3 * This file is distributed under the same license as OpenSSL
6 #include "gost_grasshopper_cipher.h"
7 #include "gost_grasshopper_defines.h"
8 #include "gost_grasshopper_math.h"
9 #include "gost_grasshopper_core.h"
11 #include <openssl/evp.h>
12 #include <openssl/rand.h>
13 #include <openssl/err.h>
19 #include "e_gost_err.h"
21 enum GRASSHOPPER_CIPHER_TYPE {
22 GRASSHOPPER_CIPHER_ECB = 0,
23 GRASSHOPPER_CIPHER_CBC,
24 GRASSHOPPER_CIPHER_OFB,
25 GRASSHOPPER_CIPHER_CFB,
26 GRASSHOPPER_CIPHER_CTR,
27 GRASSHOPPER_CIPHER_CTRACPKM,
28 GRASSHOPPER_CIPHER_MGM,
31 static EVP_CIPHER *gost_grasshopper_ciphers[7] = {
32 [GRASSHOPPER_CIPHER_ECB] = NULL,
33 [GRASSHOPPER_CIPHER_CBC] = NULL,
34 [GRASSHOPPER_CIPHER_OFB] = NULL,
35 [GRASSHOPPER_CIPHER_CFB] = NULL,
36 [GRASSHOPPER_CIPHER_CTR] = NULL,
37 [GRASSHOPPER_CIPHER_CTRACPKM] = NULL,
38 [GRASSHOPPER_CIPHER_MGM] = NULL,
41 static GRASSHOPPER_INLINE void
42 gost_grasshopper_cipher_destroy_ofb(gost_grasshopper_cipher_ctx * c);
43 static GRASSHOPPER_INLINE void
44 gost_grasshopper_cipher_destroy_ctr(gost_grasshopper_cipher_ctx * c);
45 static GRASSHOPPER_INLINE void
46 gost_grasshopper_cipher_destroy_mgm(gost_grasshopper_cipher_ctx * c);
48 struct GRASSHOPPER_CIPHER_PARAMS {
50 grasshopper_init_cipher_func init_cipher;
51 grasshopper_do_cipher_func do_cipher;
52 grasshopper_destroy_cipher_func destroy_cipher;
59 static struct GRASSHOPPER_CIPHER_PARAMS gost_cipher_params[7] = {
60 [GRASSHOPPER_CIPHER_ECB] = {
62 gost_grasshopper_cipher_init_ecb,
63 gost_grasshopper_cipher_do_ecb,
66 sizeof(gost_grasshopper_cipher_ctx),
70 [GRASSHOPPER_CIPHER_CBC] = {
72 gost_grasshopper_cipher_init_cbc,
73 gost_grasshopper_cipher_do_cbc,
76 sizeof(gost_grasshopper_cipher_ctx),
80 [GRASSHOPPER_CIPHER_OFB] = {
82 gost_grasshopper_cipher_init_ofb,
83 gost_grasshopper_cipher_do_ofb,
84 gost_grasshopper_cipher_destroy_ofb,
86 sizeof(gost_grasshopper_cipher_ctx_ofb),
90 [GRASSHOPPER_CIPHER_CFB] = {
92 gost_grasshopper_cipher_init_cfb,
93 gost_grasshopper_cipher_do_cfb,
96 sizeof(gost_grasshopper_cipher_ctx),
100 [GRASSHOPPER_CIPHER_CTR] = {
102 gost_grasshopper_cipher_init_ctr,
103 gost_grasshopper_cipher_do_ctr,
104 gost_grasshopper_cipher_destroy_ctr,
106 sizeof(gost_grasshopper_cipher_ctx_ctr),
107 /* IV size is set to match full block, to make it responsibility of
108 * user to assign correct values (IV || 0), and to make naive context
109 * copy possible (for software such as openssh) */
113 [GRASSHOPPER_CIPHER_CTRACPKM] = {
114 NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm,
115 gost_grasshopper_cipher_init_ctracpkm,
116 gost_grasshopper_cipher_do_ctracpkm,
117 gost_grasshopper_cipher_destroy_ctr,
119 sizeof(gost_grasshopper_cipher_ctx_ctr),
123 #ifdef NID_kuznyechik_mgm
124 [GRASSHOPPER_CIPHER_MGM] = {
126 gost_grasshopper_cipher_init_mgm,
127 gost_grasshopper_cipher_do_mgm,
128 gost_grasshopper_cipher_destroy_mgm,
130 sizeof(gost_grasshopper_cipher_ctx_mgm),
135 [GRASSHOPPER_CIPHER_MGM] = {
148 /* first 256 bit of D from draft-irtf-cfrg-re-keying-12 */
149 static const unsigned char ACPKM_D_2018[] = {
150 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 64 bit */
151 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, /* 128 bit */
152 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
153 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, /* 256 bit */
156 static void acpkm_next(gost_grasshopper_cipher_ctx * c)
158 unsigned char newkey[GRASSHOPPER_KEY_SIZE];
159 const int J = GRASSHOPPER_KEY_SIZE / GRASSHOPPER_BLOCK_SIZE;
162 for (n = 0; n < J; n++) {
163 const unsigned char *D_n = &ACPKM_D_2018[n * GRASSHOPPER_BLOCK_SIZE];
165 grasshopper_encrypt_block(&c->encrypt_round_keys,
166 (grasshopper_w128_t *) D_n,
167 (grasshopper_w128_t *) & newkey[n *
168 GRASSHOPPER_BLOCK_SIZE],
171 gost_grasshopper_cipher_key(c, newkey);
174 /* Set 256 bit key into context */
175 GRASSHOPPER_INLINE void
176 gost_grasshopper_cipher_key(gost_grasshopper_cipher_ctx * c, const uint8_t *k)
179 for (i = 0; i < 2; i++) {
180 grasshopper_copy128(&c->key.k.k[i],
181 (const grasshopper_w128_t *)(k + i * 16));
184 grasshopper_set_encrypt_key(&c->encrypt_round_keys, &c->key);
185 grasshopper_set_decrypt_key(&c->decrypt_round_keys, &c->key);
188 /* Set master 256-bit key to be used in TLSTREE calculation into context */
