Update erl_make_certs for R16B01 compatibility

author: Loïc Hoguin <[email protected]> 2013-06-29 21:50:44 +0200
committer: Loïc Hoguin <[email protected]> 2013-06-29 21:50:44 +0200
commit: 18a4c09331537c398bd5b22b34efb43694e7ac89 (patch)
tree: f3f87a844af74a5bf90b9e7c04e73a045b0a35f2
parent: 705af7a769f1a9c8a981768e14b2baf09279212a (diff)
download: ct_helper-18a4c09331537c398bd5b22b34efb43694e7ac89.tar.gz
ct_helper-18a4c09331537c398bd5b22b34efb43694e7ac89.tar.bz2
ct_helper-18a4c09331537c398bd5b22b34efb43694e7ac89.zip
1 files changed, 79 insertions, 26 deletions
diff --git a/src/erl_make_certs.erl b/src/erl_make_certs.erl
index 82923cb..8212ef7 100644
--- a/src/erl_make_certs.erl
+++ b/src/erl_make_certs.erl
@@ -23,7 +23,7 @@
 -include_lib("public_key/include/public_key.hrl").
 
 -export([make_cert/1, gen_rsa/1, verify_signature/3, write_pem/3]).
--export([gen_dsa/2]).
+-export([gen_dsa/2, gen_ec/1]).
 
 %%--------------------------------------------------------------------
 %% @doc  Create and return a der encoded certificate
@@ -45,7 +45,7 @@
 %%      {dnQualifer, DnQ}
 %%   issuer = {Issuer, IssuerKey}                   true (i.e. a ca cert is created) 
 %%                                                  (obs IssuerKey migth be {Key, Password}
-%%   key = KeyFile|KeyBin|rsa|dsa                   Subject PublicKey rsa or dsa generates key
+%%   key = KeyFile|KeyBin|rsa|dsa|ec                Subject PublicKey rsa, dsa or ec generates key
 %%   
 %%
 %%   (OBS: The generated keys are for testing only)
@@ -91,6 +91,16 @@ gen_dsa(LSize,NSize) when is_integer(LSize), is_integer(NSize) ->
     {Key, encode_key(Key)}.
 
 %%--------------------------------------------------------------------
+%% @doc Creates a ec key (OBS: for testing only)
+%%   the sizes are in bytes
+%% @spec (::integer()) -> {::atom(), ::binary(), ::opaque()}
+%% @end
+%%--------------------------------------------------------------------
+gen_ec(Curve) when is_atom(Curve) ->
+    Key = gen_ec2(Curve),
+    {Key, encode_key(Key)}.
+
+%%--------------------------------------------------------------------
 %% @doc Verifies cert signatures
 %% @spec (::binary(), ::tuple()) -> ::boolean()
 %% @end
@@ -102,7 +112,10 @@ verify_signature(DerEncodedCert, DerKey, _KeyParams) ->
 	    public_key:pkix_verify(DerEncodedCert, 
 				   #'RSAPublicKey'{modulus=Mod, publicExponent=Exp});
 	#'DSAPrivateKey'{p=P, q=Q, g=G, y=Y} ->
-	    public_key:pkix_verify(DerEncodedCert, {Y, #'Dss-Parms'{p=P, q=Q, g=G}})
+	    public_key:pkix_verify(DerEncodedCert, {Y, #'Dss-Parms'{p=P, q=Q, g=G}});
+	#'ECPrivateKey'{version = _Version, privateKey = _PrivKey,
+			parameters = Params, publicKey = {0, PubKey}} ->
+	    public_key:pkix_verify(DerEncodedCert, {#'ECPoint'{point = PubKey}, Params})
     end.
 
