1 |
|
2 |
|
3 |
|
4 |
|
5 |
|
6 |
|
7 |
|
8 |
|
9 |
|
10 |
|
11 | var forge = require('./forge');
|
12 | require('./aes');
|
13 | require('./hmac');
|
14 | require('./md5');
|
15 | require('./sha1');
|
16 | require('./util');
|
17 |
|
18 | var ssh = module.exports = forge.ssh = forge.ssh || {};
|
19 |
|
20 |
|
21 |
|
22 |
|
23 |
|
24 |
|
25 |
|
26 |
|
27 |
|
28 |
|
29 | ssh.privateKeyToPutty = function(privateKey, passphrase, comment) {
|
30 | comment = comment || '';
|
31 | passphrase = passphrase || '';
|
32 | var algorithm = 'ssh-rsa';
|
33 | var encryptionAlgorithm = (passphrase === '') ? 'none' : 'aes256-cbc';
|
34 |
|
35 | var ppk = 'PuTTY-User-Key-File-2: ' + algorithm + '\r\n';
|
36 | ppk += 'Encryption: ' + encryptionAlgorithm + '\r\n';
|
37 | ppk += 'Comment: ' + comment + '\r\n';
|
38 |
|
39 |
|
40 | var pubbuffer = forge.util.createBuffer();
|
41 | _addStringToBuffer(pubbuffer, algorithm);
|
42 | _addBigIntegerToBuffer(pubbuffer, privateKey.e);
|
43 | _addBigIntegerToBuffer(pubbuffer, privateKey.n);
|
44 |
|
45 |
|
46 | var pub = forge.util.encode64(pubbuffer.bytes(), 64);
|
47 | var length = Math.floor(pub.length / 66) + 1;
|
48 | ppk += 'Public-Lines: ' + length + '\r\n';
|
49 | ppk += pub;
|
50 |
|
51 |
|
52 | var privbuffer = forge.util.createBuffer();
|
53 | _addBigIntegerToBuffer(privbuffer, privateKey.d);
|
54 | _addBigIntegerToBuffer(privbuffer, privateKey.p);
|
55 | _addBigIntegerToBuffer(privbuffer, privateKey.q);
|
56 | _addBigIntegerToBuffer(privbuffer, privateKey.qInv);
|
57 |
|
58 |
|
59 | var priv;
|
60 | if(!passphrase) {
|
61 |
|
62 | priv = forge.util.encode64(privbuffer.bytes(), 64);
|
63 | } else {
|
64 |
|
65 | var encLen = privbuffer.length() + 16 - 1;
|
66 | encLen -= encLen % 16;
|
67 |
|
68 |
|
69 | var padding = _sha1(privbuffer.bytes());
|
70 |
|
71 | padding.truncate(padding.length() - encLen + privbuffer.length());
|
72 | privbuffer.putBuffer(padding);
|
73 |
|
74 | var aeskey = forge.util.createBuffer();
|
75 | aeskey.putBuffer(_sha1('\x00\x00\x00\x00', passphrase));
|
76 | aeskey.putBuffer(_sha1('\x00\x00\x00\x01', passphrase));
|
77 |
|
78 |
|
79 |
|
80 | var cipher = forge.aes.createEncryptionCipher(aeskey.truncate(8), 'CBC');
|
81 | cipher.start(forge.util.createBuffer().fillWithByte(0, 16));
|
82 | cipher.update(privbuffer.copy());
|
83 | cipher.finish();
|
84 | var encrypted = cipher.output;
|
85 |
|
86 |
|
87 |
|
88 | encrypted.truncate(16);
|
89 |
|
90 | priv = forge.util.encode64(encrypted.bytes(), 64);
|
91 | }
|
92 |
|
93 |
|
94 | length = Math.floor(priv.length / 66) + 1;
|
95 | ppk += '\r\nPrivate-Lines: ' + length + '\r\n';
|
96 | ppk += priv;
|
97 |
|
98 |
|
99 | var mackey = _sha1('putty-private-key-file-mac-key', passphrase);
|
100 |
|
101 | var macbuffer = forge.util.createBuffer();
|
102 | _addStringToBuffer(macbuffer, algorithm);
|
103 | _addStringToBuffer(macbuffer, encryptionAlgorithm);
|
104 | _addStringToBuffer(macbuffer, comment);
|
105 | macbuffer.putInt32(pubbuffer.length());
|
106 | macbuffer.putBuffer(pubbuffer);
|
107 | macbuffer.putInt32(privbuffer.length());
|
108 | macbuffer.putBuffer(privbuffer);
|
109 |
|
110 | var hmac = forge.hmac.create();
|
111 | hmac.start('sha1', mackey);
|
112 | hmac.update(macbuffer.bytes());
|
113 |
|
114 | ppk += '\r\nPrivate-MAC: ' + hmac.digest().toHex() + '\r\n';
|
115 |
|
116 | return ppk;
|
117 | };
|
118 |
|
119 |
|
120 |
|
121 |
|
122 |
|
123 |
|
124 |
|
125 |
|
126 |
|
127 | ssh.publicKeyToOpenSSH = function(key, comment) {
|
128 | var type = 'ssh-rsa';
|
129 | comment = comment || '';
|
130 |
|
131 | var buffer = forge.util.createBuffer();
|
132 | _addStringToBuffer(buffer, type);
|
133 | _addBigIntegerToBuffer(buffer, key.e);
|
134 | _addBigIntegerToBuffer(buffer, key.n);
|
135 |
|
136 | return type + ' ' + forge.util.encode64(buffer.bytes()) + ' ' + comment;
|
137 | };
|
138 |
|
139 |
|
140 |
|
141 |
|
142 |
|
143 |
|
144 |
|
145 |
|
146 |
|
147 | ssh.privateKeyToOpenSSH = function(privateKey, passphrase) {
|
148 | if(!passphrase) {
|
149 | return forge.pki.privateKeyToPem(privateKey);
|
150 | }
|
151 |
|
152 | return forge.pki.encryptRsaPrivateKey(privateKey, passphrase,
|
153 | {legacy: true, algorithm: 'aes128'});
|
154 | };
|
155 |
|
156 |
|
157 |
|
158 |
|
159 |
|
160 |
|
161 |
|
162 |
|
163 |
|
164 |
|
165 |
|
166 |
|
167 |
|
168 | ssh.getPublicKeyFingerprint = function(key, options) {
|
169 | options = options || {};
|
170 | var md = options.md || forge.md.md5.create();
|
171 |
|
172 | var type = 'ssh-rsa';
|
173 | var buffer = forge.util.createBuffer();
|
174 | _addStringToBuffer(buffer, type);
|
175 | _addBigIntegerToBuffer(buffer, key.e);
|
176 | _addBigIntegerToBuffer(buffer, key.n);
|
177 |
|
178 |
|
179 | md.start();
|
180 | md.update(buffer.getBytes());
|
181 | var digest = md.digest();
|
182 | if(options.encoding === 'hex') {
|
183 | var hex = digest.toHex();
|
184 | if(options.delimiter) {
|
185 | return hex.match(/.{2}/g).join(options.delimiter);
|
186 | }
|
187 | return hex;
|
188 | } else if(options.encoding === 'binary') {
|
189 | return digest.getBytes();
|
190 | } else if(options.encoding) {
|
191 | throw new Error('Unknown encoding "' + options.encoding + '".');
|
192 | }
|
193 | return digest;
|
194 | };
|
195 |
|
196 |
|
197 |
|
198 |
|
199 |
|
200 |
|
201 |
|
202 | function _addBigIntegerToBuffer(buffer, val) {
|
203 | var hexVal = val.toString(16);
|
204 |
|
205 | if(hexVal[0] >= '8') {
|
206 | hexVal = '00' + hexVal;
|
207 | }
|
208 | var bytes = forge.util.hexToBytes(hexVal);
|
209 | buffer.putInt32(bytes.length);
|
210 | buffer.putBytes(bytes);
|
211 | }
|
212 |
|
213 |
|
214 |
|
215 |
|
216 |
|
217 |
|
218 |
|
219 | function _addStringToBuffer(buffer, val) {
|
220 | buffer.putInt32(val.length);
|
221 | buffer.putString(val);
|
222 | }
|
223 |
|
224 |
|
225 |
|
226 |
|
227 |
|
228 |
|
229 | function _sha1() {
|
230 | var sha = forge.md.sha1.create();
|
231 | var num = arguments.length;
|
232 | for (var i = 0; i < num; ++i) {
|
233 | sha.update(arguments[i]);
|
234 | }
|
235 | return sha.digest();
|
236 | }
|