ssl & crypto: Generalize the remaining crypto API

5 files changed, 99 insertions, 101 deletions

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index c5d181ea25..0129526303 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -496,6 +496,7 @@ static ERL_NIF_TERM atom_sha256;
 static ERL_NIF_TERM atom_sha384;
 static ERL_NIF_TERM atom_sha512;
 static ERL_NIF_TERM atom_md5;
+static ERL_NIF_TERM atom_md4;
 static ERL_NIF_TERM atom_ripemd160;
 static ERL_NIF_TERM atom_error;
 static ERL_NIF_TERM atom_rsa_pkcs1_padding;
@@ -590,6 +591,7 @@ static int init(ErlNifEnv* env, ERL_NIF_TERM load_info)
     atom_sha256 = enif_make_atom(env,"sha256");
     atom_sha384 = enif_make_atom(env,"sha384");
     atom_sha512 = enif_make_atom(env,"sha512");
+    atom_md4 = enif_make_atom(env,"md4");
     atom_md5 = enif_make_atom(env,"md5");
     atom_ripemd160 = enif_make_atom(env,"ripemd160");
     atom_error = enif_make_atom(env,"error");
@@ -708,12 +710,12 @@ static void unload(ErlNifEnv* env, void* priv_data)
 }
 
 static int algos_cnt;
-static ERL_NIF_TERM algos[8];   /* increase when extending the list */
+static ERL_NIF_TERM algos[9];   /* increase when extending the list */
 
 static void init_algorithms_types(void)
 {
     algos_cnt = 0;
-
+    algos[algos_cnt++] = atom_md4;
     algos[algos_cnt++] = atom_md5;
     algos[algos_cnt++] = atom_sha;
     algos[algos_cnt++] = atom_ripemd160;
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 0fb53346ca..df765ade87 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -30,23 +30,24 @@
       </p>
     <list type="bulleted">
       <item>
-	<p>Hash functions - <url href="http://www.ietf.org/rfc/rfc1320.txt">The MD4 Message Digest Algorithm (RFC 1320)</url>,
+	<p>Hash functions -
+	<url href="http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf"> Secure Hash Standard</url>,
 	<url href="http://www.ietf.org/rfc/rfc1321.txt"> The MD5 Message Digest Algorithm (RFC 1321)</url> and
-	<url href="http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf"> Secure Hash Standard </url>
+	<url href="http://www.ietf.org/rfc/rfc1320.txt">The MD4 Message Digest Algorithm (RFC 1320)</url>
 	</p>
       </item>
       <item>
         <p>Hmac functions - <url href="http://www.ietf.org/rfc/rfc2104.txt"> Keyed-Hashing for Message Authentication (RFC 2104) </url></p>
       </item>
       <item>
-        <p>Block ciphers - <url href="http://csrc.nist.gov/groups/ST/toolkit/block_ciphers.html"> </url> DES and AES and
-        and Block Cipher Modes - <url href="http://csrc.nist.gov/groups/ST/toolkit/BCM/index.html"> ECB, CBC, CFB, OFB and CTR </url></p>
+        <p>Block ciphers - <url href="http://csrc.nist.gov/groups/ST/toolkit/block_ciphers.html"> </url> DES and AES in
+        Block Cipher Modes - <url href="http://csrc.nist.gov/groups/ST/toolkit/BCM/index.html"> ECB, CBC, CFB, OFB and CTR </url></p>
       </item>
       <item>
         <p><url href="http://www.ietf.org/rfc/rfc1321.txt"> RSA encryption RFC 1321 </url> </p>
       </item>
       <item>
-        <p>Digital signatures <url href="http://csrc.nist.gov/publications/drafts/fips186-3/fips_186-3.pdf">Digital Signature Standard (DSS) </url>  and  <url href="http://csrc.nist.gov/groups/STM/cavp/documents/dss2/ecdsa2vs.pdf">Elliptic Curve Digital
+        <p>Digital signatures <url href="http://csrc.nist.gov/publications/drafts/fips186-3/fips_186-3.pdf">Digital Signature Standard (DSS)</url> and<url href="http://csrc.nist.gov/groups/STM/cavp/documents/dss2/ecdsa2vs.pdf"> Elliptic Curve Digital
 	Signature Algorithm (ECDSA) </url> </p>
       </item>
       <item>
@@ -57,13 +58,7 @@
 
