/**
* Functions to output keys in SSH-friendly formats.
*
* This is part of the Forge project which may be used under the terms of
* either the BSD License or the GNU General Public License (GPL) Version 2.
*
* See: https://github.com/digitalbazaar/forge/blob/cbebca3780658703d925b61b2caffb1d263a6c1d/LICENSE
*
* @author https://github.com/shellac
*/
var forge = require('./forge');
require('./aes');
require('./hmac');
require('./md5');
require('./sha1');
require('./util');
var ssh = module.exports = forge.ssh = forge.ssh || {};
/**
* Encodes (and optionally encrypts) a private RSA key as a Putty PPK file.
*
* @param privateKey the key.
* @param passphrase a passphrase to protect the key (falsy for no encryption).
* @param comment a comment to include in the key file.
*
* @return the PPK file as a string.
*/
ssh.privateKeyToPutty = function(privateKey, passphrase, comment) {
comment = comment || '';
passphrase = passphrase || '';
var algorithm = 'ssh-rsa';
var encryptionAlgorithm = (passphrase === '') ? 'none' : 'aes256-cbc';
var ppk = 'PuTTY-User-Key-File-2: ' + algorithm + '\r\n';
ppk += 'Encryption: ' + encryptionAlgorithm + '\r\n';
ppk += 'Comment: ' + comment + '\r\n';
// public key into buffer for ppk
var pubbuffer = forge.util.createBuffer();
_addStringToBuffer(pubbuffer, algorithm);
_addBigIntegerToBuffer(pubbuffer, privateKey.e);
_addBigIntegerToBuffer(pubbuffer, privateKey.n);
// write public key
var pub = forge.util.encode64(pubbuffer.bytes(), 64);
var length = Math.floor(pub.length / 66) + 1; // 66 = 64 + \r\n
ppk += 'Public-Lines: ' + length + '\r\n';
ppk += pub;
// private key into a buffer
var privbuffer = forge.util.createBuffer();
_addBigIntegerToBuffer(privbuffer, privateKey.d);
_addBigIntegerToBuffer(privbuffer, privateKey.p);
_addBigIntegerToBuffer(privbuffer, privateKey.q);
_addBigIntegerToBuffer(privbuffer, privateKey.qInv);
// optionally encrypt the private key
var priv;
if(!passphrase) {
// use the unencrypted buffer
priv = forge.util.encode64(privbuffer.bytes(), 64);
} else {
// encrypt RSA key using passphrase
var encLen = privbuffer.length() + 16 - 1;
encLen -= encLen % 16;
// pad private key with sha1-d data -- needs to be a multiple of 16
var padding = _sha1(privbuffer.bytes());
padding.truncate(padding.length() - encLen + privbuffer.length());
privbuffer.putBuffer(padding);
var aeskey = forge.util.createBuffer();
aeskey.putBuffer(_sha1('\x00\x00\x00\x00', passphrase));
aeskey.putBuffer(_sha1('\x00\x00\x00\x01', passphrase));
// encrypt some bytes using CBC mode
// key is 40 bytes, so truncate *by* 8 bytes
var cipher = forge.aes.createEncryptionCipher(aeskey.truncate(8), 'CBC');
cipher.start(forge.util.createBuffer().fillWithByte(0, 16));
cipher.update(privbuffer.copy());
cipher.finish();
var encrypted = cipher.output;
// Note: this appears to differ from Putty -- is forge wrong, or putty?
