sshpk
Advanced tools
Comparing version 1.5.1 to 1.6.0
@@ -59,2 +59,6 @@ // Copyright 2015 Joyent, Inc. | ||
replace(/ /g, ''), 'hex'), | ||
a: new Buffer(('00' + | ||
'FFFFFFFF 00000001 00000000 00000000' + | ||
'00000000 FFFFFFFF FFFFFFFF FFFFFFFC'). | ||
replace(/ /g, ''), 'hex'), | ||
b: new Buffer(( | ||
@@ -87,2 +91,7 @@ '5ac635d8 aa3a93e7 b3ebbd55 769886bc' + | ||
replace(/ /g, ''), 'hex'), | ||
a: new Buffer(('00' + | ||
'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF' + | ||
'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE' + | ||
'FFFFFFFF 00000000 00000000 FFFFFFFC'). | ||
replace(/ /g, ''), 'hex'), | ||
b: new Buffer(( | ||
@@ -120,2 +129,8 @@ 'b3312fa7 e23ee7e4 988e056b e3f82d19' + | ||
'ffff').replace(/ /g, ''), 'hex'), | ||
a: new Buffer(('01FF' + | ||
'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF' + | ||
'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF' + | ||
'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF' + | ||
'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFC'). | ||
replace(/ /g, ''), 'hex'), | ||
b: new Buffer(('51' + | ||
@@ -122,0 +137,0 @@ '953eb961 8e1c9a1f 929a21a0 b68540ee' + |
@@ -8,3 +8,3 @@ // Copyright 2015 Joyent, Inc. | ||
var ed; | ||
var nacl; | ||
var stream = require('stream'); | ||
@@ -16,4 +16,4 @@ var util = require('util'); | ||
function Verifier(key, hashAlgo) { | ||
if (ed === undefined) | ||
ed = require('jodid25519'); | ||
if (nacl === undefined) | ||
nacl = require('tweetnacl'); | ||
@@ -50,10 +50,11 @@ if (hashAlgo.toLowerCase() !== 'sha512') | ||
assert.buffer(sig); | ||
return (ed.eddsa.verify(sig.toString('binary'), | ||
Buffer.concat(this.chunks).toString('binary'), | ||
this.key.part.R.data.toString('binary'))); | ||
return (nacl.sign.detached.verify( | ||
new Uint8Array(Buffer.concat(this.chunks)), | ||
new Uint8Array(sig), | ||
new Uint8Array(this.key.part.R.data))); | ||
}; | ||
function Signer(key, hashAlgo) { | ||
if (ed === undefined) | ||
ed = require('jodid25519'); | ||
if (nacl === undefined) | ||
nacl = require('tweetnacl'); | ||
@@ -83,6 +84,6 @@ if (hashAlgo.toLowerCase() !== 'sha512') | ||
Signer.prototype.sign = function () { | ||
var sig = ed.eddsa.sign(Buffer.concat(this.chunks).toString('binary'), | ||
this.key.part.r.data.slice(0, 32).toString('binary'), | ||
this.key.part.R.data.toString('binary')); | ||
var sigBuf = new Buffer(sig, 'binary'); | ||
var sig = nacl.sign.detached( | ||
new Uint8Array(Buffer.concat(this.chunks)), | ||
new Uint8Array(this.key.part.r.data)); | ||
var sigBuf = new Buffer(sig); | ||
var sigObj = Signature.parse(sigBuf, 'ed25519', 'raw'); | ||
@@ -89,0 +90,0 @@ sigObj.hashAlgorithm = 'sha512'; |
@@ -101,2 +101,5 @@ // Copyright 2015 Joyent, Inc. | ||
if (algs.hashAlgs[alg] === undefined) | ||
throw (new InvalidAlgorithmError(alg)); | ||
if (enAlgs !== undefined) { | ||
@@ -103,0 +106,0 @@ enAlgs = enAlgs.map(function (a) { return a.toLowerCase(); }); |
@@ -19,2 +19,5 @@ // Copyright 2015 Joyent, Inc. | ||
