diff options
Diffstat (limited to 'node_modules/sshpk/lib/fingerprint.js')
-rw-r--r-- | node_modules/sshpk/lib/fingerprint.js | 80 |
1 files changed, 69 insertions, 11 deletions
diff --git a/node_modules/sshpk/lib/fingerprint.js b/node_modules/sshpk/lib/fingerprint.js index 4e75e6667..0004b376e 100644 --- a/node_modules/sshpk/lib/fingerprint.js +++ b/node_modules/sshpk/lib/fingerprint.js @@ -1,4 +1,4 @@ -// Copyright 2015 Joyent, Inc. +// Copyright 2018 Joyent, Inc. module.exports = Fingerprint; @@ -8,6 +8,7 @@ var algs = require('./algs'); var crypto = require('crypto'); var errs = require('./errors'); var Key = require('./key'); +var PrivateKey = require('./private-key'); var Certificate = require('./certificate'); var utils = require('./utils'); @@ -26,11 +27,12 @@ function Fingerprint(opts) { this.hash = opts.hash; this.type = opts.type; + this.hashType = opts.hashType; } Fingerprint.prototype.toString = function (format) { if (format === undefined) { - if (this.algorithm === 'md5') + if (this.algorithm === 'md5' || this.hashType === 'spki') format = 'hex'; else format = 'base64'; @@ -39,8 +41,12 @@ Fingerprint.prototype.toString = function (format) { switch (format) { case 'hex': + if (this.hashType === 'spki') + return (this.hash.toString('hex')); return (addColons(this.hash.toString('hex'))); case 'base64': + if (this.hashType === 'spki') + return (this.hash.toString('base64')); return (sshBase64Format(this.algorithm, this.hash.toString('base64'))); default: @@ -50,14 +56,20 @@ Fingerprint.prototype.toString = function (format) { Fingerprint.prototype.matches = function (other) { assert.object(other, 'key or certificate'); - if (this.type === 'key') { + if (this.type === 'key' && this.hashType !== 'ssh') { + utils.assertCompatible(other, Key, [1, 7], 'key with spki'); + if (PrivateKey.isPrivateKey(other)) { + utils.assertCompatible(other, PrivateKey, [1, 6], + 'privatekey with spki support'); + } + } else if (this.type === 'key') { utils.assertCompatible(other, Key, [1, 0], 'key'); } else { utils.assertCompatible(other, Certificate, [1, 0], 'certificate'); } - var theirHash = other.hash(this.algorithm); + var theirHash = other.hash(this.algorithm, this.hashType); var theirHash2 = crypto.createHash(this.algorithm). update(theirHash).digest('base64'); @@ -68,6 +80,11 @@ Fingerprint.prototype.matches = function (other) { return (this.hash2 === theirHash2); }; +/*JSSTYLED*/ +var base64RE = /^[A-Za-z0-9+\/=]+$/; +/*JSSTYLED*/ +var hexRE = /^[a-fA-F0-9]+$/; + Fingerprint.parse = function (fp, options) { assert.string(fp, 'fingerprint'); @@ -81,13 +98,18 @@ Fingerprint.parse = function (fp, options) { options = {}; if (options.enAlgs !== undefined) enAlgs = options.enAlgs; + if (options.algorithms !== undefined) + enAlgs = options.algorithms; assert.optionalArrayOfString(enAlgs, 'algorithms'); + var hashType = 'ssh'; + if (options.hashType !== undefined) + hashType = options.hashType; + assert.string(hashType, 'options.hashType'); + var parts = fp.split(':'); if (parts.length == 2) { alg = parts[0].toLowerCase(); - /*JSSTYLED*/ - var base64RE = /^[A-Za-z0-9+\/=]+$/; if (!base64RE.test(parts[1])) throw (new FingerprintFormatError(fp)); try { @@ -99,16 +121,50 @@ Fingerprint.parse = function (fp, options) { alg = 'md5'; if (parts[0].toLowerCase() === 'md5') parts = parts.slice(1); + parts = parts.map(function (p) { + while (p.length < 2) + p = '0' + p; + if (p.length > 2) + throw (new FingerprintFormatError(fp)); + return (p); + }); parts = parts.join(''); - /*JSSTYLED*/ - var md5RE = /^[a-fA-F0-9]+$/; - if (!md5RE.test(parts)) + if (!hexRE.test(parts) || parts.length % 2 !== 0) throw (new FingerprintFormatError(fp)); try { hash = Buffer.from(parts, 'hex'); } catch (e) { throw (new FingerprintFormatError(fp)); } + } else { + if (hexRE.test(fp)) { + hash = Buffer.from(fp, 'hex'); + } else if (base64RE.test(fp)) { + hash = Buffer.from(fp, 'base64'); + } else { + throw (new FingerprintFormatError(fp)); + } + + switch (hash.length) { + case 32: + alg = 'sha256'; + break; + case 16: + alg = 'md5'; + break; + case 20: + alg = 'sha1'; + break; + case 64: + alg = 'sha512'; + break; + default: + throw (new FingerprintFormatError(fp)); + } + + /* Plain hex/base64: guess it's probably SPKI unless told. */ + if (options.hashType === undefined) + hashType = 'spki'; } if (alg === undefined) @@ -126,7 +182,8 @@ Fingerprint.parse = function (fp, options) { return (new Fingerprint({ algorithm: alg, hash: hash, - type: options.type || 'key' + type: options.type || 'key', + hashType: hashType })); }; @@ -152,8 +209,9 @@ Fingerprint.isFingerprint = function (obj, ver) { * API versions for Fingerprint: * [1,0] -- initial ver * [1,1] -- first tagged ver + * [1,2] -- hashType and spki support */ -Fingerprint.prototype._sshpkApiVersion = [1, 1]; +Fingerprint.prototype._sshpkApiVersion = [1, 2]; Fingerprint._oldVersionDetect = function (obj) { assert.func(obj.toString); |