From 20aaacb5bc3ad0865c581ced9bd84e0a08a81514 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 26 Aug 2014 13:56:22 +0200
Subject: public_key: Fix spec and documentation for PBES

---
 lib/public_key/doc/src/public_key.xml |  4 +++-
 lib/public_key/src/pubkey_pem.erl     |  6 ++++--
 lib/public_key/src/public_key.erl     | 26 ++++++++++++++++----------
 3 files changed, 23 insertions(+), 13 deletions(-)

(limited to 'lib')

diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index f8011cd5c0..acb933dd39 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -92,7 +92,7 @@
     not_encrypted | cipher_info()}</code></p>
 
     <p><code>cipher_info()  =  {"RC2-CBC | "DES-CBC" | "DES-EDE3-CBC",
-    crypto:rand_bytes(8)} | 'PBES2-params'}</code></p>
+    crypto:rand_bytes(8) | {#'PBEParameter{}, digest_type()} |#'PBES2-params'{}}</code></p>
 	  
     <p><code>public_key()  = rsa_public_key() | dsa_public_key() | ec_public_key()</code></p>
     <p><code>private_key() = rsa_private_key() | dsa_private_key() | ec_private_key()</code></p>
@@ -113,6 +113,8 @@
 
     <p><code>rsa_padding() =  'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding' |
     'rsa_no_padding'</code></p>
+
+    <p><code>digest_type() - Union of below digest types</code></p>
     
     <p><code>rsa_digest_type()   = 'md5' | 'sha' | 'sha224' | 'sha256' | 'sha384' |
     'sha512'</code></p>
diff --git a/lib/public_key/src/pubkey_pem.erl b/lib/public_key/src/pubkey_pem.erl
index 8d2e97ad77..98881c4a6a 100644
--- a/lib/public_key/src/pubkey_pem.erl
+++ b/lib/public_key/src/pubkey_pem.erl
@@ -68,7 +68,8 @@ encode(PemEntries) ->
 
 %%--------------------------------------------------------------------
 -spec decipher({public_key:pki_asn1_type(), DerEncrypted::binary(),
-		{Cipher :: string(), Salt :: iodata() | #'PBES2-params'{}}},
+		{Cipher :: string(), Salt :: iodata() | #'PBES2-params'{} 
+					   | {#'PBEParameter'{}, atom()}}},
 	       string()) -> Der::binary().
 %%
 %% Description: Deciphers a decrypted pem entry.
@@ -77,7 +78,8 @@ decipher({_, DecryptDer, {Cipher, KeyDevParams}}, Password) ->
     pubkey_pbe:decode(DecryptDer, Password, Cipher, KeyDevParams).
 
