Improved support for RSA and DSA public keys

This patch allows the public_key module to decode and encode RSA and DSA
keys encoded using the SubjectPublicKeyInfo format.  When
pem_entry_encode is called on an RSA or DSA public key type, the key is
wrapped in the SubjectPublicKeyInfo format.

9 files changed, 120 insertions, 17 deletions

diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index c72719fac4..91e058f74e 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -64,8 +64,8 @@
 
     <p><c>decrypt_der() = binary() </c></p>
     
-    <p><c>pki_asn1_type() = 'Certificate' | 'RSAPrivateKey'|
-    'DSAPrivateKey' | 'DHParameter'</c></p>
+    <p><c>pki_asn1_type() = 'Certificate' | 'RSAPrivateKey'| 'RSAPublicKey'
+    'DSAPrivateKey' | 'DSAPublicKey' | 'DHParameter' | 'SubjectPublicKeyInfo'</c></p>
 
      <p><c>pem_entry () = {pki_asn1_type(), der_encoded() | decrypt_der(), not_encrypted |
      {"DES-CBC" | "DES-EDE3-CBC",  crypto:rand_bytes(8)}}.</c></p>
@@ -207,17 +207,24 @@
       <v> Password = string() </v> 
   </type> 
   <desc> 
-    <p>Decodes a pem entry. pem_decode/1 returns a list of
-    pem entries.</p> 
+    <p>Decodes a pem entry. pem_decode/1 returns a list of pem
+    entries. Note that if the pem entry is of type
+    'SubjectPublickeyInfo' it will be further decoded to an
+    rsa_public_key() or dsa_public_key().</p>
   </desc> 
   </func>
 
    <func>
     <name>pem_entry_encode(Asn1Type, Entity [,{CipherInfo, Password}]) -> pem_entry()</name>
-    <fsummary> Creates a pem entry that can be feed to pem_encode/1.</fsummary>
+    <fsummary> Creates a pem entry that can be fed to pem_encode/1.</fsummary>
     <type>
-      <v>Asn1Type = atom()</v>
-      <v>Entity = term()</v>
+      <v>Asn1Type = pki_asn1_type()</v>
+      <v>Entity = term() - The Erlang representation of
+      <c>Asn1Type</c>.  If <c>Asn1Type</c> is 'SubjectPublicKeyInfo'
+      then <c>Entity</c> must be either an rsa_public_key() or a
+      dsa_public_key() and this function will create the appropriate
+      'SubjectPublicKeyInfo' entry.
+      </v>
       <v>CipherInfo = {"DES-CBC" | "DES-EDE3-CBC",  crypto:rand_bytes(8)}</v>
       <v>Password = string()</v> 
   </type> 
diff --git a/lib/public_key/include/public_key.hrl b/lib/public_key/include/public_key.hrl
index 4950597fb5..f29ab859ed 100644
--- a/lib/public_key/include/public_key.hrl
+++ b/lib/public_key/include/public_key.hrl
@@ -73,8 +73,9 @@
 
 -type der_encoded()          :: binary().
 -type decrypt_der()          :: binary().
--type pki_asn1_type()        ::  'Certificate' | 'RSAPrivateKey' 
-			       | 'DSAPrivateKey' | 'DHParameter'.
+-type pki_asn1_type()        ::  'Certificate' | 'RSAPrivateKey' | 'RSAPublicKey'
+			       | 'DSAPrivateKey' | 'DSAPublicKey' | 'DHParameter'
+                               | 'SubjectPublicKeyInfo'.
 -type pem_entry()            :: {pki_asn1_type(), der_encoded() | decrypt_der(),
 				 not_encrypted | {Cipher :: string(), Salt :: binary()}}.
 -type asn1_type()            :: atom(). %% see "OTP-PUB-KEY.hrl
diff --git a/lib/public_key/src/pubkey_cert_records.erl b/lib/public_key/src/pubkey_cert_records.erl
index 20b322b4a4..7a387e487c 100644
--- a/lib/public_key/src/pubkey_cert_records.erl
+++ b/lib/public_key/src/pubkey_cert_records.erl
@@ -23,7 +23,7 @@
 
 -include("public_key.hrl").
 
