diff options
| author | Ingela Anderton Andin <[email protected]> | 2011-02-17 09:45:15 +0100 | 
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2011-02-17 09:46:17 +0100 | 
| commit | 1ec3f9518d94989a0596e5e8aa62d3ce48d89101 (patch) | |
| tree | 01ffc3461faef1b29aa65624397931e398ee41c1 | |
| parent | cd7fc2cb900dcd296f2ba215dea1c691440107d0 (diff) | |
| parent | c730d2fb0342523fa9014373b234b426bd9ca6f2 (diff) | |
| download | otp-1ec3f9518d94989a0596e5e8aa62d3ce48d89101.tar.gz otp-1ec3f9518d94989a0596e5e8aa62d3ce48d89101.tar.bz2 otp-1ec3f9518d94989a0596e5e8aa62d3ce48d89101.zip | |
Merge branch 'sf/rsa_pub_key' into dev
* sf/rsa_pub_key:
  Improved support for RSA and DSA public keys
OTP-9061
| -rw-r--r-- | lib/public_key/doc/src/public_key.xml | 21 | ||||
| -rw-r--r-- | lib/public_key/include/public_key.hrl | 5 | ||||
| -rw-r--r-- | lib/public_key/src/pubkey_cert_records.erl | 16 | ||||
| -rw-r--r-- | lib/public_key/src/pubkey_pem.erl | 25 | ||||
| -rw-r--r-- | lib/public_key/src/public_key.erl | 24 | ||||
| -rw-r--r-- | lib/public_key/test/public_key_SUITE.erl | 26 | ||||
| -rw-r--r-- | lib/public_key/test/public_key_SUITE_data/dsa_pub.pem | 12 | ||||
| -rw-r--r-- | lib/public_key/test/public_key_SUITE_data/rsa_pub.pem | 4 | ||||
| -rw-r--r-- | lib/public_key/test/public_key_SUITE_data/rsa_pub_key.pem | 4 | 
9 files changed, 120 insertions, 17 deletions
| diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml index c72719fac4..91e058f74e 100644 --- a/lib/public_key/doc/src/public_key.xml +++ b/lib/public_key/doc/src/public_key.xml @@ -64,8 +64,8 @@      <p><c>decrypt_der() = binary() </c></p> -    <p><c>pki_asn1_type() = 'Certificate' | 'RSAPrivateKey'| -    'DSAPrivateKey' | 'DHParameter'</c></p> +    <p><c>pki_asn1_type() = 'Certificate' | 'RSAPrivateKey'| 'RSAPublicKey' +    'DSAPrivateKey' | 'DSAPublicKey' | 'DHParameter' | 'SubjectPublicKeyInfo'</c></p>       <p><c>pem_entry () = {pki_asn1_type(), der_encoded() | decrypt_der(), not_encrypted |       {"DES-CBC" | "DES-EDE3-CBC",  crypto:rand_bytes(8)}}.</c></p> @@ -207,17 +207,24 @@        <v> Password = string() </v>     </type>     <desc>  -    <p>Decodes a pem entry. pem_decode/1 returns a list of -    pem entries.</p>  +    <p>Decodes a pem entry. pem_decode/1 returns a list of pem +    entries. Note that if the pem entry is of type +    'SubjectPublickeyInfo' it will be further decoded to an +    rsa_public_key() or dsa_public_key().</p>    </desc>     </func>     <func>      <name>pem_entry_encode(Asn1Type, Entity [,{CipherInfo, Password}]) -> pem_entry()</name> -    <fsummary> Creates a pem entry that can be feed to pem_encode/1.</fsummary> +    <fsummary> Creates a pem entry that can be fed to pem_encode/1.</fsummary>      <type> -      <v>Asn1Type = atom()</v> -      <v>Entity = term()</v> +      <v>Asn1Type = pki_asn1_type()</v> +      <v>Entity = term() - The Erlang representation of +      <c>Asn1Type</c>.  If <c>Asn1Type</c> is 'SubjectPublicKeyInfo' +      then <c>Entity</c> must be either an rsa_public_key() or a +      dsa_public_key() and this function will create the appropriate +      'SubjectPublicKeyInfo' entry. +      </v>        <v>CipherInfo = {"DES-CBC" | "DES-EDE3-CBC",  crypto:rand_bytes(8)}</v>        <v>Password = string()</v>     </type>  diff --git a/lib/public_key/include/public_key.hrl b/lib/public_key/include/public_key.hrl index 4950597fb5..f29ab859ed 100644 --- a/lib/public_key/include/public_key.hrl +++ b/lib/public_key/include/public_key.hrl @@ -73,8 +73,9 @@  -type der_encoded()          :: binary().  -type decrypt_der()          :: binary(). --type pki_asn1_type()        ::  'Certificate' | 'RSAPrivateKey'  -			       | 'DSAPrivateKey' | 'DHParameter'. +-type pki_asn1_type()        ::  'Certificate' | 'RSAPrivateKey' | 'RSAPublicKey' +			       | 'DSAPrivateKey' | 'DSAPublicKey' | 'DHParameter' +                               | 'SubjectPublicKeyInfo'.  -type pem_entry()            :: {pki_asn1_type(), der_encoded() | decrypt_der(),  				 not_encrypted | {Cipher :: string(), Salt :: binary()}}.  -type asn1_type()            :: atom(). %% see "OTP-PUB-KEY.hrl diff --git a/lib/public_key/src/pubkey_cert_records.erl b/lib/public_key/src/pubkey_cert_records.erl index 20b322b4a4..7a387e487c 100644 --- a/lib/public_key/src/pubkey_cert_records.erl +++ b/lib/public_key/src/pubkey_cert_records.erl @@ -23,7 +23,7 @@  -include("public_key.hrl"). --export([decode_cert/1, transform/2]). +-export([decode_cert/1, transform/2, supportedPublicKeyAlgorithms/1]).  %%====================================================================  %% Internal application API @@ -80,16 +80,24 @@ transform(Other,_) ->      Other.  %%-------------------------------------------------------------------- -%%% Internal functions +-spec supportedPublicKeyAlgorithms(Oid::tuple()) -> asn1_type(). +%% +%% Description: Returns the public key type for an algorithm +%% identifier tuple as found in SubjectPublicKeyInfo. +%%  %%-------------------------------------------------------------------- - -%%% SubjectPublicKey  supportedPublicKeyAlgorithms(?'rsaEncryption') -> 'RSAPublicKey';  supportedPublicKeyAlgorithms(?'id-dsa') -> 'DSAPublicKey';  supportedPublicKeyAlgorithms(?'dhpublicnumber') -> 'DHPublicKey';  supportedPublicKeyAlgorithms(?'id-keyExchangeAlgorithm') -> 'KEA-PublicKey';  supportedPublicKeyAlgorithms(?'id-ecPublicKey') -> 'ECPoint'. +%%-------------------------------------------------------------------- +%%% Internal functions +%%-------------------------------------------------------------------- + +%%% SubjectPublicKey +  decode_supportedPublicKey(#'OTPSubjectPublicKeyInfo'{algorithm= PA =  						  #'PublicKeyAlgorithm'{algorithm=Algo},  						  subjectPublicKey = {0,SPK0}}) -> diff --git a/lib/public_key/src/pubkey_pem.erl b/lib/public_key/src/pubkey_pem.erl index 31d881973a..78870e5cd7 100644 --- a/lib/public_key/src/pubkey_pem.erl +++ b/lib/public_key/src/pubkey_pem.erl @@ -93,11 +93,11 @@ encode_pem_entries(Entries) ->  encode_pem_entry({Asn1Type, Der, not_encrypted}) ->      StartStr = pem_start(Asn1Type), -    [StartStr, "\n", b64encode_and_split(Der), pem_end(StartStr) ,"\n\n"]; +    [StartStr, "\n", b64encode_and_split(Der), "\n", pem_end(StartStr) ,"\n\n"];  encode_pem_entry({Asn1Type, Der, {Cipher, Salt}}) ->      StartStr = pem_start(Asn1Type),      [StartStr,"\n", pem_decrypt(),"\n", pem_decrypt_info(Cipher, Salt),"\n", -     b64encode_and_split(Der), pem_end(StartStr) ,"\n\n"]. +     b64encode_and_split(Der), "\n", pem_end(StartStr) ,"\n\n"].  