diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index 3cb9fea632a4..94f1bad405fe 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -385,19 +385,32 @@ der_priv_key_decode(#'OneAsymmetricKey'{ #'ECPrivateKey'{version = 2, parameters = {namedCurve, CurveOId}, privateKey = PrivKey, attributes = Attr, publicKey = PubKey}; -der_priv_key_decode({'PrivateKeyInfo', v1, - {'PrivateKeyInfo_privateKeyAlgorithm', ?'rsaEncryption', _}, PrivKey, _}) -> - der_decode('RSAPrivateKey', PrivKey); -der_priv_key_decode({'PrivateKeyInfo', v1, - {'PrivateKeyInfo_privateKeyAlgorithm', ?'id-RSASSA-PSS', - {asn1_OPENTYPE, Parameters}}, PrivKey, _}) -> +der_priv_key_decode(#'PrivateKeyInfo'{version = v1, + privateKeyAlgorithm = + #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'rsaEncryption'}, + privateKey = PrivKey}) -> + der_decode('RSAPrivateKey', PrivKey); +der_priv_key_decode(#'PrivateKeyInfo'{version = v1, + privateKeyAlgorithm = + #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-RSASSA-PSS', + parameters = {asn1_OPENTYPE, Parameters}}, + privateKey = PrivKey}) -> Key = der_decode('RSAPrivateKey', PrivKey), Params = der_decode('RSASSA-PSS-params', Parameters), {Key, Params}; der_priv_key_decode(#'PrivateKeyInfo'{version = v1, - privateKeyAlgorithm = #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-dsa', - parameters = - {asn1_OPENTYPE, Parameters}}, + privateKeyAlgorithm = + #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-RSASSA-PSS', + parameters = asn1_NOVALUE}, + privateKey = PrivKey}) -> + Key = der_decode('RSAPrivateKey', PrivKey), + #'RSASSA-AlgorithmIdentifier'{parameters = Params} = ?'rSASSA-PSS-Default-Identifier', + {Key, Params}; +der_priv_key_decode(#'PrivateKeyInfo'{version = v1, + privateKeyAlgorithm = + #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-dsa', + parameters = + {asn1_OPENTYPE, Parameters}}, privateKey = PrivKey}) -> {params, #'Dss-Parms'{p=P, q=Q, g=G}} = der_decode('DSAParams', Parameters), X = der_decode('Prime-p', PrivKey), @@ -432,10 +445,15 @@ der_encode('PrivateKeyInfo', #'RSAPrivateKey'{} = PrivKey) -> privateKeyAlgorithm = Alg, privateKey = Key}); der_encode('PrivateKeyInfo', {#'RSAPrivateKey'{} = PrivKey, Parameters}) -> - Params = der_encode('RSASSA-PSS-params', Parameters), + #'RSASSA-AlgorithmIdentifier'{parameters = DefaultParams} = ?'rSASSA-PSS-Default-Identifier', + Params = case Parameters of + DefaultParams -> + asn1_NOVALUE; + _ -> + {asn1_OPENTYPE, der_encode('RSASSA-PSS-params', Parameters)} + end, Alg = #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-RSASSA-PSS', - parameters = - {asn1_OPENTYPE, Params}}, + parameters = Params}, Key = der_encode('RSAPrivateKey', PrivKey), der_encode('PrivateKeyInfo', #'PrivateKeyInfo'{version = v1, privateKeyAlgorithm = Alg, diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl index 1a779e03bdee..212fd4e84afd 100644 --- a/lib/public_key/test/public_key_SUITE.erl +++ b/lib/public_key/test/public_key_SUITE.erl @@ -47,6 +47,8 @@ rsa_pem/1, rsa_pss_pss_pem/0, rsa_pss_pss_pem/1, + rsa_pss_default_pem/0, + rsa_pss_default_pem/1, rsa_priv_pkcs8/0, rsa_priv_pkcs8/1, ec_pem/0, @@ -173,7 +175,8 @@ all() -> ]. groups() -> - [{pem_decode_encode, [], [dsa_pem, rsa_pem, rsa_pss_pss_pem, ec_pem, + [{pem_decode_encode, [], [dsa_pem, rsa_pem, rsa_pss_pss_pem, + rsa_pss_default_pem, ec_pem, encrypted_pem_pwdstring, encrypted_pem_pwdfun, dh_pem, cert_pem, pkcs7_pem, pkcs10_pem, ec_pem2, rsa_priv_pkcs8, dsa_priv_pkcs8, ec_priv_pkcs8, @@ -357,6 +360,20 @@ rsa_pss_pss_pem(Config) when is_list(Config) -> RSAPemNoEndNewLines = strip_superfluous_newlines(RsaPem), RSAPemNoEndNewLines = strip_superfluous_newlines(public_key:pem_encode([PrivEntry0])). +rsa_pss_default_pem() -> + [{doc, "RSA PKCS8 RSASSA-PSS private key with default params decode/encode"}]. +rsa_pss_default_pem(Config) when is_list(Config) -> + Datadir = proplists:get_value(data_dir, Config), + {ok, RsaPem} = file:read_file(filename:join(Datadir, "pss_default.pem")), + [{'PrivateKeyInfo', DerRSAKey, not_encrypted} = Entry0 ] = public_key:pem_decode(RsaPem), + #'RSASSA-AlgorithmIdentifier'{parameters = Params} = ?'rSASSA-PSS-Default-Identifier', + {RSAKey, Params} = public_key:der_decode('PrivateKeyInfo', DerRSAKey), + {RSAKey, Parms} = public_key:pem_entry_decode(Entry0), + true = check_entry_type(RSAKey, 'RSAPrivateKey'), + PrivEntry0 = public_key:pem_entry_encode('PrivateKeyInfo', {RSAKey, Parms}), + RSAPemNoEndNewLines = strip_superfluous_newlines(RsaPem), + RSAPemNoEndNewLines = strip_superfluous_newlines(public_key:pem_encode([PrivEntry0])). + rsa_priv_pkcs8() -> [{doc, "RSA PKCS8 private key decode/encode"}]. rsa_priv_pkcs8(Config) when is_list(Config) -> diff --git a/lib/public_key/test/public_key_SUITE_data/pss_default.pem b/lib/public_key/test/public_key_SUITE_data/pss_default.pem new file mode 100644 index 000000000000..0a9d082fcfe2 --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/pss_default.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEuwIBADALBgkqhkiG9w0BAQoEggSnMIIEowIBAAKCAQEAjPwd860nEH6sgfYE +RXoAjMY3Rdl3ynuJd5/ZWqTBNGn/Wet8idPQix9nwUvZ6Nw7uGX00HeBITZeIZMo +wXpK6b4m0JF0OUAyQMW5PeuRVc3Ox+D5rI+yktXD8FT6TQqW8fAjkYkQZ9lpugdH ++fpdEARTf1GY6WZ/bY/IBmHAOeOmexoaJ+4HZk17GUFs28fd4FICqeMBU0u4RAiu +OLObdw2cFnOQrw3dst7SDUyFDHvx9SM4FqI2S7TSefsQB5hl/0WVzdpiOn5d1mti +/VlGGunQlne822Ata9kYvtKBnmdFGj3GJLYoLF4PVGWpDMIiz2jcZ0+bPTnjf6E0 +E53ZFwIDAQABAoIBAD5RWMnzsS9E1urRPH0bWu/e0+K/qAgsCA0E7rX22mHZMqJk +CVYA9w7v0FRsO0OHSayOAKM/F6h/GCeeHSc8b62XPB/4E1gVDMF9xI5euIylXrAS +PTpuACCQdb4fSc5RDnydyZMUc1h8DRRKEKIp7QXd66x8/Gq6wDvFEMTlY2sSkfKm +eXlyr8+07XA0E4s71MKgMCFecWEXH/q2RxsWSa0n6yeHP1noIMegZdtjbTXTpBPz +ABizBh6O/a7JXoXnjfey1vD6M30PxlCTfOdAvgi6c3LRfeRkbrmyHjUnUIegrcYR +PWXH5vYibQ30wIkW41+d89rtfu6Gb4BF3tnf3xECgYEAunS/e90S3C3GDJCg/f1s +YE9IV0d4AajNPBZYB3G55O2XFr8nqXtCWW/0AAM54ooAXIJjONHe9n8aM0Ea7+6j +Oi08LcDyyuqr3Phyix5RHqQ+mo+nNFxjnMBuLbmhUjNskBorPfY1kPNfoU18SBQu +t16u2Q2upo5pp/TfpoTkfkcCgYEAwZGsQnK+6f+4s8R407mB5sBkbNNUfPobthOl +A7b2oYXLcYdL6by7VYhTzm5mGwZKah5k2ZpOOpNi/D6NjEjIqxG7goT3I/Cl2+i5 +ZroC9/bEsifgAVdV7z1WsMontcvwZ1vohlNeTyMr4vhzh9RaWFWUj7QOeezjEHxD +o7/8JrECgYEAkv+AB1Mfj163CSjtA9FMJBHdYpIB1q0SQREMjbHncMivmUtTJZb7 +lC9jGq9wb12FM2nId/9d3NAQA+CMMCTfovoOu7OmtruUiz2EcJGSOqoagRhIJkvA +bNB5DKuQt5G7QVCgTtVRHdoBxtWj6d+fhQmsp4rV6pHUUooH2Oxkh/kCgYBcS+p4 +MKBpkP5v8SGvysdu0JPR9B5YDSXDdrB7CfWlZNdxxZJj3BLzILLdPnS/NAutd9qc +i1/7vCU5o1X46weL0kO3Y1E4ONnM9rXYjp81vtthG3RLD2qxTW0VlP7ER37UudUw +n3XbhCi7672iqZV+gyf4MWGpr1NBnA7geH1xsQKBgEvWCsVkWy+3HOgZzmHUbN7A +ZDBm/R9F7Oe33vk8SGj8YFHry5P6R++1tAq9fEJaY+cG66qR+A5hBAkfQZv+qQgo +4pOw4+QYTh8fmloeaSxl7SqTbn799/EqzdE7vwnNCTJMEyKuk2qbuxon0UT5vMi5 +d3/y0Y6zw4ZBp+9LS8ST +-----END PRIVATE KEY-----