-
Notifications
You must be signed in to change notification settings - Fork 2.9k
/
crypto.erl
4001 lines (3333 loc) · 147 KB
/
crypto.erl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
%%
%% %CopyrightBegin%
%%
%% Copyright Ericsson AB 1999-2024. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
%% You may obtain a copy of the License at
%%
%% http://www.apache.org/licenses/LICENSE-2.0
%%
%% Unless required by applicable law or agreed to in writing, software
%% distributed under the License is distributed on an "AS IS" BASIS,
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
%% See the License for the specific language governing permissions and
%% limitations under the License.
%%
%% %CopyrightEnd%
%%
%% Purpose : Main Crypto API module.
-module(crypto).
-moduledoc """
Crypto Functions
This module provides a set of cryptographic functions.
- **Hash functions** -
- **SHA1, SHA2** - [Secure Hash Standard (FIPS PUB180-4)](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf)
- **SHA3** - [SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions (FIPS PUB 202)](https://www.nist.gov/publications/sha-3-standard-permutation-based-hash-and-extendable-output-functions?pub_id=919061)
- **BLAKE2** - [BLAKE2 — fast secure hashing](https://blake2.net/)
- **SM3** - [The SM3 Hash Function (GM/T 0004-2012)](https://datatracker.ietf.org/doc/html/draft-sca-cfrg-sm3-02)
- **MD5** - [The MD5 Message Digest Algorithm (RFC 1321)](http://www.ietf.org/rfc/rfc1321.txt)
- **MD4** - [The MD4 Message Digest Algorithm (RFC 1320)](http://www.ietf.org/rfc/rfc1320.txt)
- **MACs - Message Authentication Codes** -
- **Hmac functions** - [Keyed-Hashing for Message Authentication (RFC 2104)](http://www.ietf.org/rfc/rfc2104.txt)
- **Cmac functions** - [The AES-CMAC Algorithm (RFC 4493)](http://www.ietf.org/rfc/rfc4493.txt)
- **POLY1305** - [ChaCha20 and Poly1305 for IETF Protocols (RFC 7539)](http://www.ietf.org/rfc/rfc7539.txt)
- **Symmetric Ciphers** -
- **DES, 3DES and AES** - [Block Cipher Techniques (NIST)](https://csrc.nist.gov/projects/block-cipher-techniques)
- **Blowfish** -
[Fast Software Encryption, Cambridge Security Workshop Proceedings (December 1993), Springer-Verlag, 1994, pp. 191-204.](https://www.schneier.com/academic/archives/1994/09/description_of_a_new.html)
- **Chacha20** - [ChaCha20 and Poly1305 for IETF Protocols (RFC 7539)](http://www.ietf.org/rfc/rfc7539.txt)
- **Chacha20_poly1305** - [ChaCha20 and Poly1305 for IETF Protocols (RFC 7539)](http://www.ietf.org/rfc/rfc7539.txt)
- **SM4** - [The SM4 Block Cipher Algorithm](https://www.iso.org/standard/81564.html)
- **Modes** -
- **ECB, CBC, CFB, OFB and CTR** - [Recommendation for Block Cipher Modes of
Operation: Methods and Techniques (NIST SP 800-38A)](https://csrc.nist.gov/publications/detail/sp/800-38a/final)
- **GCM** - [Recommendation for Block Cipher Modes of Operation:
Galois/Counter Mode (GCM) and GMAC (NIST SP 800-38D)](https://csrc.nist.gov/publications/detail/sp/800-38d/final)
- **CCM** - [Recommendation for Block Cipher Modes of Operation: The CCM Mode
for Authentication and Confidentiality (NIST SP 800-38C)](https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38c.pdf)
- **Asymmetric Ciphers - Public Key Techniques** -
- **RSA** - [PKCS #1: RSA Cryptography Specifications (RFC 3447)](http://www.ietf.org/rfc/rfc3447.txt)
- **DSS** - [Digital Signature Standard (DSS) (FIPS 186-4)](https://csrc.nist.gov/publications/detail/fips/186/4/final)
- **ECDSA** - [Elliptic Curve Digital Signature Algorithm (ECDSA)](http://csrc.nist.gov/groups/STM/cavp/documents/dss2/ecdsa2vs.pdf)
- **SRP** - [The SRP Authentication and Key Exchange System (RFC 2945)](http://www.ietf.org/rfc/rfc2945.txt)
> #### Note {: .info }
>
> The actual supported algorithms and features depends on their availability in
> the actual libcrypto used. See the [crypto (App)](crypto_app.md) about
> dependencies.
>
> Enabling FIPS mode will also disable algorithms and features.
The [CRYPTO User's Guide](index.html) has more information on FIPS, Engines and
Algorithm Details like key lengths.
## Exceptions
[](){: #error_old }
### Atoms - the older style
The exception `error:badarg` signifies that one or more arguments are of wrong
data type, or are otherwise badly formed.
The exception `error:notsup` signifies that the algorithm is known but is not
supported by current underlying libcrypto or explicitly disabled when building
that.
For a list of supported algorithms, see [supports(ciphers)](`supports/1`).
[](){: #error_3tup }
### 3-tuples - the new style
The exception is:
```text
error:{Tag, C_FileInfo, Description}
Tag = badarg | notsup | error
C_FileInfo = term() % Usually only useful for the OTP maintainer
Description = string() % Clear text, sometimes only useful for the OTP maintainer
```
The exception tags are:
- **`badarg`** - Signifies that one or more arguments are of wrong data type or
are otherwise badly formed.
- **`notsup`** - Signifies that the algorithm is known but is not supported by
current underlying libcrypto or explicitly disabled when building that one.
- **`error`** - An error condition that should not occur, for example a memory
allocation failed or the underlying cryptolib returned an error code, for
example `"Can't initialize context, step 1"`. Those text usually needs
searching the C-code to be understood.
Usually there are more information in the call stack about which argument caused
the exception and what the values where.
To catch the exception, use for example:
```text
try crypto:crypto_init(Ciph, Key, IV, true)
catch
error:{Tag, _C_FileInfo, Description} ->
do_something(......)
.....
end
```
""".
-moduledoc(#{titles =>
[{function,<<"Cipher API">>},
{function,<<"Hash API">>},
{function,<<"MAC API">>},
{function,<<"Key API">>},
{function,<<"Sign/Verify API">>},
{function,<<"Random API">>},
{function,<<"Utility Functions">>},
{function,<<"Engine API">>},
{function,<<"Legacy RSA Encryption API">>},
{type,<<"Ciphers">>},
{type,<<"Digests and hash">>},
{type,<<"Elliptic Curves">>},
{type,<<"Keys">>},
{type,<<"Public/Private Keys">>},
{type,<<"Public Key Ciphers">>},
{type,<<"Public Key Sign and Verify">>},
{type,<<"Diffie-Hellman Keys and parameters">>},
{type,<<"Types for Engines">>},
{type,<<"Internal data types">>}]}).
-export([start/0, stop/0, info/0, info_lib/0, info_fips/0, supports/0, enable_fips_mode/1,
version/0, bytes_to_integer/1]).
-export([cipher_info/1, hash_info/1]).
-export([hash/2, hash_xof/3, hash_init/1, hash_update/2, hash_final/1, hash_final_xof/2]).
-export([sign/4, sign/5, verify/5, verify/6]).
-export([generate_key/2, generate_key/3, compute_key/4]).
-export([exor/2, strong_rand_bytes/1, mod_pow/3]).
-export([rand_seed/0, rand_seed_alg/1, rand_seed_alg/2]).
-export([rand_seed_s/0, rand_seed_alg_s/1, rand_seed_alg_s/2]).
-export([rand_plugin_next/1]).
-export([rand_plugin_aes_next/1, rand_plugin_aes_jump/1]).
-export([rand_plugin_uniform/1]).
-export([rand_plugin_uniform/2]).
-export([rand_cache_plugin_next/1]).
-export([rand_uniform/2]).
-export([public_encrypt/4, private_decrypt/4]).
-export([private_encrypt/4, public_decrypt/4]).
-export([privkey_to_pubkey/2]).
-export([ec_curve/1, ec_curves/0]).
-export([rand_seed/1]).
-export([format_error/2]).
-export([pbkdf2_hmac/5]).
%%%----------------------------------------------------------------
%% Deprecated functions
%%%----------------------------------------------------------------
%% Removed functions.
%%
%% Old interface. Now implemented with the New interface.
