From 2825b2bddfed374b3cebb0f432e1f97aaa811bfa Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 26 Jun 2018 16:40:12 +0200 Subject: crypto: Enable EDDH all OpenSSL cryptolib over beta version 1.1.1-pre8 --- lib/crypto/c_src/crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index 72aa44e7db..06953b162d 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -155,8 +155,8 @@ # define HAVE_EC #endif -// (test for == 1.1.1pre8) -#if OPENSSL_VERSION_NUMBER == (PACKED_OPENSSL_VERSION_PLAIN(1,1,1) - 7) \ +// (test for >= 1.1.1pre8) +#if OPENSSL_VERSION_NUMBER >= (PACKED_OPENSSL_VERSION_PLAIN(1,1,1) - 7) \ && !defined(HAS_LIBRESSL) \ && defined(HAVE_EC) // EXPERIMENTAL: -- cgit v1.2.3 From d45a879079d0baca8c8be7fdddc2dc2bfdb59d80 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 27 Jun 2018 20:13:51 +0200 Subject: crypto: Remove the term 'eddh' --- lib/crypto/c_src/crypto.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index 06953b162d..66ffc2e8ff 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -160,7 +160,7 @@ && !defined(HAS_LIBRESSL) \ && defined(HAVE_EC) // EXPERIMENTAL: -# define HAVE_EDDH +# define HAVE_ED_CURVE_DH #endif #if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION(0,9,8,'c') @@ -687,8 +687,7 @@ static ERL_NIF_TERM atom_rsa; static ERL_NIF_TERM atom_dss; static ERL_NIF_TERM atom_ecdsa; -#ifdef HAVE_EDDH -static ERL_NIF_TERM atom_eddh; +#ifdef HAVE_ED_CURVE_DH static ERL_NIF_TERM atom_x25519; static ERL_NIF_TERM atom_x448; #endif @@ -1100,8 +1099,7 @@ static int initialize(ErlNifEnv* env, ERL_NIF_TERM load_info) atom_rsa = enif_make_atom(env,"rsa"); atom_dss = enif_make_atom(env,"dss"); atom_ecdsa = enif_make_atom(env,"ecdsa"); -#ifdef HAVE_EDDH - atom_eddh = enif_make_atom(env,"eddh"); +#ifdef HAVE_ED_CURVE_DH atom_x25519 = enif_make_atom(env,"x25519"); atom_x448 = enif_make_atom(env,"x448"); #endif @@ -1286,9 +1284,6 @@ static void init_algorithms_types(ErlNifEnv* env) #endif // Non-validated algorithms follow algo_pubkey_fips_cnt = algo_pubkey_cnt; -#ifdef HAVE_EDDH - algo_pubkey[algo_pubkey_cnt++] = enif_make_atom(env, "eddh"); -#endif algo_pubkey[algo_pubkey_cnt++] = enif_make_atom(env, "srp"); // Validated algorithms first @@ -1440,7 +1435,7 @@ static void init_algorithms_types(ErlNifEnv* env) #endif #endif //-- -#ifdef HAVE_EDDH +#ifdef HAVE_ED_CURVE_DH algo_curve[algo_curve_cnt++] = enif_make_atom(env,"x25519"); algo_curve[algo_curve_cnt++] = enif_make_atom(env,"x448"); #endif @@ -3950,7 +3945,7 @@ out_err: static ERL_NIF_TERM evp_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) /* (Curve, PeerBin, MyBin) */ { -#ifdef HAVE_EDDH +#ifdef HAVE_ED_CURVE_DH int type; EVP_PKEY_CTX *ctx; ErlNifBinary peer_bin, my_bin, key_bin; @@ -4006,7 +4001,7 @@ static ERL_NIF_TERM evp_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_ static ERL_NIF_TERM evp_generate_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) /* (Curve) */ { -#ifdef HAVE_EDDH +#ifdef HAVE_ED_CURVE_DH int type; EVP_PKEY_CTX *ctx; EVP_PKEY *pkey = NULL; -- cgit v1.2.3 From 38dc3946610f3cad794411f1ac73819df0c26300 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 26 Jun 2018 16:38:44 +0200 Subject: crypto: Test vectors for ecdh x25519 and x448 --- lib/crypto/test/crypto_SUITE.erl | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl index 13b1fbd047..9d1ccc1c5d 100644 --- a/lib/crypto/test/crypto_SUITE.erl +++ b/lib/crypto/test/crypto_SUITE.erl @@ -2309,7 +2309,9 @@ srp(ClientPrivate, Generator, Prime, Version, Verifier, ServerPublic, ServerPriv SessionKey}. ecdh() -> %% http://csrc.nist.gov/groups/STM/cavp/ - Curves = crypto:ec_curves(), + Curves = crypto:ec_curves() ++ + [X || X <- proplists:get_value(curves, crypto:supports(), []), + lists:member(X, [x25519,x448])], TestCases = [{ecdh, hexstr2point("42ea6dd9969dd2a61fea1aac7f8e98edcc896c6e55857cc0", "dfbe5d7c61fac88b11811bde328e8a0d12bf01a9d204b523"), hexstr2bin("f17d3fea367b74d340851ca4270dcb24c271f445bed9d527"), @@ -2392,7 +2394,32 @@ ecdh() -> "2FDC313095BCDD5FB3A91636F07A959C8E86B5636A1E930E8396049CB481961D365CC11453A06C719835475B12CB52FC3C383BCE35E27EF194512B71876285FA"), hexstr2bin("16302FF0DBBB5A8D733DAB7141C1B45ACBC8715939677F6A56850A38BD87BD59B09E80279609FF333EB9D4C061231FB26F92EEB04982A5F1D1764CAD57665422"), brainpoolP512r1, - hexstr2bin("A7927098655F1F9976FA50A9D566865DC530331846381C87256BAF3226244B76D36403C024D7BBF0AA0803EAFF405D3D24F11A9B5C0BEF679FE1454B21C4CD1F")}], + hexstr2bin("A7927098655F1F9976FA50A9D566865DC530331846381C87256BAF3226244B76D36403C024D7BBF0AA0803EAFF405D3D24F11A9B5C0BEF679FE1454B21C4CD1F")}, + + %% RFC 7748, 6.1 + {ecdh, + 16#8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a, + 16#5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb, + x25519, + hexstr2bin("4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742")}, + {ecdh, + 16#de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f, + 16#77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a, + x25519, + hexstr2bin("4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742")}, + + %% RFC 7748, 6.2 + {ecdh, + 16#9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0, + 16#1c306a7ac2a0e2e0990b294470cba339e6453772b075811d8fad0d1d6927c120bb5ee8972b0d3e21374c9c921b09d1b0366f10b65173992d, + x448, + hexstr2bin("07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d")}, + {ecdh, + 16#3eb7a829b0cd20f5bcfc0b599b6feccf6da4627107bdb0d4f345b43027d8b972fc3e34fb4232a13ca706dcb57aec3dae07bdc1c67bf33609, + 16#9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b, + x448, + hexstr2bin("07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d")} + ], lists:filter(fun ({_Type, _Pub, _Priv, Curve, _SharedSecret}) -> lists:member(Curve, Curves) end, -- cgit v1.2.3 From 9f8ed79b8049b772dcd6d9cdee148735f0b5beee Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 15 Aug 2018 12:06:25 +0200 Subject: crypto: doc x25519 & x448 --- lib/crypto/doc/src/crypto.xml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index e6147ddffc..36dc88efba 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -110,6 +110,9 @@ ecdh_params() = ec_named_curve() | ec_explicit_curve() + ed_named_curves_ecdh() -> x448 | x25519 +

Note that the curves are only supported if the underlying OpenSSL has support for them.

+ ec_explicit_curve() = {ec_field(), Prime :: key_value(), Point :: key_value(), Order :: integer(), CoFactor :: none | integer()} @@ -306,7 +309,7 @@ Type = dh | ecdh | srp OthersPublicKey = dh_public() | ecdh_public() | srp_public() MyKey = dh_private() | ecdh_private() | {srp_public(),srp_private()} - Params = dh_params() | ecdh_params() | SrpUserParams | SrpHostParams + Params = dh_params() | ecdh_params() | ed_named_curves_ecdh() | SrpUserParams | SrpHostParams SrpUserParams = {user, [DerivedKey::binary(), Prime::binary(), Generator::binary(), Version::atom() | [Scrambler:binary()]]} SrpHostParams = {host, [Verifier::binary(), Prime::binary(), Version::atom() | [Scrambler::binary]]} SharedSecret = binary() @@ -336,7 +339,7 @@ Generates a public key of type Type Type = dh | ecdh | rsa | srp - Params = dh_params() | ecdh_params() | RsaParams | SrpUserParams | SrpHostParams + Params = dh_params() | ecdh_params() | ed_named_curves_ecdh()| RsaParams | SrpUserParams | SrpHostParams RsaParams = {ModulusSizeInBits::integer(), PublicExponent::key_value()} SrpUserParams = {user, [Generator::binary(), Prime::binary(), Version::atom()]} SrpHostParams = {host, [Verifier::binary(), Generator::binary(), Prime::binary(), Version::atom()]} -- cgit v1.2.3