aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSverker Eriksson <[email protected]>2013-04-22 21:43:44 +0200
committerIngela Anderton Andin <[email protected]>2013-05-08 10:39:19 +0200
commit3155ca5b47149a214b101f6c0b84cdcd0400a30b (patch)
tree95af72e673487f3a7726e9bd987e9013e203be46
parentf5902d53588784d95674e07055fc2ef0d6fd0ed0 (diff)
downloadotp-3155ca5b47149a214b101f6c0b84cdcd0400a30b.tar.gz
otp-3155ca5b47149a214b101f6c0b84cdcd0400a30b.tar.bz2
otp-3155ca5b47149a214b101f6c0b84cdcd0400a30b.zip
crypto, public_key & ssl: Change API to hide resource format for EC KEY
-rw-r--r--lib/crypto/c_src/crypto.c6
-rw-r--r--lib/crypto/src/crypto.erl27
-rw-r--r--lib/crypto/test/crypto_SUITE.erl17
-rw-r--r--lib/public_key/src/public_key.erl36
-rw-r--r--lib/ssl/test/erl_make_certs.erl4
5 files changed, 37 insertions, 53 deletions
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index a8027bb079..e953eb960f 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -235,7 +235,7 @@ static ERL_NIF_TERM term_to_ec_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_T
static ERL_NIF_TERM ec_key_generate(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
static ERL_NIF_TERM ecdsa_sign_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
static ERL_NIF_TERM ecdsa_verify_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
-static ERL_NIF_TERM ecdh_compute_key(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM ecdh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
/* helpers */
@@ -361,7 +361,7 @@ static ErlNifFunc nif_funcs[] = {
{"ec_key_generate", 1, ec_key_generate},
{"ecdsa_sign_nif", 3, ecdsa_sign_nif},
{"ecdsa_verify_nif", 4, ecdsa_verify_nif},
- {"ecdh_compute_key", 2, ecdh_compute_key}
+ {"ecdh_compute_key_nif", 2, ecdh_compute_key_nif}
};
#if defined(HAVE_EC)
@@ -3452,7 +3452,7 @@ static ERL_NIF_TERM ecdsa_verify_nif(ErlNifEnv* env, int argc, const ERL_NIF_TER
(_OthersPublicKey, _MyPrivateKey)
(_OthersPublicKey, _MyEC_Point)
*/
-static ERL_NIF_TERM ecdh_compute_key(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+static ERL_NIF_TERM ecdh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
{
#if defined(HAVE_EC)
ERL_NIF_TERM ret;
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 57ddf3fbac..543d589d7e 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -67,8 +67,8 @@
-export([aes_cbc_ivec/1]).
-export([aes_ctr_encrypt/3, aes_ctr_decrypt/3]).
-export([aes_ctr_stream_init/2, aes_ctr_stream_encrypt/2, aes_ctr_stream_decrypt/2]).
--export([ec_key_new/1, ec_key_to_term/1, term_to_ec_key/1, ec_key_generate/1]).
--export([sign/4, verify/5, ecdh_compute_key/2]).
+-export([ecdh_generate_key/1, ecdh_compute_key/2]).
+-export([sign/4, verify/5]).
-export([dh_generate_parameters/2, dh_check/1]). %% Testing see below
@@ -115,8 +115,8 @@
hmac, hmac_init, hmac_update, hmac_final, hmac_final_n, info,
rc2_cbc_encrypt, rc2_cbc_decrypt,
srp_generate_key, srp_compute_key,
- ec_key_new, ec_key_to_term, term_to_ec_key, ec_key_generate,
- sign, verify, ecdh_compute_key,
+ ecdh_generate_key, ecdh_compute_key,
+ sign, verify,
info_lib, algorithms]).
-type mpint() :: binary().
@@ -859,7 +859,7 @@ verify(rsa, Type, DataOrDigest, Signature, Key) ->
Bool -> Bool
end;
verify(ecdsa, Type, DataOrDigest, Signature, Key) ->
- case ecdsa_verify_nif(Type, DataOrDigest, Signature, map_ensure_int_as_bin(Key)) of
+ case ecdsa_verify_nif(Type, DataOrDigest, Signature, term_to_ec_key(Key)) of
notsup -> erlang:error(notsup);
Bool -> Bool
end.