var pkcs8 = require('./pkcs8'); | ||
var readECDSACurve = pkcs8.readECDSACurve; | ||
function read(buf) { | ||
@@ -196,16 +199,5 @@ return (pem.read(buf, 'pkcs1')); | ||
der.readSequence(0xa0); | ||
var curveOid = der.readOID(); | ||
var curve = readECDSACurve(der); | ||
assert.string(curve, 'a known elliptic curve'); | ||
var curve; | ||
var curves = Object.keys(algs.curves); | ||
for (var j = 0; j < curves.length; ++j) { | ||
var c = curves[j]; | ||
var cd = algs.curves[c]; | ||
if (cd.pkcs8oid === curveOid) { | ||
curve = c; | ||
break; | ||
} | ||
} | ||
assert.string(curve, 'a known ECDSA named curve'); | ||
der.readSequence(0xa1); | ||
@@ -212,0 +204,0 @@ var Q = der.readString(asn1.Ber.BitString, true); |
@@ -7,3 +7,6 @@ // Copyright 2015 Joyent, Inc. | ||
write: write, | ||
writePkcs8: writePkcs8 | ||
writePkcs8: writePkcs8, | ||
readECDSACurve: readECDSACurve, | ||
writeECDSACurve: writeECDSACurve | ||
}; | ||
@@ -215,3 +218,4 @@ | ||
'ECDSA key is not from a prime-field'); | ||
var p = curve.p = der.readString(asn1.Ber.Integer, true); | ||
var p = curve.p = utils.mpNormalize( | ||
der.readString(asn1.Ber.Integer, true)); | ||
/* | ||
@@ -225,4 +229,6 @@ * p always starts with a 1 bit, so count the zeros to get its | ||
der.readSequence(); | ||
curve.a = der.readString(asn1.Ber.OctetString, true); | ||
curve.b = der.readString(asn1.Ber.OctetString, true); | ||
curve.a = utils.mpNormalize( | ||
der.readString(asn1.Ber.OctetString, true)); | ||
curve.b = utils.mpNormalize( | ||
der.readString(asn1.Ber.OctetString, true)); | ||
if (der.peek() === asn1.Ber.BitString) | ||
@@ -236,4 +242,6 @@ curve.s = der.readString(asn1.Ber.BitString, true); | ||
curve.n = der.readString(asn1.Ber.Integer, true); | ||
curve.h = der.readString(asn1.Ber.Integer, true); | ||
curve.n = utils.mpNormalize( | ||
der.readString(asn1.Ber.Integer, true)); | ||
curve.h = utils.mpNormalize( | ||
der.readString(asn1.Ber.Integer, true)); | ||
assert.strictEqual(curve.h[0], 0x1, 'a cofactor=1 curve is ' + | ||
@@ -243,10 +251,13 @@ 'required'); | ||
curveNames = Object.keys(algs.curves); | ||
var ks = Object.keys(curve); | ||
for (j = 0; j < curveNames.length; ++j) { | ||
c = curveNames[j]; | ||
cd = algs.curves[c]; | ||
var ks = Object.keys(cd); | ||
var equal = true; | ||
for (var i = 0; i < ks.length; ++i) { | ||
var k = ks[i]; | ||
if (typeof (cd[k]) === 'object') { | ||
if (cd[k] === undefined) | ||
continue; | ||
if (typeof (cd[k]) === 'object' && | ||
cd[k].equals !== undefined) { | ||
if (!cd[k].equals(curve[k])) { | ||
@@ -256,2 +267,8 @@ equal = false; | ||
} | ||
} else if (Buffer.isBuffer(cd[k])) { | ||
if (cd[k].toString('binary') | ||
!== curve[k].toString('binary')) { | ||
equal = false; | ||
break; | ||
} | ||
} else { | ||
@@ -258,0 +275,0 @@ if (cd[k] !== curve[k]) { |
@@ -10,2 +10,3 @@ // Copyright 2015 Joyent, Inc. | ||
var Signature = require('./signature'); | ||
var DiffieHellman = require('./dhe'); | ||
var errs = require('./errors'); | ||
@@ -96,3 +97,4 @@ var utils = require('./utils'); | ||
