aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto
diff options
context:
space:
mode:
authorHans Nilsson <[email protected]>2019-06-05 15:27:36 +0200
committerHans Nilsson <[email protected]>2019-06-14 13:33:07 +0200
commit511480bd35d03a52062ac340f49b5149d3dce507 (patch)
treefe17531cde30a1b8303e5585b67e51e29c154005 /lib/crypto
parent8c4dfdafddec0aab02615fc3ebb95b7bc245f4db (diff)
downloadotp-511480bd35d03a52062ac340f49b5149d3dce507.tar.gz
otp-511480bd35d03a52062ac340f49b5149d3dce507.tar.bz2
otp-511480bd35d03a52062ac340f49b5149d3dce507.zip
crypto: Documentation
Diffstat (limited to 'lib/crypto')
-rw-r--r--lib/crypto/doc/src/algorithm_details.xml63
-rw-r--r--lib/crypto/doc/src/crypto.xml360
-rw-r--r--lib/crypto/doc/src/new_api.xml181
3 files changed, 427 insertions, 177 deletions
diff --git a/lib/crypto/doc/src/algorithm_details.xml b/lib/crypto/doc/src/algorithm_details.xml
index 854bfbb4b1..85ae766c35 100644
--- a/lib/crypto/doc/src/algorithm_details.xml
+++ b/lib/crypto/doc/src/algorithm_details.xml
@@ -48,8 +48,7 @@
<p>Available in all OpenSSL compatible with Erlang CRYPTO if not disabled by configuration.
</p>
<p>To dynamically check availability, check that the name in the <i>Cipher and Mode</i> column is present in the
- list with the <c>cipher</c> tag in the return value of
- <seealso marker="crypto#supports-0">crypto:supports()</seealso>.
+ list returned by <seealso marker="crypto#supports-1">crypto:supports(ciphers)</seealso>.
</p>
<table>
<row><cell><strong>Cipher and Mode</strong></cell><cell><strong>Key length</strong><br/><strong>[bytes]</strong></cell><cell><strong>IV length</strong><br/><strong>[bytes]</strong></cell><cell><strong>Block size</strong><br/><strong>[bytes]</strong></cell></row>
@@ -85,8 +84,7 @@
<seealso marker="crypto#block_decrypt-4">block_decrypt/4</seealso>.
</p>
<p>To dynamically check availability, check that the name in the <i>Cipher and Mode</i> column is present in the
- list with the <c>cipher</c> tag in the return value of
- <seealso marker="crypto#supports-0">crypto:supports()</seealso>.
+ list returned by <seealso marker="crypto#supports-1">crypto:supports(ciphers)</seealso>.
</p>
<table>
<row><cell><strong>Cipher and Mode</strong></cell><cell><strong>Key length</strong><br/><strong>[bytes]</strong></cell><cell><strong>IV length</strong><br/><strong>[bytes]</strong></cell><cell><strong>AAD length</strong><br/><strong>[bytes]</strong></cell><cell><strong>Tag length</strong><br/><strong>[bytes]</strong></cell><cell><strong>Block size</strong><br/><strong>[bytes]</strong></cell><cell><strong>Supported with</strong><br/><strong>OpenSSL versions</strong></cell></row>
@@ -103,8 +101,7 @@
<seealso marker="crypto#stream_init/3">stream_init/3</seealso>.
</p>
<p>To dynamically check availability, check that the name in the <i>Cipher and Mode</i> column is present in the
- list with the <c>cipher</c> tag in the return value of
- <seealso marker="crypto#supports-0">crypto:supports()</seealso>.
+ list returned by <seealso marker="crypto#supports-1">crypto:supports(ciphers)</seealso>.
</p>
<table>
<row><cell><strong>Cipher and Mode</strong></cell><cell><strong>Key length</strong><br/><strong>[bytes]</strong></cell><cell><strong>IV length</strong><br/><strong>[bytes]</strong></cell><cell><strong>Supported with</strong><br/><strong>OpenSSL versions</strong></cell></row>
@@ -117,20 +114,19 @@
<section>
<title>Message Authentication Codes (MACs)</title>
+ <p>To be used in <seealso marker="crypto#mac-4">mac/4</seealso> and
+ <seealso marker="crypto:new_api#macs--message-authentication-codes-">related functions</seealso>.
+ </p>
<section>
<title>CMAC</title>
- <p>To be used in <seealso marker="crypto#cmac-3">cmac/3</seealso> and
- <seealso marker="crypto#cmac-3">cmac/4</seealso>.
- </p>
<p>CMAC with the following ciphers are available with OpenSSL 1.0.1 or later if not disabled by configuration.
</p>
<p>To dynamically check availability, check that the name <c>cmac</c> is present in the
- list with the <c>macs</c> tag in the return value of
- <seealso marker="crypto#supports-0">crypto:supports()</seealso>.
+ list returned by <seealso marker="crypto#supports-1">crypto:supports(macs)</seealso>.
Also check that the name in the <i>Cipher and Mode</i> column is present in the
- list with the <c>cipher</c> tag in the return value.
+ list returned by <seealso marker="crypto#supports-1">crypto:supports(ciphers)</seealso>.
