X-Git-Url: http://www.wagner.pp.ru/gitweb/?a=blobdiff_plain;f=gost_crypt.c;h=516e598d4dc1f32cf2168dff7b7f031044d21bbe;hb=HEAD;hp=8587bd13bb0b4ba1550c28d6afb763c5c33678d0;hpb=c89b75723868791467e949c968988f8cab1c9cf9;p=openssl-gost%2Fengine.git diff --git a/gost_crypt.c b/gost_crypt.c index 8587bd1..516e598 100644 --- a/gost_crypt.c +++ b/gost_crypt.c @@ -1,6 +1,8 @@ /********************************************************************** - * gost_crypt.c * + * gost_crypt.c - Initialize all ciphers * + * * * Copyright (c) 2005-2006 Cryptocom LTD * + * Copyright (c) 2020 Chikunov Vitaly * * This file is distributed under the same license as OpenSSL * * * * OpenSSL interface to GOST 28147-89 cipher functions * @@ -12,6 +14,7 @@ #include #include "e_gost_err.h" #include "gost_lcl.h" +#include "gost_gost2015.h" #if !defined(CCGOST_DEBUG) && !defined(DEBUG) # ifndef NDEBUG @@ -40,78 +43,248 @@ static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl); /* Cleanup function */ static int gost_cipher_cleanup(EVP_CIPHER_CTX *); +static int gost_magma_mgm_cleanup(EVP_CIPHER_CTX *c); /* set/get cipher parameters */ static int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params); static int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params); /* Control function */ static int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); -EVP_CIPHER cipher_gost = { - NID_id_Gost28147_89, - 1, /* block_size */ - 32, /* key_size */ - 8, /* iv_len */ - EVP_CIPH_CFB_MODE | EVP_CIPH_NO_PADDING | - EVP_CIPH_CUSTOM_IV | EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT, - gost_cipher_init, - gost_cipher_do_cfb, - gost_cipher_cleanup, - sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */ - gost89_set_asn1_parameters, - gost89_get_asn1_parameters, - gost_cipher_ctl, - NULL, +static int magma_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +static int magma_cipher_init_ctr_acpkm_omac(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +static int gost_magma_cipher_init_mgm(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +/* Handles block of data in CBC mode */ +static int magma_cipher_do_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int magma_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int magma_cipher_do_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); + +static int magma_cipher_do_ctr_acpkm_omac(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int gost_magma_cipher_do_mgm(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); +/* set/get cipher parameters */ +static int magma_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params); +static int magma_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params); +/* Control function */ +static int magma_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +static int magma_cipher_ctl_acpkm_omac(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +static int gost_magma_mgm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); + +/* + * Single level template accessor. + * Note: that you cannot template 0 value. + */ +#define TPL(st,field) ( \ + ((st)->field) ? ((st)->field) : TPL_VAL(st,field) \ +) + +#define TPL_VAL(st,field) ( \ + ((st)->template ? (st)->template->field : 0) \ +) + +EVP_CIPHER *GOST_init_cipher(GOST_cipher *c) +{ + if (c->cipher) + return c->cipher; + + /* Some sanity checking. */ + int flags = c->flags | TPL_VAL(c, flags); + int block_size = TPL(c, block_size); + switch (flags & EVP_CIPH_MODE) { + case EVP_CIPH_CBC_MODE: + case EVP_CIPH_ECB_MODE: + case EVP_CIPH_WRAP_MODE: + OPENSSL_assert(block_size != 1); + OPENSSL_assert(!(flags & EVP_CIPH_NO_PADDING)); + break; + default: + OPENSSL_assert(block_size == 1); + OPENSSL_assert(flags & EVP_CIPH_NO_PADDING); + } + + if (TPL(c, iv_len)) + OPENSSL_assert(flags & EVP_CIPH_CUSTOM_IV); + else + OPENSSL_assert(!(flags & EVP_CIPH_CUSTOM_IV)); + + EVP_CIPHER *cipher; + if (!(cipher = EVP_CIPHER_meth_new(c->nid, block_size, TPL(c, key_len))) + || !EVP_CIPHER_meth_set_iv_length(cipher, TPL(c, iv_len)) + || !EVP_CIPHER_meth_set_flags(cipher, flags) + || !EVP_CIPHER_meth_set_init(cipher, TPL(c, init)) + || !EVP_CIPHER_meth_set_do_cipher(cipher, TPL(c, do_cipher)) + || !EVP_CIPHER_meth_set_cleanup(cipher, TPL(c, cleanup)) + || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, TPL(c, ctx_size)) + || !EVP_CIPHER_meth_set_set_asn1_params(cipher, TPL(c, set_asn1_parameters)) + || !EVP_CIPHER_meth_set_get_asn1_params(cipher, TPL(c, get_asn1_parameters)) + || !EVP_CIPHER_meth_set_ctrl(cipher, TPL(c, ctrl))) { + EVP_CIPHER_meth_free(cipher); + cipher = NULL; + } + c->cipher = cipher; + return c->cipher; +} + +void GOST_deinit_cipher(GOST_cipher *c) +{ + if (c->cipher) { + EVP_CIPHER_meth_free(c->cipher); + c->cipher = NULL; + } +} + +static GOST_cipher gost_template_cipher = { + .block_size = 8, + .key_len = 32, + .iv_len = 8, + .flags = EVP_CIPH_CUSTOM_IV | + EVP_CIPH_RAND_KEY | + EVP_CIPH_ALWAYS_CALL_INIT, + .cleanup = gost_cipher_cleanup, + .ctx_size = sizeof(struct ossl_gost_cipher_ctx), + .set_asn1_parameters = gost89_set_asn1_parameters, + .get_asn1_parameters = gost89_get_asn1_parameters, + .ctrl = gost_cipher_ctl, +}; + +GOST_cipher Gost28147_89_cipher = { + .nid = NID_id_Gost28147_89, + .template = &gost_template_cipher, + .block_size = 1, + .flags = EVP_CIPH_CFB_MODE | + EVP_CIPH_NO_PADDING, + .init = gost_cipher_init, + .do_cipher = gost_cipher_do_cfb, +}; + +GOST_cipher Gost28147_89_cbc_cipher = { + .nid = NID_gost89_cbc, + .template = &gost_template_cipher, + .flags = EVP_CIPH_CBC_MODE, + .init = gost_cipher_init_cbc, + .do_cipher = gost_cipher_do_cbc, +}; + +GOST_cipher Gost28147_89_cnt_cipher = { + .nid = NID_gost89_cnt, + .template = &gost_template_cipher, + .block_size = 1, + .flags = EVP_CIPH_OFB_MODE | + EVP_CIPH_NO_PADDING, + .init = gost_cipher_init_cpa, + .do_cipher = gost_cipher_do_cnt, +}; + +GOST_cipher Gost28147_89_cnt_12_cipher = { + .nid = NID_gost89_cnt_12, + .template = &gost_template_cipher, + .block_size = 1, + .flags = EVP_CIPH_OFB_MODE | + EVP_CIPH_NO_PADDING, + .init = gost_cipher_init_cp_12, + .do_cipher = gost_cipher_do_cnt, +}; + +static GOST_cipher magma_template_cipher = { + .block_size = 8, + .key_len = 32, + .flags = + EVP_CIPH_RAND_KEY | + EVP_CIPH_ALWAYS_CALL_INIT, + .cleanup = gost_cipher_cleanup, + .ctx_size = sizeof(struct ossl_gost_cipher_ctx), + .set_asn1_parameters = magma_set_asn1_parameters, + .get_asn1_parameters = magma_get_asn1_parameters, + .do_cipher = magma_cipher_do_ctr, + .ctrl = magma_cipher_ctl, +}; + +GOST_cipher magma_ctr_cipher = { + .nid = NID_magma_ctr, + .template = &magma_template_cipher, + .block_size = 1, + .iv_len = 4, + .flags = EVP_CIPH_CTR_MODE | + EVP_CIPH_CUSTOM_IV | + EVP_CIPH_NO_PADDING, + .init = magma_cipher_init, +}; + +GOST_cipher magma_ctr_acpkm_cipher = { + .nid = NID_magma_ctr_acpkm, + .template = &magma_template_cipher, + .block_size = 1, + .iv_len = 4, + .flags = EVP_CIPH_CTR_MODE | + EVP_CIPH_CUSTOM_IV | + EVP_CIPH_NO_PADDING, + .init = magma_cipher_init, +}; + +GOST_cipher magma_ctr_acpkm_omac_cipher = { + .nid = NID_magma_ctr_acpkm_omac, + .template = &magma_template_cipher, + .block_size = 1, + .iv_len = 4, + .flags = EVP_CIPH_CTR_MODE | + EVP_CIPH_CUSTOM_IV | + EVP_CIPH_NO_PADDING | + EVP_CIPH_CUSTOM_COPY | + EVP_CIPH_FLAG_CUSTOM_CIPHER | + EVP_CIPH_FLAG_CIPHER_WITH_MAC, + .init = magma_cipher_init_ctr_acpkm_omac, + .do_cipher = magma_cipher_do_ctr_acpkm_omac, + .ctrl = magma_cipher_ctl_acpkm_omac, }; -EVP_CIPHER cipher_gost_cbc = { - NID_gost89_cbc, - 8, /*block_size */ - 32, /*key_size */ - 8, /*iv_len */ - EVP_CIPH_CBC_MODE | - EVP_CIPH_CUSTOM_IV | EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT, - gost_cipher_init_cbc, - gost_cipher_do_cbc, - gost_cipher_cleanup, - sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */ - gost89_set_asn1_parameters, - gost89_get_asn1_parameters, - gost_cipher_ctl, - NULL, +GOST_cipher magma_ecb_cipher = { + .nid = NID_magma_ecb, + .template = &magma_template_cipher, + .flags = EVP_CIPH_ECB_MODE, + .init = magma_cipher_init, + .do_cipher = magma_cipher_do_ecb, }; -EVP_CIPHER cipher_gost_cpacnt = { - NID_gost89_cnt, - 1, /* block_size */ - 32, /* key_size */ - 8, /* iv_len */ - EVP_CIPH_OFB_MODE | EVP_CIPH_NO_PADDING | - EVP_CIPH_CUSTOM_IV | EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT, - gost_cipher_init_cpa, - gost_cipher_do_cnt, - gost_cipher_cleanup, - sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */ - gost89_set_asn1_parameters, - gost89_get_asn1_parameters, - gost_cipher_ctl, - NULL, + GOST_cipher magma_mgm_cipher = { + .nid = NID_undef, + .template = &magma_template_cipher, + .block_size = 1, + .iv_len = 8, + .flags = EVP_CIPH_NO_PADDING | + EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER | + EVP_CIPH_CTRL_INIT | EVP_CIPH_FLAG_AEAD_CIPHER, + .init = gost_magma_cipher_init_mgm, + .do_cipher = gost_magma_cipher_do_mgm, + .ctrl = gost_magma_mgm_ctrl, + .cleanup = gost_magma_mgm_cleanup, + .ctx_size = sizeof(gost_mgm_ctx) + }; + +static void magma_NID_callback (int nid) +{ + magma_mgm_cipher.nid = nid; +} + +GOST_NID_JOB magma_mgm_NID = { + .sn = SN_magma_mgm, + .ln = SN_magma_mgm, + .callback = magma_NID_callback, }; -EVP_CIPHER cipher_gost_cpcnt_12 = { - NID_gost89_cnt_12, - 1, /* block_size */ - 32, /* key_size */ - 8, /* iv_len */ - EVP_CIPH_OFB_MODE | EVP_CIPH_NO_PADDING | - EVP_CIPH_CUSTOM_IV | EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT, - gost_cipher_init_cp_12, - gost_cipher_do_cnt, - gost_cipher_cleanup, - sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */ - gost89_set_asn1_parameters, - gost89_get_asn1_parameters, - gost_cipher_ctl, - NULL, +GOST_cipher magma_cbc_cipher = { + .nid = NID_magma_cbc, + .template = &gost_template_cipher, + .iv_len = 8, + .flags = EVP_CIPH_CBC_MODE | + EVP_CIPH_CUSTOM_IV, + .init = magma_cipher_init, + .do_cipher = magma_cipher_do_cbc, }; /* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */ @@ -128,40 +301,32 @@ static int gost_imit_cleanup(EVP_MD_CTX *ctx); /* Control function, knows how to set MAC key.