@@ -921,7 +921,7 @@ sign(dss, Type, DataOrDigest, Key) ->
Sign -> Sign
end;
sign(ecdsa, Type, DataOrDigest, Key) ->
- case ecdsa_sign_nif(Type, DataOrDigest, map_ensure_int_as_bin(Key)) of
+ case ecdsa_sign_nif(Type, DataOrDigest, term_to_ec_key(Key)) of
error -> erlang:error(badkey, [Type,DataOrDigest,Key]);
Sign -> Sign
end.
@@ -1229,6 +1229,16 @@ srp_compute_key(Verifier, Prime, ClientPublic, ServerPublic, ServerPrivate, Vers
-spec ec_key_new(ec_named_curve()) -> ec_key_res().
ec_key_new(_Curve) -> ?nif_stub.
+ecdh_generate_key(Curve) when is_atom(Curve) ->
+ ECKey = ec_key_new(Curve),
+ ec_key_generate(ECKey),
+ ec_key_to_term(ECKey);
+ecdh_generate_key(Key) ->
+ ECKey = term_to_ec_key(Key),
+ ec_key_generate(ECKey),
+ ec_key_to_term(ECKey).
+
+
-spec ec_key_generate(ec_key_res()) -> ok | error.
ec_key_generate(_Key) -> ?nif_stub.
@@ -1277,7 +1287,10 @@ term_to_ec_key_nif(_Curve, _PrivKey, _PubKey) -> ?nif_stub.
-spec ecdh_compute_key(ec_key_res(), ec_key_res() | ec_point()) -> binary().
-ecdh_compute_key(_Others, _My) -> ?nif_stub.
+ecdh_compute_key(Others, My) ->
+ ecdh_compute_key_nif(term_to_ec_key(Others), My).
+
+ecdh_compute_key_nif(_Others, _My) -> ?nif_stub.
%% LOCAL FUNCTIONS
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 09898efd49..55db09d9dd 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -1887,12 +1887,7 @@ ec(Config) when is_list(Config) ->
ec_do() ->
%% test for a name curve
- L2 = crypto:ec_key_new(sect113r2),
- crypto:ec_key_generate(L2),
-
- D2 = crypto:ec_key_to_term(L2),
- T2 = crypto:term_to_ec_key(D2),
- ?line D2 = crypto:ec_key_to_term(T2),
+ D2 = crypto:ecdh_generate_key(sect113r2),
%%TODO: find a published test case for a EC key
@@ -1933,13 +1928,13 @@ ec_do() ->
CoFactor = 1,
Curve = {{prime_field,P},{A,B,none},BasePoint, Order,CoFactor},
CsCaKey = {Curve, undefined, PubKey},
- T3 = crypto:term_to_ec_key(CsCaKey),
- ?line CsCaKey = crypto:ec_key_to_term(T3),
+ %%T3 = crypto:term_to_ec_key(CsCaKey),
+ %%?line CsCaKey = crypto:ec_key_to_term(T3),
Msg = <<99,234,6,64,190,237,201,99,80,248,58,40,70,45,149,218,5,246,242,63>>,
- Sign = crypto:sign(ecdsa, sha, Msg, L2),
- ?line true = crypto:verify(ecdsa, sha, Msg, Sign, L2),
- ?line false = crypto:verify(ecdsa, sha, Msg, <<10,20>>, L2),
+ Sign = crypto:sign(ecdsa, sha, Msg, D2),
+ ?line true = crypto:verify(ecdsa, sha, Msg, Sign, D2),
+ ?line false = crypto:verify(ecdsa, sha, Msg, <<10,20>>, D2),
ok.
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 06bffeea76..d1484c5b2b 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -330,10 +330,7 @@ encrypt_private(PlainText,
%% Description: Generates new key(s)
%%--------------------------------------------------------------------
generate_key({curve, Name}) ->
- %% TODO: Better crypto API
- ECDHKey = crypto:ec_key_new(Name),
- crypto:ec_key_generate(ECDHKey),
- Term = crypto:ec_key_to_term(ECDHKey),
+ Term = crypto:ecdh_generate_key(Name),
ec_key(Term);
generate_key(#'DHParameter'{prime = P, base = G}) ->
@@ -350,13 +347,8 @@ generate_key({srp, Version, Verifier, Generator, Prime}) when is_binary(Verifier
crypto:srp_generate_key(Verifier, Generator, Prime, Version);
generate_key(Params) ->
- %% TODO: Better crypto API
- Name = ec_curve_spec(Params),
- ECClntKey = crypto:ec_key_new(Name),
- %% ECDHKey = format_ecdh_key(Params),
- %% ECClntKey = crypto:term_to_ec_key(ECDHKey),
- crypto:ec_key_generate(ECClntKey),
- Term = crypto:ec_key_to_term(ECClntKey),
+ Curve = ec_curve_spec(Params),
+ Term = crypto:ecdh_generate_key(Curve),
ec_key(Term, Params).
