openssh-cert.js 8.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352
  1. // Copyright 2017 Joyent, Inc.
  2. module.exports = {
  3. read: read,
  4. verify: verify,
  5. sign: sign,
  6. signAsync: signAsync,
  7. write: write,
  8. /* Internal private API */
  9. fromBuffer: fromBuffer,
  10. toBuffer: toBuffer
  11. };
  12. var assert = require('assert-plus');
  13. var SSHBuffer = require('../ssh-buffer');
  14. var crypto = require('crypto');
  15. var Buffer = require('safer-buffer').Buffer;
  16. var algs = require('../algs');
  17. var Key = require('../key');
  18. var PrivateKey = require('../private-key');
  19. var Identity = require('../identity');
  20. var rfc4253 = require('./rfc4253');
  21. var Signature = require('../signature');
  22. var utils = require('../utils');
  23. var Certificate = require('../certificate');
  24. function verify(cert, key) {
  25. /*
  26. * We always give an issuerKey, so if our verify() is being called then
  27. * there was no signature. Return false.
  28. */
  29. return (false);
  30. }
  31. var TYPES = {
  32. 'user': 1,
  33. 'host': 2
  34. };
  35. Object.keys(TYPES).forEach(function (k) { TYPES[TYPES[k]] = k; });
  36. var ECDSA_ALGO = /^ecdsa-sha2-([^@-]+)-cert-v01@openssh.com$/;
  37. function read(buf, options) {
  38. if (Buffer.isBuffer(buf))
  39. buf = buf.toString('ascii');
  40. var parts = buf.trim().split(/[ \t\n]+/g);
  41. if (parts.length < 2 || parts.length > 3)
  42. throw (new Error('Not a valid SSH certificate line'));
  43. var algo = parts[0];
  44. var data = parts[1];
  45. data = Buffer.from(data, 'base64');
  46. return (fromBuffer(data, algo));
  47. }
  48. function fromBuffer(data, algo, partial) {
  49. var sshbuf = new SSHBuffer({ buffer: data });
  50. var innerAlgo = sshbuf.readString();
  51. if (algo !== undefined && innerAlgo !== algo)
  52. throw (new Error('SSH certificate algorithm mismatch'));
  53. if (algo === undefined)
  54. algo = innerAlgo;
  55. var cert = {};
  56. cert.signatures = {};
  57. cert.signatures.openssh = {};
  58. cert.signatures.openssh.nonce = sshbuf.readBuffer();
  59. var key = {};
  60. var parts = (key.parts = []);
  61. key.type = getAlg(algo);
  62. var partCount = algs.info[key.type].parts.length;
  63. while (parts.length < partCount)
  64. parts.push(sshbuf.readPart());
  65. assert.ok(parts.length >= 1, 'key must have at least one part');
  66. var algInfo = algs.info[key.type];
  67. if (key.type === 'ecdsa') {
  68. var res = ECDSA_ALGO.exec(algo);
  69. assert.ok(res !== null);
  70. assert.strictEqual(res[1], parts[0].data.toString());
  71. }
  72. for (var i = 0; i < algInfo.parts.length; ++i) {
  73. parts[i].name = algInfo.parts[i];
  74. if (parts[i].name !== 'curve' &&
  75. algInfo.normalize !== false) {
  76. var p = parts[i];
  77. p.data = utils.mpNormalize(p.data);
  78. }
  79. }
  80. cert.subjectKey = new Key(key);
  81. cert.serial = sshbuf.readInt64();
  82. var type = TYPES[sshbuf.readInt()];
  83. assert.string(type, 'valid cert type');
  84. cert.signatures.openssh.keyId = sshbuf.readString();
  85. var principals = [];
  86. var pbuf = sshbuf.readBuffer();
  87. var psshbuf = new SSHBuffer({ buffer: pbuf });
  88. while (!psshbuf.atEnd())
  89. principals.push(psshbuf.readString());
  90. if (principals.length === 0)
  91. principals = ['*'];
  92. cert.subjects = principals.map(function (pr) {
