1 /**********************************************************************
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
6 * OpenSSL interface to GOST 28147-89 cipher functions *
7 * Requires OpenSSL 0.9.9 for compilation *
8 **********************************************************************/
11 #include <openssl/rand.h>
12 #include "e_gost_err.h"
15 #if !defined(CCGOST_DEBUG) && !defined(DEBUG)
22 static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
23 const unsigned char *iv, int enc);
24 static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
25 const unsigned char *iv, int enc);
26 /* Handles block of data in CFB mode */
27 static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
28 const unsigned char *in, size_t inl);
29 /* Handles block of data in CNT mode */
30 static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
31 const unsigned char *in, size_t inl);
32 /* Cleanup function */
33 static int gost_cipher_cleanup(EVP_CIPHER_CTX *);
34 /* set/get cipher parameters */
35 static int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params);
36 static int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params);
37 /* Control function */
38 static int gost_cipher_ctl(EVP_CIPHER_CTX *ctx,int type,int arg,void *ptr);
40 EVP_CIPHER cipher_gost =
46 EVP_CIPH_CFB_MODE| EVP_CIPH_NO_PADDING |
47 EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
51 sizeof(struct ossl_gost_cipher_ctx),/* ctx_size */
52 gost89_set_asn1_parameters,
53 gost89_get_asn1_parameters,
58 EVP_CIPHER cipher_gost_cpacnt =
64 EVP_CIPH_OFB_MODE| EVP_CIPH_NO_PADDING |
65 EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
69 sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */
70 gost89_set_asn1_parameters,
71 gost89_get_asn1_parameters,
76 /* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */
77 /* Init functions which set specific parameters */
78 static int gost_imit_init_cpa(EVP_MD_CTX *ctx);
79 /* process block of data */
80 static int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count);
81 /* Return computed value */
82 static int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md);
84 static int gost_imit_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from);
85 static int gost_imit_cleanup(EVP_MD_CTX *ctx);
86 /* Control function, knows how to set MAC key.*/
87 static int gost_imit_ctrl(EVP_MD_CTX *ctx,int type, int arg, void *ptr);
89 EVP_MD imit_gost_cpa =
91 NID_id_Gost28147_89_MAC,
104 sizeof(struct ossl_gost_imit_ctx),
109 * Correspondence between gost parameter OIDs and substitution blocks
110 * NID field is filed by register_gost_NID function in engine.c
111 * upon engine initialization
114 struct gost_cipher_info gost_cipher_list[]=
116 /* NID */ /* Subst block */ /* Key meshing*/
117 /*{NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0},*/
118 {NID_id_Gost28147_89_cc,&GostR3411_94_CryptoProParamSet,0},
119 {NID_id_Gost28147_89_CryptoPro_A_ParamSet,&Gost28147_CryptoProParamSetA,1},
120 {NID_id_Gost28147_89_CryptoPro_B_ParamSet,&Gost28147_CryptoProParamSetB,1},
121 {NID_id_Gost28147_89_CryptoPro_C_ParamSet,&Gost28147_CryptoProParamSetC,1},
122 {NID_id_Gost28147_89_CryptoPro_D_ParamSet,&Gost28147_CryptoProParamSetD,1},
123 {NID_id_Gost28147_89_TestParamSet,&Gost28147_TestParamSet,1},
127 /* get encryption parameters from crypto network settings
128 FIXME For now we use environment var CRYPT_PARAMS as place to
