From e236f904b2b9eb96406ca63a3fa7ab91c6ed6ee6 Mon Sep 17 00:00:00 2001 From: Conrad Meyer Date: Fri, 20 Jul 2018 01:51:05 +0000 Subject: [PATCH] cryptocheck: Correct mismatch between OpenSSL use and OCF Blake2 This corrects a mistake introduced to the cryptocheck tool in r331418. Our CRYPTO_BLAKE2B and CRYPTO_BLAKE2S algorithms refer to either the plain, unkeyed hashes (specified with cri_klen = 0), or a Blake2-specific keyed MAC (when a cri_key is provided). In contrast, OpenSSL's Blake2 algorithms only provide the plain hash. Cryptocheck's T_HMAC corresponds to OpenSSL's HMAC() routine, which is the ordinary HMAC construction applied to any plain, unkeyed hash. We don't have any HMAC-Blake2 cipher modes in OCF, so fix the test to only test Blake2 as a plain hash. (Ideally we would test keyed Blake2 as well, but that is left as future work.) PR: 229795 --- tools/tools/crypto/cryptocheck.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/tools/crypto/cryptocheck.c b/tools/tools/crypto/cryptocheck.c index fa3459734c65..c8a1be69a3aa 100644 --- a/tools/tools/crypto/cryptocheck.c +++ b/tools/tools/crypto/cryptocheck.c @@ -155,9 +155,9 @@ struct alg { .evp_md = EVP_sha384 }, { .name = "sha512hmac", .mac = CRYPTO_SHA2_512_HMAC, .type = T_HMAC, .evp_md = EVP_sha512 }, - { .name = "blake2b", .mac = CRYPTO_BLAKE2B, .type = T_HMAC, + { .name = "blake2b", .mac = CRYPTO_BLAKE2B, .type = T_HASH, .evp_md = EVP_blake2b512 }, - { .name = "blake2s", .mac = CRYPTO_BLAKE2S, .type = T_HMAC, + { .name = "blake2s", .mac = CRYPTO_BLAKE2S, .type = T_HASH, .evp_md = EVP_blake2s256 }, { .name = "aes-cbc", .cipher = CRYPTO_AES_CBC, .type = T_BLKCIPHER, .evp_cipher = EVP_aes_128_cbc },