aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/src/pubkey_pbe.erl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2015-04-13 14:30:10 +0200
committerIngela Anderton Andin <[email protected]>2015-04-20 08:43:15 +0200
commit3bf1096068c3a123a23e6a1499152976a2da131e (patch)
tree6e310de5b2728749ce85bea27959448251d71e9e /lib/public_key/src/pubkey_pbe.erl
parentaa8efa1cc3f776d5b3b5af24afd4369ca1f7da00 (diff)
downloadotp-3bf1096068c3a123a23e6a1499152976a2da131e.tar.gz
otp-3bf1096068c3a123a23e6a1499152976a2da131e.tar.bz2
otp-3bf1096068c3a123a23e6a1499152976a2da131e.zip
public_key: Remove legacy switch compact_bit_string
* E.I bitstrings will not be decode as {Unused, Binary}, they are now Erlang bitstrings. * Also the compact_bit_string implies the legacy_erlang_types switch - So removing the switch will also make OCTET STRING values be represented as binaries. - Undecoded open type will now be wrapped in a asn1_OPENTYPE tuple. We need to handle this in pubkey_pbe.erl, maybe this can be eliminated later by updating/refreshing ASN1-specs. This will change some values in records returned by the public_key API making this change a potentiall incompatibility.
Diffstat (limited to 'lib/public_key/src/pubkey_pbe.erl')
-rw-r--r--lib/public_key/src/pubkey_pbe.erl28
1 files changed, 16 insertions, 12 deletions
diff --git a/lib/public_key/src/pubkey_pbe.erl b/lib/public_key/src/pubkey_pbe.erl
index 521a32189d..8c61bc71d4 100644
--- a/lib/public_key/src/pubkey_pbe.erl
+++ b/lib/public_key/src/pubkey_pbe.erl
@@ -106,9 +106,8 @@ pbdkdf2(Password, Salt, Count, DerivedKeyLen, Prf, PrfHash, PrfOutputLen)->
%%--------------------------------------------------------------------
decrypt_parameters(#'EncryptedPrivateKeyInfo_encryptionAlgorithm'{
algorithm = Oid, parameters = Param}) ->
- decrypt_parameters(Oid, Param).
+ decrypt_parameters(Oid, decode_handle_open_type_wrapper(Param)).
-
%%--------------------------------------------------------------------
-spec encrypt_parameters({Cipher::string(), Params::term()}) ->
#'EncryptedPrivateKeyInfo_encryptionAlgorithm'{}.
@@ -129,7 +128,7 @@ password_to_key_and_iv(Password, _, #'PBES2-params'{} = Params) ->
password_to_key_and_iv(Password, _Cipher, {#'PBEParameter'{salt = Salt,
iterationCount = Count}, Hash}) ->
<<Key:8/binary, IV:8/binary, _/binary>>
- = pbdkdf1(Password, erlang:iolist_to_binary(Salt), Count, Hash),
+ = pbdkdf1(Password, Salt, Count, Hash),
{Key, IV};
password_to_key_and_iv(Password, Cipher, Salt) ->
KeyLen = derived_key_length(Cipher, undefined),
@@ -151,15 +150,15 @@ do_pbdkdf1(Prev, Count, Acc, Hash) ->
do_pbdkdf1(Result, Count-1 , <<Result/binary, Acc/binary>>, Hash).
iv(#'PBES2-params_encryptionScheme'{algorithm = Algo,
- parameters = ASNIV}) when (Algo == ?'desCBC') or
- (Algo == ?'des-EDE3-CBC') ->
- %% This is an so called open ASN1-type that in this
- %% case will be an octet-string of length 8
- <<?ASN1_OCTET_STR_TAG, ?IV_LEN, IV:?IV_LEN/binary>> = ASNIV,
+ parameters = ASN1IV})
+ when (Algo == ?'desCBC') or
+ (Algo == ?'des-EDE3-CBC') ->
+ <<?ASN1_OCTET_STR_TAG, ?IV_LEN, IV:?IV_LEN/binary>> = decode_handle_open_type_wrapper(ASN1IV),
IV;
iv(#'PBES2-params_encryptionScheme'{algorithm = ?'rc2CBC',
- parameters = ASN1IV}) ->
- {ok, #'RC2-CBC-Parameter'{iv = IV}} = 'PKCS-FRAME':decode('RC2-CBC-Parameter', ASN1IV),
+ parameters = ASN1IV}) ->
+ {ok, #'RC2-CBC-Parameter'{iv = IV}}
+ = 'PKCS-FRAME':decode('RC2-CBC-Parameter', decode_handle_open_type_wrapper(ASN1IV)),
iolist_to_binary(IV).
blocks(1, N, Index, Password, Salt, Count, Prf, PrfHash, PrfLen, Acc) ->
@@ -200,13 +199,13 @@ encrypt_parameters(_Cipher, #'PBES2-params'{} = Params) ->
{ok, Der} ='PKCS-FRAME':encode('PBES2-params', Params),
#'EncryptedPrivateKeyInfo_encryptionAlgorithm'{
algorithm = ?'id-PBES2',
- parameters = Der};
+ parameters = encode_handle_open_type_wrapper(Der)};
encrypt_parameters(Cipher, {#'PBEParameter'{} = Params, Hash}) ->
{ok, Der} ='PKCS-FRAME':encode('PBEParameter', Params),
#'EncryptedPrivateKeyInfo_encryptionAlgorithm'{
algorithm = pbe1_oid(Cipher, Hash),
- parameters = Der}.
+ parameters = encode_handle_open_type_wrapper(Der)}.
pbe1_oid("RC2-CBC", sha) ->
?'pbeWithSHA1AndRC2-CBC';
@@ -277,3 +276,8 @@ cipher(#'PBES2-params_encryptionScheme'{algorithm = ?'rc2CBC'}) ->
ceiling(Float) ->
erlang:round(Float + 0.5).
+
+decode_handle_open_type_wrapper({asn1_OPENTYPE, Type}) ->
+ Type.
+encode_handle_open_type_wrapper(Type) ->
+ {asn1_OPENTYPE, Type}.