aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'lib/crypto')
-rw-r--r--lib/crypto/c_src/aead.c109
-rw-r--r--lib/crypto/c_src/algorithms.c6
-rw-r--r--lib/crypto/c_src/api_ng.c19
-rw-r--r--lib/crypto/c_src/atoms.c12
-rw-r--r--lib/crypto/c_src/atoms.h6
-rw-r--r--lib/crypto/c_src/cipher.c40
-rw-r--r--lib/crypto/c_src/common.h11
-rw-r--r--lib/crypto/c_src/digest.c37
-rw-r--r--lib/crypto/c_src/engine.c10
-rw-r--r--lib/crypto/c_src/hash.c32
-rw-r--r--lib/crypto/c_src/hmac.c4
-rw-r--r--lib/crypto/c_src/openssl_config.h38
-rw-r--r--lib/crypto/doc/src/crypto.xml134
-rw-r--r--lib/crypto/src/crypto.erl306
-rw-r--r--lib/crypto/test/crypto_SUITE.erl15
15 files changed, 559 insertions, 220 deletions
diff --git a/lib/crypto/c_src/aead.c b/lib/crypto/c_src/aead.c
index 3ee04f1be9..4ed16615a5 100644
--- a/lib/crypto/c_src/aead.c
+++ b/lib/crypto/c_src/aead.c
@@ -39,87 +39,79 @@ ERL_NIF_TERM aead_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
ASSERT(argc == 6);
if (!enif_is_atom(env, type))
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "non-atom cipher type"); goto done;}
if (!enif_inspect_iolist_as_binary(env, argv[1], &key))
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "non-binary key"); goto done;}
if (!enif_inspect_binary(env, argv[2], &iv))
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "non-binary iv"); goto done;}
if (!enif_inspect_iolist_as_binary(env, argv[3], &aad))
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "non-binary AAD"); goto done;}
if (!enif_inspect_iolist_as_binary(env, argv[4], &in))
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "non-binary text"); goto done;}
if (!enif_get_uint(env, argv[5], &tag_len))
- goto bad_arg;
+ {ret = EXCP_BADARG(env, ""); goto done;}
if (tag_len > INT_MAX
|| iv.size > INT_MAX
|| in.size > INT_MAX
|| aad.size > INT_MAX)
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "binary too long"); goto done;}
if ((cipherp = get_cipher_type(type, key.size)) == NULL)
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "Unknown cipher"); goto done;}
if (cipherp->flags & NON_EVP_CIPHER)
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "Bad cipher"); goto done;}
if (! (cipherp->flags & AEAD_CIPHER) )
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "Not aead cipher"); goto done;}
if ((cipher = cipherp->cipher.p) == NULL)
- return enif_raise_exception(env, atom_notsup);
+ {ret = EXCP_NOTSUP(env, "Cipher not supported in this libcrypto version"); goto done;}
ctx_ctrl_set_ivlen = cipherp->extra.aead.ctx_ctrl_set_ivlen;
ctx_ctrl_get_tag = cipherp->extra.aead.ctx_ctrl_get_tag;
ctx_ctrl_set_tag = cipherp->extra.aead.ctx_ctrl_set_tag;
if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
if (EVP_CIPHER_CTX_ctrl(ctx, ctx_ctrl_set_ivlen, (int)iv.size, NULL) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
#if defined(HAVE_CCM)
if (type == atom_aes_ccm) {
if (EVP_CIPHER_CTX_ctrl(ctx, ctx_ctrl_set_tag, (int)tag_len, NULL) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
if (EVP_EncryptInit_ex(ctx, NULL, NULL, key.data, iv.data) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
if (EVP_EncryptUpdate(ctx, NULL, &len, NULL, (int)in.size) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
} else
#endif
{
if (EVP_EncryptInit_ex(ctx, NULL, NULL, key.data, iv.data) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
}
if (EVP_EncryptUpdate(ctx, NULL, &len, aad.data, (int)aad.size) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
if ((outp = enif_make_new_binary(env, in.size, &out)) == NULL)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
if (EVP_EncryptUpdate(ctx, outp, &len, in.data, (int)in.size) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
if (EVP_EncryptFinal_ex(ctx, outp/*+len*/, &len) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
if ((tagp = enif_make_new_binary(env, tag_len, &out_tag)) == NULL)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
if (EVP_CIPHER_CTX_ctrl(ctx, ctx_ctrl_get_tag, (int)tag_len, tagp) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
CONSUME_REDS(env, in);
ret = enif_make_tuple2(env, out, out_tag);
- goto done;
-
- bad_arg:
- ret = enif_make_badarg(env);
- goto done;
-
- err:
- ret = atom_error;
done:
if (ctx)
@@ -127,7 +119,7 @@ ERL_NIF_TERM aead_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
return ret;
#else
- return enif_raise_exception(env, atom_notsup);
+ return EXCP_NOTSUP(env, "");
#endif
}
@@ -151,72 +143,72 @@ ERL_NIF_TERM aead_decrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
#endif
if (!enif_is_atom(env, type))
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "non-atom cipher type"); goto done;}
if (!enif_inspect_iolist_as_binary(env, argv[1], &key))
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "non-binary key"); goto done;}
if (!enif_inspect_binary(env, argv[2], &iv))
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "non-binary iv"); goto done;}
if (!enif_inspect_iolist_as_binary(env, argv[3], &aad))
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "non-binary AAD"); goto done;}
if (!enif_inspect_iolist_as_binary(env, argv[4], &in))
- goto bad_arg;
+ {ret = EXCP_BADARG(env, ""); goto done;}
if (!enif_inspect_iolist_as_binary(env, argv[5], &tag))
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "non-binary text"); goto done;}
if (tag.size > INT_MAX
|| key.size > INT_MAX
|| iv.size > INT_MAX
|| in.size > INT_MAX
|| aad.size > INT_MAX)
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "binary too long"); goto done;}
if ((cipherp = get_cipher_type(type, key.size)) == NULL)
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "Unknown cipher"); goto done;}
if (cipherp->flags & NON_EVP_CIPHER)
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "Bad cipher"); goto done;}
if ( !(cipherp->flags & AEAD_CIPHER) )
- goto bad_arg;
+ {ret = EXCP_BADARG(env, "Not aead cipher"); goto done;}
if ((cipher = cipherp->cipher.p) == NULL)
- return enif_raise_exception(env, atom_notsup);
+ {ret = EXCP_NOTSUP(env, "Cipher not supported in this libcrypto version"); goto done;}
ctx_ctrl_set_ivlen = cipherp->extra.aead.ctx_ctrl_set_ivlen;
ctx_ctrl_set_tag = cipherp->extra.aead.ctx_ctrl_set_tag;
