Support GOST cipher suite MAC calculation

GOST ciphersuites require that MAC is calculated over _all_ packets,
rather than just current packet. Add flag to auth_cipher_hd_st
controlling this behaviour.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

diff --git a/lib/cipher_int.c b/lib/cipher_int.c
index 40bf64f8bc1f33d7f458a4995228e9132739b835..b5308aa6290ead7653b9e737c038bebfd1d3fea4 100644 (file)
--- a/lib/cipher_int.c
+++ b/lib/cipher_int.c
@@ -218,6 +218,9 @@ int _gnutls_auth_cipher_init(auth_cipher_hd_st * handle,
                        gnutls_assert();
                        goto cleanup;
                }
+#ifdef ENABLE_GOST
+               handle->continuous_mac = !!(me->flags & GNUTLS_MAC_FLAG_CONTINUOUS_MAC);
+#endif
 
                handle->tag_size = _gnutls_mac_get_algo_len(me);
        } else if (_gnutls_cipher_algo_is_aead(e)) {
@@ -422,14 +425,22 @@ int _gnutls_auth_cipher_tag(auth_cipher_hd_st * handle, void *tag,
 {
        if (handle->is_mac) {
 #ifdef ENABLE_SSL3
-               int ret;
-
                if (handle->ssl_hmac) {
-                       ret =
+                       int ret =
                            _gnutls_mac_output_ssl3(&handle->mac.dig, tag);
                        if (ret < 0)
                                return gnutls_assert_val(ret);
                } else
+#endif
+#ifdef ENABLE_GOST
+               /* draft-smyshlyaev-tls12-gost-suites section 4.1.2 */
+               if (handle->continuous_mac) {
+                       mac_hd_st temp_mac;
+                       int ret = _gnutls_mac_copy(&handle->mac.mac, &temp_mac);
+                       if (ret < 0)
+                               return gnutls_assert_val(ret);
+                       _gnutls_mac_deinit(&temp_mac, tag);
+               } else
 #endif
                        _gnutls_mac_output(&handle->mac.mac, tag);
        } else if (_gnutls_cipher_is_aead(&handle->cipher)) {

diff --git a/lib/cipher_int.h b/lib/cipher_int.h
index 36c9385fbff9e40703294cb5b33a3419396c6fc0..b50a59c64ad69dc82ad60392af3e28fc02186a47 100644 (file)
--- a/lib/cipher_int.h
+++ b/lib/cipher_int.h
@@ -210,6 +210,9 @@ typedef struct {
        unsigned int is_mac:1;
 #ifdef ENABLE_SSL3
        unsigned int ssl_hmac:1;
+#endif
+#ifdef ENABLE_GOST
+       unsigned int continuous_mac:1;
 #endif
        unsigned int non_null:1;
        unsigned int etm:1;

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index ea9d00852ab0e9a8ad6ac40585832e7cd2927167..5f1a915a14adcfe64745a66f8587a6d798c80635 100644 (file)
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -694,6 +694,7 @@ typedef struct gnutls_group_entry_st {
 } gnutls_group_entry_st;
 
 #define GNUTLS_MAC_FLAG_PREIMAGE_INSECURE      1  /* if this algorithm should not be trusted for pre-image attacks */
+#define GNUTLS_MAC_FLAG_CONTINUOUS_MAC         (1 << 1) /* if this MAC should be used in a 'continuous' way in TLS */
 /* This structure is used both for MACs and digests
  */
 typedef struct mac_entry_st {