* [ruby-core:56085] Unable to set OpenSSL GCM iv_length in Ruby
@ 2013-07-19 10:32 Andrès Koetsier
0 siblings, 0 replies; only message in thread
From: Andrès Koetsier @ 2013-07-19 10:32 UTC (permalink / raw
To: ruby-core
[-- Attachment #1.1: Type: text/plain, Size: 956 bytes --]
Hello,
In OpenSSL you are allowed to change the iv_length on an AES-BCM cipher. (
http://www.openssl.org/docs/crypto/EVP_EncryptInit.html#GCM_Mode) However
this was not implemented in the ruby-wrapper. Since I am a novice in C and
OpenSSL I think by no means my supplied patch is complete, it is a start
however. Maybe this missing function can be added to Ruby 2.0?
You can now set the iv_length using:
cipher = OpenSSL::Cipher.new('aes-128-gcm').encrypt
cipher.iv_len = 16
An issue I already spotted is that OpenSSL sets the ivlen on the
cipher_data (snippet from OpenSSL crypto/evp/e_aes.c):
EVP_AES_GCM_CTX *gctx = c->cipher_data;
gctx->ivlen = arg;
and not the c->cipher->iv_len. So querying for the iv_len in ruby by using
cipher.iv_len will still report the default which is 12. Encryption however
is done correctly using the new iv-length. I tested it by comparing it to
results from other programming languages (Java and C#).
Regards Andres
[-- Attachment #1.2: Type: text/html, Size: 1275 bytes --]
[-- Attachment #2: ossl_set_iv_length.patch --]
[-- Type: application/octet-stream, Size: 1277 bytes --]
Index: ossl_cipher.c
===================================================================
--- ossl_cipher.c (revision 42064)
+++ ossl_cipher.c (working copy)
@@ -677,6 +677,27 @@
return key_length;
}
+/*
+ * call-seq:
+ * cipher.iv_len = integer -> integer
+ *
+ * Sets the iv length of the cipher.
+ *
+ * See EVP_CTRL_GCM_SET_IVLEN for further information.
+ */
+static VALUE
+ossl_cipher_set_gcm_iv_length(VALUE self, VALUE iv_length)
+{
+ int ivlen = NUM2INT(iv_length);
+ EVP_CIPHER_CTX *ctx;
+
+ GetCipher(self, ctx);
+ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL) != 1)
+ ossl_raise(eCipherError, NULL);
+
+ return iv_length;
+}
+
#if defined(HAVE_EVP_CIPHER_CTX_SET_PADDING)
/*
* call-seq:
@@ -963,6 +984,7 @@
rb_define_method(cCipher, "key_len=", ossl_cipher_set_key_length, 1);
rb_define_method(cCipher, "key_len", ossl_cipher_key_length, 0);
rb_define_method(cCipher, "iv=", ossl_cipher_set_iv, 1);
+ rb_define_method(cCipher, "iv_len=", ossl_cipher_set_gcm_iv_length, 1);
rb_define_method(cCipher, "iv_len", ossl_cipher_iv_length, 0);
rb_define_method(cCipher, "block_size", ossl_cipher_block_size, 0);
rb_define_method(cCipher, "padding=", ossl_cipher_set_padding, 1);
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-07-19 11:00 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-07-19 10:32 [ruby-core:56085] Unable to set OpenSSL GCM iv_length in Ruby Andrès Koetsier
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).