]> wagner.pp.ru Git - openssl-gost/engine.git/log
openssl-gost/engine.git
4 years agoBuild fix
Dmitry Belyavskiy [Tue, 19 May 2020 14:36:37 +0000 (17:36 +0300)]
Build fix

4 years agogost_crypt: Add some sanity checking to GOST_init_cipher
Vitaly Chikunov [Tue, 12 May 2020 09:26:01 +0000 (12:26 +0300)]
gost_crypt: Add some sanity checking to GOST_init_cipher

- Stream cipher should have block_size 1, other should not.
- Stream cipher should not have padding.
- If IV is specified Custom IV flag should be set.

4 years agogost_eng: Rework (simplify) cipher registration
Vitaly Chikunov [Tue, 12 May 2020 03:01:41 +0000 (06:01 +0300)]
gost_eng: Rework (simplify) cipher registration

Now we don't need a struct to hold cipher list. And can use simple array
of pointers to `GOST_cipher'.

4 years agogost_keyexpimp: Rework cipher registration
Vitaly Chikunov [Tue, 12 May 2020 02:40:00 +0000 (05:40 +0300)]
gost_keyexpimp: Rework cipher registration

4 years agogost_grasshopper_cipher: Remove redundant code
Vitaly Chikunov [Tue, 12 May 2020 02:26:53 +0000 (05:26 +0300)]
gost_grasshopper_cipher: Remove redundant code

Not needed after cipher registration converted into table way.

4 years agogost_grasshopper_cipher: Rework cipher registration
Vitaly Chikunov [Tue, 12 May 2020 01:58:03 +0000 (04:58 +0300)]
gost_grasshopper_cipher: Rework cipher registration

This only adds registering via tables, but not removing obsolete code.

4 years agogost_crypt: Allow templates in GOST_cipher
Vitaly Chikunov [Tue, 12 May 2020 00:55:39 +0000 (03:55 +0300)]
gost_crypt: Allow templates in GOST_cipher

Avoid duplication of struct values with help of 1-level templates.

4 years agogost_crypt: Add magma_cbc_cipher
Vitaly Chikunov [Mon, 11 May 2020 23:34:54 +0000 (02:34 +0300)]
gost_crypt: Add magma_cbc_cipher

4 years agogost_crypt: Add magma_ctr_acpkm_omac_cipher
Vitaly Chikunov [Mon, 11 May 2020 23:32:00 +0000 (02:32 +0300)]
gost_crypt: Add magma_ctr_acpkm_omac_cipher

4 years agogost_crypt: Add magma_ctr_acpkm_cipher
Vitaly Chikunov [Mon, 11 May 2020 23:27:45 +0000 (02:27 +0300)]
gost_crypt: Add magma_ctr_acpkm_cipher

4 years agogost_crypt: Add magma_ctr_cipher
Vitaly Chikunov [Mon, 11 May 2020 23:23:34 +0000 (02:23 +0300)]
gost_crypt: Add magma_ctr_cipher

4 years agogost_crypt: Add Gost28147_89_cnt_12_cipher
Vitaly Chikunov [Mon, 11 May 2020 23:19:45 +0000 (02:19 +0300)]
gost_crypt: Add Gost28147_89_cnt_12_cipher

4 years agogost_crypt: Add Gost28147_89_cnt_cipher
Vitaly Chikunov [Mon, 11 May 2020 23:16:25 +0000 (02:16 +0300)]
gost_crypt: Add Gost28147_89_cnt_cipher

4 years agogost_crypt: Add Gost28147_89_cbc_cipher
Vitaly Chikunov [Mon, 11 May 2020 23:10:07 +0000 (02:10 +0300)]
gost_crypt: Add Gost28147_89_cbc_cipher

4 years agogost_crypt: Rework cipher registration, add Gost28147_89_cipher
Vitaly Chikunov [Mon, 11 May 2020 22:28:04 +0000 (01:28 +0300)]
gost_crypt: Rework cipher registration, add Gost28147_89_cipher

