diff options
| author | Ingela Anderton Andin <[email protected]> | 2013-02-26 15:52:18 +0100 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2013-03-13 14:40:59 +0100 |
| commit | 006f45a738a6612958381b2fcbf48586c008d911 (patch) | |
| tree | 600bc9e688ad286e1b4f6dad72a65a514cacc207 /lib/public_key/src/public_key.erl | |
| parent | 03bc63bed74af4c392d160005b77aca43d4cd4aa (diff) | |
| download | otp-006f45a738a6612958381b2fcbf48586c008d911.tar.gz otp-006f45a738a6612958381b2fcbf48586c008d911.tar.bz2 otp-006f45a738a6612958381b2fcbf48586c008d911.zip | |
public_key & ssl: Add support for ISO oids 1.3.14.3.2.29 and 1.3.14.3.2.27
Some certificates may use these OIDs instead of the ones defined by
PKIX/PKCS standard.
Refactor code so that all handling of the "duplicate" oids is done by
public_key.
Update algorithm information in documentation.
Diffstat (limited to 'lib/public_key/src/public_key.erl')
| -rw-r--r-- | lib/public_key/src/public_key.erl | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index e753cf3867..736c18cdd4 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -36,6 +36,7 @@ decrypt_public/2, decrypt_public/3, sign/3, verify/4, pkix_sign/2, pkix_verify/2, + pkix_sign_types/1, pkix_is_self_signed/1, pkix_is_fixed_dh_cert/1, pkix_is_issuer/2, @@ -53,6 +54,7 @@ -type dss_digest_type() :: 'none' | 'sha'. %% None is for backwards compatibility -type crl_reason() :: unspecified | keyCompromise | cACompromise | affiliationChanged | superseded | cessationOfOperation | certificateHold | privilegeWithdrawn | aACompromise. +-type oid() :: tuple(). -define(UINT32(X), X:32/unsigned-big-integer). -define(DER_NULL, <<5, 0>>). @@ -335,6 +337,34 @@ format_rsa_private_key(#'RSAPrivateKey'{modulus = N, publicExponent = E, [crypto:mpint(K) || K <- [E, N, D]]. %%-------------------------------------------------------------------- + +-spec pkix_sign_types(SignatureAlg::oid()) -> + %% Relevant dsa digest type is subpart of rsa digest type + { DigestType :: rsa_digest_type(), + SignatureType :: rsa | dsa + }. +%% Description: +%%-------------------------------------------------------------------- +pkix_sign_types(?sha1WithRSAEncryption) -> + {sha, rsa}; +pkix_sign_types(?'sha-1WithRSAEncryption') -> + {sha, rsa}; +pkix_sign_types(?sha224WithRSAEncryption) -> + {sha224, rsa}; +pkix_sign_types(?sha256WithRSAEncryption) -> + {sha256, rsa}; +pkix_sign_types(?sha384WithRSAEncryption) -> + {sha384, rsa}; +pkix_sign_types(?sha512WithRSAEncryption) -> + {sha512, rsa}; +pkix_sign_types(?md5WithRSAEncryption) -> + {md5, rsa}; +pkix_sign_types(?'id-dsa-with-sha1') -> + {sha, dsa}; +pkix_sign_types(?'id-dsaWithSHA1') -> + {sha, dsa}. + +%%-------------------------------------------------------------------- -spec sign(binary() | {digest, binary()}, rsa_digest_type() | dss_digest_type(), rsa_private_key() | dsa_private_key()) -> Signature :: binary(). @@ -406,7 +436,7 @@ pkix_sign(#'OTPTBSCertificate'{signature = = SigAlg} = TBSCert, Key) -> Msg = pkix_encode('OTPTBSCertificate', TBSCert, otp), - DigestType = pubkey_cert:digest_type(Alg), + {DigestType, _} = pkix_sign_types(Alg), Signature = sign(Msg, DigestType, Key), Cert = #'OTPCertificate'{tbsCertificate= TBSCert, signatureAlgorithm = SigAlg, |