAAAA,IAAI,CAACG,KAAL,CAAWsD,IAAX,CAAgB/B,CAAhB;AACA,SAAQ,IAAItC,SAAJ,CAAcY,IAAd,CAAR;AACA;;AAEDZ,SAAS,CAAC2E,WAAV,GAAwB,UAAUC,GAAV,EAAeC,GAAf,EAAoB;AAC3C,SAAQtE,KAAK,CAACuE,YAAN,CAAmBF,GAAnB,EAAwB5E,SAAxB,EAAmC6E,GAAnC,CAAR;AACA,CAFD;AAIA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA7E,SAAS,CAAC0B,SAAV,CAAoBqD,gBAApB,GAAuC,CAAC,CAAD,EAAI,CAAJ,CAAvC;;AAEA/E,SAAS,CAACgF,iBAAV,GAA8B,UAAUJ,GAAV,EAAe;AAC5C3E,EAAAA,MAAM,CAACgF,IAAP,CAAYL,GAAG,CAACjD,QAAhB;AACA,MAAIiD,GAAG,CAACM,cAAJ,CAAmB,eAAnB,CAAJ,EACC,OAAQ,CAAC,CAAD,EAAI,CAAJ,CAAR;AACD,SAAQ,CAAC,CAAD,EAAI,CAAJ,CAAR;AACA,CALD","sourcesContent":["// Copyright 2015 Joyent, Inc.\n\nmodule.exports = Signature;\n\nvar assert = require('assert-plus');\nvar Buffer = require('safer-buffer').Buffer;\nvar algs = require('./algs');\nvar crypto = require('crypto');\nvar errs = require('./errors');\nvar utils = require('./utils');\nvar asn1 = require('asn1');\nvar SSHBuffer = require('./ssh-buffer');\n\nvar InvalidAlgorithmError = errs.InvalidAlgorithmError;\nvar SignatureParseError = errs.SignatureParseError;\n\nfunction Signature(opts) {\n\tassert.object(opts, 'options');\n\tassert.arrayOfObject(opts.parts, 'options.parts');\n\tassert.string(opts.type, 'options.type');\n\n\tvar partLookup = {};\n\tfor (var i = 0; i < opts.parts.length; ++i) {\n\t\tvar part = opts.parts[i];\n\t\tpartLookup[part.name] = part;\n\t}\n\n\tthis.type = opts.type;\n\tthis.hashAlgorithm = opts.hashAlgo;\n\tthis.curve = opts.curve;\n\tthis.parts = opts.parts;\n\tthis.part = partLookup;\n}\n\nSignature.prototype.toBuffer = function (format) {\n\tif (format === undefined)\n\t\tformat = 'asn1';\n\tassert.string(format, 'format');\n\n\tvar buf;\n\tvar stype = 'ssh-' + this.type;\n\n\tswitch (this.type) {\n\tcase 'rsa':\n\t\tswitch (this.hashAlgorithm) {\n\t\tcase 'sha256':\n\t\t\tstype = 'rsa-sha2-256';\n\t\t\tbreak;\n\t\tcase 'sha512':\n\t\t\tstype = 'rsa-sha2-512';\n\t\t\tbreak;\n\t\tcase 'sha1':\n\t\tcase undefined:\n\t\t\tbreak;\n\t\tdefault:\n\t\t\tthrow (new Error('SSH signature ' +\n\t\t\t 'format does not support hash ' +\n\t\t\t 'algorithm ' + this.hashAlgorithm));\n\t\t}\n\t\tif (format === 'ssh') {\n\t\t\tbuf = new SSHBuffer({});\n\t\t\tbuf.writeString(stype);\n\t\t\tbuf.writePart(this.part.sig);\n\t\t\treturn (buf.toBuffer());\n\t\t} else {\n\t\t\treturn (this.part.sig.data);\n\t\t}\n\t\tbreak;\n\n\tcase 'ed25519':\n\t\tif (format === 'ssh') {\n\t\t\tbuf = new SSHBuffer({});\n\t\t\tbuf.writeString(stype);\n\t\t\tbuf.writePart(this.part.sig);\n\t\t\treturn (buf.toBuffer());\n\t\t} else {\n\t\t\treturn (this.part.sig.data);\n\t\t}\n\t\tbreak;\n\n\tcase 'dsa':\n\tcase 'ecdsa':\n\t\tvar r, s;\n\t\tif (format === 'asn1') {\n\t\t\tvar der = new asn1.BerWriter();\n\t\t\tder.startSequence();\n\t\t\tr = utils.mpNormalize(this.part.r.data);\n\t\t\ts = utils.mpNormalize(this.part.s.data);\n\t\t\tder.writeBuffer(r, asn1.Ber.Integer);\n\t\t\tder.writeBuffer(s, asn1.Ber.Integer);\n\t\t\tder.endSequence();\n\t\t\treturn (der.buffer);\n\t\t} else if (format === 'ssh' && this.type === 'dsa') {\n\t\t\tbuf = new SSHBuffer({});\n\t\t\tbuf.writeString('ssh-dss');\n\t\t\tr = this.part.r.data;\n\t\t\tif (r.length > 20 && r[0] === 0x00)\n\t\t\t\tr = r.slice(1);\n\t\t\ts = this.part.s.data;\n\t\t\tif (s.length > 20 && s[0] === 0x00)\n\t\t\t\ts = s.slice(1);\n\t\t\tif ((this.hashAlgorithm &&\n\t\t\t this.hashAlgorithm !