PUBLIC_KEY: add support for Elliptic Curves to public_key app

RoadRunnr · Mar 16, 2013 · 3f91457 · 3f91457
1 parent 865854d
commit 3f91457
Show file tree

Hide file tree

Showing 11 changed files with 441 additions and 56 deletions.
diff --git a/lib/public_key/asn1/ECPrivateKey.asn1 b/lib/public_key/asn1/ECPrivateKey.asn1
@@ -0,0 +1,24 @@
+ECPrivateKey { iso(1) identified-organization(3) dod(6)
+  internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+  id-mod-ecprivateKey(65) }
+
+DEFINITIONS EXPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS ALL;
+
+IMPORTS
+
+-- FROM New PKIX ASN.1 [RFC5912]
+
+OTPEcpkParameters FROM OTP-PKIX;
+
+ECPrivateKey ::= SEQUENCE {
+  version        INTEGER,
+  privateKey     OCTET STRING,
+  parameters [0] OTPEcpkParameters OPTIONAL,
+  publicKey  [1] BIT STRING OPTIONAL
+}
+
+END
diff --git a/lib/public_key/asn1/OTP-PKIX.asn1 b/lib/public_key/asn1/OTP-PKIX.asn1
@@ -105,7 +105,8 @@ IMPORTS
 	rsaEncryption, RSAPublicKey,
 	dhpublicnumber, DomainParameters, DHPublicKey,
 	id-keyExchangeAlgorithm, KEA-Parms-Id, --KEA-PublicKey,
-	ecdsa-with-SHA1, 
+	ecdsa-with-SHA1, ecdsa-with-SHA224,
+	ecdsa-with-SHA256, ecdsa-with-SHA384, ecdsa-with-SHA512,
 	prime-field, Prime-p, 
 	characteristic-two-field, --Characteristic-two, 
 	gnBasis, 
@@ -321,7 +322,11 @@ SupportedSignatureAlgorithms SIGNATURE-ALGORITHM-CLASS ::= {
 		    sha256-with-rsa-encryption |
 		    sha384-with-rsa-encryption |
 		    sha512-with-rsa-encryption |
-		    ecdsa-with-sha1 } 
+		    ecdsa-with-sha1 |
+		    ecdsa-with-sha224 |
+		    ecdsa-with-sha256 |
+		    ecdsa-with-sha384 |
+		    ecdsa-with-sha512 }
 
 SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= { 
 		    dsa | rsa-encryption | dh  | kea  | ec-public-key }
@@ -439,6 +444,22 @@ SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= {
        ID ecdsa-with-SHA1
        TYPE NULL }  -- XXX Must be empty and not NULL
 
+   ecdsa-with-sha224 SIGNATURE-ALGORITHM-CLASS ::= {
+       ID ecdsa-with-SHA224
+       TYPE NULL }  -- XXX Must be empty and not NULL
+
+   ecdsa-with-sha256 SIGNATURE-ALGORITHM-CLASS ::= {
+       ID ecdsa-with-SHA256
+       TYPE NULL }  -- XXX Must be empty and not NULL
+
+   ecdsa-with-sha384 SIGNATURE-ALGORITHM-CLASS ::= {
+       ID ecdsa-with-SHA384
+       TYPE NULL }  -- XXX Must be empty and not NULL
+
+   ecdsa-with-sha512 SIGNATURE-ALGORITHM-CLASS ::= {
+       ID ecdsa-with-SHA512
+       TYPE NULL }  -- XXX Must be empty and not NULL
+
    FIELD-ID-CLASS ::= CLASS {
 	&id OBJECT IDENTIFIER UNIQUE,
 	&Type }
@@ -489,6 +510,23 @@ SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= {
 	    ID ppBasis
 	    TYPE Pentanomial }
 
+   -- Elliptic Curve parameters may be specified explicitly,
+   -- specified implicitly through a "named curve", or
+   -- inherited from the CA
+
+   OTPEcpkParameters ::= CHOICE {
+      ecParameters  OTPECParameters,
+      namedCurve    OBJECT IDENTIFIER,
+      implicitlyCA  NULL }
+
+   OTPECParameters  ::= SEQUENCE {         -- Elliptic curve parameters
+      version   ECPVer,
+      fieldID   OTPFieldID,
+      curve     Curve,
+      base      ECPoint,                -- Base point G
+      order     INTEGER,                -- Order n of the base point
+      cofactor  INTEGER  OPTIONAL }     -- The integer h = #E(Fq)/n
+
    -- SubjectPublicKeyInfo.algorithm
 
    ec-public-key PUBLIC-KEY-ALGORITHM-CLASS ::= {

diff --git a/lib/public_key/asn1/OTP-PUB-KEY.set.asn b/lib/public_key/asn1/OTP-PUB-KEY.set.asn
@@ -6,5 +6,6 @@ PKIX1Algorithms88.asn1
 PKCS-1.asn1
 PKCS-3.asn1
 DSS.asn1
+ECPrivateKey.asn1
 PKCS-7.asn1
 PKCS-10.asn1
diff --git a/lib/public_key/asn1/PKCS-1.asn1 b/lib/public_key/asn1/PKCS-1.asn1
@@ -52,8 +52,40 @@ id-md5 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5
 }
 
