diff options
Diffstat (limited to 'lib/public_key')
-rw-r--r-- | lib/public_key/doc/src/public_key.xml | 21 | ||||
-rw-r--r-- | lib/public_key/include/public_key.hrl | 5 | ||||
-rw-r--r-- | lib/public_key/src/pubkey_cert_records.erl | 16 | ||||
-rw-r--r-- | lib/public_key/src/pubkey_pem.erl | 25 | ||||
-rw-r--r-- | lib/public_key/src/public_key.erl | 24 | ||||
-rw-r--r-- | lib/public_key/test/pkits_SUITE.erl | 39 | ||||
-rw-r--r-- | lib/public_key/test/public_key.cover | 4 | ||||
-rw-r--r-- | lib/public_key/test/public_key.spec | 3 | ||||
-rw-r--r-- | lib/public_key/test/public_key_SUITE.erl | 63 | ||||
-rw-r--r-- | lib/public_key/test/public_key_SUITE_data/dsa_pub.pem | 12 | ||||
-rw-r--r-- | lib/public_key/test/public_key_SUITE_data/rsa_pub.pem | 4 | ||||
-rw-r--r-- | lib/public_key/test/public_key_SUITE_data/rsa_pub_key.pem | 4 |
12 files changed, 166 insertions, 54 deletions
diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml index c72719fac4..91e058f74e 100644 --- a/lib/public_key/doc/src/public_key.xml +++ b/lib/public_key/doc/src/public_key.xml @@ -64,8 +64,8 @@ <p><c>decrypt_der() = binary() </c></p> - <p><c>pki_asn1_type() = 'Certificate' | 'RSAPrivateKey'| - 'DSAPrivateKey' | 'DHParameter'</c></p> + <p><c>pki_asn1_type() = 'Certificate' | 'RSAPrivateKey'| 'RSAPublicKey' + 'DSAPrivateKey' | 'DSAPublicKey' | 'DHParameter' | 'SubjectPublicKeyInfo'</c></p> <p><c>pem_entry () = {pki_asn1_type(), der_encoded() | decrypt_der(), not_encrypted | {"DES-CBC" | "DES-EDE3-CBC", crypto:rand_bytes(8)}}.</c></p> @@ -207,17 +207,24 @@ <v> Password = string() </v> </type> <desc> - <p>Decodes a pem entry. pem_decode/1 returns a list of - pem entries.</p> + <p>Decodes a pem entry. pem_decode/1 returns a list of pem + entries. Note that if the pem entry is of type + 'SubjectPublickeyInfo' it will be further decoded to an + rsa_public_key() or dsa_public_key().</p> </desc> </func> <func> <name>pem_entry_encode(Asn1Type, Entity [,{CipherInfo, Password}]) -> pem_entry()</name> - <fsummary> Creates a pem entry that can be feed to pem_encode/1.</fsummary> + <fsummary> Creates a pem entry that can be fed to pem_encode/1.</fsummary> <type> - <v>Asn1Type = atom()</v> - <v>Entity = term()</v> + <v>Asn1Type = pki_asn1_type()</v> + <v>Entity = term() - The Erlang representation of + <c>Asn1Type</c>. If <c>Asn1Type</c> is 'SubjectPublicKeyInfo' + then <c>Entity</c> must be either an rsa_public_key() or a + dsa_public_key() and this function will create the appropriate + 'SubjectPublicKeyInfo' entry. + </v> <v>CipherInfo = {"DES-CBC" | "DES-EDE3-CBC", crypto:rand_bytes(8)}</v> <v>Password = string()</v> </type> diff --git a/lib/public_key/include/public_key.hrl b/lib/public_key/include/public_key.hrl index 4950597fb5..f29ab859ed 100644 --- a/lib/public_key/include/public_key.hrl +++ b/lib/public_key/include/public_key.hrl @@ -73,8 +73,9 @@ -type der_encoded() :: binary(). -type decrypt_der() :: binary(). --type pki_asn1_type() :: 'Certificate' | 'RSAPrivateKey' - | 'DSAPrivateKey' | 'DHParameter'. +-type