189 GRASSHOPPER_INLINE void
190 gost_grasshopper_master_key(gost_grasshopper_cipher_ctx * c, const uint8_t *k)
193 for (i = 0; i < 2; i++) {
194 grasshopper_copy128(&c->master_key.k.k[i],
195 (const grasshopper_w128_t *)(k + i * 16));
199 /* Cleans up key from context */
200 GRASSHOPPER_INLINE void
201 gost_grasshopper_cipher_destroy(gost_grasshopper_cipher_ctx * c)
204 for (i = 0; i < 2; i++) {
205 grasshopper_zero128(&c->key.k.k[i]);
206 grasshopper_zero128(&c->master_key.k.k[i]);
208 for (i = 0; i < GRASSHOPPER_ROUND_KEYS_COUNT; i++) {
209 grasshopper_zero128(&c->encrypt_round_keys.k[i]);
211 for (i = 0; i < GRASSHOPPER_ROUND_KEYS_COUNT; i++) {
212 grasshopper_zero128(&c->decrypt_round_keys.k[i]);
214 grasshopper_zero128(&c->buffer);
217 static GRASSHOPPER_INLINE void
218 gost_grasshopper_cipher_destroy_ofb(gost_grasshopper_cipher_ctx * c)
220 gost_grasshopper_cipher_ctx_ofb *ctx =
221 (gost_grasshopper_cipher_ctx_ofb *) c;
223 grasshopper_zero128(&ctx->buffer1);
226 static GRASSHOPPER_INLINE void
227 gost_grasshopper_cipher_destroy_ctr(gost_grasshopper_cipher_ctx * c)
229 gost_grasshopper_cipher_ctx_ctr *ctx =
230 (gost_grasshopper_cipher_ctx_ctr *) c;
232 grasshopper_zero128(&ctx->partial_buffer);
235 static GRASSHOPPER_INLINE void
236 gost_grasshopper_cipher_destroy_mgm(gost_grasshopper_cipher_ctx * c)
238 gost_grasshopper_cipher_ctx_mgm *ctx =
239 (gost_grasshopper_cipher_ctx_mgm *) c;
241 grasshopper_zero128(&ctx->partial_buffer);
244 int gost_grasshopper_cipher_init(EVP_CIPHER_CTX *ctx,
245 const unsigned char *key,
246 const unsigned char *iv, int enc)
248 gost_grasshopper_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
250 if (EVP_CIPHER_CTX_get_app_data(ctx) == NULL) {
251 EVP_CIPHER_CTX_set_app_data(ctx, EVP_CIPHER_CTX_get_cipher_data(ctx));
255 gost_grasshopper_cipher_key(c, key);
256 gost_grasshopper_master_key(c, key);
260 if (c->type == GRASSHOPPER_CIPHER_MGM) {
261 gost_grasshopper_cipher_ctx_mgm *m = (gost_grasshopper_cipher_ctx_mgm *)c;
263 /* 1st bit should be 0*/
265 GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_INIT, GOST_R_INVALID_IV_LENGTH);
268 memcpy(m->mgm_iv, iv, 16);
269 *(unsigned char *)(m->mgm_iv) += 128;
271 memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv,
272 EVP_CIPHER_CTX_iv_length(ctx));
275 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx),
276 EVP_CIPHER_CTX_original_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx));
278 grasshopper_zero128(&c->buffer);
283 GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ecb(EVP_CIPHER_CTX *ctx, const unsigned char
284 *key, const unsigned char
287 gost_grasshopper_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
288 c->type = GRASSHOPPER_CIPHER_ECB;
289 return gost_grasshopper_cipher_init(ctx, key, iv, enc);
292 GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_cbc(EVP_CIPHER_CTX *ctx, const unsigned char
293 *key, const unsigned char
296 gost_grasshopper_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
297 c->type = GRASSHOPPER_CIPHER_CBC;
298 return gost_grasshopper_cipher_init(ctx, key, iv, enc);
301 GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ofb(EVP_CIPHER_CTX *ctx, const unsigned char
302 *key, const unsigned char
305 gost_grasshopper_cipher_ctx_ofb *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
307 c->c.type = GRASSHOPPER_CIPHER_OFB;
309 grasshopper_zero128(&c->buffer1);
311 return gost_grasshopper_cipher_init(ctx, key, iv, enc);
314 GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_cfb(EVP_CIPHER_CTX *ctx, const unsigned char
315 *key, const unsigned char
318 gost_grasshopper_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
319 c->type = GRASSHOPPER_CIPHER_CFB;
320 return gost_grasshopper_cipher_init(ctx, key, iv, enc);
323 GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ctr(EVP_CIPHER_CTX *ctx, const unsigned char
324 *key, const unsigned char
327 gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
329 c->c.type = GRASSHOPPER_CIPHER_CTR;
330 EVP_CIPHER_CTX_set_num(ctx, 0);
332 grasshopper_zero128(&c->partial_buffer);
334 return gost_grasshopper_cipher_init(ctx, key, iv, enc);
337 GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ctracpkm(EVP_CIPHER_CTX
339 char *key, const unsigned
342 gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
