From 7c901c92f5936ca2f212300d2f13f899b7a222e0 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 26 Apr 2013 18:08:48 +0200
Subject: crypto: Deprecate functions, update doc and specs

---
 lib/public_key/doc/src/public_key.xml    | 16 +++++++++-------
 lib/public_key/include/public_key.hrl    |  4 +++-
 lib/public_key/src/public_key.erl        | 21 ++++++++-------------
 lib/public_key/test/pkits_SUITE.erl      | 11 +++++------
 lib/public_key/test/public_key_SUITE.erl |  2 +-
 5 files changed, 26 insertions(+), 28 deletions(-)

(limited to 'lib/public_key')

diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index 9cad17e4c3..45aaf21b80 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -100,8 +100,10 @@
     <p><code>dsa_public_key() = {integer(),  #'Dss-Parms'{}} </code></p>
 
     <p><code>dsa_private_key() = #'DSAPrivateKey'{}</code></p>
+
+    <p><code>ec_public_key()  = {#'ECPoint'{}, #'OTPEcpkParameters'{} | {namedCurve, oid()}} </code></p>
     
-    <p><code>ec_key()  = {'ECKey', Key}</code></p>
+    <p><code>ec_private_key()  = #'ECPrivateKey'{}</code></p>
 
     <p><code> public_crypt_options() = [{rsa_pad, rsa_padding()}]. </code></p>
 
@@ -112,7 +114,7 @@
 
     <p><code> dss_digest_type()  = 'sha' </code></p>
 
-    <p><code> ecdsa_digest_type()  = 'sha' </code></p>
+    <p><code> ecdsa_digest_type()  = 'sha'| 'sha224' | 'sha256' | 'sha384' | 'sha512' </code></p>
 
     <p><code> crl_reason()  = unspecified | keyCompromise | cACompromise | affiliationChanged | superseded | cessationOfOperation | certificateHold | privilegeWithdrawn |  aACompromise
     </code></p>
@@ -534,7 +536,7 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
        signed or it is the hashed value of "plain text" i.e. the
        digest.</d>
        <v>DigestType = rsa_digest_type() | dss_digest_type() | ecdsa_digest_type()</v>
-       <v>Key = rsa_private_key() | dsa_private_key() | ec_key()</v>
+       <v>Key = rsa_private_key() | dsa_private_key() | ec_private_key()</v>
   </type>
   <desc>
     <p> Creates a digital signature.</p> 
@@ -599,10 +601,10 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
         or it is the hashed value of "plain text" i.e. the digest.</d>
       <v>DigestType = rsa_digest_type() | dss_digest_type() | ecdsa_digest_type()</v>
       <v>Signature = binary()</v>
-      <v>Key = rsa_public_key() | dsa_public_key() | ec_key()</v>
-  </type> 
-  <desc> 
-    <p>Verifies a digital signature</p> 
+      <v>Key = rsa_public_key() | dsa_public_key() | ec_public_key()</v>
+  </type>
+  <desc>
+    <p>Verifies a digital signature</p>
   </desc> 
   </func>
   
diff --git a/lib/public_key/include/public_key.hrl b/lib/public_key/include/public_key.hrl
index 976104fe6c..363305957c 100644
--- a/lib/public_key/include/public_key.hrl
+++ b/lib/public_key/include/public_key.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2013. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -93,6 +93,8 @@
 -type rsa_private_key()      ::  #'RSAPrivateKey'{}.
 -type dsa_private_key()      ::  #'DSAPrivateKey'{}.
 -type dsa_public_key()       :: {integer(), #'Dss-Parms'{}}.
+-type ec_public_key()        :: {#'ECPoint'{},{namedCurve, Oid::tuple()} | #'OTPECParameters'{}}.
+-type ec_private_key()       :: #'ECPrivateKey'{}.
 -type der_encoded()          :: binary().
 -type decrypt_der()          :: binary().
 -type pki_asn1_type()        ::  'Certificate' | 'RSAPrivateKey' | 'RSAPublicKey'
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index a8fe9213ea..96eaacf60e 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -54,6 +54,7 @@
 -type public_crypt_options() :: [{rsa_pad, rsa_padding()}].
 -type rsa_digest_type()      :: 'md5' | 'sha'| 'sha224' | 'sha256' | 'sha384' | 'sha512'.
 -type dss_digest_type()      :: 'none' | 'sha'. %% None is for backwards compatibility
+-type ecdsa_digest_type()       :: 'sha'| 'sha224' | 'sha256' | 'sha384' | 'sha512'.
 -type crl_reason()           ::  unspecified | keyCompromise | cACompromise | affiliationChanged | superseded
 			       | cessationOfOperation | certificateHold | privilegeWithdrawn |  aACompromise.
 -type oid()                  :: tuple().
@@ -97,7 +98,7 @@ pem_entry_decode({'SubjectPublicKeyInfo', Der, _}) ->
         'DSAPublicKey' ->
             {params, DssParams} = der_decode('DSAParams', Params),
             {der_decode(KeyType, Key0), DssParams};
-        'ECPrivateKey' ->
+        'ECPoint' ->
             der_decode(KeyType, Key0)
     end;
 pem_entry_decode({Asn1Type, Der, not_encrypted}) when is_atom(Asn1Type),
@@ -355,7 +356,7 @@ compute_key(PubKey, PrivKey, #'DHParameter'{prime = P, base = G}) ->
 -spec pkix_sign_types(SignatureAlg::oid()) ->
 			     %% Relevant dsa digest type is subpart of rsa digest type
 			     { DigestType :: rsa_digest_type(),
-			       SignatureType :: rsa | dsa
+			       SignatureType :: rsa | dsa | ecdsa
 			     }.
 %% Description:
 %%--------------------------------------------------------------------
@@ -387,9 +388,9 @@ pkix_sign_types(?'ecdsa-with-SHA512') ->
     {sha512, ecdsa}.
 
