From 90167202a4ce3dc6d4822fad04c51cc35913d796 Mon Sep 17 00:00:00 2001 From: Sverker Eriksson Date: Wed, 27 Jun 2012 15:35:26 +0200 Subject: crypto: Redo interface for rsa and dss hash signing Replace _hash functions with {digest,_} argument to existing sign/verify functions. --- lib/crypto/doc/src/crypto.xml | 66 +++++++++++++++++++++++++------------------ 1 file changed, 39 insertions(+), 27 deletions(-) (limited to 'lib/crypto/doc') diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 19db6c9dd4..36f8bc6deb 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -865,11 +865,13 @@ Mpint() = >]]> - rsa_sign(Data, Key) -> Signature - rsa_sign(DigestType, Data, Key) -> Signature + rsa_sign(DataOrDigest, Key) -> Signature + rsa_sign(DigestType, DataOrDigest, Key) -> Signature Sign the data using rsa with the given key. + DataOrDigest = Data | {digest,Digest} Data = Mpint + Digest = binary() Key = [E, N, D] | [E, N, D, P1, P2, E1, E2, C] E, N, D = Mpint Where E is the public exponent, N is public modulus and @@ -879,37 +881,40 @@ Mpint() = >]]> the calculation faster. P1,P2 are first and second prime factors. E1,E2 are first and second exponents. C is the CRT coefficient. Terminology is taken from RFC 3447. - DigestType = md5 | sha + DigestType = md5 | sha | sha256 | sha384 | sha512 The default DigestType is sha. Mpint = binary() Signature = binary() -

Calculates a DigestType digest of the Data - and creates a RSA signature with the private key Key - of the digest.

+

Creates a RSA signature with the private key Key + of a digest. The digest is either calculated as a + DigestType digest of Data or a precalculated + binary Digest.

 - rsa_verify(Data, Signature, Key) -> Verified - rsa_verify(DigestType, Data, Signature, Key) -> Verified + rsa_verify(DataOrDigest, Signature, Key) -> Verified + rsa_verify(DigestType, DataOrDigest, Signature, Key) -> Verified Verify the digest and signature using rsa with given public key. Verified = boolean() + DataOrDigest = Data | {digest|Digest} Data, Signature = Mpint + Digest = binary() Key = [E, N] E, N = Mpint Where E is the public exponent and N is public modulus. DigestType = md5 | sha | sha256 | sha384 | sha512 - The default DigestType is sha. + The default DigestType is sha. Mpint = binary() -

Calculates a DigestType digest of the Data - and verifies that the digest matches the RSA signature using the +

Verifies that a digest matches the RSA signature using the signer's public key Key. -

+ The digest is either calculated as a DigestType + digest of Data or a precalculated binary Digest.

May throw exception notsup in case the chosen DigestType is not supported by the underlying OpenSSL implementation.

 @@ -1022,45 +1027,52 @@ Mpint() = >]]> - dss_sign(Data, Key) -> Signature - dss_sign(DigestType, Data, Key) -> Signature + dss_sign(DataOrDigest, Key) -> Signature + dss_sign(DigestType, DataOrDigest, Key) -> Signature Sign the data using dsa with given private key. - DigestType = sha | none (default is sha) - Data = Mpint | ShaDigest + DigestType = sha + DataOrDigest = Mpint | {digest,Digest} Key = [P, Q, G, X] P, Q, G, X = Mpint Where P, Q and G are the dss parameters and X is the private key. - ShaDigest = binary() with length 20 bytes + Digest = binary() with length 20 bytes Signature = binary() -

Creates a DSS signature with the private key Key of a digest. - If DigestType is 'sha', the digest is calculated as SHA1 of Data. - If DigestType is 'none', Data is the precalculated SHA1 digest.

+

Creates a DSS signature with the private key Key of + a digest. The digest is either calculated as a SHA1 + digest of Data or a precalculated binary Digest.

+

A deprecated feature is having DigestType = 'none' + in which case DataOrDigest is a precalculated SHA1 + digest.

