aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key
diff options
context:
space:
mode:
Diffstat (limited to 'lib/public_key')
-rw-r--r--lib/public_key/doc/src/notes.xml28
-rw-r--r--lib/public_key/doc/src/public_key.xml10
-rw-r--r--lib/public_key/src/public_key.app.src2
-rw-r--r--lib/public_key/src/public_key.erl59
-rw-r--r--lib/public_key/test/erl_make_certs.erl14
-rw-r--r--lib/public_key/vsn.mk2
6 files changed, 102 insertions, 13 deletions
diff --git a/lib/public_key/doc/src/notes.xml b/lib/public_key/doc/src/notes.xml
index 74d1a57936..92e314186e 100644
--- a/lib/public_key/doc/src/notes.xml
+++ b/lib/public_key/doc/src/notes.xml
@@ -35,6 +35,34 @@
<file>notes.xml</file>
</header>
+<section><title>Public_Key 1.4</title>
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ New function <c>pkix_verify_hostname/2,3</c> Implements
+ certificate hostname checking. See the manual and RFC
+ 6125.</p>
+ <p>
+ Own Id: OTP-13009</p>
+ </item>
+ <item>
+ <p>
+ The ssh host key fingerprint generation now also takes a
+ list of algorithms and returns a list of corresponding
+ fingerprints. See
+ <c>public_key:ssh_hostkey_fingerprint/2</c> and the
+ option <c>silently_accept_hosts</c> in
+ <c>ssh:connect</c>.</p>
+ <p>
+ Own Id: OTP-14223</p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
<section><title>Public_Key 1.3</title>
<section><title>Improvements and New Features</title>
diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index c97ec361d1..940585575c 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -331,13 +331,17 @@
</func>
<func>
- <name>generate_key(Params) -> {Public::binary(), Private::binary()} | #'ECPrivateKey'{} </name>
+ <name>generate_key(Params) -> {Public::binary(), Private::binary()} | #'ECPrivateKey'{} | #'RSAPrivateKey'{}</name>
<fsummary>Generates a new keypair.</fsummary>
<type>
- <v>Params = #'DHParameter'{} | {namedCurve, oid()} | #'ECParameters'{}</v>
+ <v>Params = #'DHParameter'{} | {namedCurve, oid()} | #'ECParameters'{}
+ | {rsa, Size::integer(), PubExp::integer} </v>
</type>
<desc>
- <p>Generates a new keypair.</p>
+ <p>Generates a new keypair. Note that except for Diffie-Hellman
+ the public key is included in the private key structure. See also
+ <seealso marker="crypto:crypto#generate_key/2">crypto:generate_key/2</seealso>
+ </p>
</desc>
</func>
diff --git a/lib/public_key/src/public_key.app.src b/lib/public_key/src/public_key.app.src
index 88ef07c5a6..dbd732c384 100644
--- a/lib/public_key/src/public_key.app.src
+++ b/lib/public_key/src/public_key.app.src
@@ -14,7 +14,7 @@
{applications, [asn1, crypto, kernel, stdlib]},
{registered, []},
{env, []},
- {runtime_dependencies, ["stdlib-2.0","kernel-3.0","erts-6.0","crypto-3.3",
+ {runtime_dependencies, ["stdlib-2.0","kernel-3.0","erts-6.0","crypto-3.8",
"asn1-3.0"]}
]
}.
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 50d4d82d15..7b5819fa84 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -395,9 +395,15 @@ dh_gex_group(Min, N, Max, Groups) ->
pubkey_ssh:dh_gex_group(Min, N, Max, Groups).
%%--------------------------------------------------------------------
--spec generate_key(#'DHParameter'{} | {namedCurve, Name ::oid()} |
- #'ECParameters'{}) -> {Public::binary(), Private::binary()} |
- #'ECPrivateKey'{}.
+-spec generate_key(#'DHParameter'{}) ->
+ {Public::binary(), Private::binary()};
+ ({namedCurve, Name ::oid()}) ->
+ #'ECPrivateKey'{};
+ (#'ECParameters'{}) ->
+ #'ECPrivateKey'{};
+ ({rsa, Size::pos_integer(), PubExp::pos_integer()}) ->
+ #'RSAPrivateKey'{}.
+
%% Description: Generates a new keypair
%%--------------------------------------------------------------------
generate_key(#'DHParameter'{prime = P, base = G}) ->
@@ -405,7 +411,43 @@ generate_key(#'DHParameter'{prime = P, base = G}) ->
generate_key({namedCurve, _} = Params) ->
ec_generate_key(Params);
generate_key(#'ECParameters'{} = Params) ->
- ec_generate_key(Params).