  <section>
     <title>DATA TYPES </title>
-
-    <p><code>byte() = 0 ... 255</code></p>
-
-    <p><code>ioelem() = byte() | binary() | iolist()</code></p>
-
-    <p><code>iolist() = [ioelem()]</code></p>
-
+    
     <p><code>key_value()  = integer() | binary() </code></p>
 
     <p><code>rsa_public()  = [key_value()] = [E, N]  </code></p>
@@ -74,7 +69,7 @@
     the private exponent.The longer key format contains redundant
     information that will make the calculation faster. P1,P2 are first
     and second prime factors. E1,E2 are first and second exponents. C
-    is the CRT coefficient. Terminology is taken from RFC 3447. </p>
+    is the CRT coefficient. Terminology is taken from <url href="http://www.ietf.org/rfc/rfc3477.txt"> RFC 3447</url>.</p>
 
     <p><code>dss_public() = [key_value()] = [P, Q, G, Y] </code></p>
     <p>Where P, Q and G are the dss parameters and Y is the public key.</p>
@@ -137,25 +132,28 @@
 
      <p><code>block_key() =  aes_key() |  blowfish_key() | des_key()| des3_key() </code></p>
 
-     <p><code>aes_key() = binary() </code> Key length is 128, 192 or 256 bits</p>
+     <p><code>aes_key() = iodata() </code> Key length is 128, 192 or 256 bits</p>
 
-     <p><code>rc4_key() = binary() </code> Variable key length from 8 bits up to 2048 bits (usually between 40 and 256)</p>
+     <p><code>rc4_key() = iodata() </code> Variable key length from 8 bits up to 2048 bits (usually between 40 and 256)</p>
 
-     <p><code>blowfish_key() = binary() </code> Variable key length from 32 bits up to 448 bits</p>
+     <p><code>blowfish_key() = iodata() </code> Variable key length from 32 bits up to 448 bits</p>
 
-     <p><code>des_key() = binary() </code> Key length is 64 bits (in CBC mod only 8 bits are used)</p>
+     <p><code>des_key() = iodata() </code> Key length is 64 bits (in CBC mode only 8 bits are used)</p>
 
-     <p><code>des3_key() = [binary(), binary(), binary()] </code> Each key part is 64 bits (in CBC mod only 8 bits are used)</p>
+     <p><code>des3_key() = [binary(), binary(), binary()] </code> Each key part is 64 bits (in CBC mode only 8 bits are used)</p>
+
+     <p><code> message_digest_algorithms() =  md5 | ripemd160 | sha | sha224 | sha256 | sha384 | sha512 </code> md4 is aslo supported for hash_init/1 and hash/2.
+     Note that both md4 and md5 are recommended only for compatibility with existing applications.
+     </p>
  </section>
 
   <funcs>
     <func>
-      <name>algorithms() -> [atom()]</name>
+      <name>algorithms() -> [message_digest_algorithms() | md4 | ec]</name>
       <fsummary>Provide a list of available crypto algorithms.</fsummary>
       <desc>
-        <p>Provides the available crypto algorithms in terms of a list
-	of atoms. This is interesting as older versions of the openssl
-	crypto library may not support all algorithms used in the crypto API.</p>
+        <p> Can be used to determine if the crypto library has support for elliptic curve (ec) and
+	which message digest algorithms that are supported.</p>
       </desc>
     </func>
 
