1 /**********************************************************************
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
6 * OpenSSL interface to GOST 28147-89 cipher functions *
7 * Requires OpenSSL 0.9.9 for compilation *
8 **********************************************************************/
11 #include <openssl/err.h>
12 #include <openssl/rand.h>
13 #include "e_gost_err.h"
16 #if !defined(CCGOST_DEBUG) && !defined(DEBUG)
23 static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
24 const unsigned char *iv, int enc);
25 static int gost_cipher_init_cbc(EVP_CIPHER_CTX *ctx, const unsigned char *key,
26 const unsigned char *iv, int enc);
27 static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
28 const unsigned char *iv, int enc);
29 static int gost_cipher_init_cp_12(EVP_CIPHER_CTX *ctx,
30 const unsigned char *key,
31 const unsigned char *iv, int enc);
32 /* Handles block of data in CFB mode */
33 static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
34 const unsigned char *in, size_t inl);
35 /* Handles block of data in CBC mode */
36 static int gost_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
37 const unsigned char *in, size_t inl);
38 /* Handles block of data in CNT mode */
39 static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
40 const unsigned char *in, size_t inl);
41 /* Cleanup function */
42 static int gost_cipher_cleanup(EVP_CIPHER_CTX *);
43 /* set/get cipher parameters */
44 static int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params);
45 static int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params);
46 /* Control function */
47 static int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
49 static EVP_CIPHER *_hidden_Gost28147_89_cipher = NULL;
50 const EVP_CIPHER *cipher_gost(void)
52 if (_hidden_Gost28147_89_cipher == NULL
53 && ((_hidden_Gost28147_89_cipher =
54 EVP_CIPHER_meth_new(NID_id_Gost28147_89, 1 /* block_size */ ,
55 32 /* key_size */ )) == NULL
56 || !EVP_CIPHER_meth_set_iv_length(_hidden_Gost28147_89_cipher, 8)
57 || !EVP_CIPHER_meth_set_flags(_hidden_Gost28147_89_cipher,
62 EVP_CIPH_ALWAYS_CALL_INIT)
63 || !EVP_CIPHER_meth_set_init(_hidden_Gost28147_89_cipher,
65 || !EVP_CIPHER_meth_set_do_cipher(_hidden_Gost28147_89_cipher,
67 || !EVP_CIPHER_meth_set_cleanup(_hidden_Gost28147_89_cipher,
69 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_Gost28147_89_cipher,
71 ossl_gost_cipher_ctx))
73 !EVP_CIPHER_meth_set_set_asn1_params(_hidden_Gost28147_89_cipher,
74 gost89_set_asn1_parameters)
76 !EVP_CIPHER_meth_set_get_asn1_params(_hidden_Gost28147_89_cipher,
77 gost89_get_asn1_parameters)
78 || !EVP_CIPHER_meth_set_ctrl(_hidden_Gost28147_89_cipher,
80 EVP_CIPHER_meth_free(_hidden_Gost28147_89_cipher);
81 _hidden_Gost28147_89_cipher = NULL;
83 return _hidden_Gost28147_89_cipher;
86 static EVP_CIPHER *_hidden_Gost28147_89_cbc = NULL;
87 const EVP_CIPHER *cipher_gost_cbc(void)
89 if (_hidden_Gost28147_89_cbc == NULL
90 && ((_hidden_Gost28147_89_cbc =
91 EVP_CIPHER_meth_new(NID_gost89_cbc, 8 /* block_size */ ,
92 32 /* key_size */ )) == NULL
93 || !EVP_CIPHER_meth_set_iv_length(_hidden_Gost28147_89_cbc, 8)
94 || !EVP_CIPHER_meth_set_flags(_hidden_Gost28147_89_cbc,
98 EVP_CIPH_ALWAYS_CALL_INIT)
99 || !EVP_CIPHER_meth_set_init(_hidden_Gost28147_89_cbc,
100 gost_cipher_init_cbc)