algo = algo.toLowerCase(); | ||
assert.ok(algs.hashAlgs[algo]); | ||
if (algs.hashAlgs[algo] === undefined) | ||
throw (new InvalidAlgorithmError(algo)); | ||
@@ -181,2 +183,10 @@ if (this._hashCache[algo]) | ||
Key.prototype.createDiffieHellman = function () { | ||
if (this.type === 'rsa') | ||
throw (new Error('RSA keys do not support Diffie-Hellman')); | ||
return (new DiffieHellman(this)); | ||
}; | ||
Key.prototype.createDH = Key.prototype.createDiffieHellman; | ||
Key.parse = function (data, format, name) { | ||
@@ -183,0 +193,0 @@ if (typeof (data) !== 'string') |
@@ -118,2 +118,3 @@ // Copyright 2015 Joyent, Inc. | ||
try { | ||
assert.ok(data.length > 0, 'signature must not be empty'); | ||
switch (opts.type) { | ||
@@ -120,0 +121,0 @@ case 'rsa': |
@@ -109,3 +109,3 @@ // Copyright 2015 Joyent, Inc. | ||
try { | ||
var bigInt = require('jsbn'); | ||
var bigInt = require('jsbn').BigInteger; | ||
} catch (e) { | ||
@@ -127,3 +127,3 @@ throw (new Error('To load a PKCS#8 format DSA private key, ' + | ||
try { | ||
var bigInt = require('jsbn'); | ||
var bigInt = require('jsbn').BigInteger; | ||
} catch (e) { | ||
@@ -130,0 +130,0 @@ throw (new Error('To write a PEM private key from ' + |
{ | ||
"name": "sshpk", | ||
"version": "1.5.1", | ||
"version": "1.6.0", | ||
"description": "A library for finding and using SSH public keys", | ||
@@ -46,9 +46,12 @@ "main": "lib/index.js", | ||
"optionalDependencies": { | ||
"jsbn": ">=0.0.0 <1.0.0", | ||
"jodid25519": ">=1.0.0 <2.0.0" | ||
"jsbn": ">=0.1.0 <0.2.0", | ||
"tweetnacl": ">=0.13.0 <1.0.0", | ||
"jodid25519": ">=1.0.0 <2.0.0", | ||
"ecc-jsbn": ">=0.0.1 <1.0.0" | ||
}, | ||
"devDependencies": { | ||
"tape": ">=3.5.0 <4.0.0", | ||
"benchmark": ">=1.0.0 <2.0.0" | ||
"benchmark": ">=1.0.0 <2.0.0", | ||
"sinon": ">=1.17.2 <2.0.0" | ||
} | ||
} |
@@ -192,2 +192,14 @@ sshpk | ||
### `Key#createDiffieHellman()` | ||
### `Key#createDH()` | ||
Creates a Diffie-Hellman key exchange object initialized with this key and all | ||
necessary parameters. This has the same API as a `crypto.DiffieHellman` | ||
instance, except that functions take `Key` and `PrivateKey` objects as | ||
arguments, and return them where indicated for. | ||
This is only valid for keys belonging to a cryptosystem that supports DHE | ||
or a close analogue (i.e. `dsa`, `ecdsa` and `curve25519` keys). An attempt | ||
to call this function on other keys will yield an `Error`. | ||
## Private keys | ||
@@ -273,2 +285,13 @@ | ||
### `PrivateKey#derive(newType)` | ||
Derives a related key of type `newType` from this key. Currently this is | ||
only supported to change between `ed25519` and `curve25519` keys which are | ||
stored with the same private key (but usually distinct public keys in order | ||
to avoid degenerate keys that lead to a weak Diffie-Hellman exchange). | ||
Parameters | ||
- `newType` -- String, type of key to derive, either `ed25519` or `curve25519` | ||
## Fingerprints | ||
@@ -275,0 +298,0 @@ |
97245
24
2650
401
7
3