From 0a833d0339fe5bb4c26c30430d74f83d7f2b6519 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 22 Aug 2018 16:50:15 +0200 Subject: crypto: A user's guide chapter on algorithm details Such as keylengths, blocksizes and IV lengths are hard to find otherwise Conflicts: lib/crypto/doc/src/crypto.xml --- lib/crypto/doc/src/Makefile | 2 +- lib/crypto/doc/src/algorithm_details.xml | 290 +++++++++++++++++++++++++++++++ lib/crypto/doc/src/usersguide.xml | 1 + 3 files changed, 292 insertions(+), 1 deletion(-) create mode 100644 lib/crypto/doc/src/algorithm_details.xml (limited to 'lib/crypto/doc') diff --git a/lib/crypto/doc/src/Makefile b/lib/crypto/doc/src/Makefile index 2148062e78..3203324954 100644 --- a/lib/crypto/doc/src/Makefile +++ b/lib/crypto/doc/src/Makefile @@ -39,7 +39,7 @@ XML_REF3_FILES = crypto.xml XML_REF6_FILES = crypto_app.xml XML_PART_FILES = usersguide.xml -XML_CHAPTER_FILES = notes.xml licenses.xml fips.xml engine_load.xml engine_keys.xml +XML_CHAPTER_FILES = notes.xml licenses.xml fips.xml engine_load.xml engine_keys.xml algorithm_details.xml BOOK_FILES = book.xml diff --git a/lib/crypto/doc/src/algorithm_details.xml b/lib/crypto/doc/src/algorithm_details.xml new file mode 100644 index 0000000000..088f5e8e97 --- /dev/null +++ b/lib/crypto/doc/src/algorithm_details.xml @@ -0,0 +1,290 @@ + + + + +
+ + 20142017 + Ericsson AB. All Rights Reserved. + + + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + + + Algorithm Details + Hans Nilsson + + 2018-08-22 + A + algorithm_details.xml +
+

+ This chapter describes details of algorithms in the crypto application. +

+

The tables only documents the supported cryptos and key lengths. The user should not draw any conclusion + on security from the supplied tables. +

+ +
+ Ciphers +
+ Block Ciphers +

To be used in + block_encrypt/3, + block_encrypt/4, + block_decrypt/3 and + block_decrypt/4. +

+

Available in all OpenSSL compatible with Erlang CRYPTO if not disabled by configuration. +

+

To dynamically check availability, check that the name in the Cipher and Mode column is present in the + list with the cipher tag in the return value of + crypto:supports(). +

+ + Cipher and ModeKey length
[bytes]IV length
[bytes]Block size
[bytes] + aes_cbc 16, 24, 321616 + aes_cbc128161616 + aes_cbc256321616 + + aes_cfb8 16, 24, 3216any + + aes_ecb16, 24, 32 16 + + aes_ige256163216 + blowfish_cbc 4-56 8 8 + blowfish_cfb64 1- 8 any + blowfish_ecb1- 8 + blowfish_ofb641-8any + + des3_cbc
(=DES EDE3 CBC)[8,8,8]88 + des3_cfb
(=DES EDE3 CFB)[8,8,8]8any + + des_cbc88 8 + des_cfb88any + des_ecb8 8 + des_ede3
(=DES EDE3 CBC)[8,8,8]88 + rc2_cbc1-88 + Block cipher key lengths +
+
+ +
+ AEAD Ciphers +

To be used in block_encrypt/4 and + block_decrypt/4. +

+

To dynamically check availability, check that the name in the Cipher and Mode column is present in the + list with the cipher tag in the return value of + crypto:supports(). +

+ + Cipher and ModeKey length
[bytes]IV length
[bytes]AAD length
[bytes]Block size
[bytes]Supported with
OpenSSL versions + aes_gcm 16 16 0-16 any1.0.1 - + chacha20_poly130532 1-16 any any1.1.0 - + AEAD cipher key lengths +
+
+ +
+ Stream Ciphers +

To be used in stream_init/2 and + stream_init/3. +

+

To dynamically check availability, check that the name in the Cipher and Mode column is present in the + list with the cipher tag in the return value of + crypto:supports(). +

+ + Cipher and ModeKey length
[bytes]IV length
[bytes]Supported with
OpenSSL versions + aes_ctr16, 24, 32161.0.1 - + rc41- all + Stream cipher key lengths +
+
+
+ +
+ Message Authentication Codes (MACs) + +
+ CMAC +

To be used in cmac/3 and + cmac/4. +

+

CMAC with the following ciphers are available with OpenSSL 1.0.1 or later if not disabled by configuration. +

