File 2251-public_key-Adjust-macros-and-records-in-public-inclu.patch of Package erlang
From 8b31971a872a381da38120c5e34c6bcd53cbd222 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Mon, 16 Jun 2025 17:54:54 +0200
Subject: [PATCH] public_key: Adjust macros and records in public include and
doc
In addition to PR-9865. Documented standards should be supported
in der_encode/decode although not all records are documented in other ways than part
of ASN1-specs. This can be improved later.
---
.../doc/guides/public_key_records.md | 4 +-
lib/public_key/doc/public_key_app.md | 6 +-
lib/public_key/include/public_key.hrl | 413 +++++++++++++++---
lib/public_key/src/pubkey_pbe.erl | 18 +-
lib/public_key/src/public_key.erl | 83 +++-
lib/public_key/src/public_key_internal.hrl | 4 -
lib/public_key/test/erl_make_certs.erl | 2 +-
lib/public_key/test/public_key_SUITE.erl | 6 +-
8 files changed, 433 insertions(+), 103 deletions(-)
diff --git a/lib/public_key/doc/guides/public_key_records.md b/lib/public_key/doc/guides/public_key_records.md
index d3243df93e..280e517861 100644
--- a/lib/public_key/doc/guides/public_key_records.md
+++ b/lib/public_key/doc/guides/public_key_records.md
@@ -599,7 +599,7 @@ specifications and RFC 5280 are as follows:
version, % atom(),
subject, % {rdnSequence, [#AttributeTypeAndValue'{}]} ,
subjectPKInfo, % #'CertificationRequestInfo_subjectPKInfo'{},
- attributes % [#'AttributePKCS-10' {}]
+ attributes % [#'Attribute' {}]
}.
#'CertificationRequestInfo_subjectPKInfo'{
@@ -617,7 +617,7 @@ specifications and RFC 5280 are as follows:
parameters % der_encoded()
}.
-#'AttributePKCS-10'{
+#'Attribute'{
type, % oid(),
values % [der_encoded()]
}.
diff --git a/lib/public_key/doc/public_key_app.md b/lib/public_key/doc/public_key_app.md
index 0112028da2..f2806d482a 100644
--- a/lib/public_key/doc/public_key_app.md
+++ b/lib/public_key/doc/public_key_app.md
@@ -45,10 +45,8 @@ that reads files.
- Supports
[PKCS-3 ](https://web.archive.org/web/20170417091930/https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-3-diffie-hellman-key-agreement-standar.htm)\-
Diffie-Hellman Key Agreement Standard
-- Supports [PKCS-5](http://www.ietf.org/rfc/rfc2898.txt) \- Password-Based
- Cryptography Standard
-- Supports [AES ](http://www.ietf.org/rfc/fc3565.txt)\- Use of the Advanced
- Encryption Standard (AES) Algorithm in Cryptographic Message Syntax (CMS)
+- Supports Cryptographic Message Syntax (CMS) (http://www.ietf.org/rfc/rfc5652.txt) including Password-Based Encryption with original [PKCS-5](http://www.ietf.org/rfc/rfc2898.txt) support,
+ but currently excluding offical support for most of section 10-12 (if proven useful, especially Attribute Certificates v2, it might be added later).
- Supports [PKCS-8](http://www.ietf.org/rfc/rfc5208.txt) \- Private-Key
Information Syntax Standard
- Supports [PKCS-10](http://www.ietf.org/rfc/rfc5967.txt) \- Certification
diff --git a/lib/public_key/include/public_key.hrl b/lib/public_key/include/public_key.hrl
index 7ea04c48eb..244df1f5c7 100644
--- a/lib/public_key/include/public_key.hrl
+++ b/lib/public_key/include/public_key.hrl
@@ -1,3 +1,4 @@
+
%%
%% %CopyrightBegin%
%%
@@ -27,6 +28,8 @@
%%% RSA PKCS-1 & PSS-OAEP
%%%
+-define('pkcs-1', {1,2,840,113549,1,1}).
+
-record('RSAPublicKey',
{
modulus,
@@ -68,16 +71,20 @@
parameters = asn1_NOVALUE
}).
--record('RSAES-OAEP-params', {
- hashAlgorithm = asn1_DEFAULT,
- maskGenAlgorithm = asn1_DEFAULT,
- pSourceAlgorithm = asn1_DEFAULT
-}).
+-define('id-RSAES-OAEP', {1,2,840,113549,1,1,7}).
--record('RSAES-AlgorithmIdentifier', {
- algorithm,
- parameters = asn1_NOVALUE
-}).
+-record('RSAES-OAEP-params',
+ {
+ hashAlgorithm = asn1_DEFAULT,
+ maskGenAlgorithm = asn1_DEFAULT,
+ pSourceAlgorithm = asn1_DEFAULT
+ }).
+
+-record('RSAES-AlgorithmIdentifier',
+ {
+ algorithm,
+ parameters = asn1_NOVALUE
+ }).
-record('HashAlgorithm',
@@ -92,7 +99,17 @@
parameters = asn1_NOVALUE
}).