@@ -164,7 +162,7 @@
       <fsummary>Encrypt <c>PlainText</c>according to <c>Type</c> block cipher</fsummary>
       <type>
 	<v>Key = block_key() </v>
-        <v>PlainText = iodata() | binary()</v>
+        <v>PlainText = iodata() </v>
         <v>IVec = CipherText = binary()</v>
       </type>
       <desc>
@@ -179,7 +177,7 @@
       <fsummary>Decrypt <c>CipherText</c>according to <c>Type</c> block cipher</fsummary>
       <type>
 	<v>Key = block_key() </v>
-        <v>PlainText = iodata() | binary()</v>
+        <v>PlainText = iodata() </v>
         <v>IVec = CipherText = binary()</v>
       </type>
       <desc>
@@ -201,6 +199,7 @@
       </type>
       <desc>
 	<p>Computes the shared secret from the private key and the other party's public key.
+	 See also <seealso marker="public_key:public_key#compute_key/2">public_key:compute_key/2</seealso>
 	</p>
       </desc>
     </func>
@@ -209,7 +208,7 @@
       <name>exor(Data1, Data2) -> Result</name>
       <fsummary>XOR data</fsummary>
       <type>
-	<v>Data1, Data2 = iolist() | binary()</v>
+	<v>Data1, Data2 = iodata()</v>
 	<v>Result = binary()</v>
       </type>
       <desc>
@@ -229,6 +228,7 @@
       </type>
       <desc>
 	<p>Generates public keys of type <c>Type</c>.
+	See also <seealso marker="public_key:public_key#generate_key/1">public_key:generate_key/1</seealso>
 	</p>
       </desc>
     </func>
@@ -237,7 +237,7 @@
       <name>hash(Type, Data) -> Digest</name>
       <fsummary></fsummary>
       <type>
-	<v>Type = md4 | md5 | ripemd160 | sha | sha224 | sha256 | sha384 | sha512</v>
+	<v>Type = md4 | message_digest_algorithms()</v>
 	<v>Data = iodata()</v>
 	<v>Digest = binary()</v>
       </type>
@@ -252,7 +252,7 @@
       <name>hash_init(Type) -> Context</name>
       <fsummary></fsummary>
       <type>
-	<v>Type = md4 | md5 | ripemd160 | sha | sha224 | sha256 | sha384 | sha512</v>
+	<v>Type = md4 | message_digest_algorithms()</v>
       </type>
       <desc>
         <p>Initializes the context for streaming hash operations. <c>Type</c> determines
@@ -296,7 +296,7 @@
       <name>hmac(Type, Key, Data, MacLength) -> Mac</name>
       <fsummary></fsummary>
       <type>
-	<v>Type = md5 | sha | sha224 | sha256 | sha384 | sha512</v>
+	<v>Type = message_digest_algorithms() </v>
         <v>Key = iodata()</v>
 	<v>Data = iodata()</v>
         <v>MacLength = integer()</v>
@@ -313,8 +313,8 @@
       <name>hmac_init(Type, Key) -> Context</name>
       <fsummary></fsummary>
       <type>
-        <v>Type = md5 | ripemd160 | sha | sha224 | sha256 | sha384 | sha512</v>
-        <v>Key = iolist() | binary()</v>
+        <v>Type = message_digest_algorithms()</v>
+        <v>Key = iodata()</v>
         <v>Context = binary()</v>
       </type>
       <desc>
@@ -329,13 +329,17 @@
       <fsummary></fsummary>
       <type>
         <v>Context = NewContext = binary()</v>
-        <v>Data = iolist() | binary()</v>
+        <v>Data = iodata()</v>
       </type>
       <desc>
         <p>Updates the HMAC represented by <c>Context</c> using the given <c>Data</c>. <c>Context</c>
         must have been generated using an HMAC init function (such as 
         <seealso marker="#hmac_init/2">hmac_init</seealso>). <c>Data</c> can be any length. <c>NewContext</c>
-        must be passed into the next call to <c>hmac_update</c>.</p>
+        must be passed into the next call to <c>hmac_update</c>
+	or to one of the functions <seealso marker="#hmac_final/1">hmac_final</seealso> and
+	<seealso marker="#hmac_final_n/1">hmac_final_n</seealso>
+	</p>
+
       </desc>
     </func>
 
