diff options
author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2018-09-21 22:10:03 +0300 |
---|---|---|
committer | Dmitry Baryshkov <dbaryshkov@gmail.com> | 2020-06-07 00:58:59 +0300 |
commit | 1da75337cc400c779e3fb09e4911d48008c5c205 (patch) | |
tree | 3102528ec4a2625aaac7dd7bbe33e222e9124499 | |
parent | 13cf683708c3a8c32914d486f800b8a55b3d5a7c (diff) | |
download | gnutls-1da75337cc400c779e3fb09e4911d48008c5c205.tar.gz |
nettle/gost: add CMAC-64/Magma/Kuznyechik code
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-rw-r--r-- | configure.ac | 19 | ||||
-rwxr-xr-x | devel/import-from-nettle.sh | 15 | ||||
-rw-r--r-- | lib/nettle/Makefile.am | 8 | ||||
-rw-r--r-- | lib/nettle/gost/cmac-kuznyechik.c | 58 | ||||
-rw-r--r-- | lib/nettle/gost/cmac-magma.c | 59 | ||||
-rw-r--r-- | lib/nettle/gost/cmac.h | 103 | ||||
-rw-r--r-- | lib/nettle/mac.c | 14 |
7 files changed, 269 insertions, 7 deletions
diff --git a/configure.ac b/configure.ac index 8f4cc69ad2..45f44c282a 100644 --- a/configure.ac +++ b/configure.ac @@ -656,6 +656,13 @@ AC_CHECK_FUNCS(nettle_cmac128_update) LIBS=$save_LIBS AM_CONDITIONAL(NEED_CMAC, [test "$ac_cv_func_nettle_cmac128_update" != "yes"]) +# Check for CMAC-64 support +save_LIBS=$LIBS +LIBS="$LIBS $NETTLE_LIBS" +AC_CHECK_FUNCS(nettle_cmac64_update) +LIBS=$save_LIBS +AM_CONDITIONAL(NEED_CMAC64, [test "$ac_cv_func_nettle_cmac64_update" != "yes"]) + # Check if nettle has XTS support save_LIBS=$LIBS LIBS="$LIBS $NETTLE_LIBS" @@ -719,6 +726,18 @@ LIBS="$LIBS $NETTLE_LIBS" AC_CHECK_FUNCS(nettle_kuznyechik_set_key) LIBS=$save_LIBS +# Check for CMAC MAGMA support +save_LIBS=$LIBS +LIBS="$LIBS $NETTLE_LIBS" +AC_CHECK_FUNCS(nettle_cmac_magma_update) +LIBS=$save_LIBS + +# Check for CMAC KUZNYECHIK support +save_LIBS=$LIBS +LIBS="$LIBS $NETTLE_LIBS" +AC_CHECK_FUNCS(nettle_cmac_kuznyechik_update) +LIBS=$save_LIBS + # Check sonames of the linked libraries needed for FIPS selftests. save_LIBS=$LIBS LIBS="$LIBS $GMP_LIBS" diff --git a/devel/import-from-nettle.sh b/devel/import-from-nettle.sh index 3867f9e2a7..9e370ad2dd 100755 --- a/devel/import-from-nettle.sh +++ b/devel/import-from-nettle.sh @@ -15,6 +15,8 @@ cfb.c cfb.h cmac.c cmac.h +cmac64.c +cmac64.h cmac-aes128.c cmac-aes256.c chacha-core-internal.c @@ -57,6 +59,9 @@ test -d $DST || mkdir $DST for f in $IMPORTS; do src=$SRC/$f dst=$DST/$f + if test "$f" = "cmac64.h"; then + src=$SRC/cmac.h + fi if test -f $src; then if test -f $dst; then echo "Replacing $dst (existing file backed up in $dst~)" @@ -100,7 +105,7 @@ for f in $IMPORTS; do ;; esac case $dst in - */cfb.c | */cmac.c | */xts.c | */siv-cmac.c) + */cfb.c | */cmac.c | */cmac64.c | */xts.c | */siv-cmac.c) sed \ -e 's/"nettle-internal\.h"/"nettle-alloca.h"/' \ $dst > $dst-t && mv $dst-t $dst @@ -116,6 +121,14 @@ for f in $IMPORTS; do ;; esac case $dst in + # Special file that can be included in parallel with nettle's cmac.h defininig 128-bit CMAC + */cmac64.h) + sed \ + -e 's/CMAC128/_FOO_CMAC128/g' \ + -e 's/cmac128/_foo_cmac128/g' \ + -e 's/cmac_aes/_foo_cmac_aes/g' \ + $dst > $dst-t && mv $dst-t $dst + ;; */siv-cmac*.[ch]) sed \ -e '/^#include "cmac\.h"/ { i\ diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am index 948fb98b91..ef0c736c09 100644 --- a/lib/nettle/Makefile.am +++ b/lib/nettle/Makefile.am @@ -91,7 +91,8 @@ libcrypto_la_SOURCES += gost_keywrap.c libcrypto_la_SOURCES += \ gost/magma.c gost/magma.h \ - gost/kuznyechik.c gost/kuznyechik.h gost/kuztable.h + gost/kuznyechik.c gost/kuznyechik.h gost/kuztable.h \ + gost/cmac.h gost/cmac-magma.c gost/cmac-kuznyechik.c endif if NEED_INT_ECC @@ -183,6 +184,11 @@ libcrypto_la_SOURCES += \ backport/cmac-aes128.c backport/cmac-aes256.c endif +if NEED_CMAC64 +libcrypto_la_SOURCES += \ + backport/cmac64.c backport/cmac.h backport/cmac64.h +endif + if NEED_XTS libcrypto_la_SOURCES += \ backport/xts.c backport/xts.h \ diff --git a/lib/nettle/gost/cmac-kuznyechik.c b/lib/nettle/gost/cmac-kuznyechik.c new file mode 100644 index 0000000000..1a1abe7e87 --- /dev/null +++ b/lib/nettle/gost/cmac-kuznyechik.c @@ -0,0 +1,58 @@ +/* cmac-kuznyechik.c - GOST R 34.12-2015 (Kuznyechik) cipher implementation + * + * Copyright: 2017 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be included + * in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +#if HAVE_CONFIG_H +#include "config.h" +#endif + +#ifndef HAVE_NETTLE_CMAC_KUZNYECHIK_UPDATE + +#ifdef HAVE_NETTLE_CMAC128_UPDATE +#include <nettle/cmac.h> +#else +#include "backport/cmac.h" +#endif + +#include "gost/cmac.h" + +void +cmac_kuznyechik_set_key(struct cmac_kuznyechik_ctx *ctx, const uint8_t *key) +{ + CMAC128_SET_KEY(ctx, kuznyechik_set_key, kuznyechik_encrypt, key); +} + +void +cmac_kuznyechik_update (struct cmac_kuznyechik_ctx *ctx, + size_t length, const uint8_t *data) +{ + CMAC128_UPDATE (ctx, kuznyechik_encrypt, length, data); +} + +void +cmac_kuznyechik_digest(struct cmac_kuznyechik_ctx *ctx, + size_t length, uint8_t *digest) +{ + CMAC128_DIGEST(ctx, kuznyechik_encrypt, length, digest); +} +#endif diff --git a/lib/nettle/gost/cmac-magma.c b/lib/nettle/gost/cmac-magma.c new file mode 100644 index 0000000000..f63458f781 --- /dev/null +++ b/lib/nettle/gost/cmac-magma.c @@ -0,0 +1,59 @@ +/* cmac-magma.c - GOST R 34.12-2015 (Magma) cipher implementation + * + * Copyright: 2017 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be included + * in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +#if HAVE_CONFIG_H +#include "config.h" +#endif + +#ifndef HAVE_NETTLE_CMAC_MAGMA_UPDATE + +#ifdef HAVE_NETTLE_CMAC64_UPDATE +#include <nettle/cmac.h> +#else +#include "backport/cmac.h" +#endif + +#include "magma.h" +#include "cmac.h" + +void +cmac_magma_set_key(struct cmac_magma_ctx *ctx, const uint8_t *key) +{ + CMAC64_SET_KEY(ctx, magma_set_key, magma_encrypt, key); +} + +void +cmac_magma_update (struct cmac_magma_ctx *ctx, + size_t length, const uint8_t *data) +{ + CMAC64_UPDATE (ctx, magma_encrypt, length, data); +} + +void +cmac_magma_digest(struct cmac_magma_ctx *ctx, + size_t length, uint8_t *digest) +{ + CMAC64_DIGEST(ctx, magma_encrypt, length, digest); +} +#endif diff --git a/lib/nettle/gost/cmac.h b/lib/nettle/gost/cmac.h new file mode 100644 index 0000000000..48f3b409e5 --- /dev/null +++ b/lib/nettle/gost/cmac.h @@ -0,0 +1,103 @@ +/* cmac.h + + CMAC mode, as specified in RFC4493 + + Copyright (C) 2017 Red Hat, Inc. + + Contributed by Nikos Mavrogiannopoulos + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifndef GOST_CMAC_H_INCLUDED +#define GOST_CMAC_H_INCLUDED + +#if HAVE_CONFIG_H +# include <config.h> +#endif + +#ifndef HAVE_NETTLE_CMAC_MAGMA_UPDATE +#include "magma.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define cmac_magma_set_key _gnutls_cmac_magma_set_key +#define cmac_magma_update _gnutls_cmac_magma_update +#define cmac_magma_digest _gnutls_cmac_magma_digest + +struct cmac_magma_ctx CMAC64_CTX(struct magma_ctx); + +void +cmac_magma_set_key(struct cmac_magma_ctx *ctx, const uint8_t *key); + +void +cmac_magma_update(struct cmac_magma_ctx *ctx, + size_t length, const uint8_t *data); + +void +cmac_magma_digest(struct cmac_magma_ctx *ctx, + size_t length, uint8_t *digest); + +#ifdef __cplusplus +} +#endif + +#endif /* HAVE_NETTLE_CMAC_MAGMA_UPDATE */ + +#ifndef HAVE_NETTLE_CMAC_KUZNYECHIK_UPDATE +#include "kuznyechik.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define cmac_kuznyechik_set_key _gnutls_cmac_kuznyechik_set_key +#define cmac_kuznyechik_update _gnutls_cmac_kuznyechik_update +#define cmac_kuznyechik_digest _gnutls_cmac_kuznyechik_digest + +struct cmac_kuznyechik_ctx CMAC128_CTX(struct kuznyechik_ctx); + +void +cmac_kuznyechik_set_key(struct cmac_kuznyechik_ctx *ctx, const uint8_t *key); + +void +cmac_kuznyechik_update(struct cmac_kuznyechik_ctx *ctx, + size_t length, const uint8_t *data); + +void +cmac_kuznyechik_digest(struct cmac_kuznyechik_ctx *ctx, + size_t length, uint8_t *digest); + +#ifdef __cplusplus +} +#endif + +#endif + +#endif /* CMAC_H_INCLUDED */ diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c index 4e14a9475b..e2ba0cb4d6 100644 --- a/lib/nettle/mac.c +++ b/lib/nettle/mac.c @@ -34,6 +34,14 @@ #include <nettle/umac.h> #include <nettle/hkdf.h> #include <nettle/pbkdf2.h> +#ifdef HAVE_NETTLE_CMAC128_UPDATE +#include <nettle/cmac.h> +#ifndef HAVE_NETTLE_CMAC64_UPDATE +#include "cmac64.h" +#endif /* HAVE_NETTLE_CMAC64_UPDATE */ +#else +#include "cmac.h" +#endif /* HAVE_NETTLE_CMAC128_UPDATE */ #if ENABLE_GOST #include "gost/hmac-gost.h" #ifndef HAVE_NETTLE_GOSTHASH94CP_UPDATE @@ -45,12 +53,8 @@ #ifndef HAVE_NETTLE_GOST28147_SET_KEY #include "gost/gost28147.h" #endif +#include "gost/cmac.h" #endif -#ifdef HAVE_NETTLE_CMAC128_UPDATE -#include <nettle/cmac.h> -#else -#include "cmac.h" -#endif /* HAVE_NETTLE_CMAC128_UPDATE */ #include <nettle/gcm.h> typedef void (*update_func) (void *, size_t, const uint8_t *); |