backport commit 2dd3a2f from master (#301)

* backport commit 2dd3a2f from master

update magma cipher ctr_acpkm mode encrypting

Fixed bug when acpkm key meshing didn't apply at appropriate time
during TLS secure exchange.
Unify usage of 'num' variable of EVP_CIPHER_CTX for kuznetchik and
magma.

* correct define variable dependency

add optional compiling setting for EVP_CTRL_TLS1_2_TLSTREE variable

Co-authored-by: Igor Kirillov <i.kirillov@kryptonite.ru>

diff --git a/gost_crypt.c b/gost_crypt.c
index 3af9abe05ac690e84a3d8f27a1183b163ac108e4..cb3cdb342e72b4a04b677cbb8004625fe686d7c0 100644 (file)
--- a/gost_crypt.c
+++ b/gost_crypt.c
@@ -477,6 +477,13 @@ static int magma_cipher_init_param(EVP_CIPHER_CTX *ctx,
     }
     memcpy(EVP_CIPHER_CTX_iv_noconst(ctx),
            EVP_CIPHER_CTX_original_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx));
+    if (EVP_CIPHER_CTX_nid(ctx) == NID_magma_ctr_acpkm
+     || EVP_CIPHER_CTX_nid(ctx) == NID_magma_ctr_acpkm_omac) {
+       c->key_meshing = 1024;
+    } else {
+       c->key_meshing = 0;
+    }
+
     return 1;
 }
 
@@ -676,34 +683,41 @@ static void ctr64_inc(unsigned char *counter)
     inc_counter(counter, 8);
 }
 
+#define MAGMA_BLOCK_SIZE 8
+#define MAGMA_BLOCK_MASK (MAGMA_BLOCK_SIZE - 1)
+static inline void apply_acpkm_magma(struct ossl_gost_cipher_ctx *
+                                           ctx, unsigned int *num)
+{
+    if (!ctx->key_meshing || (*num < ctx->key_meshing))
+        return;
+    acpkm_magma_key_meshing(&ctx->cctx);
+    *num &= MAGMA_BLOCK_MASK;
+}
+
 /* MAGMA encryption in CTR mode */
 static int magma_cipher_do_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                const unsigned char *in, size_t inl)
 {
     const unsigned char *in_ptr = in;
     unsigned char *out_ptr = out;
-    size_t i = 0;
     size_t j;
     struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
     unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
     unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    size_t blocks, i, lasted = inl;
     unsigned char b[8];
 /* Process partial blocks */
-    if (EVP_CIPHER_CTX_num(ctx)) {
-        for (j = EVP_CIPHER_CTX_num(ctx), i = 0; j < 8 && i < inl;
-             j++, i++, in_ptr++, out_ptr++) {
-            *out_ptr = buf[7 - j] ^ (*in_ptr);
-        }
-        if (j == 8) {
-            EVP_CIPHER_CTX_set_num(ctx, 0);
-        } else {
-            EVP_CIPHER_CTX_set_num(ctx, j);
-            return 1;
-        }
+    while ((num & MAGMA_BLOCK_MASK) && lasted) {
+        *out_ptr++ = *in_ptr++ ^ buf[7 - (num & MAGMA_BLOCK_MASK)];
+        --lasted;
+        num++;
     }
+    blocks = lasted / MAGMA_BLOCK_SIZE;
 
 /* Process full blocks */
-    for (; i + 8 <= inl; i += 8, in_ptr += 8, out_ptr += 8) {
+    for (i = 0; i < blocks; i++) {
+        apply_acpkm_magma(c, &num);
         for (j = 0; j < 8; j++) {
             b[7 - j] = iv[j];
         }
@@ -712,23 +726,28 @@ static int magma_cipher_do_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out,
             out_ptr[j] = buf[7 - j] ^ in_ptr[j];
         }
         ctr64_inc(iv);
+        c->count += MAGMA_BLOCK_SIZE;
+        in_ptr += MAGMA_BLOCK_SIZE;
+        out_ptr += MAGMA_BLOCK_SIZE;
+        num += MAGMA_BLOCK_SIZE;
+        lasted -= MAGMA_BLOCK_SIZE;
     }
 
 /* Process the rest of plaintext */
-    if (i < inl) {
+    if (lasted > 0) {
+        apply_acpkm_magma(c, &num);
         for (j = 0; j < 8; j++) {
             b[7 - j] = iv[j];
         }
-        gostcrypt(&(c->cctx), iv, buf);
-        ctr64_inc(iv);
-        for (j = 0; i < inl; j++, i++) {
-            out_ptr[j] = buf[7 - j] ^ in_ptr[j];
-        }
+        gostcrypt(&(c->cctx), b, buf);
 
-        EVP_CIPHER_CTX_set_num(ctx, j);
-    } else {
-        EVP_CIPHER_CTX_set_num(ctx, 0);
+        for (i = 0; i < lasted; i++)
+            out_ptr[i] = buf[7 - i] ^ in_ptr[i];
+        ctr64_inc(iv);
+        c->count += j;
+        num += lasted;
     }
+    EVP_CIPHER_CTX_set_num(ctx, num);
 
     return 1;
 }

diff --git a/test_tlstree.c b/test_tlstree.c
index df2574298d38f0828b241c0090556d892238ccf8..2fbc16a094ab2df3a66e4c49bf32e958db01e95f 100644 (file)
--- a/test_tlstree.c
+++ b/test_tlstree.c
@@ -19,6 +19,7 @@ static void hexdump(FILE *f, const char *title, const unsigned char *s, int l)
 int main(void)
 {
 #ifdef EVP_MD_CTRL_TLSTREE
+#ifdef EVP_CTRL_TLS1_2_TLSTREE
        const unsigned char mac_secret[] = {
 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -176,6 +177,7 @@ int main(void)
                exit(1);
        }
 
+#endif
 #endif
        return 0;
 }