Merge branch 'maint'

4 files changed, 166 insertions, 3 deletions

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 28cc982c1e..b29c5082ba 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -348,6 +348,10 @@ static INLINE void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const
 
 static INLINE int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
 static INLINE int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+static INLINE void DSA_get0_pqg(const DSA *dsa,
+			       const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+static INLINE void DSA_get0_key(const DSA *dsa,
+			       const BIGNUM **pub_key, const BIGNUM **priv_key);
 
 static INLINE int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
 {
@@ -364,6 +368,23 @@ static INLINE int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
     return 1;
 }
 
+static INLINE void
+DSA_get0_pqg(const DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+    *p = dsa->p;
+    *q = dsa->q;
+    *g = dsa->g;
+}
+
+static INLINE void
+DSA_get0_key(const DSA *dsa, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+    if (pub_key) *pub_key = dsa->pub_key;
+    if (priv_key) *priv_key = dsa->priv_key;
+}
+
+
+
 static INLINE int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
 static INLINE int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
 static INLINE int DH_set_length(DH *dh, long length);
@@ -393,6 +414,8 @@ static INLINE int DH_set_length(DH *dh, long length)
     return 1;
 }
 
+
+
 static INLINE void
 DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
 {
@@ -404,8 +427,8 @@ DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
 static INLINE void
 DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
 {
-    *pub_key = dh->pub_key;
-    *priv_key = dh->priv_key;
+    if (pub_key) *pub_key = dh->pub_key;
+    if (priv_key) *priv_key = dh->priv_key;
 }
 
 #else /* End of compatibility definitions. */
@@ -454,6 +477,7 @@ static ERL_NIF_TERM dh_generate_parameters_nif(ErlNifEnv* env, int argc, const E
 static ERL_NIF_TERM dh_check(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM dh_generate_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM dh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM privkey_to_pubkey_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM srp_value_B_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM srp_user_secret_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM srp_host_secret_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
@@ -542,6 +566,7 @@ static ErlNifFunc nif_funcs[] = {
     {"dh_check", 1, dh_check},
     {"dh_generate_key_nif", 4, dh_generate_key_nif},
     {"dh_compute_key_nif", 3, dh_compute_key_nif},
+    {"privkey_to_pubkey_nif", 2, privkey_to_pubkey_nif},
     {"srp_value_B_nif", 5, srp_value_B_nif},
     {"srp_user_secret_nif", 7, srp_user_secret_nif},
     {"srp_host_secret_nif", 5, srp_host_secret_nif},
@@ -4765,6 +4790,83 @@ static ERL_NIF_TERM pkey_crypt_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM
 
 
 /*--------------------------------*/
+static ERL_NIF_TERM privkey_to_pubkey_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{ /* (Algorithm, PrivKey | KeyMap) */
+    EVP_PKEY *pkey;
+    ERL_NIF_TERM alg = argv[0];
+    ERL_NIF_TERM result[8];
+
+    if (get_pkey_private_key(env, alg, argv[1], &pkey) != PKEY_OK) {
+	return enif_make_badarg(env);
+    }
+
+    if (alg == atom_rsa) {
+        const BIGNUM *n = NULL, *e = NULL, *d = NULL;
+        RSA *rsa = EVP_PKEY_get1_RSA(pkey);
+        if (rsa) {
+            RSA_get0_key(rsa, &n, &e, &d);
+            result[0] = bin_from_bn(env, e);  // Exponent E
+            result[1] = bin_from_bn(env, n);  // Modulus N = p*q
+            EVP_PKEY_free(pkey);
+            return enif_make_list_from_array(env, result, 2);
+        }
+
+    } else if (argv[0] == atom_dss) {
+        const BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL;
+        DSA *dsa = EVP_PKEY_get1_DSA(pkey);
+        if (dsa) {
+            DSA_get0_pqg(dsa, &p, &q, &g);
+            DSA_get0_key(dsa, &pub_key, NULL);
+            result[0] = bin_from_bn(env, p);
+            result[1] = bin_from_bn(env, q);
+            result[2] = bin_from_bn(env, g);
+            result[3] = bin_from_bn(env, pub_key);
+            EVP_PKEY_free(pkey);
+            return enif_make_list_from_array(env, result, 4);
+        }
+
+    } else if (argv[0] == atom_ecdsa) {
+#if defined(HAVE_EC)
+        EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
+        if (ec) {
+            /* Example of result:
+               {
+                 Curve =  {Field, Prime, Point, Order, CoFactor} =
+                    { 
+                      Field =  {prime_field,<<255,...,255>>},
+                      Prime = {<<255,...,252>>,
+                               <<90,...,75>>,
+                               <<196,...,144>>
+                              },
+                      Point =    <<4,...,245>>,
+                      Order =    <<255,...,81>>,
+                      CoFactor = <<1>>
+                    },
+                Key = <<151,...,62>>
+              }
+              or
+              { 
+                Curve =
+                    {characteristic_two_field, 
+                     M,
+                     Basis = {tpbasis, _}
+                           | {ppbasis, k1, k2, k3}
+                    },
+                Key
+               }
+            */
+            EVP_PKEY_free(pkey);
+            return atom_notsup;
+        }
+#else
+        EVP_PKEY_free(pkey);
+        return atom_notsup;
+#endif
+    }
+
+    if (pkey) EVP_PKEY_free(pkey);
+    return enif_make_badarg(env);
+}
 
