From a05f8cf0121814702a48d474f9c3a91049103788 Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Thu, 6 Jul 2017 14:56:33 +0200
Subject: public_key: Update for new crypto:sign and crypto:verify from PR838

---
 lib/public_key/src/public_key.erl | 126 +++++++++++++++++++++++++-------------
 1 file changed, 85 insertions(+), 41 deletions(-)

(limited to 'lib/public_key/src')

diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 6651e9510e..834a75983e 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -37,7 +37,7 @@
 	 decrypt_public/2, decrypt_public/3,
 	 dh_gex_group/4,
 	 dh_gex_group_sizes/0,
-	 sign/3, verify/4,
+	 sign/3, sign/4, verify/4, verify/5,
 	 generate_key/1,
 	 compute_key/2, compute_key/3,
 	 pkix_sign/2, pkix_verify/2,	 
@@ -90,10 +90,12 @@
 				auth_keys.
 -type rsa_padding()          :: 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding' 
 			      | 'rsa_no_padding'.
+-type rsa_sign_padding()     :: 'rsa_pkcs1_padding' | 'rsa_pkcs1_pss_padding'.
 -type public_crypt_options() :: [{rsa_pad, rsa_padding()}].
--type rsa_digest_type()      :: 'md5' | 'sha'| 'sha224' | 'sha256' | 'sha384' | 'sha512'.
--type dss_digest_type()      :: 'none' | 'sha'. %% None is for backwards compatibility
--type ecdsa_digest_type()    :: 'sha'| 'sha224' | 'sha256' | 'sha384' | 'sha512'.
+-type rsa_digest_type()      :: 'md5' | 'ripemd160' | 'sha' | 'sha224' | 'sha256' | 'sha384' | 'sha512'.
+-type dss_digest_type()      :: 'none' | 'sha' | 'sha224' | 'sha256' | 'sha384' | 'sha512'. %% None is for backwards compatibility
+-type ecdsa_digest_type()    :: 'sha' | 'sha224' | 'sha256' | 'sha384' | 'sha512'.
+-type public_sign_options()  :: [{rsa_pad, rsa_sign_padding()} | {rsa_pss_saltlen, integer()}].
 -type digest_type()          :: rsa_digest_type() |  dss_digest_type() | ecdsa_digest_type().
 -type crl_reason()           ::  unspecified | keyCompromise | cACompromise | affiliationChanged | superseded
 			       | cessationOfOperation | certificateHold | privilegeWithdrawn |  aACompromise.
@@ -498,35 +500,67 @@ pkix_sign_types(?'ecdsa-with-SHA512') ->
     {sha512, ecdsa}.
 
 %%--------------------------------------------------------------------
--spec sign(binary() | {digest, binary()},  rsa_digest_type() | dss_digest_type() | ecdsa_digest_type(),
-	   rsa_private_key() |
-	   dsa_private_key() | ec_private_key()) -> Signature :: binary().
-%% Description: Create digital signature.
-%%--------------------------------------------------------------------
-sign(DigestOrPlainText, DigestType, Key = #'RSAPrivateKey'{}) ->
-    crypto:sign(rsa, DigestType, DigestOrPlainText, format_rsa_private_key(Key));
+-spec sign(binary() | {digest, binary()},
+           rsa_digest_type() | dss_digest_type() | ecdsa_digest_type(),
+	   rsa_private_key() | dsa_private_key() | ec_private_key()
+          ) -> Signature :: binary().
 
-sign(DigestOrPlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) ->
-    crypto:sign(dss, sha, DigestOrPlainText, [P, Q, G, X]);
+-spec sign(binary() | {digest, binary()},
+           rsa_digest_type() | dss_digest_type() | ecdsa_digest_type(),
+	   rsa_private_key() | dsa_private_key() | ec_private_key(),
+           public_sign_options()
+          ) -> Signature :: binary().
 
-sign(DigestOrPlainText, DigestType, #'ECPrivateKey'{privateKey = PrivKey,
-						    parameters = Param}) ->
-    ECCurve = ec_curve_spec(Param),
-    crypto:sign(ecdsa, DigestType, DigestOrPlainText, [PrivKey, ECCurve]);
+%% Description: Create digital signature.
+%%--------------------------------------------------------------------
+sign(DigestOrPlainText, DigestType, Key) ->
+    sign(DigestOrPlainText, DigestType, Key, []).
 
 %% Backwards compatible
-sign(Digest, none, #'DSAPrivateKey'{} = Key) ->
-    sign({digest,Digest}, sha, Key).
+sign(Digest, none, Key = #'DSAPrivateKey'{}, Options) when is_binary(Digest) ->
+    sign({digest, Digest}, sha, Key, Options);
+sign(DigestOrPlainText, DigestType, Key, Options) ->
+    case format_sign_key(Key) of
+	badarg ->
+	    erlang:error(badarg, [DigestOrPlainText, DigestType, Key, Options]);
+	{Algorithm, CryptoKey} ->
+	    crypto:sign(Algorithm, DigestType, DigestOrPlainText, CryptoKey, Options)
+    end.
 
