From c7cab680b80ef9220832151ed2c8c23a5d590b8b Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 31 Jan 2019 10:27:23 +0100 Subject: crypto: New experimental api The new files api_ng.h and api_ng.c implements an api using EVP. The api is not by any mean new, except for the crypto application in Erlang/OTP. The aims at using the block api in a stream manor, that is 1) call crypto_init/4 2..N) call crypto_update/{2,3} The purpose is to simplify and hopefully optimize the SSL and SSH applications. By keeping the crypto state in C in an enif_resource the costful state copying in SSL and SSH is reduced with 1-2 per message sent or received. Changes in other files are for adaptation like FIPS etc since many functions uses the central get_cipher_type() function. --- lib/crypto/c_src/aes.c | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) (limited to 'lib/crypto/c_src/aes.c') diff --git a/lib/crypto/c_src/aes.c b/lib/crypto/c_src/aes.c index 2f30ec8a58..ee2bb70fb7 100644 --- a/lib/crypto/c_src/aes.c +++ b/lib/crypto/c_src/aes.c @@ -166,8 +166,6 @@ ERL_NIF_TERM aes_ige_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv } -/* Initializes state for ctr streaming (de)encryption -*/ #ifdef HAVE_EVP_AES_CTR ERL_NIF_TERM aes_ctr_stream_init(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) {/* (Key, IVec) */ @@ -279,27 +277,31 @@ ERL_NIF_TERM aes_ctr_stream_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM ERL_NIF_TERM aes_ctr_stream_init(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) {/* (Key, IVec) */ + ASSERT(argc == 2); + + return aes_ctr_stream_init_compat(env, argv[0], argv[1]); +} + + +ERL_NIF_TERM aes_ctr_stream_init_compat(ErlNifEnv* env, const ERL_NIF_TERM key_term, const ERL_NIF_TERM iv_term) +{ ErlNifBinary key_bin, ivec_bin; ERL_NIF_TERM ecount_bin; unsigned char *outp; - - ASSERT(argc == 2); - - if (!enif_inspect_iolist_as_binary(env, argv[0], &key_bin)) + + if (!enif_inspect_iolist_as_binary(env, key_term, &key_bin)) goto bad_arg; if (key_bin.size != 16 && key_bin.size != 24 && key_bin.size != 32) goto bad_arg; - if (!enif_inspect_binary(env, argv[1], &ivec_bin)) + if (!enif_inspect_binary(env, iv_term, &ivec_bin)) goto bad_arg; if (ivec_bin.size != 16) goto bad_arg; - if ((outp = enif_make_new_binary(env, AES_BLOCK_SIZE, &ecount_bin)) == NULL) goto err; - memset(outp, 0, AES_BLOCK_SIZE); - return enif_make_tuple4(env, argv[0], argv[1], ecount_bin, enif_make_int(env, 0)); + return enif_make_tuple4(env, key_term, iv_term, ecount_bin, enif_make_int(env, 0)); bad_arg: err: @@ -307,6 +309,14 @@ ERL_NIF_TERM aes_ctr_stream_init(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar } ERL_NIF_TERM aes_ctr_stream_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) +{ + ASSERT(argc == 2); + + return aes_ctr_stream_encrypt_compat(env, argv[0], argv[1]); +} + + +ERL_NIF_TERM aes_ctr_stream_encrypt_compat(ErlNifEnv* env, const ERL_NIF_TERM state_arg, const ERL_NIF_TERM data_arg) {/* ({Key, IVec, ECount, Num}, Data) */ ErlNifBinary key_bin, ivec_bin, text_bin, ecount_bin; AES_KEY aes_key; @@ -318,9 +328,7 @@ ERL_NIF_TERM aes_ctr_stream_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM unsigned char * ecount2_buf; unsigned char *outp; - ASSERT(argc == 2); - - if (!enif_get_tuple(env, argv[0], &state_arity, &state_term)) + if (!enif_get_tuple(env, state_arg, &state_arity, &state_term)) goto bad_arg; if (state_arity != 4) goto bad_arg; @@ -338,7 +346,7 @@ ERL_NIF_TERM aes_ctr_stream_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM goto bad_arg; if (!enif_get_uint(env, state_term[3], &num)) goto bad_arg; - if (!enif_inspect_iolist_as_binary(env, argv[1], &text_bin)) + if (!enif_inspect_iolist_as_binary(env, data_arg, &text_bin)) goto bad_arg; /* NOTE: This function returns 0 on success unlike most OpenSSL functions */ -- cgit v1.2.3