%% -*- mode: erlang; tab-width: 4; indent-tabs-mode: 1; st-rulers: [70] -*-
%% vim: ts=4 sw=4 ft=erlang noet
%%%-------------------------------------------------------------------
%%% @author Andrew Bennett <potatosaladx@gmail.com>
%%% @copyright 2014-2022, Andrew Bennett
%%% @doc
%%%
%%% @end
%%% Created : 13 Aug 2015 by Andrew Bennett <potatosaladx@gmail.com>
%%%-------------------------------------------------------------------
-module(jose_server).
-behaviour(gen_server).
-include_lib("public_key/include/public_key.hrl").
-define(SERVER, ?MODULE).
%% API
-export([start_link/0]).
-export([config_change/0]).
-export([chacha20_poly1305_module/1]).
-export([curve25519_module/1]).
-export([curve448_module/1]).
-export([json_module/1]).
-export([pbes2_count_maximum/1]).
-export([sha3_module/1]).
-export([unsecured_signing/1]).
-export([xchacha20_poly1305_module/1]).
%% gen_server callbacks
-export([init/1]).
-export([handle_call/3]).
-export([handle_cast/2]).
-export([handle_info/2]).
-export([terminate/2]).
-export([code_change/3]).
-define(CRYPTO_FALLBACK, application:get_env(jose, crypto_fallback, false)).
-define(TAB, jose_jwa).
-define(POISON_MAP, #{
<<"a">> => 1,
<<"b">> => 2,
<<"c">> => #{
<<"d">> => 3,
<<"e">> => 4
}
}).
-define(POISON_BIN, <<"{\"a\":1,\"b\":2,\"c\":{\"d\":3,\"e\":4}}">>).
%% Types
-record(state, {}).
%%%===================================================================
%%% API functions
%%%===================================================================
start_link() ->
gen_server:start_link({local, ?SERVER}, ?MODULE, [], []).
config_change() ->
gen_server:call(?SERVER, config_change).
chacha20_poly1305_module(ChaCha20Poly1305Module) when is_atom(ChaCha20Poly1305Module) ->
gen_server:call(?SERVER, {chacha20_poly1305_module, ChaCha20Poly1305Module}).
curve25519_module(Curve25519Module) when is_atom(Curve25519Module) ->
gen_server:call(?SERVER, {curve25519_module, Curve25519Module}).
curve448_module(Curve448Module) when is_atom(Curve448Module) ->
gen_server:call(?SERVER, {curve448_module, Curve448Module}).
json_module(JSONModule) when is_atom(JSONModule) ->
gen_server:call(?SERVER, {json_module, JSONModule}).
-spec pbes2_count_maximum(PBES2CountMaximum) -> ok when PBES2CountMaximum :: non_neg_integer().
pbes2_count_maximum(PBES2CountMaximum) when is_integer(PBES2CountMaximum) andalso PBES2CountMaximum >= 0 ->
gen_server:call(?SERVER, {pbes2_count_maximum, PBES2CountMaximum}).
sha3_module(SHA3Module) when is_atom(SHA3Module) ->
gen_server:call(?SERVER, {sha3_module, SHA3Module}).
-spec unsecured_signing(UnsecuredSigning) -> ok when UnsecuredSigning :: boolean().
unsecured_signing(UnsecuredSigning) when is_boolean(UnsecuredSigning) ->
gen_server:call(?SERVER, {unsecured_signing, UnsecuredSigning}).
xchacha20_poly1305_module(XChaCha20Poly1305Module) when is_atom(XChaCha20Poly1305Module) ->
gen_server:call(?SERVER, {xchacha20_poly1305_module, XChaCha20Poly1305Module}).
%%%===================================================================
%%% gen_server callbacks
%%%===================================================================
%% @private
init([]) ->
?TAB = ets:new(?TAB, [
named_table,
public,
ordered_set,
{read_concurrency, true}
]),
ok = support_check(),
{ok, #state{}}.
%% @private
handle_call(config_change, _From, State) ->
{reply, support_check(), State};
handle_call({chacha20_poly1305_module, M}, _From, State) ->
ChaCha20Poly1305Module = check_chacha20_poly1305_module(M),
Entries = lists:flatten(check_crypto(?CRYPTO_FALLBACK, [{chacha20_poly1305_module, ChaCha20Poly1305Module}])),
_ = ets:select_delete(?TAB, [{{{cipher, '_'}, '_'}, [], [true]}]),
true = ets:insert(?TAB, Entries),
{reply, ok, State};
handle_call({curve25519_module, M}, _From, State) ->
Curve25519Module = check_curve25519_module(M),
true = ets:insert(?TAB, {curve25519_module, Curve25519Module}),
{reply, ok, State};
handle_call({curve448_module, M}, _From, State) ->
Curve448Module = check_curve448_module(M),
true = ets:insert(?TAB, {curve448_module, Curve448Module}),
{reply, ok, State};
handle_call({json_module, M}, _From, State) ->
JSONModule = check_json_module(M),
true = ets:insert(?TAB, {json_module, JSONModule}),
{reply, ok, State};
handle_call({pbes2_count_maximum, PBES2CountMaximum}, _From, State) when is_integer(PBES2CountMaximum) andalso PBES2CountMaximum >= 0 ->
true = ets:insert(?TAB, {pbes2_count_maximum, PBES2CountMaximum}),
{reply, ok, State};
handle_call({sha3_module, M}, _From, State) ->
SHA3Module = check_sha3_module(M),
true = ets:insert(?TAB, {sha3_module, SHA3Module}),
{reply, ok, State};
handle_call({unsecured_signing, UnsecuredSigning}, _From, State) when is_boolean(UnsecuredSigning) ->
true = ets:insert(?TAB, {unsecured_signing, UnsecuredSigning}),
_ = spawn(fun() ->
_ = catch jose_jwa:unsecured_signing(UnsecuredSigning),
exit(normal)
end),
{reply, ok, State};
handle_call({xchacha20_poly1305_module, M}, _From, State) ->
XChaCha20Poly1305Module = check_xchacha20_poly1305_module(M),
Entries = lists:flatten(check_crypto(?CRYPTO_FALLBACK, [{xchacha20_poly1305_module, XChaCha20Poly1305Module}])),
_ = ets:select_delete(?TAB, [{{{cipher, '_'}, '_'}, [], [true]}]),
true = ets:insert(?TAB, Entries),
{reply, ok, State};
handle_call(_Request, _From, State) ->
{reply, ignore, State}.
%% @private
handle_cast(_Request, State) ->
{noreply, State}.
%% @private
handle_info(_Info, State) ->
{noreply, State}.
%% @private
terminate(_Reason, _State) ->
ok.
%% @private
code_change(_OldVsn, State, _Extra) ->
{ok, State}.
%%%-------------------------------------------------------------------
%%% Internal functions
%%%-------------------------------------------------------------------
%% @private
support_check() ->
PBES2CountMaximum =
case application:get_env(jose, pbes2_count_maximum, 10000) of
V1 when is_integer(V1) andalso V1 >= 0 ->
V1
end,
UnsecuredSigning =
case application:get_env(jose, unsecured_signing, false) of
V2 when is_boolean(V2) ->
V2
end,
Fallback = ?CRYPTO_FALLBACK,
Entries1 = lists:flatten(lists:foldl(fun(Check, Acc) ->
Check(Fallback, Acc)
end, [], [
fun check_sha3/2,
fun check_ec_key_mode/2,
fun check_chacha20_poly1305/2,
fun check_xchacha20_poly1305/2,
fun check_curve25519/2,
fun check_curve448/2,
fun check_json/2,
fun check_crypto/2,
fun check_public_key/2
])),
Entries2 = [
{pbes2_count_maximum, PBES2CountMaximum},
{unsecured_signing, UnsecuredSigning}
| Entries1
],
true = ets:delete_all_objects(?TAB),
true = ets:insert(?TAB, Entries2),
ok.
%%%-------------------------------------------------------------------
%%% Internal check functions
%%%-------------------------------------------------------------------
%% @private
check_ec_key_mode(_Fallback, Entries) ->
PEMBin = <<
48,119,2,1,1,4,32,104,152,88,12,19,82,251,156,171,31,222,207,
0,76,115,88,210,229,36,106,137,192,81,153,154,254,226,38,247,
70,226,157,160,10,6,8,42,134,72,206,61,3,1,7,161,68,3,66,0,4,
46,75,29,46,150,77,222,40,220,159,244,193,125,18,190,254,216,
38,191,11,52,115,159,213,230,77,27,131,94,17,46,21,186,71,62,
36,225,0,90,21,186,235,132,152,229,13,189,196,121,64,84,64,
229,173,12,24,23,127,175,67,247,29,139,91
>>,
PEMEntry = {'ECPrivateKey', PEMBin, not_encrypted},
%% Erlang 24 changes 'ECPrivateKey' record in a way that makes record matching fail
%% when this module is compiled on Erlang 23 (or earlier) but runs on 24.
%% So we destructure tuples, as ugly as it may be.
%%
%% See erlang-jose#113 for details.
PrivateKey = case list_to_integer(erlang:system_info(otp_release)) >= 24 of
true ->
{'ECPrivateKey', _Version, PrivKey0, _Params, _PubKey0, _Attributes} = public_key:pem_entry_decode(PEMEntry),
PrivKey0;
false ->
{'ECPrivateKey', _Version, PrivKey0, _Params, _PubKey0} = public_key:pem_entry_decode(PEMEntry),
PrivKey0
end,
case is_binary(PrivateKey) of
true -> [{ec_key_mode, binary} | Entries];
_ -> [{ec_key_mode, list} | Entries]
end.
%% @private
check_chacha20_poly1305(false, Entries) ->
check_chacha20_poly1305(jose_chacha20_poly1305_unsupported, Entries);
check_chacha20_poly1305(true, Entries) ->
check_chacha20_poly1305(jose_jwa_chacha20_poly1305, Entries);
check_chacha20_poly1305(Fallback, Entries) ->
true = ets:delete_object(?TAB, {chacha20_poly1305_module, jose_jwa_chacha20_poly1305}),
true = ets:delete_object(?TAB, {chacha20_poly1305_module, jose_chacha20_poly1305_unsupported}),
ChaCha20Poly1305Module = case ets:lookup(?TAB, chacha20_poly1305_module) of
[{chacha20_poly1305_module, M}] when is_atom(M) ->
M;
[] ->
case application:get_env(jose, chacha20_poly1305_module, undefined) of
undefined ->
check_chacha20_poly1305_modules(Fallback, [crypto, libsodium]);
M when is_atom(M) ->
check_chacha20_poly1305_module(M)
end
end,
%% Potentially used by XChaCha20-Poly1305 related functions below, needs to be inserted early.
true = ets:insert(?TAB, {chacha20_poly1305_module, ChaCha20Poly1305Module}),
[{chacha20_poly1305_module, ChaCha20Poly1305Module} | Entries].
