Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Adding Support for authenticated encryption modes #115

Closed
Neurrone opened this issue Nov 14, 2017 · 6 comments
Closed

Adding Support for authenticated encryption modes #115

Neurrone opened this issue Nov 14, 2017 · 6 comments

Comments

@Neurrone
Copy link

I'm able to encrypt it with e.g aes-128-gcm but am unable to decrypt the result, probably because there's currently no way to get the tag.
@daurnimator
Copy link
Collaborator

Please elaborate: what did you try? what did you expect to work?

@daurnimator
Copy link
Collaborator

@Neurrone ping?

@Sorc96
Copy link

Sorc96 commented Aug 16, 2019
edited
Loading

I need to decrypt using aes-256-gcm. It is currently possible to decrypt the message, but I cannot verify its authenticity, because there is no way to set the expected value of the tag. Calling final should return an empty string if the tag matches the expected value. Currently, final always returns nil and an error, because the cipher is missing the expected tag value.

Looking at an example from OpenSSL, the missing piece seems to be the EVP_CIPHER_CTX_ctrl function. It is used both for getting the tag when encrypting and setting the expected value when decrypting.
OpenSSL example

@daurnimator
Copy link
Collaborator

Currently, final always returns nil and an error, because the cipher is missing the expected tag value.

Could you give us an example of the code you're trying?

@Sorc96
Copy link

Sorc96 commented Aug 16, 2019 

-- I don't need to encrypt in my real situation,
-- this just to get an encrypted message for this example
local cipher = require "openssl.cipher"
local key = "abcdefghijklmnopabcdefghijklmnop"
local iv = "123456123456"
local message = "My secret message"
local encrypted = cipher.new("aes-256-gcm"):encrypt(key, iv):update(message)
-- There should be a way to get the tag now

-- Now for the decryption
local aes = cipher.new("aes-256-gcm"):decrypt(key, iv)
local decrypted = aes:update(encrypted)
print(decrypted)
-- The message is decrypted succesfully, but now there should be a way to set the expected tag
-- Calling final returns an error, as it should when the expected tag value is not set or the tag does not match the expected value
print(aes:final())

@mwild1
Copy link
Contributor

mwild1 commented May 26, 2022

This is quite a large gap in the API, and makes using the widespread CCM/GCM modes unsafe in many contexts (as the ciphertext may have been corrupted or tampered with) and useless for interoperability with any software that attempts to authenticate the received data. Most cipher APIs in other languages/frameworks either append the tag (MAC) to the end of the ciphertext output or let you obtain the tag after completion.

In OpenSSL, obtaining the tag is done by calling EVP_CIPHER_CTX_ctrl() after the ciphertext is complete. Full examples can be found on the OpenSSL wiki in 'EVP Authenticated Encryption and Decryption'.

I don't mind submitting a PR for this, but it likely won't be before next week.

mwild1 added a commit to mwild1/luaossl that referenced this issue Jun 29, 2022
@mwild1
Add support for getting/setting GCM authentication tag (fixes wahern#115
6e70ca0 
)
@mwild1 mwild1 mentioned this issue Jun 29, 2022
Closed
mwild1 added a commit to mwild1/luaossl that referenced this issue Jun 30, 2022
@mwild1
Add regression test for wahern#115
e402818
daurnimator pushed a commit that referenced this issue Jul 3, 2022
@mwild1 @daurnimator
Add regression test for #115
2922f43
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mwild1 @daurnimator @Neurrone @Sorc96