%% Removed in OTP-24.0 See OTP-16232 (deprecation) and OTP-16656 (removal)
-removed([{crypto_dyn_iv_init, 3, "not supported, use crypto:crypto_init/4"},
{crypto_dyn_iv_update, 3, "not supported, use crypto:crypto_update/2"},
{next_iv, '_', "see the 'New and Old API' chapter of the CRYPTO User's guide"},
{hmac, 3, "use crypto:mac/4 instead"},
{hmac, 4, "use crypto:macN/5 instead"},
{hmac_init, 2, "use crypto:mac_init/3 instead"},
{hmac_update, 2, "use crypto:mac_update/2 instead"},
{hmac_final, 1, "use crypto:mac_final/1 instead"},
{hmac_final_n, 2, "use crypto:mac_finalN/2 instead"},
{cmac, 3, "use crypto:mac/4 instead"},
{cmac, 4, "use crypto:macN/5 instead"},
{poly1305, 2, "use crypto:mac/3 instead"},
{stream_init, '_', "use crypto:crypto_init/3 + crypto:crypto_update/2 + "
"crypto:crypto_final/1 or crypto:crypto_one_time/4 instead"},
{stream_encrypt, 2, "use crypto:crypto_update/2 instead"},
{stream_decrypt, 2, "use crypto:crypto_update/2 instead"},
{block_encrypt, 3, "use crypto:crypto_one_time/4 or crypto:crypto_init/3 + "
"crypto:crypto_update/2 + crypto:crypto_final/1 instead"},
{block_encrypt, 4, "use crypto:crypto_one_time/5, crypto:crypto_one_time_aead/6,7 "
"or crypto:crypto_init + "
"crypto:crypto_update + crypto:crypto_final instead"},
{block_decrypt, 3, "use crypto:crypto_one_time/4 or crypto:crypto_init/3 + "
"crypto:crypto_update/2 + crypto:crypto_final/1 instead"},
{block_decrypt, 4, "use crypto:crypto_one_time/5, crypto:crypto_one_time_aead/6,7 "
"or crypto:crypto_init + "
"crypto:crypto_update + crypto:crypto_final instead"}
]).
-removed_type([{retired_cbc_cipher_aliases, 0, "Use aes_*_cbc or des_ede3_cbc"},
{retired_cfb_cipher_aliases, 0, "Use aes_*_cfb8, aes_*_cfb128 or des_ede3_cfb"},
{retired_ctr_cipher_aliases, 0, "Use aes_*_ctr"},
{retired_ecb_cipher_aliases, 0, "Use aes_*_ecb"},
{stream_state, 0, "see the 'New and Old API' chapter of the CRYPTO User's guide"},
{hmac_state, 0, "see the 'New and Old API' chapter of the CRYPTO User's guide"}
]).
%%%----------------------------------------------------------------
%% New interface
-export([crypto_init/4, crypto_init/3,
crypto_update/2,
crypto_one_time/4, crypto_one_time/5,
crypto_one_time_aead/6, crypto_one_time_aead/7,
crypto_final/1,
crypto_get_data/1,
hash_equals/2,
supports/1,
mac/3, mac/4, macN/4, macN/5,
mac_init/2, mac_init/3, mac_update/2, mac_final/1, mac_finalN/2
]).
%%%----------------------------------------------------------------
%% Engine
-export([
engine_get_all_methods/0,
engine_load/3,
engine_load/4,
engine_unload/1,
engine_unload/2,
engine_by_id/1,
engine_list/0,
engine_ctrl_cmd_string/3,
engine_ctrl_cmd_string/4,
engine_add/1,
engine_remove/1,
engine_register/2,
engine_unregister/2,
engine_get_id/1,
engine_get_name/1,
ensure_engine_loaded/2,
ensure_engine_loaded/3,
ensure_engine_unloaded/1,
ensure_engine_unloaded/2
]).
-nifs([info_nif/0, info_lib/0, info_fips/0, enable_fips_mode_nif/1,
hash_algorithms/0, pubkey_algorithms/0, cipher_algorithms/0,
mac_algorithms/0, curve_algorithms/0, rsa_opts_algorithms/0,
hash_info/1, hash_nif/2, hash_init_nif/1, hash_update_nif/2,
hash_final_nif/1, hash_final_xof_nif/2, mac_nif/4, mac_init_nif/3, mac_update_nif/2,
mac_final_nif/1, cipher_info_nif/1, ng_crypto_init_nif/4,
ng_crypto_update_nif/2, ng_crypto_final_nif/1,
ng_crypto_get_data_nif/1, ng_crypto_one_time_nif/5,
strong_rand_bytes_nif/1, strong_rand_range_nif/1, rand_uniform_nif/2,
mod_exp_nif/4, do_exor/2, hash_equals_nif/2, pbkdf2_hmac_nif/5,
pkey_sign_nif/5, pkey_verify_nif/6, pkey_crypt_nif/6,
rsa_generate_key_nif/2, dh_generate_key_nif/4, dh_compute_key_nif/3,
evp_compute_key_nif/3, evp_generate_key_nif/2, privkey_to_pubkey_nif/2,
srp_value_B_nif/5, srp_user_secret_nif/7, srp_host_secret_nif/5,
ec_generate_key_nif/2, ecdh_compute_key_nif/3, rand_seed_nif/1,
aead_cipher_nif/7, engine_by_id_nif/1, engine_init_nif/1,
engine_free_nif/1, engine_load_dynamic_nif/0,
engine_ctrl_cmd_strings_nif/3, engine_register_nif/2,
engine_unregister_nif/2, engine_add_nif/1, engine_remove_nif/1,
engine_get_first_nif/0, engine_get_next_nif/1, engine_get_id_nif/1,
engine_get_name_nif/1, engine_get_all_methods_nif/0,
ensure_engine_loaded_nif/2
]).
