The branch master has been updated
via 9f2e18111e643894e31f4ca877eb71a69a048e81 (commit)
via 14f61f81f22db55f0ea79105a493398c1c2e04b7 (commit)
via c89d9cdab1727553e3cfa964e9f082cbc5a194c2 (commit)
from cf3d6ef7af7d6c47f5ccd4ce58d822972018b21c (commit)
- Log -----------------------------------------------------------------
commit 9f2e18111e643894e31f4ca877eb71a69a048e81
Author: Richard Levitte <levi...@openssl.org>
Date: Thu Oct 25 00:29:02 2018 +0200
Have a couple of SipHash test uses the EVP_PKEY method
Reviewed-by: Paul Dale <paul.d...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7494)
commit 14f61f81f22db55f0ea79105a493398c1c2e04b7
Author: Richard Levitte <levi...@openssl.org>
Date: Thu Oct 25 00:20:48 2018 +0200
EVP_MAC: Integrate SipHash EVP_PKEY_METHOD into generic MAC EVP_PKEY_METHOD
Reviewed-by: Paul Dale <paul.d...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7494)
commit c89d9cdab1727553e3cfa964e9f082cbc5a194c2
Author: Richard Levitte <levi...@openssl.org>
Date: Thu Oct 25 00:17:45 2018 +0200
EVP_MAC: Add SipHash implementation
Reviewed-by: Paul Dale <paul.d...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7494)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/c_allm.c | 3 +
crypto/evp/pkey_mac.c | 33 ++++
crypto/include/internal/evp_int.h | 1 +
crypto/siphash/build.info | 2 +-
crypto/siphash/siphash_meth.c | 139 ++++++++++++++
crypto/siphash/siphash_pmeth.c | 205 ---------------------
doc/man3/EVP_MAC.pod | 3 +-
doc/man7/{EVP_MAC_CMAC.pod => EVP_MAC_SIPHASH.pod} | 24 +--
include/openssl/evp.h | 5 +-
test/recipes/30-test_evp_data/evpmac.txt | 10 +-
10 files changed, 201 insertions(+), 224 deletions(-)
create mode 100644 crypto/siphash/siphash_meth.c
delete mode 100644 crypto/siphash/siphash_pmeth.c
copy doc/man7/{EVP_MAC_CMAC.pod => EVP_MAC_SIPHASH.pod} (63%)
diff --git a/crypto/evp/c_allm.c b/crypto/evp/c_allm.c
index edf8ba5..2bcd9dc 100644
--- a/crypto/evp/c_allm.c
+++ b/crypto/evp/c_allm.c
@@ -16,4 +16,7 @@ void openssl_add_all_macs_int(void)
EVP_add_mac(&cmac_meth);
#endif
EVP_add_mac(&hmac_meth);
+#ifndef OPENSSL_NO_SIPHASH
+ EVP_add_mac(&siphash_meth);
+#endif
}
diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c
index 9f3817c..d8c0e89 100644
--- a/crypto/evp/pkey_mac.c
+++ b/crypto/evp/pkey_mac.c
@@ -392,3 +392,36 @@ const EVP_PKEY_METHOD hmac_pkey_meth = {
pkey_mac_ctrl,
pkey_mac_ctrl_str
};
+
+const EVP_PKEY_METHOD siphash_pkey_meth = {
+ EVP_PKEY_SIPHASH,
+ EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+ pkey_mac_init,
+ pkey_mac_copy,
+ pkey_mac_cleanup,
+
+ 0, 0,
+
+ 0,
+ pkey_mac_keygen,
+
+ 0, 0,
+
+ 0, 0,
+
+ 0, 0,
+
+ pkey_mac_signctx_init,
+ pkey_mac_signctx,
+
+ 0, 0,
+
+ 0, 0,
+
+ 0, 0,
+
+ 0, 0,
+
+ pkey_mac_ctrl,
+ pkey_mac_ctrl_str
+};
diff --git a/crypto/include/internal/evp_int.h
b/crypto/include/internal/evp_int.h
index e84205c..060538e 100644
--- a/crypto/include/internal/evp_int.h
+++ b/crypto/include/internal/evp_int.h
@@ -130,6 +130,7 @@ struct evp_mac_st {
extern const EVP_MAC cmac_meth;
extern const EVP_MAC hmac_meth;
+extern const EVP_MAC siphash_meth;
/*
* This function is internal for now, but can be made external when needed.
diff --git a/crypto/siphash/build.info b/crypto/siphash/build.info
index 4166344..b56563f 100644
--- a/crypto/siphash/build.info
+++ b/crypto/siphash/build.info
@@ -1,5 +1,5 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
siphash.c \
- siphash_pmeth.c \
+ siphash_meth.c \
siphash_ameth.c
diff --git a/crypto/siphash/siphash_meth.c b/crypto/siphash/siphash_meth.c
new file mode 100644
index 0000000..7a5457d
--- /dev/null
+++ b/crypto/siphash/siphash_meth.c
@@ -0,0 +1,139 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdarg.h>
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include "internal/siphash.h"
+#include "siphash_local.h"
+#include "internal/evp_int.h"
+
+/* local SIPHASH structure is actually a SIPHASH */
+
+struct evp_mac_impl_st {
+ SIPHASH ctx;
+};
+
+static EVP_MAC_IMPL *siphash_new(void)
+{
+ return OPENSSL_zalloc(sizeof(EVP_MAC_IMPL));
+}
+
+static void siphash_free(EVP_MAC_IMPL *sctx)
+{
+ OPENSSL_free(sctx);
+}
+
+static int siphash_copy(EVP_MAC_IMPL *sdst, EVP_MAC_IMPL *ssrc)
+{
+ *sdst = *ssrc;
+ return 1;
+}
+
+static size_t siphash_size(EVP_MAC_IMPL *sctx)
+{
+ return SipHash_hash_size(&sctx->ctx);
+}
+
+static int siphash_init(EVP_MAC_IMPL *sctx)
+{
+ /* Not much to do here, actual initialization happens through controls */
+ return 1;
+}
+
+static int siphash_update(EVP_MAC_IMPL *sctx, const unsigned char *data,
+ size_t datalen)
+{
+ SipHash_Update(&sctx->ctx, data, datalen);
+ return 1;
+}
+
+static int siphash_final(EVP_MAC_IMPL *sctx, unsigned char *out)
+{
+ size_t hlen = siphash_size(sctx);
+
+ return SipHash_Final(&sctx->ctx, out, hlen);
+}
+
+static int siphash_ctrl(EVP_MAC_IMPL *sctx, int cmd, va_list args)
+{
+ switch (cmd) {
+ case EVP_MAC_CTRL_SET_SIZE:
+ {
+ size_t size = va_arg(args, size_t);
+
+ return SipHash_set_hash_size(&sctx->ctx, size);
+ }
+ break;
+ case EVP_MAC_CTRL_SET_KEY:
+ {
+ const unsigned char *key = va_arg(args, const unsigned char *);
+ size_t keylen = va_arg(args, size_t);
+
+ if (key == NULL || keylen != SIPHASH_KEY_SIZE)
+ return 0;
+
+ return SipHash_Init(&sctx->ctx, key, 0, 0);
+ }
+ break;
+ default:
+ return -2;
+ }
+ return 1;
+}
+
+static int siphash_ctrl_int(EVP_MAC_IMPL *sctx, int cmd, ...)
