Commit 877f1efa authored by Geoff Simmons's avatar Geoff Simmons

encrypt_record() appends the authentication tag.

So the calling code doesn't have to.
parent 68bdc698
......@@ -257,9 +257,10 @@ ssize_t
encrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *plaintext,
int plaintext_len, uint32_t rs, uint8_t cek[AES128_KEYLEN],
unsigned char nonce[NONCE_LEN], int last, unsigned char *ciphertext,
uint8_t *tag, char errmsg[ERRMSG_LEN])
char errmsg[ERRMSG_LEN])
{
int delim_idx, len, ciphertext_len;
uint8_t *tag;
AN(ctx);
AN(plaintext);
......@@ -304,6 +305,7 @@ encrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *plaintext,
}
ciphertext_len += len;
tag = ciphertext + (rs - TAG_LEN);
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, TAG_LEN, tag)) {
mk_error(errmsg);
return (-1);
......
......@@ -162,7 +162,7 @@ ssize_t decrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *ciphertext,
* Encrypt a record. Inputs are:
* plaintext, plaintext_len, rs, cek, nonce, last
* Outputs is:
* ciphertext, tag
* ciphertext
*
* The buffer at plaintext MUST have at least rs bytes allocated.
*
......@@ -171,6 +171,7 @@ ssize_t decrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *ciphertext,
* If last is non-zero, then this is the last record in the message.
*
* At least rs bytes must be allocated for the buffer at ciphertext.
* The authentication tag is appended at ciphertext + (rs - TAG_LEN).
*
* Returns -1 on error, otherwise the number of ciphertext bytes. That
* number will be equal to rs for every record but the last, which may be
......@@ -179,4 +180,4 @@ ssize_t decrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *ciphertext,
ssize_t encrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *plaintext,
int plaintext_len, uint32_t rs, uint8_t cek[AES128_KEYLEN],
unsigned char nonce[NONCE_LEN], int last, unsigned char *ciphertext,
uint8_t tag[TAG_LEN], char errmsg[ERRMSG_LEN]);
char errmsg[ERRMSG_LEN]);
......@@ -88,7 +88,7 @@ main(int argc, char *argv[])
body1_test_b64[73];
unsigned char key1[AES128_KEYLEN + 2], key2[AES128_KEYLEN + 2],
salt[SALT_LEN + 2], prk[SHA256_LEN], cek[SHA256_LEN],
nonce[SHA256_LEN], seq[NONCE_LEN], tag[TAG_LEN],
nonce[SHA256_LEN], seq[NONCE_LEN],
body1[54], body2[75], plaintext[64], *ciphertext;
char errmsg[ERRMSG_LEN];
uint32_t rs;
......@@ -268,14 +268,13 @@ main(int argc, char *argv[])
last = 1;
ciphertext = body1 + HDR_PREFIX_LEN + exp_idlen1;
len = encrypt_record(ctx, plaintext, exp_plaintext_len, rs, cek,
nonce, last, ciphertext, tag, errmsg);
nonce, last, ciphertext, errmsg);
if (len < 0) {
fprintf(stderr, "ex1 encrypt_record: %s\n", errmsg);
exit(-1);
}
assert((unsigned)len == rs - TAG_LEN);
memcpy(ciphertext + (rs - TAG_LEN), tag, TAG_LEN);
len = EVP_EncodeBlock(body1_test_b64, body1, bodylen1);
assert(len == 72);
AZ(memcmp(body1_test_b64, body1_b64, len));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment