Skip to content

Commit

Permalink
Drop earlier Erlang/OTP versions
Browse files Browse the repository at this point in the history
  • Loading branch information
josevalim committed Oct 4, 2023
1 parent 5884b46 commit 1245751
Show file tree
Hide file tree
Showing 5 changed files with 25 additions and 52 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ jobs:
matrix:
include:
- pair:
elixir: 1.7.4
otp: 20.3.8.26
elixir: 1.11
otp: 23.3
- pair:
elixir: 1.14.2
elixir: 1.14
otp: 25.2
lint: lint
steps:
Expand Down
7 changes: 1 addition & 6 deletions lib/plug/crypto/key_generator.ex
Original file line number Diff line number Diff line change
Expand Up @@ -92,10 +92,5 @@ defmodule Plug.Crypto.KeyGenerator do
iterate(fun, iteration - 1, next, :crypto.exor(next, acc))
end

# TODO: remove when we require OTP 22.1
if Code.ensure_loaded?(:crypto) and function_exported?(:crypto, :mac, 4) do
defp hmac_fun(digest, key), do: &:crypto.mac(:hmac, digest, key, &1)
else
defp hmac_fun(digest, key), do: &:crypto.hmac(digest, key, &1)
end
defp hmac_fun(digest, key), do: &:crypto.mac(:hmac, digest, key, &1)
end
51 changes: 18 additions & 33 deletions lib/plug/crypto/message_encryptor.ex
Original file line number Diff line number Diff line change
Expand Up @@ -108,47 +108,32 @@ defmodule Plug.Crypto.MessageEncryptor do
end
end

# TODO: remove when we require OTP 22
if Code.ensure_loaded?(:crypto) and function_exported?(:crypto, :crypto_one_time_aead, 6) do
defp block_encrypt(cipher, key, iv, {aad, payload}) do
cipher = cipher_alias(cipher, bit_size(key))
:crypto.crypto_one_time_aead(cipher, key, iv, payload, aad, true)
catch
:error, :notsup -> raise_notsup(cipher)
end

defp block_decrypt(cipher, key, iv, {aad, payload, tag}) do
cipher = cipher_alias(cipher, bit_size(key))
:crypto.crypto_one_time_aead(cipher, key, iv, payload, aad, tag, false)
catch
:error, :notsup -> raise_notsup(cipher)
end

defp cipher_alias(:aes_gcm, 128), do: :aes_128_gcm
defp cipher_alias(:aes_gcm, 192), do: :aes_192_gcm
defp cipher_alias(:aes_gcm, 256), do: :aes_256_gcm
defp cipher_alias(other, _), do: other
else
defp block_encrypt(cipher, key, iv, payload) do
:crypto.block_encrypt(cipher, key, iv, payload)
catch
:error, :notsup -> raise_notsup(cipher)
end
defp block_encrypt(cipher, key, iv, {aad, payload}) do
cipher = cipher_alias(cipher, bit_size(key))
:crypto.crypto_one_time_aead(cipher, key, iv, payload, aad, true)
catch
:error, :notsup -> raise_notsup(cipher)
end

defp block_decrypt(cipher, key, iv, payload) do
:crypto.block_decrypt(cipher, key, iv, payload)
catch
:error, :notsup -> raise_notsup(cipher)
end
defp block_decrypt(cipher, key, iv, {aad, payload, tag}) do
cipher = cipher_alias(cipher, bit_size(key))
:crypto.crypto_one_time_aead(cipher, key, iv, payload, aad, tag, false)
catch
:error, :notsup -> raise_notsup(cipher)
end

defp cipher_alias(:aes_gcm, 128), do: :aes_128_gcm
defp cipher_alias(:aes_gcm, 192), do: :aes_192_gcm
defp cipher_alias(:aes_gcm, 256), do: :aes_256_gcm
defp cipher_alias(other, _), do: other

defp raise_notsup(algo) do
raise "the algorithm #{inspect(algo)} is not supported by your Erlang/OTP installation. " <>
"Please make sure it was compiled with the correct OpenSSL/BoringSSL bindings"
end

# Wraps a decrypted content encryption key (CEK) with secret and
# sign_secret using AES GCM mode. Accepts keys of 128, 192, or
# sign_secret using AES GCM mode. Accepts keys of 128, 192, or
# 256 bits based on the length of the secret key.
#
# See: https://tools.ietf.org/html/rfc7518#section-4.7
Expand All @@ -165,7 +150,7 @@ defmodule Plug.Crypto.MessageEncryptor do
end

# Unwraps an encrypted content encryption key (CEK) with secret and
# sign_secret using AES GCM mode. Accepts keys of 128, 192, or 256
# sign_secret using AES GCM mode. Accepts keys of 128, 192, or 256
# bits based on the length of the secret key.
#
# See: https://tools.ietf.org/html/rfc7518#section-4.7
Expand Down
11 changes: 2 additions & 9 deletions lib/plug/crypto/message_verifier.ex
Original file line number Diff line number Diff line change
Expand Up @@ -47,15 +47,15 @@ defmodule Plug.Crypto.MessageVerifier do
defp hmac_sha2_sign(payload, key, digest_type) do
protected = hmac_sha2_to_protected(digest_type)
plain_text = signing_input(protected, payload)
signature = hmac(digest_type, key, plain_text)
signature = :crypto.mac(:hmac, digest_type, key, plain_text)
encode_token(plain_text, signature)
end

defp hmac_sha2_verify(signed, key) when is_binary(signed) and is_binary(key) do
case decode_token(signed) do
{protected, payload, plain_text, signature} when protected in ["HS256", "HS384", "HS512"] ->
digest_type = hmac_sha2_to_digest_type(protected)
challenge = hmac(digest_type, key, plain_text)
challenge = :crypto.mac(:hmac, digest_type, key, plain_text)

if Plug.Crypto.secure_compare(challenge, signature) do
{:ok, payload}
Expand Down Expand Up @@ -93,11 +93,4 @@ defmodule Plug.Crypto.MessageVerifier do
|> Kernel.<>(".")
|> Kernel.<>(Base.url_encode64(payload, padding: false))
end

# TODO: remove when we require OTP 22.1
if Code.ensure_loaded?(:crypto) and function_exported?(:crypto, :mac, 4) do
defp hmac(digest, key, data), do: :crypto.mac(:hmac, digest, key, data)
else
defp hmac(digest, key, data), do: :crypto.hmac(digest, key, data)
end
end
2 changes: 1 addition & 1 deletion mix.exs
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ defmodule Plug.Crypto.MixProject do
[
app: :plug_crypto,
version: @version,
elixir: "~> 1.7",
elixir: "~> 1.11",
start_permanent: Mix.env() == :prod,
deps: deps(),
package: package(),
Expand Down

0 comments on commit 1245751

Please sign in to comment.