 %%--------------------------------------------------------------------
--spec cipher(Der::binary(), {Cipher :: string(), Salt :: iodata() | #'PBES2-params'{}} ,
+-spec cipher(Der::binary(), {Cipher :: string(), Salt :: iodata() | #'PBES2-params'{} 
+						       | {#'PBEParameter'{}, atom()}}, 
 	     string()) -> binary().
 %%
 %% Description: Ciphers a PEM entry
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index bbe54ad4e1..75bb0c7b1c 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -64,9 +64,15 @@
 -type der_encoded()          :: binary().
 -type pki_asn1_type()        ::  'Certificate' | 'RSAPrivateKey' | 'RSAPublicKey'
 			       | 'DSAPrivateKey' | 'DSAPublicKey' | 'DHParameter'
-                               | 'SubjectPublicKeyInfo' | 'CertificationRequest' | 'CertificateList'.
--type pem_entry()            :: {pki_asn1_type(), binary(), %% DER or Encrypted DER
-				 not_encrypted | {Cipher :: string(), Salt :: binary()}}.
+                               | 'SubjectPublicKeyInfo' | 'PrivateKeyInfo' | 
+				 'CertificationRequest' | 'CertificateList' |
+				 'ECPrivateKey' | 'EcpkParameters'.
+-type pem_entry()            :: {pki_asn1_type(), 
+				 binary(), %% DER or Encrypted DER
+				 not_encrypted | {Cipher :: string(), Salt :: binary()} |
+				 {Cipher :: string(), #'PBES2-params'{}} | 
+				 {Cipher :: string(), {#'PBEParameter'{}, atom()}} %% hash type
+				}.
 -type asn1_type()            :: atom(). %% see "OTP-PUB-KEY.hrl
 -type ssh_file()             :: openssh_public_key | rfc4716_public_key | known_hosts |
 				auth_keys.
@@ -134,9 +140,9 @@ pem_entry_decode({Asn1Type, CryptDer, {Cipher, #'PBES2-params'{}}} = PemEntry,
 				is_list(Cipher) ->
     do_pem_entry_decode(PemEntry, Password);
 pem_entry_decode({Asn1Type, CryptDer, {Cipher, {#'PBEParameter'{},_}}} = PemEntry, 
-		 Password) when is_atom(Asn1Type) andalso
-				is_binary(CryptDer) andalso
-				is_list(Cipher) ->
+ 		 Password) when is_atom(Asn1Type) andalso
+ 				is_binary(CryptDer) andalso
+ 				is_list(Cipher) ->
     do_pem_entry_decode(PemEntry, Password);
 pem_entry_decode({Asn1Type, CryptDer, {Cipher, Salt}} = PemEntry, 
 		 Password) when is_atom(Asn1Type) andalso
@@ -174,10 +180,10 @@ pem_entry_encode(Asn1Type, Entity, {{Cipher, #'PBES2-params'{}} = CipherInfo,
 						    is_list(Cipher) ->
     do_pem_entry_encode(Asn1Type, Entity, CipherInfo, Password);
 pem_entry_encode(Asn1Type, Entity, {{Cipher,
-				     {#'PBEParameter'{}, _}} = CipherInfo,
-				    Password}) when is_atom(Asn1Type) andalso
-						    is_list(Password) andalso
-						    is_list(Cipher) ->
+ 				     {#'PBEParameter'{}, _}} = CipherInfo,
+ 				    Password}) when is_atom(Asn1Type) andalso
+ 						    is_list(Password) andalso
+ 						    is_list(Cipher) ->
     do_pem_entry_encode(Asn1Type, Entity, CipherInfo, Password);
 pem_entry_encode(Asn1Type, Entity, {{Cipher, Salt} = CipherInfo, 
 				    Password}) when is_atom(Asn1Type) andalso
-- 
cgit v1.2.3


From 382943f9a943eb4215a297f9445e21fb9b5c0633 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 26 Aug 2014 13:57:46 +0200
Subject: public_key: Fix spec and documentation for pkix_crls_validate

---
 lib/public_key/doc/src/public_key.xml | 2 +-
 lib/public_key/src/public_key.erl     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index acb933dd39..88b1a9248e 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -501,7 +501,7 @@ fun(OtpCert :: #'OTPCertificate'{},
      <fsummary> Performs CRL validation.</fsummary>
      <type>
        <v> OTPCertificate =  #'OTPCertificate'{}</v>
-       <v> DPAndCRLs  = [{DP::#'DistributionPoint'{} ,CRL::#'CertificateList'{}}] </v>
+       <v> DPAndCRLs  = [{DP::#'DistributionPoint'{}, {DerCRL::der_encoded(), CRL::#'CertificateList'{}}}] </v>
        <v> Options = proplists:proplist()</v>
        <v> CRLStatus() =  valid | {bad_cert, revocation_status_undetermined} |
        {bad_cert, {revoked, crl_reason()}}</v>
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 75bb0c7b1c..1bbf4ef416 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -626,11 +626,11 @@ pkix_path_validation(#'OTPCertificate'{} = TrustedCert, CertChain, Options)
 
 %--------------------------------------------------------------------
 -spec pkix_crls_validate(#'OTPCertificate'{},
-			 [{DP::#'DistributionPoint'{} ,CRL::#'CertificateList'{}}],
+			 [{DP::#'DistributionPoint'{}, {DerCRL::binary(), CRL::#'CertificateList'{}}}],
 			 Options :: proplists:proplist()) -> valid | {bad_cert, revocation_status_undetermined}
 								| {bad_cert, {revoked, crl_reason()}}.
 
-%% Description: Performs a basic path validation according to RFC 5280.
+%% Description: Performs a CRL validation according to RFC 5280.
 %%--------------------------------------------------------------------
 pkix_crls_validate(OtpCert, [{_,_,_} |_] = DPAndCRLs, Options) ->
     pkix_crls_validate(OtpCert, DPAndCRLs, DPAndCRLs,
-- 
cgit v1.2.3