Forum: Ruby-core [ruby-trunk - Feature #6980][Open] OpenSSL support for AEAD additional authenticated data and tags

Issue #6980 has been reported by stouset (Stephen Touset).

----------------------------------------
Feature #6980: OpenSSL support for AEAD additional authenticated data 
and tags
https://bugs.ruby-lang.org/issues/6980

Author: stouset (Stephen Touset)
Status: Open
Priority: Normal
Assignee:
Category: ext
Target version: 1.9.3


=begin
I've added support to OpenSSL::Cipher to support AEAD modes of 
operation. AEAD modes allow for plaintext additional authentication data 
to be combined with a ciphertext to generate a "tag" (e.g., a MAC). This 
tag can then be verified during decryption to ensure the secret key, 
nonce (IV), additional authentication data, ciphertext, and tag have not 
been changed or manipulated.

Usage can be inferred through documentation and tests.


 cipher = OpenSSL::Cipher.new('aes-256-gcm')
 cipher.encrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.aad = 'aad'

 ct = cipher.update('plain')
 tag = cipher.gcm_tag

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct) + cipher.verify + cipher.final # => 'plain'

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct[0..-2] << ct[-1].succ) + cipher.verify + cipherfinal # 
=> OpenSSL::Cipher::CipherError
=end

Issue #6980 has been updated by stouset (Stephen Touset).

File openssl_aead_ciphers.patch added

Sorry, patch included unintentional whitespace changes. Reuploaded 
without whitespace changes.
----------------------------------------
Feature #6980: OpenSSL support for AEAD additional authenticated data 
and tags
https://bugs.ruby-lang.org/issues/6980#change-29178

Author: stouset (Stephen Touset)
Status: Open
Priority: Normal
Assignee:
Category: ext
Target version: 1.9.3


=begin
I've added support to OpenSSL::Cipher to support AEAD modes of 
operation. AEAD modes allow for plaintext additional authentication data 
to be combined with a ciphertext to generate a "tag" (e.g., a MAC). This 
tag can then be verified during decryption to ensure the secret key, 
nonce (IV), additional authentication data, ciphertext, and tag have not 
been changed or manipulated.

Usage can be inferred through documentation and tests.


 cipher = OpenSSL::Cipher.new('aes-256-gcm')
 cipher.encrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.aad = 'aad'

 ct = cipher.update('plain')
 tag = cipher.gcm_tag

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct) + cipher.verify + cipher.final # => 'plain'

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct[0..-2] << ct[-1].succ) + cipher.verify + cipherfinal # 
=> OpenSSL::Cipher::CipherError
=end

Issue #6980 has been updated by MartinBosslet (Martin Bosslet).

Status changed from Open to Assigned
Assignee set to MartinBosslet (Martin Bosslet)
Target version changed from 1.9.3 to 2.0.0


----------------------------------------
Feature #6980: OpenSSL support for AEAD additional authenticated data 
and tags
https://bugs.ruby-lang.org/issues/6980#change-29179

Author: stouset (Stephen Touset)
Status: Assigned
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: 2.0.0


=begin
I've added support to OpenSSL::Cipher to support AEAD modes of 
operation. AEAD modes allow for plaintext additional authentication data 
to be combined with a ciphertext to generate a "tag" (e.g., a MAC). This 
tag can then be verified during decryption to ensure the secret key, 
nonce (IV), additional authentication data, ciphertext, and tag have not 
been changed or manipulated.

Usage can be inferred through documentation and tests.


 cipher = OpenSSL::Cipher.new('aes-256-gcm')
 cipher.encrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.aad = 'aad'

 ct = cipher.update('plain')
 tag = cipher.gcm_tag

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct) + cipher.verify + cipher.final # => 'plain'

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct[0..-2] << ct[-1].succ) + cipher.verify + cipherfinal # 
=> OpenSSL::Cipher::CipherError
=end

Issue #6980 has been updated by stouset (Stephen Touset).


=begin
I'm not necessarily happy with a GCM-specific (({gcm_tag})), and an 
(unimplemented but hypothetical) (({ccm_tag})) et al. But having a 
single ({{tag})) method that probed for which mode it was currently in 
seemed too magical. I'm open to ideas.
=end
----------------------------------------
Feature #6980: OpenSSL support for AEAD additional authenticated data 
and tags
https://bugs.ruby-lang.org/issues/6980#change-29180

Author: stouset (Stephen Touset)
Status: Assigned
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: 2.0.0


=begin
I've added support to OpenSSL::Cipher to support AEAD modes of 
operation. AEAD modes allow for plaintext additional authentication data 
to be combined with a ciphertext to generate a "tag" (e.g., a MAC). This 
tag can then be verified during decryption to ensure the secret key, 
nonce (IV), additional authentication data, ciphertext, and tag have not 
been changed or manipulated.

Usage can be inferred through documentation and tests.


 cipher = OpenSSL::Cipher.new('aes-256-gcm')
 cipher.encrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.aad = 'aad'

 ct = cipher.update('plain')
 tag = cipher.gcm_tag

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct) + cipher.verify + cipher.final # => 'plain'

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct[0..-2] << ct[-1].succ) + cipher.verify + cipherfinal # 
=> OpenSSL::Cipher::CipherError
=end

Issue #6980 has been updated by stouset (Stephen Touset).


I take it given the recent feature freeze that this will *not* make it 
into 2.0?
----------------------------------------
Feature #6980: OpenSSL support for AEAD additional authenticated data 
and tags
https://bugs.ruby-lang.org/issues/6980#change-31476

Author: stouset (Stephen Touset)
Status: Assigned
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: 2.0.0


=begin
I've added support to OpenSSL::Cipher to support AEAD modes of 
operation. AEAD modes allow for plaintext additional authentication data 
to be combined with a ciphertext to generate a "tag" (e.g., a MAC). This 
tag can then be verified during decryption to ensure the secret key, 
nonce (IV), additional authentication data, ciphertext, and tag have not 
been changed or manipulated.

Usage can be inferred through documentation and tests.


 cipher = OpenSSL::Cipher.new('aes-256-gcm')
 cipher.encrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.aad = 'aad'

 ct = cipher.update('plain')
 tag = cipher.gcm_tag

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct) + cipher.verify + cipher.final # => 'plain'

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct[0..-2] << ct[-1].succ) + cipher.verify + cipherfinal # 
=> OpenSSL::Cipher::CipherError
=end

Issue #6980 has been updated by ko1 (Koichi Sasada).


Marin, how about this ticket?

----------------------------------------
Feature #6980: OpenSSL support for AEAD additional authenticated data 
and tags
https://bugs.ruby-lang.org/issues/6980#change-31710

Author: stouset (Stephen Touset)
Status: Assigned
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: 2.0.0


=begin
I've added support to OpenSSL::Cipher to support AEAD modes of 
operation. AEAD modes allow for plaintext additional authentication data 
to be combined with a ciphertext to generate a "tag" (e.g., a MAC). This 
tag can then be verified during decryption to ensure the secret key, 
nonce (IV), additional authentication data, ciphertext, and tag have not 
been changed or manipulated.

Usage can be inferred through documentation and tests.


 cipher = OpenSSL::Cipher.new('aes-256-gcm')
 cipher.encrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.aad = 'aad'

 ct = cipher.update('plain')
 tag = cipher.gcm_tag

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct) + cipher.verify + cipher.final # => 'plain'

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct[0..-2] << ct[-1].succ) + cipher.verify + cipherfinal # 
=> OpenSSL::Cipher::CipherError
=end

Issue #6980 has been updated by MartinBosslet (Martin Bosslet).


This would definitely be on my list for 2.0. Sorry for not having been 
more responsive. I talked with nahi at RubyConf about the tickets that 
are still open at the moment. I will ask if it is possible to extend the 
feature freeze for some of the items, there might be a chance. I, too, 
would like to see this make it into 2.0!
----------------------------------------
Feature #6980: OpenSSL support for AEAD additional authenticated data 
and tags
https://bugs.ruby-lang.org/issues/6980#change-32884

Author: stouset (Stephen Touset)
Status: Assigned
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: 2.0.0


=begin
I've added support to OpenSSL::Cipher to support AEAD modes of 
operation. AEAD modes allow for plaintext additional authentication data 
to be combined with a ciphertext to generate a "tag" (e.g., a MAC). This 
tag can then be verified during decryption to ensure the secret key, 
nonce (IV), additional authentication data, ciphertext, and tag have not 
been changed or manipulated.

Usage can be inferred through documentation and tests.


 cipher = OpenSSL::Cipher.new('aes-256-gcm')
 cipher.encrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.aad = 'aad'

 ct = cipher.update('plain')
 tag = cipher.gcm_tag

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct) + cipher.verify + cipher.final # => 'plain'

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct[0..-2] << ct[-1].succ) + cipher.verify + cipherfinal # 
=> OpenSSL::Cipher::CipherError
=end

Issue #6980 has been updated by mame (Yusuke Endoh).

Priority changed from Normal to High

Please commit it before preview2, i.e., in this month, and make sure 
that it causes no problem.

--
Yusuke Endoh <mame@tsg.ne.jp>
----------------------------------------
Feature #6980: OpenSSL support for AEAD additional authenticated data 
and tags
https://bugs.ruby-lang.org/issues/6980#change-33714

Author: stouset (Stephen Touset)
Status: Assigned
Priority: High
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: 2.0.0


=begin
I've added support to OpenSSL::Cipher to support AEAD modes of 
operation. AEAD modes allow for plaintext additional authentication data 
to be combined with a ciphertext to generate a "tag" (e.g., a MAC). This 
tag can then be verified during decryption to ensure the secret key, 
nonce (IV), additional authentication data, ciphertext, and tag have not 
been changed or manipulated.

Usage can be inferred through documentation and tests.


 cipher = OpenSSL::Cipher.new('aes-256-gcm')
 cipher.encrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.aad = 'aad'

 ct = cipher.update('plain')
 tag = cipher.gcm_tag

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct) + cipher.verify + cipher.final # => 'plain'

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct[0..-2] << ct[-1].succ) + cipher.verify + cipherfinal # 
=> OpenSSL::Cipher::CipherError
=end

Issue #6980 has been updated by MartinBosslet (Martin Bosslet).


Thanks again, Stephen! I changed the interface a bit to make it possible 
to support CCM mode as well once it will be available through the EVP 
interface. Instead of Cipher#gcm_tag, it is now called Cipher#auth_tag. 
Because of this change, I also made it Cipher#auth_data=, to indicate 
that both belong together conceptually.

I also omitted the additional Cipher#verify method, since tag 
verification will be performed during the call to Cipher#final. I didn't 
want to introduce an additional method - this way the overall Cipher 
interface stays coherent.
----------------------------------------
Feature #6980: OpenSSL support for AEAD additional authenticated data 
and tags
https://bugs.ruby-lang.org/issues/6980#change-34887

Author: stouset (Stephen Touset)
Status: Closed
Priority: High
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: 2.0.0


=begin
I've added support to OpenSSL::Cipher to support AEAD modes of 
operation. AEAD modes allow for plaintext additional authentication data 
to be combined with a ciphertext to generate a "tag" (e.g., a MAC). This 
tag can then be verified during decryption to ensure the secret key, 
nonce (IV), additional authentication data, ciphertext, and tag have not 
been changed or manipulated.

Usage can be inferred through documentation and tests.


 cipher = OpenSSL::Cipher.new('aes-256-gcm')
 cipher.encrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.aad = 'aad'

 ct = cipher.update('plain')
 tag = cipher.gcm_tag

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct) + cipher.verify + cipher.final # => 'plain'

 cipher.reset
 cipher.decrypt
 cipher.key = 'key'
 cipher.iv = 'iv'
 cipher.gcm_tag = 'tag'
 cipher.aad = 'aad'

 cipher.update(ct[0..-2] << ct[-1].succ) + cipher.verify + cipherfinal # 
=> OpenSSL::Cipher::CipherError
=end