Added support for magma-ctracpkm-omac.

Magma OMAC is implemented the same way as NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac. And with test vectors.

diff --git a/gost_crypt.c b/gost_crypt.c
index 516e598d4dc1f32cf2168dff7b7f031044d21bbe..85b194a9909a590276a953976e301966846aac01 100644 (file)
--- a/gost_crypt.c
+++ b/gost_crypt.c
@@ -519,6 +519,7 @@ static int magma_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        c->key_meshing = 0;
     }
 
+    c->count = 0;
     return 1;
 }
 
@@ -1273,10 +1274,6 @@ static int magma_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
                 return -1;
             }
 
-            if (c->count != 0) {
-                return -1;
-            }
-
             c->key_meshing = arg;
             return 1;
         }
@@ -1650,4 +1647,10 @@ static int gost_imit_cleanup(EVP_MD_CTX *ctx)
     memset(EVP_MD_CTX_md_data(ctx), 0, sizeof(struct ossl_gost_imit_ctx));
     return 1;
 }
+
+/* Called directly by CMAC_ACPKM_Init() */
+const EVP_CIPHER *cipher_gost_magma_ctracpkm()
+{
+    return GOST_init_cipher(&magma_ctr_acpkm_cipher);
+}
 /* vim: set expandtab cinoptions=\:0,l1,t0,g0,(0 sw=4 : */

diff --git a/gost_eng.c b/gost_eng.c
index 7ca5523721dc8e26121e00c1fdfbd9b4d2896f7f..4df83e8a05a0833901f2f9e982965962b8ed9737 100644 (file)
--- a/gost_eng.c
+++ b/gost_eng.c
@@ -80,6 +80,7 @@ GOST_digest *gost_digest_array[] = {
     &magma_mac_digest,
     &grasshopper_mac_digest,
     &kuznyechik_ctracpkm_omac_digest,
+    &magma_ctracpkm_omac_digest,
 };
 
 GOST_cipher *gost_cipher_array[] = {

diff --git a/gost_lcl.h b/gost_lcl.h
index ffa8c76d1245c61e6a96f5a88f9dee4dfba6f845..21a519782fa30fa81f7ba3270ef233acc3f88831 100644 (file)
--- a/gost_lcl.h
+++ b/gost_lcl.h
@@ -342,6 +342,8 @@ typedef struct gost_cipher_st GOST_cipher;
 EVP_CIPHER *GOST_init_cipher(GOST_cipher *c);
 void GOST_deinit_cipher(GOST_cipher *c);
 
+const EVP_CIPHER *cipher_gost_magma_ctracpkm();
+
 /* ENGINE implementation data */
 extern GOST_cipher Gost28147_89_cipher;
 extern GOST_cipher Gost28147_89_cbc_cipher;
@@ -398,6 +400,7 @@ extern GOST_digest GostR3411_2012_512_digest;
 extern GOST_digest magma_mac_digest;
 extern GOST_digest grasshopper_mac_digest;
 extern GOST_digest kuznyechik_ctracpkm_omac_digest;
+extern GOST_digest magma_ctracpkm_omac_digest;
 
 /* Provider implementation data */
 extern const OSSL_ALGORITHM GOST_prov_digests[];

diff --git a/gost_omac_acpkm.c b/gost_omac_acpkm.c
index 8a3c841ad269feb43b297ae38c7123c7bf630eb5..79cfa2242e465c49bd2c47b7288da0c1fec331b6 100644 (file)
--- a/gost_omac_acpkm.c
+++ b/gost_omac_acpkm.c
@@ -138,9 +138,16 @@ static int CMAC_ACPKM_Init(CMAC_ACPKM_CTX *ctx, const void *key, size_t keylen,
 
         if (!EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL))
             return 0;
-        if (!EVP_CIPHER_is_a(cipher, SN_grasshopper_cbc))
+        /* EVP_CIPHER_is_a doesn't work, checking by NID */
+        if (EVP_CIPHER_is_a(cipher, SN_magma_cbc)
+            && EVP_CIPHER_nid(cipher) == NID_magma_cbc)
+            acpkm = cipher_gost_magma_ctracpkm();
+        else if (EVP_CIPHER_is_a(cipher, SN_grasshopper_cbc)
+                 && EVP_CIPHER_nid(cipher) == NID_grasshopper_cbc)
+            acpkm = cipher_gost_grasshopper_ctracpkm();
+        else
             return 0;
-        acpkm = cipher_gost_grasshopper_ctracpkm();
+
         if (!EVP_EncryptInit_ex(ctx->actx, acpkm, impl, NULL, NULL))
             return 0;
     }
@@ -319,6 +326,9 @@ static int omac_acpkm_init(EVP_MD_CTX *ctx, const char *cipher_name)
     case NID_grasshopper_cbc:
         c->dgst_size = 16;
         break;
+    case NID_magma_cbc:
+        c->dgst_size = 8;
+        break;
     }
 
