aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lib/crypto/c_src/algorithms.c81
-rw-r--r--lib/crypto/c_src/algorithms.h7
-rw-r--r--lib/crypto/c_src/atoms.c2
-rw-r--r--lib/crypto/c_src/atoms.h1
-rw-r--r--lib/crypto/c_src/cipher.c46
-rw-r--r--lib/crypto/c_src/crypto.c7
-rw-r--r--lib/crypto/src/crypto.erl158
-rw-r--r--lib/crypto/test/crypto_SUITE.erl78
-rw-r--r--lib/ssh/src/ssh.hrl2
-rw-r--r--lib/ssh/src/ssh_sftpd.erl2
-rw-r--r--lib/ssh/src/ssh_transport.erl83
-rw-r--r--lib/ssh/test/ssh_basic_SUITE.erl2
-rw-r--r--lib/ssh/test/ssh_bench_SUITE.erl10
-rw-r--r--lib/ssh/test/ssh_chan_behaviours_SUITE.erl4
-rw-r--r--lib/ssh/test/ssh_chan_behaviours_client.erl2
-rw-r--r--lib/ssh/test/ssh_chan_behaviours_server.erl2
-rw-r--r--lib/ssh/test/ssh_compat_SUITE.erl17
-rw-r--r--lib/ssh/test/ssh_options_SUITE.erl2
-rw-r--r--lib/ssh/test/ssh_test_lib.erl4
-rw-r--r--lib/ssh/test/ssh_trpt_test_lib.erl69
20 files changed, 326 insertions, 253 deletions
diff --git a/lib/crypto/c_src/algorithms.c b/lib/crypto/c_src/algorithms.c
index 20707c0531..75cddeb1e9 100644
--- a/lib/crypto/c_src/algorithms.c
+++ b/lib/crypto/c_src/algorithms.c
@@ -255,29 +255,66 @@ void init_algorithms_types(ErlNifEnv* env)
ASSERT(algo_rsa_opts_cnt <= sizeof(algo_rsa_opts)/sizeof(ERL_NIF_TERM));
}
-ERL_NIF_TERM algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+
+ERL_NIF_TERM hash_algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{
+ unsigned int cnt =
+#ifdef FIPS_SUPPORT
+ FIPS_mode() ? algo_hash_fips_cnt :
+#endif
+ algo_hash_cnt;
+
+ return enif_make_list_from_array(env, algo_hash, cnt);
+}
+
+ERL_NIF_TERM pubkey_algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{
+ unsigned int cnt =
+#ifdef FIPS_SUPPORT
+ FIPS_mode() ? algo_pubkey_fips_cnt :
+#endif
+ algo_pubkey_cnt;
+
+ return enif_make_list_from_array(env, algo_pubkey, cnt);
+}
+
+
+ERL_NIF_TERM cipher_algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{
+ return cipher_types_as_list(env); /* Exclude old api ciphers */
+}
+
+ERL_NIF_TERM mac_algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{
+ unsigned int cnt =
+#ifdef FIPS_SUPPORT
+ FIPS_mode() ? algo_mac_fips_cnt :
+#endif
+ algo_mac_cnt;
+
+ return enif_make_list_from_array(env, algo_mac, cnt);
+}
+
+
+ERL_NIF_TERM curve_algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
{
+ unsigned int cnt =
#ifdef FIPS_SUPPORT
- int fips_mode = FIPS_mode();
+ FIPS_mode() ? algo_curve_fips_cnt :
+#endif
+ algo_curve_cnt;
+
+ return enif_make_list_from_array(env, algo_curve, cnt);
+}
+
+
+ERL_NIF_TERM rsa_opts_algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{
+ unsigned int cnt =
+#ifdef FIPS_SUPPORT
+ FIPS_mode() ? algo_rsa_opts_fips_cnt :
+#endif
+ algo_rsa_opts_cnt;
- unsigned int hash_cnt = fips_mode ? algo_hash_fips_cnt : algo_hash_cnt;
- unsigned int pubkey_cnt = fips_mode ? algo_pubkey_fips_cnt : algo_pubkey_cnt;
- unsigned int mac_cnt = fips_mode ? algo_mac_fips_cnt : algo_mac_cnt;
- unsigned int curve_cnt = fips_mode ? algo_curve_fips_cnt : algo_curve_cnt;
- unsigned int rsa_opts_cnt = fips_mode ? algo_rsa_opts_fips_cnt : algo_rsa_opts_cnt;
-#else
- unsigned int hash_cnt = algo_hash_cnt;
- unsigned int pubkey_cnt = algo_pubkey_cnt;
- unsigned int mac_cnt = algo_mac_cnt;
- unsigned int curve_cnt = algo_curve_cnt;
- unsigned int rsa_opts_cnt = algo_rsa_opts_cnt;
-#endif
- return enif_make_tuple6(env,
- enif_make_list_from_array(env, algo_hash, hash_cnt),
- enif_make_list_from_array(env, algo_pubkey, pubkey_cnt),
- cipher_types_as_list(env),
- enif_make_list_from_array(env, algo_mac, mac_cnt),
- enif_make_list_from_array(env, algo_curve, curve_cnt),
- enif_make_list_from_array(env, algo_rsa_opts, rsa_opts_cnt)
- );
+ return enif_make_list_from_array(env, algo_rsa_opts, cnt);
}
diff --git a/lib/crypto/c_src/algorithms.h b/lib/crypto/c_src/algorithms.h
index 068fb661ec..4ad8b56db8 100644
--- a/lib/crypto/c_src/algorithms.h
+++ b/lib/crypto/c_src/algorithms.h
@@ -25,6 +25,11 @@
void init_algorithms_types(ErlNifEnv* env);
-ERL_NIF_TERM algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+ERL_NIF_TERM hash_algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+ERL_NIF_TERM pubkey_algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+ERL_NIF_TERM cipher_algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+ERL_NIF_TERM mac_algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+ERL_NIF_TERM curve_algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+ERL_NIF_TERM rsa_opts_algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
#endif /* E_ALGORITHMS_H__ */
diff --git a/lib/crypto/c_src/atoms.c b/lib/crypto/c_src/atoms.c
index 0793ffa6ca..059c14690f 100644
--- a/lib/crypto/c_src/atoms.c
+++ b/lib/crypto/c_src/atoms.c
@@ -70,6 +70,7 @@ ERL_NIF_TERM atom_onbasis;
ERL_NIF_TERM atom_aes_cfb8;
ERL_NIF_TERM atom_aes_cfb128;
+ERL_NIF_TERM atom_aes_ige256;
#ifdef HAVE_GCM
ERL_NIF_TERM atom_aes_gcm;
#endif
@@ -188,6 +189,7 @@ int init_atoms(ErlNifEnv *env, const ERL_NIF_TERM fips_mode, const ERL_NIF_TERM
atom_aes_cfb8 = enif_make_atom(env, "aes_cfb8");
atom_aes_cfb128 = enif_make_atom(env, "aes_cfb128");
+ atom_aes_ige256 = enif_make_atom(env, "aes_ige256");
