From f11391139c4165e8541a52d45cd1525343a83927 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 10 Sep 2018 14:37:15 +0200 Subject: crypto: Generalize aes_gcm_(de|en)crypt nifs The EVP_CIPHER_CTX interface aims at enabling using the same code for many ciphers. Since we are going to add aes_ccm which is similar to aes_gcm, this commit is a preparation. It creates the aead_(de|en)crypt nifs and removes the old ones. --- lib/crypto/src/crypto.erl | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) (limited to 'lib/crypto/src') diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index c64586897e..cb281aac42 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -518,9 +518,9 @@ block_encrypt(des3_cfb, Key0, Ivec, PlainText) -> block_encrypt(aes_ige256, Key, Ivec, PlainText) -> notsup_to_error(aes_ige_crypt_nif(Key, Ivec, PlainText, true)); block_encrypt(aes_gcm, Key, Ivec, {AAD, PlainText}) -> - aes_gcm_encrypt(Key, Ivec, AAD, PlainText); + aead_encrypt(Key, Ivec, AAD, PlainText); block_encrypt(aes_gcm, Key, Ivec, {AAD, PlainText, TagLength}) -> - aes_gcm_encrypt(Key, Ivec, AAD, PlainText, TagLength); + aead_encrypt(Key, Ivec, AAD, PlainText, TagLength); block_encrypt(chacha20_poly1305, Key, Ivec, {AAD, PlainText}) -> chacha20_poly1305_encrypt(Key, Ivec, AAD, PlainText). @@ -551,8 +551,8 @@ block_decrypt(des3_cfb, Key0, Ivec, Data) -> block_crypt_nif(des_ede3_cfb, Key, Ivec, Data, false); block_decrypt(aes_ige256, Key, Ivec, Data) -> notsup_to_error(aes_ige_crypt_nif(Key, Ivec, Data, false)); -block_decrypt(aes_gcm, Key, Ivec, {AAD, Data, Tag}) -> - aes_gcm_decrypt(Key, Ivec, AAD, Data, Tag); +block_decrypt(Type, Key, Ivec, {AAD, Data, Tag}) when Type =:= aes_gcm -> + aead_decrypt(Type, Key, Ivec, AAD, Data, Tag); block_decrypt(chacha20_poly1305, Key, Ivec, {AAD, Data, Tag}) -> chacha20_poly1305_decrypt(Key, Ivec, AAD, Data, Tag). @@ -577,10 +577,8 @@ next_iv(Type, Data) when is_binary(Data) -> IVecSize = case Type of des_cbc -> 8; des3_cbc -> 8; - blowfish_cbc -> 8; aes_cbc -> 16; - aes_ige -> 32; % For compatibility if someone has bug-adapted code - aes_ige256 -> 32 % The name used in block_encrypt et al + aes_ige -> 32 end, {_, IVec} = split_binary(Data, size(Data) - IVecSize), IVec; @@ -1606,10 +1604,10 @@ check_des3_key(Key) -> %% AES - in Galois/Counter Mode (GCM) %% %% The default tag length is EVP_GCM_TLS_TAG_LEN(16), -aes_gcm_encrypt(Key, Ivec, AAD, In) -> - aes_gcm_encrypt(Key, Ivec, AAD, In, 16). -aes_gcm_encrypt(_Key, _Ivec, _AAD, _In, _TagLength) -> ?nif_stub. -aes_gcm_decrypt(_Key, _Ivec, _AAD, _In, _Tag) -> ?nif_stub. +aead_encrypt(Type=aes_gcm, Key, Ivec, AAD, In) -> aead_encrypt(Type, Key, Ivec, AAD, In, 16). + +aead_encrypt(_Type, _Key, _Ivec, _AAD, _In, _TagLength) -> ?nif_stub. +aead_decrypt(_Type, _Key, _Ivec, _AAD, _In, _Tag) -> ?nif_stub. %% %% Chacha20/Ppoly1305 -- cgit v1.2.3 From 2cf63f4e429c60b7d77bd15c73fd298ee53710ae Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 11 Sep 2018 17:21:30 +0200 Subject: crypto: Add AES_CCM crypto Will be increase interoperability of future SSL application versions. --- lib/crypto/src/crypto.erl | 40 ++++++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 18 deletions(-) (limited to 'lib/crypto/src') diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index cb281aac42..2f612b6121 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -262,7 +262,7 @@ | rc2_cbc . -type cbc_cipher() :: des_cbc | des3_cbc | aes_cbc | blowfish_cbc . --type