Feature #6980
closedOpenSSL support for AEAD additional authenticated data and tags
Description
=begin
I've added support to OpenSSL::Cipher to support AEAD modes of operation. AEAD modes allow for plaintext additional authentication data to be combined with a ciphertext to generate a "tag" (e.g., a MAC). This tag can then be verified during decryption to ensure the secret key, nonce (IV), additional authentication data, ciphertext, and tag have not been changed or manipulated.
Usage can be inferred through documentation and tests.
cipher = OpenSSL::Cipher.new('aes-256-gcm')
cipher.encrypt
cipher.key = 'key'
cipher.iv = 'iv'
cipher.aad = 'aad'
ct = cipher.update('plain')
tag = cipher.gcm_tag
cipher.reset
cipher.decrypt
cipher.key = 'key'
cipher.iv = 'iv'
cipher.gcm_tag = 'tag'
cipher.aad = 'aad'
cipher.update(ct) + cipher.verify + cipher.final # => 'plain'
cipher.reset
cipher.decrypt
cipher.key = 'key'
cipher.iv = 'iv'
cipher.gcm_tag = 'tag'
cipher.aad = 'aad'
cipher.update(ct[0..-2] << ct[-1].succ) + cipher.verify + cipherfinal # => OpenSSL::Cipher::CipherError
=end
Files
Updated by stouset (Stephen Touset) over 12 years ago
Sorry, patch included unintentional whitespace changes. Reuploaded without whitespace changes.
Updated by MartinBosslet (Martin Bosslet) over 12 years ago
- Status changed from Open to Assigned
- Assignee set to MartinBosslet (Martin Bosslet)
- Target version changed from 1.9.3 to 2.0.0
Updated by stouset (Stephen Touset) over 12 years ago
=begin
I'm not necessarily happy with a GCM-specific (({gcm_tag})), and an (unimplemented but hypothetical) (({ccm_tag})) et al. But having a single (({tag})) method that probed for which mode it was currently in seemed too magical. I'm open to ideas.
=end
Updated by stouset (Stephen Touset) about 12 years ago
I take it given the recent feature freeze that this will not make it into 2.0?
Updated by ko1 (Koichi Sasada) about 12 years ago
Marin, how about this ticket?
Updated by MartinBosslet (Martin Bosslet) about 12 years ago
This would definitely be on my list for 2.0. Sorry for not having been more responsive. I talked with nahi at RubyConf about the tickets that are still open at the moment. I will ask if it is possible to extend the feature freeze for some of the items, there might be a chance. I, too, would like to see this make it into 2.0!
Updated by mame (Yusuke Endoh) about 12 years ago
- Priority changed from Normal to 5
Please commit it before preview2, i.e., in this month, and make sure that it causes no problem.
--
Yusuke Endoh mame@tsg.ne.jp
Updated by Anonymous about 12 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r38488.
Stephen, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
- ext/openssl/ossl_cipher.c: add support for Authenticated Encryption
with Associated Data (AEAD) for OpenSSL versions that support the
GCM encryption mode. It's the only mode supported for now by OpenSSL
itself. Add Cipher#authenticated? to detect whether a chosen mode
does support Authenticated Encryption. - test/openssl/test_cipher.rb: add tests for Authenticated Encryption.
[Feature #6980] [ruby-core:47426] Thank you, Stephen Touset for
providing a patch!
Updated by MartinBosslet (Martin Bosslet) about 12 years ago
Thanks again, Stephen! I changed the interface a bit to make it possible to support CCM mode as well once it will be available through the EVP interface. Instead of Cipher#gcm_tag, it is now called Cipher#auth_tag. Because of this change, I also made it Cipher#auth_data=, to indicate that both belong together conceptually.
I also omitted the additional Cipher#verify method, since tag verification will be performed during the call to Cipher#final. I didn't want to introduce an additional method - this way the overall Cipher interface stays coherent.