summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/gost
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2015-08-02 21:54:22 +0000
committercvs2svn <admin@example.com>2015-08-02 21:54:22 +0000
commited3760bf4be4a96a89233fb8f8b84a0d44725862 (patch)
tree5609c82060f75c53af0a7641d9b33a88574876cd /src/lib/libcrypto/gost
parentf8b563fb5ba1524c821d37308f4e6abfc866bc3f (diff)
downloadopenbsd-OPENBSD_5_8_BASE.tar.gz
openbsd-OPENBSD_5_8_BASE.tar.bz2
openbsd-OPENBSD_5_8_BASE.zip
This commit was manufactured by cvs2git to create tag 'OPENBSD_5_8_BASE'.OPENBSD_5_8_BASE
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/gost/gost.h262
-rw-r--r--src/lib/libcrypto/gost/gost2814789.c471
-rw-r--r--src/lib/libcrypto/gost/gost89_keywrap.c138
-rw-r--r--src/lib/libcrypto/gost/gost89_params.c244
-rw-r--r--src/lib/libcrypto/gost/gost89imit_ameth.c88
-rw-r--r--src/lib/libcrypto/gost/gost89imit_pmeth.c252
-rw-r--r--src/lib/libcrypto/gost/gost_asn1.c295
-rw-r--r--src/lib/libcrypto/gost/gost_asn1.h87
-rw-r--r--src/lib/libcrypto/gost/gost_err.c142
-rw-r--r--src/lib/libcrypto/gost/gost_locl.h113
-rw-r--r--src/lib/libcrypto/gost/gostr341001.c401
-rw-r--r--src/lib/libcrypto/gost/gostr341001_ameth.c737
-rw-r--r--src/lib/libcrypto/gost/gostr341001_key.c320
-rw-r--r--src/lib/libcrypto/gost/gostr341001_params.c132
-rw-r--r--src/lib/libcrypto/gost/gostr341001_pmeth.c719
-rw-r--r--src/lib/libcrypto/gost/gostr341194.c273
-rw-r--r--src/lib/libcrypto/gost/streebog.c1477
17 files changed, 0 insertions, 6151 deletions
diff --git a/src/lib/libcrypto/gost/gost.h b/src/lib/libcrypto/gost/gost.h
deleted file mode 100644
index 516c1b41fc..0000000000
--- a/src/lib/libcrypto/gost/gost.h
+++ /dev/null
@@ -1,262 +0,0 @@
1/* $OpenBSD: gost.h,v 1.2 2014/11/09 19:24:30 miod Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#ifndef HEADER_GOST_H
53#define HEADER_GOST_H
54
55#include <openssl/opensslconf.h>
56
57#ifdef OPENSSL_NO_GOST
58#error GOST is disabled.
59#endif
60
61#include <openssl/asn1t.h>
62#include <openssl/ec.h>
63
64#ifdef __cplusplus
65extern "C" {
66#endif
67
68typedef struct gost2814789_key_st {
69 unsigned int key[8];
70 unsigned int k87[256],k65[256],k43[256],k21[256];
71 unsigned int count;
72 unsigned key_meshing : 1;
73} GOST2814789_KEY;
74
75int Gost2814789_set_sbox(GOST2814789_KEY *key, int nid);
76int Gost2814789_set_key(GOST2814789_KEY *key,
77 const unsigned char *userKey, const int bits);
78void Gost2814789_ecb_encrypt(const unsigned char *in, unsigned char *out,
79 GOST2814789_KEY *key, const int enc);
80void Gost2814789_cfb64_encrypt(const unsigned char *in, unsigned char *out,
81 size_t length, GOST2814789_KEY *key,
82 unsigned char *ivec, int *num, const int enc);
83void Gost2814789_cnt_encrypt(const unsigned char *in, unsigned char *out,
84 size_t length, GOST2814789_KEY *key,
85 unsigned char *ivec, unsigned char *cnt_buf, int *num);
86
87typedef struct {
88 ASN1_OCTET_STRING *iv;
89 ASN1_OBJECT *enc_param_set;
90} GOST_CIPHER_PARAMS;
91
92DECLARE_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)
93
94#define GOST2814789IMIT_LENGTH 4
95#define GOST2814789IMIT_CBLOCK 8
96#define GOST2814789IMIT_LONG unsigned int
97
98typedef struct GOST2814789IMITstate_st {
99 GOST2814789IMIT_LONG Nl, Nh;
100 unsigned char data[GOST2814789IMIT_CBLOCK];
101 unsigned int num;
102
103 GOST2814789_KEY cipher;
104 unsigned char mac[GOST2814789IMIT_CBLOCK];
105} GOST2814789IMIT_CTX;
106
107/* Note, also removed second parameter and removed dctx->cipher setting */
108int GOST2814789IMIT_Init(GOST2814789IMIT_CTX *c, int nid);
109int GOST2814789IMIT_Update(GOST2814789IMIT_CTX *c, const void *data, size_t len);
110int GOST2814789IMIT_Final(unsigned char *md, GOST2814789IMIT_CTX *c);
111void GOST2814789IMIT_Transform(GOST2814789IMIT_CTX *c, const unsigned char *data);
112unsigned char *GOST2814789IMIT(const unsigned char *d, size_t n,
113 unsigned char *md, int nid,
114 const unsigned char *key, const unsigned char *iv);
115
116#define GOSTR341194_LONG unsigned int
117
118#define GOSTR341194_LENGTH 32
119#define GOSTR341194_CBLOCK 32
120#define GOSTR341194_LBLOCK (GOSTR341194_CBLOCK/4)
121
122typedef struct GOSTR341194state_st {
123 GOSTR341194_LONG Nl, Nh;
124 GOSTR341194_LONG data[GOSTR341194_LBLOCK];
125 unsigned int num;
126
127 GOST2814789_KEY cipher;
128 unsigned char H[GOSTR341194_CBLOCK];
129 unsigned char S[GOSTR341194_CBLOCK];
130} GOSTR341194_CTX;
131
132/* Note, also removed second parameter and removed dctx->cipher setting */
133int GOSTR341194_Init(GOSTR341194_CTX *c, int nid);
134int GOSTR341194_Update(GOSTR341194_CTX *c, const void *data, size_t len);
135int GOSTR341194_Final(unsigned char *md, GOSTR341194_CTX *c);
136void GOSTR341194_Transform(GOSTR341194_CTX *c, const unsigned char *data);
137unsigned char *GOSTR341194(const unsigned char *d, size_t n,unsigned char *md, int nid);
138
139#if defined(_LP64)
140#define STREEBOG_LONG64 unsigned long
141#define U64(C) C##UL
142#else
143#define STREEBOG_LONG64 unsigned long long
144#define U64(C) C##ULL
145#endif
146
147#define STREEBOG_LBLOCK 8
148#define STREEBOG_CBLOCK 64
149#define STREEBOG256_LENGTH 32
150#define STREEBOG512_LENGTH 64
151
152typedef struct STREEBOGstate_st {
153 STREEBOG_LONG64 data[STREEBOG_LBLOCK];
154 unsigned int num;
155 unsigned int md_len;
156 STREEBOG_LONG64 h[STREEBOG_LBLOCK];
157 STREEBOG_LONG64 N[STREEBOG_LBLOCK];
158 STREEBOG_LONG64 Sigma[STREEBOG_LBLOCK];
159} STREEBOG_CTX;
160
161int STREEBOG256_Init(STREEBOG_CTX *c);
162int STREEBOG256_Update(STREEBOG_CTX *c, const void *data, size_t len);
163int STREEBOG256_Final(unsigned char *md, STREEBOG_CTX *c);
164void STREEBOG256_Transform(STREEBOG_CTX *c, const unsigned char *data);
165unsigned char *STREEBOG256(const unsigned char *d, size_t n,unsigned char *md);
166
167int STREEBOG512_Init(STREEBOG_CTX *c);
168int STREEBOG512_Update(STREEBOG_CTX *c, const void *data, size_t len);
169int STREEBOG512_Final(unsigned char *md, STREEBOG_CTX *c);
170void STREEBOG512_Transform(STREEBOG_CTX *c, const unsigned char *data);
171unsigned char *STREEBOG512(const unsigned char *d, size_t n,unsigned char *md);
172
173typedef struct gost_key_st GOST_KEY;
174GOST_KEY *GOST_KEY_new(void);
175void GOST_KEY_free(GOST_KEY * r);
176int GOST_KEY_check_key(const GOST_KEY * eckey);
177int GOST_KEY_set_public_key_affine_coordinates(GOST_KEY * key, BIGNUM * x, BIGNUM * y);
178const EC_GROUP * GOST_KEY_get0_group(const GOST_KEY * key);
179int GOST_KEY_set_group(GOST_KEY * key, const EC_GROUP * group);
180int GOST_KEY_get_digest(const GOST_KEY * key);
181int GOST_KEY_set_digest(GOST_KEY * key, int digest_nid);
182const BIGNUM * GOST_KEY_get0_private_key(const GOST_KEY * key);
183int GOST_KEY_set_private_key(GOST_KEY * key, const BIGNUM * priv_key);
184const EC_POINT * GOST_KEY_get0_public_key(const GOST_KEY * key);
185int GOST_KEY_set_public_key(GOST_KEY * key, const EC_POINT * pub_key);
186size_t GOST_KEY_get_size(const GOST_KEY * r);
187
188/* Gost-specific pmeth control-function parameters */
189/* For GOST R34.10 parameters */
190#define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL+1)
191#define EVP_PKEY_CTRL_GOST_SIG_FORMAT (EVP_PKEY_ALG_CTRL+2)
192#define EVP_PKEY_CTRL_GOST_SET_DIGEST (EVP_PKEY_ALG_CTRL+3)
193#define EVP_PKEY_CTRL_GOST_GET_DIGEST (EVP_PKEY_ALG_CTRL+4)
194
195#define GOST_SIG_FORMAT_SR_BE 0
196#define GOST_SIG_FORMAT_RS_LE 1
197
198/* BEGIN ERROR CODES */
199/* The following lines are auto generated by the script mkerr.pl. Any changes
200 * made after this point may be overwritten when the script is next run.
201 */
202void ERR_load_GOST_strings(void);
203
204/* Error codes for the GOST functions. */
205
206/* Function codes. */
207#define GOST_F_DECODE_GOST01_ALGOR_PARAMS 104
208#define GOST_F_ENCODE_GOST01_ALGOR_PARAMS 105
209#define GOST_F_GOST2001_COMPUTE_PUBLIC 106
210#define GOST_F_GOST2001_DO_SIGN 107
211#define GOST_F_GOST2001_DO_VERIFY 108
212#define GOST_F_GOST2001_KEYGEN 109
213#define GOST_F_GOST89_GET_ASN1_PARAMETERS 102
214#define GOST_F_GOST89_SET_ASN1_PARAMETERS 103
215#define GOST_F_GOST_KEY_CHECK_KEY 124
216#define GOST_F_GOST_KEY_NEW 125
217#define GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 126
218#define GOST_F_PARAM_COPY_GOST01 110
219#define GOST_F_PARAM_DECODE_GOST01 111
220#define GOST_F_PKEY_GOST01_CTRL 116
221#define GOST_F_PKEY_GOST01_DECRYPT 112
222#define GOST_F_PKEY_GOST01_DERIVE 113
223#define GOST_F_PKEY_GOST01_ENCRYPT 114
224#define GOST_F_PKEY_GOST01_PARAMGEN 115
225#define GOST_F_PKEY_GOST01_SIGN 123
226#define GOST_F_PKEY_GOST_MAC_CTRL 100
227#define GOST_F_PKEY_GOST_MAC_KEYGEN 101
228#define GOST_F_PRIV_DECODE_GOST01 117
229#define GOST_F_PUB_DECODE_GOST01 118
230#define GOST_F_PUB_ENCODE_GOST01 119
231#define GOST_F_PUB_PRINT_GOST01 120
232#define GOST_F_UNPACK_SIGNATURE_CP 121
233#define GOST_F_UNPACK_SIGNATURE_LE 122
234
235/* Reason codes. */
236#define GOST_R_BAD_KEY_PARAMETERS_FORMAT 104
237#define GOST_R_BAD_PKEY_PARAMETERS_FORMAT 105
238#define GOST_R_CANNOT_PACK_EPHEMERAL_KEY 106
239#define GOST_R_CTRL_CALL_FAILED 107
240#define GOST_R_ERROR_COMPUTING_SHARED_KEY 108
241#define GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO 109
242#define GOST_R_INCOMPATIBLE_ALGORITHMS 110
243#define GOST_R_INCOMPATIBLE_PEER_KEY 111
244#define GOST_R_INVALID_DIGEST_TYPE 100
245#define GOST_R_INVALID_IV_LENGTH 103
246#define GOST_R_INVALID_MAC_KEY_LENGTH 101
247#define GOST_R_KEY_IS_NOT_INITIALIZED 112
248#define GOST_R_KEY_PARAMETERS_MISSING 113
249#define GOST_R_MAC_KEY_NOT_SET 102
250#define GOST_R_NO_PARAMETERS_SET 115
251#define GOST_R_NO_PEER_KEY 116
252#define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR 117
253#define GOST_R_PUBLIC_KEY_UNDEFINED 118
254#define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED 120
255#define GOST_R_SIGNATURE_MISMATCH 121
256#define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q 122
257#define GOST_R_UKM_NOT_SET 123
258
259#ifdef __cplusplus
260}
261#endif
262#endif
diff --git a/src/lib/libcrypto/gost/gost2814789.c b/src/lib/libcrypto/gost/gost2814789.c
deleted file mode 100644
index b1bef9eae3..0000000000
--- a/src/lib/libcrypto/gost/gost2814789.c
+++ /dev/null
@@ -1,471 +0,0 @@
1/* $OpenBSD: gost2814789.c,v 1.4 2015/02/10 09:46:30 miod Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57#include <openssl/objects.h>
58#include <openssl/gost.h>
59
60#include "gost_locl.h"
61
62static inline unsigned int
63f(const GOST2814789_KEY *c, unsigned int x)
64{
65 return c->k87[(x>>24) & 255] | c->k65[(x>>16) & 255]|
66 c->k43[(x>> 8) & 255] | c->k21[(x ) & 255];
67}
68
69void
70Gost2814789_encrypt(const unsigned char *in, unsigned char *out,
71 const GOST2814789_KEY *key)
72{
73 unsigned int n1, n2; /* As named in the GOST */
74
75 c2l(in, n1);
76 c2l(in, n2);
77
78 /* Instead of swapping halves, swap names each round */
79 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
80 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
81 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
82 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
83
84 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
85 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
86 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
87 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
88
89 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
90 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
91 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
92 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
93
94 n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
95 n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
96 n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
97 n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
98
99 l2c(n2, out);
100 l2c(n1, out);
101}
102
103void
104Gost2814789_decrypt(const unsigned char *in, unsigned char *out,
105 const GOST2814789_KEY *key)
106{
107 unsigned int n1, n2; /* As named in the GOST */
108
109 c2l(in, n1);
110 c2l(in, n2);
111
112 /* Instead of swapping halves, swap names each round */
113 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
114 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
115 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
116 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
117
118 n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
119 n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
120 n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
121 n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
122
123 n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
124 n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
125 n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
126 n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
127
128 n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
129 n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
130 n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
131 n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
132
133 l2c(n2, out);
134 l2c(n1, out);
135}
136
137static void
138Gost2814789_mac(const unsigned char *in, unsigned char *mac,
139 GOST2814789_KEY *key)
140{
141 unsigned int n1, n2; /* As named in the GOST */
142 unsigned char *p;
143 int i;
144
145 for (i = 0; i < 8; i++)
146 mac[i] ^= in[i];
147
148 p = mac;
149 c2l(p, n1);
150 c2l(p, n2);
151
152 /* Instead of swapping halves, swap names each round */
153 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
154 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
155 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
156 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
157
158 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
159 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
160 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
161 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
162
163 p = mac;
164 l2c(n1, p);
165 l2c(n2, p);
166}
167
168void
169Gost2814789_ecb_encrypt(const unsigned char *in, unsigned char *out,
170 GOST2814789_KEY *key, const int enc)
171{
172 if (key->key_meshing && key->count == 1024) {
173 Gost2814789_cryptopro_key_mesh(key);
174 key->count = 0;
175 }
176
177 if (enc)
178 Gost2814789_encrypt(in, out, key);
179 else
180 Gost2814789_decrypt(in, out, key);
181}
182
183static inline void
184Gost2814789_encrypt_mesh(unsigned char *iv, GOST2814789_KEY *key)
185{
186 if (key->key_meshing && key->count == 1024) {
187 Gost2814789_cryptopro_key_mesh(key);
188 Gost2814789_encrypt(iv, iv, key);
189 key->count = 0;
190 }
191 Gost2814789_encrypt(iv, iv, key);
192 key->count += 8;
193}
194
195static inline void
196Gost2814789_mac_mesh(const unsigned char *data, unsigned char *mac,
197 GOST2814789_KEY *key)
198{
199 if (key->key_meshing && key->count == 1024) {
200 Gost2814789_cryptopro_key_mesh(key);
201 key->count = 0;
202 }
203 Gost2814789_mac(data, mac, key);
204 key->count += 8;
205}
206
207void
208Gost2814789_cfb64_encrypt(const unsigned char *in, unsigned char *out,
209 size_t len, GOST2814789_KEY *key, unsigned char *ivec, int *num,
210 const int enc)
211{
212 unsigned int n;
213 size_t l = 0;
214
215 n = *num;
216
217 if (enc) {
218#if !defined(OPENSSL_SMALL_FOOTPRINT)
219 if (8 % sizeof(size_t) == 0) do { /* always true actually */
220 while (n && len) {
221 *(out++) = ivec[n] ^= *(in++);
222 --len;
223 n = (n + 1) % 8;
224 }
225#ifdef __STRICT_ALIGNMENT
226 if (((size_t)in | (size_t)out | (size_t)ivec) %
227 sizeof(size_t) != 0)
228 break;
229#endif
230 while (len >= 8) {
231 Gost2814789_encrypt_mesh(ivec, key);
232 for (; n < 8; n += sizeof(size_t)) {
233 *(size_t*)(out + n) =
234 *(size_t*)(ivec + n) ^=
235 *(size_t*)(in + n);
236 }
237 len -= 8;
238 out += 8;
239 in += 8;
240 n = 0;
241 }
242 if (len) {
243 Gost2814789_encrypt_mesh(ivec, key);
244 while (len--) {
245 out[n] = ivec[n] ^= in[n];
246 ++n;
247 }
248 }
249 *num = n;
250 return;
251 } while (0);
252 /* the rest would be commonly eliminated by x86* compiler */
253#endif
254 while (l<len) {
255 if (n == 0) {
256 Gost2814789_encrypt_mesh(ivec, key);
257 }
258 out[l] = ivec[n] ^= in[l];
259 ++l;
260 n = (n + 1) % 8;
261 }
262 *num = n;
263 } else {
264#if !defined(OPENSSL_SMALL_FOOTPRINT)
265 if (8 % sizeof(size_t) == 0) do { /* always true actually */
266 while (n && len) {
267 unsigned char c;
268
269 *(out++) = ivec[n] ^ (c = *(in++));
270 ivec[n] = c;
271 --len;
272 n = (n + 1) % 8;
273 }
274#ifdef __STRICT_ALIGNMENT
275 if (((size_t)in | (size_t)out | (size_t)ivec) %
276 sizeof(size_t) != 0)
277 break;
278#endif
279 while (len >= 8) {
280 Gost2814789_encrypt_mesh(ivec, key);
281 for (; n < 8; n += sizeof(size_t)) {
282 size_t t = *(size_t*)(in + n);
283 *(size_t*)(out + n) =
284 *(size_t*)(ivec + n) ^ t;
285 *(size_t*)(ivec + n) = t;
286 }
287 len -= 8;
288 out += 8;
289 in += 8;
290 n = 0;
291 }
292 if (len) {
293 Gost2814789_encrypt_mesh(ivec, key);
294 while (len--) {
295 unsigned char c;
296
297 out[n] = ivec[n] ^ (c = in[n]);
298 ivec[n] = c;
299 ++n;
300 }
301 }
302 *num = n;
303 return;
304 } while (0);
305 /* the rest would be commonly eliminated by x86* compiler */
306#endif
307 while (l < len) {
308 unsigned char c;
309
310 if (n == 0) {
311 Gost2814789_encrypt_mesh(ivec, key);
312 }
313 out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c;
314 ++l;
315 n = (n + 1) % 8;
316 }
317 *num = n;
318 }
319}
320
321static inline void
322Gost2814789_cnt_next(unsigned char *ivec, unsigned char *out,
323 GOST2814789_KEY *key)
324{
325 unsigned char *p = ivec, *p2 = ivec;
326 unsigned int val, val2;
327
328 if (key->count == 0)
329 Gost2814789_encrypt(ivec, ivec, key);
330
331 if (key->key_meshing && key->count == 1024) {
332 Gost2814789_cryptopro_key_mesh(key);
333 Gost2814789_encrypt(ivec, ivec, key);
334 key->count = 0;
335 }
336
337 c2l(p, val);
338 val2 = val + 0x01010101;
339 l2c(val2, p2);
340
341 c2l(p, val);
342 val2 = val + 0x01010104;
343 if (val > val2) /* overflow */
344 val2++;
345 l2c(val2, p2);
346
347 Gost2814789_encrypt(ivec, out, key);
348 key->count += 8;
349}
350
351void
352Gost2814789_cnt_encrypt(const unsigned char *in, unsigned char *out, size_t len,
353 GOST2814789_KEY *key, unsigned char *ivec, unsigned char *cnt_buf, int *num)
354{
355 unsigned int n;
356 size_t l = 0;
357
358 n = *num;
359
360#if !defined(OPENSSL_SMALL_FOOTPRINT)
361 if (8 % sizeof(size_t) == 0) do { /* always true actually */
362 while (n && len) {
363 *(out++) = *(in++) ^ cnt_buf[n];
364 --len;
365 n = (n + 1) % 8;
366 }
367
368#ifdef __STRICT_ALIGNMENT
369 if (((size_t)in | (size_t)out | (size_t)ivec) %
370 sizeof(size_t) != 0)
371 break;
372#endif
373 while (len >= 8) {
374 Gost2814789_cnt_next(ivec, cnt_buf, key);
375 for (; n < 8; n += sizeof(size_t))
376 *(size_t *)(out + n) = *(size_t *)(in + n) ^
377 *(size_t *)(cnt_buf + n);
378 len -= 8;
379 out += 8;
380 in += 8;
381 n = 0;
382 }
383 if (len) {
384 Gost2814789_cnt_next(ivec, cnt_buf, key);
385 while (len--) {
386 out[n] = in[n] ^ cnt_buf[n];
387 ++n;
388 }
389 }
390 *num = n;
391 return;
392 } while(0);
393 /* the rest would be commonly eliminated by x86* compiler */
394#endif
395 while (l < len) {
396 if (n==0)
397 Gost2814789_cnt_next(ivec, cnt_buf, key);
398 out[l] = in[l] ^ cnt_buf[n];
399 ++l;
400 n = (n + 1) % 8;
401 }
402
403 *num=n;
404}
405
406int
407GOST2814789IMIT_Init(GOST2814789IMIT_CTX *c, int nid)
408{
409 c->Nl = c->Nh = c->num = 0;
410 memset(c->mac, 0, 8);
411 return Gost2814789_set_sbox(&c->cipher, nid);
412}
413
414static void
415GOST2814789IMIT_block_data_order(GOST2814789IMIT_CTX *ctx,
416 const unsigned char *p, size_t num)
417{
418 int i;
419
420 for (i = 0; i < num; i++) {
421 Gost2814789_mac_mesh(p, ctx->mac, &ctx->cipher);
422 p += 8;
423 }
424}
425
426#define DATA_ORDER_IS_LITTLE_ENDIAN
427
428#define HASH_CBLOCK GOST2814789IMIT_CBLOCK
429#define HASH_LONG GOST2814789IMIT_LONG
430#define HASH_CTX GOST2814789IMIT_CTX
431#define HASH_UPDATE GOST2814789IMIT_Update
432#define HASH_TRANSFORM GOST2814789IMIT_Transform
433#define HASH_NO_FINAL 1
434#define HASH_BLOCK_DATA_ORDER GOST2814789IMIT_block_data_order
435
436#include "md32_common.h"
437
438int
439GOST2814789IMIT_Final(unsigned char *md, GOST2814789IMIT_CTX *c)
440{
441 if (c->num) {
442 memset(c->data + c->num, 0, 8 - c->num);
443 Gost2814789_mac_mesh(c->data, c->mac, &c->cipher);
444 }
445 if (c->Nl <= 8 * 8 && c->Nl > 0 && c->Nh == 0) {
446 memset(c->data, 0, 8);
447 Gost2814789_mac_mesh(c->data, c->mac, &c->cipher);
448 }
449 memcpy(md, c->mac, 4);
450 return 1;
451}
452
453unsigned char *
454GOST2814789IMIT(const unsigned char *d, size_t n, unsigned char *md, int nid,
455 const unsigned char *key, const unsigned char *iv)
456{
457 GOST2814789IMIT_CTX c;
458 static unsigned char m[GOST2814789IMIT_LENGTH];
459
460 if (md == NULL)
461 md = m;
462 GOST2814789IMIT_Init(&c, nid);
463 memcpy(c.mac, iv, 8);
464 Gost2814789_set_key(&c.cipher, key, 256);
465 GOST2814789IMIT_Update(&c, d, n);
466 GOST2814789IMIT_Final(md, &c);
467 OPENSSL_cleanse(&c, sizeof(c));
468 return (md);
469}
470
471#endif
diff --git a/src/lib/libcrypto/gost/gost89_keywrap.c b/src/lib/libcrypto/gost/gost89_keywrap.c
deleted file mode 100644
index a754c4d56e..0000000000
--- a/src/lib/libcrypto/gost/gost89_keywrap.c
+++ /dev/null
@@ -1,138 +0,0 @@
1/* $OpenBSD: gost89_keywrap.c,v 1.3 2014/11/09 19:28:44 miod Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57
58#include <openssl/gost.h>
59
60#include "gost_locl.h"
61
62static void
63key_diversify_crypto_pro(GOST2814789_KEY *ctx, const unsigned char *inputKey,
64 const unsigned char *ukm, unsigned char *outputKey)
65{
66 unsigned long k, s1, s2;
67 int i, mask;
68 unsigned char S[8];
69 unsigned char *p;
70
71 memcpy(outputKey, inputKey, 32);
72 for (i = 0; i < 8; i++) {
73 /* Make array of integers from key */
74 /* Compute IV S */
75 s1 = 0, s2 = 0;
76 p = outputKey;
77 for (mask = 1; mask < 256; mask <<= 1) {
78 c2l(p, k);
79 if (mask & ukm[i]) {
80 s1 += k;
81 } else {
82 s2 += k;
83 }
84 }
85 p = S;
86 l2c (s1, p);
87 l2c (s2, p);
88 Gost2814789_set_key(ctx, outputKey, 256);
89 mask = 0;
90 Gost2814789_cfb64_encrypt(outputKey, outputKey, 32, ctx, S,
91 &mask, 1);
92 }
93}
94
95int
96gost_key_wrap_crypto_pro(int nid, const unsigned char *keyExchangeKey,
97 const unsigned char *ukm, const unsigned char *sessionKey,
98 unsigned char *wrappedKey)
99{
100 GOST2814789_KEY ctx;
101 unsigned char kek_ukm[32];
102
103 Gost2814789_set_sbox(&ctx, nid);
104 key_diversify_crypto_pro(&ctx, keyExchangeKey, ukm, kek_ukm);
105 Gost2814789_set_key(&ctx, kek_ukm, 256);
106 memcpy(wrappedKey, ukm, 8);