101 || !EVP_CIPHER_meth_set_do_cipher(_hidden_Gost28147_89_cbc,
103 || !EVP_CIPHER_meth_set_cleanup(_hidden_Gost28147_89_cbc,
105 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_Gost28147_89_cbc,
107 ossl_gost_cipher_ctx))
108 || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_Gost28147_89_cbc,
109 gost89_set_asn1_parameters)
110 || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_Gost28147_89_cbc,
111 gost89_get_asn1_parameters)
112 || !EVP_CIPHER_meth_set_ctrl(_hidden_Gost28147_89_cbc,
114 EVP_CIPHER_meth_free(_hidden_Gost28147_89_cbc);
115 _hidden_Gost28147_89_cbc = NULL;
117 return _hidden_Gost28147_89_cbc;
120 static EVP_CIPHER *_hidden_gost89_cnt = NULL;
121 const EVP_CIPHER *cipher_gost_cpacnt(void)
123 if (_hidden_gost89_cnt == NULL
124 && ((_hidden_gost89_cnt =
125 EVP_CIPHER_meth_new(NID_gost89_cnt, 1 /* block_size */ ,
126 32 /* key_size */ )) == NULL
127 || !EVP_CIPHER_meth_set_iv_length(_hidden_gost89_cnt, 8)
128 || !EVP_CIPHER_meth_set_flags(_hidden_gost89_cnt,
130 EVP_CIPH_NO_PADDING |
133 EVP_CIPH_ALWAYS_CALL_INIT)
134 || !EVP_CIPHER_meth_set_init(_hidden_gost89_cnt,
135 gost_cipher_init_cpa)
136 || !EVP_CIPHER_meth_set_do_cipher(_hidden_gost89_cnt,
138 || !EVP_CIPHER_meth_set_cleanup(_hidden_gost89_cnt,
140 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_gost89_cnt,
142 ossl_gost_cipher_ctx))
143 || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_gost89_cnt,
144 gost89_set_asn1_parameters)
145 || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_gost89_cnt,
146 gost89_get_asn1_parameters)
147 || !EVP_CIPHER_meth_set_ctrl(_hidden_gost89_cnt,
149 EVP_CIPHER_meth_free(_hidden_gost89_cnt);
150 _hidden_gost89_cnt = NULL;
152 return _hidden_gost89_cnt;
155 static EVP_CIPHER *_hidden_gost89_cnt_12 = NULL;
156 const EVP_CIPHER *cipher_gost_cpcnt_12(void)
158 if (_hidden_gost89_cnt_12 == NULL
159 && ((_hidden_gost89_cnt_12 =
160 EVP_CIPHER_meth_new(NID_gost89_cnt_12, 1 /* block_size */ ,
161 32 /* key_size */ )) == NULL
162 || !EVP_CIPHER_meth_set_iv_length(_hidden_gost89_cnt_12, 8)
163 || !EVP_CIPHER_meth_set_flags(_hidden_gost89_cnt_12,
165 EVP_CIPH_NO_PADDING |
168 EVP_CIPH_ALWAYS_CALL_INIT)
169 || !EVP_CIPHER_meth_set_init(_hidden_gost89_cnt_12,
170 gost_cipher_init_cp_12)
171 || !EVP_CIPHER_meth_set_do_cipher(_hidden_gost89_cnt_12,
173 || !EVP_CIPHER_meth_set_cleanup(_hidden_gost89_cnt_12,
175 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_gost89_cnt_12,
177 ossl_gost_cipher_ctx))
178 || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_gost89_cnt_12,
179 gost89_set_asn1_parameters)
180 || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_gost89_cnt_12,
181 gost89_get_asn1_parameters)
182 || !EVP_CIPHER_meth_set_ctrl(_hidden_gost89_cnt_12,
184 EVP_CIPHER_meth_free(_hidden_gost89_cnt_12);
185 _hidden_gost89_cnt_12 = NULL;
187 return _hidden_gost89_cnt_12;
190 void cipher_gost_destroy(void)
192 EVP_CIPHER_meth_free(_hidden_Gost28147_89_cipher);
193 _hidden_Gost28147_89_cipher = NULL;
194 EVP_CIPHER_meth_free(_hidden_gost89_cnt);
195 _hidden_gost89_cnt = NULL;
196 EVP_CIPHER_meth_free(_hidden_Gost28147_89_cbc);
197 _hidden_Gost28147_89_cbc = NULL;
198 EVP_CIPHER_meth_free(_hidden_gost89_cnt_12);
199 _hidden_gost89_cnt_12 = NULL;
202 /* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */
203 /* Init functions which set specific parameters */
204 static int gost_imit_init_cpa(EVP_MD_CTX *ctx);
205 static int gost_imit_init_cp_12(EVP_MD_CTX *ctx);
206 /* process block of data */
207 static int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count);
208 /* Return computed value */
209 static int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md);
211 static int gost_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
212 static int gost_imit_cleanup(EVP_MD_CTX *ctx);
213 /* Control function, knows how to set MAC key.*/
214 static int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr);
216 static EVP_MD *_hidden_Gost28147_89_MAC_md = NULL;
217 static EVP_MD *_hidden_Gost28147_89_12_MAC_md = NULL;
219 EVP_MD *imit_gost_cpa(void)
221 if (_hidden_Gost28147_89_MAC_md == NULL) {
224 if ((md = EVP_MD_meth_new(NID_id_Gost28147_89_MAC, NID_undef)) == NULL
225 || !EVP_MD_meth_set_result_size(md, 4)
226 || !EVP_MD_meth_set_input_blocksize(md, 8)
227 || !EVP_MD_meth_set_app_datasize(md,
230 || !EVP_MD_meth_set_flags(md, 0)
231 || !EVP_MD_meth_set_init(md, gost_imit_init_cpa)
232 || !EVP_MD_meth_set_update(md, gost_imit_update)
233 || !EVP_MD_meth_set_final(md, gost_imit_final)
234 || !EVP_MD_meth_set_copy(md, gost_imit_copy)
235 || !EVP_MD_meth_set_cleanup(md, gost_imit_cleanup)
236 || !EVP_MD_meth_set_ctrl(md, gost_imit_ctrl)) {
237 EVP_MD_meth_free(md);
240 _hidden_Gost28147_89_MAC_md = md;
242 return _hidden_Gost28147_89_MAC_md;
245 void imit_gost_cpa_destroy(void)
247 EVP_MD_meth_free(_hidden_Gost28147_89_MAC_md);
248 _hidden_Gost28147_89_MAC_md = NULL;
251 EVP_MD *imit_gost_cp_12(void)
253 if (_hidden_Gost28147_89_12_MAC_md == NULL) {
256 if ((md = EVP_MD_meth_new(NID_gost_mac_12, NID_undef)) == NULL
257 || !EVP_MD_meth_set_result_size(md, 4)
258 || !EVP_MD_meth_set_input_blocksize(md, 8)
259 || !EVP_MD_meth_set_app_datasize(md,
262 || !EVP_MD_meth_set_flags(md, 0)
263 || !EVP_MD_meth_set_init(md, gost_imit_init_cp_12)
264 || !EVP_MD_meth_set_update(md, gost_imit_update)
265 || !EVP_MD_meth_set_final(md, gost_imit_final)
266 || !EVP_MD_meth_set_copy(md, gost_imit_copy)
267 || !EVP_MD_meth_set_cleanup(md, gost_imit_cleanup)
268 || !EVP_MD_meth_set_ctrl(md, gost_imit_ctrl)) {
269 EVP_MD_meth_free(md);
272 _hidden_Gost28147_89_12_MAC_md = md;
274 return _hidden_Gost28147_89_12_MAC_md;
277 void imit_gost_cp_12_destroy(void)
279 EVP_MD_meth_free(_hidden_Gost28147_89_12_MAC_md);
280 _hidden_Gost28147_89_12_MAC_md = NULL;
284 * Correspondence between gost parameter OIDs and substitution blocks
285 * NID field is filed by register_gost_NID function in engine.c
286 * upon engine initialization
289 struct gost_cipher_info gost_cipher_list[] = {
296 * {NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0},
298 {NID_id_Gost28147_89_CryptoPro_A_ParamSet, &Gost28147_CryptoProParamSetA,
300 {NID_id_Gost28147_89_CryptoPro_B_ParamSet, &Gost28147_CryptoProParamSetB,
302 {NID_id_Gost28147_89_CryptoPro_C_ParamSet, &Gost28147_CryptoProParamSetC,
304 {NID_id_Gost28147_89_CryptoPro_D_ParamSet, &Gost28147_CryptoProParamSetD,
306 {NID_id_tc26_gost_28147_param_Z, &Gost28147_TC26ParamSetZ, 1},
307 {NID_id_Gost28147_89_TestParamSet, &Gost28147_TestParamSet, 1},
312 * get encryption parameters from crypto network settings FIXME For now we
313 * use environment var CRYPT_PARAMS as place to store these settings.
