diff options
Diffstat (limited to 'lib/crypto/c_src/crypto.c')
-rw-r--r-- | lib/crypto/c_src/crypto.c | 193 |
1 files changed, 78 insertions, 115 deletions
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index 00abeb9990..c28ff8136c 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -242,8 +242,6 @@ static ERL_NIF_TERM bf_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar static ERL_NIF_TERM bf_ecb_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); static ERL_NIF_TERM blowfish_ofb64_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); -static ERL_NIF_TERM ec_key_to_term_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); -static ERL_NIF_TERM term_to_ec_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); static ERL_NIF_TERM ec_key_generate(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); static ERL_NIF_TERM ecdsa_sign_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); static ERL_NIF_TERM ecdsa_verify_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); @@ -372,12 +370,10 @@ static ErlNifFunc nif_funcs[] = { {"bf_ecb_crypt", 3, bf_ecb_crypt}, {"blowfish_ofb64_encrypt", 3, blowfish_ofb64_encrypt}, - {"ec_key_to_term_nif", 1, ec_key_to_term_nif}, - {"term_to_ec_key_nif", 3, term_to_ec_key_nif}, {"ec_key_generate", 1, ec_key_generate}, - {"ecdsa_sign_nif", 3, ecdsa_sign_nif}, - {"ecdsa_verify_nif", 4, ecdsa_verify_nif}, - {"ecdh_compute_key_nif", 2, ecdh_compute_key_nif} + {"ecdsa_sign_nif", 4, ecdsa_sign_nif}, + {"ecdsa_verify_nif", 5, ecdsa_verify_nif}, + {"ecdh_compute_key_nif", 3, ecdh_compute_key_nif} }; #if defined(HAVE_EC) @@ -472,10 +468,7 @@ static struct nid_map ec_curves[] = { #define EC_CURVES_CNT (sizeof(ec_curves)/sizeof(struct nid_map)) -struct nif_ec_key { - EC_KEY *key; -}; -#endif +#endif /* HAVE_EC */ ERL_NIF_INIT(crypto,nif_funcs,load,NULL,upgrade,unload) @@ -528,17 +521,13 @@ static ERL_NIF_TERM atom_none; static ERL_NIF_TERM atom_notsup; static ERL_NIF_TERM atom_digest; -static ERL_NIF_TERM atom_ec; - #if defined(HAVE_EC) +static ERL_NIF_TERM atom_ec; static ERL_NIF_TERM atom_prime_field; static ERL_NIF_TERM atom_characteristic_two_field; static ERL_NIF_TERM atom_tpbasis; static ERL_NIF_TERM atom_ppbasis; static ERL_NIF_TERM atom_onbasis; - -static ErlNifResourceType* res_type_ec_key; -static void ec_key_dtor(ErlNifEnv* env, void* obj); #endif /* @@ -570,7 +559,6 @@ static void error_handler(void* null, const char* errstr) static int init(ErlNifEnv* env, ERL_NIF_TERM load_info) { - int i; ErlNifSysInfo sys_info; get_crypto_callbacks_t* funcp; struct crypto_callbacks* ccb; @@ -590,6 +578,7 @@ static int init(ErlNifEnv* env, ERL_NIF_TERM load_info) PRINTF_ERR1("CRYPTO: Invalid load_info '%T'", load_info); return 0; } + if (library_refc > 0) { /* Repeated loading of this library (module upgrade). * Atoms and callbacks are already set, we are done. @@ -631,13 +620,11 @@ static int init(ErlNifEnv* env, ERL_NIF_TERM load_info) atom_ppbasis = enif_make_atom(env,"ppbasis"); atom_onbasis = enif_make_atom(env,"onbasis"); - for (i = 0; i < EC_CURVES_CNT; i++) + { + int i; + for (i = 0; i < EC_CURVES_CNT; i++) ec_curves[i].atom = enif_make_atom(env,ec_curves[i].name); - - res_type_ec_key = enif_open_resource_type(env,NULL,"crypto.EC_KEY", - ec_key_dtor, - ERL_NIF_RT_CREATE|ERL_NIF_RT_TAKEOVER, - NULL); + } #endif