1 /**********************************************************************
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
6 * Implementation of GOST R 34.11-94 hash function *
7 * uses on gost89.c and gost89.h Doesn't need OpenSSL *
8 **********************************************************************/
15 * Use OPENSSL_malloc for memory allocation if compiled with
16 * -DOPENSSL_BUILD, and libc malloc otherwise
20 # include <openssl/crypto.h>
21 # define MYALLOC(size) OPENSSL_malloc(size)
22 # define MYFREE(ptr) OPENSSL_free(ptr)
24 # define MYALLOC(size) malloc(size)
25 # define MYFREE(ptr) free(ptr)
29 * Following functions are various bit meshing routines used in GOST R
32 static void swap_bytes(byte * w, byte * k)
35 for (i = 0; i < 4; i++)
36 for (j = 0; j < 8; j++)
37 k[i + 4 * j] = w[8 * i + j];
42 static void circle_xor8(const byte * w, byte * k)
47 memmove(k, w + 8, 24);
48 for (i = 0; i < 8; i++)
49 k[i + 24] = buf[i] ^ k[i];
53 static void transform_3(byte * data)
55 unsigned short int acc;
56 acc = (data[0] ^ data[2] ^ data[4] ^ data[6] ^ data[24] ^ data[30]) |
57 ((data[1] ^ data[3] ^ data[5] ^ data[7] ^ data[25] ^ data[31]) << 8);
58 memmove(data, data + 2, 30);
59 data[30] = acc & 0xff;
63 /* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/
64 static int add_blocks(int n, byte * left, const byte * right)
68 for (i = 0; i < n; i++) {
69 int sum = (int)left[i] + (int)right[i] + carry;
76 /* Xor two sequences of bytes */
77 static void xor_blocks(byte * result, const byte * a, const byte * b,
81 for (i = 0; i < len; i++)
82 result[i] = a[i] ^ b[i];
86 * Calculate H(i+1) = Hash(Hi,Mi)
87 * Where H and M are 32 bytes long
89 static int hash_step(gost_ctx * c, byte * H, const byte * M)
91 byte U[32], W[32], V[32], S[32], Key[32];
93 /* Compute first key */
94 xor_blocks(W, H, M, 32);
96 /* Encrypt first 8 bytes of H with first key */
97 gost_enc_with_key(c, Key, H, S);
98 /* Compute second key */
102 xor_blocks(W, U, V, 32);
104 /* encrypt second 8 bytes of H with second key */
105 gost_enc_with_key(c, Key, H + 8, S + 8);
106 /* compute third key */
126 xor_blocks(W, U, V, 32);
128 /* encrypt third 8 bytes of H with third key */
129 gost_enc_with_key(c, Key, H + 16, S + 16);
130 /* Compute fourth key */
134 xor_blocks(W, U, V, 32);
136 /* Encrypt last 8 bytes with fourth key */
137 gost_enc_with_key(c, Key, H + 24, S + 24);
138 for (i = 0; i < 12; i++)
140 xor_blocks(S, S, M, 32);
142 xor_blocks(S, S, H, 32);
143 for (i = 0; i < 61; i++)
150 * Initialize gost_hash ctx - cleans up temporary structures and set up
151 * substitution blocks
153 int init_gost_hash_ctx(gost_hash_ctx * ctx,
154 const gost_subst_block * subst_block)
156 memset(ctx, 0, sizeof(*ctx));
157 ctx->cipher_ctx = (gost_ctx *) MYALLOC(sizeof(gost_ctx));
158 if (!ctx->cipher_ctx) {
161 gost_init(ctx->cipher_ctx, subst_block);
166 * Free cipher CTX if it is dynamically allocated. Do not use
167 * if cipher ctx is statically allocated as in OpenSSL implementation of
168 * GOST hash algroritm
171 void done_gost_hash_ctx(gost_hash_ctx * ctx)
174 * No need to use gost_destroy, because cipher keys are not really secret
177 MYFREE(ctx->cipher_ctx);
181 * reset state of hash context to begin hashing new message
183 int start_hash(gost_hash_ctx * ctx)
185 if (!ctx->cipher_ctx)
187 memset(&(ctx->H), 0, 32);
188 memset(&(ctx->S), 0, 32);
195 * Hash block of arbitrary length
199 int hash_block(gost_hash_ctx * ctx, const byte * block, size_t length)
203 * There are some bytes from previous step
205 unsigned int add_bytes = 32 - ctx->left;
206 if (add_bytes > length) {
209 memcpy(&(ctx->remainder[ctx->left]), block, add_bytes);
210 ctx->left += add_bytes;
211 if (ctx->left < 32) {
216 hash_step(ctx->cipher_ctx, ctx->H, ctx->remainder);
217 add_blocks(32, ctx->S, ctx->remainder);
221 while (length >= 32) {
222 hash_step(ctx->cipher_ctx, ctx->H, block);
224 add_blocks(32, ctx->S, block);
230 memcpy(ctx->remainder, block, ctx->left = length);
236 * Compute hash value from current state of ctx
237 * state of hash ctx becomes invalid and cannot be used for further
240 int finish_hash(gost_hash_ctx * ctx, byte * hashval)
245 ghosthash_len fin_len = ctx->len;
247 memcpy(H, ctx->H, 32);
248 memcpy(S, ctx->S, 32);
251 memcpy(buf, ctx->remainder, ctx->left);
252 hash_step(ctx->cipher_ctx, H, buf);
253 add_blocks(32, S, buf);
254 fin_len += ctx->left;
258 hash_step(ctx->cipher_ctx, H, buf);
260 fin_len <<= 3; /* Hash length in BITS!! */
261 while (fin_len > 0) {
262 *(bptr++) = (byte) (fin_len & 0xFF);
265 hash_step(ctx->cipher_ctx, H, buf);
266 hash_step(ctx->cipher_ctx, H, S);
267 memcpy(hashval, H, 32);