Merge branch 'gost-prf' into 'master'

prf: add Streebog PRF support See merge request gnutls/gnutls!1088
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2019-10-17 13:09:15 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2019-10-17 13:09:15 +0000
commit: 9fc06b5d5003a42b753c0cbd62be715bfc2e702d (patch)
tree: bfb26f0e5f3a96db2f85c992ec3ef62a40739448
parent: 07f60f3329fa38df0cc1f05e15807d16fda60079 (diff)
parent: 3dc548c79f846b6d998ed47809a7419fe95565c9 (diff)
download: gnutls-9fc06b5d5003a42b753c0cbd62be715bfc2e702d.tar.gz
2 files changed, 69 insertions, 26 deletions
diff --git a/lib/nettle/prf.c b/lib/nettle/prf.c
index 713245b0c4..631ba3b8c0 100644
--- a/lib/nettle/prf.c
+++ b/lib/nettle/prf.c
@@ -23,6 +23,9 @@
 #include <gnutls_int.h>
 #include "int/tls1-prf.h"
 #include <nettle/hmac.h>
+#if ENABLE_GOST
+#include "gost/hmac-gost.h"
+#endif
 
 /*-
  * _gnutls_prf_raw:
@@ -88,6 +91,42 @@ _gnutls_prf_raw(gnutls_mac_algorithm_t mac,
 			return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 		break;
 	}
+#if ENABLE_GOST
+	case GNUTLS_MAC_STREEBOG_256:{
+		struct hmac_streebog256_ctx ctx;
+		hmac_streebog256_set_key(&ctx, master_size, master);
+
+		ret = tls12_prf(&ctx,
+			  (nettle_hash_update_func *)
+			  hmac_streebog256_update,
+			  (nettle_hash_digest_func *)
+			  hmac_streebog256_digest, STREEBOG256_DIGEST_SIZE,
+			  label_size, label, seed_size,
+			  seed, outsize,
+			  (uint8_t*)out);
+
+		if (unlikely(ret != 1))
+			return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+		break;
+	}
+	case GNUTLS_MAC_STREEBOG_512:{
+		struct hmac_streebog512_ctx ctx;
+		hmac_streebog512_set_key(&ctx, master_size, master);
+
+		ret = tls12_prf(&ctx,
+			  (nettle_hash_update_func *)
+			  hmac_streebog512_update,
+			  (nettle_hash_digest_func *)
+			  hmac_streebog512_digest, STREEBOG512_DIGEST_SIZE,
+			  label_size, label, seed_size,
+			  seed, outsize,
+			  (uint8_t*)out);
+
+		if (unlikely(ret != 1))
+			return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+		break;
+	}
+#endif
 	default:
 		gnutls_assert();
 		_gnutls_debug_log("unhandled PRF %s\n",
diff --git a/tests/tls12-prf.c b/tests/tls12-prf.c
index 17f34eb9cf..c3412e277b 100644
--- a/tests/tls12-prf.c
+++ b/tests/tls12-prf.c
@@ -38,7 +38,7 @@ _gnutls_prf_raw(gnutls_mac_algorithm_t mac,
 		size_t seed_size, const uint8_t *seed, size_t outsize,
 		char *out);
 
-#define MATCH_FUNC_SHA256(fname, dsecret, dseed, dlabel, doutput) \
+#define MATCH_FUNC(fname, mac, dsecret, dseed, dlabel, doutput) \
 static void fname(void **glob_state) \
 { \
 	char tmp[512]; \
@@ -47,7 +47,7 @@ static void fname(void **glob_state) \
 	gnutls_datum_t label = dlabel; \
 	gnutls_datum_t output = doutput; \
 	int _rval; \
-	_rval = _gnutls_prf_raw(GNUTLS_MAC_SHA256, secret.size, secret.data, \
+	_rval = _gnutls_prf_raw(mac, secret.size, secret.data, \
 		label.size, (char*)label.data, seed.size, seed.data, output.size, tmp); \
 	assert_int_equal(_rval, 0); \
 	assert_int_equal(memcmp(tmp, output.data, output.size), 0); \
@@ -57,44 +57,44 @@ static void fname(void **glob_state) \
 	gnutls_free(output.data); \
 }
 
-#define MATCH_FUNC_SHA384(fname, dsecret, dseed, dlabel, doutput) \
-static void fname(void **glob_state) \
-{ \
-	char tmp[512]; \
-	gnutls_datum_t secret = dsecret; \
-	gnutls_datum_t seed = dseed; \
-	gnutls_datum_t label = dlabel; \
-	gnutls_datum_t output = doutput; \
-	int _rval; \
-	_rval = _gnutls_prf_raw(GNUTLS_MAC_SHA384, secret.size, secret.data, \
-		label.size, (char*)label.data, seed.size, seed.data, output.size, tmp); \
-	assert_int_equal(_rval, 0); \
-	assert_int_equal(memcmp(tmp, output.data, output.size), 0); \
-	gnutls_free(secret.data); \
-	gnutls_free(label.data); \
-	gnutls_free(seed.data); \
-	gnutls_free(output.data); \
-}
-
-MATCH_FUNC_SHA256(sha256_test1, SHEX("0450b0ea9ecd3602ee0d76c5c3c86f4a"),
+MATCH_FUNC(sha256_test1, GNUTLS_MAC_SHA256,
+	SHEX("0450b0ea9ecd3602ee0d76c5c3c86f4a"),
 	SHEX("207acc0254b867f5b925b45a33601d8b"),
 	SDATA("test label"), SHEX("ae679e0e714f5975763768b166979e1d"));
 
