1 /**********************************************************************
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
6 * OpenSSL interface to GOST 28147-89 cipher functions *
7 * Requires OpenSSL 0.9.9 for compilation *
8 **********************************************************************/
11 #include <openssl/err.h>
12 #include <openssl/rand.h>
13 #include "e_gost_err.h"
16 #if !defined(CCGOST_DEBUG) && !defined(DEBUG)
23 static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
24 const unsigned char *iv, int enc);
25 static int gost_cipher_init_cbc(EVP_CIPHER_CTX *ctx, const unsigned char *key,
26 const unsigned char *iv, int enc);
27 static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
28 const unsigned char *iv, int enc);
29 static int gost_cipher_init_cp_12(EVP_CIPHER_CTX *ctx,
30 const unsigned char *key,
31 const unsigned char *iv, int enc);
32 /* Handles block of data in CFB mode */
33 static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
34 const unsigned char *in, size_t inl);
35 /* Handles block of data in CBC mode */
36 static int gost_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
37 const unsigned char *in, size_t inl);
38 /* Handles block of data in CNT mode */
39 static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
40 const unsigned char *in, size_t inl);
41 /* Cleanup function */
42 static int gost_cipher_cleanup(EVP_CIPHER_CTX *);
43 /* set/get cipher parameters */
44 static int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params);
45 static int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params);
46 /* Control function */
47 static int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
49 static EVP_CIPHER *_hidden_Gost28147_89_cipher = NULL;
50 const EVP_CIPHER *cipher_gost(void)
52 if (_hidden_Gost28147_89_cipher == NULL
53 && ((_hidden_Gost28147_89_cipher =
54 EVP_CIPHER_meth_new(NID_id_Gost28147_89, 1 /* block_size */ ,
55 32 /* key_size */ )) == NULL
56 || !EVP_CIPHER_meth_set_iv_length(_hidden_Gost28147_89_cipher, 8)
57 || !EVP_CIPHER_meth_set_flags(_hidden_Gost28147_89_cipher,
62 EVP_CIPH_ALWAYS_CALL_INIT)
63 || !EVP_CIPHER_meth_set_init(_hidden_Gost28147_89_cipher,
65 || !EVP_CIPHER_meth_set_do_cipher(_hidden_Gost28147_89_cipher,
67 || !EVP_CIPHER_meth_set_cleanup(_hidden_Gost28147_89_cipher,
69 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_Gost28147_89_cipher,
71 ossl_gost_cipher_ctx))
73 !EVP_CIPHER_meth_set_set_asn1_params(_hidden_Gost28147_89_cipher,
74 gost89_set_asn1_parameters)
76 !EVP_CIPHER_meth_set_get_asn1_params(_hidden_Gost28147_89_cipher,
77 gost89_get_asn1_parameters)
78 || !EVP_CIPHER_meth_set_ctrl(_hidden_Gost28147_89_cipher,
80 EVP_CIPHER_meth_free(_hidden_Gost28147_89_cipher);
81 _hidden_Gost28147_89_cipher = NULL;
83 return _hidden_Gost28147_89_cipher;
86 static EVP_CIPHER *_hidden_Gost28147_89_cbc = NULL;
87 const EVP_CIPHER *cipher_gost_cbc(void)
89 if (_hidden_Gost28147_89_cbc == NULL
90 && ((_hidden_Gost28147_89_cbc =
91 EVP_CIPHER_meth_new(NID_gost89_cbc, 8 /* block_size */ ,
92 32 /* key_size */ )) == NULL
93 || !EVP_CIPHER_meth_set_iv_length(_hidden_Gost28147_89_cbc, 8)
94 || !EVP_CIPHER_meth_set_flags(_hidden_Gost28147_89_cbc,
98 EVP_CIPH_ALWAYS_CALL_INIT)
99 || !EVP_CIPHER_meth_set_init(_hidden_Gost28147_89_cbc,
100 gost_cipher_init_cbc)
