[compat] implement RSA#private_to_der/pem

and improve compatibility parsing encrypted key info

Author: kares

src/main/java/org/jruby/ext/openssl/PKey.java

@@ -62,6 +62,7 @@
 import org.jruby.ext.openssl.x509store.PEMInputOutput;
 
 import static org.jruby.ext.openssl.OpenSSL.*;
+import static org.jruby.ext.openssl.Cipher._Cipher;
 
 /**
  * @author <a href="mailto:ola.bini@ki.se">Ola Bini</a>
@@ -126,13 +127,22 @@ public static IRubyObject read(final ThreadContext context, IRubyObject recv, IR
 
             final RubyString str = readInitArg(context, data);
             KeyPair keyPair;
-            // d2i_PrivateKey_bio
+            // d2i_PrivateKey_bio (PEM formats: RSA PRIVATE KEY, DSA PRIVATE KEY, PRIVATE KEY, ENCRYPTED PRIVATE KEY)
             try {
                 keyPair = readPrivateKey(str, pass);
             } catch (IOException e) {
                 debugStackTrace(runtime, "PKey readPrivateKey", e); /* ignore */
                 keyPair = null;
             }
+            // DER-encoded PKCS#8 PrivateKeyInfo or EncryptedPrivateKeyInfo
+            if (keyPair == null) {
+                try {
+                    final byte[] derInput = str.getBytes();
+                    keyPair = PEMInputOutput.readPrivateKeyFromDER(derInput, pass);
+                } catch (IOException e) {
+                    debugStackTrace(runtime, "PKey readPrivateKeyFromDER", e); /* ignore */
+                }
+            }
             // PEM_read_bio_PrivateKey
             if (keyPair != null) {
                 final String alg = getAlgorithm(keyPair);
@@ -395,9 +405,16 @@ static void addSplittedAndFormatted(StringBuilder result, CharSequence v) {
     }
 
     protected static CipherSpec cipherSpec(final IRubyObject cipher) {
-        if ( cipher != null && ! cipher.isNil() ) {
-            final Cipher c = (Cipher) cipher;
-            return new CipherSpec(c.getCipherInstance(), c.getName(), c.getKeyLength() * 8);
+        Cipher obj = null;
+        if (cipher instanceof RubyString) {
+            final Ruby runtime = cipher.getRuntime();
+            obj = new Cipher(runtime, _Cipher(runtime));
+            obj.initializeImpl(runtime, cipher.asString().toString());
+        } else if (cipher instanceof Cipher) {
+            obj = (Cipher) cipher;
+        }
+        if (obj != null) {
+            return new CipherSpec(obj.getCipherInstance(), obj.getName(), obj.getKeyLength() * 8);
         }
         return null;
     }

src/main/java/org/jruby/ext/openssl/PKeyRSA.java

@@ -51,7 +51,15 @@
 
 import static javax.crypto.Cipher.*;
 
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.operator.OutputEncryptor;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
+import org.bouncycastle.pkcs.jcajce.JcaPKCS8EncryptedPrivateKeyInfoBuilder;
+import org.bouncycastle.pkcs.jcajce.JcePKCSPBEOutputEncryptorBuilder;
 import org.jruby.Ruby;
 import org.jruby.RubyClass;
 import org.jruby.RubyBignum;
@@ -502,6 +510,89 @@ public RubyString public_to_pem(ThreadContext context) {
         }
     }
 
