diff options
Diffstat (limited to 'lib/crypto/doc/src/crypto.xml')
-rw-r--r--[-rwxr-xr-x] | lib/crypto/doc/src/crypto.xml | 244 |
1 files changed, 244 insertions, 0 deletions
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 6b9b2ef207..e0617e33b2 100755..100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -63,6 +63,20 @@ <item> <p>dss: Digital Signature Standard (FIPS 186-2)</p> </item> + <item> + <p>ecdsa: "Public Key Cryptography for the Financial + Services Industry: The Elliptic Curve Digital + Signature Standard (ECDSA)", November, 2005.</p> + </item> + <item> + <p>ec: Standards for Efficient Cryptography Group (SECG), "SEC 1: + Elliptic Curve Cryptography", Version 1.0, September 2000.</p> + </item> + <item> + <p>ecdsa: American National Standards Institute (ANSI), + ANS X9.62-2005: The Elliptic Curve Digital Signature + Algorithm (ECDSA), 2005.</p> + </item> </list> <p>The above publications can be found at <url href="http://csrc.nist.gov/publications">NIST publications</url>, at <url href="http://www.ietf.org">IETF</url>. </p> @@ -99,6 +113,14 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]> </desc> </func> <func> + <name>algorithms() -> [atom()]</name> + <fsummary>Provide a list of available crypto algorithms.</fsummary> + <desc> + <p>Provides the available crypto algorithms in terms of a list + of atoms.</p> + </desc> + </func> + <func> <name>info_lib() -> [{Name,VerNum,VerStr}]</name> <fsummary>Provides information about the libraries used by crypto.</fsummary> <type> @@ -1256,6 +1278,205 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]> </desc> </func> + <func> + <name>srp_mod_exp(Generator, Exponent, Prime) -> Result</name> + <fsummary>Computes the SRP-SHA function: g^x % N</fsummary> + <type> + <v>Generator, Exponent, Prime = binary()</v> + <v>Result = binary() | error</v> + </type> + <desc> + <p>Computes the SRP-SHA function g^x % N used for the verifier and client public key (RFC-2945, Sect. 3) + </p> + </desc> + </func> + + <func> + <name>srp_value_B(Multiplier, Verifier, Generator, Exponent, Prime) -> ValueB</name> + <fsummary>Computes the SRP function: B = k*v + g^b % N</fsummary> + <type> + <v>Verifier (v), Generator (g), Exponent (b), Prime (N), ValueB (B) = binary()</v> + <v>Multiplier (k) = integer() | binary()</v> + </type> + <desc> + <p>Computes the SRP value B according to RFC-2945, Sect. 3 and RFC-5054, Sect. 2.5.3</p> + <p>B = k*v + g^b % N</p> + </desc> + </func> + + <func> + <name>srp_client_secret(A, U, B, Multiplier, Generator, Exponent, Prime) -> Secret</name> + <fsummary>Computes the SRP client secret</fsummary> + <type> + <v>A (a), U (u), B, Multiplier (k), Generator (g), Exponent (x), Prime (N), Secret = binary()</v> + <v>Multiplier (k) = integer() | binary()</v> + </type> + <desc> + <p>Computes the SRP client secret according to RFC-2945, Sect. 3 and RFC-5054, Sect. 2.6</p> + <p>Secret = (B - (k * g^x)) ^ (a + (u * x)) % N</p> + </desc> + </func> + + <func> + <name>srp_server_secret(Verifier, B, U, A, Prime) -> Secret</name> + <fsummary>Computes the SRP host secret</fsummary> + <type> + <v>Verifier (v), B (b), U (u), A, Prime (N), Secret = binary()</v> + </type> + <desc> + <p>Computes the SRP host secret according to RFC-2945, Sect. 3 and RFC-5054, Sect. 2.6</p> + <p>Secret = (A * v^u) ^ b % N</p> + </desc> + </func> + + <func> + <name>srp3_value_u(B) -> Result</name> + <fsummary>Computes the SRP3-SHA value u</fsummary> + <type> + <v>B = binary()</v> + <v>Result = integer()</v> + </type> + <desc> + <p>Computes the SRP-3 value u according to RFC-2945, Sect. 3 + </p> + </desc> + </func> + + <func> + <name>srp6_value_u(A, B, Prime) -> Result</name> + <fsummary>Computes the SRP6a value u as u = SHA1(PAD(A) | PAD(B))</fsummary> + <type> + <v>A, B, Prime = binary()</v> + <v>Result = integer()</v> + </type> + <desc> + <p>Computes the SRP-6 value u according to RFC-5054, Sect. 2.6 + </p> + </desc> + </func> + + <func> + <name>srp6a_multiplier(Generator, Prime) -> Result</name> + <fsummary>Computes the SRP-SHA function: k = SHA1(N | PAD(g))</fsummary> + <type> + <v>Generator, Prime = binary()</v> + <v>Result = integer()</v> + </type> + <desc> + <p>Computes the SRP-6a function SHA1(N | PAD(g)) as the multiplier + </p> + </desc> + </func> + + <func> + <name>ec_key_new(NamedCurve) -> ECKey</name> + <type> + <v>NamedCurve = atom()</v> + <v>ECKey = EC key resource()</v> + </type> + <desc> + <p>Generate an new EC key from the named curve. The private key + will be initialized with random data. + </p> + </desc> + </func> + + <func> + <name>ec_key_generate(ECKey) -> ok | error</name> + <type> + <v>ECKey = EC key resource()</v> + </type> + <desc> + <p>Fills in the public key if only the private key is known or generates + a new private/public key pair if only the curve parameters are known. + </p> + </desc> + </func> + + <func> + <name>ec_key_to_term(ECKey) -> ECKeyTerm.