From a430c355a1d2eff5df6c96c7b6f928a609c2dd73 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Fri, 31 Aug 2018 13:47:23 +0300 Subject: [PATCH] gost_kimp15, untested --- e_gost_err.c | 3 ++ e_gost_err.h | 3 ++ gost.txt | 3 ++ gost_keyexpimp.c | 73 +++++++++++++++++++++++++++++++++++++++++------- 4 files changed, 72 insertions(+), 10 deletions(-) diff --git a/e_gost_err.c b/e_gost_err.c index 7e8730d..7269287 100644 --- a/e_gost_err.c +++ b/e_gost_err.c @@ -37,6 +37,7 @@ static ERR_STRING_DATA GOST_str_functs[] = { {ERR_PACK(0, GOST_F_GOST_IMIT_FINAL, 0), "gost_imit_final"}, {ERR_PACK(0, GOST_F_GOST_IMIT_UPDATE, 0), "gost_imit_update"}, {ERR_PACK(0, GOST_F_GOST_KEXP15, 0), "gost_kexp15"}, + {ERR_PACK(0, GOST_F_GOST_KIMP15, 0), "gost_kimp15"}, {ERR_PACK(0, GOST_F_OMAC_ACPKM_IMIT_CTRL, 0), "omac_acpkm_imit_ctrl"}, {ERR_PACK(0, GOST_F_OMAC_ACPKM_IMIT_FINAL, 0), "omac_acpkm_imit_final"}, {ERR_PACK(0, GOST_F_OMAC_ACPKM_IMIT_UPDATE, 0), "omac_acpkm_imit_update"}, @@ -80,6 +81,7 @@ static ERR_STRING_DATA GOST_str_functs[] = { static ERR_STRING_DATA GOST_str_reasons[] = { {ERR_PACK(0, 0, GOST_R_BAD_KEY_PARAMETERS_FORMAT), "bad key parameters format"}, + {ERR_PACK(0, 0, GOST_R_BAD_MAC), "bad mac"}, {ERR_PACK(0, 0, GOST_R_BAD_ORDER), "bad order"}, {ERR_PACK(0, 0, GOST_R_BAD_PKEY_PARAMETERS_FORMAT), "bad pkey parameters format"}, @@ -94,6 +96,7 @@ static ERR_STRING_DATA GOST_str_reasons[] = { {ERR_PACK(0, 0, GOST_R_ERROR_POINT_MUL), "error point mul"}, {ERR_PACK(0, 0, GOST_R_INCOMPATIBLE_ALGORITHMS), "incompatible algorithms"}, {ERR_PACK(0, 0, GOST_R_INCOMPATIBLE_PEER_KEY), "incompatible peer key"}, + {ERR_PACK(0, 0, GOST_R_INVALID_CIPHER), "invalid cipher"}, {ERR_PACK(0, 0, GOST_R_INVALID_CIPHER_PARAMS), "invalid cipher params"}, {ERR_PACK(0, 0, GOST_R_INVALID_CIPHER_PARAM_OID), "invalid cipher param oid"}, diff --git a/e_gost_err.h b/e_gost_err.h index 79f8673..312689f 100644 --- a/e_gost_err.h +++ b/e_gost_err.h @@ -44,6 +44,7 @@ void ERR_GOST_error(int function, int reason, char *file, int line); # define GOST_F_GOST_IMIT_FINAL 114 # define GOST_F_GOST_IMIT_UPDATE 115 # define GOST_F_GOST_KEXP15 143 +# define GOST_F_GOST_KIMP15 148 # define GOST_F_OMAC_ACPKM_IMIT_CTRL 144 # define GOST_F_OMAC_ACPKM_IMIT_FINAL 145 # define GOST_F_OMAC_ACPKM_IMIT_UPDATE 146 @@ -80,6 +81,7 @@ void ERR_GOST_error(int function, int reason, char *file, int line); * GOST reason codes. */ # define GOST_R_BAD_KEY_PARAMETERS_FORMAT 100 +# define GOST_R_BAD_MAC 133 # define GOST_R_BAD_ORDER 132 # define GOST_R_BAD_PKEY_PARAMETERS_FORMAT 101 # define