3 * This file is distributed under the same license as OpenSSL
6 #include "gost_grasshopper_cipher.h"
7 #include "gost_grasshopper_defines.h"
8 #include "gost_grasshopper_math.h"
9 #include "gost_grasshopper_core.h"
11 #include <openssl/evp.h>
12 #include <openssl/rand.h>
13 #include <openssl/err.h>
19 #include "e_gost_err.h"
21 enum GRASSHOPPER_CIPHER_TYPE {
22 GRASSHOPPER_CIPHER_ECB = 0,
23 GRASSHOPPER_CIPHER_CBC,
24 GRASSHOPPER_CIPHER_OFB,
25 GRASSHOPPER_CIPHER_CFB,
26 GRASSHOPPER_CIPHER_CTR,
27 GRASSHOPPER_CIPHER_CTRACPKM,
28 GRASSHOPPER_CIPHER_MGM,
31 static EVP_CIPHER *gost_grasshopper_ciphers[7] = {
32 [GRASSHOPPER_CIPHER_ECB] = NULL,
33 [GRASSHOPPER_CIPHER_CBC] = NULL,
34 [GRASSHOPPER_CIPHER_OFB] = NULL,
35 [GRASSHOPPER_CIPHER_CFB] = NULL,
36 [GRASSHOPPER_CIPHER_CTR] = NULL,
37 [GRASSHOPPER_CIPHER_CTRACPKM] = NULL,
38 [GRASSHOPPER_CIPHER_MGM] = NULL,
41 static GRASSHOPPER_INLINE void
42 gost_grasshopper_cipher_destroy_ofb(gost_grasshopper_cipher_ctx * c);
43 static GRASSHOPPER_INLINE void
44 gost_grasshopper_cipher_destroy_ctr(gost_grasshopper_cipher_ctx * c);
45 static GRASSHOPPER_INLINE void
46 gost_grasshopper_cipher_destroy_mgm(gost_grasshopper_cipher_ctx * c);
48 struct GRASSHOPPER_CIPHER_PARAMS {
50 grasshopper_init_cipher_func init_cipher;
51 grasshopper_do_cipher_func do_cipher;
52 grasshopper_destroy_cipher_func destroy_cipher;
59 static struct GRASSHOPPER_CIPHER_PARAMS gost_cipher_params[7] = {
60 [GRASSHOPPER_CIPHER_ECB] = {
62 gost_grasshopper_cipher_init_ecb,
63 gost_grasshopper_cipher_do_ecb,
66 sizeof(gost_grasshopper_cipher_ctx),
70 [GRASSHOPPER_CIPHER_CBC] = {
72 gost_grasshopper_cipher_init_cbc,
73 gost_grasshopper_cipher_do_cbc,
76 sizeof(gost_grasshopper_cipher_ctx),
80 [GRASSHOPPER_CIPHER_OFB] = {
82 gost_grasshopper_cipher_init_ofb,
83 gost_grasshopper_cipher_do_ofb,
84 gost_grasshopper_cipher_destroy_ofb,
86 sizeof(gost_grasshopper_cipher_ctx_ofb),
90 [GRASSHOPPER_CIPHER_CFB] = {
92 gost_grasshopper_cipher_init_cfb,
93 gost_grasshopper_cipher_do_cfb,
96 sizeof(gost_grasshopper_cipher_ctx),
100 [GRASSHOPPER_CIPHER_CTR] = {
102 gost_grasshopper_cipher_init_ctr,
103 gost_grasshopper_cipher_do_ctr,
104 gost_grasshopper_cipher_destroy_ctr,
106 sizeof(gost_grasshopper_cipher_ctx_ctr),
107 /* IV size is set to match full block, to make it responsibility of
108 * user to assign correct values (IV || 0), and to make naive context
109 * copy possible (for software such as openssh) */
113 [GRASSHOPPER_CIPHER_CTRACPKM] = {
114 NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm,
115 gost_grasshopper_cipher_init_ctracpkm,
116 gost_grasshopper_cipher_do_ctracpkm,
117 gost_grasshopper_cipher_destroy_ctr,
119 sizeof(gost_grasshopper_cipher_ctx_ctr),
123 #ifdef NID_kuznyechik_mgm
124 [GRASSHOPPER_CIPHER_MGM] = {
126 gost_grasshopper_cipher_init_mgm,
127 gost_grasshopper_cipher_do_mgm,
128 gost_grasshopper_cipher_destroy_mgm,
130 sizeof(gost_grasshopper_cipher_ctx_mgm),
135 [GRASSHOPPER_CIPHER_MGM] = {
148 /* first 256 bit of D from draft-irtf-cfrg-re-keying-12 */
149 static const unsigned char ACPKM_D_2018[] = {
150 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 64 bit */
151 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, /* 128 bit */
152 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
153 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, /* 256 bit */
156 static void acpkm_next(gost_grasshopper_cipher_ctx * c)
158 unsigned char newkey[GRASSHOPPER_KEY_SIZE];
159 const int J = GRASSHOPPER_KEY_SIZE / GRASSHOPPER_BLOCK_SIZE;
162 for (n = 0; n < J; n++) {
163 const unsigned char *D_n = &ACPKM_D_2018[n * GRASSHOPPER_BLOCK_SIZE];
165 grasshopper_encrypt_block(&c->encrypt_round_keys,
166 (grasshopper_w128_t *) D_n,
167 (grasshopper_w128_t *) & newkey[n *
168 GRASSHOPPER_BLOCK_SIZE],
171 gost_grasshopper_cipher_key(c, newkey);
174 /* Set 256 bit key into context */
175 GRASSHOPPER_INLINE void
176 gost_grasshopper_cipher_key(gost_grasshopper_cipher_ctx * c, const uint8_t *k)
179 for (i = 0; i < 2; i++) {
180 grasshopper_copy128(&c->key.k.k[i],
181 (const grasshopper_w128_t *)(k + i * 16));
184 grasshopper_set_encrypt_key(&c->encrypt_round_keys, &c->key);
185 grasshopper_set_decrypt_key(&c->decrypt_round_keys, &c->key);
188 /* Set master 256-bit key to be used in TLSTREE calculation into context */
189 GRASSHOPPER_INLINE void
