From 8528a54df1b6167dd6779bfa902a79ba058e8d06 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 18 Mar 2019 12:04:53 +0100 Subject: crypto: New types (block_cipher) --- lib/crypto/doc/src/crypto.xml | 9 +++++++++ lib/crypto/src/crypto.erl | 15 ++++++++++----- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 83e10c4c78..0fac3f379e 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -192,7 +192,16 @@ Ciphers + + + +

Ciphers known byt the CRYPTO application. Note that this list might be reduced if the + underlying libcrypto does not support all of them.

+ + + + diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index 503c347c56..aaba81f11b 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -277,6 +277,12 @@ -type edwards_curve_ed() :: ed25519 | ed448 . %%% +-type cipher() :: block_cipher() + | stream_cipher() + | aead_cipher() . + +-type block_cipher() :: block_cipher_with_iv() | block_cipher_without_iv() . + -type block_cipher_with_iv() :: cbc_cipher() | cfb_cipher() | aes_ige256 @@ -736,7 +742,7 @@ next_iv(Type, Data, _Ivec) -> %%% -spec crypto_init(Cipher, Key, EncryptFlag) -> State | ng_crypto_error() - when Cipher :: block_cipher_without_iv() + when Cipher :: block_cipher_no_iv() | stream_cipher_no_iv(), Key :: iodata(), EncryptFlag :: boolean(), @@ -748,7 +754,7 @@ crypto_init(Cipher, Key, EncryptFlag) -> -spec crypto_init(Cipher, Key, IV, EncryptFlag) -> State | ng_crypto_error() when Cipher :: stream_cipher_iv() - | block_cipher_with_iv(), + | block_cipher_iv(), Key :: iodata(), IV :: iodata(), EncryptFlag :: boolean(), @@ -761,7 +767,7 @@ crypto_init(Cipher, Key, IV, EncryptFlag) -> %%%---------------------------------------------------------------- -spec crypto_init_dyn_iv(Cipher, Key, EncryptFlag) -> State | ng_crypto_error() when Cipher :: stream_cipher_iv() - | block_cipher_with_iv(), + | block_cipher_iv(), Key :: iodata(), EncryptFlag :: boolean(), State :: crypto_state() . @@ -812,8 +818,7 @@ crypto_update_dyn_iv(State, Data0, IV) -> -spec crypto_one_shot(Cipher, Key, IV, Data, EncryptFlag) -> Result | ng_crypto_error() when Cipher :: stream_cipher() - | block_cipher_with_iv() - | block_cipher_without_iv(), + | block_cipher(), Key :: iodata(), IV :: iodata() | undefined, Data :: iodata(), -- cgit v1.2.3 From b96629dff27003d6df5ad12dd58801619681ac19 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 18 Mar 2019 12:15:34 +0100 Subject: crypto: Rename block_crypto_with/without to match stream_cipher names --- lib/crypto/doc/src/crypto.xml | 8 ++++---- lib/crypto/src/crypto.erl | 31 ++++++++++++++++--------------- 2 files changed, 20 insertions(+), 19 deletions(-) diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 0fac3f379e..e5a3af923c 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -213,7 +213,7 @@ - + @@ -237,7 +237,7 @@ - +

