aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto/src/crypto.erl
diff options
context:
space:
mode:
Diffstat (limited to 'lib/crypto/src/crypto.erl')
-rw-r--r--lib/crypto/src/crypto.erl495
1 files changed, 360 insertions, 135 deletions
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index fd13481951..8ffdde2b90 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -58,9 +58,11 @@
%% New interface
-export([crypto_init/4, crypto_init/3,
crypto_update/2,
- crypto_one_shot/5,
- crypto_init_dyn_iv/3,
- crypto_update_dyn_iv/3
+ crypto_one_time/4, crypto_one_time/5,
+ crypto_one_time_aead/6, crypto_one_time_aead/7,
+ crypto_dyn_iv_init/3,
+ crypto_dyn_iv_update/3,
+ supports/1
]).
@@ -276,48 +278,153 @@
-type edwards_curve_ed() :: ed25519 | ed448 .
-%%%
--type cipher() :: block_cipher()
- | stream_cipher()
- | aead_cipher() .
+%%%----------------------------------------------------------------
+%%% New cipher schema
+%%%
+-type cipher() :: cipher_no_iv()
+ | cipher_iv()
+ | cipher_aead() .
--type block_cipher() :: block_cipher_iv() | block_cipher_no_iv() .
+-type cipher_no_iv() :: aes_128_ecb
+ | aes_192_ecb
+ | aes_256_ecb
--type block_cipher_iv() :: cbc_cipher()
- | cfb_cipher()
- | aes_ige256
- | blowfish_ofb64
- | rc2_cbc .
+ | blowfish_ecb
+ | des_ecb
+ | rc4 .
--type cbc_cipher() :: des_cbc | des_ede3_cbc
- | blowfish_cbc
- | aes_cbc | aes_128_cbc | aes_192_cbc | aes_256_cbc
- | alias_cbc() .
--type alias_cbc() :: des3_cbc | des_ede3
- | aes_cbc128 | aes_cbc256 .
+-type cipher_iv() :: aes_128_cbc
+ | aes_192_cbc
+ | aes_256_cbc
+
+ | aes_128_cfb128
+ | aes_192_cfb128
+ | aes_256_cfb128
+
+ | aes_128_cfb8
+ | aes_192_cfb8
+ | aes_256_cfb8
+
+ | aes_128_ctr
+ | aes_192_ctr
+ | aes_256_ctr
+
+ | aes_ige256
--type aead_cipher() :: aes_gcm
+ | blowfish_cbc
+ | blowfish_cfb64
+ | blowfish_ofb64
+ | chacha20
+ | des_ede3_cbc
+ | des_ede3_cfb
+
+ | des_cbc
+ | des_cfb
+ | rc2_cbc .
+
+
+-type cipher_aead() :: aes_128_ccm
+ | aes_192_ccm
+ | aes_256_ccm
+
| aes_128_gcm
| aes_192_gcm
| aes_256_gcm
- | aes_ccm
- | aes_128_ccm
- | aes_192_ccm
- | aes_256_ccm
+
| chacha20_poly1305 .
--type cfb_cipher() :: aes_cfb8
- | aes_cfb128
- | blowfish_cfb64
- | des_cfb
- | des_ede3_cfb
- | alias_cfb() .
--type alias_cfb() :: des_ede3_cbf | des3_cbf
- | des3_cfb .
+%% -type retired_cipher_no_iv_aliases() :: aes_ecb .
+
+%% -type retired_cipher_iv_aliases() :: aes_cbc
+%% | aes_cbc128 % aes_128_cbc
+%% | aes_cbc256 % aes_256_cbc
+%% | aes_cfb128
+%% | aes_cfb8
+%% | aes_ctr
+%% | des3_cbc % des_ede3_cbc
+%% | des_ede3 % des_ede3_cbc
+%% | des_ede3_cbf % des_ede3_cfb
+%% | des3_cbf % des_ede3_cfb
+%% | des3_cfb . % des_ede3_cfb
+
+%% -type retired_cipher_aead_aliases() :: aes_ccm
+%% | aes_gcm .
--type block_cipher_no_iv() :: ecb_cipher() .
--type ecb_cipher() :: des_ecb | blowfish_ecb | aes_ecb .
+%%%----------------------------------------------------------------
+%%% Old cipher scheme
+%%%
+%%%
+-type block_cipher_without_iv() :: ecb_cipher() .
+
+-type block_cipher_with_iv() :: cbc_cipher()
+ | cfb_cipher()
+ | blowfish_ofb64
+ | aes_ige256 .
+
+-type stream_cipher() :: ctr_cipher()
+ | chacha20
+ | rc4 .
+
+
+%%%----
+-type cbc_cipher() :: aes_128_cbc
+ | aes_192_cbc
+ | aes_256_cbc
+ | blowfish_cbc
+ | des_cbc
+ | des_ede3_cbc
+ | rc2_cbc
+ | retired_cbc_cipher_aliases() .
+
+-type retired_cbc_cipher_aliases() :: aes_cbc % aes_*_cbc
+ | aes_cbc128 % aes_128_cbc
+ | aes_cbc256 % aes_256_cbc
+ | des3_cbc % des_ede3_cbc
+ | des_ede3 . % des_ede3_cbc
+
+%%%----
+-type cfb_cipher() :: aes_128_cfb128
+ | aes_192_cfb128
+ | aes_256_cfb128
+ | aes_128_cfb8
+ | aes_192_cfb8
+ | aes_256_cfb8
+ | blowfish_cfb64
+ | des_cfb
+ | des_ede3_cfb
+ | retired_cfb_cipher_aliases() .
+
+-type retired_cfb_cipher_aliases() :: aes_cfb8 % aes_*_cfb8
+ | aes_cfb128 % aes_*_cfb128
+ | des3_cbf % des_ede3_cfb, cfb misspelled
+ | des3_cfb % des_ede3_cfb
+ | des_ede3_cbf .% cfb misspelled
+
+
+%%%----
+-type ctr_cipher() :: aes_128_ctr
+ | aes_192_ctr
+ | aes_256_ctr
+ | retired_ctr_cipher_aliases() .
+
+-type retired_ctr_cipher_aliases() :: aes_ctr . % aes_*_ctr
+
+%%%----
+-type ecb_cipher() :: aes_128_ecb
+ | aes_192_ecb
+ | aes_256_ecb
+ | blowfish_ecb
+ | retired_ecb_cipher_aliases() .
+
+-type retired_ecb_cipher_aliases() :: aes_ecb .
+
+%%%----
+-type aead_cipher() :: aes_gcm | aes_ccm | chacha20_poly1305 .
+
+
+%%%----- end old cipher schema ------------------------------------
+%%%----------------------------------------------------------------
-type key() :: iodata().
-type des3_key() :: [key()].
@@ -393,15 +500,43 @@ stop() ->
Macs :: [hmac | cmac | poly1305],
Curves :: [ec_named_curve() | edwards_curve_dh() | edwards_curve_ed()],
RSAopts :: [rsa_sign_verify_opt() | rsa_opt()] .
-supports()->
- {Hashs, PubKeys, Ciphers, Macs, Curves, RsaOpts} = algorithms(),
- [{hashs, Hashs},
- {ciphers, prepend_cipher_aliases(Ciphers)},
- {public_keys, PubKeys},
- {macs, Macs},
- {curves, Curves},
- {rsa_opts, RsaOpts}
- ].
+supports() ->
+ [{hashs, hash_algorithms()},
+ {ciphers, prepend_old_aliases( cipher_algorithms())},
+ {public_keys, pubkey_algorithms()},
+ {macs, mac_algorithms()},
+ {curves, curve_algorithms()},
+ {rsa_opts, rsa_opts_algorithms()}
+ ].
+
+
+-spec supports(Type) -> Support
+ when Type :: hashs
+ | ciphers
+ | public_keys
+ | macs
+ | curves
+ | rsa_opts,
+ Support :: Hashs
+ | Ciphers
+ | PKs
+ | Macs
+ | Curves
+ | RSAopts,
+ Hashs :: [sha1() | sha2() | sha3() | blake2() | ripemd160 | compatibility_only_hash()],
+ Ciphers :: [cipher()],
+ PKs :: [rsa | dss | ecdsa | dh | ecdh | ec_gf2m],
+ Macs :: [hmac | cmac | poly1305],
+ Curves :: [ec_named_curve() | edwards_curve_dh() | edwards_curve_ed()],
+ RSAopts :: [rsa_sign_verify_opt() | rsa_opt()] .
