aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key
diff options
context:
space:
mode:
Diffstat (limited to 'lib/public_key')
-rw-r--r--lib/public_key/doc/src/cert_records.xml2
-rw-r--r--lib/public_key/doc/src/public_key.xml6
-rw-r--r--lib/public_key/src/pubkey_pem.erl6
-rw-r--r--lib/public_key/src/public_key.erl30
4 files changed, 27 insertions, 17 deletions
diff --git a/lib/public_key/doc/src/cert_records.xml b/lib/public_key/doc/src/cert_records.xml
index d1293d12b8..b66c66bead 100644
--- a/lib/public_key/doc/src/cert_records.xml
+++ b/lib/public_key/doc/src/cert_records.xml
@@ -80,7 +80,7 @@ semantics, please see <url
<p><c>
special_string() =
{teletexString, string()} | {printableString, string()} |
- {universalString, string()} | {utf8String, string()} |
+ {universalString, string()} | {utf8String, binary()} |
{bmpString, string()}
</c></p>
diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index f8011cd5c0..88b1a9248e 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -92,7 +92,7 @@
not_encrypted | cipher_info()}</code></p>
<p><code>cipher_info() = {"RC2-CBC | "DES-CBC" | "DES-EDE3-CBC",
- crypto:rand_bytes(8)} | 'PBES2-params'}</code></p>
+ crypto:rand_bytes(8) | {#'PBEParameter{}, digest_type()} |#'PBES2-params'{}}</code></p>
<p><code>public_key() = rsa_public_key() | dsa_public_key() | ec_public_key()</code></p>
<p><code>private_key() = rsa_private_key() | dsa_private_key() | ec_private_key()</code></p>
@@ -113,6 +113,8 @@
<p><code>rsa_padding() = 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding' |
'rsa_no_padding'</code></p>
+
+ <p><code>digest_type() - Union of below digest types</code></p>
<p><code>rsa_digest_type() = 'md5' | 'sha' | 'sha224' | 'sha256' | 'sha384' |
'sha512'</code></p>
@@ -499,7 +501,7 @@ fun(OtpCert :: #'OTPCertificate'{},
<fsummary> Performs CRL validation.</fsummary>
<type>
<v> OTPCertificate = #'OTPCertificate'{}</v>
- <v> DPAndCRLs = [{DP::#'DistributionPoint'{} ,CRL::#'CertificateList'{}}] </v>
+ <v> DPAndCRLs = [{DP::#'DistributionPoint'{}, {DerCRL::der_encoded(), CRL::#'CertificateList'{}}}] </v>
<v> Options = proplists:proplist()</v>
<v> CRLStatus() = valid | {bad_cert, revocation_status_undetermined} |
{bad_cert, {revoked, crl_reason()}}</v>
diff --git a/lib/public_key/src/pubkey_pem.erl b/lib/public_key/src/pubkey_pem.erl
index 8d2e97ad77..98881c4a6a 100644
--- a/lib/public_key/src/pubkey_pem.erl
+++ b/lib/public_key/src/pubkey_pem.erl
@@ -68,7 +68,8 @@ encode(PemEntries) ->
%%--------------------------------------------------------------------
-spec decipher({public_key:pki_asn1_type(), DerEncrypted::binary(),
- {Cipher :: string(), Salt :: iodata() | #'PBES2-params'{}}},
+ {Cipher :: string(), Salt :: iodata() | #'PBES2-params'{}
+ | {#'PBEParameter'{}, atom()}}},
string()) -> Der::binary().
%%
%% Description: Deciphers a decrypted pem entry.
@@ -77,7 +78,8 @@ decipher({_, DecryptDer, {Cipher, KeyDevParams}}, Password) ->
pubkey_pbe:decode(DecryptDer, Password, Cipher, KeyDevParams).
%%--------------------------------------------------------------------
--spec cipher(Der::binary(), {Cipher :: string(), Salt :: iodata() | #'PBES2-params'{}} ,
+-spec cipher(Der::binary(), {Cipher :: string(), Salt :: iodata() | #'PBES2-params'{}
+ | {#'PBEParameter'{}, atom()}},
string()) -> binary().
%%
%% Description: Ciphers a PEM entry
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index bbe54ad4e1..1bbf4ef416 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -64,9 +64,15 @@
-type der_encoded() :: binary().
-type pki_asn1_type() :: 'Certificate' | 'RSAPrivateKey' | 'RSAPublicKey'
| 'DSAPrivateKey' | 'DSAPublicKey' | 'DHParameter'
- | 'SubjectPublicKeyInfo' | 'CertificationRequest' | 'CertificateList'.
--type pem_entry() :: {pki_asn1_type(), binary(), %% DER or Encrypted DER
- not_encrypted | {Cipher :: string(), Salt :: binary()}}.
+ | 'SubjectPublicKeyInfo' | 'PrivateKeyInfo' |
+ 'CertificationRequest' | 'CertificateList' |
+ 'ECPrivateKey' | 'EcpkParameters'.
+-type pem_entry() :: {pki_asn1_type(),
+ binary(), %% DER or Encrypted DER
+ not_encrypted | {Cipher :: string(), Salt :: binary()} |
+ {Cipher :: string(), #'PBES2-params'{}} |
+ {Cipher :: string(), {#'PBEParameter'{}, atom()}} %% hash type
+ }.
-type asn1_type() :: atom(). %% see "OTP-PUB-KEY.hrl
-type ssh_file() :: openssh_public_key | rfc4716_public_key | known_hosts |
auth_keys.
@@ -134,9 +140,9 @@ pem_entry_decode({Asn1Type, CryptDer, {Cipher, #'PBES2-params'{}}} = PemEntry,
is_list(Cipher) ->
do_pem_entry_decode(PemEntry, Password);
pem_entry_decode({Asn1Type, CryptDer, {Cipher, {#'PBEParameter'{},_}}} = PemEntry,
- Password) when is_atom(Asn1Type) andalso
- is_binary(CryptDer) andalso
- is_list(Cipher) ->
+ Password) when is_atom(Asn1Type) andalso
+ is_binary(CryptDer) andalso
+ is_list(Cipher) ->
do_pem_entry_decode(PemEntry, Password);
pem_entry_decode({Asn1Type, CryptDer, {Cipher, Salt}} = PemEntry,
Password) when is_atom(Asn1Type) andalso
@@ -174,10 +180,10 @@ pem_entry_encode(Asn1Type, Entity, {{Cipher, #'PBES2-params'{}} = CipherInfo,
is_list(Cipher) ->
do_pem_entry_encode(Asn1Type, Entity, CipherInfo, Password);
pem_entry_encode(Asn1Type, Entity, {{Cipher,
- {#'PBEParameter'{}, _}} = CipherInfo,
- Password}) when is_atom(Asn1Type) andalso
- is_list(Password) andalso
- is_list(Cipher) ->
+ {#'PBEParameter'{}, _}} = CipherInfo,
+ Password}) when is_atom(Asn1Type) andalso
+ is_list(Password) andalso
+ is_list(Cipher) ->
do_pem_entry_encode(Asn1Type, Entity, CipherInfo, Password);
pem_entry_encode(Asn1Type, Entity, {{Cipher, Salt} = CipherInfo,
Password}) when is_atom(Asn1Type) andalso
@@ -620,11 +626,11 @@ pkix_path_validation(#'OTPCertificate'{} = TrustedCert, CertChain, Options)
%--------------------------------------------------------------------
-spec pkix_crls_validate(#'OTPCertificate'{},
- [{DP::#'DistributionPoint'{} ,CRL::#'CertificateList'{}}],
+ [{DP::#'DistributionPoint'{}, {DerCRL::binary(), CRL::#'CertificateList'{}}}],
Options :: proplists:proplist()) -> valid | {bad_cert, revocation_status_undetermined}
| {bad_cert, {revoked, crl_reason()}}.
-%% Description: Performs a basic path validation according to RFC 5280.
+%% Description: Performs a CRL validation according to RFC 5280.
%%--------------------------------------------------------------------
pkix_crls_validate(OtpCert, [{_,_,_} |_] = DPAndCRLs, Options) ->
pkix_crls_validate(OtpCert, DPAndCRLs, DPAndCRLs,