+{
+ int rv;
+ va_list args;
+
+ va_start(args, cmd);
+ rv = siphash_ctrl(sctx, cmd, args);
+ va_end(args);
+
+ return rv;
+}
+
+static int siphash_ctrl_str_cb(void *ctx, int cmd, void *buf, size_t buflen)
+{
+ return siphash_ctrl_int(ctx, cmd, buf, buflen);
+}
+
+static int siphash_ctrl_str(EVP_MAC_IMPL *ctx,
+ const char *type, const char *value)
+{
+ if (value == NULL)
+ return 0;
+ if (strcmp(type, "digestsize") == 0) {
+ size_t hash_size = atoi(value);
+
+ return siphash_ctrl_int(ctx, EVP_MAC_CTRL_SET_SIZE, hash_size);
+ }
+ if (strcmp(type, "key") == 0)
+ return EVP_str2ctrl(siphash_ctrl_str_cb, ctx, EVP_MAC_CTRL_SET_KEY,
+ value);
+ if (strcmp(type, "hexkey") == 0)
+ return EVP_hex2ctrl(siphash_ctrl_str_cb, ctx, EVP_MAC_CTRL_SET_KEY,
+ value);
+ return -2;
+}
+
+const EVP_MAC siphash_meth = {
+ EVP_MAC_SIPHASH,
+ siphash_new,
+ siphash_copy,
+ siphash_free,
+ siphash_size,
+ siphash_init,
+ siphash_update,
+ siphash_final,
+ siphash_ctrl,
+ siphash_ctrl_str
+};
diff --git a/crypto/siphash/siphash_pmeth.c b/crypto/siphash/siphash_pmeth.c
deleted file mode 100644
index 66e552f..0000000
--- a/crypto/siphash/siphash_pmeth.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/*
- * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <stdio.h>
-#include "internal/cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include "internal/siphash.h"
-#include "siphash_local.h"
-#include "internal/evp_int.h"
-
-/* SIPHASH pkey context structure */
-
-typedef struct siphash_pkey_ctx_st {
- ASN1_OCTET_STRING ktmp; /* Temp storage for key */
- SIPHASH ctx;
-} SIPHASH_PKEY_CTX;
-
-static int pkey_siphash_init(EVP_PKEY_CTX *ctx)
-{
- SIPHASH_PKEY_CTX *pctx;
-
- if ((pctx = OPENSSL_zalloc(sizeof(*pctx))) == NULL) {
- CRYPTOerr(CRYPTO_F_PKEY_SIPHASH_INIT, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- pctx->ktmp.type = V_ASN1_OCTET_STRING;
-
- EVP_PKEY_CTX_set_data(ctx, pctx);
- EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
- return 1;
-}
-
-static void pkey_siphash_cleanup(EVP_PKEY_CTX *ctx)
-{
- SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
-
- if (pctx != NULL) {
- OPENSSL_clear_free(pctx->ktmp.data, pctx->ktmp.length);
- OPENSSL_clear_free(pctx, sizeof(*pctx));
- EVP_PKEY_CTX_set_data(ctx, NULL);
- }
-}
-
-static int pkey_siphash_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
-{
- SIPHASH_PKEY_CTX *sctx, *dctx;
-
- /* allocate memory for dst->data and a new SIPHASH_CTX in dst->data->ctx */
- if (!pkey_siphash_init(dst))
- return 0;
- sctx = EVP_PKEY_CTX_get_data(src);
- dctx = EVP_PKEY_CTX_get_data(dst);
- if (ASN1_STRING_get0_data(&sctx->ktmp) != NULL &&
- !ASN1_STRING_copy(&dctx->ktmp, &sctx->ktmp)) {
- /* cleanup and free the SIPHASH_PKEY_CTX in dst->data */
- pkey_siphash_cleanup(dst);
- return 0;
- }
- memcpy(&dctx->ctx, &sctx->ctx, sizeof(SIPHASH));
- return 1;
-}
-
-static int pkey_siphash_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
- ASN1_OCTET_STRING *key;
- SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
-
- if (ASN1_STRING_get0_data(&pctx->ktmp) == NULL)
- return 0;
- key = ASN1_OCTET_STRING_dup(&pctx->ktmp);
- if (key == NULL)
- return 0;
- return EVP_PKEY_assign_SIPHASH(pkey, key);
-}
-
-static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
- SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
-
- SipHash_Update(&pctx->ctx, data, count);
- return 1;
-}
-
-static int siphash_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
-{
- SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
- const unsigned char* key;
- size_t len;
-
- key = EVP_PKEY_get0_siphash(EVP_PKEY_CTX_get0_pkey(ctx), &len);
- if (key == NULL || len != SIPHASH_KEY_SIZE)
- return 0;
- EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
- EVP_MD_CTX_set_update_fn(mctx, int_update);
- return SipHash_Init(&pctx->ctx, key, 0, 0);
-}
-static int siphash_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t
*siglen,
- EVP_MD_CTX *mctx)
-{
- SIPHASH_PKEY_CTX *pctx = ctx->data;
-
- *siglen = SipHash_hash_size(&pctx->ctx);
- if (sig != NULL)
- return SipHash_Final(&pctx->ctx, sig, *siglen);
- return 1;
-}
-
-static int pkey_siphash_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-{
- SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
- const unsigned char *key;
- size_t len;
-
- switch (type) {
-
- case EVP_PKEY_CTRL_MD:
- /* ignore */
- break;
-
- case EVP_PKEY_CTRL_SET_DIGEST_SIZE:
- return SipHash_set_hash_size(&pctx->ctx, p1);
-
- case EVP_PKEY_CTRL_SET_MAC_KEY:
- case EVP_PKEY_CTRL_DIGESTINIT:
- if (type == EVP_PKEY_CTRL_SET_MAC_KEY) {
- /* user explicitly setting the key */
- key = p2;
- len = p1;
- } else {
- /* user indirectly setting the key via EVP_DigestSignInit */
- key = EVP_PKEY_get0_siphash(EVP_PKEY_CTX_get0_pkey(ctx), &len);
- }
- if (key == NULL || len != SIPHASH_KEY_SIZE ||
- !ASN1_OCTET_STRING_set(&pctx->ktmp, key, len))
- return 0;
- /* use default rounds (2,4) */
- return SipHash_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp),
- 0, 0);
-
- default:
- return -2;
-
- }
- return 1;
-}
-
-static int pkey_siphash_ctrl_str(EVP_PKEY_CTX *ctx,
- const char *type, const char *value)
-{
- if (value == NULL)
- return 0;
- if (strcmp(type, "digestsize") == 0) {
- size_t hash_size = atoi(value);
-
- return pkey_siphash_ctrl(ctx, EVP_PKEY_CTRL_SET_DIGEST_SIZE, hash_size,
- NULL);
- }
- if (strcmp(type, "key") == 0)
- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
- if (strcmp(type, "hexkey") == 0)
- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
- return -2;
-}
-
-const EVP_PKEY_METHOD siphash_pkey_meth = {
- EVP_PKEY_SIPHASH,
- EVP_PKEY_FLAG_SIGCTX_CUSTOM, /* we don't deal with a separate MD */
- pkey_siphash_init,
- pkey_siphash_copy,
- pkey_siphash_cleanup,
-
- 0, 0,
-
- 0,
- pkey_siphash_keygen,
-
- 0, 0,
-
- 0, 0,
-
- 0, 0,
-
- siphash_signctx_init,
- siphash_signctx,
-
- 0, 0,
-
- 0, 0,
-
- 0, 0,
-
- 0, 0,
-
- pkey_siphash_ctrl,
- pkey_siphash_ctrl_str
-};
diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod
index 02a4866..a320181 100644
--- a/doc/man3/EVP_MAC.pod
+++ b/doc/man3/EVP_MAC.pod
@@ -327,7 +327,8 @@ F<./foo>)
=head1 SEE ALSO
L<EVP_MAC_CMAC(7)>,
-L<EVP_MAC_HMAC(7)>
+L<EVP_MAC_HMAC(7)>,
+L<EVP_MAC_SIPHASH(7)>
=head1 COPYRIGHT
diff --git a/doc/man7/EVP_MAC_CMAC.pod b/doc/man7/EVP_MAC_SIPHASH.pod
similarity index 63%
copy from doc/man7/EVP_MAC_CMAC.pod
copy to doc/man7/EVP_MAC_SIPHASH.pod
index bb37472..841cd7d 100644
--- a/doc/man7/EVP_MAC_CMAC.pod
+++ b/doc/man7/EVP_MAC_SIPHASH.pod
@@ -2,16 +2,16 @@
=head1 NAME
-EVP_MAC_CMAC - The CMAC EVP_MAC implementation
+EVP_MAC_SIPHASH - The SipHash EVP_MAC implementation
=head1 DESCRIPTION
-Support for computing CMAC MACs through the B<EVP_MAC> API.