+
+supports(hashs) -> hash_algorithms();
+supports(public_keys) -> pubkey_algorithms();
+supports(ciphers) -> cipher_algorithms();
+supports(macs) -> mac_algorithms();
+supports(curves) -> curve_algorithms();
+supports(rsa_opts) -> rsa_opts_algorithms().
+
-spec info_lib() -> [{Name,VerNum,VerStr}] when Name :: binary(),
VerNum :: integer(),
@@ -564,9 +699,9 @@ poly1305(Key, Data) ->
-define(COMPAT(CALL),
try begin CALL end
catch
- error:{error,_} ->
+ error:{error, {_File,_Line}, _Reason} ->
error(badarg);
- error:{E,_Reason} when E==notsup ; E==badarg ->
+ error:{E, {_File,_Line}, _Reason} when E==notsup ; E==badarg ->
error(E)
end).
@@ -594,7 +729,7 @@ poly1305(Key, Data) ->
| xts_mode
.
-%% These ciphers are not available via the EVP interface on older cryptolibs.
+%% %% These ciphers are not available via the EVP interface on older cryptolibs.
cipher_info(aes_ctr) ->
#{block_size => 1,iv_length => 16,key_length => 32,mode => ctr_mode,type => undefined};
cipher_info(aes_128_ctr) ->
@@ -603,15 +738,42 @@ cipher_info(aes_192_ctr) ->
#{block_size => 1,iv_length => 16,key_length => 24,mode => ctr_mode,type => undefined};
cipher_info(aes_256_ctr) ->
#{block_size => 1,iv_length => 16,key_length => 32,mode => ctr_mode,type => undefined};
-%% This cipher is handled specialy.
+%% %% This cipher is handled specialy.
cipher_info(aes_ige256) ->
#{block_size => 16,iv_length => 32,key_length => 16,mode => ige_mode,type => undefined};
+%% %% These ciphers belong to the "old" interface:
+%% cipher_info(aes_cbc) ->
+%% #{block_size => 16,iv_length => 16,key_length => 24,mode => cbc_mode,type => 423};
+%% cipher_info(aes_cbc128) ->
+%% #{block_size => 16,iv_length => 16,key_length => 16,mode => cbc_mode,type => 419};
+%% cipher_info(aes_cbc256) ->
+%% #{block_size => 16,iv_length => 16,key_length => 32,mode => cbc_mode,type => 427};
+%% cipher_info(aes_ccm) ->
+%% #{block_size => 1,iv_length => 12,key_length => 24,mode => ccm_mode,type => 899};
+%% cipher_info(aes_cfb128) ->
+%% #{block_size => 1,iv_length => 16,key_length => 32,mode => cfb_mode,type => 429};
+%% cipher_info(aes_cfb8) ->
+%% #{block_size => 1,iv_length => 16,key_length => 32,mode => cfb_mode,type => 429};
+%% cipher_info(aes_ecb) ->
+%% #{block_size => 16,iv_length => 0,key_length => 24,mode => ecb_mode,type => 422};
+%% cipher_info(aes_gcm) ->
+%% #{block_size => 1,iv_length => 12,key_length => 24,mode => gcm_mode,type => 898};
+%% cipher_info(des3_cbc) ->
+%% #{block_size => 8,iv_length => 8,key_length => 24,mode => cbc_mode,type => 44};
+%% cipher_info(des3_cbf) ->
+%% #{block_size => 1,iv_length => 8,key_length => 24,mode => cfb_mode,type => 30};
+%% cipher_info(des3_cfb) ->
+%% #{block_size => 1,iv_length => 8,key_length => 24,mode => cfb_mode,type => 30};
+%% cipher_info(des_ede3) ->
+%% #{block_size => 8,iv_length => 8,key_length => 24,mode => cbc_mode,type => 44};
+%% cipher_info(des_ede3_cbf) ->
+%% #{block_size => 1,iv_length => 8,key_length => 24,mode => cfb_mode,type => 30};
cipher_info(Type) ->
cipher_info_nif(alias(Type)).
