aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/test/public_key_SUITE.erl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2010-07-05 17:24:40 +0200
committerIngela Anderton Andin <[email protected]>2010-08-23 12:09:41 +0200
commit12dfe961aeaf1a826d851361a24519e54d8ef119 (patch)
tree8bf30474bdf6f7aa0cafbcc27a8f2694cc05b141 /lib/public_key/test/public_key_SUITE.erl
parent871fdb232d7facc58c202ef81634a12fbdcfefb4 (diff)
downloadotp-12dfe961aeaf1a826d851361a24519e54d8ef119.tar.gz
otp-12dfe961aeaf1a826d851361a24519e54d8ef119.tar.bz2
otp-12dfe961aeaf1a826d851361a24519e54d8ef119.zip
Revise the public_key API
Cleaned up and documented the public_key API to make it useful for general use.
Diffstat (limited to 'lib/public_key/test/public_key_SUITE.erl')
-rw-r--r--lib/public_key/test/public_key_SUITE.erl302
1 files changed, 183 insertions, 119 deletions
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index dc1015969a..1d32e989a9 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -101,13 +101,12 @@ all(doc) ->
all(suite) ->
[app,
- dh,
- pem_to_der,
- decode_private_key,
+ pk_decode_encode,
encrypt_decrypt,
sign_verify,
pkix,
- pkix_path_validation
+ pkix_path_validation,
+ deprecated
].
%% Test cases starts here.
@@ -120,78 +119,93 @@ app(suite) ->
app(Config) when is_list(Config) ->
ok = test_server:app_test(public_key).
-dh(doc) ->
- "Test diffie-hellman functions file is ok";
-dh(suite) ->
+pk_decode_encode(doc) ->
+ ["Tests pem_decode/1, pem_encode/1, "
+ "der_decode/2, der_encode/2, "
+ "pem_entry_decode/1, pem_entry_decode/2,"
+ "pem_entry_encode/2, pem_entry_encode/3."];
+
+pk_decode_encode(suite) ->
[];
-dh(Config) when is_list(Config) ->
+pk_decode_encode(Config) when is_list(Config) ->
Datadir = ?config(data_dir, Config),
- {ok,[DerDHparams = {dh_params, _, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "dh.pem")),
- {ok, DHps = #'DHParameter'{prime=P,base=G}} = public_key:decode_dhparams(DerDHparams),
- DHKeys = {Private,_Public} = public_key:gen_key(DHps),
- test_server:format("DHparams = ~p~nDH Keys~p~n", [DHps, DHKeys]),
- {_Private,_Public2} = pubkey_crypto:gen_key(diffie_hellman, [crypto:erlint(Private), P, G]),
- ok.
+
+ [{'DSAPrivateKey', DerDSAKey, not_encrypted} = Entry0 ] =
+ pkey_test:pem_to_der(filename:join(Datadir, "dsa.pem")),
+
+ DSAKey = public_key:der_decode('DSAPrivateKey', DerDSAKey),
+
+ DSAKey = public_key:pem_entry_decode(Entry0),
+
+ [{'RSAPrivateKey', DerRSAKey, not_encrypted} = Entry1 ] =
+ pkey_test:pem_to_der(filename:join(Datadir, "client_key.pem")),
+
+ RSAKey0 = public_key:der_decode('RSAPrivateKey', DerRSAKey),
+
+ RSAKey0 = public_key:pem_entry_decode(Entry1),
+
+ [{'RSAPrivateKey', _, {_,_}} = Entry2] =
+ pkey_test:pem_to_der(filename:join(Datadir, "rsa.pem")),
+ true = check_entry_type(public_key:pem_entry_decode(Entry2, "abcd1234"),
+ 'RSAPrivateKey'),
-pem_to_der(doc) ->
- ["Check that supported PEM files are decoded into the expected entry type"];
-pem_to_der(suite) ->
- [];
-pem_to_der(Config) when is_list(Config) ->
- Datadir = ?config(data_dir, Config),
- {ok,DSAKey =[{dsa_private_key, _, not_encrypted}]} =
- public_key:pem_to_der(filename:join(Datadir, "dsa.pem")),
- {ok,[{rsa_private_key, _, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "client_key.pem")),
- {ok, [{rsa_private_key, _, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "rsa.pem")),
- {ok,[{rsa_private_key, _, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "rsa.pem"), "abcd1234"),
- {ok, Bin0} = file:read_file(filename:join(Datadir, "rsa.pem")),
- {ok, [{rsa_private_key, _, _}]} = public_key:pem_to_der(Bin0, "abcd1234"),
-
- {ok,[{dh_params, _, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "dh.pem")),
- {ok,[{cert, _, not_encrypted}]} =
- public_key:pem_to_der(filename:join(Datadir, "client_cert.pem")),
- {ok,[{cert_req, _, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "req.pem")),
- {ok, Certs = [{cert, _, _}, {cert, _, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "cacerts.pem")),
-
- {ok, Bin1} = file:read_file(filename:join(Datadir, "cacerts.pem")),
- {ok, [{cert, _, _}, {cert, _, _}]} = public_key:pem_to_der(Bin1),
-
- ok = public_key:der_to_pem(filename:join(Datadir, "wcacerts.pem"), Certs),
- ok = public_key:der_to_pem(filename:join(Datadir, "wdsa.pem"), DSAKey),
+ Salt0 = crypto:rand_bytes(8),
+ Entry3 = public_key:pem_entry_encode('RSAPrivateKey', RSAKey0,
+ {{"DES-EDE3-CBC", Salt0}, "1234abcd"}),
+
+ RSAKey0 = public_key:pem_entry_decode(Entry3,"1234abcd"),
- {ok, Certs} = public_key:pem_to_der(filename:join(Datadir, "wcacerts.pem")),
- {ok, DSAKey} = public_key:pem_to_der(filename:join(Datadir, "wdsa.pem")),
+ Des3KeyFile = filename:join(Datadir, "des3_client_key.pem"),
- ok.
-%%--------------------------------------------------------------------
-decode_private_key(doc) ->
- ["Check that private keys are decode to the expected key type."];
-decode_private_key(suite) ->
- [];
-decode_private_key(Config) when is_list(Config) ->
- Datadir = ?config(data_dir, Config),
- {ok,[DsaKey = {dsa_private_key, _DsaKey, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "dsa.pem")),
- {ok,[RsaKey = {rsa_private_key, _RsaKey,_}]} =
- public_key:pem_to_der(filename:join(Datadir, "client_key.pem")),
- {ok,[ProtectedRsaKey1 = {rsa_private_key, _ProtectedRsaKey1,_}]} =
- public_key:pem_to_der(filename:join(Datadir, "rsa.pem"), "abcd1234"),
- {ok,[ProtectedRsaKey2 = {rsa_private_key, _ProtectedRsaKey2,_}]} =
- public_key:pem_to_der(filename:join(Datadir, "rsa.pem")),
+ pkey_test:der_to_pem(Des3KeyFile, [Entry3]),
- {ok, #'DSAPrivateKey'{}} = public_key:decode_private_key(DsaKey),
- {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(RsaKey),
- {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(ProtectedRsaKey1),
- {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(ProtectedRsaKey2, "abcd1234"),
+ [{'RSAPrivateKey', _, {"DES-EDE3-CBC", Salt0}}] = pkey_test:pem_to_der(Des3KeyFile),
+
+ Salt1 = crypto:rand_bytes(8),
+ Entry4 = public_key:pem_entry_encode('RSAPrivateKey', RSAKey0,
+ {{"DES-CBC", Salt1}, "4567efgh"}),
+
+
+ DesKeyFile = filename:join(Datadir, "des_client_key.pem"),
+
+ pkey_test:der_to_pem(DesKeyFile, [Entry4]),
+
+ [{'RSAPrivateKey', _, {"DES-CBC", Salt1}} =Entry5] = pkey_test:pem_to_der(DesKeyFile),
+
+
+ true = check_entry_type(public_key:pem_entry_decode(Entry5, "4567efgh"),
+ 'RSAPrivateKey'),
+
+ [{'DHParameter', DerDH, not_encrypted} = Entry6] =
+ pkey_test:pem_to_der(filename:join(Datadir, "dh.pem")),
+
+ pkey_test:der_to_pem(filename:join(Datadir, "new_dh.pem"), [Entry6]),
+
+ DHParameter = public_key:der_decode('DHParameter', DerDH),
+ DHParameter = public_key:pem_entry_decode(Entry6),
+
+ Entry6 = public_key:pem_entry_encode('DHParameter', DHParameter),
+
+ [{'Certificate', DerCert, not_encrypted} = Entry7] =
+ pkey_test:pem_to_der(filename:join(Datadir, "client_cert.pem")),
+
+ Cert = public_key:der_decode('Certificate', DerCert),
+ Cert = public_key:pem_entry_decode(Entry7),
+
+ CertEntries = [{'Certificate', _, not_encrypted} = CertEntry0,
+ {'Certificate', _, not_encrypted} = CertEntry1] =
+ pkey_test:pem_to_der(filename:join(Datadir, "cacerts.pem")),
+
+ ok = pkey_test:der_to_pem(filename:join(Datadir, "wcacerts.pem"), CertEntries),
+ ok = pkey_test:der_to_pem(filename:join(Datadir, "wdsa.pem"), [Entry0]),
+
+ NewCertEntries = pkey_test:pem_to_der(filename:join(Datadir, "wcacerts.pem")),
+ true = lists:member(CertEntry0, NewCertEntries),
+ true = lists:member(CertEntry1, NewCertEntries),
+ [Entry0] = pkey_test:pem_to_der(filename:join(Datadir, "wdsa.pem")),
ok.
+
%%--------------------------------------------------------------------
encrypt_decrypt(doc) ->
[""];
@@ -220,68 +234,80 @@ sign_verify(suite) ->
sign_verify(Config) when is_list(Config) ->
%% Make cert signs and validates the signature using RSA and DSA
Ca = {_, CaKey} = pkey_test:make_cert([]),
- {ok, PrivateRSA = #'RSAPrivateKey'{modulus=Mod, publicExponent=Exp}} =
- public_key:decode_private_key(CaKey),
+ PrivateRSA = #'RSAPrivateKey'{modulus=Mod, publicExponent=Exp} =
+ public_key:pem_entry_decode(CaKey),
CertInfo = {Cert1,CertKey1} = pkey_test:make_cert([{key, dsa}, {issuer, Ca}]),
PublicRSA = #'RSAPublicKey'{modulus=Mod, publicExponent=Exp},
- true = public_key:verify_signature(Cert1, PublicRSA, undefined),
+ true = public_key:pkix_verify(Cert1, PublicRSA),
{Cert2,_CertKey} = pkey_test:make_cert([{issuer, CertInfo}]),
- {ok, #'DSAPrivateKey'{p=P, q=Q, g=G, y=Y, x=_X}} =
