diff options
author | Hans Nilsson <[email protected]> | 2017-07-03 18:27:50 +0200 |
---|---|---|
committer | Hans Nilsson <[email protected]> | 2017-07-07 14:31:48 +0200 |
commit | 03f3ec41f5468413235e3923a542a11cfd631089 (patch) | |
tree | af58a4d101d95edb254242ccff67cdc5602e2c85 /lib/crypto/src | |
parent | d7dee753bb81a03ea8eb9071ad19a2b53341bceb (diff) | |
download | otp-03f3ec41f5468413235e3923a542a11cfd631089.tar.gz otp-03f3ec41f5468413235e3923a542a11cfd631089.tar.bz2 otp-03f3ec41f5468413235e3923a542a11cfd631089.zip |
crypto: pk sign with new function from PR838
The function pkey_verify_nif handles pk signing with a general approach that is enabled by EVP api in OpenSSL 1.0.0
The rejected PR838 introduced that function and lots of other stuff so far neglected. It also made some different rsa padding methods possible (included).
Since the crypto code base has changed significantly, it was an overhelming work to try a git merge. Therefore this commit is a manual move of the source code from the PR into current maint.
This commit concentrates to use the new function compatible with the old functions. This includes some #if:s for different versions, compatibility code for 0.9.8.
Lacking: test cases, exporting the more general erlang api, documentation...
Diffstat (limited to 'lib/crypto/src')
-rw-r--r-- | lib/crypto/src/crypto.erl | 45 |
1 files changed, 27 insertions, 18 deletions
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index 85206ce9e5..fb34d54ab3 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -22,6 +22,11 @@ -module(crypto). +-export([rsa_sign_nif/3, + dss_sign_nif/3, + ecdsa_sign_nif/4]). + + -export([start/0, stop/0, info_lib/0, info_fips/0, supports/0, enable_fips_mode/1, version/0, bytes_to_integer/1]). -export([hash/2, hash_init/1, hash_update/2, hash_final/1]). @@ -401,24 +406,18 @@ verify(rsa, Type, {digest, Digest}, Signature, Key) -> verify(ecdsa, Type, {digest, Digest}, Signature, [Key, Curve]) -> notsup_to_error( ecdsa_verify_nif(Type, Digest, Signature, nif_curve_params(Curve), ensure_int_as_bin(Key))). -sign(dss, none, Data, Key) when is_binary(Data) -> - sign(dss, sha, {digest, Data}, Key); -sign(Alg, Type, Data, Key) when is_binary(Data) -> - sign(Alg, Type, {digest, hash(Type, Data)}, Key); -sign(rsa, Type, {digest, Digest}, Key) -> - case rsa_sign_nif(Type, Digest, map_ensure_int_as_bin(Key)) of - error -> erlang:error(badkey, [rsa, Type, {digest, Digest}, Key]); - Sign -> Sign - end; -sign(dss, Type, {digest, Digest}, Key) -> - case dss_sign_nif(Type, Digest, map_ensure_int_as_bin(Key)) of - error -> erlang:error(badkey, [dss, Type, {digest, Digest}, Key]); - Sign -> Sign - end; -sign(ecdsa, Type, {digest, Digest}, [Key, Curve]) -> - case ecdsa_sign_nif(Type, Digest, nif_curve_params(Curve), ensure_int_as_bin(Key)) of - error -> erlang:error(badkey, [ecdsa, Type, {digest, Digest}, [Key, Curve]]); - Sign -> Sign + +sign(Algorithm, Type, Data, Key) -> + sign(Algorithm, Type, Data, Key, []). + +%% Backwards compatible +sign(Algorithm = dss, none, Digest, Key, Options) -> + sign(Algorithm, sha, {digest, Digest}, Key, Options); +sign(Algorithm, Type, Data, Key, Options) -> + case pkey_sign_nif(Algorithm, Type, Data, format_pkey(Algorithm, Key), Options) of + error -> erlang:error(badkey, [Algorithm, Type, Data, Key, Options]); + notsup -> erlang:error(notsup); + Signature -> Signature end. -spec public_encrypt(rsa, binary(), [binary()], rsa_padding()) -> @@ -839,6 +838,7 @@ srp_value_B_nif(_Multiplier, _Verifier, _Generator, _Exponent, _Prime) -> ?nif_s %% Digital signatures -------------------------------------------------------------------- +pkey_sign_nif(_Algorithm, _Type, _Digest, _Key, _Options) -> ?nif_stub. rsa_sign_nif(_Type,_Digest,_Key) -> ?nif_stub. dss_sign_nif(_Type,_Digest,_Key) -> ?nif_stub. ecdsa_sign_nif(_Type, _Digest, _Curve, _Key) -> ?nif_stub. @@ -962,6 +962,15 @@ ensure_int_as_bin(Int) when is_integer(Int) -> ensure_int_as_bin(Bin) -> Bin. +format_pkey(rsa, Key) -> + map_ensure_int_as_bin(Key); +format_pkey(ecdsa, [Key, Curve]) -> + {nif_curve_params(Curve), ensure_int_as_bin(Key)}; +format_pkey(dss, Key) -> + map_ensure_int_as_bin(Key); +format_pkey(_, Key) -> + Key. + %%-------------------------------------------------------------------- %% -type rsa_padding() :: 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding' | 'rsa_no_padding'. |