+id-hmacWithSHA224 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8
+}
+
+id-hmacWithSHA256 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9
+}
+
+id-hmacWithSHA384 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10
+}
+
+id-hmacWithSHA512 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11
+}
+
 id-mgf1    OBJECT IDENTIFIER ::= { pkcs-1 8 }
 
+id-sha224  OBJECT IDENTIFIER  ::=  { joint-iso-itu-t(2)
+        country(16) us(840) organization(1) gov(101) csor(3)
+        nistalgorithm(4) hashalgs(2) 4 }
+
+id-sha256  OBJECT IDENTIFIER  ::=  { joint-iso-itu-t(2)
+        country(16) us(840) organization(1) gov(101) csor(3)
+        nistalgorithm(4) hashalgs(2) 1 }
+
+id-sha384  OBJECT IDENTIFIER  ::=  { joint-iso-itu-t(2)
+        country(16) us(840) organization(1) gov(101) csor(3)
+        nistalgorithm(4) hashalgs(2) 2 }
+
+id-sha512  OBJECT IDENTIFIER  ::=  { joint-iso-itu-t(2)
+        country(16) us(840) organization(1) gov(101) csor(3)
+        nistalgorithm(4) hashalgs(2) 3 }
+
 
 RSAPublicKey ::= SEQUENCE {
     modulus           INTEGER,  -- n

diff --git a/lib/public_key/asn1/PKIX1Algorithms88.asn1 b/lib/public_key/asn1/PKIX1Algorithms88.asn1
@@ -98,6 +98,11 @@
    -- OID for ECDSA signatures with SHA-1
 
    ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 }
+   ecdsa-with-SHA2 OBJECT IDENTIFIER ::= { id-ecSigType 3 }
+   ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { ecdsa-with-SHA2 1 }
+   ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { ecdsa-with-SHA2 2 }
+   ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { ecdsa-with-SHA2 3 }
+   ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { ecdsa-with-SHA2 4 }
 
    -- OID for an elliptic curve signature
    -- format for the value of an ECDSA signature value
@@ -199,40 +204,83 @@
 
    -- Named Elliptic Curves in ANSI X9.62.
 
-   ellipticCurve OBJECT IDENTIFIER ::= { ansi-X9-62 curves(3) }
-
-   c-TwoCurve OBJECT IDENTIFIER ::= {
-        ellipticCurve characteristicTwo(0) }
-
-   c2pnb163v1  OBJECT IDENTIFIER  ::=  { c-TwoCurve  1 }
-   c2pnb163v2  OBJECT IDENTIFIER  ::=  { c-TwoCurve  2 }
-   c2pnb163v3  OBJECT IDENTIFIER  ::=  { c-TwoCurve  3 }
-   c2pnb176w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve  4 }
-   c2tnb191v1  OBJECT IDENTIFIER  ::=  { c-TwoCurve  5 }
-   c2tnb191v2  OBJECT IDENTIFIER  ::=  { c-TwoCurve  6 }
-   c2tnb191v3  OBJECT IDENTIFIER  ::=  { c-TwoCurve  7 }
-   c2onb191v4  OBJECT IDENTIFIER  ::=  { c-TwoCurve  8 }
-   c2onb191v5  OBJECT IDENTIFIER  ::=  { c-TwoCurve  9 }
-   c2pnb208w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 10 }
-   c2tnb239v1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 11 }
-   c2tnb239v2  OBJECT IDENTIFIER  ::=  { c-TwoCurve 12 }
-   c2tnb239v3  OBJECT IDENTIFIER  ::=  { c-TwoCurve 13 }
-   c2onb239v4  OBJECT IDENTIFIER  ::=  { c-TwoCurve 14 }
-   c2onb239v5  OBJECT IDENTIFIER  ::=  { c-TwoCurve 15 }
-   c2pnb272w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 16 }
-   c2pnb304w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 17 }
-   c2tnb359v1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 18 }
-   c2pnb368w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 19 }
-   c2tnb431r1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 20 }
-
-   primeCurve OBJECT IDENTIFIER ::= { ellipticCurve prime(1) }
-
-   prime192v1  OBJECT IDENTIFIER  ::=  { primeCurve  1 }
-   prime192v2  OBJECT IDENTIFIER  ::=  { primeCurve  2 }
-   prime192v3  OBJECT IDENTIFIER  ::=  { primeCurve  3 }
-   prime239v1  OBJECT IDENTIFIER  ::=  { primeCurve  4 }
-   prime239v2  OBJECT IDENTIFIER  ::=  { primeCurve  5 }
-   prime239v3  OBJECT IDENTIFIER  ::=  { primeCurve  6 }
-   prime256v1  OBJECT IDENTIFIER  ::=  { primeCurve  7 }
+   --   ellipticCurve OBJECT IDENTIFIER ::= { ansi-X9-62 curves(3) }
+
+   --   c-TwoCurve OBJECT IDENTIFIER ::= {
+   --        ansi-ellipticCurve characteristicTwo(0) }
+
+   --   c2pnb163v1  OBJECT IDENTIFIER  ::=  { c-TwoCurve  1 }
+   --   c2pnb163v2  OBJECT IDENTIFIER  ::=  { c-TwoCurve  2 }
+   --   c2pnb163v3  OBJECT IDENTIFIER  ::=  { c-TwoCurve  3 }
+   --   c2pnb176w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve  4 }
+   --   c2tnb191v1  OBJECT IDENTIFIER  ::=  { c-TwoCurve  5 }
+   --   c2tnb191v2  OBJECT IDENTIFIER  ::=  { c-TwoCurve  6 }
+   --   c2tnb191v3  OBJECT IDENTIFIER  ::=  { c-TwoCurve  7 }
+   --   c2onb191v4  OBJECT IDENTIFIER  ::=  { c-TwoCurve  8 }
+   --   c2onb191v5  OBJECT IDENTIFIER  ::=  { c-TwoCurve  9 }
+   --   c2pnb208w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 10 }
+   --   c2tnb239v1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 11 }
+   --   c2tnb239v2  OBJECT IDENTIFIER  ::=  { c-TwoCurve 12 }
+   --   c2tnb239v3  OBJECT IDENTIFIER  ::=  { c-TwoCurve 13 }
+   --   c2onb239v4  OBJECT IDENTIFIER  ::=  { c-TwoCurve 14 }
+   --   c2onb239v5  OBJECT IDENTIFIER  ::=  { c-TwoCurve 15 }
+   --   c2pnb272w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 16 }
+   --   c2pnb304w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 17 }
+   --   c2tnb359v1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 18 }
+   --   c2pnb368w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 19 }
+   --   c2tnb431r1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 20 }
+
+   --   primeCurve OBJECT IDENTIFIER ::= { ansi-ellipticCurve prime(1) }
+
+   --   prime192v1  OBJECT IDENTIFIER  ::=  { primeCurve  1 }
+   --   prime192v2  OBJECT IDENTIFIER  ::=  { primeCurve  2 }
+   --   prime192v3  OBJECT IDENTIFIER  ::=  { primeCurve  3 }
+   --   prime239v1  OBJECT IDENTIFIER  ::=  { primeCurve  4 }
+   --   prime239v2  OBJECT IDENTIFIER  ::=  { primeCurve  5 }
+   --   prime239v3  OBJECT IDENTIFIER  ::=  { primeCurve  6 }
+   --   prime256v1  OBJECT IDENTIFIER  ::=  { primeCurve  7 }
+
+   certicom-arc OBJECT IDENTIFIER ::= {
+        iso(1) identified-organization(3) certicom(132)
+   }
+
+   ellipticCurve OBJECT IDENTIFIER ::= {
+        iso(1) identified-organization(3) certicom(132) curve(0)
+   }
+
+   secp192r1 OBJECT IDENTIFIER ::= { ansi-X9-62 curves(3) prime(1) 1 }
+   secp256r1 OBJECT IDENTIFIER ::= { ansi-X9-62 curves(3) prime(1) 7 }
+
+   sect163k1 OBJECT IDENTIFIER ::= { ellipticCurve 1 }
+   sect163r1 OBJECT IDENTIFIER ::= { ellipticCurve 2 }
+   sect239k1 OBJECT IDENTIFIER ::= { ellipticCurve 3 }
+   sect113r1 OBJECT IDENTIFIER ::= { ellipticCurve 4 }
+   sect113r2 OBJECT IDENTIFIER ::= { ellipticCurve 5 }
+   secp112r1 OBJECT IDENTIFIER ::= { ellipticCurve 6 }
+   secp112r2 OBJECT IDENTIFIER ::= { ellipticCurve 7 }
+   secp160r1 OBJECT IDENTIFIER ::= { ellipticCurve 8 }
+   secp160k1 OBJECT IDENTIFIER ::= { ellipticCurve 9 }
+   secp256k1 OBJECT IDENTIFIER ::= { ellipticCurve 10 }
+   sect163r2 OBJECT IDENTIFIER ::= { ellipticCurve 15 }
+   sect283k1 OBJECT IDENTIFIER ::= { ellipticCurve 16 }
+   sect283r1 OBJECT IDENTIFIER ::= { ellipticCurve 17 }
+   sect131r1 OBJECT IDENTIFIER ::= { ellipticCurve 22 }
+   sect131r2 OBJECT IDENTIFIER ::= { ellipticCurve 23 }
+   sect193r1 OBJECT IDENTIFIER ::= { ellipticCurve 24 }
+   sect193r2 OBJECT IDENTIFIER ::= { ellipticCurve 25 }
+   sect233k1 OBJECT IDENTIFIER ::= { ellipticCurve 26 }
+   sect233r1 OBJECT IDENTIFIER ::= { ellipticCurve 27 }
+   secp128r1 OBJECT IDENTIFIER ::= { ellipticCurve 28 }
+   secp128r2 OBJECT IDENTIFIER ::= { ellipticCurve 29 }
+   secp160r2 OBJECT IDENTIFIER ::= { ellipticCurve 30 }
+   secp192k1 OBJECT IDENTIFIER ::= { ellipticCurve 31 }
+   secp224k1 OBJECT IDENTIFIER ::= { ellipticCurve 32 }
+   secp224r1 OBJECT IDENTIFIER ::= { ellipticCurve 33 }
+   secp384r1 OBJECT IDENTIFIER ::= { ellipticCurve 34 }
+   secp521r1 OBJECT IDENTIFIER ::= { ellipticCurve 35 }
+   sect409k1 OBJECT IDENTIFIER ::= { ellipticCurve 36 }
+   sect409r1 OBJECT IDENTIFIER ::= { ellipticCurve 37 }
+   sect571k1 OBJECT IDENTIFIER ::= { ellipticCurve 38 }
+   sect571r1 OBJECT IDENTIFIER ::= { ellipticCurve 39 }
 
