mirror of
https://github.com/titanscouting/tra-analysis.git
synced 2025-07-27 13:18:49 +00:00
.github
apps
data analysis
website
functions
node_modules
.bin
@firebase
@google-cloud
@grpc
@mrmlnc
@nodelib
@protobufjs
@types
accepts
acorn
acorn-es7-plugin
ajv
ansi-regex
arr-diff
arr-flatten
arr-union
array-filter
array-flatten
array-union
array-uniq
array-unique
arrify
ascli
asn1
assert-plus
assign-symbols
async
asynckit
atob
aws-sign2
aws4
axios
balanced-match
base
bcrypt-pbkdf
body-parser
brace-expansion
braces
buffer-equal-constant-time
buffer-from
bun
bytebuffer
bytes
cache-base
call-me-maybe
call-signature
camelcase
capture-stack-trace
caseless
class-utils
cliui
code-point-at
collection-visit
colour
combined-stream
component-emitter
compressible
concat-map
concat-stream
configstore
content-disposition
content-type
cookie
cookie-signature
copy-descriptor
core-js
core-util-is
cors
create-error-class
crypto-random-string
dashdash
debug
decamelize
decode-uri-component
deep-equal
define-properties
define-property
delayed-stream
depd
destroy
diff-match-patch
dir-glob
dom-storage
dot-prop
duplexify
eastasianwidth
ecc-jsbn
ecdsa-sig-formatter
ee-first
empower
empower-core
encodeurl
end-of-stream
ent
escape-html
espurify
estraverse
etag
expand-brackets
express
extend
extend-shallow
extglob
extsprintf
fast-deep-equal
fast-glob
fast-json-stable-stringify
faye-websocket
fill-range
finalhandler
firebase-admin
firebase-functions
follow-redirects
for-in
forever-agent
form-data
forwarded
fragment-cache
fresh
fs.realpath
functional-red-black-tree
gcp-metadata
gcs-resumable-upload
get-value
getpass
glob
glob-parent
glob-to-regexp
globby
google-auth-library
google-auto-auth
google-gax
google-p12-pem
google-proto-files
graceful-fs
grpc
gtoken
har-schema
har-validator
has-value
has-values
hash-stream-validation
http-errors
http-parser-js
http-signature
iconv-lite
ignore
imurmurhash
indexof
inflight
inherits
invert-kv
ipaddr.js
is
is-accessor-descriptor
is-buffer
is-data-descriptor
is-descriptor
is-extendable
is-extglob
is-fullwidth-code-point
is-glob
is-number
is-obj
is-plain-object
is-stream-ended
is-typedarray
is-windows
isarray
isobject
isstream
jsbn
json-schema
json-schema-traverse
json-stringify-safe
jsonwebtoken
jsprim
jwa
jws
kind-of
lcid
lodash
lodash.camelcase
lodash.clone
lodash.includes
lodash.isboolean
lodash.isinteger
lodash.isnumber
lodash.isplainobject
lodash.isstring
lodash.merge
lodash.once
log-driver
long
lru-cache
make-dir
map-cache
map-visit
media-typer
merge-descriptors
merge2
methmeth
methods
micromatch
mime
mime-db
mime-types
minimatch
mixin-deep
modelo
ms
nan
nanomatch
negotiator
node-forge
number-is-nan
oauth-sign
object-assign
object-copy
object-keys
object-visit
object.pick
on-finished
once
optjs
os-locale
parseurl
pascalcase
path-dirname
path-is-absolute
path-to-regexp
path-type
performance-now
pify
posix-character-classes
power-assert
power-assert-context-formatter
power-assert-context-reducer-ast
power-assert-context-traversal
power-assert-formatter
power-assert-renderer-assertion
power-assert-renderer-base
