aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key
diff options
context:
space:
mode:
authorIngela Anderton Andin <ingela@erlang.org>2012-11-15 10:38:05 +0100
committerIngela Anderton Andin <ingela@erlang.org>2012-11-15 14:02:01 +0100
commitdbf18b8a7713d76c0be307af40e97cd7c564aa53 (patch)
tree60f065f70d06bc4cdf43e49d36c73c9000ee6147 /lib/public_key
parent689b6c5bacf0d7f89c7f3de028627753ad5a1438 (diff)
downloadotp-dbf18b8a7713d76c0be307af40e97cd7c564aa53.tar.gz
otp-dbf18b8a7713d76c0be307af40e97cd7c564aa53.tar.bz2
otp-dbf18b8a7713d76c0be307af40e97cd7c564aa53.zip
public_key: Simplified PKCS-7 and PKCS-10 specs.
Used defenitions from PKIX1Explicit88 to avoid most of the overcomplicated InformationalFrameWork (and friends) ASN-1 specs. We want to keep the public_key API as small and simple as possible.
Diffstat (limited to 'lib/public_key')
-rw-r--r--lib/public_key/asn1/Makefile11
-rw-r--r--lib/public_key/asn1/OTP-PUB-KEY.set.asn2
-rw-r--r--lib/public_key/asn1/PKCS-10.asn133
-rw-r--r--lib/public_key/asn1/PKCS-7.asn142
-rw-r--r--lib/public_key/asn1/PKCS-FRAME.set.asn2
-rw-r--r--lib/public_key/asn1/PKIX1Explicit88.asn15
-rw-r--r--lib/public_key/src/pubkey_pem.erl4
-rw-r--r--lib/public_key/src/public_key.erl4
-rw-r--r--lib/public_key/test/public_key_SUITE.erl8
9 files changed, 63 insertions, 48 deletions
diff --git a/lib/public_key/asn1/Makefile b/lib/public_key/asn1/Makefile
index c8426411d3..957c332cad 100644
--- a/lib/public_key/asn1/Makefile
+++ b/lib/public_key/asn1/Makefile
@@ -41,7 +41,7 @@ RELSYSDIR = $(RELEASE_PATH)/lib/public_key-$(VSN)
ASN_TOP = OTP-PUB-KEY PKCS-FRAME
ASN_MODULES = PKIX1Explicit88 PKIX1Implicit88 PKIX1Algorithms88 \
PKIXAttributeCertificate PKCS-1 PKCS-3 PKCS-7 PKCS-8 PKCS-10 PKCS5v2-0 OTP-PKIX \
- AuthenticationFramework InformationFramework UsefulDefinitions SelectedAttributeTypes
+ InformationFramework
ASN_ASNS = $(ASN_MODULES:%=%.asn1)
ASN_ERLS = $(ASN_TOP:%=%.erl)
ASN_HRLS = $(ASN_TOP:%=%.hrl)
@@ -113,15 +113,12 @@ OTP-PUB-KEY.asn1db: PKIX1Algorithms88.asn1 \
PKIXAttributeCertificate.asn1 \
PKCS-1.asn1\
PKCS-3.asn1\
+ PKCS-7.asn1\
+ PKCS-10.asn1\
+ InformationFramework.asn1\
OTP-PKIX.asn1
$(EBIN)/PKCS-FRAME.beam: PKCS-FRAME.erl PKCS-FRAME.hrl
PKCS-FRAME.erl PKCS-FRAME.hrl: PKCS-FRAME.asn1db
PKCS-FRAME.asn1db: PKCS5v2-0.asn1\
PKCS-8.asn1\
- PKCS-7.asn1\
- PKCS-10.asn1\
- AuthenticationFramework.asn1\
- InformationFramework.asn1\
- UsefulDefinitions.asn1\
- SelectedAttributeTypes.asn1
diff --git a/lib/public_key/asn1/OTP-PUB-KEY.set.asn b/lib/public_key/asn1/OTP-PUB-KEY.set.asn
index 5c76d13115..f8fb318c93 100644
--- a/lib/public_key/asn1/OTP-PUB-KEY.set.asn
+++ b/lib/public_key/asn1/OTP-PUB-KEY.set.asn
@@ -6,3 +6,5 @@ PKIX1Algorithms88.asn1
PKCS-1.asn1
PKCS-3.asn1
DSS.asn1
+PKCS-7.asn1
+PKCS-10.asn1
diff --git a/lib/public_key/asn1/PKCS-10.asn1 b/lib/public_key/asn1/PKCS-10.asn1
index 09db4f9460..333104d230 100644
--- a/lib/public_key/asn1/PKCS-10.asn1
+++ b/lib/public_key/asn1/PKCS-10.asn1
@@ -13,50 +13,53 @@ BEGIN
IMPORTS
-informationFramework, authenticationFramework
- FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
- usefulDefinitions(0) 3}
+--informationFramework, authenticationFramework
+-- FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
+-- usefulDefinitions(0) 3}
-ATTRIBUTE, Name
+ ATTRIBUTE
FROM InformationFramework informationFramework
-ALGORITHM
- FROM AuthenticationFramework authenticationFramework;
+ Name
+ FROM PKIX1Explicit88 --InformationFramework informationFramework
+
+ ALGORITHM
+ FROM PKCS-7; --AuthenticationFramework authenticationFramework;
-- Certificate requests
CertificationRequestInfo ::= SEQUENCE {
version INTEGER { v1(0) } (v1,...),
subject Name,
- subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
+ subjectPKInfo SubjectPublicKeyInfo-PKCS-10{{ PKInfoAlgorithms }},
attributes [0] Attributes{{ CRIAttributes }}
}
-SubjectPublicKeyInfo {ALGORITHM: IOSet} ::= SEQUENCE {
- algorithm AlgorithmIdentifier {{IOSet}},
+SubjectPublicKeyInfo-PKCS-10 {ALGORITHM: IOSet} ::= SEQUENCE {
+ algorithm AlgorithmIdentifierPKCS-10{{IOSet}},
subjectPublicKey BIT STRING
}
PKInfoAlgorithms ALGORITHM ::= {
... -- add any locally defined algorithms here -- }
-Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}
+Attributes { ATTRIBUTE:IOSet } ::= SET OF AttributePKCS-10{{ IOSet }}
CRIAttributes ATTRIBUTE ::= {
- ... -- add any locally defined attributes here -- }
+... -- add any locally defined attributes here -- }
-Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
+AttributePKCS-10 { ATTRIBUTE:IOSet } ::= SEQUENCE {
type ATTRIBUTE.&id({IOSet}),
values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
}
CertificationRequest ::= SEQUENCE {
certificationRequestInfo CertificationRequestInfo,
- signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
+ signatureAlgorithm AlgorithmIdentifierPKCS-10{{ SignatureAlgorithms }},
signature BIT STRING
}
-AlgorithmIdentifier {ALGORITHM:IOSet } ::= SEQUENCE {
+AlgorithmIdentifierPKCS-10 {ALGORITHM:IOSet } ::= SEQUENCE {
algorithm ALGORITHM.&id({IOSet}),
parameters ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL
}
@@ -64,4 +67,4 @@ AlgorithmIdentifier {ALGORITHM:IOSet } ::= SEQUENCE {
SignatureAlgorithms ALGORITHM ::= {
... -- add any locally defined algorithms here -- }
-END \ No newline at end of file
+END
diff --git a/lib/public_key/asn1/PKCS-7.asn1 b/lib/public_key/asn1/PKCS-7.asn1
index f80954398e..a6dfd57d80 100644
--- a/lib/public_key/asn1/PKCS-7.asn1
+++ b/lib/public_key/asn1/PKCS-7.asn1
@@ -16,12 +16,12 @@ informationFramework, authenticationFramework
FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
usefulDefinitions(0) 3}
- Name, ATTRIBUTE
+ ATTRIBUTE
FROM InformationFramework informationFramework
- ALGORITHM, Certificate, CertificateSerialNumber,
+ Name, Certificate, CertificateSerialNumber,
CertificateList, Time
- FROM AuthenticationFramework authenticationFramework;
