From 650b60cc590f2c918dd84e42e4ce154a1d20acf3 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Tue, 24 Dec 2019 01:20:24 +0300 Subject: nettle/gost: remove gost28147_imit_init Rewrite gost28147 imit code to clean up state and index on key setup to be sure that imit context is properly cleaned. Signed-off-by: Dmitry Eremin-Solenikov --- lib/nettle/gost/gost-wrap.c | 2 -- lib/nettle/gost/gost28147.c | 14 ++++++++------ lib/nettle/gost/gost28147.h | 4 ---- 3 files changed, 8 insertions(+), 12 deletions(-) diff --git a/lib/nettle/gost/gost-wrap.c b/lib/nettle/gost/gost-wrap.c index 63e1c321e2..e4a616ed2c 100644 --- a/lib/nettle/gost/gost-wrap.c +++ b/lib/nettle/gost/gost-wrap.c @@ -93,7 +93,6 @@ gost28147_key_wrap_cryptopro(const struct gost28147_param *param, gost28147_set_param(&ctx, param); gost28147_encrypt(&ctx, GOST28147_KEY_SIZE, enc, cek); - gost28147_imit_init(&ictx); gost28147_imit_set_key(&ictx, GOST28147_KEY_SIZE, kd); gost28147_imit_set_param(&ictx, param); gost28147_imit_set_nonce(&ictx, ukm); @@ -121,7 +120,6 @@ gost28147_key_unwrap_cryptopro(const struct gost28147_param *param, gost28147_set_param(&ctx, param); gost28147_decrypt(&ctx, GOST28147_KEY_SIZE, cek, enc); - gost28147_imit_init(&ictx); gost28147_imit_set_key(&ictx, GOST28147_KEY_SIZE, kd); gost28147_imit_set_param(&ictx, param); gost28147_imit_set_nonce(&ictx, ukm); diff --git a/lib/nettle/gost/gost28147.c b/lib/nettle/gost/gost28147.c index da8ec9ef14..d6a278ab09 100644 --- a/lib/nettle/gost/gost28147.c +++ b/lib/nettle/gost/gost28147.c @@ -2470,13 +2470,13 @@ gost28147_cnt_crypt(struct gost28147_cnt_ctx *ctx, } } -void -gost28147_imit_init(struct gost28147_imit_ctx *ctx) +static void +_gost28147_imit_reinit(struct gost28147_imit_ctx *ctx) { - memset(ctx->state, 0, GOST28147_BLOCK_SIZE); + ctx->state[0] = 0; + ctx->state[1] = 0; ctx->index = 0; ctx->count = 0; - gost28147_set_param(&ctx->cctx, &gost28147_param_TC26_Z); /* Default */ } void @@ -2488,7 +2488,9 @@ gost28147_imit_set_key(struct gost28147_imit_ctx *ctx, assert(key); _gost28147_set_key(&ctx->cctx, key); - /* Do not reset param here */ + _gost28147_imit_reinit(ctx); + if (!ctx->cctx.sbox) + gost28147_set_param(&ctx->cctx, &gost28147_param_TC26_Z); } void @@ -2549,6 +2551,6 @@ gost28147_imit_digest(struct gost28147_imit_ctx *ctx, } _nettle_write_le32(length, digest, ctx->state); - gost28147_imit_init(ctx); + _gost28147_imit_reinit(ctx); } #endif diff --git a/lib/nettle/gost/gost28147.h b/lib/nettle/gost/gost28147.h index ae4a385589..14c865e6e6 100644 --- a/lib/nettle/gost/gost28147.h +++ b/lib/nettle/gost/gost28147.h @@ -73,7 +73,6 @@ extern "C" { #define gost28147_key_wrap_cryptopro _gnutls_gost28147_key_wrap_cryptopro #define gost28147_key_unwrap_cryptopro _gnutls_gost28147_key_unwrap_cryptopro -#define gost28147_imit_init _gnutls_gost28147_imit_init #define gost28147_imit_set_key _gnutls_gost28147_imit_set_key #define gost28147_imit_set_nonce _gnutls_gost28147_imit_set_nonce #define gost28147_imit_set_param _gnutls_gost28147_imit_set_param @@ -185,9 +184,6 @@ struct gost28147_imit_ctx uint32_t state[GOST28147_IMIT_BLOCK_SIZE/4]; }; -void -gost28147_imit_init(struct gost28147_imit_ctx *ctx); - void gost28147_imit_set_key(struct gost28147_imit_ctx *ctx, size_t length, -- cgit v1.2.1 From 6037706541616cfd2d4b49f6f5939ce6dddd1a53 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Tue, 24 Dec 2019 02:31:30 +0300 Subject: crypto-api: add gnutls_hmac_get_key_size() function Add gnutls_hmac_get_key_size() to retrieve MAC key size. Signed-off-by: Dmitry Eremin-Solenikov --- devel/libgnutls-latest-x86_64.abi | 1 + devel/symbols.last | 1 + doc/Makefile.am | 2 ++ doc/manpages/Makefile.am | 1 + lib/crypto-api.c | 17 +++++++++++++++++ lib/includes/gnutls/crypto.h | 1 + lib/libgnutls.map | 1 + 7 files changed, 24 insertions(+) diff --git a/devel/libgnutls-latest-x86_64.abi b/devel/libgnutls-latest-x86_64.abi index 9cc1908291..bf45d3c5b1 100644 --- a/devel/libgnutls-latest-x86_64.abi +++ b/devel/libgnutls-latest-x86_64.abi @@ -323,6 +323,7 @@ + diff --git a/devel/symbols.last b/devel/symbols.last index 4ad0268aa1..1e0e56d5c0 100644 --- a/devel/symbols.last +++ b/devel/symbols.last @@ -289,6 +289,7 @@ gnutls_hmac@GNUTLS_3_4 gnutls_hmac_copy@GNUTLS_3_6_9 gnutls_hmac_deinit@GNUTLS_3_4 gnutls_hmac_fast@GNUTLS_3_4 +gnutls_hmac_get_key_size@GNUTLS_3_6_12 gnutls_hmac_get_len@GNUTLS_3_4 gnutls_hmac_init@GNUTLS_3_4 gnutls_hmac_output@GNUTLS_3_4 diff --git a/doc/Makefile.am b/doc/Makefile.am index fc8360c73c..aa3984ffe1 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1129,6 +1129,8 @@ FUNCS += functions/gnutls_hmac_deinit FUNCS += functions/gnutls_hmac_deinit.short FUNCS += functions/gnutls_hmac_fast FUNCS += functions/gnutls_hmac_fast.short +FUNCS += functions/gnutls_hmac_get_key_size +FUNCS += functions/gnutls_hmac_get_key_size.short FUNCS += functions/gnutls_hmac_get_len FUNCS += functions/gnutls_hmac_get_len.short FUNCS += functions/gnutls_hmac_init diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am index 7f8db7f943..85d0f7f0e4 100644 --- a/doc/manpages/Makefile.am +++ b/doc/manpages/Makefile.am @@ -366,6 +366,7 @@ APIMANS += gnutls_hmac.3 APIMANS += gnutls_hmac_copy.3 APIMANS += gnutls_hmac_deinit.3 APIMANS += gnutls_hmac_fast.3 +APIMANS += gnutls_hmac_get_key_size.3 APIMANS += gnutls_hmac_get_len.3 APIMANS += gnutls_hmac_init.3 APIMANS += gnutls_hmac_output.3 diff --git a/lib/crypto-api.c b/lib/crypto-api.c index d3e8094563..4db6812c29 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -455,6 +455,23 @@ unsigned gnutls_hmac_get_len(gnutls_mac_algorithm_t algorithm) return _gnutls_mac_get_algo_len(mac_to_entry(algorithm)); } +/** + * gnutls_hmac_get_key_size: + * @algorithm: the mac algorithm to use + * + * This function will return the size of the key to be used with this + * algorithm. On the algorithms which may accept arbitrary key sizes, + * the returned size is the MAC key size used in the TLS protocol. + * + * Returns: The key size or zero on error. + * + * Since: 3.6.12 + **/ +unsigned gnutls_hmac_get_key_size(gnutls_mac_algorithm_t algorithm) +{ + return _gnutls_mac_get_key_size(mac_to_entry(algorithm)); +} + /** * gnutls_hmac_fast: * @algorithm: the hash algorithm to use diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h index 4d4926c86a..685d9d5d29 100644 --- a/lib/includes/gnutls/crypto.h +++ b/lib/includes/gnutls/crypto.h @@ -123,6 +123,7 @@ int gnutls_hmac(gnutls_hmac_hd_t handle, const void *text, size_t textlen); void gnutls_hmac_output(gnutls_hmac_hd_t handle, void *digest); void gnutls_hmac_deinit(gnutls_hmac_hd_t handle, void *digest); unsigned gnutls_hmac_get_len(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__; +unsigned gnutls_hmac_get_key_size(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__; int gnutls_hmac_fast(gnutls_mac_algorithm_t algorithm, const void *key, size_t keylen, const void *text, size_t textlen, void *digest); diff --git a/lib/libgnutls.map b/lib/libgnutls.map index ea84a1470d..e1878bb00c 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1306,6 +1306,7 @@ GNUTLS_3_6_12 global: gnutls_certificate_verification_profile_get_name; gnutls_certificate_verification_profile_get_id; + gnutls_hmac_get_key_size; } GNUTLS_3_6_10; GNUTLS_FIPS140_3_4 { -- cgit v1.2.1 From afae0d3ab3d4530375d003babcf12743d9209f97 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Tue, 24 Dec 2019 02:32:17 +0300 Subject: benchmark: use mac key size instead of block size Use newly added gnutls_hmac_get_key_size() to get key size instead of assuming that key size = block size (incorrect for GOST 28147 IMIT). Signed-off-by: Dmitry Eremin-Solenikov --- src/benchmark-cipher.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/benchmark-cipher.c b/src/benchmark-cipher.c index b6945a2920..2d2bc30a66 100644 --- a/src/benchmark-cipher.c +++ b/src/benchmark-cipher.c @@ -231,7 +231,7 @@ static void cipher_bench(int algo, int size, int aead) static void mac_bench(int algo, int size) { void *_key; - int blocksize = gnutls_hmac_get_len(algo); + int key_size = gnutls_hmac_get_key_size(algo); int step = size * 1024; struct benchmark_st st; void *input; @@ -240,10 +240,10 @@ static void mac_bench(int algo, int size) ALLOCM(input, MAX_MEM); i = input; - _key = malloc(blocksize); + _key = malloc(key_size); if (_key == NULL) return; - memset(_key, 0xf0, blocksize); + memset(_key, 0xf0, key_size); printf("%16s ", gnutls_mac_get_name(algo)); fflush(stdout); @@ -253,7 +253,7 @@ static void mac_bench(int algo, int size) start_benchmark(&st); do { - gnutls_hmac_fast(algo, _key, blocksize, i, step, _key); + gnutls_hmac_fast(algo, _key, key_size, i, step, _key); st.size += step; INC(input, i, step); } -- cgit v1.2.1 From 4a6a7b83c2da5e90fca7032f7526d9149a90fc65 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Tue, 24 Dec 2019 02:33:26 +0300 Subject: benchmark: support benchmarking GOST ciphers/MACs Signed-off-by: Dmitry Eremin-Solenikov --- src/benchmark-cipher.