== 'sha1') ||\n\t\t\t r.length + s.length !== 40) {\n\t\t\t\tthrow (new Error('OpenSSH only supports ' +\n\t\t\t\t 'DSA signatures with SHA1 hash'));\n\t\t\t}\n\t\t\tbuf.writeBuffer(Buffer.concat([r, s]));\n\t\t\treturn (buf.toBuffer());\n\t\t} else if (format === 'ssh' && this.type === 'ecdsa') {\n\t\t\tvar inner = new SSHBuffer({});\n\t\t\tr = this.part.r.data;\n\t\t\tinner.writeBuffer(r);\n\t\t\tinner.writePart(this.part.s);\n\n\t\t\tbuf = new SSHBuffer({});\n\t\t\t/* XXX: find a more proper way to do this? */\n\t\t\tvar curve;\n\t\t\tif (r[0] === 0x00)\n\t\t\t\tr = r.slice(1);\n\t\t\tvar sz = r.length * 8;\n\t\t\tif (sz === 256)\n\t\t\t\tcurve = 'nistp256';\n\t\t\telse if (sz === 384)\n\t\t\t\tcurve = 'nistp384';\n\t\t\telse if (sz === 528)\n\t\t\t\tcurve = 'nistp521';\n\t\t\tbuf.writeString('ecdsa-sha2-' + curve);\n\t\t\tbuf.writeBuffer(inner.toBuffer());\n\t\t\treturn (buf.toBuffer());\n\t\t}\n\t\tthrow (new Error('Invalid signature format'));\n\tdefault:\n\t\tthrow (new Error('Invalid signature data'));\n\t}\n};\n\nSignature.prototype.toString = function (format) {\n\tassert.optionalString(format, 'format');\n\treturn (this.toBuffer(format).toString('base64'));\n};\n\nSignature.parse = function (data, type, format) {\n\tif (typeof (data) === 'string')\n\t\tdata = Buffer.from(data, 'base64');\n\tassert.buffer(data, 'data');\n\tassert.string(format, 'format');\n\tassert.string(type, 'type');\n\n\tvar opts = {};\n\topts.type = type.toLowerCase();\n\topts.parts = [];\n\n\ttry {\n\t\tassert.ok(data.length > 0, 'signature must not be empty');\n\t\tswitch (opts.type) {\n\t\tcase 'rsa':\n\t\t\treturn (parseOneNum(data, type, format, opts));\n\t\tcase 'ed25519':\n\t\t\treturn (parseOneNum(data, type, format, opts));\n\n\t\tcase 'dsa':\n\t\tcase 'ecdsa':\n\t\t\tif (format === 'asn1')\n\t\t\t\treturn (parseDSAasn1(data, type, format, opts));\n\t\t\telse if (opts.type === 'dsa')\n\t\t\t\treturn (parseDSA(data, type, format, opts));\n\t\t\telse\n\t\t\t\treturn (parseECDSA(data, type, format, opts));\n\n\t\tdefault:\n\t\t\tthrow (new InvalidAlgorithmError(type));\n\t\t}\n\n\t} catch (e) {\n\t\tif (e instanceof InvalidAlgorithmError)\n\t\t\tthrow (e);\n\t\tthrow (new SignatureParseError(type, format, e));\n\t}\n};\n\nfunction parseOneNum(data, type, format, opts) {\n\tif (format === 'ssh') {\n\t\ttry {\n\t\t\tvar buf = new SSHBuffer({buffer: data});\n\t\t\tvar head = buf.readString();\n\t\t} catch (e) {\n\t\t\t/* fall through */\n\t\t}\n\t\tif (buf !