--export([decode_cert/1, transform/2]).
+-export([decode_cert/1, transform/2, supportedPublicKeyAlgorithms/1]).
 
 %%====================================================================
 %% Internal application API
@@ -80,16 +80,24 @@ transform(Other,_) ->
     Other.
 
 %%--------------------------------------------------------------------
-%%% Internal functions
+-spec supportedPublicKeyAlgorithms(Oid::tuple()) -> asn1_type().
+%%
+%% Description: Returns the public key type for an algorithm
+%% identifier tuple as found in SubjectPublicKeyInfo.
+%%
 %%--------------------------------------------------------------------
-
-%%% SubjectPublicKey
 supportedPublicKeyAlgorithms(?'rsaEncryption') -> 'RSAPublicKey';
 supportedPublicKeyAlgorithms(?'id-dsa') -> 'DSAPublicKey';
 supportedPublicKeyAlgorithms(?'dhpublicnumber') -> 'DHPublicKey';
 supportedPublicKeyAlgorithms(?'id-keyExchangeAlgorithm') -> 'KEA-PublicKey';
 supportedPublicKeyAlgorithms(?'id-ecPublicKey') -> 'ECPoint'.
 
+%%--------------------------------------------------------------------
+%%% Internal functions
+%%--------------------------------------------------------------------
+
+%%% SubjectPublicKey
+
 decode_supportedPublicKey(#'OTPSubjectPublicKeyInfo'{algorithm= PA =
 						  #'PublicKeyAlgorithm'{algorithm=Algo},
 						  subjectPublicKey = {0,SPK0}}) ->
diff --git a/lib/public_key/src/pubkey_pem.erl b/lib/public_key/src/pubkey_pem.erl
index 31d881973a..78870e5cd7 100644
--- a/lib/public_key/src/pubkey_pem.erl
+++ b/lib/public_key/src/pubkey_pem.erl
@@ -93,11 +93,11 @@ encode_pem_entries(Entries) ->
 
 encode_pem_entry({Asn1Type, Der, not_encrypted}) ->
     StartStr = pem_start(Asn1Type),
-    [StartStr, "\n", b64encode_and_split(Der), pem_end(StartStr) ,"\n\n"];
+    [StartStr, "\n", b64encode_and_split(Der), "\n", pem_end(StartStr) ,"\n\n"];
 encode_pem_entry({Asn1Type, Der, {Cipher, Salt}}) ->
     StartStr = pem_start(Asn1Type),
     [StartStr,"\n", pem_decrypt(),"\n", pem_decrypt_info(Cipher, Salt),"\n",
-     b64encode_and_split(Der), pem_end(StartStr) ,"\n\n"].
+     b64encode_and_split(Der), "\n", pem_end(StartStr) ,"\n\n"].
 
 decode_pem_entries([], Entries) ->
     lists:reverse(Entries);
@@ -145,16 +145,22 @@ split_bin(N, Bin) ->
 b64encode_and_split(Bin) ->
     split_lines(base64:encode(Bin)).
 
+split_lines(<<Text:?ENCODED_LINE_LENGTH/binary>>) ->
+    [Text];
 split_lines(<<Text:?ENCODED_LINE_LENGTH/binary, Rest/binary>>) ->
     [Text, $\n | split_lines(Rest)];
 split_lines(Bin) ->
-    [Bin, $\n].
+    [Bin].
 