</p>
<table>
<row><cell><strong>Cipher and Mode</strong></cell><cell><strong>Key length</strong><br/><strong>[bytes]</strong></cell><cell><strong>Max Mac Length</strong><br/><strong>[bytes]</strong></cell></row>
@@ -162,8 +158,7 @@
<p>Available in all OpenSSL compatible with Erlang CRYPTO if not disabled by configuration.
</p>
<p>To dynamically check availability, check that the name <c>hmac</c> is present in the
- list with the <c>macs</c> tag in the return value of
- <seealso marker="crypto#supports-0">crypto:supports()</seealso>.
+ list returned by <seealso marker="crypto#supports-1">crypto:supports(macs)</seealso>.
</p>
</section>
@@ -172,8 +167,7 @@
<p>POLY1305 is available with OpenSSL 1.1.1 or later if not disabled by configuration.
</p>
<p>To dynamically check availability, check that the name <c>poly1305</c> is present in the
- list with the <c>macs</c> tag in the return value of
- <seealso marker="crypto#supports-0">crypto:supports()</seealso>.
+ list returned by <seealso marker="crypto#supports-1">crypto:supports(macs)</seealso>.
</p>
</section>
@@ -183,11 +177,9 @@
<title>Hash</title>
<p>To dynamically check availability, check that the wanted name in the <i>Names</i> column is present in the
- list with the <c>hashs</c> tag in the return value of
- <seealso marker="crypto#supports-0">crypto:supports()</seealso>.
+ list returned by <seealso marker="crypto#supports-1">crypto:supports(hashs)</seealso>.
</p>
-
<table>
<row><cell><strong>Type</strong></cell>
<cell><strong>Names</strong></cell>
@@ -210,8 +202,7 @@
<title>RSA</title>
<p>RSA is available with all OpenSSL versions compatible with Erlang CRYPTO if not disabled by configuration.
To dynamically check availability, check that the atom <c>rsa</c> is present in the
- list with the <c>public_keys</c> tag in the return value of
- <seealso marker="crypto#supports-0">crypto:supports()</seealso>.
+ list returned by <seealso marker="crypto#supports-1">crypto:supports(public_keys)</seealso>.
</p>
<warning>
<!-- In RefMan rsa_opt(), rsa_sign_verify_opt() and User's man RSA -->
@@ -283,8 +274,7 @@
<title>DSS</title>
<p>DSS is available with OpenSSL versions compatible with Erlang CRYPTO if not disabled by configuration.
To dynamically check availability, check that the atom <c>dss</c> is present in the
- list with the <c>public_keys</c> tag in the return value of
- <seealso marker="crypto#supports-0">crypto:supports()</seealso>.
+ list returned by <seealso marker="crypto#supports-1">crypto:supports(public_keys)</seealso>.
</p>
</section>
@@ -292,13 +282,11 @@
<title>ECDSA</title>
<p>ECDSA is available with OpenSSL 0.9.8o or later if not disabled by configuration.
To dynamically check availability, check that the atom <c>ecdsa</c> is present in the
- list with the <c>public_keys</c> tag in the return value of
- <seealso marker="crypto#supports-0">crypto:supports()</seealso>.
- If the atom <c>ec_gf2m</c> characteristic two field curves are available.
+ list returned by <seealso marker="crypto#supports-1">crypto:supports(public_keys)</seealso>.
+ If the atom <c>ec_gf2m</c> also is present, the characteristic two field curves are available.
</p>
- <p>The actual supported named curves could be checked by examining the list with the
- <c>curves</c> tag in the return value of
- <seealso marker="crypto#supports-0">crypto:supports()</seealso>.
+ <p>The actual supported named curves could be checked by examining the
+ list returned by <seealso marker="crypto#supports-1">crypto:supports(curves)</seealso>.
</p>
</section>
@@ -306,13 +294,11 @@
<title>EdDSA</title>
<p>EdDSA is available with OpenSSL 1.1.1 or later if not disabled by configuration.
To dynamically check availability, check that the atom <c>eddsa</c> is present in the
- list with the <c>public_keys</c> tag in the return value of
- <seealso marker="crypto#supports-0">crypto:supports()</seealso>.
+ list returned by <seealso marker="crypto#supports-1">crypto:supports(public_keys)</seealso>.
</p>
<p>Support for the curves ed25519 and ed448 is implemented.
The actual supported named curves could be checked by examining the list with the
- <c>curves</c> tag in the return value of
- <seealso marker="crypto#supports-0">crypto:supports()</seealso>.
+ list returned by <seealso marker="crypto#supports-1">crypto:supports(curves)</seealso>.
</p>
</section>
@@ -321,8 +307,7 @@
<p>Diffie-Hellman computations are available with OpenSSL versions compatible with Erlang CRYPTO
if not disabled by configuration.
To dynamically check availability, check that the atom <c>dh</c> is present in the
- list with the <c>public_keys</c> tag in the return value of
- <seealso marker="crypto#supports-0">crypto:supports()</seealso>.
+ list returned by <seealso marker="crypto#supports-1">crypto:supports(public_keys)</seealso>.