314 * Actually, it is better to use engine control command, read from
315 * configuration file to set them
317 const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj)
320 struct gost_cipher_info *param;
322 const char *params = get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS);
323 if (!params || !strlen(params)) {
325 for (i = 0; gost_cipher_list[i].nid != NID_undef; i++)
326 if (gost_cipher_list[i].nid == NID_id_tc26_gost_28147_param_Z)
327 return &gost_cipher_list[i];
328 return &gost_cipher_list[0];
331 nid = OBJ_txt2nid(params);
332 if (nid == NID_undef) {
333 GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS,
334 GOST_R_INVALID_CIPHER_PARAM_OID);
338 nid = OBJ_obj2nid(obj);
340 for (param = gost_cipher_list; param->sblock != NULL && param->nid != nid;
342 if (!param->sblock) {
343 GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS, GOST_R_INVALID_CIPHER_PARAMS);
349 /* Sets cipher param from paramset NID. */
350 static int gost_cipher_set_param(struct ossl_gost_cipher_ctx *c, int nid)
352 const struct gost_cipher_info *param;
354 get_encryption_params((nid == NID_undef ? NULL : OBJ_nid2obj(nid)));
358 c->paramNID = param->nid;
359 c->key_meshing = param->key_meshing;
361 gost_init(&(c->cctx), param->sblock);
365 /* Initializes EVP_CIPHER_CTX by paramset NID */
366 static int gost_cipher_init_param(EVP_CIPHER_CTX *ctx,
367 const unsigned char *key,
368 const unsigned char *iv, int enc,
369 int paramNID, int mode)
371 struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
372 if (EVP_CIPHER_CTX_get_app_data(ctx) == NULL) {
373 if (!gost_cipher_set_param(c, paramNID))
375 EVP_CIPHER_CTX_set_app_data(ctx, EVP_CIPHER_CTX_get_cipher_data(ctx));
378 gost_key(&(c->cctx), key);
380 memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv,
381 EVP_CIPHER_CTX_iv_length(ctx));
383 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx),
384 EVP_CIPHER_CTX_original_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx));
388 static int gost_cipher_init_cnt(EVP_CIPHER_CTX *ctx,
389 const unsigned char *key,
390 const unsigned char *iv,
391 gost_subst_block * block)
393 struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
394 gost_init(&(c->cctx), block);
398 gost_key(&(c->cctx), key);
400 memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv,
401 EVP_CIPHER_CTX_iv_length(ctx));
403 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx),
404 EVP_CIPHER_CTX_original_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx));
408 static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
409 const unsigned char *iv, int enc)
411 return gost_cipher_init_cnt(ctx, key, iv, &Gost28147_CryptoProParamSetA);
414 static int gost_cipher_init_cp_12(EVP_CIPHER_CTX *ctx,
415 const unsigned char *key,
416 const unsigned char *iv, int enc)
418 return gost_cipher_init_cnt(ctx, key, iv, &Gost28147_TC26ParamSetZ);
421 /* Initializes EVP_CIPHER_CTX with default values */
422 int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
423 const unsigned char *iv, int enc)
425 return gost_cipher_init_param(ctx, key, iv, enc, NID_undef,
