sshpk
Advanced tools
Comparing version 1.7.4 to 1.8.0
@@ -53,2 +53,14 @@ // Copyright 2015 Joyent, Inc. | ||
function KeyEncryptedError(name, format) { | ||
if (Error.captureStackTrace) | ||
Error.captureStackTrace(this, KeyEncryptedError); | ||
this.name = 'KeyEncryptedError'; | ||
this.format = format; | ||
this.keyName = name; | ||
this.message = 'The ' + format + ' format key ' + name + ' is ' + | ||
'encrypted (password-protected), and no passphrase was ' + | ||
'provided in `options`'; | ||
} | ||
util.inherits(KeyEncryptedError, Error); | ||
module.exports = { | ||
@@ -58,3 +70,4 @@ FingerprintFormatError: FingerprintFormatError, | ||
KeyParseError: KeyParseError, | ||
SignatureParseError: SignatureParseError | ||
SignatureParseError: SignatureParseError, | ||
KeyEncryptedError: KeyEncryptedError | ||
}; |
@@ -17,10 +17,10 @@ // Copyright 2015 Joyent, Inc. | ||
function read(buf) { | ||
function read(buf, options) { | ||
if (typeof (buf) === 'string') { | ||
if (buf.trim().match(/^[-]+[ ]*BEGIN/)) | ||
return (pem.read(buf)); | ||
return (pem.read(buf, options)); | ||
if (buf.match(/^\s*ssh-[a-z]/)) | ||
return (ssh.read(buf)); | ||
return (ssh.read(buf, options)); | ||
if (buf.match(/^\s*ecdsa-/)) | ||
return (ssh.read(buf)); | ||
return (ssh.read(buf, options)); | ||
buf = new Buffer(buf, 'binary'); | ||
@@ -30,8 +30,8 @@ } else { | ||
if (findPEMHeader(buf)) | ||
return (pem.read(buf)); | ||
return (pem.read(buf, options)); | ||
if (findSSHHeader(buf)) | ||
return (ssh.read(buf)); | ||
return (ssh.read(buf, options)); | ||
} | ||
if (buf.readUInt32BE(0) < buf.length) | ||
return (rfc4253.read(buf)); | ||
return (rfc4253.read(buf, options)); | ||
throw (new Error('Failed to auto-detect format of key')); | ||
@@ -73,4 +73,4 @@ } | ||
function write(key) { | ||
function write(key, options) { | ||
throw (new Error('"auto" format cannot be used for writing')); | ||
} |
@@ -10,2 +10,3 @@ // Copyright 2015 Joyent, Inc. | ||
var asn1 = require('asn1'); | ||
var crypto = require('crypto'); | ||
var algs = require('../algs'); | ||
@@ -21,2 +22,4 @@ var utils = require('../utils'); | ||
var errors = require('../errors'); | ||
/* | ||
@@ -26,3 +29,3 @@ * For reading we support both PKCS#1 and PKCS#8. If we find a private key, | ||
*/ | ||
function read(buf, forceType) { | ||
function read(buf, options, forceType) { | ||
var input = buf; | ||
@@ -64,8 +67,22 @@ if (typeof (buf) !== 'string') { | ||
} | ||
var cipher, key, iv; | ||
if (headers['proc-type']) { | ||
var parts = headers['proc-type'].split(','); | ||
if (parts[0] === '4' && parts[1] === 'ENCRYPTED') { | ||
throw (new Error('PEM key is encrypted ' + | ||
'(password-protected). Please use the ' + | ||
'SSH agent or decrypt the key.')); | ||
if (typeof (options.passphrase) === 'string') { | ||
options.passphrase = new Buffer( | ||
options.passphrase, 'utf-8'); | ||
} | ||
if (!Buffer.isBuffer(options.passphrase)) { | ||
throw (new errors.KeyEncryptedError( | ||
options.filename, 'PEM')); | ||
} else { | ||
parts = headers['dek-info'].split(','); | ||
assert.ok(parts.length === 2); | ||
cipher = parts[0].toLowerCase(); | ||
iv = new Buffer(parts[1], 'hex'); | ||