+-record('PSourceAlgorithm',
+ {
+ algorithm,
+ parameters = asn1_NOVALUE
+ }).
+
-define('id-pSpecified', {1,2,840,113549,1,1,9}).
+-define('pSpecifiedEmpty', {'PSourceAlgorithm',{1,2,840,113549,1,1,9},<<>>}).
+-define('emptyString', <<>>).
+-define('nullOctetString', <<>>).
+-define('nullParameters', 'NULL').
%%%
%%% DSA
@@ -115,9 +132,32 @@
g % pos_integer()
}).
+-record('DomainParameters',
+ {
+ p,
+ g,
+ q,
+ j = asn1_NOVALUE,
+ validationParms = asn1_NOVALUE
+ }).
+
+-record('ValidationParams',
+ {
+ seed,
+ pgenCounter
+ }).
+
+
+-record('Dss-Sig-Value',
+ {
+ r,
+ s
+ }).
+
%%%
%%% ECDSA, EDDSA, ECDH(E)
%%%
+-define('id-edwards-curve-algs', {1,3,101}).
-define('id-Ed25519', {1,3,101,112}).
-define('id-Ed448', {1,3,101,113}).
@@ -125,27 +165,33 @@
-define('id-X25519', {1,3,101,110}).
-define('id-X448', {1,3,101,111}).
--define('sect571r1', {1,3,132,0,39}).
--define('sect571k1', {1,3,132,0,38}).
--define('sect409r1', {1,3,132,0,37}).
+%% ECC
+-define('secp192r1', {1,2,840,10045,3,1,1}).
+-define('sect163k1', {1,3,132,0,1}).
+-define('sect163r2', {1,3,132,0,15}).
+-define('secp224r1', {1,3,132,0,33}).
+-define('sect233k1', {1,3,132,0,26}).
+-define('sect233r1', {1,3,132,0,27}).
+-define('secp256r1', {1,2,840,10045,3,1,7}).
+-define('sect283k1', {1,3,132,0,16}).
+-define('sect283r1', {1,3,132,0,17}).
+-define('secp384r1', {1,3,132,0,34}).
-define('sect409k1', {1,3,132,0,36}).
+-define('sect409r1', {1,3,132,0,37}).
-define('secp521r1', {1,3,132,0,35}).
--define('secp384r1', {1,3,132,0,34}).
--define('secp224r1', {1,3,132,0,33}).
+-define('sect571k1', {1,3,132,0,38}).
+-define('sect571r1', {1,3,132,0,39}).
+
+%% Legacy
-define('secp224k1', {1,3,132,0,32}).
-define('secp192k1', {1,3,132,0,31}).
-define('secp160r2', {1,3,132,0,30}).
-define('secp128r2', {1,3,132,0,29}).
-define('secp128r1', {1,3,132,0,28}).
--define('sect233r1', {1,3,132,0,27}).
--define('sect233k1', {1,3,132,0,26}).
-define('sect193r2', {1,3,132,0,25}).
-define('sect193r1', {1,3,132,0,24}).
-define('sect131r2', {1,3,132,0,23}).
-define('sect131r1', {1,3,132,0,22}).
--define('sect283r1', {1,3,132,0,17}).
--define('sect283k1', {1,3,132,0,16}).
--define('sect163r2', {1,3,132,0,15}).
-define('secp256k1', {1,3,132,0,10}).
-define('secp160k1', {1,3,132,0,9}).
-define('secp160r1', {1,3,132,0,8}).
@@ -155,9 +201,11 @@
-define('sect113r1', {1,3,132,0,4}).
-define('sect239k1', {1,3,132,0,3}).
-define('sect163r1', {1,3,132,0,2}).
--define('sect163k1', {1,3,132,0,1}).
--define('secp256r1', {1,2,840,10045,3,1,7}).
--define('secp192r1', {1,2,840,10045,3,1,1}).
+
+%% Brainpool
+-define('ellipticCurveRFC5639', {1,3,36,3,3,2,8,1}).
+-define('versionOne', {1,3,36,3,3,2,8,1,1}).
+-define('ecStdCurvesAndGeneration', {1,3,36,3,3,2,8}).
-define('brainpoolP160r1', {1,3,36,3,3,2,8,1,1,1}).
-define('brainpoolP160t1', {1,3,36,3,3,2,8,1,1,2}).
@@ -212,10 +260,16 @@
point
}).
+-record('ECDSA-Sig-Value',
+ {
+ r,
+ s
+ }).
+
%%%
%%% PKIX Certificates
%%%
-
+%% plain certificate format
-record('Certificate',
{
tbsCertificate,
@@ -237,13 +291,13 @@
extensions = asn1_NOVALUE
}).
-%% plain certificate format
--record('TBSCertificate_signature', {
- algorithm,
- parameters = asn1_NOVALUE
-}).
-
+-record('TBSCertificate_signature',
+ {
+ algorithm,
+ parameters = asn1_NOVALUE
+ }).
+-define('id-at', {2,5,4}).
-define('id-at-name', {2,5,4,41}).
-define('id-at-surname', {2,5,4,4}).
-define('id-at-givenName', {2,5,4,42}).
@@ -291,6 +345,7 @@
value
}).
+%% PKIX Common Type
-record('Extension',
{
extnID,
@@ -298,10 +353,28 @@
extnValue
}).
+-record('AttributeSet',
+ {
+ type,
+ values
+ }).
+
+-record('SingleAttribute',
+ {
+ type,
+ value
+ }).
+
+-record('SecurityCategory',
+ {
+ type,
+ value
+ }).
+
%%%
%%% Standard Certificate Extensions
%%%
-
+-define('id-ce', {2,5,29}).
-define('id-ce-targetInformation', {2,5,29,55}).
-define('id-ce-invalidityDate', {2,5,29,24}).
-define('id-ce-holdInstructionCode', {2,5,29,23}).
@@ -337,12 +410,24 @@
-define('anyExtendedKeyUsage', {2,5,29,37,0}).
-define('anyPolicy', {2,5,29,32,0}).
+-define('id-pkix', {1,3,6,1,5,5,7}).
+
+-define('id-kp', {1,3,6,1,5,5,7,3}).
-define('id-kp-timeStamping', {1,3,6,1,5,5,7,3,8}).
-define('id-kp-emailProtection', {1,3,6,1,5,5,7,3,4}).
-define('id-kp-codeSigning', {1,3,6,1,5,5,7,3,3}).
-define('id-kp-clientAuth', {1,3,6,1,5,5,7,3,2}).
-define('id-kp-serverAuth', {1,3,6,1,5,5,7,3,1}).
+-define('id-qt', {1,3,6,1,5,5,7,2}).
+-define('id-qt-cps', {1,3,6,1,5,5,7,2,1}).
+-define('id-qt-unotice', {1,3,6,1,5,5,7,2,2}).
+
+-define('holdInstruction', {2,2,840,10040,2}).
+-define('id-holdinstruction-none', {2,2,840,10040,2,1}).
+-define('id-holdinstruction-callissuer', {2,2,840,10040,2,2}).
+-define('id-holdinstruction-reject', {2,2,840,10040,2,3}).
+
-record('AuthorityKeyIdentifier',
{
keyIdentifier = asn1_NOVALUE,
@@ -386,6 +471,18 @@
subjectDomainPolicy
}).
+-record('EDIPartyName',
+ {
+ nameAssigner = asn1_NOVALUE,
+ partyName
+ }).
+
+-record('SubjectDirectoryAttributes_SEQOF',
+ {
+ type,
+ values
+ }).
+
-record('BasicConstraints',
{
cA = asn1_DEFAULT,
@@ -476,13 +573,22 @@
}).
%% Hash functions
+-record('DigestAlgorithm',
+ {
+ algorithm,
+ parameters = asn1_NOVALUE
+ }).
--define('id-sha1', {1,3,14,3,2,26}).
-define('id-sha224', {2,16,840,1,101,3,4,2,4}).
-define('id-sha256', {2,16,840,1,101,3,4,2,1}).
-define('id-sha384', {2,16,840,1,101,3,4,2,2}).
-define('id-sha512', {2,16,840,1,101,3,4,2,3}).
+%% Legacy hash functions
+-define('id-sha1', {1,3,14,3,2,26}).
+-define('id-md2', {1,2,840,113549,2,2}).
+-define('id-md5', {1,2,840,113549,2,5}).
+
%%%
%%% Public-key algorithms
%%%
@@ -495,7 +601,15 @@
{'RSASSA-PSS-params',{'HashAlgorithm',{1,3,14,3,2,26},'NULL'},
{'MaskGenAlgorithm',{1,2,840,113549,1,1,8},
{'HashAlgorithm',{1,3,14,3,2,26},'NULL'}},20,1}}).
+-define('rSAES-OAEP-Default-Identifier', {'RSAES-AlgorithmIdentifier',{1,2,840,113549,1,1,7},
+ {'RSAES-OAEP-params',{'Externalvaluereference',354,'PKCS-1',sha1},
+ {'Externalvaluereference',355,'PKCS-1',mgf1SHA1},
+ {'Externalvaluereference',356,'PKCS-1',pSpecifiedEmpty}}}).
-define('id-mgf1', {1,2,840,113549,1,1,8}).
+-define('sha1Identifier', {'HashAlgorithm',{1,3,14,3,2,26},'NULL'}).
+-define('sha1', {'HashAlgorithm',{1,3,14,3,2,26},'NULL'}).
+-define('mgf1SHA1', {'MaskGenAlgorithm',{1,2,840,113549,1,1,8},
+ {'Externalvaluereference',283,'PKIX1-PSS-OAEP-Algorithms-2009',sha1Identifier}}).
-define('id-ecPublicKey', {1,2,840,10045,2,1}).
-define('ecdsa-with-SHA224', {1,2,840,10045,4,3,1}).
-define('ecdsa-with-SHA256', {1,2,840,10045,4,3,2}).