+    @JRubyMethod(rest = true)
+    public RubyString private_to_der(ThreadContext context, final IRubyObject[] args) {
+        Arity.checkArgumentCount(context.runtime, args, 0, 2);
+        if (privateKey == null) {
+            throw newRSAError(context.runtime, "private key is not available");
+        }
+        CipherSpec spec = null; char[] passwd = null;
+        if (args.length > 0) {
+            spec = cipherSpec(args[0]);
+            if (args.length > 1) passwd = password(context, args[1], null);
+        }
+        try {
+            if (spec != null && passwd != null) {
+                final ASN1ObjectIdentifier cipherOid = osslNameToCipherOid(spec.getOsslName());
+                final OutputEncryptor encryptor = new JcePKCSPBEOutputEncryptorBuilder(cipherOid)
+                        .setProvider(SecurityHelper.getSecurityProvider()).build(passwd);
+                final PKCS8EncryptedPrivateKeyInfo enc = new JcaPKCS8EncryptedPrivateKeyInfoBuilder(privateKey).build(encryptor);
+                return StringHelper.newString(context.runtime, enc.getEncoded());
+            }
+            return StringHelper.newString(context.runtime, privateKey.getEncoded());
+        }
+        catch (NoClassDefFoundError e) {
+            throw newRSAError(context.runtime, bcExceptionMessage(e));
+        }
+        catch (OperatorCreationException | IOException e) {
+            throw newRSAError(context.runtime, e.getMessage(), e);
+        }
+    }
+
+    @JRubyMethod(rest = true)
+    public RubyString private_to_pem(ThreadContext context, final IRubyObject[] args) {
+        Arity.checkArgumentCount(context.runtime, args, 0, 2);
+        if (privateKey == null) {
+            throw newRSAError(context.runtime, "private key is not available");
+        }
+        CipherSpec spec = null; char[] passwd = null;
+        if (args.length > 0) {
+            spec = cipherSpec(args[0]);
+            if (args.length > 1) passwd = password(context, args[1], null);
+        }
+        try {
+            final StringWriter writer = new StringWriter();
+            if (spec != null && passwd != null) {
+                final ASN1ObjectIdentifier cipherOid = osslNameToCipherOid(spec.getOsslName());
+                final OutputEncryptor encryptor = new JcePKCSPBEOutputEncryptorBuilder(cipherOid)
+                        .setProvider(SecurityHelper.getSecurityProvider()).build(passwd);
+                final PKCS8EncryptedPrivateKeyInfo enc = new JcaPKCS8EncryptedPrivateKeyInfoBuilder(privateKey).build(encryptor);
+                PEMInputOutput.writeEncryptedPKCS8PrivateKey(writer, enc.getEncoded());
+            } else {
+                PEMInputOutput.writePKCS8PrivateKey(writer, privateKey.getEncoded());
+            }
+            return RubyString.newString(context.runtime, writer.getBuffer());
+        }
+        catch (NoClassDefFoundError e) {
+            throw newRSAError(context.runtime, bcExceptionMessage(e));
+        }
+        catch (OperatorCreationException | IOException e) {
+            throw newRSAError(context.runtime, e.getMessage(), e);
+        }
+    }
+
+    private static ASN1ObjectIdentifier osslNameToCipherOid(final String osslName) {
+        switch (osslName.toUpperCase()) {
+            case "AES-128-CBC": return NISTObjectIdentifiers.id_aes128_CBC;
+            case "AES-192-CBC": return NISTObjectIdentifiers.id_aes192_CBC;
+            case "AES-256-CBC": return NISTObjectIdentifiers.id_aes256_CBC;
+            case "AES-128-ECB": return NISTObjectIdentifiers.id_aes128_ECB;
+            case "AES-192-ECB": return NISTObjectIdentifiers.id_aes192_ECB;
+            case "AES-256-ECB": return NISTObjectIdentifiers.id_aes256_ECB;
+            case "AES-128-OFB": return NISTObjectIdentifiers.id_aes128_OFB;
+            case "AES-192-OFB": return NISTObjectIdentifiers.id_aes192_OFB;
+            case "AES-256-OFB": return NISTObjectIdentifiers.id_aes256_OFB;
+            case "AES-128-CFB": return NISTObjectIdentifiers.id_aes128_CFB;
+            case "AES-192-CFB": return NISTObjectIdentifiers.id_aes192_CFB;
+            case "AES-256-CFB": return NISTObjectIdentifiers.id_aes256_CFB;
+            case "DES-EDE3-CBC":
+            case "DES-EDE-CBC":
+            case "DES3": return PKCSObjectIdentifiers.des_EDE3_CBC;
+            default:
+                throw new IllegalArgumentException("Unsupported cipher for PKCS8 encryption: " + osslName);
+        }
+    }
+
     private String getPadding(final int padding) {
         if ( padding < 1 || padding > 4 ) {
             throw newRSAError(getRuntime(), "");

