From d1ae2e57fd54021fb8230c8de2680da6c9661ad0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 10 Mar 2023 22:09:40 +0100 Subject: [PATCH] Allow iodata in AAD --- lib/plug/crypto/message_encryptor.ex | 4 ++-- test/plug/crypto/message_encryptor_test.exs | 8 +++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/plug/crypto/message_encryptor.ex b/lib/plug/crypto/message_encryptor.ex index 0679a66..fb3c68a 100644 --- a/lib/plug/crypto/message_encryptor.ex +++ b/lib/plug/crypto/message_encryptor.ex @@ -34,7 +34,7 @@ defmodule Plug.Crypto.MessageEncryptor do It defaults to "A128GCM" for backwards compatibility. """ def encrypt(message, aad \\ "A128GCM", secret, sign_secret) - when is_binary(message) and is_binary(aad) and byte_size(secret) > 0 and + when is_binary(message) and (is_binary(aad) or is_list(aad)) and byte_size(secret) > 0 and is_binary(sign_secret) do aes128_gcm_encrypt(message, aad, secret, sign_secret) rescue @@ -45,7 +45,7 @@ defmodule Plug.Crypto.MessageEncryptor do Decrypts a message using authenticated encryption. """ def decrypt(encrypted, aad \\ "A128GCM", secret, sign_secret) - when is_binary(encrypted) and is_binary(aad) and byte_size(secret) > 0 and + when is_binary(encrypted) and (is_binary(aad) or is_list(aad)) and byte_size(secret) > 0 and is_binary(sign_secret) do aes128_gcm_decrypt(encrypted, aad, secret, sign_secret) rescue diff --git a/test/plug/crypto/message_encryptor_test.exs b/test/plug/crypto/message_encryptor_test.exs index 03dca03..908712e 100644 --- a/test/plug/crypto/message_encryptor_test.exs +++ b/test/plug/crypto/message_encryptor_test.exs @@ -11,7 +11,7 @@ defmodule Plug.Crypto.MessageEncryptorTest do test "it encrypts/decrypts a message" do data = <<0, "hełłoworld", 0>> - encrypted = ME.encrypt(<<0, "hełłoworld", 0>>, "right aad", @right, @right) + encrypted = ME.encrypt(data, "right aad", @right, @right) decrypted = ME.decrypt(encrypted, "right aad", @wrong, @wrong) assert decrypted == :error @@ -29,6 +29,12 @@ defmodule Plug.Crypto.MessageEncryptorTest do assert decrypted == {:ok, data} end + test "it encrypts/decrypts with iodata aad" do + data = <<0, "hełłoworld", 0>> + encrypted = ME.encrypt(data, ["right", ?\s, "aad"], @right, @right) + assert ME.decrypt(encrypted, ["right", ?\s, "aad"], @right, @right) == {:ok, data} + end + test "it uses only the first 32 bytes to encrypt/decrypt" do data = <<0, "helloworld", 0>> encrypted = ME.encrypt(<<0, "helloworld", 0>>, @large, @large)