All tabs replcaded with spaces. One file was 2 tabs fornating.
UKM = BN_lebin2bn(ukm, ukm_size, NULL);
p = BN_CTX_get(ctx);
order = BN_CTX_get(ctx);
- cofactor = BN_CTX_get(ctx);
+ cofactor = BN_CTX_get(ctx);
X = BN_CTX_get(ctx);
Y = BN_CTX_get(ctx);
EC_GROUP_get_order(EC_KEY_get0_group(priv_key), order, ctx);
- EC_GROUP_get_cofactor(EC_KEY_get0_group(priv_key), cofactor, ctx);
+ EC_GROUP_get_cofactor(EC_KEY_get0_group(priv_key), cofactor, ctx);
BN_mod_mul(UKM, UKM, cofactor, order, ctx);
BN_mod_mul(p, key, UKM, order, ctx);
if (!EC_POINT_mul(EC_KEY_get0_group(priv_key), pnt, NULL, pub_key, p, ctx)) {
}
if (!EC_POINT_get_affine_coordinates(EC_KEY_get0_group(priv_key),
pnt, X, Y, ctx)) {
- GOSTerr(GOST_F_VKO_COMPUTE_KEY, ERR_R_EC_LIB);
- goto err;
+ GOSTerr(GOST_F_VKO_COMPUTE_KEY, ERR_R_EC_LIB);
+ goto err;
}
half_len = BN_num_bytes(order);
}
if (data->shared_ukm_size == 0) {
- if (RAND_bytes(data->shared_ukm, 32) <= 0) {
- GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- data->shared_ukm_size = 32;
+ if (RAND_bytes(data->shared_ukm, 32) <= 0) {
+ GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ data->shared_ukm_size = 32;
}
if (gost_keg(data->shared_ukm, pkey_nid,
err:
OPENSSL_cleanse(expkeys, sizeof(expkeys));
if (key_is_ephemeral)
- EVP_PKEY_free(sec_key);
+ EVP_PKEY_free(sec_key);
PSKeyTransport_gost_free(pst);
OPENSSL_free(exp_buf);
size_t *key_len, const unsigned char *in, size_t in_len)
{
struct gost_pmeth_data *gctx = EVP_PKEY_CTX_get_data(pctx);
- switch (gctx->cipher_nid)
- {
- case NID_id_Gost28147_89:
- case NID_undef: /* FIXME */
- return pkey_GOST_ECcp_decrypt(pctx, key, key_len, in, in_len);
- case NID_kuznyechik_ctr:
- case NID_magma_ctr:
- return pkey_gost2018_decrypt(pctx, key, key_len, in, in_len);
- default:
+ switch (gctx->cipher_nid)
+ {
+ case NID_id_Gost28147_89:
+ case NID_undef: /* FIXME */
+ return pkey_GOST_ECcp_decrypt(pctx, key, key_len, in, in_len);
+ case NID_kuznyechik_ctr:
+ case NID_magma_ctr:
+ return pkey_gost2018_decrypt(pctx, key, key_len, in, in_len);
+ default:
GOSTerr(GOST_F_PKEY_GOST_DECRYPT, ERR_R_INTERNAL_ERROR);
return -1;
- }
+ }
}
/* Map tc26-2012 256-bit parameters to cp-2001 parameters */
switch (nid) {
- case NID_id_tc26_gost_3410_2012_256_paramSetB:
- nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet;
- break;
- case NID_id_tc26_gost_3410_2012_256_paramSetC:
- nid = NID_id_GostR3410_2001_CryptoPro_B_ParamSet;
- break;
- case NID_id_tc26_gost_3410_2012_256_paramSetD:
- nid = NID_id_GostR3410_2001_CryptoPro_C_ParamSet;
+ case NID_id_tc26_gost_3410_2012_256_paramSetB:
+ nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet;
+ break;
+ case NID_id_tc26_gost_3410_2012_256_paramSetC:
+ nid = NID_id_GostR3410_2001_CryptoPro_B_ParamSet;
+ break;
+ case NID_id_tc26_gost_3410_2012_256_paramSetD:
+ nid = NID_id_GostR3410_2001_CryptoPro_C_ParamSet;
}
/* Search nid in 2012 paramset */
int i;
for (i = 0; i < OSSL_NELEM(gost_digest_array); i++)
- GOST_deinit_digest(gost_digest_array[i]);
+ GOST_deinit_digest(gost_digest_array[i]);
for (i = 0; i < OSSL_NELEM(gost_cipher_array); i++)
- GOST_deinit_cipher(gost_cipher_array[i]);
+ GOST_deinit_cipher(gost_cipher_array[i]);
gost_param_free();
int i;
for (i = 0; i < OSSL_NELEM(gost_cipher_array); i++) {
- if (!EVP_add_cipher(GOST_init_cipher(gost_cipher_array[i])))
+ if (!EVP_add_cipher(GOST_init_cipher(gost_cipher_array[i])))
goto end;
}
for (i = 0; i < OSSL_NELEM(gost_digest_array); i++) {
- if (!EVP_add_digest(GOST_init_digest(gost_digest_array[i])))
