|
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 |
- // Copyright 2015 Joyent, Inc.
-
- module.exports = {
- Verifier: Verifier,
- Signer: Signer
- };
-
- var nacl = require('tweetnacl');
- var stream = require('stream');
- var util = require('util');
- var assert = require('assert-plus');
- var Buffer = require('safer-buffer').Buffer;
- var Signature = require('./signature');
-
- function Verifier(key, hashAlgo) {
- if (hashAlgo.toLowerCase() !== 'sha512')
- throw (new Error('ED25519 only supports the use of ' +
- 'SHA-512 hashes'));
-
- this.key = key;
- this.chunks = [];
-
- stream.Writable.call(this, {});
- }
- util.inherits(Verifier, stream.Writable);
-
- Verifier.prototype._write = function (chunk, enc, cb) {
- this.chunks.push(chunk);
- cb();
- };
-
- Verifier.prototype.update = function (chunk) {
- if (typeof (chunk) === 'string')
- chunk = Buffer.from(chunk, 'binary');
- this.chunks.push(chunk);
- };
-
- Verifier.prototype.verify = function (signature, fmt) {
- var sig;
- if (Signature.isSignature(signature, [2, 0])) {
- if (signature.type !== 'ed25519')
- return (false);
- sig = signature.toBuffer('raw');
-
- } else if (typeof (signature) === 'string') {
- sig = Buffer.from(signature, 'base64');
-
- } else if (Signature.isSignature(signature, [1, 0])) {
- throw (new Error('signature was created by too old ' +
- 'a version of sshpk and cannot be verified'));
- }
-
- assert.buffer(sig);
- return (nacl.sign.detached.verify(
- new Uint8Array(Buffer.concat(this.chunks)),
- new Uint8Array(sig),
- new Uint8Array(this.key.part.A.data)));
- };
-
- function Signer(key, hashAlgo) {
- if (hashAlgo.toLowerCase() !== 'sha512')
- throw (new Error('ED25519 only supports the use of ' +
- 'SHA-512 hashes'));
-
- this.key = key;
- this.chunks = [];
-
- stream.Writable.call(this, {});
- }
- util.inherits(Signer, stream.Writable);
-
- Signer.prototype._write = function (chunk, enc, cb) {
- this.chunks.push(chunk);
- cb();
- };
-
- Signer.prototype.update = function (chunk) {
- if (typeof (chunk) === 'string')
- chunk = Buffer.from(chunk, 'binary');
- this.chunks.push(chunk);
- };
-
- Signer.prototype.sign = function () {
- var sig = nacl.sign.detached(
- new Uint8Array(Buffer.concat(this.chunks)),
- new Uint8Array(Buffer.concat([
- this.key.part.k.data, this.key.part.A.data])));
- var sigBuf = Buffer.from(sig);
- var sigObj = Signature.parse(sigBuf, 'ed25519', 'raw');
- sigObj.hashAlgorithm = 'sha512';
- return (sigObj);
- };
|