crypto, public_key & ssl: Change API to hide resource format for EC KEY

5 files changed, 37 insertions, 53 deletions

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index a8027bb079..e953eb960f 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -235,7 +235,7 @@ static ERL_NIF_TERM term_to_ec_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_T
 static ERL_NIF_TERM ec_key_generate(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM ecdsa_sign_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM ecdsa_verify_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
-static ERL_NIF_TERM ecdh_compute_key(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM ecdh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 
 
 /* helpers */
@@ -361,7 +361,7 @@ static ErlNifFunc nif_funcs[] = {
     {"ec_key_generate", 1, ec_key_generate},
     {"ecdsa_sign_nif", 3, ecdsa_sign_nif},
     {"ecdsa_verify_nif", 4, ecdsa_verify_nif},
-    {"ecdh_compute_key", 2, ecdh_compute_key}
+    {"ecdh_compute_key_nif", 2, ecdh_compute_key_nif}
 };
 
 #if defined(HAVE_EC)
@@ -3452,7 +3452,7 @@ static ERL_NIF_TERM ecdsa_verify_nif(ErlNifEnv* env, int argc, const ERL_NIF_TER
   (_OthersPublicKey, _MyPrivateKey)
   (_OthersPublicKey, _MyEC_Point)
 */
-static ERL_NIF_TERM ecdh_compute_key(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+static ERL_NIF_TERM ecdh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {
 #if defined(HAVE_EC)
     ERL_NIF_TERM ret;
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 57ddf3fbac..543d589d7e 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -67,8 +67,8 @@
 -export([aes_cbc_ivec/1]).
 -export([aes_ctr_encrypt/3, aes_ctr_decrypt/3]).
 -export([aes_ctr_stream_init/2, aes_ctr_stream_encrypt/2, aes_ctr_stream_decrypt/2]).
--export([ec_key_new/1, ec_key_to_term/1, term_to_ec_key/1, ec_key_generate/1]).
--export([sign/4, verify/5, ecdh_compute_key/2]).
+-export([ecdh_generate_key/1, ecdh_compute_key/2]).
+-export([sign/4, verify/5]).
 
 -export([dh_generate_parameters/2, dh_check/1]). %% Testing see below
 
@@ -115,8 +115,8 @@
 		    hmac, hmac_init, hmac_update, hmac_final, hmac_final_n, info,
 		    rc2_cbc_encrypt, rc2_cbc_decrypt,
 		    srp_generate_key, srp_compute_key,
-		    ec_key_new, ec_key_to_term, term_to_ec_key, ec_key_generate,
-		    sign, verify, ecdh_compute_key,
+		    ecdh_generate_key, ecdh_compute_key,
+		    sign, verify,
 		    info_lib, algorithms]).
 
 -type mpint() :: binary().
@@ -859,7 +859,7 @@ verify(rsa, Type, DataOrDigest, Signature, Key) ->
 	Bool -> Bool
     end;
 verify(ecdsa, Type, DataOrDigest, Signature, Key) ->
-    case ecdsa_verify_nif(Type, DataOrDigest, Signature, map_ensure_int_as_bin(Key)) of
+    case ecdsa_verify_nif(Type, DataOrDigest, Signature, term_to_ec_key(Key)) of
 	notsup -> erlang:error(notsup);
 	Bool -> Bool
     end.
@@ -921,7 +921,7 @@ sign(dss, Type, DataOrDigest, Key) ->
 	Sign -> Sign
     end;
 sign(ecdsa, Type, DataOrDigest, Key) ->
-    case ecdsa_sign_nif(Type, DataOrDigest, map_ensure_int_as_bin(Key)) of
+    case ecdsa_sign_nif(Type, DataOrDigest, term_to_ec_key(Key)) of
 	error -> erlang:error(badkey, [Type,DataOrDigest,Key]);
 	Sign -> Sign
     end.
@@ -1229,6 +1229,16 @@ srp_compute_key(Verifier, Prime, ClientPublic, ServerPublic, ServerPrivate, Vers
 -spec ec_key_new(ec_named_curve()) -> ec_key_res().
 ec_key_new(_Curve) -> ?nif_stub.
 