#ifdef HAVE_GCM
atom_aes_gcm = enif_make_atom(env, "aes_gcm");
#endif
diff --git a/lib/crypto/c_src/atoms.h b/lib/crypto/c_src/atoms.h
index 24f6dc26fd..f5913de96f 100644
--- a/lib/crypto/c_src/atoms.h
+++ b/lib/crypto/c_src/atoms.h
@@ -74,6 +74,7 @@ extern ERL_NIF_TERM atom_onbasis;
extern ERL_NIF_TERM atom_aes_cfb8;
extern ERL_NIF_TERM atom_aes_cfb128;
+extern ERL_NIF_TERM atom_aes_ige256;
#ifdef HAVE_GCM
extern ERL_NIF_TERM atom_aes_gcm;
#endif
diff --git a/lib/crypto/c_src/cipher.c b/lib/crypto/c_src/cipher.c
index 8f0c93c5db..00072af632 100644
--- a/lib/crypto/c_src/cipher.c
+++ b/lib/crypto/c_src/cipher.c
@@ -62,34 +62,18 @@ static struct cipher_type_t cipher_types[] =
{{"blowfish_ecb"}, {NULL}, 0, 0},
#endif
- {{"aes_cbc"}, {&EVP_aes_128_cbc}, 16, 0},
- {{"aes_cbc"}, {&EVP_aes_192_cbc}, 24, 0},
- {{"aes_cbc"}, {&EVP_aes_256_cbc}, 32, 0},
-
{{"aes_128_cbc"}, {&EVP_aes_128_cbc}, 16, 0},
{{"aes_192_cbc"}, {&EVP_aes_192_cbc}, 24, 0},
{{"aes_256_cbc"}, {&EVP_aes_256_cbc}, 32, 0},
- {{"aes_cfb8"}, {&EVP_aes_128_cfb8}, 16, NO_FIPS_CIPHER | AES_CFBx},
- {{"aes_cfb8"}, {&EVP_aes_192_cfb8}, 24, NO_FIPS_CIPHER | AES_CFBx},
- {{"aes_cfb8"}, {&EVP_aes_256_cfb8}, 32, NO_FIPS_CIPHER | AES_CFBx},
-
{{"aes_128_cfb8"}, {&EVP_aes_128_cfb8}, 16, NO_FIPS_CIPHER | AES_CFBx},
{{"aes_192_cfb8"}, {&EVP_aes_192_cfb8}, 24, NO_FIPS_CIPHER | AES_CFBx},
{{"aes_256_cfb8"}, {&EVP_aes_256_cfb8}, 32, NO_FIPS_CIPHER | AES_CFBx},
- {{"aes_cfb128"}, {&EVP_aes_128_cfb128}, 16, NO_FIPS_CIPHER | AES_CFBx},
- {{"aes_cfb128"}, {&EVP_aes_192_cfb128}, 24, NO_FIPS_CIPHER | AES_CFBx},
- {{"aes_cfb128"}, {&EVP_aes_256_cfb128}, 32, NO_FIPS_CIPHER | AES_CFBx},
-
{{"aes_128_cfb128"}, {&EVP_aes_128_cfb128}, 16, NO_FIPS_CIPHER | AES_CFBx},
{{"aes_192_cfb128"}, {&EVP_aes_192_cfb128}, 24, NO_FIPS_CIPHER | AES_CFBx},
{{"aes_256_cfb128"}, {&EVP_aes_256_cfb128}, 32, NO_FIPS_CIPHER | AES_CFBx},
- {{"aes_ecb"}, {&EVP_aes_128_ecb}, 16, ECB_BUG_0_9_8L},
- {{"aes_ecb"}, {&EVP_aes_192_ecb}, 24, ECB_BUG_0_9_8L},
- {{"aes_ecb"}, {&EVP_aes_256_ecb}, 32, ECB_BUG_0_9_8L},
-
{{"aes_128_ecb"}, {&EVP_aes_128_ecb}, 16, ECB_BUG_0_9_8L},
{{"aes_192_ecb"}, {&EVP_aes_192_ecb}, 24, ECB_BUG_0_9_8L},
{{"aes_256_ecb"}, {&EVP_aes_256_ecb}, 32, ECB_BUG_0_9_8L},
@@ -98,16 +82,10 @@ static struct cipher_type_t cipher_types[] =
{{"aes_128_ctr"}, {&EVP_aes_128_ctr}, 16, 0},
{{"aes_192_ctr"}, {&EVP_aes_192_ctr}, 24, 0},
{{"aes_256_ctr"}, {&EVP_aes_256_ctr}, 32, 0},
- {{"aes_ctr"}, {&EVP_aes_128_ctr}, 16, 0},
- {{"aes_ctr"}, {&EVP_aes_192_ctr}, 24, 0},
- {{"aes_ctr"}, {&EVP_aes_256_ctr}, 32, 0},
#else
{{"aes_128_ctr"}, {NULL}, 16, AES_CTR_COMPAT},
{{"aes_192_ctr"}, {NULL}, 24, AES_CTR_COMPAT},
{{"aes_256_ctr"}, {NULL}, 32, AES_CTR_COMPAT},
- {{"aes_ctr"}, {NULL}, 16, AES_CTR_COMPAT},
- {{"aes_ctr"}, {NULL}, 24, AES_CTR_COMPAT},
- {{"aes_ctr"}, {NULL}, 32, AES_CTR_COMPAT},
#endif
#if defined(HAVE_CHACHA20)
@@ -124,28 +102,20 @@ static struct cipher_type_t cipher_types[] =
#endif
#if defined(HAVE_GCM)
- {{"aes_gcm"}, {&EVP_aes_128_gcm}, 16, AEAD_CIPHER|GCM_MODE, {{EVP_CTRL_GCM_SET_IVLEN,EVP_CTRL_GCM_GET_TAG,EVP_CTRL_GCM_SET_TAG}}},
- {{"aes_gcm"}, {&EVP_aes_192_gcm}, 24, AEAD_CIPHER|GCM_MODE, {{EVP_CTRL_GCM_SET_IVLEN,EVP_CTRL_GCM_GET_TAG,EVP_CTRL_GCM_SET_TAG}}},
- {{"aes_gcm"}, {&EVP_aes_256_gcm}, 32, AEAD_CIPHER|GCM_MODE, {{EVP_CTRL_GCM_SET_IVLEN,EVP_CTRL_GCM_GET_TAG,EVP_CTRL_GCM_SET_TAG}}},
{{"aes_128_gcm"}, {&EVP_aes_128_gcm}, 16, AEAD_CIPHER|GCM_MODE, {{EVP_CTRL_GCM_SET_IVLEN,EVP_CTRL_GCM_GET_TAG,EVP_CTRL_GCM_SET_TAG}}},
{{"aes_192_gcm"}, {&EVP_aes_192_gcm}, 24, AEAD_CIPHER|GCM_MODE, {{EVP_CTRL_GCM_SET_IVLEN,EVP_CTRL_GCM_GET_TAG,EVP_CTRL_GCM_SET_TAG}}},
{{"aes_256_gcm"}, {&EVP_aes_256_gcm}, 32, AEAD_CIPHER|GCM_MODE, {{EVP_CTRL_GCM_SET_IVLEN,EVP_CTRL_GCM_GET_TAG,EVP_CTRL_GCM_SET_TAG}}},
#else
- {{"aes_gcm"}, {NULL}, 0, AEAD_CIPHER|GCM_MODE, {{0,0,0}}},
{{"aes_128_gcm"}, {NULL}, 16, AEAD_CIPHER|GCM_MODE, {{0,0,0}}},
{{"aes_192_gcm"}, {NULL}, 24, AEAD_CIPHER|GCM_MODE, {{0,0,0}}},
{{"aes_256_gcm"}, {NULL}, 32, AEAD_CIPHER|GCM_MODE, {{0,0,0}}},
#endif
#if defined(HAVE_CCM)
- {{"aes_ccm"}, {&EVP_aes_128_ccm}, 16, AEAD_CIPHER|CCM_MODE, {{EVP_CTRL_CCM_SET_IVLEN,EVP_CTRL_CCM_GET_TAG,EVP_CTRL_CCM_SET_TAG}}},
- {{"aes_ccm"}, {&EVP_aes_192_ccm}, 24, AEAD_CIPHER|CCM_MODE, {{EVP_CTRL_CCM_SET_IVLEN,EVP_CTRL_CCM_GET_TAG,EVP_CTRL_CCM_SET_TAG}}},
- {{"aes_ccm"}, {&EVP_aes_256_ccm}, 32, AEAD_CIPHER|CCM_MODE, {{EVP_CTRL_CCM_SET_IVLEN,EVP_CTRL_CCM_GET_TAG,EVP_CTRL_CCM_SET_TAG}}},
{{"aes_128_ccm"}, {&EVP_aes_128_ccm}, 16, AEAD_CIPHER|CCM_MODE, {{EVP_CTRL_CCM_SET_IVLEN,EVP_CTRL_CCM_GET_TAG,EVP_CTRL_CCM_SET_TAG}}},
{{"aes_192_ccm"}, {&EVP_aes_192_ccm}, 24, AEAD_CIPHER|CCM_MODE, {{EVP_CTRL_CCM_SET_IVLEN,EVP_CTRL_CCM_GET_TAG,EVP_CTRL_CCM_SET_TAG}}},
{{"aes_256_ccm"}, {&EVP_aes_256_ccm}, 32, AEAD_CIPHER|CCM_MODE, {{EVP_CTRL_CCM_SET_IVLEN,EVP_CTRL_CCM_GET_TAG,EVP_CTRL_CCM_SET_TAG}}},
#else
- {{"aes_ccm"}, {NULL}, 0, AEAD_CIPHER|CCM_MODE, {{0,0,0}}},
{{"aes_128_ccm"}, {NULL}, 16, AEAD_CIPHER|CCM_MODE, {{0,0,0}}},
{{"aes_192_ccm"}, {NULL}, 24, AEAD_CIPHER|CCM_MODE, {{0,0,0}}},
{{"aes_256_ccm"}, {NULL}, 32, AEAD_CIPHER|CCM_MODE, {{0,0,0}}},