+ FROM PKIX1Explicit88; -- AuthenticationFramework authenticationFramework;
-- contentType, messageDigest, signingTime
-- , counterSignature
@@ -30,8 +30,20 @@ informationFramework, authenticationFramework
--
-- 6. Useful types
--
+
+-- inlined from AuthenticationFramework
+
+ALGORITHM ::= CLASS {&Type OPTIONAL,
+ &id OBJECT IDENTIFIER UNIQUE
+}WITH SYNTAX {[&Type]
+ IDENTIFIED BY &id
+}
+
+-- inlined from PKCS-9
+
pkcs-9 OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) 9}
+
contentType ATTRIBUTE ::= {
WITH SYNTAX ContentType
-- EQUALITY MATCHING RULE objectIdentifierMatch
@@ -69,16 +81,16 @@ SigningTime ::= Time -- imported from ISO/IEC 9594-8
-- Also defined in X.509
-- Redeclared here as a parameterized type
-AlgorithmIdentifier {ALGORITHM:IOSet} ::= SEQUENCE {
+AlgorithmIdentifierPKSC-7 {ALGORITHM:IOSet} ::= SEQUENCE {
algorithm ALGORITHM.&id({IOSet}),
parameters ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL
}
-- Also defined in X.501
-- Redeclared here as a parameterized type
-Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
- type ATTRIBUTE.&id({IOSet}),
- values SET SIZE (1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
+AttributePKCS-7 { ATTRIBUTE:IOSet } ::= SEQUENCE {
+ type ATTRIBUTE.&id({IOSet}),
+ values SET SIZE (1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
}
CertificateRevocationLists ::=
@@ -91,21 +103,21 @@ CRLSequence ::=
SEQUENCE OF CertificateList
ContentEncryptionAlgorithmIdentifier ::=
- AlgorithmIdentifier {{ContentEncryptionAlgorithms}}
+ AlgorithmIdentifierPKSC-7 {{ContentEncryptionAlgorithms}}
ContentEncryptionAlgorithms ALGORITHM ::= {
... -- add any application-specific algorithms here
}
DigestAlgorithmIdentifier ::=
- AlgorithmIdentifier {{DigestAlgorithms}}
+ AlgorithmIdentifierPKSC-7 {{DigestAlgorithms}}
DigestAlgorithms ALGORITHM ::= {
... -- add any application-specific algorithms here
}
DigestEncryptionAlgorithmIdentifier ::=
- AlgorithmIdentifier {{DigestEncryptionAlgorithms}}
+ AlgorithmIdentifierPKSC-7 {{DigestEncryptionAlgorithms}}
DigestEncryptionAlgorithms ALGORITHM ::= {
... -- add any application-specific algorithms here
@@ -127,7 +139,7 @@ IssuerAndSerialNumber ::= SEQUENCE {
}
KeyEncryptionAlgorithmIdentifier ::=
- AlgorithmIdentifier {{KeyEncryptionAlgorithms}}
+ AlgorithmIdentifierPKSC-7 {{KeyEncryptionAlgorithms}}
KeyEncryptionAlgorithms ALGORITHM ::= {
... -- add any application-specific algorithms here
@@ -213,8 +225,8 @@ SignerInfo ::= SEQUENCE {
IssuerAndSerialNumber,
digestAlgorithm DigestAlgorithmIdentifier,
authenticatedAttributes CHOICE {
- aaSet [0] IMPLICIT SET OF Attribute {{Authenticated}},
- aaSequence [2] EXPLICIT SEQUENCE OF Attribute {{Authenticated}}
+ aaSet [0] IMPLICIT SET OF AttributePKCS-7 {{Authenticated}},
+ aaSequence [2] EXPLICIT SEQUENCE OF AttributePKCS-7 {{Authenticated}}
-- Explicit because easier to compute digest on sequence of attributes and then reuse
-- encoded sequence in aaSequence.
