1 files changed, 244 insertions, 0 deletions

diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 6b9b2ef207..e0617e33b2 100755..100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -63,6 +63,20 @@
       <item>
         <p>dss: Digital Signature Standard (FIPS 186-2)</p>
       </item>
+      <item>
+        <p>ecdsa: "Public Key Cryptography for the Financial
+          Services Industry: The Elliptic Curve Digital
+          Signature Standard (ECDSA)", November, 2005.</p>
+      </item>
+      <item>
+        <p>ec: Standards for Efficient Cryptography Group (SECG), "SEC 1:
+          Elliptic Curve Cryptography", Version 1.0, September 2000.</p>
+      </item>
+      <item>
+        <p>ecdsa: American National Standards Institute (ANSI),
+	  ANS X9.62-2005: The Elliptic Curve Digital Signature
+          Algorithm (ECDSA), 2005.</p>
+      </item>
     </list>
     <p>The above publications can be found at <url href="http://csrc.nist.gov/publications">NIST publications</url>, at <url href="http://www.ietf.org">IETF</url>.
       </p>
@@ -99,6 +113,14 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
       </desc>
     </func>
     <func>
+      <name>algorithms() -> [atom()]</name>
+      <fsummary>Provide a list of available crypto algorithms.</fsummary>
+      <desc>
+        <p>Provides the available crypto algorithms in terms of a list
+          of atoms.</p>
+      </desc>
+    </func>
+    <func>
       <name>info_lib() -> [{Name,VerNum,VerStr}]</name>
       <fsummary>Provides information about the libraries used by crypto.</fsummary>
       <type>
@@ -1256,6 +1278,205 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
       </desc>
     </func>
    
+    <func>
+      <name>srp_mod_exp(Generator, Exponent, Prime) -> Result</name>
+      <fsummary>Computes the SRP-SHA function: g^x % N</fsummary>
+      <type>
+	<v>Generator, Exponent, Prime = binary()</v>
+	<v>Result = binary() | error</v>
+      </type>
+      <desc>
+	<p>Computes the SRP-SHA function g^x % N used for the verifier and client public key (RFC-2945, Sect. 3)
+	</p>
+      </desc>
+    </func>
+
+    <func>
+      <name>srp_value_B(Multiplier, Verifier, Generator, Exponent, Prime) -> ValueB</name>
+      <fsummary>Computes the SRP function: B = k*v + g^b % N</fsummary>
+      <type>
+	<v>Verifier (v), Generator (g), Exponent (b), Prime (N), ValueB (B) = binary()</v>
+	<v>Multiplier (k) = integer() | binary()</v>
+      </type>
+      <desc>
+	<p>Computes the SRP value B according to RFC-2945, Sect. 3 and RFC-5054, Sect. 2.5.3</p>
+	<p>B = k*v + g^b % N</p>
+      </desc>
+    </func>
+
+    <func>
+      <name>srp_client_secret(A, U, B, Multiplier, Generator, Exponent, Prime) -> Secret</name>
+      <fsummary>Computes the SRP client secret</fsummary>
+      <type>
+	<v>A (a), U (u), B, Multiplier (k), Generator (g), Exponent (x), Prime (N), Secret = binary()</v>