key = utils.opensslKeyDeriv(cipher, iv, | ||
options.passphrase, 1).key; | ||
} | ||
} | ||
@@ -78,2 +95,19 @@ } | ||
if (cipher && key && iv) { | ||
var cipherStream = crypto.createDecipheriv(cipher, key, iv); | ||
var chunk, chunks = []; | ||
cipherStream.once('error', function (e) { | ||
if (e.toString().indexOf('bad decrypt') !== -1) { | ||
throw (new Error('Incorrect passphrase ' + | ||
'supplied, could not decrypt key')); | ||
} | ||
throw (e); | ||
}); | ||
cipherStream.write(buf); | ||
cipherStream.end(); | ||
while ((chunk = cipherStream.read()) !== null) | ||
chunks.push(chunk); | ||
buf = Buffer.concat(chunks); | ||
} | ||
/* The new OpenSSH internal format abuses PEM headers */ | ||
@@ -106,3 +140,3 @@ if (alg && alg.toLowerCase() === 'openssh') | ||
function write(key, type) { | ||
function write(key, options, type) { | ||
assert.object(key); | ||
@@ -109,0 +143,0 @@ |
@@ -22,8 +22,8 @@ // Copyright 2015 Joyent, Inc. | ||
function read(buf) { | ||
return (pem.read(buf, 'pkcs1')); | ||
function read(buf, options) { | ||
return (pem.read(buf, options, 'pkcs1')); | ||
} | ||
function write(key) { | ||
return (pem.write(key, 'pkcs1')); | ||
function write(key, options) { | ||
return (pem.write(key, options, 'pkcs1')); | ||
} | ||
@@ -30,0 +30,0 @@ |
@@ -21,8 +21,8 @@ // Copyright 2015 Joyent, Inc. | ||
function read(buf) { | ||
return (pem.read(buf, 'pkcs8')); | ||
function read(buf, options) { | ||
return (pem.read(buf, options, 'pkcs8')); | ||
} | ||
function write(key) { | ||
return (pem.write(key, 'pkcs8')); | ||
function write(key, options) { | ||
return (pem.write(key, options, 'pkcs8')); | ||
} | ||
@@ -29,0 +29,0 @@ |
@@ -55,3 +55,3 @@ // Copyright 2015 Joyent, Inc. | ||
function read(partial, type, buf) { | ||
function read(partial, type, buf, options) { | ||
if (typeof (buf) === 'string') | ||
@@ -124,3 +124,3 @@ buf = new Buffer(buf); | ||
function write(key) { | ||
function write(key, options) { | ||
assert.object(key); | ||
@@ -127,0 +127,0 @@ |
@@ -21,4 +21,4 @@ // Copyright 2015 Joyent, Inc. | ||
function read(buf) { | ||
return (pem.read(buf)); | ||
function read(buf, options) { | ||
return (pem.read(buf, options)); | ||
} | ||
@@ -80,3 +80,3 @@ | ||
function write(key) { | ||
function write(key, options) { | ||
var pubKey; | ||
@@ -83,0 +83,0 @@ if (PrivateKey.isPrivateKey(key)) |
@@ -21,3 +21,3 @@ // Copyright 2015 Joyent, Inc. | ||
function read(buf) { | ||
function read(buf, options) { | ||
if (typeof (buf) !== 'string') { | ||
@@ -99,3 +99,3 @@ assert.buffer(buf, 'buf'); | ||
function write(key) { | ||
function write(key, options) { | ||
assert.object(key); | ||
@@ -102,0 +102,0 @@ if (!Key.isKey(key)) |
@@ -80,3 +80,3 @@ // Copyright 2015 Joyent, Inc. | ||
Key.prototype.toBuffer = function (format) { | ||
Key.prototype.toBuffer = function (format, options) { | ||
if (format === undefined) | ||
@@ -86,2 +86,3 @@ format = 'ssh'; | ||
assert.object(formats[format], 'formats[format]'); | ||
assert.optionalObject(options, 'options'); | ||
@@ -94,7 +95,7 @@ if (format === 'rfc4253') { | ||
return (formats[format].write(this)); | ||
return (formats[format].write(this, options)); | ||
}; | ||
