ssl, crypto: Eliminate remaining mpint and EC resource key from API

author: Ingela Anderton Andin <[email protected]> 2013-04-25 14:51:19 +0200
committer: Ingela Anderton Andin <[email protected]> 2013-05-08 10:39:21 +0200
commit: badb8f14e9829ce0a797b56702997aa355cdd9ba (patch)
tree: e0e83ebf28a70a67a4bb710b7f3ef03301facf03
parent: dad86c51e920d015da390ec6bef3da24924fa063 (diff)
download: otp-badb8f14e9829ce0a797b56702997aa355cdd9ba.tar.gz
otp-badb8f14e9829ce0a797b56702997aa355cdd9ba.tar.bz2
otp-badb8f14e9829ce0a797b56702997aa355cdd9ba.zip
5 files changed, 36 insertions, 41 deletions
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 43ea1d48fd..f87644b3fe 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -855,8 +855,8 @@ verify(rsa, Type, DataOrDigest, Signature, Key) ->
     	notsup -> erlang:error(notsup);
 	Bool -> Bool
     end;
-verify(ecdsa, Type, DataOrDigest, Signature, Key) ->
-    case ecdsa_verify_nif(Type, DataOrDigest, Signature, term_to_ec_key(Key)) of
+verify(ecdsa, Type, DataOrDigest, Signature, [Key, Curve]) ->
+    case ecdsa_verify_nif(Type, DataOrDigest, Signature, term_to_ec_key({Curve, undefined, Key})) of
 	notsup -> erlang:error(notsup);
 	Bool -> Bool
     end.
@@ -901,6 +901,11 @@ map_ensure_int_as_bin([H|_]=List) when is_integer(H) ->
 map_ensure_int_as_bin(List) ->
     List.
 
+ensure_int_as_bin(Int) when is_integer(Int) ->
+    int_to_bin(Int);
+ensure_int_as_bin(Bin) ->
+    Bin.
+
 map_to_norm_bin([H|_]=List) when is_integer(H) ->
     lists:map(fun(E) -> int_to_bin(E) end, List);
 map_to_norm_bin(List) ->
@@ -917,8 +922,8 @@ sign(dss, Type, DataOrDigest, Key) ->
 	error -> erlang:error(badkey, [DataOrDigest, Key]);
 	Sign -> Sign
     end;
-sign(ecdsa, Type, DataOrDigest, Key) ->
-    case ecdsa_sign_nif(Type, DataOrDigest, term_to_ec_key(Key)) of
+sign(ecdsa, Type, DataOrDigest, [Key, Curve]) ->
+    case ecdsa_sign_nif(Type, DataOrDigest, term_to_ec_key({Curve, Key, undefined})) of
 	error -> erlang:error(badkey, [Type,DataOrDigest,Key]);
 	Sign -> Sign
     end.
@@ -1228,9 +1233,9 @@ term_to_nif_prime({prime_field, Prime}) ->
 term_to_nif_prime(PrimeField) ->
     PrimeField.
 term_to_nif_curve({A, B, Seed}) ->
-    {int_to_bin(A), int_to_bin(B), Seed}.
+    {ensure_int_as_bin(A), ensure_int_as_bin(B), Seed}.
 term_to_nif_curve_parameters({PrimeField, Curve, BasePoint, Order, CoFactor}) ->
-    {term_to_nif_prime(PrimeField), term_to_nif_curve(Curve), BasePoint, int_to_bin(Order), int_to_bin(CoFactor)};
+    {term_to_nif_prime(PrimeField), term_to_nif_curve(Curve), ensure_int_as_bin(BasePoint), int_to_bin(Order), int_to_bin(CoFactor)};
 term_to_nif_curve_parameters(Curve) when is_atom(Curve) ->
     %% named curve
     Curve.
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 473609778c..3ebe10866c 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -1892,8 +1892,8 @@ ec(Config) when is_list(Config) ->
 ec_do() ->
     %% test for a name curve
     {D2_priv, D2_pub} = crypto:generate_key(ecdh, sect113r2),
-    D2 = {sect113r2, D2_priv, D2_pub},
-
+    PrivECDH = [D2_priv, sect113r2],
+    PubECDH = [D2_pub, sect113r2],
     %%TODO: find a published test case for a EC key
 