power-assert-renderer-comparison
power-assert-renderer-diagram
power-assert-renderer-file
power-assert-util-string-width
process-nextick-args
protobufjs
proxy-addr
pseudomap
psl
pump
pumpify
punycode
qs
range-parser
raw-body
readable-stream
regex-not
repeat-element
repeat-string
request
resolve-url
ret
retry-axios
retry-request
safe-buffer
safe-regex
safer-buffer
send
serve-static
set-value
setprototypeof
signal-exit
slash
snakeize
snapdragon
snapdragon-node
snapdragon-util
source-map
source-map-resolve
source-map-url
split-array-stream
split-string
sshpk
bin
lib
formats
auto.js
dnssec.js
openssh-cert.js
pem.js
pkcs1.js
pkcs8.js
putty.js
rfc4253.js
ssh-private.js
ssh.js
x509-pem.js
x509.js
algs.js
certificate.js
dhe.js
ed-compat.js
errors.js
fingerprint.js
identity.js
index.js
key.js
private-key.js
signature.js
ssh-buffer.js
utils.js
man
.npmignore
.travis.yml
LICENSE
README.md
package.json
static-extend
statuses
stream-events
stream-shift
string-format-obj
string-width
string_decoder
stringifier
strip-ansi
stubs
through2
to-object-path
to-regex
to-regex-range
tough-cookie
traverse
tslib
tunnel-agent
tweetnacl
type-is
type-name
typedarray
union-value
unique-string
universal-deep-strict-equal
unpipe
unset-value
uri-js
urix
use
util-deprecate
utils-merge
uuid
vary
verror
websocket-driver
websocket-extensions
window-size
wrap-ansi
wrappy
write-file-atomic
xdg-basedir
xmlhttprequest
xtend
y18n
yallist
yargs
index.js
package-lock.json
package.json
node_modules
public
.firebaserc
.gitignore
.runtimeconfig.json
firebase.json
firestore.indexes.json
firestore.rules
package-lock.json
.gitattributes
.gitignore
CONTRIBUTING.md
LICENSE
README.md
263 lines
6.8 KiB
JavaScript
263 lines
6.8 KiB
JavaScript
// Copyright 2015 Joyent, Inc.
|
|
|
|
module.exports = {
|
|
read: read,
|
|
readSSHPrivate: readSSHPrivate,
|
|
write: write
|
|
};
|
|
|
|
var assert = require('assert-plus');
|
|
var asn1 = require('asn1');
|
|
var Buffer = require('safer-buffer').Buffer;
|
|
var algs = require('../algs');
|
|
var utils = require('../utils');
|
|
var crypto = require('crypto');
|
|
|
|
var Key = require('../key');
|
|
var PrivateKey = require('../private-key');
|
|
var pem = require('./pem');
|
|
var rfc4253 = require('./rfc4253');
|
|
var SSHBuffer = require('../ssh-buffer');
|
|
var errors = require('../errors');
|
|
|
|
var bcrypt;
|
|
|
|
function read(buf, options) {
|
|
return (pem.read(buf, options));
|
|
}
|
|
|
|
var MAGIC = 'openssh-key-v1';
|
|
|
|
function readSSHPrivate(type, buf, options) {
|
|
buf = new SSHBuffer({buffer: buf});
|
|
|
|
var magic = buf.readCString();
|
|
assert.strictEqual(magic, MAGIC, 'bad magic string');
|
|
|
|
var cipher = buf.readString();
|
|
var kdf = buf.readString();
|
|
var kdfOpts = buf.readBuffer();
|
|
|
|
var nkeys = buf.readInt();
|
|
if (nkeys !== 1) {
|
|
throw (new Error('OpenSSH-format key file contains ' +
|
|
'multiple keys: this is unsupported.'));
|
|
}
|
|
|
|
var pubKey = buf.readBuffer();
|
|
|
|
if (type === 'public') {
|
|
assert.ok(buf.atEnd(), 'excess bytes left after key');
|
|
