diff options
Diffstat (limited to 'lib/public_key/src')
| -rw-r--r-- | lib/public_key/src/pubkey_cert.erl | 17 | ||||
| -rw-r--r-- | lib/public_key/src/pubkey_cert_records.erl | 34 | ||||
| -rw-r--r-- | lib/public_key/src/pubkey_crl.erl | 36 | ||||
| -rw-r--r-- | lib/public_key/src/pubkey_pem.erl | 8 | ||||
| -rw-r--r-- | lib/public_key/src/pubkey_ssh.erl | 7 | ||||
| -rw-r--r-- | lib/public_key/src/public_key.app.src | 4 | ||||
| -rw-r--r-- | lib/public_key/src/public_key.appup.src | 25 | ||||
| -rw-r--r-- | lib/public_key/src/public_key.erl | 23 |
8 files changed, 112 insertions, 42 deletions
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl index dc8d68c78f..ae517ca642 100644 --- a/lib/public_key/src/pubkey_cert.erl +++ b/lib/public_key/src/pubkey_cert.erl @@ -319,6 +319,8 @@ verify_fun(Otpcert, Result, UserState0, VerifyFun) -> %% %% Description: Extracts a specific extension from a list of extensions. %%-------------------------------------------------------------------- +select_extension(_, asn1_NOVALUE) -> + undefined; select_extension(_, []) -> undefined; select_extension(Id, [#'Extension'{extnID = Id} = Extension | _]) -> @@ -342,8 +344,11 @@ match_name(uniformResourceIdentifier, URI, [PermittedName | Rest]) -> incomplete -> false; {_, _, Host, _, _} -> - match_name(fun is_valid_host_or_domain/2, Host, - PermittedName, Rest) + PN = case split_uri(PermittedName) of + {_, _, PNhost, _, _} -> PNhost; + _X -> PermittedName + end, + match_name(fun is_valid_host_or_domain/2, Host, PN, Rest) end; match_name(emailAddress, Name, [PermittedName | Rest]) -> @@ -511,10 +516,10 @@ is_dir_name2(Value, Value) -> true; is_dir_name2({printableString, Value1}, {printableString, Value2}) -> string:to_lower(strip_spaces(Value1)) =:= string:to_lower(strip_spaces(Value2)); -is_dir_name2({utf8String, Value1}, String) -> %% BUGBUG FIX UTF8 conv - is_dir_name2({printableString, binary_to_list(Value1)}, String); -is_dir_name2(String, {utf8String, Value1}) -> %% BUGBUG FIX UTF8 conv - is_dir_name2(String, {printableString, binary_to_list(Value1)}); +is_dir_name2({utf8String, Value1}, String) -> + is_dir_name2({printableString, unicode:characters_to_list(Value1)}, String); +is_dir_name2(String, {utf8String, Value1}) -> + is_dir_name2(String, {printableString, unicode:characters_to_list(Value1)}); is_dir_name2(_, _) -> false. diff --git a/lib/public_key/src/pubkey_cert_records.erl b/lib/public_key/src/pubkey_cert_records.erl index fdd89aa70d..9a8e49f265 100644 --- a/lib/public_key/src/pubkey_cert_records.erl +++ b/lib/public_key/src/pubkey_cert_records.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -99,7 +99,7 @@ transform(Other,_) -> Other. %%-------------------------------------------------------------------- --spec supportedPublicKeyAlgorithms(Oid::tuple()) -> asn1_type(). +-spec supportedPublicKeyAlgorithms(Oid::tuple()) -> public_key:asn1_type(). %% %% Description: Returns the public key type for an algorithm %% identifier tuple as found in SubjectPublicKeyInfo. @@ -147,6 +147,20 @@ namedCurves(?'sect163r1') -> sect163r1; namedCurves(?'sect163k1') -> sect163k1; namedCurves(?'secp256r1') -> secp256r1; namedCurves(?'secp192r1') -> secp192r1; +namedCurves(?'brainpoolP160r1') -> brainpoolP160r1; +namedCurves(?'brainpoolP160t1') -> brainpoolP160t1; +namedCurves(?'brainpoolP192r1') -> brainpoolP192r1; +namedCurves(?'brainpoolP192t1') -> brainpoolP192t1; +namedCurves(?'brainpoolP224r1') -> brainpoolP224r1; +namedCurves(?'brainpoolP224t1') -> brainpoolP224t1; +namedCurves(?'brainpoolP256r1') -> brainpoolP256r1; +namedCurves(?'brainpoolP256t1') -> brainpoolP256t1; +namedCurves(?'brainpoolP320r1') -> brainpoolP320r1; +namedCurves(?'brainpoolP320t1') -> brainpoolP320t1; +namedCurves(?'brainpoolP384r1') -> brainpoolP384r1; +namedCurves(?'brainpoolP384t1') -> brainpoolP384t1; +namedCurves(?'brainpoolP512r1') -> brainpoolP512r1; +namedCurves(?'brainpoolP512t1') -> brainpoolP512t1; namedCurves(sect571r1) -> ?'sect571r1'; namedCurves(sect571k1) -> ?'sect571k1'; @@ -180,7 +194,21 @@ namedCurves(sect239k1) -> ?'sect239k1'; namedCurves(sect163r1) -> ?'sect163r1'; namedCurves(sect163k1) -> ?'sect163k1'; namedCurves(secp256r1) -> ?'secp256r1'; -namedCurves(secp192r1) -> ?'secp192r1'. +namedCurves(secp192r1) -> ?'secp192r1'; +namedCurves(brainpoolP160r1) -> ?'brainpoolP160r1'; +namedCurves(brainpoolP160t1) -> ?'brainpoolP160t1'; +namedCurves(brainpoolP192r1) -> ?'brainpoolP192r1'; +namedCurves(brainpoolP192t1) -> ?'brainpoolP192t1'; +namedCurves(brainpoolP224r1) -> ?'brainpoolP224r1'; +namedCurves(brainpoolP224t1) -> ?'brainpoolP224t1'; +namedCurves(brainpoolP256r1) -> ?'brainpoolP256r1'; +namedCurves(brainpoolP256t1) -> ?'brainpoolP256t1'; +namedCurves(brainpoolP320r1) -> ?'brainpoolP320r1'; +namedCurves(brainpoolP320t1) -> ?'brainpoolP320t1'; +namedCurves(brainpoolP384r1) -> ?'brainpoolP384r1'; +namedCurves(brainpoolP384t1) -> ?'brainpoolP384t1'; +namedCurves(brainpoolP512r1) -> ?'brainpoolP512r1'; +namedCurves(brainpoolP512t1) -> ?'brainpoolP512t1'. %%-------------------------------------------------------------------- %%% Internal functions diff --git a/lib/public_key/src/pubkey_crl.erl b/lib/public_key/src/pubkey_crl.erl index eaba5bfa1b..f0df4bc3f2 100644 --- a/lib/public_key/src/pubkey_crl.erl +++ b/lib/public_key/src/pubkey_crl.erl @@ -39,7 +39,13 @@ validate(OtpCert, OtherDPCRLs, DP, {DerCRL, CRL}, {DerDeltaCRL, DeltaCRL}, CertIssuer = TBSCert#'OTPTBSCertificate'.issuer, TBSCRL = CRL#'CertificateList'.tbsCertList, CRLIssuer = TBSCRL#'TBSCertList'.issuer, - AltNames = subject_alt_names(TBSCert#'OTPTBSCertificate'.extensions), + AltNames = case pubkey_cert:select_extension(?'id-ce-subjectAltName', + TBSCert#'OTPTBSCertificate'.extensions) of + undefined -> + []; + Ext -> + Ext#'Extension'.extnValue + end, revoked_status(DP, IDP, {directoryName, CRLIssuer}, [ {directoryName, CertIssuer} | AltNames], SerialNumber, Revoked, DeltaRevoked, RevokedState1); @@ -397,16 +403,18 @@ verify_dp_name(IDPNames, DPorIssuerNames) -> match_one([], _) -> false; match_one([{Type, Name} | Names], CandidateNames) -> - Candidates = [NameName || {NameType, NameName} <- CandidateNames, NameType == Type], + Candidates = [NameName || {NameType, NameName} <- CandidateNames, + NameType == Type], case Candidates of [] -> false; - [_|_] -> case pubkey_cert:match_name(Type, Name, Candidates) of - true -> - true; - false -> - match_one(Names, CandidateNames) - end + [_|_] -> + case pubkey_cert:match_name(Type, Name, Candidates) of + true -> + true; + false -> + match_one(Names, CandidateNames) + end end. verify_dp_bools(TBSCert, IDP) -> @@ -664,6 +672,8 @@ verify_extensions([#'TBSCertList_revokedCertificates_SEQOF'{crlEntryExtensions = verify_extensions(pubkey_cert:extensions_list(Ext)) and verify_extensions(Rest); verify_extensions([]) -> true; +verify_extensions(asn1_NOVALUE) -> + true; verify_extensions([#'Extension'{critical = true, extnID = Id} | Rest]) -> case lists:member(Id, [?'id-ce-authorityKeyIdentifier', ?'id-ce-issuerAltName', @@ -689,13 +699,3 @@ authority_key_identifier(Extensions) -> Enc = extension_value(?'id-ce-authorityKeyIdentifier', 'AuthorityKeyIdentifier', Extensions), pubkey_cert_records:transform(Enc, decode). - -subject_alt_names(Extensions) -> - Enc = extension_value(?'id-ce-subjectAltName', - 'GeneralNames', Extensions), - case Enc of - undefined -> - []; - _ -> - pubkey_cert_records:transform(Enc, decode) - end. diff --git a/lib/public_key/src/pubkey_pem.erl b/lib/public_key/src/pubkey_pem.erl index 746d142ec3..3a1653d989 100644 --- a/lib/public_key/src/pubkey_pem.erl +++ b/lib/public_key/src/pubkey_pem.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -51,7 +51,7 @@ %%==================================================================== %%-------------------------------------------------------------------- --spec decode(binary()) -> [pem_entry()]. +-spec decode(binary()) -> [public_key:pem_entry()]. %% %% Description: Decodes a PEM binary. %%-------------------------------------------------------------------- @@ -59,7 +59,7 @@ decode(Bin) -> decode_pem_entries(split_bin(Bin), []). %%-------------------------------------------------------------------- --spec encode([pem_entry()]) -> iolist(). +-spec encode([public_key:pem_entry()]) -> iolist(). %% %% Description: Encodes a list of PEM entries. %%-------------------------------------------------------------------- @@ -67,7 +67,7 @@ encode(PemEntries) -> encode_pem_entries(PemEntries). %%-------------------------------------------------------------------- --spec decipher({pki_asn1_type(), DerEncrypted::binary(), +-spec decipher({public_key:pki_asn1_type(), DerEncrypted::binary(), {Cipher :: string(), Salt :: iodata() | #'PBES2-params'{}}}, string()) -> Der::binary(). %% diff --git a/lib/public_key/src/pubkey_ssh.erl b/lib/public_key/src/pubkey_ssh.erl index 41280b9e14..0522ea6ac3 100644 --- a/lib/public_key/src/pubkey_ssh.erl +++ b/lib/public_key/src/pubkey_ssh.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2011-2013. All Rights Reserved. +%% Copyright Ericsson AB 2011-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -35,7 +35,8 @@ %%==================================================================== %%-------------------------------------------------------------------- --spec decode(binary(), public_key | ssh_file()) -> [{public_key(), Attributes::list()}]. +-spec decode(binary(), public_key | public_key:ssh_file()) -> + [{public_key:public_key(), Attributes::list()}]. %% %% Description: Decodes a ssh file-binary. %%-------------------------------------------------------------------- @@ -52,7 +53,7 @@ decode(Bin, Type) -> openssh_decode(Bin, Type). %%-------------------------------------------------------------------- --spec encode([{public_key(), Attributes::list()}], ssh_file()) -> +-spec encode([{public_key:public_key(), Attributes::list()}], public_key:ssh_file()) -> binary(). %% %% Description: Encodes a list of ssh file entries. diff --git a/lib/public_key/src/public_key.app.src b/lib/public_key/src/public_key.app.src index 736a778a4b..88ef07c5a6 100644 --- a/lib/public_key/src/public_key.app.src +++ b/lib/public_key/src/public_key.app.src @@ -13,7 +13,9 @@ ]}, {applications, [asn1, crypto, kernel, stdlib]}, {registered, []}, - {env, []} + {env, []}, + {runtime_dependencies, ["stdlib-2.0","kernel-3.0","erts-6.0","crypto-3.3", + "asn1-3.0"]} ] }. diff --git a/lib/public_key/src/public_key.appup.src b/lib/public_key/src/public_key.appup.src index aacd3b866d..5278732c87 100644 --- a/lib/public_key/src/public_key.appup.src +++ b/lib/public_key/src/public_key.appup.src @@ -1,8 +1,21 @@ %% -*- erlang -*- +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2014. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% {"%VSN%", - [ - {<<"0\\.*">>, [{restart_application, public_key}]} - ], - [ - {<<"0\\.*">>, [{restart_application, public_key}]} - ]}. + [{<<".*">>,[{restart_application, public_key}]}], + [{<<".*">>,[{restart_application, public_key}]}] +}. diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index ceecbcc7f2..a732455aa7 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -49,6 +49,27 @@ pkix_crls_validate/3 ]). +-export_type([public_key/0, private_key/0, pem_entry/0, + pki_asn1_type/0, asn1_type/0, ssh_file/0, der_encoded/0]). + +-type public_key() :: rsa_public_key() | dsa_public_key() | ec_public_key(). +-type private_key() :: rsa_private_key() | dsa_private_key() | ec_private_key(). + +-type rsa_public_key() :: #'RSAPublicKey'{}. +-type rsa_private_key() :: #'RSAPrivateKey'{}. +-type dsa_private_key() :: #'DSAPrivateKey'{}. +-type dsa_public_key() :: {integer(), #'Dss-Parms'{}}. +-type ec_public_key() :: {#'ECPoint'{},{namedCurve, Oid::tuple()} | #'ECParameters'{}}. +-type ec_private_key() :: #'ECPrivateKey'{}. +-type der_encoded() :: binary(). +-type pki_asn1_type() :: 'Certificate' | 'RSAPrivateKey' | 'RSAPublicKey' + | 'DSAPrivateKey' | 'DSAPublicKey' | 'DHParameter' + | 'SubjectPublicKeyInfo' | 'CertificationRequest' | 'CertificateList'. +-type pem_entry() :: {pki_asn1_type(), binary(), %% DER or Encrypted DER + not_encrypted | {Cipher :: string(), Salt :: binary()}}. +-type asn1_type() :: atom(). %% see "OTP-PUB-KEY.hrl +-type ssh_file() :: openssh_public_key | rfc4716_public_key | known_hosts | + auth_keys. -type rsa_padding() :: 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding' | 'rsa_no_padding'. -type public_crypt_options() :: [{rsa_pad, rsa_padding()}]. |