For Grasshopper OMAC_ACPKM, OMAC and MAGMA, support XOF

XOF (eXtendable-Output Function) is supported in OpenSSL since version
1.1.1.  Unfortunately, that support is limited, as it requires calling
EVP_DigestFinalXOF().  However, the grasshopper code wasn't compatible.

This changeset adds XOF support in grasshopper

This changeset removes the _meth_ calls from test_grasshopper.c (they
should never have been there, but considering support for XOF came so
late in OpenSSL, their presence is understandable) and uses supported
functionality for this sort of thing instead.

diff --git a/gost_omac.c b/gost_omac.c
index 91e9a48b5794ac0c1eb075de3dea21f8aaaf2b09..075c26fd9b286e1896daa780a795ef5c30a34005 100644 (file)
--- a/gost_omac.c
+++ b/gost_omac.c
@@ -203,6 +203,7 @@ int omac_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr)
             return 0;
         }
     case EVP_MD_CTRL_MAC_LEN:
+    case EVP_MD_CTRL_XOF_LEN:   /* Supported in OpenSSL */
         {
             OMAC_CTX *c = EVP_MD_CTX_md_data(ctx);
             switch (c->cipher_nid) {
@@ -257,7 +258,7 @@ EVP_MD *magma_omac(void)
             || !EVP_MD_meth_set_result_size(md, 8)
             || !EVP_MD_meth_set_input_blocksize(md, 8)
             || !EVP_MD_meth_set_app_datasize(md, sizeof(OMAC_CTX))
-            || !EVP_MD_meth_set_flags(md, 0)
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_XOF)
             || !EVP_MD_meth_set_init(md, magma_imit_init)
             || !EVP_MD_meth_set_update(md, omac_imit_update)
             || !EVP_MD_meth_set_final(md, omac_imit_final)
@@ -289,7 +290,7 @@ EVP_MD *grasshopper_omac(void)
             || !EVP_MD_meth_set_result_size(md, 16)
             || !EVP_MD_meth_set_input_blocksize(md, 8)
             || !EVP_MD_meth_set_app_datasize(md, sizeof(OMAC_CTX))
-            || !EVP_MD_meth_set_flags(md, 0)
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_XOF)
             || !EVP_MD_meth_set_init(md, grasshopper_imit_init)
             || !EVP_MD_meth_set_update(md, omac_imit_update)
             || !EVP_MD_meth_set_final(md, omac_imit_final)

diff --git a/gost_omac_acpkm.c b/gost_omac_acpkm.c
index 0b74687b6798970c81573370019b6e6d5c78d3b0..7447a67b10d97c3a8956624dba02cf386c0b27cb 100644 (file)
--- a/gost_omac_acpkm.c
+++ b/gost_omac_acpkm.c
@@ -466,6 +466,7 @@ int omac_acpkm_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr)
             return 1;
         }
     case EVP_MD_CTRL_MAC_LEN:
+    case EVP_MD_CTRL_XOF_LEN:   /* Supported in OpenSSL */
         {
             OMAC_ACPKM_CTX *c = EVP_MD_CTX_md_data(ctx);
             switch (c->cipher_nid) {
@@ -507,7 +508,7 @@ EVP_MD *grasshopper_omac_acpkm(void)
             || !EVP_MD_meth_set_result_size(md, MAX_GOST_OMAC_ACPKM_SIZE)
             || !EVP_MD_meth_set_input_blocksize(md, GRASSHOPPER_BLOCK_SIZE)
             || !EVP_MD_meth_set_app_datasize(md, sizeof(OMAC_ACPKM_CTX))
-            || !EVP_MD_meth_set_flags(md, 0)
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_XOF)
             || !EVP_MD_meth_set_init(md, grasshopper_omac_acpkm_init)
             || !EVP_MD_meth_set_update(md, omac_acpkm_imit_update)
             || !EVP_MD_meth_set_final(md, omac_acpkm_imit_final)

diff --git a/test_grasshopper.c b/test_grasshopper.c
index 53291292e2206214ccdceedaa11d75cc4cc8ecec..3fb8e356d40b3028572c225640ce15a0464a4747 100644 (file)
--- a/test_grasshopper.c
+++ b/test_grasshopper.c
@@ -334,31 +334,30 @@ static int test_mac(const char *name, const char *from,
 {
     EVP_MD_CTX *ctx = EVP_MD_CTX_new();
     unsigned char md_value[EVP_MAX_MD_SIZE];
-    unsigned int md_len;
     int test;
+    unsigned int md_len;
 
     OPENSSL_assert(ctx);
     printf("%s test from %s\n", name, from);
     EVP_MD_CTX_init(ctx);
     T(EVP_DigestInit_ex(ctx, type, NULL));
-    if (EVP_MD_CTX_size(ctx) != mac_size) {
-       /* strip const out of EVP_MD_CTX_md() to
-        * overwrite output size, as test vector is 8 bytes */
-       printf("Resize result size from %d to %zu\n", EVP_MD_CTX_size(ctx), mac_size);
-       T(EVP_MD_meth_set_result_size((EVP_MD *)EVP_MD_CTX_md(ctx), mac_size));
-    }
-    T(EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(ctx))(ctx, EVP_MD_CTRL_SET_KEY, sizeof(K), (void *)K));
+    T(EVP_MD_CTX_ctrl(ctx, EVP_MD_CTRL_SET_KEY, sizeof(K), (void *)K));
     if (acpkm)
-       T(EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(ctx))(ctx,
-                EVP_CTRL_KEY_MESH, acpkm, acpkm_t ? &acpkm_t : NULL));
+       T(EVP_MD_CTX_ctrl(ctx, EVP_CTRL_KEY_MESH, acpkm, acpkm_t ? &acpkm_t : NULL));
     T(EVP_DigestUpdate(ctx, pt, pt_size));
-    T(EVP_DigestFinal_ex(ctx, md_value, &md_len));
+    if (EVP_MD_flags(EVP_MD_CTX_md(ctx)) & EVP_MD_FLAG_XOF) {
+       T(EVP_DigestFinalXOF(ctx, md_value, mac_size));
+       md_len = (unsigned int)mac_size;
+    } else {
+       T(EVP_MD_CTX_size(ctx) == mac_size);
+       T(EVP_DigestFinal_ex(ctx, md_value, &md_len));
+    }
     EVP_MD_CTX_free(ctx);
     printf("  MAC[%u] = ", md_len);
-    hexdump(md_value, md_len);
+    hexdump(md_value, mac_size);
 
     TEST_ASSERT(md_len != mac_size ||
-       memcmp(mac, md_value, md_len));
+       memcmp(mac, md_value, mac_size));
 
     return test;
 }