crypto: fix encrypted private -> public import

tniessen · targos · commit c4193ba8ae31 · 2021-02-02T10:42:01.000+01:00
PR-URL: #37056 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
diff --git a/lib/internal/crypto/keys.js b/lib/internal/crypto/keys.js
@@ -428,9 +428,10 @@ function createSecretKey(key, encoding) {
 }
 
 function createPublicKey(key) {
-  const { format, type, data } = prepareAsymmetricKey(key, kCreatePublic);
+  const { format, type, data, passphrase } =
+    prepareAsymmetricKey(key, kCreatePublic);
   const handle = new KeyObjectHandle();
-  handle.init(kKeyTypePublic, data, format, type);
+  handle.init(kKeyTypePublic, data, format, type, passphrase);
   return new PublicKeyObject(handle);
 }
 
diff --git a/src/crypto/crypto_keys.cc b/src/crypto/crypto_keys.cc
@@ -939,7 +939,7 @@ void KeyObjectHandle::Init(const FunctionCallbackInfo<Value>& args) {
     break;
   }
   case kKeyTypePublic: {
-    CHECK_EQ(args.Length(), 4);
+    CHECK_EQ(args.Length(), 5);
 
     offset = 1;
     pkey = ManagedEVPPKey::GetPublicOrPrivateKeyFromJs(args, &offset);
diff --git a/test/parallel/test-crypto-key-objects.js b/test/parallel/test-crypto-key-objects.js
@@ -132,6 +132,21 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
   assert.strictEqual(derivedPublicKey.asymmetricKeyType, 'rsa');
   assert.strictEqual(derivedPublicKey.symmetricKeySize, undefined);
 
+  // It should also be possible to import an encrypted private key as a public
+  // key.
+  const decryptedKey = createPublicKey({
+    key: privateKey.export({
+      type: 'pkcs8',
+      format: 'pem',
+      passphrase: '123',
+      cipher: 'aes-128-cbc'
+    }),
+    format: 'pem',
+    passphrase: '123'
+  });
+  assert.strictEqual(decryptedKey.type, 'public');
+  assert.strictEqual(decryptedKey.asymmetricKeyType, 'rsa');
+
   // Test exporting with an invalid options object, this should throw.
   for (const opt of [undefined, null, 'foo', 0, NaN]) {
     assert.throws(() => publicKey.export(opt), {

Original file line number	Diff line number	Diff line change
`@@ -428,9 +428,10 @@ function createSecretKey(key, encoding) {`
`428`	`428`	`}`
`429`	`429`
`430`	`430`	`function createPublicKey(key) {`
`431`		`- const { format, type, data } = prepareAsymmetricKey(key, kCreatePublic);`
	`431`	`+ const { format, type, data, passphrase } =`
	`432`	`+ prepareAsymmetricKey(key, kCreatePublic);`
`432`	`433`	`const handle = new KeyObjectHandle();`
`433`		`- handle.init(kKeyTypePublic, data, format, type);`
	`434`	`+ handle.init(kKeyTypePublic, data, format, type, passphrase);`
`434`	`435`	`return new PublicKeyObject(handle);`
`435`	`436`	`}`
`436`	`437`
Original file line number	Diff line number	Diff line change
`@@ -939,7 +939,7 @@ void KeyObjectHandle::Init(const FunctionCallbackInfo<Value>& args) {`
`939`	`939`	`break;`
`940`	`940`	`}`
`941`	`941`	`case kKeyTypePublic: {`
`942`		`- CHECK_EQ(args.Length(), 4);`
	`942`	`+ CHECK_EQ(args.Length(), 5);`
`943`	`943`
`944`	`944`	`offset = 1;`
`945`	`945`	`pkey = ManagedEVPPKey::GetPublicOrPrivateKeyFromJs(args, &offset);`