1 /* $OpenBSD: gostr341194.c,v 1.5 2015/09/10 15:56:25 jsing Exp $ */
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
32 * 6. Redistributions of any form whatsoever must retain the following
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
54 #include <openssl/opensslconf.h>
56 #ifndef OPENSSL_NO_GOST
57 #include <openssl/crypto.h>
58 #include <openssl/objects.h>
59 #include <openssl/gost.h>
61 #include "gost_locl.h"
63 /* Following functions are various bit meshing routines used in
64 * GOST R 34.11-94 algorithms */
66 swap_bytes(unsigned char *w
, unsigned char *k
)
70 for (i
= 0; i
< 4; i
++)
71 for (j
= 0; j
< 8; j
++)
72 k
[i
+ 4 * j
] = w
[8 * i
+ j
];
77 circle_xor8(const unsigned char *w
, unsigned char *k
)
83 memmove(k
, w
+ 8, 24);
84 for (i
= 0; i
< 8; i
++)
85 k
[i
+ 24] = buf
[i
] ^ k
[i
];
90 transform_3(unsigned char *data
)
92 unsigned short int acc
;
94 acc
= (data
[0] ^ data
[2] ^ data
[4] ^ data
[6] ^ data
[24] ^ data
[30]) |
95 ((data
[1] ^ data
[3] ^ data
[5] ^ data
[7] ^ data
[25] ^ data
[31]) << 8);
96 memmove(data
, data
+ 2, 30);
97 data
[30] = acc
& 0xff;
101 /* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/
103 add_blocks(int n
, unsigned char *left
, const unsigned char *right
)
109 for (i
= 0; i
< n
; i
++) {
110 sum
= (int)left
[i
] + (int)right
[i
] + carry
;
111 left
[i
] = sum
& 0xff;
117 /* Xor two sequences of bytes */
119 xor_blocks(unsigned char *result
, const unsigned char *a
,
120 const unsigned char *b
, size_t len
)
124 for (i
= 0; i
< len
; i
++)
125 result
[i
] = a
[i
] ^ b
[i
];
129 * Calculate H(i+1) = Hash(Hi,Mi)
130 * Where H and M are 32 bytes long
133 hash_step(GOSTR341194_CTX
*c
, unsigned char *H
, const unsigned char *M
)
135 unsigned char U
[32], W
[32], V
[32], S
[32], Key
[32];
138 /* Compute first key */
139 xor_blocks(W
, H
, M
, 32);
141 /* Encrypt first 8 bytes of H with first key */
142 Gost2814789_set_key(&c
->cipher
, Key
, 256);
143 Gost2814789_encrypt(H
, S
, &c
->cipher
);
145 /* Compute second key */
149 xor_blocks(W
, U
, V
, 32);
151 /* encrypt second 8 bytes of H with second key */
152 Gost2814789_set_key(&c
->cipher
, Key
, 256);
153 Gost2814789_encrypt(H
+8, S
+8, &c
->cipher
);
155 /* compute third key */
175 xor_blocks(W
, U
, V
, 32);
177 /* encrypt third 8 bytes of H with third key */
178 Gost2814789_set_key(&c
->cipher
, Key
, 256);
179 Gost2814789_encrypt(H
+16, S
+16, &c
->cipher
);
181 /* Compute fourth key */
185 xor_blocks(W
, U
, V
, 32);
187 /* Encrypt last 8 bytes with fourth key */
188 Gost2814789_set_key(&c
->cipher
, Key
, 256);
189 Gost2814789_encrypt(H
+24, S
+24, &c
->cipher
);
191 for (i
= 0; i
< 12; i
++)
193 xor_blocks(S
, S
, M
, 32);
195 xor_blocks(S
, S
, H
, 32);
196 for (i
= 0; i
< 61; i
++)
203 GOSTR341194_Init(GOSTR341194_CTX
*c
, int nid
)
205 memset(c
, 0, sizeof(*c
));
206 return Gost2814789_set_sbox(&c
->cipher
, nid
);
210 GOSTR341194_block_data_order(GOSTR341194_CTX
*ctx
, const unsigned char *p
,
215 for (i
= 0; i
< num
; i
++) {
216 hash_step(ctx
, ctx
->H
, p
);
217 add_blocks(32, ctx
->S
, p
);
222 #define DATA_ORDER_IS_LITTLE_ENDIAN
224 #define HASH_CBLOCK GOSTR341194_CBLOCK
225 #define HASH_LONG GOSTR341194_LONG
226 #define HASH_CTX GOSTR341194_CTX
227 #define HASH_UPDATE GOSTR341194_Update
228 #define HASH_TRANSFORM GOSTR341194_Transform
229 #define HASH_NO_FINAL 1
230 #define HASH_BLOCK_DATA_ORDER GOSTR341194_block_data_order
232 #include "md32_common.h"
235 GOSTR341194_Final(unsigned char *md
, GOSTR341194_CTX
* c
)
237 unsigned char *p
= (unsigned char *)c
->data
;
241 memset(p
+ c
->num
, 0, 32 - c
->num
);
242 hash_step(c
, c
->H
, p
);
243 add_blocks(32, c
->S
, p
);
249 memset(p
, 0, 32 - 8);
250 hash_step(c
, c
->H
, T
);
251 hash_step(c
, c
->H
, c
->S
);
253 memcpy(md
, c
->H
, 32);
259 GOSTR341194(const unsigned char *d
, size_t n
, unsigned char *md
, int nid
)
262 static unsigned char m
[GOSTR341194_LENGTH
];
266 if (!GOSTR341194_Init(&c
, nid
))
268 GOSTR341194_Update(&c
, d
, n
);
269 GOSTR341194_Final(md
, &c
);
270 explicit_bzero(&c
, sizeof(c
));