if ((outp = enif_make_new_binary(env, in.size, &out)) == NULL)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
if (EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
if (EVP_CIPHER_CTX_ctrl(ctx, ctx_ctrl_set_ivlen, (int)iv.size, NULL) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
#if defined(HAVE_CCM)
if (type == atom_aes_ccm) {
if (EVP_CIPHER_CTX_ctrl(ctx, ctx_ctrl_set_tag, (int)tag.size, tag.data) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
if (EVP_DecryptInit_ex(ctx, NULL, NULL, key.data, iv.data) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
if (EVP_DecryptUpdate(ctx, NULL, &len, NULL, (int)in.size) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
}
else
#endif
{
if (EVP_DecryptInit_ex(ctx, NULL, NULL, key.data, iv.data) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
}
if (EVP_DecryptUpdate(ctx, NULL, &len, aad.data, (int)aad.size) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
if (EVP_DecryptUpdate(ctx, outp, &len, in.data, (int)in.size) != 1)
- goto err;
+ {ret = EXCP_ERROR(env, ""); goto done;}
#if defined(HAVE_GCM)
if (type == atom_aes_gcm) {
if (EVP_CIPHER_CTX_ctrl(ctx, ctx_ctrl_set_tag, (int)tag.size, tag.data) != 1)
- goto err;
+ goto err;
if (EVP_DecryptFinal_ex(ctx, outp+len, &len) != 1)
goto err;
}
@@ -225,11 +217,8 @@ ERL_NIF_TERM aead_decrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
ret = out;
goto done;
- bad_arg:
- ret = enif_make_badarg(env);
- goto done;
-
err:
+ /* Decrypt failed, that is, wrong tag */
ret = atom_error;
done:
@@ -238,6 +227,6 @@ ERL_NIF_TERM aead_decrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
return ret;
#else
- return enif_raise_exception(env, atom_notsup);
+ return EXCP_NOTSUP(env, "");
#endif
}
diff --git a/lib/crypto/c_src/algorithms.c b/lib/crypto/c_src/algorithms.c
index 06cd109fc1..1d45ed9df2 100644
--- a/lib/crypto/c_src/algorithms.c
+++ b/lib/crypto/c_src/algorithms.c
@@ -68,9 +68,15 @@ void init_algorithms_types(ErlNifEnv* env)
// Non-validated algorithms follow
algo_hash_fips_cnt = algo_hash_cnt;
+#ifdef HAVE_MD4
algo_hash[algo_hash_cnt++] = enif_make_atom(env, "md4");
+#endif
+#ifdef HAVE_MD5
algo_hash[algo_hash_cnt++] = enif_make_atom(env, "md5");
+#endif
+#ifdef HAVE_RIPEMD160
algo_hash[algo_hash_cnt++] = enif_make_atom(env, "ripemd160");
+#endif
algo_pubkey_cnt = 0;
algo_pubkey[algo_pubkey_cnt++] = enif_make_atom(env, "rsa");
diff --git a/lib/crypto/c_src/api_ng.c b/lib/crypto/c_src/api_ng.c
index 6a833a0984..5d063c3ae4 100644
--- a/lib/crypto/c_src/api_ng.c
+++ b/lib/crypto/c_src/api_ng.c
@@ -29,18 +29,6 @@
ERL_NIF_TERM ng_crypto_update(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
ERL_NIF_TERM ng_crypto_one_shot(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
-
-
-/* All nif functions return a valid value or throws an exception */
-#define EXCP(Env, Class, Str) enif_raise_exception((Env), \
- enif_make_tuple2((Env), (Class), \
- enif_make_string((Env),(Str),(ERL_NIF_LATIN1)) ))
-
-#define EXCP_NOTSUP(Env, Str) EXCP((Env), atom_notsup, (Str))
-#define EXCP_BADARG(Env, Str) EXCP((Env), atom_badarg, (Str))
-#define EXCP_ERROR(Env, Str) EXCP((Env), atom_error, (Str))
-
-
#ifdef HAVE_ECB_IVEC_BUG
/* <= 0.9.8l returns faulty ivec length */
# define GET_IV_LEN(Ciph) ((Ciph)->flags & ECB_BUG_0_9_8L) ? 0 : EVP_CIPHER_iv_length((Ciph)->cipher.p)
@@ -207,7 +195,7 @@ static int get_init_args(ErlNifEnv* env,
goto err;
}
-
+#ifdef HAVE_RC2
if (EVP_CIPHER_type((*cipherp)->cipher.p) == NID_rc2_cbc) {
if (key_bin.size > INT_MAX / 8) {
*return_term = EXCP_BADARG(env, "To large rc2_cbc key");
@@ -218,6 +206,7 @@ static int get_init_args(ErlNifEnv* env,
goto err;
}
}
+#endif
if (ivec_arg == atom_undefined || ivec_len == 0)
{
@@ -346,7 +335,7 @@ ERL_NIF_TERM ng_crypto_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM arg
ret = enif_make_resource(env, ctx_res);
if(ctx_res) enif_release_resource(ctx_res);
- } else if (enif_get_resource(env, argv[0], evp_cipher_ctx_rtype, (void**)&ctx_res)) {
+ } else if (enif_get_resource(env, argv[0], (ErlNifResourceType*)evp_cipher_ctx_rtype, (void**)&ctx_res)) {
/* Fetch the flag telling if we are going to encrypt (=true) or decrypt (=false) */
if (argv[3] == atom_true)
encflg = 1;
@@ -426,7 +415,7 @@ ERL_NIF_TERM ng_crypto_update(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[
struct evp_cipher_ctx *ctx_res;
ERL_NIF_TERM ret;
- if (!enif_get_resource(env, argv[0], evp_cipher_ctx_rtype, (void**)&ctx_res))
+ if (!enif_get_resource(env, argv[0], (ErlNifResourceType*)evp_cipher_ctx_rtype, (void**)&ctx_res))
return EXCP_BADARG(env, "Bad 1:st arg");
if (argc == 3) {
diff --git a/lib/crypto/c_src/atoms.c b/lib/crypto/c_src/atoms.c
index 114e3c1985..0793ffa6ca 100644
--- a/lib/crypto/c_src/atoms.c
+++ b/lib/crypto/c_src/atoms.c
@@ -52,6 +52,12 @@ ERL_NIF_TERM atom_ecb_mode;
ERL_NIF_TERM atom_cbc_mode;
ERL_NIF_TERM atom_cfb_mode;
ERL_NIF_TERM atom_ofb_mode;
+ERL_NIF_TERM atom_ctr_mode;
+ERL_NIF_TERM atom_gcm_mode;
+ERL_NIF_TERM atom_ccm_mode;
+ERL_NIF_TERM atom_xts_mode;
+ERL_NIF_TERM atom_wrap_mode;
+ERL_NIF_TERM atom_ocb_mode;
ERL_NIF_TERM atom_stream_cipher;
#if defined(HAVE_EC)
@@ -164,6 +170,12 @@ int init_atoms(ErlNifEnv *env, const ERL_NIF_TERM fips_mode, const ERL_NIF_TERM
atom_cbc_mode = enif_make_atom(env,"cbc_mode");
atom_cfb_mode = enif_make_atom(env,"cfb_mode");
atom_ofb_mode = enif_make_atom(env,"ofb_mode");
+ atom_ctr_mode = enif_make_atom(env,"ctr_mode");
+ atom_gcm_mode = enif_make_atom(env,"gcm_mode");
+ atom_ccm_mode = enif_make_atom(env,"ccm_mode");
+ atom_xts_mode = enif_make_atom(env,"xts_mode");
+ atom_wrap_mode = enif_make_atom(env,"wrap_mode");
+ atom_ocb_mode = enif_make_atom(env,"ocb_mode");
atom_stream_cipher = enif_make_atom(env,"stream_cipher");
#if defined(HAVE_EC)
diff --git a/lib/crypto/c_src/atoms.h b/lib/crypto/c_src/atoms.h
index fc46d838aa..24f6dc26fd 100644
--- a/lib/crypto/c_src/atoms.h
+++ b/lib/crypto/c_src/atoms.h
@@ -56,6 +56,12 @@ extern ERL_NIF_TERM atom_ecb_mode;
extern ERL_NIF_TERM atom_cbc_mode;
extern ERL_NIF_TERM atom_cfb_mode;
extern ERL_NIF_TERM atom_ofb_mode;
+extern ERL_NIF_TERM atom_ctr_mode;
+extern ERL_NIF_TERM atom_gcm_mode;
+extern ERL_NIF_TERM atom_ccm_mode;
+extern ERL_NIF_TERM atom_xts_mode;
+extern ERL_NIF_TERM atom_wrap_mode;
+extern ERL_NIF_TERM atom_ocb_mode;
extern ERL_NIF_TERM atom_stream_cipher;
#if defined(HAVE_EC)
diff --git a/lib/crypto/c_src/cipher.c b/lib/crypto/c_src/cipher.c
index 5c57898c50..2652e1db4e 100644
--- a/lib/crypto/c_src/cipher.c
+++ b/lib/crypto/c_src/cipher.c
@@ -28,12 +28,12 @@
static struct cipher_type_t cipher_types[] =
{
-#ifndef OPENSSL_NO_RC2
+#ifdef HAVE_RC2
{{"rc2_cbc"}, {&EVP_rc2_cbc}, 0, NO_FIPS_CIPHER},
#else
{{"rc2_cbc"}, {NULL}, 0, NO_FIPS_CIPHER},
#endif
-#ifndef OPENSSL_NO_RC4
+#ifdef HAVE_RC4
{{"rc4"}, {&EVP_rc4}, 0, NO_FIPS_CIPHER},
#else
{{"rc4"}, {NULL}, 0, NO_FIPS_CIPHER},
@@ -274,6 +274,42 @@ ERL_NIF_TERM cipher_info_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]
ret_mode = atom_ofb_mode;
break;
+#ifdef EVP_CIPH_CTR_MODE
+ case EVP_CIPH_CTR_MODE:
+ ret_mode = atom_ctr_mode;
+ break;
+#endif
+
+#ifdef EVP_CIPH_GCM_MODE
+ case EVP_CIPH_GCM_MODE:
+ ret_mode = atom_gcm_mode;
+ break;
+#endif
+
+#ifdef EVP_CIPH_CCM_MODE
+ case EVP_CIPH_CCM_MODE:
+ ret_mode = atom_ccm_mode;
+ break;
+#endif
+
+#ifdef EVP_CIPH_XTS_MODE
+ case EVP_CIPH_XTS_MODE:
+ ret_mode = atom_xts_mode;
+ break;
+#endif
+
+#ifdef EVP_CIPH_WRAP_MODE
+ case EVP_CIPH_WRAP_MODE:
+ ret_mode = atom_wrap_mode;
+ break;
+#endif
+
+#ifdef EVP_CIPH_OCB_MODE
+ case EVP_CIPH_OCB_MODE:
+ ret_mode = atom_ocb_mode;
+ break;
+#endif
+
case EVP_CIPH_STREAM_CIPHER:
ret_mode = atom_stream_cipher;
break;
diff --git a/lib/crypto/c_src/common.h b/lib/crypto/c_src/common.h
index 2bc8bdd73c..0bf7f09f4f 100644
--- a/lib/crypto/c_src/common.h
+++ b/lib/crypto/c_src/common.h
@@ -35,4 +35,15 @@
#include "openssl_config.h"
#include "atoms.h"
+
+/* All nif functions return a valid value or throws an exception */
+#define EXCP(Env, Id, Str) enif_raise_exception((Env), \
+ enif_make_tuple2((Env), \
+ (Id), \
+ enif_make_string((Env),(Str),(ERL_NIF_LATIN1)) ))
+
+#define EXCP_NOTSUP(Env, Str) EXCP((Env), atom_notsup, (Str))
+#define EXCP_BADARG(Env, Str) EXCP((Env), atom_badarg, (Str))
+#define EXCP_ERROR(Env, Str) EXCP((Env), atom_error, (Str))
+
#endif /* E_COMMON_H__ */
diff --git a/lib/crypto/c_src/digest.c b/lib/crypto/c_src/digest.c
index fec286c000..c987a664d5 100644
--- a/lib/crypto/c_src/digest.c
+++ b/lib/crypto/c_src/digest.c
@@ -22,10 +22,32 @@
static struct digest_type_t digest_types[] =
{
- {{"md4"}, {&EVP_md4}},
- {{"md5"}, {&EVP_md5}},
- {{"ripemd160"}, {&EVP_ripemd160}},
+ {{"md4"},
+#ifdef HAVE_MD4
+ {&EVP_md4}
+#else
+ {NULL}
+#endif
+ },
+
+ {{"md5"},
+#ifdef HAVE_MD5
+ {&EVP_md5}
+#else
+ {NULL}
+#endif
+ },
+
+ {{"ripemd160"},
+#ifdef HAVE_RIPEMD160
+ {&EVP_ripemd160}
+#else
+ {NULL}
+#endif
+ },
+
{{"sha"}, {&EVP_sha1}},
+
{{"sha224"},
#ifdef HAVE_SHA224
{&EVP_sha224}
@@ -33,6 +55,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"sha256"},
#ifdef HAVE_SHA256
{&EVP_sha256}
@@ -40,6 +63,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"sha384"},
#ifdef HAVE_SHA384
{&EVP_sha384}
@@ -47,6 +71,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"sha512"},
#ifdef HAVE_SHA512
{&EVP_sha512}
@@ -54,6 +79,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"sha3_224"},
#ifdef HAVE_SHA3_224
{&EVP_sha3_224}
@@ -61,6 +87,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"sha3_256"},
#ifdef HAVE_SHA3_256
{&EVP_sha3_256}
@@ -68,6 +95,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"sha3_384"},
#ifdef HAVE_SHA3_384
{&EVP_sha3_384}
@@ -75,6 +103,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"sha3_512"},
#ifdef HAVE_SHA3_512
{&EVP_sha3_512}
@@ -82,6 +111,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"blake2b"},
#ifdef HAVE_BLAKE2
{&EVP_blake2b512}
@@ -89,6 +119,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"blake2s"},
#ifdef HAVE_BLAKE2
{&EVP_blake2s256}
diff --git a/lib/crypto/c_src/engine.c b/lib/crypto/c_src/engine.c
index 7ffbb9e70d..ea5d9a588f 100644
--- a/lib/crypto/c_src/engine.c
+++ b/lib/crypto/c_src/engine.c
@@ -106,15 +106,13 @@ int init_engine_ctx(ErlNifEnv *env) {
(ErlNifResourceDtor*) engine_ctx_dtor,
ERL_NIF_RT_CREATE|ERL_NIF_RT_TAKEOVER,
NULL);
- if (engine_ctx_rtype == NULL)
- goto err;
+ if (engine_ctx_rtype == NULL) {
+ PRINTF_ERR0("CRYPTO: Could not open resource type 'ENGINE_CTX'");
+ return 0;
+ }
#endif
return 1;
-
- err:
- PRINTF_ERR0("CRYPTO: Could not open resource type 'ENGINE_CTX'");
- return 0;
}
ERL_NIF_TERM engine_by_id_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
diff --git a/lib/crypto/c_src/hash.c b/lib/crypto/c_src/hash.c
index 0a9f64acef..9b79258585 100644
--- a/lib/crypto/c_src/hash.c
+++ b/lib/crypto/c_src/hash.c
@@ -21,9 +21,15 @@
#include "hash.h"
#include "digest.h"
-#define MD5_CTX_LEN (sizeof(MD5_CTX))
-#define MD4_CTX_LEN (sizeof(MD4_CTX))
-#define RIPEMD160_CTX_LEN (sizeof(RIPEMD160_CTX))
+#ifdef HAVE_MD5
+# define MD5_CTX_LEN (sizeof(MD5_CTX))
+#endif
+#ifdef HAVE_MD4
+# define MD4_CTX_LEN (sizeof(MD4_CTX))
+#endif
+#ifdef HAVE_RIPEMD160
+# define RIPEMD160_CTX_LEN (sizeof(RIPEMD160_CTX))
+#endif
#if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION_PLAIN(1,0,0)
struct evp_md_ctx {
@@ -261,18 +267,24 @@ ERL_NIF_TERM hash_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
switch (EVP_MD_type(digp->md.p))
{
+#ifdef HAVE_MD4
case NID_md4:
ctx_size = MD4_CTX_LEN;
ctx_init = (init_fun)(&MD4_Init);
break;
+#endif
+#ifdef HAVE_MD5
case NID_md5:
ctx_size = MD5_CTX_LEN;
ctx_init = (init_fun)(&MD5_Init);
break;
+#endif
+#ifdef HAVE_RIPEMD160
case NID_ripemd160:
ctx_size = RIPEMD160_CTX_LEN;
ctx_init = (init_fun)(&RIPEMD160_Init);
break;
+#endif
case NID_sha1:
ctx_size = sizeof(SHA_CTX);
ctx_init = (init_fun)(&SHA1_Init);
@@ -352,18 +364,24 @@ ERL_NIF_TERM hash_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]
switch (EVP_MD_type(digp->md.p))
{
+#ifdef HAVE_MD4
case NID_md4:
ctx_size = MD4_CTX_LEN;
ctx_update = (update_fun)(&MD4_Update);
break;
+#endif
+#ifdef HAVE_MD5
case NID_md5:
ctx_size = MD5_CTX_LEN;
ctx_update = (update_fun)(&MD5_Update);
break;
+#endif
+#ifdef HAVE_RIPEMD160
case NID_ripemd160:
ctx_size = RIPEMD160_CTX_LEN;
ctx_update = (update_fun)(&RIPEMD160_Update);
break;
+#endif
case NID_sha1:
ctx_size = sizeof(SHA_CTX);
ctx_update = (update_fun)(&SHA1_Update);
@@ -448,18 +466,24 @@ ERL_NIF_TERM hash_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
switch (EVP_MD_type(md))
{
+#ifdef HAVE_MD4
case NID_md4:
ctx_size = MD4_CTX_LEN;
ctx_final = (final_fun)(&MD4_Final);
break;
+#endif
+#ifdef HAVE_MD5
case NID_md5:
ctx_size = MD5_CTX_LEN;
ctx_final = (final_fun)(&MD5_Final);
break;
- case NID_ripemd160:
+#endif
+#ifdef HAVE_RIPEMD160
+ case NID_ripemd160:
ctx_size = RIPEMD160_CTX_LEN;
ctx_final = (final_fun)(&RIPEMD160_Final);
break;
+#endif
case NID_sha1:
ctx_size = sizeof(SHA_CTX);
ctx_final = (final_fun)(&SHA1_Final);
diff --git a/lib/crypto/c_src/hmac.c b/lib/crypto/c_src/hmac.c
index c41e50eb35..ff7005d75e 100644
--- a/lib/crypto/c_src/hmac.c
+++ b/lib/crypto/c_src/hmac.c
@@ -181,7 +181,7 @@ ERL_NIF_TERM hmac_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]
ASSERT(argc == 2);
- if (!enif_get_resource(env, argv[0], hmac_context_rtype, (void**)&obj))
+ if (!enif_get_resource(env, argv[0], (ErlNifResourceType*)hmac_context_rtype, (void**)&obj))
goto bad_arg;
if (!enif_inspect_iolist_as_binary(env, argv[1], &data))
goto bad_arg;
@@ -224,7 +224,7 @@ ERL_NIF_TERM hmac_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
ASSERT(argc == 1 || argc == 2);
- if (!enif_get_resource(env, argv[0], hmac_context_rtype, (void**)&obj))
+ if (!enif_get_resource(env, argv[0], (ErlNifResourceType*)hmac_context_rtype, (void**)&obj))
goto bad_arg;
if (argc == 2) {
if (!enif_get_uint(env, argv[1], &req_len))
diff --git a/lib/crypto/c_src/openssl_config.h b/lib/crypto/c_src/openssl_config.h
index 46868cb987..f926f8af13 100644
--- a/lib/crypto/c_src/openssl_config.h
+++ b/lib/crypto/c_src/openssl_config.h
@@ -166,6 +166,28 @@
# define HAVE_BLAKE2
#endif
+#ifndef OPENSSL_NO_MD4
+# define HAVE_MD4
+#endif
+
+#ifndef OPENSSL_NO_MD5
+# define HAVE_MD5
+#endif
+
+#ifndef OPENSSL_NO_RC2
+# define HAVE_RC2
+#endif
+
+#ifndef OPENSSL_NO_RC4
+# define HAVE_RC4
+#endif
+
+#ifndef OPENSSL_NO_RMD160
+/* Note RMD160 vs RIPEMD160 */
+# define HAVE_RIPEMD160
+#endif
+
+
#if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION(0,9,8,'o') \
&& !defined(OPENSSL_NO_EC) \
&& !defined(OPENSSL_NO_ECDH) \
@@ -192,7 +214,9 @@
# define HAVE_AEAD
# define HAVE_GCM
# define HAVE_CCM
-# define HAVE_CMAC
+# ifndef OPENSSL_NO_CMAC
+# define HAVE_CMAC
+# endif
# if defined(RSA_PKCS1_OAEP_PADDING)
# define HAVE_RSA_OAEP_PADDING
# endif
@@ -204,21 +228,27 @@
#if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION_PLAIN(1,1,0)
# ifndef HAS_LIBRESSL
-# define HAVE_CHACHA20_POLY1305
+# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+# define HAVE_CHACHA20_POLY1305
+# endif
# define HAVE_RSA_OAEP_MD
# endif
#endif
#if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION(1,1,0,'d')
# ifndef HAS_LIBRESSL
-# define HAVE_CHACHA20
+# ifndef OPENSSL_NO_CHACHA
+# define HAVE_CHACHA20
+# endif
# endif
#endif
// OPENSSL_VERSION_NUMBER >= 1.1.1-pre8
#if OPENSSL_VERSION_NUMBER >= (PACKED_OPENSSL_VERSION_PLAIN(1,1,1)-7)
# ifndef HAS_LIBRESSL
-# define HAVE_POLY1305
+# if !defined(OPENSSL_NO_POLY1305)
+# define HAVE_POLY1305
+# endif
# endif
#endif
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 83e10c4c78..8a4fad67de 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -192,7 +192,16 @@
<datatypes>
<datatype_title>Ciphers</datatype_title>
<datatype>
+ <name name="cipher"/>
<name name="stream_cipher"/>
+ <name name="block_cipher"/>
+ <desc>
+ <p>Ciphers known byt the CRYPTO application. Note that this list might be reduced if the
+ underlying libcrypto does not support all of them.</p>
+ </desc>
+ </datatype>
+
+ <datatype>
<name name="stream_cipher_iv"/>
<name name="stream_cipher_no_iv"/>
<desc>
@@ -204,7 +213,7 @@
</datatype>
<datatype>
- <name name="block_cipher_with_iv"/>
+ <name name="block_cipher_iv"/>
<name name="cbc_cipher"/>
<name name="cfb_cipher"/>
<desc>
@@ -228,7 +237,7 @@
</datatype>
<datatype>
- <name name="block_cipher_without_iv"/>
+ <name name="block_cipher_no_iv"/>
<name name="ecb_cipher"/>
<desc>
<p>Block ciphers without initialization vector for
@@ -248,20 +257,16 @@
</desc>
</datatype>
- <datatype_title>Digests</datatype_title>
+ <datatype_title>Digests and hash</datatype_title>
<datatype>
- <name name="sha1"/>
- <name name="sha2"/>
- <name name="sha3"/>
- <name name="blake2"/>
+ <name name="hash_algorithm"/>
<desc>
</desc>
</datatype>
<datatype>
- <name name="compatibility_only_hash"/>
+ <name name="hmac_hash_algorithm"/>
<desc>
- <p>The <c>compatibility_only_hash()</c> algorithms are recommended only for compatibility with existing applications.</p>
</desc>
</datatype>
@@ -283,6 +288,17 @@
</desc>
</datatype>
+ <datatype>
+ <name name="sha1"/>
+ <name name="sha2"/>
+ <name name="sha3"/>
+ <name name="blake2"/>
+ <name name="compatibility_only_hash"/>
+ <desc>
+ <p>The <c>compatibility_only_hash()</c> algorithms are recommended only for compatibility with existing applications.</p>
+ </desc>
+ </datatype>
+
<datatype_title>Elliptic Curves</datatype_title>
<datatype>
<name name="ec_named_curve"/>
@@ -537,6 +553,52 @@
</desc>
</datatype>
+ <datatype_title>Error types</datatype_title>
+
+ <datatype>
+ <name name="run_time_error"/>
+ <desc>
+ <p>The exception <c>error:badarg</c> signifies that one or more arguments are of wrong data type,
+ or are otherwise badly formed.
+ </p>
+ <p>The exception <c>error:notsup</c> signifies that the algorithm is known but is not supported
+ by current underlying libcrypto or explicitly disabled when building that.
+ </p>
+ <p>For a list of supported algorithms, see <seealso marker="#supports-0">supports/0</seealso>.
+ </p>
+ </desc>
+ </datatype>
+
+ <datatype>
+ <name name="descriptive_error"/>
+ <desc>
+ <p>This is a more developed variant of the older
+ <seealso marker="#type-run_time_error">run_time_error()</seealso>.
+ </p>
+ <p>It is like the older type an exception of the <c>error</c> class. In addition they contain
+ a descriptive text in English. That text is targeted to a developer. Examples are "Bad key size"
+ or "Cipher id is not an atom".
