Method: OpenSSL::Cipher#auth_tag

Defined in:
ossl_cipher.c

#auth_tag(tag_len = 16) ⇒ String

Gets the authentication tag generated by Authenticated Encryption Cipher modes (GCM for example). This tag may be stored along with the ciphertext, then set on the decryption cipher to authenticate the contents of the ciphertext against changes. If the optional integer parameter tag_len is given, the returned tag will be tag_len bytes long. If the parameter is omitted, the default length of 16 bytes or the length previously set by #auth_tag_len= will be used. For maximum security, the longest possible should be chosen.

The tag may only be retrieved after calling Cipher#final.

Returns:

  • (String) 


611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
 
# File 'ossl_cipher.c', line 611

static VALUE
ossl_cipher_get_auth_tag(int argc, VALUE *argv, VALUE self)
{
    VALUE vtag_len, ret;
    EVP_CIPHER_CTX *ctx;
    int tag_len = 16;

    rb_scan_args(argc, argv, "01", &vtag_len);
    if (NIL_P(vtag_len))
	vtag_len = rb_attr_get(self, id_auth_tag_len);
    if (!NIL_P(vtag_len))
	tag_len = NUM2INT(vtag_len);

    GetCipher(self, ctx);

    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
	ossl_raise(eCipherError, "authentication tag not supported by this cipher");

    ret = rb_str_new(NULL, tag_len);
    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tag_len, RSTRING_PTR(ret)))
	ossl_raise(eCipherError, "retrieving the authentication tag failed");

    return ret;
}