@@ -523,23 +637,11 @@
-define('id-dsa-with-sha224', {2,16,840,1,101,3,4,3,1}).
-define('id-dsa-with-sha256', {2,16,840,1,101,3,4,3,2}).
-%% Undocumented but used by SSH.
--record('ECDSA-Sig-Value',
- {
- r,
- s
- }).
-
--record('Dss-Sig-Value',
- {
- r,
- s
- }).
-
-
%% Key exchange
-define('dhpublicnumber', {1,2,840,10046,2,1}).
-define('id-keyExchangeAlgorithm', {2,16,840,1,101,2,1,1,22}).
+-define('pkcs-3', {1,2,840,113549,1,3}).
+-define('dhKeyAgreement', {1,2,840,113549,1,3,1}).
-record('DHParameter',
{
@@ -584,22 +686,24 @@
crlExtensions = asn1_NOVALUE
}).
--record('TBSCertList_signature', {
- algorithm,
- parameters = asn1_NOVALUE
-}).
+-record('TBSCertList_signature',
+ {
+ algorithm,
+ parameters = asn1_NOVALUE
+ }).
--record('CertificateList_algorithmIdentifier', {
- algorithm,
- parameters = asn1_NOVALUE
-}).
+-record('CertificateList_algorithmIdentifier',
+ {
+ algorithm,
+ parameters = asn1_NOVALUE
+ }).
-record('TBSCertList_revokedCertificates_SEQOF',
{
userCertificate,
revocationDate,
crlEntryExtensions = asn1_NOVALUE
- }).
+ }).
%%%
%%% CRL Extensions
@@ -646,18 +750,19 @@
parameters = asn1_NOVALUE
}).
--record('CertificationRequest_signatureAlgorithm',
- {
- algorithm,
- parameters = asn1_NOVALUE
- }).
--record('AttributePKCS-10',
+-record('CertificationRequestInfo_attributes_SETOF',
{
type,
values
}).
+-record('CertificationRequest_signatureAlgorithm',
+ {
+ algorithm,
+ parameters = asn1_NOVALUE
+ }).
+
%%%
%%% OCSP
%%%
@@ -689,18 +794,39 @@
requestExtensions = asn1_NOVALUE
}).
+-record('TBSRequest_requestExtensions_SEQOF',
+ {
+ extnID,
+ critical = asn1_DEFAULT,
+ extnValue
+ }).
+
-record('Signature',
{
signatureAlgorithm,
signature,
certs = asn1_NOVALUE
}).
+
+-record('Signature_signatureAlgorithm',
+ {
+ algorithm,
+ parameters = asn1_NOVALUE
+ }).
+
-record('Request',
{
reqCert,
singleRequestExtensions = asn1_NOVALUE
}).
+-record('Request_singleRequestExtensions_SEQOF',
+ {
+ extnID,
+ critical = asn1_DEFAULT,
+ extnValue
+ }).
+
-record('CertID',
{
hashAlgorithm,
@@ -709,6 +835,12 @@
serialNumber
}).
+-record('CertID_hashAlgorithm',
+ {
+ algorithm,
+ parameters = asn1_NOVALUE
+ }).
+
-record('OCSPResponse',
{
responseStatus,
@@ -738,6 +870,19 @@
responseExtensions = asn1_NOVALUE
}).
+-record('BasicOCSPResponse_signatureAlgorithm',
+ {
+ algorithm,
+ parameters = asn1_NOVALUE
+ }).
+
+-record('ResponseData_responseExtensions_SEQOF',
+ {
+ extnID,
+ critical = asn1_DEFAULT,
+ extnValue
+ }).
+
-record('SingleResponse',
{
certID,
@@ -747,6 +892,13 @@
singleExtensions = asn1_NOVALUE
}).
+-record('SingleResponse_singleExtensions_SEQOF',
+ {
+ extnID,
+ critical = asn1_DEFAULT,
+ extnValue
+ }).
+
-record('RevokedInfo',
{
revocationTime,
@@ -772,6 +924,19 @@
certIdentifier = asn1_NOVALUE
}).
+-record('PreferredSignatureAlgorithm_sigIdentifier',
+ {
+ algorithm,
+ parameters = asn1_NOVALUE
+ }).
+
+-record('PreferredSignatureAlgorithm_certIdentifier',
+ {
+ algorithm,
+ parameters = asn1_NOVALUE
+ }).
+
+
%%%
%%% PKCS-8
%%%
@@ -818,18 +983,34 @@
%%% Password based encryption
%%%
+-define('pkcs-5', {1,2,840,113549,1,5}).
+
+-define('pbeWithSHA1AndRC2-CBC', {1,2,840,113549,1,5,11}).
+-define('pbeWithSHA1AndDES-CBC', {1,2,840,113549,1,5,10}).
+-define('pbeWithMD5AndRC2-CBC', {1,2,840,113549,1,5,6}).
+-define('pbeWithMD5AndDES-CBC', {1,2,840,113549,1,5,3}).
+-define('pbeWithMD2AndRC2-CBC', {1,2,840,113549,1,5,4}).
+-define('pbeWithMD2AndDES-CBC', {1,2,840,113549,1,5,1}).
+
-define('id-PBES2', {1,2,840,113549,1,5,13}).
-define('id-PBKDF2', {1,2,840,113549,1,5,12}).
+-define('defaultPBKDF2', {'PBKDF2-PRFsAlgorithmIdentifier',{1,3,6,1,5,5,8,1,2},'NULL'}).
-define('id-hmacWithSHA224', {1,2,840,113549,2,8}).
-define('id-hmacWithSHA256', {1,2,840,113549,2,9}).
-define('id-hmacWithSHA384', {1,2,840,113549,2,10}).
-define('id-hmacWithSHA512', {1,2,840,113549,2,11}).
+-define('aes', {2,16,840,1,101,3,4,1}).
+-define('id-aes256-wrap', {2,16,840,1,101,3,4,1,45}).
+-define('id-aes192-wrap', {2,16,840,1,101,3,4,1,25}).
+-define('id-aes128-wrap', {2,16,840,1,101,3,4,1,5}).
-define('id-aes128-CBC', {2,16,840,1,101,3,4,1,2}).
-define('id-aes192-CBC', {2,16,840,1,101,3,4,1,22}).
-define('id-aes256-CBC', {2,16,840,1,101,3,4,1,42}).
-define('rc2CBC', {1,2,840,113549,3,2}).
+-define('des-EDE3-CBC', {1,2,840,113549,3,7}).
+-define('desCBC', {1,3,14,3,2,7}).
-record('RC2-CBC-Parameter',
{
@@ -895,6 +1076,8 @@
-define('id-messageDigest', {1,2,840,113549,1,9,4}).
-define('id-signingTime', {1,2,840,113549,1,9,5}).
-define('id-countersignature', {1,2,840,113549,1,9,6}).
+-define('des-ede3-cbc', {1,2,840,113549,3,7}).
+-define('rc2-cbc', {1,2,840,113549,3,2}).
%% Legacy names for backwards compatibility
-define('encryptedData', {1,2,840,113549,1,7,6}).
@@ -1082,10 +1265,12 @@
%% with extensions
unprotectedAttrs = asn1_NOVALUE
}).
--record('EncryptedData_unprotectedAttrs_SETOF', {
- attrType,
- attrValues
-}).
+
+-record('EncryptedData_unprotectedAttrs_SETOF',
+ {
+ attrType,
+ attrValues
+ }).
-record('AuthenticatedData',
{
@@ -1187,4 +1372,104 @@
}).
+%% X400 addresses
+-record('ORAddress',
+ {
+ 'built-in-standard-attributes',
+ 'built-in-domain-defined-attributes' = asn1_NOVALUE,
+ 'extension-attributes' = asn1_NOVALUE
+ }).
+
+-record('BuiltInStandardAttributes',
+ {
+ 'country-name' = asn1_NOVALUE,
+ 'administration-domain-name' = asn1_NOVALUE,
+ 'network-address' = asn1_NOVALUE,
+ 'terminal-identifier' = asn1_NOVALUE,
+ 'private-domain-name' = asn1_NOVALUE,
+ 'organization-name' = asn1_NOVALUE,
+ 'numeric-user-identifier' = asn1_NOVALUE,
+ 'personal-name' = asn1_NOVALUE,
+ 'organizational-unit-names' = asn1_NOVALUE
+ }).
+
+-record('PersonalName',
+ {
+ surname,
+ 'given-name' = asn1_NOVALUE,
+ initials = asn1_NOVALUE,
+ 'generation-qualifier' = asn1_NOVALUE
+ }).
+
+-record('BuiltInDomainDefinedAttribute',
+ {
+ type,
+ value
+ }).
+
+-record('ExtensionAttribute',
+ {
+ 'extension-attribute-type',
+ 'extension-attribute-value'
+ }).
+
+-record('PDSParameter',
+ {
+ 'printable-string' = asn1_NOVALUE,
+ 'teletex-string' = asn1_NOVALUE
+ }).
+
+-record('PresentationAddress',
+ {
+ pSelector = asn1_NOVALUE,
+ sSelector = asn1_NOVALUE,
+ tSelector = asn1_NOVALUE,
+ nAddresses
+ }).
+
+-record('TeletexDomainDefinedAttribute',
+ {
+ type,
+ value
+ }).
+
+-define('ubMax', 32768).
+-define('ub-match', 128).
+-define('ub-common-name-length', 64).
+-define('ub-country-name-alpha-length', 2).
+-define('ub-country-name-numeric-length', 3).
+-define('ub-domain-defined-attributes', 4).
+-define('ub-domain-defined-attribute-type-length', 8).
+-define('ub-domain-defined-attribute-value-length', 128).
+-define('ub-domain-name-length', 16).
+-define('ub-extension-attributes', 256).
+-define('ub-e163-4-number-length', 15).
+-define('ub-e163-4-sub-address-length', 40).
+-define('ub-generation-qualifier-length', 3).