%%%---- Block ciphers
%%%----------------------------------------------------------------
--spec block_encrypt(Type::block_cipher_iv(), Key::key()|des3_key(), Ivec::binary(), PlainText::iodata()) ->
+-spec block_encrypt(Type::block_cipher_with_iv(), Key::key()|des3_key(), Ivec::binary(), PlainText::iodata()) ->
binary() | run_time_error();
(Type::aead_cipher(), Key::iodata(), Ivec::binary(), {AAD::binary(), PlainText::iodata()}) ->
{binary(), binary()} | run_time_error();
@@ -627,34 +789,24 @@ block_encrypt(Type, Key0, Ivec, Data) ->
?COMPAT(
case Data of
{AAD, PlainText} ->
- aead_encrypt(alias(Type,Key), Key, Ivec, AAD, PlainText, aead_tag_len(Type));
+ crypto_one_time_aead(alias(Type,Key), Key, Ivec, PlainText, AAD, true);
{AAD, PlainText, TagLength} ->
- aead_encrypt(alias(Type,Key), Key, Ivec, AAD, PlainText, TagLength);
+ crypto_one_time_aead(alias(Type,Key), Key, Ivec, PlainText, AAD, TagLength, true);
PlainText ->
- crypto_one_shot(alias(Type,Key), Key, Ivec, PlainText, true)
+ crypto_one_time(alias(Type,Key), Key, Ivec, PlainText, true)
end).
--spec block_encrypt(Type::block_cipher_no_iv(), Key::key(), PlainText::iodata()) ->
+-spec block_encrypt(Type::block_cipher_without_iv(), Key::key(), PlainText::iodata()) ->
binary() | run_time_error().
block_encrypt(Type, Key0, PlainText) ->
Key = iolist_to_binary(Key0),
- ?COMPAT(crypto_one_shot(alias(Type,Key), Key, <<>>, PlainText, true)).
+ ?COMPAT(crypto_one_time(alias(Type,Key), Key, PlainText, true)).
-aead_tag_len(chacha20_poly1305) -> 16;
-aead_tag_len(aes_ccm) -> 12;
-aead_tag_len(aes_128_ccm) -> 12;
-aead_tag_len(aes_192_ccm) -> 12;
-aead_tag_len(aes_256_ccm) -> 12;
-aead_tag_len(aes_gcm) -> 16;
-aead_tag_len(aes_128_gcm) -> 16;
-aead_tag_len(aes_192_gcm) -> 16;
-aead_tag_len(aes_256_gcm) -> 16.
-
%%%----------------------------------------------------------------
%%%----------------------------------------------------------------
--spec block_decrypt(Type::block_cipher_iv(), Key::key()|des3_key(), Ivec::binary(), Data::iodata()) ->
+-spec block_decrypt(Type::block_cipher_with_iv(), Key::key()|des3_key(), Ivec::binary(), Data::iodata()) ->
binary() | run_time_error();
(Type::aead_cipher(), Key::iodata(), Ivec::binary(),
{AAD::binary(), Data::iodata(), Tag::binary()}) ->
@@ -668,18 +820,18 @@ block_decrypt(Type, Key0, Ivec, Data) ->
?COMPAT(
case Data of
{AAD, CryptoText, Tag} ->
- aead_decrypt(alias(Type,Key), Key, Ivec, AAD, CryptoText, Tag);
+ crypto_one_time_aead(alias(Type,Key), Key, Ivec, CryptoText, AAD, Tag, false);
CryptoText ->
- crypto_one_shot(alias(Type,Key), Key, Ivec, CryptoText, false)
+ crypto_one_time(alias(Type,Key), Key, Ivec, CryptoText, false)
end).
--spec block_decrypt(Type::block_cipher_no_iv(), Key::key(), Data::iodata()) ->
+-spec block_decrypt(Type::block_cipher_without_iv(), Key::key(), Data::iodata()) ->
binary() | run_time_error().
block_decrypt(Type, Key0, CryptoText) ->
Key = iolist_to_binary(Key0),
- ?COMPAT(crypto_one_shot(alias(Type,Key), Key, <<>>, CryptoText, false)).
+ ?COMPAT(crypto_one_time(alias(Type,Key), Key, CryptoText, false)).
