aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto
diff options
context:
space:
mode:
authorHans Nilsson <[email protected]>2019-06-03 12:40:52 +0200
committerHans Nilsson <[email protected]>2019-06-14 13:33:07 +0200
commit45fe2d9fa1f9997bbdf6f50ef721f42204c812f0 (patch)
tree23639eec30599e20e92ab9a5d353571cd3d4c196 /lib/crypto
parent5d57c28fdab9f7552da47bc9b7d59926953705c9 (diff)
downloadotp-45fe2d9fa1f9997bbdf6f50ef721f42204c812f0.tar.gz
otp-45fe2d9fa1f9997bbdf6f50ef721f42204c812f0.tar.bz2
otp-45fe2d9fa1f9997bbdf6f50ef721f42204c812f0.zip
crypto: Use new mac_nif for hmac, cmac and poly1305
Diffstat (limited to 'lib/crypto')
-rw-r--r--lib/crypto/c_src/Makefile.in2
-rw-r--r--lib/crypto/c_src/cmac.c88
-rw-r--r--lib/crypto/c_src/cmac.h28
-rw-r--r--lib/crypto/c_src/crypto.c7
-rw-r--r--lib/crypto/c_src/hmac.c55
-rw-r--r--lib/crypto/c_src/hmac.h1
-rw-r--r--lib/crypto/c_src/poly1305.c90
-rw-r--r--lib/crypto/c_src/poly1305.h28
-rw-r--r--lib/crypto/src/crypto.erl46
9 files changed, 21 insertions, 324 deletions
diff --git a/lib/crypto/c_src/Makefile.in b/lib/crypto/c_src/Makefile.in
index 35ded001d6..6e173f8619 100644
--- a/lib/crypto/c_src/Makefile.in
+++ b/lib/crypto/c_src/Makefile.in
@@ -79,7 +79,6 @@ CRYPTO_OBJS = $(OBJDIR)/crypto$(TYPEMARKER).o \
$(OBJDIR)/atoms$(TYPEMARKER).o \
$(OBJDIR)/bn$(TYPEMARKER).o \
$(OBJDIR)/cipher$(TYPEMARKER).o \
- $(OBJDIR)/cmac$(TYPEMARKER).o \
$(OBJDIR)/dh$(TYPEMARKER).o \
$(OBJDIR)/digest$(TYPEMARKER).o \
$(OBJDIR)/dss$(TYPEMARKER).o \
@@ -95,7 +94,6 @@ CRYPTO_OBJS = $(OBJDIR)/crypto$(TYPEMARKER).o \
$(OBJDIR)/mac$(TYPEMARKER).o \
$(OBJDIR)/math$(TYPEMARKER).o \
$(OBJDIR)/pkey$(TYPEMARKER).o \
- $(OBJDIR)/poly1305$(TYPEMARKER).o \
$(OBJDIR)/rand$(TYPEMARKER).o \
$(OBJDIR)/rsa$(TYPEMARKER).o \
$(OBJDIR)/srp$(TYPEMARKER).o
diff --git a/lib/crypto/c_src/cmac.c b/lib/crypto/c_src/cmac.c
deleted file mode 100644
index 49e67ccf29..0000000000
--- a/lib/crypto/c_src/cmac.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * %CopyrightBegin%
- *
- * Copyright Ericsson AB 2010-2018. All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * %CopyrightEnd%
- */
-
-#include "cmac.h"
-#include "cipher.h"
-
-ERL_NIF_TERM cmac_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
-{/* (Type, Key, Data) */
-#if defined(HAVE_CMAC)
- const struct cipher_type_t *cipherp;
- const EVP_CIPHER *cipher;
- CMAC_CTX *ctx = NULL;
- ErlNifBinary key;
- ErlNifBinary data;
- ERL_NIF_TERM ret;
- size_t ret_size;
- unsigned char *outp;
- int cipher_len;
-
- ASSERT(argc == 3);
-
- if (!enif_inspect_iolist_as_binary(env, argv[1], &key))
- goto bad_arg;
- if ((cipherp = get_cipher_type(argv[0], key.size)) == NULL)
- goto bad_arg;
- if (cipherp->flags & (NON_EVP_CIPHER | AEAD_CIPHER))
- goto bad_arg;
- if (!enif_inspect_iolist_as_binary(env, argv[2], &data))
- goto bad_arg;
-
- if (FORBIDDEN_IN_FIPS(cipherp))
- return enif_raise_exception(env, atom_notsup);
- if ((cipher = cipherp->cipher.p) == NULL)
- return enif_raise_exception(env, atom_notsup);
-
- if ((ctx = CMAC_CTX_new()) == NULL)
- goto err;
- if (!CMAC_Init(ctx, key.data, key.size, cipher, NULL))
- goto err;
- if (!CMAC_Update(ctx, data.data, data.size))
- goto err;
- if ((cipher_len = EVP_CIPHER_block_size(cipher)) < 0)
- goto err;
- if ((outp = enif_make_new_binary(env, (size_t)cipher_len, &ret)) == NULL)
- goto err;
- if (!CMAC_Final(ctx, outp, &ret_size))
- goto err;
-
- ASSERT(ret_size == (unsigned)EVP_CIPHER_block_size(cipher));
- CONSUME_REDS(env, data);
- goto done;
-
- bad_arg:
- return enif_make_badarg(env);
-
- err:
- ret = atom_notsup;