- public_key:decode_private_key(CertKey1),
- true = public_key:verify_signature(Cert2, Y, #'Dss-Parms'{p=P, q=Q, g=G}),
+ #'DSAPrivateKey'{p=P, q=Q, g=G, y=Y, x=_X} =
+ public_key:pem_entry_decode(CertKey1),
+ true = public_key:pkix_verify(Cert2, {Y, #'Dss-Parms'{p=P, q=Q, g=G}}),
%% RSA sign
Msg0 = lists:duplicate(5, "Foo bar 100"),
Msg = list_to_binary(Msg0),
- RSASign = public_key:sign(sha, Msg0, PrivateRSA),
- RSASign = public_key:sign(Msg, PrivateRSA),
- true = public_key:verify_signature(Msg, sha, RSASign, PublicRSA),
- false = public_key:verify_signature(<<1:8, Msg/binary>>, sha, RSASign, PublicRSA),
- false = public_key:verify_signature(Msg, sha, <<1:8, RSASign/binary>>, PublicRSA),
- RSASign = public_key:sign(sha, Msg, PrivateRSA),
-
- RSASign1 = public_key:sign(md5, Msg, PrivateRSA),
- true = public_key:verify_signature(Msg, md5, RSASign1, PublicRSA),
+
+ RSASign = public_key:sign(Msg0, sha, PrivateRSA),
+ RSASign = public_key:sign(Msg, sha, PrivateRSA),
+ true = public_key:verify(Msg, sha, RSASign, PublicRSA),
+ false = public_key:verify(<<1:8, Msg/binary>>, sha, RSASign, PublicRSA),
+ false = public_key:verify(Msg, sha, <<1:8, RSASign/binary>>, PublicRSA),
+
+ RSASign1 = public_key:sign(Msg, md5, PrivateRSA),
+ true = public_key:verify(Msg, md5, RSASign1, PublicRSA),
%% DSA sign
Datadir = ?config(data_dir, Config),
- {ok,[DsaKey = {dsa_private_key, _, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "dsa.pem")),
- {ok, DSAPrivateKey} = public_key:decode_private_key(DsaKey),
+ [DsaKey = {'DSAPrivateKey', _, _}] =
+ pkey_test:pem_to_der(filename:join(Datadir, "dsa.pem")),
+ DSAPrivateKey = public_key:pem_entry_decode(DsaKey),
#'DSAPrivateKey'{p=P1, q=Q1, g=G1, y=Y1, x=_X1} = DSAPrivateKey,
- DSASign = public_key:sign(Msg, DSAPrivateKey),
+ DSASign = public_key:sign(Msg, sha, DSAPrivateKey),
DSAPublicKey = Y1,
DSAParams = #'Dss-Parms'{p=P1, q=Q1, g=G1},
- true = public_key:verify_signature(Msg, sha, DSASign, DSAPublicKey, DSAParams),
- false = public_key:verify_signature(<<1:8, Msg/binary>>, sha, DSASign, DSAPublicKey, DSAParams),
- false = public_key:verify_signature(Msg, sha, <<1:8, DSASign/binary>>, DSAPublicKey, DSAParams),
+ true = public_key:verify(Msg, sha, DSASign, {DSAPublicKey, DSAParams}),
+ false = public_key:verify(<<1:8, Msg/binary>>, sha, DSASign,
+ {DSAPublicKey, DSAParams}),
+ false = public_key:verify(Msg, sha, <<1:8, DSASign/binary>>,
+ {DSAPublicKey, DSAParams}),
+
+ Digest = crypto:sha(Msg),
+ DigestSign = public_key:sign(Digest, none, DSAPrivateKey),
+ true = public_key:verify(Digest, none, DigestSign, {DSAPublicKey, DSAParams}),
+ <<_:8, RestDigest/binary>> = Digest,
+ false = public_key:verify(<<1:8, RestDigest/binary>>, none, DigestSign,
+ {DSAPublicKey, DSAParams}),
+ false = public_key:verify(Digest, none, <<1:8, DigestSign/binary>>,
+ {DSAPublicKey, DSAParams}),
ok.
