1
0
mirror of https://github.com/titanscouting/tra-analysis.git synced 2025-07-27 13:18:49 +00:00
Files
.github
apps
data analysis
website
functions
node_modules
.bin
@firebase
@google-cloud
@grpc
@mrmlnc
@nodelib
@protobufjs
@types
accepts
acorn
acorn-es7-plugin
ajv
ansi-regex
arr-diff
arr-flatten
arr-union
array-filter
array-flatten
array-union
array-uniq
array-unique
arrify
ascli
asn1
assert-plus
assign-symbols
async
asynckit
atob
aws-sign2
aws4
axios
balanced-match
base
bcrypt-pbkdf
body-parser
brace-expansion
braces
buffer-equal-constant-time
buffer-from
bun
bytebuffer
bytes
cache-base
call-me-maybe
call-signature
camelcase
capture-stack-trace
caseless
class-utils
cliui
code-point-at
collection-visit
colour
combined-stream
component-emitter
compressible
concat-map
concat-stream
configstore
content-disposition
content-type
cookie
cookie-signature
copy-descriptor
core-js
core-util-is
cors
create-error-class
crypto-random-string
dashdash
debug
decamelize
decode-uri-component
deep-equal
define-properties
define-property
delayed-stream
depd
destroy
diff-match-patch
dir-glob
dom-storage
dot-prop
duplexify
eastasianwidth
ecc-jsbn
ecdsa-sig-formatter
ee-first
empower
empower-core
encodeurl
end-of-stream
ent
escape-html
espurify
estraverse
etag
expand-brackets
express
extend
extend-shallow
extglob
extsprintf
fast-deep-equal
fast-glob
fast-json-stable-stringify
faye-websocket
fill-range
finalhandler
firebase-admin
firebase-functions
follow-redirects
for-in
forever-agent
form-data
forwarded
fragment-cache
fresh
fs.realpath
functional-red-black-tree
gcp-metadata
gcs-resumable-upload
get-value
getpass
glob
glob-parent
glob-to-regexp
globby
google-auth-library
google-auto-auth
google-gax
google-p12-pem
google-proto-files
graceful-fs
grpc
gtoken
har-schema
har-validator
has-value
has-values
hash-stream-validation
http-errors
http-parser-js
http-signature
iconv-lite
ignore
imurmurhash
indexof
inflight
inherits
invert-kv
ipaddr.js
is
is-accessor-descriptor
is-buffer
is-data-descriptor
is-descriptor
is-extendable
is-extglob
is-fullwidth-code-point
is-glob
is-number
is-obj
is-plain-object
is-stream-ended
is-typedarray
is-windows
isarray
isobject
isstream
jsbn
json-schema
json-schema-traverse
json-stringify-safe
jsonwebtoken
jsprim
jwa
jws
kind-of
lcid
lodash
lodash.camelcase
lodash.clone
lodash.includes
lodash.isboolean
lodash.isinteger
lodash.isnumber
lodash.isplainobject
lodash.isstring
lodash.merge
lodash.once
log-driver
long
lru-cache
make-dir
map-cache
map-visit
media-typer
merge-descriptors
merge2
methmeth
methods
micromatch
mime
mime-db
mime-types
minimatch
mixin-deep
modelo
ms
nan
nanomatch
negotiator
node-forge
number-is-nan
oauth-sign
object-assign
object-copy
object-keys
object-visit
object.pick
on-finished
once
optjs
os-locale
parseurl
pascalcase
path-dirname
path-is-absolute
path-to-regexp
path-type
performance-now
pify
posix-character-classes
power-assert
power-assert-context-formatter
power-assert-context-reducer-ast
power-assert-context-traversal
power-assert-formatter
power-assert-renderer-assertion
power-assert-renderer-base
power-assert-renderer-comparison
power-assert-renderer-diagram
power-assert-renderer-file
power-assert-util-string-width
process-nextick-args
protobufjs
proxy-addr
pseudomap
psl
pump
pumpify
punycode
qs
range-parser
raw-body
readable-stream
regex-not
repeat-element
repeat-string
request
resolve-url
ret
retry-axios
retry-request
safe-buffer
safe-regex
safer-buffer
send
serve-static
set-value
setprototypeof
signal-exit
slash
snakeize
snapdragon
snapdragon-node
snapdragon-util
source-map
source-map-resolve
source-map-url
split-array-stream
split-string
sshpk
bin
lib
formats
auto.js
dnssec.js
openssh-cert.js
pem.js
pkcs1.js
pkcs8.js
putty.js
rfc4253.js
ssh-private.js
ssh.js
x509-pem.js
x509.js
algs.js
certificate.js
dhe.js
ed-compat.js
errors.js
fingerprint.js
identity.js
index.js
key.js
private-key.js
signature.js
ssh-buffer.js
utils.js
man
.npmignore
.travis.yml
LICENSE
README.md
package.json
static-extend
statuses
stream-events
stream-shift
string-format-obj
string-width
string_decoder
stringifier
strip-ansi
stubs
through2
to-object-path
to-regex
to-regex-range
tough-cookie
traverse
tslib
tunnel-agent
tweetnacl
type-is
type-name
typedarray
union-value
unique-string
universal-deep-strict-equal
unpipe
unset-value
uri-js
urix
use
util-deprecate
utils-merge
uuid
vary
verror
websocket-driver
websocket-extensions
window-size
wrap-ansi
wrappy
write-file-atomic
xdg-basedir
xmlhttprequest
xtend
y18n
yallist
yargs
index.js
package-lock.json
package.json
node_modules
public
.firebaserc
.gitignore
.runtimeconfig.json
firebase.json
firestore.indexes.json
firestore.rules
package-lock.json
.gitattributes
.gitignore
CONTRIBUTING.md
LICENSE
README.md
tra-analysis/website/functions/node_modules/sshpk/lib/formats/ssh-private.js
2019-01-06 13:14:45 -06:00

263 lines
6.8 KiB
JavaScript

// Copyright 2015 Joyent, Inc.