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/benchmark-cipher.c b/src/benchmark-cipher.c index 2d2bc30a66..26d2c63c22 100644 --- a/src/benchmark-cipher.c +++ b/src/benchmark-cipher.c @@ -285,17 +285,29 @@ void benchmark_cipher(int debug_level) cipher_mac_bench(GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1, size); cipher_mac_bench(GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256, size); +#ifdef ENABLE_GOST + cipher_mac_bench(GNUTLS_CIPHER_GOST28147_TC26Z_CNT, GNUTLS_MAC_GOST28147_TC26Z_IMIT, + size); +#endif printf("\nChecking MAC algorithms, payload size: %u\n", size * 1024); mac_bench(GNUTLS_MAC_SHA1, size); mac_bench(GNUTLS_MAC_SHA256, size); mac_bench(GNUTLS_MAC_SHA512, size); +#ifdef ENABLE_GOST + mac_bench(GNUTLS_MAC_GOST28147_TC26Z_IMIT, size); + mac_bench(GNUTLS_MAC_GOSTR_94, size); + mac_bench(GNUTLS_MAC_STREEBOG_512, size); +#endif printf("\nChecking ciphers, payload size: %u\n", size * 1024); cipher_bench(GNUTLS_CIPHER_3DES_CBC, size, 0); cipher_bench(GNUTLS_CIPHER_AES_128_CBC, size, 0); cipher_bench(GNUTLS_CIPHER_SALSA20_256, size, 0); cipher_bench(GNUTLS_CIPHER_NULL, size, 1); +#ifdef ENABLE_GOST + cipher_bench(GNUTLS_CIPHER_GOST28147_TC26Z_CNT, size, 0); +#endif gnutls_global_deinit(); } -- cgit v1.2.1 From 1babf0c5834fb39c5c1064b59180adaf386c6e01 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Tue, 24 Dec 2019 16:26:27 +0300 Subject: benchmark: enable benchmarking of GOST CNT ciphersuite/KX Signed-off-by: Dmitry Eremin-Solenikov --- src/benchmark-tls.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/src/benchmark-tls.c b/src/benchmark-tls.c index 9df0102cfe..14a3d190cc 100644 --- a/src/benchmark-tls.c +++ b/src/benchmark-tls.c @@ -61,6 +61,7 @@ const char *side = ""; #define PRIO_TLS12_CHACHA_POLY1305 "NONE:+VERS-TLS1.2:+CHACHA20-POLY1305:+AEAD:+SIGN-ALL:+COMP-NULL:+ECDHE-RSA:+CURVE-ALL" #define PRIO_CHACHA_POLY1305 "NONE:+VERS-TLS1.3:+CHACHA20-POLY1305:+AEAD:+SIGN-ALL:+COMP-NULL:+ECDHE-RSA:+CURVE-ALL" #define PRIO_CAMELLIA_CBC_SHA1 "NONE:+VERS-TLS1.0:+CAMELLIA-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA" +#define PRIO_GOST_CNT "NONE:+VERS-TLS1.2:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-ALL:+SIGN-GOSTR341012-256:+COMP-NULL:+VKO-GOST-12:+GROUP-GOST-ALL" static const int rsa_bits = 3072, ec_bits = 256; @@ -202,6 +203,42 @@ static unsigned char server_ed25519_cert_pem[] = "7barRoh+qx7ZVYpe+5w3JYuxy16w\n" "-----END CERTIFICATE-----\n"; +#ifdef ENABLE_GOST +static unsigned char server_gost12_256_key_pem[] = + "-----BEGIN PRIVATE KEY-----\n" + "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIgQg0+JttJEV\n" + "Ud+XBzX9q13ByKK+j2b+mEmNIo1yB0wGleo=\n" + "-----END PRIVATE KEY-----\n"; + +static unsigned char server_gost12_256_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIC8DCCAVigAwIBAgIIWcZKgxkCMvcwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xOTEwMDgxMDQ4MTZaGA85OTk5MTIzMTIzNTk1OVowDTELMAkG\n" + "A1UEAxMCR1IwZjAfBggqhQMHAQEBATATBgcqhQMCAiQABggqhQMHAQECAgNDAARA\n" + "J9sMEEx0JW9QsT5bDqyc0TNcjVg9ZSdp4GkMtShM+OOgyBGrWK3zLP5IzHYSXja8\n" + "373QrJOUvdX7T7TUk5yU5aOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuC\n" + "CWxvY2FsaG9zdDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