Re: Is it really possible to generate gost-mac using ccgost engine?

Fri, 12 Nov 2010 09:01:21 -0800 

 This command works with ccgost engine:
openssl dgst -mac gost-mac -binary -macopt hexkey:3132333435363738393031323334353637383930313233343536373839303132 -out mac.bin data.bin 

10.11.2010 2:07, Andrey Kulikov пишет:

Hello,

I've got a problem with calculating gost-mac using Openssl 1.0.0a
May be problem with cmd options, but I was unable to find out how to get it work

Trying to generate gost-mac.
Example from documentation (engines/ccgost/README.gost)
========================
  Calculation of GOST 28147 MAC

  openssl dgst -mac gost-mac -macopt key:<32 bytes of key>  datafile

  Note absense of an option that specifies digest algorithm. gost-mac
  algorithm supports only one digest (which is actually part of
  implementation of this mac) and OpenSSL is clever enough to find out
  this.
========================

# ./apps/openssl dgst -mac gost-mac -macopt key:FF openssl.doxy
Algorithm gost-mac not found

Well, do it like this:
# ./apps/openssl dgst  -gost-mac -macopt key:ff openssl.doxy
Read Error in openssl.doxy
3076327052:error:88073074:lib(136):GOST_IMIT_UPDATE:mac key not
set:gost_crypt.c:527:

The reason is that key for this mac is not set.
The only place where it can be set is control function "gost_imit_ctrl"

engines/ccgost/gost_crypt.c:595

But this function "int gost_imit_ctrl(EVP_MD_CTX, int, int, void *)"
never called.
So length of "key" option is not a root cause.

As I understand, control functions for "dgst" called only if parameter
-mac is specified.
See apps/dgst.c:228   else if (!strcmp(*argv,"-mac"))
and
apps/dgst.c:362         if (mac_name)
But since there is no such parameter it not supposed to work.
But if we do specify it - openssl can't find an algorithms (see first
command line example).

So the question is: is it a bug or it is possible to specify some
valid parameter for -mac option in this case?
Or may be there is other way to get it work?
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]




--
Валерий Блажнов
Ведущий научный сотрудник
ООО "ЛИССИ"
тел. +7(495) 513-33-18 доб.108

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]






















					Reply via email to