[Ericsson AB]

crypto

MODULE

crypto

MODULE SUMMARY

Crypto Functions

DESCRIPTION

This module provides a set of cryptographic functions.

References:

The above publications can be found at NIST publications, at IETF.

Types

byte() = 0 ... 255
ioelem() = byte() | binary() | iolist()
iolist() = [ioelem()]
    

EXPORTS

start() -> ok

Starts the crypto server.

stop() -> ok

Stops the crypto server.

info() -> [atom()]

Provides the available crypto functions in terms of a list of atoms.

md5(Data) -> Digest

Types:

Data = iolist() | binary()
Digest = binary()

Computes an MD5 message digest from Data, where the length of the digest is 128 bits (16 bytes).

md5_init() -> Context

Types:

Context = binary()

Creates an MD5 context, to be used in subsequent calls to md5_update/2.

md5_update(Context, Data) -> NewContext

Types:

Data = iolist() | binary()
Context = NewContext = binary()

Updates an MD5 Context with Data, and returns a NewContext.

md5_final(Context) -> Digest

Types:

Context = Digest = binary()

Finishes the update of an MD5 Context and returns the computed MD5 message digest.

sha(Data) -> Digest

Types:

Data = iolist() | binary()
Digest = binary()

Computes an SHA message digest from Data, where the length of the digest is 160 bits (20 bytes).

sha_init() -> Context

Types:

Context = binary()

Creates an SHA context, to be used in subsequent calls to sha_update/2.

sha_update(Context, Data) -> NewContext

Types:

Data = iolist() | binary()
Context = NewContext = binary()

Updates an SHA Context with Data, and returns a NewContext.

sha_final(Context) -> Digest

Types:

Context = Digest = binary()

Finishes the update of an SHA Context and returns the computed SHA message digest.

md5_mac(Key, Data) -> Mac

Types:

Key = Data = iolist() | binary()
Mac = binary()

Computes an MD5 MAC message authentification code from Key and Data, where the the length of the Mac is 128 bits (16 bytes).

md5_mac_96(Key, Data) -> Mac

Types:

Key = Data = iolist() | binary()
Mac = binary()

Computes an MD5 MAC message authentification code from Key and Data, where the length of the Mac is 96 bits (12 bytes).

sha_mac(Key, Data) -> Mac

Types:

Key = Data = iolist() | binary()
Mac = binary()

Computes an SHA MAC message authentification code from Key and Data, where the length of the Mac is 160 bits (20 bytes).

sha_mac_96(Key, Data) -> Mac

Types:

Key = Data = iolist() | binary()
Mac = binary()

Computes an SHA MAC message authentification code from Key and Data, where the length of the Mac is 96 bits (12 bytes).

des_cbc_encrypt(Key, IVec, Text) -> Cipher

Types:

Key = Text = iolist() | binary()
IVec = Cipher = binary()

Encrypts Text according to DES in CBC mode. Text must be a multiple of 64 bits (8 bytes). Key is the DES key, and IVec is an arbitrary initializing vector. The lengths of Key and IVec must be 64 bits (8 bytes).

des_cbc_decrypt(Key, IVec, Cipher) -> Text

Types:

Key = Cipher = iolist() | binary()
IVec = Text = binary()

Decrypts Cipher according to DES in CBC mode. Key is the DES key, and IVec is an arbitrary initializing vector. Key and IVec must have the same values as those used when encrypting. Cipher must be a multiple of 64 bits (8 bytes). The lengths of Key and IVec must be 64 bits (8 bytes).

des3_cbc_encrypt(Key1, Key2, Key3, IVec, Text) -> Cipher

Types:

Key1 =Key2 = Key3 Text = iolist() | binary()
IVec = Cipher = binary()

Encrypts Text according to DES3 in CBC mode. Text must be a multiple of 64 bits (8 bytes). Key1, Key2, Key3, are the DES keys, and IVec is an arbitrary initializing vector. The lengths of each of Key1, Key2, Key3 and IVec must be 64 bits (8 bytes).

des3_cbc_decrypt(Key1, Key2, Key3, IVec, Cipher) -> Text

Types:

Key1 = Key2 = Key3 = Cipher = iolist() | binary()
IVec = Text = binary()

Decrypts Cipher according to DES3 in CBC mode. Key1, Key2, Key3 are the DES key, and IVec is an arbitrary initializing vector. Key1, Key2, Key3 and IVec must and IVec must have the same values as those used when encrypting. Cipher must be a multiple of 64 bits (8 bytes). The lengths of Key1, Key2, Key3, and IVec must be 64 bits (8 bytes).

aes_cfb_128_encrypt(Key, IVec, Text) -> Cipher
aes_cbc_128_encrypt(Key, IVec, Text) -> Cipher

Types:

Key = Text = iolist() | binary()
IVec = Cipher = binary()

Encrypts Text according to AES in Cipher Feedback mode (CFB) or Cipher Block Chaining mode (CBC). Text must be a multiple of 128 bits (16 bytes). Key is the AES key, and IVec is an arbitrary initializing vector. The lengths of Key and IVec must be 128 bits (16 bytes).