4 years agoAllow skipping perl tests
Dmitry Belyavskiy [Mon, 11 May 2020 13:55:47 +0000 (16:55 +0300)]
Allow skipping perl tests

4 years agoFinally normally passing MAC tests
Dmitry Belyavskiy [Sun, 10 May 2020 15:22:10 +0000 (18:22 +0300)]
Finally normally passing MAC tests

4 years agoRestore kuznyechik-mac test
Dmitry Belyavskiy [Sun, 10 May 2020 15:00:03 +0000 (18:00 +0300)]
Restore kuznyechik-mac test

4 years agoReenable some hmac tests
Dmitry Belyavskiy [Sun, 10 May 2020 14:44:03 +0000 (17:44 +0300)]
Reenable some hmac tests

4 years agoUpdate the HMAC calculation example
Dmitry Belyavskiy [Sun, 10 May 2020 14:37:49 +0000 (17:37 +0300)]
Update the HMAC calculation example

Fix #244

4 years agoMerge branch 'master' of https://github.com/gost-engine/engine
Dmitry Belyavskiy [Sun, 10 May 2020 14:15:45 +0000 (17:15 +0300)]
Merge branch 'master' of https://github.com/gost-engine/engine

4 years agoCoverity issue #300971
Dmitry Belyavskiy [Sun, 10 May 2020 14:15:00 +0000 (17:15 +0300)]
Coverity issue #300971

4 years agotest_ciphers: Enable Magma CBC test
Vitaly Chikunov [Sat, 9 May 2020 22:26:35 +0000 (01:26 +0300)]
test_ciphers: Enable Magma CBC test

Since it's fixed in previous commit.

4 years agogost_crypt: Fix Magma CBC in-place decryption
Vitaly Chikunov [Sat, 9 May 2020 22:20:40 +0000 (01:20 +0300)]
gost_crypt: Fix Magma CBC in-place decryption

Simplest fix not concerned with performance, still should not impact it
too much.

4 years agotest_digest: Add another carry test vector, also test GOST94
Vitaly Chikunov [Sat, 9 May 2020 21:54:25 +0000 (00:54 +0300)]
test_digest: Add another carry test vector, also test GOST94

This vector triggers so much bugs in different implementations.

4 years agotest_digest: Reduce arguments to tests, make concise logging
Vitaly Chikunov [Sat, 9 May 2020 21:29:57 +0000 (00:29 +0300)]
test_digest: Reduce arguments to tests, make concise logging

- Less arguments - less scary function calls.
- Better screen output: all tests now shown.
- Some typo corrections.

4 years agotest_digest: Test CMAC using EVP_MAC (provider) API
Vitaly Chikunov [Sat, 9 May 2020 21:13:11 +0000 (00:13 +0300)]
test_digest: Test CMAC using EVP_MAC (provider) API

Use chance of having CMAC test vector to test CMAC provider.

4 years agotest_digest: Test old and new APIs
Vitaly Chikunov [Sat, 9 May 2020 20:02:25 +0000 (23:02 +0300)]
test_digest: Test old and new APIs

Both HMAC (deprecated) and EVP_MAC (since 3.0).
Also, remove redundant test iteration in do_digest().

4 years agotest: List untested digests and ciphers
Vitaly Chikunov [Sat, 9 May 2020 19:47:24 +0000 (22:47 +0300)]
test: List untested digests and ciphers

It's good to know what needs to be done.

4 years agoGOST CMS encryption implementation.
Dmitry Belyavskiy [Sun, 10 May 2020 12:14:48 +0000 (15:14 +0300)]
GOST CMS encryption implementation.