-export_type([ %% A minimum exported: only what public_key needs.
dh_private/0,
dh_public/0,
dss_digest_type/0,
ec_named_curve/0,
ecdsa_digest_type/0,
pk_encrypt_decrypt_opts/0,
pk_sign_verify_opts/0,
rsa_digest_type/0,
sha1/0,
sha2/0
]).
-export_type([engine_ref/0,
key_id/0,
password/0
]).
%%% Opaque types must be exported :(
-export_type([
hash_state/0,
crypto_state/0,
mac_state/0
]).
%% Private. For tests.
-export([packed_openssl_version/4, engine_methods_convert_to_bitmask/2,
get_test_engine/0]).
-export([rand_plugin_aes_jump_2pow20/1]).
-deprecated({rand_uniform, 2, "use rand:uniform/1 instead"}).
%% This should correspond to the similar macro in crypto.c
-define(MAX_BYTES_TO_NIF, 20000). %% Current value is: erlang:system_info(context_reductions) * 10
%% Used by strong_rand_float/0
-define(HALF_DBL_EPSILON, 1.1102230246251565e-16). % math:pow(2, -53)
%%% ===== BEGIN NEW TYPING ====
%%% Basic
-doc "Always `t:binary/0` when used as return value".
-doc(#{title => <<"Keys">>}).
-type key_integer() :: integer() | binary(). % Always binary() when used as return value
%%% Keys
-doc(#{title => <<"Public/Private Keys">>,equiv => rsa_params()}).
-type rsa_public() :: [key_integer()] . % [E, N]
-doc(#{title => <<"Public/Private Keys">>,equiv => rsa_params()}).
-type rsa_private() :: [key_integer()] . % [E, N, D] | [E, N, D, P1, P2, E1, E2, C]
-doc """
```text
rsa_public() = [E, N]
```
```erlang
rsa_private() = [E, N, D] | [E, N, D, P1, P2, E1, E2, C]
```
Where E is the public exponent, N is public modulus and D is the private
exponent. The longer key format contains redundant information that will make
the calculation faster. P1 and P2 are first and second prime factors. E1 and E2
are first and second exponents. C is the CRT coefficient. The terminology is
taken from [RFC 3447](http://www.ietf.org/rfc/rfc3447.txt).
""".
-doc(#{title => <<"Public/Private Keys">>}).
-type rsa_params() :: {ModulusSizeInBits::integer(), PublicExponent::key_integer()} .
-doc(#{title => <<"Public/Private Keys">>,equiv => dss_private()}).
-type dss_public() :: [key_integer()] . % [P, Q, G, Y]
-doc """
```text
dss_public() = [P, Q, G, Y]
```
Where P, Q and G are the dss parameters and Y is the public key.
```text
dss_private() = [P, Q, G, X]
```
Where P, Q and G are the dss parameters and X is the private key.
""".
-doc(#{title => <<"Public/Private Keys">>}).
-type dss_private() :: [key_integer()] . % [P, Q, G, X]
-doc(#{title => <<"Public/Private Keys">>,equiv => ecdsa_params()}).
-type ecdsa_public() :: key_integer() .
-doc(#{title => <<"Public/Private Keys">>,equiv => ecdsa_params()}).
-type ecdsa_private() :: key_integer() .
-doc(#{title => <<"Public/Private Keys">>}).
-type ecdsa_params() :: ec_named_curve() | ec_explicit_curve() .
-doc(#{title => <<"Public/Private Keys">>,equiv => eddsa_params()}).
-type eddsa_public() :: key_integer() .
-doc(#{title => <<"Public/Private Keys">>,equiv => eddsa_params()}).
-type eddsa_private() :: key_integer() .
-doc(#{title => <<"Public/Private Keys">>}).
-type eddsa_params() :: edwards_curve_ed() .
-doc(#{title => <<"Public/Private Keys">>,equiv => srp_private()}).
-type srp_public() :: key_integer() .
-doc """
```text
srp_public() = key_integer()
```
Where is `A` or `B` from [SRP design](http://srp.stanford.edu/design.html)
```text
srp_private() = key_integer()
```
Where is `a` or `b` from [SRP design](http://srp.stanford.edu/design.html)
""".
-doc(#{title => <<"Public/Private Keys">>}).
-type srp_private() :: key_integer() .
-doc(#{title => <<"Public/Private Keys">>,
equiv => srp_host_comp_params()}).
-type srp_gen_params() :: {user,srp_user_gen_params()} | {host,srp_host_gen_params()}.
-doc(#{title => <<"Public/Private Keys">>,
equiv => srp_host_comp_params()}).
-type srp_comp_params() :: {user,srp_user_comp_params()} | {host,srp_host_comp_params()}.
