aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto/src
diff options
context:
space:
mode:
authorHans Nilsson <[email protected]>2017-07-03 18:27:50 +0200
committerHans Nilsson <[email protected]>2017-07-07 14:31:48 +0200
commit03f3ec41f5468413235e3923a542a11cfd631089 (patch)
treeaf58a4d101d95edb254242ccff67cdc5602e2c85 /lib/crypto/src
parentd7dee753bb81a03ea8eb9071ad19a2b53341bceb (diff)
downloadotp-03f3ec41f5468413235e3923a542a11cfd631089.tar.gz
otp-03f3ec41f5468413235e3923a542a11cfd631089.tar.bz2
otp-03f3ec41f5468413235e3923a542a11cfd631089.zip
crypto: pk sign with new function from PR838
The function pkey_verify_nif handles pk signing with a general approach that is enabled by EVP api in OpenSSL 1.0.0 The rejected PR838 introduced that function and lots of other stuff so far neglected. It also made some different rsa padding methods possible (included). Since the crypto code base has changed significantly, it was an overhelming work to try a git merge. Therefore this commit is a manual move of the source code from the PR into current maint. This commit concentrates to use the new function compatible with the old functions. This includes some #if:s for different versions, compatibility code for 0.9.8. Lacking: test cases, exporting the more general erlang api, documentation...
Diffstat (limited to 'lib/crypto/src')
-rw-r--r--lib/crypto/src/crypto.erl45
1 files changed, 27 insertions, 18 deletions
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 85206ce9e5..fb34d54ab3 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -22,6 +22,11 @@
-module(crypto).
+-export([rsa_sign_nif/3,
+ dss_sign_nif/3,
+ ecdsa_sign_nif/4]).
+
+
-export([start/0, stop/0, info_lib/0, info_fips/0, supports/0, enable_fips_mode/1,
version/0, bytes_to_integer/1]).
-export([hash/2, hash_init/1, hash_update/2, hash_final/1]).
@@ -401,24 +406,18 @@ verify(rsa, Type, {digest, Digest}, Signature, Key) ->
verify(ecdsa, Type, {digest, Digest}, Signature, [Key, Curve]) ->
notsup_to_error(
ecdsa_verify_nif(Type, Digest, Signature, nif_curve_params(Curve), ensure_int_as_bin(Key))).
-sign(dss, none, Data, Key) when is_binary(Data) ->
- sign(dss, sha, {digest, Data}, Key);
-sign(Alg, Type, Data, Key) when is_binary(Data) ->
- sign(Alg, Type, {digest, hash(Type, Data)}, Key);
-sign(rsa, Type, {digest, Digest}, Key) ->
- case rsa_sign_nif(Type, Digest, map_ensure_int_as_bin(Key)) of
- error -> erlang:error(badkey, [rsa, Type, {digest, Digest}, Key]);
- Sign -> Sign
- end;
-sign(dss, Type, {digest, Digest}, Key) ->
- case dss_sign_nif(Type, Digest, map_ensure_int_as_bin(Key)) of
- error -> erlang:error(badkey, [dss, Type, {digest, Digest}, Key]);
- Sign -> Sign
- end;
-sign(ecdsa, Type, {digest, Digest}, [Key, Curve]) ->
- case ecdsa_sign_nif(Type, Digest, nif_curve_params(Curve), ensure_int_as_bin(Key)) of
- error -> erlang:error(badkey, [ecdsa, Type, {digest, Digest}, [Key, Curve]]);
- Sign -> Sign
+
+sign(Algorithm, Type, Data, Key) ->
+ sign(Algorithm, Type, Data, Key, []).
+
+%% Backwards compatible
+sign(Algorithm = dss, none, Digest, Key, Options) ->
+ sign(Algorithm, sha, {digest, Digest}, Key, Options);
+sign(Algorithm, Type, Data, Key, Options) ->
+ case pkey_sign_nif(Algorithm, Type, Data, format_pkey(Algorithm, Key), Options) of
+ error -> erlang:error(badkey, [Algorithm, Type, Data, Key, Options]);
+ notsup -> erlang:error(notsup);
+ Signature -> Signature
end.
-spec public_encrypt(rsa, binary(), [binary()], rsa_padding()) ->
@@ -839,6 +838,7 @@ srp_value_B_nif(_Multiplier, _Verifier, _Generator, _Exponent, _Prime) -> ?nif_s
%% Digital signatures --------------------------------------------------------------------
+pkey_sign_nif(_Algorithm, _Type, _Digest, _Key, _Options) -> ?nif_stub.
rsa_sign_nif(_Type,_Digest,_Key) -> ?nif_stub.
dss_sign_nif(_Type,_Digest,_Key) -> ?nif_stub.
ecdsa_sign_nif(_Type, _Digest, _Curve, _Key) -> ?nif_stub.
@@ -962,6 +962,15 @@ ensure_int_as_bin(Int) when is_integer(Int) ->
ensure_int_as_bin(Bin) ->
Bin.
+format_pkey(rsa, Key) ->
+ map_ensure_int_as_bin(Key);
+format_pkey(ecdsa, [Key, Curve]) ->
+ {nif_curve_params(Curve), ensure_int_as_bin(Key)};
+format_pkey(dss, Key) ->
+ map_ensure_int_as_bin(Key);
+format_pkey(_, Key) ->
+ Key.
+
%%--------------------------------------------------------------------
%%
-type rsa_padding() :: 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding' | 'rsa_no_padding'.