// Copyright 2015 Joyent, Inc. module.exports = Signature; var assert = require('assert-plus'); var Buffer = require('safer-buffer').Buffer; var algs = require('./algs'); var crypto = require('crypto'); var errs = require('./errors'); var utils = require('./utils'); var asn1 = require('asn1'); var SSHBuffer = require('./ssh-buffer'); var InvalidAlgorithmError = errs.InvalidAlgorithmError; var SignatureParseError = errs.SignatureParseError; function Signature(opts) { assert.object(opts, 'options'); assert.arrayOfObject(opts.parts, 'options.parts'); assert.string(opts.type, 'options.type'); var partLookup = {}; for (var i = 0; i < opts.parts.length; ++i) { var part = opts.parts[i]; partLookup[part.name] = part; } this.type = opts.type; this.hashAlgorithm = opts.hashAlgo; this.curve = opts.curve; this.parts = opts.parts; this.part = partLookup; } Signature.prototype.toBuffer = function (format) { if (format === undefined) format = 'asn1'; assert.string(format, 'format'); var buf; var stype = 'ssh-' + this.type; switch (this.type) { case 'rsa': switch (this.hashAlgorithm) { case 'sha256': stype = 'rsa-sha2-256'; break; case 'sha512': stype = 'rsa-sha2-512'; break; case 'sha1': case undefined: break; default: throw (new Error('SSH signature ' + 'format does not support hash ' + 'algorithm ' + this.hashAlgorithm)); } if (format === 'ssh') { buf = new SSHBuffer({}); buf.writeString(stype); buf.writePart(this.part.sig); return (buf.toBuffer()); } else { return (this.part.sig.data); } break; case 'ed25519': if (format === 'ssh') { buf = new SSHBuffer({}); buf.writeString(stype); buf.writePart(this.part.sig); return (buf.toBuffer()); } else { return (this.part.sig.data); } break; case 'dsa': case 'ecdsa': var r, s; if (format === 'asn1') { var der = new asn1.BerWriter(); der.startSequence(); r = utils.mpNormalize(this.part.r.data); s = utils.mpNormalize(this.part.s.data); der.writeBuffer(r, asn1.Ber.Integer); der.writeBuffer(s, asn1.Ber.Integer); der.endSequence(); return (der.buffer); } else if (format === 'ssh' && this.type === 'dsa') { buf = new SSHBuffer({}); buf.writeString('ssh-dss'); r = this.part.r.data; if (r.length > 20 && r[0] === 0x00) r = r.slice(1); s = this.part.s.data; if (s.length > 20 && s[0] === 0x00) s = s.slice(1); if ((this.hashAlgorithm && this.hashAlgorithm !== 'sha1') || r.length + s.length !== 40) { throw (new Error('OpenSSH only supports ' + 'DSA signatures with SHA1 hash')); } buf.writeBuffer(Buffer.concat([r, s])); return (buf.toBuffer()); } else if (format === 'ssh' && this.type === 'ecdsa') { var inner = new SSHBuffer({}); r = this.part.r.data; inner.writeBuffer(r); inner.writePart(this.part.s); buf = new SSHBuffer({}); /* XXX: find a more proper way to do this? */ var curve; if (r[0] === 0x00) r = r.slice(1); var sz = r.length * 8; if (sz === 256) curve = 'nistp256'; else if (sz === 384) curve = 'nistp384'; else if (sz === 528) curve = 'nistp521'; buf.writeString('ecdsa-sha2-' + curve); buf.writeBuffer(inner.toBuffer()); return (buf.toBuffer()); } throw (new Error('Invalid signature format')); default: throw (new Error('Invalid signature data')); } }; Signature.prototype.toString = function (format) { assert.optionalString(format, 'format'); return (this.toBuffer(format).toString('base64')); }; Signature.parse = function (data, type, format) { if (typeof (data) === 'string') data = Buffer.from(data, 'base64'); assert.buffer(data, 'data'); assert.string(format, 'format'); assert.string(type, 'type'); var opts = {}; opts.type = type.toLowerCase(); opts.parts = []; try { assert.ok(data.length > 0, 'signature must not be empty'); switch (opts.type) { case 'rsa': return (parseOneNum(data, type, format, opts)); case 