#50 Support PKCS#5 AES-256-CBC encrypted private keys

Reviewed by: Alex Wilson <alex.wilson@joyent.com>
TritonDataCenter · Oct 11, 2018 · 53e23fe · 53e23fe
1 parent 6b68d49
commit 53e23fe
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 1 deletion.
diff --git a/lib/utils.js b/lib/utils.js
@@ -87,7 +87,8 @@ function assertCompatible(obj, klass, needVer, name) {
 
 var CIPHER_LEN = {
 	'des-ede3-cbc': { key: 7, iv: 8 },
-	'aes-128-cbc': { key: 16, iv: 16 }
+	'aes-128-cbc': { key: 16, iv: 16 },
+	'aes-256-cbc': { key: 32, iv: 16 }
 };
 var PKCS5_SALT_LEN = 8;
 

diff --git a/test/assets/p50key.pem b/test/assets/p50key.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,C874518D21E3C9C4F0CA44C8060D631B
+
+6kCcRk72I+6eYBpvDpMu/hxJKVI9xpsJikmfyc//0HLBP6e95cuk3EHWUG5/2cLb
+RSniNWjeIBmxMUlJP7vCdmdnJQ+so/9JzmztwHIEk/kMW1jgNnWH53pUhuNTllFy
+M7/c2IOD5gWSrl/MijNNhYaglh2Zn5djJvuoJmmT3lXsIFc1FQw0luDBxYE7l5Rf
+PuZxuRgpHwbuAAJ2UW2NDlYxtpOI3ilh90GHl+G/DEks3N/tWvWQKWbkGy10I2Nm
+TbBlGf78KU5Br3fIdau5YdKUFT7vFfhuX/txB1eqV7wbMBjeDKEJNylfwANGQyMk
+iUZo54FdNCfZC9IYHOxJ2ntNYlV0qnD+JwffE3fmDL+QXAdr5kHY5D/C5vgLelpS
+1JNQPNnRll04Sj0b3ozfmPShLhTfyRUXqyngiqLl1rp0/52B4WCZuZUz17JErwas
+AN8e0jmNn4nGP/MZAb4sZ2ENirkguoi+yqqeGVRVylAAHzp7yPNLDp53l4vYoQ0R
+H99SJ+0I8PZCeODSfQm+c76mQBfUEUXYnD2LUzNZ+qZrtlUS/i0i/3wvJ+Ek4GGL
+lm+81KEkbmAzAe+BhXpCa+PUhuo30yhqqneq1fqhi6Hit247nIOAXjEowTYKLwxD
+VGHowhBZqyB+YzCApO0KFsbDeTij/VaLdm29JpAWuN6k8l1IUr3kfJerF5oItVv+
+VLNiC0P15yIbY5QaQHM5RkOh0kJcAnvuTRqz0Lq6rVQVE3qvwig86B1TCYO15dB9
+9HyRDFoR2CZ2Dy6nUCQl1nnYa7sD3GxSusoMLN1DxV+afeyW7RBQP3veWxb+nNNu
+M6ImxzOOEZuLQ0nG+gny25KoIfH1BuQwTd82SPl7Uez8LrTY41P/SdLxa/UFodM9
+BYWGdbdIgpfcTgdSoGIUvSA86RvnN7umM5DkNH8WMfm7Tfx/GCDEYANBH2yH79cn
+s4fCrRsE8QN4cm7LnKrhKZSEaLN5YVjoV4aiDZv3UHYdEwr1GrK2H+FxvEPCFIbh
+GEhP34wb9co8kQrUl0LKT+cRt5nTSF+pEDpOaE/h1B58hPNFqZJSeaUaHLUJQ84X
+OTJnUS+fU5B/dA/smPKPyqcq7wLjkB/FmIjYm/ezXZ9Qg2IFhBMSxAHuGdxeg8C8
+vypd9E1w36pm0y5E6ilogf1+UI7SsLo2HiUz8jc25SgoMv4W45dv+jwNOAAk26Z/
+vMD0diOAVSTpqtmYVEx/CsEoEXtLg36sUVR+NUFwdhTiVYRuaqhwvcHW4Z14DzLm
+tASkhcdd+9bjGUX3oJFsyitqSnMAzajthcEFsUuGaeI/DL+2NRZYrQNOVnmzKPJS
+0cnOJnPTI1a93FbWnTjMWLR+iNZHtafUGuf2IYHlFAiR0ekVUQHcUGC4oyKZUaPI
+CU9rFRGeql4XYp8UC0pBCTF5a+0Dixs7HUCc4abmlgsxfcQrIa5IFCbzmBQBs6x4
+9XZ9T6qedqFX5Cuy/k/9b8QKQKlzXEPFpmfXvTy0a0OS16ypCia0PuWiLgjCLkzA
+lqmgx4ohcj1asGUCItGeGBXbmEaBVLMgz7QDWzuIGdnq+IfVYCn37UyxdCyVkHBr
+-----END RSA PRIVATE KEY-----
diff --git a/test/private-key.js b/test/private-key.js
@@ -241,6 +241,22 @@ test('parse and produce encrypted ssh-private ecdsa', function (t) {
 	t.end();
 });
 
+test('pem pkcs#5 encrypted with aes-256-cbc', function (t) {
+	var keyPem = fs.readFileSync(path.join(testDir, 'p50key.pem'));
+	t.throws(function () {
+		sshpk.parsePrivateKey(keyPem, 'pem');
+	});
+	t.throws(function () {
+		sshpk.parsePrivateKey(keyPem, 'pem',
+		    { passphrase: 'incorrect' });
+	});
+	var key = sshpk.parsePrivateKey(keyPem, 'pem',
+	    { passphrase: 'pass' });
+	t.strictEqual(key.type, 'rsa');
+	t.strictEqual(key.size, 2048);
+	t.end();
+});
+
 var KEY_RSA, KEY_DSA, KEY_ECDSA, KEY_ECDSA2, KEY_ED25519;
 
 test('setup keys', function (t) {