public_key: Missing support for encoding/decoding ASN.1 structures #9880
Description
Describe the bug
In reworking the ASN.1 handling in public_key in OTP 28, the der_decode/2 and der_encode/2 functions have lost the ability to encode/decode arbitrary supported ASN.1 structures. While the API itself has not changed, the list of supported values for the Asn1Type parameter is now much shorter.
This prevents applications/libraries from implementing functionality that public_key itself does not expose through its high-level API, e.g. generating (signing) CRLs, which requires an ability to encode the TBSCertList structure as DER for signing.
To Reproduce
2> TBSCertList.
{'TBSCertList',v2,
{'TBSCertList_signature',{1,2,840,113549,1,1,5},'NULL'},
{rdnSequence,[[{'AttributeTypeAndValue',{0,9,2342,19200300,
100,1,25},
"com"}],
[{'AttributeTypeAndValue',{0,9,2342,19200300,100,1,25},
"example"}],
[{'AttributeTypeAndValue',{2,5,4,3},
{printableString,"Example CA"}}]]},
{utcTime,"050205120000Z"},
{utcTime,"050206120000Z"},
[{'TBSCertList_revokedCertificates_SEQOF',18,
{utcTime,"041119155703Z"},
[{'Extension',{2,5,29,21},false,<<10,1,1>>}]}],
[{'Extension',{2,5,29,35},
false,
<<48,22,128,20,8,104,175,133,51,200,57,74,122,248,130,
147,...>>},
{'Extension',{2,5,29,20},false,<<2,1,12>>}]}
3> public_key:der_encode('TBSCertList', TBSCertList).
** exception error: no function clause matching public_key:get_asn1_module('TBSCertList') (public_key.erl:576)
in function public_key:der_encode/2 (public_key.erl:804)Similarly, the following calls fail with the same error:
public_key:der_encode('Validity', Validity).
public_key:der_encode('SubjectAltName', SubjectAltName).
public_key:der_encode('EcpkParameters', EcpkParameters).The above three examples have been extracted from existing code, but they may not reflect a very real use-case, unlike the TBSCertList example given above.
Expected behavior
Sample output with OTP <28:
2> TBSCertList.
{'TBSCertList',v2,
{'AlgorithmIdentifier',{1,2,840,113549,1,1,5},<<5,0>>},
{rdnSequence,[[{'AttributeTypeAndValue',{0,9,2342,19200300,
100,1,25},
<<22,3,99,111,109>>}],
[{'AttributeTypeAndValue',{0,9,2342,19200300,100,1,25},
<<22,7,101,120,97,109,112,108,101>>}],
[{'AttributeTypeAndValue',{2,5,4,3},
<<19,10,69,120,97,109,112,108,101,32,67,65>>}]]},
{utcTime,"050205120000Z"},
{utcTime,"050206120000Z"},
[{'TBSCertList_revokedCertificates_SEQOF',18,
{utcTime,"041119155703Z"},
[{'Extension',{2,5,29,21},false,<<10,1,1>>}]}],
[{'Extension',{2,5,29,35},
false,
<<48,22,128,20,8,104,175,133,51,200,57,74,122,248,130,
147,...>>},
{'Extension',{2,5,29,20},false,<<2,1,12>>}]}
3> public_key:der_encode('TBSCertList', TBSCertList).
<<48,129,202,2,1,1,48,13,6,9,42,134,72,134,247,13,1,1,5,5,
0,48,67,49,19,48,17,6,10,...>>Affected versions
OTP 28.0
Additional context
See also discussion in voltone/x509#86 and in EEF Slack #security channel