aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2012-06-12 16:26:35 +0200
committerIngela Anderton Andin <[email protected]>2012-08-22 14:00:42 +0200
commit3cde11a94c2761aa8980931f455734d8870446b3 (patch)
tree81f5ab253b965e952c389fc19fa7d31f24b44c0a
parent95b2d97ecfeb4f1f254e4b7c16ea2ec8b4698dd0 (diff)
downloadotp-3cde11a94c2761aa8980931f455734d8870446b3.tar.gz
otp-3cde11a94c2761aa8980931f455734d8870446b3.tar.bz2
otp-3cde11a94c2761aa8980931f455734d8870446b3.zip
public_key: Generalised API
-rw-r--r--lib/public_key/doc/src/public_key.xml12
-rw-r--r--lib/public_key/src/public_key.erl116
2 files changed, 59 insertions, 69 deletions
diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index 0b6673e826..0c9e0c9013 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -5,7 +5,7 @@
<header>
<copyright>
<year>2008</year>
- <year>2011</year>
+ <year>2012</year>
<holder>Ericsson AB, All Rights Reserved</holder>
</copyright>
<legalnotice>
@@ -84,7 +84,7 @@
<p><code> rsa_digest_type() = 'md5' | 'sha' </code></p>
- <p><code> dss_digest_type() = 'none' | 'sha' </code></p>
+ <p><code> dss_digest_type() = 'sha' </code></p>
<p><code> ssh_file() = openssh_public_key | rfc4716_public_key |
known_hosts | auth_keys </code></p>
@@ -398,9 +398,9 @@
<type>
<v>Msg = binary()</v>
<d>The msg is either the binary "plain text" data to be
- signed or in the case that digest type is <c>none</c>
+ signed or in the case that digest type is <c>{digest, DigestType}</c>
it is the hashed value of "plain text" i.e. the digest.</d>
- <v>DigestType = rsa_digest_type() | dsa_digest_type()</v>
+ <v>DigestType = rsa_digest_type() | dsa_digest_type() | {digest, rsa_digest_type() | dsa_digest_type()}</v>
<v>Key = rsa_private_key() | dsa_private_key()</v>
</type>
<desc>
@@ -463,9 +463,9 @@
<type>
<v>Msg = binary()</v>
<d>The msg is either the binary "plain text" data
- or in the case that digest type is <c>none</c>
+ or in the case that digest type is <c>{digest, DigestType}</c>
it is the hashed value of "plain text" i.e. the digest.</d>
- <v>DigestType = rsa_digest_type() | dsa_digest_type()</v>
+ <v>DigestType = rsa_digest_type() | dsa_digest_type() | {digest, rsa_digest_type() | dsa_digest_type()}</v>
<v>Signature = binary()</v>
<v>Key = rsa_public_key() | dsa_public_key()</v>
</type>
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 1c5c6d1d2e..9c87c9505e 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -34,7 +34,6 @@
decrypt_private/2, decrypt_private/3,
encrypt_public/2, encrypt_public/3,
decrypt_public/2, decrypt_public/3,
- sign_hash/3, verify_hash/4,
sign/3, verify/4,
pkix_sign/2, pkix_verify/2,
pkix_is_self_signed/1,
@@ -50,7 +49,7 @@
| 'rsa_no_padding'.
-type public_crypt_options() :: [{rsa_pad, rsa_padding()}].
-type rsa_digest_type() :: 'md5' | 'sha'| 'sha256' | 'sha512'.
--type dss_digest_type() :: 'none' | 'sha'.
+-type dss_digest_type() :: 'none' | 'sha'. %% None is for backwards compatibility
-define(UINT32(X), X:32/unsigned-big-integer).
-define(DER_NULL, <<5, 0>>).
@@ -333,76 +332,55 @@ format_rsa_private_key(#'RSAPrivateKey'{modulus = N, publicExponent = E,
[crypto:mpint(K) || K <- [E, N, D]].
%%--------------------------------------------------------------------
--spec sign_hash(PlainTextOrDigest :: binary(), rsa_digest_type() | dss_digest_type(),
- rsa_private_key() |
- dsa_private_key()) -> Signature :: binary().
-%%
-%% Description: Create a PKCS digital signature.
-%%--------------------------------------------------------------------
-sign_hash(Hash, DigestType, #'RSAPrivateKey'{modulus = N, publicExponent = E,
- privateExponent = D})
- when is_binary(Hash) ->
- crypto:rsa_sign_hash(DigestType, Hash, [crypto:mpint(E),
- crypto:mpint(N),
- crypto:mpint(D)]);
-sign_hash(Hash, DigestType, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X})
- when is_binary(Hash)->
- crypto:dss_sign_hash(DigestType, Hash,
- [crypto:mpint(P), crypto:mpint(Q),
- crypto:mpint(G), crypto:mpint(X)]).
-
-%%--------------------------------------------------------------------
--spec sign(PlainTextOrDigest :: binary(), rsa_digest_type() | dss_digest_type(),
- rsa_private_key() |
+-spec sign(PlainTextOrDigest :: binary(), rsa_digest_type() | dss_digest_type() |
+ {digest, rsa_digest_type() | dss_digest_type()},
+ rsa_private_key() |
dsa_private_key()) -> Signature :: binary().
-%%
%% Description: Create digital signature.
%%--------------------------------------------------------------------
-sign(PlainText, DigestType,
- #'RSAPrivateKey'{modulus = N, publicExponent = E, privateExponent = D} = Key)
+sign(Digest, {digest, DigestType}, #'RSAPrivateKey'{modulus = N, publicExponent = E,
+ privateExponent = D})
+ when is_binary(Digest),
+ (DigestType == sha orelse
+ DigestType == sh256 orelse
+ DigestType == sha512 orelse
+ DigestType == md5) ->
+ crypto:rsa_sign_hash(DigestType, Digest, [crypto:mpint(E), crypto:mpint(N), crypto:mpint(D)]);
+
+sign(PlainText,DigestType, #'RSAPrivateKey'{modulus = N, publicExponent = E,
+ privateExponent = D})
when is_binary(PlainText),
- (DigestType == md5 orelse DigestType == sha),
- is_integer(N), is_integer(E), is_integer(D) ->
- crypto:rsa_sign(DigestType, sized_binary(PlainText),
- format_rsa_private_key(Key));
-
-sign(Digest, none, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X})
- when is_binary(Digest)->
- crypto:dss_sign(none, Digest,
- [crypto:mpint(P), crypto:mpint(Q),
- crypto:mpint(G), crypto:mpint(X)]);
-
-sign(PlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X})
+ (DigestType == sha orelse
+ DigestType == sh256 orelse
+ DigestType == sha512 orelse
+ DigestType == md5) ->
+ crypto:rsa_sign(DigestType, sized_binary(PlainText), [crypto:mpint(E),
+ crypto:mpint(N),
+ crypto:mpint(D)]);
+
+sign(PlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X})
when is_binary(PlainText) ->
- crypto:dss_sign(sized_binary(PlainText),
- [crypto:mpint(P), crypto:mpint(Q),
- crypto:mpint(G), crypto:mpint(X)]).
+ crypto:dss_sign(sized_binary(PlainText),
+ [crypto:mpint(P), crypto:mpint(Q),
+ crypto:mpint(G), crypto:mpint(X)]);
-%%--------------------------------------------------------------------
--spec verify_hash(PlainTextOrDigest :: binary(), rsa_digest_type() | dss_digest_type(),
- Signature :: binary(), rsa_public_key()
- | dsa_public_key()) -> boolean().
-%%
-%% Description: Verifies a PKCS digital signature.
-%%--------------------------------------------------------------------
-verify_hash(Hash, DigestType, Signature,
- #'RSAPublicKey'{modulus = Mod, publicExponent = Exp})
- when is_binary (Hash) and (DigestType == sha orelse
- DigestType == sha256 orelse
- DigestType == sha512 orelse
- DigestType == md5) ->
- crypto:rsa_verify_hash(DigestType, Hash,
- sized_binary(Signature),
- [crypto:mpint(Exp), crypto:mpint(Mod)]).
+sign(Digest, {digest, DigestType}, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X})
+ when is_binary(Digest)->
+ crypto:dss_sign_hash(DigestType, Digest,
+ [crypto:mpint(P), crypto:mpint(Q),
+ crypto:mpint(G), crypto:mpint(X)]);
+%% Backwards compatible
+sign(Digest, none, #'DSAPrivateKey'{} = Key) ->
+ sign(Digest, {digest, sha}, Key).
%%--------------------------------------------------------------------
--spec verify(PlainTextOrDigest :: binary(), rsa_digest_type() | dss_digest_type(),
- Signature :: binary(), rsa_public_key()
+-spec verify(PlainTextOrDigest :: binary(), rsa_digest_type() | dss_digest_type() |
+ {digest, rsa_digest_type() | dss_digest_type()},
+ Signature :: binary(), rsa_public_key()
| dsa_public_key()) -> boolean().
-%%
%% Description: Verifies a digital signature.
%%--------------------------------------------------------------------
-verify(PlainText, DigestType, Signature,
+verify(PlainText, DigestType, Signature,
#'RSAPublicKey'{modulus = Mod, publicExponent = Exp})
when is_binary (PlainText) and (DigestType == sha orelse
DigestType == sha256 orelse
@@ -413,14 +391,26 @@ verify(PlainText, DigestType, Signature,
sized_binary(Signature),
[crypto:mpint(Exp), crypto:mpint(Mod)]);
-verify(Digest, none, Signature, {Key, #'Dss-Parms'{p = P, q = Q, g = G}})
+verify(Digest, {digest, DigestType}, Signature, #'RSAPublicKey'{modulus = Mod, publicExponent = Exp})
+ when is_binary (Digest) and (DigestType == sha orelse
+ DigestType == sha256 orelse
+ DigestType == sha512 orelse
+ DigestType == md5) ->
+ crypto:rsa_verify_hash(DigestType, Digest,
+ sized_binary(Signature),
+ [crypto:mpint(Exp), crypto:mpint(Mod)]);
+
+verify(Digest, {digest, sha}, Signature, {Key, #'Dss-Parms'{p = P, q = Q, g = G}})
when is_integer(Key), is_binary(Digest), is_binary(Signature) ->
crypto:dss_verify(none,
Digest,
sized_binary(Signature),
[crypto:mpint(P), crypto:mpint(Q),
crypto:mpint(G), crypto:mpint(Key)]);
-
+%% Backwards compatibility
+verify(Digest, none, Signature, {_, #'Dss-Parms'{}} = Key ) ->
+ verify(Digest, {digest, sha}, Signature, Key);
+
verify(PlainText, sha, Signature, {Key, #'Dss-Parms'{p = P, q = Q, g = G}})
when is_integer(Key), is_binary(PlainText), is_binary(Signature) ->
crypto:dss_verify(sized_binary(PlainText),