-
- done:
- if (ctx)
- CMAC_CTX_free(ctx);
- return ret;
-
-#else
- /* The CMAC functionality was introduced in OpenSSL 1.0.1
- * Although OTP requires at least version 0.9.8, the versions 0.9.8 and 1.0.0 are
- * no longer maintained. */
- return atom_notsup;
-#endif
-}
-
diff --git a/lib/crypto/c_src/cmac.h b/lib/crypto/c_src/cmac.h
deleted file mode 100644
index 14488def58..0000000000
--- a/lib/crypto/c_src/cmac.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * %CopyrightBegin%
- *
- * Copyright Ericsson AB 2010-2018. All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * %CopyrightEnd%
- */
-
-#ifndef E_CMAC_H__
-#define E_CMAC_H__ 1
-
-#include "common.h"
-
-ERL_NIF_TERM cmac_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
-
-#endif /* E_CMAC_H__ */
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 7cdc95a841..ab6907f828 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -31,7 +31,6 @@
#include "api_ng.h"
#include "bn.h"
#include "cipher.h"
-#include "cmac.h"
#include "mac.h"
#include "dh.h"
#include "digest.h"
@@ -47,7 +46,6 @@
#include "info.h"
#include "math.h"
#include "pkey.h"
-#include "poly1305.h"
#include "rand.h"
#include "rsa.h"
#include "srp.h"
@@ -75,13 +73,10 @@ static ErlNifFunc nif_funcs[] = {
{"hash_init_nif", 1, hash_init_nif, 0},
{"hash_update_nif", 2, hash_update_nif, 0},
{"hash_final_nif", 1, hash_final_nif, 0},
- {"hmac_nif", 3, hmac_nif, 0},
- {"hmac_nif", 4, hmac_nif, 0},
{"hmac_init_nif", 2, hmac_init_nif, 0},
{"hmac_update_nif", 2, hmac_update_nif, 0},
{"hmac_final_nif", 1, hmac_final_nif, 0},
{"hmac_final_nif", 2, hmac_final_nif, 0},
- {"cmac_nif", 3, cmac_nif, 0},
{"mac_nif", 4, mac_nif, 0},
{"cipher_info_nif", 1, cipher_info_nif, 0},
{"aes_ige_crypt_nif", 4, aes_ige_crypt_nif, 0},
@@ -114,8 +109,6 @@ static ErlNifFunc nif_funcs[] = {
{"aead_cipher", 7, aead_cipher, 0},
- {"poly1305_nif", 2, poly1305_nif, 0},
-
{"engine_by_id_nif", 1, engine_by_id_nif, 0},
{"engine_init_nif", 1, engine_init_nif, 0},
{"engine_finish_nif", 1, engine_finish_nif, 0},
diff --git a/lib/crypto/c_src/hmac.c b/lib/crypto/c_src/hmac.c
index ff7005d75e..060ad6230f 100644
--- a/lib/crypto/c_src/hmac.c
+++ b/lib/crypto/c_src/hmac.c
@@ -47,61 +47,6 @@ int init_hmac_ctx(ErlNifEnv *env) {
return 0;
}
-ERL_NIF_TERM hmac_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
-{/* (Type, Key, Data) or (Type, Key, Data, MacSize) */
- struct digest_type_t *digp = NULL;
- ErlNifBinary key, data;
- unsigned char buff[EVP_MAX_MD_SIZE];
- unsigned size = 0, req_size = 0;
- ERL_NIF_TERM ret;
- unsigned char *outp;
-
- ASSERT(argc == 3 || argc == 4);
-
- if ((digp = get_digest_type(argv[0])) == NULL)
- goto bad_arg;
- if (!enif_inspect_iolist_as_binary(env, argv[1], &key))
- goto bad_arg;
- if (key.size > INT_MAX)
- goto bad_arg;
- if (!enif_inspect_iolist_as_binary(env, argv[2], &data))
- goto bad_arg;
- if (argc == 4) {
- if (!enif_get_uint(env, argv[3], &req_size))
- goto bad_arg;
- }
-
- if (digp->md.p == NULL)
- goto err;
- if (HMAC(digp->md.p,
- key.data, (int)key.size,
- data.data, data.size,
- buff, &size) == NULL)
- goto err;
-
- ASSERT(0 < size && size <= EVP_MAX_MD_SIZE);
- CONSUME_REDS(env, data);
-
- if (argc == 4) {
- if (req_size > size)
- goto bad_arg;
-
- size = req_size;
- }
-
- if ((outp = enif_make_new_binary(env, size, &ret)) == NULL)
- goto err;
-
- memcpy(outp, buff, size);
- return ret;
-
- bad_arg:
- return enif_make_badarg(env);
-
- err:
- return atom_notsup;
-}
-
static void hmac_context_dtor(ErlNifEnv* env, struct hmac_context *obj)
{
if (obj == NULL)
