]> wagner.pp.ru Git - openssl-gost/engine.git/commitdiff
Initial commit providing GOST 2012 algorithms.
authorDmitry Belyavskiy <beldmit@gmail.com>
Fri, 14 Aug 2015 18:08:23 +0000 (21:08 +0300)
committerDmitry Belyavskiy <beldmit@gmail.com>
Fri, 14 Aug 2015 18:08:23 +0000 (21:08 +0300)
30 files changed:
Makefile
e_gost_err.c
e_gost_err.h
gost2001.c [deleted file]
gost2001_keyx.c [deleted file]
gost2001_keyx.h [deleted file]
gost89.c
gost89.h
gost94_keyx.c
gost_ameth.c
gost_asn1.c
gost_crypt.c
gost_ctl.c
gost_ec_keyx.c [new file with mode: 0644]
gost_ec_sign.c [new file with mode: 0644]
gost_eng.c
gost_lcl.h
gost_md2012.c [new file with mode: 0644]
gost_params.c
gost_params.h
gost_pmeth.c
gost_sign.c
gosthash.c
gosthash2012.c [new file with mode: 0644]
gosthash2012.h [new file with mode: 0644]
gosthash2012_const.h [new file with mode: 0644]
gosthash2012_precalc.h [new file with mode: 0644]
gosthash2012_ref.h [new file with mode: 0644]
gosthash2012_sse2.h [new file with mode: 0644]
gostsum12.c [new file with mode: 0644]

index 17e1efbdff3014a28d161caaa7c31af603e0e492..9004e127a040c9a70500128598f5930c05e8eb84 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -8,9 +8,9 @@ AR= ar r
 CFLAGS= $(INCLUDES) $(CFLAG)
 LIB=$(TOP)/libcrypto.a
 
-LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost94_keyx.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c gost_sign.c
+LIBSRC= gost_md2012.c gosthash2012.c gost_ec_sign.c gost_ec_keyx.c gost89.c gost94_keyx.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c gost_sign.c
 
-LIBOBJ= e_gost_err.o gost2001_keyx.o gost2001.o gost89.o gost94_keyx.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_params.o gost_pmeth.o gost_sign.o
+LIBOBJ= gost_md2012.o gosthash2012.o e_gost_err.o gost_ec_keyx.o gost_ec_sign.o gost89.o gost94_keyx.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_params.o gost_pmeth.o gost_sign.o
 
 SRC=$(LIBSRC)
 
@@ -89,39 +89,54 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-gost2001.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost2001.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost2001.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost2001.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-gost2001.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-gost2001.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-gost2001.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-gost2001.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-gost2001.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-gost2001.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-gost2001.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-gost2001.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-gost2001.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-gost2001.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-gost2001.o: e_gost_err.h gost2001.c gost89.h gost_lcl.h gost_params.h
-gost2001.o: gosthash.h
-gost2001_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost2001_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost2001_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost2001_keyx.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-gost2001_keyx.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-gost2001_keyx.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-gost2001_keyx.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-gost2001_keyx.o: ../../include/openssl/obj_mac.h
-gost2001_keyx.o: ../../include/openssl/objects.h
-gost2001_keyx.o: ../../include/openssl/opensslconf.h
-gost2001_keyx.o: ../../include/openssl/opensslv.h
-gost2001_keyx.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-gost2001_keyx.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-gost2001_keyx.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-gost2001_keyx.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-gost2001_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost2001_keyx.c
-gost2001_keyx.o: gost2001_keyx.h gost89.h gost_keywrap.h gost_lcl.h gosthash.h
+gost_ec_sign.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+gost_ec_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+gost_ec_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+gost_ec_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+gost_ec_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+gost_ec_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+gost_ec_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+gost_ec_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+gost_ec_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+gost_ec_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+gost_ec_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+gost_ec_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+gost_ec_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+gost_ec_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+gost_ec_sign.o: e_gost_err.h gost_ec_sign.c gost89.h gost_lcl.h gost_params.h
+gost_ec_sign.o: gosthash.h
+gost_ec_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+gost_ec_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+gost_ec_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+gost_ec_keyx.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+gost_ec_keyx.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+gost_ec_keyx.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+gost_ec_keyx.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+gost_ec_keyx.o: ../../include/openssl/obj_mac.h
+gost_ec_keyx.o: ../../include/openssl/objects.h
+gost_ec_keyx.o: ../../include/openssl/opensslconf.h
+gost_ec_keyx.o: ../../include/openssl/opensslv.h
+gost_ec_keyx.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+gost_ec_keyx.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+gost_ec_keyx.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+gost_ec_keyx.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+gost_ec_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost_ec_keyx.c
+gost_ec_keyx.o: gost89.h gost_keywrap.h gost_lcl.h gosthash.h
+gosthash2012.o: gosthash2012_const.h
+gosthash2012.o: gosthash2012.c gosthash2012.h
+gosthash2012.o: gosthash2012_precalc.h gosthash2012_ref.h
+gost_md2012.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+gost_md2012.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+gost_md2012.o: ../../include/openssl/evp.h ../../include/openssl/obj_mac.h
+gost_md2012.o: ../../include/openssl/objects.h
+gost_md2012.o: ../../include/openssl/opensslconf.h
+gost_md2012.o: ../../include/openssl/opensslv.h
+gost_md2012.o: ../../include/openssl/ossl_typ.h
+gost_md2012.o: ../../include/openssl/safestack.h
+gost_md2012.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+gost_md2012.o: gosthash2012_const.h
+gost_md2012.o: gosthash2012.h gosthash2012_precalc.h
+gost_md2012.o: gosthash2012_ref.h gost_md2012.c
 gost89.o: gost89.c gost89.h
 gost94_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 gost94_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
@@ -143,6 +158,7 @@ gost94_keyx.o: gost94_keyx.c gost_keywrap.h gost_lcl.h gosthash.h
 gost_ameth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 gost_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 gost_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+gost_ameth.o: ../../include/openssl/conf.h
 gost_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 gost_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 gost_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
@@ -154,6 +170,7 @@ gost_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 gost_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 gost_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 gost_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+gost_ameth.o: ../../include/openssl/x509v3.h
 gost_ameth.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h
 gost_ameth.o: gost_ameth.c gost_lcl.h gost_params.h gosthash.h
 gost_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
@@ -242,6 +259,7 @@ gost_params.o: ../../include/openssl/symhacks.h gost_params.c gost_params.h
 gost_pmeth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 gost_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 gost_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+gost_pmeth.o: ../../include/openssl/cms.h ../../include/openssl/err.h
 gost_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 gost_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 gost_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
index 80ef58f8ca3cd295c9e10a117ba9cdc93fe4cad6..b313c53598c09c14aff129dadb549d2732fb922a 100644 (file)
 static ERR_STRING_DATA GOST_str_functs[] = {
     {ERR_FUNC(GOST_F_DECODE_GOST_ALGOR_PARAMS), "DECODE_GOST_ALGOR_PARAMS"},
     {ERR_FUNC(GOST_F_ENCODE_GOST_ALGOR_PARAMS), "ENCODE_GOST_ALGOR_PARAMS"},
-    {ERR_FUNC(GOST_F_FILL_GOST2001_PARAMS), "FILL_GOST2001_PARAMS"},
+    {ERR_FUNC(GOST_F_FILL_GOST_EC_PARAMS), "FILL_GOST_EC_PARAMS"},
     {ERR_FUNC(GOST_F_FILL_GOST94_PARAMS), "FILL_GOST94_PARAMS"},
     {ERR_FUNC(GOST_F_GET_ENCRYPTION_PARAMS), "GET_ENCRYPTION_PARAMS"},
-    {ERR_FUNC(GOST_F_GOST2001_COMPUTE_PUBLIC), "GOST2001_COMPUTE_PUBLIC"},
-    {ERR_FUNC(GOST_F_GOST2001_DO_SIGN), "GOST2001_DO_SIGN"},
-    {ERR_FUNC(GOST_F_GOST2001_DO_VERIFY), "GOST2001_DO_VERIFY"},
-    {ERR_FUNC(GOST_F_GOST2001_KEYGEN), "GOST2001_KEYGEN"},
+    {ERR_FUNC(GOST_F_GOST_EC_COMPUTE_PUBLIC), "GOST_EC_COMPUTE_PUBLIC"},
+    {ERR_FUNC(GOST_F_GOST_EC_SIGN), "GOST_EC_SIGN"},
+    {ERR_FUNC(GOST_F_GOST_EC_VERIFY), "GOST_EC_VERIFY"},
+    {ERR_FUNC(GOST_F_GOST_EC_KEYGEN), "GOST_EC_KEYGEN"},
     {ERR_FUNC(GOST_F_GOST89_GET_ASN1_PARAMETERS),
      "GOST89_GET_ASN1_PARAMETERS"},
     {ERR_FUNC(GOST_F_GOST89_SET_ASN1_PARAMETERS),
@@ -91,30 +91,32 @@ static ERR_STRING_DATA GOST_str_functs[] = {
     {ERR_FUNC(GOST_F_GOST_IMIT_FINAL), "GOST_IMIT_FINAL"},
     {ERR_FUNC(GOST_F_GOST_IMIT_UPDATE), "GOST_IMIT_UPDATE"},
     {ERR_FUNC(GOST_F_GOST_SIGN_KEYGEN), "GOST_SIGN_KEYGEN"},
-    {ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"},
+    {ERR_FUNC(GOST_F_PARAM_COPY_GOST_EC), "PARAM_COPY_GOST_EC"},
     {ERR_FUNC(GOST_F_PARAM_COPY_GOST94), "PARAM_COPY_GOST94"},
-    {ERR_FUNC(GOST_F_PKEY_GOST01CP_DECRYPT), "PKEY_GOST01CP_DECRYPT"},
-    {ERR_FUNC(GOST_F_PKEY_GOST01CP_ENCRYPT), "PKEY_GOST01CP_ENCRYPT"},
-    {ERR_FUNC(GOST_F_PKEY_GOST01CP_KEYGEN), "PKEY_GOST01CP_KEYGEN"},
+    {ERR_FUNC(GOST_F_PKEY_GOST_ECCP_DECRYPT), "PKEY_GOST_ECCP_DECRYPT"},
+    {ERR_FUNC(GOST_F_PKEY_GOST_ECCP_ENCRYPT), "PKEY_GOST_ECCP_ENCRYPT"},
     {ERR_FUNC(GOST_F_PKEY_GOST01_PARAMGEN), "PKEY_GOST01_PARAMGEN"},
-    {ERR_FUNC(GOST_F_PKEY_GOST2001_DERIVE), "PKEY_GOST2001_DERIVE"},
+    {ERR_FUNC(GOST_F_PKEY_GOST_EC_DERIVE), "PKEY_GOST_EC_DERIVE"},
+    {ERR_FUNC(GOST_F_PKEY_GOST12_PARAMGEN), "PKEY_GOST12_PARAMGEN"},
     {ERR_FUNC(GOST_F_PKEY_GOST94CP_DECRYPT), "PKEY_GOST94CP_DECRYPT"},
     {ERR_FUNC(GOST_F_PKEY_GOST94CP_ENCRYPT), "PKEY_GOST94CP_ENCRYPT"},
-    {ERR_FUNC(GOST_F_PKEY_GOST94CP_KEYGEN), "PKEY_GOST94CP_KEYGEN"},
     {ERR_FUNC(GOST_F_PKEY_GOST94_PARAMGEN), "PKEY_GOST94_PARAMGEN"},
     {ERR_FUNC(GOST_F_PKEY_GOST_CTRL), "PKEY_GOST_CTRL"},
-    {ERR_FUNC(GOST_F_PKEY_GOST_CTRL01_STR), "PKEY_GOST_CTRL01_STR"},
-    {ERR_FUNC(GOST_F_PKEY_GOST_CTRL94_STR), "PKEY_GOST_CTRL94_STR"},
+    {ERR_FUNC(GOST_F_PKEY_GOST94_CTRL_STR), "PKEY_GOST94_CTRL_STR"},
+    {ERR_FUNC(GOST_F_PKEY_GOST_EC_CTRL_STR_256), "PKEY_GOST_EC_CTRL_STR_256"},
+    {ERR_FUNC(GOST_F_PKEY_GOST_EC_CTRL_STR_512), "PKEY_GOST_EC_CTRL_STR_512"},
     {ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL), "PKEY_GOST_MAC_CTRL"},
     {ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL_STR), "PKEY_GOST_MAC_CTRL_STR"},
     {ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN), "PKEY_GOST_MAC_KEYGEN"},
-    {ERR_FUNC(GOST_F_PRINT_GOST_01), "PRINT_GOST_01"},
+    {ERR_FUNC(GOST_F_PRINT_GOST_EC_PUB), "PRINT_GOST_EC_PUB"},
     {ERR_FUNC(GOST_F_PRIV_DECODE_GOST), "PRIV_DECODE_GOST"},
-    {ERR_FUNC(GOST_F_PUB_DECODE_GOST01), "PUB_DECODE_GOST01"},
+    {ERR_FUNC(GOST_F_PUB_DECODE_GOST_EC), "PUB_DECODE_GOST_EC"},
     {ERR_FUNC(GOST_F_PUB_DECODE_GOST94), "PUB_DECODE_GOST94"},
-    {ERR_FUNC(GOST_F_PUB_ENCODE_GOST01), "PUB_ENCODE_GOST01"},
+    {ERR_FUNC(GOST_F_PUB_ENCODE_GOST_EC), "PUB_ENCODE_GOST_EC"},
+    {ERR_FUNC(GOST_F_PUB_ENCODE_GOST94), "PUB_ENCODE_GOST94"},
     {ERR_FUNC(GOST_F_UNPACK_CC_SIGNATURE), "UNPACK_CC_SIGNATURE"},
     {ERR_FUNC(GOST_F_UNPACK_CP_SIGNATURE), "UNPACK_CP_SIGNATURE"},
+    {ERR_FUNC(GOST_F_VKO_COMPUTE_KEY), "VKO_COMPUTE_KEY"},
     {0, NULL}
 };
 
index a2018ec4de9d6eff0bd4637332e229dbb125fd8a..574742be7392452b6bfa0cd41bee071c2a80a96e 100644 (file)
@@ -74,13 +74,13 @@ void ERR_GOST_error(int function, int reason, char *file, int line);
 /* Function codes. */
 # define GOST_F_DECODE_GOST_ALGOR_PARAMS                  99
 # define GOST_F_ENCODE_GOST_ALGOR_PARAMS                  100
-# define GOST_F_FILL_GOST2001_PARAMS                      101
+# define GOST_F_FILL_GOST_EC_PARAMS                       101
 # define GOST_F_FILL_GOST94_PARAMS                        102
 # define GOST_F_GET_ENCRYPTION_PARAMS                     103
-# define GOST_F_GOST2001_COMPUTE_PUBLIC                   104
-# define GOST_F_GOST2001_DO_SIGN                          105
-# define GOST_F_GOST2001_DO_VERIFY                        106
-# define GOST_F_GOST2001_KEYGEN                           107
+# define GOST_F_GOST_EC_COMPUTE_PUBLIC                    104
+# define GOST_F_GOST_EC_SIGN                              105
+# define GOST_F_GOST_EC_VERIFY                            106
+# define GOST_F_GOST_EC_KEYGEN                            107
 # define GOST_F_GOST89_GET_ASN1_PARAMETERS                108
 # define GOST_F_GOST89_SET_ASN1_PARAMETERS                109
 # define GOST_F_GOST94_COMPUTE_PUBLIC                     110
@@ -88,33 +88,35 @@ void ERR_GOST_error(int function, int reason, char *file, int line);
 # define GOST_F_GOST_DO_SIGN                              112
 # define GOST_F_GOST_DO_VERIFY                            113
 # define GOST_F_GOST_IMIT_CTRL                            114
-# define GOST_F_GOST_IMIT_FINAL                           140
+# define GOST_F_GOST_IMIT_FINAL                           120
 # define GOST_F_GOST_IMIT_UPDATE                          115
 # define GOST_F_GOST_SIGN_KEYGEN                          142
-# define GOST_F_PARAM_COPY_GOST01                         116
+# define GOST_F_PARAM_COPY_GOST_EC                        116
 # define GOST_F_PARAM_COPY_GOST94                         117
-# define GOST_F_PKEY_GOST01CP_DECRYPT                     118
-# define GOST_F_PKEY_GOST01CP_ENCRYPT                     119
-# define GOST_F_PKEY_GOST01CP_KEYGEN                      120
+# define GOST_F_PKEY_GOST_ECCP_DECRYPT                    118
+# define GOST_F_PKEY_GOST_ECCP_ENCRYPT                    119
 # define GOST_F_PKEY_GOST01_PARAMGEN                      138
-# define GOST_F_PKEY_GOST2001_DERIVE                      121
+# define GOST_F_PKEY_GOST12_PARAMGEN                      143
+# define GOST_F_PKEY_GOST_EC_DERIVE                       121
 # define GOST_F_PKEY_GOST94CP_DECRYPT                     122
 # define GOST_F_PKEY_GOST94CP_ENCRYPT                     123
-# define GOST_F_PKEY_GOST94CP_KEYGEN                      124
 # define GOST_F_PKEY_GOST94_PARAMGEN                      139
 # define GOST_F_PKEY_GOST_CTRL                            125
-# define GOST_F_PKEY_GOST_CTRL01_STR                      126
-# define GOST_F_PKEY_GOST_CTRL94_STR                      127
+# define GOST_F_PKEY_GOST94_CTRL_STR                      126
+# define GOST_F_PKEY_GOST_EC_CTRL_STR_256                 127
+# define GOST_F_PKEY_GOST_EC_CTRL_STR_512                 140
 # define GOST_F_PKEY_GOST_MAC_CTRL                        128
 # define GOST_F_PKEY_GOST_MAC_CTRL_STR                    129
 # define GOST_F_PKEY_GOST_MAC_KEYGEN                      130
-# define GOST_F_PRINT_GOST_01                             131
+# define GOST_F_PRINT_GOST_EC_PUB                         131
 # define GOST_F_PRIV_DECODE_GOST                          132
-# define GOST_F_PUB_DECODE_GOST01                         133
+# define GOST_F_PUB_DECODE_GOST_EC                        133
 # define GOST_F_PUB_DECODE_GOST94                         134
-# define GOST_F_PUB_ENCODE_GOST01                         135
+# define GOST_F_PUB_ENCODE_GOST_EC                        135
+# define GOST_F_PUB_ENCODE_GOST94                         124
 # define GOST_F_UNPACK_CC_SIGNATURE                       136
 # define GOST_F_UNPACK_CP_SIGNATURE                       137
+# define GOST_F_VKO_COMPUTE_KEY                           141
 
 /* Reason codes. */
 # define GOST_R_BAD_KEY_PARAMETERS_FORMAT                 99
diff --git a/gost2001.c b/gost2001.c
deleted file mode 100644 (file)
index 9536295..0000000
+++ /dev/null
@@ -1,466 +0,0 @@
-/**********************************************************************
- *                          gost2001.c                                *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- *          Implementation of GOST R 34.10-2001                                   *
- *          Requires OpenSSL 0.9.9 for compilation                    *
- **********************************************************************/
-#include "gost_lcl.h"
-#include "gost_params.h"
-#include <string.h>
-#include <openssl/rand.h>
-#include <openssl/ecdsa.h>
-#include <openssl/err.h>
-#include "e_gost_err.h"
-#ifdef DEBUG_SIGN
-extern
-void dump_signature(const char *message, const unsigned char *buffer,
-                    size_t len);
-void dump_dsa_sig(const char *message, DSA_SIG *sig);
-#else
-
-# define dump_signature(a,b,c)
-# define dump_dsa_sig(a,b)
-#endif
-
-/*
- * Fills EC_KEY structure hidden in the app_data field of DSA structure
- * with parameter information, extracted from parameter array in
- * params.c file.
- *
- * Also fils DSA->q field with copy of EC_GROUP order field to make
- * DSA_size function work
- */
-int fill_GOST2001_params(EC_KEY *eckey, int nid)
-{
-    R3410_2001_params *params = R3410_2001_paramset;
-    EC_GROUP *grp = NULL;
-    BIGNUM *p = NULL, *q = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL;
-    EC_POINT *P = NULL;
-    BN_CTX *ctx = BN_CTX_new();
-    int ok = 0;
-
-    if(!ctx) {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    BN_CTX_start(ctx);
-    p = BN_CTX_get(ctx);
-    a = BN_CTX_get(ctx);
-    b = BN_CTX_get(ctx);
-    x = BN_CTX_get(ctx);
-    y = BN_CTX_get(ctx);
-    q = BN_CTX_get(ctx);
-    if(!p || !a || !b || !x || !y || !q) {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    while (params->nid != NID_undef && params->nid != nid)
-        params++;
-    if (params->nid == NID_undef) {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS,
-                GOST_R_UNSUPPORTED_PARAMETER_SET);
-        goto err;
-    }
-    if(!BN_hex2bn(&p, params->p)
-        || !BN_hex2bn(&a, params->a)
-        || !BN_hex2bn(&b, params->b)) {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS,
-                ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-
-    grp = EC_GROUP_new_curve_GFp(p, a, b, ctx);
-    if(!grp)  {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    P = EC_POINT_new(grp);
-    if(!P)  {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    if(!BN_hex2bn(&x, params->x)
-        || !BN_hex2bn(&y, params->y)
-        || !EC_POINT_set_affine_coordinates_GFp(grp, P, x, y, ctx)
-        || !BN_hex2bn(&q, params->q))  {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-#ifdef DEBUG_KEYS
-    fprintf(stderr, "Set params index %d oid %s\nq=",
-            (params - R3410_2001_paramset), OBJ_nid2sn(params->nid));
-    BN_print_fp(stderr, q);
-    fprintf(stderr, "\n");
-#endif
-
-    if(!EC_GROUP_set_generator(grp, P, q, NULL)) {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    EC_GROUP_set_curve_name(grp, params->nid);
-    if(!EC_KEY_set_group(eckey, grp)) {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    ok = 1;
- err:
-    if (P) EC_POINT_free(P);
-    if (grp) EC_GROUP_free(grp);
-    if (ctx) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    return ok;
-}
-
-/*
- * Computes gost2001 signature as DSA_SIG structure
- *
- *
- */
-DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
-{
-    DSA_SIG *newsig = NULL, *ret = NULL;
-    BIGNUM *md = hashsum2bn(dgst);
-    BIGNUM *order = NULL;
-    const EC_GROUP *group;
-    const BIGNUM *priv_key;
-    BIGNUM *r = NULL, *s = NULL, *X = NULL, *tmp = NULL, *tmp2 = NULL, *k =
-        NULL, *e = NULL;
-    EC_POINT *C = NULL;
-    BN_CTX *ctx = BN_CTX_new();
-    if(!ctx || !md) {
-        GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    BN_CTX_start(ctx);
-    OPENSSL_assert(dlen == 32);
-    newsig = DSA_SIG_new();
-    if (!newsig) {
-        GOSTerr(GOST_F_GOST2001_DO_SIGN, GOST_R_NO_MEMORY);
-        goto err;
-    }
-    group = EC_KEY_get0_group(eckey);
-    if(!group) {
-        GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    order = BN_CTX_get(ctx);
-    if(!order || !EC_GROUP_get_order(group, order, ctx)) {
-        GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    priv_key = EC_KEY_get0_private_key(eckey);
-    if(!priv_key) {
-        GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    e = BN_CTX_get(ctx);
-    if(!e || !BN_mod(e, md, order, ctx)) {
-        GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-#ifdef DEBUG_SIGN
-    fprintf(stderr, "digest as bignum=");
-    BN_print_fp(stderr, md);
-    fprintf(stderr, "\ndigest mod q=");
-    BN_print_fp(stderr, e);
-    fprintf(stderr, "\n");
-#endif
-    if (BN_is_zero(e)) {
-        BN_one(e);
-    }
-    k = BN_CTX_get(ctx);
-    C = EC_POINT_new(group);
-    if(!k || !C) {
-        GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    do {
-        do {
-            if (!BN_rand_range(k, order)) {
-                GOSTerr(GOST_F_GOST2001_DO_SIGN,
-                        GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
-                goto err;
-            }
-            if (!EC_POINT_mul(group, C, k, NULL, NULL, ctx)) {
-                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
-                goto err;
-            }
-            if (!X)
-                X = BN_CTX_get(ctx);
-            if (!r)
-                r = BN_CTX_get(ctx);
-            if (!X || !r) {
-                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            if (!EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx)) {
-                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
-                goto err;
-            }
-
-            if(!BN_nnmod(r, X, order, ctx)) {
-                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-        }
-        while (BN_is_zero(r));
-        /* s =  (r*priv_key+k*e) mod order */
-        if (!tmp)
-            tmp = BN_CTX_get(ctx);
-        if (!tmp2)
-            tmp2 = BN_CTX_get(ctx);
-        if (!s)
-            s = BN_CTX_get(ctx);
-        if (!tmp || !tmp2 || !s) {
-            GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        if(!BN_mod_mul(tmp, priv_key, r, order, ctx)
-            || !BN_mod_mul(tmp2, k, e, order, ctx)
-            || !BN_mod_add(s, tmp, tmp2, order, ctx)) {
-            GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-    }
-    while (BN_is_zero(s));
-
-    newsig->s = BN_dup(s);
-    newsig->r = BN_dup(r);
-    if(!newsig->s || !newsig->r) {
-        GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    ret = newsig;
- err:
-    if(ctx) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    if (C) EC_POINT_free(C);
-    if (md) BN_free(md);
-    if (!ret && newsig) {
-        DSA_SIG_free(newsig);
-    }
-    return ret;
-}
-
-/*
- * Verifies gost 2001 signature
- *
- */
-int gost2001_do_verify(const unsigned char *dgst, int dgst_len,
-                       DSA_SIG *sig, EC_KEY *ec)
-{
-    BN_CTX *ctx = BN_CTX_new();
-    const EC_GROUP *group = EC_KEY_get0_group(ec);
-    BIGNUM *order;
-    BIGNUM *md = NULL, *e = NULL, *R = NULL, *v = NULL, *z1 = NULL, *z2 =
-        NULL;
-    BIGNUM *X = NULL, *tmp = NULL;
-    EC_POINT *C = NULL;
-    const EC_POINT *pub_key = NULL;
-    int ok = 0;
-
-    if(!ctx || !group) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-
-    BN_CTX_start(ctx);
-    order = BN_CTX_get(ctx);
-    e = BN_CTX_get(ctx);
-    z1 = BN_CTX_get(ctx);
-    z2 = BN_CTX_get(ctx);
-    tmp = BN_CTX_get(ctx);
-    X = BN_CTX_get(ctx);
-    R = BN_CTX_get(ctx);
-    v = BN_CTX_get(ctx);
-    if(!order || !e || !z1 || !z2 || !tmp || !X || !R || !v) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    pub_key = EC_KEY_get0_public_key(ec);
-    if(!pub_key || !EC_GROUP_get_order(group, order, ctx)) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-
-    if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||
-        (BN_cmp(sig->s, order) >= 1) || (BN_cmp(sig->r, order) >= 1)) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY,
-                GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
-        goto err;
-
-    }
-    md = hashsum2bn(dgst);
-
-    if(!md || !BN_mod(e, md, order, ctx)) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-#ifdef DEBUG_SIGN
-    fprintf(stderr, "digest as bignum: ");
-    BN_print_fp(stderr, md);
-    fprintf(stderr, "\ndigest mod q: ");
-    BN_print_fp(stderr, e);
-#endif
-    if (BN_is_zero(e) && !BN_one(e)) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    v = BN_mod_inverse(v, e, order, ctx);
-    if(!v
-        || !BN_mod_mul(z1, sig->s, v, order, ctx)
-        || !BN_sub(tmp, order, sig->r)
-        || !BN_mod_mul(z2, tmp, v, order, ctx)) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-#ifdef DEBUG_SIGN
-    fprintf(stderr, "\nInverted digest value: ");
-    BN_print_fp(stderr, v);
-    fprintf(stderr, "\nz1: ");
-    BN_print_fp(stderr, z1);
-    fprintf(stderr, "\nz2: ");
-    BN_print_fp(stderr, z2);
-#endif
-    C = EC_POINT_new(group);
-    if (!C) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    if (!EC_POINT_mul(group, C, z1, pub_key, z2, ctx)) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
-        goto err;
-    }
-    if (!EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx)) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
-        goto err;
-    }
-    if(!BN_mod(R, X, order, ctx)) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-#ifdef DEBUG_SIGN
-    fprintf(stderr, "\nX=");
-    BN_print_fp(stderr, X);
-    fprintf(stderr, "\nX mod q=");
-    BN_print_fp(stderr, R);
-    fprintf(stderr, "\n");
-#endif
-    if (BN_cmp(R, sig->r) != 0) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
-    } else {
-        ok = 1;
-    }
- err:
-    if (C) EC_POINT_free(C);
-    if (ctx) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    if (md) BN_free(md);
-    return ok;
-}
-
-/*
- * Computes GOST R 34.10-2001 public key
- *
- *
- */
-int gost2001_compute_public(EC_KEY *ec)
-{
-    const EC_GROUP *group = EC_KEY_get0_group(ec);
-    EC_POINT *pub_key = NULL;
-    const BIGNUM *priv_key = NULL;
-    BN_CTX *ctx = NULL;
-    int ok = 0;
-
-    if (!group) {
-        GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,
-                GOST_R_KEY_IS_NOT_INITIALIZED);
-        return 0;
-    }
-    ctx = BN_CTX_new();
-    if(!ctx) {
-        GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    BN_CTX_start(ctx);
-    if (!(priv_key = EC_KEY_get0_private_key(ec))) {
-        GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
-        goto err;
-    }
-
-    pub_key = EC_POINT_new(group);
-    if(!pub_key) {
-        GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) {
-        GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
-        goto err;
-    }
-    if (!EC_KEY_set_public_key(ec, pub_key)) {
-        GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
-        goto err;
-    }
-    ok = 256;
- err:
-    if (pub_key) EC_POINT_free(pub_key);
-    if (ctx) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    return ok;
-}
-
-/*
- *
- * Generates GOST R 34.10-2001 keypair
- *
- *
- */
-int gost2001_keygen(EC_KEY *ec)
-{
-    BIGNUM *order = BN_new(), *d = BN_new();
-    const EC_GROUP *group = EC_KEY_get0_group(ec);
-
-    if(!group || !EC_GROUP_get_order(group, order, NULL)) {
-        GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_INTERNAL_ERROR);
-        BN_free(d);
-        BN_free(order);
-        return 0;
-    }
-
-    do {
-        if (!BN_rand_range(d, order)) {
-            GOSTerr(GOST_F_GOST2001_KEYGEN,
-                    GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
-            BN_free(d);
-            BN_free(order);
-            return 0;
-        }
-    }
-    while (BN_is_zero(d));
-
-    if(!EC_KEY_set_private_key(ec, d)) {
-        GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_INTERNAL_ERROR);
-        BN_free(d);
-        BN_free(order);
-        return 0;
-    }
-    BN_free(d);
-    BN_free(order);
-    return gost2001_compute_public(ec);
-}
diff --git a/gost2001_keyx.c b/gost2001_keyx.c
deleted file mode 100644 (file)
index db1bdc1..0000000
+++ /dev/null
@@ -1,292 +0,0 @@
-/**********************************************************************
- *                          gost_keyx.c                               *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- *   VK0 34.10-2001 key exchange and GOST R 34.10-2001                *
- *   based PKCS7/SMIME support                                        *
- *          Requires OpenSSL 0.9.9 for compilation                    *
- **********************************************************************/
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <string.h>
-#include <openssl/objects.h>
-#include "gost89.h"
-#include "gosthash.h"
-#include "e_gost_err.h"
-#include "gost_keywrap.h"
-#include "gost_lcl.h"
-#include "gost2001_keyx.h"
-
-/* Implementation of CryptoPro VKO 34.10-2001 algorithm */
-static int VKO_compute_key(unsigned char *shared_key, size_t shared_key_size,
-                           const EC_POINT *pub_key, EC_KEY *priv_key,
-                           const unsigned char *ukm)
-{
-    unsigned char ukm_be[8], databuf[64], hashbuf[64];
-    BIGNUM *UKM = NULL, *p = NULL, *order = NULL, *X = NULL, *Y = NULL;
-    const BIGNUM *key = EC_KEY_get0_private_key(priv_key);
-    EC_POINT *pnt = EC_POINT_new(EC_KEY_get0_group(priv_key));
-    int i;
-    gost_hash_ctx hash_ctx;
-    BN_CTX *ctx = BN_CTX_new();
-
-    for (i = 0; i < 8; i++) {
-        ukm_be[7 - i] = ukm[i];
-    }
-    BN_CTX_start(ctx);
-    UKM = getbnfrombuf(ukm_be, 8);
-    p = BN_CTX_get(ctx);
-    order = BN_CTX_get(ctx);
-    X = BN_CTX_get(ctx);
-    Y = BN_CTX_get(ctx);
-    EC_GROUP_get_order(EC_KEY_get0_group(priv_key), order, ctx);
-    BN_mod_mul(p, key, UKM, order, ctx);
-    EC_POINT_mul(EC_KEY_get0_group(priv_key), pnt, NULL, pub_key, p, ctx);
-    EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(priv_key),
-                                        pnt, X, Y, ctx);
-    /*
-     * Serialize elliptic curve point same way as we do it when saving key
-     */
-    store_bignum(Y, databuf, 32);
-    store_bignum(X, databuf + 32, 32);
-    /* And reverse byte order of whole buffer */
-    for (i = 0; i < 64; i++) {
-        hashbuf[63 - i] = databuf[i];
-    }
-    init_gost_hash_ctx(&hash_ctx, &GostR3411_94_CryptoProParamSet);
-    start_hash(&hash_ctx);
-    hash_block(&hash_ctx, hashbuf, 64);
-    finish_hash(&hash_ctx, shared_key);
-    done_gost_hash_ctx(&hash_ctx);
-    BN_free(UKM);
-    BN_CTX_end(ctx);
-    BN_CTX_free(ctx);
-    EC_POINT_free(pnt);
-    return 32;
-}
-
-/*
- * EVP_PKEY_METHOD callback derive. Implements VKO R 34.10-2001
- * algorithm
- */
-int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
-                         size_t *keylen)
-{
-    /*
-     * Public key of peer in the ctx field peerkey Our private key in the ctx
-     * pkey ukm is in the algorithm specific context data
-     */
-    EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx);
-    EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx);
-    struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
-
-    if (!data->shared_ukm) {
-        GOSTerr(GOST_F_PKEY_GOST2001_DERIVE, GOST_R_UKM_NOT_SET);
-        return 0;
-    }
-
-    if (key == NULL) {
-        *keylen = 32;
-        return 32;
-    }
-
-    *keylen =
-        VKO_compute_key(key, 32,
-                        EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)),
-                        (EC_KEY *)EVP_PKEY_get0(my_key), data->shared_ukm);
-    return 1;
-}
-
-/*
- * EVP_PKEY_METHOD callback encrypt
- * Implementation of GOST2001 key transport, cryptocom variation
- */
-/*
- * Generates ephemeral key based on pubk algorithm computes shared key using
- * VKO and returns filled up GOST_KEY_TRANSPORT structure
- */
-
-/*
- * EVP_PKEY_METHOD callback encrypt
- * Implementation of GOST2001 key transport, cryptopo variation
- */
-
-int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
-                          size_t *out_len, const unsigned char *key,
-                          size_t key_len)
-{
-    GOST_KEY_TRANSPORT *gkt = NULL;
-    EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx);
-    struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
-    const struct gost_cipher_info *param = get_encryption_params(NULL);
-    unsigned char ukm[8], shared_key[32], crypted_key[44];
-    int ret = 0;
-    int key_is_ephemeral = 1;
-    gost_ctx cctx;
-    EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx);
-    if (data->shared_ukm) {
-        memcpy(ukm, data->shared_ukm, 8);
-    } else if (out) {
-
-        if (RAND_bytes(ukm, 8) <= 0) {
-            GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
-                    GOST_R_RANDOM_GENERATOR_FAILURE);
-            return 0;
-        }
-    }
-    /* Check for private key in the peer_key of context */
-    if (sec_key) {
-        key_is_ephemeral = 0;
-        if (!gost_get0_priv_key(sec_key)) {
-            GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
-                    GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
-            goto err;
-        }
-    } else {
-        key_is_ephemeral = 1;
-        if (out) {
-            sec_key = EVP_PKEY_new();
-            EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new());
-            EVP_PKEY_copy_parameters(sec_key, pubk);
-            if (!gost2001_keygen(EVP_PKEY_get0(sec_key))) {
-                goto err;
-            }
-        }
-    }
-    if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS)
-        && param == gost_cipher_list) {
-        param = gost_cipher_list + 1;
-    }
-    if (out) {
-        VKO_compute_key(shared_key, 32,
-                        EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)),
-                        EVP_PKEY_get0(sec_key), ukm);
-        gost_init(&cctx, param->sblock);
-        keyWrapCryptoPro(&cctx, shared_key, ukm, key, crypted_key);
-    }
-    gkt = GOST_KEY_TRANSPORT_new();
-    if (!gkt) {
-        goto err;
-    }
-    if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) {
-        goto err;
-    }
-    if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) {
-        goto err;
-    }
-    if (!ASN1_OCTET_STRING_set
-        (gkt->key_info->encrypted_key, crypted_key + 8, 32)) {
-        goto err;
-    }
-    if (key_is_ephemeral) {
-        if (!X509_PUBKEY_set
-            (&gkt->key_agreement_info->ephem_key, out ? sec_key : pubk)) {
-            GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
-                    GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
-            goto err;
-        }
-    }
-    ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
-    gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
-    if (key_is_ephemeral && sec_key)
-        EVP_PKEY_free(sec_key);
-    if (!key_is_ephemeral) {
-        /* Set control "public key from client certificate used" */
-        if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL)
-            <= 0) {
-            GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT, GOST_R_CTRL_CALL_FAILED);
-            goto err;
-        }
-    }
-    if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0)
-        ret = 1;
-    GOST_KEY_TRANSPORT_free(gkt);
-    return ret;
- err:
-    if (key_is_ephemeral && sec_key)
-        EVP_PKEY_free(sec_key);
-    GOST_KEY_TRANSPORT_free(gkt);
-    return -1;
-}
-
-/*
- * EVP_PKEY_METHOD callback decrypt
- * Implementation of GOST2001 key transport, cryptopo variation
- */
-int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key,
-                          size_t *key_len, const unsigned char *in,
-                          size_t in_len)
-{
-    const unsigned char *p = in;
-    EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx);
-    GOST_KEY_TRANSPORT *gkt = NULL;
-    int ret = 0;
-    unsigned char wrappedKey[44];
-    unsigned char sharedKey[32];
-    gost_ctx ctx;
-    const struct gost_cipher_info *param = NULL;
-    EVP_PKEY *eph_key = NULL, *peerkey = NULL;
-
-    if (!key) {
-        *key_len = 32;
-        return 1;
-    }
-    gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
-    if (!gkt) {
-        GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
-                GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
-        return -1;
-    }
-
-    /* If key transport structure contains public key, use it */
-    eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
-    if (eph_key) {
-        if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) {
-            GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
-                    GOST_R_INCOMPATIBLE_PEER_KEY);
-            goto err;
-        }
-    } else {
-        /* Set control "public key from client certificate used" */
-        if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL)
-            <= 0) {
-            GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, GOST_R_CTRL_CALL_FAILED);
-            goto err;
-        }
-    }
-    peerkey = EVP_PKEY_CTX_get0_peerkey(pctx);
-    if (!peerkey) {
-        GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, GOST_R_NO_PEER_KEY);
-        goto err;
-    }
-
-    param = get_encryption_params(gkt->key_agreement_info->cipher);
-    if (!param) {
-        goto err;
-    }
-
-    gost_init(&ctx, param->sblock);
-    OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8);
-    memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
-    OPENSSL_assert(gkt->key_info->encrypted_key->length == 32);
-    memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
-    OPENSSL_assert(gkt->key_info->imit->length == 4);
-    memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
-    VKO_compute_key(sharedKey, 32,
-                    EC_KEY_get0_public_key(EVP_PKEY_get0(peerkey)),
-                    EVP_PKEY_get0(priv), wrappedKey);
-    if (!keyUnwrapCryptoPro(&ctx, sharedKey, wrappedKey, key)) {
-        GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
-                GOST_R_ERROR_COMPUTING_SHARED_KEY);
-        goto err;
-    }
-
-    ret = 1;
- err:
-    if (eph_key)
-        EVP_PKEY_free(eph_key);
-    if (gkt)
-        GOST_KEY_TRANSPORT_free(gkt);
-    return ret;
-}
diff --git a/gost2001_keyx.h b/gost2001_keyx.h
deleted file mode 100644 (file)
index 2d29113..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-GOST_KEY_TRANSPORT *make_rfc4490_keytransport_2001(EVP_PKEY *pubk,
-                                                   BIGNUM *eph_key,
-                                                   const unsigned char *key,
-                                                   size_t keylen,
-                                                   unsigned char *ukm,
-                                                   size_t ukm_len);
-
-int decrypt_rfc4490_shared_key_2001(EVP_PKEY *priv,
-                                    GOST_KEY_TRANSPORT * gkt,
-                                    unsigned char *key_buf, int key_buf_len);
index 4ff4ddd7a56531bf65d24dd5d3df607461391906..47b7ba0227c5aec79e04fac4ffc54d318c00f588 100644 (file)
--- a/gost89.c
+++ b/gost89.c
@@ -208,6 +208,33 @@ gost_subst_block Gost28147_CryptoProParamSetD = {
      0x8, 0x3}
 };
 
+/* 1.2.643.7.1.2.5.1.1 */
+gost_subst_block Gost28147_TC26ParamSetZ = {
+    {0x1, 0x7, 0xe, 0xd, 0x0, 0x5, 0x8, 0x3, 0x4, 0xf, 0xa, 0x6, 0x9, 0xc,
+     0xb, 0x2}
+    ,
+    {0x8, 0xe, 0x2, 0x5, 0x6, 0x9, 0x1, 0xc, 0xf, 0x4, 0xb, 0x0, 0xd, 0xa,
+     0x3, 0x7}
+    ,
+    {0x5, 0xd, 0xf, 0x6, 0x9, 0x2, 0xc, 0xa, 0xb, 0x7, 0x8, 0x1, 0x4, 0x3,
+     0xe, 0x0}
+    ,
+    {0x7, 0xf, 0x5, 0xa, 0x8, 0x1, 0x6, 0xd, 0x0, 0x9, 0x3, 0xe, 0xb, 0x4,
+     0x2, 0xc}
+    ,
+    {0xc, 0x8, 0x2, 0x1, 0xd, 0x4, 0xf, 0x6, 0x7, 0x0, 0xa, 0x5, 0x3, 0xe,
+     0x9, 0xb}
+    ,
+    {0xb, 0x3, 0x5, 0x8, 0x2, 0xf, 0xa, 0xd, 0xe, 0x1, 0x7, 0x4, 0xc, 0x9,
+     0x6, 0x0}
+    ,
+    {0x6, 0x8, 0x2, 0x3, 0x9, 0xa, 0x5, 0xc, 0x1, 0xe, 0x4, 0x7, 0xb, 0xd,
+     0x0, 0xf}
+    ,
+    {0xc, 0x4, 0x6, 0x2, 0xa, 0x5, 0xb, 0x9, 0xe, 0x8, 0xd, 0x7, 0x0, 0x3,
+     0xf, 0x1}
+};
+
 const byte CryptoProKeyMeshingKey[] = {
     0x69, 0x00, 0x72, 0x22, 0x64, 0xC9, 0x04, 0x23,
     0x8D, 0x3A, 0xDB, 0x96, 0x46, 0xE9, 0x2A, 0xC4,
index e5b877f4482d6536952e77d88ab8873482ce5395..13f35e15953a0c1be50bb8e12e5132ff83030985 100644 (file)
--- a/gost89.h
+++ b/gost89.h
@@ -92,6 +92,7 @@ extern gost_subst_block Gost28147_CryptoProParamSetA;
 extern gost_subst_block Gost28147_CryptoProParamSetB;
 extern gost_subst_block Gost28147_CryptoProParamSetC;
 extern gost_subst_block Gost28147_CryptoProParamSetD;
+extern gost_subst_block Gost28147_TC26ParamSetZ;
 extern const byte CryptoProKeyMeshingKey[];
 typedef unsigned int word32;
 
index ce57f17cbf32f111061c9aca7224565d3da23664..5b00b24cd8e7c73852988bb5ec3656d78e1d427a 100644 (file)
@@ -99,7 +99,9 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
 {
     GOST_KEY_TRANSPORT *gkt = NULL;
     unsigned char shared_key[32], ukm[8], crypted_key[44];
-    const struct gost_cipher_info *param = get_encryption_params(NULL);
+    const struct gost_cipher_info *param =
+        get_encryption_params(OBJ_nid2obj
+                              (NID_id_Gost28147_89_CryptoPro_A_ParamSet));
     EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(ctx);
     struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
     gost_ctx cctx;
index b7c5354c1ae2937cb10fbf70ae0495e03e42cf08..24984c71eda01004efeaaebdc37e136a461e3c29 100644 (file)
 #include "gost_lcl.h"
 #include "e_gost_err.h"
 
+static int pkey_bits_gost(const EVP_PKEY *pk);
+
 int gost94_nid_by_params(DSA *p)
 {
     R3410_params *gost_params;
     BIGNUM *q = BN_new();
-    for (gost_params = R3410_paramset; gost_params->q != NULL; gost_params++) {
+    for (gost_params = R3410_paramset; gost_params->nid != NID_undef;
+         gost_params++) {
         BN_dec2bn(&q, gost_params->q);
-        if (!BN_cmp(q, p->q)) {
-            BN_free(q);
-            return gost_params->nid;
-        }
+        if (!BN_cmp(q, p->q))
+            break;
     }
     BN_free(q);
-    return NID_undef;
+    return gost_params->nid;
 }
 
 static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key)
@@ -40,49 +41,90 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key)
     ASN1_STRING *params = ASN1_STRING_new();
     GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
     int pkey_param_nid = NID_undef;
+    void *key_ptr = EVP_PKEY_get0((EVP_PKEY *)key);
+    int result = 0;
 
     if (!params || !gkp) {
         GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE);
-        ASN1_STRING_free(params);
-        params = NULL;
         goto err;
     }
     switch (EVP_PKEY_base_id(key)) {
+    case NID_id_GostR3410_2012_256:
+        pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr));
+        gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_256);
+        break;
+    case NID_id_GostR3410_2012_512:
+        pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr));
+        gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_512);
+        break;
     case NID_id_GostR3410_2001:
-        pkey_param_nid =
-            EC_GROUP_get_curve_name(EC_KEY_get0_group
-                                    (EVP_PKEY_get0((EVP_PKEY *)key)));
+        pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr));
+        gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet);
         break;
     case NID_id_GostR3410_94:
-        pkey_param_nid =
-            (int)gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)key));
-        if (pkey_param_nid == NID_undef) {
-            GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,
-                    GOST_R_INVALID_GOST94_PARMSET);
-            ASN1_STRING_free(params);
-            params = NULL;
-            goto err;
-        }
+        pkey_param_nid = (int)gost94_nid_by_params(key_ptr);
+        gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet);
         break;
     }
+
+    if (pkey_param_nid == NID_undef) {
+        GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, GOST_R_INVALID_PARAMSET);
+        goto err;
+    }
+
     gkp->key_params = OBJ_nid2obj(pkey_param_nid);
-    gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet);
     /*
      * gkp->cipher_params = OBJ_nid2obj(cipher_param_nid);
      */
     params->length = i2d_GOST_KEY_PARAMS(gkp, &params->data);
     if (params->length <= 0) {
         GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE);
-        ASN1_STRING_free(params);
-        params = NULL;
         goto err;
     }
     params->type = V_ASN1_SEQUENCE;
+    result = 1;
  err:
-    GOST_KEY_PARAMS_free(gkp);
+    if (gkp)
+        GOST_KEY_PARAMS_free(gkp);
+    if (result == 0) {          /* if error */
+        if (params)
+            ASN1_STRING_free(params);
+        return NULL;
+    }
     return params;
 }
 
+static int gost_decode_nid_params(EVP_PKEY *pkey, int pkey_nid, int param_nid)
+{
+    void *key_ptr = EVP_PKEY_get0(pkey);
+
+    switch (pkey_nid) {
+    case NID_id_GostR3410_2012_256:
+    case NID_id_GostR3410_2012_512:
+    case NID_id_GostR3410_2001:
+        if (!key_ptr) {
+            key_ptr = EC_KEY_new();
+            if (!EVP_PKEY_assign(pkey, pkey_nid, key_ptr)) {
+                EC_KEY_free(key_ptr);
+                break;
+            }
+        }
+        return fill_GOST_EC_params(key_ptr, param_nid);
+
+    case NID_id_GostR3410_94:
+        if (!key_ptr) {
+            key_ptr = DSA_new();
+            if (!EVP_PKEY_assign(pkey, pkey_nid, key_ptr)) {
+                DSA_free(key_ptr);
+                break;
+            }
+        }
+        return fill_GOST94_params(key_ptr, param_nid);
+    }
+
+    return 0;
+}
+
 /*
  * Parses GOST algorithm parameters from X509_ALGOR and modifies pkey setting
  * NID and parameters
@@ -92,13 +134,13 @@ static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg)
     ASN1_OBJECT *palg_obj = NULL;
     int ptype = V_ASN1_UNDEF;
     int pkey_nid = NID_undef, param_nid = NID_undef;
-    void *_pval;
     ASN1_STRING *pval = NULL;
     const unsigned char *p;
     GOST_KEY_PARAMS *gkp = NULL;
 
-    X509_ALGOR_get0(&palg_obj, &ptype, &_pval, palg);
-    pval = _pval;
+    if (!pkey || !palg)
+        return 0;
+    X509_ALGOR_get0(&palg_obj, &ptype, (void **)&pval, palg);
     if (ptype != V_ASN1_SEQUENCE) {
         GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS,
                 GOST_R_BAD_KEY_PARAMETERS_FORMAT);
@@ -115,37 +157,12 @@ static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg)
     }
     param_nid = OBJ_obj2nid(gkp->key_params);
     GOST_KEY_PARAMS_free(gkp);
-    if(!EVP_PKEY_set_type(pkey, pkey_nid)) {
+    if (!EVP_PKEY_set_type(pkey, pkey_nid)) {
         GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS, ERR_R_INTERNAL_ERROR);
         return 0;
     }
-    switch (pkey_nid) {
-    case NID_id_GostR3410_94:
-        {
-            DSA *dsa = EVP_PKEY_get0(pkey);
-            if (!dsa) {
-                dsa = DSA_new();
-                if (!EVP_PKEY_assign(pkey, pkey_nid, dsa))
-                    return 0;
-            }
-            if (!fill_GOST94_params(dsa, param_nid))
-                return 0;
-            break;
-        }
-    case NID_id_GostR3410_2001:
-        {
-            EC_KEY *ec = EVP_PKEY_get0(pkey);
-            if (!ec) {
-                ec = EC_KEY_new();
-                if (!EVP_PKEY_assign(pkey, pkey_nid, ec))
-                    return 0;
-            }
-            if (!fill_GOST2001_params(ec, param_nid))
-                return 0;
-        }
-    }
 
