From 3bf1096068c3a123a23e6a1499152976a2da131e Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Mon, 13 Apr 2015 14:30:10 +0200
Subject: public_key: Remove legacy switch compact_bit_string

* E.I bitstrings will not be decode as {Unused, Binary}, they are now
  Erlang bitstrings.

* Also the compact_bit_string implies the legacy_erlang_types switch
  - So removing the switch will also make OCTET STRING values be represented
    as binaries.
  - Undecoded open type will now be wrapped in a asn1_OPENTYPE tuple.
    We need to handle this in pubkey_pbe.erl, maybe this can be eliminated
    later by updating/refreshing ASN1-specs.

This will change some values in records returned by the public_key API
making this change a potentiall incompatibility.
---
 lib/public_key/src/pubkey_cert.erl         |  2 +-
 lib/public_key/src/pubkey_cert_records.erl |  6 +++---
 lib/public_key/src/pubkey_crl.erl          |  4 ++--
 lib/public_key/src/pubkey_pbe.erl          | 28 ++++++++++++++++------------
 lib/public_key/src/pubkey_pem.erl          |  3 +--
 lib/public_key/src/public_key.erl          | 24 ++++++++++++------------
 6 files changed, 35 insertions(+), 32 deletions(-)

(limited to 'lib/public_key/src')

diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index 8b11538499..1aa9c6764b 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -445,7 +445,7 @@ extensions_list(Extensions) ->
     Extensions.
 
 extract_verify_data(OtpCert, DerCert) ->
-    {_, Signature} = OtpCert#'OTPCertificate'.signature,
+    Signature = OtpCert#'OTPCertificate'.signature,
     SigAlgRec = OtpCert#'OTPCertificate'.signatureAlgorithm,
     SigAlg = SigAlgRec#'SignatureAlgorithm'.algorithm,
     PlainText = encoded_tbs_cert(DerCert),
diff --git a/lib/public_key/src/pubkey_cert_records.erl b/lib/public_key/src/pubkey_cert_records.erl
index 9a8e49f265..f412d5862e 100644
--- a/lib/public_key/src/pubkey_cert_records.erl
+++ b/lib/public_key/src/pubkey_cert_records.erl
@@ -217,8 +217,8 @@ namedCurves(brainpoolP512t1) -> ?'brainpoolP512t1'.
 %%% SubjectPublicKey
 
 decode_supportedPublicKey(#'OTPSubjectPublicKeyInfo'{algorithm= PA =
-						  #'PublicKeyAlgorithm'{algorithm=Algo},
-						  subjectPublicKey = {0,SPK0}}) ->
+							 #'PublicKeyAlgorithm'{algorithm=Algo},
+						     subjectPublicKey = SPK0}) ->
     Type = supportedPublicKeyAlgorithms(Algo),
     SPK = case Type of
               'ECPoint' -> #'ECPoint'{point = SPK0};
@@ -238,7 +238,7 @@ encode_supportedPublicKey(#'OTPSubjectPublicKeyInfo'{algorithm= PA =
                   {ok, SPK1} = 'OTP-PUB-KEY':encode(Type, SPK0),
                   SPK1
           end,
-    #'OTPSubjectPublicKeyInfo'{subjectPublicKey = {0,SPK}, algorithm=PA}.
+    #'OTPSubjectPublicKeyInfo'{subjectPublicKey = SPK, algorithm=PA}.
 