diff --git a/lib/crypto/c_src/hmac.h b/lib/crypto/c_src/hmac.h
index 1f0e0ca632..01c6d3d226 100644
--- a/lib/crypto/c_src/hmac.h
+++ b/lib/crypto/c_src/hmac.h
@@ -25,7 +25,6 @@
int init_hmac_ctx(ErlNifEnv *env);
-ERL_NIF_TERM hmac_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
ERL_NIF_TERM hmac_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
ERL_NIF_TERM hmac_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
ERL_NIF_TERM hmac_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
diff --git a/lib/crypto/c_src/poly1305.c b/lib/crypto/c_src/poly1305.c
deleted file mode 100644
index 76579c0a29..0000000000
--- a/lib/crypto/c_src/poly1305.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * %CopyrightBegin%
- *
- * Copyright Ericsson AB 2010-2018. All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * %CopyrightEnd%
- */
-
-#include "poly1305.h"
-
-/* For OpenSSL >= 1.1.1 the hmac_nif and cmac_nif could be integrated into poly1305 (with 'type' as parameter) */
-ERL_NIF_TERM poly1305_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
-{/* (Key, Text) */
-#ifdef HAVE_POLY1305
- ErlNifBinary key_bin, text, ret_bin;
- ERL_NIF_TERM ret;
- EVP_PKEY *key = NULL;
- EVP_MD_CTX *mctx = NULL;
- EVP_PKEY_CTX *pctx = NULL;
- const EVP_MD *md = NULL;
- size_t size;
- int ret_bin_alloc = 0;
-
- ASSERT(argc == 2);
-
- if (!enif_inspect_binary(env, argv[0], &key_bin))
- goto bad_arg;
- if (key_bin.size != 32)
- goto bad_arg;
- if (!enif_inspect_binary(env, argv[1], &text))
- goto bad_arg;
-
- if ((key = EVP_PKEY_new_raw_private_key(EVP_PKEY_POLY1305, /*engine*/ NULL, key_bin.data, key_bin.size)) == NULL)
- goto err;
-
- if ((mctx = EVP_MD_CTX_new()) == NULL)
- goto err;
- if (EVP_DigestSignInit(mctx, &pctx, md, /*engine*/ NULL, key) != 1)
- goto err;
- if (EVP_DigestSignUpdate(mctx, text.data, text.size) != 1)
- goto err;
-
- if (EVP_DigestSignFinal(mctx, NULL, &size) != 1)
- goto err;
- if (!enif_alloc_binary(size, &ret_bin))
- goto err;
- ret_bin_alloc = 1;
- if (EVP_DigestSignFinal(mctx, ret_bin.data, &size) != 1)
- goto err;
-
- if (size != ret_bin.size) {
- if (!enif_realloc_binary(&ret_bin, size))
- goto err;
- }
-
- ret = enif_make_binary(env, &ret_bin);
- ret_bin_alloc = 0;
- goto done;
-
- bad_arg:
- return enif_make_badarg(env);
-
- err:
- if (ret_bin_alloc)
- enif_release_binary(&ret_bin);
- ret = atom_error;
-
- done:
- if (mctx)
- EVP_MD_CTX_free(mctx);
- if (key)
- EVP_PKEY_free(key);
- return ret;
-
-#else
- return enif_raise_exception(env, atom_notsup);
-#endif
-}
diff --git a/lib/crypto/c_src/poly1305.h b/lib/crypto/c_src/poly1305.h
deleted file mode 100644
index 4bf45e6218..0000000000
--- a/lib/crypto/c_src/poly1305.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * %CopyrightBegin%
- *
- * Copyright Ericsson AB 2010-2018. All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * %CopyrightEnd%
- */
-
-#ifndef E_POLY1305_H__
-#define E_POLY1305_H__ 1
-
-#include "common.h"
-
-ERL_NIF_TERM poly1305_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
-
-#endif /* E_POLY1305_H__ */
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index fd4b9df5e0..d2a5786be8 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -458,6 +458,19 @@
%%--------------------------------------------------------------------
+%%
+%% Make the new descriptive_error() look like the old run_time_error()
+%%
+-define(COMPAT(CALL),
+ try begin CALL end
+ catch
+ error:{error, {_File,_Line}, _Reason} ->
+ error(badarg);
+ error:{E, {_File,_Line}, _Reason} when E==notsup ; E==badarg ->
+ error(E)
+ end).