 %% Ignore white space at end of line
 join_entry([<<"-----END CERTIFICATE-----", _/binary>>| Lines], Entry) ->
     {lists:reverse(Entry), Lines};
 join_entry([<<"-----END RSA PRIVATE KEY-----", _/binary>>| Lines], Entry) ->
     {lists:reverse(Entry), Lines};
+join_entry([<<"-----END PUBLIC KEY-----", _/binary>>| Lines], Entry) ->
+    {lists:reverse(Entry), Lines};
+join_entry([<<"-----END RSA PUBLIC KEY-----", _/binary>>| Lines], Entry) ->
+    {lists:reverse(Entry), Lines};
 join_entry([<<"-----END DSA PRIVATE KEY-----", _/binary>>| Lines], Entry) ->
     {lists:reverse(Entry), Lines};
 join_entry([<<"-----END DH PARAMETERS-----", _/binary>>| Lines], Entry) ->
@@ -210,15 +216,22 @@ pem_start('Certificate') ->
     <<"-----BEGIN CERTIFICATE-----">>;
 pem_start('RSAPrivateKey') ->
     <<"-----BEGIN RSA PRIVATE KEY-----">>;
+pem_start('RSAPublicKey') ->
+    <<"-----BEGIN RSA PUBLIC KEY-----">>;
+pem_start('SubjectPublicKeyInfo') ->
+    <<"-----BEGIN PUBLIC KEY-----">>;
 pem_start('DSAPrivateKey') ->
     <<"-----BEGIN DSA PRIVATE KEY-----">>;
 pem_start('DHParameter') ->
     <<"-----BEGIN DH PARAMETERS-----">>.
-
 pem_end(<<"-----BEGIN CERTIFICATE-----">>) ->
     <<"-----END CERTIFICATE-----">>;
 pem_end(<<"-----BEGIN RSA PRIVATE KEY-----">>) ->
     <<"-----END RSA PRIVATE KEY-----">>;
+pem_end(<<"-----BEGIN RSA PUBLIC KEY-----">>) ->
+    <<"-----END RSA PUBLIC KEY-----">>;
+pem_end(<<"-----BEGIN PUBLIC KEY-----">>) ->
+    <<"-----END PUBLIC KEY-----">>;
 pem_end(<<"-----BEGIN DSA PRIVATE KEY-----">>) ->
     <<"-----END DSA PRIVATE KEY-----">>;
 pem_end(<<"-----BEGIN DH PARAMETERS-----">>) ->
@@ -230,6 +243,10 @@ asn1_type(<<"-----BEGIN CERTIFICATE-----">>) ->
     'Certificate';
 asn1_type(<<"-----BEGIN RSA PRIVATE KEY-----">>) ->
     'RSAPrivateKey';
+asn1_type(<<"-----BEGIN RSA PUBLIC KEY-----">>) ->
+    'RSAPublicKey';
+asn1_type(<<"-----BEGIN PUBLIC KEY-----">>) ->
+    'SubjectPublicKeyInfo';
 asn1_type(<<"-----BEGIN DSA PRIVATE KEY-----">>) ->
     'DSAPrivateKey';
 asn1_type(<<"-----BEGIN DH PARAMETERS-----">>) ->
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 30398df9cc..fad73e8e92 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -62,6 +62,7 @@
 -type dss_digest_type()      :: 'none' | 'sha'.
 
 -define(UINT32(X), X:32/unsigned-big-integer).
+-define(DER_NULL, <<5, 0>>).
 
