diff options
author | Ingela Anderton Andin <ingela@erlang.org> | 2013-04-25 14:51:19 +0200 |
---|---|---|
committer | Ingela Anderton Andin <ingela@erlang.org> | 2013-05-08 10:39:21 +0200 |
commit | badb8f14e9829ce0a797b56702997aa355cdd9ba (patch) | |
tree | e0e83ebf28a70a67a4bb710b7f3ef03301facf03 /lib | |
parent | dad86c51e920d015da390ec6bef3da24924fa063 (diff) | |
download | otp-badb8f14e9829ce0a797b56702997aa355cdd9ba.tar.gz otp-badb8f14e9829ce0a797b56702997aa355cdd9ba.tar.bz2 otp-badb8f14e9829ce0a797b56702997aa355cdd9ba.zip |
ssl, crypto: Eliminate remaining mpint and EC resource key from API
Diffstat (limited to 'lib')
-rw-r--r-- | lib/crypto/src/crypto.erl | 17 | ||||
-rw-r--r-- | lib/crypto/test/crypto_SUITE.erl | 13 | ||||
-rw-r--r-- | lib/public_key/src/public_key.erl | 29 | ||||
-rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 16 | ||||
-rw-r--r-- | lib/ssl/test/erl_make_certs.erl | 2 |
5 files changed, 36 insertions, 41 deletions
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index 43ea1d48fd..f87644b3fe 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -855,8 +855,8 @@ verify(rsa, Type, DataOrDigest, Signature, Key) -> notsup -> erlang:error(notsup); Bool -> Bool end; -verify(ecdsa, Type, DataOrDigest, Signature, Key) -> - case ecdsa_verify_nif(Type, DataOrDigest, Signature, term_to_ec_key(Key)) of +verify(ecdsa, Type, DataOrDigest, Signature, [Key, Curve]) -> + case ecdsa_verify_nif(Type, DataOrDigest, Signature, term_to_ec_key({Curve, undefined, Key})) of notsup -> erlang:error(notsup); Bool -> Bool end. @@ -901,6 +901,11 @@ map_ensure_int_as_bin([H|_]=List) when is_integer(H) -> map_ensure_int_as_bin(List) -> List. +ensure_int_as_bin(Int) when is_integer(Int) -> + int_to_bin(Int); +ensure_int_as_bin(Bin) -> + Bin. + map_to_norm_bin([H|_]=List) when is_integer(H) -> lists:map(fun(E) -> int_to_bin(E) end, List); map_to_norm_bin(List) -> @@ -917,8 +922,8 @@ sign(dss, Type, DataOrDigest, Key) -> error -> erlang:error(badkey, [DataOrDigest, Key]); Sign -> Sign end; -sign(ecdsa, Type, DataOrDigest, Key) -> - case ecdsa_sign_nif(Type, DataOrDigest, term_to_ec_key(Key)) of +sign(ecdsa, Type, DataOrDigest, [Key, Curve]) -> + case ecdsa_sign_nif(Type, DataOrDigest, term_to_ec_key({Curve, Key, undefined})) of error -> erlang:error(badkey, [Type,DataOrDigest,Key]); Sign -> Sign end. @@ -1228,9 +1233,9 @@ term_to_nif_prime({prime_field, Prime}) -> term_to_nif_prime(PrimeField) -> PrimeField. term_to_nif_curve({A, B, Seed}) -> - {int_to_bin(A), int_to_bin(B), Seed}. + {ensure_int_as_bin(A), ensure_int_as_bin(B), Seed}. term_to_nif_curve_parameters({PrimeField, Curve, BasePoint, Order, CoFactor}) -> - {term_to_nif_prime(PrimeField), term_to_nif_curve(Curve), BasePoint, int_to_bin(Order), int_to_bin(CoFactor)}; + {term_to_nif_prime(PrimeField), term_to_nif_curve(Curve), ensure_int_as_bin(BasePoint), int_to_bin(Order), int_to_bin(CoFactor)}; term_to_nif_curve_parameters(Curve) when is_atom(Curve) -> %% named curve Curve. diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl index 473609778c..3ebe10866c 100644 --- a/lib/crypto/test/crypto_SUITE.erl +++ b/lib/crypto/test/crypto_SUITE.erl @@ -1892,8 +1892,8 @@ ec(Config) when is_list(Config) -> ec_do() -> %% test for a name curve {D2_priv, D2_pub} = crypto:generate_key(ecdh, sect113r2), - D2 = {sect113r2, D2_priv, D2_pub}, - + PrivECDH = [D2_priv, sect113r2], + PubECDH = [D2_pub, sect113r2], %%TODO: find a published test case for a EC key %% test for a full specified curve and public key, @@ -1932,14 +1932,11 @@ ec_do() -> 16#f7, 16#90, 16#1e, 16#0e, 16#82, 16#97, 16#48, 16#56, 16#a7>>, CoFactor = 1, Curve = {{prime_field,P},{A,B,none},BasePoint, Order,CoFactor}, - CsCaKey = {Curve, undefined, PubKey}, - %%T3 = crypto:term_to_ec_key(CsCaKey), - %%?line CsCaKey = crypto:ec_key_to_term(T3), Msg = <<99,234,6,64,190,237,201,99,80,248,58,40,70,45,149,218,5,246,242,63>>, - Sign = crypto:sign(ecdsa, sha, Msg, D2), - ?line true = crypto:verify(ecdsa, sha, Msg, Sign, D2), - ?line false = crypto:verify(ecdsa, sha, Msg, <<10,20>>, D2), + Sign = crypto:sign(ecdsa, sha, Msg, PrivECDH), + ?line true = crypto:verify(ecdsa, sha, Msg, Sign, PubECDH), + ?line false = crypto:verify(ecdsa, sha, Msg, <<10,20>>, PubECDH), ok. diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index 3497018a88..a8fe9213ea 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -326,7 +326,9 @@ encrypt_private(PlainText, crypto:rsa_private_encrypt(PlainText, format_rsa_private_key(Key), Padding). %%-------------------------------------------------------------------- --spec generate_key(#'DHParameter'{} | {namedCurve, Name ::atom()} | #'OTPECParameters'{}) -> {Public::binary(), Private::binary()}. +-spec generate_key(#'DHParameter'{} | {namedCurve, Name ::atom()} | + #'OTPECParameters'{}) -> {Public::binary(), Private::binary()} | + #'ECPrivateKey'{}. %% Description: Generates a new keypair %%-------------------------------------------------------------------- generate_key(#'DHParameter'{prime = P, base = G}) -> @@ -396,9 +398,10 @@ sign(DigestOrPlainText, DigestType, Key = #'RSAPrivateKey'{}) -> sign(DigestOrPlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) -> crypto:sign(dss, sha, DigestOrPlainText, [P, Q, G, X]); -sign(DigestOrPlainText, DigestType, Key = #'ECPrivateKey'{}) -> - ECDHKey = format_ecdh_key(Key), - crypto:sign(ecdsa, DigestType, DigestOrPlainText, ECDHKey); +sign(DigestOrPlainText, DigestType, #'ECPrivateKey'{privateKey = PrivKey, + parameters = Param}) -> + ECCurve = ec_curve_spec(Param), + crypto:sign(ecdsa, DigestType, DigestOrPlainText, [list2int(PrivKey), ECCurve]); %% Backwards compatible sign(Digest, none, #'DSAPrivateKey'{} = Key) -> @@ -415,9 +418,9 @@ verify(DigestOrPlainText, DigestType, Signature, crypto:verify(rsa, DigestType, DigestOrPlainText, Signature, [Exp, Mod]); -verify(DigestOrPlaintext, DigestType, Signature, Key = {#'ECPoint'{}, _}) -> - ECDHKey = format_ecdh_key(Key), - crypto:verify(ecdsa, DigestType, DigestOrPlaintext, Signature, ECDHKey); +verify(DigestOrPlaintext, DigestType, Signature, {#'ECPoint'{point = Point}, Param}) -> + ECCurve = ec_curve_spec(Param), + crypto:verify(ecdsa, DigestType, DigestOrPlaintext, Signature, [Point, ECCurve]); %% Backwards compatibility