diff options
Diffstat (limited to 'lib/crypto')
-rw-r--r-- | lib/crypto/c_src/crypto.c | 8 | ||||
-rw-r--r-- | lib/crypto/doc/src/crypto.xml | 13 | ||||
-rw-r--r-- | lib/crypto/src/crypto_ec_curves.erl | 23 |
3 files changed, 34 insertions, 10 deletions
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index 49b6f9cc55..925ad0c091 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -625,7 +625,7 @@ static void unload(ErlNifEnv* env, void* priv_data) static int algo_hash_cnt; static ERL_NIF_TERM algo_hash[8]; /* increase when extending the list */ static int algo_pubkey_cnt; -static ERL_NIF_TERM algo_pubkey[2]; /* increase when extending the list */ +static ERL_NIF_TERM algo_pubkey[3]; /* increase when extending the list */ static int algo_cipher_cnt; static ERL_NIF_TERM algo_cipher[2]; /* increase when extending the list */ @@ -651,6 +651,9 @@ static void init_algorithms_types(ErlNifEnv* env) algo_pubkey_cnt = 0; #if defined(HAVE_EC) +#if !defined(OPENSSL_NO_EC2M) + algo_pubkey[algo_pubkey_cnt++] = enif_make_atom(env,"ec_gf2m"); +#endif algo_pubkey[algo_pubkey_cnt++] = enif_make_atom(env,"ecdsa"); algo_pubkey[algo_pubkey_cnt++] = enif_make_atom(env,"ecdh"); #endif @@ -2915,6 +2918,8 @@ static EC_KEY* ec_key_new(ErlNifEnv* env, ERL_NIF_TERM curve_arg) /* create the EC_GROUP structure */ group = EC_GROUP_new_curve_GFp(p, a, b, NULL); +#if !defined(OPENSSL_NO_EC2M) + } else if (f_arity == 3 && field[0] == atom_characteristic_two_field) { /* {characteristic_two_field, M, Basis} */ @@ -2973,6 +2978,7 @@ static EC_KEY* ec_key_new(ErlNifEnv* env, ERL_NIF_TERM curve_arg) goto out_err; group = EC_GROUP_new_curve_GF2m(p, a, b, NULL); +#endif } else goto out_err; diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 42c733d243..aa60bba96a 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -120,7 +120,11 @@ brainpoolP160r1| brainpoolP160t1| brainpoolP192r1| brainpoolP192t1| brainpoolP224r1| brainpoolP224t1| brainpoolP256r1| brainpoolP256t1| brainpoolP320r1| brainpoolP320t1| brainpoolP384r1| brainpoolP384t1| brainpoolP512r1| brainpoolP512t1 - </code></p> + </code> + Note that the <em>sect</em> curves are GF2m (characteristic two) curves and are only supported if the + underlying OpenSSL has support for them. + See also <seealso marker="#supports-0">crypto:supports/0</seealso> + </p> <p><code>stream_cipher() = rc4 | aes_ctr </code></p> @@ -149,8 +153,11 @@ </p> <p><code> cipher_algorithms() = des_cbc | des_cfb | des3_cbc | des3_cbf | des_ede3 | blowfish_cbc | blowfish_cfb64 | aes_cbc128 | aes_cfb128| aes_cbc256 | aes_ige256 | rc2_cbc | aes_ctr| rc4 </code> </p> - <p><code> public_key_algorithms() = rsa |dss | ecdsa | dh | ecdh </code> </p> - + <p><code> public_key_algorithms() = rsa |dss | ecdsa | dh | ecdh | ec_gf2m</code> + Note that ec_gf2m is not strictly a public key algorithm, but a restriction on what curves are supported + with ecdsa and ecdh. + </p> + </section> <funcs> diff --git a/lib/crypto/src/crypto_ec_curves.erl b/lib/crypto/src/crypto_ec_curves.erl index 8bd1f21edd..fe17643d96 100644 --- a/lib/crypto/src/crypto_ec_curves.erl +++ b/lib/crypto/src/crypto_ec_curves.erl @@ -3,19 +3,30 @@ -export([curve/1, curves/0]). curves() -> + CryptoSupport = crypto:supports(), + HasGF2m = proplists:get_bool(ec_gf2m, proplists:get_value(public_keys, CryptoSupport)), + prime_curves() ++ characteristic_two_curves(HasGF2m). + + +prime_curves() -> [secp112r1,secp112r2,secp128r1,secp128r2,secp160k1,secp160r1,secp160r2, secp192r1,secp192k1,secp224k1,secp224r1,secp256k1,secp256r1,secp384r1, secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3, - prime256v1,sect113r1,sect113r2,sect131r1,sect131r2,sect163k1,sect163r1, + prime256v1,wtls6,wtls7,wtls8,wtls9,wtls12, + brainpoolP160r1,brainpoolP160t1,brainpoolP192r1,brainpoolP192t1, + brainpoolP224r1,brainpoolP224t1,brainpoolP256r1,brainpoolP256t1, + brainpoolP320r1,brainpoolP320t1,brainpoolP384r1,brainpoolP384t1, + brainpoolP512r1,brainpoolP512t1]. + +characteristic_two_curves(true) -> + [sect113r1,sect113r2,sect131r1,sect131r2,sect163k1,sect163r1, sect163r2,sect193r1,sect193r2,sect233k1,sect233r1,sect239k1,sect283k1, sect283r1,sect409k1,sect409r1,sect571k1,sect571r1,c2pnb163v1,c2pnb163v2, c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1, c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359v1,c2pnb368w1,c2tnb431r1, - wtls1,wtls3,wtls4,wtls5,wtls6,wtls7,wtls8,wtls9,wtls10,wtls11,wtls12,ipsec3, - ipsec4,brainpoolP160r1,brainpoolP160t1,brainpoolP192r1,brainpoolP192t1, - brainpoolP224r1,brainpoolP224t1,brainpoolP256r1,brainpoolP256t1, - brainpoolP320r1,brainpoolP320t1,brainpoolP384r1,brainpoolP384t1, - brainpoolP512r1,brainpoolP512t1]. + wtls1,wtls3,wtls4,wtls5,wtls10,wtls11,ipsec3,ipsec4]; +characteristic_two_curves(_) -> + []. curve(secp112r1) -> { |