certificate 0.9.5 → 1.0.0
raw patch · 4 files changed
+79/−78 lines, 4 filesdep +crypto-pubkey-typesdep ~cryptocipherPVP ok
version bump matches the API change (PVP)
Dependencies added: crypto-pubkey-types
Dependency ranges changed: cryptocipher
API changes (from Hackage documentation)
- Data.Certificate.KeyRSA: Private :: Int -> Int -> Integer -> Integer -> Integer -> Integer -> Integer -> Integer -> Integer -> Integer -> Private
- Data.Certificate.KeyRSA: coef :: Private -> Integer
- Data.Certificate.KeyRSA: data Private
- Data.Certificate.KeyRSA: exp1 :: Private -> Integer
- Data.Certificate.KeyRSA: exp2 :: Private -> Integer
- Data.Certificate.KeyRSA: lenmodulus :: Private -> Int
- Data.Certificate.KeyRSA: modulus :: Private -> Integer
- Data.Certificate.KeyRSA: p1 :: Private -> Integer
- Data.Certificate.KeyRSA: p2 :: Private -> Integer
- Data.Certificate.KeyRSA: private_exponant :: Private -> Integer
- Data.Certificate.KeyRSA: public_exponant :: Private -> Integer
- Data.Certificate.KeyRSA: version :: Private -> Int
- Data.Certificate.KeyRSA: decodePrivate :: ByteString -> Either String Private
+ Data.Certificate.KeyRSA: decodePrivate :: ByteString -> Either String (PublicKey, PrivateKey)
- Data.Certificate.KeyRSA: encodePrivate :: Private -> ByteString
+ Data.Certificate.KeyRSA: encodePrivate :: (PublicKey, PrivateKey) -> ByteString
- Data.Certificate.X509: PubKeyDSA :: (Integer, Integer, Integer, Integer) -> PubKey
+ Data.Certificate.X509: PubKeyDSA :: PublicKey -> PubKey
- Data.Certificate.X509: PubKeyRSA :: (Int, Integer, Integer) -> PubKey
+ Data.Certificate.X509: PubKeyRSA :: PublicKey -> PubKey
- Data.Certificate.X509.Cert: PubKeyDSA :: (Integer, Integer, Integer, Integer) -> PubKey
+ Data.Certificate.X509.Cert: PubKeyDSA :: PublicKey -> PubKey
- Data.Certificate.X509.Cert: PubKeyRSA :: (Int, Integer, Integer) -> PubKey
+ Data.Certificate.X509.Cert: PubKeyRSA :: PublicKey -> PubKey
Files
- Certificate.hs +22/−25
- Data/Certificate/KeyRSA.hs +38/−43
- Data/Certificate/X509/Cert.hs +16/−8
- certificate.cabal +3/−2
Certificate.hs view
@@ -50,14 +50,15 @@ showDN $ X509.certSubjectDN cert putStrLn ("valid: " ++ show (X509.certValidity cert)) case X509.certPubKey cert of- X509.PubKeyRSA (len,modulus,e) -> do+ X509.PubKeyRSA pubkey -> do putStrLn "public key RSA:"- printf " len : %d\n" len- printf " modulus: %x\n" modulus- printf " e : %x\n" e- X509.PubKeyDSA (pub,p,q,g) -> do+ printf " len : %d\n" (RSA.public_size pubkey)+ printf " modulus: %x\n" (RSA.public_n pubkey)+ printf " e : %x\n" (RSA.public_e pubkey)+ X509.PubKeyDSA pubkey -> do+ let (p,q,g) = DSA.public_params pubkey putStrLn "public key DSA:"- printf " pub : %x\n" pub+ printf " pub : %x\n" (DSA.public_y pubkey) printf " p : %d\n" p printf " q : %x\n" q printf " g : %x\n" g@@ -78,18 +79,17 @@ putStrLn ("sig: " ++ show sigbits) -showRSAKey :: KeyRSA.Private -> String-showRSAKey key = unlines- [ "version: " ++ (show $ KeyRSA.version key)- , "len-modulus: " ++ (show $ KeyRSA.lenmodulus key)- , "modulus: " ++ (show $ KeyRSA.modulus key)- , "public exponant: " ++ (show $ KeyRSA.public_exponant key)- , "private exponant: " ++ (show $ KeyRSA.private_exponant key)- , "p1: " ++ (show $ KeyRSA.p1 key)- , "p2: " ++ (show $ KeyRSA.p2 key)- , "exp1: " ++ (show $ KeyRSA.exp1 key)- , "exp2: " ++ (show $ KeyRSA.exp2 key)- , "coefficient: " ++ (show $ KeyRSA.coef key)+showRSAKey :: (RSA.PublicKey,RSA.PrivateKey) -> String+showRSAKey (pubkey,privkey) = unlines+ [ "len-modulus: " ++ (show $ RSA.public_size pubkey)+ , "modulus: " ++ (show $ RSA.public_n pubkey)+ , "public exponant: " ++ (show $ RSA.public_e pubkey)+ , "private exponant: " ++ (show $ RSA.private_d privkey)+ , "p1: " ++ (show $ RSA.private_p privkey)+ , "p2: " ++ (show $ RSA.private_q privkey)+ , "exp1: " ++ (show $ RSA.private_dP privkey)+ , "exp2: " ++ (show $ RSA.private_dQ privkey)+ , "coefficient: " ++ (show $ RSA.private_qinv privkey) ] showDSAKey :: KeyDSA.Private -> String@@ -177,17 +177,14 @@ X509.HashSHA1 -> (SHA1.hash, "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14") _ -> error ("unsupported hash in RSA: " ++ show hash) in- rsaVerify f asn1 (mkRSA rsak)+ rsaVerify f asn1 rsak - verifyF (X509.SignatureALG _ X509.PubKeyALG_DSA) (X509.PubKeyDSA (pub,p,q,g)) =+ verifyF (X509.SignatureALG _ X509.PubKeyALG_DSA) (X509.PubKeyDSA dsak) = (\_ _ -> Left "unimplemented DSA checking") verifyF _ _ = (\_ _ -> Left "unexpected/wrong signature") - mkRSA (lenmodulus, modulus, e) =- RSA.PublicKey { RSA.public_sz = lenmodulus, RSA.public_n = modulus, RSA.public_e = e }- verifyAlg toSign expectedSig sigalg pk = let f = verifyF sigalg pk in case f toSign expectedSig of@@ -209,8 +206,8 @@ (Just x, _) -> do let rsaKey = KeyRSA.decodePrivate $ L.fromChunks [x] case rsaKey of- Left err -> error err- Right k -> putStrLn $ showRSAKey k+ Left err -> error err+ Right k -> putStrLn $ showRSAKey k (_, Just x) -> do let rsaKey = KeyDSA.decodePrivate $ L.fromChunks [x] case rsaKey of
Data/Certificate/KeyRSA.hs view
@@ -9,69 +9,64 @@ -- module Data.Certificate.KeyRSA- ( Private(..)- , decodePrivate+ ( decodePrivate , encodePrivate ) where import Data.ASN1.DER (encodeASN1Stream, ASN1(..), ASN1ConstructionType(..)) import Data.ASN1.BER (decodeASN1Stream) import qualified Data.ByteString.Lazy as L--data Private = Private- { version :: Int- , lenmodulus :: Int- , modulus :: Integer- , public_exponant :: Integer- , private_exponant :: Integer- , p1 :: Integer- , p2 :: Integer- , exp1 :: Integer- , exp2 :: Integer- , coef :: Integer- }+import qualified Crypto.Types.PubKey.RSA as RSA -parsePrivate :: [ASN1] -> Either String Private+parsePrivate :: [ASN1] -> Either String (RSA.PublicKey, RSA.PrivateKey) parsePrivate [ Start Sequence- , IntVal ver, IntVal p_modulus, IntVal pub_exp+ , IntVal 0, IntVal p_modulus, IntVal pub_exp , IntVal priv_exp, IntVal p_p1, IntVal p_p2 , IntVal p_exp1, IntVal p_exp2, IntVal p_coef- , End Sequence ] =- Right $ Private- { version = fromIntegral ver- , lenmodulus = calculate_modulus p_modulus 1- , modulus = p_modulus- , public_exponant = pub_exp- , private_exponant = priv_exp- , p1 = p_p1- , p2 = p_p2- , exp1 = p_exp1- , exp2 = p_exp2- , coef = p_coef- }+ , End Sequence ] = Right (pubkey, privkey) where- calculate_modulus n i = if (2 ^ (i * 8)) > n then i else calculate_modulus n (i+1)+ privkey = RSA.PrivateKey+ { RSA.private_size = calculate_modulus p_modulus 1+ , RSA.private_n = p_modulus+ , RSA.private_d = priv_exp+ , RSA.private_p = p_p1+ , RSA.private_q = p_p2+ , RSA.private_dP = p_exp1+ , RSA.private_dQ = p_exp2+ , RSA.private_qinv = p_coef+ }+ pubkey = RSA.PublicKey+ { RSA.public_size = calculate_modulus p_modulus 1+ , RSA.public_n = p_modulus+ , RSA.public_e = pub_exp+ }+ calculate_modulus n i = if (2 ^ (i * 8)) > n+ then i+ else calculate_modulus n (i+1)+parsePrivate (Start Sequence : IntVal n : _)+ | n == 0 = Left "RSA key format: not recognized"+ | otherwise = Left ("RSA key format: unknown version " ++ show n) parsePrivate _ = Left "unexpected format" -decodePrivate :: L.ByteString -> Either String Private+decodePrivate :: L.ByteString -> Either String (RSA.PublicKey, RSA.PrivateKey) decodePrivate dat = either (Left . show) parsePrivate $ decodeASN1Stream dat -encodePrivate :: Private -> L.ByteString-encodePrivate pk =+encodePrivate :: (RSA.PublicKey, RSA.PrivateKey) -> L.ByteString+encodePrivate (pubkey, privkey) = case encodeASN1Stream pkseq of Left err -> error $ show err Right lbs -> lbs where pkseq = [ Start Sequence- , IntVal $ fromIntegral $ version pk- , IntVal $ modulus pk- , IntVal $ public_exponant pk- , IntVal $ private_exponant pk- , IntVal $ p1 pk- , IntVal $ p2 pk- , IntVal $ exp1 pk- , IntVal $ exp2 pk- , IntVal $ fromIntegral $ coef pk+ , IntVal 0+ , IntVal $ RSA.private_n privkey+ , IntVal $ RSA.public_e pubkey+ , IntVal $ RSA.private_d privkey+ , IntVal $ RSA.private_p privkey+ , IntVal $ RSA.private_q privkey+ , IntVal $ RSA.private_dP privkey+ , IntVal $ RSA.private_dQ privkey+ , IntVal $ fromIntegral $ RSA.private_qinv privkey , End Sequence ]
Data/Certificate/X509/Cert.hs view
@@ -39,6 +39,8 @@ import Control.Monad.Error import Data.Certificate.X509.Internal import Data.Certificate.X509.Ext+import qualified Crypto.Types.PubKey.RSA as RSA+import qualified Crypto.Types.PubKey.DSA as DSA data HashALG = HashMD2@@ -64,8 +66,8 @@ deriving (Show,Eq) data PubKey =- PubKeyRSA (Int,Integer,Integer) -- ^ RSA format with (len modulus, modulus, e)- | PubKeyDSA (Integer,Integer,Integer,Integer) -- ^ DSA format with (pub, p, q, g)+ PubKeyRSA RSA.PublicKey -- ^ RSA public key+ | PubKeyDSA DSA.PublicKey -- ^ DSA public key | PubKeyDH (Integer,Integer,Integer,Maybe Integer,([Word8], Integer)) -- ^ DH format with (p,g,q,j,(seed,pgenCounter)) | PubKeyECDSA [ASN1] -- ^ ECDSA format not done yet FIXME@@ -112,7 +114,11 @@ parse_RSA bits = case decodeASN1Stream $ bits of Right [Start Sequence, IntVal modulus, IntVal pubexp, End Sequence] ->- return $ PubKeyRSA (calculate_modulus modulus 1, modulus, pubexp)+ return $ PubKeyRSA $ RSA.PublicKey+ { RSA.public_size = calculate_modulus modulus 1+ , RSA.public_n = modulus+ , RSA.public_e = pubexp+ } _ -> throwError ("bad RSA format") where@@ -251,7 +257,8 @@ [OID pkalg,Start Sequence,IntVal p,IntVal q,IntVal g,End Sequence] -> do let sig = oidPubKey pkalg case decodeASN1Stream bits of- Right [IntVal dsapub] -> return $ PubKeyDSA (dsapub, p, q, g)+ Right [IntVal dsapub] -> return $ PubKeyDSA $ DSA.PublicKey+ { DSA.public_params = (p, q, g), DSA.public_y = dsapub } _ -> return $ PubKeyUnknown pkalg $ L.unpack bits n -> throwError ("subject public key bad format : " ++ show n)@@ -323,18 +330,19 @@ dnSet (oid, stringy) = asn1Container Set (asn1Container Sequence [OID oid, encodeAsn1String stringy]) encodePK :: PubKey -> [ASN1]-encodePK k@(PubKeyRSA (_, modulus, e)) =+encodePK k@(PubKeyRSA pubkey) = asn1Container Sequence (asn1Container Sequence [pkalg,Null] ++ [BitString $ toBitArray bits 0]) where pkalg = OID $ pubkeyalgOID $ pubkeyToAlg k- (Right bits) = encodeASN1Stream $ asn1Container Sequence [IntVal modulus, IntVal e]+ (Right bits) = encodeASN1Stream $ asn1Container Sequence [IntVal (RSA.public_n pubkey), IntVal (RSA.public_e pubkey)] -encodePK k@(PubKeyDSA (pub, p, q, g)) =+encodePK k@(PubKeyDSA pubkey) = asn1Container Sequence (asn1Container Sequence ([pkalg] ++ dsaseq) ++ [BitString $ toBitArray bits 0]) where pkalg = OID $ pubkeyalgOID $ pubkeyToAlg k dsaseq = asn1Container Sequence [IntVal p,IntVal q,IntVal g]- (Right bits) = encodeASN1Stream [IntVal pub]+ (p,q,g) = DSA.public_params pubkey+ (Right bits) = encodeASN1Stream [IntVal $ DSA.public_y pubkey] encodePK k@(PubKeyUnknown _ l) = asn1Container Sequence (asn1Container Sequence [pkalg,Null] ++ [BitString $ toBitArray (L.pack l) 0])
certificate.cabal view
@@ -1,5 +1,5 @@ Name: certificate-Version: 0.9.5+Version: 1.0.0 Description: Certificates and Key reader/writer .@@ -31,6 +31,7 @@ , mtl , asn1-data >= 0.6.1 && < 0.7 , base64-bytestring+ , crypto-pubkey-types , directory , time Exposed-modules: Data.Certificate.X509@@ -59,7 +60,7 @@ Build-depends: cmdargs , text >= 0.11 , cryptohash- , cryptocipher >= 0.2.4+ , cryptocipher >= 0.3.0 , directory else Buildable: False