summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/Makefile22
-rw-r--r--src/lib/libcrypto/Symbols.list50
-rw-r--r--src/lib/libcrypto/evp/e_gost2814789.c312
-rw-r--r--src/lib/libcrypto/evp/m_gost2814789.c113
-rw-r--r--src/lib/libcrypto/evp/m_gostr341194.c100
-rw-r--r--src/lib/libcrypto/evp/p_lib.c10
-rw-r--r--src/lib/libcrypto/evp/pmeth_lib.c6
-rw-r--r--src/lib/libcrypto/gost/gost.h262
-rw-r--r--src/lib/libcrypto/gost/gost2814789.c480
-rw-r--r--src/lib/libcrypto/gost/gost89_keywrap.c138
-rw-r--r--src/lib/libcrypto/gost/gost89_params.c246
-rw-r--r--src/lib/libcrypto/gost/gost89imit_ameth.c89
-rw-r--r--src/lib/libcrypto/gost/gost89imit_pmeth.c255
-rw-r--r--src/lib/libcrypto/gost/gost_asn1.c299
-rw-r--r--src/lib/libcrypto/gost/gost_asn1.h107
-rw-r--r--src/lib/libcrypto/gost/gost_err.c106
-rw-r--r--src/lib/libcrypto/gost/gost_local.h116
-rw-r--r--src/lib/libcrypto/gost/gostr341001.c403
-rw-r--r--src/lib/libcrypto/gost/gostr341001_ameth.c727
-rw-r--r--src/lib/libcrypto/gost/gostr341001_key.c334
-rw-r--r--src/lib/libcrypto/gost/gostr341001_params.c132
-rw-r--r--src/lib/libcrypto/gost/gostr341001_pmeth.c705
-rw-r--r--src/lib/libcrypto/gost/gostr341194.c278
-rw-r--r--src/lib/libcrypto/gost/streebog.c1487
-rw-r--r--src/lib/libcrypto/opensslfeatures.h4
25 files changed, 5 insertions, 6776 deletions
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
index 0e4c783d9e..5ef55c6b6c 100644
--- a/src/lib/libcrypto/Makefile
+++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.172 2024/03/02 11:11:11 tb Exp $ 1# $OpenBSD: Makefile,v 1.173 2024/03/02 11:17:27 tb Exp $
2 2
3LIB= crypto 3LIB= crypto
4LIBREBUILD=y 4LIBREBUILD=y
@@ -357,7 +357,6 @@ SRCS+= e_chacha.c
357SRCS+= e_chacha20poly1305.c 357SRCS+= e_chacha20poly1305.c
358SRCS+= e_des.c 358SRCS+= e_des.c
359SRCS+= e_des3.c 359SRCS+= e_des3.c
360SRCS+= e_gost2814789.c
361SRCS+= e_idea.c 360SRCS+= e_idea.c
362SRCS+= e_null.c 361SRCS+= e_null.c
363SRCS+= e_rc2.c 362SRCS+= e_rc2.c
@@ -373,8 +372,6 @@ SRCS+= evp_key.c
373SRCS+= evp_names.c 372SRCS+= evp_names.c
374SRCS+= evp_pbe.c 373SRCS+= evp_pbe.c
375SRCS+= evp_pkey.c 374SRCS+= evp_pkey.c
376SRCS+= m_gost2814789.c
377SRCS+= m_gostr341194.c
378SRCS+= m_md4.c 375SRCS+= m_md4.c
379SRCS+= m_md5.c 376SRCS+= m_md5.c
380SRCS+= m_md5_sha1.c 377SRCS+= m_md5_sha1.c
@@ -394,22 +391,6 @@ SRCS+= pmeth_fn.c
394SRCS+= pmeth_gn.c 391SRCS+= pmeth_gn.c
395SRCS+= pmeth_lib.c 392SRCS+= pmeth_lib.c
396 393
397# gost/
398SRCS+= gost2814789.c
399SRCS+= gost89_keywrap.c
400SRCS+= gost89_params.c
401SRCS+= gost89imit_ameth.c
402SRCS+= gost89imit_pmeth.c
403SRCS+= gost_asn1.c
404SRCS+= gost_err.c
405SRCS+= gostr341001.c
406SRCS+= gostr341001_ameth.c
407SRCS+= gostr341001_key.c
408SRCS+= gostr341001_params.c
409SRCS+= gostr341001_pmeth.c
410SRCS+= gostr341194.c
411SRCS+= streebog.c
412
413# hkdf/ 394# hkdf/
414SRCS+= hkdf.c 395SRCS+= hkdf.c
415 396
@@ -728,7 +709,6 @@ HDRS=\
728 ${LCRYPTO_SRC}/engine/engine.h \ 709 ${LCRYPTO_SRC}/engine/engine.h \
729 ${LCRYPTO_SRC}/err/err.h \ 710 ${LCRYPTO_SRC}/err/err.h \
730 ${LCRYPTO_SRC}/evp/evp.h \ 711 ${LCRYPTO_SRC}/evp/evp.h \
731 ${LCRYPTO_SRC}/gost/gost.h \
732 ${LCRYPTO_SRC}/hkdf/hkdf.h \ 712 ${LCRYPTO_SRC}/hkdf/hkdf.h \
733 ${LCRYPTO_SRC}/hmac/hmac.h \ 713 ${LCRYPTO_SRC}/hmac/hmac.h \
734 ${LCRYPTO_SRC}/idea/idea.h \ 714 ${LCRYPTO_SRC}/idea/idea.h \
diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
index f14233f649..ac82746c2a 100644
--- a/src/lib/libcrypto/Symbols.list
+++ b/src/lib/libcrypto/Symbols.list
@@ -1099,7 +1099,6 @@ ERR_load_DSA_strings
1099ERR_load_EC_strings 1099ERR_load_EC_strings
1100ERR_load_ERR_strings 1100ERR_load_ERR_strings
1101ERR_load_EVP_strings 1101ERR_load_EVP_strings
1102ERR_load_GOST_strings
1103ERR_load_OBJ_strings 1102ERR_load_OBJ_strings
1104ERR_load_OCSP_strings 1103ERR_load_OCSP_strings
1105ERR_load_PEM_strings 1104ERR_load_PEM_strings
@@ -1453,11 +1452,6 @@ EVP_enc_null
1453EVP_get_cipherbyname 1452EVP_get_cipherbyname
1454EVP_get_digestbyname 1453EVP_get_digestbyname
1455EVP_get_pw_prompt 1454EVP_get_pw_prompt
1456EVP_gost2814789_cfb64
1457EVP_gost2814789_cnt
1458EVP_gost2814789_ecb
1459EVP_gost2814789imit
1460EVP_gostr341194
1461EVP_idea_cbc 1455EVP_idea_cbc
1462EVP_idea_cfb64 1456EVP_idea_cfb64
1463EVP_idea_ecb 1457EVP_idea_ecb
@@ -1495,8 +1489,6 @@ EVP_sm4_cfb128
1495EVP_sm4_ctr 1489EVP_sm4_ctr
1496EVP_sm4_ecb 1490EVP_sm4_ecb
1497EVP_sm4_ofb 1491EVP_sm4_ofb
1498EVP_streebog256
1499EVP_streebog512
1500EVP_whirlpool 1492EVP_whirlpool
1501EXTENDED_KEY_USAGE_free 1493EXTENDED_KEY_USAGE_free
1502EXTENDED_KEY_USAGE_it 1494EXTENDED_KEY_USAGE_it
@@ -1519,37 +1511,6 @@ GENERAL_NAME_set0_value
1519GENERAL_SUBTREE_free 1511GENERAL_SUBTREE_free
1520GENERAL_SUBTREE_it 1512GENERAL_SUBTREE_it
1521GENERAL_SUBTREE_new 1513GENERAL_SUBTREE_new
1522GOST2814789IMIT
1523GOST2814789IMIT_Final
1524GOST2814789IMIT_Init
1525GOST2814789IMIT_Transform
1526GOST2814789IMIT_Update
1527GOSTR341194
1528GOSTR341194_Final
1529GOSTR341194_Init
1530GOSTR341194_Transform
1531GOSTR341194_Update
1532GOST_CIPHER_PARAMS_free
1533GOST_CIPHER_PARAMS_it
1534GOST_CIPHER_PARAMS_new
1535GOST_KEY_check_key
1536GOST_KEY_free
1537GOST_KEY_get0_group
1538GOST_KEY_get0_private_key
1539GOST_KEY_get0_public_key
1540GOST_KEY_get_digest
1541GOST_KEY_get_size
1542GOST_KEY_new
1543GOST_KEY_set_digest
1544GOST_KEY_set_group
1545GOST_KEY_set_private_key
1546GOST_KEY_set_public_key
1547GOST_KEY_set_public_key_affine_coordinates
1548Gost2814789_cfb64_encrypt
1549Gost2814789_cnt_encrypt
1550Gost2814789_ecb_encrypt
1551Gost2814789_set_key
1552Gost2814789_set_sbox
1553HKDF 1514HKDF
1554HKDF_expand 1515HKDF_expand
1555HKDF_extract 1516HKDF_extract
@@ -2262,15 +2223,6 @@ SMIME_write_CMS
2262SMIME_write_PKCS7 2223SMIME_write_PKCS7
2263SSLeay 2224SSLeay
2264SSLeay_version 2225SSLeay_version
2265STREEBOG256
2266STREEBOG256_Final
2267STREEBOG256_Init
2268STREEBOG256_Update
2269STREEBOG512
2270STREEBOG512_Final
2271STREEBOG512_Init
2272STREEBOG512_Transform
2273STREEBOG512_Update
2274TS_ACCURACY_dup 2226TS_ACCURACY_dup
2275TS_ACCURACY_free 2227TS_ACCURACY_free
2276TS_ACCURACY_get_micros 2228TS_ACCURACY_get_micros
@@ -3103,7 +3055,6 @@ d2i_ESS_SIGNING_CERT
3103d2i_EXTENDED_KEY_USAGE 3055d2i_EXTENDED_KEY_USAGE
3104d2i_GENERAL_NAME 3056d2i_GENERAL_NAME
3105d2i_GENERAL_NAMES 3057d2i_GENERAL_NAMES
3106d2i_GOST_CIPHER_PARAMS
3107d2i_IPAddressChoice 3058d2i_IPAddressChoice
3108d2i_IPAddressFamily 3059d2i_IPAddressFamily
3109d2i_IPAddressOrRange 3060d2i_IPAddressOrRange
@@ -3294,7 +3245,6 @@ i2d_ESS_SIGNING_CERT
3294i2d_EXTENDED_KEY_USAGE 3245i2d_EXTENDED_KEY_USAGE
3295i2d_GENERAL_NAME 3246i2d_GENERAL_NAME
3296i2d_GENERAL_NAMES 3247i2d_GENERAL_NAMES
3297i2d_GOST_CIPHER_PARAMS
3298i2d_IPAddressChoice 3248i2d_IPAddressChoice
3299i2d_IPAddressFamily 3249i2d_IPAddressFamily
3300i2d_IPAddressOrRange 3250i2d_IPAddressOrRange
diff --git a/src/lib/libcrypto/evp/e_gost2814789.c b/src/lib/libcrypto/evp/e_gost2814789.c
deleted file mode 100644
index 48619d109d..0000000000
--- a/src/lib/libcrypto/evp/e_gost2814789.c
+++ /dev/null
@@ -1,312 +0,0 @@
1/* $OpenBSD: e_gost2814789.c,v 1.14 2024/01/04 17:38:36 tb Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57#include <openssl/evp.h>
58#include <openssl/err.h>
59#include <openssl/gost.h>
60
61#include "evp_local.h"
62
63typedef struct {
64 GOST2814789_KEY ks;
65 int param_nid;
66} EVP_GOST2814789_CTX;
67
68static int
69gost2814789_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
70 const unsigned char *iv, int enc)
71{
72 EVP_GOST2814789_CTX *c = ctx->cipher_data;
73
74 return Gost2814789_set_key(&c->ks, key, ctx->key_len * 8);
75}
76
77static int
78gost2814789_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
79{
80 EVP_GOST2814789_CTX *c = ctx->cipher_data;
81
82 switch (type) {
83 case EVP_CTRL_PBE_PRF_NID:
84 if (ptr != NULL) {
85 *((int *)ptr) = NID_id_HMACGostR3411_94;
86 return 1;
87 } else {
88 return 0;
89 }
90 case EVP_CTRL_INIT:
91 /* Default value to have any s-box set at all */
92 c->param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
93 return Gost2814789_set_sbox(&c->ks, c->param_nid);
94 case EVP_CTRL_GOST_SET_SBOX:
95 return Gost2814789_set_sbox(&c->ks, arg);
96 default:
97 return -1;
98 }
99}
100
101int
102gost2814789_set_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
103{
104 int len = 0;
105 unsigned char *buf = NULL;
106 unsigned char *p = NULL;
107 EVP_GOST2814789_CTX *c = ctx->cipher_data;
108 ASN1_OCTET_STRING *os = NULL;
109 GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();
110
111 if (gcp == NULL) {
112 GOSTerror(ERR_R_MALLOC_FAILURE);
113 return 0;
114 }
115 if (ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len) == 0) {
116 GOST_CIPHER_PARAMS_free(gcp);
117 GOSTerror(ERR_R_ASN1_LIB);
118 return 0;
119 }
120 ASN1_OBJECT_free(gcp->enc_param_set);
121 gcp->enc_param_set = OBJ_nid2obj(c->param_nid);
122
123 len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);
124 p = buf = malloc(len);
125 if (buf == NULL) {
126 GOST_CIPHER_PARAMS_free(gcp);
127 GOSTerror(ERR_R_MALLOC_FAILURE);
128 return 0;
129 }
130 i2d_GOST_CIPHER_PARAMS(gcp, &p);
131 GOST_CIPHER_PARAMS_free(gcp);
132
133 os = ASN1_OCTET_STRING_new();
134 if (os == NULL) {
135 free(buf);
136 GOSTerror(ERR_R_MALLOC_FAILURE);
137 return 0;
138 }
139 if (ASN1_OCTET_STRING_set(os, buf, len) == 0) {
140 ASN1_OCTET_STRING_free(os);
141 free(buf);
142 GOSTerror(ERR_R_ASN1_LIB);
143 return 0;
144 }
145 free(buf);
146
147 ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
148 return 1;
149}
150
151int
152gost2814789_get_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
153{
154 int ret = -1;
155 int len;
156 GOST_CIPHER_PARAMS *gcp = NULL;
157 EVP_GOST2814789_CTX *c = ctx->cipher_data;
158 unsigned char *p;
159
160 if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE)
161 return ret;
162
163 p = params->value.sequence->data;
164
165 gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,
166 params->value.sequence->length);
167
168 len = gcp->iv->length;
169 if (len != ctx->cipher->iv_len) {
170 GOST_CIPHER_PARAMS_free(gcp);
171 GOSTerror(GOST_R_INVALID_IV_LENGTH);
172 return -1;
173 }
174
175 if (!Gost2814789_set_sbox(&c->ks, OBJ_obj2nid(gcp->enc_param_set))) {
176 GOST_CIPHER_PARAMS_free(gcp);
177 return -1;
178 }
179 c->param_nid = OBJ_obj2nid(gcp->enc_param_set);
180
181 memcpy(ctx->oiv, gcp->iv->data, len);
182 memcpy(ctx->iv, gcp->iv->data, len);
183
184 GOST_CIPHER_PARAMS_free(gcp);
185
186 return 1;
187}
188
189static int
190gost2814789_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
191{
192 size_t i, bl;
193
194 bl = ctx->cipher->block_size;
195
196 if (inl < bl)
197 return 1;
198
199 inl -= bl;
200
201 for (i = 0; i <= inl; i += bl)
202 Gost2814789_ecb_encrypt(in + i, out + i, &((EVP_GOST2814789_CTX *)ctx->cipher_data)->ks, ctx->encrypt);
203
204 return 1;
205}
206
207static int
208gost2814789_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
209{
210 size_t chunk = EVP_MAXCHUNK;
211
212 if (inl < chunk)
213 chunk = inl;
214
215 while (inl && inl >= chunk) {
216 Gost2814789_cfb64_encrypt(in, out, chunk, &((EVP_GOST2814789_CTX *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
217 inl -= chunk;
218 in += chunk;
219 out += chunk;
220 if (inl < chunk)
221 chunk = inl;
222 }
223
224 return 1;
225}
226
227static int
228gost2814789_cnt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
229 const unsigned char *in, size_t inl)
230{
231 EVP_GOST2814789_CTX *c = ctx->cipher_data;
232
233 while (inl >= EVP_MAXCHUNK) {
234 Gost2814789_cnt_encrypt(in, out, EVP_MAXCHUNK, &c->ks,
235 ctx->iv, ctx->buf, &ctx->num);
236 inl -= EVP_MAXCHUNK;
237 in += EVP_MAXCHUNK;
238 out += EVP_MAXCHUNK;
239 }
240
241 if (inl)
242 Gost2814789_cnt_encrypt(in, out, inl, &c->ks, ctx->iv, ctx->buf,
243 &ctx->num);
244 return 1;
245}
246
247/* gost89 is CFB-64 */
248#define NID_gost89_cfb64 NID_id_Gost28147_89
249
250static const EVP_CIPHER gost2814789_ecb = {
251 .nid = NID_gost89_ecb,
252 .block_size = 8,
253 .key_len = 32,
254 .iv_len = 0,
255 .flags = EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT | EVP_CIPH_ECB_MODE,
256 .init = gost2814789_init_key,
257 .do_cipher = gost2814789_ecb_cipher,
258 .cleanup = NULL,
259 .ctx_size = sizeof(EVP_GOST2814789_CTX),
260 .set_asn1_parameters = gost2814789_set_asn1_params,
261 .get_asn1_parameters = gost2814789_get_asn1_params,
262 .ctrl = gost2814789_ctl,
263};
264
265const EVP_CIPHER *
266EVP_gost2814789_ecb(void)
267{
268 return &gost2814789_ecb;
269}
270
271static const EVP_CIPHER gost2814789_cfb64 = {
272 .nid = NID_gost89_cfb64,
273 .block_size = 1,
274 .key_len = 32,
275 .iv_len = 8,
276 .flags = EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT | EVP_CIPH_CFB_MODE,
277 .init = gost2814789_init_key,
278 .do_cipher = gost2814789_cfb64_cipher,
279 .cleanup = NULL,
280 .ctx_size = sizeof(EVP_GOST2814789_CTX),
281 .set_asn1_parameters = gost2814789_set_asn1_params,
282 .get_asn1_parameters = gost2814789_get_asn1_params,
283 .ctrl = gost2814789_ctl,
284};
285
286const EVP_CIPHER *
287EVP_gost2814789_cfb64(void)
288{
289 return &gost2814789_cfb64;
290}
291
292static const EVP_CIPHER gost2814789_cnt = {
293 .nid = NID_gost89_cnt,
294 .block_size = 1,
295 .key_len = 32,
296 .iv_len = 8,
297 .flags = EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT | EVP_CIPH_OFB_MODE,
298 .init = gost2814789_init_key,
299 .do_cipher = gost2814789_cnt_cipher,
300 .cleanup = NULL,
301 .ctx_size = sizeof(EVP_GOST2814789_CTX),
302 .set_asn1_parameters = gost2814789_set_asn1_params,
303 .get_asn1_parameters = gost2814789_get_asn1_params,
304 .ctrl = gost2814789_ctl,
305};
306
307const EVP_CIPHER *
308EVP_gost2814789_cnt(void)
309{
310 return &gost2814789_cnt;
311}
312#endif
diff --git a/src/lib/libcrypto/evp/m_gost2814789.c b/src/lib/libcrypto/evp/m_gost2814789.c
deleted file mode 100644
index 9b8a09e5a4..0000000000
--- a/src/lib/libcrypto/evp/m_gost2814789.c
+++ /dev/null
@@ -1,113 +0,0 @@
1/* $OpenBSD: m_gost2814789.c,v 1.6 2023/07/07 19:37:53 beck Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <openssl/opensslconf.h>
53
54#ifndef OPENSSL_NO_GOST
55
56#include <openssl/evp.h>
57#include <openssl/gost.h>
58#include <openssl/objects.h>
59
60#include "evp_local.h"
61
62static int
63gost2814789_init(EVP_MD_CTX *ctx)
64{
65 return GOST2814789IMIT_Init(ctx->md_data,
66 NID_id_Gost28147_89_CryptoPro_A_ParamSet);
67}
68
69static int
70gost2814789_update(EVP_MD_CTX *ctx, const void *data, size_t count)
71{
72 return GOST2814789IMIT_Update(ctx->md_data, data, count);
73}
74
75static int
76gost2814789_final(EVP_MD_CTX *ctx, unsigned char *md)
77{
78 return GOST2814789IMIT_Final(md, ctx->md_data);
79}
80
81static int
82gost2814789_md_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
83{
84 GOST2814789IMIT_CTX *gctx = ctx->md_data;
85
86 switch (cmd) {
87 case EVP_MD_CTRL_SET_KEY:
88 return Gost2814789_set_key(&gctx->cipher, p2, p1);
89 case EVP_MD_CTRL_GOST_SET_SBOX:
90 return Gost2814789_set_sbox(&gctx->cipher, p1);
91 }
92 return -2;
93}
94
95static const EVP_MD gost2814789imit_md = {
96 .type = NID_id_Gost28147_89_MAC,
97 .pkey_type = NID_undef,
98 .md_size = GOST2814789IMIT_LENGTH,
99 .flags = 0,
100 .init = gost2814789_init,
101 .update = gost2814789_update,
102 .final = gost2814789_final,
103 .block_size = GOST2814789IMIT_CBLOCK,
104 .ctx_size = sizeof(EVP_MD *) + sizeof(GOST2814789IMIT_CTX),
105 .md_ctrl = gost2814789_md_ctrl,
106};
107
108const EVP_MD *
109EVP_gost2814789imit(void)
110{
111 return (&gost2814789imit_md);
112}
113#endif
diff --git a/src/lib/libcrypto/evp/m_gostr341194.c b/src/lib/libcrypto/evp/m_gostr341194.c
deleted file mode 100644
index 723349a0d8..0000000000
--- a/src/lib/libcrypto/evp/m_gostr341194.c
+++ /dev/null
@@ -1,100 +0,0 @@
1/* $OpenBSD: m_gostr341194.c,v 1.7 2023/07/07 19:37:53 beck Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <stdio.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57
58#include <openssl/evp.h>
59#include <openssl/gost.h>
60#include <openssl/objects.h>
61
62#include "evp_local.h"
63
64static int
65gostr341194_init(EVP_MD_CTX *ctx)
66{
67 return GOSTR341194_Init(ctx->md_data,
68 NID_id_GostR3411_94_CryptoProParamSet);
69}
70
71static int
72gostr341194_update(EVP_MD_CTX *ctx, const void *data, size_t count)
73{
74 return GOSTR341194_Update(ctx->md_data, data, count);
75}
76
77static int
78gostr341194_final(EVP_MD_CTX *ctx, unsigned char *md)
79{
80 return GOSTR341194_Final(md, ctx->md_data);
81}
82
83static const EVP_MD gostr341194_md = {
84 .type = NID_id_GostR3411_94,
85 .pkey_type = NID_undef,
86 .md_size = GOSTR341194_LENGTH,
87 .flags = 0,
88 .init = gostr341194_init,
89 .update = gostr341194_update,
90 .final = gostr341194_final,
91 .block_size = GOSTR341194_CBLOCK,
92 .ctx_size = sizeof(EVP_MD *) + sizeof(GOSTR341194_CTX),
93};
94
95const EVP_MD *
96EVP_gostr341194(void)
97{
98 return (&gostr341194_md);
99}
100#endif
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index 558c89d427..8bf820560c 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p_lib.c,v 1.58 2024/01/05 21:22:01 tb Exp $ */ 1/* $OpenBSD: p_lib.c,v 1.59 2024/03/02 11:17:27 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -140,10 +140,6 @@ extern const EVP_PKEY_ASN1_METHOD dsa3_asn1_meth;
140extern const EVP_PKEY_ASN1_METHOD dsa4_asn1_meth; 140extern const EVP_PKEY_ASN1_METHOD dsa4_asn1_meth;
141extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; 141extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
142extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth; 142extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
143extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth;
144extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meth;
145extern const EVP_PKEY_ASN1_METHOD gostr12_256_asn1_meth;
146extern const EVP_PKEY_ASN1_METHOD gostr12_512_asn1_meth;
147extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; 143extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
148extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth; 144extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth;
149extern const EVP_PKEY_ASN1_METHOD rsa2_asn1_meth; 145extern const EVP_PKEY_ASN1_METHOD rsa2_asn1_meth;
@@ -160,10 +156,6 @@ static const EVP_PKEY_ASN1_METHOD *asn1_methods[] = {
160 &dsa4_asn1_meth, 156 &dsa4_asn1_meth,
161 &eckey_asn1_meth, 157 &eckey_asn1_meth,
162 &ed25519_asn1_meth, 158 &ed25519_asn1_meth,
163 &gostimit_asn1_meth,
164 &gostr01_asn1_meth,
165 &gostr12_256_asn1_meth,
166 &gostr12_512_asn1_meth,
167 &hmac_asn1_meth, 159 &hmac_asn1_meth,
168 &rsa_asn1_meth, 160 &rsa_asn1_meth,
169 &rsa2_asn1_meth, 161 &rsa2_asn1_meth,
diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c
index a0d57594d8..a2a9ad9c7b 100644
--- a/src/lib/libcrypto/evp/pmeth_lib.c
+++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pmeth_lib.c,v 1.38 2024/03/02 10:04:40 tb Exp $ */ 1/* $OpenBSD: pmeth_lib.c,v 1.39 2024/03/02 11:17:27 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -76,8 +76,6 @@ extern const EVP_PKEY_METHOD dh_pkey_meth;
76extern const EVP_PKEY_METHOD dsa_pkey_meth; 76extern const EVP_PKEY_METHOD dsa_pkey_meth;
77extern const EVP_PKEY_METHOD ec_pkey_meth; 77extern const EVP_PKEY_METHOD ec_pkey_meth;
78extern const EVP_PKEY_METHOD ed25519_pkey_meth; 78extern const EVP_PKEY_METHOD ed25519_pkey_meth;
79extern const EVP_PKEY_METHOD gostimit_pkey_meth;
80extern const EVP_PKEY_METHOD gostr01_pkey_meth;
81extern const EVP_PKEY_METHOD hkdf_pkey_meth; 79extern const EVP_PKEY_METHOD hkdf_pkey_meth;
82extern const EVP_PKEY_METHOD hmac_pkey_meth; 80extern const EVP_PKEY_METHOD hmac_pkey_meth;
83extern const EVP_PKEY_METHOD rsa_pkey_meth; 81extern const EVP_PKEY_METHOD rsa_pkey_meth;
@@ -90,8 +88,6 @@ static const EVP_PKEY_METHOD *pkey_methods[] = {
90 &dsa_pkey_meth, 88 &dsa_pkey_meth,
91 &ec_pkey_meth, 89 &ec_pkey_meth,
92 &ed25519_pkey_meth, 90 &ed25519_pkey_meth,
93 &gostimit_pkey_meth,
94 &gostr01_pkey_meth,
95 &hkdf_pkey_meth, 91 &hkdf_pkey_meth,
96 &hmac_pkey_meth, 92 &hmac_pkey_meth,
97 &rsa_pkey_meth, 93 &rsa_pkey_meth,
diff --git a/src/lib/libcrypto/gost/gost.h b/src/lib/libcrypto/gost/gost.h
deleted file mode 100644
index c7d9d25b2b..0000000000
--- a/src/lib/libcrypto/gost/gost.h
+++ /dev/null
@@ -1,262 +0,0 @@
1/* $OpenBSD: gost.h,v 1.4 2022/07/12 14:42:49 kn Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#ifndef HEADER_GOST_H
53#define HEADER_GOST_H
54
55#include <openssl/opensslconf.h>
56
57#ifdef OPENSSL_NO_GOST
58#error GOST is disabled.
59#endif
60
61#include <openssl/asn1t.h>
62#include <openssl/ec.h>
63
64#ifdef __cplusplus
65extern "C" {
66#endif
67
68typedef struct gost2814789_key_st {
69 unsigned int key[8];
70 unsigned int k87[256],k65[256],k43[256],k21[256];
71 unsigned int count;
72 unsigned key_meshing : 1;
73} GOST2814789_KEY;
74
75int Gost2814789_set_sbox(GOST2814789_KEY *key, int nid);
76int Gost2814789_set_key(GOST2814789_KEY *key,
77 const unsigned char *userKey, const int bits);
78void Gost2814789_ecb_encrypt(const unsigned char *in, unsigned char *out,
79 GOST2814789_KEY *key, const int enc);
80void Gost2814789_cfb64_encrypt(const unsigned char *in, unsigned char *out,
81 size_t length, GOST2814789_KEY *key,
82 unsigned char *ivec, int *num, const int enc);
83void Gost2814789_cnt_encrypt(const unsigned char *in, unsigned char *out,
84 size_t length, GOST2814789_KEY *key,
85 unsigned char *ivec, unsigned char *cnt_buf, int *num);
86
87typedef struct {
88 ASN1_OCTET_STRING *iv;
89 ASN1_OBJECT *enc_param_set;
90} GOST_CIPHER_PARAMS;
91
92GOST_CIPHER_PARAMS *GOST_CIPHER_PARAMS_new(void);
93void GOST_CIPHER_PARAMS_free(GOST_CIPHER_PARAMS *a);
94GOST_CIPHER_PARAMS *d2i_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS **a, const unsigned char **in, long len);
95int i2d_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS *a, unsigned char **out);
96extern const ASN1_ITEM GOST_CIPHER_PARAMS_it;
97
98#define GOST2814789IMIT_LENGTH 4
99#define GOST2814789IMIT_CBLOCK 8
100#define GOST2814789IMIT_LONG unsigned int
101
102typedef struct GOST2814789IMITstate_st {
103 GOST2814789IMIT_LONG Nl, Nh;
104 unsigned char data[GOST2814789IMIT_CBLOCK];
105 unsigned int num;
106
107 GOST2814789_KEY cipher;
108 unsigned char mac[GOST2814789IMIT_CBLOCK];
109} GOST2814789IMIT_CTX;
110
111/* Note, also removed second parameter and removed dctx->cipher setting */
112int GOST2814789IMIT_Init(GOST2814789IMIT_CTX *c, int nid);
113int GOST2814789IMIT_Update(GOST2814789IMIT_CTX *c, const void *data, size_t len);
114int GOST2814789IMIT_Final(unsigned char *md, GOST2814789IMIT_CTX *c);
115void GOST2814789IMIT_Transform(GOST2814789IMIT_CTX *c, const unsigned char *data);
116unsigned char *GOST2814789IMIT(const unsigned char *d, size_t n,
117 unsigned char *md, int nid,
118 const unsigned char *key, const unsigned char *iv);
119
120#define GOSTR341194_LONG unsigned int
121
122#define GOSTR341194_LENGTH 32
123#define GOSTR341194_CBLOCK 32
124#define GOSTR341194_LBLOCK (GOSTR341194_CBLOCK/4)
125
126typedef struct GOSTR341194state_st {
127 GOSTR341194_LONG Nl, Nh;
128 GOSTR341194_LONG data[GOSTR341194_LBLOCK];
129 unsigned int num;
130
131 GOST2814789_KEY cipher;
132 unsigned char H[GOSTR341194_CBLOCK];
133 unsigned char S[GOSTR341194_CBLOCK];
134} GOSTR341194_CTX;
135
136/* Note, also removed second parameter and removed dctx->cipher setting */
137int GOSTR341194_Init(GOSTR341194_CTX *c, int nid);
138int GOSTR341194_Update(GOSTR341194_CTX *c, const void *data, size_t len);
139int GOSTR341194_Final(unsigned char *md, GOSTR341194_CTX *c);
140void GOSTR341194_Transform(GOSTR341194_CTX *c, const unsigned char *data);
141unsigned char *GOSTR341194(const unsigned char *d, size_t n,unsigned char *md, int nid);
142
143#if defined(_LP64)
144#define STREEBOG_LONG64 unsigned long
145#define U64(C) C##UL
146#else
147#define STREEBOG_LONG64 unsigned long long
148#define U64(C) C##ULL
149#endif
150
151#define STREEBOG_LBLOCK 8
152#define STREEBOG_CBLOCK 64
153#define STREEBOG256_LENGTH 32
154#define STREEBOG512_LENGTH 64
155
156typedef struct STREEBOGstate_st {
157 STREEBOG_LONG64 data[STREEBOG_LBLOCK];
158 unsigned int num;
159 unsigned int md_len;
160 STREEBOG_LONG64 h[STREEBOG_LBLOCK];
161 STREEBOG_LONG64 N[STREEBOG_LBLOCK];
162 STREEBOG_LONG64 Sigma[STREEBOG_LBLOCK];
163} STREEBOG_CTX;
164
165int STREEBOG256_Init(STREEBOG_CTX *c);
166int STREEBOG256_Update(STREEBOG_CTX *c, const void *data, size_t len);
167int STREEBOG256_Final(unsigned char *md, STREEBOG_CTX *c);
168void STREEBOG256_Transform(STREEBOG_CTX *c, const unsigned char *data);
169unsigned char *STREEBOG256(const unsigned char *d, size_t n,unsigned char *md);
170
171int STREEBOG512_Init(STREEBOG_CTX *c);
172int STREEBOG512_Update(STREEBOG_CTX *c, const void *data, size_t len);
173int STREEBOG512_Final(unsigned char *md, STREEBOG_CTX *c);
174void STREEBOG512_Transform(STREEBOG_CTX *c, const unsigned char *data);
175unsigned char *STREEBOG512(const unsigned char *d, size_t n,unsigned char *md);
176
177typedef struct gost_key_st GOST_KEY;
178GOST_KEY *GOST_KEY_new(void);
179void GOST_KEY_free(GOST_KEY * r);
180int GOST_KEY_check_key(const GOST_KEY * eckey);
181int GOST_KEY_set_public_key_affine_coordinates(GOST_KEY * key, BIGNUM * x, BIGNUM * y);
182const EC_GROUP * GOST_KEY_get0_group(const GOST_KEY * key);
183int GOST_KEY_set_group(GOST_KEY * key, const EC_GROUP * group);
184int GOST_KEY_get_digest(const GOST_KEY * key);
185int GOST_KEY_set_digest(GOST_KEY * key, int digest_nid);
186const BIGNUM * GOST_KEY_get0_private_key(const GOST_KEY * key);
187int GOST_KEY_set_private_key(GOST_KEY * key, const BIGNUM * priv_key);
188const EC_POINT * GOST_KEY_get0_public_key(const GOST_KEY * key);
189int GOST_KEY_set_public_key(GOST_KEY * key, const EC_POINT * pub_key);
190size_t GOST_KEY_get_size(const GOST_KEY * r);
191
192/* Gost-specific pmeth control-function parameters */
193/* For GOST R34.10 parameters */
194#define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL+1)
195#define EVP_PKEY_CTRL_GOST_SIG_FORMAT (EVP_PKEY_ALG_CTRL+2)
196#define EVP_PKEY_CTRL_GOST_SET_DIGEST (EVP_PKEY_ALG_CTRL+3)
197#define EVP_PKEY_CTRL_GOST_GET_DIGEST (EVP_PKEY_ALG_CTRL+4)
198
199#define GOST_SIG_FORMAT_SR_BE 0
200#define GOST_SIG_FORMAT_RS_LE 1
201
202void ERR_load_GOST_strings(void);
203
204/* Error codes for the GOST functions. */
205
206/* Function codes. */
207#define GOST_F_DECODE_GOST01_ALGOR_PARAMS 104
208#define GOST_F_ENCODE_GOST01_ALGOR_PARAMS 105
209#define GOST_F_GOST2001_COMPUTE_PUBLIC 106
210#define GOST_F_GOST2001_DO_SIGN 107
211#define GOST_F_GOST2001_DO_VERIFY 108
212#define GOST_F_GOST2001_KEYGEN 109
213#define GOST_F_GOST89_GET_ASN1_PARAMETERS 102
214#define GOST_F_GOST89_SET_ASN1_PARAMETERS 103
215#define GOST_F_GOST_KEY_CHECK_KEY 124
216#define GOST_F_GOST_KEY_NEW 125
217#define GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 126
218#define GOST_F_PARAM_COPY_GOST01 110
219#define GOST_F_PARAM_DECODE_GOST01 111
220#define GOST_F_PKEY_GOST01_CTRL 116
221#define GOST_F_PKEY_GOST01_DECRYPT 112
222#define GOST_F_PKEY_GOST01_DERIVE 113
223#define GOST_F_PKEY_GOST01_ENCRYPT 114
224#define GOST_F_PKEY_GOST01_PARAMGEN 115
225#define GOST_F_PKEY_GOST01_SIGN 123
226#define GOST_F_PKEY_GOST_MAC_CTRL 100
227#define GOST_F_PKEY_GOST_MAC_KEYGEN 101
228#define GOST_F_PRIV_DECODE_GOST01 117
229#define GOST_F_PUB_DECODE_GOST01 118
230#define GOST_F_PUB_ENCODE_GOST01 119
231#define GOST_F_PUB_PRINT_GOST01 120
232#define GOST_F_UNPACK_SIGNATURE_CP 121
233#define GOST_F_UNPACK_SIGNATURE_LE 122
234
235/* Reason codes. */
236#define GOST_R_BAD_KEY_PARAMETERS_FORMAT 104
237#define GOST_R_BAD_PKEY_PARAMETERS_FORMAT 105
238#define GOST_R_CANNOT_PACK_EPHEMERAL_KEY 106
239#define GOST_R_CTRL_CALL_FAILED 107
240#define GOST_R_ERROR_COMPUTING_SHARED_KEY 108
241#define GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO 109
242#define GOST_R_INCOMPATIBLE_ALGORITHMS 110
243#define GOST_R_INCOMPATIBLE_PEER_KEY 111
244#define GOST_R_INVALID_DIGEST_TYPE 100
245#define GOST_R_INVALID_IV_LENGTH 103
246#define GOST_R_INVALID_MAC_KEY_LENGTH 101
247#define GOST_R_KEY_IS_NOT_INITIALIZED 112
248#define GOST_R_KEY_PARAMETERS_MISSING 113
249#define GOST_R_MAC_KEY_NOT_SET 102
250#define GOST_R_NO_PARAMETERS_SET 115
251#define GOST_R_NO_PEER_KEY 116
252#define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR 117
253#define GOST_R_PUBLIC_KEY_UNDEFINED 118
254#define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED 120
255#define GOST_R_SIGNATURE_MISMATCH 121
256#define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q 122
257#define GOST_R_UKM_NOT_SET 123
258
259#ifdef __cplusplus
260}
261#endif
262#endif
diff --git a/src/lib/libcrypto/gost/gost2814789.c b/src/lib/libcrypto/gost/gost2814789.c
deleted file mode 100644
index dac3a8eab8..0000000000
--- a/src/lib/libcrypto/gost/gost2814789.c
+++ /dev/null
@@ -1,480 +0,0 @@
1/* $OpenBSD: gost2814789.c,v 1.9 2023/07/08 14:30:44 beck Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <endian.h>
53#include <string.h>
54
55#include <openssl/opensslconf.h>
56
57#ifndef OPENSSL_NO_GOST
58#include <openssl/objects.h>
59#include <openssl/gost.h>
60
61#include "gost_local.h"
62
63static inline unsigned int
64f(const GOST2814789_KEY *c, unsigned int x)
65{
66 return c->k87[(x>>24) & 255] | c->k65[(x>>16) & 255]|
67 c->k43[(x>> 8) & 255] | c->k21[(x ) & 255];
68}
69
70void
71Gost2814789_encrypt(const unsigned char *in, unsigned char *out,
72 const GOST2814789_KEY *key)
73{
74 unsigned int n1, n2; /* As named in the GOST */
75
76 c2l(in, n1);
77 c2l(in, n2);
78
79 /* Instead of swapping halves, swap names each round */
80 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
81 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
82 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
83 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
84
85 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
86 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
87 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
88 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
89
90 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
91 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
92 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
93 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
94
95 n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
96 n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
97 n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
98 n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
99
100 l2c(n2, out);
101 l2c(n1, out);
102}
103
104void
105Gost2814789_decrypt(const unsigned char *in, unsigned char *out,
106 const GOST2814789_KEY *key)
107{
108 unsigned int n1, n2; /* As named in the GOST */
109
110 c2l(in, n1);
111 c2l(in, n2);
112
113 /* Instead of swapping halves, swap names each round */
114 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
115 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
116 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
117 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
118
119 n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
120 n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
121 n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
122 n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
123
124 n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
125 n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
126 n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
127 n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
128
129 n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
130 n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
131 n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
132 n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
133
134 l2c(n2, out);
135 l2c(n1, out);
136}
137
138static void
139Gost2814789_mac(const unsigned char *in, unsigned char *mac,
140 GOST2814789_KEY *key)
141{
142 unsigned int n1, n2; /* As named in the GOST */
143 unsigned char *p;
144 int i;
145
146 for (i = 0; i < 8; i++)
147 mac[i] ^= in[i];
148
149 p = mac;
150 c2l(p, n1);
151 c2l(p, n2);
152
153 /* Instead of swapping halves, swap names each round */
154 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
155 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
156 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
157 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
158
159 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
160 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
161 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
162 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
163
164 p = mac;
165 l2c(n1, p);
166 l2c(n2, p);
167}
168
169void
170Gost2814789_ecb_encrypt(const unsigned char *in, unsigned char *out,
171 GOST2814789_KEY *key, const int enc)
172{
173 if (key->key_meshing && key->count == 1024) {
174 Gost2814789_cryptopro_key_mesh(key);
175 key->count = 0;
176 }
177
178 if (enc)
179 Gost2814789_encrypt(in, out, key);
180 else
181 Gost2814789_decrypt(in, out, key);
182}
183LCRYPTO_ALIAS(Gost2814789_ecb_encrypt);
184
185static inline void
186Gost2814789_encrypt_mesh(unsigned char *iv, GOST2814789_KEY *key)
187{
188 if (key->key_meshing && key->count == 1024) {
189 Gost2814789_cryptopro_key_mesh(key);
190 Gost2814789_encrypt(iv, iv, key);
191 key->count = 0;
192 }
193 Gost2814789_encrypt(iv, iv, key);
194 key->count += 8;
195}
196
197static inline void
198Gost2814789_mac_mesh(const unsigned char *data, unsigned char *mac,
199 GOST2814789_KEY *key)
200{
201 if (key->key_meshing && key->count == 1024) {
202 Gost2814789_cryptopro_key_mesh(key);
203 key->count = 0;
204 }
205 Gost2814789_mac(data, mac, key);
206 key->count += 8;
207}
208
209void
210Gost2814789_cfb64_encrypt(const unsigned char *in, unsigned char *out,
211 size_t len, GOST2814789_KEY *key, unsigned char *ivec, int *num,
212 const int enc)
213{
214 unsigned int n;
215 size_t l = 0;
216
217 n = *num;
218
219 if (enc) {
220#if !defined(OPENSSL_SMALL_FOOTPRINT)
221 if (8 % sizeof(size_t) == 0) do { /* always true actually */
222 while (n && len) {
223 *(out++) = ivec[n] ^= *(in++);
224 --len;
225 n = (n + 1) % 8;
226 }
227#ifdef __STRICT_ALIGNMENT
228 if (((size_t)in | (size_t)out | (size_t)ivec) %
229 sizeof(size_t) != 0)
230 break;
231#endif
232 while (len >= 8) {
233 Gost2814789_encrypt_mesh(ivec, key);
234 for (; n < 8; n += sizeof(size_t)) {
235 *(size_t*)(out + n) =
236 *(size_t*)(ivec + n) ^=
237 *(size_t*)(in + n);
238 }
239 len -= 8;
240 out += 8;
241 in += 8;
242 n = 0;
243 }
244 if (len) {
245 Gost2814789_encrypt_mesh(ivec, key);
246 while (len--) {
247 out[n] = ivec[n] ^= in[n];
248 ++n;
249 }
250 }
251 *num = n;
252 return;
253 } while (0);
254 /* the rest would be commonly eliminated by x86* compiler */
255#endif
256 while (l<len) {
257 if (n == 0) {
258 Gost2814789_encrypt_mesh(ivec, key);
259 }
260 out[l] = ivec[n] ^= in[l];
261 ++l;
262 n = (n + 1) % 8;
263 }
264 *num = n;
265 } else {
266#if !defined(OPENSSL_SMALL_FOOTPRINT)
267 if (8 % sizeof(size_t) == 0) do { /* always true actually */
268 while (n && len) {
269 unsigned char c;
270
271 *(out++) = ivec[n] ^ (c = *(in++));
272 ivec[n] = c;
273 --len;
274 n = (n + 1) % 8;
275 }
276#ifdef __STRICT_ALIGNMENT
277 if (((size_t)in | (size_t)out | (size_t)ivec) %
278 sizeof(size_t) != 0)
279 break;
280#endif
281 while (len >= 8) {
282 Gost2814789_encrypt_mesh(ivec, key);
283 for (; n < 8; n += sizeof(size_t)) {
284 size_t t = *(size_t*)(in + n);
285 *(size_t*)(out + n) =
286 *(size_t*)(ivec + n) ^ t;
287 *(size_t*)(ivec + n) = t;
288 }
289 len -= 8;
290 out += 8;
291 in += 8;
292 n = 0;
293 }
294 if (len) {
295 Gost2814789_encrypt_mesh(ivec, key);
296 while (len--) {
297 unsigned char c;
298
299 out[n] = ivec[n] ^ (c = in[n]);
300 ivec[n] = c;
301 ++n;
302 }
303 }
304 *num = n;
305 return;
306 } while (0);
307 /* the rest would be commonly eliminated by x86* compiler */
308#endif
309 while (l < len) {
310 unsigned char c;
311
312 if (n == 0) {
313 Gost2814789_encrypt_mesh(ivec, key);
314 }
315 out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c;
316 ++l;
317 n = (n + 1) % 8;
318 }
319 *num = n;
320 }
321}
322LCRYPTO_ALIAS(Gost2814789_cfb64_encrypt);
323
324static inline void
325Gost2814789_cnt_next(unsigned char *ivec, unsigned char *out,
326 GOST2814789_KEY *key)
327{
328 unsigned char *p = ivec, *p2 = ivec;
329 unsigned int val, val2;
330
331 if (key->count == 0)
332 Gost2814789_encrypt(ivec, ivec, key);
333
334 if (key->key_meshing && key->count == 1024) {
335 Gost2814789_cryptopro_key_mesh(key);
336 Gost2814789_encrypt(ivec, ivec, key);
337 key->count = 0;
338 }
339
340 c2l(p, val);
341 val2 = val + 0x01010101;
342 l2c(val2, p2);
343
344 c2l(p, val);
345 val2 = val + 0x01010104;
346 if (val > val2) /* overflow */
347 val2++;
348 l2c(val2, p2);
349
350 Gost2814789_encrypt(ivec, out, key);
351 key->count += 8;
352}
353
354void
355Gost2814789_cnt_encrypt(const unsigned char *in, unsigned char *out, size_t len,
356 GOST2814789_KEY *key, unsigned char *ivec, unsigned char *cnt_buf, int *num)
357{
358 unsigned int n;
359 size_t l = 0;
360
361 n = *num;
362
363#if !defined(OPENSSL_SMALL_FOOTPRINT)
364 if (8 % sizeof(size_t) == 0) do { /* always true actually */
365 while (n && len) {
366 *(out++) = *(in++) ^ cnt_buf[n];
367 --len;
368 n = (n + 1) % 8;
369 }
370
371#ifdef __STRICT_ALIGNMENT
372 if (((size_t)in | (size_t)out | (size_t)ivec) %
373 sizeof(size_t) != 0)
374 break;
375#endif
376 while (len >= 8) {
377 Gost2814789_cnt_next(ivec, cnt_buf, key);
378 for (; n < 8; n += sizeof(size_t))
379 *(size_t *)(out + n) = *(size_t *)(in + n) ^
380 *(size_t *)(cnt_buf + n);
381 len -= 8;
382 out += 8;
383 in += 8;
384 n = 0;
385 }
386 if (len) {
387 Gost2814789_cnt_next(ivec, cnt_buf, key);
388 while (len--) {
389 out[n] = in[n] ^ cnt_buf[n];
390 ++n;
391 }
392 }
393 *num = n;
394 return;
395 } while(0);
396 /* the rest would be commonly eliminated by x86* compiler */
397#endif
398 while (l < len) {
399 if (n==0)
400 Gost2814789_cnt_next(ivec, cnt_buf, key);
401 out[l] = in[l] ^ cnt_buf[n];
402 ++l;
403 n = (n + 1) % 8;
404 }
405
406 *num=n;
407}
408LCRYPTO_ALIAS(Gost2814789_cnt_encrypt);
409
410int
411GOST2814789IMIT_Init(GOST2814789IMIT_CTX *c, int nid)
412{
413 c->Nl = c->Nh = c->num = 0;
414 memset(c->mac, 0, 8);
415 return Gost2814789_set_sbox(&c->cipher, nid);
416}
417LCRYPTO_ALIAS(GOST2814789IMIT_Init);
418
419static void
420GOST2814789IMIT_block_data_order(GOST2814789IMIT_CTX *ctx,
421 const unsigned char *p, size_t num)
422{
423 int i;
424
425 for (i = 0; i < num; i++) {
426 Gost2814789_mac_mesh(p, ctx->mac, &ctx->cipher);
427 p += 8;
428 }
429}
430
431#define DATA_ORDER_IS_LITTLE_ENDIAN
432
433#define HASH_CBLOCK GOST2814789IMIT_CBLOCK
434#define HASH_LONG GOST2814789IMIT_LONG
435#define HASH_CTX GOST2814789IMIT_CTX
436#define HASH_UPDATE GOST2814789IMIT_Update
437#define HASH_TRANSFORM GOST2814789IMIT_Transform
438#define HASH_NO_FINAL 1
439#define HASH_BLOCK_DATA_ORDER GOST2814789IMIT_block_data_order
440
441#include "md32_common.h"
442LCRYPTO_ALIAS(GOST2814789IMIT_Update);
443LCRYPTO_ALIAS(GOST2814789IMIT_Transform);
444
445int
446GOST2814789IMIT_Final(unsigned char *md, GOST2814789IMIT_CTX *c)
447{
448 if (c->num) {
449 memset(c->data + c->num, 0, 8 - c->num);
450 Gost2814789_mac_mesh(c->data, c->mac, &c->cipher);
451 }
452 if (c->Nl <= 8 * 8 && c->Nl > 0 && c->Nh == 0) {
453 memset(c->data, 0, 8);
454 Gost2814789_mac_mesh(c->data, c->mac, &c->cipher);
455 }
456 memcpy(md, c->mac, 4);
457 return 1;
458}
459LCRYPTO_ALIAS(GOST2814789IMIT_Final);
460
461unsigned char *
462GOST2814789IMIT(const unsigned char *d, size_t n, unsigned char *md, int nid,
463 const unsigned char *key, const unsigned char *iv)
464{
465 GOST2814789IMIT_CTX c;
466 static unsigned char m[GOST2814789IMIT_LENGTH];
467
468 if (md == NULL)
469 md = m;
470 GOST2814789IMIT_Init(&c, nid);
471 memcpy(c.mac, iv, 8);
472 Gost2814789_set_key(&c.cipher, key, 256);
473 GOST2814789IMIT_Update(&c, d, n);
474 GOST2814789IMIT_Final(md, &c);
475 explicit_bzero(&c, sizeof(c));
476 return (md);
477}
478LCRYPTO_ALIAS(GOST2814789IMIT);
479
480#endif
diff --git a/src/lib/libcrypto/gost/gost89_keywrap.c b/src/lib/libcrypto/gost/gost89_keywrap.c
deleted file mode 100644
index 9bfc5b4ce8..0000000000
--- a/src/lib/libcrypto/gost/gost89_keywrap.c
+++ /dev/null
@@ -1,138 +0,0 @@
1/* $OpenBSD: gost89_keywrap.c,v 1.4 2022/11/26 16:08:53 tb Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57
58#include <openssl/gost.h>
59
60#include "gost_local.h"
61
62static void
63key_diversify_crypto_pro(GOST2814789_KEY *ctx, const unsigned char *inputKey,
64 const unsigned char *ukm, unsigned char *outputKey)
65{
66 unsigned long k, s1, s2;
67 int i, mask;
68 unsigned char S[8];
69 unsigned char *p;
70
71 memcpy(outputKey, inputKey, 32);
72 for (i = 0; i < 8; i++) {
73 /* Make array of integers from key */
74 /* Compute IV S */
75 s1 = 0, s2 = 0;
76 p = outputKey;
77 for (mask = 1; mask < 256; mask <<= 1) {
78 c2l(p, k);
79 if (mask & ukm[i]) {
80 s1 += k;
81 } else {
82 s2 += k;
83 }
84 }
85 p = S;
86 l2c (s1, p);
87 l2c (s2, p);
88 Gost2814789_set_key(ctx, outputKey, 256);
89 mask = 0;
90 Gost2814789_cfb64_encrypt(outputKey, outputKey, 32, ctx, S,
91 &mask, 1);
92 }
93}
94
95int
96gost_key_wrap_crypto_pro(int nid, const unsigned char *keyExchangeKey,
97 const unsigned char *ukm, const unsigned char *sessionKey,
98 unsigned char *wrappedKey)
99{
100 GOST2814789_KEY ctx;
101 unsigned char kek_ukm[32];
102
103 Gost2814789_set_sbox(&ctx, nid);
104 key_diversify_crypto_pro(&ctx, keyExchangeKey, ukm, kek_ukm);
105 Gost2814789_set_key(&ctx, kek_ukm, 256);
106 memcpy(wrappedKey, ukm, 8);
107 Gost2814789_encrypt(sessionKey + 0, wrappedKey + 8 + 0, &ctx);
108 Gost2814789_encrypt(sessionKey + 8, wrappedKey + 8 + 8, &ctx);
109 Gost2814789_encrypt(sessionKey + 16, wrappedKey + 8 + 16, &ctx);
110 Gost2814789_encrypt(sessionKey + 24, wrappedKey + 8 + 24, &ctx);
111 GOST2814789IMIT(sessionKey, 32, wrappedKey + 40, nid, kek_ukm, ukm);
112 return 1;
113}
114
115int
116gost_key_unwrap_crypto_pro(int nid, const unsigned char *keyExchangeKey,
117 const unsigned char *wrappedKey, unsigned char *sessionKey)
118{
119 unsigned char kek_ukm[32], cek_mac[4];
120 GOST2814789_KEY ctx;
121
122 Gost2814789_set_sbox(&ctx, nid);
123 /* First 8 bytes of wrapped Key is ukm */
124 key_diversify_crypto_pro(&ctx, keyExchangeKey, wrappedKey, kek_ukm);
125 Gost2814789_set_key(&ctx, kek_ukm, 256);
126 Gost2814789_decrypt(wrappedKey + 8 + 0, sessionKey + 0, &ctx);
127 Gost2814789_decrypt(wrappedKey + 8 + 8, sessionKey + 8, &ctx);
128 Gost2814789_decrypt(wrappedKey + 8 + 16, sessionKey + 16, &ctx);
129 Gost2814789_decrypt(wrappedKey + 8 + 24, sessionKey + 24, &ctx);
130
131 GOST2814789IMIT(sessionKey, 32, cek_mac, nid, kek_ukm, wrappedKey);
132 if (memcmp(cek_mac, wrappedKey + 40, 4))
133 return 0;
134
135 return 1;
136}
137
138#endif
diff --git a/src/lib/libcrypto/gost/gost89_params.c b/src/lib/libcrypto/gost/gost89_params.c
deleted file mode 100644
index ef9c9cde6b..0000000000
--- a/src/lib/libcrypto/gost/gost89_params.c
+++ /dev/null
@@ -1,246 +0,0 @@
1/* $OpenBSD: gost89_params.c,v 1.4 2023/07/08 14:30:44 beck Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <stdlib.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57#include <openssl/objects.h>
58#include <openssl/gost.h>
59
60#include "gost_local.h"
61
62/* Substitution blocks from test examples for GOST R 34.11-94*/
63static const gost_subst_block GostR3411_94_TestParamSet = {
64 {0x1,0xF,0xD,0x0,0x5,0x7,0xA,0x4,0x9,0x2,0x3,0xE,0x6,0xB,0x8,0xC},
65 {0xD,0xB,0x4,0x1,0x3,0xF,0x5,0x9,0x0,0xA,0xE,0x7,0x6,0x8,0x2,0xC},
66 {0x4,0xB,0xA,0x0,0x7,0x2,0x1,0xD,0x3,0x6,0x8,0x5,0x9,0xC,0xF,0xE},
67 {0x6,0xC,0x7,0x1,0x5,0xF,0xD,0x8,0x4,0xA,0x9,0xE,0x0,0x3,0xB,0x2},
68 {0x7,0xD,0xA,0x1,0x0,0x8,0x9,0xF,0xE,0x4,0x6,0xC,0xB,0x2,0x5,0x3},
69 {0x5,0x8,0x1,0xD,0xA,0x3,0x4,0x2,0xE,0xF,0xC,0x7,0x6,0x0,0x9,0xB},
70 {0xE,0xB,0x4,0xC,0x6,0xD,0xF,0xA,0x2,0x3,0x8,0x1,0x0,0x7,0x5,0x9},
71 {0x4,0xA,0x9,0x2,0xD,0x8,0x0,0xE,0x6,0xB,0x1,0xC,0x7,0xF,0x5,0x3}
72};
73
74/* Substitution blocks for hash function 1.2.643.2.9.1.6.1 */
75static const gost_subst_block GostR3411_94_CryptoProParamSet = {
76 {0x1,0x3,0xA,0x9,0x5,0xB,0x4,0xF,0x8,0x6,0x7,0xE,0xD,0x0,0x2,0xC},
77 {0xD,0xE,0x4,0x1,0x7,0x0,0x5,0xA,0x3,0xC,0x8,0xF,0x6,0x2,0x9,0xB},
78 {0x7,0x6,0x2,0x4,0xD,0x9,0xF,0x0,0xA,0x1,0x5,0xB,0x8,0xE,0xC,0x3},
79 {0x7,0x6,0x4,0xB,0x9,0xC,0x2,0xA,0x1,0x8,0x0,0xE,0xF,0xD,0x3,0x5},
80 {0x4,0xA,0x7,0xC,0x0,0xF,0x2,0x8,0xE,0x1,0x6,0x5,0xD,0xB,0x9,0x3},
81 {0x7,0xF,0xC,0xE,0x9,0x4,0x1,0x0,0x3,0xB,0x5,0x2,0x6,0xA,0x8,0xD},
82 {0x5,0xF,0x4,0x0,0x2,0xD,0xB,0x9,0x1,0x7,0x6,0x3,0xC,0xE,0xA,0x8},
83 {0xA,0x4,0x5,0x6,0x8,0x1,0x3,0x7,0xD,0xC,0xE,0x0,0x9,0x2,0xB,0xF}
84};
85
86/* Test paramset from GOST 28147 */
87gost_subst_block Gost28147_TestParamSet = {
88 {0xC,0x6,0x5,0x2,0xB,0x0,0x9,0xD,0x3,0xE,0x7,0xA,0xF,0x4,0x1,0x8},
89 {0x9,0xB,0xC,0x0,0x3,0x6,0x7,0x5,0x4,0x8,0xE,0xF,0x1,0xA,0x2,0xD},
90 {0x8,0xF,0x6,0xB,0x1,0x9,0xC,0x5,0xD,0x3,0x7,0xA,0x0,0xE,0x2,0x4},
91 {0x3,0xE,0x5,0x9,0x6,0x8,0x0,0xD,0xA,0xB,0x7,0xC,0x2,0x1,0xF,0x4},
92 {0xE,0x9,0xB,0x2,0x5,0xF,0x7,0x1,0x0,0xD,0xC,0x6,0xA,0x4,0x3,0x8},
93 {0xD,0x8,0xE,0xC,0x7,0x3,0x9,0xA,0x1,0x5,0x2,0x4,0x6,0xF,0x0,0xB},
94 {0xC,0x9,0xF,0xE,0x8,0x1,0x3,0xA,0x2,0x7,0x4,0xD,0x6,0x0,0xB,0x5},
95 {0x4,0x2,0xF,0x5,0x9,0x1,0x0,0x8,0xE,0x3,0xB,0xC,0xD,0x7,0xA,0x6}
96};
97
98
99/* 1.2.643.2.2.31.1 */
100static const gost_subst_block Gost28147_CryptoProParamSetA = {
101 {0xB,0xA,0xF,0x5,0x0,0xC,0xE,0x8,0x6,0x2,0x3,0x9,0x1,0x7,0xD,0x4},
102 {0x1,0xD,0x2,0x9,0x7,0xA,0x6,0x0,0x8,0xC,0x4,0x5,0xF,0x3,0xB,0xE},
103 {0x3,0xA,0xD,0xC,0x1,0x2,0x0,0xB,0x7,0x5,0x9,0x4,0x8,0xF,0xE,0x6},
104 {0xB,0x5,0x1,0x9,0x8,0xD,0xF,0x0,0xE,0x4,0x2,0x3,0xC,0x7,0xA,0x6},
105 {0xE,0x7,0xA,0xC,0xD,0x1,0x3,0x9,0x0,0x2,0xB,0x4,0xF,0x8,0x5,0x6},
106 {0xE,0x4,0x6,0x2,0xB,0x3,0xD,0x8,0xC,0xF,0x5,0xA,0x0,0x7,0x1,0x9},
107 {0x3,0x7,0xE,0x9,0x8,0xA,0xF,0x0,0x5,0x2,0x6,0xC,0xB,0x4,0xD,0x1},
108 {0x9,0x6,0x3,0x2,0x8,0xB,0x1,0x7,0xA,0x4,0xE,0xF,0xC,0x0,0xD,0x5}
109};
110
111/* 1.2.643.2.2.31.2 */
112static const gost_subst_block Gost28147_CryptoProParamSetB = {
113 {0x0,0x4,0xB,0xE,0x8,0x3,0x7,0x1,0xA,0x2,0x9,0x6,0xF,0xD,0x5,0xC},
114 {0x5,0x2,0xA,0xB,0x9,0x1,0xC,0x3,0x7,0x4,0xD,0x0,0x6,0xF,0x8,0xE},
115 {0x8,0x3,0x2,0x6,0x4,0xD,0xE,0xB,0xC,0x1,0x7,0xF,0xA,0x0,0x9,0x5},
116 {0x2,0x7,0xC,0xF,0x9,0x5,0xA,0xB,0x1,0x4,0x0,0xD,0x6,0x8,0xE,0x3},
117 {0x7,0x5,0x0,0xD,0xB,0x6,0x1,0x2,0x3,0xA,0xC,0xF,0x4,0xE,0x9,0x8},
118 {0xE,0xC,0x0,0xA,0x9,0x2,0xD,0xB,0x7,0x5,0x8,0xF,0x3,0x6,0x1,0x4},
119 {0x0,0x1,0x2,0xA,0x4,0xD,0x5,0xC,0x9,0x7,0x3,0xF,0xB,0x8,0x6,0xE},
120 {0x8,0x4,0xB,0x1,0x3,0x5,0x0,0x9,0x2,0xE,0xA,0xC,0xD,0x6,0x7,0xF}
121};
122
123/* 1.2.643.2.2.31.3 */
124static const gost_subst_block Gost28147_CryptoProParamSetC = {
125 {0x7,0x4,0x0,0x5,0xA,0x2,0xF,0xE,0xC,0x6,0x1,0xB,0xD,0x9,0x3,0x8},
126 {0xA,0x9,0x6,0x8,0xD,0xE,0x2,0x0,0xF,0x3,0x5,0xB,0x4,0x1,0xC,0x7},
127 {0xC,0x9,0xB,0x1,0x8,0xE,0x2,0x4,0x7,0x3,0x6,0x5,0xA,0x0,0xF,0xD},
128 {0x8,0xD,0xB,0x0,0x4,0x5,0x1,0x2,0x9,0x3,0xC,0xE,0x6,0xF,0xA,0x7},
129 {0x3,0x6,0x0,0x1,0x5,0xD,0xA,0x8,0xB,0x2,0x9,0x7,0xE,0xF,0xC,0x4},
130 {0x8,0x2,0x5,0x0,0x4,0x9,0xF,0xA,0x3,0x7,0xC,0xD,0x6,0xE,0x1,0xB},
131 {0x0,0x1,0x7,0xD,0xB,0x4,0x5,0x2,0x8,0xE,0xF,0xC,0x9,0xA,0x6,0x3},
132 {0x1,0xB,0xC,0x2,0x9,0xD,0x0,0xF,0x4,0x5,0x8,0xE,0xA,0x7,0x6,0x3}
133};
134
135/* 1.2.643.2.2.31.4 */
136static const gost_subst_block Gost28147_CryptoProParamSetD = {
137 {0x1,0xA,0x6,0x8,0xF,0xB,0x0,0x4,0xC,0x3,0x5,0x9,0x7,0xD,0x2,0xE},
138 {0x3,0x0,0x6,0xF,0x1,0xE,0x9,0x2,0xD,0x8,0xC,0x4,0xB,0xA,0x5,0x7},
139 {0x8,0x0,0xF,0x3,0x2,0x5,0xE,0xB,0x1,0xA,0x4,0x7,0xC,0x9,0xD,0x6},
140 {0x0,0xC,0x8,0x9,0xD,0x2,0xA,0xB,0x7,0x3,0x6,0x5,0x4,0xE,0xF,0x1},
141 {0x1,0x5,0xE,0xC,0xA,0x7,0x0,0xD,0x6,0x2,0xB,0x4,0x9,0x3,0xF,0x8},
142 {0x1,0xC,0xB,0x0,0xF,0xE,0x6,0x5,0xA,0xD,0x4,0x8,0x9,0x3,0x7,0x2},
143 {0xB,0x6,0x3,0x4,0xC,0xF,0xE,0x2,0x7,0xD,0x8,0x0,0x5,0xA,0x9,0x1},
144 {0xF,0xC,0x2,0xA,0x6,0x4,0x5,0x0,0x7,0x9,0xE,0xD,0x1,0xB,0x8,0x3}
145};
146
147static const gost_subst_block Gost28147_TC26ParamSetZ = {
148 {0x1,0x7,0xe,0xd,0x0,0x5,0x8,0x3,0x4,0xf,0xa,0x6,0x9,0xc,0xb,0x2},
149 {0x8,0xe,0x2,0x5,0x6,0x9,0x1,0xc,0xf,0x4,0xb,0x0,0xd,0xa,0x3,0x7},
150 {0x5,0xd,0xf,0x6,0x9,0x2,0xc,0xa,0xb,0x7,0x8,0x1,0x4,0x3,0xe,0x0},
151 {0x7,0xf,0x5,0xa,0x8,0x1,0x6,0xd,0x0,0x9,0x3,0xe,0xb,0x4,0x2,0xc},
152 {0xc,0x8,0x2,0x1,0xd,0x4,0xf,0x6,0x7,0x0,0xa,0x5,0x3,0xe,0x9,0xb},
153 {0xb,0x3,0x5,0x8,0x2,0xf,0xa,0xd,0xe,0x1,0x7,0x4,0xc,0x9,0x6,0x0},
154 {0x6,0x8,0x2,0x3,0x9,0xa,0x5,0xc,0x1,0xe,0x4,0x7,0xb,0xd,0x0,0xf},
155 {0xc,0x4,0x6,0x2,0xa,0x5,0xb,0x9,0xe,0x8,0xd,0x7,0x0,0x3,0xf,0x1}
156};
157
158static const unsigned char CryptoProKeyMeshingKey[] = {
159 0x69, 0x00, 0x72, 0x22, 0x64, 0xC9, 0x04, 0x23,
160 0x8D, 0x3A, 0xDB, 0x96, 0x46, 0xE9, 0x2A, 0xC4,
161 0x18, 0xFE, 0xAC, 0x94, 0x00, 0xED, 0x07, 0x12,
162 0xC0, 0x86, 0xDC, 0xC2, 0xEF, 0x4C, 0xA9, 0x2B
163};
164
165static const struct gost89_parameters_info {
166 int nid;
167 const gost_subst_block *sblock;
168 int key_meshing;
169} gost_cipher_list[] =
170{
171 {NID_id_Gost28147_89_CryptoPro_A_ParamSet,&Gost28147_CryptoProParamSetA,1},
172 {NID_id_Gost28147_89_CryptoPro_B_ParamSet,&Gost28147_CryptoProParamSetB,1},
173 {NID_id_Gost28147_89_CryptoPro_C_ParamSet,&Gost28147_CryptoProParamSetC,1},
174 {NID_id_Gost28147_89_CryptoPro_D_ParamSet,&Gost28147_CryptoProParamSetD,1},
175 {NID_id_tc26_gost_28147_param_Z,&Gost28147_TC26ParamSetZ,1},
176 {NID_id_Gost28147_89_TestParamSet,&Gost28147_TestParamSet,0},
177 {NID_id_GostR3411_94_TestParamSet,&GostR3411_94_TestParamSet,0},
178 {NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0},
179 {NID_undef,NULL,0}
180};
181
182int
183Gost2814789_set_sbox(GOST2814789_KEY *key, int nid)
184{
185 int i;
186 const gost_subst_block *b = NULL;
187 unsigned int t;
188
189 for (i = 0; gost_cipher_list[i].nid != NID_undef; i++) {
190 if (gost_cipher_list[i].nid != nid)
191 continue;
192
193 b = gost_cipher_list[i].sblock;
194 key->key_meshing = gost_cipher_list[i].key_meshing;
195 break;
196 }
197
198 if (b == NULL)
199 return 0;
200
201 for (i = 0; i < 256; i++) {
202 t = (unsigned int)(b->k8[i >> 4] <<4 | b->k7 [i & 15]) << 24;
203 key->k87[i] = (t << 11) | (t >> 21);
204 t = (unsigned int)(b->k6[i >> 4] <<4 | b->k5 [i & 15]) << 16;
205 key->k65[i] = (t << 11) | (t >> 21);
206 t = (unsigned int)(b->k4[i >> 4] <<4 | b->k3 [i & 15]) << 8;
207 key->k43[i] = (t << 11) | (t >> 21);
208 t = (unsigned int)(b->k2[i >> 4] <<4 | b->k1 [i & 15]) << 0;
209 key->k21[i] = (t << 11) | (t >> 21);
210 }
211
212 return 1;
213}
214LCRYPTO_ALIAS(Gost2814789_set_sbox);
215
216int
217Gost2814789_set_key(GOST2814789_KEY *key, const unsigned char *userKey,
218 const int bits)
219{
220 int i;
221
222 if (bits != 256)
223 return 0;
224
225 for (i = 0; i < 8; i++)
226 c2l(userKey, key->key[i]);
227
228 key->count = 0;
229
230 return 1;
231}
232LCRYPTO_ALIAS(Gost2814789_set_key);
233
234void
235Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key)
236{
237 unsigned char newkey[32];
238
239 Gost2814789_decrypt(CryptoProKeyMeshingKey + 0, newkey + 0, key);
240 Gost2814789_decrypt(CryptoProKeyMeshingKey + 8, newkey + 8, key);
241 Gost2814789_decrypt(CryptoProKeyMeshingKey + 16, newkey + 16, key);
242 Gost2814789_decrypt(CryptoProKeyMeshingKey + 24, newkey + 24, key);
243
244 Gost2814789_set_key(key, newkey, 256);
245}
246#endif
diff --git a/src/lib/libcrypto/gost/gost89imit_ameth.c b/src/lib/libcrypto/gost/gost89imit_ameth.c
deleted file mode 100644
index 76e285b2d8..0000000000
--- a/src/lib/libcrypto/gost/gost89imit_ameth.c
+++ /dev/null
@@ -1,89 +0,0 @@
1/* $OpenBSD: gost89imit_ameth.c,v 1.5 2024/01/04 17:01:26 tb Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <openssl/opensslconf.h>
53
54#ifndef OPENSSL_NO_GOST
55#include <openssl/evp.h>
56
57#include "asn1_local.h"
58#include "evp_local.h"
59
60static void
61mackey_free_gost(EVP_PKEY *pk)
62{
63 free(pk->pkey.ptr);
64}
65
66static int
67mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
68{
69 switch (op) {
70 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
71 *(int *)arg2 = NID_id_Gost28147_89_MAC;
72 return 2;
73 }
74 return -2;
75}
76
77const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth = {
78 .base_method = &gostimit_asn1_meth,
79 .pkey_id = EVP_PKEY_GOSTIMIT,
80 .pkey_flags = ASN1_PKEY_SIGPARAM_NULL,
81
82 .pem_str = "GOST-MAC",
83 .info = "GOST 28147-89 MAC",
84
85 .pkey_free = mackey_free_gost,
86 .pkey_ctrl = mac_ctrl_gost,
87};
88
89#endif
diff --git a/src/lib/libcrypto/gost/gost89imit_pmeth.c b/src/lib/libcrypto/gost/gost89imit_pmeth.c
deleted file mode 100644
index 3caa58ac86..0000000000
--- a/src/lib/libcrypto/gost/gost89imit_pmeth.c
+++ /dev/null
@@ -1,255 +0,0 @@
1/* $OpenBSD: gost89imit_pmeth.c,v 1.6 2023/12/28 21:47:17 tb Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57#include <openssl/evp.h>
58#include <openssl/err.h>
59#include <openssl/gost.h>
60#include <openssl/x509v3.h> /* For string_to_hex */
61
62#include "evp_local.h"
63#include "gost_local.h"
64
65struct gost_mac_pmeth_data {
66 EVP_MD *md;
67 unsigned char key[32];
68 unsigned key_set :1;
69};
70
71static int
72pkey_gost_mac_init(EVP_PKEY_CTX *ctx)
73{
74 struct gost_mac_pmeth_data *data;
75
76 data = calloc(1, sizeof(struct gost_mac_pmeth_data));
77 if (data == NULL)
78 return 0;
79 EVP_PKEY_CTX_set_data(ctx, data);
80 return 1;
81}
82
83static void
84pkey_gost_mac_cleanup(EVP_PKEY_CTX *ctx)
85{
86 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
87 free(data);
88}
89
90static int
91pkey_gost_mac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
92{
93 struct gost_mac_pmeth_data *dst_data, *src_data;
94
95 if (pkey_gost_mac_init(dst) == 0)
96 return 0;
97
98 src_data = EVP_PKEY_CTX_get_data(src);
99 dst_data = EVP_PKEY_CTX_get_data(dst);
100
101 *dst_data = *src_data;
102
103 return 1;
104}
105
106static int
107pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
108{
109 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
110 unsigned char *keydata = NULL;
111 int ret = 0;
112
113 if (!data->key_set) {
114 GOSTerror(GOST_R_MAC_KEY_NOT_SET);
115 goto err;
116 }
117
118 if ((keydata = malloc(32)) == NULL) {
119 GOSTerror(ERR_R_MALLOC_FAILURE);
120 goto err;
121 }
122 memcpy(keydata, data->key, 32);
123 if (!EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata))
124 goto err;
125 keydata = NULL;
126
127 ret = 1;
128
129 err:
130 freezero(keydata, 32);
131
132 return ret;
133}
134
135static int
136pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
137{
138 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
139
140 switch (type) {
141 case EVP_PKEY_CTRL_MD:
142 if (EVP_MD_type(p2) != NID_id_Gost28147_89_MAC) {
143 GOSTerror(GOST_R_INVALID_DIGEST_TYPE);
144 return 0;
145 }
146 data->md = p2;
147 return 1;
148
149 case EVP_PKEY_CTRL_SET_MAC_KEY:
150 if (p1 != 32) {
151 GOSTerror(GOST_R_INVALID_MAC_KEY_LENGTH);
152 return 0;
153 }
154
155 memcpy(data->key, p2, 32);
156 data->key_set = 1;
157 return 1;
158
159 case EVP_PKEY_CTRL_DIGESTINIT:
160 {
161 EVP_MD_CTX *mctx = p2;
162 void *key;
163
164 if (!data->key_set) {
165 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
166 if (pkey == NULL) {
167 GOSTerror(GOST_R_MAC_KEY_NOT_SET);
168 return 0;
169 }
170 key = EVP_PKEY_get0(pkey);
171 if (key == NULL) {
172 GOSTerror(GOST_R_MAC_KEY_NOT_SET);
173 return 0;
174 }
175 } else {
176 key = &(data->key);
177 }
178 if (mctx->digest->md_ctrl == NULL)
179 return 0;
180 return mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY, 32 * 8,
181 key);
182 }
183
184 }
185
186 return -2;
187}
188
189static int
190pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
191{
192 if (value == NULL)
193 return 0;
194 if (strcmp(type, "key") == 0) {
195 void *p = (void *)value;
196 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
197 strlen(value), p);
198 }
199 if (strcmp(type, "hexkey") == 0) {
200 unsigned char *key;
201 int r;
202 long keylen;
203
204 key = string_to_hex(value, &keylen);
205 if (key == NULL)
206 return 0;
207 r = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen,
208 key);
209 free(key);
210 return r;
211 }
212 return -2;
213}
214
215static int
216pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
217{
218 return 1;
219}
220
221static int
222pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
223 EVP_MD_CTX *mctx)
224{
225 /* for platforms where sizeof(int) != sizeof(size_t)*/
226 unsigned int tmpsiglen = *siglen;
227 int ret;
228
229 if (sig == NULL) {
230 *siglen = 4;
231 return 1;
232 }
233
234 ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen);
235 *siglen = tmpsiglen;
236 return ret;
237}
238
239const EVP_PKEY_METHOD gostimit_pkey_meth = {
240 .pkey_id = EVP_PKEY_GOSTIMIT,
241
242 .init = pkey_gost_mac_init,
243 .cleanup = pkey_gost_mac_cleanup,
244 .copy = pkey_gost_mac_copy,
245
246 .keygen = pkey_gost_mac_keygen,
247
248 .signctx_init = pkey_gost_mac_signctx_init,
249 .signctx = pkey_gost_mac_signctx,
250
251 .ctrl = pkey_gost_mac_ctrl,
252 .ctrl_str = pkey_gost_mac_ctrl_str,
253};
254
255#endif
diff --git a/src/lib/libcrypto/gost/gost_asn1.c b/src/lib/libcrypto/gost/gost_asn1.c
deleted file mode 100644
index 28e3a58e53..0000000000
--- a/src/lib/libcrypto/gost/gost_asn1.c
+++ /dev/null
@@ -1,299 +0,0 @@
1/**********************************************************************
2 * gost_keytrans.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * ASN1 structure definition for GOST key transport *
7 * Requires OpenSSL 0.9.9 for compilation *
8 **********************************************************************/
9
10#include <openssl/opensslconf.h>
11
12#ifndef OPENSSL_NO_GOST
13#include <openssl/asn1t.h>
14#include <openssl/x509.h>
15#include <openssl/gost.h>
16
17#include "gost_local.h"
18#include "gost_asn1.h"
19
20static const ASN1_TEMPLATE GOST_KEY_TRANSPORT_seq_tt[] = {
21 {
22 .flags = 0,
23 .tag = 0,
24 .offset = offsetof(GOST_KEY_TRANSPORT, key_info),
25 .field_name = "key_info",
26 .item = &GOST_KEY_INFO_it,
27 },
28 {
29 .flags = ASN1_TFLG_IMPLICIT,
30 .tag = 0,
31 .offset = offsetof(GOST_KEY_TRANSPORT, key_agreement_info),
32 .field_name = "key_agreement_info",
33 .item = &GOST_KEY_AGREEMENT_INFO_it,
34 },
35};
36
37const ASN1_ITEM GOST_KEY_TRANSPORT_it = {
38 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
39 .utype = V_ASN1_SEQUENCE,
40 .templates = GOST_KEY_TRANSPORT_seq_tt,
41 .tcount = sizeof(GOST_KEY_TRANSPORT_seq_tt) / sizeof(ASN1_TEMPLATE),
42 .funcs = NULL,
43 .size = sizeof(GOST_KEY_TRANSPORT),
44 .sname = "GOST_KEY_TRANSPORT",
45};
46
47GOST_KEY_TRANSPORT *
48d2i_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT **a, const unsigned char **in, long len)
49{
50 return (GOST_KEY_TRANSPORT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
51 &GOST_KEY_TRANSPORT_it);
52}
53
54int
55i2d_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT *a, unsigned char **out)
56{
57 return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_TRANSPORT_it);
58}
59
60GOST_KEY_TRANSPORT *
61GOST_KEY_TRANSPORT_new(void)
62{
63 return (GOST_KEY_TRANSPORT *)ASN1_item_new(&GOST_KEY_TRANSPORT_it);
64}
65
66void
67GOST_KEY_TRANSPORT_free(GOST_KEY_TRANSPORT *a)
68{
69 ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_TRANSPORT_it);
70}
71
72static const ASN1_TEMPLATE GOST_KEY_INFO_seq_tt[] = {
73 {
74 .flags = 0,
75 .tag = 0,
76 .offset = offsetof(GOST_KEY_INFO, encrypted_key),
77 .field_name = "encrypted_key",
78 .item = &ASN1_OCTET_STRING_it,
79 },
80 {
81 .flags = 0,
82 .tag = 0,
83 .offset = offsetof(GOST_KEY_INFO, imit),
84 .field_name = "imit",
85 .item = &ASN1_OCTET_STRING_it,
86 },
87};
88
89const ASN1_ITEM GOST_KEY_INFO_it = {
90 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
91 .utype = V_ASN1_SEQUENCE,
92 .templates = GOST_KEY_INFO_seq_tt,
93 .tcount = sizeof(GOST_KEY_INFO_seq_tt) / sizeof(ASN1_TEMPLATE),
94 .funcs = NULL,
95 .size = sizeof(GOST_KEY_INFO),
96 .sname = "GOST_KEY_INFO",
97};
98
99GOST_KEY_INFO *
100d2i_GOST_KEY_INFO(GOST_KEY_INFO **a, const unsigned char **in, long len)
101{
102 return (GOST_KEY_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
103 &GOST_KEY_INFO_it);
104}
105
106int
107i2d_GOST_KEY_INFO(GOST_KEY_INFO *a, unsigned char **out)
108{
109 return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_INFO_it);
110}
111
112GOST_KEY_INFO *
113GOST_KEY_INFO_new(void)
114{
115 return (GOST_KEY_INFO *)ASN1_item_new(&GOST_KEY_INFO_it);
116}
117
118void
119GOST_KEY_INFO_free(GOST_KEY_INFO *a)
120{
121 ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_INFO_it);
122}
123
124static const ASN1_TEMPLATE GOST_KEY_AGREEMENT_INFO_seq_tt[] = {
125 {
126 .flags = 0,
127 .tag = 0,
128 .offset = offsetof(GOST_KEY_AGREEMENT_INFO, cipher),
129 .field_name = "cipher",
130 .item = &ASN1_OBJECT_it,
131 },
132 {
133 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
134 .tag = 0,
135 .offset = offsetof(GOST_KEY_AGREEMENT_INFO, ephem_key),
136 .field_name = "ephem_key",
137 .item = &X509_PUBKEY_it,
138 },
139 {
140 .flags = 0,
141 .tag = 0,
142 .offset = offsetof(GOST_KEY_AGREEMENT_INFO, eph_iv),
143 .field_name = "eph_iv",
144 .item = &ASN1_OCTET_STRING_it,
145 },
146};
147
148const ASN1_ITEM GOST_KEY_AGREEMENT_INFO_it = {
149 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
150 .utype = V_ASN1_SEQUENCE,
151 .templates = GOST_KEY_AGREEMENT_INFO_seq_tt,
152 .tcount = sizeof(GOST_KEY_AGREEMENT_INFO_seq_tt) / sizeof(ASN1_TEMPLATE),
153 .funcs = NULL,
154 .size = sizeof(GOST_KEY_AGREEMENT_INFO),
155 .sname = "GOST_KEY_AGREEMENT_INFO",
156};
157
158GOST_KEY_AGREEMENT_INFO *
159d2i_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO **a, const unsigned char **in, long len)
160{
161 return (GOST_KEY_AGREEMENT_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
162 &GOST_KEY_AGREEMENT_INFO_it);
163}
164
165int
166i2d_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO *a, unsigned char **out)
167{
168 return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_AGREEMENT_INFO_it);
169}
170
171GOST_KEY_AGREEMENT_INFO *
172GOST_KEY_AGREEMENT_INFO_new(void)
173{
174 return (GOST_KEY_AGREEMENT_INFO *)ASN1_item_new(&GOST_KEY_AGREEMENT_INFO_it);
175}
176
177void
178GOST_KEY_AGREEMENT_INFO_free(GOST_KEY_AGREEMENT_INFO *a)
179{
180 ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_AGREEMENT_INFO_it);
181}
182
183
184static const ASN1_TEMPLATE GOST_KEY_PARAMS_seq_tt[] = {
185 {
186 .flags = 0,
187 .tag = 0,
188 .offset = offsetof(GOST_KEY_PARAMS, key_params),
189 .field_name = "key_params",
190 .item = &ASN1_OBJECT_it,
191 },
192 {
193 .flags = 0,
194 .tag = 0,
195 .offset = offsetof(GOST_KEY_PARAMS, hash_params),
196 .field_name = "hash_params",
197 .item = &ASN1_OBJECT_it,
198 },
199 {
200 .flags = ASN1_TFLG_OPTIONAL,
201 .tag = 0,
202 .offset = offsetof(GOST_KEY_PARAMS, cipher_params),
203 .field_name = "cipher_params",
204 .item = &ASN1_OBJECT_it,
205 },
206};
207
208const ASN1_ITEM GOST_KEY_PARAMS_it = {
209 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
210 .utype = V_ASN1_SEQUENCE,
211 .templates = GOST_KEY_PARAMS_seq_tt,
212 .tcount = sizeof(GOST_KEY_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE),
213 .funcs = NULL,
214 .size = sizeof(GOST_KEY_PARAMS),
215 .sname = "GOST_KEY_PARAMS",
216};
217
218GOST_KEY_PARAMS *
219d2i_GOST_KEY_PARAMS(GOST_KEY_PARAMS **a, const unsigned char **in, long len)
220{
221 return (GOST_KEY_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
222 &GOST_KEY_PARAMS_it);
223}
224
225int
226i2d_GOST_KEY_PARAMS(GOST_KEY_PARAMS *a, unsigned char **out)
227{
228 return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_PARAMS_it);
229}
230
231GOST_KEY_PARAMS *
232GOST_KEY_PARAMS_new(void)
233{
234 return (GOST_KEY_PARAMS *)ASN1_item_new(&GOST_KEY_PARAMS_it);
235}
236
237void
238GOST_KEY_PARAMS_free(GOST_KEY_PARAMS *a)
239{
240 ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_PARAMS_it);
241}
242
243static const ASN1_TEMPLATE GOST_CIPHER_PARAMS_seq_tt[] = {
244 {
245 .flags = 0,
246 .tag = 0,
247 .offset = offsetof(GOST_CIPHER_PARAMS, iv),
248 .field_name = "iv",
249 .item = &ASN1_OCTET_STRING_it,
250 },
251 {
252 .flags = 0,
253 .tag = 0,
254 .offset = offsetof(GOST_CIPHER_PARAMS, enc_param_set),
255 .field_name = "enc_param_set",
256 .item = &ASN1_OBJECT_it,
257 },
258};
259
260const ASN1_ITEM GOST_CIPHER_PARAMS_it = {
261 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
262 .utype = V_ASN1_SEQUENCE,
263 .templates = GOST_CIPHER_PARAMS_seq_tt,
264 .tcount = sizeof(GOST_CIPHER_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE),
265 .funcs = NULL,
266 .size = sizeof(GOST_CIPHER_PARAMS),
267 .sname = "GOST_CIPHER_PARAMS",
268};
269
270GOST_CIPHER_PARAMS *
271d2i_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS **a, const unsigned char **in, long len)
272{
273 return (GOST_CIPHER_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
274 &GOST_CIPHER_PARAMS_it);
275}
276LCRYPTO_ALIAS(d2i_GOST_CIPHER_PARAMS);
277
278int
279i2d_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS *a, unsigned char **out)
280{
281 return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_CIPHER_PARAMS_it);
282}
283LCRYPTO_ALIAS(i2d_GOST_CIPHER_PARAMS);
284
285GOST_CIPHER_PARAMS *
286GOST_CIPHER_PARAMS_new(void)
287{
288 return (GOST_CIPHER_PARAMS *)ASN1_item_new(&GOST_CIPHER_PARAMS_it);
289}
290LCRYPTO_ALIAS(GOST_CIPHER_PARAMS_new);
291
292void
293GOST_CIPHER_PARAMS_free(GOST_CIPHER_PARAMS *a)
294{
295 ASN1_item_free((ASN1_VALUE *)a, &GOST_CIPHER_PARAMS_it);
296}
297LCRYPTO_ALIAS(GOST_CIPHER_PARAMS_free);
298
299#endif
diff --git a/src/lib/libcrypto/gost/gost_asn1.h b/src/lib/libcrypto/gost/gost_asn1.h
deleted file mode 100644
index 7cabfc79c9..0000000000
--- a/src/lib/libcrypto/gost/gost_asn1.h
+++ /dev/null
@@ -1,107 +0,0 @@
1/* $OpenBSD: gost_asn1.h,v 1.3 2016/12/21 15:49:29 jsing Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#ifndef HEADER_GOST_ASN1_H
53#define HEADER_GOST_ASN1_H
54
55#include <openssl/asn1.h>
56
57__BEGIN_HIDDEN_DECLS
58
59typedef struct {
60 ASN1_OCTET_STRING *encrypted_key;
61 ASN1_OCTET_STRING *imit;
62} GOST_KEY_INFO;
63
64GOST_KEY_INFO *GOST_KEY_INFO_new(void);
65void GOST_KEY_INFO_free(GOST_KEY_INFO *a);
66GOST_KEY_INFO *d2i_GOST_KEY_INFO(GOST_KEY_INFO **a, const unsigned char **in, long len);
67int i2d_GOST_KEY_INFO(GOST_KEY_INFO *a, unsigned char **out);
68extern const ASN1_ITEM GOST_KEY_INFO_it;
69
70typedef struct {
71 ASN1_OBJECT *cipher;
72 X509_PUBKEY *ephem_key;
73 ASN1_OCTET_STRING *eph_iv;
74} GOST_KEY_AGREEMENT_INFO;
75
76GOST_KEY_AGREEMENT_INFO *GOST_KEY_AGREEMENT_INFO_new(void);
77void GOST_KEY_AGREEMENT_INFO_free(GOST_KEY_AGREEMENT_INFO *a);
78GOST_KEY_AGREEMENT_INFO *d2i_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO **a, const unsigned char **in, long len);
79int i2d_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO *a, unsigned char **out);
80extern const ASN1_ITEM GOST_KEY_AGREEMENT_INFO_it;
81
82typedef struct {
83 GOST_KEY_INFO *key_info;
84 GOST_KEY_AGREEMENT_INFO *key_agreement_info;
85} GOST_KEY_TRANSPORT;
86
87GOST_KEY_TRANSPORT *GOST_KEY_TRANSPORT_new(void);
88void GOST_KEY_TRANSPORT_free(GOST_KEY_TRANSPORT *a);
89GOST_KEY_TRANSPORT *d2i_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT **a, const unsigned char **in, long len);
90int i2d_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT *a, unsigned char **out);
91extern const ASN1_ITEM GOST_KEY_TRANSPORT_it;
92
93typedef struct {
94 ASN1_OBJECT *key_params;
95 ASN1_OBJECT *hash_params;
96 ASN1_OBJECT *cipher_params;
97} GOST_KEY_PARAMS;
98
99GOST_KEY_PARAMS *GOST_KEY_PARAMS_new(void);
100void GOST_KEY_PARAMS_free(GOST_KEY_PARAMS *a);
101GOST_KEY_PARAMS *d2i_GOST_KEY_PARAMS(GOST_KEY_PARAMS **a, const unsigned char **in, long len);
102int i2d_GOST_KEY_PARAMS(GOST_KEY_PARAMS *a, unsigned char **out);
103extern const ASN1_ITEM GOST_KEY_PARAMS_it;
104
105__END_HIDDEN_DECLS
106
107#endif
diff --git a/src/lib/libcrypto/gost/gost_err.c b/src/lib/libcrypto/gost/gost_err.c
deleted file mode 100644
index 380f60289e..0000000000
--- a/src/lib/libcrypto/gost/gost_err.c
+++ /dev/null
@@ -1,106 +0,0 @@
1/* crypto/gost/gost_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <stdio.h>
57#include <openssl/err.h>
58#include <openssl/gost.h>
59
60#ifndef OPENSSL_NO_ERR
61
62#define ERR_FUNC(func) ERR_PACK(ERR_LIB_GOST,func,0)
63#define ERR_REASON(reason) ERR_PACK(ERR_LIB_GOST,0,reason)
64
65static ERR_STRING_DATA GOST_str_functs[]= {
66 {ERR_FUNC(0xfff), "CRYPTO_internal"},
67 {0, NULL}
68};
69
70static ERR_STRING_DATA GOST_str_reasons[] = {
71 {ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT),"bad key parameters format"},
72 {ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"},
73 {ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"},
74 {ERR_REASON(GOST_R_CTRL_CALL_FAILED) ,"ctrl call failed"},
75 {ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),"error computing shared key"},
76 {ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),"error parsing key transport info"},
77 {ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS),"incompatible algorithms"},
78 {ERR_REASON(GOST_R_INCOMPATIBLE_PEER_KEY),"incompatible peer key"},
79 {ERR_REASON(GOST_R_INVALID_DIGEST_TYPE) ,"invalid digest type"},
80 {ERR_REASON(GOST_R_INVALID_IV_LENGTH) ,"invalid iv length"},
81 {ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH),"invalid mac key length"},
82 {ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED),"key is not initialized"},
83 {ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING),"key parameters missing"},
84 {ERR_REASON(GOST_R_MAC_KEY_NOT_SET) ,"mac key not set"},
85 {ERR_REASON(GOST_R_NO_PARAMETERS_SET) ,"no parameters set"},
86 {ERR_REASON(GOST_R_NO_PEER_KEY) ,"no peer key"},
87 {ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),"no private part of non ephemeral keypair"},
88 {ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED) ,"public key undefined"},
89 {ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),"random number generator failed"},
90 {ERR_REASON(GOST_R_SIGNATURE_MISMATCH) ,"signature mismatch"},
91 {ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),"signature parts greater than q"},
92 {ERR_REASON(GOST_R_UKM_NOT_SET) ,"ukm not set"},
93 {0, NULL}
94};
95#endif
96
97void
98ERR_load_GOST_strings(void) {
99#ifndef OPENSSL_NO_ERR
100 if (ERR_func_error_string(GOST_str_functs[0].error) == NULL) {
101 ERR_load_strings(0,GOST_str_functs);
102 ERR_load_strings(0,GOST_str_reasons);
103 }
104#endif
105}
106LCRYPTO_ALIAS(ERR_load_GOST_strings);
diff --git a/src/lib/libcrypto/gost/gost_local.h b/src/lib/libcrypto/gost/gost_local.h
deleted file mode 100644
index db07d06f04..0000000000
--- a/src/lib/libcrypto/gost/gost_local.h
+++ /dev/null
@@ -1,116 +0,0 @@
1/* $OpenBSD: gost_local.h,v 1.3 2023/07/28 15:50:33 tb Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#ifndef HEADER_GOST_LOCAL_H
53#define HEADER_GOST_LOCAL_H
54
55#include <openssl/ec.h>
56
57__BEGIN_HIDDEN_DECLS
58
59/* Internal representation of GOST substitution blocks */
60typedef struct {
61 unsigned char k8[16];
62 unsigned char k7[16];
63 unsigned char k6[16];
64 unsigned char k5[16];
65 unsigned char k4[16];
66 unsigned char k3[16];
67 unsigned char k2[16];
68 unsigned char k1[16];
69} gost_subst_block;
70
71#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
72# define c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4)
73# define l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4)
74#else
75#define c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
76 l|=(((unsigned long)(*((c)++)))<< 8), \
77 l|=(((unsigned long)(*((c)++)))<<16), \
78 l|=(((unsigned long)(*((c)++)))<<24))
79#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
80 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
81 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
82 *((c)++)=(unsigned char)(((l)>>24)&0xff))
83#endif
84
85extern void Gost2814789_encrypt(const unsigned char *in, unsigned char *out,
86 const GOST2814789_KEY *key);
87extern void Gost2814789_decrypt(const unsigned char *in, unsigned char *out,
88 const GOST2814789_KEY *key);
89extern void Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key);
90
91/* GOST 28147-89 key wrapping */
92extern int gost_key_unwrap_crypto_pro(int nid,
93 const unsigned char *keyExchangeKey, const unsigned char *wrappedKey,
94 unsigned char *sessionKey);
95extern int gost_key_wrap_crypto_pro(int nid,
96 const unsigned char *keyExchangeKey, const unsigned char *ukm,
97 const unsigned char *sessionKey, unsigned char *wrappedKey);
98/* Pkey part */
99extern int gost2001_compute_public(GOST_KEY *ec);
100extern ECDSA_SIG *gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey);
101extern int gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec);
102extern int gost2001_keygen(GOST_KEY *ec);
103extern int VKO_compute_key(BIGNUM *X, BIGNUM *Y, const GOST_KEY *pkey,
104 GOST_KEY *priv_key, const BIGNUM *ukm);
105extern BIGNUM *GOST_le2bn(const unsigned char *buf, size_t len, BIGNUM *bn);
106extern int GOST_bn2le(BIGNUM *bn, unsigned char *buf, int len);
107
108/* GOST R 34.10 parameters */
109extern int GostR3410_get_md_digest(int nid);
110extern int GostR3410_get_pk_digest(int nid);
111extern int GostR3410_256_param_id(const char *value);
112extern int GostR3410_512_param_id(const char *value);
113
114__END_HIDDEN_DECLS
115
116#endif /* !HEADER_GOST_LOCAL_H */
diff --git a/src/lib/libcrypto/gost/gostr341001.c b/src/lib/libcrypto/gost/gostr341001.c
deleted file mode 100644
index 1c34626a43..0000000000
--- a/src/lib/libcrypto/gost/gostr341001.c
+++ /dev/null
@@ -1,403 +0,0 @@
1/* $OpenBSD: gostr341001.c,v 1.12 2023/07/05 11:37:45 tb Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57#include <openssl/bn.h>
58#include <openssl/err.h>
59#include <openssl/gost.h>
60
61#include "bn_local.h"
62#include "ecdsa_local.h"
63#include "gost_local.h"
64
65/* Convert little-endian byte array into bignum */
66BIGNUM *
67GOST_le2bn(const unsigned char *buf, size_t len, BIGNUM *bn)
68{
69 unsigned char temp[64];
70 int i;
71
72 if (len > 64)
73 return NULL;
74
75 for (i = 0; i < len; i++) {
76 temp[len - 1 - i] = buf[i];
77 }
78
79 return BN_bin2bn(temp, len, bn);
80}
81
82int
83GOST_bn2le(BIGNUM *bn, unsigned char *buf, int len)
84{
85 unsigned char temp[64];
86 int i, bytes;
87
88 bytes = BN_num_bytes(bn);
89 if (len > 64 || bytes > len)
90 return 0;
91
92 BN_bn2bin(bn, temp);
93
94 for (i = 0; i < bytes; i++) {
95 buf[bytes - 1 - i] = temp[i];
96 }
97
98 memset(buf + bytes, 0, len - bytes);
99
100 return 1;
101}
102
103int
104gost2001_compute_public(GOST_KEY *ec)
105{
106 const EC_GROUP *group = GOST_KEY_get0_group(ec);
107 EC_POINT *pub_key = NULL;
108 const BIGNUM *priv_key = NULL;
109 BN_CTX *ctx = NULL;
110 int ok = 0;
111
112 if (group == NULL) {
113 GOSTerror(GOST_R_KEY_IS_NOT_INITIALIZED);
114 return 0;
115 }
116 ctx = BN_CTX_new();
117 if (ctx == NULL) {
118 GOSTerror(ERR_R_MALLOC_FAILURE);
119 return 0;
120 }
121 BN_CTX_start(ctx);
122 if ((priv_key = GOST_KEY_get0_private_key(ec)) == NULL)
123 goto err;
124
125 pub_key = EC_POINT_new(group);
126 if (pub_key == NULL)
127 goto err;
128 if (EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx) == 0)
129 goto err;
130 if (GOST_KEY_set_public_key(ec, pub_key) == 0)
131 goto err;
132 ok = 1;
133
134 if (ok == 0) {
135err:
136 GOSTerror(ERR_R_EC_LIB);
137 }
138 EC_POINT_free(pub_key);
139 if (ctx != NULL) {
140 BN_CTX_end(ctx);
141 BN_CTX_free(ctx);
142 }
143 return ok;
144}
145
146ECDSA_SIG *
147gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey)
148{
149 ECDSA_SIG *newsig = NULL;
150 BIGNUM *order = NULL;
151 const EC_GROUP *group;
152 const BIGNUM *priv_key;
153 BIGNUM *r = NULL, *s = NULL, *X = NULL, *tmp = NULL, *tmp2 = NULL, *k =
154 NULL, *e = NULL;
155 EC_POINT *C = NULL;
156 BN_CTX *ctx = BN_CTX_new();
157 int ok = 0;
158
159 if (ctx == NULL) {
160 GOSTerror(ERR_R_MALLOC_FAILURE);
161 return NULL;
162 }
163 BN_CTX_start(ctx);
164 newsig = ECDSA_SIG_new();
165 if (newsig == NULL) {
166 GOSTerror(ERR_R_MALLOC_FAILURE);
167 goto err;
168 }
169 s = newsig->s;
170 r = newsig->r;
171 group = GOST_KEY_get0_group(eckey);
172 if ((order = BN_CTX_get(ctx)) == NULL)
173 goto err;
174 if (EC_GROUP_get_order(group, order, ctx) == 0)
175 goto err;
176 priv_key = GOST_KEY_get0_private_key(eckey);
177 if ((e = BN_CTX_get(ctx)) == NULL)
178 goto err;
179 if (BN_mod_ct(e, md, order, ctx) == 0)
180 goto err;
181 if (BN_is_zero(e)) {
182 if (!BN_one(e))
183 goto err;
184 }
185 if ((k = BN_CTX_get(ctx)) == NULL)
186 goto err;
187 if ((X = BN_CTX_get(ctx)) == NULL)
188 goto err;
189 if ((C = EC_POINT_new(group)) == NULL)
190 goto err;
191 do {
192 do {
193 if (!BN_rand_range(k, order)) {
194 GOSTerror(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
195 goto err;
196 }
197 /*
198 * We do not want timing information to leak the length
199 * of k, so we compute G*k using an equivalent scalar
200 * of fixed bit-length.