@@ -391,10 +395,10 @@
     </func>
 
     <func>
-      <name>mod_exp_prime(N, P, M) -> Result</name>
+      <name>mod_pow(N, P, M) -> Result</name>
       <fsummary>Computes the function: N^P mod M</fsummary>
       <type>
-	<v>N, P, M = binary()</v>
+	<v>N, P, M = binary() | integer()</v>
 	<v>Result = binary() | error</v>
       </type>
       <desc>
@@ -433,6 +437,7 @@
 	  message. The <c>Padding</c> is the padding mode that was
 	  used to encrypt the data,
 	  see <seealso marker="#public_encrypt/3">public_encrypt/3</seealso>.
+	  See also <seealso marker="public_key:public_key#decrypt_private/2">public_key:decrypt_private/[2,3]</seealso>
 	</p>
       </desc>
     </func>
@@ -455,6 +460,7 @@
 	  The size of the <c>Msg</c> must be less than <c>byte_size(N)-11</c> if
 	  <c>rsa_pkcs1_padding</c> is used, and <c>byte_size(N)</c> if <c>rsa_no_padding</c>
 	  is used.
+	  See also <seealso marker="public_key:public_key#encrypt_private/2">public_key:encrypt_private/[2,3]</seealso>
 	</p>
       </desc>
     </func>
@@ -475,6 +481,7 @@
 	  message. The <c>Padding</c> is the padding mode that was
 	  used to encrypt the data,
 	  see <seealso marker="#private_encrypt/3">private_encrypt/3</seealso>.
+	  See also <seealso marker="public_key:public_key#decrypt_public/2">public_key:decrypt_public/[2,3]</seealso>
 	</p>
       </desc>
     </func>
@@ -501,6 +508,7 @@
 	  <c>rsa_pkcs1_padding</c> is used, <c>byte_size(N)-41</c> if
 	  <c>rsa_pkcs1_oaep_padding</c> is used and <c>byte_size(N)</c> if <c>rsa_no_padding</c>
 	  is used.
+	  See also <seealso marker="public_key:public_key#encrypt_public/2">public_key:encrypt_public/[2,3]</seealso>
 	</p>
       </desc>
     </func>
@@ -545,6 +553,7 @@
       </type>
       <desc>
 	<p> Creates a digital signature.</p>
+	See also <seealso marker="public_key:public_key#sign/3">public_key:sign/3</seealso>
       </desc>
     </func>
 
@@ -613,36 +622,32 @@
     </func>
 
     <func>
-      <name>stream_encrypt(Type, State, PlainText) -> { NewState, CipherText}</name>
+      <name>stream_encrypt(State, PlainText) -> { NewState, CipherText}</name>
       <fsummary></fsummary>
       <type>
-	<v>Type = stream_cipher() </v>
-        <v>Text = iolist() | binary()</v>
+        <v>Text = iodata()</v>
         <v>CipherText = binary()</v>
       </type>
       <desc>
-	<p>Encrypts <c>PlainText</c> according to the stream cipher <c>Type</c>.
-	<c>Text</c> can be any number of bytes. State is initialized using
-        <seealso marker="#stream_init/2">stream_init</seealso> on
-	the next invocation of this function the returned State shall be
-	given as input and so on until the end of the stream is reached.</p>
+	<p>Encrypts <c>PlainText</c> according to the stream cipher <c>Type</c> specified in stream_init/3.
+	<c>Text</c> can be any number of bytes. The initial <c>State</c> is created using
+        <seealso marker="#stream_init/2">stream_init</seealso>.
+	<c>NewState</c> must be passed into the next call to <c>stream_encrypt</c>.</p>
       </desc>
     </func>
 
