Ruby

/*

* call-seq:

* cipher.iv_len = integer -> integer

*

* Sets the iv length of the cipher. This method is available only for GCM or

* CCM (which is not supported yet) ciphers.

*

* See EVP_CIPHER_CTX_ctrl and EVP_CTRL_GCM_SET_IVLEN for further information.

*/

static VALUE

ossl_cipher_set_iv_length(VALUE self, VALUE iv_length)

{

EVP_CIPHER_CTX *ctx;

int nid;

int len = NUM2INT(iv_length);

GetCipher(self, ctx);

nid = EVP_CIPHER_CTX_nid(ctx);

if (ossl_is_gcm(nid)) {

if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, len, NULL))

ossl_raise(eCipherError, "unable to set GCM IV length");

} else {

ossl_raise(eCipherError, "IV length is not variable for this cipher");

}

return iv_length;

}

rb_define_method(cCipher, "iv_len=", ossl_cipher_set_iv_length, 1);

def test_aes_gcm_custom_iv

pt = "You should all use Authenticated Encryption!"

cipher, key, iv = new_encryptor('aes-128-gcm')

cipher.iv = "\0" * 16

cipher2 = OpenSSL::Cipher.new('aes-128-gcm')

cipher2.encrypt

cipher2.key = key

cipher2.iv_len = 16

cipher2.iv = "\0" * 16

ct12 = cipher.update(pt) + cipher.final

ct16 = cipher2.update(pt) + cipher2.final

assert ct12 != ct16

decipher = OpenSSL::Cipher.new('aes-128-gcm')

decipher.auth_tag = cipher2.auth_tag

decipher.decrypt

decipher.key = key

decipher.iv_len = 16

decipher.iv = "\0" * 16

assert_equal pt, decipher.update(ct16) + decipher.final

end

def test_aes_gcm_set_wrong_iv_len

cipher, key, iv = new_encryptor('aes-128-gcm')

cipher = OpenSSL::Cipher.new('aes-128-gcm')

assert_raise OpenSSL::Cipher::CipherError do

cipher.iv_len = -1

end

end