+-define('ub-given-name-length', 16).
+-define('ub-initials-length', 5).
+-define('ub-integer-options', 256).
+-define('ub-numeric-user-id-length', 32).
+-define('ub-organization-name-length', 64).
+-define('ub-organizational-unit-name-length', 32).
+-define('ub-organizational-units', 4).
+-define('ub-pds-name-length', 16).
+-define('ub-pds-parameter-length', 30).
+-define('ub-pds-physical-address-lines', 6).
+-define('ub-postal-code-length', 16).
+-define('ub-surname-length', 40).
+-define('ub-terminal-id-length', 24).
+-define('ub-unformatted-address-length', 180).
+-define('ub-x121-address-length', 16).
+
+-define('ub-state-name', 128).
+-define('ub-organization-name', 64).
+-define('ub-organizational-unit-name', 64).
+-define('ub-title', 64).
+-define('ub-serial-number', 64).
+-define('ub-pseudonym', 128).
+-define('ub-emailaddress-length', 255).
+-define('ub-locality-name', 128).
+-define('ub-common-name', 64).
+-define('ub-name', 32768).
-endif. % -ifdef(public_key).
diff --git a/lib/public_key/src/pubkey_pbe.erl b/lib/public_key/src/pubkey_pbe.erl
index 9347a22d68..f273ec01c2 100644
--- a/lib/public_key/src/pubkey_pbe.erl
+++ b/lib/public_key/src/pubkey_pbe.erl
@@ -168,8 +168,8 @@ do_pbdkdf1(Prev, Count, Acc, Hash) ->
iv(#'PBES2-params_encryptionScheme'{algorithm = ?'rc2CBC',
parameters = ASN1IV}) ->
- {ok, #'RC2-CBC-Parameter'{iv = IV}}
- = 'PKCS-FRAME':decode('RC2-CBC-Parameter', decode_handle_open_type_wrapper(ASN1IV)),
+ #'RC2-CBC-Parameter'{iv = IV}
+ = public_key:der_decode('RC2-CBC-Parameter', decode_handle_open_type_wrapper(ASN1IV)),
iolist_to_binary(IV);
iv(#'PBES2-params_encryptionScheme'{algorithm = _Algo,
parameters = ASN1IV}) ->
@@ -195,29 +195,29 @@ do_xor_sum(Prf, PrfHash, PrfLen, Prev, Password, Count, Acc)->
do_xor_sum(Prf, PrfHash, PrfLen, Result, Password, Count-1, crypto:exor(Acc, Result)).
decrypt_parameters(?'id-PBES2', DekParams) ->
- {ok, Params} = 'PKCS-FRAME':decode('PBES2-params', DekParams),
+ Params = public_key:der_decode('PBES2-params', DekParams),
{cipher(Params#'PBES2-params'.encryptionScheme), Params};
decrypt_parameters(?'pbeWithSHA1AndRC2-CBC', DekParams) ->
- {ok, Params} = 'PKCS-FRAME':decode('PBEParameter', DekParams),
+ Params = public_key:der_decode('PBEParameter', DekParams),
{"RC2-CBC", {Params, sha}};
decrypt_parameters(?'pbeWithSHA1AndDES-CBC', DekParams) ->
- {ok, Params} = 'PKCS-FRAME':decode('PBEParameter', DekParams),
+ Params = public_key:der_decode('PBEParameter', DekParams),
{"DES-CBC", {Params, sha}};
decrypt_parameters(?'pbeWithMD5AndRC2-CBC', DekParams) ->
- {ok, Params} = 'PKCS-FRAME':decode('PBEParameter', DekParams),
+ Params = public_key:der_decode('PBEParameter', DekParams),
{"RC2-CBC", {Params, md5}};
decrypt_parameters(?'pbeWithMD5AndDES-CBC', DekParams) ->
- {ok, Params} = 'PKCS-FRAME':decode('PBEParameter', DekParams),
+ Params = public_key:der_decode('PBEParameter', DekParams),
{"DES-CBC", {Params, md5}}.
encrypt_parameters(_Cipher, #'PBES2-params'{} = Params) ->
- {ok, Der} ='PKCS-FRAME':encode('PBES2-params', Params),
+ Der = public_key:der_encode('PBES2-params', Params),
#'EncryptedPrivateKeyInfo_encryptionAlgorithm'{
algorithm = ?'id-PBES2',
parameters = encode_handle_open_type_wrapper(Der)};
encrypt_parameters(Cipher, {#'PBEParameter'{} = Params, Hash}) ->
- {ok, Der} ='PKCS-FRAME':encode('PBEParameter', Params),
+ Der = public_key:der_encode('PBEParameter', Params),
#'EncryptedPrivateKeyInfo_encryptionAlgorithm'{
algorithm = pbe1_oid(Cipher, Hash),
parameters = encode_handle_open_type_wrapper(Der)}.
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index ad0920a1f5..096b80c3b4 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -535,9 +535,9 @@ pem_entry_encode(Asn1Type, Entity, {{Cipher, Salt} = CipherInfo,
%%
%% Description: Decodes a public key asn1 der encoded entity.
