Permalink
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
codeql-action/node_modules/sshpk/lib/dhe.js
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
397 lines (338 sloc)
10.4 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Copyright 2017 Joyent, Inc. | |
| module.exports = { | |
| DiffieHellman: DiffieHellman, | |
| generateECDSA: generateECDSA, | |
| generateED25519: generateED25519 | |
| }; | |
| var assert = require('assert-plus'); | |
| var crypto = require('crypto'); | |
| var Buffer = require('safer-buffer').Buffer; | |
| var algs = require('./algs'); | |
| var utils = require('./utils'); | |
| var nacl = require('tweetnacl'); | |
| var Key = require('./key'); | |
| var PrivateKey = require('./private-key'); | |
| var CRYPTO_HAVE_ECDH = (crypto.createECDH !== undefined); | |
| var ecdh = require('ecc-jsbn'); | |
| var ec = require('ecc-jsbn/lib/ec'); | |
| var jsbn = require('jsbn').BigInteger; | |
| function DiffieHellman(key) { | |
| utils.assertCompatible(key, Key, [1, 4], 'key'); | |
| this._isPriv = PrivateKey.isPrivateKey(key, [1, 3]); | |
| this._algo = key.type; | |
| this._curve = key.curve; | |
| this._key = key; | |
| if (key.type === 'dsa') { | |
| if (!CRYPTO_HAVE_ECDH) { | |
| throw (new Error('Due to bugs in the node 0.10 ' + | |
| 'crypto API, node 0.12.x or later is required ' + | |
| 'to use DH')); | |
| } | |
| this._dh = crypto.createDiffieHellman( | |
| key.part.p.data, undefined, | |
| key.part.g.data, undefined); | |
| this._p = key.part.p; | |
| this._g = key.part.g; | |
| if (this._isPriv) | |
| this._dh.setPrivateKey(key.part.x.data); | |
| this._dh.setPublicKey(key.part.y.data); | |
| } else if (key.type === 'ecdsa') { | |
| if (!CRYPTO_HAVE_ECDH) { | |
| this._ecParams = new X9ECParameters(this._curve); | |
| if (this._isPriv) { | |
| this._priv = new ECPrivate( | |
| this._ecParams, key.part.d.data); | |
| } | |
| return; | |
| } | |
| var curve = { | |
| 'nistp256': 'prime256v1', | |
| 'nistp384': 'secp384r1', | |
| 'nistp521': 'secp521r1' | |
| }[key.curve]; | |
| this._dh = crypto.createECDH(curve); | |
| if (typeof (this._dh) !== 'object' || | |
| typeof (this._dh.setPrivateKey) !== 'function') { | |
| CRYPTO_HAVE_ECDH = false; | |
| DiffieHellman.call(this, key); | |
| return; | |
| } | |
| if (this._isPriv) | |
| this._dh.setPrivateKey(key.part.d.data); | |
| this._dh.setPublicKey(key.part.Q.data); | |
| } else if (key.type === 'curve25519') { | |
| if (this._isPriv) { | |
| utils.assertCompatible(key, PrivateKey, [1, 5], 'key'); | |
| this._priv = key.part.k.data; | |
| } | |
| } else { | |
| throw (new Error('DH not supported for ' + key.type + ' keys')); | |
| } | |
| } | |
| DiffieHellman.prototype.getPublicKey = function () { | |
| if (this._isPriv) | |
| return (this._key.toPublic()); | |
| return (this._key); | |
| }; | |
| DiffieHellman.prototype.getPrivateKey = function () { | |
| if (this._isPriv) | |
| return (this._key); | |
| else | |
| return (undefined); | |
| }; | |
| DiffieHellman.prototype.getKey = DiffieHellman.prototype.getPrivateKey; | |
| DiffieHellman.prototype._keyCheck = function (pk, isPub) { | |
| assert.object(pk, 'key'); | |
| if (!isPub) | |
| utils.assertCompatible(pk, PrivateKey, [1, 3], 'key'); | |
| utils.assertCompatible(pk, Key, [1, 4], 'key'); | |
| if (pk.type !== this._algo) { | |
| throw (new Error('A ' + pk.type + ' key cannot be used in ' + | |
| this._algo + ' Diffie-Hellman')); | |
| } | |
| if (pk.curve !== this._curve) { | |
| throw (new Error('A key from the ' + pk.curve + ' curve ' + | |
| 'cannot be used with a ' + this._curve + | |
| ' Diffie-Hellman')); | |
| } | |
| if (pk.type === 'dsa') { | |
| assert.deepEqual(pk.part.p, this._p, | |
| 'DSA key prime does not match'); | |
| assert.deepEqual(pk.part.g, this._g, | |
| 'DSA key generator does not match'); | |
| } | |
| }; | |
| DiffieHellman.prototype.setKey = function (pk) { | |
| this._keyCheck(pk); | |
| if (pk.type === 'dsa') { | |
| this._dh.setPrivateKey(pk.part.x.data); | |
| this._dh.setPublicKey(pk.part.y.data); | |