101 || !EVP_CIPHER_meth_set_do_cipher(_hidden_Gost28147_89_cbc,
103 || !EVP_CIPHER_meth_set_cleanup(_hidden_Gost28147_89_cbc,
105 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_Gost28147_89_cbc,
107 ossl_gost_cipher_ctx))
108 || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_Gost28147_89_cbc,
109 gost89_set_asn1_parameters)
110 || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_Gost28147_89_cbc,
111 gost89_get_asn1_parameters)
112 || !EVP_CIPHER_meth_set_ctrl(_hidden_Gost28147_89_cbc,
114 EVP_CIPHER_meth_free(_hidden_Gost28147_89_cbc);
115 _hidden_Gost28147_89_cbc = NULL;
117 return _hidden_Gost28147_89_cbc;
120 static EVP_CIPHER *_hidden_gost89_cnt = NULL;
121 const EVP_CIPHER *cipher_gost_cpacnt(void)
123 if (_hidden_gost89_cnt == NULL
124 && ((_hidden_gost89_cnt =
125 EVP_CIPHER_meth_new(NID_gost89_cnt, 1 /* block_size */ ,
126 32 /* key_size */ )) == NULL
127 || !EVP_CIPHER_meth_set_iv_length(_hidden_gost89_cnt, 8)
128 || !EVP_CIPHER_meth_set_flags(_hidden_gost89_cnt,
130 EVP_CIPH_NO_PADDING |
133 EVP_CIPH_ALWAYS_CALL_INIT)
134 || !EVP_CIPHER_meth_set_init(_hidden_gost89_cnt,
135 gost_cipher_init_cpa)
136 || !EVP_CIPHER_meth_set_do_cipher(_hidden_gost89_cnt,
138 || !EVP_CIPHER_meth_set_cleanup(_hidden_gost89_cnt,
140 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_gost89_cnt,
142 ossl_gost_cipher_ctx))
143 || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_gost89_cnt,
144 gost89_set_asn1_parameters)
145 || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_gost89_cnt,
146 gost89_get_asn1_parameters)
147 || !EVP_CIPHER_meth_set_ctrl(_hidden_gost89_cnt,
149 EVP_CIPHER_meth_free(_hidden_gost89_cnt);
150 _hidden_gost89_cnt = NULL;
152 return _hidden_gost89_cnt;
155 static EVP_CIPHER *_hidden_gost89_cnt_12 = NULL;
156 const EVP_CIPHER *cipher_gost_cpcnt_12(void)
158 if (_hidden_gost89_cnt_12 == NULL
159 && ((_hidden_gost89_cnt_12 =
160 EVP_CIPHER_meth_new(NID_gost89_cnt_12, 1 /* block_size */ ,
161 32 /* key_size */ )) == NULL
162 || !EVP_CIPHER_meth_set_iv_length(_hidden_gost89_cnt_12, 8)
163 || !EVP_CIPHER_meth_set_flags(_hidden_gost89_cnt_12,
165 EVP_CIPH_NO_PADDING |
168 EVP_CIPH_ALWAYS_CALL_INIT)
169 || !EVP_CIPHER_meth_set_init(_hidden_gost89_cnt_12,
170 gost_cipher_init_cp_12)
171 || !EVP_CIPHER_meth_set_do_cipher(_hidden_gost89_cnt_12,
173 || !EVP_CIPHER_meth_set_cleanup(_hidden_gost89_cnt_12,
175 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_gost89_cnt_12,
177 ossl_gost_cipher_ctx))
178 || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_gost89_cnt_12,
179 gost89_set_asn1_parameters)
180 || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_gost89_cnt_12,
181 gost89_get_asn1_parameters)
182 || !EVP_CIPHER_meth_set_ctrl(_hidden_gost89_cnt_12,
184 EVP_CIPHER_meth_free(_hidden_gost89_cnt_12);
185 _hidden_gost89_cnt_12 = NULL;
187 return _hidden_gost89_cnt_12;
190 void cipher_gost_destroy(void)
192 EVP_CIPHER_meth_free(_hidden_Gost28147_89_cipher);
193 _hidden_Gost28147_89_cipher = NULL;
194 EVP_CIPHER_meth_free(_hidden_gost89_cnt);
195 _hidden_gost89_cnt = NULL;
196 EVP_CIPHER_meth_free(_hidden_Gost28147_89_cbc);
197 _hidden_Gost28147_89_cbc = NULL;
198 EVP_CIPHER_meth_free(_hidden_gost89_cnt_12);
199 _hidden_gost89_cnt_12 = NULL;
202 /* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */
203 /* Init functions which set specific parameters */
