size_t dgst_size;
int cipher_nid;
int key_set;
+/*
+ * Here begins stuff related to TLSTREE processing
+ * We MUST store the original key to derive TLSTREE keys from it
+ * and TLS seq no.
+ * */
+ unsigned char key[32];
+/*
+ * TODO
+ * TLSTREE intermediate values should be recalculated only when
+ * C_i & (seq_no+1) != C_i & (seq_no)
+ * so somewhen we will store C_i & (seq_no) in this structure
+ * to avoid redundant hash calculations.
+ * */
} OMAC_CTX;
#define MAX_GOST_OMAC_SIZE 16
switch (cipher_nid) {
case NID_magma_cbc:
- c->dgst_size = 4;
+ c->dgst_size = 8;
break;
case NID_grasshopper_cbc:
- c->dgst_size = 8;
+ c->dgst_size = 16;
break;
}
c_to->dgst_size = c_from->dgst_size;
c_to->cipher_nid = c_from->cipher_nid;
c_to->key_set = c_from->key_set;
+ memcpy(c_to->key, c_from->key, 32);
} else {
return 0;
}
{
int ret = 0;
+ CMAC_CTX_free(c->cmac_ctx);
c->cmac_ctx = CMAC_CTX_new();
if (c->cmac_ctx == NULL) {
GOSTerr(GOST_F_OMAC_KEY, ERR_R_MALLOC_FAILURE);
OMAC_CTX *c = EVP_MD_CTX_md_data(ctx);
const EVP_MD *md = EVP_MD_CTX_md(ctx);
const EVP_CIPHER *cipher = NULL;
+ int ret = 0;
if (c->cipher_nid == NID_undef) {
switch (EVP_MD_nid(md)) {
if (arg == 0) {
struct gost_mac_key *key = (struct gost_mac_key *)ptr;
- return omac_key(c, cipher, key->key, 32);
-
+ ret = omac_key(c, cipher, key->key, 32);
+ if (ret > 0)
+ memcpy(c->key, key->key, 32);
+ return ret;
} else if (arg == 32) {
- return omac_key(c, cipher, ptr, 32);
+ ret = omac_key(c, cipher, ptr, 32);
+ if (ret > 0)
+ memcpy(c->key, ptr, 32);
+ return ret;
}
GOSTerr(GOST_F_OMAC_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_SIZE);
return 0;
}
- case EVP_MD_CTRL_MAC_LEN:
+ case EVP_MD_CTRL_XOF_LEN: /* Supported in OpenSSL */
{
OMAC_CTX *c = EVP_MD_CTX_md_data(ctx);
switch (c->cipher_nid) {
}
return 1;
}
-
+#ifdef EVP_MD_CTRL_TLSTREE
+ case EVP_MD_CTRL_TLSTREE:
+ {
+ OMAC_CTX *c = EVP_MD_CTX_md_data(ctx);
+ if (c->key_set) {
+ unsigned char diversed_key[32];
+ return gost_tlstree(c->cipher_nid, c->key, diversed_key,
+ (const unsigned char *)ptr) ?
+ omac_key(c, EVP_get_cipherbynid(c->cipher_nid),
+ diversed_key, 32) : 0;
+ }
+ GOSTerr(GOST_F_OMAC_IMIT_CTRL, GOST_R_BAD_ORDER);
+ return 0;
+ }
+ return 0;
+#endif
default:
return 0;
}
EVP_MD *md;
if ((md = EVP_MD_meth_new(NID_magma_mac, NID_undef)) == NULL
- || !EVP_MD_meth_set_result_size(md, 4)
+ || !EVP_MD_meth_set_result_size(md, 8)
|| !EVP_MD_meth_set_input_blocksize(md, 8)
|| !EVP_MD_meth_set_app_datasize(md, sizeof(OMAC_CTX))
- || !EVP_MD_meth_set_flags(md, 0)
+ || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_XOF)
|| !EVP_MD_meth_set_init(md, magma_imit_init)
|| !EVP_MD_meth_set_update(md, omac_imit_update)
|| !EVP_MD_meth_set_final(md, omac_imit_final)
EVP_MD *md;
if ((md = EVP_MD_meth_new(NID_grasshopper_mac, NID_undef)) == NULL
- || !EVP_MD_meth_set_result_size(md, 8)
+ || !EVP_MD_meth_set_result_size(md, 16)
|| !EVP_MD_meth_set_input_blocksize(md, 8)
|| !EVP_MD_meth_set_app_datasize(md, sizeof(OMAC_CTX))
- || !EVP_MD_meth_set_flags(md, 0)
+ || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_XOF)
|| !EVP_MD_meth_set_init(md, grasshopper_imit_init)
|| !EVP_MD_meth_set_update(md, omac_imit_update)
|| !EVP_MD_meth_set_final(md, omac_imit_final)