429 /* Initializes EVP_CIPHER_CTX with default values */
430 int gost_cipher_init_cbc(EVP_CIPHER_CTX *ctx, const unsigned char *key,
431 const unsigned char *iv, int enc)
433 return gost_cipher_init_param(ctx, key, iv, enc, NID_undef,
438 * Wrapper around gostcrypt function from gost89.c which perform key meshing
441 static void gost_crypt_mesh(void *ctx, unsigned char *iv, unsigned char *buf)
443 struct ossl_gost_cipher_ctx *c = ctx;
444 assert(c->count % 8 == 0 && c->count <= 1024);
445 if (c->key_meshing && c->count == 1024) {
446 cryptopro_key_meshing(&(c->cctx), iv);
448 gostcrypt(&(c->cctx), iv, buf);
449 c->count = c->count % 1024 + 8;
452 static void gost_cnt_next(void *ctx, unsigned char *iv, unsigned char *buf)
454 struct ossl_gost_cipher_ctx *c = ctx;
456 unsigned char buf1[8];
457 assert(c->count % 8 == 0 && c->count <= 1024);
458 if (c->key_meshing && c->count == 1024) {
459 cryptopro_key_meshing(&(c->cctx), iv);
462 gostcrypt(&(c->cctx), iv, buf1);
466 g = buf1[0] | (buf1[1] << 8) | (buf1[2] << 16) | ((word32) buf1[3] << 24);
468 buf1[0] = (unsigned char)(g & 0xff);
469 buf1[1] = (unsigned char)((g >> 8) & 0xff);
470 buf1[2] = (unsigned char)((g >> 16) & 0xff);
471 buf1[3] = (unsigned char)((g >> 24) & 0xff);
472 g = buf1[4] | (buf1[5] << 8) | (buf1[6] << 16) | ((word32) buf1[7] << 24);
475 if (go > g) /* overflow */
477 buf1[4] = (unsigned char)(g & 0xff);
478 buf1[5] = (unsigned char)((g >> 8) & 0xff);
479 buf1[6] = (unsigned char)((g >> 16) & 0xff);
480 buf1[7] = (unsigned char)((g >> 24) & 0xff);
482 gostcrypt(&(c->cctx), buf1, buf);
483 c->count = c->count % 1024 + 8;
486 /* GOST encryptoon in CBC mode */
487 int gost_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
488 const unsigned char *in, size_t inl)
491 const unsigned char *in_ptr = in;
492 unsigned char *out_ptr = out;
494 struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
495 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
496 if (EVP_CIPHER_CTX_encrypting(ctx)) {
499 for (i = 0; i < 8; i++) {
500 b[i] = iv[i] ^ in_ptr[i];
502 gostcrypt(&(c->cctx), b, out_ptr);
503 memcpy(iv, out_ptr, 8);
510 gostdecrypt(&(c->cctx), in_ptr, b);
511 for (i = 0; i < 8; i++) {
512 out_ptr[i] = iv[i] ^ b[i];
514 memcpy(iv, in_ptr, 8);
523 /* GOST encryption in CFB mode */
524 int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
525 const unsigned char *in, size_t inl)
527 const unsigned char *in_ptr = in;
528 unsigned char *out_ptr = out;
531 unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
532 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
533 /* process partial block if any */
534 if (EVP_CIPHER_CTX_num(ctx)) {
535 for (j = EVP_CIPHER_CTX_num(ctx), i = 0; j < 8 && i < inl;
536 j++, i++, in_ptr++, out_ptr++) {
537 if (!EVP_CIPHER_CTX_encrypting(ctx))
538 buf[j + 8] = *in_ptr;
539 *out_ptr = buf[j] ^ (*in_ptr);
540 if (EVP_CIPHER_CTX_encrypting(ctx))
541 buf[j + 8] = *out_ptr;
544 memcpy(iv, buf + 8, 8);
545 EVP_CIPHER_CTX_set_num(ctx, 0);
547 EVP_CIPHER_CTX_set_num(ctx, j);
552 for (; i + 8 < inl; i += 8, in_ptr += 8, out_ptr += 8) {
554 * block cipher current iv