  93. if (type === 'user')
  94. return (Identity.forUser(pr));
  95. else if (type === 'host')
  96. return (Identity.forHost(pr));
  97. throw (new Error('Unknown identity type ' + type));
  98. });
  99. cert.validFrom = int64ToDate(sshbuf.readInt64());
  100. cert.validUntil = int64ToDate(sshbuf.readInt64());
  101. var exts = [];
  102. var extbuf = new SSHBuffer({ buffer: sshbuf.readBuffer() });
  103. var ext;
  104. while (!extbuf.atEnd()) {
  105. ext = { critical: true };
  106. ext.name = extbuf.readString();
  107. ext.data = extbuf.readBuffer();
  108. exts.push(ext);
  109. }
  110. extbuf = new SSHBuffer({ buffer: sshbuf.readBuffer() });
  111. while (!extbuf.atEnd()) {
  112. ext = { critical: false };
  113. ext.name = extbuf.readString();
  114. ext.data = extbuf.readBuffer();
  115. exts.push(ext);
  116. }
  117. cert.signatures.openssh.exts = exts;
  118. /* reserved */
  119. sshbuf.readBuffer();
  120. var signingKeyBuf = sshbuf.readBuffer();
  121. cert.issuerKey = rfc4253.read(signingKeyBuf);
  122. /*
  123. * OpenSSH certs don't give the identity of the issuer, just their
  124. * public key. So, we use an Identity that matches anything. The
  125. * isSignedBy() function will later tell you if the key matches.
  126. */
  127. cert.issuer = Identity.forHost('**');
  128. var sigBuf = sshbuf.readBuffer();
  129. cert.signatures.openssh.signature =
  130. Signature.parse(sigBuf, cert.issuerKey.type, 'ssh');
  131. if (partial !== undefined) {
  132. partial.remainder = sshbuf.remainder();
  133. partial.consumed = sshbuf._offset;
  134. }
  135. return (new Certificate(cert));
  136. }
  137. function int64ToDate(buf) {
  138. var i = buf.readUInt32BE(0) * 4294967296;
  139. i += buf.readUInt32BE(4);
  140. var d = new Date();
  141. d.setTime(i * 1000);
  142. d.sourceInt64 = buf;
  143. return (d);
  144. }
  145. function dateToInt64(date) {
  146. if (date.sourceInt64 !== undefined)
  147. return (date.sourceInt64);
  148. var i = Math.round(date.getTime() / 1000);
  149. var upper = Math.floor(i / 4294967296);
  150. var lower = Math.floor(i % 4294967296);
  151. var buf = Buffer.alloc(8);
  152. buf.writeUInt32BE(upper, 0);
  153. buf.writeUInt32BE(lower, 4);
  154. return (buf);
  155. }
  156. function sign(cert, key) {
  157. if (cert.signatures.openssh === undefined)
  158. cert.signatures.openssh = {};
  159. try {
  160. var blob = toBuffer(cert, true);
  161. } catch (e) {
  162. delete (cert.signatures.openssh);
  163. return (false);
  164. }
  165. var sig = cert.signatures.openssh;
  166. var hashAlgo = undefined;
  167. if (key.type === 'rsa' || key.type === 'dsa')
  168. hashAlgo = 'sha1';
  169. var signer = key.createSign(hashAlgo);
  170. signer.write(blob);
  171. sig.signature = signer.sign();
  172. return (true);
  173. }
  174. function signAsync(cert, signer, done) {
  175. if (cert.signatures.openssh === undefined)
  176. cert.signatures.openssh = {};
  177. try {
  178. var blob = toBuffer(cert, true);
  179. } catch (e) {
  180. delete (cert.signatures.openssh);
  181. done(e);
  182. return;
  183. }
  184. var sig = cert.signatures.openssh;
  185. signer(blob, function (err, signature) {
  186. if (err) {
  187. done(err);
  188. return;
  189. }
  190. try {
  191. /*
  192. * This will throw if the signature isn't of a
  193. * type/algo that can be used for SSH.
