Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: MGM mode for magma/kuznyechik cipher. Initial implementation. #393

Open
wants to merge 4 commits into
base: master
Choose a base branch
from

Conversation

igrkir
Copy link

@igrkir igrkir commented Feb 28, 2022

To make tests pass through we need to update OpenSSL's objects.txt file with new identifiers:

  • kuznyechik-mgm
  • magma-mgm

@igrkir
Copy link
Author

igrkir commented Feb 28, 2022

What is the best choice to add identifiers?
I can create additional directory to add script to apply this changes to OpenSSL. But it seems to me, that 'master' branch is bad place for it.

@igrkir
Copy link
Author

igrkir commented Feb 28, 2022

I have applied this changes on my local computer. And it seems that all built in tests is passed through.

@igrkir igrkir closed this Feb 28, 2022
@igrkir
Copy link
Author

igrkir commented Feb 28, 2022

This is my local changes to OpenSSL:

mgm.txt

@beldmit beldmit reopened this Mar 18, 2022
@beldmit
Copy link
Contributor

beldmit commented Mar 18, 2022

Sorry for the delay.

The big idea is

  • we don't add new NIDs to openssl upstream, it will be rejected with probability > 90%
  • we need supporting new ciphers only in providers because engine interface becomes deprecated
  • so we implement MGM only as a part of provider, not as a part of engine.

After that it becomes possible to add support of ciphersuites to openssl.

@igrkir
Copy link
Author

igrkir commented Mar 18, 2022

ok. thanks.
should MGM be available in "engine" part of source code (e.g. for internal use), or only in "provider" part through it's API?

@beldmit
Copy link
Contributor

beldmit commented Mar 18, 2022

In theory, you could dynamically register NIDs for them. In practice I don't see much sense, so let's leave it in provider part only.

@igrkir
Copy link
Author

igrkir commented Mar 18, 2022

so, no internal tests for engine, only for provider case?

@beldmit
Copy link
Contributor

beldmit commented Mar 18, 2022

yes. You should write the C test loading the provider, fetching an algorithm and performing test.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants