You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
323 lines
7.9 KiB
323 lines
7.9 KiB
// Copyright 2017 Joyent, Inc. |
|
|
|
module.exports = { |
|
read: read, |
|
verify: verify, |
|
sign: sign, |
|
signAsync: signAsync, |
|
write: write, |
|
|
|
/* Internal private API */ |
|
fromBuffer: fromBuffer, |
|
toBuffer: toBuffer |
|
}; |
|
|
|
var assert = require('assert-plus'); |
|
var SSHBuffer = require('../ssh-buffer'); |
|
var crypto = require('crypto'); |
|
var Buffer = require('safer-buffer').Buffer; |
|
var algs = require('../algs'); |
|
var Key = require('../key'); |
|
var PrivateKey = require('../private-key'); |
|
var Identity = require('../identity'); |
|
var rfc4253 = require('./rfc4253'); |
|
var Signature = require('../signature'); |
|
var utils = require('../utils'); |
|
var Certificate = require('../certificate'); |
|
|
|
function verify(cert, key) { |
|
/* |
|
* We always give an issuerKey, so if our verify() is being called then |
|
* there was no signature. Return false. |
|
*/ |
|
return (false); |
|
} |
|
|
|
var TYPES = { |
|
'user': 1, |
|
'host': 2 |
|
}; |
|
Object.keys(TYPES).forEach(function (k) { TYPES[TYPES[k]] = k; }); |
|
|
|
var ECDSA_ALGO = /^ecdsa-sha2-([^@-]+)-cert-v01@openssh.com$/; |
|
|
|
function read(buf, options) { |
|
if (Buffer.isBuffer(buf)) |
|
buf = buf.toString('ascii'); |
|
var parts = buf.trim().split(/[ \t\n]+/g); |
|
if (parts.length < 2 || parts.length > 3) |
|
throw (new Error('Not a valid SSH certificate line')); |
|
|
|
var algo = parts[0]; |
|
var data = parts[1]; |
|
|
|
data = Buffer.from(data, 'base64'); |
|
return (fromBuffer(data, algo)); |
|
} |
|
|
|
function fromBuffer(data, algo, partial) { |
|
var sshbuf = new SSHBuffer({ buffer: data }); |
|
var innerAlgo = sshbuf.readString(); |
|
if (algo !== undefined && innerAlgo !== algo) |
|
throw (new Error('SSH certificate algorithm mismatch')); |
|
if (algo === undefined) |
|
algo = innerAlgo; |
|
|
|
var cert = {}; |
|
cert.signatures = {}; |
|
cert.signatures.openssh = {}; |
|
|
|
cert.signatures.openssh.nonce = sshbuf.readBuffer(); |
|
|
|
var key = {}; |
|
var parts = (key.parts = []); |
|
key.type = getAlg(algo); |
|
|
|
var partCount = algs.info[key.type].parts.length; |
|
while (parts.length < partCount) |
|
parts.push(sshbuf.readPart()); |
|
assert.ok(parts.length >= 1, 'key must have at least one part'); |
|
|
|
var algInfo = algs.info[key.type]; |
|
if (key.type === 'ecdsa') { |
|
var res = ECDSA_ALGO.exec(algo); |
|
assert.ok(res !== null); |
|
assert.strictEqual(res[1], parts[0].data.toString()); |
|
} |
|
|
|
for (var i = 0; i < algInfo.parts.length; ++i) { |
|
parts[i].name = algInfo.parts[i]; |
|
if (parts[i].name !== 'curve' && |
|
algInfo.normalize !== false) { |
|
var p = parts[i]; |
|
p.data = utils.mpNormalize(p.data); |
|
} |
|
} |
|
|
|
cert.subjectKey = new Key(key); |
|
|
|
cert.serial = sshbuf.readInt64(); |
|
|
|
var type = TYPES[sshbuf.readInt()]; |
|
assert.string(type, 'valid cert type'); |
|
|
|
cert.signatures.openssh.keyId = sshbuf.readString(); |
