123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 |
- // Copyright 2015 Joyent, Inc.
-
- module.exports = {
- Verifier: Verifier,
- Signer: Signer
- };
-
- var nacl;
- var stream = require('stream');
- var util = require('util');
- var assert = require('assert-plus');
- var Buffer = require('safer-buffer').Buffer;
- var Signature = require('./signature');
-
- function Verifier(key, hashAlgo) {
- if (nacl === undefined)
- nacl = require('tweetnacl');
-
- if (hashAlgo.toLowerCase() !== 'sha512')
- throw (new Error('ED25519 only supports the use of ' +
- 'SHA-512 hashes'));
-
- this.key = key;
- this.chunks = [];
-
- stream.Writable.call(this, {});
- }
- util.inherits(Verifier, stream.Writable);
-
- Verifier.prototype._write = function (chunk, enc, cb) {
- this.chunks.push(chunk);
- cb();
- };
-
- Verifier.prototype.update = function (chunk) {
- if (typeof (chunk) === 'string')
- chunk = Buffer.from(chunk, 'binary');
- this.chunks.push(chunk);
- };
-
- Verifier.prototype.verify = function (signature, fmt) {
- var sig;
- if (Signature.isSignature(signature, [2, 0])) {
- if (signature.type !== 'ed25519')
- return (false);
- sig = signature.toBuffer('raw');
-
- } else if (typeof (signature) === 'string') {
- sig = Buffer.from(signature, 'base64');
-
- } else if (Signature.isSignature(signature, [1, 0])) {
- throw (new Error('signature was created by too old ' +
- 'a version of sshpk and cannot be verified'));
- }
-
- assert.buffer(sig);
- return (nacl.sign.detached.verify(
- new Uint8Array(Buffer.concat(this.chunks)),
- new Uint8Array(sig),
- new Uint8Array(this.key.part.A.data)));
- };
-
- function Signer(key, hashAlgo) {
- if (nacl === undefined)
- nacl = require('tweetnacl');
-
- if (hashAlgo.toLowerCase() !== 'sha512')
- throw (new Error('ED25519 only supports the use of ' +
- 'SHA-512 hashes'));
-
- this.key = key;
- this.chunks = [];
-
- stream.Writable.call(this, {});
- }
- util.inherits(Signer, stream.Writable);
-
- Signer.prototype._write = function (chunk, enc, cb) {
- this.chunks.push(chunk);
- cb();
- };
-
- Signer.prototype.update = function (chunk) {
- if (typeof (chunk) === 'string')
- chunk = Buffer.from(chunk, 'binary');
- this.chunks.push(chunk);
- };
-
- Signer.prototype.sign = function () {
- var sig = nacl.sign.detached(
- new Uint8Array(Buffer.concat(this.chunks)),
- new Uint8Array(Buffer.concat([
- this.key.part.k.data, this.key.part.A.data])));
- var sigBuf = Buffer.from(sig);
- var sigObj = Signature.parse(sigBuf, 'ed25519', 'raw');
- sigObj.hashAlgorithm = 'sha512';
- return (sigObj);
- };
|