| } else if (pk.type === 'ecdsa') { | |
| if (CRYPTO_HAVE_ECDH) { | |
| this._dh.setPrivateKey(pk.part.d.data); | |
| this._dh.setPublicKey(pk.part.Q.data); | |
| } else { | |
| this._priv = new ECPrivate( | |
| this._ecParams, pk.part.d.data); | |
| } | |
| } else if (pk.type === 'curve25519') { | |
| var k = pk.part.k; | |
| if (!pk.part.k) | |
| k = pk.part.r; | |
| this._priv = k.data; | |
| if (this._priv[0] === 0x00) | |
| this._priv = this._priv.slice(1); | |
| this._priv = this._priv.slice(0, 32); | |
| } | |
| this._key = pk; | |
| this._isPriv = true; | |
| }; | |
| DiffieHellman.prototype.setPrivateKey = DiffieHellman.prototype.setKey; | |
| DiffieHellman.prototype.computeSecret = function (otherpk) { | |
| this._keyCheck(otherpk, true); | |
| if (!this._isPriv) | |
| throw (new Error('DH exchange has not been initialized with ' + | |
| 'a private key yet')); | |
| var pub; | |
| if (this._algo === 'dsa') { | |
| return (this._dh.computeSecret( | |
| otherpk.part.y.data)); | |
| } else if (this._algo === 'ecdsa') { | |
| if (CRYPTO_HAVE_ECDH) { | |
| return (this._dh.computeSecret( | |
| otherpk.part.Q.data)); | |
| } else { | |
| pub = new ECPublic( | |
| this._ecParams, otherpk.part.Q.data); | |
| return (this._priv.deriveSharedSecret(pub)); | |
| } | |
| } else if (this._algo === 'curve25519') { | |
| pub = otherpk.part.A.data; | |
| while (pub[0] === 0x00 && pub.length > 32) | |
| pub = pub.slice(1); | |
| var priv = this._priv; | |
| assert.strictEqual(pub.length, 32); | |
| assert.strictEqual(priv.length, 32); | |
| var secret = nacl.box.before(new Uint8Array(pub), | |
| new Uint8Array(priv)); | |
| return (Buffer.from(secret)); | |
| } | |
| throw (new Error('Invalid algorithm: ' + this._algo)); | |
| }; | |
| DiffieHellman.prototype.generateKey = function () { | |
| var parts = []; | |
| var priv, pub; | |
| if (this._algo === 'dsa') { | |
| this._dh.generateKeys(); | |
| parts.push({name: 'p', data: this._p.data}); | |
| parts.push({name: 'q', data: this._key.part.q.data}); | |
| parts.push({name: 'g', data: this._g.data}); | |
| parts.push({name: 'y', data: this._dh.getPublicKey()}); | |
| parts.push({name: 'x', data: this._dh.getPrivateKey()}); | |
| this._key = new PrivateKey({ | |
| type: 'dsa', | |
| parts: parts | |
| }); | |
| this._isPriv = true; | |
| return (this._key); | |
| } else if (this._algo === 'ecdsa') { | |
| if (CRYPTO_HAVE_ECDH) { | |
| this._dh.generateKeys(); | |
| parts.push({name: 'curve', | |
| data: Buffer.from(this._curve)}); | |
| parts.push({name: 'Q', data: this._dh.getPublicKey()}); | |
| parts.push({name: 'd', data: this._dh.getPrivateKey()}); | |
| this._key = new PrivateKey({ | |
| type: 'ecdsa', | |
| curve: this._curve, | |
| parts: parts | |
| }); | |
| this._isPriv = true; | |
| return (this._key); | |
| } else { | |
| var n = this._ecParams.getN(); | |
| var r = new jsbn(crypto.randomBytes(n.bitLength())); | |
| var n1 = n.subtract(jsbn.ONE); | |
| priv = r.mod(n1).add(jsbn.ONE); | |
| pub = this._ecParams.getG().multiply(priv); | |
| priv = Buffer.from(priv.toByteArray()); | |
| pub = Buffer.from(this._ecParams.getCurve(). | |
| encodePointHex(pub), 'hex'); | |
| this._priv = new ECPrivate(this._ecParams, priv); | |
| parts.push({name: 'curve', | |
| data: Buffer.from(this._curve)}); | |
| parts.push({name: 'Q', data: pub}); | |
| parts.push({name: 'd', data: priv}); | |
| this._key = new PrivateKey({ | |
| type: 'ecdsa', | |
| curve: this._curve, | |
| parts: parts | |
| }); | |
| this._isPriv = true; | |
| return (this._key); | |
| } | |
| } else if (this._algo === 'curve25519') { | |
| var pair = nacl.box.keyPair(); | |
| priv = Buffer.from(pair.secretKey); | |
| pub = Buffer.from(pair.publicKey); | |
| priv = Buffer.concat([priv, pub]); | |
| assert.strictEqual(priv.length, 64); | |
| assert.strictEqual(pub.length, 32); | |
| parts.push({name: 'A', data: pub}); | |
| parts.push({name: 'k', data: priv}); | |
| this._key = new PrivateKey({ | |
| type: 'curve25519', | |
| parts: parts | |