return (rfc4253.read(pubKey));
|
|
}
|
|
|
|
var privKeyBlob = buf.readBuffer();
|
|
assert.ok(buf.atEnd(), 'excess bytes left after key');
|
|
|
|
var kdfOptsBuf = new SSHBuffer({ buffer: kdfOpts });
|
|
switch (kdf) {
|
|
case 'none':
|
|
if (cipher !== 'none') {
|
|
throw (new Error('OpenSSH-format key uses KDF "none" ' +
|
|
'but specifies a cipher other than "none"'));
|
|
}
|
|
break;
|
|
case 'bcrypt':
|
|
var salt = kdfOptsBuf.readBuffer();
|
|
var rounds = kdfOptsBuf.readInt();
|
|
var cinf = utils.opensshCipherInfo(cipher);
|
|
if (bcrypt === undefined) {
|
|
bcrypt = require('bcrypt-pbkdf');
|
|
}
|
|
|
|
if (typeof (options.passphrase) === 'string') {
|
|
options.passphrase = Buffer.from(options.passphrase,
|
|
'utf-8');
|
|
}
|
|
if (!Buffer.isBuffer(options.passphrase)) {
|
|
throw (new errors.KeyEncryptedError(
|
|
options.filename, 'OpenSSH'));
|
|
}
|
|
|
|
var pass = new Uint8Array(options.passphrase);
|
|
var salti = new Uint8Array(salt);
|
|
/* Use the pbkdf to derive both the key and the IV. */
|
|
var out = new Uint8Array(cinf.keySize + cinf.blockSize);
|
|
var res = bcrypt.pbkdf(pass, pass.length, salti, salti.length,
|
|
out, out.length, rounds);
|
|
if (res !== 0) {
|
|
throw (new Error('bcrypt_pbkdf function returned ' +
|
|
'failure, parameters invalid'));
|
|
}
|
|
out = Buffer.from(out);
|
|
var ckey = out.slice(0, cinf.keySize);
|
|
var iv = out.slice(cinf.keySize, cinf.keySize + cinf.blockSize);
|
|
var cipherStream = crypto.createDecipheriv(cinf.opensslName,
|
|
ckey, iv);
|
|
cipherStream.setAutoPadding(false);
|
|
var chunk, chunks = [];
|
|
cipherStream.once('error', function (e) {
|
|
if (e.toString().indexOf('bad decrypt') !== -1) {
|
|
throw (new Error('Incorrect passphrase ' +
|
|
'supplied, could not decrypt key'));
|
|
}
|
|
throw (e);
|
|
});
|
|
cipherStream.write(privKeyBlob);
|
|
cipherStream.end();
|
|
while ((chunk = cipherStream.read()) !== null)
|
|
chunks.push(chunk);
|
|
privKeyBlob = Buffer.concat(chunks);
|
|
break;
|
|
default:
|
|
throw (new Error(
|
|
'OpenSSH-format key uses unknown KDF "' + kdf + '"'));
|
|
}
|
|
|
|
buf = new SSHBuffer({buffer: privKeyBlob});
|
|
|
|
var checkInt1 = buf.readInt();
|
|
var checkInt2 = buf.readInt();
|
|
if (checkInt1 !== checkInt2) {
|
|
throw (new Error('Incorrect passphrase supplied, could not ' +
|
|
'decrypt key'));
|
|
}
|
|
|
|
var ret = {};
|
|
var key = rfc4253.readInternal(ret, 'private', buf.remainder());
|
|
|
|
buf.skip(ret.consumed);
|
|
|
|
var comment = buf.readString();
|
|
key.comment = comment;
|
|
|
|
return (key);
|
|
}
|
|
|
|
function write(key, options) {
|
|
var pubKey;
|
|
if (PrivateKey.isPrivateKey(key))
|
|
pubKey = key.toPublic();
|
|
else
|
|
pubKey = key;
|
|
|
|
var cipher = 'none';
|
|
var kdf = 'none';
|
|
var kdfopts = Buffer.alloc(0);
|
|
var cinf = { blockSize: 8 };
|
|
var passphrase;
|
|
if (options !== undefined) {
|
|
passphrase = options.passphrase;
|
|
if (typeof (passphrase) === 'string')
|
|
passphrase = Buffer.from(passphrase, 'utf-8');
|
|
if (passphrase !== undefined) {
|
|
assert.buffer(passphrase, 'options.passphrase');
