From 8c47a7657d03777a03a6838c7ec937b6347d07f8 Mon Sep 17 00:00:00 2001
From: Hans Nilsson
Date: Tue, 18 Sep 2018 12:13:42 +0200
Subject: crypto: Add warnings in RefMan and User's Guide for experimental RSA
opts
---
lib/crypto/doc/src/algorithm_details.xml | 8 +++++++-
lib/crypto/doc/src/crypto.xml | 14 ++++++++++++++
lib/crypto/src/crypto.erl | 19 +++++++++++++------
3 files changed, 34 insertions(+), 7 deletions(-)
(limited to 'lib')
diff --git a/lib/crypto/doc/src/algorithm_details.xml b/lib/crypto/doc/src/algorithm_details.xml
index 2d02422cb6..19a19b1ece 100644
--- a/lib/crypto/doc/src/algorithm_details.xml
+++ b/lib/crypto/doc/src/algorithm_details.xml
@@ -213,7 +213,13 @@
list with the public_keys tag in the return value of
crypto:supports().
-
+
+
+ The RSA options are experimental.
+
+ The exact set of options and there syntax may be changed
+ without prior notice.
+
Option | sign/verify | encrypt/decrypt | Supported with OpenSSL versions |
{rsa_mgf1_md,atom()} | x | x | 1.0.1 |
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index e6811a9a93..b7447cb9a3 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -284,6 +284,13 @@
Options for public key encrypt/decrypt. Only RSA is supported.
+
+
+ The RSA options are experimental.
+
+ The exact set of options and there syntax may be changed
+ without prior notice.
+
@@ -309,6 +316,13 @@
Options for sign and verify.
+
+
+ The RSA options are experimental.
+
+ The exact set of options and there syntax may be changed
+ without prior notice.
+
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 2db73c4af0..960fe46c09 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -526,9 +526,8 @@ block_encrypt(Type, Key, Ivec, {AAD, PlainText}) when Type =:= aes_gcm;
block_encrypt(Type, Key, Ivec, {AAD, PlainText, TagLength}) when Type =:= aes_gcm;
Type =:= aes_ccm ->
aead_encrypt(Type, Key, Ivec, AAD, PlainText, TagLength);
-block_encrypt(chacha20_poly1305=Type, Key, Ivec, {AAD, PlainText}) ->
- aead_encrypt(Type, Key, Ivec, AAD, PlainText, 16).
-
+block_encrypt(chacha20_poly1305, Key, Ivec, {AAD, PlainText}) ->
+ chacha20_poly1305_encrypt(Key, Ivec, AAD, PlainText).
-spec block_decrypt(Type::block_cipher_with_iv(), Key::key()|des3_key(), Ivec::binary(), Data::iodata()) -> binary();
(Type::aead_cipher(), Key::iodata(), Ivec::binary(),
@@ -558,9 +557,11 @@ block_decrypt(des3_cfb, Key0, Ivec, Data) ->
block_decrypt(aes_ige256, Key, Ivec, Data) ->
notsup_to_error(aes_ige_crypt_nif(Key, Ivec, Data, false));
block_decrypt(Type, Key, Ivec, {AAD, Data, Tag}) when Type =:= aes_gcm;
- Type =:= aes_ccm;
- Type =:= chacha20_poly1305 ->
- aead_decrypt(Type, Key, Ivec, AAD, Data, Tag).
+ Type =:= aes_ccm ->
+ aead_decrypt(Type, Key, Ivec, AAD, Data, Tag);
+block_decrypt(chacha20_poly1305, Key, Ivec, {AAD, Data, Tag}) ->
+ chacha20_poly1305_decrypt(Key, Ivec, AAD, Data, Tag).
+
-spec block_encrypt(Type::block_cipher_without_iv(), Key::key(), PlainText::iodata()) -> binary().
@@ -1615,6 +1616,12 @@ aead_encrypt(Type=aes_gcm, Key, Ivec, AAD, In) -> aead_encrypt(Type, Key, Ivec,
aead_encrypt(_Type, _Key, _Ivec, _AAD, _In, _TagLength) -> ?nif_stub.
aead_decrypt(_Type, _Key, _Ivec, _AAD, _In, _Tag) -> ?nif_stub.
+%%
+%% Chacha20/Ppoly1305
+%%
+chacha20_poly1305_encrypt(_Key, _Ivec, _AAD, _In) -> ?nif_stub.