== undefined) {\n\t\t\tvar msg = 'SSH signature does not match expected ' +\n\t\t\t 'type (expected ' + type + ', got ' + head + ')';\n\t\t\tswitch (head) {\n\t\t\tcase 'ssh-rsa':\n\t\t\t\tassert.strictEqual(type, 'rsa', msg);\n\t\t\t\topts.hashAlgo = 'sha1';\n\t\t\t\tbreak;\n\t\t\tcase 'rsa-sha2-256':\n\t\t\t\tassert.strictEqual(type, 'rsa', msg);\n\t\t\t\topts.hashAlgo = 'sha256';\n\t\t\t\tbreak;\n\t\t\tcase 'rsa-sha2-512':\n\t\t\t\tassert.strictEqual(type, 'rsa', msg);\n\t\t\t\topts.hashAlgo = 'sha512';\n\t\t\t\tbreak;\n\t\t\tcase 'ssh-ed25519':\n\t\t\t\tassert.strictEqual(type, 'ed25519', msg);\n\t\t\t\topts.hashAlgo = 'sha512';\n\t\t\t\tbreak;\n\t\t\tdefault:\n\t\t\t\tthrow (new Error('Unknown SSH signature ' +\n\t\t\t\t 'type: ' + head));\n\t\t\t}\n\t\t\tvar sig = buf.readPart();\n\t\t\tassert.ok(buf.atEnd(), 'extra trailing bytes');\n\t\t\tsig.name = 'sig';\n\t\t\topts.parts.push(sig);\n\t\t\treturn (new Signature(opts));\n\t\t}\n\t}\n\topts.parts.push({name: 'sig', data: data});\n\treturn (new Signature(opts));\n}\n\nfunction parseDSAasn1(data, type, format, opts) {\n\tvar der = new asn1.BerReader(data);\n\tder.readSequence();\n\tvar r = der.readString(asn1.Ber.Integer, true);\n\tvar s = der.readString(asn1.Ber.Integer, true);\n\n\topts.parts.push({name: 'r', data: utils.mpNormalize(r)});\n\topts.parts.push({name: 's', data: utils.mpNormalize(s)});\n\n\treturn (new Signature(opts));\n}\n\nfunction parseDSA(data, type, format, opts) {\n\tif (data.length != 40) {\n\t\tvar buf = new SSHBuffer({buffer: data});\n\t\tvar d = buf.readBuffer();\n\t\tif (d.toString('ascii') === 'ssh-dss')\n\t\t\td = buf.readBuffer();\n\t\tassert.ok(buf.atEnd(), 'extra trailing bytes');\n\t\tassert.strictEqual(d.length, 40, 'invalid inner length');\n\t\tdata = d;\n\t}\n\topts.parts.push({name: 'r', data: data.slice(0, 20)});\n\topts.parts.push({name: 's', data: data.slice(20, 40)});\n\treturn (new Signature(opts));\n}\n\nfunction parseECDSA(data, type, format, opts) {\n\tvar buf = new SSHBuffer({buffer: data});\n\n\tvar r, s;\n\tvar inner = buf.readBuffer();\n\tvar stype = inner.toString('ascii');\n\tif (stype.slice(0, 6) === 'ecdsa-') {\n\t\tvar parts = stype.split('-');\n\t\tassert.strictEqual(parts[0], 'ecdsa');\n\t\tassert.strictEqual(parts[1], 'sha2');\n\t\topts.curve = parts[2];\n\t\tswitch (opts.curve) {\n\t\tcase 'nistp256':\n\t\t\topts.hashAlgo = 'sha256';\n\t\t\tbreak;\n\t\tcase 'nistp384':\n\t\t\topts.hashAlgo = 'sha384';\n\t\t\tbreak;\n\t\tcase 'nistp521':\n\t\t\topts.hashAlgo = 'sha512';\n\t\t\tbreak;\n\t\tdefault:\n\t\t\tthrow (new Error('Unsupported ECDSA curve: ' +\n\t\t\t opts.curve));\n\t\t}\n\t\tinner = buf.readBuffer();\n\t\tassert.ok(buf.atEnd(), 'extra trailing bytes on outer');\n\t\tbuf = new SSHBuffer({buffer: inner});\n\t\tr = buf.readPart();\n\t} else {\n\t\tr = {data: inner};\n\t}\n\n\ts = buf.readPart();\n\tassert.ok(buf.atEnd(), 'extra trailing bytes');\n\n\tr.name = 'r';\n\ts.name = 's';\n\n\topts.parts.push(r);\n\topts.parts.push(s);\n\treturn (new Signature(opts));\n}\n\nSignature.isSignature = function (obj, ver) {\n\treturn (utils.isCompatible(obj, Signature, ver));\n};\n\n/*\n * API versions for Signature:\n * [1,0] -- initial ver\n * [2,0] -- support for rsa in full ssh format, compat with sshpk-agent\n * hashAlgorithm property\n * [2,1] -- first tagged version\n */\nSignature.prototype._sshpkApiVersion = [2, 1];\n\nSignature._oldVersionDetect = function (obj) {\n\tassert.func(obj.toBuffer);\n\tif (obj.hasOwnProperty('hashAlgorithm'))\n\t\treturn ([2, 0]);\n\treturn ([1, 0]);\n};\n"]},"metadata":{},"sourceType":"script"} |