diff options
author | Sverker Eriksson <[email protected]> | 2010-04-28 14:08:55 +0000 |
---|---|---|
committer | Erlang/OTP <[email protected]> | 2010-04-28 14:08:55 +0000 |
commit | 98226b13ccabb8e968b33a649aa175a7c48b0d3b (patch) | |
tree | af799d50426f0e516e7eba276dbd8ac3cf03050d /lib/crypto/src/crypto.erl | |
parent | df7bf3f81ef645f24110c5e4cdeaf78dca44f810 (diff) | |
download | otp-98226b13ccabb8e968b33a649aa175a7c48b0d3b.tar.gz otp-98226b13ccabb8e968b33a649aa175a7c48b0d3b.tar.bz2 otp-98226b13ccabb8e968b33a649aa175a7c48b0d3b.zip |
OTP-8333 Crypto using NIF's
crypto application changed to use NIFs instead of driver.
Diffstat (limited to 'lib/crypto/src/crypto.erl')
-rw-r--r-- | lib/crypto/src/crypto.erl | 497 |
1 files changed, 177 insertions, 320 deletions
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index 8cb750759f..5b1ce96caf 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -21,7 +21,7 @@ -module(crypto). --export([start/0, stop/0, info/0, info_lib/0]). +-export([start/0, stop/0, info/0, info_lib/0, version/0]). -export([md4/1, md4_init/0, md4_update/2, md4_final/1]). -export([md5/1, md5_init/0, md5_update/2, md5_final/1]). -export([sha/1, sha_init/0, sha_update/2, sha_final/1]). @@ -54,82 +54,6 @@ -export([dh_generate_parameters/2, dh_check/1]). %% Testing see below --define(INFO, 0). --define(MD5, 1). --define(MD5_INIT, 2). --define(MD5_UPDATE, 3). --define(MD5_FINAL, 4). --define(SHA, 5). --define(SHA_INIT, 6). --define(SHA_UPDATE, 7). --define(SHA_FINAL, 8). --define(MD5_MAC, 9). --define(MD5_MAC_96, 10). --define(SHA_MAC, 11). --define(SHA_MAC_96, 12). --define(DES_CBC_ENCRYPT, 13). --define(DES_CBC_DECRYPT, 14). --define(DES_EDE3_CBC_ENCRYPT, 15). --define(DES_EDE3_CBC_DECRYPT, 16). --define(AES_CFB_128_ENCRYPT, 17). --define(AES_CFB_128_DECRYPT, 18). --define(RAND_BYTES, 19). --define(RAND_UNIFORM, 20). --define(MOD_EXP, 21). --define(DSS_VERIFY, 22). --define(RSA_VERIFY_SHA, 23). -%-define(RSA_VERIFY_MD5, 35). --define(AES_CBC_128_ENCRYPT, 24). --define(AES_CBC_128_DECRYPT, 25). --define(XOR, 26). --define(RC4_ENCRYPT, 27). --define(RC4_SET_KEY, 28). --define(RC4_ENCRYPT_WITH_STATE, 29). --define(RC2_40_CBC_ENCRYPT, 30). --define(RC2_40_CBC_DECRYPT, 31). --define(AES_CBC_256_ENCRYPT, 32). --define(AES_CBC_256_DECRYPT, 33). --define(INFO_LIB,34). -%-define(RSA_VERIFY_SHA, 23). --define(RSA_VERIFY_MD5, 35). --define(RSA_SIGN_SHA, 36). --define(RSA_SIGN_MD5, 37). --define(DSS_SIGN, 38). --define(RSA_PUBLIC_ENCRYPT, 39). --define(RSA_PRIVATE_DECRYPT, 40). --define(RSA_PRIVATE_ENCRYPT, 41). --define(RSA_PUBLIC_DECRYPT, 42). --define(DH_GENERATE_PARAMS, 43). --define(DH_CHECK, 44). --define(DH_GENERATE_KEY, 45). --define(DH_COMPUTE_KEY, 46). --define(MD4, 