diff options
| author | Simon Cornish <[email protected]> | 2013-08-29 21:05:50 -0700 |
|---|---|---|
| committer | Simon Cornish <[email protected]> | 2013-08-29 21:05:50 -0700 |
| commit | 909d2b4975f4e6b01c70e3577c8be510c7481ff6 (patch) | |
| tree | 699728a2975228317d4269cd3093abb4485ea674 /lib/public_key/src | |
| parent | 6a6bc2560c60ea790780dcfbc91336a734eff1be (diff) | |
| download | otp-909d2b4975f4e6b01c70e3577c8be510c7481ff6.tar.gz otp-909d2b4975f4e6b01c70e3577c8be510c7481ff6.tar.bz2 otp-909d2b4975f4e6b01c70e3577c8be510c7481ff6.zip | |
Allow public_key:pem_entry_decode/2) to handle AES-128-CBC ciphered keys
Private keys generated by modern versions of ssh-keygen are ciphered
with AES-128-CBC instead of DES-EDE3-CBC.
Since DES-EDE3-CBC ciphered keys are handled, and the underlying
support for AES-128-CBC is already present, it seems a bug of omission
that AES-128-CBC ciphered keys are not.
Diffstat (limited to 'lib/public_key/src')
| -rw-r--r-- | lib/public_key/src/pubkey_pbe.erl | 12 | ||||
| -rw-r--r-- | lib/public_key/src/public_key.erl | 7 |
2 files changed, 17 insertions, 2 deletions
diff --git a/lib/public_key/src/pubkey_pbe.erl b/lib/public_key/src/pubkey_pbe.erl index 6f0be53db9..460624163b 100644 --- a/lib/public_key/src/pubkey_pbe.erl +++ b/lib/public_key/src/pubkey_pbe.erl @@ -66,7 +66,13 @@ decode(Data, Password,"DES-EDE3-CBC" = Cipher, KeyDevParams) -> decode(Data, Password,"RC2-CBC"= Cipher, KeyDevParams) -> {Key, IV} = password_to_key_and_iv(Password, Cipher, KeyDevParams), - crypto:block_decrypt(rc2_cbc, Key, IV, Data). + crypto:block_decrypt(rc2_cbc, Key, IV, Data); + +decode(Data, Password,"AES-128-CBC"= Cipher, IV) -> + %% PKCS5_SALT_LEN is 8 bytes + <<Salt:8/binary,_/binary>> = IV, + {Key, _} = password_to_key_and_iv(Password, Cipher, Salt), + crypto:block_decrypt(aes_cbc128, Key, IV, Data). %%-------------------------------------------------------------------- -spec pbdkdf1(string(), iodata(), integer(), atom()) -> binary(). @@ -200,7 +206,9 @@ derived_key_length(Cipher,_) when (Cipher == ?'rc2CBC') or 16; derived_key_length(Cipher,_) when (Cipher == ?'des-EDE3-CBC') or (Cipher == "DES-EDE3-CBC") -> - 24. + 24; +derived_key_length(Cipher,_) when (Cipher == "AES-128-CBC") -> + 16. cipher(#'PBES2-params_encryptionScheme'{algorithm = ?'desCBC'}) -> "DES-CBC"; diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index cdbfe6e07c..a4b6b8ad15 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -118,6 +118,13 @@ pem_entry_decode({Asn1Type, CryptDer, {Cipher, Salt}} = PemEntry, is_list(Cipher) andalso is_binary(Salt) andalso erlang:byte_size(Salt) == 8 -> + do_pem_entry_decode(PemEntry, Password); +pem_entry_decode({Asn1Type, CryptDer, {"AES-128-CBC"=Cipher, IV}} = PemEntry, + Password) when is_atom(Asn1Type) andalso + is_binary(CryptDer) andalso + is_list(Cipher) andalso + is_binary(IV) andalso + erlang:byte_size(IV) == 16 -> do_pem_entry_decode(PemEntry, Password). %%-------------------------------------------------------------------- |