1 line
25 KiB
JSON
1 line
25 KiB
JSON
{"ast":null,"code":"// Copyright 2015 Joyent, Inc.\nmodule.exports = {\n read: read,\n readSSHPrivate: readSSHPrivate,\n write: write\n};\n\nvar assert = require('assert-plus');\n\nvar asn1 = require('asn1');\n\nvar Buffer = require('safer-buffer').Buffer;\n\nvar algs = require('../algs');\n\nvar utils = require('../utils');\n\nvar crypto = require('crypto');\n\nvar Key = require('../key');\n\nvar PrivateKey = require('../private-key');\n\nvar pem = require('./pem');\n\nvar rfc4253 = require('./rfc4253');\n\nvar SSHBuffer = require('../ssh-buffer');\n\nvar errors = require('../errors');\n\nvar bcrypt;\n\nfunction read(buf, options) {\n return pem.read(buf, options);\n}\n\nvar MAGIC = 'openssh-key-v1';\n\nfunction readSSHPrivate(type, buf, options) {\n buf = new SSHBuffer({\n buffer: buf\n });\n var magic = buf.readCString();\n assert.strictEqual(magic, MAGIC, 'bad magic string');\n var cipher = buf.readString();\n var kdf = buf.readString();\n var kdfOpts = buf.readBuffer();\n var nkeys = buf.readInt();\n\n if (nkeys !== 1) {\n throw new Error('OpenSSH-format key file contains ' + 'multiple keys: this is unsupported.');\n }\n\n var pubKey = buf.readBuffer();\n\n if (type === 'public') {\n assert.ok(buf.atEnd(), 'excess bytes left after key');\n return rfc4253.read(pubKey);\n }\n\n var privKeyBlob = buf.readBuffer();\n assert.ok(buf.atEnd(), 'excess bytes left after key');\n var kdfOptsBuf = new SSHBuffer({\n buffer: kdfOpts\n });\n\n switch (kdf) {\n case 'none':\n if (cipher !== 'none') {\n throw new Error('OpenSSH-format key uses KDF \"none\" ' + 'but specifies a cipher other than \"none\"');\n }\n\n break;\n\n case 'bcrypt':\n var salt = kdfOptsBuf.readBuffer();\n var rounds = kdfOptsBuf.readInt();\n var cinf = utils.opensshCipherInfo(cipher);\n\n if (bcrypt === undefined) {\n bcrypt = require('bcrypt-pbkdf');\n }\n\n if (typeof options.passphrase === 'string') {\n options.passphrase = Buffer.from(options.passphrase, 'utf-8');\n }\n\n if (!Buffer.isBuffer(options.passphrase)) {\n throw new errors.KeyEncryptedError(options.filename, 'OpenSSH');\n }\n\n var pass = new Uint8Array(options.passphrase);\n var salti = new Uint8Array(salt);\n /* Use the pbkdf to derive both the key and the IV. */\n\n var out = new Uint8Array(cinf.keySize + cinf.blockSize);\n var res = bcrypt.pbkdf(pass, pass.length, salti, salti.length, out, out.length, rounds);\n\n if (res !== 0) {\n throw new Error('bcrypt_pbkdf function returned ' + 'failure, parameters invalid');\n }\n\n out = Buffer.from(out);\n var ckey = out.slice(0, cinf.keySize);\n var iv = out.slice(cinf.keySize, cinf.keySize + cinf.blockSize);\n var cipherStream = crypto.createDecipheriv(cinf.opensslName, ckey, iv);\n cipherStream.setAutoPadding(false);\n var chunk,\n chunks = [];\n cipherStream.once('error', function (e) {\n if (e.toString().indexOf('bad decrypt') !== -1) {\n throw new Error('Incorrect passphrase ' + 'supplied, could not decrypt key');\n }\n\n throw e;\n });\n cipherStream.write(privKeyBlob);\n cipherStream.end();\n\n while ((chunk = cipherStream.read()) !