lib,test: update code for modern node versions

* Replace `new Buffer()`
* Replace Buffer read and write integer methods with custom functions
  because offset and value assertions will be forced in a future major
  version of node

.travis.yml

@@ -4,11 +4,10 @@ notifications:
   email: false
 env:
   matrix:
-  - TRAVIS_NODE_VERSION="0.10"
-  - TRAVIS_NODE_VERSION="0.12"
   - TRAVIS_NODE_VERSION="4"
   - TRAVIS_NODE_VERSION="6"
-  - TRAVIS_NODE_VERSION="7"
+  - TRAVIS_NODE_VERSION="8"
+  - TRAVIS_NODE_VERSION="9"
 install:
   - rm -rf ~/.nvm && git clone https://github.com/creationix/nvm.git ~/.nvm && source ~/.nvm/nvm.sh && nvm install $TRAVIS_NODE_VERSION
   - node --version

README.md

@@ -9,7 +9,7 @@ SSH2 and SFTP(v3) client/server protocol streams for [node.js](http://nodejs.org
 Requirements
 ============
 
-* [node.js](http://nodejs.org/) -- v0.10 or newer
+* [node.js](http://nodejs.org/) -- v4.5.0 or newer
 
 
 Install

lib/buffer-helpers.js

@@ -0,0 +1,22 @@
+module.exports = {
+  readUInt32BE: function readUInt32BE(buf, offset) {
+    return buf[offset++] * 16777216
+           + buf[offset++] * 65536
+           + buf[offset++] * 256
+           + buf[offset];
+  },
+  writeUInt32BE: function writeUInt32BE(buf, value, offset) {
+    buf[offset++] = (value >>> 24);
+    buf[offset++] = (value >>> 16);
+    buf[offset++] = (value >>> 8);
+    buf[offset++] = value;
+    return offset;
+  },
+  writeUInt32LE: function writeUInt32LE(buf, value, offset) {
+    buf[offset++] = value;
+    buf[offset++] = (value >>> 8);
+    buf[offset++] = (value >>> 16);
+    buf[offset++] = (value >>> 24);
+    return offset;
+  }
+};

lib/constants.js

@@ -191,29 +191,23 @@ exports.SIGNALS = ['ABRT', 'ALRM', 'FPE', 'HUP', 'ILL', 'INT',
                    'PIPE'];
 
 var DEFAULT_KEX = [
+  // https://tools.ietf.org/html/rfc5656#section-10.1
+  'ecdh-sha2-nistp256',
+  'ecdh-sha2-nistp384',
+  'ecdh-sha2-nistp521',
+
+  // https://tools.ietf.org/html/rfc4419#section-4
+  'diffie-hellman-group-exchange-sha256',
+
   'diffie-hellman-group14-sha1' // REQUIRED
 ];
 var SUPPORTED_KEX = [
+  // https://tools.ietf.org/html/rfc4419#section-4
+  'diffie-hellman-group-exchange-sha1',
+
   'diffie-hellman-group1-sha1'  // REQUIRED
 ];
-if (semver.gte(process.version, '0.11.12')) {
-  // https://tools.ietf.org/html/rfc4419#section-4
-  DEFAULT_KEX = [
-    'diffie-hellman-group-exchange-sha256'
-  ].concat(DEFAULT_KEX);
-  SUPPORTED_KEX = [
-    'diffie-hellman-group-exchange-sha1'
-  ].concat(SUPPORTED_KEX);
-}
-if (semver.gte(process.version, '0.11.14')) {
-  // https://tools.ietf.org/html/rfc5656#section-10.1
-  DEFAULT_KEX = [
-    'ecdh-sha2-nistp256',
-    'ecdh-sha2-nistp384',
-    'ecdh-sha2-nistp521'
-  ].concat(DEFAULT_KEX);
-}
-var KEX_BUF = new Buffer(DEFAULT_KEX.join(','), 'ascii');
+var KEX_BUF = Buffer.from(DEFAULT_KEX.join(','), 'ascii');
 SUPPORTED_KEX = DEFAULT_KEX.concat(SUPPORTED_KEX);
 
 var DEFAULT_SERVER_HOST_KEY = [
@@ -232,13 +226,24 @@ if (semver.gte(process.version, '5.2.0')) {
     'ecdsa-sha2-nistp521'
   );
 }
-var SERVER_HOST_KEY_BUF = new Buffer(DEFAULT_SERVER_HOST_KEY.join(','),
-                                     'ascii');
+var SERVER_HOST_KEY_BUF = Buffer.from(DEFAULT_SERVER_HOST_KEY.join(','),
+                                      'ascii');
 SUPPORTED_SERVER_HOST_KEY = DEFAULT_SERVER_HOST_KEY.concat(
   SUPPORTED_SERVER_HOST_KEY
 );
 
-var DEFAULT_CIPHER = [];
+var DEFAULT_CIPHER = [
+  // http://tools.ietf.org/html/rfc4344#section-4
+  'aes128-ctr',
+  'aes192-ctr',
+  'aes256-ctr',
+
+  // http://tools.ietf.org/html/rfc5647
+  'aes128-gcm',
+  '[email protected]',
+  'aes256-gcm',
+  '[email protected]'
+];
 var SUPPORTED_CIPHER = [
   'aes256-cbc',
   'aes192-cbc',
@@ -253,24 +258,7 @@ var SUPPORTED_CIPHER = [
   'cast128-cbc',
   'arcfour'
 ];
-if (semver.gte(process.version, '0.11.12')) {
-  // node v0.11.12 introduced support for setting AAD, which is needed for
-  // AES-GCM in SSH2
-  DEFAULT_CIPHER = [
-    // http://tools.ietf.org/html/rfc5647
-    'aes128-gcm',
-    '[email protected]',
-    'aes256-gcm',
-    '[email protected]'
-  ].concat(DEFAULT_CIPHER);
-}
-DEFAULT_CIPHER = [
-  // http://tools.ietf.org/html/rfc4344#section-4
-  'aes128-ctr',
-  'aes192-ctr',
-  'aes256-ctr'
-].concat(DEFAULT_CIPHER);
-var CIPHER_BUF = new Buffer(DEFAULT_CIPHER.join(','), 'ascii');
+var CIPHER_BUF = Buffer.from(DEFAULT_CIPHER.join(','), 'ascii');
 SUPPORTED_CIPHER = DEFAULT_CIPHER.concat(SUPPORTED_CIPHER);
 
 var DEFAULT_HMAC = [
@@ -286,7 +274,7 @@ var SUPPORTED_HMAC = [
   'hmac-sha1-96',     // first 96 bits of HMAC-SHA1
   'hmac-md5-96'       // first 96 bits of HMAC-MD5
 ];
-var HMAC_BUF = new Buffer(DEFAULT_HMAC.join(','), 'ascii');
+var HMAC_BUF = Buffer.from(DEFAULT_HMAC.join(','), 'ascii');
 SUPPORTED_HMAC = DEFAULT_HMAC.concat(SUPPORTED_HMAC);
 
 var DEFAULT_COMPRESS = [
@@ -297,7 +285,7 @@ var DEFAULT_COMPRESS = [
   'zlib'              // ZLIB (LZ77) compression
 ];
 var SUPPORTED_COMPRESS = [];
-var COMPRESS_BUF = new Buffer(DEFAULT_COMPRESS.join(','), 'ascii');
+var COMPRESS_BUF = Buffer.from(DEFAULT_COMPRESS.join(','), 'ascii');
 SUPPORTED_COMPRESS = DEFAULT_COMPRESS.concat(SUPPORTED_COMPRESS);
 
 exports.ALGORITHMS = {

lib/keyParser.js

@@ -6,6 +6,8 @@ var utils;
 var Ber = require('asn1').Ber;
 var semver = require('semver');
 
+var readUInt32BE = require('./buffer-helpers').readUInt32BE;
+
 var RE_PPK = /^PuTTY-User-Key-File-2: ssh-(rsa|dss)\r?\nEncryption: (aes256-cbc|none)\r?\nComment: ([^\r\n]*)\r?\nPublic-Lines: \d+\r?\n([\s\S]+?)\r?\nPrivate-Lines: \d+\r?\n([\s\S]+?)\r?\nPrivate-MAC: ([^\r\n]+)/;
 var RE_HEADER_OPENSSH_PRIV = /^-----BEGIN (RSA|DSA|EC) PRIVATE KEY-----$/i;
 var RE_FOOTER_OPENSSH_PRIV = /^-----END (?:RSA|DSA|EC) PRIVATE KEY-----$/i;
@@ -61,7 +63,7 @@ module.exports = function(data) {
 
     if (!RE_HEADER_OPENSSH.test(data[1])) {
       // unencrypted, no headers
-      var privData = new Buffer(data.slice(1, -1).join(''), 'base64');
+      var privData = Buffer.from(data.slice(1, -1).join(''), 'base64');
       if (keyType !== 'ec') {
         ret.fulltype = 'ssh-' + keyType;
       } else {
@@ -108,24 +110,24 @@ module.exports = function(data) {
         } else if (data[i].length)
           break;
       }
-      ret.private = new Buffer(data.slice(i, -1).join(''), 'base64');
+      ret.private = Buffer.from(data.slice(i, -1).join(''), 'base64');
     }
     ret.type = keyType;
-    ret.privateOrig = new Buffer(orig);
+    ret.privateOrig = Buffer.from(orig);
   } else if (m = RE_HEADER_OPENSSH_PUB.exec(data[0])) {
     // OpenSSH public key
     ret.fulltype = m[1];
     ret.type = (m[2] || 'ec').toLowerCase();
-    ret.public = new Buffer(m[4], 'base64');
-    ret.publicOrig = new Buffer(orig);
+    ret.public = Buffer.from(m[4], 'base64');
+    ret.publicOrig = Buffer.from(orig);
     ret.comment = m[5];
     if (m[3]) // ECDSA only
       ret.curve = 'nistp' + m[3];
   } else if (RE_HEADER_RFC4716_PUB.test(data[0])
              && RE_FOOTER_RFC4716_PUB.test(data.slice(-1))) {
     if (data[1].indexOf(': ') === -1) {
       // no headers
-      ret.public = new Buffer(data.slice(1, -1).join(''), 'base64');
+      ret.public = Buffer.from(data.slice(1, -1).join(''), 'base64');
     } else {
       // headers
       for (i = 1, len = data.length; i < len; ++i) {
@@ -154,9 +156,9 @@ module.exports = function(data) {
         } else
           return new Error('RFC4716 public key invalid header line');
       }
-      ret.public = new Buffer(data.slice(i, -1).join(''), 'base64');
+      ret.public = Buffer.from(data.slice(i, -1).join(''), 'base64');
     }
-    len = ret.public.readUInt32BE(0, true);
+    len = readUInt32BE(ret.public, 0);
     var fulltype = ret.public.toString('ascii', 4, 4 + len);
     ret.fulltype = fulltype;
     if (fulltype === 'ssh-dss')
@@ -166,7 +168,7 @@ module.exports = function(data) {
     else
       return new Error('Unsupported RFC4716 public key type: ' + fulltype);
     ret.public = ret.public.slice(11);
-    ret.publicOrig = new Buffer(orig);
+    ret.publicOrig = Buffer.from(orig);
   } else if (m = RE_PPK.exec(orig)) {
     // m[1] = short type
     // m[2] = encryption type
@@ -208,8 +210,8 @@ module.exports = function(data) {
       ret.encryption = m[2];
     ret.comment = m[3];
 
-    ret.public = new Buffer(m[4].replace(/\r?\n/g, ''), 'base64');
-    var privateKey = new Buffer(m[5].replace(/\r?\n/g, ''), 'base64');
+    ret.public = Buffer.from(m[4].replace(/\r?\n/g, ''), 'base64');
+    var privateKey = Buffer.from(m[5].replace(/\r?\n/g, ''), 'base64');
 
     ret.privateMAC = m[6].replace(/\r?\n/g, '');