public_key & ssl: Add support for ISO oids 1.3.14.3.2.29 and 1.3.14.3.2.27

Some certificates may use these OIDs instead of the ones defined by
PKIX/PKCS standard.

Refactor code so that all handling of the "duplicate" oids is done by
public_key.

Update algorithm information in documentation.

3 files changed, 36 insertions, 22 deletions

diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index f53c94b334..dc8d68c78f 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2013. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -27,7 +27,7 @@
  	 validate_time/3, validate_signature/6,
  	 validate_issuer/4, validate_names/6,
 	 validate_extensions/4,
-	 normalize_general_name/1, digest_type/1, is_self_signed/1,
+	 normalize_general_name/1, is_self_signed/1,
 	 is_issuer/2, issuer_id/2, is_fixed_dh_cert/1,
 	 verify_data/1, verify_fun/4, select_extension/2, match_name/3,
 	 extensions_list/1, cert_auth_key_id/1, time_str_2_gregorian_sec/1]).
@@ -426,13 +426,12 @@ extensions_list(asn1_NOVALUE) ->
 extensions_list(Extensions) ->
     Extensions.
 
-
 extract_verify_data(OtpCert, DerCert) ->
     {_, Signature} = OtpCert#'OTPCertificate'.signature,
     SigAlgRec = OtpCert#'OTPCertificate'.signatureAlgorithm,
     SigAlg = SigAlgRec#'SignatureAlgorithm'.algorithm,
     PlainText = encoded_tbs_cert(DerCert),
-    DigestType = digest_type(SigAlg),
+    {DigestType,_} = public_key:pkix_sign_types(SigAlg),
     {DigestType, PlainText, Signature}.
 
 verify_signature(OtpCert, DerCert, Key, KeyParams) ->
@@ -451,21 +450,6 @@ encoded_tbs_cert(Cert) ->
      {'Certificate_tbsCertificate', EncodedTBSCert}, _, _} = PKIXCert,
     EncodedTBSCert.
 
-digest_type(?sha1WithRSAEncryption) ->
-    sha;
-digest_type(?sha224WithRSAEncryption) ->
-    sha224;
-digest_type(?sha256WithRSAEncryption) ->
-    sha256;
-digest_type(?sha384WithRSAEncryption) ->
-    sha384;
-digest_type(?sha512WithRSAEncryption) ->
-    sha512;
-digest_type(?md5WithRSAEncryption) ->
-    md5;
-digest_type(?'id-dsa-with-sha1') ->
-    sha.
-
 public_key_info(PublicKeyInfo, 
 		#path_validation_state{working_public_key_algorithm =
 				       WorkingAlgorithm,
diff --git a/lib/public_key/src/pubkey_crl.erl b/lib/public_key/src/pubkey_crl.erl
index 3e4c3c8b6d..eaba5bfa1b 100644
--- a/lib/public_key/src/pubkey_crl.erl
+++ b/lib/public_key/src/pubkey_crl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010-2012. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2013. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -561,7 +561,7 @@ extract_crl_verify_data(CRL, DerCRL) ->
     #'AlgorithmIdentifier'{algorithm = SigAlg} =
 	CRL#'CertificateList'.signatureAlgorithm,
     PlainText = encoded_tbs_crl(DerCRL),
-    DigestType = pubkey_cert:digest_type(SigAlg),
+    {DigestType, _} = public_key:pkix_sign_types(SigAlg),
     {DigestType, PlainText, Signature}.
 
 encoded_tbs_crl(CRL) ->
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index e753cf3867..736c18cdd4 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -36,6 +36,7 @@
 	 decrypt_public/2, decrypt_public/3,
 	 sign/3, verify/4,
 	 pkix_sign/2, pkix_verify/2,	 
+	 pkix_sign_types/1,
 	 pkix_is_self_signed/1, 
 	 pkix_is_fixed_dh_cert/1,
 	 pkix_is_issuer/2,
@@ -53,6 +54,7 @@
 -type dss_digest_type()      :: 'none' | 'sha'. %% None is for backwards compatibility
 -type crl_reason()           ::  unspecified | keyCompromise | cACompromise | affiliationChanged | superseded
 			       | cessationOfOperation | certificateHold | privilegeWithdrawn |  aACompromise.
+-type oid()                  :: tuple().
 
 -define(UINT32(X), X:32/unsigned-big-integer).
 -define(DER_NULL, <<5, 0>>).
@@ -335,6 +337,34 @@ format_rsa_private_key(#'RSAPrivateKey'{modulus = N, publicExponent = E,
    [crypto:mpint(K) || K <- [E, N, D]].
 
 %%--------------------------------------------------------------------
+
+-spec pkix_sign_types(SignatureAlg::oid()) ->
+			     %% Relevant dsa digest type is subpart of rsa digest type
+			     { DigestType :: rsa_digest_type(),
+			       SignatureType :: rsa | dsa
+			     }.
+%% Description:
+%%--------------------------------------------------------------------
+pkix_sign_types(?sha1WithRSAEncryption) ->
+    {sha, rsa};
+pkix_sign_types(?'sha-1WithRSAEncryption') ->
+    {sha, rsa};
+pkix_sign_types(?sha224WithRSAEncryption) ->
+    {sha224, rsa};
+pkix_sign_types(?sha256WithRSAEncryption) ->
+    {sha256, rsa};
+pkix_sign_types(?sha384WithRSAEncryption) ->
+    {sha384, rsa};
+pkix_sign_types(?sha512WithRSAEncryption) ->
+    {sha512, rsa};
+pkix_sign_types(?md5WithRSAEncryption) ->
+    {md5, rsa};
+pkix_sign_types(?'id-dsa-with-sha1') ->
+    {sha, dsa};
+pkix_sign_types(?'id-dsaWithSHA1') ->
+    {sha, dsa}.
+
+%%--------------------------------------------------------------------
 -spec sign(binary() | {digest, binary()},  rsa_digest_type() | dss_digest_type(),
 	   rsa_private_key() |
 	   dsa_private_key()) -> Signature :: binary().
@@ -406,7 +436,7 @@ pkix_sign(#'OTPTBSCertificate'{signature =
 			       = SigAlg} = TBSCert, Key) ->
 
     Msg = pkix_encode('OTPTBSCertificate', TBSCert, otp),
-    DigestType = pubkey_cert:digest_type(Alg),
+    {DigestType, _} = pkix_sign_types(Alg),
     Signature = sign(Msg, DigestType, Key),
     Cert = #'OTPCertificate'{tbsCertificate= TBSCert,
 			     signatureAlgorithm = SigAlg,