aead_cipher() :: aes_gcm | chacha20_poly1305 . +-type aead_cipher() :: aes_gcm | aes_ccm | chacha20_poly1305 . -type cfb_cipher() :: aes_cfb128 | aes_cfb8 | blowfish_cfb64 | des3_cfb | des_cfb . -type block_cipher_without_iv() :: ecb_cipher() . @@ -490,23 +490,23 @@ poly1305(Key, Data) -> -spec block_encrypt(Type::block_cipher_with_iv(), Key::key()|des3_key(), Ivec::binary(), PlainText::iodata()) -> binary(); (Type::aead_cipher(), Key::iodata(), Ivec::binary(), {AAD::binary(), PlainText::iodata()}) -> {binary(), binary()}; - (aes_gcm, Key::iodata(), Ivec::binary(), {AAD::binary(), PlainText::iodata(), TagLength::1..16}) -> + (aes_gcm | aes_ccm, Key::iodata(), Ivec::binary(), {AAD::binary(), PlainText::iodata(), TagLength::1..16}) -> {binary(), binary()}. block_encrypt(Type, Key, Ivec, PlainText) when Type =:= des_cbc; - Type =:= des_cfb; - Type =:= blowfish_cbc; - Type =:= blowfish_cfb64; - Type =:= blowfish_ofb64; - Type =:= aes_cbc128; - Type =:= aes_cfb8; - Type =:= aes_cfb128; - Type =:= aes_cbc256; - Type =:= aes_cbc; - Type =:= rc2_cbc -> + Type =:= des_cfb; + Type =:= blowfish_cbc; + Type =:= blowfish_cfb64; + Type =:= blowfish_ofb64; + Type =:= aes_cbc128; + Type =:= aes_cfb8; + Type =:= aes_cfb128; + Type =:= aes_cbc256; + Type =:= aes_cbc; + Type =:= rc2_cbc -> block_crypt_nif(Type, Key, Ivec, PlainText, true); block_encrypt(Type, Key0, Ivec, PlainText) when Type =:= des3_cbc; - Type =:= des_ede3 -> + Type =:= des_ede3 -> Key = check_des3_key(Key0), block_crypt_nif(des_ede3_cbc, Key, Ivec, PlainText, true); block_encrypt(des3_cbf, Key0, Ivec, PlainText) -> % cfb misspelled @@ -517,10 +517,12 @@ block_encrypt(des3_cfb, Key0, Ivec, PlainText) -> block_crypt_nif(des_ede3_cfb, Key, Ivec, PlainText, true); block_encrypt(aes_ige256, Key, Ivec, PlainText) -> notsup_to_error(aes_ige_crypt_nif(Key, Ivec, PlainText, true)); -block_encrypt(aes_gcm, Key, Ivec, {AAD, PlainText}) -> - aead_encrypt(Key, Ivec, AAD, PlainText); -block_encrypt(aes_gcm, Key, Ivec, {AAD, PlainText, TagLength}) -> - aead_encrypt(Key, Ivec, AAD, PlainText, TagLength); +block_encrypt(Type, Key, Ivec, {AAD, PlainText}) when Type =:= aes_gcm; + Type =:= aes_ccm -> + aead_encrypt(Type, Key, Ivec, AAD, PlainText); +block_encrypt(Type, Key, Ivec, {AAD, PlainText, TagLength}) when Type =:= aes_gcm; + Type =:= aes_ccm -> + aead_encrypt(Type, Key, Ivec, AAD, PlainText, TagLength); block_encrypt(chacha20_poly1305, Key, Ivec, {AAD, PlainText}) -> chacha20_poly1305_encrypt(Key, Ivec, AAD, PlainText). @@ -551,7 +553,8 @@ block_decrypt(des3_cfb, Key0, Ivec, Data) -> block_crypt_nif(des_ede3_cfb, Key, Ivec, Data, false); block_decrypt(aes_ige256, Key, Ivec, Data) -> notsup_to_error(aes_ige_crypt_nif(Key, Ivec, Data, false)); -block_decrypt(Type, Key, Ivec, {AAD, Data, Tag}) when Type =:= aes_gcm -> +block_decrypt(Type, Key, Ivec, {AAD, Data, Tag}) when Type =:= aes_gcm; + Type =:= aes_ccm -> aead_decrypt(Type, Key, Ivec, AAD, Data, Tag); block_decrypt(chacha20_poly1305, Key, Ivec, {AAD, Data, Tag}) -> chacha20_poly1305_decrypt(Key, Ivec, AAD, Data, Tag). @@ -1604,6 +1607,7 @@ check_des3_key(Key) -> %% AES - in Galois/Counter Mode (GCM) %% %% The default tag length is EVP_GCM_TLS_TAG_LEN(16), +aead_encrypt(Type=aes_ccm, Key, Ivec, AAD, In) -> aead_encrypt(Type, Key, Ivec, AAD, In, 12); aead_encrypt(Type=aes_gcm, Key, Ivec, AAD, In) -> aead_encrypt(Type, Key, Ivec, AAD, In, 16). aead_encrypt(_Type, _Key, _Ivec, _AAD, _In, _TagLength) -> ?nif_stub. -- cgit v1.2.3