-doc(#{title => <<"Public/Private Keys">>,
equiv => srp_host_comp_params()}).
-type srp_user_gen_params() :: list(binary() | atom() | list()) .
-doc(#{title => <<"Public/Private Keys">>,
equiv => srp_host_comp_params()}).
-type srp_host_gen_params() :: list(binary() | atom() | list()) .
-doc(#{title => <<"Public/Private Keys">>,
equiv => srp_host_comp_params()}).
-type srp_user_comp_params() :: list(binary() | atom()) .
-doc """
Where Verifier is `v`, Generator is `g` and Prime is` N`, DerivedKey is `X`, and
Scrambler is `u` (optional will be generated if not provided) from
[SRP design](http://srp.stanford.edu/design.html) Version = '3' | '6' | '6a'
""".
-doc(#{title => <<"Public/Private Keys">>}).
-type srp_host_comp_params() :: list(binary() | atom()) .
-doc(#{title => <<"Diffie-Hellman Keys and parameters">>,
equiv => dh_private()}).
-type dh_public() :: key_integer() .
-doc(#{title => <<"Diffie-Hellman Keys and parameters">>}).
-type dh_private() :: key_integer() .
-doc """
```text
dh_params() = [P, G] | [P, G, PrivateKeyBitLength]
```
""".
-doc(#{title => <<"Diffie-Hellman Keys and parameters">>}).
-type dh_params() :: [key_integer()] . % [P, G] | [P, G, PrivateKeyBitLength]
-doc(#{title => <<"Diffie-Hellman Keys and parameters">>,
equiv => ecdh_params()}).
-type ecdh_public() :: key_integer() .
-doc(#{title => <<"Diffie-Hellman Keys and parameters">>,
equiv => ecdh_params()}).
-type ecdh_private() :: key_integer() .
-doc(#{title => <<"Diffie-Hellman Keys and parameters">>}).
-type ecdh_params() :: ec_named_curve() | edwards_curve_dh() | ec_explicit_curve() .
%%% Curves
-doc(#{title => <<"Elliptic Curves">>,equiv => ec_curve()}).
-type ec_explicit_curve() :: {Field :: ec_field(),
Curve :: ec_curve(),
BasePoint :: binary(),
Order :: binary(),
CoFactor :: none | % FIXME: Really?
binary()
} .
-doc "Parametric curve definition.".
-doc(#{title => <<"Elliptic Curves">>}).
-type ec_curve() :: {A :: binary(),
B :: binary(),
Seed :: none | binary()
} .
-doc(#{title => <<"Elliptic Curves">>,equiv => ec_curve()}).
-type ec_field() :: ec_prime_field() | ec_characteristic_two_field() .
-doc(#{title => <<"Elliptic Curves">>,equiv => ec_basis()}).
-type ec_prime_field() :: {prime_field, Prime :: integer()} .
-doc(#{title => <<"Elliptic Curves">>,equiv => ec_basis()}).
-type ec_characteristic_two_field() :: {characteristic_two_field, M :: integer(), Basis :: ec_basis()} .
-doc "Curve definition details.".
-doc(#{title => <<"Elliptic Curves">>}).
-type ec_basis() :: {tpbasis, K :: non_neg_integer()}
| {ppbasis, K1 :: non_neg_integer(), K2 :: non_neg_integer(), K3 :: non_neg_integer()}
| onbasis .
-doc(#{title => <<"Elliptic Curves">>,equiv => edwards_curve_ed()}).
-type ec_named_curve() :: brainpoolP160r1
| brainpoolP160t1
| brainpoolP192r1
| brainpoolP192t1
| brainpoolP224r1
| brainpoolP224t1
| brainpoolP256r1
| brainpoolP256t1
| brainpoolP320r1
| brainpoolP320t1
| brainpoolP384r1
| brainpoolP384t1
| brainpoolP512r1
| brainpoolP512t1
| c2pnb163v1
| c2pnb163v2
| c2pnb163v3
| c2pnb176v1
| c2pnb208w1
| c2pnb272w1
| c2pnb304w1
| c2pnb368w1
| c2tnb191v1
| c2tnb191v2
| c2tnb191v3
| c2tnb239v1
| c2tnb239v2
| c2tnb239v3
| c2tnb359v1
| c2tnb431r1
| ipsec3
| ipsec4
| prime192v1
| prime192v2
| prime192v3
| prime239v1
| prime239v2
| prime239v3
| prime256v1
| secp112r1
| secp112r2
| secp128r1
| secp128r2
| secp160k1
| secp160r1
| secp160r2
| secp192k1
| secp192r1
| secp224k1
| secp224r1
| secp256k1
| secp256r1
| secp384r1
| secp521r1
| sect113r1
| sect113r2
| sect131r1
| sect131r2
| sect163k1
| sect163r1
| sect163r2
| sect193r1
| sect193r2
| sect233k1
| sect233r1
| sect239k1
| sect283k1
| sect283r1
| sect409k1
| sect409r1
| sect571k1
| sect571r1
| wtls1
| wtls10
| wtls11
| wtls12
| wtls3
| wtls4
| wtls5
| wtls6
| wtls7
| wtls8
| wtls9
.