+ ec_generate_key(Params);
+generate_key({rsa, ModulusSize, PublicExponent}) ->
+ case crypto:generate_key(rsa, {ModulusSize,PublicExponent}) of
+ {[E, N], [E, N, D, P, Q, D_mod_P_1, D_mod_Q_1, InvQ_mod_P]} ->
+ Nint = crypto:bytes_to_integer(N),
+ Eint = crypto:bytes_to_integer(E),
+ #'RSAPrivateKey'{version = 0, % Two-factor (I guess since otherPrimeInfos is not given)
+ modulus = Nint,
+ publicExponent = Eint,
+ privateExponent = crypto:bytes_to_integer(D),
+ prime1 = crypto:bytes_to_integer(P),
+ prime2 = crypto:bytes_to_integer(Q),
+ exponent1 = crypto:bytes_to_integer(D_mod_P_1),
+ exponent2 = crypto:bytes_to_integer(D_mod_Q_1),
+ coefficient = crypto:bytes_to_integer(InvQ_mod_P)};
+
+ {[E, N], [E, N, D]} -> % FIXME: what to set the other fields in #'RSAPrivateKey'?
+ % Answer: Miller [Mil76]
+ % G.L. Miller. Riemann's hypothesis and tests for primality.
+ % Journal of Computer and Systems Sciences,
+ % 13(3):300-307,
+ % 1976.
+ Nint = crypto:bytes_to_integer(N),
+ Eint = crypto:bytes_to_integer(E),
+ #'RSAPrivateKey'{version = 0, % Two-factor (I guess since otherPrimeInfos is not given)
+ modulus = Nint,
+ publicExponent = Eint,
+ privateExponent = crypto:bytes_to_integer(D),
+ prime1 = '?',
+ prime2 = '?',
+ exponent1 = '?',
+ exponent2 = '?',
+ coefficient = '?'};
+
+ Other ->
+ Other
+ end.
%%--------------------------------------------------------------------
-spec compute_key(#'ECPoint'{} , #'ECPrivateKey'{}) -> binary().
@@ -562,7 +604,7 @@ pkix_match_dist_point(#'CertificateList'{
%%--------------------------------------------------------------------
-spec pkix_sign(#'OTPTBSCertificate'{},
- rsa_private_key() | dsa_private_key()) -> Der::binary().
+ rsa_private_key() | dsa_private_key() | ec_private_key()) -> Der::binary().
%%
%% Description: Sign a pkix x.509 certificate. Returns the corresponding
%% der encoded 'Certificate'{}
@@ -1198,8 +1240,11 @@ ec_curve_spec( #'ECParameters'{fieldID = FieldId, curve = PCurve, base = Base, o
FieldId#'FieldID'.parameters},
Curve = {PCurve#'Curve'.a, PCurve#'Curve'.b, none},
{Field, Curve, Base, Order, CoFactor};
-ec_curve_spec({namedCurve, OID}) ->
- pubkey_cert_records:namedCurves(OID).
+ec_curve_spec({namedCurve, OID}) when is_tuple(OID), is_integer(element(1,OID)) ->
+ ec_curve_spec({namedCurve, pubkey_cert_records:namedCurves(OID)});
+ec_curve_spec({namedCurve, Name}) when is_atom(Name) ->
+ crypto:ec_curve(Name).
+
ec_key({PubKey, PrivateKey}, Params) ->
#'ECPrivateKey'{version = 1,
diff --git a/lib/public_key/test/erl_make_certs.erl b/lib/public_key/test/erl_make_certs.erl
index 3dab70784c..95d0dec920 100644
--- a/lib/public_key/test/erl_make_certs.erl
+++ b/lib/public_key/test/erl_make_certs.erl
@@ -346,10 +346,22 @@ make_key(ec, _Opts) ->
%% RSA key generation (OBS: for testing only)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+gen_rsa2(Size) ->
+ try
+ %% The numbers 2048,17 is choosen to not cause the cryptolib on
+ %% FIPS-enabled test machines be mad at us.
+ public_key:generate_key({rsa, 2048, 17})
+ catch
+ error:notsup ->
+ %% Disabled dirty_schedulers => crypto:generate_key not working
+ weak_gen_rsa2(Size)
+ end.
+
+
-define(SMALL_PRIMES, [65537,97,89,83,79,73,71,67,61,59,53,
47,43,41,37,31,29,23,19,17,13,11,7,5,3]).
-gen_rsa2(Size) ->
+weak_gen_rsa2(Size) ->
P = prime(Size),
Q = prime(Size),
N = P*Q,
diff --git a/lib/public_key/vsn.mk b/lib/public_key/vsn.mk
index 2f541d8d84..b94768ae77 100644
--- a/lib/public_key/vsn.mk
+++ b/lib/public_key/vsn.mk
@@ -1 +1 @@
-PUBLIC_KEY_VSN = 1.3
+PUBLIC_KEY_VSN = 1.4
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 11:17:18 +0000