decode_pem_entries([], Entries) ->      lists:reverse(Entries); @@ -145,16 +145,22 @@ split_bin(N, Bin) ->  b64encode_and_split(Bin) ->      split_lines(base64:encode(Bin)). +split_lines(<<Text:?ENCODED_LINE_LENGTH/binary>>) -> +    [Text];  split_lines(<<Text:?ENCODED_LINE_LENGTH/binary, Rest/binary>>) ->      [Text, $\n | split_lines(Rest)];  split_lines(Bin) -> -    [Bin, $\n]. +    [Bin].  %% Ignore white space at end of line  join_entry([<<"-----END CERTIFICATE-----", _/binary>>| Lines], Entry) ->      {lists:reverse(Entry), Lines};  join_entry([<<"-----END RSA PRIVATE KEY-----", _/binary>>| Lines], Entry) ->      {lists:reverse(Entry), Lines}; +join_entry([<<"-----END PUBLIC KEY-----", _/binary>>| Lines], Entry) -> +    {lists:reverse(Entry), Lines}; +join_entry([<<"-----END RSA PUBLIC KEY-----", _/binary>>| Lines], Entry) -> +    {lists:reverse(Entry), Lines};  join_entry([<<"-----END DSA PRIVATE KEY-----", _/binary>>| Lines], Entry) ->      {lists:reverse(Entry), Lines};  join_entry([<<"-----END DH PARAMETERS-----", _/binary>>| Lines], Entry) -> @@ -210,15 +216,22 @@ pem_start('Certificate') ->      <<"-----BEGIN CERTIFICATE-----">>;  pem_start('RSAPrivateKey') ->      <<"-----BEGIN RSA PRIVATE KEY-----">>; +pem_start('RSAPublicKey') -> +    <<"-----BEGIN RSA PUBLIC KEY-----">>; +pem_start('SubjectPublicKeyInfo') -> +    <<"-----BEGIN PUBLIC KEY-----">>;  pem_start('DSAPrivateKey') ->      <<"-----BEGIN DSA PRIVATE KEY-----">>;  pem_start('DHParameter') ->      <<"-----BEGIN DH PARAMETERS-----">>. -  pem_end(<<"-----BEGIN CERTIFICATE-----">>) ->      <<"-----END CERTIFICATE-----">>;  pem_end(<<"-----BEGIN RSA PRIVATE KEY-----">>) ->      <<"-----END RSA PRIVATE KEY-----">>; +pem_end(<<"-----BEGIN RSA PUBLIC KEY-----">>) -> +    <<"-----END RSA PUBLIC KEY-----">>; +pem_end(<<"-----BEGIN PUBLIC KEY-----">>) -> +    <<"-----END PUBLIC KEY-----">>;  pem_end(<<"-----BEGIN DSA PRIVATE KEY-----">>) ->      <<"-----END DSA PRIVATE KEY-----">>;  pem_end(<<"-----BEGIN DH PARAMETERS-----">>) -> @@ -230,6 +243,10 @@ asn1_type(<<"-----BEGIN CERTIFICATE-----">>) ->      'Certificate';  asn1_type(<<"-----BEGIN RSA PRIVATE KEY-----">>) ->      'RSAPrivateKey'; +asn1_type(<<"-----BEGIN RSA PUBLIC KEY-----">>) -> +    'RSAPublicKey'; +asn1_type(<<"-----BEGIN PUBLIC KEY-----">>) -> +    'SubjectPublicKeyInfo';  asn1_type(<<"-----BEGIN DSA PRIVATE KEY-----">>) ->      'DSAPrivateKey';  asn1_type(<<"-----BEGIN DH PARAMETERS-----">>) -> diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index 30398df9cc..fad73e8e92 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -62,6 +62,7 @@  -type dss_digest_type()      :: 'none' | 'sha'.  -define(UINT32(X), X:32/unsigned-big-integer). +-define(DER_NULL, <<5, 0>>).  %%====================================================================  %% API @@ -90,6 +91,17 @@ pem_encode(PemEntries) when is_list(PemEntries) ->  %% Description: Decodes a pem entry. pem_decode/1 returns a list of  %% pem entries.  %%-------------------------------------------------------------------- +pem_entry_decode({'SubjectPublicKeyInfo', Der, _}) -> +    {_, {'AlgorithmIdentifier', AlgId, Params}, {0, Key0}} +        = der_decode('SubjectPublicKeyInfo', Der), +    KeyType = pubkey_cert_records:supportedPublicKeyAlgorithms(AlgId), +    case KeyType of +        'RSAPublicKey' -> +            der_decode(KeyType, Key0); +        'DSAPublicKey' -> +            {params, DssParams} = der_decode('DSAParams', Params), +            {der_decode(KeyType, Key0), DssParams} +    end;  pem_entry_decode({Asn1Type, Der, not_encrypted}) when is_atom(Asn1Type),  						      is_binary(Der) ->      der_decode(Asn1Type, Der). @@ -114,6 +126,18 @@ pem_entry_decode({Asn1Type, CryptDer, {Cipher, Salt}} = PemEntry,  %  %% Description: Creates a pem entry that can be feed to pem_encode/1.  %%-------------------------------------------------------------------- +pem_entry_encode('SubjectPublicKeyInfo', Entity=#'RSAPublicKey'{}) -> +    Der = der_encode('RSAPublicKey', Entity), +    Spki = {'SubjectPublicKeyInfo', +            {'AlgorithmIdentifier', ?'rsaEncryption', ?DER_NULL}, {0, Der}}, +    pem_entry_encode('SubjectPublicKeyInfo', Spki); +pem_entry_encode('SubjectPublicKeyInfo', +                 {DsaInt, Params=#'Dss-Parms'{}}) when is_integer(DsaInt) -> +    KeyDer = der_encode('DSAPublicKey', DsaInt), +    ParamDer = der_encode('DSAParams', {params, Params}), +    Spki = {'SubjectPublicKeyInfo', +            {'AlgorithmIdentifier', ?'id-dsa', ParamDer}, {0, KeyDer}}, +    pem_entry_encode('SubjectPublicKeyInfo', Spki);  pem_entry_encode(Asn1Type, Entity)  when is_atom(Asn1Type) ->      Der = der_encode(Asn1Type, Entity),      {Asn1Type, Der, not_encrypted}. diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl index 1bc1c8ec75..e74ff8051d 100644 --- a/lib/public_key/test/public_key_SUITE.erl +++ b/lib/public_key/test/public_key_SUITE.erl @@ -139,6 +139,14 @@ pk_decode_encode(Config) when is_list(Config) ->      DSAKey = public_key:der_decode('DSAPrivateKey', DerDSAKey),      DSAKey = public_key:pem_entry_decode(Entry0), + +    {ok, DSAPubPem} = file:read_file(filename:join(Datadir, "dsa_pub.pem")), +    [{'SubjectPublicKeyInfo', _, _} = PubEntry0] = +        public_key:pem_decode(DSAPubPem), +    DSAPubKey = public_key:pem_entry_decode(PubEntry0), +    true = check_entry_type(DSAPubKey, 'DSAPublicKey'), +    PubEntry0 = public_key:pem_entry_encode('SubjectPublicKeyInfo', DSAPubKey), +    DSAPubPem = public_key:pem_encode([PubEntry0]),      [{'RSAPrivateKey', DerRSAKey, not_encrypted} =  Entry1 ] =   	erl_make_certs:pem_to_der(filename:join(Datadir, "client_key.pem")), @@ -153,6 +161,20 @@ pk_decode_encode(Config) when is_list(Config) ->      true = check_entry_type(public_key:pem_entry_decode(Entry2, "abcd1234"),   			    