X-Git-Url: http://wagner.pp.ru/gitweb/?a=blobdiff_plain;f=gost_grasshopper_cipher.c;h=9df7bbc7b12756d9956cdfb51b7a3351fc56404c;hb=7e6ed644cf97385a95544fcc889e2eb16bcc93ed;hp=b6d044f3ef0b0d02a6a922b76b7b8436a460e64e;hpb=2b79bbba6aed4e69b1d2d0c04da00f121c69799d;p=openssl-gost%2Fengine.git diff --git a/gost_grasshopper_cipher.c b/gost_grasshopper_cipher.c index b6d044f..9df7bbc 100644 --- a/gost_grasshopper_cipher.c +++ b/gost_grasshopper_cipher.c @@ -26,12 +26,7 @@ enum GRASSHOPPER_CIPHER_TYPE { }; static EVP_CIPHER *gost_grasshopper_ciphers[6] = { - [GRASSHOPPER_CIPHER_ECB] = NULL, - [GRASSHOPPER_CIPHER_CBC] = NULL, - [GRASSHOPPER_CIPHER_OFB] = NULL, - [GRASSHOPPER_CIPHER_CFB] = NULL, - [GRASSHOPPER_CIPHER_CTR] = NULL, - [GRASSHOPPER_CIPHER_CTRACPKM] = NULL, + NULL, NULL, NULL, NULL, NULL, NULL, }; static GRASSHOPPER_INLINE void @@ -51,7 +46,7 @@ struct GRASSHOPPER_CIPHER_PARAMS { }; static struct GRASSHOPPER_CIPHER_PARAMS gost_cipher_params[6] = { - [GRASSHOPPER_CIPHER_ECB] = { + { NID_grasshopper_ecb, gost_grasshopper_cipher_init_ecb, gost_grasshopper_cipher_do_ecb, @@ -61,7 +56,7 @@ static struct GRASSHOPPER_CIPHER_PARAMS gost_cipher_params[6] = { 0, true} , - [GRASSHOPPER_CIPHER_CBC] = { + { NID_grasshopper_cbc, gost_grasshopper_cipher_init_cbc, gost_grasshopper_cipher_do_cbc, @@ -71,7 +66,7 @@ static struct GRASSHOPPER_CIPHER_PARAMS gost_cipher_params[6] = { 16, true} , - [GRASSHOPPER_CIPHER_OFB] = { + { NID_grasshopper_ofb, gost_grasshopper_cipher_init_ofb, gost_grasshopper_cipher_do_ofb, @@ -81,7 +76,7 @@ static struct GRASSHOPPER_CIPHER_PARAMS gost_cipher_params[6] = { 16, false} , - [GRASSHOPPER_CIPHER_CFB] = { + { NID_grasshopper_cfb, gost_grasshopper_cipher_init_cfb, gost_grasshopper_cipher_do_cfb, @@ -91,7 +86,7 @@ static struct GRASSHOPPER_CIPHER_PARAMS gost_cipher_params[6] = { 16, false} , - [GRASSHOPPER_CIPHER_CTR] = { + { NID_grasshopper_ctr, gost_grasshopper_cipher_init_ctr, gost_grasshopper_cipher_do_ctr, @@ -104,7 +99,7 @@ static struct GRASSHOPPER_CIPHER_PARAMS gost_cipher_params[6] = { 16, false} , - [GRASSHOPPER_CIPHER_CTRACPKM] = { + { NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, gost_grasshopper_cipher_init_ctracpkm, gost_grasshopper_cipher_do_ctracpkm, @@ -418,6 +413,9 @@ int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned int n = EVP_CIPHER_CTX_num(ctx); size_t lasted; size_t i; + size_t blocks; + grasshopper_w128_t *iv_buffer; + grasshopper_w128_t tmp; while (n && inl) { *(current_out++) = *(current_in++) ^ c->partial_buffer.b[n]; @@ -425,10 +423,9 @@ int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, n = (n + 1) % GRASSHOPPER_BLOCK_SIZE; } EVP_CIPHER_CTX_set_num(ctx, n); - size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE; + blocks = inl / GRASSHOPPER_BLOCK_SIZE; - grasshopper_w128_t *iv_buffer = (grasshopper_w128_t *) iv; - grasshopper_w128_t tmp; + iv_buffer = (grasshopper_w128_t *) iv; // full parts for (i = 0; i < blocks; i++) { @@ -480,15 +477,15 @@ int gost_grasshopper_cipher_do_ctracpkm(EVP_CIPHER_CTX *ctx, gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx); unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); unsigned int num = EVP_CIPHER_CTX_num(ctx); + size_t blocks, i, lasted; + grasshopper_w128_t tmp; while ((num & GRASSHOPPER_BLOCK_MASK) && inl) { *out++ = *in++ ^ c->partial_buffer.b[num & GRASSHOPPER_BLOCK_MASK]; --inl; num++; } - size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE; - size_t i; - grasshopper_w128_t tmp; + blocks = inl / GRASSHOPPER_BLOCK_SIZE; // full parts for (i = 0; i < blocks; i++) { @@ -507,7 +504,7 @@ int gost_grasshopper_cipher_do_ctracpkm(EVP_CIPHER_CTX *ctx, } // last part - size_t lasted = inl - blocks * GRASSHOPPER_BLOCK_SIZE; + lasted = inl - blocks * GRASSHOPPER_BLOCK_SIZE; if (lasted > 0) { apply_acpkm_grasshopper(c, &num); grasshopper_encrypt_block(&c->c.encrypt_round_keys, @@ -688,13 +685,14 @@ int gost_grasshopper_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, int gost_grasshopper_cipher_cleanup(EVP_CIPHER_CTX *ctx) { + struct GRASSHOPPER_CIPHER_PARAMS *params; gost_grasshopper_cipher_ctx *c = (gost_grasshopper_cipher_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx); if (!c) return 1; - struct GRASSHOPPER_CIPHER_PARAMS *params = &gost_cipher_params[c->type]; + params = &gost_cipher_params[c->type]; gost_grasshopper_cipher_destroy(c); if (params->destroy_cipher != NULL) { @@ -715,6 +713,7 @@ int gost_grasshopper_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) os = ASN1_OCTET_STRING_new(); if (!os || !ASN1_OCTET_STRING_set(os, buf, len)) { + ASN1_OCTET_STRING_free(os); OPENSSL_free(buf); GOSTerr(GOST_F_GOST_GRASSHOPPER_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE); @@ -763,57 +762,54 @@ int gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, #ifdef EVP_CTRL_TLS1_2_TLSTREE case EVP_CTRL_TLS1_2_TLSTREE: { - unsigned char newkey[32]; - int mode = EVP_CIPHER_CTX_mode(ctx); - static const unsigned char zeroseq[8]; - gost_grasshopper_cipher_ctx_ctr *ctr_ctx = NULL; - gost_grasshopper_cipher_ctx *c = NULL; - - if (mode != EVP_CIPH_CTR_MODE) - return -1; - - ctr_ctx = (gost_grasshopper_cipher_ctx_ctr *) - EVP_CIPHER_CTX_get_cipher_data(ctx); - c = &(ctr_ctx->c); - - if (gost_tlstree(NID_grasshopper_cbc, c->master_key.k.b, newkey, - (const unsigned char *)ptr) > 0) { - /* FIXME may be it should be moved to separate control */ - unsigned char adjusted_iv[16]; - unsigned char seq[8]; - int j; - memcpy(seq, ptr, 8); - if (EVP_CIPHER_CTX_encrypting(ctx)) { - /* - * OpenSSL increments seq after mac calculation. - * As we have Mac-Then-Encrypt, we need decrement it here on encryption - * to derive the key correctly. - * */ - if (memcmp(seq, zeroseq, 8) != 0) - { - for(j=7; j>=0; j--) - { - if (seq[j] != 0) {seq[j]--; break;} - else seq[j] = 0xFF; - } - } - } - - memset(adjusted_iv, 0, 16); - memcpy(adjusted_iv, EVP_CIPHER_CTX_original_iv(ctx), 8); + unsigned char newkey[32]; + int mode = EVP_CIPHER_CTX_mode(ctx); + static const unsigned char zeroseq[8]; + gost_grasshopper_cipher_ctx_ctr *ctr_ctx = NULL; + gost_grasshopper_cipher_ctx *c = NULL; + + unsigned char adjusted_iv[16]; + unsigned char seq[8]; + int j, carry; + if (mode != EVP_CIPH_CTR_MODE) + return -1; + + ctr_ctx = (gost_grasshopper_cipher_ctx_ctr *) + EVP_CIPHER_CTX_get_cipher_data(ctx); + c = &(ctr_ctx->c); + + memcpy(seq, ptr, 8); + if (EVP_CIPHER_CTX_encrypting(ctx)) { + /* + * OpenSSL increments seq after mac calculation. + * As we have Mac-Then-Encrypt, we need decrement it here on encryption + * to derive the key correctly. + * */ + if (memcmp(seq, zeroseq, 8) != 0) + { for(j=7; j>=0; j--) { - int adj_byte, carry = 0; - adj_byte = adjusted_iv[j]+seq[j]+carry; - carry = (adj_byte > 255) ? 1 : 0; - adjusted_iv[j] = adj_byte & 0xFF; + if (seq[j] != 0) {seq[j]--; break;} + else seq[j] = 0xFF; } - EVP_CIPHER_CTX_set_num(ctx, 0); - memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), adjusted_iv, 16); - - gost_grasshopper_cipher_key(c, newkey); - return 1; } + } + if (gost_tlstree(NID_grasshopper_cbc, c->master_key.k.b, newkey, + (const unsigned char *)seq) > 0) { + memset(adjusted_iv, 0, 16); + memcpy(adjusted_iv, EVP_CIPHER_CTX_original_iv(ctx), 8); + for(j=7,carry=0; j>=0; j--) + { + int adj_byte = adjusted_iv[j]+seq[j]+carry; + carry = (adj_byte > 255) ? 1 : 0; + adjusted_iv[j] = adj_byte & 0xFF; + } + EVP_CIPHER_CTX_set_num(ctx, 0); + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), adjusted_iv, 16); + + gost_grasshopper_cipher_key(c, newkey); + return 1; + } } return -1; #endif @@ -866,14 +862,18 @@ const GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper(uint8_t mode, cipher = &gost_grasshopper_ciphers[num]; if (*cipher == NULL) { + grasshopper_init_cipher_func init_cipher; + int nid, block_size, ctx_size, iv_size; + bool padding; + params = &gost_cipher_params[num]; - int nid = params->nid; - grasshopper_init_cipher_func init_cipher = params->init_cipher; - int block_size = params->block_size; - int ctx_size = params->ctx_size; - int iv_size = params->iv_size; - bool padding = params->padding; + nid = params->nid; + init_cipher = params->init_cipher; + block_size = params->block_size; + ctx_size = params->ctx_size; + iv_size = params->iv_size; + padding = params->padding; *cipher = cipher_gost_grasshopper_create(nid, block_size); if (*cipher == NULL) {