204 static int gost_imit_init_cpa(EVP_MD_CTX *ctx);
205 static int gost_imit_init_cp_12(EVP_MD_CTX *ctx);
206 /* process block of data */
207 static int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count);
208 /* Return computed value */
209 static int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md);
211 static int gost_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
212 static int gost_imit_cleanup(EVP_MD_CTX *ctx);
213 /* Control function, knows how to set MAC key.*/
214 static int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr);
216 static EVP_MD *_hidden_Gost28147_89_MAC_md = NULL;
217 static EVP_MD *_hidden_Gost28147_89_12_MAC_md = NULL;
219 EVP_MD *imit_gost_cpa(void)
221 if (_hidden_Gost28147_89_MAC_md == NULL) {
224 if ((md = EVP_MD_meth_new(NID_id_Gost28147_89_MAC, NID_undef)) == NULL
225 || !EVP_MD_meth_set_result_size(md, 4)
226 || !EVP_MD_meth_set_input_blocksize(md, 8)
227 || !EVP_MD_meth_set_app_datasize(md,
230 || !EVP_MD_meth_set_flags(md, 0)
231 || !EVP_MD_meth_set_init(md, gost_imit_init_cpa)
232 || !EVP_MD_meth_set_update(md, gost_imit_update)
233 || !EVP_MD_meth_set_final(md, gost_imit_final)
234 || !EVP_MD_meth_set_copy(md, gost_imit_copy)
235 || !EVP_MD_meth_set_cleanup(md, gost_imit_cleanup)
236 || !EVP_MD_meth_set_ctrl(md, gost_imit_ctrl)) {
237 EVP_MD_meth_free(md);
240 _hidden_Gost28147_89_MAC_md = md;
242 return _hidden_Gost28147_89_MAC_md;
245 void imit_gost_cpa_destroy(void)
247 EVP_MD_meth_free(_hidden_Gost28147_89_MAC_md);
248 _hidden_Gost28147_89_MAC_md = NULL;
251 EVP_MD *imit_gost_cp_12(void)
253 if (_hidden_Gost28147_89_12_MAC_md == NULL) {
256 if ((md = EVP_MD_meth_new(NID_gost_mac_12, NID_undef)) == NULL
257 || !EVP_MD_meth_set_result_size(md, 4)
258 || !EVP_MD_meth_set_input_blocksize(md, 8)
259 || !EVP_MD_meth_set_app_datasize(md,
262 || !EVP_MD_meth_set_flags(md, 0)
263 || !EVP_MD_meth_set_init(md, gost_imit_init_cp_12)
264 || !EVP_MD_meth_set_update(md, gost_imit_update)
265 || !EVP_MD_meth_set_final(md, gost_imit_final)
266 || !EVP_MD_meth_set_copy(md, gost_imit_copy)
267 || !EVP_MD_meth_set_cleanup(md, gost_imit_cleanup)
268 || !EVP_MD_meth_set_ctrl(md, gost_imit_ctrl)) {
269 EVP_MD_meth_free(md);
272 _hidden_Gost28147_89_12_MAC_md = md;
274 return _hidden_Gost28147_89_12_MAC_md;
277 void imit_gost_cp_12_destroy(void)
279 EVP_MD_meth_free(_hidden_Gost28147_89_12_MAC_md);
280 _hidden_Gost28147_89_12_MAC_md = NULL;
284 * Correspondence between gost parameter OIDs and substitution blocks
285 * NID field is filed by register_gost_NID function in engine.c
286 * upon engine initialization
289 struct gost_cipher_info gost_cipher_list[] = {
296 * {NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0},
298 {NID_id_Gost28147_89_CryptoPro_A_ParamSet, &Gost28147_CryptoProParamSetA,
300 {NID_id_Gost28147_89_CryptoPro_B_ParamSet, &Gost28147_CryptoProParamSetB,
302 {NID_id_Gost28147_89_CryptoPro_C_ParamSet, &Gost28147_CryptoProParamSetC,
304 {NID_id_Gost28147_89_CryptoPro_D_ParamSet, &Gost28147_CryptoProParamSetD,
306 {NID_id_tc26_gost_28147_param_Z, &Gost28147_TC26ParamSetZ, 1},
307 {NID_id_Gost28147_89_TestParamSet, &Gost28147_TestParamSet, 1},
312 * get encryption parameters from crypto network settings FIXME For now we
313 * use environment var CRYPT_PARAMS as place to store these settings.
314 * Actually, it is better to use engine control command, read from
315 * configuration file to set them
317 const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj)
320 struct gost_cipher_info *param;
322 const char *params = get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS);
323 if (!params || !strlen(params)) {
325 for (i = 0; gost_cipher_list[i].nid != NID_undef; i++)
326 if (gost_cipher_list[i].nid == NID_id_tc26_gost_28147_param_Z)
327 return &gost_cipher_list[i];
328 return &gost_cipher_list[0];
331 nid = OBJ_txt2nid(params);
332 if (nid == NID_undef) {
333 GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS,
334 GOST_R_INVALID_CIPHER_PARAM_OID);
338 nid = OBJ_obj2nid(obj);
340 for (param = gost_cipher_list; param->sblock != NULL && param->nid != nid;
342 if (!param->sblock) {
343 GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS, GOST_R_INVALID_CIPHER_PARAMS);
349 /* Sets cipher param from paramset NID. */
350 static int gost_cipher_set_param(struct ossl_gost_cipher_ctx *c, int nid)
352 const struct gost_cipher_info *param;
354 get_encryption_params((nid == NID_undef ? NULL : OBJ_nid2obj(nid)));
358 c->paramNID = param->nid;
359 c->key_meshing = param->key_meshing;
361 gost_init(&(c->cctx), param->sblock);
365 /* Initializes EVP_CIPHER_CTX by paramset NID */
366 static int gost_cipher_init_param(EVP_CIPHER_CTX *ctx,
367 const unsigned char *key,
368 const unsigned char *iv, int enc,
369 int paramNID, int mode)
371 struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
372 if (EVP_CIPHER_CTX_get_app_data(ctx) == NULL) {
373 if (!gost_cipher_set_param(c, paramNID))
375 EVP_CIPHER_CTX_set_app_data(ctx, EVP_CIPHER_CTX_get_cipher_data(ctx));
378 gost_key(&(c->cctx), key);
380 memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv,
381 EVP_CIPHER_CTX_iv_length(ctx));
383 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx),
384 EVP_CIPHER_CTX_original_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx));
388 static int gost_cipher_init_cnt(EVP_CIPHER_CTX *ctx,
389 const unsigned char *key,
390 const unsigned char *iv,
391 gost_subst_block * block)
393 struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
394 gost_init(&(c->cctx), block);
398 gost_key(&(c->cctx), key);
400 memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv,
401 EVP_CIPHER_CTX_iv_length(ctx));
403 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx),
404 EVP_CIPHER_CTX_original_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx));
408 static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
409 const unsigned char *iv, int enc)
411 return gost_cipher_init_cnt(ctx, key, iv, &Gost28147_CryptoProParamSetA);
414 static int gost_cipher_init_cp_12(EVP_CIPHER_CTX *ctx,
415 const unsigned char *key,
416 const unsigned char *iv, int enc)
418 return gost_cipher_init_cnt(ctx, key, iv, &Gost28147_TC26ParamSetZ);
421 /* Initializes EVP_CIPHER_CTX with default values */
422 int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
423 const unsigned char *iv, int enc)
425 return gost_cipher_init_param(ctx, key, iv, enc, NID_undef,