     %% test for a full specified curve and public key,
@@ -1932,14 +1932,11 @@ ec_do() ->
 			      16#f7, 16#90, 16#1e, 16#0e, 16#82, 16#97, 16#48, 16#56, 16#a7>>,
     CoFactor = 1,
     Curve = {{prime_field,P},{A,B,none},BasePoint, Order,CoFactor},
-    CsCaKey = {Curve, undefined, PubKey},
-    %%T3 = crypto:term_to_ec_key(CsCaKey),
-    %%?line CsCaKey = crypto:ec_key_to_term(T3),
 
     Msg = <<99,234,6,64,190,237,201,99,80,248,58,40,70,45,149,218,5,246,242,63>>,
-    Sign = crypto:sign(ecdsa, sha, Msg, D2),
-    ?line true = crypto:verify(ecdsa, sha, Msg, Sign, D2),
-    ?line false = crypto:verify(ecdsa, sha, Msg, <<10,20>>, D2),
+    Sign = crypto:sign(ecdsa, sha, Msg, PrivECDH),
+    ?line true = crypto:verify(ecdsa, sha, Msg, Sign, PubECDH),
+    ?line false = crypto:verify(ecdsa, sha, Msg, <<10,20>>, PubECDH),
 
     ok.
 
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 3497018a88..a8fe9213ea 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -326,7 +326,9 @@ encrypt_private(PlainText,
     crypto:rsa_private_encrypt(PlainText, format_rsa_private_key(Key), Padding).
 
 %%--------------------------------------------------------------------
--spec generate_key(#'DHParameter'{} | {namedCurve, Name ::atom()} | #'OTPECParameters'{}) -> {Public::binary(), Private::binary()}.
+-spec generate_key(#'DHParameter'{} | {namedCurve, Name ::atom()} |
+		   #'OTPECParameters'{}) -> {Public::binary(), Private::binary()} |
+					    #'ECPrivateKey'{}.
 %% Description: Generates a new keypair
 %%--------------------------------------------------------------------
 generate_key(#'DHParameter'{prime = P, base = G}) ->
@@ -396,9 +398,10 @@ sign(DigestOrPlainText, DigestType, Key = #'RSAPrivateKey'{}) ->
 sign(DigestOrPlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) ->
     crypto:sign(dss, sha, DigestOrPlainText, [P, Q, G, X]);
 
-sign(DigestOrPlainText, DigestType, Key = #'ECPrivateKey'{}) ->
-    ECDHKey = format_ecdh_key(Key),
-    crypto:sign(ecdsa, DigestType, DigestOrPlainText, ECDHKey);
+sign(DigestOrPlainText, DigestType, #'ECPrivateKey'{privateKey = PrivKey,
+						    parameters = Param}) ->
+    ECCurve = ec_curve_spec(Param),
+    crypto:sign(ecdsa, DigestType, DigestOrPlainText, [list2int(PrivKey), ECCurve]);
 
 %% Backwards compatible
 sign(Digest, none, #'DSAPrivateKey'{} = Key) ->
@@ -415,9 +418,9 @@ verify(DigestOrPlainText, DigestType, Signature,
     crypto:verify(rsa, DigestType, DigestOrPlainText, Signature,
 		  [Exp, Mod]);
 
-verify(DigestOrPlaintext, DigestType, Signature, Key = {#'ECPoint'{}, _}) ->
-    ECDHKey = format_ecdh_key(Key),
-    crypto:verify(ecdsa, DigestType, DigestOrPlaintext, Signature, ECDHKey);
+verify(DigestOrPlaintext, DigestType, Signature, {#'ECPoint'{point = Point}, Param}) ->
+    ECCurve = ec_curve_spec(Param),
+    crypto:verify(ecdsa, DigestType, DigestOrPlaintext, Signature, [Point, ECCurve]);
 
 %% Backwards compatibility
 verify(Digest, none, Signature, {_,  #'Dss-Parms'{}} = Key ) ->
@@ -868,20 +871,10 @@ ec_generate_key(Params) ->
     Term = crypto:generate_key(ecdh, Curve),
     ec_key(Term, Params).
 