+ </p>
+ <p>The exceptions are:</p>
+ <taglist>
+ <tag><c>{badarg, Description::string()}</c></tag>
+ <item><p>Signifies that one or more arguments are of wrong data type or are otherwise badly formed.</p>
+ </item>
+
+ <tag><c>{notsup, Description::string()}</c></tag>
+ <item><p>Signifies that the algorithm is known but is not supported by current underlying libcrypto
+ or explicitly disabled when building that one.</p>
+ </item>
+
+ <tag><c>{error, Description::string()}</c></tag>
+ <item><p>An error condition that should not occur, for example a memory allocation failed or
+ the underlying cryptolib returned an error code, for example "Can't initialize context, step 1".
+ Thoose text usually needs searching the C-code to be understood.</p>
+ </item>
+ </taglist>
+ </desc>
+ </datatype>
+
</datatypes>
<!--================ FUNCTIONS ================-->
@@ -568,17 +630,18 @@
</func>
<func>
- <name since="OTP R16B01">block_encrypt(Type, Key, Ivec, PlainText) -> CipherText</name>
- <name since="OTP R16B01">block_encrypt(AeadType, Key, Ivec, {AAD, PlainText}) -> {CipherText, CipherTag}</name>
- <name since="OTP R16B01">block_encrypt(aes_gcm | aes_ccm, Key, Ivec, {AAD, PlainText, TagLength}) -> {CipherText, CipherTag}</name>
+ <name since="OTP R16B01">block_encrypt(Type, Key, Ivec, PlainText) -> CipherText | Error</name>
+ <name since="OTP R16B01">block_encrypt(AeadType, Key, Ivec, {AAD, PlainText}) -> {CipherText, CipherTag} | Error</name>
+ <name since="OTP R16B01">block_encrypt(aes_gcm | aes_ccm, Key, Ivec, {AAD, PlainText, TagLength}) -> {CipherText, CipherTag} | Error </name>
<fsummary>Encrypt <c>PlainText</c> according to <c>Type</c> block cipher</fsummary>
<type>
- <v>Type = <seealso marker="#type-block_cipher_with_iv">block_cipher_with_iv()</seealso></v>
+ <v>Type = <seealso marker="#type-block_cipher_iv">block_cipher_iv()</seealso></v>
<v>AeadType = <seealso marker="#type-aead_cipher">aead_cipher()</seealso></v>
<v>Key = <seealso marker="#type-key">key()</seealso> | <seealso marker="#type-des3_key">des3_key()</seealso></v>
<v>PlainText = iodata()</v>
<v>AAD = IVec = CipherText = CipherTag = binary()</v>
<v>TagLength = 1..16</v>
+ <v>Error = <seealso marker="#type-run_time_error">run_time_error()</seealso></v>
</type>
<desc>
<p>Encrypt <c>PlainText</c> according to <c>Type</c> block cipher.
@@ -595,15 +658,17 @@
</func>
<func>
- <name since="OTP R16B01">block_decrypt(Type, Key, Ivec, CipherText) -> PlainText</name>
- <name since="OTP R16B01">block_decrypt(AeadType, Key, Ivec, {AAD, CipherText, CipherTag}) -> PlainText | error</name>
+ <name since="OTP R16B01">block_decrypt(Type, Key, Ivec, CipherText) -> PlainText | Error</name>
+ <name since="OTP R16B01">block_decrypt(AeadType, Key, Ivec, {AAD, CipherText, CipherTag}) -> PlainText | Error</name>
<fsummary>Decrypt <c>CipherText</c> according to <c>Type</c> block cipher</fsummary>
<type>
- <v>Type = <seealso marker="#type-block_cipher_with_iv">block_cipher_with_iv()</seealso></v>
+ <v>Type = <seealso marker="#type-block_cipher_iv">block_cipher_iv()</seealso></v>
<v>AeadType = <seealso marker="#type-aead_cipher">aead_cipher()</seealso></v>
<v>Key = <seealso marker="#type-key">key()</seealso> | <seealso marker="#type-des3_key">des3_key()</seealso></v>
<v>PlainText = iodata()</v>
<v>AAD = IVec = CipherText = CipherTag = binary()</v>
+ <v>Error = BadTag | <seealso marker="#type-run_time_error">run_time_error()</seealso></v>
+ <v>BadTag = error</v>
</type>
<desc>
<p>Decrypt <c>CipherText</c> according to <c>Type</c> block cipher.
@@ -844,6 +909,39 @@
</func>
<func>
+ <name name="hash_info" arity="1" since="OTP 22.0"/>
+ <fsummary>Information about supported hash algorithms.</fsummary>
+ <desc>
+ <p>Provides a map with information about block_size, size and possibly other properties of the
+ hash algorithm in question.
+ </p>
+ <p>For a list of supported hash algorithms, see <seealso marker="#supports-0">supports/0</seealso>.
+ </p>
+ </desc>
+ </func>
+
+ <func>
+ <name name="cipher_info" arity="1" since="OTP 22.0"/>
+ <fsummary>Information about supported ciphers.</fsummary>
+ <desc>
+ <p>Provides a map with information about block_size, key_length, iv_length and possibly other properties of the
+ cipher algorithm in question.
+ </p>
+ <note>
+ <p>The ciphers <c>aes_cbc</c>, <c>aes_cfb8</c>, <c>aes_cfb128</c>, <c>aes_ctr</c>,
+ <c>aes_ecb</c>, <c>aes_gcm</c> and <c>aes_ccm</c>
+ has no keylength in the <c>Type</c> as opposed to for example <c>aes_128_ctr</c>. They adapt to the length of
+ the key provided in the encrypt and decrypt function. Therefor it is impossible to return a valid keylength
+ in the map.</p>
+ <p>Always use a <c>Type</c> with an explicit key length,
+ </p>
+ </note>
+ <p>For a list of supported cipher algorithms, see <seealso marker="#supports-0">supports/0</seealso>.
+ </p>
+ </desc>
+ </func>
+
+ <func>
<name name="mod_pow" arity="3" since="OTP R16B01"/>
<fsummary>Computes the function: N^P mod M</fsummary>
<desc>
@@ -1289,8 +1387,8 @@ FloatValue = rand:uniform(). % again
<desc>
<p> Can be used to determine which crypto algorithms that are supported
by the underlying libcrypto library</p>
- <p>Note: the <c>rsa_opts</c> entry is in an experimental state and may change or be removed without notice.
- No guarantee for the accuarcy of the rsa option's value list should be assumed.
+ <p>See <seealso marker="#hash_info-1">hash_info/1</seealso> and <seealso marker="#cipher_info-1">cipher_info/1</seealso>
+ for information about the hash and cipher algorithms.
</p>
</desc>
</func>
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 5cf34f8069..fd13481951 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -277,7 +277,13 @@
-type edwards_curve_ed() :: ed25519 | ed448 .
%%%
--type block_cipher_with_iv() :: cbc_cipher()
+-type cipher() :: block_cipher()
+ | stream_cipher()
+ | aead_cipher() .
+
+-type block_cipher() :: block_cipher_iv() | block_cipher_no_iv() .
+
+-type block_cipher_iv() :: cbc_cipher()
| cfb_cipher()
| aes_ige256
| blowfish_ofb64
@@ -310,7 +316,7 @@
| des3_cfb .
--type block_cipher_without_iv() :: ecb_cipher() .
+-type block_cipher_no_iv() :: ecb_cipher() .
-type ecb_cipher() :: des_ecb | blowfish_ecb | aes_ecb .
-type key() :: iodata().
@@ -330,6 +336,20 @@
-type crypto_integer() :: binary() | integer().
+%%%
+%% Exceptions
+%% error:badarg
+%% error:notsup
+-type run_time_error() :: no_return().
+
+%% Exceptions
+%% error:{badarg,Reason::term()}
+%% error:{notsup,Reason::term()}
+%% error:{error,Reason::term()}
+-type descriptive_error() :: no_return() .
+
+
+%%--------------------------------------------------------------------
-compile(no_native).
-on_load(on_load/0).
-define(CRYPTO_NIF_VSN,302).