-    return 1;
+    return gost_decode_nid_params(pkey, pkey_nid, param_nid);
 }
 
 static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv)
@@ -163,6 +180,8 @@ static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv)
                 gost94_compute_public(dsa);
             break;
         }
+    case NID_id_GostR3410_2012_512:
+    case NID_id_GostR3410_2012_256:
     case NID_id_GostR3410_2001:
         {
             EC_KEY *ec = EVP_PKEY_get0(pkey);
@@ -173,9 +192,11 @@ static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv)
             if (!EC_KEY_set_private_key(ec, priv))
                 return 0;
             if (!EVP_PKEY_missing_parameters(pkey))
-                gost2001_compute_public(ec);
+                gost_ec_compute_public(ec);
             break;
         }
+    default:
+        return 0;
     }
     return 1;
 }
@@ -186,92 +207,92 @@ BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey)
     case NID_id_GostR3410_94:
         {
             DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pkey);
-            if (!dsa) {
-                return NULL;
-            }
-            if (!dsa->priv_key)
-                return NULL;
-            return dsa->priv_key;
+            if (dsa)
+                return dsa->priv_key;
             break;
         }
+    case NID_id_GostR3410_2012_512:
+    case NID_id_GostR3410_2012_256:
     case NID_id_GostR3410_2001:
         {
             EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
-            const BIGNUM *priv;
-            if (!ec) {
-                return NULL;
-            }
-            if (!(priv = EC_KEY_get0_private_key(ec)))
-                return NULL;
-            return (BIGNUM *)priv;
+            if (ec)
+                return (BIGNUM *)EC_KEY_get0_private_key(ec);
             break;
         }
     }
     return NULL;
 }
 
+/*
+ * Control function
+ */
 static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 {
+    int nid = EVP_PKEY_base_id(pkey), md_nid = NID_undef;
+    X509_ALGOR *alg1 = NULL, *alg2 = NULL;
+
+    switch (nid) {
+    case NID_id_GostR3410_2012_512:
+        md_nid = NID_id_GostR3411_2012_512;
+        break;
+    case NID_id_GostR3410_2012_256:
+        md_nid = NID_id_GostR3411_2012_256;
+        break;
+    case NID_id_GostR3410_2001:
+    case NID_id_GostR3410_94:
+        md_nid = NID_id_GostR3411_94;
+        break;
+    default:
+        return -1;
+    }
+
     switch (op) {
     case ASN1_PKEY_CTRL_PKCS7_SIGN:
         if (arg1 == 0) {
-            X509_ALGOR *alg1 = NULL, *alg2 = NULL;
-            int nid = EVP_PKEY_base_id(pkey);
-            PKCS7_SIGNER_INFO_get0_algs((PKCS7_SIGNER_INFO *)arg2,
-                                        NULL, &alg1, &alg2);
-            X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94),
-                            V_ASN1_NULL, 0);
-            if (nid == NID_undef) {
-                return (-1);
-            }
+            PKCS7_SIGNER_INFO_get0_algs((PKCS7_SIGNER_INFO *)arg2, NULL,
+                                        &alg1, &alg2);
+            X509_ALGOR_set0(alg1, OBJ_nid2obj(md_nid), V_ASN1_NULL, 0);
             X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
         }
         return 1;
 #ifndef OPENSSL_NO_CMS
     case ASN1_PKEY_CTRL_CMS_SIGN:
         if (arg1 == 0) {
-            X509_ALGOR *alg1 = NULL, *alg2 = NULL;
-            int nid = EVP_PKEY_base_id(pkey);
-            CMS_SignerInfo_get0_algs((CMS_SignerInfo *)arg2,
-                                     NULL, NULL, &alg1, &alg2);
-            X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94),
-                            V_ASN1_NULL, 0);
-            if (nid == NID_undef) {
-                return (-1);
-            }
+            CMS_SignerInfo_get0_algs((CMS_SignerInfo *)arg2, NULL, NULL,
+                                     &alg1, &alg2);
+            X509_ALGOR_set0(alg1, OBJ_nid2obj(md_nid), V_ASN1_NULL, 0);
             X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
         }
         return 1;
 #endif
     case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
         if (arg1 == 0) {
-            X509_ALGOR *alg;
             ASN1_STRING *params = encode_gost_algor_params(pkey);
             if (!params) {
                 return -1;
             }
-            PKCS7_RECIP_INFO_get0_alg((PKCS7_RECIP_INFO *)arg2, &alg);
-            X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type),
+            PKCS7_RECIP_INFO_get0_alg((PKCS7_RECIP_INFO *)arg2, &alg1);
+            X509_ALGOR_set0(alg1, OBJ_nid2obj(pkey->type),
                             V_ASN1_SEQUENCE, params);
         }
         return 1;
 #ifndef OPENSSL_NO_CMS
     case ASN1_PKEY_CTRL_CMS_ENVELOPE:
         if (arg1 == 0) {
-            X509_ALGOR *alg = NULL;
             ASN1_STRING *params = encode_gost_algor_params(pkey);
             if (!params) {
                 return -1;
             }
             CMS_RecipientInfo_ktri_get0_algs((CMS_RecipientInfo *)arg2, NULL,
-                                             NULL, &alg);
-            X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type), V_ASN1_SEQUENCE,
+                                             NULL, &alg1);
+            X509_ALGOR_set0(alg1, OBJ_nid2obj(pkey->type), V_ASN1_SEQUENCE,
                             params);
         }
         return 1;
 #endif
     case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-        *(int *)arg2 = NID_id_GostR3411_94;
+        *(int *)arg2 = md_nid;
         return 2;
     }
 
@@ -286,7 +307,7 @@ static void pkey_free_gost94(EVP_PKEY *key)
     }
 }
 
-static void pkey_free_gost01(EVP_PKEY *key)
+static void pkey_free_gost_ec(EVP_PKEY *key)
 {
     if (key->pkey.ec) {
         EC_KEY_free(key->pkey.ec);
@@ -294,6 +315,49 @@ static void pkey_free_gost01(EVP_PKEY *key)
 }
 
 /* ------------------ private key functions  -----------------------------*/
+
+static BIGNUM *unmask_priv_key(EVP_PKEY *pk,
+                               const unsigned char *buf, int len,
+                               int num_masks)
+{
+    BIGNUM *pknum_masked = NULL, *q = NULL;
+    const EC_KEY *key_ptr = (pk) ? EVP_PKEY_get0(pk) : NULL;
+    const EC_GROUP *group = (key_ptr) ? EC_KEY_get0_group(key_ptr) : NULL;
+
+    pknum_masked = hashsum2bn(buf, len);
+    if (!pknum_masked)
+        return NULL;
+
+    if (num_masks > 0) {
+        /*
+         * XXX Remove sign by gost94
+         */
+        const unsigned char *p = buf + num_masks * len;
+
+        q = BN_new();
+        if (!q || !group || EC_GROUP_get_order(group, q, NULL) <= 0) {
+            BN_free(pknum_masked);
+            pknum_masked = NULL;
+            goto end;
+        }
+
+        for (; p != buf; p -= len) {
+            BIGNUM *mask = hashsum2bn(p, len);
+            BN_CTX *ctx = BN_CTX_new();
+
+            BN_mod_mul(pknum_masked, pknum_masked, mask, q, ctx);
+
+            BN_CTX_free(ctx);
+            BN_free(mask);
+        }
+    }
+
+ end:
+    if (q)
+        BN_free(q);
+    return pknum_masked;
+}
+
 static int priv_decode_gost(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
 {
     const unsigned char *pkey_buf = NULL, *p = NULL;
@@ -303,6 +367,7 @@ static int priv_decode_gost(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
     X509_ALGOR *palg = NULL;
     ASN1_OBJECT *palg_obj = NULL;
     ASN1_INTEGER *priv_key = NULL;
+    int expected_key_len = 32;
 
     if (!PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf))
         return 0;
@@ -310,30 +375,63 @@ static int priv_decode_gost(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
     if (!decode_gost_algor_params(pk, palg)) {
         return 0;
     }
-    if (V_ASN1_OCTET_STRING == *p) {
+
+    expected_key_len = pkey_bits_gost(pk) > 0 ? pkey_bits_gost(pk) / 8 : 0;
+    if (expected_key_len == 0) {
+        GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
+        return 0;
+    }
+
+    if (priv_len % expected_key_len == 0) {
+        /* Key is not wrapped but masked */
+        pk_num = unmask_priv_key(pk, pkey_buf, expected_key_len,
+                                 priv_len / expected_key_len - 1);
+    } else if (V_ASN1_OCTET_STRING == *p) {
         /* New format - Little endian octet string */
-        unsigned char rev_buf[32];
-        int i;
         ASN1_OCTET_STRING *s = d2i_ASN1_OCTET_STRING(NULL, &p, priv_len);
-        if (!s || s->length != 32) {
+        if (!s || ((s->length != 32) && (s->length != 64))) {
+            ASN1_STRING_free(s);
             GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
             return 0;
         }
-        for (i = 0; i < 32; i++) {
-            rev_buf[31 - i] = s->data[i];
-        }
+        pk_num = hashsum2bn(s->data, s->length);
         ASN1_STRING_free(s);
-        pk_num = getbnfrombuf(rev_buf, 32);
-    } else {
+    } else if (V_ASN1_INTEGER == *p) {
         priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
-        if (!priv_key)
+        if (!priv_key) {
+            GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
             return 0;
-        ret = ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL)) != NULL);
+        }
+        pk_num = ASN1_INTEGER_to_BN(priv_key, NULL);
         ASN1_INTEGER_free(priv_key);
-        if (!ret) {
+    } else if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == *p) {
+        MASKED_GOST_KEY *mgk = NULL;
+        mgk = d2i_MASKED_GOST_KEY(NULL, &p, priv_len);
+
+        if (!mgk) {
+            GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
+            return 0;
+        }
+
+        priv_len = mgk->masked_priv_key->length;
+        if (priv_len % expected_key_len) {
+            MASKED_GOST_KEY_free(mgk);
             GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
             return 0;
         }
+
+        pk_num = unmask_priv_key(pk, mgk->masked_priv_key->data,
+                                 expected_key_len,
+                                 priv_len / expected_key_len - 1);
+        MASKED_GOST_KEY_free(mgk);
+    } else {
+        GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
+        return 0;
+    }
+
+    if (pk_num == NULL) {
+        GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
+        return 0;
     }
 
     ret = gost_set_priv_key(pk, pk_num);
@@ -346,38 +444,133 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
 {
     ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
     ASN1_STRING *params = encode_gost_algor_params(pk);
-    unsigned char *priv_buf = NULL;
-    int priv_len;
+    unsigned char *priv_buf = NULL, *buf = NULL;
+    int key_len = pkey_bits_gost(pk), priv_len = 0, i = 0;
 
-    ASN1_INTEGER *asn1key = NULL;
+    ASN1_STRING *octet = NULL;
     if (!params) {
         return 0;
     }
-    asn1key = BN_to_ASN1_INTEGER(gost_get0_priv_key(pk), NULL);
-    priv_len = i2d_ASN1_INTEGER(asn1key, &priv_buf);
-    ASN1_INTEGER_free(asn1key);
+
+    key_len = (key_len < 0) ? 0 : key_len / 8;
+    if (key_len == 0 || !(buf = OPENSSL_malloc(key_len))) {
+        return 0;
+    }
+
+    if (!store_bignum(gost_get0_priv_key(pk), buf, key_len)) {
+        OPENSSL_free(buf);
+        return 0;
+    }
+
+    /* Convert buf to Little-endian */
+    for (i = 0; i < key_len / 2; i++) {
+        unsigned char tmp = buf[i];
+        buf[i] = buf[key_len - 1 - i];
+        buf[key_len - 1 - i] = tmp;
+    }
+
+    octet = ASN1_STRING_new();
+    M_ASN1_OCTET_STRING_set(octet, buf, key_len);
+
+    priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf);
+    ASN1_STRING_free(octet);
+    OPENSSL_free(buf);
+
     return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params,
                            priv_buf, priv_len);
 }
 
 /* --------- printing keys --------------------------------*/
+static int print_gost_priv(BIO *out, const EVP_PKEY *pkey, int indent)
+{
+    BIGNUM *key;
+
+    if (!BIO_indent(out, indent, 128))
+        return 0;
+    BIO_printf(out, "Private key: ");
+    key = gost_get0_priv_key(pkey);
+    if (!key)
+        BIO_printf(out, "<undefined>");
+    else
+        BN_print(out, key);
+    BIO_printf(out, "\n");
+
+    return 1;
+}
+
+static int print_gost_ec_pub(BIO *out, const EVP_PKEY *pkey, int indent)
+{
+    BN_CTX *ctx;
+    BIGNUM *X, *Y;
+    const EC_POINT *pubkey;
+    const EC_GROUP *group;
+    EC_KEY *key = (EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey);
+    int ok = 0;
+
+    ctx = BN_CTX_new();
+    if (!ctx) {
+        GOSTerr(GOST_F_PRINT_GOST_EC_PUB, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    BN_CTX_start(ctx);
+    X = BN_CTX_get(ctx);
+    Y = BN_CTX_get(ctx);
+    pubkey = (key) ? EC_KEY_get0_public_key(key) : NULL;
+    group = (key) ? EC_KEY_get0_group(key) : NULL;
+    if (!pubkey || !group)
+        goto err;
+
+    if (!EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y, ctx)) {
+        GOSTerr(GOST_F_PRINT_GOST_EC_PUB, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (!BIO_indent(out, indent, 128))
+        goto err;
+    BIO_printf(out, "Public key:\n");
+    if (!BIO_indent(out, indent + 3, 128))
+        goto err;
+    BIO_printf(out, "X:");
+    BN_print(out, X);
+    BIO_printf(out, "\n");
+    if (!BIO_indent(out, indent + 3, 128))
+        goto err;
+    BIO_printf(out, "Y:");
+    BN_print(out, Y);
+    BIO_printf(out, "\n");
+    ok = 1;
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+
+    return ok;
+}
+
+static int print_gost_ec_param(BIO *out, const EVP_PKEY *pkey, int indent)
+{
+    EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
+    const EC_GROUP *group = (ec) ? EC_KEY_get0_group(ec) : NULL;
+    int param_nid;
+
+    if (!group)
+        return 0;
+
+    param_nid = EC_GROUP_get_curve_name(group);
+    if (!BIO_indent(out, indent, 128))
+        return 0;
+    BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
+
+    return 1;
+}
+
 static int print_gost_94(BIO *out, const EVP_PKEY *pkey, int indent,
                          ASN1_PCTX *pctx, int type)
 {
     int param_nid = NID_undef;
 
     if (type == 2) {
-        BIGNUM *key;
-
-        if (!BIO_indent(out, indent, 128))
+        if (print_gost_priv(out, pkey, indent) == 0)
             return 0;
-        BIO_printf(out, "Private key: ");
-        key = gost_get0_priv_key(pkey);
-        if (!key)
-            BIO_printf(out, "<undefined>");
-        else
-            BN_print(out, key);
-        BIO_printf(out, "\n");
     }
     if (type >= 1) {
         BIGNUM *pubkey;
@@ -413,85 +606,37 @@ static int priv_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
     return print_gost_94(out, pkey, indent, pctx, 2);
 }
 
-static int print_gost_01(BIO *out, const EVP_PKEY *pkey, int indent,
+static int print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent,
                          ASN1_PCTX *pctx, int type)
 {
-    int param_nid = NID_undef;
     if (type == 2) {
-        BIGNUM *key;
-
-        if (!BIO_indent(out, indent, 128))
+        if (print_gost_priv(out, pkey, indent) == 0)
             return 0;
-        BIO_printf(out, "Private key: ");
-        key = gost_get0_priv_key(pkey);
-        if (!key)
-            BIO_printf(out, "<undefined)");
-        else
-            BN_print(out, key);
-        BIO_printf(out, "\n");
     }
     if (type >= 1) {
-        BN_CTX *ctx = BN_CTX_new();
-        BIGNUM *X, *Y;
-        const EC_POINT *pubkey;
-        const EC_GROUP *group;
-
-        if (!ctx) {
-            GOSTerr(GOST_F_PRINT_GOST_01, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-        BN_CTX_start(ctx);
-        X = BN_CTX_get(ctx);
-        Y = BN_CTX_get(ctx);
-        pubkey =
-            EC_KEY_get0_public_key((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey));
-        group = EC_KEY_get0_group((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey));
-        if (!EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y, ctx)) {
-            GOSTerr(GOST_F_PRINT_GOST_01, ERR_R_EC_LIB);
-            BN_CTX_free(ctx);
-            return 0;
-        }
-        if (!BIO_indent(out, indent, 128))
-            return 0;
-        BIO_printf(out, "Public key:\n");
-        if (!BIO_indent(out, indent + 3, 128))
+        if (print_gost_ec_pub(out, pkey, indent) == 0)
             return 0;
-        BIO_printf(out, "X:");
-        BN_print(out, X);
-        BIO_printf(out, "\n");
-        BIO_indent(out, indent + 3, 128);
-        BIO_printf(out, "Y:");
-        BN_print(out, Y);
-        BIO_printf(out, "\n");
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
     }
 
-    param_nid =
-        EC_GROUP_get_curve_name(EC_KEY_get0_group
-                                (EVP_PKEY_get0((EVP_PKEY *)pkey)));
-    if (!BIO_indent(out, indent, 128))
-        return 0;
-    BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
-    return 1;
+    return print_gost_ec_param(out, pkey, indent);
 }
 
-static int param_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent,
-                              ASN1_PCTX *pctx)
+static int param_print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent,
+                               ASN1_PCTX *pctx)
 {
-    return print_gost_01(out, pkey, indent, pctx, 0);
+    return print_gost_ec(out, pkey, indent, pctx, 0);
 }
 
-static int pub_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent,
-                            ASN1_PCTX *pctx)
+static int pub_print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent,
+                             ASN1_PCTX *pctx)
 {
-    return print_gost_01(out, pkey, indent, pctx, 1);
+    return print_gost_ec(out, pkey, indent, pctx, 1);
 }
 
-static int priv_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent,
-                             ASN1_PCTX *pctx)
+static int priv_print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent,
+                              ASN1_PCTX *pctx)
 {
-    return print_gost_01(out, pkey, indent, pctx, 2);
+    return print_gost_ec(out, pkey, indent, pctx, 2);
 }
 
 /* ---------------------------------------------------------------------*/
@@ -505,7 +650,7 @@ static int param_missing_gost94(const EVP_PKEY *pk)
     return 0;
 }
 
-static int param_missing_gost01(const EVP_PKEY *pk)
+static int param_missing_gost_ec(const EVP_PKEY *pk)
 {
     const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
     if (!ec)
@@ -541,35 +686,36 @@ static int param_copy_gost94(EVP_PKEY *to, const EVP_PKEY *from)
     return 1;
 }
 
-static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
+static int param_copy_gost_ec(EVP_PKEY *to, const EVP_PKEY *from)
 {
     EC_KEY *eto = EVP_PKEY_get0(to);
     const EC_KEY *efrom = EVP_PKEY_get0((EVP_PKEY *)from);
     if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
-        GOSTerr(GOST_F_PARAM_COPY_GOST01, GOST_R_INCOMPATIBLE_ALGORITHMS);
+        GOSTerr(GOST_F_PARAM_COPY_GOST_EC, GOST_R_INCOMPATIBLE_ALGORITHMS);
         return 0;
     }
     if (!efrom) {
-        GOSTerr(GOST_F_PARAM_COPY_GOST01, GOST_R_KEY_PARAMETERS_MISSING);
+        GOSTerr(GOST_F_PARAM_COPY_GOST_EC, GOST_R_KEY_PARAMETERS_MISSING);
         return 0;
     }
     if (!eto) {
         eto = EC_KEY_new();
-        if(!eto) {
-            GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_MALLOC_FAILURE);
+        if (!eto) {
+            GOSTerr(GOST_F_PARAM_COPY_GOST_EC, ERR_R_MALLOC_FAILURE);
             return 0;
         }
-        if(!EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto)) {
-            GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_INTERNAL_ERROR);
+        if (!EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto)) {
+            GOSTerr(GOST_F_PARAM_COPY_GOST_EC, ERR_R_INTERNAL_ERROR);
+            EC_KEY_free(eto);
             return 0;
         }
     }
-    if(!EC_KEY_set_group(eto, EC_KEY_get0_group(efrom))) {
-        GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_INTERNAL_ERROR);
+    if (!EC_KEY_set_group(eto, EC_KEY_get0_group(efrom))) {
+        GOSTerr(GOST_F_PARAM_COPY_GOST_EC, ERR_R_INTERNAL_ERROR);
         return 0;
     }
     if (EC_KEY_get0_private_key(eto)) {
-        gost2001_compute_public(eto);
+        return gost_ec_compute_public(eto);
     }
     return 1;
 }
@@ -578,21 +724,28 @@ static int param_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
 {
     const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
     const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
-    if (!BN_cmp(da->q, db->q))
-        return 1;
-    return 0;
+    if (!da || !db)
+        return 0;
+    return (BN_cmp(da->q, db->q) == 0) ? 1 : 0;
 }
 
-static int param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
+static int param_cmp_gost_ec(const EVP_PKEY *a, const EVP_PKEY *b)
 {
-    if (EC_GROUP_get_curve_name
-        (EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)a))) ==
-        EC_GROUP_get_curve_name(EC_KEY_get0_group
-                                (EVP_PKEY_get0((EVP_PKEY *)b)))) {
+    const EC_GROUP *group_a, *group_b;
+    EC_KEY *ec_a = EVP_PKEY_get0((EVP_PKEY *)a);
+    EC_KEY *ec_b = EVP_PKEY_get0((EVP_PKEY *)b);
+    if (!ec_a || !ec_b)
+        return 0;
+
+    group_a = EC_KEY_get0_group(ec_a);
+    group_b = EC_KEY_get0_group(ec_b);
+    if (!group_a || !group_b)
+        return 0;
+
+    if (EC_GROUP_get_curve_name(group_a) == EC_GROUP_get_curve_name(group_b)) {
         return 1;
     }
     return 0;
-
 }
 
 /* ---------- Public key functions * --------------------------------------*/
@@ -617,6 +770,11 @@ static int pub_decode_gost94(EVP_PKEY *pk, X509_PUBKEY *pub)
         return 0;
     }
     databuf = OPENSSL_malloc(octet->length);
+    if (databuf == NULL) {
+        GOSTerr(GOST_F_PUB_DECODE_GOST94, ERR_R_MALLOC_FAILURE);
+        ASN1_OCTET_STRING_free(octet);
+        return 0;
+    }
     for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) {
         databuf[j] = octet->data[i];
     }
@@ -646,8 +804,17 @@ static int pub_encode_gost94(X509_PUBKEY *pub, const EVP_PKEY *pk)
     }
     data_len = BN_num_bytes(dsa->pub_key);
     databuf = OPENSSL_malloc(data_len);
+    if (databuf == NULL) {
+        GOSTerr(GOST_F_PUB_ENCODE_GOST94, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
     BN_bn2bin(dsa->pub_key, databuf);
     octet = ASN1_OCTET_STRING_new();
+    if (octet == NULL) {
+        GOSTerr(GOST_F_PUB_ENCODE_GOST94, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(databuf);
+        return 0;
+    }
     ASN1_STRING_set(octet, NULL, data_len);
     sptr = ASN1_STRING_data(octet);
     for (i = 0, j = data_len - 1; i < data_len; i++, j--) {
@@ -661,7 +828,7 @@ static int pub_encode_gost94(X509_PUBKEY *pub, const EVP_PKEY *pk)
     return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
 }
 
-static int pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
+static int pub_decode_gost_ec(EVP_PKEY *pk, X509_PUBKEY *pub)
 {
     X509_ALGOR *palg = NULL;
     const unsigned char *pubkey_buf = NULL;
@@ -682,10 +849,15 @@ static int pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
     group = EC_KEY_get0_group(EVP_PKEY_get0(pk));
     octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
     if (!octet) {
-        GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
+        GOSTerr(GOST_F_PUB_DECODE_GOST_EC, ERR_R_MALLOC_FAILURE);
         return 0;
     }
     databuf = OPENSSL_malloc(octet->length);
+    if (databuf == NULL) {
+        GOSTerr(GOST_F_PUB_DECODE_GOST_EC, ERR_R_MALLOC_FAILURE);
+        ASN1_OCTET_STRING_free(octet);
+        return 0;
+    }
     for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) {
         databuf[j] = octet->data[i];
     }
@@ -697,7 +869,7 @@ static int pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
     OPENSSL_free(databuf);
     pub_key = EC_POINT_new(group);
     if (!EC_POINT_set_affine_coordinates_GFp(group, pub_key, X, Y, NULL)) {
-        GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_EC_LIB);
+        GOSTerr(GOST_F_PUB_DECODE_GOST_EC, ERR_R_EC_LIB);
         EC_POINT_free(pub_key);
         BN_free(X);
         BN_free(Y);
@@ -706,7 +878,7 @@ static int pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
     BN_free(X);
     BN_free(Y);
     if (!EC_KEY_set_public_key(EVP_PKEY_get0(pk), pub_key)) {
-        GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_EC_LIB);
+        GOSTerr(GOST_F_PUB_DECODE_GOST_EC, ERR_R_EC_LIB);
         EC_POINT_free(pub_key);
         return 0;
     }
@@ -715,15 +887,15 @@ static int pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
 
 }
 
-static int pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk)
+static int pub_encode_gost_ec(X509_PUBKEY *pub, const EVP_PKEY *pk)
 {
     ASN1_OBJECT *algobj = NULL;
     ASN1_OCTET_STRING *octet = NULL;
     void *pval = NULL;
-    unsigned char *buf = NULL, *databuf, *sptr;
-    int i, j, data_len, ret = 0;
+    unsigned char *buf = NULL, *databuf = NULL, *sptr;
+    int i, j, data_len, ret = -1;
     const EC_POINT *pub_key;
-    BIGNUM *X, *Y, *order;
+    BIGNUM *X = NULL, *Y = NULL, *order = NULL;
     const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
     int ptype = V_ASN1_UNDEF;
 
@@ -734,48 +906,61 @@ static int pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk)
         ptype = V_ASN1_SEQUENCE;
     }
     order = BN_new();
+    if (!order) {
+        GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
     EC_GROUP_get_order(EC_KEY_get0_group(ec), order, NULL);
     pub_key = EC_KEY_get0_public_key(ec);
     if (!pub_key) {
-        GOSTerr(GOST_F_PUB_ENCODE_GOST01, GOST_R_PUBLIC_KEY_UNDEFINED);
-        return 0;
+        GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, GOST_R_PUBLIC_KEY_UNDEFINED);
+        goto err;
     }
     X = BN_new();
     Y = BN_new();
-    if(!X || !Y) {
-        GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE);
-        if(X) BN_free(X);
-        if(Y) BN_free(Y);
-        BN_free(order);
-        return 0;
+    if (!X || !Y) {
+        GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE);
+        goto err;
     }
-    if(!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec),
-                                        pub_key, X, Y, NULL)) {
-        GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_INTERNAL_ERROR);
-        BN_free(X);
-        BN_free(Y);
-        BN_free(order);
-        return 0;
+    if (!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec),
+                                             pub_key, X, Y, NULL)) {
+        GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_INTERNAL_ERROR);
+        goto err;
     }
     data_len = 2 * BN_num_bytes(order);
-    BN_free(order);
     databuf = OPENSSL_malloc(data_len);
+    if (databuf == NULL) {
+        GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
     memset(databuf, 0, data_len);
 
     store_bignum(X, databuf + data_len / 2, data_len / 2);
     store_bignum(Y, databuf, data_len / 2);
 
-    BN_free(X);
-    BN_free(Y);
     octet = ASN1_OCTET_STRING_new();
+    if (octet == NULL) {
+        GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
     ASN1_STRING_set(octet, NULL, data_len);
     sptr = ASN1_STRING_data(octet);
     for (i = 0, j = data_len - 1; i < data_len; i++, j--) {
         sptr[i] = databuf[j];
     }
-    OPENSSL_free(databuf);
+
     ret = i2d_ASN1_OCTET_STRING(octet, &buf);
     ASN1_BIT_STRING_free(octet);
+err:
+    if (X)
+        BN_free(X);
+    if (Y)
+        BN_free(Y);
+    if (order)
+        BN_free(order);
+    if (databuf)
+        OPENSSL_free(databuf);
+
     if (ret < 0)
         return 0;
     return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
@@ -785,37 +970,61 @@ static int pub_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
 {
     const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
     const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
-    if (da && db && da->pub_key && db->pub_key
-        && !BN_cmp(da->pub_key, db->pub_key)) {
-        return 1;
-    }
-    return 0;
+    if (!da || !db)
+        return 0;
+
+    if (!da->pub_key || !db->pub_key)
+        return 0;
+
+    return (BN_cmp(da->pub_key, db->pub_key) == 0) ? 1 : 0;
 }
 
-static int pub_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
+static int pub_cmp_gost_ec(const EVP_PKEY *a, const EVP_PKEY *b)
 {
     const EC_KEY *ea = EVP_PKEY_get0((EVP_PKEY *)a);
     const EC_KEY *eb = EVP_PKEY_get0((EVP_PKEY *)b);
     const EC_POINT *ka, *kb;
-    int ret = 0;
     if (!ea || !eb)
         return 0;
     ka = EC_KEY_get0_public_key(ea);
     kb = EC_KEY_get0_public_key(eb);
     if (!ka || !kb)
         return 0;
-    ret = (0 == EC_POINT_cmp(EC_KEY_get0_group(ea), ka, kb, NULL));
-    return ret;
+    return (0 == EC_POINT_cmp(EC_KEY_get0_group(ea), ka, kb, NULL));
 }
 
 static int pkey_size_gost(const EVP_PKEY *pk)
 {
-    return 64;
+    if (!pk)
+        return -1;
+
+    switch (EVP_PKEY_base_id(pk)) {
+    case NID_id_GostR3410_94:
+    case NID_id_GostR3410_2001:
+    case NID_id_GostR3410_2012_256:
+        return 64;
+    case NID_id_GostR3410_2012_512:
+        return 128;
+    }
+
+    return -1;
 }
 
 static int pkey_bits_gost(const EVP_PKEY *pk)
 {
-    return 256;
+    if (!pk)
+        return -1;
+
+    switch (EVP_PKEY_base_id(pk)) {
+    case NID_id_GostR3410_94:
+    case NID_id_GostR3410_2001:
+    case NID_id_GostR3410_2012_256:
+        return 256;
+    case NID_id_GostR3410_2012_512:
+        return 512;
+    }
+
+    return -1;
 }
 
 /* ---------------------- ASN1 METHOD for GOST MAC  -------------------*/
@@ -830,8 +1039,22 @@ static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 {
     switch (op) {
     case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-        *(int *)arg2 = NID_id_Gost28147_89_MAC;
-        return 2;
+        if (arg2) {
+            *(int *)arg2 = NID_id_Gost28147_89_MAC;
+            return 2;
+        }
+    }
+    return -2;
+}
+
+static int mac_ctrl_gost_12(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        if (arg2) {
+            *(int *)arg2 = NID_gost_mac_12;
+            return 2;
+        }
     }
     return -2;
 }
@@ -854,21 +1077,14 @@ static int gost94_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
                                int derlen)
 {
     ASN1_OBJECT *obj = NULL;
-    DSA *dsa = EVP_PKEY_get0(pkey);
     int nid;
     if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
         return 0;
     }
     nid = OBJ_obj2nid(obj);
     ASN1_OBJECT_free(obj);
-    if (!dsa) {
-        dsa = DSA_new();
-        if (!EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa))
-            return 0;
-    }
-    if (!fill_GOST94_params(dsa, nid))
-        return 0;
-    return 1;
+
+    return gost_decode_nid_params(pkey, NID_id_GostR3410_94, nid);
 }
 
 static int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
@@ -876,20 +1092,13 @@ static int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
 {
     ASN1_OBJECT *obj = NULL;
     int nid;
-    EC_KEY *ec = EVP_PKEY_get0(pkey);
     if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
         return 0;
     }
     nid = OBJ_obj2nid(obj);
     ASN1_OBJECT_free(obj);
-    if (!ec) {
-        ec = EC_KEY_new();
-        if (!EVP_PKEY_assign(pkey, NID_id_GostR3410_2001, ec))
-            return 0;
-    }
-    if (!fill_GOST2001_params(ec, nid))
-        return 0;
-    return 1;
+
+    return gost_decode_nid_params(pkey, NID_id_GostR3410_2001, nid);
 }
 
 /* ----------------------------------------------------------------------*/
@@ -918,18 +1127,37 @@ int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth,
         EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
         break;
     case NID_id_GostR3410_2001:
-        EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost01);
+        EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost_ec);
         EVP_PKEY_asn1_set_private(*ameth,
                                   priv_decode_gost, priv_encode_gost,
-                                  priv_print_gost01);
+                                  priv_print_gost_ec);
 
         EVP_PKEY_asn1_set_param(*ameth,
                                 gost2001_param_decode, gost2001_param_encode,
-                                param_missing_gost01, param_copy_gost01,
-                                param_cmp_gost01, param_print_gost01);
+                                param_missing_gost_ec, param_copy_gost_ec,
+                                param_cmp_gost_ec, param_print_gost_ec);
+        EVP_PKEY_asn1_set_public(*ameth,
+                                 pub_decode_gost_ec, pub_encode_gost_ec,
+                                 pub_cmp_gost_ec, pub_print_gost_ec,
+                                 pkey_size_gost, pkey_bits_gost);
+
+        EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
+        break;
+    case NID_id_GostR3410_2012_256:
+    case NID_id_GostR3410_2012_512:
+        EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost_ec);
+        EVP_PKEY_asn1_set_private(*ameth,
+                                  priv_decode_gost, priv_encode_gost,
+                                  priv_print_gost_ec);
+
+        EVP_PKEY_asn1_set_param(*ameth,
+                                NULL, NULL,
+                                param_missing_gost_ec, param_copy_gost_ec,
+                                param_cmp_gost_ec, NULL);
+
         EVP_PKEY_asn1_set_public(*ameth,
-                                 pub_decode_gost01, pub_encode_gost01,
-                                 pub_cmp_gost01, pub_print_gost01,
+                                 pub_decode_gost_ec, pub_encode_gost_ec,
+                                 pub_cmp_gost_ec, pub_print_gost_ec,
                                  pkey_size_gost, pkey_bits_gost);
 
         EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
@@ -938,6 +1166,10 @@ int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth,
         EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
         EVP_PKEY_asn1_set_ctrl(*ameth, mac_ctrl_gost);
         break;
+    case NID_gost_mac_12:
+        EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
+        EVP_PKEY_asn1_set_ctrl(*ameth, mac_ctrl_gost_12);
+        break;
     }
     return 1;
 }
index 11686339b7a5c8cb12a7481e54bbab579ef02086..57046a8117a82386df48f76502d9ca87c68717e7 100644 (file)
@@ -50,7 +50,13 @@ IMPLEMENT_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)
 
 ASN1_NDEF_SEQUENCE(GOST_CLIENT_KEY_EXCHANGE_PARAMS) = { /* FIXME incomplete */
     ASN1_SIMPLE(GOST_CLIENT_KEY_EXCHANGE_PARAMS, gkt, GOST_KEY_TRANSPORT)
-}
+} ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
 
-ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
 IMPLEMENT_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
+
+ASN1_NDEF_SEQUENCE(MASKED_GOST_KEY) = {
+    ASN1_SIMPLE(MASKED_GOST_KEY, masked_priv_key, ASN1_OCTET_STRING),
+    ASN1_SIMPLE(MASKED_GOST_KEY, public_key, ASN1_OCTET_STRING)
+} ASN1_NDEF_SEQUENCE_END(MASKED_GOST_KEY)
+
+IMPLEMENT_ASN1_FUNCTIONS(MASKED_GOST_KEY)
index 2bbdc6ccd67ab4103cfea257c72c38ec04511ec2..a32d48947581b8ebc084bd6e98c0d56dcd8bbd27 100644 (file)
@@ -23,6 +23,9 @@ static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                             const unsigned char *iv, int enc);
 static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                                 const unsigned char *iv, int enc);
+static int gost_cipher_init_cp_12(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc);
 /* Handles block of data in CFB mode */
 static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
                               const unsigned char *in, size_t inl);
@@ -71,9 +74,27 @@ EVP_CIPHER cipher_gost_cpacnt = {
     NULL,
 };
 
+EVP_CIPHER cipher_gost_cpcnt_12 = {
+    NID_gost89_cnt_12,
+    1,                          /* block_size */
+    32,                         /* key_size */
+    8,                          /* iv_len */
+    EVP_CIPH_OFB_MODE | EVP_CIPH_NO_PADDING |
+        EVP_CIPH_CUSTOM_IV | EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
+    gost_cipher_init_cp_12,
+    gost_cipher_do_cnt,
+    gost_cipher_cleanup,
+    sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */
+    gost89_set_asn1_parameters,
+    gost89_get_asn1_parameters,
+    gost_cipher_ctl,
+    NULL,
+};
+
 /* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */
 /* Init functions which set specific parameters */
 static int gost_imit_init_cpa(EVP_MD_CTX *ctx);
+static int gost_imit_init_cp_12(EVP_MD_CTX *ctx);
 /* process block of data */
 static int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count);
 /* Return computed value */
@@ -102,6 +123,24 @@ EVP_MD imit_gost_cpa = {
     gost_imit_ctrl
 };
 
+EVP_MD imit_gost_cp_12 = {
+    NID_gost_mac_12,
+    NID_undef,
+    4,
+    0,
+    gost_imit_init_cp_12,
+    gost_imit_update,
+    gost_imit_final,
+    gost_imit_copy,
+    gost_imit_cleanup,
+    NULL,
+    NULL,
+    {0, 0, 0, 0, 0},
+    8,
+    sizeof(struct ossl_gost_imit_ctx),
+    gost_imit_ctrl
+};
+
 /*
  * Correspondence between gost parameter OIDs and substitution blocks
  * NID field is filed by register_gost_NID function in engine.c
@@ -126,6 +165,7 @@ struct gost_cipher_info gost_cipher_list[] = {
      1},
     {NID_id_Gost28147_89_CryptoPro_D_ParamSet, &Gost28147_CryptoProParamSetD,
      1},
+    {NID_id_tc26_gost_28147_param_Z, &Gost28147_TC26ParamSetZ, 1},
     {NID_id_Gost28147_89_TestParamSet, &Gost28147_TestParamSet, 1},
     {NID_undef, NULL, 0}
 };
@@ -143,7 +183,7 @@ const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj)
     if (!obj) {
         const char *params = get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS);
         if (!params || !strlen(params))
-            return &gost_cipher_list[1];
+            return &gost_cipher_list[5];
 
         nid = OBJ_txt2nid(params);
         if (nid == NID_undef) {
@@ -199,11 +239,13 @@ static int gost_cipher_init_param(EVP_CIPHER_CTX *ctx,
     return 1;
 }
 
-static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                                const unsigned char *iv, int enc)
+static int gost_cipher_init_cnt(EVP_CIPHER_CTX *ctx,
+                                const unsigned char *key,
+                                const unsigned char *iv,
+                                gost_subst_block * block)
 {
     struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
-    gost_init(&(c->cctx), &Gost28147_CryptoProParamSetA);
+    gost_init(&(c->cctx), block);
     c->key_meshing = 1;
     c->count = 0;
     if (key)
@@ -214,6 +256,19 @@ static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     return 1;
 }
 
+static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                const unsigned char *iv, int enc)
+{
+    return gost_cipher_init_cnt(ctx, key, iv, &Gost28147_CryptoProParamSetA);
+}
+
+static int gost_cipher_init_cp_12(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc)
+{
+    return gost_cipher_init_cnt(ctx, key, iv, &Gost28147_TC26ParamSetZ);
+}
+
 /* Initializes EVP_CIPHER_CTX with default values */
 int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                      const unsigned char *iv, int enc)
@@ -398,6 +453,14 @@ int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx)
 int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 {
     switch (type) {
+    case EVP_CTRL_INIT:
+        {
+            struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
+            if (c == NULL) {
+                return -1;
+            }
+            return gost_cipher_set_param(c, arg);
+        }
     case EVP_CTRL_RAND_KEY:
         {
             if (RAND_bytes((unsigned char *)ptr, ctx->key_len) <= 0) {
@@ -409,7 +472,18 @@ int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
         }
     case EVP_CTRL_PBE_PRF_NID:
         if (ptr) {
-            *((int *)ptr) = NID_id_HMACGostR3411_94;
+            const char *params = get_gost_engine_param(GOST_PARAM_PBE_PARAMS);
+            int nid = NID_id_tc26_hmac_gost_3411_2012_512;
+
+            if (params) {
+                if (!strcmp("md_gost12_256", params))
+                    nid = NID_id_tc26_hmac_gost_3411_2012_256;
+                else if (!strcmp("md_gost12_512", params))
+                    nid = NID_id_tc26_hmac_gost_3411_2012_512;
+                else if (!strcmp("md_gost94", params))
+                    nid = NID_id_HMACGostR3411_94;
+            }
+            *((int *)ptr) = nid;
             return 1;
         } else {
             return 0;
@@ -475,6 +549,8 @@ int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
     GOST_CIPHER_PARAMS *gcp = NULL;
     unsigned char *p;
     struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
+    int nid;
+
     if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) {
         return ret;
     }
@@ -490,7 +566,16 @@ int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
         GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS, GOST_R_INVALID_IV_LENGTH);
         return -1;
     }
-    if (!gost_cipher_set_param(c, OBJ_obj2nid(gcp->enc_param_set))) {
+
+    nid = OBJ_obj2nid(gcp->enc_param_set);
+    if (nid == NID_undef) {
+        GOST_CIPHER_PARAMS_free(gcp);
+        GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS,
+                GOST_R_INVALID_CIPHER_PARAM_OID);
+        return -1;
+    }
+
+    if (!gost_cipher_set_param(c, nid)) {
         GOST_CIPHER_PARAMS_free(gcp);
         return -1;
     }
@@ -501,7 +586,7 @@ int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
     return 1;
 }
 
-int gost_imit_init_cpa(EVP_MD_CTX *ctx)
+static int gost_imit_init(EVP_MD_CTX *ctx, gost_subst_block * block)
 {
     struct ossl_gost_imit_ctx *c = ctx->md_data;
     memset(c->buffer, 0, sizeof(c->buffer));
@@ -509,10 +594,20 @@ int gost_imit_init_cpa(EVP_MD_CTX *ctx)
     c->count = 0;
     c->bytes_left = 0;
     c->key_meshing = 1;
-    gost_init(&(c->cctx), &Gost28147_CryptoProParamSetA);
+    gost_init(&(c->cctx), block);
     return 1;
 }
 
