sshpk
Advanced tools
Comparing version 1.0.4 to 1.1.0
@@ -33,2 +33,3 @@ // Copyright 2015 Joyent, Inc. | ||
size: 256, | ||
pkcs8oid: '1.2.840.10045.3.1.7', | ||
p: new Buffer(('00' + | ||
@@ -59,2 +60,3 @@ 'ffffffff 00000001 00000000 00000000' + | ||
size: 384, | ||
pkcs8oid: '1.3.132.0.34', | ||
p: new Buffer(('00' + | ||
@@ -61,0 +63,0 @@ 'ffffffff ffffffff ffffffff ffffffff' + |
@@ -41,6 +41,18 @@ // Copyright 2015 Joyent, Inc. | ||
function SignatureParseError(type, format) { | ||
if (Error.captureStackTrace) | ||
Error.captureStackTrace(this, SignatureParseError); | ||
this.name = 'SignatureParseError'; | ||
this.type = type; | ||
this.format = format; | ||
this.message = 'Failed to parse the given data as a ' + type + | ||
' signature in ' + format + ' format'; | ||
} | ||
util.inherits(SignatureParseError, Error); | ||
module.exports = { | ||
FingerprintFormatError: FingerprintFormatError, | ||
InvalidAlgorithmError: InvalidAlgorithmError, | ||
KeyParseError: KeyParseError | ||
KeyParseError: KeyParseError, | ||
SignatureParseError: SignatureParseError | ||
}; |
@@ -71,3 +71,5 @@ // Copyright 2015 Joyent, Inc. | ||
alg = parts[0].toLowerCase(); | ||
if (!/^[A-Za-z0-9+\/=]+$/.test(parts[1])) | ||
/*JSSTYLED*/ | ||
var base64RE = /^[A-Za-z0-9+\/=]+$/; | ||
if (!base64RE.test(parts[1])) | ||
throw (new FingerprintFormatError(fp)); | ||
@@ -84,3 +86,5 @@ try { | ||
parts = parts.join(''); | ||
if (!/^[a-fA-F0-9]+$/.test(parts)) | ||
/*JSSTYLED*/ | ||
var md5RE = /^[a-fA-F0-9]+$/; | ||
if (!md5RE.test(parts)) | ||
throw (new FingerprintFormatError(fp)); | ||
@@ -87,0 +91,0 @@ try { |
@@ -448,43 +448,51 @@ // Copyright 2015 Joyent, Inc. | ||
function writePkcs8ECDSA(key, der) { | ||
// ECParameters sequence | ||
der.startSequence(); | ||
var curve = algs.curves[key.curve]; | ||
if (curve.pkcs8oid) { | ||
/* This one has a name in pkcs#8, so just write the oid */ | ||
der.writeOID(curve.pkcs8oid); | ||
var version = new Buffer(1); | ||
version.writeUInt8(1, 0); | ||
der.writeBuffer(version, asn1.Ber.Integer); | ||
} else { | ||
// ECParameters sequence | ||
der.startSequence(); | ||
var curve = algs.curves[key.curve]; | ||
var version = new Buffer(1); | ||
version.writeUInt8(1, 0); | ||
der.writeBuffer(version, asn1.Ber.Integer); | ||
// FieldID sequence | ||
der.startSequence(); | ||
der.writeOID('1.2.840.10045.1.1'); // prime-field | ||
der.writeBuffer(curve.p, asn1.Ber.Integer); | ||
der.endSequence(); | ||
// FieldID sequence | ||
der.startSequence(); | ||
der.writeOID('1.2.840.10045.1.1'); // prime-field | ||
der.writeBuffer(curve.p, asn1.Ber.Integer); | ||
der.endSequence(); | ||
// Curve sequence | ||
der.startSequence(); | ||
var a = curve.p; | ||
if (a[0] === 0x0) | ||
a = a.slice(1); | ||
der.writeBuffer(a, asn1.Ber.OctetString); | ||
der.writeBuffer(curve.b, asn1.Ber.OctetString); | ||
der.writeBuffer(curve.s, asn1.Ber.BitString); | ||
der.endSequence(); | ||
// Curve sequence | ||
der.startSequence(); | ||
var a = curve.p; | ||
if (a[0] === 0x0) | ||
a = a.slice(1); | ||
der.writeBuffer(a, asn1.Ber.OctetString); | ||
der.writeBuffer(curve.b, asn1.Ber.OctetString); | ||
der.writeBuffer(curve.s, asn1.Ber.BitString); | ||
der.endSequence(); | ||
der.writeBuffer(curve.G, asn1.Ber.OctetString); | ||
der.writeBuffer(curve.n, asn1.Ber.Integer); | ||
var h = curve.h; | ||
if (!h) { | ||
h = new Buffer(1); | ||
h.writeUInt8(1, 0); | ||
der.writeBuffer(curve.G, asn1.Ber.OctetString); | ||
der.writeBuffer(curve.n, asn1.Ber.Integer); | ||
var h = curve.h; | ||
if (!h) { | ||
h = new Buffer(1); | ||
h[0] = 1; | ||
} | ||
der.writeBuffer(h, asn1.Ber.Integer); | ||
// ECParameters | ||
der.endSequence(); | ||
} | ||
der.writeBuffer(h, asn1.Ber.Integer); | ||
// ECParameters | ||
der.endSequence(); | ||
der.endSequence(); | ||
var Q = key.part.Q.data; | ||
var pre = new Buffer(1); | ||
pre[0] = 0x0; | ||
if (Q[0] === 0x04) | ||
Q = Buffer.concat([new Buffer(1), Q]); | ||
Q = Buffer.concat([pre, Q]); | ||
der.writeBuffer(Q, asn1.Ber.BitString); | ||
@@ -491,0 +499,0 @@ } |
@@ -5,2 +5,3 @@ // Copyright 2015 Joyent, Inc. | ||
var Fingerprint = require('./fingerprint'); | ||
var Signature = require('./signature'); | ||
var errs = require('./errors'); | ||
@@ -14,2 +15,4 @@ | ||
parseFingerprint: Fingerprint.parse, | ||
