openssl 2.0.0.beta.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of openssl might be problematic. Click here for more details.

Files changed (71) hide show
  1. checksums.yaml +7 -0
  2. data/BSDL +22 -0
  3. data/CONTRIBUTING.md +130 -0
  4. data/History.md +118 -0
  5. data/LICENSE.txt +56 -0
  6. data/README.md +70 -0
  7. data/ext/openssl/deprecation.rb +26 -0
  8. data/ext/openssl/extconf.rb +158 -0
  9. data/ext/openssl/openssl_missing.c +173 -0
  10. data/ext/openssl/openssl_missing.h +244 -0
  11. data/ext/openssl/ossl.c +1201 -0
  12. data/ext/openssl/ossl.h +222 -0
  13. data/ext/openssl/ossl_asn1.c +1992 -0
  14. data/ext/openssl/ossl_asn1.h +66 -0
  15. data/ext/openssl/ossl_bio.c +87 -0
  16. data/ext/openssl/ossl_bio.h +19 -0
  17. data/ext/openssl/ossl_bn.c +1153 -0
  18. data/ext/openssl/ossl_bn.h +23 -0
  19. data/ext/openssl/ossl_cipher.c +1085 -0
  20. data/ext/openssl/ossl_cipher.h +20 -0
  21. data/ext/openssl/ossl_config.c +89 -0
  22. data/ext/openssl/ossl_config.h +19 -0
  23. data/ext/openssl/ossl_digest.c +453 -0
  24. data/ext/openssl/ossl_digest.h +20 -0
  25. data/ext/openssl/ossl_engine.c +580 -0
  26. data/ext/openssl/ossl_engine.h +19 -0
  27. data/ext/openssl/ossl_hmac.c +398 -0
  28. data/ext/openssl/ossl_hmac.h +18 -0
  29. data/ext/openssl/ossl_ns_spki.c +406 -0
  30. data/ext/openssl/ossl_ns_spki.h +19 -0
  31. data/ext/openssl/ossl_ocsp.c +2013 -0
  32. data/ext/openssl/ossl_ocsp.h +23 -0
  33. data/ext/openssl/ossl_pkcs12.c +259 -0
  34. data/ext/openssl/ossl_pkcs12.h +13 -0
  35. data/ext/openssl/ossl_pkcs5.c +180 -0
  36. data/ext/openssl/ossl_pkcs5.h +6 -0
  37. data/ext/openssl/ossl_pkcs7.c +1125 -0
  38. data/ext/openssl/ossl_pkcs7.h +20 -0
  39. data/ext/openssl/ossl_pkey.c +435 -0
  40. data/ext/openssl/ossl_pkey.h +245 -0
  41. data/ext/openssl/ossl_pkey_dh.c +650 -0
  42. data/ext/openssl/ossl_pkey_dsa.c +672 -0
  43. data/ext/openssl/ossl_pkey_ec.c +1899 -0
  44. data/ext/openssl/ossl_pkey_rsa.c +768 -0
  45. data/ext/openssl/ossl_rand.c +238 -0
  46. data/ext/openssl/ossl_rand.h +18 -0
  47. data/ext/openssl/ossl_ssl.c +2679 -0
  48. data/ext/openssl/ossl_ssl.h +41 -0
  49. data/ext/openssl/ossl_ssl_session.c +352 -0
  50. data/ext/openssl/ossl_version.h +15 -0
  51. data/ext/openssl/ossl_x509.c +186 -0
  52. data/ext/openssl/ossl_x509.h +119 -0
  53. data/ext/openssl/ossl_x509attr.c +328 -0
  54. data/ext/openssl/ossl_x509cert.c +860 -0
  55. data/ext/openssl/ossl_x509crl.c +565 -0
  56. data/ext/openssl/ossl_x509ext.c +480 -0
  57. data/ext/openssl/ossl_x509name.c +547 -0
  58. data/ext/openssl/ossl_x509req.c +492 -0
  59. data/ext/openssl/ossl_x509revoked.c +279 -0
  60. data/ext/openssl/ossl_x509store.c +846 -0
  61. data/ext/openssl/ruby_missing.h +32 -0
  62. data/lib/openssl.rb +21 -0
  63. data/lib/openssl/bn.rb +39 -0
  64. data/lib/openssl/buffering.rb +451 -0
  65. data/lib/openssl/cipher.rb +67 -0
  66. data/lib/openssl/config.rb +473 -0
  67. data/lib/openssl/digest.rb +78 -0
  68. data/lib/openssl/pkey.rb +44 -0
  69. data/lib/openssl/ssl.rb +416 -0
  70. data/lib/openssl/x509.rb +176 -0
  71. metadata +178 -0
@@ -0,0 +1,23 @@
1
+ /*
2
+ * 'OpenSSL for Ruby' project
3
+ * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
4
+ * All rights reserved.
5
+ */
6
+ /*
7
+ * This program is licensed under the same licence as Ruby.
8
+ * (See the file 'LICENCE'.)
9
+ */
10
+ #if !defined(_OSSL_BN_H_)
11
+ #define _OSSL_BN_H_
12
+
13
+ extern VALUE cBN;
14
+ extern VALUE eBNError;
15
+
16
+ extern BN_CTX *ossl_bn_ctx;
17
+
18
+ VALUE ossl_bn_new(const BIGNUM *);
19
+ BIGNUM *GetBNPtr(VALUE);
20
+ void Init_ossl_bn(void);
21
+
22
+
23
+ #endif /* _OSS_BN_H_ */
@@ -0,0 +1,1085 @@
1
+ /*
2
+ * 'OpenSSL for Ruby' project
3
+ * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
4
+ * All rights reserved.
5
+ */
6
+ /*
7
+ * This program is licensed under the same licence as Ruby.
8
+ * (See the file 'LICENCE'.)
