1
/**********************************************************************
3
* Copyright (c) 2005-2006 Cryptocom LTD *
4
* This file is distributed under the same license as OpenSSL *
6
* OpenSSL interface to GOST 28147-89 cipher functions *
7
* Requires OpenSSL 0.9.9 for compilation *
8
**********************************************************************/
11
#include <openssl/rand.h>
12
#include "e_gost_err.h"
14
static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
15
const unsigned char *iv, int enc);
16
static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
17
const unsigned char *iv, int enc);
18
/* Handles block of data in CFB mode */
19
static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
20
const unsigned char *in, size_t inl);
21
/* Handles block of data in CNT mode */
22
static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
23
const unsigned char *in, size_t inl);
24
/* Cleanup function */
25
static int gost_cipher_cleanup(EVP_CIPHER_CTX *);
26
/* set/get cipher parameters */
27
static int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params);
28
static int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params);
29
/* Control function */
30
static int gost_cipher_ctl(EVP_CIPHER_CTX *ctx,int type,int arg,void *ptr);
32
EVP_CIPHER cipher_gost =
38
EVP_CIPH_CFB_MODE| EVP_CIPH_NO_PADDING |
39
EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
43
sizeof(struct ossl_gost_cipher_ctx),/* ctx_size */
44
gost89_set_asn1_parameters,
45
gost89_get_asn1_parameters,
50
EVP_CIPHER cipher_gost_cpacnt =
56
EVP_CIPH_OFB_MODE| EVP_CIPH_NO_PADDING |
57
EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
61
sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */
62
gost89_set_asn1_parameters,
63
gost89_get_asn1_parameters,
68
/* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */
69
/* Init functions which set specific parameters */
70
static int gost_imit_init_cpa(EVP_MD_CTX *ctx);
71
/* process block of data */
72
static int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count);
73
/* Return computed value */
74
static int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md);
76
static int gost_imit_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from);
77
static int gost_imit_cleanup(EVP_MD_CTX *ctx);
78
/* Control function, knows how to set MAC key.*/
79
static int gost_imit_ctrl(EVP_MD_CTX *ctx,int type, int arg, void *ptr);
81
EVP_MD imit_gost_cpa =
83
NID_id_Gost28147_89_MAC,
96
sizeof(struct ossl_gost_imit_ctx),
101
* Correspondence between gost parameter OIDs and substitution blocks
102
* NID field is filed by register_gost_NID function in engine.c
103
* upon engine initialization
106
struct gost_cipher_info gost_cipher_list[]=
108
/* NID */ /* Subst block */ /* Key meshing*/
109
/*{NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0},*/
110
{NID_id_Gost28147_89_cc,&GostR3411_94_CryptoProParamSet,0},
111
{NID_id_Gost28147_89_CryptoPro_A_ParamSet,&Gost28147_CryptoProParamSetA,1},
112
{NID_id_Gost28147_89_CryptoPro_B_ParamSet,&Gost28147_CryptoProParamSetB,1},
113
{NID_id_Gost28147_89_CryptoPro_C_ParamSet,&Gost28147_CryptoProParamSetC,1},
114
{NID_id_Gost28147_89_CryptoPro_D_ParamSet,&Gost28147_CryptoProParamSetD,1},
115
{NID_id_Gost28147_89_TestParamSet,&Gost28147_TestParamSet,1},
119
/* get encryption parameters from crypto network settings
120
FIXME For now we use environment var CRYPT_PARAMS as place to
121
store these settings. Actually, it is better to use engine control command, read from configuration file to set them */
122
const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj)
125
struct gost_cipher_info *param;
128
const char * params = get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS);
129
if (!params || !strlen(params))
130
return &gost_cipher_list[1];
132
nid = OBJ_txt2nid(params);
133
if (nid == NID_undef)
135
GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS,
136
GOST_R_INVALID_CIPHER_PARAM_OID);
142
nid= OBJ_obj2nid(obj);
144
for (param=gost_cipher_list;param->sblock!=NULL && param->nid!=nid;
148
GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS,GOST_R_INVALID_CIPHER_PARAMS);
154
/* Sets cipher param from paramset NID. */
155
static int gost_cipher_set_param(struct ossl_gost_cipher_ctx *c,int nid)
157
const struct gost_cipher_info *param;
158
param=get_encryption_params((nid==NID_undef?NULL:OBJ_nid2obj(nid)));
159
if (!param) return 0;
161
c->paramNID = param->nid;
162
c->key_meshing=param->key_meshing;
164
gost_init(&(c->cctx), param->sblock);
168
/* Initializes EVP_CIPHER_CTX by paramset NID */
169
static int gost_cipher_init_param(EVP_CIPHER_CTX *ctx, const unsigned char *key,
170
const unsigned char *iv, int enc, int paramNID,int mode)
172
struct ossl_gost_cipher_ctx *c=ctx->cipher_data;
173
if (ctx->app_data == NULL)
175
if (!gost_cipher_set_param(c,paramNID)) return 0;
176
ctx->app_data = ctx->cipher_data;
178
if (key) gost_key(&(c->cctx),key);
179
if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
180
memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
184
static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
185
const unsigned char *iv, int enc)
187
struct ossl_gost_cipher_ctx *c=ctx->cipher_data;
188
gost_init(&(c->cctx),&Gost28147_CryptoProParamSetA);
191
if(key) gost_key(&(c->cctx),key);
192
if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
193
memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
197
/* Initializes EVP_CIPHER_CTX with default values */
198
int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
199
const unsigned char *iv, int enc)
201
return gost_cipher_init_param(ctx,key,iv,enc,NID_undef,EVP_CIPH_CFB_MODE);
203
/* Wrapper around gostcrypt function from gost89.c which perform
204
* key meshing when nesseccary
206
static void gost_crypt_mesh (void *ctx,unsigned char *iv,unsigned char *buf)
208
struct ossl_gost_cipher_ctx *c = ctx;
209
if (c->count&&c->key_meshing && c->count%1024==0)
211
cryptopro_key_meshing(&(c->cctx),iv);
213
gostcrypt(&(c->cctx),iv,buf);
217
static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf)
219
struct ossl_gost_cipher_ctx *c = ctx;
221
unsigned char buf1[8];
222
if (c->count && c->key_meshing && c->count %1024 ==0)
224
cryptopro_key_meshing(&(c->cctx),iv);
228
gostcrypt(&(c->cctx),iv,buf1);
234
g = buf1[0]|(buf1[1]<<8)|(buf1[2]<<16)|(buf1[3]<<24);
236
buf1[0]=(unsigned char)(g&0xff);
237
buf1[1]=(unsigned char)((g>>8)&0xff);
238
buf1[2]=(unsigned char)((g>>16)&0xff);
239
buf1[3]=(unsigned char)((g>>24)&0xff);
240
g = buf1[4]|(buf1[5]<<8)|(buf1[6]<<16)|(buf1[7]<<24);
243
if (go > g) /* overflow*/
245
buf1[4]=(unsigned char)(g&0xff);
246
buf1[5]=(unsigned char)((g>>8)&0xff);
247
buf1[6]=(unsigned char)((g>>16)&0xff);
248
buf1[7]=(unsigned char)((g>>24)&0xff);
250
gostcrypt(&(c->cctx),buf1,buf);
254
/* GOST encryption in CFB mode */
255
int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
256
const unsigned char *in, size_t inl)
258
const unsigned char *in_ptr=in;
259
unsigned char *out_ptr=out;
262
/* process partial block if any */
265
for (j=ctx->num,i=0;j<8 && i<inl;j++,i++,in_ptr++,out_ptr++)
267
if (!ctx->encrypt) ctx->buf[j+8]=*in_ptr;
268
*out_ptr=ctx->buf[j]^(*in_ptr);
269
if (ctx->encrypt) ctx->buf[j+8]=*out_ptr;
273
memcpy(ctx->iv,ctx->buf+8,8);
283
for (;i+8<inl;i+=8,in_ptr+=8,out_ptr+=8)
285
/*block cipher current iv */
286
gost_crypt_mesh(ctx->cipher_data,ctx->iv,ctx->buf);
287
/*xor next block of input text with it and output it*/
288
/*output this block */
289
if (!ctx->encrypt) memcpy(ctx->iv,in_ptr,8);
292
out_ptr[j]=ctx->buf[j]^in_ptr[j];
295
/* Next iv is next block of cipher text*/
296
if (ctx->encrypt) memcpy(ctx->iv,out_ptr,8);
298
/* Process rest of buffer */
301
gost_crypt_mesh(ctx->cipher_data,ctx->iv,ctx->buf);
302
if (!ctx->encrypt) memcpy(ctx->buf+8,in_ptr,inl-i);
303
for (j=0;i<inl;j++,i++)
305
out_ptr[j]=ctx->buf[j]^in_ptr[j];
308
if (ctx->encrypt) memcpy(ctx->buf+8,out_ptr,j);
317
static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
318
const unsigned char *in, size_t inl)
320
const unsigned char *in_ptr=in;
321
unsigned char *out_ptr=out;
324
/* process partial block if any */
327
for (j=ctx->num,i=0;j<8 && i<inl;j++,i++,in_ptr++,out_ptr++)
329
*out_ptr=ctx->buf[j]^(*in_ptr);
342
for (;i+8<inl;i+=8,in_ptr+=8,out_ptr+=8)
344
/*block cipher current iv */
346
gost_cnt_next(ctx->cipher_data,ctx->iv,ctx->buf);
347
/*xor next block of input text with it and output it*/
348
/*output this block */
351
out_ptr[j]=ctx->buf[j]^in_ptr[j];
354
/* Process rest of buffer */
357
gost_cnt_next(ctx->cipher_data,ctx->iv,ctx->buf);
358
for (j=0;i<inl;j++,i++)
360
out_ptr[j]=ctx->buf[j]^in_ptr[j];
371
/* Cleaning up of EVP_CIPHER_CTX */
372
int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx)
374