Signature: Signature, | ||
parseSignature: Signature.parse, | ||
@@ -19,3 +22,4 @@ /* errors */ | ||
InvalidAlgorithmError: errs.InvalidAlgorithmError, | ||
KeyParseError: errs.KeyParseError | ||
KeyParseError: errs.KeyParseError, | ||
SignatureParseError: errs.SignatureParseError | ||
}; |
@@ -7,2 +7,3 @@ // Copyright 2015 Joyent, Inc. | ||
var Fingerprint = require('./fingerprint'); | ||
var Signature = require('./signature'); | ||
var errs = require('./errors'); | ||
@@ -99,23 +100,40 @@ | ||
Key.prototype.createVerify = function (hashAlgo) { | ||
if (hashAlgo === undefined) { | ||
hashAlgo = 'sha1'; | ||
if (this.type === 'rsa') | ||
hashAlgo = 'sha256'; | ||
if (this.type === 'ecdsa') { | ||
if (this.size <= 256) | ||
hashAlgo = 'sha256'; | ||
else if (this.size <= 384) | ||
hashAlgo = 'sha384'; | ||
else | ||
hashAlgo = 'sha512'; | ||
} | ||
} | ||
assert.string(hashAlgo, 'hash algorithm'); | ||
var v, nm; | ||
var v, nm, err; | ||
try { | ||
nm = this.type.toUpperCase() + '-'; | ||
if (this.type === 'ecdsa') | ||
nm += 'with-'; | ||
nm = 'ecdsa-with-'; | ||
nm += hashAlgo.toUpperCase(); | ||
v = crypto.createVerify(nm); | ||
} catch (e) { | ||
if (e instanceof Error && | ||
e.message.match(/Unknown message digest/)) { | ||
nm = 'RSA-'; | ||
nm += hashAlgo.toUpperCase(); | ||
v = crypto.createVerify(nm); | ||
} | ||
err = e; | ||
} | ||
if (v === undefined || (err instanceof Error && | ||
err.message.match(/Unknown message digest/))) { | ||
nm = 'RSA-'; | ||
nm += hashAlgo.toUpperCase(); | ||
v = crypto.createVerify(nm); | ||
} | ||
assert.ok(v, 'failed to create verifier'); | ||
var oldVerify = v.verify.bind(v); | ||
var key = this.toBuffer('pem'); | ||
console.log(key.toString()); | ||
v.verify = function (signature) { | ||
return (oldVerify(key, signature)); | ||
v.verify = function (signature, fmt) { | ||
if (typeof (signature) === 'object' && | ||
signature instanceof Signature) | ||
return (oldVerify(key, signature.toBuffer('asn1'))); | ||
return (oldVerify(key, signature, fmt)); | ||
}; | ||
@@ -122,0 +140,0 @@ return (v); |
{ | ||
"name": "sshpk", | ||
"version": "1.0.4", | ||
"version": "1.1.0", | ||
"description": "A library for finding and using SSH public keys", | ||
@@ -5,0 +5,0 @@ "main": "lib/index.js", |
@@ -154,3 +154,3 @@ sshpk | ||
### `Key#createVerify(hashAlgorithm)` | ||
### `Key#createVerify([hashAlgorithm])` | ||
@@ -164,5 +164,12 @@ Creates a `crypto.Verifier` specialized to use this Key (and the correct public | ||
- `hashAlgorithm` -- String name of hash algorithm to use, any supported by | ||
OpenSSL are valid, usually including `sha1`, `sha256` | ||
- `hashAlgorithm` -- optional String name of hash algorithm to use, any | ||
supported by OpenSSL are valid, usually including | ||
`sha1`, `sha256`. | ||
`v.verify(signature[, format])` Parameters | ||
- `signature` -- either a Signature object, or a Buffer or String | ||
- `format` -- optional String, name of format to interpret given String with. | ||
Not valid if `signature` is a Signature or Buffer. | ||
### `parseFingerprint(fingerprint[, algorithms])` | ||
@@ -199,2 +206,32 @@ | ||
### `parseSignature(signature, algorithm, format)` | ||
Parses a signature in a given format, createing a `Signature` object. Useful | ||
for converting between the SSH and ASN.1 (PKCS/OpenSSL) signature formats for | ||
DSA and ECDSA. | ||
A Signature object can also be passed to a verifier produced by | ||
`Key#createVerify()` and it will automatically be converted into the correct | ||
format for verification. | ||
Parameters | ||
- `signature` -- a Buffer (binary) or String (base64), data of the actual | ||
signature in the given format | ||
- `algorithm` -- a String, name of the algorithm to be used, possible values | ||
are `rsa`, `dsa` and `ecdsa` | ||
- `format` -- a String, either `asn1` or `ssh` | ||
### `Signature#toBuffer([format = 'asn1'])` | ||
Converts a Signature to the given format and returns it as a Buffer. | ||
Parameters | ||
- `format` -- a String, either `asn1` or `ssh` | ||
### `Signature#toString([format = 'asn1'])` | ||
Same as `this.toBuffer(format).toString('base64')`. | ||
Errors | ||
@@ -201,0 +238,0 @@ ------ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
46704
20
1197
269