     return 1;
@@ -329,6 +339,11 @@ static int grasshopper_omac_acpkm_init(EVP_MD_CTX *ctx)
     return omac_acpkm_init(ctx, SN_grasshopper_cbc);
 }
 
+static int magma_omac_acpkm_init(EVP_MD_CTX *ctx)
+{
+    return omac_acpkm_init(ctx, SN_magma_cbc);
+}
+
 static int omac_acpkm_imit_update(EVP_MD_CTX *ctx, const void *data,
                                   size_t count)
 {
@@ -432,6 +447,9 @@ int omac_acpkm_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr)
                 if (EVP_MD_is_a(md, SN_grasshopper_mac)
                     || EVP_MD_is_a(md, SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac))
                     c->cipher_name = SN_grasshopper_cbc;
+                else if (EVP_MD_is_a(md, SN_magma_mac)
+                    || EVP_MD_is_a(md, SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac))
+                    c->cipher_name = SN_magma_cbc;
             }
             if ((cipher =
                  (EVP_CIPHER *)EVP_get_cipherbyname(c->cipher_name)) == NULL
@@ -527,3 +545,17 @@ GOST_digest kuznyechik_ctracpkm_omac_digest = {
     .cleanup = omac_acpkm_imit_cleanup,
     .ctrl = omac_acpkm_imit_ctrl,
 };
+
+GOST_digest magma_ctracpkm_omac_digest = {
+    .nid = NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac,
+    .result_size = 8,
+    .input_blocksize = 8,
+    .app_datasize = sizeof(OMAC_ACPKM_CTX),
+    .flags = EVP_MD_FLAG_XOF,
+    .init = magma_omac_acpkm_init,
+    .update = omac_acpkm_imit_update,
+    .final = omac_acpkm_imit_final,
+    .copy = omac_acpkm_imit_copy,
+    .cleanup = omac_acpkm_imit_cleanup,
+    .ctrl = omac_acpkm_imit_ctrl,
+};

diff --git a/gost_pmeth.c b/gost_pmeth.c
index 44bfc75ff9af52c5d6649abf22f15b165fec0ddd..bf7528c0ed42d82514268647aea4d7ab721759d7 100644 (file)
--- a/gost_pmeth.c
+++ b/gost_pmeth.c
@@ -1131,6 +1131,7 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags)
         EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
         return 1;
     case NID_magma_mac:
+    case NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac:  /* FIXME beldmit */
         EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_magma_mac_ctrl,
                                pkey_gost_magma_mac_ctrl_str);
         EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_magma_mac_signctx_init,

diff --git a/gost_prov_mac.c b/gost_prov_mac.c
index ab04a9c24f979a0687994765ff40f8b935a2c03d..77dcb7bff2da1c915ccbd25201ce16cf41ade1d0 100644 (file)
--- a/gost_prov_mac.c
+++ b/gost_prov_mac.c
@@ -282,6 +282,8 @@ static int mac_set_ctx_params(void *mctx, const OSSL_PARAM params[])
 #define gost_mac_12_digest              Gost28147_89_mac_12_digest
 #define id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac_digest \
     kuznyechik_ctracpkm_omac_digest
+#define id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac_digest \
+    magma_ctracpkm_omac_digest
 
 typedef void (*fptr_t)(void);
 #define MAKE_FUNCTIONS(name, macsize)                                   \
@@ -331,6 +333,7 @@ MAKE_FUNCTIONS(gost_mac_12, 4);
 MAKE_FUNCTIONS(magma_mac, 8);
 MAKE_FUNCTIONS(grasshopper_mac, 16);
 MAKE_FUNCTIONS(id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, 16);
+MAKE_FUNCTIONS(id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac, 8);
 