 %%====================================================================
 %% API
@@ -90,6 +91,17 @@ pem_encode(PemEntries) when is_list(PemEntries) ->
 %% Description: Decodes a pem entry. pem_decode/1 returns a list of
 %% pem entries.
 %%--------------------------------------------------------------------
+pem_entry_decode({'SubjectPublicKeyInfo', Der, _}) ->
+    {_, {'AlgorithmIdentifier', AlgId, Params}, {0, Key0}}
+        = der_decode('SubjectPublicKeyInfo', Der),
+    KeyType = pubkey_cert_records:supportedPublicKeyAlgorithms(AlgId),
+    case KeyType of
+        'RSAPublicKey' ->
+            der_decode(KeyType, Key0);
+        'DSAPublicKey' ->
+            {params, DssParams} = der_decode('DSAParams', Params),
+            {der_decode(KeyType, Key0), DssParams}
+    end;
 pem_entry_decode({Asn1Type, Der, not_encrypted}) when is_atom(Asn1Type),
 						      is_binary(Der) ->
     der_decode(Asn1Type, Der).
@@ -114,6 +126,18 @@ pem_entry_decode({Asn1Type, CryptDer, {Cipher, Salt}} = PemEntry,
 %
 %% Description: Creates a pem entry that can be feed to pem_encode/1.
 %%--------------------------------------------------------------------
+pem_entry_encode('SubjectPublicKeyInfo', Entity=#'RSAPublicKey'{}) ->
+    Der = der_encode('RSAPublicKey', Entity),
+    Spki = {'SubjectPublicKeyInfo',
+            {'AlgorithmIdentifier', ?'rsaEncryption', ?DER_NULL}, {0, Der}},
+    pem_entry_encode('SubjectPublicKeyInfo', Spki);
+pem_entry_encode('SubjectPublicKeyInfo',
+                 {DsaInt, Params=#'Dss-Parms'{}}) when is_integer(DsaInt) ->
+    KeyDer = der_encode('DSAPublicKey', DsaInt),
+    ParamDer = der_encode('DSAParams', {params, Params}),
+    Spki = {'SubjectPublicKeyInfo',
+            {'AlgorithmIdentifier', ?'id-dsa', ParamDer}, {0, KeyDer}},
+    pem_entry_encode('SubjectPublicKeyInfo', Spki);
 pem_entry_encode(Asn1Type, Entity)  when is_atom(Asn1Type) ->
     Der = der_encode(Asn1Type, Entity),
     {Asn1Type, Der, not_encrypted}.
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index 1bc1c8ec75..e74ff8051d 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -139,6 +139,14 @@ pk_decode_encode(Config) when is_list(Config) ->
     DSAKey = public_key:der_decode('DSAPrivateKey', DerDSAKey),
     
     DSAKey = public_key:pem_entry_decode(Entry0),
+
+    {ok, DSAPubPem} = file:read_file(filename:join(Datadir, "dsa_pub.pem")),
+    [{'SubjectPublicKeyInfo', _, _} = PubEntry0] =
+        public_key:pem_decode(DSAPubPem),
+    DSAPubKey = public_key:pem_entry_decode(PubEntry0),
+    true = check_entry_type(DSAPubKey, 'DSAPublicKey'),
+    PubEntry0 = public_key:pem_entry_encode('SubjectPublicKeyInfo', DSAPubKey),
+    DSAPubPem = public_key:pem_encode([PubEntry0]),
     
     [{'RSAPrivateKey', DerRSAKey, not_encrypted} =  Entry1 ] = 
 	erl_make_certs:pem_to_der(filename:join(Datadir, "client_key.pem")),
@@ -153,6 +161,20 @@ pk_decode_encode(Config) when is_list(Config) ->
     true = check_entry_type(public_key:pem_entry_decode(Entry2, "abcd1234"), 
 			    'RSAPrivateKey'),
 