429 /* Initializes EVP_CIPHER_CTX with default values */
430 int gost_cipher_init_cbc(EVP_CIPHER_CTX *ctx, const unsigned char *key,
431 const unsigned char *iv, int enc)
433 return gost_cipher_init_param(ctx, key, iv, enc, NID_undef,
438 * Wrapper around gostcrypt function from gost89.c which perform key meshing
441 static void gost_crypt_mesh(void *ctx, unsigned char *iv, unsigned char *buf)
443 struct ossl_gost_cipher_ctx *c = ctx;
444 assert(c->count % 8 == 0 && c->count <= 1024);
445 if (c->key_meshing && c->count == 1024) {
446 cryptopro_key_meshing(&(c->cctx), iv);
448 gostcrypt(&(c->cctx), iv, buf);
449 c->count = c->count % 1024 + 8;
452 static void gost_cnt_next(void *ctx, unsigned char *iv, unsigned char *buf)
454 struct ossl_gost_cipher_ctx *c = ctx;
456 unsigned char buf1[8];
457 assert(c->count % 8 == 0 && c->count <= 1024);
458 if (c->key_meshing && c->count == 1024) {
459 cryptopro_key_meshing(&(c->cctx), iv);
462 gostcrypt(&(c->cctx), iv, buf1);
466 g = buf1[0] | (buf1[1] << 8) | (buf1[2] << 16) | ((word32) buf1[3] << 24);
468 buf1[0] = (unsigned char)(g & 0xff);
469 buf1[1] = (unsigned char)((g >> 8) & 0xff);
470 buf1[2] = (unsigned char)((g >> 16) & 0xff);
471 buf1[3] = (unsigned char)((g >> 24) & 0xff);
472 g = buf1[4] | (buf1[5] << 8) | (buf1[6] << 16) | ((word32) buf1[7] << 24);
475 if (go > g) /* overflow */
477 buf1[4] = (unsigned char)(g & 0xff);
478 buf1[5] = (unsigned char)((g >> 8) & 0xff);
479 buf1[6] = (unsigned char)((g >> 16) & 0xff);
480 buf1[7] = (unsigned char)((g >> 24) & 0xff);
482 gostcrypt(&(c->cctx), buf1, buf);
483 c->count = c->count % 1024 + 8;
486 /* GOST encryptoon in CBC mode */
487 int gost_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
488 const unsigned char *in, size_t inl)
491 const unsigned char *in_ptr = in;
492 unsigned char *out_ptr = out;
494 struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
495 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
496 OPENSSL_assert(inl % 8 == 0);
497 if (EVP_CIPHER_CTX_encrypting(ctx)) {
500 for (i = 0; i < 8; i++) {
501 b[i] = iv[i] ^ in_ptr[i];
503 gostcrypt(&(c->cctx), b, out_ptr);
504 memcpy(iv, out_ptr, 8);
511 gostdecrypt(&(c->cctx), in_ptr, b);
512 for (i = 0; i < 8; i++) {
513 out_ptr[i] = iv[i] ^ b[i];
515 memcpy(iv, in_ptr, 8);
524 /* GOST encryption in CFB mode */
525 int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
526 const unsigned char *in, size_t inl)
528 const unsigned char *in_ptr = in;
529 unsigned char *out_ptr = out;
532 unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
533 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
534 /* process partial block if any */
535 if (EVP_CIPHER_CTX_num(ctx)) {
536 for (j = EVP_CIPHER_CTX_num(ctx), i = 0; j < 8 && i < inl;
537 j++, i++, in_ptr++, out_ptr++) {
538 if (!EVP_CIPHER_CTX_encrypting(ctx))
539 buf[j + 8] = *in_ptr;
540 *out_ptr = buf[j] ^ (*in_ptr);
541 if (EVP_CIPHER_CTX_encrypting(ctx))
542 buf[j + 8] = *out_ptr;
545 memcpy(iv, buf + 8, 8);
546 EVP_CIPHER_CTX_set_num(ctx, 0);
548 EVP_CIPHER_CTX_set_num(ctx, j);
553 for (; i + 8 < inl; i += 8, in_ptr += 8, out_ptr += 8) {
