Use new crypto encryption API

RNCryptor · Jun 7, 2019 · b2922a0 · b2922a0
1 parent af81d46
commit b2922a0
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 4 deletions.
diff --git a/.gitignore b/.gitignore
@@ -13,3 +13,5 @@ rel/example_project
 
 # emacs
 *~
+/_build
+/.vscode
diff --git a/src/rncryptor.erl b/src/rncryptor.erl
@@ -134,7 +134,9 @@ encrypt(_, _, _) ->
 %%--------------------------------------------------------------------------------------
 encrypt_key(<<Key/binary>>,     <<IVec:?AES256_IVEC_SIZE/binary>>,
             <<HmacKey/binary>>, <<PlainText/binary>>) ->
-  CipherText = crypto:block_encrypt(aes_cbc256, Key, IVec, rncryptor_util:enpad(PlainText)),
+  CipherIV = cipher_iv(byte_size(Key)),
+  PaddedText = rncryptor_util:enpad(PlainText),
+  CipherText = crypto:crypto_one_time(CipherIV, Key, IVec, PaddedText, true),
   Message = <<?RN_V3, ?RN_OPT_KEY, IVec/binary, CipherText/binary>>,
   RNHmac = crypto:hmac(sha256, HmacKey, Message, ?HMAC_SHA256_SIZE),
   <<Message/binary, RNHmac/binary>>;
@@ -186,7 +188,8 @@ decrypt(<<Key/binary>>, <<HmacKey/binary>>, <<RNCryptor/binary>>)
        byte_size(Key) =:= ?AES_KEY_SIZE_256 ->
   case parse_key_cryptor(HmacKey, RNCryptor) of
     {ok, IVec, CipherText} ->
-      PaddedText = crypto:block_decrypt(aes_cbc256, Key, IVec, CipherText),
+      CipherIV = cipher_iv(byte_size(Key)),
+      PaddedText = crypto:crypto_one_time(CipherIV, Key, IVec, CipherText, false),
       rncryptor_util:depad(PaddedText);
     Error ->
       Error
@@ -263,7 +266,9 @@ encrypt_pw(KdfSalt, KdfKey, HmacSalt, HmacKey, PlainText) ->
     RNCryptor :: rncryptor().
 %%--------------------------------------------------------------------------------------
 encrypt_pw(KdfSalt, KdfKey, IVec, HmacSalt, HmacKey, PlainText) ->
-  CipherText = crypto:block_encrypt(aes_cbc256, KdfKey, IVec, rncryptor_util:enpad(PlainText)),
+  CipherIV = cipher_iv(byte_size(KdfKey)),
+  PaddedText = rncryptor_util:enpad(PlainText),
+  CipherText = crypto:crypto_one_time(CipherIV, KdfKey, IVec, PaddedText, true),
   RNData = <<?RN_V3, ?RN_OPT_PW, KdfSalt/binary, HmacSalt/binary, IVec/binary, CipherText/binary>>,
   RNHmac = crypto:hmac(sha256, HmacKey, RNData, ?HMAC_SHA256_SIZE),
   <<RNData/binary, RNHmac/binary>>.
@@ -288,7 +293,8 @@ decrypt_pw(<<>>, _RNCryptor) ->
 decrypt_pw(Password, <<RNCryptor/binary>>) ->
   case parse_pw_cryptor(Password, RNCryptor) of
     {ok, KdfKey, IVec, CipherText} ->
-      PaddedText = crypto:block_decrypt(aes_cbc256, KdfKey, IVec, CipherText),
+      CipherIV = cipher_iv(byte_size(KdfKey)),
+      PaddedText = crypto:crypto_one_time(CipherIV, KdfKey, IVec, CipherText, false),
       rncryptor_util:depad(PaddedText);
     Error ->
       Error
@@ -347,3 +353,7 @@ hmac_challenge(HmacKey, RNCryptor) ->
     false ->
       {error, "Invalid Hmac"}
   end.
+
+cipher_iv(16) -> aes_128_cbc;
+cipher_iv(24) -> aes_192_cbc;
+cipher_iv(32) -> aes_256_cbc.
-Original file line number
+Diff line change
@@ Expand Up / @@ -13,3 +13,5 @@ rel/example_project @@
     # emacs
     *~
+    /_build
+    /.vscode