129 store these settings. Actually, it is better to use engine control command, read from configuration file to set them */
130 const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj)
133 struct gost_cipher_info *param;
136 const char * params = get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS);
137 if (!params || !strlen(params))
138 return &gost_cipher_list[1];
140 nid = OBJ_txt2nid(params);
141 if (nid == NID_undef)
143 GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS,
144 GOST_R_INVALID_CIPHER_PARAM_OID);
150 nid= OBJ_obj2nid(obj);
152 for (param=gost_cipher_list;param->sblock!=NULL && param->nid!=nid;
156 GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS,GOST_R_INVALID_CIPHER_PARAMS);
162 /* Sets cipher param from paramset NID. */
163 static int gost_cipher_set_param(struct ossl_gost_cipher_ctx *c,int nid)
165 const struct gost_cipher_info *param;
166 param=get_encryption_params((nid==NID_undef?NULL:OBJ_nid2obj(nid)));
167 if (!param) return 0;
169 c->paramNID = param->nid;
170 c->key_meshing=param->key_meshing;
172 gost_init(&(c->cctx), param->sblock);
176 /* Initializes EVP_CIPHER_CTX by paramset NID */
177 static int gost_cipher_init_param(EVP_CIPHER_CTX *ctx, const unsigned char *key,
178 const unsigned char *iv, int enc, int paramNID,int mode)
180 struct ossl_gost_cipher_ctx *c=ctx->cipher_data;
181 if (ctx->app_data == NULL)
183 if (!gost_cipher_set_param(c,paramNID)) return 0;
184 ctx->app_data = ctx->cipher_data;
186 if (key) gost_key(&(c->cctx),key);
187 if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
188 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
192 static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
193 const unsigned char *iv, int enc)
195 struct ossl_gost_cipher_ctx *c=ctx->cipher_data;
196 gost_init(&(c->cctx),&Gost28147_CryptoProParamSetA);
199 if(key) gost_key(&(c->cctx),key);
200 if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
201 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
205 /* Initializes EVP_CIPHER_CTX with default values */
206 int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
207 const unsigned char *iv, int enc)
209 return gost_cipher_init_param(ctx,key,iv,enc,NID_undef,EVP_CIPH_CFB_MODE);
211 /* Wrapper around gostcrypt function from gost89.c which perform
212 * key meshing when nesseccary
214 static void gost_crypt_mesh (void *ctx,unsigned char *iv,unsigned char *buf)
216 struct ossl_gost_cipher_ctx *c = ctx;
217 assert(c->count%8 == 0 && c->count <= 1024);
218 if (c->key_meshing && c->count==1024)
220 cryptopro_key_meshing(&(c->cctx),iv);
222 gostcrypt(&(c->cctx),iv,buf);
223 c->count = c->count%1024 + 8;
226 static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf)
228 struct ossl_gost_cipher_ctx *c = ctx;
230 unsigned char buf1[8];
231 assert(c->count%8 == 0 && c->count <= 1024);
232 if (c->key_meshing && c->count==1024)
234 cryptopro_key_meshing(&(c->cctx),iv);
238 gostcrypt(&(c->cctx),iv,buf1);
244 g = buf1[0]|(buf1[1]<<8)|(buf1[2]<<16)|(buf1[3]<<24);
246 buf1[0]=(unsigned char)(g&0xff);
247 buf1[1]=(unsigned char)((g>>8)&0xff);
248 buf1[2]=(unsigned char)((g>>16)&0xff);
249 buf1[3]=(unsigned char)((g>>24)&0xff);
250 g = buf1[4]|(buf1[5]<<8)|(buf1[6]<<16)|(buf1[7]<<24);
253 if (go > g) /* overflow*/
255 buf1[4]=(unsigned char)(g&0xff);
256 buf1[5]=(unsigned char)((g>>8)&0xff);
257 buf1[6]=(unsigned char)((g>>16)&0xff);
