diff options
| author | Loïc Hoguin <essen@ninenines.eu> | 2016-09-29 17:53:28 +0200 |
|---|---|---|
| committer | Loïc Hoguin <essen@ninenines.eu> | 2016-09-29 17:53:28 +0200 |
| commit | 8edcd88d01b5e3cef565219272d48e5f01d4e969 (patch) | |
| tree | 4bd566013fb3c2f5e2b8eca95a0bf4c26e2c50e7 | |
| parent | 7cb692ea9f4b4ae871e9eb31aa67367f30b976f1 (diff) | |
| download | rabbitmq-server-git-8edcd88d01b5e3cef565219272d48e5f01d4e969.tar.gz | |
Add rabbit_pbe:encrypt_term and decrypt_term
| -rw-r--r-- | src/rabbit_pbe.erl | 9 | ||||
| -rw-r--r-- | test/unit_SUITE.erl | 29 |
2 files changed, 38 insertions, 0 deletions
diff --git a/src/rabbit_pbe.erl b/src/rabbit_pbe.erl index 2671493983..5773faf9dc 100644 --- a/src/rabbit_pbe.erl +++ b/src/rabbit_pbe.erl @@ -16,8 +16,17 @@ -module(rabbit_pbe). +-export([encrypt_term/5, decrypt_term/5]). -export([encrypt/5, decrypt/5]). +%% Encryption/decryption of arbitrary Erlang terms. + +encrypt_term(Cipher, Hash, Iterations, PassPhrase, Term) -> + encrypt(Cipher, Hash, Iterations, PassPhrase, term_to_binary(Term)). + +decrypt_term(Cipher, Hash, Iterations, PassPhrase, Base64Binary) -> + binary_to_term(decrypt(Cipher, Hash, Iterations, PassPhrase, Base64Binary)). + %% The cipher for encryption is from the list of supported ciphers. %% The hash for generating the key from the passphrase is from the list %% of supported hashes. See crypto:supports/0 to obtain both lists. diff --git a/test/unit_SUITE.erl b/test/unit_SUITE.erl index 165f0d996b..d9822e7eff 100644 --- a/test/unit_SUITE.erl +++ b/test/unit_SUITE.erl @@ -42,6 +42,7 @@ groups() -> content_framing, content_transcoding, encrypt_decrypt, + encrypt_decrypt_term, pg_local, pmerge, plmerge, @@ -254,6 +255,34 @@ encrypt_decrypt(_Config) -> end || H <- Hashes, C <- Ciphers], ok. +encrypt_decrypt_term(_Config) -> + %% Take all available block ciphers. + Hashes = proplists:get_value(hashs, crypto:supports()) + -- [md4, ripemd160], + Ciphers = proplists:get_value(ciphers, crypto:supports()) + -- [aes_ctr, aes_ecb, des_ecb, blowfish_ecb, rc4, aes_gcm], + %% Different Erlang terms to try encrypting. + DataSet = [ + 10000, + [5672], + [{"127.0.0.1", 5672}, + {"::1", 5672}], + [{connection, info}, {channel, info}], + [{cacertfile, "/path/to/testca/cacert.pem"}, + {certfile, "/path/to/server/cert.pem"}, + {keyfile, "/path/to/server/key.pem"}, + {verify, verify_peer}, + {fail_if_no_peer_cert, false}], + [<<".*">>, <<".*">>, <<".*">>] + ], + _ = [begin + PassPhrase = crypto:strong_rand_bytes(16), + Iterations = rand_compat:uniform(100), + Enc = rabbit_pbe:encrypt_term(C, H, Iterations, PassPhrase, Data), + Data = rabbit_pbe:decrypt_term(C, H, Iterations, PassPhrase, Enc) + end || H <- Hashes, C <- Ciphers, Data <- DataSet], + ok. + %% ------------------------------------------------------------------- %% pg_local. %% ------------------------------------------------------------------- |