GOST_R_CANNOT_PACK_EPHEMERAL_KEY 102 @@ -90,6 +92,7 @@ void ERR_GOST_error(int function, int reason, char *file, int line); # define GOST_R_ERROR_POINT_MUL 107 # define GOST_R_INCOMPATIBLE_ALGORITHMS 108 # define GOST_R_INCOMPATIBLE_PEER_KEY 109 +# define GOST_R_INVALID_CIPHER 134 # define GOST_R_INVALID_CIPHER_PARAMS 110 # define GOST_R_INVALID_CIPHER_PARAM_OID 111 # define GOST_R_INVALID_DIGEST_TYPE 112 diff --git a/gost.txt b/gost.txt index 4c66dec..bf9246a 100644 --- a/gost.txt +++ b/gost.txt @@ -24,6 +24,7 @@ GOST_F_GOST_IMIT_CTRL:113:gost_imit_ctrl GOST_F_GOST_IMIT_FINAL:114:gost_imit_final GOST_F_GOST_IMIT_UPDATE:115:gost_imit_update GOST_F_GOST_KEXP15:143:gost_kexp15 +GOST_F_GOST_KIMP15:148:gost_kimp15 GOST_F_OMAC_ACPKM_IMIT_CTRL:144:omac_acpkm_imit_ctrl GOST_F_OMAC_ACPKM_IMIT_FINAL:145:omac_acpkm_imit_final GOST_F_OMAC_ACPKM_IMIT_UPDATE:146:omac_acpkm_imit_update @@ -59,6 +60,7 @@ GOST_F_VKO_COMPUTE_KEY:137:VKO_compute_key #Reason codes GOST_R_BAD_KEY_PARAMETERS_FORMAT:100:bad key parameters format +GOST_R_BAD_MAC:133:bad mac GOST_R_BAD_ORDER:132:bad order GOST_R_BAD_PKEY_PARAMETERS_FORMAT:101:bad pkey parameters format GOST_R_CANNOT_PACK_EPHEMERAL_KEY:102:cannot pack ephemeral key @@ -69,6 +71,7 @@ GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO:106:error parsing key transport info GOST_R_ERROR_POINT_MUL:107:error point mul GOST_R_INCOMPATIBLE_ALGORITHMS:108:incompatible algorithms GOST_R_INCOMPATIBLE_PEER_KEY:109:incompatible peer key +GOST_R_INVALID_CIPHER:134:invalid cipher GOST_R_INVALID_CIPHER_PARAMS:110:invalid cipher params GOST_R_INVALID_CIPHER_PARAM_OID:111:invalid cipher param oid GOST_R_INVALID_DIGEST_TYPE:112:invalid digest type diff --git a/gost_keyexpimp.c b/gost_keyexpimp.c index 2b78dfd..4ef25c5 100644 --- a/gost_keyexpimp.c +++ b/gost_keyexpimp.c @@ -15,7 +15,6 @@ int gost_kexp15(const unsigned char *shared_key, const int shared_len, const unsigned char *iv, const size_t ivlen, unsigned char *out, int *out_len) { - /* out_len = key_len + mac_len */ unsigned char iv_full[16], mac_buf[16]; unsigned int mac_len; @@ -29,7 +28,7 @@ int gost_kexp15(const unsigned char *shared_key, const int shared_len, (cipher_nid == NID_grasshopper_ctr) ? 16 : 0; if (mac_len == 0) { - GOSTerr(GOST_F_GOST_KEXP15, ERR_R_INTERNAL_ERROR); + GOSTerr(GOST_F_GOST_KEXP15, GOST_R_INVALID_CIPHER); goto err; } @@ -75,20 +74,74 @@ int gost_kexp15(const unsigned char *shared_key, const int shared_len, ret = 1; err: - /* TODO clear mac_buf */ + OPENSSL_cleanse(mac_buf, mac_len); EVP_MD_CTX_free(mac); EVP_CIPHER_CTX_free(ciph); return ret; } -int gost_kimp15(const char *expkey, const size_t expkeylen, - int cipher_nid, const char *cipher_key, - const size_t cipher_key_len, int mac_nid, const char *mac_key, +int gost_kimp15(const unsigned char *expkey, const size_t expkeylen, + int cipher_nid, const unsigned char *cipher_key, + const size_t cipher_key_len, int mac_nid, char *mac_key, const size_t mac_key_len, const char *iv, const size_t ivlen, - char *shared_key, size_t *shared_len) + char *shared_key, size_t shared_len) { - return 0; + unsigned char iv_full[16], out[48], mac_buf[16]; + unsigned int mac_len; + + EVP_CIPHER_CTX *ciph = NULL; + EVP_MD_CTX *mac = NULL; + + int ret = 0; + int len; + + mac_len = (cipher_nid == NID_magma_ctr) ? 8 : + (cipher_nid == NID_grasshopper_ctr) ? 16 : 0; + + if (mac_len == 0) { + GOSTerr(GOST_F_GOST_KIMP15, GOST_R_INVALID_CIPHER); + goto err; + } + + /* we expect IV of half length */ + memset(iv_full, 0, 16); + memcpy(iv_full, iv, ivlen); + + if (EVP_CipherInit_ex + (ciph, EVP_get_cipherbynid(cipher_nid), NULL, NULL, NULL, 0) <= 0 + || EVP_CipherInit_ex(ciph, NULL, NULL, cipher_key, iv_full, 0) <= 0 + || EVP_CipherUpdate(ciph, out, &len, expkey, expkeylen) <= 0 + || EVP_CipherFinal_ex(ciph, out + len, &len) <= 0) { + GOSTerr(GOST_F_GOST_KIMP15, ERR_R_INTERNAL_ERROR); + goto err; + } + /*Now we have shared key and mac in out[] */ + + if (EVP_DigestInit_ex(mac, EVP_get_digestbynid(mac_nid), NULL) <= 0 + || EVP_MD_CTX_ctrl(mac, EVP_MD_CTRL_SET_KEY, mac_key_len, mac_key) <= 0 + || EVP_MD_CTX_ctrl(mac, EVP_MD_CTRL_MAC_LEN, mac_len, NULL) <= 0 + || EVP_DigestUpdate(mac, iv, ivlen) <= 0 + || EVP_DigestUpdate(mac, out, shared_len) <= 0 + /* As we set MAC length directly, we should not allow overwriting it */ + || EVP_DigestFinal_ex(mac, mac_buf, NULL) <= 0) { + GOSTerr(GOST_F_GOST_KIMP15, ERR_R_INTERNAL_ERROR); + goto err; + } + + if (CRYPTO_memcmp(mac_buf, out + shared_len, mac_len) != 0) { + GOSTerr(GOST_F_GOST_KIMP15, GOST_R_BAD_MAC); + goto err; + } + + memcpy(shared_key, out, shared_len); + ret = 1; + + err: + OPENSSL_cleanse(out, sizeof(out)); + EVP_MD_CTX_free(mac); + EVP_CIPHER_CTX_free(ciph); + return ret; } /* @@ -145,9 +198,9 @@ int main(void) const unsigned char magma_export[] = { 0xCF, 0xD5, 0xA1, 0x2D, 0x5B, 0x81, 0xB6, 0xE1, 0xE9, 0x9C, 0x91, -0x6D, 0x07, 0x90, 0x0C, 0x6A, + 0x6D, 0x07, 0x90, 0x0C, 0x6A, 0xC1, 0x27, 0x03, 0xFB, 0x3A, 0xBD, 0xED, 0x55, 0x56, 0x7B, 0xF3, 0x74, - 0x2C, 0x89, 0x9C, 0x75, + 0x2C, 0x89, 0x9C, 0x75, 0x5D, 0xAF, 0xE7, 0xB4, 0x2E, 0x3A, 0x8B, 0xD9 }; -- 2.39.2