twitst4tz

twitter statistics web application
Log | Files | Refs | README | LICENSE

pem.js (7463B)


      1 // Copyright 2018 Joyent, Inc.
      2 
      3 module.exports = {
      4 	read: read,
      5 	write: write
      6 };
      7 
      8 var assert = require('assert-plus');
      9 var asn1 = require('asn1');
     10 var crypto = require('crypto');
     11 var Buffer = require('safer-buffer').Buffer;
     12 var algs = require('../algs');
     13 var utils = require('../utils');
     14 var Key = require('../key');
     15 var PrivateKey = require('../private-key');
     16 
     17 var pkcs1 = require('./pkcs1');
     18 var pkcs8 = require('./pkcs8');
     19 var sshpriv = require('./ssh-private');
     20 var rfc4253 = require('./rfc4253');
     21 
     22 var errors = require('../errors');
     23 
     24 var OID_PBES2 = '1.2.840.113549.1.5.13';
     25 var OID_PBKDF2 = '1.2.840.113549.1.5.12';
     26 
     27 var OID_TO_CIPHER = {
     28 	'1.2.840.113549.3.7': '3des-cbc',
     29 	'2.16.840.1.101.3.4.1.2': 'aes128-cbc',
     30 	'2.16.840.1.101.3.4.1.42': 'aes256-cbc'
     31 };
     32 var CIPHER_TO_OID = {};
     33 Object.keys(OID_TO_CIPHER).forEach(function (k) {
     34 	CIPHER_TO_OID[OID_TO_CIPHER[k]] = k;
     35 });
     36 
     37 var OID_TO_HASH = {
     38 	'1.2.840.113549.2.7': 'sha1',
     39 	'1.2.840.113549.2.9': 'sha256',
     40 	'1.2.840.113549.2.11': 'sha512'
     41 };
     42 var HASH_TO_OID = {};
     43 Object.keys(OID_TO_HASH).forEach(function (k) {
     44 	HASH_TO_OID[OID_TO_HASH[k]] = k;
     45 });
     46 
     47 /*
     48  * For reading we support both PKCS#1 and PKCS#8. If we find a private key,
     49  * we just take the public component of it and use that.
     50  */
     51 function read(buf, options, forceType) {
     52 	var input = buf;
     53 	if (typeof (buf) !== 'string') {
     54 		assert.buffer(buf, 'buf');
     55 		buf = buf.toString('ascii');
     56 	}
     57 
     58 	var lines = buf.trim().split(/[\r\n]+/g);
     59 
     60 	var m;
     61 	var si = -1;
     62 	while (!m && si < lines.length) {
     63 		m = lines[++si].match(/*JSSTYLED*/
     64 		    /[-]+[ ]*BEGIN ([A-Z0-9][A-Za-z0-9]+ )?(PUBLIC|PRIVATE) KEY[ ]*[-]+/);
     65 	}
     66 	assert.ok(m, 'invalid PEM header');
     67 
     68 	var m2;
     69 	var ei = lines.length;
     70 	while (!m2 && ei > 0) {
     71 		m2 = lines[--ei].match(/*JSSTYLED*/
     72 		    /[-]+[ ]*END ([A-Z0-9][A-Za-z0-9]+ )?(PUBLIC|PRIVATE) KEY[ ]*[-]+/);
     73 	}
     74 	assert.ok(m2, 'invalid PEM footer');
     75 
     76 	/* Begin and end banners must match key type */
     77 	assert.equal(m[2], m2[2]);
     78 	var type = m[2].toLowerCase();
     79 
     80 	var alg;
     81 	if (m[1]) {
     82 		/* They also must match algorithms, if given */
     83 		assert.equal(m[1], m2[1], 'PEM header and footer mismatch');
     84 		alg = m[1].trim();
     85 	}
     86 
     87 	lines = lines.slice(si, ei + 1);
     88 
     89 	var headers = {};
     90 	while (true) {
     91 		lines = lines.slice(1);
     92 		m = lines[0].match(/*JSSTYLED*/
     93 		    /^([A-Za-z0-9-]+): (.+)$/);
     94 		if (!m)
     95 			break;
     96 		headers[m[1].toLowerCase()] = m[2];
     97 	}
     98 
     99 	/* Chop off the first and last lines */
