WIP: MGM mode for magma/kuznyechik cipher. Initial implementation.

[igrkir]

To make tests pass through we need to update OpenSSL's objects.txt file with new identifiers:

• kuznyechik-mgm
• magma-mgm

[igrkir]

What is the best choice to add identifiers?
I can create additional directory to add script to apply this changes to OpenSSL. But it seems to me, that 'master' branch is bad place for it.

[igrkir]

I have applied this changes on my local computer. And it seems that all built in tests is passed through.

[igrkir]

This is my local changes to OpenSSL:

mgm.txt

[beldmit]

Sorry for the delay.

The big idea is

• we don't add new NIDs to openssl upstream, it will be rejected with probability > 90%
• we need supporting new ciphers only in providers because engine interface becomes deprecated
• so we implement MGM only as a part of provider, not as a part of engine.

After that it becomes possible to add support of ciphersuites to openssl.

[igrkir]

ok. thanks.
should MGM be available in "engine" part of source code (e.g. for internal use), or only in "provider" part through it's API?

[beldmit]

In theory, you could dynamically register NIDs for them. In practice I don't see much sense, so let's leave it in provider part only.

[igrkir]

so, no internal tests for engine, only for provider case?

[beldmit]

yes. You should write the C test loading the provider, fetching an algorithm and performing test.