From f706e003a2f6cb3f1f31b9d1294b379c2ab3affe Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Thu, 16 May 2013 12:20:36 +0200 Subject: ssh & crypto: Remove use of deprecated crypto functions from ssh --- lib/crypto/doc/src/crypto.xml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'lib/crypto/doc') diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index df765ade87..cac8f6ef28 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -186,6 +186,20 @@

+ + + binary_to_integer(Bin) -> Integer + Convert binary representation, of an integer, to an Erlang integer. + + Bin = binary() - as returned by crypto functions + + Integer = integer() + + +

Convert binary representation, of an integer, to an Erlang integer. +

+ + compute_key(Type, OthersPublicKey, MyPrivateKey, Params) -> SharedSecret @@ -410,7 +424,7 @@ next_iv(Type, Data) -> - Type = des_cbc | aes_cbc + Type = des_cbc | des3_cbc |aes_cbc | des_cfb Data = iodata() -- cgit v1.2.3 From 36a9e0a0dcb33c0cab6fdfcc6847e04b1b786a73 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 15 May 2013 15:51:44 +0200 Subject: ssl, public_key, crypto: crypto:algorithms/0 -> crypto:supports/0 --- lib/crypto/doc/src/crypto.xml | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) (limited to 'lib/crypto/doc') diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index cac8f6ef28..b4e471111a 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -142,21 +142,16 @@

des3_key() = [binary(), binary(), binary()] Each key part is 64 bits (in CBC mode only 8 bits are used)

-

message_digest_algorithms() = md5 | ripemd160 | sha | sha224 | sha256 | sha384 | sha512 md4 is aslo supported for hash_init/1 and hash/2. +

digest_type() = md5 | sha | sha224 | sha256 | sha384 | sha512

+

hash_algorithms() = md5 | ripemd160 | sha | sha224 | sha256 | sha384 | sha512 md4 is aslo supported for hash_init/1 and hash/2. Note that both md4 and md5 are recommended only for compatibility with existing applications.

+

cipher_algorithms() = des | des3 | aes | blowfish | rc2 | rc4

+

public_key_algorithms() = rsa |dss | ecdsa | dh | ecdh

+ - - algorithms() -> [message_digest_algorithms() | md4 | ec] - Provide a list of available crypto algorithms. - -

Can be used to determine if the crypto library has support for elliptic curve (ec) and - which message digest algorithms that are supported.

- - - block_encrypt(Type, Key, Ivec, PlainText) -> CipherText Encrypt PlainTextaccording to Type block cipher @@ -665,6 +660,22 @@ + + supports() -> AlgorithmList + Provide a list of available crypto algorithms. + + AlgorithmList = [{hashs, [hash_algorithms()]}, + {ciphers, [cipher_algorithms()]}, + {public_keys, [public_key_algorithms()]} + + + +

Can be used to determine which crypto algorithms that are supported + by the underlying OpenSSL library

+ + + + verify(Algorithm, DigestType, Msg, Signature, Key) -> boolean() Verifies a digital signature. -- cgit v1.2.3 From 6ed7098c77b4eaefb4998e3abf099e525c1284f7 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Thu, 16 May 2013 12:22:14 +0200 Subject: crypto: Documentation fixes from review Conflicts: lib/crypto/doc/src/crypto.xml Conflicts: lib/crypto/doc/src/crypto.xml --- lib/crypto/doc/src/crypto.xml | 74 ++++++++++++++++++++++++------------------- 1 file changed, 42 insertions(+), 32 deletions(-) (limited to 'lib/crypto/doc') diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index b4e471111a..227602072e 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -77,33 +77,26 @@

dss_private() = [key_value()] = [P, Q, G, X]

Where P, Q and G are the dss parameters and X is the private key.