</p>
</section>
@@ -330,17 +315,15 @@
<title>Elliptic Curve Diffie-Hellman</title>
<p>Elliptic Curve Diffie-Hellman is available with OpenSSL 0.9.8o or later if not disabled by configuration.
To dynamically check availability, check that the atom <c>ecdh</c> is present in the
- list with the <c>public_keys</c> tag in the return value of
- <seealso marker="crypto#supports-0">crypto:supports()</seealso>.
+ list returned by <seealso marker="crypto#supports-1">crypto:supports(public_keys)</seealso>.
</p>
<p>The Edward curves <c>x25519</c> and <c>x448</c> are supported with OpenSSL 1.1.1 or later
if not disabled by configuration.
</p>
- <p>The actual supported named curves could be checked by examining the list with the
- <c>curves</c> tag in the return value of
- <seealso marker="crypto#supports-0">crypto:supports()</seealso>.
+ <p>The actual supported named curves could be checked by examining the
+ list returned by <seealso marker="crypto#supports-1">crypto:supports(curves)</seealso>.
</p>
</section>
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index d1d1252f29..26fbfc166e 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -302,6 +302,12 @@
</datatype>
<datatype>
+ <name name="cmac_cipher_algorithm"/>
+ <desc>
+ </desc>
+ </datatype>
+
+ <datatype>
<name name="rsa_digest_type"/>
<desc>
</desc>
@@ -324,6 +330,11 @@
<name name="sha2"/>
<name name="sha3"/>
<name name="blake2"/>
+ <desc>
+ </desc>
+ </datatype>
+
+ <datatype>
<name name="compatibility_only_hash"/>
<desc>
<p>The <c>compatibility_only_hash()</c> algorithms are recommended only for compatibility with existing applications.</p>
@@ -575,10 +586,11 @@
<datatype_title>Internal data types</datatype_title>
<datatype>
- <name name="stream_state"/>
- <name name="hmac_state"/>
- <name name="hash_state"/>
<name name="crypto_state"/>
+ <name name="hash_state"/>
+ <name name="hmac_state"/>
+ <name name="mac_state"/>
+ <name name="stream_state"/>
<desc>
<p>Contexts with an internal state that should not be manipulated but passed between function calls.
</p>
@@ -783,6 +795,161 @@
</desc>
</func>
+ <func>
+ <name name="mac" arity="3" since="OTP @OTP-13872@"/>
+ <fsummary></fsummary>
+ <desc>
+ <p>Short for <seealso marker="#mac-4">mac(Type, undefined, Key, Data)</seealso>.
+ </p>
+ </desc>
+ </func>
+
+ <func>
+ <name name="mac" arity="4" since="OTP @OTP-13872@"/>
+ <fsummary></fsummary>
+ <desc>
+ <p>Computes a MAC (Message Authentication Code) of type <c>Type</c> from <c>Data</c>.
+ </p>
+
+ <p><c>SubType</c> depends on the MAC <c>Type</c>:
+ </p>
+ <list>
+ <item>For <c>hmac</c> it is a hash algorithm</item>
+ <item>For <c>cmac</c> it is a cipher suitable for cmac</item>
+ <item>For <c>poly1305</c> it should be set to <c>undefined</c> or the
+ <seealso marker="#mac-3">mac/3</seealso> function could be used instead.</item>
+ </list>
+
+ <p><c>Key</c> is the authentication key with a length according to the
+ <c>Type</c> and <c>SubType</c>.
+ The key length could be found with the
+ <seealso marker="#hash_info-1">hash_info/1</seealso> (<c>hmac</c>) for and
+ <seealso marker="#cipher_info-1">cipher_info/1</seealso> (<c>cmac</c>)
+ functions. For <c>poly1305</c> the key length is 32 bytes. Note that
+ the cryptographic quality of the key is not checked.
+ </p>
+
+ <p>The <c>Mac</c> result will have a default length depending on the <c>Type</c> and <c>SubType</c>.
+ To set a shorter length, use <seealso marker="#macN-4">macN/4</seealso> or
+ <seealso marker="#macN-5">macN/5</seealso> instead.
+ </p>
+ </desc>
+ </func>
+
+ <func>
+ <name name="macN" arity="4" since="OTP @OTP-13872@"/>
+ <fsummary></fsummary>
+ <desc>
+ <p>Short for <seealso marker="#macN-5">macN(Type, undefined, Key, Data, MacLength)</seealso>.
+ </p>
+ </desc>
+ </func>
+
+ <func>
+ <name name="macN" arity="5" since="OTP @OTP-13872@"/>
+ <fsummary></fsummary>
+ <desc>
+ <p>Computes a MAC (Message Authentication Code)
+ as <seealso marker="#mac-3">mac/3</seealso> and <seealso marker="#mac-4">mac/4</seealso> but
+ <c>MacLength</c> will limit the size of the resultant <c>Mac</c> to
+ at most <c>MacLength</c> bytes.
+ Note that if <c>MacLength</c> is greater than the actual number of
+ bytes returned from the underlying hash, the returned hash will have
+ that shorter length instead.