%%%-------- Stream ciphers API
@@ -687,17 +839,9 @@ block_decrypt(Type, Key0, CryptoText) ->
crypto_state() | {crypto_state(),flg_undefined}
}.
--type stream_cipher() :: stream_cipher_iv() | stream_cipher_no_iv() .
--type stream_cipher_no_iv() :: rc4 .
--type stream_cipher_iv() :: aes_ctr
- | aes_128_ctr
- | aes_192_ctr
- | aes_256_ctr
- | chacha20 .
-
%%%---- stream_init
-spec stream_init(Type, Key, IVec) -> State | run_time_error()
- when Type :: stream_cipher_iv(),
+ when Type :: stream_cipher(),
Key :: iodata(),
IVec ::binary(),
State :: stream_state() .
@@ -711,7 +855,7 @@ stream_init(Type, Key0, IVec) when is_binary(IVec) ->
-spec stream_init(Type, Key) -> State | run_time_error()
- when Type :: stream_cipher_no_iv(),
+ when Type :: rc4,
Key :: iodata(),
State :: stream_state() .
stream_init(rc4 = Type, Key0) ->
@@ -792,38 +936,35 @@ next_iv(Type, Data, _Ivec) ->
%%%
-spec crypto_init(Cipher, Key, EncryptFlag) -> State | descriptive_error()
- when Cipher :: block_cipher_no_iv()
- | stream_cipher_no_iv(),
+ when Cipher :: cipher_no_iv(),
Key :: iodata(),
EncryptFlag :: boolean(),
State :: crypto_state() .
crypto_init(Cipher, Key, EncryptFlag) ->
%% The IV is supposed to be supplied by calling crypto_update/3
- ng_crypto_init_nif(alias(Cipher), iolist_to_binary(Key), <<>>, EncryptFlag).
+ ng_crypto_init_nif(Cipher, iolist_to_binary(Key), <<>>, EncryptFlag).
-spec crypto_init(Cipher, Key, IV, EncryptFlag) -> State | descriptive_error()
- when Cipher :: stream_cipher_iv()
- | block_cipher_iv(),
+ when Cipher :: cipher_iv(),
Key :: iodata(),
IV :: iodata(),
EncryptFlag :: boolean(),
State :: crypto_state() .
crypto_init(Cipher, Key, IV, EncryptFlag) ->
- ng_crypto_init_nif(alias(Cipher), iolist_to_binary(Key), iolist_to_binary(IV), EncryptFlag).
+ ng_crypto_init_nif(Cipher, iolist_to_binary(Key), iolist_to_binary(IV), EncryptFlag).
%%%----------------------------------------------------------------
--spec crypto_init_dyn_iv(Cipher, Key, EncryptFlag) -> State | descriptive_error()
- when Cipher :: stream_cipher_iv()
- | block_cipher_iv(),
+-spec crypto_dyn_iv_init(Cipher, Key, EncryptFlag) -> State | descriptive_error()
+ when Cipher :: cipher_iv(),
Key :: iodata(),
EncryptFlag :: boolean(),
State :: crypto_state() .
-crypto_init_dyn_iv(Cipher, Key, EncryptFlag) ->
+crypto_dyn_iv_init(Cipher, Key, EncryptFlag) ->
%% The IV is supposed to be supplied by calling crypto_update/3
- ng_crypto_init_nif(alias(Cipher), iolist_to_binary(Key), undefined, EncryptFlag).
+ ng_crypto_init_nif(Cipher, iolist_to_binary(Key), undefined, EncryptFlag).
%%%----------------------------------------------------------------
%%%
@@ -846,12 +987,12 @@ crypto_update(State, Data0) ->
%%%----------------------------------------------------------------
--spec crypto_update_dyn_iv(State, Data, IV) -> Result | descriptive_error()
+-spec crypto_dyn_iv_update(State, Data, IV) -> Result | descriptive_error()
when State :: crypto_state(),
Data :: iodata(),
IV :: iodata(),
Result :: binary() .
-crypto_update_dyn_iv(State, Data0, IV) ->
+crypto_dyn_iv_update(State, Data0, IV) ->
%% When State is from State = crypto_init(Cipher, Key, undefined, EncryptFlag)
case iolist_to_binary(Data0) of
<<>> ->
@@ -866,29 +1007,86 @@ crypto_update_dyn_iv(State, Data0, IV) ->
%%% The size must be an integer multiple of the crypto's blocksize.
%%%
--spec crypto_one_shot(Cipher, Key, IV, Data, EncryptFlag) ->
+-spec crypto_one_time(Cipher, Key, Data, EncryptFlag) ->
Result | descriptive_error()
- when Cipher :: stream_cipher()
- | block_cipher(),
+ when Cipher :: cipher_no_iv(),
Key :: iodata(),
- IV :: iodata() | undefined,
Data :: iodata(),
EncryptFlag :: boolean(),
Result :: binary() .
-crypto_one_shot(Cipher, Key, undefined, Data, EncryptFlag) ->
- crypto_one_shot(Cipher, Key, <<>>, Data, EncryptFlag);
+crypto_one_time(Cipher, Key, Data, EncryptFlag) ->
+ crypto_one_time(Cipher, Key, <<>>, Data, EncryptFlag).
+
+-spec crypto_one_time(Cipher, Key, IV, Data, EncryptFlag) ->
+ Result | descriptive_error()
+ when Cipher :: cipher_iv(),
+ Key :: iodata(),
+ IV :: iodata(),
+ Data :: iodata(),
+ EncryptFlag :: boolean(),
+ Result :: binary() .
-crypto_one_shot(Cipher, Key, IV, Data0, EncryptFlag) ->
+crypto_one_time(Cipher, Key, IV, Data0, EncryptFlag) ->
case iolist_to_binary(Data0) of
<<>> ->
<<>>; % Known to fail on OpenSSL 0.9.8h
Data ->
- ng_crypto_one_shot_nif(alias(Cipher),
+ ng_crypto_one_time_nif(Cipher,
iolist_to_binary(Key), iolist_to_binary(IV), Data,
EncryptFlag)
end.
+
+-spec crypto_one_time_aead(Cipher, Key, IV, InText, AAD, EncFlag::true) ->
+ Result | descriptive_error()
+ when Cipher :: cipher_aead(),
+ Key :: iodata(),
+ IV :: iodata(),
+ InText :: iodata(),
+ AAD :: iodata(),
+ Result :: EncryptResult,
+ EncryptResult :: {OutCryptoText, OutTag},
+ OutCryptoText :: binary(),
+ OutTag :: binary().
+
+crypto_one_time_aead(Cipher, Key, IV, PlainText, AAD, true) ->
+ crypto_one_time_aead(Cipher, Key, IV, PlainText, AAD, aead_tag_len(Cipher), true).
+
+
+-spec crypto_one_time_aead(Cipher, Key, IV, InText, AAD, TagOrTagLength, EncFlag) ->
+ Result | descriptive_error()
+ when Cipher :: cipher_aead(),
+ Key :: iodata(),
+ IV :: iodata(),
+ InText :: iodata(),
+ AAD :: iodata(),
+ TagOrTagLength :: EncryptTagLength | DecryptTag,
+ EncryptTagLength :: non_neg_integer(), % or pos_integer() 1..
+ DecryptTag :: iodata(),
+ EncFlag :: boolean(),
+ Result :: EncryptResult | DecryptResult,
+ EncryptResult :: {OutCryptoText, OutTag},
+ DecryptResult :: OutPlainText | error,
+ OutCryptoText :: binary(),
+ OutTag :: binary(),
+ OutPlainText :: binary().
+
+crypto_one_time_aead(Cipher, Key, IV, TextIn, AAD, TagOrTagLength, EncFlg) ->
+ aead_cipher(Cipher, Key, IV, TextIn, AAD, TagOrTagLength, EncFlg).
+
+
+aead_tag_len(chacha20_poly1305) -> 16;
+aead_tag_len(aes_ccm ) -> 12;
+aead_tag_len(aes_128_ccm) -> 12;
+aead_tag_len(aes_192_ccm) -> 12;
+aead_tag_len(aes_256_ccm) -> 12;
+aead_tag_len(aes_gcm ) -> 16;
+aead_tag_len(aes_128_gcm) -> 16;
+aead_tag_len(aes_192_gcm) -> 16;
+aead_tag_len(aes_256_gcm) -> 16;
+aead_tag_len(_) -> error({badarg, "Not an AEAD cipher"}).