556 gost_crypt_mesh(EVP_CIPHER_CTX_get_cipher_data(ctx), iv, buf);
558 * xor next block of input text with it and output it
563 if (!EVP_CIPHER_CTX_encrypting(ctx))
564 memcpy(iv, in_ptr, 8);
565 for (j = 0; j < 8; j++) {
566 out_ptr[j] = buf[j] ^ in_ptr[j];
569 /* Next iv is next block of cipher text */
570 if (EVP_CIPHER_CTX_encrypting(ctx))
571 memcpy(iv, out_ptr, 8);
573 /* Process rest of buffer */
575 gost_crypt_mesh(EVP_CIPHER_CTX_get_cipher_data(ctx), iv, buf);
576 if (!EVP_CIPHER_CTX_encrypting(ctx))
577 memcpy(buf + 8, in_ptr, inl - i);
578 for (j = 0; i < inl; j++, i++) {
579 out_ptr[j] = buf[j] ^ in_ptr[j];
581 EVP_CIPHER_CTX_set_num(ctx, j);
582 if (EVP_CIPHER_CTX_encrypting(ctx))
583 memcpy(buf + 8, out_ptr, j);
585 EVP_CIPHER_CTX_set_num(ctx, 0);
590 static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
591 const unsigned char *in, size_t inl)
593 const unsigned char *in_ptr = in;
594 unsigned char *out_ptr = out;
597 unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
598 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
599 /* process partial block if any */
600 if (EVP_CIPHER_CTX_num(ctx)) {
601 for (j = EVP_CIPHER_CTX_num(ctx), i = 0; j < 8 && i < inl;
602 j++, i++, in_ptr++, out_ptr++) {
603 *out_ptr = buf[j] ^ (*in_ptr);
606 EVP_CIPHER_CTX_set_num(ctx, 0);
608 EVP_CIPHER_CTX_set_num(ctx, j);
613 for (; i + 8 < inl; i += 8, in_ptr += 8, out_ptr += 8) {
615 * block cipher current iv
618 gost_cnt_next(EVP_CIPHER_CTX_get_cipher_data(ctx), iv, buf);
620 * xor next block of input text with it and output it
625 for (j = 0; j < 8; j++) {
626 out_ptr[j] = buf[j] ^ in_ptr[j];
629 /* Process rest of buffer */
631 gost_cnt_next(EVP_CIPHER_CTX_get_cipher_data(ctx), iv, buf);
632 for (j = 0; i < inl; j++, i++) {
633 out_ptr[j] = buf[j] ^ in_ptr[j];
635 EVP_CIPHER_CTX_set_num(ctx, j);
637 EVP_CIPHER_CTX_set_num(ctx, 0);
642 /* Cleaning up of EVP_CIPHER_CTX */
643 int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx)
646 ((struct ossl_gost_cipher_ctx *)
647 EVP_CIPHER_CTX_get_cipher_data(ctx))->cctx);
648 EVP_CIPHER_CTX_set_app_data(ctx, NULL);
652 /* Control function for gost cipher */
653 int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
659 struct ossl_gost_cipher_ctx *c =
660 EVP_CIPHER_CTX_get_cipher_data(ctx);
664 return gost_cipher_set_param(c, arg);
667 case EVP_CTRL_RAND_KEY:
670 ((unsigned char *)ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0) {
671 GOSTerr(GOST_F_GOST_CIPHER_CTL, GOST_R_RNG_ERROR);
676 case EVP_CTRL_PBE_PRF_NID:
678 const char *params = get_gost_engine_param(GOST_PARAM_PBE_PARAMS);
679 int nid = NID_id_tc26_hmac_gost_3411_2012_512;
682 if (!strcmp("md_gost12_256", params))
683 nid = NID_id_tc26_hmac_gost_3411_2012_256;
684 else if (!strcmp("md_gost12_512", params))
685 nid = NID_id_tc26_hmac_gost_3411_2012_512;
686 else if (!strcmp("md_gost94", params))
687 nid = NID_id_HMACGostR3411_94;
695 case EVP_CTRL_SET_SBOX:
697 struct ossl_gost_cipher_ctx *c =
698 EVP_CIPHER_CTX_get_cipher_data(ctx);
711 nid = OBJ_txt2nid(ptr);
712 if (nid == NID_undef) {
716 cur_meshing = c->key_meshing;
