From 21f07ba4f63c9e2df74f23b17088cd32de5c50f6 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 1 Oct 2018 12:22:01 +0200 Subject: crypto: Update RSA options to match specs and different OpenSSL versions - Put rsa_pkcs1_oaep_padding in supports/0 - #ifdef updates - Refine PKCS1_OAEP defines --- lib/crypto/c_src/crypto.c | 29 ++++++---- lib/crypto/doc/src/algorithm_details.xml | 92 +++++++++++++++++++++++--------- 2 files changed, 88 insertions(+), 33 deletions(-) (limited to 'lib') diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index d40d285f86..b2d8123f00 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -189,6 +189,10 @@ # define HAVE_GCM # define HAVE_CCM # define HAVE_CMAC +# if defined(RSA_PKCS1_OAEP_PADDING) +# define HAVE_RSA_OAEP_PADDING +# endif +# define HAVE_RSA_MGF1_MD # if OPENSSL_VERSION_NUMBER < PACKED_OPENSSL_VERSION(1,0,1,'d') # define HAVE_GCM_EVP_DECRYPT_BUG # endif @@ -1340,7 +1344,7 @@ static ERL_NIF_TERM algo_mac[3]; /* increase when extending the list */ static int algo_curve_cnt, algo_curve_fips_cnt; static ERL_NIF_TERM algo_curve[87]; /* increase when extending the list */ static int algo_rsa_opts_cnt, algo_rsa_opts_fips_cnt; -static ERL_NIF_TERM algo_rsa_opts[10]; /* increase when extending the list */ +static ERL_NIF_TERM algo_rsa_opts[11]; /* increase when extending the list */ static void init_algorithms_types(ErlNifEnv* env) { @@ -1562,7 +1566,12 @@ static void init_algorithms_types(ErlNifEnv* env) algo_rsa_opts[algo_rsa_opts_cnt++] = enif_make_atom(env,"rsa_pkcs1_pss_padding"); algo_rsa_opts[algo_rsa_opts_cnt++] = enif_make_atom(env,"rsa_pss_saltlen"); # endif +# ifdef HAVE_RSA_MGF1_MD algo_rsa_opts[algo_rsa_opts_cnt++] = enif_make_atom(env,"rsa_mgf1_md"); +# endif +# ifdef HAVE_RSA_OAEP_PADDING + algo_rsa_opts[algo_rsa_opts_cnt++] = enif_make_atom(env,"rsa_pkcs1_oaep_padding"); +# endif # ifdef HAVE_RSA_OAEP_MD algo_rsa_opts[algo_rsa_opts_cnt++] = enif_make_atom(env,"rsa_oaep_label"); algo_rsa_opts[algo_rsa_opts_cnt++] = enif_make_atom(env,"rsa_oaep_md"); @@ -4693,16 +4702,16 @@ printf("\r\n"); if (argv[0] == atom_rsa) { if (EVP_PKEY_CTX_set_rsa_padding(ctx, sig_opt.rsa_padding) <= 0) goto badarg; -#ifdef HAVE_RSA_PKCS1_PSS_PADDING +# ifdef HAVE_RSA_PKCS1_PSS_PADDING if (sig_opt.rsa_padding == RSA_PKCS1_PSS_PADDING) { if (sig_opt.rsa_mgf1_md != NULL) { -#if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION_PLAIN(1,0,1) +# ifdef HAVE_RSA_MGF1_MD if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, sig_opt.rsa_mgf1_md) <= 0) goto badarg; -#else +# else EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); return atom_notsup; -#endif +# endif } if (sig_opt.rsa_pss_saltlen > -2 && EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, sig_opt.rsa_pss_saltlen) <= 0) @@ -4833,13 +4842,13 @@ static ERL_NIF_TERM pkey_verify_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM if (EVP_PKEY_CTX_set_rsa_padding(ctx, sig_opt.rsa_padding) <= 0) goto badarg; if (sig_opt.rsa_padding == RSA_PKCS1_PSS_PADDING) { if (sig_opt.rsa_mgf1_md != NULL) { -#if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION_PLAIN(1,0,1) +# ifdef HAVE_RSA_MGF1_MD if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, sig_opt.rsa_mgf1_md) <= 0) goto badarg; -#else +# else EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); return atom_notsup; -#endif +# endif } if (sig_opt.rsa_pss_saltlen > -2 && EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, sig_opt.rsa_pss_saltlen) <= 0) @@ -4932,8 +4941,10 @@ static int get_pkey_crypt_options(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NI ) { if (tpl_terms[1] == atom_rsa_pkcs1_padding) { opt->rsa_padding = RSA_PKCS1_PADDING; +#ifdef HAVE_RSA_OAEP_PADDING } else if (tpl_terms[1] == atom_rsa_pkcs1_oaep_padding) { opt->rsa_padding = RSA_PKCS1_OAEP_PADDING; +#endif #ifdef HAVE_RSA_SSLV23_PADDING } else if (tpl_terms[1] == atom_rsa_sslv23_padding) { opt->rsa_padding = RSA_SSLV23_PADDING; @@ -4952,7 +4963,7 @@ static int get_pkey_crypt_options(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NI } opt->signature_md = opt_md; } else if (tpl_terms[0] == atom_rsa_mgf1_md && enif_is_atom(env, tpl_terms[1])) { -#ifndef HAVE_RSA_OAEP_MD +#ifndef HAVE_RSA_MGF1_MD if (tpl_terms[1] != atom_sha) return PKEY_NOTSUP; #endif diff --git a/lib/crypto/doc/src/algorithm_details.xml b/lib/crypto/doc/src/algorithm_details.xml index 68ad264df7..4d58d26970 100644 --- a/lib/crypto/doc/src/algorithm_details.xml +++ b/lib/crypto/doc/src/algorithm_details.xml @@ -63,9 +63,9 @@ aes_ige256163216 blowfish_cbc 4-56 8 8 - blowfish_cfb64 1- 8 any - blowfish_ecb1- 8 - blowfish_ofb641-8any + blowfish_cfb64 ≥1 8 any + blowfish_ecb≥1 8 + blowfish_ofb64≥18any des3_cbc
(=DES EDE3 CBC)[8,8,8]88 des3_cfb
(=DES EDE3 CFB)[8,8,8]8any @@ -74,7 +74,7 @@ des_cfb88any des_ecb8 8 des_ede3
(=DES EDE3 CBC)[8,8,8]88 - rc2_cbc1-88 + rc2_cbc≥188 Block cipher key lengths @@ -90,9 +90,9 @@

