OTP-19 crypto changes

27 views
Skip to first unread message

Andrew

unread,
Mar 22, 2017, 1:42:26 PM3/22/17
to Erlang Questions
During migration to OTP-19 I faced with the issue that an app cannot decrypt aes_cfb128 messages from another project (on another language) anymore.

I see that starting from OTP-19 Erlang uses EVP interface in OpenSSL, https://www.erlang.org/news/tag/OTP-19:
  • crypto: uses EVP interface in OpenSSL resulting in generally better performance and support for HW acceleration
I've played with the different versions to see results of encryption:

erl-19.3> crypto:block_encrypt(aes_cfb128, <<"key12345678901234567890123456789">>, <<"ivec123456789012">>, <<"text1234567890text1234567890text1234567890">>).

<<88,38,193,63,253,210,228,32,238,0,114,159,160,232,106,231,227,46,117,38,35,52,73,200,227,78,135,170,152,...>>


erl-19.0.2> crypto:block_encrypt(aes_cfb128, <<"key12345678901234567890123456789">>, <<"ivec123456789012">>, <<"text1234567890text1234567890text1234567890">>).

<<88,38,193,63,253,210,228,32,238,0,114,159,160,232,106,231,227,46,117,38,35,52,73,200,227,78,135,170,152,...>>


erl-18.3> crypto:block_encrypt(aes_cfb128, <<"key12345678901234567890123456789">>, <<"ivec123456789012">>, <<"text1234567890text1234567890text1234567890">>).

<<88,130,151,173,239,30,140,86,224,131,220,10,250,208,248,103,219,108,249,145,73,38,0,33,134,163,227,9,236,...>>


erl-18.1> crypto:block_encrypt(aes_cfb128, <<"key12345678901234567890123456789">>, <<"ivec123456789012">>, <<"text1234567890text1234567890text1234567890">>).

<<88,130,151,173,239,30,140,86,224,131,220,10,250,208,248,103,219,108,249,145,73,38,0,33,134,163,227,9,236,...>>


erl-17.5> crypto:block_encrypt(aes_cfb128, <<"key12345678901234567890123456789">>, <<"ivec123456789012">>, <<"text1234567890text1234567890text1234567890">>).

<<88,130,151,173,239,30,140,86,224,131,220,10,250,208,248,103,219,108,249,145,73,38,0,33,134,163,227,9,236,...>>


As you see output changed since the EVP interface in OpenSSL (OTP-19). Any advice what changed exactly and how to achieve results of the previous versions? 

Actually what I need is to decrypt by crypto:block_decrypt(aes_cfb128, key, iv, crypt) received from another language.

Thanks,
Andrew

Andrew

unread,
Mar 23, 2017, 9:13:57 AM3/23/17
to Erlang Questions
Found that in case of key length 32 (what is in my case) there is some issue with OpenSSL: https://github.com/erlang/otp/blob/OTP-19.0.2/lib/crypto/c_src/crypto.c#L1371

And as a result, NIF calls CRYPTO_cfb128_8_encrypt (OTP-19) instead of CRYPTO_cfb128_encrypt (OTP-18), what seems will not produce the same data:

Andrew

unread,
Mar 23, 2017, 10:20:14 AM3/23/17
to Erlang Questions
Ok, here is an open task: https://bugs.erlang.org/browse/ERL-328
Reply all
Reply to author
Forward
0 new messages