aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2014-08-21 09:52:05 +0200
committerIngela Anderton Andin <[email protected]>2014-08-22 11:19:26 +0200
commitf993ce5f68f875f95c24f085773e4a0916568e9d (patch)
tree10e9a21697097055be4647d7dd388a1bf1bb17ee /lib/public_key
parent41bb781d809effb185a857b25009615bb9acbea7 (diff)
downloadotp-f993ce5f68f875f95c24f085773e4a0916568e9d.tar.gz
otp-f993ce5f68f875f95c24f085773e4a0916568e9d.tar.bz2
otp-f993ce5f68f875f95c24f085773e4a0916568e9d.zip
public_key: Add PBES1 decoding support
Diffstat (limited to 'lib/public_key')
-rw-r--r--lib/public_key/src/pubkey_pbe.erl27
-rw-r--r--lib/public_key/src/public_key.erl15
2 files changed, 29 insertions, 13 deletions
diff --git a/lib/public_key/src/pubkey_pbe.erl b/lib/public_key/src/pubkey_pbe.erl
index 460624163b..bd9322d85c 100644
--- a/lib/public_key/src/pubkey_pbe.erl
+++ b/lib/public_key/src/pubkey_pbe.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2011-2013. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2014. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -117,14 +117,18 @@ password_to_key_and_iv(Password, _, #'PBES2-params'{} = Params) ->
<<Key:KeyLen/binary, _/binary>> =
pbdkdf2(Password, Salt, ItrCount, KeyLen, PseudoRandomFunction, PseudoHash, PseudoOtputLen),
{Key, IV};
+password_to_key_and_iv(Password, _Cipher, {#'PBEParameter'{salt = Salt,
+ iterationCount = Count}, Hash}) ->
+ <<Key:8/binary, IV:8/binary, _/binary>>
+ = pbdkdf1(Password, erlang:iolist_to_binary(Salt), Count, Hash),
+ {Key, IV};
password_to_key_and_iv(Password, Cipher, Salt) ->
- KeyLen = derived_key_length(Cipher, undefined),
+ KeyLen = derived_key_length(Cipher, undefined),
<<Key:KeyLen/binary, _/binary>> =
pem_encrypt(<<>>, Password, Salt, ceiling(KeyLen div 16), <<>>, md5),
%% Old PEM encryption does not use standard encryption method
- %% pbdkdf1 and uses then salt as IV
+ %% pbdkdf1 and uses then salt as IV
{Key, Salt}.
-
pem_encrypt(_, _, _, 0, Acc, _) ->
Acc;
pem_encrypt(Prev, Password, Salt, Count, Acc, Hash) ->
@@ -169,7 +173,20 @@ do_xor_sum(Prf, PrfHash, PrfLen, Prev, Password, Count, Acc)->
decrypt_parameters(?'id-PBES2', DekParams) ->
{ok, Params} = 'PKCS-FRAME':decode('PBES2-params', DekParams),
- {cipher(Params#'PBES2-params'.encryptionScheme), Params}.
+ {cipher(Params#'PBES2-params'.encryptionScheme), Params};
+decrypt_parameters(?'pbeWithSHA1AndRC2-CBC', DekParams) ->
+ {ok, Params} = 'PKCS-FRAME':decode('PBEParameter', DekParams),
+ {"RC2-CBC", {Params, sha}};
+decrypt_parameters(?'pbeWithSHA1AndDES-CBC', DekParams) ->
+ {ok, Params} = 'PKCS-FRAME':decode('PBEParameter', DekParams),
+ {"DES-CBC", {Params, sha}};
+decrypt_parameters(?'pbeWithMD5AndRC2-CBC', DekParams) ->
+ {ok, Params} = 'PKCS-FRAME':decode('PBEParameter', DekParams),
+ {"RC2-CBC", {Params, md5}};
+decrypt_parameters(?'pbeWithMD5AndDES-CBC', DekParams) ->
+ {ok, Params} = 'PKCS-FRAME':decode('PBEParameter', DekParams),
+ {"DES-CBC", {Params, md5}}.
+
key_derivation_params(#'PBES2-params'{keyDerivationFunc = KeyDerivationFunc,
encryptionScheme = EncScheme}) ->
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index a732455aa7..c70053d2d9 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -133,20 +133,19 @@ pem_entry_decode({Asn1Type, CryptDer, {Cipher, #'PBES2-params'{}}} = PemEntry,
is_binary(CryptDer) andalso
is_list(Cipher) ->
do_pem_entry_decode(PemEntry, Password);
-pem_entry_decode({Asn1Type, CryptDer, {Cipher, Salt}} = PemEntry,
+pem_entry_decode({Asn1Type, CryptDer, {Cipher, {#'PBEParameter'{},_}}} = PemEntry,
Password) when is_atom(Asn1Type) andalso
is_binary(CryptDer) andalso
- is_list(Cipher) andalso
- is_binary(Salt) andalso
- erlang:byte_size(Salt) == 8 ->
+ is_list(Cipher) ->
do_pem_entry_decode(PemEntry, Password);
-pem_entry_decode({Asn1Type, CryptDer, {"AES-128-CBC"=Cipher, IV}} = PemEntry,
+pem_entry_decode({Asn1Type, CryptDer, {Cipher, Salt}} = PemEntry,
Password) when is_atom(Asn1Type) andalso
is_binary(CryptDer) andalso
is_list(Cipher) andalso
- is_binary(IV) andalso
- erlang:byte_size(IV) == 16 ->
- do_pem_entry_decode(PemEntry, Password).
+ is_binary(Salt) andalso
+ ((erlang:byte_size(Salt) == 8) or (erlang:byte_size(Salt) == 16)) ->
+ do_pem_entry_decode(PemEntry, Password).
+
%%--------------------------------------------------------------------
-spec pem_entry_encode(pki_asn1_type(), term()) -> pem_entry().