+
%%%----------------------------------------------------------------
%%% NIFs
@@ -909,15 +1107,42 @@ ng_crypto_update_nif(_State, _Data) -> ?nif_stub.
ng_crypto_update_nif(_State, _Data, _IV) -> ?nif_stub.
--spec ng_crypto_one_shot_nif(atom(), binary(), binary(), binary(), boolean() ) ->
+-spec ng_crypto_one_time_nif(atom(), binary(), binary(), binary(), boolean() ) ->
binary() | descriptive_error().
-ng_crypto_one_shot_nif(_Cipher, _Key, _IVec, _Data, _EncryptFlg) -> ?nif_stub.
+ng_crypto_one_time_nif(_Cipher, _Key, _IVec, _Data, _EncryptFlg) -> ?nif_stub.
%%%----------------------------------------------------------------
%%% Cipher aliases
%%%
-prepend_cipher_aliases(L) ->
- [des3_cbc, des_ede3, des_ede3_cbf, des3_cbf, des3_cfb, aes_cbc128, aes_cbc256 | L].
+-define(if_also(Cipher, Ciphers, AliasCiphers),
+ case lists:member(Cipher, Ciphers) of
+ true ->
+ AliasCiphers;
+ false ->
+ Ciphers
+ end).
+
+
+prepend_old_aliases(L0) ->
+ L1 = ?if_also(des_ede3_cbc, L0,
+ [des3_cbc, des_ede3, des_ede3_cbf, des3_cbf, des3_cfb | L0]),
+ L2 = ?if_also(aes_128_cbc, L1,
+ [aes_cbc, aes_cbc128, aes_cbc256 | L1]),
+ L3 = ?if_also(aes_128_ctr, L2,
+ [aes_ctr | L2]),
+ L4 = ?if_also(aes_128_ccm, L3,
+ [aes_ccm | L3]),
+ L5 = ?if_also(aes_128_gcm, L4,
+ [aes_gcm | L4]),
+ L6 = ?if_also(aes_128_cfb8, L5,
+ [aes_cfb8 | L5]),
+ L7 = ?if_also(aes_128_cfb128, L6,
+ [aes_cfb128 | L6]),
+ L8 = ?if_also(aes_128_ecb, L7,
+ [aes_ecb | L7]),
+ L8.
+
+
%%%---- des_ede3_cbc
alias(des3_cbc) -> des_ede3_cbc;
@@ -933,42 +1158,37 @@ alias(aes_cbc256) -> aes_256_cbc;
alias(Alg) -> Alg.
-%%%---- des_ede3_cbc
-alias(des3_cbc, _) -> des_ede3_cbc;
-alias(des_ede3, _) -> des_ede3_cbc;
-%%%---- des_ede3_cfb
-alias(des_ede3_cbf,_ ) -> des_ede3_cfb;
-alias(des3_cbf, _) -> des_ede3_cfb;
-alias(des3_cfb, _) -> des_ede3_cfb;
-%%%---- aes_*_cbc
-alias(aes_cbc128, _) -> aes_128_cbc;
-alias(aes_cbc256, _) -> aes_256_cbc;
+alias(Ciph, Key) -> alias2(alias(Ciph), Key).
