diff options
| author | Ingela Anderton Andin <[email protected]> | 2010-03-25 15:50:24 +0000 |
|---|---|---|
| committer | Erlang/OTP <[email protected]> | 2010-03-25 15:50:24 +0000 |
| commit | 995f42028bfbb939572840b7a0a38c1c39ba05fa (patch) | |
| tree | 1e5cbe880c65cea0da1677cea2c46d3dcbface9f /lib/public_key/src | |
| parent | 8b34c68c916219f7c93e6cc9bb6b5f42e4bc66e6 (diff) | |
| download | otp-995f42028bfbb939572840b7a0a38c1c39ba05fa.tar.gz otp-995f42028bfbb939572840b7a0a38c1c39ba05fa.tar.bz2 otp-995f42028bfbb939572840b7a0a38c1c39ba05fa.zip | |
OTP-7046 Support for Diffie-Hellman keyexchange
Diffstat (limited to 'lib/public_key/src')
| -rw-r--r-- | lib/public_key/src/pubkey_crypto.erl | 59 | ||||
| -rw-r--r-- | lib/public_key/src/public_key.erl | 38 |
2 files changed, 73 insertions, 24 deletions
diff --git a/lib/public_key/src/pubkey_crypto.erl b/lib/public_key/src/pubkey_crypto.erl index fe4e97fcc5..4ab655e977 100644 --- a/lib/public_key/src/pubkey_crypto.erl +++ b/lib/public_key/src/pubkey_crypto.erl @@ -1,19 +1,19 @@ %% %% %CopyrightBegin% -%% -%% Copyright Ericsson AB 2008-2009. All Rights Reserved. -%% +%% +%% Copyright Ericsson AB 2008-2010. All Rights Reserved. +%% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in %% compliance with the License. You should have received a copy of the %% Erlang Public License along with this software. If not, it can be %% retrieved online at http://www.erlang.org/. -%% +%% %% Software distributed under the License is distributed on an "AS IS" %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See %% the License for the specific language governing rights and limitations %% under the License. -%% +%% %% %CopyrightEnd% %% @@ -26,7 +26,7 @@ -export([encrypt_public/3, decrypt_private/3, encrypt_private/3, decrypt_public/3, - sign/2, sign/3, verify/5]). + sign/2, sign/3, verify/5, gen_key/2]). -define(UINT32(X), X:32/unsigned-big-integer). @@ -44,10 +44,14 @@ %% %% Description: Public key encrypts PlainText. %%-------------------------------------------------------------------- -encrypt_public(PlainText, #'RSAPublicKey'{modulus=N,publicExponent=E},Padding) -> - crypto:rsa_public_encrypt(PlainText, [crypto:mpint(E),crypto:mpint(N)],Padding); -encrypt_public(PlainText, #'RSAPrivateKey'{modulus=N,publicExponent=E},Padding) -> - crypto:rsa_public_encrypt(PlainText, [crypto:mpint(E),crypto:mpint(N)],Padding). +encrypt_public(PlainText, #'RSAPublicKey'{modulus=N,publicExponent=E}, + Padding) -> + crypto:rsa_public_encrypt(PlainText, [crypto:mpint(E),crypto:mpint(N)], + Padding); +encrypt_public(PlainText, #'RSAPrivateKey'{modulus=N,publicExponent=E}, + Padding) -> + crypto:rsa_public_encrypt(PlainText, [crypto:mpint(E),crypto:mpint(N)], + Padding). encrypt_private(PlainText, #'RSAPrivateKey'{modulus = N, publicExponent = E, @@ -67,15 +71,20 @@ encrypt_private(PlainText, #'RSAPrivateKey'{modulus = N, %% Description: Uses private key to decrypt public key encrypted data. %%-------------------------------------------------------------------- decrypt_private(CipherText, - #'RSAPrivateKey'{modulus = N,publicExponent = E,privateExponent = D}, + #'RSAPrivateKey'{modulus = N,publicExponent = E, + privateExponent = D}, Padding) -> crypto:rsa_private_decrypt(CipherText, - [crypto:mpint(E), crypto:mpint(N),crypto:mpint(D)], - Padding). -decrypt_public(CipherText, #'RSAPublicKey'{modulus = N, publicExponent = E}, Padding) -> - crypto:rsa_public_decrypt(CipherText,[crypto:mpint(E), crypto:mpint(N)], Padding); -decrypt_public(CipherText, #'RSAPrivateKey'{modulus = N, publicExponent = E}, Padding) -> - crypto:rsa_public_decrypt(CipherText,[crypto:mpint(E), crypto:mpint(N)], Padding). + [crypto:mpint(E), crypto:mpint(N), + crypto:mpint(D)], Padding). +decrypt_public(CipherText, #'RSAPublicKey'{modulus = N, publicExponent = E}, + Padding) -> + crypto:rsa_public_decrypt(CipherText,[crypto:mpint(E), crypto:mpint(N)], + Padding); +decrypt_public(CipherText, #'RSAPrivateKey'{modulus = N, publicExponent = E}, + Padding) -> + crypto:rsa_public_decrypt(CipherText,[crypto:mpint(E), crypto:mpint(N)], + Padding). %%-------------------------------------------------------------------- %% Function: sign(PlainText, Key) -> @@ -125,10 +134,24 @@ verify(sha, PlainText, Signature, Key, #'Dss-Parms'{p = P, q = Q, g = G}) -> [crypto:mpint(P), crypto:mpint(Q), crypto:mpint(G), crypto:mpint(Key)]). + +%%-------------------------------------------------------------------- +%% Function: gen_key(Type, Params) -> +%% Type = diffie_hellman +%% Params = [P,G] | [Y, P, G] +%% Description: Generates keys. +%% ----------------------------------------------------------------- +gen_key(diffie_hellman, [Y, P, G]) -> + crypto:dh_generate_key(crypto:mpint(Y), [crypto:mpint(P), + crypto:mpint(G)]); +gen_key(diffie_hellman, [P, G]) -> + crypto:dh_generate_key([crypto:mpint(P), crypto:mpint(G)]). + +%%% TODO: Support rsa, dss key_gen + %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- - sized_binary(Binary) when is_binary(Binary) -> Size = size(Binary), <<?UINT32(Size), Binary/binary>>; diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index 52c695523f..9a90ffe888 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -23,11 +23,10 @@ -include("public_key.hrl"). --export([decode_private_key/1, decode_private_key/2, +-export([decode_private_key/1, decode_private_key/2, decode_dhparams/1, decrypt_private/2, decrypt_private/3, encrypt_public/2, encrypt_public/3, decrypt_public/2, decrypt_public/3, - encrypt_private/2, encrypt_private/3, - sign/2, sign/3, + encrypt_private/2, encrypt_private/3, gen_key/1, sign/2, sign/3, verify_signature/3, verify_signature/4, verify_signature/5, pem_to_der/1, pem_to_der/2, pkix_decode_cert/2, pkix_encode_cert/1, pkix_transform/2, @@ -62,6 +61,21 @@ decode_private_key(KeyInfo = {dsa_private_key, _, _}, Password) -> DerEncoded = pubkey_pem:decode_key(KeyInfo, Password), 'OTP-PUB-KEY':decode('DSAPrivateKey', DerEncoded). + +%%-------------------------------------------------------------------- +%% Function: decode_dhparams(DhParamInfo) -> +%% {ok, DhParams} | {error, Reason} +%% +%% DhParamsInfo = {Type, der_bin(), ChipherInfo} - as returned from +%% pem_to_der/[1,2] for DH parameters. +%% Type = dh_params +%% ChipherInfo = opaque() | no_encryption +%% +%% Description: Decodes an asn1 der encoded DH parameters. +%%-------------------------------------------------------------------- +decode_dhparams({dh_params, DerEncoded, not_encrypted}) -> + 'OTP-PUB-KEY':decode('DHParameter', DerEncoded). + %%-------------------------------------------------------------------- %% Function: decrypt_private(CipherText, Key) -> %% decrypt_private(CipherText, Key, Options) -> PlainTex @@ -109,6 +123,18 @@ encrypt_private(PlainText, Key, Options) -> pubkey_crypto:encrypt_private(PlainText, Key, Padding). %%-------------------------------------------------------------------- +%% Function: gen_key(Params) -> Keys +%% +%% Params = #'DomainParameters'{} - Currently only supported option +%% Keys = {PublicDHKey = integer(), PrivateDHKey = integer()} +%% +%% Description: Generates keys. Currently supports Diffie-Hellman keys. +%%-------------------------------------------------------------------- +gen_key(#'DHParameter'{prime = P, base = G}) when is_integer(P), + is_integer(G) -> + pubkey_crypto:gen_key(diffie_hellman, [P, G]). + +%%-------------------------------------------------------------------- %% Function: pem_to_der(CertSource) -> %% pem_to_der(CertSource, Password) -> {ok, [Entry]} | %% {error, Reason} @@ -116,7 +142,6 @@ encrypt_private(PlainText, Key, Options) -> %% CertSource = File | CertData %% CertData = binary() %% File = path() -%% Password = string() %% Entry = {entry_type(), der_bin(), ChipherInfo} %% ChipherInfo = opague() | no_encryption %% der_bin() = binary() @@ -127,7 +152,9 @@ encrypt_private(PlainText, Key, Options) -> %% entries as asn1 der encoded entities. Currently supported entry %% types are certificates, certificate requests, rsa private keys and %% dsa private keys. In the case of a key entry ChipherInfo will be -%% used by decode_private_key/2 if the key is protected by a password. +%% private keys and Diffie Hellam parameters .In the case of a key +%% entry ChipherInfo will be used by decode_private_key/2 if the key +%% is protected by a password. %%-------------------------------------------------------------------- pem_to_der(CertSource) -> pem_to_der(CertSource, no_passwd). @@ -136,7 +163,6 @@ pem_to_der(File, Password) when is_list(File) -> pubkey_pem:read_file(File, Password); pem_to_der(PemBin, Password) when is_binary(PemBin) -> pubkey_pem:decode(PemBin, Password). - %%-------------------------------------------------------------------- %% Function: pkix_decode_cert(BerCert, Type) -> {ok, Cert} | {error, Reason} %% |