aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/src
diff options
context:
space:
mode:
authorSimon Cornish <[email protected]>2013-08-29 21:05:50 -0700
committerSimon Cornish <[email protected]>2013-08-29 21:05:50 -0700
commit909d2b4975f4e6b01c70e3577c8be510c7481ff6 (patch)
tree699728a2975228317d4269cd3093abb4485ea674 /lib/public_key/src
parent6a6bc2560c60ea790780dcfbc91336a734eff1be (diff)
downloadotp-909d2b4975f4e6b01c70e3577c8be510c7481ff6.tar.gz
otp-909d2b4975f4e6b01c70e3577c8be510c7481ff6.tar.bz2
otp-909d2b4975f4e6b01c70e3577c8be510c7481ff6.zip
Allow public_key:pem_entry_decode/2) to handle AES-128-CBC ciphered keys
Private keys generated by modern versions of ssh-keygen are ciphered with AES-128-CBC instead of DES-EDE3-CBC. Since DES-EDE3-CBC ciphered keys are handled, and the underlying support for AES-128-CBC is already present, it seems a bug of omission that AES-128-CBC ciphered keys are not.
Diffstat (limited to 'lib/public_key/src')
-rw-r--r--lib/public_key/src/pubkey_pbe.erl12
-rw-r--r--lib/public_key/src/public_key.erl7
2 files changed, 17 insertions, 2 deletions
diff --git a/lib/public_key/src/pubkey_pbe.erl b/lib/public_key/src/pubkey_pbe.erl
index 6f0be53db9..460624163b 100644
--- a/lib/public_key/src/pubkey_pbe.erl
+++ b/lib/public_key/src/pubkey_pbe.erl
@@ -66,7 +66,13 @@ decode(Data, Password,"DES-EDE3-CBC" = Cipher, KeyDevParams) ->
decode(Data, Password,"RC2-CBC"= Cipher, KeyDevParams) ->
{Key, IV} = password_to_key_and_iv(Password, Cipher, KeyDevParams),
- crypto:block_decrypt(rc2_cbc, Key, IV, Data).
+ crypto:block_decrypt(rc2_cbc, Key, IV, Data);
+
+decode(Data, Password,"AES-128-CBC"= Cipher, IV) ->
+ %% PKCS5_SALT_LEN is 8 bytes
+ <<Salt:8/binary,_/binary>> = IV,
+ {Key, _} = password_to_key_and_iv(Password, Cipher, Salt),
+ crypto:block_decrypt(aes_cbc128, Key, IV, Data).
%%--------------------------------------------------------------------
-spec pbdkdf1(string(), iodata(), integer(), atom()) -> binary().
@@ -200,7 +206,9 @@ derived_key_length(Cipher,_) when (Cipher == ?'rc2CBC') or
16;
derived_key_length(Cipher,_) when (Cipher == ?'des-EDE3-CBC') or
(Cipher == "DES-EDE3-CBC") ->
- 24.
+ 24;
+derived_key_length(Cipher,_) when (Cipher == "AES-128-CBC") ->
+ 16.
cipher(#'PBES2-params_encryptionScheme'{algorithm = ?'desCBC'}) ->
"DES-CBC";
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index cdbfe6e07c..a4b6b8ad15 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -118,6 +118,13 @@ pem_entry_decode({Asn1Type, CryptDer, {Cipher, Salt}} = PemEntry,
is_list(Cipher) andalso
is_binary(Salt) andalso
erlang:byte_size(Salt) == 8 ->
+ do_pem_entry_decode(PemEntry, Password);
+pem_entry_decode({Asn1Type, CryptDer, {"AES-128-CBC"=Cipher, IV}} = PemEntry,
+ Password) when is_atom(Asn1Type) andalso
+ is_binary(CryptDer) andalso
+ is_list(Cipher) andalso
+ is_binary(IV) andalso
+ erlang:byte_size(IV) == 16 ->
do_pem_entry_decode(PemEntry, Password).
%%--------------------------------------------------------------------