 %%--------------------------------------------------------------------
--spec verify(binary() | {digest, binary()}, rsa_digest_type() | dss_digest_type() | ecdsa_digest_type(),
-	     Signature :: binary(), rsa_public_key()
-	     | dsa_public_key() | ec_public_key()) -> boolean().
+-spec verify(binary() | {digest, binary()},
+             rsa_digest_type() | dss_digest_type() | ecdsa_digest_type(),
+	     Signature :: binary(),
+             rsa_public_key() | dsa_public_key() | ec_public_key()
+               |  rsa_private_key() | dsa_private_key() | ec_private_key()
+            ) -> boolean().
+
+-spec verify(binary() | {digest, binary()},
+             rsa_digest_type() | dss_digest_type() | ecdsa_digest_type(),
+	     Signature :: binary(),
+             rsa_public_key() | dsa_public_key() | ec_public_key()
+               |  rsa_private_key() | dsa_private_key() | ec_private_key(),
+             public_sign_options()
+            ) -> boolean().
+
 %% Description: Verifies a digital signature.
 %%--------------------------------------------------------------------
-verify(DigestOrPlainText, DigestType, Signature, Key) when is_binary(Signature) ->
-    do_verify(DigestOrPlainText, DigestType, Signature, Key);
-verify(_,_,_,_) -> 
+verify(DigestOrPlainText, DigestType, Signature, Key) ->
+    verify(DigestOrPlainText, DigestType, Signature, Key, []).
+
+%% Backwards compatible
+verify(Digest, none, Signature, Key = {_, #'Dss-Parms'{}}, Options) when is_binary(Digest) ->
+    verify({digest, Digest}, sha, Signature, Key, Options);
+verify(Digest, none, Signature, Key = #'DSAPrivateKey'{}, Options) when is_binary(Digest) ->
+    verify({digest, Digest}, sha, Signature, Key, Options);
+verify(DigestOrPlainText, DigestType, Signature, Key, Options) when is_binary(Signature) ->
+    case format_verify_key(Key) of
+	badarg ->
+	    erlang:error(badarg, [DigestOrPlainText, DigestType, Signature, Key, Options]);
+	{Algorithm, CryptoKey} ->
+	    crypto:verify(Algorithm, DigestType, DigestOrPlainText, Signature, CryptoKey, Options)
+    end;
+verify(_,_,_,_,_) ->
     %% If Signature is a bitstring and not a binary we know already at this
     %% point that the signature is invalid.
     false.
@@ -993,22 +1027,32 @@ short_name_hash({rdnSequence, _Attributes} = Name) ->
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
-do_verify(DigestOrPlainText, DigestType, Signature,
-       #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}) ->
-    crypto:verify(rsa, DigestType, DigestOrPlainText, Signature,
-		  [Exp, Mod]);
-
-do_verify(DigestOrPlaintext, DigestType, Signature, {#'ECPoint'{point = Point}, Param}) ->
-    ECCurve = ec_curve_spec(Param),
-    crypto:verify(ecdsa, DigestType, DigestOrPlaintext, Signature, [Point, ECCurve]);
-
-%% Backwards compatibility
-do_verify(Digest, none, Signature, {_,  #'Dss-Parms'{}} = Key ) ->
-    verify({digest,Digest}, sha, Signature, Key);
-
-do_verify(DigestOrPlainText, sha = DigestType, Signature, {Key,  #'Dss-Parms'{p = P, q = Q, g = G}})
-  when is_integer(Key), is_binary(Signature) ->
-    crypto:verify(dss, DigestType, DigestOrPlainText, Signature, [P, Q, G, Key]).
+format_sign_key(Key = #'RSAPrivateKey'{}) ->
+    {rsa, format_rsa_private_key(Key)};
+format_sign_key(#'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) ->
+    {dss, [P, Q, G, X]};
+format_sign_key(#'ECPrivateKey'{privateKey = PrivKey, parameters = Param}) ->
+    {ecdsa, [PrivKey, ec_curve_spec(Param)]};
+format_sign_key(_) ->
+    badarg.
+
+format_verify_key(#'RSAPublicKey'{modulus = Mod, publicExponent = Exp}) ->
+    {rsa, [Exp, Mod]};
+format_verify_key({#'ECPoint'{point = Point}, Param}) ->
+    {ecdsa, [Point, ec_curve_spec(Param)]};
+format_verify_key({Key,  #'Dss-Parms'{p = P, q = Q, g = G}}) ->
+    {dss, [P, Q, G, Key]};
+%% Convert private keys to public keys
+format_verify_key(#'RSAPrivateKey'{modulus = Mod, publicExponent = Exp}) ->
+    format_verify_key(#'RSAPublicKey'{modulus = Mod, publicExponent = Exp});
+format_verify_key(#'ECPrivateKey'{parameters = Param, publicKey = {_, Point}}) ->
+    format_verify_key({#'ECPoint'{point = Point}, Param});
+format_verify_key(#'ECPrivateKey'{parameters = Param, publicKey = Point}) ->
+    format_verify_key({#'ECPoint'{point = Point}, Param});
+format_verify_key(#'DSAPrivateKey'{y=Y, p=P, q=Q, g=G}) ->
+    format_verify_key({Y, #'Dss-Parms'{p=P, q=Q, g=G}});
+format_verify_key(_) ->
+    badarg.
 
 do_pem_entry_encode(Asn1Type, Entity, CipherInfo, Password) ->
     Der = der_encode(Asn1Type, Entity),
-- 
cgit v1.2.3