diff options
| -rw-r--r-- | .cirrus.yml | 21 | ||||
| -rw-r--r-- | .travis.yml | 26 | ||||
| -rw-r--r-- | CMakeLists.txt | 6 | ||||
| -rw-r--r-- | README.md | 1 | ||||
| -rw-r--r-- | gost_grasshopper_cipher.c | 87 | ||||
| -rw-r--r-- | gost_keyexpimp.c | 9 | ||||
| -rw-r--r-- | test_grasshopper.c | 15 | ||||
| -rw-r--r-- | test_keyexpimp.c | 22 | ||||
| -rw-r--r-- | test_tls.c | 55 |
9 files changed, 122 insertions, 120 deletions
diff --git a/.cirrus.yml b/.cirrus.yml new file mode 100644 index 0000000..d4bb0b8 --- /dev/null +++ b/.cirrus.yml @@ -0,0 +1,21 @@ +FreeBSD_task: + freebsd_instance: + image: freebsd-12-0-release-amd64 + env: + ASSUME_ALWAYS_YES: TRUE # required for unattended "pkg" invocation + PREFIX: ${HOME}/opt + LD_LIBRARY_PATH: ${PREFIX}/lib + PATH: ${PREFIX}/bin:${PATH} + OPENSSL_BRANCH: master + script: + - pkg install git cmake p5-App-cpanminus gdb + - sudo cpanm --notest Test2::V0 + - git clone --depth 1 -b ${OPENSSL_BRANCH} https://github.com/openssl/openssl.git + - cd openssl + - ./config shared -d --prefix=${PREFIX} --openssldir=${PREFIX} && make all install_sw > build.log 2>&1 || (cat build.log && exit 1) + - cd .. + - mkdir build + - cd build + - cmake -DOPENSSL_ROOT_DIR=${PREFIX} -DOPENSSL_LIBRARIES=${PREFIX}/lib -DOPENSSL_ENGINES_DIR=${PREFIX}/engines .. + - make + - make test CTEST_OUTPUT_ON_FAILURE=1 diff --git a/.travis.yml b/.travis.yml index 6c1b262..b3c120f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,33 +7,29 @@ language: c addons: apt: - packages: - - cpanminus + packages: [ cpanminus ] + homebrew: + packages: [ cpanminus ] env: global: - PREFIX=${HOME}/opt - - LD_LIBRARY_PATH=${PREFIX}/lib - PATH=${PREFIX}/bin:${PATH} + - OPENSSL_BRANCH=master matrix: include: - - env: OPENSSL_BRANCH=master - os: linux + - os: linux compiler: gcc - - env: - - OPENSSL_BRANCH=master - - ASAN=-DASAN=1 + - env: ASAN=-DASAN=1 os: linux compiler: gcc -# - env: OPENSSL_BRANCH=OpenSSL_1_1_0-stable -# os: linux -# compiler: gcc -# - env: OPENSSL_BRANCH=OpenSSL_1_0_2-stable -# os: linux -# compiler: gcc + - os: osx + compiler: clang + before_script: + - curl -L https://cpanmin.us | sudo perl - --sudo App::cpanminus - sudo cpanm --notest Test2::V0 > build.log 2>&1 || (cat build.log && exit 1) - git clone --depth 1 -b ${OPENSSL_BRANCH} https://github.com/openssl/openssl.git - cd openssl @@ -41,6 +37,8 @@ before_script: - cd .. script: + - if [ "${TRAVIS_OS_NAME}" = "linux" ]; then export LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH:-}"; fi + - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then export DYLD_LIBRARY_PATH="${PREFIX}/lib:${DYLD_LIBRARY_PATH:-}"; fi - mkdir build - cd build - cmake -DOPENSSL_ROOT_DIR=${PREFIX} -DOPENSSL_LIBRARIES=${PREFIX}/lib -DOPENSSL_ENGINES_DIR=${PREFIX}/engines ${ASAN} .. diff --git a/CMakeLists.txt b/CMakeLists.txt index 2ea9574..a85c86e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -44,6 +44,9 @@ endif() set(BIN_DIRECTORY bin) +# Same soversion as OpenSSL +set(GOST_SOVERSION "${OPENSSL_VERSION_MAJOR}.${OPENSSL_VERSION_MINOR}") + set(OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/${BIN_DIRECTORY}) #set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${OUTPUT_DIRECTORY}) @@ -209,8 +212,9 @@ set_property(TARGET ${BINARY_TESTS_TARGETS} APPEND PROPERTY COMPILE_DEFINITIONS add_library(gost_core STATIC ${GOST_LIB_SOURCE_FILES}) set_target_properties(gost_core PROPERTIES POSITION_INDEPENDENT_CODE ON) -add_library(gost_engine MODULE ${GOST_ENGINE_SOURCE_FILES}) +add_library(gost_engine SHARED ${GOST_ENGINE_SOURCE_FILES}) set_target_properties(gost_engine PROPERTIES PREFIX "" OUTPUT_NAME "gost") +set_target_properties(gost_engine PROPERTIES VERSION ${GOST_SOVERSION} SOVERSION ${GOST_SOVERSION}) target_link_libraries(gost_engine gost_core ${OPENSSL_CRYPTO_LIBRARY}) set(GOST_SUM_SOURCE_FILES @@ -9,3 +9,4 @@ Mailing list: http://www.wagner.pp.ru/list-archives/openssl-gost/ Some useful links: https://www.altlinux.org/OSS-GOST-Crypto +DO NOT TRY BUILDING MASTER BRANCH AGAINST openssl 1.1.1! Use 1_1_0 branch instead! diff --git a/gost_grasshopper_cipher.c b/gost_grasshopper_cipher.c index 529f58a..2249161 100644 --- a/gost_grasshopper_cipher.c +++ b/gost_grasshopper_cipher.c @@ -1184,54 +1184,47 @@ int gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, #ifdef EVP_CTRL_TLS1_2_TLSTREE case EVP_CTRL_TLS1_2_TLSTREE: { - unsigned char newkey[32]; - int mode = EVP_CIPHER_CTX_mode(ctx); - static const unsigned char zeroseq[8]; - gost_grasshopper_cipher_ctx_ctr *ctr_ctx = NULL; - gost_grasshopper_cipher_ctx *c = NULL; - - unsigned char adjusted_iv[16]; - unsigned char seq[8]; - int j; - if (mode != EVP_CIPH_CTR_MODE) - return -1; - - ctr_ctx = (gost_grasshopper_cipher_ctx_ctr *) - EVP_CIPHER_CTX_get_cipher_data(ctx); - c = &(ctr_ctx->c); - - memcpy(seq, ptr, 8); - if (EVP_CIPHER_CTX_encrypting(ctx)) { - /* - * OpenSSL increments seq after mac calculation. - * As we have Mac-Then-Encrypt, we need decrement it here on encryption - * to derive the key correctly. - * */ - if (memcmp(seq, zeroseq, 8) != 0) { - for (j = 7; j >= 0; j--) { - if (seq[j] != 0) { - seq[j]--; - break; - } else - seq[j] = 0xFF; - } - } + unsigned char newkey[32]; + int mode = EVP_CIPHER_CTX_mode(ctx); + static const unsigned char zeroseq[8]; + gost_grasshopper_cipher_ctx_ctr *ctr_ctx = NULL; + gost_grasshopper_cipher_ctx *c = NULL; + + unsigned char adjusted_iv[16]; + unsigned char seq[8]; + int j, carry; + if (mode != EVP_CIPH_CTR_MODE) + return -1; + + ctr_ctx = (gost_grasshopper_cipher_ctx_ctr *) + EVP_CIPHER_CTX_get_cipher_data(ctx); + c = &(ctr_ctx->c); + + memcpy(seq, ptr, 