Merge branch 'hans/crypto/x25519_x448/OTP-15240' into maint

* hans/crypto/x25519_x448/OTP-15240:
  crypto: doc x25519 & x448
  crypto: Test vectors for ecdh x25519 and x448
  crypto: Remove the term 'eddh'
  crypto: Enable EDDH all OpenSSL cryptolib over beta version 1.1.1-pre8

3 files changed, 42 insertions, 17 deletions

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index afb57999b2..096f749f7f 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -169,12 +169,12 @@
 # define HAVE_EC
 #endif
 
-// (test for == 1.1.1pre8)
-#if OPENSSL_VERSION_NUMBER == (PACKED_OPENSSL_VERSION_PLAIN(1,1,1) - 7) \
+// (test for >= 1.1.1pre8)
+#if OPENSSL_VERSION_NUMBER >= (PACKED_OPENSSL_VERSION_PLAIN(1,1,1) - 7) \
     && !defined(HAS_LIBRESSL) \
     && defined(HAVE_EC)
 // EXPERIMENTAL:
-# define HAVE_EDDH
+# define HAVE_ED_CURVE_DH
 #endif
 
 #if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION(0,9,8,'c')
@@ -720,8 +720,7 @@ static ERL_NIF_TERM atom_rsa;
 static ERL_NIF_TERM atom_dss;
 static ERL_NIF_TERM atom_ecdsa;
 
-#ifdef HAVE_EDDH
-static ERL_NIF_TERM atom_eddh;
+#ifdef HAVE_ED_CURVE_DH
 static ERL_NIF_TERM atom_x25519;
 static ERL_NIF_TERM atom_x448;
 #endif
@@ -1166,8 +1165,7 @@ static int initialize(ErlNifEnv* env, ERL_NIF_TERM load_info)
     atom_rsa = enif_make_atom(env,"rsa");
     atom_dss = enif_make_atom(env,"dss");
     atom_ecdsa = enif_make_atom(env,"ecdsa");
-#ifdef HAVE_EDDH
-    atom_eddh = enif_make_atom(env,"eddh");
+#ifdef HAVE_ED_CURVE_DH
     atom_x25519 = enif_make_atom(env,"x25519");
     atom_x448 = enif_make_atom(env,"x448");
 #endif
@@ -1368,9 +1366,6 @@ static void init_algorithms_types(ErlNifEnv* env)
 #endif
     // Non-validated algorithms follow
     algo_pubkey_fips_cnt = algo_pubkey_cnt;
-#ifdef HAVE_EDDH
-    algo_pubkey[algo_pubkey_cnt++] = enif_make_atom(env, "eddh");
-#endif
     algo_pubkey[algo_pubkey_cnt++] = enif_make_atom(env, "srp");
 
     // Validated algorithms first
@@ -1528,7 +1523,7 @@ static void init_algorithms_types(ErlNifEnv* env)
 #endif
 #endif
     //--
-#ifdef HAVE_EDDH
+#ifdef HAVE_ED_CURVE_DH
     algo_curve[algo_curve_cnt++] = enif_make_atom(env,"x25519");
     algo_curve[algo_curve_cnt++] = enif_make_atom(env,"x448");
 #endif
@@ -4157,7 +4152,7 @@ out_err:
 static ERL_NIF_TERM evp_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
     /*    (Curve, PeerBin, MyBin) */
 {
-#ifdef HAVE_EDDH
+#ifdef HAVE_ED_CURVE_DH
     int type;
     EVP_PKEY_CTX *ctx;
     ErlNifBinary peer_bin, my_bin, key_bin;
@@ -4213,7 +4208,7 @@ static ERL_NIF_TERM evp_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_
 static ERL_NIF_TERM evp_generate_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 /* (Curve) */
 {
-#ifdef HAVE_EDDH
+#ifdef HAVE_ED_CURVE_DH
     int type;
     EVP_PKEY_CTX *ctx;
     EVP_PKEY *pkey = NULL;
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 21580932ca..4289bd4a64 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -110,6 +110,9 @@
 
