public_key: Add PBES1 decoding support

author: Ingela Anderton Andin <[email protected]> 2014-08-21 09:52:05 +0200
committer: Ingela Anderton Andin <[email protected]> 2014-08-22 11:19:26 +0200
commit: f993ce5f68f875f95c24f085773e4a0916568e9d (patch)
tree: 10e9a21697097055be4647d7dd388a1bf1bb17ee
parent: 41bb781d809effb185a857b25009615bb9acbea7 (diff)
download: otp-f993ce5f68f875f95c24f085773e4a0916568e9d.tar.gz
otp-f993ce5f68f875f95c24f085773e4a0916568e9d.tar.bz2
otp-f993ce5f68f875f95c24f085773e4a0916568e9d.zip
2 files changed, 29 insertions, 13 deletions
diff --git a/lib/public_key/src/pubkey_pbe.erl b/lib/public_key/src/pubkey_pbe.erl
index 460624163b..bd9322d85c 100644
--- a/lib/public_key/src/pubkey_pbe.erl
+++ b/lib/public_key/src/pubkey_pbe.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2011-2013. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2014. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -117,14 +117,18 @@ password_to_key_and_iv(Password, _, #'PBES2-params'{} = Params) ->
     <<Key:KeyLen/binary, _/binary>> = 
 	pbdkdf2(Password, Salt, ItrCount, KeyLen, PseudoRandomFunction, PseudoHash, PseudoOtputLen),
     {Key, IV};
+password_to_key_and_iv(Password, _Cipher, {#'PBEParameter'{salt = Salt,
+							  iterationCount = Count}, Hash}) ->
+    <<Key:8/binary, IV:8/binary, _/binary>> 
+	= pbdkdf1(Password, erlang:iolist_to_binary(Salt), Count, Hash),
+    {Key, IV};
 password_to_key_and_iv(Password, Cipher, Salt) ->
-    KeyLen = derived_key_length(Cipher, undefined),
+ KeyLen = derived_key_length(Cipher, undefined),
     <<Key:KeyLen/binary, _/binary>> = 
 	pem_encrypt(<<>>, Password, Salt, ceiling(KeyLen div 16), <<>>, md5),
     %% Old PEM encryption does not use standard encryption method
-    %% pbdkdf1 and uses then salt as IV
+    %% pbdkdf1 and uses then salt as IV 
     {Key, Salt}.
-
 pem_encrypt(_, _, _, 0, Acc, _) ->
     Acc;
 pem_encrypt(Prev, Password, Salt, Count, Acc, Hash) ->
@@ -169,7 +173,20 @@ do_xor_sum(Prf, PrfHash, PrfLen, Prev, Password, Count, Acc)->
 
 decrypt_parameters(?'id-PBES2', DekParams) ->
     {ok, Params} = 'PKCS-FRAME':decode('PBES2-params', DekParams),
-    {cipher(Params#'PBES2-params'.encryptionScheme), Params}.
+    {cipher(Params#'PBES2-params'.encryptionScheme), Params};
+decrypt_parameters(?'pbeWithSHA1AndRC2-CBC', DekParams) ->
+    {ok, Params} = 'PKCS-FRAME':decode('PBEParameter', DekParams),
+    {"RC2-CBC", {Params, sha}};
+decrypt_parameters(?'pbeWithSHA1AndDES-CBC', DekParams) ->
+    {ok, Params} = 'PKCS-FRAME':decode('PBEParameter', DekParams),
+    {"DES-CBC", {Params, sha}};
+decrypt_parameters(?'pbeWithMD5AndRC2-CBC', DekParams) ->
+    {ok, Params} = 'PKCS-FRAME':decode('PBEParameter', DekParams),
+    {"RC2-CBC", {Params, md5}};
+decrypt_parameters(?'pbeWithMD5AndDES-CBC', DekParams) ->
+    {ok, Params} = 'PKCS-FRAME':decode('PBEParameter', DekParams),
+    {"DES-CBC", {Params, md5}}.
+
 
 key_derivation_params(#'PBES2-params'{keyDerivationFunc = KeyDerivationFunc,
 				      encryptionScheme = EncScheme}) ->
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index a732455aa7..c70053d2d9 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -133,20 +133,19 @@ pem_entry_decode({Asn1Type, CryptDer, {Cipher, #'PBES2-params'{}}} = PemEntry,
 				is_binary(CryptDer) andalso
 				is_list(Cipher) ->
     do_pem_entry_decode(PemEntry, Password);
-pem_entry_decode({Asn1Type, CryptDer, {Cipher, Salt}} = PemEntry, 
+pem_entry_decode({Asn1Type, CryptDer, {Cipher, {#'PBEParameter'{},_}}} = PemEntry, 
 		 Password) when is_atom(Asn1Type) andalso
 				is_binary(CryptDer) andalso
-				is_list(Cipher) andalso
-				is_binary(Salt) andalso
-				erlang:byte_size(Salt) == 8 ->
+				is_list(Cipher) ->
     do_pem_entry_decode(PemEntry, Password);
-pem_entry_decode({Asn1Type, CryptDer, {"AES-128-CBC"=Cipher, IV}} = PemEntry,
+pem_entry_decode({Asn1Type, CryptDer, {Cipher, Salt}} = PemEntry, 
 		 Password) when is_atom(Asn1Type) andalso
 				is_binary(CryptDer) andalso
 				is_list(Cipher) andalso
-				is_binary(IV) andalso
-				erlang:byte_size(IV) == 16 ->
-    do_pem_entry_decode(PemEntry, Password).
+				is_binary(Salt) andalso
+				((erlang:byte_size(Salt) == 8) or (erlang:byte_size(Salt) == 16)) ->
+    do_pem_entry_decode(PemEntry, Password).	
+
 
 %%--------------------------------------------------------------------
 -spec pem_entry_encode(pki_asn1_type(), term()) -> pem_entry().
author	Ingela Anderton Andin <[email protected]>	2014-08-21 09:52:05 +0200
committer	Ingela Anderton Andin <[email protected]>	2014-08-22 11:19:26 +0200
commit	f993ce5f68f875f95c24f085773e4a0916568e9d (patch)
tree	10e9a21697097055be4647d7dd388a1bf1bb17ee
parent	41bb781d809effb185a857b25009615bb9acbea7 (diff)
download	otp-f993ce5f68f875f95c24f085773e4a0916568e9d.tar.gz otp-f993ce5f68f875f95c24f085773e4a0916568e9d.tar.bz2 otp-f993ce5f68f875f95c24f085773e4a0916568e9d.zip