aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key
diff options
context:
space:
mode:
Diffstat (limited to 'lib/public_key')
-rw-r--r--lib/public_key/asn1/PKCS-1.asn13
-rw-r--r--lib/public_key/doc/src/public_key.xml25
-rw-r--r--lib/public_key/src/public_key.erl81
-rw-r--r--lib/public_key/vsn.mk2
4 files changed, 57 insertions, 54 deletions
diff --git a/lib/public_key/asn1/PKCS-1.asn1 b/lib/public_key/asn1/PKCS-1.asn1
index b06f5efa9d..c83289e779 100644
--- a/lib/public_key/asn1/PKCS-1.asn1
+++ b/lib/public_key/asn1/PKCS-1.asn1
@@ -33,6 +33,9 @@ sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 }
sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 }
sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 }
+sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 }
+
+
id-sha1 OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) oiw(14) secsig(3)
diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index 0b6673e826..5c227557f2 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -5,7 +5,7 @@
<header>
<copyright>
<year>2008</year>
- <year>2011</year>
+ <year>2012</year>
<holder>Ericsson AB, All Rights Reserved</holder>
</copyright>
<legalnotice>
@@ -82,9 +82,9 @@
<p><code> rsa_padding() = 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding'
| 'rsa_no_padding'</code></p>
- <p><code> rsa_digest_type() = 'md5' | 'sha' </code></p>
+ <p><code> rsa_digest_type() = 'md5' | 'sha' | 'sha224' | 'sha256' | 'sha384' | 'sha512' </code></p>
- <p><code> dss_digest_type() = 'none' | 'sha' </code></p>
+ <p><code> dss_digest_type() = 'sha' </code></p>
<p><code> ssh_file() = openssh_public_key | rfc4716_public_key |
known_hosts | auth_keys </code></p>
@@ -396,14 +396,14 @@
<name>sign(Msg, DigestType, Key) -> binary()</name>
<fsummary> Create digital signature.</fsummary>
<type>
- <v>Msg = binary()</v>
+ <v>Msg = binary() | {digest,binary()}</v>
<d>The msg is either the binary "plain text" data to be
- signed or in the case that digest type is <c>none</c>
- it is the hashed value of "plain text" i.e. the digest.</d>
- <v>DigestType = rsa_digest_type() | dsa_digest_type()</v>
+ signed or it is the hashed value of "plain text" i.e. the
+ digest.</d>
+ <v>DigestType = rsa_digest_type() | dss_digest_type()</v>
<v>Key = rsa_private_key() | dsa_private_key()</v>
- </type>
- <desc>
+ </type>
+ <desc>
<p> Creates a digital signature.</p>
</desc>
</func>
@@ -461,11 +461,10 @@
<name>verify(Msg, DigestType, Signature, Key) -> boolean()</name>
<fsummary>Verifies a digital signature.</fsummary>
<type>
- <v>Msg = binary()</v>
+ <v>Msg = binary() | {digest,binary()}</v>
<d>The msg is either the binary "plain text" data
- or in the case that digest type is <c>none</c>
- it is the hashed value of "plain text" i.e. the digest.</d>
- <v>DigestType = rsa_digest_type() | dsa_digest_type()</v>
+ or it is the hashed value of "plain text" i.e. the digest.</d>
+ <v>DigestType = rsa_digest_type() | dss_digest_type()</v>
<v>Signature = binary()</v>
<v>Key = rsa_public_key() | dsa_public_key()</v>
</type>
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 9f1a0b3af5..d5df53e848 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -48,8 +48,8 @@
-type rsa_padding() :: 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding'
| 'rsa_no_padding'.
-type public_crypt_options() :: [{rsa_pad, rsa_padding()}].
--type rsa_digest_type() :: 'md5' | 'sha'| 'sha256' | 'sha512'.
--type dss_digest_type() :: 'none' | 'sha'.
+-type rsa_digest_type() :: 'md5' | 'sha'| 'sha224' | 'sha256' | 'sha384' | 'sha512'.
+-type dss_digest_type() :: 'none' | 'sha'. %% None is for backwards compatibility
-define(UINT32(X), X:32/unsigned-big-integer).
-define(DER_NULL, <<5, 0>>).
@@ -332,60 +332,61 @@ format_rsa_private_key(#'RSAPrivateKey'{modulus = N, publicExponent = E,
[crypto:mpint(K) || K <- [E, N, D]].
%%--------------------------------------------------------------------
--spec sign(PlainTextOrDigest :: binary(), rsa_digest_type() | dss_digest_type(),
- rsa_private_key() |
+-spec sign(binary() | {digest, binary()}, rsa_digest_type() | dss_digest_type(),
+ rsa_private_key() |
dsa_private_key()) -> Signature :: binary().
