From 90167202a4ce3dc6d4822fad04c51cc35913d796 Mon Sep 17 00:00:00 2001
From: Sverker Eriksson
Date: Wed, 27 Jun 2012 15:35:26 +0200
Subject: crypto: Redo interface for rsa and dss hash signing
Replace _hash functions with {digest,_} argument
to existing sign/verify functions.
---
lib/crypto/doc/src/crypto.xml | 66 +++++++++++++++++++++++++------------------
1 file changed, 39 insertions(+), 27 deletions(-)
(limited to 'lib/crypto/doc')
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 19db6c9dd4..36f8bc6deb 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -865,11 +865,13 @@ Mpint() = >]]>
- rsa_sign(Data, Key) -> Signature
- rsa_sign(DigestType, Data, Key) -> Signature
+ rsa_sign(DataOrDigest, Key) -> Signature
+ rsa_sign(DigestType, DataOrDigest, Key) -> Signature
Sign the data using rsa with the given key.
+ DataOrDigest = Data | {digest,Digest}
Data = Mpint
+ Digest = binary()
Key = [E, N, D] | [E, N, D, P1, P2, E1, E2, C]
E, N, D = Mpint
Where E is the public exponent, N is public modulus and
@@ -879,37 +881,40 @@ Mpint() = >]]>
the calculation faster. P1,P2 are first and second prime factors.
E1,E2 are first and second exponents. C is the CRT coefficient.
Terminology is taken from RFC 3447.
- DigestType = md5 | sha
+ DigestType = md5 | sha | sha256 | sha384 | sha512
The default DigestType is sha.
Mpint = binary()
Signature = binary()
- Calculates a DigestType digest of the Data
- and creates a RSA signature with the private key Key
- of the digest.
+ Creates a RSA signature with the private key Key
+ of a digest. The digest is either calculated as a
+ DigestType digest of Data or a precalculated
+ binary Digest.
- rsa_verify(Data, Signature, Key) -> Verified
- rsa_verify(DigestType, Data, Signature, Key) -> Verified
+ rsa_verify(DataOrDigest, Signature, Key) -> Verified
+ rsa_verify(DigestType, DataOrDigest, Signature, Key) -> Verified
Verify the digest and signature using rsa with given public key.
Verified = boolean()
+ DataOrDigest = Data | {digest|Digest}
Data, Signature = Mpint
+ Digest = binary()
Key = [E, N]
E, N = Mpint
Where E is the public exponent and N is public modulus.
DigestType = md5 | sha | sha256 | sha384 | sha512
- The default DigestType is sha.
+ The default DigestType is sha.
Mpint = binary()
- Calculates a DigestType digest of the Data
- and verifies that the digest matches the RSA signature using the
+
Verifies that a digest matches the RSA signature using the
signer's public key Key.
-
+ The digest is either calculated as a DigestType
+ digest of Data or a precalculated binary Digest.
May throw exception notsup in case the chosen DigestType
is not supported by the underlying OpenSSL implementation.
@@ -1022,45 +1027,52 @@ Mpint() = >]]>
- dss_sign(Data, Key) -> Signature
- dss_sign(DigestType, Data, Key) -> Signature
+ dss_sign(DataOrDigest, Key) -> Signature
+ dss_sign(DigestType, DataOrDigest, Key) -> Signature
Sign the data using dsa with given private key.
- DigestType = sha | none (default is sha)
- Data = Mpint | ShaDigest
+ DigestType = sha
+ DataOrDigest = Mpint | {digest,Digest}
Key = [P, Q, G, X]
P, Q, G, X = Mpint
Where P, Q and G are the dss
parameters and X is the private key.
- ShaDigest = binary() with length 20 bytes
+ Digest = binary() with length 20 bytes
Signature = binary()
- Creates a DSS signature with the private key Key of a digest.
- If DigestType is 'sha', the digest is calculated as SHA1 of Data.
- If DigestType is 'none', Data is the precalculated SHA1 digest.
+ Creates a DSS signature with the private key Key of
+ a digest. The digest is either calculated as a SHA1
+ digest of Data or a precalculated binary Digest.
+ A deprecated feature is having DigestType = 'none'
+ in which case DataOrDigest is a precalculated SHA1
+ digest.
