aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto
diff options
context:
space:
mode:
authorMagnus Henoch <[email protected]>2016-09-12 15:48:01 +0100
committerMagnus Henoch <[email protected]>2016-09-28 15:09:42 +0100
commit275224b036c1713bd3162484d17b160ca8203116 (patch)
tree6871f69e967d9e151666d3d258d2a9e6987497cc /lib/crypto
parent481be8b29d75570cf2b60f86f2e4ead79ceea2bb (diff)
downloadotp-275224b036c1713bd3162484d17b160ca8203116.tar.gz
otp-275224b036c1713bd3162484d17b160ca8203116.tar.bz2
otp-275224b036c1713bd3162484d17b160ca8203116.zip
Filter elliptic curves depending on FIPS mode
Adapted from commit 675ee6860d2c273bcc6c6a0536634a107e2a3d9f.
Diffstat (limited to 'lib/crypto')
-rw-r--r--lib/crypto/src/crypto_ec_curves.erl25
1 files changed, 16 insertions, 9 deletions
diff --git a/lib/crypto/src/crypto_ec_curves.erl b/lib/crypto/src/crypto_ec_curves.erl
index 002b03b80c..9602a7e24b 100644
--- a/lib/crypto/src/crypto_ec_curves.erl
+++ b/lib/crypto/src/crypto_ec_curves.erl
@@ -7,29 +7,36 @@ curves() ->
PubKeys = proplists:get_value(public_keys, CryptoSupport),
HasEC = proplists:get_bool(ecdh, PubKeys),
HasGF2m = proplists:get_bool(ec_gf2m, PubKeys),
- prime_curves(HasEC) ++ characteristic_two_curves(HasGF2m).
+ FIPSMode = crypto:info_fips() == enabled,
+ prime_curves(HasEC, FIPSMode) ++ characteristic_two_curves(HasGF2m, FIPSMode).
-prime_curves(true) ->
- [secp112r1,secp112r2,secp128r1,secp128r2,secp160k1,secp160r1,secp160r2,
+prime_curves(true, true) ->
+ [secp160k1,secp160r1,secp160r2,
secp192r1,secp192k1,secp224k1,secp224r1,secp256k1,secp256r1,secp384r1,
secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,
- prime256v1,wtls6,wtls7,wtls8,wtls9,wtls12,
+ prime256v1,wtls7,wtls9,wtls12,
brainpoolP160r1,brainpoolP160t1,brainpoolP192r1,brainpoolP192t1,
brainpoolP224r1,brainpoolP224t1,brainpoolP256r1,brainpoolP256t1,
brainpoolP320r1,brainpoolP320t1,brainpoolP384r1,brainpoolP384t1,
brainpoolP512r1,brainpoolP512t1];
-prime_curves(_) ->
+prime_curves(true, false) ->
+ [secp112r1,secp112r2,secp128r1,secp128r2,wtls6,wtls8]
+ ++ prime_curves(true, true);
+prime_curves(_, _) ->
[].
-characteristic_two_curves(true) ->
- [sect113r1,sect113r2,sect131r1,sect131r2,sect163k1,sect163r1,
+characteristic_two_curves(true, true) ->
+ [sect163k1,sect163r1,
sect163r2,sect193r1,sect193r2,sect233k1,sect233r1,sect239k1,sect283k1,
sect283r1,sect409k1,sect409r1,sect571k1,sect571r1,c2pnb163v1,c2pnb163v2,
c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,
c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359v1,c2pnb368w1,c2tnb431r1,
- wtls1,wtls3,wtls4,wtls5,wtls10,wtls11,ipsec3,ipsec4];
-characteristic_two_curves(_) ->
+ wtls3,wtls5,wtls10,wtls11];
+characteristic_two_curves(true, _) ->
+ [sect113r1,sect113r2,sect131r1,sect131r2,wtls1,wtls4,ipsec3,ipsec4]
+ ++ characteristic_two_curves(true, true);
+characteristic_two_curves(_, _) ->
[].
curve(secp112r1) ->