*/ static int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr); -EVP_MD imit_gost_cpa = { - NID_id_Gost28147_89_MAC, - NID_undef, - 4, - 0, - gost_imit_init_cpa, - gost_imit_update, - gost_imit_final, - gost_imit_copy, - gost_imit_cleanup, - NULL, - NULL, - {0, 0, 0, 0, 0}, - 8, - sizeof(struct ossl_gost_imit_ctx), - gost_imit_ctrl +GOST_digest Gost28147_89_MAC_digest = { + .nid = NID_id_Gost28147_89_MAC, + .result_size = 4, + .input_blocksize = 8, + .app_datasize = sizeof(struct ossl_gost_imit_ctx), + .flags = EVP_MD_FLAG_XOF, + .init = gost_imit_init_cpa, + .update = gost_imit_update, + .final = gost_imit_final, + .copy = gost_imit_copy, + .cleanup = gost_imit_cleanup, + .ctrl = gost_imit_ctrl, }; -EVP_MD imit_gost_cp_12 = { - NID_gost_mac_12, - NID_undef, - 4, - 0, - gost_imit_init_cp_12, - gost_imit_update, - gost_imit_final, - gost_imit_copy, - gost_imit_cleanup, - NULL, - NULL, - {0, 0, 0, 0, 0}, - 8, - sizeof(struct ossl_gost_imit_ctx), - gost_imit_ctrl +GOST_digest Gost28147_89_mac_12_digest = { + .nid = NID_gost_mac_12, + .result_size = 4, + .input_blocksize = 8, + .app_datasize = sizeof(struct ossl_gost_imit_ctx), + .flags = EVP_MD_FLAG_XOF, + .init = gost_imit_init_cp_12, + .update = gost_imit_update, + .final = gost_imit_final, + .copy = gost_imit_copy, + .cleanup = gost_imit_cleanup, + .ctrl = gost_imit_ctrl, }; /* @@ -170,7 +335,7 @@ EVP_MD imit_gost_cp_12 = { * upon engine initialization */ -struct gost_cipher_info gost_cipher_list[] = { +static struct gost_cipher_info gost_cipher_list[] = { /*- NID *//* * Subst block *//* @@ -216,6 +381,8 @@ const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj) if (nid == NID_undef) { GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS, GOST_R_INVALID_CIPHER_PARAM_OID); + ERR_add_error_data(3, "Unsupported CRYPT_PARAMS='", + params, "' specified in environment or in config"); return NULL; } } else { @@ -234,8 +401,7 @@ const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj) static int gost_cipher_set_param(struct ossl_gost_cipher_ctx *c, int nid) { const struct gost_cipher_info *param; - param = - get_encryption_params((nid == NID_undef ? NULL : OBJ_nid2obj(nid))); + param = get_encryption_params((nid == NID_undef ? NULL : OBJ_nid2obj(nid))); if (!param) return 0; @@ -252,17 +418,20 @@ static int gost_cipher_init_param(EVP_CIPHER_CTX *ctx, const unsigned char *iv, int enc, int paramNID, int mode) { - struct ossl_gost_cipher_ctx *c = ctx->cipher_data; - if (ctx->app_data == NULL) { + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + if (EVP_CIPHER_CTX_get_app_data(ctx) == NULL) { if (!gost_cipher_set_param(c, paramNID)) return 0; - ctx->app_data = ctx->cipher_data; + EVP_CIPHER_CTX_set_app_data(ctx, EVP_CIPHER_CTX_get_cipher_data(ctx)); } if (key) gost_key(&(c->cctx), key); - if (iv) - memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); - memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); + if (iv) { + memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv, + EVP_CIPHER_CTX_iv_length(ctx)); + } + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_original_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx)); return 1; } @@ -271,15 +440,18 @@ static int gost_cipher_init_cnt(EVP_CIPHER_CTX *ctx, const unsigned char *iv, gost_subst_block * block) { - struct ossl_gost_cipher_ctx *c = ctx->cipher_data; + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); gost_init(&(c->cctx), block); c->key_meshing = 1; c->count = 0; if (key) gost_key(&(c->cctx), key); - if (iv) - memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); - memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); + if (iv) { + memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv, + EVP_CIPHER_CTX_iv_length(ctx)); + } + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_original_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx)); return 1; } @@ -297,7 +469,7 @@ static int gost_cipher_init_cp_12(EVP_CIPHER_CTX *ctx, } /* Initializes EVP_CIPHER_CTX with default values */ -int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, +static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { return gost_cipher_init_param(ctx, key, iv, enc, NID_undef, @@ -305,13 +477,182 @@ int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, } /* Initializes EVP_CIPHER_CTX with default values */ -int gost_cipher_init_cbc(EVP_CIPHER_CTX *ctx, const unsigned char *key, +static int gost_cipher_init_cbc(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { return gost_cipher_init_param(ctx, key, iv, enc, NID_undef, EVP_CIPH_CBC_MODE); } +/* Initializes EVP_CIPHER_CTX with default values */ +static int magma_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + /* FIXME this is just initializtion check */ + if (EVP_CIPHER_CTX_get_app_data(ctx) == NULL) { + if (!gost_cipher_set_param(c, NID_id_tc26_gost_28147_param_Z)) + return 0; + EVP_CIPHER_CTX_set_app_data(ctx, EVP_CIPHER_CTX_get_cipher_data(ctx)); + + if (enc) { + if (init_zero_kdf_seed(c->kdf_seed) == 0) + return -1; + } + } + + if (key) { + magma_key(&(c->cctx), key); + magma_master_key(&(c->cctx), key); + } + if (iv) { + memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv, + EVP_CIPHER_CTX_iv_length(ctx)); + } + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_original_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx)); + + if (EVP_CIPHER_CTX_nid(ctx) == NID_magma_ctr_acpkm + || EVP_CIPHER_CTX_nid(ctx) == NID_magma_ctr_acpkm_omac) { + c->key_meshing = 1024; + } else { + c->key_meshing = 0; + } + + return 1; +} + +/* Initializes EVP_CIPHER_CTX with default values */ +static int magma_cipher_init_ctr_acpkm_omac(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + if (key) { + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + unsigned char cipher_key[32]; + c->omac_ctx = EVP_MD_CTX_new(); + + if (c->omac_ctx == NULL) { + GOSTerr(GOST_F_MAGMA_CIPHER_INIT_CTR_ACPKM_OMAC, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (gost2015_acpkm_omac_init(NID_magma_mac, enc, key, + c->omac_ctx, cipher_key, c->kdf_seed) != 1) { + EVP_MD_CTX_free(c->omac_ctx); + c->omac_ctx = NULL; + return 0; + } + + return magma_cipher_init(ctx, cipher_key, iv, enc); + } + + return magma_cipher_init(ctx, key, iv, enc); +} + +void gost_magma_encrypt_wrap(unsigned char *in, unsigned char *out, + struct ossl_gost_cipher_ctx *c) { + int i; + unsigned char b[8]; + unsigned char d[8]; + for (i = 0; i < 8; i++) { + b[7 - i] = in[i]; + } + gostcrypt(&(c->cctx), b, d); + for (i = 0; i < 8; i++) { + out[7 - i] = d[i]; + } +} + +/* ----------------------------------------------------------------------------------------------- */ +/*! Функция реализует операцию умножения двух элементов конечного поля \f$ \mathbb F_{2^{64}}\f$, + порожденного неприводимым многочленом + \f$ f(x) = x^{64} + x^4 + x^3 + x + 1 \in \mathbb F_2[x]\f$. Для умножения используется + простейшая реализация, основанная на приведении по модулю после каждого шага алгоритма. */ +/* ----------------------------------------------------------------------------------------------- */ +static void gf64_mul (uint64_t *result, uint64_t *arg1, uint64_t *arg2) +{ + int i = 0; + register uint64_t t, X0; + uint64_t Z0 = 0; + +#ifdef L_ENDIAN + X0 = BSWAP64(*arg1); +#else + X0 = *arg1; +#endif + +#ifdef L_ENDIAN + t = BSWAP64(*(arg2)); +#else + t = *(arg2); +#endif + + for (i = 0; i < 63; i++) { + if (t & 0x1) { + Z0 ^= X0; + } + t >>= 1; + if (X0 & 0x8000000000000000) { + X0 <<= 1; + X0 ^= 0x1b; + } + else { + X0 <<= 1; + } + } + + if (t & 0x1) { + Z0 ^= X0; + } + +#ifdef L_ENDIAN + *(result) = BSWAP64(Z0); +#else + *(result) = Z0; +#endif +} + +static int gost_magma_cipher_init_mgm(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + gost_mgm_ctx *mctx = + (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + int bl; + + if (!iv && !key) + return 1; + if (key) { + bl = EVP_CIPHER_CTX_iv_length(ctx); + if (!gost_cipher_set_param(&mctx->ks.g_ks, NID_id_tc26_gost_28147_param_Z)) + return 0; + magma_key(&(mctx->ks.g_ks.cctx), key); + gost_mgm128_init(&mctx->mgm, &mctx->ks, + (block128_f) gost_magma_encrypt_wrap, gf64_mul, bl); + + /* + * If we have an iv can set it directly, otherwise use saved IV. + */ + if (iv == NULL && mctx->iv_set) + iv = mctx->iv; + if (iv) { + if (gost_mgm128_setiv(&mctx->mgm, iv, mctx->ivlen) != 1) + return 0; + mctx->iv_set = 1; + } + mctx->key_set = 1; + } else { + /* If key set use IV, otherwise copy */ + if (mctx->key_set) { + if (gost_mgm128_setiv(&mctx->mgm, iv, mctx->ivlen) != 1) + return 0; + } + else + memcpy(mctx->iv, iv, mctx->ivlen); + mctx->iv_set = 1; + } + return 1; +} + /* * Wrapper around gostcrypt function from gost89.c which perform key meshing * when nesseccary @@ -361,34 +702,99 @@ static void gost_cnt_next(void *ctx, unsigned char *iv, unsigned char *buf) c->count = c->count % 1024 + 8; } -/* GOST encryptoon in CBC mode */ -int gost_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, +/* GOST encryption in CBC mode */ +static int gost_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { unsigned char b[8]; const unsigned char *in_ptr = in; unsigned char *out_ptr = out; int i; - struct ossl_gost_cipher_ctx *c = ctx->cipher_data; - OPENSSL_assert(inl % 8 == 0); - if (ctx->encrypt) { + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); + if (EVP_CIPHER_CTX_encrypting(ctx)) { while (inl > 0) { + for (i = 0; i < 8; i++) { - b[i] = ctx->iv[i] ^ in_ptr[i]; + b[i] = iv[i] ^ in_ptr[i]; } gostcrypt(&(c->cctx), b, out_ptr); - memcpy(ctx->iv, out_ptr, 8); + memcpy(iv, out_ptr, 8); out_ptr += 8; in_ptr += 8; inl -= 8; } } else { while (inl > 0) { + unsigned char tmpiv[8]; gostdecrypt(&(c->cctx), in_ptr, b); + memcpy(tmpiv, in_ptr, 8); + for (i = 0; i < 8; i++) { + out_ptr[i] = iv[i] ^ b[i]; + } + memcpy(iv, tmpiv, 8); + out_ptr += 8; + in_ptr += 8; + inl -= 8; + } + } + return 1; +} + +/* MAGMA encryption in ECB mode */ +static int magma_cipher_do_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + if (EVP_CIPHER_CTX_encrypting(ctx)) { + while (inl > 0) { + magmacrypt(&(c->cctx), in, out); + out += 8; + in += 8; + inl -= 8; + } + } else { + while (inl > 0) { + magmadecrypt(&(c->cctx), in, out); + out += 8; + in += 8; + inl -= 8; + } + } + return 1; +} + +/* MAGMA encryption in CBC mode */ +static int magma_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + unsigned char b[8]; + unsigned char d[8]; + const unsigned char *in_ptr = in; + unsigned char *out_ptr = out; + int i; + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); + if (EVP_CIPHER_CTX_encrypting(ctx)) { + while (inl > 0) { + + for (i = 0; i < 8; i++) { + out_ptr[i] = iv[i] ^ in_ptr[i]; + } + magmacrypt(&(c->cctx), out_ptr, out_ptr); + memcpy(iv, out_ptr, 8); + out_ptr += 8; + in_ptr += 8; + inl -= 8; + } + } else { + while (inl > 0) { + magmadecrypt(&(c->cctx), in_ptr, b); + memcpy(d, in_ptr, 8); for (i = 0; i < 8; i++) { - out_ptr[i] = ctx->iv[i] ^ b[i]; + out_ptr[i] = iv[i] ^ b[i]; } - memcpy(ctx->iv, in_ptr, 8); + memcpy(iv, d, 8); out_ptr += 8; in_ptr += 8; inl -= 8; @@ -397,67 +803,214 @@ int gost_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } +/* increment counter (64-bit int) by 1 */ +static void ctr64_inc(unsigned char *counter) +{ + inc_counter(counter, 8); +} + +#define MAGMA_BLOCK_SIZE 8 +#define MAGMA_BLOCK_MASK (MAGMA_BLOCK_SIZE - 1) +static inline void apply_acpkm_magma(struct ossl_gost_cipher_ctx * + ctx, unsigned int *num) +{ + if (!ctx->key_meshing || (*num < (unsigned