  194. */
  195. signature.toBuffer('ssh');
  196. } catch (e) {
  197. done(e);
  198. return;
  199. }
  200. sig.signature = signature;
  201. done();
  202. });
  203. }
  204. function write(cert, options) {
  205. if (options === undefined)
  206. options = {};
  207. var blob = toBuffer(cert);
  208. var out = getCertType(cert.subjectKey) + ' ' + blob.toString('base64');
  209. if (options.comment)
  210. out = out + ' ' + options.comment;
  211. return (out);
  212. }
  213. function toBuffer(cert, noSig) {
  214. assert.object(cert.signatures.openssh, 'signature for openssh format');
  215. var sig = cert.signatures.openssh;
  216. if (sig.nonce === undefined)
  217. sig.nonce = crypto.randomBytes(16);
  218. var buf = new SSHBuffer({});
  219. buf.writeString(getCertType(cert.subjectKey));
  220. buf.writeBuffer(sig.nonce);
  221. var key = cert.subjectKey;
  222. var algInfo = algs.info[key.type];
  223. algInfo.parts.forEach(function (part) {
  224. buf.writePart(key.part[part]);
  225. });
  226. buf.writeInt64(cert.serial);
  227. var type = cert.subjects[0].type;
  228. assert.notStrictEqual(type, 'unknown');
  229. cert.subjects.forEach(function (id) {
  230. assert.strictEqual(id.type, type);
  231. });
  232. type = TYPES[type];
  233. buf.writeInt(type);
  234. if (sig.keyId === undefined) {
  235. sig.keyId = cert.subjects[0].type + '_' +
  236. (cert.subjects[0].uid || cert.subjects[0].hostname);
  237. }
  238. buf.writeString(sig.keyId);
  239. var sub = new SSHBuffer({});
  240. cert.subjects.forEach(function (id) {
  241. if (type === TYPES.host)
  242. sub.writeString(id.hostname);
  243. else if (type === TYPES.user)
  244. sub.writeString(id.uid);
  245. });
  246. buf.writeBuffer(sub.toBuffer());
  247. buf.writeInt64(dateToInt64(cert.validFrom));
  248. buf.writeInt64(dateToInt64(cert.validUntil));
  249. var exts = sig.exts;
  250. if (exts === undefined)
  251. exts = [];
  252. var extbuf = new SSHBuffer({});
  253. exts.forEach(function (ext) {
  254. if (ext.critical !== true)
  255. return;
  256. extbuf.writeString(ext.name);
  257. extbuf.writeBuffer(ext.data);
  258. });
  259. buf.writeBuffer(extbuf.toBuffer());
  260. extbuf = new SSHBuffer({});
  261. exts.forEach(function (ext) {
  262. if (ext.critical === true)
  263. return;
  264. extbuf.writeString(ext.name);
  265. extbuf.writeBuffer(ext.data);
  266. });
  267. buf.writeBuffer(extbuf.toBuffer());
  268. /* reserved */
  269. buf.writeBuffer(Buffer.alloc(0));
  270. sub = rfc4253.write(cert.issuerKey);
  271. buf.writeBuffer(sub);
  272. if (!noSig)
  273. buf.writeBuffer(sig.signature.toBuffer('ssh'));
  274. return (buf.toBuffer());
  275. }
  276. function getAlg(certType) {
  277. if (certType === 'ssh-rsa-cert-v01@openssh.com')
  278. return ('rsa');
  279. if (certType === 'ssh-dss-cert-v01@openssh.com')
  280. return ('dsa');
  281. if (certType.match(ECDSA_ALGO))
  282. return ('ecdsa');
  283. if (certType === 'ssh-ed25519-cert-v01@openssh.com')
  284. return ('ed25519');
  285. throw (new Error('Unsupported cert type ' + certType));
  286. }
  287. function getCertType(key) {
  288. if (key.type === 'rsa')
  289. return ('ssh-rsa-cert-v01@openssh.com');
  290. if (key.type === 'dsa')
  291. return ('ssh-dss-cert-v01@openssh.com');
  292. if (key.type === 'ecdsa')
  293. return ('ecdsa-sha2-' + key.curve + '-cert-v01@openssh.com');
  294. if (key.type === 'ed25519')
  295. return ('ssh-ed25519-cert-v01@openssh.com');
  296. throw (new Error('Unsupported key type ' + key.type));
  297. }