%% @private
check_chacha20_poly1305_module(crypto) ->
jose_chacha20_poly1305_crypto;
check_chacha20_poly1305_module(libsodium) ->
jose_chacha20_poly1305_libsodium;
check_chacha20_poly1305_module(Module) when is_atom(Module) ->
Module.
%% @private
check_chacha20_poly1305_modules(Fallback, [Module | Modules]) ->
case code:ensure_loaded(Module) of
{module, Module} ->
_ = application:ensure_all_started(Module),
M = check_chacha20_poly1305_module(Module),
PT = crypto:strong_rand_bytes(8),
CEK = crypto:strong_rand_bytes(32),
IV = crypto:strong_rand_bytes(12),
AAD = <<>>,
try M:encrypt(PT, AAD, IV, CEK) of
{CT, TAG} when is_binary(CT) andalso is_binary(TAG) ->
try M:decrypt(CT, TAG, AAD, IV, CEK) of
PT ->
M;
_ ->
check_chacha20_poly1305_modules(Fallback, Modules)
catch
_:_ ->
check_chacha20_poly1305_modules(Fallback, Modules)
end;
_ ->
check_chacha20_poly1305_modules(Fallback, Modules)
catch
_:_ ->
check_chacha20_poly1305_modules(Fallback, Modules)
end;
_ ->
check_chacha20_poly1305_modules(Fallback, Modules)
end;
check_chacha20_poly1305_modules(Fallback, []) ->
Fallback.
%% @private
check_curve25519(false, Entries) ->
check_curve25519(jose_curve25519_unsupported, Entries);
check_curve25519(true, Entries) ->
check_curve25519(jose_jwa_curve25519, Entries);
check_curve25519(Fallback, Entries) ->
true = ets:delete_object(?TAB, {curve25519_module, jose_jwa_curve25519}),
true = ets:delete_object(?TAB, {curve25519_module, jose_curve25519_unsupported}),
Curve25519Module = case ets:lookup(?TAB, curve25519_module) of
[{curve25519_module, M}] when is_atom(M) ->
M;
[] ->
case application:get_env(jose, curve25519_module, undefined) of
undefined ->
check_curve25519_modules(Fallback, [libdecaf, libsodium, crypto]);
M when is_atom(M) ->
check_curve25519_module(M)
end
end,
[{curve25519_module, Curve25519Module} | Entries].
%% @private
check_curve25519_module(crypto) ->
jose_curve25519_crypto;
check_curve25519_module(libdecaf) ->
jose_curve25519_libdecaf;
check_curve25519_module(libsodium) ->
jose_curve25519_libsodium;
check_curve25519_module(Module) when is_atom(Module) ->
Module.
%% @private
check_curve25519_modules(Fallback, [Module | Modules]) ->
case code:ensure_loaded(Module) of
{module, Module} ->
_ = application:ensure_all_started(Module),
RealFallback = jose_jwa_curve25519,
RealModule = check_curve25519_module(Module),
try check_curve25519_module_does_it_work(RealFallback, RealModule) of
true ->
RealModule;
false ->
check_curve25519_modules(Fallback, Modules)
catch _Class:_Reason:_Stacktrace ->
% io:format("Class = ~p~nReason = ~p~nStacktrace = ~p~n", [Class, Reason, Stacktrace]),
check_curve25519_modules(Fallback, Modules)
end;
_ ->
check_curve25519_modules(Fallback, Modules)
end;
check_curve25519_modules(Fallback, []) ->
Fallback.
%% @private
check_curve25519_module_does_it_work(Fallback, Module) ->
{PK, SK = <<Secret:32/binary, _:32/binary>>} = Module:eddsa_keypair(),
{PK, SK} = Module:eddsa_keypair(Secret),
PK = Module:eddsa_secret_to_public(Secret),
Message = crypto:strong_rand_bytes(16),
Signature = Module:ed25519_sign(Message, SK),
true = Module:ed25519_verify(Signature, Message, PK),
true = Fallback:ed25519_verify(Signature, Message, PK),
%% NOTE: Ed25519ctx and Ed25519ph are lower priority, no need to check for now.
% Ctx = <<"ctx">>,
% CtxSignature = Module:ed25519ctx_sign(Message, SK, Ctx),
% true = Module:ed25519ctx_verify(CtxSignature, Message, PK, Ctx),
% true = Fallback:ed25519ctx_verify(CtxSignature, Message, PK, Ctx),
% PHSignature = Module:ed25519ph_sign(Message, SK),
% true = Module:ed25519ph_verify(PHSignature, Message, PK),
% true = Fallback:ed25519ph_verify(PHSignature, Message, PK),
% CtxPHSignature = Module:ed25519ph_sign(Message, SK, Ctx),
% true = Module:ed25519ph_verify(CtxPHSignature, Message, PK, Ctx),
% true = Fallback:ed25519ph_verify(CtxPHSignature, Message, PK, Ctx),
true.