201 */
202 if (BN_add(k, k, order) == 0)
203 goto err;
204 if (BN_num_bits(k) <= BN_num_bits(order))
205 if (BN_add(k, k, order) == 0)
206 goto err;
207
208 if (EC_POINT_mul(group, C, k, NULL, NULL, ctx) == 0) {
209 GOSTerror(ERR_R_EC_LIB);
210 goto err;
211 }
212 if (EC_POINT_get_affine_coordinates(group, C, X,
213 NULL, ctx) == 0) {
214 GOSTerror(ERR_R_EC_LIB);
215 goto err;
216 }
217 if (BN_nnmod(r, X, order, ctx) == 0)
218 goto err;
219 } while (BN_is_zero(r));
220 /* s = (r*priv_key+k*e) mod order */
221 if (tmp == NULL) {
222 if ((tmp = BN_CTX_get(ctx)) == NULL)
223 goto err;
224 }
225 if (BN_mod_mul(tmp, priv_key, r, order, ctx) == 0)
226 goto err;
227 if (tmp2 == NULL) {
228 if ((tmp2 = BN_CTX_get(ctx)) == NULL)
229 goto err;
230 }
231 if (BN_mod_mul(tmp2, k, e, order, ctx) == 0)
232 goto err;
233 if (BN_mod_add(s, tmp, tmp2, order, ctx) == 0)
234 goto err;
235 } while (BN_is_zero(s));
236 ok = 1;
237
238err:
239 EC_POINT_free(C);
240 if (ctx != NULL) {
241 BN_CTX_end(ctx);
242 BN_CTX_free(ctx);
243 }
244 if (ok == 0) {
245 ECDSA_SIG_free(newsig);
246 newsig = NULL;
247 }
248 return newsig;
249}
250
251int
252gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec)
253{
254 BN_CTX *ctx = BN_CTX_new();
255 const EC_GROUP *group = GOST_KEY_get0_group(ec);
256 BIGNUM *order;
257 BIGNUM *e = NULL, *R = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
258 BIGNUM *X = NULL, *tmp = NULL;
259 EC_POINT *C = NULL;
260 const EC_POINT *pub_key = NULL;
261 int ok = 0;
262
263 if (ctx == NULL)
264 goto err;
265 BN_CTX_start(ctx);
266 if ((order = BN_CTX_get(ctx)) == NULL)
267 goto err;
268 if ((e = BN_CTX_get(ctx)) == NULL)
269 goto err;
270 if ((z1 = BN_CTX_get(ctx)) == NULL)
271 goto err;
272 if ((z2 = BN_CTX_get(ctx)) == NULL)
273 goto err;
274 if ((tmp = BN_CTX_get(ctx)) == NULL)
275 goto err;
276 if ((X = BN_CTX_get(ctx)) == NULL)
277 goto err;
278 if ((R = BN_CTX_get(ctx)) == NULL)
279 goto err;
280 if ((v = BN_CTX_get(ctx)) == NULL)
281 goto err;
282
283 if (EC_GROUP_get_order(group, order, ctx) == 0)
284 goto err;
285 pub_key = GOST_KEY_get0_public_key(ec);
286 if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||
287 BN_cmp(sig->s, order) >= 1 || BN_cmp(sig->r, order) >= 1) {
288 GOSTerror(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
289 goto err;
290 }
291
292 if (BN_mod_ct(e, md, order, ctx) == 0)
293 goto err;
294 if (BN_is_zero(e)) {
295 if (!BN_one(e))
296 goto err;
297 }
298 if ((v = BN_mod_inverse_ct(v, e, order, ctx)) == NULL)
299 goto err;
300 if (BN_mod_mul(z1, sig->s, v, order, ctx) == 0)
301 goto err;
302 if (BN_sub(tmp, order, sig->r) == 0)
303 goto err;
304 if (BN_mod_mul(z2, tmp, v, order, ctx) == 0)
305 goto err;
306 if ((C = EC_POINT_new(group)) == NULL)
307 goto err;
308 if (EC_POINT_mul(group, C, z1, pub_key, z2, ctx) == 0) {
309 GOSTerror(ERR_R_EC_LIB);
310 goto err;
311 }
312 if (EC_POINT_get_affine_coordinates(group, C, X, NULL, ctx) == 0) {
313 GOSTerror(ERR_R_EC_LIB);
314 goto err;
315 }
316 if (BN_mod_ct(R, X, order, ctx) == 0)
317 goto err;
318 if (BN_cmp(R, sig->r) != 0) {
319 GOSTerror(GOST_R_SIGNATURE_MISMATCH);
320 } else {
321 ok = 1;
322 }
323err:
324 EC_POINT_free(C);
325 if (ctx != NULL) {
326 BN_CTX_end(ctx);
327 BN_CTX_free(ctx);
328 }
329 return ok;
330}
331
332/* Implementation of CryptoPro VKO 34.10-2001 algorithm */
333int
334VKO_compute_key(BIGNUM *X, BIGNUM *Y, const GOST_KEY *pkey, GOST_KEY *priv_key,
335 const BIGNUM *ukm)
336{
337 BIGNUM *p = NULL, *order = NULL;
338 const BIGNUM *key = GOST_KEY_get0_private_key(priv_key);
339 const EC_GROUP *group = GOST_KEY_get0_group(priv_key);
340 const EC_POINT *pub_key = GOST_KEY_get0_public_key(pkey);
341 EC_POINT *pnt;
342 BN_CTX *ctx = NULL;
343 int ok = 0;
344
345 pnt = EC_POINT_new(group);
346 if (pnt == NULL)
347 goto err;
348 ctx = BN_CTX_new();
349 if (ctx == NULL)
350 goto err;
351 BN_CTX_start(ctx);
352 if ((p = BN_CTX_get(ctx)) == NULL)
353 goto err;
354 if ((order = BN_CTX_get(ctx)) == NULL)
355 goto err;
356 if (EC_GROUP_get_order(group, order, ctx) == 0)
357 goto err;
358 if (BN_mod_mul(p, key, ukm, order, ctx) == 0)
359 goto err;
360 if (EC_POINT_mul(group, pnt, NULL, pub_key, p, ctx) == 0)
361 goto err;
362 if (EC_POINT_get_affine_coordinates(group, pnt, X, Y, ctx) == 0)
363 goto err;
364 ok = 1;
365
366err:
367 if (ctx != NULL) {
368 BN_CTX_end(ctx);
369 BN_CTX_free(ctx);
370 }
371 EC_POINT_free(pnt);
372 return ok;
373}
374
375int
376gost2001_keygen(GOST_KEY *ec)
377{
378 BIGNUM *order = BN_new(), *d = BN_new();
379 const EC_GROUP *group = GOST_KEY_get0_group(ec);
380 int rc = 0;
381
382 if (order == NULL || d == NULL)
383 goto err;
384 if (EC_GROUP_get_order(group, order, NULL) == 0)
385 goto err;
386
387 do {
388 if (BN_rand_range(d, order) == 0) {
389 GOSTerror(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
390 goto err;
391 }
392 } while (BN_is_zero(d));
393
394 if (GOST_KEY_set_private_key(ec, d) == 0)
395 goto err;
396 rc = gost2001_compute_public(ec);
397
398err:
399 BN_free(d);
400 BN_free(order);
401 return rc;
402}
403#endif
diff --git a/src/lib/libcrypto/gost/gostr341001_ameth.c b/src/lib/libcrypto/gost/gostr341001_ameth.c
deleted file mode 100644
index e8e8c8aa82..0000000000
--- a/src/lib/libcrypto/gost/gostr341001_ameth.c
+++ /dev/null
@@ -1,727 +0,0 @@
1/* $OpenBSD: gostr341001_ameth.c,v 1.24 2024/01/04 17:01:26 tb Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57#include <openssl/bn.h>
58#include <openssl/evp.h>
59#include <openssl/ec.h>
60#include <openssl/err.h>
61#include <openssl/x509.h>
62#include <openssl/gost.h>
63
64
65#include "asn1_local.h"
66#include "evp_local.h"
67#include "gost_local.h"
68#include "gost_asn1.h"
69
70static void
71pkey_free_gost01(EVP_PKEY *key)
72{
73 GOST_KEY_free(key->pkey.gost);
74}
75
76/*
77 * Parses GOST algorithm parameters from X509_ALGOR and
78 * modifies pkey setting NID and parameters
79 */
80static int
81decode_gost01_algor_params(EVP_PKEY *pkey, const unsigned char **p, int len)
82{
83 int param_nid = NID_undef, digest_nid = NID_undef;
84 GOST_KEY_PARAMS *gkp = NULL;
85 EC_GROUP *group;
86 GOST_KEY *ec;
87
88 gkp = d2i_GOST_KEY_PARAMS(NULL, p, len);
89 if (gkp == NULL) {
90 GOSTerror(GOST_R_BAD_PKEY_PARAMETERS_FORMAT);
91 return 0;
92 }
93 param_nid = OBJ_obj2nid(gkp->key_params);
94 digest_nid = OBJ_obj2nid(gkp->hash_params);
95 GOST_KEY_PARAMS_free(gkp);
96
97 ec = pkey->pkey.gost;
98 if (ec == NULL) {
99 ec = GOST_KEY_new();
100 if (ec == NULL) {
101 GOSTerror(ERR_R_MALLOC_FAILURE);
102 return 0;
103 }
104 if (EVP_PKEY_assign_GOST(pkey, ec) == 0) {
105 GOST_KEY_free(ec);
106 return 0;
107 }
108 }
109
110 group = EC_GROUP_new_by_curve_name(param_nid);
111 if (group == NULL) {
112 GOSTerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
113 return 0;
114 }
115 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
116 if (GOST_KEY_set_group(ec, group) == 0) {
117 EC_GROUP_free(group);
118 return 0;
119 }
120 EC_GROUP_free(group);
121 if (GOST_KEY_set_digest(ec, digest_nid) == 0)
122 return 0;
123 return 1;
124}
125
126static ASN1_STRING *
127encode_gost01_algor_params(const EVP_PKEY *key)
128{
129 ASN1_STRING *params = ASN1_STRING_new();
130 GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
131 int pkey_param_nid = NID_undef;
132
133 if (params == NULL || gkp == NULL) {
134 GOSTerror(ERR_R_MALLOC_FAILURE);
135 ASN1_STRING_free(params);
136 params = NULL;
137 goto err;
138 }
139
140 pkey_param_nid =
141 EC_GROUP_get_curve_name(GOST_KEY_get0_group(key->pkey.gost));
142 gkp->key_params = OBJ_nid2obj(pkey_param_nid);
143 gkp->hash_params = OBJ_nid2obj(GOST_KEY_get_digest(key->pkey.gost));
144 /*gkp->cipher_params = OBJ_nid2obj(cipher_param_nid); */
145 params->length = i2d_GOST_KEY_PARAMS(gkp, &params->data);
146 if (params->length <= 0) {
147 GOSTerror(ERR_R_MALLOC_FAILURE);
148 ASN1_STRING_free(params);
149 params = NULL;
150 goto err;
151 }
152 params->type = V_ASN1_SEQUENCE;
153err:
154 GOST_KEY_PARAMS_free(gkp);
155 return params;
156}
157
158static int
159pub_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
160{
161 const GOST_KEY *ea = a->pkey.gost;
162 const GOST_KEY *eb = b->pkey.gost;
163 const EC_POINT *ka, *kb;
164 int ret = 0;
165
166 if (ea == NULL || eb == NULL)
167 return 0;
168 ka = GOST_KEY_get0_public_key(ea);
169 kb = GOST_KEY_get0_public_key(eb);
170 if (ka == NULL || kb == NULL)
171 return 0;
172 ret = (0 == EC_POINT_cmp(GOST_KEY_get0_group(ea), ka, kb, NULL));
173 return ret;
174}
175
176static int
177pkey_size_gost01(const EVP_PKEY *pk)
178{
179 if (GOST_KEY_get_digest(pk->pkey.gost) == NID_id_tc26_gost3411_2012_512)
180 return 128;
181 return 64;
182}
183
184static int
185pkey_bits_gost01(const EVP_PKEY *pk)
186{
187 if (GOST_KEY_get_digest(pk->pkey.gost) == NID_id_tc26_gost3411_2012_512)
188 return 512;
189 return 256;
190}
191
192static int
193pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
194{
195 X509_ALGOR *palg = NULL;
196 const unsigned char *pubkey_buf = NULL;
197 const unsigned char *p;
198 ASN1_OBJECT *palgobj = NULL;
199 int pub_len;
200 BIGNUM *X, *Y;
201 ASN1_OCTET_STRING *octet = NULL;
202 int len;
203 int ret;
204 int ptype = V_ASN1_UNDEF;
205 ASN1_STRING *pval = NULL;
206
207 if (X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub)
208 == 0)
209 return 0;
210 /* Called for the side effect of freeing pk->pkey. */
211 if (!EVP_PKEY_set_type(pk, EVP_PKEY_GOSTR01))
212 return 0;
213 X509_ALGOR_get0(NULL, &ptype, (const void **)&pval, palg);
214 if (ptype != V_ASN1_SEQUENCE) {
215 GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT);
216 return 0;
217 }
218 p = pval->data;
219 if (decode_gost01_algor_params(pk, &p, pval->length) == 0) {
220 GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT);
221 return 0;
222 }
223
224 octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
225 if (octet == NULL) {
226 GOSTerror(ERR_R_MALLOC_FAILURE);
227 return 0;
228 }
229 len = octet->length / 2;
230
231 X = GOST_le2bn(octet->data, len, NULL);
232 Y = GOST_le2bn(octet->data + len, len, NULL);
233
234 ASN1_OCTET_STRING_free(octet);
235
236 ret = GOST_KEY_set_public_key_affine_coordinates(pk->pkey.gost, X, Y);
237 if (ret == 0)
238 GOSTerror(ERR_R_EC_LIB);
239
240 BN_free(X);
241 BN_free(Y);
242
243 return ret;
244}
245
246static int
247pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk)
248{
249 ASN1_OBJECT *algobj = NULL;
250 ASN1_OCTET_STRING *octet = NULL;
251 ASN1_STRING *params = NULL;
252 void *pval = NULL;
253 unsigned char *buf = NULL, *sptr;
254 int key_size, ret = 0;
255 const EC_POINT *pub_key;
256 BIGNUM *X = NULL, *Y = NULL;
257 const GOST_KEY *ec = pk->pkey.gost;
258 int ptype = V_ASN1_UNDEF;
259
260 algobj = OBJ_nid2obj(GostR3410_get_pk_digest(GOST_KEY_get_digest(ec)));
261 if (pk->save_parameters) {
262 params = encode_gost01_algor_params(pk);
263 if (params == NULL)
264 return 0;
265 pval = params;
266 ptype = V_ASN1_SEQUENCE;
267 }
268
269 key_size = GOST_KEY_get_size(ec);
270
271 pub_key = GOST_KEY_get0_public_key(ec);
272 if (pub_key == NULL) {
273 GOSTerror(GOST_R_PUBLIC_KEY_UNDEFINED);
274 goto err;
275 }
276
277 octet = ASN1_OCTET_STRING_new();
278 if (octet == NULL) {
279 GOSTerror(ERR_R_MALLOC_FAILURE);
280 goto err;
281 }
282
283 ret = ASN1_STRING_set(octet, NULL, 2 * key_size);
284 if (ret == 0) {
285 GOSTerror(ERR_R_INTERNAL_ERROR);
286 goto err;
287 }
288
289 sptr = ASN1_STRING_data(octet);
290
291 X = BN_new();
292 Y = BN_new();
293 if (X == NULL || Y == NULL) {
294 GOSTerror(ERR_R_MALLOC_FAILURE);
295 goto err;
296 }
297
298 if (EC_POINT_get_affine_coordinates(GOST_KEY_get0_group(ec),
299 pub_key, X, Y, NULL) == 0) {
300 GOSTerror(ERR_R_EC_LIB);
301 goto err;
302 }
303
304 GOST_bn2le(X, sptr, key_size);
305 GOST_bn2le(Y, sptr + key_size, key_size);
306
307 BN_free(Y);
308 BN_free(X);
309
310 ret = i2d_ASN1_OCTET_STRING(octet, &buf);
311 ASN1_BIT_STRING_free(octet);
312 if (ret < 0)
313 return 0;
314
315 return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
316
317err:
318 BN_free(Y);
319 BN_free(X);
320 ASN1_BIT_STRING_free(octet);
321 ASN1_STRING_free(params);
322 return 0;
323}
324
325static int
326param_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx)
327{
328 int param_nid =
329 EC_GROUP_get_curve_name(GOST_KEY_get0_group(pkey->pkey.gost));
330
331 if (BIO_indent(out, indent, 128) == 0)
332 return 0;
333 BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
334 if (BIO_indent(out, indent, 128) == 0)
335 return 0;
336 BIO_printf(out, "Digest Algorithm: %s\n",
337 OBJ_nid2ln(GOST_KEY_get_digest(pkey->pkey.gost)));
338 return 1;
339}
340
341static int
342pub_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx)
343{
344 BN_CTX *ctx = BN_CTX_new();
345 BIGNUM *X, *Y;
346 const EC_POINT *pubkey;
347 const EC_GROUP *group;
348
349 if (ctx == NULL) {
350 GOSTerror(ERR_R_MALLOC_FAILURE);
351 return 0;
352 }
353 BN_CTX_start(ctx);
354 if ((X = BN_CTX_get(ctx)) == NULL)
355 goto err;
356 if ((Y = BN_CTX_get(ctx)) == NULL)
357 goto err;
358 pubkey = GOST_KEY_get0_public_key(pkey->pkey.gost);
359 group = GOST_KEY_get0_group(pkey->pkey.gost);
360 if (EC_POINT_get_affine_coordinates(group, pubkey, X, Y, ctx) == 0) {
361 GOSTerror(ERR_R_EC_LIB);
362 goto err;
363 }
364 if (BIO_indent(out, indent, 128) == 0)
365 goto err;
366 BIO_printf(out, "Public key:\n");
367 if (BIO_indent(out, indent + 3, 128) == 0)
368 goto err;
369 BIO_printf(out, "X:");
370 BN_print(out, X);
371 BIO_printf(out, "\n");
372 if (BIO_indent(out, indent + 3, 128) == 0)
373 goto err;
374 BIO_printf(out, "Y:");
375 BN_print(out, Y);
376 BIO_printf(out, "\n");
377
378 BN_CTX_end(ctx);
379 BN_CTX_free(ctx);
380
381 return param_print_gost01(out, pkey, indent, pctx);
382
383err:
384 BN_CTX_end(ctx);
385 BN_CTX_free(ctx);
386 return 0;
387}
388
389static int
390priv_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx)
391{
392 const BIGNUM *key;
393
394 if (BIO_indent(out, indent, 128) == 0)
395 return 0;
396 BIO_printf(out, "Private key: ");
397 key = GOST_KEY_get0_private_key(pkey->pkey.gost);
398 if (key == NULL)
399 BIO_printf(out, "<undefined)");
400 else
401 BN_print(out, key);
402 BIO_printf(out, "\n");
403
404 return pub_print_gost01(out, pkey, indent, pctx);
405}
406
407static int
408priv_decode_gost01(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf)
409{
410 const unsigned char *pkey_buf = NULL, *p = NULL;
411 int priv_len = 0;
412 BIGNUM *pk_num = NULL;
413 int ret = 0;
414 const X509_ALGOR *palg = NULL;
415 const ASN1_OBJECT *palg_obj = NULL;
416 ASN1_INTEGER *priv_key = NULL;
417 GOST_KEY *ec;
418 int ptype = V_ASN1_UNDEF;
419 ASN1_STRING *pval = NULL;
420
421 if (PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf) == 0) {
422 GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT);
423 return 0;
424 }
425 /* Called for the side effect of freeing pk->pkey. */
426 if (!EVP_PKEY_set_type(pk, EVP_PKEY_GOSTR01))
427 return 0;
428 X509_ALGOR_get0(NULL, &ptype, (const void **)&pval, palg);
429 if (ptype != V_ASN1_SEQUENCE) {
430 GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT);
431 return 0;
432 }
433 p = pval->data;
434 if (decode_gost01_algor_params(pk, &p, pval->length) == 0) {
435 GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT);
436 return 0;
437 }
438 p = pkey_buf;
439 if (V_ASN1_OCTET_STRING == *p) {
440 /* New format - Little endian octet string */
441 ASN1_OCTET_STRING *s =
442 d2i_ASN1_OCTET_STRING(NULL, &p, priv_len);
443
444 if (s == NULL) {
445 GOSTerror(EVP_R_DECODE_ERROR);
446 ASN1_STRING_free(s);
447 return 0;
448 }
449
450 pk_num = GOST_le2bn(s->data, s->length, NULL);
451 ASN1_STRING_free(s);
452 } else {
453 priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
454 if (priv_key == NULL)
455 return 0;
456 ret = ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL)) != NULL);
457 ASN1_INTEGER_free(priv_key);
458 if (ret == 0) {
459 GOSTerror(EVP_R_DECODE_ERROR);
460 return 0;
461 }
462 }
463
464 ec = pk->pkey.gost;
465 if (ec == NULL) {
466 ec = GOST_KEY_new();
467 if (ec == NULL) {
468 BN_free(pk_num);
469 return 0;
470 }
471 if (EVP_PKEY_assign_GOST(pk, ec) == 0) {
472 BN_free(pk_num);
473 GOST_KEY_free(ec);
474 return 0;
475 }
476 }
477 if (GOST_KEY_set_private_key(ec, pk_num) == 0) {
478 BN_free(pk_num);
479 return 0;
480 }
481 ret = 0;
482 if (EVP_PKEY_missing_parameters(pk) == 0)
483 ret = gost2001_compute_public(ec) != 0;
484 BN_free(pk_num);
485
486 return ret;
487}
488
489static int
490priv_encode_gost01(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
491{
492 ASN1_OBJECT *algobj =
493 OBJ_nid2obj(GostR3410_get_pk_digest(GOST_KEY_get_digest(pk->pkey.gost)));
494 ASN1_STRING *params = encode_gost01_algor_params(pk);
495 unsigned char *priv_buf = NULL;
496 int priv_len;
497 ASN1_INTEGER *asn1key = NULL;
498
499 if (params == NULL)
500 return 0;
501
502 asn1key = BN_to_ASN1_INTEGER(GOST_KEY_get0_private_key(pk->pkey.gost),
503 NULL);
504 if (asn1key == NULL) {
505 ASN1_STRING_free(params);
506 return 0;
507 }
508 priv_len = i2d_ASN1_INTEGER(asn1key, &priv_buf);
509 ASN1_INTEGER_free(asn1key);
510 return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params, priv_buf,
511 priv_len);
512}
513
514static int
515param_encode_gost01(const EVP_PKEY *pkey, unsigned char **pder)
516{
517 ASN1_STRING *params = encode_gost01_algor_params(pkey);
518 int len;
519
520 if (params == NULL)
521 return 0;
522 len = params->length;
523 if (pder != NULL)
524 memcpy(*pder, params->data, params->length);
525 ASN1_STRING_free(params);
526 return len;
527}
528
529static int
530param_decode_gost01(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
531{
532 ASN1_OBJECT *obj = NULL;
533 int nid;
534 GOST_KEY *ec;
535 EC_GROUP *group;
536 int ret;
537
538 /* New format */
539 if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == **pder)
540 return decode_gost01_algor_params(pkey, pder, derlen);
541
542 /* Compatibility */
543 if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
544 GOSTerror(ERR_R_MALLOC_FAILURE);
545 return 0;
546 }
547 nid = OBJ_obj2nid(obj);
548 ASN1_OBJECT_free(obj);
549
550 ec = GOST_KEY_new();
551 if (ec == NULL) {
552 GOSTerror(ERR_R_MALLOC_FAILURE);
553 return 0;
554 }
555 group = EC_GROUP_new_by_curve_name(nid);
556 if (group == NULL) {
557 GOSTerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
558 GOST_KEY_free(ec);
559 return 0;
560 }
561
562 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
563 if (GOST_KEY_set_group(ec, group) == 0) {
564 GOSTerror(ERR_R_EC_LIB);
565 EC_GROUP_free(group);
566 GOST_KEY_free(ec);
567 return 0;
568 }
569 EC_GROUP_free(group);
570 if (GOST_KEY_set_digest(ec,
571 NID_id_GostR3411_94_CryptoProParamSet) == 0) {
572 GOSTerror(GOST_R_INVALID_DIGEST_TYPE);
573 GOST_KEY_free(ec);
574 return 0;
575 }
576 ret = EVP_PKEY_assign_GOST(pkey, ec);
577 if (ret == 0)
578 GOST_KEY_free(ec);
579 return ret;
580}
581
582static int
583param_missing_gost01(const EVP_PKEY *pk)
584{
585 const GOST_KEY *ec = pk->pkey.gost;
586
587 if (ec == NULL)
588 return 1;
589 if (GOST_KEY_get0_group(ec) == NULL)
590 return 1;
591 if (GOST_KEY_get_digest(ec) == NID_undef)
592 return 1;
593 return 0;
594}
595
596static int
597param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
598{
599 GOST_KEY *eto = to->pkey.gost;
600 const GOST_KEY *efrom = from->pkey.gost;
601 int ret = 1;
602
603 if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
604 GOSTerror(GOST_R_INCOMPATIBLE_ALGORITHMS);
605 return 0;
606 }
607 if (efrom == NULL) {
608 GOSTerror(GOST_R_KEY_PARAMETERS_MISSING);
609 return 0;
610 }
611 if (eto == NULL) {
612 eto = GOST_KEY_new();
613 if (eto == NULL) {
614 GOSTerror(ERR_R_MALLOC_FAILURE);
615 return 0;
616 }
617 if (EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto) == 0) {
618 GOST_KEY_free(eto);
619 return 0;
620 }
621 }
622 GOST_KEY_set_group(eto, GOST_KEY_get0_group(efrom));
623 GOST_KEY_set_digest(eto, GOST_KEY_get_digest(efrom));
624 if (GOST_KEY_get0_private_key(eto) != NULL)
625 ret = gost2001_compute_public(eto);
626
627 return ret;
628}
629
630static int
631param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
632{
633 if (EC_GROUP_get_curve_name(GOST_KEY_get0_group(a->pkey.gost)) !=
634 EC_GROUP_get_curve_name(GOST_KEY_get0_group(b->pkey.gost)))
635 return 0;
636
637 if (GOST_KEY_get_digest(a->pkey.gost) !=
638 GOST_KEY_get_digest(b->pkey.gost))
639 return 0;
640
641 return 1;
642}
643
644static int
645pkey_ctrl_gost01(EVP_PKEY *pkey, int op, long arg1, void *arg2)
646{
647 X509_ALGOR *alg1 = NULL, *alg2 = NULL, *alg3 = NULL;
648 int digest = GOST_KEY_get_digest(pkey->pkey.gost);
649
650 switch (op) {
651 case ASN1_PKEY_CTRL_PKCS7_SIGN:
652 if (arg1 == 0)
653 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
654 break;
655
656 case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
657 if (arg1 == 0)
658 PKCS7_RECIP_INFO_get0_alg(arg2, &alg3);
659 break;
660 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
661 *(int *)arg2 = GostR3410_get_md_digest(digest);
662 return 2;
663
664 default:
665 return -2;
666 }
667
668 if (alg1)
669 X509_ALGOR_set0(alg1, OBJ_nid2obj(GostR3410_get_md_digest(digest)), V_ASN1_NULL, 0);
670 if (alg2)
671 X509_ALGOR_set0(alg2, OBJ_nid2obj(GostR3410_get_pk_digest(digest)), V_ASN1_NULL, 0);
672 if (alg3) {
673 ASN1_STRING *params = encode_gost01_algor_params(pkey);
674 if (params == NULL) {
675 return -1;
676 }
677 X509_ALGOR_set0(alg3,
678 OBJ_nid2obj(GostR3410_get_pk_digest(digest)),
679 V_ASN1_SEQUENCE, params);
680 }
681
682 return 1;
683}
684
685const EVP_PKEY_ASN1_METHOD gostr01_asn1_meth = {
686 .base_method = &gostr01_asn1_meth,
687 .pkey_id = EVP_PKEY_GOSTR01,
688 .pkey_flags = ASN1_PKEY_SIGPARAM_NULL,
689
690 .pem_str = "GOST2001",
691 .info = "GOST R 34.10-2001",
692
693 .pkey_free = pkey_free_gost01,
694 .pkey_ctrl = pkey_ctrl_gost01,
695
696 .priv_decode = priv_decode_gost01,
697 .priv_encode = priv_encode_gost01,
698 .priv_print = priv_print_gost01,
699
700 .param_decode = param_decode_gost01,
701 .param_encode = param_encode_gost01,
702 .param_missing = param_missing_gost01,
703 .param_copy = param_copy_gost01,
704 .param_cmp = param_cmp_gost01,
705 .param_print = param_print_gost01,
706
707 .pub_decode = pub_decode_gost01,
708 .pub_encode = pub_encode_gost01,
709 .pub_cmp = pub_cmp_gost01,
710 .pub_print = pub_print_gost01,
711 .pkey_size = pkey_size_gost01,
712 .pkey_bits = pkey_bits_gost01,
713};
714
715const EVP_PKEY_ASN1_METHOD gostr12_256_asn1_meth = {
716 .base_method = &gostr01_asn1_meth,
717 .pkey_id = EVP_PKEY_GOSTR12_256,
718 .pkey_flags = ASN1_PKEY_ALIAS,
719};
720
721const EVP_PKEY_ASN1_METHOD gostr12_512_asn1_meth = {
722 .base_method = &gostr01_asn1_meth,
723 .pkey_id = EVP_PKEY_GOSTR12_512,
724 .pkey_flags = ASN1_PKEY_ALIAS,
725};
726
727#endif
diff --git a/src/lib/libcrypto/gost/gostr341001_key.c b/src/lib/libcrypto/gost/gostr341001_key.c
deleted file mode 100644
index 0170ab44ba..0000000000
--- a/src/lib/libcrypto/gost/gostr341001_key.c
+++ /dev/null
@@ -1,334 +0,0 @@
1/* $OpenBSD: gostr341001_key.c,v 1.14 2023/07/24 17:08:53 tb Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57#include <openssl/bn.h>
58#include <openssl/err.h>
59#include <openssl/gost.h>
60#include <openssl/objects.h>
61#include "gost_local.h"
62
63struct gost_key_st {
64 EC_GROUP *group;
65
66 EC_POINT *pub_key;
67 BIGNUM *priv_key;
68
69 int references;
70
71 int digest_nid;
72};
73
74GOST_KEY *
75GOST_KEY_new(void)
76{
77 GOST_KEY *ret;
78
79 ret = malloc(sizeof(GOST_KEY));
80 if (ret == NULL) {
81 GOSTerror(ERR_R_MALLOC_FAILURE);
82 return (NULL);
83 }
84 ret->group = NULL;
85 ret->pub_key = NULL;
86 ret->priv_key = NULL;
87 ret->references = 1;
88 ret->digest_nid = NID_undef;
89 return (ret);
90}
91LCRYPTO_ALIAS(GOST_KEY_new);
92
93void
94GOST_KEY_free(GOST_KEY *r)
95{
96 int i;
97
98 if (r == NULL)
99 return;
100
101 i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC);
102 if (i > 0)
103 return;
104
105 EC_GROUP_free(r->group);
106 EC_POINT_free(r->pub_key);
107 BN_free(r->priv_key);
108
109 freezero(r, sizeof(GOST_KEY));
110}
111LCRYPTO_ALIAS(GOST_KEY_free);
112
113int
114GOST_KEY_check_key(const GOST_KEY *key)
115{
116 int ok = 0;
117 BN_CTX *ctx = NULL;
118 BIGNUM *order = NULL;
119 EC_POINT *point = NULL;
120
121 if (key == NULL || key->group == NULL || key->pub_key == NULL) {
122 GOSTerror(ERR_R_PASSED_NULL_PARAMETER);
123 return 0;
124 }
125 if (EC_POINT_is_at_infinity(key->group, key->pub_key) != 0) {
126 GOSTerror(EC_R_POINT_AT_INFINITY);
127 goto err;
128 }
129 if ((ctx = BN_CTX_new()) == NULL)
130 goto err;
131 if ((point = EC_POINT_new(key->group)) == NULL)
132 goto err;
133
134 /* testing whether the pub_key is on the elliptic curve */
135 if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) <= 0) {
136 GOSTerror(EC_R_POINT_IS_NOT_ON_CURVE);
137 goto err;
138 }
139 /* testing whether pub_key * order is the point at infinity */
140 if ((order = BN_new()) == NULL)
141 goto err;
142 if (EC_GROUP_get_order(key->group, order, ctx) == 0) {
143 GOSTerror(EC_R_INVALID_GROUP_ORDER);
144 goto err;
145 }
146 if (EC_POINT_mul(key->group, point, NULL, key->pub_key, order,
147 ctx) == 0) {
148 GOSTerror(ERR_R_EC_LIB);
149 goto err;
150 }
151 if (EC_POINT_is_at_infinity(key->group, point) == 0) {
152 GOSTerror(EC_R_WRONG_ORDER);
153 goto err;
154 }
155 /*
156 * in case the priv_key is present : check if generator * priv_key ==
157 * pub_key
158 */
159 if (key->priv_key != NULL) {
160 if (BN_cmp(key->priv_key, order) >= 0) {
161 GOSTerror(EC_R_WRONG_ORDER);
162 goto err;
163 }
164 if (EC_POINT_mul(key->group, point, key->priv_key, NULL, NULL,
165 ctx) == 0) {
166 GOSTerror(ERR_R_EC_LIB);
167 goto err;
168 }
169 if (EC_POINT_cmp(key->group, point, key->pub_key, ctx) != 0) {
170 GOSTerror(EC_R_INVALID_PRIVATE_KEY);
171 goto err;
172 }
173 }
174 ok = 1;
175err:
176 BN_free(order);
177 BN_CTX_free(ctx);
178 EC_POINT_free(point);
179 return (ok);
180}
181LCRYPTO_ALIAS(GOST_KEY_check_key);
182
183int
184GOST_KEY_set_public_key_affine_coordinates(GOST_KEY *key, BIGNUM *x, BIGNUM *y)
185{
186 BN_CTX *ctx = NULL;
187 BIGNUM *tx, *ty;
188 EC_POINT *point = NULL;
189 int ok = 0;
190
191 if (key == NULL || key->group == NULL || x == NULL || y == NULL) {
192 GOSTerror(ERR_R_PASSED_NULL_PARAMETER);
193 return 0;
194 }
195 ctx = BN_CTX_new();
196 if (ctx == NULL)
197 goto err;
198
199 BN_CTX_start(ctx);
200
201 point = EC_POINT_new(key->group);
202 if (point == NULL)
203 goto err;
204
205 if ((tx = BN_CTX_get(ctx)) == NULL)
206 goto err;
207 if ((ty = BN_CTX_get(ctx)) == NULL)
208 goto err;
209 if (EC_POINT_set_affine_coordinates(key->group, point, x, y,
210 ctx) == 0)
211 goto err;
212 if (EC_POINT_get_affine_coordinates(key->group, point, tx, ty,
213 ctx) == 0)
214 goto err;
215 /*
216 * Check if retrieved coordinates match originals: if not, values are
217 * out of range.
