You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
236 lines
7.0 KiB
236 lines
7.0 KiB
/** |
|
* Functions to output keys in SSH-friendly formats. |
|
* |
|
* This is part of the Forge project which may be used under the terms of |
|
* either the BSD License or the GNU General Public License (GPL) Version 2. |
|
* |
|
* See: https://github.com/digitalbazaar/forge/blob/cbebca3780658703d925b61b2caffb1d263a6c1d/LICENSE |
|
* |
|
* @author https://github.com/shellac |
|
*/ |
|
var forge = require('./forge'); |
|
require('./aes'); |
|
require('./hmac'); |
|
require('./md5'); |
|
require('./sha1'); |
|
require('./util'); |
|
|
|
var ssh = module.exports = forge.ssh = forge.ssh || {}; |
|
|
|
/** |
|
* Encodes (and optionally encrypts) a private RSA key as a Putty PPK file. |
|
* |
|
* @param privateKey the key. |
|
* @param passphrase a passphrase to protect the key (falsy for no encryption). |
|
* @param comment a comment to include in the key file. |
|
* |
|
* @return the PPK file as a string. |
|
*/ |
|
ssh.privateKeyToPutty = function(privateKey, passphrase, comment) { |
|
comment = comment || ''; |
|
passphrase = passphrase || ''; |
|
var algorithm = 'ssh-rsa'; |
|
var encryptionAlgorithm = (passphrase === '') ? 'none' : 'aes256-cbc'; |
|
|
|
var ppk = 'PuTTY-User-Key-File-2: ' + algorithm + '\r\n'; |
|
ppk += 'Encryption: ' + encryptionAlgorithm + '\r\n'; |
|
ppk += 'Comment: ' + comment + '\r\n'; |
|
|
|
// public key into buffer for ppk |
|
var pubbuffer = forge.util.createBuffer(); |
|
_addStringToBuffer(pubbuffer, algorithm); |
|
_addBigIntegerToBuffer(pubbuffer, privateKey.e); |
|
_addBigIntegerToBuffer(pubbuffer, privateKey.n); |
|
|
|
// write public key |
|
var pub = forge.util.encode64(pubbuffer.bytes(), 64); |
|
var length = Math.floor(pub.length / 66) + 1; // 66 = 64 + \r\n |
|
ppk += 'Public-Lines: ' + length + '\r\n'; |
|
ppk += pub; |
|
|
|
// private key into a buffer |
|
var privbuffer = forge.util.createBuffer(); |
|
_addBigIntegerToBuffer(privbuffer, privateKey.d); |
|
_addBigIntegerToBuffer(privbuffer, privateKey.p); |
|
_addBigIntegerToBuffer(privbuffer, privateKey.q); |
|
_addBigIntegerToBuffer(privbuffer, privateKey.qInv); |
|
|
|
// optionally encrypt the private key |
|
var priv; |
|
if(!passphrase) { |
|
// use the unencrypted buffer |
|
priv = forge.util.encode64(privbuffer.bytes(), 64); |
|
} else { |
|
// encrypt RSA key using passphrase |
|
var encLen = privbuffer.length() + 16 - 1; |
|
encLen -= encLen % 16; |
|
|
|
// pad private key with sha1-d data -- needs to be a multiple of 16 |
|
var padding = _sha1(privbuffer.bytes()); |
|
|
|
padding.truncate(padding.length() - encLen + privbuffer.length()); |
|
privbuffer.putBuffer(padding); |
|
|
|
var aeskey = forge.util.createBuffer(); |
|
aeskey.putBuffer(_sha1('\x00\x00\x00\x00', passphrase)); |
|
aeskey.putBuffer(_sha1('\x00\x00\x00\x01', passphrase)); |
|
|
|
// encrypt some bytes using CBC mode |
|
// key is 40 bytes, so truncate *by* 8 bytes |
|
var cipher = forge.aes.createEncryptionCipher(aeskey.truncate(8), 'CBC'); |
|
cipher.start(forge.util.createBuffer().fillWithByte(0, 16)); |
|
cipher.update(privbuffer.copy()); |
|
cipher.finish(); |
|
var encrypted = cipher.output; |
|
|
|
// Note: this appears to differ from Putty -- is forge wrong, or putty? |
|
// due to padding we finish as an exact multiple of 16 |
|
encrypted.truncate(16); // all padding |
|
|
|
priv = forge.util.encode64(encrypted.bytes(), 64); |
|
} |
|
|
|
// output private key |
|
length = Math.floor(priv.length / 66) + 1; // 64 + \r\n |
|
ppk += '\r\nPrivate-Lines: ' + length + '\r\n'; |
|
ppk += priv; |
|
|
|
// MAC |
|
var mackey = _sha1('putty-private-key-file-mac-key', passphrase); |
|
|
|
var macbuffer = forge.util.createBuffer(); |
|
_addStringToBuffer(macbuffer, algorithm); |
|
_addStringToBuffer(macbuffer, encryptionAlgorithm); |
|