verify(Digest, none, Signature, {_, #'Dss-Parms'{}} = Key ) -> @@ -868,20 +871,10 @@ ec_generate_key(Params) -> Term = crypto:generate_key(ecdh, Curve), ec_key(Term, Params). -format_ecdh_key(#'ECPrivateKey'{privateKey = PrivKey, - parameters = Param, - publicKey = _}) -> - ECCurve = ec_curve_spec(Param), - {ECCurve, list2int(PrivKey), undefined}; - -format_ecdh_key({#'ECPoint'{point = Point}, Param}) -> - ECCurve = ec_curve_spec(Param), - {ECCurve, undefined, Point}. - ec_curve_spec( #'OTPECParameters'{fieldID = FieldId, curve = PCurve, base = Base, order = Order, cofactor = CoFactor }) -> Field = {pubkey_cert_records:supportedCurvesTypes(FieldId#'OTPFieldID'.fieldType), FieldId#'OTPFieldID'.parameters}, - Curve = {list2int(PCurve#'Curve'.a), list2int(PCurve#'Curve'.b), none}, + Curve = {erlang:list_to_binary(PCurve#'Curve'.a), erlang:list_to_binary(PCurve#'Curve'.b), none}, {Field, Curve, erlang:list_to_binary(Base), Order, CoFactor}; ec_curve_spec({namedCurve, OID}) -> pubkey_cert_records:namedCurves(OID). diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 0744ef4180..338319ab9e 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -429,10 +429,8 @@ key_exchange(client, _Version, {srp, PublicKey}) -> key_exchange(server, Version, {dh, {PublicKey, _}, #'DHParameter'{prime = P, base = G}, HashSign, ClientRandom, ServerRandom, PrivateKey}) -> - <<?UINT32(_), PBin/binary>> = crypto:mpint(P), - <<?UINT32(_), GBin/binary>> = crypto:mpint(G), - ServerDHParams = #server_dh_params{dh_p = PBin, - dh_g = GBin, dh_y = PublicKey}, + ServerDHParams = #server_dh_params{dh_p = int_to_bin(P), + dh_g = int_to_bin(G), dh_y = PublicKey}, enc_server_key_exchange(Version, ServerDHParams, HashSign, ClientRandom, ServerRandom, PrivateKey); @@ -452,12 +450,10 @@ key_exchange(server, Version, {psk, PskIdentityHint, key_exchange(server, Version, {dhe_psk, PskIdentityHint, {PublicKey, _}, #'DHParameter'{prime = P, base = G}, HashSign, ClientRandom, ServerRandom, PrivateKey}) -> - <<?UINT32(_), PBin/binary>> = crypto:mpint(P), - <<?UINT32(_), GBin/binary>> = crypto:mpint(G), ServerEDHPSKParams = #server_dhe_psk_params{ hint = PskIdentityHint, - dh_params = #server_dh_params{dh_p = PBin, - dh_g = GBin, dh_y = PublicKey} + dh_params = #server_dh_params{dh_p = int_to_bin(P), + dh_g = int_to_bin(G), dh_y = PublicKey} }, enc_server_key_exchange(Version, ServerEDHPSKParams, HashSign, ClientRandom, ServerRandom, PrivateKey); @@ -1791,3 +1787,7 @@ handle_srp_extension(undefined, Session) -> Session; handle_srp_extension(#srp{username = Username}, Session) -> Session#session{srp_username = Username}. + +int_to_bin(I) -> + L = (length(integer_to_list(I, 16)) + 1) div 2, + <<I:(L*8)>>. diff --git a/lib/ssl/test/erl_make_certs.erl b/lib/ssl/test/erl_make_certs.erl index c32ca6dd1f..723ccf4496 100644 --- a/lib/ssl/test/erl_make_certs.erl +++ b/lib/ssl/test/erl_make_certs.erl @@ -409,7 +409,7 @@ int2list(I) -> binary_to_list(<<I:(L*8)>>). gen_ec2(CurveId) -> - {PrivKey, PubKey} = crypto:generate_key(ecdh,CurveId), + {PrivKey, PubKey} = crypto:generate_key(ecdh, CurveId), #'ECPrivateKey'{version = 1, privateKey = int2list(PrivKey), |