-MATCH_FUNC_SHA256(sha256_test2, SHEX("34204a9df0be6eb4e925a8027cf6c602"),
+MATCH_FUNC(sha256_test2, GNUTLS_MAC_SHA256,
+	SHEX("34204a9df0be6eb4e925a8027cf6c602"),
 	SHEX("98b2c40bcd664c83bb920c18201a6395"),
 	SDATA("test label"), SHEX("afa9312453c22fa83d2b511b372d73a402a2a62873239a51fade45082faf3fd2bb7ffb3e9bf36e28b3141aaba484005332a9f9e388a4d329f1587a4b317da07708ea1ba95a53f8786724bd83ce4b03af"));
 
-MATCH_FUNC_SHA256(sha256_test3, SHEX("a3691aa1f6814b80592bf1cf2acf1697"),
+MATCH_FUNC(sha256_test3, GNUTLS_MAC_SHA256,
+	SHEX("a3691aa1f6814b80592bf1cf2acf1697"),
 	SHEX("5523d41e320e694d0c1ff5734d830b933e46927071c92621"),
 	SDATA("test label"), SHEX("6ad0984fa06f78fe161bd46d7c261de43340d728dddc3d0ff0dd7e0d"));
 
-MATCH_FUNC_SHA256(sha256_test4, SHEX("210ec937069707e5465bc46bf779e104108b18fdb793be7b218dbf145c8641f3"), SHEX("1e351a0baf35c79945924394b881cfe31dae8f1c1ed54d3b"),
+MATCH_FUNC(sha256_test4, GNUTLS_MAC_SHA256,
+	SHEX("210ec937069707e5465bc46bf779e104108b18fdb793be7b218dbf145c8641f3"),
+	SHEX("1e351a0baf35c79945924394b881cfe31dae8f1c1ed54d3b"),
 	SDATA("test label"), SHEX("7653fa809cde3b553c4a17e2cdbcc918f36527f22219a7d7f95d97243ff2d5dee8265ef0af03"));
 
 /* https://www.ietf.org/mail-archive/web/tls/current/msg03416.html */
-MATCH_FUNC_SHA384(sha384_test1, SHEX("b80b733d6ceefcdc71566ea48e5567df"), SHEX("cd665cf6a8447dd6ff8b27555edb7465"),
+MATCH_FUNC(sha384_test1, GNUTLS_MAC_SHA384,
+	SHEX("b80b733d6ceefcdc71566ea48e5567df"),
+	SHEX("cd665cf6a8447dd6ff8b27555edb7465"),
 	SDATA("test label"), SHEX("7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f"));
 
+#if ENABLE_GOST
+/*https://tools.ietf.org/html/rfc7836 */
+MATCH_FUNC(streebog256_test1, GNUTLS_MAC_STREEBOG_256,
+	SHEX("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"),
+	SHEX("18471d622dc655c4d2d2269691ca4a560b50aba663553af241f1ada882c9f29a"),
+	SHEX("1122334455"), SHEX("ff09664a44745865944f839ebb48965f1544ff1cc8e8f16f247ee5f8a9ebe97fc4e3c7900e46cad3db6a01643063040ec67fc0fd5cd9f90465235237bdff2c02"));
+
+MATCH_FUNC(streebog512_test1, GNUTLS_MAC_STREEBOG_512,
+	SHEX("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"),
+	SHEX("18471d622dc655c4d2d2269691ca4a560b50aba663553af241f1ada882c9f29a"),
+	SHEX("1122334455"), SHEX("f35187a3dc9655113a0e84d06fd7526c5fc1fbdec1a0e4673dd6d79d0b920e65ad1bc47bb083b3851cb7cd8e7e6a911a626cf02b29e9e4a58ed766a449a7296de61a7a26c4d1caeecfd80cca65c71f0f88c1f822c0e8c0ad949d03fee139579f72ba0c3d32c5f954f1cccd54081fc7440278cba1fe7b7a17a986fdff5bd15d1f"));
+#endif
 
 int main(void)
 {
@@ -104,6 +104,10 @@ int main(void)
 		cmocka_unit_test(sha256_test3),
 		cmocka_unit_test(sha256_test4),
 		cmocka_unit_test(sha384_test1),
+#if ENABLE_GOST
+		cmocka_unit_test(streebog256_test1),
+		cmocka_unit_test(streebog512_test1),
+#endif
 	};
 	return cmocka_run_group_tests(tests, NULL, NULL);
 }
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-10-17 13:09:15 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-10-17 13:09:15 +0000
commit	9fc06b5d5003a42b753c0cbd62be715bfc2e702d (patch)
tree	bfb26f0e5f3a96db2f85c992ec3ef62a40739448
parent	07f60f3329fa38df0cc1f05e15807d16fda60079 (diff)
parent	3dc548c79f846b6d998ed47809a7419fe95565c9 (diff)
download	gnutls-9fc06b5d5003a42b753c0cbd62be715bfc2e702d.tar.gz