2020-export ([encrypt_term /5 , decrypt_term /5 ]).
2121-export ([encrypt /5 , decrypt /5 ]).
2222
23+ % % A lot of ugly code in this module can be removed once we support OTP-22+.
24+ -ifdef (OTP_RELEASE ).
25+ -if (? OTP_RELEASE >= 22 ).
26+ -define (HAS_CRYPTO_INFO_FUNCTIONS , 1 ).
27+ -endif .
28+ -endif .
29+
2330% % Supported ciphers and hashes
2431
32+ -ifdef (HAS_CRYPTO_INFO_FUNCTIONS ).
33+
34+ % % We only support block ciphers that use an initialization vector.
35+
36+ supported_ciphers () ->
37+ SupportedByCrypto = proplists :get_value (ciphers , crypto :supports ()),
38+ lists :filter (fun (Cipher ) ->
39+ Mode = maps :get (mode , crypto :cipher_info (Cipher )),
40+ not lists :member (Mode , [ccm_mode , ecb_mode , gcm_mode , stream_cipher ])
41+ end ,
42+ SupportedByCrypto ).
43+
44+ -else .
45+
2546supported_ciphers () ->
26- NotSupportedByUs = [% % These ciphers should be supported in a future version.
27- aes_128_ccm , aes_192_ccm , aes_256_ccm ,
28- aes_128_ctr , aes_192_ctr , aes_256_ctr ,
29- aes_128_gcm , aes_192_gcm , aes_256_gcm ,
47+ NotSupportedByUs = [aes_ccm , aes_128_ccm , aes_192_ccm , aes_256_ccm ,
48+ aes_gcm , aes_128_gcm , aes_192_gcm , aes_256_gcm ,
49+ aes_ecb , aes_128_ecb , aes_192_ecb , aes_256_ecb ,
3050 chacha20 , chacha20_poly1305 ,
31- % % These are aliases that correspond to multiple ciphers.
32- aes_ccm , aes_ctr , aes_gcm ,
33- % % These ciphers will never be supported.
34- aes_ecb , blowfish_ecb , des_ecb , rc4 ],
51+ blowfish_ecb , des_ecb , rc4 ],
3552 SupportedByCrypto = proplists :get_value (ciphers , crypto :supports ()),
3653 lists :filter (fun (Cipher ) ->
3754 not lists :member (Cipher , NotSupportedByUs )
3855 end ,
3956 SupportedByCrypto ).
4057
58+ -endif .
59+
4160supported_hashes () ->
42- NotSupportedByUs = [md4 , ripemd160 ],
43- SupportedByCrypto = proplists :get_value (hashs , crypto :supports ()),
44- lists :filter (fun (Hash ) ->
45- not lists :member (Hash , NotSupportedByUs )
46- end ,
47- SupportedByCrypto ).
61+ proplists :get_value (hashs , crypto :supports ()).
4862
4963% % Default encryption parameters (keep those in sync with rabbit.app.src)
5064default_cipher () ->
@@ -116,16 +130,25 @@ unpad(Data) ->
116130 N = binary :last (Data ),
117131 binary :part (Data , 0 , byte_size (Data ) - N ).
118132
119- % % These functions are necessary because the current Erlang crypto interface
120- % % is lacking interfaces to the following OpenSSL functions:
121- % %
122- % % * int EVP_MD_size(const EVP_MD *md);
123- % % * int EVP_CIPHER_iv_length(const EVP_CIPHER *e);
124- % % * int EVP_CIPHER_key_length(const EVP_CIPHER *e);
125- % % * int EVP_CIPHER_block_size(const EVP_CIPHER *e);
133+ -ifdef (HAS_CRYPTO_INFO_FUNCTIONS ).
134+
135+ hash_length (Type ) ->
136+ maps :get (size , crypto :hash_info (Type )).
137+
138+ iv_length (Type ) ->
139+ maps :get (iv_length , crypto :cipher_info (Type )).
140+
141+ key_length (Type ) ->
142+ maps :get (key_length , crypto :cipher_info (Type )).
143+
144+ block_size (Type ) ->
145+ maps :get (block_size , crypto :cipher_info (Type )).
146+
147+ -else .
126148
127149hash_length (md4 ) -> 16 ;
128150hash_length (md5 ) -> 16 ;
151+ hash_length (ripemd160 ) -> 20 ;
129152hash_length (sha ) -> 20 ;
130153hash_length (sha224 ) -> 28 ;
131154hash_length (sha3_224 ) -> 28 ;
@@ -159,6 +182,16 @@ iv_length(aes_cbc256) -> 16;
159182iv_length (aes_128_cbc ) -> 16 ;
160183iv_length (aes_192_cbc ) -> 16 ;
161184iv_length (aes_256_cbc ) -> 16 ;
185+ iv_length (aes_128_cfb8 ) -> 16 ;
186+ iv_length (aes_192_cfb8 ) -> 16 ;
187+ iv_length (aes_256_cfb8 ) -> 16 ;
188+ iv_length (aes_128_cfb128 ) -> 16 ;
189+ iv_length (aes_192_cfb128 ) -> 16 ;
190+ iv_length (aes_256_cfb128 ) -> 16 ;
191+ iv_length (aes_ctr ) -> 16 ;
192+ iv_length (aes_128_ctr ) -> 16 ;
193+ iv_length (aes_192_ctr ) -> 16 ;
194+ iv_length (aes_256_ctr ) -> 16 ;
162195iv_length (aes_ige256 ) -> 32 .
163196
164197key_length (des_cbc ) -> 8 ;
@@ -182,17 +215,29 @@ key_length(aes_cbc256) -> 32;
182215key_length (aes_128_cbc ) -> 16 ;
183216key_length (aes_192_cbc ) -> 24 ;
184217key_length (aes_256_cbc ) -> 32 ;
218+ key_length (aes_128_cfb8 ) -> 16 ;
219+ key_length (aes_192_cfb8 ) -> 24 ;
220+ key_length (aes_256_cfb8 ) -> 32 ;
221+ key_length (aes_128_cfb128 ) -> 16 ;
222+ key_length (aes_192_cfb128 ) -> 24 ;
223+ key_length (aes_256_cfb128 ) -> 32 ;
224+ key_length (aes_ctr ) -> 32 ;
225+ key_length (aes_128_ctr ) -> 16 ;
226+ key_length (aes_192_ctr ) -> 24 ;
227+ key_length (aes_256_ctr ) -> 32 ;
185228key_length (aes_ige256 ) -> 16 .
186229
187- block_size (aes_cbc ) -> 32 ;
188- block_size (aes_cbc256 ) -> 32 ;
189- block_size (aes_cbc128 ) -> 32 ;
190- block_size (aes_128_cbc ) -> 32 ;
191- block_size (aes_192_cbc ) -> 32 ;
192- block_size (aes_256_cbc ) -> 32 ;
193- block_size (aes_ige256 ) -> 32 ;
230+ block_size (aes_cbc ) -> 16 ;
231+ block_size (aes_cbc256 ) -> 16 ;
232+ block_size (aes_cbc128 ) -> 16 ;
233+ block_size (aes_128_cbc ) -> 16 ;
234+ block_size (aes_192_cbc ) -> 16 ;
235+ block_size (aes_256_cbc ) -> 16 ;
236+ block_size (aes_ige256 ) -> 16 ;
194237block_size (_ ) -> 8 .
195238
239+ -endif .
240+
196241% % The following was taken from OTP's lib/public_key/src/pubkey_pbe.erl
197242% %
198243% % This is an undocumented interface to password-based encryption algorithms.
0 commit comments