190 gost_grasshopper_master_key(gost_grasshopper_cipher_ctx * c, const uint8_t *k)
193 for (i = 0; i < 2; i++) {
194 grasshopper_copy128(&c->master_key.k.k[i],
195 (const grasshopper_w128_t *)(k + i * 16));
199 /* Cleans up key from context */
200 GRASSHOPPER_INLINE void
201 gost_grasshopper_cipher_destroy(gost_grasshopper_cipher_ctx * c)
204 for (i = 0; i < 2; i++) {
205 grasshopper_zero128(&c->key.k.k[i]);
206 grasshopper_zero128(&c->master_key.k.k[i]);
208 for (i = 0; i < GRASSHOPPER_ROUND_KEYS_COUNT; i++) {
209 grasshopper_zero128(&c->encrypt_round_keys.k[i]);
211 for (i = 0; i < GRASSHOPPER_ROUND_KEYS_COUNT; i++) {
212 grasshopper_zero128(&c->decrypt_round_keys.k[i]);
214 grasshopper_zero128(&c->buffer);
217 static GRASSHOPPER_INLINE void
218 gost_grasshopper_cipher_destroy_ofb(gost_grasshopper_cipher_ctx * c)
220 gost_grasshopper_cipher_ctx_ofb *ctx =
221 (gost_grasshopper_cipher_ctx_ofb *) c;
223 grasshopper_zero128(&ctx->buffer1);
226 static GRASSHOPPER_INLINE void
227 gost_grasshopper_cipher_destroy_ctr(gost_grasshopper_cipher_ctx * c)
229 gost_grasshopper_cipher_ctx_ctr *ctx =
230 (gost_grasshopper_cipher_ctx_ctr *) c;
232 grasshopper_zero128(&ctx->partial_buffer);
235 static GRASSHOPPER_INLINE void
236 gost_grasshopper_cipher_destroy_mgm(gost_grasshopper_cipher_ctx * c)
238 gost_grasshopper_cipher_ctx_mgm *ctx =
239 (gost_grasshopper_cipher_ctx_mgm *) c;
241 grasshopper_zero128(&ctx->partial_buffer);
244 int gost_grasshopper_cipher_init(EVP_CIPHER_CTX *ctx,
245 const unsigned char *key,
246 const unsigned char *iv, int enc)
248 gost_grasshopper_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
250 if (EVP_CIPHER_CTX_get_app_data(ctx) == NULL) {
251 EVP_CIPHER_CTX_set_app_data(ctx, EVP_CIPHER_CTX_get_cipher_data(ctx));
255 gost_grasshopper_cipher_key(c, key);
256 gost_grasshopper_master_key(c, key);
260 if (c->type == GRASSHOPPER_CIPHER_MGM) {
261 gost_grasshopper_cipher_ctx_mgm *m =
262 (gost_grasshopper_cipher_ctx_mgm *) c;
264 /* 1st bit should be 0 */
266 GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_INIT,
267 GOST_R_INVALID_IV_LENGTH);
270 memcpy(m->mgm_iv, iv, 16);
271 *(unsigned char *)(m->mgm_iv) += 128;
273 memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv,
274 EVP_CIPHER_CTX_iv_length(ctx));
277 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx),
278 EVP_CIPHER_CTX_original_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx));
280 grasshopper_zero128(&c->buffer);
285 GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ecb(EVP_CIPHER_CTX *ctx, const unsigned char
286 *key, const unsigned char
289 gost_grasshopper_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
290 c->type = GRASSHOPPER_CIPHER_ECB;
291 return gost_grasshopper_cipher_init(ctx, key, iv, enc);
294 GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_cbc(EVP_CIPHER_CTX *ctx, const unsigned char
295 *key, const unsigned char
298 gost_grasshopper_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
299 c->type = GRASSHOPPER_CIPHER_CBC;
300 return gost_grasshopper_cipher_init(ctx, key, iv, enc);
303 GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ofb(EVP_CIPHER_CTX *ctx, const unsigned char
304 *key, const unsigned char
307 gost_grasshopper_cipher_ctx_ofb *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
309 c->c.type = GRASSHOPPER_CIPHER_OFB;
311 grasshopper_zero128(&c->buffer1);
313 return gost_grasshopper_cipher_init(ctx, key, iv, enc);
316 GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_cfb(EVP_CIPHER_CTX *ctx, const unsigned char
317 *key, const unsigned char
320 gost_grasshopper_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
321 c->type = GRASSHOPPER_CIPHER_CFB;
322 return gost_grasshopper_cipher_init(ctx, key, iv, enc);
325 GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ctr(EVP_CIPHER_CTX *ctx, const unsigned char
326 *key, const unsigned char
329 gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
331 c->c.type = GRASSHOPPER_CIPHER_CTR;
332 EVP_CIPHER_CTX_set_num(ctx, 0);
334 grasshopper_zero128(&c->partial_buffer);
336 return gost_grasshopper_cipher_init(ctx, key, iv, enc);
339 GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ctracpkm(EVP_CIPHER_CTX
341 char *key, const unsigned
344 gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
346 /* NB: setting type makes EVP do_cipher callback useless */
347 c->c.type = GRASSHOPPER_CIPHER_CTRACPKM;
348 EVP_CIPHER_CTX_set_num(ctx, 0);
349 c->section_size = 4096;
351 return gost_grasshopper_cipher_init(ctx, key, iv, enc);
354 GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_mgm(EVP_CIPHER_CTX *ctx, const unsigned char
355 *key, const unsigned char
358 gost_grasshopper_cipher_ctx_mgm *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
360 c->c.type = GRASSHOPPER_CIPHER_MGM;
362 EVP_CIPHER_CTX_set_num(ctx, 0);
364 grasshopper_zero128(&c->partial_buffer);
366 return gost_grasshopper_cipher_init(ctx, key, iv, enc);
369 GRASSHOPPER_INLINE int gost_grasshopper_cipher_do(EVP_CIPHER_CTX *ctx,
371 const unsigned char *in,
374 gost_grasshopper_cipher_ctx *c =
375 (gost_grasshopper_cipher_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
376 struct GRASSHOPPER_CIPHER_PARAMS *params = &gost_cipher_params[c->type];
378 return params->do_cipher(ctx, out, in, inl);
381 int gost_grasshopper_cipher_do_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out,
382 const unsigned char *in, size_t inl)
384 gost_grasshopper_cipher_ctx *c =
385 (gost_grasshopper_cipher_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
386 bool encrypting = (bool) EVP_CIPHER_CTX_encrypting(ctx);
387 const unsigned char *current_in = in;
388 unsigned char *current_out = out;
389 size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE;
392 for (i = 0; i < blocks;
393 i++, current_in += GRASSHOPPER_BLOCK_SIZE, current_out +=
394 GRASSHOPPER_BLOCK_SIZE) {
396 grasshopper_encrypt_block(&c->encrypt_round_keys,
397 (grasshopper_w128_t *) current_in,
398 (grasshopper_w128_t *) current_out,
401 grasshopper_decrypt_block(&c->decrypt_round_keys,
402 (grasshopper_w128_t *) current_in,
403 (grasshopper_w128_t *) current_out,
411 int gost_grasshopper_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
412 const unsigned char *in, size_t inl)
414 gost_grasshopper_cipher_ctx *c =
415 (gost_grasshopper_cipher_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
416 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
417 bool encrypting = (bool) EVP_CIPHER_CTX_encrypting(ctx);
418 const unsigned char *current_in = in;
419 unsigned char *current_out = out;
420 grasshopper_w128_t *currentInputBlock;
421 grasshopper_w128_t *currentOutputBlock;
422 size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE;
424 grasshopper_w128_t *currentBlock;
426 currentBlock = (grasshopper_w128_t *) iv;
428 for (i = 0; i < blocks;
429 i++, current_in += GRASSHOPPER_BLOCK_SIZE, current_out +=
430 GRASSHOPPER_BLOCK_SIZE) {
431 currentInputBlock = (grasshopper_w128_t *) current_in;
432 currentOutputBlock = (grasshopper_w128_t *) current_out;
434 grasshopper_append128(currentBlock, currentInputBlock);
435 grasshopper_encrypt_block(&c->encrypt_round_keys, currentBlock,
436 currentOutputBlock, &c->buffer);
437 grasshopper_copy128(currentBlock, currentOutputBlock);
439 grasshopper_w128_t tmp;
441 grasshopper_copy128(&tmp, currentInputBlock);
442 grasshopper_decrypt_block(&c->decrypt_round_keys,
443 currentInputBlock, currentOutputBlock,
445 grasshopper_append128(currentOutputBlock, currentBlock);
446 grasshopper_copy128(currentBlock, &tmp);
453 void inc_counter(unsigned char *counter, size_t counter_bytes)
456 unsigned int n = counter_bytes;
468 /* increment counter (128-bit int) by 1 */
469 static void ctr128_inc(unsigned char *counter)
471 inc_counter(counter, 16);
474 int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out,
475 const unsigned char *in, size_t inl)
477 gost_grasshopper_cipher_ctx_ctr *c = (gost_grasshopper_cipher_ctx_ctr *)
478 EVP_CIPHER_CTX_get_cipher_data(ctx);
479 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
480 const unsigned char *current_in = in;
481 unsigned char *current_out = out;
482 grasshopper_w128_t *currentInputBlock;
483 grasshopper_w128_t *currentOutputBlock;
484 unsigned int n = EVP_CIPHER_CTX_num(ctx);
489 *(current_out++) = *(current_in++) ^ c->partial_buffer.b[n];
491 n = (n + 1) % GRASSHOPPER_BLOCK_SIZE;
493 EVP_CIPHER_CTX_set_num(ctx, n);
494 size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE;
496 grasshopper_w128_t *iv_buffer = (grasshopper_w128_t *) iv;
497 grasshopper_w128_t tmp;
500 for (i = 0; i < blocks; i++) {
501 currentInputBlock = (grasshopper_w128_t *) current_in;
502 currentOutputBlock = (grasshopper_w128_t *) current_out;
503 grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer,
504 &c->partial_buffer, &c->c.buffer);
505 grasshopper_plus128(&tmp, &c->partial_buffer, currentInputBlock);
506 grasshopper_copy128(currentOutputBlock, &tmp);
507 ctr128_inc(iv_buffer->b);
508 current_in += GRASSHOPPER_BLOCK_SIZE;
509 current_out += GRASSHOPPER_BLOCK_SIZE;
513 lasted = inl - blocks * GRASSHOPPER_BLOCK_SIZE;
515 currentInputBlock = (grasshopper_w128_t *) current_in;
516 currentOutputBlock = (grasshopper_w128_t *) current_out;
517 grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer,
518 &c->partial_buffer, &c->c.buffer);
519 for (i = 0; i < lasted; i++) {
520 currentOutputBlock->b[i] =
521 c->partial_buffer.b[i] ^ currentInputBlock->b[i];
523 EVP_CIPHER_CTX_set_num(ctx, i);
524 ctr128_inc(iv_buffer->b);
530 #define GRASSHOPPER_BLOCK_MASK (GRASSHOPPER_BLOCK_SIZE - 1)
531 static inline void apply_acpkm_grasshopper(gost_grasshopper_cipher_ctx_ctr *
532 ctx, unsigned int *num)
534 if (!ctx->section_size || (*num < ctx->section_size))
537 *num &= GRASSHOPPER_BLOCK_MASK;
540 /* If meshing is not configured via ctrl (setting section_size)
541 * this function works exactly like plain ctr */
542 int gost_grasshopper_cipher_do_ctracpkm(EVP_CIPHER_CTX *ctx,
544 const unsigned char *in, size_t inl)
546 gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
547 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
548 unsigned int num = EVP_CIPHER_CTX_num(ctx);
550 while ((num & GRASSHOPPER_BLOCK_MASK) && inl) {
551 *out++ = *in++ ^ c->partial_buffer.b[num & GRASSHOPPER_BLOCK_MASK];
555 size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE;
557 grasshopper_w128_t tmp;
560 for (i = 0; i < blocks; i++) {
561 apply_acpkm_grasshopper(c, &num);
562 grasshopper_encrypt_block(&c->c.encrypt_round_keys,
563 (grasshopper_w128_t *) iv,
564 (grasshopper_w128_t *) & c->partial_buffer,
566 grasshopper_plus128(&tmp, &c->partial_buffer,
567 (grasshopper_w128_t *) in);
568 grasshopper_copy128((grasshopper_w128_t *) out, &tmp);
570 in += GRASSHOPPER_BLOCK_SIZE;
571 out += GRASSHOPPER_BLOCK_SIZE;
572 num += GRASSHOPPER_BLOCK_SIZE;
576 size_t lasted = inl - blocks * GRASSHOPPER_BLOCK_SIZE;
578 apply_acpkm_grasshopper(c, &num);
579 grasshopper_encrypt_block(&c->c.encrypt_round_keys,
580 (grasshopper_w128_t *) iv,
581 &c->partial_buffer, &c->c.buffer);
582 for (i = 0; i < lasted; i++)
583 out[i] = c->partial_buffer.b[i] ^ in[i];
587 EVP_CIPHER_CTX_set_num(ctx, num);
592 /* ----------------------------------------------------------------------------------------------- */
593 /*! Функция реализует операцию умножения двух элементов конечного поля \f$ \mathbb F_{2^{128}}\f$,
594 порожденного неприводимым многочленом
595 \f$ f(x) = x^{128} + x^7 + x^2 + x + 1 \in \mathbb F_2[x]\f$. Для умножения используется
596 простейшая реализация, основанная на приведении по модулю после каждого шага алгоритма. */
597 /* ----------------------------------------------------------------------------------------------- */
598 static void gf128_mul_uint64(uint64_t *result, uint64_t *arg1, uint64_t *arg2)
602 uint64_t x[2], y[2], z[2];
604 BUF_reverse((unsigned char *)x, (unsigned char *)arg1, 16);
605 BUF_reverse((unsigned char *)y, (unsigned char *)arg2, 16);
615 memset(z, 0, sizeof(uint64_t) * 2);
624 for (i = 0; i < 64; i++) {
645 for (i = 0; i < 63; i++) {
664 z[0] = bswap_64(z[0]);
665 z[1] = bswap_64(z[1]);
667 BUF_reverse((unsigned char *)result, (unsigned char *)z, 16);
670 static void hexdump(FILE *f, const char *title, const unsigned char *s, int l)
674 fprintf(f, "%s", title);
677 fprintf(f, "\n%04x", n);
678 fprintf(f, " %02x", s[n]);
683 int gost_grasshopper_cipher_do_mgm(EVP_CIPHER_CTX *ctx, unsigned char *out,
684 const unsigned char *in, size_t inl)
686 gost_grasshopper_cipher_ctx_mgm *c = (gost_grasshopper_cipher_ctx_mgm *)
687 EVP_CIPHER_CTX_get_cipher_data(ctx);
688 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
689 const unsigned char *current_in = in;
690 unsigned char *current_out = out;
691 grasshopper_w128_t *currentInputBlock;
692 grasshopper_w128_t *currentOutputBlock;
693 unsigned int n = EVP_CIPHER_CTX_num(ctx);
697 size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE;
698 int rest_len = n % GRASSHOPPER_BLOCK_SIZE;
699 grasshopper_w128_t h;
701 grasshopper_w128_t *iv_buffer = (grasshopper_w128_t *) iv;
702 grasshopper_w128_t tmp;
704 /* ======== Here we deal with associated data =========== */
705 if (out == NULL && c->mgm_state == mgm_associated_data) {
707 grasshopper_encrypt_block(&c->c.encrypt_round_keys, c->mgm_iv,
708 &c->partial_buffer, &c->c.buffer);
709 memcpy(c->mgm_iv, &c->partial_buffer, GRASSHOPPER_BLOCK_SIZE);
710 hexdump(stderr, "Tag", c->tag, 16);
714 /* Finalize partial_data */
715 if (inl + rest_len < GRASSHOPPER_BLOCK_SIZE) {
716 memcpy(c->mgm_partial_buffer.b + rest_len, current_in, inl);
718 EVP_CIPHER_CTX_set_num(ctx, n);
721 memcpy(c->mgm_partial_buffer.b + rest_len, current_in,
722 GRASSHOPPER_BLOCK_SIZE - rest_len);
724 grasshopper_encrypt_block(&c->c.encrypt_round_keys, c->mgm_iv,
726 inc_counter(c->mgm_iv->b, 8);
728 hexdump(stderr, "Hnext", h.b, 16);
729 hexdump(stderr, "Adata", c->mgm_partial_buffer.b, 16);
730 /* Galois multiply Hi * Ai */
731 gf128_mul_uint64(tmp.q, h.q, c->mgm_partial_buffer.q);
734 grasshopper_plus128(&h, (grasshopper_w128_t *) c->tag, &tmp);
735 grasshopper_copy128((grasshopper_w128_t *) c->tag, &h);
736 hexdump(stderr, "Tag", c->tag, 16);
738 current_in += GRASSHOPPER_BLOCK_SIZE - rest_len;
739 inl -= (GRASSHOPPER_BLOCK_SIZE - rest_len);
740 n += GRASSHOPPER_BLOCK_SIZE - rest_len;
744 while (inl >= GRASSHOPPER_BLOCK_SIZE) {
745 currentInputBlock = (grasshopper_w128_t *) current_in;
747 grasshopper_encrypt_block(&c->c.encrypt_round_keys, c->mgm_iv,
749 inc_counter(c->mgm_iv->b, 8);
751 hexdump(stderr, "Hnext", h.b, 16);
752 hexdump(stderr, "Adata", currentInputBlock->b, 16);
753 /* Galois multiply */
754 gf128_mul_uint64(tmp.q, h.q, currentInputBlock->q);
757 grasshopper_plus128(&h, (grasshopper_w128_t *) c->tag, &tmp);
758 grasshopper_copy128((grasshopper_w128_t *) c->tag, &h);
759 hexdump(stderr, "Tag", c->tag, 16);
761 current_in += GRASSHOPPER_BLOCK_SIZE;
762 inl -= GRASSHOPPER_BLOCK_SIZE;
763 n += GRASSHOPPER_BLOCK_SIZE;
767 memcpy(c->mgm_partial_buffer.b, current_in, inl);
771 EVP_CIPHER_CTX_set_num(ctx, n);
775 if (out == NULL && in != NULL && inl != 0 && c->mgm_state == mgm_main_data) {
776 GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_DO_MGM, GOST_R_BAD_ORDER);
780 if (out != NULL && c->mgm_state == mgm_associated_data) {
781 memset(c->mgm_partial_buffer.b + rest_len, 0,
782 GRASSHOPPER_BLOCK_SIZE - rest_len);
784 grasshopper_encrypt_block(&c->c.encrypt_round_keys, c->mgm_iv,
786 inc_counter(c->mgm_iv->b, 8);
788 hexdump(stderr, "Hnext", h.b, 16);
789 hexdump(stderr, "Padded Adata", c->mgm_partial_buffer.b, 16);
790 /* Galois multiply Hi * Ai */
791 gf128_mul_uint64(tmp.q, h.q, c->mgm_partial_buffer.q);
794 grasshopper_plus128(&h, (grasshopper_w128_t *) c->tag, &tmp);
795 grasshopper_copy128((grasshopper_w128_t *) c->tag, &h);
796 hexdump(stderr, "Tag", c->tag, 16);
798 /* We finish processing associated data */
799 /* Pad rest of mgm_partial_buffer */
800 /* Process last block */
804 EVP_CIPHER_CTX_set_num(ctx, 0);
805 c->mgm_state = mgm_main_data;
807 fprintf(stderr, "============= Deal with main data\n");
810 /* ======== Here we deal with main data =========== */
812 /* actual IV derived from nonce */
813 grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer,
814 &c->partial_buffer, &c->c.buffer);
815 memcpy(iv, c->partial_buffer.b, GRASSHOPPER_BLOCK_SIZE);
816 //hexdump(stderr, "Y1", iv, 16);
819 while (rest_len && inl) {
820 *(current_out++) = *(current_in++) ^ c->partial_buffer.b[rest_len];
821 c->partial_buffer.b[rest_len] = *(current_out - 1);
826 if (rest_len == GRASSHOPPER_BLOCK_SIZE) {
828 grasshopper_encrypt_block(&c->c.encrypt_round_keys, c->mgm_iv,
830 inc_counter(c->mgm_iv->b, 8);
831 hexdump(stderr, "Hnext", h.b, 16);
832 hexdump(stderr, "Ciphertext", c->partial_buffer.b, 16);
833 /* Galois multiply Hi * Ai */
834 gf128_mul_uint64(tmp.q, h.q, c->partial_buffer.q);
837 grasshopper_plus128(&h, (grasshopper_w128_t *) c->tag, &tmp);
838 grasshopper_copy128((grasshopper_w128_t *) c->tag, &h);
839 hexdump(stderr, "Tag", c->tag, 16);
844 for (i = 0; i < blocks; i++) {
845 currentInputBlock = (grasshopper_w128_t *) current_in;
846 currentOutputBlock = (grasshopper_w128_t *) current_out;
847 grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer,
848 &c->partial_buffer, &c->c.buffer);
849 grasshopper_plus128(&tmp, &c->partial_buffer, currentInputBlock);
850 grasshopper_copy128(currentOutputBlock, &tmp);
851 //hexdump(stderr, "Ciphertext", currentOutputBlock->b, 16);
853 grasshopper_encrypt_block(&c->c.encrypt_round_keys, c->mgm_iv,
855 inc_counter(c->mgm_iv->b, 8);
856 hexdump(stderr, "Hnext", h.b, 16);
857 hexdump(stderr, "Ciphertext", currentOutputBlock->b, 16);
858 /* Galois multiply Hi * Ai */
859 gf128_mul_uint64(tmp.q, h.q, currentOutputBlock->q);
862 grasshopper_plus128(&h, (grasshopper_w128_t *) c->tag, &tmp);
863 grasshopper_copy128((grasshopper_w128_t *) c->tag, &h);
864 hexdump(stderr, "Tag", c->tag, 16);
866 ctr128_inc(iv_buffer->b);
867 current_in += GRASSHOPPER_BLOCK_SIZE;
868 current_out += GRASSHOPPER_BLOCK_SIZE;
869 n += GRASSHOPPER_BLOCK_SIZE;
872 EVP_CIPHER_CTX_set_num(ctx, n);
875 lasted = inl - blocks * GRASSHOPPER_BLOCK_SIZE;
877 currentInputBlock = (grasshopper_w128_t *) current_in;
878 currentOutputBlock = (grasshopper_w128_t *) current_out;
879 grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer,
880 &c->partial_buffer, &c->c.buffer);
881 for (i = 0; i < lasted; i++) {
882 currentOutputBlock->b[i] =
883 c->partial_buffer.b[i] ^ currentInputBlock->b[i];
884 c->partial_buffer.b[i] = currentOutputBlock->b[i];
886 EVP_CIPHER_CTX_set_num(ctx, n + i);
887 ctr128_inc(iv_buffer->b);
891 if (in == NULL && inl == 0) {
892 unsigned char len_buf[16];
893 uint64_t a_len = 0, p_len = 0;
896 memset(c->partial_buffer.b + rest_len, 0,
897 GRASSHOPPER_BLOCK_SIZE - rest_len);
898 grasshopper_encrypt_block(&c->c.encrypt_round_keys, c->mgm_iv, &h,
900 inc_counter(c->mgm_iv->b, 8);
901 hexdump(stderr, "Hnext", h.b, 16);
902 hexdump(stderr, "Padded ciphertext", c->partial_buffer.b, 16);
903 /* Galois multiply Hi * Ai */
904 gf128_mul_uint64(tmp.q, h.q, c->partial_buffer.q);
907 grasshopper_plus128(&h, (grasshopper_w128_t *) c->tag, &tmp);
908 grasshopper_copy128((grasshopper_w128_t *) c->tag, &h);
909 hexdump(stderr, "Tag", c->tag, 16);
912 a_len = c->ad_length << 3;
913 p_len = (c->mgm_state == mgm_associated_data) ? 0 : n << 3;
916 a_len = bswap_64(a_len);
917 p_len = bswap_64(p_len);
919 memset(len_buf, 0, 16);
921 memcpy(len_buf, &a_len, sizeof(a_len));
922 memcpy(len_buf + sizeof(a_len), &p_len, sizeof(p_len));
923 grasshopper_encrypt_block(&c->c.encrypt_round_keys, c->mgm_iv,
926 hexdump(stderr, "Hlast", h.b, 16);
927 hexdump(stderr, "Lenbuf", len_buf, 16);
928 /* Galois multiply Hi * Ai */
929 gf128_mul_uint64(tmp.q, h.q, (uint64_t *)len_buf);
932 grasshopper_plus128(&h, (grasshopper_w128_t *) c->tag, &tmp);
933 grasshopper_copy128((grasshopper_w128_t *) c->tag, &h);
934 hexdump(stderr, "Tag", c->tag, 16);
936 /* Final tag calculation */
937 grasshopper_encrypt_block(&c->c.encrypt_round_keys,
938 (grasshopper_w128_t *) c->tag,
939 (grasshopper_w128_t *) c->final_tag,
947 * Fixed 128-bit IV implementation make shift regiser redundant.
949 static void gost_grasshopper_cnt_next(gost_grasshopper_cipher_ctx_ofb * ctx,
950 grasshopper_w128_t * iv,
951 grasshopper_w128_t * buf)
953 memcpy(&ctx->buffer1, iv, 16);
954 grasshopper_encrypt_block(&ctx->c.encrypt_round_keys, &ctx->buffer1,
955 buf, &ctx->c.buffer);
959 int gost_grasshopper_cipher_do_ofb(EVP_CIPHER_CTX *ctx, unsigned char *out,
960 const unsigned char *in, size_t inl)
962 gost_grasshopper_cipher_ctx_ofb *c = (gost_grasshopper_cipher_ctx_ofb *)
963 EVP_CIPHER_CTX_get_cipher_data(ctx);
964 const unsigned char *in_ptr = in;
965 unsigned char *out_ptr = out;
966 unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
967 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
968 int num = EVP_CIPHER_CTX_num(ctx);
972 /* process partial block if any */
974 for (j = (size_t)num, i = 0; j < GRASSHOPPER_BLOCK_SIZE && i < inl;
975 j++, i++, in_ptr++, out_ptr++) {
976 *out_ptr = buf[j] ^ (*in_ptr);
978 if (j == GRASSHOPPER_BLOCK_SIZE) {
979 EVP_CIPHER_CTX_set_num(ctx, 0);
981 EVP_CIPHER_CTX_set_num(ctx, (int)j);
986 for (; i + GRASSHOPPER_BLOCK_SIZE <
988 i += GRASSHOPPER_BLOCK_SIZE, in_ptr +=
989 GRASSHOPPER_BLOCK_SIZE, out_ptr += GRASSHOPPER_BLOCK_SIZE) {
991 * block cipher current iv
994 gost_grasshopper_cnt_next(c, (grasshopper_w128_t *) iv,
995 (grasshopper_w128_t *) buf);
998 * xor next block of input text with it and output it
1003 for (j = 0; j < GRASSHOPPER_BLOCK_SIZE; j++) {
1004 out_ptr[j] = buf[j] ^ in_ptr[j];
1008 /* Process rest of buffer */
1010 gost_grasshopper_cnt_next(c, (grasshopper_w128_t *) iv,
1011 (grasshopper_w128_t *) buf);
1012 for (j = 0; i < inl; j++, i++) {
1013 out_ptr[j] = buf[j] ^ in_ptr[j];
1015 EVP_CIPHER_CTX_set_num(ctx, (int)j);
1017 EVP_CIPHER_CTX_set_num(ctx, 0);
1023 int gost_grasshopper_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
1024 const unsigned char *in, size_t inl)
1026 gost_grasshopper_cipher_ctx *c =
1027 (gost_grasshopper_cipher_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
1028 const unsigned char *in_ptr = in;
1029 unsigned char *out_ptr = out;
1030 unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
1031 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
1032 bool encrypting = (bool) EVP_CIPHER_CTX_encrypting(ctx);
1033 int num = EVP_CIPHER_CTX_num(ctx);
1037 /* process partial block if any */
1039 for (j = (size_t)num, i = 0; j < GRASSHOPPER_BLOCK_SIZE && i < inl;
1040 j++, i++, in_ptr++, out_ptr++) {
1042 buf[j + GRASSHOPPER_BLOCK_SIZE] = *in_ptr;
1044 *out_ptr = buf[j] ^ (*in_ptr);
1046 buf[j + GRASSHOPPER_BLOCK_SIZE] = *out_ptr;
1049 if (j == GRASSHOPPER_BLOCK_SIZE) {
1050 memcpy(iv, buf + GRASSHOPPER_BLOCK_SIZE, GRASSHOPPER_BLOCK_SIZE);
1051 EVP_CIPHER_CTX_set_num(ctx, 0);
1053 EVP_CIPHER_CTX_set_num(ctx, (int)j);
1058 for (; i + GRASSHOPPER_BLOCK_SIZE <
1060 i += GRASSHOPPER_BLOCK_SIZE, in_ptr +=
1061 GRASSHOPPER_BLOCK_SIZE, out_ptr += GRASSHOPPER_BLOCK_SIZE) {
1063 * block cipher current iv
1065 grasshopper_encrypt_block(&c->encrypt_round_keys,
1066 (grasshopper_w128_t *) iv,
1067 (grasshopper_w128_t *) buf, &c->buffer);
1069 * xor next block of input text with it and output it
1075 memcpy(iv, in_ptr, GRASSHOPPER_BLOCK_SIZE);
1077 for (j = 0; j < GRASSHOPPER_BLOCK_SIZE; j++) {
1078 out_ptr[j] = buf[j] ^ in_ptr[j];
1081 /* Next iv is next block of cipher text */
1083 memcpy(iv, out_ptr, GRASSHOPPER_BLOCK_SIZE);
1087 /* Process rest of buffer */
1089 grasshopper_encrypt_block(&c->encrypt_round_keys,
1090 (grasshopper_w128_t *) iv,
1091 (grasshopper_w128_t *) buf, &c->buffer);
1093 memcpy(buf + GRASSHOPPER_BLOCK_SIZE, in_ptr, inl - i);
1095 for (j = 0; i < inl; j++, i++) {
1096 out_ptr[j] = buf[j] ^ in_ptr[j];
1098 EVP_CIPHER_CTX_set_num(ctx, (int)j);
1100 memcpy(buf + GRASSHOPPER_BLOCK_SIZE, out_ptr, j);
1103 EVP_CIPHER_CTX_set_num(ctx, 0);
1109 int gost_grasshopper_cipher_cleanup(EVP_CIPHER_CTX *ctx)
1111 gost_grasshopper_cipher_ctx *c =
1112 (gost_grasshopper_cipher_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
1117 struct GRASSHOPPER_CIPHER_PARAMS *params = &gost_cipher_params[c->type];
1119 gost_grasshopper_cipher_destroy(c);
1120 if (params->destroy_cipher != NULL) {
1121 params->destroy_cipher(c);
1124 EVP_CIPHER_CTX_set_app_data(ctx, NULL);
1129 int gost_grasshopper_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
1132 unsigned char *buf = NULL;
1133 ASN1_OCTET_STRING *os = NULL;
1135 os = ASN1_OCTET_STRING_new();
1137 if (!os || !ASN1_OCTET_STRING_set(os, buf, len)) {
1139 GOSTerr(GOST_F_GOST_GRASSHOPPER_SET_ASN1_PARAMETERS,
1140 ERR_R_MALLOC_FAILURE);
1145 ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
1149 GRASSHOPPER_INLINE int gost_grasshopper_get_asn1_parameters(EVP_CIPHER_CTX
1155 if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) {
1162 int gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg,
1166 case EVP_CTRL_RAND_KEY:{
1168 ((unsigned char *)ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0) {
1169 GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL, GOST_R_RNG_ERROR);
1174 case EVP_CTRL_KEY_MESH:{
1175 gost_grasshopper_cipher_ctx_ctr *c =
1176 EVP_CIPHER_CTX_get_cipher_data(ctx);
1177 if (c->c.type != GRASSHOPPER_CIPHER_CTRACPKM || !arg
1178 || (arg % GRASSHOPPER_BLOCK_SIZE))
1180 c->section_size = arg;
1183 #ifdef EVP_CTRL_TLS1_2_TLSTREE
1184 case EVP_CTRL_TLS1_2_TLSTREE:
1186 unsigned char newkey[32];
1187 int mode = EVP_CIPHER_CTX_mode(ctx);
1188 static const unsigned char zeroseq[8];
1189 gost_grasshopper_cipher_ctx_ctr *ctr_ctx = NULL;
1190 gost_grasshopper_cipher_ctx *c = NULL;
1192 unsigned char adjusted_iv[16];
1193 unsigned char seq[8];
1195 if (mode != EVP_CIPH_CTR_MODE)
1198 ctr_ctx = (gost_grasshopper_cipher_ctx_ctr *)
1199 EVP_CIPHER_CTX_get_cipher_data(ctx);
1202 memcpy(seq, ptr, 8);
1203 if (EVP_CIPHER_CTX_encrypting(ctx)) {
1205 * OpenSSL increments seq after mac calculation.
1206 * As we have Mac-Then-Encrypt, we need decrement it here on encryption
1207 * to derive the key correctly.
1209 if (memcmp(seq, zeroseq, 8) != 0) {
1210 for (j = 7; j >= 0; j--) {
1219 if (gost_tlstree(NID_grasshopper_cbc, c->master_key.k.b, newkey,
1220 (const unsigned char *)seq) > 0) {
1221 memset(adjusted_iv, 0, 16);
1222 memcpy(adjusted_iv, EVP_CIPHER_CTX_original_iv(ctx), 8);
1223 for (j = 7; j >= 0; j--) {
1224 int adj_byte, carry = 0;
1225 adj_byte = adjusted_iv[j] + seq[j] + carry;
1226 carry = (adj_byte > 255) ? 1 : 0;
1227 adjusted_iv[j] = adj_byte & 0xFF;
1229 EVP_CIPHER_CTX_set_num(ctx, 0);
1230 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), adjusted_iv, 16);
1232 gost_grasshopper_cipher_key(c, newkey);
1238 case EVP_CTRL_AEAD_GET_TAG:
1239 case EVP_CTRL_AEAD_SET_TAG:
1241 gost_grasshopper_cipher_ctx_mgm *mgm_ctx = NULL;
1242 gost_grasshopper_cipher_ctx *c = NULL;
1244 unsigned char *tag = ptr;
1246 mgm_ctx = (gost_grasshopper_cipher_ctx_mgm *)
1247 EVP_CIPHER_CTX_get_cipher_data(ctx);
1248 c = (gost_grasshopper_cipher_ctx *) mgm_ctx;
1250 if (c->type != GRASSHOPPER_CIPHER_MGM)
1254 GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL,
1255 GOST_R_INVALID_TAG_LENGTH);
1259 if (type == EVP_CTRL_AEAD_GET_TAG)
1260 memcpy(tag, mgm_ctx->final_tag, taglen);
1262 memcpy(mgm_ctx->final_tag, tag, taglen);
1267 GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL,
1268 GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND);
1274 GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper_create(int
1278 return EVP_CIPHER_meth_new(cipher_type, block_size /* block_size */ ,
1279 GRASSHOPPER_KEY_SIZE /* key_size */ );
1282 const int cipher_gost_grasshopper_setup(EVP_CIPHER *cipher, uint8_t mode,
1283 int iv_size, bool padding,
1286 return EVP_CIPHER_meth_set_iv_length(cipher, iv_size)
1287 && EVP_CIPHER_meth_set_flags(cipher,
1288 (unsigned long)(mode |
1290 EVP_CIPH_NO_PADDING :
1296 EVP_CIPH_ALWAYS_CALL_INIT |
1299 && EVP_CIPHER_meth_set_cleanup(cipher, gost_grasshopper_cipher_cleanup)
1300 && EVP_CIPHER_meth_set_set_asn1_params(cipher,
1301 gost_grasshopper_set_asn1_parameters)
1302 && EVP_CIPHER_meth_set_get_asn1_params(cipher,
1303 gost_grasshopper_get_asn1_parameters)
1304 && EVP_CIPHER_meth_set_ctrl(cipher, gost_grasshopper_cipher_ctl)
1305 && EVP_CIPHER_meth_set_do_cipher(cipher, gost_grasshopper_cipher_do);
1308 const GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper(uint8_t mode,
1311 EVP_CIPHER **cipher;
1312 struct GRASSHOPPER_CIPHER_PARAMS *params;
1314 cipher = &gost_grasshopper_ciphers[num];
1316 if (*cipher == NULL) {
1317 params = &gost_cipher_params[num];
1319 int nid = params->nid;
1320 grasshopper_init_cipher_func init_cipher = params->init_cipher;
1321 int block_size = params->block_size;
1322 int ctx_size = params->ctx_size;
1323 int iv_size = params->iv_size;
1324 bool padding = params->padding;
1326 int extra_flags = (num == GRASSHOPPER_CIPHER_MGM) ?
1327 EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_FLAG_AEAD_CIPHER : 0;
1329 *cipher = cipher_gost_grasshopper_create(nid, block_size);
1330 if (*cipher == NULL) {
1334 if (!cipher_gost_grasshopper_setup
1335 (*cipher, mode, iv_size, padding, extra_flags)
1336 || !EVP_CIPHER_meth_set_init(*cipher, init_cipher)
1337 || !EVP_CIPHER_meth_set_impl_ctx_size(*cipher, ctx_size)) {
1338 EVP_CIPHER_meth_free(*cipher);
1346 const GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper_ecb()
1348 return cipher_gost_grasshopper(EVP_CIPH_ECB_MODE, GRASSHOPPER_CIPHER_ECB);
1351 const GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper_cbc()
1353 return cipher_gost_grasshopper(EVP_CIPH_CBC_MODE, GRASSHOPPER_CIPHER_CBC);
1356 const GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper_ofb()
1358 return cipher_gost_grasshopper(EVP_CIPH_OFB_MODE, GRASSHOPPER_CIPHER_OFB);
1361 const GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper_cfb()
1363 return cipher_gost_grasshopper(EVP_CIPH_CFB_MODE, GRASSHOPPER_CIPHER_CFB);
1366 const GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper_ctr()
1368 return cipher_gost_grasshopper(EVP_CIPH_CTR_MODE, GRASSHOPPER_CIPHER_CTR);
1371 const GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper_ctracpkm()
1373 return cipher_gost_grasshopper(EVP_CIPH_CTR_MODE,
1374 GRASSHOPPER_CIPHER_CTRACPKM);
1377 const GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper_mgm()
1379 #ifndef NID_kuznyechik_mgm
1382 return cipher_gost_grasshopper(EVP_CIPH_CTR_MODE, GRASSHOPPER_CIPHER_MGM);
1386 void cipher_gost_grasshopper_destroy(void)
1388 EVP_CIPHER_meth_free(gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_ECB]);
1389 gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_ECB] = NULL;
1390 EVP_CIPHER_meth_free(gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_CBC]);
1391 gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_CBC] = NULL;
1392 EVP_CIPHER_meth_free(gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_OFB]);
1393 gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_OFB] = NULL;
1394 EVP_CIPHER_meth_free(gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_CFB]);
1395 gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_CFB] = NULL;
1396 EVP_CIPHER_meth_free(gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_CTR]);
1397 gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_CTR] = NULL;
1398 EVP_CIPHER_meth_free(gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_CTRACPKM]);
1399 gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_CTRACPKM] = NULL;
1400 EVP_CIPHER_meth_free(gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_MGM]);
1401 gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_MGM] = NULL;
projects / openssl-gost / engine.git / blob