diff options
author | Linus Nordberg <linus@nordu.net> | 2017-01-23 15:44:55 +0100 |
---|---|---|
committer | Linus Nordberg <linus@nordu.net> | 2017-01-23 15:44:55 +0100 |
commit | 7b114604595b2e3bb0816ffb01548b02c43cdea5 (patch) | |
tree | 881d8fba74ed5197c51394845e65ef79f8838ae4 /src/sign.erl | |
parent | 2fa46317bdd4da077d932c58a150cecf08248be2 (diff) | |
parent | 784f116ba3fad8e28ef2fefd86d5df71801dbe6f (diff) |
Merge remote-tracking branch 'refs/remotes/map/config-api-key'
Diffstat (limited to 'src/sign.erl')
-rw-r--r-- | src/sign.erl | 23 |
1 files changed, 9 insertions, 14 deletions
diff --git a/src/sign.erl b/src/sign.erl index b656f8e..99b83e6 100644 --- a/src/sign.erl +++ b/src/sign.erl @@ -9,7 +9,7 @@ %% API. -export([start_link/0, stop/0]). -export([sign_sct/1, sign_sth/1, get_pubkey/0, get_logid/0, verify_sth/2]). --export([read_keyfile_ec/1]). +-export([read_keyfile_ec/1, pem_entry_decode/1]). %% API for tests. -export([read_keyfile_rsa/2]). %% gen_server callbacks. @@ -37,6 +37,9 @@ start_link() -> stop() -> call(?MODULE, stop). +get_log_public_key() -> + Der = application:get_env(plop, log_public_key, none), + pem_entry_decode({'SubjectPublicKeyInfo', Der, []}). init([]) -> %% Read RSA keypair. @@ -44,9 +47,8 @@ init([]) -> %% LogID = crypto:hash(sha256, %% public_key:der_encode('RSAPublicKey', Public_key)), %% Read EC keypair. - PubKeyfile = application:get_env(plop, log_public_key, none), - Public_key = read_keyfile_ec(PubKeyfile), - LogID = read_keyfile_ec_logid(PubKeyfile), + Public_key = get_log_public_key(), + LogID = get_logid(), case application:get_env(plop, hsm) of {ok, Args} -> @@ -84,12 +86,6 @@ read_keyfile_ec(KeyFile) -> [KeyPem] = filter_pem_types(public_key:pem_decode(PemBin), ['ECPrivateKey', 'SubjectPublicKeyInfo']), decode_key(KeyPem). -read_keyfile_ec_logid(KeyFile) -> - lager:debug("reading file ~p", [KeyFile]), - {ok, PemBin} = file:read_file(KeyFile), - [{'SubjectPublicKeyInfo', Der, _}] = filter_pem_types(public_key:pem_decode(PemBin), ['SubjectPublicKeyInfo']), - crypto:hash(sha256, Der). - pem_entry_decode({'SubjectPublicKeyInfo', Der, _}) -> SPKI = public_key:der_decode('SubjectPublicKeyInfo', Der), {Octets, Algorithm} = plop_compat:unpack_spki(SPKI), @@ -182,13 +178,12 @@ get_pubkey() -> call(?MODULE, {get, pubkey}). get_logid() -> - PubKeyfile = application:get_env(plop, log_public_key, none), - read_keyfile_ec_logid(PubKeyfile). + Der = application:get_env(plop, log_public_key, none), + crypto:hash(sha256, Der). verify_sth(STH, Signature) -> lager:debug("verifying ~p: ~p", [STH, Signature]), - PubKeyfile = application:get_env(plop, log_public_key, none), - PublicKey = read_keyfile_ec(PubKeyfile), + PublicKey = get_log_public_key(), public_key:verify(STH, sha256, Signature, PublicKey). encode_ec_signature(RawSignature, SignatureLength) -> |