added support for different crypto api

zookzook · zookzook · commit eef5579cd74c · 2020-01-08T11:21:59.000+01:00
diff --git a/lib/mongo/password_safe.ex b/lib/mongo/password_safe.ex
@@ -35,19 +35,36 @@ defmodule Mongo.PasswordSafe do
     {:reply, password |> decrypt(key), data}
   end
 
-  defp encrypt(plaintext, key) do
-    iv         = :crypto.strong_rand_bytes(16) # create random Initialisation Vector
-    ciphertext = :crypto.crypto_one_time(:aes_256_ctr, key, iv, plaintext, true)
-    iv <> ciphertext # "return" iv & ciphertext
-  end
+  if String.to_integer(System.otp_release()) < 22 do
+
+    @aad "AES256GCM"
+
+    defp encrypt(plaintext, key) do
+      iv = :crypto.strong_rand_bytes(16) # create random Initialisation Vector
+      {ciphertext, tag} = :crypto.block_encrypt(:aes_gcm, key, iv, {@aad, to_string(plaintext), 16})
+      iv <> tag <> ciphertext # "return" iv with the cipher tag & ciphertext
+    end
+
+    defp decrypt(ciphertext, key) do
+      <<iv::binary-16, tag::binary-16, ciphertext::binary>> = ciphertext
+      :crypto.block_decrypt(:aes_gcm, key, iv, {@aad, ciphertext, tag})
+    end
+
+  else
+    defp encrypt(plaintext, key) do
+      iv         = :crypto.strong_rand_bytes(16) # create random Initialisation Vector
+      ciphertext = :crypto.crypto_one_time(:aes_256_ctr, key, iv, plaintext, true)
+      iv <> ciphertext # "return" iv & ciphertext
+    end
+
+    defp decrypt(ciphertext, key) do
+      <<iv::binary-16, ciphertext::binary>> = ciphertext
+      :crypto.crypto_one_time(:aes_256_ctr, key, iv, ciphertext, false)
+    end
 
-  defp decrypt(ciphertext, key) do
-    <<iv::binary-16, ciphertext::binary>> = ciphertext
-    :crypto.crypto_one_time(:aes_256_ctr, key, iv, ciphertext, false)
   end
 
   defp generate_key() do
     :crypto.strong_rand_bytes(32)
   end
-
 end