555 * block cipher current iv
557 gost_crypt_mesh(EVP_CIPHER_CTX_get_cipher_data(ctx), iv, buf);
559 * xor next block of input text with it and output it
564 if (!EVP_CIPHER_CTX_encrypting(ctx))
565 memcpy(iv, in_ptr, 8);
566 for (j = 0; j < 8; j++) {
567 out_ptr[j] = buf[j] ^ in_ptr[j];
570 /* Next iv is next block of cipher text */
571 if (EVP_CIPHER_CTX_encrypting(ctx))
572 memcpy(iv, out_ptr, 8);
574 /* Process rest of buffer */
576 gost_crypt_mesh(EVP_CIPHER_CTX_get_cipher_data(ctx), iv, buf);
577 if (!EVP_CIPHER_CTX_encrypting(ctx))
578 memcpy(buf + 8, in_ptr, inl - i);
579 for (j = 0; i < inl; j++, i++) {
580 out_ptr[j] = buf[j] ^ in_ptr[j];
582 EVP_CIPHER_CTX_set_num(ctx, j);
583 if (EVP_CIPHER_CTX_encrypting(ctx))
584 memcpy(buf + 8, out_ptr, j);
586 EVP_CIPHER_CTX_set_num(ctx, 0);
591 static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
592 const unsigned char *in, size_t inl)
594 const unsigned char *in_ptr = in;
595 unsigned char *out_ptr = out;
598 unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
599 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
600 /* process partial block if any */
601 if (EVP_CIPHER_CTX_num(ctx)) {
602 for (j = EVP_CIPHER_CTX_num(ctx), i = 0; j < 8 && i < inl;
603 j++, i++, in_ptr++, out_ptr++) {
604 *out_ptr = buf[j] ^ (*in_ptr);
607 EVP_CIPHER_CTX_set_num(ctx, 0);
609 EVP_CIPHER_CTX_set_num(ctx, j);
614 for (; i + 8 < inl; i += 8, in_ptr += 8, out_ptr += 8) {
616 * block cipher current iv
619 gost_cnt_next(EVP_CIPHER_CTX_get_cipher_data(ctx), iv, buf);
621 * xor next block of input text with it and output it
626 for (j = 0; j < 8; j++) {
627 out_ptr[j] = buf[j] ^ in_ptr[j];
630 /* Process rest of buffer */
632 gost_cnt_next(EVP_CIPHER_CTX_get_cipher_data(ctx), iv, buf);
633 for (j = 0; i < inl; j++, i++) {
634 out_ptr[j] = buf[j] ^ in_ptr[j];
636 EVP_CIPHER_CTX_set_num(ctx, j);
638 EVP_CIPHER_CTX_set_num(ctx, 0);
643 /* Cleaning up of EVP_CIPHER_CTX */
644 int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx)
647 ((struct ossl_gost_cipher_ctx *)
648 EVP_CIPHER_CTX_get_cipher_data(ctx))->cctx);
649 EVP_CIPHER_CTX_set_app_data(ctx, NULL);
653 /* Control function for gost cipher */
654 int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
660 struct ossl_gost_cipher_ctx *c =
661 EVP_CIPHER_CTX_get_cipher_data(ctx);
665 return gost_cipher_set_param(c, arg);
668 case EVP_CTRL_RAND_KEY:
671 ((unsigned char *)ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0) {
672 GOSTerr(GOST_F_GOST_CIPHER_CTL, GOST_R_RNG_ERROR);
677 case EVP_CTRL_PBE_PRF_NID:
679 const char *params = get_gost_engine_param(GOST_PARAM_PBE_PARAMS);
680 int nid = NID_id_tc26_hmac_gost_3411_2012_512;
683 if (!strcmp("md_gost12_256", params))
684 nid = NID_id_tc26_hmac_gost_3411_2012_256;
685 else if (!strcmp("md_gost12_512", params))
686 nid = NID_id_tc26_hmac_gost_3411_2012_512;
687 else if (!strcmp("md_gost94", params))
688 nid = NID_id_HMACGostR3411_94;
696 case EVP_CTRL_SET_SBOX:
698 struct ossl_gost_cipher_ctx *c =
699 EVP_CIPHER_CTX_get_cipher_data(ctx);
712 nid = OBJ_txt2nid(ptr);
713 if (nid == NID_undef) {
717 cur_meshing = c->key_meshing;