+ecdh_generate_key(Curve) when is_atom(Curve) ->
+    ECKey = ec_key_new(Curve),
+    ec_key_generate(ECKey),
+    ec_key_to_term(ECKey);
+ecdh_generate_key(Key) ->
+    ECKey = term_to_ec_key(Key),
+    ec_key_generate(ECKey),
+    ec_key_to_term(ECKey).
+
+
 -spec ec_key_generate(ec_key_res()) -> ok | error.
 ec_key_generate(_Key) -> ?nif_stub.
 
@@ -1277,7 +1287,10 @@ term_to_ec_key_nif(_Curve, _PrivKey, _PubKey) -> ?nif_stub.
 
 
 -spec ecdh_compute_key(ec_key_res(), ec_key_res() | ec_point()) -> binary().
-ecdh_compute_key(_Others, _My) -> ?nif_stub.
+ecdh_compute_key(Others, My) ->
+    ecdh_compute_key_nif(term_to_ec_key(Others), My).
+
+ecdh_compute_key_nif(_Others, _My) -> ?nif_stub.
 
 
 %%  LOCAL FUNCTIONS
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 09898efd49..55db09d9dd 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -1887,12 +1887,7 @@ ec(Config) when is_list(Config) ->
 
 ec_do() ->
     %% test for a name curve
-    L2 = crypto:ec_key_new(sect113r2),
-    crypto:ec_key_generate(L2),
-
-    D2 = crypto:ec_key_to_term(L2),
-    T2 = crypto:term_to_ec_key(D2),
-    ?line D2 = crypto:ec_key_to_term(T2),
+    D2 = crypto:ecdh_generate_key(sect113r2),
 
     %%TODO: find a published test case for a EC key
 
@@ -1933,13 +1928,13 @@ ec_do() ->
     CoFactor = 1,
     Curve = {{prime_field,P},{A,B,none},BasePoint, Order,CoFactor},
     CsCaKey = {Curve, undefined, PubKey},
-    T3 = crypto:term_to_ec_key(CsCaKey),
-    ?line CsCaKey = crypto:ec_key_to_term(T3),
+    %%T3 = crypto:term_to_ec_key(CsCaKey),
+    %%?line CsCaKey = crypto:ec_key_to_term(T3),
 
     Msg = <<99,234,6,64,190,237,201,99,80,248,58,40,70,45,149,218,5,246,242,63>>,
-    Sign = crypto:sign(ecdsa, sha, Msg, L2),
-    ?line true = crypto:verify(ecdsa, sha, Msg, Sign, L2),
-    ?line false = crypto:verify(ecdsa, sha, Msg, <<10,20>>, L2),
+    Sign = crypto:sign(ecdsa, sha, Msg, D2),
+    ?line true = crypto:verify(ecdsa, sha, Msg, Sign, D2),
+    ?line false = crypto:verify(ecdsa, sha, Msg, <<10,20>>, D2),
 
     ok.
 
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 06bffeea76..d1484c5b2b 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -330,10 +330,7 @@ encrypt_private(PlainText,
 %% Description: Generates new key(s)
 %%--------------------------------------------------------------------
 generate_key({curve, Name}) ->
-    %% TODO: Better crypto API
-    ECDHKey = crypto:ec_key_new(Name),
-    crypto:ec_key_generate(ECDHKey),
-    Term = crypto:ec_key_to_term(ECDHKey),
+    Term = crypto:ecdh_generate_key(Name),
     ec_key(Term);
 
 generate_key(#'DHParameter'{prime = P, base = G}) ->
@@ -350,13 +347,8 @@ generate_key({srp, Version, Verifier, Generator, Prime}) when is_binary(Verifier
     crypto:srp_generate_key(Verifier, Generator, Prime, Version);
 
 generate_key(Params) ->
-    %% TODO: Better crypto API
-    Name = ec_curve_spec(Params),
-    ECClntKey = crypto:ec_key_new(Name),
-    %% ECDHKey = format_ecdh_key(Params),
-    %% ECClntKey = crypto:term_to_ec_key(ECDHKey),
-    crypto:ec_key_generate(ECClntKey),
-    Term = crypto:ec_key_to_term(ECClntKey),
+    Curve = ec_curve_spec(Params),
+    Term = crypto:ecdh_generate_key(Curve),
     ec_key(Term, Params).
 
