Socket
Socket
Sign inDemoInstall

sshpk

Package Overview
Dependencies
9
Maintainers
1
Versions
50
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 1.7.4 to 1.8.0

15

lib/errors.js

@@ -53,2 +53,14 @@ // Copyright 2015 Joyent, Inc.

function KeyEncryptedError(name, format) {
if (Error.captureStackTrace)
Error.captureStackTrace(this, KeyEncryptedError);
this.name = 'KeyEncryptedError';
this.format = format;
this.keyName = name;
this.message = 'The ' + format + ' format key ' + name + ' is ' +
'encrypted (password-protected), and no passphrase was ' +
'provided in `options`';
}
util.inherits(KeyEncryptedError, Error);
module.exports = {

@@ -58,3 +70,4 @@ FingerprintFormatError: FingerprintFormatError,

KeyParseError: KeyParseError,
SignatureParseError: SignatureParseError
SignatureParseError: SignatureParseError,
KeyEncryptedError: KeyEncryptedError
};

16

lib/formats/auto.js

@@ -17,10 +17,10 @@ // Copyright 2015 Joyent, Inc.

function read(buf) {
function read(buf, options) {
if (typeof (buf) === 'string') {
if (buf.trim().match(/^[-]+[ ]*BEGIN/))
return (pem.read(buf));
return (pem.read(buf, options));
if (buf.match(/^\s*ssh-[a-z]/))
return (ssh.read(buf));
return (ssh.read(buf, options));
if (buf.match(/^\s*ecdsa-/))
return (ssh.read(buf));
return (ssh.read(buf, options));
buf = new Buffer(buf, 'binary');

@@ -30,8 +30,8 @@ } else {

if (findPEMHeader(buf))
return (pem.read(buf));
return (pem.read(buf, options));
if (findSSHHeader(buf))
return (ssh.read(buf));
return (ssh.read(buf, options));
}
if (buf.readUInt32BE(0) < buf.length)
return (rfc4253.read(buf));
return (rfc4253.read(buf, options));
throw (new Error('Failed to auto-detect format of key'));

@@ -73,4 +73,4 @@ }

function write(key) {
function write(key, options) {
throw (new Error('"auto" format cannot be used for writing'));
}

@@ -10,2 +10,3 @@ // Copyright 2015 Joyent, Inc.

var asn1 = require('asn1');
var crypto = require('crypto');
var algs = require('../algs');

@@ -21,2 +22,4 @@ var utils = require('../utils');

var errors = require('../errors');
/*

@@ -26,3 +29,3 @@ * For reading we support both PKCS#1 and PKCS#8. If we find a private key,

*/
function read(buf, forceType) {
function read(buf, options, forceType) {
var input = buf;

@@ -64,8 +67,22 @@ if (typeof (buf) !== 'string') {

}
var cipher, key, iv;
if (headers['proc-type']) {
var parts = headers['proc-type'].split(',');
if (parts[0] === '4' && parts[1] === 'ENCRYPTED') {
throw (new Error('PEM key is encrypted ' +
'(password-protected). Please use the ' +
'SSH agent or decrypt the key.'));
if (typeof (options.passphrase) === 'string') {
options.passphrase = new Buffer(
options.passphrase, 'utf-8');
}
if (!Buffer.isBuffer(options.passphrase)) {
throw (new errors.KeyEncryptedError(
options.filename, 'PEM'));
} else {
parts = headers['dek-info'].split(',');
assert.ok(parts.length === 2);
cipher = parts[0].toLowerCase();
iv = new Buffer(parts[1], 'hex');
key = utils.opensslKeyDeriv(cipher, iv,
options.passphrase, 1).key;
}
}

@@ -78,2 +95,19 @@ }

if (cipher && key && iv) {
var cipherStream = crypto.createDecipheriv(cipher, key, iv);
var chunk, chunks = [];
cipherStream.once('error', function (e) {
if (e.toString().indexOf('bad decrypt') !== -1) {
throw (new Error('Incorrect passphrase ' +
'supplied, could not decrypt key'));
}
throw (e);
});
cipherStream.write(buf);
cipherStream.end();
while ((chunk = cipherStream.read()) !== null)
chunks.push(chunk);
buf = Buffer.concat(chunks);
}
/* The new OpenSSH internal format abuses PEM headers */

@@ -106,3 +140,3 @@ if (alg && alg.toLowerCase() === 'openssh')

function write(key, type) {
function write(key, options, type) {
assert.object(key);