344 /* NB: setting type makes EVP do_cipher callback useless */
345 c->c.type = GRASSHOPPER_CIPHER_CTRACPKM;
346 EVP_CIPHER_CTX_set_num(ctx, 0);
347 c->section_size = 4096;
349 return gost_grasshopper_cipher_init(ctx, key, iv, enc);
352 GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_mgm(EVP_CIPHER_CTX *ctx, const unsigned char
353 *key, const unsigned char
356 gost_grasshopper_cipher_ctx_mgm *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
358 c->c.type = GRASSHOPPER_CIPHER_MGM;
360 EVP_CIPHER_CTX_set_num(ctx, 0);
362 grasshopper_zero128(&c->partial_buffer);
364 return gost_grasshopper_cipher_init(ctx, key, iv, enc);
367 GRASSHOPPER_INLINE int gost_grasshopper_cipher_do(EVP_CIPHER_CTX *ctx,
369 const unsigned char *in,
372 gost_grasshopper_cipher_ctx *c =
373 (gost_grasshopper_cipher_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
374 struct GRASSHOPPER_CIPHER_PARAMS *params = &gost_cipher_params[c->type];
376 return params->do_cipher(ctx, out, in, inl);
379 int gost_grasshopper_cipher_do_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out,
380 const unsigned char *in, size_t inl)
382 gost_grasshopper_cipher_ctx *c =
383 (gost_grasshopper_cipher_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
384 bool encrypting = (bool) EVP_CIPHER_CTX_encrypting(ctx);
385 const unsigned char *current_in = in;
386 unsigned char *current_out = out;
387 size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE;
390 for (i = 0; i < blocks;
391 i++, current_in += GRASSHOPPER_BLOCK_SIZE, current_out +=
392 GRASSHOPPER_BLOCK_SIZE) {
394 grasshopper_encrypt_block(&c->encrypt_round_keys,
395 (grasshopper_w128_t *) current_in,
396 (grasshopper_w128_t *) current_out,
399 grasshopper_decrypt_block(&c->decrypt_round_keys,
400 (grasshopper_w128_t *) current_in,
401 (grasshopper_w128_t *) current_out,
409 int gost_grasshopper_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
410 const unsigned char *in, size_t inl)
412 gost_grasshopper_cipher_ctx *c =
413 (gost_grasshopper_cipher_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
414 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
415 bool encrypting = (bool) EVP_CIPHER_CTX_encrypting(ctx);
416 const unsigned char *current_in = in;
417 unsigned char *current_out = out;
418 grasshopper_w128_t *currentInputBlock;
419 grasshopper_w128_t *currentOutputBlock;
420 size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE;
422 grasshopper_w128_t *currentBlock;
424 currentBlock = (grasshopper_w128_t *) iv;
426 for (i = 0; i < blocks;
427 i++, current_in += GRASSHOPPER_BLOCK_SIZE, current_out +=
428 GRASSHOPPER_BLOCK_SIZE) {
429 currentInputBlock = (grasshopper_w128_t *) current_in;
430 currentOutputBlock = (grasshopper_w128_t *) current_out;
432 grasshopper_append128(currentBlock, currentInputBlock);
433 grasshopper_encrypt_block(&c->encrypt_round_keys, currentBlock,
434 currentOutputBlock, &c->buffer);
435 grasshopper_copy128(currentBlock, currentOutputBlock);
437 grasshopper_w128_t tmp;
439 grasshopper_copy128(&tmp, currentInputBlock);
440 grasshopper_decrypt_block(&c->decrypt_round_keys,
441 currentInputBlock, currentOutputBlock,
443 grasshopper_append128(currentOutputBlock, currentBlock);
444 grasshopper_copy128(currentBlock, &tmp);
451 void inc_counter(unsigned char *counter, size_t counter_bytes)
454 unsigned int n = counter_bytes;
466 /* increment counter (128-bit int) by 1 */
467 static void ctr128_inc(unsigned char *counter)
469 inc_counter(counter, 16);
472 int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out,
473 const unsigned char *in, size_t inl)
475 gost_grasshopper_cipher_ctx_ctr *c = (gost_grasshopper_cipher_ctx_ctr *)
476 EVP_CIPHER_CTX_get_cipher_data(ctx);
477 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
478 const unsigned char *current_in = in;
479 unsigned char *current_out = out;
480 grasshopper_w128_t *currentInputBlock;
481 grasshopper_w128_t *currentOutputBlock;
482 unsigned int n = EVP_CIPHER_CTX_num(ctx);
487 *(current_out++) = *(current_in++) ^ c->partial_buffer.b[n];
489 n = (n + 1) % GRASSHOPPER_BLOCK_SIZE;
491 EVP_CIPHER_CTX_set_num(ctx, n);
492 size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE;
494 grasshopper_w128_t *iv_buffer = (grasshopper_w128_t *) iv;
495 grasshopper_w128_t tmp;
498 for (i = 0; i < blocks; i++) {
499 currentInputBlock = (grasshopper_w128_t *) current_in;
500 currentOutputBlock = (grasshopper_w128_t *) current_out;
501 grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer,
502 &c->partial_buffer, &c->c.buffer);
503 grasshopper_plus128(&tmp, &c->partial_buffer, currentInputBlock);
504 grasshopper_copy128(currentOutputBlock, &tmp);
505 ctr128_inc(iv_buffer->b);
506 current_in += GRASSHOPPER_BLOCK_SIZE;
507 current_out += GRASSHOPPER_BLOCK_SIZE;
511 lasted = inl - blocks * GRASSHOPPER_BLOCK_SIZE;
513 currentInputBlock = (grasshopper_w128_t *) current_in;
514 currentOutputBlock = (grasshopper_w128_t *) current_out;
515 grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer,
516 &c->partial_buffer, &c->c.buffer);
517 for (i = 0; i < lasted; i++) {
518 currentOutputBlock->b[i] =
519 c->partial_buffer.b[i] ^ currentInputBlock->b[i];
521 EVP_CIPHER_CTX_set_num(ctx, i);
522 ctr128_inc(iv_buffer->b);
528 #define GRASSHOPPER_BLOCK_MASK (GRASSHOPPER_BLOCK_SIZE - 1)
529 static inline void apply_acpkm_grasshopper(gost_grasshopper_cipher_ctx_ctr *
530 ctx, unsigned int *num)
532 if (!ctx->section_size || (*num < ctx->section_size))
535 *num &= GRASSHOPPER_BLOCK_MASK;
538 /* If meshing is not configured via ctrl (setting section_size)
539 * this function works exactly like plain ctr */
540 int gost_grasshopper_cipher_do_ctracpkm(EVP_CIPHER_CTX *ctx,
542 const unsigned char *in, size_t inl)
544 gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
545 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
546 unsigned int num = EVP_CIPHER_CTX_num(ctx);
548 while ((num & GRASSHOPPER_BLOCK_MASK) && inl) {
549 *out++ = *in++ ^ c->partial_buffer.b[num & GRASSHOPPER_BLOCK_MASK];
553 size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE;
555 grasshopper_w128_t tmp;
558 for (i = 0; i < blocks; i++) {
559 apply_acpkm_grasshopper(c, &num);
560 grasshopper_encrypt_block(&c->c.encrypt_round_keys,
561 (grasshopper_w128_t *) iv,
562 (grasshopper_w128_t *) & c->partial_buffer,
564 grasshopper_plus128(&tmp, &c->partial_buffer,
565 (grasshopper_w128_t *) in);
566 grasshopper_copy128((grasshopper_w128_t *) out, &tmp);
568 in += GRASSHOPPER_BLOCK_SIZE;
569 out += GRASSHOPPER_BLOCK_SIZE;
570 num += GRASSHOPPER_BLOCK_SIZE;
574 size_t lasted = inl - blocks * GRASSHOPPER_BLOCK_SIZE;
576 apply_acpkm_grasshopper(c, &num);
577 grasshopper_encrypt_block(&c->c.encrypt_round_keys,
578 (grasshopper_w128_t *) iv,
579 &c->partial_buffer, &c->c.buffer);
580 for (i = 0; i < lasted; i++)
581 out[i] = c->partial_buffer.b[i] ^ in[i];
585 EVP_CIPHER_CTX_set_num(ctx, num);
590 /* ----------------------------------------------------------------------------------------------- */
591 /*! Функция реализует операцию умножения двух элементов конечного поля \f$ \mathbb F_{2^{128}}\f$,
592 порожденного неприводимым многочленом
593 \f$ f(x) = x^{128} + x^7 + x^2 + x + 1 \in \mathbb F_2[x]\f$. Для умножения используется
594 простейшая реализация, основанная на приведении по модулю после каждого шага алгоритма. */
595 /* ----------------------------------------------------------------------------------------------- */
596 static void gf128_mul_uint64(uint64_t *z, uint64_t *x, uint64_t *y)
601 BUF_reverse((unsigned char *)x, NULL, 16);
602 BUF_reverse((unsigned char *)y, NULL, 16);
612 memset(z, 0, sizeof(uint64_t)*2);
621 for( i = 0; i < 64; i++ ) {
622 if( t&0x1 ) { z[0] ^= s0; z[1] ^= s1; }
625 s1 <<= 1; s1 ^= ( s0 >> 63 ); s0 <<= 1;
636 for( i = 0; i < 63; i++ ) {
637 if( t&0x1 ) { z[0] ^= s0; z[1] ^= s1; }
640 s1 <<= 1; s1 ^= ( s0 >> 63 ); s0 <<= 1;
649 z[0] = bswap_64(z[0]);
650 z[1] = bswap_64(z[1]);
652 BUF_reverse((unsigned char *)z, NULL, 16);
655 static void hexdump(FILE *f, const char *title, const unsigned char *s, int l)
659 fprintf(f, "%s", title);
662 fprintf(f, "\n%04x", n);
663 fprintf(f, " %02x", s[n]);
668 int gost_grasshopper_cipher_do_mgm(EVP_CIPHER_CTX *ctx, unsigned char *out,
669 const unsigned char *in, size_t inl)
671 gost_grasshopper_cipher_ctx_mgm *c = (gost_grasshopper_cipher_ctx_mgm *)
672 EVP_CIPHER_CTX_get_cipher_data(ctx);
673 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
674 const unsigned char *current_in = in;
675 unsigned char *current_out = out;
676 grasshopper_w128_t *currentInputBlock;
677 grasshopper_w128_t *currentOutputBlock;
678 unsigned int n = EVP_CIPHER_CTX_num(ctx);
682 size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE;
683 int rest_len = n % GRASSHOPPER_BLOCK_SIZE;
684 grasshopper_w128_t h;
686 grasshopper_w128_t *iv_buffer = (grasshopper_w128_t *) iv;
687 grasshopper_w128_t tmp;
689 /* ======== Here we deal with associated data =========== */
690 if (out == NULL && c->mgm_state == mgm_associated_data) {
692 grasshopper_encrypt_block(&c->c.encrypt_round_keys, c->mgm_iv,
693 &c->partial_buffer, &c->c.buffer);
694 memcpy(c->mgm_iv, &c->partial_buffer, GRASSHOPPER_BLOCK_SIZE);
695 hexdump(stderr, "Tag", c->tag, 16);
699 /* Finalize partial_data */
700 if (inl + rest_len < GRASSHOPPER_BLOCK_SIZE) {
701 memcpy(c->mgm_partial_buffer.b+rest_len, current_in, inl);
703 EVP_CIPHER_CTX_set_num(ctx, n);
706 memcpy(c->mgm_partial_buffer.b+rest_len, current_in, GRASSHOPPER_BLOCK_SIZE - rest_len);
708 grasshopper_encrypt_block(&c->c.encrypt_round_keys, c->mgm_iv,
710 inc_counter(c->mgm_iv->b, 8);
712 hexdump(stderr, "Hnext", h.b, 16);
713 hexdump(stderr, "Adata", c->mgm_partial_buffer.b, 16);
714 /* Galois multiply Hi * Ai */
715 gf128_mul_uint64(tmp.q, h.q, c->mgm_partial_buffer.q);
718 grasshopper_plus128(&h, (grasshopper_w128_t *)c->tag, &tmp);
719 grasshopper_copy128((grasshopper_w128_t *)c->tag, &h);
720 hexdump(stderr, "Tag", c->tag, 16);
722 current_in += GRASSHOPPER_BLOCK_SIZE - rest_len;
723 inl -= (GRASSHOPPER_BLOCK_SIZE - rest_len);
724 n += GRASSHOPPER_BLOCK_SIZE - rest_len;
728 while (inl >= GRASSHOPPER_BLOCK_SIZE) {
729 currentInputBlock = (grasshopper_w128_t *) current_in;
731 grasshopper_encrypt_block(&c->c.encrypt_round_keys, c->mgm_iv,
733 inc_counter(c->mgm_iv->b, 8);
735 hexdump(stderr, "Hnext", h.b, 16);
736 hexdump(stderr, "Adata", currentInputBlock->b, 16);
737 /* Galois multiply */
738 gf128_mul_uint64(tmp.q, h.q, currentInputBlock->q);
741 grasshopper_plus128(&h, (grasshopper_w128_t *)c->tag, &tmp);
742 grasshopper_copy128((grasshopper_w128_t *)c->tag, &h);
743 hexdump(stderr, "Tag", c->tag, 16);
745 current_in += GRASSHOPPER_BLOCK_SIZE;
746 inl -= GRASSHOPPER_BLOCK_SIZE;
747 n += GRASSHOPPER_BLOCK_SIZE;
752 memcpy(c->mgm_partial_buffer.b, current_in, inl);
756 EVP_CIPHER_CTX_set_num(ctx, n);
760 if (out == NULL && in != NULL && inl !=0 && c->mgm_state == mgm_main_data) {
761 GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_DO_MGM, GOST_R_BAD_ORDER);
765 if (out != NULL && c->mgm_state == mgm_associated_data) {
766 memset(c->mgm_partial_buffer.b+rest_len, 0, GRASSHOPPER_BLOCK_SIZE - rest_len);
768 grasshopper_encrypt_block(&c->c.encrypt_round_keys, c->mgm_iv,
770 inc_counter(c->mgm_iv->b, 8);
772 hexdump(stderr, "Hnext", h.b, 16);
773 hexdump(stderr, "Padded Adata", c->mgm_partial_buffer.b, 16);
774 /* Galois multiply Hi * Ai */
775 gf128_mul_uint64(tmp.q, h.q, c->mgm_partial_buffer.q);
778 grasshopper_plus128(&h, (grasshopper_w128_t *)c->tag, &tmp);
779 grasshopper_copy128((grasshopper_w128_t *)c->tag, &h);
780 hexdump(stderr, "Tag", c->tag, 16);
782 /* We finish processing associated data */
783 /* Pad rest of mgm_partial_buffer */
784 /* Process last block */
787 EVP_CIPHER_CTX_set_num(ctx, 0);
788 c->mgm_state = mgm_main_data;
790 fprintf(stderr, "============= Deal with main data\n");
793 /* ======== Here we deal with main data =========== */
795 /* actual IV derived from nonce */
796 grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer,
797 &c->partial_buffer, &c->c.buffer);
798 memcpy(iv, c->partial_buffer.b, GRASSHOPPER_BLOCK_SIZE);
799 //hexdump(stderr, "Y1", iv, 16);
802 while (rest_len && inl) {
803 *(current_out++) = *(current_in++) ^ c->partial_buffer.b[rest_len];
807 if (rest_len == GRASSHOPPER_BLOCK_SIZE)
812 EVP_CIPHER_CTX_set_num(ctx, n);
815 for (i = 0; i < blocks; i++) {
816 currentInputBlock = (grasshopper_w128_t *) current_in;
817 currentOutputBlock = (grasshopper_w128_t *) current_out;
818 grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer,
819 &c->partial_buffer, &c->c.buffer);
820 grasshopper_plus128(&tmp, &c->partial_buffer, currentInputBlock);
821 grasshopper_copy128(currentOutputBlock, &tmp);
822 //hexdump(stderr, "Ciphertext", currentOutputBlock->b, 16);
824 grasshopper_encrypt_block(&c->c.encrypt_round_keys, c->mgm_iv,