-alias(aes_cbc, Key) when size(Key)==128 -> aes_128_cbc;
-alias(aes_cbc, Key) when size(Key)==192 -> aes_192_cbc;
-alias(aes_cbc, Key) when size(Key)==256 -> aes_256_cbc;
+alias2(aes_cbc, Key) when size(Key)==16 -> aes_128_cbc;
+alias2(aes_cbc, Key) when size(Key)==24 -> aes_192_cbc;
+alias2(aes_cbc, Key) when size(Key)==32 -> aes_256_cbc;
-alias(aes_cfb8, Key) when size(Key)==128 -> aes_128_cfb8;
-alias(aes_cfb8, Key) when size(Key)==192 -> aes_192_cfb8;
-alias(aes_cfb8, Key) when size(Key)==256 -> aes_256_cfb8;
+alias2(aes_cfb8, Key) when size(Key)==16 -> aes_128_cfb8;
+alias2(aes_cfb8, Key) when size(Key)==24 -> aes_192_cfb8;
+alias2(aes_cfb8, Key) when size(Key)==32 -> aes_256_cfb8;
-alias(aes_cfb128, Key) when size(Key)==128 -> aes_128_cfb128;
-alias(aes_cfb128, Key) when size(Key)==192 -> aes_192_cfb128;
-alias(aes_cfb128, Key) when size(Key)==256 -> aes_256_cfb128;
+alias2(aes_cfb128, Key) when size(Key)==16 -> aes_128_cfb128;
+alias2(aes_cfb128, Key) when size(Key)==24 -> aes_192_cfb128;
+alias2(aes_cfb128, Key) when size(Key)==32 -> aes_256_cfb128;
-alias(aes_ctr, Key) when size(Key)==128 -> aes_128_ctr;
-alias(aes_ctr, Key) when size(Key)==192 -> aes_192_ctr;
-alias(aes_ctr, Key) when size(Key)==256 -> aes_256_ctr;
+alias2(aes_ctr, Key) when size(Key)==16 -> aes_128_ctr;
+alias2(aes_ctr, Key) when size(Key)==24 -> aes_192_ctr;
+alias2(aes_ctr, Key) when size(Key)==32 -> aes_256_ctr;
-alias(aes_gcm, Key) when size(Key)==128 -> aes_128_gcm;
-alias(aes_gcm, Key) when size(Key)==192 -> aes_192_gcm;
-alias(aes_gcm, Key) when size(Key)==256 -> aes_256_gcm;
+alias2(aes_ecb, Key) when size(Key)==16 -> aes_128_ecb;
+alias2(aes_ecb, Key) when size(Key)==24 -> aes_192_ecb;
+alias2(aes_ecb, Key) when size(Key)==32 -> aes_256_ecb;
-alias(aes_ccm, Key) when size(Key)==128 -> aes_128_ccm;
-alias(aes_ccm, Key) when size(Key)==192 -> aes_192_ccm;
-alias(aes_ccm, Key) when size(Key)==256 -> aes_256_ccm;
+alias2(aes_gcm, Key) when size(Key)==16 -> aes_128_gcm;
+alias2(aes_gcm, Key) when size(Key)==24 -> aes_192_gcm;
+alias2(aes_gcm, Key) when size(Key)==32 -> aes_256_gcm;
-alias(Alg, _) -> Alg.
+alias2(aes_ccm, Key) when size(Key)==16 -> aes_128_ccm;
+alias2(aes_ccm, Key) when size(Key)==24 -> aes_192_ccm;
+alias2(aes_ccm, Key) when size(Key)==32 -> aes_256_ccm;
+
+alias2(Alg, _) -> Alg.
%%%================================================================
%%%
@@ -2060,8 +2280,7 @@ cipher_info_nif(_Type) -> ?nif_stub.
%% AES - in Galois/Counter Mode (GCM)
%%
%% The default tag length is EVP_GCM_TLS_TAG_LEN(16),
-aead_encrypt(_Type, _Key, _Ivec, _AAD, _In, _TagLength) -> ?nif_stub.
-aead_decrypt(_Type, _Key, _Ivec, _AAD, _In, _Tag) -> ?nif_stub.
+aead_cipher(_Type, _Key, _Ivec, _AAD, _In, _TagOrTagLength, _EncFlg) -> ?nif_stub.
%%
%% AES - with 256 bit key in infinite garble extension mode (IGE)
@@ -2233,7 +2452,13 @@ exor(Data1, Data2, _Size, MaxByts, Acc) ->
do_exor(_A, _B) -> ?nif_stub.
-algorithms() -> ?nif_stub.
+hash_algorithms() -> ?nif_stub.
+pubkey_algorithms() -> ?nif_stub.
+cipher_algorithms() -> ?nif_stub.
+mac_algorithms() -> ?nif_stub.
+curve_algorithms() -> ?nif_stub.
+rsa_opts_algorithms() -> ?nif_stub.
+
int_to_bin(X) when X < 0 -> int_to_bin_neg(X, []);
int_to_bin(X) -> int_to_bin_pos(X, []).