[erlang-patches] error in crypto application
Sverker Eriksson
sverker.eriksson@REDACTED
Fri Jul 6 14:55:45 CEST 2012
Thanks for your contribution, Stefan.
This latest patch (plus an expanded test case) is now scheduled for R15B02.
/Sverker
Stefan Zegenhagen wrote:
> Dear all,
>
> here, comes a third version of the patch that
> * fixes the aes_cfb_128_crypt() function to not require the
> plaintext/cipher data to be a multiple of 16 bytes in length
> * adjusts the documentation accordingly, and
> * leaves the aes_cbc_crypt() function untouched because its
> current API in erlang requires the plaintext/cipher data to be a
> multiple of 16 bytes.
>
>
> Kind regards,
>
>
> --- snip ---
> >From c9f86ea4a2244deeae4efd2955b329857d91e340 Mon Sep 17 00:00:00 2001
> From: Stefan Zegenhagen <stefan.zegenhagen@REDACTED>
> Date: Mon, 2 Jul 2012 22:00:09 +0200
> Subject: [PATCH] CRYPTO: aes_cfb_128_crypt can handle arbitrary text length
>
> The OpenSSL implementation of AES_cfb128_encrypt can handle data to
> en-/decrypt with arbitrary length.
>
> The restriction that the data length needs to be a multiple of 16 bytes
> is unnecessary and breaks the SNMP application (causing decryption and
> encryption errors in SNMPv3 AES-encrypted packets).
> ---
> lib/crypto/c_src/crypto.c | 3 +--
> lib/crypto/doc/src/crypto.xml | 42 ++++++++++++++++++++++++++++++++++-------
> 2 files changed, 36 insertions(+), 9 deletions(-)
>
> diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
> index 4be593e..a6a81d6 100644
> --- a/lib/crypto/c_src/crypto.c
> +++ b/lib/crypto/c_src/crypto.c
> @@ -954,8 +954,7 @@ static ERL_NIF_TERM aes_cfb_128_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TE
>
> if (!enif_inspect_iolist_as_binary(env, argv[0], &key) || key.size != 16
> || !enif_inspect_binary(env, argv[1], &ivec) || ivec.size != 16
> - || !enif_inspect_iolist_as_binary(env, argv[2], &text)
> - || text.size % 16 != 0) {
> + || !enif_inspect_iolist_as_binary(env, argv[2], &text)) {
> return enif_make_badarg(env);
> }
>
> diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
> index 19db6c9..ff939ce 100644
> --- a/lib/crypto/doc/src/crypto.xml
> +++ b/lib/crypto/doc/src/crypto.xml
> @@ -643,16 +643,14 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
>
> <func>
> <name>aes_cfb_128_encrypt(Key, IVec, Text) -> Cipher</name>
> - <name>aes_cbc_128_encrypt(Key, IVec, Text) -> Cipher</name>
> - <fsummary>Encrypt <c>Text</c>according to AES in Cipher Feedback mode or Cipher Block Chaining mode</fsummary>
> + <fsummary>Encrypt <c>Text</c>according to AES in Cipher Feedback mode</fsummary>
> <type>
> <v>Key = Text = iolist() | binary()</v>
> <v>IVec = Cipher = binary()</v>
> </type>
> <desc>
> <p>Encrypts <c>Text</c> according to AES in Cipher Feedback
> - mode (CFB) or Cipher Block Chaining mode (CBC). <c>Text</c>
> - must be a multiple of 128 bits (16 bytes). <c>Key</c> is the
> + mode (CFB).<c>Key</c> is the
> AES key, and <c>IVec</c> is an arbitrary initializing vector.
> The lengths of <c>Key</c> and <c>IVec</c> must be 128 bits
> (16 bytes).</p>
> @@ -660,15 +658,45 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
> </func>
> <func>
> <name>aes_cfb_128_decrypt(Key, IVec, Cipher) -> Text</name>
> + <fsummary>Decrypt <c>Cipher</c>according to AES in Cipher Feedback mode</fsummary>
> + <type>
> + <v>Key = Cipher = iolist() | binary()</v>
> + <v>IVec = Text = binary()</v>
> + </type>
> + <desc>
> + <p>Decrypts <c>Cipher</c> according to AES in Cipher Feedback Mode (CFB).
> + <c>Key</c> is the AES key, and <c>IVec</c> is an arbitrary
> + initializing vector. <c>Key</c> and <c>IVec</c> must have
> + the same values as those used when encrypting. The lengths of
> + <c>Key</c> and <c>IVec</c> must be 128 bits (16 bytes).</p>
> + </desc>
> + </func>
> + <func>
> + <name>aes_cbc_128_encrypt(Key, IVec, Text) -> Cipher</name>
> + <fsummary>Encrypt <c>Text</c>according to AES in Cipher Block Chaining mode</fsummary>
> + <type>
> + <v>Key = Text = iolist() | binary()</v>
> + <v>IVec = Cipher = binary()</v>
> + </type>
> + <desc>
> + <p>Encrypts <c>Text</c> according to AES in Cipher Block Chaining
> + mode (CBC). <c>Text</c>
> + must be a multiple of 128 bits (16 bytes). <c>Key</c> is the
> + AES key, and <c>IVec</c> is an arbitrary initializing vector.
> + The lengths of <c>Key</c> and <c>IVec</c> must be 128 bits
> + (16 bytes).</p>
> + </desc>
> + </func>
> + <func>
> <name>aes_cbc_128_decrypt(Key, IVec, Cipher) -> Text</name>
> - <fsummary>Decrypt <c>Cipher</c>according to AES in Cipher Feedback mode or Cipher Block Chaining mode</fsummary>
> + <fsummary>Decrypt <c>Cipher</c>according to AES in Cipher Block Chaining mode</fsummary>
> <type>
> <v>Key = Cipher = iolist() | binary()</v>
> <v>IVec = Text = binary()</v>
> </type>
> <desc>
> - <p>Decrypts <c>Cipher</c> according to Cipher Feedback Mode (CFB)
> - or Cipher Block Chaining mode (CBC).
> + <p>Decrypts <c>Cipher</c> according to AES in Cipher Block
> + Chaining mode (CBC).
> <c>Key</c> is the AES key, and <c>IVec</c> is an arbitrary
> initializing vector. <c>Key</c> and <c>IVec</c> must have
> the same values as those used when encrypting. <c>Cipher</c>
>
More information about the erlang-patches
mailing list