-
+%%--------------------------------------------------------------------
pkix(doc) ->
"Misc pkix tests not covered elsewhere";
pkix(suite) ->
[];
pkix(Config) when is_list(Config) ->
Datadir = ?config(data_dir, Config),
- {ok,Certs0} = public_key:pem_to_der(filename:join(Datadir, "cacerts.pem")),
- {ok,Certs1} = public_key:pem_to_der(filename:join(Datadir, "client_cert.pem")),
- TestTransform = fun({cert, CertDer, not_encrypted}) ->
- {ok, PlainCert} = public_key:pkix_decode_cert(CertDer, plain),
- {ok, OtpCert} = public_key:pkix_decode_cert(CertDer, otp),
- CertDer = public_key:pkix_encode_cert(OtpCert),
- CertDer = public_key:pkix_encode_cert(PlainCert),
-
- OTPSubj = (OtpCert#'OTPCertificate'.tbsCertificate)#'OTPTBSCertificate'.subject,
- Subj = public_key:pkix_transform(OTPSubj, encode),
- {ok, DNEncoded} = 'OTP-PUB-KEY':encode('Name', Subj),
- Subj2 = (PlainCert#'Certificate'.tbsCertificate)#'TBSCertificate'.subject,
- {ok, DNEncoded} = 'OTP-PUB-KEY':encode('Name', Subj2),
- OTPSubj = public_key:pkix_transform(Subj2, decode),
+ Certs0 = pkey_test:pem_to_der(filename:join(Datadir, "cacerts.pem")),
+ Certs1 = pkey_test:pem_to_der(filename:join(Datadir, "client_cert.pem")),
+ TestTransform = fun({'Certificate', CertDer, not_encrypted}) ->
+ PlainCert = public_key:pkix_decode_cert(CertDer, plain),
+ OtpCert = public_key:pkix_decode_cert(CertDer, otp),
+ CertDer =
+ public_key:pkix_encode('OTPCertificate', OtpCert, otp),
+ CertDer =
+ public_key:pkix_encode('Certificate', PlainCert, plain),
+ OTPTBS = OtpCert#'OTPCertificate'.tbsCertificate,
+ OTPSubj = OTPTBS#'OTPTBSCertificate'.subject,
+ DNEncoded = public_key:pkix_encode('Name', OTPSubj, otp),
+ PlainTBS = PlainCert#'Certificate'.tbsCertificate,
+ Subj2 = PlainTBS#'TBSCertificate'.subject,
+ DNEncoded = public_key:pkix_encode('Name', Subj2, plain),
false = public_key:pkix_is_fixed_dh_cert(CertDer)
end,
@@ -290,19 +316,24 @@ pkix(Config) when is_list(Config) ->
true = public_key:pkix_is_self_signed(element(2,hd(Certs0))),
false = public_key:pkix_is_self_signed(element(2,hd(Certs1))),
- CaIds = [element(2, public_key:pkix_issuer_id(Cert, self)) || {cert, Cert, _} <- Certs0],
- {ok, IssuerId = {_, IssuerName}} = public_key:pkix_issuer_id(element(2,hd(Certs1)), other),
+ CaIds = [element(2, public_key:pkix_issuer_id(Cert, self)) ||
+ {'Certificate', Cert, _} <- Certs0],
+ {ok, IssuerId = {_, _IssuerName}} =
+ public_key:pkix_issuer_id(element(2,hd(Certs1)), other),
+
true = lists:member(IssuerId, CaIds),
%% Should be normalized allready
- TestStr = {rdnSequence, [[{'AttributeTypeAndValue', {2,5,4,3},{printableString,"ERLANGCA"}}],
- [{'AttributeTypeAndValue', {2,5,4,3},{printableString," erlang ca "}}]]},
- VerifyStr = {rdnSequence, [[{'AttributeTypeAndValue', {2,5,4,3},{printableString,"erlang ca"}}],
- [{'AttributeTypeAndValue', {2,5,4,3},{printableString,"erlangca"}}]]},
- VerifyStr = public_key:pkix_normalize_general_name(TestStr),
+ TestStr = {rdnSequence,
+ [[{'AttributeTypeAndValue', {2,5,4,3},{printableString,"ERLANGCA"}}],
+ [{'AttributeTypeAndValue', {2,5,4,3},{printableString," erlang ca "}}]]},
+ VerifyStr = {rdnSequence,
+ [[{'AttributeTypeAndValue', {2,5,4,3},{printableString,"erlang ca"}}],
+ [{'AttributeTypeAndValue', {2,5,4,3},{printableString,"erlangca"}}]]},
+ VerifyStr = public_key:pkix_normalize_name(TestStr),
ok.
