From ecf873dbff57f2218e9d93b17ee8b478a18f806c Mon Sep 17 00:00:00 2001 From: Sergei Ianovich Date: Fri, 16 Sep 2022 20:25:49 +0300 Subject: [PATCH 1/4] Allow `kuznyechik-ctr-acpkm-omac` PKCS12 integration OpenSSL PKCS12 module sets all-zeros initial vector on encryption and doesn't change it on decryption. This patch addresses `kuznyechik-ctr-acpkm-omac` behavior differences in two places: 1. in `gost2015_acpkm_omac_init()` IV is initialized with a random value on encryption, thus overwriting user-defined value 2. in `gost_grasshopper_cipher_init` IV is initialized with a random value, thus overwriting assumed default all-zeros value This patch also implements 3 ctrl operations required by PKCS12 module: - EVP_CTRL_AEAD_GET_TAG - EVP_CTRL_AEAD_SET_TAG - EVP_CTRL_AEAD_TLS1_AAD Signed-off-by: Sergei Ianovich --- gost_gost2015.c | 5 ----- gost_grasshopper_cipher.c | 27 ++++++++++++++------------- 2 files changed, 14 insertions(+), 18 deletions(-) diff --git a/gost_gost2015.c b/gost_gost2015.c index 1ffa4281a..3fcde339c 100644 --- a/gost_gost2015.c +++ b/gost_gost2015.c @@ -163,11 +163,6 @@ int gost2015_acpkm_omac_init(int nid, int enc, const unsigned char *inkey, if (md == NULL) return 0; - if (enc) { - if (RAND_bytes(kdf_seed, 8) != 1) - return 0; - } - if (gost_kdftree2012_256(keys, 64, inkey, 32, (const unsigned char *)"kdf tree", 8, kdf_seed, 8, 1) <= 0) return 0; diff --git a/gost_grasshopper_cipher.c b/gost_grasshopper_cipher.c index 001746bc6..266358589 100644 --- a/gost_grasshopper_cipher.c +++ b/gost_grasshopper_cipher.c @@ -213,11 +213,6 @@ static int gost_grasshopper_cipher_init(EVP_CIPHER_CTX *ctx, if (EVP_CIPHER_CTX_get_app_data(ctx) == NULL) { EVP_CIPHER_CTX_set_app_data(ctx, EVP_CIPHER_CTX_get_cipher_data(ctx)); - if (enc && c->type == GRASSHOPPER_CIPHER_CTRACPKM) { - gost_grasshopper_cipher_ctx_ctr *ctr = EVP_CIPHER_CTX_get_cipher_data(ctx); - if (init_zero_kdf_seed(ctr->kdf_seed) == 0) - return -1; - } } if (key != NULL) { @@ -871,31 +866,37 @@ static int gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, v } } return -1; -#if 0 case EVP_CTRL_AEAD_GET_TAG: case EVP_CTRL_AEAD_SET_TAG: { int taglen = arg; unsigned char *tag = ptr; - gost_grasshopper_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); - if (c->c.type != GRASSHOPPER_CIPHER_MGM) + gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + if (c->c.type != GRASSHOPPER_CIPHER_CTRACPKMOMAC) return -1; if (taglen > KUZNYECHIK_MAC_MAX_SIZE) { - CRYPTOCOMerr(CRYPTOCOM_F_GOST_GRASSHOPPER_CIPHER_CTL, - CRYPTOCOM_R_INVALID_TAG_LENGTH); + GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL, GOST_R_BAD_MAC); return -1; } if (type == EVP_CTRL_AEAD_GET_TAG) - memcpy(tag, c->final_tag, taglen); + memcpy(tag, c->tag, taglen); else - memcpy(c->final_tag, tag, taglen); + memcpy(c->tag, tag, taglen); return 1; } -#endif + case EVP_CTRL_AEAD_TLS1_AAD: { + gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + if (!ptr || c->c.type != GRASSHOPPER_CIPHER_CTRACPKMOMAC) + return -1; + if (arg != 0) + return 0; + *(int *) ptr = KUZNYECHIK_MAC_MAX_SIZE; + return 1; + } case EVP_CTRL_PROCESS_UNPROTECTED: { STACK_OF(X509_ATTRIBUTE) *x = ptr; From c40bd93c74610d326a17f945dfa8a229eea635bd Mon Sep 17 00:00:00 2001 From: Sergei Ianovich Date: Sat, 17 Sep 2022 00:06:38 +0300 Subject: [PATCH 2/4] fixup! Allow `kuznyechik-ctr-acpkm-omac` PKCS12 integration --- gost_grasshopper_cipher.c | 5 +++++ gost_grasshopper_cipher.h | 1 + 2 files changed, 6 insertions(+) diff --git a/gost_grasshopper_cipher.c b/gost_grasshopper_cipher.c index 266358589..c6817ba2b 100644 --- a/gost_grasshopper_cipher.c +++ b/gost_grasshopper_cipher.c @@ -213,6 +213,11 @@ static int gost_grasshopper_cipher_init(EVP_CIPHER_CTX *ctx, if (EVP_CIPHER_CTX_get_app_data(ctx) == NULL) { EVP_CIPHER_CTX_set_app_data(ctx, EVP_CIPHER_CTX_get_cipher_data(ctx)); + if (enc && c->type == GRASSHOPPER_CIPHER_CTRACPKM) { + gost_grasshopper_cipher_ctx_ctr *ctr = EVP_CIPHER_CTX_get_cipher_data(ctx); + if (!ctr->has_kdf_seed && init_zero_kdf_seed(ctr->kdf_seed) == 0) + return -1; + } } if (key != NULL) { diff --git a/gost_grasshopper_cipher.h b/gost_grasshopper_cipher.h index ecaf1c7aa..6fda4b998 100644 --- a/gost_grasshopper_cipher.h +++ b/gost_grasshopper_cipher.h @@ -33,6 +33,7 @@ typedef struct { unsigned char kdf_seed[8]; unsigned char tag[16]; EVP_MD_CTX *omac_ctx; + int has_kdf_seed; } gost_grasshopper_cipher_ctx_ctr; static void gost_grasshopper_cipher_key(gost_grasshopper_cipher_ctx* c, const uint8_t* k); From fa4d6b03375784c21f3bedb48cd292f7a349a728 Mon Sep 17 00:00:00 2001 From: Sergei Ianovich Date: Sat, 17 Sep 2022 00:13:07 +0300 Subject: [PATCH 3/4] fixup! Allow `kuznyechik-ctr-acpkm-omac` PKCS12 integration --- gost_grasshopper_cipher.c | 2 +- gost_grasshopper_cipher.h | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/gost_grasshopper_cipher.c b/gost_grasshopper_cipher.c index c6817ba2b..5896bea9b 100644 --- a/gost_grasshopper_cipher.c +++ b/gost_grasshopper_cipher.c @@ -215,7 +215,7 @@ static int gost_grasshopper_cipher_init(EVP_CIPHER_CTX *ctx, EVP_CIPHER_CTX_set_app_data(ctx, EVP_CIPHER_CTX_get_cipher_data(ctx)); if (enc && c->type == GRASSHOPPER_CIPHER_CTRACPKM) { gost_grasshopper_cipher_ctx_ctr *ctr = EVP_CIPHER_CTX_get_cipher_data(ctx); - if (!ctr->has_kdf_seed && init_zero_kdf_seed(ctr->kdf_seed) == 0) + if (init_zero_kdf_seed(ctr->kdf_seed) == 0) return -1; } } diff --git a/gost_grasshopper_cipher.h b/gost_grasshopper_cipher.h index 6fda4b998..ecaf1c7aa 100644 --- a/gost_grasshopper_cipher.h +++ b/gost_grasshopper_cipher.h @@ -33,7 +33,6 @@ typedef struct { unsigned char kdf_seed[8]; unsigned char tag[16]; EVP_MD_CTX *omac_ctx; - int has_kdf_seed; } gost_grasshopper_cipher_ctx_ctr; static void gost_grasshopper_cipher_key(gost_grasshopper_cipher_ctx* c, const uint8_t* k); From e44a4b7fb68f85d14ec87665f82d65988dffd7bb Mon Sep 17 00:00:00 2001 From: Sergei Ianovich Date: Sat, 17 Sep 2022 00:49:44 +0300 Subject: [PATCH 4/4] fixup! Allow `kuznyechik-ctr-acpkm-omac` PKCS12 integration --- gost_grasshopper_cipher.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/gost_grasshopper_cipher.c b/gost_grasshopper_cipher.c index 5896bea9b..7805f4b88 100644 --- a/gost_grasshopper_cipher.c +++ b/gost_grasshopper_cipher.c @@ -902,6 +902,13 @@ static int gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, v *(int *) ptr = KUZNYECHIK_MAC_MAX_SIZE; return 1; } + case EVP_CTRL_PBE_PRF_NID: { + if (ptr) { + *((int *)ptr) = NID_id_tc26_hmac_gost_3411_2012_512; + return 1; + } + return 0; + } case EVP_CTRL_PROCESS_UNPROTECTED: { STACK_OF(X509_ATTRIBUTE) *x = ptr;