sshpk - npm Package Compare versions

Comparing version 1.5.1 to 1.6.0

lib/algs.js

@@ -59,2 +59,6 @@ // Copyright 2015 Joyent, Inc.
 		    replace(/ /g, ''), 'hex'),
+		a: new Buffer(('00' +
+		    'FFFFFFFF 00000001 00000000 00000000' +
+		    '00000000 FFFFFFFF FFFFFFFF FFFFFFFC').
+		    replace(/ /g, ''), 'hex'),
 		b: new Buffer((
@@ -87,2 +91,7 @@ '5ac635d8 aa3a93e7 b3ebbd55 769886bc' +
 		    replace(/ /g, ''), 'hex'),
+		a: new Buffer(('00' +
+		    'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF' +
+		    'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE' +
+		    'FFFFFFFF 00000000 00000000 FFFFFFFC').
+		    replace(/ /g, ''), 'hex'),
 		b: new Buffer((
@@ -120,2 +129,8 @@ 'b3312fa7 e23ee7e4 988e056b e3f82d19' +
 		    'ffff').replace(/ /g, ''), 'hex'),
+		a: new Buffer(('01FF' +
+		    'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF' +
+		    'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF' +
+		    'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF' +
+		    'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFC').
+		    replace(/ /g, ''), 'hex'),
 		b: new Buffer(('51' +
@@ -122,0 +137,0 @@ '953eb961 8e1c9a1f 929a21a0 b68540ee' +

lib/ed-compat.js

@@ -8,3 +8,3 @@ // Copyright 2015 Joyent, Inc.
 
-var ed;
+var nacl;
 var stream = require('stream');
@@ -16,4 +16,4 @@ var util = require('util');
 function Verifier(key, hashAlgo) {
-	if (ed === undefined)
-		ed = require('jodid25519');
+	if (nacl === undefined)
+		nacl = require('tweetnacl');
 
@@ -50,10 +50,11 @@ if (hashAlgo.toLowerCase() !== 'sha512')
 	assert.buffer(sig);
-	return (ed.eddsa.verify(sig.toString('binary'),
-	    Buffer.concat(this.chunks).toString('binary'),
-	    this.key.part.R.data.toString('binary')));
+	return (nacl.sign.detached.verify(
+	    new Uint8Array(Buffer.concat(this.chunks)),
+	    new Uint8Array(sig),
+	    new Uint8Array(this.key.part.R.data)));
 };
 
 function Signer(key, hashAlgo) {
-	if (ed === undefined)
-		ed = require('jodid25519');
+	if (nacl === undefined)
+		nacl = require('tweetnacl');
 
@@ -83,6 +84,6 @@ if (hashAlgo.toLowerCase() !== 'sha512')
 Signer.prototype.sign = function () {
-	var sig = ed.eddsa.sign(Buffer.concat(this.chunks).toString('binary'),
-	    this.key.part.r.data.slice(0, 32).toString('binary'),
-	    this.key.part.R.data.toString('binary'));
-	var sigBuf = new Buffer(sig, 'binary');
+	var sig = nacl.sign.detached(
+	    new Uint8Array(Buffer.concat(this.chunks)),
+	    new Uint8Array(this.key.part.r.data));
+	var sigBuf = new Buffer(sig);
 	var sigObj = Signature.parse(sigBuf, 'ed25519', 'raw');
@@ -89,0 +90,0 @@ sigObj.hashAlgorithm = 'sha512';

lib/fingerprint.js

@@ -101,2 +101,5 @@ // Copyright 2015 Joyent, Inc.
 
+	if (algs.hashAlgs[alg] === undefined)
+		throw (new InvalidAlgorithmError(alg));
+
 	if (enAlgs !== undefined) {
@@ -103,0 +106,0 @@ enAlgs = enAlgs.map(function (a) { return a.toLowerCase(); });

lib/formats/pkcs1.js

@@ -19,2 +19,5 @@ // Copyright 2015 Joyent, Inc.
 
