diff options
| author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2017-05-18 04:09:51 +0300 |
|---|---|---|
| committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-10-21 14:25:15 +0300 |
| commit | 7ad363791ebf9c1f45ae6b99b49540d442850ba9 (patch) | |
| tree | 57929baa2a3d857f3b1d4ce71de24aabb013aad7 | |
| parent | 673422755dcc2327d6c8850de17e68ae05e08e29 (diff) | |
| download | gnutls-7ad363791ebf9c1f45ae6b99b49540d442850ba9.tar.gz | |
Support GOST cipher suite MAC calculation
GOST ciphersuites require that MAC is calculated over _all_ packets,
rather than just current packet. Add flag to auth_cipher_hd_st
controlling this behaviour.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| -rw-r--r-- | lib/cipher_int.c | 17 | ||||
| -rw-r--r-- | lib/cipher_int.h | 3 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 1 |
3 files changed, 18 insertions, 3 deletions
diff --git a/lib/cipher_int.c b/lib/cipher_int.c index 40bf64f8bc..b5308aa629 100644 --- a/lib/cipher_int.c +++ b/lib/cipher_int.c @@ -218,6 +218,9 @@ int _gnutls_auth_cipher_init(auth_cipher_hd_st * handle, gnutls_assert(); goto cleanup; } +#ifdef ENABLE_GOST + handle->continuous_mac = !!(me->flags & GNUTLS_MAC_FLAG_CONTINUOUS_MAC); +#endif handle->tag_size = _gnutls_mac_get_algo_len(me); } else if (_gnutls_cipher_algo_is_aead(e)) { @@ -422,15 +425,23 @@ int _gnutls_auth_cipher_tag(auth_cipher_hd_st * handle, void *tag, { if (handle->is_mac) { #ifdef ENABLE_SSL3 - int ret; - if (handle->ssl_hmac) { - ret = + int ret = _gnutls_mac_output_ssl3(&handle->mac.dig, tag); if (ret < 0) return gnutls_assert_val(ret); } else #endif +#ifdef ENABLE_GOST + /* draft-smyshlyaev-tls12-gost-suites section 4.1.2 */ + if (handle->continuous_mac) { + mac_hd_st temp_mac; + int ret = _gnutls_mac_copy(&handle->mac.mac, &temp_mac); + if (ret < 0) + return gnutls_assert_val(ret); + _gnutls_mac_deinit(&temp_mac, tag); + } else +#endif _gnutls_mac_output(&handle->mac.mac, tag); } else if (_gnutls_cipher_is_aead(&handle->cipher)) { _gnutls_cipher_tag(&handle->cipher, tag, tag_size); diff --git a/lib/cipher_int.h b/lib/cipher_int.h index 36c9385fbf..b50a59c64a 100644 --- a/lib/cipher_int.h +++ b/lib/cipher_int.h @@ -211,6 +211,9 @@ typedef struct { #ifdef ENABLE_SSL3 unsigned int ssl_hmac:1; #endif +#ifdef ENABLE_GOST + unsigned int continuous_mac:1; +#endif unsigned int non_null:1; unsigned int etm:1; size_t tag_size; diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index ea9d00852a..5f1a915a14 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -694,6 +694,7 @@ typedef struct gnutls_group_entry_st { } gnutls_group_entry_st; #define GNUTLS_MAC_FLAG_PREIMAGE_INSECURE 1 /* if this algorithm should not be trusted for pre-image attacks */ +#define GNUTLS_MAC_FLAG_CONTINUOUS_MAC (1 << 1) /* if this MAC should be used in a 'continuous' way in TLS */ /* This structure is used both for MACs and digests */ typedef struct mac_entry_st { |