// due to padding we finish as an exact multiple of 16
encrypted.truncate(16); // all padding
priv = forge.util.encode64(encrypted.bytes(), 64);
}
// output private key
length = Math.floor(priv.length / 66) + 1; // 64 + \r\n
ppk += '\r\nPrivate-Lines: ' + length + '\r\n';
ppk += priv;
// MAC
var mackey = _sha1('putty-private-key-file-mac-key', passphrase);
var macbuffer = forge.util.createBuffer();
_addStringToBuffer(macbuffer, algorithm);
_addStringToBuffer(macbuffer, encryptionAlgorithm);
_addStringToBuffer(macbuffer, comment);
macbuffer.putInt32(pubbuffer.length());
macbuffer.putBuffer(pubbuffer);
macbuffer.putInt32(privbuffer.length());
macbuffer.putBuffer(privbuffer);
var hmac = forge.hmac.create();
hmac.start('sha1', mackey);
hmac.update(macbuffer.bytes());
ppk += '\r\nPrivate-MAC: ' + hmac.digest().toHex() + '\r\n';
return ppk;
};
/**
* Encodes a public RSA key as an OpenSSH file.
*
* @param key the key.
* @param comment a comment.
*
* @return the public key in OpenSSH format.
*/
ssh.publicKeyToOpenSSH = function(key, comment) {
var type = 'ssh-rsa';
comment = comment || '';
var buffer = forge.util.createBuffer();
_addStringToBuffer(buffer, type);
_addBigIntegerToBuffer(buffer, key.e);
_addBigIntegerToBuffer(buffer, key.n);
return type + ' ' + forge.util.encode64(buffer.bytes()) + ' ' + comment;
};
/**
* Encodes a private RSA key as an OpenSSH file.
*
* @param key the key.
* @param passphrase a passphrase to protect the key (falsy for no encryption).
*
* @return the public key in OpenSSH format.
*/
ssh.privateKeyToOpenSSH = function(privateKey, passphrase) {
if(!passphrase) {
return forge.pki.privateKeyToPem(privateKey);
}
// OpenSSH private key is just a legacy format, it seems
return forge.pki.encryptRsaPrivateKey(privateKey, passphrase,
{legacy: true, algorithm: 'aes128'});
};
/**
* Gets the SSH fingerprint for the given public key.
*
* @param options the options to use.
* [md] the message digest object to use (defaults to forge.md.md5).
* [encoding] an alternative output encoding, such as 'hex'
* (defaults to none, outputs a byte buffer).
* [delimiter] the delimiter to use between bytes for 'hex' encoded
* output, eg: ':' (defaults to none).
*
* @return the fingerprint as a byte buffer or other encoding based on options.
*/
ssh.getPublicKeyFingerprint = function(key, options) {
options = options || {};
var md = options.md || forge.md.md5.create();
var type = 'ssh-rsa';
var buffer = forge.util.createBuffer();
_addStringToBuffer(buffer, type);
_addBigIntegerToBuffer(buffer, key.e);
_addBigIntegerToBuffer(buffer, key.n);
// hash public key bytes
md.start();
md.update(buffer.getBytes());
var digest = md.digest();
if(options.encoding === 'hex') {
var hex = digest.toHex();
if(options.delimiter) {
return hex.match(/.{2}/g).join(options.delimiter);
}
return hex;
} else if(options.encoding === 'binary') {
return digest.getBytes();
} else if(options.encoding) {
throw new Error('Unknown encoding "' + options.encoding + '".');
}
return digest;
};
/**
* Adds len(val) then val to a buffer.
*
* @param buffer the buffer to add to.
* @param val a big integer.
*/
function _addBigIntegerToBuffer(buffer, val) {
var hexVal = val.toString(16);
// ensure 2s complement +ve
if(hexVal[0] >= '8') {
hexVal = '00' + hexVal;
}
var bytes = forge.util.hexToBytes(hexVal);
buffer.putInt32(bytes.length);
buffer.putBytes(bytes);
}
/**
* Adds len(val) then val to a buffer.
*
* @param buffer the buffer to add to.
* @param val a string.
*/
function _addStringToBuffer(buffer, val) {
buffer.putInt32(val.length);
buffer.putString(val);
}
/**
* Hashes the arguments into one value using SHA-1.
*
* @return the sha1 hash of the provided arguments.
*/
function _sha1() {
var sha = forge.md.sha1.create();
var num = arguments.length;
for (var i = 0; i < num; ++i) {
sha.update(arguments[i]);
}
return sha.digest();
}