== null) chunks.push(chunk);\n\n privKeyBlob = Buffer.concat(chunks);\n break;\n\n default:\n throw new Error('OpenSSH-format key uses unknown KDF \"' + kdf + '\"');\n }\n\n buf = new SSHBuffer({\n buffer: privKeyBlob\n });\n var checkInt1 = buf.readInt();\n var checkInt2 = buf.readInt();\n\n if (checkInt1 !== checkInt2) {\n throw new Error('Incorrect passphrase supplied, could not ' + 'decrypt key');\n }\n\n var ret = {};\n var key = rfc4253.readInternal(ret, 'private', buf.remainder());\n buf.skip(ret.consumed);\n var comment = buf.readString();\n key.comment = comment;\n return key;\n}\n\nfunction write(key, options) {\n var pubKey;\n if (PrivateKey.isPrivateKey(key)) pubKey = key.toPublic();else pubKey = key;\n var cipher = 'none';\n var kdf = 'none';\n var kdfopts = Buffer.alloc(0);\n var cinf = {\n blockSize: 8\n };\n var passphrase;\n\n if (options !== undefined) {\n passphrase = options.passphrase;\n if (typeof passphrase === 'string') passphrase = Buffer.from(passphrase, 'utf-8');\n\n if (passphrase !== undefined) {\n assert.buffer(passphrase, 'options.passphrase');\n assert.optionalString(options.cipher, 'options.cipher');\n cipher = options.cipher;\n if (cipher === undefined) cipher = 'aes128-ctr';\n cinf = utils.opensshCipherInfo(cipher);\n kdf = 'bcrypt';\n }\n }\n\n var privBuf;\n\n if (PrivateKey.isPrivateKey(key)) {\n privBuf = new SSHBuffer({});\n var checkInt = crypto.randomBytes(4).readUInt32BE(0);\n privBuf.writeInt(checkInt);\n privBuf.writeInt(checkInt);\n privBuf.write(key.toBuffer('rfc4253'));\n privBuf.writeString(key.comment || '');\n var n = 1;\n\n while (privBuf._offset % cinf.blockSize !== 0) privBuf.writeChar(n++);\n\n privBuf = privBuf.toBuffer();\n }\n\n switch (kdf) {\n case 'none':\n break;\n\n case 'bcrypt':\n var salt = crypto.randomBytes(16);\n var rounds = 16;\n var kdfssh = new SSHBuffer({});\n kdfssh.writeBuffer(salt);\n kdfssh.writeInt(rounds);\n kdfopts = kdfssh.toBuffer();\n\n if (bcrypt === undefined) {\n bcrypt = require('bcrypt-pbkdf');\n }\n\n var pass = new Uint8Array(passphrase);\n var salti = new Uint8Array(salt);\n /* Use the pbkdf to derive both the key and the IV. */\n\n var out = new Uint8Array(cinf.keySize + cinf.blockSize);\n var res = bcrypt.pbkdf(pass, pass.length, salti, salti.length, out, out.length, rounds);\n\n if (res !== 0) {\n throw new Error('bcrypt_pbkdf function returned ' + 'failure, parameters invalid');\n }\n\n out = Buffer.from(out);\n var ckey = out.slice(0, cinf.keySize);\n var iv = out.slice(cinf.keySize, cinf.keySize + cinf.blockSize);\n var cipherStream = crypto.createCipheriv(cinf.opensslName, ckey, iv);\n cipherStream.setAutoPadding(false);\n var chunk,\n chunks = [];\n cipherStream.once('error', function (e) {\n throw e;\n });\n cipherStream.write(privBuf);\n cipherStream.end();\n\n while ((chunk = cipherStream.read()) !