New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KMAC implementation using EVP_MAC #7597
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few minor comments, but looking good for the most part.
if (kctx->custom_len == 0) | ||
(void)kmac_ctrl_str(kctx, "custom", ""); | ||
|
||
return bytepad(out, &out_len, kmac_string, sizeof(kmac_string), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we support a sequence like:
init()
init()
update()
final()
where the effects of the first init
are ignored?
I don't see why we should and if that assumption is correct, the code is here if fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm this should probably be made to work.. So I will cache md and not do the digestInit to the kmac_init().
a458bad
to
2beca10
Compare
b2ea98f
to
b369a18
Compare
crypto/kmac/kmac.c
Outdated
|
||
switch (cmd) { | ||
case EVP_MAC_CTRL_SET_XOF: | ||
kctx->xof_mode = va_arg(args, size_t); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The documentation claims the type should be unsigned long not size_t.
doc/man7/EVP_MAC_KMAC.pod
Outdated
|
||
EVP_MAC_ctrl_str() type string: "xof" | ||
|
||
The value string is expected to be an unsigned long. Use 1 to enable XOF mode. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This type doesn't match the code (in two different ways). How about using an int?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
crypto/kmac/kmac.c
Outdated
* right_encoded(requested output length). | ||
|
||
* All other Ctrl functions should be set before init(). | ||
* EVP_MAC_CTRL_SET_MD must be set before EVP_MAC_CTRL_SET_KEY. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This line should be removed
crypto/kmac/kmac.c
Outdated
/* | ||
* The following Ctrl functions can be set any time before final(): | ||
* - EVP_MAC_CTRL_SET_SIZE: The requested output length. | ||
* - EVP_MAC_CTRL_SET_XOF_MODE: If set, this indicates that |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lose _MODE
include/openssl/evp.h
Outdated
@@ -1027,6 +1030,9 @@ void EVP_MAC_do_all_sorted(void (*fn) | |||
# define EVP_MAC_CTRL_SET_CIPHER 0x05 /* EVP_CIPHER * */ | |||
# define EVP_MAC_CTRL_SET_SIZE 0x06 /* size_t */ | |||
# define EVP_MAC_CTRL_SET_IV 0x07 /* unsigned char *, size_t */ | |||
# define EVP_MAC_CTRL_SET_CUSTOM 0x08 /* unsigned char *, size_t */ | |||
# define EVP_MAC_CTRL_SET_XOF 0x09 /* unsigned long */ | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lose the extra blank line
doc/man7/EVP_MAC_KMAC.pod
Outdated
|
||
=item B<EVP_MAC_CTRL_SET_KEY> | ||
|
||
This can only be used after B<EVP_MAC_CTRL_SET_MD> has been set. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lose this line
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, you should probably specify that this can't be called after EVP_MAC_init
|
||
=back | ||
|
||
=item B<EVP_MAC_CTRL_SET_CUSTOM> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should probably specify that this can't be called after EVP_MAC_init
doc/man7/EVP_MAC_KMAC.pod
Outdated
EVP_MAC_ctrl_str() type string: "outlen" | ||
|
||
The value string is expected to contain a decimal number. This can be used to | ||
override the default value that is specified by the digest. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This probably needs to be rephrased, since you don't set the MD any more.
doc/man3/EVP_MAC.pod
Outdated
|
||
=item B<EVP_MAC_CTRL_SET_XOF> | ||
|
||
This control expects one argument: C<unsigned long flags> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/unsigned long/int/
include/openssl/evp.h
Outdated
@@ -1027,6 +1030,9 @@ void EVP_MAC_do_all_sorted(void (*fn) | |||
# define EVP_MAC_CTRL_SET_CIPHER 0x05 /* EVP_CIPHER * */ | |||
# define EVP_MAC_CTRL_SET_SIZE 0x06 /* size_t */ | |||
# define EVP_MAC_CTRL_SET_IV 0x07 /* unsigned char *, size_t */ | |||
# define EVP_MAC_CTRL_SET_CUSTOM 0x08 /* unsigned char *, size_t */ | |||
# define EVP_MAC_CTRL_SET_XOF 0x09 /* unsigned long */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/unsigned long/int/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should all be updated now.
Could a test case with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still looks good.
Merged to master. Thanks for the patience everyone. |
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from #7597)
Checklist