2 #include <openssl/evp.h>
5 #include "e_gost_err.h"
8 * Function expects that out is a preallocated buffer of length
9 * defined as sum of shared_len and mac length defined by mac_nid
11 int gost_kexp15(const unsigned char *shared_key, const int shared_len,
12 int cipher_nid, const unsigned char *cipher_key, const size_t cipher_key_len,
13 int mac_nid, unsigned char *mac_key, const size_t mac_key_len,
14 const char *iv, const size_t ivlen,
15 unsigned char *out, int *out_len
18 /* out_len = key_len + mac_len */
19 unsigned char iv_full[16], mac_buf[8];
22 EVP_CIPHER_CTX *ciph = NULL;
23 EVP_MD_CTX *mac = NULL;
28 /* we expect IV of half length */
29 memset(iv_full, 0, 16);
30 memcpy(iv_full, iv, ivlen);
32 mac = EVP_MD_CTX_new();
34 GOSTerr(GOST_F_GOST_KEXP15, ERR_R_MALLOC_FAILURE);
38 if(EVP_DigestInit_ex(mac, EVP_get_digestbynid(mac_nid), NULL) <= 0
39 || EVP_MD_CTX_ctrl(mac, EVP_MD_CTRL_SET_KEY, mac_key_len, mac_key) <= 0
40 || EVP_DigestUpdate(mac, shared_key, shared_len) <= 0
41 || EVP_DigestFinal_ex(mac, mac_buf, &mac_len) <= 0) {
42 GOSTerr(GOST_F_GOST_KEXP15, ERR_R_INTERNAL_ERROR);
46 ciph = EVP_CIPHER_CTX_new();
48 GOSTerr(GOST_F_GOST_KEXP15, ERR_R_MALLOC_FAILURE);
52 if (EVP_CipherInit_ex(ciph, EVP_get_cipherbynid(cipher_nid), NULL, NULL, NULL, 1) <= 0
53 || EVP_CipherInit_ex(ciph, NULL, NULL, cipher_key, iv_full, 1) <= 0
54 || EVP_CipherUpdate(ciph, out, &len, shared_key, shared_len) <= 0
55 || EVP_CipherUpdate(ciph, out + shared_len, &len, mac_buf, mac_len) <= 0
56 || EVP_CipherFinal_ex(ciph, out + shared_len + len, out_len) <= 0) {
57 GOSTerr(GOST_F_GOST_KEXP15, ERR_R_INTERNAL_ERROR);
61 *out_len = shared_len + mac_len;
66 /* TODO clear mac_buf */
68 EVP_CIPHER_CTX_free(ciph);
73 int gost_kimp15(const char *expkey, const size_t expkeylen,
74 int cipher_nid, const char *cipher_key, const size_t cipher_key_len,
75 int mac_nid, const char *mac_key, const size_t mac_key_len,
76 const char *iv, const size_t ivlen,
77 char *shared_key, size_t *shared_len
84 * keyout expected to be 64 bytes
86 int gost_keg(const unsigned char *seckey, const size_t seckey_len,
87 const EC_POINT *pub, const unsigned char *h,
88 unsigned char *keyout)
93 #ifdef ENABLE_UNIT_TESTS
96 # include <openssl/obj_mac.h>
98 static void hexdump(FILE *f, const char *title, const unsigned char *s, int l)
102 fprintf(f, "%s", title);
105 fprintf(f, "\n%04x", n);
106 fprintf(f, " %02x", s[n]);
113 const unsigned char key[] = {
114 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
115 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
116 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10,
117 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF
120 const unsigned char magma_key[] = {
121 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
122 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F,
123 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F,
124 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
127 const unsigned char magma_key[] = {
128 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
129 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
130 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
131 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
135 unsigned char buf[32+8];
139 ret = gost_kexp15(key, 32,
140 NID_magma_ctr, magma_key, 32,
141 NID_magma_mac, mac_key, 32,