@@ -359,13 +329,15 @@ ERL_NIF_TERM cipher_types_as_list(ErlNifEnv* env)
prev = atom_undefined;
for (p = cipher_types; (p->type.atom & (p->type.atom != atom_false)); p++) {
- if ((prev != p->type.atom) &&
- ((p->cipher.p != NULL) ||
- (p->flags & (NON_EVP_CIPHER|AES_CTR_COMPAT)) ) && /* Special handling. Bad indeed... */
- ! FORBIDDEN_IN_FIPS(p)
- )
- hd = enif_make_list_cell(env, p->type.atom, hd);
- prev = p->type.atom;
+ if ((prev == p->type.atom) ||
+ FORBIDDEN_IN_FIPS(p) )
+ continue;
+
+ if ((p->cipher.p != NULL) ||
+ (p->type.atom == atom_aes_ige256)) /* Special handling. Bad indeed... */
+ {
+ hd = enif_make_list_cell(env, p->type.atom, hd);
+ }
}
return hd;
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index a8014745c8..d533cba140 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -63,7 +63,12 @@ static ErlNifFunc nif_funcs[] = {
{"info_lib", 0, info_lib, 0},
{"info_fips", 0, info_fips, 0},
{"enable_fips_mode", 1, enable_fips_mode, 0},
- {"algorithms", 0, algorithms, 0},
+ {"hash_algorithms", 0, hash_algorithms, 0},
+ {"pubkey_algorithms", 0, pubkey_algorithms, 0},
+ {"cipher_algorithms", 0, cipher_algorithms, 0},
+ {"mac_algorithms", 0, mac_algorithms, 0},
+ {"curve_algorithms", 0, curve_algorithms, 0},
+ {"rsa_opts_algorithms", 0, rsa_opts_algorithms, 0},
{"hash_info", 1, hash_info_nif, 0},
{"hash_nif", 2, hash_nif, 0},
{"hash_init_nif", 1, hash_init_nif, 0},
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 3b431cceba..98378412d4 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -61,7 +61,8 @@
crypto_one_time/4, crypto_one_time/5,
crypto_one_time_aead/6, crypto_one_time_aead/7,
crypto_dyn_iv_init/3,
- crypto_dyn_iv_update/3
+ crypto_dyn_iv_update/3,
+ supports/1
]).
@@ -499,15 +500,22 @@ stop() ->
Macs :: [hmac | cmac | poly1305],
Curves :: [ec_named_curve() | edwards_curve_dh() | edwards_curve_ed()],
RSAopts :: [rsa_sign_verify_opt() | rsa_opt()] .
-supports()->
- {Hashs, PubKeys, Ciphers, Macs, Curves, RsaOpts} = algorithms(),
- [{hashs, Hashs},
- {ciphers, prepend_cipher_aliases(Ciphers)},
- {public_keys, PubKeys},
- {macs, Macs},
- {curves, Curves},
- {rsa_opts, RsaOpts}
- ].
+supports() ->
+ [{hashs, hash_algorithms()},
+ {ciphers, prepend_old_aliases( cipher_algorithms())},
+ {public_keys, pubkey_algorithms()},
+ {macs, mac_algorithms()},
+ {curves, curve_algorithms()},
+ {rsa_opts, rsa_opts_algorithms()}
+ ].
+
+supports(hashs) -> hash_algorithms();
+supports(public_keys) -> pubkey_algorithms();
+supports(ciphers) -> cipher_algorithms();
+supports(macs) -> mac_algorithms();
+supports(curves) -> curve_algorithms();
+supports(rsa_opts) -> rsa_opts_algorithms().
+
-spec info_lib() -> [{Name,VerNum,VerStr}] when Name :: binary(),
VerNum :: integer(),
@@ -700,7 +708,7 @@ poly1305(Key, Data) ->
| xts_mode
.
-%% These ciphers are not available via the EVP interface on older cryptolibs.
+%% %% These ciphers are not available via the EVP interface on older cryptolibs.
cipher_info(aes_ctr) ->
#{block_size => 1,iv_length => 16,key_length => 32,mode => ctr_mode,type => undefined};
cipher_info(aes_128_ctr) ->
@@ -709,9 +717,36 @@ cipher_info(aes_192_ctr) ->
#{block_size => 1,iv_length => 16,key_length => 24,mode => ctr_mode,type => undefined};
cipher_info(aes_256_ctr) ->
#{block_size => 1,iv_length => 16,key_length => 32,mode => ctr_mode,type => undefined};
-%% This cipher is handled specialy.
+%% %% This cipher is handled specialy.
cipher_info(aes_ige256) ->
#{block_size => 16,iv_length => 32,key_length => 16,mode => ige_mode,type => undefined};
+%% %% These ciphers belong to the "old" interface:
+%% cipher_info(aes_cbc) ->
+%% #{block_size => 16,iv_length => 16,key_length => 24,mode => cbc_mode,type => 423};
+%% cipher_info(aes_cbc128) ->
+%% #{block_size => 16,iv_length => 16,key_length => 16,mode => cbc_mode,type => 419};
+%% cipher_info(aes_cbc256) ->
+%% #{block_size => 16,iv_length => 16,key_length => 32,mode => cbc_mode,type => 427};
+%% cipher_info(aes_ccm) ->
+%% #{block_size => 1,iv_length => 12,key_length => 24,mode => ccm_mode,type => 899};
+%% cipher_info(aes_cfb128) ->
+%% #{block_size => 1,iv_length => 16,key_length => 32,mode => cfb_mode,type => 429};
+%% cipher_info(aes_cfb8) ->
+%% #{block_size => 1,iv_length => 16,key_length => 32,mode => cfb_mode,type => 429};
+%% cipher_info(aes_ecb) ->
+%% #{block_size => 16,iv_length => 0,key_length => 24,mode => ecb_mode,type => 422};
+%% cipher_info(aes_gcm) ->
+%% #{block_size => 1,iv_length => 12,key_length => 24,mode => gcm_mode,type => 898};
+%% cipher_info(des3_cbc) ->
+%% #{block_size => 8,iv_length => 8,key_length => 24,mode => cbc_mode,type => 44};
+%% cipher_info(des3_cbf) ->
+%% #{block_size => 1,iv_length => 8,key_length => 24,mode => cfb_mode,type => 30};
+%% cipher_info(des3_cfb) ->
+%% #{block_size => 1,iv_length => 8,key_length => 24,mode => cfb_mode,type => 30};
+%% cipher_info(des_ede3) ->
+%% #{block_size => 8,iv_length => 8,key_length => 24,mode => cbc_mode,type => 44};
+%% cipher_info(des_ede3_cbf) ->
+%% #{block_size => 1,iv_length => 8,key_length => 24,mode => cfb_mode,type => 30};
cipher_info(Type) ->
cipher_info_nif(alias(Type)).
@@ -1058,20 +1093,34 @@ ng_crypto_one_time_nif(_Cipher, _Key, _IVec, _Data, _EncryptFlg) -> ?nif_stub.
%%%----------------------------------------------------------------
%%% Cipher aliases
%%%
-prepend_cipher_aliases(L0) ->
- L =
- case lists:member(des_ede3_cbc, L0) of
+-define(if_also(Cipher, Ciphers, AliasCiphers),
+ case lists:member(Cipher, Ciphers) of
true ->
- [des3_cbc, des_ede3, des_ede3_cbf, des3_cbf, des3_cfb | L0];
+ AliasCiphers;
false ->
- L0
- end,
- case lists:member(aes_128_cbc, L0) of
- true ->
- [aes_cbc128, aes_cbc256 | L];
- false ->
- L
- end.
+ Ciphers
+ end).
+
+
+prepend_old_aliases(L0) ->
+ L1 = ?if_also(des_ede3_cbc, L0,
+ [des3_cbc, des_ede3, des_ede3_cbf, des3_cbf, des3_cfb | L0]),
+ L2 = ?if_also(aes_128_cbc, L1,
+ [aes_cbc, aes_cbc128, aes_cbc256 | L1]),
+ L3 = ?if_also(aes_128_ctr, L2,
+ [aes_ctr | L2]),
+ L4 = ?if_also(aes_128_ccm, L3,
+ [aes_ccm | L3]),
+ L5 = ?if_also(aes_128_gcm, L4,
+ [aes_gcm | L4]),
+ L6 = ?if_also(aes_128_cfb8, L5,
+ [aes_cfb8 | L5]),
+ L7 = ?if_also(aes_128_cfb128, L6,
+ [aes_cfb128 | L6]),
+ L8 = ?if_also(aes_128_ecb, L7,
+ [aes_ecb | L7]),
+ L8.
+
%%%---- des_ede3_cbc
@@ -1088,42 +1137,37 @@ alias(aes_cbc256) -> aes_256_cbc;
alias(Alg) -> Alg.
-%%%---- des_ede3_cbc
-alias(des3_cbc, _) -> des_ede3_cbc;
-alias(des_ede3, _) -> des_ede3_cbc;
-%%%---- des_ede3_cfb
-alias(des_ede3_cbf,_ ) -> des_ede3_cfb;
-alias(des3_cbf, _) -> des_ede3_cfb;
-alias(des3_cfb, _) -> des_ede3_cfb;
-%%%---- aes_*_cbc
-alias(aes_cbc128, _) -> aes_128_cbc;
-alias(aes_cbc256, _) -> aes_256_cbc;
+alias(Ciph, Key) -> alias2(alias(Ciph), Key).
+
+alias2(aes_cbc, Key) when size(Key)==16 -> aes_128_cbc;
+alias2(aes_cbc, Key) when size(Key)==24 -> aes_192_cbc;
+alias2(aes_cbc, Key) when size(Key)==32 -> aes_256_cbc;
-alias(aes_cbc, Key) when size(Key)==128 -> aes_128_cbc;
-alias(aes_cbc, Key) when size(Key)==192 -> aes_192_cbc;
-alias(aes_cbc, Key) when size(Key)==256 -> aes_256_cbc;
+alias2(aes_cfb8, Key) when size(Key)==16 -> aes_128_cfb8;
+alias2(aes_cfb8, Key) when size(Key)==24 -> aes_192_cfb8;
+alias2(aes_cfb8, Key) when size(Key)==32 -> aes_256_cfb8;
-alias(aes_cfb8, Key) when size(Key)==128 -> aes_128_cfb8;
-alias(aes_cfb8, Key) when size(Key)==192 -> aes_192_cfb8;
-alias(aes_cfb8, Key) when size(Key)==256 -> aes_256_cfb8;
+alias2(aes_cfb128, Key) when size(Key)==16 -> aes_128_cfb128;
+alias2(aes_cfb128, Key) when size(Key)==24 -> aes_192_cfb128;
+alias2(aes_cfb128, Key) when size(Key)==32 -> aes_256_cfb128;
-alias(aes_cfb128, Key) when size(Key)==128 -> aes_128_cfb128;
-alias(aes_cfb128, Key) when size(Key)==192 -> aes_192_cfb128;
-alias(aes_cfb128, Key) when size(Key)==256 -> aes_256_cfb128;
+alias2(aes_ctr, Key) when size(Key)==16 -> aes_128_ctr;
+alias2(aes_ctr, Key) when size(Key)==24 -> aes_192_ctr;
+alias2(aes_ctr, Key) when size(Key)==32 -> aes_256_ctr;
-alias(aes_ctr, Key) when size(Key)==128 -> aes_128_ctr;
-alias(aes_ctr, Key) when size(Key)==192 -> aes_192_ctr;
-alias(aes_ctr, Key) when size(Key)==256 -> aes_256_ctr;
+alias2(aes_ecb, Key) when size(Key)==16 -> aes_128_ecb;
+alias2(aes_ecb, Key) when size(Key)==24 -> aes_192_ecb;
+alias2(aes_ecb, Key) when size(Key)==32 -> aes_256_ecb;
-alias(aes_gcm, Key) when size(Key)==128 -> aes_128_gcm;
-alias(aes_gcm, Key) when size(Key)==192 -> aes_192_gcm;
-alias(aes_gcm, Key) when size(Key)==256 -> aes_256_gcm;
+alias2(aes_gcm, Key) when size(Key)==16 -> aes_128_gcm;
+alias2(aes_gcm, Key) when size(Key)==24 -> aes_192_gcm;
+alias2(aes_gcm, Key) when size(Key)==32 -> aes_256_gcm;
-alias(aes_ccm, Key) when size(Key)==128 -> aes_128_ccm;
-alias(aes_ccm, Key) when size(Key)==192 -> aes_192_ccm;
-alias(aes_ccm, Key) when size(Key)==256 -> aes_256_ccm;
+alias2(aes_ccm, Key) when size(Key)==16 -> aes_128_ccm;
+alias2(aes_ccm, Key) when size(Key)==24 -> aes_192_ccm;
+alias2(aes_ccm, Key) when size(Key)==32 -> aes_256_ccm;
-alias(Alg, _) -> Alg.
+alias2(Alg, _) -> Alg.
%%%================================================================
%%%
@@ -2387,7 +2431,13 @@ exor(Data1, Data2, _Size, MaxByts, Acc) ->
do_exor(_A, _B) -> ?nif_stub.
-algorithms() -> ?nif_stub.
+hash_algorithms() -> ?nif_stub.
+pubkey_algorithms() -> ?nif_stub.
+cipher_algorithms() -> ?nif_stub.
+mac_algorithms() -> ?nif_stub.
+curve_algorithms() -> ?nif_stub.
+rsa_opts_algorithms() -> ?nif_stub.
+
int_to_bin(X) when X < 0 -> int_to_bin_neg(X, []);
int_to_bin(X) -> int_to_bin_pos(X, []).
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 880fd7ab0b..56691223c4 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -116,8 +116,6 @@ groups() ->
{group, blowfish_ecb},
{group, blowfish_ofb64},
- {group, aes_cfb128},
- {group, aes_cfb8},
{group, aes_ige256},
{group, des_cbc},
{group, des_cfb},
@@ -125,7 +123,15 @@ groups() ->
{group, rc4},
?NEW_CIPHER_TYPE_SCHEMA,
- ?RETIRED_TYPE_ALIASES
+ {group, aes_128_cfb128},
+ {group, aes_192_cfb128},
+ {group, aes_256_cfb128},
+ {group, aes_128_cfb8},
+ {group, aes_192_cfb8},
+ {group, aes_256_cfb8},
+ ?RETIRED_TYPE_ALIASES,
+ {group, aes_cfb128},
+ {group, aes_cfb8}
]},
{fips, [], [
{group, no_blake2b},
@@ -210,9 +216,15 @@ groups() ->
{des_ede3_cbc, [], [block, api_ng, api_ng_one_shot, api_ng_tls]},
{des_ede3_cfb, [], [block, api_ng, api_ng_one_shot, api_ng_tls]},
{rc2_cbc, [], [block, api_ng, api_ng_one_shot, api_ng_tls]},
- {aes_cfb8, [], [block, api_ng, api_ng_one_shot, api_ng_tls]},
+ {aes_cfb8, [], [block]},
+ {aes_128_cfb8, [], [block, api_ng, api_ng_one_shot, api_ng_tls]},
+ {aes_192_cfb8, [], [block, api_ng, api_ng_one_shot, api_ng_tls]},
+ {aes_256_cfb8, [], [block, api_ng, api_ng_one_shot, api_ng_tls]},
{no_aes_cfb8, [], [no_support, no_block]},
- {aes_cfb128, [], [block, api_ng, api_ng_one_shot, api_ng_tls]},
+ {aes_cfb128, [], [block]},
+ {aes_128_cfb128, [], [block, api_ng, api_ng_one_shot, api_ng_tls]},
+ {aes_192_cfb128, [], [block, api_ng, api_ng_one_shot, api_ng_tls]},
+ {aes_256_cfb128, [], [block, api_ng, api_ng_one_shot, api_ng_tls]},
{no_aes_cfb128, [], [no_support, no_block]},
{aes_ige256, [], [block]},
{no_aes_ige256, [], [no_support, no_block]},
@@ -478,7 +490,7 @@ poly1305(Config) ->
%%--------------------------------------------------------------------
no_poly1305() ->
[{doc, "Test disabled poly1305 function"}].
-no_poly1305(Config) ->
+no_poly1305(_Config) ->
Key = <<133,214,190,120,87,85,109,51,127,68,82,254,66,213,6,168,1,
3,128,138,251,13,178,253,74,191,246,175,65,73,245,27>>,
Txt = <<"Cryptographic Forum Research Group">>,
@@ -889,8 +901,24 @@ cipher_info(Config) when is_list(Config) ->
#{type := _,key_length := _,iv_length := _,
block_size := _,mode := _} = crypto:cipher_info(aes_128_cbc),
{'EXIT',_} = (catch crypto:cipher_info(not_a_cipher)),
- lists:foreach(fun(C) -> crypto:cipher_info(C) end,
- proplists:get_value(ciphers, crypto:supports())).
+ case lists:foldl(fun(C,Ok) ->
+ try crypto:cipher_info(C)
+ of
+ _ -> Ok
+ catch Cls:Exc ->
+ ct:pal("~p:~p ~p",[Cls,Exc,C]),
+ false
+ end
+ end,
+ true,
+crypto:supports(ciphers)) of
+%% proplists:get_value(ciphers, crypto:supports())) of
+ true ->
+ ok;
+ false ->
+ ct:fail('Cipher unsupported',[])
+ end.
+
%%--------------------------------------------------------------------
hash_info() ->
@@ -1553,7 +1581,7 @@ rand_uniform_aux_test(N) ->
rand_uniform_aux_test(N-1).
crypto_rand_uniform(L,H) ->
- R1 = crypto:rand_uniform(L, H),
+ R1 = (L-1) + rand:uniform(H-L),
case (R1 >= L) and (R1 < H) of
true ->
ok;
@@ -2591,6 +2619,22 @@ aes_cfb8(Config) ->
"CFB8VarTxt256.rsp", "CFB8VarKey256.rsp", "CFB8GFSbox256.rsp", "CFB8KeySbox256.rsp",
"CFB8MMT128.rsp", "CFB8MMT192.rsp", "CFB8MMT256.rsp"]).
+aes_128_cfb8(Config) ->
+ read_rsp(Config, aes_128_cfb8,
+ ["CFB8VarTxt128.rsp", "CFB8VarKey128.rsp", "CFB8GFSbox128.rsp", "CFB8KeySbox128.rsp",
+ "CFB8MMT128.rsp"]).
+
+aes_192_cfb8(Config) ->
+ read_rsp(Config, aes_192_cfb8,
+ ["CFB8VarTxt192.rsp", "CFB8VarKey192.rsp", "CFB8GFSbox192.rsp", "CFB8KeySbox192.rsp",
+ "CFB8MMT192.rsp"]).
+
+aes_256_cfb8(Config) ->
+ read_rsp(Config, aes_256_cfb8,
+ ["CFB8VarTxt256.rsp", "CFB8VarKey256.rsp", "CFB8GFSbox256.rsp", "CFB8KeySbox256.rsp",
+ "CFB8MMT256.rsp"]).
+
+
aes_cfb128(Config) ->
read_rsp(Config, aes_cfb128,
["CFB128VarTxt128.rsp", "CFB128VarKey128.rsp", "CFB128GFSbox128.rsp", "CFB128KeySbox128.rsp",
@@ -2598,6 +2642,22 @@ aes_cfb128(Config) ->
"CFB128VarTxt256.rsp", "CFB128VarKey256.rsp", "CFB128GFSbox256.rsp", "CFB128KeySbox256.rsp",
"CFB128MMT128.rsp", "CFB128MMT192.rsp", "CFB128MMT256.rsp"]).
+aes_128_cfb128(Config) ->
+ read_rsp(Config, aes_128_cfb128,
+ ["CFB128VarTxt128.rsp", "CFB128VarKey128.rsp", "CFB128GFSbox128.rsp", "CFB128KeySbox128.rsp",
+ "CFB128MMT128.rsp"]).
+
+aes_192_cfb128(Config) ->
+ read_rsp(Config, aes_192_cfb128,
+ ["CFB128VarTxt192.rsp", "CFB128VarKey192.rsp", "CFB128GFSbox192.rsp", "CFB128KeySbox192.rsp",
+ "CFB128MMT192.rsp"]).
+
+aes_256_cfb128(Config) ->
+ read_rsp(Config, aes_256_cfb128,
+ ["CFB128VarTxt256.rsp", "CFB128VarKey256.rsp", "CFB128GFSbox256.rsp", "CFB128KeySbox256.rsp",
+ "CFB128MMT256.rsp"]).
+
+
blowfish_cbc(_) ->
[{blowfish_cbc,
hexstr2bin("0123456789ABCDEFF0E1D2C3B4A59687"),
diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl
index 923e9309f4..04453e6ef0 100644
--- a/lib/ssh/src/ssh.hrl
+++ b/lib/ssh/src/ssh.hrl
@@ -396,11 +396,13 @@
recv_mac_size = 0,
encrypt = none, %% encrypt algorithm
+ encrypt_cipher, %% cipher. could be different from the algorithm
encrypt_keys, %% encrypt keys
encrypt_block_size = 8,
encrypt_ctx,
decrypt = none, %% decrypt algorithm
+ decrypt_cipher, %% cipher. could be different from the algorithm
decrypt_keys, %% decrypt keys
decrypt_block_size = 8,
decrypt_ctx, %% Decryption context
diff --git a/lib/ssh/src/ssh_sftpd.erl b/lib/ssh/src/ssh_sftpd.erl
index aa9ba0f9bb..5ec12e2d04 100644
--- a/lib/ssh/src/ssh_sftpd.erl
+++ b/lib/ssh/src/ssh_sftpd.erl
@@ -508,7 +508,7 @@ close_our_file({_,Fd}, FileMod, FS0) ->
FS1.
%%% stat: do the stat
-stat(Vsn, ReqId, Data, State, F) ->
+stat(_Vsn, ReqId, Data, State, F) ->
<<?UINT32(BLen), BPath:BLen/binary, _/binary>> = Data,
stat(ReqId, unicode:characters_to_list(BPath), State, F).
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 2299346a30..eaab13433a 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -1328,13 +1328,15 @@ verify(PlainText, HashAlg, Sig, Key, _) ->
%%% Start of a more parameterized crypto handling.
cipher('AEAD_AES_128_GCM') ->
- #cipher{key_bytes = 16,
+ #cipher{impl = aes_128_gcm,
+ key_bytes = 16,
iv_bytes = 12,
block_bytes = 16,
pkt_type = aead};
cipher('AEAD_AES_256_GCM') ->
- #cipher{key_bytes = 32,
+ #cipher{impl = aes_256_gcm,
+ key_bytes = 32,
iv_bytes = 12,
block_bytes = 16,
pkt_type = aead};
@@ -1346,7 +1348,7 @@ cipher('3des-cbc') ->
block_bytes = 8};
cipher('aes128-cbc') ->
- #cipher{impl = aes_cbc,
+ #cipher{impl = aes_128_cbc,
key_bytes = 16,
iv_bytes = 16,
block_bytes = 16};
@@ -1370,7 +1372,8 @@ cipher('aes256-ctr') ->
block_bytes = 16};
cipher('[email protected]') -> % FIXME: Verify!!
- #cipher{key_bytes = 32,
+ #cipher{impl = chacha20_poly1305,
+ key_bytes = 32,
iv_bytes = 12,
block_bytes = 8,
pkt_type = aead};
@@ -1407,12 +1410,14 @@ encrypt_init(#ssh{encrypt = '[email protected]', role = Role} = Ssh)
encrypt_init(#ssh{encrypt = SshCipher, role = Role} = Ssh) when SshCipher == 'AEAD_AES_128_GCM';
SshCipher == 'AEAD_AES_256_GCM' ->
{IvMagic, KeyMagic} = encrypt_magic(Role),
- #cipher{key_bytes = KeyBytes,
+ #cipher{impl = CryptoCipher,
+ key_bytes = KeyBytes,
iv_bytes = IvBytes,
block_bytes = BlockBytes} = cipher(SshCipher),
IV = hash(Ssh, IvMagic, 8*IvBytes),
K = hash(Ssh, KeyMagic, 8*KeyBytes),
- {ok, Ssh#ssh{encrypt_keys = K,
+ {ok, Ssh#ssh{encrypt_cipher = CryptoCipher,
+ encrypt_keys = K,
encrypt_block_size = BlockBytes,
encrypt_ctx = IV}};
@@ -1425,11 +1430,12 @@ encrypt_init(#ssh{encrypt = SshCipher, role = Role} = Ssh) ->
IV = hash(Ssh, IvMagic, 8*IvBytes),
K = hash(Ssh, KeyMagic, 8*KeyBytes),
Ctx0 = crypto:crypto_init(CryptoCipher, K, IV, true),
- {ok, Ssh#ssh{encrypt_block_size = BlockBytes,
+ {ok, Ssh#ssh{encrypt_cipher = CryptoCipher,
+ encrypt_block_size = BlockBytes,
encrypt_ctx = Ctx0}}.
encrypt_final(Ssh) ->
- {ok, Ssh#ssh{encrypt = none,
+ {ok, Ssh#ssh{encrypt = none,
encrypt_keys = undefined,
encrypt_block_size = 8,
encrypt_ctx = undefined
@@ -1457,18 +1463,19 @@ encrypt(#ssh{encrypt = '[email protected]',
{Ssh, {EncBytes,Ctag}};
encrypt(#ssh{encrypt = SshCipher,
+ encrypt_cipher = CryptoCipher,
encrypt_keys = K,
encrypt_ctx = IV0} = Ssh,
<<LenData:4/binary, PayloadData/binary>>) when SshCipher == 'AEAD_AES_128_GCM' ;
SshCipher == 'AEAD_AES_256_GCM' ->
- {Ctext,Ctag} = crypto:block_encrypt(aes_gcm, K, IV0, {LenData,PayloadData}),
+ {Ctext,Ctag} = crypto:crypto_one_time_aead(CryptoCipher, K, IV0, PayloadData, LenData, true),
IV = next_gcm_iv(IV0),
{Ssh#ssh{encrypt_ctx = IV}, {<<LenData/binary,Ctext/binary>>,Ctag}};
encrypt(#ssh{encrypt_ctx = Ctx0} = Ssh, Data) ->
Enc = crypto:crypto_update(Ctx0, Data),
{Ssh, Enc}.
-
+
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Decryption
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -1485,12 +1492,14 @@ decrypt_init(#ssh{decrypt = '[email protected]', role = Role} = Ssh)
decrypt_init(#ssh{decrypt = SshCipher, role = Role} = Ssh) when SshCipher == 'AEAD_AES_128_GCM';
SshCipher == 'AEAD_AES_256_GCM' ->
{IvMagic, KeyMagic} = decrypt_magic(Role),
- #cipher{key_bytes = KeyBytes,
+ #cipher{impl = CryptoCipher,
+ key_bytes = KeyBytes,
iv_bytes = IvBytes,
block_bytes = BlockBytes} = cipher(SshCipher),
IV = hash(Ssh, IvMagic, 8*IvBytes),
K = hash(Ssh, KeyMagic, 8*KeyBytes),
- {ok, Ssh#ssh{decrypt_keys = K,
+ {ok, Ssh#ssh{decrypt_cipher = CryptoCipher,
+ decrypt_keys = K,
decrypt_block_size = BlockBytes,
decrypt_ctx = IV}};
@@ -1503,9 +1512,11 @@ decrypt_init(#ssh{decrypt = SshCipher, role = Role} = Ssh) ->
IV = hash(Ssh, IvMagic, 8*IvBytes),
K = hash(Ssh, KeyMagic, 8*KeyBytes),
Ctx0 = crypto:crypto_init(CryptoCipher, K, IV, false),
- {ok, Ssh#ssh{decrypt_block_size = BlockBytes,
+ {ok, Ssh#ssh{decrypt_cipher = CryptoCipher,
+ decrypt_block_size = BlockBytes,
decrypt_ctx = Ctx0}}.