+var pkcs8 = require('./pkcs8');
+var readECDSACurve = pkcs8.readECDSACurve;
+
 function read(buf) {
@@ -196,16 +199,5 @@ return (pem.read(buf, 'pkcs1'));
 	der.readSequence(0xa0);
-	var curveOid = der.readOID();
+	var curve = readECDSACurve(der);
+	assert.string(curve, 'a known elliptic curve');
 
-	var curve;
-	var curves = Object.keys(algs.curves);
-	for (var j = 0; j < curves.length; ++j) {
-		var c = curves[j];
-		var cd = algs.curves[c];
-		if (cd.pkcs8oid === curveOid) {
-			curve = c;
-			break;
-		}
-	}
-	assert.string(curve, 'a known ECDSA named curve');
-
 	der.readSequence(0xa1);
@@ -212,0 +204,0 @@ var Q = der.readString(asn1.Ber.BitString, true);

lib/formats/pkcs8.js

@@ -7,3 +7,6 @@ // Copyright 2015 Joyent, Inc.
 	write: write,
-	writePkcs8: writePkcs8
+	writePkcs8: writePkcs8,
+
+	readECDSACurve: readECDSACurve,
+	writeECDSACurve: writeECDSACurve
 };
@@ -215,3 +218,4 @@
 		    'ECDSA key is not from a prime-field');
-		var p = curve.p = der.readString(asn1.Ber.Integer, true);
+		var p = curve.p = utils.mpNormalize(
+		    der.readString(asn1.Ber.Integer, true));
 		/*
@@ -225,4 +229,6 @@ * p always starts with a 1 bit, so count the zeros to get its
 		der.readSequence();
-		curve.a = der.readString(asn1.Ber.OctetString, true);
-		curve.b = der.readString(asn1.Ber.OctetString, true);
+		curve.a = utils.mpNormalize(
+		    der.readString(asn1.Ber.OctetString, true));
+		curve.b = utils.mpNormalize(
+		    der.readString(asn1.Ber.OctetString, true));
 		if (der.peek() === asn1.Ber.BitString)
@@ -236,4 +242,6 @@ curve.s = der.readString(asn1.Ber.BitString, true);
 
-		curve.n = der.readString(asn1.Ber.Integer, true);
-		curve.h = der.readString(asn1.Ber.Integer, true);
+		curve.n = utils.mpNormalize(
+		    der.readString(asn1.Ber.Integer, true));
+		curve.h = utils.mpNormalize(
+		    der.readString(asn1.Ber.Integer, true));
 		assert.strictEqual(curve.h[0], 0x1, 'a cofactor=1 curve is ' +
@@ -243,10 +251,13 @@ 'required');
 		curveNames = Object.keys(algs.curves);
+		var ks = Object.keys(curve);
 		for (j = 0; j < curveNames.length; ++j) {
 			c = curveNames[j];
 			cd = algs.curves[c];
-			var ks = Object.keys(cd);
 			var equal = true;
 			for (var i = 0; i < ks.length; ++i) {
 				var k = ks[i];
-				if (typeof (cd[k]) === 'object') {
+				if (cd[k] === undefined)
+					continue;
+				if (typeof (cd[k]) === 'object' &&
+				    cd[k].equals !== undefined) {
 					if (!cd[k].equals(curve[k])) {
@@ -256,2 +267,8 @@ equal = false;
 					}
+				} else if (Buffer.isBuffer(cd[k])) {
+					if (cd[k].toString('binary')
+					    !== curve[k].toString('binary')) {
+						equal = false;
+						break;
+					}
 				} else {
@@ -258,0 +275,0 @@ if (cd[k] !== curve[k]) {

lib/key.js

@@ -10,2 +10,3 @@ // Copyright 2015 Joyent, Inc.
 var Signature = require('./signature');
+var DiffieHellman = require('./dhe');
 var errs = require('./errors');
@@ -96,3 +97,4 @@ var utils = require('./utils');
 	algo = algo.toLowerCase();
-	assert.ok(algs.hashAlgs[algo]);
+	if (algs.hashAlgs[algo] === undefined)
+		throw (new InvalidAlgorithmError(algo));
 
