Allow kuznyechik-ctr-acpkm-omac PKCS12 integration

OpenSSL PKCS12 module sets all-zeros initial vector on encryption and doesn't change it on decryption. This patch addresses `kuznyechik-ctr-acpkm-omac` behavior differences in two places: 1. in `gost2015_acpkm_omac_init()` IV is initialized with a random value on encryption, thus overwriting user-defined value 2. in `gost_grasshopper_cipher_init` IV is initialized with a random value, thus overwriting assumed default all-zeros value This patch also implements 3 ctrl operations required by PKCS12 module: - EVP_CTRL_AEAD_GET_TAG - EVP_CTRL_AEAD_SET_TAG - EVP_CTRL_AEAD_TLS1_AAD Signed-off-by: Sergei Ianovich <[email protected]>
gost-engine · Sep 16, 2022 · 669ba9a · 669ba9a
1 parent 631e688
commit 669ba9a
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 18 deletions.
diff --git a/gost_gost2015.c b/gost_gost2015.c
@@ -163,11 +163,6 @@ int gost2015_acpkm_omac_init(int nid, int enc, const unsigned char *inkey,
     if (md == NULL)
         return 0;
 
-    if (enc) {
-        if (RAND_bytes(kdf_seed, 8) != 1)
-            return 0;
-    }
-
     if (gost_kdftree2012_256(keys, 64, inkey, 32,
        (const unsigned char *)"kdf tree", 8, kdf_seed, 8, 1) <= 0)
         return 0;

diff --git a/gost_grasshopper_cipher.c b/gost_grasshopper_cipher.c
@@ -213,11 +213,6 @@ static int gost_grasshopper_cipher_init(EVP_CIPHER_CTX *ctx,
 
     if (EVP_CIPHER_CTX_get_app_data(ctx) == NULL) {
         EVP_CIPHER_CTX_set_app_data(ctx, EVP_CIPHER_CTX_get_cipher_data(ctx));
-        if (enc && c->type == GRASSHOPPER_CIPHER_CTRACPKM) {
-            gost_grasshopper_cipher_ctx_ctr *ctr = EVP_CIPHER_CTX_get_cipher_data(ctx);
-            if (init_zero_kdf_seed(ctr->kdf_seed) == 0)
-                return -1;
-        }
     }
 
     if (key != NULL) {
@@ -871,31 +866,37 @@ static int gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, v
           }
         }
         return -1;
-#if 0
     case EVP_CTRL_AEAD_GET_TAG:
     case EVP_CTRL_AEAD_SET_TAG:
         {
             int taglen = arg;
             unsigned char *tag = ptr;
 
-            gost_grasshopper_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
-            if (c->c.type != GRASSHOPPER_CIPHER_MGM)
+            gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
+            if (c->c.type != GRASSHOPPER_CIPHER_CTRACPKMOMAC)
                 return -1;
 
             if (taglen > KUZNYECHIK_MAC_MAX_SIZE) {
-                CRYPTOCOMerr(CRYPTOCOM_F_GOST_GRASSHOPPER_CIPHER_CTL,
-                        CRYPTOCOM_R_INVALID_TAG_LENGTH);
+                GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL, GOST_R_BAD_MAC);
                 return -1;
             }
 
             if (type == EVP_CTRL_AEAD_GET_TAG)
-                memcpy(tag, c->final_tag, taglen);
+                memcpy(tag, c->tag, taglen);
             else
-                memcpy(c->final_tag, tag, taglen);
+                memcpy(c->tag, tag, taglen);
 
             return 1;
         }
-#endif
+    case EVP_CTRL_AEAD_TLS1_AAD: {
+            gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
+            if (!ptr || c->c.type != GRASSHOPPER_CIPHER_CTRACPKMOMAC)
+                return -1;
+            if (arg != 0)
+                return 0;
+            *(int *) ptr = KUZNYECHIK_MAC_MAX_SIZE;
+            return 1;
+    }
     case EVP_CTRL_PROCESS_UNPROTECTED:
     {
       STACK_OF(X509_ATTRIBUTE) *x = ptr;