== null) chunks.push(chunk);\n\n privBuf = Buffer.concat(chunks);\n break;\n\n default:\n throw new Error('Unsupported kdf ' + kdf);\n }\n\n var buf = new SSHBuffer({});\n buf.writeCString(MAGIC);\n buf.writeString(cipher);\n /* cipher */\n\n buf.writeString(kdf);\n /* kdf */\n\n buf.writeBuffer(kdfopts);\n /* kdfoptions */\n\n buf.writeInt(1);\n /* nkeys */\n\n buf.writeBuffer(pubKey.toBuffer('rfc4253'));\n if (privBuf) buf.writeBuffer(privBuf);\n buf = buf.toBuffer();\n var header;\n if (PrivateKey.isPrivateKey(key)) header = 'OPENSSH PRIVATE KEY';else header = 'OPENSSH PUBLIC KEY';\n var tmp = buf.toString('base64');\n var len = tmp.length + tmp.length / 70 + 18 + 16 + header.length * 2 + 10;\n buf = Buffer.alloc(len);\n var o = 0;\n o += buf.write('-----BEGIN ' + header + '-----\\n', o);\n\n for (var i = 0; i < tmp.length;) {\n var limit = i + 70;\n if (limit > tmp.length) limit = tmp.length;\n o += buf.write(tmp.slice(i, limit), o);\n buf[o++] = 10;\n i = limit;\n }\n\n o += buf.write('-----END ' + header + '-----\\n', o);\n return buf.slice(0, o);\n}","map":{"version":3,"sources":["/Users/tylerkoenig/Code/personal/react-scss2/node_modules/sshpk/lib/formats/ssh-private.js"],"names":["module","exports","read","readSSHPrivate","write","assert","require","asn1","Buffer","algs","utils","crypto","Key","PrivateKey","pem","rfc4253","SSHBuffer","errors","bcrypt","buf","options","MAGIC","type","buffer","magic","readCString","strictEqual","cipher","readString","kdf","kdfOpts","readBuffer","nkeys","readInt","Error","pubKey","ok","atEnd","privKeyBlob","kdfOptsBuf","salt","rounds","cinf","opensshCipherInfo","undefined","passphrase","from","isBuffer","KeyEncryptedError","filename","pass","Uint8Array","salti","out","keySize","blockSize","res","pbkdf","length","ckey","slice","iv","cipherStream","createDecipheriv","opensslName","setAutoPadding","chunk","chunks","once","e","toString","indexOf","end","push","concat","checkInt1","checkInt2","ret","key","readInternal","remainder","skip","consumed","comment","isPrivateKey","toPublic","kdfopts","alloc","optionalString","privBuf","checkInt","randomBytes","readUInt32BE","writeInt","toBuffer","writeString","n","_offset","writeChar","kdfssh","writeBuffer","createCipheriv","writeCString","header","tmp","len","o","i","limit"],"mappings":"AAAA;AAEAA,MAAM,CAACC,OAAP,GAAiB;AAChBC,EAAAA,IAAI,EAAEA,IADU;AAEhBC,EAAAA,cAAc,EAAEA,cAFA;AAGhBC,EAAAA,KAAK,EAAEA;AAHS,CAAjB;;AAMA,IAAIC,MAAM,GAAGC,OAAO,CAAC,aAAD,CAApB;;AACA,IAAIC,IAAI,GAAGD,OAAO,CAAC,MAAD,CAAlB;;AACA,IAAIE,MAAM,GAAGF,OAAO,CAAC,cAAD,CAAP,CAAwBE,MAArC;;AACA,IAAIC,IAAI,GAAGH,OAAO,CAAC,SAAD,CAAlB;;AACA,IAAII,KAAK,GAAGJ,OAAO,CAAC,UAAD,CAAnB;;AACA,IAAIK,MAAM,GAAGL,OAAO,CAAC,QAAD,CAApB;;AAEA,IAAIM,GAAG,GAAGN,OAAO,CAAC,QAAD,CAAjB;;AACA,IAAIO,UAAU,GAAGP,OAAO,CAAC,gBAAD,CAAxB;;AACA,IAAIQ,GAAG,GAAGR,OAAO,CAAC,OAAD,CAAjB;;AACA,IAAIS,OAAO,GAAGT,OAAO,CAAC,WAAD,CAArB;;AACA,IAAIU,SAAS,GAAGV,OAAO,CAAC,eAAD,CAAvB;;AACA,IAAIW,MAAM,GAAGX,OAAO,CAAC,WAAD,CAApB;;AAEA,IAAIY,MAAJ;;AAEA,SAAShB,IAAT,CAAciB,GAAd,EAAmBC,OAAnB,EAA4B;AAC3B,SAAQN,GAAG,CAACZ,IAAJ,CAASiB,GAAT,EAAcC,OAAd,CAAR;AACA;;AAED,IAAIC,KAAK,GAAG,gBAAZ;;AAEA,SAASlB,cAAT,CAAwBmB,IAAxB,EAA8BH,GAA9B,EAAmCC,OAAnC,EAA4C;AAC3CD,EAAAA,GAAG,GAAG,IAAIH,SAAJ,CAAc;AAACO,IAAAA,MAAM,EAAEJ;AAAT,GAAd,CAAN;AAEA,MAAIK,KAAK,GAAGL,GAAG,CAACM,WAAJ,EAAZ;AACApB,EAAAA,MAAM,CAACqB,WAAP,CAAmBF,KAAnB,EAA0BH,KAA1B,EAAiC,kBAAjC;AAEA,MAAIM,MAAM,GAAGR,GAAG,CAACS,UAAJ,EAAb;AACA,MAAIC,GAAG,GAAGV,GAAG,CAACS,UAAJ,EAAV;AACA,MAAIE,OAAO,GAAGX,GAAG,CAACY,UAAJ,EAAd;AAEA,MAAIC,KAAK,GAAGb,GAAG,CAACc,OAAJ,EAAZ;;AACA,MAAID,KAAK,KAAK,CAAd,EAAiB;AAChB,UAAO,IAAIE,KAAJ,CAAU,sCACb,qCADG,CAAP;AAEA;;AAED,MAAIC,MAAM,GAAGhB,GAAG,CAACY,UAAJ,EAAb;;AAEA,MAAIT,IAAI,KAAK,QAAb,EAAuB;AACtBjB,IAAAA,MAAM,CAAC+B,EAAP,CAAUjB,GAAG,CAACkB,KAAJ,EAAV,EAAuB,6BAAvB;AACA,WAAQtB,OAAO,CAACb,IAAR,CAAaiC,MAAb,CAAR;AACA;;AAED,MAAIG,WAAW,GAAGnB,GAAG,CAACY,UAAJ,EAAlB;AACA1B,EAAAA,MAAM,CAAC+B,EAAP,CAAUjB,GAAG,CAACkB,KAAJ,EAAV,EAAuB,6BAAvB;AAEA,MAAIE,UAAU,GAAG,IAAIvB,SAAJ,CAAc;AAAEO,IAAAA,MAAM,EAAEO;AAAV,GAAd,CAAjB;;AACA,UAAQD,GAAR;AACA,SAAK,MAAL;AACC,UAAIF,MAAM,KAAK,MAAf,EAAuB;AACtB,cAAO,IAAIO,KAAJ,CAAU,wCACZ,0CADE,CAAP;AAEA;;AACD;;AACD,SAAK,QAAL;AACC,UAAIM,IAAI,GAAGD,UAAU,CAACR,UAAX,EAAX;AACA,UAAIU,MAAM,GAAGF,UAAU,CAACN,OAAX,EAAb;AACA,UAAIS,IAAI,GAAGhC,KAAK,CAACiC,iBAAN,CAAwBhB,MAAxB,CAAX;;AACA,UAAIT,MAAM,KAAK0B,SAAf,EAA0B;AACzB1B,QAAAA,MAAM,GAAGZ,OAAO,CAAC,cAAD,CAAhB;AACA;;AAED,UAAI,OAAQc,OAAO,CAACyB,UAAhB,KAAgC,QAApC,EAA8C;AAC7CzB,QAAAA,OAAO,CAACyB,UAAR,GAAqBrC,MAAM,CAACsC,IAAP,CAAY1B,OAAO,CAACyB,UAApB,EACjB,OADiB,CAArB;AAEA;;AACD,UAAI,CAACrC,MAAM,CAACuC,QAAP,CAAgB3B,OAAO,CAACyB,UAAxB,CAAL,EAA0C;AACzC,cAAO,IAAI5B,MAAM,CAAC+B,iBAAX,CACH5B,OAAO,CAAC6B,QADL,EACe,SADf,CAAP;AAEA;;AAED,UAAIC,IAAI,GAAG,IAAIC,UAAJ,CAAe/B,OAAO,CAACyB,UAAvB,CAAX;AACA,UAAIO,KAAK,GAAG,IAAID,UAAJ,CAAeX,IAAf,CAAZ;AACA;;AACA,UAAIa,GAAG,GAAG,IAAIF,UAAJ,CAAeT,IAAI,CAACY,OAAL,GAAeZ,IAAI,CAACa,SAAnC,CAAV;AACA,UAAIC,GAAG,GAAGtC,MAAM,CAACuC,KAAP,CAAaP,IAAb,EAAmBA,IAAI,CAACQ,MAAxB,EAAgCN,KAAhC,EAAuCA,KAAK,CAACM,MAA7C,EACNL,GADM,EACDA,GAAG,CAACK,MADH,EACWjB,MADX,CAAV;;AAEA,UAAIe,GAAG,KAAK,CAAZ,EAAe;AACd,cAAO,IAAItB,KAAJ,CAAU,oCACb,6BADG,CAAP;AAEA;;AACDmB,MAAAA,GAAG,GAAG7C,MAAM,CAACsC,IAAP,CAAYO,GAAZ,CAAN;AACA,UAAIM,IAAI,GAAGN,GAAG,CAACO,KAAJ,CAAU,CAAV,EAAalB,IAAI,CAACY,OAAlB,CAAX;AACA,UAAIO,EAAE,GAAGR,GAAG,CAACO,KAAJ,CAAUlB,IAAI,CAACY,OAAf,EAAwBZ,IAAI,CAACY,OAAL,GAAeZ,IAAI,CAACa,SAA5C,CAAT;AACA,UAAIO,YAAY,GAAGnD,MAAM,CAACoD,gBAAP,CAAwBrB,IAAI,CAACsB,WAA7B,EACfL,IADe,EACTE,EADS,CAAnB;AAEAC,MAAAA,YAAY,CAACG,cAAb,CAA4B,KAA5B;AACA,UAAIC,KAAJ;AAAA,UAAWC,MAAM,GAAG,EAApB;AACAL,MAAAA,YAAY,CAACM,IAAb,CAAkB,OAAlB,EAA2B,UAAUC,CAAV,EAAa;AACvC,YAAIA,CAAC,CAACC,QAAF,GAAaC,OAAb,CAAqB,aAArB,MAAwC,CAAC,CAA7C,EAAgD;AAC/C,gBAAO,IAAIrC,KAAJ,CAAU,0BACb,iCADG,CAAP;AAEA;;AACD,cAAOmC,CAAP;AACA,OAND;AAOAP,MAAAA,YAAY,CAAC1D,KAAb,CAAmBkC,WAAnB;AACAwB,MAAAA,YAAY,CAACU,GAAb;;AACA,aAAO,CAACN,KAAK,GAAGJ,YAAY,CAAC5D,IAAb,EAAT,MAAkC,IAAzC,EACCiE,MAAM,CAACM,IAAP,CAAYP,KAAZ;;AACD5B,MAAAA,WAAW,GAAG9B,MAAM,CAACkE,MAAP,CAAcP,MAAd,CAAd;AACA;;AACD;AACC,YAAO,IAAIjC,KAAJ,CACH,0CAA0CL,GAA1C,GAAgD,GAD7C,CAAP;AAvDD;;AA2DAV,EAAAA,GAAG,GAAG,IAAIH,SAAJ,CAAc;AAACO,IAAAA,MAAM,EAAEe;AAAT,GAAd,CAAN;AAEA,MAAIqC,SAAS,GAAGxD,GAAG,CAACc,OAAJ,EAAhB;AACA,MAAI2C,SAAS,GAAGzD,GAAG,CAACc,OAAJ,EAAhB;;AACA,MAAI0C,SAAS,KAAKC,SAAlB,EAA6B;AAC5B,UAAO,IAAI1C,KAAJ,CAAU,8CACb,aADG,CAAP;AAEA;;AAED,MAAI2C,GAAG,GAAG,EAAV;AACA,MAAIC,GAAG,GAAG/D,OAAO,CAACgE,YAAR,CAAqBF,GAArB,EAA0B,SAA1B,EAAqC1D,GAAG,CAAC6D,SAAJ,EAArC,CAAV;AAEA7D,EAAAA,GAAG,CAAC8D,IAAJ,CAASJ,GAAG,CAACK,QAAb;AAEA,MAAIC,OAAO,GAAGhE,GAAG,CAACS,UAAJ,EAAd;AACAkD,EAAAA,GAAG,CAACK,OAAJ,GAAcA,OAAd;AAEA,SAAQL,GAAR;AACA;;AAED,SAAS1E,KAAT,CAAe0E,GAAf,EAAoB1D,OAApB,EAA6B;AAC5B,MAAIe,MAAJ;AACA,MAAItB,UAAU,CAACuE,YAAX,CAAwBN,GAAxB,CAAJ,EACC3C,MAAM,GAAG2C,GAAG,CAACO,QAAJ,EAAT,CADD,KAGClD,MAAM,GAAG2C,GAAT;AAED,MAAInD,MAAM,GAAG,MAAb;AACA,MAAIE,GAAG,GAAG,MAAV;AACA,MAAIyD,OAAO,GAAG9E,MAAM,CAAC+E,KAAP,CAAa,CAAb,CAAd;AACA,MAAI7C,IAAI,GAAG;AAAEa,IAAAA,SAAS,EAAE;AAAb,GAAX;AACA,MAAIV,UAAJ;;AACA,MAAIzB,OAAO,KAAKwB,SAAhB,EAA2B;AAC1BC,IAAAA,UAAU,GAAGzB,OAAO,CAACyB,UAArB;AACA,QAAI,OAAQA,UAAR,KAAwB,QAA5B,EACCA,UAAU,GAAGrC,MAAM,CAACsC,IAAP,CAAYD,UAAZ,EAAwB,OAAxB,CAAb;;AACD,QAAIA,UAAU,KAAKD,SAAnB,EAA8B;AAC7BvC,MAAAA,MAAM,CAACkB,MAAP,CAAcsB,UAAd,EAA0B,oBAA1B;AACAxC,MAAAA,MAAM,CAACmF,cAAP,CAAsBpE,OAAO,CAACO,MAA9B,EAAsC,gBAAtC;AACAA,MAAAA,MAAM,GAAGP,OAAO,CAACO,MAAjB;AACA,UAAIA,MAAM,KAAKiB,SAAf,EACCjB,MAAM,GAAG,YAAT;AACDe,MAAAA,IAAI,GAAGhC,KAAK,CAACiC,iBAAN,CAAwBhB,MAAxB,CAAP;AACAE,MAAAA,GAAG,GAAG,QAAN;AACA;AACD;;AAED,MAAI4D,OAAJ;;AACA,MAAI5E,UAAU,CAACuE,YAAX,CAAwBN,GAAxB,CAAJ,EAAkC;AACjCW,IAAAA,OAAO,GAAG,IAAIzE,SAAJ,CAAc,EAAd,CAAV;AACA,QAAI0E,QAAQ,GAAG/E,MAAM,CAACgF,WAAP,CAAmB,CAAnB,EAAsBC,YAAtB,CAAmC,CAAnC,CAAf;AACAH,IAAAA,OAAO,CAACI,QAAR,CAAiBH,QAAjB;AACAD,IAAAA,OAAO,CAACI,QAAR,CAAiBH,QAAjB;AACAD,IAAAA,OAAO,CAACrF,KAAR,CAAc0E,GAAG,CAACgB,QAAJ,CAAa,SAAb,CAAd;AACAL,IAAAA,OAAO,CAACM,WAAR,CAAoBjB,GAAG,CAACK,OAAJ,IAAe,EAAnC;AAEA,QAAIa,CAAC,GAAG,CAAR;;AACA,WAAOP,OAAO,CAACQ,OAAR,GAAkBvD,IAAI,CAACa,SAAvB,KAAqC,CAA5C,EACCkC,OAAO,CAACS,SAAR,CAAkBF,CAAC,EAAnB;;AACDP,IAAAA,OAAO,GAAGA,OAAO,CAACK,QAAR,EAAV;AACA;;AAED,UAAQjE,GAAR;AACA,SAAK,MAAL;AACC;;AACD,SAAK,QAAL;AACC,UAAIW,IAAI,GAAG7B,MAAM,CAACgF,WAAP,CAAmB,EAAnB,CAAX;AACA,UAAIlD,MAAM,GAAG,EAAb;AACA,UAAI0D,MAAM,GAAG,IAAInF,SAAJ,CAAc,EAAd,CAAb;AACAmF,MAAAA,MAAM,CAACC,WAAP,CAAmB5D,IAAnB;AACA2D,MAAAA,MAAM,CAACN,QAAP,CAAgBpD,MAAhB;AACA6C,MAAAA,OAAO,GAAGa,MAAM,CAACL,QAAP,EAAV;;AAEA,UAAI5E,MAAM,KAAK0B,SAAf,EAA0B;AACzB1B,QAAAA,MAAM,GAAGZ,OAAO,CAAC,cAAD,CAAhB;AACA;;AACD,UAAI4C,IAAI,GAAG,IAAIC,UAAJ,CAAeN,UAAf,CAAX;AACA,UAAIO,KAAK,GAAG,IAAID,UAAJ,CAAeX,IAAf,CAAZ;AACA;;AACA,UAAIa,GAAG,GAAG,IAAIF,UAAJ,CAAeT,IAAI,CAACY,OAAL,GAAeZ,IAAI,CAACa,SAAnC,CAAV;AACA,UAAIC,GAAG,GAAGtC,MAAM,CAACuC,KAAP,CAAaP,IAAb,EAAmBA,IAAI,CAACQ,MAAxB,EAAgCN,KAAhC,EAAuCA,KAAK,CAACM,MAA7C,EACNL,GADM,EACDA,GAAG,CAACK,MADH,EACWjB,MADX,CAAV;;AAEA,UAAIe,GAAG,KAAK,CAAZ,EAAe;AACd,cAAO,IAAItB,KAAJ,CAAU,oCACb,6BADG,CAAP;AAEA;;AACDmB,MAAAA,GAAG,GAAG7C,MAAM,CAACsC,IAAP,CAAYO,GAAZ,CAAN;AACA,UAAIM,IAAI,GAAGN,GAAG,CAACO,KAAJ,CAAU,CAAV,EAAalB,IAAI,CAACY,OAAlB,CAAX;AACA,UAAIO,EAAE,GAAGR,GAAG,CAACO,KAAJ,CAAUlB,IAAI,CAACY,OAAf,EAAwBZ,IAAI,CAACY,OAAL,GAAeZ,IAAI,CAACa,SAA5C,CAAT;AAEA,UAAIO,YAAY,GAAGnD,MAAM,CAAC0F,cAAP,CAAsB3D,IAAI,CAACsB,WAA3B,EACfL,IADe,EACTE,EADS,CAAnB;AAEAC,MAAAA,YAAY,CAACG,cAAb,CAA4B,KAA5B;AACA,UAAIC,KAAJ;AAAA,UAAWC,MAAM,GAAG,EAApB;AACAL,MAAAA,YAAY,CAACM,IAAb,CAAkB,OAAlB,EAA2B,UAAUC,CAAV,EAAa;AACvC,cAAOA,CAAP;AACA,OAFD;AAGAP,MAAAA,YAAY,CAAC1D,KAAb,CAAmBqF,OAAnB;AACA3B,MAAAA,YAAY,CAACU,GAAb;;AACA,aAAO,CAACN,KAAK,GAAGJ,YAAY,CAAC5D,IAAb,EAAT,MAAkC,IAAzC,EACCiE,MAAM,CAACM,IAAP,CAAYP,KAAZ;;AACDuB,MAAAA,OAAO,GAAGjF,MAAM,CAACkE,MAAP,CAAcP,MAAd,CAAV;AACA;;AACD;AACC,YAAO,IAAIjC,KAAJ,CAAU,qBAAqBL,GAA/B,CAAP;AA1CD;;AA6CA,MAAIV,GAAG,GAAG,IAAIH,SAAJ,CAAc,EAAd,CAAV;AAEAG,EAAAA,GAAG,CAACmF,YAAJ,CAAiBjF,KAAjB;AACAF,EAAAA,GAAG,CAAC4E,WAAJ,CAAgBpE,MAAhB;AAAyB;;AACzBR,EAAAA,GAAG,CAAC4E,WAAJ,CAAgBlE,GAAhB;AAAuB;;AACvBV,EAAAA,GAAG,CAACiF,WAAJ,CAAgBd,OAAhB;AAA0B;;AAE1BnE,EAAAA,GAAG,CAAC0E,QAAJ,CAAa,CAAb;AAAkB;;AAClB1E,EAAAA,GAAG,CAACiF,WAAJ,CAAgBjE,MAAM,CAAC2D,QAAP,CAAgB,SAAhB,CAAhB;AAEA,MAAIL,OAAJ,EACCtE,GAAG,CAACiF,WAAJ,CAAgBX,OAAhB;AAEDtE,EAAAA,GAAG,GAAGA,GAAG,CAAC2E,QAAJ,EAAN;AAEA,MAAIS,MAAJ;AACA,MAAI1F,UAAU,CAACuE,YAAX,CAAwBN,GAAxB,CAAJ,EACCyB,MAAM,GAAG,qBAAT,CADD,KAGCA,MAAM,GAAG,oBAAT;AAED,MAAIC,GAAG,GAAGrF,GAAG,CAACmD,QAAJ,CAAa,QAAb,CAAV;AACA,MAAImC,GAAG,GAAGD,GAAG,CAAC9C,MAAJ,GAAc8C,GAAG,CAAC9C,MAAJ,GAAa,EAA3B,GACN,EADM,GACD,EADC,GACI6C,MAAM,CAAC7C,MAAP,GAAc,CADlB,GACsB,EADhC;AAEAvC,EAAAA,GAAG,GAAGX,MAAM,CAAC+E,KAAP,CAAakB,GAAb,CAAN;AACA,MAAIC,CAAC,GAAG,CAAR;AACAA,EAAAA,CAAC,IAAIvF,GAAG,CAACf,KAAJ,CAAU,gBAAgBmG,MAAhB,GAAyB,SAAnC,EAA8CG,CAA9C,CAAL;;AACA,OAAK,IAAIC,CAAC,GAAG,CAAb,EAAgBA,CAAC,GAAGH,GAAG,CAAC9C,MAAxB,GAAkC;AACjC,QAAIkD,KAAK,GAAGD,CAAC,GAAG,EAAhB;AACA,QAAIC,KAAK,GAAGJ,GAAG,CAAC9C,MAAhB,EACCkD,KAAK,GAAGJ,GAAG,CAAC9C,MAAZ;AACDgD,IAAAA,CAAC,IAAIvF,GAAG,CAACf,KAAJ,CAAUoG,GAAG,CAAC5C,KAAJ,CAAU+C,CAAV,EAAaC,KAAb,CAAV,EAA+BF,CAA/B,CAAL;AACAvF,IAAAA,GAAG,CAACuF,CAAC,EAAF,CAAH,GAAW,EAAX;AACAC,IAAAA,CAAC,GAAGC,KAAJ;AACA;;AACDF,EAAAA,CAAC,IAAIvF,GAAG,CAACf,KAAJ,CAAU,cAAcmG,MAAd,GAAuB,SAAjC,EAA4CG,CAA5C,CAAL;AAEA,SAAQvF,GAAG,CAACyC,KAAJ,CAAU,CAAV,EAAa8C,CAAb,CAAR;AACA","sourcesContent":["// Copyright 2015 Joyent, Inc.\n\nmodule.exports = {\n\tread: read,\n\treadSSHPrivate: readSSHPrivate,\n\twrite: write\n};\n\nvar assert = require('assert-plus');\nvar asn1 = require('asn1');\nvar Buffer = require('safer-buffer').Buffer;\nvar algs = require('../algs');\nvar utils = require('../utils');\nvar crypto = require('crypto');\n\nvar Key = require('../key');\nvar PrivateKey = require('../private-key');\nvar pem = require('./pem');\nvar rfc4253 = require('./rfc4253');\nvar SSHBuffer = require('../ssh-buffer');\nvar errors = require('../errors');\n\nvar bcrypt;\n\nfunction read(buf, options) {\n\treturn (pem.read(buf, options));\n}\n\nvar MAGIC = 'openssh-key-v1';\n\nfunction readSSHPrivate(type, buf, options) {\n\tbuf = new SSHBuffer({buffer: buf});\n\n\tvar magic = buf.readCString();\n\tassert.strictEqual(magic, MAGIC, 'bad magic string');\n\n\tvar cipher = buf.readString();\n\tvar kdf = buf.readString();\n\tvar kdfOpts = buf.readBuffer();\n\n\tvar nkeys = buf.readInt();\n\tif (nkeys !== 1) {\n\t\tthrow (new Error('OpenSSH-format key file contains ' +\n\t\t 'multiple keys: this is unsupported.'));\n\t}\n\n\tvar pubKey = buf.readBuffer();\n\n\tif (type === 'public') {\n\t\tassert.ok(buf.atEnd(), 'excess bytes left after key');\n\t\treturn (rfc4253.read(pubKey));\n\t}\n\n\tvar privKeyBlob = buf.readBuffer();\n\tassert.ok(buf.atEnd(), 'excess bytes left after key');\n\n\tvar kdfOptsBuf = new SSHBuffer({ buffer: kdfOpts });\n\tswitch (kdf) {\n\tcase 'none':\n\t\tif (cipher !