pki_asn1_type() :: 'Certificate' | 'RSAPrivateKey' | 'RSAPublicKey' + | 'DSAPrivateKey' | 'DSAPublicKey' | 'DHParameter' + | 'SubjectPublicKeyInfo'. -type pem_entry() :: {pki_asn1_type(), der_encoded() | decrypt_der(), not_encrypted | {Cipher :: string(), Salt :: binary()}}. -type asn1_type() :: atom(). %% see "OTP-PUB-KEY.hrl diff --git a/lib/public_key/src/pubkey_cert_records.erl b/lib/public_key/src/pubkey_cert_records.erl index 20b322b4a4..7a387e487c 100644 --- a/lib/public_key/src/pubkey_cert_records.erl +++ b/lib/public_key/src/pubkey_cert_records.erl @@ -23,7 +23,7 @@ -include("public_key.hrl"). --export([decode_cert/1, transform/2]). +-export([decode_cert/1, transform/2, supportedPublicKeyAlgorithms/1]). %%==================================================================== %% Internal application API @@ -80,16 +80,24 @@ transform(Other,_) -> Other. %%-------------------------------------------------------------------- -%%% Internal functions +-spec supportedPublicKeyAlgorithms(Oid::tuple()) -> asn1_type(). +%% +%% Description: Returns the public key type for an algorithm +%% identifier tuple as found in SubjectPublicKeyInfo. +%% %%-------------------------------------------------------------------- - -%%% SubjectPublicKey supportedPublicKeyAlgorithms(?'rsaEncryption') -> 'RSAPublicKey'; supportedPublicKeyAlgorithms(?'id-dsa') -> 'DSAPublicKey'; supportedPublicKeyAlgorithms(?'dhpublicnumber') -> 'DHPublicKey'; supportedPublicKeyAlgorithms(?'id-keyExchangeAlgorithm') -> 'KEA-PublicKey'; supportedPublicKeyAlgorithms(?'id-ecPublicKey') -> 'ECPoint'. +%%-------------------------------------------------------------------- +%%% Internal functions +%%-------------------------------------------------------------------- + +%%% SubjectPublicKey + decode_supportedPublicKey(#'OTPSubjectPublicKeyInfo'{algorithm= PA = #'PublicKeyAlgorithm'{algorithm=Algo}, subjectPublicKey = {0,SPK0}}) -> diff --git a/lib/public_key/src/pubkey_pem.erl b/lib/public_key/src/pubkey_pem.erl index 31d881973a..78870e5cd7 100644 --- a/lib/public_key/src/pubkey_pem.erl +++ b/lib/public_key/src/pubkey_pem.erl @@ -93,11 +93,11 @@ encode_pem_entries(Entries) -> encode_pem_entry({Asn1Type, Der, not_encrypted}) -> StartStr = pem_start(Asn1Type), - [StartStr, "\n", b64encode_and_split(Der), pem_end(StartStr) ,"\n\n"]; + [StartStr, "\n", b64encode_and_split(Der), "\n", pem_end(StartStr) ,"\n\n"]; encode_pem_entry({Asn1Type, Der, {Cipher, Salt}}) -> StartStr = pem_start(Asn1Type), [StartStr,"\n", pem_decrypt(),"\n", pem_decrypt_info(Cipher, Salt),"\n", - b64encode_and_split(Der), pem_end(StartStr) ,"\n\n"]. + b64encode_and_split(Der), "\n", pem_end(StartStr) ,"\n\n"]. decode_pem_entries([], Entries) -> lists:reverse(Entries); @@ -145,16 +145,22 @@ split_bin(N, Bin) -> b64encode_and_split(Bin) -> split_lines(base64:encode(Bin)). +split_lines(<<Text:?ENCODED_LINE_LENGTH/binary>>) -> + [Text]; split_lines(<<Text:?ENCODED_LINE_LENGTH/binary, Rest/binary>>) -> [Text, $\n | split_lines(Rest)]; split_lines(Bin) -> - [Bin, $\n]. + [Bin]. %% Ignore white space at end of line join_entry([<<"-----END CERTIFICATE-----", _/binary>>| Lines], Entry) -> {lists:reverse(Entry), Lines}; join_entry([<<"-----END RSA PRIVATE KEY-----", _/binary>>| Lines], Entry) -> {lists:reverse(Entry), Lines}; +join_entry([<<"-----END PUBLIC KEY-----", _/binary>>| Lines], Entry) -> + {lists:reverse(Entry), Lines}; +join_entry([<<"-----END RSA PUBLIC KEY-----", _/binary>>| Lines], Entry) -> + {lists:reverse(Entry), Lines}; join_entry([<<"-----END DSA PRIVATE KEY-----", _/binary>>| Lines], Entry) -> {lists:reverse(Entry), Lines}; join_entry([<<"-----END DH PARAMETERS-----", _/binary>>| Lines], Entry) -> @@ -210,15 +216,22 @@ pem_start('Certificate') -> <<"-----BEGIN CERTIFICATE-----">>; pem_start('RSAPrivateKey') -> <<"-----BEGIN RSA PRIVATE KEY-----">>; +pem_start('RSAPublicKey') -> + <<"-----BEGIN RSA PUBLIC KEY-----">>; +pem_start('SubjectPublicKeyInfo') -> + <<"-----BEGIN PUBLIC KEY-----">>; pem_start('DSAPrivateKey') -> <<"-----BEGIN DSA PRIVATE KEY-----">>; pem_start('DHParameter') -> <<"-----BEGIN DH PARAMETERS-----">>. - pem_end(<<"-----BEGIN CERTIFICATE-----">>) -> <<"-----END CERTIFICATE-----">>; pem_end(<<"-----BEGIN RSA PRIVATE KEY-----">>) -> <<"-----END RSA PRIVATE KEY-----">>; +pem_end(<<"-----BEGIN RSA PUBLIC KEY-----">>) -> + <<"-----END RSA PUBLIC KEY-----">>; +pem_end(<<"-----BEGIN PUBLIC KEY-----">>) -> + <<"-----END PUBLIC KEY-----">>; pem_end(<<"-----BEGIN DSA PRIVATE KEY-----">>) -> <<"-----END DSA PRIVATE KEY-----">>; pem_end(<<"-----BEGIN DH PARAMETERS-----">>) -> @@ -230,6 +243,10 @@ asn1_type(<<"-----BEGIN CERTIFICATE-----">>) -> 'Certificate'; asn1_type(<<"-----BEGIN RSA PRIVATE KEY-----">>) -> 'RSAPrivateKey'; +asn1_type(<<"-----BEGIN RSA PUBLIC KEY-----">>) -> + 'RSAPublicKey'; +asn1_type(<<"-----BEGIN PUBLIC KEY-----">>) -> + 'SubjectPublicKeyInfo'; asn1_type(<<"-----BEGIN DSA PRIVATE KEY-----">>) -> 'DSAPrivateKey'; asn1_type(<<"-----BEGIN DH PARAMETERS-----">>) -> diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index 30398df9cc..fad73e8e92 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -62,6 +62,7 @@ -type dss_digest_type() :: 'none' | 'sha'. -define(UINT32(X), X:32/unsigned-big-integer). +-define(DER_NULL, <<5, 0>>). %%==================================================================== %% API @@ -90,6 +91,17 @@ pem_encode(PemEntries) when is_list(PemEntries) -> %% Description: Decodes a pem entry. pem_decode/1 returns a list of %% pem entries. %%-------------------------------------------------------------------- +pem_entry_decode({'SubjectPublicKeyInfo', Der, _}) -> + {_, {'AlgorithmIdentifier', AlgId, Params}, {0, Key0}} + = der_decode('SubjectPublicKeyInfo', Der), + KeyType = pubkey_cert_records:supportedPublicKeyAlgorithms(AlgId), + case KeyType of + 'RSAPublicKey' -> + der_decode(KeyType, Key0); + 'DSAPublicKey' -> + {params, DssParams} = der_decode('DSAParams', Params), + {der_decode(KeyType, Key0), DssParams} + end; pem_entry_decode({Asn1Type, Der, not_encrypted}) when is_atom(Asn1Type), is_binary(Der) -> der_decode(Asn1Type, Der). @@ -114,6 +126,18 @@ pem_entry_decode({Asn1Type, CryptDer, {Cipher, Salt}} = PemEntry, % %% Description: Creates a pem entry that can be feed to pem_encode/1. %%-------------------------------------------------------------------- +pem_entry_encode('SubjectPublicKeyInfo', Entity=#'RSAPublicKey'{}) -> + Der = der_encode('RSAPublicKey', Entity), + Spki = {'SubjectPublicKeyInfo', + {'AlgorithmIdentifier', ?'rsaEncryption', ?DER_NULL}, {0, Der}}, + pem_entry_encode('SubjectPublicKeyInfo', Spki); +pem_entry_encode('SubjectPublicKeyInfo', + {DsaInt, Params=#'Dss-Parms'{}}) when is_integer(DsaInt) -> + KeyDer = der_encode('DSAPublicKey', DsaInt), + ParamDer = der_encode('DSAParams', {params, Params}), + Spki = {'SubjectPublicKeyInfo', + {'AlgorithmIdentifier', ?'id-dsa', ParamDer}, {0, KeyDer}}, + pem_entry_encode('SubjectPublicKeyInfo', Spki); pem_entry_encode(Asn1Type, Entity) when is_atom(Asn1Type) -> Der = der_encode(Asn1Type, Entity), {Asn1Type, Der, not_encrypted}. diff --git a/lib/public_key/test/pkits_SUITE.erl b/lib/public_key/test/pkits_SUITE.erl index a20f4e72c6..fd976cb2f3 100644 --- a/lib/public_key/test/pkits_SUITE.erl +++ b/lib/public_key/test/pkits_SUITE.erl @@ -25,8 +25,8 @@ -compile(export_all). -%%-include_lib("public_key/include/public_key.hrl"). --include("public_key.hrl"). +-include_lib("public_key/include/public_key.hrl"). +%%-include("public_key.hrl"). -define(error(Format,Args), error(Format,Args,?FILE,?LINE)). -define(warning(Format,Args), warning(Format,Args,?FILE,?LINE)). @@ -43,25 +43,24 @@ -define(NIST6, "2.16.840.1.101.3.2.1.48.6"). %% -all(doc) -> - ["PKITS tests for RFC3280 compliance"]; -all(suite) -> - [signature_verification, - validity_periods, +suite() -> [{ct_hooks,[ts_install_cth]}]. + +all() -> + [signature_verification, validity_periods, verifying_name_chaining, - %% basic_certificate_revocation_tests, verifying_paths_with_self_issued_certificates, - verifying_basic_constraints, - key_usage, -%% certificate_policies, -%% require_explicit_policy, -%% policy_mappings, -%% inhibit_policy_mapping, -%% inhibit_any_policy, - name_constraints, -%% distribution_points, -%% delta_crls, - private_certificate_extensions]. + verifying_basic_constraints, key_usage, + name_constraints, private_certificate_extensions]. + +groups() -> + []. + +init_per_group(_GroupName, Config) -> + Config. + +end_per_group(_GroupName, Config) -> + Config. + signature_verification(doc) -> [""]; signature_verification(suite) -> []; @@ -580,7 +579,7 @@ init_per_testcase(_Func, Config) -> put(datadir, Datadir), Config. -fin_per_testcase(_Func, Config) -> +end_per_testcase(_Func, Config) -> %% Nodes = select_nodes(all, Config, ?FILE, ?LINE), %% rpc:multicall(Nodes, mnesia, lkill, []), Config. diff --git a/lib/public_key/test/public_key.cover b/lib/public_key/test/public_key.cover index 8477c76ef6..ec00814578 100644 --- a/lib/public_key/test/public_key.cover +++ b/lib/public_key/test/public_key.cover @@ -1,2 +1,4 @@ +{incl_app,public_key,details}. -{exclude, ['OTP-PUB-KEY']}.
