From 3155ca5b47149a214b101f6c0b84cdcd0400a30b Mon Sep 17 00:00:00 2001 From: Sverker Eriksson Date: Mon, 22 Apr 2013 21:43:44 +0200 Subject: crypto, public_key & ssl: Change API to hide resource format for EC KEY --- lib/crypto/c_src/crypto.c | 6 +++--- lib/crypto/src/crypto.erl | 27 ++++++++++++++++++++------- lib/crypto/test/crypto_SUITE.erl | 17 ++++++----------- lib/public_key/src/public_key.erl | 36 +++++++----------------------------- lib/ssl/test/erl_make_certs.erl | 4 +--- 5 files changed, 37 insertions(+), 53 deletions(-) (limited to 'lib') diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index a8027bb079..e953eb960f 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -235,7 +235,7 @@ static ERL_NIF_TERM term_to_ec_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_T static ERL_NIF_TERM ec_key_generate(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); static ERL_NIF_TERM ecdsa_sign_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); static ERL_NIF_TERM ecdsa_verify_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); -static ERL_NIF_TERM ecdh_compute_key(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); +static ERL_NIF_TERM ecdh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); /* helpers */ @@ -361,7 +361,7 @@ static ErlNifFunc nif_funcs[] = { {"ec_key_generate", 1, ec_key_generate}, {"ecdsa_sign_nif", 3, ecdsa_sign_nif}, {"ecdsa_verify_nif", 4, ecdsa_verify_nif}, - {"ecdh_compute_key", 2, ecdh_compute_key} + {"ecdh_compute_key_nif", 2, ecdh_compute_key_nif} }; #if defined(HAVE_EC) @@ -3452,7 +3452,7 @@ static ERL_NIF_TERM ecdsa_verify_nif(ErlNifEnv* env, int argc, const ERL_NIF_TER (_OthersPublicKey, _MyPrivateKey) (_OthersPublicKey, _MyEC_Point) */ -static ERL_NIF_TERM ecdh_compute_key(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) +static ERL_NIF_TERM ecdh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) { #if defined(HAVE_EC) ERL_NIF_TERM ret; diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index 57ddf3fbac..543d589d7e 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -67,8 +67,8 @@ -export([aes_cbc_ivec/1]). -export([aes_ctr_encrypt/3, aes_ctr_decrypt/3]). -export([aes_ctr_stream_init/2, aes_ctr_stream_encrypt/2, aes_ctr_stream_decrypt/2]). --export([ec_key_new/1, ec_key_to_term/1, term_to_ec_key/1, ec_key_generate/1]). --export([sign/4, verify/5, ecdh_compute_key/2]). +-export([ecdh_generate_key/1, ecdh_compute_key/2]). +-export([sign/4, verify/5]). -export([dh_generate_parameters/2, dh_check/1]). %% Testing see below @@ -115,8 +115,8 @@ hmac, hmac_init, hmac_update, hmac_final, hmac_final_n, info, rc2_cbc_encrypt, rc2_cbc_decrypt, srp_generate_key, srp_compute_key, - ec_key_new, ec_key_to_term, term_to_ec_key, ec_key_generate, - sign, verify, ecdh_compute_key, + ecdh_generate_key, ecdh_compute_key, + sign, verify, info_lib, algorithms]). -type mpint() :: binary(). @@ -859,7 +859,7 @@ verify(rsa, Type, DataOrDigest, Signature, Key) -> Bool -> Bool end; verify(ecdsa, Type, DataOrDigest, Signature, Key) -> - case ecdsa_verify_nif(Type, DataOrDigest, Signature, map_ensure_int_as_bin(Key)) of + case ecdsa_verify_nif(Type, DataOrDigest, Signature, term_to_ec_key(Key)) of notsup -> erlang:error(notsup); Bool -> Bool end. @@ -921,7 +921,7 @@ sign(dss, Type, DataOrDigest, Key) -> Sign -> Sign end; sign(ecdsa, Type, DataOrDigest, Key) -> - case ecdsa_sign_nif(Type, DataOrDigest, map_ensure_int_as_bin(Key)) of + case ecdsa_sign_nif(Type, DataOrDigest, term_to_ec_key(Key)) of error -> erlang:error(badkey, [Type,DataOrDigest,Key]); Sign -> Sign end. @@ -1229,6 +1229,16 @@ srp_compute_key(Verifier, Prime, ClientPublic, ServerPublic, ServerPrivate, Vers -spec ec_key_new(ec_named_curve()) -> ec_key_res(). ec_key_new(_Curve) -> ?nif_stub. +ecdh_generate_key(Curve) when is_atom(Curve) -> + ECKey = ec_key_new(Curve), + ec_key_generate(ECKey), + ec_key_to_term(ECKey); +ecdh_generate_key(Key) -> + ECKey = term_to_ec_key(Key), + ec_key_generate(ECKey), + ec_key_to_term(ECKey). + + -spec ec_key_generate(ec_key_res()) -> ok | error. ec_key_generate(_Key) -> ?nif_stub. @@ -1277,7 +1287,10 @@ term_to_ec_key_nif(_Curve, _PrivKey, _PubKey) -> ?nif_stub. -spec ecdh_compute_key(ec_key_res(), ec_key_res() | ec_point()) -> binary(). -ecdh_compute_key(_Others, _My) -> ?nif_stub. +ecdh_compute_key(Others, My) -> + ecdh_compute_key_nif(term_to_ec_key(Others), My). + +ecdh_compute_key_nif(_Others, _My) -> ?nif_stub. %% LOCAL FUNCTIONS diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl index 09898efd49..55db09d9dd 100644 --- a/lib/crypto/test/crypto_SUITE.erl +++ b/lib/crypto/test/crypto_SUITE.erl @@ -1887,12 +1887,7 @@ ec(Config) when is_list(Config) -> ec_do() -> %% test for a name curve - L2 = crypto:ec_key_new(sect113r2), - crypto:ec_key_generate(L2), - - D2 = crypto:ec_key_to_term(L2), - T2 = crypto:term_to_ec_key(D2), - ?line D2 = crypto:ec_key_to_term(T2), + D2 = crypto:ecdh_generate_key(sect113r2), %%TODO: find a published test case for a EC key @@ -1933,13 +1928,13 @@ ec_do() -> CoFactor = 1, Curve = {{prime_field,P},{A,B,none},BasePoint, Order,CoFactor}, CsCaKey = {Curve, undefined, PubKey}, - T3 = crypto:term_to_ec_key(CsCaKey), - ?line CsCaKey = crypto:ec_key_to_term(T3), + %%T3 = crypto:term_to_ec_key(CsCaKey), + %%?line CsCaKey = crypto:ec_key_to_term(T3), Msg = <<99,234,6,64,190,237,201,99,80,248,58,40,70,45,149,218,5,246,242,63>>, - Sign = crypto:sign(ecdsa, sha, Msg, L2), - ?line true = crypto:verify(ecdsa, sha, Msg, Sign, L2), - ?line false = crypto:verify(ecdsa, sha, Msg, <<10,20>>, L2), + Sign = crypto:sign(ecdsa, sha, Msg, D2), + ?line true = crypto:verify(ecdsa, sha, Msg, Sign, D2), + ?line false = crypto:verify(ecdsa, sha, Msg, <<10,20>>, D2), ok. diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index 06bffeea76..d1484c5b2b 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -330,10 +330,7 @@ encrypt_private(PlainText, %% Description: Generates new key(s) %%-------------------------------------------------------------------- generate_key({curve, Name}) -> - %% TODO: Better crypto API - ECDHKey = crypto:ec_key_new(Name), - crypto:ec_key_generate(ECDHKey), - Term = crypto:ec_key_to_term(ECDHKey), + Term = crypto:ecdh_generate_key(Name), ec_key(Term); generate_key(#'DHParameter'{prime = P, base = G}) -> @@ -350,13 +347,8 @@ generate_key({srp, Version, Verifier, Generator, Prime}) when is_binary(Verifier crypto:srp_generate_key(Verifier, Generator, Prime, Version); generate_key(Params) -> - %% TODO: Better crypto API - Name = ec_curve_spec(Params), - ECClntKey = crypto:ec_key_new(Name), - %% ECDHKey = format_ecdh_key(Params), - %% ECClntKey = crypto:term_to_ec_key(ECDHKey), - crypto:ec_key_generate(ECClntKey), - Term = crypto:ec_key_to_term(ECClntKey), + Curve = ec_curve_spec(Params), + Term = crypto:ecdh_generate_key(Curve), ec_key(Term, Params). %%-------------------------------------------------------------------- @@ -372,9 +364,7 @@ compute_key(PubKey, #'ECPrivateKey'{} = PrivateKey) -> compute_key(PubKey, format_ecdh_key(PrivateKey)); compute_key(#'ECPoint'{point = Point}, ECDHKeys) -> - %% TODO: Better crypto API - ECKey = crypto:term_to_ec_key(ECDHKeys), - crypto:ecdh_compute_key(ECKey, Point). + crypto:ecdh_compute_key(ECDHKeys, Point). compute_key(OthersKey, MyKey, {dh, Prime, Base}) when is_binary(OthersKey), is_binary(MyKey), @@ -439,8 +429,7 @@ sign(DigestOrPlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) -> sign(DigestOrPlainText, DigestType, Key = #'ECPrivateKey'{}) -> ECDHKey = format_ecdh_key(Key), - ECKey = crypto:term_to_ec_key(ECDHKey), - crypto:sign(ecdsa, DigestType, DigestOrPlainText, ECKey); + crypto:sign(ecdsa, DigestType, DigestOrPlainText, ECDHKey); %% Backwards compatible sign(Digest, none, #'DSAPrivateKey'{} = Key) -> @@ -457,15 +446,9 @@ verify(DigestOrPlainText, DigestType, Signature, crypto:verify(rsa, DigestType, DigestOrPlainText, Signature, [Exp, Mod]); -verify(Digest, DigestType, Signature, Key = #'ECPrivateKey'{}) -> - ECDHKey = format_ecdh_key(Key), - ECKey = crypto:term_to_ec_key(ECDHKey), - crypto:verify(ecdsa, DigestType, Digest, Signature, ECKey); - verify(DigestOrPlaintext, DigestType, Signature, Key = {#'ECPoint'{}, _}) -> ECDHKey = format_ecdh_key(Key), - ECKey = crypto:term_to_ec_key(ECDHKey), - crypto:verify(ecdsa, DigestType, DigestOrPlaintext, Signature, ECKey); + crypto:verify(ecdsa, DigestType, DigestOrPlaintext, Signature, ECDHKey); %% Backwards compatibility verify(Digest, none, Signature, {_, #'Dss-Parms'{}} = Key ) -> @@ -511,12 +494,7 @@ pkix_verify(DerCert, #'RSAPublicKey'{} = RSAKey) {DigestType, PlainText, Signature} = pubkey_cert:verify_data(DerCert), verify(PlainText, DigestType, Signature, RSAKey); -pkix_verify(DerCert, #'ECPrivateKey'{} = ECKey) - when is_binary(DerCert) -> - {DigestType, PlainText, Signature} = pubkey_cert:verify_data(DerCert), - verify(PlainText, DigestType, Signature, ECKey); - -pkix_verify(DerCert, Key = {'ECKey', _}) +pkix_verify(DerCert, Key = {#'ECPoint'{}, _}) when is_binary(DerCert) -> {DigestType, PlainText, Signature} = pubkey_cert:verify_data(DerCert), verify(PlainText, DigestType, Signature, Key). diff --git a/lib/ssl/test/erl_make_certs.erl b/lib/ssl/test/erl_make_certs.erl index f8d086513b..c0cf5005ed 100644 --- a/lib/ssl/test/erl_make_certs.erl +++ b/lib/ssl/test/erl_make_certs.erl @@ -409,9 +409,7 @@ int2list(I) -> binary_to_list(<>). gen_ec2(CurveId) -> - Key = crypto:ec_key_new(CurveId), - crypto:ec_key_generate(Key), - {_Curve, PrivKey, PubKey} = crypto:ec_key_to_term(Key), + {_Curve, PrivKey, PubKey} = crypto:ecdh_generate_key(CurveId), #'ECPrivateKey'{version = 1, privateKey = int2list(PrivKey), -- cgit v1.2.3