717 ret = gost_cipher_set_param(c, nid);
718 c->key_meshing = cur_meshing;
723 case EVP_CTRL_KEY_MESH:
725 struct ossl_gost_cipher_ctx *c =
726 EVP_CIPHER_CTX_get_cipher_data(ctx);
736 c->key_meshing = arg;
740 GOSTerr(GOST_F_GOST_CIPHER_CTL,
741 GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND);
747 /* Set cipher parameters from ASN1 structure */
748 int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
751 unsigned char *buf = NULL;
752 unsigned char *p = NULL;
753 struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
754 GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();
755 ASN1_OCTET_STRING *os = NULL;
757 GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE);
760 if (!ASN1_OCTET_STRING_set
761 (gcp->iv, EVP_CIPHER_CTX_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx))) {
762 GOST_CIPHER_PARAMS_free(gcp);
763 GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE);
766 ASN1_OBJECT_free(gcp->enc_param_set);
767 gcp->enc_param_set = OBJ_nid2obj(c->paramNID);
769 len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);
770 p = buf = OPENSSL_malloc(len);
772 GOST_CIPHER_PARAMS_free(gcp);
773 GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE);
776 i2d_GOST_CIPHER_PARAMS(gcp, &p);
777 GOST_CIPHER_PARAMS_free(gcp);
779 os = ASN1_OCTET_STRING_new();
781 if (!os || !ASN1_OCTET_STRING_set(os, buf, len)) {
783 GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE);
788 ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
792 /* Store parameters into ASN1 structure */
793 int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
797 GOST_CIPHER_PARAMS *gcp = NULL;
799 struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
802 if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) {
806 p = params->value.sequence->data;
808 gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,
809 params->value.sequence->length);
811 len = gcp->iv->length;
812 if (len != EVP_CIPHER_CTX_iv_length(ctx)) {
813 GOST_CIPHER_PARAMS_free(gcp);
814 GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS, GOST_R_INVALID_IV_LENGTH);
818 nid = OBJ_obj2nid(gcp->enc_param_set);
819 if (nid == NID_undef) {
820 GOST_CIPHER_PARAMS_free(gcp);
821 GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS,
822 GOST_R_INVALID_CIPHER_PARAM_OID);
826 if (!gost_cipher_set_param(c, nid)) {
827 GOST_CIPHER_PARAMS_free(gcp);
830 /*XXX missing non-const accessor */
831 memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), gcp->iv->data,
832 EVP_CIPHER_CTX_iv_length(ctx));
834 GOST_CIPHER_PARAMS_free(gcp);
839 static int gost_imit_init(EVP_MD_CTX *ctx, gost_subst_block * block)
841 struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx);
842 memset(c->buffer, 0, sizeof(c->buffer));
843 memset(c->partial_block, 0, sizeof(c->partial_block));
848 gost_init(&(c->cctx), block);
852 static int gost_imit_init_cpa(EVP_MD_CTX *ctx)
854 return gost_imit_init(ctx, &Gost28147_CryptoProParamSetA);
857 static int gost_imit_init_cp_12(EVP_MD_CTX *ctx)
859 return gost_imit_init(ctx, &Gost28147_TC26ParamSetZ);
862 static void mac_block_mesh(struct ossl_gost_imit_ctx *c,
863 const unsigned char *data)
865 unsigned char buffer[8];
867 * We are using local buffer for iv because CryptoPro doesn't interpret
868 * internal state of MAC algorithm as iv during keymeshing (but does
869 * initialize internal state from iv in key transport
871 assert(c->count % 8 == 0 && c->count <= 1024);
872 if (c->key_meshing && c->count == 1024) {
873 cryptopro_key_meshing(&(c->cctx), buffer);
875 mac_block(&(c->cctx), c->buffer, data);
876 c->count = c->count % 1024 + 8;
879 int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count)
881 struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx);
882 const unsigned char *p = data;
883 size_t bytes = count, i;
885 GOSTerr(GOST_F_GOST_IMIT_UPDATE, GOST_R_MAC_KEY_NOT_SET);
889 for (i = c->bytes_left; i < 8 && bytes > 0; bytes--, i++, p++) {
890 c->partial_block[i] = *p;
893 mac_block_mesh(c, c->partial_block);
900 mac_block_mesh(c, p);
905 memcpy(c->partial_block, p, bytes);
907 c->bytes_left = bytes;
911 int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md)
913 struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx);
915 GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET);
918 if (c->count == 0 && c->bytes_left) {
919 unsigned char buffer[8];
920 memset(buffer, 0, 8);
921 gost_imit_update(ctx, buffer, 8);
925 for (i = c->bytes_left; i < 8; i++) {
926 c->partial_block[i] = 0;
928 mac_block_mesh(c, c->partial_block);
930 get_mac(c->buffer, 8 * c->dgst_size, md);
934 int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr)
937 case EVP_MD_CTRL_KEY_LEN:
938 *((unsigned int *)(ptr)) = 32;
940 case EVP_MD_CTRL_SET_KEY:
942 struct ossl_gost_imit_ctx *gost_imit_ctx =
943 EVP_MD_CTX_md_data(ctx);
945 if (EVP_MD_meth_get_init(EVP_MD_CTX_md(ctx)) (ctx) <= 0) {
946 GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_MAC_KEY_NOT_SET);
949 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NO_INIT);
952 struct gost_mac_key *key = (struct gost_mac_key *)ptr;
953 if (key->mac_param_nid != NID_undef) {
954 const struct gost_cipher_info *param =
955 get_encryption_params(OBJ_nid2obj
956 (key->mac_param_nid));
958 GOSTerr(GOST_F_GOST_IMIT_CTRL,
959 GOST_R_INVALID_MAC_PARAMS);
962 gost_init(&(gost_imit_ctx->cctx), param->sblock);
964 gost_key(&(gost_imit_ctx->cctx), key->key);
965 gost_imit_ctx->key_set = 1;
968 } else if (arg == 32) {
969 gost_key(&(gost_imit_ctx->cctx), ptr);
970 gost_imit_ctx->key_set = 1;
973 GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_SIZE);
976 case EVP_MD_CTRL_MAC_LEN:
978 struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx);
979 if (arg < 1 || arg > 8) {
980 GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_SIZE);
992 int gost_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
994 if (EVP_MD_CTX_md_data(to) && EVP_MD_CTX_md_data(from)) {
995 memcpy(EVP_MD_CTX_md_data(to), EVP_MD_CTX_md_data(from),
996 sizeof(struct ossl_gost_imit_ctx));
1001 /* Clean up imit ctx */
1002 int gost_imit_cleanup(EVP_MD_CTX *ctx)
1004 memset(EVP_MD_CTX_md_data(ctx), 0, sizeof(struct ossl_gost_imit_ctx));
projects / openssl-gost / engine.git / blob