+Support for computing SipHash MACs through the B<EVP_MAC> API.
=head2 Numeric identity
-B<EVP_MAC_CMAC> is the numeric identity for this implementation, and
-can be used in functions like EVP_MAC_CTX_new_id() and
+B<EVP_MAC_SIPHASH> is the numeric identity for this implementation,
+and can be used in functions like EVP_MAC_CTX_new_id() and
EVP_get_macbynid().
=head2 Supported controls
@@ -20,6 +20,12 @@ The supported controls are:
=over 4
+=item B<EVP_MAC_CTRL_SET_SIZE>
+
+EVP_MAC_ctrl_str() type string: "digestsize"
+
+The value string is expected to contain a decimal number.
+
=item B<EVP_MAC_CTRL_SET_KEY>
EVP_MAC_ctrl_str() takes to type string for this control:
@@ -37,16 +43,6 @@ decoded before passing on as control value.
=back
-=item B<EVP_MAC_CTRL_SET_ENGINE>
-
-=item B<EVP_MAC_CTRL_SET_CIPHER>
-
-These work as described in L<EVP_MAC(3)/CONTROLS>.
-
-EVP_MAC_ctrl_str() type string for B<EVP_MAC_CTRL_SET_CIPHER>: "cipher"
-
-The value is expected to be the name of a cipher.
-
=back
=head1 SEE ALSO
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 657bedb..cfd6369 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -987,8 +987,9 @@ void EVP_MD_do_all_sorted(void (*fn)
/* MAC stuff */
-# define EVP_MAC_CMAC NID_cmac
-# define EVP_MAC_HMAC NID_hmac
+# define EVP_MAC_CMAC NID_cmac
+# define EVP_MAC_HMAC NID_hmac
+# define EVP_MAC_SIPHASH NID_siphash
EVP_MAC_CTX *EVP_MAC_CTX_new(const EVP_MAC *mac);
EVP_MAC_CTX *EVP_MAC_CTX_new_id(int nid);
diff --git a/test/recipes/30-test_evp_data/evpmac.txt
b/test/recipes/30-test_evp_data/evpmac.txt
index 1d0d5da..4788626 100644
--- a/test/recipes/30-test_evp_data/evpmac.txt
+++ b/test/recipes/30-test_evp_data/evpmac.txt
@@ -118,7 +118,7 @@ Key = 000102030405060708090A0B0C0D0E0F
Input = 0001020304050607
Output = 3b62a9ba6258f5610f83e264f31497b4
-MAC = SipHash
+MAC = SipHash by EVP_PKEY
Key = 000102030405060708090A0B0C0D0E0F
Input = 000102030405060708
Output = 264499060ad9baabc47f8b02bb6d71ed
@@ -157,6 +157,14 @@ Output = 5150d1772f50834a503e069a973fbd7c
MAC = SipHash
Ctrl = digestsize:13
Key = 000102030405060708090A0B0C0D0E0F
+Result = MAC_CTRL_ERROR
+
+# SIPHASH - default values: 2,4 rounds, explicit 13-byte mac (invalid size)
+# by EVP_PKEY this time
+
+MAC = SipHash by EVP_PKEY
+Ctrl = digestsize:13
+Key = 000102030405060708090A0B0C0D0E0F
Result = EVPPKEYCTXCTRL_ERROR
Title = HMAC tests (from RFC2104 and others)
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
