two new modes (long and short) per MGM algorithm (magma and kuznyechik).
}
}
+void magma_master_key(gost_ctx *c, const byte *k) {
+ memcpy(c->master_key, k, sizeof(c->master_key));
+}
+
/* Retrieve 256-bit gost89 key from context */
void gost_get_key(gost_ctx * c, byte * k)
{
/* Cleans up key from context */
void gost_destroy(gost_ctx * c)
{
+ OPENSSL_cleanse(c->master_key, sizeof(c->master_key));
OPENSSL_cleanse(c->key, sizeof(c->key));
OPENSSL_cleanse(c->mask, sizeof(c->mask));
}
/* Cipher context includes key and preprocessed substitution block */
typedef struct {
+ u4 master_key[8];
u4 key[8];
u4 mask[8];
/* Constant s-boxes -- set up in gost_init(). */
void gost_key(gost_ctx * c, const byte * k);
/* Set key into context */
void magma_key(gost_ctx * c, const byte * k);
+/* Set master 256-bit key to be used in TLSTREE calculation into context */
+void magma_master_key(gost_ctx *c, const byte *k);
/* Get key from context */
void gost_get_key(gost_ctx * c, byte * k);
/* Set S-blocks into context */
}
}
- if (key)
+ if (key) {
magma_key(&(c->cctx), key);
+ magma_master_key(&(c->cctx), key);
+ }
if (iv) {
memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv,
EVP_CIPHER_CTX_iv_length(ctx));
if (!gost_cipher_set_param(&mctx->ks.g_ks, NID_id_tc26_gost_28147_param_Z))
return 0;
magma_key(&(mctx->ks.g_ks.cctx), key);
+ magma_master_key(&(mctx->ks.g_ks.cctx), key);
gost_mgm128_init(&mctx->mgm, &mctx->ks,
(block128_f) gost_magma_encrypt_wrap, gf64_mul, bl);
mctx->ivlen = ivlen;
mctx->iv = iv;
mctx->taglen = -1;
+ mctx->tlstree_mode = TLSTREE_MODE_NONE;
return 1;
case EVP_CTRL_GET_IVLEN:
memcpy(ptr, buf, arg);
return 1;
+ case EVP_CTRL_SET_TLSTREE_PARAMS:
+ if (strcmp((char *)ptr, "short") == 0)
+ mctx->tlstree_mode = TLSTREE_MODE_S;
+ else if (strcmp((char *)ptr, "long") == 0)
+ mctx->tlstree_mode = TLSTREE_MODE_L;
+ else {
+ // TODO: set err
+ return 0;
+ }
+ return 1;
+
+ case EVP_CTRL_TLSTREE:
+ {
+ unsigned char newkey[32];
+ if (gost_tlstree(NID_magma_mgm,
+ (const unsigned char *)mctx->ks.g_ks.cctx.master_key,
+ newkey, (const unsigned char *)ptr, mctx->tlstree_mode)
+ > 0) {
+ magma_key(&mctx->ks.g_ks.cctx, newkey);
+ memset(newkey, 0, sizeof(newkey));
+ }
+ }
+ return 1;
+
default:
return -1;
}
ctx->ACi.u[0] = 0;
ctx->ACi.u[1] = 0;
+ ctx->sum.u[0] = 0;
+ ctx->sum.u[1] = 0;
memcpy(ctx->nonce.c, iv, ctx->blocklen);
ctx->nonce.c[0] &= 0x7f; /* IV - random vector, but 1st bit should be 0 */
int bl = ctx->blocklen;
if (mlen == 0) {
+ if (alen == 0) {
+ ctx->nonce.c[0] |= 0x80;
+ (*block) (ctx->nonce.c, ctx->Zi.c, key); // Z_1 = E_K(1 || nonce)
+ }
ctx->nonce.c[0] &= 0x7f;
(*block) (ctx->nonce.c, ctx->Yi.c, key); // Y_1 = E_K(0 || nonce)
}
}
n = mres % bl;
- // TODO: full blocks
+ // TODO: replace with full blocks processing
for (i = 0; i < len; ++i) {
if (n == 0) {
(*block) (ctx->Yi.c, ctx->EKi.c, key); // E_K(Y_i)
}
n = mres % bl;
- // TODO: full blocks
+ // TODO: replace with full blocks processing
for (i = 0; i < len; ++i) {
uint8_t c;
if (n == 0) {
unsigned char *iv;
int ivlen;
int taglen;
+ int tlstree_mode;
} gost_mgm_ctx;
int gost2015_final_call(EVP_CIPHER_CTX *ctx, EVP_MD_CTX *omac_ctx, size_t mac_size,
if (key) {
bl = EVP_CIPHER_CTX_iv_length(ctx);
gost_grasshopper_cipher_key(&mctx->ks.gh_ks, key);
+ gost_grasshopper_master_key(&mctx->ks.gh_ks, key);
gost_mgm128_init(&mctx->mgm, &mctx->ks,
(block128_f) gost_grasshopper_encrypt_wrap, gf128_mul_uint64, bl);
mctx->ivlen = ivlen;
mctx->iv = iv;
mctx->taglen = -1;
+ mctx->tlstree_mode = TLSTREE_MODE_NONE;
return 1;
case EVP_CTRL_GET_IVLEN:
memcpy(ptr, buf, arg);
return 1;
+ case EVP_CTRL_SET_TLSTREE_PARAMS:
+ if (strcmp((char *)ptr, "short") == 0)
+ mctx->tlstree_mode = TLSTREE_MODE_S;
+ else if (strcmp((char *)ptr, "long") == 0)
+ mctx->tlstree_mode = TLSTREE_MODE_L;
+ else {
+ // TODO: set err
+ return 0;
+ }
+ return 1;
+
+ case EVP_CTRL_TLSTREE:
+ {
+ unsigned char newkey[32];
+ if (gost_tlstree(NID_kuznyechik_mgm,
+ mctx->ks.gh_ks.master_key.k.b, newkey,
+ (const unsigned char *)ptr, mctx->tlstree_mode)
+ > 0) {
+ gost_grasshopper_cipher_key(&mctx->ks.gh_ks, newkey);
+ memset(newkey, 0, sizeof(newkey));
+ }
+ }
+ return 1;
+
default:
return -1;
}
}
}
if (gost_tlstree(NID_grasshopper_cbc, c->master_key.k.b, newkey,
- (const unsigned char *)seq) > 0) {
+ (const unsigned char *)seq, TLSTREE_MODE_NONE) > 0) {
memset(adjusted_iv, 0, 16);
memcpy(adjusted_iv, EVP_CIPHER_CTX_original_iv(ctx), 8);
for(j=7,carry=0; j>=0; j--)
}
int gost_tlstree(int cipher_nid, const unsigned char *in, unsigned char *out,
- const unsigned char *tlsseq)
+ const unsigned char *tlsseq, int mode)
{
uint64_t gh_c1 = 0x00000000FFFFFFFF, gh_c2 = 0x0000F8FFFFFFFFFF,
gh_c3 = 0xC0FFFFFFFFFFFFFF;
c2 = gh_c2;
c3 = gh_c3;
break;
+ case NID_magma_mgm:
+ switch (mode) {
+ case TLSTREE_MODE_S: // TLS_GOSTR341112_256_WITH_MAGMA_MGM_S
+ c1 = 0x000000fcffffffff;
+ c2 = 0x00e0ffffffffffff;
+ c3 = 0xffffffffffffffff;
+ break;
+ case TLSTREE_MODE_L: // TLS_GOSTR341112_256_WITH_MAGMA_MGM_L
+ c1 = 0x000000000000e0ff;
+ c2 = 0x000000c0ffffffff;
+ c3 = 0x80ffffffffffffff;
+ break;
+ default:
+ return 0;
+ }
+ break;
+ case NID_kuznyechik_mgm:
+ switch (mode) {
+ case TLSTREE_MODE_S: // TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S
+ c1 = 0x000000e0ffffffff;
+ c2 = 0x0000ffffffffffff;
+ c3 = 0xf8ffffffffffffff;
+ break;
+ case TLSTREE_MODE_L: // TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L
+ c1 = 0x00000000000000f8;
+ c2 = 0x00000000f0ffffff;
+ c3 = 0x00e0ffffffffffff;
+ default:
+ return 0;
+ }
+ break;
default:
return 0;
}
# define EVP_PKEY_CTRL_GOST_MAC_HEXKEY (EVP_PKEY_ALG_CTRL+3)
# define EVP_PKEY_CTRL_MAC_LEN (EVP_PKEY_ALG_CTRL+5)
# define EVP_PKEY_CTRL_SET_VKO (EVP_PKEY_ALG_CTRL+11)
+# define TLSTREE_MODE_NONE 0
+# define TLSTREE_MODE_S 1
+# define TLSTREE_MODE_L 2
/* Pmeth internal representation */
struct gost_pmeth_data {
int sign_param_nid; /* Should be set whenever parameters are
int peer_key_used;
int cipher_nid; /* KExp15/KImp15 algs */
int vko_dgst_nid;
+ char derive_mode;
};
struct gost_mac_pmeth_data {
const size_t representation);
int gost_tlstree(int cipher_nid, const unsigned char *in, unsigned char *out,
- const unsigned char *tlsseq);
+ const unsigned char *tlsseq, int mode);
/* KExp/KImp */
int gost_kexp15(const unsigned char *shared_key, const int shared_len,
int cipher_nid, const unsigned char *cipher_key,
if (c->key_set) {
unsigned char diversed_key[32];
return gost_tlstree(c->cipher_nid, c->key, diversed_key,
- (const unsigned char *)ptr) ?
+ (const unsigned char *)ptr, TLSTREE_MODE_NONE) ?
omac_key(c, EVP_get_cipherbynid(c->cipher_nid),
diversed_key, 32) : 0;
}
}
}
- ret = gost_tlstree(NID_grasshopper_cbc, kroot, out, tlsseq);
+ ret = gost_tlstree(NID_grasshopper_cbc, kroot, out, tlsseq, TLSTREE_MODE_NONE);
if (ret <= 0) {
ERR_print_errors_fp(stderr);
err = 7;
projects / openssl-gost / engine.git / commitdiff