 %%%%%%%%%%%%%%%%%%%%%%%%% Implementation %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -112,6 +125,7 @@ get_key(Opts) ->
 	undefined -> make_key(rsa, Opts);
 	rsa ->       make_key(rsa, Opts);
 	dsa ->       make_key(dsa, Opts);
+	ec ->        make_key(ec, Opts);
 	Key ->
 	    Password = proplists:get_value(password, Opts, no_passwd),
 	    decode_key(Key, Password)
@@ -129,6 +143,8 @@ decode_key(#'RSAPrivateKey'{} = Key,_) ->
     Key;
 decode_key(#'DSAPrivateKey'{} = Key,_) ->
     Key;
+decode_key(#'ECPrivateKey'{} = Key,_) ->
+    Key;
 decode_key(PemEntry = {_,_,_}, Pw) ->
     public_key:pem_entry_decode(PemEntry, Pw);
 decode_key(PemBin, Pw) ->
@@ -140,7 +156,10 @@ encode_key(Key = #'RSAPrivateKey'{}) ->
     {'RSAPrivateKey', iolist_to_binary(Der), not_encrypted};
 encode_key(Key = #'DSAPrivateKey'{}) ->
     {ok, Der} = 'OTP-PUB-KEY':encode('DSAPrivateKey', Key),
-    {'DSAPrivateKey', iolist_to_binary(Der), not_encrypted}.
+    {'DSAPrivateKey', iolist_to_binary(Der), not_encrypted};
+encode_key(Key = #'ECPrivateKey'{}) ->
+    {ok, Der} = 'OTP-PUB-KEY':encode('ECPrivateKey', Key),
+    {'ECPrivateKey', iolist_to_binary(Der), not_encrypted}.
 
 make_tbs(SubjectKey, Opts) ->    
     Version = list_to_atom("v"++integer_to_list(proplists:get_value(version, Opts, 3))),
@@ -277,7 +296,14 @@ publickey(#'RSAPrivateKey'{modulus=N, publicExponent=E}) ->
 publickey(#'DSAPrivateKey'{p=P, q=Q, g=G, y=Y}) ->
     Algo = #'PublicKeyAlgorithm'{algorithm= ?'id-dsa', 
 				 parameters={params, #'Dss-Parms'{p=P, q=Q, g=G}}},
-    #'OTPSubjectPublicKeyInfo'{algorithm = Algo, subjectPublicKey = Y}.
+    #'OTPSubjectPublicKeyInfo'{algorithm = Algo, subjectPublicKey = Y};
+publickey(#'ECPrivateKey'{version = _Version,
+			  privateKey = _PrivKey,
+			  parameters = Params,
+			  publicKey = {0, PubKey}}) ->
+    Algo = #'PublicKeyAlgorithm'{algorithm= ?'id-ecPublicKey', parameters=Params},
+    #'OTPSubjectPublicKeyInfo'{algorithm = Algo,
+			       subjectPublicKey = #'ECPoint'{point = PubKey}}.
 
 validity(Opts) ->
     DefFrom0 = calendar:gregorian_days_to_date(calendar:date_to_gregorian_days(date())-1),
@@ -298,13 +324,24 @@ sign_algorithm(#'RSAPrivateKey'{}, Opts) ->
 	   end,
     {Type, 'NULL'};
 sign_algorithm(#'DSAPrivateKey'{p=P, q=Q, g=G}, _Opts) ->
-    {?'id-dsa-with-sha1', {params,#'Dss-Parms'{p=P, q=Q, g=G}}}.
+    {?'id-dsa-with-sha1', {params,#'Dss-Parms'{p=P, q=Q, g=G}}};
+sign_algorithm(#'ECPrivateKey'{}, Opts) ->
+    Type = case proplists:get_value(digest, Opts, sha1) of
+	       sha1 ->   ?'ecdsa-with-SHA1';
+	       sha512 -> ?'ecdsa-with-SHA512';
+	       sha384 -> ?'ecdsa-with-SHA384';
+	       sha256 -> ?'ecdsa-with-SHA256'
+	   end,
+    {Type, 'NULL'}.
 
 make_key(rsa, _Opts) ->
     %% (OBS: for testing only)
     gen_rsa2(64);
 make_key(dsa, _Opts) ->
-    gen_dsa2(128, 20).  %% Bytes i.e. {1024, 160} 
+    gen_dsa2(128, 20);  %% Bytes i.e. {1024, 160}
+make_key(ec, _Opts) ->
+    %% (OBS: for testing only)
+    gen_ec2(secp256k1).
     
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% RSA key generation  (OBS: for testing only)
@@ -354,19 +391,32 @@ gen_dsa2(LSize, NSize) ->
 	error -> 
 	    gen_dsa2(LSize, NSize);
 	P ->	    
-	    G = crypto:mod_exp(2, (P-1) div Q, P), % Choose G a number whose multiplicative order modulo p is q.
+	    G = crypto:mod_pow(2, (P-1) div Q, P), % Choose G a number whose multiplicative order modulo p is q.
 	    %%                 such that This may be done by setting g = h^(p-1)/q mod p, commonly h=2 is used.
 	    
 	    X = prime(20),               %% Choose x by some random method, where 0 < x < q.
-	    Y = crypto:mod_exp(G, X, P), %% Calculate y = g^x mod p.
+	    Y = crypto:mod_pow(G, X, P), %% Calculate y = g^x mod p.
 	    
