1 files changed, 61 insertions, 6 deletions

diff --git a/lib/ssl/test/erl_make_certs.erl b/lib/ssl/test/erl_make_certs.erl
index 5b92e551a5..1dc140a472 100644
--- a/lib/ssl/test/erl_make_certs.erl
+++ b/lib/ssl/test/erl_make_certs.erl
@@ -45,7 +45,7 @@
 %%      {dnQualifer, DnQ}
 %%   issuer = {Issuer, IssuerKey}                   true (i.e. a ca cert is created) 
 %%                                                  (obs IssuerKey migth be {Key, Password}
-%%   key = KeyFile|KeyBin|rsa|dsa                   Subject PublicKey rsa or dsa generates key
+%%   key = KeyFile|KeyBin|rsa|dsa|ec                Subject PublicKey rsa, dsa or ec generates key
 %%   
 %%
 %%   (OBS: The generated keys are for testing only)
@@ -91,6 +91,16 @@ gen_dsa(LSize,NSize) when is_integer(LSize), is_integer(NSize) ->
     {Key, encode_key(Key)}.
 
 %%--------------------------------------------------------------------
+%% @doc Creates a ec key (OBS: for testing only)
+%%   the sizes are in bytes
+%% @spec (::integer()) -> {::atom(), ::binary(), ::opaque()}
+%% @end
+%%--------------------------------------------------------------------
+gen_ec(Curve) when is_atom(Curve) ->
+    Key = gen_ec2(Curve),
+    {Key, encode_key(Key)}.
+
+%%--------------------------------------------------------------------
 %% @doc Verifies cert signatures
 %% @spec (::binary(), ::tuple()) -> ::boolean()
 %% @end
@@ -102,7 +112,10 @@ verify_signature(DerEncodedCert, DerKey, _KeyParams) ->
 	    public_key:pkix_verify(DerEncodedCert, 
 				   #'RSAPublicKey'{modulus=Mod, publicExponent=Exp});
 	#'DSAPrivateKey'{p=P, q=Q, g=G, y=Y} ->
-	    public_key:pkix_verify(DerEncodedCert, {Y, #'Dss-Parms'{p=P, q=Q, g=G}})
+	    public_key:pkix_verify(DerEncodedCert, {Y, #'Dss-Parms'{p=P, q=Q, g=G}});
+	#'ECPrivateKey'{version = _Version, privateKey = _PrivKey,
+			parameters = _Params, publicKey = _PubKey} ->
+	    public_key:pkix_verify(DerEncodedCert, Key)
     end.
 
 %%%%%%%%%%%%%%%%%%%%%%%%% Implementation %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -112,6 +125,7 @@ get_key(Opts) ->
 	undefined -> make_key(rsa, Opts);
 	rsa ->       make_key(rsa, Opts);
 	dsa ->       make_key(dsa, Opts);
+	ec ->        make_key(ec, Opts);
 	Key ->
 	    Password = proplists:get_value(password, Opts, no_passwd),
 	    decode_key(Key, Password)
@@ -129,6 +143,8 @@ decode_key(#'RSAPrivateKey'{} = Key,_) ->
     Key;
 decode_key(#'DSAPrivateKey'{} = Key,_) ->
     Key;
+decode_key(#'ECPrivateKey'{} = Key,_) ->
+    Key;
 decode_key(PemEntry = {_,_,_}, Pw) ->
     public_key:pem_entry_decode(PemEntry, Pw);
 decode_key(PemBin, Pw) ->
@@ -140,7 +156,10 @@ encode_key(Key = #'RSAPrivateKey'{}) ->
     {'RSAPrivateKey', Der, not_encrypted};
 encode_key(Key = #'DSAPrivateKey'{}) ->
     {ok, Der} = 'OTP-PUB-KEY':encode('DSAPrivateKey', Key),
-    {'DSAPrivateKey', Der, not_encrypted}.
+    {'DSAPrivateKey', Der, not_encrypted};
+encode_key(Key = #'ECPrivateKey'{}) ->
+    {ok, Der} = 'OTP-PUB-KEY':encode('ECPrivateKey', Key),
+    {'ECPrivateKey', Der, not_encrypted}.
 
 make_tbs(SubjectKey, Opts) ->    
     Version = list_to_atom("v"++integer_to_list(proplists:get_value(version, Opts, 3))),
@@ -277,7 +296,14 @@ publickey(#'RSAPrivateKey'{modulus=N, publicExponent=E}) ->
 publickey(#'DSAPrivateKey'{p=P, q=Q, g=G, y=Y}) ->
     Algo = #'PublicKeyAlgorithm'{algorithm= ?'id-dsa', 
 				 parameters={params, #'Dss-Parms'{p=P, q=Q, g=G}}},
-    #'OTPSubjectPublicKeyInfo'{algorithm = Algo, subjectPublicKey = Y}.
+    #'OTPSubjectPublicKeyInfo'{algorithm = Algo, subjectPublicKey = Y};
+publickey(#'ECPrivateKey'{version = _Version,
+			  privateKey = _PrivKey,
+			  parameters = Params,
+			  publicKey = {0, PubKey}}) ->
+    Algo = #'PublicKeyAlgorithm'{algorithm= ?'id-ecPublicKey', parameters=Params},
+    #'OTPSubjectPublicKeyInfo'{algorithm = Algo,
+			       subjectPublicKey = #'ECPoint'{point = PubKey}}.
 
 validity(Opts) ->
     DefFrom0 = calendar:gregorian_days_to_date(calendar:date_to_gregorian_days(date())-1),
@@ -298,13 +324,24 @@ sign_algorithm(#'RSAPrivateKey'{}, Opts) ->
 	   end,
     {Type, 'NULL'};
 sign_algorithm(#'DSAPrivateKey'{p=P, q=Q, g=G}, _Opts) ->
-    {?'id-dsa-with-sha1', {params,#'Dss-Parms'{p=P, q=Q, g=G}}}.
+    {?'id-dsa-with-sha1', {params,#'Dss-Parms'{p=P, q=Q, g=G}}};
+sign_algorithm(#'ECPrivateKey'{}, Opts) ->
+    Type = case proplists:get_value(digest, Opts, sha1) of
+	       sha1 ->   ?'ecdsa-with-SHA1';
+	       sha512 -> ?'ecdsa-with-SHA512';
+	       sha384 -> ?'ecdsa-with-SHA384';
+	       sha256 -> ?'ecdsa-with-SHA256'
+	   end,
+    {Type, 'NULL'}.
 
 make_key(rsa, _Opts) ->
     %% (OBS: for testing only)
     gen_rsa2(64);
 make_key(dsa, _Opts) ->
-    gen_dsa2(128, 20).  %% Bytes i.e. {1024, 160} 
+    gen_dsa2(128, 20);  %% Bytes i.e. {1024, 160}
+make_key(ec, _Opts) ->
+    %% (OBS: for testing only)
+    gen_ec2(secp256k1).
     
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% RSA key generation  (OBS: for testing only)
@@ -363,6 +400,24 @@ gen_dsa2(LSize, NSize) ->
 	    #'DSAPrivateKey'{version=0, p=P, q=Q, g=G, y=Y, x=X}
     end.
     
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% EC key generation  (OBS: for testing only)
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+int2list(I) ->
+    L = (length(integer_to_list(I, 16)) + 1) div 2,
+    binary_to_list(<<I:(L*8)>>).
+
+gen_ec2(CurveId) ->
+    Key = crypto:ec_key_new(CurveId),
+    crypto:ec_key_generate(Key),
+    {_Curve, PrivKey, PubKey} = crypto:ec_key_to_term(Key),
+
+    #'ECPrivateKey'{version = 1,
+		    privateKey = int2list(PrivKey),
+		    parameters = {namedCurve, pubkey_cert_records:namedCurves(CurveId)},
+		    publicKey = {0, PubKey}}.
+
 %% See fips_186-3.pdf
 dsa_search(T, P0, Q, Iter) when Iter > 0 ->
     P = 2*T*Q*P0 + 1,