-%%
%% Description: Create digital signature.
%%--------------------------------------------------------------------
-sign(PlainText, DigestType,
- #'RSAPrivateKey'{modulus = N, publicExponent = E, privateExponent = D} = Key)
- when is_binary(PlainText),
- (DigestType == md5 orelse DigestType == sha),
- is_integer(N), is_integer(E), is_integer(D) ->
- crypto:rsa_sign(DigestType, sized_binary(PlainText),
- format_rsa_private_key(Key));
-
-sign(Digest, none, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X})
- when is_binary(Digest)->
- crypto:dss_sign(none, Digest,
- [crypto:mpint(P), crypto:mpint(Q),
+sign({digest,_}=Digest, DigestType, Key = #'RSAPrivateKey'{}) ->
+ crypto:rsa_sign(DigestType, Digest, format_rsa_private_key(Key));
+
+sign(PlainText, DigestType, Key = #'RSAPrivateKey'{}) ->
+ crypto:rsa_sign(DigestType, sized_binary(PlainText), format_rsa_private_key(Key));
+
+sign({digest,_}=Digest, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) ->
+ crypto:dss_sign(Digest,
+ [crypto:mpint(P), crypto:mpint(Q),
crypto:mpint(G), crypto:mpint(X)]);
-
-sign(PlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X})
- when is_binary(PlainText) ->
- crypto:dss_sign(sized_binary(PlainText),
- [crypto:mpint(P), crypto:mpint(Q),
- crypto:mpint(G), crypto:mpint(X)]).
+
+sign(PlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) ->
+ crypto:dss_sign(sized_binary(PlainText),
+ [crypto:mpint(P), crypto:mpint(Q),
+ crypto:mpint(G), crypto:mpint(X)]);
+
+%% Backwards compatible
+sign(Digest, none, #'DSAPrivateKey'{} = Key) ->
+ sign({digest,Digest}, sha, Key).
%%--------------------------------------------------------------------
--spec verify(PlainTextOrDigest :: binary(), rsa_digest_type() | dss_digest_type(),
- Signature :: binary(), rsa_public_key()
+-spec verify(binary() | {digest, binary()}, rsa_digest_type() | dss_digest_type(),
+ Signature :: binary(), rsa_public_key()
| dsa_public_key()) -> boolean().
-%%
%% Description: Verifies a digital signature.
%%--------------------------------------------------------------------
-verify(PlainText, DigestType, Signature,
- #'RSAPublicKey'{modulus = Mod, publicExponent = Exp})
- when is_binary (PlainText) and (DigestType == sha orelse
- DigestType == sha256 orelse
- DigestType == sha512 orelse
- DigestType == md5) ->
+verify({digest,_}=Digest, DigestType, Signature,
+ #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}) ->
+ crypto:rsa_verify(DigestType, Digest,
+ sized_binary(Signature),
+ [crypto:mpint(Exp), crypto:mpint(Mod)]);
+
+verify(PlainText, DigestType, Signature,
+ #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}) ->
crypto:rsa_verify(DigestType,
sized_binary(PlainText),
sized_binary(Signature),
[crypto:mpint(Exp), crypto:mpint(Mod)]);
-verify(Digest, none, Signature, {Key, #'Dss-Parms'{p = P, q = Q, g = G}})
- when is_integer(Key), is_binary(Digest), is_binary(Signature) ->
- crypto:dss_verify(none,
- Digest,
- sized_binary(Signature),
+verify({digest,_}=Digest, sha, Signature, {Key, #'Dss-Parms'{p = P, q = Q, g = G}})
+ when is_integer(Key), is_binary(Signature) ->
+ crypto:dss_verify(Digest, sized_binary(Signature),
[crypto:mpint(P), crypto:mpint(Q),
crypto:mpint(G), crypto:mpint(Key)]);
-
+%% Backwards compatibility
+verify(Digest, none, Signature, {_, #'Dss-Parms'{}} = Key ) ->
+ verify({digest,Digest}, sha, Signature, Key);
+
verify(PlainText, sha, Signature, {Key, #'Dss-Parms'{p = P, q = Q, g = G}})
- when is_integer(Key), is_binary(PlainText), is_binary(Signature) ->
+ when is_integer(Key), is_binary(PlainText), is_binary(Signature) ->
crypto:dss_verify(sized_binary(PlainText),
sized_binary(Signature),
[crypto:mpint(P), crypto:mpint(Q),
diff --git a/lib/public_key/vsn.mk b/lib/public_key/vsn.mk
index ab4ee8b0ff..c8165fa247 100644
--- a/lib/public_key/vsn.mk
+++ b/lib/public_key/vsn.mk
@@ -1 +1 @@
-PUBLIC_KEY_VSN = 0.15
+PUBLIC_KEY_VSN = 0.16