+static int gost_imit_init_cpa(EVP_MD_CTX *ctx)
+{
+    return gost_imit_init(ctx, &Gost28147_CryptoProParamSetA);
+}
+
+static int gost_imit_init_cp_12(EVP_MD_CTX *ctx)
+{
+    return gost_imit_init(ctx, &Gost28147_TC26ParamSetZ);
+}
+
 static void mac_block_mesh(struct ossl_gost_imit_ctx *c,
                            const unsigned char *data)
 {
index 6c93c4584d6ddd2cfa63d9d877e1e01e2a5b9703..caf3bd542269c461a830b45f0336095a78ba791c 100644 (file)
 #include "gost_lcl.h"
 
 static char *gost_params[GOST_PARAM_MAX + 1] = { NULL };
-static const char *gost_envnames[] = { "CRYPT_PARAMS" };
+static const char *gost_envnames[] = { "CRYPT_PARAMS", "GOST_PBE_HMAC" };
 
 const ENGINE_CMD_DEFN gost_cmds[] = {
-/*- { GOST_CTRL_RNG,
-    "RNG",
-    "Type of random number generator to use",
-    ENGINE_CMD_FLAG_STRING
-    },
-    { GOST_CTRL_RNG_PARAMS,
-    "RNG_PARAMS",
-    "Parameter for random number generator",
-    ENGINE_CMD_FLAG_STRING
-    },
-*/ {GOST_CTRL_CRYPT_PARAMS,
-           "CRYPT_PARAMS",
-           "OID of default GOST 28147-89 parameters",
-           ENGINE_CMD_FLAG_STRING},
+    {GOST_CTRL_CRYPT_PARAMS,
+     "CRYPT_PARAMS",
+     "OID of default GOST 28147-89 parameters",
+     ENGINE_CMD_FLAG_STRING},
+    {GOST_CTRL_PBE_PARAMS,
+     "PBE_PARAMS",
+     "Shortname of default digest alg for PBE",
+     ENGINE_CMD_FLAG_STRING},
     {0, NULL, NULL, 0}
 };
 
diff --git a/gost_ec_keyx.c b/gost_ec_keyx.c
new file mode 100644 (file)
index 0000000..2dd0d3a
--- /dev/null
@@ -0,0 +1,339 @@
+/**********************************************************************
+ *                        gost_ec_keyx.c                              *
+ *             Copyright (c) 2005-2013 Cryptocom LTD                  *
+ *         This file is distributed under the same license as OpenSSL *
+ *                                                                    *
+ *   VK0 34.10-2001 key exchange and GOST R 34.10-2001                *
+ *   based PKCS7/SMIME support                                        *
+ *          Requires OpenSSL 0.9.9 for compilation                    *
+ **********************************************************************/
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <string.h>
+#include <openssl/objects.h>
+#include "gost89.h"
+#include "e_gost_err.h"
+#include "gost_keywrap.h"
+#include "gost_lcl.h"
+
+/* Implementation of CryptoPro VKO 34.10-2001/2012 algorithm */
+static int VKO_compute_key(unsigned char *shared_key, size_t shared_key_size,
+                           const EC_POINT *pub_key, EC_KEY *priv_key,
+                           const unsigned char *ukm, int dgst_nid)
+{
+    unsigned char *databuf = NULL, *hashbuf = NULL;
+    BIGNUM *UKM = NULL, *p = NULL, *order = NULL, *X = NULL, *Y = NULL;
+    const BIGNUM *key = EC_KEY_get0_private_key(priv_key);
+    EC_POINT *pnt = EC_POINT_new(EC_KEY_get0_group(priv_key));
+    int i;
+    BN_CTX *ctx = BN_CTX_new();
+    EVP_MD_CTX mdctx;
+    const EVP_MD *md;
+    int effective_dgst_nid = (dgst_nid == NID_id_GostR3411_2012_512) ?
+        NID_id_GostR3411_2012_256 : dgst_nid;
+    int buf_len = (dgst_nid == NID_id_GostR3411_2012_512) ? 128 : 64,
+        half_len = buf_len >> 1;
+
+    if (!ctx) {
+        GOSTerr(GOST_F_VKO_COMPUTE_KEY, GOST_R_NO_MEMORY);
+        return 0;
+    }
+    BN_CTX_start(ctx);
+
+    databuf = OPENSSL_malloc(buf_len);
+    hashbuf = OPENSSL_malloc(buf_len);
+    if (!databuf || !hashbuf) {
+        GOSTerr(GOST_F_VKO_COMPUTE_KEY, GOST_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    md = EVP_get_digestbynid(effective_dgst_nid);
+    if (!md) {
+        GOSTerr(GOST_F_VKO_COMPUTE_KEY, GOST_R_INVALID_DIGEST_TYPE);
+        goto err;
+    }
+
+    UKM = hashsum2bn(ukm, 8);
+    p = BN_CTX_get(ctx);
+    order = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    Y = BN_CTX_get(ctx);
+    EC_GROUP_get_order(EC_KEY_get0_group(priv_key), order, ctx);
+    BN_mod_mul(p, key, UKM, order, ctx);
+    EC_POINT_mul(EC_KEY_get0_group(priv_key), pnt, NULL, pub_key, p, ctx);
+    EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(priv_key),
+                                        pnt, X, Y, ctx);
+    /*
+     * Serialize elliptic curve point same way as we do it when saving key
+     */
+    store_bignum(Y, databuf, half_len);
+    store_bignum(X, databuf + half_len, half_len);
+    /* And reverse byte order of whole buffer */
+    for (i = 0; i < buf_len; i++) {
+        hashbuf[buf_len - 1 - i] = databuf[i];
+    }
+    EVP_MD_CTX_init(&mdctx);
+    EVP_DigestInit_ex(&mdctx, md, NULL);
+    EVP_DigestUpdate(&mdctx, hashbuf, buf_len);
+    EVP_DigestFinal_ex(&mdctx, shared_key, NULL);
+    EVP_MD_CTX_cleanup(&mdctx);
+ err:
+    BN_free(UKM);
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    EC_POINT_free(pnt);
+    if (databuf)
+        OPENSSL_free(databuf);
+    if (hashbuf)
+        OPENSSL_free(hashbuf);
+
+    return 32;
+}
+
+/*
+ * EVP_PKEY_METHOD callback derive.
+ * Implements VKO R 34.10-2001/2012 algorithms
+ */
+int pkey_gost_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
+{
+    /*
+     * Public key of peer in the ctx field peerkey
+     * Our private key in the ctx pkey
+     * ukm is in the algorithm specific context data
+     */
+    EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx);
+    EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx);
+    struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+    int dgst_nid = NID_undef;
+
+    if (!data || !data->shared_ukm) {
+        GOSTerr(GOST_F_PKEY_GOST_EC_DERIVE, GOST_R_UKM_NOT_SET);
+        return 0;
+    }
+
+    if (key == NULL) {
+        *keylen = 32;
+        return 32;
+    }
+
+    EVP_PKEY_get_default_digest_nid(my_key, &dgst_nid);
+
+    *keylen =
+        VKO_compute_key(key, 32,
+                        EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)),
+                        (EC_KEY *)EVP_PKEY_get0(my_key), data->shared_ukm,
+                        dgst_nid);
+    return (*keylen) ? 1 : 0;
+}
+
+/*
+ * EVP_PKEY_METHOD callback encrypt
+ * Implementation of GOST2001 key transport, cryptocom variation
+ */
+/*
+ * Generates ephemeral key based on pubk algorithm computes shared key using
+ * VKO and returns filled up GOST_KEY_TRANSPORT structure
+ */
+
+/*
+ * EVP_PKEY_METHOD callback encrypt
+ * Implementation of GOST2001 key transport, cryptopo variation
+ */
+
+int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
+                           size_t *out_len, const unsigned char *key,
+                           size_t key_len)
+{
+    GOST_KEY_TRANSPORT *gkt = NULL;
+    EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx);
+    struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
+    int pkey_nid = EVP_PKEY_base_id(pubk);
+    ASN1_OBJECT *crypt_params_obj = (pkey_nid == NID_id_GostR3410_2001) ?
+        OBJ_nid2obj(NID_id_Gost28147_89_CryptoPro_A_ParamSet) :
+        OBJ_nid2obj(NID_id_tc26_gost_28147_param_Z);
+    const struct gost_cipher_info *param =
+        get_encryption_params(crypt_params_obj);
+    unsigned char ukm[8], shared_key[32], crypted_key[44];
+    int ret = 0;
+    int key_is_ephemeral = 1;
+    gost_ctx cctx;
+    EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx);
+    if (data->shared_ukm) {
+        memcpy(ukm, data->shared_ukm, 8);
+    } else if (out) {
+
+        if (RAND_bytes(ukm, 8) <= 0) {
+            GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT,
+                    GOST_R_RANDOM_GENERATOR_FAILURE);
+            return 0;
+        }
+    }
+    /* Check for private key in the peer_key of context */
+    if (sec_key) {
+        key_is_ephemeral = 0;
+        if (!gost_get0_priv_key(sec_key)) {
+            GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT,
+                    GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
+            goto err;
+        }
+    } else {
+        key_is_ephemeral = 1;
+        if (out) {
+            sec_key = EVP_PKEY_new();
+            EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new());
+            EVP_PKEY_copy_parameters(sec_key, pubk);
+            if (!gost_ec_keygen(EVP_PKEY_get0(sec_key))) {
+                goto err;
+            }
+        }
+    }
+    if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS)
+        && param == gost_cipher_list) {
+        param = gost_cipher_list + 1;
+    }
+    if (out) {
+        int dgst_nid = NID_undef;
+        EVP_PKEY_get_default_digest_nid(pubk, &dgst_nid);
+
+        if (!VKO_compute_key(shared_key, 32,
+                             EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)),
+                             EVP_PKEY_get0(sec_key), ukm, dgst_nid)) {
+            GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT,
+                    GOST_R_ERROR_COMPUTING_SHARED_KEY);
+            goto err;
+        }
+        gost_init(&cctx, param->sblock);
+        keyWrapCryptoPro(&cctx, shared_key, ukm, key, crypted_key);
+    }
+    gkt = GOST_KEY_TRANSPORT_new();
+    if (!gkt) {
+        goto err;
+    }
+    if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) {
+        goto err;
+    }
+    if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) {
+        goto err;
+    }
+    if (!ASN1_OCTET_STRING_set
+        (gkt->key_info->encrypted_key, crypted_key + 8, 32)) {
+        goto err;
+    }
+    if (key_is_ephemeral) {
+        if (!X509_PUBKEY_set
+            (&gkt->key_agreement_info->ephem_key, out ? sec_key : pubk)) {
+            GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT,
+                    GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
+            goto err;
+        }
+    }
+    ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
+    gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
+    if (key_is_ephemeral && sec_key)
+        EVP_PKEY_free(sec_key);
+    if (!key_is_ephemeral) {
+        /* Set control "public key from client certificate used" */
+        if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL)
+            <= 0) {
+            GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT, GOST_R_CTRL_CALL_FAILED);
+            goto err;
+        }
+    }
+    if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0)
+        ret = 1;
+    GOST_KEY_TRANSPORT_free(gkt);
+    return ret;
+ err:
+    if (key_is_ephemeral && sec_key)
+        EVP_PKEY_free(sec_key);
+    GOST_KEY_TRANSPORT_free(gkt);
+    return -1;
+}
+
+/*
+ * EVP_PKEY_METHOD callback decrypt
+ * Implementation of GOST2001 key transport, cryptopo variation
+ */
+int pkey_GOST_ECcp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key,
+                           size_t *key_len, const unsigned char *in,
+                           size_t in_len)
+{
+    const unsigned char *p = in;
+    EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx);
+    GOST_KEY_TRANSPORT *gkt = NULL;
+    int ret = 0;
+    unsigned char wrappedKey[44];
+    unsigned char sharedKey[32];
+    gost_ctx ctx;
+    const struct gost_cipher_info *param = NULL;
+    EVP_PKEY *eph_key = NULL, *peerkey = NULL;
+    int dgst_nid = NID_undef;
+
+    if (!key) {
+        *key_len = 32;
+        return 1;
+    }
+    gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
+    if (!gkt) {
+        GOSTerr(GOST_F_PKEY_GOST_ECCP_DECRYPT,
+                GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
+        return -1;
+    }
+
+    /* If key transport structure contains public key, use it */
+    eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
+    if (eph_key) {
+        if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) {
+            GOSTerr(GOST_F_PKEY_GOST_ECCP_DECRYPT,
+                    GOST_R_INCOMPATIBLE_PEER_KEY);
+            goto err;
+        }
+    } else {
+        /* Set control "public key from client certificate used" */
+        if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL)
+            <= 0) {
+            GOSTerr(GOST_F_PKEY_GOST_ECCP_DECRYPT, GOST_R_CTRL_CALL_FAILED);
+            goto err;
+        }
+    }
+    peerkey = EVP_PKEY_CTX_get0_peerkey(pctx);
+    if (!peerkey) {
+        GOSTerr(GOST_F_PKEY_GOST_ECCP_DECRYPT, GOST_R_NO_PEER_KEY);
+        goto err;
+    }
+
+    param = get_encryption_params(gkt->key_agreement_info->cipher);
+    if (!param) {
+        goto err;
+    }
+
+    gost_init(&ctx, param->sblock);
+    OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8);
+    memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
+    OPENSSL_assert(gkt->key_info->encrypted_key->length == 32);
+    memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
+    OPENSSL_assert(gkt->key_info->imit->length == 4);
+    memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
+
+    EVP_PKEY_get_default_digest_nid(priv, &dgst_nid);
+    if (!VKO_compute_key(sharedKey, 32,
+                         EC_KEY_get0_public_key(EVP_PKEY_get0(peerkey)),
+                         EVP_PKEY_get0(priv), wrappedKey, dgst_nid)) {
+        GOSTerr(GOST_F_PKEY_GOST_ECCP_DECRYPT,
+                GOST_R_ERROR_COMPUTING_SHARED_KEY);
+        goto err;
+    }
+    if (!keyUnwrapCryptoPro(&ctx, sharedKey, wrappedKey, key)) {
+        GOSTerr(GOST_F_PKEY_GOST_ECCP_DECRYPT,
+                GOST_R_ERROR_COMPUTING_SHARED_KEY);
+        goto err;
+    }
+
+    ret = 1;
+ err:
+    if (eph_key)
+        EVP_PKEY_free(eph_key);
+    if (gkt)
+        GOST_KEY_TRANSPORT_free(gkt);
+    return ret;
+}
diff --git a/gost_ec_sign.c b/gost_ec_sign.c
new file mode 100644 (file)
index 0000000..38c50ac
--- /dev/null
@@ -0,0 +1,511 @@
+/**********************************************************************
+ *                        gost_ec_sign.c                              *
+ *             Copyright (c) 2005-2013 Cryptocom LTD                  *
+ *         This file is distributed under the same license as OpenSSL *
+ *                                                                    *
+ *          Implementation of GOST R 34.10-2001                       *
+ *          Requires OpenSSL 1.0.0+ for compilation                   *
+ **********************************************************************/
+#include "gost_lcl.h"
+#include "gost_params.h"
+#include <string.h>
+#include <openssl/rand.h>
+#include <openssl/ecdsa.h>
+#include <openssl/err.h>
+#include "e_gost_err.h"
+#ifdef DEBUG_SIGN
+extern
+void dump_signature(const char *message, const unsigned char *buffer,
+                    size_t len);
+void dump_dsa_sig(const char *message, DSA_SIG *sig);
+#else
+
+# define dump_signature(a,b,c)
+# define dump_dsa_sig(a,b)
+#endif
+
+static R3410_ec_params *gost_nid2params(int nid)
+{
+    R3410_ec_params *params;
+
+    /* Search nid in 2012 paramset */
+    params = R3410_2012_512_paramset;
+    while (params->nid != NID_undef) {
+        if (params->nid == nid)
+            return params;
+        params++;
+    }
+
+    /* Search nid in 2001 paramset */
+    params = R3410_2001_paramset;
+    while (params->nid != NID_undef) {
+        if (params->nid == nid)
+            return params;
+        params++;
+    }
+
+    return NULL;
+}
+
+/*
+ * Fills EC_KEY structure hidden in the app_data field of DSA structure
+ * with parameter information, extracted from parameter array in
+ * params.c file.
+ *
+ * Also fils DSA->q field with copy of EC_GROUP order field to make
+ * DSA_size function work
+ */
+int fill_GOST_EC_params(EC_KEY *eckey, int nid)
+{
+    R3410_ec_params *params = gost_nid2params(nid);
+    EC_GROUP *grp = NULL;
+    EC_POINT *P = NULL;
+    BIGNUM *p = NULL, *q = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL;
+    BN_CTX *ctx;
+    int ok = 0;
+
+    if (!eckey || !params) {
+        GOSTerr(GOST_F_FILL_GOST_EC_PARAMS, GOST_R_UNSUPPORTED_PARAMETER_SET);
+        return 0;
+    }
+
+    if (!(ctx = BN_CTX_new())) {
+        GOSTerr(GOST_F_FILL_GOST_EC_PARAMS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    BN_CTX_start(ctx);
+    p = BN_CTX_get(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    q = BN_CTX_get(ctx);
+    if (!p || !a || !b || !x || !y || !q) {
+        GOSTerr(GOST_F_FILL_GOST_EC_PARAMS, ERR_R_MALLOC_FAILURE);
+        goto end;
+    }
+
+    if (!BN_hex2bn(&p, params->p)
+        || !BN_hex2bn(&a, params->a)
+        || !BN_hex2bn(&b, params->b)) {
+        GOSTerr(GOST_F_FILL_GOST_EC_PARAMS, ERR_R_INTERNAL_ERROR);
+        goto end;
+    }
+
+    grp = EC_GROUP_new_curve_GFp(p, a, b, ctx);
+    if (!grp) {
+        GOSTerr(GOST_F_FILL_GOST_EC_PARAMS, ERR_R_MALLOC_FAILURE);
+        goto end;
+    }
+
+    P = EC_POINT_new(grp);
+    if (!P) {
+        GOSTerr(GOST_F_FILL_GOST_EC_PARAMS, ERR_R_MALLOC_FAILURE);
+        goto end;
+    }
+
+    if (!BN_hex2bn(&x, params->x)
+        || !BN_hex2bn(&y, params->y)
+        || !EC_POINT_set_affine_coordinates_GFp(grp, P, x, y, ctx)
+        || !BN_hex2bn(&q, params->q)) {
+        GOSTerr(GOST_F_FILL_GOST_EC_PARAMS, ERR_R_INTERNAL_ERROR);
+        goto end;
+    }
+
+    if (!EC_GROUP_set_generator(grp, P, q, NULL)) {
+        GOSTerr(GOST_F_FILL_GOST_EC_PARAMS, ERR_R_INTERNAL_ERROR);
+        goto end;
+    }
+    EC_GROUP_set_curve_name(grp, params->nid);
+    if (!EC_KEY_set_group(eckey, grp)) {
+        GOSTerr(GOST_F_FILL_GOST_EC_PARAMS, ERR_R_INTERNAL_ERROR);
+        goto end;
+    }
+    ok = 1;
+end:
+    if (P)
+        EC_POINT_free(P);
+    if (grp)
+        EC_GROUP_free(grp);
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    return ok;
+}
+
+/*
+ * Computes gost_ec signature as DSA_SIG structure
+ *
+ */
+DSA_SIG *gost_ec_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
+{
+    DSA_SIG *newsig = NULL, *ret = NULL;
+    BIGNUM *md = NULL;
+    BIGNUM *order = NULL;
+    const EC_GROUP *group;
+    const BIGNUM *priv_key;
+    BIGNUM *r = NULL, *s = NULL, *X = NULL, *tmp = NULL, *tmp2 = NULL,
+        *k = NULL, *e = NULL;
+    EC_POINT *C = NULL;
+    BN_CTX *ctx;
+
+    OPENSSL_assert(dgst != NULL && eckey != NULL);
+
+    if (!(ctx = BN_CTX_new())) {
+        GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    BN_CTX_start(ctx);
+    OPENSSL_assert(dlen == 32 || dlen == 64);
+    md = hashsum2bn(dgst, dlen);
+    newsig = DSA_SIG_new();
+    if (!newsig || !md) {
+        GOSTerr(GOST_F_GOST_EC_SIGN, GOST_R_NO_MEMORY);
+        goto err;
+    }
+    group = EC_KEY_get0_group(eckey);
+    if (!group) {
+        GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    order = BN_CTX_get(ctx);
+    if (!order || !EC_GROUP_get_order(group, order, ctx)) {
+        GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    priv_key = EC_KEY_get0_private_key(eckey);
+    if (!priv_key) {
+        GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    e = BN_CTX_get(ctx);
+    if (!e || !BN_mod(e, md, order, ctx)) {
+        GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+#ifdef DEBUG_SIGN
+    fprintf(stderr, "digest as bignum=");
+    BN_print_fp(stderr, md);
+    fprintf(stderr, "\ndigest mod q=");
+    BN_print_fp(stderr, e);
+    fprintf(stderr, "\n");
+#endif
+    if (BN_is_zero(e)) {
+        BN_one(e);
+    }
+    k = BN_CTX_get(ctx);
+    C = EC_POINT_new(group);
+    if (!k || !C) {
+        GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    do {
+        do {
+            if (!BN_rand_range(k, order)) {
+                GOSTerr(GOST_F_GOST_EC_SIGN,
+                        GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
+                goto err;
+            }
+            /*
+             * To avoid timing information leaking the length of k,
+             * compute C*k using an equivalent scalar of fixed bit-length */
+            if (!BN_add(k, k, order)
+                || (BN_num_bits(k) <= BN_num_bits(order)
+                    && !BN_add(k, k, order))) {
+                goto err;
+            }
+            if (!EC_POINT_mul(group, C, k, NULL, NULL, ctx)) {
+                GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_EC_LIB);
+                goto err;
+            }
+            if (!X)
+                X = BN_CTX_get(ctx);
+            if (!r)
+                r = BN_CTX_get(ctx);
+            if (!X || !r) {
+                GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            if (!EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx)) {
+                GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_EC_LIB);
+                goto err;
+            }
+
+            if (!BN_nnmod(r, X, order, ctx)) {
+                GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+        while (BN_is_zero(r));
+        /* s =  (r*priv_key+k*e) mod order */
+        if (!tmp)
+            tmp = BN_CTX_get(ctx);
+        if (!tmp2)
+            tmp2 = BN_CTX_get(ctx);
+        if (!s)
+            s = BN_CTX_get(ctx);
+        if (!tmp || !tmp2 || !s) {
+            GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        if (!BN_mod_mul(tmp, priv_key, r, order, ctx)
+            || !BN_mod_mul(tmp2, k, e, order, ctx)
+            || !BN_mod_add(s, tmp, tmp2, order, ctx)) {
+            GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+    while (BN_is_zero(s));
+
+    newsig->s = BN_dup(s);
+    newsig->r = BN_dup(r);
+    if (!newsig->s || !newsig->r) {
+        GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ret = newsig;
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    if (C)
+        EC_POINT_free(C);
+    if (md)
+        BN_free(md);
+    if (!ret && newsig) {
+        DSA_SIG_free(newsig);
+    }
+    return ret;
+}
+
+/*
+ * Verifies gost ec signature
+ *
+ */
+int gost_ec_verify(const unsigned char *dgst, int dgst_len,
+                   DSA_SIG *sig, EC_KEY *ec)
+{
+    BN_CTX *ctx;
+    const EC_GROUP *group = (ec) ? EC_KEY_get0_group(ec) : NULL;
+    BIGNUM *order;
+    BIGNUM *md = NULL, *e = NULL, *R = NULL, *v = NULL,
+        *z1 = NULL, *z2 = NULL;
+    BIGNUM *X = NULL, *tmp = NULL;
+    EC_POINT *C = NULL;
+    const EC_POINT *pub_key = NULL;
+    int ok = 0;
+
+    OPENSSL_assert(dgst != NULL && sig != NULL && group != NULL);
+
+    if (!(ctx = BN_CTX_new())) {
+        GOSTerr(GOST_F_GOST_EC_VERIFY, GOST_R_NO_MEMORY);
+        return 0;
+    }
+
+    BN_CTX_start(ctx);
+    order = BN_CTX_get(ctx);
+    e = BN_CTX_get(ctx);
+    z1 = BN_CTX_get(ctx);
+    z2 = BN_CTX_get(ctx);
+    tmp = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    R = BN_CTX_get(ctx);
+    v = BN_CTX_get(ctx);
+    if (!order || !e || !z1 || !z2 || !tmp || !X || !R || !v) {
+        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    pub_key = EC_KEY_get0_public_key(ec);
+    if (!pub_key || !EC_GROUP_get_order(group, order, ctx)) {
+        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||
+        (BN_cmp(sig->s, order) >= 1) || (BN_cmp(sig->r, order) >= 1)) {
+        GOSTerr(GOST_F_GOST_EC_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
+        goto err;
+
+    }
+
+    OPENSSL_assert(dgst_len == 32 || dgst_len == 64);
+    md = hashsum2bn(dgst, dgst_len);
+    if (!md || !BN_mod(e, md, order, ctx)) {
+        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+#ifdef DEBUG_SIGN
+    fprintf(stderr, "digest as bignum: ");
+    BN_print_fp(stderr, md);
+    fprintf(stderr, "\ndigest mod q: ");
+    BN_print_fp(stderr, e);
+#endif
+    if (BN_is_zero(e) && !BN_one(e)) {
+        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    v = BN_mod_inverse(v, e, order, ctx);
+    if (!v
+        || !BN_mod_mul(z1, sig->s, v, order, ctx)
+        || !BN_sub(tmp, order, sig->r)
+        || !BN_mod_mul(z2, tmp, v, order, ctx)) {
+        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+#ifdef DEBUG_SIGN
+    fprintf(stderr, "\nInverted digest value: ");
+    BN_print_fp(stderr, v);
+    fprintf(stderr, "\nz1: ");
+    BN_print_fp(stderr, z1);
+    fprintf(stderr, "\nz2: ");
+    BN_print_fp(stderr, z2);
+#endif
+    C = EC_POINT_new(group);
+    if (!C) {
+        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!EC_POINT_mul(group, C, z1, pub_key, z2, ctx)) {
+        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (!EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx)) {
+        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (!BN_mod(R, X, order, ctx)) {
+        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+#ifdef DEBUG_SIGN
+    fprintf(stderr, "\nX=");
+    BN_print_fp(stderr, X);
+    fprintf(stderr, "\nX mod q=");
+    BN_print_fp(stderr, R);
+    fprintf(stderr, "\n");
+#endif
+    if (BN_cmp(R, sig->r) != 0) {
+        GOSTerr(GOST_F_GOST_EC_VERIFY, GOST_R_SIGNATURE_MISMATCH);
+    } else {
+        ok = 1;
+    }
+ err:
+    if (C)
+        EC_POINT_free(C);
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    if (md)
+        BN_free(md);
+    return ok;
+}
+
+/*
+ * Computes GOST R 34.10-2001 public key
+ * or GOST R 34.10-2012 public key
+ *
+ */
+int gost_ec_compute_public(EC_KEY *ec)
+{
+    const EC_GROUP *group = (ec) ? EC_KEY_get0_group(ec) : NULL;
+    EC_POINT *pub_key = NULL;
+    const BIGNUM *priv_key = NULL;
+    BN_CTX *ctx = NULL;
+    int ok = 0;
+
+    if (!group) {
+        GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITIALIZED);
+        return 0;
+    }
+
+    ctx = BN_CTX_new();
+    if (!ctx) {
+        GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    BN_CTX_start(ctx);
+    priv_key = EC_KEY_get0_private_key(ec);
+    if (!priv_key) {
+        GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    pub_key = EC_POINT_new(group);
+    if (!pub_key) {
+        GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) {
+        GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (!EC_KEY_set_public_key(ec, pub_key)) {
+        GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, ERR_R_EC_LIB);
+        goto err;
+    }
+    ok = 1;
+ err:
+    if (pub_key)
+        EC_POINT_free(pub_key);
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    return ok;
+}
+
+/*
+ *
+ * Generates GOST R 34.10-2001
+ * or GOST R 34.10-2012 keypair
+ *
+ */
+int gost_ec_keygen(EC_KEY *ec)
+{
+    BIGNUM *order = NULL, *d = NULL;
+    const EC_GROUP *group = (ec) ? EC_KEY_get0_group(ec) : NULL;
+    int ok = 0;
+
+    if (!group) {
+        GOSTerr(GOST_F_GOST_EC_KEYGEN, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    order = BN_new();
+    d = BN_new();
+    if (!order || !d) {
+        GOSTerr(GOST_F_GOST_EC_KEYGEN, ERR_R_MALLOC_FAILURE);
+        goto end;
+    }
+
+    if (!EC_GROUP_get_order(group, order, NULL)) {
+        GOSTerr(GOST_F_GOST_EC_KEYGEN, ERR_R_INTERNAL_ERROR);
+        goto end;
+    }
+
+    do {
+        if (!BN_rand_range(d, order)) {
+            GOSTerr(GOST_F_GOST_EC_KEYGEN,
+                    GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
+            goto end;
+        }
+    }
+    while (BN_is_zero(d));
+
+    if (!EC_KEY_set_private_key(ec, d)) {
+        GOSTerr(GOST_F_GOST_EC_KEYGEN, ERR_R_INTERNAL_ERROR);
+        goto end;
+    }
+
+    ok = 1;
+end:
+    if (d)
+        BN_free(d);
+    if (order)
+        BN_free(order);
+    
+    return (ok) ? gost_ec_compute_public(ec) : 0;
+}
index 5924791b7735d35ff7ab1e97b3fc608e3cfb4f3a..f86169bb96e08ac604270c340c711f27aa1761ec 100644 (file)
@@ -33,20 +33,45 @@ static int gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
 static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
                                 const int **nids, int nid);
 
-static int gost_cipher_nids[] = { NID_id_Gost28147_89, NID_gost89_cnt, 0 };
+static int gost_cipher_nids[] = {
+    NID_id_Gost28147_89,
+    NID_gost89_cnt,
+    NID_gost89_cnt_12,
+    0
+};
 
-static int gost_digest_nids[] =
-    { NID_id_GostR3411_94, NID_id_Gost28147_89_MAC, 0 };
+static int gost_digest_nids[] = {
+    NID_id_GostR3411_94,
+    NID_id_Gost28147_89_MAC,
+    NID_id_GostR3411_2012_256,
+    NID_id_GostR3411_2012_512,
+    NID_gost_mac_12,
+    0
+};
 
-static int gost_pkey_meth_nids[] = { NID_id_GostR3410_94,
-    NID_id_GostR3410_2001, NID_id_Gost28147_89_MAC, 0
+static int gost_pkey_meth_nids[] = {
+    NID_id_GostR3410_94,
+    NID_id_GostR3410_2001,
+    NID_id_Gost28147_89_MAC,
+    NID_id_GostR3410_2012_256,
+    NID_id_GostR3410_2012_512,
+    NID_gost_mac_12,
+    0
 };
 
 static EVP_PKEY_METHOD *pmeth_GostR3410_94 = NULL,
-    *pmeth_GostR3410_2001 = NULL, *pmeth_Gost28147_MAC = NULL;
+    *pmeth_GostR3410_2001 = NULL,
+    *pmeth_GostR3410_2012_256 = NULL,
+    *pmeth_GostR3410_2012_512 = NULL,
+    *pmeth_Gost28147_MAC = NULL,
+    *pmeth_Gost28147_MAC_12 = NULL;
 
 static EVP_PKEY_ASN1_METHOD *ameth_GostR3410_94 = NULL,
-    *ameth_GostR3410_2001 = NULL, *ameth_Gost28147_MAC = NULL;
+    *ameth_GostR3410_2001 = NULL,
+    *ameth_GostR3410_2012_256 = NULL,
+    *ameth_GostR3410_2012_512 = NULL,
+    *ameth_Gost28147_MAC = NULL,
+    *ameth_Gost28147_MAC_12 = NULL;
 
 static int gost_engine_init(ENGINE *e)
 {
@@ -65,9 +90,17 @@ static int gost_engine_destroy(ENGINE *e)
     pmeth_GostR3410_94 = NULL;
     pmeth_GostR3410_2001 = NULL;
     pmeth_Gost28147_MAC = NULL;
+    pmeth_GostR3410_2012_256 = NULL;
+    pmeth_GostR3410_2012_512 = NULL;
+    pmeth_Gost28147_MAC_12 = NULL;
+
     ameth_GostR3410_94 = NULL;
     ameth_GostR3410_2001 = NULL;
     ameth_Gost28147_MAC = NULL;
+    ameth_GostR3410_2012_256 = NULL;
+    ameth_GostR3410_2012_512 = NULL;
+    ameth_Gost28147_MAC_12 = NULL;
+
     return 1;
 }
 
@@ -76,11 +109,11 @@ static int bind_gost(ENGINE *e, const char *id)
     int ret = 0;
     if (id && strcmp(id, engine_gost_id))
         return 0;
+
     if (ameth_GostR3410_94) {
         printf("GOST engine already loaded\n");
         goto end;
     }
-
     if (!ENGINE_set_id(e, engine_gost_id)) {
         printf("ENGINE_set_id failed\n");
         goto end;
@@ -128,25 +161,49 @@ static int bind_gost(ENGINE *e, const char *id)
         (NID_id_GostR3410_2001, &ameth_GostR3410_2001, "GOST2001",
          "GOST R 34.10-2001"))
         goto end;
+    if (!register_ameth_gost
+        (NID_id_GostR3410_2012_256, &ameth_GostR3410_2012_256, "GOST2012_256",
+         "GOST R 34.10-2012 with 256 bit key"))
+        goto end;
+    if (!register_ameth_gost
+        (NID_id_GostR3410_2012_512, &ameth_GostR3410_2012_512, "GOST2012_512",
+         "GOST R 34.10-2012 with 512 bit key"))
+        goto end;
     if (!register_ameth_gost(NID_id_Gost28147_89_MAC, &ameth_Gost28147_MAC,
                              "GOST-MAC", "GOST 28147-89 MAC"))
         goto end;
+    if (!register_ameth_gost(NID_gost_mac_12, &ameth_Gost28147_MAC_12,
+                             "GOST-MAC-12",
+                             "GOST 28147-89 MAC with 2012 params"))
+        goto end;
 
     if (!register_pmeth_gost(NID_id_GostR3410_94, &pmeth_GostR3410_94, 0))
         goto end;
     if (!register_pmeth_gost(NID_id_GostR3410_2001, &pmeth_GostR3410_2001, 0))
         goto end;
+    if (!register_pmeth_gost
+        (NID_id_GostR3410_2012_256, &pmeth_GostR3410_2012_256, 0))
+        goto end;
+    if (!register_pmeth_gost
+        (NID_id_GostR3410_2012_512, &pmeth_GostR3410_2012_512, 0))
+        goto end;
     if (!register_pmeth_gost
         (NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0))
         goto end;
+    if (!register_pmeth_gost(NID_gost_mac_12, &pmeth_Gost28147_MAC_12, 0))
+        goto end;
     if (!ENGINE_register_ciphers(e)
         || !ENGINE_register_digests(e)
         || !ENGINE_register_pkey_meths(e)
         /* These two actually should go in LIST_ADD command */
         || !EVP_add_cipher(&cipher_gost)
         || !EVP_add_cipher(&cipher_gost_cpacnt)
+        || !EVP_add_cipher(&cipher_gost_cpcnt_12)
         || !EVP_add_digest(&digest_gost)
+        || !EVP_add_digest(&digest_gost2012_512)
+        || !EVP_add_digest(&digest_gost2012_256)
         || !EVP_add_digest(&imit_gost_cpa)
+        || !EVP_add_digest(&imit_gost_cp_12)
         ) {
         goto end;
     }
@@ -167,15 +224,18 @@ static int gost_digests(ENGINE *e, const EVP_MD **digest,
     int ok = 1;
     if (!digest) {
         *nids = gost_digest_nids;
-        return 2;
+        return 5;
     }
-    /*
-     * printf("Digest no %d requested\n",nid);
-     */
     if (nid == NID_id_GostR3411_94) {
         *digest = &digest_gost;
+    } else if (nid == NID_id_GostR3411_2012_256) {
+        *digest = &digest_gost2012_256;
+    } else if (nid == NID_id_GostR3411_2012_512) {
+        *digest = &digest_gost2012_512;
     } else if (nid == NID_id_Gost28147_89_MAC) {
         *digest = &imit_gost_cpa;
+    } else if (nid == NID_gost_mac_12) {
+        *digest = &imit_gost_cp_12;
     } else {
         ok = 0;
         *digest = NULL;
@@ -189,13 +249,15 @@ static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
     int ok = 1;
     if (!cipher) {
         *nids = gost_cipher_nids;
-        return 2;               /* two ciphers are supported */
+        return 3;               /* three ciphers are supported */
     }
 
     if (nid == NID_id_Gost28147_89) {
         *cipher = &cipher_gost;
     } else if (nid == NID_gost89_cnt) {
         *cipher = &cipher_gost_cpacnt;
+    } else if (nid == NID_gost89_cnt_12) {
+        *cipher = &cipher_gost_cpcnt_12;
     } else {
         ok = 0;
         *cipher = NULL;
@@ -208,7 +270,7 @@ static int gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
 {
     if (!pmeth) {
         *nids = gost_pkey_meth_nids;
-        return 3;
+        return 6;
     }
 
     switch (nid) {
@@ -218,9 +280,19 @@ static int gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
     case NID_id_GostR3410_2001:
         *pmeth = pmeth_GostR3410_2001;
         return 1;
+    case NID_id_GostR3410_2012_256:
+        *pmeth = pmeth_GostR3410_2012_256;
+        return 1;
+    case NID_id_GostR3410_2012_512:
+        *pmeth = pmeth_GostR3410_2012_512;
+        return 1;
     case NID_id_Gost28147_89_MAC:
         *pmeth = pmeth_Gost28147_MAC;
         return 1;
+    case NID_gost_mac_12:
+        *pmeth = pmeth_Gost28147_MAC_12;
+        return 1;
+
     default:;
     }
 
@@ -233,7 +305,7 @@ static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
 {
     if (!ameth) {
         *nids = gost_pkey_meth_nids;
-        return 3;
+        return 6;
     }
     switch (nid) {
     case NID_id_GostR3410_94:
@@ -242,9 +314,18 @@ static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
     case NID_id_GostR3410_2001:
         *ameth = ameth_GostR3410_2001;
         return 1;
+    case NID_id_GostR3410_2012_256:
+        *ameth = ameth_GostR3410_2012_256;
+        return 1;
+    case NID_id_GostR3410_2012_512:
+        *ameth = ameth_GostR3410_2012_512;
+        return 1;
     case NID_id_Gost28147_89_MAC:
         *ameth = ameth_Gost28147_MAC;
         return 1;
+    case NID_gost_mac_12:
+        *ameth = ameth_Gost28147_MAC_12;
+        return 1;
 
     default:;
     }
index 3a2c7d57014733f3193d56f88d36956412c6f23d..61c2aa61524884b2d845672f7fe3d78255dd04a7 100644 (file)
 # include "gosthash.h"
 /* Control commands */
 # define GOST_PARAM_CRYPT_PARAMS 0
-# define GOST_PARAM_MAX 0
+# define GOST_PARAM_PBE_PARAMS 1
+# define GOST_PARAM_MAX 1
 # define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_CRYPT_PARAMS)
+# define GOST_CTRL_PBE_PARAMS   (ENGINE_CMD_BASE+GOST_PARAM_PBE_PARAMS)
 
 extern const ENGINE_CMD_DEFN gost_cmds[];
 int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
@@ -117,6 +119,14 @@ typedef struct {
 } GOST_CIPHER_PARAMS;
 
 DECLARE_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)
+
+typedef struct {
+    ASN1_OCTET_STRING *masked_priv_key;
+    ASN1_OCTET_STRING *public_key;
+} MASKED_GOST_KEY;
+
+DECLARE_ASN1_FUNCTIONS(MASKED_GOST_KEY)
+
 /*============== Message digest  and cipher related structures  ==========*/
          /*
           * Structure used as EVP_MD_CTX-md_data. It allows to avoid storing
@@ -132,8 +142,12 @@ struct ossl_gost_digest_ctx {
 };
 /* EVP_MD structure for GOST R 34.11 */
 extern EVP_MD digest_gost;
+/* EVP MD structure for GOST R 34.11-2012 algorithms */
+extern EVP_MD digest_gost2012_256;
+extern EVP_MD digest_gost2012_512;
 /* EVP_MD structure for GOST 28147 in MAC mode */
 extern EVP_MD imit_gost_cpa;
+extern EVP_MD imit_gost_cp_12;
 /* Cipher context used for EVP_CIPHER operation */
 struct ossl_gost_cipher_ctx {
     int paramNID;
@@ -164,6 +178,7 @@ const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj);
 /* Implementation of GOST 28147-89 cipher in CFB and CNT modes */
 extern EVP_CIPHER cipher_gost;
 extern EVP_CIPHER cipher_gost_cpacnt;
+extern EVP_CIPHER cipher_gost_cpcnt_12;
 # define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3)
 # define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4)
 /* EVP_PKEY_METHOD key encryption callbacks */
@@ -175,39 +190,39 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
 int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
                           size_t *outlen, const unsigned char *in,
                           size_t in_len);
-/* From gost2001_keyx.c */
-int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
-                          size_t *outlen, const unsigned char *key,
-                          size_t key_len);
-
-int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
-                          size_t *outlen, const unsigned char *in,
-                          size_t in_len);
+/* From gost_ec_keyx.c */
+int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
+                           size_t *outlen, const unsigned char *key,
+                           size_t key_len);
+
+int pkey_GOST_ECcp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
+                           size_t *outlen, const unsigned char *in,
+                           size_t in_len);
 /* derive functions */
-/* From gost2001_keyx.c */
-int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
-                         size_t *keylen);
+/* From gost_ec_keyx.c */
+int pkey_gost_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                        size_t *keylen);
 /* From gost94_keyx.c */
 int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 /* Internal functions for signature algorithms */
 int fill_GOST94_params(DSA *dsa, int nid);
-int fill_GOST2001_params(EC_KEY *eckey, int nid);
+int fill_GOST_EC_params(EC_KEY *eckey, int nid);
 int gost_sign_keygen(DSA *dsa);
-int gost2001_keygen(EC_KEY *ec);
+int gost_ec_keygen(EC_KEY *ec);
 
 DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey);
+DSA_SIG *gost_ec_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey);
 
 int gost_do_verify(const unsigned char *dgst, int dgst_len,
                    DSA_SIG *sig, DSA *dsa);
-int gost2001_do_verify(const unsigned char *dgst, int dgst_len,
-                       DSA_SIG *sig, EC_KEY *ec);
-int gost2001_compute_public(EC_KEY *ec);
+int gost_ec_verify(const unsigned char *dgst, int dgst_len,
+                   DSA_SIG *sig, EC_KEY *ec);
+int gost_ec_compute_public(EC_KEY *ec);
 int gost94_compute_public(DSA *dsa);
 /*============== miscellaneous functions============================= */
 /* from gost_sign.c */
 /* Convert GOST R 34.11 hash sum to bignum according to standard */
-BIGNUM *hashsum2bn(const unsigned char *dgst);
+BIGNUM *hashsum2bn(const unsigned char *dgst, int len);
 /*
  * Store bignum in byte array of given length, prepending by zeros if
  * nesseccary
diff --git a/gost_md2012.c b/gost_md2012.c
new file mode 100644 (file)
index 0000000..d909b4f
--- /dev/null
@@ -0,0 +1,97 @@
+/**********************************************************************
+ *                          gost_md2012.c                             *
+ *             Copyright (c) 2013 Cryptocom LTD.                      *
+ *         This file is distributed under the same license as OpenSSL *
+ *                                                                    *
+ *          GOST R 34.11-2012 interface to OpenSSL engine.            *
+ *                                                                    *
+ * Author: Alexey Degtyarev <alexey@renatasystems.org>                *
+ *                                                                    *
+ **********************************************************************/
+
+#include <openssl/evp.h>
+#include "gosthash2012.h"
+
+static int gost_digest_init512(EVP_MD_CTX *ctx);
+static int gost_digest_init256(EVP_MD_CTX *ctx);
+static int gost_digest_update(EVP_MD_CTX *ctx, const void *data,
+                              size_t count);
+static int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md);
+static int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
+static int gost_digest_cleanup(EVP_MD_CTX *ctx);
+
+EVP_MD digest_gost2012_512 = {
+    NID_id_GostR3411_2012_512,
+    NID_undef,
+    64,                         /* digest size */
+    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+    gost_digest_init512,
+    gost_digest_update,
+    gost_digest_final,
+    gost_digest_copy,
+    gost_digest_cleanup,
+    NULL,
+    NULL,
+    {NID_undef, NID_undef, 0, 0, 0},
+    64,                         /* block size */
+    sizeof(gost2012_hash_ctx),
+    NULL
+};
+
+EVP_MD digest_gost2012_256 = {
+    NID_id_GostR3411_2012_256,
+    NID_undef,
+    32,                         /* digest size */
+    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+    gost_digest_init256,
+    gost_digest_update,
+    gost_digest_final,
+    gost_digest_copy,
+    gost_digest_cleanup,
+    NULL,
+    NULL,
+    {NID_undef, NID_undef, 0, 0, 0},
+    64,                         /* block size */
+    sizeof(gost2012_hash_ctx),
+    NULL
+};
+
+static int gost_digest_init512(EVP_MD_CTX *ctx)
+{
+    init_gost2012_hash_ctx((gost2012_hash_ctx *) ctx->md_data, 512);
+    return 1;
+}
+
+static int gost_digest_init256(EVP_MD_CTX *ctx)
+{
+    init_gost2012_hash_ctx((gost2012_hash_ctx *) ctx->md_data, 256);
+    return 1;
+}
+
+static int gost_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    gost2012_hash_block((gost2012_hash_ctx *) ctx->md_data, data, count);
+    return 1;
+}
+
+static int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    gost2012_finish_hash((gost2012_hash_ctx *) ctx->md_data, md);
+    return 1;
+}
+
+static int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+{
+    if (to->md_data && from->md_data)
+        memcpy(to->md_data, from->md_data, sizeof(from->md_data));
+
+    return 1;
+}
+
+static int gost_digest_cleanup(EVP_MD_CTX *ctx)
+{
+    if (ctx->md_data)
+        memset(ctx->md_data, 0x00, sizeof(gost2012_hash_ctx));
+
+    return 1;
+}
index 0411534b71a1e86485fba6731e7b427a6c1bb2a6..b344a823cded5d38bbbdce236147358e23e3f239 100644 (file)
@@ -1,14 +1,14 @@
 /**********************************************************************
  *                        params.c                                    *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
+ *             Copyright (c) 2005-2013 Cryptocom LTD                  *
  *         This file is distributed under the same license as OpenSSL *
  *                                                                    *
  * Definitions of GOST R 34.10 parameter sets, defined in RFC 4357    *
- *         OpenSSL 0.9.9 libraries required to compile and use        *
+ *         OpenSSL 1.0.0+ libraries required to compile and use       *
  *                              this code                             *
  **********************************************************************/
-#include "gost_params.h"
 #include <openssl/objects.h>
+#include "gost_params.h"
 /* Parameters of GOST 34.10 */
 
 R3410_params R3410_paramset[] = {
@@ -123,7 +123,7 @@ R3410_params R3410_paramset[] = {
     {NID_undef, NULL, NULL, NULL}
 };
 
-R3410_2001_params R3410_2001_paramset[] = {
+R3410_ec_params R3410_2001_paramset[] = {
     /* default_cc_sign01_param 1.2.643.2.9.1.8.1 */
     {NID_id_GostR3410_2001_ParamSet_cc,
      /* A */
@@ -203,5 +203,51 @@ R3410_2001_params R3410_2001_paramset[] = {
      "0",
      "41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67"}
     ,
-    {0, NULL, NULL, NULL, NULL, NULL, NULL}
+    {NID_undef, NULL, NULL, NULL, NULL, NULL, NULL}
+};
+
+/* Parameters of GOST 34.10-2012 */
+
+R3410_ec_params *R3410_2012_256_paramset = R3410_2001_paramset;
+
+R3410_ec_params R3410_2012_512_paramset[] = {
+    {NID_id_tc26_gost_3410_2012_512_paramSetA,
+     /* a */
+     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4",
+     /* b */
+     "E8C2505DEDFC86DDC1BD0B2B6667F1DA34B82574761CB0E879BD081CFD0B6265"
+     "EE3CB090F30D27614CB4574010DA90DD862EF9D4EBEE4761503190785A71C760",
+     /* p */
+     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7",
+     /* q */
+     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+     "27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275",
+     /* x */
+     "3",
+     /* y */
+     "7503CFE87A836AE3A61B8816E25450E6CE5E1C93ACF1ABC1778064FDCBEFA921DF16"
+     "26BE4FD036E93D75E6A50E3A41E98028FE5FC235F5B889A589CB5215F2A4"}
+    ,
+    {NID_id_tc26_gost_3410_2012_512_paramSetB,
+     /* a */
+     "8000000000000000000000000000000000000000000000000000000000000000"
+     "000000000000000000000000000000000000000000000000000000000000006C",
+     /* b */
+     "687D1B459DC841457E3E06CF6F5E2517B97C7D614AF138BCBF85DC806C4B289F"
+     "3E965D2DB1416D217F8B276FAD1AB69C50F78BEE1FA3106EFB8CCBC7C5140116",
+     /* p */
+     "8000000000000000000000000000000000000000000000000000000000000000"
+     "000000000000000000000000000000000000000000000000000000000000006F",
+     /* q */
+     "8000000000000000000000000000000000000000000000000000000000000001"
+     "49A1EC142565A545ACFDB77BD9D40CFA8B996712101BEA0EC6346C54374F25BD",
+     /* x */
+     "2",
+     /* y */
+     "1A8F7EDA389B094C2C071E3647A8940F3C123B697578C213BE6DD9E6C8EC7335"
+     "DCB228FD1EDF4A39152CBCAAF8C0398828041055F94CEEEC7E21340780FE41BD"}
+    ,
+    {NID_undef, NULL, NULL, NULL, NULL, NULL, NULL}
 };
index 0773cbfa58a6694c38c95ecf93ec5424d2d1bb0f..b1f0c8a401118b8d78c827c56aa95360e486210e 100644 (file)
@@ -1,15 +1,16 @@
 /**********************************************************************
  *                        gost_params.h                               *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
+ *             Copyright (c) 2005-2013 Cryptocom LTD                  *
  *       This file is distributed under the same license as OpenSSL   *
  *                                                                    *
  *       Declaration of structures used to represent  GOST R 34.10    *
- *                     parameter sets, defined in RFC 4357                *
- *         OpenSSL 0.9.9 libraries required to compile and use        *
+ *                    parameter sets, defined in RFC 4357             *
+ *         OpenSSL 1.0.0+ libraries required to compile and use       *
  *                              this code                             *
  **********************************************************************/
 #ifndef GOST_PARAMSET_H
 # define GOST_PARAMSET_H
+
 typedef struct R3410 {
     int nid;
     char *a;
@@ -19,7 +20,7 @@ typedef struct R3410 {
 
 extern R3410_params R3410_paramset[];
 
-typedef struct R3410_2001 {
+typedef struct R3410_ec {
     int nid;
     char *a;
     char *b;
@@ -27,8 +28,10 @@ typedef struct R3410_2001 {
     char *q;
     char *x;
     char *y;
-} R3410_2001_params;
+} R3410_ec_params;
 
-extern R3410_2001_params R3410_2001_paramset[];
+extern R3410_ec_params R3410_2001_paramset[],
+                      *R3410_2012_256_paramset,
+                       R3410_2012_512_paramset[];
 
 #endif
index 4a79a85cfc6203daf25e2cdff3216ad3a0c02427..e87c5197d7e997a7885fd63651b56eecc3d7a533 100644 (file)
@@ -1,11 +1,11 @@
 /**********************************************************************
  *                          gost_pmeth.c                              *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
+ *             Copyright (c) 2005-2013 Cryptocom LTD                  *
  *         This file is distributed under the same license as OpenSSL *
  *                                                                    *
  *   Implementation of RFC 4357 (GOST R 34.10) Publick key method     *
  *       for OpenSSL                                                  *
- *          Requires OpenSSL 0.9.9 for compilation                    *
+ *          Requires OpenSSL 1.0.0+ for compilation                   *
  **********************************************************************/
 #include <openssl/evp.h>
 #include <openssl/objects.h>
@@ -17,7 +17,8 @@
 #include "gost_params.h"
 #include "gost_lcl.h"
 #include "e_gost_err.h"
-/* -----init, cleanup, copy - uniform for all algs  ---------------*/
+
+/* -----init, cleanup, copy - uniform for all algs  --------------*/
 /* Allocates new gost_pmeth_data structure and assigns it as data */
 static int pkey_gost_init(EVP_PKEY_CTX *ctx)
 {
@@ -33,11 +34,19 @@ static int pkey_gost_init(EVP_PKEY_CTX *ctx)
             data->sign_param_nid = gost94_nid_by_params(EVP_PKEY_get0(pkey));
             break;
         case NID_id_GostR3410_2001:
-            data->sign_param_nid =
-                EC_GROUP_get_curve_name(EC_KEY_get0_group
-                                        (EVP_PKEY_get0((EVP_PKEY *)pkey)));
-            break;
+        case NID_id_GostR3410_2012_256:
+        case NID_id_GostR3410_2012_512:
+            {
+                const EC_GROUP *group =
+                    EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey));
+                if (group != NULL) {
+                    data->sign_param_nid = EC_GROUP_get_curve_name(group);
+                    break;
+                }
+                /* else */
+            }
         default:
+            OPENSSL_free(data);
             return 0;
         }
     }
@@ -54,6 +63,9 @@ static int pkey_gost_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
     }
     src_data = EVP_PKEY_CTX_get_data(src);
     dst_data = EVP_PKEY_CTX_get_data(dst);
+    if (!src_data || !dst_data)
+        return 0;
+
     *dst_data = *src_data;
     if (src_data->shared_ukm) {
         dst_data->shared_ukm = NULL;
@@ -65,6 +77,8 @@ static int pkey_gost_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
 static void pkey_gost_cleanup(EVP_PKEY_CTX *ctx)
 {
     struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+    if (!data)
+        return;
     if (data->shared_ukm)
         OPENSSL_free(data->shared_ukm);
     OPENSSL_free(data);
@@ -75,17 +89,44 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 {
     struct gost_pmeth_data *pctx =
         (struct gost_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
+    if (pctx == NULL)
+        return 0;
+
     switch (type) {
     case EVP_PKEY_CTRL_MD:
         {
-            if (EVP_MD_type((const EVP_MD *)p2) != NID_id_GostR3411_94) {
-                GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE);
-                return 0;
+            EVP_PKEY *key = EVP_PKEY_CTX_get0_pkey(ctx);
+            int pkey_nid = (key == NULL) ? NID_undef : EVP_PKEY_base_id(key);
+
+            OPENSSL_assert(p2 != NULL);
+
+            switch (EVP_MD_type((const EVP_MD *)p2)) {
+            case NID_id_GostR3411_94:
+                if (pkey_nid == NID_id_GostR3410_2001
+                    || pkey_nid == NID_id_GostR3410_94) {
+                    pctx->md = (EVP_MD *)p2;
+                    return 1;
+                }
+                break;
+
+            case NID_id_GostR3411_2012_256:
+                if (pkey_nid == NID_id_GostR3410_2012_256) {
+                    pctx->md = (EVP_MD *)p2;
+                    return 1;
+                }
+                break;
+
+            case NID_id_GostR3411_2012_512:
+                if (pkey_nid == NID_id_GostR3410_2012_512) {
+                    pctx->md = (EVP_MD *)p2;
+                    return 1;
+                }
+                break;
             }
-            pctx->md = (EVP_MD *)p2;
-            return 1;
+
+            GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE);
+            return 0;
         }
-        break;
 
     case EVP_PKEY_CTRL_GET_MD:
         *(const EVP_MD **)p2 = pctx->md;
@@ -106,7 +147,10 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         pctx->sign_param_nid = (int)p1;
         return 1;
     case EVP_PKEY_CTRL_SET_IV:
+        OPENSSL_assert(p2 != NULL);
         pctx->shared_ukm = OPENSSL_malloc((int)p1);
+        if (!pctx->shared_ukm)
+            return 0;
         memcpy(pctx->shared_ukm, p2, (int)p1);
         return 1;
     case EVP_PKEY_CTRL_PEER_KEY:
@@ -116,12 +160,14 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
             return pctx->peer_key_used;
         if (p1 == 3)            /* TLS: peer key used! */
             return (pctx->peer_key_used = 1);
-        return -2;
+        break;
     }
+
+    GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_CTRL_CALL_FAILED);
     return -2;
 }
 
-static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
+static int pkey_gost94_ctrl_str(EVP_PKEY_CTX *ctx,
                                 const char *type, const char *value)
 {
     int param_nid = 0;
@@ -145,7 +191,6 @@ static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
                 break;
             default:
                 return 0;
-                break;
             }
         } else if ((strlen(value) == 2)
                    && (toupper((unsigned char)value[0]) == 'X')) {
@@ -161,7 +206,6 @@ static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
                 break;
             default:
                 return 0;
-                break;
             }
         } else {
             R3410_params *p = R3410_paramset;
@@ -174,7 +218,7 @@ static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
                     break;
             }
             if (p->nid == NID_undef) {
-                GOSTerr(GOST_F_PKEY_GOST_CTRL94_STR, GOST_R_INVALID_PARAMSET);
+                GOSTerr(GOST_F_PKEY_GOST94_CTRL_STR, GOST_R_INVALID_PARAMSET);
                 return 0;
             }
         }
@@ -185,8 +229,8 @@ static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
     return -2;
 }
 
-static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
-                                const char *type, const char *value)
+static int pkey_gost_ec_ctrl_str_256(EVP_PKEY_CTX *ctx,
+                                     const char *type, const char *value)
 {
     int param_nid = 0;
     if (!strcmp(type, param_ctrl_string)) {
@@ -209,7 +253,6 @@ static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
                 break;
             default:
                 return 0;
-                break;
             }
         } else if ((strlen(value) == 2)
                    && (toupper((unsigned char)value[0]) == 'X')) {
@@ -222,10 +265,9 @@ static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
                 break;
             default:
                 return 0;
-                break;
             }
         } else {
-            R3410_2001_params *p = R3410_2001_paramset;
+            R3410_ec_params *p = R3410_2001_paramset;
             param_nid = OBJ_txt2nid(value);
             if (param_nid == NID_undef) {
                 return 0;
@@ -235,7 +277,8 @@ static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
                     break;
             }
             if (p->nid == NID_undef) {
-                GOSTerr(GOST_F_PKEY_GOST_CTRL01_STR, GOST_R_INVALID_PARAMSET);
+                GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_256,
+                        GOST_R_INVALID_PARAMSET);
                 return 0;
             }
         }
@@ -246,6 +289,49 @@ static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
     return -2;
 }
 
+static int pkey_gost_ec_ctrl_str_512(EVP_PKEY_CTX *ctx,
+                                     const char *type, const char *value)
+{
+    int param_nid = NID_undef;
+
+    if (strcmp(type, param_ctrl_string))
+        return -2;
+
+    if (!value)
+        return 0;
+
+    if (strlen(value) == 1) {
+        switch (toupper((unsigned char)value[0])) {
+        case 'A':
+            param_nid = NID_id_tc26_gost_3410_2012_512_paramSetA;
+            break;
+
+        case 'B':
+            param_nid = NID_id_tc26_gost_3410_2012_512_paramSetB;
+            break;
+
+        default:
+            return 0;
+        }
+    } else {
+        R3410_ec_params *p = R3410_2012_512_paramset;
+        param_nid = OBJ_txt2nid(value);
+        if (param_nid == NID_undef)
+            return 0;
+
+        while (p->nid != NID_undef && p->nid != param_nid)
+            p++;
+
+        if (p->nid == NID_undef) {
+            GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_512,
+                    GOST_R_INVALID_PARAMSET);
+            return 0;
+        }
+    }
+
+    return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, param_nid, NULL);
+}
+
 /* --------------------- key generation  --------------------------------*/
 
 static int pkey_gost_paramgen_init(EVP_PKEY_CTX *ctx)
@@ -257,38 +343,83 @@ static int pkey_gost94_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
     struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
     DSA *dsa = NULL;
-    if (data->sign_param_nid == NID_undef) {
+    if (!data || data->sign_param_nid == NID_undef) {
         GOSTerr(GOST_F_PKEY_GOST94_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
         return 0;
     }
     dsa = DSA_new();
-    if (!fill_GOST94_params(dsa, data->sign_param_nid)) {
+    if (!fill_GOST94_params(dsa, data->sign_param_nid)
+        || !EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa)) {
         DSA_free(dsa);
         return 0;
     }
-    EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa);
     return 1;
 }
 
-static int pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+static int pkey_gost2001_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
     struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
     EC_KEY *ec = NULL;
 
-    if (data->sign_param_nid == NID_undef) {
+    if (!data || data->sign_param_nid == NID_undef) {
         GOSTerr(GOST_F_PKEY_GOST01_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
         return 0;
     }
-    if (!ec)
-        ec = EC_KEY_new();
-    if (!fill_GOST2001_params(ec, data->sign_param_nid)) {
+
+    ec = EC_KEY_new();
+    if (!fill_GOST_EC_params(ec, data->sign_param_nid)
+        || !EVP_PKEY_assign(pkey, NID_id_GostR3410_2001, ec)) {
         EC_KEY_free(ec);
         return 0;
     }
-    EVP_PKEY_assign(pkey, NID_id_GostR3410_2001, ec);
     return 1;
 }
 
+static int pkey_gost2012_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+    EC_KEY *ec;
+    int result = 0;
+
+    if (!data || data->sign_param_nid == NID_undef) {
+        GOSTerr(GOST_F_PKEY_GOST12_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
+        return 0;
+    }
+
+    ec = EC_KEY_new();
+    if (!fill_GOST_EC_params(ec, data->sign_param_nid)) {
+        EC_KEY_free(ec);
+        return 0;
+    }
+
+    switch (data->sign_param_nid) {
+    case NID_id_tc26_gost_3410_2012_512_paramSetA:
+    case NID_id_tc26_gost_3410_2012_512_paramSetB:
+        result =
+            (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_512, ec)) ? 1 : 0;
+        break;
+
+    case NID_id_GostR3410_2001_CryptoPro_A_ParamSet:
+    case NID_id_GostR3410_2001_CryptoPro_B_ParamSet:
+    case NID_id_GostR3410_2001_CryptoPro_C_ParamSet:
+    case NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet:
+    case NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet:
+    case NID_id_GostR3410_2001_TestParamSet:
+        result =
+            (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_256, ec)) ? 1 : 0;
+        break;
+    default:
+        result = 0;
+        break;
+    }
+
+    if (result == 0)
+        EC_KEY_free(ec);
+
+    return result;
+}
+
+/* ----------- keygen callbacks --------------------------------------*/
 /* Generates Gost_R3410_94_cp key */
 static int pkey_gost94cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
@@ -301,13 +432,23 @@ static int pkey_gost94cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 }
 
 /* Generates GOST_R3410 2001 key and assigns it using specified type */
-static int pkey_gost01cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+static int pkey_gost2001cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
     EC_KEY *ec;
-    if (!pkey_gost01_paramgen(ctx, pkey))
+    if (!pkey_gost2001_paramgen(ctx, pkey))
         return 0;
     ec = EVP_PKEY_get0(pkey);
-    gost2001_keygen(ec);
+    gost_ec_keygen(ec);
+    return 1;
+}
+
+/* Generates GOST_R3410 2012 key and assigns it using specified type */
+static int pkey_gost2012cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    if (!pkey_gost2012_paramgen(ctx, pkey))
+        return 0;
+
+    gost_ec_keygen(EVP_PKEY_get0(pkey));
     return 1;
 }
 
@@ -332,23 +473,40 @@ static int pkey_gost94_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
     return pack_sign_cp(unpacked_sig, 32, sig, siglen);
 }
 
-static int pkey_gost01_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
-                               size_t *siglen, const unsigned char *tbs,
-                               size_t tbs_len)
+static int pkey_gost_ec_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
+                                size_t *siglen, const unsigned char *tbs,
+                                size_t tbs_len)
 {
     DSA_SIG *unpacked_sig = NULL;
     EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
+    int order = 0;
+
     if (!siglen)
         return 0;
+    if (!pkey)
+        return 0;
+
+    switch (EVP_PKEY_base_id(pkey)) {
+    case NID_id_GostR3410_2001:
+    case NID_id_GostR3410_2012_256:
+        order = 64;
+        break;
+    case NID_id_GostR3410_2012_512:
+        order = 128;
+        break;
+    default:
+        return 0;
+    }
+
     if (!sig) {
-        *siglen = 64;           /* better to check size of curve order */
+        *siglen = order;
         return 1;
     }
-    unpacked_sig = gost2001_do_sign(tbs, tbs_len, EVP_PKEY_get0(pkey));
+    unpacked_sig = gost_ec_sign(tbs, tbs_len, EVP_PKEY_get0(pkey));
     if (!unpacked_sig) {
         return 0;
     }
-    return pack_sign_cp(unpacked_sig, 32, sig, siglen);
+    return pack_sign_cp(unpacked_sig, order / 2, sig, siglen);
 }
 
 /* ------------------- verify callbacks ---------------------------*/
@@ -359,7 +517,7 @@ static int pkey_gost94_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
 {
     int ok = 0;
     EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
-    DSA_SIG *s = unpack_cp_signature(sig, siglen);
+    DSA_SIG *s = (sig) ? unpack_cp_signature(sig, siglen) : NULL;
     if (!s)
         return 0;
     if (pub_key)
@@ -368,13 +526,13 @@ static int pkey_gost94_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
     return ok;
 }
 
-static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
-                                 size_t siglen, const unsigned char *tbs,
-                                 size_t tbs_len)
+static int pkey_gost_ec_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
+                                  size_t siglen, const unsigned char *tbs,
+                                  size_t tbs_len)
 {
     int ok = 0;
     EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
-    DSA_SIG *s = unpack_cp_signature(sig, siglen);
+    DSA_SIG *s = (sig) ? unpack_cp_signature(sig, siglen) : NULL;
     if (!s)
         return 0;
 #ifdef DEBUG_SIGN
@@ -385,7 +543,7 @@ static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
     fprintf(stderr, "\n");
 #endif
     if (pub_key)
-        ok = gost2001_do_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
+        ok = gost_ec_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
     DSA_SIG_free(s);
     return ok;
 }
@@ -418,7 +576,8 @@ static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx)
 static void pkey_gost_mac_cleanup(EVP_PKEY_CTX *ctx)
 {
     struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
-    OPENSSL_free(data);
+    if (data)
+        OPENSSL_free(data);
 }
 
 static int pkey_gost_mac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
@@ -429,6 +588,9 @@ static int pkey_gost_mac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
     }
     src_data = EVP_PKEY_CTX_get_data(src);
     dst_data = EVP_PKEY_CTX_get_data(dst);
+    if (!src_data || !dst_data)
+        return 0;
+
     *dst_data = *src_data;
     return 1;
 }
@@ -441,7 +603,8 @@ static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
     switch (type) {
     case EVP_PKEY_CTRL_MD:
         {
-            if (EVP_MD_type((const EVP_MD *)p2) != NID_id_Gost28147_89_MAC) {
+            int nid = EVP_MD_type((const EVP_MD *)p2);
+            if (nid != NID_id_Gost28147_89_MAC && nid != NID_gost_mac_12) {
                 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
                         GOST_R_INVALID_DIGEST_TYPE);
                 return 0;
@@ -507,7 +670,7 @@ static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx,
                                   32, (char *)value);
     }
     if (!strcmp(type, hexkey_ctrl_string)) {
-        long keylen;
+        long keylen = 0;
         int ret;
         unsigned char *keybuf = string_to_hex(value, &keylen);
         if (!keybuf || keylen != 32) {
@@ -524,20 +687,33 @@ static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx,
     return -2;
 }
 
-static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+static int pkey_gost_mac_keygen_base(EVP_PKEY_CTX *ctx,
+                                     EVP_PKEY *pkey, int mac_nid)
 {
     struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
     unsigned char *keydata;
-    if (!data->key_set) {
+    if (!data || !data->key_set) {
         GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN, GOST_R_MAC_KEY_NOT_SET);
         return 0;
     }
     keydata = OPENSSL_malloc(32);
+    if (!keydata)
+        return 0;
     memcpy(keydata, data->key, 32);
-    EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata);
+    EVP_PKEY_assign(pkey, mac_nid, keydata);
     return 1;
 }
 
+static int pkey_gost_mac_keygen_12(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    return pkey_gost_mac_keygen_base(ctx, pkey, NID_gost_mac_12);
+}
+
+static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    return pkey_gost_mac_keygen_base(ctx, pkey, NID_id_Gost28147_89_MAC);
+}
+
 static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
 {
     return 1;
@@ -546,9 +722,14 @@ static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
 static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
                                  size_t *siglen, EVP_MD_CTX *mctx)
 {
-    unsigned int tmpsiglen = *siglen; /* for platforms where
-                                       * sizeof(int)!=sizeof(size_t) */
+    unsigned int tmpsiglen;
     int ret;
+
+    if (!siglen)
+        return 0;
+    tmpsiglen = *siglen;        /* for platforms where sizeof(int) !=
+                                 * sizeof(size_t) */
+
     if (!sig) {
         *siglen = 4;
         return 1;
@@ -567,7 +748,7 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags)
 
     switch (id) {
     case NID_id_GostR3410_94:
-        EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ctrl94_str);
+        EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost94_ctrl_str);
         EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost94cp_keygen);
         EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost94_cp_sign);
         EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost94_cp_verify);
@@ -581,20 +762,57 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags)
                                    pkey_gost94_paramgen);
         break;
     case NID_id_GostR3410_2001:
-        EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ctrl01_str);
-        EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost01_cp_sign);
-        EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost01_cp_verify);
+        EVP_PKEY_meth_set_ctrl(*pmeth,
+                               pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256);
+        EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
+        EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify);
 
-        EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost01cp_keygen);
+        EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2001cp_keygen);
 
         EVP_PKEY_meth_set_encrypt(*pmeth,
                                   pkey_gost_encrypt_init,
-                                  pkey_GOST01cp_encrypt);
-        EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST01cp_decrypt);
+                                  pkey_GOST_ECcp_encrypt);
+        EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST_ECcp_decrypt);
         EVP_PKEY_meth_set_derive(*pmeth,
-                                 pkey_gost_derive_init, pkey_gost2001_derive);
+                                 pkey_gost_derive_init, pkey_gost_ec_derive);
         EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,
-                                   pkey_gost01_paramgen);
+                                   pkey_gost2001_paramgen);
+        break;
+    case NID_id_GostR3410_2012_256:
+        EVP_PKEY_meth_set_ctrl(*pmeth,
+                               pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256);
+        EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
+        EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify);
+
+        EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2012cp_keygen);
+
+        EVP_PKEY_meth_set_encrypt(*pmeth,
+                                  pkey_gost_encrypt_init,
+                                  pkey_GOST_ECcp_encrypt);
+        EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST_ECcp_decrypt);
+        EVP_PKEY_meth_set_derive(*pmeth,
+                                 pkey_gost_derive_init, pkey_gost_ec_derive);
+        EVP_PKEY_meth_set_paramgen(*pmeth,
+                                   pkey_gost_paramgen_init,
+                                   pkey_gost2012_paramgen);
+        break;
+    case NID_id_GostR3410_2012_512:
+        EVP_PKEY_meth_set_ctrl(*pmeth,
+                               pkey_gost_ctrl, pkey_gost_ec_ctrl_str_512);
+        EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
+        EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify);
+
+        EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2012cp_keygen);
+
+        EVP_PKEY_meth_set_encrypt(*pmeth,
+                                  pkey_gost_encrypt_init,
+                                  pkey_GOST_ECcp_encrypt);
+        EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST_ECcp_decrypt);
+        EVP_PKEY_meth_set_derive(*pmeth,
+                                 pkey_gost_derive_init, pkey_gost_ec_derive);
+        EVP_PKEY_meth_set_paramgen(*pmeth,
+                                   pkey_gost_paramgen_init,
+                                   pkey_gost2012_paramgen);
         break;
     case NID_id_Gost28147_89_MAC:
         EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl,
@@ -606,6 +824,16 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags)
         EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
         EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
         return 1;
+    case NID_gost_mac_12:
+        EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl,
+                               pkey_gost_mac_ctrl_str);
+        EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init,
+                                  pkey_gost_mac_signctx);
+        EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_mac_keygen_12);
+        EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init);
+        EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
+        EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
+        return 1;
     default:                   /* Unsupported method */
         return 0;
     }
index 07ad921ab530fd585168fbb2c0659e29d33ca897..48b4e7df437e3e4cb3e59a21d9a0f09ba655f4ab 100644 (file)
@@ -54,23 +54,29 @@ DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 {
     BIGNUM *k = NULL, *tmp = NULL, *tmp2 = NULL;
     DSA_SIG *newsig = NULL, *ret = NULL;
-    BIGNUM *md = hashsum2bn(dgst);
+    BIGNUM *md = NULL;
     /* check if H(M) mod q is zero */
-    BN_CTX *ctx = BN_CTX_new();
-    if(!ctx) {
+    BN_CTX *ctx;
+
+    OPENSSL_assert(dgst != NULL && dsa != NULL && dlen == 32);
+
+    ctx = BN_CTX_new();
+    if (!ctx) {
         GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
-        goto err;
+        return NULL;
     }
+
     BN_CTX_start(ctx);
+    md = hashsum2bn(dgst, dlen);
     newsig = DSA_SIG_new();
-    if (!newsig) {
+    if (!md || !newsig) {
         GOSTerr(GOST_F_GOST_DO_SIGN, GOST_R_NO_MEMORY);
         goto err;
     }
     tmp = BN_CTX_get(ctx);
     k = BN_CTX_get(ctx);
     tmp2 = BN_CTX_get(ctx);
-    if(!tmp || !k || !tmp2) {
+    if (!tmp || !k || !tmp2) {
         GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -88,7 +94,7 @@ DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
             BN_mod_exp(tmp, dsa->g, k, dsa->p, ctx);
             if (!(newsig->r)) {
                 newsig->r = BN_new();
-                if(!newsig->r) {
+                if (!newsig->r) {
                     GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
                     goto err;
                 }
@@ -101,7 +107,7 @@ DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
         BN_mod_mul(tmp2, k, md, dsa->q, ctx);
         if (!newsig->s) {
             newsig->s = BN_new();
-            if(!newsig->s) {
+            if (!newsig->s) {
                 GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
@@ -112,12 +118,11 @@ DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 
     ret = newsig;
  err:
-    BN_free(md);
-    if(ctx) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    if(!ret && newsig) {
+    if (md)
+        BN_free(md);
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    if (!ret && newsig) {
         DSA_SIG_free(newsig);
     }
     return ret;
@@ -167,19 +172,23 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len,
     BIGNUM *u = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
     BIGNUM *tmp2 = NULL, *tmp3 = NULL;
     int ok = 0;
-    BN_CTX *ctx = BN_CTX_new();
-    if(!ctx) {
-        GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
+    BN_CTX *ctx;
 
-    BN_CTX_start(ctx);
+    OPENSSL_assert(dgst != NULL && dgst_len == 32 && sig != NULL && dsa != NULL);
     if (BN_cmp(sig->s, dsa->q) >= 1 || BN_cmp(sig->r, dsa->q) >= 1) {
         GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
-        goto err;
+        return 0;
     }
-    md = hashsum2bn(dgst);
 
+    ctx = BN_CTX_new();
+    if (!ctx) {
+        GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    BN_CTX_start(ctx);
+
+    md = hashsum2bn(dgst, dgst_len);
     tmp = BN_CTX_get(ctx);
     v = BN_CTX_get(ctx);
     q2 = BN_CTX_get(ctx);
@@ -188,7 +197,7 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len,
     tmp2 = BN_CTX_get(ctx);
     tmp3 = BN_CTX_get(ctx);
     u = BN_CTX_get(ctx);
-    if(!tmp || !v || !q2 || !z1 || !z2 || !tmp2 || !tmp3 || !u) {
+    if (!tmp || !v || !q2 || !z1 || !z2 || !tmp2 || !tmp3 || !u) {
         GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -213,11 +222,10 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len,
         GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
     }
 err:
-    if(md) BN_free(md);
-    if(ctx) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
+    if (md)
+        BN_free(md);
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
     return ok;
 }
 
@@ -229,18 +237,19 @@ int gost94_compute_public(DSA *dsa)
 {
     /* Now fill algorithm parameters with correct values */
     BN_CTX *ctx;
-    if (!dsa->g) {
+    if (!dsa || !dsa->g) {
         GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITALIZED);
         return 0;
     }
+
     ctx = BN_CTX_new();
-    if(!ctx) {
+    if (!ctx) {
         GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
         return 0;
     }
 
     dsa->pub_key = BN_new();
-    if(!dsa->pub_key) {
+    if (!dsa->pub_key) {
         GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
         BN_CTX_free(ctx);
         return 0;
@@ -259,27 +268,20 @@ int gost94_compute_public(DSA *dsa)
 int fill_GOST94_params(DSA *dsa, int nid)
 {
     R3410_params *params = R3410_paramset;
+    if (!dsa || nid == NID_undef) {
+        GOSTerr(GOST_F_FILL_GOST94_PARAMS, GOST_R_UNSUPPORTED_PARAMETER_SET);
+        return 0;
+    }
+
     while (params->nid != NID_undef && params->nid != nid)
         params++;
     if (params->nid == NID_undef) {
         GOSTerr(GOST_F_FILL_GOST94_PARAMS, GOST_R_UNSUPPORTED_PARAMETER_SET);
         return 0;
     }
-#define dump_signature(a,b,c)
-    if (dsa->p) {
-        BN_free(dsa->p);
-    }
-    dsa->p = NULL;
+
     BN_dec2bn(&(dsa->p), params->p);
-    if (dsa->q) {
-        BN_free(dsa->q);
-    }
-    dsa->q = NULL;
     BN_dec2bn(&(dsa->q), params->q);
-    if (dsa->g) {
-        BN_free(dsa->g);
-    }
-    dsa->g = NULL;
     BN_dec2bn(&(dsa->g), params->a);
     return 1;
 }
@@ -291,8 +293,10 @@ int fill_GOST94_params(DSA *dsa, int nid)
  */
 int gost_sign_keygen(DSA *dsa)
 {
+    OPENSSL_assert(dsa != NULL);
+
     dsa->priv_key = BN_new();
-    if(!dsa->priv_key) {
+    if (!dsa->priv_key) {
         GOSTerr(GOST_F_GOST_SIGN_KEYGEN, ERR_R_MALLOC_FAILURE);
         return 0;
     }
@@ -332,14 +336,18 @@ DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen)
 }
 
 /* Convert little-endian byte array into bignum */
-BIGNUM *hashsum2bn(const unsigned char *dgst)
+BIGNUM *hashsum2bn(const unsigned char *dgst, int len)
 {
-    unsigned char buf[32];
+    unsigned char buf[64];
     int i;
-    for (i = 0; i < 32; i++) {
-        buf[31 - i] = dgst[i];
+
+    if (len > sizeof(buf))
+        return NULL;
+
+    for (i = 0; i < len; i++) {
+        buf[len - i - 1] = dgst[i];
     }
-    return getbnfrombuf(buf, 32);
+    return getbnfrombuf(buf, len);
 }
 
 /* Convert byte buffer to bignum, skipping leading zeros*/
index 72faa24ed5605fafc8db7316396f957e875a8fb1..ee4a57debbfef24a45e4339b9e79c0b1862bf008 100644 (file)
@@ -255,6 +255,8 @@ int finish_hash(gost_hash_ctx * ctx, byte * hashval)
         fin_len += ctx->left;
     }
     memset(buf, 0, 32);
+    if (fin_len == 0)
+        hash_step(ctx->cipher_ctx, H, buf);
     bptr = buf;
     fin_len <<= 3;              /* Hash length in BITS!! */
     while (fin_len > 0) {
diff --git a/gosthash2012.c b/gosthash2012.c
new file mode 100644 (file)
index 0000000..6a89237
--- /dev/null
@@ -0,0 +1,232 @@
+/*
+ * GOST R 34.11-2012 core functions.
+ *
+ * Copyright (c) 2013 Cryptocom LTD.
+ * This file is distributed under the same license as OpenSSL.
+ *
+ * Author: Alexey Degtyarev <alexey@renatasystems.org>
+ *
+ */
+
+#include "gosthash2012.h"
+
+#if defined(_WIN32) || defined(_WINDOWS)
+# define INLINE __inline
+#else
+# define INLINE inline
+#endif
+
+#define BSWAP64(x) \
+    (((x & 0xFF00000000000000ULL) >> 56) | \
+     ((x & 0x00FF000000000000ULL) >> 40) | \
+     ((x & 0x0000FF0000000000ULL) >> 24) | \
+     ((x & 0x000000FF00000000ULL) >>  8) | \
+     ((x & 0x00000000FF000000ULL) <<  8) | \
+     ((x & 0x0000000000FF0000ULL) << 24) | \
+     ((x & 0x000000000000FF00ULL) << 40) | \
+     ((x & 0x00000000000000FFULL) << 56))
+
+/*
+ * Initialize gost2012 hash context structure
+ */
+void init_gost2012_hash_ctx(gost2012_hash_ctx * CTX,
+                            const unsigned int digest_size)
+{
+    unsigned int i;
+
+    memset(CTX, 0, sizeof(gost2012_hash_ctx));
+
+    CTX->digest_size = digest_size;
+    if (digest_size == 256)
+        memset(&CTX->h, 0x01, sizeof(uint512_u));
+    else
+        memset(&CTX->h, 0x00, sizeof(uint512_u));
+}
+
+static INLINE void pad(gost2012_hash_ctx * CTX)
+{
+    unsigned char buf[64];
+
+    if (CTX->bufsize > 63)
+        return;
+
+    memset(&buf, 0x00, sizeof buf);
+    memcpy(&buf, CTX->buffer, CTX->bufsize);
+
+    buf[CTX->bufsize] = 0x01;
+    memcpy(CTX->buffer, &buf, sizeof buf);
+}
+
+static INLINE void add512(const union uint512_u *x,
+                          const union uint512_u *y, union uint512_u *r)
+{
+#ifndef __GOST3411_BIG_ENDIAN__
+    unsigned int CF, OF;
+    unsigned int i;
+
+    CF = 0;
+    for (i = 0; i < 8; i++) {
+        r->QWORD[i] = x->QWORD[i] + y->QWORD[i];
+        if (r->QWORD[i] < y->QWORD[i] || r->QWORD[i] < x->QWORD[i])
+            OF = 1;
+        else
+            OF = 0;
+
+        r->QWORD[i] += CF;
+        CF = OF;
+    }
+#else
+    const unsigned char *xp, *yp;
+    unsigned char *rp;
+    unsigned int i;
+    int buf;
+
+    xp = (const unsigned char *)&x[0];
+    yp = (const unsigned char *)&y[0];
+    rp = (unsigned char *)&r[0];
+
+    buf = 0;
+    for (i = 0; i < 64; i++) {
+        buf = xp[i] + yp[i] + (buf >> 8);
+        rp[i] = (unsigned char)buf & 0xFF;
+    }
+#endif
+}
+
+static void g(union uint512_u *h, const union uint512_u *N,
+              const unsigned char *m)
+{
+#ifdef __GOST3411_HAS_SSE2__
+    __m128i xmm0, xmm2, xmm4, xmm6; /* XMMR0-quadruple */
+    __m128i xmm1, xmm3, xmm5, xmm7; /* XMMR1-quadruple */
+    unsigned int i;
+
+    LOAD(N, xmm0, xmm2, xmm4, xmm6);
+    XLPS128M(h, xmm0, xmm2, xmm4, xmm6);
+
+    LOAD(m, xmm1, xmm3, xmm5, xmm7);
+    XLPS128R(xmm0, xmm2, xmm4, xmm6, xmm1, xmm3, xmm5, xmm7);
+
+    for (i = 0; i < 11; i++)
+        ROUND128(i, xmm0, xmm2, xmm4, xmm6, xmm1, xmm3, xmm5, xmm7);
+
+    XLPS128M((&C[11]), xmm0, xmm2, xmm4, xmm6);
+    X128R(xmm0, xmm2, xmm4, xmm6, xmm1, xmm3, xmm5, xmm7);
+
+    X128M(h, xmm0, xmm2, xmm4, xmm6);
+    X128M(m, xmm0, xmm2, xmm4, xmm6);
+
+    UNLOAD(h, xmm0, xmm2, xmm4, xmm6);
+
+    /* Restore the Floating-point status on the CPU */
+    _mm_empty();
+#else
+    union uint512_u Ki, data;
+    unsigned int i;
+
+    XLPS(h, N, (&data));
+
+    /* Starting E() */
+    Ki = data;
+    XLPS((&Ki), ((const union uint512_u *)&m[0]), (&data));
+
+    for (i = 0; i < 11; i++)
+        ROUND(i, (&Ki), (&data));
+
+    XLPS((&Ki), (&C[11]), (&Ki));
+    X((&Ki), (&data), (&data));
+    /* E() done */
+
+    X((&data), h, (&data));
+    X((&data), ((const union uint512_u *)&m[0]), h);
+#endif
+}
+
+static INLINE void stage2(gost2012_hash_ctx * CTX, const unsigned char *data)
+{
+    g(&(CTX->h), &(CTX->N), data);
+
+    add512(&(CTX->N), &buffer512, &(CTX->N));
+    add512(&(CTX->Sigma), (const union uint512_u *)data, &(CTX->Sigma));
+}
+
+static INLINE void stage3(gost2012_hash_ctx * CTX)
+{
+    ALIGN(16) union uint512_u buf;
+
+    memset(&buf, 0x00, sizeof buf);
+    memcpy(&buf, &(CTX->buffer), CTX->bufsize);
+    memcpy(&(CTX->buffer), &buf, sizeof(uint512_u));
+
+    memset(&buf, 0x00, sizeof buf);
+#ifndef __GOST3411_BIG_ENDIAN__
+    buf.QWORD[0] = CTX->bufsize << 3;
+#else
+    buf.QWORD[0] = BSWAP64(CTX->bufsize << 3);
+#endif
+
+    pad(CTX);
+
+    g(&(CTX->h), &(CTX->N), (const unsigned char *)&(CTX->buffer));
+
+    add512(&(CTX->N), &buf, &(CTX->N));
+    add512(&(CTX->Sigma), (const union uint512_u *)&CTX->buffer[0],
+           &(CTX->Sigma));
+
+    g(&(CTX->h), &buffer0, (const unsigned char *)&(CTX->N));
+
+    g(&(CTX->h), &buffer0, (const unsigned char *)&(CTX->Sigma));
+    memcpy(&(CTX->hash), &(CTX->h), sizeof(uint512_u));
+}
+
+/*
+ * Hash block of arbitrary length
+ *
+ */
+void gost2012_hash_block(gost2012_hash_ctx * CTX,
+                         const unsigned char *data, size_t len)
+{
+    size_t chunksize;
+
+    while (len > 63 && CTX->bufsize == 0) {
+        stage2(CTX, data);
+
+        data += 64;
+        len -= 64;
+    }
+
+    while (len) {
+        chunksize = 64 - CTX->bufsize;
+        if (chunksize > len)
+            chunksize = len;
+
+        memcpy(&CTX->buffer[CTX->bufsize], data, chunksize);
+
+        CTX->bufsize += chunksize;
+        len -= chunksize;
+        data += chunksize;
+
+        if (CTX->bufsize == 64) {
+            stage2(CTX, CTX->buffer);
+
+            CTX->bufsize = 0;
+        }
+    }
+}
+
+/*
+ * Compute hash value from current state of ctx
+ * state of hash ctx becomes invalid and cannot be used for further
+ * hashing.
+ */
+void gost2012_finish_hash(gost2012_hash_ctx * CTX, unsigned char *digest)
+{
+    stage3(CTX);
+
+    CTX->bufsize = 0;
+
+    if (CTX->digest_size == 256)
+        memcpy(digest, &(CTX->hash.QWORD[4]), 32);
+    else
+        memcpy(digest, &(CTX->hash.QWORD[0]), 64);
+}
diff --git a/gosthash2012.h b/gosthash2012.h
new file mode 100644 (file)
index 0000000..021b7d4
--- /dev/null
@@ -0,0 +1,66 @@
+/*
+ * GOST R 34.11-2012 core functions definitions.
+ *
+ * Copyright (c) 2013 Cryptocom LTD.
+ * This file is distributed under the same license as OpenSSL.
+ *
+ * Author: Alexey Degtyarev <alexey@renatasystems.org>
+ *
+ */
+
+#include <string.h>
+
+#ifdef OPENSSL_IA32_SSE2
+# ifdef __MMX__
+#  ifdef __SSE2__
+#   define __GOST3411_HAS_SSE2__
+#  endif
+# endif
+#endif
+
+#ifdef __GOST3411_HAS_SSE2__
+# if (__GNUC__ < 4) || (__GNUC__ == 4 && __GNUC_MINOR__ < 2)
+#  undef __GOST3411_HAS_SSE2__
+# endif
+#endif
+
+#ifndef L_ENDIAN
+# define __GOST3411_BIG_ENDIAN__
+#endif
+#if defined __GOST3411_HAS_SSE2__
+# include "gosthash2012_sse2.h"
+#else
+# include "gosthash2012_ref.h"
+#endif
+
+#ifdef _MSC_VER
+# define ALIGN(x) __declspec(align(x))
+#else
+# define ALIGN(x) __attribute__ ((__aligned__(x)))
+#endif
+
+ALIGN(16)
+typedef union uint512_u {
+    unsigned long long QWORD[8];
+} uint512_u;
+
+#include "gosthash2012_const.h"
+#include "gosthash2012_precalc.h"
+
+/* GOST R 34.11-2012 hash context */
+ALIGN(16)
+typedef struct gost2012_hash_ctx {
+    ALIGN(16) unsigned char buffer[64];
+    union uint512_u hash;
+    union uint512_u h;
+    union uint512_u N;
+    union uint512_u Sigma;
+    size_t bufsize;
+    unsigned int digest_size;
+} gost2012_hash_ctx;
+
+void init_gost2012_hash_ctx(gost2012_hash_ctx * CTX,
+                            const unsigned int digest_size);
+void gost2012_hash_block(gost2012_hash_ctx * CTX,
+                         const unsigned char *data, size_t len);
+void gost2012_finish_hash(gost2012_hash_ctx * CTX, unsigned char *digest);
diff --git a/gosthash2012_const.h b/gosthash2012_const.h
new file mode 100644 (file)
index 0000000..bd88c32
--- /dev/null
@@ -0,0 +1,352 @@
+/*
+ * GOST R 34.11-2012 constants.
+ *
+ * Copyright (c) 2013 Cryptocom LTD.
+ * This file is distributed under the same license as OpenSSL.
+ *
+ * Author: Alexey Degtyarev <alexey@renatasystems.org>
+ *
+ */
+
+ALIGN(16)
+static const union uint512_u buffer0 = {
+    {0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL}
+};
+
+#ifndef __GOST3411_BIG_ENDIAN__
+ALIGN(16)
+static const union uint512_u buffer512 = {
+    {0x0000000000000200ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL,
+     0x0ULL}
+};
+#else
+ALIGN(16)
+static const union uint512_u buffer512 = {
+    {0x0002000000000000ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL,
+     0x0ULL}
+};
+#endif
+
+#ifndef __GOST3411_BIG_ENDIAN__
+ALIGN(16)
+static const union uint512_u C[12] = {
+    {{
+      0xdd806559f2a64507ULL,
+      0x05767436cc744d23ULL,
+      0xa2422a08a460d315ULL,
+      0x4b7ce09192676901ULL,
+      0x714eb88d7585c4fcULL,
+      0x2f6a76432e45d016ULL,
+      0xebcb2f81c0657c1fULL,
+      0xb1085bda1ecadae9ULL}},
+    {{
+      0xe679047021b19bb7ULL,
+      0x55dda21bd7cbcd56ULL,
+      0x5cb561c2db0aa7caULL,
+      0x9ab5176b12d69958ULL,
+      0x61d55e0f16b50131ULL,
+      0xf3feea720a232b98ULL,
+      0x4fe39d460f70b5d7ULL,
+      0x6fa3b58aa99d2f1aULL}},
+    {{
+      0x991e96f50aba0ab2ULL,
+      0xc2b6f443867adb31ULL,
+      0xc1c93a376062db09ULL,
+      0xd3e20fe490359eb1ULL,
+      0xf2ea7514b1297b7bULL,
+      0x06f15e5f529c1f8bULL,
+      0x0a39fc286a3d8435ULL,
+      0xf574dcac2bce2fc7ULL}},
+    {{
+      0x220cbebc84e3d12eULL,
+      0x3453eaa193e837f1ULL,
+      0xd8b71333935203beULL,
+      0xa9d72c82ed03d675ULL,
+      0x9d721cad685e353fULL,
+      0x488e857e335c3c7dULL,
+      0xf948e1a05d71e4ddULL,
+      0xef1fdfb3e81566d2ULL}},
+    {{
+      0x601758fd7c6cfe57ULL,
+      0x7a56a27ea9ea63f5ULL,
+      0xdfff00b723271a16ULL,
+      0xbfcd1747253af5a3ULL,
+      0x359e35d7800fffbdULL,
+      0x7f151c1f1686104aULL,
+      0x9a3f410c6ca92363ULL,
+      0x4bea6bacad474799ULL}},
+    {{
+      0xfa68407a46647d6eULL,
+      0xbf71c57236904f35ULL,
+      0x0af21f66c2bec6b6ULL,
+      0xcffaa6b71c9ab7b4ULL,
+      0x187f9ab49af08ec6ULL,
+      0x2d66c4f95142a46cULL,
+      0x6fa4c33b7a3039c0ULL,
+      0xae4faeae1d3ad3d9ULL}},
+    {{
+      0x8886564d3a14d493ULL,
+      0x3517454ca23c4af3ULL,
+      0x06476983284a0504ULL,
+      0x0992abc52d822c37ULL,
+      0xd3473e33197a93c9ULL,
+      0x399ec6c7e6bf87c9ULL,
+      0x51ac86febf240954ULL,
+      0xf4c70e16eeaac5ecULL}},
+    {{
+      0xa47f0dd4bf02e71eULL,
+      0x36acc2355951a8d9ULL,
+      0x69d18d2bd1a5c42fULL,
+      0xf4892bcb929b0690ULL,
+      0x89b4443b4ddbc49aULL,
+      0x4eb7f8719c36de1eULL,
+      0x03e7aa020c6e4141ULL,
+      0x9b1f5b424d93c9a7ULL}},
+    {{
+      0x7261445183235adbULL,
+      0x0e38dc92cb1f2a60ULL,
+      0x7b2b8a9aa6079c54ULL,
+      0x800a440bdbb2ceb1ULL,
+      0x3cd955b7e00d0984ULL,
+      0x3a7d3a1b25894224ULL,
+      0x944c9ad8ec165fdeULL,
+      0x378f5a541631229bULL}},
+    {{
+      0x74b4c7fb98459cedULL,
+      0x3698fad1153bb6c3ULL,
+      0x7a1e6c303b7652f4ULL,
+      0x9fe76702af69334bULL,
+      0x1fffe18a1b336103ULL,
+      0x8941e71cff8a78dbULL,
+      0x382ae548b2e4f3f3ULL,
+      0xabbedea680056f52ULL}},
+    {{
+      0x6bcaa4cd81f32d1bULL,
+      0xdea2594ac06fd85dULL,
+      0xefbacd1d7d476e98ULL,
+      0x8a1d71efea48b9caULL,
+      0x2001802114846679ULL,
+      0xd8fa6bbbebab0761ULL,
+      0x3002c6cd635afe94ULL,
+      0x7bcd9ed0efc889fbULL}},
+    {{
+      0x48bc924af11bd720ULL,
+      0xfaf417d5d9b21b99ULL,
+      0xe71da4aa88e12852ULL,
+      0x5d80ef9d1891cc86ULL,
+      0xf82012d430219f9bULL,
+      0xcda43c32bcdf1d77ULL,
+      0xd21380b00449b17aULL,
+      0x378ee767f11631baULL}}
+};
+#else
+ALIGN(16)
+static const union uint512_u C[12] = {
+    {{
+      0x0745a6f2596580ddULL,
+      0x234d74cc36747605ULL,
+      0x15d360a4082a42a2ULL,
+      0x0169679291e07c4bULL,
+      0xfcc485758db84e71ULL,
+      0x16d0452e43766a2fULL,
+      0x1f7c65c0812fcbebULL,
+      0xe9daca1eda5b08b1ULL}},
+    {{
+      0xb79bb121700479e6ULL,
+      0x56cdcbd71ba2dd55ULL,
+      0xcaa70adbc261b55cULL,
+      0x5899d6126b17b59aULL,
+      0x3101b5160f5ed561ULL,
+      0x982b230a72eafef3ULL,
+      0xd7b5700f469de34fULL,
+      0x1a2f9da98ab5a36fULL}},
+    {{
+      0xb20aba0af5961e99ULL,
+      0x31db7a8643f4b6c2ULL,
+      0x09db6260373ac9c1ULL,
+      0xb19e3590e40fe2d3ULL,
+      0x7b7b29b11475eaf2ULL,
+      0x8b1f9c525f5ef106ULL,
+      0x35843d6a28fc390aULL,
+      0xc72fce2bacdc74f5ULL}},
+    {{
+      0x2ed1e384bcbe0c22ULL,
+      0xf137e893a1ea5334ULL,
+      0xbe0352933313b7d8ULL,
+      0x75d603ed822cd7a9ULL,
+      0x3f355e68ad1c729dULL,
+      0x7d3c5c337e858e48ULL,
+      0xdde4715da0e148f9ULL,
+      0xd26615e8b3df1fefULL}},
+    {{
+      0x57fe6c7cfd581760ULL,
+      0xf563eaa97ea2567aULL,
+      0x161a2723b700ffdfULL,
+      0xa3f53a254717cdbfULL,
+      0xbdff0f80d7359e35ULL,
+      0x4a1086161f1c157fULL,
+      0x6323a96c0c413f9aULL,
+      0x994747adac6bea4bULL}},
+    {{
+      0x6e7d64467a4068faULL,
+      0x354f903672c571bfULL,
+      0xb6c6bec2661ff20aULL,
+      0xb4b79a1cb7a6facfULL,
+      0xc68ef09ab49a7f18ULL,
+      0x6ca44251f9c4662dULL,
+      0xc039307a3bc3a46fULL,
+      0xd9d33a1daeae4faeULL}},
+    {{
+      0x93d4143a4d568688ULL,
+      0xf34a3ca24c451735ULL,
+      0x04054a2883694706ULL,
+      0x372c822dc5ab9209ULL,
+      0xc9937a19333e47d3ULL,
+      0xc987bfe6c7c69e39ULL,
+      0x540924bffe86ac51ULL,
+      0xecc5aaee160ec7f4ULL}},
+    {{
+      0x1ee702bfd40d7fa4ULL,
+      0xd9a8515935c2ac36ULL,
+      0x2fc4a5d12b8dd169ULL,
+      0x90069b92cb2b89f4ULL,
+      0x9ac4db4d3b44b489ULL,
+      0x1ede369c71f8b74eULL,
+      0x41416e0c02aae703ULL,
+      0xa7c9934d425b1f9bULL}},
+    {{
+      0xdb5a238351446172ULL,
+      0x602a1fcb92dc380eULL,
+      0x549c07a69a8a2b7bULL,
+      0xb1ceb2db0b440a80ULL,
+      0x84090de0b755d93cULL,
+      0x244289251b3a7d3aULL,
+      0xde5f16ecd89a4c94ULL,
+      0x9b223116545a8f37ULL}},
+    {{
+      0xed9c4598fbc7b474ULL,
+      0xc3b63b15d1fa9836ULL,
+      0xf452763b306c1e7aULL,
+      0x4b3369af0267e79fULL,
+      0x0361331b8ae1ff1fULL,
+      0xdb788aff1ce74189ULL,
+      0xf3f3e4b248e52a38ULL,
+      0x526f0580a6debeabULL}},
+    {{
+      0x1b2df381cda4ca6bULL,
+      0x5dd86fc04a59a2deULL,
+      0x986e477d1dcdbaefULL,
+      0xcab948eaef711d8aULL,
+      0x7966841421800120ULL,
+      0x6107abebbb6bfad8ULL,
+      0x94fe5a63cdc60230ULL,
+      0xfb89c8efd09ecd7bULL}},
+    {{
+      0x20d71bf14a92bc48ULL,
+      0x991bb2d9d517f4faULL,
+      0x5228e188aaa41de7ULL,
+      0x86cc91189def805dULL,
+      0x9b9f2130d41220f8ULL,
+      0x771ddfbc323ca4cdULL,
+      0x7ab14904b08013d2ULL,
+      0xba3116f167e78e37ULL}}
+};
+#endif
+
+#ifndef __GOST3411_BIG_ENDIAN__
+static const unsigned long long A[64] = {
+    0x8e20faa72ba0b470ULL, 0x47107ddd9b505a38ULL, 0xad08b0e0c3282d1cULL,
+    0xd8045870ef14980eULL, 0x6c022c38f90a4c07ULL, 0x3601161cf205268dULL,
+    0x1b8e0b0e798c13c8ULL, 0x83478b07b2468764ULL, 0xa011d380818e8f40ULL,
+    0x5086e740ce47c920ULL, 0x2843fd2067adea10ULL, 0x14aff010bdd87508ULL,
+    0x0ad97808d06cb404ULL, 0x05e23c0468365a02ULL, 0x8c711e02341b2d01ULL,
+    0x46b60f011a83988eULL, 0x90dab52a387ae76fULL, 0x486dd4151c3dfdb9ULL,
+    0x24b86a840e90f0d2ULL, 0x125c354207487869ULL, 0x092e94218d243cbaULL,
+    0x8a174a9ec8121e5dULL, 0x4585254f64090fa0ULL, 0xaccc9ca9328a8950ULL,
+    0x9d4df05d5f661451ULL, 0xc0a878a0a1330aa6ULL, 0x60543c50de970553ULL,
+    0x302a1e286fc58ca7ULL, 0x18150f14b9ec46ddULL, 0x0c84890ad27623e0ULL,
+    0x0642ca05693b9f70ULL, 0x0321658cba93c138ULL, 0x86275df09ce8aaa8ULL,
+    0x439da0784e745554ULL, 0xafc0503c273aa42aULL, 0xd960281e9d1d5215ULL,
+    0xe230140fc0802984ULL, 0x71180a8960409a42ULL, 0xb60c05ca30204d21ULL,
+    0x5b068c651810a89eULL, 0x456c34887a3805b9ULL, 0xac361a443d1c8cd2ULL,
+    0x561b0d22900e4669ULL, 0x2b838811480723baULL, 0x9bcf4486248d9f5dULL,
+    0xc3e9224312c8c1a0ULL, 0xeffa11af0964ee50ULL, 0xf97d86d98a327728ULL,
+    0xe4fa2054a80b329cULL, 0x727d102a548b194eULL, 0x39b008152acb8227ULL,
+    0x9258048415eb419dULL, 0x492c024284fbaec0ULL, 0xaa16012142f35760ULL,
+    0x550b8e9e21f7a530ULL, 0xa48b474f9ef5dc18ULL, 0x70a6a56e2440598eULL,
+    0x3853dc371220a247ULL, 0x1ca76e95091051adULL, 0x0edd37c48a08a6d8ULL,
+    0x07e095624504536cULL, 0x8d70c431ac02a736ULL, 0xc83862965601dd1bULL,
+    0x641c314b2b8ee083ULL
+};
+#else
+static const unsigned long long A[64] = {
+    0x70b4a02ba7fa208eULL, 0x385a509bdd7d1047ULL, 0x1c2d28c3e0b008adULL,
+    0x0e9814ef705804d8ULL, 0x074c0af9382c026cULL, 0x8d2605f21c160136ULL,
+    0xc8138c790e0b8e1bULL, 0x648746b2078b4783ULL, 0x408f8e8180d311a0ULL,
+    0x20c947ce40e78650ULL, 0x10eaad6720fd4328ULL, 0x0875d8bd10f0af14ULL,
+    0x04b46cd00878d90aULL, 0x025a3668043ce205ULL, 0x012d1b34021e718cULL,
+    0x8e98831a010fb646ULL, 0x6fe77a382ab5da90ULL, 0xb9fd3d1c15d46d48ULL,
+    0xd2f0900e846ab824ULL, 0x6978480742355c12ULL, 0xba3c248d21942e09ULL,
+    0x5d1e12c89e4a178aULL, 0xa00f09644f258545ULL, 0x50898a32a99cccacULL,
+    0x5114665f5df04d9dULL, 0xa60a33a1a078a8c0ULL, 0x530597de503c5460ULL,
+    0xa78cc56f281e2a30ULL, 0xdd46ecb9140f1518ULL, 0xe02376d20a89840cULL,
+    0x709f3b6905ca4206ULL, 0x38c193ba8c652103ULL, 0xa8aae89cf05d2786ULL,
+    0x5455744e78a09d43ULL, 0x2aa43a273c50c0afULL, 0x15521d9d1e2860d9ULL,
+    0x842980c00f1430e2ULL, 0x429a4060890a1871ULL, 0x214d2030ca050cb6ULL,
+    0x9ea81018658c065bULL, 0xb905387a88346c45ULL, 0xd28c1c3d441a36acULL,
+    0x69460e90220d1b56ULL, 0xba2307481188832bULL, 0x5d9f8d248644cf9bULL,
+    0xa0c1c8124322e9c3ULL, 0x50ee6409af11faefULL, 0x2877328ad9867df9ULL,
+    0x9c320ba85420fae4ULL, 0x4e198b542a107d72ULL, 0x2782cb2a1508b039ULL,
+    0x9d41eb1584045892ULL, 0xc0aefb8442022c49ULL, 0x6057f342210116aaULL,
+    0x30a5f7219e8e0b55ULL, 0x18dcf59e4f478ba4ULL, 0x8e5940246ea5a670ULL,
+    0x47a2201237dc5338ULL, 0xad511009956ea71cULL, 0xd8a6088ac437dd0eULL,
+    0x6c5304456295e007ULL, 0x36a702ac31c4708dULL, 0x1bdd0156966238c8ULL,
+    0x83e08e2b4b311c64ULL
+};
+#endif
+
+static const unsigned char Tau[64] = {
+    0, 8, 16, 24, 32, 40, 48, 56,
+    1, 9, 17, 25, 33, 41, 49, 57,
+    2, 10, 18, 26, 34, 42, 50, 58,
+    3, 11, 19, 27, 35, 43, 51, 59,
+    4, 12, 20, 28, 36, 44, 52, 60,
+    5, 13, 21, 29, 37, 45, 53, 61,
+    6, 14, 22, 30, 38, 46, 54, 62,
+    7, 15, 23, 31, 39, 47, 55, 63
+};
+
+static const unsigned char Pi[256] = {
+    252, 238, 221, 17, 207, 110, 49, 22,
+    251, 196, 250, 218, 35, 197, 4, 77,
+    233, 119, 240, 219, 147, 46, 153, 186,
+    23, 54, 241, 187, 20, 205, 95, 193,
+    249, 24, 101, 90, 226, 92, 239, 33,
+    129, 28, 60, 66, 139, 1, 142, 79,
+    5, 132, 2, 174, 227, 106, 143, 160,
+    6, 11, 237, 152, 127, 212, 211, 31,
+    235, 52, 44, 81, 234, 200, 72, 171,
+    242, 42, 104, 162, 253, 58, 206, 204,
+    181, 112, 14, 86, 8, 12, 118, 18,
+    191, 114, 19, 71, 156, 183, 93, 135,
+    21, 161, 150, 41, 16, 123, 154, 199,
+    243, 145, 120, 111, 157, 158, 178, 177,
+    50, 117, 25, 61, 255, 53, 138, 126,
+    109, 84, 198, 128, 195, 189, 13, 87,
+    223, 245, 36, 169, 62, 168, 67, 201,
+    215, 121, 214, 246, 124, 34, 185, 3,
+    224, 15, 236, 222, 122, 148, 176, 188,
+    220, 232, 40, 80, 78, 51, 10, 74,
+    167, 151, 96, 115, 30, 0, 98, 68,
+    26, 184, 56, 130, 100, 159, 38, 65,
+    173, 69, 70, 146, 39, 94, 85, 47,
+    140, 163, 165, 125, 105, 213, 149, 59,
+    7, 88, 179, 64, 134, 172, 29, 247,
+    48, 55, 107, 228, 136, 217, 231, 137,
+    225, 27, 131, 73, 76, 63, 248, 254,
+    141, 83, 170, 144, 202, 216, 133, 97,
+    32, 113, 103, 164, 45, 43, 9, 91,
+    203, 155, 37, 208, 190, 229, 108, 82,
+    89, 166, 116, 210, 230, 244, 180, 192,
+    209, 102, 175, 194, 57, 75, 99, 182
+};
diff --git a/gosthash2012_precalc.h b/gosthash2012_precalc.h
new file mode 100644 (file)
index 0000000..55e9e20
--- /dev/null
@@ -0,0 +1,1411 @@
+/*
+ * Precalculation of matrix A multiplication.
+ *
+ * Copyright (c) 2013 Cryptocom LTD.
+ * This file is distributed under the same license as OpenSSL.
+ *
+ * Author: Alexey Degtyarev <alexey@renatasystems.org>
+ *
+ */
+
+#ifndef __GOST3411_BIG_ENDIAN__
+ALIGN(16)
+static const unsigned long long Ax[8][256] = {
+    {
+     0xd01f715b5c7ef8e6ULL, 0x16fa240980778325ULL, 0xa8a42e857ee049c8ULL,
+     0x6ac1068fa186465bULL, 0x6e417bd7a2e9320bULL, 0x665c8167a437daabULL,
+     0x7666681aa89617f6ULL, 0x4b959163700bdcf5ULL, 0xf14be6b78df36248ULL,
+     0xc585bd689a625cffULL, 0x9557d7fca67d82cbULL, 0x89f0b969af6dd366ULL,
+     0xb0833d48749f6c35ULL, 0xa1998c23b1ecbc7cULL, 0x8d70c431ac02a736ULL,
+     0xd6dfbc2fd0a8b69eULL, 0x37aeb3e551fa198bULL, 0x0b7d128a40b5cf9cULL,
+     0x5a8f2008b5780cbcULL, 0xedec882284e333e5ULL, 0xd25fc177d3c7c2ceULL,
+     0x5e0f5d50b61778ecULL, 0x1d873683c0c24cb9ULL, 0xad040bcbb45d208cULL,
+     0x2f89a0285b853c76ULL, 0x5732fff6791b8d58ULL, 0x3e9311439ef6ec3fULL,
+     0xc9183a809fd3c00fULL, 0x83adf3f5260a01eeULL, 0xa6791941f4e8ef10ULL,
+     0x103ae97d0ca1cd5dULL, 0x2ce948121dee1b4aULL, 0x39738421dbf2bf53ULL,
+     0x093da2a6cf0cf5b4ULL, 0xcd9847d89cbcb45fULL, 0xf9561c078b2d8ae8ULL,
+     0x9c6a755a6971777fULL, 0xbc1ebaa0712ef0c5ULL, 0x72e61542abf963a6ULL,
+     0x78bb5fde229eb12eULL, 0x14ba94250fceb90dULL, 0x844d6697630e5282ULL,
+     0x98ea08026a1e032fULL, 0xf06bbea144217f5cULL, 0xdb6263d11ccb377aULL,
+     0x641c314b2b8ee083ULL, 0x320e96ab9b4770cfULL, 0x1ee7deb986a96b85ULL,
+     0xe96cf57a878c47b5ULL, 0xfdd6615f8842feb8ULL, 0xc83862965601dd1bULL,
+     0x2ea9f83e92572162ULL, 0xf876441142ff97fcULL, 0xeb2c455608357d9dULL,
+     0x5612a7e0b0c9904cULL, 0x6c01cbfb2d500823ULL, 0x4548a6a7fa037a2dULL,
+     0xabc4c6bf388b6ef4ULL, 0xbade77d4fdf8bebdULL, 0x799b07c8eb4cac3aULL,
+     0x0c9d87e805b19cf0ULL, 0xcb588aac106afa27ULL, 0xea0c1d40c1e76089ULL,
+     0x2869354a1e816f1aULL, 0xff96d17307fbc490ULL, 0x9f0a9d602f1a5043ULL,
+     0x96373fc6e016a5f7ULL, 0x5292dab8b3a6e41cULL, 0x9b8ae0382c752413ULL,
+     0x4f15ec3b7364a8a5ULL, 0x3fb349555724f12bULL, 0xc7c50d4415db66d7ULL,
+     0x92b7429ee379d1a7ULL, 0xd37f99611a15dfdaULL, 0x231427c05e34a086ULL,
+     0xa439a96d7b51d538ULL, 0xb403401077f01865ULL, 0xdda2aea5901d7902ULL,
+     0x0a5d4a9c8967d288ULL, 0xc265280adf660f93ULL, 0x8bb0094520d4e94eULL,
+     0x2a29856691385532ULL, 0x42a833c5bf072941ULL, 0x73c64d54622b7eb2ULL,
+     0x07e095624504536cULL, 0x8a905153e906f45aULL, 0x6f6123c16b3b2f1fULL,
+     0xc6e55552dc097bc3ULL, 0x4468feb133d16739ULL, 0xe211e7f0c7398829ULL,
+     0xa2f96419f7879b40ULL, 0x19074bdbc3ad38e9ULL, 0xf4ebc3f9474e0b0cULL,
+     0x43886bd376d53455ULL, 0xd8028beb5aa01046ULL, 0x51f23282f5cdc320ULL,
+     0xe7b1c2be0d84e16dULL, 0x081dfab006dee8a0ULL, 0x3b33340d544b857bULL,
+     0x7f5bcabc679ae242ULL, 0x0edd37c48a08a6d8ULL, 0x81ed43d9a9b33bc6ULL,
+     0xb1a3655ebd4d7121ULL, 0x69a1eeb5e7ed6167ULL, 0xf6ab73d5c8f73124ULL,
+     0x1a67a3e185c61fd5ULL, 0x2dc91004d43c065eULL, 0x0240b02c8fb93a28ULL,
+     0x90f7f2b26cc0eb8fULL, 0x3cd3a16f114fd617ULL, 0xaae49ea9f15973e0ULL,
+     0x06c0cd748cd64e78ULL, 0xda423bc7d5192a6eULL, 0xc345701c16b41287ULL,
+     0x6d2193ede4821537ULL, 0xfcf639494190e3acULL, 0x7c3b228621f1c57eULL,
+     0xfb16ac2b0494b0c0ULL, 0xbf7e529a3745d7f9ULL, 0x6881b6a32e3f7c73ULL,
+     0xca78d2bad9b8e733ULL, 0xbbfe2fc2342aa3a9ULL, 0x0dbddffecc6381e4ULL,
+     0x70a6a56e2440598eULL, 0xe4d12a844befc651ULL, 0x8c509c2765d0ba22ULL,
+     0xee8c6018c28814d9ULL, 0x17da7c1f49a59e31ULL, 0x609c4c1328e194d3ULL,
+     0xb3e3d57232f44b09ULL, 0x91d7aaa4a512f69bULL, 0x0ffd6fd243dabbccULL,
+     0x50d26a943c1fde34ULL, 0x6be15e9968545b4fULL, 0x94778fea6faf9fdfULL,
+     0x2b09dd7058ea4826ULL, 0x677cd9716de5c7bfULL, 0x49d5214fffb2e6ddULL,
+     0x0360e83a466b273cULL, 0x1fc786af4f7b7691ULL, 0xa0b9d435783ea168ULL,
+     0xd49f0c035f118cb6ULL, 0x01205816c9d21d14ULL, 0xac2453dd7d8f3d98ULL,
+     0x545217cc3f70aa64ULL, 0x26b4028e9489c9c2ULL, 0xdec2469fd6765e3eULL,
+     0x04807d58036f7450ULL, 0xe5f17292823ddb45ULL, 0xf30b569b024a5860ULL,
+     0x62dcfc3fa758aefbULL, 0xe84cad6c4e5e5aa1ULL, 0xccb81fce556ea94bULL,
+     0x53b282ae7a74f908ULL, 0x1b47fbf74c1402c1ULL, 0x368eebf39828049fULL,
+     0x7afbeff2ad278b06ULL, 0xbe5e0a8cfe97caedULL, 0xcfd8f7f413058e77ULL,
+     0xf78b2bc301252c30ULL, 0x4d555c17fcdd928dULL, 0x5f2f05467fc565f8ULL,
+     0x24f4b2a21b30f3eaULL, 0x860dd6bbecb768aaULL, 0x4c750401350f8f99ULL,
+     0x0000000000000000ULL, 0xecccd0344d312ef1ULL, 0xb5231806be220571ULL,
+     0xc105c030990d28afULL, 0x653c695de25cfd97ULL, 0x159acc33c61ca419ULL,
+     0xb89ec7f872418495ULL, 0xa9847693b73254dcULL, 0x58cf90243ac13694ULL,
+     0x59efc832f3132b80ULL, 0x5c4fed7c39ae42c4ULL, 0x828dabe3efd81cfaULL,
+     0xd13f294d95ace5f2ULL, 0x7d1b7a90e823d86aULL, 0xb643f03cf849224dULL,
+     0x3df3f979d89dcb03ULL, 0x7426d836272f2ddeULL, 0xdfe21e891fa4432aULL,
+     0x3a136c1b9d99986fULL, 0xfa36f43dcd46add4ULL, 0xc025982650df35bbULL,
+     0x856d3e81aadc4f96ULL, 0xc4a5e57e53b041ebULL, 0x4708168b75ba4005ULL,
+     0xaf44bbe73be41aa4ULL, 0x971767d029c4b8e3ULL, 0xb9be9feebb939981ULL,
+     0x215497ecd18d9aaeULL, 0x316e7e91dd2c57f3ULL, 0xcef8afe2dad79363ULL,
+     0x3853dc371220a247ULL, 0x35ee03c9de4323a3ULL, 0xe6919aa8c456fc79ULL,
+     0xe05157dc4880b201ULL, 0x7bdbb7e464f59612ULL, 0x127a59518318f775ULL,
+     0x332ecebd52956ddbULL, 0x8f30741d23bb9d1eULL, 0xd922d3fd93720d52ULL,
+     0x7746300c61440ae2ULL, 0x25d4eab4d2e2eefeULL, 0x75068020eefd30caULL,
+     0x135a01474acaea61ULL, 0x304e268714fe4ae7ULL, 0xa519f17bb283c82cULL,
+     0xdc82f6b359cf6416ULL, 0x5baf781e7caa11a8ULL, 0xb2c38d64fb26561dULL,
+     0x34ce5bdf17913eb7ULL, 0x5d6fb56af07c5fd0ULL, 0x182713cd0a7f25fdULL,
+     0x9e2ac576e6c84d57ULL, 0x9aaab82ee5a73907ULL, 0xa3d93c0f3e558654ULL,
+     0x7e7b92aaae48ff56ULL, 0x872d8ead256575beULL, 0x41c8dbfff96c0e7dULL,
+     0x99ca5014a3cc1e3bULL, 0x40e883e930be1369ULL, 0x1ca76e95091051adULL,
+     0x4e35b42dbab6b5b1ULL, 0x05a0254ecabd6944ULL, 0xe1710fca8152af15ULL,
+     0xf22b0e8dcb984574ULL, 0xb763a82a319b3f59ULL, 0x63fca4296e8ab3efULL,
+     0x9d4a2d4ca0a36a6bULL, 0xe331bfe60eeb953dULL, 0xd5bf541596c391a2ULL,
+     0xf5cb9bef8e9c1618ULL, 0x46284e9dbc685d11ULL, 0x2074cffa185f87baULL,
+     0xbd3ee2b6b8fcedd1ULL, 0xae64e3f1f23607b0ULL, 0xfeb68965ce29d984ULL,
+     0x55724fdaf6a2b770ULL, 0x29496d5cd753720eULL, 0xa75941573d3af204ULL,
+     0x8e102c0bea69800aULL, 0x111ab16bc573d049ULL, 0xd7ffe439197aab8aULL,
+     0xefac380e0b5a09cdULL, 0x48f579593660fbc9ULL, 0x22347fd697e6bd92ULL,
+     0x61bc1405e13389c7ULL, 0x4ab5c975b9d9c1e1ULL, 0x80cd1bcf606126d2ULL,
+     0x7186fd78ed92449aULL, 0x93971a882aabccb3ULL, 0x88d0e17f66bfce72ULL,
+     0x27945a985d5bd4d6ULL},
+    {
+     0xde553f8c05a811c8ULL, 0x1906b59631b4f565ULL, 0x436e70d6b1964ff7ULL,
+     0x36d343cb8b1e9d85ULL, 0x843dfacc858aab5aULL, 0xfdfc95c299bfc7f9ULL,
+     0x0f634bdea1d51fa2ULL, 0x6d458b3b76efb3cdULL, 0x85c3f77cf8593f80ULL,
+     0x3c91315fbe737cb2ULL, 0x2148b03366ace398ULL, 0x18f8b8264c6761bfULL,
+     0xc830c1c495c9fb0fULL, 0x981a76102086a0aaULL, 0xaa16012142f35760ULL,
+     0x35cc54060c763cf6ULL, 0x42907d66cc45db2dULL, 0x8203d44b965af4bcULL,
+     0x3d6f3cefc3a0e868ULL, 0xbc73ff69d292bda7ULL, 0x8722ed0102e20a29ULL,
+     0x8f8185e8cd34deb7ULL, 0x9b0561dda7ee01d9ULL, 0x5335a0193227fad6ULL,
+     0xc9cecc74e81a6fd5ULL, 0x54f5832e5c2431eaULL, 0x99e47ba05d553470ULL,
+     0xf7bee756acd226ceULL, 0x384e05a5571816fdULL, 0xd1367452a47d0e6aULL,
+     0xf29fde1c386ad85bULL, 0x320c77316275f7caULL, 0xd0c879e2d9ae9ab0ULL,
+     0xdb7406c69110ef5dULL, 0x45505e51a2461011ULL, 0xfc029872e46c5323ULL,
+     0xfa3cb6f5f7bc0cc5ULL, 0x031f17cd8768a173ULL, 0xbd8df2d9af41297dULL,
+     0x9d3b4f5ab43e5e3fULL, 0x4071671b36feee84ULL, 0x716207e7d3e3b83dULL,
+     0x48d20ff2f9283a1aULL, 0x27769eb4757cbc7eULL, 0x5c56ebc793f2e574ULL,
+     0xa48b474f9ef5dc18ULL, 0x52cbada94ff46e0cULL, 0x60c7da982d8199c6ULL,
+     0x0e9d466edc068b78ULL, 0x4eec2175eaf865fcULL, 0x550b8e9e21f7a530ULL,
+     0x6b7ba5bc653fec2bULL, 0x5eb7f1ba6949d0ddULL, 0x57ea94e3db4c9099ULL,
+     0xf640eae6d101b214ULL, 0xdd4a284182c0b0bbULL, 0xff1d8fbf6304f250ULL,
+     0xb8accb933bf9d7e8ULL, 0xe8867c478eb68c4dULL, 0x3f8e2692391bddc1ULL,
+     0xcb2fd60912a15a7cULL, 0xaec935dbab983d2fULL, 0xf55ffd2b56691367ULL,
+     0x80e2ce366ce1c115ULL, 0x179bf3f8edb27e1dULL, 0x01fe0db07dd394daULL,
+     0xda8a0b76ecc37b87ULL, 0x44ae53e1df9584cbULL, 0xb310b4b77347a205ULL,
+     0xdfab323c787b8512ULL, 0x3b511268d070b78eULL, 0x65e6e3d2b9396753ULL,
+     0x6864b271e2574d58ULL, 0x259784c98fc789d7ULL, 0x02e11a7dfabb35a9ULL,
+     0x8841a6dfa337158bULL, 0x7ade78c39b5dcdd0ULL, 0xb7cf804d9a2cc84aULL,
+     0x20b6bd831b7f7742ULL, 0x75bd331d3a88d272ULL, 0x418f6aab4b2d7a5eULL,
+     0xd9951cbb6babdaf4ULL, 0xb6318dfde7ff5c90ULL, 0x1f389b112264aa83ULL,
+     0x492c024284fbaec0ULL, 0xe33a0363c608f9a0ULL, 0x2688930408af28a4ULL,
+     0xc7538a1a341ce4adULL, 0x5da8e677ee2171aeULL, 0x8c9e92254a5c7fc4ULL,
+     0x63d8cd55aae938b5ULL, 0x29ebd8daa97a3706ULL, 0x959827b37be88aa1ULL,
+     0x1484e4356adadf6eULL, 0xa7945082199d7d6bULL, 0xbf6ce8a455fa1cd4ULL,
+     0x9cc542eac9edcae5ULL, 0x79c16f0e1c356ca3ULL, 0x89bfab6fdee48151ULL,
+     0xd4174d1830c5f0ffULL, 0x9258048415eb419dULL, 0x6139d72850520d1cULL,
+     0x6a85a80c18ec78f1ULL, 0xcd11f88e0171059aULL, 0xcceff53e7ca29140ULL,
+     0xd229639f2315af19ULL, 0x90b91ef9ef507434ULL, 0x5977d28d074a1be1ULL,
+     0x311360fce51d56b9ULL, 0xc093a92d5a1f2f91ULL, 0x1a19a25bb6dc5416ULL,
+     0xeb996b8a09de2d3eULL, 0xfee3820f1ed7668aULL, 0xd7085ad5b7ad518cULL,
+     0x7fff41890fe53345ULL, 0xec5948bd67dde602ULL, 0x2fd5f65dbaaa68e0ULL,
+     0xa5754affe32648c2ULL, 0xf8ddac880d07396cULL, 0x6fa491468c548664ULL,
+     0x0c7c5c1326bdbed1ULL, 0x4a33158f03930fb3ULL, 0x699abfc19f84d982ULL,
+     0xe4fa2054a80b329cULL, 0x6707f9af438252faULL, 0x08a368e9cfd6d49eULL,
+     0x47b1442c58fd25b8ULL, 0xbbb3dc5ebc91769bULL, 0x1665fe489061eac7ULL,
+     0x33f27a811fa66310ULL, 0x93a609346838d547ULL, 0x30ed6d4c98cec263ULL,
+     0x1dd9816cd8df9f2aULL, 0x94662a03063b1e7bULL, 0x83fdd9fbeb896066ULL,
+     0x7b207573e68e590aULL, 0x5f49fc0a149a4407ULL, 0x343259b671a5a82cULL,
+     0xfbc2bb458a6f981fULL, 0xc272b350a0a41a38ULL, 0x3aaf1fd8ada32354ULL,
+     0x6cbb868b0b3c2717ULL, 0xa2b569c88d2583feULL, 0xf180c9d1bf027928ULL,
+     0xaf37386bd64ba9f5ULL, 0x12bacab2790a8088ULL, 0x4c0d3b0810435055ULL,
+     0xb2eeb9070e9436dfULL, 0xc5b29067cea7d104ULL, 0xdcb425f1ff132461ULL,
+     0x4f122cc5972bf126ULL, 0xac282fa651230886ULL, 0xe7e537992f6393efULL,
+     0xe61b3a2952b00735ULL, 0x709c0a57ae302ce7ULL, 0xe02514ae416058d3ULL,
+     0xc44c9dd7b37445deULL, 0x5a68c5408022ba92ULL, 0x1c278cdca50c0bf0ULL,
+     0x6e5a9cf6f18712beULL, 0x86dce0b17f319ef3ULL, 0x2d34ec2040115d49ULL,
+     0x4bcd183f7e409b69ULL, 0x2815d56ad4a9a3dcULL, 0x24698979f2141d0dULL,
+     0x0000000000000000ULL, 0x1ec696a15fb73e59ULL, 0xd86b110b16784e2eULL,
+     0x8e7f8858b0e74a6dULL, 0x063e2e8713d05fe6ULL, 0xe2c40ed3bbdb6d7aULL,
+     0xb1f1aeca89fc97acULL, 0xe1db191e3cb3cc09ULL, 0x6418ee62c4eaf389ULL,
+     0xc6ad87aa49cf7077ULL, 0xd6f65765ca7ec556ULL, 0x9afb6c6dda3d9503ULL,
+     0x7ce05644888d9236ULL, 0x8d609f95378feb1eULL, 0x23a9aa4e9c17d631ULL,
+     0x6226c0e5d73aac6fULL, 0x56149953a69f0443ULL, 0xeeb852c09d66d3abULL,
+     0x2b0ac2a753c102afULL, 0x07c023376e03cb3cULL, 0x2ccae1903dc2c993ULL,
+     0xd3d76e2f5ec63bc3ULL, 0x9e2458973356ff4cULL, 0xa66a5d32644ee9b1ULL,
+     0x0a427294356de137ULL, 0x783f62be61e6f879ULL, 0x1344c70204d91452ULL,
+     0x5b96c8f0fdf12e48ULL, 0xa90916ecc59bf613ULL, 0xbe92e5142829880eULL,
+     0x727d102a548b194eULL, 0x1be7afebcb0fc0ccULL, 0x3e702b2244c8491bULL,
+     0xd5e940a84d166425ULL, 0x66f9f41f3e51c620ULL, 0xabe80c913f20c3baULL,
+     0xf07ec461c2d1edf2ULL, 0xf361d3ac45b94c81ULL, 0x0521394a94b8fe95ULL,
+     0xadd622162cf09c5cULL, 0xe97871f7f3651897ULL, 0xf4a1f09b2bba87bdULL,
+     0x095d6559b2054044ULL, 0x0bbc7f2448be75edULL, 0x2af4cf172e129675ULL,
+     0x157ae98517094bb4ULL, 0x9fda55274e856b96ULL, 0x914713499283e0eeULL,
+     0xb952c623462a4332ULL, 0x74433ead475b46a8ULL, 0x8b5eb112245fb4f8ULL,
+     0xa34b6478f0f61724ULL, 0x11a5dd7ffe6221fbULL, 0xc16da49d27ccbb4bULL,
+     0x76a224d0bde07301ULL, 0x8aa0bca2598c2022ULL, 0x4df336b86d90c48fULL,
+     0xea67663a740db9e4ULL, 0xef465f70e0b54771ULL, 0x39b008152acb8227ULL,
+     0x7d1e5bf4f55e06ecULL, 0x105bd0cf83b1b521ULL, 0x775c2960c033e7dbULL,
+     0x7e014c397236a79fULL, 0x811cc386113255cfULL, 0xeda7450d1a0e72d8ULL,
+     0x5889df3d7a998f3bULL, 0x2e2bfbedc779fc3aULL, 0xce0eef438619a4e9ULL,
+     0x372d4e7bf6cd095fULL, 0x04df34fae96b6a4fULL, 0xf923a13870d4adb6ULL,
+     0xa1aa7e050a4d228dULL, 0xa8f71b5cb84862c9ULL, 0xb52e9a306097fde3ULL,
+     0x0d8251a35b6e2a0bULL, 0x2257a7fee1c442ebULL, 0x73831d9a29588d94ULL,
+     0x51d4ba64c89ccf7fULL, 0x502ab7d4b54f5ba5ULL, 0x97793dce8153bf08ULL,
+     0xe5042de4d5d8a646ULL, 0x9687307efc802bd2ULL, 0xa05473b5779eb657ULL,
+     0xb4d097801d446939ULL, 0xcff0e2f3fbca3033ULL, 0xc38cbee0dd778ee2ULL,
+     0x464f499c252eb162ULL, 0xcad1dbb96f72cea6ULL, 0xba4dd1eec142e241ULL,
+     0xb00fa37af42f0376ULL},
+    {
+     0xcce4cd3aa968b245ULL, 0x089d5484e80b7fafULL, 0x638246c1b3548304ULL,
+     0xd2fe0ec8c2355492ULL, 0xa7fbdf7ff2374eeeULL, 0x4df1600c92337a16ULL,
+     0x84e503ea523b12fbULL, 0x0790bbfd53ab0c4aULL, 0x198a780f38f6ea9dULL,
+     0x2ab30c8f55ec48cbULL, 0xe0f7fed6b2c49db5ULL, 0xb6ecf3f422cadbdcULL,
+     0x409c9a541358df11ULL, 0xd3ce8a56dfde3fe3ULL, 0xc3e9224312c8c1a0ULL,
+     0x0d6dfa58816ba507ULL, 0xddf3e1b179952777ULL, 0x04c02a42748bb1d9ULL,
+     0x94c2abff9f2decb8ULL, 0x4f91752da8f8acf4ULL, 0x78682befb169bf7bULL,
+     0xe1c77a48af2ff6c4ULL, 0x0c5d7ec69c80ce76ULL, 0x4cc1e4928fd81167ULL,
+     0xfeed3d24d9997b62ULL, 0x518bb6dfc3a54a23ULL, 0x6dbf2d26151f9b90ULL,
+     0xb5bc624b05ea664fULL, 0xe86aaa525acfe21aULL, 0x4801ced0fb53a0beULL,
+     0xc91463e6c00868edULL, 0x1027a815cd16fe43ULL, 0xf67069a0319204cdULL,
+     0xb04ccc976c8abce7ULL, 0xc0b9b3fc35e87c33ULL, 0xf380c77c58f2de65ULL,
+     0x50bb3241de4e2152ULL, 0xdf93f490435ef195ULL, 0xf1e0d25d62390887ULL,
+     0xaf668bfb1a3c3141ULL, 0xbc11b251f00a7291ULL, 0x73a5eed47e427d47ULL,
+     0x25bee3f6ee4c3b2eULL, 0x43cc0beb34786282ULL, 0xc824e778dde3039cULL,
+     0xf97d86d98a327728ULL, 0xf2b043e24519b514ULL, 0xe297ebf7880f4b57ULL,
+     0x3a94a49a98fab688ULL, 0x868516cb68f0c419ULL, 0xeffa11af0964ee50ULL,
+     0xa4ab4ec0d517f37dULL, 0xa9c6b498547c567aULL, 0x8e18424f80fbbbb6ULL,
+     0x0bcdc53bcf2bc23cULL, 0x137739aaea3643d0ULL, 0x2c1333ec1bac2ff0ULL,
+     0x8d48d3f0a7db0625ULL, 0x1e1ac3f26b5de6d7ULL, 0xf520f81f16b2b95eULL,
+     0x9f0f6ec450062e84ULL, 0x0130849e1deb6b71ULL, 0xd45e31ab8c7533a9ULL,
+     0x652279a2fd14e43fULL, 0x3209f01e70f1c927ULL, 0xbe71a770cac1a473ULL,
+     0x0e3d6be7a64b1894ULL, 0x7ec8148cff29d840ULL, 0xcb7476c7fac3be0fULL,
+     0x72956a4a63a91636ULL, 0x37f95ec21991138fULL, 0x9e3fea5a4ded45f5ULL,
+     0x7b38ba50964902e8ULL, 0x222e580bbde73764ULL, 0x61e253e0899f55e6ULL,
+     0xfc8d2805e352ad80ULL, 0x35994be3235ac56dULL, 0x09add01af5e014deULL,
+     0x5e8659a6780539c6ULL, 0xb17c48097161d796ULL, 0x026015213acbd6e2ULL,
+     0xd1ae9f77e515e901ULL, 0xb7dc776a3f21b0adULL, 0xaba6a1b96eb78098ULL,
+     0x9bcf4486248d9f5dULL, 0x582666c536455efdULL, 0xfdbdac9bfeb9c6f1ULL,
+     0xc47999be4163cdeaULL, 0x765540081722a7efULL, 0x3e548ed8ec710751ULL,
+     0x3d041f67cb51bac2ULL, 0x7958af71ac82d40aULL, 0x36c9da5c047a78feULL,
+     0xed9a048e33af38b2ULL, 0x26ee7249c96c86bdULL, 0x900281bdeba65d61ULL,
+     0x11172c8bd0fd9532ULL, 0xea0abf73600434f8ULL, 0x42fc8f75299309f3ULL,
+     0x34a9cf7d3eb1ae1cULL, 0x2b838811480723baULL, 0x5ce64c8742ceef24ULL,
+     0x1adae9b01fd6570eULL, 0x3c349bf9d6bad1b3ULL, 0x82453c891c7b75c0ULL,
+     0x97923a40b80d512bULL, 0x4a61dbf1c198765cULL, 0xb48ce6d518010d3eULL,
+     0xcfb45c858e480fd6ULL, 0xd933cbf30d1e96aeULL, 0xd70ea014ab558e3aULL,
+     0xc189376228031742ULL, 0x9262949cd16d8b83ULL, 0xeb3a3bed7def5f89ULL,
+     0x49314a4ee6b8cbcfULL, 0xdcc3652f647e4c06ULL, 0xda635a4c2a3e2b3dULL,
+     0x470c21a940f3d35bULL, 0x315961a157d174b4ULL, 0x6672e81dda3459acULL,
+     0x5b76f77a1165e36eULL, 0x445cb01667d36ec8ULL, 0xc5491d205c88a69bULL,
+     0x456c34887a3805b9ULL, 0xffddb9bac4721013ULL, 0x99af51a71e4649bfULL,
+     0xa15be01cbc7729d5ULL, 0x52db2760e485f7b0ULL, 0x8c78576eba306d54ULL,
+     0xae560f6507d75a30ULL, 0x95f22f6182c687c9ULL, 0x71c5fbf54489aba5ULL,
+     0xca44f259e728d57eULL, 0x88b87d2ccebbdc8dULL, 0xbab18d32be4a15aaULL,
+     0x8be8ec93e99b611eULL, 0x17b713e89ebdf209ULL, 0xb31c5d284baa0174ULL,
+     0xeeca9531148f8521ULL, 0xb8d198138481c348ULL, 0x8988f9b2d350b7fcULL,
+     0xb9e11c8d996aa839ULL, 0x5a4673e40c8e881fULL, 0x1687977683569978ULL,
+     0xbf4123eed72acf02ULL, 0x4ea1f1b3b513c785ULL, 0xe767452be16f91ffULL,
+     0x7505d1b730021a7cULL, 0xa59bca5ec8fc980cULL, 0xad069eda20f7e7a3ULL,
+     0x38f4b1bba231606aULL, 0x60d2d77e94743e97ULL, 0x9affc0183966f42cULL,
+     0x248e6768f3a7505fULL, 0xcdd449a4b483d934ULL, 0x87b59255751baf68ULL,
+     0x1bea6d2e023d3c7fULL, 0x6b1f12455b5ffcabULL, 0x743555292de9710dULL,
+     0xd8034f6d10f5fddfULL, 0xc6198c9f7ba81b08ULL, 0xbb8109aca3a17edbULL,
+     0xfa2d1766ad12cabbULL, 0xc729080166437079ULL, 0x9c5fff7b77269317ULL,
+     0x0000000000000000ULL, 0x15d706c9a47624ebULL, 0x6fdf38072fd44d72ULL,
+     0x5fb6dd3865ee52b7ULL, 0xa33bf53d86bcff37ULL, 0xe657c1b5fc84fa8eULL,
+     0xaa962527735cebe9ULL, 0x39c43525bfda0b1bULL, 0x204e4d2a872ce186ULL,
+     0x7a083ece8ba26999ULL, 0x554b9c9db72efbfaULL, 0xb22cd9b656416a05ULL,
+     0x96a2bedea5e63a5aULL, 0x802529a826b0a322ULL, 0x8115ad363b5bc853ULL,
+     0x8375b81701901eb1ULL, 0x3069e53f4a3a1fc5ULL, 0xbd2136cfede119e0ULL,
+     0x18bafc91251d81ecULL, 0x1d4a524d4c7d5b44ULL, 0x05f0aedc6960daa8ULL,
+     0x29e39d3072ccf558ULL, 0x70f57f6b5962c0d4ULL, 0x989fd53903ad22ceULL,
+     0xf84d024797d91c59ULL, 0x547b1803aac5908bULL, 0xf0d056c37fd263f6ULL,
+     0xd56eb535919e58d8ULL, 0x1c7ad6d351963035ULL, 0x2e7326cd2167f912ULL,
+     0xac361a443d1c8cd2ULL, 0x697f076461942a49ULL, 0x4b515f6fdc731d2dULL,
+     0x8ad8680df4700a6fULL, 0x41ac1eca0eb3b460ULL, 0x7d988533d80965d3ULL,
+     0xa8f6300649973d0bULL, 0x7765c4960ac9cc9eULL, 0x7ca801adc5e20ea2ULL,
+     0xdea3700e5eb59ae4ULL, 0xa06b6482a19c42a4ULL, 0x6a2f96db46b497daULL,
+     0x27def6d7d487edccULL, 0x463ca5375d18b82aULL, 0xa6cb5be1efdc259fULL,
+     0x53eba3fef96e9cc1ULL, 0xce84d81b93a364a7ULL, 0xf4107c810b59d22fULL,
+     0x333974806d1aa256ULL, 0x0f0def79bba073e5ULL, 0x231edc95a00c5c15ULL,
+     0xe437d494c64f2c6cULL, 0x91320523f64d3610ULL, 0x67426c83c7df32ddULL,
+     0x6eefbc99323f2603ULL, 0x9d6f7be56acdf866ULL, 0x5916e25b2bae358cULL,
+     0x7ff89012e2c2b331ULL, 0x035091bf2720bd93ULL, 0x561b0d22900e4669ULL,
+     0x28d319ae6f279e29ULL, 0x2f43a2533c8c9263ULL, 0xd09e1be9f8fe8270ULL,
+     0xf740ed3e2c796fbcULL, 0xdb53ded237d5404cULL, 0x62b2c25faebfe875ULL,
+     0x0afd41a5d2c0a94dULL, 0x6412fd3ce0ff8f4eULL, 0xe3a76f6995e42026ULL,
+     0x6c8fa9b808f4f0e1ULL, 0xc2d9a6dd0f23aad1ULL, 0x8f28c6d19d10d0c7ULL,
+     0x85d587744fd0798aULL, 0xa20b71a39b579446ULL, 0x684f83fa7c7f4138ULL,
+     0xe507500adba4471dULL, 0x3f640a46f19a6c20ULL, 0x1247bd34f7dd28a1ULL,
+     0x2d23b77206474481ULL, 0x93521002cc86e0f2ULL, 0x572b89bc8de52d18ULL,
+     0xfb1d93f8b0f9a1caULL, 0xe95a2ecc4724896bULL, 0x3ba420048511ddf9ULL,
+     0xd63e248ab6bee54bULL, 0x5dd6c8195f258455ULL, 0x06a03f634e40673bULL,
+     0x1f2a476c76b68da6ULL, 0x217ec9b49ac78af7ULL, 0xecaa80102e4453c3ULL,
+     0x14e78257b99d4f9aULL},
+    {
+     0x20329b2cc87bba05ULL, 0x4f5eb6f86546a531ULL, 0xd4f44775f751b6b1ULL,
+     0x8266a47b850dfa8bULL, 0xbb986aa15a6ca985ULL, 0xc979eb08f9ae0f99ULL,
+     0x2da6f447a2375ea1ULL, 0x1e74275dcd7d8576ULL, 0xbc20180a800bc5f8ULL,
+     0xb4a2f701b2dc65beULL, 0xe726946f981b6d66ULL, 0x48e6c453bf21c94cULL,
+     0x42cad9930f0a4195ULL, 0xefa47b64aacccd20ULL, 0x71180a8960409a42ULL,
+     0x8bb3329bf6a44e0cULL, 0xd34c35de2d36daccULL, 0xa92f5b7cbc23dc96ULL,
+     0xb31a85aa68bb09c3ULL, 0x13e04836a73161d2ULL, 0xb24dfc4129c51d02ULL,
+     0x8ae44b70b7da5acdULL, 0xe671ed84d96579a7ULL, 0xa4bb3417d66f3832ULL,
+     0x4572ab38d56d2de8ULL, 0xb1b47761ea47215cULL, 0xe81c09cf70aba15dULL,
+     0xffbdb872ce7f90acULL, 0xa8782297fd5dc857ULL, 0x0d946f6b6a4ce4a4ULL,
+     0xe4df1f4f5b995138ULL, 0x9ebc71edca8c5762ULL, 0x0a2c1dc0b02b88d9ULL,
+     0x3b503c115d9d7b91ULL, 0xc64376a8111ec3a2ULL, 0xcec199a323c963e4ULL,
+     0xdc76a87ec58616f7ULL, 0x09d596e073a9b487ULL, 0x14583a9d7d560dafULL,
+     0xf4c6dc593f2a0cb4ULL, 0xdd21d19584f80236ULL, 0x4a4836983ddde1d3ULL,
+     0xe58866a41ae745f9ULL, 0xf591a5b27e541875ULL, 0x891dc05074586693ULL,
+     0x5b068c651810a89eULL, 0xa30346bc0c08544fULL, 0x3dbf3751c684032dULL,
+     0x2a1e86ec785032dcULL, 0xf73f5779fca830eaULL, 0xb60c05ca30204d21ULL,
+     0x0cc316802b32f065ULL, 0x8770241bdd96be69ULL, 0xb861e18199ee95dbULL,
+     0xf805cad91418fcd1ULL, 0x29e70dccbbd20e82ULL, 0xc7140f435060d763ULL,
+     0x0f3a9da0e8b0cc3bULL, 0xa2543f574d76408eULL, 0xbd7761e1c175d139ULL,
+     0x4b1f4f737ca3f512ULL, 0x6dc2df1f2fc137abULL, 0xf1d05c3967b14856ULL,
+     0xa742bf3715ed046cULL, 0x654030141d1697edULL, 0x07b872abda676c7dULL,
+     0x3ce84eba87fa17ecULL, 0xc1fb0403cb79afdfULL, 0x3e46bc7105063f73ULL,
+     0x278ae987121cd678ULL, 0xa1adb4778ef47cd0ULL, 0x26dd906c5362c2b9ULL,
+     0x05168060589b44e2ULL, 0xfbfc41f9d79ac08fULL, 0x0e6de44ba9ced8faULL,
+     0x9feb08068bf243a3ULL, 0x7b341749d06b129bULL, 0x229c69e74a87929aULL,
+     0xe09ee6c4427c011bULL, 0x5692e30e725c4c3aULL, 0xda99a33e5e9f6e4bULL,
+     0x353dd85af453a36bULL, 0x25241b4c90e0fee7ULL, 0x5de987258309d022ULL,
+     0xe230140fc0802984ULL, 0x93281e86a0c0b3c6ULL, 0xf229d719a4337408ULL,
+     0x6f6c2dd4ad3d1f34ULL, 0x8ea5b2fbae3f0aeeULL, 0x8331dd90c473ee4aULL,
+     0x346aa1b1b52db7aaULL, 0xdf8f235e06042aa9ULL, 0xcc6f6b68a1354b7bULL,
+     0x6c95a6f46ebf236aULL, 0x52d31a856bb91c19ULL, 0x1a35ded6d498d555ULL,
+     0xf37eaef2e54d60c9ULL, 0x72e181a9a3c2a61cULL, 0x98537aad51952fdeULL,
+     0x16f6c856ffaa2530ULL, 0xd960281e9d1d5215ULL, 0x3a0745fa1ce36f50ULL,
+     0x0b7b642bf1559c18ULL, 0x59a87eae9aec8001ULL, 0x5e100c05408bec7cULL,
+     0x0441f98b19e55023ULL, 0xd70dcc5534d38aefULL, 0x927f676de1bea707ULL,
+     0x9769e70db925e3e5ULL, 0x7a636ea29115065aULL, 0x468b201816ef11b6ULL,
+     0xab81a9b73edff409ULL, 0xc0ac7de88a07bb1eULL, 0x1f235eb68c0391b7ULL,
+     0x6056b074458dd30fULL, 0xbe8eeac102f7ed67ULL, 0xcd381283e04b5fbaULL,
+     0x5cbefecec277c4e3ULL, 0xd21b4c356c48ce0dULL, 0x1019c31664b35d8cULL,
+     0x247362a7d19eea26ULL, 0xebe582efb3299d03ULL, 0x02aef2cb82fc289fULL,
+     0x86275df09ce8aaa8ULL, 0x28b07427faac1a43ULL, 0x38a9b7319e1f47cfULL,
+     0xc82e92e3b8d01b58ULL, 0x06ef0b409b1978bcULL, 0x62f842bfc771fb90ULL,
+     0x9904034610eb3b1fULL, 0xded85ab5477a3e68ULL, 0x90d195a663428f98ULL,
+     0x5384636e2ac708d8ULL, 0xcbd719c37b522706ULL, 0xae9729d76644b0ebULL,
+     0x7c8c65e20a0c7ee6ULL, 0x80c856b007f1d214ULL, 0x8c0b40302cc32271ULL,
+     0xdbcedad51fe17a8aULL, 0x740e8ae938dbdea0ULL, 0xa615c6dc549310adULL,
+     0x19cc55f6171ae90bULL, 0x49b1bdb8fe5fdd8dULL, 0xed0a89af2830e5bfULL,
+     0x6a7aadb4f5a65bd6ULL, 0x7e22972988f05679ULL, 0xf952b3325566e810ULL,
+     0x39fecedadf61530eULL, 0x6101c99f04f3c7ceULL, 0x2e5f7f6761b562ffULL,
+     0xf08725d226cf5c97ULL, 0x63af3b54860fef51ULL, 0x8ff2cb10ef411e2fULL,
+     0x884ab9bb35267252ULL, 0x4df04433e7ba8daeULL, 0x9afd8866d3690741ULL,
+     0x66b9bb34de94abb3ULL, 0x9baaf18d92171380ULL, 0x543c11c5f0a064a5ULL,
+     0x17a1b1bdbed431f1ULL, 0xb5f58eeaf3a2717fULL, 0xc355f6c849858740ULL,
+     0xec5df044694ef17eULL, 0xd83751f5dc6346d4ULL, 0xfc4433520dfdacf2ULL,
+     0x0000000000000000ULL, 0x5a51f58e596ebc5fULL, 0x3285aaf12e34cf16ULL,
+     0x8d5c39db6dbd36b0ULL, 0x12b731dde64f7513ULL, 0x94906c2d7aa7dfbbULL,
+     0x302b583aacc8e789ULL, 0x9d45facd090e6b3cULL, 0x2165e2c78905aec4ULL,
+     0x68d45f7f775a7349ULL, 0x189b2c1d5664fdcaULL, 0xe1c99f2f030215daULL,
+     0x6983269436246788ULL, 0x8489af3b1e148237ULL, 0xe94b702431d5b59cULL,
+     0x33d2d31a6f4adbd7ULL, 0xbfd9932a4389f9a6ULL, 0xb0e30e8aab39359dULL,
+     0xd1e2c715afcaf253ULL, 0x150f43763c28196eULL, 0xc4ed846393e2eb3dULL,
+     0x03f98b20c3823c5eULL, 0xfd134ab94c83b833ULL, 0x556b682eb1de7064ULL,
+     0x36c4537a37d19f35ULL, 0x7559f30279a5ca61ULL, 0x799ae58252973a04ULL,
+     0x9c12832648707ffdULL, 0x78cd9c6913e92ec5ULL, 0x1d8dac7d0effb928ULL,
+     0x439da0784e745554ULL, 0x413352b3cc887dcbULL, 0xbacf134a1b12bd44ULL,
+     0x114ebafd25cd494dULL, 0x2f08068c20cb763eULL, 0x76a07822ba27f63fULL,
+     0xeab2fb04f25789c2ULL, 0xe3676de481fe3d45ULL, 0x1b62a73d95e6c194ULL,
+     0x641749ff5c68832cULL, 0xa5ec4dfc97112cf3ULL, 0xf6682e92bdd6242bULL,
+     0x3f11c59a44782bb2ULL, 0x317c21d1edb6f348ULL, 0xd65ab5be75ad9e2eULL,
+     0x6b2dd45fb4d84f17ULL, 0xfaab381296e4d44eULL, 0xd0b5befeeeb4e692ULL,
+     0x0882ef0b32d7a046ULL, 0x512a91a5a83b2047ULL, 0x963e9ee6f85bf724ULL,
+     0x4e09cf132438b1f0ULL, 0x77f701c9fb59e2feULL, 0x7ddb1c094b726a27ULL,
+     0x5f4775ee01f5f8bdULL, 0x9186ec4d223c9b59ULL, 0xfeeac1998f01846dULL,
+     0xac39db1ce4b89874ULL, 0xb75b7c21715e59e0ULL, 0xafc0503c273aa42aULL,
+     0x6e3b543fec430bf5ULL, 0x704f7362213e8e83ULL, 0x58ff0745db9294c0ULL,
+     0x67eec2df9feabf72ULL, 0xa0facd9ccf8a6811ULL, 0xb936986ad890811aULL,
+     0x95c715c63bd9cb7aULL, 0xca8060283a2c33c7ULL, 0x507de84ee9453486ULL,
+     0x85ded6d05f6a96f6ULL, 0x1cdad5964f81ade9ULL, 0xd5a33e9eb62fa270ULL,
+     0x40642b588df6690aULL, 0x7f75eec2c98e42b8ULL, 0x2cf18dace3494a60ULL,
+     0x23cb100c0bf9865bULL, 0xeef3028febb2d9e1ULL, 0x4425d2d394133929ULL,
+     0xaad6d05c7fa1e0c8ULL, 0xad6ea2f7a5c68cb5ULL, 0xc2028f2308fb9381ULL,
+     0x819f2f5b468fc6d5ULL, 0xc5bafd88d29cfffcULL, 0x47dc59f357910577ULL,
+     0x2b49ff07392e261dULL, 0x57c59ae5332258fbULL, 0x73b6f842e2bcb2ddULL,
+     0xcf96e04862b77725ULL, 0x4ca73dd8a6c4996fULL, 0x015779eb417e14c1ULL,
+     0x37932a9176af8bf4ULL},
+    {
+     0x190a2c9b249df23eULL, 0x2f62f8b62263e1e9ULL, 0x7a7f754740993655ULL,
+     0x330b7ba4d5564d9fULL, 0x4c17a16a46672582ULL, 0xb22f08eb7d05f5b8ULL,
+     0x535f47f40bc148ccULL, 0x3aec5d27d4883037ULL, 0x10ed0a1825438f96ULL,
+     0x516101f72c233d17ULL, 0x13cc6f949fd04eaeULL, 0x739853c441474bfdULL,
+     0x653793d90d3f5b1bULL, 0x5240647b96b0fc2fULL, 0x0c84890ad27623e0ULL,
+     0xd7189b32703aaea3ULL, 0x2685de3523bd9c41ULL, 0x99317c5b11bffefaULL,
+     0x0d9baa854f079703ULL, 0x70b93648fbd48ac5ULL, 0xa80441fce30bc6beULL,
+     0x7287704bdc36ff1eULL, 0xb65384ed33dc1f13ULL, 0xd36417343ee34408ULL,
+     0x39cd38ab6e1bf10fULL, 0x5ab861770a1f3564ULL, 0x0ebacf09f594563bULL,
+     0xd04572b884708530ULL, 0x3cae9722bdb3af47ULL, 0x4a556b6f2f5cbaf2ULL,
+     0xe1704f1f76c4bd74ULL, 0x5ec4ed7144c6dfcfULL, 0x16afc01d4c7810e6ULL,
+     0x283f113cd629ca7aULL, 0xaf59a8761741ed2dULL, 0xeed5a3991e215facULL,
+     0x3bf37ea849f984d4ULL, 0xe413e096a56ce33cULL, 0x2c439d3a98f020d1ULL,
+     0x637559dc6404c46bULL, 0x9e6c95d1e5f5d569ULL, 0x24bb9836045fe99aULL,
+     0x44efa466dac8ecc9ULL, 0xc6eab2a5c80895d6ULL, 0x803b50c035220cc4ULL,
+     0x0321658cba93c138ULL, 0x8f9ebc465dc7ee1cULL, 0xd15a5137190131d3ULL,
+     0x0fa5ec8668e5e2d8ULL, 0x91c979578d1037b1ULL, 0x0642ca05693b9f70ULL,
+     0xefca80168350eb4fULL, 0x38d21b24f36a45ecULL, 0xbeab81e1af73d658ULL,
+     0x8cbfd9cae7542f24ULL, 0xfd19cc0d81f11102ULL, 0x0ac6430fbb4dbc90ULL,
+     0x1d76a09d6a441895ULL, 0x2a01573ff1cbbfa1ULL, 0xb572e161894fde2bULL,
+     0x8124734fa853b827ULL, 0x614b1fdf43e6b1b0ULL, 0x68ac395c4238cc18ULL,
+     0x21d837bfd7f7b7d2ULL, 0x20c714304a860331ULL, 0x5cfaab726324aa14ULL,
+     0x74c5ba4eb50d606eULL, 0xf3a3030474654739ULL, 0x23e671bcf015c209ULL,
+     0x45f087e947b9582aULL, 0xd8bd77b418df4c7bULL, 0xe06f6c90ebb50997ULL,
+     0x0bd96080263c0873ULL, 0x7e03f9410e40dcfeULL, 0xb8e94be4c6484928ULL,
+     0xfb5b0608e8ca8e72ULL, 0x1a2b49179e0e3306ULL, 0x4e29e76961855059ULL,
+     0x4f36c4e6fcf4e4baULL, 0x49740ee395cf7bcaULL, 0xc2963ea386d17f7dULL,
+     0x90d65ad810618352ULL, 0x12d34c1b02a1fa4dULL, 0xfa44258775bb3a91ULL,
+     0x18150f14b9ec46ddULL, 0x1491861e6b9a653dULL, 0x9a1019d7ab2c3fc2ULL,
+     0x3668d42d06fe13d7ULL, 0xdcc1fbb25606a6d0ULL, 0x969490dd795a1c22ULL,
+     0x3549b1a1bc6dd2efULL, 0xc94f5e23a0ed770eULL, 0xb9f6686b5b39fdcbULL,
+     0xc4d4f4a6efeae00dULL, 0xe732851a1fff2204ULL, 0x94aad6de5eb869f9ULL,
+     0x3f8ff2ae07206e7fULL, 0xfe38a9813b62d03aULL, 0xa7a1ad7a8bee2466ULL,
+     0x7b6056c8dde882b6ULL, 0x302a1e286fc58ca7ULL, 0x8da0fa457a259bc7ULL,
+     0xb3302b64e074415bULL, 0x5402ae7eff8b635fULL, 0x08f8050c9cafc94bULL,
+     0xae468bf98a3059ceULL, 0x88c355cca98dc58fULL, 0xb10e6d67c7963480ULL,
+     0xbad70de7e1aa3cf3ULL, 0xbfb4a26e320262bbULL, 0xcb711820870f02d5ULL,
+     0xce12b7a954a75c9dULL, 0x563ce87dd8691684ULL, 0x9f73b65e7884618aULL,
+     0x2b1e74b06cba0b42ULL, 0x47cec1ea605b2df1ULL, 0x1c698312f735ac76ULL,
+     0x5fdbcefed9b76b2cULL, 0x831a354c8fb1cdfcULL, 0x820516c312c0791fULL,
+     0xb74ca762aeadabf0ULL, 0xfc06ef821c80a5e1ULL, 0x5723cbf24518a267ULL,
+     0x9d4df05d5f661451ULL, 0x588627742dfd40bfULL, 0xda8331b73f3d39a0ULL,
+     0x17b0e392d109a405ULL, 0xf965400bcf28fba9ULL, 0x7c3dbf4229a2a925ULL,
+     0x023e460327e275dbULL, 0x6cd0b55a0ce126b3ULL, 0xe62da695828e96e7ULL,
+     0x42ad6e63b3f373b9ULL, 0xe50cc319381d57dfULL, 0xc5cbd729729b54eeULL,
+     0x46d1e265fd2a9912ULL, 0x6428b056904eeff8ULL, 0x8be23040131e04b7ULL,
+     0x6709d5da2add2ec0ULL, 0x075de98af44a2b93ULL, 0x8447dcc67bfbe66fULL,
+     0x6616f655b7ac9a23ULL, 0xd607b8bded4b1a40ULL, 0x0563af89d3a85e48ULL,
+     0x3db1b4ad20c21ba4ULL, 0x11f22997b8323b75ULL, 0x292032b34b587e99ULL,
+     0x7f1cdace9331681dULL, 0x8e819fc9c0b65affULL, 0xa1e3677fe2d5bb16ULL,
+     0xcd33d225ee349da5ULL, 0xd9a2543b85aef898ULL, 0x795e10cbfa0af76dULL,
+     0x25a4bbb9992e5d79ULL, 0x78413344677b438eULL, 0xf0826688cef68601ULL,
+     0xd27b34bba392f0ebULL, 0x551d8df162fad7bcULL, 0x1e57c511d0d7d9adULL,
+     0xdeffbdb171e4d30bULL, 0xf4feea8e802f6caaULL, 0xa480c8f6317de55eULL,
+     0xa0fc44f07fa40ff5ULL, 0x95b5f551c3c9dd1aULL, 0x22f952336d6476eaULL,
+     0x0000000000000000ULL, 0xa6be8ef5169f9085ULL, 0xcc2cf1aa73452946ULL,
+     0x2e7ddb39bf12550aULL, 0xd526dd3157d8db78ULL, 0x486b2d6c08becf29ULL,
+     0x9b0f3a58365d8b21ULL, 0xac78cdfaadd22c15ULL, 0xbc95c7e28891a383ULL,
+     0x6a927f5f65dab9c3ULL, 0xc3891d2c1ba0cb9eULL, 0xeaa92f9f50f8b507ULL,
+     0xcf0d9426c9d6e87eULL, 0xca6e3baf1a7eb636ULL, 0xab25247059980786ULL,
+     0x69b31ad3df4978fbULL, 0xe2512a93cc577c4cULL, 0xff278a0ea61364d9ULL,
+     0x71a615c766a53e26ULL, 0x89dc764334fc716cULL, 0xf87a638452594f4aULL,
+     0xf2bc208be914f3daULL, 0x8766b94ac1682757ULL, 0xbbc82e687cdb8810ULL,
+     0x626a7a53f9757088ULL, 0xa2c202f358467a2eULL, 0x4d0882e5db169161ULL,
+     0x09e7268301de7da8ULL, 0xe897699c771ac0dcULL, 0xc8507dac3d9cc3edULL,
+     0xc0a878a0a1330aa6ULL, 0x978bb352e42ba8c1ULL, 0xe9884a13ea6b743fULL,
+     0x279afdbabecc28a2ULL, 0x047c8c064ed9eaabULL, 0x507e2278b15289f4ULL,
+     0x599904fbb08cf45cULL, 0xbd8ae46d15e01760ULL, 0x31353da7f2b43844ULL,
+     0x8558ff49e68a528cULL, 0x76fbfc4d92ef15b5ULL, 0x3456922e211c660cULL,
+     0x86799ac55c1993b4ULL, 0x3e90d1219a51da9cULL, 0x2d5cbeb505819432ULL,
+     0x982e5fd48cce4a19ULL, 0xdb9c1238a24c8d43ULL, 0xd439febecaa96f9bULL,
+     0x418c0bef0960b281ULL, 0x158ea591f6ebd1deULL, 0x1f48e69e4da66d4eULL,
+     0x8afd13cf8e6fb054ULL, 0xf5e1c9011d5ed849ULL, 0xe34e091c5126c8afULL,
+     0xad67ee7530a398f6ULL, 0x43b24dec2e82c75aULL, 0x75da99c1287cd48dULL,
+     0x92e81cdb3783f689ULL, 0xa3dd217cc537cecdULL, 0x60543c50de970553ULL,
+     0x93f73f54aaf2426aULL, 0xa91b62737e7a725dULL, 0xf19d4507538732e2ULL,
+     0x77e4dfc20f9ea156ULL, 0x7d229ccdb4d31dc6ULL, 0x1b346a98037f87e5ULL,
+     0xedf4c615a4b29e94ULL, 0x4093286094110662ULL, 0xb0114ee85ae78063ULL,
+     0x6ff1d0d6b672e78bULL, 0x6dcf96d591909250ULL, 0xdfe09e3eec9567e8ULL,
+     0x3214582b4827f97cULL, 0xb46dc2ee143e6ac8ULL, 0xf6c0ac8da7cd1971ULL,
+     0xebb60c10cd8901e4ULL, 0xf7df8f023abcad92ULL, 0x9c52d3d2c217a0b2ULL,
+     0x6b8d5cd0f8ab0d20ULL, 0x3777f7a29b8fa734ULL, 0x011f238f9d71b4e3ULL,
+     0xc1b75b2f3c42be45ULL, 0x5de588fdfe551ef7ULL, 0x6eeef3592b035368ULL,
+     0xaa3a07ffc4e9b365ULL, 0xecebe59a39c32a77ULL, 0x5ba742f8976e8187ULL,
+     0x4b4a48e0b22d0e11ULL, 0xddded83dcb771233ULL, 0xa59feb79ac0c51bdULL,
+     0xc7f5912a55792135ULL},
+    {
+     0x6d6ae04668a9b08aULL, 0x3ab3f04b0be8c743ULL, 0xe51e166b54b3c908ULL,
+     0xbe90a9eb35c2f139ULL, 0xb2c7066637f2bec1ULL, 0xaa6945613392202cULL,
+     0x9a28c36f3b5201ebULL, 0xddce5a93ab536994ULL, 0x0e34133ef6382827ULL,
+     0x52a02ba1ec55048bULL, 0xa2f88f97c4b2a177ULL, 0x8640e513ca2251a5ULL,
+     0xcdf1d36258137622ULL, 0xfe6cb708dedf8ddbULL, 0x8a174a9ec8121e5dULL,
+     0x679896036b81560eULL, 0x59ed033395795feeULL, 0x1dd778ab8b74edafULL,
+     0xee533ef92d9f926dULL, 0x2a8c79baf8a8d8f5ULL, 0x6bcf398e69b119f6ULL,
+     0xe20491742fafdd95ULL, 0x276488e0809c2aecULL, 0xea955b82d88f5cceULL,
+     0x7102c63a99d9e0c4ULL, 0xf9763017a5c39946ULL, 0x429fa2501f151b3dULL,
+     0x4659c72bea05d59eULL, 0x984b7fdccf5a6634ULL, 0xf742232953fbb161ULL,
+     0x3041860e08c021c7ULL, 0x747bfd9616cd9386ULL, 0x4bb1367192312787ULL,
+     0x1b72a1638a6c44d3ULL, 0x4a0e68a6e8359a66ULL, 0x169a5039f258b6caULL,
+     0xb98a2ef44edee5a4ULL, 0xd9083fe85e43a737ULL, 0x967f6ce239624e13ULL,
+     0x8874f62d3c1a7982ULL, 0x3c1629830af06e3fULL, 0x9165ebfd427e5a8eULL,
+     0xb5dd81794ceeaa5cULL, 0x0de8f15a7834f219ULL, 0x70bd98ede3dd5d25ULL,
+     0xaccc9ca9328a8950ULL, 0x56664eda1945ca28ULL, 0x221db34c0f8859aeULL,
+     0x26dbd637fa98970dULL, 0x1acdffb4f068f932ULL, 0x4585254f64090fa0ULL,
+     0x72de245e17d53afaULL, 0x1546b25d7c546cf4ULL, 0x207e0ffffb803e71ULL,
+     0xfaaad2732bcf4378ULL, 0xb462dfae36ea17bdULL, 0xcf926fd1ac1b11fdULL,
+     0xe0672dc7dba7ba4aULL, 0xd3fa49ad5d6b41b3ULL, 0x8ba81449b216a3bcULL,
+     0x14f9ec8a0650d115ULL, 0x40fc1ee3eb1d7ce2ULL, 0x23a2ed9b758ce44fULL,
+     0x782c521b14fddc7eULL, 0x1c68267cf170504eULL, 0xbcf31558c1ca96e6ULL,
+     0xa781b43b4ba6d235ULL, 0xf6fd7dfe29ff0c80ULL, 0xb0a4bad5c3fad91eULL,
+     0xd199f51ea963266cULL, 0x414340349119c103ULL, 0x5405f269ed4dadf7ULL,
+     0xabd61bb649969dcdULL, 0x6813dbeae7bdc3c8ULL, 0x65fb2ab09f8931d1ULL,
+     0xf1e7fae152e3181dULL, 0xc1a67cef5a2339daULL, 0x7a4feea8e0f5bba1ULL,
+     0x1e0b9acf05783791ULL, 0x5b8ebf8061713831ULL, 0x80e53cdbcb3af8d9ULL,
+     0x7e898bd315e57502ULL, 0xc6bcfbf0213f2d47ULL, 0x95a38e86b76e942dULL,
+     0x092e94218d243cbaULL, 0x8339debf453622e7ULL, 0xb11be402b9fe64ffULL,
+     0x57d9100d634177c9ULL, 0xcc4e8db52217cbc3ULL, 0x3b0cae9c71ec7aa2ULL,
+     0xfb158ca451cbfe99ULL, 0x2b33276d82ac6514ULL, 0x01bf5ed77a04bde1ULL,
+     0xc5601994af33f779ULL, 0x75c4a3416cc92e67ULL, 0xf3844652a6eb7fc2ULL,
+     0x3487e375fdd0ef64ULL, 0x18ae430704609eedULL, 0x4d14efb993298efbULL,
+     0x815a620cb13e4538ULL, 0x125c354207487869ULL, 0x9eeea614ce42cf48ULL,
+     0xce2d3106d61fac1cULL, 0xbbe99247bad6827bULL, 0x071a871f7b1c149dULL,
+     0x2e4a1cc10db81656ULL, 0x77a71ff298c149b8ULL, 0x06a5d9c80118a97cULL,
+     0xad73c27e488e34b1ULL, 0x443a7b981e0db241ULL, 0xe3bbcfa355ab6074ULL,
+     0x0af276450328e684ULL, 0x73617a896dd1871bULL, 0x58525de4ef7de20fULL,
+     0xb7be3dcab8e6cd83ULL, 0x19111dd07e64230cULL, 0x842359a03e2a367aULL,
+     0x103f89f1f3401fb6ULL, 0xdc710444d157d475ULL, 0xb835702334da5845ULL,
+     0x4320fc876511a6dcULL, 0xd026abc9d3679b8dULL, 0x17250eee885c0b2bULL,
+     0x90dab52a387ae76fULL, 0x31fed8d972c49c26ULL, 0x89cba8fa461ec463ULL,
+     0x2ff5421677bcabb7ULL, 0x396f122f85e41d7dULL, 0xa09b332430bac6a8ULL,
+     0xc888e8ced7070560ULL, 0xaeaf201ac682ee8fULL, 0x1180d7268944a257ULL,
+     0xf058a43628e7a5fcULL, 0xbd4c4b8fbbce2b07ULL, 0xa1246df34abe7b49ULL,
+     0x7d5569b79be9af3cULL, 0xa9b5a705bd9efa12ULL, 0xdb6b835baa4bc0e8ULL,
+     0x05793bac8f147342ULL, 0x21c1512881848390ULL, 0xfdb0556c50d357e5ULL,
+     0x613d4fcb6a99ff72ULL, 0x03dce2648e0cda3eULL, 0xe949b9e6568386f0ULL,
+     0xfc0f0bbb2ad7ea04ULL, 0x6a70675913b5a417ULL, 0x7f36d5046fe1c8e3ULL,
+     0x0c57af8d02304ff8ULL, 0x32223abdfcc84618ULL, 0x0891caf6f720815bULL,
+     0xa63eeaec31a26fd4ULL, 0x2507345374944d33ULL, 0x49d28ac266394058ULL,
+     0xf5219f9aa7f3d6beULL, 0x2d96fea583b4cc68ULL, 0x5a31e1571b7585d0ULL,
+     0x8ed12fe53d02d0feULL, 0xdfade6205f5b0e4bULL, 0x4cabb16ee92d331aULL,
+     0x04c6657bf510cea3ULL, 0xd73c2cd6a87b8f10ULL, 0xe1d87310a1a307abULL,
+     0x6cd5be9112ad0d6bULL, 0x97c032354366f3f2ULL, 0xd4e0ceb22677552eULL,
+     0x0000000000000000ULL, 0x29509bde76a402cbULL, 0xc27a9e8bd42fe3e4ULL,
+     0x5ef7842cee654b73ULL, 0xaf107ecdbc86536eULL, 0x3fcacbe784fcb401ULL,
+     0xd55f90655c73e8cfULL, 0xe6c2f40fdabf1336ULL, 0xe8f6e7312c873b11ULL,
+     0xeb2a0555a28be12fULL, 0xe4a148bc2eb774e9ULL, 0x9b979db84156bc0aULL,
+     0x6eb60222e6a56ab4ULL, 0x87ffbbc4b026ec44ULL, 0xc703a5275b3b90a6ULL,
+     0x47e699fc9001687fULL, 0x9c8d1aa73a4aa897ULL, 0x7cea3760e1ed12ddULL,
+     0x4ec80ddd1d2554c5ULL, 0x13e36b957d4cc588ULL, 0x5d2b66486069914dULL,
+     0x92b90999cc7280b0ULL, 0x517cc9c56259deb5ULL, 0xc937b619ad03b881ULL,
+     0xec30824ad997f5b2ULL, 0xa45d565fc5aa080bULL, 0xd6837201d27f32f1ULL,
+     0x635ef3789e9198adULL, 0x531f75769651b96aULL, 0x4f77530a6721e924ULL,
+     0x486dd4151c3dfdb9ULL, 0x5f48dafb9461f692ULL, 0x375b011173dc355aULL,
+     0x3da9775470f4d3deULL, 0x8d0dcd81b30e0ac0ULL, 0x36e45fc609d888bbULL,
+     0x55baacbe97491016ULL, 0x8cb29356c90ab721ULL, 0x76184125e2c5f459ULL,
+     0x99f4210bb55edbd5ULL, 0x6f095cf59ca1d755ULL, 0x9f51f8c3b44672a9ULL,
+     0x3538bda287d45285ULL, 0x50c39712185d6354ULL, 0xf23b1885dcefc223ULL,
+     0x79930ccc6ef9619fULL, 0xed8fdc9da3934853ULL, 0xcb540aaa590bdf5eULL,
+     0x5c94389f1a6d2cacULL, 0xe77daad8a0bbaed7ULL, 0x28efc5090ca0bf2aULL,
+     0xbf2ff73c4fc64cd8ULL, 0xb37858b14df60320ULL, 0xf8c96ec0dfc724a7ULL,
+     0x828680683f329f06ULL, 0x941cd051cd6a29ccULL, 0xc3c5c05cae2b5e05ULL,
+     0xb601631dc2e27062ULL, 0xc01922382027843bULL, 0x24b86a840e90f0d2ULL,
+     0xd245177a276ffc52ULL, 0x0f8b4de98c3c95c6ULL, 0x3e759530fef809e0ULL,
+     0x0b4d2892792c5b65ULL, 0xc4df4743d5374a98ULL, 0xa5e20888bfaeb5eaULL,
+     0xba56cc90c0d23f9aULL, 0x38d04cf8ffe0a09cULL, 0x62e1adafe495254cULL,
+     0x0263bcb3f40867dfULL, 0xcaeb547d230f62bfULL, 0x6082111c109d4293ULL,
+     0xdad4dd8cd04f7d09ULL, 0xefec602e579b2f8cULL, 0x1fb4c4187f7c8a70ULL,
+     0xffd3e9dfa4db303aULL, 0x7bf0b07f9af10640ULL, 0xf49ec14dddf76b5fULL,
+     0x8f6e713247066d1fULL, 0x339d646a86ccfbf9ULL, 0x64447467e58d8c30ULL,
+     0x2c29a072f9b07189ULL, 0xd8b7613f24471ad6ULL, 0x6627c8d41185ebefULL,
+     0xa347d140beb61c96ULL, 0xde12b8f7255fb3aaULL, 0x9d324470404e1576ULL,
+     0x9306574eb6763d51ULL, 0xa80af9d2c79a47f3ULL, 0x859c0777442e8b9bULL,
+     0x69ac853d9db97e29ULL},
+    {
+     0xc3407dfc2de6377eULL, 0x5b9e93eea4256f77ULL, 0xadb58fdd50c845e0ULL,
+     0x5219ff11a75bed86ULL, 0x356b61cfd90b1de9ULL, 0xfb8f406e25abe037ULL,
+     0x7a5a0231c0f60796ULL, 0x9d3cd216e1f5020bULL, 0x0c6550fb6b48d8f3ULL,
+     0xf57508c427ff1c62ULL, 0x4ad35ffa71cb407dULL, 0x6290a2da1666aa6dULL,
+     0xe284ec2349355f9fULL, 0xb3c307c53d7c84ecULL, 0x05e23c0468365a02ULL,
+     0x190bac4d6c9ebfa8ULL, 0x94bbbee9e28b80faULL, 0xa34fc777529cb9b5ULL,
+     0xcc7b39f095bcd978ULL, 0x2426addb0ce532e3ULL, 0x7e79329312ce4fc7ULL,
+     0xab09a72eebec2917ULL, 0xf8d15499f6b9d6c2ULL, 0x1a55b8babf8c895dULL,
+     0xdb8add17fb769a85ULL, 0xb57f2f368658e81bULL, 0x8acd36f18f3f41f6ULL,
+     0x5ce3b7bba50f11d3ULL, 0x114dcc14d5ee2f0aULL, 0xb91a7fcded1030e8ULL,
+     0x81d5425fe55de7a1ULL, 0xb6213bc1554adeeeULL, 0x80144ef95f53f5f2ULL,
+     0x1e7688186db4c10cULL, 0x3b912965db5fe1bcULL, 0xc281715a97e8252dULL,
+     0x54a5d7e21c7f8171ULL, 0x4b12535ccbc5522eULL, 0x1d289cefbea6f7f9ULL,
+     0x6ef5f2217d2e729eULL, 0xe6a7dc819b0d17ceULL, 0x1b94b41c05829b0eULL,
+     0x33d7493c622f711eULL, 0xdcf7f942fa5ce421ULL, 0x600fba8b7f7a8ecbULL,
+     0x46b60f011a83988eULL, 0x235b898e0dcf4c47ULL, 0x957ab24f588592a9ULL,
+     0x4354330572b5c28cULL, 0xa5f3ef84e9b8d542ULL, 0x8c711e02341b2d01ULL,
+     0x0b1874ae6a62a657ULL, 0x1213d8e306fc19ffULL, 0xfe6d7c6a4d9dba35ULL,
+     0x65ed868f174cd4c9ULL, 0x88522ea0e6236550ULL, 0x899322065c2d7703ULL,
+     0xc01e690bfef4018bULL, 0x915982ed8abddaf8ULL, 0xbe675b98ec3a4e4cULL,
+     0xa996bf7f82f00db1ULL, 0xe1daf8d49a27696aULL, 0x2effd5d3dc8986e7ULL,
+     0xd153a51f2b1a2e81ULL, 0x18caa0ebd690adfbULL, 0x390e3134b243c51aULL,
+     0x2778b92cdff70416ULL, 0x029f1851691c24a6ULL, 0x5e7cafeacc133575ULL,
+     0xfa4e4cc89fa5f264ULL, 0x5a5f9f481e2b7d24ULL, 0x484c47ab18d764dbULL,
+     0x400a27f2a1a7f479ULL, 0xaeeb9b2a83da7315ULL, 0x721c626879869734ULL,
+     0x042330a2d2384851ULL, 0x85f672fd3765aff0ULL, 0xba446b3a3e02061dULL,
+     0x73dd6ecec3888567ULL, 0xffac70ccf793a866ULL, 0xdfa9edb5294ed2d4ULL,
+     0x6c6aea7014325638ULL, 0x834a5a0e8c41c307ULL, 0xcdba35562fb2cb2bULL,
+     0x0ad97808d06cb404ULL, 0x0f3b440cb85aee06ULL, 0xe5f9c876481f213bULL,
+     0x98deee1289c35809ULL, 0x59018bbfcd394bd1ULL, 0xe01bf47220297b39ULL,
+     0xde68e1139340c087ULL, 0x9fa3ca4788e926adULL, 0xbb85679c840c144eULL,
+     0x53d8f3b71d55ffd5ULL, 0x0da45c5dd146caa0ULL, 0x6f34fe87c72060cdULL,
+     0x57fbc315cf6db784ULL, 0xcee421a1fca0fddeULL, 0x3d2d0196607b8d4bULL,
+     0x642c8a29ad42c69aULL, 0x14aff010bdd87508ULL, 0xac74837beac657b3ULL,
+     0x3216459ad821634dULL, 0x3fb219c70967a9edULL, 0x06bc28f3bb246cf7ULL,
+     0xf2082c9126d562c6ULL, 0x66b39278c45ee23cULL, 0xbd394f6f3f2878b9ULL,
+     0xfd33689d9e8f8cc0ULL, 0x37f4799eb017394fULL, 0x108cc0b26fe03d59ULL,
+     0xda4bd1b1417888d6ULL, 0xb09d1332ee6eb219ULL, 0x2f3ed975668794b4ULL,
+     0x58c0871977375982ULL, 0x7561463d78ace990ULL, 0x09876cff037e82f1ULL,
+     0x7fb83e35a8c05d94ULL, 0x26b9b58a65f91645ULL, 0xef20b07e9873953fULL,
+     0x3148516d0b3355b8ULL, 0x41cb2b541ba9e62aULL, 0x790416c613e43163ULL,
+     0xa011d380818e8f40ULL, 0x3a5025c36151f3efULL, 0xd57095bdf92266d0ULL,
+     0x498d4b0da2d97688ULL, 0x8b0c3a57353153a5ULL, 0x21c491df64d368e1ULL,
+     0x8f2f0af5e7091bf4ULL, 0x2da1c1240f9bb012ULL, 0xc43d59a92ccc49daULL,
+     0xbfa6573e56345c1fULL, 0x828b56a8364fd154ULL, 0x9a41f643e0df7cafULL,
+     0xbcf843c985266aeaULL, 0x2b1de9d7b4bfdce5ULL, 0x20059d79dedd7ab2ULL,
+     0x6dabe6d6ae3c446bULL, 0x45e81bf6c991ae7bULL, 0x6351ae7cac68b83eULL,
+     0xa432e32253b6c711ULL, 0xd092a9b991143cd2ULL, 0xcac711032e98b58fULL,
+     0xd8d4c9e02864ac70ULL, 0xc5fc550f96c25b89ULL, 0xd7ef8dec903e4276ULL,
+     0x67729ede7e50f06fULL, 0xeac28c7af045cf3dULL, 0xb15c1f945460a04aULL,
+     0x9cfddeb05bfb1058ULL, 0x93c69abce3a1fe5eULL, 0xeb0380dc4a4bdd6eULL,
+     0xd20db1e8f8081874ULL, 0x229a8528b7c15e14ULL, 0x44291750739fbc28ULL,
+     0xd3ccbd4e42060a27ULL, 0xf62b1c33f4ed2a97ULL, 0x86a8660ae4779905ULL,
+     0xd62e814a2a305025ULL, 0x477703a7a08d8addULL, 0x7b9b0e977af815c5ULL,
+     0x78c51a60a9ea2330ULL, 0xa6adfb733aaae3b7ULL, 0x97e5aa1e3199b60fULL,
+     0x0000000000000000ULL, 0xf4b404629df10e31ULL, 0x5564db44a6719322ULL,
+     0x9207961a59afec0dULL, 0x9624a6b88b97a45cULL, 0x363575380a192b1cULL,
+     0x2c60cd82b595a241ULL, 0x7d272664c1dc7932ULL, 0x7142769faa94a1c1ULL,
+     0xa1d0df263b809d13ULL, 0x1630e841d4c451aeULL, 0xc1df65ad44fa13d8ULL,
+     0x13d2d445bcf20bacULL, 0xd915c546926abe23ULL, 0x38cf3d92084dd749ULL,
+     0xe766d0272103059dULL, 0xc7634d5effde7f2fULL, 0x077d2455012a7ea4ULL,
+     0xedbfa82ff16fb199ULL, 0xaf2a978c39d46146ULL, 0x42953fa3c8bbd0dfULL,
+     0xcb061da59496a7dcULL, 0x25e7a17db6eb20b0ULL, 0x34aa6d6963050fbaULL,
+     0xa76cf7d580a4f1e4ULL, 0xf7ea10954ee338c4ULL, 0xfcf2643b24819e93ULL,
+     0xcf252d0746aeef8dULL, 0x4ef06f58a3f3082cULL, 0x563acfb37563a5d7ULL,
+     0x5086e740ce47c920ULL, 0x2982f186dda3f843ULL, 0x87696aac5e798b56ULL,
+     0x5d22bb1d1f010380ULL, 0x035e14f7d31236f5ULL, 0x3cec0d30da759f18ULL,
+     0xf3c920379cdb7095ULL, 0xb8db736b571e22bbULL, 0xdd36f5e44052f672ULL,
+     0xaac8ab8851e23b44ULL, 0xa857b3d938fe1fe2ULL, 0x17f1e4e76eca43fdULL,
+     0xec7ea4894b61a3caULL, 0x9e62c6e132e734feULL, 0xd4b1991b432c7483ULL,
+     0x6ad6c283af163acfULL, 0x1ce9904904a8e5aaULL, 0x5fbda34c761d2726ULL,
+     0xf910583f4cb7c491ULL, 0xc6a241f845d06d7cULL, 0x4f3163fe19fd1a7fULL,
+     0xe99c988d2357f9c8ULL, 0x8eee06535d0709a7ULL, 0x0efa48aa0254fc55ULL,
+     0xb4be23903c56fa48ULL, 0x763f52caabbedf65ULL, 0xeee1bcd8227d876cULL,
+     0xe345e085f33b4dccULL, 0x3e731561b369bbbeULL, 0x2843fd2067adea10ULL,
+     0x2adce5710eb1ceb6ULL, 0xb7e03767ef44ccbdULL, 0x8db012a48e153f52ULL,
+     0x61ceb62dc5749c98ULL, 0xe85d942b9959eb9bULL, 0x4c6f7709caef2c8aULL,
+     0x84377e5b8d6bbda3ULL, 0x30895dcbb13d47ebULL, 0x74a04a9bc2a2fbc3ULL,
+     0x6b17ce251518289cULL, 0xe438c4d0f2113368ULL, 0x1fb784bed7bad35fULL,
+     0x9b80fae55ad16efcULL, 0x77fe5e6c11b0cd36ULL, 0xc858095247849129ULL,
+     0x08466059b97090a2ULL, 0x01c10ca6ba0e1253ULL, 0x6988d6747c040c3aULL,
+     0x6849dad2c60a1e69ULL, 0x5147ebe67449db73ULL, 0xc99905f4fd8a837aULL,
+     0x991fe2b433cd4a5aULL, 0xf09734c04fc94660ULL, 0xa28ecbd1e892abe6ULL,
+     0xf1563866f5c75433ULL, 0x4dae7baf70e13ed9ULL, 0x7ce62ac27bd26b61ULL,
+     0x70837a39109ab392ULL, 0x90988e4b30b3c8abULL, 0xb2020b63877296bfULL,
+     0x156efcb607d6675bULL},
+    {
+     0xe63f55ce97c331d0ULL, 0x25b506b0015bba16ULL, 0xc8706e29e6ad9ba8ULL,
+     0x5b43d3775d521f6aULL, 0x0bfa3d577035106eULL, 0xab95fc172afb0e66ULL,
+     0xf64b63979e7a3276ULL, 0xf58b4562649dad4bULL, 0x48f7c3dbae0c83f1ULL,
+     0xff31916642f5c8c5ULL, 0xcbb048dc1c4a0495ULL, 0x66b8f83cdf622989ULL,
+     0x35c130e908e2b9b0ULL, 0x7c761a61f0b34fa1ULL, 0x3601161cf205268dULL,
+     0x9e54ccfe2219b7d6ULL, 0x8b7d90a538940837ULL, 0x9cd403588ea35d0bULL,
+     0xbc3c6fea9ccc5b5aULL, 0xe5ff733b6d24aeedULL, 0xceed22de0f7eb8d2ULL,
+     0xec8581cab1ab545eULL, 0xb96105e88ff8e71dULL, 0x8ca03501871a5eadULL,
+     0x76ccce65d6db2a2fULL, 0x5883f582a7b58057ULL, 0x3f7be4ed2e8adc3eULL,
+     0x0fe7be06355cd9c9ULL, 0xee054e6c1d11be83ULL, 0x1074365909b903a6ULL,
+     0x5dde9f80b4813c10ULL, 0x4a770c7d02b6692cULL, 0x5379c8d5d7809039ULL,
+     0xb4067448161ed409ULL, 0x5f5e5026183bd6cdULL, 0xe898029bf4c29df9ULL,
+     0x7fb63c940a54d09cULL, 0xc5171f897f4ba8bcULL, 0xa6f28db7b31d3d72ULL,
+     0x2e4f3be7716eaa78ULL, 0x0d6771a099e63314ULL, 0x82076254e41bf284ULL,
+     0x2f0fd2b42733df98ULL, 0x5c9e76d3e2dc49f0ULL, 0x7aeb569619606cdbULL,
+     0x83478b07b2468764ULL, 0xcfadcb8d5923cd32ULL, 0x85dac7f05b95a41eULL,
+     0xb5469d1b4043a1e9ULL, 0xb821ecbbd9a592fdULL, 0x1b8e0b0e798c13c8ULL,
+     0x62a57b6d9a0be02eULL, 0xfcf1b793b81257f8ULL, 0x9d94ea0bd8fe28ebULL,
+     0x4cea408aeb654a56ULL, 0x23284a47e888996cULL, 0x2d8f1d128b893545ULL,
+     0xf4cbac3132c0d8abULL, 0xbd7c86b9ca912ebaULL, 0x3a268eef3dbe6079ULL,
+     0xf0d62f6077a9110cULL, 0x2735c916ade150cbULL, 0x89fd5f03942ee2eaULL,
+     0x1acee25d2fd16628ULL, 0x90f39bab41181bffULL, 0x430dfe8cde39939fULL,
+     0xf70b8ac4c8274796ULL, 0x1c53aeaac6024552ULL, 0x13b410acf35e9c9bULL,
+     0xa532ab4249faa24fULL, 0x2b1251e5625a163fULL, 0xd7e3e676da4841c7ULL,
+     0xa7b264e4e5404892ULL, 0xda8497d643ae72d3ULL, 0x861ae105a1723b23ULL,
+     0x38a6414991048aa4ULL, 0x6578dec92585b6b4ULL, 0x0280cfa6acbaeaddULL,
+     0x88bdb650c273970aULL, 0x9333bd5ebbff84c2ULL, 0x4e6a8f2c47dfa08bULL,
+     0x321c954db76cef2aULL, 0x418d312a72837942ULL, 0xb29b38bfffcdf773ULL,
+     0x6c022c38f90a4c07ULL, 0x5a033a240b0f6a8aULL, 0x1f93885f3ce5da6fULL,
+     0xc38a537e96988bc6ULL, 0x39e6a81ac759ff44ULL, 0x29929e43cee0fce2ULL,
+     0x40cdd87924de0ca2ULL, 0xe9d8ebc8a29fe819ULL, 0x0c2798f3cfbb46f4ULL,
+     0x55e484223e53b343ULL, 0x4650948ecd0d2fd8ULL, 0x20e86cb2126f0651ULL,
+     0x6d42c56baf5739e7ULL, 0xa06fc1405ace1e08ULL, 0x7babbfc54f3d193bULL,
+     0x424d17df8864e67fULL, 0xd8045870ef14980eULL, 0xc6d7397c85ac3781ULL,
+     0x21a885e1443273b1ULL, 0x67f8116f893f5c69ULL, 0x24f5efe35706cff6ULL,
+     0xd56329d076f2ab1aULL, 0x5e1eb9754e66a32dULL, 0x28d2771098bd8902ULL,
+     0x8f6013f47dfdc190ULL, 0x17a993fdb637553cULL, 0xe0a219397e1012aaULL,
+     0x786b9930b5da8606ULL, 0x6e82e39e55b0a6daULL, 0x875a0856f72f4ec3ULL,
+     0x3741ff4fa458536dULL, 0xac4859b3957558fcULL, 0x7ef6d5c75c09a57cULL,
+     0xc04a758b6c7f14fbULL, 0xf9acdd91ab26ebbfULL, 0x7391a467c5ef9668ULL,
+     0x335c7c1ee1319acaULL, 0xa91533b18641e4bbULL, 0xe4bf9a683b79db0dULL,
+     0x8e20faa72ba0b470ULL, 0x51f907737b3a7ae4ULL, 0x2268a314bed5ec8cULL,
+     0xd944b123b949edeeULL, 0x31dcb3b84d8b7017ULL, 0xd3fe65279f218860ULL,
+     0x097af2f1dc8ffab3ULL, 0x9b09a6fc312d0b91ULL, 0xcc6ded78a3c4520fULL,
+     0x3481d9ba5ebfcc50ULL, 0x4f2a667f1182d56bULL, 0xdfd9fdd4509ace94ULL,
+     0x26752045fbbc252bULL, 0xbffc491f662bc467ULL, 0xdd593272fc202449ULL,
+     0x3cbbc218d46d4303ULL, 0x91b372f817456e1fULL, 0x681faf69bc6385a0ULL,
+     0xb686bbeebaa43ed4ULL, 0x1469b5084cd0ca01ULL, 0x98c98009cbca94acULL,
+     0x6438379a73d8c354ULL, 0xc2caba2dc0c5fe26ULL, 0x3e3b0dbe78d7a9deULL,
+     0x50b9ee202d670f04ULL, 0x4590b27b37eab0e5ULL, 0x6025b4cb36b10af3ULL,
+     0xfb2c1237079c0162ULL, 0xa12f28130c936be8ULL, 0x4b37e52e54eb1cccULL,
+     0x083a1ba28ad28f53ULL, 0xc10a9cd83a22611bULL, 0x9f1425ad7444c236ULL,
+     0x069d4cf7e9d3237aULL, 0xedc56899e7f621beULL, 0x778c273680865fcfULL,
+     0x309c5aeb1bd605f7ULL, 0x8de0dc52d1472b4dULL, 0xf8ec34c2fd7b9e5fULL,
+     0xea18cd3d58787724ULL, 0xaad515447ca67b86ULL, 0x9989695a9d97e14cULL,
+     0x0000000000000000ULL, 0xf196c63321f464ecULL, 0x71116bc169557cb5ULL,
+     0xaf887f466f92c7c1ULL, 0x972e3e0ffe964d65ULL, 0x190ec4a8d536f915ULL,
+     0x95aef1a9522ca7b8ULL, 0xdc19db21aa7d51a9ULL, 0x94ee18fa0471d258ULL,
+     0x8087adf248a11859ULL, 0xc457f6da2916dd5cULL, 0xfa6cfb6451c17482ULL,
+     0xf256e0c6db13fbd1ULL, 0x6a9f60cf10d96f7dULL, 0x4daaa9d9bd383fb6ULL,
+     0x03c026f5fae79f3dULL, 0xde99148706c7bb74ULL, 0x2a52b8b6340763dfULL,
+     0x6fc20acd03edd33aULL, 0xd423c08320afdefaULL, 0xbbe1ca4e23420dc0ULL,
+     0x966ed75ca8cb3885ULL, 0xeb58246e0e2502c4ULL, 0x055d6a021334bc47ULL,
+     0xa47242111fa7d7afULL, 0xe3623fcc84f78d97ULL, 0x81c744a11efc6db9ULL,