| }); | |
| this._isPriv = true; | |
| return (this._key); | |
| } | |
| throw (new Error('Invalid algorithm: ' + this._algo)); | |
| }; | |
| DiffieHellman.prototype.generateKeys = DiffieHellman.prototype.generateKey; | |
| /* These are helpers for using ecc-jsbn (for node 0.10 compatibility). */ | |
| function X9ECParameters(name) { | |
| var params = algs.curves[name]; | |
| assert.object(params); | |
| var p = new jsbn(params.p); | |
| var a = new jsbn(params.a); | |
| var b = new jsbn(params.b); | |
| var n = new jsbn(params.n); | |
| var h = jsbn.ONE; | |
| var curve = new ec.ECCurveFp(p, a, b); | |
| var G = curve.decodePointHex(params.G.toString('hex')); | |
| this.curve = curve; | |
| this.g = G; | |
| this.n = n; | |
| this.h = h; | |
| } | |
| X9ECParameters.prototype.getCurve = function () { return (this.curve); }; | |
| X9ECParameters.prototype.getG = function () { return (this.g); }; | |
| X9ECParameters.prototype.getN = function () { return (this.n); }; | |
| X9ECParameters.prototype.getH = function () { return (this.h); }; | |
| function ECPublic(params, buffer) { | |
| this._params = params; | |
| if (buffer[0] === 0x00) | |
| buffer = buffer.slice(1); | |
| this._pub = params.getCurve().decodePointHex(buffer.toString('hex')); | |
| } | |
| function ECPrivate(params, buffer) { | |
| this._params = params; | |
| this._priv = new jsbn(utils.mpNormalize(buffer)); | |
| } | |
| ECPrivate.prototype.deriveSharedSecret = function (pubKey) { | |
| assert.ok(pubKey instanceof ECPublic); | |
| var S = pubKey._pub.multiply(this._priv); | |
| return (Buffer.from(S.getX().toBigInteger().toByteArray())); | |
| }; | |
| function generateED25519() { | |
| var pair = nacl.sign.keyPair(); | |
| var priv = Buffer.from(pair.secretKey); | |
| var pub = Buffer.from(pair.publicKey); | |
| assert.strictEqual(priv.length, 64); | |
| assert.strictEqual(pub.length, 32); | |
| var parts = []; | |
| parts.push({name: 'A', data: pub}); | |
| parts.push({name: 'k', data: priv.slice(0, 32)}); | |
| var key = new PrivateKey({ | |
| type: 'ed25519', | |
| parts: parts | |
| }); | |
| return (key); | |
| } | |
| /* Generates a new ECDSA private key on a given curve. */ | |
| function generateECDSA(curve) { | |
| var parts = []; | |
| var key; | |
| if (CRYPTO_HAVE_ECDH) { | |
| /* | |
| * Node crypto doesn't expose key generation directly, but the | |
| * ECDH instances can generate keys. It turns out this just | |
| * calls into the OpenSSL generic key generator, and we can | |
| * read its output happily without doing an actual DH. So we | |
| * use that here. | |
| */ | |
| var osCurve = { | |
| 'nistp256': 'prime256v1', | |
| 'nistp384': 'secp384r1', | |
| 'nistp521': 'secp521r1' | |
| }[curve]; | |
| var dh = crypto.createECDH(osCurve); | |
| dh.generateKeys(); | |
| parts.push({name: 'curve', | |
| data: Buffer.from(curve)}); | |
| parts.push({name: 'Q', data: dh.getPublicKey()}); | |
| parts.push({name: 'd', data: dh.getPrivateKey()}); | |
| key = new PrivateKey({ | |
| type: 'ecdsa', | |
| curve: curve, | |
| parts: parts | |
| }); | |
| return (key); | |
| } else { | |
| var ecParams = new X9ECParameters(curve); | |
| /* This algorithm taken from FIPS PUB 186-4 (section B.4.1) */ | |
| var n = ecParams.getN(); | |
| /* | |
| * The crypto.randomBytes() function can only give us whole | |
| * bytes, so taking a nod from X9.62, we round up. | |
| */ | |
| var cByteLen = Math.ceil((n.bitLength() + 64) / 8); | |
| var c = new jsbn(crypto.randomBytes(cByteLen)); | |
| var n1 = n.subtract(jsbn.ONE); | |
| var priv = c.mod(n1).add(jsbn.ONE); | |
| var pub = ecParams.getG().multiply(priv); | |
| priv = Buffer.from(priv.toByteArray()); | |
| pub = Buffer.from(ecParams.getCurve(). | |
| encodePointHex(pub), 'hex'); | |
| parts.push({name: 'curve', data: Buffer.from(curve)}); | |
| parts.push({name: 'Q', data: pub}); | |
| parts.push({name: 'd', data: priv}); | |
| key = new PrivateKey({ | |
| type: 'ecdsa', | |
| curve: curve, | |
| parts: parts | |
| }); | |
| return (key); | |
| } | |
| } |