 %%% Extensions
 
diff --git a/lib/public_key/src/pubkey_crl.erl b/lib/public_key/src/pubkey_crl.erl
index 488cc97c70..0010725da9 100644
--- a/lib/public_key/src/pubkey_crl.erl
+++ b/lib/public_key/src/pubkey_crl.erl
@@ -473,7 +473,7 @@ check_crl_num(_,_) ->
 extension_value(Extension, ExtType, Extensions) ->
     case pubkey_cert:select_extension(Extension, Extensions) of
 	#'Extension'{extnValue = Value} ->
-	    public_key:der_decode(ExtType, list_to_binary(Value));
+	    public_key:der_decode(ExtType, iolist_to_binary(Value));
 	_ ->
 	    undefined
     end.
@@ -565,7 +565,7 @@ verify_crl_signature(CRL, DerCRL, Key, KeyParams) ->
 			      {Key, KeyParams})
     end.
 extract_crl_verify_data(CRL, DerCRL) ->
-    {0, Signature} = CRL#'CertificateList'.signature,
+    Signature = CRL#'CertificateList'.signature,
     #'AlgorithmIdentifier'{algorithm = SigAlg} =
 	CRL#'CertificateList'.signatureAlgorithm,
     PlainText = encoded_tbs_crl(DerCRL),
diff --git a/lib/public_key/src/pubkey_pbe.erl b/lib/public_key/src/pubkey_pbe.erl
index 521a32189d..8c61bc71d4 100644
--- a/lib/public_key/src/pubkey_pbe.erl
+++ b/lib/public_key/src/pubkey_pbe.erl
@@ -106,9 +106,8 @@ pbdkdf2(Password, Salt, Count, DerivedKeyLen, Prf, PrfHash, PrfOutputLen)->
 %%--------------------------------------------------------------------
 decrypt_parameters(#'EncryptedPrivateKeyInfo_encryptionAlgorithm'{
 		      algorithm = Oid, parameters = Param}) ->
-     decrypt_parameters(Oid, Param).
+     decrypt_parameters(Oid, decode_handle_open_type_wrapper(Param)).
     
-
 %%--------------------------------------------------------------------
 -spec encrypt_parameters({Cipher::string(), Params::term()}) -> 
 			#'EncryptedPrivateKeyInfo_encryptionAlgorithm'{}.
@@ -129,7 +128,7 @@ password_to_key_and_iv(Password, _, #'PBES2-params'{} = Params) ->
 password_to_key_and_iv(Password, _Cipher, {#'PBEParameter'{salt = Salt,
 							  iterationCount = Count}, Hash}) ->
     <<Key:8/binary, IV:8/binary, _/binary>> 
-	= pbdkdf1(Password, erlang:iolist_to_binary(Salt), Count, Hash),
+	= pbdkdf1(Password, Salt, Count, Hash),
     {Key, IV};
 password_to_key_and_iv(Password, Cipher, Salt) ->
  KeyLen = derived_key_length(Cipher, undefined),
@@ -151,15 +150,15 @@ do_pbdkdf1(Prev, Count, Acc, Hash) ->
     do_pbdkdf1(Result, Count-1 , <<Result/binary, Acc/binary>>, Hash).
 
 iv(#'PBES2-params_encryptionScheme'{algorithm = Algo,
-				    parameters = ASNIV}) when (Algo == ?'desCBC') or
-							      (Algo == ?'des-EDE3-CBC') ->
-    %% This is an so called open ASN1-type that in this
-    %% case will be an octet-string of length 8
-    <<?ASN1_OCTET_STR_TAG, ?IV_LEN, IV:?IV_LEN/binary>> = ASNIV,
+				    parameters = ASN1IV}) 
+  when (Algo == ?'desCBC') or
+       (Algo == ?'des-EDE3-CBC') ->
+    <<?ASN1_OCTET_STR_TAG, ?IV_LEN, IV:?IV_LEN/binary>> = decode_handle_open_type_wrapper(ASN1IV),
     IV;
 iv(#'PBES2-params_encryptionScheme'{algorithm = ?'rc2CBC',
-				    parameters = ASN1IV}) ->
-    {ok, #'RC2-CBC-Parameter'{iv = IV}} = 'PKCS-FRAME':decode('RC2-CBC-Parameter', ASN1IV),
+				    parameters =  ASN1IV}) ->
+    {ok, #'RC2-CBC-Parameter'{iv = IV}} 
+	= 'PKCS-FRAME':decode('RC2-CBC-Parameter', decode_handle_open_type_wrapper(ASN1IV)),
     iolist_to_binary(IV).
 
 blocks(1, N, Index, Password, Salt, Count, Prf, PrfHash, PrfLen, Acc) ->
@@ -200,13 +199,13 @@ encrypt_parameters(_Cipher, #'PBES2-params'{} = Params) ->
     {ok, Der} ='PKCS-FRAME':encode('PBES2-params', Params),
     #'EncryptedPrivateKeyInfo_encryptionAlgorithm'{
        algorithm = ?'id-PBES2', 
-       parameters = Der};
+       parameters = encode_handle_open_type_wrapper(Der)};
 
 encrypt_parameters(Cipher, {#'PBEParameter'{} = Params, Hash}) ->
     {ok, Der} ='PKCS-FRAME':encode('PBEParameter', Params),
     #'EncryptedPrivateKeyInfo_encryptionAlgorithm'{
        algorithm = pbe1_oid(Cipher, Hash), 
-       parameters = Der}.
+       parameters = encode_handle_open_type_wrapper(Der)}.
 
 pbe1_oid("RC2-CBC", sha) ->
     ?'pbeWithSHA1AndRC2-CBC';
@@ -277,3 +276,8 @@ cipher(#'PBES2-params_encryptionScheme'{algorithm = ?'rc2CBC'}) ->
 
 ceiling(Float) -> 
     erlang:round(Float + 0.5).
+
+decode_handle_open_type_wrapper({asn1_OPENTYPE, Type}) ->
+    Type.
+encode_handle_open_type_wrapper(Type) ->
+    {asn1_OPENTYPE, Type}.
diff --git a/lib/public_key/src/pubkey_pem.erl b/lib/public_key/src/pubkey_pem.erl
index 98881c4a6a..a62658923f 100644
--- a/lib/public_key/src/pubkey_pem.erl
+++ b/lib/public_key/src/pubkey_pem.erl
@@ -143,8 +143,7 @@ decode_encrypted_private_keyinfo(Der) ->
 			       encryptedData = Data} = 
 	public_key:der_decode('EncryptedPrivateKeyInfo', Der),
     DecryptParams = pubkey_pbe:decrypt_parameters(AlgorithmInfo), 
-    {'PrivateKeyInfo', iolist_to_binary(Data), DecryptParams}.
-
+    {'PrivateKeyInfo', Data, DecryptParams}.
 
 encode_encrypted_private_keyinfo(EncData, EncryptParmams) ->
     AlgorithmInfo = pubkey_pbe:encrypt_parameters(EncryptParmams),
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index e8ff965982..7ecb624311 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -120,7 +120,7 @@ pem_encode(PemEntries) when is_list(PemEntries) ->
 %% pem entries.
 %%--------------------------------------------------------------------
 pem_entry_decode({'SubjectPublicKeyInfo', Der, _}) ->
-    {_, {'AlgorithmIdentifier', AlgId, Params}, {0, Key0}}
+    {_, {'AlgorithmIdentifier', AlgId, Params}, Key0}
         = der_decode('SubjectPublicKeyInfo', Der),
     KeyType = pubkey_cert_records:supportedPublicKeyAlgorithms(AlgId),
     case KeyType of
@@ -168,14 +168,14 @@ pem_entry_decode({Asn1Type, CryptDer, {Cipher, Salt}} = PemEntry,
 pem_entry_encode('SubjectPublicKeyInfo', Entity=#'RSAPublicKey'{}) ->
     Der = der_encode('RSAPublicKey', Entity),
     Spki = {'SubjectPublicKeyInfo',
-            {'AlgorithmIdentifier', ?'rsaEncryption', ?DER_NULL}, {0, Der}},
+            {'AlgorithmIdentifier', ?'rsaEncryption', ?DER_NULL}, Der},
     pem_entry_encode('SubjectPublicKeyInfo', Spki);
 pem_entry_encode('SubjectPublicKeyInfo',
                  {DsaInt, Params=#'Dss-Parms'{}}) when is_integer(DsaInt) ->
     KeyDer = der_encode('DSAPublicKey', DsaInt),
     ParamDer = der_encode('DSAParams', {params, Params}),
     Spki = {'SubjectPublicKeyInfo',
-            {'AlgorithmIdentifier', ?'id-dsa', ParamDer}, {0, KeyDer}},
+            {'AlgorithmIdentifier', ?'id-dsa', ParamDer}, KeyDer},
     pem_entry_encode('SubjectPublicKeyInfo', Spki);
 pem_entry_encode(Asn1Type, Entity)  when is_atom(Asn1Type) ->
     Der = der_encode(Asn1Type, Entity),
@@ -234,7 +234,7 @@ der_encode(Asn1Type, Entity) when (Asn1Type == 'PrivateKeyInfo') or
 				  (Asn1Type == 'EncryptedPrivateKeyInfo') ->
      try
 	{ok, Encoded} = 'PKCS-FRAME':encode(Asn1Type, Entity),
-	iolist_to_binary(Encoded)
+	Encoded
     catch
 	error:{badmatch, {error, _}} = Error ->
 	    erlang:error(Error)
@@ -243,7 +243,7 @@ der_encode(Asn1Type, Entity) when (Asn1Type == 'PrivateKeyInfo') or
 der_encode(Asn1Type, Entity) when is_atom(Asn1Type) ->
     try 
 	{ok, Encoded} = 'OTP-PUB-KEY':encode(Asn1Type, Entity),
-	iolist_to_binary(Encoded)
+	Encoded
     catch	    
 	error:{badmatch, {error, _}} = Error ->
 	    erlang:error(Error)
@@ -391,7 +391,7 @@ generate_key(#'ECParameters'{} = Params) ->
 compute_key(#'ECPoint'{point = Point}, #'ECPrivateKey'{privateKey = PrivKey,
 						       parameters = Param}) ->
     ECCurve = ec_curve_spec(Param),
-    crypto:compute_key(ecdh, Point, list_to_binary(PrivKey), ECCurve).
+    crypto:compute_key(ecdh, Point, PrivKey, ECCurve).
 
 compute_key(PubKey, PrivKey, #'DHParameter'{prime = P, base = G}) ->
     crypto:compute_key(dh, PubKey, PrivKey, [P, G]).
@@ -446,7 +446,7 @@ sign(DigestOrPlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) ->
 sign(DigestOrPlainText, DigestType, #'ECPrivateKey'{privateKey = PrivKey,
 						    parameters = Param}) ->
     ECCurve = ec_curve_spec(Param),
-    crypto:sign(ecdsa, DigestType, DigestOrPlainText, [list_to_binary(PrivKey), ECCurve]);
+    crypto:sign(ecdsa, DigestType, DigestOrPlainText, [PrivKey, ECCurve]);
 
 %% Backwards compatible
 sign(Digest, none, #'DSAPrivateKey'{} = Key) ->
@@ -530,7 +530,7 @@ pkix_sign(#'OTPTBSCertificate'{signature =
     Signature = sign(Msg, DigestType, Key),
     Cert = #'OTPCertificate'{tbsCertificate= TBSCert,
 			     signatureAlgorithm = SigAlg,
-			     signature = {0, Signature}
+			     signature = Signature
 			    },
     pkix_encode('OTPCertificate', Cert, otp).
 
@@ -985,14 +985,14 @@ ec_generate_key(Params) ->
 ec_curve_spec( #'ECParameters'{fieldID = FieldId, curve = PCurve, base = Base, order = Order, cofactor = CoFactor }) ->
     Field = {pubkey_cert_records:supportedCurvesTypes(FieldId#'FieldID'.fieldType),
 	     FieldId#'FieldID'.parameters},
-    Curve = {erlang:list_to_binary(PCurve#'Curve'.a), erlang:list_to_binary(PCurve#'Curve'.b), none},
-    {Field, Curve, erlang:list_to_binary(Base), Order, CoFactor};
+    Curve = {PCurve#'Curve'.a, PCurve#'Curve'.b, none},
+    {Field, Curve, Base, Order, CoFactor};
 ec_curve_spec({namedCurve, OID}) ->
     pubkey_cert_records:namedCurves(OID).
 
 ec_key({PubKey, PrivateKey}, Params) ->
     #'ECPrivateKey'{version = 1,
-		    privateKey = binary_to_list(PrivateKey),
+		    privateKey = PrivateKey,
 		    parameters = Params,
-		    publicKey = {0, PubKey}}.
+		    publicKey = PubKey}.
 
-- 
cgit v1.2.3