218 */
219 if (BN_cmp(x, tx) != 0 || BN_cmp(y, ty) != 0) {
220 GOSTerror(EC_R_COORDINATES_OUT_OF_RANGE);
221 goto err;
222 }
223 if (GOST_KEY_set_public_key(key, point) == 0)
224 goto err;
225
226 if (GOST_KEY_check_key(key) == 0)
227 goto err;
228
229 ok = 1;
230
231err:
232 EC_POINT_free(point);
233 BN_CTX_end(ctx);
234 BN_CTX_free(ctx);
235 return ok;
236
237}
238LCRYPTO_ALIAS(GOST_KEY_set_public_key_affine_coordinates);
239
240const EC_GROUP *
241GOST_KEY_get0_group(const GOST_KEY *key)
242{
243 return key->group;
244}
245LCRYPTO_ALIAS(GOST_KEY_get0_group);
246
247int
248GOST_KEY_set_group(GOST_KEY *key, const EC_GROUP *group)
249{
250 EC_GROUP_free(key->group);
251 key->group = EC_GROUP_dup(group);
252 return (key->group == NULL) ? 0 : 1;
253}
254LCRYPTO_ALIAS(GOST_KEY_set_group);
255
256const BIGNUM *
257GOST_KEY_get0_private_key(const GOST_KEY *key)
258{
259 return key->priv_key;
260}
261LCRYPTO_ALIAS(GOST_KEY_get0_private_key);
262
263int
264GOST_KEY_set_private_key(GOST_KEY *key, const BIGNUM *priv_key)
265{
266 BN_free(key->priv_key);
267 key->priv_key = BN_dup(priv_key);
268 return (key->priv_key == NULL) ? 0 : 1;
269}
270LCRYPTO_ALIAS(GOST_KEY_set_private_key);
271
272const EC_POINT *
273GOST_KEY_get0_public_key(const GOST_KEY *key)
274{
275 return key->pub_key;
276}
277LCRYPTO_ALIAS(GOST_KEY_get0_public_key);
278
279int
280GOST_KEY_set_public_key(GOST_KEY *key, const EC_POINT *pub_key)
281{
282 EC_POINT_free(key->pub_key);
283 key->pub_key = EC_POINT_dup(pub_key, key->group);
284 return (key->pub_key == NULL) ? 0 : 1;
285}
286LCRYPTO_ALIAS(GOST_KEY_set_public_key);
287
288int
289GOST_KEY_get_digest(const GOST_KEY *key)
290{
291 return key->digest_nid;
292}
293LCRYPTO_ALIAS(GOST_KEY_get_digest);
294int
295GOST_KEY_set_digest(GOST_KEY *key, int digest_nid)
296{
297 if (digest_nid == NID_id_GostR3411_94_CryptoProParamSet ||
298 digest_nid == NID_id_tc26_gost3411_2012_256 ||
299 digest_nid == NID_id_tc26_gost3411_2012_512) {
300 key->digest_nid = digest_nid;
301 return 1;
302 }
303
304 return 0;
305}
306LCRYPTO_ALIAS(GOST_KEY_set_digest);
307
308size_t
309GOST_KEY_get_size(const GOST_KEY *r)
310{
311 int i;
312 BIGNUM *order = NULL;
313 const EC_GROUP *group;
314
315 if (r == NULL)
316 return 0;
317 group = GOST_KEY_get0_group(r);
318 if (group == NULL)
319 return 0;
320
321 if ((order = BN_new()) == NULL)
322 return 0;
323
324 if (EC_GROUP_get_order(group, order, NULL) == 0) {
325 BN_free(order);
326 return 0;
327 }
328
329 i = BN_num_bytes(order);
330 BN_free(order);
331 return (i);
332}
333LCRYPTO_ALIAS(GOST_KEY_get_size);
334#endif
diff --git a/src/lib/libcrypto/gost/gostr341001_params.c b/src/lib/libcrypto/gost/gostr341001_params.c
deleted file mode 100644
index ca8a27d712..0000000000
--- a/src/lib/libcrypto/gost/gostr341001_params.c
+++ /dev/null
@@ -1,132 +0,0 @@
1/* $OpenBSD: gostr341001_params.c,v 1.5 2022/11/26 16:08:53 tb Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57#include <openssl/objects.h>
58#include <openssl/gost.h>
59
60#include "gost_local.h"
61
62int
63GostR3410_get_md_digest(int nid)
64{
65 if (nid == NID_id_GostR3411_94_CryptoProParamSet)
66 return NID_id_GostR3411_94;
67 return nid;
68}
69
70int
71GostR3410_get_pk_digest(int nid)
72{
73 switch (nid) {
74 case NID_id_GostR3411_94_CryptoProParamSet:
75 return NID_id_GostR3410_2001;
76 case NID_id_tc26_gost3411_2012_256:
77 return NID_id_tc26_gost3410_2012_256;
78 case NID_id_tc26_gost3411_2012_512:
79 return NID_id_tc26_gost3410_2012_512;
80 default:
81 return NID_undef;
82 }
83}
84
85typedef struct GostR3410_params {
86 const char *name;
87 int nid;
88} GostR3410_params;
89
90static const GostR3410_params GostR3410_256_params[] = {
91 { "A", NID_id_GostR3410_2001_CryptoPro_A_ParamSet },
92 { "B", NID_id_GostR3410_2001_CryptoPro_B_ParamSet },
93 { "C", NID_id_GostR3410_2001_CryptoPro_C_ParamSet },
94 { "0", NID_id_GostR3410_2001_TestParamSet },
95 { "XA", NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet },
96 { "XB", NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet },
97 { NULL, NID_undef },
98};
99
100static const GostR3410_params GostR3410_512_params[] = {
101 { "A", NID_id_tc26_gost_3410_12_512_paramSetA },
102 { "B", NID_id_tc26_gost_3410_12_512_paramSetB },
103 { NULL, NID_undef },
104};
105
106int
107GostR3410_256_param_id(const char *value)
108{
109 int i;
110
111 for (i = 0; GostR3410_256_params[i].nid != NID_undef; i++) {
112 if (strcasecmp(GostR3410_256_params[i].name, value) == 0)
113 return GostR3410_256_params[i].nid;
114 }
115
116 return NID_undef;
117}
118
119int
120GostR3410_512_param_id(const char *value)
121{
122 int i;
123
124 for (i = 0; GostR3410_512_params[i].nid != NID_undef; i++) {
125 if (strcasecmp(GostR3410_512_params[i].name, value) == 0)
126 return GostR3410_512_params[i].nid;
127 }
128
129 return NID_undef;
130}
131
132#endif
diff --git a/src/lib/libcrypto/gost/gostr341001_pmeth.c b/src/lib/libcrypto/gost/gostr341001_pmeth.c
deleted file mode 100644
index c5e05bec60..0000000000
--- a/src/lib/libcrypto/gost/gostr341001_pmeth.c
+++ /dev/null
@@ -1,705 +0,0 @@
1/* $OpenBSD: gostr341001_pmeth.c,v 1.19 2023/07/28 15:50:33 tb Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57#include <openssl/bn.h>
58#include <openssl/evp.h>
59#include <openssl/err.h>
60#include <openssl/gost.h>
61#include <openssl/ec.h>
62#include <openssl/x509.h>
63
64#include "ecdsa_local.h"
65#include "evp_local.h"
66#include "gost_local.h"
67#include "gost_asn1.h"
68
69static ECDSA_SIG *
70unpack_signature_cp(const unsigned char *sig, size_t siglen)
71{
72 ECDSA_SIG *s;
73
74 s = ECDSA_SIG_new();
75 if (s == NULL) {
76 GOSTerror(ERR_R_MALLOC_FAILURE);
77 return NULL;
78 }
79 BN_bin2bn(sig, siglen / 2, s->s);
80 BN_bin2bn(sig + siglen / 2, siglen / 2, s->r);
81 return s;
82}
83
84static int
85pack_signature_cp(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
86{
87 int r_len = BN_num_bytes(s->r);
88 int s_len = BN_num_bytes(s->s);
89
90 if (r_len > order || s_len > order)
91 return 0;
92
93 *siglen = 2 * order;
94
95 memset(sig, 0, *siglen);
96 BN_bn2bin(s->s, sig + order - s_len);
97 BN_bn2bin(s->r, sig + 2 * order - r_len);
98 ECDSA_SIG_free(s);
99 return 1;
100}
101
102static ECDSA_SIG *
103unpack_signature_le(const unsigned char *sig, size_t siglen)
104{
105 ECDSA_SIG *s;
106
107 s = ECDSA_SIG_new();
108 if (s == NULL) {
109 GOSTerror(ERR_R_MALLOC_FAILURE);
110 return NULL;
111 }
112 GOST_le2bn(sig, siglen / 2, s->r);
113 GOST_le2bn(sig + siglen / 2, siglen / 2, s->s);
114 return s;
115}
116
117static int
118pack_signature_le(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
119{
120 *siglen = 2 * order;
121 memset(sig, 0, *siglen);
122 GOST_bn2le(s->r, sig, order);
123 GOST_bn2le(s->s, sig + order, order);
124 ECDSA_SIG_free(s);
125 return 1;
126}
127
128struct gost_pmeth_data {
129 int sign_param_nid; /* Should be set whenever parameters are filled */
130 int digest_nid;
131 EVP_MD *md;
132 unsigned char *shared_ukm;
133 int peer_key_used;
134 int sig_format;
135};
136
137static int
138pkey_gost01_init(EVP_PKEY_CTX *ctx)
139{
140 struct gost_pmeth_data *data;
141 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
142
143 data = calloc(1, sizeof(struct gost_pmeth_data));
144 if (data == NULL)
145 return 0;
146
147 if (pkey != NULL && pkey->pkey.gost != NULL) {
148 data->sign_param_nid =
149 EC_GROUP_get_curve_name(GOST_KEY_get0_group(pkey->pkey.gost));
150 data->digest_nid = GOST_KEY_get_digest(pkey->pkey.gost);
151 }
152 EVP_PKEY_CTX_set_data(ctx, data);
153 return 1;
154}
155
156/* Copies contents of gost_pmeth_data structure */
157static int
158pkey_gost01_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
159{
160 struct gost_pmeth_data *dst_data, *src_data;
161
162 if (pkey_gost01_init(dst) == 0)
163 return 0;
164
165 src_data = EVP_PKEY_CTX_get_data(src);
166 dst_data = EVP_PKEY_CTX_get_data(dst);
167 *dst_data = *src_data;
168 if (src_data->shared_ukm != NULL)
169 dst_data->shared_ukm = NULL;
170 return 1;
171}
172
173/* Frees up gost_pmeth_data structure */
174static void
175pkey_gost01_cleanup(EVP_PKEY_CTX *ctx)
176{
177 struct gost_pmeth_data *data;
178
179 if ((data = EVP_PKEY_CTX_get_data(ctx)) == NULL)
180 return;
181
182 free(data->shared_ukm);
183 free(data);
184}
185
186static int
187pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
188{
189 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
190 EC_GROUP *group = NULL;
191 GOST_KEY *gost = NULL;
192 int ret = 0;
193
194 if (data->sign_param_nid == NID_undef ||
195 data->digest_nid == NID_undef) {
196 GOSTerror(GOST_R_NO_PARAMETERS_SET);
197 return 0;
198 }
199
200 group = EC_GROUP_new_by_curve_name(data->sign_param_nid);
201 if (group == NULL)
202 goto done;
203
204 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
205
206 gost = GOST_KEY_new();
207 if (gost == NULL)
208 goto done;
209
210 if (GOST_KEY_set_digest(gost, data->digest_nid) == 0)
211 goto done;
212
213 if (GOST_KEY_set_group(gost, group) != 0)
214 ret = EVP_PKEY_assign_GOST(pkey, gost);
215
216done:
217 if (ret == 0)
218 GOST_KEY_free(gost);
219 EC_GROUP_free(group);
220 return ret;
221}
222
223static int
224pkey_gost01_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
225{
226 if (pkey_gost01_paramgen(ctx, pkey) == 0)
227 return 0;
228 return gost2001_keygen(pkey->pkey.gost) != 0;
229}
230
231static int
232pkey_gost01_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
233 const unsigned char *tbs, size_t tbs_len)
234{
235 ECDSA_SIG *unpacked_sig = NULL;
236 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
237 struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx);
238 BIGNUM *md;
239 size_t size;
240 int ret;
241
242 if (pkey == NULL || pkey->pkey.gost == NULL)
243 return 0;
244 size = GOST_KEY_get_size(pkey->pkey.gost);
245
246 if (siglen == NULL)
247 return 0;
248 if (sig == NULL) {
249 *siglen = 2 * size;
250 return 1;
251 } else if (*siglen < 2 * size) {
252 GOSTerror(EC_R_BUFFER_TOO_SMALL);
253 return 0;
254 }
255 if (tbs_len != 32 && tbs_len != 64) {
256 GOSTerror(EVP_R_BAD_BLOCK_LENGTH);
257 return 0;
258 }
259 md = GOST_le2bn(tbs, tbs_len, NULL);
260 if (md == NULL)
261 return 0;
262 unpacked_sig = gost2001_do_sign(md, pkey->pkey.gost);
263 BN_free(md);
264 if (unpacked_sig == NULL) {
265 return 0;
266 }
267 switch (pctx->sig_format) {
268 case GOST_SIG_FORMAT_SR_BE:
269 ret = pack_signature_cp(unpacked_sig, size, sig, siglen);
270 break;
271 case GOST_SIG_FORMAT_RS_LE:
272 ret = pack_signature_le(unpacked_sig, size, sig, siglen);
273 break;
274 default:
275 ret = -1;
276 break;
277 }
278 if (ret <= 0)
279 ECDSA_SIG_free(unpacked_sig);
280 return ret;
281}
282
283static int
284pkey_gost01_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
285 const unsigned char *tbs, size_t tbs_len)
286{
287 int ok = 0;
288 EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
289 struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx);
290 ECDSA_SIG *s = NULL;
291 BIGNUM *md;
292
293 if (pub_key == NULL)
294 return 0;
295 switch (pctx->sig_format) {
296 case GOST_SIG_FORMAT_SR_BE:
297 s = unpack_signature_cp(sig, siglen);
298 break;
299 case GOST_SIG_FORMAT_RS_LE:
300 s = unpack_signature_le(sig, siglen);
301 break;
302 }
303 if (s == NULL)
304 return 0;
305 md = GOST_le2bn(tbs, tbs_len, NULL);
306 if (md == NULL)
307 goto err;
308 ok = gost2001_do_verify(md, s, pub_key->pkey.gost);
309
310err:
311 BN_free(md);
312 ECDSA_SIG_free(s);
313 return ok;
314}
315
316static int
317gost01_VKO_key(EVP_PKEY *pub_key, EVP_PKEY *priv_key, const unsigned char *ukm,
318 unsigned char *key)
319{
320 unsigned char hashbuf[128];
321 int digest_nid;
322 int ret = 0;
323 BN_CTX *ctx = BN_CTX_new();
324 BIGNUM *UKM, *X, *Y;
325
326 if (ctx == NULL)
327 return 0;
328
329 BN_CTX_start(ctx);
330 if ((UKM = BN_CTX_get(ctx)) == NULL)
331 goto err;
332 if ((X = BN_CTX_get(ctx)) == NULL)
333 goto err;
334 if ((Y = BN_CTX_get(ctx)) == NULL)
335 goto err;
336
337 GOST_le2bn(ukm, 8, UKM);
338
339 digest_nid = GOST_KEY_get_digest(priv_key->pkey.gost);
340 if (VKO_compute_key(X, Y, pub_key->pkey.gost, priv_key->pkey.gost,
341 UKM) == 0)
342 goto err;
343
344 switch (digest_nid) {
345 case NID_id_GostR3411_94_CryptoProParamSet:
346 GOST_bn2le(X, hashbuf, 32);
347 GOST_bn2le(Y, hashbuf + 32, 32);
348 GOSTR341194(hashbuf, 64, key, digest_nid);
349 ret = 1;
350 break;
351 case NID_id_tc26_gost3411_2012_256:
352 GOST_bn2le(X, hashbuf, 32);
353 GOST_bn2le(Y, hashbuf + 32, 32);
354 STREEBOG256(hashbuf, 64, key);
355 ret = 1;
356 break;
357 case NID_id_tc26_gost3411_2012_512:
358 GOST_bn2le(X, hashbuf, 64);
359 GOST_bn2le(Y, hashbuf + 64, 64);
360 STREEBOG256(hashbuf, 128, key);
361 ret = 1;
362 break;
363 default:
364 ret = -2;
365 break;
366 }
367err:
368 BN_CTX_end(ctx);
369 BN_CTX_free(ctx);
370 return ret;
371}
372
373int
374pkey_gost01_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len,
375 const unsigned char *in, size_t in_len)
376{
377 const unsigned char *p = in;
378 EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx);
379 GOST_KEY_TRANSPORT *gkt = NULL;
380 int ret = 0;
381 unsigned char wrappedKey[44];
382 unsigned char sharedKey[32];
383 EVP_PKEY *eph_key = NULL, *peerkey = NULL;
384 int nid;
385
386 if (key == NULL) {
387 *key_len = 32;
388 return 1;
389 }
390 gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
391 if (gkt == NULL) {
392 GOSTerror(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
393 return -1;
394 }
395
396 /* If key transport structure contains public key, use it */
397 eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
398 if (eph_key != NULL) {
399 if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) {
400 GOSTerror(GOST_R_INCOMPATIBLE_PEER_KEY);
401 goto err;
402 }
403 } else {
404 /* Set control "public key from client certificate used" */
405 if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3,
406 NULL) <= 0) {
407 GOSTerror(GOST_R_CTRL_CALL_FAILED);
408 goto err;
409 }
410 }
411 peerkey = EVP_PKEY_CTX_get0_peerkey(pctx);
412 if (peerkey == NULL) {
413 GOSTerror(GOST_R_NO_PEER_KEY);
414 goto err;
415 }
416
417 nid = OBJ_obj2nid(gkt->key_agreement_info->cipher);
418
419 if (gkt->key_agreement_info->eph_iv->length != 8) {
420 GOSTerror(GOST_R_INVALID_IV_LENGTH);
421 goto err;
422 }
423 memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
424 if (gkt->key_info->encrypted_key->length != 32) {
425 GOSTerror(EVP_R_BAD_KEY_LENGTH);
426 goto err;
427 }
428 memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
429 if (gkt->key_info->imit->length != 4) {
430 GOSTerror(ERR_R_INTERNAL_ERROR);
431 goto err;
432 }
433 memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
434 if (gost01_VKO_key(peerkey, priv, wrappedKey, sharedKey) <= 0)
435 goto err;
436 if (gost_key_unwrap_crypto_pro(nid, sharedKey, wrappedKey, key) == 0) {
437 GOSTerror(GOST_R_ERROR_COMPUTING_SHARED_KEY);
438 goto err;
439 }
440
441 ret = 1;
442err:
443 EVP_PKEY_free(eph_key);
444 GOST_KEY_TRANSPORT_free(gkt);
445 return ret;
446}
447
448int
449pkey_gost01_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
450{
451 /*
452 * Public key of peer in the ctx field peerkey
453 * Our private key in the ctx pkey
454 * ukm is in the algorithm specific context data
455 */
456 EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx);
457 EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx);
458 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
459
460 if (data->shared_ukm == NULL) {
461 GOSTerror(GOST_R_UKM_NOT_SET);
462 return 0;
463 }
464
465 if (key == NULL) {
466 *keylen = 32;
467 return 32;
468 }
469
470 if (gost01_VKO_key(peer_key, my_key, data->shared_ukm, key) <= 0)
471 return 0;
472
473 *keylen = 32;
474 return 1;
475}
476
477int
478pkey_gost01_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len,
479 const unsigned char *key, size_t key_len)
480{
481 GOST_KEY_TRANSPORT *gkt = NULL;
482 EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx);
483 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
484 unsigned char ukm[8], shared_key[32], crypted_key[44];
485 int ret = 0;
486 int key_is_ephemeral;
487 EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx);
488 int nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
489
490 if (data->shared_ukm != NULL) {
491 memcpy(ukm, data->shared_ukm, 8);
492 } else /* if (out != NULL) */ {
493 arc4random_buf(ukm, 8);
494 }
495 /* Check for private key in the peer_key of context */
496 if (sec_key) {
497 key_is_ephemeral = 0;
498 if (GOST_KEY_get0_private_key(sec_key->pkey.gost) == 0) {
499 GOSTerror(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
500 goto err;
501 }
502 } else {
503 key_is_ephemeral = 1;
504 if (out != NULL) {
505 GOST_KEY *tmp_key;
506
507 sec_key = EVP_PKEY_new();
508 if (sec_key == NULL)
509 goto err;
510 tmp_key = GOST_KEY_new();
511 if (tmp_key == NULL)
512 goto err;
513 if (EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk),
514 tmp_key) == 0) {
515 GOST_KEY_free(tmp_key);
516 goto err;
517 }
518 if (EVP_PKEY_copy_parameters(sec_key, pubk) == 0)
519 goto err;
520 if (gost2001_keygen(sec_key->pkey.gost) == 0) {
521 goto err;
522 }
523 }
524 }
525
526 if (out != NULL) {
527 if (gost01_VKO_key(pubk, sec_key, ukm, shared_key) <= 0)
528 goto err;
529 gost_key_wrap_crypto_pro(nid, shared_key, ukm, key,
530 crypted_key);
531 }
532 gkt = GOST_KEY_TRANSPORT_new();
533 if (gkt == NULL)
534 goto err;
535 if (ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8) == 0)
536 goto err;
537 if (ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40,
538 4) == 0)
539 goto err;
540 if (ASN1_OCTET_STRING_set(gkt->key_info->encrypted_key, crypted_key + 8,
541 32) == 0)
542 goto err;
543 if (key_is_ephemeral) {
544 if (X509_PUBKEY_set(&gkt->key_agreement_info->ephem_key,
545 out != NULL ? sec_key : pubk) == 0) {
546 GOSTerror(GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
547 goto err;
548 }
549 }
550 ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
551 gkt->key_agreement_info->cipher = OBJ_nid2obj(nid);
552 if (key_is_ephemeral)
553 EVP_PKEY_free(sec_key);
554 else {
555 /* Set control "public key from client certificate used" */
556 if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3,
557 NULL) <= 0) {
558 GOSTerror(GOST_R_CTRL_CALL_FAILED);
559 goto err;
560 }
561 }
562 if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0)
563 ret = 1;
564 GOST_KEY_TRANSPORT_free(gkt);
565 return ret;
566
567err:
568 if (key_is_ephemeral)
569 EVP_PKEY_free(sec_key);
570 GOST_KEY_TRANSPORT_free(gkt);
571 return -1;
572}
573
574
575static int
576pkey_gost01_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
577{
578 struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx);
579
580 switch (type) {
581 case EVP_PKEY_CTRL_MD:
582 if (EVP_MD_type(p2) !=
583 GostR3410_get_md_digest(pctx->digest_nid)) {
584 GOSTerror(GOST_R_INVALID_DIGEST_TYPE);
585 return 0;
586 }
587 pctx->md = p2;
588 return 1;
589 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
590 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
591 case EVP_PKEY_CTRL_PKCS7_SIGN:
592 case EVP_PKEY_CTRL_DIGESTINIT:
593 return 1;
594
595 case EVP_PKEY_CTRL_GOST_PARAMSET:
596 pctx->sign_param_nid = (int)p1;
597 return 1;
598
599 case EVP_PKEY_CTRL_SET_IV:
600 {
601 char *ukm = malloc(p1);
602
603 if (ukm == NULL) {
604 GOSTerror(ERR_R_MALLOC_FAILURE);
605 return 0;
606 }
607 memcpy(ukm, p2, p1);
608 free(pctx->shared_ukm);
609 pctx->shared_ukm = ukm;
610 return 1;
611 }
612
613 case EVP_PKEY_CTRL_PEER_KEY:
614 if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */
615 return 1;
616 if (p1 == 2) /* TLS: peer key used? */
617 return pctx->peer_key_used;
618 if (p1 == 3) /* TLS: peer key used! */
619 return (pctx->peer_key_used = 1);
620 return -2;
621 case EVP_PKEY_CTRL_GOST_SIG_FORMAT:
622 switch (p1) {
623 case GOST_SIG_FORMAT_SR_BE:
624 case GOST_SIG_FORMAT_RS_LE:
625 pctx->sig_format = p1;
626 return 1;
627 default:
628 return 0;
629 }
630 break;
631 case EVP_PKEY_CTRL_GOST_SET_DIGEST:
632 pctx->digest_nid = (int)p1;
633 return 1;
634 case EVP_PKEY_CTRL_GOST_GET_DIGEST:
635 *(int *)p2 = pctx->digest_nid;
636 return 1;
637 default:
638 return -2;
639 }
640}
641
642static int
643pkey_gost01_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
644{
645 int param_nid = NID_undef;
646 int digest_nid = NID_undef;
647
648 if (strcmp(type, "paramset") == 0) {
649 if (value == NULL)
650 return 0;
651 if (pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_GET_DIGEST, 0,
652 &digest_nid) == 0)
653 return 0;
654 if (digest_nid == NID_id_tc26_gost3411_2012_512)
655 param_nid = GostR3410_512_param_id(value);
656 else
657 param_nid = GostR3410_256_param_id(value);