9
+ */
10
+ #include "ossl.h"
11
+
12
+ #define NewCipher(klass) \
13
+ TypedData_Wrap_Struct((klass), &ossl_cipher_type, 0)
14
+ #define AllocCipher(obj, ctx) do { \
15
+ (ctx) = EVP_CIPHER_CTX_new(); \
16
+ if (!(ctx)) \
17
+ ossl_raise(rb_eRuntimeError, NULL); \
18
+ RTYPEDDATA_DATA(obj) = (ctx); \
19
+ } while (0)
20
+ #define GetCipherInit(obj, ctx) do { \
21
+ TypedData_Get_Struct((obj), EVP_CIPHER_CTX, &ossl_cipher_type, (ctx)); \
22
+ } while (0)
23
+ #define GetCipher(obj, ctx) do { \
24
+ GetCipherInit((obj), (ctx)); \
25
+ if (!(ctx)) { \
26
+ ossl_raise(rb_eRuntimeError, "Cipher not inititalized!"); \
27
+ } \
28
+ } while (0)
29
+ #define SafeGetCipher(obj, ctx) do { \
30
+ OSSL_Check_Kind((obj), cCipher); \
31
+ GetCipher((obj), (ctx)); \
32
+ } while (0)
33
+
34
+ /*
35
+ * Classes
36
+ */
37
+ VALUE cCipher;
38
+ VALUE eCipherError;
39
+ static ID id_auth_tag_len;
40
+
41
+ static VALUE ossl_cipher_alloc(VALUE klass);
42
+ static void ossl_cipher_free(void *ptr);
43
+
44
+ static const rb_data_type_t ossl_cipher_type = {
45
+ "OpenSSL/Cipher",
46
+ {
47
+ 0, ossl_cipher_free,
48
+ },
49
+ 0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
50
+ };
51
+
52
+ /*
53
+ * PUBLIC
54
+ */
55
+ const EVP_CIPHER *
56
+ GetCipherPtr(VALUE obj)
57
+ {
58
+ if (rb_obj_is_kind_of(obj, cCipher)) {
59
+ EVP_CIPHER_CTX *ctx;
60
+
61
+ GetCipher(obj, ctx);
62
+
63
+ return EVP_CIPHER_CTX_cipher(ctx);
64
+ }
65
+ else {
66
+ const EVP_CIPHER *cipher;
67
+
68
+ StringValueCStr(obj);
69
+ cipher = EVP_get_cipherbyname(RSTRING_PTR(obj));
70
+ if (!cipher)
71
+ ossl_raise(rb_eArgError,
72
+ "unsupported cipher algorithm: %"PRIsVALUE, obj);
73
+
74
+ return cipher;
75
+ }
76
+ }
77
+
78
+ VALUE
79
+ ossl_cipher_new(const EVP_CIPHER *cipher)
80
+ {
81
+ VALUE ret;
82
+ EVP_CIPHER_CTX *ctx;
83
+
84
+ ret = ossl_cipher_alloc(cCipher);
85
+ AllocCipher(ret, ctx);
86
+ if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1)
87
+ ossl_raise(eCipherError, NULL);
88
+
89
+ return ret;
90
+ }
91
+
92
+ /*
93
+ * PRIVATE
94
+ */
95
+ static void
96
+ ossl_cipher_free(void *ptr)
97
+ {
98
+ EVP_CIPHER_CTX_free(ptr);
99
+ }
100
+
101
+ static VALUE
102
+ ossl_cipher_alloc(VALUE klass)
103
+ {
104
+ return NewCipher(klass);
105
+ }
106
+
107
+ /*
108
+ * call-seq:
109
+ * Cipher.new(string) -> cipher
110
+ *
111
+ * The string must contain a valid cipher name like "AES-128-CBC" or "3DES".
112
+ *
113
+ * A list of cipher names is available by calling OpenSSL::Cipher.ciphers.
114
+ */
115
+ static VALUE
116
+ ossl_cipher_initialize(VALUE self, VALUE str)
117
+ {
118
+ EVP_CIPHER_CTX *ctx;
119
+ const EVP_CIPHER *cipher;
120
+ char *name;
121
+ unsigned char dummy_key[EVP_MAX_KEY_LENGTH] = { 0 };
122
+
123
+ name = StringValueCStr(str);
124
+ GetCipherInit(self, ctx);
125
+ if (ctx) {
126
+ ossl_raise(rb_eRuntimeError, "Cipher already inititalized!");
127
+ }
128
+ AllocCipher(self, ctx);
129
+ if (!(cipher = EVP_get_cipherbyname(name))) {
130
+ ossl_raise(rb_eRuntimeError, "unsupported cipher algorithm (%"PRIsVALUE")", str);
131
+ }
132
+ /*
133
+ * EVP_CipherInit_ex() allows to specify NULL to key and IV, however some
134
+ * ciphers don't handle well (OpenSSL's bug). [Bug #2768]
135
+ *
136
+ * The EVP which has EVP_CIPH_RAND_KEY flag (such as DES3) allows
137
+ * uninitialized key, but other EVPs (such as AES) does not allow it.
138
+ * Calling EVP_CipherUpdate() without initializing key causes SEGV so we
139
+ * set the data filled with "\0" as the key by default.
140
+ */
141
+ if (EVP_CipherInit_ex(ctx, cipher, NULL, dummy_key, NULL, -1) != 1)
142
+ ossl_raise(eCipherError, NULL);
143
+
144
+ return self;
145
+ }
146
+
147
+ static VALUE
148
+ ossl_cipher_copy(VALUE self, VALUE other)
149
+ {
150
+ EVP_CIPHER_CTX *ctx1, *ctx2;
151
+
152
+ rb_check_frozen(self);
153
+ if (self == other) return self;
154
+
155
+ GetCipherInit(self, ctx1);
156
+ if (!ctx1) {
157
+ AllocCipher(self, ctx1);
158
+ }
159
+ SafeGetCipher(other, ctx2);
160
+ if (EVP_CIPHER_CTX_copy(ctx1, ctx2) != 1)
161
+ ossl_raise(eCipherError, NULL);
162
+
163
+ return self;
164
+ }
165
+
166
+ static void*
167
+ add_cipher_name_to_ary(const OBJ_NAME *name, VALUE ary)
168
+ {
169
+ rb_ary_push(ary, rb_str_new2(name->name));
170
+ return NULL;
171
+ }
172
+
173
+ /*
174
+ * call-seq:
175
+ * OpenSSL::Cipher.ciphers -> array[string...]
176
+ *
177
+ * Returns the names of all available ciphers in an array.
178
+ */
179
+ static VALUE
180
+ ossl_s_ciphers(VALUE self)
181
+ {
182
+ VALUE ary;
183
+
184
+ ary = rb_ary_new();
185
+ OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
186
+ (void(*)(const OBJ_NAME*,void*))add_cipher_name_to_ary,
187
+ (void*)ary);
188
+
189
+ return ary;
190
+ }
191
+
192
+ /*
193
+ * call-seq:
194
+ * cipher.reset -> self
195
+ *
196
+ * Fully resets the internal state of the Cipher. By using this, the same
197
+ * Cipher instance may be used several times for encryption or decryption tasks.
198
+ *
199
+ * Internally calls EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1).
200
+ */
201
+ static VALUE
202
+ ossl_cipher_reset(VALUE self)
203
+ {
204
+ EVP_CIPHER_CTX *ctx;
205
+
206
+ GetCipher(self, ctx);
207
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1) != 1)
208
+ ossl_raise(eCipherError, NULL);
209
+
210
+ return self;
211
+ }
212
+
213
+ static VALUE
214
+ ossl_cipher_init(int argc, VALUE *argv, VALUE self, int mode)
215
+ {
216
+ EVP_CIPHER_CTX *ctx;
217
+ unsigned char key[EVP_MAX_KEY_LENGTH], *p_key = NULL;
218
+ unsigned char iv[EVP_MAX_IV_LENGTH], *p_iv = NULL;
219
+ VALUE pass, init_v;
220
+
221
+ if(rb_scan_args(argc, argv, "02", &pass, &init_v) > 0){
222
+ /*
223
+ * oops. this code mistakes salt for IV.
224
+ * We deprecated the arguments for this method, but we decided
225
+ * keeping this behaviour for backward compatibility.
226
+ */
227
+ VALUE cname = rb_class_path(rb_obj_class(self));
228
+ rb_warn("arguments for %"PRIsVALUE"#encrypt and %"PRIsVALUE"#decrypt were deprecated; "
229
+ "use %"PRIsVALUE"#pkcs5_keyivgen to derive key and IV",
230
+ cname, cname, cname);
231
+ StringValue(pass);
232
+ GetCipher(self, ctx);
233
+ if (NIL_P(init_v)) memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv));
234
+ else{
235
+ StringValue(init_v);
236
+ if (EVP_MAX_IV_LENGTH > RSTRING_LEN(init_v)) {
237
+ memset(iv, 0, EVP_MAX_IV_LENGTH);
238
+ memcpy(iv, RSTRING_PTR(init_v), RSTRING_LEN(init_v));
239
+ }
240
+ else memcpy(iv, RSTRING_PTR(init_v), sizeof(iv));
241
+ }
242
+ EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv,
243
+ (unsigned char *)RSTRING_PTR(pass), RSTRING_LENINT(pass), 1, key, NULL);
244
+ p_key = key;
245
+ p_iv = iv;
246
+ }
247
+ else {
248
+ GetCipher(self, ctx);
249
+ }
250
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, p_key, p_iv, mode) != 1) {
251
+ ossl_raise(eCipherError, NULL);
252
+ }
253
+
254
+ return self;
255
+ }
256
+
257
+ /*
258
+ * call-seq:
259
+ * cipher.encrypt -> self
260
+ *
261
+ * Initializes the Cipher for encryption.
262
+ *
263
+ * Make sure to call Cipher#encrypt or Cipher#decrypt before using any of the
264
+ * following methods:
265
+ * * [#key=, #iv=, #random_key, #random_iv, #pkcs5_keyivgen]
266
+ *
267
+ * Internally calls EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, 1).
268
+ */
269
+ static VALUE
270
+ ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self)
271
+ {
272
+ return ossl_cipher_init(argc, argv, self, 1);
273
+ }
274
+
275
+ /*
276
+ * call-seq:
277
+ * cipher.decrypt -> self
278
+ *
279
+ * Initializes the Cipher for decryption.
280
+ *
281
+ * Make sure to call Cipher#encrypt or Cipher#decrypt before using any of the
282
+ * following methods:
283
+ * * [#key=, #iv=, #random_key, #random_iv, #pkcs5_keyivgen]
284
+ *
285
+ * Internally calls EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, 0).
286
+ */
287
+ static VALUE
288
+ ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self)
289
+ {
290
+ return ossl_cipher_init(argc, argv, self, 0);
291
+ }
292
+
293
+ /*
294
+ * call-seq:
295
+ * cipher.pkcs5_keyivgen(pass, salt = nil, iterations = 2048, digest = "MD5") -> nil
296
+ *
297
+ * Generates and sets the key/IV based on a password.
298
+ *
299
+ * *WARNING*: This method is only PKCS5 v1.5 compliant when using RC2, RC4-40,
300
+ * or DES with MD5 or SHA1. Using anything else (like AES) will generate the
301
+ * key/iv using an OpenSSL specific method. This method is deprecated and
302
+ * should no longer be used. Use a PKCS5 v2 key generation method from
303
+ * OpenSSL::PKCS5 instead.
304
+ *
305
+ * === Parameters
306
+ * * +salt+ must be an 8 byte string if provided.
307
+ * * +iterations+ is a integer with a default of 2048.
308
+ * * +digest+ is a Digest object that defaults to 'MD5'
309
+ *
310
+ * A minimum of 1000 iterations is recommended.
311
+ *
312
+ */
313
+ static VALUE
314
+ ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self)
315
+ {
316
+ EVP_CIPHER_CTX *ctx;
317
+ const EVP_MD *digest;
318
+ VALUE vpass, vsalt, viter, vdigest;
319
+ unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH], *salt = NULL;
320
+ int iter;
321
+
322
+ rb_scan_args(argc, argv, "13", &vpass, &vsalt, &viter, &vdigest);
323
+ StringValue(vpass);
324
+ if(!NIL_P(vsalt)){
325
+ StringValue(vsalt);
326
+ if(RSTRING_LEN(vsalt) != PKCS5_SALT_LEN)
327
+ ossl_raise(eCipherError, "salt must be an 8-octet string");
328
+ salt = (unsigned char *)RSTRING_PTR(vsalt);
329
+ }
330
+ iter = NIL_P(viter) ? 2048 : NUM2INT(viter);
331
+ digest = NIL_P(vdigest) ? EVP_md5() : GetDigestPtr(vdigest);
332
+ GetCipher(self, ctx);
333
+ EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt,
334
+ (unsigned char *)RSTRING_PTR(vpass), RSTRING_LENINT(vpass), iter, key, iv);
335
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1)
336
+ ossl_raise(eCipherError, NULL);
337
+ OPENSSL_cleanse(key, sizeof key);
338
+ OPENSSL_cleanse(iv, sizeof iv);
339
+
340
+ return Qnil;
341
+ }
342
+
343
+ static int
344
+ ossl_cipher_update_long(EVP_CIPHER_CTX *ctx, unsigned char *out, long *out_len_ptr,
345
+ const unsigned char *in, long in_len)
346
+ {
347
+ int out_part_len;
348
+ int limit = INT_MAX / 2 + 1;
349
+ long out_len = 0;
350
+
351
+ do {
352
+ int in_part_len = in_len > limit ? limit : (int)in_len;
353
+
354
+ if (!EVP_CipherUpdate(ctx, out ? (out + out_len) : 0,
355
+ &out_part_len, in, in_part_len))
356
+ return 0;
357
+
358
+ out_len += out_part_len;
359
+ in += in_part_len;
360
+ } while ((in_len -= limit) > 0);
361
+
362
+ if (out_len_ptr)
363
+ *out_len_ptr = out_len;
364
+
365
+ return 1;
366
+ }
367
+
368
+ /*
369
+ * call-seq:
370
+ * cipher.update(data [, buffer]) -> string or buffer
371
+ *
372
+ * Encrypts data in a streaming fashion. Hand consecutive blocks of data
373
+ * to the +update+ method in order to encrypt it. Returns the encrypted
374
+ * data chunk. When done, the output of Cipher#final should be additionally
375
+ * added to the result.
