aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/src
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2013-02-26 15:52:18 +0100
committerIngela Anderton Andin <[email protected]>2013-03-13 14:40:59 +0100
commit006f45a738a6612958381b2fcbf48586c008d911 (patch)
tree600bc9e688ad286e1b4f6dad72a65a514cacc207 /lib/public_key/src
parent03bc63bed74af4c392d160005b77aca43d4cd4aa (diff)
downloadotp-006f45a738a6612958381b2fcbf48586c008d911.tar.gz
otp-006f45a738a6612958381b2fcbf48586c008d911.tar.bz2
otp-006f45a738a6612958381b2fcbf48586c008d911.zip
public_key & ssl: Add support for ISO oids 1.3.14.3.2.29 and 1.3.14.3.2.27
Some certificates may use these OIDs instead of the ones defined by PKIX/PKCS standard. Refactor code so that all handling of the "duplicate" oids is done by public_key. Update algorithm information in documentation.
Diffstat (limited to 'lib/public_key/src')
-rw-r--r--lib/public_key/src/pubkey_cert.erl22
-rw-r--r--lib/public_key/src/pubkey_crl.erl4
-rw-r--r--lib/public_key/src/public_key.erl32
3 files changed, 36 insertions, 22 deletions
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index f53c94b334..dc8d68c78f 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2013. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -27,7 +27,7 @@
validate_time/3, validate_signature/6,
validate_issuer/4, validate_names/6,
validate_extensions/4,
- normalize_general_name/1, digest_type/1, is_self_signed/1,
+ normalize_general_name/1, is_self_signed/1,
is_issuer/2, issuer_id/2, is_fixed_dh_cert/1,
verify_data/1, verify_fun/4, select_extension/2, match_name/3,
extensions_list/1, cert_auth_key_id/1, time_str_2_gregorian_sec/1]).
@@ -426,13 +426,12 @@ extensions_list(asn1_NOVALUE) ->
extensions_list(Extensions) ->
Extensions.
-
extract_verify_data(OtpCert, DerCert) ->
{_, Signature} = OtpCert#'OTPCertificate'.signature,
SigAlgRec = OtpCert#'OTPCertificate'.signatureAlgorithm,
SigAlg = SigAlgRec#'SignatureAlgorithm'.algorithm,
PlainText = encoded_tbs_cert(DerCert),
- DigestType = digest_type(SigAlg),
+ {DigestType,_} = public_key:pkix_sign_types(SigAlg),
{DigestType, PlainText, Signature}.
verify_signature(OtpCert, DerCert, Key, KeyParams) ->
@@ -451,21 +450,6 @@ encoded_tbs_cert(Cert) ->
{'Certificate_tbsCertificate', EncodedTBSCert}, _, _} = PKIXCert,
EncodedTBSCert.
-digest_type(?sha1WithRSAEncryption) ->
- sha;
-digest_type(?sha224WithRSAEncryption) ->
- sha224;
-digest_type(?sha256WithRSAEncryption) ->
- sha256;
-digest_type(?sha384WithRSAEncryption) ->
- sha384;
-digest_type(?sha512WithRSAEncryption) ->
- sha512;
-digest_type(?md5WithRSAEncryption) ->
- md5;
-digest_type(?'id-dsa-with-sha1') ->
- sha.
-
public_key_info(PublicKeyInfo,
#path_validation_state{working_public_key_algorithm =
WorkingAlgorithm,
diff --git a/lib/public_key/src/pubkey_crl.erl b/lib/public_key/src/pubkey_crl.erl
index 3e4c3c8b6d..eaba5bfa1b 100644
--- a/lib/public_key/src/pubkey_crl.erl
+++ b/lib/public_key/src/pubkey_crl.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2010-2012. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2013. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -561,7 +561,7 @@ extract_crl_verify_data(CRL, DerCRL) ->
#'AlgorithmIdentifier'{algorithm = SigAlg} =
CRL#'CertificateList'.signatureAlgorithm,
PlainText = encoded_tbs_crl(DerCRL),
- DigestType = pubkey_cert:digest_type(SigAlg),
+ {DigestType, _} = public_key:pkix_sign_types(SigAlg),
{DigestType, PlainText, Signature}.
encoded_tbs_crl(CRL) ->
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index e753cf3867..736c18cdd4 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -36,6 +36,7 @@
decrypt_public/2, decrypt_public/3,
sign/3, verify/4,
pkix_sign/2, pkix_verify/2,
+ pkix_sign_types/1,
pkix_is_self_signed/1,
pkix_is_fixed_dh_cert/1,
pkix_is_issuer/2,
@@ -53,6 +54,7 @@
-type dss_digest_type() :: 'none' | 'sha'. %% None is for backwards compatibility
-type crl_reason() :: unspecified | keyCompromise | cACompromise | affiliationChanged | superseded
| cessationOfOperation | certificateHold | privilegeWithdrawn | aACompromise.
+-type oid() :: tuple().
-define(UINT32(X), X:32/unsigned-big-integer).
-define(DER_NULL, <<5, 0>>).
@@ -335,6 +337,34 @@ format_rsa_private_key(#'RSAPrivateKey'{modulus = N, publicExponent = E,
[crypto:mpint(K) || K <- [E, N, D]].
%%--------------------------------------------------------------------
+
+-spec pkix_sign_types(SignatureAlg::oid()) ->
+ %% Relevant dsa digest type is subpart of rsa digest type
+ { DigestType :: rsa_digest_type(),
+ SignatureType :: rsa | dsa
+ }.
+%% Description:
+%%--------------------------------------------------------------------
+pkix_sign_types(?sha1WithRSAEncryption) ->
+ {sha, rsa};
+pkix_sign_types(?'sha-1WithRSAEncryption') ->
+ {sha, rsa};
+pkix_sign_types(?sha224WithRSAEncryption) ->
+ {sha224, rsa};
+pkix_sign_types(?sha256WithRSAEncryption) ->
+ {sha256, rsa};
+pkix_sign_types(?sha384WithRSAEncryption) ->
+ {sha384, rsa};
+pkix_sign_types(?sha512WithRSAEncryption) ->
+ {sha512, rsa};
+pkix_sign_types(?md5WithRSAEncryption) ->
+ {md5, rsa};
+pkix_sign_types(?'id-dsa-with-sha1') ->
+ {sha, dsa};
+pkix_sign_types(?'id-dsaWithSHA1') ->
+ {sha, dsa}.
+
+%%--------------------------------------------------------------------
-spec sign(binary() | {digest, binary()}, rsa_digest_type() | dss_digest_type(),
rsa_private_key() |
dsa_private_key()) -> Signature :: binary().
@@ -406,7 +436,7 @@ pkix_sign(#'OTPTBSCertificate'{signature =
= SigAlg} = TBSCert, Key) ->
Msg = pkix_encode('OTPTBSCertificate', TBSCert, otp),
- DigestType = pubkey_cert:digest_type(Alg),
+ {DigestType, _} = pkix_sign_types(Alg),
Signature = sign(Msg, DigestType, Key),
Cert = #'OTPCertificate'{tbsCertificate= TBSCert,
signatureAlgorithm = SigAlg,