|
|
assert.optionalString(options.cipher, 'options.cipher');
|
|
cipher = options.cipher;
|
|
if (cipher === undefined)
|
|
cipher = 'aes128-ctr';
|
|
cinf = utils.opensshCipherInfo(cipher);
|
|
kdf = 'bcrypt';
|
|
}
|
|
}
|
|
|
|
var privBuf;
|
|
if (PrivateKey.isPrivateKey(key)) {
|
|
privBuf = new SSHBuffer({});
|
|
var checkInt = crypto.randomBytes(4).readUInt32BE(0);
|
|
privBuf.writeInt(checkInt);
|
|
privBuf.writeInt(checkInt);
|
|
privBuf.write(key.toBuffer('rfc4253'));
|
|
privBuf.writeString(key.comment || '');
|
|
|
|
var n = 1;
|
|
while (privBuf._offset % cinf.blockSize !== 0)
|
|
privBuf.writeChar(n++);
|
|
privBuf = privBuf.toBuffer();
|
|
}
|
|
|
|
switch (kdf) {
|
|
case 'none':
|
|
break;
|
|
case 'bcrypt':
|
|
var salt = crypto.randomBytes(16);
|
|
var rounds = 16;
|
|
var kdfssh = new SSHBuffer({});
|
|
kdfssh.writeBuffer(salt);
|
|
kdfssh.writeInt(rounds);
|
|
kdfopts = kdfssh.toBuffer();
|
|
|
|
if (bcrypt === undefined) {
|
|
bcrypt = require('bcrypt-pbkdf');
|
|
}
|
|
var pass = new Uint8Array(passphrase);
|
|
var salti = new Uint8Array(salt);
|
|
/* Use the pbkdf to derive both the key and the IV. */
|
|
var out = new Uint8Array(cinf.keySize + cinf.blockSize);
|
|
var res = bcrypt.pbkdf(pass, pass.length, salti, salti.length,
|
|
out, out.length, rounds);
|
|
if (res !== 0) {
|
|
throw (new Error('bcrypt_pbkdf function returned ' +
|
|
'failure, parameters invalid'));
|
|
}
|
|
out = Buffer.from(out);
|
|
var ckey = out.slice(0, cinf.keySize);
|
|
var iv = out.slice(cinf.keySize, cinf.keySize + cinf.blockSize);
|
|
|
|
var cipherStream = crypto.createCipheriv(cinf.opensslName,
|
|
ckey, iv);
|
|
cipherStream.setAutoPadding(false);
|
|
var chunk, chunks = [];
|
|
cipherStream.once('error', function (e) {
|
|
throw (e);
|
|
});
|
|
cipherStream.write(privBuf);
|
|
cipherStream.end();
|
|
while ((chunk = cipherStream.read()) !== null)
|
|
chunks.push(chunk);
|
|
privBuf = Buffer.concat(chunks);
|
|
break;
|
|
default:
|
|
throw (new Error('Unsupported kdf ' + kdf));
|
|
}
|
|
|
|
var buf = new SSHBuffer({});
|
|
|
|
buf.writeCString(MAGIC);
|
|
buf.writeString(cipher); /* cipher */
|
|
buf.writeString(kdf); /* kdf */
|
|
buf.writeBuffer(kdfopts); /* kdfoptions */
|
|
|
|
buf.writeInt(1); /* nkeys */
|
|
buf.writeBuffer(pubKey.toBuffer('rfc4253'));
|
|
|
|
if (privBuf)
|
|
buf.writeBuffer(privBuf);
|
|
|
|
buf = buf.toBuffer();
|
|
|
|
var header;
|
|
if (PrivateKey.isPrivateKey(key))
|
|
header = 'OPENSSH PRIVATE KEY';
|
|
else
|
|
header = 'OPENSSH PUBLIC KEY';
|
|
|
|
var tmp = buf.toString('base64');
|
|
var len = tmp.length + (tmp.length / 70) +
|
|
18 + 16 + header.length*2 + 10;
|
|
buf = Buffer.alloc(len);
|
|
var o = 0;
|
|
o += buf.write('-----BEGIN ' + header + '-----\n', o);
|
|
for (var i = 0; i < tmp.length; ) {
|
|
var limit = i + 70;
|
|
if (limit > tmp.length)
|
|
limit = tmp.length;
|
|
o += buf.write(tmp.slice(i, limit), o);
|
|
buf[o++] = 10;
|
|
i = limit;
|
|
}
|
|
o += buf.write('-----END ' + header + '-----\n', o);
|
|
|
|
return (buf.slice(0, o));
|
|
}
|