== 'none') {\n\t\t\tthrow (new Error('OpenSSH-format key uses KDF \"none\" ' +\n\t\t\t 'but specifies a cipher other than \"none\"'));\n\t\t}\n\t\tbreak;\n\tcase 'bcrypt':\n\t\tvar salt = kdfOptsBuf.readBuffer();\n\t\tvar rounds = kdfOptsBuf.readInt();\n\t\tvar cinf = utils.opensshCipherInfo(cipher);\n\t\tif (bcrypt === undefined) {\n\t\t\tbcrypt = require('bcrypt-pbkdf');\n\t\t}\n\n\t\tif (typeof (options.passphrase) === 'string') {\n\t\t\toptions.passphrase = Buffer.from(options.passphrase,\n\t\t\t 'utf-8');\n\t\t}\n\t\tif (!Buffer.isBuffer(options.passphrase)) {\n\t\t\tthrow (new errors.KeyEncryptedError(\n\t\t\t options.filename, 'OpenSSH'));\n\t\t}\n\n\t\tvar pass = new Uint8Array(options.passphrase);\n\t\tvar salti = new Uint8Array(salt);\n\t\t/* Use the pbkdf to derive both the key and the IV. */\n\t\tvar out = new Uint8Array(cinf.keySize + cinf.blockSize);\n\t\tvar res = bcrypt.pbkdf(pass, pass.length, salti, salti.length,\n\t\t out, out.length, rounds);\n\t\tif (res !== 0) {\n\t\t\tthrow (new Error('bcrypt_pbkdf function returned ' +\n\t\t\t 'failure, parameters invalid'));\n\t\t}\n\t\tout = Buffer.from(out);\n\t\tvar ckey = out.slice(0, cinf.keySize);\n\t\tvar iv = out.slice(cinf.keySize, cinf.keySize + cinf.blockSize);\n\t\tvar cipherStream = crypto.createDecipheriv(cinf.opensslName,\n\t\t ckey, iv);\n\t\tcipherStream.setAutoPadding(false);\n\t\tvar chunk, chunks = [];\n\t\tcipherStream.once('error', function (e) {\n\t\t\tif (e.toString().indexOf('bad decrypt') !== -1) {\n\t\t\t\tthrow (new Error('Incorrect passphrase ' +\n\t\t\t\t 'supplied, could not decrypt key'));\n\t\t\t}\n\t\t\tthrow (e);\n\t\t});\n\t\tcipherStream.write(privKeyBlob);\n\t\tcipherStream.end();\n\t\twhile ((chunk = cipherStream.read()) !== null)\n\t\t\tchunks.push(chunk);\n\t\tprivKeyBlob = Buffer.concat(chunks);\n\t\tbreak;\n\tdefault:\n\t\tthrow (new Error(\n\t\t 'OpenSSH-format key uses unknown KDF \"' + kdf + '\"'));\n\t}\n\n\tbuf = new SSHBuffer({buffer: privKeyBlob});\n\n\tvar checkInt1 = buf.readInt();\n\tvar checkInt2 = buf.readInt();\n\tif (checkInt1 !== checkInt2) {\n\t\tthrow (new Error('Incorrect passphrase supplied, could not ' +\n\t\t 'decrypt key'));\n\t}\n\n\tvar ret = {};\n\tvar key = rfc4253.readInternal(ret, 'private', buf.remainder());\n\n\tbuf.skip(ret.consumed);\n\n\tvar comment = buf.readString();\n\tkey.comment = comment;\n\n\treturn (key);\n}\n\nfunction write(key, options) {\n\tvar pubKey;\n\tif (PrivateKey.isPrivateKey(key))\n\t\tpubKey = key.toPublic();\n\telse\n\t\tpubKey = key;\n\n\tvar cipher = 'none';\n\tvar kdf = 'none';\n\tvar kdfopts = Buffer.alloc(0);\n\tvar cinf = { blockSize: 8 };\n\tvar passphrase;\n\tif (options !== undefined) {\n\t\tpassphrase = options.passphrase;\n\t\tif (typeof (passphrase) === 'string')\n\t\t\tpassphrase = Buffer.from(passphrase, 'utf-8');\n\t\tif (passphrase !