From: Richard Levitte <richard@levitte.org>
Date: Wed, 4 Sep 2019 14:22:26 +0000 (+0200)
Subject: For Grasshopper OMAC_ACPKM, OMAC and MAGMA, support XOF
X-Git-Tag: v3.0.0~273^2
X-Git-Url: http://www.wagner.pp.ru/gitweb/?a=commitdiff_plain;h=899f08567f4ee15fc7c54ec01cd2adafe2ac7b60;p=openssl-gost%2Fengine.git

For Grasshopper OMAC_ACPKM, OMAC and MAGMA, support XOF

XOF (eXtendable-Output Function) is supported in OpenSSL since version
1.1.1.  Unfortunately, that support is limited, as it requires calling
EVP_DigestFinalXOF().  However, the grasshopper code wasn't compatible.

This changeset adds XOF support in grasshopper

This changeset removes the _meth_ calls from test_grasshopper.c (they
should never have been there, but considering support for XOF came so
late in OpenSSL, their presence is understandable) and uses supported
functionality for this sort of thing instead.
---

diff --git a/gost_omac.c b/gost_omac.c
index 91e9a48..075c26f 100644
--- a/gost_omac.c
+++ b/gost_omac.c
@@ -203,6 +203,7 @@ int omac_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr)
             return 0;
         }
     case EVP_MD_CTRL_MAC_LEN:
+    case EVP_MD_CTRL_XOF_LEN:   /* Supported in OpenSSL */
         {
             OMAC_CTX *c = EVP_MD_CTX_md_data(ctx);
             switch (c->cipher_nid) {
@@ -257,7 +258,7 @@ EVP_MD *magma_omac(void)
             || !EVP_MD_meth_set_result_size(md, 8)
             || !EVP_MD_meth_set_input_blocksize(md, 8)
             || !EVP_MD_meth_set_app_datasize(md, sizeof(OMAC_CTX))
-            || !EVP_MD_meth_set_flags(md, 0)
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_XOF)
             || !EVP_MD_meth_set_init(md, magma_imit_init)
             || !EVP_MD_meth_set_update(md, omac_imit_update)
             || !EVP_MD_meth_set_final(md, omac_imit_final)
@@ -289,7 +290,7 @@ EVP_MD *grasshopper_omac(void)
             || !EVP_MD_meth_set_result_size(md, 16)
             || !EVP_MD_meth_set_input_blocksize(md, 8)
             || !EVP_MD_meth_set_app_datasize(md, sizeof(OMAC_CTX))
-            || !EVP_MD_meth_set_flags(md, 0)
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_XOF)
             || !EVP_MD_meth_set_init(md, grasshopper_imit_init)
             || !EVP_MD_meth_set_update(md, omac_imit_update)
             || !EVP_MD_meth_set_final(md, omac_imit_final)
diff --git a/gost_omac_acpkm.c b/gost_omac_acpkm.c
index 0b74687..7447a67 100644
--- a/gost_omac_acpkm.c
+++ b/gost_omac_acpkm.c
@@ -466,6 +466,7 @@ int omac_acpkm_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr)
             return 1;
         }
     case EVP_MD_CTRL_MAC_LEN:
+    case EVP_MD_CTRL_XOF_LEN:   /* Supported in OpenSSL */
         {
             OMAC_ACPKM_CTX *c = EVP_MD_CTX_md_data(ctx);
             switch (c->cipher_nid) {
@@ -507,7 +508,7 @@ EVP_MD *grasshopper_omac_acpkm(void)
             || !EVP_MD_meth_set_result_size(md, MAX_GOST_OMAC_ACPKM_SIZE)
             || !EVP_MD_meth_set_input_blocksize(md, GRASSHOPPER_BLOCK_SIZE)
             || !EVP_MD_meth_set_app_datasize(md, sizeof(OMAC_ACPKM_CTX))
-            || !EVP_MD_meth_set_flags(md, 0)
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_XOF)
             || !EVP_MD_meth_set_init(md, grasshopper_omac_acpkm_init)
             || !EVP_MD_meth_set_update(md, omac_acpkm_imit_update)
             || !EVP_MD_meth_set_final(md, omac_acpkm_imit_final)
diff --git a/test_grasshopper.c b/test_grasshopper.c
index 5329129..3fb8e35 100644
--- a/test_grasshopper.c
+++ b/test_grasshopper.c
@@ -334,31 +334,30 @@ static int test_mac(const char *name, const char *from,
 {
     EVP_MD_CTX *ctx = EVP_MD_CTX_new();
     unsigned char md_value[EVP_MAX_MD_SIZE];
-    unsigned int md_len;
     int test;
+    unsigned int md_len;
 
     OPENSSL_assert(ctx);
     printf("%s test from %s\n", name, from);
     EVP_MD_CTX_init(ctx);
     T(EVP_DigestInit_ex(ctx, type, NULL));
-    if (EVP_MD_CTX_size(ctx) != mac_size) {
-	/* strip const out of EVP_MD_CTX_md() to
-	 * overwrite output size, as test vector is 8 bytes */
-	printf("Resize result size from %d to %zu\n", EVP_MD_CTX_size(ctx), mac_size);
-	T(EVP_MD_meth_set_result_size((EVP_MD *)EVP_MD_CTX_md(ctx), mac_size));
-    }
-    T(EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(ctx))(ctx, EVP_MD_CTRL_SET_KEY, sizeof(K), (void *)K));
+    T(EVP_MD_CTX_ctrl(ctx, EVP_MD_CTRL_SET_KEY, sizeof(K), (void *)K));
     if (acpkm)
-	T(EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(ctx))(ctx,
-                EVP_CTRL_KEY_MESH, acpkm, acpkm_t ? &acpkm_t : NULL));
+	T(EVP_MD_CTX_ctrl(ctx, EVP_CTRL_KEY_MESH, acpkm, acpkm_t ? &acpkm_t : NULL));
     T(EVP_DigestUpdate(ctx, pt, pt_size));
-    T(EVP_DigestFinal_ex(ctx, md_value, &md_len));
+    if (EVP_MD_flags(EVP_MD_CTX_md(ctx)) & EVP_MD_FLAG_XOF) {
+	T(EVP_DigestFinalXOF(ctx, md_value, mac_size));
+	md_len = (unsigned int)mac_size;
+    } else {
+	T(EVP_MD_CTX_size(ctx) == mac_size);
+	T(EVP_DigestFinal_ex(ctx, md_value, &md_len));
+    }
     EVP_MD_CTX_free(ctx);
     printf("  MAC[%u] = ", md_len);
-    hexdump(md_value, md_len);
+    hexdump(md_value, mac_size);
 
     TEST_ASSERT(md_len != mac_size ||
-	memcmp(mac, md_value, md_len));
+	memcmp(mac, md_value, mac_size));
 
     return test;
 }