tcl_tests: ca.try: Ignore openssl crl exit status for 'corrupted CRL' test

[openssl-gost/engine.git] / gost89.c

diff --git a/gost89.c b/gost89.c
index f940dab384b57cd0ca3ca76400077a498cb49ac5..c103e72844cda6ccb4e74b8c892069543e1a0fd5 100644 (file)
--- a/gost89.c
+++ b/gost89.c
@@ -328,6 +328,60 @@ void gostcrypt(gost_ctx * c, const byte * in, byte * out)
     out[7] = (byte) (n1 >> 24);
 }
 
+/* Low-level encryption routine - encrypts one 64 bit block*/
+void magmacrypt(gost_ctx * c, const byte * in, byte * out)
+{
+    register word32 n1, n2;     /* As named in the GOST */
+    n1 = in[7-0] | (in[7-1] << 8) | (in[7-2] << 16) | ((word32) in[7-3] << 24);
+    n2 = in[7-4] | (in[7-5] << 8) | (in[7-6] << 16) | ((word32) in[7-7] << 24);
+    /* Instead of swapping halves, swap names each round */
+
+    n2 ^= f(c, n1 + c->key[0] + c->mask[0]);
+    n1 ^= f(c, n2 + c->key[1] + c->mask[1]);
+    n2 ^= f(c, n1 + c->key[2] + c->mask[2]);
+    n1 ^= f(c, n2 + c->key[3] + c->mask[3]);
+    n2 ^= f(c, n1 + c->key[4] + c->mask[4]);
+    n1 ^= f(c, n2 + c->key[5] + c->mask[5]);
+    n2 ^= f(c, n1 + c->key[6] + c->mask[6]);
+    n1 ^= f(c, n2 + c->key[7] + c->mask[7]);
+
+    n2 ^= f(c, n1 + c->key[0] + c->mask[0]);
+    n1 ^= f(c, n2 + c->key[1] + c->mask[1]);
+    n2 ^= f(c, n1 + c->key[2] + c->mask[2]);
+    n1 ^= f(c, n2 + c->key[3] + c->mask[3]);
+    n2 ^= f(c, n1 + c->key[4] + c->mask[4]);
+    n1 ^= f(c, n2 + c->key[5] + c->mask[5]);
+    n2 ^= f(c, n1 + c->key[6] + c->mask[6]);
+    n1 ^= f(c, n2 + c->key[7] + c->mask[7]);
+
+    n2 ^= f(c, n1 + c->key[0] + c->mask[0]);
+    n1 ^= f(c, n2 + c->key[1] + c->mask[1]);
+    n2 ^= f(c, n1 + c->key[2] + c->mask[2]);
+    n1 ^= f(c, n2 + c->key[3] + c->mask[3]);
+    n2 ^= f(c, n1 + c->key[4] + c->mask[4]);
+    n1 ^= f(c, n2 + c->key[5] + c->mask[5]);
+    n2 ^= f(c, n1 + c->key[6] + c->mask[6]);
+    n1 ^= f(c, n2 + c->key[7] + c->mask[7]);
+
+    n2 ^= f(c, n1 + c->key[7] + c->mask[7]);
+    n1 ^= f(c, n2 + c->key[6] + c->mask[6]);
+    n2 ^= f(c, n1 + c->key[5] + c->mask[5]);
+    n1 ^= f(c, n2 + c->key[4] + c->mask[4]);
+    n2 ^= f(c, n1 + c->key[3] + c->mask[3]);
+    n1 ^= f(c, n2 + c->key[2] + c->mask[2]);
+    n2 ^= f(c, n1 + c->key[1] + c->mask[1]);
+    n1 ^= f(c, n2 + c->key[0] + c->mask[0]);
+
+    out[7-0] = (byte) (n2 & 0xff);
+    out[7-1] = (byte) ((n2 >> 8) & 0xff);
+    out[7-2] = (byte) ((n2 >> 16) & 0xff);
+    out[7-3] = (byte) (n2 >> 24);
+    out[7-4] = (byte) (n1 & 0xff);
+    out[7-5] = (byte) ((n1 >> 8) & 0xff);
+    out[7-6] = (byte) ((n1 >> 16) & 0xff);
+    out[7-7] = (byte) (n1 >> 24);
+}
+
 /* Low-level decryption routine. Decrypts one 64-bit block */
 void gostdecrypt(gost_ctx * c, const byte * in, byte * out)
 {
@@ -381,6 +435,59 @@ void gostdecrypt(gost_ctx * c, const byte * in, byte * out)
     out[7] = (byte) (n1 >> 24);
 }
 
