diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-10-17 13:09:15 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-10-17 13:09:15 +0000 |
commit | 9fc06b5d5003a42b753c0cbd62be715bfc2e702d (patch) | |
tree | bfb26f0e5f3a96db2f85c992ec3ef62a40739448 | |
parent | 07f60f3329fa38df0cc1f05e15807d16fda60079 (diff) | |
parent | 3dc548c79f846b6d998ed47809a7419fe95565c9 (diff) | |
download | gnutls-9fc06b5d5003a42b753c0cbd62be715bfc2e702d.tar.gz |
Merge branch 'gost-prf' into 'master'
prf: add Streebog PRF support
See merge request gnutls/gnutls!1088
-rw-r--r-- | lib/nettle/prf.c | 39 | ||||
-rw-r--r-- | tests/tls12-prf.c | 56 |
2 files changed, 69 insertions, 26 deletions
diff --git a/lib/nettle/prf.c b/lib/nettle/prf.c index 713245b0c4..631ba3b8c0 100644 --- a/lib/nettle/prf.c +++ b/lib/nettle/prf.c @@ -23,6 +23,9 @@ #include <gnutls_int.h> #include "int/tls1-prf.h" #include <nettle/hmac.h> +#if ENABLE_GOST +#include "gost/hmac-gost.h" +#endif /*- * _gnutls_prf_raw: @@ -88,6 +91,42 @@ _gnutls_prf_raw(gnutls_mac_algorithm_t mac, return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); break; } +#if ENABLE_GOST + case GNUTLS_MAC_STREEBOG_256:{ + struct hmac_streebog256_ctx ctx; + hmac_streebog256_set_key(&ctx, master_size, master); + + ret = tls12_prf(&ctx, + (nettle_hash_update_func *) + hmac_streebog256_update, + (nettle_hash_digest_func *) + hmac_streebog256_digest, STREEBOG256_DIGEST_SIZE, + label_size, label, seed_size, + seed, outsize, + (uint8_t*)out); + + if (unlikely(ret != 1)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + break; + } + case GNUTLS_MAC_STREEBOG_512:{ + struct hmac_streebog512_ctx ctx; + hmac_streebog512_set_key(&ctx, master_size, master); + + ret = tls12_prf(&ctx, + (nettle_hash_update_func *) + hmac_streebog512_update, + (nettle_hash_digest_func *) + hmac_streebog512_digest, STREEBOG512_DIGEST_SIZE, + label_size, label, seed_size, + seed, outsize, + (uint8_t*)out); + + if (unlikely(ret != 1)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + break; + } +#endif default: gnutls_assert(); _gnutls_debug_log("unhandled PRF %s\n", diff --git a/tests/tls12-prf.c b/tests/tls12-prf.c index 17f34eb9cf..c3412e277b 100644 --- a/tests/tls12-prf.c +++ b/tests/tls12-prf.c @@ -38,7 +38,7 @@ _gnutls_prf_raw(gnutls_mac_algorithm_t mac, size_t seed_size, const uint8_t *seed, size_t outsize, char *out); -#define MATCH_FUNC_SHA256(fname, dsecret, dseed, dlabel, doutput) \ +#define MATCH_FUNC(fname, mac, dsecret, dseed, dlabel, doutput) \ static void fname(void **glob_state) \ { \ char tmp[512]; \ @@ -47,7 +47,7 @@ static void fname(void **glob_state) \ gnutls_datum_t label = dlabel; \ gnutls_datum_t output = doutput; \ int _rval; \ - _rval = _gnutls_prf_raw(GNUTLS_MAC_SHA256, secret.size, secret.data, \ + _rval = _gnutls_prf_raw(mac, secret.size, secret.data, \ label.size, (char*)label.data, seed.size, seed.data, output.size, tmp); \ assert_int_equal(_rval, 0); \ assert_int_equal(memcmp(tmp, output.data, output.size), 0); \ @@ -57,44 +57,44 @@ static void fname(void **glob_state) \ gnutls_free(output.data); \ } -#define MATCH_FUNC_SHA384(fname, dsecret, dseed, dlabel, doutput) \ -static void fname(void **glob_state) \ -{ \ - char tmp[512]; \ - gnutls_datum_t secret = dsecret; \ - gnutls_datum_t seed = dseed; \ - gnutls_datum_t label = dlabel; \ - gnutls_datum_t output = doutput; \ - int _rval; \ - _rval = _gnutls_prf_raw(GNUTLS_MAC_SHA384, secret.size, secret.data, \ - label.size, (char*)label.data, seed.size, seed.data, output.size, tmp); \ - assert_int_equal(_rval, 0); \ - assert_int_equal(memcmp(tmp, output.data, output.size), 0); \ - gnutls_free(secret.data); \ - gnutls_free(label.data); \ - gnutls_free(seed.data); \ - gnutls_free(output.data); \ -} - -MATCH_FUNC_SHA256(sha256_test1, SHEX("0450b0ea9ecd3602ee0d76c5c3c86f4a"), +MATCH_FUNC(sha256_test1, GNUTLS_MAC_SHA256, + SHEX("0450b0ea9ecd3602ee0d76c5c3c86f4a"), SHEX("207acc0254b867f5b925b45a33601d8b"), SDATA("test label"), SHEX("ae679e0e714f5975763768b166979e1d")); -MATCH_FUNC_SHA256(sha256_test2, SHEX("34204a9df0be6eb4e925a8027cf6c602"), +MATCH_FUNC(sha256_test2, GNUTLS_MAC_SHA256, + SHEX("34204a9df0be6eb4e925a8027cf6c602"), SHEX("98b2c40bcd664c83bb920c18201a6395"), SDATA("test label"), SHEX("afa9312453c22fa83d2b511b372d73a402a2a62873239a51fade45082faf3fd2bb7ffb3e9bf36e28b3141aaba484005332a9f9e388a4d329f1587a4b317da07708ea1ba95a53f8786724bd83ce4b03af")); -MATCH_FUNC_SHA256(sha256_test3, SHEX("a3691aa1f6814b80592bf1cf2acf1697"), +MATCH_FUNC(sha256_test3, GNUTLS_MAC_SHA256, + SHEX("a3691aa1f6814b80592bf1cf2acf1697"), SHEX("5523d41e320e694d0c1ff5734d830b933e46927071c92621"), SDATA("test label"), SHEX("6ad0984fa06f78fe161bd46d7c261de43340d728dddc3d0ff0dd7e0d")); -MATCH_FUNC_SHA256(sha256_test4, SHEX("210ec937069707e5465bc46bf779e104108b18fdb793be7b218dbf145c8641f3"), SHEX("1e351a0baf35c79945924394b881cfe31dae8f1c1ed54d3b"), +MATCH_FUNC(sha256_test4, GNUTLS_MAC_SHA256, + SHEX("210ec937069707e5465bc46bf779e104108b18fdb793be7b218dbf145c8641f3"), + SHEX("1e351a0baf35c79945924394b881cfe31dae8f1c1ed54d3b"), SDATA("test label"), SHEX("7653fa809cde3b553c4a17e2cdbcc918f36527f22219a7d7f95d97243ff2d5dee8265ef0af03")); /* https://www.ietf.org/mail-archive/web/tls/current/msg03416.html */ -MATCH_FUNC_SHA384(sha384_test1, SHEX("b80b733d6ceefcdc71566ea48e5567df"), SHEX("cd665cf6a8447dd6ff8b27555edb7465"), +MATCH_FUNC(sha384_test1, GNUTLS_MAC_SHA384, + SHEX("b80b733d6ceefcdc71566ea48e5567df"), + SHEX("cd665cf6a8447dd6ff8b27555edb7465"), SDATA("test label"), SHEX("7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f")); +#if ENABLE_GOST +/*https://tools.ietf.org/html/rfc7836 */ +MATCH_FUNC(streebog256_test1, GNUTLS_MAC_STREEBOG_256, + SHEX("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"), + SHEX("18471d622dc655c4d2d2269691ca4a560b50aba663553af241f1ada882c9f29a"), + SHEX("1122334455"), SHEX("ff09664a44745865944f839ebb48965f1544ff1cc8e8f16f247ee5f8a9ebe97fc4e3c7900e46cad3db6a01643063040ec67fc0fd5cd9f90465235237bdff2c02")); + +MATCH_FUNC(streebog512_test1, GNUTLS_MAC_STREEBOG_512, + SHEX("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"), + SHEX("18471d622dc655c4d2d2269691ca4a560b50aba663553af241f1ada882c9f29a"), + SHEX("1122334455"), SHEX("f35187a3dc9655113a0e84d06fd7526c5fc1fbdec1a0e4673dd6d79d0b920e65ad1bc47bb083b3851cb7cd8e7e6a911a626cf02b29e9e4a58ed766a449a7296de61a7a26c4d1caeecfd80cca65c71f0f88c1f822c0e8c0ad949d03fee139579f72ba0c3d32c5f954f1cccd54081fc7440278cba1fe7b7a17a986fdff5bd15d1f")); +#endif int main(void) { @@ -104,6 +104,10 @@ int main(void) cmocka_unit_test(sha256_test3), cmocka_unit_test(sha256_test4), cmocka_unit_test(sha384_test1), +#if ENABLE_GOST + cmocka_unit_test(streebog256_test1), + cmocka_unit_test(streebog512_test1), +#endif }; return cmocka_run_group_tests(tests, NULL, NULL); } |