4 years agoError regeneration
Dmitry Belyavskiy [Sat, 9 May 2020 17:20:22 +0000 (20:20 +0300)]
Error regeneration

4 years agoUseful wrap script
Dmitry Belyavskiy [Sat, 9 May 2020 16:37:46 +0000 (19:37 +0300)]
Useful wrap script

4 years agoEnabling TC26 CMS tests
Dmitry Belyavskiy [Sat, 9 May 2020 16:36:12 +0000 (19:36 +0300)]
Enabling TC26 CMS tests

4 years agoUpdate INSTALL.md according to actual standards
Dmitry Belyavskiy [Sat, 9 May 2020 16:00:33 +0000 (19:00 +0300)]
Update INSTALL.md according to actual standards

4 years agoImprove diagnostics
Dmitry Belyavskiy [Sat, 9 May 2020 14:24:09 +0000 (17:24 +0300)]
Improve diagnostics

4 years agomagma-ctr-acpkm + magma-ctr-acpkm-omac
Dmitry Belyavskiy [Sat, 9 May 2020 10:47:48 +0000 (13:47 +0300)]
magma-ctr-acpkm + magma-ctr-acpkm-omac

4 years agoRefactoring unprotected attributes processing
Dmitry Belyavskiy [Sat, 9 May 2020 10:18:32 +0000 (13:18 +0300)]
Refactoring unprotected attributes processing

4 years agotest_digest: Do HMAC using EVP_MAC API
Vitaly Chikunov [Sat, 9 May 2020 04:46:17 +0000 (07:46 +0300)]
test_digest: Do HMAC using EVP_MAC API

They say `HMAC' API is deprecated since 3.0, thus `EVP_MAC' API should
be used.
  https://www.openssl.org/docs/manmaster/man3/HMAC_CTX_free.html

4 years agotest_ciphers: Add Magma CTR (and CBC) test(s)
Vitaly Chikunov [Sat, 9 May 2020 03:57:12 +0000 (06:57 +0300)]
test_ciphers: Add Magma CTR (and CBC) test(s)

- CTR vector is from standard.
- CBC vector is generated by PR_GOSTR_bch_v9. CBC test fail in-place
  decryption, so it's disabled by `#if 0'.

4 years agogost_crypt: Fix IV length for Magma CTR mode
Vitaly Chikunov [Sat, 9 May 2020 03:15:32 +0000 (06:15 +0300)]
gost_crypt: Fix IV length for Magma CTR mode

It's 4, half of block size.

4 years agotest_digest: Add Magma OMAC1 test
Vitaly Chikunov [Sat, 9 May 2020 00:07:13 +0000 (03:07 +0300)]
test_digest: Add Magma OMAC1 test

From GOST R 34.13-2015 (А.2.6).

4 years agotest_digest: Add HMAC tests for Streebog
Vitaly Chikunov [Fri, 8 May 2020 23:49:47 +0000 (02:49 +0300)]
test_digest: Add HMAC tests for Streebog

From RFC 7836 (B) and R 50.1.113-2016 (A).

4 years agotest_digest: Add more test vectors for Streebog
Vitaly Chikunov [Fri, 8 May 2020 21:51:48 +0000 (00:51 +0300)]
test_digest: Add more test vectors for Streebog

Dumps from `etalon/' dir.

4 years agotest_digest: Move MAC tests from test_cipher to test_digest
Vitaly Chikunov [Fri, 8 May 2020 20:33:50 +0000 (23:33 +0300)]
test_digest: Move MAC tests from test_cipher to test_digest

Here is better place, because they all digests.

4 years agotest_ciphers: Rework cipher test
Vitaly Chikunov [Fri, 8 May 2020 18:53:30 +0000 (21:53 +0300)]
test_ciphers: Rework cipher test

- Use EVP API instead of direct calls to gost-engine;
- Remove MAC tests (they should go into test_digest);
- Expand `testcases' array to be more readable;
- Add some asserts of IV and block sizes.
- Remove noisy hex dumps if there is no errors;
- Note: no new cipers are added.

4 years agotest_ciphers: Rename test_grasshopper to test_ciphers
Vitaly Chikunov [Fri, 8 May 2020 17:24:31 +0000 (20:24 +0300)]
test_ciphers: Rename test_grasshopper to test_ciphers

Better name to add more ciphers to test. Also, move it up in the tests
just after digests.

4 years agotest_context: Test digests too
Vitaly Chikunov [Fri, 8 May 2020 17:08:50 +0000 (20:08 +0300)]
test_context: Test digests too

Test if copying `EVP_MD_CTX' is working good for GOST digests.