@@ -368,10 +388,7 @@ stop() ->
| {curves, Curves}
| {rsa_opts, RSAopts},
Hashs :: [sha1() | sha2() | sha3() | blake2() | ripemd160 | compatibility_only_hash()],
- Ciphers :: [stream_cipher()
- | block_cipher_with_iv() | block_cipher_without_iv()
- | aead_cipher()
- ],
+ Ciphers :: [cipher()],
PKs :: [rsa | dss | ecdsa | dh | ecdh | ec_gf2m],
Macs :: [hmac | cmac | poly1305],
Curves :: [ec_named_curve() | edwards_curve_dh() | edwards_curve_ed()],
@@ -405,14 +422,18 @@ enable_fips_mode(_) -> ?nif_stub.
%%%
%%%================================================================
--define(HASH_HASH_ALGORITHM, sha1() | sha2() | sha3() | blake2() | ripemd160 | compatibility_only_hash() ).
-
--spec hash_info(Type) -> map() when Type :: ?HASH_HASH_ALGORITHM.
+-type hash_algorithm() :: sha1() | sha2() | sha3() | blake2() | ripemd160 | compatibility_only_hash() .
+-spec hash_info(Type) -> Result | run_time_error()
+ when Type :: hash_algorithm(),
+ Result :: #{size := integer(),
+ block_size := integer(),
+ type := integer()
+ } .
hash_info(Type) ->
notsup_to_error(hash_info_nif(Type)).
--spec hash(Type, Data) -> Digest when Type :: ?HASH_HASH_ALGORITHM,
+-spec hash(Type, Data) -> Digest when Type :: hash_algorithm(),
Data :: iodata(),
Digest :: binary().
hash(Type, Data) ->
@@ -422,7 +443,7 @@ hash(Type, Data) ->
-opaque hash_state() :: reference().
--spec hash_init(Type) -> State when Type :: ?HASH_HASH_ALGORITHM,
+-spec hash_init(Type) -> State when Type :: hash_algorithm(),
State :: hash_state().
hash_init(Type) ->
notsup_to_error(hash_init_nif(Type)).
@@ -448,12 +469,12 @@ hash_final(Context) ->
%%%---- HMAC
--define(HMAC_HASH_ALGORITHM, sha1() | sha2() | sha3() | compatibility_only_hash()).
+-type hmac_hash_algorithm() :: sha1() | sha2() | sha3() | compatibility_only_hash().
%%%---- hmac/3,4
-spec hmac(Type, Key, Data) ->
- Mac when Type :: ?HMAC_HASH_ALGORITHM,
+ Mac when Type :: hmac_hash_algorithm(),
Key :: iodata(),
Data :: iodata(),
Mac :: binary() .
@@ -462,7 +483,7 @@ hmac(Type, Key, Data) ->
hmac(Type, Key, Data1, undefined, erlang:byte_size(Data1), max_bytes()).
-spec hmac(Type, Key, Data, MacLength) ->
- Mac when Type :: ?HMAC_HASH_ALGORITHM,
+ Mac when Type :: hmac_hash_algorithm(),
Key :: iodata(),
Data :: iodata(),
MacLength :: integer(),
@@ -477,7 +498,7 @@ hmac(Type, Key, Data, MacLength) ->
-opaque hmac_state() :: binary().
-spec hmac_init(Type, Key) ->
- State when Type :: ?HMAC_HASH_ALGORITHM,
+ State when Type :: hmac_hash_algorithm(),
Key :: iodata(),
State :: hmac_state() .
hmac_init(Type, Key) ->
@@ -541,79 +562,124 @@ poly1305(Key, Data) ->
%%%================================================================
-define(COMPAT(CALL),
- try CALL
+ try begin CALL end
catch
+ error:{error,_} ->
+ error(badarg);
error:{E,_Reason} when E==notsup ; E==badarg ->
error(E)
end).
--spec cipher_info(Type) -> map() when Type :: block_cipher_with_iv()
- | aead_cipher()
- | block_cipher_without_iv().
+%%%---- Cipher info
+%%%----------------------------------------------------------------
+-spec cipher_info(Type) -> Result | run_time_error()
+ when Type :: cipher(),
+ Result :: #{key_length := integer(),
+ iv_length := integer(),
+ block_size := integer(),
+ mode := CipherModes,
+ type := undefined | integer()
+ },
+ CipherModes :: undefined
+ | cbc_mode
+ | ccm_mode
+ | cfb_mode
+ | ctr_mode
+ | ecb_mode
+ | gcm_mode
+ | ige_mode
+ | ocb_mode
+ | ofb_mode
+ | wrap_mode
+ | xts_mode
+ .
+
+%% These ciphers are not available via the EVP interface on older cryptolibs.
+cipher_info(aes_ctr) ->
+ #{block_size => 1,iv_length => 16,key_length => 32,mode => ctr_mode,type => undefined};
+cipher_info(aes_128_ctr) ->
+ #{block_size => 1,iv_length => 16,key_length => 16,mode => ctr_mode,type => undefined};
+cipher_info(aes_192_ctr) ->
+ #{block_size => 1,iv_length => 16,key_length => 24,mode => ctr_mode,type => undefined};
+cipher_info(aes_256_ctr) ->
+ #{block_size => 1,iv_length => 16,key_length => 32,mode => ctr_mode,type => undefined};
+%% This cipher is handled specialy.
+cipher_info(aes_ige256) ->
+ #{block_size => 16,iv_length => 32,key_length => 16,mode => ige_mode,type => undefined};
cipher_info(Type) ->
- cipher_info_nif(Type).
+ cipher_info_nif(alias(Type)).
%%%---- Block ciphers
%%%----------------------------------------------------------------
--spec block_encrypt(Type::block_cipher_with_iv(), Key::key()|des3_key(), Ivec::binary(), PlainText::iodata()) -> binary();
+-spec block_encrypt(Type::block_cipher_iv(), Key::key()|des3_key(), Ivec::binary(), PlainText::iodata()) ->
+ binary() | run_time_error();
(Type::aead_cipher(), Key::iodata(), Ivec::binary(), {AAD::binary(), PlainText::iodata()}) ->
- {binary(), binary()};
+ {binary(), binary()} | run_time_error();
(aes_gcm | aes_ccm, Key::iodata(), Ivec::binary(), {AAD::binary(), PlainText::iodata(), TagLength::1..16}) ->
- {binary(), binary()}.
+ {binary(), binary()} | run_time_error().
-block_encrypt(Type, Key, Ivec, Data) ->
- do_block_encrypt(alias(Type), Key, Ivec, Data).
-
-do_block_encrypt(Type, Key, Ivec, PlainText) when Type =:= aes_ige256 ->
+block_encrypt(aes_ige256, Key, Ivec, PlainText) ->
notsup_to_error(aes_ige_crypt_nif(Key, Ivec, PlainText, true));
-do_block_encrypt(Type, Key, Ivec, {AAD, PlainText}) when Type =:= chacha20_poly1305 ->
- aead_encrypt(Type, Key, Ivec, AAD, PlainText, 16);
-
-do_block_encrypt(Type, Key, Ivec, Data) when Type =:= aes_gcm;
- Type =:= aes_ccm ->
- case Data of
- {AAD, PlainText} ->
- aead_encrypt(Type, Key, Ivec, AAD, PlainText);
- {AAD, PlainText, TagLength} ->
- aead_encrypt(Type, Key, Ivec, AAD, PlainText, TagLength)
- end;
-
-do_block_encrypt(Type, Key, Ivec, PlainText) ->
- ?COMPAT(crypto_one_shot(Type, Key, Ivec, PlainText, true)).
-
-
--spec block_encrypt(Type::block_cipher_without_iv(), Key::key(), PlainText::iodata()) -> binary().
-
-block_encrypt(Type, Key, PlainText) ->
- ?COMPAT(crypto_one_shot(Type, Key, <<>>, PlainText, true)).
+block_encrypt(Type, Key0, Ivec, Data) ->
+ Key = iolist_to_binary(Key0),
+ ?COMPAT(
+ case Data of
+ {AAD, PlainText} ->
+ aead_encrypt(alias(Type,Key), Key, Ivec, AAD, PlainText, aead_tag_len(Type));
+ {AAD, PlainText, TagLength} ->
+ aead_encrypt(alias(Type,Key), Key, Ivec, AAD, PlainText, TagLength);
+ PlainText ->
+ crypto_one_shot(alias(Type,Key), Key, Ivec, PlainText, true)
+ end).