src/main/java/org/jruby/ext/openssl/x509store/PEMInputOutput.java

@@ -112,6 +112,8 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.PBEParametersGenerator;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.crypto.engines.AESEngine;
 import org.bouncycastle.crypto.engines.DESedeEngine;
 import org.bouncycastle.crypto.engines.RC2Engine;
 import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator;
@@ -360,14 +362,15 @@ else if ( line.indexOf(BEG_STRING_PKCS8) != -1 ) {
                 try {
                     byte[] bytes = readBase64Bytes(reader, BEF_E + PEM_STRING_PKCS8);
                     EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.getInstance(bytes);
-                    AlgorithmIdentifier algId = eIn.getEncryptionAlgorithm();
-                    PrivateKey privKey;
-                    if (algId.getAlgorithm().toString().equals("1.2.840.113549.1.5.13")) { // PBES2
-                        privKey = derivePrivateKeyPBES2(eIn, algId, passwd);
-                    } else {
-                        privKey = derivePrivateKeyPBES1(eIn, algId, passwd);
-                    }
-                    return new KeyPair(null, privKey);
+                    org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo encInfo =
+                        new org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo(eIn);
+                    org.bouncycastle.operator.InputDecryptorProvider decryptor =
+                        new org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder()
+                            .setProvider(SecurityHelper.getSecurityProvider())
+                            .build(passwd);
+                    final PrivateKeyInfo keyInfo = encInfo.decryptPrivateKeyInfo(decryptor);
+                    final Type type = getPrivateKeyType(keyInfo.getPrivateKeyAlgorithm());
+                    return org.jruby.ext.openssl.impl.PKey.readPrivateKey(type, keyInfo);
                 }
                 catch (Exception e) {
                     throw mapReadException("problem creating private key: ", e);
@@ -377,6 +380,43 @@ else if ( line.indexOf(BEG_STRING_PKCS8) != -1 ) {
         return null;
     }
 
+    /**
+     * Attempt to read a private key from DER-encoded PKCS#8 bytes (PrivateKeyInfo or
+     * EncryptedPrivateKeyInfo). Returns null if the input cannot be parsed as either format.
+     */
+    public static KeyPair readPrivateKeyFromDER(final byte[] input, final char[] passwd) throws IOException {
+        // Try as unencrypted PKCS#8 PrivateKeyInfo
+        try {
+            final PrivateKeyInfo keyInfo = PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(input));
+            if (keyInfo != null) {
+                final Type type = getPrivateKeyType(keyInfo.getPrivateKeyAlgorithm());
+                return org.jruby.ext.openssl.impl.PKey.readPrivateKey(type, keyInfo);
+            }
+        } catch (Exception e) {
+            // Not a PrivateKeyInfo - try as EncryptedPrivateKeyInfo
+        }
+        // Try as encrypted PKCS#8 EncryptedPrivateKeyInfo
+        if (passwd != null) {
+            try {
+                EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(input));
+                if (eIn != null) {
+                    org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo encInfo =
+                        new org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo(eIn);
+                    org.bouncycastle.operator.InputDecryptorProvider decryptor =
+                        new org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder()
+                            .setProvider(SecurityHelper.getSecurityProvider())
+                            .build(passwd);
+                    final PrivateKeyInfo keyInfo = encInfo.decryptPrivateKeyInfo(decryptor);
+                    final Type type = getPrivateKeyType(keyInfo.getPrivateKeyAlgorithm());
+                    return org.jruby.ext.openssl.impl.PKey.readPrivateKey(type, keyInfo);
+                }
+            } catch (Exception e) {
+                throw new IOException("Could not decrypt PKCS#8 key: " + e.getMessage(), e);
+            }
+        }
+        return null;
+    }
+
     private static IOException mapReadException(final String message, final Exception ex) {
         if ( ex instanceof PasswordRequiredException ) {
             return (PasswordRequiredException) ex;
@@ -416,12 +456,20 @@ private static PrivateKey derivePrivateKeyPBES2(EncryptedPrivateKeyInfo eIn, Alg
 
         EncryptionScheme scheme = pbeParams.getEncryptionScheme();
         BufferedBlockCipher cipher;
-        if ( scheme.getAlgorithm().equals( PKCSObjectIdentifiers.RC2_CBC ) ) {
+        ASN1ObjectIdentifier encOid = scheme.getAlgorithm();
+        if ( encOid.equals( PKCSObjectIdentifiers.RC2_CBC ) ) {
             RC2CBCParameter rc2Params = RC2CBCParameter.getInstance(scheme);
             byte[] iv = rc2Params.getIV();
             CipherParameters param = new ParametersWithIV(cipherParams, iv);
             cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new RC2Engine()));
             cipher.init(false, param);
+        } else if ( encOid.equals( NISTObjectIdentifiers.id_aes128_CBC ) ||
+                    encOid.equals( NISTObjectIdentifiers.id_aes192_CBC ) ||
+                    encOid.equals( NISTObjectIdentifiers.id_aes256_CBC ) ) {
+            byte[] iv = ASN1OctetString.getInstance( scheme.getParameters() ).getOctets();
+            CipherParameters param = new ParametersWithIV(cipherParams, iv);
+            cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()));
+            cipher.init(false, param);
         } else {
             byte[] iv = ASN1OctetString.getInstance( scheme.getParameters() ).getOctets();
             CipherParameters param = new ParametersWithIV(cipherParams, iv);
@@ -1053,6 +1101,18 @@ public static void writeECPrivateKey(Writer _out, ECPrivateKey obj, CipherSpec c
         }
     }
 