+ if (!EVP_add_digest(GOST_init_digest(gost_digest_array[i])))
goto end;
}
for (i = 0; i < OSSL_NELEM(gost_digest_array); i++)
if (nid == gost_digest_array[i]->nid) {
- *digest = GOST_init_digest(gost_digest_array[i]);
- return 1;
+ *digest = GOST_init_digest(gost_digest_array[i]);
+ return 1;
}
*digest = NULL;
return 0;
for (i = 0; i < OSSL_NELEM(gost_cipher_array); i++)
if (nid == gost_cipher_array[i]->nid) {
- *cipher = GOST_init_cipher(gost_cipher_array[i]);
- return 1;
+ *cipher = GOST_init_cipher(gost_cipher_array[i]);
+ return 1;
}
*cipher = NULL;
return 0;
#include <openssl/rand.h>
int gost2015_final_call(EVP_CIPHER_CTX *ctx, EVP_MD_CTX *omac_ctx, size_t mac_size,
- unsigned char *encrypted_mac,
- int (*do_cipher) (EVP_CIPHER_CTX *ctx,
- unsigned char *out,
- const unsigned char *in,
- size_t inl))
+ unsigned char *encrypted_mac,
+ int (*do_cipher) (EVP_CIPHER_CTX *ctx,
+ unsigned char *out,
+ const unsigned char *in,
+ size_t inl))
{
- unsigned char calculated_mac[KUZNYECHIK_MAC_MAX_SIZE];
- memset(calculated_mac, 0, KUZNYECHIK_MAC_MAX_SIZE);
+ unsigned char calculated_mac[KUZNYECHIK_MAC_MAX_SIZE];
+ memset(calculated_mac, 0, KUZNYECHIK_MAC_MAX_SIZE);
- if (EVP_CIPHER_CTX_encrypting(ctx)) {
- EVP_DigestSignFinal(omac_ctx, calculated_mac, &mac_size);
+ if (EVP_CIPHER_CTX_encrypting(ctx)) {
+ EVP_DigestSignFinal(omac_ctx, calculated_mac, &mac_size);
- if (do_cipher(ctx, encrypted_mac, calculated_mac, mac_size) <= 0) {
- return -1;
- }
- } else {
- unsigned char expected_mac[KUZNYECHIK_MAC_MAX_SIZE];
+ if (do_cipher(ctx, encrypted_mac, calculated_mac, mac_size) <= 0) {
+ return -1;
+ }
+ } else {
+ unsigned char expected_mac[KUZNYECHIK_MAC_MAX_SIZE];
- memset(expected_mac, 0, KUZNYECHIK_MAC_MAX_SIZE);
- EVP_DigestSignFinal(omac_ctx, calculated_mac, &mac_size);
+ memset(expected_mac, 0, KUZNYECHIK_MAC_MAX_SIZE);
+ EVP_DigestSignFinal(omac_ctx, calculated_mac, &mac_size);
- if (do_cipher(ctx, expected_mac, encrypted_mac, mac_size) <= 0) {
- return -1;
- }
+ if (do_cipher(ctx, expected_mac, encrypted_mac, mac_size) <= 0) {
+ return -1;
+ }
- if (CRYPTO_memcmp(expected_mac, calculated_mac, mac_size) != 0)
- return -1;
- }
- return 0;
+ if (CRYPTO_memcmp(expected_mac, calculated_mac, mac_size) != 0)
+ return -1;
+ }
+ return 0;
}
/*
#define MAX_GOST2015_UKM_SIZE 16
#define KDF_SEED_SIZE 8
int gost2015_get_asn1_params(const ASN1_TYPE *params, size_t ukm_size,
- unsigned char *iv, size_t ukm_offset, unsigned char *kdf_seed)
+ unsigned char *iv, size_t ukm_offset, unsigned char *kdf_seed)
{
- int iv_len = 16;
- GOST2015_CIPHER_PARAMS *gcp = NULL;
+ int iv_len = 16;
+ GOST2015_CIPHER_PARAMS *gcp = NULL;
- unsigned char *p = NULL;
+ unsigned char *p = NULL;
- memset(iv, 0, iv_len);
+ memset(iv, 0, iv_len);
- /* Проверяем тип params */
- if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) {
- GOSTerr(GOST_F_GOST2015_GET_ASN1_PARAMS, GOST_R_INVALID_CIPHER_PARAMS);
- return 0;
- }
+ /* Проверяем тип params */
+ if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) {
+ GOSTerr(GOST_F_GOST2015_GET_ASN1_PARAMS, GOST_R_INVALID_CIPHER_PARAMS);
+ return 0;
+ }
- p = params->value.sequence->data;
- /* Извлекаем структуру параметров */
- gcp = d2i_GOST2015_CIPHER_PARAMS(NULL, (const unsigned char **)&p, params->value.sequence->length);
- if (gcp == NULL) {
- GOSTerr(GOST_F_GOST2015_GET_ASN1_PARAMS, GOST_R_INVALID_CIPHER_PARAMS);
- return 0;
- }
+ p = params->value.sequence->data;
+ /* Извлекаем структуру параметров */
+ gcp = d2i_GOST2015_CIPHER_PARAMS(NULL, (const unsigned char **)&p, params->value.sequence->length);