-doc(#{title => <<"Elliptic Curves">>,equiv => edwards_curve_ed()}).
-type edwards_curve_dh() :: x25519 | x448 .
-doc(#{title => <<"Utility functions">>}).
-doc "Note that some curves are disabled if FIPS is enabled.".
-doc(#{title => <<"Elliptic Curves">>}).
-type edwards_curve_ed() :: ed25519 | ed448 .
%%%----------------------------------------------------------------
%%% New cipher schema
%%%
-doc(#{title => <<"Ciphers">>}).
-type cipher() :: cipher_no_iv()
| cipher_iv()
| cipher_aead() .
-doc(#{title => <<"Ciphers">>}).
-type cipher_no_iv() :: aes_128_ecb
| aes_192_ecb
| aes_256_ecb
| aes_ecb
| blowfish_ecb
| des_ecb
| sm4_ecb
| rc4 .
-doc(#{title => <<"Ciphers">>}).
-type cipher_iv() :: aes_128_cbc
| aes_192_cbc
| aes_256_cbc
| aes_cbc
| aes_128_ofb
| aes_192_ofb
| aes_256_ofb
| aes_128_cfb128
| aes_192_cfb128
| aes_256_cfb128
| aes_cfb128
| aes_128_cfb8
| aes_192_cfb8
| aes_256_cfb8
| aes_cfb8
| aes_128_ctr
| aes_192_ctr
| aes_256_ctr
| aes_ctr
| sm4_cbc
| sm4_ofb
| sm4_cfb
| sm4_ctr
| blowfish_cbc
| blowfish_cfb64
| blowfish_ofb64
| chacha20
| des_ede3_cbc
| des_ede3_cfb
| des_cbc
| des_cfb
| rc2_cbc .
-doc """
Ciphers known by the CRYPTO application.
Note that this list might be reduced if the underlying libcrypto does not
support all of them.
""".
-doc(#{title => <<"Ciphers">>}).
-type cipher_aead() :: aes_128_ccm
| aes_192_ccm
| aes_256_ccm
| aes_ccm
| aes_128_gcm
| aes_192_gcm
| aes_256_gcm
| aes_gcm
| sm4_gcm
| sm4_ccm
| chacha20_poly1305 .
%%%----------------------------------------------------------------
-doc(#{title => <<"Digests and hash">>}).
-type rsa_digest_type() :: sha1() | sha2() | md5 | ripemd160 .
-doc(#{title => <<"Digests and hash">>}).
-type dss_digest_type() :: sha1() | sha2() .
-doc(#{title => <<"Digests and hash">>}).
-type ecdsa_digest_type() :: sha1() | sha2() .
-doc(#{title => <<"Digests and hash">>,equiv => blake2()}).
-type sha1() :: sha .
-doc(#{title => <<"Digests and hash">>,equiv => blake2()}).
-type sha2() :: sha224 | sha256 | sha384 | sha512 .
-doc(#{title => <<"Digests and hash">>,equiv => blake2()}).
-type sha3() :: sha3_224 | sha3_256 | sha3_384 | sha3_512 .
-doc(#{title => <<"Digests and hash">>,equiv => blake2()}).
-type sha3_xof() :: shake128 | shake256 .
-doc(#{title => <<"Digests and hash">>}).
-type blake2() :: blake2b | blake2s .
-doc """
The `t:compatibility_only_hash/0` algorithms are recommended only for
compatibility with existing applications.
""".
-doc(#{title => <<"Digests and hash">>}).
-type compatibility_only_hash() :: md5 | md4 .
-type crypto_integer() :: binary() | integer().
%% %%%--------------------------------------------------------------------
%% %%% Exceptions
%% %%%
%% %% Exceptions
%% %% error:badarg
%% %% error:notsup
%% -type run_time_error() :: badarg | notsup.
%% %% Exceptions
%% %% error:{badarg, file_line_info, Reason::term()}
%% %% error:{notsup,Reason::term()}
%% %% error:{error,Reason::term()}
%% -type descriptive_error() :: {badarg | notsup | error, FileLineInfo::any, Reason::string()}.
%%--------------------------------------------------------------------
%% Compilation and loading
%%--------------------------------------------------------------------
-compile(no_native).
-on_load(on_load/0).
-define(CRYPTO_NIF_VSN,302).