    END
diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
@@ -84,7 +84,8 @@
 
     <p><code>pki_asn1_type() = 'Certificate' | 'RSAPrivateKey'| 'RSAPublicKey' |
     'DSAPrivateKey' | 'DSAPublicKey' | 'DHParameter' | 'SubjectPublicKeyInfo' |
-    'PrivateKeyInfo' | 'CertificationRequest'</code></p>
+    'PrivateKeyInfo' | 'CertificationRequest' | 'ECPrivateKey'|
+    'OTPEcpkParameters'</code></p>
 
     <p><code>pem_entry () = {pki_asn1_type(), binary(), %% DER or encrypted DER
           not_encrypted | cipher_info()} </code></p>
@@ -100,6 +101,8 @@
 
     <p><code>dsa_private_key() = #'DSAPrivateKey'{}</code></p>
 
+    <p><code>ec_key()  = {'ECKey', Key}</code></p>
+
     <p><code> public_crypt_options() = [{rsa_pad, rsa_padding()}]. </code></p>
 
     <p><code> rsa_padding() =  'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding'
@@ -109,6 +112,8 @@
 
     <p><code> dss_digest_type()  = 'sha' </code></p>
 
+    <p><code> ecdsa_digest_type()  = 'sha' </code></p>
+
     <p><code> crl_reason()  = unspecified | keyCompromise | cACompromise | affiliationChanged | superseded | cessationOfOperation | certificateHold | privilegeWithdrawn |  aACompromise
     </code></p>
 
@@ -528,8 +533,8 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
        <d>The msg is either the binary "plain text" data to be
        signed or it is the hashed value of "plain text" i.e. the
        digest.</d>
-       <v>DigestType = rsa_digest_type() | dss_digest_type()</v>
-       <v>Key = rsa_private_key() | dsa_private_key()</v>
+       <v>DigestType = rsa_digest_type() | dss_digest_type() | ecdsa_digest_type()</v>
+       <v>Key = rsa_private_key() | dsa_private_key() | ec_key()</v>
   </type>
   <desc>
     <p> Creates a digital signature.</p> 
@@ -592,9 +597,9 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
       <v>Msg = binary() | {digest,binary()}</v>
        <d>The msg is either the binary "plain text" data 
         or it is the hashed value of "plain text" i.e. the digest.</d>
-      <v>DigestType = rsa_digest_type() | dss_digest_type()</v>
+      <v>DigestType = rsa_digest_type() | dss_digest_type() | ecdsa_digest_type()</v>
       <v>Signature = binary()</v>
-      <v>Key = rsa_public_key() | dsa_public_key()</v> 
+      <v>Key = rsa_public_key() | dsa_public_key() | ec_key()</v> 
   </type> 
   <desc> 
     <p>Verifies a digital signature</p> 

diff --git a/lib/public_key/include/public_key.hrl b/lib/public_key/include/public_key.hrl
@@ -72,6 +72,10 @@
 	  valid_ext
 	 }).
 
+-record('ECPoint', {
+	  point
+	 }).
+
 
 -define(unspecified, 0).
 -define(keyCompromise, 1).