+ +

To dynamically check availability, check that the name cmac is present in the + list with the macs tag in the return value of + crypto:supports(). + Also check that the name in the Cipher and Mode column is present in the + list with the cipher tag in the return value. +

+ + Cipher and ModeKey length
[bytes]Max Mac Length
[bytes] + aes_cbc 16, 24, 3216 + aes_cbc1281616 + aes_cbc2563216 + + aes_cfb8 161 + + blowfish_cbc 4-56 8 + blowfish_cfb64 1- 1 + blowfish_ecb1- 8 + blowfish_ofb641- 1 + + des3_cbc
(=DES EDE3 CBC)[8,8,8]8 + des3_cfb
(=DES EDE3 CFB)[8,8,8]1 + + des_cbc88 + + des_cfb81 + des_ecb81 + rc2_cbc1-8 + CMAC cipher key lengths +
+
+ +
+ HMAC +

Available in all OpenSSL compatible with Erlang CRYPTO if not disabled by configuration. +

+

To dynamically check availability, check that the name hmac is present in the + list with the macs tag in the return value of + crypto:supports(). +

+
+ +
+ POLY1305 +

POLY1305 is available with OpenSSL 1.1.1 or later if not disabled by configuration. +

+

To dynamically check availability, check that the name poly1305 is present in the + list with the macs tag in the return value of + crypto:supports(). +

+
+ +
+ +
+ Hash + +

To dynamically check availability, check that the wanted name in the Names column is present in the + list with the hashs tag in the return value of + crypto:supports(). +

+ + + + Type + Names + Supported with
OpenSSL versions + + SHA1shaall + SHA2sha224, sha256, sha384, sha512all + SHA3sha3_224, sha3_256, sha3_384, sha3_5121.1.1 - + MD4md4all + MD5md5all + RIPEMDripemd160all + +
+
+ +
+ Public Key Cryptography + +
+ RSA +

RSA is available with all OpenSSL versions compatible with Erlang CRYPTO if not disabled by configuration. + To dynamically check availability, check that the atom rsa is present in the + list with the public_keys tag in the return value of + crypto:supports(). +

+ + + Option sign/verify encrypt/decrypt Supported with
OpenSSL versions + {rsa_mgf1_md,atom()} x x 1.0.1 + {rsa_oaep_label, binary()} x + {rsa_oaep_md, atom()} x + {rsa_padding,rsa_pkcs1_pss_padding} x 1.0.0 + {rsa_pss_saltlen, -2..} x 1.0.0 + {rsa_padding,rsa_no_padding} x x + {rsa_padding,rsa_pkcs1_padding} x x + {rsa_padding,rsa_sslv23_padding} x + {rsa_padding,rsa_x931_padding} x + +
+
+ +
+ DSS +

DSS is available with OpenSSL versions compatible with Erlang CRYPTO if not disabled by configuration. + To dynamically check availability, check that the atom dss is present in the + list with the public_keys tag in the return value of + crypto:supports(). +

+
+ +
+ ECDSA +

ECDSA is available with OpenSSL 0.9.8o or later if not disabled by configuration. + To dynamically check availability, check that the atom ecdsa is present in the + list with the public_keys tag in the return value of + crypto:supports(). + If the atom ec_gf2m characteristic two field curves are available. +

+

The actual supported named curves could be checked by examining the list with the + curves tag in the return value of + crypto:supports(). +

+
+ +
+ Diffie-Hellman +

Diffie-Hellman computations are available with OpenSSL versions compatible with Erlang CRYPTO + if not disabled by configuration. + To dynamically check availability, check that the atom dh is present in the + list with the public_keys tag in the return value of + crypto:supports(). +

+
+ +
+ Elliptic Curve Diffie-Hellman +

Elliptic Curve Diffie-Hellman is available with OpenSSL 0.9.8o or later if not disabled by configuration. + To dynamically check availability, check that the atom ecdh is present in the + list with the public_keys tag in the return value of + crypto:supports(). +

+ +

The Edward curves x25519 and x448 are supported with OpenSSL 1.1.1 or later + if not disabled by configuration. +

+ +

The actual supported named curves could be checked by examining the list with the + curves tag in the return value of + crypto:supports(). +

+
+ +
+ + + + + + + + diff --git a/lib/crypto/doc/src/usersguide.xml b/lib/crypto/doc/src/usersguide.xml index 0124121433..2dfc966609 100644 --- a/lib/crypto/doc/src/usersguide.xml +++ b/lib/crypto/doc/src/usersguide.xml @@ -50,4 +50,5 @@ + -- cgit v1.2.3