Cipher and ModeKey length
[bytes]IV length
[bytes]AAD length
[bytes]Tag length
[bytes]Block size
[bytes]Supported with
OpenSSL versions - aes_ccm 16,24,32 7-13 any even 4-16
default: 12 any1.1.0 - - aes_gcm 16,24,32 1- any 1-16
default: 16 any1.1.0 - - chacha20_poly130532 1-16 any 16 any1.1.0 - + aes_ccm 16,24,32 7-13 any even 4-16
default: 12 any≥1.1.0 + aes_gcm 16,24,32 ≥1 any 1-16
default: 16 any≥1.1.0 + chacha20_poly130532 1-16 any 16 any≥1.1.0AEAD cipher key lengths
@@ -108,8 +108,8 @@

Cipher and ModeKey length
[bytes]IV length
[bytes]Supported with
OpenSSL versions - aes_ctr16, 24, 32161.0.1 - - rc41- all + aes_ctr16, 24, 3216≥1.0.1 + rc4≥1 allStream cipher key lengths
@@ -141,9 +141,9 @@ aes_cfb8 161 blowfish_cbc 4-56 8 - blowfish_cfb64 1- 1 - blowfish_ecb1- 8 - blowfish_ofb641- 1 + blowfish_cfb64 ≥1 1 + blowfish_ecb≥1 8 + blowfish_ofb64≥1 1 des3_cbc
(=DES EDE3 CBC)[8,8,8]8 des3_cfb
(=DES EDE3 CFB)[8,8,8]1 @@ -152,7 +152,7 @@ des_cfb81 des_ecb81 - rc2_cbc1-8 + rc2_cbc≥18 CMAC cipher key lengths @@ -195,7 +195,7 @@ SHA1shaall SHA2sha224, sha256, sha384, sha512all - SHA3sha3_224, sha3_256, sha3_384, sha3_5121.1.1 - + SHA3sha3_224, sha3_256, sha3_384, sha3_512≥1.1.1 MD4md4all MD5md5all RIPEMDripemd160all @@ -221,18 +221,62 @@ without prior notice.

- Option sign/verify encrypt/decrypt Supported with
OpenSSL versions - {rsa_mgf1_md,atom()} x x 1.0.1 - {rsa_oaep_label, binary()} x - {rsa_oaep_md, atom()} x - {rsa_padding,rsa_pkcs1_pss_padding} x 1.0.0 - {rsa_pss_saltlen, -2..} x 1.0.0 - {rsa_padding,rsa_no_padding} x x - {rsa_padding,rsa_pkcs1_padding} x x - {rsa_padding,rsa_sslv23_padding} x - {rsa_padding,rsa_x931_padding} x + Option + sign/verify + public encrypt
private decrypt + private encrypt
public decrypt + + {rsa_padding,rsa_x931_padding} + x + + x + + {rsa_padding,rsa_pkcs1_padding} + x + x + x + + {rsa_padding,rsa_pkcs1_pss_padding}
+ {rsa_pss_saltlen, -2..}
+ {rsa_mgf1_md, atom()} + + x (2)
+ x (2)
+ x (2) + + + + {rsa_padding,rsa_pkcs1_oaep_padding}
+ {rsa_mgf1_md, atom()}
+ {rsa_oaep_label, binary()}}
+ {rsa_oaep_md, atom()} + + + x (2)
+ x (2)
+ x (3)
+ x (3) + + + + {rsa_padding,rsa_no_padding} + x (1) + + + +
+

Notes:

+ + (1) OpenSSL ≤ 1.0.0 + (2) OpenSSL ≥ 1.0.1 + (3) OpenSSL ≥ 1.1.0 +
-- cgit v1.2.3