File 3161-public_key-Add-handling-of-implicit-default-for-RSAS.patch of Package erlang
From b9d1950cdb82571e56511ac67ce4402a5cc223a7 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 6 Aug 2024 10:39:40 +0200
Subject: [PATCH] public_key: Add handling of implicit default for RSASSA-PSS
keys
---
lib/public_key/src/public_key.erl | 42 +++++++++++++------
lib/public_key/test/public_key_SUITE.erl | 19 ++++++++-
.../public_key_SUITE_data/pss_default.pem | 28 +++++++++++++
3 files changed, 76 insertions(+), 13 deletions(-)
create mode 100644 lib/public_key/test/public_key_SUITE_data/pss_default.pem
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 3cb9fea632..94f1bad405 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -385,19 +385,32 @@ der_priv_key_decode(#'OneAsymmetricKey'{
#'ECPrivateKey'{version = 2, parameters = {namedCurve, CurveOId}, privateKey = PrivKey,
attributes = Attr,
publicKey = PubKey};
-der_priv_key_decode({'PrivateKeyInfo', v1,
- {'PrivateKeyInfo_privateKeyAlgorithm', ?'rsaEncryption', _}, PrivKey, _}) ->
- der_decode('RSAPrivateKey', PrivKey);
-der_priv_key_decode({'PrivateKeyInfo', v1,
- {'PrivateKeyInfo_privateKeyAlgorithm', ?'id-RSASSA-PSS',
- {asn1_OPENTYPE, Parameters}}, PrivKey, _}) ->
+der_priv_key_decode(#'PrivateKeyInfo'{version = v1,
+ privateKeyAlgorithm =
+ #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'rsaEncryption'},
+ privateKey = PrivKey}) ->
+ der_decode('RSAPrivateKey', PrivKey);
+der_priv_key_decode(#'PrivateKeyInfo'{version = v1,
+ privateKeyAlgorithm =
+ #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-RSASSA-PSS',
+ parameters = {asn1_OPENTYPE, Parameters}},
+ privateKey = PrivKey}) ->
Key = der_decode('RSAPrivateKey', PrivKey),
Params = der_decode('RSASSA-PSS-params', Parameters),
{Key, Params};
der_priv_key_decode(#'PrivateKeyInfo'{version = v1,
- privateKeyAlgorithm = #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-dsa',
- parameters =
- {asn1_OPENTYPE, Parameters}},
+ privateKeyAlgorithm =
+ #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-RSASSA-PSS',
+ parameters = asn1_NOVALUE},
+ privateKey = PrivKey}) ->
+ Key = der_decode('RSAPrivateKey', PrivKey),
+ #'RSASSA-AlgorithmIdentifier'{parameters = Params} = ?'rSASSA-PSS-Default-Identifier',
+ {Key, Params};
+der_priv_key_decode(#'PrivateKeyInfo'{version = v1,
+ privateKeyAlgorithm =
+ #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-dsa',
+ parameters =
+ {asn1_OPENTYPE, Parameters}},
privateKey = PrivKey}) ->
{params, #'Dss-Parms'{p=P, q=Q, g=G}} = der_decode('DSAParams', Parameters),
X = der_decode('Prime-p', PrivKey),
@@ -432,10 +445,15 @@ der_encode('PrivateKeyInfo', #'RSAPrivateKey'{} = PrivKey) ->
privateKeyAlgorithm = Alg,
privateKey = Key});
der_encode('PrivateKeyInfo', {#'RSAPrivateKey'{} = PrivKey, Parameters}) ->
- Params = der_encode('RSASSA-PSS-params', Parameters),
+ #'RSASSA-AlgorithmIdentifier'{parameters = DefaultParams} = ?'rSASSA-PSS-Default-Identifier',
+ Params = case Parameters of
+ DefaultParams ->
+ asn1_NOVALUE;
+ _ ->
+ {asn1_OPENTYPE, der_encode('RSASSA-PSS-params', Parameters)}
+ end,
Alg = #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-RSASSA-PSS',
- parameters =
- {asn1_OPENTYPE, Params}},
+ parameters = Params},
Key = der_encode('RSAPrivateKey', PrivKey),
der_encode('PrivateKeyInfo', #'PrivateKeyInfo'{version = v1,
privateKeyAlgorithm = Alg,
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index 1a779e03bd..212fd4e84a 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -47,6 +47,8 @@
rsa_pem/1,
rsa_pss_pss_pem/0,
rsa_pss_pss_pem/1,
+ rsa_pss_default_pem/0,
+ rsa_pss_default_pem/1,
rsa_priv_pkcs8/0,
rsa_priv_pkcs8/1,
ec_pem/0,
@@ -173,7 +175,8 @@ all() ->
].
groups() ->
- [{pem_decode_encode, [], [dsa_pem, rsa_pem, rsa_pss_pss_pem, ec_pem,
+ [{pem_decode_encode, [], [dsa_pem, rsa_pem, rsa_pss_pss_pem,
+ rsa_pss_default_pem, ec_pem,
encrypted_pem_pwdstring, encrypted_pem_pwdfun,
dh_pem, cert_pem, pkcs7_pem, pkcs10_pem, ec_pem2,
rsa_priv_pkcs8, dsa_priv_pkcs8, ec_priv_pkcs8,
@@ -357,6 +360,20 @@ rsa_pss_pss_pem(Config) when is_list(Config) ->
RSAPemNoEndNewLines = strip_superfluous_newlines(RsaPem),
RSAPemNoEndNewLines = strip_superfluous_newlines(public_key:pem_encode([PrivEntry0])).
+rsa_pss_default_pem() ->
+ [{doc, "RSA PKCS8 RSASSA-PSS private key with default params decode/encode"}].