4 years agotest_context: Instantiate ciphers using EVP API instead of direct calls
Vitaly Chikunov [Fri, 8 May 2020 14:49:15 +0000 (17:49 +0300)]
test_context: Instantiate ciphers using EVP API instead of direct calls

Also, use testcases table and add more ciphers.

4 years agoReverse travis experiments
Dmitry Belyavskiy [Fri, 8 May 2020 08:51:43 +0000 (11:51 +0300)]
Reverse travis experiments

4 years agoTry to use known good commit for tests
Dmitry Belyavskiy [Thu, 7 May 2020 20:13:05 +0000 (23:13 +0300)]
Try to use known good commit for tests

4 years agoIt does not work this way
Dmitry Belyavskiy [Thu, 7 May 2020 19:50:39 +0000 (22:50 +0300)]
It does not work this way

4 years agoTravis tuning - known good commit
Dmitry Belyavskiy [Thu, 7 May 2020 19:19:47 +0000 (22:19 +0300)]
Travis tuning - known good commit

4 years ago[test] ECC: KATs for the curves in RFC4357 and RFC7836
Billy Brumley [Thu, 7 May 2020 17:13:42 +0000 (20:13 +0300)]
[test] ECC: KATs for the curves in RFC4357 and RFC7836

* Tests that gost-engine correctly computes the public key from the
private key. (Twice -- Alice and Bob.)

* Tests that gost-engine correctly computes the derived shared key.
(Twice -- Alice and Bob, should be identical.)

4 years ago-debug_decrypt option
Dmitry Belyavskiy [Wed, 6 May 2020 17:47:27 +0000 (20:47 +0300)]
-debug_decrypt option

4 years agoAllow GOST 2001 CMS decryption
Dmitry Belyavskiy [Wed, 6 May 2020 17:45:02 +0000 (20:45 +0300)]
Allow GOST 2001 CMS decryption

4 years agoUpdate rsa cms/smime tests to avoid regression
Dmitry Belyavskiy [Wed, 6 May 2020 17:22:58 +0000 (20:22 +0300)]
Update rsa cms/smime tests to avoid regression

4 years agoAllow IANA ciphersuite
Dmitry Belyavskiy [Wed, 6 May 2020 16:39:48 +0000 (19:39 +0300)]
Allow IANA ciphersuite

4 years agoFix failing ssl tests
Dmitry Belyavskiy [Wed, 6 May 2020 16:34:05 +0000 (19:34 +0300)]
Fix failing ssl tests

4 years agoFix Coverity #300461
Dmitry Belyavskiy [Wed, 6 May 2020 15:12:10 +0000 (18:12 +0300)]
Fix Coverity #300461

4 years agoFix coverity issue 300458
Dmitry Belyavskiy [Mon, 4 May 2020 20:01:48 +0000 (23:01 +0300)]
Fix coverity issue 300458

4 years agoFix coverity issue 300457
Dmitry Belyavskiy [Mon, 4 May 2020 19:57:42 +0000 (22:57 +0300)]
Fix coverity issue 300457

4 years agoTesting against master to avoid known build bug in alpha1
Dmitry Belyavskiy [Mon, 4 May 2020 18:20:53 +0000 (21:20 +0300)]
Testing against master to avoid known build bug in alpha1

4 years agoUpdate CA verification test
Dmitry Belyavskiy [Mon, 4 May 2020 17:59:41 +0000 (20:59 +0300)]
Update CA verification test

4 years agoCTR encryption update
Dmitry Belyavskiy [Mon, 4 May 2020 17:55:31 +0000 (20:55 +0300)]
CTR encryption update

4 years agoTypo in CA verify command
Dmitry Belyavskiy [Mon, 4 May 2020 17:42:42 +0000 (20:42 +0300)]
Typo in CA verify command

4 years agoFixing ca cert verification
Dmitry Belyavskiy [Mon, 4 May 2020 17:31:33 +0000 (20:31 +0300)]
Fixing ca cert verification

