On success, encrypt_record() returns the full length of the record.

Including the length of the authentication tag.

On success, encrypt_record() returns the full length of the record.
Including the length of the authentication tag.
a27102cf · Geoff Simmons · 85d7f62c · a27102cf · a27102cf · a27102cf
Commit a27102cf authored Sep 05, 2019 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 12 deletions

rfc8188.c src/rfc8188.c +1 -1

rfc8188.h src/rfc8188.h +9 -6

rfc8188_test.c src/rfc8188_test.c +5 -5

No files found.
--- a/src/rfc8188.c
+++ b/src/rfc8188.c
@@ -324,5 +324,5 @@ encrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *plaintext,
 		return (-1);
 	}
-	return (ciphertext_len);
+	return (ciphertext_len + TAG_LEN);
 }
--- a/src/rfc8188.h
+++ b/src/rfc8188.h
@@ -171,18 +171,21 @@ ssize_t decrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *ciphertext,
 * plaintext for subsequent records must begin at a location that will
 * have been overwritten.
 *
- * plaintext_len MAY NOT be > rs - (TAG_LEN + 1).
+ * plaintext_len MUST be >= 0, and MAY NOT be > rs - (TAG_LEN + 1).
 *
- * rs for every record MUST equal the record size set for the entire
+ * rs MUST be >= 18. For every record, rs MUST equal the record size
- * message, except possibly for the last record, which may be smaller.
+ * established for the entire message, except possibly for the last
+ * record, which may be smaller.
 *
- * If last is non-zero, then this is the last record in the message.
+ * last is non-zero iff this is the last record in the message.
 *
 * At least rs bytes must be allocated for the buffer at ciphertext.
 * The authentication tag is appended at ciphertext + (rs - TAG_LEN).
 *
- * Returns -1 on error, otherwise the number of ciphertext bytes. That
+ * Returns -1 on error, otherwise the number of bytes written to
- * number will be equal to (rs - TAG_LEN) for every record.
+ * ciphertext, including the authentication tag. Successful return values
+ * are always equal to rs, and the next record can be written to
+ * ciphertext + rs.
 */
 ssize_t encrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *plaintext,
    int plaintext_len, uint32_t rs, uint8_t cek[AES128_KEYLEN],

--- a/src/rfc8188_test.c
+++ b/src/rfc8188_test.c
@@ -271,7 +271,7 @@ main(int argc, char *argv[])
 		fprintf(stderr, "ex1 encrypt_record: %s\n", errmsg);
 		exit(-1);
 	}
-	assert((unsigned)len == rs - TAG_LEN);
+	assert((unsigned)len == rs);
 	len = EVP_EncodeBlock(body1_test_b64, body1, bodylen1);
 	assert(len == 72);
@@ -317,8 +317,8 @@ main(int argc, char *argv[])
 		fprintf(stderr, "ex2 1st record encrypt_record: %s\n", errmsg);
 		exit(-1);
 	}
-	assert((unsigned)len == exp_rs2 - TAG_LEN);
+	assert((unsigned)len == exp_rs2);
-	ciphertext_len = exp_rs2;
+	ciphertext_len = len;
 	/* Second record, last 8 bytes of the plaintext */
 	seq[NONCE_LEN - 1] = 1; // simulates increment
@@ -335,8 +335,8 @@ main(int argc, char *argv[])
 		fprintf(stderr, "ex1 2nd record encrypt_record: %s\n", errmsg);
 		exit(-1);
 	}
-	assert((unsigned)len == exp_rs2 - TAG_LEN);
+	assert((unsigned)len == exp_rs2);
-	ciphertext_len += exp_rs2;
+	ciphertext_len += len;
 	assert(ciphertext_len + HDR_PREFIX_LEN + exp_idlen2 == exp_bodylen2);
 	len = EVP_EncodeBlock(body2_test_b64, body2, exp_bodylen2);