AA\n" + "MB0GA1UdDgQWBBQYSEtdwsYrtnOq6Ya3nt8DgFPCQjAfBgNVHSMEGDAWgBT5qIYZ\n" + "Y7akFBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAR0xtx7MWEP1KyIzM\n" + "4lXKdTyU4Nve5RcgqF82yR/0odqT5MPoaZDvLuRWEcQryztZD3kmRUmPmn1ujSfc\n" + "BbPfRnSutDXcf6imq0/U1/TV/BF3vpS1plltzetvibf8MYetHVFQHUBJDZJHh9h7\n" + "PGwA9SnmnGKFIxFdV6bVOLkPR54Gob9zN3E17KslL19lNtht1pxk9pshwTn35oRY\n" + "uOdxof9F4XjpI/4WbC8kp15QeG8XyZd5JWSl+niNOqYK31+ilQdVBr4RiZSDIcAg\n" + "twS5yV9Ap+R8rM8TLbeT2io4rhdUgmDllUf49zV3t6AbVvbsQfkqXmHXW8uW2WBu\n" + "A8FiXEbIIOb+QIW0ZGwk3BVQ7wdiw1M5w6kYtz5kBtNPxBmc+eu1+e6EAfYbFNr3\n" + "pkxtMk3veYWHb5s3dHZ4/t2Rn85hWqh03CWwCkKTN3qmEs4/XpybbXE/UE49e7u1\n" + "FkpM1bT/0gUNsNt5h3pyUzQZdiB0XbdGGFta3tB3+inIO45h\n" + "-----END CERTIFICATE-----\n"; + +static const gnutls_datum_t server_gost12_256_key = { server_gost12_256_key_pem, + sizeof(server_gost12_256_key_pem)-1 +}; + +static const gnutls_datum_t server_gost12_256_cert = { server_gost12_256_cert_pem, + sizeof(server_gost12_256_cert_pem)-1 +}; +#endif + const gnutls_datum_t server_cert = { server_cert_pem, sizeof(server_cert_pem) }; @@ -264,6 +301,11 @@ static void test_ciphersuite(const char *cipher_prio, int size) gnutls_certificate_set_x509_key_mem(s_certcred, &server_ecc_cert, &server_ecc_key, GNUTLS_X509_FMT_PEM); +#ifdef ENABLE_GOST + gnutls_certificate_set_x509_key_mem(s_certcred, &server_gost12_256_cert, + &server_gost12_256_key, + GNUTLS_X509_FMT_PEM); +#endif gnutls_init(&server, GNUTLS_SERVER); ret = gnutls_priority_set_direct(server, cipher_prio, &str); @@ -432,6 +474,10 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk) ret = gnutls_certificate_set_x509_key_mem(s_certcred, &server_ed25519_cert, &server_ed25519_key, GNUTLS_X509_FMT_PEM); + else if (pk == GNUTLS_PK_GOST_12_256) + ret = gnutls_certificate_set_x509_key_mem(s_certcred, &server_gost12_256_cert, + &server_gost12_256_key, + GNUTLS_X509_FMT_PEM); if (ret < 0) { fprintf(stderr, "Error in %d: %s\n", __LINE__, gnutls_strerror(ret)); @@ -560,6 +606,9 @@ void benchmark_tls(int debug_level, int ciphers) test_ciphersuite(PRIO_CHACHA_POLY1305, size); test_ciphersuite(PRIO_AES_CBC_SHA1, size); test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, size); +#ifdef ENABLE_GOST + test_ciphersuite(PRIO_GOST_CNT, size); +#endif size = 16 * 1024; printf @@ -573,6 +622,9 @@ void benchmark_tls(int debug_level, int ciphers) test_ciphersuite(PRIO_CHACHA_POLY1305, size); test_ciphersuite(PRIO_AES_CBC_SHA1, size); test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, size); +#ifdef ENABLE_GOST + test_ciphersuite(PRIO_GOST_CNT, size); +#endif } else { printf ("Testing key exchanges (RSA/DH bits: %d, EC bits: %d)\n\n", @@ -585,6 +637,9 @@ void benchmark_tls(int debug_level, int ciphers) test_ciphersuite_kx(PRIO_ECDH_X25519_ECDSA, GNUTLS_PK_ECC); test_ciphersuite_kx(PRIO_ECDH_X25519_EDDSA, GNUTLS_PK_EDDSA_ED25519); test_ciphersuite_kx(PRIO_RSA, GNUTLS_PK_RSA); +#ifdef ENABLE_GOST + test_ciphersuite_kx(PRIO_GOST_CNT, GNUTLS_PK_GOST_12_256); +#endif } gnutls_global_deinit(); -- cgit v1.2.1