4 years agoTemporary commented out weird failure
Dmitry Belyavskiy [Mon, 4 May 2020 17:19:08 +0000 (20:19 +0300)]
Temporary commented out weird failure

4 years agoTry to make mac test happy
Dmitry Belyavskiy [Mon, 4 May 2020 17:04:17 +0000 (20:04 +0300)]
Try to make mac test happy

4 years agoTemporary commented out the RSA test
Dmitry Belyavskiy [Mon, 4 May 2020 16:50:23 +0000 (19:50 +0300)]
Temporary commented out the RSA test

4 years agoTCL engine test updated
Dmitry Belyavskiy [Mon, 4 May 2020 16:42:56 +0000 (19:42 +0300)]
TCL engine test updated

4 years agoMake grasshopper_test happy
Dmitry Belyavskiy [Mon, 4 May 2020 16:27:24 +0000 (19:27 +0300)]
Make grasshopper_test happy

4 years agoMake engine test happier
Dmitry Belyavskiy [Mon, 4 May 2020 13:45:25 +0000 (16:45 +0300)]
Make engine test happier

4 years agoSwitching Travis to 3.0.0-alpha1, try 2
Dmitry Belyavskiy [Mon, 4 May 2020 13:29:37 +0000 (16:29 +0300)]
Switching Travis to 3.0.0-alpha1, try 2

4 years agoMerge branch 'master' of https://github.com/gost-engine/engine
Dmitry Belyavskiy [Mon, 4 May 2020 13:16:35 +0000 (16:16 +0300)]
Merge branch 'master' of https://github.com/gost-engine/engine

4 years agoSwitching Travis to 3.0.0-alpha1
Dmitry Belyavskiy [Mon, 4 May 2020 13:15:59 +0000 (16:15 +0300)]
Switching Travis to 3.0.0-alpha1

4 years agotest_tls: Fix test hanging on some OpenSSL errors
Vitaly Chikunov [Sun, 3 May 2020 20:12:47 +0000 (23:12 +0300)]
test_tls: Fix test hanging on some OpenSSL errors

Handle abnormal exit of s_client/s_server processes.

Fixes partially #230.

4 years agoOpenSSL 3.0 required
Dmitry Belyavskiy [Mon, 4 May 2020 12:48:39 +0000 (15:48 +0300)]
OpenSSL 3.0 required

4 years agoKUZNYECHIK-CTR_ACPKM-OMAC implementation
Dmitry Belyavskiy [Mon, 4 May 2020 11:14:19 +0000 (14:14 +0300)]
KUZNYECHIK-CTR_ACPKM-OMAC implementation

4 years agoKuznyechik ASN1 parameters parsing
Dmitry Belyavskiy [Sun, 3 May 2020 17:14:30 +0000 (20:14 +0300)]
Kuznyechik ASN1 parameters parsing

4 years agofixup! Magma/Kuznyechik ASN1 parameters and functions
Dmitry Belyavskiy [Sun, 3 May 2020 16:43:55 +0000 (19:43 +0300)]
fixup! Magma/Kuznyechik ASN1 parameters and functions

4 years agoMagma/Kuznyechik ASN1 parameters and functions
Dmitry Belyavskiy [Sun, 3 May 2020 16:42:05 +0000 (19:42 +0300)]
Magma/Kuznyechik ASN1 parameters and functions

4 years agoUKM must be set
Dmitry Belyavskiy [Sun, 3 May 2020 13:45:59 +0000 (16:45 +0300)]
UKM must be set

4 years agoPSKeyTransport_gost includes UKM
Dmitry Belyavskiy [Sun, 3 May 2020 13:45:26 +0000 (16:45 +0300)]
PSKeyTransport_gost includes UKM

4 years agoUpdated decrypt selection logic
Dmitry Belyavskiy [Sun, 3 May 2020 11:42:34 +0000 (14:42 +0300)]
Updated decrypt selection logic