8); + if (EVP_CIPHER_CTX_encrypting(ctx)) { + /* + * OpenSSL increments seq after mac calculation. + * As we have Mac-Then-Encrypt, we need decrement it here on encryption + * to derive the key correctly. + * */ + if (memcmp(seq, zeroseq, 8) != 0) + { + for(j=7; j>=0; j--) + { + if (seq[j] != 0) {seq[j]--; break;} + else seq[j] = 0xFF; + } } - if (gost_tlstree(NID_grasshopper_cbc, c->master_key.k.b, newkey, - (const unsigned char *)seq) > 0) { - memset(adjusted_iv, 0, 16); - memcpy(adjusted_iv, EVP_CIPHER_CTX_original_iv(ctx), 8); - for (j = 7; j >= 0; j--) { - int adj_byte, carry = 0; - adj_byte = adjusted_iv[j] + seq[j] + carry; - carry = (adj_byte > 255) ? 1 : 0; - adjusted_iv[j] = adj_byte & 0xFF; - } - EVP_CIPHER_CTX_set_num(ctx, 0); - memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), adjusted_iv, 16); - - gost_grasshopper_cipher_key(c, newkey); - return 1; + } + if (gost_tlstree(NID_grasshopper_cbc, c->master_key.k.b, newkey, + (const unsigned char *)seq) > 0) { + memset(adjusted_iv, 0, 16); + memcpy(adjusted_iv, EVP_CIPHER_CTX_original_iv(ctx), 8); + for(j=7,carry=0; j>=0; j--) + { + int adj_byte = adjusted_iv[j]+seq[j]+carry; + carry = (adj_byte > 255) ? 1 : 0; + adjusted_iv[j] = adj_byte & 0xFF; } } return -1; diff --git a/gost_keyexpimp.c b/gost_keyexpimp.c index 1f058a1..6df1b2a 100644 --- a/gost_keyexpimp.c +++ b/gost_keyexpimp.c @@ -6,6 +6,7 @@ #include "gost_lcl.h" #include "e_gost_err.h" +int omac_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr); /* * Function expects that out is a preallocated buffer of length * defined as sum of shared_len and mac length defined by mac_nid @@ -44,8 +45,8 @@ int gost_kexp15(const unsigned char *shared_key, const int shared_len, } if (EVP_DigestInit_ex(mac, EVP_get_digestbynid(mac_nid), NULL) <= 0 - || EVP_MD_CTX_ctrl(mac, EVP_MD_CTRL_SET_KEY, 32, mac_key) <= 0 - || EVP_MD_CTX_ctrl(mac, EVP_MD_CTRL_MAC_LEN, mac_len, NULL) <= 0 + || omac_imit_ctrl(mac, EVP_MD_CTRL_SET_KEY, 32, mac_key) <= 0 + || omac_imit_ctrl(mac, EVP_MD_CTRL_MAC_LEN, mac_len, NULL) <= 0 || EVP_DigestUpdate(mac, iv, ivlen) <= 0 || EVP_DigestUpdate(mac, shared_key, shared_len) <= 0 /* As we set MAC length directly, we should not allow overwriting it */ @@ -137,8 +138,8 @@ int gost_kimp15(const unsigned char *expkey, const size_t expkeylen, } if (EVP_DigestInit_ex(mac, EVP_get_digestbynid(mac_nid), NULL) <= 0 - || EVP_MD_CTX_ctrl(mac, EVP_MD_CTRL_SET_KEY, 32, mac_key) <= 0 - || EVP_MD_CTX_ctrl(mac, EVP_MD_CTRL_MAC_LEN, mac_len, NULL) <= 0 + || omac_imit_ctrl(mac, EVP_MD_CTRL_SET_KEY, 32, mac_key) <= 0 + || omac_imit_ctrl(mac, EVP_MD_CTRL_MAC_LEN, mac_len, NULL) <= 0 || EVP_DigestUpdate(mac, iv, ivlen) <= 0 || EVP_DigestUpdate(mac, out, shared_len) <= 0 /* As we set MAC length directly, we should not allow overwriting it */ diff --git a/test_grasshopper.c b/test_grasshopper.c index b148ef1..5329129 100644 --- a/test_grasshopper.c +++ b/test_grasshopper.c @@ -368,6 +368,14 @@ int main(int argc, char **argv) int ret = 0; const struct testcase *t; + setenv("OPENSSL_ENGINES", ENGINE_DIR, 0); + OPENSSL_add_all_algorithms_conf(); + ERR_load_crypto_strings(); + ENGINE *eng; + T(eng = ENGINE_by_id("gost")); + T(ENGINE_init(eng)); + T(ENGINE_set_default(eng, ENGINE_METHOD_ALL)); + for (t = testcases; t->name; t++) { int inplace; const char *standard = t->acpkm? "R 23565.1.017-2018" : "GOST R 34.13-2015"; @@ -383,9 +391,7 @@ int main(int argc, char **argv) t->iv, t->iv_size, t->acpkm); } - /* preload cbc cipher for omac set key */ - EVP_add_cipher(cipher_gost_grasshopper_cbc()); - + printf(cBLUE "# Tests for omac\n" cNORM); ret |= test_mac("OMAC", "GOST R 34.13-2015", grasshopper_omac(), 0, 0, P, sizeof(P), MAC_omac, sizeof(MAC_omac)); ret |= test_mac("OMAC-ACPKM", "R 1323565.1.017-2018 A.4.1", @@ -397,6 +403,9 @@ int main(int argc, char **argv) P_omac_acpkm2, sizeof(P_omac_acpkm2), MAC_omac_acpkm2, sizeof(MAC_omac_acpkm2)); + ENGINE_finish(eng); + ENGINE_free(eng); + if (ret) printf(cDRED "= Some tests FAILED!\n" cNORM); else diff --git a/test_keyexpimp.c b/test_keyexpimp.c index 5e3528d..de7b1fa 100644 --- a/test_keyexpimp.c +++ b/test_keyexpimp.c @@ -9,6 +9,11 @@ #include "e_gost_err.h" #include "gost_grasshopper_cipher.h" +#define T(e) if (!(e)) {\ + ERR_print_errors_fp(stderr);\ + OpenSSLDie(__FILE__, __LINE__, #e);\ + } + static void hexdump(FILE *f, const char *title, const unsigned char *s, int l) { int n = 0; @@ -92,13 +97,15 @@ int main(void) unsigned char tlsseq[8]; unsigned char out[32]; - OpenSSL_add_all_algorithms(); + setenv("OPENSSL_ENGINES", ENGINE_DIR, 0); + OPENSSL_add_all_algorithms_conf(); + ERR_load_crypto_strings(); + ENGINE *eng; + T(eng = ENGINE_by_id("gost")); + T(ENGINE_init(eng)); + T(ENGINE_set_default(eng, ENGINE_METHOD_ALL)); + memset(buf, 0, sizeof(buf)); - /* Make test work without config. */ - EVP_add_cipher(cipher_magma_ctr()); - EVP_add_cipher(cipher_magma_cbc()); - EVP_add_digest(digest_gost2012_256()); - EVP_add_digest(magma_omac()); memset(kroot, 0xFF, 32); memset(tlsseq, 0, 8); @@ -160,5 +167,8 @@ int main(void) } } + ENGINE_finish(eng); + ENGINE_free(eng); + return err; } @@ -69,7 +69,7 @@ struct certkey { * Simple TLS Server code is based on * https://wiki.openssl.org/index.php/Simple_TLS_Server */ -static int s_server(EVP_PKEY *pkey, X509 *cert, int pipewr) +static int s_server(EVP_PKEY *pkey, X509 *cert, int client) { SSL_CTX *ctx; T(ctx = SSL_CTX_new(TLS_server_method())); @@ -77,34 +77,9 @@ static int s_server(EVP_PKEY *pkey, X509 *cert, int pipewr) T(SSL_CTX_use_PrivateKey(ctx, pkey)); T(SSL_CTX_check_private_key(ctx)); - struct sockaddr_in addr = { .sin_family = AF_INET }; - socklen_t len; - int sock; - sock = socket(AF_INET, SOCK_STREAM, 0); - if (sock < 0) - err(1, "socket"); - if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &(int){1}, sizeof(int)) < 0) - err(1, "setsockopt"); - if (bind(sock, (struct sockaddr *)&addr, sizeof(addr)) < 0) - err(1, "bind"); - len = sizeof(addr); - if (getsockname(sock, (struct sockaddr *)&addr, &len) < 0) - err(1, "getsockname"); - int port = ntohs(addr.sin_port); - if (listen(sock, 1) < 0) - err(1, "listen"); - /* Signal to client that server is ready. */ - if (write(pipewr, &port, sizeof(port)) != sizeof(port)) - err(1, "write pipe"); - len = sizeof(addr); - alarm(1); - int client = accept(sock, (struct sockaddr *)&addr, &len); - if (client < 0) - err(1, "accept"); - alarm(0); SSL *ssl; - ssl = SSL_new(ctx); - SSL_set_fd(ssl, client); + T(ssl = SSL_new(ctx)); + T(SSL_set_fd(ssl, client)); T(SSL_accept(ssl) == 1); /* Receive data from client */ @@ -127,7 +102,6 @@ static int s_server(EVP_PKEY *pkey, X509 *cert, int pipewr) SSL_free(ssl); close(client); - close(sock); SSL_CTX_free(ctx); return 0; } @@ -136,7 +110,7 @@ static int s_server(EVP_PKEY *pkey, X509 *cert, int pipewr) * Simple TLC Client code is based on man BIO_f_ssl and * https://wiki.openssl.org/index.php/SSL/TLS_Client */ -static int s_client(int piperd) +static int s_client(int server) { SSL_CTX *ctx; T(ctx = SSL_CTX_new(TLS_client_method())); @@ -150,17 +124,8 @@ static int s_client(int piperd) /* Does not work with reneg. */ BIO_set_ssl_renegotiate_bytes(sbio, 100 * 1024); #endif - int port; - alarm(1); - /* Wait for server to be ready. */ - if (read(piperd, &port, sizeof(port)) != sizeof(port)) - err(1, "read pipe"); - char tport[8]; - snprintf(tport, sizeof(tport), "%d", port); - T(BIO_set_conn_port(sbio, tport)); - T(BIO_do_connect(sbio) == 1); + T(SSL_set_fd(ssl, server)); T(BIO_do_handshake(sbio) == 1); - alarm(0); printf("Protocol: %s\n", SSL_get_version(ssl)); printf("Cipher: %s\n", SSL_get_cipher_name(ssl)); @@ -300,9 +265,9 @@ int test(const char *algname, const char *paramset) struct certkey ck; ck = certgen(algname, paramset); - int pipefd[2]; - if (pipe(pipefd)) - err(1, "pipe"); + int sockfd[2]; + if (socketpair(AF_LOCAL, SOCK_STREAM, 0, sockfd) == -1) + err(1, "socketpair"); pid_t pid = fork(); if (pid < 0) @@ -311,13 +276,13 @@ int test(const char *algname, const char *paramset) if (pid > 0) { int status; - ret = s_client(pipefd[0]); + ret = s_client(sockfd[0]); wait(&status); ret |= WIFEXITED(status) && WEXITSTATUS(status); X509_free(ck.cert); EVP_PKEY_free(ck.pkey); } else if (pid == 0) { - ret = s_server(ck.pkey, ck.cert, pipefd[1]); + ret = s_server(ck.pkey, ck.cert, sockfd[1]); X509_free(ck.cert); EVP_PKEY_free(ck.pkey); exit(ret); |