     <func>
-      <name>stream_decrypt(Type, State, CipherText) -> { NewState, PlainText }</name>
+      <name>stream_decrypt(State, CipherText) -> { NewState, PlainText }</name>
       <fsummary></fsummary>
       <type>
-	<v>Type = stream_cipher() </v>
-        <v>CipherText = iodata() | binary()</v>
+        <v>CipherText = iodata()</v>
         <v>PlainText = binary()</v>
       </type>
       <desc>
-	<p>Decrypts <c>CipherText</c> according to the stream cipher <c>Type</c>.
-	<c>PlainText</c> can be any number of bytes. State is initialized using
-        <seealso marker="#stream_init/2">stream_init</seealso> on
-	the next invocation of this function the returned State shall be
-	given as input and so on until the end of the stream is reached.</p>
+	<p>Decrypts <c>CipherText</c> according to the stream cipher <c>Type</c> specified in stream_init/3.
+	<c>PlainText</c> can be any number of bytes. The initial <c>State</c> is created using
+        <seealso marker="#stream_init/2">stream_init</seealso>.
+	<c>NewState</c> must be passed into the next call to <c>stream_encrypt</c>.</p>
       </desc>
     </func>
 
@@ -660,6 +665,7 @@
       </type>
       <desc>
 	<p>Verifies a digital signature</p>
+	See also <seealso marker="public_key:public_key#sign/3">public_key:verify/3</seealso>
       </desc>
     </func>
 
diff --git a/lib/crypto/doc/src/crypto_app.xml b/lib/crypto/doc/src/crypto_app.xml
index 20f4ed5c45..6d26076c04 100644
--- a/lib/crypto/doc/src/crypto_app.xml
+++ b/lib/crypto/doc/src/crypto_app.xml
@@ -29,37 +29,23 @@
   <app>crypto</app>
   <appsummary>The Crypto Application</appsummary>
   <description>
-    <p>The purpose of the Crypto application is to provide erlang
-    acess to crypto graphic functions in openssl.
+    <p>The purpose of the Crypto application is to provide an Erlang API
+    to cryptographic functions, see <seealso marker="crypto">crypto(3)</seealso>.
+    Note that the API is on a fairly low level and there are some
+    corresponding API functions available in <seealso marker="public_key:public_key">public_key(3)</seealso>,
+    on a higher abstraction level, that uses the crypto application in its implementation.
     </p>
   </description>
 
   <section>
-    <title>Configuration</title>
-    <p>The following environment configuration parameters are defined
-      for the Crypto application. Refer to application(3) for more
-      information about configuration parameters.
-      </p>
-    <taglist>
-      <tag><c><![CDATA[debug = true | false <optional>]]></c></tag>
-      <item>
-        <p>Causes debug information to be written to standard
-          error or standard output. Default is <c>false</c>.
-          </p>
-      </item>
-    </taglist>
-  </section>
+    <title>DEPENDENCIES</title>
 
-  <section>
-    <title>OpenSSL libraries</title>
-    <p>The current implementation of the Erlang Crypto application is
-      based on the <em>OpenSSL</em> package version 0.9.8 or higher.
-      There are source and binary releases on the web.
-      </p>
+    <p>The current crypto implementation uses nifs to interface OpenSSLs crypto library
+    and requires <em>OpenSSL</em> package version 0.9.8 or higher.</p>
     <p>Source releases of OpenSSL can be downloaded from the <url href="http://www.openssl.org">OpenSSL</url> project home page,
-      or mirror sites listed there.
-      </p>
-  </section>
+    or mirror sites listed there.
+    </p>
+    </section>
 
   <section>
     <title>SEE ALSO</title>
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index f3fd119cdd..f4e157198c 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -26,11 +26,11 @@
 -export([sign/4, verify/5]).
 -export([generate_key/2, generate_key/3, compute_key/4]).
 -export([hmac/3, hmac/4, hmac_init/2, hmac_update/2, hmac_final/1, hmac_final_n/2]).
--export([exor/2, strong_rand_bytes/1, mod_exp_prime/3]).
+-export([exor/2, strong_rand_bytes/1, mod_pow/3]).
 -export([rand_bytes/1, rand_bytes/3, rand_uniform/2]).
 -export([block_encrypt/3, block_decrypt/3, block_encrypt/4, block_decrypt/4]).
 -export([next_iv/2, next_iv/3]).
--export([stream_init/2, stream_init/3, stream_encrypt/3, stream_decrypt/3]).
+-export([stream_init/2, stream_init/3, stream_encrypt/2, stream_decrypt/2]).
 -export([public_encrypt/4, private_decrypt/4]).
 -export([private_encrypt/4, public_decrypt/4]).
 