 %%--------------------------------------------------------------------
@@ -372,9 +364,7 @@ compute_key(PubKey, #'ECPrivateKey'{} = PrivateKey) ->
     compute_key(PubKey, format_ecdh_key(PrivateKey));
 
 compute_key(#'ECPoint'{point = Point}, ECDHKeys) ->
-    %% TODO: Better crypto API
-    ECKey = crypto:term_to_ec_key(ECDHKeys),
-    crypto:ecdh_compute_key(ECKey, Point).
+    crypto:ecdh_compute_key(ECDHKeys, Point).
 
 compute_key(OthersKey, MyKey, {dh, Prime, Base}) when is_binary(OthersKey),
 						     is_binary(MyKey),
@@ -439,8 +429,7 @@ sign(DigestOrPlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) ->
 
 sign(DigestOrPlainText, DigestType, Key = #'ECPrivateKey'{}) ->
     ECDHKey = format_ecdh_key(Key),
-    ECKey = crypto:term_to_ec_key(ECDHKey),
-    crypto:sign(ecdsa, DigestType, DigestOrPlainText, ECKey);
+    crypto:sign(ecdsa, DigestType, DigestOrPlainText, ECDHKey);
 
 %% Backwards compatible
 sign(Digest, none, #'DSAPrivateKey'{} = Key) ->
@@ -457,15 +446,9 @@ verify(DigestOrPlainText, DigestType, Signature,
     crypto:verify(rsa, DigestType, DigestOrPlainText, Signature,
 		  [Exp, Mod]);
 
-verify(Digest, DigestType, Signature, Key = #'ECPrivateKey'{}) ->
-    ECDHKey = format_ecdh_key(Key),
-    ECKey = crypto:term_to_ec_key(ECDHKey),
-    crypto:verify(ecdsa, DigestType, Digest, Signature, ECKey);
-
 verify(DigestOrPlaintext, DigestType, Signature, Key = {#'ECPoint'{}, _}) ->
     ECDHKey = format_ecdh_key(Key),
-    ECKey = crypto:term_to_ec_key(ECDHKey),
-    crypto:verify(ecdsa, DigestType, DigestOrPlaintext, Signature, ECKey);
+    crypto:verify(ecdsa, DigestType, DigestOrPlaintext, Signature, ECDHKey);
 
 %% Backwards compatibility
 verify(Digest, none, Signature, {_,  #'Dss-Parms'{}} = Key ) ->
@@ -511,12 +494,7 @@ pkix_verify(DerCert,  #'RSAPublicKey'{} = RSAKey)
     {DigestType, PlainText, Signature} = pubkey_cert:verify_data(DerCert),
     verify(PlainText, DigestType, Signature, RSAKey);
 
-pkix_verify(DerCert,  #'ECPrivateKey'{} = ECKey)
-  when is_binary(DerCert) ->
-    {DigestType, PlainText, Signature} = pubkey_cert:verify_data(DerCert),
-    verify(PlainText, DigestType, Signature, ECKey);
-
-pkix_verify(DerCert, Key = {'ECKey', _})
+pkix_verify(DerCert, Key = {#'ECPoint'{}, _})
   when is_binary(DerCert) ->
     {DigestType, PlainText, Signature} = pubkey_cert:verify_data(DerCert),
     verify(PlainText, DigestType, Signature,  Key).
diff --git a/lib/ssl/test/erl_make_certs.erl b/lib/ssl/test/erl_make_certs.erl
index f8d086513b..c0cf5005ed 100644
--- a/lib/ssl/test/erl_make_certs.erl
+++ b/lib/ssl/test/erl_make_certs.erl
@@ -409,9 +409,7 @@ int2list(I) ->
     binary_to_list(<<I:(L*8)>>).
 
 gen_ec2(CurveId) ->
-    Key = crypto:ec_key_new(CurveId),
-    crypto:ec_key_generate(Key),
-    {_Curve, PrivKey, PubKey} = crypto:ec_key_to_term(Key),
+     {_Curve, PrivKey, PubKey} = crypto:ecdh_generate_key(CurveId),
 
     #'ECPrivateKey'{version = 1,
 		    privateKey = int2list(PrivKey),