376
+ *
377
+ * If +buffer+ is given, the encryption/decryption result will be written to
378
+ * it. +buffer+ will be resized automatically.
379
+ */
380
+ static VALUE
381
+ ossl_cipher_update(int argc, VALUE *argv, VALUE self)
382
+ {
383
+ EVP_CIPHER_CTX *ctx;
384
+ unsigned char *in;
385
+ long in_len, out_len;
386
+ VALUE data, str;
387
+
388
+ rb_scan_args(argc, argv, "11", &data, &str);
389
+
390
+ StringValue(data);
391
+ in = (unsigned char *)RSTRING_PTR(data);
392
+ if ((in_len = RSTRING_LEN(data)) == 0)
393
+ ossl_raise(rb_eArgError, "data must not be empty");
394
+ GetCipher(self, ctx);
395
+ out_len = in_len+EVP_CIPHER_CTX_block_size(ctx);
396
+ if (out_len <= 0) {
397
+ ossl_raise(rb_eRangeError,
398
+ "data too big to make output buffer: %ld bytes", in_len);
399
+ }
400
+
401
+ if (NIL_P(str)) {
402
+ str = rb_str_new(0, out_len);
403
+ } else {
404
+ StringValue(str);
405
+ rb_str_resize(str, out_len);
406
+ }
407
+
408
+ if (!ossl_cipher_update_long(ctx, (unsigned char *)RSTRING_PTR(str), &out_len, in, in_len))
409
+ ossl_raise(eCipherError, NULL);
410
+ assert(out_len < RSTRING_LEN(str));
411
+ rb_str_set_len(str, out_len);
412
+
413
+ return str;
414
+ }
415
+
416
+ /*
417
+ * call-seq:
418
+ * cipher.final -> string
419
+ *
420
+ * Returns the remaining data held in the cipher object. Further calls to
421
+ * Cipher#update or Cipher#final will return garbage. This call should always
422
+ * be made as the last call of an encryption or decryption operation, after
423
+ * after having fed the entire plaintext or ciphertext to the Cipher instance.
424
+ *
425
+ * If an authenticated cipher was used, a CipherError is raised if the tag
426
+ * could not be authenticated successfully. Only call this method after
427
+ * setting the authentication tag and passing the entire contents of the
428
+ * ciphertext into the cipher.
429
+ */
430
+ static VALUE
431
+ ossl_cipher_final(VALUE self)
432
+ {
433
+ EVP_CIPHER_CTX *ctx;
434
+ int out_len;
435
+ VALUE str;
436
+
437
+ GetCipher(self, ctx);
438
+ str = rb_str_new(0, EVP_CIPHER_CTX_block_size(ctx));
439
+ if (!EVP_CipherFinal_ex(ctx, (unsigned char *)RSTRING_PTR(str), &out_len))
440
+ ossl_raise(eCipherError, NULL);
441
+ assert(out_len <= RSTRING_LEN(str));
442
+ rb_str_set_len(str, out_len);
443
+
444
+ return str;
445
+ }
446
+
447
+ /*
448
+ * call-seq:
449
+ * cipher.name -> string
450
+ *
451
+ * Returns the name of the cipher which may differ slightly from the original
452
+ * name provided.
453
+ */
454
+ static VALUE
455
+ ossl_cipher_name(VALUE self)
456
+ {
457
+ EVP_CIPHER_CTX *ctx;
458
+
459
+ GetCipher(self, ctx);
460
+
461
+ return rb_str_new2(EVP_CIPHER_name(EVP_CIPHER_CTX_cipher(ctx)));
462
+ }
463
+
464
+ /*
465
+ * call-seq:
466
+ * cipher.key = string -> string
467
+ *
468
+ * Sets the cipher key. To generate a key, you should either use a secure
469
+ * random byte string or, if the key is to be derived from a password, you
470
+ * should rely on PBKDF2 functionality provided by OpenSSL::PKCS5. To
471
+ * generate a secure random-based key, Cipher#random_key may be used.
472
+ *
473
+ * Only call this method after calling Cipher#encrypt or Cipher#decrypt.
474
+ */
475
+ static VALUE
476
+ ossl_cipher_set_key(VALUE self, VALUE key)
477
+ {
478
+ EVP_CIPHER_CTX *ctx;
479
+ int key_len;
480
+
481
+ StringValue(key);
482
+ GetCipher(self, ctx);
483
+
484
+ key_len = EVP_CIPHER_CTX_key_length(ctx);
485
+ if (RSTRING_LEN(key) != key_len)
486
+ ossl_raise(rb_eArgError, "key must be %d bytes", key_len);
487
+
488
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, (unsigned char *)RSTRING_PTR(key), NULL, -1) != 1)
489
+ ossl_raise(eCipherError, NULL);
490
+
491
+ return key;
492
+ }
493
+
494
+ /*
495
+ * call-seq:
496
+ * cipher.iv = string -> string
497
+ *
498
+ * Sets the cipher IV. Please note that since you should never be using ECB
499
+ * mode, an IV is always explicitly required and should be set prior to
500
+ * encryption. The IV itself can be safely transmitted in public, but it
501
+ * should be unpredictable to prevent certain kinds of attacks. You may use
502
+ * Cipher#random_iv to create a secure random IV.
503
+ *
504
+ * Only call this method after calling Cipher#encrypt or Cipher#decrypt.
505
+ *
506
+ * If not explicitly set, the OpenSSL default of an all-zeroes ("\\0") IV is
507
+ * used.
508
+ */
509
+ static VALUE
510
+ ossl_cipher_set_iv(VALUE self, VALUE iv)
511
+ {
512
+ EVP_CIPHER_CTX *ctx;
513
+ int iv_len = 0;
514
+
515
+ StringValue(iv);
516
+ GetCipher(self, ctx);
517
+
518
+ #if defined(HAVE_AUTHENTICATED_ENCRYPTION)
519
+ if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)
520
+ iv_len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
521
+ #endif
522
+ if (!iv_len)
523
+ iv_len = EVP_CIPHER_CTX_iv_length(ctx);
524
+ if (RSTRING_LEN(iv) != iv_len)
525
+ ossl_raise(rb_eArgError, "iv must be %d bytes", iv_len);
526
+
527
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, (unsigned char *)RSTRING_PTR(iv), -1) != 1)
528
+ ossl_raise(eCipherError, NULL);
529
+
530
+ return iv;
531
+ }
532
+
533
+ #ifdef HAVE_AUTHENTICATED_ENCRYPTION
534
+ /*
535
+ * call-seq:
536
+ * cipher.auth_data = string -> string
537
+ *
538
+ * Sets the cipher's additional authenticated data. This field must be
539
+ * set when using AEAD cipher modes such as GCM or CCM. If no associated
540
+ * data shall be used, this method must *still* be called with a value of "".
541
+ * The contents of this field should be non-sensitive data which will be
542
+ * added to the ciphertext to generate the authentication tag which validates
543
+ * the contents of the ciphertext.
544
+ *
545
+ * The AAD must be set prior to encryption or decryption. In encryption mode,
546
+ * it must be set after calling Cipher#encrypt and setting Cipher#key= and
547
+ * Cipher#iv=. When decrypting, the authenticated data must be set after key,
548
+ * iv and especially *after* the authentication tag has been set. I.e. set it
549
+ * only after calling Cipher#decrypt, Cipher#key=, Cipher#iv= and
550
+ * Cipher#auth_tag= first.
551
+ */
552
+ static VALUE
553
+ ossl_cipher_set_auth_data(VALUE self, VALUE data)
554
+ {
555
+ EVP_CIPHER_CTX *ctx;
556
+ unsigned char *in;
557
+ long in_len, out_len;
558
+
559
+ StringValue(data);
560
+
561
+ in = (unsigned char *) RSTRING_PTR(data);
562
+ in_len = RSTRING_LEN(data);
563
+
564
+ GetCipher(self, ctx);
565
+
566
+ if (!ossl_cipher_update_long(ctx, NULL, &out_len, in, in_len))
567
+ ossl_raise(eCipherError, "couldn't set additional authenticated data");
568
+
569
+ return data;
570
+ }
571
+
572
+ /*
573
+ * call-seq:
574
+ * cipher.auth_tag(tag_len = 16) -> String
575
+ *
576
+ * Gets the authentication tag generated by Authenticated Encryption Cipher
577
+ * modes (GCM for example). This tag may be stored along with the ciphertext,
578
+ * then set on the decryption cipher to authenticate the contents of the
579
+ * ciphertext against changes. If the optional integer parameter +tag_len+ is
580
+ * given, the returned tag will be +tag_len+ bytes long. If the parameter is
581
+ * omitted, the default length of 16 bytes or the length previously set by
582
+ * #auth_tag_len= will be used. For maximum security, the longest possible
583
+ * should be chosen.
584
+ *
585
+ * The tag may only be retrieved after calling Cipher#final.
586
+ */
587
+ static VALUE
588
+ ossl_cipher_get_auth_tag(int argc, VALUE *argv, VALUE self)
589
+ {
590
+ VALUE vtag_len, ret;
591
+ EVP_CIPHER_CTX *ctx;
592
+ int tag_len = 16;
593
+
594
+ rb_scan_args(argc, argv, "01", &vtag_len);
595
+ if (NIL_P(vtag_len))
596
+ vtag_len = rb_attr_get(self, id_auth_tag_len);
597
+ if (!NIL_P(vtag_len))
598
+ tag_len = NUM2INT(vtag_len);
599
+
600
+ GetCipher(self, ctx);
601
+
602
+ if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
603
+ ossl_raise(eCipherError, "authentication tag not supported by this cipher");
604
+
605
+ ret = rb_str_new(NULL, tag_len);
606
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tag_len, RSTRING_PTR(ret)))
607
+ ossl_raise(eCipherError, "retrieving the authentication tag failed");
608
+
609
+ return ret;
610
+ }
611
+
612
+ /*
613
+ * call-seq:
614
+ * cipher.auth_tag = string -> string
615
+ *
616
+ * Sets the authentication tag to verify the contents of the
617
+ * ciphertext. The tag must be set after calling Cipher#decrypt,
618
+ * Cipher#key= and Cipher#iv=, but before assigning the associated
619
+ * authenticated data using Cipher#auth_data= and of course, before
620
+ * decrypting any of the ciphertext. After all decryption is
621
+ * performed, the tag is verified automatically in the call to
622
+ * Cipher#final.
623
+ *
624
+ * For OCB mode, the tag length must be supplied with #auth_tag_len=
625
+ * beforehand.
626
+ */
627
+ static VALUE
628
+ ossl_cipher_set_auth_tag(VALUE self, VALUE vtag)
629
+ {
630
+ EVP_CIPHER_CTX *ctx;
631
+ unsigned char *tag;
632
+ int tag_len;
633
+
634
+ StringValue(vtag);
635
+ tag = (unsigned char *) RSTRING_PTR(vtag);
636
+ tag_len = RSTRING_LENINT(vtag);
637
+
638
+ GetCipher(self, ctx);
639
+ if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
640
+ ossl_raise(eCipherError, "authentication tag not supported by this cipher");
641
+
642
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))
643
+ ossl_raise(eCipherError, "unable to set AEAD tag");
644
+
645
+ return vtag;
646
+ }
647
+
648
+ /*
649
+ * call-seq:
650
+ * cipher.auth_tag_len = Integer -> Integer
651
+ *
652
+ * Sets the length of the authentication tag to be generated or to be given for
653
+ * AEAD ciphers that requires it as in input parameter. Note that not all AEAD
654
+ * ciphers support this method.
655
+ *
656
+ * In OCB mode, the length must be supplied both when encrypting and when
657
+ * decrypting, and must be before specifying an IV.
658
+ */
659
+ static VALUE
660
+ ossl_cipher_set_auth_tag_len(VALUE self, VALUE vlen)
661
+ {
662
+ int tag_len = NUM2INT(vlen);
663
+ EVP_CIPHER_CTX *ctx;
664
+
665
+ GetCipher(self, ctx);
666
+ if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
667
+ ossl_raise(eCipherError, "AEAD not supported by this cipher");
668
+
669
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, NULL))
670
+ ossl_raise(eCipherError, "unable to set authentication tag length");
671
+
672
+ /* for #auth_tag */
673
+ rb_ivar_set(self, id_auth_tag_len, INT2NUM(tag_len));
674
+
675
+ return vlen;
676
+ }
677
+
678
+ /*
679
+ * call-seq:
680
+ * cipher.authenticated? -> boolean
681
+ *
682
+ * Indicated whether this Cipher instance uses an Authenticated Encryption
683
+ * mode.
684
+ */
685
+ static VALUE
686
+ ossl_cipher_is_authenticated(VALUE self)
687
+ {
688
+ EVP_CIPHER_CTX *ctx;
689
+
690
+ GetCipher(self, ctx);
691
+
692
+ return (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER) ? Qtrue : Qfalse;
693
+ }
694
+
695
+ /*
696
+ * call-seq:
697
+ * cipher.iv_len = integer -> integer
698
+ *
699
+ * Sets the IV/nonce length of the Cipher. Normally block ciphers don't allow
700
+ * changing the IV length, but some make use of IV for 'nonce'. You may need
701
+ * this for interoperability with other applications.
702
+ */
703
+ static VALUE
704
+ ossl_cipher_set_iv_length(VALUE self, VALUE iv_length)
705
+ {
706
+ int len = NUM2INT(iv_length);
707
+ EVP_CIPHER_CTX *ctx;
708
+
709
+ GetCipher(self, ctx);
710
+ if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
711
+ ossl_raise(eCipherError, "cipher does not support AEAD");
712
+
713
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, len, NULL))
714
+ ossl_raise(eCipherError, "unable to set IV length");
715
+
716
+ /*
717
+ * EVP_CIPHER_CTX_iv_length() returns the default length. So we need to save
718
+ * the length somewhere. Luckily currently we aren't using app_data.
719
+ */
720
+ EVP_CIPHER_CTX_set_app_data(ctx, (void *)(VALUE)len);
721
+
722
+ return iv_length;
723
+ }
724
+ #else
725
+ #define ossl_cipher_set_auth_data rb_f_notimplement
726
+ #define ossl_cipher_get_auth_tag rb_f_notimplement
727
+ #define ossl_cipher_set_auth_tag rb_f_notimplement
728
+ #define ossl_cipher_set_auth_tag_len rb_f_notimplement
729
+ #define ossl_cipher_is_authenticated rb_f_notimplement
730
+ #define ossl_cipher_set_iv_length rb_f_notimplement
731
+ #endif
732
+
733
+ /*
734
+ * call-seq:
735
+ * cipher.key_len = integer -> integer
736
+ *
737
+ * Sets the key length of the cipher. If the cipher is a fixed length cipher
738
+ * then attempting to set the key length to any value other than the fixed
739
+ * value is an error.
740
+ *
741
+ * Under normal circumstances you do not need to call this method (and probably shouldn't).
742
+ *
743
+ * See EVP_CIPHER_CTX_set_key_length for further information.
744
+ */
745
+ static VALUE
746
+ ossl_cipher_set_key_length(VALUE self, VALUE key_length)
747
+ {
748
+ int len = NUM2INT(key_length);
749
+ EVP_CIPHER_CTX *ctx;
750
+
751
+ GetCipher(self, ctx);
752
+ if (EVP_CIPHER_CTX_set_key_length(ctx, len) != 1)
753
+ ossl_raise(eCipherError, NULL);
754
+
755
+ return key_length;
756
+ }
757
+
758
+ /*
759
+ * call-seq:
760
+ * cipher.padding = integer -> integer
761
+ *
762
+ * Enables or disables padding. By default encryption operations are padded using standard block padding and the
763
+ * padding is checked and removed when decrypting. If the pad parameter is zero then no padding is performed, the
764
+ * total amount of data encrypted or decrypted must then be a multiple of the block size or an error will occur.
765
+ *
766
+ * See EVP_CIPHER_CTX_set_padding for further information.
767
+ */
768
+ static VALUE
769
+ ossl_cipher_set_padding(VALUE self, VALUE padding)
770
+ {
771
+ EVP_CIPHER_CTX *ctx;
772
+ int pad = NUM2INT(padding);
773
+
774
+ GetCipher(self, ctx);
775
+ if (EVP_CIPHER_CTX_set_padding(ctx, pad) != 1)
776
+ ossl_raise(eCipherError, NULL);
777
+ return padding;
778
+ }
779
+
780
+ /*
781
+ * call-seq:
782
+ * cipher.key_len -> integer
783
+ *
784
+ * Returns the key length in bytes of the Cipher.
785
+ */
786
+ static VALUE
787
+ ossl_cipher_key_length(VALUE self)
788
+ {
789
+ EVP_CIPHER_CTX *ctx;
790
+
791
+ GetCipher(self, ctx);
792
+
793
+ return INT2NUM(EVP_CIPHER_CTX_key_length(ctx));
794
+ }
795
+
796
+ /*
797
+ * call-seq:
798
+ * cipher.iv_len -> integer
799
+ *
800
+ * Returns the expected length in bytes for an IV for this Cipher.
801
+ */
802
+ static VALUE
803
+ ossl_cipher_iv_length(VALUE self)
804
+ {
805
+ EVP_CIPHER_CTX *ctx;
806
+ int len = 0;
807
+
808
+ GetCipher(self, ctx);
809
+ #if defined(HAVE_AUTHENTICATED_ENCRYPTION)
810
+ if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)
811
+ len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
812
+ #endif
813
+ if (!len)
814
+ len = EVP_CIPHER_CTX_iv_length(ctx);
815
+
816
+ return INT2NUM(len);
817
+ }
818
+
819
+ /*
820
+ * call-seq:
821
+ * cipher.block_size -> integer
822
+ *
823
+ * Returns the size in bytes of the blocks on which this Cipher operates on.
824
+ */
825
+ static VALUE
826
+ ossl_cipher_block_size(VALUE self)
827
+ {
828
+ EVP_CIPHER_CTX *ctx;
829
+
830
+ GetCipher(self, ctx);
831
+
832
+ return INT2NUM(EVP_CIPHER_CTX_block_size(ctx));
833
+ }
834
+
835
+ /*
836
+ * INIT
837
+ */
838
+ void
839
+ Init_ossl_cipher(void)
840
+ {
841
+ #if 0
842
+ mOSSL = rb_define_module("OpenSSL");
843
+ eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
844
+ #endif
845
+
846
+ /* Document-class: OpenSSL::Cipher
847
+ *
848
+ * Provides symmetric algorithms for encryption and decryption. The
849
+ * algorithms that are available depend on the particular version
850
+ * of OpenSSL that is installed.
851
+ *
852
+ * === Listing all supported algorithms
853
+ *
854
+ * A list of supported algorithms can be obtained by
855
+ *
856
+ * puts OpenSSL::Cipher.ciphers
857
+ *
858
+ * === Instantiating a Cipher
859
+ *
860
+ * There are several ways to create a Cipher instance. Generally, a
861
+ * Cipher algorithm is categorized by its name, the key length in bits
862
+ * and the cipher mode to be used. The most generic way to create a
863
+ * Cipher is the following
864
+ *
865
+ * cipher = OpenSSL::Cipher.new('<name>-<key length>-<mode>')
866
+ *
867
+ * That is, a string consisting of the hyphenated concatenation of the
868
+ * individual components name, key length and mode. Either all uppercase
869
+ * or all lowercase strings may be used, for example:
870
+ *
871
+ * cipher = OpenSSL::Cipher.new('AES-128-CBC')
872
+ *
873
+ * For each algorithm supported, there is a class defined under the
874
+ * Cipher class that goes by the name of the cipher, e.g. to obtain an
875
+ * instance of AES, you could also use
876
+ *
877
+ * # these are equivalent
878
+ * cipher = OpenSSL::Cipher::AES.new(128, :CBC)
879
+ * cipher = OpenSSL::Cipher::AES.new(128, 'CBC')
880
+ * cipher = OpenSSL::Cipher::AES.new('128-CBC')
881
+ *
882
+ * Finally, due to its wide-spread use, there are also extra classes
883
+ * defined for the different key sizes of AES
884
+ *
885
+ * cipher = OpenSSL::Cipher::AES128.new(:CBC)
886
+ * cipher = OpenSSL::Cipher::AES192.new(:CBC)
887
+ * cipher = OpenSSL::Cipher::AES256.new(:CBC)
888
+ *
889
+ * === Choosing either encryption or decryption mode
890
+ *
891
+ * Encryption and decryption are often very similar operations for
892
+ * symmetric algorithms, this is reflected by not having to choose
893
+ * different classes for either operation, both can be done using the
894
+ * same class. Still, after obtaining a Cipher instance, we need to
895
+ * tell the instance what it is that we intend to do with it, so we
896
+ * need to call either
897
+ *
898
+ * cipher.encrypt
899
+ *
900
+ * or
901
+ *
902
+ * cipher.decrypt
903
+ *
904
+ * on the Cipher instance. This should be the first call after creating
905
+ * the instance, otherwise configuration that has already been set could
906
+ * get lost in the process.
907
+ *
908
+ * === Choosing a key
909
+ *
910
+ * Symmetric encryption requires a key that is the same for the encrypting
911
+ * and for the decrypting party and after initial key establishment should
912
+ * be kept as private information. There are a lot of ways to create
913
+ * insecure keys, the most notable is to simply take a password as the key
914
+ * without processing the password further. A simple and secure way to
915
+ * create a key for a particular Cipher is
916
+ *
917
+ * cipher = OpenSSL::AES256.new(:CFB)
918
+ * cipher.encrypt
919
+ * key = cipher.random_key # also sets the generated key on the Cipher
920
+ *
921
+ * If you absolutely need to use passwords as encryption keys, you
922
+ * should use Password-Based Key Derivation Function 2 (PBKDF2) by
923
+ * generating the key with the help of the functionality provided by
924
+ * OpenSSL::PKCS5.pbkdf2_hmac_sha1 or OpenSSL::PKCS5.pbkdf2_hmac.
925
+ *
926
+ * Although there is Cipher#pkcs5_keyivgen, its use is deprecated and
927
+ * it should only be used in legacy applications because it does not use
928
+ * the newer PKCS#5 v2 algorithms.
929
+ *
930
+ * === Choosing an IV
931
+ *
932
+ * The cipher modes CBC, CFB, OFB and CTR all need an "initialization
933
+ * vector", or short, IV. ECB mode is the only mode that does not require
934
+ * an IV, but there is almost no legitimate use case for this mode
935
+ * because of the fact that it does not sufficiently hide plaintext
936
+ * patterns. Therefore
937
+ *
938
+ * <b>You should never use ECB mode unless you are absolutely sure that
939
+ * you absolutely need it</b>
940
+ *
941
+ * Because of this, you will end up with a mode that explicitly requires
942
+ * an IV in any case. Note that for backwards compatibility reasons,
943
+ * setting an IV is not explicitly mandated by the Cipher API. If not
944
+ * set, OpenSSL itself defaults to an all-zeroes IV ("\\0", not the
945
+ * character). Although the IV can be seen as public information, i.e.
946
+ * it may be transmitted in public once generated, it should still stay
947
+ * unpredictable to prevent certain kinds of attacks. Therefore, ideally
948
+ *
949
+ * <b>Always create a secure random IV for every encryption of your
950
+ * Cipher</b>
951
+ *
952
+ * A new, random IV should be created for every encryption of data. Think
953
+ * of the IV as a nonce (number used once) - it's public but random and
954
+ * unpredictable. A secure random IV can be created as follows
955
+ *
956
+ * cipher = ...
957
+ * cipher.encrypt
958
+ * key = cipher.random_key
959
+ * iv = cipher.random_iv # also sets the generated IV on the Cipher
960
+ *
961
+ * Although the key is generally a random value, too, it is a bad choice
962
+ * as an IV. There are elaborate ways how an attacker can take advantage
963
+ * of such an IV. As a general rule of thumb, exposing the key directly
964
+ * or indirectly should be avoided at all cost and exceptions only be
965
+ * made with good reason.
966
+ *
967
+ * === Calling Cipher#final
968
+ *
969
+ * ECB (which should not be used) and CBC are both block-based modes.
970
+ * This means that unlike for the other streaming-based modes, they
971
+ * operate on fixed-size blocks of data, and therefore they require a
972
+ * "finalization" step to produce or correctly decrypt the last block of
973
+ * data by appropriately handling some form of padding. Therefore it is
974
+ * essential to add the output of OpenSSL::Cipher#final to your
975
+ * encryption/decryption buffer or you will end up with decryption errors
976
+ * or truncated data.
977
+ *
978
+ * Although this is not really necessary for streaming-mode ciphers, it is
979
+ * still recommended to apply the same pattern of adding the output of
980
+ * Cipher#final there as well - it also enables you to switch between
981
+ * modes more easily in the future.
982
+ *
983
+ * === Encrypting and decrypting some data
984
+ *
985
+ * data = "Very, very confidential data"
986
+ *
987
+ * cipher = OpenSSL::Cipher::AES.new(128, :CBC)
988
+ * cipher.encrypt
989
+ * key = cipher.random_key
990
+ * iv = cipher.random_iv
991
+ *
992
+ * encrypted = cipher.update(data) + cipher.final
993
+ * ...
994
+ * decipher = OpenSSL::Cipher::AES.new(128, :CBC)
995
+ * decipher.decrypt
996
+ * decipher.key = key
997
+ * decipher.iv = iv
998
+ *
999
+ * plain = decipher.update(encrypted) + decipher.final
1000
+ *
1001
+ * puts data == plain #=> true
1002
+ *
1003
+ * === Authenticated Encryption and Associated Data (AEAD)
1004
+ *
1005
+ * If the OpenSSL version used supports it, an Authenticated Encryption
1006
+ * mode (such as GCM or CCM) should always be preferred over any
1007
+ * unauthenticated mode. Currently, OpenSSL supports AE only in combination
1008
+ * with Associated Data (AEAD) where additional associated data is included
1009
+ * in the encryption process to compute a tag at the end of the encryption.
1010
+ * This tag will also be used in the decryption process and by verifying
1011
+ * its validity, the authenticity of a given ciphertext is established.
1012
+ *
1013
+ * This is superior to unauthenticated modes in that it allows to detect
1014
+ * if somebody effectively changed the ciphertext after it had been
1015
+ * encrypted. This prevents malicious modifications of the ciphertext that
1016
+ * could otherwise be exploited to modify ciphertexts in ways beneficial to
1017
+ * potential attackers.
1018
+ *
1019
+ * An associated data is used where there is additional information, such as
1020
+ * headers or some metadata, that must be also authenticated but not
1021
+ * necessarily need to be encrypted. If no associated data is needed for
1022
+ * encryption and later decryption, the OpenSSL library still requires a
1023
+ * value to be set - "" may be used in case none is available.
1024
+ *
1025
+ * An example using the GCM (Galois/Counter Mode). You have 16 bytes +key+,
1026
+ * 12 bytes (96 bits) +nonce+ and the associated data +auth_data+. Be sure
1027
+ * not to reuse the +key+ and +nonce+ pair. Reusing an nonce ruins the
1028
+ * security gurantees of GCM mode.
1029
+ *
1030
+ * cipher = OpenSSL::Cipher::AES.new(128, :GCM).encrypt
1031
+ * cipher.key = key
1032
+ * cipher.iv = nonce
1033
+ * cipher.auth_data = auth_data
1034
+ *
1035
+ * encrypted = cipher.update(data) + cipher.final
1036
+ * tag = cipher.auth_tag # produces 16 bytes tag by default
1037
+ *
1038
+ * Now you are the receiver. You know the +key+ and have received +nonce+,
1039
+ * +auth_data+, +encrypted+ and +tag+ through an untrusted network. Note
1040
+ * that GCM accepts an arbitrary length tag between 1 and 16 bytes. You may
1041
+ * additionally need to check that the received tag has the correct length,
1042
+ * or you allow attackers to forge a valid single byte tag for the tampered
1043
+ * ciphertext with a probability of 1/256.
1044
+ *
1045
+ * raise "tag is truncated!" unless tag.bytesize == 16
1046
+ * decipher = OpenSSL::Cipher::AES.new(128, :GCM).decrypt
1047
+ * decipher.key = key
1048
+ * decipher.iv = nonce
1049
+ * decipher.auth_tag = tag
1050
+ * decipher.auth_data = auth_data
1051
+ *
1052
+ * decrypted = decipher.update(encrypted) + decipher.final
1053
+ *
1054
+ * puts data == decrypted #=> true
1055
+ */
1056
+ cCipher = rb_define_class_under(mOSSL, "Cipher", rb_cObject);
1057
+ eCipherError = rb_define_class_under(cCipher, "CipherError", eOSSLError);
1058
+
1059
+ rb_define_alloc_func(cCipher, ossl_cipher_alloc);
1060
+ rb_define_copy_func(cCipher, ossl_cipher_copy);
1061
+ rb_define_module_function(cCipher, "ciphers", ossl_s_ciphers, 0);
1062
+ rb_define_method(cCipher, "initialize", ossl_cipher_initialize, 1);
1063
+ rb_define_method(cCipher, "reset", ossl_cipher_reset, 0);
1064
+ rb_define_method(cCipher, "encrypt", ossl_cipher_encrypt, -1);
1065
+ rb_define_method(cCipher, "decrypt", ossl_cipher_decrypt, -1);
1066
+ rb_define_method(cCipher, "pkcs5_keyivgen", ossl_cipher_pkcs5_keyivgen, -1);
1067
+ rb_define_method(cCipher, "update", ossl_cipher_update, -1);
1068
+ rb_define_method(cCipher, "final", ossl_cipher_final, 0);
1069
+ rb_define_method(cCipher, "name", ossl_cipher_name, 0);
1070
+ rb_define_method(cCipher, "key=", ossl_cipher_set_key, 1);
1071
+ rb_define_method(cCipher, "auth_data=", ossl_cipher_set_auth_data, 1);
1072
+ rb_define_method(cCipher, "auth_tag=", ossl_cipher_set_auth_tag, 1);
1073
+ rb_define_method(cCipher, "auth_tag", ossl_cipher_get_auth_tag, -1);
1074
+ rb_define_method(cCipher, "auth_tag_len=", ossl_cipher_set_auth_tag_len, 1);
1075
+ rb_define_method(cCipher, "authenticated?", ossl_cipher_is_authenticated, 0);
1076
+ rb_define_method(cCipher, "key_len=", ossl_cipher_set_key_length, 1);
1077
+ rb_define_method(cCipher, "key_len", ossl_cipher_key_length, 0);
1078
+ rb_define_method(cCipher, "iv=", ossl_cipher_set_iv, 1);
1079
+ rb_define_method(cCipher, "iv_len=", ossl_cipher_set_iv_length, 1);
1080
+ rb_define_method(cCipher, "iv_len", ossl_cipher_iv_length, 0);
1081
+ rb_define_method(cCipher, "block_size", ossl_cipher_block_size, 0);
1082
+ rb_define_method(cCipher, "padding=", ossl_cipher_set_padding, 1);
1083
+
1084
+ id_auth_tag_len = rb_intern_const("auth_tag_len");
1085
+ }