826 inc_counter(c->mgm_iv->b, 8);
827 hexdump(stderr, "Hnext", h.b, 16);
828 hexdump(stderr, "Ciphertext", currentOutputBlock->b, 16);
829 /* Galois multiply Hi * Ai */
830 gf128_mul_uint64(tmp.q, h.q, currentOutputBlock->q);
833 grasshopper_plus128(&h, (grasshopper_w128_t *)c->tag, &tmp);
834 grasshopper_copy128((grasshopper_w128_t *)c->tag, &h);
835 hexdump(stderr, "Tag", c->tag, 16);
837 ctr128_inc(iv_buffer->b);
838 current_in += GRASSHOPPER_BLOCK_SIZE;
839 current_out += GRASSHOPPER_BLOCK_SIZE;
840 n += GRASSHOPPER_BLOCK_SIZE;
844 lasted = inl - blocks * GRASSHOPPER_BLOCK_SIZE;
846 currentInputBlock = (grasshopper_w128_t *) current_in;
847 currentOutputBlock = (grasshopper_w128_t *) current_out;
848 grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer,
849 &c->partial_buffer, &c->c.buffer);
850 for (i = 0; i < lasted; i++) {
851 currentOutputBlock->b[i] =
852 c->partial_buffer.b[i] ^ currentInputBlock->b[i];
854 grasshopper_copy128(&c->partial_buffer, currentOutputBlock);
855 EVP_CIPHER_CTX_set_num(ctx, n+i);
856 ctr128_inc(iv_buffer->b);
860 if (in == NULL && inl == 0)
862 unsigned char len_buf[16];
863 uint64_t a_len = 0, p_len = 0;
867 memset(c->partial_buffer.b+rest_len, 0, GRASSHOPPER_BLOCK_SIZE - rest_len);
868 grasshopper_encrypt_block(&c->c.encrypt_round_keys, c->mgm_iv,
870 inc_counter(c->mgm_iv->b, 8);
871 hexdump(stderr, "Hnext", h.b, 16);
872 hexdump(stderr, "Padded ciphertext", c->partial_buffer.b, 16);
873 /* Galois multiply Hi * Ai */
874 gf128_mul_uint64(tmp.q, h.q, c->partial_buffer.q);
877 grasshopper_plus128(&h, (grasshopper_w128_t *)c->tag, &tmp);
878 grasshopper_copy128((grasshopper_w128_t *)c->tag, &h);
879 hexdump(stderr, "Tag", c->tag, 16);
882 a_len = c->ad_length << 3;
883 p_len = (c->mgm_state == mgm_associated_data) ? 0 : n << 3;
886 a_len = bswap_64(a_len);
887 p_len = bswap_64(p_len);
889 memset(len_buf, 0, 16);
891 memcpy(len_buf, &a_len, sizeof(a_len));
892 memcpy(len_buf+sizeof(a_len), &p_len, sizeof(p_len));
893 grasshopper_encrypt_block(&c->c.encrypt_round_keys, c->mgm_iv,
896 hexdump(stderr, "Hlast", h.b, 16);
897 hexdump(stderr, "Lenbuf", len_buf, 16);
898 /* Galois multiply Hi * Ai */
899 gf128_mul_uint64(tmp.q, h.q, (uint64_t *)len_buf);
902 grasshopper_plus128(&h, (grasshopper_w128_t *)c->tag, &tmp);
903 grasshopper_copy128((grasshopper_w128_t *)c->tag, &h);
904 hexdump(stderr, "Tag", c->tag, 16);
906 /* Final tag calculation */
907 grasshopper_encrypt_block(&c->c.encrypt_round_keys, (grasshopper_w128_t *)c->tag,
908 (grasshopper_w128_t *)c->final_tag, &c->c.buffer);
915 * Fixed 128-bit IV implementation make shift regiser redundant.
917 static void gost_grasshopper_cnt_next(gost_grasshopper_cipher_ctx_ofb * ctx,
918 grasshopper_w128_t * iv,
919 grasshopper_w128_t * buf)
921 memcpy(&ctx->buffer1, iv, 16);
922 grasshopper_encrypt_block(&ctx->c.encrypt_round_keys, &ctx->buffer1,
923 buf, &ctx->c.buffer);
927 int gost_grasshopper_cipher_do_ofb(EVP_CIPHER_CTX *ctx, unsigned char *out,
928 const unsigned char *in, size_t inl)
930 gost_grasshopper_cipher_ctx_ofb *c = (gost_grasshopper_cipher_ctx_ofb *)
931 EVP_CIPHER_CTX_get_cipher_data(ctx);
932 const unsigned char *in_ptr = in;
933 unsigned char *out_ptr = out;
934 unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
935 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
936 int num = EVP_CIPHER_CTX_num(ctx);
940 /* process partial block if any */
942 for (j = (size_t)num, i = 0; j < GRASSHOPPER_BLOCK_SIZE && i < inl;
943 j++, i++, in_ptr++, out_ptr++) {
944 *out_ptr = buf[j] ^ (*in_ptr);
946 if (j == GRASSHOPPER_BLOCK_SIZE) {
947 EVP_CIPHER_CTX_set_num(ctx, 0);
949 EVP_CIPHER_CTX_set_num(ctx, (int)j);
954 for (; i + GRASSHOPPER_BLOCK_SIZE <
956 i += GRASSHOPPER_BLOCK_SIZE, in_ptr +=
957 GRASSHOPPER_BLOCK_SIZE, out_ptr += GRASSHOPPER_BLOCK_SIZE) {
959 * block cipher current iv
962 gost_grasshopper_cnt_next(c, (grasshopper_w128_t *) iv,
963 (grasshopper_w128_t *) buf);
966 * xor next block of input text with it and output it
971 for (j = 0; j < GRASSHOPPER_BLOCK_SIZE; j++) {
972 out_ptr[j] = buf[j] ^ in_ptr[j];
976 /* Process rest of buffer */
978 gost_grasshopper_cnt_next(c, (grasshopper_w128_t *) iv,
979 (grasshopper_w128_t *) buf);
980 for (j = 0; i < inl; j++, i++) {
981 out_ptr[j] = buf[j] ^ in_ptr[j];