+
+-spec block_encrypt(Type::block_cipher_no_iv(), Key::key(), PlainText::iodata()) ->
+ binary() | run_time_error().
+
+block_encrypt(Type, Key0, PlainText) ->
+ Key = iolist_to_binary(Key0),
+ ?COMPAT(crypto_one_shot(alias(Type,Key), Key, <<>>, PlainText, true)).
+
+
+aead_tag_len(chacha20_poly1305) -> 16;
+aead_tag_len(aes_ccm) -> 12;
+aead_tag_len(aes_128_ccm) -> 12;
+aead_tag_len(aes_192_ccm) -> 12;
+aead_tag_len(aes_256_ccm) -> 12;
+aead_tag_len(aes_gcm) -> 16;
+aead_tag_len(aes_128_gcm) -> 16;
+aead_tag_len(aes_192_gcm) -> 16;
+aead_tag_len(aes_256_gcm) -> 16.
%%%----------------------------------------------------------------
%%%----------------------------------------------------------------
--spec block_decrypt(Type::block_cipher_with_iv(), Key::key()|des3_key(), Ivec::binary(), Data::iodata()) -> binary();
+-spec block_decrypt(Type::block_cipher_iv(), Key::key()|des3_key(), Ivec::binary(), Data::iodata()) ->
+ binary() | run_time_error();
(Type::aead_cipher(), Key::iodata(), Ivec::binary(),
- {AAD::binary(), Data::iodata(), Tag::binary()}) -> binary() | error.
-
-block_decrypt(Type, Key, Ivec, Data) ->
- do_block_decrypt(alias(Type), Key, Ivec, Data).
+ {AAD::binary(), Data::iodata(), Tag::binary()}) ->
+ binary() | error | run_time_error() .
-do_block_decrypt(aes_ige256, Key, Ivec, Data) ->
+block_decrypt(aes_ige256, Key, Ivec, Data) ->
notsup_to_error(aes_ige_crypt_nif(Key, Ivec, Data, false));
-do_block_decrypt(Type, Key, Ivec, {AAD, Data, Tag}) when Type =:= aes_gcm;
- Type =:= aes_ccm;
- Type =:= chacha20_poly1305 ->
- aead_decrypt(Type, Key, Ivec, AAD, Data, Tag);
+block_decrypt(Type, Key0, Ivec, Data) ->
+ Key = iolist_to_binary(Key0),
+ ?COMPAT(
+ case Data of
+ {AAD, CryptoText, Tag} ->
+ aead_decrypt(alias(Type,Key), Key, Ivec, AAD, CryptoText, Tag);
+ CryptoText ->
+ crypto_one_shot(alias(Type,Key), Key, Ivec, CryptoText, false)
+ end).
-do_block_decrypt(Type, Key, Ivec, Data) ->
- ?COMPAT(crypto_one_shot(Type, Key, Ivec, Data, false)).
+-spec block_decrypt(Type::block_cipher_no_iv(), Key::key(), Data::iodata()) ->
+ binary() | run_time_error().
--spec block_decrypt(Type::block_cipher_without_iv(), Key::key(), Data::iodata()) -> binary().
-
-block_decrypt(Type, Key, Data) ->
- ?COMPAT(crypto_one_shot(Type, Key, <<>>, Data, false)).
+block_decrypt(Type, Key0, CryptoText) ->
+ Key = iolist_to_binary(Key0),
+ ?COMPAT(crypto_one_shot(alias(Type,Key), Key, <<>>, CryptoText, false)).
%%%-------- Stream ciphers API
@@ -630,32 +696,34 @@ block_decrypt(Type, Key, Data) ->
| chacha20 .
%%%---- stream_init
--spec stream_init(Type, Key, IVec) -> State | no_return()
+-spec stream_init(Type, Key, IVec) -> State | run_time_error()
when Type :: stream_cipher_iv(),
Key :: iodata(),
IVec ::binary(),
State :: stream_state() .
-stream_init(Type, Key, IVec) when is_binary(IVec) ->
- Ref = ?COMPAT(ng_crypto_init_nif(alias(Type),
- iolist_to_binary(Key), iolist_to_binary(IVec),
+stream_init(Type, Key0, IVec) when is_binary(IVec) ->
+ Key = iolist_to_binary(Key0),
+ Ref = ?COMPAT(ng_crypto_init_nif(alias(Type,Key),
+ Key, iolist_to_binary(IVec),
undefined)
),
{Type, {Ref,flg_undefined}}.
--spec stream_init(Type, Key) -> State | no_return()
+-spec stream_init(Type, Key) -> State | run_time_error()
when Type :: stream_cipher_no_iv(),
Key :: iodata(),
State :: stream_state() .
-stream_init(rc4 = Type, Key) ->
- Ref = ?COMPAT(ng_crypto_init_nif(alias(Type),
- iolist_to_binary(Key), <<>>,
+stream_init(rc4 = Type, Key0) ->
+ Key = iolist_to_binary(Key0),
+ Ref = ?COMPAT(ng_crypto_init_nif(alias(Type,Key),
+ Key, <<>>,
undefined)
),
{Type, {Ref,flg_undefined}}.
%%%---- stream_encrypt
--spec stream_encrypt(State, PlainText) -> {NewState, CipherText} | no_return()
+-spec stream_encrypt(State, PlainText) -> {NewState, CipherText} | run_time_error()
when State :: stream_state(),
PlainText :: iodata(),
NewState :: stream_state(),
@@ -664,7 +732,7 @@ stream_encrypt(State, Data) ->
crypto_stream_emulate(State, Data, true).
%%%---- stream_decrypt
--spec stream_decrypt(State, CipherText) -> {NewState, PlainText} | no_return()
+-spec stream_decrypt(State, CipherText) -> {NewState, PlainText} | run_time_error()
when State :: stream_state(),
CipherText :: iodata(),
NewState :: stream_state(),
@@ -723,8 +791,8 @@ next_iv(Type, Data, _Ivec) ->
%%% Create and initialize a new state for encryption or decryption
%%%
--spec crypto_init(Cipher, Key, EncryptFlag) -> State | ng_crypto_error()
- when Cipher :: block_cipher_without_iv()
+-spec crypto_init(Cipher, Key, EncryptFlag) -> State | descriptive_error()
+ when Cipher :: block_cipher_no_iv()
| stream_cipher_no_iv(),
Key :: iodata(),
EncryptFlag :: boolean(),
@@ -734,9 +802,9 @@ crypto_init(Cipher, Key, EncryptFlag) ->
ng_crypto_init_nif(alias(Cipher), iolist_to_binary(Key), <<>>, EncryptFlag).
--spec crypto_init(Cipher, Key, IV, EncryptFlag) -> State | ng_crypto_error()
+-spec crypto_init(Cipher, Key, IV, EncryptFlag) -> State | descriptive_error()
when Cipher :: stream_cipher_iv()
- | block_cipher_with_iv(),
+ | block_cipher_iv(),
Key :: iodata(),
IV :: iodata(),
EncryptFlag :: boolean(),
@@ -747,9 +815,9 @@ crypto_init(Cipher, Key, IV, EncryptFlag) ->
%%%----------------------------------------------------------------
--spec crypto_init_dyn_iv(Cipher, Key, EncryptFlag) -> State | ng_crypto_error()
+-spec crypto_init_dyn_iv(Cipher, Key, EncryptFlag) -> State | descriptive_error()
when Cipher :: stream_cipher_iv()
- | block_cipher_with_iv(),
+ | block_cipher_iv(),
Key :: iodata(),
EncryptFlag :: boolean(),
State :: crypto_state() .
@@ -764,7 +832,7 @@ crypto_init_dyn_iv(Cipher, Key, EncryptFlag) ->
%%% blocksize.
%%%
--spec crypto_update(State, Data) -> Result | ng_crypto_error()
+-spec crypto_update(State, Data) -> Result | descriptive_error()
when State :: crypto_state(),
Data :: iodata(),
Result :: binary() .
@@ -778,7 +846,7 @@ crypto_update(State, Data0) ->
%%%----------------------------------------------------------------
--spec crypto_update_dyn_iv(State, Data, IV) -> Result | ng_crypto_error()
+-spec crypto_update_dyn_iv(State, Data, IV) -> Result | descriptive_error()
when State :: crypto_state(),
Data :: iodata(),
IV :: iodata(),
@@ -798,15 +866,16 @@ crypto_update_dyn_iv(State, Data0, IV) ->
%%% The size must be an integer multiple of the crypto's blocksize.