+/* Low-level decryption routine. Decrypts one 64-bit block */
+void magmadecrypt(gost_ctx * c, const byte * in, byte * out)
+{
+    register word32 n1, n2;     /* As named in the GOST */
+    n1 = in[7-0] | (in[7-1] << 8) | (in[7-2] << 16) | ((word32) in[7-3] << 24);
+    n2 = in[7-4] | (in[7-5] << 8) | (in[7-6] << 16) | ((word32) in[7-7] << 24);
+
+    n2 ^= f(c, n1 + c->key[0] + c->mask[0]);
+    n1 ^= f(c, n2 + c->key[1] + c->mask[1]);
+    n2 ^= f(c, n1 + c->key[2] + c->mask[2]);
+    n1 ^= f(c, n2 + c->key[3] + c->mask[3]);
+    n2 ^= f(c, n1 + c->key[4] + c->mask[4]);
+    n1 ^= f(c, n2 + c->key[5] + c->mask[5]);
+    n2 ^= f(c, n1 + c->key[6] + c->mask[6]);
+    n1 ^= f(c, n2 + c->key[7] + c->mask[7]);
+
+    n2 ^= f(c, n1 + c->key[7] + c->mask[7]);
+    n1 ^= f(c, n2 + c->key[6] + c->mask[6]);
+    n2 ^= f(c, n1 + c->key[5] + c->mask[5]);
+    n1 ^= f(c, n2 + c->key[4] + c->mask[4]);
+    n2 ^= f(c, n1 + c->key[3] + c->mask[3]);
+    n1 ^= f(c, n2 + c->key[2] + c->mask[2]);
+    n2 ^= f(c, n1 + c->key[1] + c->mask[1]);
+    n1 ^= f(c, n2 + c->key[0] + c->mask[0]);
+
+    n2 ^= f(c, n1 + c->key[7] + c->mask[7]);
+    n1 ^= f(c, n2 + c->key[6] + c->mask[6]);
+    n2 ^= f(c, n1 + c->key[5] + c->mask[5]);
+    n1 ^= f(c, n2 + c->key[4] + c->mask[4]);
+    n2 ^= f(c, n1 + c->key[3] + c->mask[3]);
+    n1 ^= f(c, n2 + c->key[2] + c->mask[2]);
+    n2 ^= f(c, n1 + c->key[1] + c->mask[1]);
+    n1 ^= f(c, n2 + c->key[0] + c->mask[0]);
+
+    n2 ^= f(c, n1 + c->key[7] + c->mask[7]);
+    n1 ^= f(c, n2 + c->key[6] + c->mask[6]);
+    n2 ^= f(c, n1 + c->key[5] + c->mask[5]);
+    n1 ^= f(c, n2 + c->key[4] + c->mask[4]);
+    n2 ^= f(c, n1 + c->key[3] + c->mask[3]);
+    n1 ^= f(c, n2 + c->key[2] + c->mask[2]);
+    n2 ^= f(c, n1 + c->key[1] + c->mask[1]);
+    n1 ^= f(c, n2 + c->key[0] + c->mask[0]);
+
+    out[7-0] = (byte) (n2 & 0xff);
+    out[7-1] = (byte) ((n2 >> 8) & 0xff);
+    out[7-2] = (byte) ((n2 >> 16) & 0xff);
+    out[7-3] = (byte) (n2 >> 24);
+    out[7-4] = (byte) (n1 & 0xff);
+    out[7-5] = (byte) ((n1 >> 8) & 0xff);
+    out[7-6] = (byte) ((n1 >> 16) & 0xff);
+    out[7-7] = (byte) (n1 >> 24);
+}
+
 
 /* Encrypts several blocks in ECB mode */
 void gost_enc(gost_ctx * c, const byte * clear, byte * cipher, int blocks)
@@ -444,15 +551,13 @@ void gost_dec_cfb(gost_ctx * ctx, const byte * iv, const byte * cipher,
 void gost_enc_with_key(gost_ctx * c, byte * key, byte * inblock,
                        byte * outblock)
 {
-    gost_key(c, key);
+    gost_key_nomask(c, key);
     gostcrypt(c, inblock, outblock);
 }
 
-/* Set 256 bit gost89 key into context */
-void gost_key(gost_ctx * c, const byte * k)
+static void gost_key_impl(gost_ctx * c, const byte * k)
 {
     int i, j;
-    RAND_bytes((unsigned char *)c->mask, sizeof(c->mask));
     for (i = 0, j = 0; i < 8; ++i, j += 4) {
         c->key[i] =
             (k[j] | (k[j + 1] << 8) | (k[j + 2] << 16) | ((word32) k[j + 3] <<
@@ -460,11 +565,25 @@ void gost_key(gost_ctx * c, const byte * k)
     }
 }
 
+/* Set 256 bit gost89 key into context */
+void gost_key(gost_ctx * c, const byte * k)
+{
+    RAND_priv_bytes((unsigned char *)c->mask, sizeof(c->mask));
+    gost_key_impl(c, k);
+}
+
+/* Set 256 bit gost89 key into context without key mask */
+void gost_key_nomask(gost_ctx * c, const byte * k)
+{
+    memset(c->mask, 0, sizeof(c->mask));
+    gost_key_impl(c, k);
+}
+
 /* Set 256 bit Magma key into context */
 void magma_key(gost_ctx * c, const byte * k)
 {
     int i, j;
-    RAND_bytes((unsigned char *)c->mask, sizeof(c->mask));
+    RAND_priv_bytes((unsigned char *)c->mask, sizeof(c->mask));
     for (i = 0, j = 0; i < 8; ++i, j += 4) {
         c->key[i] =
             (k[j + 3] | (k[j + 2] << 8) | (k[j + 1] << 16) | ((word32) k[j] <<
@@ -472,6 +591,10 @@ void magma_key(gost_ctx * c, const byte * k)
     }
 }
 
+void magma_master_key(gost_ctx *c, const byte *k) {
+    memcpy(c->master_key, k, sizeof(c->master_key));
+}
+
 /* Retrieve 256-bit gost89 key from context */
 void gost_get_key(gost_ctx * c, byte * k)
 {
@@ -508,6 +631,7 @@ void gost_init(gost_ctx * c, const gost_subst_block * b)
 /* Cleans up key from context */
 void gost_destroy(gost_ctx * c)
 {
+    OPENSSL_cleanse(c->master_key, sizeof(c->master_key));
     OPENSSL_cleanse(c->key, sizeof(c->key));
     OPENSSL_cleanse(c->mask, sizeof(c->mask));
 }
@@ -644,20 +768,11 @@ void cryptopro_key_meshing(gost_ctx * ctx, unsigned char *iv)
 void acpkm_magma_key_meshing(gost_ctx * ctx)
 {
     unsigned char newkey[32];
-    int i, j;
-
+    int i;
     for (i = 0; i < 4; i++) {
-        unsigned char buf[8], keybuf[8];
-        for (j = 0; j < 8; j++) {
-            buf[j] = ACPKM_D_const[8 * i + 7 - j];
-        }
-        gostcrypt(ctx, buf, keybuf);
-        memcpy(newkey + 8 * i, keybuf + 4, 4);
-        memcpy(newkey + 8 * i + 4, keybuf, 4);
-        OPENSSL_cleanse(keybuf, sizeof(keybuf));
-        OPENSSL_cleanse(buf, sizeof(buf));
+        magmacrypt(ctx, ACPKM_D_const + 8 * i, newkey + 8 * i);
     }
     /* set new key */
-    gost_key(ctx, newkey);
+    magma_key(ctx, newkey);
     OPENSSL_cleanse(newkey, sizeof(newkey));
 }