crypto: fix encrypted private -> public import

PR-URL: #37056 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
nodejs · Feb 2, 2021 · c4193ba · c4193ba
1 parent cb3b0ec
commit c4193ba
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 3 deletions.
diff --git a/lib/internal/crypto/keys.js b/lib/internal/crypto/keys.js
@@ -428,9 +428,10 @@ function createSecretKey(key, encoding) {
 }
 
 function createPublicKey(key) {
-  const { format, type, data } = prepareAsymmetricKey(key, kCreatePublic);
+  const { format, type, data, passphrase } =
+    prepareAsymmetricKey(key, kCreatePublic);
   const handle = new KeyObjectHandle();
-  handle.init(kKeyTypePublic, data, format, type);
+  handle.init(kKeyTypePublic, data, format, type, passphrase);
   return new PublicKeyObject(handle);
 }
 

diff --git a/src/crypto/crypto_keys.cc b/src/crypto/crypto_keys.cc
@@ -939,7 +939,7 @@ void KeyObjectHandle::Init(const FunctionCallbackInfo<Value>& args) {
     break;
   }
   case kKeyTypePublic: {
-    CHECK_EQ(args.Length(), 4);
+    CHECK_EQ(args.Length(), 5);
 
     offset = 1;
     pkey = ManagedEVPPKey::GetPublicOrPrivateKeyFromJs(args, &offset);

diff --git a/test/parallel/test-crypto-key-objects.js b/test/parallel/test-crypto-key-objects.js
@@ -132,6 +132,21 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
   assert.strictEqual(derivedPublicKey.asymmetricKeyType, 'rsa');
   assert.strictEqual(derivedPublicKey.symmetricKeySize, undefined);
 
+  // It should also be possible to import an encrypted private key as a public
+  // key.
+  const decryptedKey = createPublicKey({
+    key: privateKey.export({
+      type: 'pkcs8',
+      format: 'pem',
+      passphrase: '123',
+      cipher: 'aes-128-cbc'
+    }),
+    format: 'pem',
+    passphrase: '123'
+  });
+  assert.strictEqual(decryptedKey.type, 'public');
+  assert.strictEqual(decryptedKey.asymmetricKeyType, 'rsa');
+
   // Test exporting with an invalid options object, this should throw.
   for (const opt of [undefined, null, 'foo', 0, NaN]) {
     assert.throws(() => publicKey.export(opt), {