+chacha20_poly1305_decrypt(_Key, _Ivec, _AAD, _In, _Tag) -> ?nif_stub.
+
%%
%% AES - with 256 bit key in infinite garble extension mode (IGE)
%%
--
cgit v1.2.3
From 3a23cabe452837a28feed3860f3c257ded5948cd Mon Sep 17 00:00:00 2001
From: Hans Nilsson
Date: Tue, 18 Sep 2018 16:22:57 +0200
Subject: crypto: Re-work the 'Description' section
Links and contents needs update.
---
lib/crypto/doc/src/crypto.xml | 179 +++++++++++++++++++++++++++++++++---------
1 file changed, 144 insertions(+), 35 deletions(-)
(limited to 'lib')
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index b7447cb9a3..651b647e1c 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -28,41 +28,150 @@
This module provides a set of cryptographic functions.
-
- -
-
Hash functions -
- Secure Hash Standard,
- The MD5 Message Digest Algorithm (RFC 1321) and
- The MD4 Message Digest Algorithm (RFC 1320)
-
-
- -
-
Hmac functions - Keyed-Hashing for Message Authentication (RFC 2104)
-
- -
-
Cmac functions - The AES-CMAC Algorithm (RFC 4493)
-
- -
-
Block ciphers - DES and AES in
- Block Cipher Modes - ECB, CBC, CFB, OFB, CTR and GCM
-
- -
-
GCM: Dworkin, M.,
- "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC",
- National Institute of Standards and Technology SP 800-38D, November 2007.
-
-
- -
-
RSA encryption RFC 1321
-
- -
-
Digital signatures Digital Signature Standard (DSS) and Elliptic Curve Digital
- Signature Algorithm (ECDSA)
-
- -
-
Secure Remote Password Protocol (SRP - RFC 2945)
-
-
+
+ Hash functions
+ -
+
+
+ SHA1, SHA2
+
-
+
+ Secure Hash Standard [FIPS PUB 180-4]
+
+
+ SHA3
+ -
+
+ SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions [FIPS PUB 202]
+
+
+ MD5
+ -
+ The MD5 Message Digest Algorithm [RFC 1321]
+
+ MD4
+ -
+ The MD4 Message Digest Algorithm [RFC 1320]
+
+
+
+
+
+ MACs - Message Authentication Codes
+ -
+
+
+ Hmac functions
+
-
+
+ Keyed-Hashing for Message Authentication [RFC 2104]
+
+
+ Cmac functions
+ -
+
+ The AES-CMAC Algorithm [RFC 4493]
+
+
+ POLY1305
+ -
+
+ ChaCha20 and Poly1305 for IETF Protocols [RFC 7539]
+
+
+
+
+
+
+ Symmetric Ciphers
+ -
+
+
+ DES, 3DES and AES
+
-
+ Block Cipher Techniques [NIST]
+
+ Blowfish
+ -
+
+ Fast Software Encryption, Cambridge Security Workshop Proceedings (December 1993), Springer-Verlag, 1994, pp. 191-204.
+
+
+ Chacha20
+ -
+
+ ChaCha20 and Poly1305 for IETF Protocols [RFC 7539]
+
+
+ Chacha20_poly1305
+ -
+
+ ChaCha20 and Poly1305 for IETF Protocols [RFC 7539]
+
+
+
+
+
+
+ Modes
+ -
+
+
+ ECB, CBC, CFB, OFB and CTR
+
-
+
+ Recommendation for Block Cipher Modes of Operation: Methods and Techniques [NIST SP 800-38A]
+
+
+ GCM
+ -
+
+ Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC [NIST SP 800-38D]
+
+
+ CCM
+ -
+
+ Recommendation for Block Cipher Modes of Operation:
+ The CCM Mode for Authentication and Confidentiality [NIST SP 800-38C]
+
+
+
+
+
+
+ Asymetric Ciphers - Public Key Techniques
+ -
+
+
+ RSA
+
-
+
+ PKCS #1: RSA Cryptography Specifications [RFC 3447]
+
+
+ DSS
+ -
+
+ Digital Signature Standard (DSS) [FIPS 186-4]
+
+
+ ECDSA
+ -
+
+ Elliptic Curve Digital Signature Algorithm [ECDSA]
+
+
+ SRP
+ -
+
+ The SRP Authentication and Key Exchange System [RFC 2945]
+
+
+
+
+
+
The actual supported algorithms and features depends on their availability in the actual libcrypto used.
--
cgit v1.2.3