 - dss_verify(Data, Signature, Key) -> Verified - dss_verify(DigestType, Data, Signature, Key) -> Verified + dss_verify(DataOrDigest, Signature, Key) -> Verified + dss_verify(DigestType, DataOrDigest, Signature, Key) -> Verified Verify the data and signature using dsa with given public key. Verified = boolean() - DigestType = sha | none + DigestType = sha + DataOrDigest = Mpint | {digest,Digest} Data = Mpint | ShaDigest Signature = Mpint Key = [P, Q, G, Y] P, Q, G, Y = Mpint Where P, Q and G are the dss parameters and Y is the public key. - ShaDigest = binary() with length 20 bytes + Digest = binary() with length 20 bytes -

Verifies that a digest matches the DSS signature using the public key Key. - If DigestType is 'sha', the digest is calculated as SHA1 of Data. - If DigestType is 'none', Data is the precalculated SHA1 digest.

+

Verifies that a digest matches the DSS signature using the + public key Key. The digest is either calculated as a SHA1 + digest of Data or is a precalculated binary Digest.

+

A deprecated feature is having DigestType = 'none' + in which case DataOrDigest is a precalculated SHA1 + digest binary.

 -- cgit v1.2.3 From 42e65ffe5f2659d998ff0a7e5ebea2573c23a86f Mon Sep 17 00:00:00 2001 From: Sverker Eriksson Date: Thu, 16 Aug 2012 16:38:31 +0200 Subject: crypto: Add more generic hash interface --- lib/crypto/doc/src/crypto.xml | 51 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) (limited to 'lib/crypto/doc') diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 36f8bc6deb..0d78dbc426 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -255,6 +255,57 @@ Mpint() = >]]> the computed SHA message digest.

+ + hash(Type, Data) -> Digest + + + Type = md4 | md5 | sha | sha224 | sha256 | sha384 | sha512 + Data = iodata() + Digest = binary() + + +

Computes a message digest of type Type from Data.

+ + + + hash_init(Type) -> Context + + + Type = md4 | md5 | sha | sha224 | sha256 | sha384 | sha512 + + +

Initializes the context for streaming hash operations. Type determines + which digest to use. The returned context should be used as argument + to hash_update.

+ + + + hash_update(Context, Data) -> NewContext + + + Data = iodata() + + +

Updates the digest represented by Context using the given Data. Context + must have been generated using hash_init + or a previous call to this function. Data can be any length. NewContext + must be passed into the next call to hash_update + or hash_final.

+ + + + hash_final(Context) -> Digest + + + Digest = binary() + + +

Finalizes the hash operation referenced by Context returned + from a previous call to hash_update. + The size of Digest is determined by the type of hash + function used to generate it.

+ + md5_mac(Key, Data) -> Mac Compute an MD5 MACmessage authentification code -- cgit v1.2.3 From c5541a4c03b89fcbcb0dd1bfab8460b1287cc6cb Mon Sep 17 00:00:00 2001 From: Sverker Eriksson Date: Mon, 20 Aug 2012 12:31:28 +0200 Subject: crypto: Add sha224 for rsa sign/verify --- lib/crypto/doc/src/crypto.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/crypto/doc') diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 0d78dbc426..48e35f8093 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -932,7 +932,7 @@ Mpint() = >]]> the calculation faster. P1,P2 are first and second prime factors. E1,E2 are first and second exponents. C is the CRT coefficient. Terminology is taken from RFC 3447. - DigestType = md5 | sha | sha256 | sha384 | sha512 + DigestType = md5 | sha | sha224 | sha256 | sha384 | sha512 The default DigestType is sha. Mpint = binary() Signature = binary() @@ -957,7 +957,7 @@ Mpint() = >]]> Key = [E, N] E, N = Mpint Where E is the public exponent and N is public modulus. - DigestType = md5 | sha | sha256 | sha384 | sha512 + DigestType = md5 | sha | sha224 | sha256 | sha384 | sha512 The default DigestType is sha. Mpint = binary() -- cgit v1.2.3