aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/src/public_key.erl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2013-02-26 15:52:18 +0100
committerIngela Anderton Andin <[email protected]>2013-03-13 14:40:59 +0100
commit006f45a738a6612958381b2fcbf48586c008d911 (patch)
tree600bc9e688ad286e1b4f6dad72a65a514cacc207 /lib/public_key/src/public_key.erl
parent03bc63bed74af4c392d160005b77aca43d4cd4aa (diff)
downloadotp-006f45a738a6612958381b2fcbf48586c008d911.tar.gz
otp-006f45a738a6612958381b2fcbf48586c008d911.tar.bz2
otp-006f45a738a6612958381b2fcbf48586c008d911.zip
public_key & ssl: Add support for ISO oids 1.3.14.3.2.29 and 1.3.14.3.2.27
Some certificates may use these OIDs instead of the ones defined by PKIX/PKCS standard. Refactor code so that all handling of the "duplicate" oids is done by public_key. Update algorithm information in documentation.
Diffstat (limited to 'lib/public_key/src/public_key.erl')
-rw-r--r--lib/public_key/src/public_key.erl32
1 files changed, 31 insertions, 1 deletions
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index e753cf3867..736c18cdd4 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -36,6 +36,7 @@
decrypt_public/2, decrypt_public/3,
sign/3, verify/4,
pkix_sign/2, pkix_verify/2,
+ pkix_sign_types/1,
pkix_is_self_signed/1,
pkix_is_fixed_dh_cert/1,
pkix_is_issuer/2,
@@ -53,6 +54,7 @@
-type dss_digest_type() :: 'none' | 'sha'. %% None is for backwards compatibility
-type crl_reason() :: unspecified | keyCompromise | cACompromise | affiliationChanged | superseded
| cessationOfOperation | certificateHold | privilegeWithdrawn | aACompromise.
+-type oid() :: tuple().
-define(UINT32(X), X:32/unsigned-big-integer).
-define(DER_NULL, <<5, 0>>).
@@ -335,6 +337,34 @@ format_rsa_private_key(#'RSAPrivateKey'{modulus = N, publicExponent = E,
[crypto:mpint(K) || K <- [E, N, D]].
%%--------------------------------------------------------------------
+
+-spec pkix_sign_types(SignatureAlg::oid()) ->
+ %% Relevant dsa digest type is subpart of rsa digest type
+ { DigestType :: rsa_digest_type(),
+ SignatureType :: rsa | dsa
+ }.
+%% Description:
+%%--------------------------------------------------------------------
+pkix_sign_types(?sha1WithRSAEncryption) ->
+ {sha, rsa};
+pkix_sign_types(?'sha-1WithRSAEncryption') ->
+ {sha, rsa};
+pkix_sign_types(?sha224WithRSAEncryption) ->
+ {sha224, rsa};
+pkix_sign_types(?sha256WithRSAEncryption) ->
+ {sha256, rsa};
+pkix_sign_types(?sha384WithRSAEncryption) ->
+ {sha384, rsa};
+pkix_sign_types(?sha512WithRSAEncryption) ->
+ {sha512, rsa};
+pkix_sign_types(?md5WithRSAEncryption) ->
+ {md5, rsa};
+pkix_sign_types(?'id-dsa-with-sha1') ->
+ {sha, dsa};
+pkix_sign_types(?'id-dsaWithSHA1') ->
+ {sha, dsa}.
+
+%%--------------------------------------------------------------------
-spec sign(binary() | {digest, binary()}, rsa_digest_type() | dss_digest_type(),
rsa_private_key() |
dsa_private_key()) -> Signature :: binary().
@@ -406,7 +436,7 @@ pkix_sign(#'OTPTBSCertificate'{signature =
= SigAlg} = TBSCert, Key) ->
Msg = pkix_encode('OTPTBSCertificate', TBSCert, otp),
- DigestType = pubkey_cert:digest_type(Alg),
+ {DigestType, _} = pkix_sign_types(Alg),
Signature = sign(Msg, DigestType, Key),
Cert = #'OTPCertificate'{tbsCertificate= TBSCert,
signatureAlgorithm = SigAlg,