Key.prototype.toString = function (format) { | ||
return (this.toBuffer(format).toString()); | ||
Key.prototype.toString = function (format, options) { | ||
return (this.toBuffer(format, options).toString()); | ||
}; | ||
@@ -113,5 +114,2 @@ | ||
update(this.toBuffer('rfc4253')).digest(); | ||
/* Workaround for node 0.8 */ | ||
if (typeof (hash) === 'string') | ||
hash = new Buffer(hash, 'binary'); | ||
this._hashCache[algo] = hash; | ||
@@ -220,3 +218,3 @@ return (hash); | ||
Key.parse = function (data, format, name) { | ||
Key.parse = function (data, format, options) { | ||
if (typeof (data) !== 'string') | ||
@@ -227,4 +225,10 @@ assert.buffer(data, 'data'); | ||
assert.string(format, 'format'); | ||
if (name === undefined) | ||
name = '(unnamed)'; | ||
if (typeof (options) === 'string') | ||
options = { filename: options }; | ||
assert.optionalObject(options, 'options'); | ||
if (options === undefined) | ||
options = {}; | ||
assert.optionalString(options.filename, 'options.filename'); | ||
if (options.filename === undefined) | ||
options.filename = '(unnamed)'; | ||
@@ -234,10 +238,12 @@ assert.object(formats[format], 'formats[format]'); | ||
try { | ||
var k = formats[format].read(data); | ||
var k = formats[format].read(data, options); | ||
if (k instanceof PrivateKey) | ||
k = k.toPublic(); | ||
if (!k.comment) | ||
k.comment = name; | ||
k.comment = options.filename; | ||
return (k); | ||
} catch (e) { | ||
throw (new KeyParseError(name, format, e)); | ||
if (e.name === 'KeyEncryptedError') | ||
throw (e); | ||
throw (new KeyParseError(options.filename, format, e)); | ||
} | ||
@@ -244,0 +250,0 @@ }; |
@@ -26,2 +26,3 @@ // Copyright 2015 Joyent, Inc. | ||
var KeyParseError = errs.KeyParseError; | ||
var KeyEncryptedError = errs.KeyEncryptedError; | ||
@@ -48,3 +49,3 @@ var formats = {}; | ||
PrivateKey.prototype.toBuffer = function (format) { | ||
PrivateKey.prototype.toBuffer = function (format, options) { | ||
if (format === undefined) | ||
@@ -54,4 +55,5 @@ format = 'pkcs1'; | ||
assert.object(formats[format], 'formats[format]'); | ||
assert.optionalObject(options, 'options'); | ||
return (formats[format].write(this)); | ||
return (formats[format].write(this, options)); | ||
}; | ||
@@ -181,3 +183,3 @@ | ||
PrivateKey.parse = function (data, format, name) { | ||
PrivateKey.parse = function (data, format, options) { | ||
if (typeof (data) !== 'string') | ||
@@ -188,4 +190,10 @@ assert.buffer(data, 'data'); | ||
assert.string(format, 'format'); | ||
if (name === undefined) | ||
name = '(unnamed)'; | ||
if (typeof (options) === 'string') | ||
options = { filename: options }; | ||
assert.optionalObject(options, 'options'); | ||
if (options === undefined) | ||
options = {}; | ||
assert.optionalString(options.filename, 'options.filename'); | ||
if (options.filename === undefined) | ||
options.filename = '(unnamed)'; | ||
@@ -195,9 +203,11 @@ assert.object(formats[format], 'formats[format]'); | ||
try { | ||
var k = formats[format].read(data); | ||
var k = formats[format].read(data, options); | ||
assert.ok(k instanceof PrivateKey, 'key is not a private key'); | ||
if (!k.comment) | ||
k.comment = name; | ||