@@ -109,0 +143,0 @@

@@ -22,8 +22,8 @@ // Copyright 2015 Joyent, Inc.

function read(buf) {
return (pem.read(buf, 'pkcs1'));
function read(buf, options) {
return (pem.read(buf, options, 'pkcs1'));
}
function write(key) {
return (pem.write(key, 'pkcs1'));
function write(key, options) {
return (pem.write(key, options, 'pkcs1'));
}

@@ -30,0 +30,0 @@

@@ -21,8 +21,8 @@ // Copyright 2015 Joyent, Inc.

function read(buf) {
return (pem.read(buf, 'pkcs8'));
function read(buf, options) {
return (pem.read(buf, options, 'pkcs8'));
}
function write(key) {
return (pem.write(key, 'pkcs8'));
function write(key, options) {
return (pem.write(key, options, 'pkcs8'));
}

@@ -29,0 +29,0 @@

@@ -55,3 +55,3 @@ // Copyright 2015 Joyent, Inc.

function read(partial, type, buf) {
function read(partial, type, buf, options) {
if (typeof (buf) === 'string')

@@ -124,3 +124,3 @@ buf = new Buffer(buf);

function write(key) {
function write(key, options) {
assert.object(key);

@@ -127,0 +127,0 @@

@@ -21,4 +21,4 @@ // Copyright 2015 Joyent, Inc.

function read(buf) {
return (pem.read(buf));
function read(buf, options) {
return (pem.read(buf, options));
}

@@ -80,3 +80,3 @@

function write(key) {
function write(key, options) {
var pubKey;

@@ -83,0 +83,0 @@ if (PrivateKey.isPrivateKey(key))

@@ -21,3 +21,3 @@ // Copyright 2015 Joyent, Inc.

function read(buf) {
function read(buf, options) {
if (typeof (buf) !== 'string') {

@@ -99,3 +99,3 @@ assert.buffer(buf, 'buf');

function write(key) {
function write(key, options) {
assert.object(key);

@@ -102,0 +102,0 @@ if (!Key.isKey(key))

@@ -80,3 +80,3 @@ // Copyright 2015 Joyent, Inc.

Key.prototype.toBuffer = function (format) {
Key.prototype.toBuffer = function (format, options) {
if (format === undefined)

@@ -86,2 +86,3 @@ format = 'ssh';

assert.object(formats[format], 'formats[format]');
assert.optionalObject(options, 'options');

@@ -94,7 +95,7 @@ if (format === 'rfc4253') {

return (formats[format].write(this));
return (formats[format].write(this, options));
};
Key.prototype.toString = function (format) {
return (this.toBuffer(format).toString());
Key.prototype.toString = function (format, options) {
return (this.toBuffer(format, options).toString());
};

@@ -113,5 +114,2 @@

update(this.toBuffer('rfc4253')).digest();
/* Workaround for node 0.8 */
if (typeof (hash) === 'string')
hash = new Buffer(hash, 'binary');
this._hashCache[algo] = hash;

@@ -220,3 +218,3 @@ return (hash);

Key.parse = function (data, format, name) {
Key.parse = function (data, format, options) {
if (typeof (data) !== 'string')

@@ -227,4 +225,10 @@ assert.buffer(data, 'data');

assert.string(format, 'format');
if (name === undefined)
name = '(unnamed)';
if (typeof (options) === 'string')
options = { filename: options };
assert.optionalObject(options, 'options');
if (options === undefined)
options = {};
assert.optionalString(options.filename, 'options.filename');
if (options.filename === undefined)
options.filename = '(unnamed)';

@@ -234,10 +238,12 @@ assert.object(formats[format], 'formats[format]');

try {
var k = formats[format].read(data);
var k = formats[format].read(data, options);
if (k instanceof PrivateKey)
k = k.toPublic();
if (!k.comment)
k.comment = name;
k.comment = options.filename;
return (k);
} catch (e) {
throw (new KeyParseError(name, format, e));
if (e.name === 'KeyEncryptedError')
throw (e);
throw (new KeyParseError(options.filename, format, e));
}

@@ -244,0 +250,0 @@ };

@@ -26,2 +26,3 @@ // Copyright 2015 Joyent, Inc.

var KeyParseError = errs.KeyParseError;
var KeyEncryptedError = errs.KeyEncryptedError;

@@ -48,3 +49,3 @@ var formats = {};

PrivateKey.prototype.toBuffer = function (format) {
PrivateKey.prototype.toBuffer = function (format, options) {
if (format === undefined)

