diff options
-rw-r--r-- | lib/public_key/doc/src/public_key.xml | 15 | ||||
-rw-r--r-- | lib/public_key/src/public_key.erl | 84 |
2 files changed, 36 insertions, 63 deletions
diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml index 0c9e0c9013..f64274d608 100644 --- a/lib/public_key/doc/src/public_key.xml +++ b/lib/public_key/doc/src/public_key.xml @@ -396,11 +396,11 @@ <name>sign(Msg, DigestType, Key) -> binary()</name> <fsummary> Create digital signature.</fsummary> <type> - <v>Msg = binary()</v> + <v>Msg = binary() | {digest,binary()}</v> <d>The msg is either the binary "plain text" data to be - signed or in the case that digest type is <c>{digest, DigestType}</c> - it is the hashed value of "plain text" i.e. the digest.</d> - <v>DigestType = rsa_digest_type() | dsa_digest_type() | {digest, rsa_digest_type() | dsa_digest_type()}</v> + signed or it is the hashed value of "plain text" i.e. the + digest.</d> + <v>DigestType = rsa_digest_type() | dsa_digest_type()</v> <v>Key = rsa_private_key() | dsa_private_key()</v> </type> <desc> @@ -461,11 +461,10 @@ <name>verify(Msg, DigestType, Signature, Key) -> boolean()</name> <fsummary>Verifies a digital signature.</fsummary> <type> - <v>Msg = binary()</v> + <v>Msg = binary() | {digest,binary()}</v> <d>The msg is either the binary "plain text" data - or in the case that digest type is <c>{digest, DigestType}</c> - it is the hashed value of "plain text" i.e. the digest.</d> - <v>DigestType = rsa_digest_type() | dsa_digest_type() | {digest, rsa_digest_type() | dsa_digest_type()}</v> + or it is the hashed value of "plain text" i.e. the digest.</d> + <v>DigestType = rsa_digest_type() | dsa_digest_type()</v> <v>Signature = binary()</v> <v>Key = rsa_public_key() | dsa_public_key()</v> </type> diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index 9c87c9505e..686a11a7b2 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2011. All Rights Reserved. +%% Copyright Ericsson AB 2008-2012. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -48,7 +48,7 @@ -type rsa_padding() :: 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding' | 'rsa_no_padding'. -type public_crypt_options() :: [{rsa_pad, rsa_padding()}]. --type rsa_digest_type() :: 'md5' | 'sha'| 'sha256' | 'sha512'. +-type rsa_digest_type() :: 'md5' | 'sha'| 'sha256' | 'sha384' | 'sha512'. -type dss_digest_type() :: 'none' | 'sha'. %% None is for backwards compatibility -define(UINT32(X), X:32/unsigned-big-integer). @@ -332,87 +332,61 @@ format_rsa_private_key(#'RSAPrivateKey'{modulus = N, publicExponent = E, [crypto:mpint(K) || K <- [E, N, D]]. %%-------------------------------------------------------------------- --spec sign(PlainTextOrDigest :: binary(), rsa_digest_type() | dss_digest_type() | - {digest, rsa_digest_type() | dss_digest_type()}, +-spec sign(binary() | {digest, binary()}, rsa_digest_type() | dss_digest_type(), rsa_private_key() | dsa_private_key()) -> Signature :: binary(). %% Description: Create digital signature. %%-------------------------------------------------------------------- -sign(Digest, {digest, DigestType}, #'RSAPrivateKey'{modulus = N, publicExponent = E, - privateExponent = D}) - when is_binary(Digest), - (DigestType == sha orelse - DigestType == sh256 orelse - DigestType == sha512 orelse - DigestType == md5) -> - crypto:rsa_sign_hash(DigestType, Digest, [crypto:mpint(E), crypto:mpint(N), crypto:mpint(D)]); - -sign(PlainText,DigestType, #'RSAPrivateKey'{modulus = N, publicExponent = E, - privateExponent = D}) - when is_binary(PlainText), - (DigestType == sha orelse - DigestType == sh256 orelse - DigestType == sha512 orelse - DigestType == md5) -> - crypto:rsa_sign(DigestType, sized_binary(PlainText), [crypto:mpint(E), - crypto:mpint(N), - crypto:mpint(D)]); - -sign(PlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) - when is_binary(PlainText) -> +sign({digest,_}=Digest, DigestType, Key = #'RSAPrivateKey'{}) -> + crypto:rsa_sign(DigestType, Digest, format_rsa_private_key(Key)); + +sign(PlainText, DigestType, Key = #'RSAPrivateKey'{}) -> + crypto:rsa_sign(DigestType, sized_binary(PlainText), format_rsa_private_key(Key)); + +sign({digest,_}=Digest, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) -> + crypto:dss_sign(Digest, + [crypto:mpint(P), crypto:mpint(Q), + crypto:mpint(G), crypto:mpint(X)]); + +sign(PlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) -> crypto:dss_sign(sized_binary(PlainText), [crypto:mpint(P), crypto:mpint(Q), crypto:mpint(G), crypto:mpint(X)]); -sign(Digest, {digest, DigestType}, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) - when is_binary(Digest)-> - crypto:dss_sign_hash(DigestType, Digest, - [crypto:mpint(P), crypto:mpint(Q), - crypto:mpint(G), crypto:mpint(X)]); %% Backwards compatible sign(Digest, none, #'DSAPrivateKey'{} = Key) -> - sign(Digest, {digest, sha}, Key). + sign({digest,Digest}, sha, Key). %%-------------------------------------------------------------------- --spec verify(PlainTextOrDigest :: binary(), rsa_digest_type() | dss_digest_type() | - {digest, rsa_digest_type() | dss_digest_type()}, +-spec verify(binary() | {digest, binary()}, rsa_digest_type() | dss_digest_type(), Signature :: binary(), rsa_public_key() | dsa_public_key()) -> boolean(). %% Description: Verifies a digital signature. %%-------------------------------------------------------------------- +verify({digest,_}=Digest, DigestType, Signature, + #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}) -> + crypto:rsa_verify(DigestType, Digest, + sized_binary(Signature), + [crypto:mpint(Exp), crypto:mpint(Mod)]); + verify(PlainText, DigestType, Signature, - #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}) - when is_binary (PlainText) and (DigestType == sha orelse - DigestType == sha256 orelse - DigestType == sha512 orelse - DigestType == md5) -> + #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}) -> crypto:rsa_verify(DigestType, sized_binary(PlainText), sized_binary(Signature), [crypto:mpint(Exp), crypto:mpint(Mod)]); -verify(Digest, {digest, DigestType}, Signature, #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}) - when is_binary (Digest) and (DigestType == sha orelse - DigestType == sha256 orelse - DigestType == sha512 orelse - DigestType == md5) -> - crypto:rsa_verify_hash(DigestType, Digest, - sized_binary(Signature), - [crypto:mpint(Exp), crypto:mpint(Mod)]); - -verify(Digest, {digest, sha}, Signature, {Key, #'Dss-Parms'{p = P, q = Q, g = G}}) - when is_integer(Key), is_binary(Digest), is_binary(Signature) -> - crypto:dss_verify(none, - Digest, - sized_binary(Signature), +verify({digest,_}=Digest, sha, Signature, {Key, #'Dss-Parms'{p = P, q = Q, g = G}}) + when is_integer(Key), is_binary(Signature) -> + crypto:dss_verify(Digest, sized_binary(Signature), [crypto:mpint(P), crypto:mpint(Q), crypto:mpint(G), crypto:mpint(Key)]); %% Backwards compatibility verify(Digest, none, Signature, {_, #'Dss-Parms'{}} = Key ) -> - verify(Digest, {digest, sha}, Signature, Key); + verify({digest,Digest}, sha, Signature, Key); verify(PlainText, sha, Signature, {Key, #'Dss-Parms'{p = P, q = Q, g = G}}) - when is_integer(Key), is_binary(PlainText), is_binary(Signature) -> + when is_integer(Key), is_binary(PlainText), is_binary(Signature) -> crypto:dss_verify(sized_binary(PlainText), sized_binary(Signature), [crypto:mpint(P), crypto:mpint(Q), |