Feature #6980
closed
OpenSSL support for AEAD additional authenticated data and tags
Description
=begin
I've added support to OpenSSL::Cipher to support AEAD modes of operation. AEAD modes allow for plaintext additional authentication data to be combined with a ciphertext to generate a "tag" (e.g., a MAC). This tag can then be verified during decryption to ensure the secret key, nonce (IV), additional authentication data, ciphertext, and tag have not been changed or manipulated.
Usage can be inferred through documentation and tests.
cipher = OpenSSL::Cipher.new('aes-256-gcm')
cipher.encrypt
cipher.key = 'key'
cipher.iv = 'iv'
cipher.aad = 'aad'
ct = cipher.update('plain')
tag = cipher.gcm_tag
cipher.reset
cipher.decrypt
cipher.key = 'key'
cipher.iv = 'iv'
cipher.gcm_tag = 'tag'
cipher.aad = 'aad'
cipher.update(ct) + cipher.verify + cipher.final # => 'plain'
cipher.reset
cipher.decrypt
cipher.key = 'key'
cipher.iv = 'iv'
cipher.gcm_tag = 'tag'
cipher.aad = 'aad'
cipher.update(ct[0..-2] << ct[-1].succ) + cipher.verify + cipherfinal # => OpenSSL::Cipher::CipherError
=end
Files
Updated by 
Updated by 
Updated by 
Updated by 
Updated by Anonymous