From 8e781edabf03f3b5e921e5bc7e07a150a0471a1a Mon Sep 17 00:00:00 2001
From: Daniel Westendorf <daniel@prowestech.com>
Date: Thu, 27 Dec 2018 12:26:05 -0700
Subject: [PATCH] Check the cipher flags to see if the cipher supports aead

Supports checking if a cipher supports aead, with an `authenticated?` helper method.
---
 .circleci/config.yml            |  3 +--
 spec/std/openssl/cipher_spec.cr |  8 ++++++++
 src/openssl/cipher.cr           |  4 ++++
 src/openssl/lib_crypto.cr       | 14 ++++++++++++++
 4 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index f1182817146a..9634e9dbbc2f 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -41,7 +41,7 @@ jobs:
 
   test_darwin:
     macos:
-      xcode: "9.0"
+      xcode: "9.3.0"
     environment:
       <<: *env
       TRAVIS_OS_NAME: osx
@@ -447,4 +447,3 @@ workflows:
             - dist_darwin
             - dist_docker
             - dist_docs
-
diff --git a/spec/std/openssl/cipher_spec.cr b/spec/std/openssl/cipher_spec.cr
index 2eb4a2dc62cf..e21eb2f396b4 100644
--- a/spec/std/openssl/cipher_spec.cr
+++ b/spec/std/openssl/cipher_spec.cr
@@ -44,4 +44,12 @@ describe OpenSSL::Cipher do
     s3.to_s.should eq(data)
     s3.to_slice.should eq(s4.to_slice)
   end
+
+  it "authenticated?" do
+    cipher = OpenSSL::Cipher.new("aes-128-gcm")
+    cipher.authenticated?.should eq(true)
+
+    cipher = OpenSSL::Cipher.new("aes-128-cbc")
+    cipher.authenticated?.should eq(false)
+  end
 end
diff --git a/src/openssl/cipher.cr b/src/openssl/cipher.cr
index afaab562204b..39a29774c111 100644
--- a/src/openssl/cipher.cr
+++ b/src/openssl/cipher.cr
@@ -104,6 +104,10 @@ class OpenSSL::Cipher
     @ctx = nil
   end
 
+  def authenticated?
+    LibCrypto.evp_cipher_flags(cipher).includes?(LibCrypto::CipherFlags::EVP_CIPH_FLAG_AEAD_CIPHER)
+  end
+
   private def cipherinit(cipher = nil, engine = nil, key = nil, iv = nil, enc = -1)
     if LibCrypto.evp_cipherinit_ex(@ctx, cipher, engine, key, iv, enc) != 1
       raise Error.new "EVP_CipherInit_ex"
diff --git a/src/openssl/lib_crypto.cr b/src/openssl/lib_crypto.cr
index 55b6912b166a..33a083057c9e 100644
--- a/src/openssl/lib_crypto.cr
+++ b/src/openssl/lib_crypto.cr
@@ -197,6 +197,20 @@ lib LibCrypto
   fun evp_cipher_ctx_set_padding = EVP_CIPHER_CTX_set_padding(ctx : EVP_CIPHER_CTX, padding : Int32) : Int32
   fun evp_cipher_ctx_cipher = EVP_CIPHER_CTX_cipher(ctx : EVP_CIPHER_CTX) : EVP_CIPHER
 
+  @[Flags]
+  enum CipherFlags : ULong
+    EVP_CIPH_FLAG_DEFAULT_ASN1      =   0x1000
+    EVP_CIPH_FLAG_LENGTH_BITS       =   0x2000
+    EVP_CIPH_FLAG_FIPS              =   0x4000
+    EVP_CIPH_FLAG_NON_FIPS_ALLOW    =   0x8000
+    EVP_CIPH_FLAG_CUSTOM_CIPHER     = 0x100000
+    EVP_CIPH_FLAG_AEAD_CIPHER       = 0x200000
+    EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK = 0x400000
+    EVP_CIPH_FLAG_PIPELINE          = 0x800000
+  end
+
+  fun evp_cipher_flags = EVP_CIPHER_flags(ctx : EVP_CIPHER_CTX) : CipherFlags
+
   fun hmac = HMAC(evp : EVP_MD, key : Char*, key_len : Int,
                   d : Char*, n : SizeT, md : Char*, md_len : UInt*) : Char*