init_digest_types(env); @@ -1437,7 +1424,7 @@ static ERL_NIF_TERM hmac_final(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv HMAC_CTX_cleanup(&ctx); if (argc == 2 && req_len < mac_len) { - // Only truncate to req_len bytes if asked. + /* Only truncate to req_len bytes if asked. */ mac_len = req_len; } mac_bin = enif_make_new_binary(env, mac_len, &ret); @@ -2936,7 +2923,7 @@ static EC_KEY* ec_key_new(ErlNifEnv* env, ERL_NIF_TERM curve_arg) && c_arity == 5 && get_bn_from_bin(env, curve[3], &bn_order) && (curve[4] != atom_none && get_bn_from_bin(env, curve[4], &cofactor))) { - //* {Field, Prime, Point, Order, CoFactor} = Curve */ + /* {Field, Prime, Point, Order, CoFactor} = Curve */ int f_arity = -1; const ERL_NIF_TERM* field; @@ -3090,7 +3077,7 @@ static ERL_NIF_TERM bn2term(ErlNifEnv* env, const BIGNUM *bn) dlen = BN_num_bytes(bn); ptr = enif_make_new_binary(env, dlen, &ret); BN_bn2bin(bn, ptr); - + ERL_VALGRIND_MAKE_MEM_DEFINED(ptr, dlen); return ret; } @@ -3113,39 +3100,10 @@ static ERL_NIF_TERM point2term(ErlNifEnv* env, enif_release_binary(&bin); return enif_make_badarg(env); } - + ERL_VALGRIND_MAKE_MEM_DEFINED(bin.data, bin.size); return enif_make_binary(env, &bin); } -#endif - -static ERL_NIF_TERM ec_key_to_term_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) -{ -#if defined(HAVE_EC) - struct nif_ec_key *obj; - const EC_GROUP *group; - const EC_POINT *public_key; - const BIGNUM *priv_key = NULL; - ERL_NIF_TERM pub_key = atom_undefined; - - if (!enif_get_resource(env, argv[0], res_type_ec_key, (void **)&obj)) - return enif_make_badarg(env); - - group = EC_KEY_get0_group(obj->key); - public_key = EC_KEY_get0_public_key(obj->key); - priv_key = EC_KEY_get0_private_key(obj->key); - - if (group) { - if (public_key) - pub_key = point2term(env, group, public_key, EC_KEY_get_conv_form(obj->key)); - } - - return enif_make_tuple2(env, pub_key, bn2term(env, priv_key)); -#else - return atom_notsup; -#endif -} -#if defined(HAVE_EC) static int term2point(ErlNifEnv* env, ERL_NIF_TERM term, EC_GROUP *group, EC_POINT **pptr) { @@ -3173,24 +3131,22 @@ static int term2point(ErlNifEnv* env, ERL_NIF_TERM term, return ret; } -#endif -static ERL_NIF_TERM term_to_ec_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) +static int get_ec_key(ErlNifEnv* env, + ERL_NIF_TERM curve, ERL_NIF_TERM priv, ERL_NIF_TERM pub, + EC_KEY** res) { -#if defined(HAVE_EC) - ERL_NIF_TERM ret; EC_KEY *key = NULL; BIGNUM *priv_key = NULL; EC_POINT *pub_key = NULL; - struct nif_ec_key *obj; EC_GROUP *group = NULL; - if (!(argv[1] == atom_undefined || get_bn_from_bin(env, argv[1], &priv_key)) - || !(argv[2] == atom_undefined || enif_is_binary(env, argv[2]))) { + if (!(priv == atom_undefined || get_bn_from_bin(env, priv, &priv_key)) + || !(pub == atom_undefined || enif_is_binary(env, pub))) { goto out_err; } - key = ec_key_new(env, argv[0]); + key = ec_key_new(env, curve); if (!key) { goto out_err; @@ -3199,12 +3155,12 @@ static ERL_NIF_TERM term_to_ec_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_T if (!group) group = EC_GROUP_dup(EC_KEY_get0_group(key)); - if (term2point(env, argv[2], group, &pub_key)) { + if (term2point(env, pub, group, &pub_key)) { if (!EC_KEY_set_public_key(key, pub_key)) { goto out_err; } } - if (argv[1] != atom_undefined + if (priv != atom_undefined && !BN_is_zero(priv_key)) { if (!EC_KEY_set_private_key(key, priv_key)) goto out_err; @@ -3223,19 +3179,11 @@ static ERL_NIF_TERM term_to_ec_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_T } } - obj = enif_alloc_resource(res_type_ec_key, sizeof(struct nif_ec_key)); - if (!obj) - goto out_err; - - obj->key = key; - ret = enif_make_resource(env, obj); - enif_release_resource(obj); - goto out; out_err: if (key) EC_KEY_free(key); - ret = enif_make_badarg(env); + key = NULL; out: /* some OpenSSL structures are mem-dup'ed into the key, @@ -3243,11 +3191,12 @@ out: if (priv_key) BN_clear_free(priv_key); if (pub_key) EC_POINT_free(pub_key); if (group) EC_GROUP_free(group); - return ret; -#else - return atom_notsup; -#endif + if (!key) + return 0; + *res = key; + return 1; } +#endif /* HAVE_EC */ static ERL_NIF_TERM ec_key_generate(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) { @@ -3255,14 +3204,21 @@ static ERL_NIF_TERM ec_key_generate(ErlNifEnv* env, int argc, const ERL_NIF_TERM EC_KEY *key = ec_key_new(env, argv[0]); if (key && EC_KEY_generate_key(key)) { - ERL_NIF_TERM term; - struct nif_ec_key *obj = enif_alloc_resource(res_type_ec_key, sizeof(struct nif_ec_key)); - if (!obj) - return atom_error; - obj->key = key; - term = enif_make_resource(env, obj); - enif_release_resource(obj); - return term; + const EC_GROUP *group; + const EC_POINT *public_key; + ERL_NIF_TERM priv_key; + ERL_NIF_TERM pub_key = atom_undefined; + + group = EC_KEY_get0_group(key); + public_key = EC_KEY_get0_public_key(key); + + if (group && public_key) { + pub_key = point2term(env, group, public_key, + EC_KEY_get_conv_form(key)); + } + priv_key = bn2term(env, EC_KEY_get0_private_key(key)); + EC_KEY_free(key); + return enif_make_tuple2(env, pub_key, priv_key); } else return enif_make_badarg(env); @@ -3271,21 +3227,13 @@ static ERL_NIF_TERM ec_key_generate(ErlNifEnv* env, int argc, const ERL_NIF_TERM #endif } -#if defined(HAVE_EC) -static void ec_key_dtor(ErlNifEnv* env, void* obj) -{ - struct nif_ec_key *key = (struct nif_ec_key*) obj; - EC_KEY_free(key->key); -} -#endif - static ERL_NIF_TERM ecdsa_sign_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) -{/* (Type, Data|{digest,Digest}, Key) */ +{/* (Type, Data|{digest,Digest}, Curve, Key) */ #if defined(HAVE_EC) ErlNifBinary data_bin, ret_bin; unsigned char hmacbuf[SHA_DIGEST_LENGTH]; unsigned int dsa_s_len; - struct nif_ec_key *obj; + EC_KEY* key = NULL; int i; const ERL_NIF_TERM* tpl_terms; int tpl_arity; @@ -3300,30 +3248,32 @@ static ERL_NIF_TERM ecdsa_sign_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM return atom_notsup; } - if (!enif_get_resource(env, argv[2], res_type_ec_key, (void **)&obj)) - return enif_make_badarg(env); + if (!get_ec_key(env, argv[2], argv[3], atom_undefined, &key)) + goto badarg; if (enif_get_tuple(env, argv[1], &tpl_arity, &tpl_terms)) { if (tpl_arity != 2 || tpl_terms[0] != atom_digest || !enif_inspect_binary(env, tpl_terms[1], &data_bin) || data_bin.size != digp->len) { - return enif_make_badarg(env); + goto badarg; } digest = data_bin.data; } else { if (!enif_inspect_binary(env,argv[1],&data_bin)) { - return enif_make_badarg(env); + goto badarg; } digest = hmacbuf; digp->funcp(data_bin.data, data_bin.size, digest); } - enif_alloc_binary(ECDSA_size(obj->key), &ret_bin); + enif_alloc_binary(ECDSA_size(key), &ret_bin); i = ECDSA_sign(digp->NID_type, digest, digp->len, - ret_bin.data, &dsa_s_len, obj->key); + ret_bin.data, &dsa_s_len, key); + + EC_KEY_free(key); if (i) { if (dsa_s_len != ret_bin.size) { enif_realloc_binary(&ret_bin, dsa_s_len); @@ -3334,18 +3284,23 @@ static ERL_NIF_TERM ecdsa_sign_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM enif_release_binary(&ret_bin); return atom_error; } + +badarg: + if (key) + EC_KEY_free(key); + return enif_make_badarg(env); #else return atom_notsup; #endif } static ERL_NIF_TERM ecdsa_verify_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) -{/* (Type, Data|{digest,Digest}, Signature, Key) */ +{/* (Type, Data|{digest,Digest}, Signature, Curve, Key) */ #if defined(HAVE_EC) ErlNifBinary data_bin, sign_bin; unsigned char hmacbuf[SHA512_LEN]; int i; - struct nif_ec_key *obj; + EC_KEY* key = NULL; const ERL_NIF_TERM type = argv[0]; const ERL_NIF_TERM* tpl_terms; int tpl_arity; @@ -3361,15 +3316,15 @@ static ERL_NIF_TERM ecdsa_verify_nif(ErlNifEnv* env, int argc, const ERL_NIF_TER } if (!enif_inspect_binary(env, argv[2], &sign_bin) - || !enif_get_resource(env, argv[3], res_type_ec_key, (void **)&obj)) - return enif_make_badarg(env); + || !get_ec_key(env, argv[3], atom_undefined, argv[4], &key)) + goto badarg; if (enif_get_tuple(env, argv[1], &tpl_arity, &tpl_terms)) { if (tpl_arity != 2 || tpl_terms[0] != atom_digest || !enif_inspect_binary(env, tpl_terms[1], &data_bin) || data_bin.size != digp->len) { - return enif_make_badarg(env); + goto badarg; } digest = data_bin.data; } @@ -3378,13 +3333,20 @@ static ERL_NIF_TERM ecdsa_verify_nif(ErlNifEnv* env, int argc, const ERL_NIF_TER digp->funcp(data_bin.data, data_bin.size, digest); } else { - return enif_make_badarg(env); + goto badarg; } i = ECDSA_verify(digp->NID_type, digest, digp->len, - sign_bin.data, sign_bin.size, obj->key); + sign_bin.data, sign_bin.size, key); + + EC_KEY_free(key); return (i==1 ? atom_true : atom_false); + +badarg: + if (key) + EC_KEY_free(key); + return enif_make_badarg(env); #else return atom_notsup; #endif @@ -3395,24 +3357,24 @@ static ERL_NIF_TERM ecdsa_verify_nif(ErlNifEnv* env, int argc, const ERL_NIF_TER (_OthersPublicKey, _MyEC_Point) */ static ERL_NIF_TERM ecdh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) +/* (OtherPublicKey, Curve, My) */ { #if defined(HAVE_EC) ERL_NIF_TERM ret; unsigned char *p; - struct nif_ec_key *other_key; + EC_KEY* key = NULL; int field_size = 0; int i; - EC_GROUP *group; const BIGNUM *priv_key; EC_POINT *my_ecpoint; EC_KEY *other_ecdh = NULL; - if (!enif_get_resource(env, argv[1], res_type_ec_key, (void **)&other_key)) + if (!get_ec_key(env, argv[1], argv[2], atom_undefined, &key)) return enif_make_badarg(env); - group = EC_GROUP_dup(EC_KEY_get0_group(other_key->key)); - priv_key = EC_KEY_get0_private_key(other_key->key); + group = EC_GROUP_dup(EC_KEY_get0_group(key)); + priv_key = EC_KEY_get0_private_key(key); if (!term2point(env, argv[0], group, &my_ecpoint)) { goto out_err; @@ -3436,6 +3398,7 @@ out: if (group) EC_GROUP_free(group); if (my_ecpoint) EC_POINT_free(my_ecpoint); if (other_ecdh) EC_KEY_free(other_ecdh); + if (key) EC_KEY_free(key); return ret; |