encrypt_record() appends the authentication tag.

So the calling code doesn't have to.

encrypt_record() appends the authentication tag.
So the calling code doesn't have to.
877f1efa · Geoff Simmons · 68bdc698 · 877f1efa · 877f1efa · 877f1efa
Commit 877f1efa authored Sep 05, 2019 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 6 deletions

rfc8188.c src/rfc8188.c +3 -1

rfc8188.h src/rfc8188.h +3 -2

rfc8188_test.c src/rfc8188_test.c +2 -3

No files found.
--- a/src/rfc8188.c
+++ b/src/rfc8188.c
@@ -257,9 +257,10 @@ ssize_t
 encrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *plaintext,
    int plaintext_len, uint32_t rs, uint8_t cek[AES128_KEYLEN],
    unsigned char nonce[NONCE_LEN], int last, unsigned char *ciphertext,
-    uint8_t *tag, char errmsg[ERRMSG_LEN])
+    char errmsg[ERRMSG_LEN])
 {
 	int delim_idx, len, ciphertext_len;
+	uint8_t *tag;

 	AN(ctx);
 	AN(plaintext);
@@ -304,6 +305,7 @@ encrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *plaintext,
 	}
 	ciphertext_len += len;

+	tag = ciphertext + (rs - TAG_LEN);
 	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, TAG_LEN, tag)) {
 		mk_error(errmsg);
 		return (-1);

--- a/src/rfc8188.h
+++ b/src/rfc8188.h
@@ -162,7 +162,7 @@ ssize_t decrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *ciphertext,
 * Encrypt a record. Inputs are:
 *	plaintext, plaintext_len, rs, cek, nonce, last
 * Outputs is:
- *	ciphertext, tag
+ *	ciphertext
 *
 * The buffer at plaintext MUST have at least rs bytes allocated.
 *
@@ -171,6 +171,7 @@ ssize_t decrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *ciphertext,
 * If last is non-zero, then this is the last record in the message.
 *
 * At least rs bytes must be allocated for the buffer at ciphertext.
+ * The authentication tag is appended at ciphertext + (rs - TAG_LEN).
 *
 * Returns -1 on error, otherwise the number of ciphertext bytes. That
 * number will be equal to rs for every record but the last, which may be
@@ -179,4 +180,4 @@ ssize_t decrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *ciphertext,
 ssize_t encrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *plaintext,
    int plaintext_len, uint32_t rs, uint8_t cek[AES128_KEYLEN],
    unsigned char nonce[NONCE_LEN], int last, unsigned char *ciphertext,
-    uint8_t tag[TAG_LEN], char errmsg[ERRMSG_LEN]);
+    char errmsg[ERRMSG_LEN]);
--- a/src/rfc8188_test.c
+++ b/src/rfc8188_test.c
@@ -88,7 +88,7 @@ main(int argc, char *argv[])
 	    body1_test_b64[73];
 	unsigned char key1[AES128_KEYLEN + 2], key2[AES128_KEYLEN + 2],
 	    salt[SALT_LEN + 2], prk[SHA256_LEN], cek[SHA256_LEN],
-	    nonce[SHA256_LEN], seq[NONCE_LEN], tag[TAG_LEN],
+	    nonce[SHA256_LEN], seq[NONCE_LEN],
 	    body1[54], body2[75], plaintext[64], *ciphertext;
 	char errmsg[ERRMSG_LEN];
 	uint32_t rs;
@@ -268,14 +268,13 @@ main(int argc, char *argv[])
 	last = 1;
 	ciphertext = body1 + HDR_PREFIX_LEN + exp_idlen1;
 	len = encrypt_record(ctx, plaintext, exp_plaintext_len, rs, cek,
-	    nonce, last, ciphertext, tag, errmsg);
+	    nonce, last, ciphertext, errmsg);
 	if (len < 0) {
 		fprintf(stderr, "ex1 encrypt_record: %s\n", errmsg);
 		exit(-1);
 	}
 	assert((unsigned)len == rs - TAG_LEN);

-	memcpy(ciphertext + (rs - TAG_LEN), tag, TAG_LEN);
 	len = EVP_EncodeBlock(body1_test_b64, body1, bodylen1);
 	assert(len == 72);
 	AZ(memcmp(body1_test_b64, body1_b64, len));