Block ciphers without initialization vector for @@ -582,7 +582,7 @@ block_encrypt(aes_gcm | aes_ccm, Key, Ivec, {AAD, PlainText, TagLength}) -> {CipherText, CipherTag} Encrypt PlainText according to Type block cipher - Type = block_cipher_with_iv() + Type = block_cipher_iv() AeadType = aead_cipher() Key = key() | des3_key() PlainText = iodata() @@ -608,7 +608,7 @@ block_decrypt(AeadType, Key, Ivec, {AAD, CipherText, CipherTag}) -> PlainText | error Decrypt CipherText according to Type block cipher - Type = block_cipher_with_iv() + Type = block_cipher_iv() AeadType = aead_cipher() Key = key() | des3_key() PlainText = iodata() diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index aaba81f11b..070949a1d9 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -281,9 +281,9 @@ | stream_cipher() | aead_cipher() . --type block_cipher() :: block_cipher_with_iv() | block_cipher_without_iv() . +-type block_cipher() :: block_cipher_iv() | block_cipher_no_iv() . --type block_cipher_with_iv() :: cbc_cipher() +-type block_cipher_iv() :: cbc_cipher() | cfb_cipher() | aes_ige256 | blowfish_ofb64 @@ -316,7 +316,7 @@ | des3_cfb . --type block_cipher_without_iv() :: ecb_cipher() . +-type block_cipher_no_iv() :: ecb_cipher() . -type ecb_cipher() :: des_ecb | blowfish_ecb | aes_ecb . -type key() :: iodata(). @@ -336,6 +336,10 @@ -type crypto_integer() :: binary() | integer(). +%%% +%% Exceptions error:badarg and error:notsup +-type run_time_error() :: no_return(). + -compile(no_native). -on_load(on_load/0). -define(CRYPTO_NIF_VSN,302). @@ -374,10 +378,7 @@ stop() -> | {curves, Curves} | {rsa_opts, RSAopts}, Hashs :: [sha1() | sha2() | sha3() | blake2() | ripemd160 | compatibility_only_hash()], - Ciphers :: [stream_cipher() - | block_cipher_with_iv() | block_cipher_without_iv() - | aead_cipher() - ], + Ciphers :: [cipher()], PKs :: [rsa | dss | ecdsa | dh | ecdh | ec_gf2m], Macs :: [hmac | cmac | poly1305], Curves :: [ec_named_curve() | edwards_curve_dh() | edwards_curve_ed()], @@ -413,7 +414,7 @@ enable_fips_mode(_) -> ?nif_stub. -define(HASH_HASH_ALGORITHM, sha1() | sha2() | sha3() | blake2() | ripemd160 | compatibility_only_hash() ). --spec hash_info(Type) -> map() when Type :: ?HASH_HASH_ALGORITHM. +-spec hash_info(Type) -> map() | run_time_error() when Type :: ?HASH_HASH_ALGORITHM. hash_info(Type) -> notsup_to_error(hash_info_nif(Type)). @@ -553,9 +554,9 @@ poly1305(Key, Data) -> error(E) end). --spec cipher_info(Type) -> map() when Type :: block_cipher_with_iv() - | aead_cipher() - | block_cipher_without_iv(). + +-spec cipher_info(Type) -> map() | run_time_error() when Type :: cipher() . + %% These ciphers are not available via the EVP interface on older cryptolibs. cipher_info(aes_ctr) -> #{block_size => 1,iv_length => 16,key_length => 32,mode => ctr_mode,type => undefined}; @@ -573,7 +574,7 @@ cipher_info(Type) -> %%%---- Block ciphers %%%---------------------------------------------------------------- --spec block_encrypt(Type::block_cipher_with_iv(), Key::key()|des3_key(), Ivec::binary(), PlainText::iodata()) -> binary(); +-spec block_encrypt(Type::block_cipher_iv(), Key::key()|des3_key(), Ivec::binary(), PlainText::iodata()) -> binary(); (Type::aead_cipher(), Key::iodata(), Ivec::binary(), {AAD::binary(), PlainText::iodata()}) -> {binary(), binary()}; (aes_gcm | aes_ccm, Key::iodata(), Ivec::binary(), {AAD::binary(), PlainText::iodata(), TagLength::1..16}) -> @@ -602,14 +603,14 @@ do_block_encrypt(Type, Key, Ivec, PlainText) -> ?COMPAT(crypto_one_shot(Type, Key, Ivec, PlainText, true)). --spec block_encrypt(Type::block_cipher_without_iv(), Key::key(), PlainText::iodata()) -> binary(). +-spec block_encrypt(Type::block_cipher_no_iv(), Key::key(), PlainText::iodata()) -> binary(). block_encrypt(Type, Key, PlainText) -> ?COMPAT(crypto_one_shot(Type, Key, <<>>, PlainText, true)). %%%---------------------------------------------------------------- %%%---------------------------------------------------------------- --spec block_decrypt(Type::block_cipher_with_iv(), Key::key()|des3_key(), Ivec::binary(), Data::iodata()) -> binary(); +-spec block_decrypt(Type::block_cipher_iv(), Key::key()|des3_key(), Ivec::binary(), Data::iodata()) -> binary(); (Type::aead_cipher(), Key::iodata(), Ivec::binary(), {AAD::binary(), Data::iodata(), Tag::binary()}) -> binary() | error. @@ -628,7 +629,7 @@ do_block_decrypt(Type, Key, Ivec, Data) -> ?COMPAT(crypto_one_shot(Type, Key, Ivec, Data, false)). --spec block_decrypt(Type::block_cipher_without_iv(), Key::key(), Data::iodata()) -> binary(). +-spec block_decrypt(Type::block_cipher_no_iv(), Key::key(), Data::iodata()) -> binary(). block_decrypt(Type, Key, Data) -> ?COMPAT(crypto_one_shot(Type, Key, <<>>, Data, false)). -- cgit v1.2.3 From 7cb7cd54f3000c08c925f2ad10723b54efdc485e Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 18 Mar 2019 13:53:47 +0100 Subject: crypto: Document hash_info/1 and cipher_info/1 --- lib/crypto/doc/src/crypto.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index e5a3af923c..17522bcdab 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -546,6 +546,22 @@ + Error types + + + + +