47). --define(MD4_INIT, 48). --define(MD4_UPDATE, 49). --define(MD4_FINAL, 50). - -%% -define(SHA256, 51). -%% -define(SHA256_INIT, 52). -%% -define(SHA256_UPDATE, 53). -%% -define(SHA256_FINAL, 54). -%% -define(SHA512, 55). -%% -define(SHA512_INIT, 56). -%% -define(SHA512_UPDATE, 57). -%% -define(SHA512_FINAL, 58). - --define(BF_CFB64_ENCRYPT, 59). --define(BF_CFB64_DECRYPT, 60). --define(BF_ECB_ENCRYPT, 61). --define(BF_ECB_DECRYPT, 62). --define(BF_OFB64_ENCRYPT, 63). --define(BF_CBC_ENCRYPT, 64). --define(BF_CBC_DECRYPT, 65). - --define(DES_ECB_ENCRYPT, 66). --define(DES_ECB_DECRYPT, 67). - -%% -define(IDEA_CBC_ENCRYPT, 34). -%% -define(IDEA_CBC_DECRYPT, 35). -define(FUNC_LIST, [md4, md4_init, md4_update, md4_final, md5, md5_init, md5_update, md5_final, @@ -158,6 +82,44 @@ aes_cbc_256_encrypt, aes_cbc_256_decrypt, info_lib]). +-define(nif_stub,nif_stub_error(?LINE)). + +-on_load(on_load/0). + +-define(CRYPTO_NIF_VSN,101). + +on_load() -> + LibName = "crypto", + PrivDir = code:priv_dir(crypto), + Lib1 = filename:join([PrivDir, "lib", LibName]), + Status = case erlang:load_nif(Lib1, ?CRYPTO_NIF_VSN) of + ok -> ok; + {error, {load_failed, _}}=Error1 -> + LibDir2 = + filename:join([PrivDir, "lib", + erlang:system_info(system_architecture)]), + Candidate = + filelib:wildcard(filename:join([LibDir2,LibName ++ "*" ])), + case Candidate of + [] -> Error1; + _ -> + Lib2 = filename:join([LibDir2, LibName]), + erlang:load_nif(Lib2, ?CRYPTO_NIF_VSN) + end; + Error1 -> Error1 + end, + case Status of + ok -> ok; + {error, {E, Str}} -> + error_logger:error_msg("Unable to load crypto library. Failed with error:~n\"~p, ~s\"~n" + "OpenSSL might not be installed on this system.~n",[E,Str]), + Status + end. + + +nif_stub_error(Line) -> + erlang:error({nif_not_loaded,module,?MODULE,line,Line}). + start() -> application:start(crypto). @@ -165,15 +127,15 @@ stop() -> application:stop(crypto). info() -> - lists:map(fun(I) -> - lists:nth(I, ?FUNC_LIST) - end, binary_to_list(control(?INFO, []))). + ?FUNC_LIST. -info_lib() -> - <<_DrvVer:8, NameSize:8, Name:NameSize/binary, - VerNum:32, VerStr/binary>> = control(?INFO_LIB,[]), - [{Name,VerNum,VerStr}]. +info_lib() -> ?nif_stub. +%% Crypto app version history: +%% (no version): Driver implementation +%% 2.0 : NIF implementation, requires OTP R14 +version() -> ?CRYPTO_VSN. + %% Below Key and Data are binaries or IO-lists. IVec is a binary. %% Output is always a binary. Context is a binary. @@ -184,73 +146,27 @@ info_lib() -> %% %% MD5 %% -md5(Data) -> - control(?MD5, Data). - -md5_init() -> - control(?MD5_INIT, []). - -md5_update(Context, Data) -> - control(?MD5_UPDATE, [Context, Data]). - -md5_final(Context) -> - control(?MD5_FINAL, Context). +md5(_Data) -> ?nif_stub. +md5_init() -> ?nif_stub. +md5_update(_Context, _Data) -> ?nif_stub. +md5_final(_Context) -> ?nif_stub. %% %% MD4 %% -md4(Data) -> - control(?MD4, Data). - -md4_init() -> - control(?MD4_INIT, []). - -md4_update(Context, Data) -> - control(?MD4_UPDATE, [Context, Data]). - -md4_final(Context) -> - control(?MD4_FINAL, Context). +md4(_Data) -> ?nif_stub. +md4_init() -> ?nif_stub. +md4_update(_Context, _Data) -> ?nif_stub. +md4_final(_Context) -> ?nif_stub. %% %% SHA %% -sha(Data) -> - control(?SHA, Data). - -sha_init() -> - control(?SHA_INIT, []). - -sha_update(Context, Data) -> - control(?SHA_UPDATE, [Context, Data]). - -sha_final(Context) -> - control(?SHA_FINAL, Context). +sha(_Data) -> ?nif_stub. +sha_init() -> ?nif_stub. +sha_update(_Context, _Data) -> ?nif_stub. +sha_final(_Context) -> ?nif_stub. -%% sha256 and sha512 requires openssl-0.9.8 removed for now - -%% sha256(Data) -> -%% control(?SHA256, Data). - -%% sha256_init() -> -%% control(?SHA256_INIT, []). - -%% sha256_update(Context, Data) -> -%% control(?SHA256_UPDATE, [Context, Data]). - -%% sha256_final(Context) -> -%% control(?SHA256_FINAL, Context). - -%% sha512(Data) -> -%% control(?SHA512, Data). - -%% sha512_init() -> -%% control(?SHA512_INIT, []). - -%% sha512_update(Context, Data) -> -%% control(?SHA512_UPDATE, [Context, Data]). - -%% sha512_final(Context) -> -%% control(?SHA512_FINAL, Context). %% %% MESSAGE AUTHENTICATION CODES @@ -260,20 +176,24 @@ sha_final(Context) -> %% MD5_MAC %% md5_mac(Key, Data) -> - control_bin(?MD5_MAC, Key, Data). + md5_mac_n(Key,Data,16). md5_mac_96(Key, Data) -> - control_bin(?MD5_MAC_96, Key, Data). + md5_mac_n(Key,Data,12). +md5_mac_n(_Key,_Data,_MacSz) -> ?nif_stub. + %% %% SHA_MAC %% sha_mac(Key, Data) -> - control_bin(?SHA_MAC, Key, Data). + sha_mac_n(Key,Data,20). sha_mac_96(Key, Data) -> - control_bin(?SHA_MAC_96, Key, Data). + sha_mac_n(Key,Data,12). +sha_mac_n(_Key,_Data,_MacSz) -> ?nif_stub. + %% %% CRYPTO FUNCTIONS %% @@ -282,10 +202,12 @@ sha_mac_96(Key, Data) -> %% DES - in cipher block chaining mode (CBC) %% des_cbc_encrypt(Key, IVec, Data) -> - control(?DES_CBC_ENCRYPT, [Key, IVec, Data]). + des_cbc_crypt(Key, IVec, Data, true). des_cbc_decrypt(Key, IVec, Data) -> - control(?DES_CBC_DECRYPT, [Key, IVec, Data]). + des_cbc_crypt(Key, IVec, Data, false). + +des_cbc_crypt(_Key, _IVec, _Data, _IsEncrypt) -> ?nif_stub. %% %% dec_cbc_ivec(Data) -> binary() @@ -303,10 +225,10 @@ des_cbc_ivec(Data) when is_list(Data) -> %% DES - in electronic codebook mode (ECB) %% des_ecb_encrypt(Key, Data) -> - control(?DES_ECB_ENCRYPT, [Key, Data]). - + des_ecb_crypt(Key, Data, true). des_ecb_decrypt(Key, Data) -> - control(?DES_ECB_DECRYPT, [Key, Data]). + des_ecb_crypt(Key, Data, false). +des_ecb_crypt(_Key, _Data, _IsEncrypt) -> ?nif_stub. %% %% DES3 - in cipher block chaining mode (CBC) @@ -314,71 +236,64 @@ des_ecb_decrypt(Key, Data) -> des3_cbc_encrypt(Key1, Key2, Key3, IVec, Data) -> des_ede3_cbc_encrypt(Key1, Key2, Key3, IVec, Data). des_ede3_cbc_encrypt(Key1, Key2, Key3, IVec, Data) -> - %%io:format("des_ede3_cbc_encrypt: size(Data)=~p\n", [size(list_to_binary([Data]))]), - control(?DES_EDE3_CBC_ENCRYPT, [Key1, Key2, Key3, IVec, Data]). + des_ede3_cbc_crypt(Key1, Key2, Key3, IVec, Data, true). des3_cbc_decrypt(Key1, Key2, Key3, IVec, Data) -> des_ede3_cbc_decrypt(Key1, Key2, Key3, IVec, Data). des_ede3_cbc_decrypt(Key1, Key2, Key3, IVec, Data) -> - control(?DES_EDE3_CBC_DECRYPT, [Key1, Key2, Key3, IVec, Data]). + des_ede3_cbc_crypt(Key1, Key2, Key3, IVec, Data, false). + +des_ede3_cbc_crypt(_Key1, _Key2, _Key3, _IVec, _Data, _IsEncrypt) -> ?nif_stub. %% %% Blowfish %% -blowfish_ecb_encrypt(Key, Data) when byte_size(Data) >= 8 -> - control_bin(?BF_ECB_ENCRYPT, Key, list_to_binary([Data])). +blowfish_ecb_encrypt(Key, Data) -> + bf_ecb_crypt(Key,Data, true). -blowfish_ecb_decrypt(Key, Data) when byte_size(Data) >= 8 -> - control_bin(?BF_ECB_DECRYPT, Key, list_to_binary([Data])). +blowfish_ecb_decrypt(Key, Data) -> + bf_ecb_crypt(Key,Data, false). -blowfish_cbc_encrypt(Key, IVec, Data) when byte_size(Data) rem 8 =:= 0 -> - control_bin(?BF_CBC_ENCRYPT, Key, list_to_binary([IVec, Data])). +bf_ecb_crypt(_Key,_Data,_IsEncrypt) -> ?nif_stub. -blowfish_cbc_decrypt(Key, IVec, Data) when byte_size(Data) rem 8 =:= 0 -> - control_bin(?BF_CBC_DECRYPT, Key, list_to_binary([IVec, Data])). +blowfish_cbc_encrypt(Key, IVec, Data) -> + bf_cbc_crypt(Key,IVec,Data,true). -blowfish_cfb64_encrypt(Key, IVec, Data) when byte_size(IVec) =:= 8 -> - control_bin(?BF_CFB64_ENCRYPT, Key, list_to_binary([IVec, Data])). +blowfish_cbc_decrypt(Key, IVec, Data) -> + bf_cbc_crypt(Key,IVec,Data,false). -blowfish_cfb64_decrypt(Key, IVec, Data) when byte_size(IVec) =:= 8 -> - control_bin(?BF_CFB64_DECRYPT, Key, list_to_binary([IVec, Data])). +bf_cbc_crypt(_Key,_IVec,_Data,_IsEncrypt) -> ?nif_stub. -blowfish_ofb64_encrypt(Key, IVec, Data) when byte_size(IVec) =:= 8 -> - control_bin(?BF_OFB64_ENCRYPT, Key, list_to_binary([IVec, Data])). +blowfish_cfb64_encrypt(Key, IVec, Data) -> + bf_cfb64_crypt(Key, IVec, Data, true). + +blowfish_cfb64_decrypt(Key, IVec, Data) -> + bf_cfb64_crypt(Key, IVec, Data, false). + +bf_cfb64_crypt(_Key, _IVec, _Data, _IsEncrypt) -> ?nif_stub. + +blowfish_ofb64_encrypt(_Key, _IVec, _Data) -> ?nif_stub. %% %% AES in cipher feedback mode (CFB) %% aes_cfb_128_encrypt(Key, IVec, Data) -> - control(?AES_CFB_128_ENCRYPT, [Key, IVec, Data]). + aes_cfb_128_crypt(Key, IVec, Data, true). aes_cfb_128_decrypt(Key, IVec, Data) -> - control(?AES_CFB_128_DECRYPT, [Key, IVec, Data]). - + aes_cfb_128_crypt(Key, IVec, Data, false). -%% %% -%% %% IDEA - in cipher block chaining mode (CBC) -%% %% -%% idea_cbc_encrypt(Key, IVec, Data) -> -%% control(?IDEA_CBC_ENCRYPT, [Key, IVec, Data]). - -%% idea_cbc_decrypt(Key, IVec, Data) -> -%% control(?IDEA_CBC_DECRYPT, [Key, IVec, Data]). +aes_cfb_128_crypt(_Key, _IVec, _Data, _IsEncrypt) -> ?nif_stub. %% %% RAND - pseudo random numbers using RN_ functions in crypto lib %% - -rand_bytes(Bytes) -> - rand_bytes(Bytes, 0, 0). -rand_bytes(Bytes, Topmask, Bottommask) -> - control(?RAND_BYTES,[<<Bytes:32/integer, - Topmask:8/integer, - Bottommask:8/integer>>]). +rand_bytes(_Bytes) -> ?nif_stub. +rand_bytes(_Bytes, _Topmask, _Bottommask) -> ?nif_stub. rand_uniform(From,To) when is_binary(From), is_binary(To) -> - case control(?RAND_UNIFORM,[From,To]) of + case rand_uniform_nif(From,To) of <<Len:32/integer, MSB, Rest/binary>> when MSB > 127 -> <<(Len + 1):32/integer, 0, MSB, Rest/binary>>; Whatever -> @@ -394,6 +309,8 @@ rand_uniform(From,To) when is_integer(From),is_integer(To) -> Other end. +rand_uniform_nif(_From,_To) -> ?nif_stub. + %% %% mod_exp - utility for rsa generation %% @@ -402,55 +319,51 @@ mod_exp(Base, Exponent, Modulo) erlint(mod_exp(mpint(Base), mpint(Exponent), mpint(Modulo))); mod_exp(Base, Exponent, Modulo) -> - case control(?MOD_EXP,[Base,Exponent,Modulo]) of + case mod_exp_nif(Base,Exponent,Modulo) of <<Len:32/integer, MSB, Rest/binary>> when MSB > 127 -> <<(Len + 1):32/integer, 0, MSB, Rest/binary>>; Whatever -> Whatever end. +mod_exp_nif(_Base,_Exp,_Mod) -> ?nif_stub. + %% %% DSS, RSA - verify %% %% Key = [P,Q,G,Y] P,Q,G=DSSParams Y=PublicKey -dss_verify(Data,Signature,Key) -> - control(?DSS_VERIFY, [Data,Signature,Key]) == <<1>>. +dss_verify(_Data,_Signature,_Key) -> ?nif_stub. % Key = [E,N] E=PublicExponent N=PublicModulus rsa_verify(Data,Signature,Key) -> rsa_verify(sha, Data,Signature,Key). -rsa_verify(Type,Data,Signature,Key) -> - control(rsa_verify_digest_type(Type), [Data,Signature,Key]) == <<1>>. +rsa_verify(_Type,_Data,_Signature,_Key) -> ?nif_stub. -rsa_verify_digest_type(md5) -> ?RSA_VERIFY_MD5; -rsa_verify_digest_type(sha) -> ?RSA_VERIFY_SHA; -rsa_verify_digest_type(Bad) -> erlang:error(badarg, [Bad]). %% %% DSS, RSA - sign %% %% Key = [P,Q,G,X] P,Q,G=DSSParams X=PrivateKey dss_sign(Data, Key) -> - <<Ret:8, Signature/binary>> = control(?DSS_SIGN, [Data,Key]), - case Ret of - 1 -> Signature; - 0 -> erlang:error(badkey, [Data, Key]) + case dss_sign_nif(Data,Key) of + error -> erlang:error(badkey, [Data, Key]); + Sign -> Sign end. +dss_sign_nif(_Data,_Key) -> ?nif_stub. + %% Key = [E,N,D] E=PublicExponent N=PublicModulus D=PrivateExponent rsa_sign(Data,Key) -> rsa_sign(sha, Data, Key). rsa_sign(Type, Data, Key) -> - <<Ret:8, Signature/binary>> = control(rsa_sign_digest_type(Type), [Data,Key]), - case Ret of - 1 -> Signature; - 0 -> erlang:error(badkey, [Type,Data,Key]) + case rsa_sign_nif(Type,Data,Key) of + error -> erlang:error(badkey, [Type,Data,Key]); + Sign -> Sign end. -rsa_sign_digest_type(md5) -> ?RSA_SIGN_MD5; -rsa_sign_digest_type(sha) -> ?RSA_SIGN_SHA; -rsa_sign_digest_type(Bad) -> erlang:error(badarg, [Bad]). +rsa_sign_nif(_Type,_Data,_Key) -> ?nif_stub. + %% %% rsa_public_encrypt @@ -458,48 +371,39 @@ rsa_sign_digest_type(Bad) -> erlang:error(badarg, [Bad]). %% Binary, Key = [E,N] rsa_public_encrypt(BinMesg, Key, Padding) -> - Size = iolist_size(BinMesg), - <<Ret:8, Signature/binary>> = - control(?RSA_PUBLIC_ENCRYPT, [<<Size:32>>,BinMesg,Key,rsa_pad(Padding)]), - case Ret of - 1 -> Signature; - 0 -> erlang:error(encrypt_failed, [BinMesg,Key, Padding]) - end. + case rsa_public_crypt(BinMesg, Key, Padding, true) of + error -> + erlang:error(encrypt_failed, [BinMesg,Key, Padding]); + Sign -> Sign + end. + +rsa_public_crypt(_BinMsg, _Key, _Padding, _IsEncrypt) -> ?nif_stub. %% Binary, Key = [E,N,D] rsa_private_decrypt(BinMesg, Key, Padding) -> - Size = iolist_size(BinMesg), - <<Ret:8, Signature/binary>> = - control(?RSA_PRIVATE_DECRYPT, [<<Size:32>>,BinMesg,Key,rsa_pad(Padding)]), - case Ret of - 1 -> Signature; - 0 -> erlang:error(decrypt_failed, [BinMesg,Key, Padding]) - end. - -rsa_pad(rsa_pkcs1_padding) -> 1; -rsa_pad(rsa_pkcs1_oaep_padding) -> 2; -%% rsa_pad(rsa_sslv23_padding) -> 3; -rsa_pad(rsa_no_padding) -> 0; -rsa_pad(Bad) -> erlang:error(badarg, [Bad]). + case rsa_private_crypt(BinMesg, Key, Padding, false) of + error -> + erlang:error(decrypt_failed, [BinMesg,Key, Padding]); + Sign -> Sign + end. + +rsa_private_crypt(_BinMsg, _Key, _Padding, _IsEncrypt) -> ?nif_stub. + %% Binary, Key = [E,N,D] rsa_private_encrypt(BinMesg, Key, Padding) -> - Size = iolist_size(BinMesg), - <<Ret:8, Signature/binary>> = - control(?RSA_PRIVATE_ENCRYPT, [<<Size:32>>,BinMesg,Key,rsa_pad(Padding)]), - case Ret of - 1 -> Signature; - 0 -> erlang:error(encrypt_failed, [BinMesg,Key, Padding]) - end. + case rsa_private_crypt(BinMesg, Key, Padding, true) of + error -> + erlang:error(encrypt_failed, [BinMesg,Key, Padding]); + Sign -> Sign + end. %% Binary, Key = [E,N] rsa_public_decrypt(BinMesg, Key, Padding) -> - Size = iolist_size(BinMesg), - <<Ret:8, Signature/binary>> = - control(?RSA_PUBLIC_DECRYPT, [<<Size:32>>,BinMesg,Key,rsa_pad(Padding)]), - case Ret of - 1 -> Signature; - 0 -> erlang:error(decrypt_failed, [BinMesg,Key, Padding]) + case rsa_public_crypt(BinMesg, Key, Padding, false) of + error -> + erlang:error(decrypt_failed, [BinMesg,Key, Padding]); + Sign -> Sign end. %% @@ -507,16 +411,18 @@ rsa_public_decrypt(BinMesg, Key, Padding) -> %% aes_cbc_128_encrypt(Key, IVec, Data) -> - control(?AES_CBC_128_ENCRYPT, [Key, IVec, Data]). + aes_cbc_crypt(Key, IVec, Data, true). aes_cbc_128_decrypt(Key, IVec, Data) -> - control(?AES_CBC_128_DECRYPT, [Key, IVec, Data]). + aes_cbc_crypt(Key, IVec, Data, false). aes_cbc_256_encrypt(Key, IVec, Data) -> - control(?AES_CBC_256_ENCRYPT, [Key, IVec, Data]). + aes_cbc_crypt(Key, IVec, Data, true). aes_cbc_256_decrypt(Key, IVec, Data) -> - control(?AES_CBC_256_DECRYPT, [Key, IVec, Data]). + aes_cbc_crypt(Key, IVec, Data, false). + +aes_cbc_crypt(_Key, _IVec, _Data, _IsEncrypt) -> ?nif_stub. %% %% aes_cbc_ivec(Data) -> binary() @@ -537,31 +443,25 @@ aes_cbc_ivec(Data) when is_list(Data) -> %% NB doesn't check that they are the same size, just concatenates %% them and sends them to the driver %% -exor(A, B) -> - control(?XOR, [A, B]). +exor(_A, _B) -> ?nif_stub. %% %% RC4 - symmetric stream cipher %% -rc4_encrypt(Key, Data) -> - control_bin(?RC4_ENCRYPT, Key, Data). - -rc4_set_key(Key) -> - control(?RC4_SET_KEY, Key). - -rc4_encrypt_with_state(State, Data) -> - <<Sz:32/integer-big-unsigned, S:Sz/binary, D/binary>> = - control_bin(?RC4_ENCRYPT_WITH_STATE, State, Data), - {S, D}. +rc4_encrypt(_Key, _Data) -> ?nif_stub. +rc4_set_key(_Key) -> ?nif_stub. +rc4_encrypt_with_state(_State, _Data) -> ?nif_stub. %% %% RC2 - 40 bits block cipher %% rc2_40_cbc_encrypt(Key, IVec, Data) -> - control(?RC2_40_CBC_ENCRYPT, [Key, IVec, Data]). + rc2_40_cbc_crypt(Key,IVec,Data,true). rc2_40_cbc_decrypt(Key, IVec, Data) -> - control(?RC2_40_CBC_DECRYPT, [Key, IVec, Data]). + rc2_40_cbc_crypt(Key,IVec,Data,false). + +rc2_40_cbc_crypt(_Key, _IVec, _Data, _IsEncrypt) -> ?nif_stub. %% %% DH Diffie-Hellman functions @@ -576,87 +476,44 @@ rc2_40_cbc_decrypt(Key, IVec, Data) -> %% %% usage: dh_generate_parameters(1024, 2 or 5) -> %% [Prime=mpint(), SharedGenerator=mpint()] -dh_generate_parameters(PrimeLen, Generator) - when is_integer(PrimeLen), is_integer(Generator) -> - case control(?DH_GENERATE_PARAMS, <<PrimeLen:32, Generator:32>>) of - <<0:8, _/binary>> -> - erlang:error(generation_failed, [PrimeLen,Generator]); - <<1:8, PLen0:32, _:PLen0/binary, GLen0:32,_:GLen0/binary>> = Bin -> - PLen = PLen0+4, - GLen = GLen0+4, - <<_:8, PBin:PLen/binary,GBin:GLen/binary>> = Bin, - [PBin, GBin] - end. +dh_generate_parameters(PrimeLen, Generator) -> + case dh_generate_parameters_nif(PrimeLen, Generator) of + error -> erlang:error(generation_failed, [PrimeLen,Generator]); + Ret -> Ret + end. + +dh_generate_parameters_nif(_PrimeLen, _Generator) -> ?nif_stub. %% Checks that the