int)ctx->key_meshing)) + return; + acpkm_magma_key_meshing(&ctx->cctx); + *num &= MAGMA_BLOCK_MASK; +} + +/* MAGMA encryption in CTR mode */ +static int magma_cipher_do_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + const unsigned char *in_ptr = in; + unsigned char *out_ptr = out; + size_t j; + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); + unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); + unsigned int num = EVP_CIPHER_CTX_num(ctx); + size_t blocks, i, lasted = inl; +/* Process partial blocks */ + while ((num & MAGMA_BLOCK_MASK) && lasted) { + *out_ptr++ = *in_ptr++ ^ buf[num & MAGMA_BLOCK_MASK]; + --lasted; + num++; + } + blocks = lasted / MAGMA_BLOCK_SIZE; + +/* Process full blocks */ + for (i = 0; i < blocks; i++) { + apply_acpkm_magma(c, &num); + magmacrypt(&(c->cctx), iv, buf); + for (j = 0; j < 8; j++) { + out_ptr[j] = buf[j] ^ in_ptr[j]; + } + ctr64_inc(iv); + c->count += MAGMA_BLOCK_SIZE; + in_ptr += MAGMA_BLOCK_SIZE; + out_ptr += MAGMA_BLOCK_SIZE; + num += MAGMA_BLOCK_SIZE; + lasted -= MAGMA_BLOCK_SIZE; + } + +/* Process the rest of plaintext */ + if (lasted > 0) { + apply_acpkm_magma(c, &num); + magmacrypt(&(c->cctx), iv, buf); + + for (i = 0; i < lasted; i++) + out_ptr[i] = buf[i] ^ in_ptr[i]; + ctr64_inc(iv); + c->count += 8; + num += lasted; + } + EVP_CIPHER_CTX_set_num(ctx, num); + + return inl; +} + +/* MAGMA encryption in CTR mode */ +static int magma_cipher_do_ctr_acpkm_omac(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + + if (in == NULL && inl == 0) /* Final call */ + return gost2015_final_call(ctx, c->omac_ctx, MAGMA_MAC_MAX_SIZE, c->tag, magma_cipher_do_ctr); + + if (in == NULL) + return -1; + + /* As in and out can be the same pointer, process unencrypted here */ + if (EVP_CIPHER_CTX_encrypting(ctx)) + EVP_DigestSignUpdate(c->omac_ctx, in, inl); + + if (magma_cipher_do_ctr(ctx, out, in, inl) != inl) + return -1; + + /* As in and out can be the same pointer, process decrypted here */ + if (!EVP_CIPHER_CTX_encrypting(ctx)) + EVP_DigestSignUpdate(c->omac_ctx, out, inl); + + return inl; +} + +static int gost_magma_cipher_do_mgm(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + gost_mgm_ctx *mctx = + (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + int enc = EVP_CIPHER_CTX_encrypting(ctx); + + /* If not set up, return error */ + if (!mctx->key_set) { + GOSTerr(GOST_F_GOST_MAGMA_CIPHER_DO_MGM, + GOST_R_BAD_ORDER); + return -1; + } + + if (!mctx->iv_set) { + GOSTerr(GOST_F_GOST_MAGMA_CIPHER_DO_MGM, + GOST_R_BAD_ORDER); + return -1; + } + if (in) { + if (out == NULL) { + if (gost_mgm128_aad(&mctx->mgm, in, len)) + return -1; + } else if (enc) { + if (gost_mgm128_encrypt(&mctx->mgm, in, out, len)) + return -1; + } else { + if (gost_mgm128_decrypt(&mctx->mgm, in, out, len)) + return -1; + } + return len; + } else { + if (!enc) { + if (mctx->taglen < 0) + return -1; + if (gost_mgm128_finish(&mctx->mgm, + EVP_CIPHER_CTX_buf_noconst(ctx), + mctx->taglen) != 0) + return -1; + mctx->iv_set = 0; + return 0; + } + gost_mgm128_tag(&mctx->mgm, EVP_CIPHER_CTX_buf_noconst(ctx), 8); + mctx->taglen = 8; + /* Don't reuse the IV */ + mctx->iv_set = 0; + return 0; + } + +} + /* GOST encryption in CFB mode */ -int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, +static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { const unsigned char *in_ptr = in; unsigned char *out_ptr = out; size_t i = 0; size_t j = 0; + unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); + unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); /* process partial block if any */ - if (ctx->num) { - for (j = ctx->num, i = 0; j < 8 && i < inl; + if (EVP_CIPHER_CTX_num(ctx)) { + for (j = EVP_CIPHER_CTX_num(ctx), i = 0; j < 8 && i < inl; j++, i++, in_ptr++, out_ptr++) { - if (!ctx->encrypt) - ctx->buf[j + 8] = *in_ptr; - *out_ptr = ctx->buf[j] ^ (*in_ptr); - if (ctx->encrypt) - ctx->buf[j + 8] = *out_ptr; + if (!EVP_CIPHER_CTX_encrypting(ctx)) + buf[j + 8] = *in_ptr; + *out_ptr = buf[j] ^ (*in_ptr); + if (EVP_CIPHER_CTX_encrypting(ctx)) + buf[j + 8] = *out_ptr; } if (j == 8) { - memcpy(ctx->iv, ctx->buf + 8, 8); - ctx->num = 0; + memcpy(iv, buf + 8, 8); + EVP_CIPHER_CTX_set_num(ctx, 0); } else { - ctx->num = j; + EVP_CIPHER_CTX_set_num(ctx, j); return 1; } } - for (; i + 8 < inl; i += 8, in_ptr += 8, out_ptr += 8) { + for (; (inl - i) >= 8; i += 8, in_ptr += 8, out_ptr += 8) { /* * block cipher current iv */ - gost_crypt_mesh(ctx->cipher_data, ctx->iv, ctx->buf); + gost_crypt_mesh(EVP_CIPHER_CTX_get_cipher_data(ctx), iv, buf); /* * xor next block of input text with it and output it */ /* * output this block */ - if (!ctx->encrypt) - memcpy(ctx->iv, in_ptr, 8); + if (!EVP_CIPHER_CTX_encrypting(ctx)) + memcpy(iv, in_ptr, 8); for (j = 0; j < 8; j++) { - out_ptr[j] = ctx->buf[j] ^ in_ptr[j]; + out_ptr[j] = buf[j] ^ in_ptr[j]; } /* Encrypt */ /* Next iv is next block of cipher text */ - if (ctx->encrypt) - memcpy(ctx->iv, out_ptr, 8); + if (EVP_CIPHER_CTX_encrypting(ctx)) + memcpy(iv, out_ptr, 8); } /* Process rest of buffer */ if (i < inl) { - gost_crypt_mesh(ctx->cipher_data, ctx->iv, ctx->buf); - if (!ctx->encrypt) - memcpy(ctx->buf + 8, in_ptr, inl - i); + gost_crypt_mesh(EVP_CIPHER_CTX_get_cipher_data(ctx), iv, buf); + if (!EVP_CIPHER_CTX_encrypting(ctx)) + memcpy(buf + 8, in_ptr, inl - i); for (j = 0; i < inl; j++, i++) { - out_ptr[j] = ctx->buf[j] ^ in_ptr[j]; + out_ptr[j] = buf[j] ^ in_ptr[j]; } - ctx->num = j; - if (ctx->encrypt) - memcpy(ctx->buf + 8, out_ptr, j); + EVP_CIPHER_CTX_set_num(ctx, j); + if (EVP_CIPHER_CTX_encrypting(ctx)) + memcpy(buf + 8, out_ptr, j); } else { - ctx->num = 0; + EVP_CIPHER_CTX_set_num(ctx, 0); } return 1; } @@ -469,26 +1022,28 @@ static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char *out_ptr = out; size_t i = 0; size_t j; + unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); + unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); /* process partial block if any */ - if (ctx->num) { - for (j = ctx->num, i = 0; j < 8 && i < inl; + if (EVP_CIPHER_CTX_num(ctx)) { + for (j = EVP_CIPHER_CTX_num(ctx), i = 0; j < 8 && i < inl; j++, i++, in_ptr++, out_ptr++) { - *out_ptr = ctx->buf[j] ^ (*in_ptr); + *out_ptr = buf[j] ^ (*in_ptr); } if (j == 8) { - ctx->num = 0; + EVP_CIPHER_CTX_set_num(ctx, 0); } else { - ctx->num = j; + EVP_CIPHER_CTX_set_num(ctx, j); return 1; } } - for (; i + 8 < inl; i += 8, in_ptr += 8, out_ptr += 8) { + for (; (inl - i) >= 8; i += 8, in_ptr += 8, out_ptr += 8) { /* * block cipher current iv */ /* Encrypt */ - gost_cnt_next(ctx->cipher_data, ctx->iv, ctx->buf); + gost_cnt_next(EVP_CIPHER_CTX_get_cipher_data(ctx), iv, buf); /* * xor next block of input text with it and output it */ @@ -496,45 +1051,112 @@ static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out, * output this block */ for (j = 0; j < 8; j++) { - out_ptr[j] = ctx->buf[j] ^ in_ptr[j]; + out_ptr[j] = buf[j] ^ in_ptr[j]; } } /* Process rest of buffer */ if (i < inl) { - gost_cnt_next(ctx->cipher_data, ctx->iv, ctx->buf); + gost_cnt_next(EVP_CIPHER_CTX_get_cipher_data(ctx), iv, buf); for (j = 0; i < inl; j++, i++) { - out_ptr[j] = ctx->buf[j] ^ in_ptr[j]; + out_ptr[j] = buf[j] ^ in_ptr[j]; } - ctx->num = j; + EVP_CIPHER_CTX_set_num(ctx, j); } else { - ctx->num = 0; + EVP_CIPHER_CTX_set_num(ctx, 0); } return 1; } /* Cleaning up of EVP_CIPHER_CTX */ -int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx) +static int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx) { - gost_destroy(&((struct ossl_gost_cipher_ctx *)ctx->cipher_data)->cctx); - ctx->app_data = NULL; + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + EVP_MD_CTX_free(c->omac_ctx); + gost_destroy(&(c->cctx)); + EVP_CIPHER_CTX_set_app_data(ctx, NULL); return 1; } -/* Control function for gost cipher */ -int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +static int gost_magma_mgm_cleanup(EVP_CIPHER_CTX *c) +{ + gost_mgm_ctx *mctx = + (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(c); + if (mctx == NULL) + return 0; + gost_destroy(&mctx->ks.g_ks.cctx); + OPENSSL_cleanse(&mctx->mgm, sizeof(mctx->mgm)); + EVP_CIPHER_CTX_set_app_data(c, NULL); + return 1; +} + +static int gost_magma_mgm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { + gost_mgm_ctx *mctx = + (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(c); + unsigned char *buf, *iv; + int ivlen, enc; + switch (type) { case EVP_CTRL_INIT: - { - struct ossl_gost_cipher_ctx *c = ctx->cipher_data; - if (c == NULL) { - return -1; - } - return gost_cipher_set_param(c, arg); + ivlen = EVP_CIPHER_iv_length(EVP_CIPHER_CTX_cipher(c)); + iv = EVP_CIPHER_CTX_iv_noconst(c); + mctx->key_set = 0; + mctx->iv_set = 0; + mctx->ivlen = ivlen; + mctx->iv = iv; + mctx->taglen = -1; + return 1; + + case EVP_CTRL_GET_IVLEN: + *(int *)ptr = mctx->ivlen; + return 1; + + case EVP_CTRL_AEAD_SET_IVLEN: + if (arg <= 0) + return 0; + if ((arg > EVP_MAX_IV_LENGTH) && (arg > mctx->ivlen)) { + // TODO: Allocate memory for IV or set error + return 0; + } + mctx->ivlen = arg; + return 1; + + case EVP_CTRL_AEAD_SET_TAG: + buf = EVP_CIPHER_CTX_buf_noconst(c); + enc = EVP_CIPHER_CTX_encrypting(c); + if (arg <= 0 || arg != 8 || enc) { + GOSTerr(GOST_F_GOST_MAGMA_MGM_CTRL, + GOST_R_INVALID_TAG_LENGTH); + return 0; + } + memcpy(buf, ptr, arg); + mctx->taglen = arg; + return 1; + + case EVP_CTRL_AEAD_GET_TAG: + buf = EVP_CIPHER_CTX_buf_noconst(c); + enc = EVP_CIPHER_CTX_encrypting(c); + if (arg <= 0 || arg > 8 || !enc || mctx->taglen < 0) { + GOSTerr(GOST_F_GOST_MAGMA_MGM_CTRL, + GOST_R_INVALID_TAG_LENGTH); + return 0; } + memcpy(ptr, buf, arg); + return 1; + + default: + return -1; + } +} + +/* Control function for gost cipher */ +static int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +{ + switch (type) { case EVP_CTRL_RAND_KEY: { - if (RAND_bytes((unsigned char *)ptr, ctx->key_len) <= 0) { + if (RAND_priv_bytes + ((unsigned char *)ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0) { GOSTerr(GOST_F_GOST_CIPHER_CTL, GOST_R_RNG_ERROR); return -1; } @@ -558,10 +1180,11 @@ int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) } else { return 0; } -#ifdef EVP_CTRL_SET_SBOX + case EVP_CTRL_SET_SBOX: if (ptr) { - struct ossl_gost_cipher_ctx *c = ctx->cipher_data; + struct ossl_gost_cipher_ctx *c = + EVP_CIPHER_CTX_get_cipher_data(ctx); int nid; int cur_meshing; int ret; @@ -584,13 +1207,12 @@ int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) c->key_meshing = cur_meshing; return ret; } else { - return 0; + return 0; } -#endif -#ifdef EVP_CTRL_KEY_MESH case EVP_CTRL_KEY_MESH: { - struct ossl_gost_cipher_ctx *c = ctx->cipher_data; + struct ossl_gost_cipher_ctx *c = + EVP_CIPHER_CTX_get_cipher_data(ctx); if (c == NULL) { return -1; @@ -602,30 +1224,162 @@ int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) c->key_meshing = arg; return 1; - } -#endif + } default: - GOSTerr(GOST_F_GOST_CIPHER_CTL, - GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND); + GOSTerr(GOST_F_GOST_CIPHER_CTL, GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND); return -1; } return 1; } +/* Decrement 8-byte sequence if needed */ +int decrement_sequence(unsigned char *seq, int decrement) { + if (decrement < 0 || decrement > 1) + return 0; + + int j; + if (decrement) { + for (j = 7; j >= 0; j--) + { + if (seq[j] != 0) + { + seq[j]--; + break; + } + else + seq[j] = 0xFF; + } + } + return 1; +} + +/* Control function for gost cipher */ +static int magma_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +{ + switch (type) { + case EVP_CTRL_RAND_KEY: + if (RAND_priv_bytes + ((unsigned char *)ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0) { + GOSTerr(GOST_F_MAGMA_CIPHER_CTL, GOST_R_RNG_ERROR); + return -1; + } + break; + case EVP_CTRL_KEY_MESH: + { + struct ossl_gost_cipher_ctx *c = + EVP_CIPHER_CTX_get_cipher_data(ctx); + + if (c == NULL) { + return -1; + } + + if (c->count != 0) { + return -1; + } + + c->key_meshing = arg; + return 1; + } + case EVP_CTRL_TLSTREE: + { + unsigned char newkey[32]; + int mode = EVP_CIPHER_CTX_mode(ctx); + struct ossl_gost_cipher_ctx *ctr_ctx = NULL; + gost_ctx *c = NULL; + + unsigned char adjusted_iv[8]; + unsigned char seq[8]; + int j, carry, decrement_arg; + if (mode != EVP_CIPH_CTR_MODE) + return -1; + + ctr_ctx = (struct ossl_gost_cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + c = &(ctr_ctx->cctx); + + /* + * 'arg' parameter indicates what we should do with sequence value. + * + * When function called, seq is incremented after MAC calculation. + * In ETM mode, we use seq 'as is' in the ctrl-function (arg = 0) + * Otherwise we have to decrease it in the implementation (arg = 1). + */ + memcpy(seq, ptr, 8); + decrement_arg = arg; + if(!decrement_sequence(seq, decrement_arg)) { + GOSTerr(GOST_F_MAGMA_CIPHER_CTL, GOST_R_CTRL_CALL_FAILED); + return -1; + } + + if (gost_tlstree(NID_magma_cbc, (const unsigned char *)c->master_key, newkey, + (const unsigned char *)seq) > 0) { + memset(adjusted_iv, 0, 8); + memcpy(adjusted_iv, EVP_CIPHER_CTX_original_iv(ctx), 4); + for (j = 3, carry = 0; j >= 0; j--) + { + int adj_byte = adjusted_iv[j] + seq[j+4] + carry; + carry = (adj_byte > 255) ? 1 : 0; + adjusted_iv[j] = adj_byte & 0xFF; + } + EVP_CIPHER_CTX_set_num(ctx, 0); + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), adjusted_iv, 8); + + magma_key(c, newkey); + return 1; + } + } + return -1; + default: + GOSTerr(GOST_F_MAGMA_CIPHER_CTL, GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND); + return -1; + } + return 1; +} + +static int magma_cipher_ctl_acpkm_omac(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +{ + switch (type) + { + case EVP_CTRL_PROCESS_UNPROTECTED: + { + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + STACK_OF(X509_ATTRIBUTE) *x = ptr; + return gost2015_process_unprotected_attributes(x, arg, MAGMA_MAC_MAX_SIZE, c->tag); + } + case EVP_CTRL_COPY: { + EVP_CIPHER_CTX *out = ptr; + struct ossl_gost_cipher_ctx *in_cctx = EVP_CIPHER_CTX_get_cipher_data(ctx); + struct ossl_gost_cipher_ctx *out_cctx = EVP_CIPHER_CTX_get_cipher_data(out); + + if (in_cctx->omac_ctx == out_cctx->omac_ctx) { + out_cctx->omac_ctx = EVP_MD_CTX_new(); + if (out_cctx->omac_ctx == NULL) { + GOSTerr(GOST_F_MAGMA_CIPHER_CTL_ACPKM_OMAC, ERR_R_MALLOC_FAILURE); + return -1; + } + } + return EVP_MD_CTX_copy(out_cctx->omac_ctx, in_cctx->omac_ctx); + } + default: + return magma_cipher_ctl(ctx, type, arg, ptr); + break; + } +} + /* Set cipher parameters from ASN1 structure */ -int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) +static int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) { int len = 0; unsigned char *buf = NULL; unsigned char *p = NULL; - struct ossl_gost_cipher_ctx *c = ctx->cipher_data; + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new(); ASN1_OCTET_STRING *os = NULL; if (!gcp) { GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE); return 0; } - if (!ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len)) { + if (!ASN1_OCTET_STRING_set + (gcp->iv, EVP_CIPHER_CTX_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx))) { GOST_CIPHER_PARAMS_free(gcp); GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE); return 0; @@ -657,17 +1411,16 @@ int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) } /* Store parameters into ASN1 structure */ -int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) +static int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) { - int ret = -1; int len; GOST_CIPHER_PARAMS *gcp = NULL; unsigned char *p; - struct ossl_gost_cipher_ctx *c = ctx->cipher_data; + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); int nid; if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) { - return ret; + return -1; } p = params->value.sequence->data; @@ -676,7 +1429,7 @@ int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) params->value.sequence->length); len = gcp->iv->length; - if (len != ctx->cipher->iv_len) { + if (len != EVP_CIPHER_CTX_iv_length(ctx)) { GOST_CIPHER_PARAMS_free(gcp); GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS, GOST_R_INVALID_IV_LENGTH); return -1; @@ -694,21 +1447,46 @@ int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) GOST_CIPHER_PARAMS_free(gcp); return -1; } - - { - ASN1_TYPE tmp; - ASN1_TYPE_set(&tmp, V_ASN1_OCTET_STRING, gcp->iv); - EVP_CIPHER_get_asn1_iv(ctx, &tmp); - } + /*XXX missing non-const accessor */ + memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), gcp->iv->data, + EVP_CIPHER_CTX_iv_length(ctx)); GOST_CIPHER_PARAMS_free(gcp); return 1; } +#define MAGMA_UKM_LEN 12 +static int magma_set_asn1_parameters (EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) +{ + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + c->key_meshing = 8192; + + return gost2015_set_asn1_params(params, EVP_CIPHER_CTX_original_iv(ctx), 4, + c->kdf_seed); +} + +static int magma_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) +{ + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + unsigned char iv[16]; + + c->key_meshing = 8192; + + if (gost2015_get_asn1_params(params, MAGMA_UKM_LEN, iv, 4, c->kdf_seed) < 0) + return -1; + + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, sizeof(iv)); + memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv, sizeof(iv)); + /* Key meshing 8 kb*/ + c->key_meshing = 8192; + + return 1; +} + static int gost_imit_init(EVP_MD_CTX *ctx, gost_subst_block * block) { - struct ossl_gost_imit_ctx *c = ctx->md_data; + struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx); memset(c->buffer, 0, sizeof(c->buffer)); memset(c->partial_block, 0, sizeof(c->partial_block)); c->count = 0; @@ -732,30 +1510,30 @@ static int gost_imit_init_cp_12(EVP_MD_CTX *ctx) static void mac_block_mesh(struct ossl_gost_imit_ctx *c, const unsigned char *data) { - unsigned char buffer[8]; /* - * We are using local buffer for iv because CryptoPro doesn't interpret + * We are using NULL for iv because CryptoPro doesn't interpret * internal state of MAC algorithm as iv during keymeshing (but does * initialize internal state from iv in key transport */ assert(c->count % 8 == 0 && c->count <= 1024); if (c->key_meshing && c->count == 1024) { - cryptopro_key_meshing(&(c->cctx), buffer); + cryptopro_key_meshing(&(c->cctx), NULL); } mac_block(&(c->cctx), c->buffer, data); c->count = c->count % 1024 + 8; } -int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count) +static int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - struct ossl_gost_imit_ctx *c = ctx->md_data; + struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx); const unsigned char *p = data; - size_t bytes = count, i; + size_t bytes = count; if (!(c->key_set)) { GOSTerr(GOST_F_GOST_IMIT_UPDATE, GOST_R_MAC_KEY_NOT_SET); return 0; } if (c->bytes_left) { + size_t i; for (i = c->bytes_left; i < 8 && bytes > 0; bytes--, i++, p++) { c->partial_block[i] = *p; } @@ -778,9 +1556,9 @@ int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count) return 1; } -int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md) +static int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md) { - struct ossl_gost_imit_ctx *c = ctx->md_data; + struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx); if (!c->key_set) { GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET); return 0; @@ -801,7 +1579,7 @@ int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md) return 1; } -int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) +static int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) { switch (type) { case EVP_MD_CTRL_KEY_LEN: @@ -809,20 +1587,19 @@ int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) return 1; case EVP_MD_CTRL_SET_KEY: { - struct ossl_gost_imit_ctx *gost_imit_ctx = ctx->md_data; + struct ossl_gost_imit_ctx *gost_imit_ctx = EVP_MD_CTX_md_data(ctx); - if (ctx->digest->init(ctx) <= 0) { + if (EVP_MD_meth_get_init(EVP_MD_CTX_md(ctx)) (ctx) <= 0) { GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_MAC_KEY_NOT_SET); return 0; } - ctx->flags |= EVP_MD_CTX_FLAG_NO_INIT; + EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NO_INIT); if (arg == 0) { struct gost_mac_key *key = (struct gost_mac_key *)ptr; if (key->mac_param_nid != NID_undef) { const struct gost_cipher_info *param = - get_encryption_params(OBJ_nid2obj - (key->mac_param_nid)); + get_encryption_params(OBJ_nid2obj(key->mac_param_nid)); if (param == NULL) { GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_PARAMS); @@ -842,9 +1619,9 @@ int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_SIZE); return 0; } - case EVP_MD_CTRL_MAC_LEN: + case EVP_MD_CTRL_XOF_LEN: { - struct ossl_gost_imit_ctx *c = ctx->md_data; + struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx); if (arg < 1 || arg > 8) { GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_SIZE); return 0; @@ -858,15 +1635,19 @@ int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) } } -int gost_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) +static int gost_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) { - memcpy(to->md_data, from->md_data, sizeof(struct ossl_gost_imit_ctx)); + if (EVP_MD_CTX_md_data(to) && EVP_MD_CTX_md_data(from)) { + memcpy(EVP_MD_CTX_md_data(to), EVP_MD_CTX_md_data(from), + sizeof(struct ossl_gost_imit_ctx)); + } return 1; } /* Clean up imit ctx */ -int gost_imit_cleanup(EVP_MD_CTX *ctx) +static int gost_imit_cleanup(EVP_MD_CTX *ctx) { - memset(ctx->md_data, 0, sizeof(struct ossl_gost_imit_ctx)); + memset(EVP_MD_CTX_md_data(ctx), 0, sizeof(struct ossl_gost_imit_ctx)); return 1; } +/* vim: set expandtab cinoptions=\:0,l1,t0,g0,(0 sw=4 : */