The exception error:badarg signifies that one or more arguments are of wrong data type, + or are otherwise badly formed. +

+

The exception error:notsup signifies that the algorithm is known but is not supported + by current underlying libcrypto or explicitly disabled when building that. +

+

For a list of supported algorithms, see supports/0. +

+ + + @@ -852,6 +868,30 @@ + + + Information about supported hash algorithms. + +

Provides a map with information about block_size, size and possibly other properties of the + hash algorithm in the argument. +

+

For a list of supported hash algorithms, see supports/0. +

+ + + + + + Information about supported ciphers. + +

Provides a map with information about block_size, key_length, iv_length and possibly other properties of the + cipher algorithm in the argument. +

+

For a list of supported cipher algorithms, see supports/0. +

+ + + Computes the function: N^P mod M @@ -1301,6 +1341,9 @@ FloatValue = rand:uniform(). % again

Note: the rsa_opts entry is in an experimental state and may change or be removed without notice. No guarantee for the accuarcy of the rsa option's value list should be assumed.

+

See hash_info/1 and cipher_info/1 + for information about the hash and cipher algorithms. +

-- cgit v1.2.3 From 89236bc46fd3a7de0dbb9df2390c30e7333f6bdb Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 21 Mar 2019 14:24:29 +0100 Subject: crypto: Declare *_info return map and other review-comments Conflicts: lib/crypto/doc/src/crypto.xml --- lib/crypto/doc/src/crypto.xml | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 17522bcdab..251263714d 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -562,6 +562,36 @@ + + + +

This is a more developed variant of the older + run_time_error(). +

+

It is like the older type an exception of the error class. In addition they contain + a descriptive text in English. That text is targeted to a developer. Examples are "Bad key size" + or "Cipher id is not an atom". +

+

The exceptions are:

+ + {badarg, Description::string()} +

Signifies that one or more arguments are of wrong data type or are otherwise badly formed.

+ + + {notsup, Description::string()} +

Signifies that the algorithm is known but is not supported by current underlying libcrypto + or explicitly disabled when building that one.

+ + + {error, Description::string()} +

An error condition that should not occur, for example a memory allocation failed or + the underlying cryptolib returned an error code, for example "Can't initialize context, step 1". + Thoose text usually needs searching the C-code to be understood.

+ + + + + @@ -873,7 +903,7 @@ Information about supported hash algorithms.

Provides a map with information about block_size, size and possibly other properties of the - hash algorithm in the argument. + hash algorithm in question.

For a list of supported hash algorithms, see supports/0.

@@ -885,7 +915,7 @@ Information about supported ciphers.

Provides a map with information about block_size, key_length, iv_length and possibly other properties of the - cipher algorithm in the argument. + cipher algorithm in question.

For a list of supported cipher algorithms, see supports/0.