%% @private
check_curve448(false, Entries) ->
check_curve448(jose_curve448_unsupported, Entries);
check_curve448(true, Entries) ->
check_curve448(jose_jwa_curve448, Entries);
check_curve448(Fallback, Entries) ->
true = ets:delete_object(?TAB, {curve448_module, jose_jwa_curve448}),
true = ets:delete_object(?TAB, {curve448_module, jose_curve448_unsupported}),
Curve448Module = case ets:lookup(?TAB, curve448_module) of
[{curve448_module, M}] when is_atom(M) ->
M;
[] ->
case application:get_env(jose, curve448_module, undefined) of
undefined ->
check_curve448_modules(Fallback, [libdecaf, crypto]);
M when is_atom(M) ->
check_curve448_module(M)
end
end,
[{curve448_module, Curve448Module} | Entries].
%% @private
check_curve448_module(crypto) ->
jose_curve448_crypto;
check_curve448_module(libdecaf) ->
jose_curve448_libdecaf;
check_curve448_module(Module) when is_atom(Module) ->
Module.
%% @private
check_curve448_modules(Fallback, [Module | Modules]) ->
case code:ensure_loaded(Module) of
{module, Module} ->
_ = application:ensure_all_started(Module),
RealFallback = jose_jwa_curve448,
RealModule = check_curve448_module(Module),
try check_curve448_module_does_it_work(RealFallback, RealModule) of
true ->
RealModule;
false ->
check_curve448_modules(Fallback, Modules)
catch _Class:_Reason:_Stacktrace ->
% io:format("Class = ~p~nReason = ~p~nStacktrace = ~p~n", [_Class, _Reason, _Stacktrace]),
check_curve448_modules(Fallback, Modules)
end;
_ ->
check_curve448_modules(Fallback, Modules)
end;
check_curve448_modules(Fallback, []) ->
Fallback.
%% @private
check_curve448_module_does_it_work(Fallback, Module) ->
{PK, SK = <<Secret:57/binary, _:57/binary>>} = Module:eddsa_keypair(),
{PK, SK} = Module:eddsa_keypair(Secret),
PK = Module:eddsa_secret_to_public(Secret),
Message = crypto:strong_rand_bytes(16),
Signature = Module:ed448_sign(Message, SK),
true = Module:ed448_verify(Signature, Message, PK),
true = Fallback:ed448_verify(Signature, Message, PK),
%% NOTE: Ed448ph is lower priority, no need to check for now.
% Ctx = <<"ctx">>,
% CtxSignature = Module:ed448_sign(Message, SK, Ctx),
% true = Module:ed448_verify(CtxSignature, Message, PK, Ctx),
% true = Fallback:ed448_verify(CtxSignature, Message, PK, Ctx),
% PHSignature = Module:ed448ph_sign(Message, SK),
% true = Module:ed448ph_verify(PHSignature, Message, PK),
% true = Fallback:ed448ph_verify(PHSignature, Message, PK),
% CtxPHSignature = Module:ed448ph_sign(Message, SK, Ctx),
% true = Module:ed448ph_verify(CtxPHSignature, Message, PK, Ctx),
% true = Fallback:ed448ph_verify(CtxPHSignature, Message, PK, Ctx),
true.
%% @private
check_json(_Fallback, Entries) ->
JSONModule = case ets:lookup(?TAB, json_module) of
[{json_module, M}] when is_atom(M) ->
M;
[] ->
case application:get_env(jose, json_module, undefined) of
undefined ->
case code:ensure_loaded(elixir) of
{module, elixir} ->
check_json_modules([ojson, 'Elixir.Jason', 'Elixir.Poison', jiffy, jsone, jsx, thoas]);
_ ->
check_json_modules([ojson, jiffy, jsone, jsx, thoas])
end;
M when is_atom(M) ->
check_json_module(M)
end
end,
[{json_module, JSONModule} | Entries].
%% @private
check_json_module(jiffy) ->
jose_json_jiffy;
check_json_module(jsx) ->
jose_json_jsx;
check_json_module(jsone) ->
jose_json_jsone;
check_json_module(ojson) ->
jose_json_ojson;
check_json_module(thoas) ->
jose_json_thoas;
check_json_module('Elixir.Jason') ->
jose_json_jason;
check_json_module('Elixir.Poison') ->
Map = ?POISON_MAP,
Bin = ?POISON_BIN,
case jose_json_poison:encode(Map) of
Bin ->
jose_json_poison;
_ ->
check_json_module('Elixir.JOSE.Poison')
end;
check_json_module('Elixir.JOSE.Poison') ->
Map = ?POISON_MAP,
Bin = ?POISON_BIN,
case code:ensure_loaded('Elixir.JOSE.Poison') of
{module, 'Elixir.JOSE.Poison'} ->
try jose_json_poison_lexical_encoder:encode(Map) of
Bin ->
jose_json_poison_lexical_encoder;
_ ->
check_json_module(jose_json_poison_compat_encoder)
catch
_:_ ->
check_json_module(jose_json_poison_compat_encoder)
end;
_ ->
check_json_module(jose_json_poison_compat_encoder)
end;
check_json_module(jose_json_poison_compat_encoder) ->
Map = ?POISON_MAP,
Bin = ?POISON_BIN,
try jose_json_poison_compat_encoder:encode(Map) of
Bin ->
jose_json_poison_compat_encoder;
_ ->
jose_json_poison
catch
_:_ ->
jose_json_poison
end;
check_json_module(Module) when is_atom(Module) ->
Module.