-format_ecdh_key(#'ECPrivateKey'{privateKey = PrivKey,
-				parameters = Param,
-				publicKey = _}) ->
-    ECCurve = ec_curve_spec(Param),
-    {ECCurve, list2int(PrivKey), undefined};
-
-format_ecdh_key({#'ECPoint'{point = Point}, Param}) ->
-    ECCurve = ec_curve_spec(Param),
-    {ECCurve, undefined, Point}.
-
 ec_curve_spec( #'OTPECParameters'{fieldID = FieldId, curve = PCurve, base = Base, order = Order, cofactor = CoFactor }) ->
     Field = {pubkey_cert_records:supportedCurvesTypes(FieldId#'OTPFieldID'.fieldType),
 	     FieldId#'OTPFieldID'.parameters},
-    Curve = {list2int(PCurve#'Curve'.a), list2int(PCurve#'Curve'.b), none},
+    Curve = {erlang:list_to_binary(PCurve#'Curve'.a), erlang:list_to_binary(PCurve#'Curve'.b), none},
     {Field, Curve, erlang:list_to_binary(Base), Order, CoFactor};
 ec_curve_spec({namedCurve, OID}) ->
     pubkey_cert_records:namedCurves(OID).
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 0744ef4180..338319ab9e 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -429,10 +429,8 @@ key_exchange(client, _Version, {srp, PublicKey}) ->
 key_exchange(server, Version, {dh, {PublicKey, _},
 			       #'DHParameter'{prime = P, base = G},
 			       HashSign, ClientRandom, ServerRandom, PrivateKey}) ->
-    <<?UINT32(_), PBin/binary>> = crypto:mpint(P),
-    <<?UINT32(_), GBin/binary>> = crypto:mpint(G),
-    ServerDHParams = #server_dh_params{dh_p = PBin, 
-				       dh_g = GBin, dh_y = PublicKey},    
+    ServerDHParams = #server_dh_params{dh_p = int_to_bin(P),
+				       dh_g = int_to_bin(G), dh_y = PublicKey},
     enc_server_key_exchange(Version, ServerDHParams, HashSign,
 			    ClientRandom, ServerRandom, PrivateKey);
 
@@ -452,12 +450,10 @@ key_exchange(server, Version, {psk, PskIdentityHint,
 key_exchange(server, Version, {dhe_psk, PskIdentityHint, {PublicKey, _},
 			       #'DHParameter'{prime = P, base = G},
 			       HashSign, ClientRandom, ServerRandom, PrivateKey}) ->
-    <<?UINT32(_), PBin/binary>> = crypto:mpint(P),
-    <<?UINT32(_), GBin/binary>> = crypto:mpint(G),
     ServerEDHPSKParams = #server_dhe_psk_params{
       hint = PskIdentityHint,
-      dh_params = #server_dh_params{dh_p = PBin,
-				    dh_g = GBin, dh_y = PublicKey}
+      dh_params = #server_dh_params{dh_p = int_to_bin(P),
+				    dh_g = int_to_bin(G), dh_y = PublicKey}
      },
     enc_server_key_exchange(Version, ServerEDHPSKParams,
 			    HashSign, ClientRandom, ServerRandom, PrivateKey);
@@ -1791,3 +1787,7 @@ handle_srp_extension(undefined, Session) ->
     Session;
 handle_srp_extension(#srp{username = Username}, Session) ->
     Session#session{srp_username = Username}.
+
+int_to_bin(I) ->
+    L = (length(integer_to_list(I, 16)) + 1) div 2,
+    <<I:(L*8)>>.
diff --git a/lib/ssl/test/erl_make_certs.erl b/lib/ssl/test/erl_make_certs.erl
index c32ca6dd1f..723ccf4496 100644
--- a/lib/ssl/test/erl_make_certs.erl
+++ b/lib/ssl/test/erl_make_certs.erl
@@ -409,7 +409,7 @@ int2list(I) ->
     binary_to_list(<<I:(L*8)>>).
 
 gen_ec2(CurveId) ->
-     {PrivKey, PubKey} = crypto:generate_key(ecdh,CurveId),
+     {PrivKey, PubKey} = crypto:generate_key(ecdh, CurveId),
 
     #'ECPrivateKey'{version = 1,
 		    privateKey = int2list(PrivKey),
author	Ingela Anderton Andin <[email protected]>	2013-04-25 14:51:19 +0200
committer	Ingela Anderton Andin <[email protected]>	2013-05-08 10:39:21 +0200
commit	badb8f14e9829ce0a797b56702997aa355cdd9ba (patch)
tree	e0e83ebf28a70a67a4bb710b7f3ef03301facf03
parent	dad86c51e920d015da390ec6bef3da24924fa063 (diff)
download	otp-badb8f14e9829ce0a797b56702997aa355cdd9ba.tar.gz otp-badb8f14e9829ce0a797b56702997aa355cdd9ba.tar.bz2 otp-badb8f14e9829ce0a797b56702997aa355cdd9ba.zip