gost_destroy(&((struct ossl_gost_cipher_ctx *)ctx->cipher_data)->cctx);
375
ctx->app_data = NULL;
379
/* Control function for gost cipher */
380
int gost_cipher_ctl(EVP_CIPHER_CTX *ctx,int type,int arg,void *ptr)
384
case EVP_CTRL_RAND_KEY:
386
if (RAND_bytes((unsigned char *)ptr,ctx->key_len)<=0)
388
GOSTerr(GOST_F_GOST_CIPHER_CTL,GOST_R_RANDOM_GENERATOR_ERROR);
393
case EVP_CTRL_PBE_PRF_NID:
395
*((int *)ptr)= NID_id_HMACGostR3411_94;
402
GOSTerr(GOST_F_GOST_CIPHER_CTL,GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND);
408
/* Set cipher parameters from ASN1 structure */
409
int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params)
412
unsigned char *buf=NULL;
413
unsigned char *p=NULL;
414
struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
415
GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();
416
ASN1_OCTET_STRING *os = NULL;
419
GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
422
if (!ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len))
424
GOST_CIPHER_PARAMS_free(gcp);
425
GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
428
ASN1_OBJECT_free(gcp->enc_param_set);
429
gcp->enc_param_set = OBJ_nid2obj(c->paramNID);
431
len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);
432
p = buf = (unsigned char*)OPENSSL_malloc(len);
435
GOST_CIPHER_PARAMS_free(gcp);
436
GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
439
i2d_GOST_CIPHER_PARAMS(gcp, &p);
440
GOST_CIPHER_PARAMS_free(gcp);
442
os = ASN1_OCTET_STRING_new();
444
if(!os || !ASN1_OCTET_STRING_set(os, buf, len))
447
GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
452
ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
456
/* Store parameters into ASN1 structure */
457
int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params)
461
GOST_CIPHER_PARAMS *gcp = NULL;
463
struct ossl_gost_cipher_ctx *c=ctx->cipher_data;
464
if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE)
469
p = params->value.sequence->data;
471
gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,
472
params->value.sequence->length);
474
len = gcp->iv->length;
475
if (len != ctx->cipher->iv_len)
477
GOST_CIPHER_PARAMS_free(gcp);
478
GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS,
479
GOST_R_INVALID_IV_LENGTH);
482
if (!gost_cipher_set_param(c,OBJ_obj2nid(gcp->enc_param_set)))
484
GOST_CIPHER_PARAMS_free(gcp);
487
memcpy(ctx->oiv, gcp->iv->data, len);
489
GOST_CIPHER_PARAMS_free(gcp);
495
int gost_imit_init_cpa(EVP_MD_CTX *ctx)
497
struct ossl_gost_imit_ctx *c = ctx->md_data;
498
memset(c->buffer,0,16);
502
gost_init(&(c->cctx),&Gost28147_CryptoProParamSetA);
506
static void mac_block_mesh(struct ossl_gost_imit_ctx *c,const unsigned char *data)
508
unsigned char buffer[8];
509
/* We are using local buffer for iv because CryptoPro doesn't
510
* interpret internal state of MAC algorithm as iv during keymeshing
511
* (but does initialize internal state from iv in key transport
513
if (c->key_meshing&& c->count && c->count %1024 ==0)
515
cryptopro_key_meshing(&(c->cctx),buffer);
517
mac_block(&(c->cctx),c->buffer,data);
521
int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count)
523
struct ossl_gost_imit_ctx *c = ctx->md_data;
524
const unsigned char *p = data;
525
size_t bytes = count,i;
527
GOSTerr(GOST_F_GOST_IMIT_UPDATE, GOST_R_MAC_KEY_NOT_SET);
532
for (i=c->bytes_left;i<8&&bytes>0;bytes--,i++,p++)
534
c->partial_block[i]=*p;
538
mac_block_mesh(c,c->partial_block);
554
memcpy(c->partial_block,p,bytes);
560
int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md)
562
struct ossl_gost_imit_ctx *c = ctx->md_data;
564
GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET);
570
for (i=c->bytes_left;i<8;i++)
572
c->partial_block[i]=0;
574
mac_block_mesh(c,c->partial_block);
576
get_mac(c->buffer,32,md);
580
int gost_imit_ctrl(EVP_MD_CTX *ctx,int type, int arg, void *ptr)
584
case EVP_MD_CTRL_KEY_LEN:
585
*((unsigned int*)(ptr)) = 32;
587
case EVP_MD_CTRL_SET_KEY:
590
GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
594
gost_key(&(((struct ossl_gost_imit_ctx*)(ctx->md_data))->cctx),ptr) ;
595
((struct ossl_gost_imit_ctx*)(ctx->md_data))->key_set = 1;
604
int gost_imit_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
606
memcpy(to->md_data,from->md_data,sizeof(struct ossl_gost_imit_ctx));
610
/* Clean up imit ctx */
611
int gost_imit_cleanup(EVP_MD_CTX *ctx)
613
memset(ctx->md_data,0,sizeof(struct ossl_gost_imit_ctx));