From 25fbc04ed4909e90e7318be4ab5f1ca19b68ac39 Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Mon, 2 Mar 2015 11:32:03 +0100 Subject: Split reading of private and public keyfile --- src/sign.erl | 43 +++++++++++++++---------------------------- 1 file changed, 15 insertions(+), 28 deletions(-) diff --git a/src/sign.erl b/src/sign.erl index 2c4441b..9acb9d4 100644 --- a/src/sign.erl +++ b/src/sign.erl @@ -11,7 +11,7 @@ -export([sign/1, get_pubkey/0, get_logid/0]). -export([read_keyfile_ec/1]). %% API for tests. --export([read_keyfile_rsa/2, read_keyfiles_ec/2]). +-export([read_keyfile_rsa/2]). %% gen_server callbacks. -export([init/1, handle_call/3, terminate/2, handle_cast/2, handle_info/2, code_change/3]). @@ -41,7 +41,9 @@ init([]) -> %% Read EC keypair. PrivKeyfile = application:get_env(plop, log_private_key, none), PubKeyfile = application:get_env(plop, log_public_key, none), - {Private_key, Public_key, LogID} = read_keyfiles_ec(PrivKeyfile, PubKeyfile), + Private_key = read_keyfile_ec(PrivKeyfile), + Public_key = read_keyfile_ec(PubKeyfile), + LogID = read_keyfile_ec_logid(PubKeyfile), _Tree = ht:reset_tree([db:size() - 1]), {ok, #state{pubkey = Public_key, privkey = Private_key, @@ -55,12 +57,22 @@ read_keyfile_rsa(Filename, Passphrase) -> Privatekey = decode_key(KeyPem, Passphrase), {Privatekey, public_key(Privatekey)}. +filter_pem_types(ParsedPem, Types) -> + [E || E <- ParsedPem, + lists:member(element(1, E), Types)]. + read_keyfile_ec(KeyFile) -> lager:debug("reading file ~p", [KeyFile]), {ok, PemBin} = file:read_file(KeyFile), - [KeyPem] = public_key:pem_decode(PemBin), + [KeyPem] = filter_pem_types(public_key:pem_decode(PemBin), ['ECPrivateKey', 'SubjectPublicKeyInfo']), decode_key(KeyPem). +read_keyfile_ec_logid(KeyFile) -> + lager:debug("reading file ~p", [KeyFile]), + {ok, PemBin} = file:read_file(KeyFile), + [{'SubjectPublicKeyInfo', Der, _}] = filter_pem_types(public_key:pem_decode(PemBin), ['SubjectPublicKeyInfo']), + crypto:hash(sha256, Der). + pem_entry_decode({'SubjectPublicKeyInfo', Der, _}) -> SPKI = public_key:der_decode('SubjectPublicKeyInfo', Der), #'SubjectPublicKeyInfo'{subjectPublicKey = {_, Octets}, @@ -72,31 +84,6 @@ pem_entry_decode({'SubjectPublicKeyInfo', Der, _}) -> pem_entry_decode(Entry) -> public_key:pem_entry_decode(Entry). -%% @doc Read two PEM files, one with a private EC key and one with the -%% corresponding public EC key. -read_keyfiles_ec(PrivkeyFile, Pubkeyfile) -> - {ok, PemBinPriv} = file:read_file(PrivkeyFile), - [OTPPubParamsPem, PrivkeyPem] = public_key:pem_decode(PemBinPriv), - Privatekey = decode_key(PrivkeyPem), - - {_, ParamsBin, ParamsEnc} = OTPPubParamsPem, - PubParamsPem = {'EcpkParameters', ParamsBin, ParamsEnc}, - Params = public_key:pem_entry_decode(PubParamsPem), - - {ok, PemBinPub} = file:read_file(Pubkeyfile), - [SPKIPem] = public_key:pem_decode(PemBinPub), - %% SPKI is missing #'AlgorithmIdentifier' so pem_entry_decode won't do. - %% Publickey = public_key:pem_entry_decode(SPKIPem), - #'SubjectPublicKeyInfo'{algorithm = AlgoDer} = SPKIPem, - SPKI = public_key:der_decode('SubjectPublicKeyInfo', AlgoDer), - #'SubjectPublicKeyInfo'{subjectPublicKey = {_, Octets}} = SPKI, - Point = #'ECPoint'{point = Octets}, - Publickey = {Point, Params}, - - KeyID = crypto:hash(sha256, AlgoDer), - - {Privatekey, Publickey, KeyID}. - %% -spec signhash_rsa(iolist() | binary(), public_key:rsa_private_key()) -> binary(). %% signhash_rsa(Data, PrivKey) -> %% %% Was going to just crypto:sign/3 the hash but looking at -- cgit v1.1