DHParameters are ok. %% DHParameters = [P (Prime)= mpint(), G(Generator) = mpint()] -dh_check(DHParameters) -> - case control(?DH_CHECK, DHParameters) of - <<0:32>> -> ok; - <<_:24,_:1,_:1,_:1,1:1>> -> not_prime; - <<_:24,_:1,_:1,1:1,0:1>> -> not_strong_prime; - <<_:24,_:1,1:1,0:1,0:1>> -> unable_to_check_generator; - <<_:24,1:1,0:1,0:1,0:1>> -> not_suitable_generator; - <<16#FFFF:32>> -> {error, check_failed}; - <<X:32>> -> {unknown, X} - end. +dh_check([_Prime,_Gen]) -> ?nif_stub. %% DHParameters = [P (Prime)= mpint(), G(Generator) = mpint()] %% PrivKey = mpint() dh_generate_key(DHParameters) -> - dh_generate_key(<<0:32>>, DHParameters). + dh_generate_key(undefined, DHParameters). dh_generate_key(PrivateKey, DHParameters) -> - case control(?DH_GENERATE_KEY, [PrivateKey, DHParameters]) of - <<0:8, _/binary>> -> - erlang:error(generation_failed, [PrivateKey,DHParameters]); - Bin = <<1:8, PubLen0:32, _:PubLen0/binary, PrivLen0:32, _:PrivLen0/binary>> -> - PubLen = PubLen0+4, - PrivLen = PrivLen0+4, - <<_:8, PubBin:PubLen/binary,PrivBin:PrivLen/binary>> = Bin, - {PubBin, PrivBin} + case dh_generate_key_nif(PrivateKey, DHParameters) of + error -> erlang:error(generation_failed, [PrivateKey,DHParameters]); + Res -> Res end. +dh_generate_key_nif(_PrivateKey, _DHParameters) -> ?nif_stub. + %% DHParameters = [P (Prime)= mpint(), G(Generator) = mpint()] %% MyPrivKey, OthersPublicKey = mpint() dh_compute_key(OthersPublicKey, MyPrivateKey, DHParameters) -> - case control(?DH_COMPUTE_KEY, [OthersPublicKey, MyPrivateKey, DHParameters]) of - <<0:8, _/binary>> -> - erlang:error(computation_failed, [OthersPublicKey,MyPrivateKey,DHParameters]); - <<1:8, Binary/binary>> -> Binary + case dh_compute_key_nif(OthersPublicKey,MyPrivateKey,DHParameters) of + error -> erlang:error(computation_failed, [OthersPublicKey,MyPrivateKey,DHParameters]); + Ret -> Ret end. +dh_compute_key_nif(_OthersPublicKey, _MyPrivateKey, _DHParameters) -> ?nif_stub. + %% %% LOCAL FUNCTIONS %% -control_bin(Cmd, Key, Data) -> - Sz = iolist_size(Key), - control(Cmd, [<<Sz:32/integer-unsigned>>, Key, Data]). - -control(Cmd, Data) -> - Port = crypto_server:client_port(), - erlang:port_control(Port, Cmd, Data). - - -%% sizehdr(N) -> -%% [(N bsr 24) band 255, -%% (N bsr 16) band 255, -%% (N bsr 8) band 255, -%% N band 255]. - -%% Flat length of IOlist (or binary) -%% flen(L) when binary(L) -> -%% size(L); -%% flen(L) -> -%% flen(L, 0). - -%% flen([H| T], N) when list(H) -> -%% flen(H, flen(T, N)); -%% flen([H| T], N) when binary(H) -> -%% flen(T, N + size(H)); -%% flen([H| T], N) when integer(H), 0 =< H, H =< 255 -> -%% flen(T, N + 1); -%% flen([], N) -> -%% N. + %% large integer in a binary with 32bit length %% MP representaion (SSH2) |