107 Gost2814789_encrypt(sessionKey + 0, wrappedKey + 8 + 0, &ctx);
108 Gost2814789_encrypt(sessionKey + 8, wrappedKey + 8 + 8, &ctx);
109 Gost2814789_encrypt(sessionKey + 16, wrappedKey + 8 + 16, &ctx);
110 Gost2814789_encrypt(sessionKey + 24, wrappedKey + 8 + 24, &ctx);
111 GOST2814789IMIT(sessionKey, 32, wrappedKey + 40, nid, kek_ukm, ukm);
112 return 1;
113}
114
115int
116gost_key_unwrap_crypto_pro(int nid, const unsigned char *keyExchangeKey,
117 const unsigned char *wrappedKey, unsigned char *sessionKey)
118{
119 unsigned char kek_ukm[32], cek_mac[4];
120 GOST2814789_KEY ctx;
121
122 Gost2814789_set_sbox(&ctx, nid);
123 /* First 8 bytes of wrapped Key is ukm */
124 key_diversify_crypto_pro(&ctx, keyExchangeKey, wrappedKey, kek_ukm);
125 Gost2814789_set_key(&ctx, kek_ukm, 256);
126 Gost2814789_decrypt(wrappedKey + 8 + 0, sessionKey + 0, &ctx);
127 Gost2814789_decrypt(wrappedKey + 8 + 8, sessionKey + 8, &ctx);
128 Gost2814789_decrypt(wrappedKey + 8 + 16, sessionKey + 16, &ctx);
129 Gost2814789_decrypt(wrappedKey + 8 + 24, sessionKey + 24, &ctx);
130
131 GOST2814789IMIT(sessionKey, 32, cek_mac, nid, kek_ukm, wrappedKey);
132 if (memcmp(cek_mac, wrappedKey + 40, 4))
133 return 0;
134
135 return 1;
136}
137
138#endif
diff --git a/src/lib/libcrypto/gost/gost89_params.c b/src/lib/libcrypto/gost/gost89_params.c
deleted file mode 100644
index 35d8f62fe9..0000000000
--- a/src/lib/libcrypto/gost/gost89_params.c
+++ /dev/null
@@ -1,244 +0,0 @@
1/* $OpenBSD: gost89_params.c,v 1.2 2014/11/09 23:06:52 miod Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <stdlib.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57#include <openssl/objects.h>
58#include <openssl/gost.h>
59
60#include "gost_locl.h"
61
62/* Substitution blocks from test examples for GOST R 34.11-94*/
63static const gost_subst_block GostR3411_94_TestParamSet = {
64 {0x1,0xF,0xD,0x0,0x5,0x7,0xA,0x4,0x9,0x2,0x3,0xE,0x6,0xB,0x8,0xC},
65 {0xD,0xB,0x4,0x1,0x3,0xF,0x5,0x9,0x0,0xA,0xE,0x7,0x6,0x8,0x2,0xC},
66 {0x4,0xB,0xA,0x0,0x7,0x2,0x1,0xD,0x3,0x6,0x8,0x5,0x9,0xC,0xF,0xE},
67 {0x6,0xC,0x7,0x1,0x5,0xF,0xD,0x8,0x4,0xA,0x9,0xE,0x0,0x3,0xB,0x2},
68 {0x7,0xD,0xA,0x1,0x0,0x8,0x9,0xF,0xE,0x4,0x6,0xC,0xB,0x2,0x5,0x3},
69 {0x5,0x8,0x1,0xD,0xA,0x3,0x4,0x2,0xE,0xF,0xC,0x7,0x6,0x0,0x9,0xB},
70 {0xE,0xB,0x4,0xC,0x6,0xD,0xF,0xA,0x2,0x3,0x8,0x1,0x0,0x7,0x5,0x9},
71 {0x4,0xA,0x9,0x2,0xD,0x8,0x0,0xE,0x6,0xB,0x1,0xC,0x7,0xF,0x5,0x3}
72};
73
74/* Substitution blocks for hash function 1.2.643.2.9.1.6.1 */
75static const gost_subst_block GostR3411_94_CryptoProParamSet = {
76 {0x1,0x3,0xA,0x9,0x5,0xB,0x4,0xF,0x8,0x6,0x7,0xE,0xD,0x0,0x2,0xC},
77 {0xD,0xE,0x4,0x1,0x7,0x0,0x5,0xA,0x3,0xC,0x8,0xF,0x6,0x2,0x9,0xB},
78 {0x7,0x6,0x2,0x4,0xD,0x9,0xF,0x0,0xA,0x1,0x5,0xB,0x8,0xE,0xC,0x3},
79 {0x7,0x6,0x4,0xB,0x9,0xC,0x2,0xA,0x1,0x8,0x0,0xE,0xF,0xD,0x3,0x5},
80 {0x4,0xA,0x7,0xC,0x0,0xF,0x2,0x8,0xE,0x1,0x6,0x5,0xD,0xB,0x9,0x3},
81 {0x7,0xF,0xC,0xE,0x9,0x4,0x1,0x0,0x3,0xB,0x5,0x2,0x6,0xA,0x8,0xD},
82 {0x5,0xF,0x4,0x0,0x2,0xD,0xB,0x9,0x1,0x7,0x6,0x3,0xC,0xE,0xA,0x8},
83 {0xA,0x4,0x5,0x6,0x8,0x1,0x3,0x7,0xD,0xC,0xE,0x0,0x9,0x2,0xB,0xF}
84};
85
86/* Test paramset from GOST 28147 */
87gost_subst_block Gost28147_TestParamSet = {
88 {0xC,0x6,0x5,0x2,0xB,0x0,0x9,0xD,0x3,0xE,0x7,0xA,0xF,0x4,0x1,0x8},
89 {0x9,0xB,0xC,0x0,0x3,0x6,0x7,0x5,0x4,0x8,0xE,0xF,0x1,0xA,0x2,0xD},
90 {0x8,0xF,0x6,0xB,0x1,0x9,0xC,0x5,0xD,0x3,0x7,0xA,0x0,0xE,0x2,0x4},
91 {0x3,0xE,0x5,0x9,0x6,0x8,0x0,0xD,0xA,0xB,0x7,0xC,0x2,0x1,0xF,0x4},
92 {0xE,0x9,0xB,0x2,0x5,0xF,0x7,0x1,0x0,0xD,0xC,0x6,0xA,0x4,0x3,0x8},
93 {0xD,0x8,0xE,0xC,0x7,0x3,0x9,0xA,0x1,0x5,0x2,0x4,0x6,0xF,0x0,0xB},
94 {0xC,0x9,0xF,0xE,0x8,0x1,0x3,0xA,0x2,0x7,0x4,0xD,0x6,0x0,0xB,0x5},
95 {0x4,0x2,0xF,0x5,0x9,0x1,0x0,0x8,0xE,0x3,0xB,0xC,0xD,0x7,0xA,0x6}
96};
97
98
99/* 1.2.643.2.2.31.1 */
100static const gost_subst_block Gost28147_CryptoProParamSetA = {
101 {0xB,0xA,0xF,0x5,0x0,0xC,0xE,0x8,0x6,0x2,0x3,0x9,0x1,0x7,0xD,0x4},
102 {0x1,0xD,0x2,0x9,0x7,0xA,0x6,0x0,0x8,0xC,0x4,0x5,0xF,0x3,0xB,0xE},
103 {0x3,0xA,0xD,0xC,0x1,0x2,0x0,0xB,0x7,0x5,0x9,0x4,0x8,0xF,0xE,0x6},
104 {0xB,0x5,0x1,0x9,0x8,0xD,0xF,0x0,0xE,0x4,0x2,0x3,0xC,0x7,0xA,0x6},
105 {0xE,0x7,0xA,0xC,0xD,0x1,0x3,0x9,0x0,0x2,0xB,0x4,0xF,0x8,0x5,0x6},
106 {0xE,0x4,0x6,0x2,0xB,0x3,0xD,0x8,0xC,0xF,0x5,0xA,0x0,0x7,0x1,0x9},
107 {0x3,0x7,0xE,0x9,0x8,0xA,0xF,0x0,0x5,0x2,0x6,0xC,0xB,0x4,0xD,0x1},
108 {0x9,0x6,0x3,0x2,0x8,0xB,0x1,0x7,0xA,0x4,0xE,0xF,0xC,0x0,0xD,0x5}
109};
110
111/* 1.2.643.2.2.31.2 */
112static const gost_subst_block Gost28147_CryptoProParamSetB = {
113 {0x0,0x4,0xB,0xE,0x8,0x3,0x7,0x1,0xA,0x2,0x9,0x6,0xF,0xD,0x5,0xC},
114 {0x5,0x2,0xA,0xB,0x9,0x1,0xC,0x3,0x7,0x4,0xD,0x0,0x6,0xF,0x8,0xE},
115 {0x8,0x3,0x2,0x6,0x4,0xD,0xE,0xB,0xC,0x1,0x7,0xF,0xA,0x0,0x9,0x5},
116 {0x2,0x7,0xC,0xF,0x9,0x5,0xA,0xB,0x1,0x4,0x0,0xD,0x6,0x8,0xE,0x3},
117 {0x7,0x5,0x0,0xD,0xB,0x6,0x1,0x2,0x3,0xA,0xC,0xF,0x4,0xE,0x9,0x8},
118 {0xE,0xC,0x0,0xA,0x9,0x2,0xD,0xB,0x7,0x5,0x8,0xF,0x3,0x6,0x1,0x4},
119 {0x0,0x1,0x2,0xA,0x4,0xD,0x5,0xC,0x9,0x7,0x3,0xF,0xB,0x8,0x6,0xE},
120 {0x8,0x4,0xB,0x1,0x3,0x5,0x0,0x9,0x2,0xE,0xA,0xC,0xD,0x6,0x7,0xF}
121};
122
123/* 1.2.643.2.2.31.3 */
124static const gost_subst_block Gost28147_CryptoProParamSetC = {
125 {0x7,0x4,0x0,0x5,0xA,0x2,0xF,0xE,0xC,0x6,0x1,0xB,0xD,0x9,0x3,0x8},
126 {0xA,0x9,0x6,0x8,0xD,0xE,0x2,0x0,0xF,0x3,0x5,0xB,0x4,0x1,0xC,0x7},
127 {0xC,0x9,0xB,0x1,0x8,0xE,0x2,0x4,0x7,0x3,0x6,0x5,0xA,0x0,0xF,0xD},
128 {0x8,0xD,0xB,0x0,0x4,0x5,0x1,0x2,0x9,0x3,0xC,0xE,0x6,0xF,0xA,0x7},
129 {0x3,0x6,0x0,0x1,0x5,0xD,0xA,0x8,0xB,0x2,0x9,0x7,0xE,0xF,0xC,0x4},
130 {0x8,0x2,0x5,0x0,0x4,0x9,0xF,0xA,0x3,0x7,0xC,0xD,0x6,0xE,0x1,0xB},
131 {0x0,0x1,0x7,0xD,0xB,0x4,0x5,0x2,0x8,0xE,0xF,0xC,0x9,0xA,0x6,0x3},
132 {0x1,0xB,0xC,0x2,0x9,0xD,0x0,0xF,0x4,0x5,0x8,0xE,0xA,0x7,0x6,0x3}
133};
134
135/* 1.2.643.2.2.31.4 */
136static const gost_subst_block Gost28147_CryptoProParamSetD = {
137 {0x1,0xA,0x6,0x8,0xF,0xB,0x0,0x4,0xC,0x3,0x5,0x9,0x7,0xD,0x2,0xE},
138 {0x3,0x0,0x6,0xF,0x1,0xE,0x9,0x2,0xD,0x8,0xC,0x4,0xB,0xA,0x5,0x7},
139 {0x8,0x0,0xF,0x3,0x2,0x5,0xE,0xB,0x1,0xA,0x4,0x7,0xC,0x9,0xD,0x6},
140 {0x0,0xC,0x8,0x9,0xD,0x2,0xA,0xB,0x7,0x3,0x6,0x5,0x4,0xE,0xF,0x1},
141 {0x1,0x5,0xE,0xC,0xA,0x7,0x0,0xD,0x6,0x2,0xB,0x4,0x9,0x3,0xF,0x8},
142 {0x1,0xC,0xB,0x0,0xF,0xE,0x6,0x5,0xA,0xD,0x4,0x8,0x9,0x3,0x7,0x2},
143 {0xB,0x6,0x3,0x4,0xC,0xF,0xE,0x2,0x7,0xD,0x8,0x0,0x5,0xA,0x9,0x1},
144 {0xF,0xC,0x2,0xA,0x6,0x4,0x5,0x0,0x7,0x9,0xE,0xD,0x1,0xB,0x8,0x3}
145};
146
147static const gost_subst_block Gost28147_TC26ParamSetZ = {
148 {0x1,0x7,0xe,0xd,0x0,0x5,0x8,0x3,0x4,0xf,0xa,0x6,0x9,0xc,0xb,0x2},
149 {0x8,0xe,0x2,0x5,0x6,0x9,0x1,0xc,0xf,0x4,0xb,0x0,0xd,0xa,0x3,0x7},
150 {0x5,0xd,0xf,0x6,0x9,0x2,0xc,0xa,0xb,0x7,0x8,0x1,0x4,0x3,0xe,0x0},
151 {0x7,0xf,0x5,0xa,0x8,0x1,0x6,0xd,0x0,0x9,0x3,0xe,0xb,0x4,0x2,0xc},
152 {0xc,0x8,0x2,0x1,0xd,0x4,0xf,0x6,0x7,0x0,0xa,0x5,0x3,0xe,0x9,0xb},
153 {0xb,0x3,0x5,0x8,0x2,0xf,0xa,0xd,0xe,0x1,0x7,0x4,0xc,0x9,0x6,0x0},
154 {0x6,0x8,0x2,0x3,0x9,0xa,0x5,0xc,0x1,0xe,0x4,0x7,0xb,0xd,0x0,0xf},
155 {0xc,0x4,0x6,0x2,0xa,0x5,0xb,0x9,0xe,0x8,0xd,0x7,0x0,0x3,0xf,0x1}
156};
157
158static const unsigned char CryptoProKeyMeshingKey[] = {
159 0x69, 0x00, 0x72, 0x22, 0x64, 0xC9, 0x04, 0x23,
160 0x8D, 0x3A, 0xDB, 0x96, 0x46, 0xE9, 0x2A, 0xC4,
161 0x18, 0xFE, 0xAC, 0x94, 0x00, 0xED, 0x07, 0x12,
162 0xC0, 0x86, 0xDC, 0xC2, 0xEF, 0x4C, 0xA9, 0x2B
163};
164
165static const struct gost89_parameters_info {
166 int nid;
167 const gost_subst_block *sblock;
168 int key_meshing;
169} gost_cipher_list[] =
170{
171 {NID_id_Gost28147_89_CryptoPro_A_ParamSet,&Gost28147_CryptoProParamSetA,1},
172 {NID_id_Gost28147_89_CryptoPro_B_ParamSet,&Gost28147_CryptoProParamSetB,1},
173 {NID_id_Gost28147_89_CryptoPro_C_ParamSet,&Gost28147_CryptoProParamSetC,1},
174 {NID_id_Gost28147_89_CryptoPro_D_ParamSet,&Gost28147_CryptoProParamSetD,1},
175 {NID_id_tc26_gost_28147_param_Z,&Gost28147_TC26ParamSetZ,1},
176 {NID_id_Gost28147_89_TestParamSet,&Gost28147_TestParamSet,0},
177 {NID_id_GostR3411_94_TestParamSet,&GostR3411_94_TestParamSet,0},
178 {NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0},
179 {NID_undef,NULL,0}
180};
181
182int
183Gost2814789_set_sbox(GOST2814789_KEY *key, int nid)
184{
185 int i;
186 const gost_subst_block *b = NULL;
187 unsigned int t;
188
189 for (i = 0; gost_cipher_list[i].nid != NID_undef; i++) {
190 if (gost_cipher_list[i].nid != nid)
191 continue;
192
193 b = gost_cipher_list[i].sblock;
194 key->key_meshing = gost_cipher_list[i].key_meshing;
195 break;
196 }
197
198 if (b == NULL)
199 return 0;
200
201 for (i = 0; i < 256; i++) {
202 t = (unsigned int)(b->k8[i >> 4] <<4 | b->k7 [i & 15]) << 24;
203 key->k87[i] = (t << 11) | (t >> 21);
204 t = (unsigned int)(b->k6[i >> 4] <<4 | b->k5 [i & 15]) << 16;
205 key->k65[i] = (t << 11) | (t >> 21);
206 t = (unsigned int)(b->k4[i >> 4] <<4 | b->k3 [i & 15]) << 8;
207 key->k43[i] = (t << 11) | (t >> 21);
208 t = (unsigned int)(b->k2[i >> 4] <<4 | b->k1 [i & 15]) << 0;
209 key->k21[i] = (t << 11) | (t >> 21);
210 }
211
212 return 1;
213}
214
215int
216Gost2814789_set_key(GOST2814789_KEY *key, const unsigned char *userKey,
217 const int bits)
218{
219 int i;
220
221 if (bits != 256)
222 return 0;
223
224 for (i = 0; i < 8; i++)
225 c2l(userKey, key->key[i]);
226
227 key->count = 0;
228
229 return 1;
230}
231
232void
233Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key)
234{
235 unsigned char newkey[32];
236
237 Gost2814789_decrypt(CryptoProKeyMeshingKey + 0, newkey + 0, key);
238 Gost2814789_decrypt(CryptoProKeyMeshingKey + 8, newkey + 8, key);
239 Gost2814789_decrypt(CryptoProKeyMeshingKey + 16, newkey + 16, key);
240 Gost2814789_decrypt(CryptoProKeyMeshingKey + 24, newkey + 24, key);
241
242 Gost2814789_set_key(key, newkey, 256);
243}
244#endif
diff --git a/src/lib/libcrypto/gost/gost89imit_ameth.c b/src/lib/libcrypto/gost/gost89imit_ameth.c
deleted file mode 100644
index a2631d97f8..0000000000
--- a/src/lib/libcrypto/gost/gost89imit_ameth.c
+++ /dev/null
@@ -1,88 +0,0 @@
1/* $OpenBSD: gost89imit_ameth.c,v 1.2 2014/11/09 23:06:52 miod Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <openssl/opensslconf.h>
53
54#ifndef OPENSSL_NO_GOST
55#include <openssl/evp.h>
56
57#include "asn1_locl.h"
58
59static void
60mackey_free_gost(EVP_PKEY *pk)
61{
62 free(pk->pkey.ptr);
63}
64
65static int
66mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
67{
68 switch (op) {
69 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
70 *(int *)arg2 = NID_id_Gost28147_89_MAC;
71 return 2;
72 }
73 return -2;
74}
75
76const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth = {
77 .pkey_id = EVP_PKEY_GOSTIMIT,
78 .pkey_base_id = EVP_PKEY_GOSTIMIT,
79 .pkey_flags = ASN1_PKEY_SIGPARAM_NULL,
80
81 .pem_str = "GOST-MAC",
82 .info = "GOST 28147-89 MAC",
83
84 .pkey_free = mackey_free_gost,
85 .pkey_ctrl = mac_ctrl_gost,
86};
87
88#endif
diff --git a/src/lib/libcrypto/gost/gost89imit_pmeth.c b/src/lib/libcrypto/gost/gost89imit_pmeth.c
deleted file mode 100644
index 00eaf1decc..0000000000
--- a/src/lib/libcrypto/gost/gost89imit_pmeth.c
+++ /dev/null
@@ -1,252 +0,0 @@
1/* $OpenBSD: gost89imit_pmeth.c,v 1.3 2014/11/13 20:29:55 miod Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57#include <openssl/evp.h>
58#include <openssl/err.h>
59#include <openssl/gost.h>
60#include <openssl/x509v3.h> /* For string_to_hex */
61
62#include "evp_locl.h"
63#include "gost_locl.h"
64
65struct gost_mac_pmeth_data {
66 EVP_MD *md;
67 unsigned char key[32];
68 unsigned key_set :1;
69};
70
71static int
72pkey_gost_mac_init(EVP_PKEY_CTX *ctx)
73{
74 struct gost_mac_pmeth_data *data;
75
76 data = calloc(1, sizeof(struct gost_mac_pmeth_data));
77 if (data == NULL)
78 return 0;
79 EVP_PKEY_CTX_set_data(ctx, data);
80 return 1;
81}
82
83static void
84pkey_gost_mac_cleanup(EVP_PKEY_CTX *ctx)
85{
86 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
87 free(data);
88}
89
90static int
91pkey_gost_mac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
92{
93 struct gost_mac_pmeth_data *dst_data, *src_data;
94
95 if (pkey_gost_mac_init(dst) == 0)
96 return 0;
97
98 src_data = EVP_PKEY_CTX_get_data(src);
99 dst_data = EVP_PKEY_CTX_get_data(dst);
100
101 *dst_data = *src_data;
102
103 return 1;
104}
105
106static int
107pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
108{
109 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
110 unsigned char *keydata;
111
112 if (!data->key_set) {
113 GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN, GOST_R_MAC_KEY_NOT_SET);
114 return 0;
115 }
116
117 keydata = malloc(32);
118 if (keydata == NULL) {
119 GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN, ERR_R_MALLOC_FAILURE);
120 return 0;
121 }
122 memcpy(keydata, data->key, 32);
123 EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata);
124
125 return 1;
126}
127
128static int
129pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
130{
131 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
132
133 switch (type) {
134 case EVP_PKEY_CTRL_MD:
135 if (EVP_MD_type(p2) != NID_id_Gost28147_89_MAC) {
136 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
137 GOST_R_INVALID_DIGEST_TYPE);
138 return 0;
139 }
140 data->md = p2;
141 return 1;
142
143 case EVP_PKEY_CTRL_SET_MAC_KEY:
144 if (p1 != 32) {
145 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
146 GOST_R_INVALID_MAC_KEY_LENGTH);
147 return 0;
148 }
149
150 memcpy(data->key, p2, 32);
151 data->key_set = 1;
152 return 1;
153
154 case EVP_PKEY_CTRL_DIGESTINIT:
155 {
156 EVP_MD_CTX *mctx = p2;
157 void *key;
158
159 if (!data->key_set) {
160 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
161 if (pkey == NULL) {
162 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
163 GOST_R_MAC_KEY_NOT_SET);
164 return 0;
165 }
166 key = EVP_PKEY_get0(pkey);
167 if (key == NULL) {
168 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
169 GOST_R_MAC_KEY_NOT_SET);
170 return 0;
171 }
172 } else {
173 key = &(data->key);
174 }
175 if (mctx->digest->md_ctrl == NULL)
176 return 0;
177 return mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY, 32 * 8,
178 key);
179 }
180
181 }
182
183 return -2;
184}
185
186static int
187pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
188{
189 if (value == NULL)
190 return 0;
191 if (strcmp(type, "key") == 0) {
192 void *p = (void *)value;
193 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
194 strlen(value), p);
195 }
196 if (strcmp(type, "hexkey") == 0) {
197 unsigned char *key;
198 int r;
199 long keylen;
200
201 key = string_to_hex(value, &keylen);
202 if (key == NULL)
203 return 0;
204 r = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen,
205 key);
206 free(key);
207 return r;
208 }
209 return -2;
210}
211
212static int
213pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
214{
215 return 1;
216}
217
218static int
219pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
220 EVP_MD_CTX *mctx)
221{
222 /* for platforms where sizeof(int) != sizeof(size_t)*/
223 unsigned int tmpsiglen = *siglen;
224 int ret;
225
226 if (sig == NULL) {
227 *siglen = 4;
228 return 1;
229 }
230
231 ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen);
232 *siglen = tmpsiglen;
233 return ret;
234}
235
236const EVP_PKEY_METHOD gostimit_pkey_meth = {
237 .pkey_id = EVP_PKEY_GOSTIMIT,
238
239 .init = pkey_gost_mac_init,
240 .cleanup = pkey_gost_mac_cleanup,
241 .copy = pkey_gost_mac_copy,
242
243 .keygen = pkey_gost_mac_keygen,
244
245 .signctx_init = pkey_gost_mac_signctx_init,
246 .signctx = pkey_gost_mac_signctx,
247
248 .ctrl = pkey_gost_mac_ctrl,
249 .ctrl_str = pkey_gost_mac_ctrl_str,
250};
251
252#endif
diff --git a/src/lib/libcrypto/gost/gost_asn1.c b/src/lib/libcrypto/gost/gost_asn1.c
deleted file mode 100644
index 2652162777..0000000000
--- a/src/lib/libcrypto/gost/gost_asn1.c
+++ /dev/null
@@ -1,295 +0,0 @@
1/**********************************************************************
2 * gost_keytrans.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * ASN1 structure definition for GOST key transport *
7 * Requires OpenSSL 0.9.9 for compilation *
8 **********************************************************************/
9
10#include <openssl/opensslconf.h>
11
12#ifndef OPENSSL_NO_GOST
13#include <openssl/asn1t.h>
14#include <openssl/x509.h>
15#include <openssl/gost.h>
16
17#include "gost_locl.h"
18#include "gost_asn1.h"
19
20static const ASN1_TEMPLATE GOST_KEY_TRANSPORT_seq_tt[] = {
21 {
22 .flags = 0,
23 .tag = 0,
24 .offset = offsetof(GOST_KEY_TRANSPORT, key_info),
25 .field_name = "key_info",
26 .item = &GOST_KEY_INFO_it,
27 },
28 {
29 .flags = ASN1_TFLG_IMPLICIT,
30 .tag = 0,
31 .offset = offsetof(GOST_KEY_TRANSPORT, key_agreement_info),
32 .field_name = "key_agreement_info",
33 .item = &GOST_KEY_AGREEMENT_INFO_it,
34 },
35};
36
37const ASN1_ITEM GOST_KEY_TRANSPORT_it = {
38 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
39 .utype = V_ASN1_SEQUENCE,
40 .templates = GOST_KEY_TRANSPORT_seq_tt,
41 .tcount = sizeof(GOST_KEY_TRANSPORT_seq_tt) / sizeof(ASN1_TEMPLATE),
42 .funcs = NULL,
43 .size = sizeof(GOST_KEY_TRANSPORT),
44 .sname = "GOST_KEY_TRANSPORT",
45};
46
47GOST_KEY_TRANSPORT *
48d2i_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT **a, const unsigned char **in, long len)
49{
50 return (GOST_KEY_TRANSPORT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
51 &GOST_KEY_TRANSPORT_it);
52}
53
54int
55i2d_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT *a, unsigned char **out)
56{
57 return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_TRANSPORT_it);
58}
59
60GOST_KEY_TRANSPORT *
61GOST_KEY_TRANSPORT_new(void)
62{
63 return (GOST_KEY_TRANSPORT *)ASN1_item_new(&GOST_KEY_TRANSPORT_it);
64}
65
66void
67GOST_KEY_TRANSPORT_free(GOST_KEY_TRANSPORT *a)
68{
69 ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_TRANSPORT_it);
70}
71
72static const ASN1_TEMPLATE GOST_KEY_INFO_seq_tt[] = {
73 {
74 .flags = 0,
75 .tag = 0,
76 .offset = offsetof(GOST_KEY_INFO, encrypted_key),
77 .field_name = "encrypted_key",
78 .item = &ASN1_OCTET_STRING_it,
79 },
80 {
81 .flags = 0,
82 .tag = 0,
83 .offset = offsetof(GOST_KEY_INFO, imit),
84 .field_name = "imit",
85 .item = &ASN1_OCTET_STRING_it,
86 },
87};
88
89const ASN1_ITEM GOST_KEY_INFO_it = {
90 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
91 .utype = V_ASN1_SEQUENCE,
92 .templates = GOST_KEY_INFO_seq_tt,
93 .tcount = sizeof(GOST_KEY_INFO_seq_tt) / sizeof(ASN1_TEMPLATE),
94 .funcs = NULL,
95 .size = sizeof(GOST_KEY_INFO),
96 .sname = "GOST_KEY_INFO",
97};
98
99GOST_KEY_INFO *
100d2i_GOST_KEY_INFO(GOST_KEY_INFO **a, const unsigned char **in, long len)
101{
102 return (GOST_KEY_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
103 &GOST_KEY_INFO_it);
104}
105
106int
107i2d_GOST_KEY_INFO(GOST_KEY_INFO *a, unsigned char **out)
108{
109 return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_INFO_it);
110}
111
112GOST_KEY_INFO *
113GOST_KEY_INFO_new(void)
114{
115 return (GOST_KEY_INFO *)ASN1_item_new(&GOST_KEY_INFO_it);
116}
117
118void
119GOST_KEY_INFO_free(GOST_KEY_INFO *a)
120{
121 ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_INFO_it);
122}
123
124static const ASN1_TEMPLATE GOST_KEY_AGREEMENT_INFO_seq_tt[] = {
125 {
126 .flags = 0,
127 .tag = 0,
128 .offset = offsetof(GOST_KEY_AGREEMENT_INFO, cipher),
129 .field_name = "cipher",
130 .item = &ASN1_OBJECT_it,
131 },
132 {
133 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
134 .tag = 0,
135 .offset = offsetof(GOST_KEY_AGREEMENT_INFO, ephem_key),
136 .field_name = "ephem_key",
137 .item = &X509_PUBKEY_it,
138 },
139 {
140 .flags = 0,
141 .tag = 0,
142 .offset = offsetof(GOST_KEY_AGREEMENT_INFO, eph_iv),
143 .field_name = "eph_iv",
144 .item = &ASN1_OCTET_STRING_it,
145 },
146};
147
148const ASN1_ITEM GOST_KEY_AGREEMENT_INFO_it = {
149 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
150 .utype = V_ASN1_SEQUENCE,
151 .templates = GOST_KEY_AGREEMENT_INFO_seq_tt,
152 .tcount = sizeof(GOST_KEY_AGREEMENT_INFO_seq_tt) / sizeof(ASN1_TEMPLATE),
153 .funcs = NULL,
154 .size = sizeof(GOST_KEY_AGREEMENT_INFO),
155 .sname = "GOST_KEY_AGREEMENT_INFO",
156};
157
158GOST_KEY_AGREEMENT_INFO *
159d2i_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO **a, const unsigned char **in, long len)
160{
161 return (GOST_KEY_AGREEMENT_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
162 &GOST_KEY_AGREEMENT_INFO_it);
163}
164
165int
166i2d_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO *a, unsigned char **out)
167{
168 return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_AGREEMENT_INFO_it);
169}
170
171GOST_KEY_AGREEMENT_INFO *
172GOST_KEY_AGREEMENT_INFO_new(void)
173{
174 return (GOST_KEY_AGREEMENT_INFO *)ASN1_item_new(&GOST_KEY_AGREEMENT_INFO_it);
175}
176
177void
178GOST_KEY_AGREEMENT_INFO_free(GOST_KEY_AGREEMENT_INFO *a)
179{
180 ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_AGREEMENT_INFO_it);
181}
182
183
184static const ASN1_TEMPLATE GOST_KEY_PARAMS_seq_tt[] = {
185 {
186 .flags = 0,
187 .tag = 0,
188 .offset = offsetof(GOST_KEY_PARAMS, key_params),
189 .field_name = "key_params",
190 .item = &ASN1_OBJECT_it,
191 },
192 {
193 .flags = 0,
194 .tag = 0,
195 .offset = offsetof(GOST_KEY_PARAMS, hash_params),
196 .field_name = "hash_params",
197 .item = &ASN1_OBJECT_it,
198 },
199 {
200 .flags = ASN1_TFLG_OPTIONAL,
201 .tag = 0,
202 .offset = offsetof(GOST_KEY_PARAMS, cipher_params),
203 .field_name = "cipher_params",
204 .item = &ASN1_OBJECT_it,
205 },
206};
207
208const ASN1_ITEM GOST_KEY_PARAMS_it = {
209 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
210 .utype = V_ASN1_SEQUENCE,
211 .templates = GOST_KEY_PARAMS_seq_tt,
212 .tcount = sizeof(GOST_KEY_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE),
213 .funcs = NULL,
214 .size = sizeof(GOST_KEY_PARAMS),
215 .sname = "GOST_KEY_PARAMS",
216};
217
218GOST_KEY_PARAMS *
219d2i_GOST_KEY_PARAMS(GOST_KEY_PARAMS **a, const unsigned char **in, long len)
220{
221 return (GOST_KEY_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
222 &GOST_KEY_PARAMS_it);
223}
224
225int
226i2d_GOST_KEY_PARAMS(GOST_KEY_PARAMS *a, unsigned char **out)
227{
228 return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_PARAMS_it);
229}
230
231GOST_KEY_PARAMS *
232GOST_KEY_PARAMS_new(void)
233{
234 return (GOST_KEY_PARAMS *)ASN1_item_new(&GOST_KEY_PARAMS_it);
235}
236
237void
238GOST_KEY_PARAMS_free(GOST_KEY_PARAMS *a)
239{
240 ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_PARAMS_it);
241}
242
243static const ASN1_TEMPLATE GOST_CIPHER_PARAMS_seq_tt[] = {
244 {
245 .flags = 0,
246 .tag = 0,
247 .offset = offsetof(GOST_CIPHER_PARAMS, iv),
248 .field_name = "iv",
249 .item = &ASN1_OCTET_STRING_it,
250 },
251 {
252 .flags = 0,