+    /** Writes a PKCS#8 unencrypted private key in PEM format ("PRIVATE KEY"). */
+    public static void writePKCS8PrivateKey(Writer _out, byte[] pkcs8Bytes) throws IOException {
+        BufferedWriter out = makeBuffered(_out);
+        writePemPlain(out, PEM_STRING_PKCS8INF, pkcs8Bytes);
+    }
+
+    /** Writes a PKCS#8 encrypted private key in PEM format ("ENCRYPTED PRIVATE KEY"). */
+    public static void writeEncryptedPKCS8PrivateKey(Writer _out, byte[] encryptedPKCS8Bytes) throws IOException {
+        BufferedWriter out = makeBuffered(_out);
+        writePemPlain(out, PEM_STRING_PKCS8, encryptedPKCS8Bytes);
+    }
+
     public static void writeECParameters(Writer _out, ASN1ObjectIdentifier obj, CipherSpec cipher, char[] passwd) throws IOException {
         assert (obj != null);
         final String PEM_STRING_EC = "EC PARAMETERS";

src/test/ruby/fixtures/pkey/rsa-1.pem

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEArIEJUYZrXhMfUXXdl2gLcXrRB4ciWNEeXt5UVLG0nPhygZwJ
+xis8tOrjXOJEpUXUsfgF35pQiJLD4T9/Vp3zLFtMOOQjOR3AxjIelbH9KPyGFEr9
+TcPtsJ24zhcG7RbwOGXR4iIcDaTx+bCLSAd7BjG3XHQtyeepGGRZkGyGUvXjPorH
+XP+dQjQnMd09wv0GMZSqQ06PedUUKQ4PJRfMCP+mwjFP+rB3NZuThF0CsNmpoixg
+GdoQ591Yrf5rf2Bs848JrYdqJlKlBL6rTFf2glHiC+mE5YRny7RZtv/qIkyUNotV
+ce1cE0GFrRmCpw9bqulDDcgKjFkhihTg4Voq0UYdJ6Alg7Ur4JerKTfyCaRGF27V
+fh/g2A2/6Vu8xKYYwTAwLn+Tvkx9OTVZ1t15wM7Ma8hHowNoO0g/lWkeltgHLMji
+rmeuIYQ20BQmdx2RRgWKl57D0wO/N0HIR+Bm4vcBoNPgMlk9g5WHA6idHR8TLxOr
+dMMmTiWfefB0/FzGXBv7DuuzHN3+urdCvG1QIMFQ06kHXhr4rC28KbWIxg+PJGM8
+oGNEGtGWAOvi4Ov+BVsIdbD5Sfyb4nY3L9qqPl6TxRxMWTKsYCYx11jC8civCzOu
+yL1z+wgIICJ6iGzrfYf6C2BiNV3BC1YCtp2XsG+AooIxCwjL2CP/54MuRnUCAwEA
+AQKCAgAP4+8M0HoRd2d6JIZeDRqIwIyCygLy9Yh7qrVP+/KsRwKdR9dqps73x29c
+Pgeexdj67+Lynw9uFT7v/95mBzTAUESsNO+9sizw1OsWVQgB/4kGU4YT5Ml/bHf6
+nApqSqOkPlTgJM46v4f+vTGHWBEQGAJRBO62250q/wt1D1osSDQ/rZ8BxRYiZBV8
+NWocDRzF8nDgtFrpGSS7R21DuHZ2Gb6twscgS6MfkA49sieuTM6gfr/3gavu/+fM
+V1Rlrmc65GE61++CSjijQEEdTjkJ9isBd+hjEBhTnnBpOBfEQxOgFqOvU/MYXv/G
+W0Q6yWJjUwt3OIcoOImrY5L3j0vERneA1Alweqsbws3fXXMjA+jhLxlJqjPvSAKc
+POi7xu7QCJjSSLAzHSDPdmGmfzlrbdWS1h0mrC5YZYOyToLajfnmAlXNNrytnePg
+JV9/1136ZFrJyEi1JVN3kyrC+1iVd1E+lWK0U1UQ6/25tJvKFc1I+xToaUbK10UN
+ycXib7p2Zsc/+ZMlPRgCxWmpIHmKhnwbO7vtRunnnc6wzhvlQQNHWlIvkyQukV50
+6k/bzWw0M6A98B4oCICIcxcpS3njDlHyL7NlkCD+/OfZp6X3RZF/m4grmA2doebz
+glsaNMyGHFrpHkHq19Y63Y4jtBdW/XuBv06Cnr4r3BXdjEzzwQKCAQEA5bj737Nk
+ZLA0UgzVVvY67MTserTOECIt4i37nULjRQwsSFiz0AWFOBwUCBJ5N2qDEelbf0Fa
+t4VzrphryEgzLz/95ZXi+oxw1liqCHi8iHeU2wSclDtx2jKv2q7bFvFSaH4CKC4N
+zBJNfP92kdXuAjXkbK/jWwr64fLNh/2KFWUAmrYmtGfnOjjyL+yZhPxBatztE58q
+/T61pkvP9NiLfrr7Xq8fnzrwqGERhXKueyoK6ig9ZJPZ2VTykMUUvNYJJ7OYQZru
+EYA3zkuEZifqmjgF57Bgg7dkkIh285TzH3CNf3MCMTmjlWVyHjlyeSPYgISB9Mys
+VKKQth+SvYcChQKCAQEAwDyCcolA7+bQBfECs6GXi7RYy2YSlx562S5vhjSlY9Ko
+WiwVJWviF7uSBdZRnGUKoPv4K4LV34o2lJpSSTi5Xgp7FH986VdGePe3p4hcXSIZ
+NtsKImLVLnEjrmkZExfQl7p0MkcU/LheCf/eEZVp0Z84O54WCs6GRm9wHYIUyrag
+9FREqqxTRVNhQQ2EDVGq1slREdwB+aygE76axK/qosk0RaoLzGZiMn4Sb8bpJxXO
+mee+ftq5bayVltfR0DhC8eHkcPPFeQMll1g+ML7HbINwHTr01ONm3cFUO4zOLBOO
+ws/+vtNfiv6S/lO1RQSRoiApbENBLdSc3V8Cy70PMQKCAQBOcZN4uP5gL5c+KWm0
+T1KhxUDnSdRPyAwY/xC7i7qlullovvlv4GK0XUot03kXBkUJmcEHvF5o6qYtCZlM
+g/MOgHCHtF4Upl5lo1M0n13pz8PB4lpBd+cR1lscdrcTp4Y3bkf4RnmppNpXA7kO
+ZZnnoVWGE620ShSPkWTDuj0rvxisu+SNmClqRUXWPZnSwnzoK9a86443efF3fs3d
+UxCXTuxFUdGfgvXo2XStOBMCtcGSYflM3fv27b4C13mUXhY0O2yTgn8m9LyZsknc
+xGalENpbWmwqrjYl8KOF2+gFZV68FZ67Bm6otkJ4ta80VJw6joT9/eIe6IA34KIw
+G+ktAoIBAFRuPxzvC4ZSaasyX21l25mQbC9pdWDKEkqxCmp3VOyy6R4xnlgBOhwS
+VeAacV2vQyvRfv4dSLIVkkNSRDHEqCWVlNk75TDXFCytIAyE54xAHbLqIVlY7yim
+qHVB07F/FC6PxdkPPziAAU2DA5XVedSHibslg6jbbD4jU6qiJ1+hNrAZEs+jQC+C
+n4Ri20y+Qbp0URb2+icemnARlwgr+3HjzQGL3gK4NQjYNmDBjEWOXl9aWWB90FNL
+KahGwfAhxcVW4W56opCzwR7nsujV4eDXGba83itidRuQfd5pyWOyc1E86TYGwD/b
+79OkEElv6Ea8uXTDVS075GmWATRapQECggEAd9ZAbyT+KouTfi2e6yLOosxSZfns
+eF06QAJi5n9GOtdfK5fqdmHJqJI7wbubCnd0oxPeL71lRjrOAMXufaQRdZtfXSMn
+B1TljteNrh1en5xF451rCPR/Y6tNKBvIKnhy1waO27/vA+ovXrm17iR9rRuGZ29i
+IurlKA6z/96UdrSdpqITTCyTjSOBYg34f49ueGjlpL4+8HJq2wor4Cb1Sbv8ErqA
+bsQ/Jz+KIGUiuFCfNa6d6McPRXIrGgzpprXgfimkV3nj49QyrnuCF/Pc4psGgIaN
+l3EiGXzRt/55K7DQVadtbcjo9zREac8QnDD6dS/gOfJ82L7frQfMpNWgQA==
+-----END RSA PRIVATE KEY-----