From 3cde11a94c2761aa8980931f455734d8870446b3 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 12 Jun 2012 16:26:35 +0200
Subject: public_key: Generalised API

---
 lib/public_key/doc/src/public_key.xml |  12 ++--
 lib/public_key/src/public_key.erl     | 116 ++++++++++++++++------------------
 2 files changed, 59 insertions(+), 69 deletions(-)

(limited to 'lib/public_key')

diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index 0b6673e826..0c9e0c9013 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -5,7 +5,7 @@
   <header>
     <copyright>
       <year>2008</year>
-      <year>2011</year>
+      <year>2012</year>
       <holder>Ericsson AB, All Rights Reserved</holder>
     </copyright>
     <legalnotice>
@@ -84,7 +84,7 @@
     
     <p><code> rsa_digest_type()  = 'md5' | 'sha' </code></p>
 
-    <p><code> dss_digest_type()  = 'none' | 'sha' </code></p>
+    <p><code> dss_digest_type()  = 'sha' </code></p>
 
     <p><code> ssh_file()  = openssh_public_key | rfc4716_public_key |
     known_hosts | auth_keys </code></p>
@@ -398,9 +398,9 @@
     <type>
        <v>Msg = binary()</v>
        <d>The msg is either the binary "plain text" data to be
-       signed or in the case that digest type is <c>none</c>
+       signed or in the case that digest type is <c>{digest, DigestType}</c>
        it is the hashed value of "plain text" i.e. the digest.</d>
-       <v>DigestType = rsa_digest_type() | dsa_digest_type()</v>
+       <v>DigestType = rsa_digest_type() | dsa_digest_type() | {digest, rsa_digest_type() | dsa_digest_type()}</v>
        <v>Key = rsa_private_key() | dsa_private_key()</v>
   </type> 
   <desc> 
@@ -463,9 +463,9 @@
     <type>
       <v>Msg = binary()</v>
        <d>The msg is either the binary "plain text" data 
-        or in the case that digest type is <c>none</c>
+        or in the case that digest type is <c>{digest, DigestType}</c>
 	it is the hashed value of "plain text" i.e. the digest.</d>
-      <v>DigestType = rsa_digest_type() | dsa_digest_type()</v>
+      <v>DigestType = rsa_digest_type() | dsa_digest_type() | {digest, rsa_digest_type() | dsa_digest_type()}</v>
       <v>Signature = binary()</v>
       <v>Key = rsa_public_key() | dsa_public_key()</v> 
   </type> 
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 1c5c6d1d2e..9c87c9505e 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -34,7 +34,6 @@
 	 decrypt_private/2, decrypt_private/3, 
 	 encrypt_public/2, encrypt_public/3, 
 	 decrypt_public/2, decrypt_public/3,
-	 sign_hash/3, verify_hash/4,
 	 sign/3, verify/4,
 	 pkix_sign/2, pkix_verify/2,	 
 	 pkix_is_self_signed/1, 
@@ -50,7 +49,7 @@
 			      | 'rsa_no_padding'.
 -type public_crypt_options() :: [{rsa_pad, rsa_padding()}].
 -type rsa_digest_type()      :: 'md5' | 'sha'| 'sha256' | 'sha512'.
--type dss_digest_type()      :: 'none' | 'sha'.
+-type dss_digest_type()      :: 'none' | 'sha'. %% None is for backwards compatibility
 
 -define(UINT32(X), X:32/unsigned-big-integer).
 -define(DER_NULL, <<5, 0>>).
@@ -333,76 +332,55 @@ format_rsa_private_key(#'RSAPrivateKey'{modulus = N, publicExponent = E,
    [crypto:mpint(K) || K <- [E, N, D]].
 
 %%--------------------------------------------------------------------
--spec sign_hash(PlainTextOrDigest :: binary(), rsa_digest_type() | dss_digest_type(),
-		rsa_private_key() |
-		dsa_private_key()) -> Signature :: binary().
-%%
-%% Description: Create a PKCS digital signature.
-%%--------------------------------------------------------------------
-sign_hash(Hash, DigestType,  #'RSAPrivateKey'{modulus = N,  publicExponent = E,
-					      privateExponent = D})
-  when is_binary(Hash) ->
-    crypto:rsa_sign_hash(DigestType, Hash, [crypto:mpint(E),
-					    crypto:mpint(N),
-					    crypto:mpint(D)]);
-sign_hash(Hash, DigestType, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X})
-  when is_binary(Hash)->
-    crypto:dss_sign_hash(DigestType, Hash,
-			 [crypto:mpint(P), crypto:mpint(Q),
-			  crypto:mpint(G), crypto:mpint(X)]).
-
-%%--------------------------------------------------------------------
--spec sign(PlainTextOrDigest :: binary(), rsa_digest_type() | dss_digest_type(), 
-	   rsa_private_key() | 
+-spec sign(PlainTextOrDigest :: binary(),  rsa_digest_type() | dss_digest_type() |
+	   {digest, rsa_digest_type() | dss_digest_type()},
+	   rsa_private_key() |
 	   dsa_private_key()) -> Signature :: binary().
-%%
 %% Description: Create digital signature.
 %%--------------------------------------------------------------------
-sign(PlainText, DigestType,
-     #'RSAPrivateKey'{modulus = N, publicExponent = E, privateExponent = D} = Key)
+sign(Digest, {digest, DigestType},  #'RSAPrivateKey'{modulus = N, publicExponent = E,
+						     privateExponent = D})
+  when is_binary(Digest),
+       (DigestType == sha orelse
+	DigestType == sh256 orelse
+	DigestType == sha512 orelse
+	DigestType == md5) ->
+    crypto:rsa_sign_hash(DigestType, Digest, [crypto:mpint(E), crypto:mpint(N), crypto:mpint(D)]);
+
+sign(PlainText,DigestType, #'RSAPrivateKey'{modulus = N, publicExponent = E,
+					    privateExponent = D})
   when is_binary(PlainText),
-       (DigestType == md5 orelse DigestType == sha),
-       is_integer(N), is_integer(E), is_integer(D)  ->
-    crypto:rsa_sign(DigestType, sized_binary(PlainText),
-                    format_rsa_private_key(Key));
-
-sign(Digest, none, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) 
-  when is_binary(Digest)->
-    crypto:dss_sign(none, Digest, 
-		    [crypto:mpint(P), crypto:mpint(Q), 
-		     crypto:mpint(G), crypto:mpint(X)]);
-  
-sign(PlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) 
+       (DigestType == sha orelse
+	DigestType == sh256 orelse
+	DigestType == sha512 orelse
+	DigestType == md5) ->
+    crypto:rsa_sign(DigestType, sized_binary(PlainText), [crypto:mpint(E),
+							  crypto:mpint(N),
+							 crypto:mpint(D)]);
+
+sign(PlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X})
   when is_binary(PlainText) ->
-    crypto:dss_sign(sized_binary(PlainText), 
-		    [crypto:mpint(P), crypto:mpint(Q), 
-		     crypto:mpint(G), crypto:mpint(X)]).
+    crypto:dss_sign(sized_binary(PlainText),
+          [crypto:mpint(P), crypto:mpint(Q),
+           crypto:mpint(G), crypto:mpint(X)]);
 