658 if (param_nid == NID_undef)
659 param_nid = OBJ_txt2nid(value);
660 if (param_nid == NID_undef)
661 return 0;
662
663 return pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
664 param_nid, NULL);
665 }
666 if (strcmp(type, "dgst") == 0) {
667 if (value == NULL)
668 return 0;
669 else if (strcmp(value, "gost94") == 0 ||
670 strcmp(value, "md_gost94") == 0)
671 digest_nid = NID_id_GostR3411_94_CryptoProParamSet;
672 else if (strcmp(value, "streebog256") == 0)
673 digest_nid = NID_id_tc26_gost3411_2012_256;
674 else if (strcmp(value, "streebog512") == 0)
675 digest_nid = NID_id_tc26_gost3411_2012_512;
676
677 if (digest_nid == NID_undef)
678 return 0;
679
680 return pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_SET_DIGEST,
681 digest_nid, NULL);
682 }
683 return -2;
684}
685
686const EVP_PKEY_METHOD gostr01_pkey_meth = {
687 .pkey_id = EVP_PKEY_GOSTR01,
688
689 .init = pkey_gost01_init,
690 .copy = pkey_gost01_copy,
691 .cleanup = pkey_gost01_cleanup,
692
693 .paramgen = pkey_gost01_paramgen,
694 .keygen = pkey_gost01_keygen,
695 .sign = pkey_gost01_sign,
696 .verify = pkey_gost01_verify,
697
698 .encrypt = pkey_gost01_encrypt,
699 .decrypt = pkey_gost01_decrypt,
700 .derive = pkey_gost01_derive,
701
702 .ctrl = pkey_gost01_ctrl,
703 .ctrl_str = pkey_gost01_ctrl_str,
704};
705#endif
diff --git a/src/lib/libcrypto/gost/gostr341194.c b/src/lib/libcrypto/gost/gostr341194.c
deleted file mode 100644
index 311c304539..0000000000
--- a/src/lib/libcrypto/gost/gostr341194.c
+++ /dev/null
@@ -1,278 +0,0 @@
1/* $OpenBSD: gostr341194.c,v 1.7 2023/07/08 14:30:44 beck Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55
56#ifndef OPENSSL_NO_GOST
57#include <openssl/crypto.h>
58#include <openssl/objects.h>
59#include <openssl/gost.h>
60
61#include "gost_local.h"
62
63/* Following functions are various bit meshing routines used in
64 * GOST R 34.11-94 algorithms */
65static void
66swap_bytes(unsigned char *w, unsigned char *k)
67{
68 int i, j;
69
70 for (i = 0; i < 4; i++)
71 for (j = 0; j < 8; j++)
72 k[i + 4 * j] = w[8 * i + j];
73}
74
75/* was A_A */
76static void
77circle_xor8(const unsigned char *w, unsigned char *k)
78{
79 unsigned char buf[8];
80 int i;
81
82 memcpy(buf, w, 8);
83 memmove(k, w + 8, 24);
84 for (i = 0; i < 8; i++)
85 k[i + 24] = buf[i] ^ k[i];
86}
87
88/* was R_R */
89static void
90transform_3(unsigned char *data)
91{
92 unsigned short int acc;
93
94 acc = (data[0] ^ data[2] ^ data[4] ^ data[6] ^ data[24] ^ data[30]) |
95 ((data[1] ^ data[3] ^ data[5] ^ data[7] ^ data[25] ^ data[31]) << 8);
96 memmove(data, data + 2, 30);
97 data[30] = acc & 0xff;
98 data[31] = acc >> 8;
99}
100
101/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/
102static int
103add_blocks(int n, unsigned char *left, const unsigned char *right)
104{
105 int i;
106 int carry = 0;
107 int sum;
108
109 for (i = 0; i < n; i++) {
110 sum = (int)left[i] + (int)right[i] + carry;
111 left[i] = sum & 0xff;
112 carry = sum >> 8;
113 }
114 return carry;
115}
116
117/* Xor two sequences of bytes */
118static void
119xor_blocks(unsigned char *result, const unsigned char *a,
120 const unsigned char *b, size_t len)
121{
122 size_t i;
123
124 for (i = 0; i < len; i++)
125 result[i] = a[i] ^ b[i];
126}
127
128/*
129 * Calculate H(i+1) = Hash(Hi,Mi)
130 * Where H and M are 32 bytes long
131 */
132static int
133hash_step(GOSTR341194_CTX *c, unsigned char *H, const unsigned char *M)
134{
135 unsigned char U[32], W[32], V[32], S[32], Key[32];
136 int i;
137
138 /* Compute first key */
139 xor_blocks(W, H, M, 32);
140 swap_bytes(W, Key);
141 /* Encrypt first 8 bytes of H with first key */
142 Gost2814789_set_key(&c->cipher, Key, 256);
143 Gost2814789_encrypt(H, S, &c->cipher);
144
145 /* Compute second key */
146 circle_xor8(H, U);
147 circle_xor8(M, V);
148 circle_xor8(V, V);
149 xor_blocks(W, U, V, 32);
150 swap_bytes(W, Key);
151 /* encrypt second 8 bytes of H with second key */
152 Gost2814789_set_key(&c->cipher, Key, 256);
153 Gost2814789_encrypt(H+8, S+8, &c->cipher);
154
155 /* compute third key */
156 circle_xor8(U, U);
157 U[31] = ~U[31];
158 U[29] = ~U[29];
159 U[28] = ~U[28];
160 U[24] = ~U[24];
161 U[23] = ~U[23];
162 U[20] = ~U[20];
163 U[18] = ~U[18];
164 U[17] = ~U[17];
165 U[14] = ~U[14];
166 U[12] = ~U[12];
167 U[10] = ~U[10];
168 U[8] = ~U[8];
169 U[7] = ~U[7];
170 U[5] = ~U[5];
171 U[3] = ~U[3];
172 U[1] = ~U[1];
173 circle_xor8(V, V);
174 circle_xor8(V, V);
175 xor_blocks(W, U, V, 32);
176 swap_bytes(W, Key);
177 /* encrypt third 8 bytes of H with third key */
178 Gost2814789_set_key(&c->cipher, Key, 256);
179 Gost2814789_encrypt(H+16, S+16, &c->cipher);
180
181 /* Compute fourth key */
182 circle_xor8(U, U);
183 circle_xor8(V, V);
184 circle_xor8(V, V);
185 xor_blocks(W, U, V, 32);
186 swap_bytes(W, Key);
187 /* Encrypt last 8 bytes with fourth key */
188 Gost2814789_set_key(&c->cipher, Key, 256);
189 Gost2814789_encrypt(H+24, S+24, &c->cipher);
190
191 for (i = 0; i < 12; i++)
192 transform_3(S);
193 xor_blocks(S, S, M, 32);
194 transform_3(S);
195 xor_blocks(S, S, H, 32);
196 for (i = 0; i < 61; i++)
197 transform_3(S);
198 memcpy(H, S, 32);
199 return 1;
200}
201
202int
203GOSTR341194_Init(GOSTR341194_CTX *c, int nid)
204{
205 memset(c, 0, sizeof(*c));
206 return Gost2814789_set_sbox(&c->cipher, nid);
207}
208LCRYPTO_ALIAS(GOSTR341194_Init);
209
210static void
211GOSTR341194_block_data_order(GOSTR341194_CTX *ctx, const unsigned char *p,
212 size_t num)
213{
214 int i;
215
216 for (i = 0; i < num; i++) {
217 hash_step(ctx, ctx->H, p);
218 add_blocks(32, ctx->S, p);
219 p += 32;
220 }
221}
222
223#define DATA_ORDER_IS_LITTLE_ENDIAN
224
225#define HASH_CBLOCK GOSTR341194_CBLOCK
226#define HASH_LONG GOSTR341194_LONG
227#define HASH_CTX GOSTR341194_CTX
228#define HASH_UPDATE GOSTR341194_Update
229#define HASH_TRANSFORM GOSTR341194_Transform
230#define HASH_NO_FINAL 1
231#define HASH_BLOCK_DATA_ORDER GOSTR341194_block_data_order
232
233#include "md32_common.h"
234LCRYPTO_ALIAS(GOSTR341194_Update);
235LCRYPTO_ALIAS(GOSTR341194_Transform);
236
237int
238GOSTR341194_Final(unsigned char *md, GOSTR341194_CTX * c)
239{
240 unsigned char *p = (unsigned char *)c->data;
241 unsigned char T[32];
242
243 if (c->num > 0) {
244 memset(p + c->num, 0, 32 - c->num);
245 hash_step(c, c->H, p);
246 add_blocks(32, c->S, p);
247 }
248
249 p = T;
250 HOST_l2c(c->Nl, p);
251 HOST_l2c(c->Nh, p);
252 memset(p, 0, 32 - 8);
253 hash_step(c, c->H, T);
254 hash_step(c, c->H, c->S);
255
256 memcpy(md, c->H, 32);
257
258 return 1;
259}
260LCRYPTO_ALIAS(GOSTR341194_Final);
261
262unsigned char *
263GOSTR341194(const unsigned char *d, size_t n, unsigned char *md, int nid)
264{
265 GOSTR341194_CTX c;
266 static unsigned char m[GOSTR341194_LENGTH];
267
268 if (md == NULL)
269 md = m;
270 if (!GOSTR341194_Init(&c, nid))
271 return 0;
272 GOSTR341194_Update(&c, d, n);
273 GOSTR341194_Final(md, &c);
274 explicit_bzero(&c, sizeof(c));
275 return (md);
276}
277LCRYPTO_ALIAS(GOSTR341194);
278#endif
diff --git a/src/lib/libcrypto/gost/streebog.c b/src/lib/libcrypto/gost/streebog.c
deleted file mode 100644
index 60c575794c..0000000000
--- a/src/lib/libcrypto/gost/streebog.c
+++ /dev/null
@@ -1,1487 +0,0 @@
1/* $OpenBSD: streebog.c,v 1.9 2023/07/08 14:30:44 beck Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <endian.h>
53#include <stdlib.h>
54#include <string.h>
55
56#include <openssl/opensslconf.h>
57
58#ifndef OPENSSL_NO_GOST
59#include <openssl/crypto.h>
60#include <openssl/objects.h>
61#include <openssl/gost.h>
62
63#include "gost_local.h"
64
65static const STREEBOG_LONG64 A_PI_table[8][256] = {
66 { /* 0 */
67 U64(0xd01f715b5c7ef8e6), U64(0x16fa240980778325),
68 U64(0xa8a42e857ee049c8), U64(0x6ac1068fa186465b),
69 U64(0x6e417bd7a2e9320b), U64(0x665c8167a437daab),
70 U64(0x7666681aa89617f6), U64(0x4b959163700bdcf5),
71 U64(0xf14be6b78df36248), U64(0xc585bd689a625cff),
72 U64(0x9557d7fca67d82cb), U64(0x89f0b969af6dd366),
73 U64(0xb0833d48749f6c35), U64(0xa1998c23b1ecbc7c),
74 U64(0x8d70c431ac02a736), U64(0xd6dfbc2fd0a8b69e),
75 U64(0x37aeb3e551fa198b), U64(0x0b7d128a40b5cf9c),
76 U64(0x5a8f2008b5780cbc), U64(0xedec882284e333e5),
77 U64(0xd25fc177d3c7c2ce), U64(0x5e0f5d50b61778ec),
78 U64(0x1d873683c0c24cb9), U64(0xad040bcbb45d208c),
79 U64(0x2f89a0285b853c76), U64(0x5732fff6791b8d58),
80 U64(0x3e9311439ef6ec3f), U64(0xc9183a809fd3c00f),
81 U64(0x83adf3f5260a01ee), U64(0xa6791941f4e8ef10),
82 U64(0x103ae97d0ca1cd5d), U64(0x2ce948121dee1b4a),
83 U64(0x39738421dbf2bf53), U64(0x093da2a6cf0cf5b4),
84 U64(0xcd9847d89cbcb45f), U64(0xf9561c078b2d8ae8),
85 U64(0x9c6a755a6971777f), U64(0xbc1ebaa0712ef0c5),
86 U64(0x72e61542abf963a6), U64(0x78bb5fde229eb12e),
87 U64(0x14ba94250fceb90d), U64(0x844d6697630e5282),
88 U64(0x98ea08026a1e032f), U64(0xf06bbea144217f5c),
89 U64(0xdb6263d11ccb377a), U64(0x641c314b2b8ee083),
90 U64(0x320e96ab9b4770cf), U64(0x1ee7deb986a96b85),
91 U64(0xe96cf57a878c47b5), U64(0xfdd6615f8842feb8),
92 U64(0xc83862965601dd1b), U64(0x2ea9f83e92572162),
93 U64(0xf876441142ff97fc), U64(0xeb2c455608357d9d),
94 U64(0x5612a7e0b0c9904c), U64(0x6c01cbfb2d500823),
95 U64(0x4548a6a7fa037a2d), U64(0xabc4c6bf388b6ef4),
96 U64(0xbade77d4fdf8bebd), U64(0x799b07c8eb4cac3a),
97 U64(0x0c9d87e805b19cf0), U64(0xcb588aac106afa27),
98 U64(0xea0c1d40c1e76089), U64(0x2869354a1e816f1a),
99 U64(0xff96d17307fbc490), U64(0x9f0a9d602f1a5043),
100 U64(0x96373fc6e016a5f7), U64(0x5292dab8b3a6e41c),
101 U64(0x9b8ae0382c752413), U64(0x4f15ec3b7364a8a5),
102 U64(0x3fb349555724f12b), U64(0xc7c50d4415db66d7),
103 U64(0x92b7429ee379d1a7), U64(0xd37f99611a15dfda),
104 U64(0x231427c05e34a086), U64(0xa439a96d7b51d538),
105 U64(0xb403401077f01865), U64(0xdda2aea5901d7902),
106 U64(0x0a5d4a9c8967d288), U64(0xc265280adf660f93),
107 U64(0x8bb0094520d4e94e), U64(0x2a29856691385532),
108 U64(0x42a833c5bf072941), U64(0x73c64d54622b7eb2),
109 U64(0x07e095624504536c), U64(0x8a905153e906f45a),
110 U64(0x6f6123c16b3b2f1f), U64(0xc6e55552dc097bc3),
111 U64(0x4468feb133d16739), U64(0xe211e7f0c7398829),
112 U64(0xa2f96419f7879b40), U64(0x19074bdbc3ad38e9),
113 U64(0xf4ebc3f9474e0b0c), U64(0x43886bd376d53455),
114 U64(0xd8028beb5aa01046), U64(0x51f23282f5cdc320),
115 U64(0xe7b1c2be0d84e16d), U64(0x081dfab006dee8a0),
116 U64(0x3b33340d544b857b), U64(0x7f5bcabc679ae242),
117 U64(0x0edd37c48a08a6d8), U64(0x81ed43d9a9b33bc6),
118 U64(0xb1a3655ebd4d7121), U64(0x69a1eeb5e7ed6167),
119 U64(0xf6ab73d5c8f73124), U64(0x1a67a3e185c61fd5),
120 U64(0x2dc91004d43c065e), U64(0x0240b02c8fb93a28),
121 U64(0x90f7f2b26cc0eb8f), U64(0x3cd3a16f114fd617),
122 U64(0xaae49ea9f15973e0), U64(0x06c0cd748cd64e78),
123 U64(0xda423bc7d5192a6e), U64(0xc345701c16b41287),
124 U64(0x6d2193ede4821537), U64(0xfcf639494190e3ac),
125 U64(0x7c3b228621f1c57e), U64(0xfb16ac2b0494b0c0),
126 U64(0xbf7e529a3745d7f9), U64(0x6881b6a32e3f7c73),
127 U64(0xca78d2bad9b8e733), U64(0xbbfe2fc2342aa3a9),
128 U64(0x0dbddffecc6381e4), U64(0x70a6a56e2440598e),
129 U64(0xe4d12a844befc651), U64(0x8c509c2765d0ba22),
130 U64(0xee8c6018c28814d9), U64(0x17da7c1f49a59e31),
131 U64(0x609c4c1328e194d3), U64(0xb3e3d57232f44b09),
132 U64(0x91d7aaa4a512f69b), U64(0x0ffd6fd243dabbcc),
133 U64(0x50d26a943c1fde34), U64(0x6be15e9968545b4f),
134 U64(0x94778fea6faf9fdf), U64(0x2b09dd7058ea4826),
135 U64(0x677cd9716de5c7bf), U64(0x49d5214fffb2e6dd),
136 U64(0x0360e83a466b273c), U64(0x1fc786af4f7b7691),
137 U64(0xa0b9d435783ea168), U64(0xd49f0c035f118cb6),
138 U64(0x01205816c9d21d14), U64(0xac2453dd7d8f3d98),
139 U64(0x545217cc3f70aa64), U64(0x26b4028e9489c9c2),
140 U64(0xdec2469fd6765e3e), U64(0x04807d58036f7450),
141 U64(0xe5f17292823ddb45), U64(0xf30b569b024a5860),
142 U64(0x62dcfc3fa758aefb), U64(0xe84cad6c4e5e5aa1),
143 U64(0xccb81fce556ea94b), U64(0x53b282ae7a74f908),
144 U64(0x1b47fbf74c1402c1), U64(0x368eebf39828049f),
145 U64(0x7afbeff2ad278b06), U64(0xbe5e0a8cfe97caed),
146 U64(0xcfd8f7f413058e77), U64(0xf78b2bc301252c30),
147 U64(0x4d555c17fcdd928d), U64(0x5f2f05467fc565f8),
148 U64(0x24f4b2a21b30f3ea), U64(0x860dd6bbecb768aa),
149 U64(0x4c750401350f8f99), U64(0x0000000000000000),
150 U64(0xecccd0344d312ef1), U64(0xb5231806be220571),
151 U64(0xc105c030990d28af), U64(0x653c695de25cfd97),
152 U64(0x159acc33c61ca419), U64(0xb89ec7f872418495),
153 U64(0xa9847693b73254dc), U64(0x58cf90243ac13694),
154 U64(0x59efc832f3132b80), U64(0x5c4fed7c39ae42c4),
155 U64(0x828dabe3efd81cfa), U64(0xd13f294d95ace5f2),
156 U64(0x7d1b7a90e823d86a), U64(0xb643f03cf849224d),
157 U64(0x3df3f979d89dcb03), U64(0x7426d836272f2dde),
158 U64(0xdfe21e891fa4432a), U64(0x3a136c1b9d99986f),
159 U64(0xfa36f43dcd46add4), U64(0xc025982650df35bb),
160 U64(0x856d3e81aadc4f96), U64(0xc4a5e57e53b041eb),
161 U64(0x4708168b75ba4005), U64(0xaf44bbe73be41aa4),
162 U64(0x971767d029c4b8e3), U64(0xb9be9feebb939981),
163 U64(0x215497ecd18d9aae), U64(0x316e7e91dd2c57f3),
164 U64(0xcef8afe2dad79363), U64(0x3853dc371220a247),
165 U64(0x35ee03c9de4323a3), U64(0xe6919aa8c456fc79),
166 U64(0xe05157dc4880b201), U64(0x7bdbb7e464f59612),
167 U64(0x127a59518318f775), U64(0x332ecebd52956ddb),
168 U64(0x8f30741d23bb9d1e), U64(0xd922d3fd93720d52),
169 U64(0x7746300c61440ae2), U64(0x25d4eab4d2e2eefe),
170 U64(0x75068020eefd30ca), U64(0x135a01474acaea61),
171 U64(0x304e268714fe4ae7), U64(0xa519f17bb283c82c),
172 U64(0xdc82f6b359cf6416), U64(0x5baf781e7caa11a8),
173 U64(0xb2c38d64fb26561d), U64(0x34ce5bdf17913eb7),
174 U64(0x5d6fb56af07c5fd0), U64(0x182713cd0a7f25fd),
175 U64(0x9e2ac576e6c84d57), U64(0x9aaab82ee5a73907),
176 U64(0xa3d93c0f3e558654), U64(0x7e7b92aaae48ff56),
177 U64(0x872d8ead256575be), U64(0x41c8dbfff96c0e7d),
178 U64(0x99ca5014a3cc1e3b), U64(0x40e883e930be1369),
179 U64(0x1ca76e95091051ad), U64(0x4e35b42dbab6b5b1),
180 U64(0x05a0254ecabd6944), U64(0xe1710fca8152af15),
181 U64(0xf22b0e8dcb984574), U64(0xb763a82a319b3f59),
182 U64(0x63fca4296e8ab3ef), U64(0x9d4a2d4ca0a36a6b),
183 U64(0xe331bfe60eeb953d), U64(0xd5bf541596c391a2),
184 U64(0xf5cb9bef8e9c1618), U64(0x46284e9dbc685d11),
185 U64(0x2074cffa185f87ba), U64(0xbd3ee2b6b8fcedd1),
186 U64(0xae64e3f1f23607b0), U64(0xfeb68965ce29d984),
187 U64(0x55724fdaf6a2b770), U64(0x29496d5cd753720e),
188 U64(0xa75941573d3af204), U64(0x8e102c0bea69800a),
189 U64(0x111ab16bc573d049), U64(0xd7ffe439197aab8a),
190 U64(0xefac380e0b5a09cd), U64(0x48f579593660fbc9),
191 U64(0x22347fd697e6bd92), U64(0x61bc1405e13389c7),
192 U64(0x4ab5c975b9d9c1e1), U64(0x80cd1bcf606126d2),
193 U64(0x7186fd78ed92449a), U64(0x93971a882aabccb3),
194 U64(0x88d0e17f66bfce72), U64(0x27945a985d5bd4d6)
195 }, { /* 1 */
196 U64(0xde553f8c05a811c8), U64(0x1906b59631b4f565),
197 U64(0x436e70d6b1964ff7), U64(0x36d343cb8b1e9d85),
198 U64(0x843dfacc858aab5a), U64(0xfdfc95c299bfc7f9),
199 U64(0x0f634bdea1d51fa2), U64(0x6d458b3b76efb3cd),
200 U64(0x85c3f77cf8593f80), U64(0x3c91315fbe737cb2),
201 U64(0x2148b03366ace398), U64(0x18f8b8264c6761bf),
202 U64(0xc830c1c495c9fb0f), U64(0x981a76102086a0aa),
203 U64(0xaa16012142f35760), U64(0x35cc54060c763cf6),
204 U64(0x42907d66cc45db2d), U64(0x8203d44b965af4bc),
205 U64(0x3d6f3cefc3a0e868), U64(0xbc73ff69d292bda7),
206 U64(0x8722ed0102e20a29), U64(0x8f8185e8cd34deb7),
207 U64(0x9b0561dda7ee01d9), U64(0x5335a0193227fad6),
208 U64(0xc9cecc74e81a6fd5), U64(0x54f5832e5c2431ea),
209 U64(0x99e47ba05d553470), U64(0xf7bee756acd226ce),
210 U64(0x384e05a5571816fd), U64(0xd1367452a47d0e6a),
211 U64(0xf29fde1c386ad85b), U64(0x320c77316275f7ca),
212 U64(0xd0c879e2d9ae9ab0), U64(0xdb7406c69110ef5d),
213 U64(0x45505e51a2461011), U64(0xfc029872e46c5323),
214 U64(0xfa3cb6f5f7bc0cc5), U64(0x031f17cd8768a173),
215 U64(0xbd8df2d9af41297d), U64(0x9d3b4f5ab43e5e3f),
216 U64(0x4071671b36feee84), U64(0x716207e7d3e3b83d),
217 U64(0x48d20ff2f9283a1a), U64(0x27769eb4757cbc7e),
218 U64(0x5c56ebc793f2e574), U64(0xa48b474f9ef5dc18),
219 U64(0x52cbada94ff46e0c), U64(0x60c7da982d8199c6),
220 U64(0x0e9d466edc068b78), U64(0x4eec2175eaf865fc),
221 U64(0x550b8e9e21f7a530), U64(0x6b7ba5bc653fec2b),
222 U64(0x5eb7f1ba6949d0dd), U64(0x57ea94e3db4c9099),
223 U64(0xf640eae6d101b214), U64(0xdd4a284182c0b0bb),
224 U64(0xff1d8fbf6304f250), U64(0xb8accb933bf9d7e8),
225 U64(0xe8867c478eb68c4d), U64(0x3f8e2692391bddc1),
226 U64(0xcb2fd60912a15a7c), U64(0xaec935dbab983d2f),
227 U64(0xf55ffd2b56691367), U64(0x80e2ce366ce1c115),
228 U64(0x179bf3f8edb27e1d), U64(0x01fe0db07dd394da),
229 U64(0xda8a0b76ecc37b87), U64(0x44ae53e1df9584cb),
230 U64(0xb310b4b77347a205), U64(0xdfab323c787b8512),
231 U64(0x3b511268d070b78e), U64(0x65e6e3d2b9396753),
232 U64(0x6864b271e2574d58), U64(0x259784c98fc789d7),
233 U64(0x02e11a7dfabb35a9), U64(0x8841a6dfa337158b),
234 U64(0x7ade78c39b5dcdd0), U64(0xb7cf804d9a2cc84a),
235 U64(0x20b6bd831b7f7742), U64(0x75bd331d3a88d272),
236 U64(0x418f6aab4b2d7a5e), U64(0xd9951cbb6babdaf4),
237 U64(0xb6318dfde7ff5c90), U64(0x1f389b112264aa83),
238 U64(0x492c024284fbaec0), U64(0xe33a0363c608f9a0),
239 U64(0x2688930408af28a4), U64(0xc7538a1a341ce4ad),
240 U64(0x5da8e677ee2171ae), U64(0x8c9e92254a5c7fc4),
241 U64(0x63d8cd55aae938b5), U64(0x29ebd8daa97a3706),
242 U64(0x959827b37be88aa1), U64(0x1484e4356adadf6e),
243 U64(0xa7945082199d7d6b), U64(0xbf6ce8a455fa1cd4),
244 U64(0x9cc542eac9edcae5), U64(0x79c16f0e1c356ca3),
245 U64(0x89bfab6fdee48151), U64(0xd4174d1830c5f0ff),
246 U64(0x9258048415eb419d), U64(0x6139d72850520d1c),
247 U64(0x6a85a80c18ec78f1), U64(0xcd11f88e0171059a),
248 U64(0xcceff53e7ca29140), U64(0xd229639f2315af19),
249 U64(0x90b91ef9ef507434), U64(0x5977d28d074a1be1),
250 U64(0x311360fce51d56b9), U64(0xc093a92d5a1f2f91),
251 U64(0x1a19a25bb6dc5416), U64(0xeb996b8a09de2d3e),
252 U64(0xfee3820f1ed7668a), U64(0xd7085ad5b7ad518c),
253 U64(0x7fff41890fe53345), U64(0xec5948bd67dde602),
254 U64(0x2fd5f65dbaaa68e0), U64(0xa5754affe32648c2),
255 U64(0xf8ddac880d07396c), U64(0x6fa491468c548664),
256 U64(0x0c7c5c1326bdbed1), U64(0x4a33158f03930fb3),
257 U64(0x699abfc19f84d982), U64(0xe4fa2054a80b329c),
258 U64(0x6707f9af438252fa), U64(0x08a368e9cfd6d49e),
259 U64(0x47b1442c58fd25b8), U64(0xbbb3dc5ebc91769b),
260 U64(0x1665fe489061eac7), U64(0x33f27a811fa66310),
261 U64(0x93a609346838d547), U64(0x30ed6d4c98cec263),
262 U64(0x1dd9816cd8df9f2a), U64(0x94662a03063b1e7b),
263 U64(0x83fdd9fbeb896066), U64(0x7b207573e68e590a),
264 U64(0x5f49fc0a149a4407), U64(0x343259b671a5a82c),
265 U64(0xfbc2bb458a6f981f), U64(0xc272b350a0a41a38),
266 U64(0x3aaf1fd8ada32354), U64(0x6cbb868b0b3c2717),
267 U64(0xa2b569c88d2583fe), U64(0xf180c9d1bf027928),
268 U64(0xaf37386bd64ba9f5), U64(0x12bacab2790a8088),
269 U64(0x4c0d3b0810435055), U64(0xb2eeb9070e9436df),
270 U64(0xc5b29067cea7d104), U64(0xdcb425f1ff132461),
271 U64(0x4f122cc5972bf126), U64(0xac282fa651230886),
272 U64(0xe7e537992f6393ef), U64(0xe61b3a2952b00735),
273 U64(0x709c0a57ae302ce7), U64(0xe02514ae416058d3),
274 U64(0xc44c9dd7b37445de), U64(0x5a68c5408022ba92),
275 U64(0x1c278cdca50c0bf0), U64(0x6e5a9cf6f18712be),
276 U64(0x86dce0b17f319ef3), U64(0x2d34ec2040115d49),
277 U64(0x4bcd183f7e409b69), U64(0x2815d56ad4a9a3dc),
278 U64(0x24698979f2141d0d), U64(0x0000000000000000),
279 U64(0x1ec696a15fb73e59), U64(0xd86b110b16784e2e),
280 U64(0x8e7f8858b0e74a6d), U64(0x063e2e8713d05fe6),
281 U64(0xe2c40ed3bbdb6d7a), U64(0xb1f1aeca89fc97ac),
282 U64(0xe1db191e3cb3cc09), U64(0x6418ee62c4eaf389),
283 U64(0xc6ad87aa49cf7077), U64(0xd6f65765ca7ec556),
284 U64(0x9afb6c6dda3d9503), U64(0x7ce05644888d9236),
285 U64(0x8d609f95378feb1e), U64(0x23a9aa4e9c17d631),
286 U64(0x6226c0e5d73aac6f), U64(0x56149953a69f0443),
287 U64(0xeeb852c09d66d3ab), U64(0x2b0ac2a753c102af),
288 U64(0x07c023376e03cb3c), U64(0x2ccae1903dc2c993),
289 U64(0xd3d76e2f5ec63bc3), U64(0x9e2458973356ff4c),
290 U64(0xa66a5d32644ee9b1), U64(0x0a427294356de137),
291 U64(0x783f62be61e6f879), U64(0x1344c70204d91452),
292 U64(0x5b96c8f0fdf12e48), U64(0xa90916ecc59bf613),
293 U64(0xbe92e5142829880e), U64(0x727d102a548b194e),
294 U64(0x1be7afebcb0fc0cc), U64(0x3e702b2244c8491b),
295 U64(0xd5e940a84d166425), U64(0x66f9f41f3e51c620),
296 U64(0xabe80c913f20c3ba), U64(0xf07ec461c2d1edf2),
297 U64(0xf361d3ac45b94c81), U64(0x0521394a94b8fe95),
298 U64(0xadd622162cf09c5c), U64(0xe97871f7f3651897),
299 U64(0xf4a1f09b2bba87bd), U64(0x095d6559b2054044),
300 U64(0x0bbc7f2448be75ed), U64(0x2af4cf172e129675),
301 U64(0x157ae98517094bb4), U64(0x9fda55274e856b96),
302 U64(0x914713499283e0ee), U64(0xb952c623462a4332),
303 U64(0x74433ead475b46a8), U64(0x8b5eb112245fb4f8),
304 U64(0xa34b6478f0f61724), U64(0x11a5dd7ffe6221fb),
305 U64(0xc16da49d27ccbb4b), U64(0x76a224d0bde07301),
306 U64(0x8aa0bca2598c2022), U64(0x4df336b86d90c48f),
307 U64(0xea67663a740db9e4), U64(0xef465f70e0b54771),
308 U64(0x39b008152acb8227), U64(0x7d1e5bf4f55e06ec),
309 U64(0x105bd0cf83b1b521), U64(0x775c2960c033e7db),