 /*================================================================*/
 
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 72351f1fe5..3ab8f9c832 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -617,6 +617,21 @@
     </func>
 
     <func>
+      <name>privkey_to_pubkey(Type, EnginePrivateKeyRef) -> PublicKey</name>
+      <fsummary>Fetches a public key from an Engine stored private key.</fsummary>
+      <type>
+	<v>Type = rsa | dss</v>
+	<v>EnginePrivateKeyRef = engine_key_ref()</v>
+	<v>PublicKey =  rsa_public() | dss_public()</v>
+      </type>
+      <desc>
+	<p>Fetches the corresponding public key from a private key stored in an Engine.
+	The key must be of the type indicated by the Type parameter.
+	</p>	
+      </desc>
+    </func>
+
+    <func>
       <name>private_encrypt(Type, PlainText, PrivateKey, Padding) -> CipherText</name>
       <fsummary>Encrypts PlainText using the private Key.</fsummary>
       <type>
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 3e18756cf9..9ba1623348 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -43,6 +43,7 @@
 -export([public_encrypt/4, private_decrypt/4]).
 -export([private_encrypt/4, public_decrypt/4]).
 -export([dh_generate_parameters/2, dh_check/1]). %% Testing see
+-export([privkey_to_pubkey/2]).
 -export([ec_curve/1, ec_curves/0]).
 -export([rand_seed/1]).
 %% Engine
@@ -1097,6 +1098,16 @@ ec_curves() ->
 ec_curve(X) ->
     crypto_ec_curves:curve(X).
 
+
+privkey_to_pubkey(Alg, EngineMap) when Alg == rsa; Alg == dss; Alg == ecdsa ->
+    case privkey_to_pubkey_nif(Alg, format_pkey(Alg,EngineMap)) of
+        [_|_]=L -> map_ensure_bin_as_int(L);
+        X -> X
+    end.
+            
+privkey_to_pubkey_nif(_Alg, _EngineMap) -> ?nif_stub.
+
+
 %%
 %% EC
 %%
@@ -1164,6 +1175,14 @@ ensure_int_as_bin(Int) when is_integer(Int) ->
 ensure_int_as_bin(Bin) ->
     Bin.
 
+map_ensure_bin_as_int(List) when is_list(List) ->
+    lists:map(fun ensure_bin_as_int/1, List).
+
+ensure_bin_as_int(Bin) when is_binary(Bin) ->
+    bin_to_int(Bin);
+ensure_bin_as_int(E) ->
+    E.
+
 format_pkey(_Alg, #{engine:=_, key_id:=T}=M) when is_binary(T) -> format_pwd(M);
 format_pkey(_Alg, #{engine:=_, key_id:=T}=M) when is_list(T) -> format_pwd(M#{key_id:=list_to_binary(T)});
 format_pkey(_Alg, #{engine:=_           }=M) -> error({bad_key_id, M});
diff --git a/lib/crypto/test/engine_SUITE.erl b/lib/crypto/test/engine_SUITE.erl
index aac8946893..72bd59f8ab 100644
--- a/lib/crypto/test/engine_SUITE.erl
+++ b/lib/crypto/test/engine_SUITE.erl
@@ -56,7 +56,9 @@ groups() ->
        priv_encrypt_pub_decrypt_rsa,
        priv_encrypt_pub_decrypt_rsa_pwd,
        pub_encrypt_priv_decrypt_rsa,
-       pub_encrypt_priv_decrypt_rsa_pwd
+       pub_encrypt_priv_decrypt_rsa_pwd,
+       get_pub_from_priv_key_dsa,
+       get_pub_from_priv_key_ecdsa
       ]}].
 
 
@@ -410,6 +412,31 @@ pub_encrypt_priv_decrypt_rsa_pwd(Config) ->
              key_id => key_id(Config, "rsa_public_key.pem")},
     pub_enc_priv_dec(rsa, Pub, Priv,  rsa_pkcs1_padding).
 
+get_pub_from_priv_key_rsa(Config) ->
+    Priv = #{engine => engine_ref(Config),
+             key_id => key_id(Config, "rsa_private_key.pem")},
+    Pub = crypto:privkey_to_pubkey(rsa, Priv),
+    ct:log("rsa Pub = ~p",[Pub]),
+    sign_verify(rsa, sha, Priv, Pub).
+
+get_pub_from_priv_key_dsa(Config) ->
+    Priv = #{engine => engine_ref(Config),
+             key_id => key_id(Config, "dsa_private_key.pem")},
+    Pub = crypto:privkey_to_pubkey(dss, Priv),
+    ct:log("dsa Pub = ~p",[Pub]),
+    sign_verify(dss, sha, Priv, Pub).
+
+get_pub_from_priv_key_ecdsa(Config) ->
+    Priv = #{engine => engine_ref(Config),
+             key_id => key_id(Config, "ecdsa_private_key.pem")},
+    Pub = crypto:privkey_to_pubkey(ecdsa, Priv),
+    case Pub of
+        notsup -> {skip, "ECDSA not implemented"};
+        _ ->
+            ct:log("ecdsa Pub = ~p",[Pub]),
+            sign_verify(ecdsa, sha, Priv, Pub)
+    end.
+    
 %%%================================================================
 %%% Help for engine_stored_pub_priv_keys* test cases
 %%%