+ </p>
+ </desc>
+ </func>
+
+ <func>
+ <name name="mac_init" arity="2" since="OTP @OTP-13872@"/>
+ <fsummary></fsummary>
+ <desc>
+ <p>Short for <seealso marker="#mac_init-3">mac_init(Type, undefined, Key)</seealso>.
+ </p>
+ </desc>
+ </func>
+
+ <func>
+ <name name="mac_init" arity="3" since="OTP @OTP-13872@"/>
+ <fsummary></fsummary>
+ <desc>
+ <p>Initializes the context for streaming MAC operations.
+ </p>
+ <p><c>Type</c> determines which mac algorithm to use in the MAC operation.
+ </p>
+
+ <p><c>SubType</c> depends on the MAC <c>Type</c>:
+ </p>
+ <list>
+ <item>For <c>hmac</c> it is a hash algorithm</item>
+ <item>For <c>cmac</c> it is a cipher suitable for cmac</item>
+ <item>For <c>poly1305</c> it should be set to <c>undefined</c> or the
+ <seealso marker="#mac_init-2">mac/2</seealso> function could be used instead.</item>
+ </list>
+
+ <p><c>Key</c> is the authentication key with a length according to the
+ <c>Type</c> and <c>SubType</c>.
+ The key length could be found with the
+ <seealso marker="#hash_info-1">hash_info/1</seealso> (<c>hmac</c>) for and
+ <seealso marker="#cipher_info-1">cipher_info/1</seealso> (<c>cmac</c>)
+ functions. For <c>poly1305</c> the key length is 32 bytes. Note that
+ the cryptographic quality of the key is not checked.
+ </p>
+
+ <p>The returned <c>State</c> should be used in one or more subsequent calls to
+ <seealso marker="#mac_update-2">mac_update/2</seealso>.
+ The MAC value is finally returned by calling
+ <seealso marker="#mac_final-1">mac_final/1</seealso> or
+ <seealso marker="#mac_finalN-2">mac_finalN/2</seealso>.
+ </p>
+
+ <p>See <seealso marker="crypto:new_api#example-of-mac_init-mac_update-and-mac_final">
+ examples in the User's Guide.</seealso>
+ </p>
+ </desc>
+ </func>
+
+ <func>
+ <name name="mac_update" arity="2" since="OTP @OTP-13872@"/>
+ <fsummary></fsummary>
+ <desc>
+ <p>Updates the MAC represented by <c>State0</c> using the given <c>Data</c> which
+ could be of any length.
+ </p>
+ <p>The <c>State0</c> is the State value originally from a MAC init function, that is
+ <seealso marker="#mac_init-2">mac_init/2</seealso>,
+ <seealso marker="#mac_init-3">mac_init/3</seealso> or
+ a previous call of <c>mac_update/2</c>.
+ The value <c>State0</c> is returned unchanged by the function as <c>State</c>.
+ </p>
+ </desc>
+ </func>
+
+ <func>
+ <name name="mac_final" arity="1" since="OTP @OTP-13872@"/>
+ <fsummary></fsummary>
+ <desc>
+ <p>Finalizes the MAC operation referenced by <c>State</c>. The <c>Mac</c> result will have
+ a default length depending on the <c>Type</c> and <c>SubType</c> in the
+ <seealso marker="#mac_init-3">mac_init/2,3</seealso> call.
+ To set a shorter length, use <seealso marker="#mac_finalN-2">mac_finalN/2</seealso> instead.
+ </p>
+ </desc>
+ </func>
+
+ <func>
+ <name name="mac_finalN" arity="2" since="OTP @OTP-13872@"/>
+ <fsummary></fsummary>
+ <desc>
+ <p>Finalizes the MAC operation referenced by <c>State</c>.
+ </p>
+ <p><c>Mac</c> will be a binary with at most <c>MacLength</c> bytes.
+ Note that if <c>MacLength</c> is greater than the actual number of
+ bytes returned from the underlying hash, the returned hash will have
+ that shorter length instead.
+ </p>
+ </desc>
+ </func>
</funcs>
<section>
@@ -886,75 +1053,6 @@
</func>
<func>
- <name name="hmac" arity="3" since="OTP R16B"/>
- <name name="hmac" arity="4" since="OTP R16B"/>
- <fsummary></fsummary>
- <desc>
- <p>Computes a HMAC of type <c>Type</c> from <c>Data</c> using
- <c>Key</c> as the authentication key.</p> <p><c>MacLength</c>
- will limit the size of the resultant <c>Mac</c>.</p>
- </desc>
- </func>
-
- <func>
- <name name="hmac_init" arity="2" since="OTP R14B03"/>
- <fsummary></fsummary>
- <desc>
- <p>Initializes the context for streaming HMAC operations. <c>Type</c> determines
- which hash function to use in the HMAC operation. <c>Key</c> is the authentication
- key. The key can be any length.</p>
- </desc>
- </func>
-
- <func>
- <name name="hmac_update" arity="2" since="OTP R14B03"/>
- <fsummary></fsummary>
- <desc>
- <p>Updates the HMAC represented by <c>Context</c> using the given <c>Data</c>. <c>Context</c>
- must have been generated using an HMAC init function (such as
- <seealso marker="#hmac_init-2">hmac_init</seealso>). <c>Data</c> can be any length. <c>NewContext</c>
- must be passed into the next call to <c>hmac_update</c>
- or to one of the functions <seealso marker="#hmac_final-1">hmac_final</seealso> and
- <seealso marker="#hmac_final_n-2">hmac_final_n</seealso>
- </p>
- <warning><p>Do not use a <c>Context</c> as argument in more than one
- call to hmac_update or hmac_final. The semantics of reusing old contexts
- in any way is undefined and could even crash the VM in earlier releases.