4 years agoRestoring gost89 CMS support in gost engine for OpenSSL 3.0
Dmitry Belyavskiy [Sun, 3 May 2020 11:11:17 +0000 (14:11 +0300)]
Restoring gost89 CMS support in gost engine for OpenSSL 3.0

4 years agoNo deprecation-related warnings
Dmitry Belyavskiy [Sun, 3 May 2020 11:57:28 +0000 (14:57 +0300)]
No deprecation-related warnings

4 years agoGOST wrap ciphers registration
Dmitry Belyavskiy [Sat, 2 May 2020 15:26:53 +0000 (18:26 +0300)]
GOST wrap ciphers registration

4 years agoNew Gost CMS support, KARI/KTRI parsing
Dmitry Belyavskiy [Sat, 2 May 2020 15:07:15 +0000 (18:07 +0300)]
New Gost CMS support, KARI/KTRI parsing

4 years agogost_eng: Make it use arrays instead of repeatable code
Vitaly Chikunov [Sat, 2 May 2020 19:53:01 +0000 (22:53 +0300)]
gost_eng: Make it use arrays instead of repeatable code

4 years agoFree memory
Dmitry Belyavskiy [Fri, 1 May 2020 21:28:46 +0000 (00:28 +0300)]
Free memory

4 years agoFix code aligning
Dmitry Belyavskiy [Fri, 1 May 2020 09:22:43 +0000 (12:22 +0300)]
Fix code aligning

4 years agoRebuild error files to avoid build failures
Dmitry Belyavskiy [Fri, 1 May 2020 09:19:43 +0000 (12:19 +0300)]
Rebuild error files to avoid build failures

4 years agopkeyutl -derive support
Dmitry Belyavskiy [Fri, 1 May 2020 00:18:59 +0000 (03:18 +0300)]
pkeyutl -derive support

Support of pkeyutl -pkeyopt ukmhex:0102030405060708 syntax

4 years agotest_digest: Test all block sizes and alignments
Vitaly Chikunov [Sun, 1 Mar 2020 03:03:40 +0000 (06:03 +0300)]
test_digest: Test all block sizes and alignments

There need to be more tests than 2 constant fixed size blocks.
Final digest values are generated from the first run.

Test description in comments.

4 years agocppcheck: Variable is reassigned a value before the old one has been used.
Nikolay Morozov [Thu, 27 Feb 2020 11:28:07 +0000 (14:28 +0300)]
cppcheck: Variable is reassigned a value before the old one has been used.

Plus some minor chnages
- function defenition doen't match function declaration
- Consecutive break statement is unnecessary.
- Type missmatch in format string

4 years agocppcheck: The scope of the variable can be reduced.
Nikolay Morozov [Wed, 26 Feb 2020 09:38:27 +0000 (12:38 +0300)]
cppcheck: The scope of the variable can be reduced.

4 years agokeyx: Add OPENSSL_cleanse for internal buffers
Vitaly Chikunov [Mon, 17 Feb 2020 23:55:35 +0000 (02:55 +0300)]
keyx: Add OPENSSL_cleanse for internal buffers

Only stack buffers are considered.

4 years agoReplace RAND_bytes with RAND_priv_bytes
Vitaly Chikunov [Mon, 17 Feb 2020 23:53:14 +0000 (02:53 +0300)]
Replace RAND_bytes with RAND_priv_bytes

`RAND_priv_bytes' is supposed to be used for private data.

4 years agoec: Use BN_{CTX_,}secure_new memory API for priv keys
Vitaly Chikunov [Mon, 17 Feb 2020 21:35:10 +0000 (00:35 +0300)]
ec: Use BN_{CTX_,}secure_new memory API for priv keys

OpenSSL suggests to use (and internally itself uses)
`BN_{CTX_,}secure_new' primitives to work with private keys.

These are using `OPENSSL_secure_malloc' et al. calls, which use
special 'secure heap' memory.

Along, optimize out `hashsum2bn' with `BN_lebin2bn'.

4 years agoNo need for special OFB context
Dmitry Belyavskiy [Sat, 22 Feb 2020 13:43:42 +0000 (16:43 +0300)]
No need for special OFB context