From be0b53d4b2f5eba7c9beaab385b1693429a5939b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Mon, 4 Nov 2019 15:00:25 +0100 Subject: [PATCH] crypto: fix key requirements in asymmetric cipher PR-URL: https://github.com/nodejs/node/pull/30249 Fixes: https://github.com/nodejs/node/issues/30237 Reviewed-By: Ben Noordhuis Reviewed-By: Colin Ihrig Reviewed-By: Ruben Bridgewater Reviewed-By: James M Snell --- lib/internal/crypto/cipher.js | 4 +-- test/parallel/test-crypto-key-objects.js | 40 +++++++++++++++++------- 2 files changed, 30 insertions(+), 14 deletions(-) diff --git a/lib/internal/crypto/cipher.js b/lib/internal/crypto/cipher.js index c888d5fdaef8d9..1d6f32bf7b809a 100644 --- a/lib/internal/crypto/cipher.js +++ b/lib/internal/crypto/cipher.js @@ -66,11 +66,11 @@ function rsaFunctionFor(method, defaultPadding, keyType) { const publicEncrypt = rsaFunctionFor(_publicEncrypt, RSA_PKCS1_OAEP_PADDING, 'public'); const publicDecrypt = rsaFunctionFor(_publicDecrypt, RSA_PKCS1_PADDING, - 'private'); + 'public'); const privateEncrypt = rsaFunctionFor(_privateEncrypt, RSA_PKCS1_PADDING, 'private'); const privateDecrypt = rsaFunctionFor(_privateDecrypt, RSA_PKCS1_OAEP_PADDING, - 'public'); + 'private'); function getDecoder(decoder, encoding) { encoding = normalizeEncoding(encoding); diff --git a/test/parallel/test-crypto-key-objects.js b/test/parallel/test-crypto-key-objects.js index 15de241b358fb1..dc995be041ed48 100644 --- a/test/parallel/test-crypto-key-objects.js +++ b/test/parallel/test-crypto-key-objects.js @@ -15,8 +15,10 @@ const { createPrivateKey, KeyObject, randomBytes, + publicDecrypt, publicEncrypt, - privateDecrypt + privateDecrypt, + privateEncrypt } = require('crypto'); const fixtures = require('../common/fixtures'); @@ -156,7 +158,16 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem', assert(Buffer.isBuffer(privateDER)); const plaintext = Buffer.from('Hello world', 'utf8'); - const ciphertexts = [ + const testDecryption = (fn, ciphertexts, decryptionKeys) => { + for (const ciphertext of ciphertexts) { + for (const key of decryptionKeys) { + const deciphered = fn(key, ciphertext); + assert.deepStrictEqual(deciphered, plaintext); + } + } + }; + + testDecryption(privateDecrypt, [ // Encrypt using the public key. publicEncrypt(publicKey, plaintext), publicEncrypt({ key: publicKey }, plaintext), @@ -173,20 +184,25 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem', // DER-encoded data only. publicEncrypt({ format: 'der', type: 'pkcs1', key: publicDER }, plaintext), publicEncrypt({ format: 'der', type: 'pkcs1', key: privateDER }, plaintext) - ]; - - const decryptionKeys = [ + ], [ privateKey, { format: 'pem', key: privatePem }, { format: 'der', type: 'pkcs1', key: privateDER } - ]; + ]); - for (const ciphertext of ciphertexts) { - for (const key of decryptionKeys) { - const deciphered = privateDecrypt(key, ciphertext); - assert(plaintext.equals(deciphered)); - } - } + testDecryption(publicDecrypt, [ + privateEncrypt(privateKey, plaintext) + ], [ + // Decrypt using the public key. + publicKey, + { format: 'pem', key: publicPem }, + { format: 'der', type: 'pkcs1', key: publicDER }, + + // Decrypt using the private key. + privateKey, + { format: 'pem', key: privatePem }, + { format: 'der', type: 'pkcs1', key: privateDER } + ]); } {