engine icon indicating copy to clipboard operation
engine copied to clipboard

Published 20 hours ago verified publisher icon gost-engine

WIP: MGM mode for magma/kuznyechik cipher. Initial implementation.

Open igrkir opened this issue 3 years ago • 8 comments

To make tests pass through we need to update OpenSSL's objects.txt file with new identifiers:

  • kuznyechik-mgm
  • magma-mgm

igrkir avatar Feb 28 '22 11:02 igrkir

What is the best choice to add identifiers? I can create additional directory to add script to apply this changes to OpenSSL. But it seems to me, that 'master' branch is bad place for it.

igrkir avatar Feb 28 '22 11:02 igrkir

I have applied this changes on my local computer. And it seems that all built in tests is passed through.

igrkir avatar Feb 28 '22 11:02 igrkir

This is my local changes to OpenSSL:

mgm.txt

igrkir avatar Feb 28 '22 11:02 igrkir

Sorry for the delay.

The big idea is

  • we don't add new NIDs to openssl upstream, it will be rejected with probability > 90%
  • we need supporting new ciphers only in providers because engine interface becomes deprecated
  • so we implement MGM only as a part of provider, not as a part of engine.

After that it becomes possible to add support of ciphersuites to openssl.

beldmit avatar Mar 18 '22 14:03 beldmit

ok. thanks. should MGM be available in "engine" part of source code (e.g. for internal use), or only in "provider" part through it's API?

igrkir avatar Mar 18 '22 14:03 igrkir

In theory, you could dynamically register NIDs for them. In practice I don't see much sense, so let's leave it in provider part only.

beldmit avatar Mar 18 '22 14:03 beldmit

so, no internal tests for engine, only for provider case?

igrkir avatar Mar 18 '22 14:03 igrkir

yes. You should write the C test loading the provider, fetching an algorithm and performing test.

beldmit avatar Mar 18 '22 14:03 beldmit