1 /**********************************************************************
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
6 * Implementation of CryptoPro key wrap algorithm, as defined in *
7 * RFC 4357 p 6.3 and 6.4 *
8 * Doesn't need OpenSSL *
9 **********************************************************************/
12 #include "gost_keywrap.h"
15 * Diversifies key using random UserKey Material
16 * Implements RFC 4357 p 6.5 key diversification algorithm
18 * inputKey - 32byte key to be diversified
19 * ukm - 8byte user key material
20 * outputKey - 32byte buffer to store diversified key
23 void keyDiversifyCryptoPro(gost_ctx * ctx, const unsigned char *inputKey,
24 const unsigned char *ukm, unsigned char *outputKey)
30 memcpy(outputKey, inputKey, 32);
31 for (i = 0; i < 8; i++) {
32 /* Make array of integers from key */
35 for (j = 0, mask = 1; j < 8; j++, mask <<= 1) {
36 k = ((u4) outputKey[4 * j]) | (outputKey[4 * j + 1] << 8) |
37 (outputKey[4 * j + 2] << 16) | (outputKey[4 * j + 3] << 24);
44 S[0] = (unsigned char)(s1 & 0xff);
45 S[1] = (unsigned char)((s1 >> 8) & 0xff);
46 S[2] = (unsigned char)((s1 >> 16) & 0xff);
47 S[3] = (unsigned char)((s1 >> 24) & 0xff);
48 S[4] = (unsigned char)(s2 & 0xff);
49 S[5] = (unsigned char)((s2 >> 8) & 0xff);
50 S[6] = (unsigned char)((s2 >> 16) & 0xff);
51 S[7] = (unsigned char)((s2 >> 24) & 0xff);
52 gost_key(ctx, outputKey);
53 gost_enc_cfb(ctx, S, outputKey, outputKey, 4);
58 * Wraps key using RFC 4357 6.3
59 * ctx - gost encryption context, initialized with some S-boxes
60 * keyExchangeKey (KEK) 32-byte (256-bit) shared key
61 * ukm - 8 byte (64 bit) user key material,
62 * sessionKey - 32-byte (256-bit) key to be wrapped
63 * wrappedKey - 44-byte buffer to store wrapped key
66 int keyWrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey,
67 const unsigned char *ukm,
68 const unsigned char *sessionKey,
69 unsigned char *wrappedKey)
71 unsigned char kek_ukm[32];
72 keyDiversifyCryptoPro(ctx, keyExchangeKey, ukm, kek_ukm);
73 gost_key(ctx, kek_ukm);
74 memcpy(wrappedKey, ukm, 8);
75 gost_enc(ctx, sessionKey, wrappedKey + 8, 4);
76 gost_mac_iv(ctx, 32, ukm, sessionKey, 32, wrappedKey + 40);
81 * Unwraps key using RFC 4357 6.4
82 * ctx - gost encryption context, initialized with some S-boxes
83 * keyExchangeKey 32-byte shared key
84 * wrappedKey 44 byte key to be unwrapped (concatenation of 8-byte UKM,
85 * 32 byte encrypted key and 4 byte MAC
87 * sessionKEy - 32byte buffer to store sessionKey in
88 * Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match
91 int keyUnwrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey,
92 const unsigned char *wrappedKey,
93 unsigned char *sessionKey)
95 unsigned char kek_ukm[32], cek_mac[4];
96 keyDiversifyCryptoPro(ctx, keyExchangeKey, wrappedKey
97 /* First 8 bytes of wrapped Key is ukm */
99 gost_key(ctx, kek_ukm);
100 gost_dec(ctx, wrappedKey + 8, sessionKey, 4);
101 gost_mac_iv(ctx, 32, wrappedKey, sessionKey, 32, cek_mac);
102 if (memcmp(cek_mac, wrappedKey + 40, 4)) {