From c730d2fb0342523fa9014373b234b426bd9ca6f2 Mon Sep 17 00:00:00 2001
From: Seth Falcon <seth@userprimary.net>
Date: Tue, 18 Jan 2011 17:34:41 -0800
Subject: Improved support for RSA and DSA public keys

This patch allows the public_key module to decode and encode RSA and DSA
keys encoded using the SubjectPublicKeyInfo format.  When
pem_entry_encode is called on an RSA or DSA public key type, the key is
wrapped in the SubjectPublicKeyInfo format.
---
 lib/public_key/src/pubkey_cert_records.erl | 16 ++++++++++++----
 lib/public_key/src/pubkey_pem.erl          | 25 +++++++++++++++++++++----
 lib/public_key/src/public_key.erl          | 24 ++++++++++++++++++++++++
 3 files changed, 57 insertions(+), 8 deletions(-)

(limited to 'lib/public_key/src')

diff --git a/lib/public_key/src/pubkey_cert_records.erl b/lib/public_key/src/pubkey_cert_records.erl
index 20b322b4a4..7a387e487c 100644
--- a/lib/public_key/src/pubkey_cert_records.erl
+++ b/lib/public_key/src/pubkey_cert_records.erl
@@ -23,7 +23,7 @@
 
 -include("public_key.hrl").
 
--export([decode_cert/1, transform/2]).
+-export([decode_cert/1, transform/2, supportedPublicKeyAlgorithms/1]).
 
 %%====================================================================
 %% Internal application API
@@ -80,16 +80,24 @@ transform(Other,_) ->
     Other.
 
 %%--------------------------------------------------------------------
-%%% Internal functions
+-spec supportedPublicKeyAlgorithms(Oid::tuple()) -> asn1_type().
+%%
+%% Description: Returns the public key type for an algorithm
+%% identifier tuple as found in SubjectPublicKeyInfo.
+%%
 %%--------------------------------------------------------------------
-
-%%% SubjectPublicKey
 supportedPublicKeyAlgorithms(?'rsaEncryption') -> 'RSAPublicKey';
 supportedPublicKeyAlgorithms(?'id-dsa') -> 'DSAPublicKey';
 supportedPublicKeyAlgorithms(?'dhpublicnumber') -> 'DHPublicKey';
 supportedPublicKeyAlgorithms(?'id-keyExchangeAlgorithm') -> 'KEA-PublicKey';
 supportedPublicKeyAlgorithms(?'id-ecPublicKey') -> 'ECPoint'.
 
+%%--------------------------------------------------------------------
+%%% Internal functions
+%%--------------------------------------------------------------------
+
+%%% SubjectPublicKey
+
 decode_supportedPublicKey(#'OTPSubjectPublicKeyInfo'{algorithm= PA =
 						  #'PublicKeyAlgorithm'{algorithm=Algo},
 						  subjectPublicKey = {0,SPK0}}) ->
diff --git a/lib/public_key/src/pubkey_pem.erl b/lib/public_key/src/pubkey_pem.erl
index 31d881973a..78870e5cd7 100644
--- a/lib/public_key/src/pubkey_pem.erl
+++ b/lib/public_key/src/pubkey_pem.erl
@@ -93,11 +93,11 @@ encode_pem_entries(Entries) ->
 
 encode_pem_entry({Asn1Type, Der, not_encrypted}) ->
     StartStr = pem_start(Asn1Type),
-    [StartStr, "\n", b64encode_and_split(Der), pem_end(StartStr) ,"\n\n"];
+    [StartStr, "\n", b64encode_and_split(Der), "\n", pem_end(StartStr) ,"\n\n"];
 encode_pem_entry({Asn1Type, Der, {Cipher, Salt}}) ->
     StartStr = pem_start(Asn1Type),
     [StartStr,"\n", pem_decrypt(),"\n", pem_decrypt_info(Cipher, Salt),"\n",
-     b64encode_and_split(Der), pem_end(StartStr) ,"\n\n"].
+     b64encode_and_split(Der), "\n", pem_end(StartStr) ,"\n\n"].
 
 decode_pem_entries([], Entries) ->
     lists:reverse(Entries);
@@ -145,16 +145,22 @@ split_bin(N, Bin) ->
 b64encode_and_split(Bin) ->
     split_lines(base64:encode(Bin)).
 
+split_lines(<<Text:?ENCODED_LINE_LENGTH/binary>>) ->
+    [Text];
 split_lines(<<Text:?ENCODED_LINE_LENGTH/binary, Rest/binary>>) ->
     [Text, $\n | split_lines(Rest)];
 split_lines(Bin) ->
-    [Bin, $\n].
+    [Bin].
 
 %% Ignore white space at end of line
 join_entry([<<"-----END CERTIFICATE-----", _/binary>>| Lines], Entry) ->
     {lists:reverse(Entry), Lines};
 join_entry([<<"-----END RSA PRIVATE KEY-----", _/binary>>| Lines], Entry) ->
     {lists:reverse(Entry), Lines};
+join_entry([<<"-----END PUBLIC KEY-----", _/binary>>| Lines], Entry) ->
+    {lists:reverse(Entry), Lines};
+join_entry([<<"-----END RSA PUBLIC KEY-----", _/binary>>| Lines], Entry) ->
+    {lists:reverse(Entry), Lines};
 join_entry([<<"-----END DSA PRIVATE KEY-----", _/binary>>| Lines], Entry) ->
     {lists:reverse(Entry), Lines};
 join_entry([<<"-----END DH PARAMETERS-----", _/binary>>| Lines], Entry) ->
@@ -210,15 +216,22 @@ pem_start('Certificate') ->
     <<"-----BEGIN CERTIFICATE-----">>;
 pem_start('RSAPrivateKey') ->
     <<"-----BEGIN RSA PRIVATE KEY-----">>;
+pem_start('RSAPublicKey') ->
+    <<"-----BEGIN RSA PUBLIC KEY-----">>;
+pem_start('SubjectPublicKeyInfo') ->
+    <<"-----BEGIN PUBLIC KEY-----">>;
 pem_start('DSAPrivateKey') ->
     <<"-----BEGIN DSA PRIVATE KEY-----">>;
 pem_start('DHParameter') ->
     <<"-----BEGIN DH PARAMETERS-----">>.
-
 pem_end(<<"-----BEGIN CERTIFICATE-----">>) ->
     <<"-----END CERTIFICATE-----">>;
 pem_end(<<"-----BEGIN RSA PRIVATE KEY-----">>) ->
     <<"-----END RSA PRIVATE KEY-----">>;
+pem_end(<<"-----BEGIN RSA PUBLIC KEY-----">>) ->
+    <<"-----END RSA PUBLIC KEY-----">>;
+pem_end(<<"-----BEGIN PUBLIC KEY-----">>) ->
+    <<"-----END PUBLIC KEY-----">>;
 pem_end(<<"-----BEGIN DSA PRIVATE KEY-----">>) ->
     <<"-----END DSA PRIVATE KEY-----">>;
 pem_end(<<"-----BEGIN DH PARAMETERS-----">>) ->
@@ -230,6 +243,10 @@ asn1_type(<<"-----BEGIN CERTIFICATE-----">>) ->
     'Certificate';
 asn1_type(<<"-----BEGIN RSA PRIVATE KEY-----">>) ->
     'RSAPrivateKey';
+asn1_type(<<"-----BEGIN RSA PUBLIC KEY-----">>) ->
+    'RSAPublicKey';
+asn1_type(<<"-----BEGIN PUBLIC KEY-----">>) ->
+    'SubjectPublicKeyInfo';
 asn1_type(<<"-----BEGIN DSA PRIVATE KEY-----">>) ->
     'DSAPrivateKey';
 asn1_type(<<"-----BEGIN DH PARAMETERS-----">>) ->
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 30398df9cc..fad73e8e92 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -62,6 +62,7 @@
 -type dss_digest_type()      :: 'none' | 'sha'.
 
 -define(UINT32(X), X:32/unsigned-big-integer).
+-define(DER_NULL, <<5, 0>>).
 
 %%====================================================================
 %% API
@@ -90,6 +91,17 @@ pem_encode(PemEntries) when is_list(PemEntries) ->
 %% Description: Decodes a pem entry. pem_decode/1 returns a list of
 %% pem entries.
 %%--------------------------------------------------------------------
+pem_entry_decode({'SubjectPublicKeyInfo', Der, _}) ->
+    {_, {'AlgorithmIdentifier', AlgId, Params}, {0, Key0}}
+        = der_decode('SubjectPublicKeyInfo', Der),
+    KeyType = pubkey_cert_records:supportedPublicKeyAlgorithms(AlgId),
+    case KeyType of
+        'RSAPublicKey' ->
+            der_decode(KeyType, Key0);
+        'DSAPublicKey' ->
+            {params, DssParams} = der_decode('DSAParams', Params),
+            {der_decode(KeyType, Key0), DssParams}
+    end;
 pem_entry_decode({Asn1Type, Der, not_encrypted}) when is_atom(Asn1Type),
 						      is_binary(Der) ->
     der_decode(Asn1Type, Der).
@@ -114,6 +126,18 @@ pem_entry_decode({Asn1Type, CryptDer, {Cipher, Salt}} = PemEntry,
 %
 %% Description: Creates a pem entry that can be feed to pem_encode/1.
 %%--------------------------------------------------------------------
+pem_entry_encode('SubjectPublicKeyInfo', Entity=#'RSAPublicKey'{}) ->
+    Der = der_encode('RSAPublicKey', Entity),
+    Spki = {'SubjectPublicKeyInfo',
+            {'AlgorithmIdentifier', ?'rsaEncryption', ?DER_NULL}, {0, Der}},
+    pem_entry_encode('SubjectPublicKeyInfo', Spki);
+pem_entry_encode('SubjectPublicKeyInfo',
+                 {DsaInt, Params=#'Dss-Parms'{}}) when is_integer(DsaInt) ->
+    KeyDer = der_encode('DSAPublicKey', DsaInt),
+    ParamDer = der_encode('DSAParams', {params, Params}),
+    Spki = {'SubjectPublicKeyInfo',
+            {'AlgorithmIdentifier', ?'id-dsa', ParamDer}, {0, KeyDer}},
+    pem_entry_encode('SubjectPublicKeyInfo', Spki);
 pem_entry_encode(Asn1Type, Entity)  when is_atom(Asn1Type) ->
     Der = der_encode(Asn1Type, Entity),
     {Asn1Type, Der, not_encrypted}.
-- 
cgit v1.2.3