983 EVP_CIPHER_CTX_set_num(ctx, (int)j);
985 EVP_CIPHER_CTX_set_num(ctx, 0);
991 int gost_grasshopper_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
992 const unsigned char *in, size_t inl)
994 gost_grasshopper_cipher_ctx *c =
995 (gost_grasshopper_cipher_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
996 const unsigned char *in_ptr = in;
997 unsigned char *out_ptr = out;
998 unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
999 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
1000 bool encrypting = (bool) EVP_CIPHER_CTX_encrypting(ctx);
1001 int num = EVP_CIPHER_CTX_num(ctx);
1005 /* process partial block if any */
1007 for (j = (size_t)num, i = 0; j < GRASSHOPPER_BLOCK_SIZE && i < inl;
1008 j++, i++, in_ptr++, out_ptr++) {
1010 buf[j + GRASSHOPPER_BLOCK_SIZE] = *in_ptr;
1012 *out_ptr = buf[j] ^ (*in_ptr);
1014 buf[j + GRASSHOPPER_BLOCK_SIZE] = *out_ptr;
1017 if (j == GRASSHOPPER_BLOCK_SIZE) {
1018 memcpy(iv, buf + GRASSHOPPER_BLOCK_SIZE, GRASSHOPPER_BLOCK_SIZE);
1019 EVP_CIPHER_CTX_set_num(ctx, 0);
1021 EVP_CIPHER_CTX_set_num(ctx, (int)j);
1026 for (; i + GRASSHOPPER_BLOCK_SIZE <
1028 i += GRASSHOPPER_BLOCK_SIZE, in_ptr +=
1029 GRASSHOPPER_BLOCK_SIZE, out_ptr += GRASSHOPPER_BLOCK_SIZE) {
1031 * block cipher current iv
1033 grasshopper_encrypt_block(&c->encrypt_round_keys,
1034 (grasshopper_w128_t *) iv,
1035 (grasshopper_w128_t *) buf, &c->buffer);
1037 * xor next block of input text with it and output it
1043 memcpy(iv, in_ptr, GRASSHOPPER_BLOCK_SIZE);
1045 for (j = 0; j < GRASSHOPPER_BLOCK_SIZE; j++) {
1046 out_ptr[j] = buf[j] ^ in_ptr[j];
1049 /* Next iv is next block of cipher text */
1051 memcpy(iv, out_ptr, GRASSHOPPER_BLOCK_SIZE);
1055 /* Process rest of buffer */
1057 grasshopper_encrypt_block(&c->encrypt_round_keys,
1058 (grasshopper_w128_t *) iv,
1059 (grasshopper_w128_t *) buf, &c->buffer);
1061 memcpy(buf + GRASSHOPPER_BLOCK_SIZE, in_ptr, inl - i);
1063 for (j = 0; i < inl; j++, i++) {
1064 out_ptr[j] = buf[j] ^ in_ptr[j];
1066 EVP_CIPHER_CTX_set_num(ctx, (int)j);
1068 memcpy(buf + GRASSHOPPER_BLOCK_SIZE, out_ptr, j);
1071 EVP_CIPHER_CTX_set_num(ctx, 0);
1077 int gost_grasshopper_cipher_cleanup(EVP_CIPHER_CTX *ctx)
1079 gost_grasshopper_cipher_ctx *c =
1080 (gost_grasshopper_cipher_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
1085 struct GRASSHOPPER_CIPHER_PARAMS *params = &gost_cipher_params[c->type];
1087 gost_grasshopper_cipher_destroy(c);
1088 if (params->destroy_cipher != NULL) {
1089 params->destroy_cipher(c);
1092 EVP_CIPHER_CTX_set_app_data(ctx, NULL);
1097 int gost_grasshopper_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
1100 unsigned char *buf = NULL;
1101 ASN1_OCTET_STRING *os = NULL;
1103 os = ASN1_OCTET_STRING_new();
1105 if (!os || !ASN1_OCTET_STRING_set(os, buf, len)) {
1107 GOSTerr(GOST_F_GOST_GRASSHOPPER_SET_ASN1_PARAMETERS,
1108 ERR_R_MALLOC_FAILURE);
1113 ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
1117 GRASSHOPPER_INLINE int gost_grasshopper_get_asn1_parameters(EVP_CIPHER_CTX
1123 if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) {
1130 int gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg,
1134 case EVP_CTRL_RAND_KEY:{
1136 ((unsigned char *)ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0) {
1137 GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL, GOST_R_RNG_ERROR);
1142 case EVP_CTRL_KEY_MESH:{
1143 gost_grasshopper_cipher_ctx_ctr *c =
1144 EVP_CIPHER_CTX_get_cipher_data(ctx);
1145 if (c->c.type != GRASSHOPPER_CIPHER_CTRACPKM || !arg
1146 || (arg % GRASSHOPPER_BLOCK_SIZE))
1148 c->section_size = arg;
1151 #ifdef EVP_CTRL_TLS1_2_TLSTREE
1152 case EVP_CTRL_TLS1_2_TLSTREE:
1154 unsigned char newkey[32];
1155 int mode = EVP_CIPHER_CTX_mode(ctx);
1156 static const unsigned char zeroseq[8];
1157 gost_grasshopper_cipher_ctx_ctr *ctr_ctx = NULL;
1158 gost_grasshopper_cipher_ctx *c = NULL;
1160 unsigned char adjusted_iv[16];
1161 unsigned char seq[8];
1163 if (mode != EVP_CIPH_CTR_MODE)
1166 ctr_ctx = (gost_grasshopper_cipher_ctx_ctr *)
1167 EVP_CIPHER_CTX_get_cipher_data(ctx);
1170 memcpy(seq, ptr, 8);
1171 if (EVP_CIPHER_CTX_encrypting(ctx)) {
1173 * OpenSSL increments seq after mac calculation.
1174 * As we have Mac-Then-Encrypt, we need decrement it here on encryption
1175 * to derive the key correctly.