'ed25519': return (parseOneNum(data, type, format, opts)); case 'dsa': case 'ecdsa': if (format === 'asn1') return (parseDSAasn1(data, type, format, opts)); else if (opts.type === 'dsa') return (parseDSA(data, type, format, opts)); else return (parseECDSA(data, type, format, opts)); default: throw (new InvalidAlgorithmError(type)); } } catch (e) { if (e instanceof InvalidAlgorithmError) throw (e); throw (new SignatureParseError(type, format, e)); } }; function parseOneNum(data, type, format, opts) { if (format === 'ssh') { try { var buf = new SSHBuffer({buffer: data}); var head = buf.readString(); } catch (e) { /* fall through */ } if (buf !== undefined) { var msg = 'SSH signature does not match expected ' + 'type (expected ' + type + ', got ' + head + ')'; switch (head) { case 'ssh-rsa': assert.strictEqual(type, 'rsa', msg); opts.hashAlgo = 'sha1'; break; case 'rsa-sha2-256': assert.strictEqual(type, 'rsa', msg); opts.hashAlgo = 'sha256'; break; case 'rsa-sha2-512': assert.strictEqual(type, 'rsa', msg); opts.hashAlgo = 'sha512'; break; case 'ssh-ed25519': assert.strictEqual(type, 'ed25519', msg); opts.hashAlgo = 'sha512'; break; default: throw (new Error('Unknown SSH signature ' + 'type: ' + head)); } var sig = buf.readPart(); assert.ok(buf.atEnd(), 'extra trailing bytes'); sig.name = 'sig'; opts.parts.push(sig); return (new Signature(opts)); } } opts.parts.push({name: 'sig', data: data}); return (new Signature(opts)); } function parseDSAasn1(data, type, format, opts) { var der = new asn1.BerReader(data); der.readSequence(); var r = der.readString(asn1.Ber.Integer, true); var s = der.readString(asn1.Ber.Integer, true); opts.parts.push({name: 'r', data: utils.mpNormalize(r)}); opts.parts.push({name: 's', data: utils.mpNormalize(s)}); return (new Signature(opts)); } function parseDSA(data, type, format, opts) { if (data.length != 40) { var buf = new SSHBuffer({buffer: data}); var d = buf.readBuffer(); if (d.toString('ascii') === 'ssh-dss') d = buf.readBuffer(); assert.ok(buf.atEnd(), 'extra trailing bytes'); assert.strictEqual(d.length, 40, 'invalid inner length'); data = d; } opts.parts.push({name: 'r', data: data.slice(0, 20)}); opts.parts.push({name: 's', data: data.slice(20, 40)}); return (new Signature(opts)); } function parseECDSA(data, type, format, opts) { var buf = new SSHBuffer({buffer: data}); var r, s; var inner = buf.readBuffer(); var stype = inner.toString('ascii'); if (stype.slice(0, 6) === 'ecdsa-') { var parts = stype.split('-'); assert.strictEqual(parts[0], 'ecdsa'); assert.strictEqual(parts[1], 'sha2'); opts.curve = parts[2]; switch (opts.curve) { case 'nistp256': opts.hashAlgo = 'sha256'; break; case 'nistp384': opts.hashAlgo = 'sha384'; break; case 'nistp521': opts.hashAlgo = 'sha512'; break; default: throw (new Error('Unsupported ECDSA curve: ' + opts.curve)); } inner = buf.readBuffer(); assert.ok(buf.atEnd(), 'extra trailing bytes on outer'); buf = new SSHBuffer({buffer: inner}); r = buf.readPart(); } else { r = {data: inner}; } s = buf.readPart(); assert.ok(buf.atEnd(), 'extra trailing bytes'); r.name = 'r'; s.name = 's'; opts.parts.push(r); opts.parts.push(s); return (new Signature(opts)); } Signature.isSignature = function (obj, ver) { return (utils.isCompatible(obj, Signature, ver)); }; /* * API versions for Signature: * [1,0] -- initial ver * [2,0] -- support for rsa in full ssh format, compat with sshpk-agent * hashAlgorithm property * [2,1] -- first tagged version */ Signature.prototype._sshpkApiVersion = [2, 1]; Signature._oldVersionDetect = function (obj) { assert.func(obj.toBuffer); if (obj.hasOwnProperty('hashAlgorithm')) return ([2, 0]); return ([1, 0]); };