+
+%%--------------------------------------------------------------------
-compile(no_native).
-on_load(on_load/0).
-define(CRYPTO_NIF_VSN,302).
@@ -685,7 +698,7 @@ hmac_final_n(Context, HashLen) ->
Data :: iodata(),
Mac :: binary().
cmac(Type, Key, Data) ->
- notsup_to_error(cmac_nif(alias(Type), Key, Data)).
+ ?COMPAT(mac(cmac, alias(Type), Key, Data)).
-spec cmac(Type, Key, Data, MacLength) ->
Mac when Type :: ?CMAC_CIPHER_ALGORITHM,
@@ -702,7 +715,7 @@ cmac(Type, Key, Data, MacLength) ->
-spec poly1305(iodata(), iodata()) -> Mac when Mac :: binary().
poly1305(Key, Data) ->
- poly1305_nif(Key, Data).
+ ?COMPAT( mac(poly1305, Key, Data) ).
%%%================================================================
%%%
@@ -710,15 +723,6 @@ poly1305(Key, Data) ->
%%%
%%%================================================================
--define(COMPAT(CALL),
- try begin CALL end
- catch
- error:{error, {_File,_Line}, _Reason} ->
- error(badarg);
- error:{E, {_File,_Line}, _Reason} when E==notsup ; E==badarg ->
- error(E)
- end).
-
%%%---- Cipher info
%%%----------------------------------------------------------------
-spec cipher_info(Type) -> Result | run_time_error()
@@ -2259,11 +2263,12 @@ hash_final_nif(_State) -> ?nif_stub.
%% HMAC --------------------------------------------------------------------
hmac(Type, Key, Data, MacSize, Size, MaxBytes) when Size =< MaxBytes ->
- notsup_to_error(
- case MacSize of
- undefined -> hmac_nif(Type, Key, Data);
- _ -> hmac_nif(Type, Key, Data, MacSize)
- end);
+ ?COMPAT(
+ case MacSize of
+ undefined -> mac(hmac, Type, Key, Data);
+ _ -> mac(hmac, Type, Key, Data, MacSize)
+ end
+ );
hmac(Type, Key, Data, MacSize, Size, MaxBytes) ->
State0 = hmac_init(Type, Key),
State1 = hmac_update(State0, Data, Size, MaxBytes),
@@ -2279,20 +2284,11 @@ hmac_update(State0, Data, _, MaxBytes) ->
State = notsup_to_error(hmac_update_nif(State0, Increment)),
hmac_update(State, Rest, erlang:byte_size(Rest), MaxBytes).
-hmac_nif(_Type, _Key, _Data) -> ?nif_stub.
-hmac_nif(_Type, _Key, _Data, _MacSize) -> ?nif_stub.
hmac_init_nif(_Type, _Key) -> ?nif_stub.
hmac_update_nif(_Context, _Data) -> ?nif_stub.
hmac_final_nif(_Context) -> ?nif_stub.
hmac_final_nif(_Context, _MacSize) -> ?nif_stub.
-%% CMAC
-cmac_nif(_Type, _Key, _Data) -> ?nif_stub.
-
-%% POLY1305
-poly1305_nif(_Key, _Data) -> ?nif_stub.
-
-
%% CIPHERS --------------------------------------------------------------------
cipher_info_nif(_Type) -> ?nif_stub.