- The reason for this limitation is a lack of support in the underlying
- libcrypto API.</p></warning>
- </desc>
- </func>
-
- <func>
- <name name="hmac_final" arity="1" since="OTP R14B03"/>
- <fsummary></fsummary>
- <desc>
- <p>Finalizes the HMAC operation referenced by <c>Context</c>. The size of the resultant MAC is
- determined by the type of hash function used to generate it.</p>
- </desc>
- </func>
-
- <func>
- <name name="hmac_final_n" arity="2" since="OTP R14B03"/>
- <fsummary></fsummary>
- <desc>
- <p>Finalizes the HMAC operation referenced by <c>Context</c>. <c>HashLen</c> must be greater than
- zero. <c>Mac</c> will be a binary with at most <c>HashLen</c> bytes. Note that if HashLen is greater than the actual number of bytes returned from the underlying hash, the returned hash will have fewer than <c>HashLen</c> bytes.</p>
- </desc>
- </func>
-
- <func>
- <name name="cmac" arity="3" since="OTP 20.0"/>
- <name name="cmac" arity="4" since="OTP 20.0"/>
- <fsummary>Calculates the Cipher-based Message Authentication Code.</fsummary>
- <desc>
- <p>Computes a CMAC of type <c>Type</c> from <c>Data</c> using
- <c>Key</c> as the authentication key.</p> <p><c>MacLength</c>
- will limit the size of the resultant <c>Mac</c>.</p>
- </desc>
- </func>
-
- <func>
<name name="info_fips" arity="0" since="OTP 20.0"/>
<fsummary>Provides information about the FIPS operating status.</fsummary>
<desc>
@@ -1068,15 +1166,6 @@
</func>
<func>
- <name name="poly1305" arity="2" since="OTP 21.1"/>
- <fsummary></fsummary>
- <desc>
- <p>Computes a POLY1305 message authentication code (<c>Mac</c>) from <c>Data</c> using
- <c>Key</c> as the authentication key.</p>
- </desc>
- </func>
-
- <func>
<name name="private_decrypt" arity="4" since="OTP R16B01"/>
<fsummary>Decrypts CipherText using the private Key.</fsummary>
<desc>
@@ -1961,6 +2050,115 @@ FloatValue = rand:uniform(). % again
</desc>
</func>
+ <func>
+ <name name="hmac" arity="3" since="OTP R16B"/>
+ <name name="hmac" arity="4" since="OTP R16B"/>
+ <fsummary></fsummary>
+ <desc>
+ <dont><p>Don't use this function for new programs! Use
+ <seealso marker="crypto#mac-4">mac/4</seealso> or
+ <seealso marker="crypto#macN-5">macN/5</seealso> in
+ <seealso marker="crypto:new_api">the new api</seealso>.</p>
+ </dont>
+ <p>Computes a HMAC of type <c>Type</c> from <c>Data</c> using
+ <c>Key</c> as the authentication key.</p> <p><c>MacLength</c>
+ will limit the size of the resultant <c>Mac</c>.</p>
+ </desc>
+ </func>
+
+ <func>
+ <name name="hmac_init" arity="2" since="OTP R14B03"/>
+ <fsummary></fsummary>
+ <desc>
+ <dont><p>Don't use this function for new programs! Use
+ <seealso marker="crypto#mac_init-3">mac_init/3</seealso> in
+ <seealso marker="crypto:new_api">the new api</seealso>.</p>
+ </dont>
+ <p>Initializes the context for streaming HMAC operations. <c>Type</c> determines
+ which hash function to use in the HMAC operation. <c>Key</c> is the authentication
+ key. The key can be any length.</p>
+ </desc>
+ </func>
+
+ <func>
+ <name name="hmac_update" arity="2" since="OTP R14B03"/>
+ <fsummary></fsummary>
+ <desc>
+ <dont><p>Don't use this function for new programs! Use
+ <seealso marker="crypto#mac_update-2">mac_update/2</seealso> in
+ <seealso marker="crypto:new_api">the new api</seealso>.</p>
+ </dont>
+ <p>Updates the HMAC represented by <c>Context</c> using the given <c>Data</c>. <c>Context</c>
+ must have been generated using an HMAC init function (such as
+ <seealso marker="#hmac_init-2">hmac_init</seealso>). <c>Data</c> can be any length. <c>NewContext</c>
+ must be passed into the next call to <c>hmac_update</c>
+ or to one of the functions <seealso marker="#hmac_final-1">hmac_final</seealso> and
+ <seealso marker="#hmac_final_n-2">hmac_final_n</seealso>
+ </p>
+ <warning><p>Do not use a <c>Context</c> as argument in more than one
+ call to hmac_update or hmac_final. The semantics of reusing old contexts
+ in any way is undefined and could even crash the VM in earlier releases.
+ The reason for this limitation is a lack of support in the underlying
+ libcrypto API.</p></warning>
+ </desc>
+ </func>
+
+ <func>
+ <name name="hmac_final" arity="1" since="OTP R14B03"/>
+ <fsummary></fsummary>
+ <desc>
+ <dont><p>Don't use this function for new programs! Use
+ <seealso marker="crypto#mac_final-1">mac_final/1</seealso> in
+ <seealso marker="crypto:new_api">the new api</seealso>.</p>
+ </dont>
+ <p>Finalizes the HMAC operation referenced by <c>Context</c>. The size of the resultant MAC is
+ determined by the type of hash function used to generate it.</p>
+ </desc>
+ </func>
+
+ <func>
+ <name name="hmac_final_n" arity="2" since="OTP R14B03"/>
+ <fsummary></fsummary>
+ <desc>
+ <dont><p>Don't use this function for new programs! Use
+ <seealso marker="crypto#mac_finalN-2">mac_finalN/2</seealso> in
+ <seealso marker="crypto:new_api">the new api</seealso>.</p>
+ </dont>
+ <p>Finalizes the HMAC operation referenced by <c>Context</c>. <c>HashLen</c> must be greater than
+ zero. <c>Mac</c> will be a binary with at most <c>HashLen</c> bytes. Note that if HashLen is greater than the actual number of bytes returned from the underlying hash, the returned hash will have fewer than <c>HashLen</c> bytes.</p>
+ </desc>
+ </func>
+
+ <func>
+ <name name="cmac" arity="3" since="OTP 20.0"/>
+ <name name="cmac" arity="4" since="OTP 20.0"/>
+ <fsummary>Calculates the Cipher-based Message Authentication Code.</fsummary>
+ <desc>
+ <dont><p>Don't use this function for new programs! Use
+ <seealso marker="crypto#mac-4">mac/4</seealso> or
+ <seealso marker="crypto#macN-5">macN/5</seealso> in
+ <seealso marker="crypto:new_api">the new api</seealso>.</p>
+ </dont>
+ <p>Computes a CMAC of type <c>Type</c> from <c>Data</c> using
+ <c>Key</c> as the authentication key.</p> <p><c>MacLength</c>
+ will limit the size of the resultant <c>Mac</c>.</p>
+ </desc>
+ </func>
+
+ <func>
+ <name name="poly1305" arity="2" since="OTP 21.1"/>
+ <fsummary></fsummary>
+ <desc>
+ <dont><p>Don't use this function for new programs! Use
+ <seealso marker="crypto#mac-3">mac/3</seealso> or
+ <seealso marker="crypto#macN-4">macN/4</seealso> in
+ <seealso marker="crypto:new_api">the new api</seealso>.</p>
+ </dont>
+ <p>Computes a POLY1305 message authentication code (<c>Mac</c>) from <c>Data</c> using
+ <c>Key</c> as the authentication key.</p>
+ </desc>
+ </func>
+
</funcs>
diff --git a/lib/crypto/doc/src/new_api.xml b/lib/crypto/doc/src/new_api.xml
index bd2334ac9f..aacf5e4f76 100644
--- a/lib/crypto/doc/src/new_api.xml
+++ b/lib/crypto/doc/src/new_api.xml
@@ -40,7 +40,7 @@
to maintain.
</p>
<p>It turned out that using the old api in the new way (more about that later), and still keep it
- backwards compatible, was not possible. Specially as more precision in the error messages was wanted
+ backwards compatible, was not possible. Specially as more precision in the error messages is desired
it could not be combined with the old standard.
</p>
<p>Therefore the old api (see next section) is kept for now but internally implemented with new primitives.
@@ -49,7 +49,7 @@
<section>
<title>The old API</title>
- <p>The old functions - not recommended for new programs - are:</p>
+ <p>The old functions - not recommended for new programs - are for chipers:</p>
<list>
<item><seealso marker="crypto#block_encrypt-3">block_encrypt/3</seealso></item>
<item><seealso marker="crypto#block_encrypt-4">block_encrypt/4</seealso></item>
@@ -59,61 +59,101 @@
<item><seealso marker="crypto#stream_init-2">stream_init/3</seealso></item>
<item><seealso marker="crypto#stream_encrypt-2">stream_encrypt/2</seealso></item>
<item><seealso marker="crypto#stream_decrypt-2">stream_decrypt/2</seealso></item>
+ </list>
+ <p>for lists of supported algorithms:</p>
+ <list>
<item><seealso marker="crypto#supports-0">supports/0</seealso></item>
</list>
+ <p>and for MACs (Message Authentication Codes):</p>
+ <list>
+ <item><seealso marker="crypto#cmac-3">cmac/3</seealso></item>
+ <item><seealso marker="crypto#cmac-4">cmac/4</seealso></item>
+ <item><seealso marker="crypto#hmac-3">hmac/3</seealso></item>
+ <item><seealso marker="crypto#hmac-4">hmac/4</seealso></item>
+ <item><seealso marker="crypto#hmac_init-2">hmac_init/2</seealso></item>
+ <item><seealso marker="crypto#hmac_update-2">hmac_update/2</seealso></item>
+ <item><seealso marker="crypto#hmac_final-1">hmac_final/1</seealso></item>
+ <item><seealso marker="crypto#hmac_final_n-2">hmac_final_n/2</seealso></item>
+ <item><seealso marker="crypto#poly1305-2">poly1305/2</seealso></item>
+ </list>
<p>They are not deprecated for now, but may be in a future release.