%%--------------------------------------------------------------------
%% When generating documentation from crypto.erl, the macro ?CRYPTO_VSN is not defined.
%% That causes the doc generation to stop...
-ifndef(CRYPTO_VSN).
-define(CRYPTO_VSN, "??").
-endif.
%%--------------------------------------------------------------------
%% Call a nif and handle an error exceptions to fit into the error handling
%% in the Erlang shell.
%% If not called from a shell, an error exception will be propagated.
-define(nif_call(Call), ?nif_call(Call, undefined, {})).
-define(nif_call(Call, ArgMap), ?nif_call(Call, undefined, ArgMap)).
-define(nif_call(Call, Args0, ArgMap),
try Call
catch
error
: {Id, #{c_file_name := C_file,
c_file_line_num := C_line,
c_function_arg_num := ArgNum}, Msg}
: Stack when is_list(C_file),
is_integer(C_line),
is_integer(ArgNum) ->
error({Id, {C_file,C_line}, Msg},
err_find_args(Args0, Stack),
[{error_info, #{erl_function_arg_num => err_remap_C_argnum(ArgNum, ArgMap)}}]
)
end).
%%--------------------------------------------------------------------
%% Error if the crypto nifs not are loaded
-define(nif_stub,nif_stub_error(?LINE)).
nif_stub_error(Line) ->
erlang:nif_error({nif_not_loaded,module,?MODULE,line,Line}).
%%--------------------------------------------------------------------
%%% API
%%--------------------------------------------------------------------
-doc false.
version() ->
?CRYPTO_VSN.
-doc false.
format_error({Ex, {C_file,C_line}, Msg}, [{_M,_F,_Args,Opts} | _CallStack]) when Ex == badarg ;
Ex == notsup ->
case proplists:get_value(error_info, Opts) of
#{erl_function_arg_num := ErlArgNum} ->
FileMsg =
io_lib:format("(Found in the internal file ~s at line ~p)", [C_file, C_line]),
case ErlArgNum of
undefined ->
#{general => [Msg," ",FileMsg]};
N ->#{N => Msg,
general => FileMsg
}
end
end.
-doc(#{title => <<"Utility Functions">>}).
-doc """
Use [`application:start(crypto)`](`application:start/1`) instead.
> #### Warning {: .warning }
>
> This function does not work if FIPS mode is to be enabled. FIPS mode will be
> disabled even if configuration parameter `fips_mode` is set to `true`. Use
> [`application:start(crypto)`](`application:start/1`) instead.
""".
-spec start() -> ok | {error, Reason::term()}.
start() ->
application:start(crypto).
-doc(#{title => <<"Utility Functions">>}).
-doc "Use [`application:stop(crypto)`](`application:stop/1`) instead.".
-spec stop() -> ok | {error, Reason::term()}.
stop() ->
application:stop(crypto).
-doc false.
-spec supports() -> [Support]
when Support :: {hashs, Hashs}
| {ciphers, Ciphers}
| {public_keys, PKs}
| {macs, Macs}
| {curves, Curves}
| {rsa_opts, RSAopts},
Hashs :: [sha1() | sha2() | sha3() | sha3_xof() | blake2() | ripemd160 | sm3 | compatibility_only_hash()],
Ciphers :: [cipher()],
PKs :: [rsa | dss | ecdsa | dh | ecdh | eddh | ec_gf2m],
Macs :: [hmac | cmac | poly1305],
Curves :: [ec_named_curve() | edwards_curve_dh() | edwards_curve_ed()],
RSAopts :: [rsa_sign_verify_opt() | rsa_opt()] .
supports() ->
[{hashs, supports(hashs)},
{ciphers, supports(ciphers)}
| [{T,supports(T)} || T <- [public_keys,
macs,
curves,
rsa_opts]
]
].
-doc """
Get which crypto algorithms that are supported by the underlying libcrypto
library.
See `hash_info/1` and `cipher_info/1` for information about the hash and cipher
algorithms.
""".
-doc(#{since => <<"OTP 22.0">>}).
-spec supports(Type) -> Support
when Type :: hashs
| ciphers
| public_keys
| macs
| curves
| rsa_opts,
Support :: Hashs
| Ciphers
| PKs
| Macs
| Curves
| RSAopts,
Hashs :: [sha1() | sha2() | sha3() | sha3_xof() | blake2() | ripemd160 | compatibility_only_hash()],
Ciphers :: [cipher()],
PKs :: [rsa | dss | ecdsa | dh | ecdh | eddh | ec_gf2m],
Macs :: [hmac | cmac | poly1305],
Curves :: [ec_named_curve() | edwards_curve_dh() | edwards_curve_ed()],
RSAopts :: [rsa_sign_verify_opt() | rsa_opt()] .
-define(CURVES, '$curves$').
