public_key, ssl: Patch 1112

    OTP-7046  Support for Diffie-Hellman. ssl-3.11 requires public_key-0.6.

    OTP-8553  Moved extended key usage test for ssl values to ssl.

    OTP-8557  Fixes handling of the option fail_if_no_peer_cert and some
              undocumented options. Thanks to Rory Byrne.

    OTP-7046  Support for Diffie-Hellman. ssl-3.11 requires public_key-0.6.

    OTP-8517  New ssl now properly handles ssl renegotiation, and initiates
              a renegotiation if ssl/ltls-sequence numbers comes close
              to the max value. However RFC-5746 is not yet supported,
              but will be in an upcoming release.

    OTP-8545  When gen_tcp is configured with the {packet,http} option,
              it automatically switches to expect HTTP Headers after a
              HTTP Request/Response line has been received. This update
              fixes ssl to behave in the same way. Thanks to Rory Byrne.

    OTP-8554  Ssl now correctly verifies the extended_key_usage extension
              and also allows the user to verify application specific
              extensions by supplying an appropriate fun.

    OTP-8560  Fixed ssl:transport_accept/2 to return properly when socket
              is closed. Thanks to Rory Byrne.

1 files changed, 41 insertions, 18 deletions

diff --git a/lib/public_key/src/pubkey_crypto.erl b/lib/public_key/src/pubkey_crypto.erl
index fe4e97fcc5..4ab655e977 100644
--- a/lib/public_key/src/pubkey_crypto.erl
+++ b/lib/public_key/src/pubkey_crypto.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2008-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -26,7 +26,7 @@
 
 -export([encrypt_public/3, decrypt_private/3, 
 	 encrypt_private/3, decrypt_public/3, 
-	 sign/2, sign/3, verify/5]).
+	 sign/2, sign/3, verify/5, gen_key/2]).
 
 -define(UINT32(X), X:32/unsigned-big-integer).
 
@@ -44,10 +44,14 @@
 %%
 %% Description: Public key encrypts PlainText.
 %%--------------------------------------------------------------------
-encrypt_public(PlainText, #'RSAPublicKey'{modulus=N,publicExponent=E},Padding) ->
-    crypto:rsa_public_encrypt(PlainText, [crypto:mpint(E),crypto:mpint(N)],Padding);
-encrypt_public(PlainText, #'RSAPrivateKey'{modulus=N,publicExponent=E},Padding) ->
-    crypto:rsa_public_encrypt(PlainText, [crypto:mpint(E),crypto:mpint(N)],Padding).
+encrypt_public(PlainText, #'RSAPublicKey'{modulus=N,publicExponent=E}, 
+	       Padding) ->
+    crypto:rsa_public_encrypt(PlainText, [crypto:mpint(E),crypto:mpint(N)],
+			      Padding);
+encrypt_public(PlainText, #'RSAPrivateKey'{modulus=N,publicExponent=E},
+	       Padding) ->
+    crypto:rsa_public_encrypt(PlainText, [crypto:mpint(E),crypto:mpint(N)],
+			      Padding).
 
 encrypt_private(PlainText, #'RSAPrivateKey'{modulus = N,
 					    publicExponent = E, 
@@ -67,15 +71,20 @@ encrypt_private(PlainText, #'RSAPrivateKey'{modulus = N,
 %% Description: Uses private key to decrypt public key encrypted data.
 %%--------------------------------------------------------------------
 decrypt_private(CipherText, 
-		#'RSAPrivateKey'{modulus = N,publicExponent = E,privateExponent = D}, 
+		#'RSAPrivateKey'{modulus = N,publicExponent = E,
+				 privateExponent = D}, 
 		Padding) ->
     crypto:rsa_private_decrypt(CipherText, 
-			       [crypto:mpint(E), crypto:mpint(N),crypto:mpint(D)],
-			       Padding).
-decrypt_public(CipherText, #'RSAPublicKey'{modulus = N, publicExponent = E}, Padding) ->
-    crypto:rsa_public_decrypt(CipherText,[crypto:mpint(E), crypto:mpint(N)], Padding);
-decrypt_public(CipherText, #'RSAPrivateKey'{modulus = N, publicExponent = E}, Padding) ->
-    crypto:rsa_public_decrypt(CipherText,[crypto:mpint(E), crypto:mpint(N)], Padding).
+			       [crypto:mpint(E), crypto:mpint(N),
+				crypto:mpint(D)], Padding).
+decrypt_public(CipherText, #'RSAPublicKey'{modulus = N, publicExponent = E}, 
+	       Padding) ->
+    crypto:rsa_public_decrypt(CipherText,[crypto:mpint(E), crypto:mpint(N)], 
+			      Padding);
+decrypt_public(CipherText, #'RSAPrivateKey'{modulus = N, publicExponent = E}, 
+	       Padding) ->
+    crypto:rsa_public_decrypt(CipherText,[crypto:mpint(E), crypto:mpint(N)], 
+			      Padding).
 
 %%--------------------------------------------------------------------
 %% Function: sign(PlainText, Key) ->
@@ -125,10 +134,24 @@ verify(sha, PlainText, Signature, Key,  #'Dss-Parms'{p = P, q = Q, g = G}) ->
 		      [crypto:mpint(P), crypto:mpint(Q), 
 		       crypto:mpint(G), crypto:mpint(Key)]).
 
+    
+%%--------------------------------------------------------------------
+%% Function: gen_key(Type, Params) ->
+%%	Type = diffie_hellman 
+%%      Params = [P,G] | [Y, P, G]
+%% Description: Generates keys.
+%% -----------------------------------------------------------------
+gen_key(diffie_hellman, [Y, P, G]) ->
+    crypto:dh_generate_key(crypto:mpint(Y), [crypto:mpint(P), 
+					     crypto:mpint(G)]);
+gen_key(diffie_hellman, [P, G]) ->
+    crypto:dh_generate_key([crypto:mpint(P), crypto:mpint(G)]).
+
+%%% TODO: Support rsa, dss key_gen
+
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
-
 sized_binary(Binary) when is_binary(Binary) ->
     Size = size(Binary),
     <<?UINT32(Size), Binary/binary>>;