|
|
|
var principals = []; |
|
var pbuf = sshbuf.readBuffer(); |
|
var psshbuf = new SSHBuffer({ buffer: pbuf }); |
|
while (!psshbuf.atEnd()) |
|
principals.push(psshbuf.readString()); |
|
if (principals.length === 0) |
|
principals = ['*']; |
|
|
|
cert.subjects = principals.map(function (pr) { |
|
if (type === 'user') |
|
return (Identity.forUser(pr)); |
|
else if (type === 'host') |
|
return (Identity.forHost(pr)); |
|
throw (new Error('Unknown identity type ' + type)); |
|
}); |
|
|
|
cert.validFrom = int64ToDate(sshbuf.readInt64()); |
|
cert.validUntil = int64ToDate(sshbuf.readInt64()); |
|
|
|
cert.signatures.openssh.critical = sshbuf.readBuffer(); |
|
cert.signatures.openssh.exts = sshbuf.readBuffer(); |
|
|
|
/* reserved */ |
|
sshbuf.readBuffer(); |
|
|
|
var signingKeyBuf = sshbuf.readBuffer(); |
|
cert.issuerKey = rfc4253.read(signingKeyBuf); |
|
|
|
/* |
|
* OpenSSH certs don't give the identity of the issuer, just their |
|
* public key. So, we use an Identity that matches anything. The |
|
* isSignedBy() function will later tell you if the key matches. |
|
*/ |
|
cert.issuer = Identity.forHost('**'); |
|
|
|
var sigBuf = sshbuf.readBuffer(); |
|
cert.signatures.openssh.signature = |
|
Signature.parse(sigBuf, cert.issuerKey.type, 'ssh'); |
|
|
|
if (partial !== undefined) { |
|
partial.remainder = sshbuf.remainder(); |
|
partial.consumed = sshbuf._offset; |
|
} |
|
|
|
return (new Certificate(cert)); |
|
} |
|
|
|
function int64ToDate(buf) { |
|
var i = buf.readUInt32BE(0) * 4294967296; |
|
i += buf.readUInt32BE(4); |
|
var d = new Date(); |
|
d.setTime(i * 1000); |
|
d.sourceInt64 = buf; |
|
return (d); |
|
} |
|
|
|
function dateToInt64(date) { |
|
if (date.sourceInt64 !== undefined) |
|
return (date.sourceInt64); |
|
var i = Math.round(date.getTime() / 1000); |
|
var upper = Math.floor(i / 4294967296); |
|
var lower = Math.floor(i % 4294967296); |
|
var buf = Buffer.alloc(8); |
|
buf.writeUInt32BE(upper, 0); |
|
buf.writeUInt32BE(lower, 4); |
|
return (buf); |
|
} |
|
|
|
function sign(cert, key) { |
|
if (cert.signatures.openssh === undefined) |
|
cert.signatures.openssh = {}; |
|
try { |
|
var blob = toBuffer(cert, true); |
|
} catch (e) { |
|
delete (cert.signatures.openssh); |
|
return (false); |
|
} |
|
var sig = cert.signatures.openssh; |
|
var hashAlgo = undefined; |
|
if (key.type === 'rsa' || key.type === 'dsa') |
|
hashAlgo = 'sha1'; |
|
var signer = key.createSign(hashAlgo); |
|
signer.write(blob); |
|
sig.signature = signer.sign(); |
|
return (true); |
|
} |
|
|
|
function signAsync(cert, signer, done) { |
|
if (cert.signatures.openssh === undefined) |
|
cert.signatures.openssh = {}; |
|
try { |
|
var blob = toBuffer(cert, true); |
|
} catch (e) { |
|
delete (cert.signatures.openssh); |
|
done(e); |
|
return; |
|
} |
|
var sig = cert.signatures.openssh; |
|
|
|
signer(blob, function (err, signature) { |
|
if (err) { |
|
done(err); |
|
return; |
|
} |
|
try { |
|
/* |
|
* This will throw if the signature isn't of a |
|