aes_cfb_128_decrypt(Key, IVec, Cipher) -> Text
aes_cbc_128_decrypt(Key, IVec, Cipher) -> Text

Types:

Key = Cipher = iolist() | binary()
IVec = Text = binary()

Decrypts Cipher according to Cipher Feedback Mode (CFB) or Cipher Block Chaining mode (CBC). Key is the AES key, and IVec is an arbitrary initializing vector. Key and IVec must have the same values as those used when encrypting. Cipher must be a multiple of 128 bits (16 bytes). The lengths of Key and IVec must be 128 bits (16 bytes).

erlint(Mpint) ->
mpint(N) -> Mpint

Types:

Mpint = binary()
N = integer()

Convert a binary multi-precision integer Mpint to and from an erlang big integer. A multi-precision integer is a binary with the following form: <<ByteLen:32/integer, Bytes:ByteLen/binary>> where both ByteLen and Bytes are big-endian. Mpints are used in some of the functions in crypto and are not translated in the API for performance reasons.

rand_bytes(N) -> binary()

Types:

N = integer()

Generates N bytes randomly uniform 0..255, and returns the result in a binary. Uses the crypto library pseudo-random number generator.

rand_uniform(Lo, Hi) -> N

Types:

Lo, Hi, N = Mpint | integer()
Mpint = binary()

Generate a random number N, Lo =< N < Hi. Uses the crypto library pseudo-random number generator. The arguments (and result) can be either erlang integers or binary multi-precision integers.

mod_exp(N, P, M) -> Result

Types:

N, P, M, Result = Mpint
Mpint = binary()

This function performs the exponentiation N ^ P mod M, using the crypto library.

rsa_verify(Digest, Signature, Key) -> Verified

Types:

Verified = boolean()
Digest, Signature = MPint
Key = [E, N]
E, N = MPint
MPint = binary()

Verifies the digest and signature using the public key Key, using the crypto library function for RSA signature verification.

dss_verify(Digest, Signature, Key) -> Verified

Types:

Verified = boolean()
Digest, Signature = MPint
Key = [P, Q, G, Y]
P, Q, G, Y = MPint
MPint = binary()

Verifies the digest and signature using the public key Key, using the crypto library function for DSS signature verification.

DES in CBC mode

The Data Encryption Standard (DES) defines an algoritm for encrypting and decrypting an 8 byte quantity using an 8 byte key (actually only 56 bits of the key is used).

When it comes to encrypting and decrypting blocks that are multiples of 8 bytes various modes are defined (NIST SP 800-38A). One of those modes is the Cipher Block Chaining (CBC) mode, where the encryption of an 8 byte segment depend not only of the contents of the segment itself, but also on the result of encrypting the previous segment: the encryption of the previous segment becomes the initializing vector of the encryption of the current segment.

Thus the encryption of every segment depends on the encryption key (which is secret) and the encryption of the previous segment, except the first segment which has to be provided with a first initializing vector. That vector could be chosen at random, or be counter of some kind. It does not have to be secret.

The following example is drawn from the old FIPS 81 standard (replaced by NIST SP 800-38A), where both the plain text and the resulting cipher text is settled. We use the Erlang bitsyntax to define binary literals. The following Erlang code fragment returns `true'.


      Key = <<16#01,16#23,16#45,16#67,16#89,16#ab,16#cd,16#ef>>,
      IVec = <<16#12,16#34,16#56,16#78,16#90,16#ab,16#cd,16#ef>>,
      P = "Now is the time for all ",
      C = crypto:des_cbc_encrypt(K, I, P),
      C == <<16#e5,16#c7,16#cd,16#de,16#87,16#2b,16#f2,16#7c,
             16#43,16#e9,16#34,16#00,16#8c,16#38,16#9c,16#0f,
             16#68,16#37,16#88,16#49,16#9a,16#7c,16#05,16#f6>>,
      <<"Now is the time for all ">> == 
                        crypto:des_cbc_decrypt(Key,IVec,C).

    

The following is true for the DES CBC mode. For all decompositions P1 ++ P2 = P of a plain text message P (where the length of all quantities are multiples of 8 bytes), the encryption C of P is equal to C1 ++ C2, where C1 is obtained by encrypting P1 with Key and the initializing vector IVec, and where C2 is obtained by encrypting P2 with Key and the initializing vector l(C1), where l(B) denotes the last 8 bytes of the binary B.

Similarly, for all decompositions C1 ++ C2 = C of a cipher text message C (where the length of all quantities are multiples of 8 bytes), the decryption P of C is equal to P1 ++ P2, where P1 is obtained by decrypting C1 with Key and the initializing vector IVec, and where P2 is obtained by decrypting C2 with Key and the initializing vector l(C1), where l(.) is as above.

For DES3 (which uses three 64 bit keys) the situation is the same.

AUTHORS

Peter Högfeldt - support@erlang.ericsson.se
Jakob Cederlund - support@erlang.ericsson.se

crypto 1.5
Copyright © 1991-2006 Ericsson AB