-	    #'DSAPrivateKey'{version=0, p=P, q=Q, g=G, y=Y, x=X}
+	    #'DSAPrivateKey'{version=0, p = P, q = Q, 
+			     g = crypto:bytes_to_integer(G), y = crypto:bytes_to_integer(Y), x = X}
     end.
     
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% EC key generation  (OBS: for testing only)
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+gen_ec2(CurveId) ->
+     {PubKey, PrivKey} = crypto:generate_key(ecdh, CurveId),
+
+    #'ECPrivateKey'{version = 1,
+		    privateKey = binary_to_list(PrivKey),
+		    parameters = {namedCurve, pubkey_cert_records:namedCurves(CurveId)},
+		    publicKey = {0, PubKey}}.
+
 %% See fips_186-3.pdf
 dsa_search(T, P0, Q, Iter) when Iter > 0 ->
     P = 2*T*Q*P0 + 1,
-    case is_prime(crypto:mpint(P), 50) of
+    case is_prime(P, 50) of
 	true -> P;
 	false -> dsa_search(T+1, P0, Q, Iter-1)
     end;
@@ -377,38 +427,40 @@ dsa_search(_,_,_,_) ->
 %%%%%%% Crypto Math %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 prime(ByteSize) ->
     Rand = odd_rand(ByteSize),
-    crypto:erlint(prime_odd(Rand, 0)).
+    prime_odd(Rand, 0).
 
 prime_odd(Rand, N) ->
     case is_prime(Rand, 50) of
 	true -> 
 	    Rand;
 	false -> 
-	    NotPrime = crypto:erlint(Rand),
-	    prime_odd(crypto:mpint(NotPrime+2), N+1)
+	    prime_odd(Rand+2, N+1)
     end.
 
 %% see http://en.wikipedia.org/wiki/Fermat_primality_test
 is_prime(_, 0) -> true;
 is_prime(Candidate, Test) -> 
-    CoPrime = odd_rand(<<0,0,0,4, 10000:32>>, Candidate),
-    case crypto:mod_exp(CoPrime, Candidate, Candidate) of
-	CoPrime -> is_prime(Candidate, Test-1);
-	_       -> false
-    end.
+    CoPrime = odd_rand(10000, Candidate),
+    Result = crypto:mod_pow(CoPrime, Candidate, Candidate) ,
+    is_prime(CoPrime, crypto:bytes_to_integer(Result), Candidate, Test).
+
+is_prime(CoPrime, CoPrime, Candidate, Test) ->
+    is_prime(Candidate, Test-1);
+is_prime(_,_,_,_) ->
+    false.
 
 odd_rand(Size) ->
     Min = 1 bsl (Size*8-1),
     Max = (1 bsl (Size*8))-1,
-    odd_rand(crypto:mpint(Min), crypto:mpint(Max)).
+    odd_rand(Min, Max).
 
 odd_rand(Min,Max) ->
-    Rand = <<Sz:32, _/binary>> = crypto:rand_uniform(Min,Max),
-    BitSkip = (Sz+4)*8-1,
-    case Rand of
-	Odd  = <<_:BitSkip,  1:1>> -> Odd;
-	Even = <<_:BitSkip,  0:1>> -> 
-	    crypto:mpint(crypto:erlint(Even)+1)
+    Rand = crypto:rand_uniform(Min,Max),
+    case Rand rem 2 of
+	0 -> 
+	    Rand + 1;
+	_ -> 
+	    Rand
     end.
 
 extended_gcd(A, B) ->
@@ -427,3 +479,4 @@ pem_to_der(File) ->
 der_to_pem(File, Entries) ->
     PemBin = public_key:pem_encode(Entries),
     file:write_file(File, PemBin).
+
author	Loïc Hoguin <[email protected]>	2013-06-29 21:50:44 +0200
committer	Loïc Hoguin <[email protected]>	2013-06-29 21:50:44 +0200
commit	18a4c09331537c398bd5b22b34efb43694e7ac89 (patch)
tree	f3f87a844af74a5bf90b9e7c04e73a045b0a35f2
parent	705af7a769f1a9c8a981768e14b2baf09279212a (diff)
download	ct_helper-18a4c09331537c398bd5b22b34efb43694e7ac89.tar.gz ct_helper-18a4c09331537c398bd5b22b34efb43694e7ac89.tar.bz2 ct_helper-18a4c09331537c398bd5b22b34efb43694e7ac89.zip