\ No newline at end of file + +{excl_mods, public_key, ['OTP-PUB-KEY']}. diff --git a/lib/public_key/test/public_key.spec b/lib/public_key/test/public_key.spec index dee9ad44ed..1749822c2d 100644 --- a/lib/public_key/test/public_key.spec +++ b/lib/public_key/test/public_key.spec @@ -1,2 +1 @@ -{topcase, {dir, "../public_key_test"}}. - +{suites,"../public_key_test",all}. diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl index 1bc1c8ec75..d130196c15 100644 --- a/lib/public_key/test/public_key_SUITE.erl +++ b/lib/public_key/test/public_key_SUITE.erl @@ -23,10 +23,10 @@ %% Note: This directive should only be used in test suites. -compile(export_all). --include_lib("test_server/include/test_server.hrl"). +-include_lib("common_test/include/ct.hrl"). -include_lib("test_server/include/test_server_line.hrl"). --include("public_key.hrl"). +-include_lib("public_key/include/public_key.hrl"). -define(TIMEOUT, 120000). % 2 min @@ -99,18 +99,21 @@ end_per_testcase(_TestCase, Config) -> %% Name of a test case. %% Description: Returns a list of all test cases in this test suite %%-------------------------------------------------------------------- -all(doc) -> - ["Test the public_key rsa functionality"]; - -all(suite) -> - [app, - pk_decode_encode, - encrypt_decrypt, - sign_verify, - pkix, - pkix_path_validation, - deprecated - ]. +suite() -> [{ct_hooks,[ts_install_cth]}]. + +all() -> + [app, pk_decode_encode, encrypt_decrypt, sign_verify, + pkix, pkix_path_validation, deprecated]. + +groups() -> + []. + +init_per_group(_GroupName, Config) -> + Config. + +end_per_group(_GroupName, Config) -> + Config. + %% Test cases starts here. %%-------------------------------------------------------------------- @@ -139,6 +142,15 @@ pk_decode_encode(Config) when is_list(Config) -> DSAKey = public_key:der_decode('DSAPrivateKey', DerDSAKey), DSAKey = public_key:pem_entry_decode(Entry0), + + {ok, DSAPubPem} = file:read_file(filename:join(Datadir, "dsa_pub.pem")), + [{'SubjectPublicKeyInfo', _, _} = PubEntry0] = + public_key:pem_decode(DSAPubPem), + DSAPubKey = public_key:pem_entry_decode(PubEntry0), + true = check_entry_type(DSAPubKey, 'DSAPublicKey'), + PubEntry0 = public_key:pem_entry_encode('SubjectPublicKeyInfo', DSAPubKey), + DSAPubPemNoEndNewLines = strip_ending_newlines(DSAPubPem), + DSAPubPemEndNoNewLines = strip_ending_newlines(public_key:pem_encode([PubEntry0])), [{'RSAPrivateKey', DerRSAKey, not_encrypted} = Entry1 ] = erl_make_certs:pem_to_der(filename:join(Datadir, "client_key.pem")), @@ -153,6 +165,22 @@ pk_decode_encode(Config) when is_list(Config) -> true = check_entry_type(public_key:pem_entry_decode(Entry2, "abcd1234"), 'RSAPrivateKey'), + {ok, RSAPubPem} = file:read_file(filename:join(Datadir, "rsa_pub.pem")), + [{'SubjectPublicKeyInfo', _, _} = PubEntry1] = + public_key:pem_decode(RSAPubPem), + RSAPubKey = public_key:pem_entry_decode(PubEntry1), + true = check_entry_type(RSAPubKey, 'RSAPublicKey'), + PubEntry1 = public_key:pem_entry_encode('SubjectPublicKeyInfo', RSAPubKey), + RSAPubPemNoEndNewLines = strip_ending_newlines(RSAPubPem), + RSAPubPemNoEndNewLines = strip_ending_newlines(public_key:pem_encode([PubEntry1])), + + {ok, RSARawPem} = file:read_file(filename:join(Datadir, "rsa_pub_key.pem")), + [{'RSAPublicKey', _, _} = PubEntry2] = + public_key:pem_decode(RSARawPem), + RSAPubKey = public_key:pem_entry_decode(PubEntry2), + RSARawPemNoEndNewLines = strip_ending_newlines(RSARawPem), + RSARawPemNoEndNewLines = strip_ending_newlines(public_key:pem_encode([PubEntry2])), + Salt0 = crypto:rand_bytes(8), Entry3 = public_key:pem_entry_encode('RSAPrivateKey', RSAKey0, {{"DES-EDE3-CBC", Salt0}, "1234abcd"}), @@ -432,9 +460,16 @@ check_entry_type(#'DSAPrivateKey'{}, 'DSAPrivateKey') -> true; check_entry_type(#'RSAPrivateKey'{}, 'RSAPrivateKey') -> true; +check_entry_type(#'RSAPublicKey'{}, 'RSAPublicKey') -> + true; +check_entry_type({_Int, #'Dss-Parms'{}}, 'DSAPublicKey') when is_integer(_Int) -> + true; check_entry_type(#'DHParameter'{}, 'DHParameter') -> true; check_entry_type(#'Certificate'{}, 'Certificate') -> true; check_entry_type(_,_) -> false. + +strip_ending_newlines(Bin) -> + string:strip(binary_to_list(Bin), right, 10). diff --git a/lib/public_key/test/public_key_SUITE_data/dsa_pub.pem b/lib/public_key/test/public_key_SUITE_data/dsa_pub.pem new file mode 100644 index 0000000000..d3635e5b20 --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/dsa_pub.pem @@ -0,0 +1,12 @@ +-----BEGIN PUBLIC KEY----- +MIIBtzCCASwGByqGSM44BAEwggEfAoGBALez5tklY5CdFeTMos899pA6i4u4uCts +zgBzrdBk6cl5FVqzdzWMGTQiynnTpGsrOESinzP06Ip+pG15We2OORwgvCxD/W95 +aCiN0/+MdiXqlsmboBARMzsa+SmBENN3gF/+tuuEAFzOXU1q2cmEywRLyfbM2KIB +VE/TChWYw2eRAhUA1R64VvcQ90XA8SOKVDmMA0dBzukCgYEAlLMYP0pbgBlgHQVO +3/avAHlWNrIq52Lxk7SdPJWgMvPjTK9Z6sv88kxsCcydtjvO439j1yqcwk50GQc+ +86ktBWWz93/HkIdnFyqafef4mmWvm2Uq6ClQKS+A0Asfaj8Mys+HUMiI+qsfdjRb +yIpwb7MX1nsVdsKzALnZNMW27A0DgYQAAoGAfEIAb3mLjtFfiF/tsZb4/DGHdWSb +6Ir0hFkoBUZ9ymBO70wlfZVSQGs240kZtOMpAOpJL1Dy8oH6PUQ+JyacwZIo8fdq +19/Kwm6CPrpaEhzErmMvwT2CZJYZ+HOk55ljLkVCiyG7MzEj2+odLKym9yoQsbsJ +olHzIRpkLk45y4c= +-----END PUBLIC KEY----- diff --git a/lib/public_key/test/public_key_SUITE_data/rsa_pub.pem b/lib/public_key/test/public_key_SUITE_data/rsa_pub.pem new file mode 100644 index 0000000000..cbe81343f7 --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/rsa_pub.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANRiyZg0uci74Nc6mnqZ8AoDl88aT7x6 +JA0MfgHIHzteEj7Qg+lE5QxMGAafurVE5vqoHkDfwk4uzzsCAJuz91MCAwEAAQ== +-----END PUBLIC KEY----- diff --git a/lib/public_key/test/public_key_SUITE_data/rsa_pub_key.pem b/lib/public_key/test/public_key_SUITE_data/rsa_pub_key.pem new file mode 100644 index 0000000000..3b9d7568ff --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/rsa_pub_key.pem @@ -0,0 +1,4 @@ +-----BEGIN RSA PUBLIC KEY----- +MEgCQQDUYsmYNLnIu+DXOpp6mfAKA5fPGk+8eiQNDH4ByB87XhI+0IPpROUMTBgG +n7q1ROb6qB5A38JOLs87AgCbs/dTAgMBAAE= +-----END RSA PUBLIC KEY----- |