Erlang Crypto New API crypto_one_time/5 does not accept Options: [{encrypt,true}]

xmjla07d  于 2022-12-08  发布在  Erlang
关注(0)|答案(2)|浏览(94)

Erlang Crypto new API does not work with crypto_ops()
Erts: 10.6.4
http://erlang.org/doc/apps/crypto/new_api.html#example-of-crypto_one_time-5
Example:

Key = <<1:128>>.
IV = <<0:128>>.
     
crypto:crypto_one_time(aes_128_ctr, Key, IV, <<"test">>,true).

Works as expected:

<<113,32,217,161>>

According to documentation:

FlagOrOptions = crypto_opts() | boolean()

crypto_opts() = boolean() | [crypto_opt()]
crypto_opt() = {encrypt, boolean()} | {padding, padding()}

"Selects encryption ({encrypt,true}) or decryption ({encrypt,false}) in the New API."
When I do:

Key = <<1:128>>.
IV = <<0:128>>.
crypto:crypto_one_time(aes_128_ctr, Key, IV, <<"test">>,[{encrypt,true}]).

I got error message:

* exception error: {badarg,{"api_ng.c",72},"Bad enc flag"}
 in function  crypto:ng_crypto_one_time_nif/5
    called as crypto:ng_crypto_one_time_nif(aes_128_ctr,
                                            <<0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1>>,
                                            <<0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0>>,
                                            <<"test">>,
                                            [{encrypt,true}])
sdnqo3pr

sdnqo3pr1#

After some investigation of Erlang repository on github I see that the function crypto:crypto_one_time/5 was changed for working with options, see OTP-22.2.8 and for comparison please, see OTP-23.0.3. Also if you take a look to the crypto_init/3 function in OTP-22.2.8 and will try compare with crypto_init/3 function in OTP-23.0.3 you will can see that the specification of variable and the name of variable was changed from EncryptFlag :: boolean() to FlagOrOptions :: crypto_opts() | boolean() . So, this is mean that looks like the pass of options like [{encrypt, true/false}] and [{padding, true/false}] wasn't implemented at all in OTP-22.2.8 and for start using those options you need to upgrade Erlang till latest version.

a6b3iqyw

a6b3iqyw2#

It looks like the ERTS 10.6.4 has a bug in crypto_one_time implementation. I am running erts 11.0 and it works fine:

alexei@MacBook-Pro src % erl                                                              
Erlang/OTP 23 [erts-11.0] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] [hipe] [dtrace]

Eshell V11.0  (abort with ^G)

1> Key = <<1:128>>.
<<0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1>>
2> IV = <<0:128>>.
<<0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0>>
3> crypto:crypto_one_time(aes_128_ctr, Key, IV, <<"test">>,[{encrypt,true}]).
<<113,32,217,161>>

Just update Erlang version.

相关问题