Commit a27102cf authored by Geoff Simmons's avatar Geoff Simmons

On success, encrypt_record() returns the full length of the record.

Including the length of the authentication tag.
parent 85d7f62c
...@@ -324,5 +324,5 @@ encrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *plaintext, ...@@ -324,5 +324,5 @@ encrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *plaintext,
return (-1); return (-1);
} }
return (ciphertext_len); return (ciphertext_len + TAG_LEN);
} }
...@@ -171,18 +171,21 @@ ssize_t decrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *ciphertext, ...@@ -171,18 +171,21 @@ ssize_t decrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *ciphertext,
* plaintext for subsequent records must begin at a location that will * plaintext for subsequent records must begin at a location that will
* have been overwritten. * have been overwritten.
* *
* plaintext_len MAY NOT be > rs - (TAG_LEN + 1). * plaintext_len MUST be >= 0, and MAY NOT be > rs - (TAG_LEN + 1).
* *
* rs for every record MUST equal the record size set for the entire * rs MUST be >= 18. For every record, rs MUST equal the record size
* message, except possibly for the last record, which may be smaller. * established for the entire message, except possibly for the last
* record, which may be smaller.
* *
* If last is non-zero, then this is the last record in the message. * last is non-zero iff this is the last record in the message.
* *
* At least rs bytes must be allocated for the buffer at ciphertext. * At least rs bytes must be allocated for the buffer at ciphertext.
* The authentication tag is appended at ciphertext + (rs - TAG_LEN). * The authentication tag is appended at ciphertext + (rs - TAG_LEN).
* *
* Returns -1 on error, otherwise the number of ciphertext bytes. That * Returns -1 on error, otherwise the number of bytes written to
* number will be equal to (rs - TAG_LEN) for every record. * ciphertext, including the authentication tag. Successful return values
* are always equal to rs, and the next record can be written to
* ciphertext + rs.
*/ */
ssize_t encrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *plaintext, ssize_t encrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *plaintext,
int plaintext_len, uint32_t rs, uint8_t cek[AES128_KEYLEN], int plaintext_len, uint32_t rs, uint8_t cek[AES128_KEYLEN],
......
...@@ -271,7 +271,7 @@ main(int argc, char *argv[]) ...@@ -271,7 +271,7 @@ main(int argc, char *argv[])
fprintf(stderr, "ex1 encrypt_record: %s\n", errmsg); fprintf(stderr, "ex1 encrypt_record: %s\n", errmsg);
exit(-1); exit(-1);
} }
assert((unsigned)len == rs - TAG_LEN); assert((unsigned)len == rs);
len = EVP_EncodeBlock(body1_test_b64, body1, bodylen1); len = EVP_EncodeBlock(body1_test_b64, body1, bodylen1);
assert(len == 72); assert(len == 72);
...@@ -317,8 +317,8 @@ main(int argc, char *argv[]) ...@@ -317,8 +317,8 @@ main(int argc, char *argv[])
fprintf(stderr, "ex2 1st record encrypt_record: %s\n", errmsg); fprintf(stderr, "ex2 1st record encrypt_record: %s\n", errmsg);
exit(-1); exit(-1);
} }
assert((unsigned)len == exp_rs2 - TAG_LEN); assert((unsigned)len == exp_rs2);
ciphertext_len = exp_rs2; ciphertext_len = len;
/* Second record, last 8 bytes of the plaintext */ /* Second record, last 8 bytes of the plaintext */
seq[NONCE_LEN - 1] = 1; // simulates increment seq[NONCE_LEN - 1] = 1; // simulates increment
...@@ -335,8 +335,8 @@ main(int argc, char *argv[]) ...@@ -335,8 +335,8 @@ main(int argc, char *argv[])
fprintf(stderr, "ex1 2nd record encrypt_record: %s\n", errmsg); fprintf(stderr, "ex1 2nd record encrypt_record: %s\n", errmsg);
exit(-1); exit(-1);
} }
assert((unsigned)len == exp_rs2 - TAG_LEN); assert((unsigned)len == exp_rs2);
ciphertext_len += exp_rs2; ciphertext_len += len;
assert(ciphertext_len + HDR_PREFIX_LEN + exp_idlen2 == exp_bodylen2); assert(ciphertext_len + HDR_PREFIX_LEN + exp_idlen2 == exp_bodylen2);
len = EVP_EncodeBlock(body2_test_b64, body2, exp_bodylen2); len = EVP_EncodeBlock(body2_test_b64, body2, exp_bodylen2);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment