Check the cipher flags to see if the cipher supports aead

Supports checking if a cipher supports aead, with an `authenticated?` helper method.
crystal-lang · Dec 27, 2018 · 6407f2f · 6407f2f
1 parent dd40c17
commit 6407f2f
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 2 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -41,7 +41,7 @@ jobs:
 
   test_darwin:
     macos:
-      xcode: "9.0"
+      xcode: "9.2.0"
     environment:
       <<: *env
       TRAVIS_OS_NAME: osx
@@ -447,4 +447,3 @@ workflows:
             - dist_darwin
             - dist_docker
             - dist_docs
-
diff --git a/spec/std/openssl/cipher_spec.cr b/spec/std/openssl/cipher_spec.cr
@@ -44,4 +44,12 @@ describe OpenSSL::Cipher do
     s3.to_s.should eq(data)
     s3.to_slice.should eq(s4.to_slice)
   end
+
+  it "authenticated?" do
+    cipher = OpenSSL::Cipher.new("aes-128-gcm")
+    cipher.authenticated?.should eq(true)
+
+    cipher = OpenSSL::Cipher.new("aes-128-cbc")
+    cipher.authenticated?.should eq(false)
+  end
 end
diff --git a/src/openssl/cipher.cr b/src/openssl/cipher.cr
@@ -104,6 +104,10 @@ class OpenSSL::Cipher
     @ctx = nil
   end
 
+  def authenticated?
+    LibCrypto.evp_cipher_flags(cipher).includes?(LibCrypto::CipherFlags::EVP_CIPH_FLAG_AEAD_CIPHER)
+  end
+
   private def cipherinit(cipher = nil, engine = nil, key = nil, iv = nil, enc = -1)
     if LibCrypto.evp_cipherinit_ex(@ctx, cipher, engine, key, iv, enc) != 1
       raise Error.new "EVP_CipherInit_ex"

diff --git a/src/openssl/lib_crypto.cr b/src/openssl/lib_crypto.cr
@@ -197,6 +197,20 @@ lib LibCrypto
   fun evp_cipher_ctx_set_padding = EVP_CIPHER_CTX_set_padding(ctx : EVP_CIPHER_CTX, padding : Int32) : Int32
   fun evp_cipher_ctx_cipher = EVP_CIPHER_CTX_cipher(ctx : EVP_CIPHER_CTX) : EVP_CIPHER
 
+  @[Flags]
+  enum CipherFlags : ULong
+    EVP_CIPH_FLAG_DEFAULT_ASN1      =   0x1000
+    EVP_CIPH_FLAG_LENGTH_BITS       =   0x2000
+    EVP_CIPH_FLAG_FIPS              =   0x4000
+    EVP_CIPH_FLAG_NON_FIPS_ALLOW    =   0x8000
+    EVP_CIPH_FLAG_CUSTOM_CIPHER     = 0x100000
+    EVP_CIPH_FLAG_AEAD_CIPHER       = 0x200000
+    EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK = 0x400000
+    EVP_CIPH_FLAG_PIPELINE          = 0x800000
+  end
+
+  fun evp_cipher_flags = EVP_CIPHER_flags(ctx : EVP_CIPHER_CTX) : CipherFlags
+
   fun hmac = HMAC(evp : EVP_MD, key : Char*, key_len : Int,
                   d : Char*, n : SizeT, md : Char*, md_len : UInt*) : Char*