module.exports = {
read: read,
readSSHPrivate: readSSHPrivate,
write: write
};
var assert = require('assert-plus');
var asn1 = require('asn1');
var Buffer = require('safer-buffer').Buffer;
var algs = require('../algs');
var utils = require('../utils');
var crypto = require('crypto');
var Key = require('../key');
var PrivateKey = require('../private-key');
var pem = require('./pem');
var rfc4253 = require('./rfc4253');
var SSHBuffer = require('../ssh-buffer');
var errors = require('../errors');
var bcrypt;
function read(buf, options) {
return (pem.read(buf, options));
}
var MAGIC = 'openssh-key-v1';
function readSSHPrivate(type, buf, options) {
buf = new SSHBuffer({buffer: buf});
var magic = buf.readCString();
assert.strictEqual(magic, MAGIC, 'bad magic string');
var cipher = buf.readString();
var kdf = buf.readString();
var kdfOpts = buf.readBuffer();
var nkeys = buf.readInt();
if (nkeys !== 1) {
throw (new Error('OpenSSH-format key file contains ' +
'multiple keys: this is unsupported.'));
}
var pubKey = buf.readBuffer();
if (type === 'public') {
assert.ok(buf.atEnd(), 'excess bytes left after key');
return (rfc4253.read(pubKey));
}
var privKeyBlob = buf.readBuffer();
assert.ok(buf.atEnd(), 'excess bytes left after key');
var kdfOptsBuf = new SSHBuffer({ buffer: kdfOpts });
switch (kdf) {
case 'none':
if (cipher !== 'none') {
throw (new Error('OpenSSH-format key uses KDF "none" ' +
'but specifies a cipher other than "none"'));
}
break;
case 'bcrypt':
var salt = kdfOptsBuf.readBuffer();
var rounds = kdfOptsBuf.readInt();
var cinf = utils.opensshCipherInfo(cipher);
if (bcrypt === undefined) {
bcrypt = require('bcrypt-pbkdf');
}
if (typeof (options.passphrase) === 'string') {
options.passphrase = Buffer.from(options.passphrase,
'utf-8');
}
if (!Buffer.isBuffer(options.passphrase)) {
throw (new errors.KeyEncryptedError(
options.filename, 'OpenSSH'));
}
var pass = new Uint8Array(options.passphrase);
var salti = new Uint8Array(salt);
/* Use the pbkdf to derive both the key and the IV. */
var out = new Uint8Array(cinf.keySize + cinf.blockSize);
var res = bcrypt.pbkdf(pass, pass.length, salti, salti.length,
out, out.length, rounds);
if (res !== 0) {
throw (new Error('bcrypt_pbkdf function returned ' +
'failure, parameters invalid'));
}
out = Buffer.from(out);
var ckey = out.slice(0, cinf.keySize);
var iv = out.slice(cinf.keySize, cinf.keySize + cinf.blockSize);
var cipherStream = crypto.createDecipheriv(cinf.opensslName,
ckey, iv);
cipherStream.setAutoPadding(false);
var chunk, chunks = [];
cipherStream.once('error', function (e) {
if (e.toString().indexOf('bad decrypt') !== -1) {
throw (new Error('Incorrect passphrase ' +
'supplied, could not decrypt key'));
}
throw (e);
});
cipherStream.write(privKeyBlob);
cipherStream.end();
while ((chunk = cipherStream.read()) !== null)
chunks.push(chunk);
privKeyBlob = Buffer.concat(chunks);
break;
default:
throw (new Error(
'OpenSSH-format key uses unknown KDF "' + kdf + '"'));
}
buf = new SSHBuffer({buffer: privKeyBlob});
var checkInt1 = buf.readInt();
var checkInt2 = buf.readInt();
if (checkInt1 !== checkInt2) {
throw (new Error('Incorrect passphrase supplied, could not ' +
'decrypt key'));
}
var ret = {};
var key = rfc4253.readInternal(ret, 'private', buf.remainder());
buf.skip(ret.consumed);
var comment = buf.readString();
key.comment = comment;
return (key);
}
function write(key, options) {
var pubKey;
if (PrivateKey.isPrivateKey(key))
pubKey = key.toPublic();
else
pubKey = key;
var cipher = 'none';
var kdf = 'none';
var kdfopts = Buffer.alloc(0);
var cinf = { blockSize: 8 };
var passphrase;
if (options !== undefined) {
passphrase = options.passphrase;
if (typeof (passphrase) === 'string')
passphrase = Buffer.from(passphrase, 'utf-8');
if (passphrase !== undefined) {
assert.buffer(passphrase, 'options.passphrase');
assert.optionalString(options.cipher, 'options.cipher');
cipher = options.cipher;
if (cipher === undefined)
cipher = 'aes128-ctr';
cinf = utils.opensshCipherInfo(cipher);
kdf = 'bcrypt';
}
}
var privBuf;
if (PrivateKey.isPrivateKey(key)) {
privBuf = new SSHBuffer({});
var checkInt = crypto.randomBytes(4).readUInt32BE(0);
privBuf.writeInt(checkInt);
privBuf.writeInt(checkInt);
privBuf.write(key.toBuffer('rfc4253'));
privBuf.writeString(key.comment || '');
var n = 1;
while (privBuf._offset % cinf.blockSize !== 0)
privBuf.writeChar(n++);
privBuf = privBuf.toBuffer();
}
switch (kdf) {
case 'none':
break;
case 'bcrypt':
var salt = crypto.randomBytes(16);
var rounds = 16;
var kdfssh = new SSHBuffer({});
kdfssh.writeBuffer(salt);
kdfssh.writeInt(rounds);
kdfopts = kdfssh.toBuffer();
if (bcrypt === undefined) {
bcrypt = require('bcrypt-pbkdf');
}
var pass = new Uint8Array(passphrase);
var salti = new Uint8Array(salt);
/* Use the pbkdf to derive both the key and the IV. */
var out = new Uint8Array(cinf.keySize + cinf.blockSize);
var res = bcrypt.pbkdf(pass, pass.length, salti, salti.length,
out, out.length, rounds);
if (res !== 0) {
throw (new Error('bcrypt_pbkdf function returned ' +
'failure, parameters invalid'));
}
out = Buffer.from(out);
var ckey = out.slice(0, cinf.keySize);
var iv = out.slice(cinf.keySize, cinf.keySize + cinf.blockSize);
var cipherStream = crypto.createCipheriv(cinf.opensslName,
ckey, iv);
cipherStream.setAutoPadding(false);
var chunk, chunks = [];
cipherStream.once('error', function (e) {
throw (e);
});
cipherStream.write(privBuf);
cipherStream.end();
while ((chunk = cipherStream.read()) !== null)
chunks.push(chunk);
privBuf = Buffer.concat(chunks);
break;
default:
throw (new Error('Unsupported kdf ' + kdf));
}
var buf = new SSHBuffer({});
buf.writeCString(MAGIC);
buf.writeString(cipher); /* cipher */
buf.writeString(kdf); /* kdf */
buf.writeBuffer(kdfopts); /* kdfoptions */
buf.writeInt(1); /* nkeys */
buf.writeBuffer(pubKey.toBuffer('rfc4253'));
if (privBuf)
buf.writeBuffer(privBuf);
buf = buf.toBuffer();
var header;
if (PrivateKey.isPrivateKey(key))
header = 'OPENSSH PRIVATE KEY';
else
header = 'OPENSSH PUBLIC KEY';
var tmp = buf.toString('base64');
var len = tmp.length + (tmp.length / 70) +
18 + 16 + header.length*2 + 10;
buf = Buffer.alloc(len);
var o = 0;
o += buf.write('-----BEGIN ' + header + '-----\n', o);
for (var i = 0; i < tmp.length; ) {
var limit = i + 70;
if (limit > tmp.length)
limit = tmp.length;
o += buf.write(tmp.slice(i, limit), o);
buf[o++] = 10;
i = limit;
}
o += buf.write('-----END ' + header + '-----\n', o);
return (buf.slice(0, o));
}