File 2231-public_key-Update-included-macros-and-records-in-pub.patch of Package erlang
From 75884b33cc76abc35b462c497b65bc9d541d1672 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Thu, 15 May 2025 09:15:30 +0200
Subject: [PATCH] public_key: Update included macros and records in public
include file
Retain backwards compatibility.
---
lib/public_key/include/public_key.hrl | 153 +++++++++++++++++----
lib/public_key/src/Makefile | 1 +
lib/public_key/src/pubkey_pbe.erl | 21 +--
lib/public_key/src/pubkey_pem.erl | 17 +--
lib/public_key/src/pubkey_translation.erl | 10 +-
lib/public_key/src/public_key.erl | 66 ++++-----
lib/public_key/src/public_key_internal.hrl | 18 +++
7 files changed, 197 insertions(+), 89 deletions(-)
diff --git a/lib/public_key/include/public_key.hrl b/lib/public_key/include/public_key.hrl
index 55ffa989e9..52e68282b1 100644
--- a/lib/public_key/include/public_key.hrl
+++ b/lib/public_key/include/public_key.hrl
@@ -200,12 +200,6 @@
extensions = asn1_NOVALUE
}).
--record('AlgorithmIdentifier',
- {
- algorithm,
- parameters = asn1_NOVALUE
- }).
-
%%%
%%% Erlang alternate representation of PKIX certificate
%%%
@@ -237,32 +231,17 @@
parameters = asn1_NOVALUE
}).
--define('id-dsa-with-sha1', {1,2,840,10040,4,3}).
--define('id-dsaWithSHA1', {1,3,14,3,2,27}). %Probably obsolete.
--define('md2WithRSAEncryption', {1,2,840,113549,1,1,2}).
--define('md5WithRSAEncryption', {1,2,840,113549,1,1,4}).
--define('sha1WithRSAEncryption', {1,2,840,113549,1,1,5}).
--define('sha-1WithRSAEncryption', {1,3,14,3,2,29}). %Probably obsolete.
--define('sha224WithRSAEncryption', {1,2,840,113549,1,1,14}).
--define('sha256WithRSAEncryption', {1,2,840,113549,1,1,11}).
--define('sha512WithRSAEncryption', {1,2,840,113549,1,1,13}).
--define('ecdsa-with-SHA1', {1,2,840,10045,4,1}).
-%% Undocumented but used by test suite.
--define('id-dsa-with-sha224', {2,16,840,1,101,3,4,3,1}).
--define('id-dsa-with-sha256', {2,16,840,1,101,3,4,3,2}).
+%% Hash functions
+
-define('id-sha1', {1,3,14,3,2,26}).
-define('id-sha224', {2,16,840,1,101,3,4,2,4}).
-define('id-sha256', {2,16,840,1,101,3,4,2,1}).
-define('id-sha384', {2,16,840,1,101,3,4,2,2}).
-define('id-sha512', {2,16,840,1,101,3,4,2,3}).
--define('sha384WithRSAEncryption', {1,2,840,113549,1,1,12}).
--define('id-RSASSA-PSS', {1,2,840,113549,1,1,10}).
--define('ecdsa-with-SHA256', {1,2,840,10045,4,3,2}).
--define('ecdsa-with-SHA384', {1,2,840,10045,4,3,3}).
--define('ecdsa-with-SHA512', {1,2,840,10045,4,3,4}).
--define('rSASSA-PSS-Default-Identifier', {'RSASSA-AlgorithmIdentifier',{1,2,840,113549,1,1,10},{'RSASSA-PSS-params',{'HashAlgorithm',{1,3,14,3,2,26},'NULL'},{'MaskGenAlgorithm',{1,2,840,113549,1,1,8},{'HashAlgorithm',{1,3,14,3,2,26},'NULL'}},20,1}}).
--define('id-mgf1', {1,2,840,113549,1,1,8}).
+
+
+
-record('AttributeTypeAndValue',
{
@@ -285,7 +264,8 @@
-define('id-at-serialNumber', {2,5,4,5}).
-define('id-at-pseudonym', {2,5,4,65}).
-%% Not documented but used by the test suite.
+%% Should we document ?
+-define('id-domainComponent', {0,9,2342,19200300,100,1,25}).
-define('id-emailAddress', {1,2,840,113549,1,9,1}).
-define('id-at-organizationalUnitName', {2,5,4,11}).
@@ -305,20 +285,59 @@
subjectPublicKey
}).
+%% OTP certificate format
-record('PublicKeyAlgorithm',
{
algorithm,
parameters = asn1_NOVALUE
}).
+%% plain certificate format
+-record('AlgorithmIdentifier',
+ {
+ algorithm,
+ parameters = asn1_NOVALUE
+ }).
+
+
%%%
%%% Public-key algorithms
%%%
+
+%% Digital signatures
+%% Modern
+-define('id-RSASSA-PSS', {1,2,840,113549,1,1,10}).
+-define('rSASSA-PSS-Default-Identifier', {'RSASSA-AlgorithmIdentifier',{1,2,840,113549,1,1,10},{'RSASSA-PSS-params',{'HashAlgorithm',{1,3,14,3,2,26},'NULL'},{'MaskGenAlgorithm',{1,2,840,113549,1,1,8},{'HashAlgorithm',{1,3,14,3,2,26},'NULL'}},20,1}}).
+-define('id-mgf1', {1,2,840,113549,1,1,8}).
+-define('id-ecPublicKey', {1,2,840,10045,2,1}).
+-define('ecdsa-with-SHA256', {1,2,840,10045,4,3,2}).
+-define('ecdsa-with-SHA384', {1,2,840,10045,4,3,3}).
+-define('ecdsa-with-SHA512', {1,2,840,10045,4,3,4}).
+
+%% Legacy
-define('rsaEncryption', {1,2,840,113549,1,1,1}).
+-define('md2WithRSAEncryption', {1,2,840,113549,1,1,2}).
+-define('md5WithRSAEncryption', {1,2,840,113549,1,1,4}).
+-define('sha1WithRSAEncryption', {1,2,840,113549,1,1,5}).
+-define('sha224WithRSAEncryption', {1,2,840,113549,1,1,14}).
+-define('sha256WithRSAEncryption', {1,2,840,113549,1,1,11}).
+-define('sha384WithRSAEncryption', {1,2,840,113549,1,1,12}).
+-define('sha512WithRSAEncryption', {1,2,840,113549,1,1,13}).
+-define('sha512-224WithRSAEncryption', {1,2,840,113549,1,1,15}).
+-define('sha512-256WithRSAEncryption', {1,2,840,113549,1,1,16}).
+-define('sha-1WithRSAEncryption', {1,3,14,3,2,29}).
+-define('id-hmacWithSHA1', {1,2,840,113549,2,7}).
+-define('ecdsa-with-SHA1', {1,2,840,10045,4,1}).
-define('id-dsa', {1,2,840,10040,4,1}).
+-define('id-dsaWithSHA1', {1,3,14,3,2,27}).
+-define('id-dsa-with-sha1', {1,2,840,10040,4,3}).
+-define('id-dsa-with-sha224', {2,16,840,1,101,3,4,3,1}).
+-define('id-dsa-with-sha256', {2,16,840,1,101,3,4,3,2}).
+
+%% Key exchange
-define('dhpublicnumber', {1,2,840,10046,2,1}).
-define('id-keyExchangeAlgorithm', {2,16,840,1,101,2,1,1,22}).
--define('id-ecPublicKey', {1,2,840,10045,2,1}).
+
-record('Extension',
{
@@ -672,6 +691,8 @@
}).
-define('id-pkix-ocsp-nonce', {1,3,6,1,5,5,7,48,1,2}).
+-define('id-ad-ocsp', {1,3,6,1,5,5,7,48,1}).
+-define('id-pe-authorityInfoAccess', {1,3,6,1,5,5,7,1,1}).
%%%
%%% Undocumented but used by SSL.
@@ -699,11 +720,83 @@
parameters = asn1_NOVALUE
}).
-%% used by SSL test suite
+-record('EncryptedPrivateKeyInfo',
+ {
+ encryptionAlgorithm,
+ encryptedData
+ }).
+-record('EncryptedPrivateKeyInfo_encryptionAlgorithm',
+ {algorithm,
+ parameters
+ }).
+
+-record('OneAsymmetricKey', {
+ version,
+ privateKeyAlgorithm,
+ privateKey,
+ attributes = asn1_NOVALUE,
+ %% with extensions
+ publicKey = asn1_NOVALUE
+ %% end of extensions
+}).
+
+%% Password based encryption
+-define('id-PBES2', {1,2,840,113549,1,5,13}).
-define('id-PBKDF2', {1,2,840,113549,1,5,12}).
--define('id-hmacWithSHA1', {1,2,840,113549,2,7}).
+
+-define('id-hmacWithSHA224', {1,2,840,113549,2,8}).
+-define('id-hmacWithSHA256', {1,2,840,113549,2,9}).
+-define('id-hmacWithSHA384', {1,2,840,113549,2,10}).
+-define('id-hmacWithSHA512', {1,2,840,113549,2,11}).
+
+-define('id-aes128-CBC', {2,16,840,1,101,3,4,1,2}).
+-define('id-aes192-CBC', {2,16,840,1,101,3,4,1,22}).
-define('id-aes256-CBC', {2,16,840,1,101,3,4,1,42}).
+-define('rc2CBC', {1,2,840,113549,3,2}).
+
+-record('RC2-CBC-Parameter', {
+ rc2ParameterVersion = asn1_NOVALUE,
+ iv
+}).
+
+-record('PBES2-params', {
+ keyDerivationFunc,
+ encryptionScheme
+}).
+
+-record('PBES2-params_keyDerivationFunc', {
+ algorithm,
+ parameters = asn1_NOVALUE
+}).
+
+-record('PBES2-params_encryptionScheme', {
+ algorithm,
+ parameters = asn1_NOVALUE
+}).
+
+-record('PBEParameter', {
+ salt,
+ iterationCount
+}).
+
+-record('PBKDF2-params', {
+ salt,
+ iterationCount,
+ keyLength = asn1_NOVALUE,
+ prf = asn1_DEFAULT
+}).
+
+-record('PBKDF2-params_prf', {
+ algorithm,
+ parameters = asn1_NOVALUE
+}).
+
+-record('EncryptionAlgorithmIdentifier', {
+ algorithm,
+ parameters = asn1_NOVALUE
+}).
+
%%%
%%% Undocumented but used by SSH.
diff --git a/lib/public_key/src/Makefile b/lib/public_key/src/Makefile
index 9649c8b83b..ae0d380df7 100644
--- a/lib/public_key/src/Makefile
+++ b/lib/public_key/src/Makefile
@@ -93,6 +93,7 @@ ERL_COMPILE_FLAGS += $(PUB_KEY_ERL_FLAGS) \
$(TYPES): $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET) $(HRL_FILES)
$(EBIN)/pubkey_ssh.$(EMULATOR): pubkey_moduli.hrl
+$(TARGET_FILES): $(HRL_FILES)
pubkey_moduli.hrl: ../priv/moduli
escript ../priv/convert.escript $< $@
diff --git a/lib/public_key/src/pubkey_pbe.erl b/lib/public_key/src/pubkey_pbe.erl
index 242f42397d..9347a22d68 100644
--- a/lib/public_key/src/pubkey_pbe.erl
+++ b/lib/public_key/src/pubkey_pbe.erl
@@ -25,18 +25,19 @@
-moduledoc false.
-include("PKCS-FRAME.hrl").
-
-include("PKCS-1.hrl").
-
--define('id-aes128-CBC', {2,16,840,1,101,3,4,1,2}).
--define('id-aes192-CBC', {2,16,840,1,101,3,4,1,22}).
--define('id-aes256-CBC', {2,16,840,1,101,3,4,1,42}).
+-include("CMSAesRsaesOaep-2009.hrl").
-export([encode/4, decode/4, decrypt_parameters/1, encrypt_parameters/1]).
-export([pbdkdf1/4, pbdkdf2/7]).
-define(ASN1_OCTET_STR_TAG, 4).
+-record('EncryptedPrivateKeyInfo_encryptionAlgorithm',
+ {algorithm,
+ parameters
+ }).
+
%%====================================================================
%% Internal application API
%%====================================================================
@@ -114,17 +115,17 @@ pbdkdf2(Password, Salt, Count, DerivedKeyLen, Prf, PrfHash, PrfOutputLen)->
blocks(NumBlocks, NumLastBlockOctets, 1, Password, Salt,
Count, Prf, PrfHash, PrfOutputLen, <<>>).
%%--------------------------------------------------------------------
--spec decrypt_parameters(#'EncryptionAlgorithmIdentifier'{}) ->
+-spec decrypt_parameters(#'EncryptedPrivateKeyInfo_encryptionAlgorithm'{}) ->
{Cipher::string(), #'PBES2-params'{}}.
%% Description: Performs ANS1-decoding of encryption parameters.
%%--------------------------------------------------------------------
-decrypt_parameters(#'EncryptionAlgorithmIdentifier'{
+decrypt_parameters(#'EncryptedPrivateKeyInfo_encryptionAlgorithm'{
algorithm = Oid, parameters = Param}) ->
decrypt_parameters(Oid, decode_handle_open_type_wrapper(Param)).
%%--------------------------------------------------------------------
-spec encrypt_parameters({Cipher::string(), Params::term()}) ->
- #'EncryptionAlgorithmIdentifier'{}.
+ #'EncryptedPrivateKeyInfo_encryptionAlgorithm'{}.
%%
%% Description: Performs ANS1-decoding of encryption parameters.
%%--------------------------------------------------------------------
@@ -211,13 +212,13 @@ decrypt_parameters(?'pbeWithMD5AndDES-CBC', DekParams) ->
encrypt_parameters(_Cipher, #'PBES2-params'{} = Params) ->
{ok, Der} ='PKCS-FRAME':encode('PBES2-params', Params),
- #'EncryptionAlgorithmIdentifier'{
+ #'EncryptedPrivateKeyInfo_encryptionAlgorithm'{
algorithm = ?'id-PBES2',
parameters = encode_handle_open_type_wrapper(Der)};
encrypt_parameters(Cipher, {#'PBEParameter'{} = Params, Hash}) ->
{ok, Der} ='PKCS-FRAME':encode('PBEParameter', Params),
- #'EncryptionAlgorithmIdentifier'{
+ #'EncryptedPrivateKeyInfo_encryptionAlgorithm'{
algorithm = pbe1_oid(Cipher, Hash),
parameters = encode_handle_open_type_wrapper(Der)}.
diff --git a/lib/public_key/src/pubkey_pem.erl b/lib/public_key/src/pubkey_pem.erl
index 527c9b888a..f5232ec01a 100644
--- a/lib/public_key/src/pubkey_pem.erl
+++ b/lib/public_key/src/pubkey_pem.erl
@@ -44,22 +44,7 @@
-module(pubkey_pem).
-moduledoc false.
--record('PBEParameter', {
- salt,
- iterationCount
-}).
-
--record('PBES2-params', {
- keyDerivationFunc,
- encryptionScheme
-}).
-
--record('EncryptedPrivateKeyInfo', {
- encryptionAlgorithm,
- encryptedData
-}).
-
--include("public_key.hrl").
+-include("PKCS-FRAME.hrl").
-export([encode/1, decode/1, decipher/2, cipher/3]).
diff --git a/lib/public_key/src/pubkey_translation.erl b/lib/public_key/src/pubkey_translation.erl
index c4fdd0d54b..9323f9acce 100644
--- a/lib/public_key/src/pubkey_translation.erl
+++ b/lib/public_key/src/pubkey_translation.erl
@@ -31,7 +31,8 @@ decode(#'SubjectPublicKeyInfo'{algorithm=AlgId0,subjectPublicKey=Key}) ->
#'SubjectPublicKeyInfo_algorithm'{algorithm=AlgId1,parameters=Params1} = AlgId0,
AlgId = decode(AlgId1),
Params = decode(Params1),
- #'SubjectPublicKeyInfo'{algorithm={'PublicKeyAlgorithm', AlgId, Params},
+ %% Documented as AlgorithmIdentifier in plain
+ #'SubjectPublicKeyInfo'{algorithm={'AlgorithmIdentifier', AlgId, Params},
subjectPublicKey=Key};
decode(#'DSA-Params'{p=P,q=Q,g=G}) ->
{params, #'Dss-Parms'{p=P,q=Q,g=G}};
@@ -46,6 +47,8 @@ decode({'OneAsymmetricKey', Vsn, KeyAlg, PrivKey, Attrs, PubKey} = Orig) -> %%
v1 -> {'PrivateKeyInfo', Vsn, KeyAlg, PrivKey, Attrs, PubKey};
_ -> Orig
end;
+decode({'EncryptionAlgorithmIdentifier', Algo, Params}) ->
+ {'EncryptedPrivateKeyInfo_encryptionAlgorithm', Algo, Params};
decode(Tuple) when is_tuple(Tuple) ->
case is_simple_tuple(Tuple) of
true ->
@@ -61,7 +64,8 @@ decode(Other) ->
decode_list(List) ->
[decode(E) || E <- List].
