Merge pull request #54 from balmas/possible-fix-for-issue-1819

kares · kares · commit 01d6948d9ca5 · 2015-07-13T13:45:18.000+02:00
fixing oaep encryption to use correct algorithm
diff --git a/src/main/java/org/jruby/ext/openssl/PKeyRSA.java b/src/main/java/org/jruby/ext/openssl/PKeyRSA.java
@@ -434,7 +434,7 @@ private String getPadding(final int padding) {
         if ( padding == 3 ) {
             p = "/ECB/NoPadding";
         } else if ( padding == 4 ) {
-            p = "/ECB/OAEPWithMD5AndMGF1Padding";
+            p = "/ECB/OAEPWithSHA1AndMGF1Padding";
         } else if ( padding == 2 ) {
             p = "/ECB/ISO9796-1Padding";
         }
diff --git a/src/test/ruby/oaep/encrypted.key b/src/test/ruby/oaep/encrypted.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDo6m+QZvYQ/xL0ElLgupK1QDcYL4f5PckwsNgS9pUvV7fzTqCH
+k8ThLxTk42MQ2McJsOeUJVP728KhymjFCqxgP4VuwRk9rpAl0+mhy6MPdyjyA6G1
+4jrDWS65ysLchK4t/vwpEDz0SQlEoG1kMzllSm7zZS3XregA7DjNaUYQqwIDAQAB
+AoGBALGR6bRBit+yV5TUU3MZSrf8WQSLWDLgs/33FQSAEYSib4+DJke2lKbI6jkG
+UoSJgFUXFbaQLtMY2+3VDsMKPBdAge9gIdvbkC4yoKjLGm/FBDOxxZcfLpR+9OPq
+U3qM9D0CNuliBWI7Je+p/zs09HIYucpDXy9E18KA1KNF6rfhAkEA9KoNam6wAKnm
+vMzz31ws3RuIOUeo2rx6aaVY95+P9tTxd6U+pNkwxy1aCGP+InVSwlYNA1aQ4Axi
+/GdMIWMkxwJBAPO1CP7cQNZQmu7yusY+GUObDII5YK9WLaY4RAicn5378crPBFxv
+Ukqf9G6FHo7u88iTCIp+vwa3Hn9Tumg3iP0CQQDgUXWBasCVqzCxU5wY4tMDWjXY
+hpoLCpmVeRML3dDJt004rFm2HKe7Rhpw7PTZNQZOxUSjFeA4e0LaNf838UWLAkB8
+QfbHM3ffjhOg96PhhjINdVWoZCb230LBOHj/xxPfUmFTHcBEfQIBSJMxcrBFAnLL
+9qPpMXymqOFk3ETz9DTlAj8E0qGbp78aVbTOtuwEwNJII+RPw+Zkc+lKR+yaWkAz
+fIXw527NPHH3+rnBG72wyZr9ud4LAum9jh+5No1LQpk=
+-----END RSA PRIVATE KEY-----
diff --git a/src/test/ruby/oaep/test_oaep.rb b/src/test/ruby/oaep/test_oaep.rb
@@ -0,0 +1,22 @@
+# coding: US-ASCII
+require 'base64'
+class TestOaep < TestCase
+
+  def setup
+    super
+    self.class.disable_security_restrictions!
+  end
+
+  def test_oaep_decrypt
+    key = File::read(File.join(File.dirname(__FILE__), 'encrypted.key'))
+    base64_cipher_text = "s+ydnGyGfJlH6FPB21tYeAeeMKcqLuybw7lxArZIEGRjMNSn2LHNzUEwX/H6FQan5lKQPZxxU1tBuFP6sP27ektEIXgoIQm+PdxilJnNPVoDA9Wff93MMa9JG3VMsc0kbUNMmJf6SQcJ+IB3OyBPZfPrz6wbkwM2zVm9Y/oqFWM="
+
+    # create cleaned up key object
+    key = OpenSSL::PKey::RSA.new(key)
+
+    cipher_text = Base64.decode64(base64_cipher_text)
+    assert_nothing_raised {
+      decrypted = key.private_decrypt(cipher_text, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
+    }
+  end
+end
diff --git a/src/test/ruby/test_cipher.rb b/src/test/ruby/test_cipher.rb
@@ -27,6 +27,7 @@ def test_cipher_extended_support
     OpenSSL::Cipher.new 'PBEWithSHA1AndRC2_40-CBC' # Sun JCE
     #OpenSSL::Cipher.new 'RSA/ECB' # Sun JCE
     OpenSSL::Cipher.new 'RSA/ECB/OAEPWITHSHA-512ANDMGF1PADDING' # Sun JCE
+    OpenSSL::Cipher.new 'RSA/ECB/OAEPWithSHA1AndMGF1Padding' # Sun JCE
     OpenSSL::Cipher.new 'DESedeWrap/CBC/NOPADDING' # Sun JCE
     OpenSSL::Cipher.new 'XTEA/CBC/PKCS7Padding' # BC
     OpenSSL::Cipher.new 'Noekeon/CBC/ZeroBytePadding' # BC
@@ -349,4 +350,4 @@ def test_encrypt_aes_cfb_20_incompatibility
     end
   end
 
-end
+end

Original file line number	Diff line number	Diff line change
`@@ -434,7 +434,7 @@ private String getPadding(final int padding) {`
`434`	`434`	`if ( padding == 3 ) {`
`435`	`435`	`p = "/ECB/NoPadding";`
`436`	`436`	`} else if ( padding == 4 ) {`
`437`		`- p = "/ECB/OAEPWithMD5AndMGF1Padding";`
	`437`	`+ p = "/ECB/OAEPWithSHA1AndMGF1Padding";`
`438`	`438`	`} else if ( padding == 2 ) {`
`439`	`439`	`p = "/ECB/ISO9796-1Padding";`
`440`	`440`	`}`