Project

General

Profile

Actions

Feature #6980

closed

OpenSSL support for AEAD additional authenticated data and tags

Added by stouset (Stephen Touset) over 11 years ago. Updated over 11 years ago.

Status:
Closed
Target version:
[ruby-core:47426]

Description

=begin
I've added support to OpenSSL::Cipher to support AEAD modes of operation. AEAD modes allow for plaintext additional authentication data to be combined with a ciphertext to generate a "tag" (e.g., a MAC). This tag can then be verified during decryption to ensure the secret key, nonce (IV), additional authentication data, ciphertext, and tag have not been changed or manipulated.

Usage can be inferred through documentation and tests.

cipher = OpenSSL::Cipher.new('aes-256-gcm')
cipher.encrypt
cipher.key = 'key'
cipher.iv = 'iv'
cipher.aad = 'aad'

ct = cipher.update('plain')
tag = cipher.gcm_tag

cipher.reset
cipher.decrypt
cipher.key = 'key'
cipher.iv = 'iv'
cipher.gcm_tag = 'tag'
cipher.aad = 'aad'

cipher.update(ct) + cipher.verify + cipher.final # => 'plain'

cipher.reset
cipher.decrypt
cipher.key = 'key'
cipher.iv = 'iv'
cipher.gcm_tag = 'tag'
cipher.aad = 'aad'

cipher.update(ct[0..-2] << ct[-1].succ) + cipher.verify + cipherfinal # => OpenSSL::Cipher::CipherError
=end


Files

openssl_aead_ciphers.patch (13.2 KB) openssl_aead_ciphers.patch OpenSSL AEAD mode support stouset (Stephen Touset), 09/05/2012 04:11 AM
openssl_aead_ciphers.patch (5.83 KB) openssl_aead_ciphers.patch OpenSSL AEAD mode support, sans whitespace changes stouset (Stephen Touset), 09/05/2012 04:14 AM
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0Like0