253 .tag = 0,
254 .offset = offsetof(GOST_CIPHER_PARAMS, enc_param_set),
255 .field_name = "enc_param_set",
256 .item = &ASN1_OBJECT_it,
257 },
258};
259
260const ASN1_ITEM GOST_CIPHER_PARAMS_it = {
261 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
262 .utype = V_ASN1_SEQUENCE,
263 .templates = GOST_CIPHER_PARAMS_seq_tt,
264 .tcount = sizeof(GOST_CIPHER_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE),
265 .funcs = NULL,
266 .size = sizeof(GOST_CIPHER_PARAMS),
267 .sname = "GOST_CIPHER_PARAMS",
268};
269
270GOST_CIPHER_PARAMS *
271d2i_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS **a, const unsigned char **in, long len)
272{
273 return (GOST_CIPHER_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
274 &GOST_CIPHER_PARAMS_it);
275}
276
277int
278i2d_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS *a, unsigned char **out)
279{
280 return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_CIPHER_PARAMS_it);
281}
282
283GOST_CIPHER_PARAMS *
284GOST_CIPHER_PARAMS_new(void)
285{
286 return (GOST_CIPHER_PARAMS *)ASN1_item_new(&GOST_CIPHER_PARAMS_it);
287}
288
289void
290GOST_CIPHER_PARAMS_free(GOST_CIPHER_PARAMS *a)
291{
292 ASN1_item_free((ASN1_VALUE *)a, &GOST_CIPHER_PARAMS_it);
293}
294
295#endif
diff --git a/src/lib/libcrypto/gost/gost_asn1.h b/src/lib/libcrypto/gost/gost_asn1.h
deleted file mode 100644
index 62719c70cd..0000000000
--- a/src/lib/libcrypto/gost/gost_asn1.h
+++ /dev/null
@@ -1,87 +0,0 @@
1/* $OpenBSD: gost_asn1.h,v 1.1 2014/11/09 19:17:13 miod Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#ifndef HEADER_GOST_ASN1_H
53#define HEADER_GOST_ASN1_H
54
55#include <openssl/asn1.h>
56
57typedef struct {
58 ASN1_OCTET_STRING *encrypted_key;
59 ASN1_OCTET_STRING *imit;
60} GOST_KEY_INFO;
61
62DECLARE_ASN1_FUNCTIONS(GOST_KEY_INFO)
63
64typedef struct {
65 ASN1_OBJECT *cipher;
66 X509_PUBKEY *ephem_key;
67 ASN1_OCTET_STRING *eph_iv;
68} GOST_KEY_AGREEMENT_INFO;
69
70DECLARE_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO)
71
72typedef struct {
73 GOST_KEY_INFO *key_info;
74 GOST_KEY_AGREEMENT_INFO *key_agreement_info;
75} GOST_KEY_TRANSPORT;
76
77DECLARE_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT)
78
79typedef struct {
80 ASN1_OBJECT *key_params;
81 ASN1_OBJECT *hash_params;
82 ASN1_OBJECT *cipher_params;
83} GOST_KEY_PARAMS;
84
85DECLARE_ASN1_FUNCTIONS(GOST_KEY_PARAMS)
86
87#endif
diff --git a/src/lib/libcrypto/gost/gost_err.c b/src/lib/libcrypto/gost/gost_err.c
deleted file mode 100644
index b4e061f985..0000000000
--- a/src/lib/libcrypto/gost/gost_err.c
+++ /dev/null
@@ -1,142 +0,0 @@
1/* crypto/gost/gost_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/gost.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_GOST,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_GOST,0,reason)
70
71static ERR_STRING_DATA GOST_str_functs[]=
72 {
73{ERR_FUNC(GOST_F_DECODE_GOST01_ALGOR_PARAMS), "DECODE_GOST01_ALGOR_PARAMS"},
74{ERR_FUNC(GOST_F_ENCODE_GOST01_ALGOR_PARAMS), "ENCODE_GOST01_ALGOR_PARAMS"},
75{ERR_FUNC(GOST_F_GOST2001_COMPUTE_PUBLIC), "GOST2001_COMPUTE_PUBLIC"},
76{ERR_FUNC(GOST_F_GOST2001_DO_SIGN), "GOST2001_DO_SIGN"},
77{ERR_FUNC(GOST_F_GOST2001_DO_VERIFY), "GOST2001_DO_VERIFY"},
78{ERR_FUNC(GOST_F_GOST2001_KEYGEN), "GOST2001_KEYGEN"},
79{ERR_FUNC(GOST_F_GOST89_GET_ASN1_PARAMETERS), "GOST89_GET_ASN1_PARAMETERS"},
80{ERR_FUNC(GOST_F_GOST89_SET_ASN1_PARAMETERS), "GOST89_SET_ASN1_PARAMETERS"},
81{ERR_FUNC(GOST_F_GOST_KEY_CHECK_KEY), "GOST_KEY_check_key"},
82{ERR_FUNC(GOST_F_GOST_KEY_NEW), "GOST_KEY_new"},
83{ERR_FUNC(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES), "GOST_KEY_set_public_key_affine_coordinates"},
84{ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"},
85{ERR_FUNC(GOST_F_PARAM_DECODE_GOST01), "PARAM_DECODE_GOST01"},
86{ERR_FUNC(GOST_F_PKEY_GOST01_CTRL), "PKEY_GOST01_CTRL"},
87{ERR_FUNC(GOST_F_PKEY_GOST01_DECRYPT), "PKEY_GOST01_DECRYPT"},
88{ERR_FUNC(GOST_F_PKEY_GOST01_DERIVE), "PKEY_GOST01_DERIVE"},
89{ERR_FUNC(GOST_F_PKEY_GOST01_ENCRYPT), "PKEY_GOST01_ENCRYPT"},
90{ERR_FUNC(GOST_F_PKEY_GOST01_PARAMGEN), "PKEY_GOST01_PARAMGEN"},
91{ERR_FUNC(GOST_F_PKEY_GOST01_SIGN), "PKEY_GOST01_SIGN"},
92{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL), "PKEY_GOST_MAC_CTRL"},
93{ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN), "PKEY_GOST_MAC_KEYGEN"},
94{ERR_FUNC(GOST_F_PRIV_DECODE_GOST01), "PRIV_DECODE_GOST01"},
95{ERR_FUNC(GOST_F_PUB_DECODE_GOST01), "PUB_DECODE_GOST01"},
96{ERR_FUNC(GOST_F_PUB_ENCODE_GOST01), "PUB_ENCODE_GOST01"},
97{ERR_FUNC(GOST_F_PUB_PRINT_GOST01), "PUB_PRINT_GOST01"},
98{ERR_FUNC(GOST_F_UNPACK_SIGNATURE_CP), "UNPACK_SIGNATURE_CP"},
99{ERR_FUNC(GOST_F_UNPACK_SIGNATURE_LE), "UNPACK_SIGNATURE_LE"},
100{0,NULL}
101 };
102
103static ERR_STRING_DATA GOST_str_reasons[]=
104 {
105{ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT),"bad key parameters format"},
106{ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"},
107{ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"},
108{ERR_REASON(GOST_R_CTRL_CALL_FAILED) ,"ctrl call failed"},
109{ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),"error computing shared key"},
110{ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),"error parsing key transport info"},
111{ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS),"incompatible algorithms"},
112{ERR_REASON(GOST_R_INCOMPATIBLE_PEER_KEY),"incompatible peer key"},
113{ERR_REASON(GOST_R_INVALID_DIGEST_TYPE) ,"invalid digest type"},
114{ERR_REASON(GOST_R_INVALID_IV_LENGTH) ,"invalid iv length"},
115{ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH),"invalid mac key length"},
116{ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED),"key is not initialized"},
117{ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING),"key parameters missing"},
118{ERR_REASON(GOST_R_MAC_KEY_NOT_SET) ,"mac key not set"},
119{ERR_REASON(GOST_R_NO_PARAMETERS_SET) ,"no parameters set"},
120{ERR_REASON(GOST_R_NO_PEER_KEY) ,"no peer key"},
121{ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),"no private part of non ephemeral keypair"},
122{ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED) ,"public key undefined"},
123{ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),"random number generator failed"},
124{ERR_REASON(GOST_R_SIGNATURE_MISMATCH) ,"signature mismatch"},
125{ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),"signature parts greater than q"},
126{ERR_REASON(GOST_R_UKM_NOT_SET) ,"ukm not set"},
127{0,NULL}
128 };
129
130#endif
131
132void ERR_load_GOST_strings(void)
133 {
134#ifndef OPENSSL_NO_ERR
135
136 if (ERR_func_error_string(GOST_str_functs[0].error) == NULL)
137 {
138 ERR_load_strings(0,GOST_str_functs);
139 ERR_load_strings(0,GOST_str_reasons);
140 }
141#endif
142 }
diff --git a/src/lib/libcrypto/gost/gost_locl.h b/src/lib/libcrypto/gost/gost_locl.h
deleted file mode 100644
index 9036f59771..0000000000
--- a/src/lib/libcrypto/gost/gost_locl.h
+++ /dev/null
@@ -1,113 +0,0 @@
1/* $OpenBSD: gost_locl.h,v 1.3 2014/11/13 20:29:55 miod Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#ifndef HEADER_GOST_LOCL_H
53#define HEADER_GOST_LOCL_H
54
55#include <openssl/ec.h>
56#include <openssl/ecdsa.h>
57
58/* Internal representation of GOST substitution blocks */
59typedef struct {
60 unsigned char k8[16];
61 unsigned char k7[16];
62 unsigned char k6[16];
63 unsigned char k5[16];
64 unsigned char k4[16];
65 unsigned char k3[16];
66 unsigned char k2[16];
67 unsigned char k1[16];
68} gost_subst_block;
69
70#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
71# define c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4)
72# define l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4)
73#else
74#define c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
75 l|=(((unsigned long)(*((c)++)))<< 8), \
76 l|=(((unsigned long)(*((c)++)))<<16), \
77 l|=(((unsigned long)(*((c)++)))<<24))
78#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
79 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
80 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
81 *((c)++)=(unsigned char)(((l)>>24)&0xff))
82#endif
83
84extern void Gost2814789_encrypt(const unsigned char *in, unsigned char *out,
85 const GOST2814789_KEY *key);
86extern void Gost2814789_decrypt(const unsigned char *in, unsigned char *out,
87 const GOST2814789_KEY *key);
88extern void Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key);
89
90/* GOST 28147-89 key wrapping */
91extern int gost_key_unwrap_crypto_pro(int nid,
92 const unsigned char *keyExchangeKey, const unsigned char *wrappedKey,
93 unsigned char *sessionKey);
94extern int gost_key_wrap_crypto_pro(int nid,
95 const unsigned char *keyExchangeKey, const unsigned char *ukm,
96 const unsigned char *sessionKey, unsigned char *wrappedKey);
97/* Pkey part */
98extern int gost2001_compute_public(GOST_KEY *ec);
99extern ECDSA_SIG *gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey);
100extern int gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec);
101extern int gost2001_keygen(GOST_KEY *ec);
102extern int VKO_compute_key(BIGNUM *X, BIGNUM *Y, const GOST_KEY *pkey,
103 GOST_KEY *priv_key, const BIGNUM *ukm);
104extern BIGNUM *GOST_le2bn(const unsigned char *buf, size_t len, BIGNUM *bn);
105extern int GOST_bn2le(BIGNUM *bn, unsigned char *buf, int len);
106
107/* GOST R 34.10 parameters */
108extern int GostR3410_get_md_digest(int nid);
109extern int GostR3410_get_pk_digest(int nid);
110extern int GostR3410_256_param_id(const char *value);
111extern int GostR3410_512_param_id(const char *value);
112
113#endif
diff --git a/src/lib/libcrypto/gost/gostr341001.c b/src/lib/libcrypto/gost/gostr341001.c
deleted file mode 100644
index c6221e4a01..0000000000
--- a/src/lib/libcrypto/gost/gostr341001.c
+++ /dev/null
@@ -1,401 +0,0 @@
1/* $OpenBSD: gostr341001.c,v 1.4 2015/02/14 06:40:04 jsing Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57#include <openssl/bn.h>
58#include <openssl/err.h>
59#include <openssl/gost.h>
60#include "gost_locl.h"
61
62/* Convert little-endian byte array into bignum */
63BIGNUM *
64GOST_le2bn(const unsigned char *buf, size_t len, BIGNUM *bn)
65{
66 unsigned char temp[64];
67 int i;
68
69 if (len > 64)
70 return NULL;
71
72 for (i = 0; i < len; i++) {
73 temp[len - 1 - i] = buf[i];
74 }
75
76 return BN_bin2bn(temp, len, bn);
77}
78
79int
80GOST_bn2le(BIGNUM *bn, unsigned char *buf, int len)
81{
82 unsigned char temp[64];
83 int i, bytes;
84
85 bytes = BN_num_bytes(bn);
86 if (len > 64 || bytes > len)
87 return 0;
88
89 BN_bn2bin(bn, temp);
90
91 for (i = 0; i < bytes; i++) {
92 buf[bytes - 1 - i] = temp[i];
93 }
94
95 memset(buf + bytes, 0, len - bytes);
96
97 return 1;
98}
99
100int
101gost2001_compute_public(GOST_KEY *ec)
102{
103 const EC_GROUP *group = GOST_KEY_get0_group(ec);
104 EC_POINT *pub_key = NULL;
105 const BIGNUM *priv_key = NULL;
106 BN_CTX *ctx = NULL;
107 int ok = 0;
108
109 if (group == NULL) {
110 GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,
111 GOST_R_KEY_IS_NOT_INITIALIZED);
112 return 0;
113 }
114 ctx = BN_CTX_new();
115 if (ctx == NULL) {
116 GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,
117 ERR_R_MALLOC_FAILURE);
118 return 0;
119 }
120 BN_CTX_start(ctx);
121 if ((priv_key = GOST_KEY_get0_private_key(ec)) == NULL)
122 goto err;
123
124 pub_key = EC_POINT_new(group);
125 if (pub_key == NULL)
126 goto err;
127 if (EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx) == 0)
128 goto err;
129 if (GOST_KEY_set_public_key(ec, pub_key) == 0)
130 goto err;
131 ok = 1;
132
133 if (ok == 0) {
134err:
135 GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
136 }
137 EC_POINT_free(pub_key);
138 if (ctx != NULL) {
139 BN_CTX_end(ctx);
140 BN_CTX_free(ctx);
141 }
142 return ok;
143}
144
145ECDSA_SIG *
146gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey)
147{
148 ECDSA_SIG *newsig = NULL;
149 BIGNUM *order = NULL;
150 const EC_GROUP *group;
151 const BIGNUM *priv_key;
152 BIGNUM *r = NULL, *s = NULL, *X = NULL, *tmp = NULL, *tmp2 = NULL, *k =
153 NULL, *e = NULL;
154 EC_POINT *C = NULL;
155 BN_CTX *ctx = BN_CTX_new();
156 int ok = 0;
157
158 if (ctx == NULL) {
159 GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
160 return NULL;
161 }
162 BN_CTX_start(ctx);
163 newsig = ECDSA_SIG_new();
164 if (newsig == NULL) {
165 GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
166 goto err;
167 }
168 s = newsig->s;
169 r = newsig->r;
170 group = GOST_KEY_get0_group(eckey);
171 if ((order = BN_CTX_get(ctx)) == NULL)
172 goto err;
173 if (EC_GROUP_get_order(group, order, ctx) == 0)
174 goto err;
175 priv_key = GOST_KEY_get0_private_key(eckey);
176 if ((e = BN_CTX_get(ctx)) == NULL)
177 goto err;
178 if (BN_mod(e, md, order, ctx) == 0)
179 goto err;
180 if (BN_is_zero(e))
181 BN_one(e);
182 if ((k = BN_CTX_get(ctx)) == NULL)
183 goto err;
184 if ((X = BN_CTX_get(ctx)) == NULL)
185 goto err;
186 if ((C = EC_POINT_new(group)) == NULL)
187 goto err;
188 do {
189 do {
190 if (!BN_rand_range(k, order)) {
191 GOSTerr(GOST_F_GOST2001_DO_SIGN,
192 GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
193 goto err;
194 }
195 /*
196 * We do not want timing information to leak the length
197 * of k, so we compute G*k using an equivalent scalar
198 * of fixed bit-length.
199 */
200 if (BN_add(k, k, order) == 0)
201 goto err;
202 if (BN_num_bits(k) <= BN_num_bits(order))
203 if (BN_add(k, k, order) == 0)
204 goto err;
205
206 if (EC_POINT_mul(group, C, k, NULL, NULL, ctx) == 0) {
207 GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
208 goto err;
209 }
210 if (EC_POINT_get_affine_coordinates_GFp(group, C, X,
211 NULL, ctx) == 0) {
212 GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
213 goto err;
214 }
215 if (BN_nnmod(r, X, order, ctx) == 0)
216 goto err;
217 } while (BN_is_zero(r));
218 /* s = (r*priv_key+k*e) mod order */
219 if (tmp == NULL) {
220 if ((tmp = BN_CTX_get(ctx)) == NULL)
221 goto err;
222 }
223 if (BN_mod_mul(tmp, priv_key, r, order, ctx) == 0)
224 goto err;
225 if (tmp2 == NULL) {
226 if ((tmp2 = BN_CTX_get(ctx)) == NULL)
227 goto err;
228 }
229 if (BN_mod_mul(tmp2, k, e, order, ctx) == 0)
230 goto err;
231 if (BN_mod_add(s, tmp, tmp2, order, ctx) == 0)
232 goto err;
233 } while (BN_is_zero(s));
234 ok = 1;
235
236err:
237 EC_POINT_free(C);
238 if (ctx != NULL) {
239 BN_CTX_end(ctx);
240 BN_CTX_free(ctx);
241 }
242 if (ok == 0) {
243 ECDSA_SIG_free(newsig);
244 newsig = NULL;
245 }
246 return newsig;
247}
248
249int
250gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec)
251{
252 BN_CTX *ctx = BN_CTX_new();
253 const EC_GROUP *group = GOST_KEY_get0_group(ec);
254 BIGNUM *order;
255 BIGNUM *e = NULL, *R = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
256 BIGNUM *X = NULL, *tmp = NULL;
257 EC_POINT *C = NULL;
258 const EC_POINT *pub_key = NULL;
259 int ok = 0;
260
261 if (ctx == NULL)
262 goto err;
263 BN_CTX_start(ctx);
264 if ((order = BN_CTX_get(ctx)) == NULL)
265 goto err;
266 if ((e = BN_CTX_get(ctx)) == NULL)
267 goto err;
268 if ((z1 = BN_CTX_get(ctx)) == NULL)
269 goto err;
270 if ((z2 = BN_CTX_get(ctx)) == NULL)
271 goto err;
272 if ((tmp = BN_CTX_get(ctx)) == NULL)
273 goto err;
274 if ((X = BN_CTX_get(ctx)) == NULL)
275 goto err;
276 if ((R = BN_CTX_get(ctx)) == NULL)
277 goto err;
278 if ((v = BN_CTX_get(ctx)) == NULL)
279 goto err;
280
281 if (EC_GROUP_get_order(group, order, ctx) == 0)
282 goto err;
283 pub_key = GOST_KEY_get0_public_key(ec);
284 if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||
285 BN_cmp(sig->s, order) >= 1 || BN_cmp(sig->r, order) >= 1) {
286 GOSTerr(GOST_F_GOST2001_DO_VERIFY,
287 GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
288 goto err;
289 }
290
291 if (BN_mod(e, md, order, ctx) == 0)
292 goto err;
293 if (BN_is_zero(e))
294 BN_one(e);
295 if ((v = BN_mod_inverse(v, e, order, ctx)) == NULL)
296 goto err;
297 if (BN_mod_mul(z1, sig->s, v, order, ctx) == 0)
298 goto err;
299 if (BN_sub(tmp, order, sig->r) == 0)
300 goto err;
301 if (BN_mod_mul(z2, tmp, v, order, ctx) == 0)
302 goto err;
303 if ((C = EC_POINT_new(group)) == NULL)
304 goto err;
305 if (EC_POINT_mul(group, C, z1, pub_key, z2, ctx) == 0) {
306 GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
307 goto err;
308 }
309 if (EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx) == 0) {
310 GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
311 goto err;
312 }
313 if (BN_mod(R, X, order, ctx) == 0)
314 goto err;
315 if (BN_cmp(R, sig->r) != 0) {
316 GOSTerr(GOST_F_GOST2001_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
317 } else {
318 ok = 1;
319 }
320err:
321 EC_POINT_free(C);
322 if (ctx != NULL) {
323 BN_CTX_end(ctx);
324 BN_CTX_free(ctx);
325 }
326 return ok;
327}
328
329/* Implementation of CryptoPro VKO 34.10-2001 algorithm */
330int
331VKO_compute_key(BIGNUM *X, BIGNUM *Y, const GOST_KEY *pkey, GOST_KEY *priv_key,
332 const BIGNUM *ukm)
333{
334 BIGNUM *p = NULL, *order = NULL;
335 const BIGNUM *key = GOST_KEY_get0_private_key(priv_key);
336 const EC_GROUP *group = GOST_KEY_get0_group(priv_key);
337 const EC_POINT *pub_key = GOST_KEY_get0_public_key(pkey);
338 EC_POINT *pnt;
339 BN_CTX *ctx = NULL;
340 int ok = 0;
341
342 pnt = EC_POINT_new(group);
343 if (pnt == NULL)
344 goto err;
345 ctx = BN_CTX_new();
346 if (ctx == NULL)
347 goto err;
348 BN_CTX_start(ctx);
349 if ((p = BN_CTX_get(ctx)) == NULL)
350 goto err;
351 if ((order = BN_CTX_get(ctx)) == NULL)
352 goto err;
353 if (EC_GROUP_get_order(group, order, ctx) == 0)
354 goto err;
355 if (BN_mod_mul(p, key, ukm, order, ctx) == 0)
356 goto err;
357 if (EC_POINT_mul(group, pnt, NULL, pub_key, p, ctx) == 0)
358 goto err;
359 if (EC_POINT_get_affine_coordinates_GFp(group, pnt, X, Y, ctx) == 0)
360 goto err;
361 ok = 1;
362
363err:
364 if (ctx != NULL) {
365 BN_CTX_end(ctx);
366 BN_CTX_free(ctx);
367 }
368 EC_POINT_free(pnt);
369 return ok;
370}
371
372int
373gost2001_keygen(GOST_KEY *ec)
374{
375 BIGNUM *order = BN_new(), *d = BN_new();
376 const EC_GROUP *group = GOST_KEY_get0_group(ec);
377 int rc = 0;
378
379 if (order == NULL || d == NULL)
380 goto err;
381 if (EC_GROUP_get_order(group, order, NULL) == 0)
382 goto err;
383
384 do {
385 if (BN_rand_range(d, order) == 0) {
386 GOSTerr(GOST_F_GOST2001_KEYGEN,
387 GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
388 goto err;
389 }
390 } while (BN_is_zero(d));
391
392 if (GOST_KEY_set_private_key(ec, d) == 0)
393 goto err;
394 rc = gost2001_compute_public(ec);
395
396err:
397 BN_free(d);
398 BN_free(order);
399 return rc;
400}
401#endif
diff --git a/src/lib/libcrypto/gost/gostr341001_ameth.c b/src/lib/libcrypto/gost/gostr341001_ameth.c
deleted file mode 100644
index 3153d2f2eb..0000000000
--- a/src/lib/libcrypto/gost/gostr341001_ameth.c
+++ /dev/null
@@ -1,737 +0,0 @@
1/* $OpenBSD: gostr341001_ameth.c,v 1.9 2015/02/14 06:40:04 jsing Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57#include <openssl/bn.h>
58#include <openssl/evp.h>
59#include <openssl/ec.h>
60#include <openssl/err.h>
61#include <openssl/x509.h>
62#include <openssl/gost.h>
63
64#ifndef OPENSSL_NO_CMS
65#include <openssl/cms.h>
66#endif
67
68#include "asn1_locl.h"
69#include "gost_locl.h"
70#include "gost_asn1.h"
71
72static void
73pkey_free_gost01(EVP_PKEY *key)
74{
75 GOST_KEY_free(key->pkey.gost);
76}
77
78/*
79 * Parses GOST algorithm parameters from X509_ALGOR and
80 * modifies pkey setting NID and parameters
81 */
82static int
83decode_gost01_algor_params(EVP_PKEY *pkey, const unsigned char **p, int len)
84{
85 int param_nid = NID_undef, digest_nid = NID_undef;
86 GOST_KEY_PARAMS *gkp = NULL;
87 EC_GROUP *group;
88 GOST_KEY *ec;
89
90 gkp = d2i_GOST_KEY_PARAMS(NULL, p, len);
91 if (gkp == NULL) {
92 GOSTerr(GOST_F_DECODE_GOST01_ALGOR_PARAMS,
93 GOST_R_BAD_PKEY_PARAMETERS_FORMAT);
94 return 0;
95 }
96 param_nid = OBJ_obj2nid(gkp->key_params);
97 digest_nid = OBJ_obj2nid(gkp->hash_params);
98 GOST_KEY_PARAMS_free(gkp);
99
100 ec = pkey->pkey.gost;
101 if (ec == NULL) {
102 ec = GOST_KEY_new();
103 if (ec == NULL)
104 return 0;
105 if (EVP_PKEY_assign_GOST(pkey, ec) == 0)
106 return 0;
107 }
108
109 group = EC_GROUP_new_by_curve_name(param_nid);
110 if (group == NULL)
111 return 0;
112 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
113 if (GOST_KEY_set_group(ec, group) == 0) {
114 EC_GROUP_free(group);
115 return 0;
116 }
117 EC_GROUP_free(group);
118 if (GOST_KEY_set_digest(ec, digest_nid) == 0)
119 return 0;
120 return 1;
121}
122
123static ASN1_STRING *
124encode_gost01_algor_params(const EVP_PKEY *key)
125{
126 ASN1_STRING *params = ASN1_STRING_new();
127 GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
128 int pkey_param_nid = NID_undef;
129
130 if (params == NULL || gkp == NULL) {
131 GOSTerr(GOST_F_ENCODE_GOST01_ALGOR_PARAMS,
132 ERR_R_MALLOC_FAILURE);
133 ASN1_STRING_free(params);
134 params = NULL;
135 goto err;
136 }
137
138 pkey_param_nid =
139 EC_GROUP_get_curve_name(GOST_KEY_get0_group(key->pkey.gost));
140 gkp->key_params = OBJ_nid2obj(pkey_param_nid);
141 gkp->hash_params = OBJ_nid2obj(GOST_KEY_get_digest(key->pkey.gost));
142 /*gkp->cipher_params = OBJ_nid2obj(cipher_param_nid); */
143 params->length = i2d_GOST_KEY_PARAMS(gkp, &params->data);
144 if (params->length <= 0) {
145 GOSTerr(GOST_F_ENCODE_GOST01_ALGOR_PARAMS,
146 ERR_R_MALLOC_FAILURE);
147 ASN1_STRING_free(params);
148 params = NULL;
149 goto err;
150 }
151 params->type = V_ASN1_SEQUENCE;
152err:
153 GOST_KEY_PARAMS_free(gkp);
154 return params;
155}
156
157static int
158pub_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
159{
160 const GOST_KEY *ea = a->pkey.gost;
161 const GOST_KEY *eb = b->pkey.gost;
162 const EC_POINT *ka, *kb;
163 int ret = 0;
164
165 if (ea == NULL || eb == NULL)
166 return 0;
167 ka = GOST_KEY_get0_public_key(ea);
168 kb = GOST_KEY_get0_public_key(eb);
169 if (ka == NULL || kb == NULL)
170 return 0;
171 ret = (0 == EC_POINT_cmp(GOST_KEY_get0_group(ea), ka, kb, NULL));
172 return ret;
173}
174
175static int
176pkey_size_gost01(const EVP_PKEY *pk)
177{
178 if (GOST_KEY_get_digest(pk->pkey.gost) == NID_id_tc26_gost3411_2012_512)
179 return 128;
180 return 64;
181}
182
183static int
184pkey_bits_gost01(const EVP_PKEY *pk)
185{
186 if (GOST_KEY_get_digest(pk->pkey.gost) == NID_id_tc26_gost3411_2012_512)
187 return 512;
188 return 256;
189}
190
191static int
192pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
193{
194 X509_ALGOR *palg = NULL;
195 const unsigned char *pubkey_buf = NULL;
196 const unsigned char *p;
197 ASN1_OBJECT *palgobj = NULL;
198 int pub_len;
199 BIGNUM *X, *Y;
200 ASN1_OCTET_STRING *octet = NULL;
201 int len;
202 int ret;
203 int ptype = V_ASN1_UNDEF;
204 ASN1_STRING *pval = NULL;
205