    100 	lines = lines.slice(0, -1).join('');
    101 	buf = Buffer.from(lines, 'base64');
    102 
    103 	var cipher, key, iv;
    104 	if (headers['proc-type']) {
    105 		var parts = headers['proc-type'].split(',');
    106 		if (parts[0] === '4' && parts[1] === 'ENCRYPTED') {
    107 			if (typeof (options.passphrase) === 'string') {
    108 				options.passphrase = Buffer.from(
    109 				    options.passphrase, 'utf-8');
    110 			}
    111 			if (!Buffer.isBuffer(options.passphrase)) {
    112 				throw (new errors.KeyEncryptedError(
    113 				    options.filename, 'PEM'));
    114 			} else {
    115 				parts = headers['dek-info'].split(',');
    116 				assert.ok(parts.length === 2);
    117 				cipher = parts[0].toLowerCase();
    118 				iv = Buffer.from(parts[1], 'hex');
    119 				key = utils.opensslKeyDeriv(cipher, iv,
    120 				    options.passphrase, 1).key;
    121 			}
    122 		}
    123 	}
    124 
    125 	if (alg && alg.toLowerCase() === 'encrypted') {
    126 		var eder = new asn1.BerReader(buf);
    127 		var pbesEnd;
    128 		eder.readSequence();
    129 
    130 		eder.readSequence();
    131 		pbesEnd = eder.offset + eder.length;
    132 
    133 		var method = eder.readOID();
    134 		if (method !== OID_PBES2) {
    135 			throw (new Error('Unsupported PEM/PKCS8 encryption ' +
    136 			    'scheme: ' + method));
    137 		}
    138 
    139 		eder.readSequence();	/* PBES2-params */
    140 
    141 		eder.readSequence();	/* keyDerivationFunc */
    142 		var kdfEnd = eder.offset + eder.length;
    143 		var kdfOid = eder.readOID();
    144 		if (kdfOid !== OID_PBKDF2)
    145 			throw (new Error('Unsupported PBES2 KDF: ' + kdfOid));
    146 		eder.readSequence();
    147 		var salt = eder.readString(asn1.Ber.OctetString, true);
    148 		var iterations = eder.readInt();
    149 		var hashAlg = 'sha1';
    150 		if (eder.offset < kdfEnd) {
    151 			eder.readSequence();
    152 			var hashAlgOid = eder.readOID();
    153 			hashAlg = OID_TO_HASH[hashAlgOid];
    154 			if (hashAlg === undefined) {
    155 				throw (new Error('Unsupported PBKDF2 hash: ' +
    156 				    hashAlgOid));
    157 			}
    158 		}
    159 		eder._offset = kdfEnd;
    160 
    161 		eder.readSequence();	/* encryptionScheme */
    162 		var cipherOid = eder.readOID();
    163 		cipher = OID_TO_CIPHER[cipherOid];
    164 		if (cipher === undefined) {
    165 			throw (new Error('Unsupported PBES2 cipher: ' +
    166 			    cipherOid));
    167 		}
    168 		iv = eder.readString(asn1.Ber.OctetString, true);
    169 
    170 		eder._offset = pbesEnd;
    171 		buf = eder.readString(asn1.Ber.OctetString, true);
    172 
    173 		if (typeof (options.passphrase) === 'string') {
    174 			options.passphrase = Buffer.from(
    175 			    options.passphrase, 'utf-8');
    176 		}
    177 		if (!Buffer.isBuffer(options.passphrase)) {
    178 			throw (new errors.KeyEncryptedError(
    179 			    options.filename, 'PEM'));
    180 		}
    181 
    182 		var cinfo = utils.opensshCipherInfo(cipher);
    183 
    184 		cipher = cinfo.opensslName;
    185 		key = utils.pbkdf2(hashAlg, salt, iterations, cinfo.keySize,
    186 		    options.passphrase);
    187 		alg = undefined;
    188 	}
    189 