-- cgit v1.2.3 From fc234a9945f00e8e90e62560bd2662caee5deefb Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 20 Mar 2019 13:56:02 +0100 Subject: crypto: Declare *_info return map and other review-comments --- lib/crypto/src/crypto.erl | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index 070949a1d9..b6715e83c0 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -414,8 +414,12 @@ enable_fips_mode(_) -> ?nif_stub. -define(HASH_HASH_ALGORITHM, sha1() | sha2() | sha3() | blake2() | ripemd160 | compatibility_only_hash() ). --spec hash_info(Type) -> map() | run_time_error() when Type :: ?HASH_HASH_ALGORITHM. - +-spec hash_info(Type) -> Result | run_time_error() + when Type :: ?HASH_HASH_ALGORITHM, + Result :: #{size := integer(), + block_size := integer(), + type := integer() + } . hash_info(Type) -> notsup_to_error(hash_info_nif(Type)). @@ -554,8 +558,17 @@ poly1305(Key, Data) -> error(E) end). - --spec cipher_info(Type) -> map() | run_time_error() when Type :: cipher() . +%%%---- Cipher info +%%%---------------------------------------------------------------- +-spec cipher_info(Type) -> Result | run_time_error() + when Type :: cipher(), + Result :: #{key_length := integer(), + iv_length := integer(), + block_size := integer(), + mode := CipherModes, + type := undefined | integer() + }, + CipherModes :: ecb_mode | cbc_mode | cfb_mode | ofb_mode | undefined. %% These ciphers are not available via the EVP interface on older cryptolibs. cipher_info(aes_ctr) -> -- cgit v1.2.3 From 97a97c8021c2740182b43ee95067898a01622000 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 20 Mar 2019 15:39:23 +0100 Subject: crypto: Update CipherModes for PR/2186 --- lib/crypto/src/crypto.erl | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index b6715e83c0..4387819341 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -568,7 +568,19 @@ poly1305(Key, Data) -> mode := CipherModes, type := undefined | integer() }, - CipherModes :: ecb_mode | cbc_mode | cfb_mode | ofb_mode | undefined. + CipherModes :: undefined + | cbc_mode + | ccm_mode + | cfb_mode + | ctr_mode + | ecb_mode + | gcm_mode + | ige_mode + | ocb_mode + | ofb_mode + | wrap_mode + | xts_mode + . %% These ciphers are not available via the EVP interface on older cryptolibs. cipher_info(aes_ctr) -> -- cgit v1.2.3 From 9d4d218eef62a64e1596f0208a7af674785efb38 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 21 Mar 2019 11:59:25 +0100 Subject: crypto: Note about key lengths for cipher_info/1 --- lib/crypto/doc/src/crypto.xml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 251263714d..64872d7414 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -917,6 +917,15 @@

Provides a map with information about block_size, key_length, iv_length and possibly other properties of the cipher algorithm in question.

+ +

The ciphers aes_cbc, aes_cfb8, aes_cfb128, aes_ctr, + aes_ecb, aes_gcm and aes_ccm + has no keylength in the Type as opposed to for example aes_128_ctr. They adapt to the length of + the key provided in the encrypt and decrypt function. Therefor it is impossible to return a valid keylength + in the map.

+

Always use a Type with an explicit key length, +

+

For a list of supported cipher algorithms, see supports/0.

-- cgit v1.2.3 From 651a9c3e8fe3f33182615ea39b62a15dcb2c0944 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 19 Mar 2019 16:41:08 +0100 Subject: crypto: Cuddle error types and documentation of them --- lib/crypto/doc/src/crypto.xml | 12 ++++--- lib/crypto/src/crypto.erl | 83 +++++++++++++++++++++++++++---------------- 2 files changed, 59 insertions(+), 36 deletions(-) diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 64872d7414..aecb1890d0 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -623,9 +623,9 @@ - block_encrypt(Type, Key, Ivec, PlainText) -> CipherText - block_encrypt(AeadType, Key, Ivec, {AAD, PlainText}) -> {CipherText, CipherTag} - block_encrypt(aes_gcm | aes_ccm, Key, Ivec, {AAD, PlainText, TagLength}) -> {CipherText, CipherTag} + block_encrypt(Type, Key, Ivec, PlainText) -> CipherText | Error + block_encrypt(AeadType, Key, Ivec, {AAD, PlainText}) -> {CipherText, CipherTag} | Error + block_encrypt(aes_gcm | aes_ccm, Key, Ivec, {AAD, PlainText, TagLength}) -> {CipherText, CipherTag} | Error Encrypt PlainText according to Type block cipher Type = block_cipher_iv() @@ -634,6 +634,7 @@ PlainText = iodata() AAD = IVec = CipherText = CipherTag = binary() TagLength = 1..16 + Error = run_time_error()