</p>
</section>
<section>
<title>The new API</title>
- <p>The new functions for encrypting or decrypting one single binary are:
- </p>
- <list>
- <item><seealso marker="crypto#crypto_one_time/4">crypto_one_time/4</seealso></item>
- <item><seealso marker="crypto#crypto_one_time/5">crypto_one_time/5</seealso></item>
- <item><seealso marker="crypto#crypto_one_time_aead/6">crypto_one_time_aead/6</seealso></item>
- <item><seealso marker="crypto#crypto_one_time_aead/7">crypto_one_time_aead/7</seealso></item>
- </list>
- <p>In those functions the internal crypto state is first created and initialized
- with the cipher type, the key and possibly other data. Then the single binary is encrypted
- or decrypted,
- the crypto state is de-allocated and the result of the crypto operation is returned.
- </p>
- <p>The <c>crypto_one_time_aead</c> functions are for the ciphers of mode <c>ccm</c> or
- <c>gcm</c>, and for the cipher <c>chacha20-poly1305</c>.
- </p>
- <p>For repeated encryption or decryption of a text divided in parts, where the internal
- crypto state is initialized once, and then many binaries are encrypted or decrypted with
- the same state, the functions are:
- </p>
- <list>
- <item><seealso marker="crypto#crypto_init/4">crypto_init/4</seealso></item>
- <item><seealso marker="crypto#crypto_init/3">crypto_init/3</seealso></item>
- <item><seealso marker="crypto#crypto_update/2">crypto_update/2</seealso></item>
- </list>
- <p>The <c>crypto_init</c> initialies an internal cipher state, and one or more calls of
- <c>crypto_update</c> does the acual encryption or decryption. Note that AEAD ciphers
- can't be handled this way due to their nature.
- </p>
- <p>For repeated encryption or decryption of a text divided in parts where the
- same cipher and same key is used, but a new initialization vector (nounce) should be applied
- for each part, the functions are:
- </p>
- <list>
- <item><seealso marker="crypto#crypto_dyn_iv_init/3">crypto_dyn_iv_init/3</seealso></item>
- <item><seealso marker="crypto#crypto_dyn_iv_update/3">crypto_dyn_iv_update/3</seealso></item>
- </list>
- <p>An example of where those functions are needed, is when handling the TLS protocol.</p>
- <p>For information about available algorithms, use:
- </p>
- <list>
- <item><seealso marker="crypto#supports-1">supports/1</seealso></item>
- <item><seealso marker="crypto#hash_info-1">hash_info/1</seealso></item>
- <item><seealso marker="crypto#cipher_info-1">cipher_info/1</seealso></item>
- </list>
+ <section>
+ <title>Encryption and decryption</title>
+ <p>The new functions for encrypting or decrypting one single binary are:
+ </p>
+ <list>
+ <item><seealso marker="crypto#crypto_one_time/4">crypto_one_time/4</seealso></item>
+ <item><seealso marker="crypto#crypto_one_time/5">crypto_one_time/5</seealso></item>
+ <item><seealso marker="crypto#crypto_one_time_aead/6">crypto_one_time_aead/6</seealso></item>
+ <item><seealso marker="crypto#crypto_one_time_aead/7">crypto_one_time_aead/7</seealso></item>
+ </list>
+ <p>In those functions the internal crypto state is first created and initialized
+ with the cipher type, the key and possibly other data. Then the single binary is encrypted
+ or decrypted,
+ the crypto state is de-allocated and the result of the crypto operation is returned.
+ </p>
+ <p>The <c>crypto_one_time_aead</c> functions are for the ciphers of mode <c>ccm</c> or
+ <c>gcm</c>, and for the cipher <c>chacha20-poly1305</c>.
+ </p>
+ <p>For repeated encryption or decryption of a text divided in parts, where the internal
+ crypto state is initialized once, and then many binaries are encrypted or decrypted with
+ the same state, the functions are:
+ </p>
+ <list>
+ <item><seealso marker="crypto#crypto_init/4">crypto_init/4</seealso></item>
+ <item><seealso marker="crypto#crypto_init/3">crypto_init/3</seealso></item>
+ <item><seealso marker="crypto#crypto_update/2">crypto_update/2</seealso></item>
+ </list>
+ <p>The <c>crypto_init</c> initialies an internal cipher state, and one or more calls of
+ <c>crypto_update</c> does the acual encryption or decryption. Note that AEAD ciphers
+ can't be handled this way due to their nature.
