From 689b6c5bacf0d7f89c7f3de028627753ad5a1438 Mon Sep 17 00:00:00 2001 From: Fredrik Gustafsson Date: Tue, 13 Nov 2012 16:19:18 +0100 Subject: public_key: Added PKCS-10 --- lib/public_key/asn1/Makefile | 3 +- lib/public_key/asn1/PKCS-10.asn1 | 67 ++++++++++++++++++++++++++++++++ lib/public_key/asn1/PKCS-FRAME.set.asn | 1 + lib/public_key/include/public_key.hrl | 2 +- lib/public_key/src/pubkey_pem.erl | 8 +++- lib/public_key/src/public_key.erl | 4 +- lib/public_key/test/public_key_SUITE.erl | 15 +++++++ 7 files changed, 96 insertions(+), 4 deletions(-) create mode 100644 lib/public_key/asn1/PKCS-10.asn1 diff --git a/lib/public_key/asn1/Makefile b/lib/public_key/asn1/Makefile index 4b4db9ec6d..c8426411d3 100644 --- a/lib/public_key/asn1/Makefile +++ b/lib/public_key/asn1/Makefile @@ -40,7 +40,7 @@ RELSYSDIR = $(RELEASE_PATH)/lib/public_key-$(VSN) ASN_TOP = OTP-PUB-KEY PKCS-FRAME ASN_MODULES = PKIX1Explicit88 PKIX1Implicit88 PKIX1Algorithms88 \ - PKIXAttributeCertificate PKCS-1 PKCS-3 PKCS-7 PKCS-8 PKCS5v2-0 OTP-PKIX \ + PKIXAttributeCertificate PKCS-1 PKCS-3 PKCS-7 PKCS-8 PKCS-10 PKCS5v2-0 OTP-PKIX \ AuthenticationFramework InformationFramework UsefulDefinitions SelectedAttributeTypes ASN_ASNS = $(ASN_MODULES:%=%.asn1) ASN_ERLS = $(ASN_TOP:%=%.erl) @@ -120,6 +120,7 @@ PKCS-FRAME.erl PKCS-FRAME.hrl: PKCS-FRAME.asn1db PKCS-FRAME.asn1db: PKCS5v2-0.asn1\ PKCS-8.asn1\ PKCS-7.asn1\ + PKCS-10.asn1\ AuthenticationFramework.asn1\ InformationFramework.asn1\ UsefulDefinitions.asn1\ diff --git a/lib/public_key/asn1/PKCS-10.asn1 b/lib/public_key/asn1/PKCS-10.asn1 new file mode 100644 index 0000000000..09db4f9460 --- /dev/null +++ b/lib/public_key/asn1/PKCS-10.asn1 @@ -0,0 +1,67 @@ +PKCS-10 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) +pkcs-10(10) modules(1) pkcs-10(1)} + +-- $Revision: 1.3 $ -- + +DEFINITIONS IMPLICIT TAGS ::= + +BEGIN + +-- EXPORTS All -- +-- All types and values defined in this module are exported for use +-- in other ASN.1 modules. + +IMPORTS + +informationFramework, authenticationFramework + FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1) + usefulDefinitions(0) 3} + +ATTRIBUTE, Name + FROM InformationFramework informationFramework + +ALGORITHM + FROM AuthenticationFramework authenticationFramework; + +-- Certificate requests + +CertificationRequestInfo ::= SEQUENCE { + version INTEGER { v1(0) } (v1,...), + subject Name, + subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, + attributes [0] Attributes{{ CRIAttributes }} +} + +SubjectPublicKeyInfo {ALGORITHM: IOSet} ::= SEQUENCE { + algorithm AlgorithmIdentifier {{IOSet}}, + subjectPublicKey BIT STRING +} + +PKInfoAlgorithms ALGORITHM ::= { + ... -- add any locally defined algorithms here -- } + +Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }} + +CRIAttributes ATTRIBUTE ::= { + ... -- add any locally defined attributes here -- } + +Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { + type ATTRIBUTE.&id({IOSet}), + values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) +} + +CertificationRequest ::= SEQUENCE { + certificationRequestInfo CertificationRequestInfo, + signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, + signature BIT STRING +} + +AlgorithmIdentifier {ALGORITHM:IOSet } ::= SEQUENCE { + algorithm ALGORITHM.&id({IOSet}), + parameters ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL +} + +SignatureAlgorithms ALGORITHM ::= { + ... -- add any locally defined algorithms here -- } + +END \ No newline at end of file diff --git a/lib/public_key/asn1/PKCS-FRAME.set.asn b/lib/public_key/asn1/PKCS-FRAME.set.asn index 343afedd76..64da71509d 100644 --- a/lib/public_key/asn1/PKCS-FRAME.set.asn +++ b/lib/public_key/asn1/PKCS-FRAME.set.asn @@ -1,3 +1,4 @@ PKCS-8.asn1 PKCS-7.asn1 PKCS5v2-0.asn1 +PKCS-10.asn1 diff --git a/lib/public_key/include/public_key.hrl b/lib/public_key/include/public_key.hrl index 2475295974..2dfdbbb8f3 100644 --- a/lib/public_key/include/public_key.hrl +++ b/lib/public_key/include/public_key.hrl @@ -78,7 +78,7 @@ -type dsa_public_key() :: {integer(), #'Dss-Parms'{}}. -type pki_asn1_type() :: 'Certificate' | 'RSAPrivateKey' | 'RSAPublicKey' | 'DSAPrivateKey' | 'DSAPublicKey' | 'DHParameter' - | 'SubjectPublicKeyInfo'. + | 'SubjectPublicKeyInfo' | 'CertificationRequest'. -type pem_entry() :: {pki_asn1_type(), binary(), %% DER or Encrypted DER not_encrypted | {Cipher :: string(), Salt :: binary()}}. -type asn1_type() :: atom(). %% see "OTP-PUB-KEY.hrl diff --git a/lib/public_key/src/pubkey_pem.erl b/lib/public_key/src/pubkey_pem.erl index f51d59a789..15290387ff 100644 --- a/lib/public_key/src/pubkey_pem.erl +++ b/lib/public_key/src/pubkey_pem.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2011. All Rights Reserved. +%% Copyright Ericsson AB 2008-2012. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -195,6 +195,8 @@ pem_start('DSAPrivateKey') -> <<"-----BEGIN DSA PRIVATE KEY-----">>; pem_start('DHParameter') -> <<"-----BEGIN DH PARAMETERS-----">>; +pem_start('CertificationRequest') -> + <<"-----BEGIN CERTIFICATE REQUEST-----">>; pem_start('ContentInfo') -> <<"-----BEGIN PKCS7-----">>. @@ -214,6 +216,8 @@ pem_end(<<"-----BEGIN PRIVATE KEY-----">>) -> <<"-----END PRIVATE KEY-----">>; pem_end(<<"-----BEGIN ENCRYPTED PRIVATE KEY-----">>) -> <<"-----END ENCRYPTED PRIVATE KEY-----">>; +pem_end(<<"-----BEGIN CERTIFICATE REQUEST-----">>) -> + <<"-----END CERTIFICATE REQUEST-----">>; pem_end(<<"-----BEGIN PKCS7-----">>) -> <<"-----END PKCS7-----">>. @@ -233,6 +237,8 @@ asn1_type(<<"-----BEGIN PRIVATE KEY-----">>) -> 'PrivateKeyInfo'; asn1_type(<<"-----BEGIN ENCRYPTED PRIVATE KEY-----">>) -> 'EncryptedPrivateKeyInfo'; +asn1_type(<<"-----BEGIN CERTIFICATE REQUEST-----">>) -> + 'CertificationRequest'; asn1_type(<<"-----BEGIN PKCS7-----">>) -> 'ContentInfo'. diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index d5df53e848..f7252d18a6 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -176,7 +176,9 @@ der_decode(Asn1Type, Der) when is_atom(Asn1Type), is_binary(Der) -> %% Description: Encodes a public key entity with asn1 DER encoding. %%-------------------------------------------------------------------- der_encode(Asn1Type, Entity) when (Asn1Type == 'PrivateKeyInfo') or - (Asn1Type == 'EncryptedPrivateKeyInfo') -> + (Asn1Type == 'EncryptedPrivateKeyInfo') or + (Asn1Type == 'CertificationRequest') + -> try {ok, Encoded} = 'PKCS-FRAME':encode(Asn1Type, Entity), iolist_to_binary(Encoded) diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl index 6a879867e1..eeecdb7d8f 100644 --- a/lib/public_key/test/public_key_SUITE.erl +++ b/lib/public_key/test/public_key_SUITE.erl @@ -249,6 +249,21 @@ dh_pem(Config) when is_list(Config) -> DHParameter = public_key:pem_entry_decode(Entry), Entry = public_key:pem_entry_encode('DHParameter', DHParameter). + +%%-------------------------------------------------------------------- + +pkcs10_pem(doc) -> + [""]; +pkcs10_pem(suite) -> + []; +pkcs10_pem(Config) when is_list(Config) -> + Datadir = ?config(data_dir, Config), + [{'CertificationRequest', DerPKCS10, not_encrypted} = Entry] = + erl_make_certs:pem_to_der(filename:join(Datadir, "req.pem")), + + erl_make_certs:der_to_pem(filename:join(Datadir, "new_req.pem"), [Entry]), + + public_key:der_decode('CertificationRequest', DerPKCS10). %%-------------------------------------------------------------------- cert_pem(doc) -> -- cgit v1.2.3