%%--------------------------------------------------------------------
@@ -372,9 +364,7 @@ compute_key(PubKey, #'ECPrivateKey'{} = PrivateKey) ->
compute_key(PubKey, format_ecdh_key(PrivateKey));
compute_key(#'ECPoint'{point = Point}, ECDHKeys) ->
- %% TODO: Better crypto API
- ECKey = crypto:term_to_ec_key(ECDHKeys),
- crypto:ecdh_compute_key(ECKey, Point).
+ crypto:ecdh_compute_key(ECDHKeys, Point).
compute_key(OthersKey, MyKey, {dh, Prime, Base}) when is_binary(OthersKey),
is_binary(MyKey),
@@ -439,8 +429,7 @@ sign(DigestOrPlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) ->
sign(DigestOrPlainText, DigestType, Key = #'ECPrivateKey'{}) ->
ECDHKey = format_ecdh_key(Key),
- ECKey = crypto:term_to_ec_key(ECDHKey),
- crypto:sign(ecdsa, DigestType, DigestOrPlainText, ECKey);
+ crypto:sign(ecdsa, DigestType, DigestOrPlainText, ECDHKey);
%% Backwards compatible
sign(Digest, none, #'DSAPrivateKey'{} = Key) ->
@@ -457,15 +446,9 @@ verify(DigestOrPlainText, DigestType, Signature,
crypto:verify(rsa, DigestType, DigestOrPlainText, Signature,
[Exp, Mod]);
-verify(Digest, DigestType, Signature, Key = #'ECPrivateKey'{}) ->
- ECDHKey = format_ecdh_key(Key),
- ECKey = crypto:term_to_ec_key(ECDHKey),
- crypto:verify(ecdsa, DigestType, Digest, Signature, ECKey);
-
verify(DigestOrPlaintext, DigestType, Signature, Key = {#'ECPoint'{}, _}) ->
ECDHKey = format_ecdh_key(Key),
- ECKey = crypto:term_to_ec_key(ECDHKey),
- crypto:verify(ecdsa, DigestType, DigestOrPlaintext, Signature, ECKey);
+ crypto:verify(ecdsa, DigestType, DigestOrPlaintext, Signature, ECDHKey);
%% Backwards compatibility
verify(Digest, none, Signature, {_, #'Dss-Parms'{}} = Key ) ->
@@ -511,12 +494,7 @@ pkix_verify(DerCert, #'RSAPublicKey'{} = RSAKey)
{DigestType, PlainText, Signature} = pubkey_cert:verify_data(DerCert),
verify(PlainText, DigestType, Signature, RSAKey);
-pkix_verify(DerCert, #'ECPrivateKey'{} = ECKey)
- when is_binary(DerCert) ->
- {DigestType, PlainText, Signature} = pubkey_cert:verify_data(DerCert),
- verify(PlainText, DigestType, Signature, ECKey);
-
-pkix_verify(DerCert, Key = {'ECKey', _})
+pkix_verify(DerCert, Key = {#'ECPoint'{}, _})
when is_binary(DerCert) ->
{DigestType, PlainText, Signature} = pubkey_cert:verify_data(DerCert),
verify(PlainText, DigestType, Signature, Key).
diff --git a/lib/ssl/test/erl_make_certs.erl b/lib/ssl/test/erl_make_certs.erl
index f8d086513b..c0cf5005ed 100644
--- a/lib/ssl/test/erl_make_certs.erl
+++ b/lib/ssl/test/erl_make_certs.erl
@@ -409,9 +409,7 @@ int2list(I) ->
binary_to_list(<<I:(L*8)>>).
gen_ec2(CurveId) ->
- Key = crypto:ec_key_new(CurveId),
- crypto:ec_key_generate(Key),
- {_Curve, PrivKey, PubKey} = crypto:ec_key_to_term(Key),
+ {_Curve, PrivKey, PubKey} = crypto:ecdh_generate_key(CurveId),
#'ECPrivateKey'{version = 1,
privateKey = int2list(PrivKey),