-

dss_public() = [key_value()] =[P, Q, G, Y]

- -

srp_public() = key_value()

+

srp_public() = binary()

Where is A or B from SRP design

srp_private() = key_value()

Where is a or b from SRP design

-

srp_params() = {user, [Generator::binary(), Prime::binary(), Version::atom()]} | - {host, [Verifier::binary(), Generator::binary(), Prime::binary(), Version::atom()]} - | {user, [DerivedKey::binary(), Prime::binary(), Generator::binary(), Version::atom() | [Scrambler:binary()]]} - | {host,[Verifier::binary(), Prime::binary(), Version::atom() | [Scrambler::binary]]}

-

Where Verifier is v, Generator is g and Prime is N, DerivedKey is X, and Scrambler is - u (optional will be genrated if not provided) from SRP design + u (optional will be generated if not provided) from SRP design Version = '3' | '6' | '6a'

-

dh_public() = key_value()

+

dh_public() = binary()

-

dh_private() = key_value()

+

dh_private() = binary()

dh_params() = [key_value()] = [P, G]

-

ecdh_public() = key_value()

+

ecdh_public() = binary()

-

ecdh_private() = key_value()

+

ecdh_private() = integer()

ecdh_params() = ec_named_curve() | {ec_field(), Prime :: key_value(), Point :: key_value(), Order :: integer(), CoFactor :: none | integer()}

@@ -143,10 +136,12 @@

des3_key() = [binary(), binary(), binary()] Each key part is 64 bits (in CBC mode only 8 bits are used)

digest_type() = md5 | sha | sha224 | sha256 | sha384 | sha512

-

hash_algorithms() = md5 | ripemd160 | sha | sha224 | sha256 | sha384 | sha512 md4 is aslo supported for hash_init/1 and hash/2. + +

hash_algorithms() = md5 | ripemd160 | sha | sha224 | sha256 | sha384 | sha512 md4 is also supported for hash_init/1 and hash/2. Note that both md4 and md5 are recommended only for compatibility with existing applications.

-

cipher_algorithms() = des | des3 | aes | blowfish | rc2 | rc4

+

cipher_algorithms() = des_cbc | des_cfb | des3_cbc | des3_cbf | des_ede3 | + blowfish_cbc | blowfish_cfb64 | aes_cbc128 | aes_cfb128| aes_cbc256 | rc2_cbc | aes_ctr| rc4

public_key_algorithms() = rsa |dss | ecdsa | dh | ecdh

@@ -156,6 +151,7 @@ block_encrypt(Type, Key, Ivec, PlainText) -> CipherText Encrypt PlainTextaccording to Type block cipher + Type = block_cipher() Key = block_key() PlainText = iodata() IVec = CipherText = binary() @@ -171,6 +167,7 @@ block_decrypt(Type, Key, Ivec, CipherText) -> PlainText Decrypt CipherTextaccording to Type block cipher + Type = block_cipher() Key = block_key() PlainText = iodata() IVec = CipherText = binary() @@ -197,13 +194,15 @@ - compute_key(Type, OthersPublicKey, MyPrivateKey, Params) -> SharedSecret + compute_key(Type, OthersPublicKey, MyKey, Params) -> SharedSecret Computes the shared secret Type = dh | ecdh | srp OthersPublicKey = dh_public() | ecdh_public() | srp_public() - MyPrivate = dh_private() | ecdh_private() | srp_private() - Params = dh_params() | edhc_params() | srp_params() + MyKey = dh_private() | ecdh_private() | {srp_public(),srp_private()} + Params = dh_params() | ecdh_params() | SrpUserParams | SrpHostParams + SrpUserParams = {user, [DerivedKey::binary(), Prime::binary(), Generator::binary(), Version::atom() | [Scrambler:binary()]]} + SrpHostParams = {host, [Verifier::binary(), Prime::binary(), Version::atom() | [Scrambler::binary]]} SharedSecret = binary() @@ -226,14 +225,17 @@ - generate_key(Type, Params) -> {PublicKey, PrivateKey} - generate_key(Type, Params, PrivateKey) -> {PublicKey, PrivateKey} + generate_key(Type, Params) -> {PublicKey, PrivKeyOut} + generate_key(Type, Params, PrivKeyIn) -> {PublicKey, PrivKeyOut} Generates a public keys of type Type Type = dh | ecdh | srp - Params = dh_params() | edhc_params() | srp_params() + Params = dh_params() | ecdh_params() | SrpUserParams | SrpHostParams + SrpUserParams = {user, [Generator::binary(), Prime::binary(), Version::atom()]} + SrpHostParams = {host, [Verifier::binary(), Generator::binary(), Prime::binary(), Version::atom()]} PublicKey = dh_public() | ecdh_public() | srp_public() - PrivateKey = dh_private() | ecdh_private() | srp_private() + PrivKeyIn = undefined | dh_private() | srp_private() + PrivKeyOut = dh_private() | ecdh_private() | srp_private()

Generates public keys of type Type. @@ -416,16 +418,20 @@ - next_iv(Type, Data) -> + next_iv(Type, Data) -> NextIVec + next_iv(Type, Data, IVec) -> NextIVec - Type = des_cbc | des3_cbc |aes_cbc | des_cfb + Type = des_cbc | des3_cbc | aes_cbc | des_cfb Data = iodata() + IVec = NextIVec = binary()

Returns the initialization vector to be used in the next - iteration of encrypt/decrypt of type Type. Data is the - encrypted data from the previous iteration step.