310 U64(0x7e014c397236a79f), U64(0x811cc386113255cf),
311 U64(0xeda7450d1a0e72d8), U64(0x5889df3d7a998f3b),
312 U64(0x2e2bfbedc779fc3a), U64(0xce0eef438619a4e9),
313 U64(0x372d4e7bf6cd095f), U64(0x04df34fae96b6a4f),
314 U64(0xf923a13870d4adb6), U64(0xa1aa7e050a4d228d),
315 U64(0xa8f71b5cb84862c9), U64(0xb52e9a306097fde3),
316 U64(0x0d8251a35b6e2a0b), U64(0x2257a7fee1c442eb),
317 U64(0x73831d9a29588d94), U64(0x51d4ba64c89ccf7f),
318 U64(0x502ab7d4b54f5ba5), U64(0x97793dce8153bf08),
319 U64(0xe5042de4d5d8a646), U64(0x9687307efc802bd2),
320 U64(0xa05473b5779eb657), U64(0xb4d097801d446939),
321 U64(0xcff0e2f3fbca3033), U64(0xc38cbee0dd778ee2),
322 U64(0x464f499c252eb162), U64(0xcad1dbb96f72cea6),
323 U64(0xba4dd1eec142e241), U64(0xb00fa37af42f0376)
324 }, { /* 2 */
325 U64(0xcce4cd3aa968b245), U64(0x089d5484e80b7faf),
326 U64(0x638246c1b3548304), U64(0xd2fe0ec8c2355492),
327 U64(0xa7fbdf7ff2374eee), U64(0x4df1600c92337a16),
328 U64(0x84e503ea523b12fb), U64(0x0790bbfd53ab0c4a),
329 U64(0x198a780f38f6ea9d), U64(0x2ab30c8f55ec48cb),
330 U64(0xe0f7fed6b2c49db5), U64(0xb6ecf3f422cadbdc),
331 U64(0x409c9a541358df11), U64(0xd3ce8a56dfde3fe3),
332 U64(0xc3e9224312c8c1a0), U64(0x0d6dfa58816ba507),
333 U64(0xddf3e1b179952777), U64(0x04c02a42748bb1d9),
334 U64(0x94c2abff9f2decb8), U64(0x4f91752da8f8acf4),
335 U64(0x78682befb169bf7b), U64(0xe1c77a48af2ff6c4),
336 U64(0x0c5d7ec69c80ce76), U64(0x4cc1e4928fd81167),
337 U64(0xfeed3d24d9997b62), U64(0x518bb6dfc3a54a23),
338 U64(0x6dbf2d26151f9b90), U64(0xb5bc624b05ea664f),
339 U64(0xe86aaa525acfe21a), U64(0x4801ced0fb53a0be),
340 U64(0xc91463e6c00868ed), U64(0x1027a815cd16fe43),
341 U64(0xf67069a0319204cd), U64(0xb04ccc976c8abce7),
342 U64(0xc0b9b3fc35e87c33), U64(0xf380c77c58f2de65),
343 U64(0x50bb3241de4e2152), U64(0xdf93f490435ef195),
344 U64(0xf1e0d25d62390887), U64(0xaf668bfb1a3c3141),
345 U64(0xbc11b251f00a7291), U64(0x73a5eed47e427d47),
346 U64(0x25bee3f6ee4c3b2e), U64(0x43cc0beb34786282),
347 U64(0xc824e778dde3039c), U64(0xf97d86d98a327728),
348 U64(0xf2b043e24519b514), U64(0xe297ebf7880f4b57),
349 U64(0x3a94a49a98fab688), U64(0x868516cb68f0c419),
350 U64(0xeffa11af0964ee50), U64(0xa4ab4ec0d517f37d),
351 U64(0xa9c6b498547c567a), U64(0x8e18424f80fbbbb6),
352 U64(0x0bcdc53bcf2bc23c), U64(0x137739aaea3643d0),
353 U64(0x2c1333ec1bac2ff0), U64(0x8d48d3f0a7db0625),
354 U64(0x1e1ac3f26b5de6d7), U64(0xf520f81f16b2b95e),
355 U64(0x9f0f6ec450062e84), U64(0x0130849e1deb6b71),
356 U64(0xd45e31ab8c7533a9), U64(0x652279a2fd14e43f),
357 U64(0x3209f01e70f1c927), U64(0xbe71a770cac1a473),
358 U64(0x0e3d6be7a64b1894), U64(0x7ec8148cff29d840),
359 U64(0xcb7476c7fac3be0f), U64(0x72956a4a63a91636),
360 U64(0x37f95ec21991138f), U64(0x9e3fea5a4ded45f5),
361 U64(0x7b38ba50964902e8), U64(0x222e580bbde73764),
362 U64(0x61e253e0899f55e6), U64(0xfc8d2805e352ad80),
363 U64(0x35994be3235ac56d), U64(0x09add01af5e014de),
364 U64(0x5e8659a6780539c6), U64(0xb17c48097161d796),
365 U64(0x026015213acbd6e2), U64(0xd1ae9f77e515e901),
366 U64(0xb7dc776a3f21b0ad), U64(0xaba6a1b96eb78098),
367 U64(0x9bcf4486248d9f5d), U64(0x582666c536455efd),
368 U64(0xfdbdac9bfeb9c6f1), U64(0xc47999be4163cdea),
369 U64(0x765540081722a7ef), U64(0x3e548ed8ec710751),
370 U64(0x3d041f67cb51bac2), U64(0x7958af71ac82d40a),
371 U64(0x36c9da5c047a78fe), U64(0xed9a048e33af38b2),
372 U64(0x26ee7249c96c86bd), U64(0x900281bdeba65d61),
373 U64(0x11172c8bd0fd9532), U64(0xea0abf73600434f8),
374 U64(0x42fc8f75299309f3), U64(0x34a9cf7d3eb1ae1c),
375 U64(0x2b838811480723ba), U64(0x5ce64c8742ceef24),
376 U64(0x1adae9b01fd6570e), U64(0x3c349bf9d6bad1b3),
377 U64(0x82453c891c7b75c0), U64(0x97923a40b80d512b),
378 U64(0x4a61dbf1c198765c), U64(0xb48ce6d518010d3e),
379 U64(0xcfb45c858e480fd6), U64(0xd933cbf30d1e96ae),
380 U64(0xd70ea014ab558e3a), U64(0xc189376228031742),
381 U64(0x9262949cd16d8b83), U64(0xeb3a3bed7def5f89),
382 U64(0x49314a4ee6b8cbcf), U64(0xdcc3652f647e4c06),
383 U64(0xda635a4c2a3e2b3d), U64(0x470c21a940f3d35b),
384 U64(0x315961a157d174b4), U64(0x6672e81dda3459ac),
385 U64(0x5b76f77a1165e36e), U64(0x445cb01667d36ec8),
386 U64(0xc5491d205c88a69b), U64(0x456c34887a3805b9),
387 U64(0xffddb9bac4721013), U64(0x99af51a71e4649bf),
388 U64(0xa15be01cbc7729d5), U64(0x52db2760e485f7b0),
389 U64(0x8c78576eba306d54), U64(0xae560f6507d75a30),
390 U64(0x95f22f6182c687c9), U64(0x71c5fbf54489aba5),
391 U64(0xca44f259e728d57e), U64(0x88b87d2ccebbdc8d),
392 U64(0xbab18d32be4a15aa), U64(0x8be8ec93e99b611e),
393 U64(0x17b713e89ebdf209), U64(0xb31c5d284baa0174),
394 U64(0xeeca9531148f8521), U64(0xb8d198138481c348),
395 U64(0x8988f9b2d350b7fc), U64(0xb9e11c8d996aa839),
396 U64(0x5a4673e40c8e881f), U64(0x1687977683569978),
397 U64(0xbf4123eed72acf02), U64(0x4ea1f1b3b513c785),
398 U64(0xe767452be16f91ff), U64(0x7505d1b730021a7c),
399 U64(0xa59bca5ec8fc980c), U64(0xad069eda20f7e7a3),
400 U64(0x38f4b1bba231606a), U64(0x60d2d77e94743e97),
401 U64(0x9affc0183966f42c), U64(0x248e6768f3a7505f),
402 U64(0xcdd449a4b483d934), U64(0x87b59255751baf68),
403 U64(0x1bea6d2e023d3c7f), U64(0x6b1f12455b5ffcab),
404 U64(0x743555292de9710d), U64(0xd8034f6d10f5fddf),
405 U64(0xc6198c9f7ba81b08), U64(0xbb8109aca3a17edb),
406 U64(0xfa2d1766ad12cabb), U64(0xc729080166437079),
407 U64(0x9c5fff7b77269317), U64(0x0000000000000000),
408 U64(0x15d706c9a47624eb), U64(0x6fdf38072fd44d72),
409 U64(0x5fb6dd3865ee52b7), U64(0xa33bf53d86bcff37),
410 U64(0xe657c1b5fc84fa8e), U64(0xaa962527735cebe9),
411 U64(0x39c43525bfda0b1b), U64(0x204e4d2a872ce186),
412 U64(0x7a083ece8ba26999), U64(0x554b9c9db72efbfa),
413 U64(0xb22cd9b656416a05), U64(0x96a2bedea5e63a5a),
414 U64(0x802529a826b0a322), U64(0x8115ad363b5bc853),
415 U64(0x8375b81701901eb1), U64(0x3069e53f4a3a1fc5),
416 U64(0xbd2136cfede119e0), U64(0x18bafc91251d81ec),
417 U64(0x1d4a524d4c7d5b44), U64(0x05f0aedc6960daa8),
418 U64(0x29e39d3072ccf558), U64(0x70f57f6b5962c0d4),
419 U64(0x989fd53903ad22ce), U64(0xf84d024797d91c59),
420 U64(0x547b1803aac5908b), U64(0xf0d056c37fd263f6),
421 U64(0xd56eb535919e58d8), U64(0x1c7ad6d351963035),
422 U64(0x2e7326cd2167f912), U64(0xac361a443d1c8cd2),
423 U64(0x697f076461942a49), U64(0x4b515f6fdc731d2d),
424 U64(0x8ad8680df4700a6f), U64(0x41ac1eca0eb3b460),
425 U64(0x7d988533d80965d3), U64(0xa8f6300649973d0b),
426 U64(0x7765c4960ac9cc9e), U64(0x7ca801adc5e20ea2),
427 U64(0xdea3700e5eb59ae4), U64(0xa06b6482a19c42a4),
428 U64(0x6a2f96db46b497da), U64(0x27def6d7d487edcc),
429 U64(0x463ca5375d18b82a), U64(0xa6cb5be1efdc259f),
430 U64(0x53eba3fef96e9cc1), U64(0xce84d81b93a364a7),
431 U64(0xf4107c810b59d22f), U64(0x333974806d1aa256),
432 U64(0x0f0def79bba073e5), U64(0x231edc95a00c5c15),
433 U64(0xe437d494c64f2c6c), U64(0x91320523f64d3610),
434 U64(0x67426c83c7df32dd), U64(0x6eefbc99323f2603),
435 U64(0x9d6f7be56acdf866), U64(0x5916e25b2bae358c),
436 U64(0x7ff89012e2c2b331), U64(0x035091bf2720bd93),
437 U64(0x561b0d22900e4669), U64(0x28d319ae6f279e29),
438 U64(0x2f43a2533c8c9263), U64(0xd09e1be9f8fe8270),
439 U64(0xf740ed3e2c796fbc), U64(0xdb53ded237d5404c),
440 U64(0x62b2c25faebfe875), U64(0x0afd41a5d2c0a94d),
441 U64(0x6412fd3ce0ff8f4e), U64(0xe3a76f6995e42026),
442 U64(0x6c8fa9b808f4f0e1), U64(0xc2d9a6dd0f23aad1),
443 U64(0x8f28c6d19d10d0c7), U64(0x85d587744fd0798a),
444 U64(0xa20b71a39b579446), U64(0x684f83fa7c7f4138),
445 U64(0xe507500adba4471d), U64(0x3f640a46f19a6c20),
446 U64(0x1247bd34f7dd28a1), U64(0x2d23b77206474481),
447 U64(0x93521002cc86e0f2), U64(0x572b89bc8de52d18),
448 U64(0xfb1d93f8b0f9a1ca), U64(0xe95a2ecc4724896b),
449 U64(0x3ba420048511ddf9), U64(0xd63e248ab6bee54b),
450 U64(0x5dd6c8195f258455), U64(0x06a03f634e40673b),
451 U64(0x1f2a476c76b68da6), U64(0x217ec9b49ac78af7),
452 U64(0xecaa80102e4453c3), U64(0x14e78257b99d4f9a)
453 }, { /* 3 */
454 U64(0x20329b2cc87bba05), U64(0x4f5eb6f86546a531),
455 U64(0xd4f44775f751b6b1), U64(0x8266a47b850dfa8b),
456 U64(0xbb986aa15a6ca985), U64(0xc979eb08f9ae0f99),
457 U64(0x2da6f447a2375ea1), U64(0x1e74275dcd7d8576),
458 U64(0xbc20180a800bc5f8), U64(0xb4a2f701b2dc65be),
459 U64(0xe726946f981b6d66), U64(0x48e6c453bf21c94c),
460 U64(0x42cad9930f0a4195), U64(0xefa47b64aacccd20),
461 U64(0x71180a8960409a42), U64(0x8bb3329bf6a44e0c),
462 U64(0xd34c35de2d36dacc), U64(0xa92f5b7cbc23dc96),
463 U64(0xb31a85aa68bb09c3), U64(0x13e04836a73161d2),
464 U64(0xb24dfc4129c51d02), U64(0x8ae44b70b7da5acd),
465 U64(0xe671ed84d96579a7), U64(0xa4bb3417d66f3832),
466 U64(0x4572ab38d56d2de8), U64(0xb1b47761ea47215c),
467 U64(0xe81c09cf70aba15d), U64(0xffbdb872ce7f90ac),
468 U64(0xa8782297fd5dc857), U64(0x0d946f6b6a4ce4a4),
469 U64(0xe4df1f4f5b995138), U64(0x9ebc71edca8c5762),
470 U64(0x0a2c1dc0b02b88d9), U64(0x3b503c115d9d7b91),
471 U64(0xc64376a8111ec3a2), U64(0xcec199a323c963e4),
472 U64(0xdc76a87ec58616f7), U64(0x09d596e073a9b487),
473 U64(0x14583a9d7d560daf), U64(0xf4c6dc593f2a0cb4),
474 U64(0xdd21d19584f80236), U64(0x4a4836983ddde1d3),
475 U64(0xe58866a41ae745f9), U64(0xf591a5b27e541875),
476 U64(0x891dc05074586693), U64(0x5b068c651810a89e),
477 U64(0xa30346bc0c08544f), U64(0x3dbf3751c684032d),
478 U64(0x2a1e86ec785032dc), U64(0xf73f5779fca830ea),
479 U64(0xb60c05ca30204d21), U64(0x0cc316802b32f065),
480 U64(0x8770241bdd96be69), U64(0xb861e18199ee95db),
481 U64(0xf805cad91418fcd1), U64(0x29e70dccbbd20e82),
482 U64(0xc7140f435060d763), U64(0x0f3a9da0e8b0cc3b),
483 U64(0xa2543f574d76408e), U64(0xbd7761e1c175d139),
484 U64(0x4b1f4f737ca3f512), U64(0x6dc2df1f2fc137ab),
485 U64(0xf1d05c3967b14856), U64(0xa742bf3715ed046c),
486 U64(0x654030141d1697ed), U64(0x07b872abda676c7d),
487 U64(0x3ce84eba87fa17ec), U64(0xc1fb0403cb79afdf),
488 U64(0x3e46bc7105063f73), U64(0x278ae987121cd678),
489 U64(0xa1adb4778ef47cd0), U64(0x26dd906c5362c2b9),
490 U64(0x05168060589b44e2), U64(0xfbfc41f9d79ac08f),
491 U64(0x0e6de44ba9ced8fa), U64(0x9feb08068bf243a3),
492 U64(0x7b341749d06b129b), U64(0x229c69e74a87929a),
493 U64(0xe09ee6c4427c011b), U64(0x5692e30e725c4c3a),
494 U64(0xda99a33e5e9f6e4b), U64(0x353dd85af453a36b),
495 U64(0x25241b4c90e0fee7), U64(0x5de987258309d022),
496 U64(0xe230140fc0802984), U64(0x93281e86a0c0b3c6),
497 U64(0xf229d719a4337408), U64(0x6f6c2dd4ad3d1f34),
498 U64(0x8ea5b2fbae3f0aee), U64(0x8331dd90c473ee4a),
499 U64(0x346aa1b1b52db7aa), U64(0xdf8f235e06042aa9),
500 U64(0xcc6f6b68a1354b7b), U64(0x6c95a6f46ebf236a),
501 U64(0x52d31a856bb91c19), U64(0x1a35ded6d498d555),
502 U64(0xf37eaef2e54d60c9), U64(0x72e181a9a3c2a61c),
503 U64(0x98537aad51952fde), U64(0x16f6c856ffaa2530),
504 U64(0xd960281e9d1d5215), U64(0x3a0745fa1ce36f50),
505 U64(0x0b7b642bf1559c18), U64(0x59a87eae9aec8001),
506 U64(0x5e100c05408bec7c), U64(0x0441f98b19e55023),
507 U64(0xd70dcc5534d38aef), U64(0x927f676de1bea707),
508 U64(0x9769e70db925e3e5), U64(0x7a636ea29115065a),
509 U64(0x468b201816ef11b6), U64(0xab81a9b73edff409),
510 U64(0xc0ac7de88a07bb1e), U64(0x1f235eb68c0391b7),
511 U64(0x6056b074458dd30f), U64(0xbe8eeac102f7ed67),
512 U64(0xcd381283e04b5fba), U64(0x5cbefecec277c4e3),
513 U64(0xd21b4c356c48ce0d), U64(0x1019c31664b35d8c),
514 U64(0x247362a7d19eea26), U64(0xebe582efb3299d03),
515 U64(0x02aef2cb82fc289f), U64(0x86275df09ce8aaa8),
516 U64(0x28b07427faac1a43), U64(0x38a9b7319e1f47cf),
517 U64(0xc82e92e3b8d01b58), U64(0x06ef0b409b1978bc),
518 U64(0x62f842bfc771fb90), U64(0x9904034610eb3b1f),
519 U64(0xded85ab5477a3e68), U64(0x90d195a663428f98),
520 U64(0x5384636e2ac708d8), U64(0xcbd719c37b522706),
521 U64(0xae9729d76644b0eb), U64(0x7c8c65e20a0c7ee6),
522 U64(0x80c856b007f1d214), U64(0x8c0b40302cc32271),
523 U64(0xdbcedad51fe17a8a), U64(0x740e8ae938dbdea0),
524 U64(0xa615c6dc549310ad), U64(0x19cc55f6171ae90b),
525 U64(0x49b1bdb8fe5fdd8d), U64(0xed0a89af2830e5bf),
526 U64(0x6a7aadb4f5a65bd6), U64(0x7e22972988f05679),
527 U64(0xf952b3325566e810), U64(0x39fecedadf61530e),
528 U64(0x6101c99f04f3c7ce), U64(0x2e5f7f6761b562ff),
529 U64(0xf08725d226cf5c97), U64(0x63af3b54860fef51),
530 U64(0x8ff2cb10ef411e2f), U64(0x884ab9bb35267252),
531 U64(0x4df04433e7ba8dae), U64(0x9afd8866d3690741),
532 U64(0x66b9bb34de94abb3), U64(0x9baaf18d92171380),
533 U64(0x543c11c5f0a064a5), U64(0x17a1b1bdbed431f1),
534 U64(0xb5f58eeaf3a2717f), U64(0xc355f6c849858740),
535 U64(0xec5df044694ef17e), U64(0xd83751f5dc6346d4),
536 U64(0xfc4433520dfdacf2), U64(0x0000000000000000),
537 U64(0x5a51f58e596ebc5f), U64(0x3285aaf12e34cf16),
538 U64(0x8d5c39db6dbd36b0), U64(0x12b731dde64f7513),
539 U64(0x94906c2d7aa7dfbb), U64(0x302b583aacc8e789),
540 U64(0x9d45facd090e6b3c), U64(0x2165e2c78905aec4),
541 U64(0x68d45f7f775a7349), U64(0x189b2c1d5664fdca),
542 U64(0xe1c99f2f030215da), U64(0x6983269436246788),
543 U64(0x8489af3b1e148237), U64(0xe94b702431d5b59c),
544 U64(0x33d2d31a6f4adbd7), U64(0xbfd9932a4389f9a6),
545 U64(0xb0e30e8aab39359d), U64(0xd1e2c715afcaf253),
546 U64(0x150f43763c28196e), U64(0xc4ed846393e2eb3d),
547 U64(0x03f98b20c3823c5e), U64(0xfd134ab94c83b833),
548 U64(0x556b682eb1de7064), U64(0x36c4537a37d19f35),
549 U64(0x7559f30279a5ca61), U64(0x799ae58252973a04),
550 U64(0x9c12832648707ffd), U64(0x78cd9c6913e92ec5),
551 U64(0x1d8dac7d0effb928), U64(0x439da0784e745554),
552 U64(0x413352b3cc887dcb), U64(0xbacf134a1b12bd44),
553 U64(0x114ebafd25cd494d), U64(0x2f08068c20cb763e),
554 U64(0x76a07822ba27f63f), U64(0xeab2fb04f25789c2),
555 U64(0xe3676de481fe3d45), U64(0x1b62a73d95e6c194),
556 U64(0x641749ff5c68832c), U64(0xa5ec4dfc97112cf3),
557 U64(0xf6682e92bdd6242b), U64(0x3f11c59a44782bb2),
558 U64(0x317c21d1edb6f348), U64(0xd65ab5be75ad9e2e),
559 U64(0x6b2dd45fb4d84f17), U64(0xfaab381296e4d44e),
560 U64(0xd0b5befeeeb4e692), U64(0x0882ef0b32d7a046),
561 U64(0x512a91a5a83b2047), U64(0x963e9ee6f85bf724),
562 U64(0x4e09cf132438b1f0), U64(0x77f701c9fb59e2fe),
563 U64(0x7ddb1c094b726a27), U64(0x5f4775ee01f5f8bd),
564 U64(0x9186ec4d223c9b59), U64(0xfeeac1998f01846d),
565 U64(0xac39db1ce4b89874), U64(0xb75b7c21715e59e0),
566 U64(0xafc0503c273aa42a), U64(0x6e3b543fec430bf5),
567 U64(0x704f7362213e8e83), U64(0x58ff0745db9294c0),
568 U64(0x67eec2df9feabf72), U64(0xa0facd9ccf8a6811),
569 U64(0xb936986ad890811a), U64(0x95c715c63bd9cb7a),
570 U64(0xca8060283a2c33c7), U64(0x507de84ee9453486),
571 U64(0x85ded6d05f6a96f6), U64(0x1cdad5964f81ade9),
572 U64(0xd5a33e9eb62fa270), U64(0x40642b588df6690a),
573 U64(0x7f75eec2c98e42b8), U64(0x2cf18dace3494a60),
574 U64(0x23cb100c0bf9865b), U64(0xeef3028febb2d9e1),
575 U64(0x4425d2d394133929), U64(0xaad6d05c7fa1e0c8),
576 U64(0xad6ea2f7a5c68cb5), U64(0xc2028f2308fb9381),
577 U64(0x819f2f5b468fc6d5), U64(0xc5bafd88d29cfffc),
578 U64(0x47dc59f357910577), U64(0x2b49ff07392e261d),
579 U64(0x57c59ae5332258fb), U64(0x73b6f842e2bcb2dd),
580 U64(0xcf96e04862b77725), U64(0x4ca73dd8a6c4996f),
581 U64(0x015779eb417e14c1), U64(0x37932a9176af8bf4)
582 }, { /* 4 */
583 U64(0x190a2c9b249df23e), U64(0x2f62f8b62263e1e9),
584 U64(0x7a7f754740993655), U64(0x330b7ba4d5564d9f),
585 U64(0x4c17a16a46672582), U64(0xb22f08eb7d05f5b8),
586 U64(0x535f47f40bc148cc), U64(0x3aec5d27d4883037),
587 U64(0x10ed0a1825438f96), U64(0x516101f72c233d17),
588 U64(0x13cc6f949fd04eae), U64(0x739853c441474bfd),
589 U64(0x653793d90d3f5b1b), U64(0x5240647b96b0fc2f),
590 U64(0x0c84890ad27623e0), U64(0xd7189b32703aaea3),
591 U64(0x2685de3523bd9c41), U64(0x99317c5b11bffefa),
592 U64(0x0d9baa854f079703), U64(0x70b93648fbd48ac5),
593 U64(0xa80441fce30bc6be), U64(0x7287704bdc36ff1e),
594 U64(0xb65384ed33dc1f13), U64(0xd36417343ee34408),
595 U64(0x39cd38ab6e1bf10f), U64(0x5ab861770a1f3564),
596 U64(0x0ebacf09f594563b), U64(0xd04572b884708530),
597 U64(0x3cae9722bdb3af47), U64(0x4a556b6f2f5cbaf2),
598 U64(0xe1704f1f76c4bd74), U64(0x5ec4ed7144c6dfcf),
599 U64(0x16afc01d4c7810e6), U64(0x283f113cd629ca7a),
600 U64(0xaf59a8761741ed2d), U64(0xeed5a3991e215fac),
601 U64(0x3bf37ea849f984d4), U64(0xe413e096a56ce33c),
602 U64(0x2c439d3a98f020d1), U64(0x637559dc6404c46b),
603 U64(0x9e6c95d1e5f5d569), U64(0x24bb9836045fe99a),
604 U64(0x44efa466dac8ecc9), U64(0xc6eab2a5c80895d6),
605 U64(0x803b50c035220cc4), U64(0x0321658cba93c138),
606 U64(0x8f9ebc465dc7ee1c), U64(0xd15a5137190131d3),
607 U64(0x0fa5ec8668e5e2d8), U64(0x91c979578d1037b1),
608 U64(0x0642ca05693b9f70), U64(0xefca80168350eb4f),
609 U64(0x38d21b24f36a45ec), U64(0xbeab81e1af73d658),
610 U64(0x8cbfd9cae7542f24), U64(0xfd19cc0d81f11102),
611 U64(0x0ac6430fbb4dbc90), U64(0x1d76a09d6a441895),
612 U64(0x2a01573ff1cbbfa1), U64(0xb572e161894fde2b),
613 U64(0x8124734fa853b827), U64(0x614b1fdf43e6b1b0),
614 U64(0x68ac395c4238cc18), U64(0x21d837bfd7f7b7d2),
615 U64(0x20c714304a860331), U64(0x5cfaab726324aa14),
616 U64(0x74c5ba4eb50d606e), U64(0xf3a3030474654739),
617 U64(0x23e671bcf015c209), U64(0x45f087e947b9582a),
618 U64(0xd8bd77b418df4c7b), U64(0xe06f6c90ebb50997),
619 U64(0x0bd96080263c0873), U64(0x7e03f9410e40dcfe),
620 U64(0xb8e94be4c6484928), U64(0xfb5b0608e8ca8e72),
621 U64(0x1a2b49179e0e3306), U64(0x4e29e76961855059),
622 U64(0x4f36c4e6fcf4e4ba), U64(0x49740ee395cf7bca),
623 U64(0xc2963ea386d17f7d), U64(0x90d65ad810618352),
624 U64(0x12d34c1b02a1fa4d), U64(0xfa44258775bb3a91),
625 U64(0x18150f14b9ec46dd), U64(0x1491861e6b9a653d),
626 U64(0x9a1019d7ab2c3fc2), U64(0x3668d42d06fe13d7),
627 U64(0xdcc1fbb25606a6d0), U64(0x969490dd795a1c22),
628 U64(0x3549b1a1bc6dd2ef), U64(0xc94f5e23a0ed770e),
629 U64(0xb9f6686b5b39fdcb), U64(0xc4d4f4a6efeae00d),
630 U64(0xe732851a1fff2204), U64(0x94aad6de5eb869f9),
631 U64(0x3f8ff2ae07206e7f), U64(0xfe38a9813b62d03a),
632 U64(0xa7a1ad7a8bee2466), U64(0x7b6056c8dde882b6),
633 U64(0x302a1e286fc58ca7), U64(0x8da0fa457a259bc7),
634 U64(0xb3302b64e074415b), U64(0x5402ae7eff8b635f),
635 U64(0x08f8050c9cafc94b), U64(0xae468bf98a3059ce),
636 U64(0x88c355cca98dc58f), U64(0xb10e6d67c7963480),
637 U64(0xbad70de7e1aa3cf3), U64(0xbfb4a26e320262bb),
638 U64(0xcb711820870f02d5), U64(0xce12b7a954a75c9d),
639 U64(0x563ce87dd8691684), U64(0x9f73b65e7884618a),
640 U64(0x2b1e74b06cba0b42), U64(0x47cec1ea605b2df1),
641 U64(0x1c698312f735ac76), U64(0x5fdbcefed9b76b2c),
642 U64(0x831a354c8fb1cdfc), U64(0x820516c312c0791f),
643 U64(0xb74ca762aeadabf0), U64(0xfc06ef821c80a5e1),
644 U64(0x5723cbf24518a267), U64(0x9d4df05d5f661451),
645 U64(0x588627742dfd40bf), U64(0xda8331b73f3d39a0),
646 U64(0x17b0e392d109a405), U64(0xf965400bcf28fba9),
647 U64(0x7c3dbf4229a2a925), U64(0x023e460327e275db),
648 U64(0x6cd0b55a0ce126b3), U64(0xe62da695828e96e7),
649 U64(0x42ad6e63b3f373b9), U64(0xe50cc319381d57df),
650 U64(0xc5cbd729729b54ee), U64(0x46d1e265fd2a9912),
651 U64(0x6428b056904eeff8), U64(0x8be23040131e04b7),
652 U64(0x6709d5da2add2ec0), U64(0x075de98af44a2b93),
653 U64(0x8447dcc67bfbe66f), U64(0x6616f655b7ac9a23),
654 U64(0xd607b8bded4b1a40), U64(0x0563af89d3a85e48),
655 U64(0x3db1b4ad20c21ba4), U64(0x11f22997b8323b75),
656 U64(0x292032b34b587e99), U64(0x7f1cdace9331681d),
657 U64(0x8e819fc9c0b65aff), U64(0xa1e3677fe2d5bb16),
658 U64(0xcd33d225ee349da5), U64(0xd9a2543b85aef898),
659 U64(0x795e10cbfa0af76d), U64(0x25a4bbb9992e5d79),
660 U64(0x78413344677b438e), U64(0xf0826688cef68601),
661 U64(0xd27b34bba392f0eb), U64(0x551d8df162fad7bc),
662 U64(0x1e57c511d0d7d9ad), U64(0xdeffbdb171e4d30b),
663 U64(0xf4feea8e802f6caa), U64(0xa480c8f6317de55e),
664 U64(0xa0fc44f07fa40ff5), U64(0x95b5f551c3c9dd1a),
665 U64(0x22f952336d6476ea), U64(0x0000000000000000),
666 U64(0xa6be8ef5169f9085), U64(0xcc2cf1aa73452946),
667 U64(0x2e7ddb39bf12550a), U64(0xd526dd3157d8db78),
668 U64(0x486b2d6c08becf29), U64(0x9b0f3a58365d8b21),
669 U64(0xac78cdfaadd22c15), U64(0xbc95c7e28891a383),
670 U64(0x6a927f5f65dab9c3), U64(0xc3891d2c1ba0cb9e),
671 U64(0xeaa92f9f50f8b507), U64(0xcf0d9426c9d6e87e),
672 U64(0xca6e3baf1a7eb636), U64(0xab25247059980786),
673 U64(0x69b31ad3df4978fb), U64(0xe2512a93cc577c4c),
674 U64(0xff278a0ea61364d9), U64(0x71a615c766a53e26),
675 U64(0x89dc764334fc716c), U64(0xf87a638452594f4a),
676 U64(0xf2bc208be914f3da), U64(0x8766b94ac1682757),
677 U64(0xbbc82e687cdb8810), U64(0x626a7a53f9757088),
678 U64(0xa2c202f358467a2e), U64(0x4d0882e5db169161),
679 U64(0x09e7268301de7da8), U64(0xe897699c771ac0dc),
680 U64(0xc8507dac3d9cc3ed), U64(0xc0a878a0a1330aa6),
681 U64(0x978bb352e42ba8c1), U64(0xe9884a13ea6b743f),
682 U64(0x279afdbabecc28a2), U64(0x047c8c064ed9eaab),
683 U64(0x507e2278b15289f4), U64(0x599904fbb08cf45c),
684 U64(0xbd8ae46d15e01760), U64(0x31353da7f2b43844),
685 U64(0x8558ff49e68a528c), U64(0x76fbfc4d92ef15b5),
686 U64(0x3456922e211c660c), U64(0x86799ac55c1993b4),
687 U64(0x3e90d1219a51da9c), U64(0x2d5cbeb505819432),
688 U64(0x982e5fd48cce4a19), U64(0xdb9c1238a24c8d43),
689 U64(0xd439febecaa96f9b), U64(0x418c0bef0960b281),
690 U64(0x158ea591f6ebd1de), U64(0x1f48e69e4da66d4e),
691 U64(0x8afd13cf8e6fb054), U64(0xf5e1c9011d5ed849),
692 U64(0xe34e091c5126c8af), U64(0xad67ee7530a398f6),
693 U64(0x43b24dec2e82c75a), U64(0x75da99c1287cd48d),