+rsa_pss_default_pem(Config) when is_list(Config) ->
+ Datadir = proplists:get_value(data_dir, Config),
+ {ok, RsaPem} = file:read_file(filename:join(Datadir, "pss_default.pem")),
+ [{'PrivateKeyInfo', DerRSAKey, not_encrypted} = Entry0 ] = public_key:pem_decode(RsaPem),
+ #'RSASSA-AlgorithmIdentifier'{parameters = Params} = ?'rSASSA-PSS-Default-Identifier',
+ {RSAKey, Params} = public_key:der_decode('PrivateKeyInfo', DerRSAKey),
+ {RSAKey, Parms} = public_key:pem_entry_decode(Entry0),
+ true = check_entry_type(RSAKey, 'RSAPrivateKey'),
+ PrivEntry0 = public_key:pem_entry_encode('PrivateKeyInfo', {RSAKey, Parms}),
+ RSAPemNoEndNewLines = strip_superfluous_newlines(RsaPem),
+ RSAPemNoEndNewLines = strip_superfluous_newlines(public_key:pem_encode([PrivEntry0])).
+
rsa_priv_pkcs8() ->
[{doc, "RSA PKCS8 private key decode/encode"}].
rsa_priv_pkcs8(Config) when is_list(Config) ->
diff --git a/lib/public_key/test/public_key_SUITE_data/pss_default.pem b/lib/public_key/test/public_key_SUITE_data/pss_default.pem
new file mode 100644
index 0000000000..0a9d082fcf
--- /dev/null
+++ b/lib/public_key/test/public_key_SUITE_data/pss_default.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEuwIBADALBgkqhkiG9w0BAQoEggSnMIIEowIBAAKCAQEAjPwd860nEH6sgfYE
+RXoAjMY3Rdl3ynuJd5/ZWqTBNGn/Wet8idPQix9nwUvZ6Nw7uGX00HeBITZeIZMo
+wXpK6b4m0JF0OUAyQMW5PeuRVc3Ox+D5rI+yktXD8FT6TQqW8fAjkYkQZ9lpugdH
++fpdEARTf1GY6WZ/bY/IBmHAOeOmexoaJ+4HZk17GUFs28fd4FICqeMBU0u4RAiu
+OLObdw2cFnOQrw3dst7SDUyFDHvx9SM4FqI2S7TSefsQB5hl/0WVzdpiOn5d1mti
+/VlGGunQlne822Ata9kYvtKBnmdFGj3GJLYoLF4PVGWpDMIiz2jcZ0+bPTnjf6E0
+E53ZFwIDAQABAoIBAD5RWMnzsS9E1urRPH0bWu/e0+K/qAgsCA0E7rX22mHZMqJk
+CVYA9w7v0FRsO0OHSayOAKM/F6h/GCeeHSc8b62XPB/4E1gVDMF9xI5euIylXrAS
+PTpuACCQdb4fSc5RDnydyZMUc1h8DRRKEKIp7QXd66x8/Gq6wDvFEMTlY2sSkfKm
+eXlyr8+07XA0E4s71MKgMCFecWEXH/q2RxsWSa0n6yeHP1noIMegZdtjbTXTpBPz
+ABizBh6O/a7JXoXnjfey1vD6M30PxlCTfOdAvgi6c3LRfeRkbrmyHjUnUIegrcYR
+PWXH5vYibQ30wIkW41+d89rtfu6Gb4BF3tnf3xECgYEAunS/e90S3C3GDJCg/f1s
+YE9IV0d4AajNPBZYB3G55O2XFr8nqXtCWW/0AAM54ooAXIJjONHe9n8aM0Ea7+6j
+Oi08LcDyyuqr3Phyix5RHqQ+mo+nNFxjnMBuLbmhUjNskBorPfY1kPNfoU18SBQu
+t16u2Q2upo5pp/TfpoTkfkcCgYEAwZGsQnK+6f+4s8R407mB5sBkbNNUfPobthOl
+A7b2oYXLcYdL6by7VYhTzm5mGwZKah5k2ZpOOpNi/D6NjEjIqxG7goT3I/Cl2+i5
+ZroC9/bEsifgAVdV7z1WsMontcvwZ1vohlNeTyMr4vhzh9RaWFWUj7QOeezjEHxD
+o7/8JrECgYEAkv+AB1Mfj163CSjtA9FMJBHdYpIB1q0SQREMjbHncMivmUtTJZb7
+lC9jGq9wb12FM2nId/9d3NAQA+CMMCTfovoOu7OmtruUiz2EcJGSOqoagRhIJkvA
+bNB5DKuQt5G7QVCgTtVRHdoBxtWj6d+fhQmsp4rV6pHUUooH2Oxkh/kCgYBcS+p4
+MKBpkP5v8SGvysdu0JPR9B5YDSXDdrB7CfWlZNdxxZJj3BLzILLdPnS/NAutd9qc
+i1/7vCU5o1X46weL0kO3Y1E4ONnM9rXYjp81vtthG3RLD2qxTW0VlP7ER37UudUw
+n3XbhCi7672iqZV+gyf4MWGpr1NBnA7geH1xsQKBgEvWCsVkWy+3HOgZzmHUbN7A
+ZDBm/R9F7Oe33vk8SGj8YFHry5P6R++1tAq9fEJaY+cG66qR+A5hBAkfQZv+qQgo
+4pOw4+QYTh8fmloeaSxl7SqTbn799/EqzdE7vwnNCTJMEyKuk2qbuxon0UT5vMi5
+d3/y0Y6zw4ZBp+9LS8ST
+-----END PRIVATE KEY-----
--
2.43.0