    190 	if (cipher && key && iv) {
    191 		var cipherStream = crypto.createDecipheriv(cipher, key, iv);
    192 		var chunk, chunks = [];
    193 		cipherStream.once('error', function (e) {
    194 			if (e.toString().indexOf('bad decrypt') !== -1) {
    195 				throw (new Error('Incorrect passphrase ' +
    196 				    'supplied, could not decrypt key'));
    197 			}
    198 			throw (e);
    199 		});
    200 		cipherStream.write(buf);
    201 		cipherStream.end();
    202 		while ((chunk = cipherStream.read()) !== null)
    203 			chunks.push(chunk);
    204 		buf = Buffer.concat(chunks);
    205 	}
    206 
    207 	/* The new OpenSSH internal format abuses PEM headers */
    208 	if (alg && alg.toLowerCase() === 'openssh')
    209 		return (sshpriv.readSSHPrivate(type, buf, options));
    210 	if (alg && alg.toLowerCase() === 'ssh2')
    211 		return (rfc4253.readType(type, buf, options));
    212 
    213 	var der = new asn1.BerReader(buf);
    214 	der.originalInput = input;
    215 
    216 	/*
    217 	 * All of the PEM file types start with a sequence tag, so chop it
    218 	 * off here
    219 	 */
    220 	der.readSequence();
    221 
    222 	/* PKCS#1 type keys name an algorithm in the banner explicitly */
    223 	if (alg) {
    224 		if (forceType)
    225 			assert.strictEqual(forceType, 'pkcs1');
    226 		return (pkcs1.readPkcs1(alg, type, der));
    227 	} else {
    228 		if (forceType)
    229 			assert.strictEqual(forceType, 'pkcs8');
    230 		return (pkcs8.readPkcs8(alg, type, der));
    231 	}
    232 }
    233 
    234 function write(key, options, type) {
    235 	assert.object(key);
    236 
    237 	var alg = {
    238 	    'ecdsa': 'EC',
    239 	    'rsa': 'RSA',
    240 	    'dsa': 'DSA',
    241 	    'ed25519': 'EdDSA'
    242 	}[key.type];
    243 	var header;
    244 
    245 	var der = new asn1.BerWriter();
    246 
    247 	if (PrivateKey.isPrivateKey(key)) {
    248 		if (type && type === 'pkcs8') {
    249 			header = 'PRIVATE KEY';
    250 			pkcs8.writePkcs8(der, key);
    251 		} else {
    252 			if (type)
    253 				assert.strictEqual(type, 'pkcs1');
    254 			header = alg + ' PRIVATE KEY';
    255 			pkcs1.writePkcs1(der, key);
    256 		}
    257 
    258 	} else if (Key.isKey(key)) {
    259 		if (type && type === 'pkcs1') {
    260 			header = alg + ' PUBLIC KEY';
    261 			pkcs1.writePkcs1(der, key);
    262 		} else {
    263 			if (type)
    264 				assert.strictEqual(type, 'pkcs8');
    265 			header = 'PUBLIC KEY';
    266 			pkcs8.writePkcs8(der, key);
    267 		}
    268 
    269 	} else {
    270 		throw (new Error('key is not a Key or PrivateKey'));
    271 	}
    272 
    273 	var tmp = der.buffer.toString('base64');
    274 	var len = tmp.length + (tmp.length / 64) +
    275 	    18 + 16 + header.length*2 + 10;
    276 	var buf = Buffer.alloc(len);
    277 	var o = 0;
    278 	o += buf.write('-----BEGIN ' + header + '-----\n', o);
    279 	for (var i = 0; i < tmp.length; ) {
    280 		var limit = i + 64;
    281 		if (limit > tmp.length)
    282 			limit = tmp.length;
    283 		o += buf.write(tmp.slice(i, limit), o);
    284 		buf[o++] = 10;
    285 		i = limit;
    286 	}
    287 	o += buf.write('-----END ' + header + '-----\n', o);
    288 
    289 	return (buf.slice(0, o));
    290 }