206 if (X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub)
207 == 0)
208 return 0;
209 (void)EVP_PKEY_assign_GOST(pk, NULL);
210 X509_ALGOR_get0(NULL, &ptype, (void **)&pval, palg);
211 if (ptype != V_ASN1_SEQUENCE) {
212 GOSTerr(GOST_F_PUB_DECODE_GOST01,
213 GOST_R_BAD_KEY_PARAMETERS_FORMAT);
214 return 0;
215 }
216 p = pval->data;
217 if (decode_gost01_algor_params(pk, &p, pval->length) == 0)
218 return 0;
219
220 octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
221 if (octet == NULL) {
222 GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
223 return 0;
224 }
225 len = octet->length / 2;
226
227 X = GOST_le2bn(octet->data, len, NULL);
228 Y = GOST_le2bn(octet->data + len, len, NULL);
229
230 ASN1_OCTET_STRING_free(octet);
231
232 ret = GOST_KEY_set_public_key_affine_coordinates(pk->pkey.gost, X, Y);
233 if (ret == 0)
234 GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_EC_LIB);
235
236 BN_free(X);
237 BN_free(Y);
238
239 return ret;
240}
241
242static int
243pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk)
244{
245 ASN1_OBJECT *algobj = NULL;
246 ASN1_OCTET_STRING *octet = NULL;
247 ASN1_STRING *params = NULL;
248 void *pval = NULL;
249 unsigned char *buf = NULL, *sptr;
250 int key_size, ret = 0;
251 const EC_POINT *pub_key;
252 BIGNUM *X = NULL, *Y = NULL;
253 const GOST_KEY *ec = pk->pkey.gost;
254 int ptype = V_ASN1_UNDEF;
255
256 algobj = OBJ_nid2obj(GostR3410_get_pk_digest(GOST_KEY_get_digest(ec)));
257 if (pk->save_parameters) {
258 params = encode_gost01_algor_params(pk);
259 if (params == NULL)
260 return 0;
261 pval = params;
262 ptype = V_ASN1_SEQUENCE;
263 }
264
265 key_size = GOST_KEY_get_size(ec);
266
267 pub_key = GOST_KEY_get0_public_key(ec);
268 if (pub_key == NULL) {
269 GOSTerr(GOST_F_PUB_ENCODE_GOST01, GOST_R_PUBLIC_KEY_UNDEFINED);
270 goto err;
271 }
272
273 octet = ASN1_OCTET_STRING_new();
274 if (octet == NULL) {
275 GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE);
276 goto err;
277 }
278
279 ret = ASN1_STRING_set(octet, NULL, 2 * key_size);
280 if (ret == 0) {
281 GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_INTERNAL_ERROR);
282 goto err;
283 }
284
285 sptr = ASN1_STRING_data(octet);
286
287 X = BN_new();
288 Y = BN_new();
289 if (X == NULL || Y == NULL) {
290 GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE);
291 goto err;
292 }
293
294 if (EC_POINT_get_affine_coordinates_GFp(GOST_KEY_get0_group(ec),
295 pub_key, X, Y, NULL) == 0) {
296 GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_EC_LIB);
297 goto err;
298 }
299
300 GOST_bn2le(X, sptr, key_size);
301 GOST_bn2le(Y, sptr + key_size, key_size);
302
303 BN_free(Y);
304 BN_free(X);
305
306 ret = i2d_ASN1_OCTET_STRING(octet, &buf);
307 ASN1_BIT_STRING_free(octet);
308 if (ret < 0)
309 return 0;
310
311 return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
312
313err:
314 BN_free(Y);
315 BN_free(X);
316 ASN1_BIT_STRING_free(octet);
317 ASN1_STRING_free(params);
318 return 0;
319}
320
321static int
322param_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx)
323{
324 int param_nid =
325 EC_GROUP_get_curve_name(GOST_KEY_get0_group(pkey->pkey.gost));
326
327 if (BIO_indent(out, indent, 128) == 0)
328 return 0;
329 BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
330 if (BIO_indent(out, indent, 128) == 0)
331 return 0;
332 BIO_printf(out, "Digest Algorithm: %s\n",
333 OBJ_nid2ln(GOST_KEY_get_digest(pkey->pkey.gost)));
334 return 1;
335}
336
337static int
338pub_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx)
339{
340 BN_CTX *ctx = BN_CTX_new();
341 BIGNUM *X, *Y;
342 const EC_POINT *pubkey;
343 const EC_GROUP *group;
344
345 if (ctx == NULL) {
346 GOSTerr(GOST_F_PUB_PRINT_GOST01, ERR_R_MALLOC_FAILURE);
347 return 0;
348 }
349 BN_CTX_start(ctx);
350 if ((X = BN_CTX_get(ctx)) == NULL)
351 goto err;
352 if ((Y = BN_CTX_get(ctx)) == NULL)
353 goto err;
354 pubkey = GOST_KEY_get0_public_key(pkey->pkey.gost);
355 group = GOST_KEY_get0_group(pkey->pkey.gost);
356 if (EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y,
357 ctx) == 0) {
358 GOSTerr(GOST_F_PUB_PRINT_GOST01, ERR_R_EC_LIB);
359 goto err;
360 }
361 if (BIO_indent(out, indent, 128) == 0)
362 goto err;
363 BIO_printf(out, "Public key:\n");
364 if (BIO_indent(out, indent + 3, 128) == 0)
365 goto err;
366 BIO_printf(out, "X:");
367 BN_print(out, X);
368 BIO_printf(out, "\n");
369 BIO_indent(out, indent + 3, 128);
370 BIO_printf(out, "Y:");
371 BN_print(out, Y);
372 BIO_printf(out, "\n");
373
374 BN_CTX_end(ctx);
375 BN_CTX_free(ctx);
376
377 return param_print_gost01(out, pkey, indent, pctx);
378
379err:
380 BN_CTX_end(ctx);
381 BN_CTX_free(ctx);
382 return 0;
383}
384
385static int
386priv_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx)
387{
388 const BIGNUM *key;
389
390 if (BIO_indent(out, indent, 128) == 0)
391 return 0;
392 BIO_printf(out, "Private key: ");
393 key = GOST_KEY_get0_private_key(pkey->pkey.gost);
394 if (key == NULL)
395 BIO_printf(out, "<undefined)");
396 else
397 BN_print(out, key);
398 BIO_printf(out, "\n");
399
400 return pub_print_gost01(out, pkey, indent, pctx);
401}
402
403static int
404priv_decode_gost01(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
405{
406 const unsigned char *pkey_buf = NULL, *p = NULL;
407 int priv_len = 0;
408 BIGNUM *pk_num = NULL;
409 int ret = 0;
410 X509_ALGOR *palg = NULL;
411 ASN1_OBJECT *palg_obj = NULL;
412 ASN1_INTEGER *priv_key = NULL;
413 GOST_KEY *ec;
414 int ptype = V_ASN1_UNDEF;
415 ASN1_STRING *pval = NULL;
416
417 if (PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf) == 0)
418 return 0;
419 (void)EVP_PKEY_assign_GOST(pk, NULL);
420 X509_ALGOR_get0(NULL, &ptype, (void **)&pval, palg);
421 if (ptype != V_ASN1_SEQUENCE) {
422 GOSTerr(GOST_F_PUB_DECODE_GOST01,
423 GOST_R_BAD_KEY_PARAMETERS_FORMAT);
424 return 0;
425 }
426 p = pval->data;
427 if (decode_gost01_algor_params(pk, &p, pval->length) == 0)
428 return 0;
429 p = pkey_buf;
430 if (V_ASN1_OCTET_STRING == *p) {
431 /* New format - Little endian octet string */
432 unsigned char rev_buf[32];
433 int i;
434 ASN1_OCTET_STRING *s =
435 d2i_ASN1_OCTET_STRING(NULL, &p, priv_len);
436
437 if (s == NULL || s->length != 32) {
438 GOSTerr(GOST_F_PRIV_DECODE_GOST01, EVP_R_DECODE_ERROR);
439 ASN1_STRING_free(s);
440 return 0;
441 }
442 for (i = 0; i < 32; i++) {
443 rev_buf[31 - i] = s->data[i];
444 }
445 ASN1_STRING_free(s);
446 pk_num = BN_bin2bn(rev_buf, 32, NULL);
447 } else {
448 priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
449 if (priv_key == NULL)
450 return 0;
451 ret = ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL)) != NULL);
452 ASN1_INTEGER_free(priv_key);
453 if (ret == 0) {
454 GOSTerr(GOST_F_PRIV_DECODE_GOST01, EVP_R_DECODE_ERROR);
455 return 0;
456 }
457 }
458
459 ec = pk->pkey.gost;
460 if (ec == NULL) {
461 ec = GOST_KEY_new();
462 if (ec == NULL) {
463 BN_free(pk_num);
464 return 0;
465 }
466 if (EVP_PKEY_assign_GOST(pk, ec) == 0) {
467 BN_free(pk_num);
468 GOST_KEY_free(ec);
469 return 0;
470 }
471 }
472 if (GOST_KEY_set_private_key(ec, pk_num) == 0) {
473 BN_free(pk_num);
474 return 0;
475 }
476 ret = 0;
477 if (EVP_PKEY_missing_parameters(pk) == 0)
478 ret = gost2001_compute_public(ec) != 0;
479 BN_free(pk_num);
480
481 return ret;
482}
483
484static int
485priv_encode_gost01(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
486{
487 ASN1_OBJECT *algobj =
488 OBJ_nid2obj(GostR3410_get_pk_digest(GOST_KEY_get_digest(pk->pkey.gost)));
489 ASN1_STRING *params = encode_gost01_algor_params(pk);
490 unsigned char *priv_buf = NULL;
491 int priv_len;
492 ASN1_INTEGER *asn1key = NULL;
493
494 if (params == NULL)
495 return 0;
496
497 asn1key = BN_to_ASN1_INTEGER(GOST_KEY_get0_private_key(pk->pkey.gost),
498 NULL);
499 if (asn1key == NULL) {
500 ASN1_STRING_free(params);
501 return 0;
502 }
503 priv_len = i2d_ASN1_INTEGER(asn1key, &priv_buf);
504 ASN1_INTEGER_free(asn1key);
505 return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params, priv_buf,
506 priv_len);
507}
508
509static int
510param_encode_gost01(const EVP_PKEY *pkey, unsigned char **pder)
511{
512 ASN1_STRING *params = encode_gost01_algor_params(pkey);
513 int len;
514
515 if (params == NULL)
516 return 0;
517 len = params->length;
518 if (pder != NULL)
519 memcpy(*pder, params->data, params->length);
520 ASN1_STRING_free(params);
521 return len;
522}
523
524static int
525param_decode_gost01(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
526{
527 ASN1_OBJECT *obj = NULL;
528 int nid;
529 GOST_KEY *ec;
530 EC_GROUP *group;
531 int ret;
532
533 /* New format */
534 if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == **pder)
535 return decode_gost01_algor_params(pkey, pder, derlen);
536
537 /* Compatibility */
538 if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
539 GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
540 return 0;
541 }
542 nid = OBJ_obj2nid(obj);
543 ASN1_OBJECT_free(obj);
544
545 ec = GOST_KEY_new();
546 if (ec == NULL) {
547 GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
548 return 0;
549 }
550 group = EC_GROUP_new_by_curve_name(nid);
551 if (group == NULL) {
552 GOSTerr(GOST_F_PARAM_DECODE_GOST01,
553 EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
554 GOST_KEY_free(ec);
555 return 0;
556 }
557
558 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
559 if (GOST_KEY_set_group(ec, group) == 0) {
560 GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_EC_LIB);
561 EC_GROUP_free(group);
562 GOST_KEY_free(ec);
563 return 0;
564 }
565 EC_GROUP_free(group);
566 if (GOST_KEY_set_digest(ec,
567 NID_id_GostR3411_94_CryptoProParamSet) == 0) {
568 GOSTerr(GOST_F_PARAM_DECODE_GOST01, GOST_R_INVALID_DIGEST_TYPE);
569 GOST_KEY_free(ec);
570 return 0;
571 }
572 ret = EVP_PKEY_assign_GOST(pkey, ec);
573 if (ret == 0)
574 GOST_KEY_free(ec);
575 return ret;
576}
577
578static int
579param_missing_gost01(const EVP_PKEY *pk)
580{
581 const GOST_KEY *ec = pk->pkey.gost;
582
583 if (ec == NULL)
584 return 1;
585 if (GOST_KEY_get0_group(ec) == NULL)
586 return 1;
587 if (GOST_KEY_get_digest(ec) == NID_undef)
588 return 1;
589 return 0;
590}
591
592static int
593param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
594{
595 GOST_KEY *eto = to->pkey.gost;
596 const GOST_KEY *efrom = from->pkey.gost;
597 int ret = 1;
598
599 if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
600 GOSTerr(GOST_F_PARAM_COPY_GOST01,
601 GOST_R_INCOMPATIBLE_ALGORITHMS);
602 return 0;
603 }
604 if (efrom == NULL) {
605 GOSTerr(GOST_F_PARAM_COPY_GOST01,
606 GOST_R_KEY_PARAMETERS_MISSING);
607 return 0;
608 }
609 if (eto == NULL) {
610 eto = GOST_KEY_new();
611 if (eto == NULL) {
612 GOSTerr(GOST_F_PARAM_COPY_GOST01,
613 ERR_R_MALLOC_FAILURE);
614 return 0;
615 }
616 if (EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto) == 0) {
617 GOST_KEY_free(eto);
618 return 0;
619 }
620 }
621 GOST_KEY_set_group(eto, GOST_KEY_get0_group(efrom));
622 GOST_KEY_set_digest(eto, GOST_KEY_get_digest(efrom));
623 if (GOST_KEY_get0_private_key(eto) != NULL)
624 ret = gost2001_compute_public(eto);
625
626 return ret;
627}
628
629static int
630param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
631{
632 if (EC_GROUP_get_curve_name(GOST_KEY_get0_group(a->pkey.gost)) !=
633 EC_GROUP_get_curve_name(GOST_KEY_get0_group(b->pkey.gost)))
634 return 0;
635
636 if (GOST_KEY_get_digest(a->pkey.gost) !=
637 GOST_KEY_get_digest(b->pkey.gost))
638 return 0;
639
640 return 1;
641}
642
643static int
644pkey_ctrl_gost01(EVP_PKEY *pkey, int op, long arg1, void *arg2)
645{
646 X509_ALGOR *alg1 = NULL, *alg2 = NULL, *alg3 = NULL;
647 int digest = GOST_KEY_get_digest(pkey->pkey.gost);
648
649 switch (op) {
650 case ASN1_PKEY_CTRL_PKCS7_SIGN:
651 if (arg1 == 0)
652 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
653 break;
654
655 case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
656 if (arg1 == 0)
657 PKCS7_RECIP_INFO_get0_alg(arg2, &alg3);
658 break;
659#ifndef OPENSSL_NO_CMS
660 case ASN1_PKEY_CTRL_CMS_SIGN:
661 if (arg1 == 0)
662 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
663 break;
664
665 case ASN1_PKEY_CTRL_CMS_ENVELOPE:
666 if (arg1 == 0)
667 CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg3);
668 break;
669#endif
670 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
671 *(int *)arg2 = GostR3410_get_md_digest(digest);
672 return 2;
673
674 default:
675 return -2;
676 }
677
678 if (alg1)
679 X509_ALGOR_set0(alg1, OBJ_nid2obj(GostR3410_get_md_digest(digest)), V_ASN1_NULL, 0);
680 if (alg2)
681 X509_ALGOR_set0(alg2, OBJ_nid2obj(GostR3410_get_pk_digest(digest)), V_ASN1_NULL, 0);
682 if (alg3) {
683 ASN1_STRING *params = encode_gost01_algor_params(pkey);
684 if (params == NULL) {
685 return -1;
686 }
687 X509_ALGOR_set0(alg3,
688 OBJ_nid2obj(GostR3410_get_pk_digest(digest)),
689 V_ASN1_SEQUENCE, params);
690 }
691
692 return 1;
693}
694
695const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[] = {
696 {
697 .pkey_id = EVP_PKEY_GOSTR01,
698 .pkey_base_id = EVP_PKEY_GOSTR01,
699 .pkey_flags = ASN1_PKEY_SIGPARAM_NULL,
700
701 .pem_str = "GOST2001",
702 .info = "GOST R 34.10-2001",
703
704 .pkey_free = pkey_free_gost01,
705 .pkey_ctrl = pkey_ctrl_gost01,
706
707 .priv_decode = priv_decode_gost01,
708 .priv_encode = priv_encode_gost01,
709 .priv_print = priv_print_gost01,
710
711 .param_decode = param_decode_gost01,
712 .param_encode = param_encode_gost01,
713 .param_missing = param_missing_gost01,
714 .param_copy = param_copy_gost01,
715 .param_cmp = param_cmp_gost01,
716 .param_print = param_print_gost01,
717
718 .pub_decode = pub_decode_gost01,
719 .pub_encode = pub_encode_gost01,
720 .pub_cmp = pub_cmp_gost01,
721 .pub_print = pub_print_gost01,
722 .pkey_size = pkey_size_gost01,
723 .pkey_bits = pkey_bits_gost01,
724 },
725 {
726 .pkey_id = EVP_PKEY_GOSTR12_256,
727 .pkey_base_id = EVP_PKEY_GOSTR01,
728 .pkey_flags = ASN1_PKEY_ALIAS
729 },
730 {
731 .pkey_id = EVP_PKEY_GOSTR12_512,
732 .pkey_base_id = EVP_PKEY_GOSTR01,
733 .pkey_flags = ASN1_PKEY_ALIAS
734 },
735};
736
737#endif
diff --git a/src/lib/libcrypto/gost/gostr341001_key.c b/src/lib/libcrypto/gost/gostr341001_key.c
deleted file mode 100644
index dbe360620a..0000000000
--- a/src/lib/libcrypto/gost/gostr341001_key.c
+++ /dev/null
@@ -1,320 +0,0 @@
1/* $OpenBSD: gostr341001_key.c,v 1.5 2015/02/14 06:40:04 jsing Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <openssl/opensslconf.h>
53
54#ifndef OPENSSL_NO_GOST
55#include <openssl/bn.h>
56#include <openssl/err.h>
57#include <openssl/gost.h>
58#include <openssl/objects.h>
59#include "gost_locl.h"
60
61struct gost_key_st {
62 EC_GROUP *group;
63
64 EC_POINT *pub_key;
65 BIGNUM *priv_key;
66
67 int references;
68
69 int digest_nid;
70};
71
72GOST_KEY *
73GOST_KEY_new(void)
74{
75 GOST_KEY *ret;
76
77 ret = malloc(sizeof(GOST_KEY));
78 if (ret == NULL) {
79 GOSTerr(GOST_F_GOST_KEY_NEW, ERR_R_MALLOC_FAILURE);
80 return (NULL);
81 }
82 ret->group = NULL;
83 ret->pub_key = NULL;
84 ret->priv_key = NULL;
85 ret->references = 1;
86 ret->digest_nid = NID_undef;
87 return (ret);
88}
89
90void
91GOST_KEY_free(GOST_KEY *r)
92{
93 int i;
94
95 if (r == NULL)
96 return;
97
98 i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC);
99 if (i > 0)
100 return;
101
102 EC_GROUP_free(r->group);
103 EC_POINT_free(r->pub_key);
104 BN_clear_free(r->priv_key);
105
106 OPENSSL_cleanse((void *)r, sizeof(GOST_KEY));
107 free(r);
108}
109
110int
111GOST_KEY_check_key(const GOST_KEY *key)
112{
113 int ok = 0;
114 BN_CTX *ctx = NULL;
115 BIGNUM *order = NULL;
116 EC_POINT *point = NULL;
117
118 if (key == NULL || key->group == NULL || key->pub_key == NULL) {
119 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
120 return 0;
121 }
122 if (EC_POINT_is_at_infinity(key->group, key->pub_key) != 0) {
123 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
124 goto err;
125 }
126 if ((ctx = BN_CTX_new()) == NULL)
127 goto err;
128 if ((point = EC_POINT_new(key->group)) == NULL)
129 goto err;
130
131 /* testing whether the pub_key is on the elliptic curve */
132 if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) == 0) {
133 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
134 goto err;
135 }
136 /* testing whether pub_key * order is the point at infinity */
137 if ((order = BN_new()) == NULL)
138 goto err;
139 if (EC_GROUP_get_order(key->group, order, ctx) == 0) {
140 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
141 goto err;
142 }
143 if (EC_POINT_mul(key->group, point, NULL, key->pub_key, order,
144 ctx) == 0) {
145 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);
146 goto err;
147 }
148 if (EC_POINT_is_at_infinity(key->group, point) == 0) {
149 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
150 goto err;
151 }
152 /*
153 * in case the priv_key is present : check if generator * priv_key ==
154 * pub_key
155 */
156 if (key->priv_key != NULL) {
157 if (BN_cmp(key->priv_key, order) >= 0) {
158 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
159 goto err;
160 }
161 if (EC_POINT_mul(key->group, point, key->priv_key, NULL, NULL,
162 ctx) == 0) {
163 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);
164 goto err;
165 }
166 if (EC_POINT_cmp(key->group, point, key->pub_key, ctx) != 0) {
167 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY,
168 EC_R_INVALID_PRIVATE_KEY);
169 goto err;
170 }
171 }
172 ok = 1;
173err:
174 BN_free(order);
175 BN_CTX_free(ctx);
176 EC_POINT_free(point);
177 return (ok);
178}
179
180int
181GOST_KEY_set_public_key_affine_coordinates(GOST_KEY *key, BIGNUM *x, BIGNUM *y)
182{
183 BN_CTX *ctx = NULL;
184 BIGNUM *tx, *ty;
185 EC_POINT *point = NULL;
186 int ok = 0;
187
188 if (key == NULL || key->group == NULL || x == NULL || y == NULL) {
189 GOSTerr(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
190 ERR_R_PASSED_NULL_PARAMETER);
191 return 0;
192 }
193 ctx = BN_CTX_new();
194 if (ctx == NULL)
195 goto err;
196
197 point = EC_POINT_new(key->group);
198 if (point == NULL)
199 goto err;
200
201 if ((tx = BN_CTX_get(ctx)) == NULL)
202 goto err;
203 if ((ty = BN_CTX_get(ctx)) == NULL)
204 goto err;
205 if (EC_POINT_set_affine_coordinates_GFp(key->group, point, x, y,
206 ctx) == 0)
207 goto err;
208 if (EC_POINT_get_affine_coordinates_GFp(key->group, point, tx, ty,
209 ctx) == 0)
210 goto err;
211 /*
212 * Check if retrieved coordinates match originals: if not, values are
213 * out of range.
214 */
215 if (BN_cmp(x, tx) != 0 || BN_cmp(y, ty) != 0) {
216 GOSTerr(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
217 EC_R_COORDINATES_OUT_OF_RANGE);
218 goto err;
219 }
220 if (GOST_KEY_set_public_key(key, point) == 0)
221 goto err;
222
223 if (GOST_KEY_check_key(key) == 0)
224 goto err;
225
226 ok = 1;
227
228err:
229 EC_POINT_free(point);
230 BN_CTX_free(ctx);
231 return ok;
232
233}
234
235const EC_GROUP *
236GOST_KEY_get0_group(const GOST_KEY *key)
237{
238 return key->group;
239}
240
241int
242GOST_KEY_set_group(GOST_KEY *key, const EC_GROUP *group)
243{
244 EC_GROUP_free(key->group);
245 key->group = EC_GROUP_dup(group);
246 return (key->group == NULL) ? 0 : 1;
247}
248
249const BIGNUM *
250GOST_KEY_get0_private_key(const GOST_KEY *key)
251{
252 return key->priv_key;
253}
254
255int
256GOST_KEY_set_private_key(GOST_KEY *key, const BIGNUM *priv_key)
257{
258 BN_clear_free(key->priv_key);
259 key->priv_key = BN_dup(priv_key);
260 return (key->priv_key == NULL) ? 0 : 1;
261}
262
263const EC_POINT *
264GOST_KEY_get0_public_key(const GOST_KEY *key)
265{
266 return key->pub_key;
267}
268
269int
270GOST_KEY_set_public_key(GOST_KEY *key, const EC_POINT *pub_key)
271{
272 EC_POINT_free(key->pub_key);
273 key->pub_key = EC_POINT_dup(pub_key, key->group);
274 return (key->pub_key == NULL) ? 0 : 1;
275}
276
277int
278GOST_KEY_get_digest(const GOST_KEY *key)
279{
280 return key->digest_nid;
281}
282int
283GOST_KEY_set_digest(GOST_KEY *key, int digest_nid)
284{
285 if (digest_nid == NID_id_GostR3411_94_CryptoProParamSet ||
286 digest_nid == NID_id_tc26_gost3411_2012_256 ||
287 digest_nid == NID_id_tc26_gost3411_2012_512) {
288 key->digest_nid = digest_nid;
289 return 1;
290 }
291
292 return 0;
293}
294
295size_t
296GOST_KEY_get_size(const GOST_KEY *r)
297{
298 int i;
299 BIGNUM *order = NULL;
300 const EC_GROUP *group;
301
302 if (r == NULL)
303 return 0;
304 group = GOST_KEY_get0_group(r);
305 if (group == NULL)
306 return 0;
307
308 if ((order = BN_new()) == NULL)
309 return 0;
310
311 if (EC_GROUP_get_order(group, order, NULL) == 0) {
312 BN_clear_free(order);
313 return 0;
314 }
315
316 i = BN_num_bytes(order);
317 BN_clear_free(order);
318 return (i);
319}
320#endif
diff --git a/src/lib/libcrypto/gost/gostr341001_params.c b/src/lib/libcrypto/gost/gostr341001_params.c
deleted file mode 100644
index 6500c30f31..0000000000
--- a/src/lib/libcrypto/gost/gostr341001_params.c
+++ /dev/null
@@ -1,132 +0,0 @@
1/* $OpenBSD: gostr341001_params.c,v 1.3 2015/07/20 22:42:56 bcook Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57#include <openssl/objects.h>
58#include <openssl/gost.h>
59
60#include "gost_locl.h"
61
62int
63GostR3410_get_md_digest(int nid)
64{
65 if (nid == NID_id_GostR3411_94_CryptoProParamSet)
66 return NID_id_GostR3411_94;
67 return nid;
68}
69
70int
71GostR3410_get_pk_digest(int nid)
72{
73 switch (nid) {
74 case NID_id_GostR3411_94_CryptoProParamSet:
75 return NID_id_GostR3410_2001;
76 case NID_id_tc26_gost3411_2012_256:
77 return NID_id_tc26_gost3410_2012_256;
78 case NID_id_tc26_gost3411_2012_512:
79 return NID_id_tc26_gost3410_2012_512;
80 default:
81 return NID_undef;
82 }
83}
84
85typedef struct GostR3410_params {
86 const char *name;
87 int nid;
88} GostR3410_params;
89
90static const GostR3410_params GostR3410_256_params[] = {
91 { "A", NID_id_GostR3410_2001_CryptoPro_A_ParamSet },
92 { "B", NID_id_GostR3410_2001_CryptoPro_B_ParamSet },
93 { "C", NID_id_GostR3410_2001_CryptoPro_C_ParamSet },
94 { "0", NID_id_GostR3410_2001_TestParamSet },
95 { "XA", NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet },
96 { "XB", NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet },
97 { NULL, NID_undef },
98};
99
100static const GostR3410_params GostR3410_512_params[] = {
101 { "A", NID_id_tc26_gost_3410_2012_512_paramSetA },
102 { "B", NID_id_tc26_gost_3410_2012_512_paramSetB },
103 { NULL, NID_undef },
104};
105
106int
107GostR3410_256_param_id(const char *value)
108{
109 int i;
110
111 for (i = 0; GostR3410_256_params[i].nid != NID_undef; i++) {
112 if (strcasecmp(GostR3410_256_params[i].name, value) == 0)
113 return GostR3410_256_params[i].nid;
114 }
115
116 return NID_undef;
117}
118
119int
120GostR3410_512_param_id(const char *value)
121{
122 int i;
123
124 for (i = 0; GostR3410_512_params[i].nid != NID_undef; i++) {
125 if (strcasecmp(GostR3410_512_params[i].name, value) == 0)
126 return GostR3410_512_params[i].nid;
127 }
128
129 return NID_undef;
130}
131
132#endif
diff --git a/src/lib/libcrypto/gost/gostr341001_pmeth.c b/src/lib/libcrypto/gost/gostr341001_pmeth.c
deleted file mode 100644
index 1454f3f0a2..0000000000
--- a/src/lib/libcrypto/gost/gostr341001_pmeth.c
+++ /dev/null
@@ -1,719 +0,0 @@
1/* $OpenBSD: gostr341001_pmeth.c,v 1.12 2015/02/14 15:08:37 miod Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57#include <openssl/bn.h>
58#include <openssl/evp.h>
59#include <openssl/err.h>
60#include <openssl/gost.h>
61#include <openssl/ec.h>
62#include <openssl/ecdsa.h>
63#include <openssl/x509.h>
64
65#include "evp_locl.h"
66#include "gost_locl.h"
67#include "gost_asn1.h"
68
69static ECDSA_SIG *
70unpack_signature_cp(const unsigned char *sig, size_t siglen)
71{
72 ECDSA_SIG *s;
73
74 s = ECDSA_SIG_new();
75 if (s == NULL) {
76 GOSTerr(GOST_F_UNPACK_SIGNATURE_CP, ERR_R_MALLOC_FAILURE);
77 return NULL;
78 }
79 BN_bin2bn(sig, siglen / 2, s->s);
80 BN_bin2bn(sig + siglen / 2, siglen / 2, s->r);
81 return s;
82}
83
84static int
85pack_signature_cp(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
86{
87 int r_len = BN_num_bytes(s->r);
88 int s_len = BN_num_bytes(s->s);
89
90 if (r_len > order || s_len > order)
91 return 0;
92
93 *siglen = 2 * order;
94
95 memset(sig, 0, *siglen);
96 BN_bn2bin(s->s, sig + order - s_len);
97 BN_bn2bin(s->r, sig + 2 * order - r_len);
98 ECDSA_SIG_free(s);
99 return 1;
100}
101
102static ECDSA_SIG *
103unpack_signature_le(const unsigned char *sig, size_t siglen)
104{
105 ECDSA_SIG *s;
106
107 s = ECDSA_SIG_new();
108 if (s == NULL) {
109 GOSTerr(GOST_F_UNPACK_SIGNATURE_LE, ERR_R_MALLOC_FAILURE);
110 return NULL;
111 }
112 GOST_le2bn(sig, siglen / 2, s->r);
113 GOST_le2bn(sig + siglen / 2, siglen / 2, s->s);
114 return s;
115}
116
117static int
118pack_signature_le(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
119{
120 *siglen = 2 * order;
121 memset(sig, 0, *siglen);
122 GOST_bn2le(s->r, sig, order);
123 GOST_bn2le(s->s, sig + order, order);
124 ECDSA_SIG_free(s);
125 return 1;
126}
127
128struct gost_pmeth_data {
129 int sign_param_nid; /* Should be set whenever parameters are filled */
130 int digest_nid;
131 EVP_MD *md;
132 unsigned char *shared_ukm;
133 int peer_key_used;
134 int sig_format;
135};
136
137static int
138pkey_gost01_init(EVP_PKEY_CTX *ctx)
139{
140 struct gost_pmeth_data *data;
141 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
142
143 data = calloc(1, sizeof(struct gost_pmeth_data));
144 if (data == NULL)
145 return 0;
146
147 if (pkey != NULL && pkey->pkey.gost != NULL) {
148 data->sign_param_nid =
149 EC_GROUP_get_curve_name(GOST_KEY_get0_group(pkey->pkey.gost));
150 data->digest_nid = GOST_KEY_get_digest(pkey->pkey.gost);
151 }
152 EVP_PKEY_CTX_set_data(ctx, data);
153 return 1;
154}
155
156/* Copies contents of gost_pmeth_data structure */
157static int
158pkey_gost01_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
159{
160 struct gost_pmeth_data *dst_data, *src_data;
161
162 if (pkey_gost01_init(dst) == 0)
163 return 0;
164
165 src_data = EVP_PKEY_CTX_get_data(src);
166 dst_data = EVP_PKEY_CTX_get_data(dst);
167 *dst_data = *src_data;
168 if (src_data->shared_ukm != NULL)
169 dst_data->shared_ukm = NULL;
170 return 1;
171}
172
173/* Frees up gost_pmeth_data structure */
174static void
175pkey_gost01_cleanup(EVP_PKEY_CTX *ctx)
176{
177 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
178
179 free(data->shared_ukm);
180 free(data);
181}
182
183static int
184pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
185{
186 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
187 EC_GROUP *group = NULL;
188 GOST_KEY *gost = NULL;
189 int ret = 0;
190
191 if (data->sign_param_nid == NID_undef ||
192 data->digest_nid == NID_undef) {
193 GOSTerr(GOST_F_PKEY_GOST01_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
194 return 0;
195 }
196
197 group = EC_GROUP_new_by_curve_name(data->sign_param_nid);
198 if (group == NULL)
199 goto done;
200
201 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
202
203 gost = GOST_KEY_new();
204 if (gost == NULL)
205 goto done;
206
207 if (GOST_KEY_set_digest(gost, data->digest_nid) == 0)
208 goto done;
209
210 if (GOST_KEY_set_group(gost, group) != 0)
211 ret = EVP_PKEY_assign_GOST(pkey, gost);
212
213done:
214 if (ret == 0)
215 GOST_KEY_free(gost);
216 EC_GROUP_free(group);
217 return ret;
218}
219
220static int
221pkey_gost01_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
222{
223 if (pkey_gost01_paramgen(ctx, pkey) == 0)
224 return 0;
225 return gost2001_keygen(pkey->pkey.gost) != 0;
226}
227
228static int
229pkey_gost01_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
230 const unsigned char *tbs, size_t tbs_len)
231{
232 ECDSA_SIG *unpacked_sig = NULL;
233 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
234 struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx);
235 BIGNUM *md;
236 size_t size;
237 int ret;
238
239 if (pkey == NULL || pkey->pkey.gost == NULL)
240 return 0;
241 size = GOST_KEY_get_size(pkey->pkey.gost);
242
243 if (siglen == NULL)
244 return 0;
245 if (sig == NULL) {
246 *siglen = 2 * size;
247 return 1;
248 } else if (*siglen < 2 * size) {
249 GOSTerr(GOST_F_PKEY_GOST01_SIGN, EC_R_BUFFER_TOO_SMALL);
250 return 0;
251 }
252 if (tbs_len != 32 && tbs_len != 64) {
253 GOSTerr(GOST_F_PKEY_GOST01_SIGN, EVP_R_BAD_BLOCK_LENGTH);
254 return 0;
255 }
256 md = GOST_le2bn(tbs, tbs_len, NULL);
257 if (md == NULL)
258 return 0;
259 unpacked_sig = gost2001_do_sign(md, pkey->pkey.gost);
260 BN_free(md);
261 if (unpacked_sig == NULL) {
262 return 0;
263 }
264 switch (pctx->sig_format) {
265 case GOST_SIG_FORMAT_SR_BE:
266 ret = pack_signature_cp(unpacked_sig, size, sig, siglen);
267 break;
268 case GOST_SIG_FORMAT_RS_LE:
269 ret = pack_signature_le(unpacked_sig, size, sig, siglen);
270 break;
271 default:
272 ret = -1;
273 break;
274 }
275 if (ret <= 0)
276 ECDSA_SIG_free(unpacked_sig);
277 return ret;
278}
279
280static int
281pkey_gost01_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
282 const unsigned char *tbs, size_t tbs_len)
283{
284 int ok = 0;
285 EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
286 struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx);
287 ECDSA_SIG *s = NULL;
288 BIGNUM *md;
289
290 if (pub_key == NULL)
291 return 0;
292 switch (pctx->sig_format) {
293 case GOST_SIG_FORMAT_SR_BE:
294 s = unpack_signature_cp(sig, siglen);
295 break;
296 case GOST_SIG_FORMAT_RS_LE:
297 s = unpack_signature_le(sig, siglen);
298 break;
299 }
300 if (s == NULL)
301 return 0;
302 md = GOST_le2bn(tbs, tbs_len, NULL);
303 if (md == NULL)
304 goto err;
305 ok = gost2001_do_verify(md, s, pub_key->pkey.gost);
306
307err:
308 BN_free(md);
309 ECDSA_SIG_free(s);
310 return ok;
311}
312
313static int
314gost01_VKO_key(EVP_PKEY *pub_key, EVP_PKEY *priv_key, const unsigned char *ukm,
315 unsigned char *key)
316{
317 unsigned char hashbuf[128];
318 int digest_nid;
319 int ret = 0;
320 BN_CTX *ctx = BN_CTX_new();
321 BIGNUM *UKM, *X, *Y;
322
323 if (ctx == NULL)
324 return 0;
325
326 BN_CTX_start(ctx);
327 if ((UKM = BN_CTX_get(ctx)) == NULL)
328 goto err;
329 if ((X = BN_CTX_get(ctx)) == NULL)
330 goto err;
331 if ((Y = BN_CTX_get(ctx)) == NULL)
332 goto err;
333
334 GOST_le2bn(ukm, 8, UKM);
335
336 digest_nid = GOST_KEY_get_digest(priv_key->pkey.gost);
337 if (VKO_compute_key(X, Y, pub_key->pkey.gost, priv_key->pkey.gost,
338 UKM) == 0)
339 goto err;
340
341 switch (digest_nid) {
342 case NID_id_GostR3411_94_CryptoProParamSet:
343 GOST_bn2le(X, hashbuf, 32);
344 GOST_bn2le(Y, hashbuf + 32, 32);
345 GOSTR341194(hashbuf, 64, key, digest_nid);
346 ret = 1;
347 break;
348 case NID_id_tc26_gost3411_2012_256:
349 GOST_bn2le(X, hashbuf, 32);
350 GOST_bn2le(Y, hashbuf + 32, 32);
351 STREEBOG256(hashbuf, 64, key);
352 ret = 1;
353 break;
354 case NID_id_tc26_gost3411_2012_512:
355 GOST_bn2le(X, hashbuf, 64);
356 GOST_bn2le(Y, hashbuf + 64, 64);
357 STREEBOG256(hashbuf, 128, key);
358 ret = 1;
359 break;
360 default:
361 ret = -2;
362 break;
363 }
364err:
365 BN_CTX_end(ctx);
366 BN_CTX_free(ctx);
367 return ret;
368}
369
370int
371pkey_gost01_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len,
372 const unsigned char *in, size_t in_len)
373{
374 const unsigned char *p = in;
375 EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx);
376 GOST_KEY_TRANSPORT *gkt = NULL;
377 int ret = 0;
378 unsigned char wrappedKey[44];
379 unsigned char sharedKey[32];
380 EVP_PKEY *eph_key = NULL, *peerkey = NULL;
381 int nid;
382
383 if (key == NULL) {
384 *key_len = 32;
385 return 1;
386 }
387 gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
388 if (gkt == NULL) {
389 GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
390 GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
391 return -1;
392 }
393
394 /* If key transport structure contains public key, use it */
395 eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
396 if (eph_key != NULL) {
397 if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) {
398 GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
399 GOST_R_INCOMPATIBLE_PEER_KEY);
400 goto err;
401 }
402 } else {
403 /* Set control "public key from client certificate used" */
404 if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3,
405 NULL) <= 0) {
406 GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
407 GOST_R_CTRL_CALL_FAILED);
408 goto err;
409 }
410 }
411 peerkey = EVP_PKEY_CTX_get0_peerkey(pctx);
412 if (peerkey == NULL) {
413 GOSTerr(GOST_F_PKEY_GOST01_DECRYPT, GOST_R_NO_PEER_KEY);
414 goto err;
415 }
416
417 nid = OBJ_obj2nid(gkt->key_agreement_info->cipher);
418
419 if (gkt->key_agreement_info->eph_iv->length != 8) {
420 GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
421 GOST_R_INVALID_IV_LENGTH);
422 goto err;
423 }
424 memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
425 if (gkt->key_info->encrypted_key->length != 32) {
426 GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
427 EVP_R_BAD_KEY_LENGTH);
428 goto err;
429 }
430 memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
431 if (gkt->key_info->imit->length != 4) {
432 GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
433 ERR_R_INTERNAL_ERROR);
434 goto err;
435 }
436 memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
437 if (gost01_VKO_key(peerkey, priv, wrappedKey, sharedKey) <= 0)
438 goto err;
439 if (gost_key_unwrap_crypto_pro(nid, sharedKey, wrappedKey, key) == 0) {
440 GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
441 GOST_R_ERROR_COMPUTING_SHARED_KEY);
442 goto err;
443 }
444
445 ret = 1;
446err:
447 EVP_PKEY_free(eph_key);
448 GOST_KEY_TRANSPORT_free(gkt);
449 return ret;
450}
451
452int
453pkey_gost01_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
454{
455 /*
456 * Public key of peer in the ctx field peerkey
457 * Our private key in the ctx pkey
458 * ukm is in the algorithm specific context data
459 */
460 EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx);
461 EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx);
462 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
463
464 if (data->shared_ukm == NULL) {
465 GOSTerr(GOST_F_PKEY_GOST01_DERIVE, GOST_R_UKM_NOT_SET);
466 return 0;
467 }
468
469 if (key == NULL) {
470 *keylen = 32;
471 return 32;
472 }
473
474 if (gost01_VKO_key(peer_key, my_key, data->shared_ukm, key) <= 0)
475 return 0;
476
477 *keylen = 32;
478 return 1;
479}
480
481int
482pkey_gost01_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len,
483 const unsigned char *key, size_t key_len)
484{
485 GOST_KEY_TRANSPORT *gkt = NULL;
486 EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx);
487 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
488 unsigned char ukm[8], shared_key[32], crypted_key[44];
489 int ret = 0;
490 int key_is_ephemeral;
491 EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx);
492 int nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
493
494 if (data->shared_ukm != NULL) {
495 memcpy(ukm, data->shared_ukm, 8);
496 } else /* if (out != NULL) */ {
497 arc4random_buf(ukm, 8);
498 }
499 /* Check for private key in the peer_key of context */
500 if (sec_key) {
501 key_is_ephemeral = 0;
502 if (GOST_KEY_get0_private_key(sec_key->pkey.gost) == 0) {
503 GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
504 GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
505 goto err;
506 }
507 } else {
508 key_is_ephemeral = 1;
509 if (out != NULL) {
510 GOST_KEY *tmp_key;
511
512 sec_key = EVP_PKEY_new();
513 if (sec_key == NULL)
514 goto err;
515 tmp_key = GOST_KEY_new();
516 if (tmp_key == NULL)
517 goto err;
518 if (EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk),
519 tmp_key) == 0) {
520 GOST_KEY_free(tmp_key);
521 goto err;
522 }
523 if (EVP_PKEY_copy_parameters(sec_key, pubk) == 0)
524 goto err;
525 if (gost2001_keygen(sec_key->pkey.gost) == 0) {
526 goto err;
527 }
528 }
529 }
530
531 if (out != NULL) {
532 if (gost01_VKO_key(pubk, sec_key, ukm, shared_key) <= 0)
533 goto err;
534 gost_key_wrap_crypto_pro(nid, shared_key, ukm, key,
535 crypted_key);
536 }
537 gkt = GOST_KEY_TRANSPORT_new();
538 if (gkt == NULL)
539 goto err;
540 if (ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8) == 0)
541 goto err;
542 if (ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40,
543 4) == 0)
544 goto err;
545 if (ASN1_OCTET_STRING_set(gkt->key_info->encrypted_key, crypted_key + 8,
546 32) == 0)
547 goto err;
548 if (key_is_ephemeral) {
549 if (X509_PUBKEY_set(&gkt->key_agreement_info->ephem_key,
550 out != NULL ? sec_key : pubk) == 0) {
551 GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
552 GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
553 goto err;
554 }
555 }
556 ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
557 gkt->key_agreement_info->cipher = OBJ_nid2obj(nid);
558 if (key_is_ephemeral)
559 EVP_PKEY_free(sec_key);
560 else {
561 /* Set control "public key from client certificate used" */
562 if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3,
563 NULL) <= 0) {
564 GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
565 GOST_R_CTRL_CALL_FAILED);
566 goto err;
567 }
568 }
569 if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0)
570 ret = 1;
571 GOST_KEY_TRANSPORT_free(gkt);
572 return ret;
573
574err:
575 if (key_is_ephemeral)
576 EVP_PKEY_free(sec_key);
577 GOST_KEY_TRANSPORT_free(gkt);
578 return -1;
579}
580
581
582static int
583pkey_gost01_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
584{
585 struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx);
586
587 switch (type) {
588 case EVP_PKEY_CTRL_MD:
589 if (EVP_MD_type(p2) !=
590 GostR3410_get_md_digest(pctx->digest_nid)) {
591 GOSTerr(GOST_F_PKEY_GOST01_CTRL,
592 GOST_R_INVALID_DIGEST_TYPE);
593 return 0;
594 }
595 pctx->md = p2;
596 return 1;
597 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
598 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
599 case EVP_PKEY_CTRL_PKCS7_SIGN:
600 case EVP_PKEY_CTRL_DIGESTINIT:
601#ifndef OPENSSL_NO_CMS
602 case EVP_PKEY_CTRL_CMS_ENCRYPT:
603 case EVP_PKEY_CTRL_CMS_DECRYPT:
604 case EVP_PKEY_CTRL_CMS_SIGN:
605#endif
606 return 1;
607
608 case EVP_PKEY_CTRL_GOST_PARAMSET:
609 pctx->sign_param_nid = (int)p1;
610 return 1;
611
612 case EVP_PKEY_CTRL_SET_IV:
613 {
614 char *ukm = malloc(p1);
615
616 if (ukm == NULL) {
617 GOSTerr(GOST_F_PKEY_GOST01_CTRL,
618 ERR_R_MALLOC_FAILURE);
619 return 0;
620 }
621 memcpy(ukm, p2, p1);
622 free(pctx->shared_ukm);
623 pctx->shared_ukm = ukm;
624 return 1;
625 }
626
627 case EVP_PKEY_CTRL_PEER_KEY:
628 if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */
629 return 1;
630 if (p1 == 2) /* TLS: peer key used? */
631 return pctx->peer_key_used;
632 if (p1 == 3) /* TLS: peer key used! */
633 return (pctx->peer_key_used = 1);
634 return -2;
635 case EVP_PKEY_CTRL_GOST_SIG_FORMAT:
636 switch (p1) {
637 case GOST_SIG_FORMAT_SR_BE:
638 case GOST_SIG_FORMAT_RS_LE:
639 pctx->sig_format = p1;
640 return 1;
641 default:
642 return 0;
643 }
644 break;
645 case EVP_PKEY_CTRL_GOST_SET_DIGEST:
646 pctx->digest_nid = (int)p1;
647 return 1;
648 case EVP_PKEY_CTRL_GOST_GET_DIGEST:
649 *(int *)p2 = pctx->digest_nid;
650 return 1;
651 default:
652 return -2;
653 }
654}
655
656static int
657pkey_gost01_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
658{
659 int param_nid = NID_undef;
660 int digest_nid = NID_undef;
661
662 if (strcmp(type, "paramset") == 0) {
663 if (value == NULL)
664 return 0;
665 if (pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_GET_DIGEST, 0,
666 &digest_nid) == 0)
667 return 0;
668 if (digest_nid == NID_id_tc26_gost3411_2012_512)
669 param_nid = GostR3410_512_param_id(value);
670 else
671 param_nid = GostR3410_256_param_id(value);
672 if (param_nid == NID_undef)
673 param_nid = OBJ_txt2nid(value);
674 if (param_nid == NID_undef)
675 return 0;
676
677 return pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
678 param_nid, NULL);
679 }
680 if (strcmp(type, "dgst") == 0) {
681 if (value == NULL)
682 return 0;
683 else if (strcmp(value, "gost94") == 0 ||
684 strcmp(value, "md_gost94") == 0)
685 digest_nid = NID_id_GostR3411_94_CryptoProParamSet;
686 else if (strcmp(value, "streebog256") == 0)
687 digest_nid = NID_id_tc26_gost3411_2012_256;
688 else if (strcmp(value, "streebog512") == 0)
689 digest_nid = NID_id_tc26_gost3411_2012_512;
690
691 if (digest_nid == NID_undef)
692 return 0;
693
694 return pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_SET_DIGEST,
695 digest_nid, NULL);
696 }
697 return -2;
698}
699
700const EVP_PKEY_METHOD gostr01_pkey_meth = {
701 .pkey_id = EVP_PKEY_GOSTR01,
702
703 .init = pkey_gost01_init,
704 .copy = pkey_gost01_copy,
705 .cleanup = pkey_gost01_cleanup,
706
707 .paramgen = pkey_gost01_paramgen,
708 .keygen = pkey_gost01_keygen,
709 .sign = pkey_gost01_sign,
710 .verify = pkey_gost01_verify,
711
712 .encrypt = pkey_gost01_encrypt,
713 .decrypt = pkey_gost01_decrypt,
714 .derive = pkey_gost01_derive,
715
716 .ctrl = pkey_gost01_ctrl,
717 .ctrl_str = pkey_gost01_ctrl_str,
718};
719#endif
diff --git a/src/lib/libcrypto/gost/gostr341194.c b/src/lib/libcrypto/gost/gostr341194.c
deleted file mode 100644
index 32c166aefa..0000000000
--- a/src/lib/libcrypto/gost/gostr341194.c
+++ /dev/null
@@ -1,273 +0,0 @@
1/* $OpenBSD: gostr341194.c,v 1.4 2015/07/15 17:13:17 beck Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57#include <openssl/crypto.h>
58#include <openssl/objects.h>
59#include <openssl/gost.h>
60
61#include "gost_locl.h"
62
63/* Following functions are various bit meshing routines used in
64 * GOST R 34.11-94 algorithms */
65static void
66swap_bytes(unsigned char *w, unsigned char *k)
67{
68 int i, j;
69
70 for (i = 0; i < 4; i++)
71 for (j = 0; j < 8; j++)
72 k[i + 4 * j] = w[8 * i + j];
73}
74
75/* was A_A */
76static void
77circle_xor8(const unsigned char *w, unsigned char *k)
78{
79 unsigned char buf[8];
80 int i;
81
82 memcpy(buf, w, 8);
83 memmove(k, w + 8, 24);
84 for (i = 0; i < 8; i++)
85 k[i + 24] = buf[i] ^ k[i];
86}
87
88/* was R_R */
89static void
90transform_3(unsigned char *data)
91{
92 unsigned short int acc;
93
94 acc = (data[0] ^ data[2] ^ data[4] ^ data[6] ^ data[24] ^ data[30]) |
95 ((data[1] ^ data[3] ^ data[5] ^ data[7] ^ data[25] ^ data[31]) << 8);
96 memmove(data, data + 2, 30);
97 data[30] = acc & 0xff;
98 data[31] = acc >> 8;
99}
100
101/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/
102static int
103add_blocks(int n, unsigned char *left, const unsigned char *right)
104{
105 int i;
106 int carry = 0;
107 int sum;
108
109 for (i = 0; i < n; i++) {
110 sum = (int)left[i] + (int)right[i] + carry;
111 left[i] = sum & 0xff;
112 carry = sum >> 8;
113 }
114 return carry;
115}
116
117/* Xor two sequences of bytes */
118static void
119xor_blocks(unsigned char *result, const unsigned char *a,
120 const unsigned char *b, size_t len)
121{
122 size_t i;
123
124 for (i = 0; i < len; i++)
125 result[i] = a[i] ^ b[i];
126}
127
128/*
129 * Calculate H(i+1) = Hash(Hi,Mi)
130 * Where H and M are 32 bytes long
131 */
132static int
133hash_step(GOSTR341194_CTX *c, unsigned char *H, const unsigned char *M)
134{
135 unsigned char U[32], W[32], V[32], S[32], Key[32];
136 int i;
137
138 /* Compute first key */
139 xor_blocks(W, H, M, 32);
140 swap_bytes(W, Key);
141 /* Encrypt first 8 bytes of H with first key */
142 Gost2814789_set_key(&c->cipher, Key, 256);
143 Gost2814789_encrypt(H, S, &c->cipher);
144
145 /* Compute second key */
146 circle_xor8(H, U);
147 circle_xor8(M, V);
148 circle_xor8(V, V);
149 xor_blocks(W, U, V, 32);
150 swap_bytes(W, Key);
151 /* encrypt second 8 bytes of H with second key */
152 Gost2814789_set_key(&c->cipher, Key, 256);
153 Gost2814789_encrypt(H+8, S+8, &c->cipher);
154
155 /* compute third key */
156 circle_xor8(U, U);
157 U[31] = ~U[31];
158 U[29] = ~U[29];
159 U[28] = ~U[28];
160 U[24] = ~U[24];
161 U[23] = ~U[23];
162 U[20] = ~U[20];
163 U[18] = ~U[18];
164 U[17] = ~U[17];
165 U[14] = ~U[14];
166 U[12] = ~U[12];
167 U[10] = ~U[10];
168 U[8] = ~U[8];
169 U[7] = ~U[7];
170 U[5] = ~U[5];
171 U[3] = ~U[3];
172 U[1] = ~U[1];
173 circle_xor8(V, V);
174 circle_xor8(V, V);
175 xor_blocks(W, U, V, 32);
176 swap_bytes(W, Key);
177 /* encrypt third 8 bytes of H with third key */
178 Gost2814789_set_key(&c->cipher, Key, 256);
179 Gost2814789_encrypt(H+16, S+16, &c->cipher);
180
181 /* Compute fourth key */
182 circle_xor8(U, U);
183 circle_xor8(V, V);
184 circle_xor8(V, V);
185 xor_blocks(W, U, V, 32);
186 swap_bytes(W, Key);
187 /* Encrypt last 8 bytes with fourth key */
188 Gost2814789_set_key(&c->cipher, Key, 256);
189 Gost2814789_encrypt(H+24, S+24, &c->cipher);
190
191 for (i = 0; i < 12; i++)
192 transform_3(S);
193 xor_blocks(S, S, M, 32);
194 transform_3(S);
195 xor_blocks(S, S, H, 32);
196 for (i = 0; i < 61; i++)
197 transform_3(S);
198 memcpy(H, S, 32);
199 return 1;
200}
201
202int
203GOSTR341194_Init(GOSTR341194_CTX *c, int nid)
204{
205 memset(c, 0, sizeof(*c));
206 return Gost2814789_set_sbox(&c->cipher, nid);
207}
208
209static void
210GOSTR341194_block_data_order(GOSTR341194_CTX *ctx, const unsigned char *p,
211 size_t num)
212{
213 int i;
214
215 for (i = 0; i < num; i++) {
216 hash_step(ctx, ctx->H, p);
217 add_blocks(32, ctx->S, p);
218 p += 32;
219 }
220}
221
222#define DATA_ORDER_IS_LITTLE_ENDIAN
223
224#define HASH_CBLOCK GOSTR341194_CBLOCK
225#define HASH_LONG GOSTR341194_LONG
226#define HASH_CTX GOSTR341194_CTX
227#define HASH_UPDATE GOSTR341194_Update
228#define HASH_TRANSFORM GOSTR341194_Transform