-
+%%--------------------------------------------------------------------
pkix_path_validation(doc) ->
"Misc pkix tests not covered elsewhere";
pkix_path_validation(suite) ->
@@ -323,23 +354,56 @@ pkix_path_validation(Config) when is_list(Config) ->
ok = pkey_test:write_pem("./", "public_key_cacert", CaK),
CertK1 = {Cert1, _} = pkey_test:make_cert([{issuer, CaK}]),
- CertK2 = {Cert2,_} = pkey_test:make_cert([{issuer, CertK1}, {digest, md5}, {extensions, false}]),
+ CertK2 = {Cert2,_} = pkey_test:make_cert([{issuer, CertK1},
+ {digest, md5}, {extensions, false}]),
ok = pkey_test:write_pem("./", "public_key_cert", CertK2),
{ok, _} = public_key:pkix_path_validation(Trusted, [Cert1], []),
- {error, {bad_cert,invalid_issuer}} = public_key:pkix_path_validation(Trusted, [Cert2], []),
- %%{error, {bad_cert,invalid_issuer}} = public_key:pkix_path_validation(Trusted, [Cert2], [{verify,false}]),
+ {error, {bad_cert,invalid_issuer}} =
+ public_key:pkix_path_validation(Trusted, [Cert2], []),
{ok, _} = public_key:pkix_path_validation(Trusted, [Cert1, Cert2], []),
{error, issuer_not_found} = public_key:pkix_issuer_id(Cert2, other),
- CertK3 = {Cert3,_} = pkey_test:make_cert([{issuer, CertK1}, {extensions, [{basic_constraints, false}]}]),
+ CertK3 = {Cert3,_} = pkey_test:make_cert([{issuer, CertK1},
+ {extensions, [{basic_constraints, false}]}]),
{Cert4,_} = pkey_test:make_cert([{issuer, CertK3}]),
{error, E={bad_cert,missing_basic_constraint}} =
public_key:pkix_path_validation(Trusted, [Cert1, Cert3,Cert4], []),
- {ok, {_,_,[E]}} = public_key:pkix_path_validation(Trusted, [Cert1, Cert3,Cert4], [{verify,false}]),
+ {ok, {_,_,[E]}} = public_key:pkix_path_validation(Trusted, [Cert1, Cert3,Cert4],
+ [{verify,false}]),
+ ok.
- % test_server:format("PV ~p ~n", [Result]),
+%%--------------------------------------------------------------------
+deprecated(doc) ->
+ ["Check deprecated functions."];
+deprecated(suite) ->
+ [];
+deprecated(Config) when is_list(Config) ->
+ Datadir = ?config(data_dir, Config),
+ [DsaKey = {'DSAPrivateKey', _DsaKey, _}] =
+ public_key:pem_to_der(filename:join(Datadir, "dsa.pem")),
+ [RsaKey = {'RSAPrivateKey', _RsaKey,_}] =
+ public_key:pem_to_der(filename:join(Datadir, "client_key.pem")),
+ [ProtectedRsaKey = {'RSAPrivateKey', _ProtectedRsaKey,_}] =
+ public_key:pem_to_der(filename:join(Datadir, "rsa.pem")),
+
+ {ok, #'DSAPrivateKey'{}} = public_key:decode_private_key(DsaKey),
+ {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(RsaKey),
+ {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(ProtectedRsaKey, "abcd1234"),
ok.
+
+%%--------------------------------------------------------------------
+
+check_entry_type(#'DSAPrivateKey'{}, 'DSAPrivateKey') ->
+ true;
+check_entry_type(#'RSAPrivateKey'{}, 'RSAPrivateKey') ->
+ true;
+check_entry_type(#'DHParameter'{}, 'DHParameter') ->
+ true;
+check_entry_type(#'Certificate'{}, 'Certificate') ->
+ true;
+check_entry_type(_,_) ->
+ false.