Sets the authentication tag to verify the integrity of the ciphertext. This
can be called only when the cipher supports AE. The tag must be set after
calling Cipher#decrypt, Cipher#key= and Cipher#iv=, but before calling
Cipher#final. After all
decryption is performed, the tag is verified automatically in the call to
Cipher#final.
For OCB mode, the tag length must be supplied with #auth_tag_len= beforehand.
static VALUE
ossl_cipher_set_auth_tag(VALUE self, VALUE vtag)
{
EVP_CIPHER_CTX *ctx;
unsigned char *tag;
int tag_len;
StringValue(vtag);
tag = (unsigned char *) RSTRING_PTR(vtag);
tag_len = RSTRING_LENINT(vtag);
GetCipher(self, ctx);
if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
ossl_raise(eCipherError, "authentication tag not supported by this cipher");
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))
ossl_raise(eCipherError, "unable to set AEAD tag");
return vtag;
}