 %%--------------------------------------------------------------------
--spec sign(binary() | {digest, binary()},  rsa_digest_type() | dss_digest_type(),
+-spec sign(binary() | {digest, binary()},  rsa_digest_type() | dss_digest_type() | ecdsa_digest_type(),
 	   rsa_private_key() |
-	   dsa_private_key()) -> Signature :: binary().
+	   dsa_private_key() | ec_private_key()) -> Signature :: binary().
 %% Description: Create digital signature.
 %%--------------------------------------------------------------------
 sign(DigestOrPlainText, DigestType, Key = #'RSAPrivateKey'{}) ->
@@ -408,9 +409,9 @@ sign(Digest, none, #'DSAPrivateKey'{} = Key) ->
     sign({digest,Digest}, sha, Key).
 
 %%--------------------------------------------------------------------
--spec verify(binary() | {digest, binary()}, rsa_digest_type() | dss_digest_type(),
+-spec verify(binary() | {digest, binary()}, rsa_digest_type() | dss_digest_type() | ecdsa_digest_type(),
 	     Signature :: binary(), rsa_public_key()
-	     | dsa_public_key()) -> boolean().
+	     | dsa_public_key() | ec_public_key()) -> boolean().
 %% Description: Verifies a digital signature.
 %%--------------------------------------------------------------------
 verify(DigestOrPlainText, DigestType, Signature,
@@ -452,7 +453,7 @@ pkix_sign(#'OTPTBSCertificate'{signature =
 
 %%--------------------------------------------------------------------
 -spec pkix_verify(Cert::binary(), rsa_public_key()|
-		  dsa_public_key()) -> boolean().
+		  dsa_public_key() | ec_public_key()) -> boolean().
 %%
 %% Description: Verify pkix x.509 certificate signature.
 %%--------------------------------------------------------------------
@@ -879,12 +880,6 @@ ec_curve_spec( #'OTPECParameters'{fieldID = FieldId, curve = PCurve, base = Base
 ec_curve_spec({namedCurve, OID}) ->
     pubkey_cert_records:namedCurves(OID).
 
-ec_key({PrivateKey, PubKey}, Curve) when is_atom(Curve) ->
-    #'ECPrivateKey'{version = 1,
-		    privateKey = int2list(PrivateKey),
-		    parameters = {namedCurve, pubkey_cert_records:namedCurves(Curve)},
-		    publicKey = {0, PubKey}};
-
 ec_key({PrivateKey, PubKey}, Params) ->
     #'ECPrivateKey'{version = 1,
 		    privateKey = int2list(PrivateKey),
diff --git a/lib/public_key/test/pkits_SUITE.erl b/lib/public_key/test/pkits_SUITE.erl
index d901adaadd..8cdf0aaae3 100644
--- a/lib/public_key/test/pkits_SUITE.erl
+++ b/lib/public_key/test/pkits_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2013. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -758,11 +758,10 @@ warning(Format, Args, File0, Line) ->
     io:format("~s(~p): Warning "++Format, [File,Line|Args]).
 
 crypto_support_check(Config) ->
-    try crypto:sha256(<<"Test">>) of
-	_ ->
-	    Config
-    catch error:notsup ->
-	    crypto:stop(),
+    case proplists:get_bool(sha256, crypto:algorithms()) of
+	true ->
+	    Config;
+	false ->
 	    {skip, "To old version of openssl"}
     end.
 
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index 0de80edeac..5a64140c67 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -551,7 +551,7 @@ dsa_sign_verify(Config) when is_list(Config) ->
     false = public_key:verify(Msg, sha, <<1:8, DSASign/binary>>, 
 			      {DSAPublicKey, DSAParams}), 
     
-    Digest = crypto:sha(Msg),
+    Digest = crypto:hash(sha,Msg),
     DigestSign = public_key:sign(Digest, none, DSAPrivateKey),
     true = public_key:verify(Digest, none, DigestSign, {DSAPublicKey, DSAParams}), 
     <<_:8, RestDigest/binary>> = Digest,
-- 
cgit v1.2.3