-encode(#'SubjectPublicKeyInfo'{algorithm={'PublicKeyAlgorithm', AlgId0, Params},
+%% Documented as AlgorithmIdentifier in plain
+encode(#'SubjectPublicKeyInfo'{algorithm={'AlgorithmIdentifier', AlgId0, Params},
subjectPublicKey=Key}) ->
AlgId1 = encode(AlgId0),
Params1 = encode(Params),
@@ -77,6 +81,8 @@ encode({params, #'Dss-Parms'{p=P,q=Q,g=G}}) ->
#'DSA-Params'{p=P,q=Q,g=G};
encode({'Dss-Sig-Value', R,S}) ->
#'DSA-Sig-Value'{r = R, s = S};
+encode({'EncryptedPrivateKeyInfo_encryptionAlgorithm', Algo, Params}) ->
+ {'EncryptionAlgorithmIdentifier', Algo, Params};
encode(Tuple) when is_tuple(Tuple) ->
case is_simple_tuple(Tuple) of
true ->
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 2c0b445144..f2b33ffa97 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -396,7 +396,7 @@ pem_encode(PemEntries) when is_list(PemEntries) ->
-spec pem_entry_decode(PemEntry) -> term() when PemEntry :: pem_entry() .
pem_entry_decode({'SubjectPublicKeyInfo', Der, _}) ->
- {_, {'PublicKeyAlgorithm', AlgId, Params0}, Key0} =
+ {_, {'AlgorithmIdentifier', AlgId, Params0}, Key0} =
der_decode('SubjectPublicKeyInfo', Der),
KeyType = pubkey_cert_records:supportedPublicKeyAlgorithms(AlgId),
@@ -475,11 +475,11 @@ pem_entry_encode('SubjectPublicKeyInfo',
pem_entry_encode('SubjectPublicKeyInfo',
{#'ECPoint'{point = Key}, {namedCurve, ID}})
when is_binary(Key), ID =:= ?'id-Ed448' orelse ID =:= ?'id-Ed25519' ->
- Spki = subject_public_key_info(#'PublicKeyAlgorithm'{algorithm = ID}, Key),
+ Spki = subject_public_key_info(#'AlgorithmIdentifier'{algorithm = ID}, Key),
pem_entry_encode('SubjectPublicKeyInfo', Spki);
pem_entry_encode('SubjectPublicKeyInfo',
{#'ECPoint'{point = Key}, ECParam}) when is_binary(Key)->
- Spki = subject_public_key_info(#'PublicKeyAlgorithm'{algorithm =?'id-ecPublicKey',
+ Spki = subject_public_key_info(#'AlgorithmIdentifier'{algorithm =?'id-ecPublicKey',
parameters = ECParam},
Key),
pem_entry_encode('SubjectPublicKeyInfo', Spki);
@@ -540,7 +540,8 @@ der_decode(Asn1Type, Der) when (((Asn1Type == 'PrivateKeyInfo')
(Asn1Type == 'EncryptedPrivateKeyInfo'))
andalso is_binary(Der)) ->
try
- {ok, Decoded} = 'PKCS-FRAME':decode(Asn1Type, Der),
+ {ok, Decoded0} = 'PKCS-FRAME':decode(Asn1Type, Der),
+ Decoded = pubkey_translation:decode(Decoded0),
der_priv_key_decode(Decoded)
catch
error:{badmatch, {error, _}} = Error ->
@@ -594,6 +595,7 @@ get_asn1_module('ContentInfo') -> 'CryptographicMessageSyntax-2009';
get_asn1_module('CurvePrivateKey') -> 'Safecurves-pkix-18';
get_asn1_module('DHParameter') -> 'PKCS-3';
get_asn1_module('ECPrivateKey') -> 'ECPrivateKey';
+get_asn1_module('ECParameters') -> 'PKIXAlgs-2009';
get_asn1_module('DSA-Params') -> 'PKIXAlgs-2009';
get_asn1_module('DSAPrivateKey') -> 'DSS';
get_asn1_module('DSAPublicKey') -> 'PKIXAlgs-2009';
@@ -613,7 +615,8 @@ get_asn1_module('GeneralNames') -> 'PKIX1Implicit-2009'.
handle_pkcs_frame_error('PrivateKeyInfo', Der, _) ->
try
- {ok, Decoded} = 'PKCS-FRAME':decode('OneAsymmetricKey', Der),
+ {ok, Decoded0} = 'PKCS-FRAME':decode('OneAsymmetricKey', Der),
+ Decoded = pubkey_translation:decode(Decoded0),
der_priv_key_decode(Decoded)
catch
error:{badmatch, {error, _}} = Error ->
@@ -627,14 +630,14 @@ handle_pkcs_frame_error(_, _, Error) ->
-define(dsa_private_key_type, 'DSAPublicKey').
%% NOTE: No longer defined in modern ASN.1 specs.
-der_priv_key_decode(#'OneAsymmetricKey'{version = v1,
+der_priv_key_decode(#'PrivateKeyInfo'{version = v1,
privateKeyAlgorithm =
#'PrivateKeyAlgorithmIdentifier'{algorithm = ?'id-ecPublicKey',
parameters = {asn1_OPENTYPE, Parameters}},
privateKey = PrivKey}) ->
EcPrivKey = der_decode('ECPrivateKey', PrivKey),
EcPrivKey#'ECPrivateKey'{parameters = der_decode('EcpkParameters', Parameters)};
-der_priv_key_decode(#'OneAsymmetricKey'{version = v1,
+der_priv_key_decode(#'PrivateKeyInfo'{version = v1,
privateKeyAlgorithm =
#'PrivateKeyAlgorithmIdentifier'{algorithm = CurveOId},
privateKey = CurvePrivKey}) when
@@ -642,23 +645,12 @@ der_priv_key_decode(#'OneAsymmetricKey'{version = v1,
CurveOId == ?'id-Ed448' ->
PrivKey = der_decode('CurvePrivateKey', CurvePrivKey),
#'ECPrivateKey'{version = 1, parameters = {namedCurve, CurveOId}, privateKey = PrivKey};
-der_priv_key_decode(#'OneAsymmetricKey'{
- privateKeyAlgorithm = #'PrivateKeyAlgorithmIdentifier'{algorithm = CurveOId},
- privateKey = CurvePrivKey,
- attributes = Attr,
- publicKey = PubKey}) when
- CurveOId == ?'id-Ed25519'orelse
- CurveOId == ?'id-Ed448' ->
- PrivKey = der_decode('CurvePrivateKey', CurvePrivKey),
- #'ECPrivateKey'{version = 2, parameters = {namedCurve, CurveOId}, privateKey = PrivKey,
- attributes = Attr,
- publicKey = PubKey};
-der_priv_key_decode(#'OneAsymmetricKey'{version = v1,
+der_priv_key_decode(#'PrivateKeyInfo'{version = v1,
privateKeyAlgorithm =
#'PrivateKeyAlgorithmIdentifier'{algorithm = ?'rsaEncryption'},
privateKey = PrivKey}) ->
der_decode('RSAPrivateKey', PrivKey);
-der_priv_key_decode(#'OneAsymmetricKey'{version = v1,
+der_priv_key_decode(#'PrivateKeyInfo'{version = v1,
privateKeyAlgorithm =
#'PrivateKeyAlgorithmIdentifier'{algorithm = ?'id-RSASSA-PSS',
parameters = {asn1_OPENTYPE, Parameters}},
@@ -666,7 +658,7 @@ der_priv_key_decode(#'OneAsymmetricKey'{version = v1,
Key = der_decode('RSAPrivateKey', PrivKey),
Params = der_decode('RSASSA-PSS-params', Parameters),
{Key, Params};
-der_priv_key_decode(#'OneAsymmetricKey'{version = v1,
+der_priv_key_decode(#'PrivateKeyInfo'{version = v1,
privateKeyAlgorithm =
#'PrivateKeyAlgorithmIdentifier'{algorithm = ?'id-RSASSA-PSS',
parameters = asn1_NOVALUE},
@@ -674,7 +666,7 @@ der_priv_key_decode(#'OneAsymmetricKey'{version = v1,
Key = der_decode('RSAPrivateKey', PrivKey),
#'RSASSA-AlgorithmIdentifier'{parameters = Params} = ?'rSASSA-PSS-Default-Identifier',
{Key, Params};
-der_priv_key_decode(#'OneAsymmetricKey'{version = v1,
+der_priv_key_decode(#'PrivateKeyInfo'{version = v1,
privateKeyAlgorithm =
#'PrivateKeyAlgorithmIdentifier'{algorithm = ?'id-dsa',
parameters =
@@ -683,6 +675,17 @@ der_priv_key_decode(#'OneAsymmetricKey'{version = v1,
{ok, #'DSA-Params'{p=P, q=Q, g=G}} = 'PKIXAlgs-2009':decode('DSA-Params', Parameters),
X = der_decode(?dsa_private_key_type, PrivKey),
#'DSAPrivateKey'{version=1, p=P, q=Q, g=G, x=X};
+der_priv_key_decode(#'OneAsymmetricKey'{
+ privateKeyAlgorithm = #'PrivateKeyAlgorithmIdentifier'{algorithm = CurveOId},
+ privateKey = CurvePrivKey,
+ attributes = Attr,
+ publicKey = PubKey}) when
+ CurveOId == ?'id-Ed25519'orelse
+ CurveOId == ?'id-Ed448' ->
+ PrivKey = der_decode('CurvePrivateKey', CurvePrivKey),
+ #'ECPrivateKey'{version = 2, parameters = {namedCurve, CurveOId}, privateKey = PrivKey,
+ attributes = Attr,
+ publicKey = PubKey};
der_priv_key_decode(PKCS8Key) ->
PKCS8Key.
@@ -770,16 +773,17 @@ der_encode('OneAsymmetricKey', #'ECPrivateKey'{parameters = {namedCurve, CurveOI
privateKey = Key,
attributes = Attr,
publicKey = PubKey});
-der_encode(Asn1Type, Entity) when (Asn1Type == 'PrivateKeyInfo') orelse
- (Asn1Type == 'OneAsymmetricKey') orelse
- (Asn1Type == 'EncryptedPrivateKeyInfo') ->
- try
- {ok, Encoded} = 'PKCS-FRAME':encode(Asn1Type, Entity),
- Encoded
- catch
+der_encode(Asn1Type, Entity0) when (Asn1Type == 'PrivateKeyInfo') orelse
+ (Asn1Type == 'OneAsymmetricKey') orelse
+ (Asn1Type == 'EncryptedPrivateKeyInfo') ->
+ try
+ Entity = pubkey_translation:encode(Entity0),
+ {ok, Encoded} = 'PKCS-FRAME':encode(Asn1Type, Entity),
+ Encoded
+ catch
error:{badmatch, {error, _}} = Error ->
- erlang:error(Error)
- end;
+ erlang:error(Error)
+ end;
der_encode('EcpkParameters', {namedCurve,_}=Entity) ->
try
{ok, Encoded} = 'PKIXAlgs-2009':encode('ECParameters', Entity),
diff --git a/lib/public_key/src/public_key_internal.hrl b/lib/public_key/src/public_key_internal.hrl
index f1f0ea664f..50074b0e2a 100644
--- a/lib/public_key/src/public_key_internal.hrl
+++ b/lib/public_key/src/public_key_internal.hrl
@@ -195,6 +195,18 @@
encryptionScheme
}).
+
+-record('PrivateKeyInfo',
+ {
+ version,
+ privateKeyAlgorithm,
+ privateKey,
+ attributes = asn1_NOVALUE,
+ %% with extensions
+ publicKey = asn1_NOVALUE
+ %% end of extensions
+ }).
+
-record('OneAsymmetricKey',
{
version,
@@ -212,6 +224,12 @@
parameters = asn1_NOVALUE
}).
+-record('PrivateKeyInfo_privateKeyAlgorithm',
+ {
+ algorithm,
+ parameters = asn1_NOVALUE
+ }).
+
-record('OTPSubjectPublicKeyInfo',
{
algorithm, % #'PublicKeyAlgorithm'{}
--
2.43.0