} OPTIONAL,
@@ -222,8 +234,8 @@ SignerInfo ::= SEQUENCE {
DigestEncryptionAlgorithmIdentifier,
encryptedDigest EncryptedDigest,
unauthenticatedAttributes CHOICE {
- uaSet [1] IMPLICIT SET OF Attribute {{Unauthenticated}},
- uaSequence [3] IMPLICIT SEQUENCE OF Attribute {{Unauthenticated}}
+ uaSet [1] IMPLICIT SET OF AttributePKCS-7 {{Unauthenticated}},
+ uaSequence [3] IMPLICIT SEQUENCE OF AttributePKCS-7 {{Unauthenticated}}
} OPTIONAL
} (WITH COMPONENTS { ..., version (siVer1),
authenticatedAttributes (WITH COMPONENTS { ..., aaSequence ABSENT }),
diff --git a/lib/public_key/asn1/PKCS-FRAME.set.asn b/lib/public_key/asn1/PKCS-FRAME.set.asn
index 64da71509d..69b6727bef 100644
--- a/lib/public_key/asn1/PKCS-FRAME.set.asn
+++ b/lib/public_key/asn1/PKCS-FRAME.set.asn
@@ -1,4 +1,2 @@
PKCS-8.asn1
-PKCS-7.asn1
PKCS5v2-0.asn1
-PKCS-10.asn1
diff --git a/lib/public_key/asn1/PKIX1Explicit88.asn1 b/lib/public_key/asn1/PKIX1Explicit88.asn1
index 03e9da3e05..91758d7269 100644
--- a/lib/public_key/asn1/PKIX1Explicit88.asn1
+++ b/lib/public_key/asn1/PKIX1Explicit88.asn1
@@ -206,13 +206,12 @@ DomainComponent ::= IA5String
-- Legacy attributes
-pkcs-9 OBJECT IDENTIFIER ::=
- { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
-
id-emailAddress AttributeType ::= { pkcs-9 1 }
EmailAddress ::= IA5String (SIZE (1..ub-emailaddress-length))
+-- Legacy attributes
+
-- naming data types --
Name ::= CHOICE { -- only one possibility for now --
diff --git a/lib/public_key/src/pubkey_pem.erl b/lib/public_key/src/pubkey_pem.erl
index 15290387ff..4012825f20 100644
--- a/lib/public_key/src/pubkey_pem.erl
+++ b/lib/public_key/src/pubkey_pem.erl
@@ -219,7 +219,9 @@ pem_end(<<"-----BEGIN ENCRYPTED PRIVATE KEY-----">>) ->
pem_end(<<"-----BEGIN CERTIFICATE REQUEST-----">>) ->
<<"-----END CERTIFICATE REQUEST-----">>;
pem_end(<<"-----BEGIN PKCS7-----">>) ->
- <<"-----END PKCS7-----">>.
+ <<"-----END PKCS7-----">>;
+pem_end(_) ->
+ undefined.
asn1_type(<<"-----BEGIN CERTIFICATE-----">>) ->
'Certificate';
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index f7252d18a6..d5df53e848 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -176,9 +176,7 @@ der_decode(Asn1Type, Der) when is_atom(Asn1Type), is_binary(Der) ->
%% Description: Encodes a public key entity with asn1 DER encoding.
%%--------------------------------------------------------------------
der_encode(Asn1Type, Entity) when (Asn1Type == 'PrivateKeyInfo') or
- (Asn1Type == 'EncryptedPrivateKeyInfo') or
- (Asn1Type == 'CertificationRequest')
- ->
+ (Asn1Type == 'EncryptedPrivateKeyInfo') ->
try
{ok, Encoded} = 'PKCS-FRAME':encode(Asn1Type, Entity),
iolist_to_binary(Encoded)
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index eeecdb7d8f..8dfd068d91 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -111,7 +111,7 @@ all() ->
groups() ->
[{pem_decode_encode, [], [dsa_pem, rsa_pem, encrypted_pem,
- dh_pem, cert_pem]},
+ dh_pem, cert_pem, pkcs10_pem]},
{ssh_public_key_decode_encode, [],
[ssh_rsa_public_key, ssh_dsa_public_key, ssh_rfc4716_rsa_comment,
ssh_rfc4716_dsa_comment, ssh_rfc4716_rsa_subject, ssh_known_hosts,
@@ -263,7 +263,11 @@ pkcs10_pem(Config) when is_list(Config) ->
erl_make_certs:der_to_pem(filename:join(Datadir, "new_req.pem"), [Entry]),
- public_key:der_decode('CertificationRequest', DerPKCS10).
+ PKCS10 = public_key:der_decode('CertificationRequest', DerPKCS10),
+ PKCS10 = public_key:pem_entry_decode(Entry),
+
+ Entry = public_key:pem_entry_encode('CertificationRequest', PKCS10).
+
%%--------------------------------------------------------------------
cert_pem(doc) ->