Encrypt PlainText according to Type block cipher. @@ -650,8 +651,8 @@ - block_decrypt(Type, Key, Ivec, CipherText) -> PlainText - block_decrypt(AeadType, Key, Ivec, {AAD, CipherText, CipherTag}) -> PlainText | error + block_decrypt(Type, Key, Ivec, CipherText) -> PlainText | Error + block_decrypt(AeadType, Key, Ivec, {AAD, CipherText, CipherTag}) -> PlainText | Error Decrypt CipherText according to Type block cipher Type = block_cipher_iv() @@ -659,6 +660,7 @@ Key = key() | des3_key() PlainText = iodata() AAD = IVec = CipherText = CipherTag = binary() + Error = run_time_error()

Decrypt CipherText according to Type block cipher. diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index 4387819341..0ee3c92cce 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -337,9 +337,19 @@ -type crypto_integer() :: binary() | integer(). %%% -%% Exceptions error:badarg and error:notsup +%% Exceptions +%% error:badarg +%% error:notsup -type run_time_error() :: no_return(). +%% Exceptions +%% error:{badarg,Reason::term()} +%% error:{notsup,Reason::term()} +%% error:{error,Reason::term()} +-type descriptive_error() :: no_return() . + + +%%-------------------------------------------------------------------- -compile(no_native). -on_load(on_load/0). -define(CRYPTO_NIF_VSN,302). @@ -599,11 +609,12 @@ cipher_info(Type) -> %%%---- Block ciphers %%%---------------------------------------------------------------- --spec block_encrypt(Type::block_cipher_iv(), Key::key()|des3_key(), Ivec::binary(), PlainText::iodata()) -> binary(); +-spec block_encrypt(Type::block_cipher_iv(), Key::key()|des3_key(), Ivec::binary(), PlainText::iodata()) -> + binary() | run_time_error(); (Type::aead_cipher(), Key::iodata(), Ivec::binary(), {AAD::binary(), PlainText::iodata()}) -> - {binary(), binary()}; + {binary(), binary()} | run_time_error(); (aes_gcm | aes_ccm, Key::iodata(), Ivec::binary(), {AAD::binary(), PlainText::iodata(), TagLength::1..16}) -> - {binary(), binary()}. + {binary(), binary()} | run_time_error(). block_encrypt(Type, Key, Ivec, Data) -> @@ -628,16 +639,19 @@ do_block_encrypt(Type, Key, Ivec, PlainText) -> ?COMPAT(crypto_one_shot(Type, Key, Ivec, PlainText, true)). --spec block_encrypt(Type::block_cipher_no_iv(), Key::key(), PlainText::iodata()) -> binary(). +-spec block_encrypt(Type::block_cipher_no_iv(), Key::key(), PlainText::iodata()) -> + binary() | run_time_error(). block_encrypt(Type, Key, PlainText) -> ?COMPAT(crypto_one_shot(Type, Key, <<>>, PlainText, true)). %%%---------------------------------------------------------------- %%%---------------------------------------------------------------- --spec block_decrypt(Type::block_cipher_iv(), Key::key()|des3_key(), Ivec::binary(), Data::iodata()) -> binary(); +-spec block_decrypt(Type::block_cipher_iv(), Key::key()|des3_key(), Ivec::binary(), Data::iodata()) -> + binary() | run_time_error(); (Type::aead_cipher(), Key::iodata(), Ivec::binary(), - {AAD::binary(), Data::iodata(), Tag::binary()}) -> binary() | error. + {AAD::binary(), Data::iodata(), Tag::binary()}) -> + binary() | run_time_error() . block_decrypt(Type, Key, Ivec, Data) -> do_block_decrypt(alias(Type), Key, Ivec, Data). @@ -654,7 +668,8 @@ do_block_decrypt(Type, Key, Ivec, Data) -> ?COMPAT(crypto_one_shot(Type, Key, Ivec, Data, false)). --spec block_decrypt(Type::block_cipher_no_iv(), Key::key(), Data::iodata()) -> binary(). +-spec block_decrypt(Type::block_cipher_no_iv(), Key::key(), Data::iodata()) -> + binary() | run_time_error(). block_decrypt(Type, Key, Data) -> ?COMPAT(crypto_one_shot(Type, Key, <<>>, Data, false)). @@ -674,7 +689,7 @@ block_decrypt(Type, Key, Data) -> | chacha20 . %%%---- stream_init --spec stream_init(Type, Key, IVec) -> State | no_return() +-spec stream_init(Type, Key, IVec) -> State | run_time_error() when Type :: stream_cipher_iv(), Key :: iodata(), IVec ::binary(), @@ -687,7 +702,7 @@ stream_init(Type, Key, IVec) when is_binary(IVec) -> {Type, {Ref,flg_undefined}}. --spec stream_init(Type, Key) -> State | no_return() +-spec stream_init(Type, Key) -> State | run_time_error() when Type :: stream_cipher_no_iv(), Key :: iodata(), State :: stream_state() . @@ -699,7 +714,7 @@ stream_init(rc4 = Type, Key) -> {Type, {Ref,flg_undefined}}. %%%---- stream_encrypt --spec stream_encrypt(State, PlainText) -> {NewState, CipherText} | no_return() +-spec stream_encrypt(State, PlainText) -> {NewState, CipherText} | run_time_error() when State :: stream_state(), PlainText :: iodata(), NewState :: stream_state(), @@ -708,7 +723,7 @@ stream_encrypt(State, Data) -> crypto_stream_emulate(State, Data, true). %%%---- stream_decrypt --spec stream_decrypt(State, CipherText) -> {NewState, PlainText} | no_return() +-spec stream_decrypt(State, CipherText) -> {NewState, PlainText} | run_time_error() when State :: stream_state(), CipherText :: iodata(), NewState :: stream_state(), @@ -767,7 +782,7 @@ next_iv(Type, Data, _Ivec) -> %%% Create and initialize a new state for encryption or decryption %%% --spec crypto_init(Cipher, Key, EncryptFlag) -> State | ng_crypto_error() +-spec crypto_init(Cipher, Key, EncryptFlag) -> State | descriptive_error() when Cipher :: block_cipher_no_iv() | stream_cipher_no_iv(), Key :: iodata(), @@ -778,7 +793,7 @@ crypto_init(Cipher, Key, EncryptFlag) -> ng_crypto_init_nif(alias(Cipher), iolist_to_binary(Key), <<>>, EncryptFlag). --spec crypto_init(Cipher, Key, IV, EncryptFlag) -> State | ng_crypto_error() +-spec crypto_init(Cipher, Key, IV, EncryptFlag) -> State | descriptive_error() when Cipher :: stream_cipher_iv() | block_cipher_iv(), Key :: iodata(), @@ -791,7 +806,7 @@ crypto_init(Cipher, Key, IV, EncryptFlag) -> %%%---------------------------------------------------------------- --spec crypto_init_dyn_iv(Cipher, Key, EncryptFlag) -> State | ng_crypto_error() +-spec crypto_init_dyn_iv(Cipher, Key, EncryptFlag) -> State | descriptive_error() when Cipher :: stream_cipher_iv() | block_cipher_iv(), Key :: iodata(), @@ -808,7 +823,7 @@ crypto_init_dyn_iv(Cipher, Key, EncryptFlag) -> %%% blocksize. %%% --spec crypto_update(State, Data) -> Result | ng_crypto_error() +-spec crypto_update(State, Data) -> Result | descriptive_error() when State :: crypto_state(), Data :: iodata(), Result :: binary() . @@ -822,7 +837,7 @@ crypto_update(State, Data0) -> %%%---------------------------------------------------------------- --spec crypto_update_dyn_iv(State, Data, IV) -> Result | ng_crypto_error() +-spec crypto_update_dyn_iv(State, Data, IV) -> Result | descriptive_error() when State :: crypto_state(), Data :: iodata(), IV :: iodata(), @@ -842,14 +857,16 @@ crypto_update_dyn_iv(State, Data0, IV) -> %%% The size must be an integer multiple of the crypto's blocksize. %%% --spec crypto_one_shot(Cipher, Key, IV, Data, EncryptFlag) -> Result | ng_crypto_error() - when Cipher :: stream_cipher() - | block_cipher(), - Key :: iodata(), - IV :: iodata() | undefined, - Data :: iodata(), - EncryptFlag :: boolean(), - Result :: binary() . +-spec crypto_one_shot(Cipher, Key, IV, Data, EncryptFlag) -> + Result | descriptive_error() + when Cipher :: stream_cipher() + | block_cipher(), + Key :: iodata(), + IV :: iodata() | undefined, + Data :: iodata(), + EncryptFlag :: boolean(), + Result :: binary() . + crypto_one_shot(Cipher, Key, undefined, Data, EncryptFlag) -> crypto_one_shot(Cipher, Key, <<>>, Data, EncryptFlag); @@ -866,21 +883,25 @@ crypto_one_shot(Cipher, Key, IV, Data0, EncryptFlag) -> %%%---------------------------------------------------------------- %%% NIFs --type ng_crypto_error() :: no_return() . +-spec ng_crypto_init_nif(atom(), binary(), binary()|undefined, boolean()|undefined ) -> + crypto_state() | descriptive_error() + ; (crypto_state(), <<>>, <<>>, boolean()) + -> crypto_state() | descriptive_error(). --spec ng_crypto_init_nif(atom(), binary(), binary()|undefined, boolean()|undefined ) -> crypto_state() | ng_crypto_error() - ; (crypto_state(), <<>>, <<>>, boolean()) -> crypto_state() | ng_crypto_error(). ng_crypto_init_nif(_Cipher, _Key, _IVec, _EncryptFlg) -> ?nif_stub. --spec ng_crypto_update_nif(crypto_state(), binary()) -> binary() | ng_crypto_error() . +-spec ng_crypto_update_nif(crypto_state(), binary()) -> + binary() | descriptive_error() . ng_crypto_update_nif(_State, _Data) -> ?nif_stub. --spec ng_crypto_update_nif(crypto_state(), binary(), binary()) -> binary() | ng_crypto_error() . +-spec ng_crypto_update_nif(crypto_state(), binary(), binary()) -> + binary() | descriptive_error() . ng_crypto_update_nif(_State, _Data, _IV) -> ?nif_stub. --spec ng_crypto_one_shot_nif(atom(), binary(), binary(), binary(), boolean() ) -> binary() | ng_crypto_error(). +-spec ng_crypto_one_shot_nif(atom(), binary(), binary(), binary(), boolean() ) -> + binary() | descriptive_error(). ng_crypto_one_shot_nif(_Cipher, _Key, _IVec, _Data, _EncryptFlg) -> ?nif_stub. %%%---------------------------------------------------------------- -- cgit v1.2.3 From 03f94058c410162091ce9168609908abd2caaba3 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 20 Mar 2019 13:57:35 +0100 Subject: crypto: Update types of hash algorithms --- lib/crypto/doc/src/crypto.xml | 21 ++++++++++++++------- lib/crypto/src/crypto.erl | 16 ++++++++-------- 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index aecb1890d0..ee95cc3074 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -257,20 +257,16 @@ - Digests + Digests and hash - - - - + - + -