718 ret = gost_cipher_set_param(c, nid);
719 c->key_meshing = cur_meshing;
724 case EVP_CTRL_KEY_MESH:
726 struct ossl_gost_cipher_ctx *c =
727 EVP_CIPHER_CTX_get_cipher_data(ctx);
737 c->key_meshing = arg;
741 GOSTerr(GOST_F_GOST_CIPHER_CTL,
742 GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND);
748 /* Set cipher parameters from ASN1 structure */
749 int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
752 unsigned char *buf = NULL;
753 unsigned char *p = NULL;
754 struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
755 GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();
756 ASN1_OCTET_STRING *os = NULL;
758 GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE);
761 if (!ASN1_OCTET_STRING_set
762 (gcp->iv, EVP_CIPHER_CTX_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx))) {
763 GOST_CIPHER_PARAMS_free(gcp);
764 GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE);
767 ASN1_OBJECT_free(gcp->enc_param_set);
768 gcp->enc_param_set = OBJ_nid2obj(c->paramNID);
770 len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);
771 p = buf = OPENSSL_malloc(len);
773 GOST_CIPHER_PARAMS_free(gcp);
774 GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE);
777 i2d_GOST_CIPHER_PARAMS(gcp, &p);
778 GOST_CIPHER_PARAMS_free(gcp);
780 os = ASN1_OCTET_STRING_new();
782 if (!os || !ASN1_OCTET_STRING_set(os, buf, len)) {
784 GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE);
789 ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
793 /* Store parameters into ASN1 structure */
794 int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
798 GOST_CIPHER_PARAMS *gcp = NULL;
800 struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx);
803 if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) {
807 p = params->value.sequence->data;
809 gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,
810 params->value.sequence->length);
812 len = gcp->iv->length;
813 if (len != EVP_CIPHER_CTX_iv_length(ctx)) {
814 GOST_CIPHER_PARAMS_free(gcp);
815 GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS, GOST_R_INVALID_IV_LENGTH);
819 nid = OBJ_obj2nid(gcp->enc_param_set);
820 if (nid == NID_undef) {
821 GOST_CIPHER_PARAMS_free(gcp);
822 GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS,
823 GOST_R_INVALID_CIPHER_PARAM_OID);
827 if (!gost_cipher_set_param(c, nid)) {
828 GOST_CIPHER_PARAMS_free(gcp);
831 /*XXX missing non-const accessor */
832 memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), gcp->iv->data,
833 EVP_CIPHER_CTX_iv_length(ctx));
835 GOST_CIPHER_PARAMS_free(gcp);
840 static int gost_imit_init(EVP_MD_CTX *ctx, gost_subst_block * block)
842 struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx);
843 memset(c->buffer, 0, sizeof(c->buffer));
844 memset(c->partial_block, 0, sizeof(c->partial_block));
849 gost_init(&(c->cctx), block);
853 static int gost_imit_init_cpa(EVP_MD_CTX *ctx)
855 return gost_imit_init(ctx, &Gost28147_CryptoProParamSetA);
858 static int gost_imit_init_cp_12(EVP_MD_CTX *ctx)
860 return gost_imit_init(ctx, &Gost28147_TC26ParamSetZ);
863 static void mac_block_mesh(struct ossl_gost_imit_ctx *c,