-%%--------------------------------------------------------------------
--spec verify_hash(PlainTextOrDigest :: binary(), rsa_digest_type() | dss_digest_type(),
-		  Signature :: binary(), rsa_public_key()
-		  | dsa_public_key()) -> boolean().
-%%
-%% Description: Verifies a PKCS digital signature.
-%%--------------------------------------------------------------------
-verify_hash(Hash, DigestType, Signature,
-	    #'RSAPublicKey'{modulus = Mod, publicExponent = Exp})
-  when is_binary (Hash) and (DigestType == sha orelse
-			     DigestType == sha256 orelse
-			     DigestType == sha512 orelse
-			     DigestType == md5) ->
-    crypto:rsa_verify_hash(DigestType, Hash,
-			   sized_binary(Signature),
-			   [crypto:mpint(Exp), crypto:mpint(Mod)]).
+sign(Digest, {digest, DigestType}, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X})
+  when is_binary(Digest)->
+    crypto:dss_sign_hash(DigestType, Digest,
+			 [crypto:mpint(P), crypto:mpint(Q),
+			  crypto:mpint(G), crypto:mpint(X)]);
+%% Backwards compatible
+sign(Digest, none, #'DSAPrivateKey'{} = Key) ->
+    sign(Digest, {digest, sha}, Key).
 
 %%--------------------------------------------------------------------
--spec verify(PlainTextOrDigest :: binary(), rsa_digest_type() | dss_digest_type(), 
-	     Signature :: binary(), rsa_public_key() 
+-spec verify(PlainTextOrDigest :: binary(), rsa_digest_type() | dss_digest_type() |
+	     {digest, rsa_digest_type() | dss_digest_type()},
+	     Signature :: binary(), rsa_public_key()
 	     | dsa_public_key()) -> boolean().
-%%
 %% Description: Verifies a digital signature.
 %%--------------------------------------------------------------------
-verify(PlainText, DigestType, Signature, 
+verify(PlainText, DigestType, Signature,
        #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}) 
   when is_binary (PlainText) and (DigestType == sha orelse
 				  DigestType == sha256 orelse 
@@ -413,14 +391,26 @@ verify(PlainText, DigestType, Signature,
 		      sized_binary(Signature), 
 		      [crypto:mpint(Exp), crypto:mpint(Mod)]);
 
-verify(Digest, none, Signature, {Key,  #'Dss-Parms'{p = P, q = Q, g = G}}) 
+verify(Digest, {digest, DigestType}, Signature, #'RSAPublicKey'{modulus = Mod, publicExponent = Exp})
+  when is_binary (Digest) and (DigestType == sha orelse
+			       DigestType == sha256 orelse
+			       DigestType == sha512 orelse
+			       DigestType == md5) ->
+    crypto:rsa_verify_hash(DigestType, Digest,
+			   sized_binary(Signature),
+			   [crypto:mpint(Exp), crypto:mpint(Mod)]);
+
+verify(Digest, {digest, sha}, Signature, {Key,  #'Dss-Parms'{p = P, q = Q, g = G}})
   when is_integer(Key),  is_binary(Digest), is_binary(Signature) ->
     crypto:dss_verify(none, 
 		      Digest, 
 		      sized_binary(Signature), 
 		      [crypto:mpint(P), crypto:mpint(Q), 
 		       crypto:mpint(G), crypto:mpint(Key)]);
-    
+%% Backwards compatibility
+verify(Digest, none, Signature, {_,  #'Dss-Parms'{}} = Key ) ->
+    verify(Digest, {digest, sha}, Signature, Key);
+
 verify(PlainText, sha, Signature, {Key,  #'Dss-Parms'{p = P, q = Q, g = G}}) 
   when is_integer(Key),  is_binary(PlainText), is_binary(Signature) ->
     crypto:dss_verify(sized_binary(PlainText), 
-- 
cgit v1.2.3