@@ -54,4 +55,5 @@ format = 'pkcs1';

assert.object(formats[format], 'formats[format]');
assert.optionalObject(options, 'options');
return (formats[format].write(this));
return (formats[format].write(this, options));
};

@@ -181,3 +183,3 @@

PrivateKey.parse = function (data, format, name) {
PrivateKey.parse = function (data, format, options) {
if (typeof (data) !== 'string')

@@ -188,4 +190,10 @@ assert.buffer(data, 'data');

assert.string(format, 'format');
if (name === undefined)
name = '(unnamed)';
if (typeof (options) === 'string')
options = { filename: options };
assert.optionalObject(options, 'options');
if (options === undefined)
options = {};
assert.optionalString(options.filename, 'options.filename');
if (options.filename === undefined)
options.filename = '(unnamed)';

@@ -195,9 +203,11 @@ assert.object(formats[format], 'formats[format]');

try {
var k = formats[format].read(data);
var k = formats[format].read(data, options);
assert.ok(k instanceof PrivateKey, 'key is not a private key');
if (!k.comment)
k.comment = name;
k.comment = options.filename;
return (k);
} catch (e) {
throw (new KeyParseError(name, format, e));
if (e.name === 'KeyEncryptedError')
throw (e);
throw (new KeyParseError(options.filename, format, e));
}

@@ -204,0 +214,0 @@ };

@@ -11,3 +11,4 @@ // Copyright 2015 Joyent, Inc.

assertCompatible: assertCompatible,
isCompatible: isCompatible
isCompatible: isCompatible,
opensslKeyDeriv: opensslKeyDeriv
};

@@ -17,2 +18,3 @@

var PrivateKey = require('./private-key');
var crypto = require('crypto');

@@ -73,2 +75,39 @@ var MAX_CLASS_DEPTH = 3;

var CIPHER_LEN = {
'des-ede3-cbc': { key: 7, iv: 8 },
'aes-128-cbc': { key: 16, iv: 16 }
};
var PKCS5_SALT_LEN = 8;
function opensslKeyDeriv(cipher, salt, passphrase, count) {
assert.buffer(salt, 'salt');
assert.buffer(passphrase, 'passphrase');
assert.number(count, 'iteration count');
var clen = CIPHER_LEN[cipher];
assert.object(clen, 'supported cipher');
salt = salt.slice(0, PKCS5_SALT_LEN);
var D, D_prev, bufs;
var material = new Buffer(0);
while (material.length < clen.key + clen.iv) {
bufs = [];
if (D_prev)
bufs.push(D_prev);
bufs.push(passphrase);
bufs.push(salt);
D = Buffer.concat(bufs);
for (var j = 0; j < count; ++j)
D = crypto.createHash('md5').update(D).digest();
material = Buffer.concat([material, D]);
D_prev = D;
}
return ({
key: material.slice(0, clen.key),
iv: material.slice(clen.key, clen.key + clen.iv)
});
}
/* Count leading zero bits on a buffer */

@@ -75,0 +114,0 @@ function countZeros(buf) {

{
"name": "sshpk",
"version": "1.7.4",
"version": "1.8.0",
"description": "A library for finding and using SSH public keys",

@@ -33,3 +33,3 @@ "main": "lib/index.js",

"engines": {
"node": ">=0.8.0"
"node": ">=0.10.0"
},

@@ -43,18 +43,19 @@ "directories": {

"dependencies": {
"asn1": ">=0.2.3 <0.3.0",
"assert-plus": ">=0.2.0 <0.3.0",
"dashdash": ">=1.10.1 <2.0.0"
"asn1": "~0.2.3",
"assert-plus": "^1.0.0",
"dashdash": "^1.12.0",
"getpass": "^0.1.1"
},
"optionalDependencies": {
"jsbn": ">=0.1.0 <0.2.0",
"tweetnacl": ">=0.13.0 <1.0.0",
"jodid25519": ">=1.0.0 <2.0.0",
"ecc-jsbn": ">=0.0.1 <1.0.0"
"jsbn": "~0.1.0",
"tweetnacl": "~0.13.0",
"jodid25519": "^1.0.0",
"ecc-jsbn": "~0.0.1"
},
"devDependencies": {
"tape": ">=3.5.0 <4.0.0",
"benchmark": ">=1.0.0 <2.0.0",
"sinon": ">=1.17.2 <2.0.0",
"temp": "0.8.2"
"tape": "^3.5.0",
"benchmark": "^1.0.0",
"sinon": "^1.17.2",
"temp": "^0.8.2"
}
}

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc