Project

General

Profile

Actions

Feature #6980

closed

OpenSSL support for AEAD additional authenticated data and tags

Added by stouset (Stephen Touset) about 12 years ago. Updated almost 12 years ago.

Status:
Closed
Target version:
[ruby-core:47426]

Description

=begin
I've added support to OpenSSL::Cipher to support AEAD modes of operation. AEAD modes allow for plaintext additional authentication data to be combined with a ciphertext to generate a "tag" (e.g., a MAC). This tag can then be verified during decryption to ensure the secret key, nonce (IV), additional authentication data, ciphertext, and tag have not been changed or manipulated.

Usage can be inferred through documentation and tests.

cipher = OpenSSL::Cipher.new('aes-256-gcm')
cipher.encrypt
cipher.key = 'key'
cipher.iv = 'iv'
cipher.aad = 'aad'

ct = cipher.update('plain')
tag = cipher.gcm_tag

cipher.reset
cipher.decrypt
cipher.key = 'key'
cipher.iv = 'iv'
cipher.gcm_tag = 'tag'
cipher.aad = 'aad'

cipher.update(ct) + cipher.verify + cipher.final # => 'plain'

cipher.reset
cipher.decrypt
cipher.key = 'key'
cipher.iv = 'iv'
cipher.gcm_tag = 'tag'
cipher.aad = 'aad'

cipher.update(ct[0..-2] << ct[-1].succ) + cipher.verify + cipherfinal # => OpenSSL::Cipher::CipherError
=end


Files

openssl_aead_ciphers.patch (13.2 KB) openssl_aead_ciphers.patch OpenSSL AEAD mode support stouset (Stephen Touset), 09/05/2012 04:11 AM
openssl_aead_ciphers.patch (5.83 KB) openssl_aead_ciphers.patch OpenSSL AEAD mode support, sans whitespace changes stouset (Stephen Touset), 09/05/2012 04:14 AM

Updated by stouset (Stephen Touset) about 12 years ago

Sorry, patch included unintentional whitespace changes. Reuploaded without whitespace changes.

Updated by MartinBosslet (Martin Bosslet) about 12 years ago

  • Status changed from Open to Assigned
  • Assignee set to MartinBosslet (Martin Bosslet)
  • Target version changed from 1.9.3 to 2.0.0

Updated by stouset (Stephen Touset) about 12 years ago

=begin
I'm not necessarily happy with a GCM-specific (({gcm_tag})), and an (unimplemented but hypothetical) (({ccm_tag})) et al. But having a single (({tag})) method that probed for which mode it was currently in seemed too magical. I'm open to ideas.
=end

Updated by stouset (Stephen Touset) about 12 years ago

I take it given the recent feature freeze that this will not make it into 2.0?

Updated by ko1 (Koichi Sasada) about 12 years ago

Marin, how about this ticket?

Updated by MartinBosslet (Martin Bosslet) almost 12 years ago

This would definitely be on my list for 2.0. Sorry for not having been more responsive. I talked with nahi at RubyConf about the tickets that are still open at the moment. I will ask if it is possible to extend the feature freeze for some of the items, there might be a chance. I, too, would like to see this make it into 2.0!

Updated by mame (Yusuke Endoh) almost 12 years ago

  • Priority changed from Normal to 5

Please commit it before preview2, i.e., in this month, and make sure that it causes no problem.

--
Yusuke Endoh

Actions #8

Updated by Anonymous almost 12 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r38488.
Stephen, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • ext/openssl/ossl_cipher.c: add support for Authenticated Encryption
    with Associated Data (AEAD) for OpenSSL versions that support the
    GCM encryption mode. It's the only mode supported for now by OpenSSL
    itself. Add Cipher#authenticated? to detect whether a chosen mode
    does support Authenticated Encryption.
  • test/openssl/test_cipher.rb: add tests for Authenticated Encryption.
    [Feature #6980] [ruby-core:47426] Thank you, Stephen Touset for
    providing a patch!

Updated by MartinBosslet (Martin Bosslet) almost 12 years ago

Thanks again, Stephen! I changed the interface a bit to make it possible to support CCM mode as well once it will be available through the EVP interface. Instead of Cipher#gcm_tag, it is now called Cipher#auth_tag. Because of this change, I also made it Cipher#auth_data=, to indicate that both belong together conceptually.

I also omitted the additional Cipher#verify method, since tag verification will be performed during the call to Cipher#final. I didn't want to introduce an additional method - this way the overall Cipher interface stays coherent.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0Like0