@@ -193,7 +193,7 @@
 		    rand_bytes,
 		    strong_rand_bytes,
 		    rand_uniform,
-		    mod_exp_prime,
+		    mod_pow,
 		    exor,
 		    %% deprecated
 		    mod_exp,strong_rand_mpint,erlint, mpint,
@@ -685,7 +685,7 @@ sha512_mac_nif(_Key,_Data,_MacSz) -> ?nif_stub.
 %% Ecrypt/decrypt %%%
 
 -spec block_encrypt(des_cbc | des_cfb | des3_cbc | des3_cbf | des_ede3 | blowfish_cbc |
-		    blowfish_cfb64 | aes_cbc128 | aes_cfb128 | rc2_cbc,
+		    blowfish_cfb64 | aes_cbc128 | aes_cfb128 | aes_cbc256 | rc2_cbc,
 		    Key::iodata(), Ivec::binary(), Data::iodata()) -> binary().
 
 block_encrypt(des_cbc, Key, Ivec, Data) ->
@@ -714,7 +714,7 @@ block_encrypt(rc2_cbc, Key, Ivec, Data) ->
     rc2_cbc_encrypt(Key, Ivec, Data).
 
 -spec block_decrypt(des_cbc | des_cfb | des3_cbc | des3_cbf | des_ede3 | blowfish_cbc |
-	      blowfish_cfb64 | blowfish_ofb64  | aes_cbc128 | aes_cfb128 | rc2_cbc,
+	      blowfish_cfb64 | blowfish_ofb64  | aes_cbc128 | aes_cbc256 | aes_cfb128 | rc2_cbc,
 	      Key::iodata(), Ivec::binary(), Data::iodata()) -> binary().
 
 block_decrypt(des_cbc, Key, Ivec, Data) ->
@@ -769,17 +769,21 @@ next_iv(des_cbf, Ivec, Data) ->
     des_cfb_ivec(Ivec, Data).
 
 stream_init(aes_ctr, Key, Ivec) ->
-    aes_ctr_stream_init(Key, Ivec).
+    {aes_ctr, aes_ctr_stream_init(Key, Ivec)}.
 stream_init(rc4, Key) ->
-    rc4_set_key(Key).
-stream_encrypt(aes_ctr, State, Data) ->
-    aes_ctr_stream_encrypt(State, Data);
-stream_encrypt(rc4, State, Data) ->
-    rc4_encrypt_with_state(State, Data).
-stream_decrypt(aes_ctr, State, Data) ->
-    aes_ctr_stream_decrypt(State, Data);
-stream_decrypt(rc4, State, Data) ->
-    rc4_encrypt_with_state (State, Data).
+    {rc4, rc4_set_key(Key)}.
+stream_encrypt({aes_ctr, State}, Data) ->
+    {State, Cipher} = aes_ctr_stream_encrypt(State, Data),
+    {{aes_ctr, State}, Cipher};
+stream_encrypt({rc4, State0}, Data) ->
+    {State, Cipher} = rc4_encrypt_with_state(State0, Data),
+    {{rc4, State}, Cipher}.
+stream_decrypt({aes_ctr, State0}, Data) ->
+    {State, Text} = aes_ctr_stream_decrypt(State0, Data),
+    {{aes_ctr, State}, Text};
+stream_decrypt({rc4, State0}, Data) ->
+    {State, Text} = rc4_encrypt_with_state (State0, Data),
+    {{rc4, State}, Text}.
 
 %%
 %% CRYPTO FUNCTIONS
@@ -1018,9 +1022,9 @@ mod_exp(Base, Exponent, Modulo)
 mod_exp(Base, Exponent, Modulo) ->
     mod_exp_nif(mpint_to_bin(Base),mpint_to_bin(Exponent),mpint_to_bin(Modulo), 4).
     