%% @private
check_json_modules([Module | Modules]) ->
case code:ensure_loaded(Module) of
{module, Module} ->
_ = application:ensure_all_started(Module),
check_json_module(Module);
_ ->
check_json_modules(Modules)
end;
check_json_modules([]) ->
jose_json_unsupported.
%% @private
check_sha3(false, Entries) ->
check_sha3(jose_sha3_unsupported, Entries);
check_sha3(true, Entries) ->
check_sha3(jose_jwa_sha3, Entries);
check_sha3(Fallback, Entries) ->
true = ets:delete_object(?TAB, {sha3_module, jose_jwa_sha3}),
true = ets:delete_object(?TAB, {sha3_module, jose_sha3_unsupported}),
SHA3Module = case ets:lookup(?TAB, sha3_module) of
[{sha3_module, M}] when is_atom(M) ->
M;
[] ->
case application:get_env(jose, sha3_module, undefined) of
undefined ->
check_sha3_modules(Fallback, [libdecaf, keccakf1600]);
M when is_atom(M) ->
check_sha3_module(M)
end
end,
%% Potentially used by Ed448 related functions below, needs to be inserted early.
true = ets:insert(?TAB, {sha3_module, SHA3Module}),
[{sha3_module, SHA3Module} | Entries].
%% @private
check_sha3_module(keccakf1600) ->
check_sha3_module(jose_sha3_keccakf1600);
check_sha3_module(libdecaf) ->
check_sha3_module(jose_sha3_libdecaf);
check_sha3_module(jose_sha3_keccakf1600) ->
_ = code:ensure_loaded(keccakf1600),
case erlang:function_exported(keccakf1600, hash, 3) of
false ->
% version < 2
check_sha3_module(jose_sha3_keccakf1600_driver);
true ->
% version >= 2
check_sha3_module(jose_sha3_keccakf1600_nif)
end;
check_sha3_module(Module) when is_atom(Module) ->
Module.
%% @private
check_sha3_modules(Fallback, [Module | Modules]) ->
case code:ensure_loaded(Module) of
{module, Module} ->
_ = application:ensure_all_started(Module),
check_sha3_module(Module);
_ ->
check_sha3_modules(Fallback, Modules)
end;
check_sha3_modules(Fallback, []) ->
Fallback.
%% @private
check_crypto(false, Entries) ->
check_crypto(jose_jwa_unsupported, Entries);
check_crypto(true, Entries) ->
check_crypto(jose_jwa_aes, Entries);
check_crypto(Fallback, Entries) ->
Ciphers = [
aes_cbc,
aes_ecb,
aes_gcm
],
KeySizes = [
128,
192,
256
],
CipherEntries0 = [begin
case has_cipher(Cipher, KeySize) of
false ->
{{cipher, {Cipher, KeySize}}, {Fallback, {Cipher, KeySize}}};
{true, CryptoCipher} ->
{{cipher, {Cipher, KeySize}}, {crypto, CryptoCipher}}
end
end || Cipher <- Ciphers, KeySize <- KeySizes],
CipherEntries1 =
case lists:keyfind(chacha20_poly1305_module, 1, Entries) of
{chacha20_poly1305_module, jose_chacha20_poly1305_unsupported} ->
CipherEntries0 ++ [{{cipher, {chacha20_poly1305, 256}}, {Fallback, {chacha20_poly1305, 256}}}];
_ ->
CipherEntries0 ++ [{{cipher, {chacha20_poly1305, 256}}, {jose_chacha20_poly1305, {chacha20_poly1305, 256}}}]
end,
CipherEntries2 =
case lists:keyfind(xchacha20_poly1305_module, 1, Entries) of
{xchacha20_poly1305_module, jose_xchacha20_poly1305_unsupported} ->
CipherEntries1 ++ [{{cipher, {xchacha20_poly1305, 256}}, {Fallback, {xchacha20_poly1305, 256}}}];
_ ->
CipherEntries1 ++ [{{cipher, {xchacha20_poly1305, 256}}, {jose_xchacha20_poly1305, {xchacha20_poly1305, 256}}}]
end,
[CipherEntries2 | Entries].
%% @private
check_public_key(Fallback, Entries) ->
RSACrypt = check_rsa_crypt(Fallback),
RSASign = check_rsa_sign(Fallback),
[RSACrypt, RSASign | Entries].
%% @private
check_rsa_crypt(false) ->
check_rsa_crypt(jose_jwa_unsupported);
check_rsa_crypt(true) ->
check_rsa_crypt(jose_jwa_pkcs1);
check_rsa_crypt(Fallback) ->
Algorithms = [
%% Algorithm, LegacyOptions, FutureOptions
{rsa1_5, [{rsa_pad, rsa_pkcs1_padding}], [{rsa_padding, rsa_pkcs1_padding}]},
{rsa_oaep, [{rsa_pad, rsa_pkcs1_oaep_padding}], [{rsa_padding, rsa_pkcs1_oaep_padding}]},
{rsa_oaep_256, notsup, [{rsa_padding, rsa_pkcs1_oaep_padding}, {rsa_oaep_md, sha256}]}
],
_ = code:ensure_loaded(public_key),
_ = application:ensure_all_started(public_key),
Legacy = case erlang:function_exported(public_key, sign, 4) of
false ->
legacy;
true ->
future
end,
CryptEntries = [begin
case has_rsa_crypt(Algorithm, Legacy, LegacyOptions, FutureOptions) of
false ->
{{rsa_crypt, Algorithm}, {Fallback, FutureOptions}};
{true, Module, Options} ->
{{rsa_crypt, Algorithm}, {Module, Options}}
end
end || {Algorithm, LegacyOptions, FutureOptions} <- Algorithms],
CryptEntries.
