From f5c169e343c62e57c2a640186b1ff77ce7ce8620 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 26 Oct 2017 15:43:28 +0200 Subject: crypto: Enable using pub/priv PKCS8 keys stored in an Engine --- lib/crypto/src/crypto.erl | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'lib/crypto/src') diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index 9eba4561e1..90efbc9e9c 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -430,12 +430,13 @@ sign(Algorithm, Type, Data, Key, Options) -> -type pk_algs() :: rsa | ecdsa | dss . --type pk_opt() :: list() | rsa_padding() . +-type pk_key() :: map() | [integer() | binary()] . +-type pk_opt() :: list() | rsa_padding() . --spec public_encrypt(pk_algs(), binary(), [binary()], pk_opt()) -> binary(). --spec public_decrypt(pk_algs(), binary(), [integer() | binary()], pk_opt()) -> binary(). --spec private_encrypt(pk_algs(), binary(), [integer() | binary()], pk_opt()) -> binary(). --spec private_decrypt(pk_algs(), binary(), [integer() | binary()], pk_opt()) -> binary(). +-spec public_encrypt(pk_algs(), binary(), pk_key(), pk_opt()) -> binary(). +-spec public_decrypt(pk_algs(), binary(), pk_key(), pk_opt()) -> binary(). +-spec private_encrypt(pk_algs(), binary(), pk_key(), pk_opt()) -> binary(). +-spec private_decrypt(pk_algs(), binary(), pk_key(), pk_opt()) -> binary(). public_encrypt(Algorithm, In, Key, Options) when is_list(Options) -> case pkey_crypt_nif(Algorithm, In, format_pkey(Algorithm, Key), Options, false, true) of @@ -1107,6 +1108,11 @@ ensure_int_as_bin(Int) when is_integer(Int) -> ensure_int_as_bin(Bin) -> Bin. +format_pkey(_Alg, #{engine:=_, key_id:=T}=M) when is_binary(T) -> format_pwd(M); +format_pkey(_Alg, #{engine:=_, key_id:=T}=M) when is_list(T) -> format_pwd(M#{key_id:=list_to_binary(T)}); +format_pkey(_Alg, #{engine:=_ }=M) -> error({bad_key_id, M}); +format_pkey(_Alg, #{}=M) -> error({bad_engine_map, M}); +%%% format_pkey(rsa, Key) -> map_ensure_int_as_bin(Key); format_pkey(ecdsa, [Key, Curve]) -> @@ -1116,6 +1122,9 @@ format_pkey(dss, Key) -> format_pkey(_, Key) -> Key. +format_pwd(#{password := Pwd}=M) when is_list(Pwd) -> M#{password := list_to_binary(Pwd)}; +format_pwd(M) -> M. + %%-------------------------------------------------------------------- %% -type rsa_padding() :: 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding' | 'rsa_no_padding'. -- cgit v1.2.3 From 218ad10d42af1e2b61fc63dd8c7523972e87ad99 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 1 Nov 2017 17:25:19 +0100 Subject: crypto: Define and export some types for engine --- lib/crypto/src/crypto.erl | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'lib/crypto/src') diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index 90efbc9e9c..7510babdde 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -53,6 +53,11 @@ engine_list/0 ]). +-export_type([engine_ref/0, + key_id/0, + password/0 + ]). + %% Private. For tests. -export([packed_openssl_version/4, engine_methods_convert_to_bitmask/2, get_test_engine/0]). @@ -429,8 +434,18 @@ sign(Algorithm, Type, Data, Key, Options) -> end. + +-type key_id() :: string() | binary() . +-type password() :: string() | binary() . + +-type engine_key_ref() :: #{engine := engine_ref(), + key_id := key_id(), + password => password(), + term() => term() + }. + -type pk_algs() :: rsa | ecdsa | dss . --type pk_key() :: map() | [integer() | binary()] . +-type pk_key() :: engine_key_ref() | [integer() | binary()] . -type pk_opt() :: list() | rsa_padding() . -spec public_encrypt(pk_algs(), binary(), pk_key(), pk_opt()) -> binary(). @@ -589,6 +604,8 @@ compute_key(ecdh, Others, My, Curve) -> engine_method_pkey_meths | engine_method_pkey_asn1_meths | engine_method_ec. +-type engine_ref() :: term(). + -spec engine_get_all_methods() -> [engine_method_type()]. engine_get_all_methods() -> @@ -600,7 +617,7 @@ engine_get_all_methods() -> -spec engine_load(EngineId::unicode:chardata(), PreCmds::[{unicode:chardata(), unicode:chardata()}], PostCmds::[{unicode:chardata(), unicode:chardata()}]) -> - {ok, Engine::term()} | {error, Reason::term()}. + {ok, Engine::engine_ref()} | {error, Reason::term()}. engine_load(EngineId, PreCmds, PostCmds) when is_list(PreCmds), is_list(PostCmds) -> engine_load(EngineId, PreCmds, PostCmds, engine_get_all_methods()). -- cgit v1.2.3