The compatibility_only_hash() algorithms are recommended only for compatibility with existing applications.

 @@ -292,6 +288,17 @@ + + + + + + + +

The compatibility_only_hash() algorithms are recommended only for compatibility with existing applications.

+ + + Elliptic Curves diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index 0ee3c92cce..ade4c17089 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -422,10 +422,10 @@ enable_fips_mode(_) -> ?nif_stub. %%% %%%================================================================ --define(HASH_HASH_ALGORITHM, sha1() | sha2() | sha3() | blake2() | ripemd160 | compatibility_only_hash() ). +-type hash_algorithm() :: sha1() | sha2() | sha3() | blake2() | ripemd160 | compatibility_only_hash() . -spec hash_info(Type) -> Result | run_time_error() - when Type :: ?HASH_HASH_ALGORITHM, + when Type :: hash_algorithm(), Result :: #{size := integer(), block_size := integer(), type := integer() @@ -433,7 +433,7 @@ enable_fips_mode(_) -> ?nif_stub. hash_info(Type) -> notsup_to_error(hash_info_nif(Type)). --spec hash(Type, Data) -> Digest when Type :: ?HASH_HASH_ALGORITHM, +-spec hash(Type, Data) -> Digest when Type :: hash_algorithm(), Data :: iodata(), Digest :: binary(). hash(Type, Data) -> @@ -443,7 +443,7 @@ hash(Type, Data) -> -opaque hash_state() :: reference(). --spec hash_init(Type) -> State when Type :: ?HASH_HASH_ALGORITHM, +-spec hash_init(Type) -> State when Type :: hash_algorithm(), State :: hash_state(). hash_init(Type) -> notsup_to_error(hash_init_nif(Type)). @@ -469,12 +469,12 @@ hash_final(Context) -> %%%---- HMAC --define(HMAC_HASH_ALGORITHM, sha1() | sha2() | sha3() | compatibility_only_hash()). +-type hmac_hash_algorithm() :: sha1() | sha2() | sha3() | compatibility_only_hash(). %%%---- hmac/3,4 -spec hmac(Type, Key, Data) -> - Mac when Type :: ?HMAC_HASH_ALGORITHM, + Mac when Type :: hmac_hash_algorithm(), Key :: iodata(), Data :: iodata(), Mac :: binary() . @@ -483,7 +483,7 @@ hmac(Type, Key, Data) -> hmac(Type, Key, Data1, undefined, erlang:byte_size(Data1), max_bytes()). -spec hmac(Type, Key, Data, MacLength) -> - Mac when Type :: ?HMAC_HASH_ALGORITHM, + Mac when Type :: hmac_hash_algorithm(), Key :: iodata(), Data :: iodata(), MacLength :: integer(), @@ -498,7 +498,7 @@ hmac(Type, Key, Data, MacLength) -> -opaque hmac_state() :: binary(). -spec hmac_init(Type, Key) -> - State when Type :: ?HMAC_HASH_ALGORITHM, + State when Type :: hmac_hash_algorithm(), Key :: iodata(), State :: hmac_state() . hmac_init(Type, Key) -> -- cgit v1.2.3 From b1f4c5f3b07387ed57a5794570969c55a3cd34ea Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 21 Mar 2019 10:56:40 +0100 Subject: crypto: Restore 'error' as result of failed aead decryption --- lib/crypto/doc/src/crypto.xml | 3 ++- lib/crypto/src/crypto.erl | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index ee95cc3074..2c5f1b846f 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -667,7 +667,8 @@ Key = key() | des3_key() PlainText = iodata() AAD = IVec = CipherText = CipherTag = binary() - Error = run_time_error() + Error = BadTag | run_time_error() + BadTag = error

Decrypt CipherText according to Type block cipher. diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index ade4c17089..a5e60fbe75 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -651,7 +651,7 @@ block_encrypt(Type, Key, PlainText) -> binary() | run_time_error(); (Type::aead_cipher(), Key::iodata(), Ivec::binary(), {AAD::binary(), Data::iodata(), Tag::binary()}) -> - binary() | run_time_error() . + binary() | error | run_time_error() . block_decrypt(Type, Key, Ivec, Data) -> do_block_decrypt(alias(Type), Key, Ivec, Data). -- cgit v1.2.3 From a8b7378104d037be457f51c80e0bbf7eb2dde23d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 21 Mar 2019 12:04:05 +0100 Subject: crypto: Remove old comment --- lib/crypto/doc/src/crypto.xml | 3 --- 1 file changed, 3 deletions(-) diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 2c5f1b846f..8a4fad67de 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -1387,9 +1387,6 @@ FloatValue = rand:uniform(). % again

Can be used to determine which crypto algorithms that are supported by the underlying libcrypto library

-

Note: the rsa_opts entry is in an experimental state and may change or be removed without notice. - No guarantee for the accuarcy of the rsa option's value list should be assumed. -

See hash_info/1 and cipher_info/1 for information about the hash and cipher algorithms.

-- cgit v1.2.3