%% @private
check_rsa_sign(false) ->
check_rsa_sign(jose_jwa_unsupported);
check_rsa_sign(true) ->
check_rsa_sign(jose_jwa_pkcs1);
check_rsa_sign(Fallback) ->
Paddings = [
rsa_pkcs1_padding,
rsa_pkcs1_pss_padding
],
_ = code:ensure_loaded(public_key),
_ = application:ensure_all_started(public_key),
Legacy = case erlang:function_exported(public_key, sign, 4) of
false ->
legacy;
true ->
future
end,
SignEntries = [begin
case has_rsa_sign(Padding, Legacy, sha256) of
false ->
{{rsa_sign, Padding}, {Fallback, [{rsa_padding, Padding}]}};
{true, Module} ->
{{rsa_sign, Padding}, {Module, undefined}};
{true, Module, Options} ->
{{rsa_sign, Padding}, {Module, Options}}
end
end || Padding <- Paddings],
SignEntries.
%% @private
check_xchacha20_poly1305(false, Entries) ->
check_xchacha20_poly1305(jose_xchacha20_poly1305_unsupported, Entries);
check_xchacha20_poly1305(true, Entries) ->
check_xchacha20_poly1305(jose_jwa_xchacha20_poly1305, Entries);
check_xchacha20_poly1305(Fallback, Entries) ->
true = ets:delete_object(?TAB, {xchacha20_poly1305_module, jose_jwa_xchacha20_poly1305}),
true = ets:delete_object(?TAB, {xchacha20_poly1305_module, jose_xchacha20_poly1305_unsupported}),
ChaCha20Poly1305Module = case ets:lookup(?TAB, xchacha20_poly1305_module) of
[{xchacha20_poly1305_module, M}] when is_atom(M) ->
M;
[] ->
case application:get_env(jose, xchacha20_poly1305_module, undefined) of
undefined ->
check_xchacha20_poly1305_modules(Fallback, [libsodium, crypto]);
M when is_atom(M) ->
check_xchacha20_poly1305_module(M)
end
end,
[{xchacha20_poly1305_module, ChaCha20Poly1305Module} | Entries].
%% @private
check_xchacha20_poly1305_module(crypto) ->
jose_xchacha20_poly1305_crypto;
check_xchacha20_poly1305_module(libsodium) ->
jose_xchacha20_poly1305_libsodium;
check_xchacha20_poly1305_module(Module) when is_atom(Module) ->
Module.
%% @private
check_xchacha20_poly1305_modules(Fallback, [Module | Modules]) ->
case code:ensure_loaded(Module) of
{module, Module} ->
_ = application:ensure_all_started(Module),
M = check_xchacha20_poly1305_module(Module),
PT = crypto:strong_rand_bytes(8),
CEK = crypto:strong_rand_bytes(32),
IV = crypto:strong_rand_bytes(24),
AAD = <<>>,
try M:encrypt(PT, AAD, IV, CEK) of
{CT, TAG} when is_binary(CT) andalso is_binary(TAG) ->
try M:decrypt(CT, TAG, AAD, IV, CEK) of
PT ->
M;
_ ->
check_xchacha20_poly1305_modules(Fallback, Modules)
catch
_:_ ->
check_xchacha20_poly1305_modules(Fallback, Modules)
end;
_ ->
check_xchacha20_poly1305_modules(Fallback, Modules)
catch
_:_ ->
check_xchacha20_poly1305_modules(Fallback, Modules)
end;
_ ->
check_xchacha20_poly1305_modules(Fallback, Modules)
end;
check_xchacha20_poly1305_modules(Fallback, []) ->
Fallback.
%% @private
has_cipher(aes_cbc, KeySize) ->
Key = << 0:KeySize >>,
IV = << 0:128 >>,
PlainText = jose_jwa_pkcs7:pad(<<>>),
case has_block_cipher(aes_cbc, {Key, IV, PlainText}) of
false ->
Cipher = list_to_atom("aes_" ++ integer_to_list(KeySize) ++ "_cbc"),
has_block_cipher(Cipher, {Key, IV, PlainText});
Other ->
Other
end;
has_cipher(aes_ecb, KeySize) ->
Key = << 0:KeySize >>,
PlainText = jose_jwa_pkcs7:pad(<<>>),
case has_block_cipher(aes_ecb, {Key, PlainText}) of
false ->
Cipher = list_to_atom("aes_" ++ integer_to_list(KeySize) ++ "_ecb"),
has_block_cipher(Cipher, {Key, PlainText});
Other ->
Other
end;
has_cipher(aes_gcm, KeySize) ->
Key = << 0:KeySize >>,
IV = << 0:96 >>,
AAD = <<>>,
PlainText = jose_jwa_pkcs7:pad(<<>>),
case has_block_cipher(aes_gcm, {Key, IV, AAD, PlainText}) of
false ->
Cipher = list_to_atom("aes_" ++ integer_to_list(KeySize) ++ "_gcm"),
has_block_cipher(Cipher, {Key, IV, AAD, PlainText});
Other ->
Other
end.
%% @private
has_block_cipher(Cipher, {Key, PlainText}) ->
case catch jose_crypto_compat:crypto_one_time(Cipher, Key, PlainText, true) of
CipherText when is_binary(CipherText) ->
case catch jose_crypto_compat:crypto_one_time(Cipher, Key, CipherText, false) of
PlainText ->
{true, Cipher};
_ ->
false
end;
_ ->
false
end;
has_block_cipher(Cipher, {Key, IV, PlainText}) ->
case catch jose_crypto_compat:crypto_one_time(Cipher, Key, IV, PlainText, true) of
CipherText when is_binary(CipherText) ->
case catch jose_crypto_compat:crypto_one_time(Cipher, Key, IV, CipherText, false) of
PlainText ->
{true, Cipher};
_ ->
false
end;
_ ->
false
end;
has_block_cipher(Cipher, {Key, IV, AAD, PlainText}) ->
case catch jose_crypto_compat:crypto_one_time(Cipher, Key, IV, {AAD, PlainText}, true) of
{CipherText, CipherTag} when is_binary(CipherText) andalso is_binary(CipherTag) ->
case catch jose_crypto_compat:crypto_one_time(Cipher, Key, IV, {AAD, CipherText, CipherTag}, false) of
PlainText ->
{true, Cipher};
_ ->
false
end;
_ ->
false
end.
%% @private
has_rsa_crypt(Algorithm, future, _LegacyOptions, FutureOptions) ->
PlainText = << 0:8 >>,
PublicKey = rsa_public_key(),
case catch public_key:encrypt_public(PlainText, PublicKey, FutureOptions) of
CipherText when is_binary(CipherText) ->
PrivateKey = rsa_private_key(),
case catch public_key:decrypt_private(CipherText, PrivateKey, FutureOptions) of
PlainText ->
case catch public_key:decrypt_private(rsa_ciphertext(Algorithm), PrivateKey, FutureOptions) of
<<"ciphertext">> ->
{true, public_key, FutureOptions};
_ ->
false
end;
_ ->
false
end;
_ ->
false
end;
has_rsa_crypt(_Algorithm, legacy, notsup, _FutureOptions) ->
false;
has_rsa_crypt(Algorithm, legacy, LegacyOptions, _FutureOptions) ->
PlainText = << 0:8 >>,
PublicKey = rsa_public_key(),
case catch public_key:encrypt_public(PlainText, PublicKey, LegacyOptions) of
CipherText when is_binary(CipherText) ->
PrivateKey = rsa_private_key(),
case catch public_key:decrypt_private(CipherText, PrivateKey, LegacyOptions) of
PlainText ->
case catch public_key:decrypt_private(rsa_ciphertext(Algorithm), PrivateKey, LegacyOptions) of
<<"ciphertext">> ->
{true, public_key, LegacyOptions};
_ ->
false
end;
_ ->
false
end;
_ ->
false
end.
%% @private
has_rsa_sign(Padding, future, DigestType) ->
Message = << 0:8 >>,
PrivateKey = rsa_private_key(),
Options = [{rsa_padding, Padding}],
case catch public_key:sign(Message, DigestType, PrivateKey, Options) of
Signature when is_binary(Signature) ->
PublicKey = rsa_public_key(),
case catch public_key:verify(Message, DigestType, Signature, PublicKey, Options) of
true ->
{true, public_key, Options};
_ ->
false
end;
_ ->
false
end;
has_rsa_sign(rsa_pkcs1_padding, legacy, DigestType) ->
Message = << 0:8 >>,
PrivateKey = rsa_private_key(),
case catch public_key:sign(Message, DigestType, PrivateKey) of
Signature when is_binary(Signature) ->
PublicKey = rsa_public_key(),
case catch public_key:verify(Message, DigestType, Signature, PublicKey) of
true ->
{true, public_key};
_ ->
false
end;
_ ->
false
end;
has_rsa_sign(_Padding, legacy, _DigestType) ->
false.
%% @private
read_pem_key(PEM) ->
public_key:pem_entry_decode(hd(public_key:pem_decode(PEM))).
%% @private
rsa_ciphertext(rsa1_5) ->
<<
16#67, 16#3F, 16#BF, 16#D4, 16#93, 16#1E, 16#6C, 16#54,
16#67, 16#DE, 16#29, 16#3C, 16#71, 16#5F, 16#95, 16#BE,
16#69, 16#99, 16#D3, 16#6C, 16#E4, 16#81, 16#1E, 16#49,
16#BE, 16#5D, 16#91, 16#85, 16#E7, 16#1D, 16#04, 16#C5,
16#38, 16#0A, 16#6F, 16#3F, 16#32, 16#2C, 16#3D, 16#67,
16#53, 16#B1, 16#EA, 16#D7, 16#2E, 16#ED, 16#6A, 16#7A,
16#EB, 16#49, 16#79, 16#71, 16#CA, 16#F5, 16#71, 16#67,
16#FA, 16#8B, 16#B8, 16#A8, 16#30, 16#59, 16#2E, 16#88,
16#98, 16#19, 16#AE, 16#B2, 16#94, 16#BA, 16#6E, 16#D2,
16#EF, 16#28, 16#BE, 16#04, 16#4F, 16#90, 16#77, 16#CA,
16#3D, 16#11, 16#2B, 16#E7, 16#17, 16#D8, 16#89, 16#7F,
16#EC, 16#7A, 16#2C, 16#70, 16#A5, 16#08, 16#FB, 16#5B
>>;
rsa_ciphertext(rsa_oaep) ->
<<
16#B8, 16#F7, 16#0C, 16#A8, 16#F8, 16#30, 16#2A, 16#E9,
16#68, 16#8A, 16#DB, 16#3E, 16#5D, 16#AE, 16#84, 16#A7,
16#16, 16#FA, 16#9D, 16#E2, 16#FC, 16#81, 16#F7, 16#DF,
16#A8, 16#DB, 16#8F, 16#4F, 16#92, 16#A1, 16#51, 16#9E,
16#6B, 16#C5, 16#36, 16#CE, 16#93, 16#10, 16#11, 16#D9,
16#D5, 16#C2, 16#C9, 16#85, 16#14, 16#EF, 16#D5, 16#C3,
16#AC, 16#63, 16#BE, 16#49, 16#FA, 16#02, 16#1A, 16#FC,
16#3D, 16#D0, 16#2C, 16#83, 16#C5, 16#76, 16#1D, 16#F5,
16#FA, 16#A0, 16#D7, 16#42, 16#ED, 16#3F, 16#A4, 16#12,
16#32, 16#14, 16#93, 16#51, 16#79, 16#2E, 16#40, 16#FB,
16#14, 16#18, 16#DF, 16#30, 16#62, 16#9F, 16#F3, 16#59,
16#5D, 16#83, 16#0F, 16#4A, 16#8F, 16#9B, 16#3F, 16#39
>>;
rsa_ciphertext(rsa_oaep_256) ->
<<
16#09, 16#24, 16#EA, 16#EB, 16#D4, 16#EF, 16#00, 16#BE,
16#8E, 16#02, 16#BE, 16#25, 16#24, 16#24, 16#18, 16#81,
16#8D, 16#7A, 16#A2, 16#EB, 16#F1, 16#BE, 16#5C, 16#DC,
16#D0, 16#71, 16#43, 16#09, 16#53, 16#12, 16#44, 16#AD,
16#8A, 16#CD, 16#F8, 16#45, 16#7F, 16#1F, 16#30, 16#B6,
16#54, 16#8E, 16#AB, 16#D2, 16#10, 16#14, 16#BC, 16#CE,
16#7A, 16#99, 16#DC, 16#A6, 16#8D, 16#16, 16#5A, 16#A0,
16#50, 16#3A, 16#93, 16#0E, 16#53, 16#4A, 16#B5, 16#6B,
16#51, 16#E8, 16#43, 16#8F, 16#BD, 16#2D, 16#E0, 16#63,
16#36, 16#24, 16#5B, 16#8D, 16#DD, 16#98, 16#AC, 16#37,
16#7C, 16#16, 16#DB, 16#03, 16#C8, 16#BD, 16#22, 16#D2,
16#15, 16#98, 16#91, 16#B7, 16#3C, 16#01, 16#CF, 16#0E
>>.
%% @private
rsa_public_key() ->
read_pem_key(<<
"-----BEGIN PUBLIC KEY-----\n"
"MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL/f1xISwDSm4m6sYHm6WD4WK2egfyfZ\n"
"hd0w4iVeZvHjUurZVRVQojs7hZC7DKBfjShl6M7BT9j7gkaYOXlJHLhK6/J+Zr0C\n"
"g6PMkkbejQltgr4fUzbG8zUBo7BMs4Xm0wIDAQAB\n"
"-----END PUBLIC KEY-----\n"
>>).
%% @private
rsa_private_key() ->
read_pem_key(<<
"-----BEGIN RSA PRIVATE KEY-----\n"
"MIIBzAIBAAJhAL/f1xISwDSm4m6sYHm6WD4WK2egfyfZhd0w4iVeZvHjUurZVRVQ\n"
"ojs7hZC7DKBfjShl6M7BT9j7gkaYOXlJHLhK6/J+Zr0Cg6PMkkbejQltgr4fUzbG\n"
"8zUBo7BMs4Xm0wIDAQABAmEAiisNO7WG9SNLoPi+TEn061iZjvjTOAX60Io3/0LY\n"
"jMzu07EHBN9Yw6CcENmxQPcsdIRlSKLlt+UeUdBES6Zoccek5fJl+gnqExeX2Av1\n"
"v0Y8vIP2yejV7Pw+SrNxpY5ZAjEA+WMEZEgFrK8cPJmZLR9Kj3jvN5P+AmIKzg00\n"
"VMW93rS+sdHmYQUStqBuu2XRw5SlAjEAxPZlLCZ83GrqdStcmChCFpflzCRyU/wC\n"
"qVVP8QYfct49Cca3TyC8lCywwXI5s5wXAjA1JQK0lByRdiegSmM4GGj9NhpUT7db\n"
"rqT60BmMzy7tHLtejYp4tmoMfRfb25DeCvkCMQCO+usQ9NOZUsfmzNaH4lmvew8n\n"
"daHFE+F+uV6x8ibsRSZ8LVQuze33hsW9eEUo/HsCMQDKkImE3DSqHgwfKPjtecFH\n"
"oftdsGQ4u+MUGkST94Hh8479oNYaNveCRDOTJ4GJjUE=\n"
"-----END RSA PRIVATE KEY-----\n"
>>).
