X-Git-Url: http://wagner.pp.ru/gitweb/?a=blobdiff_plain;f=gost_grasshopper_cipher.c;h=105fd42192b99a2370767f3a757635a927000f70;hb=30cd9189c5dc6b09877208fbbd5ea765199436f6;hp=c0031ad170221b7a12fb8b2e796abed4dfc7de9d;hpb=214bb5e2b55c9bece27ef374ddf1db8c16dc2a99;p=openssl-gost%2Fengine.git diff --git a/gost_grasshopper_cipher.c b/gost_grasshopper_cipher.c index c0031ad..105fd42 100644 --- a/gost_grasshopper_cipher.c +++ b/gost_grasshopper_cipher.c @@ -471,6 +471,7 @@ gost_grasshopper_cipher_init_mgm(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (key) { bl = EVP_CIPHER_CTX_iv_length(ctx); gost_grasshopper_cipher_key(&mctx->ks.gh_ks, key); + gost_grasshopper_master_key(&mctx->ks.gh_ks, key); gost_mgm128_init(&mctx->mgm, &mctx->ks, (block128_f) gost_grasshopper_encrypt_wrap, gf128_mul_uint64, bl); @@ -1036,6 +1037,7 @@ static int gost_grasshopper_mgm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void mctx->ivlen = ivlen; mctx->iv = iv; mctx->taglen = -1; + mctx->tlstree_mode = TLSTREE_MODE_NONE; return 1; case EVP_CTRL_GET_IVLEN: @@ -1075,6 +1077,32 @@ static int gost_grasshopper_mgm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void memcpy(ptr, buf, arg); return 1; + case EVP_CTRL_SET_TLSTREE_PARAMS: + if (strcmp((char *)ptr, "short") == 0) + mctx->tlstree_mode = TLSTREE_MODE_S; + else if (strcmp((char *)ptr, "long") == 0) + mctx->tlstree_mode = TLSTREE_MODE_L; + else { + // TODO: set err + return 0; + } + return 1; + + case EVP_CTRL_TLSTREE: + { + unsigned char newkey[32]; + if (gost_tlstree(NID_kuznyechik_mgm, + mctx->ks.gh_ks.master_key.k.b, newkey, + (const unsigned char *)ptr, mctx->tlstree_mode) + > 0) { + gost_grasshopper_cipher_key(&mctx->ks.gh_ks, newkey); + memset(newkey, 0, sizeof(newkey)); + + return 1; + } + } + return -1; + default: return -1; } @@ -1102,18 +1130,16 @@ static int gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, v c->section_size = arg; break; } -#ifdef EVP_CTRL_TLS1_2_TLSTREE - case EVP_CTRL_TLS1_2_TLSTREE: + case EVP_CTRL_TLSTREE: { unsigned char newkey[32]; int mode = EVP_CIPHER_CTX_mode(ctx); - static const unsigned char zeroseq[8]; gost_grasshopper_cipher_ctx_ctr *ctr_ctx = NULL; gost_grasshopper_cipher_ctx *c = NULL; unsigned char adjusted_iv[16]; unsigned char seq[8]; - int j, carry; + int j, carry, decrement_arg; if (mode != EVP_CIPH_CTR_MODE) return -1; @@ -1121,24 +1147,23 @@ static int gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, v EVP_CIPHER_CTX_get_cipher_data(ctx); c = &(ctr_ctx->c); + /* + * 'arg' parameter indicates what we should do with sequence value. + * + * When function called, seq is incremented after MAC calculation. + * In ETM mode, we use seq 'as is' in the ctrl-function (arg = 0) + * Otherwise we have to decrease it in the implementation (arg = 1). + */ memcpy(seq, ptr, 8); - if (EVP_CIPHER_CTX_encrypting(ctx)) { - /* - * OpenSSL increments seq after mac calculation. - * As we have Mac-Then-Encrypt, we need decrement it here on encryption - * to derive the key correctly. - * */ - if (memcmp(seq, zeroseq, 8) != 0) - { - for(j=7; j>=0; j--) - { - if (seq[j] != 0) {seq[j]--; break;} - else seq[j] = 0xFF; - } - } + decrement_arg = arg; + if (!decrement_sequence(seq, decrement_arg)) + { + GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL, GOST_R_CTRL_CALL_FAILED); + return -1; } + if (gost_tlstree(NID_grasshopper_cbc, c->master_key.k.b, newkey, - (const unsigned char *)seq) > 0) { + (const unsigned char *)seq, TLSTREE_MODE_NONE) > 0) { memset(adjusted_iv, 0, 16); memcpy(adjusted_iv, EVP_CIPHER_CTX_original_iv(ctx), 8); for(j=7,carry=0; j>=0; j--) @@ -1155,7 +1180,6 @@ static int gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, v } } return -1; -#endif #if 0 case EVP_CTRL_AEAD_GET_TAG: case EVP_CTRL_AEAD_SET_TAG: