@electerm/ssh2 0.8.11 → 1.5.0

package/lib/protocol/node-fs-compat.js

@@ -0,0 +1,115 @@
+'use strict';
+
+const assert = require('assert');
+const { inspect } = require('util');
+
+// Only use this for integers! Decimal numbers do not work with this function.
+function addNumericalSeparator(val) {
+  let res = '';
+  let i = val.length;
+  const start = val[0] === '-' ? 1 : 0;
+  for (; i >= start + 4; i -= 3)
+    res = `_${val.slice(i - 3, i)}${res}`;
+  return `${val.slice(0, i)}${res}`;
+}
+
+function oneOf(expected, thing) {
+  assert(typeof thing === 'string', '`thing` has to be of type string');
+  if (Array.isArray(expected)) {
+    const len = expected.length;
+    assert(len > 0, 'At least one expected value needs to be specified');
+    expected = expected.map((i) => String(i));
+    if (len > 2) {
+      return `one of ${thing} ${expected.slice(0, len - 1).join(', ')}, or `
+              + expected[len - 1];
+    } else if (len === 2) {
+      return `one of ${thing} ${expected[0]} or ${expected[1]}`;
+    }
+    return `of ${thing} ${expected[0]}`;
+  }
+  return `of ${thing} ${String(expected)}`;
+}
+
+
+exports.ERR_INTERNAL_ASSERTION = class ERR_INTERNAL_ASSERTION extends Error {
+  constructor(message) {
+    super();
+    Error.captureStackTrace(this, ERR_INTERNAL_ASSERTION);
+
+    const suffix = 'This is caused by either a bug in ssh2 '
+                   + 'or incorrect usage of ssh2 internals.\n'
+                   + 'Please open an issue with this stack trace at '
+                   + 'https://github.com/mscdex/ssh2/issues\n';
+
+    this.message = (message === undefined ? suffix : `${message}\n${suffix}`);
+  }
+};
+
+const MAX_32BIT_INT = 2 ** 32;
+const MAX_32BIT_BIGINT = (() => {
+  try {
+    return new Function('return 2n ** 32n')();
+  } catch {}
+})();
+exports.ERR_OUT_OF_RANGE = class ERR_OUT_OF_RANGE extends RangeError {
+  constructor(str, range, input, replaceDefaultBoolean) {
+    super();
+    Error.captureStackTrace(this, ERR_OUT_OF_RANGE);
+
+    assert(range, 'Missing "range" argument');
+    let msg = (replaceDefaultBoolean
+               ? str
+               : `The value of "${str}" is out of range.`);
+    let received;
+    if (Number.isInteger(input) && Math.abs(input) > MAX_32BIT_INT) {
+      received = addNumericalSeparator(String(input));
+    } else if (typeof input === 'bigint') {
+      received = String(input);
+      if (input > MAX_32BIT_BIGINT || input < -MAX_32BIT_BIGINT)
+        received = addNumericalSeparator(received);
+      received += 'n';
+    } else {
+      received = inspect(input);
+    }
+    msg += ` It must be ${range}. Received ${received}`;
+
+    this.message = msg;
+  }
+};
+
+class ERR_INVALID_ARG_TYPE extends TypeError {
+  constructor(name, expected, actual) {
+    super();
+    Error.captureStackTrace(this, ERR_INVALID_ARG_TYPE);
+
+    assert(typeof name === 'string', `'name' must be a string`);
+
+    // determiner: 'must be' or 'must not be'
+    let determiner;
+    if (typeof expected === 'string' && expected.startsWith('not ')) {
+      determiner = 'must not be';
+      expected = expected.replace(/^not /, '');
+    } else {
+      determiner = 'must be';
+    }
+
+    let msg;
+    if (name.endsWith(' argument')) {
+      // For cases like 'first argument'
+      msg = `The ${name} ${determiner} ${oneOf(expected, 'type')}`;
+    } else {
+      const type = (name.includes('.') ? 'property' : 'argument');
+      msg = `The "${name}" ${type} ${determiner} ${oneOf(expected, 'type')}`;
+    }
+
+    msg += `. Received type ${typeof actual}`;
+
+    this.message = msg;
+  }
