diff options
author | Hans Nilsson <hans@erlang.org> | 2022-03-29 13:55:06 +0200 |
---|---|---|
committer | Hans Nilsson <hans@erlang.org> | 2022-06-17 09:14:13 +0200 |
commit | 3b24f8259a10a756dae4f3a90be53c9c2f00dcb1 (patch) | |
tree | 5d8ed19d55b1762ac1b2009c4f9fc02078af5ba0 | |
parent | dc286288c371036a46843b2a750bb1e747f0d253 (diff) | |
download | erlang-3b24f8259a10a756dae4f3a90be53c9c2f00dcb1.tar.gz |
crypto: ECDSA/ECDH curve as a 2-tuple {{..old def..}, Name} from erl to nif
To enable EC selection by name that is a requirement for FIPS
in OpenSSL 3.0
-rw-r--r-- | lib/crypto/c_src/ec.c | 15 | ||||
-rw-r--r-- | lib/crypto/c_src/ecdh.c | 2 | ||||
-rw-r--r-- | lib/crypto/src/crypto.erl | 16 |
3 files changed, 24 insertions, 9 deletions
diff --git a/lib/crypto/c_src/ec.c b/lib/crypto/c_src/ec.c index f14768d134..124582c4f8 100644 --- a/lib/crypto/c_src/ec.c +++ b/lib/crypto/c_src/ec.c @@ -35,6 +35,8 @@ int get_curve_definition(ErlNifEnv* env, ERL_NIF_TERM *ret, ERL_NIF_TERM def, const ERL_NIF_TERM *field; int f_arity = -1; BIGNUM *p = NULL; + int arity = -1; + const ERL_NIF_TERM* curve_tuple; /* Here are two random curve definition examples, one prime_field and one characteristic_two_field. Both are from the crypto/src/crypto_ec_curves.erl. @@ -66,8 +68,12 @@ int get_curve_definition(ErlNifEnv* env, ERL_NIF_TERM *ret, ERL_NIF_TERM def, }; */ + /* Separate the curve definition from the curve name */ + if (!enif_get_tuple(env, def, &arity, &curve_tuple) || (arity != 2)) + assign_goto(*ret, err, EXCP_ERROR(env, "Tuple arity 2 expected.")); + /* {Field, Prime, Point, Order, CoFactor} = CurveDef */ - if (!enif_get_tuple(env, def, &c_arity, &curve) || + if (!enif_get_tuple(env, curve_tuple[0], &c_arity, &curve) || c_arity != 5) assign_goto(*ret, err, EXCP_ERROR_N(env, 1, "Bad curve def. Expect 5-tuple.")); @@ -792,6 +798,8 @@ int get_ec_key_sz(ErlNifEnv* env, BIGNUM *priv_key = NULL; EC_POINT *pub_key = NULL; EC_GROUP *group = NULL; + int arity = -1; + const ERL_NIF_TERM* curve_tuple; if (priv != atom_undefined) { if (!get_bn_from_bin(env, priv, &priv_key)) @@ -802,7 +810,10 @@ int get_ec_key_sz(ErlNifEnv* env, goto err; } - if ((key = ec_key_new(env, curve, size)) == NULL) + if (!enif_get_tuple(env, curve, &arity, &curve_tuple) || (arity != 2)) + goto err; + + if ((key = ec_key_new(env, curve_tuple[0], size)) == NULL) goto err; if ((group = EC_GROUP_dup(EC_KEY_get0_group(key))) == NULL) diff --git a/lib/crypto/c_src/ecdh.c b/lib/crypto/c_src/ecdh.c index 96c57f18e7..7509d9cb84 100644 --- a/lib/crypto/c_src/ecdh.c +++ b/lib/crypto/c_src/ecdh.c @@ -34,7 +34,7 @@ ERL_NIF_TERM ecdh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM a # include "bn.h" ERL_NIF_TERM ecdh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) -/* (OtherPublicKey, Curve, My) */ +/* (OtherPublicKey, {CurveDef,CurveName}, My) */ { ERL_NIF_TERM ret = atom_undefined; ErlNifBinary ret_bin; diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index 7fef4351f6..e4b68da8a6 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -2314,17 +2314,21 @@ term_to_nif_curve({A, B, Seed}) -> {ensure_int_as_bin(A), ensure_int_as_bin(B), Seed}. nif_curve_params({PrimeField, Curve, BasePoint, Order, CoFactor}) -> - {term_to_nif_prime(PrimeField), - term_to_nif_curve(Curve), - ensure_int_as_bin(BasePoint), - ensure_int_as_bin(Order), - ensure_int_as_bin(CoFactor)}; + { + {term_to_nif_prime(PrimeField), + term_to_nif_curve(Curve), + ensure_int_as_bin(BasePoint), + ensure_int_as_bin(Order), + ensure_int_as_bin(CoFactor) + }, + undefined %% The curve name + }; nif_curve_params(Curve) when is_atom(Curve) -> %% named curve case Curve of x448 -> {evp,Curve}; x25519 -> {evp,Curve}; - _ -> crypto_ec_curves:curve(Curve) + _ -> {crypto_ec_curves:curve(Curve), Curve} end. |