+	<v>Multiplier (k) = integer() | binary()</v>
+      </type>
+      <desc>
+	<p>Computes the SRP client secret according to RFC-2945, Sect. 3 and RFC-5054, Sect. 2.6</p>
+        <p>Secret = (B - (k * g^x)) ^ (a + (u * x)) % N</p>
+      </desc>
+    </func>
+
+    <func>
+      <name>srp_server_secret(Verifier, B, U, A, Prime) -> Secret</name>
+      <fsummary>Computes the SRP host secret</fsummary>
+      <type>
+	<v>Verifier (v), B (b), U (u), A, Prime (N), Secret = binary()</v>
+      </type>
+      <desc>
+	<p>Computes the SRP host secret according to RFC-2945, Sect. 3 and RFC-5054, Sect. 2.6</p>
+        <p>Secret = (A * v^u) ^ b % N</p>
+      </desc>
+    </func>
+
+    <func>
+      <name>srp3_value_u(B) -> Result</name>
+      <fsummary>Computes the SRP3-SHA value u</fsummary>
+      <type>
+	<v>B = binary()</v>
+	<v>Result = integer()</v>
+      </type>
+      <desc>
+	<p>Computes the SRP-3 value u according to RFC-2945, Sect. 3 
+	</p>
+      </desc>
+    </func>
+
+    <func>
+      <name>srp6_value_u(A, B, Prime) -> Result</name>
+      <fsummary>Computes the SRP6a value u as u = SHA1(PAD(A) | PAD(B))</fsummary>
+      <type>
+	<v>A, B, Prime = binary()</v>
+	<v>Result = integer()</v>
+      </type>
+      <desc>
+	<p>Computes the SRP-6 value u according to RFC-5054, Sect. 2.6
+	</p>
+      </desc>
+    </func>
+
+    <func>
+      <name>srp6a_multiplier(Generator, Prime) -> Result</name>
+      <fsummary>Computes the SRP-SHA function: k = SHA1(N | PAD(g))</fsummary>
+      <type>
+	<v>Generator, Prime = binary()</v>
+	<v>Result = integer()</v>
+      </type>
+      <desc>
+	<p>Computes the SRP-6a function SHA1(N | PAD(g)) as the multiplier
+	</p>
+      </desc>
+    </func>
+
+    <func>
+      <name>ec_key_new(NamedCurve) -> ECKey</name>
+      <type>
+	<v>NamedCurve = atom()</v>
+	<v>ECKey = EC key resource()</v>
+      </type>
+      <desc>
+	<p>Generate an new EC key from the named curve. The private key
+	  will be initialized with random data.
+	</p>
+      </desc>
+    </func>
+
+    <func>
+      <name>ec_key_generate(ECKey) -> ok | error</name>
+      <type>
+	<v>ECKey = EC key resource()</v>
+      </type>
+      <desc>
+	<p>Fills in the public key if only the private key is known or generates
+	  a new private/public key pair if only the curve parameters are known.
+	</p>
+      </desc>
+     </func>
+
+    <func>
+      <name>ec_key_to_term(ECKey) -> ECKeyTerm.</name>
+      <type>
+	<v>ECKey = EC key resource()</v>
+	<v>ECKeyTerm = EC key as Erlang term</v>
+      </type>
+      <desc>
+	<p>Convert a EC key from a NIF resource into an Erlang term.
+	</p>
+      </desc>
+    </func>
+
+    <func>
+      <name>term_to_ec_key(ECKeyTerm) -> ECKey</name>
+      <type>
+	<v>ECKeyTerm = EC key as Erlang term</v>
+	<v>ECKey = EC key resource()</v>
+      </type>
+      <desc>
+	<p>Convert a EC key an Erlang term into a NIF resource.