* type/algo that can be used for SSH. |
|
*/ |
|
signature.toBuffer('ssh'); |
|
} catch (e) { |
|
done(e); |
|
return; |
|
} |
|
sig.signature = signature; |
|
done(); |
|
}); |
|
} |
|
|
|
function write(cert, options) { |
|
if (options === undefined) |
|
options = {}; |
|
|
|
var blob = toBuffer(cert); |
|
var out = getCertType(cert.subjectKey) + ' ' + blob.toString('base64'); |
|
if (options.comment) |
|
out = out + ' ' + options.comment; |
|
return (out); |
|
} |
|
|
|
|
|
function toBuffer(cert, noSig) { |
|
assert.object(cert.signatures.openssh, 'signature for openssh format'); |
|
var sig = cert.signatures.openssh; |
|
|
|
if (sig.nonce === undefined) |
|
sig.nonce = crypto.randomBytes(16); |
|
var buf = new SSHBuffer({}); |
|
buf.writeString(getCertType(cert.subjectKey)); |
|
buf.writeBuffer(sig.nonce); |
|
|
|
var key = cert.subjectKey; |
|
var algInfo = algs.info[key.type]; |
|
algInfo.parts.forEach(function (part) { |
|
buf.writePart(key.part[part]); |
|
}); |
|
|
|
buf.writeInt64(cert.serial); |
|
|
|
var type = cert.subjects[0].type; |
|
assert.notStrictEqual(type, 'unknown'); |
|
cert.subjects.forEach(function (id) { |
|
assert.strictEqual(id.type, type); |
|
}); |
|
type = TYPES[type]; |
|
buf.writeInt(type); |
|
|
|
if (sig.keyId === undefined) { |
|
sig.keyId = cert.subjects[0].type + '_' + |
|
(cert.subjects[0].uid || cert.subjects[0].hostname); |
|
} |
|
buf.writeString(sig.keyId); |
|
|
|
var sub = new SSHBuffer({}); |
|
cert.subjects.forEach(function (id) { |
|
if (type === TYPES.host) |
|
sub.writeString(id.hostname); |
|
else if (type === TYPES.user) |
|
sub.writeString(id.uid); |
|
}); |
|
buf.writeBuffer(sub.toBuffer()); |
|
|
|
buf.writeInt64(dateToInt64(cert.validFrom)); |
|
buf.writeInt64(dateToInt64(cert.validUntil)); |
|
|
|
if (sig.critical === undefined) |
|
sig.critical = Buffer.alloc(0); |
|
buf.writeBuffer(sig.critical); |
|
|
|
if (sig.exts === undefined) |
|
sig.exts = Buffer.alloc(0); |
|
buf.writeBuffer(sig.exts); |
|
|
|
/* reserved */ |
|
buf.writeBuffer(Buffer.alloc(0)); |
|
|
|
sub = rfc4253.write(cert.issuerKey); |
|
buf.writeBuffer(sub); |
|
|
|
if (!noSig) |
|
buf.writeBuffer(sig.signature.toBuffer('ssh')); |
|
|
|
return (buf.toBuffer()); |
|
} |
|
|
|
function getAlg(certType) { |
|
if (certType === 'ssh-rsa-cert-v01@openssh.com') |
|
return ('rsa'); |
|
if (certType === 'ssh-dss-cert-v01@openssh.com') |
|
return ('dsa'); |
|
if (certType.match(ECDSA_ALGO)) |
|
return ('ecdsa'); |
|
if (certType === 'ssh-ed25519-cert-v01@openssh.com') |
|
return ('ed25519'); |
|
throw (new Error('Unsupported cert type ' + certType)); |
|
} |
|
|
|
function getCertType(key) { |
|
if (key.type === 'rsa') |
|
return ('ssh-rsa-cert-v01@openssh.com'); |
|
if (key.type === 'dsa') |
|
return ('ssh-dss-cert-v01@openssh.com'); |
|
if (key.type === 'ecdsa') |
|
return ('ecdsa-sha2-' + key.curve + '-cert-v01@openssh.com'); |
|
if (key.type === 'ed25519') |
|
return ('ssh-ed25519-cert-v01@openssh.com'); |
|
throw (new Error('Unsupported key type ' + key.type)); |
|
}
|
|
|