== undefined) {\n\t\t\tassert.buffer(passphrase, 'options.passphrase');\n\t\t\tassert.optionalString(options.cipher, 'options.cipher');\n\t\t\tcipher = options.cipher;\n\t\t\tif (cipher === undefined)\n\t\t\t\tcipher = 'aes128-ctr';\n\t\t\tcinf = utils.opensshCipherInfo(cipher);\n\t\t\tkdf = 'bcrypt';\n\t\t}\n\t}\n\n\tvar privBuf;\n\tif (PrivateKey.isPrivateKey(key)) {\n\t\tprivBuf = new SSHBuffer({});\n\t\tvar checkInt = crypto.randomBytes(4).readUInt32BE(0);\n\t\tprivBuf.writeInt(checkInt);\n\t\tprivBuf.writeInt(checkInt);\n\t\tprivBuf.write(key.toBuffer('rfc4253'));\n\t\tprivBuf.writeString(key.comment || '');\n\n\t\tvar n = 1;\n\t\twhile (privBuf._offset % cinf.blockSize !== 0)\n\t\t\tprivBuf.writeChar(n++);\n\t\tprivBuf = privBuf.toBuffer();\n\t}\n\n\tswitch (kdf) {\n\tcase 'none':\n\t\tbreak;\n\tcase 'bcrypt':\n\t\tvar salt = crypto.randomBytes(16);\n\t\tvar rounds = 16;\n\t\tvar kdfssh = new SSHBuffer({});\n\t\tkdfssh.writeBuffer(salt);\n\t\tkdfssh.writeInt(rounds);\n\t\tkdfopts = kdfssh.toBuffer();\n\n\t\tif (bcrypt === undefined) {\n\t\t\tbcrypt = require('bcrypt-pbkdf');\n\t\t}\n\t\tvar pass = new Uint8Array(passphrase);\n\t\tvar salti = new Uint8Array(salt);\n\t\t/* Use the pbkdf to derive both the key and the IV. */\n\t\tvar out = new Uint8Array(cinf.keySize + cinf.blockSize);\n\t\tvar res = bcrypt.pbkdf(pass, pass.length, salti, salti.length,\n\t\t out, out.length, rounds);\n\t\tif (res !== 0) {\n\t\t\tthrow (new Error('bcrypt_pbkdf function returned ' +\n\t\t\t 'failure, parameters invalid'));\n\t\t}\n\t\tout = Buffer.from(out);\n\t\tvar ckey = out.slice(0, cinf.keySize);\n\t\tvar iv = out.slice(cinf.keySize, cinf.keySize + cinf.blockSize);\n\n\t\tvar cipherStream = crypto.createCipheriv(cinf.opensslName,\n\t\t ckey, iv);\n\t\tcipherStream.setAutoPadding(false);\n\t\tvar chunk, chunks = [];\n\t\tcipherStream.once('error', function (e) {\n\t\t\tthrow (e);\n\t\t});\n\t\tcipherStream.write(privBuf);\n\t\tcipherStream.end();\n\t\twhile ((chunk = cipherStream.read()) !== null)\n\t\t\tchunks.push(chunk);\n\t\tprivBuf = Buffer.concat(chunks);\n\t\tbreak;\n\tdefault:\n\t\tthrow (new Error('Unsupported kdf ' + kdf));\n\t}\n\n\tvar buf = new SSHBuffer({});\n\n\tbuf.writeCString(MAGIC);\n\tbuf.writeString(cipher);\t/* cipher */\n\tbuf.writeString(kdf);\t\t/* kdf */\n\tbuf.writeBuffer(kdfopts);\t/* kdfoptions */\n\n\tbuf.writeInt(1);\t\t/* nkeys */\n\tbuf.writeBuffer(pubKey.toBuffer('rfc4253'));\n\n\tif (privBuf)\n\t\tbuf.writeBuffer(privBuf);\n\n\tbuf = buf.toBuffer();\n\n\tvar header;\n\tif (PrivateKey.isPrivateKey(key))\n\t\theader = 'OPENSSH PRIVATE KEY';\n\telse\n\t\theader = 'OPENSSH PUBLIC KEY';\n\n\tvar tmp = buf.toString('base64');\n\tvar len = tmp.length + (tmp.length / 70) +\n\t 18 + 16 + header.length*2 + 10;\n\tbuf = Buffer.alloc(len);\n\tvar o = 0;\n\to += buf.write('-----BEGIN ' + header + '-----\\n', o);\n\tfor (var i = 0; i < tmp.length; ) {\n\t\tvar limit = i + 70;\n\t\tif (limit > tmp.length)\n\t\t\tlimit = tmp.length;\n\t\to += buf.write(tmp.slice(i, limit), o);\n\t\tbuf[o++] = 10;\n\t\ti = limit;\n\t}\n\to += buf.write('-----END ' + header + '-----\\n', o);\n\n\treturn (buf.slice(0, o));\n}\n"]},"metadata":{},"sourceType":"script"} |