+}
+exports.ERR_INVALID_ARG_TYPE = ERR_INVALID_ARG_TYPE;
+
+exports.validateNumber = function validateNumber(value, name) {
+  if (typeof value !== 'number')
+    throw new ERR_INVALID_ARG_TYPE(name, 'number', value);
+};

package/lib/protocol/utils.js

@@ -0,0 +1,356 @@
+'use strict';
+
+const Ber = require('asn1').Ber;
+
+let DISCONNECT_REASON;
+
+const FastBuffer = Buffer[Symbol.species];
+const TypedArrayFill = Object.getPrototypeOf(Uint8Array.prototype).fill;
+
+function readUInt32BE(buf, offset) {
+  return (buf[offset++] * 16777216)
+         + (buf[offset++] * 65536)
+         + (buf[offset++] * 256)
+         + buf[offset];
+}
+
+function bufferCopy(src, dest, srcStart, srcEnd, destStart) {
+  if (!destStart)
+    destStart = 0;
+  if (srcEnd > src.length)
+    srcEnd = src.length;
+  let nb = srcEnd - srcStart;
+  const destLeft = (dest.length - destStart);
+  if (nb > destLeft)
+    nb = destLeft;
+  dest.set(new Uint8Array(src.buffer, src.byteOffset + srcStart, nb),
+           destStart);
+  return nb;
+}
+
+function bufferSlice(buf, start, end) {
+  if (end === undefined)
+    end = buf.length;
+  return new FastBuffer(buf.buffer, buf.byteOffset + start, end - start);
+}
+
+function makeBufferParser() {
+  let pos = 0;
+  let buffer;
+
+  const self = {
+    init: (buf, start) => {
+      buffer = buf;
+      pos = (typeof start === 'number' ? start : 0);
+    },
+    pos: () => pos,
+    length: () => (buffer ? buffer.length : 0),
+    avail: () => (buffer && pos < buffer.length ? buffer.length - pos : 0),
+    clear: () => {
+      buffer = undefined;
+    },
+    readUInt32BE: () => {
+      if (!buffer || pos + 3 >= buffer.length)
+        return;
+      return (buffer[pos++] * 16777216)
+             + (buffer[pos++] * 65536)
+             + (buffer[pos++] * 256)
+             + buffer[pos++];
+    },
+    readUInt64BE: (behavior) => {
+      if (!buffer || pos + 7 >= buffer.length)
+        return;
+      switch (behavior) {
+        case 'always':
+          return BigInt(`0x${buffer.hexSlice(pos, pos += 8)}`);
+        case 'maybe':
+          if (buffer[pos] > 0x1F)
+            return BigInt(`0x${buffer.hexSlice(pos, pos += 8)}`);
+          // FALLTHROUGH
+        default:
+          return (buffer[pos++] * 72057594037927940)
+                 + (buffer[pos++] * 281474976710656)
+                 + (buffer[pos++] * 1099511627776)
+                 + (buffer[pos++] * 4294967296)
+                 + (buffer[pos++] * 16777216)
+                 + (buffer[pos++] * 65536)
+                 + (buffer[pos++] * 256)
+                 + buffer[pos++];
+      }
+    },
+    skip: (n) => {
+      if (buffer && n > 0)
+        pos += n;
+    },
+    skipString: () => {
+      const len = self.readUInt32BE();
+      if (len === undefined)
+        return;
+      pos += len;
+      return (pos <= buffer.length ? len : undefined);
+    },
+    readByte: () => {
+      if (buffer && pos < buffer.length)
+        return buffer[pos++];
+    },
+    readBool: () => {
+      if (buffer && pos < buffer.length)
+        return !!buffer[pos++];
+    },
+    readList: () => {
+      const list = self.readString(true);
+      if (list === undefined)
+        return;
+      return (list ? list.split(',') : []);
+    },
+    readString: (dest, maxLen) => {
+      if (typeof dest === 'number') {
+        maxLen = dest;
+        dest = undefined;
+      }
+
+      const len = self.readUInt32BE();
+      if (len === undefined)
+        return;
+
+      if ((buffer.length - pos) < len
+          || (typeof maxLen === 'number' && len > maxLen)) {
+        return;
+      }
+
+      if (dest) {
+        if (Buffer.isBuffer(dest))
+          return bufferCopy(buffer, dest, pos, pos += len);
+        return buffer.utf8Slice(pos, pos += len);
+      }
+      return bufferSlice(buffer, pos, pos += len);
+    },
+    readRaw: (len) => {
+      if (!buffer)
+        return;
+      if (typeof len !== 'number')
+        return bufferSlice(buffer, pos, pos += (buffer.length - pos));
+      if ((buffer.length - pos) >= len)
+        return bufferSlice(buffer, pos, pos += len);
+    },
+  };
+
+  return self;
+}
+
+function makeError(msg, level, fatal) {
+  const err = new Error(msg);
+  if (typeof level === 'boolean') {
+    fatal = level;
+    err.level = 'protocol';
+  } else {
+    err.level = level || 'protocol';
+  }
+  err.fatal = !!fatal;
+  return err;
+}
+
+function writeUInt32BE(buf, value, offset) {
+  buf[offset++] = (value >>> 24);
+  buf[offset++] = (value >>> 16);
+  buf[offset++] = (value >>> 8);
+  buf[offset++] = value;
+  return offset;
+}
+
+const utilBufferParser = makeBufferParser();
+
+module.exports = {
+  bufferCopy,
+  bufferSlice,
+  FastBuffer,
+  bufferFill: (buf, value, start, end) => {
+    return TypedArrayFill.call(buf, value, start, end);
+  },
+  makeError,
+  doFatalError: (protocol, msg, level, reason) => {
+    let err;
+    if (DISCONNECT_REASON === undefined)
+      ({ DISCONNECT_REASON } = require('./utils.js'));
+    if (msg instanceof Error) {
+      // doFatalError(protocol, err[, reason])
+      err = msg;
+      if (typeof level !== 'number')
+        reason = DISCONNECT_REASON.PROTOCOL_ERROR;
+      else
+        reason = level;
+    } else {
+      // doFatalError(protocol, msg[, level[, reason]])
+      err = makeError(msg, level, true);
+    }
+    if (typeof reason !== 'number')
+      reason = DISCONNECT_REASON.PROTOCOL_ERROR;
+    protocol.disconnect(reason);
+    protocol._destruct();
+    protocol._onError(err);
+    return Infinity;
+  },
+  readUInt32BE,
+  writeUInt32BE,
+  writeUInt32LE: (buf, value, offset) => {
+    buf[offset++] = value;
+    buf[offset++] = (value >>> 8);
+    buf[offset++] = (value >>> 16);
+    buf[offset++] = (value >>> 24);
+    return offset;
+  },
+  makeBufferParser,
+  bufferParser: makeBufferParser(),
+  readString: (buffer, start, dest, maxLen) => {
+    if (typeof dest === 'number') {
+      maxLen = dest;
+      dest = undefined;
+    }
+
+    if (start === undefined)
+      start = 0;
+
+    const left = (buffer.length - start);
+    if (start < 0 || start >= buffer.length || left < 4)
+      return;
+
+    const len = readUInt32BE(buffer, start);
+    if (left < (4 + len) || (typeof maxLen === 'number' && len > maxLen))
+      return;
+
+    start += 4;
+    const end = start + len;
+    buffer._pos = end;
+
+    if (dest) {
+      if (Buffer.isBuffer(dest))
+        return bufferCopy(buffer, dest, start, end);
+      return buffer.utf8Slice(start, end);
+    }
+    return bufferSlice(buffer, start, end);
+  },
+  sigSSHToASN1: (sig, type) => {
+    switch (type) {
+      case 'ssh-dss': {
+        if (sig.length > 40)
+          return sig;
+        // Change bare signature r and s values to ASN.1 BER values for OpenSSL
+        const asnWriter = new Ber.Writer();
+        asnWriter.startSequence();
+        let r = sig.slice(0, 20);
+        let s = sig.slice(20);
+        if (r[0] & 0x80) {
+          const rNew = Buffer.allocUnsafe(21);
+          rNew[0] = 0x00;
+          r.copy(rNew, 1);
+          r = rNew;
+        } else if (r[0] === 0x00 && !(r[1] & 0x80)) {
+          r = r.slice(1);
+        }
+        if (s[0] & 0x80) {
+          const sNew = Buffer.allocUnsafe(21);
+          sNew[0] = 0x00;
+          s.copy(sNew, 1);
+          s = sNew;
+        } else if (s[0] === 0x00 && !(s[1] & 0x80)) {
+          s = s.slice(1);
+        }
+        asnWriter.writeBuffer(r, Ber.Integer);
+        asnWriter.writeBuffer(s, Ber.Integer);
+        asnWriter.endSequence();
+        return asnWriter.buffer;
+      }
+      case 'ecdsa-sha2-nistp256':
+      case 'ecdsa-sha2-nistp384':
+      case 'ecdsa-sha2-nistp521': {
+        utilBufferParser.init(sig, 0);
+        const r = utilBufferParser.readString();
+        const s = utilBufferParser.readString();
+        utilBufferParser.clear();
+        if (r === undefined || s === undefined)
+          return;
+
+        const asnWriter = new Ber.Writer();
+        asnWriter.startSequence();
+        asnWriter.writeBuffer(r, Ber.Integer);
+        asnWriter.writeBuffer(s, Ber.Integer);
+        asnWriter.endSequence();
+        return asnWriter.buffer;
+      }
+      default:
+        return sig;
+    }
+  },
+  convertSignature: (signature, keyType) => {
+    switch (keyType) {
+      case 'ssh-dss': {
+        if (signature.length <= 40)
+          return signature;
+        // This is a quick and dirty way to get from BER encoded r and s that
+        // OpenSSL gives us, to just the bare values back to back (40 bytes
+        // total) like OpenSSH (and possibly others) are expecting
+        const asnReader = new Ber.Reader(signature);
+        asnReader.readSequence();
+        let r = asnReader.readString(Ber.Integer, true);
+        let s = asnReader.readString(Ber.Integer, true);
+        let rOffset = 0;
+        let sOffset = 0;
+        if (r.length < 20) {
+          const rNew = Buffer.allocUnsafe(20);
+          rNew.set(r, 1);
+          r = rNew;
+          r[0] = 0;
+        }
+        if (s.length < 20) {
+          const sNew = Buffer.allocUnsafe(20);
+          sNew.set(s, 1);
+          s = sNew;
+          s[0] = 0;
+        }
+        if (r.length > 20 && r[0] === 0)
+          rOffset = 1;
+        if (s.length > 20 && s[0] === 0)
+          sOffset = 1;
+        const newSig =
+          Buffer.allocUnsafe((r.length - rOffset) + (s.length - sOffset));
+        bufferCopy(r, newSig, rOffset, r.length, 0);
+        bufferCopy(s, newSig, sOffset, s.length, r.length - rOffset);
+        return newSig;
+      }
+      case 'ecdsa-sha2-nistp256':
+      case 'ecdsa-sha2-nistp384':
+      case 'ecdsa-sha2-nistp521': {
+        if (signature[0] === 0)
+          return signature;
+        // Convert SSH signature parameters to ASN.1 BER values for OpenSSL
+        const asnReader = new Ber.Reader(signature);
+        asnReader.readSequence();
+        const r = asnReader.readString(Ber.Integer, true);
+        const s = asnReader.readString(Ber.Integer, true);
+        if (r === null || s === null)
+          return;
+        const newSig = Buffer.allocUnsafe(4 + r.length + 4 + s.length);
+        writeUInt32BE(newSig, r.length, 0);
+        newSig.set(r, 4);
+        writeUInt32BE(newSig, s.length, 4 + r.length);
+        newSig.set(s, 4 + 4 + r.length);
+        return newSig;
+      }
+    }
+
+    return signature;
+  },
+  sendPacket: (proto, packet, bypass) => {
+    if (!bypass && proto._kexinit !== undefined) {
+      // We're currently in the middle of a handshake
+
+      if (proto._queue === undefined)
+        proto._queue = [];
+      proto._queue.push(packet);
+      proto._debug && proto._debug('Outbound: ... packet queued');
+      return false;
+    }
+    proto._cipher.encrypt(packet);
+    return true;
+  },
+};