k.comment = options.filename; | ||
return (k); | ||
} catch (e) { | ||
throw (new KeyParseError(name, format, e)); | ||
if (e.name === 'KeyEncryptedError') | ||
throw (e); | ||
throw (new KeyParseError(options.filename, format, e)); | ||
} | ||
@@ -204,0 +214,0 @@ }; |
@@ -11,3 +11,4 @@ // Copyright 2015 Joyent, Inc. | ||
assertCompatible: assertCompatible, | ||
isCompatible: isCompatible | ||
isCompatible: isCompatible, | ||
opensslKeyDeriv: opensslKeyDeriv | ||
}; | ||
@@ -17,2 +18,3 @@ | ||
var PrivateKey = require('./private-key'); | ||
var crypto = require('crypto'); | ||
@@ -73,2 +75,39 @@ var MAX_CLASS_DEPTH = 3; | ||
var CIPHER_LEN = { | ||
'des-ede3-cbc': { key: 7, iv: 8 }, | ||
'aes-128-cbc': { key: 16, iv: 16 } | ||
}; | ||
var PKCS5_SALT_LEN = 8; | ||
function opensslKeyDeriv(cipher, salt, passphrase, count) { | ||
assert.buffer(salt, 'salt'); | ||
assert.buffer(passphrase, 'passphrase'); | ||
assert.number(count, 'iteration count'); | ||
var clen = CIPHER_LEN[cipher]; | ||
assert.object(clen, 'supported cipher'); | ||
salt = salt.slice(0, PKCS5_SALT_LEN); | ||
var D, D_prev, bufs; | ||
var material = new Buffer(0); | ||
while (material.length < clen.key + clen.iv) { | ||
bufs = []; | ||
if (D_prev) | ||
bufs.push(D_prev); | ||
bufs.push(passphrase); | ||
bufs.push(salt); | ||
D = Buffer.concat(bufs); | ||
for (var j = 0; j < count; ++j) | ||
D = crypto.createHash('md5').update(D).digest(); | ||
material = Buffer.concat([material, D]); | ||
D_prev = D; | ||
} | ||
return ({ | ||
key: material.slice(0, clen.key), | ||
iv: material.slice(clen.key, clen.key + clen.iv) | ||
}); | ||
} | ||
/* Count leading zero bits on a buffer */ | ||
@@ -75,0 +114,0 @@ function countZeros(buf) { |
{ | ||
"name": "sshpk", | ||
"version": "1.7.4", | ||
"version": "1.8.0", | ||
"description": "A library for finding and using SSH public keys", | ||
@@ -33,3 +33,3 @@ "main": "lib/index.js", | ||
"engines": { | ||
"node": ">=0.8.0" | ||
"node": ">=0.10.0" | ||
}, | ||
@@ -43,18 +43,19 @@ "directories": { | ||
"dependencies": { | ||
"asn1": ">=0.2.3 <0.3.0", | ||
"assert-plus": ">=0.2.0 <0.3.0", | ||
"dashdash": ">=1.10.1 <2.0.0" | ||
"asn1": "~0.2.3", | ||
"assert-plus": "^1.0.0", | ||
"dashdash": "^1.12.0", | ||
"getpass": "^0.1.1" | ||
}, | ||
"optionalDependencies": { | ||
"jsbn": ">=0.1.0 <0.2.0", | ||
"tweetnacl": ">=0.13.0 <1.0.0", | ||
"jodid25519": ">=1.0.0 <2.0.0", | ||
"ecc-jsbn": ">=0.0.1 <1.0.0" | ||
"jsbn": "~0.1.0", | ||
"tweetnacl": "~0.13.0", | ||
"jodid25519": "^1.0.0", | ||
"ecc-jsbn": "~0.0.1" | ||
}, | ||
"devDependencies": { | ||
"tape": ">=3.5.0 <4.0.0", | ||
"benchmark": ">=1.0.0 <2.0.0", | ||
"sinon": ">=1.17.2 <2.0.0", | ||
"temp": "0.8.2" | ||
"tape": "^3.5.0", | ||
"benchmark": "^1.0.0", | ||
"sinon": "^1.17.2", | ||
"temp": "^0.8.2" | ||
} | ||
} |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
123164
2909
8
+ Addedgetpass@^0.1.1
+ Addedecc-jsbn@0.0.1(transitive)
+ Addedgetpass@0.1.7(transitive)
+ Addedtweetnacl@0.13.3(transitive)
- Removedassert-plus@0.2.0(transitive)
- Removedecc-jsbn@0.2.0(transitive)
- Removedtweetnacl@0.14.5(transitive)
Updatedasn1@~0.2.3
Updatedassert-plus@^1.0.0
Updateddashdash@^1.12.0