+
decrypt_final(Ssh) ->
{ok, Ssh#ssh {decrypt = none,
decrypt_keys = undefined,
@@ -1517,35 +1528,37 @@ decrypt(Ssh, <<>>) ->
{Ssh, <<>>};
decrypt(#ssh{decrypt = '[email protected]',
- decrypt_keys = {K1,_K2},
- recv_sequence = Seq} = Ssh, {length,EncryptedLen}) ->
- PacketLenBin = crypto:crypto_one_time(chacha20, K1, <<0:8/unit:8, Seq:8/unit:8>>, EncryptedLen, false),
- {Ssh, PacketLenBin};
-
-decrypt(#ssh{decrypt = '[email protected]',
- decrypt_keys = {_K1,K2},
- recv_sequence = Seq} = Ssh, {AAD,Ctext,Ctag}) ->
- %% The length is already decoded and used to divide the input
- %% Check the mac (important that it is timing-safe):
- PolyKey = crypto:crypto_one_time(chacha20, K2, <<0:8/unit:8,Seq:8/unit:8>>, <<0:32/unit:8>>, false),
- case equal_const_time(Ctag, crypto:poly1305(PolyKey, <<AAD/binary,Ctext/binary>>)) of
- true ->
- %% MAC is ok, decode
- IV2 = <<1:8/little-unit:8, Seq:8/unit:8>>,
- PlainText = crypto:crypto_one_time(chacha20, K2, IV2, Ctext, false),
- {Ssh, PlainText};
- false ->
- {Ssh,error}
+ decrypt_keys = {K1,K2},
+ recv_sequence = Seq} = Ssh, Data) ->
+ case Data of
+ {length,EncryptedLen} ->
+ %% The length is decrypted separately in a first step
+ PacketLenBin = crypto:crypto_one_time(chacha20, K1, <<0:8/unit:8, Seq:8/unit:8>>, EncryptedLen, false),
+ {Ssh, PacketLenBin};
+ {AAD,Ctext,Ctag} ->
+ %% The length is already decrypted and used to divide the input
+ %% Check the mac (important that it is timing-safe):
+ PolyKey = crypto:crypto_one_time(chacha20, K2, <<0:8/unit:8,Seq:8/unit:8>>, <<0:32/unit:8>>, false),
+ case equal_const_time(Ctag, crypto:poly1305(PolyKey, <<AAD/binary,Ctext/binary>>)) of
+ true ->
+ %% MAC is ok, decode
+ IV2 = <<1:8/little-unit:8, Seq:8/unit:8>>,
+ PlainText = crypto:crypto_one_time(chacha20, K2, IV2, Ctext, false),
+ {Ssh, PlainText};
+ false ->
+ {Ssh,error}
+ end
end;
decrypt(#ssh{decrypt = none} = Ssh, Data) ->
{Ssh, Data};
decrypt(#ssh{decrypt = SshCipher,
+ decrypt_cipher = CryptoCipher,
decrypt_keys = K,
- decrypt_ctx = IV0} = Ssh, Data = {_AAD,_Ctext,_Ctag}) when SshCipher == 'AEAD_AES_128_GCM' ;
- SshCipher == 'AEAD_AES_256_GCM' ->
- Dec = crypto:block_decrypt(aes_gcm, K, IV0, Data), % Dec = PlainText | error
+ decrypt_ctx = IV0} = Ssh, {AAD,Ctext,Ctag}) when SshCipher == 'AEAD_AES_128_GCM' ;
+ SshCipher == 'AEAD_AES_256_GCM' ->
+ Dec = crypto:crypto_one_time_aead(CryptoCipher, K, IV0, Ctext, AAD, Ctag, false),
IV = next_gcm_iv(IV0),
{Ssh#ssh{decrypt_ctx = IV}, Dec};
diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl
index 5de6d52092..9b987dea5a 100644
--- a/lib/ssh/test/ssh_basic_SUITE.erl
+++ b/lib/ssh/test/ssh_basic_SUITE.erl
@@ -1399,7 +1399,7 @@ rekey_chk(Config, RLdaemon, RLclient) ->
Kex1 = ssh_test_lib:get_kex_init(ConnectionRef),
%% Make both sides send something:
- {ok, SftpPid} = ssh_sftp:start_channel(ConnectionRef),
+ {ok, _SftpPid} = ssh_sftp:start_channel(ConnectionRef),
%% Check rekeying
timer:sleep(?REKEY_DATA_TMO),
diff --git a/lib/ssh/test/ssh_bench_SUITE.erl b/lib/ssh/test/ssh_bench_SUITE.erl
index 2ac4e5636a..880c519a5e 100644
--- a/lib/ssh/test/ssh_bench_SUITE.erl
+++ b/lib/ssh/test/ssh_bench_SUITE.erl
@@ -178,7 +178,7 @@ gen_data(DataSz) ->
connect_measure(Port, Cipher, Mac, Data, Options) ->
- AES_GCM = {cipher,
+ _AES_GCM = {cipher,
[]},
@@ -187,22 +187,22 @@ connect_measure(Port, Cipher, Mac, Data, Options) ->
{none,none} ->
[{modify_algorithms,[{prepend, [{cipher,[Cipher]},
{mac,[Mac]}]}
-%%% ,{rm,[AES_GCM]}
+%%% ,{rm,[_AES_GCM]}
]}];
{none,_} ->
[{modify_algorithms,[{prepend, [{cipher,[Cipher]}]}
-%%% ,{rm,[AES_GCM]}
+%%% ,{rm,[_AES_GCM]}
]},
{preferred_algorithms, [{mac,[Mac]}]}];
{_,none} ->
[{modify_algorithms,[{prepend, [{mac,[Mac]}]}
-%%% ,{rm,[AES_GCM]}
+%%% ,{rm,[_AES_GCM]}
]},
{preferred_algorithms, [{cipher,[Cipher]}]}];
_ ->
[{preferred_algorithms, [{cipher,[Cipher]},
{mac,[Mac]}]}
-%%% ,{modify_algorithms, [{rm,[AES_GCM]}]}
+%%% ,{modify_algorithms, [{rm,[_AES_GCM]}]}
]
end,
Times =
diff --git a/lib/ssh/test/ssh_chan_behaviours_SUITE.erl b/lib/ssh/test/ssh_chan_behaviours_SUITE.erl
index 16ed152bcd..103d7253fd 100644
--- a/lib/ssh/test/ssh_chan_behaviours_SUITE.erl
+++ b/lib/ssh/test/ssh_chan_behaviours_SUITE.erl
@@ -128,8 +128,8 @@ subsystem_client(Config) ->
C = proplists:get_value(connref, Config),
{ok,ChRef} = ssh_chan_behaviours_client:start_link(C),
- IDclt = ?EXPECT({{C,Ch1clt}, {ssh_channel_up,Ch1clt,C}}, {C,Ch1clt}),
- IDsrv = ?EXPECT({{_Csrv,Ch1srv}, {ssh_channel_up,Ch1srv,_Csrv}}, {_Csrv,Ch1srv}),
+ IDclt = ?EXPECT({{C,_Ch1clt}, {ssh_channel_up,_Ch1clt,C}}, {C,_Ch1clt}),
+ IDsrv = ?EXPECT({{_Csrv,_Ch1srv}, {ssh_channel_up,_Ch1srv,_Csrv}}, {_Csrv,_Ch1srv}),
ok = ssh_chan_behaviours_client:stop(ChRef),
?EXPECT({IDclt, {terminate,normal}}, []), % From the proper channel handler
diff --git a/lib/ssh/test/ssh_chan_behaviours_client.erl b/lib/ssh/test/ssh_chan_behaviours_client.erl
index 15f17733d6..8dd18973ad 100644
--- a/lib/ssh/test/ssh_chan_behaviours_client.erl
+++ b/lib/ssh/test/ssh_chan_behaviours_client.erl
@@ -94,7 +94,7 @@ handle_ssh_msg({ssh_cm, C, {eof, Ch}}=M, #state{ch=Ch,cm=C} = State) ->
?DBG(State, "eof",[]),
{ok, State};
-handle_ssh_msg({ssh_cm, C, {signal, _Ch, _SigNameStr}=Sig} = M, #state{ch=Ch,cm=C} = State) ->
+handle_ssh_msg({ssh_cm, C, {signal, Ch, _SigNameStr}=Sig} = M, #state{ch=Ch,cm=C} = State) ->
%% Ignore signals according to RFC 4254 section 6.9.
tell_parent(M, State),
?DBG(State, "~p",[Sig]),
diff --git a/lib/ssh/test/ssh_chan_behaviours_server.erl b/lib/ssh/test/ssh_chan_behaviours_server.erl
index 1408675a6e..1d504b1bc6 100644
--- a/lib/ssh/test/ssh_chan_behaviours_server.erl
+++ b/lib/ssh/test/ssh_chan_behaviours_server.erl
@@ -65,7 +65,7 @@ handle_ssh_msg({ssh_cm, C, {eof, Ch}}=M, #state{ch=Ch,cm=C} = State) ->
?DBG(State, "eof",[]),
{ok, State};
-handle_ssh_msg({ssh_cm, C, {signal, _Ch, _SigNameStr}=Sig} = M, #state{ch=Ch,cm=C} = State) ->
+handle_ssh_msg({ssh_cm, C, {signal, Ch, _SigNameStr}=Sig} = M, #state{ch=Ch,cm=C} = State) ->
%% Ignore signals according to RFC 4254 section 6.9.
tell_parent(M, State),
?DBG(State, "~p",[Sig]),
diff --git a/lib/ssh/test/ssh_compat_SUITE.erl b/lib/ssh/test/ssh_compat_SUITE.erl
index 8e82527c6e..06ed9082cf 100644
--- a/lib/ssh/test/ssh_compat_SUITE.erl
+++ b/lib/ssh/test/ssh_compat_SUITE.erl
@@ -150,8 +150,7 @@ init_per_group(G, Config0) ->
stop_docker(ID),
{fail, "Can't contact docker sshd"}
catch
- Class:Exc ->
- ST = erlang:get_stacktrace(),
+ Class:Exc:ST ->
ct:log("common_algs: ~p:~p~n~p",[Class,Exc,ST]),
stop_docker(ID),
{fail, "Failed during setup"}
@@ -160,8 +159,7 @@ init_per_group(G, Config0) ->
cant_start_docker ->
{skip, "Can't start docker"};
- C:E ->
- ST = erlang:get_stacktrace(),
+ C:E:ST ->
ct:log("No ~p~n~p:~p~n~p",[G,C,E,ST]),
{skip, "Can't start docker"}
end;
@@ -1026,8 +1024,7 @@ receive_hello(S) ->
Result ->
Result
catch
- Class:Error ->
- ST = erlang:get_stacktrace(),
+ Class:Error:ST ->
{error, {Class,Error,ST}}
end.