+ if (gcp == NULL) {
+ GOSTerr(GOST_F_GOST2015_GET_ASN1_PARAMS, GOST_R_INVALID_CIPHER_PARAMS);
+ return 0;
+ }
- /* Проверяем длину синхропосылки */
- if (gcp->ukm->length != (int)ukm_size) {
- GOSTerr(GOST_F_GOST2015_GET_ASN1_PARAMS, GOST_R_INVALID_CIPHER_PARAMS);
- GOST2015_CIPHER_PARAMS_free(gcp);
- return 0;
- }
+ /* Проверяем длину синхропосылки */
+ if (gcp->ukm->length != (int)ukm_size) {
+ GOSTerr(GOST_F_GOST2015_GET_ASN1_PARAMS, GOST_R_INVALID_CIPHER_PARAMS);
+ GOST2015_CIPHER_PARAMS_free(gcp);
+ return 0;
+ }
- memcpy(iv, gcp->ukm->data, ukm_offset);
- memcpy(kdf_seed, gcp->ukm->data+ukm_offset, KDF_SEED_SIZE);
+ memcpy(iv, gcp->ukm->data, ukm_offset);
+ memcpy(kdf_seed, gcp->ukm->data+ukm_offset, KDF_SEED_SIZE);
- GOST2015_CIPHER_PARAMS_free(gcp);
- return 1;
+ GOST2015_CIPHER_PARAMS_free(gcp);
+ return 1;
}
int gost2015_set_asn1_params(ASN1_TYPE *params,
- const unsigned char *iv, size_t iv_size, const unsigned char *kdf_seed)
+ const unsigned char *iv, size_t iv_size, const unsigned char *kdf_seed)
{
- GOST2015_CIPHER_PARAMS *gcp = GOST2015_CIPHER_PARAMS_new();
- int ret = 0, len = 0;
+ GOST2015_CIPHER_PARAMS *gcp = GOST2015_CIPHER_PARAMS_new();
+ int ret = 0, len = 0;
- ASN1_OCTET_STRING *os = NULL;
- unsigned char ukm_buf[MAX_GOST2015_UKM_SIZE];
- unsigned char *buf = NULL;
+ ASN1_OCTET_STRING *os = NULL;
+ unsigned char ukm_buf[MAX_GOST2015_UKM_SIZE];
+ unsigned char *buf = NULL;
- if (gcp == NULL) {
- GOSTerr(GOST_F_GOST2015_SET_ASN1_PARAMS, ERR_R_MALLOC_FAILURE);
- return 0;
- }
+ if (gcp == NULL) {
+ GOSTerr(GOST_F_GOST2015_SET_ASN1_PARAMS, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
- memcpy(ukm_buf, iv, iv_size);
- memcpy(ukm_buf+iv_size, kdf_seed, KDF_SEED_SIZE);
+ memcpy(ukm_buf, iv, iv_size);
+ memcpy(ukm_buf+iv_size, kdf_seed, KDF_SEED_SIZE);
- if (ASN1_STRING_set(gcp->ukm, ukm_buf, iv_size + KDF_SEED_SIZE) == 0) {
- GOSTerr(GOST_F_GOST2015_SET_ASN1_PARAMS, ERR_R_MALLOC_FAILURE);
- goto end;
- }
+ if (ASN1_STRING_set(gcp->ukm, ukm_buf, iv_size + KDF_SEED_SIZE) == 0) {
+ GOSTerr(GOST_F_GOST2015_SET_ASN1_PARAMS, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
- len = i2d_GOST2015_CIPHER_PARAMS(gcp, &buf);
+ len = i2d_GOST2015_CIPHER_PARAMS(gcp, &buf);
- if (len <= 0
- || (os = ASN1_OCTET_STRING_new()) == NULL
- || ASN1_OCTET_STRING_set(os, buf, len) == 0) {
- goto end;
+ if (len <= 0
+ || (os = ASN1_OCTET_STRING_new()) == NULL
+ || ASN1_OCTET_STRING_set(os, buf, len) == 0) {
+ goto end;
}
- ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
- ret = 1;
+ ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
+ ret = 1;
end:
- OPENSSL_free(buf);
- if (ret <= 0 && os)
- ASN1_OCTET_STRING_free(os);
+ OPENSSL_free(buf);
+ if (ret <= 0 && os)
+ ASN1_OCTET_STRING_free(os);
- GOST2015_CIPHER_PARAMS_free(gcp);
- return ret;
+ GOST2015_CIPHER_PARAMS_free(gcp);
+ return ret;
}
-int gost2015_process_unprotected_attributes(STACK_OF(X509_ATTRIBUTE) *attrs,
- int encryption, size_t mac_len, unsigned char *final_tag)
+int gost2015_process_unprotected_attributes(
+ STACK_OF(X509_ATTRIBUTE) *attrs,
+ int encryption, size_t mac_len, unsigned char *final_tag)
{
- if (encryption == 0) /*Decrypting*/ {
- ASN1_OCTET_STRING *osExpectedMac = X509at_get0_data_by_OBJ(attrs,
- OBJ_txt2obj(OID_GOST_CMS_MAC, 1), -3, V_ASN1_OCTET_STRING);
-
- if (!osExpectedMac || osExpectedMac->length != (int)mac_len)
- return -1;
-
- memcpy(final_tag, osExpectedMac->data, osExpectedMac->length);
- } else {
- if (attrs == NULL)
- return -1;
- return (X509at_add1_attr_by_OBJ(&attrs, OBJ_txt2obj(OID_GOST_CMS_MAC, 1),
- V_ASN1_OCTET_STRING, final_tag, mac_len) == NULL) ? -1 : 1;
- }
- return 1;
+ if (encryption == 0) /*Decrypting*/ {
+ ASN1_OCTET_STRING *osExpectedMac = X509at_get0_data_by_OBJ(attrs,
+ OBJ_txt2obj(OID_GOST_CMS_MAC, 1), -3, V_ASN1_OCTET_STRING);
+
+ if (!osExpectedMac || osExpectedMac->length != (int)mac_len)
+ return -1;
+
+ memcpy(final_tag, osExpectedMac->data, osExpectedMac->length);
+ } else {
+ if (attrs == NULL)
+ return -1;
+ return (X509at_add1_attr_by_OBJ(&attrs,
+ OBJ_txt2obj(OID_GOST_CMS_MAC, 1),
+ V_ASN1_OCTET_STRING, final_tag,
+ mac_len) == NULL) ? -1 : 1;
+ }
+ return 1;
}
int gost2015_acpkm_omac_init(int nid, int enc, const unsigned char *inkey,
EVP_MD_CTX *omac_ctx,
unsigned char *outkey, unsigned char *kdf_seed)
{
- int ret = 0;
- unsigned char keys[64];
- const EVP_MD *md = EVP_get_digestbynid(nid);
- EVP_PKEY *mac_key;
+ int ret = 0;
+ unsigned char keys[64];
+ const EVP_MD *md = EVP_get_digestbynid(nid);
+ EVP_PKEY *mac_key;
- if (md == NULL)
- return 0;
+ if (md == NULL)
+ return 0;
- if (enc) {
- if (RAND_bytes(kdf_seed, 8) != 1)
- return 0;
- }
+ if (enc) {
+ if (RAND_bytes(kdf_seed, 8) != 1)
+ return 0;
+ }
- if (gost_kdftree2012_256(keys, 64, inkey, 32, (const unsigned char *)"kdf tree", 8, kdf_seed, 8, 1) <= 0)
- return 0;
+ if (gost_kdftree2012_256(keys, 64, inkey, 32,
+ (const unsigned char *)"kdf tree", 8, kdf_seed, 8, 1) <= 0)
+ return 0;
- mac_key = EVP_PKEY_new_mac_key(nid, NULL, keys+32, 32);
+ mac_key = EVP_PKEY_new_mac_key(nid, NULL, keys+32, 32);
- if (mac_key == NULL)
- goto end;
+ if (mac_key == NULL)
+ goto end;
- if (EVP_DigestInit_ex(omac_ctx, md, NULL) <= 0 ||
- EVP_DigestSignInit(omac_ctx, NULL, md, NULL, mac_key) <= 0)
- goto end;
+ if (EVP_DigestInit_ex(omac_ctx, md, NULL) <= 0 ||
+ EVP_DigestSignInit(omac_ctx, NULL, md, NULL, mac_key) <= 0)
+ goto end;
- memcpy(outkey, keys, 32);
+ memcpy(outkey, keys, 32);
- ret = 1;
+ ret = 1;
end:
- EVP_PKEY_free(mac_key);
- OPENSSL_cleanse(keys, sizeof(keys));
+ EVP_PKEY_free(mac_key);
+ OPENSSL_cleanse(keys, sizeof(keys));
- return ret;
+ return ret;
}
int init_zero_kdf_seed(unsigned char *kdf_seed)
{
- int is_zero_kdfseed = 1, i;
- for (i = 0; i < 8; i++) {
- if (kdf_seed[i] != 0)
- is_zero_kdfseed = 0;
- }
+ int is_zero_kdfseed = 1, i;
+ for (i = 0; i < 8; i++) {
+ if (kdf_seed[i] != 0)
+ is_zero_kdfseed = 0;
+ }
- return is_zero_kdfseed ? RAND_bytes(kdf_seed, 8) : 1;
+ return is_zero_kdfseed ? RAND_bytes(kdf_seed, 8) : 1;
}
char *key, const unsigned
char *iv, int enc)
{
- gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
+ gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
- /* NB: setting type makes EVP do_cipher callback useless */
- c->c.type = GRASSHOPPER_CIPHER_CTRACPKMOMAC;
- EVP_CIPHER_CTX_set_num(ctx, 0);
- c->section_size = 4096;
+ /* NB: setting type makes EVP do_cipher callback useless */
+ c->c.type = GRASSHOPPER_CIPHER_CTRACPKMOMAC;
+ EVP_CIPHER_CTX_set_num(ctx, 0);
+ c->section_size = 4096;
- if (key) {
- unsigned char cipher_key[32];
- c->omac_ctx = EVP_MD_CTX_new();
+ if (key) {
+ unsigned char cipher_key[32];
+ c->omac_ctx = EVP_MD_CTX_new();
- if (c->omac_ctx == NULL) {
- GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_INIT_CTRACPKM_OMAC, ERR_R_MALLOC_FAILURE);
- return 0;
- }
+ if (c->omac_ctx == NULL) {
+ GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_INIT_CTRACPKM_OMAC, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
- if (gost2015_acpkm_omac_init(NID_kuznyechik_mac, enc, key,
- c->omac_ctx, cipher_key, c->kdf_seed) != 1) {
- EVP_MD_CTX_free(c->omac_ctx);
- c->omac_ctx = NULL;
- return 0;
- }
+ if (gost2015_acpkm_omac_init(NID_kuznyechik_mac, enc, key,
+ c->omac_ctx, cipher_key, c->kdf_seed) != 1) {
+ EVP_MD_CTX_free(c->omac_ctx);
+ c->omac_ctx = NULL;
+ return 0;
+ }
- return gost_grasshopper_cipher_init(ctx, cipher_key, iv, enc);
- }
+ return gost_grasshopper_cipher_init(ctx, cipher_key, iv, enc);
+ }
- return gost_grasshopper_cipher_init(ctx, key, iv, enc);
+ return gost_grasshopper_cipher_init(ctx, key, iv, enc);
}
static int gost_grasshopper_cipher_do_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out,
ctr128_inc(iv_buffer->b);
current_in += GRASSHOPPER_BLOCK_SIZE;
current_out += GRASSHOPPER_BLOCK_SIZE;
- lasted -= GRASSHOPPER_BLOCK_SIZE;
+ lasted -= GRASSHOPPER_BLOCK_SIZE;
}
if (lasted > 0) {
in += GRASSHOPPER_BLOCK_SIZE;
out += GRASSHOPPER_BLOCK_SIZE;
num += GRASSHOPPER_BLOCK_SIZE;
- lasted -= GRASSHOPPER_BLOCK_SIZE;
+ lasted -= GRASSHOPPER_BLOCK_SIZE;
}
// last part
const unsigned char *in,
size_t inl)
{
- int result;
- gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
- /* As in and out can be the same pointer, process unencrypted here */
- if (EVP_CIPHER_CTX_encrypting(ctx))
- EVP_DigestSignUpdate(c->omac_ctx, in, inl);
-
- if (in == NULL && inl == 0) { /* Final call */
- return gost2015_final_call(ctx, c->omac_ctx, KUZNYECHIK_MAC_MAX_SIZE, c->tag, gost_grasshopper_cipher_do_ctracpkm);
- }
-
- if (in == NULL) {
- GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_DO_CTRACPKM_OMAC, ERR_R_EVP_LIB);
- return -1;
- }
- result = gost_grasshopper_cipher_do_ctracpkm(ctx, out, in, inl);
-
- /* As in and out can be the same pointer, process decrypted here */
- if (!EVP_CIPHER_CTX_encrypting(ctx))
- EVP_DigestSignUpdate(c->omac_ctx, out, inl);
-
- return result;
+ int result;
+ gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
+ /* As in and out can be the same pointer, process unencrypted here */
+ if (EVP_CIPHER_CTX_encrypting(ctx))
+ EVP_DigestSignUpdate(c->omac_ctx, in, inl);
+
+ if (in == NULL && inl == 0) { /* Final call */
+ return gost2015_final_call(ctx, c->omac_ctx, KUZNYECHIK_MAC_MAX_SIZE, c->tag, gost_grasshopper_cipher_do_ctracpkm);
+ }
+
+ if (in == NULL) {
+ GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_DO_CTRACPKM_OMAC, ERR_R_EVP_LIB);
+ return -1;
+ }
+ result = gost_grasshopper_cipher_do_ctracpkm(ctx, out, in, inl);
+
+ /* As in and out can be the same pointer, process decrypted here */
+ if (!EVP_CIPHER_CTX_encrypting(ctx))
+ EVP_DigestSignUpdate(c->omac_ctx, out, inl);
+
+ return result;
}
/*
* Fixed 128-bit IV implementation make shift regiser redundant.
static int gost_grasshopper_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
{
- if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CTR_MODE) {
- gost_grasshopper_cipher_ctx_ctr *ctr = EVP_CIPHER_CTX_get_cipher_data(ctx);
+ if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CTR_MODE) {
+ gost_grasshopper_cipher_ctx_ctr *ctr = EVP_CIPHER_CTX_get_cipher_data(ctx);
- /* CMS implies 256kb section_size */
- ctr->section_size = 256*1024;
+ /* CMS implies 256kb section_size */
+ ctr->section_size = 256*1024;
- return gost2015_set_asn1_params(params, EVP_CIPHER_CTX_original_iv(ctx), 8,
- ctr->kdf_seed);
- }
- return 0;
+ return gost2015_set_asn1_params(params,
+ EVP_CIPHER_CTX_original_iv(ctx), 8, ctr->kdf_seed);
+ }
+ return 0;
}
static GRASSHOPPER_INLINE int
gost_grasshopper_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
{
- if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CTR_MODE) {
- gost_grasshopper_cipher_ctx_ctr *ctr = EVP_CIPHER_CTX_get_cipher_data(ctx);
+ if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CTR_MODE) {
+ gost_grasshopper_cipher_ctx_ctr *ctr = EVP_CIPHER_CTX_get_cipher_data(ctx);
- int iv_len = 16;
- unsigned char iv[16];
+ int iv_len = 16;
+ unsigned char iv[16];
- if (gost2015_get_asn1_params(params, 16, iv, 8, ctr->kdf_seed) == 0) {
- return 0;
- }
+ if (gost2015_get_asn1_params(params, 16, iv, 8, ctr->kdf_seed) == 0) {
+ return 0;
+ }
- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, iv_len);
- memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv, iv_len);
+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, iv_len);
+ memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv, iv_len);
- /* CMS implies 256kb section_size */
- ctr->section_size = 256*1024;
- return 1;
- }
- return 0;
+ /* CMS implies 256kb section_size */
+ ctr->section_size = 256*1024;
+ return 1;
+ }
+ return 0;
}
static int gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
gost_grasshopper_cipher_ctx_ctr *c =
EVP_CIPHER_CTX_get_cipher_data(ctx);
if ((c->c.type != GRASSHOPPER_CIPHER_CTRACPKM &&
- c->c.type != GRASSHOPPER_CIPHER_CTRACPKMOMAC)
- || (arg == 0)
- || (arg % GRASSHOPPER_BLOCK_SIZE))
+ c->c.type != GRASSHOPPER_CIPHER_CTRACPKMOMAC)
+ || (arg == 0)
+ || (arg % GRASSHOPPER_BLOCK_SIZE))
return -1;
c->section_size = arg;
break;
return 1;
}
#endif
- case EVP_CTRL_PROCESS_UNPROTECTED:
+ case EVP_CTRL_PROCESS_UNPROTECTED:
{
STACK_OF(X509_ATTRIBUTE) *x = ptr;
gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
}
return 1;
case EVP_CTRL_COPY: {
- EVP_CIPHER_CTX *out = ptr;
-
- gost_grasshopper_cipher_ctx_ctr *out_cctx = EVP_CIPHER_CTX_get_cipher_data(out);
- gost_grasshopper_cipher_ctx_ctr *in_cctx = EVP_CIPHER_CTX_get_cipher_data(ctx);
-
- if (in_cctx->c.type != GRASSHOPPER_CIPHER_CTRACPKMOMAC)
- return -1;
-
- if (in_cctx->omac_ctx == out_cctx->omac_ctx) {
- out_cctx->omac_ctx = EVP_MD_CTX_new();
- if (out_cctx->omac_ctx == NULL) {
- GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL, ERR_R_MALLOC_FAILURE);
- return -1;
- }
- }
- return EVP_MD_CTX_copy(out_cctx->omac_ctx, in_cctx->omac_ctx);
- }
+ EVP_CIPHER_CTX *out = ptr;
+
+ gost_grasshopper_cipher_ctx_ctr *out_cctx = EVP_CIPHER_CTX_get_cipher_data(out);
+ gost_grasshopper_cipher_ctx_ctr *in_cctx = EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+ if (in_cctx->c.type != GRASSHOPPER_CIPHER_CTRACPKMOMAC)
+ return -1;
+
+ if (in_cctx->omac_ctx == out_cctx->omac_ctx) {
+ out_cctx->omac_ctx = EVP_MD_CTX_new();
+ if (out_cctx->omac_ctx == NULL) {
+ GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ }
+ return EVP_MD_CTX_copy(out_cctx->omac_ctx, in_cctx->omac_ctx);
+ }
default:
GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL,
GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND);
void grasshopper_encrypt_block(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source,
grasshopper_w128_t* target, grasshopper_w128_t* buffer) {
- int i;
+ int i;
grasshopper_copy128(target, source);
for (i = 0; i < 9; i++) {
void grasshopper_decrypt_block(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source,
grasshopper_w128_t* target, grasshopper_w128_t* buffer) {
- int i;
+ int i;
grasshopper_copy128(target, source);
grasshopper_append128multi(buffer, target, grasshopper_l_dec128);
}
s = BN_bin2bn(sigbuf, siglen / 2, NULL);
r = BN_bin2bn(sigbuf + siglen / 2, siglen / 2, NULL);
- ECDSA_SIG_set0(sig, r, s);
+ ECDSA_SIG_set0(sig, r, s);
return sig;
}
static int pkey_gost_magma_mac_init(EVP_PKEY_CTX *ctx)
{
- return pkey_gost_omac_init(ctx, 8);
+ return pkey_gost_omac_init(ctx, 8);
}
static int pkey_gost_grasshopper_mac_init(EVP_PKEY_CTX *ctx)
{
- return pkey_gost_omac_init(ctx, 16);
+ return pkey_gost_omac_init(ctx, 16);
}
static void pkey_gost_mac_cleanup(EVP_PKEY_CTX *ctx)
}
param = get_encryption_params(obj);
- ASN1_OBJECT_free(obj);
+ ASN1_OBJECT_free(obj);
if (param == NULL) {
GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_PARAMS);
return 0;
static int pkey_gost_magma_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
- return pkey_gost_omac_ctrl(ctx, type, p1, p2, 8);
+ return pkey_gost_omac_ctrl(ctx, type, p1, p2, 8);
}
static int pkey_gost_grasshopper_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
- return pkey_gost_omac_ctrl(ctx, type, p1, p2, 16);
+ return pkey_gost_omac_ctrl(ctx, type, p1, p2, 16);
}
static int pkey_gost_omac_ctrl_str(EVP_PKEY_CTX *ctx,
static int pkey_gost_magma_mac_ctrl_str(EVP_PKEY_CTX *ctx,
const char *type, const char *value)
{
- return pkey_gost_omac_ctrl_str(ctx, type, value, 8);
+ return pkey_gost_omac_ctrl_str(ctx, type, value, 8);
}
static int pkey_gost_grasshopper_mac_ctrl_str(EVP_PKEY_CTX *ctx,
const char *type, const char *value)
{
- return pkey_gost_omac_ctrl_str(ctx, type, value, 8);
+ return pkey_gost_omac_ctrl_str(ctx, type, value, 8);
}
static int pkey_gost_mac_keygen_base(EVP_PKEY_CTX *ctx,
pkey_gost_derive_init, pkey_gost_ec_derive);
EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,
pkey_gost2001_paramgen);
- EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check);
- EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check);
+ EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check);
+ EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check);
break;
case NID_id_GostR3410_2012_256:
EVP_PKEY_meth_set_ctrl(*pmeth,
EVP_PKEY_meth_set_paramgen(*pmeth,
pkey_gost_paramgen_init,
pkey_gost2012_paramgen);
- EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check);
- EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check);
+ EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check);
+ EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check);
break;
case NID_id_GostR3410_2012_512:
EVP_PKEY_meth_set_ctrl(*pmeth,
EVP_PKEY_meth_set_paramgen(*pmeth,
pkey_gost_paramgen_init,
pkey_gost2012_paramgen);
- EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check);
- EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check);
+ EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check);
+ EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check);
break;
case NID_id_Gost28147_89_MAC:
EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl,
# ifdef HAVE_ADDCARRY_U64
for (i = 0; i < 8; i++)
- CF = _addcarry_u64(CF, x->QWORD[i] , y->QWORD[i], &(x->QWORD[i]));
+ CF = _addcarry_u64(CF, x->QWORD[i] , y->QWORD[i], &(x->QWORD[i]));
# else
for (i = 0; i < 8; i++) {
- const unsigned long long left = x->QWORD[i];
- unsigned long long sum;
-
- sum = left + y->QWORD[i] + CF;
- /*
- * (sum == left): is noop, because it's possible only
- * when `left' is added with `0 + 0' or with `ULLONG_MAX + 1',
- * in that case `CF' (carry) retain previous value, which is correct,
- * because when `left + 0 + 0' there was no overflow (thus no carry),
- * and when `left + ULLONG_MAX + 1' value is wrapped back to
- * itself with overflow, thus creating carry.
- *
- * (sum != left):
- * if `sum' is not wrapped (sum > left) there should not be carry,
- * if `sum' is wrapped (sum < left) there should be carry.
- */
- if (sum != left)
- CF = (sum < left);
- x->QWORD[i] = sum;
+ const unsigned long long left = x->QWORD[i];
+ unsigned long long sum;
+
+ sum = left + y->QWORD[i] + CF;
+ /*
+ * (sum == left): is noop, because it's possible only
+ * when `left' is added with `0 + 0' or with `ULLONG_MAX + 1',
+ * in that case `CF' (carry) retain previous value, which is correct,
+ * because when `left + 0 + 0' there was no overflow (thus no carry),
+ * and when `left + ULLONG_MAX + 1' value is wrapped back to
+ * itself with overflow, thus creating carry.
+ *
+ * (sum != left):
+ * if `sum' is not wrapped (sum > left) there should not be carry,
+ * if `sum' is wrapped (sum < left) there should be carry.
+ */
+ if (sum != left)
+ CF = (sum < left);
+ x->QWORD[i] = sum;
}
# endif /* !__x86_64__ */
#else /* __GOST3411_BIG_ENDIAN__ */
if (memcmp(meshed_key, buf, 32)) {
fprintf(stderr, "Magma meshing failed");
- ret = 1;
+ ret = 1;
}
acpkm_magma_key_meshing(&ctx);
#include "gost_grasshopper_cipher.h"
#define T(e) if (!(e)) {\
- ERR_print_errors_fp(stderr);\
- OpenSSLDie(__FILE__, __LINE__, #e);\
+ ERR_print_errors_fp(stderr);\
+ OpenSSLDie(__FILE__, __LINE__, #e);\
}
static void hexdump(FILE *f, const char *title, const unsigned char *s, int l)
if (ret <= 0) {
ERR_print_errors_fp(stderr);
- err = 1;
+ err = 1;
} else {
hexdump(stdout, "Magma key export", buf, 40);
if (memcmp(buf, magma_export, 40) != 0) {
fprintf(stdout, "ERROR! test failed\n");
- err = 2;
+ err = 2;
}
}
if (ret <= 0) {
ERR_print_errors_fp(stderr);
- err = 3;
+ err = 3;
} else {
hexdump(stdout, "Magma key import", buf, 32);
if (memcmp(buf, shared_key, 32) != 0) {
fprintf(stdout, "ERROR! test failed\n");
- err = 4;
+ err = 4;
}
}
kdf_seed, 8, 1);
if (ret <= 0) {
ERR_print_errors_fp(stderr);
- err = 5;
+ err = 5;
} else {
hexdump(stdout, "KDF TREE", kdf_result, 64);
if (memcmp(kdf_result, kdf_etalon, 64) != 0) {
fprintf(stdout, "ERROR! test failed\n");
- err = 6;
+ err = 6;
}
}
ret = gost_tlstree(NID_grasshopper_cbc, kroot, out, tlsseq);
if (ret <= 0) {
ERR_print_errors_fp(stderr);
- err = 7;
+ err = 7;
} else {
hexdump(stdout, "Gost TLSTREE - grasshopper", out, 32);
if (memcmp(out, tlstree_gh_etalon, 32) != 0) {
fprintf(stdout, "ERROR! test failed\n");
- err = 8;
+ err = 8;
}
}