229#define HASH_NO_FINAL 1
230#define HASH_BLOCK_DATA_ORDER GOSTR341194_block_data_order
231
232#include "md32_common.h"
233
234int
235GOSTR341194_Final(unsigned char *md, GOSTR341194_CTX * c)
236{
237 unsigned char *p = (unsigned char *)c->data;
238 unsigned char T[32];
239
240 if (c->num > 0) {
241 memset(p + c->num, 0, 32 - c->num);
242 hash_step(c, c->H, p);
243 add_blocks(32, c->S, p);
244 }
245
246 p = T;
247 HOST_l2c(c->Nl, p);
248 HOST_l2c(c->Nh, p);
249 memset(p, 0, 32 - 8);
250 hash_step(c, c->H, T);
251 hash_step(c, c->H, c->S);
252
253 memcpy(md, c->H, 32);
254
255 return 1;
256}
257
258unsigned char *
259GOSTR341194(const unsigned char *d, size_t n, unsigned char *md, int nid)
260{
261 GOSTR341194_CTX c;
262 static unsigned char m[GOSTR341194_LENGTH];
263
264 if (md == NULL)
265 md = m;
266 if (!GOSTR341194_Init(&c, nid))
267 return 0;
268 GOSTR341194_Update(&c, d, n);
269 GOSTR341194_Final(md, &c);
270 OPENSSL_cleanse(&c, sizeof(c));
271 return (md);
272}
273#endif
diff --git a/src/lib/libcrypto/gost/streebog.c b/src/lib/libcrypto/gost/streebog.c
deleted file mode 100644
index 8060161d11..0000000000
--- a/src/lib/libcrypto/gost/streebog.c
+++ /dev/null
@@ -1,1477 +0,0 @@
1/* $OpenBSD: streebog.c,v 1.4 2014/12/07 16:33:51 jsing Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <machine/endian.h>
53
54#include <stdlib.h>
55#include <string.h>
56
57#include <openssl/opensslconf.h>
58
59#ifndef OPENSSL_NO_GOST
60#include <openssl/crypto.h>
61#include <openssl/objects.h>
62#include <openssl/gost.h>
63
64#include "gost_locl.h"
65
66static const STREEBOG_LONG64 A_PI_table[8][256] = {
67 { /* 0 */
68 U64(0xd01f715b5c7ef8e6), U64(0x16fa240980778325),
69 U64(0xa8a42e857ee049c8), U64(0x6ac1068fa186465b),
70 U64(0x6e417bd7a2e9320b), U64(0x665c8167a437daab),
71 U64(0x7666681aa89617f6), U64(0x4b959163700bdcf5),
72 U64(0xf14be6b78df36248), U64(0xc585bd689a625cff),
73 U64(0x9557d7fca67d82cb), U64(0x89f0b969af6dd366),
74 U64(0xb0833d48749f6c35), U64(0xa1998c23b1ecbc7c),
75 U64(0x8d70c431ac02a736), U64(0xd6dfbc2fd0a8b69e),
76 U64(0x37aeb3e551fa198b), U64(0x0b7d128a40b5cf9c),
77 U64(0x5a8f2008b5780cbc), U64(0xedec882284e333e5),
78 U64(0xd25fc177d3c7c2ce), U64(0x5e0f5d50b61778ec),
79 U64(0x1d873683c0c24cb9), U64(0xad040bcbb45d208c),
80 U64(0x2f89a0285b853c76), U64(0x5732fff6791b8d58),
81 U64(0x3e9311439ef6ec3f), U64(0xc9183a809fd3c00f),
82 U64(0x83adf3f5260a01ee), U64(0xa6791941f4e8ef10),
83 U64(0x103ae97d0ca1cd5d), U64(0x2ce948121dee1b4a),
84 U64(0x39738421dbf2bf53), U64(0x093da2a6cf0cf5b4),
85 U64(0xcd9847d89cbcb45f), U64(0xf9561c078b2d8ae8),
86 U64(0x9c6a755a6971777f), U64(0xbc1ebaa0712ef0c5),
87 U64(0x72e61542abf963a6), U64(0x78bb5fde229eb12e),
88 U64(0x14ba94250fceb90d), U64(0x844d6697630e5282),
89 U64(0x98ea08026a1e032f), U64(0xf06bbea144217f5c),
90 U64(0xdb6263d11ccb377a), U64(0x641c314b2b8ee083),
91 U64(0x320e96ab9b4770cf), U64(0x1ee7deb986a96b85),
92 U64(0xe96cf57a878c47b5), U64(0xfdd6615f8842feb8),
93 U64(0xc83862965601dd1b), U64(0x2ea9f83e92572162),
94 U64(0xf876441142ff97fc), U64(0xeb2c455608357d9d),
95 U64(0x5612a7e0b0c9904c), U64(0x6c01cbfb2d500823),
96 U64(0x4548a6a7fa037a2d), U64(0xabc4c6bf388b6ef4),
97 U64(0xbade77d4fdf8bebd), U64(0x799b07c8eb4cac3a),
98 U64(0x0c9d87e805b19cf0), U64(0xcb588aac106afa27),
99 U64(0xea0c1d40c1e76089), U64(0x2869354a1e816f1a),
100 U64(0xff96d17307fbc490), U64(0x9f0a9d602f1a5043),
101 U64(0x96373fc6e016a5f7), U64(0x5292dab8b3a6e41c),
102 U64(0x9b8ae0382c752413), U64(0x4f15ec3b7364a8a5),
103 U64(0x3fb349555724f12b), U64(0xc7c50d4415db66d7),
104 U64(0x92b7429ee379d1a7), U64(0xd37f99611a15dfda),
105 U64(0x231427c05e34a086), U64(0xa439a96d7b51d538),
106 U64(0xb403401077f01865), U64(0xdda2aea5901d7902),
107 U64(0x0a5d4a9c8967d288), U64(0xc265280adf660f93),
108 U64(0x8bb0094520d4e94e), U64(0x2a29856691385532),
109 U64(0x42a833c5bf072941), U64(0x73c64d54622b7eb2),
110 U64(0x07e095624504536c), U64(0x8a905153e906f45a),
111 U64(0x6f6123c16b3b2f1f), U64(0xc6e55552dc097bc3),
112 U64(0x4468feb133d16739), U64(0xe211e7f0c7398829),
113 U64(0xa2f96419f7879b40), U64(0x19074bdbc3ad38e9),
114 U64(0xf4ebc3f9474e0b0c), U64(0x43886bd376d53455),
115 U64(0xd8028beb5aa01046), U64(0x51f23282f5cdc320),
116 U64(0xe7b1c2be0d84e16d), U64(0x081dfab006dee8a0),
117 U64(0x3b33340d544b857b), U64(0x7f5bcabc679ae242),
118 U64(0x0edd37c48a08a6d8), U64(0x81ed43d9a9b33bc6),
119 U64(0xb1a3655ebd4d7121), U64(0x69a1eeb5e7ed6167),
120 U64(0xf6ab73d5c8f73124), U64(0x1a67a3e185c61fd5),
121 U64(0x2dc91004d43c065e), U64(0x0240b02c8fb93a28),
122 U64(0x90f7f2b26cc0eb8f), U64(0x3cd3a16f114fd617),
123 U64(0xaae49ea9f15973e0), U64(0x06c0cd748cd64e78),
124 U64(0xda423bc7d5192a6e), U64(0xc345701c16b41287),
125 U64(0x6d2193ede4821537), U64(0xfcf639494190e3ac),
126 U64(0x7c3b228621f1c57e), U64(0xfb16ac2b0494b0c0),
127 U64(0xbf7e529a3745d7f9), U64(0x6881b6a32e3f7c73),
128 U64(0xca78d2bad9b8e733), U64(0xbbfe2fc2342aa3a9),
129 U64(0x0dbddffecc6381e4), U64(0x70a6a56e2440598e),
130 U64(0xe4d12a844befc651), U64(0x8c509c2765d0ba22),
131 U64(0xee8c6018c28814d9), U64(0x17da7c1f49a59e31),
132 U64(0x609c4c1328e194d3), U64(0xb3e3d57232f44b09),
133 U64(0x91d7aaa4a512f69b), U64(0x0ffd6fd243dabbcc),
134 U64(0x50d26a943c1fde34), U64(0x6be15e9968545b4f),
135 U64(0x94778fea6faf9fdf), U64(0x2b09dd7058ea4826),
136 U64(0x677cd9716de5c7bf), U64(0x49d5214fffb2e6dd),
137 U64(0x0360e83a466b273c), U64(0x1fc786af4f7b7691),
138 U64(0xa0b9d435783ea168), U64(0xd49f0c035f118cb6),
139 U64(0x01205816c9d21d14), U64(0xac2453dd7d8f3d98),
140 U64(0x545217cc3f70aa64), U64(0x26b4028e9489c9c2),
141 U64(0xdec2469fd6765e3e), U64(0x04807d58036f7450),
142 U64(0xe5f17292823ddb45), U64(0xf30b569b024a5860),
143 U64(0x62dcfc3fa758aefb), U64(0xe84cad6c4e5e5aa1),
144 U64(0xccb81fce556ea94b), U64(0x53b282ae7a74f908),
145 U64(0x1b47fbf74c1402c1), U64(0x368eebf39828049f),
146 U64(0x7afbeff2ad278b06), U64(0xbe5e0a8cfe97caed),
147 U64(0xcfd8f7f413058e77), U64(0xf78b2bc301252c30),
148 U64(0x4d555c17fcdd928d), U64(0x5f2f05467fc565f8),
149 U64(0x24f4b2a21b30f3ea), U64(0x860dd6bbecb768aa),
150 U64(0x4c750401350f8f99), U64(0x0000000000000000),
151 U64(0xecccd0344d312ef1), U64(0xb5231806be220571),
152 U64(0xc105c030990d28af), U64(0x653c695de25cfd97),
153 U64(0x159acc33c61ca419), U64(0xb89ec7f872418495),
154 U64(0xa9847693b73254dc), U64(0x58cf90243ac13694),
155 U64(0x59efc832f3132b80), U64(0x5c4fed7c39ae42c4),
156 U64(0x828dabe3efd81cfa), U64(0xd13f294d95ace5f2),
157 U64(0x7d1b7a90e823d86a), U64(0xb643f03cf849224d),
158 U64(0x3df3f979d89dcb03), U64(0x7426d836272f2dde),
159 U64(0xdfe21e891fa4432a), U64(0x3a136c1b9d99986f),
160 U64(0xfa36f43dcd46add4), U64(0xc025982650df35bb),
161 U64(0x856d3e81aadc4f96), U64(0xc4a5e57e53b041eb),
162 U64(0x4708168b75ba4005), U64(0xaf44bbe73be41aa4),
163 U64(0x971767d029c4b8e3), U64(0xb9be9feebb939981),
164 U64(0x215497ecd18d9aae), U64(0x316e7e91dd2c57f3),
165 U64(0xcef8afe2dad79363), U64(0x3853dc371220a247),
166 U64(0x35ee03c9de4323a3), U64(0xe6919aa8c456fc79),
167 U64(0xe05157dc4880b201), U64(0x7bdbb7e464f59612),
168 U64(0x127a59518318f775), U64(0x332ecebd52956ddb),
169 U64(0x8f30741d23bb9d1e), U64(0xd922d3fd93720d52),
170 U64(0x7746300c61440ae2), U64(0x25d4eab4d2e2eefe),
171 U64(0x75068020eefd30ca), U64(0x135a01474acaea61),
172 U64(0x304e268714fe4ae7), U64(0xa519f17bb283c82c),
173 U64(0xdc82f6b359cf6416), U64(0x5baf781e7caa11a8),
174 U64(0xb2c38d64fb26561d), U64(0x34ce5bdf17913eb7),
175 U64(0x5d6fb56af07c5fd0), U64(0x182713cd0a7f25fd),
176 U64(0x9e2ac576e6c84d57), U64(0x9aaab82ee5a73907),
177 U64(0xa3d93c0f3e558654), U64(0x7e7b92aaae48ff56),
178 U64(0x872d8ead256575be), U64(0x41c8dbfff96c0e7d),
179 U64(0x99ca5014a3cc1e3b), U64(0x40e883e930be1369),
180 U64(0x1ca76e95091051ad), U64(0x4e35b42dbab6b5b1),
181 U64(0x05a0254ecabd6944), U64(0xe1710fca8152af15),
182 U64(0xf22b0e8dcb984574), U64(0xb763a82a319b3f59),
183 U64(0x63fca4296e8ab3ef), U64(0x9d4a2d4ca0a36a6b),
184 U64(0xe331bfe60eeb953d), U64(0xd5bf541596c391a2),
185 U64(0xf5cb9bef8e9c1618), U64(0x46284e9dbc685d11),
186 U64(0x2074cffa185f87ba), U64(0xbd3ee2b6b8fcedd1),
187 U64(0xae64e3f1f23607b0), U64(0xfeb68965ce29d984),
188 U64(0x55724fdaf6a2b770), U64(0x29496d5cd753720e),
189 U64(0xa75941573d3af204), U64(0x8e102c0bea69800a),
190 U64(0x111ab16bc573d049), U64(0xd7ffe439197aab8a),
191 U64(0xefac380e0b5a09cd), U64(0x48f579593660fbc9),
192 U64(0x22347fd697e6bd92), U64(0x61bc1405e13389c7),
193 U64(0x4ab5c975b9d9c1e1), U64(0x80cd1bcf606126d2),
194 U64(0x7186fd78ed92449a), U64(0x93971a882aabccb3),
195 U64(0x88d0e17f66bfce72), U64(0x27945a985d5bd4d6)
196 }, { /* 1 */
197 U64(0xde553f8c05a811c8), U64(0x1906b59631b4f565),
198 U64(0x436e70d6b1964ff7), U64(0x36d343cb8b1e9d85),
199 U64(0x843dfacc858aab5a), U64(0xfdfc95c299bfc7f9),
200 U64(0x0f634bdea1d51fa2), U64(0x6d458b3b76efb3cd),
201 U64(0x85c3f77cf8593f80), U64(0x3c91315fbe737cb2),
202 U64(0x2148b03366ace398), U64(0x18f8b8264c6761bf),
203 U64(0xc830c1c495c9fb0f), U64(0x981a76102086a0aa),
204 U64(0xaa16012142f35760), U64(0x35cc54060c763cf6),
205 U64(0x42907d66cc45db2d), U64(0x8203d44b965af4bc),
206 U64(0x3d6f3cefc3a0e868), U64(0xbc73ff69d292bda7),
207 U64(0x8722ed0102e20a29), U64(0x8f8185e8cd34deb7),
208 U64(0x9b0561dda7ee01d9), U64(0x5335a0193227fad6),
209 U64(0xc9cecc74e81a6fd5), U64(0x54f5832e5c2431ea),
210 U64(0x99e47ba05d553470), U64(0xf7bee756acd226ce),
211 U64(0x384e05a5571816fd), U64(0xd1367452a47d0e6a),
212 U64(0xf29fde1c386ad85b), U64(0x320c77316275f7ca),
213 U64(0xd0c879e2d9ae9ab0), U64(0xdb7406c69110ef5d),
214 U64(0x45505e51a2461011), U64(0xfc029872e46c5323),
215 U64(0xfa3cb6f5f7bc0cc5), U64(0x031f17cd8768a173),
216 U64(0xbd8df2d9af41297d), U64(0x9d3b4f5ab43e5e3f),
217 U64(0x4071671b36feee84), U64(0x716207e7d3e3b83d),
218 U64(0x48d20ff2f9283a1a), U64(0x27769eb4757cbc7e),
219 U64(0x5c56ebc793f2e574), U64(0xa48b474f9ef5dc18),
220 U64(0x52cbada94ff46e0c), U64(0x60c7da982d8199c6),
221 U64(0x0e9d466edc068b78), U64(0x4eec2175eaf865fc),
222 U64(0x550b8e9e21f7a530), U64(0x6b7ba5bc653fec2b),
223 U64(0x5eb7f1ba6949d0dd), U64(0x57ea94e3db4c9099),
224 U64(0xf640eae6d101b214), U64(0xdd4a284182c0b0bb),
225 U64(0xff1d8fbf6304f250), U64(0xb8accb933bf9d7e8),
226 U64(0xe8867c478eb68c4d), U64(0x3f8e2692391bddc1),
227 U64(0xcb2fd60912a15a7c), U64(0xaec935dbab983d2f),
228 U64(0xf55ffd2b56691367), U64(0x80e2ce366ce1c115),
229 U64(0x179bf3f8edb27e1d), U64(0x01fe0db07dd394da),
230 U64(0xda8a0b76ecc37b87), U64(0x44ae53e1df9584cb),
231 U64(0xb310b4b77347a205), U64(0xdfab323c787b8512),
232 U64(0x3b511268d070b78e), U64(0x65e6e3d2b9396753),
233 U64(0x6864b271e2574d58), U64(0x259784c98fc789d7),
234 U64(0x02e11a7dfabb35a9), U64(0x8841a6dfa337158b),
235 U64(0x7ade78c39b5dcdd0), U64(0xb7cf804d9a2cc84a),
236 U64(0x20b6bd831b7f7742), U64(0x75bd331d3a88d272),
237 U64(0x418f6aab4b2d7a5e), U64(0xd9951cbb6babdaf4),
238 U64(0xb6318dfde7ff5c90), U64(0x1f389b112264aa83),
239 U64(0x492c024284fbaec0), U64(0xe33a0363c608f9a0),
240 U64(0x2688930408af28a4), U64(0xc7538a1a341ce4ad),
241 U64(0x5da8e677ee2171ae), U64(0x8c9e92254a5c7fc4),
242 U64(0x63d8cd55aae938b5), U64(0x29ebd8daa97a3706),
243 U64(0x959827b37be88aa1), U64(0x1484e4356adadf6e),
244 U64(0xa7945082199d7d6b), U64(0xbf6ce8a455fa1cd4),
245 U64(0x9cc542eac9edcae5), U64(0x79c16f0e1c356ca3),
246 U64(0x89bfab6fdee48151), U64(0xd4174d1830c5f0ff),
247 U64(0x9258048415eb419d), U64(0x6139d72850520d1c),
248 U64(0x6a85a80c18ec78f1), U64(0xcd11f88e0171059a),
249 U64(0xcceff53e7ca29140), U64(0xd229639f2315af19),
250 U64(0x90b91ef9ef507434), U64(0x5977d28d074a1be1),
251 U64(0x311360fce51d56b9), U64(0xc093a92d5a1f2f91),
252 U64(0x1a19a25bb6dc5416), U64(0xeb996b8a09de2d3e),
253 U64(0xfee3820f1ed7668a), U64(0xd7085ad5b7ad518c),
254 U64(0x7fff41890fe53345), U64(0xec5948bd67dde602),
255 U64(0x2fd5f65dbaaa68e0), U64(0xa5754affe32648c2),
256 U64(0xf8ddac880d07396c), U64(0x6fa491468c548664),
257 U64(0x0c7c5c1326bdbed1), U64(0x4a33158f03930fb3),
258 U64(0x699abfc19f84d982), U64(0xe4fa2054a80b329c),
259 U64(0x6707f9af438252fa), U64(0x08a368e9cfd6d49e),
260 U64(0x47b1442c58fd25b8), U64(0xbbb3dc5ebc91769b),
261 U64(0x1665fe489061eac7), U64(0x33f27a811fa66310),
262 U64(0x93a609346838d547), U64(0x30ed6d4c98cec263),
263 U64(0x1dd9816cd8df9f2a), U64(0x94662a03063b1e7b),
264 U64(0x83fdd9fbeb896066), U64(0x7b207573e68e590a),
265 U64(0x5f49fc0a149a4407), U64(0x343259b671a5a82c),
266 U64(0xfbc2bb458a6f981f), U64(0xc272b350a0a41a38),
267 U64(0x3aaf1fd8ada32354), U64(0x6cbb868b0b3c2717),
268 U64(0xa2b569c88d2583fe), U64(0xf180c9d1bf027928),
269 U64(0xaf37386bd64ba9f5), U64(0x12bacab2790a8088),
270 U64(0x4c0d3b0810435055), U64(0xb2eeb9070e9436df),
271 U64(0xc5b29067cea7d104), U64(0xdcb425f1ff132461),
272 U64(0x4f122cc5972bf126), U64(0xac282fa651230886),
273 U64(0xe7e537992f6393ef), U64(0xe61b3a2952b00735),
274 U64(0x709c0a57ae302ce7), U64(0xe02514ae416058d3),
275 U64(0xc44c9dd7b37445de), U64(0x5a68c5408022ba92),
276 U64(0x1c278cdca50c0bf0), U64(0x6e5a9cf6f18712be),
277 U64(0x86dce0b17f319ef3), U64(0x2d34ec2040115d49),
278 U64(0x4bcd183f7e409b69), U64(0x2815d56ad4a9a3dc),
279 U64(0x24698979f2141d0d), U64(0x0000000000000000),
280 U64(0x1ec696a15fb73e59), U64(0xd86b110b16784e2e),
281 U64(0x8e7f8858b0e74a6d), U64(0x063e2e8713d05fe6),
282 U64(0xe2c40ed3bbdb6d7a), U64(0xb1f1aeca89fc97ac),
283 U64(0xe1db191e3cb3cc09), U64(0x6418ee62c4eaf389),
284 U64(0xc6ad87aa49cf7077), U64(0xd6f65765ca7ec556),
285 U64(0x9afb6c6dda3d9503), U64(0x7ce05644888d9236),
286 U64(0x8d609f95378feb1e), U64(0x23a9aa4e9c17d631),
287 U64(0x6226c0e5d73aac6f), U64(0x56149953a69f0443),
288 U64(0xeeb852c09d66d3ab), U64(0x2b0ac2a753c102af),
289 U64(0x07c023376e03cb3c), U64(0x2ccae1903dc2c993),
290 U64(0xd3d76e2f5ec63bc3), U64(0x9e2458973356ff4c),
291 U64(0xa66a5d32644ee9b1), U64(0x0a427294356de137),
292 U64(0x783f62be61e6f879), U64(0x1344c70204d91452),
293 U64(0x5b96c8f0fdf12e48), U64(0xa90916ecc59bf613),
294 U64(0xbe92e5142829880e), U64(0x727d102a548b194e),
295 U64(0x1be7afebcb0fc0cc), U64(0x3e702b2244c8491b),
296 U64(0xd5e940a84d166425), U64(0x66f9f41f3e51c620),
297 U64(0xabe80c913f20c3ba), U64(0xf07ec461c2d1edf2),
298 U64(0xf361d3ac45b94c81), U64(0x0521394a94b8fe95),
299 U64(0xadd622162cf09c5c), U64(0xe97871f7f3651897),
300 U64(0xf4a1f09b2bba87bd), U64(0x095d6559b2054044),
301 U64(0x0bbc7f2448be75ed), U64(0x2af4cf172e129675),
302 U64(0x157ae98517094bb4), U64(0x9fda55274e856b96),
303 U64(0x914713499283e0ee), U64(0xb952c623462a4332),
304 U64(0x74433ead475b46a8), U64(0x8b5eb112245fb4f8),
305 U64(0xa34b6478f0f61724), U64(0x11a5dd7ffe6221fb),
306 U64(0xc16da49d27ccbb4b), U64(0x76a224d0bde07301),
307 U64(0x8aa0bca2598c2022), U64(0x4df336b86d90c48f),
308 U64(0xea67663a740db9e4), U64(0xef465f70e0b54771),
309 U64(0x39b008152acb8227), U64(0x7d1e5bf4f55e06ec),
310 U64(0x105bd0cf83b1b521), U64(0x775c2960c033e7db),
311 U64(0x7e014c397236a79f), U64(0x811cc386113255cf),
312 U64(0xeda7450d1a0e72d8), U64(0x5889df3d7a998f3b),
313 U64(0x2e2bfbedc779fc3a), U64(0xce0eef438619a4e9),
314 U64(0x372d4e7bf6cd095f), U64(0x04df34fae96b6a4f),
315 U64(0xf923a13870d4adb6), U64(0xa1aa7e050a4d228d),
316 U64(0xa8f71b5cb84862c9), U64(0xb52e9a306097fde3),
317 U64(0x0d8251a35b6e2a0b), U64(0x2257a7fee1c442eb),
318 U64(0x73831d9a29588d94), U64(0x51d4ba64c89ccf7f),
319 U64(0x502ab7d4b54f5ba5), U64(0x97793dce8153bf08),
320 U64(0xe5042de4d5d8a646), U64(0x9687307efc802bd2),
321 U64(0xa05473b5779eb657), U64(0xb4d097801d446939),
322 U64(0xcff0e2f3fbca3033), U64(0xc38cbee0dd778ee2),
323 U64(0x464f499c252eb162), U64(0xcad1dbb96f72cea6),
324 U64(0xba4dd1eec142e241), U64(0xb00fa37af42f0376)
325 }, { /* 2 */
326 U64(0xcce4cd3aa968b245), U64(0x089d5484e80b7faf),
327 U64(0x638246c1b3548304), U64(0xd2fe0ec8c2355492),
328 U64(0xa7fbdf7ff2374eee), U64(0x4df1600c92337a16),
329 U64(0x84e503ea523b12fb), U64(0x0790bbfd53ab0c4a),
330 U64(0x198a780f38f6ea9d), U64(0x2ab30c8f55ec48cb),
331 U64(0xe0f7fed6b2c49db5), U64(0xb6ecf3f422cadbdc),
332 U64(0x409c9a541358df11), U64(0xd3ce8a56dfde3fe3),
333 U64(0xc3e9224312c8c1a0), U64(0x0d6dfa58816ba507),
334 U64(0xddf3e1b179952777), U64(0x04c02a42748bb1d9),
335 U64(0x94c2abff9f2decb8), U64(0x4f91752da8f8acf4),
336 U64(0x78682befb169bf7b), U64(0xe1c77a48af2ff6c4),
337 U64(0x0c5d7ec69c80ce76), U64(0x4cc1e4928fd81167),
338 U64(0xfeed3d24d9997b62), U64(0x518bb6dfc3a54a23),
339 U64(0x6dbf2d26151f9b90), U64(0xb5bc624b05ea664f),
340 U64(0xe86aaa525acfe21a), U64(0x4801ced0fb53a0be),
341 U64(0xc91463e6c00868ed), U64(0x1027a815cd16fe43),
342 U64(0xf67069a0319204cd), U64(0xb04ccc976c8abce7),
343 U64(0xc0b9b3fc35e87c33), U64(0xf380c77c58f2de65),
344 U64(0x50bb3241de4e2152), U64(0xdf93f490435ef195),
345 U64(0xf1e0d25d62390887), U64(0xaf668bfb1a3c3141),
346 U64(0xbc11b251f00a7291), U64(0x73a5eed47e427d47),
347 U64(0x25bee3f6ee4c3b2e), U64(0x43cc0beb34786282),
348 U64(0xc824e778dde3039c), U64(0xf97d86d98a327728),
349 U64(0xf2b043e24519b514), U64(0xe297ebf7880f4b57),
350 U64(0x3a94a49a98fab688), U64(0x868516cb68f0c419),
351 U64(0xeffa11af0964ee50), U64(0xa4ab4ec0d517f37d),
352 U64(0xa9c6b498547c567a), U64(0x8e18424f80fbbbb6),
353 U64(0x0bcdc53bcf2bc23c), U64(0x137739aaea3643d0),
354 U64(0x2c1333ec1bac2ff0), U64(0x8d48d3f0a7db0625),
355 U64(0x1e1ac3f26b5de6d7), U64(0xf520f81f16b2b95e),
356 U64(0x9f0f6ec450062e84), U64(0x0130849e1deb6b71),
357 U64(0xd45e31ab8c7533a9), U64(0x652279a2fd14e43f),
358 U64(0x3209f01e70f1c927), U64(0xbe71a770cac1a473),
359 U64(0x0e3d6be7a64b1894), U64(0x7ec8148cff29d840),
360 U64(0xcb7476c7fac3be0f), U64(0x72956a4a63a91636),
361 U64(0x37f95ec21991138f), U64(0x9e3fea5a4ded45f5),
362 U64(0x7b38ba50964902e8), U64(0x222e580bbde73764),
363 U64(0x61e253e0899f55e6), U64(0xfc8d2805e352ad80),
364 U64(0x35994be3235ac56d), U64(0x09add01af5e014de),
365 U64(0x5e8659a6780539c6), U64(0xb17c48097161d796),
366 U64(0x026015213acbd6e2), U64(0xd1ae9f77e515e901),
367 U64(0xb7dc776a3f21b0ad), U64(0xaba6a1b96eb78098),
368 U64(0x9bcf4486248d9f5d), U64(0x582666c536455efd),
369 U64(0xfdbdac9bfeb9c6f1), U64(0xc47999be4163cdea),
370 U64(0x765540081722a7ef), U64(0x3e548ed8ec710751),
371 U64(0x3d041f67cb51bac2), U64(0x7958af71ac82d40a),
372 U64(0x36c9da5c047a78fe), U64(0xed9a048e33af38b2),
373 U64(0x26ee7249c96c86bd), U64(0x900281bdeba65d61),
374 U64(0x11172c8bd0fd9532), U64(0xea0abf73600434f8),
375 U64(0x42fc8f75299309f3), U64(0x34a9cf7d3eb1ae1c),
376 U64(0x2b838811480723ba), U64(0x5ce64c8742ceef24),
377 U64(0x1adae9b01fd6570e), U64(0x3c349bf9d6bad1b3),
378 U64(0x82453c891c7b75c0), U64(0x97923a40b80d512b),
379 U64(0x4a61dbf1c198765c), U64(0xb48ce6d518010d3e),
380 U64(0xcfb45c858e480fd6), U64(0xd933cbf30d1e96ae),
381 U64(0xd70ea014ab558e3a), U64(0xc189376228031742),
382 U64(0x9262949cd16d8b83), U64(0xeb3a3bed7def5f89),
383 U64(0x49314a4ee6b8cbcf), U64(0xdcc3652f647e4c06),
384 U64(0xda635a4c2a3e2b3d), U64(0x470c21a940f3d35b),
385 U64(0x315961a157d174b4), U64(0x6672e81dda3459ac),
386 U64(0x5b76f77a1165e36e), U64(0x445cb01667d36ec8),
387 U64(0xc5491d205c88a69b), U64(0x456c34887a3805b9),
388 U64(0xffddb9bac4721013), U64(0x99af51a71e4649bf),
389 U64(0xa15be01cbc7729d5), U64(0x52db2760e485f7b0),
390 U64(0x8c78576eba306d54), U64(0xae560f6507d75a30),
391 U64(0x95f22f6182c687c9), U64(0x71c5fbf54489aba5),
392 U64(0xca44f259e728d57e), U64(0x88b87d2ccebbdc8d),
393 U64(0xbab18d32be4a15aa), U64(0x8be8ec93e99b611e),
394 U64(0x17b713e89ebdf209), U64(0xb31c5d284baa0174),
395 U64(0xeeca9531148f8521), U64(0xb8d198138481c348),
396 U64(0x8988f9b2d350b7fc), U64(0xb9e11c8d996aa839),
397 U64(0x5a4673e40c8e881f), U64(0x1687977683569978),
398 U64(0xbf4123eed72acf02), U64(0x4ea1f1b3b513c785),
399 U64(0xe767452be16f91ff), U64(0x7505d1b730021a7c),
400 U64(0xa59bca5ec8fc980c), U64(0xad069eda20f7e7a3),
401 U64(0x38f4b1bba231606a), U64(0x60d2d77e94743e97),
402 U64(0x9affc0183966f42c), U64(0x248e6768f3a7505f),
403 U64(0xcdd449a4b483d934), U64(0x87b59255751baf68),
404 U64(0x1bea6d2e023d3c7f), U64(0x6b1f12455b5ffcab),
405 U64(0x743555292de9710d), U64(0xd8034f6d10f5fddf),
406 U64(0xc6198c9f7ba81b08), U64(0xbb8109aca3a17edb),
407 U64(0xfa2d1766ad12cabb), U64(0xc729080166437079),
408 U64(0x9c5fff7b77269317), U64(0x0000000000000000),
409 U64(0x15d706c9a47624eb), U64(0x6fdf38072fd44d72),
410 U64(0x5fb6dd3865ee52b7), U64(0xa33bf53d86bcff37),
411 U64(0xe657c1b5fc84fa8e), U64(0xaa962527735cebe9),
412 U64(0x39c43525bfda0b1b), U64(0x204e4d2a872ce186),
413 U64(0x7a083ece8ba26999), U64(0x554b9c9db72efbfa),
414 U64(0xb22cd9b656416a05), U64(0x96a2bedea5e63a5a),
415 U64(0x802529a826b0a322), U64(0x8115ad363b5bc853),
416 U64(0x8375b81701901eb1), U64(0x3069e53f4a3a1fc5),
417 U64(0xbd2136cfede119e0), U64(0x18bafc91251d81ec),
418 U64(0x1d4a524d4c7d5b44), U64(0x05f0aedc6960daa8),
419 U64(0x29e39d3072ccf558), U64(0x70f57f6b5962c0d4),
420 U64(0x989fd53903ad22ce), U64(0xf84d024797d91c59),
421 U64(0x547b1803aac5908b), U64(0xf0d056c37fd263f6),
422 U64(0xd56eb535919e58d8), U64(0x1c7ad6d351963035),
423 U64(0x2e7326cd2167f912), U64(0xac361a443d1c8cd2),
424 U64(0x697f076461942a49), U64(0x4b515f6fdc731d2d),
425 U64(0x8ad8680df4700a6f), U64(0x41ac1eca0eb3b460),
426 U64(0x7d988533d80965d3), U64(0xa8f6300649973d0b),
427 U64(0x7765c4960ac9cc9e), U64(0x7ca801adc5e20ea2),
428 U64(0xdea3700e5eb59ae4), U64(0xa06b6482a19c42a4),
429 U64(0x6a2f96db46b497da), U64(0x27def6d7d487edcc),
430 U64(0x463ca5375d18b82a), U64(0xa6cb5be1efdc259f),
431 U64(0x53eba3fef96e9cc1), U64(0xce84d81b93a364a7),
432 U64(0xf4107c810b59d22f), U64(0x333974806d1aa256),
433 U64(0x0f0def79bba073e5), U64(0x231edc95a00c5c15),
434 U64(0xe437d494c64f2c6c), U64(0x91320523f64d3610),
435 U64(0x67426c83c7df32dd), U64(0x6eefbc99323f2603),
436 U64(0x9d6f7be56acdf866), U64(0x5916e25b2bae358c),
437 U64(0x7ff89012e2c2b331), U64(0x035091bf2720bd93),
438 U64(0x561b0d22900e4669), U64(0x28d319ae6f279e29),
439 U64(0x2f43a2533c8c9263), U64(0xd09e1be9f8fe8270),
440 U64(0xf740ed3e2c796fbc), U64(0xdb53ded237d5404c),
441 U64(0x62b2c25faebfe875), U64(0x0afd41a5d2c0a94d),
442 U64(0x6412fd3ce0ff8f4e), U64(0xe3a76f6995e42026),
443 U64(0x6c8fa9b808f4f0e1), U64(0xc2d9a6dd0f23aad1),
444 U64(0x8f28c6d19d10d0c7), U64(0x85d587744fd0798a),
445 U64(0xa20b71a39b579446), U64(0x684f83fa7c7f4138),
446 U64(0xe507500adba4471d), U64(0x3f640a46f19a6c20),
447 U64(0x1247bd34f7dd28a1), U64(0x2d23b77206474481),
448 U64(0x93521002cc86e0f2), U64(0x572b89bc8de52d18),
449 U64(0xfb1d93f8b0f9a1ca), U64(0xe95a2ecc4724896b),
450 U64(0x3ba420048511ddf9), U64(0xd63e248ab6bee54b),
451 U64(0x5dd6c8195f258455), U64(0x06a03f634e40673b),
452 U64(0x1f2a476c76b68da6), U64(0x217ec9b49ac78af7),
453 U64(0xecaa80102e4453c3), U64(0x14e78257b99d4f9a)
454 }, { /* 3 */
455 U64(0x20329b2cc87bba05), U64(0x4f5eb6f86546a531),
456 U64(0xd4f44775f751b6b1), U64(0x8266a47b850dfa8b),
457 U64(0xbb986aa15a6ca985), U64(0xc979eb08f9ae0f99),
458 U64(0x2da6f447a2375ea1), U64(0x1e74275dcd7d8576),
459 U64(0xbc20180a800bc5f8), U64(0xb4a2f701b2dc65be),
460 U64(0xe726946f981b6d66), U64(0x48e6c453bf21c94c),
461 U64(0x42cad9930f0a4195), U64(0xefa47b64aacccd20),
462 U64(0x71180a8960409a42), U64(0x8bb3329bf6a44e0c),
463 U64(0xd34c35de2d36dacc), U64(0xa92f5b7cbc23dc96),
464 U64(0xb31a85aa68bb09c3), U64(0x13e04836a73161d2),
465 U64(0xb24dfc4129c51d02), U64(0x8ae44b70b7da5acd),
466 U64(0xe671ed84d96579a7), U64(0xa4bb3417d66f3832),
467 U64(0x4572ab38d56d2de8), U64(0xb1b47761ea47215c),
468 U64(0xe81c09cf70aba15d), U64(0xffbdb872ce7f90ac),
469 U64(0xa8782297fd5dc857), U64(0x0d946f6b6a4ce4a4),
470 U64(0xe4df1f4f5b995138), U64(0x9ebc71edca8c5762),
471 U64(0x0a2c1dc0b02b88d9), U64(0x3b503c115d9d7b91),
472 U64(0xc64376a8111ec3a2), U64(0xcec199a323c963e4),
473 U64(0xdc76a87ec58616f7), U64(0x09d596e073a9b487),
474 U64(0x14583a9d7d560daf), U64(0xf4c6dc593f2a0cb4),
475 U64(0xdd21d19584f80236), U64(0x4a4836983ddde1d3),
476 U64(0xe58866a41ae745f9), U64(0xf591a5b27e541875),
477 U64(0x891dc05074586693), U64(0x5b068c651810a89e),
478 U64(0xa30346bc0c08544f), U64(0x3dbf3751c684032d),
479 U64(0x2a1e86ec785032dc), U64(0xf73f5779fca830ea),
480 U64(0xb60c05ca30204d21), U64(0x0cc316802b32f065),
481 U64(0x8770241bdd96be69), U64(0xb861e18199ee95db),
482 U64(0xf805cad91418fcd1), U64(0x29e70dccbbd20e82),
483 U64(0xc7140f435060d763), U64(0x0f3a9da0e8b0cc3b),
484 U64(0xa2543f574d76408e), U64(0xbd7761e1c175d139),
485 U64(0x4b1f4f737ca3f512), U64(0x6dc2df1f2fc137ab),
486 U64(0xf1d05c3967b14856), U64(0xa742bf3715ed046c),
487 U64(0x654030141d1697ed), U64(0x07b872abda676c7d),
488 U64(0x3ce84eba87fa17ec), U64(0xc1fb0403cb79afdf),
489 U64(0x3e46bc7105063f73), U64(0x278ae987121cd678),
490 U64(0xa1adb4778ef47cd0), U64(0x26dd906c5362c2b9),
491 U64(0x05168060589b44e2), U64(0xfbfc41f9d79ac08f),
492 U64(0x0e6de44ba9ced8fa), U64(0x9feb08068bf243a3),
493 U64(0x7b341749d06b129b), U64(0x229c69e74a87929a),
494 U64(0xe09ee6c4427c011b), U64(0x5692e30e725c4c3a),
495 U64(0xda99a33e5e9f6e4b), U64(0x353dd85af453a36b),
496 U64(0x25241b4c90e0fee7), U64(0x5de987258309d022),
497 U64(0xe230140fc0802984), U64(0x93281e86a0c0b3c6),
498 U64(0xf229d719a4337408), U64(0x6f6c2dd4ad3d1f34),
499 U64(0x8ea5b2fbae3f0aee), U64(0x8331dd90c473ee4a),
500 U64(0x346aa1b1b52db7aa), U64(0xdf8f235e06042aa9),
501 U64(0xcc6f6b68a1354b7b), U64(0x6c95a6f46ebf236a),
502 U64(0x52d31a856bb91c19), U64(0x1a35ded6d498d555),
503 U64(0xf37eaef2e54d60c9), U64(0x72e181a9a3c2a61c),
504 U64(0x98537aad51952fde), U64(0x16f6c856ffaa2530),
505 U64(0xd960281e9d1d5215), U64(0x3a0745fa1ce36f50),
506 U64(0x0b7b642bf1559c18), U64(0x59a87eae9aec8001),
507 U64(0x5e100c05408bec7c), U64(0x0441f98b19e55023),
508 U64(0xd70dcc5534d38aef), U64(0x927f676de1bea707),
509 U64(0x9769e70db925e3e5), U64(0x7a636ea29115065a),
510 U64(0x468b201816ef11b6), U64(0xab81a9b73edff409),
511 U64(0xc0ac7de88a07bb1e), U64(0x1f235eb68c0391b7),
512 U64(0x6056b074458dd30f), U64(0xbe8eeac102f7ed67),
513 U64(0xcd381283e04b5fba), U64(0x5cbefecec277c4e3),
514 U64(0xd21b4c356c48ce0d), U64(0x1019c31664b35d8c),
515 U64(0x247362a7d19eea26), U64(0xebe582efb3299d03),
516 U64(0x02aef2cb82fc289f), U64(0x86275df09ce8aaa8),
517 U64(0x28b07427faac1a43), U64(0x38a9b7319e1f47cf),
518 U64(0xc82e92e3b8d01b58), U64(0x06ef0b409b1978bc),
519 U64(0x62f842bfc771fb90), U64(0x9904034610eb3b1f),
520 U64(0xded85ab5477a3e68), U64(0x90d195a663428f98),
521 U64(0x5384636e2ac708d8), U64(0xcbd719c37b522706),
522 U64(0xae9729d76644b0eb), U64(0x7c8c65e20a0c7ee6),
523 U64(0x80c856b007f1d214), U64(0x8c0b40302cc32271),
524 U64(0xdbcedad51fe17a8a), U64(0x740e8ae938dbdea0),
525 U64(0xa615c6dc549310ad), U64(0x19cc55f6171ae90b),
526 U64(0x49b1bdb8fe5fdd8d), U64(0xed0a89af2830e5bf),
527 U64(0x6a7aadb4f5a65bd6), U64(0x7e22972988f05679),
528 U64(0xf952b3325566e810), U64(0x39fecedadf61530e),
529 U64(0x6101c99f04f3c7ce), U64(0x2e5f7f6761b562ff),
530 U64(0xf08725d226cf5c97), U64(0x63af3b54860fef51),
531 U64(0x8ff2cb10ef411e2f), U64(0x884ab9bb35267252),
532 U64(0x4df04433e7ba8dae), U64(0x9afd8866d3690741),
533 U64(0x66b9bb34de94abb3), U64(0x9baaf18d92171380),
534 U64(0x543c11c5f0a064a5), U64(0x17a1b1bdbed431f1),
535 U64(0xb5f58eeaf3a2717f), U64(0xc355f6c849858740),
536 U64(0xec5df044694ef17e), U64(0xd83751f5dc6346d4),
537 U64(0xfc4433520dfdacf2), U64(0x0000000000000000),
538 U64(0x5a51f58e596ebc5f), U64(0x3285aaf12e34cf16),
539 U64(0x8d5c39db6dbd36b0), U64(0x12b731dde64f7513),
540 U64(0x94906c2d7aa7dfbb), U64(0x302b583aacc8e789),
541 U64(0x9d45facd090e6b3c), U64(0x2165e2c78905aec4),
542 U64(0x68d45f7f775a7349), U64(0x189b2c1d5664fdca),
543 U64(0xe1c99f2f030215da), U64(0x6983269436246788),
544 U64(0x8489af3b1e148237), U64(0xe94b702431d5b59c),
545 U64(0x33d2d31a6f4adbd7), U64(0xbfd9932a4389f9a6),
546 U64(0xb0e30e8aab39359d), U64(0xd1e2c715afcaf253),
547 U64(0x150f43763c28196e), U64(0xc4ed846393e2eb3d),
548 U64(0x03f98b20c3823c5e), U64(0xfd134ab94c83b833),
549 U64(0x556b682eb1de7064), U64(0x36c4537a37d19f35),
550 U64(0x7559f30279a5ca61), U64(0x799ae58252973a04),
551 U64(0x9c12832648707ffd), U64(0x78cd9c6913e92ec5),
552 U64(0x1d8dac7d0effb928), U64(0x439da0784e745554),
553 U64(0x413352b3cc887dcb), U64(0xbacf134a1b12bd44),
554 U64(0x114ebafd25cd494d), U64(0x2f08068c20cb763e),
555 U64(0x76a07822ba27f63f), U64(0xeab2fb04f25789c2),
556 U64(0xe3676de481fe3d45), U64(0x1b62a73d95e6c194),
557 U64(0x641749ff5c68832c), U64(0xa5ec4dfc97112cf3),
558 U64(0xf6682e92bdd6242b), U64(0x3f11c59a44782bb2),
559 U64(0x317c21d1edb6f348), U64(0xd65ab5be75ad9e2e),
560 U64(0x6b2dd45fb4d84f17), U64(0xfaab381296e4d44e),
561 U64(0xd0b5befeeeb4e692), U64(0x0882ef0b32d7a046),
562 U64(0x512a91a5a83b2047), U64(0x963e9ee6f85bf724),
563 U64(0x4e09cf132438b1f0), U64(0x77f701c9fb59e2fe),
564 U64(0x7ddb1c094b726a27), U64(0x5f4775ee01f5f8bd),
565 U64(0x9186ec4d223c9b59), U64(0xfeeac1998f01846d),
566 U64(0xac39db1ce4b89874), U64(0xb75b7c21715e59e0),
567 U64(0xafc0503c273aa42a), U64(0x6e3b543fec430bf5),
568 U64(0x704f7362213e8e83), U64(0x58ff0745db9294c0),
569 U64(0x67eec2df9feabf72), U64(0xa0facd9ccf8a6811),
570 U64(0xb936986ad890811a), U64(0x95c715c63bd9cb7a),
571 U64(0xca8060283a2c33c7), U64(0x507de84ee9453486),
572 U64(0x85ded6d05f6a96f6), U64(0x1cdad5964f81ade9),
573 U64(0xd5a33e9eb62fa270), U64(0x40642b588df6690a),
574 U64(0x7f75eec2c98e42b8), U64(0x2cf18dace3494a60),
575 U64(0x23cb100c0bf9865b), U64(0xeef3028febb2d9e1),
576 U64(0x4425d2d394133929), U64(0xaad6d05c7fa1e0c8),
577 U64(0xad6ea2f7a5c68cb5), U64(0xc2028f2308fb9381),
578 U64(0x819f2f5b468fc6d5), U64(0xc5bafd88d29cfffc),
579 U64(0x47dc59f357910577), U64(0x2b49ff07392e261d),
580 U64(0x57c59ae5332258fb), U64(0x73b6f842e2bcb2dd),
581 U64(0xcf96e04862b77725), U64(0x4ca73dd8a6c4996f),
582 U64(0x015779eb417e14c1), U64(0x37932a9176af8bf4)
583 }, { /* 4 */
584 U64(0x190a2c9b249df23e), U64(0x2f62f8b62263e1e9),
585 U64(0x7a7f754740993655), U64(0x330b7ba4d5564d9f),
586 U64(0x4c17a16a46672582), U64(0xb22f08eb7d05f5b8),
587 U64(0x535f47f40bc148cc), U64(0x3aec5d27d4883037),
588 U64(0x10ed0a1825438f96), U64(0x516101f72c233d17),
589 U64(0x13cc6f949fd04eae), U64(0x739853c441474bfd),
590 U64(0x653793d90d3f5b1b), U64(0x5240647b96b0fc2f),
591 U64(0x0c84890ad27623e0), U64(0xd7189b32703aaea3),
592 U64(0x2685de3523bd9c41), U64(0x99317c5b11bffefa),
593 U64(0x0d9baa854f079703), U64(0x70b93648fbd48ac5),
594 U64(0xa80441fce30bc6be), U64(0x7287704bdc36ff1e),
595 U64(0xb65384ed33dc1f13), U64(0xd36417343ee34408),
596 U64(0x39cd38ab6e1bf10f), U64(0x5ab861770a1f3564),
597 U64(0x0ebacf09f594563b), U64(0xd04572b884708530),
598 U64(0x3cae9722bdb3af47), U64(0x4a556b6f2f5cbaf2),
599 U64(0xe1704f1f76c4bd74), U64(0x5ec4ed7144c6dfcf),
600 U64(0x16afc01d4c7810e6), U64(0x283f113cd629ca7a),
601 U64(0xaf59a8761741ed2d), U64(0xeed5a3991e215fac),
602 U64(0x3bf37ea849f984d4), U64(0xe413e096a56ce33c),
603 U64(0x2c439d3a98f020d1), U64(0x637559dc6404c46b),
604 U64(0x9e6c95d1e5f5d569), U64(0x24bb9836045fe99a),
605 U64(0x44efa466dac8ecc9), U64(0xc6eab2a5c80895d6),
606 U64(0x803b50c035220cc4), U64(0x0321658cba93c138),
607 U64(0x8f9ebc465dc7ee1c), U64(0xd15a5137190131d3),
608 U64(0x0fa5ec8668e5e2d8), U64(0x91c979578d1037b1),
609 U64(0x0642ca05693b9f70), U64(0xefca80168350eb4f),
610 U64(0x38d21b24f36a45ec), U64(0xbeab81e1af73d658),
611 U64(0x8cbfd9cae7542f24), U64(0xfd19cc0d81f11102),
612 U64(0x0ac6430fbb4dbc90), U64(0x1d76a09d6a441895),
613 U64(0x2a01573ff1cbbfa1), U64(0xb572e161894fde2b),
614 U64(0x8124734fa853b827), U64(0x614b1fdf43e6b1b0),
615 U64(0x68ac395c4238cc18), U64(0x21d837bfd7f7b7d2),
616 U64(0x20c714304a860331), U64(0x5cfaab726324aa14),
617 U64(0x74c5ba4eb50d606e), U64(0xf3a3030474654739),
618 U64(0x23e671bcf015c209), U64(0x45f087e947b9582a),
619 U64(0xd8bd77b418df4c7b), U64(0xe06f6c90ebb50997),
620 U64(0x0bd96080263c0873), U64(0x7e03f9410e40dcfe),
621 U64(0xb8e94be4c6484928), U64(0xfb5b0608e8ca8e72),
622 U64(0x1a2b49179e0e3306), U64(0x4e29e76961855059),
623 U64(0x4f36c4e6fcf4e4ba), U64(0x49740ee395cf7bca),
624 U64(0xc2963ea386d17f7d), U64(0x90d65ad810618352),
625 U64(0x12d34c1b02a1fa4d), U64(0xfa44258775bb3a91),
626 U64(0x18150f14b9ec46dd), U64(0x1491861e6b9a653d),
627 U64(0x9a1019d7ab2c3fc2), U64(0x3668d42d06fe13d7),
628 U64(0xdcc1fbb25606a6d0), U64(0x969490dd795a1c22),
629 U64(0x3549b1a1bc6dd2ef), U64(0xc94f5e23a0ed770e),
630 U64(0xb9f6686b5b39fdcb), U64(0xc4d4f4a6efeae00d),
631 U64(0xe732851a1fff2204), U64(0x94aad6de5eb869f9),
632 U64(0x3f8ff2ae07206e7f), U64(0xfe38a9813b62d03a),
633 U64(0xa7a1ad7a8bee2466), U64(0x7b6056c8dde882b6),
634 U64(0x302a1e286fc58ca7), U64(0x8da0fa457a259bc7),
635 U64(0xb3302b64e074415b), U64(0x5402ae7eff8b635f),
636 U64(0x08f8050c9cafc94b), U64(0xae468bf98a3059ce),
637 U64(0x88c355cca98dc58f), U64(0xb10e6d67c7963480),
638 U64(0xbad70de7e1aa3cf3), U64(0xbfb4a26e320262bb),
639 U64(0xcb711820870f02d5), U64(0xce12b7a954a75c9d),
640 U64(0x563ce87dd8691684), U64(0x9f73b65e7884618a),
641 U64(0x2b1e74b06cba0b42), U64(0x47cec1ea605b2df1),
642 U64(0x1c698312f735ac76), U64(0x5fdbcefed9b76b2c),
643 U64(0x831a354c8fb1cdfc), U64(0x820516c312c0791f),
644 U64(0xb74ca762aeadabf0), U64(0xfc06ef821c80a5e1),
645 U64(0x5723cbf24518a267), U64(0x9d4df05d5f661451),
646 U64(0x588627742dfd40bf), U64(0xda8331b73f3d39a0),
647 U64(0x17b0e392d109a405), U64(0xf965400bcf28fba9),
648 U64(0x7c3dbf4229a2a925), U64(0x023e460327e275db),
649 U64(0x6cd0b55a0ce126b3), U64(0xe62da695828e96e7),
650 U64(0x42ad6e63b3f373b9), U64(0xe50cc319381d57df),
651 U64(0xc5cbd729729b54ee), U64(0x46d1e265fd2a9912),
652 U64(0x6428b056904eeff8), U64(0x8be23040131e04b7),
653 U64(0x6709d5da2add2ec0), U64(0x075de98af44a2b93),
654 U64(0x8447dcc67bfbe66f), U64(0x6616f655b7ac9a23),
655 U64(0xd607b8bded4b1a40), U64(0x0563af89d3a85e48),
656 U64(0x3db1b4ad20c21ba4), U64(0x11f22997b8323b75),
657 U64(0x292032b34b587e99), U64(0x7f1cdace9331681d),
658 U64(0x8e819fc9c0b65aff), U64(0xa1e3677fe2d5bb16),
659 U64(0xcd33d225ee349da5), U64(0xd9a2543b85aef898),
660 U64(0x795e10cbfa0af76d), U64(0x25a4bbb9992e5d79),
661 U64(0x78413344677b438e), U64(0xf0826688cef68601),
662 U64(0xd27b34bba392f0eb), U64(0x551d8df162fad7bc),
663 U64(0x1e57c511d0d7d9ad), U64(0xdeffbdb171e4d30b),
664 U64(0xf4feea8e802f6caa), U64(0xa480c8f6317de55e),
665 U64(0xa0fc44f07fa40ff5), U64(0x95b5f551c3c9dd1a),
666 U64(0x22f952336d6476ea), U64(0x0000000000000000),
667 U64(0xa6be8ef5169f9085), U64(0xcc2cf1aa73452946),
668 U64(0x2e7ddb39bf12550a), U64(0xd526dd3157d8db78),
669 U64(0x486b2d6c08becf29), U64(0x9b0f3a58365d8b21),
670 U64(0xac78cdfaadd22c15), U64(0xbc95c7e28891a383),
671 U64(0x6a927f5f65dab9c3), U64(0xc3891d2c1ba0cb9e),
672 U64(0xeaa92f9f50f8b507), U64(0xcf0d9426c9d6e87e),
673 U64(0xca6e3baf1a7eb636), U64(0xab25247059980786),
674 U64(0x69b31ad3df4978fb), U64(0xe2512a93cc577c4c),
675 U64(0xff278a0ea61364d9), U64(0x71a615c766a53e26),
676 U64(0x89dc764334fc716c), U64(0xf87a638452594f4a),
677 U64(0xf2bc208be914f3da), U64(0x8766b94ac1682757),
678 U64(0xbbc82e687cdb8810), U64(0x626a7a53f9757088),
679 U64(0xa2c202f358467a2e), U64(0x4d0882e5db169161),
680 U64(0x09e7268301de7da8), U64(0xe897699c771ac0dc),
681 U64(0xc8507dac3d9cc3ed), U64(0xc0a878a0a1330aa6),
682 U64(0x978bb352e42ba8c1), U64(0xe9884a13ea6b743f),
683 U64(0x279afdbabecc28a2), U64(0x047c8c064ed9eaab),
684 U64(0x507e2278b15289f4), U64(0x599904fbb08cf45c),
685 U64(0xbd8ae46d15e01760), U64(0x31353da7f2b43844),
686 U64(0x8558ff49e68a528c), U64(0x76fbfc4d92ef15b5),
687 U64(0x3456922e211c660c), U64(0x86799ac55c1993b4),
688 U64(0x3e90d1219a51da9c), U64(0x2d5cbeb505819432),
689 U64(0x982e5fd48cce4a19), U64(0xdb9c1238a24c8d43),
690 U64(0xd439febecaa96f9b), U64(0x418c0bef0960b281),
691 U64(0x158ea591f6ebd1de), U64(0x1f48e69e4da66d4e),
692 U64(0x8afd13cf8e6fb054), U64(0xf5e1c9011d5ed849),
693 U64(0xe34e091c5126c8af), U64(0xad67ee7530a398f6),
694 U64(0x43b24dec2e82c75a), U64(0x75da99c1287cd48d),
695 U64(0x92e81cdb3783f689), U64(0xa3dd217cc537cecd),
696 U64(0x60543c50de970553), U64(0x93f73f54aaf2426a),
697 U64(0xa91b62737e7a725d), U64(0xf19d4507538732e2),
698 U64(0x77e4dfc20f9ea156), U64(0x7d229ccdb4d31dc6),
699 U64(0x1b346a98037f87e5), U64(0xedf4c615a4b29e94),
700 U64(0x4093286094110662), U64(0xb0114ee85ae78063),
701 U64(0x6ff1d0d6b672e78b), U64(0x6dcf96d591909250),
702 U64(0xdfe09e3eec9567e8), U64(0x3214582b4827f97c),
703 U64(0xb46dc2ee143e6ac8), U64(0xf6c0ac8da7cd1971),
704 U64(0xebb60c10cd8901e4), U64(0xf7df8f023abcad92),
705 U64(0x9c52d3d2c217a0b2), U64(0x6b8d5cd0f8ab0d20),
706 U64(0x3777f7a29b8fa734), U64(0x011f238f9d71b4e3),
707 U64(0xc1b75b2f3c42be45), U64(0x5de588fdfe551ef7),
708 U64(0x6eeef3592b035368), U64(0xaa3a07ffc4e9b365),
709 U64(0xecebe59a39c32a77), U64(0x5ba742f8976e8187),
710 U64(0x4b4a48e0b22d0e11), U64(0xddded83dcb771233),
711 U64(0xa59feb79ac0c51bd), U64(0xc7f5912a55792135)
712 }, { /* 5 */
713 U64(0x6d6ae04668a9b08a), U64(0x3ab3f04b0be8c743),
714 U64(0xe51e166b54b3c908), U64(0xbe90a9eb35c2f139),
715 U64(0xb2c7066637f2bec1), U64(0xaa6945613392202c),
716 U64(0x9a28c36f3b5201eb), U64(0xddce5a93ab536994),
717 U64(0x0e34133ef6382827), U64(0x52a02ba1ec55048b),
718 U64(0xa2f88f97c4b2a177), U64(0x8640e513ca2251a5),
719 U64(0xcdf1d36258137622), U64(0xfe6cb708dedf8ddb),
720 U64(0x8a174a9ec8121e5d), U64(0x679896036b81560e),
721 U64(0x59ed033395795fee), U64(0x1dd778ab8b74edaf),
722 U64(0xee533ef92d9f926d), U64(0x2a8c79baf8a8d8f5),
723 U64(0x6bcf398e69b119f6), U64(0xe20491742fafdd95),
724 U64(0x276488e0809c2aec), U64(0xea955b82d88f5cce),
725 U64(0x7102c63a99d9e0c4), U64(0xf9763017a5c39946),
726 U64(0x429fa2501f151b3d), U64(0x4659c72bea05d59e),
727 U64(0x984b7fdccf5a6634), U64(0xf742232953fbb161),
728 U64(0x3041860e08c021c7), U64(0x747bfd9616cd9386),
729 U64(0x4bb1367192312787), U64(0x1b72a1638a6c44d3),
730 U64(0x4a0e68a6e8359a66), U64(0x169a5039f258b6ca),
731 U64(0xb98a2ef44edee5a4), U64(0xd9083fe85e43a737),
732 U64(0x967f6ce239624e13), U64(0x8874f62d3c1a7982),
733 U64(0x3c1629830af06e3f), U64(0x9165ebfd427e5a8e),
734 U64(0xb5dd81794ceeaa5c), U64(0x0de8f15a7834f219),
735 U64(0x70bd98ede3dd5d25), U64(0xaccc9ca9328a8950),
736 U64(0x56664eda1945ca28), U64(0x221db34c0f8859ae),
737 U64(0x26dbd637fa98970d), U64(0x1acdffb4f068f932),
738 U64(0x4585254f64090fa0), U64(0x72de245e17d53afa),
739 U64(0x1546b25d7c546cf4), U64(0x207e0ffffb803e71),
740 U64(0xfaaad2732bcf4378), U64(0xb462dfae36ea17bd),
741 U64(0xcf926fd1ac1b11fd), U64(0xe0672dc7dba7ba4a),
742 U64(0xd3fa49ad5d6b41b3), U64(0x8ba81449b216a3bc),
743 U64(0x14f9ec8a0650d115), U64(0x40fc1ee3eb1d7ce2),
744 U64(0x23a2ed9b758ce44f), U64(0x782c521b14fddc7e),
745 U64(0x1c68267cf170504e), U64(0xbcf31558c1ca96e6),
746 U64(0xa781b43b4ba6d235), U64(0xf6fd7dfe29ff0c80),
747 U64(0xb0a4bad5c3fad91e), U64(0xd199f51ea963266c),
748 U64(0x414340349119c103), U64(0x5405f269ed4dadf7),
749 U64(0xabd61bb649969dcd), U64(0x6813dbeae7bdc3c8),
750 U64(0x65fb2ab09f8931d1), U64(0xf1e7fae152e3181d),
751 U64(0xc1a67cef5a2339da), U64(0x7a4feea8e0f5bba1),
752 U64(0x1e0b9acf05783791), U64(0x5b8ebf8061713831),
753 U64(0x80e53cdbcb3af8d9), U64(0x7e898bd315e57502),
754 U64(0xc6bcfbf0213f2d47), U64(0x95a38e86b76e942d),
755 U64(0x092e94218d243cba), U64(0x8339debf453622e7),
756 U64(0xb11be402b9fe64ff), U64(0x57d9100d634177c9),
757 U64(0xcc4e8db52217cbc3), U64(0x3b0cae9c71ec7aa2),
758 U64(0xfb158ca451cbfe99), U64(0x2b33276d82ac6514),
759 U64(0x01bf5ed77a04bde1), U64(0xc5601994af33f779),
760 U64(0x75c4a3416cc92e67), U64(0xf3844652a6eb7fc2),
761 U64(0x3487e375fdd0ef64), U64(0x18ae430704609eed),
762 U64(0x4d14efb993298efb), U64(0x815a620cb13e4538),
763 U64(0x125c354207487869), U64(0x9eeea614ce42cf48),
764 U64(0xce2d3106d61fac1c), U64(0xbbe99247bad6827b),
765 U64(0x071a871f7b1c149d), U64(0x2e4a1cc10db81656),
766 U64(0x77a71ff298c149b8), U64(0x06a5d9c80118a97c),
767 U64(0xad73c27e488e34b1), U64(0x443a7b981e0db241),
768 U64(0xe3bbcfa355ab6074), U64(0x0af276450328e684),
769 U64(0x73617a896dd1871b), U64(0x58525de4ef7de20f),
770 U64(0xb7be3dcab8e6cd83), U64(0x19111dd07e64230c),
771 U64(0x842359a03e2a367a), U64(0x103f89f1f3401fb6),
772 U64(0xdc710444d157d475), U64(0xb835702334da5845),
773 U64(0x4320fc876511a6dc), U64(0xd026abc9d3679b8d),
774 U64(0x17250eee885c0b2b), U64(0x90dab52a387ae76f),
775 U64(0x31fed8d972c49c26), U64(0x89cba8fa461ec463),
776 U64(0x2ff5421677bcabb7), U64(0x396f122f85e41d7d),
777 U64(0xa09b332430bac6a8), U64(0xc888e8ced7070560),
778 U64(0xaeaf201ac682ee8f), U64(0x1180d7268944a257),
779 U64(0xf058a43628e7a5fc), U64(0xbd4c4b8fbbce2b07),
780 U64(0xa1246df34abe7b49), U64(0x7d5569b79be9af3c),
781 U64(0xa9b5a705bd9efa12), U64(0xdb6b835baa4bc0e8),
782 U64(0x05793bac8f147342), U64(0x21c1512881848390),
783 U64(0xfdb0556c50d357e5), U64(0x613d4fcb6a99ff72),
784 U64(0x03dce2648e0cda3e), U64(0xe949b9e6568386f0),
785 U64(0xfc0f0bbb2ad7ea04), U64(0x6a70675913b5a417),
786 U64(0x7f36d5046fe1c8e3), U64(0x0c57af8d02304ff8),
787 U64(0x32223abdfcc84618), U64(0x0891caf6f720815b),
788 U64(0xa63eeaec31a26fd4), U64(0x2507345374944d33),
789 U64(0x49d28ac266394058), U64(0xf5219f9aa7f3d6be),
790 U64(0x2d96fea583b4cc68), U64(0x5a31e1571b7585d0),
791 U64(0x8ed12fe53d02d0fe), U64(0xdfade6205f5b0e4b),
792 U64(0x4cabb16ee92d331a), U64(0x04c6657bf510cea3),
793 U64(0xd73c2cd6a87b8f10), U64(0xe1d87310a1a307ab),
794 U64(0x6cd5be9112ad0d6b), U64(0x97c032354366f3f2),
795 U64(0xd4e0ceb22677552e), U64(0x0000000000000000),
796 U64(0x29509bde76a402cb), U64(0xc27a9e8bd42fe3e4),
797 U64(0x5ef7842cee654b73), U64(0xaf107ecdbc86536e),
798 U64(0x3fcacbe784fcb401), U64(0xd55f90655c73e8cf),
799 U64(0xe6c2f40fdabf1336), U64(0xe8f6e7312c873b11),
800 U64(0xeb2a0555a28be12f), U64(0xe4a148bc2eb774e9),
801 U64(0x9b979db84156bc0a), U64(0x6eb60222e6a56ab4),
802 U64(0x87ffbbc4b026ec44), U64(0xc703a5275b3b90a6),
803 U64(0x47e699fc9001687f), U64(0x9c8d1aa73a4aa897),
804 U64(0x7cea3760e1ed12dd), U64(0x4ec80ddd1d2554c5),
805 U64(0x13e36b957d4cc588), U64(0x5d2b66486069914d),
806 U64(0x92b90999cc7280b0), U64(0x517cc9c56259deb5),
807 U64(0xc937b619ad03b881), U64(0xec30824ad997f5b2),
808 U64(0xa45d565fc5aa080b), U64(0xd6837201d27f32f1),
809 U64(0x635ef3789e9198ad), U64(0x531f75769651b96a),
810 U64(0x4f77530a6721e924), U64(0x486dd4151c3dfdb9),
811 U64(0x5f48dafb9461f692), U64(0x375b011173dc355a),
812 U64(0x3da9775470f4d3de), U64(0x8d0dcd81b30e0ac0),
813 U64(0x36e45fc609d888bb), U64(0x55baacbe97491016),
814 U64(0x8cb29356c90ab721), U64(0x76184125e2c5f459),
815 U64(0x99f4210bb55edbd5), U64(0x6f095cf59ca1d755),
816 U64(0x9f51f8c3b44672a9), U64(0x3538bda287d45285),
817 U64(0x50c39712185d6354), U64(0xf23b1885dcefc223),
818 U64(0x79930ccc6ef9619f), U64(0xed8fdc9da3934853),
819 U64(0xcb540aaa590bdf5e), U64(0x5c94389f1a6d2cac),
820 U64(0xe77daad8a0bbaed7), U64(0x28efc5090ca0bf2a),
821 U64(0xbf2ff73c4fc64cd8), U64(0xb37858b14df60320),
822 U64(0xf8c96ec0dfc724a7), U64(0x828680683f329f06),
823 U64(0x941cd051cd6a29cc), U64(0xc3c5c05cae2b5e05),
824 U64(0xb601631dc2e27062), U64(0xc01922382027843b),
825 U64(0x24b86a840e90f0d2), U64(0xd245177a276ffc52),
826 U64(0x0f8b4de98c3c95c6), U64(0x3e759530fef809e0),
827 U64(0x0b4d2892792c5b65), U64(0xc4df4743d5374a98),
828 U64(0xa5e20888bfaeb5ea), U64(0xba56cc90c0d23f9a),
829 U64(0x38d04cf8ffe0a09c), U64(0x62e1adafe495254c),
830 U64(0x0263bcb3f40867df), U64(0xcaeb547d230f62bf),
831 U64(0x6082111c109d4293), U64(0xdad4dd8cd04f7d09),
832 U64(0xefec602e579b2f8c), U64(0x1fb4c4187f7c8a70),
833 U64(0xffd3e9dfa4db303a), U64(0x7bf0b07f9af10640),
834 U64(0xf49ec14dddf76b5f), U64(0x8f6e713247066d1f),
835 U64(0x339d646a86ccfbf9), U64(0x64447467e58d8c30),
836 U64(0x2c29a072f9b07189), U64(0xd8b7613f24471ad6),
837 U64(0x6627c8d41185ebef), U64(0xa347d140beb61c96),
838 U64(0xde12b8f7255fb3aa), U64(0x9d324470404e1576),
839 U64(0x9306574eb6763d51), U64(0xa80af9d2c79a47f3),
840 U64(0x859c0777442e8b9b), U64(0x69ac853d9db97e29)
841 }, { /* 6 */
842 U64(0xc3407dfc2de6377e), U64(0x5b9e93eea4256f77),
843 U64(0xadb58fdd50c845e0), U64(0x5219ff11a75bed86),
844 U64(0x356b61cfd90b1de9), U64(0xfb8f406e25abe037),
845 U64(0x7a5a0231c0f60796), U64(0x9d3cd216e1f5020b),
846 U64(0x0c6550fb6b48d8f3), U64(0xf57508c427ff1c62),
847 U64(0x4ad35ffa71cb407d), U64(0x6290a2da1666aa6d),
848 U64(0xe284ec2349355f9f), U64(0xb3c307c53d7c84ec),
849 U64(0x05e23c0468365a02), U64(0x190bac4d6c9ebfa8),
850 U64(0x94bbbee9e28b80fa), U64(0xa34fc777529cb9b5),
851 U64(0xcc7b39f095bcd978), U64(0x2426addb0ce532e3),
852 U64(0x7e79329312ce4fc7), U64(0xab09a72eebec2917),
853 U64(0xf8d15499f6b9d6c2), U64(0x1a55b8babf8c895d),
854 U64(0xdb8add17fb769a85), U64(0xb57f2f368658e81b),
855 U64(0x8acd36f18f3f41f6), U64(0x5ce3b7bba50f11d3),
856 U64(0x114dcc14d5ee2f0a), U64(0xb91a7fcded1030e8),
857 U64(0x81d5425fe55de7a1), U64(0xb6213bc1554adeee),
858 U64(0x80144ef95f53f5f2), U64(0x1e7688186db4c10c),
859 U64(0x3b912965db5fe1bc), U64(0xc281715a97e8252d),
860 U64(0x54a5d7e21c7f8171), U64(0x4b12535ccbc5522e),
861 U64(0x1d289cefbea6f7f9), U64(0x6ef5f2217d2e729e),
862 U64(0xe6a7dc819b0d17ce), U64(0x1b94b41c05829b0e),
863 U64(0x33d7493c622f711e), U64(0xdcf7f942fa5ce421),
864 U64(0x600fba8b7f7a8ecb), U64(0x46b60f011a83988e),
865 U64(0x235b898e0dcf4c47), U64(0x957ab24f588592a9),
866 U64(0x4354330572b5c28c), U64(0xa5f3ef84e9b8d542),
867 U64(0x8c711e02341b2d01), U64(0x0b1874ae6a62a657),
868 U64(0x1213d8e306fc19ff), U64(0xfe6d7c6a4d9dba35),
869 U64(0x65ed868f174cd4c9), U64(0x88522ea0e6236550),
870 U64(0x899322065c2d7703), U64(0xc01e690bfef4018b),
871 U64(0x915982ed8abddaf8), U64(0xbe675b98ec3a4e4c),
872 U64(0xa996bf7f82f00db1), U64(0xe1daf8d49a27696a),
873 U64(0x2effd5d3dc8986e7), U64(0xd153a51f2b1a2e81),
874 U64(0x18caa0ebd690adfb), U64(0x390e3134b243c51a),
875 U64(0x2778b92cdff70416), U64(0x029f1851691c24a6),
876 U64(0x5e7cafeacc133575), U64(0xfa4e4cc89fa5f264),
877 U64(0x5a5f9f481e2b7d24), U64(0x484c47ab18d764db),
878 U64(0x400a27f2a1a7f479), U64(0xaeeb9b2a83da7315),
879 U64(0x721c626879869734), U64(0x042330a2d2384851),
880 U64(0x85f672fd3765aff0), U64(0xba446b3a3e02061d),
881 U64(0x73dd6ecec3888567), U64(0xffac70ccf793a866),
882 U64(0xdfa9edb5294ed2d4), U64(0x6c6aea7014325638),
883 U64(0x834a5a0e8c41c307), U64(0xcdba35562fb2cb2b),
884 U64(0x0ad97808d06cb404), U64(0x0f3b440cb85aee06),
885 U64(0xe5f9c876481f213b), U64(0x98deee1289c35809),
886 U64(0x59018bbfcd394bd1), U64(0xe01bf47220297b39),
887 U64(0xde68e1139340c087), U64(0x9fa3ca4788e926ad),
888 U64(0xbb85679c840c144e), U64(0x53d8f3b71d55ffd5),
889 U64(0x0da45c5dd146caa0), U64(0x6f34fe87c72060cd),
890 U64(0x57fbc315cf6db784), U64(0xcee421a1fca0fdde),
891 U64(0x3d2d0196607b8d4b), U64(0x642c8a29ad42c69a),
892 U64(0x14aff010bdd87508), U64(0xac74837beac657b3),
893 U64(0x3216459ad821634d), U64(0x3fb219c70967a9ed),
894 U64(0x06bc28f3bb246cf7), U64(0xf2082c9126d562c6),
895 U64(0x66b39278c45ee23c), U64(0xbd394f6f3f2878b9),
896 U64(0xfd33689d9e8f8cc0), U64(0x37f4799eb017394f),
897 U64(0x108cc0b26fe03d59), U64(0xda4bd1b1417888d6),
898 U64(0xb09d1332ee6eb219), U64(0x2f3ed975668794b4),
899 U64(0x58c0871977375982), U64(0x7561463d78ace990),
900 U64(0x09876cff037e82f1), U64(0x7fb83e35a8c05d94),
901 U64(0x26b9b58a65f91645), U64(0xef20b07e9873953f),
902 U64(0x3148516d0b3355b8), U64(0x41cb2b541ba9e62a),
903 U64(0x790416c613e43163), U64(0xa011d380818e8f40),
904 U64(0x3a5025c36151f3ef), U64(0xd57095bdf92266d0),
905 U64(0x498d4b0da2d97688), U64(0x8b0c3a57353153a5),
906 U64(0x21c491df64d368e1), U64(0x8f2f0af5e7091bf4),
907 U64(0x2da1c1240f9bb012), U64(0xc43d59a92ccc49da),
908 U64(0xbfa6573e56345c1f), U64(0x828b56a8364fd154),
909 U64(0x9a41f643e0df7caf), U64(0xbcf843c985266aea),
910 U64(0x2b1de9d7b4bfdce5), U64(0x20059d79dedd7ab2),
911 U64(0x6dabe6d6ae3c446b), U64(0x45e81bf6c991ae7b),
912 U64(0x6351ae7cac68b83e), U64(0xa432e32253b6c711),
913 U64(0xd092a9b991143cd2), U64(0xcac711032e98b58f),
914 U64(0xd8d4c9e02864ac70), U64(0xc5fc550f96c25b89),
915 U64(0xd7ef8dec903e4276), U64(0x67729ede7e50f06f),
916 U64(0xeac28c7af045cf3d), U64(0xb15c1f945460a04a),
917 U64(0x9cfddeb05bfb1058), U64(0x93c69abce3a1fe5e),
918 U64(0xeb0380dc4a4bdd6e), U64(0xd20db1e8f8081874),
919 U64(0x229a8528b7c15e14), U64(0x44291750739fbc28),
920 U64(0xd3ccbd4e42060a27), U64(0xf62b1c33f4ed2a97),
921 U64(0x86a8660ae4779905), U64(0xd62e814a2a305025),
922 U64(0x477703a7a08d8add), U64(0x7b9b0e977af815c5),
923 U64(0x78c51a60a9ea2330), U64(0xa6adfb733aaae3b7),
924 U64(0x97e5aa1e3199b60f), U64(0x0000000000000000),
925 U64(0xf4b404629df10e31), U64(0x5564db44a6719322),
926 U64(0x9207961a59afec0d), U64(0x9624a6b88b97a45c),
927 U64(0x363575380a192b1c), U64(0x2c60cd82b595a241),
928 U64(0x7d272664c1dc7932), U64(0x7142769faa94a1c1),
929 U64(0xa1d0df263b809d13), U64(0x1630e841d4c451ae),
930 U64(0xc1df65ad44fa13d8), U64(0x13d2d445bcf20bac),
931 U64(0xd915c546926abe23), U64(0x38cf3d92084dd749),
932 U64(0xe766d0272103059d), U64(0xc7634d5effde7f2f),
933 U64(0x077d2455012a7ea4), U64(0xedbfa82ff16fb199),
934 U64(0xaf2a978c39d46146), U64(0x42953fa3c8bbd0df),
935 U64(0xcb061da59496a7dc), U64(0x25e7a17db6eb20b0),
936 U64(0x34aa6d6963050fba), U64(0xa76cf7d580a4f1e4),
937 U64(0xf7ea10954ee338c4), U64(0xfcf2643b24819e93),
938 U64(0xcf252d0746aeef8d), U64(0x4ef06f58a3f3082c),
939 U64(0x563acfb37563a5d7), U64(0x5086e740ce47c920),
940 U64(0x2982f186dda3f843), U64(0x87696aac5e798b56),
941 U64(0x5d22bb1d1f010380), U64(0x035e14f7d31236f5),
942 U64(0x3cec0d30da759f18), U64(0xf3c920379cdb7095),
943 U64(0xb8db736b571e22bb), U64(0xdd36f5e44052f672),
944 U64(0xaac8ab8851e23b44), U64(0xa857b3d938fe1fe2),
945 U64(0x17f1e4e76eca43fd), U64(0xec7ea4894b61a3ca),
946 U64(0x9e62c6e132e734fe), U64(0xd4b1991b432c7483),
947 U64(0x6ad6c283af163acf), U64(0x1ce9904904a8e5aa),
948 U64(0x5fbda34c761d2726), U64(0xf910583f4cb7c491),
949 U64(0xc6a241f845d06d7c), U64(0x4f3163fe19fd1a7f),
950 U64(0xe99c988d2357f9c8), U64(0x8eee06535d0709a7),
951 U64(0x0efa48aa0254fc55), U64(0xb4be23903c56fa48),
952 U64(0x763f52caabbedf65), U64(0xeee1bcd8227d876c),
953 U64(0xe345e085f33b4dcc), U64(0x3e731561b369bbbe),
954 U64(0x2843fd2067adea10), U64(0x2adce5710eb1ceb6),
955 U64(0xb7e03767ef44ccbd), U64(0x8db012a48e153f52),
956 U64(0x61ceb62dc5749c98), U64(0xe85d942b9959eb9b),
957 U64(0x4c6f7709caef2c8a), U64(0x84377e5b8d6bbda3),
958 U64(0x30895dcbb13d47eb), U64(0x74a04a9bc2a2fbc3),
959 U64(0x6b17ce251518289c), U64(0xe438c4d0f2113368),
960 U64(0x1fb784bed7bad35f), U64(0x9b80fae55ad16efc),
961 U64(0x77fe5e6c11b0cd36), U64(0xc858095247849129),
962 U64(0x08466059b97090a2), U64(0x01c10ca6ba0e1253),
963 U64(0x6988d6747c040c3a), U64(0x6849dad2c60a1e69),
964 U64(0x5147ebe67449db73), U64(0xc99905f4fd8a837a),
965 U64(0x991fe2b433cd4a5a), U64(0xf09734c04fc94660),
966 U64(0xa28ecbd1e892abe6), U64(0xf1563866f5c75433),
967 U64(0x4dae7baf70e13ed9), U64(0x7ce62ac27bd26b61),
968 U64(0x70837a39109ab392), U64(0x90988e4b30b3c8ab),
969 U64(0xb2020b63877296bf), U64(0x156efcb607d6675b)
970 }, { /* 7 */
971 U64(0xe63f55ce97c331d0), U64(0x25b506b0015bba16),
972 U64(0xc8706e29e6ad9ba8), U64(0x5b43d3775d521f6a),
973 U64(0x0bfa3d577035106e), U64(0xab95fc172afb0e66),
974 U64(0xf64b63979e7a3276), U64(0xf58b4562649dad4b),
975 U64(0x48f7c3dbae0c83f1), U64(0xff31916642f5c8c5),
976 U64(0xcbb048dc1c4a0495), U64(0x66b8f83cdf622989),
977 U64(0x35c130e908e2b9b0), U64(0x7c761a61f0b34fa1),
978 U64(0x3601161cf205268d), U64(0x9e54ccfe2219b7d6),
979 U64(0x8b7d90a538940837), U64(0x9cd403588ea35d0b),
980 U64(0xbc3c6fea9ccc5b5a), U64(0xe5ff733b6d24aeed),
981 U64(0xceed22de0f7eb8d2), U64(0xec8581cab1ab545e),
982 U64(0xb96105e88ff8e71d), U64(0x8ca03501871a5ead),
983 U64(0x76ccce65d6db2a2f), U64(0x5883f582a7b58057),
984 U64(0x3f7be4ed2e8adc3e), U64(0x0fe7be06355cd9c9),
985 U64(0xee054e6c1d11be83), U64(0x1074365909b903a6),
986 U64(0x5dde9f80b4813c10), U64(0x4a770c7d02b6692c),
987 U64(0x5379c8d5d7809039), U64(0xb4067448161ed409),
988 U64(0x5f5e5026183bd6cd), U64(0xe898029bf4c29df9),
989 U64(0x7fb63c940a54d09c), U64(0xc5171f897f4ba8bc),
990 U64(0xa6f28db7b31d3d72), U64(0x2e4f3be7716eaa78),
991 U64(0x0d6771a099e63314), U64(0x82076254e41bf284),
992 U64(0x2f0fd2b42733df98), U64(0x5c9e76d3e2dc49f0),
993 U64(0x7aeb569619606cdb), U64(0x83478b07b2468764),
994 U64(0xcfadcb8d5923cd32), U64(0x85dac7f05b95a41e),
995 U64(0xb5469d1b4043a1e9), U64(0xb821ecbbd9a592fd),
996 U64(0x1b8e0b0e798c13c8), U64(0x62a57b6d9a0be02e),
997 U64(0xfcf1b793b81257f8), U64(0x9d94ea0bd8fe28eb),
998 U64(0x4cea408aeb654a56), U64(0x23284a47e888996c),
999 U64(0x2d8f1d128b893545), U64(0xf4cbac3132c0d8ab),
1000 U64(0xbd7c86b9ca912eba), U64(0x3a268eef3dbe6079),
1001 U64(0xf0d62f6077a9110c), U64(0x2735c916ade150cb),
1002 U64(0x89fd5f03942ee2ea), U64(0x1acee25d2fd16628),
1003 U64(0x90f39bab41181bff), U64(0x430dfe8cde39939f),
1004 U64(0xf70b8ac4c8274796), U64(0x1c53aeaac6024552),
1005 U64(0x13b410acf35e9c9b), U64(0xa532ab4249faa24f),
1006 U64(0x2b1251e5625a163f), U64(0xd7e3e676da4841c7),
1007 U64(0xa7b264e4e5404892), U64(0xda8497d643ae72d3),
1008 U64(0x861ae105a1723b23), U64(0x38a6414991048aa4),
1009 U64(0x6578dec92585b6b4), U64(0x0280cfa6acbaeadd),
1010 U64(0x88bdb650c273970a), U64(0x9333bd5ebbff84c2),
1011 U64(0x4e6a8f2c47dfa08b), U64(0x321c954db76cef2a),
1012 U64(0x418d312a72837942), U64(0xb29b38bfffcdf773),
1013 U64(0x6c022c38f90a4c07), U64(0x5a033a240b0f6a8a),
1014 U64(0x1f93885f3ce5da6f), U64(0xc38a537e96988bc6),
1015 U64(0x39e6a81ac759ff44), U64(0x29929e43cee0fce2),
1016 U64(0x40cdd87924de0ca2), U64(0xe9d8ebc8a29fe819),
1017 U64(0x0c2798f3cfbb46f4), U64(0x55e484223e53b343),
1018 U64(0x4650948ecd0d2fd8), U64(0x20e86cb2126f0651),
1019 U64(0x6d42c56baf5739e7), U64(0xa06fc1405ace1e08),
1020 U64(0x7babbfc54f3d193b), U64(0x424d17df8864e67f),
1021 U64(0xd8045870ef14980e), U64(0xc6d7397c85ac3781),
1022 U64(0x21a885e1443273b1), U64(0x67f8116f893f5c69),
1023 U64(0x24f5efe35706cff6), U64(0xd56329d076f2ab1a),
1024 U64(0x5e1eb9754e66a32d), U64(0x28d2771098bd8902),
1025 U64(0x8f6013f47dfdc190), U64(0x17a993fdb637553c),
1026 U64(0xe0a219397e1012aa), U64(0x786b9930b5da8606),
1027 U64(0x6e82e39e55b0a6da), U64(0x875a0856f72f4ec3),
1028 U64(0x3741ff4fa458536d), U64(0xac4859b3957558fc),
1029 U64(0x7ef6d5c75c09a57c), U64(0xc04a758b6c7f14fb),
1030 U64(0xf9acdd91ab26ebbf), U64(0x7391a467c5ef9668),
1031 U64(0x335c7c1ee1319aca), U64(0xa91533b18641e4bb),
1032 U64(0xe4bf9a683b79db0d), U64(0x8e20faa72ba0b470),
1033 U64(0x51f907737b3a7ae4), U64(0x2268a314bed5ec8c),
1034 U64(0xd944b123b949edee), U64(0x31dcb3b84d8b7017),
1035 U64(0xd3fe65279f218860), U64(0x097af2f1dc8ffab3),
1036 U64(0x9b09a6fc312d0b91), U64(0xcc6ded78a3c4520f),
1037 U64(0x3481d9ba5ebfcc50), U64(0x4f2a667f1182d56b),
1038 U64(0xdfd9fdd4509ace94), U64(0x26752045fbbc252b),
1039 U64(0xbffc491f662bc467), U64(0xdd593272fc202449),
1040 U64(0x3cbbc218d46d4303), U64(0x91b372f817456e1f),
1041 U64(0x681faf69bc6385a0), U64(0xb686bbeebaa43ed4),
1042 U64(0x1469b5084cd0ca01), U64(0x98c98009cbca94ac),
1043 U64(0x6438379a73d8c354), U64(0xc2caba2dc0c5fe26),
1044 U64(0x3e3b0dbe78d7a9de), U64(0x50b9ee202d670f04),
1045 U64(0x4590b27b37eab0e5), U64(0x6025b4cb36b10af3),
1046 U64(0xfb2c1237079c0162), U64(0xa12f28130c936be8),
1047 U64(0x4b37e52e54eb1ccc), U64(0x083a1ba28ad28f53),
1048 U64(0xc10a9cd83a22611b), U64(0x9f1425ad7444c236),
1049 U64(0x069d4cf7e9d3237a), U64(0xedc56899e7f621be),
1050 U64(0x778c273680865fcf), U64(0x309c5aeb1bd605f7),
1051 U64(0x8de0dc52d1472b4d), U64(0xf8ec34c2fd7b9e5f),
1052 U64(0xea18cd3d58787724), U64(0xaad515447ca67b86),
1053 U64(0x9989695a9d97e14c), U64(0x0000000000000000),
1054 U64(0xf196c63321f464ec), U64(0x71116bc169557cb5),
1055 U64(0xaf887f466f92c7c1), U64(0x972e3e0ffe964d65),
1056 U64(0x190ec4a8d536f915), U64(0x95aef1a9522ca7b8),
1057 U64(0xdc19db21aa7d51a9), U64(0x94ee18fa0471d258),
1058 U64(0x8087adf248a11859), U64(0xc457f6da2916dd5c),
1059 U64(0xfa6cfb6451c17482), U64(0xf256e0c6db13fbd1),
1060 U64(0x6a9f60cf10d96f7d), U64(0x4daaa9d9bd383fb6),
1061 U64(0x03c026f5fae79f3d), U64(0xde99148706c7bb74),
1062 U64(0x2a52b8b6340763df), U64(0x6fc20acd03edd33a),
1063 U64(0xd423c08320afdefa), U64(0xbbe1ca4e23420dc0),
1064 U64(0x966ed75ca8cb3885), U64(0xeb58246e0e2502c4),
1065 U64(0x055d6a021334bc47), U64(0xa47242111fa7d7af),
1066 U64(0xe3623fcc84f78d97), U64(0x81c744a11efc6db9),
1067 U64(0xaec8961539cfb221), U64(0xf31609958d4e8e31),
1068 U64(0x63e5923ecc5695ce), U64(0x47107ddd9b505a38),
1069 U64(0xa3afe7b5a0298135), U64(0x792b7063e387f3e6),
1070 U64(0x0140e953565d75e0), U64(0x12f4f9ffa503e97b),
1071 U64(0x750ce8902c3cb512), U64(0xdbc47e8515f30733),
1072 U64(0x1ed3610c6ab8af8f), U64(0x5239218681dde5d9),
1073 U64(0xe222d69fd2aaf877), U64(0xfe71783514a8bd25),
1074 U64(0xcaf0a18f4a177175), U64(0x61655d9860ec7f13),
1075 U64(0xe77fbc9dc19e4430), U64(0x2ccff441ddd440a5),
1076 U64(0x16e97aaee06a20dc), U64(0xa855dae2d01c915b),
1077 U64(0x1d1347f9905f30b2), U64(0xb7c652bdecf94b34),
1078 U64(0xd03e43d265c6175d), U64(0xfdb15ec0ee4f2218),
1079 U64(0x57644b8492e9599e), U64(0x07dda5a4bf8e569a),
1080 U64(0x54a46d71680ec6a3), U64(0x5624a2d7c4b42c7e),
1081 U64(0xbebca04c3076b187), U64(0x7d36f332a6ee3a41),
1082 U64(0x3b6667bc6be31599), U64(0x695f463aea3ef040),
1083 U64(0xad08b0e0c3282d1c), U64(0xb15b1e4a052a684e),
1084 U64(0x44d05b2861b7c505), U64(0x15295c5b1a8dbfe1),
1085 U64(0x744c01c37a61c0f2), U64(0x59c31cd1f1e8f5b7),
1086 U64(0xef45a73f4b4ccb63), U64(0x6bdf899c46841a9d),
1087 U64(0x3dfb2b4b823036e3), U64(0xa2ef0ee6f674f4d5),
1088 U64(0x184e2dfb836b8cf5), U64(0x1134df0a5fe47646),
1089 U64(0xbaa1231d751f7820), U64(0xd17eaa81339b62bd),
1090 U64(0xb01bf71953771dae), U64(0x849a2ea30dc8d1fe),
1091 U64(0x705182923f080955), U64(0x0ea757556301ac29),
1092 U64(0x041d83514569c9a7), U64(0x0abad4042668658e),
1093 U64(0x49b72a88f851f611), U64(0x8a3d79f66ec97dd7),
1094 U64(0xcd2d042bf59927ef), U64(0xc930877ab0f0ee48),
1095 U64(0x9273540deda2f122), U64(0xc797d02fd3f14261),
1096 U64(0xe1e2f06a284d674a), U64(0xd2be8c74c97cfd80),
1097 U64(0x9a494faf67707e71), U64(0xb3dbd1eca9908293),
1098 U64(0x72d14d3493b2e388), U64(0xd6a30f258c153427)
1099 },
1100};
1101
1102static const STREEBOG_LONG64 C16[12][8] = {
1103 {
1104 U64(0xdd806559f2a64507), U64(0x05767436cc744d23),
1105 U64(0xa2422a08a460d315), U64(0x4b7ce09192676901),
1106 U64(0x714eb88d7585c4fc), U64(0x2f6a76432e45d016),
1107 U64(0xebcb2f81c0657c1f), U64(0xb1085bda1ecadae9)
1108 }, {
1109 U64(0xe679047021b19bb7), U64(0x55dda21bd7cbcd56),
1110 U64(0x5cb561c2db0aa7ca), U64(0x9ab5176b12d69958),
1111 U64(0x61d55e0f16b50131), U64(0xf3feea720a232b98),
1112 U64(0x4fe39d460f70b5d7), U64(0x6fa3b58aa99d2f1a)
1113 }, {
1114 U64(0x991e96f50aba0ab2), U64(0xc2b6f443867adb31),
1115 U64(0xc1c93a376062db09), U64(0xd3e20fe490359eb1),
1116 U64(0xf2ea7514b1297b7b), U64(0x06f15e5f529c1f8b),
1117 U64(0x0a39fc286a3d8435), U64(0xf574dcac2bce2fc7)
1118 }, {
1119 U64(0x220cbebc84e3d12e), U64(0x3453eaa193e837f1),
1120 U64(0xd8b71333935203be), U64(0xa9d72c82ed03d675),
1121 U64(0x9d721cad685e353f), U64(0x488e857e335c3c7d),
1122 U64(0xf948e1a05d71e4dd), U64(0xef1fdfb3e81566d2)
1123 }, {
1124 U64(0x601758fd7c6cfe57), U64(0x7a56a27ea9ea63f5),
1125 U64(0xdfff00b723271a16), U64(0xbfcd1747253af5a3),
1126 U64(0x359e35d7800fffbd), U64(0x7f151c1f1686104a),
1127 U64(0x9a3f410c6ca92363), U64(0x4bea6bacad474799)
1128 }, {
1129 U64(0xfa68407a46647d6e), U64(0xbf71c57236904f35),
1130 U64(0x0af21f66c2bec6b6), U64(0xcffaa6b71c9ab7b4),
1131 U64(0x187f9ab49af08ec6), U64(0x2d66c4f95142a46c),
1132 U64(0x6fa4c33b7a3039c0), U64(0xae4faeae1d3ad3d9)
1133 }, {
1134 U64(0x8886564d3a14d493), U64(0x3517454ca23c4af3),
1135 U64(0x06476983284a0504), U64(0x0992abc52d822c37),
1136 U64(0xd3473e33197a93c9), U64(0x399ec6c7e6bf87c9),
1137 U64(0x51ac86febf240954), U64(0xf4c70e16eeaac5ec)
1138 }, {
1139 U64(0xa47f0dd4bf02e71e), U64(0x36acc2355951a8d9),
1140 U64(0x69d18d2bd1a5c42f), U64(0xf4892bcb929b0690),
1141 U64(0x89b4443b4ddbc49a), U64(0x4eb7f8719c36de1e),
1142 U64(0x03e7aa020c6e4141), U64(0x9b1f5b424d93c9a7)
1143 }, {
1144 U64(0x7261445183235adb), U64(0x0e38dc92cb1f2a60),
1145 U64(0x7b2b8a9aa6079c54), U64(0x800a440bdbb2ceb1),
1146 U64(0x3cd955b7e00d0984), U64(0x3a7d3a1b25894224),
1147 U64(0x944c9ad8ec165fde), U64(0x378f5a541631229b)
1148 }, {
1149 U64(0x74b4c7fb98459ced), U64(0x3698fad1153bb6c3),
1150 U64(0x7a1e6c303b7652f4), U64(0x9fe76702af69334b),
1151 U64(0x1fffe18a1b336103), U64(0x8941e71cff8a78db),
1152 U64(0x382ae548b2e4f3f3), U64(0xabbedea680056f52)
1153 }, {
1154 U64(0x6bcaa4cd81f32d1b), U64(0xdea2594ac06fd85d),
1155 U64(0xefbacd1d7d476e98), U64(0x8a1d71efea48b9ca),
1156 U64(0x2001802114846679), U64(0xd8fa6bbbebab0761),
1157 U64(0x3002c6cd635afe94), U64(0x7bcd9ed0efc889fb)
1158 }, {
1159 U64(0x48bc924af11bd720), U64(0xfaf417d5d9b21b99),
1160 U64(0xe71da4aa88e12852), U64(0x5d80ef9d1891cc86),
1161 U64(0xf82012d430219f9b), U64(0xcda43c32bcdf1d77),
1162 U64(0xd21380b00449b17a), U64(0x378ee767f11631ba)
1163 },
1164};
1165
1166#define B(x,i,j) (((STREEBOG_LONG64)(*(((const unsigned char *)(&x))+i)))<<(j*8))
1167#define PULL64(x) (B(x,0,0)|B(x,1,1)|B(x,2,2)|B(x,3,3)|B(x,4,4)|B(x,5,5)|B(x,6,6)|B(x,7,7))
1168#define SWAB64(x) (B(x,0,7)|B(x,1,6)|B(x,2,5)|B(x,3,4)|B(x,4,3)|B(x,5,2)|B(x,6,1)|B(x,7,0))
1169
1170static inline STREEBOG_LONG64
1171multipermute(const STREEBOG_LONG64 *in, int i)
1172{
1173 STREEBOG_LONG64 t = 0;
1174
1175 t ^= A_PI_table[0][(in[0] >> (i * 8)) & 0xff];
1176 t ^= A_PI_table[1][(in[1] >> (i * 8)) & 0xff];
1177 t ^= A_PI_table[2][(in[2] >> (i * 8)) & 0xff];
1178 t ^= A_PI_table[3][(in[3] >> (i * 8)) & 0xff];
1179 t ^= A_PI_table[4][(in[4] >> (i * 8)) & 0xff];
1180 t ^= A_PI_table[5][(in[5] >> (i * 8)) & 0xff];
1181 t ^= A_PI_table[6][(in[6] >> (i * 8)) & 0xff];
1182 t ^= A_PI_table[7][(in[7] >> (i * 8)) & 0xff];
1183
1184 return t;
1185}
1186
1187static void
1188transform(STREEBOG_LONG64 *out, const STREEBOG_LONG64 *a,
1189 const STREEBOG_LONG64 *b)
1190{
1191 STREEBOG_LONG64 tmp[8];
1192
1193 tmp[0] = a[0] ^ b[0];
1194 tmp[1] = a[1] ^ b[1];
1195 tmp[2] = a[2] ^ b[2];
1196 tmp[3] = a[3] ^ b[3];
1197 tmp[4] = a[4] ^ b[4];
1198 tmp[5] = a[5] ^ b[5];
1199 tmp[6] = a[6] ^ b[6];
1200 tmp[7] = a[7] ^ b[7];
1201
1202 out[0] = multipermute(tmp, 0);
1203 out[1] = multipermute(tmp, 1);
1204 out[2] = multipermute(tmp, 2);
1205 out[3] = multipermute(tmp, 3);
1206 out[4] = multipermute(tmp, 4);
1207 out[5] = multipermute(tmp, 5);
1208 out[6] = multipermute(tmp, 6);
1209 out[7] = multipermute(tmp, 7);
1210}
1211
1212static inline void
1213gN(STREEBOG_LONG64 *h, STREEBOG_LONG64 *m, STREEBOG_LONG64 *N)
1214{
1215 STREEBOG_LONG64 K[8];
1216 STREEBOG_LONG64 T[8];
1217 int i;
1218
1219 transform(K, h, N);
1220
1221 transform(T, K, m);
1222 transform(K, K, C16[0]);
1223 for (i = 1; i < 12; i++) {
1224 transform(T, K, T);
1225 transform(K, K, C16[i]);
1226 }
1227
1228 h[0] ^= T[0] ^ K[0] ^ m[0];
1229 h[1] ^= T[1] ^ K[1] ^ m[1];
1230 h[2] ^= T[2] ^ K[2] ^ m[2];
1231 h[3] ^= T[3] ^ K[3] ^ m[3];
1232 h[4] ^= T[4] ^ K[4] ^ m[4];
1233 h[5] ^= T[5] ^ K[5] ^ m[5];
1234 h[6] ^= T[6] ^ K[6] ^ m[6];
1235 h[7] ^= T[7] ^ K[7] ^ m[7];
1236}
1237
1238
1239static void
1240streebog_single_block(STREEBOG_CTX *ctx, const unsigned char *in, size_t num)
1241{
1242 STREEBOG_LONG64 M[8], l;
1243 int i;
1244
1245 for (i = 0; i < 8; i++)
1246 M[i] = PULL64(in[i*8]);
1247
1248 gN(ctx->h, M, ctx->N);
1249
1250 l = ctx->N[0];
1251 ctx->N[0] += num;
1252
1253 if (ctx->N[0] < l || ctx->N[0] < num) {
1254 for (i = 1; i < 8; i++) {
1255 ctx->N[i]++;
1256 if (ctx->N[i] != 0)
1257 break;
1258 }
1259 }
1260
1261 ctx->Sigma[0] += M[0];
1262 for (i = 1; i < 8; i++)
1263 if (ctx->Sigma[i-1] < M[i-1])
1264 ctx->Sigma[i] += M[i] + 1;
1265 else
1266 ctx->Sigma[i] += M[i];
1267}
1268
1269
1270
1271static void
1272streebog_block_data_order(STREEBOG_CTX *ctx, const unsigned char *in,
1273 size_t num)
1274{
1275 int i;
1276
1277 for (i = 0; i < num; i++)
1278 streebog_single_block(ctx, in + i * STREEBOG_CBLOCK, 64 * 8);
1279}
1280
1281int
1282STREEBOG512_Final(unsigned char *md, STREEBOG_CTX *c)
1283{
1284 unsigned char *p = (unsigned char *)c->data;
1285 STREEBOG_LONG64 Z[STREEBOG_LBLOCK] = {0};
1286 int n;
1287
1288 if (c->num == STREEBOG_CBLOCK) {
1289 streebog_block_data_order(c, p, 1);
1290 c->num -= STREEBOG_CBLOCK;
1291 }
1292
1293 n = c->num;
1294 p[n++] = 1;
1295 memset(p + n, 0, STREEBOG_CBLOCK - n);
1296
1297 streebog_single_block(c, p, c->num * 8);
1298
1299 gN(c->h, c->N, Z);
1300 gN(c->h, c->Sigma, Z);
1301
1302 for (n = 0; n < STREEBOG_LBLOCK; n++)
1303 c->h[n] = SWAB64(c->h[n]);
1304
1305 if (md == NULL)
1306 return 0;
1307
1308 switch (c->md_len) {
1309 /* Let compiler decide if it's appropriate to unroll... */
1310 case STREEBOG256_LENGTH:
1311 for (n = 0; n < STREEBOG256_LENGTH / 8; n++) {
1312 STREEBOG_LONG64 t = c->h[4+n];
1313
1314#if BYTE_ORDER == BIG_ENDIAN
1315 *(md++) = (unsigned char)(t);
1316 *(md++) = (unsigned char)(t >> 8);
1317 *(md++) = (unsigned char)(t >> 16);
1318 *(md++) = (unsigned char)(t >> 24);
1319 *(md++) = (unsigned char)(t >> 32);
1320 *(md++) = (unsigned char)(t >> 40);
1321 *(md++) = (unsigned char)(t >> 48);
1322 *(md++) = (unsigned char)(t >> 56);
1323#else
1324 *(md++) = (unsigned char)(t >> 56);
1325 *(md++) = (unsigned char)(t >> 48);
1326 *(md++) = (unsigned char)(t >> 40);
1327 *(md++) = (unsigned char)(t >> 32);
1328 *(md++) = (unsigned char)(t >> 24);
1329 *(md++) = (unsigned char)(t >> 16);
1330 *(md++) = (unsigned char)(t >> 8);
1331 *(md++) = (unsigned char)(t);
1332#endif
1333 }
1334 break;
1335 case STREEBOG512_LENGTH:
1336 for (n = 0; n < STREEBOG512_LENGTH / 8; n++) {
1337 STREEBOG_LONG64 t = c->h[n];
1338
1339#if BYTE_ORDER == BIG_ENDIAN
1340 *(md++) = (unsigned char)(t);
1341 *(md++) = (unsigned char)(t >> 8);
1342 *(md++) = (unsigned char)(t >> 16);
1343 *(md++) = (unsigned char)(t >> 24);
1344 *(md++) = (unsigned char)(t >> 32);
1345 *(md++) = (unsigned char)(t >> 40);
1346 *(md++) = (unsigned char)(t >> 48);
1347 *(md++) = (unsigned char)(t >> 56);
1348#else
1349 *(md++) = (unsigned char)(t >> 56);
1350 *(md++) = (unsigned char)(t >> 48);
1351 *(md++) = (unsigned char)(t >> 40);
1352 *(md++) = (unsigned char)(t >> 32);
1353 *(md++) = (unsigned char)(t >> 24);
1354 *(md++) = (unsigned char)(t >> 16);
1355 *(md++) = (unsigned char)(t >> 8);
1356 *(md++) = (unsigned char)(t);
1357#endif
1358 }
1359 break;
1360 /* ... as well as make sure md_len is not abused. */
1361 default:
1362 return 0;
1363 }
1364
1365 return 1;
1366}
1367
1368int
1369STREEBOG256_Final(unsigned char *md, STREEBOG_CTX * c)
1370{
1371 return STREEBOG512_Final(md, c);
1372}
1373
1374int
1375STREEBOG512_Update(STREEBOG_CTX *c, const void *_data, size_t len)
1376{
1377 unsigned char *p = (unsigned char *)c->data;
1378 const unsigned char *data = (const unsigned char *)_data;
1379
1380 if (len == 0)
1381 return 1;
1382
1383 if (c->num != 0) {
1384 size_t n = STREEBOG_CBLOCK - c->num;
1385
1386 if (len < n) {
1387 memcpy(p + c->num, data, len);
1388 c->num += (unsigned int)len;
1389 return 1;
1390 } else {
1391 memcpy(p + c->num, data, n);
1392 c->num = 0;
1393 len -= n;
1394 data += n;
1395 streebog_block_data_order(c, p, 1);
1396 }
1397 }
1398
1399 if (len >= STREEBOG_CBLOCK) {
1400 streebog_block_data_order(c, data, len / STREEBOG_CBLOCK);
1401 data += len;
1402 len %= STREEBOG_CBLOCK;
1403 data -= len;
1404 }
1405
1406 if (len != 0) {
1407 memcpy(p, data, len);
1408 c->num = (int)len;
1409 }
1410
1411 return 1;
1412}
1413
1414int
1415STREEBOG256_Update(STREEBOG_CTX *c, const void *data, size_t len)
1416{
1417 return STREEBOG512_Update(c, data, len);
1418}
1419
1420void
1421STREEBOG512_Transform(STREEBOG_CTX *c, const unsigned char *data)
1422{
1423 streebog_block_data_order(c, data, 1);
1424}
1425
1426int
1427STREEBOG256_Init(STREEBOG_CTX *c)
1428{
1429 memset(c, 0, sizeof(*c));
1430 memset(c->h, 1, sizeof(c->h));
1431
1432 c->md_len = STREEBOG256_LENGTH;
1433 return 1;
1434}
1435
1436int
1437STREEBOG512_Init(STREEBOG_CTX *c)
1438{
1439 memset(c, 0, sizeof(*c));
1440 memset(c->h, 0, sizeof(c->h));
1441
1442 c->num = 0;
1443 c->md_len = STREEBOG512_LENGTH;
1444 return 1;
1445}
1446
1447unsigned char *
1448STREEBOG256(const unsigned char *d, size_t n, unsigned char *md)
1449{
1450 STREEBOG_CTX c;
1451 static unsigned char m[STREEBOG256_LENGTH];
1452
1453 if (md == NULL)
1454 md = m;
1455 STREEBOG256_Init(&c);
1456 STREEBOG256_Update(&c, d, n);
1457 STREEBOG256_Final(md, &c);
1458 OPENSSL_cleanse(&c, sizeof(c));
1459 return (md);
1460}
1461
1462unsigned char *
1463STREEBOG512(const unsigned char *d, size_t n, unsigned char *md)
1464{
1465 STREEBOG_CTX c;
1466 static unsigned char m[STREEBOG512_LENGTH];
1467
1468 if (md == NULL)
1469 md = m;
1470 STREEBOG512_Init(&c);
1471 STREEBOG512_Update(&c, d, n);
1472 STREEBOG512_Final(md, &c);
1473 OPENSSL_cleanse(&c, sizeof(c));
1474 return (md);
1475}
1476
1477#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-09 22:41:00 +0000