@@ -181,2 +183,10 @@ if (this._hashCache[algo])
 
+Key.prototype.createDiffieHellman = function () {
+	if (this.type === 'rsa')
+		throw (new Error('RSA keys do not support Diffie-Hellman'));
+
+	return (new DiffieHellman(this));
+};
+Key.prototype.createDH = Key.prototype.createDiffieHellman;
+
 Key.parse = function (data, format, name) {
@@ -183,0 +193,0 @@ if (typeof (data) !== 'string')

lib/signature.js

@@ -118,2 +118,3 @@ // Copyright 2015 Joyent, Inc.
 	try {
+		assert.ok(data.length > 0, 'signature must not be empty');
 		switch (opts.type) {
@@ -120,0 +121,0 @@ case 'rsa':

lib/utils.js

@@ -109,3 +109,3 @@ // Copyright 2015 Joyent, Inc.
 	try {
-		var bigInt = require('jsbn');
+		var bigInt = require('jsbn').BigInteger;
 	} catch (e) {
@@ -127,3 +127,3 @@ throw (new Error('To load a PKCS#8 format DSA private key, ' +
 	try {
-		var bigInt = require('jsbn');
+		var bigInt = require('jsbn').BigInteger;
 	} catch (e) {
@@ -130,0 +130,0 @@ throw (new Error('To write a PEM private key from ' +

package.json

 {
   "name": "sshpk",
-  "version": "1.5.1",
+  "version": "1.6.0",
   "description": "A library for finding and using SSH public keys",
@@ -46,9 +46,12 @@ "main": "lib/index.js",
   "optionalDependencies": {
-    "jsbn": ">=0.0.0 <1.0.0",
-    "jodid25519": ">=1.0.0 <2.0.0"
+    "jsbn": ">=0.1.0 <0.2.0",
+    "tweetnacl": ">=0.13.0 <1.0.0",
+    "jodid25519": ">=1.0.0 <2.0.0",
+    "ecc-jsbn": ">=0.0.1 <1.0.0"
   },
   "devDependencies": {
     "tape": ">=3.5.0 <4.0.0",
-    "benchmark": ">=1.0.0 <2.0.0"
+    "benchmark": ">=1.0.0 <2.0.0",
+    "sinon": ">=1.17.2 <2.0.0"
   }
 }

README.md

@@ -192,2 +192,14 @@ sshpk
 
+### `Key#createDiffieHellman()`
+### `Key#createDH()`
+
+Creates a Diffie-Hellman key exchange object initialized with this key and all
+necessary parameters. This has the same API as a `crypto.DiffieHellman`
+instance, except that functions take `Key` and `PrivateKey` objects as
+arguments, and return them where indicated for.
+
+This is only valid for keys belonging to a cryptosystem that supports DHE
+or a close analogue (i.e. `dsa`, `ecdsa` and `curve25519` keys). An attempt
+to call this function on other keys will yield an `Error`.
+
 ## Private keys
@@ -273,2 +285,13 @@
 
+### `PrivateKey#derive(newType)`
+
+Derives a related key of type `newType` from this key. Currently this is
+only supported to change between `ed25519` and `curve25519` keys which are
+stored with the same private key (but usually distinct public keys in order
+to avoid degenerate keys that lead to a weak Diffie-Hellman exchange).
+
+Parameters
+
+- `newType` -- String, type of key to derive, either `ed25519` or `curve25519`
+
 ## Fingerprints
@@ -275,0 +298,0 @@

No alert changes

Improved metrics

Total package byte prevSize

97245

increased by12.42%

Number of package files

24

increased by4.35%

Lines of code

2650

increased by12.77%

Number of lines in readme file

401

increased by6.08%

Worsened metrics

Dependency count

7

increased by40%

Dev dependency count

3

increased by50%

No dependency changes