[erlang-patches] error in crypto application

Sverker Eriksson sverker.eriksson@REDACTED
Fri Jul 6 14:55:45 CEST 2012 

Thanks for your contribution, Stefan.

This latest patch (plus an expanded test case) is now scheduled for R15B02.

/Sverker

Stefan Zegenhagen wrote:
> Dear all,
>
> here, comes a third version of the patch that
>       * fixes the aes_cfb_128_crypt() function to not require the
>         plaintext/cipher data to be a multiple of 16 bytes in length
>       * adjusts the documentation accordingly, and
>       * leaves the aes_cbc_crypt() function untouched because its
>         current API in erlang requires the plaintext/cipher data to be a
>         multiple of 16 bytes.
>
>
> Kind regards,
>
>
> --- snip ---
> >From c9f86ea4a2244deeae4efd2955b329857d91e340 Mon Sep 17 00:00:00 2001
> From: Stefan Zegenhagen <stefan.zegenhagen@REDACTED>
> Date: Mon, 2 Jul 2012 22:00:09 +0200
> Subject: [PATCH] CRYPTO: aes_cfb_128_crypt can handle arbitrary text length
>
> The OpenSSL implementation of AES_cfb128_encrypt can handle data to
> en-/decrypt with arbitrary length.
>
> The restriction that the data length needs to be a multiple of 16 bytes
> is unnecessary and breaks the SNMP application (causing decryption and
> encryption errors in SNMPv3 AES-encrypted packets).
> ---
>  lib/crypto/c_src/crypto.c     |    3 +--
>  lib/crypto/doc/src/crypto.xml |   42 ++++++++++++++++++++++++++++++++++-------
>  2 files changed, 36 insertions(+), 9 deletions(-)
>
> diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
> index 4be593e..a6a81d6 100644
> --- a/lib/crypto/c_src/crypto.c
> +++ b/lib/crypto/c_src/crypto.c
> @@ -954,8 +954,7 @@ static ERL_NIF_TERM aes_cfb_128_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TE
>  
>      if (!enif_inspect_iolist_as_binary(env, argv[0], &key) || key.size != 16
>  	|| !enif_inspect_binary(env, argv[1], &ivec) || ivec.size != 16
> -	|| !enif_inspect_iolist_as_binary(env, argv[2], &text)
> -	|| text.size % 16 != 0) {
> +	|| !enif_inspect_iolist_as_binary(env, argv[2], &text)) {
>  	return enif_make_badarg(env);
>      }
>  
> diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
> index 19db6c9..ff939ce 100644
> --- a/lib/crypto/doc/src/crypto.xml
> +++ b/lib/crypto/doc/src/crypto.xml
> @@ -643,16 +643,14 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
>  
>      <func>
>        <name>aes_cfb_128_encrypt(Key, IVec, Text) -> Cipher</name>
> -      <name>aes_cbc_128_encrypt(Key, IVec, Text) -> Cipher</name>
> -      <fsummary>Encrypt <c>Text</c>according to AES in Cipher Feedback  mode or Cipher Block Chaining mode</fsummary>
> +      <fsummary>Encrypt <c>Text</c>according to AES in Cipher Feedback mode</fsummary>
>        <type>
>          <v>Key = Text = iolist() | binary()</v>
>          <v>IVec = Cipher = binary()</v>
>        </type>
>        <desc>
>          <p>Encrypts <c>Text</c> according to AES in Cipher Feedback 
> -          mode (CFB) or Cipher Block Chaining mode (CBC). <c>Text</c>
> -          must be a multiple of 128 bits (16 bytes). <c>Key</c> is the
> +          mode (CFB).<c>Key</c> is the
>            AES key, and <c>IVec</c> is an arbitrary initializing vector.
>            The lengths of <c>Key</c> and <c>IVec</c> must be 128 bits
>            (16 bytes).</p>
> @@ -660,15 +658,45 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
>      </func>
>      <func>
>        <name>aes_cfb_128_decrypt(Key, IVec, Cipher) -> Text</name>
> +      <fsummary>Decrypt <c>Cipher</c>according to AES in Cipher Feedback mode</fsummary>
> +      <type>
> +        <v>Key = Cipher = iolist() | binary()</v>
> +        <v>IVec = Text = binary()</v>
> +      </type>
> +      <desc>
> +        <p>Decrypts <c>Cipher</c> according to AES in Cipher Feedback Mode (CFB).
> +          <c>Key</c> is the AES key, and <c>IVec</c> is an arbitrary
> +          initializing vector. <c>Key</c> and <c>IVec</c> must have
> +          the same values as those used when encrypting. The lengths of
> +          <c>Key</c> and <c>IVec</c> must be 128 bits (16 bytes).</p>
> +      </desc>
> +    </func>
> +    <func>
> +      <name>aes_cbc_128_encrypt(Key, IVec, Text) -> Cipher</name>
> +      <fsummary>Encrypt <c>Text</c>according to AES in Cipher Block Chaining mode</fsummary>
> +      <type>
> +        <v>Key = Text = iolist() | binary()</v>
> +        <v>IVec = Cipher = binary()</v>
> +      </type>
> +      <desc>
> +          <p>Encrypts <c>Text</c> according to AES in Cipher Block Chaining
> +          mode (CBC). <c>Text</c>
> +          must be a multiple of 128 bits (16 bytes). <c>Key</c> is the
> +          AES key, and <c>IVec</c> is an arbitrary initializing vector.
> +          The lengths of <c>Key</c> and <c>IVec</c> must be 128 bits
> +          (16 bytes).</p>
> +      </desc>
> +    </func>
> +    <func>
>        <name>aes_cbc_128_decrypt(Key, IVec, Cipher) -> Text</name>
> -      <fsummary>Decrypt <c>Cipher</c>according to AES in Cipher Feedback  mode or Cipher Block Chaining mode</fsummary>
> +      <fsummary>Decrypt <c>Cipher</c>according to AES in Cipher Block Chaining mode</fsummary>
>        <type>
>          <v>Key = Cipher = iolist() | binary()</v>
>          <v>IVec = Text = binary()</v>
>        </type>
>        <desc>
> -        <p>Decrypts <c>Cipher</c> according to Cipher Feedback Mode (CFB)
> -          or Cipher Block Chaining mode (CBC).
> +          <p>Decrypts <c>Cipher</c> according to AES in Cipher Block
> +          Chaining mode (CBC).
>            <c>Key</c> is the AES key, and <c>IVec</c> is an arbitrary
>            initializing vector. <c>Key</c> and <c>IVec</c> must have
>            the same values as those used when encrypting. <c>Cipher</c>
>

More information about the erlang-patches mailing list