+ </p>
+ <p>For repeated encryption or decryption of a text divided in parts where the
+ same cipher and same key is used, but a new initialization vector (nounce) should be applied
+ for each part, the functions are:
+ </p>
+ <list>
+ <item><seealso marker="crypto#crypto_dyn_iv_init/3">crypto_dyn_iv_init/3</seealso></item>
+ <item><seealso marker="crypto#crypto_dyn_iv_update/3">crypto_dyn_iv_update/3</seealso></item>
+ </list>
+ <p>An example of where those functions are needed, is when handling the TLS protocol.</p>
+ <p>For information about available algorithms, use:
+ </p>
+ <list>
+ <item><seealso marker="crypto#supports-1">supports/1</seealso></item>
+ <item><seealso marker="crypto#hash_info-1">hash_info/1</seealso></item>
+ <item><seealso marker="crypto#cipher_info-1">cipher_info/1</seealso></item>
+ </list>
+ </section>
<section>
+ <title>MACs (Message Authentication Codes)</title>
+ <p>The new functions for calculating a MAC of a single piece of text are:</p>
+ <list>
+ <item><seealso marker="crypto#mac-3">mac/3</seealso></item>
+ <item><seealso marker="crypto#mac-4">mac/4</seealso></item>
+ <item><seealso marker="crypto#macN-4">macN/4</seealso></item>
+ <item><seealso marker="crypto#macN-5">macN/5</seealso></item>
+ </list>
+ <p>For calculating a MAC of a text divided in parts use:</p>
+ <list>
+ <item><seealso marker="crypto#mac_init-2">mac_init/2</seealso></item>
+ <item><seealso marker="crypto#mac_init-3">mac_init/3</seealso></item>
+ <item><seealso marker="crypto#mac_update-2">mac_update/2</seealso></item>
+ <item><seealso marker="crypto#mac_final-1">mac_final/1</seealso></item>
+ <item><seealso marker="crypto#mac_finalN-2">mac_finalN/2</seealso></item>
+ </list>
+ </section>
+ </section>
+
+ <section>
+ <title>Examples of the new api</title>
+ <section>
<title>Examples of crypto_init/4 and crypto_update/2</title>
<p>The functions <seealso marker="crypto#crypto_init/4">crypto_init/4</seealso>
and <seealso marker="crypto#crypto_update/2">crypto_update/2</seealso> are intended
@@ -143,7 +183,7 @@
8> crypto:crypto_update(StateDec, &lt;&lt;67,44,216,166,25,130,203>>).
&lt;&lt;"First b">>
9> crypto:crypto_update(StateDec, &lt;&lt;5,66,6,162,16,79,94,115,234,197,
- 94,253,16,144,151>>).
+ 94,253,16,144,151>>).
&lt;&lt;"ytesSecond byte">>
10> crypto:crypto_update(StateDec, &lt;&lt;41>>).
&lt;&lt;"s">>
@@ -159,16 +199,16 @@
</p>
<code type="erl">
encode(Crypto, Key, IV) ->
- crypto_loop(crypto:crypto_init(Crypto, Key, IV, true)).
+ crypto_loop(crypto:crypto_init(Crypto, Key, IV, true)).
crypto_loop(State) ->
- receive
- {Text, Requester} ->
- Requester ! crypto:crypto_update(State, Text),
- loop(State)
- end.
+ receive
+ {Text, Requester} ->
+ Requester ! crypto:crypto_update(State, Text),
+ loop(State)
+ end.
</code>
- </section>
+ </section>
<section>
<title>Example of crypto_one_time/5</title>
@@ -219,6 +259,35 @@
</p>
</section>
+ <section>
+ <title>Example of mac_init mac_update and mac_final</title>
+ <code>
+ 1> Key = &lt;&lt;1:128>>.
+ &lt;&lt;0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1>>
+ 2> StateMac = crypto:mac_init(cmac, aes_128_cbc, Key).
+ #Ref&lt;0.2424664121.2781478916.232610>
+ 3> crypto:mac_update(StateMac, &lt;&lt;"First bytes">>).
+ #Ref&lt;0.2424664121.2781478916.232610>
+ 4> crypto:mac_update(StateMac, " ").
+ #Ref&lt;0.2424664121.2781478916.232610>
+ 5> crypto:mac_update(StateMac, &lt;&lt;"last bytes">>).
+ #Ref&lt;0.2424664121.2781478916.232610>
+ 6> crypto:mac_final(StateMac).
+ &lt;&lt;68,191,219,128,84,77,11,193,197,238,107,6,214,141,160,
+ 249>>
+ 7>
+ </code>
+ <p>and compare the result with a single calculation just for this example:</p>
+ <code>
+ 7> crypto:mac(cmac, aes_128_cbc, Key, "First bytes last bytes").
+ &lt;&lt;68,191,219,128,84,77,11,193,197,238,107,6,214,141,160,
+ 249>>
+ 8> v(7) == v(6).
+ true
+ 9>
+ </code>
+ </section>
+
</section>
<section>
@@ -233,7 +302,7 @@
on the mode. An example is the ccm mode which has a variant called ccm8 where the so called tag
has a length of eight bits.
</p>
- <p>The old names had by time lost any common naming which the new names now introduces. The new names include
+ <p>The old names had by time lost any common naming convention which the new names now introduces. The new names include
the key length which improves the error checking in the lower levels of the crypto application.
</p>