Gets the authentication tag generated by Authenticated Encryption Cipher modes (GCM for example). This
tag may be stored along with the ciphertext, then set on the decryption
cipher to authenticate the contents of the ciphertext against changes. If
the optional integer parameter tag_len is given, the returned tag
will be tag_len bytes long. If the parameter is omitted, the
default length of 16 bytes or the length previously set by #auth_tag_len= will be
used. For maximum security, the longest possible should be chosen.
The tag may only be retrieved after calling Cipher#final.
static VALUE
ossl_cipher_get_auth_tag(int argc, VALUE *argv, VALUE self)
{
VALUE vtag_len, ret;
EVP_CIPHER_CTX *ctx;
int tag_len = 16;
rb_scan_args(argc, argv, "01", &vtag_len);
if (NIL_P(vtag_len))
vtag_len = rb_attr_get(self, id_auth_tag_len);
if (!NIL_P(vtag_len))
tag_len = NUM2INT(vtag_len);
GetCipher(self, ctx);
if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
ossl_raise(eCipherError, "authentication tag not supported by this cipher");
ret = rb_str_new(NULL, tag_len);
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tag_len, RSTRING_PTR(ret)))
ossl_raise(eCipherError, "retrieving the authentication tag failed");
return ret;
}