crypto: support passwords in publicEncrypt

Private keys may be used along with publicEncrypt since the private key
includes the public one.  This adds the ability to use encrypted private
keys which previously threw an error.  This commit also makes sure the
user exposed functions have names.

PR-URL: https://github.com/iojs/io.js/pull/626
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit is contained in:
Calvin Metcalf 2015-01-27 14:58:22 -05:00 committed by Ben Noordhuis
parent e9eb2ec1c4
commit 6561274d23
3 changed files with 46 additions and 1 deletions

View File

@ -678,10 +678,13 @@ Encrypts `buffer` with `public_key`. Only RSA is currently supported.
`public_key` can be an object or a string. If `public_key` is a string, it is
treated as the key with no passphrase and will use `RSA_PKCS1_OAEP_PADDING`.
Since RSA public keys may be derived from private keys you may pass a private
key to this method.
`public_key`:
* `key` : A string holding the PEM encoded private key
* `passphrase` : An optional string of passphrase for the private key
* `padding` : An optional padding value, one of the following:
* `constants.RSA_NO_PADDING`
* `constants.RSA_PKCS1_PADDING`

View File

@ -340,7 +340,8 @@ function rsaPublic(method, defaultPadding) {
return function(options, buffer) {
var key = options.key || options;
var padding = options.padding || defaultPadding;
return method(toBuf(key), buffer, padding);
var passphrase = options.passphrase || null;
return method(toBuf(key), buffer, padding, passphrase);
};
}

View File

@ -831,6 +831,28 @@ assert.equal(bad_dh.verifyError, constants.DH_NOT_SUITABLE_GENERATOR);
}, encryptedBuffer);
assert.equal(input, decryptedBufferWithPassword.toString());
encryptedBuffer = crypto.publicEncrypt({
key: rsaKeyPemEncrypted,
passphrase: 'password'
}, bufferToEncrypt);
decryptedBufferWithPassword = crypto.privateDecrypt({
key: rsaKeyPemEncrypted,
passphrase: 'password'
}, encryptedBuffer);
assert.equal(input, decryptedBufferWithPassword.toString());
encryptedBuffer = crypto.privateEncrypt({
key: rsaKeyPemEncrypted,
passphrase: new Buffer('password')
}, bufferToEncrypt);
decryptedBufferWithPassword = crypto.publicDecrypt({
key: rsaKeyPemEncrypted,
passphrase: new Buffer('password')
}, encryptedBuffer);
assert.equal(input, decryptedBufferWithPassword.toString());
encryptedBuffer = crypto.publicEncrypt(certPem, bufferToEncrypt);
decryptedBuffer = crypto.privateDecrypt(keyPem, encryptedBuffer);
@ -850,6 +872,25 @@ assert.equal(bad_dh.verifyError, constants.DH_NOT_SUITABLE_GENERATOR);
crypto.privateDecrypt({
key: rsaKeyPemEncrypted,
passphrase: 'wrong'
}, bufferToEncrypt);
});
assert.throws(function() {
crypto.publicEncrypt({
key: rsaKeyPemEncrypted,
passphrase: 'wrong'
}, encryptedBuffer);
});
encryptedBuffer = crypto.privateEncrypt({
key: rsaKeyPemEncrypted,
passphrase: new Buffer('password')
}, bufferToEncrypt);
assert.throws(function() {
crypto.publicDecrypt({
key: rsaKeyPemEncrypted,
passphrase: [].concat.apply([], new Buffer('password'))
}, encryptedBuffer);
});
})();