From 8c47a7657d03777a03a6838c7ec937b6347d07f8 Mon Sep 17 00:00:00 2001
From: Hans Nilsson
Date: Tue, 18 Sep 2018 12:13:42 +0200
Subject: crypto: Add warnings in RefMan and User's Guide for experimental RSA
opts
---
lib/crypto/doc/src/algorithm_details.xml | 8 +++++++-
lib/crypto/doc/src/crypto.xml | 14 ++++++++++++++
lib/crypto/src/crypto.erl | 19 +++++++++++++------
3 files changed, 34 insertions(+), 7 deletions(-)
diff --git a/lib/crypto/doc/src/algorithm_details.xml b/lib/crypto/doc/src/algorithm_details.xml
index 2d02422cb6..19a19b1ece 100644
--- a/lib/crypto/doc/src/algorithm_details.xml
+++ b/lib/crypto/doc/src/algorithm_details.xml
@@ -213,7 +213,13 @@
list with the public_keys tag in the return value of
crypto:supports().
-
+
+
+ The RSA options are experimental.
+
+ The exact set of options and there syntax may be changed
+ without prior notice.
+
Option | sign/verify | encrypt/decrypt | Supported with OpenSSL versions |
{rsa_mgf1_md,atom()} | x | x | 1.0.1 |
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index e6811a9a93..b7447cb9a3 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -284,6 +284,13 @@
Options for public key encrypt/decrypt. Only RSA is supported.
+
+
+ The RSA options are experimental.
+
+ The exact set of options and there syntax may be changed
+ without prior notice.
+
@@ -309,6 +316,13 @@
Options for sign and verify.
+
+
+ The RSA options are experimental.
+
+ The exact set of options and there syntax may be changed
+ without prior notice.
+
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 2db73c4af0..960fe46c09 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -526,9 +526,8 @@ block_encrypt(Type, Key, Ivec, {AAD, PlainText}) when Type =:= aes_gcm;
block_encrypt(Type, Key, Ivec, {AAD, PlainText, TagLength}) when Type =:= aes_gcm;
Type =:= aes_ccm ->
aead_encrypt(Type, Key, Ivec, AAD, PlainText, TagLength);
-block_encrypt(chacha20_poly1305=Type, Key, Ivec, {AAD, PlainText}) ->
- aead_encrypt(Type, Key, Ivec, AAD, PlainText, 16).
-
+block_encrypt(chacha20_poly1305, Key, Ivec, {AAD, PlainText}) ->
+ chacha20_poly1305_encrypt(Key, Ivec, AAD, PlainText).
-spec block_decrypt(Type::block_cipher_with_iv(), Key::key()|des3_key(), Ivec::binary(), Data::iodata()) -> binary();
(Type::aead_cipher(), Key::iodata(), Ivec::binary(),
@@ -558,9 +557,11 @@ block_decrypt(des3_cfb, Key0, Ivec, Data) ->
block_decrypt(aes_ige256, Key, Ivec, Data) ->
notsup_to_error(aes_ige_crypt_nif(Key, Ivec, Data, false));
block_decrypt(Type, Key, Ivec, {AAD, Data, Tag}) when Type =:= aes_gcm;
- Type =:= aes_ccm;
- Type =:= chacha20_poly1305 ->
- aead_decrypt(Type, Key, Ivec, AAD, Data, Tag).
+ Type =:= aes_ccm ->
+ aead_decrypt(Type, Key, Ivec, AAD, Data, Tag);
+block_decrypt(chacha20_poly1305, Key, Ivec, {AAD, Data, Tag}) ->
+ chacha20_poly1305_decrypt(Key, Ivec, AAD, Data, Tag).
+
-spec block_encrypt(Type::block_cipher_without_iv(), Key::key(), PlainText::iodata()) -> binary().
@@ -1615,6 +1616,12 @@ aead_encrypt(Type=aes_gcm, Key, Ivec, AAD, In) -> aead_encrypt(Type, Key, Ivec,
aead_encrypt(_Type, _Key, _Ivec, _AAD, _In, _TagLength) -> ?nif_stub.
aead_decrypt(_Type, _Key, _Ivec, _AAD, _In, _Tag) -> ?nif_stub.
+%%
+%% Chacha20/Ppoly1305
+%%
+chacha20_poly1305_encrypt(_Key, _Ivec, _AAD, _In) -> ?nif_stub.
+chacha20_poly1305_decrypt(_Key, _Ivec, _AAD, _In, _Tag) -> ?nif_stub.
+
%%
%% AES - with 256 bit key in infinite garble extension mode (IGE)
%%
--
cgit v1.2.3