258 buf1[7]=(unsigned char)((g>>24)&0xff);
260 gostcrypt(&(c->cctx),buf1,buf);
261 c->count = c->count%1024 + 8;
264 /* GOST encryption in CFB mode */
265 int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
266 const unsigned char *in, size_t inl)
268 const unsigned char *in_ptr=in;
269 unsigned char *out_ptr=out;
272 /* process partial block if any */
275 for (j=ctx->num,i=0;j<8 && i<inl;j++,i++,in_ptr++,out_ptr++)
277 if (!ctx->encrypt) ctx->buf[j+8]=*in_ptr;
278 *out_ptr=ctx->buf[j]^(*in_ptr);
279 if (ctx->encrypt) ctx->buf[j+8]=*out_ptr;
283 memcpy(ctx->iv,ctx->buf+8,8);
293 for (;i+8<inl;i+=8,in_ptr+=8,out_ptr+=8)
295 /*block cipher current iv */
296 gost_crypt_mesh(ctx->cipher_data,ctx->iv,ctx->buf);
297 /*xor next block of input text with it and output it*/
298 /*output this block */
299 if (!ctx->encrypt) memcpy(ctx->iv,in_ptr,8);
302 out_ptr[j]=ctx->buf[j]^in_ptr[j];
305 /* Next iv is next block of cipher text*/
306 if (ctx->encrypt) memcpy(ctx->iv,out_ptr,8);
308 /* Process rest of buffer */
311 gost_crypt_mesh(ctx->cipher_data,ctx->iv,ctx->buf);
312 if (!ctx->encrypt) memcpy(ctx->buf+8,in_ptr,inl-i);
313 for (j=0;i<inl;j++,i++)
315 out_ptr[j]=ctx->buf[j]^in_ptr[j];
318 if (ctx->encrypt) memcpy(ctx->buf+8,out_ptr,j);
327 static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
328 const unsigned char *in, size_t inl)
330 const unsigned char *in_ptr=in;
331 unsigned char *out_ptr=out;
334 /* process partial block if any */
337 for (j=ctx->num,i=0;j<8 && i<inl;j++,i++,in_ptr++,out_ptr++)
339 *out_ptr=ctx->buf[j]^(*in_ptr);
352 for (;i+8<inl;i+=8,in_ptr+=8,out_ptr+=8)
354 /*block cipher current iv */
356 gost_cnt_next(ctx->cipher_data,ctx->iv,ctx->buf);
357 /*xor next block of input text with it and output it*/
358 /*output this block */
361 out_ptr[j]=ctx->buf[j]^in_ptr[j];
364 /* Process rest of buffer */
367 gost_cnt_next(ctx->cipher_data,ctx->iv,ctx->buf);
368 for (j=0;i<inl;j++,i++)
370 out_ptr[j]=ctx->buf[j]^in_ptr[j];
381 /* Cleaning up of EVP_CIPHER_CTX */
382 int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx)
384 gost_destroy(&((struct ossl_gost_cipher_ctx *)ctx->cipher_data)->cctx);
385 ctx->app_data = NULL;
389 /* Control function for gost cipher */
390 int gost_cipher_ctl(EVP_CIPHER_CTX *ctx,int type,int arg,void *ptr)
394 case EVP_CTRL_RAND_KEY:
396 if (RAND_bytes((unsigned char *)ptr,ctx->key_len)<=0)
398 GOSTerr(GOST_F_GOST_CIPHER_CTL,GOST_R_RANDOM_GENERATOR_ERROR);
403 case EVP_CTRL_PBE_PRF_NID:
405 *((int *)ptr)= NID_id_HMACGostR3411_94;
412 GOSTerr(GOST_F_GOST_CIPHER_CTL,GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND);
418 /* Set cipher parameters from ASN1 structure */
419 int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params)
422 unsigned char *buf=NULL;
423 unsigned char *p=NULL;
424 struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
425 GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();
426 ASN1_OCTET_STRING *os = NULL;
429 GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
432 if (!ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len))
434 GOST_CIPHER_PARAMS_free(gcp);
435 GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
438 ASN1_OBJECT_free(gcp->enc_param_set);
439 gcp->enc_param_set = OBJ_nid2obj(c->paramNID);
441 len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);
442 p = buf = (unsigned char*)OPENSSL_malloc(len);
445 GOST_CIPHER_PARAMS_free(gcp);