+     0xaec8961539cfb221ULL, 0xf31609958d4e8e31ULL, 0x63e5923ecc5695ceULL,
+     0x47107ddd9b505a38ULL, 0xa3afe7b5a0298135ULL, 0x792b7063e387f3e6ULL,
+     0x0140e953565d75e0ULL, 0x12f4f9ffa503e97bULL, 0x750ce8902c3cb512ULL,
+     0xdbc47e8515f30733ULL, 0x1ed3610c6ab8af8fULL, 0x5239218681dde5d9ULL,
+     0xe222d69fd2aaf877ULL, 0xfe71783514a8bd25ULL, 0xcaf0a18f4a177175ULL,
+     0x61655d9860ec7f13ULL, 0xe77fbc9dc19e4430ULL, 0x2ccff441ddd440a5ULL,
+     0x16e97aaee06a20dcULL, 0xa855dae2d01c915bULL, 0x1d1347f9905f30b2ULL,
+     0xb7c652bdecf94b34ULL, 0xd03e43d265c6175dULL, 0xfdb15ec0ee4f2218ULL,
+     0x57644b8492e9599eULL, 0x07dda5a4bf8e569aULL, 0x54a46d71680ec6a3ULL,
+     0x5624a2d7c4b42c7eULL, 0xbebca04c3076b187ULL, 0x7d36f332a6ee3a41ULL,
+     0x3b6667bc6be31599ULL, 0x695f463aea3ef040ULL, 0xad08b0e0c3282d1cULL,
+     0xb15b1e4a052a684eULL, 0x44d05b2861b7c505ULL, 0x15295c5b1a8dbfe1ULL,
+     0x744c01c37a61c0f2ULL, 0x59c31cd1f1e8f5b7ULL, 0xef45a73f4b4ccb63ULL,
+     0x6bdf899c46841a9dULL, 0x3dfb2b4b823036e3ULL, 0xa2ef0ee6f674f4d5ULL,
+     0x184e2dfb836b8cf5ULL, 0x1134df0a5fe47646ULL, 0xbaa1231d751f7820ULL,
+     0xd17eaa81339b62bdULL, 0xb01bf71953771daeULL, 0x849a2ea30dc8d1feULL,
+     0x705182923f080955ULL, 0x0ea757556301ac29ULL, 0x041d83514569c9a7ULL,
+     0x0abad4042668658eULL, 0x49b72a88f851f611ULL, 0x8a3d79f66ec97dd7ULL,
+     0xcd2d042bf59927efULL, 0xc930877ab0f0ee48ULL, 0x9273540deda2f122ULL,
+     0xc797d02fd3f14261ULL, 0xe1e2f06a284d674aULL, 0xd2be8c74c97cfd80ULL,
+     0x9a494faf67707e71ULL, 0xb3dbd1eca9908293ULL, 0x72d14d3493b2e388ULL,
+     0xd6a30f258c153427ULL}
+};
+#else
+ALIGN(16)
+static const unsigned long long Ax[8][256] = {
+    {
+     0xe6f87e5c5b711fd0ULL, 0x258377800924fa16ULL, 0xc849e07e852ea4a8ULL,
+     0x5b4686a18f06c16aULL, 0x0b32e9a2d77b416eULL, 0xabda37a467815c66ULL,
+     0xf61796a81a686676ULL, 0xf5dc0b706391954bULL, 0x4862f38db7e64bf1ULL,
+     0xff5c629a68bd85c5ULL, 0xcb827da6fcd75795ULL, 0x66d36daf69b9f089ULL,
+     0x356c9f74483d83b0ULL, 0x7cbcecb1238c99a1ULL, 0x36a702ac31c4708dULL,
+     0x9eb6a8d02fbcdfd6ULL, 0x8b19fa51e5b3ae37ULL, 0x9ccfb5408a127d0bULL,
+     0xbc0c78b508208f5aULL, 0xe533e3842288ecedULL, 0xcec2c7d377c15fd2ULL,
+     0xec7817b6505d0f5eULL, 0xb94cc2c08336871dULL, 0x8c205db4cb0b04adULL,
+     0x763c855b28a0892fULL, 0x588d1b79f6ff3257ULL, 0x3fecf69e4311933eULL,
+     0x0fc0d39f803a18c9ULL, 0xee010a26f5f3ad83ULL, 0x10efe8f4411979a6ULL,
+     0x5dcda10c7de93a10ULL, 0x4a1bee1d1248e92cULL, 0x53bff2db21847339ULL,
+     0xb4f50ccfa6a23d09ULL, 0x5fb4bc9cd84798cdULL, 0xe88a2d8b071c56f9ULL,
+     0x7f7771695a756a9cULL, 0xc5f02e71a0ba1ebcULL, 0xa663f9ab4215e672ULL,
+     0x2eb19e22de5fbb78ULL, 0x0db9ce0f2594ba14ULL, 0x82520e6397664d84ULL,
+     0x2f031e6a0208ea98ULL, 0x5c7f2144a1be6bf0ULL, 0x7a37cb1cd16362dbULL,
+     0x83e08e2b4b311c64ULL, 0xcf70479bab960e32ULL, 0x856ba986b9dee71eULL,
+     0xb5478c877af56ce9ULL, 0xb8fe42885f61d6fdULL, 0x1bdd0156966238c8ULL,
+     0x622157923ef8a92eULL, 0xfc97ff42114476f8ULL, 0x9d7d350856452cebULL,
+     0x4c90c9b0e0a71256ULL, 0x2308502dfbcb016cULL, 0x2d7a03faa7a64845ULL,
+     0xf46e8b38bfc6c4abULL, 0xbdbef8fdd477debaULL, 0x3aac4cebc8079b79ULL,
+     0xf09cb105e8879d0cULL, 0x27fa6a10ac8a58cbULL, 0x8960e7c1401d0ceaULL,
+     0x1a6f811e4a356928ULL, 0x90c4fb0773d196ffULL, 0x43501a2f609d0a9fULL,
+     0xf7a516e0c63f3796ULL, 0x1ce4a6b3b8da9252ULL, 0x1324752c38e08a9bULL,
+     0xa5a864733bec154fULL, 0x2bf124575549b33fULL, 0xd766db15440dc5c7ULL,
+     0xa7d179e39e42b792ULL, 0xdadf151a61997fd3ULL, 0x86a0345ec0271423ULL,
+     0x38d5517b6da939a4ULL, 0x6518f077104003b4ULL, 0x02791d90a5aea2ddULL,
+     0x88d267899c4a5d0aULL, 0x930f66df0a2865c2ULL, 0x4ee9d4204509b08bULL,
+     0x325538916685292aULL, 0x412907bfc533a842ULL, 0xb27e2b62544dc673ULL,
+     0x6c5304456295e007ULL, 0x5af406e95351908aULL, 0x1f2f3b6bc123616fULL,
+     0xc37b09dc5255e5c6ULL, 0x3967d133b1fe6844ULL, 0x298839c7f0e711e2ULL,
+     0x409b87f71964f9a2ULL, 0xe938adc3db4b0719ULL, 0x0c0b4e47f9c3ebf4ULL,
+     0x5534d576d36b8843ULL, 0x4610a05aeb8b02d8ULL, 0x20c3cdf58232f251ULL,
+     0x6de1840dbec2b1e7ULL, 0xa0e8de06b0fa1d08ULL, 0x7b854b540d34333bULL,
+     0x42e29a67bcca5b7fULL, 0xd8a6088ac437dd0eULL, 0xc63bb3a9d943ed81ULL,
+     0x21714dbd5e65a3b1ULL, 0x6761ede7b5eea169ULL, 0x2431f7c8d573abf6ULL,
+     0xd51fc685e1a3671aULL, 0x5e063cd40410c92dULL, 0x283ab98f2cb04002ULL,
+     0x8febc06cb2f2f790ULL, 0x17d64f116fa1d33cULL, 0xe07359f1a99ee4aaULL,
+     0x784ed68c74cdc006ULL, 0x6e2a19d5c73b42daULL, 0x8712b4161c7045c3ULL,
+     0x371582e4ed93216dULL, 0xace390414939f6fcULL, 0x7ec5f12186223b7cULL,
+     0xc0b094042bac16fbULL, 0xf9d745379a527ebfULL, 0x737c3f2ea3b68168ULL,
+     0x33e7b8d9bad278caULL, 0xa9a32a34c22ffebbULL, 0xe48163ccfedfbd0dULL,
+     0x8e5940246ea5a670ULL, 0x51c6ef4b842ad1e4ULL, 0x22bad065279c508cULL,
+     0xd91488c218608ceeULL, 0x319ea5491f7cda17ULL, 0xd394e128134c9c60ULL,
+     0x094bf43272d5e3b3ULL, 0x9bf612a5a4aad791ULL, 0xccbbda43d26ffd0fULL,
+     0x34de1f3c946ad250ULL, 0x4f5b5468995ee16bULL, 0xdf9faf6fea8f7794ULL,
+     0x2648ea5870dd092bULL, 0xbfc7e56d71d97c67ULL, 0xdde6b2ff4f21d549ULL,
+     0x3c276b463ae86003ULL, 0x91767b4faf86c71fULL, 0x68a13e7835d4b9a0ULL,
+     0xb68c115f030c9fd4ULL, 0x141dd2c916582001ULL, 0x983d8f7ddd5324acULL,
+     0x64aa703fcc175254ULL, 0xc2c989948e02b426ULL, 0x3e5e76d69f46c2deULL,
+     0x50746f03587d8004ULL, 0x45db3d829272f1e5ULL, 0x60584a029b560bf3ULL,
+     0xfbae58a73ffcdc62ULL, 0xa15a5e4e6cad4ce8ULL, 0x4ba96e55ce1fb8ccULL,
+     0x08f9747aae82b253ULL, 0xc102144cf7fb471bULL, 0x9f042898f3eb8e36ULL,
+     0x068b27adf2effb7aULL, 0xedca97fe8c0a5ebeULL, 0x778e0513f4f7d8cfULL,
+     0x302c2501c32b8bf7ULL, 0x8d92ddfc175c554dULL, 0xf865c57f46052f5fULL,
+     0xeaf3301ba2b2f424ULL, 0xaa68b7ecbbd60d86ULL, 0x998f0f350104754cULL,
+     0x0000000000000000ULL, 0xf12e314d34d0ccecULL, 0x710522be061823b5ULL,
+     0xaf280d9930c005c1ULL, 0x97fd5ce25d693c65ULL, 0x19a41cc633cc9a15ULL,
+     0x95844172f8c79eb8ULL, 0xdc5432b7937684a9ULL, 0x9436c13a2490cf58ULL,
+     0x802b13f332c8ef59ULL, 0xc442ae397ced4f5cULL, 0xfa1cd8efe3ab8d82ULL,
+     0xf2e5ac954d293fd1ULL, 0x6ad823e8907a1b7dULL, 0x4d2249f83cf043b6ULL,
+     0x03cb9dd879f9f33dULL, 0xde2d2f2736d82674ULL, 0x2a43a41f891ee2dfULL,
+     0x6f98999d1b6c133aULL, 0xd4ad46cd3df436faULL, 0xbb35df50269825c0ULL,
+     0x964fdcaa813e6d85ULL, 0xeb41b0537ee5a5c4ULL, 0x0540ba758b160847ULL,
+     0xa41ae43be7bb44afULL, 0xe3b8c429d0671797ULL, 0x819993bbee9fbeb9ULL,
+     0xae9a8dd1ec975421ULL, 0xf3572cdd917e6e31ULL, 0x6393d7dae2aff8ceULL,
+     0x47a2201237dc5338ULL, 0xa32343dec903ee35ULL, 0x79fc56c4a89a91e6ULL,
+     0x01b28048dc5751e0ULL, 0x1296f564e4b7db7bULL, 0x75f7188351597a12ULL,
+     0xdb6d9552bdce2e33ULL, 0x1e9dbb231d74308fULL, 0x520d7293fdd322d9ULL,
+     0xe20a44610c304677ULL, 0xfeeee2d2b4ead425ULL, 0xca30fdee20800675ULL,
+     0x61eaca4a47015a13ULL, 0xe74afe1487264e30ULL, 0x2cc883b27bf119a5ULL,
+     0x1664cf59b3f682dcULL, 0xa811aa7c1e78af5bULL, 0x1d5626fb648dc3b2ULL,
+     0xb73e9117df5bce34ULL, 0xd05f7cf06ab56f5dULL, 0xfd257f0acd132718ULL,
+     0x574dc8e676c52a9eULL, 0x0739a7e52eb8aa9aULL, 0x5486553e0f3cd9a3ULL,
+     0x56ff48aeaa927b7eULL, 0xbe756525ad8e2d87ULL, 0x7d0e6cf9ffdbc841ULL,
+     0x3b1ecca31450ca99ULL, 0x6913be30e983e840ULL, 0xad511009956ea71cULL,
+     0xb1b5b6ba2db4354eULL, 0x4469bdca4e25a005ULL, 0x15af5281ca0f71e1ULL,
+     0x744598cb8d0e2bf2ULL, 0x593f9b312aa863b7ULL, 0xefb38a6e29a4fc63ULL,
+     0x6b6aa3a04c2d4a9dULL, 0x3d95eb0ee6bf31e3ULL, 0xa291c3961554bfd5ULL,
+     0x18169c8eef9bcbf5ULL, 0x115d68bc9d4e2846ULL, 0xba875f18facf7420ULL,
+     0xd1edfcb8b6e23ebdULL, 0xb00736f2f1e364aeULL, 0x84d929ce6589b6feULL,
+     0x70b7a2f6da4f7255ULL, 0x0e7253d75c6d4929ULL, 0x04f23a3d574159a7ULL,
+     0x0a8069ea0b2c108eULL, 0x49d073c56bb11a11ULL, 0x8aab7a1939e4ffd7ULL,
+     0xcd095a0b0e38acefULL, 0xc9fb60365979f548ULL, 0x92bde697d67f3422ULL,
+     0xc78933e10514bc61ULL, 0xe1c1d9b975c9b54aULL, 0xd2266160cf1bcd80ULL,
+     0x9a4492ed78fd8671ULL, 0xb3ccab2a881a9793ULL, 0x72cebf667fe1d088ULL,
+     0xd6d45b5d985a9427ULL},
+    {
+     0xc811a8058c3f55deULL, 0x65f5b43196b50619ULL, 0xf74f96b1d6706e43ULL,
+     0x859d1e8bcb43d336ULL, 0x5aab8a85ccfa3d84ULL, 0xf9c7bf99c295fcfdULL,
+     0xa21fd5a1de4b630fULL, 0xcdb3ef763b8b456dULL, 0x803f59f87cf7c385ULL,
+     0xb27c73be5f31913cULL, 0x98e3ac6633b04821ULL, 0xbf61674c26b8f818ULL,
+     0x0ffbc995c4c130c8ULL, 0xaaa0862010761a98ULL, 0x6057f342210116aaULL,
+     0xf63c760c0654cc35ULL, 0x2ddb45cc667d9042ULL, 0xbcf45a964bd40382ULL,
+     0x68e8a0c3ef3c6f3dULL, 0xa7bd92d269ff73bcULL, 0x290ae20201ed2287ULL,
+     0xb7de34cde885818fULL, 0xd901eea7dd61059bULL, 0xd6fa273219a03553ULL,
+     0xd56f1ae874cccec9ULL, 0xea31245c2e83f554ULL, 0x7034555da07be499ULL,
+     0xce26d2ac56e7bef7ULL, 0xfd161857a5054e38ULL, 0x6a0e7da4527436d1ULL,
+     0x5bd86a381cde9ff2ULL, 0xcaf7756231770c32ULL, 0xb09aaed9e279c8d0ULL,
+     0x5def1091c60674dbULL, 0x111046a2515e5045ULL, 0x23536ce4729802fcULL,
+     0xc50cbcf7f5b63cfaULL, 0x73a16887cd171f03ULL, 0x7d2941afd9f28dbdULL,
+     0x3f5e3eb45a4f3b9dULL, 0x84eefe361b677140ULL, 0x3db8e3d3e7076271ULL,
+     0x1a3a28f9f20fd248ULL, 0x7ebc7c75b49e7627ULL, 0x74e5f293c7eb565cULL,
+     0x18dcf59e4f478ba4ULL, 0x0c6ef44fa9adcb52ULL, 0xc699812d98dac760ULL,
+     0x788b06dc6e469d0eULL, 0xfc65f8ea7521ec4eULL, 0x30a5f7219e8e0b55ULL,
+     0x2bec3f65bca57b6bULL, 0xddd04969baf1b75eULL, 0x99904cdbe394ea57ULL,
+     0x14b201d1e6ea40f6ULL, 0xbbb0c08241284addULL, 0x50f20463bf8f1dffULL,
+     0xe8d7f93b93cbacb8ULL, 0x4d8cb68e477c86e8ULL, 0xc1dd1b3992268e3fULL,
+     0x7c5aa11209d62fcbULL, 0x2f3d98abdb35c9aeULL, 0x671369562bfd5ff5ULL,
+     0x15c1e16c36cee280ULL, 0x1d7eb2edf8f39b17ULL, 0xda94d37db00dfe01ULL,
+     0x877bc3ec760b8adaULL, 0xcb8495dfe153ae44ULL, 0x05a24773b7b410b3ULL,
+     0x12857b783c32abdfULL, 0x8eb770d06812513bULL, 0x536739b9d2e3e665ULL,
+     0x584d57e271b26468ULL, 0xd789c78fc9849725ULL, 0xa935bbfa7d1ae102ULL,
+     0x8b1537a3dfa64188ULL, 0xd0cd5d9bc378de7aULL, 0x4ac82c9a4d80cfb7ULL,
+     0x42777f1b83bdb620ULL, 0x72d2883a1d33bd75ULL, 0x5e7a2d4bab6a8f41ULL,
+     0xf4daab6bbb1c95d9ULL, 0x905cffe7fd8d31b6ULL, 0x83aa6422119b381fULL,
+     0xc0aefb8442022c49ULL, 0xa0f908c663033ae3ULL, 0xa428af0804938826ULL,
+     0xade41c341a8a53c7ULL, 0xae7121ee77e6a85dULL, 0xc47f5c4a25929e8cULL,
+     0xb538e9aa55cdd863ULL, 0x06377aa9dad8eb29ULL, 0xa18ae87bb3279895ULL,
+     0x6edfda6a35e48414ULL, 0x6b7d9d19825094a7ULL, 0xd41cfa55a4e86cbfULL,
+     0xe5caedc9ea42c59cULL, 0xa36c351c0e6fc179ULL, 0x5181e4de6fabbf89ULL,
+     0xfff0c530184d17d4ULL, 0x9d41eb1584045892ULL, 0x1c0d525028d73961ULL,
+     0xf178ec180ca8856aULL, 0x9a0571018ef811cdULL, 0x4091a27c3ef5efccULL,
+     0x19af15239f6329d2ULL, 0x347450eff91eb990ULL, 0xe11b4a078dd27759ULL,
+     0xb9561de5fc601331ULL, 0x912f1f5a2da993c0ULL, 0x1654dcb65ba2191aULL,
+     0x3e2dde098a6b99ebULL, 0x8a66d71e0f82e3feULL, 0x8c51adb7d55a08d7ULL,
+     0x4533e50f8941ff7fULL, 0x02e6dd67bd4859ecULL, 0xe068aaba5df6d52fULL,
+     0xc24826e3ff4a75a5ULL, 0x6c39070d88acddf8ULL, 0x6486548c4691a46fULL,
+     0xd1bebd26135c7c0cULL, 0xb30f93038f15334aULL, 0x82d9849fc1bf9a69ULL,
+     0x9c320ba85420fae4ULL, 0xfa528243aff90767ULL, 0x9ed4d6cfe968a308ULL,
+     0xb825fd582c44b147ULL, 0x9b7691bc5edcb3bbULL, 0xc7ea619048fe6516ULL,
+     0x1063a61f817af233ULL, 0x47d538683409a693ULL, 0x63c2ce984c6ded30ULL,
+     0x2a9fdfd86c81d91dULL, 0x7b1e3b06032a6694ULL, 0x666089ebfbd9fd83ULL,
+     0x0a598ee67375207bULL, 0x07449a140afc495fULL, 0x2ca8a571b6593234ULL,
+     0x1f986f8a45bbc2fbULL, 0x381aa4a050b372c2ULL, 0x5423a3add81faf3aULL,
+     0x17273c0b8b86bb6cULL, 0xfe83258dc869b5a2ULL, 0x287902bfd1c980f1ULL,
+     0xf5a94bd66b3837afULL, 0x88800a79b2caba12ULL, 0x55504310083b0d4cULL,
+     0xdf36940e07b9eeb2ULL, 0x04d1a7ce6790b2c5ULL, 0x612413fff125b4dcULL,
+     0x26f12b97c52c124fULL, 0x86082351a62f28acULL, 0xef93632f9937e5e7ULL,
+     0x3507b052293a1be6ULL, 0xe72c30ae570a9c70ULL, 0xd3586041ae1425e0ULL,
+     0xde4574b3d79d4cc4ULL, 0x92ba228040c5685aULL, 0xf00b0ca5dc8c271cULL,
+     0xbe1287f1f69c5a6eULL, 0xf39e317fb1e0dc86ULL, 0x495d114020ec342dULL,
+     0x699b407e3f18cd4bULL, 0xdca3a9d46ad51528ULL, 0x0d1d14f279896924ULL,
+     0x0000000000000000ULL, 0x593eb75fa196c61eULL, 0x2e4e78160b116bd8ULL,
+     0x6d4ae7b058887f8eULL, 0xe65fd013872e3e06ULL, 0x7a6ddbbbd30ec4e2ULL,
+     0xac97fc89caaef1b1ULL, 0x09ccb33c1e19dbe1ULL, 0x89f3eac462ee1864ULL,
+     0x7770cf49aa87adc6ULL, 0x56c57eca6557f6d6ULL, 0x03953dda6d6cfb9aULL,
+     0x36928d884456e07cULL, 0x1eeb8f37959f608dULL, 0x31d6179c4eaaa923ULL,
+     0x6fac3ad7e5c02662ULL, 0x43049fa653991456ULL, 0xabd3669dc052b8eeULL,
+     0xaf02c153a7c20a2bULL, 0x3ccb036e3723c007ULL, 0x93c9c23d90e1ca2cULL,
+     0xc33bc65e2f6ed7d3ULL, 0x4cff56339758249eULL, 0xb1e94e64325d6aa6ULL,
+     0x37e16d359472420aULL, 0x79f8e661be623f78ULL, 0x5214d90402c74413ULL,
+     0x482ef1fdf0c8965bULL, 0x13f69bc5ec1609a9ULL, 0x0e88292814e592beULL,
+     0x4e198b542a107d72ULL, 0xccc00fcbebafe71bULL, 0x1b49c844222b703eULL,
+     0x2564164da840e9d5ULL, 0x20c6513e1ff4f966ULL, 0xbac3203f910ce8abULL,
+     0xf2edd1c261c47ef0ULL, 0x814cb945acd361f3ULL, 0x95feb8944a392105ULL,
+     0x5c9cf02c1622d6adULL, 0x971865f3f77178e9ULL, 0xbd87ba2b9bf0a1f4ULL,
+     0x444005b259655d09ULL, 0xed75be48247fbc0bULL, 0x7596122e17cff42aULL,
+     0xb44b091785e97a15ULL, 0x966b854e2755da9fULL, 0xeee0839249134791ULL,
+     0x32432a4623c652b9ULL, 0xa8465b47ad3e4374ULL, 0xf8b45f2412b15e8bULL,
+     0x2417f6f078644ba3ULL, 0xfb2162fe7fdda511ULL, 0x4bbbcc279da46dc1ULL,
+     0x0173e0bdd024a276ULL, 0x22208c59a2bca08aULL, 0x8fc4906db836f34dULL,
+     0xe4b90d743a6667eaULL, 0x7147b5e0705f46efULL, 0x2782cb2a1508b039ULL,
+     0xec065ef5f45b1e7dULL, 0x21b5b183cfd05b10ULL, 0xdbe733c060295c77ULL,
+     0x9fa73672394c017eULL, 0xcf55321186c31c81ULL, 0xd8720e1a0d45a7edULL,
+     0x3b8f997a3ddf8958ULL, 0x3afc79c7edfb2b2eULL, 0xe9a4198643ef0eceULL,
+     0x5f09cdf67b4e2d37ULL, 0x4f6a6be9fa34df04ULL, 0xb6add47038a123f9ULL,
+     0x8d224d0a057eaaa1ULL, 0xc96248b85c1bf7a8ULL, 0xe3fd9760309a2eb5ULL,
+     0x0b2a6e5ba351820dULL, 0xeb42c4e1fea75722ULL, 0x948d58299a1d8373ULL,
+     0x7fcf9cc864bad451ULL, 0xa55b4fb5d4b72a50ULL, 0x08bf5381ce3d7997ULL,
+     0x46a6d8d5e42d04e5ULL, 0xd22b80fc7e308796ULL, 0x57b69e77b57354a0ULL,
+     0x3969441d8097d0b4ULL, 0x3330cafbf3e2f0cfULL, 0xe28e77dde0be8cc3ULL,
+     0x62b12e259c494f46ULL, 0xa6ce726fb9dbd1caULL, 0x41e242c1eed14dbaULL,
+     0x76032ff47aa30fb0ULL},
+    {
+     0x45b268a93acde4ccULL, 0xaf7f0be884549d08ULL, 0x048354b3c1468263ULL,
+     0x925435c2c80efed2ULL, 0xee4e37f27fdffba7ULL, 0x167a33920c60f14dULL,
+     0xfb123b52ea03e584ULL, 0x4a0cab53fdbb9007ULL, 0x9deaf6380f788a19ULL,
+     0xcb48ec558f0cb32aULL, 0xb59dc4b2d6fef7e0ULL, 0xdcdbca22f4f3ecb6ULL,
+     0x11df5813549a9c40ULL, 0xe33fdedf568aced3ULL, 0xa0c1c8124322e9c3ULL,
+     0x07a56b8158fa6d0dULL, 0x77279579b1e1f3ddULL, 0xd9b18b74422ac004ULL,
+     0xb8ec2d9fffabc294ULL, 0xf4acf8a82d75914fULL, 0x7bbf69b1ef2b6878ULL,
+     0xc4f62faf487ac7e1ULL, 0x76ce809cc67e5d0cULL, 0x6711d88f92e4c14cULL,
+     0x627b99d9243dedfeULL, 0x234aa5c3dfb68b51ULL, 0x909b1f15262dbf6dULL,
+     0x4f66ea054b62bcb5ULL, 0x1ae2cf5a52aa6ae8ULL, 0xbea053fbd0ce0148ULL,
+     0xed6808c0e66314c9ULL, 0x43fe16cd15a82710ULL, 0xcd049231a06970f6ULL,
+     0xe7bc8a6c97cc4cb0ULL, 0x337ce835fcb3b9c0ULL, 0x65def2587cc780f3ULL,
+     0x52214ede4132bb50ULL, 0x95f15e4390f493dfULL, 0x870839625dd2e0f1ULL,
+     0x41313c1afb8b66afULL, 0x91720af051b211bcULL, 0x477d427ed4eea573ULL,
+     0x2e3b4ceef6e3be25ULL, 0x82627834eb0bcc43ULL, 0x9c03e3dd78e724c8ULL,
+     0x2877328ad9867df9ULL, 0x14b51945e243b0f2ULL, 0x574b0f88f7eb97e2ULL,
+     0x88b6fa989aa4943aULL, 0x19c4f068cb168586ULL, 0x50ee6409af11faefULL,
+     0x7df317d5c04eaba4ULL, 0x7a567c5498b4c6a9ULL, 0xb6bbfb804f42188eULL,
+     0x3cc22bcf3bc5cd0bULL, 0xd04336eaaa397713ULL, 0xf02fac1bec33132cULL,
+     0x2506dba7f0d3488dULL, 0xd7e65d6bf2c31a1eULL, 0x5eb9b2161ff820f5ULL,
+     0x842e0650c46e0f9fULL, 0x716beb1d9e843001ULL, 0xa933758cab315ed4ULL,
+     0x3fe414fda2792265ULL, 0x27c9f1701ef00932ULL, 0x73a4c1ca70a771beULL,
+     0x94184ba6e76b3d0eULL, 0x40d829ff8c14c87eULL, 0x0fbec3fac77674cbULL,
+     0x3616a9634a6a9572ULL, 0x8f139119c25ef937ULL, 0xf545ed4d5aea3f9eULL,
+     0xe802499650ba387bULL, 0x6437e7bd0b582e22ULL, 0xe6559f89e053e261ULL,
+     0x80ad52e305288dfcULL, 0x6dc55a23e34b9935ULL, 0xde14e0f51ad0ad09ULL,
+     0xc6390578a659865eULL, 0x96d7617109487cb1ULL, 0xe2d6cb3a21156002ULL,
+     0x01e915e5779faed1ULL, 0xadb0213f6a77dcb7ULL, 0x9880b76eb9a1a6abULL,
+     0x5d9f8d248644cf9bULL, 0xfd5e4536c5662658ULL, 0xf1c6b9fe9bacbdfdULL,
+     0xeacd6341be9979c4ULL, 0xefa7221708405576ULL, 0x510771ecd88e543eULL,
+     0xc2ba51cb671f043dULL, 0x0ad482ac71af5879ULL, 0xfe787a045cdac936ULL,
+     0xb238af338e049aedULL, 0xbd866cc94972ee26ULL, 0x615da6ebbd810290ULL,
+     0x3295fdd08b2c1711ULL, 0xf834046073bf0aeaULL, 0xf3099329758ffc42ULL,
+     0x1caeb13e7dcfa934ULL, 0xba2307481188832bULL, 0x24efce42874ce65cULL,
+     0x0e57d61fb0e9da1aULL, 0xb3d1bad6f99b343cULL, 0xc0757b1c893c4582ULL,
+     0x2b510db8403a9297ULL, 0x5c7698c1f1db614aULL, 0x3e0d0118d5e68cb4ULL,
+     0xd60f488e855cb4cfULL, 0xae961e0df3cb33d9ULL, 0x3a8e55ab14a00ed7ULL,
+     0x42170328623789c1ULL, 0x838b6dd19c946292ULL, 0x895fef7ded3b3aebULL,
+     0xcfcbb8e64e4a3149ULL, 0x064c7e642f65c3dcULL, 0x3d2b3e2a4c5a63daULL,
+     0x5bd3f340a9210c47ULL, 0xb474d157a1615931ULL, 0xac5934da1de87266ULL,
+     0x6ee365117af7765bULL, 0xc86ed36716b05c44ULL, 0x9ba6885c201d49c5ULL,
+     0xb905387a88346c45ULL, 0x131072c4bab9ddffULL, 0xbf49461ea751af99ULL,
+     0xd52977bc1ce05ba1ULL, 0xb0f785e46027db52ULL, 0x546d30ba6e57788cULL,
+     0x305ad707650f56aeULL, 0xc987c682612ff295ULL, 0xa5ab8944f5fbc571ULL,
+     0x7ed528e759f244caULL, 0x8ddcbbce2c7db888ULL, 0xaa154abe328db1baULL,
+     0x1e619be993ece88bULL, 0x09f2bd9ee813b717ULL, 0x7401aa4b285d1cb3ULL,
+     0x21858f143195caeeULL, 0x48c381841398d1b8ULL, 0xfcb750d3b2f98889ULL,
+     0x39a86a998d1ce1b9ULL, 0x1f888e0ce473465aULL, 0x7899568376978716ULL,
+     0x02cf2ad7ee2341bfULL, 0x85c713b5b3f1a14eULL, 0xff916fe12b4567e7ULL,
+     0x7c1a0230b7d10575ULL, 0x0c98fcc85eca9ba5ULL, 0xa3e7f720da9e06adULL,
+     0x6a6031a2bbb1f438ULL, 0x973e74947ed7d260ULL, 0x2cf4663918c0ff9aULL,
+     0x5f50a7f368678e24ULL, 0x34d983b4a449d4cdULL, 0x68af1b755592b587ULL,
+     0x7f3c3d022e6dea1bULL, 0xabfc5f5b45121f6bULL, 0x0d71e92d29553574ULL,
+     0xdffdf5106d4f03d8ULL, 0x081ba87b9f8c19c6ULL, 0xdb7ea1a3ac0981bbULL,
+     0xbbca12ad66172dfaULL, 0x79704366010829c7ULL, 0x179326777bff5f9cULL,
+     0x0000000000000000ULL, 0xeb2476a4c906d715ULL, 0x724dd42f0738df6fULL,
+     0xb752ee6538ddb65fULL, 0x37ffbc863df53ba3ULL, 0x8efa84fcb5c157e6ULL,
+     0xe9eb5c73272596aaULL, 0x1b0bdabf2535c439ULL, 0x86e12c872a4d4e20ULL,
+     0x9969a28bce3e087aULL, 0xfafb2eb79d9c4b55ULL, 0x056a4156b6d92cb2ULL,
+     0x5a3ae6a5debea296ULL, 0x22a3b026a8292580ULL, 0x53c85b3b36ad1581ULL,
+     0xb11e900117b87583ULL, 0xc51f3a4a3fe56930ULL, 0xe019e1edcf3621bdULL,
+     0xec811d2591fcba18ULL, 0x445b7d4c4d524a1dULL, 0xa8da6069dcaef005ULL,
+     0x58f5cc72309de329ULL, 0xd4c062596b7ff570ULL, 0xce22ad0339d59f98ULL,
+     0x591cd99747024df8ULL, 0x8b90c5aa03187b54ULL, 0xf663d27fc356d0f0ULL,
+     0xd8589e9135b56ed5ULL, 0x35309651d3d67a1cULL, 0x12f96721cd26732eULL,
+     0xd28c1c3d441a36acULL, 0x492a946164077f69ULL, 0x2d1d73dc6f5f514bULL,
+     0x6f0a70f40d68d88aULL, 0x60b4b30eca1eac41ULL, 0xd36509d83385987dULL,
+     0x0b3d97490630f6a8ULL, 0x9eccc90a96c46577ULL, 0xa20ee2c5ad01a87cULL,
+     0xe49ab55e0e70a3deULL, 0xa4429ca182646ba0ULL, 0xda97b446db962f6aULL,
+     0xcced87d4d7f6de27ULL, 0x2ab8185d37a53c46ULL, 0x9f25dcefe15bcba6ULL,
+     0xc19c6ef9fea3eb53ULL, 0xa764a3931bd884ceULL, 0x2fd2590b817c10f4ULL,
+     0x56a21a6d80743933ULL, 0xe573a0bb79ef0d0fULL, 0x155c0ca095dc1e23ULL,
+     0x6c2c4fc694d437e4ULL, 0x10364df623053291ULL, 0xdd32dfc7836c4267ULL,
+     0x03263f3299bcef6eULL, 0x66f8cd6ae57b6f9dULL, 0x8c35ae2b5be21659ULL,
+     0x31b3c2e21290f87fULL, 0x93bd2027bf915003ULL, 0x69460e90220d1b56ULL,
+     0x299e276fae19d328ULL, 0x63928c3c53a2432fULL, 0x7082fef8e91b9ed0ULL,
+     0xbc6f792c3eed40f7ULL, 0x4c40d537d2de53dbULL, 0x75e8bfae5fc2b262ULL,
+     0x4da9c0d2a541fd0aULL, 0x4e8fffe03cfd1264ULL, 0x2620e495696fa7e3ULL,
+     0xe1f0f408b8a98f6cULL, 0xd1aa230fdda6d9c2ULL, 0xc7d0109dd1c6288fULL,
+     0x8a79d04f7487d585ULL, 0x4694579ba3710ba2ULL, 0x38417f7cfa834f68ULL,
+     0x1d47a4db0a5007e5ULL, 0x206c9af1460a643fULL, 0xa128ddf734bd4712ULL,
+     0x8144470672b7232dULL, 0xf2e086cc02105293ULL, 0x182de58dbc892b57ULL,
+     0xcaa1f9b0f8931dfbULL, 0x6b892447cc2e5ae9ULL, 0xf9dd11850420a43bULL,
+     0x4be5beb68a243ed6ULL, 0x5584255f19c8d65dULL, 0x3b67404e633fa006ULL,
+     0xa68db6766c472a1fULL, 0xf78ac79ab4c97e21ULL, 0xc353442e1080aaecULL,
+     0x9a4f9db95782e714ULL},
+    {
+     0x05ba7bc82c9b3220ULL, 0x31a54665f8b65e4fULL, 0xb1b651f77547f4d4ULL,
+     0x8bfa0d857ba46682ULL, 0x85a96c5aa16a98bbULL, 0x990faef908eb79c9ULL,
+     0xa15e37a247f4a62dULL, 0x76857dcd5d27741eULL, 0xf8c50b800a1820bcULL,
+     0xbe65dcb201f7a2b4ULL, 0x666d1b986f9426e7ULL, 0x4cc921bf53c4e648ULL,
+     0x95410a0f93d9ca42ULL, 0x20cdccaa647ba4efULL, 0x429a4060890a1871ULL,
+     0x0c4ea4f69b32b38bULL, 0xccda362dde354cd3ULL, 0x96dc23bc7c5b2fa9ULL,
+     0xc309bb68aa851ab3ULL, 0xd26131a73648e013ULL, 0x021dc52941fc4db2ULL,
+     0xcd5adab7704be48aULL, 0xa77965d984ed71e6ULL, 0x32386fd61734bba4ULL,
+     0xe82d6dd538ab7245ULL, 0x5c2147ea6177b4b1ULL, 0x5da1ab70cf091ce8ULL,
+     0xac907fce72b8bdffULL, 0x57c85dfd972278a8ULL, 0xa4e44c6a6b6f940dULL,
+     0x3851995b4f1fdfe4ULL, 0x62578ccaed71bc9eULL, 0xd9882bb0c01d2c0aULL,
+     0x917b9d5d113c503bULL, 0xa2c31e11a87643c6ULL, 0xe463c923a399c1ceULL,
+     0xf71686c57ea876dcULL, 0x87b4a973e096d509ULL, 0xaf0d567d9d3a5814ULL,
+     0xb40c2a3f59dcc6f4ULL, 0x3602f88495d121ddULL, 0xd3e1dd3d9836484aULL,
+     0xf945e71aa46688e5ULL, 0x7518547eb2a591f5ULL, 0x9366587450c01d89ULL,
+     0x9ea81018658c065bULL, 0x4f54080cbc4603a3ULL, 0x2d0384c65137bf3dULL,
+     0xdc325078ec861e2aULL, 0xea30a8fc79573ff7ULL, 0x214d2030ca050cb6ULL,
+     0x65f0322b8016c30cULL, 0x69be96dd1b247087ULL, 0xdb95ee9981e161b8ULL,
+     0xd1fc1814d9ca05f8ULL, 0x820ed2bbcc0de729ULL, 0x63d76050430f14c7ULL,
+     0x3bccb0e8a09d3a0fULL, 0x8e40764d573f54a2ULL, 0x39d175c1e16177bdULL,
+     0x12f5a37c734f1f4bULL, 0xab37c12f1fdfc26dULL, 0x5648b167395cd0f1ULL,
+     0x6c04ed1537bf42a7ULL, 0xed97161d14304065ULL, 0x7d6c67daab72b807ULL,
+     0xec17fa87ba4ee83cULL, 0xdfaf79cb0304fbc1ULL, 0x733f060571bc463eULL,
+     0x78d61c1287e98a27ULL, 0xd07cf48e77b4ada1ULL, 0xb9c262536c90dd26ULL,
+     0xe2449b5860801605ULL, 0x8fc09ad7f941fcfbULL, 0xfad8cea94be46d0eULL,
+     0xa343f28b0608eb9fULL, 0x9b126bd04917347bULL, 0x9a92874ae7699c22ULL,
+     0x1b017c42c4e69ee0ULL, 0x3a4c5c720ee39256ULL, 0x4b6e9f5e3ea399daULL,
+     0x6ba353f45ad83d35ULL, 0xe7fee0904c1b2425ULL, 0x22d009832587e95dULL,
+     0x842980c00f1430e2ULL, 0xc6b3c0a0861e2893ULL, 0x087433a419d729f2ULL,
+     0x341f3dadd42d6c6fULL, 0xee0a3faefbb2a58eULL, 0x4aee73c490dd3183ULL,
+     0xaab72db5b1a16a34ULL, 0xa92a04065e238fdfULL, 0x7b4b35a1686b6fccULL,
+     0x6a23bf6ef4a6956cULL, 0x191cb96b851ad352ULL, 0x55d598d4d6de351aULL,
+     0xc9604de5f2ae7ef3ULL, 0x1ca6c2a3a981e172ULL, 0xde2f9551ad7a5398ULL,
+     0x3025aaff56c8f616ULL, 0x15521d9d1e2860d9ULL, 0x506fe31cfa45073aULL,
+     0x189c55f12b647b0bULL, 0x0180ec9aae7ea859ULL, 0x7cec8b40050c105eULL,
+     0x2350e5198bf94104ULL, 0xef8ad33455cc0dd7ULL, 0x07a7bee16d677f92ULL,
+     0xe5e325b90de76997ULL, 0x5a061591a26e637aULL, 0xb611ef1618208b46ULL,
+     0x09f4df3eb7a981abULL, 0x1ebb078ae87dacc0ULL, 0xb791038cb65e231fULL,
+     0x0fd38d4574b05660ULL, 0x67edf702c1ea8ebeULL, 0xba5f4be0831238cdULL,
+     0xe3c477c2cefebe5cULL, 0x0dce486c354c1bd2ULL, 0x8c5db36416c31910ULL,
+     0x26ea9ed1a7627324ULL, 0x039d29b3ef82e5ebULL, 0x9f28fc82cbf2ae02ULL,
+     0xa8aae89cf05d2786ULL, 0x431aacfa2774b028ULL, 0xcf471f9e31b7a938ULL,
+     0x581bd0b8e3922ec8ULL, 0xbc78199b400bef06ULL, 0x90fb71c7bf42f862ULL,
+     0x1f3beb1046030499ULL, 0x683e7a47b55ad8deULL, 0x988f4263a695d190ULL,
+     0xd808c72a6e638453ULL, 0x0627527bc319d7cbULL, 0xebb04466d72997aeULL,
+     0xe67e0c0ae2658c7cULL, 0x14d2f107b056c880ULL, 0x7122c32c30400b8cULL,
+     0x8a7ae11fd5dacedbULL, 0xa0dedb38e98a0e74ULL, 0xad109354dcc615a6ULL,
+     0x0be91a17f655cc19ULL, 0x8ddd5ffeb8bdb149ULL, 0xbfe53028af890aedULL,
+     0xd65ba6f5b4ad7a6aULL, 0x7956f0882997227eULL, 0x10e8665532b352f9ULL,
+     0x0e5361dfdacefe39ULL, 0xcec7f3049fc90161ULL, 0xff62b561677f5f2eULL,
+     0x975ccf26d22587f0ULL, 0x51ef0f86543baf63ULL, 0x2f1e41ef10cbf28fULL,
+     0x52722635bbb94a88ULL, 0xae8dbae73344f04dULL, 0x410769d36688fd9aULL,
+     0xb3ab94de34bbb966ULL, 0x801317928df1aa9bULL, 0xa564a0f0c5113c54ULL,
+     0xf131d4bebdb1a117ULL, 0x7f71a2f3ea8ef5b5ULL, 0x40878549c8f655c3ULL,
+     0x7ef14e6944f05decULL, 0xd44663dcf55137d8ULL, 0xf2acfd0d523344fcULL,
+     0x0000000000000000ULL, 0x5fbc6e598ef5515aULL, 0x16cf342ef1aa8532ULL,
+     0xb036bd6ddb395c8dULL, 0x13754fe6dd31b712ULL, 0xbbdfa77a2d6c9094ULL,
+     0x89e7c8ac3a582b30ULL, 0x3c6b0e09cdfa459dULL, 0xc4ae0589c7e26521ULL,
+     0x49735a777f5fd468ULL, 0xcafd64561d2c9b18ULL, 0xda1502032f9fc9e1ULL,
+     0x8867243694268369ULL, 0x3782141e3baf8984ULL, 0x9cb5d53124704be9ULL,
+     0xd7db4a6f1ad3d233ULL, 0xa6f989432a93d9bfULL, 0x9d3539ab8a0ee3b0ULL,
+     0x53f2caaf15c7e2d1ULL, 0x6e19283c76430f15ULL, 0x3debe2936384edc4ULL,
+     0x5e3c82c3208bf903ULL, 0x33b8834cb94a13fdULL, 0x6470deb12e686b55ULL,
+     0x359fd1377a53c436ULL, 0x61caa57902f35975ULL, 0x043a975282e59a79ULL,
+     0xfd7f70482683129cULL, 0xc52ee913699ccd78ULL, 0x28b9ff0e7dac8d1dULL,
+     0x5455744e78a09d43ULL, 0xcb7d88ccb3523341ULL, 0x44bd121b4a13cfbaULL,
+     0x4d49cd25fdba4e11ULL, 0x3e76cb208c06082fULL, 0x3ff627ba2278a076ULL,
+     0xc28957f204fbb2eaULL, 0x453dfe81e46d67e3ULL, 0x94c1e6953da7621bULL,
+     0x2c83685cff491764ULL, 0xf32c1197fc4deca5ULL, 0x2b24d6bd922e68f6ULL,
+     0xb22b78449ac5113fULL, 0x48f3b6edd1217c31ULL, 0x2e9ead75beb55ad6ULL,
+     0x174fd8b45fd42d6bULL, 0x4ed4e4961238abfaULL, 0x92e6b4eefebeb5d0ULL,
+     0x46a0d7320bef8208ULL, 0x47203ba8a5912a51ULL, 0x24f75bf8e69e3e96ULL,
+     0xf0b1382413cf094eULL, 0xfee259fbc901f777ULL, 0x276a724b091cdb7dULL,
+     0xbdf8f501ee75475fULL, 0x599b3c224dec8691ULL, 0x6d84018f99c1eafeULL,
+     0x7498b8e41cdb39acULL, 0xe0595e71217c5bb7ULL, 0x2aa43a273c50c0afULL,
+     0xf50b43ec3f543b6eULL, 0x838e3e2162734f70ULL, 0xc09492db4507ff58ULL,
+     0x72bfea9fdfc2ee67ULL, 0x11688acf9ccdfaa0ULL, 0x1a8190d86a9836b9ULL,
+     0x7acbd93bc615c795ULL, 0xc7332c3a286080caULL, 0x863445e94ee87d50ULL,
+     0xf6966a5fd0d6de85ULL, 0xe9ad814f96d5da1cULL, 0x70a22fb69e3ea3d5ULL,
+     0x0a69f68d582b6440ULL, 0xb8428ec9c2ee757fULL, 0x604a49e3ac8df12cULL,
+     0x5b86f90b0c10cb23ULL, 0xe1d9b2eb8f02f3eeULL, 0x29391394d3d22544ULL,
+     0xc8e0a17f5cd0d6aaULL, 0xb58cc6a5f7a26eadULL, 0x8193fb08238f02c2ULL,
+     0xd5c68f465b2f9f81ULL, 0xfcff9cd288fdbac5ULL, 0x77059157f359dc47ULL,
+     0x1d262e3907ff492bULL, 0xfb582233e59ac557ULL, 0xddb2bce242f8b673ULL,
+     0x2577b76248e096cfULL, 0x6f99c4a6d83da74cULL, 0xc1147e41eb795701ULL,
+     0xf48baf76912a9337ULL},
+    {
+     0x3ef29d249b2c0a19ULL, 0xe9e16322b6f8622fULL, 0x5536994047757f7aULL,
+     0x9f4d56d5a47b0b33ULL, 0x822567466aa1174cULL, 0xb8f5057deb082fb2ULL,
+     0xcc48c10bf4475f53ULL, 0x373088d4275dec3aULL, 0x968f4325180aed10ULL,
+     0x173d232cf7016151ULL, 0xae4ed09f946fcc13ULL, 0xfd4b4741c4539873ULL,
+     0x1b5b3f0dd9933765ULL, 0x2ffcb0967b644052ULL, 0xe02376d20a89840cULL,
+     0xa3ae3a70329b18d7ULL, 0x419cbd2335de8526ULL, 0xfafebf115b7c3199ULL,
+     0x0397074f85aa9b0dULL, 0xc58ad4fb4836b970ULL, 0xbec60be3fc4104a8ULL,
+     0x1eff36dc4b708772ULL, 0x131fdc33ed8453b6ULL, 0x0844e33e341764d3ULL,
+     0x0ff11b6eab38cd39ULL, 0x64351f0a7761b85aULL, 0x3b5694f509cfba0eULL,
+     0x30857084b87245d0ULL, 0x47afb3bd2297ae3cULL, 0xf2ba5c2f6f6b554aULL,
+     0x74bdc4761f4f70e1ULL, 0xcfdfc64471edc45eULL, 0xe610784c1dc0af16ULL,
+     0x7aca29d63c113f28ULL, 0x2ded411776a859afULL, 0xac5f211e99a3d5eeULL,
+     0xd484f949a87ef33bULL, 0x3ce36ca596e013e4ULL, 0xd120f0983a9d432cULL,
+     0x6bc40464dc597563ULL, 0x69d5f5e5d1956c9eULL, 0x9ae95f043698bb24ULL,
+     0xc9ecc8da66a4ef44ULL, 0xd69508c8a5b2eac6ULL, 0xc40c2235c0503b80ULL,
+     0x38c193ba8c652103ULL, 0x1ceec75d46bc9e8fULL, 0xd331011937515ad1ULL,
+     0xd8e2e56886eca50fULL, 0xb137108d5779c991ULL, 0x709f3b6905ca4206ULL,
+     0x4feb50831680caefULL, 0xec456af3241bd238ULL, 0x58d673afe181abbeULL,
+     0x242f54e7cad9bf8cULL, 0x0211f1810dcc19fdULL, 0x90bc4dbb0f43c60aULL,
+     0x9518446a9da0761dULL, 0xa1bfcbf13f57012aULL, 0x2bde4f8961e172b5ULL,
+     0x27b853a84f732481ULL, 0xb0b1e643df1f4b61ULL, 0x18cc38425c39ac68ULL,
+     0xd2b7f7d7bf37d821ULL, 0x3103864a3014c720ULL, 0x14aa246372abfa5cULL,
+     0x6e600db54ebac574ULL, 0x394765740403a3f3ULL, 0x09c215f0bc71e623ULL,
+     0x2a58b947e987f045ULL, 0x7b4cdf18b477bdd8ULL, 0x9709b5eb906c6fe0ULL,
+     0x73083c268060d90bULL, 0xfedc400e41f9037eULL, 0x284948c6e44be9b8ULL,
+     0x728ecae808065bfbULL, 0x06330e9e17492b1aULL, 0x5950856169e7294eULL,
+     0xbae4f4fce6c4364fULL, 0xca7bcf95e30e7449ULL, 0x7d7fd186a33e96c2ULL,
+     0x52836110d85ad690ULL, 0x4dfaa1021b4cd312ULL, 0x913abb75872544faULL,
+     0xdd46ecb9140f1518ULL, 0x3d659a6b1e869114ULL, 0xc23f2cabd719109aULL,
+     0xd713fe062dd46836ULL, 0xd0a60656b2fbc1dcULL, 0x221c5a79dd909496ULL,
+     0xefd26dbca1b14935ULL, 0x0e77eda0235e4fc9ULL, 0xcbfd395b6b68f6b9ULL,
+     0x0de0eaefa6f4d4c4ULL, 0x0422ff1f1a8532e7ULL, 0xf969b85eded6aa94ULL,
+     0x7f6e2007aef28f3fULL, 0x3ad0623b81a938feULL, 0x6624ee8b7aada1a7ULL,
+     0xb682e8ddc856607bULL, 0xa78cc56f281e2a30ULL, 0xc79b257a45faa08dULL,
+     0x5b4174e0642b30b3ULL, 0x5f638bff7eae0254ULL, 0x4bc9af9c0c05f808ULL,
+     0xce59308af98b46aeULL, 0x8fc58da9cc55c388ULL, 0x803496c7676d0eb1ULL,
+     0xf33caae1e70dd7baULL, 0xbb6202326ea2b4bfULL, 0xd5020f87201871cbULL,
+     0x9d5ca754a9b712ceULL, 0x841669d87de83c56ULL, 0x8a6184785eb6739fULL,
+     0x420bba6cb0741e2bULL, 0xf12d5b60eac1ce47ULL, 0x76ac35f71283691cULL,
+     0x2c6bb7d9fecedb5fULL, 0xfccdb18f4c351a83ULL, 0x1f79c012c3160582ULL,
+     0xf0abadae62a74cb7ULL, 0xe1a5801c82ef06fcULL, 0x67a21845f2cb2357ULL,
+     0x5114665f5df04d9dULL, 0xbf40fd2d74278658ULL, 0xa0393d3fb73183daULL,
+     0x05a409d192e3b017ULL, 0xa9fb28cf0b4065f9ULL, 0x25a9a22942bf3d7cULL,
+     0xdb75e22703463e02ULL, 0xb326e10c5ab5d06cULL, 0xe7968e8295a62de6ULL,
+     0xb973f3b3636ead42ULL, 0xdf571d3819c30ce5ULL, 0xee549b7229d7cbc5ULL,
+     0x12992afd65e2d146ULL, 0xf8ef4e9056b02864ULL, 0xb7041e134030e28bULL,
+     0xc02edd2adad50967ULL, 0x932b4af48ae95d07ULL, 0x6fe6fb7bc6dc4784ULL,
+     0x239aacb755f61666ULL, 0x401a4bedbdb807d6ULL, 0x485ea8d389af6305ULL,
+     0xa41bc220adb4b13dULL, 0x753b32b89729f211ULL, 0x997e584bb3322029ULL,
+     0x1d683193ceda1c7fULL, 0xff5ab6c0c99f818eULL, 0x16bbd5e27f67e3a1ULL,
+     0xa59d34ee25d233cdULL, 0x98f8ae853b54a2d9ULL, 0x6df70afacb105e79ULL,
+     0x795d2e99b9bba425ULL, 0x8e437b6744334178ULL, 0x0186f6ce886682f0ULL,
+     0xebf092a3bb347bd2ULL, 0xbcd7fa62f18d1d55ULL, 0xadd9d7d011c5571eULL,
+     0x0bd3e471b1bdffdeULL, 0xaa6c2f808eeafef4ULL, 0x5ee57d31f6c880a4ULL,
+     0xf50fa47ff044fca0ULL, 0x1addc9c351f5b595ULL, 0xea76646d3352f922ULL,
+     0x0000000000000000ULL, 0x85909f16f58ebea6ULL, 0x46294573aaf12cccULL,
+     0x0a5512bf39db7d2eULL, 0x78dbd85731dd26d5ULL, 0x29cfbe086c2d6b48ULL,
+     0x218b5d36583a0f9bULL, 0x152cd2adfacd78acULL, 0x83a39188e2c795bcULL,
+     0xc3b9da655f7f926aULL, 0x9ecba01b2c1d89c3ULL, 0x07b5f8509f2fa9eaULL,
+     0x7ee8d6c926940dcfULL, 0x36b67e1aaf3b6ecaULL, 0x86079859702425abULL,
+     0xfb7849dfd31ab369ULL, 0x4c7c57cc932a51e2ULL, 0xd96413a60e8a27ffULL,
+     0x263ea566c715a671ULL, 0x6c71fc344376dc89ULL, 0x4a4f595284637af8ULL,
+     0xdaf314e98b20bcf2ULL, 0x572768c14ab96687ULL, 0x1088db7c682ec8bbULL,
+     0x887075f9537a6a62ULL, 0x2e7a4658f302c2a2ULL, 0x619116dbe582084dULL,
+     0xa87dde018326e709ULL, 0xdcc01a779c6997e8ULL, 0xedc39c3dac7d50c8ULL,
+     0xa60a33a1a078a8c0ULL, 0xc1a82be452b38b97ULL, 0x3f746bea134a88e9ULL,
+     0xa228ccbebafd9a27ULL, 0xabead94e068c7c04ULL, 0xf48952b178227e50ULL,
+     0x5cf48cb0fb049959ULL, 0x6017e0156de48abdULL, 0x4438b4f2a73d3531ULL,
+     0x8c528ae649ff5885ULL, 0xb515ef924dfcfb76ULL, 0x0c661c212e925634ULL,
+     0xb493195cc59a7986ULL, 0x9cda519a21d1903eULL, 0x32948105b5be5c2dULL,
+     0x194ace8cd45f2e98ULL, 0x438d4ca238129cdbULL, 0x9b6fa9cabefe39d4ULL,
+     0x81b26009ef0b8c41ULL, 0xded1ebf691a58e15ULL, 0x4e6da64d9ee6481fULL,
+     0x54b06f8ecf13fd8aULL, 0x49d85e1d01c9e1f5ULL, 0xafc826511c094ee3ULL,
+     0xf698a33075ee67adULL, 0x5ac7822eec4db243ULL, 0x8dd47c28c199da75ULL,
+     0x89f68337db1ce892ULL, 0xcdce37c57c21dda3ULL, 0x530597de503c5460ULL,
+     0x6a42f2aa543ff793ULL, 0x5d727a7e73621ba9ULL, 0xe232875307459df1ULL,
+     0x56a19e0fc2dfe477ULL, 0xc61dd3b4cd9c227dULL, 0xe5877f03986a341bULL,
+     0x949eb2a415c6f4edULL, 0x6206119460289340ULL, 0x6380e75ae84e11b0ULL,
+     0x8be772b6d6d0f16fULL, 0x50929091d596cf6dULL, 0xe86795ec3e9ee0dfULL,
+     0x7cf927482b581432ULL, 0xc86a3e14eec26db4ULL, 0x7119cda78dacc0f6ULL,
+     0xe40189cd100cb6ebULL, 0x92adbc3a028fdff7ULL, 0xb2a017c2d2d3529cULL,
+     0x200dabf8d05c8d6bULL, 0x34a78f9ba2f77737ULL, 0xe3b4719d8f231f01ULL,
+     0x45be423c2f5bb7c1ULL, 0xf71e55fefd88e55dULL, 0x6853032b59f3ee6eULL,
+     0x65b3e9c4ff073aaaULL, 0x772ac3399ae5ebecULL, 0x87816e97f842a75bULL,
+     0x110e2db2e0484a4bULL, 0x331277cb3dd8deddULL, 0xbd510cac79eb9fa5ULL,
+     0x352179552a91f5c7ULL},
+    {
+     0x8ab0a96846e06a6dULL, 0x43c7e80b4bf0b33aULL, 0x08c9b3546b161ee5ULL,
+     0x39f1c235eba990beULL, 0xc1bef2376606c7b2ULL, 0x2c209233614569aaULL,
+     0xeb01523b6fc3289aULL, 0x946953ab935aceddULL, 0x272838f63e13340eULL,
+     0x8b0455eca12ba052ULL, 0x77a1b2c4978ff8a2ULL, 0xa55122ca13e54086ULL,
+     0x2276135862d3f1cdULL, 0xdb8ddfde08b76cfeULL, 0x5d1e12c89e4a178aULL,
+     0x0e56816b03969867ULL, 0xee5f79953303ed59ULL, 0xafed748bab78d71dULL,
+     0x6d929f2df93e53eeULL, 0xf5d8a8f8ba798c2aULL, 0xf619b1698e39cf6bULL,
+     0x95ddaf2f749104e2ULL, 0xec2a9c80e0886427ULL, 0xce5c8fd8825b95eaULL,
+     0xc4e0d9993ac60271ULL, 0x4699c3a5173076f9ULL, 0x3d1b151f50a29f42ULL,
+     0x9ed505ea2bc75946ULL, 0x34665acfdc7f4b98ULL, 0x61b1fb53292342f7ULL,
+     0xc721c0080e864130ULL, 0x8693cd1696fd7b74ULL, 0x872731927136b14bULL,
+     0xd3446c8a63a1721bULL, 0x669a35e8a6680e4aULL, 0xcab658f239509a16ULL,
+     0xa4e5de4ef42e8ab9ULL, 0x37a7435ee83f08d9ULL, 0x134e6239e26c7f96ULL,
+     0x82791a3c2df67488ULL, 0x3f6ef00a8329163cULL, 0x8e5a7e42fdeb6591ULL,
+     0x5caaee4c7981ddb5ULL, 0x19f234785af1e80dULL, 0x255ddde3ed98bd70ULL,
+     0x50898a32a99cccacULL, 0x28ca4519da4e6656ULL, 0xae59880f4cb31d22ULL,
+     0x0d9798fa37d6db26ULL, 0x32f968f0b4ffcd1aULL, 0xa00f09644f258545ULL,
+     0xfa3ad5175e24de72ULL, 0xf46c547c5db24615ULL, 0x713e80fbff0f7e20ULL,
+     0x7843cf2b73d2aafaULL, 0xbd17ea36aedf62b4ULL, 0xfd111bacd16f92cfULL,
+     0x4abaa7dbc72d67e0ULL, 0xb3416b5dad49fad3ULL, 0xbca316b24914a88bULL,
+     0x15d150068aecf914ULL, 0xe27c1debe31efc40ULL, 0x4fe48c759beda223ULL,
+     0x7edcfd141b522c78ULL, 0x4e5070f17c26681cULL, 0xe696cac15815f3bcULL,
+     0x35d2a64b3bb481a7ULL, 0x800cff29fe7dfdf6ULL, 0x1ed9fac3d5baa4b0ULL,
+     0x6c2663a91ef599d1ULL, 0x03c1199134404341ULL, 0xf7ad4ded69f20554ULL,
+     0xcd9d9649b61bd6abULL, 0xc8c3bde7eadb1368ULL, 0xd131899fb02afb65ULL,
+     0x1d18e352e1fae7f1ULL, 0xda39235aef7ca6c1ULL, 0xa1bbf5e0a8ee4f7aULL,
+     0x91377805cf9a0b1eULL, 0x3138716180bf8e5bULL, 0xd9f83acbdb3ce580ULL,
+     0x0275e515d38b897eULL, 0x472d3f21f0fbbcc6ULL, 0x2d946eb7868ea395ULL,
+     0xba3c248d21942e09ULL, 0xe7223645bfde3983ULL, 0xff64feb902e41bb1ULL,
+     0xc97741630d10d957ULL, 0xc3cb1722b58d4eccULL, 0xa27aec719cae0c3bULL,
+     0x99fecb51a48c15fbULL, 0x1465ac826d27332bULL, 0xe1bd047ad75ebf01ULL,
+     0x79f733af941960c5ULL, 0x672ec96c41a3c475ULL, 0xc27feba6524684f3ULL,
+     0x64efd0fd75e38734ULL, 0xed9e60040743ae18ULL, 0xfb8e2993b9ef144dULL,
+     0x38453eb10c625a81ULL, 0x6978480742355c12ULL, 0x48cf42ce14a6ee9eULL,
+     0x1cac1fd606312dceULL, 0x7b82d6ba4792e9bbULL, 0x9d141c7b1f871a07ULL,
+     0x5616b80dc11c4a2eULL, 0xb849c198f21fa777ULL, 0x7ca91801c8d9a506ULL,
+     0xb1348e487ec273adULL, 0x41b20d1e987b3a44ULL, 0x7460ab55a3cfbbe3ULL,
+     0x84e628034576f20aULL, 0x1b87d16d897a6173ULL, 0x0fe27defe45d5258ULL,
+     0x83cde6b8ca3dbeb7ULL, 0x0c23647ed01d1119ULL, 0x7a362a3ea0592384ULL,
+     0xb61f40f3f1893f10ULL, 0x75d457d1440471dcULL, 0x4558da34237035b8ULL,
+     0xdca6116587fc2043ULL, 0x8d9b67d3c9ab26d0ULL, 0x2b0b5c88ee0e2517ULL,
+     0x6fe77a382ab5da90ULL, 0x269cc472d9d8fe31ULL, 0x63c41e46faa8cb89ULL,
+     0xb7abbc771642f52fULL, 0x7d1de4852f126f39ULL, 0xa8c6ba3024339ba0ULL,
+     0x600507d7cee888c8ULL, 0x8fee82c61a20afaeULL, 0x57a2448926d78011ULL,
+     0xfca5e72836a458f0ULL, 0x072bcebb8f4b4cbdULL, 0x497bbe4af36d24a1ULL,
+     0x3cafe99bb769557dULL, 0x12fa9ebd05a7b5a9ULL, 0xe8c04baa5b836bdbULL,
+     0x4273148fac3b7905ULL, 0x908384812851c121ULL, 0xe557d3506c55b0fdULL,
+     0x72ff996acb4f3d61ULL, 0x3eda0c8e64e2dc03ULL, 0xf0868356e6b949e9ULL,
+     0x04ead72abb0b0ffcULL, 0x17a4b5135967706aULL, 0xe3c8e16f04d5367fULL,
+     0xf84f30028daf570cULL, 0x1846c8fcbd3a2232ULL, 0x5b8120f7f6ca9108ULL,
+     0xd46fa231ecea3ea6ULL, 0x334d947453340725ULL, 0x58403966c28ad249ULL,
+     0xbed6f3a79a9f21f5ULL, 0x68ccb483a5fe962dULL, 0xd085751b57e1315aULL,
+     0xfed0023de52fd18eULL, 0x4b0e5b5f20e6addfULL, 0x1a332de96eb1ab4cULL,
+     0xa3ce10f57b65c604ULL, 0x108f7ba8d62c3cd7ULL, 0xab07a3a11073d8e1ULL,
+     0x6b0dad1291bed56cULL, 0xf2f366433532c097ULL, 0x2e557726b2cee0d4ULL,
+     0x0000000000000000ULL, 0xcb02a476de9b5029ULL, 0xe4e32fd48b9e7ac2ULL,
+     0x734b65ee2c84f75eULL, 0x6e5386bccd7e10afULL, 0x01b4fc84e7cbca3fULL,
+     0xcfe8735c65905fd5ULL, 0x3613bfda0ff4c2e6ULL, 0x113b872c31e7f6e8ULL,
+     0x2fe18ba255052aebULL, 0xe974b72ebc48a1e4ULL, 0x0abc5641b89d979bULL,
+     0xb46aa5e62202b66eULL, 0x44ec26b0c4bbff87ULL, 0xa6903b5b27a503c7ULL,
+     0x7f680190fc99e647ULL, 0x97a84a3aa71a8d9cULL, 0xdd12ede16037ea7cULL,
+     0xc554251ddd0dc84eULL, 0x88c54c7d956be313ULL, 0x4d91696048662b5dULL,
+     0xb08072cc9909b992ULL, 0xb5de5962c5c97c51ULL, 0x81b803ad19b637c9ULL,
+     0xb2f597d94a8230ecULL, 0x0b08aac55f565da4ULL, 0xf1327fd2017283d6ULL,
+     0xad98919e78f35e63ULL, 0x6ab9519676751f53ULL, 0x24e921670a53774fULL,
+     0xb9fd3d1c15d46d48ULL, 0x92f66194fbda485fULL, 0x5a35dc7311015b37ULL,
+     0xded3f4705477a93dULL, 0xc00a0eb381cd0d8dULL, 0xbb88d809c65fe436ULL,
+     0x16104997beacba55ULL, 0x21b70ac95693b28cULL, 0x59f4c5e225411876ULL,
+     0xd5db5eb50b21f499ULL, 0x55d7a19cf55c096fULL, 0xa97246b4c3f8519fULL,
+     0x8552d487a2bd3835ULL, 0x54635d181297c350ULL, 0x23c2efdc85183bf2ULL,
+     0x9f61f96ecc0c9379ULL, 0x534893a39ddc8fedULL, 0x5edf0b59aa0a54cbULL,
+     0xac2c6d1a9f38945cULL, 0xd7aebba0d8aa7de7ULL, 0x2abfa00c09c5ef28ULL,
+     0xd84cc64f3cf72fbfULL, 0x2003f64db15878b3ULL, 0xa724c7dfc06ec9f8ULL,
+     0x069f323f68808682ULL, 0xcc296acd51d01c94ULL, 0x055e2bae5cc0c5c3ULL,
+     0x6270e2c21d6301b6ULL, 0x3b842720382219c0ULL, 0xd2f0900e846ab824ULL,
+     0x52fc6f277a1745d2ULL, 0xc6953c8ce94d8b0fULL, 0xe009f8fe3095753eULL,
+     0x655b2c7992284d0bULL, 0x984a37d54347dfc4ULL, 0xeab5aebf8808e2a5ULL,
+     0x9a3fd2c090cc56baULL, 0x9ca0e0fff84cd038ULL, 0x4c2595e4afade162ULL,
+     0xdf6708f4b3bc6302ULL, 0xbf620f237d54ebcaULL, 0x93429d101c118260ULL,
+     0x097d4fd08cddd4daULL, 0x8c2f9b572e60ecefULL, 0x708a7c7f18c4b41fULL,
+     0x3a30dba4dfe9d3ffULL, 0x4006f19a7fb0f07bULL, 0x5f6bf7dd4dc19ef4ULL,
+     0x1f6d064732716e8fULL, 0xf9fbcc866a649d33ULL, 0x308c8de567744464ULL,
+     0x8971b0f972a0292cULL, 0xd61a47243f61b7d8ULL, 0xefeb8511d4c82766ULL,
+     0x961cb6be40d147a3ULL, 0xaab35f25f7b812deULL, 0x76154e407044329dULL,
+     0x513d76b64e570693ULL, 0xf3479ac7d2f90aa8ULL, 0x9b8b2e4477079c85ULL,
+     0x297eb99d3d85ac69ULL},
+    {
+     0x7e37e62dfc7d40c3ULL, 0x776f25a4ee939e5bULL, 0xe045c850dd8fb5adULL,
+     0x86ed5ba711ff1952ULL, 0xe91d0bd9cf616b35ULL, 0x37e0ab256e408ffbULL,
+     0x9607f6c031025a7aULL, 0x0b02f5e116d23c9dULL, 0xf3d8486bfb50650cULL,
+     0x621cff27c40875f5ULL, 0x7d40cb71fa5fd34aULL, 0x6daa6616daa29062ULL,
+     0x9f5f354923ec84e2ULL, 0xec847c3dc507c3b3ULL, 0x025a3668043ce205ULL,
+     0xa8bf9e6c4dac0b19ULL, 0xfa808be2e9bebb94ULL, 0xb5b99c5277c74fa3ULL,
+     0x78d9bc95f0397bccULL, 0xe332e50cdbad2624ULL, 0xc74fce129332797eULL,
+     0x1729eceb2ea709abULL, 0xc2d6b9f69954d1f8ULL, 0x5d898cbfbab8551aULL,
+     0x859a76fb17dd8adbULL, 0x1be85886362f7fb5ULL, 0xf6413f8ff136cd8aULL,
+     0xd3110fa5bbb7e35cULL, 0x0a2feed514cc4d11ULL, 0xe83010edcd7f1ab9ULL,
+     0xa1e75de55f42d581ULL, 0xeede4a55c13b21b6ULL, 0xf2f5535ff94e1480ULL,
+     0x0cc1b46d1888761eULL, 0xbce15fdb6529913bULL, 0x2d25e8975a7181c2ULL,
+     0x71817f1ce2d7a554ULL, 0x2e52c5cb5c53124bULL, 0xf9f7a6beef9c281dULL,
+     0x9e722e7d21f2f56eULL, 0xce170d9b81dca7e6ULL, 0x0e9b82051cb4941bULL,
+     0x1e712f623c49d733ULL, 0x21e45cfa42f9f7dcULL, 0xcb8e7a7f8bba0f60ULL,
+     0x8e98831a010fb646ULL, 0x474ccf0d8e895b23ULL, 0xa99285584fb27a95ULL,
+     0x8cc2b57205335443ULL, 0x42d5b8e984eff3a5ULL, 0x012d1b34021e718cULL,
+     0x57a6626aae74180bULL, 0xff19fc06e3d81312ULL, 0x35ba9d4d6a7c6dfeULL,
+     0xc9d44c178f86ed65ULL, 0x506523e6a02e5288ULL, 0x03772d5c06229389ULL,
+     0x8b01f4fe0b691ec0ULL, 0xf8dabd8aed825991ULL, 0x4c4e3aec985b67beULL,
+     0xb10df0827fbf96a9ULL, 0x6a69279ad4f8dae1ULL, 0xe78689dcd3d5ff2eULL,
+     0x812e1a2b1fa553d1ULL, 0xfbad90d6eba0ca18ULL, 0x1ac543b234310e39ULL,
+     0x1604f7df2cb97827ULL, 0xa6241c6951189f02ULL, 0x753513cceaaf7c5eULL,
+     0x64f2a59fc84c4efaULL, 0x247d2b1e489f5f5aULL, 0xdb64d718ab474c48ULL,
+     0x79f4a7a1f2270a40ULL, 0x1573da832a9bebaeULL, 0x3497867968621c72ULL,
+     0x514838d2a2302304ULL, 0xf0af6537fd72f685ULL, 0x1d06023e3a6b44baULL,
+     0x678588c3ce6edd73ULL, 0x66a893f7cc70acffULL, 0xd4d24e29b5eda9dfULL,
+     0x3856321470ea6a6cULL, 0x07c3418c0e5a4a83ULL, 0x2bcbb22f5635bacdULL,
+     0x04b46cd00878d90aULL, 0x06ee5ab80c443b0fULL, 0x3b211f4876c8f9e5ULL,
+     0x0958c38912eede98ULL, 0xd14b39cdbf8b0159ULL, 0x397b292072f41be0ULL,
+     0x87c0409313e168deULL, 0xad26e98847caa39fULL, 0x4e140c849c6785bbULL,
+     0xd5ff551db7f3d853ULL, 0xa0ca46d15d5ca40dULL, 0xcd6020c787fe346fULL,
+     0x84b76dcf15c3fb57ULL, 0xdefda0fca121e4ceULL, 0x4b8d7b6096012d3dULL,
+     0x9ac642ad298a2c64ULL, 0x0875d8bd10f0af14ULL, 0xb357c6ea7b8374acULL,
+     0x4d6321d89a451632ULL, 0xeda96709c719b23fULL, 0xf76c24bbf328bc06ULL,
+     0xc662d526912c08f2ULL, 0x3ce25ec47892b366ULL, 0xb978283f6f4f39bdULL,
+     0xc08c8f9e9d6833fdULL, 0x4f3917b09e79f437ULL, 0x593de06fb2c08c10ULL,
+     0xd6887841b1d14bdaULL, 0x19b26eee32139db0ULL, 0xb494876675d93e2fULL,
+     0x825937771987c058ULL, 0x90e9ac783d466175ULL, 0xf1827e03ff6c8709ULL,
+     0x945dc0a8353eb87fULL, 0x4516f9658ab5b926ULL, 0x3f9573987eb020efULL,
+     0xb855330b6d514831ULL, 0x2ae6a91b542bcb41ULL, 0x6331e413c6160479ULL,
+     0x408f8e8180d311a0ULL, 0xeff35161c325503aULL, 0xd06622f9bd9570d5ULL,
+     0x8876d9a20d4b8d49ULL, 0xa5533135573a0c8bULL, 0xe168d364df91c421ULL,
+     0xf41b09e7f50a2f8fULL, 0x12b09b0f24c1a12dULL, 0xda49cc2ca9593dc4ULL,
+     0x1f5c34563e57a6bfULL, 0x54d14f36a8568b82ULL, 0xaf7cdfe043f6419aULL,
+     0xea6a2685c943f8bcULL, 0xe5dcbfb4d7e91d2bULL, 0xb27addde799d0520ULL,
+     0x6b443caed6e6ab6dULL, 0x7bae91c9f61be845ULL, 0x3eb868ac7cae5163ULL,
+     0x11c7b65322e332a4ULL, 0xd23c1491b9a992d0ULL, 0x8fb5982e0311c7caULL,
+     0x70ac6428e0c9d4d8ULL, 0x895bc2960f55fcc5ULL, 0x76423e90ec8defd7ULL,
+     0x6ff0507ede9e7267ULL, 0x3dcf45f07a8cc2eaULL, 0x4aa06054941f5cb1ULL,
+     0x5810fb5bb0defd9cULL, 0x5efea1e3bc9ac693ULL, 0x6edd4b4adc8003ebULL,
+     0x741808f8e8b10dd2ULL, 0x145ec1b728859a22ULL, 0x28bc9f7350172944ULL,
+     0x270a06424ebdccd3ULL, 0x972aedf4331c2bf6ULL, 0x059977e40a66a886ULL,
+     0x2550302a4a812ed6ULL, 0xdd8a8da0a7037747ULL, 0xc515f87a970e9b7bULL,
+     0x3023eaa9601ac578ULL, 0xb7e3aa3a73fbada6ULL, 0x0fb699311eaae597ULL,
+     0x0000000000000000ULL, 0x310ef19d6204b4f4ULL, 0x229371a644db6455ULL,
+     0x0decaf591a960792ULL, 0x5ca4978bb8a62496ULL, 0x1c2b190a38753536ULL,
+     0x41a295b582cd602cULL, 0x3279dcc16426277dULL, 0xc1a194aa9f764271ULL,
+     0x139d803b26dfd0a1ULL, 0xae51c4d441e83016ULL, 0xd813fa44ad65dfc1ULL,
+     0xac0bf2bc45d4d213ULL, 0x23be6a9246c515d9ULL, 0x49d74d08923dcf38ULL,
+     0x9d05032127d066e7ULL, 0x2f7fdeff5e4d63c7ULL, 0xa47e2a0155247d07ULL,
+     0x99b16ff12fa8bfedULL, 0x4661d4398c972aafULL, 0xdfd0bbc8a33f9542ULL,
+     0xdca79694a51d06cbULL, 0xb020ebb67da1e725ULL, 0xba0f0563696daa34ULL,
+     0xe4f1a480d5f76ca7ULL, 0xc438e34e9510eaf7ULL, 0x939e81243b64f2fcULL,
+     0x8defae46072d25cfULL, 0x2c08f3a3586ff04eULL, 0xd7a56375b3cf3a56ULL,
+     0x20c947ce40e78650ULL, 0x43f8a3dd86f18229ULL, 0x568b795eac6a6987ULL,
+     0x8003011f1dbb225dULL, 0xf53612d3f7145e03ULL, 0x189f75da300dec3cULL,
+     0x9570db9c3720c9f3ULL, 0xbb221e576b73dbb8ULL, 0x72f65240e4f536ddULL,
+     0x443be25188abc8aaULL, 0xe21ffe38d9b357a8ULL, 0xfd43ca6ee7e4f117ULL,
+     0xcaa3614b89a47eecULL, 0xfe34e732e1c6629eULL, 0x83742c431b99b1d4ULL,
+     0xcf3a16af83c2d66aULL, 0xaae5a8044990e91cULL, 0x26271d764ca3bd5fULL,
+     0x91c4b74c3f5810f9ULL, 0x7c6dd045f841a2c6ULL, 0x7f1afd19fe63314fULL,
+     0xc8f957238d989ce9ULL, 0xa709075d5306ee8eULL, 0x55fc5402aa48fa0eULL,
+     0x48fa563c9023beb4ULL, 0x65dfbeabca523f76ULL, 0x6c877d22d8bce1eeULL,
+     0xcc4d3bf385e045e3ULL, 0xbebb69b36115733eULL, 0x10eaad6720fd4328ULL,
+     0xb6ceb10e71e5dc2aULL, 0xbdcc44ef6737e0b7ULL, 0x523f158ea412b08dULL,
+     0x989c74c52db6ce61ULL, 0x9beb59992b945de8ULL, 0x8a2cefca09776f4cULL,
+     0xa3bd6b8d5b7e3784ULL, 0xeb473db1cb5d8930ULL, 0xc3fba2c29b4aa074ULL,
+     0x9c28181525ce176bULL, 0x683311f2d0c438e4ULL, 0x5fd3bad7be84b71fULL,
+     0xfc6ed15ae5fa809bULL, 0x36cdb0116c5efe77ULL, 0x29918447520958c8ULL,
+     0xa29070b959604608ULL, 0x53120ebaa60cc101ULL, 0x3a0c047c74d68869ULL,
+     0x691e0ac6d2da4968ULL, 0x73db4974e6eb4751ULL, 0x7a838afdf40599c9ULL,
+     0x5a4acd33b4e21f99ULL, 0x6046c94fc03497f0ULL, 0xe6ab92e8d1cb8ea2ULL,
+     0x3354c7f5663856f1ULL, 0xd93ee170af7bae4dULL, 0x616bd27bc22ae67cULL,
+     0x92b39a10397a8370ULL, 0xabc8b3304b8e9890ULL, 0xbf967287630b02b2ULL,
+     0x5b67d607b6fc6e15ULL},
+    {
+     0xd031c397ce553fe6ULL, 0x16ba5b01b006b525ULL, 0xa89bade6296e70c8ULL,
+     0x6a1f525d77d3435bULL, 0x6e103570573dfa0bULL, 0x660efb2a17fc95abULL,
+     0x76327a9e97634bf6ULL, 0x4bad9d6462458bf5ULL, 0xf1830caedbc3f748ULL,
+     0xc5c8f542669131ffULL, 0x95044a1cdc48b0cbULL, 0x892962df3cf8b866ULL,
+     0xb0b9e208e930c135ULL, 0xa14fb3f0611a767cULL, 0x8d2605f21c160136ULL,
+     0xd6b71922fecc549eULL, 0x37089438a5907d8bULL, 0x0b5da38e5803d49cULL,
+     0x5a5bcc9cea6f3cbcULL, 0xedae246d3b73ffe5ULL, 0xd2b87e0fde22edceULL,
+     0x5e54abb1ca8185ecULL, 0x1de7f88fe80561b9ULL, 0xad5e1a870135a08cULL,
+     0x2f2adbd665cecc76ULL, 0x5780b5a782f58358ULL, 0x3edc8a2eede47b3fULL,
+     0xc9d95c3506bee70fULL, 0x83be111d6c4e05eeULL, 0xa603b90959367410ULL,
+     0x103c81b4809fde5dULL, 0x2c69b6027d0c774aULL, 0x399080d7d5c87953ULL,
+     0x09d41e16487406b4ULL, 0xcdd63b1826505e5fULL, 0xf99dc2f49b0298e8ULL,
+     0x9cd0540a943cb67fULL, 0xbca84b7f891f17c5ULL, 0x723d1db3b78df2a6ULL,
+     0x78aa6e71e73b4f2eULL, 0x1433e699a071670dULL, 0x84f21be454620782ULL,
+     0x98df3327b4d20f2fULL, 0xf049dce2d3769e5cULL, 0xdb6c60199656eb7aULL,
+     0x648746b2078b4783ULL, 0x32cd23598dcbadcfULL, 0x1ea4955bf0c7da85ULL,
+     0xe9a143401b9d46b5ULL, 0xfd92a5d9bbec21b8ULL, 0xc8138c790e0b8e1bULL,
+     0x2ee00b9a6d7ba562ULL, 0xf85712b893b7f1fcULL, 0xeb28fed80bea949dULL,
+     0x564a65eb8a40ea4cULL, 0x6c9988e8474a2823ULL, 0x4535898b121d8f2dULL,
+     0xabd8c03231accbf4ULL, 0xba2e91cab9867cbdULL, 0x7960be3def8e263aULL,
+     0x0c11a977602fd6f0ULL, 0xcb50e1ad16c93527ULL, 0xeae22e94035ffd89ULL,
+     0x2866d12f5de2ce1aULL, 0xff1b1841ab9bf390ULL, 0x9f9339de8cfe0d43ULL,
+     0x964727c8c48a0bf7ULL, 0x524502c6aaae531cULL, 0x9b9c5ef3ac10b413ULL,
+     0x4fa2fa4942ab32a5ULL, 0x3f165a62e551122bULL, 0xc74148da76e6e3d7ULL,
+     0x924840e5e464b2a7ULL, 0xd372ae43d69784daULL, 0x233b72a105e11a86ULL,
+     0xa48a04914941a638ULL, 0xb4b68525c9de7865ULL, 0xddeabaaca6cf8002ULL,
+     0x0a9773c250b6bd88ULL, 0xc284ffbb5ebd3393ULL, 0x8ba0df472c8f6a4eULL,
+     0x2aef6cb74d951c32ULL, 0x427983722a318d41ULL, 0x73f7cdffbf389bb2ULL,
+     0x074c0af9382c026cULL, 0x8a6a0f0b243a035aULL, 0x6fdae53c5f88931fULL,
+     0xc68b98967e538ac3ULL, 0x44ff59c71aa8e639ULL, 0xe2fce0ce439e9229ULL,
+     0xa20cde2479d8cd40ULL, 0x19e89fa2c8ebd8e9ULL, 0xf446bbcff398270cULL,
+     0x43b3533e2284e455ULL, 0xd82f0dcd8e945046ULL, 0x51066f12b26ce820ULL,
+     0xe73957af6bc5426dULL, 0x081ece5a40c16fa0ULL, 0x3b193d4fc5bfab7bULL,
+     0x7fe66488df174d42ULL, 0x0e9814ef705804d8ULL, 0x8137ac857c39d7c6ULL,
+     0xb1733244e185a821ULL, 0x695c3f896f11f867ULL, 0xf6cf0657e3eff524ULL,
+     0x1aabf276d02963d5ULL, 0x2da3664e75b91e5eULL, 0x0289bd981077d228ULL,
+     0x90c1fd7df413608fULL, 0x3c5537b6fd93a917ULL, 0xaa12107e3919a2e0ULL,
+     0x0686dab530996b78ULL, 0xdaa6b0559ee3826eULL, 0xc34e2ff756085a87ULL,
+     0x6d5358a44fff4137ULL, 0xfc587595b35948acULL, 0x7ca5095cc7d5f67eULL,
+     0xfb147f6c8b754ac0ULL, 0xbfeb26ab91ddacf9ULL, 0x6896efc567a49173ULL,
+     0xca9a31e11e7c5c33ULL, 0xbbe44186b13315a9ULL, 0x0ddb793b689abfe4ULL,
+     0x70b4a02ba7fa208eULL, 0xe47a3a7b7307f951ULL, 0x8cecd5be14a36822ULL,
+     0xeeed49b923b144d9ULL, 0x17708b4db8b3dc31ULL, 0x6088219f2765fed3ULL,
+     0xb3fa8fdcf1f27a09ULL, 0x910b2d31fca6099bULL, 0x0f52c4a378ed6dccULL,
+     0x50ccbf5ebad98134ULL, 0x6bd582117f662a4fULL, 0x94ce9a50d4fdd9dfULL,
+     0x2b25bcfb45207526ULL, 0x67c42b661f49fcbfULL, 0x492420fc723259ddULL,
+     0x03436dd418c2bb3cULL, 0x1f6e4517f872b391ULL, 0xa08563bc69af1f68ULL,
+     0xd43ea4baeebb86b6ULL, 0x01cad04c08b56914ULL, 0xac94cacb0980c998ULL,
+     0x54c3d8739a373864ULL, 0x26fec5c02dbacac2ULL, 0xdea9d778be0d3b3eULL,
+     0x040f672d20eeb950ULL, 0xe5b0ea377bb29045ULL, 0xf30ab136cbb42560ULL,
+     0x62019c0737122cfbULL, 0xe86b930c13282fa1ULL, 0xcc1ceb542ee5374bULL,
+     0x538fd28aa21b3a08ULL, 0x1b61223ad89c0ac1ULL, 0x36c24474ad25149fULL,
+     0x7a23d3e9f74c9d06ULL, 0xbe21f6e79968c5edULL, 0xcf5f868036278c77ULL,
+     0xf705d61beb5a9c30ULL, 0x4d2b47d152dce08dULL, 0x5f9e7bfdc234ecf8ULL,
+     0x247778583dcd18eaULL, 0x867ba67c4415d5aaULL, 0x4ce1979d5a698999ULL,
+     0x0000000000000000ULL, 0xec64f42133c696f1ULL, 0xb57c5569c16b1171ULL,
+     0xc1c7926f467f88afULL, 0x654d96fe0f3e2e97ULL, 0x15f936d5a8c40e19ULL,
+     0xb8a72c52a9f1ae95ULL, 0xa9517daa21db19dcULL, 0x58d27104fa18ee94ULL,
+     0x5918a148f2ad8780ULL, 0x5cdd1629daf657c4ULL, 0x8274c15164fb6cfaULL,
+     0xd1fb13dbc6e056f2ULL, 0x7d6fd910cf609f6aULL, 0xb63f38bdd9a9aa4dULL,
+     0x3d9fe7faf526c003ULL, 0x74bbc706871499deULL, 0xdf630734b6b8522aULL,
+     0x3ad3ed03cd0ac26fULL, 0xfadeaf2083c023d4ULL, 0xc00d42234ecae1bbULL,
+     0x8538cba85cd76e96ULL, 0xc402250e6e2458ebULL, 0x47bc3413026a5d05ULL,
+     0xafd7a71f114272a4ULL, 0x978df784cc3f62e3ULL, 0xb96dfc1ea144c781ULL,
+     0x21b2cf391596c8aeULL, 0x318e4e8d950916f3ULL, 0xce9556cc3e92e563ULL,
+     0x385a509bdd7d1047ULL, 0x358129a0b5e7afa3ULL, 0xe6f387e363702b79ULL,
+     0xe0755d5653e94001ULL, 0x7be903a5fff9f412ULL, 0x12b53c2c90e80c75ULL,
+     0x3307f315857ec4dbULL, 0x8fafb86a0c61d31eULL, 0xd9e5dd8186213952ULL,
+     0x77f8aad29fd622e2ULL, 0x25bda814357871feULL, 0x7571174a8fa1f0caULL,
+     0x137fec60985d6561ULL, 0x30449ec19dbc7fe7ULL, 0xa540d4dd41f4cf2cULL,
+     0xdc206ae0ae7ae916ULL, 0x5b911cd0e2da55a8ULL, 0xb2305f90f947131dULL,
+     0x344bf9ecbd52c6b7ULL, 0x5d17c665d2433ed0ULL, 0x18224feec05eb1fdULL,
+     0x9e59e992844b6457ULL, 0x9a568ebfa4a5dd07ULL, 0xa3c60e68716da454ULL,
+     0x7e2cb4c4d7a22456ULL, 0x87b176304ca0bcbeULL, 0x413aeea632f3367dULL,
+     0x9915e36bbc67663bULL, 0x40f03eea3a465f69ULL, 0x1c2d28c3e0b008adULL,
+     0x4e682a054a1e5bb1ULL, 0x05c5b761285bd044ULL, 0xe1bf8d1a5b5c2915ULL,
+     0xf2c0617ac3014c74ULL, 0xb7f5e8f1d11cc359ULL, 0x63cb4c4b3fa745efULL,
+     0x9d1a84469c89df6bULL, 0xe33630824b2bfb3dULL, 0xd5f474f6e60eefa2ULL,
+     0xf58c6b83fb2d4e18ULL, 0x4676e45f0adf3411ULL, 0x20781f751d23a1baULL,
+     0xbd629b3381aa7ed1ULL, 0xae1d775319f71bb0ULL, 0xfed1c80da32e9a84ULL,
+     0x5509083f92825170ULL, 0x29ac01635557a70eULL, 0xa7c9694551831d04ULL,
+     0x8e65682604d4ba0aULL, 0x11f651f8882ab749ULL, 0xd77dc96ef6793d8aULL,
+     0xef2799f52b042dcdULL, 0x48eef0b07a8730c9ULL, 0x22f1a2ed0d547392ULL,
+     0x6142f1d32fd097c7ULL, 0x4a674d286af0e2e1ULL, 0x80fd7cc9748cbed2ULL,
+     0x717e7067af4f499aULL, 0x938290a9ecd1dbb3ULL, 0x88e3b293344dd172ULL,
+     0x2734158c250fa3d6ULL}
+};
+#endif
diff --git a/gosthash2012_ref.h b/gosthash2012_ref.h
new file mode 100644 (file)
index 0000000..6d43d9e
--- /dev/null
@@ -0,0 +1,63 @@
+/*
+ * Portable implementation of core functions for GOST R 34.11-2012.
+ *
+ * Copyright (c) 2013 Cryptocom LTD.
+ * This file is distributed under the same license as OpenSSL.
+ *
+ * Author: Alexey Degtyarev <alexey@renatasystems.org>
+ *
+ */
+
+#ifdef __GOST3411_HAS_SSE2__
+# error "GOST R 34.11-2012: portable implementation disabled in config.h"
+#endif
+
+#define X(x, y, z) { \
+    z->QWORD[0] = x->QWORD[0] ^ y->QWORD[0]; \
+    z->QWORD[1] = x->QWORD[1] ^ y->QWORD[1]; \
+    z->QWORD[2] = x->QWORD[2] ^ y->QWORD[2]; \
+    z->QWORD[3] = x->QWORD[3] ^ y->QWORD[3]; \
+    z->QWORD[4] = x->QWORD[4] ^ y->QWORD[4]; \
+    z->QWORD[5] = x->QWORD[5] ^ y->QWORD[5]; \
+    z->QWORD[6] = x->QWORD[6] ^ y->QWORD[6]; \
+    z->QWORD[7] = x->QWORD[7] ^ y->QWORD[7]; \
+}
+
+#ifndef __GOST3411_BIG_ENDIAN__
+# define __XLPS_FOR for (_i = 0; _i <= 7; _i++)
+# define _datai _i
+#else
+# define __XLPS_FOR for (_i = 7; _i >= 0; _i--)
+# define _datai 7 - _i
+#endif
+
+#define XLPS(x, y, data) { \
+    register unsigned long long r0, r1, r2, r3, r4, r5, r6, r7; \
+    int _i; \
+    \
+    r0 = x->QWORD[0] ^ y->QWORD[0]; \
+    r1 = x->QWORD[1] ^ y->QWORD[1]; \
+    r2 = x->QWORD[2] ^ y->QWORD[2]; \
+    r3 = x->QWORD[3] ^ y->QWORD[3]; \
+    r4 = x->QWORD[4] ^ y->QWORD[4]; \
+    r5 = x->QWORD[5] ^ y->QWORD[5]; \
+    r6 = x->QWORD[6] ^ y->QWORD[6]; \
+    r7 = x->QWORD[7] ^ y->QWORD[7]; \
+    \
+    \
+    __XLPS_FOR {\
+        data->QWORD[_datai]  = Ax[0][(r0 >> (_i << 3)) & 0xFF]; \
+        data->QWORD[_datai] ^= Ax[1][(r1 >> (_i << 3)) & 0xFF]; \
+        data->QWORD[_datai] ^= Ax[2][(r2 >> (_i << 3)) & 0xFF]; \
+        data->QWORD[_datai] ^= Ax[3][(r3 >> (_i << 3)) & 0xFF]; \
+        data->QWORD[_datai] ^= Ax[4][(r4 >> (_i << 3)) & 0xFF]; \
+        data->QWORD[_datai] ^= Ax[5][(r5 >> (_i << 3)) & 0xFF]; \
+        data->QWORD[_datai] ^= Ax[6][(r6 >> (_i << 3)) & 0xFF]; \
+        data->QWORD[_datai] ^= Ax[7][(r7 >> (_i << 3)) & 0xFF]; \
+    }\
+}
+
+#define ROUND(i, Ki, data) { \
+    XLPS(Ki, (&C[i]), Ki); \
+    XLPS(Ki, data, data); \
+}
diff --git a/gosthash2012_sse2.h b/gosthash2012_sse2.h
new file mode 100644 (file)
index 0000000..6401beb
--- /dev/null
@@ -0,0 +1,204 @@
+/*
+ * Implementation of core functions for GOST R 34.11-2012 using SSE2.
+ *
+ * Copyright (c) 2013 Cryptocom LTD.
+ * This file is distributed under the same license as OpenSSL.
+ *
+ * Author: Alexey Degtyarev <alexey@renatasystems.org>
+ *
+ */
+
+#ifndef __GOST3411_HAS_SSE2__
+# error "GOST R 34.11-2012: SSE2 not enabled"
+#endif
+
+#include <mmintrin.h>
+#include <emmintrin.h>
+
+#define LO(v) ((unsigned char) (v))
+#define HI(v) ((unsigned char) (((unsigned int) (v)) >> 8))
+
+#ifdef __i386__
+# define EXTRACT EXTRACT32
+#else
+# define EXTRACT EXTRACT64
+#endif
+
+#ifndef __ICC
+# define _mm_cvtsi64_m64(v) (__m64) v
+# define _mm_cvtm64_si64(v) (long long) v
+#endif
+
+#define LOAD(P, xmm0, xmm1, xmm2, xmm3) { \
+    const __m128i *__m128p = (const __m128i *) &P[0]; \
+    xmm0 = _mm_load_si128(&__m128p[0]); \
+    xmm1 = _mm_load_si128(&__m128p[1]); \
+    xmm2 = _mm_load_si128(&__m128p[2]); \
+    xmm3 = _mm_load_si128(&__m128p[3]); \
+}
+
+#define UNLOAD(P, xmm0, xmm1, xmm2, xmm3) { \
+    __m128i *__m128p = (__m128i *) &P[0]; \
+    _mm_store_si128(&__m128p[0], xmm0); \
+    _mm_store_si128(&__m128p[1], xmm1); \
+    _mm_store_si128(&__m128p[2], xmm2); \
+    _mm_store_si128(&__m128p[3], xmm3); \
+}
+
+#define X128R(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7) { \
+    xmm0 = _mm_xor_si128(xmm0, xmm4); \
+    xmm1 = _mm_xor_si128(xmm1, xmm5); \
+    xmm2 = _mm_xor_si128(xmm2, xmm6); \
+    xmm3 = _mm_xor_si128(xmm3, xmm7); \
+}
+
+#define X128M(P, xmm0, xmm1, xmm2, xmm3) { \
+    const __m128i *__m128p = (const __m128i *) &P[0]; \
+    xmm0 = _mm_xor_si128(xmm0, _mm_load_si128(&__m128p[0])); \
+    xmm1 = _mm_xor_si128(xmm1, _mm_load_si128(&__m128p[1])); \
+    xmm2 = _mm_xor_si128(xmm2, _mm_load_si128(&__m128p[2])); \
+    xmm3 = _mm_xor_si128(xmm3, _mm_load_si128(&__m128p[3])); \
+}
+
+#define _mm_xor_64(mm0, mm1) _mm_xor_si64(mm0, _mm_cvtsi64_m64(mm1))
+
+#define EXTRACT32(row, xmm0, xmm1, xmm2, xmm3, xmm4) { \
+    register unsigned short ax; \
+    __m64 mm0, mm1; \
+     \
+    ax = (unsigned short) _mm_extract_epi16(xmm0, row + 0); \
+    mm0  = _mm_cvtsi64_m64(Ax[0][LO(ax)]); \
+    mm1  = _mm_cvtsi64_m64(Ax[0][HI(ax)]); \
+    \
+    ax = (unsigned short) _mm_extract_epi16(xmm0, row + 4); \
+    mm0 = _mm_xor_64(mm0, Ax[1][LO(ax)]); \
+    mm1 = _mm_xor_64(mm1, Ax[1][HI(ax)]); \
+    \
+    ax = (unsigned short) _mm_extract_epi16(xmm1, row + 0); \
+    mm0 = _mm_xor_64(mm0, Ax[2][LO(ax)]); \
+    mm1 = _mm_xor_64(mm1, Ax[2][HI(ax)]); \
+    \
+    ax = (unsigned short) _mm_extract_epi16(xmm1, row + 4); \
+    mm0 = _mm_xor_64(mm0, Ax[3][LO(ax)]); \
+    mm1 = _mm_xor_64(mm1, Ax[3][HI(ax)]); \
+    \
+    ax = (unsigned short) _mm_extract_epi16(xmm2, row + 0); \
+    mm0 = _mm_xor_64(mm0, Ax[4][LO(ax)]); \
+    mm1 = _mm_xor_64(mm1, Ax[4][HI(ax)]); \
+    \
+    ax = (unsigned short) _mm_extract_epi16(xmm2, row + 4); \
+    mm0 = _mm_xor_64(mm0, Ax[5][LO(ax)]); \
+    mm1 = _mm_xor_64(mm1, Ax[5][HI(ax)]); \
+    \
+    ax = (unsigned short) _mm_extract_epi16(xmm3, row + 0); \
+    mm0 = _mm_xor_64(mm0, Ax[6][LO(ax)]); \
+    mm1 = _mm_xor_64(mm1, Ax[6][HI(ax)]); \
+    \
+    ax = (unsigned short) _mm_extract_epi16(xmm3, row + 4); \
+    mm0 = _mm_xor_64(mm0, Ax[7][LO(ax)]); \
+    mm1 = _mm_xor_64(mm1, Ax[7][HI(ax)]); \
+    \
+    xmm4 = _mm_set_epi64(mm1, mm0); \
+}
+
+#define __EXTRACT64(row, xmm0, xmm1, xmm2, xmm3, xmm4) { \
+    __m128i tmm4; \
+    register unsigned long long r0, r1; \
+    r0  = Ax[0][_mm_extract_epi8(xmm0, row + 0)]; \
+    r0 ^= Ax[1][_mm_extract_epi8(xmm0, row + 8)]; \
+    r0 ^= Ax[2][_mm_extract_epi8(xmm1, row + 0)]; \
+    r0 ^= Ax[3][_mm_extract_epi8(xmm1, row + 8)]; \
+    r0 ^= Ax[4][_mm_extract_epi8(xmm2, row + 0)]; \
+    r0 ^= Ax[5][_mm_extract_epi8(xmm2, row + 8)]; \
+    r0 ^= Ax[6][_mm_extract_epi8(xmm3, row + 0)]; \
+    r0 ^= Ax[7][_mm_extract_epi8(xmm3, row + 8)]; \
+    \
+    r1  = Ax[0][_mm_extract_epi8(xmm0, row + 1)]; \
+    r1 ^= Ax[1][_mm_extract_epi8(xmm0, row + 9)]; \
+    r1 ^= Ax[2][_mm_extract_epi8(xmm1, row + 1)]; \
+    r1 ^= Ax[3][_mm_extract_epi8(xmm1, row + 9)]; \
+    r1 ^= Ax[4][_mm_extract_epi8(xmm2, row + 1)]; \
+    r1 ^= Ax[5][_mm_extract_epi8(xmm2, row + 9)]; \
+    r1 ^= Ax[6][_mm_extract_epi8(xmm3, row + 1)]; \
+    r1 ^= Ax[7][_mm_extract_epi8(xmm3, row + 9)]; \
+    xmm4 = _mm_cvtsi64_si128((long long) r0); \
+    tmm4 = _mm_cvtsi64_si128((long long) r1); \
+    xmm4 = _mm_unpacklo_epi64(xmm4, tmm4); \
+}
+
+#define EXTRACT64(row, xmm0, xmm1, xmm2, xmm3, xmm4) { \
+    __m128i tmm4; \
+    register unsigned short ax; \
+    register unsigned long long r0, r1; \
+     \
+    ax = (unsigned short) _mm_extract_epi16(xmm0, row + 0); \
+    r0  = Ax[0][LO(ax)]; \
+    r1  = Ax[0][HI(ax)]; \
+    \
+    ax = (unsigned short) _mm_extract_epi16(xmm0, row + 4); \
+    r0 ^= Ax[1][LO(ax)]; \
+    r1 ^= Ax[1][HI(ax)]; \
+    \
+    ax = (unsigned short) _mm_extract_epi16(xmm1, row + 0); \
+    r0 ^= Ax[2][LO(ax)]; \
+    r1 ^= Ax[2][HI(ax)]; \
+    \
+    ax = (unsigned short) _mm_extract_epi16(xmm1, row + 4); \
+    r0 ^= Ax[3][LO(ax)]; \
+    r1 ^= Ax[3][HI(ax)]; \
+    \
+    ax = (unsigned short) _mm_extract_epi16(xmm2, row + 0); \
+    r0 ^= Ax[4][LO(ax)]; \
+    r1 ^= Ax[4][HI(ax)]; \
+    \
+    ax = (unsigned short) _mm_extract_epi16(xmm2, row + 4); \
+    r0 ^= Ax[5][LO(ax)]; \
+    r1 ^= Ax[5][HI(ax)]; \
+    \
+    ax = (unsigned short) _mm_extract_epi16(xmm3, row + 0); \
+    r0 ^= Ax[6][LO(ax)]; \
+    r1 ^= Ax[6][HI(ax)]; \
+    \
+    ax = (unsigned short) _mm_extract_epi16(xmm3, row + 4); \
+    r0 ^= Ax[7][LO(ax)]; \
+    r1 ^= Ax[7][HI(ax)]; \
+    \
+    xmm4 = _mm_cvtsi64_si128((long long) r0); \
+    tmm4 = _mm_cvtsi64_si128((long long) r1); \
+    xmm4 = _mm_unpacklo_epi64(xmm4, tmm4); \
+}
+
+#define XLPS128M(P, xmm0, xmm1, xmm2, xmm3) { \
+    __m128i tmm0, tmm1, tmm2, tmm3; \
+    X128M(P, xmm0, xmm1, xmm2, xmm3); \
+    \
+    EXTRACT(0, xmm0, xmm1, xmm2, xmm3, tmm0); \
+    EXTRACT(1, xmm0, xmm1, xmm2, xmm3, tmm1); \
+    EXTRACT(2, xmm0, xmm1, xmm2, xmm3, tmm2); \
+    EXTRACT(3, xmm0, xmm1, xmm2, xmm3, tmm3); \
+    \
+    xmm0 = tmm0; \
+    xmm1 = tmm1; \
+    xmm2 = tmm2; \
+    xmm3 = tmm3; \
+}
+
+#define XLPS128R(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7) { \
+    __m128i tmm0, tmm1, tmm2, tmm3; \
+    X128R(xmm4, xmm5, xmm6, xmm7, xmm0, xmm1, xmm2, xmm3); \
+    \
+    EXTRACT(0, xmm4, xmm5, xmm6, xmm7, tmm0); \
+    EXTRACT(1, xmm4, xmm5, xmm6, xmm7, tmm1); \
+    EXTRACT(2, xmm4, xmm5, xmm6, xmm7, tmm2); \
+    EXTRACT(3, xmm4, xmm5, xmm6, xmm7, tmm3); \
+    \
+    xmm4 = tmm0; \
+    xmm5 = tmm1; \
+    xmm6 = tmm2; \
+    xmm7 = tmm3; \
+}
+
+#define ROUND128(i, xmm0, xmm2, xmm4, xmm6, xmm1, xmm3, xmm5, xmm7) { \
+    XLPS128M((&C[i]), xmm0, xmm2, xmm4, xmm6); \
+    XLPS128R(xmm0, xmm2, xmm4, xmm6, xmm1, xmm3, xmm5, xmm7); \
+}
diff --git a/gostsum12.c b/gostsum12.c
new file mode 100644 (file)
index 0000000..3fc5e1a
--- /dev/null
@@ -0,0 +1,257 @@
+/**********************************************************************
+ *                          gostsum12.c                               *
+ *             Copyright (c) 2005-2014 Cryptocom LTD                  *
+ *         This file is distributed under same license as OpenSSL     *
+ *                                                                    *
+ *    Implementation of GOST R 34.11-2012 hash function as            *
+ *    command line utility more or less interface                     *
+ *    compatible with md5sum and sha1sum                              *
+ *    Doesn't need OpenSSL                                            *
+ **********************************************************************/
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <limits.h>
+#include <fcntl.h>
+#include <string.h>
+#include "gosthash2012.h"
+
+#define BUF_SIZE 262144
+#define gost_hash_ctx gost2012_hash_ctx
+#define GOST34112012Init init_gost2012_hash_ctx
+#define GOST34112012Update gost2012_hash_block
+#define GOST34112012Final gost2012_finish_hash
+
+typedef unsigned char byte;
+
+int hashsize = 256;
+int hash_file(gost_hash_ctx * ctx, char *filename, char *sum, int mode);
+int hash_stream(gost_hash_ctx * ctx, int fd, char *sum);
+int get_line(FILE *f, char *hash, char *filename, int verbose);
+
+void help()
+{
+    fprintf(stderr, "Calculates GOST R 34.11-2012 hash function\n\n");
+    fprintf(stderr, "gostsum12 [-bvl] [-c [file]]| [files]|-x\n"
+            "\t-c check message digests (default is generate), 256 bit only\n"
+            "\t-v verbose, print file names when checking\n"
+            "\t-b read files in binary mode\n"
+            "\t-l use 512 bit hash (default 256 bit)\n"
+            "\t-x read filenames from stdin rather than from arguments (256 bit only)\n"
+            "The input for -c should be the list of message digests and file names\n"
+            "that is printed on stdout by this program when it generates digests.\n");
+    exit(3);
+}
+
+#ifndef O_BINARY
+# define O_BINARY 0
+#endif
+
+int start_hash12(gost_hash_ctx * ctx)
+{
+    GOST34112012Init(ctx, hashsize);
+    return 1;
+}
+
+int hash12_block(gost_hash_ctx * ctx, const byte * block, size_t length)
+{
+    GOST34112012Update(ctx, block, length);
+    return 1;
+}
+
+int finish_hash12(gost_hash_ctx * ctx, byte * hashval)
+{
+    GOST34112012Final(ctx, hashval);
+    return 1;
+}
+
+int main(int argc, char **argv)
+{
+    int c, i;
+    int verbose = 0;
+    int errors = 0;
+    int open_mode = O_RDONLY;
+    FILE *check_file = NULL;
+    int filenames_from_stdin = 0;
+    gost_hash_ctx ctx;
+
+    while ((c = getopt(argc, argv, "xlvc::")) != -1) {
+        switch (c) {
+        case 'v':
+            verbose = 1;
+            break;
+        case 'l':
+            hashsize = 512;
+            break;
+        case 'x':
+            filenames_from_stdin = 1;
+            break;
+        case 'c':
+            if (optarg) {
+                check_file = fopen(optarg, "r");
+                if (!check_file) {
+                    perror(optarg);
+                    exit(2);
+                }
+            } else {
+                check_file = stdin;
+            }
+            break;
+        default:
+            fprintf(stderr, "invalid option %c", optopt);
+            help();
+        }
+    }
+    if ((filenames_from_stdin == 1) && (hashsize != 256)) {
+        fprintf(stderr, "x and l are mutually exclusive\n");
+        help();
+    }
+    if ((check_file != NULL) && (hashsize != 256)) {
+        fprintf(stderr, "c and l are mutually exclusive\n");
+        help();
+    }
+    if (check_file) {
+        char inhash[65], calcsum[65], filename[PATH_MAX];
+        int failcount = 0, count = 0;;
+        if (check_file == stdin && optind < argc) {
+            check_file = fopen(argv[optind], "r");
+            if (!check_file) {
+                perror(argv[optind]);
+                exit(2);
+            }
+        }
+        while (get_line(check_file, inhash, filename, verbose)) {
+            if (!hash_file(&ctx, filename, calcsum, open_mode)) {
+                errors++;
+            }
+            count++;
+            if (!strncmp(calcsum, inhash, 65)) {
+                if (verbose) {
+                    fprintf(stderr, "%s\tOK\n", filename);
+                }
+            } else {
+                if (verbose) {
+                    fprintf(stderr, "%s\tFAILED\n", filename);
+                } else {
+                    fprintf(stderr,
+                            "%s: GOST hash sum check failed for '%s'\n",
+                            argv[0], filename);
+                }
+                failcount++;
+            }
+        }
+        if (errors) {
+            fprintf(stderr,
+                    "%s: WARNING %d of %d file(s) cannot be processed\n",
+                    argv[0], errors, count);
+
+        }
+        if (failcount) {
+            fprintf(stderr,
+                    "%s: WARNING %d of %d file(s) failed GOST hash sum check\n",
+                    argv[0], failcount, count - errors);
+        }
+        exit((failcount || errors) ? 1 : 0);
+    } else if (filenames_from_stdin) {
+        char sum[65];
+        char filename[PATH_MAX + 1], *end;
+        while (!feof(stdin)) {
+            if (!fgets(filename, PATH_MAX, stdin))
+                break;
+            for (end = filename; *end; end++) ;
+            end--;
+            for (; *end == '\n' || *end == '\r'; end--)
+                *end = 0;
+            if (!hash_file(&ctx, filename, sum, open_mode)) {
+                errors++;
+            } else {
+                printf("%s %s\n", sum, filename);
+            }
+        }
+    } else if (optind == argc) {
+        char sum[65];
+        if (!hash_stream(&ctx, fileno(stdin), sum)) {
+            perror("stdin");
+            exit(1);
+        }
+        printf("%s -\n", sum);
+        exit(0);
+    } else {
+        for (i = optind; i < argc; i++) {
+            char sum[65];
+            if (!hash_file(&ctx, argv[i], sum, open_mode)) {
+                errors++;
+            } else {
+                printf("%s %s\n", sum, argv[i]);
+            }
+        }
+    }
+    exit(errors ? 1 : 0);
+}
+
+int hash_file(gost_hash_ctx * ctx, char *filename, char *sum, int mode)
+{
+    int fd;
+    if ((fd = open(filename, mode)) < 0) {
+        perror(filename);
+        return 0;
+    }
+    if (!hash_stream(ctx, fd, sum)) {
+        perror(filename);
+        return 0;
+    }
+    close(fd);
+    return 1;
+}
+
+int hash_stream(gost_hash_ctx * ctx, int fd, char *sum)
+{
+    unsigned char buffer[BUF_SIZE];
+    ssize_t bytes;
+    int i;
+    start_hash12(ctx);
+    while ((bytes = read(fd, buffer, BUF_SIZE)) > 0) {
+        hash12_block(ctx, buffer, bytes);
+    }
+    if (bytes < 0) {
+        return 0;
+    }
+    finish_hash12(ctx, buffer);
+    for (i = 0; i < (hashsize / 8); i++) {
+        sprintf(sum + 2 * i, "%02x", buffer[i]);
+    }
+    return 1;
+}
+
+int get_line(FILE *f, char *hash, char *filename, int verbose)
+{
+    int i, len;
+    while (!feof(f)) {
+        if (!fgets(filename, PATH_MAX, f))
+            return 0;
+        len = strlen(filename);
+        if (len < 66) {
+            goto nextline;
+        }
+        if (filename[64] != ' ') {
+            goto nextline;
+        }
+        for (i = 0; i < 64; i++) {
+            if (filename[i] < '0' || (filename[i] > '9' && filename[i] < 'A')
+                || (filename[i] > 'F' && filename[i] < 'a')
+                || filename[i] > 'f') {
+                goto nextline;
+            }
+        }
+        memcpy(hash, filename, 64);
+        hash[64] = 0;
+        while (filename[--len] == '\n' || filename[len] == '\r')
+            filename[len] = 0;
+        memmove(filename, filename + 65, len - 63);
+        return 1;
+    nextline:
+        if (verbose)
+            printf(filename);
+    }
+    return 0;
+}