crypto: pk sign with new function from PR838

The function  pkey_verify_nif handles pk signing with a general approach that is enabled by EVP api in OpenSSL 1.0.0
The rejected PR838 introduced that function and lots of other stuff so far neglected. It also made some different rsa padding methods possible (included).

Since the crypto code base has changed significantly, it was an overhelming work to try a git merge.  Therefore this commit is a manual move of the source code from the PR into current maint.

This commit concentrates to use the new function compatible with the old functions. This includes some #if:s for different versions, compatibility code for 0.9.8.

Lacking:  test cases, exporting the more general erlang api, documentation...

1 files changed, 27 insertions, 18 deletions

diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 85206ce9e5..fb34d54ab3 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -22,6 +22,11 @@
 
 -module(crypto).
 
+-export([rsa_sign_nif/3,
+         dss_sign_nif/3,
+         ecdsa_sign_nif/4]).
+
+
 -export([start/0, stop/0, info_lib/0, info_fips/0, supports/0, enable_fips_mode/1,
          version/0, bytes_to_integer/1]).
 -export([hash/2, hash_init/1, hash_update/2, hash_final/1]).
@@ -401,24 +406,18 @@ verify(rsa, Type, {digest, Digest}, Signature, Key) ->
 verify(ecdsa, Type, {digest, Digest}, Signature, [Key, Curve]) ->
     notsup_to_error(
       ecdsa_verify_nif(Type, Digest, Signature, nif_curve_params(Curve), ensure_int_as_bin(Key))).
-sign(dss, none, Data, Key) when is_binary(Data) ->
-    sign(dss, sha, {digest, Data}, Key);
-sign(Alg, Type, Data, Key) when is_binary(Data) ->
-    sign(Alg, Type, {digest, hash(Type, Data)}, Key);
-sign(rsa, Type, {digest, Digest}, Key) ->
-    case rsa_sign_nif(Type, Digest, map_ensure_int_as_bin(Key)) of
-	error -> erlang:error(badkey, [rsa, Type, {digest, Digest}, Key]);
-	Sign -> Sign
-    end;
-sign(dss, Type, {digest, Digest}, Key) ->
-    case dss_sign_nif(Type, Digest, map_ensure_int_as_bin(Key)) of
-	error -> erlang:error(badkey, [dss, Type, {digest, Digest}, Key]);
-	Sign -> Sign
-    end;
-sign(ecdsa, Type, {digest, Digest}, [Key, Curve]) ->
-    case ecdsa_sign_nif(Type, Digest, nif_curve_params(Curve), ensure_int_as_bin(Key)) of
-	error -> erlang:error(badkey, [ecdsa, Type, {digest, Digest}, [Key, Curve]]);
-	Sign -> Sign
+
+sign(Algorithm, Type, Data, Key) ->
+    sign(Algorithm, Type, Data, Key, []).
+
+%% Backwards compatible
+sign(Algorithm = dss, none, Digest, Key, Options) ->
+    sign(Algorithm, sha, {digest, Digest}, Key, Options);
+sign(Algorithm, Type, Data, Key, Options) ->
+    case pkey_sign_nif(Algorithm, Type, Data, format_pkey(Algorithm, Key), Options) of
+	error -> erlang:error(badkey, [Algorithm, Type, Data, Key, Options]);
+	notsup -> erlang:error(notsup);
+	Signature -> Signature
     end.
 
 -spec public_encrypt(rsa, binary(), [binary()], rsa_padding()) ->
@@ -839,6 +838,7 @@ srp_value_B_nif(_Multiplier, _Verifier, _Generator, _Exponent, _Prime) -> ?nif_s
 
 
 %% Digital signatures  --------------------------------------------------------------------
+pkey_sign_nif(_Algorithm, _Type, _Digest, _Key, _Options) -> ?nif_stub.
 rsa_sign_nif(_Type,_Digest,_Key) -> ?nif_stub.
 dss_sign_nif(_Type,_Digest,_Key) -> ?nif_stub.
 ecdsa_sign_nif(_Type, _Digest, _Curve, _Key) -> ?nif_stub.
@@ -962,6 +962,15 @@ ensure_int_as_bin(Int) when is_integer(Int) ->
 ensure_int_as_bin(Bin) ->
     Bin.
 
+format_pkey(rsa, Key) ->
+    map_ensure_int_as_bin(Key);
+format_pkey(ecdsa, [Key, Curve]) ->
+    {nif_curve_params(Curve), ensure_int_as_bin(Key)};
+format_pkey(dss, Key) ->
+    map_ensure_int_as_bin(Key);
+format_pkey(_, Key) ->
+    Key.
+
 %%--------------------------------------------------------------------
 %%
 -type rsa_padding() :: 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding' | 'rsa_no_padding'.