Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check the cipher flags to see if the cipher supports aead #7223

Merged
merged 2 commits into from
Dec 29, 2018
Merged

Check the cipher flags to see if the cipher supports aead #7223

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
68e534b
Check the cipher flags to see if the cipher supports aead
danielwestendorf Dec 27, 2018
2a7e2ed
Rescue from argument error when system doesn't support GCM cipher
danielwestendorf Dec 28, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions spec/std/openssl/cipher_spec.cr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,4 +44,18 @@ describe OpenSSL::Cipher do
s3.to_s.should eq(data)
s3.to_slice.should eq(s4.to_slice)
end

it "authenticated?" do
begin
cipher = OpenSSL::Cipher.new("aes-128-gcm")
cipher.authenticated?.should eq(true)
rescue ArgumentError
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe add a check that its actually an expected ArgumentError by verifying the error message. It should be re-raised if it doesn't match.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could definitely do that, however if the ArgumentError is originating from anything other than the cipher not being available, it'd raise on the next invocation (line 58/59).

# This system doesn't support GCM ciphers
# Silently skip, as this method will never return true
# Remove when macOS platforms target >= v10.13
end

cipher = OpenSSL::Cipher.new("aes-128-cbc")
cipher.authenticated?.should eq(false)
end
end
4 changes: 4 additions & 0 deletions src/openssl/cipher.cr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,10 @@ class OpenSSL::Cipher
@ctx = nil
end

def authenticated?
LibCrypto.evp_cipher_flags(cipher).includes?(LibCrypto::CipherFlags::EVP_CIPH_FLAG_AEAD_CIPHER)
end

private def cipherinit(cipher = nil, engine = nil, key = nil, iv = nil, enc = -1)
if LibCrypto.evp_cipherinit_ex(@ctx, cipher, engine, key, iv, enc) != 1
raise Error.new "EVP_CipherInit_ex"
Expand Down
14 changes: 14 additions & 0 deletions src/openssl/lib_crypto.cr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,20 @@ lib LibCrypto
fun evp_cipher_ctx_set_padding = EVP_CIPHER_CTX_set_padding(ctx : EVP_CIPHER_CTX, padding : Int32) : Int32
fun evp_cipher_ctx_cipher = EVP_CIPHER_CTX_cipher(ctx : EVP_CIPHER_CTX) : EVP_CIPHER

@[Flags]
enum CipherFlags : ULong
EVP_CIPH_FLAG_DEFAULT_ASN1 = 0x1000
EVP_CIPH_FLAG_LENGTH_BITS = 0x2000
EVP_CIPH_FLAG_FIPS = 0x4000
EVP_CIPH_FLAG_NON_FIPS_ALLOW = 0x8000
EVP_CIPH_FLAG_CUSTOM_CIPHER = 0x100000
EVP_CIPH_FLAG_AEAD_CIPHER = 0x200000
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK = 0x400000
EVP_CIPH_FLAG_PIPELINE = 0x800000
end

fun evp_cipher_flags = EVP_CIPHER_flags(ctx : EVP_CIPHER_CTX) : CipherFlags

fun hmac = HMAC(evp : EVP_MD, key : Char*, key_len : Int,
d : Char*, n : SizeT, md : Char*, md_len : UInt*) : Char*

Expand Down