%%%
--spec crypto_one_shot(Cipher, Key, IV, Data, EncryptFlag) -> Result | ng_crypto_error()
- when Cipher :: stream_cipher()
- | block_cipher_with_iv()
- | block_cipher_without_iv(),
- Key :: iodata(),
- IV :: iodata() | undefined,
- Data :: iodata(),
- EncryptFlag :: boolean(),
- Result :: binary() .
+-spec crypto_one_shot(Cipher, Key, IV, Data, EncryptFlag) ->
+ Result | descriptive_error()
+ when Cipher :: stream_cipher()
+ | block_cipher(),
+ Key :: iodata(),
+ IV :: iodata() | undefined,
+ Data :: iodata(),
+ EncryptFlag :: boolean(),
+ Result :: binary() .
+
crypto_one_shot(Cipher, Key, undefined, Data, EncryptFlag) ->
crypto_one_shot(Cipher, Key, <<>>, Data, EncryptFlag);
@@ -823,21 +892,25 @@ crypto_one_shot(Cipher, Key, IV, Data0, EncryptFlag) ->
%%%----------------------------------------------------------------
%%% NIFs
--type ng_crypto_error() :: no_return() .
+-spec ng_crypto_init_nif(atom(), binary(), binary()|undefined, boolean()|undefined ) ->
+ crypto_state() | descriptive_error()
+ ; (crypto_state(), <<>>, <<>>, boolean())
+ -> crypto_state() | descriptive_error().
--spec ng_crypto_init_nif(atom(), binary(), binary()|undefined, boolean()|undefined ) -> crypto_state() | ng_crypto_error()
- ; (crypto_state(), <<>>, <<>>, boolean()) -> crypto_state() | ng_crypto_error().
ng_crypto_init_nif(_Cipher, _Key, _IVec, _EncryptFlg) -> ?nif_stub.
--spec ng_crypto_update_nif(crypto_state(), binary()) -> binary() | ng_crypto_error() .
+-spec ng_crypto_update_nif(crypto_state(), binary()) ->
+ binary() | descriptive_error() .
ng_crypto_update_nif(_State, _Data) -> ?nif_stub.
--spec ng_crypto_update_nif(crypto_state(), binary(), binary()) -> binary() | ng_crypto_error() .
+-spec ng_crypto_update_nif(crypto_state(), binary(), binary()) ->
+ binary() | descriptive_error() .
ng_crypto_update_nif(_State, _Data, _IV) -> ?nif_stub.
--spec ng_crypto_one_shot_nif(atom(), binary(), binary(), binary(), boolean() ) -> binary() | ng_crypto_error().
+-spec ng_crypto_one_shot_nif(atom(), binary(), binary(), binary(), boolean() ) ->
+ binary() | descriptive_error().
ng_crypto_one_shot_nif(_Cipher, _Key, _IVec, _Data, _EncryptFlg) -> ?nif_stub.
%%%----------------------------------------------------------------
@@ -859,6 +932,44 @@ alias(aes_cbc256) -> aes_256_cbc;
alias(Alg) -> Alg.
+
+%%%---- des_ede3_cbc
+alias(des3_cbc, _) -> des_ede3_cbc;
+alias(des_ede3, _) -> des_ede3_cbc;
+%%%---- des_ede3_cfb
+alias(des_ede3_cbf,_ ) -> des_ede3_cfb;
+alias(des3_cbf, _) -> des_ede3_cfb;
+alias(des3_cfb, _) -> des_ede3_cfb;
+%%%---- aes_*_cbc
+alias(aes_cbc128, _) -> aes_128_cbc;
+alias(aes_cbc256, _) -> aes_256_cbc;
+
+alias(aes_cbc, Key) when size(Key)==128 -> aes_128_cbc;
+alias(aes_cbc, Key) when size(Key)==192 -> aes_192_cbc;
+alias(aes_cbc, Key) when size(Key)==256 -> aes_256_cbc;
+
+alias(aes_cfb8, Key) when size(Key)==128 -> aes_128_cfb8;
+alias(aes_cfb8, Key) when size(Key)==192 -> aes_192_cfb8;
+alias(aes_cfb8, Key) when size(Key)==256 -> aes_256_cfb8;
+
+alias(aes_cfb128, Key) when size(Key)==128 -> aes_128_cfb128;
+alias(aes_cfb128, Key) when size(Key)==192 -> aes_192_cfb128;
+alias(aes_cfb128, Key) when size(Key)==256 -> aes_256_cfb128;
+
+alias(aes_ctr, Key) when size(Key)==128 -> aes_128_ctr;
+alias(aes_ctr, Key) when size(Key)==192 -> aes_192_ctr;
+alias(aes_ctr, Key) when size(Key)==256 -> aes_256_ctr;
+
+alias(aes_gcm, Key) when size(Key)==128 -> aes_128_gcm;
+alias(aes_gcm, Key) when size(Key)==192 -> aes_192_gcm;
+alias(aes_gcm, Key) when size(Key)==256 -> aes_256_gcm;
+
+alias(aes_ccm, Key) when size(Key)==128 -> aes_128_ccm;
+alias(aes_ccm, Key) when size(Key)==192 -> aes_192_ccm;
+alias(aes_ccm, Key) when size(Key)==256 -> aes_256_ccm;
+
+alias(Alg, _) -> Alg.
+
%%%================================================================
%%%
%%% RAND - pseudo random numbers using RN_ and BN_ functions in crypto lib
@@ -1949,9 +2060,6 @@ cipher_info_nif(_Type) -> ?nif_stub.
%% AES - in Galois/Counter Mode (GCM)
%%
%% The default tag length is EVP_GCM_TLS_TAG_LEN(16),
-aead_encrypt(Type=aes_ccm, Key, Ivec, AAD, In) -> aead_encrypt(Type, Key, Ivec, AAD, In, 12);
-aead_encrypt(Type=aes_gcm, Key, Ivec, AAD, In) -> aead_encrypt(Type, Key, Ivec, AAD, In, 16).
-
aead_encrypt(_Type, _Key, _Ivec, _AAD, _In, _TagLength) -> ?nif_stub.
aead_decrypt(_Type, _Key, _Ivec, _AAD, _In, _Tag) -> ?nif_stub.
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 7dbbde68e9..ce5097de47 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -323,12 +323,11 @@ end_per_group(_GroupName, Config) ->
init_per_testcase(info, Config) ->
Config;
init_per_testcase(cmac, Config) ->
- case crypto:info_lib() of
- [{<<"OpenSSL">>,LibVer,_}] when is_integer(LibVer), LibVer > 16#10001000 ->
+ case is_supported(cmac) of
+ true ->
Config;
- _Else ->
- % The CMAC functionality was introduced in OpenSSL 1.0.1
- {skip, "OpenSSL is too old"}
+ false ->
+ {skip, "CMAC is not supported"}
end;
init_per_testcase(generate, Config) ->
case proplists:get_value(type, Config) of
@@ -848,7 +847,8 @@ cipher_info(Config) when is_list(Config) ->
#{type := _,key_length := _,iv_length := _,
block_size := _,mode := _} = crypto:cipher_info(aes_128_cbc),
{'EXIT',_} = (catch crypto:cipher_info(not_a_cipher)),
- ok.
+ lists:foreach(fun(C) -> crypto:cipher_info(C) end,
+ proplists:get_value(ciphers, crypto:supports())).
%%--------------------------------------------------------------------
hash_info() ->
@@ -856,7 +856,8 @@ hash_info() ->
hash_info(Config) when is_list(Config) ->
#{type := _,size := _,block_size := _} = crypto:hash_info(sha256),
{'EXIT',_} = (catch crypto:hash_info(not_a_hash)),
- ok.
+ lists:foreach(fun(H) -> crypto:hash_info(H) end,
+ proplists:get_value(hashs, crypto:supports())).
%%--------------------------------------------------------------------
%% Internal functions ------------------------------------------------
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-04 00:36:46 +0000