 /* The OSSL_ALGORITHM for the provider's operation query function */
 const OSSL_ALGORITHM GOST_prov_macs[] = {
@@ -342,6 +345,9 @@ const OSSL_ALGORITHM GOST_prov_macs[] = {
     { SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac
       ":1.2.643.7.1.1.5.2.2", NULL,
       id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac_functions },
+    { SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac
+      ":1.2.643.7.1.1.5.1.2", NULL,
+      id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac_functions },
     { NULL , NULL, NULL }
 };
 
@@ -351,7 +357,8 @@ void GOST_prov_deinit_mac_digests(void) {
         &Gost28147_89_mac_12_digest,
         &magma_mac_digest,
         &grasshopper_mac_digest,
-        &kuznyechik_ctracpkm_omac_digest
+        &kuznyechik_ctracpkm_omac_digest,
+        &magma_ctracpkm_omac_digest
     };
     size_t i;
 #define elems(l) (sizeof(l) / sizeof(l[0]))

diff --git a/test_context.c b/test_context.c
index d9ef57926e11d20b640064495ed7a92a3d2c756a..5f710efb1ccaeeef20b026e67ed311a5af3a36be 100644 (file)
--- a/test_context.c
+++ b/test_context.c
@@ -333,6 +333,7 @@ static struct testcase_digest {
     { SN_magma_mac, 1 },
     { SN_grasshopper_mac, 1 },
     { SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, 1 },
+    { SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac, 1 },
     { 0 },
 };
 int main(int argc, char **argv)

diff --git a/test_digest.c b/test_digest.c
index 68c0e3253f7366cea9d8525dd7199821d92d7093..d630e72e6cb4594a08a2fad7d773546e83cc50a9 100644 (file)
--- a/test_digest.c
+++ b/test_digest.c
@@ -108,6 +108,30 @@ static const char MAC_omac[] = { 0x33,0x6f,0x4d,0x29,0x60,0x59,0xfb,0xe3 };
  */
 static const char MAC_magma_omac[] = { 0x15,0x4e,0x72,0x10 };
 
+/*
+ * OMAC-ACPKM test vector from R 1323565.1.017-2018 A.3.1
+ */
+static const char P_omac_acpkm01[] = {
+   0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x00,0xFF,0xEE,0xDD,0xCC,
+};
+
+static const char MAC_omac_acpkm01[] = {
+   0xA0,0x54,0x0E,0x37,0x30,0xAC,0xBC,0xF3,
+};
+
+/*
+ * OMAC-ACPKM test vector from R 1323565.1.017-2018 A.3.2
+ */
+static const char P_omac_acpkm02[] = {
+    0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x00,0xFF,0xEE,0xDD,0xCC,0xBB,0xAA,0x99,0x88,
+    0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xEE,0xFF,0x0A,
+    0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,
+};
+
+static const char MAC_omac_acpkm02[] = {
+    0x34,0x00,0x8D,0xAD,0x54,0x96,0xBB,0x8E,
+};
+
 /*
  * OMAC-ACPKM test vector from R 1323565.1.017-2018 A.4.1
  */
@@ -277,6 +301,30 @@ static const struct hash_testvec testvecs[] = {
        .outsize = 64 / 8,
        .truncate = sizeof(MAC_magma_omac),
     },
+    {
+       .algname = SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac,
+       .name = "M from R 1323565.1.017-2018 (A.3.1)",
+       .plaintext = P_omac_acpkm01,
+       .psize = sizeof(P_omac_acpkm01),
+       .key = K,
+       .key_size = sizeof(K),
+       .acpkm = 128 / 8,
+       .acpkm_t = 640 / 8,
+       .digest = MAC_omac_acpkm01,
+       .outsize = sizeof(MAC_omac_acpkm01),
+    },
+    {
+       .algname = SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac,
+       .name = "M from R 1323565.1.017-2018 (A.3.2)",
+       .plaintext = P_omac_acpkm02,
+       .psize = sizeof(P_omac_acpkm02),
+       .key = K,
+       .key_size = sizeof(K),
+       .acpkm = 128 / 8,
+       .acpkm_t = 640 / 8,
+       .digest = MAC_omac_acpkm02,
+       .outsize = sizeof(MAC_omac_acpkm02),
+    },
     {
        .algname = SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac,
        .name = "M from R 1323565.1.017-2018 (A.4.1)",