     <code>ecdh_params() = ec_named_curve() | ec_explicit_curve()</code>
 
+    <code>ed_named_curves_ecdh() -> x448 | x25519</code>
+    <p>Note that the curves are only supported if the underlying OpenSSL has support for them.</p>
+
     <code>ec_explicit_curve() =
     {ec_field(), Prime :: key_value(), Point :: key_value(), Order :: integer(),
      CoFactor :: none | integer()} </code>
@@ -310,7 +313,7 @@
 	<v> Type = dh | ecdh | srp </v>
 	<v>OthersPublicKey =  dh_public() | ecdh_public() | srp_public() </v>
 	<v>MyKey = dh_private() | ecdh_private() | {srp_public(),srp_private()}</v>
-	<v>Params = dh_params() | ecdh_params() | SrpUserParams | SrpHostParams</v>
+	<v>Params = dh_params() | ecdh_params() | ed_named_curves_ecdh() | SrpUserParams | SrpHostParams</v>
 	<v>SrpUserParams = {user, [DerivedKey::binary(), Prime::binary(), Generator::binary(), Version::atom() | [Scrambler:binary()]]} </v>
 	<v>SrpHostParams = {host, [Verifier::binary(), Prime::binary(), Version::atom() | [Scrambler::binary]]} </v>
 	<v>SharedSecret = binary()</v>
@@ -340,7 +343,7 @@
       <fsummary>Generates a public key of type <c>Type</c></fsummary>
       <type>
 	<v> Type = dh | ecdh | rsa | srp </v>
-	<v>Params = dh_params() | ecdh_params() | RsaParams | SrpUserParams | SrpHostParams </v>
+	<v>Params = dh_params() | ecdh_params() | ed_named_curves_ecdh()| RsaParams | SrpUserParams | SrpHostParams </v>
 	<v>RsaParams = {ModulusSizeInBits::integer(), PublicExponent::key_value()}</v>
 	<v>SrpUserParams = {user, [Generator::binary(), Prime::binary(), Version::atom()]}</v>
 	<v>SrpHostParams = {host, [Verifier::binary(), Generator::binary(), Prime::binary(), Version::atom()]}</v>
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index dd87861568..170a97aecb 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -2639,7 +2639,9 @@ srp(ClientPrivate, Generator, Prime, Version, Verifier, ServerPublic, ServerPriv
      SessionKey}.
 ecdh() ->
     %% http://csrc.nist.gov/groups/STM/cavp/
-    Curves = crypto:ec_curves(),
+    Curves = crypto:ec_curves() ++ 
+        [X  || X <- proplists:get_value(curves, crypto:supports(), []),
+               lists:member(X, [x25519,x448])],
     TestCases =
         [{ecdh, hexstr2point("42ea6dd9969dd2a61fea1aac7f8e98edcc896c6e55857cc0", "dfbe5d7c61fac88b11811bde328e8a0d12bf01a9d204b523"),
           hexstr2bin("f17d3fea367b74d340851ca4270dcb24c271f445bed9d527"),
@@ -2722,7 +2724,32 @@ ecdh() ->
                              "2FDC313095BCDD5FB3A91636F07A959C8E86B5636A1E930E8396049CB481961D365CC11453A06C719835475B12CB52FC3C383BCE35E27EF194512B71876285FA"),
           hexstr2bin("16302FF0DBBB5A8D733DAB7141C1B45ACBC8715939677F6A56850A38BD87BD59B09E80279609FF333EB9D4C061231FB26F92EEB04982A5F1D1764CAD57665422"),
           brainpoolP512r1,
-          hexstr2bin("A7927098655F1F9976FA50A9D566865DC530331846381C87256BAF3226244B76D36403C024D7BBF0AA0803EAFF405D3D24F11A9B5C0BEF679FE1454B21C4CD1F")}],
+          hexstr2bin("A7927098655F1F9976FA50A9D566865DC530331846381C87256BAF3226244B76D36403C024D7BBF0AA0803EAFF405D3D24F11A9B5C0BEF679FE1454B21C4CD1F")},
+
+         %% RFC 7748, 6.1
+         {ecdh,
+          16#8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a,
+          16#5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb,
+          x25519,
+          hexstr2bin("4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742")},
+         {ecdh,
+          16#de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f,
+          16#77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a,
+          x25519,
+          hexstr2bin("4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742")},
+
+         %% RFC 7748, 6.2
+         {ecdh,
+          16#9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0,
+          16#1c306a7ac2a0e2e0990b294470cba339e6453772b075811d8fad0d1d6927c120bb5ee8972b0d3e21374c9c921b09d1b0366f10b65173992d,
+          x448,
+          hexstr2bin("07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d")},
+         {ecdh,
+          16#3eb7a829b0cd20f5bcfc0b599b6feccf6da4627107bdb0d4f345b43027d8b972fc3e34fb4232a13ca706dcb57aec3dae07bdc1c67bf33609,
+          16#9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b,
+          x448,
+          hexstr2bin("07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d")}
+        ],
     lists:filter(fun ({_Type, _Pub, _Priv, Curve, _SharedSecret}) ->
                          lists:member(Curve, Curves)
                  end,