864 const unsigned char *data)
866 unsigned char buffer[8];
868 * We are using local buffer for iv because CryptoPro doesn't interpret
869 * internal state of MAC algorithm as iv during keymeshing (but does
870 * initialize internal state from iv in key transport
872 assert(c->count % 8 == 0 && c->count <= 1024);
873 if (c->key_meshing && c->count == 1024) {
874 cryptopro_key_meshing(&(c->cctx), buffer);
876 mac_block(&(c->cctx), c->buffer, data);
877 c->count = c->count % 1024 + 8;
880 int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count)
882 struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx);
883 const unsigned char *p = data;
884 size_t bytes = count, i;
886 GOSTerr(GOST_F_GOST_IMIT_UPDATE, GOST_R_MAC_KEY_NOT_SET);
890 for (i = c->bytes_left; i < 8 && bytes > 0; bytes--, i++, p++) {
891 c->partial_block[i] = *p;
894 mac_block_mesh(c, c->partial_block);
901 mac_block_mesh(c, p);
906 memcpy(c->partial_block, p, bytes);
908 c->bytes_left = bytes;
912 int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md)
914 struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx);
916 GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET);
919 if (c->count == 0 && c->bytes_left) {
920 unsigned char buffer[8];
921 memset(buffer, 0, 8);
922 gost_imit_update(ctx, buffer, 8);
926 for (i = c->bytes_left; i < 8; i++) {
927 c->partial_block[i] = 0;
929 mac_block_mesh(c, c->partial_block);
931 get_mac(c->buffer, 8 * c->dgst_size, md);
935 int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr)
938 case EVP_MD_CTRL_KEY_LEN:
939 *((unsigned int *)(ptr)) = 32;
941 case EVP_MD_CTRL_SET_KEY:
943 struct ossl_gost_imit_ctx *gost_imit_ctx =
944 EVP_MD_CTX_md_data(ctx);
946 if (EVP_MD_meth_get_init(EVP_MD_CTX_md(ctx)) (ctx) <= 0) {
947 GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_MAC_KEY_NOT_SET);
950 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NO_INIT);
953 struct gost_mac_key *key = (struct gost_mac_key *)ptr;
954 if (key->mac_param_nid != NID_undef) {
955 const struct gost_cipher_info *param =
956 get_encryption_params(OBJ_nid2obj
957 (key->mac_param_nid));
959 GOSTerr(GOST_F_GOST_IMIT_CTRL,
960 GOST_R_INVALID_MAC_PARAMS);
963 gost_init(&(gost_imit_ctx->cctx), param->sblock);
965 gost_key(&(gost_imit_ctx->cctx), key->key);
966 gost_imit_ctx->key_set = 1;
969 } else if (arg == 32) {
970 gost_key(&(gost_imit_ctx->cctx), ptr);
971 gost_imit_ctx->key_set = 1;
974 GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_SIZE);
977 case EVP_MD_CTRL_MAC_LEN:
979 struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx);
980 if (arg < 1 || arg > 8) {
981 GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_SIZE);
993 int gost_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
995 if (EVP_MD_CTX_md_data(to) && EVP_MD_CTX_md_data(from)) {
996 memcpy(EVP_MD_CTX_md_data(to), EVP_MD_CTX_md_data(from),
997 sizeof(struct ossl_gost_imit_ctx));
1002 /* Clean up imit ctx */
1003 int gost_imit_cleanup(EVP_MD_CTX *ctx)
1005 memset(EVP_MD_CTX_md_data(ctx), 0, sizeof(struct ossl_gost_imit_ctx));
projects / openssl-gost / engine.git / blob