%%--------------------------------------------------------------------
-der_decode(Asn1Type, Der) when (((Asn1Type == 'PrivateKeyInfo')
- orelse
- (Asn1Type == 'EncryptedPrivateKeyInfo'))
+der_decode(Asn1Type, Der) when ((Asn1Type == 'PrivateKeyInfo')
+ orelse
+ (Asn1Type == 'EncryptedPrivateKeyInfo')
andalso is_binary(Der)) ->
try
{ok, Decoded0} = 'PKCS-FRAME':decode(Asn1Type, Der),
@@ -547,6 +547,21 @@ der_decode(Asn1Type, Der) when (((Asn1Type == 'PrivateKeyInfo')
error:{badmatch, {error, _}} = Error ->
handle_pkcs_frame_error(Asn1Type, Der, Error)
end;
+der_decode(Asn1Type, Der) when ((Asn1Type == 'PBES2-params')
+ orelse
+ (Asn1Type == 'PBES2-params_encryptionScheme')
+ orelse
+ (Asn1Type == 'PBEParameter')
+ orelse
+ (Asn1Type == 'RC2-CBC-Parameter')
+ andalso is_binary(Der)) ->
+ try
+ {ok, Decoded} = 'PKCS-FRAME':decode(Asn1Type, Der),
+ Decoded
+ catch
+ error:{badmatch, {error, _}} = Error ->
+ erlang:error(Error)
+ end;
der_decode('EcpkParameters', Der) ->
try
{ok, Decoded} = 'PKIXAlgs-2009':decode('ECParameters', Der),
@@ -587,6 +602,7 @@ der_decode(Asn1Type, Der) when is_atom(Asn1Type), is_binary(Der) ->
erlang:error(Error)
end.
+%% X509 RFC 5280
get_asn1_module('AuthorityInfoAccessSyntax') -> 'PKIX1Implicit-2009';
get_asn1_module('AuthorityKeyIdentifier') -> 'PKIX1Implicit-2009';
get_asn1_module('BasicConstraints') -> 'PKIX1Implicit-2009';
@@ -607,26 +623,50 @@ get_asn1_module('Name') -> 'PKIX1Explicit-2009';
get_asn1_module('Validity') -> 'PKIX1Explicit-2009';
get_asn1_module('RSAPublicKey') -> 'PKIXAlgs-2009';
get_asn1_module('DSA-Params') -> 'PKIXAlgs-2009';
-get_asn1_module('BasicOCSPResponse') -> 'OCSP-2024-08';
-get_asn1_module('Nonce') -> 'OCSP-2024-08';
-get_asn1_module('OCSPResponse') -> 'OCSP-2024-08';
-get_asn1_module('ResponseData') -> 'OCSP-2024-08';
-get_asn1_module('SubjectKeyIdentifier') -> 'CryptographicMessageSyntax-2009';
-get_asn1_module('ContentInfo') -> 'CryptographicMessageSyntax-2009';
-get_asn1_module('CertificationRequest') -> 'PKCS-10';
-get_asn1_module('CertificationRequestInfo') -> 'PKCS-10';
-get_asn1_module('CurvePrivateKey') -> 'Safecurves-pkix-18';
-get_asn1_module('ECPrivateKey') -> 'ECPrivateKey';
get_asn1_module('ECParameters') -> 'PKIXAlgs-2009';
get_asn1_module('DSAPublicKey') -> 'PKIXAlgs-2009';
get_asn1_module('ECDSA-Sig-Value') -> 'PKIXAlgs-2009';
get_asn1_module('RSASSA-PSS-params') -> 'PKIX1-PSS-OAEP-Algorithms-2009';
+get_asn1_module('Extensions') -> 'OTP-PKIX';
+get_asn1_module('OTPTBSCertificate') -> 'OTP-PKIX';
+get_asn1_module('OTPCertificate') -> 'OTP-PKIX';
+%% Private keys
get_asn1_module('RSAPrivateKey') -> 'PKCS-1';
get_asn1_module('DHParameter') -> 'PKCS-3';
get_asn1_module('DSAPrivateKey') -> 'DSS';
-get_asn1_module('Extensions') -> 'OTP-PKIX';
-get_asn1_module('OTPTBSCertificate') -> 'OTP-PKIX';
-get_asn1_module('OTPCertificate') -> 'OTP-PKIX'.
+get_asn1_module('CurvePrivateKey') -> 'Safecurves-pkix-18';
+get_asn1_module('ECPrivateKey') -> 'ECPrivateKey';
+%% Certification Request Syntax Specification RFC 2986
+get_asn1_module('CertificationRequest') -> 'PKCS-10';
+get_asn1_module('CertificationRequestInfo') -> 'PKCS-10';
+get_asn1_module('Attribute') -> 'PKCS-10';
+%% CryptographicMessageSyntax RFC 5652
+get_asn1_module('ContentInfo') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('SignedData') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('EncapsulatedContentInfo') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('SignerInfo') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('EnvelopedData') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('OriginatorInfo') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('OriginatorPublicKey') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('EncryptedContentInfo') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('RecipientInfo') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('KeyTransRecipientInfo') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('KeyIdentifier') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('RecipientKeyIdentifier') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('SubjectKeyIdentifier') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('KeyAgreeRecipientInfo') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('KEKRecipientInfo') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('PasswordRecipientInfo') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('OtherRecipientInfo') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('DigestedData') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('EncryptedData') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('AuthenticatedData') -> 'CryptographicMessageSyntax-2009';
+get_asn1_module('IssuerAndSerialNumber') -> 'CryptographicMessageSyntax-2009';
+%% OCSP RFC 6960
+get_asn1_module('BasicOCSPResponse') -> 'OCSP-2024-08';
+get_asn1_module('Nonce') -> 'OCSP-2024-08';
+get_asn1_module('OCSPResponse') -> 'OCSP-2024-08';
+get_asn1_module('ResponseData') -> 'OCSP-2024-08'.
handle_pkcs_frame_error('PrivateKeyInfo', Der, _) ->
try
@@ -799,6 +839,17 @@ der_encode(Asn1Type, Entity0) when (Asn1Type == 'PrivateKeyInfo') orelse
error:{badmatch, {error, _}} = Error ->
erlang:error(Error)
end;
+der_encode(Asn1Type, Entity) when (Asn1Type == 'PBES2-params') orelse
+ (Asn1Type == 'PBES2-params_encryptionScheme') orelse
+ (Asn1Type == 'PBEParameter') orelse
+ (Asn1Type == 'RC2-CBC-Parameter') ->
+ try
+ {ok, Encoded} = 'PKCS-FRAME':encode(Asn1Type, Entity),
+ Encoded
+ catch
+ error:{badmatch, {error, _}} = Error ->
+ erlang:error(Error)
+ end;
der_encode('EcpkParameters', {namedCurve,_}=Entity) ->
try
{ok, Encoded} = 'PKIXAlgs-2009':encode('ECParameters', Entity),
diff --git a/lib/public_key/src/public_key_internal.hrl b/lib/public_key/src/public_key_internal.hrl
index 50074b0e2a..49a18220ad 100644
--- a/lib/public_key/src/public_key_internal.hrl
+++ b/lib/public_key/src/public_key_internal.hrl
@@ -268,8 +268,4 @@
-define('id-dsa-with-sha1', {1,2,840,10040,4,3}).
--define('ppBasis', {1,2,840,10045,1,2,3,3}).
--define('tpBasis', {1,2,840,10045,1,2,3,2}).
--define('gnBasis', {1,2,840,10045,1,2,3,1}).
-
-endif. % -ifdef(public_key_internal).
diff --git a/lib/public_key/test/erl_make_certs.erl b/lib/public_key/test/erl_make_certs.erl
index acdd5684ac..7d6b9d1773 100644
--- a/lib/public_key/test/erl_make_certs.erl
+++ b/lib/public_key/test/erl_make_certs.erl
@@ -173,7 +173,7 @@ encode_key(Key = #'DSAPrivateKey'{}) ->
{ok, Der} = 'DSS':encode('DSAPrivateKey', Key),
{'DSAPrivateKey', Der, not_encrypted};
encode_key(Key = #'ECPrivateKey'{}) ->
- {ok, Der} = 'OTP-PUB-KEY':encode('ECPrivateKey', Key),
+ {ok, Der} = 'ECPrivateKey':encode('ECPrivateKey', Key),
{'ECPrivateKey', Der, not_encrypted}.
make_tbs(SubjectKey, Opts) ->
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index abae147d7a..135bdff359 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -527,14 +527,14 @@ eddsa_pub() ->
eddsa_pub(Config) when is_list(Config) ->
Datadir = proplists:get_value(data_dir, Config),
{ok, EDDSAPubPem} = file:read_file(filename:join(Datadir, "public_eddsa.pem")),
- [{'SubjectPublicKeyInfo', _, not_encrypted} = Key] = PemEntry =
+ [{'SubjectPublicKeyInfo', _, not_encrypted}] = PemEntry =
public_key:pem_decode(EDDSAPubPem),
EDDSAPubKey = public_key:pem_entry_decode(PemEntry),
true = check_entry_type(EDDSAPubKey, 'ECPoint'),
{_, {namedCurve, ?'id-Ed25519'}} = EDDSAPubKey,
- PrivEntry0 = public_key:pem_entry_encode('SubjectPublicKeyInfo', EDDSAPubKey),
+ PubEntry = public_key:pem_entry_encode('SubjectPublicKeyInfo', EDDSAPubKey),
ECPemNoEndNewLines = strip_superfluous_newlines(EDDSAPubPem),
- ECPemNoEndNewLines = strip_superfluous_newlines(public_key:pem_encode([PemEntry])).
+ ECPemNoEndNewLines = strip_superfluous_newlines(public_key:pem_encode([PubEntry])).
eddsa_sign_verify_24_compat(_Config) ->
Key =
--
2.43.0