@@ -1104,8 +1101,7 @@ sftp_tests_erl_server(Config, ServerIP, ServerPort, ServerRootDir, UserDir) ->
call_sftp_in_docker(Config, ServerIP, ServerPort, Cmnds, UserDir),
check_local_directory(ServerRootDir)
catch
- Class:Error ->
- ST = erlang:get_stacktrace(),
+ Class:Error:ST ->
{error, {Class,Error,ST}}
end.
@@ -1133,7 +1129,7 @@ check_local_directory(ServerRootDir) ->
check_local_directory(ServerRootDir, SleepTime, N) ->
case do_check_local_directory(ServerRootDir) of
- {error,Error} when N>0 ->
+ {error,_Error} when N>0 ->
%% Could be that the erlang side is faster and the docker's operations
%% are not yet finalized.
%% Sleep for a while and retry a few times:
@@ -1347,8 +1343,7 @@ one_test_erl_client(SFTP, Id, C) when SFTP==sftp ; SFTP==sftp_async ->
catch ssh_sftp:stop_channel(Ch),
R
catch
- Class:Error ->
- ST = erlang:get_stacktrace(),
+ Class:Error:ST ->
{error, {SFTP,Id,Class,Error,ST}}
end.
diff --git a/lib/ssh/test/ssh_options_SUITE.erl b/lib/ssh/test/ssh_options_SUITE.erl
index 60d0da2a39..bf90f74324 100644
--- a/lib/ssh/test/ssh_options_SUITE.erl
+++ b/lib/ssh/test/ssh_options_SUITE.erl
@@ -214,7 +214,7 @@ init_per_testcase(_TestCase, Config) ->
file:make_dir(UserDir),
[{user_dir,UserDir}|Config].
-end_per_testcase(_TestCase, Config) ->
+end_per_testcase(_TestCase, _Config) ->
ssh:stop(),
ok.
diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl
index a1a7eebcde..1129303414 100644
--- a/lib/ssh/test/ssh_test_lib.erl
+++ b/lib/ssh/test/ssh_test_lib.erl
@@ -409,7 +409,7 @@ ct:log("DataDir ~p:~n ~p~n~nSystDir ~p:~n ~p~n~nUserDir ~p:~n ~p",[DataDir, file
setup_ecdsa_auth_keys(Size, DataDir, UserDir).
setup_eddsa(Alg, DataDir, UserDir) ->
- {IdPriv, IdPub, HostPriv, HostPub} =
+ {IdPriv, _IdPub, HostPriv, HostPub} =
case Alg of
ed25519 -> {"id_ed25519", "id_ed25519.pub", "ssh_host_ed25519_key", "ssh_host_ed25519_key.pub"};
ed448 -> {"id_ed448", "id_ed448.pub", "ssh_host_ed448_key", "ssh_host_ed448_key.pub"}
@@ -970,7 +970,7 @@ expected_state(_) -> false.
%%%----------------------------------------------------------------
%%% Return a string with N random characters
%%%
-random_chars(N) -> [crypto:rand_uniform($a,$z) || _<-lists:duplicate(N,x)].
+random_chars(N) -> [($a-1)+rand:uniform($z-$a) || _<-lists:duplicate(N,x)].
create_random_dir(Config) ->
diff --git a/lib/ssh/test/ssh_trpt_test_lib.erl b/lib/ssh/test/ssh_trpt_test_lib.erl
index f2c9892f95..3f4df2c986 100644
--- a/lib/ssh/test/ssh_trpt_test_lib.erl
+++ b/lib/ssh/test/ssh_trpt_test_lib.erl
@@ -570,75 +570,6 @@ receive_binary_msg(S0=#s{}) ->
-old_receive_binary_msg(S0=#s{ssh=C0=#ssh{decrypt_block_size = BlockSize,
- recv_mac_size = MacSize
- }
- }) ->
- case size(S0#s.encrypted_data_buffer) >= max(8,BlockSize) of
- false ->
- %% Need more bytes to decode the packet_length field
- Remaining = max(8,BlockSize) - size(S0#s.encrypted_data_buffer),
- receive_binary_msg( receive_wait(Remaining, S0) );
- true ->
- %% Has enough bytes to decode the packet_length field
- {_, <<?UINT32(PacketLen), _/binary>>, _} =
- ssh_transport:decrypt_blocks(S0#s.encrypted_data_buffer, BlockSize, C0), % FIXME: BlockSize should be at least 4
-
- %% FIXME: Check that ((4+PacketLen) rem BlockSize) == 0 ?
-
- S1 = if
- PacketLen > ?SSH_MAX_PACKET_SIZE ->
- fail({too_large_message,PacketLen},S0); % FIXME: disconnect
-
- ((4+PacketLen) rem BlockSize) =/= 0 ->
- fail(bad_packet_length_modulo, S0); % FIXME: disconnect
-
- size(S0#s.encrypted_data_buffer) >= (4 + PacketLen + MacSize) ->
- %% has the whole packet
- S0;
-
- true ->
- %% need more bytes to get have the whole packet
- Remaining = (4 + PacketLen + MacSize) - size(S0#s.encrypted_data_buffer),
- receive_wait(Remaining, S0)
- end,
-
- %% Decrypt all, including the packet_length part (re-use the initial #ssh{})
- {C1, SshPacket = <<?UINT32(_),?BYTE(PadLen),Tail/binary>>, EncRest} =
- ssh_transport:decrypt_blocks(S1#s.encrypted_data_buffer, PacketLen+4, C0),
-
- PayloadLen = PacketLen - 1 - PadLen,
- <<CompressedPayload:PayloadLen/binary, _Padding:PadLen/binary>> = Tail,
-
- {C2, Payload} = ssh_transport:decompress(C1, CompressedPayload),
-
- <<Mac:MacSize/binary, Rest/binary>> = EncRest,
-
- case {ssh_transport:is_valid_mac(Mac, SshPacket, C2),
- catch ssh_message:decode(set_prefix_if_trouble(Payload,S1))}
- of
- {false, _} -> fail(bad_mac,S1);
- {_, {'EXIT',_}} -> fail(decode_failed,S1);
-
- {true, Msg} ->
- C3 = case Msg of
- #ssh_msg_kexinit{} ->
- ssh_transport:key_init(opposite_role(C2), C2, Payload);
- _ ->
- C2
- end,
- S2 = opt(print_messages, S1,
- fun(X) when X==true;X==detail -> {"Recv~n~s~n",[format_msg(Msg)]} end),
- S3 = opt(print_messages, S2,
- fun(detail) -> {"decrypted bytes ~p~n",[SshPacket]} end),
- S3#s{ssh = inc_recv_seq_num(C3),
- encrypted_data_buffer = Rest,
- return_value = Msg
- }
- end
- end.
-
-
set_prefix_if_trouble(Msg = <<?BYTE(Op),_/binary>>, #s{alg=#alg{kex=Kex}})
when Op == 30;
Op == 31