+ iteration of encrypt/decrypt of type Type. Data is the + encrypted data from the previous iteration step. The IVec + argument is only needed for des_cfb as the vector used + in the previous iteration step.

 @@ -558,10 +564,12 @@ signed or it is the hashed value of "plain text" i.e. the digest. DigestType = digest_type() - Key = rsa_private_key() | dsa_private_key() | ec_private_key() + Key = rsa_private() | dss_private() | [ecdh_private(),ecdh_params()] -

Creates a digital signature.

+

Creates a digital signature.

+

Algoritm dss can only be used together with digest type + sha.

See also public_key:sign/3 @@ -600,10 +608,9 @@ stream_init(Type, Key) -> State - Type rc4 + Type = rc4 State = opaque() Key = iodata() - IVec = binary()

Initializes the state for use in RC4 stream encryption @@ -616,7 +623,7 @@ stream_init(Type, Key, IVec) -> State - Type aes_ctr + Type = aes_ctr State = opaque() Key = iodata() IVec = binary() @@ -686,10 +693,13 @@ or it is the hashed value of "plain text" i.e. the digest. DigestType = digest_type() Signature = binary() - Key = rsa_public_key() | dsa_public_key() | ec_public_key() + Key = rsa_public() | dss_public() | [ecdh_public(),ecdh_params()]

Verifies a digital signature

+

Algoritm dss can only be used together with digest type + sha.

+ See also public_key:verify/3 -- cgit v1.2.3 From 16d06da9fb425fe652f3826275f3f9bf87c881f0 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Thu, 16 May 2013 20:04:24 +0200 Subject: crypto,ssh, netconf, inets: binary_to_integer -> bytes_to_integer --- lib/crypto/doc/src/crypto.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/crypto/doc') diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 227602072e..03a46c6e03 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -180,7 +180,7 @@ - binary_to_integer(Bin) -> Integer + bytes_to_integer(Bin) -> Integer Convert binary representation, of an integer, to an Erlang integer. Bin = binary() - as returned by crypto functions @@ -568,7 +568,7 @@

Creates a digital signature.

-

Algoritm dss can only be used together with digest type +

Algorithm dss can only be used together with digest type sha.

See also public_key:sign/3 @@ -697,7 +697,7 @@

Verifies a digital signature

-

Algoritm dss can only be used together with digest type +

Algorithm dss can only be used together with digest type sha.

See also public_key:verify/3 -- cgit v1.2.3 From 6518a54dbbbadb01f546e0e8c3dd3c3dfdf93e13 Mon Sep 17 00:00:00 2001 From: Sverker Eriksson Date: Thu, 16 May 2013 20:08:50 +0200 Subject: crypto, public_key & ssl: Make more functions accept integer keys --- lib/crypto/doc/src/crypto.xml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'lib/crypto/doc') diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 03a46c6e03..bdccfee341 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -60,6 +60,7 @@ DATA TYPES

key_value() = integer() | binary()

+

Always binary() when used as return value

rsa_public() = [key_value()] = [E, N]

Where E is the public exponent and N is public modulus.

@@ -77,7 +78,7 @@

dss_private() = [key_value()] = [P, Q, G, X]

Where P, Q and G are the dss parameters and X is the private key.

-

srp_public() = binary()

+

srp_public() = key_value()

Where is A or B from SRP design

srp_private() = key_value()

@@ -88,15 +89,15 @@ Version = '3' | '6' | '6a'

-

dh_public() = binary()

+

dh_public() = key_value()

-

dh_private() = binary()

+

dh_private() = key_value()

dh_params() = [key_value()] = [P, G]

-

ecdh_public() = binary()

+

ecdh_public() = key_value()

-

ecdh_private() = integer()

+

ecdh_private() = key_value()

ecdh_params() = ec_named_curve() | {ec_field(), Prime :: key_value(), Point :: key_value(), Order :: integer(), CoFactor :: none | integer()}

-- cgit v1.2.3