-doc(#{title => <<"Utility Functions">>}).
supports(hashs) -> hash_algorithms();
supports(public_keys) -> pubkey_algorithms();
supports(ciphers) -> add_cipher_aliases(cipher_algorithms());
supports(macs) -> mac_algorithms();
supports(curves) -> curve_algorithms();
supports(rsa_opts) -> rsa_opts_algorithms().
-doc(#{title => <<"Utility Functions">>}).
-doc """
Get the name and version of the libraries used by crypto.
`Name` is the name of the library. `VerNum` is the numeric version according to
the library's own versioning scheme. `VerStr` contains a text variant of the
version.
```erlang
> info_lib().
[{<<"OpenSSL">>,269484095,<<"OpenSSL 1.1.0c 10 Nov 2016"">>}]
```
> #### Note {: .info }
>
> From OTP R16 the _numeric version_ represents the version of the OpenSSL
> _header files_ (`openssl/opensslv.h`) used when crypto was compiled. The text
> variant represents the libcrypto library used at runtime. In earlier OTP
> versions both numeric and text was taken from the library.
""".
-spec info_lib() -> [{Name,VerNum,VerStr}] when Name :: binary(),
VerNum :: integer(),
VerStr :: binary() .
info_lib() -> ?nif_stub.
-doc(#{title => <<"Utility Functions">>}).
-doc """
Get information about crypto and the OpenSSL backend.
Returns a map with information about the compilation and linking of crypto.
Example:
```erlang
1> crypto:info().
#{compile_type => normal,
cryptolib_version_compiled => "OpenSSL 3.0.0 7 sep 2021",
cryptolib_version_linked => "OpenSSL 3.0.0 7 sep 2021",
link_type => dynamic,
otp_crypto_version => "5.0.2"}
2>
```
More association types than documented may be present in the map.
""".
-doc(#{title => <<"Utility Functions">>,
since => <<"OTP 24.2">>}).
-spec info() -> #{compile_type := normal | debug | valgrind | asan,
cryptolib_version_compiled => string() | undefined,
cryptolib_version_linked := string(),
link_type := dynamic | static,
otp_crypto_version := string()
}.
info() ->
(info_nif())#{otp_crypto_version => crypto:version()}.
info_nif() -> ?nif_stub.
-doc """
Get information about the operating status of FIPS.
Returns the FIPS operating status of crypto and the underlying libcrypto
library. If crypto was built with FIPS support this can be either `enabled`
(when running in FIPS mode) or `not_enabled`. For other builds
this value is always `not_supported`.
See `enable_fips_mode/1` about how to enable FIPS mode.
> #### Warning {: .warning }
>
> In FIPS mode all non-FIPS compliant algorithms are disabled and raise
> exception `error:notsup`. Check [supports(ciphers)](`supports/1`) that in FIPS
> mode returns the restricted list of available algorithms.
""".
-doc(#{title => <<"Utility Functions">>,
since => <<"OTP 20.0">>}).
-spec info_fips() -> not_supported | not_enabled | enabled.
info_fips() -> ?nif_stub.
-doc """
Enable or disable FIPs mode.
Argument `Enable` should be `true` to enable and `false` to disable FIPS mode.
Returns `true` if the operation was successful or `false` otherwise.
Note that to enable FIPS mode successfully, OTP must be built with the configure
option `--enable-fips`, and the underlying libcrypto must also support FIPS.
See also `info_fips/0`.
""".
-doc(#{title => <<"Utility Functions">>,
since => <<"OTP 21.1">>}).
-spec enable_fips_mode(Enable) -> Result when Enable :: boolean(),
Result :: boolean().
enable_fips_mode(Enable) ->
enable_fips_mode_nif(Enable).
enable_fips_mode_nif(_) -> ?nif_stub.
-doc(#{title => <<"MAC API">>}).
-doc """
PKCS #5 PBKDF2 (Password-Based Key Derivation Function 2) in combination with
HMAC.
Uses the [3-tuple style](`m:crypto#error_3tup`) for error handling.
""".
-doc(#{title => <<"Engine API">>,since => <<"OTP 24.2">>}).
-spec pbkdf2_hmac(Digest, Pass, Salt, Iter, KeyLen) -> Result
when Digest :: sha | sha224 | sha256 | sha384 | sha512,
Pass :: binary(),
Salt :: binary(),
Iter :: pos_integer(),
KeyLen :: pos_integer(),
Result :: binary().
pbkdf2_hmac(Digest, Pass, Salt, Iter, KeyLen) ->
?nif_call(pbkdf2_hmac_nif(Digest, Pass, Salt, Iter, KeyLen)).
pbkdf2_hmac_nif(_, _, _, _, _) -> ?nif_stub.
%%%================================================================
%%%
%%% Hashing
%%%
%%%================================================================