1177 if (memcmp(seq, zeroseq, 8) != 0)
1181 if (seq[j] != 0) {seq[j]--; break;}
1186 if (gost_tlstree(NID_grasshopper_cbc, c->master_key.k.b, newkey,
1187 (const unsigned char *)seq) > 0) {
1188 memset(adjusted_iv, 0, 16);
1189 memcpy(adjusted_iv, EVP_CIPHER_CTX_original_iv(ctx), 8);
1190 for(j=7,carry=0; j>=0; j--)
1192 int adj_byte = adjusted_iv[j]+seq[j]+carry;
1193 carry = (adj_byte > 255) ? 1 : 0;
1194 adjusted_iv[j] = adj_byte & 0xFF;
1196 EVP_CIPHER_CTX_set_num(ctx, 0);
1197 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), adjusted_iv, 16);
1199 gost_grasshopper_cipher_key(c, newkey);
1205 case EVP_CTRL_AEAD_GET_TAG:
1206 case EVP_CTRL_AEAD_SET_TAG:
1208 gost_grasshopper_cipher_ctx_mgm *mgm_ctx = NULL;
1209 gost_grasshopper_cipher_ctx *c = NULL;
1211 unsigned char* tag = ptr;
1213 mgm_ctx = (gost_grasshopper_cipher_ctx_mgm *)
1214 EVP_CIPHER_CTX_get_cipher_data(ctx);
1215 c = (gost_grasshopper_cipher_ctx *)mgm_ctx;
1217 if (c->type != GRASSHOPPER_CIPHER_MGM)
1221 GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL, GOST_R_INVALID_TAG_LENGTH);
1225 if (type == EVP_CTRL_AEAD_GET_TAG)
1226 memcpy(tag, mgm_ctx->final_tag, taglen);
1228 memcpy(mgm_ctx->final_tag, tag, taglen);
1233 GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL,
1234 GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND);
1240 GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper_create(int
1244 return EVP_CIPHER_meth_new(cipher_type, block_size /* block_size */ ,
1245 GRASSHOPPER_KEY_SIZE /* key_size */ );
1248 const int cipher_gost_grasshopper_setup(EVP_CIPHER *cipher, uint8_t mode,
1249 int iv_size, bool padding, int extra_flags)
1251 return EVP_CIPHER_meth_set_iv_length(cipher, iv_size)
1252 && EVP_CIPHER_meth_set_flags(cipher,
1253 (unsigned long)(mode |
1255 EVP_CIPH_NO_PADDING :
1261 EVP_CIPH_ALWAYS_CALL_INIT | extra_flags)
1263 && EVP_CIPHER_meth_set_cleanup(cipher, gost_grasshopper_cipher_cleanup)
1264 && EVP_CIPHER_meth_set_set_asn1_params(cipher,
1265 gost_grasshopper_set_asn1_parameters)
1266 && EVP_CIPHER_meth_set_get_asn1_params(cipher,
1267 gost_grasshopper_get_asn1_parameters)
1268 && EVP_CIPHER_meth_set_ctrl(cipher, gost_grasshopper_cipher_ctl)
1269 && EVP_CIPHER_meth_set_do_cipher(cipher, gost_grasshopper_cipher_do);
1272 const GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper(uint8_t mode,
1275 EVP_CIPHER **cipher;
1276 struct GRASSHOPPER_CIPHER_PARAMS *params;
1278 cipher = &gost_grasshopper_ciphers[num];
1280 if (*cipher == NULL) {
1281 params = &gost_cipher_params[num];
1283 int nid = params->nid;
1284 grasshopper_init_cipher_func init_cipher = params->init_cipher;
1285 int block_size = params->block_size;
1286 int ctx_size = params->ctx_size;
1287 int iv_size = params->iv_size;
1288 bool padding = params->padding;
1290 int extra_flags = (num == GRASSHOPPER_CIPHER_MGM) ?
1291 EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_FLAG_AEAD_CIPHER : 0;
1293 *cipher = cipher_gost_grasshopper_create(nid, block_size);
1294 if (*cipher == NULL) {
1298 if (!cipher_gost_grasshopper_setup(*cipher, mode, iv_size, padding, extra_flags)
1299 || !EVP_CIPHER_meth_set_init(*cipher, init_cipher)
1300 || !EVP_CIPHER_meth_set_impl_ctx_size(*cipher, ctx_size)) {
1301 EVP_CIPHER_meth_free(*cipher);
1309 const GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper_ecb()
1311 return cipher_gost_grasshopper(EVP_CIPH_ECB_MODE, GRASSHOPPER_CIPHER_ECB);
1314 const GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper_cbc()
1316 return cipher_gost_grasshopper(EVP_CIPH_CBC_MODE, GRASSHOPPER_CIPHER_CBC);
1319 const GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper_ofb()
1321 return cipher_gost_grasshopper(EVP_CIPH_OFB_MODE, GRASSHOPPER_CIPHER_OFB);
1324 const GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper_cfb()
1326 return cipher_gost_grasshopper(EVP_CIPH_CFB_MODE, GRASSHOPPER_CIPHER_CFB);
1329 const GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper_ctr()
1331 return cipher_gost_grasshopper(EVP_CIPH_CTR_MODE, GRASSHOPPER_CIPHER_CTR);
1334 const GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper_ctracpkm()
1336 return cipher_gost_grasshopper(EVP_CIPH_CTR_MODE,
1337 GRASSHOPPER_CIPHER_CTRACPKM);
1340 const GRASSHOPPER_INLINE EVP_CIPHER *cipher_gost_grasshopper_mgm()
1342 #ifndef NID_kuznyechik_mgm
1345 return cipher_gost_grasshopper(EVP_CIPH_CTR_MODE, GRASSHOPPER_CIPHER_MGM);
1349 void cipher_gost_grasshopper_destroy(void)
1351 EVP_CIPHER_meth_free(gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_ECB]);
1352 gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_ECB] = NULL;
1353 EVP_CIPHER_meth_free(gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_CBC]);
1354 gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_CBC] = NULL;
1355 EVP_CIPHER_meth_free(gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_OFB]);
1356 gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_OFB] = NULL;
1357 EVP_CIPHER_meth_free(gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_CFB]);
1358 gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_CFB] = NULL;
1359 EVP_CIPHER_meth_free(gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_CTR]);
1360 gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_CTR] = NULL;
1361 EVP_CIPHER_meth_free(gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_CTRACPKM]);
1362 gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_CTRACPKM] = NULL;
1363 EVP_CIPHER_meth_free(gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_MGM]);
1364 gost_grasshopper_ciphers[GRASSHOPPER_CIPHER_MGM] = NULL;
projects / openssl-gost / engine.git / blob