• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2017 Joyent, Inc.
2
3module.exports = {
4	read: read,
5	verify: verify,
6	sign: sign,
7	signAsync: signAsync,
8	write: write,
9
10	/* Internal private API */
11	fromBuffer: fromBuffer,
12	toBuffer: toBuffer
13};
14
15var assert = require('assert-plus');
16var SSHBuffer = require('../ssh-buffer');
17var crypto = require('crypto');
18var Buffer = require('safer-buffer').Buffer;
19var algs = require('../algs');
20var Key = require('../key');
21var PrivateKey = require('../private-key');
22var Identity = require('../identity');
23var rfc4253 = require('./rfc4253');
24var Signature = require('../signature');
25var utils = require('../utils');
26var Certificate = require('../certificate');
27
28function verify(cert, key) {
29	/*
30	 * We always give an issuerKey, so if our verify() is being called then
31	 * there was no signature. Return false.
32	 */
33	return (false);
34}
35
36var TYPES = {
37	'user': 1,
38	'host': 2
39};
40Object.keys(TYPES).forEach(function (k) { TYPES[TYPES[k]] = k; });
41
42var ECDSA_ALGO = /^ecdsa-sha2-([^@-]+)-cert-v01@openssh.com$/;
43
44function read(buf, options) {
45	if (Buffer.isBuffer(buf))
46		buf = buf.toString('ascii');
47	var parts = buf.trim().split(/[ \t\n]+/g);
48	if (parts.length < 2 || parts.length > 3)
49		throw (new Error('Not a valid SSH certificate line'));
50
51	var algo = parts[0];
52	var data = parts[1];
53
54	data = Buffer.from(data, 'base64');
55	return (fromBuffer(data, algo));
56}
57
58function fromBuffer(data, algo, partial) {
59	var sshbuf = new SSHBuffer({ buffer: data });
60	var innerAlgo = sshbuf.readString();
61	if (algo !== undefined && innerAlgo !== algo)
62		throw (new Error('SSH certificate algorithm mismatch'));
63	if (algo === undefined)
64		algo = innerAlgo;
65
66	var cert = {};
67	cert.signatures = {};
68	cert.signatures.openssh = {};
69
70	cert.signatures.openssh.nonce = sshbuf.readBuffer();
71
72	var key = {};
73	var parts = (key.parts = []);
74	key.type = getAlg(algo);
75
76	var partCount = algs.info[key.type].parts.length;
77	while (parts.length < partCount)
78		parts.push(sshbuf.readPart());
79	assert.ok(parts.length >= 1, 'key must have at least one part');
80
81	var algInfo = algs.info[key.type];
82	if (key.type === 'ecdsa') {
83		var res = ECDSA_ALGO.exec(algo);
84		assert.ok(res !== null);
85		assert.strictEqual(res[1], parts[0].data.toString());
86	}
87
88	for (var i = 0; i < algInfo.parts.length; ++i) {
89		parts[i].name = algInfo.parts[i];
90		if (parts[i].name !== 'curve' &&
91		    algInfo.normalize !== false) {
92			var p = parts[i];
93			p.data = utils.mpNormalize(p.data);
94		}
95	}
96
97	cert.subjectKey = new Key(key);
98
99	cert.serial = sshbuf.readInt64();
100
101	var type = TYPES[sshbuf.readInt()];
102	assert.string(type, 'valid cert type');
103
104	cert.signatures.openssh.keyId = sshbuf.readString();
105
106	var principals = [];
107	var pbuf = sshbuf.readBuffer();
108	var psshbuf = new SSHBuffer({ buffer: pbuf });
109	while (!psshbuf.atEnd())
110		principals.push(psshbuf.readString());
111	if (principals.length === 0)
112		principals = ['*'];
113
114	cert.subjects = principals.map(function (pr) {
115		if (type === 'user')
116			return (Identity.forUser(pr));
117		else if (type === 'host')
118			return (Identity.forHost(pr));
119		throw (new Error('Unknown identity type ' + type));
120	});
121
122	cert.validFrom = int64ToDate(sshbuf.readInt64());
123	cert.validUntil = int64ToDate(sshbuf.readInt64());
124
125	cert.signatures.openssh.critical = sshbuf.readBuffer();
126	cert.signatures.openssh.exts = sshbuf.readBuffer();
127
128	/* reserved */
129	sshbuf.readBuffer();
130
131	var signingKeyBuf = sshbuf.readBuffer();
132	cert.issuerKey = rfc4253.read(signingKeyBuf);
133
134	/*
135	 * OpenSSH certs don't give the identity of the issuer, just their
136	 * public key. So, we use an Identity that matches anything. The
137	 * isSignedBy() function will later tell you if the key matches.
138	 */
139	cert.issuer = Identity.forHost('**');
140
141	var sigBuf = sshbuf.readBuffer();
142	cert.signatures.openssh.signature =
143	    Signature.parse(sigBuf, cert.issuerKey.type, 'ssh');
144
145	if (partial !== undefined) {
146		partial.remainder = sshbuf.remainder();
147		partial.consumed = sshbuf._offset;
148	}
149
150	return (new Certificate(cert));
151}
152
153function int64ToDate(buf) {
154	var i = buf.readUInt32BE(0) * 4294967296;
155	i += buf.readUInt32BE(4);
156	var d = new Date();
157	d.setTime(i * 1000);
158	d.sourceInt64 = buf;
159	return (d);
160}
161
162function dateToInt64(date) {
163	if (date.sourceInt64 !== undefined)
164		return (date.sourceInt64);
165	var i = Math.round(date.getTime() / 1000);
166	var upper = Math.floor(i / 4294967296);
167	var lower = Math.floor(i % 4294967296);
168	var buf = Buffer.alloc(8);
169	buf.writeUInt32BE(upper, 0);
170	buf.writeUInt32BE(lower, 4);
171	return (buf);
172}
173
174function sign(cert, key) {
175	if (cert.signatures.openssh === undefined)
176		cert.signatures.openssh = {};
177	try {
178		var blob = toBuffer(cert, true);
179	} catch (e) {
180		delete (cert.signatures.openssh);
181		return (false);
182	}
183	var sig = cert.signatures.openssh;
184	var hashAlgo = undefined;
185	if (key.type === 'rsa' || key.type === 'dsa')
186		hashAlgo = 'sha1';
187	var signer = key.createSign(hashAlgo);
188	signer.write(blob);
189	sig.signature = signer.sign();
190	return (true);
191}
192
193function signAsync(cert, signer, done) {
194	if (cert.signatures.openssh === undefined)
195		cert.signatures.openssh = {};
196	try {
197		var blob = toBuffer(cert, true);
198	} catch (e) {
199		delete (cert.signatures.openssh);
200		done(e);
201		return;
202	}
203	var sig = cert.signatures.openssh;
204
205	signer(blob, function (err, signature) {
206		if (err) {
207			done(err);
208			return;
209		}
210		try {
211			/*
212			 * This will throw if the signature isn't of a
213			 * type/algo that can be used for SSH.
214			 */
215			signature.toBuffer('ssh');
216		} catch (e) {
217			done(e);
218			return;
219		}
220		sig.signature = signature;
221		done();
222	});
223}
224
225function write(cert, options) {
226	if (options === undefined)
227		options = {};
228
229	var blob = toBuffer(cert);
230	var out = getCertType(cert.subjectKey) + ' ' + blob.toString('base64');
231	if (options.comment)
232		out = out + ' ' + options.comment;
233	return (out);
234}
235
236
237function toBuffer(cert, noSig) {
238	assert.object(cert.signatures.openssh, 'signature for openssh format');
239	var sig = cert.signatures.openssh;
240
241	if (sig.nonce === undefined)
242		sig.nonce = crypto.randomBytes(16);
243	var buf = new SSHBuffer({});
244	buf.writeString(getCertType(cert.subjectKey));
245	buf.writeBuffer(sig.nonce);
246
247	var key = cert.subjectKey;
248	var algInfo = algs.info[key.type];
249	algInfo.parts.forEach(function (part) {
250		buf.writePart(key.part[part]);
251	});
252
253	buf.writeInt64(cert.serial);
254
255	var type = cert.subjects[0].type;
256	assert.notStrictEqual(type, 'unknown');
257	cert.subjects.forEach(function (id) {
258		assert.strictEqual(id.type, type);
259	});
260	type = TYPES[type];
261	buf.writeInt(type);
262
263	if (sig.keyId === undefined) {
264		sig.keyId = cert.subjects[0].type + '_' +
265		    (cert.subjects[0].uid || cert.subjects[0].hostname);
266	}
267	buf.writeString(sig.keyId);
268
269	var sub = new SSHBuffer({});
270	cert.subjects.forEach(function (id) {
271		if (type === TYPES.host)
272			sub.writeString(id.hostname);
273		else if (type === TYPES.user)
274			sub.writeString(id.uid);
275	});
276	buf.writeBuffer(sub.toBuffer());
277
278	buf.writeInt64(dateToInt64(cert.validFrom));
279	buf.writeInt64(dateToInt64(cert.validUntil));
280
281	if (sig.critical === undefined)
282		sig.critical = Buffer.alloc(0);
283	buf.writeBuffer(sig.critical);
284
285	if (sig.exts === undefined)
286		sig.exts = Buffer.alloc(0);
287	buf.writeBuffer(sig.exts);
288
289	/* reserved */
290	buf.writeBuffer(Buffer.alloc(0));
291
292	sub = rfc4253.write(cert.issuerKey);
293	buf.writeBuffer(sub);
294
295	if (!noSig)
296		buf.writeBuffer(sig.signature.toBuffer('ssh'));
297
298	return (buf.toBuffer());
299}
300
301function getAlg(certType) {
302	if (certType === 'ssh-rsa-cert-v01@openssh.com')
303		return ('rsa');
304	if (certType === 'ssh-dss-cert-v01@openssh.com')
305		return ('dsa');
306	if (certType.match(ECDSA_ALGO))
307		return ('ecdsa');
308	if (certType === 'ssh-ed25519-cert-v01@openssh.com')
309		return ('ed25519');
310	throw (new Error('Unsupported cert type ' + certType));
311}
312
313function getCertType(key) {
314	if (key.type === 'rsa')
315		return ('ssh-rsa-cert-v01@openssh.com');
316	if (key.type === 'dsa')
317		return ('ssh-dss-cert-v01@openssh.com');
318	if (key.type === 'ecdsa')
319		return ('ecdsa-sha2-' + key.curve + '-cert-v01@openssh.com');
320	if (key.type === 'ed25519')
321		return ('ssh-ed25519-cert-v01@openssh.com');
322	throw (new Error('Unsupported key type ' + key.type));
323}
324