--spec mod_exp_prime(binary(), binary(), binary()) -> binary() | error.
-mod_exp_prime(Base, Exponent, Prime) ->
-    case mod_exp_nif(Base, Exponent, Prime, 0) of
+-spec mod_pow(binary()|integer(), binary()|integer(), binary()|integer()) -> binary() | error.
+mod_pow(Base, Exponent, Prime) ->
+    case mod_exp_nif(ensure_int_as_bin(Base), ensure_int_as_bin(Exponent), ensure_int_as_bin(Prime), 0) of
 	<<0>> -> error;
 	R -> R
     end.
@@ -1500,7 +1504,7 @@ term_to_ec_key_nif(_Curve, _PrivKey, _PubKey) -> ?nif_stub.
 %%
 
 user_srp_gen_key(Private, Generator, Prime) ->
-    case mod_exp_prime(Generator, Private, Prime) of
+    case mod_pow(Generator, Private, Prime) of
 	error ->
 	    error;
 	Public ->
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index cff257bb8c..eddb6b83f9 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -1979,8 +1979,8 @@ srp3(Config) when is_list(Config) ->
 			    "9176A9192615DC0277AE7C12F1F6A7F6563FCA11675D809AF578BDE5"
 			    "2B51E05D440B63099A017A0B45044801"),
     UserPassHash = crypto:sha([Salt, crypto:sha([Username, <<$:>>, Password])]),
-    Verifier = crypto:mod_exp_prime(Generator, UserPassHash, Prime), 
-    ClientPublic = crypto:mod_exp_prime(Generator, ClientPrivate, Prime),
+    Verifier = crypto:mod_pow(Generator, UserPassHash, Prime), 
+    ClientPublic = crypto:mod_pow(Generator, ClientPrivate, Prime),
 
     {ClientPublic, ClientPrivate} = crypto:generate_key(srp, {user, [Generator, Prime, Version]}, ClientPrivate),
     {ServerPublic, ServerPrivate} = crypto:generate_key(srp, {host, [Verifier, Generator, Prime, Version]}, ServerPrivate),
@@ -2030,8 +2030,8 @@ srp6(Config) when is_list(Config) ->
 				 "72E992AAD89095A84B6A5FADA152369AB1E350A03693BEF044DF3EDF"
 				 "0C34741F4696C30E9F675D09F58ACBEB"),
     UserPassHash = crypto:sha([Salt, crypto:sha([Username, <<$:>>, Password])]),
-    Verifier = crypto:mod_exp_prime(Generator, UserPassHash, Prime), 
-    ClientPublic = crypto:mod_exp_prime(Generator, ClientPrivate, Prime),
+    Verifier = crypto:mod_pow(Generator, UserPassHash, Prime), 
+    ClientPublic = crypto:mod_pow(Generator, ClientPrivate, Prime),
 
     {ClientPublic, ClientPrivate} = crypto:generate_key(srp, {user, [Generator, Prime, Version]}, ClientPrivate),
     {ServerPublic, ServerPrivate} = crypto:generate_key(srp, {host, [Verifier, Generator, Prime, Version]}, ServerPrivate),
@@ -2081,7 +2081,7 @@ srp6a(Config) when is_list(Config) ->
 			    "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D"
 			    "C346D7E474B29EDE8A469FFECA686E5A"),
     UserPassHash = crypto:sha([Salt, crypto:sha([Username, <<$:>>, Password])]),
-    Verifier = crypto:mod_exp_prime(Generator, UserPassHash, Prime), 
+    Verifier = crypto:mod_pow(Generator, UserPassHash, Prime), 
 
     {ClientPublic, ClientPrivate} = crypto:generate_key(srp, {user, [Generator, Prime, Version]}, ClientPrivate),
     {ServerPublic, ServerPrivate} = crypto:generate_key(srp, {host, [Verifier, Generator, Prime, Version]}, ServerPrivate),