446 GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
449 i2d_GOST_CIPHER_PARAMS(gcp, &p);
450 GOST_CIPHER_PARAMS_free(gcp);
452 os = ASN1_OCTET_STRING_new();
454 if(!os || !ASN1_OCTET_STRING_set(os, buf, len))
457 GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
462 ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
466 /* Store parameters into ASN1 structure */
467 int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params)
471 GOST_CIPHER_PARAMS *gcp = NULL;
473 struct ossl_gost_cipher_ctx *c=ctx->cipher_data;
474 if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE)
479 p = params->value.sequence->data;
481 gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,
482 params->value.sequence->length);
484 len = gcp->iv->length;
485 if (len != ctx->cipher->iv_len)
487 GOST_CIPHER_PARAMS_free(gcp);
488 GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS,
489 GOST_R_INVALID_IV_LENGTH);
492 if (!gost_cipher_set_param(c,OBJ_obj2nid(gcp->enc_param_set)))
494 GOST_CIPHER_PARAMS_free(gcp);
497 memcpy(ctx->oiv, gcp->iv->data, len);
499 GOST_CIPHER_PARAMS_free(gcp);
505 int gost_imit_init_cpa(EVP_MD_CTX *ctx)
507 struct ossl_gost_imit_ctx *c = ctx->md_data;
508 memset(c->buffer,0,sizeof(c->buffer));
509 memset(c->partial_block,0,sizeof(c->partial_block));
513 gost_init(&(c->cctx),&Gost28147_CryptoProParamSetA);
517 static void mac_block_mesh(struct ossl_gost_imit_ctx *c,const unsigned char *data)
519 unsigned char buffer[8];
520 /* We are using local buffer for iv because CryptoPro doesn't
521 * interpret internal state of MAC algorithm as iv during keymeshing
522 * (but does initialize internal state from iv in key transport
524 assert(c->count%8 == 0 && c->count <= 1024);
525 if (c->key_meshing && c->count==1024)
527 cryptopro_key_meshing(&(c->cctx),buffer);
529 mac_block(&(c->cctx),c->buffer,data);
530 c->count = c->count%1024 + 8;
533 int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count)
535 struct ossl_gost_imit_ctx *c = ctx->md_data;
536 const unsigned char *p = data;
537 size_t bytes = count,i;
539 GOSTerr(GOST_F_GOST_IMIT_UPDATE, GOST_R_MAC_KEY_NOT_SET);
544 for (i=c->bytes_left;i<8&&bytes>0;bytes--,i++,p++)
546 c->partial_block[i]=*p;
550 mac_block_mesh(c,c->partial_block);
566 memcpy(c->partial_block,p,bytes);
572 int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md)
574 struct ossl_gost_imit_ctx *c = ctx->md_data;
576 GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET);
579 if (c->count==0 && c->bytes_left)
581 unsigned char buffer[8];
582 memset(buffer, 0, 8);
583 gost_imit_update(ctx, buffer, 8);
588 for (i=c->bytes_left;i<8;i++)
590 c->partial_block[i]=0;
592 mac_block_mesh(c,c->partial_block);
594 get_mac(c->buffer,32,md);
598 int gost_imit_ctrl(EVP_MD_CTX *ctx,int type, int arg, void *ptr)
602 case EVP_MD_CTRL_KEY_LEN:
603 *((unsigned int*)(ptr)) = 32;
605 case EVP_MD_CTRL_SET_KEY:
608 GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
612 gost_key(&(((struct ossl_gost_imit_ctx*)(ctx->md_data))->cctx),ptr) ;
613 ((struct ossl_gost_imit_ctx*)(ctx->md_data))->key_set = 1;
622 int gost_imit_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
624 memcpy(to->md_data,from->md_data,sizeof(struct ossl_gost_imit_ctx));
628 /* Clean up imit ctx */
629 int gost_imit_cleanup(EVP_MD_CTX *ctx)
631 memset(ctx->md_data,0,sizeof(struct ossl_gost_imit_ctx));
projects / openssl.git / blob