diff options
author | Tobias Nießen <tniessen@tnie.de> | 2019-02-21 09:28:16 +0100 |
---|---|---|
committer | Tobias Nießen <tniessen@tnie.de> | 2019-02-23 13:53:58 +0100 |
commit | 8d69fdde1955e0b08bdbe6949090f459995784a7 (patch) | |
tree | fd6fc27eaf7053ea8f6d8158d5b52940712b0326 /test | |
parent | 10c3db3da682b85e7b44b2671f227449713cd4d8 (diff) | |
download | android-node-v8-8d69fdde1955e0b08bdbe6949090f459995784a7.tar.gz android-node-v8-8d69fdde1955e0b08bdbe6949090f459995784a7.tar.bz2 android-node-v8-8d69fdde1955e0b08bdbe6949090f459995784a7.zip |
crypto: fix unencrypted DER PKCS8 parsing
The previously used OpenSSL call only supports encrypted PKCS8,
this commit adds support for unencrypted PKCS8.
PR-URL: https://github.com/nodejs/node/pull/26236
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/parallel/test-crypto-keygen.js | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js index ebbac7606f..7b3eee570d 100644 --- a/test/parallel/test-crypto-keygen.js +++ b/test/parallel/test-crypto-keygen.js @@ -174,6 +174,73 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher); testEncryptDecrypt(publicKey, key); testSignVerify(publicKey, key); })); + + // Now do the same with an encrypted private key, but encoded as DER. + generateKeyPair('rsa', { + publicExponent: 0x10001, + modulusLength: 512, + publicKeyEncoding, + privateKeyEncoding: { + type: 'pkcs8', + format: 'der', + cipher: 'aes-256-cbc', + passphrase: 'secret' + } + }, common.mustCall((err, publicKeyDER, privateKeyDER) => { + assert.ifError(err); + + assert(Buffer.isBuffer(publicKeyDER)); + assertApproximateSize(publicKeyDER, 74); + + assert(Buffer.isBuffer(privateKeyDER)); + + // Since the private key is encrypted, signing shouldn't work anymore. + const publicKey = { key: publicKeyDER, ...publicKeyEncoding }; + assert.throws(() => { + testSignVerify(publicKey, { + key: privateKeyDER, + format: 'der', + type: 'pkcs8' + }); + }, /bad decrypt|asn1 encoding routines/); + + const privateKey = { + key: privateKeyDER, + format: 'der', + type: 'pkcs8', + passphrase: 'secret' + }; + testEncryptDecrypt(publicKey, privateKey); + testSignVerify(publicKey, privateKey); + })); + + // Now do the same with an encrypted private key, but encoded as DER. + generateKeyPair('rsa', { + publicExponent: 0x10001, + modulusLength: 512, + publicKeyEncoding, + privateKeyEncoding: { + type: 'pkcs8', + format: 'der' + } + }, common.mustCall((err, publicKeyDER, privateKeyDER) => { + assert.ifError(err); + + assert(Buffer.isBuffer(publicKeyDER)); + assertApproximateSize(publicKeyDER, 74); + + assert(Buffer.isBuffer(privateKeyDER)); + + const publicKey = { key: publicKeyDER, ...publicKeyEncoding }; + const privateKey = { + key: privateKeyDER, + format: 'der', + type: 'pkcs8', + passphrase: 'secret' + }; + testEncryptDecrypt(publicKey, privateKey); + testSignVerify(publicKey, privateKey); + })); } { |