_addStringToBuffer(macbuffer, comment); |
|
macbuffer.putInt32(pubbuffer.length()); |
|
macbuffer.putBuffer(pubbuffer); |
|
macbuffer.putInt32(privbuffer.length()); |
|
macbuffer.putBuffer(privbuffer); |
|
|
|
var hmac = forge.hmac.create(); |
|
hmac.start('sha1', mackey); |
|
hmac.update(macbuffer.bytes()); |
|
|
|
ppk += '\r\nPrivate-MAC: ' + hmac.digest().toHex() + '\r\n'; |
|
|
|
return ppk; |
|
}; |
|
|
|
/** |
|
* Encodes a public RSA key as an OpenSSH file. |
|
* |
|
* @param key the key. |
|
* @param comment a comment. |
|
* |
|
* @return the public key in OpenSSH format. |
|
*/ |
|
ssh.publicKeyToOpenSSH = function(key, comment) { |
|
var type = 'ssh-rsa'; |
|
comment = comment || ''; |
|
|
|
var buffer = forge.util.createBuffer(); |
|
_addStringToBuffer(buffer, type); |
|
_addBigIntegerToBuffer(buffer, key.e); |
|
_addBigIntegerToBuffer(buffer, key.n); |
|
|
|
return type + ' ' + forge.util.encode64(buffer.bytes()) + ' ' + comment; |
|
}; |
|
|
|
/** |
|
* Encodes a private RSA key as an OpenSSH file. |
|
* |
|
* @param key the key. |
|
* @param passphrase a passphrase to protect the key (falsy for no encryption). |
|
* |
|
* @return the public key in OpenSSH format. |
|
*/ |
|
ssh.privateKeyToOpenSSH = function(privateKey, passphrase) { |
|
if(!passphrase) { |
|
return forge.pki.privateKeyToPem(privateKey); |
|
} |
|
// OpenSSH private key is just a legacy format, it seems |
|
return forge.pki.encryptRsaPrivateKey(privateKey, passphrase, |
|
{legacy: true, algorithm: 'aes128'}); |
|
}; |
|
|
|
/** |
|
* Gets the SSH fingerprint for the given public key. |
|
* |
|
* @param options the options to use. |
|
* [md] the message digest object to use (defaults to forge.md.md5). |
|
* [encoding] an alternative output encoding, such as 'hex' |
|
* (defaults to none, outputs a byte buffer). |
|
* [delimiter] the delimiter to use between bytes for 'hex' encoded |
|
* output, eg: ':' (defaults to none). |
|
* |
|
* @return the fingerprint as a byte buffer or other encoding based on options. |
|
*/ |
|
ssh.getPublicKeyFingerprint = function(key, options) { |
|
options = options || {}; |
|
var md = options.md || forge.md.md5.create(); |
|
|
|
var type = 'ssh-rsa'; |
|
var buffer = forge.util.createBuffer(); |
|
_addStringToBuffer(buffer, type); |
|
_addBigIntegerToBuffer(buffer, key.e); |
|
_addBigIntegerToBuffer(buffer, key.n); |
|
|
|
// hash public key bytes |
|
md.start(); |
|
md.update(buffer.getBytes()); |
|
var digest = md.digest(); |
|
if(options.encoding === 'hex') { |
|
var hex = digest.toHex(); |
|
if(options.delimiter) { |
|
return hex.match(/.{2}/g).join(options.delimiter); |
|
} |
|
return hex; |
|
} else if(options.encoding === 'binary') { |
|
return digest.getBytes(); |
|
} else if(options.encoding) { |
|
throw new Error('Unknown encoding "' + options.encoding + '".'); |
|
} |
|
return digest; |
|
}; |
|
|
|
/** |
|
* Adds len(val) then val to a buffer. |
|
* |
|
* @param buffer the buffer to add to. |
|
* @param val a big integer. |
|
*/ |
|
function _addBigIntegerToBuffer(buffer, val) { |
|
var hexVal = val.toString(16); |
|
// ensure 2s complement +ve |
|
if(hexVal[0] >= '8') { |
|
hexVal = '00' + hexVal; |
|
} |
|
var bytes = forge.util.hexToBytes(hexVal); |
|
buffer.putInt32(bytes.length); |
|
buffer.putBytes(bytes); |
|
} |
|
|
|
/** |
|
* Adds len(val) then val to a buffer. |
|
* |
|
* @param buffer the buffer to add to. |
|
* @param val a string. |
|
*/ |
|
function _addStringToBuffer(buffer, val) { |
|
buffer.putInt32(val.length); |
|
buffer.putString(val); |
|
} |
|
|
|
/** |
|
* Hashes the arguments into one value using SHA-1. |
|
* |
|
* @return the sha1 hash of the provided arguments. |
|
*/ |
|
function _sha1() { |
|
var sha = forge.md.sha1.create(); |
|
var num = arguments.length; |
|
for (var i = 0; i < num; ++i) { |
|
sha.update(arguments[i]); |
|
} |
|
return sha.digest(); |
|
}
|
|
|