'RSAPrivateKey'), +    {ok, RSAPubPem} = file:read_file(filename:join(Datadir, "rsa_pub.pem")), +    [{'SubjectPublicKeyInfo', _, _} = PubEntry1] = +        public_key:pem_decode(RSAPubPem), +    RSAPubKey = public_key:pem_entry_decode(PubEntry1), +    true = check_entry_type(RSAPubKey, 'RSAPublicKey'), +    PubEntry1 = public_key:pem_entry_encode('SubjectPublicKeyInfo', RSAPubKey), +    RSAPubPem = public_key:pem_encode([PubEntry1]), + +    {ok, RSARawPem} = file:read_file(filename:join(Datadir, "rsa_pub_key.pem")), +    [{'RSAPublicKey', _, _} = PubEntry2] = +        public_key:pem_decode(RSARawPem), +    RSAPubKey = public_key:pem_entry_decode(PubEntry2), +    RSARawPem = public_key:pem_encode([PubEntry2]), +      Salt0 = crypto:rand_bytes(8),      Entry3 = public_key:pem_entry_encode('RSAPrivateKey', RSAKey0,   					 {{"DES-EDE3-CBC", Salt0}, "1234abcd"}), @@ -432,6 +454,10 @@ check_entry_type(#'DSAPrivateKey'{}, 'DSAPrivateKey') ->      true;  check_entry_type(#'RSAPrivateKey'{}, 'RSAPrivateKey') ->      true; +check_entry_type(#'RSAPublicKey'{}, 'RSAPublicKey') -> +    true; +check_entry_type({_Int, #'Dss-Parms'{}}, 'DSAPublicKey') when is_integer(_Int) -> +    true;  check_entry_type(#'DHParameter'{}, 'DHParameter') ->      true;  check_entry_type(#'Certificate'{}, 'Certificate') -> diff --git a/lib/public_key/test/public_key_SUITE_data/dsa_pub.pem b/lib/public_key/test/public_key_SUITE_data/dsa_pub.pem new file mode 100644 index 0000000000..d3635e5b20 --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/dsa_pub.pem @@ -0,0 +1,12 @@ +-----BEGIN PUBLIC KEY----- +MIIBtzCCASwGByqGSM44BAEwggEfAoGBALez5tklY5CdFeTMos899pA6i4u4uCts +zgBzrdBk6cl5FVqzdzWMGTQiynnTpGsrOESinzP06Ip+pG15We2OORwgvCxD/W95 +aCiN0/+MdiXqlsmboBARMzsa+SmBENN3gF/+tuuEAFzOXU1q2cmEywRLyfbM2KIB +VE/TChWYw2eRAhUA1R64VvcQ90XA8SOKVDmMA0dBzukCgYEAlLMYP0pbgBlgHQVO +3/avAHlWNrIq52Lxk7SdPJWgMvPjTK9Z6sv88kxsCcydtjvO439j1yqcwk50GQc+ +86ktBWWz93/HkIdnFyqafef4mmWvm2Uq6ClQKS+A0Asfaj8Mys+HUMiI+qsfdjRb +yIpwb7MX1nsVdsKzALnZNMW27A0DgYQAAoGAfEIAb3mLjtFfiF/tsZb4/DGHdWSb +6Ir0hFkoBUZ9ymBO70wlfZVSQGs240kZtOMpAOpJL1Dy8oH6PUQ+JyacwZIo8fdq +19/Kwm6CPrpaEhzErmMvwT2CZJYZ+HOk55ljLkVCiyG7MzEj2+odLKym9yoQsbsJ +olHzIRpkLk45y4c= +-----END PUBLIC KEY----- diff --git a/lib/public_key/test/public_key_SUITE_data/rsa_pub.pem b/lib/public_key/test/public_key_SUITE_data/rsa_pub.pem new file mode 100644 index 0000000000..cbe81343f7 --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/rsa_pub.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANRiyZg0uci74Nc6mnqZ8AoDl88aT7x6 +JA0MfgHIHzteEj7Qg+lE5QxMGAafurVE5vqoHkDfwk4uzzsCAJuz91MCAwEAAQ== +-----END PUBLIC KEY----- diff --git a/lib/public_key/test/public_key_SUITE_data/rsa_pub_key.pem b/lib/public_key/test/public_key_SUITE_data/rsa_pub_key.pem new file mode 100644 index 0000000000..3b9d7568ff --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/rsa_pub_key.pem @@ -0,0 +1,4 @@ +-----BEGIN RSA PUBLIC KEY----- +MEgCQQDUYsmYNLnIu+DXOpp6mfAKA5fPGk+8eiQNDH4ByB87XhI+0IPpROUMTBgG +n7q1ROb6qB5A38JOLs87AgCbs/dTAgMBAAE= +-----END RSA PUBLIC KEY----- | 