- dss_verify(Data, Signature, Key) -> Verified
- dss_verify(DigestType, Data, Signature, Key) -> Verified
+ dss_verify(DataOrDigest, Signature, Key) -> Verified
+ dss_verify(DigestType, DataOrDigest, Signature, Key) -> Verified
Verify the data and signature using dsa with given public key.
Verified = boolean()
- DigestType = sha | none
+ DigestType = sha
+ DataOrDigest = Mpint | {digest,Digest}
Data = Mpint | ShaDigest
Signature = Mpint
Key = [P, Q, G, Y]
P, Q, G, Y = Mpint
Where P, Q and G are the dss
parameters and Y is the public key.
- ShaDigest = binary() with length 20 bytes
+ Digest = binary() with length 20 bytes
- Verifies that a digest matches the DSS signature using the public key Key.
- If DigestType is 'sha', the digest is calculated as SHA1 of Data.
- If DigestType is 'none', Data is the precalculated SHA1 digest.
+ Verifies that a digest matches the DSS signature using the
+ public key Key. The digest is either calculated as a SHA1
+ digest of Data or is a precalculated binary Digest.
+ A deprecated feature is having DigestType = 'none'
+ in which case DataOrDigest is a precalculated SHA1
+ digest binary.
--
cgit v1.2.3
From 42e65ffe5f2659d998ff0a7e5ebea2573c23a86f Mon Sep 17 00:00:00 2001
From: Sverker Eriksson
Date: Thu, 16 Aug 2012 16:38:31 +0200
Subject: crypto: Add more generic hash interface
---
lib/crypto/doc/src/crypto.xml | 51 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 51 insertions(+)
(limited to 'lib/crypto/doc')
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 36f8bc6deb..0d78dbc426 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -255,6 +255,57 @@ Mpint() = >]]>
the computed SHA message digest.
+
+ hash(Type, Data) -> Digest
+
+
+ Type = md4 | md5 | sha | sha224 | sha256 | sha384 | sha512
+ Data = iodata()
+ Digest = binary()
+
+
+ Computes a message digest of type Type from Data.
+
+
+
+ hash_init(Type) -> Context
+
+
+ Type = md4 | md5 | sha | sha224 | sha256 | sha384 | sha512
+
+
+ Initializes the context for streaming hash operations. Type determines
+ which digest to use. The returned context should be used as argument
+ to hash_update.
+
+
+
+ hash_update(Context, Data) -> NewContext
+
+
+ Data = iodata()
+
+
+ Updates the digest represented by Context using the given Data. Context
+ must have been generated using hash_init
+ or a previous call to this function. Data can be any length. NewContext
+ must be passed into the next call to hash_update
+ or hash_final.
+
+
+
+ hash_final(Context) -> Digest
+
+
+ Digest = binary()
+
+
+ Finalizes the hash operation referenced by Context returned
+ from a previous call to hash_update.
+ The size of Digest is determined by the type of hash
+ function used to generate it.
+
+
md5_mac(Key, Data) -> Mac
Compute an MD5 MACmessage authentification code
--
cgit v1.2.3
From c5541a4c03b89fcbcb0dd1bfab8460b1287cc6cb Mon Sep 17 00:00:00 2001
From: Sverker Eriksson
Date: Mon, 20 Aug 2012 12:31:28 +0200
Subject: crypto: Add sha224 for rsa sign/verify
---
lib/crypto/doc/src/crypto.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
(limited to 'lib/crypto/doc')
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 0d78dbc426..48e35f8093 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -932,7 +932,7 @@ Mpint() = >]]>
the calculation faster. P1,P2 are first and second prime factors.
E1,E2 are first and second exponents. C is the CRT coefficient.
Terminology is taken from RFC 3447.
- DigestType = md5 | sha | sha256 | sha384 | sha512
+ DigestType = md5 | sha | sha224 | sha256 | sha384 | sha512
The default DigestType is sha.
Mpint = binary()
Signature = binary()
@@ -957,7 +957,7 @@ Mpint() = >]]>
Key = [E, N]
E, N = Mpint
Where E is the public exponent and N is public modulus.
- DigestType = md5 | sha | sha256 | sha384 | sha512
+ DigestType = md5 | sha | sha224 | sha256 | sha384 | sha512
The default DigestType is sha.
Mpint = binary()
--
cgit v1.2.3