</name> + <type> + <v>ECKey = EC key resource()</v> + <v>ECKeyTerm = EC key as Erlang term</v> + </type> + <desc> + <p>Convert a EC key from a NIF resource into an Erlang term. + </p> + </desc> + </func> + + <func> + <name>term_to_ec_key(ECKeyTerm) -> ECKey</name> + <type> + <v>ECKeyTerm = EC key as Erlang term</v> + <v>ECKey = EC key resource()</v> + </type> + <desc> + <p>Convert a EC key an Erlang term into a NIF resource. + </p> + </desc> + </func> + + <func> + <name>ecdsa_sign(DataOrDigest, ECKey) -> Signature</name> + <name>ecdsa_sign(DigestType, DataOrDigest, ECKey) -> Signature</name> + <fsummary>Sign the data using ecdsa with the given key.</fsummary> + <type> + <v>DataOrDigest = Data | {digest,Digest}</v> + <v>Data = Mpint</v> + <v>Digest = binary()</v> + <v>ECKey = EC key resource()</v> + <v>DigestType = md5 | sha | sha256 | sha384 | sha512</v> + <d>The default <c>DigestType</c> is sha.</d> + <v>Mpint = binary()</v> + <v>Signature = binary()</v> + </type> + <desc> + <p>Creates a ESDSA signature with the private key <c>Key</c> + of a digest. The digest is either calculated as a + <c>DigestType</c> digest of <c>Data</c> or a precalculated + binary <c>Digest</c>.</p> + </desc> + </func> + + <func> + <name>ecdsa_verify(DataOrDigest, Signature, ECKey) -> Verified</name> + <name>ecdsa_verify(DigestType, DataOrDigest, Signature, ECKey) -> Verified </name> + <fsummary>Verify the digest and signature using ecdsa with given public key.</fsummary> + <type> + <v>Verified = boolean()</v> + <v>DataOrDigest = Data | {digest|Digest}</v> + <v>Data, Signature = Mpint</v> + <v>Digest = binary()</v> + <v>ECKey = EC key resource()</v> + <v>DigestType = md5 | sha | sha256 | sha384 | sha512</v> + <d>The default <c>DigestType</c> is sha.</d> + <v>Mpint = binary()</v> + </type> + <desc> + <p>Verifies that a digest matches the ECDSA signature using the + signer's public key <c>Key</c>. + The digest is either calculated as a <c>DigestType</c> + digest of <c>Data</c> or a precalculated binary <c>Digest</c>.</p> + <p>May throw exception <c>notsup</c> in case the chosen <c>DigestType</c> + is not supported by the underlying OpenSSL implementation.</p> + </desc> + </func> + + <func> + <name>ecdh_compute_key(OthersPublicKey, MyPrivateKey) -> SharedSecret</name> + <name>ecdh_compute_key(OthersPublicKey, MyECPoint) -> SharedSecret</name> + <fsummary>Computes the shared secret</fsummary> + <type> + <v>OthersPublicKey, MyPrivateKey = ECKey()</v> + <v>MyPrivatePoint = binary()</v> + <v>SharedSecret = binary()</v> + </type> + <desc> + <p>Computes the shared secret from the private key and the other party's public key. + </p> + </desc> + </func> <func> <name>exor(Data1, Data2) -> Result</name> @@ -1271,6 +1492,29 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]> </funcs> <section> + <title>Elliptic Curve Key</title> + <p>Elliptic Curve keys consist of the curve paramters and a the + private and public keys (points on the curve). Translating the + raw curve paraters into something usable for the underlying + OpenSSL implementation is a complicated process. The main cryptografic + functions therefore expect a NIF resource as input that contains the + key in an internal format. Two functions <b>ec_key_to_term/1</b> + and <b>term_to_ec_key</b> are provided to convert between Erlang + terms and the resource format</p> + <p><em>Key in term form</em></p> + <pre> +ec_named_curve() = atom() +ec_point() = binary() +ec_basis() = {tpbasis, K :: non_neg_integer()} | {ppbasis, K1 :: non_neg_integer(), K2 :: non_neg_integer(), K3 :: non_neg_integer()} | onbasis +ec_field() = {prime_field, Prime :: Mpint()} | {characteristic_two_field, M :: integer(), Basis :: ec_basis()} +ec_prime() = {A :: Mpint(), B :: Mpint(), Seed :: binary()} +ec_curve_spec() = {Field :: ec_field(), Prime :: ec_prime(), Point :: ec_point(), Order :: Mpint(), CoFactor :: none | Mpint()} +ec_curve() = ec_named_curve() | ec_curve_spec() +ec_key() = {Curve :: ec_curve(), PrivKey :: Mpint() | undefined, PubKey :: ec_point() | undefined} + </pre> + </section> + + <section> <title>DES in CBC mode</title> <p>The Data Encryption Standard (DES) defines an algorithm for encrypting and decrypting an 8 byte quantity using an 8 byte key |