Skip to content

Commit 99a817e

Browse files
fyacfyac
committed
lib: fix Huawei switch signature verification failed.
1 parent 844f1ed commit 99a817e

File tree

2 files changed

+25
-23
lines changed

2 files changed

+25
-23
lines changed

lib/protocol/kex.js

Lines changed: 1 addition & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@ const {
3939
FastBuffer,
4040
sigSSHToASN1,
4141
writeUInt32BE,
42+
convertToMpint,
4243
} = require('./utils.js');
4344
const {
4445
PacketReader,
@@ -511,27 +512,6 @@ function handleKexInit(self, payload) {
511512
}
512513

513514
const createKeyExchange = (() => {
514-
function convertToMpint(buf) {
515-
let idx = 0;
516-
let length = buf.length;
517-
while (buf[idx] === 0x00) {
518-
++idx;
519-
--length;
520-
}
521-
let newBuf;
522-
if (buf[idx] & 0x80) {
523-
newBuf = Buffer.allocUnsafe(1 + length);
524-
newBuf[0] = 0;
525-
buf.copy(newBuf, 1, idx);
526-
buf = newBuf;
527-
} else if (length !== buf.length) {
528-
newBuf = Buffer.allocUnsafe(length);
529-
buf.copy(newBuf, 0, idx);
530-
buf = newBuf;
531-
}
532-
return buf;
533-
}
534-
535515
class KeyExchange {
536516
constructor(negotiated, protocol, remoteKexinit) {
537517
this._protocol = protocol;

lib/protocol/utils.js

Lines changed: 24 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,27 @@ function readUInt32BE(buf, offset) {
1414
+ buf[offset];
1515
}
1616

17+
function convertToMpint(buf) {
18+
let idx = 0;
19+
let length = buf.length;
20+
while (buf[idx] === 0x00) {
21+
++idx;
22+
--length;
23+
}
24+
let newBuf;
25+
if (buf[idx] & 0x80) {
26+
newBuf = Buffer.allocUnsafe(1 + length);
27+
newBuf[0] = 0;
28+
buf.copy(newBuf, 1, idx);
29+
buf = newBuf;
30+
} else if (length !== buf.length) {
31+
newBuf = Buffer.allocUnsafe(length);
32+
buf.copy(newBuf, 0, idx);
33+
buf = newBuf;
34+
}
35+
return buf;
36+
}
37+
1738
function bufferCopy(src, dest, srcStart, srcEnd, destStart) {
1839
if (!destStart)
1940
destStart = 0;
@@ -163,6 +184,7 @@ const utilBufferParser = makeBufferParser();
163184
module.exports = {
164185
bufferCopy,
165186
bufferSlice,
187+
convertToMpint,
166188
FastBuffer,
167189
bufferFill: (buf, value, start, end) => {
168190
return TypedArrayFill.call(buf, value, start, end);
@@ -291,8 +313,8 @@ module.exports = {
291313
// total) like OpenSSH (and possibly others) are expecting
292314
const asnReader = new Ber.Reader(signature);
293315
asnReader.readSequence();
294-
let r = asnReader.readString(Ber.Integer, true);
295-
let s = asnReader.readString(Ber.Integer, true);
316+
let r = convertToMpint(asnReader.readString(Ber.Integer, true));
317+
let s = convertToMpint(asnReader.readString(Ber.Integer, true));
296318
let rOffset = 0;
297319
let sOffset = 0;
298320
if (r.length < 20) {

0 commit comments

Comments
 (0)