+    {ok, RSAPubPem} = file:read_file(filename:join(Datadir, "rsa_pub.pem")),
+    [{'SubjectPublicKeyInfo', _, _} = PubEntry1] =
+        public_key:pem_decode(RSAPubPem),
+    RSAPubKey = public_key:pem_entry_decode(PubEntry1),
+    true = check_entry_type(RSAPubKey, 'RSAPublicKey'),
+    PubEntry1 = public_key:pem_entry_encode('SubjectPublicKeyInfo', RSAPubKey),
+    RSAPubPem = public_key:pem_encode([PubEntry1]),
+
+    {ok, RSARawPem} = file:read_file(filename:join(Datadir, "rsa_pub_key.pem")),
+    [{'RSAPublicKey', _, _} = PubEntry2] =
+        public_key:pem_decode(RSARawPem),
+    RSAPubKey = public_key:pem_entry_decode(PubEntry2),
+    RSARawPem = public_key:pem_encode([PubEntry2]),
+
     Salt0 = crypto:rand_bytes(8),
     Entry3 = public_key:pem_entry_encode('RSAPrivateKey', RSAKey0, 
 					 {{"DES-EDE3-CBC", Salt0}, "1234abcd"}),
@@ -432,6 +454,10 @@ check_entry_type(#'DSAPrivateKey'{}, 'DSAPrivateKey') ->
     true;
 check_entry_type(#'RSAPrivateKey'{}, 'RSAPrivateKey') ->
     true;
+check_entry_type(#'RSAPublicKey'{}, 'RSAPublicKey') ->
+    true;
+check_entry_type({_Int, #'Dss-Parms'{}}, 'DSAPublicKey') when is_integer(_Int) ->
+    true;
 check_entry_type(#'DHParameter'{}, 'DHParameter') ->
     true;
 check_entry_type(#'Certificate'{}, 'Certificate') ->
diff --git a/lib/public_key/test/public_key_SUITE_data/dsa_pub.pem b/lib/public_key/test/public_key_SUITE_data/dsa_pub.pem
new file mode 100644
index 0000000000..d3635e5b20
--- /dev/null
+++ b/lib/public_key/test/public_key_SUITE_data/dsa_pub.pem
@@ -0,0 +1,12 @@
+-----BEGIN PUBLIC KEY-----
+MIIBtzCCASwGByqGSM44BAEwggEfAoGBALez5tklY5CdFeTMos899pA6i4u4uCts
+zgBzrdBk6cl5FVqzdzWMGTQiynnTpGsrOESinzP06Ip+pG15We2OORwgvCxD/W95
+aCiN0/+MdiXqlsmboBARMzsa+SmBENN3gF/+tuuEAFzOXU1q2cmEywRLyfbM2KIB
+VE/TChWYw2eRAhUA1R64VvcQ90XA8SOKVDmMA0dBzukCgYEAlLMYP0pbgBlgHQVO
+3/avAHlWNrIq52Lxk7SdPJWgMvPjTK9Z6sv88kxsCcydtjvO439j1yqcwk50GQc+
+86ktBWWz93/HkIdnFyqafef4mmWvm2Uq6ClQKS+A0Asfaj8Mys+HUMiI+qsfdjRb
+yIpwb7MX1nsVdsKzALnZNMW27A0DgYQAAoGAfEIAb3mLjtFfiF/tsZb4/DGHdWSb
+6Ir0hFkoBUZ9ymBO70wlfZVSQGs240kZtOMpAOpJL1Dy8oH6PUQ+JyacwZIo8fdq
+19/Kwm6CPrpaEhzErmMvwT2CZJYZ+HOk55ljLkVCiyG7MzEj2+odLKym9yoQsbsJ
+olHzIRpkLk45y4c=
+-----END PUBLIC KEY-----
diff --git a/lib/public_key/test/public_key_SUITE_data/rsa_pub.pem b/lib/public_key/test/public_key_SUITE_data/rsa_pub.pem
new file mode 100644
index 0000000000..cbe81343f7
--- /dev/null
+++ b/lib/public_key/test/public_key_SUITE_data/rsa_pub.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANRiyZg0uci74Nc6mnqZ8AoDl88aT7x6
+JA0MfgHIHzteEj7Qg+lE5QxMGAafurVE5vqoHkDfwk4uzzsCAJuz91MCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/lib/public_key/test/public_key_SUITE_data/rsa_pub_key.pem b/lib/public_key/test/public_key_SUITE_data/rsa_pub_key.pem
new file mode 100644
index 0000000000..3b9d7568ff
--- /dev/null
+++ b/lib/public_key/test/public_key_SUITE_data/rsa_pub_key.pem
@@ -0,0 +1,4 @@
+-----BEGIN RSA PUBLIC KEY-----
+MEgCQQDUYsmYNLnIu+DXOpp6mfAKA5fPGk+8eiQNDH4ByB87XhI+0IPpROUMTBgG
+n7q1ROb6qB5A38JOLs87AgCbs/dTAgMBAAE=
+-----END RSA PUBLIC KEY-----