+	</p>
+      </desc>
+    </func>
+
+    <func>
+      <name>ecdsa_sign(DataOrDigest, ECKey) -> Signature</name>
+      <name>ecdsa_sign(DigestType, DataOrDigest, ECKey) -> Signature</name>
+      <fsummary>Sign the data using ecdsa with the given key.</fsummary>
+      <type>
+        <v>DataOrDigest = Data | {digest,Digest}</v>
+        <v>Data = Mpint</v>
+	<v>Digest = binary()</v>
+	<v>ECKey = EC key resource()</v>
+	<v>DigestType = md5 | sha | sha256 | sha384 | sha512</v>
+	<d>The default <c>DigestType</c> is sha.</d>
+        <v>Mpint = binary()</v>
+        <v>Signature = binary()</v>
+      </type>
+      <desc>
+        <p>Creates a ESDSA signature with the private key <c>Key</c>
+	  of a digest. The digest is either calculated as a
+	  <c>DigestType</c> digest of <c>Data</c> or a precalculated
+	  binary <c>Digest</c>.</p>
+      </desc>
+    </func>
+
+    <func>
+      <name>ecdsa_verify(DataOrDigest, Signature, ECKey) -> Verified</name>
+      <name>ecdsa_verify(DigestType, DataOrDigest, Signature, ECKey) -> Verified </name>
+      <fsummary>Verify the digest and signature using ecdsa with given public key.</fsummary>
+      <type>
+        <v>Verified = boolean()</v>
+	<v>DataOrDigest = Data | {digest|Digest}</v>
+        <v>Data, Signature = Mpint</v>
+	<v>Digest = binary()</v>
+	<v>ECKey = EC key resource()</v>
+	<v>DigestType = md5 | sha | sha256 | sha384 | sha512</v>
+	<d>The default <c>DigestType</c> is sha.</d>
+        <v>Mpint = binary()</v>
+      </type>
+      <desc>
+	<p>Verifies that a digest matches the ECDSA signature using the
+          signer's public key <c>Key</c>.
+	  The digest is either calculated as a <c>DigestType</c>
+	  digest of <c>Data</c> or a precalculated binary <c>Digest</c>.</p>
+	<p>May throw exception <c>notsup</c> in case the chosen <c>DigestType</c>
+	is not supported by the underlying OpenSSL implementation.</p>
+      </desc>
+    </func>
+
+    <func>
+      <name>ecdh_compute_key(OthersPublicKey, MyPrivateKey) -> SharedSecret</name>
+      <name>ecdh_compute_key(OthersPublicKey, MyECPoint) -> SharedSecret</name>
+      <fsummary>Computes the shared secret</fsummary>
+      <type>
+	<v>OthersPublicKey, MyPrivateKey = ECKey()</v>
+	<v>MyPrivatePoint = binary()</v>
+	<v>SharedSecret = binary()</v>
+      </type>
+      <desc>
+	<p>Computes the shared secret from the private key and the other party's public key.
+	</p>
+      </desc>
+    </func>
 
     <func>
       <name>exor(Data1, Data2) -> Result</name>
@@ -1271,6 +1492,29 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
   </funcs>
 
   <section>
+    <title>Elliptic Curve Key</title>
+    <p>Elliptic Curve keys consist of the curve paramters and a the
+      private and public keys (points on the curve). Translating the
+      raw curve paraters into something usable for the underlying
+      OpenSSL implementation is a complicated process. The main cryptografic
+      functions therefore expect a NIF resource as input that contains the
+      key in an internal format. Two functions <b>ec_key_to_term/1</b>
+      and <b>term_to_ec_key</b> are provided to convert between Erlang
+      terms and the resource format</p>
+    <p><em>Key in term form</em></p>
+    <pre>
+ec_named_curve() = atom()
+ec_point() = binary()
+ec_basis() = {tpbasis, K :: non_neg_integer()} | {ppbasis, K1 :: non_neg_integer(), K2 :: non_neg_integer(), K3 :: non_neg_integer()} | onbasis
+ec_field() = {prime_field, Prime :: Mpint()} | {characteristic_two_field, M :: integer(), Basis :: ec_basis()}
+ec_prime() = {A :: Mpint(), B :: Mpint(), Seed :: binary()}
+ec_curve_spec() = {Field :: ec_field(), Prime :: ec_prime(), Point :: ec_point(), Order :: Mpint(), CoFactor :: none | Mpint()}
+ec_curve() = ec_named_curve() | ec_curve_spec()
+ec_key() = {Curve :: ec_curve(), PrivKey :: Mpint() | undefined, PubKey :: ec_point() | undefined}
+    </pre>
+  </section>
+
+  <section>
     <title>DES in CBC mode</title>
     <p>The Data Encryption Standard (DES) defines an algorithm for
       encrypting and decrypting an 8 byte quantity using an 8 byte key