694 U64(0x92e81cdb3783f689), U64(0xa3dd217cc537cecd),
695 U64(0x60543c50de970553), U64(0x93f73f54aaf2426a),
696 U64(0xa91b62737e7a725d), U64(0xf19d4507538732e2),
697 U64(0x77e4dfc20f9ea156), U64(0x7d229ccdb4d31dc6),
698 U64(0x1b346a98037f87e5), U64(0xedf4c615a4b29e94),
699 U64(0x4093286094110662), U64(0xb0114ee85ae78063),
700 U64(0x6ff1d0d6b672e78b), U64(0x6dcf96d591909250),
701 U64(0xdfe09e3eec9567e8), U64(0x3214582b4827f97c),
702 U64(0xb46dc2ee143e6ac8), U64(0xf6c0ac8da7cd1971),
703 U64(0xebb60c10cd8901e4), U64(0xf7df8f023abcad92),
704 U64(0x9c52d3d2c217a0b2), U64(0x6b8d5cd0f8ab0d20),
705 U64(0x3777f7a29b8fa734), U64(0x011f238f9d71b4e3),
706 U64(0xc1b75b2f3c42be45), U64(0x5de588fdfe551ef7),
707 U64(0x6eeef3592b035368), U64(0xaa3a07ffc4e9b365),
708 U64(0xecebe59a39c32a77), U64(0x5ba742f8976e8187),
709 U64(0x4b4a48e0b22d0e11), U64(0xddded83dcb771233),
710 U64(0xa59feb79ac0c51bd), U64(0xc7f5912a55792135)
711 }, { /* 5 */
712 U64(0x6d6ae04668a9b08a), U64(0x3ab3f04b0be8c743),
713 U64(0xe51e166b54b3c908), U64(0xbe90a9eb35c2f139),
714 U64(0xb2c7066637f2bec1), U64(0xaa6945613392202c),
715 U64(0x9a28c36f3b5201eb), U64(0xddce5a93ab536994),
716 U64(0x0e34133ef6382827), U64(0x52a02ba1ec55048b),
717 U64(0xa2f88f97c4b2a177), U64(0x8640e513ca2251a5),
718 U64(0xcdf1d36258137622), U64(0xfe6cb708dedf8ddb),
719 U64(0x8a174a9ec8121e5d), U64(0x679896036b81560e),
720 U64(0x59ed033395795fee), U64(0x1dd778ab8b74edaf),
721 U64(0xee533ef92d9f926d), U64(0x2a8c79baf8a8d8f5),
722 U64(0x6bcf398e69b119f6), U64(0xe20491742fafdd95),
723 U64(0x276488e0809c2aec), U64(0xea955b82d88f5cce),
724 U64(0x7102c63a99d9e0c4), U64(0xf9763017a5c39946),
725 U64(0x429fa2501f151b3d), U64(0x4659c72bea05d59e),
726 U64(0x984b7fdccf5a6634), U64(0xf742232953fbb161),
727 U64(0x3041860e08c021c7), U64(0x747bfd9616cd9386),
728 U64(0x4bb1367192312787), U64(0x1b72a1638a6c44d3),
729 U64(0x4a0e68a6e8359a66), U64(0x169a5039f258b6ca),
730 U64(0xb98a2ef44edee5a4), U64(0xd9083fe85e43a737),
731 U64(0x967f6ce239624e13), U64(0x8874f62d3c1a7982),
732 U64(0x3c1629830af06e3f), U64(0x9165ebfd427e5a8e),
733 U64(0xb5dd81794ceeaa5c), U64(0x0de8f15a7834f219),
734 U64(0x70bd98ede3dd5d25), U64(0xaccc9ca9328a8950),
735 U64(0x56664eda1945ca28), U64(0x221db34c0f8859ae),
736 U64(0x26dbd637fa98970d), U64(0x1acdffb4f068f932),
737 U64(0x4585254f64090fa0), U64(0x72de245e17d53afa),
738 U64(0x1546b25d7c546cf4), U64(0x207e0ffffb803e71),
739 U64(0xfaaad2732bcf4378), U64(0xb462dfae36ea17bd),
740 U64(0xcf926fd1ac1b11fd), U64(0xe0672dc7dba7ba4a),
741 U64(0xd3fa49ad5d6b41b3), U64(0x8ba81449b216a3bc),
742 U64(0x14f9ec8a0650d115), U64(0x40fc1ee3eb1d7ce2),
743 U64(0x23a2ed9b758ce44f), U64(0x782c521b14fddc7e),
744 U64(0x1c68267cf170504e), U64(0xbcf31558c1ca96e6),
745 U64(0xa781b43b4ba6d235), U64(0xf6fd7dfe29ff0c80),
746 U64(0xb0a4bad5c3fad91e), U64(0xd199f51ea963266c),
747 U64(0x414340349119c103), U64(0x5405f269ed4dadf7),
748 U64(0xabd61bb649969dcd), U64(0x6813dbeae7bdc3c8),
749 U64(0x65fb2ab09f8931d1), U64(0xf1e7fae152e3181d),
750 U64(0xc1a67cef5a2339da), U64(0x7a4feea8e0f5bba1),
751 U64(0x1e0b9acf05783791), U64(0x5b8ebf8061713831),
752 U64(0x80e53cdbcb3af8d9), U64(0x7e898bd315e57502),
753 U64(0xc6bcfbf0213f2d47), U64(0x95a38e86b76e942d),
754 U64(0x092e94218d243cba), U64(0x8339debf453622e7),
755 U64(0xb11be402b9fe64ff), U64(0x57d9100d634177c9),
756 U64(0xcc4e8db52217cbc3), U64(0x3b0cae9c71ec7aa2),
757 U64(0xfb158ca451cbfe99), U64(0x2b33276d82ac6514),
758 U64(0x01bf5ed77a04bde1), U64(0xc5601994af33f779),
759 U64(0x75c4a3416cc92e67), U64(0xf3844652a6eb7fc2),
760 U64(0x3487e375fdd0ef64), U64(0x18ae430704609eed),
761 U64(0x4d14efb993298efb), U64(0x815a620cb13e4538),
762 U64(0x125c354207487869), U64(0x9eeea614ce42cf48),
763 U64(0xce2d3106d61fac1c), U64(0xbbe99247bad6827b),
764 U64(0x071a871f7b1c149d), U64(0x2e4a1cc10db81656),
765 U64(0x77a71ff298c149b8), U64(0x06a5d9c80118a97c),
766 U64(0xad73c27e488e34b1), U64(0x443a7b981e0db241),
767 U64(0xe3bbcfa355ab6074), U64(0x0af276450328e684),
768 U64(0x73617a896dd1871b), U64(0x58525de4ef7de20f),
769 U64(0xb7be3dcab8e6cd83), U64(0x19111dd07e64230c),
770 U64(0x842359a03e2a367a), U64(0x103f89f1f3401fb6),
771 U64(0xdc710444d157d475), U64(0xb835702334da5845),
772 U64(0x4320fc876511a6dc), U64(0xd026abc9d3679b8d),
773 U64(0x17250eee885c0b2b), U64(0x90dab52a387ae76f),
774 U64(0x31fed8d972c49c26), U64(0x89cba8fa461ec463),
775 U64(0x2ff5421677bcabb7), U64(0x396f122f85e41d7d),
776 U64(0xa09b332430bac6a8), U64(0xc888e8ced7070560),
777 U64(0xaeaf201ac682ee8f), U64(0x1180d7268944a257),
778 U64(0xf058a43628e7a5fc), U64(0xbd4c4b8fbbce2b07),
779 U64(0xa1246df34abe7b49), U64(0x7d5569b79be9af3c),
780 U64(0xa9b5a705bd9efa12), U64(0xdb6b835baa4bc0e8),
781 U64(0x05793bac8f147342), U64(0x21c1512881848390),
782 U64(0xfdb0556c50d357e5), U64(0x613d4fcb6a99ff72),
783 U64(0x03dce2648e0cda3e), U64(0xe949b9e6568386f0),
784 U64(0xfc0f0bbb2ad7ea04), U64(0x6a70675913b5a417),
785 U64(0x7f36d5046fe1c8e3), U64(0x0c57af8d02304ff8),
786 U64(0x32223abdfcc84618), U64(0x0891caf6f720815b),
787 U64(0xa63eeaec31a26fd4), U64(0x2507345374944d33),
788 U64(0x49d28ac266394058), U64(0xf5219f9aa7f3d6be),
789 U64(0x2d96fea583b4cc68), U64(0x5a31e1571b7585d0),
790 U64(0x8ed12fe53d02d0fe), U64(0xdfade6205f5b0e4b),
791 U64(0x4cabb16ee92d331a), U64(0x04c6657bf510cea3),
792 U64(0xd73c2cd6a87b8f10), U64(0xe1d87310a1a307ab),
793 U64(0x6cd5be9112ad0d6b), U64(0x97c032354366f3f2),
794 U64(0xd4e0ceb22677552e), U64(0x0000000000000000),
795 U64(0x29509bde76a402cb), U64(0xc27a9e8bd42fe3e4),
796 U64(0x5ef7842cee654b73), U64(0xaf107ecdbc86536e),
797 U64(0x3fcacbe784fcb401), U64(0xd55f90655c73e8cf),
798 U64(0xe6c2f40fdabf1336), U64(0xe8f6e7312c873b11),
799 U64(0xeb2a0555a28be12f), U64(0xe4a148bc2eb774e9),
800 U64(0x9b979db84156bc0a), U64(0x6eb60222e6a56ab4),
801 U64(0x87ffbbc4b026ec44), U64(0xc703a5275b3b90a6),
802 U64(0x47e699fc9001687f), U64(0x9c8d1aa73a4aa897),
803 U64(0x7cea3760e1ed12dd), U64(0x4ec80ddd1d2554c5),
804 U64(0x13e36b957d4cc588), U64(0x5d2b66486069914d),
805 U64(0x92b90999cc7280b0), U64(0x517cc9c56259deb5),
806 U64(0xc937b619ad03b881), U64(0xec30824ad997f5b2),
807 U64(0xa45d565fc5aa080b), U64(0xd6837201d27f32f1),
808 U64(0x635ef3789e9198ad), U64(0x531f75769651b96a),
809 U64(0x4f77530a6721e924), U64(0x486dd4151c3dfdb9),
810 U64(0x5f48dafb9461f692), U64(0x375b011173dc355a),
811 U64(0x3da9775470f4d3de), U64(0x8d0dcd81b30e0ac0),
812 U64(0x36e45fc609d888bb), U64(0x55baacbe97491016),
813 U64(0x8cb29356c90ab721), U64(0x76184125e2c5f459),
814 U64(0x99f4210bb55edbd5), U64(0x6f095cf59ca1d755),
815 U64(0x9f51f8c3b44672a9), U64(0x3538bda287d45285),
816 U64(0x50c39712185d6354), U64(0xf23b1885dcefc223),
817 U64(0x79930ccc6ef9619f), U64(0xed8fdc9da3934853),
818 U64(0xcb540aaa590bdf5e), U64(0x5c94389f1a6d2cac),
819 U64(0xe77daad8a0bbaed7), U64(0x28efc5090ca0bf2a),
820 U64(0xbf2ff73c4fc64cd8), U64(0xb37858b14df60320),
821 U64(0xf8c96ec0dfc724a7), U64(0x828680683f329f06),
822 U64(0x941cd051cd6a29cc), U64(0xc3c5c05cae2b5e05),
823 U64(0xb601631dc2e27062), U64(0xc01922382027843b),
824 U64(0x24b86a840e90f0d2), U64(0xd245177a276ffc52),
825 U64(0x0f8b4de98c3c95c6), U64(0x3e759530fef809e0),
826 U64(0x0b4d2892792c5b65), U64(0xc4df4743d5374a98),
827 U64(0xa5e20888bfaeb5ea), U64(0xba56cc90c0d23f9a),
828 U64(0x38d04cf8ffe0a09c), U64(0x62e1adafe495254c),
829 U64(0x0263bcb3f40867df), U64(0xcaeb547d230f62bf),
830 U64(0x6082111c109d4293), U64(0xdad4dd8cd04f7d09),
831 U64(0xefec602e579b2f8c), U64(0x1fb4c4187f7c8a70),
832 U64(0xffd3e9dfa4db303a), U64(0x7bf0b07f9af10640),
833 U64(0xf49ec14dddf76b5f), U64(0x8f6e713247066d1f),
834 U64(0x339d646a86ccfbf9), U64(0x64447467e58d8c30),
835 U64(0x2c29a072f9b07189), U64(0xd8b7613f24471ad6),
836 U64(0x6627c8d41185ebef), U64(0xa347d140beb61c96),
837 U64(0xde12b8f7255fb3aa), U64(0x9d324470404e1576),
838 U64(0x9306574eb6763d51), U64(0xa80af9d2c79a47f3),
839 U64(0x859c0777442e8b9b), U64(0x69ac853d9db97e29)
840 }, { /* 6 */
841 U64(0xc3407dfc2de6377e), U64(0x5b9e93eea4256f77),
842 U64(0xadb58fdd50c845e0), U64(0x5219ff11a75bed86),
843 U64(0x356b61cfd90b1de9), U64(0xfb8f406e25abe037),
844 U64(0x7a5a0231c0f60796), U64(0x9d3cd216e1f5020b),
845 U64(0x0c6550fb6b48d8f3), U64(0xf57508c427ff1c62),
846 U64(0x4ad35ffa71cb407d), U64(0x6290a2da1666aa6d),
847 U64(0xe284ec2349355f9f), U64(0xb3c307c53d7c84ec),
848 U64(0x05e23c0468365a02), U64(0x190bac4d6c9ebfa8),
849 U64(0x94bbbee9e28b80fa), U64(0xa34fc777529cb9b5),
850 U64(0xcc7b39f095bcd978), U64(0x2426addb0ce532e3),
851 U64(0x7e79329312ce4fc7), U64(0xab09a72eebec2917),
852 U64(0xf8d15499f6b9d6c2), U64(0x1a55b8babf8c895d),
853 U64(0xdb8add17fb769a85), U64(0xb57f2f368658e81b),
854 U64(0x8acd36f18f3f41f6), U64(0x5ce3b7bba50f11d3),
855 U64(0x114dcc14d5ee2f0a), U64(0xb91a7fcded1030e8),
856 U64(0x81d5425fe55de7a1), U64(0xb6213bc1554adeee),
857 U64(0x80144ef95f53f5f2), U64(0x1e7688186db4c10c),
858 U64(0x3b912965db5fe1bc), U64(0xc281715a97e8252d),
859 U64(0x54a5d7e21c7f8171), U64(0x4b12535ccbc5522e),
860 U64(0x1d289cefbea6f7f9), U64(0x6ef5f2217d2e729e),
861 U64(0xe6a7dc819b0d17ce), U64(0x1b94b41c05829b0e),
862 U64(0x33d7493c622f711e), U64(0xdcf7f942fa5ce421),
863 U64(0x600fba8b7f7a8ecb), U64(0x46b60f011a83988e),
864 U64(0x235b898e0dcf4c47), U64(0x957ab24f588592a9),
865 U64(0x4354330572b5c28c), U64(0xa5f3ef84e9b8d542),
866 U64(0x8c711e02341b2d01), U64(0x0b1874ae6a62a657),
867 U64(0x1213d8e306fc19ff), U64(0xfe6d7c6a4d9dba35),
868 U64(0x65ed868f174cd4c9), U64(0x88522ea0e6236550),
869 U64(0x899322065c2d7703), U64(0xc01e690bfef4018b),
870 U64(0x915982ed8abddaf8), U64(0xbe675b98ec3a4e4c),
871 U64(0xa996bf7f82f00db1), U64(0xe1daf8d49a27696a),
872 U64(0x2effd5d3dc8986e7), U64(0xd153a51f2b1a2e81),
873 U64(0x18caa0ebd690adfb), U64(0x390e3134b243c51a),
874 U64(0x2778b92cdff70416), U64(0x029f1851691c24a6),
875 U64(0x5e7cafeacc133575), U64(0xfa4e4cc89fa5f264),
876 U64(0x5a5f9f481e2b7d24), U64(0x484c47ab18d764db),
877 U64(0x400a27f2a1a7f479), U64(0xaeeb9b2a83da7315),
878 U64(0x721c626879869734), U64(0x042330a2d2384851),
879 U64(0x85f672fd3765aff0), U64(0xba446b3a3e02061d),
880 U64(0x73dd6ecec3888567), U64(0xffac70ccf793a866),
881 U64(0xdfa9edb5294ed2d4), U64(0x6c6aea7014325638),
882 U64(0x834a5a0e8c41c307), U64(0xcdba35562fb2cb2b),
883 U64(0x0ad97808d06cb404), U64(0x0f3b440cb85aee06),
884 U64(0xe5f9c876481f213b), U64(0x98deee1289c35809),
885 U64(0x59018bbfcd394bd1), U64(0xe01bf47220297b39),
886 U64(0xde68e1139340c087), U64(0x9fa3ca4788e926ad),
887 U64(0xbb85679c840c144e), U64(0x53d8f3b71d55ffd5),
888 U64(0x0da45c5dd146caa0), U64(0x6f34fe87c72060cd),
889 U64(0x57fbc315cf6db784), U64(0xcee421a1fca0fdde),
890 U64(0x3d2d0196607b8d4b), U64(0x642c8a29ad42c69a),
891 U64(0x14aff010bdd87508), U64(0xac74837beac657b3),
892 U64(0x3216459ad821634d), U64(0x3fb219c70967a9ed),
893 U64(0x06bc28f3bb246cf7), U64(0xf2082c9126d562c6),
894 U64(0x66b39278c45ee23c), U64(0xbd394f6f3f2878b9),
895 U64(0xfd33689d9e8f8cc0), U64(0x37f4799eb017394f),
896 U64(0x108cc0b26fe03d59), U64(0xda4bd1b1417888d6),
897 U64(0xb09d1332ee6eb219), U64(0x2f3ed975668794b4),
898 U64(0x58c0871977375982), U64(0x7561463d78ace990),
899 U64(0x09876cff037e82f1), U64(0x7fb83e35a8c05d94),
900 U64(0x26b9b58a65f91645), U64(0xef20b07e9873953f),
901 U64(0x3148516d0b3355b8), U64(0x41cb2b541ba9e62a),
902 U64(0x790416c613e43163), U64(0xa011d380818e8f40),
903 U64(0x3a5025c36151f3ef), U64(0xd57095bdf92266d0),
904 U64(0x498d4b0da2d97688), U64(0x8b0c3a57353153a5),
905 U64(0x21c491df64d368e1), U64(0x8f2f0af5e7091bf4),
906 U64(0x2da1c1240f9bb012), U64(0xc43d59a92ccc49da),
907 U64(0xbfa6573e56345c1f), U64(0x828b56a8364fd154),
908 U64(0x9a41f643e0df7caf), U64(0xbcf843c985266aea),
909 U64(0x2b1de9d7b4bfdce5), U64(0x20059d79dedd7ab2),
910 U64(0x6dabe6d6ae3c446b), U64(0x45e81bf6c991ae7b),
911 U64(0x6351ae7cac68b83e), U64(0xa432e32253b6c711),
912 U64(0xd092a9b991143cd2), U64(0xcac711032e98b58f),
913 U64(0xd8d4c9e02864ac70), U64(0xc5fc550f96c25b89),
914 U64(0xd7ef8dec903e4276), U64(0x67729ede7e50f06f),
915 U64(0xeac28c7af045cf3d), U64(0xb15c1f945460a04a),
916 U64(0x9cfddeb05bfb1058), U64(0x93c69abce3a1fe5e),
917 U64(0xeb0380dc4a4bdd6e), U64(0xd20db1e8f8081874),
918 U64(0x229a8528b7c15e14), U64(0x44291750739fbc28),
919 U64(0xd3ccbd4e42060a27), U64(0xf62b1c33f4ed2a97),
920 U64(0x86a8660ae4779905), U64(0xd62e814a2a305025),
921 U64(0x477703a7a08d8add), U64(0x7b9b0e977af815c5),
922 U64(0x78c51a60a9ea2330), U64(0xa6adfb733aaae3b7),
923 U64(0x97e5aa1e3199b60f), U64(0x0000000000000000),
924 U64(0xf4b404629df10e31), U64(0x5564db44a6719322),
925 U64(0x9207961a59afec0d), U64(0x9624a6b88b97a45c),
926 U64(0x363575380a192b1c), U64(0x2c60cd82b595a241),
927 U64(0x7d272664c1dc7932), U64(0x7142769faa94a1c1),
928 U64(0xa1d0df263b809d13), U64(0x1630e841d4c451ae),
929 U64(0xc1df65ad44fa13d8), U64(0x13d2d445bcf20bac),
930 U64(0xd915c546926abe23), U64(0x38cf3d92084dd749),
931 U64(0xe766d0272103059d), U64(0xc7634d5effde7f2f),
932 U64(0x077d2455012a7ea4), U64(0xedbfa82ff16fb199),
933 U64(0xaf2a978c39d46146), U64(0x42953fa3c8bbd0df),
934 U64(0xcb061da59496a7dc), U64(0x25e7a17db6eb20b0),
935 U64(0x34aa6d6963050fba), U64(0xa76cf7d580a4f1e4),
936 U64(0xf7ea10954ee338c4), U64(0xfcf2643b24819e93),
937 U64(0xcf252d0746aeef8d), U64(0x4ef06f58a3f3082c),
938 U64(0x563acfb37563a5d7), U64(0x5086e740ce47c920),
939 U64(0x2982f186dda3f843), U64(0x87696aac5e798b56),
940 U64(0x5d22bb1d1f010380), U64(0x035e14f7d31236f5),
941 U64(0x3cec0d30da759f18), U64(0xf3c920379cdb7095),
942 U64(0xb8db736b571e22bb), U64(0xdd36f5e44052f672),
943 U64(0xaac8ab8851e23b44), U64(0xa857b3d938fe1fe2),
944 U64(0x17f1e4e76eca43fd), U64(0xec7ea4894b61a3ca),
945 U64(0x9e62c6e132e734fe), U64(0xd4b1991b432c7483),
946 U64(0x6ad6c283af163acf), U64(0x1ce9904904a8e5aa),
947 U64(0x5fbda34c761d2726), U64(0xf910583f4cb7c491),
948 U64(0xc6a241f845d06d7c), U64(0x4f3163fe19fd1a7f),
949 U64(0xe99c988d2357f9c8), U64(0x8eee06535d0709a7),
950 U64(0x0efa48aa0254fc55), U64(0xb4be23903c56fa48),
951 U64(0x763f52caabbedf65), U64(0xeee1bcd8227d876c),
952 U64(0xe345e085f33b4dcc), U64(0x3e731561b369bbbe),
953 U64(0x2843fd2067adea10), U64(0x2adce5710eb1ceb6),
954 U64(0xb7e03767ef44ccbd), U64(0x8db012a48e153f52),
955 U64(0x61ceb62dc5749c98), U64(0xe85d942b9959eb9b),
956 U64(0x4c6f7709caef2c8a), U64(0x84377e5b8d6bbda3),
957 U64(0x30895dcbb13d47eb), U64(0x74a04a9bc2a2fbc3),
958 U64(0x6b17ce251518289c), U64(0xe438c4d0f2113368),
959 U64(0x1fb784bed7bad35f), U64(0x9b80fae55ad16efc),
960 U64(0x77fe5e6c11b0cd36), U64(0xc858095247849129),
961 U64(0x08466059b97090a2), U64(0x01c10ca6ba0e1253),
962 U64(0x6988d6747c040c3a), U64(0x6849dad2c60a1e69),
963 U64(0x5147ebe67449db73), U64(0xc99905f4fd8a837a),
964 U64(0x991fe2b433cd4a5a), U64(0xf09734c04fc94660),
965 U64(0xa28ecbd1e892abe6), U64(0xf1563866f5c75433),
966 U64(0x4dae7baf70e13ed9), U64(0x7ce62ac27bd26b61),
967 U64(0x70837a39109ab392), U64(0x90988e4b30b3c8ab),
968 U64(0xb2020b63877296bf), U64(0x156efcb607d6675b)
969 }, { /* 7 */
970 U64(0xe63f55ce97c331d0), U64(0x25b506b0015bba16),
971 U64(0xc8706e29e6ad9ba8), U64(0x5b43d3775d521f6a),
972 U64(0x0bfa3d577035106e), U64(0xab95fc172afb0e66),
973 U64(0xf64b63979e7a3276), U64(0xf58b4562649dad4b),
974 U64(0x48f7c3dbae0c83f1), U64(0xff31916642f5c8c5),
975 U64(0xcbb048dc1c4a0495), U64(0x66b8f83cdf622989),
976 U64(0x35c130e908e2b9b0), U64(0x7c761a61f0b34fa1),
977 U64(0x3601161cf205268d), U64(0x9e54ccfe2219b7d6),
978 U64(0x8b7d90a538940837), U64(0x9cd403588ea35d0b),
979 U64(0xbc3c6fea9ccc5b5a), U64(0xe5ff733b6d24aeed),
980 U64(0xceed22de0f7eb8d2), U64(0xec8581cab1ab545e),
981 U64(0xb96105e88ff8e71d), U64(0x8ca03501871a5ead),
982 U64(0x76ccce65d6db2a2f), U64(0x5883f582a7b58057),
983 U64(0x3f7be4ed2e8adc3e), U64(0x0fe7be06355cd9c9),
984 U64(0xee054e6c1d11be83), U64(0x1074365909b903a6),
985 U64(0x5dde9f80b4813c10), U64(0x4a770c7d02b6692c),
986 U64(0x5379c8d5d7809039), U64(0xb4067448161ed409),
987 U64(0x5f5e5026183bd6cd), U64(0xe898029bf4c29df9),
988 U64(0x7fb63c940a54d09c), U64(0xc5171f897f4ba8bc),
989 U64(0xa6f28db7b31d3d72), U64(0x2e4f3be7716eaa78),
990 U64(0x0d6771a099e63314), U64(0x82076254e41bf284),
991 U64(0x2f0fd2b42733df98), U64(0x5c9e76d3e2dc49f0),
992 U64(0x7aeb569619606cdb), U64(0x83478b07b2468764),
993 U64(0xcfadcb8d5923cd32), U64(0x85dac7f05b95a41e),
994 U64(0xb5469d1b4043a1e9), U64(0xb821ecbbd9a592fd),
995 U64(0x1b8e0b0e798c13c8), U64(0x62a57b6d9a0be02e),
996 U64(0xfcf1b793b81257f8), U64(0x9d94ea0bd8fe28eb),
997 U64(0x4cea408aeb654a56), U64(0x23284a47e888996c),
998 U64(0x2d8f1d128b893545), U64(0xf4cbac3132c0d8ab),
999 U64(0xbd7c86b9ca912eba), U64(0x3a268eef3dbe6079),
1000 U64(0xf0d62f6077a9110c), U64(0x2735c916ade150cb),
1001 U64(0x89fd5f03942ee2ea), U64(0x1acee25d2fd16628),
1002 U64(0x90f39bab41181bff), U64(0x430dfe8cde39939f),
1003 U64(0xf70b8ac4c8274796), U64(0x1c53aeaac6024552),
1004 U64(0x13b410acf35e9c9b), U64(0xa532ab4249faa24f),
1005 U64(0x2b1251e5625a163f), U64(0xd7e3e676da4841c7),
1006 U64(0xa7b264e4e5404892), U64(0xda8497d643ae72d3),
1007 U64(0x861ae105a1723b23), U64(0x38a6414991048aa4),
1008 U64(0x6578dec92585b6b4), U64(0x0280cfa6acbaeadd),
1009 U64(0x88bdb650c273970a), U64(0x9333bd5ebbff84c2),
1010 U64(0x4e6a8f2c47dfa08b), U64(0x321c954db76cef2a),
1011 U64(0x418d312a72837942), U64(0xb29b38bfffcdf773),
1012 U64(0x6c022c38f90a4c07), U64(0x5a033a240b0f6a8a),
1013 U64(0x1f93885f3ce5da6f), U64(0xc38a537e96988bc6),
1014 U64(0x39e6a81ac759ff44), U64(0x29929e43cee0fce2),
1015 U64(0x40cdd87924de0ca2), U64(0xe9d8ebc8a29fe819),
1016 U64(0x0c2798f3cfbb46f4), U64(0x55e484223e53b343),
1017 U64(0x4650948ecd0d2fd8), U64(0x20e86cb2126f0651),
1018 U64(0x6d42c56baf5739e7), U64(0xa06fc1405ace1e08),
1019 U64(0x7babbfc54f3d193b), U64(0x424d17df8864e67f),
1020 U64(0xd8045870ef14980e), U64(0xc6d7397c85ac3781),
1021 U64(0x21a885e1443273b1), U64(0x67f8116f893f5c69),
1022 U64(0x24f5efe35706cff6), U64(0xd56329d076f2ab1a),
1023 U64(0x5e1eb9754e66a32d), U64(0x28d2771098bd8902),
1024 U64(0x8f6013f47dfdc190), U64(0x17a993fdb637553c),
1025 U64(0xe0a219397e1012aa), U64(0x786b9930b5da8606),
1026 U64(0x6e82e39e55b0a6da), U64(0x875a0856f72f4ec3),
1027 U64(0x3741ff4fa458536d), U64(0xac4859b3957558fc),
1028 U64(0x7ef6d5c75c09a57c), U64(0xc04a758b6c7f14fb),
1029 U64(0xf9acdd91ab26ebbf), U64(0x7391a467c5ef9668),
1030 U64(0x335c7c1ee1319aca), U64(0xa91533b18641e4bb),
1031 U64(0xe4bf9a683b79db0d), U64(0x8e20faa72ba0b470),
1032 U64(0x51f907737b3a7ae4), U64(0x2268a314bed5ec8c),
1033 U64(0xd944b123b949edee), U64(0x31dcb3b84d8b7017),
1034 U64(0xd3fe65279f218860), U64(0x097af2f1dc8ffab3),
1035 U64(0x9b09a6fc312d0b91), U64(0xcc6ded78a3c4520f),
1036 U64(0x3481d9ba5ebfcc50), U64(0x4f2a667f1182d56b),
1037 U64(0xdfd9fdd4509ace94), U64(0x26752045fbbc252b),
1038 U64(0xbffc491f662bc467), U64(0xdd593272fc202449),
1039 U64(0x3cbbc218d46d4303), U64(0x91b372f817456e1f),
1040 U64(0x681faf69bc6385a0), U64(0xb686bbeebaa43ed4),
1041 U64(0x1469b5084cd0ca01), U64(0x98c98009cbca94ac),
1042 U64(0x6438379a73d8c354), U64(0xc2caba2dc0c5fe26),
1043 U64(0x3e3b0dbe78d7a9de), U64(0x50b9ee202d670f04),
1044 U64(0x4590b27b37eab0e5), U64(0x6025b4cb36b10af3),
1045 U64(0xfb2c1237079c0162), U64(0xa12f28130c936be8),
1046 U64(0x4b37e52e54eb1ccc), U64(0x083a1ba28ad28f53),
1047 U64(0xc10a9cd83a22611b), U64(0x9f1425ad7444c236),
1048 U64(0x069d4cf7e9d3237a), U64(0xedc56899e7f621be),
1049 U64(0x778c273680865fcf), U64(0x309c5aeb1bd605f7),
1050 U64(0x8de0dc52d1472b4d), U64(0xf8ec34c2fd7b9e5f),
1051 U64(0xea18cd3d58787724), U64(0xaad515447ca67b86),
1052 U64(0x9989695a9d97e14c), U64(0x0000000000000000),
1053 U64(0xf196c63321f464ec), U64(0x71116bc169557cb5),
1054 U64(0xaf887f466f92c7c1), U64(0x972e3e0ffe964d65),
1055 U64(0x190ec4a8d536f915), U64(0x95aef1a9522ca7b8),
1056 U64(0xdc19db21aa7d51a9), U64(0x94ee18fa0471d258),
1057 U64(0x8087adf248a11859), U64(0xc457f6da2916dd5c),
1058 U64(0xfa6cfb6451c17482), U64(0xf256e0c6db13fbd1),
1059 U64(0x6a9f60cf10d96f7d), U64(0x4daaa9d9bd383fb6),
1060 U64(0x03c026f5fae79f3d), U64(0xde99148706c7bb74),
1061 U64(0x2a52b8b6340763df), U64(0x6fc20acd03edd33a),
1062 U64(0xd423c08320afdefa), U64(0xbbe1ca4e23420dc0),
1063 U64(0x966ed75ca8cb3885), U64(0xeb58246e0e2502c4),
1064 U64(0x055d6a021334bc47), U64(0xa47242111fa7d7af),
1065 U64(0xe3623fcc84f78d97), U64(0x81c744a11efc6db9),
1066 U64(0xaec8961539cfb221), U64(0xf31609958d4e8e31),
1067 U64(0x63e5923ecc5695ce), U64(0x47107ddd9b505a38),
1068 U64(0xa3afe7b5a0298135), U64(0x792b7063e387f3e6),
1069 U64(0x0140e953565d75e0), U64(0x12f4f9ffa503e97b),
1070 U64(0x750ce8902c3cb512), U64(0xdbc47e8515f30733),
1071 U64(0x1ed3610c6ab8af8f), U64(0x5239218681dde5d9),
1072 U64(0xe222d69fd2aaf877), U64(0xfe71783514a8bd25),
1073 U64(0xcaf0a18f4a177175), U64(0x61655d9860ec7f13),
1074 U64(0xe77fbc9dc19e4430), U64(0x2ccff441ddd440a5),
1075 U64(0x16e97aaee06a20dc), U64(0xa855dae2d01c915b),
1076 U64(0x1d1347f9905f30b2), U64(0xb7c652bdecf94b34),
1077 U64(0xd03e43d265c6175d), U64(0xfdb15ec0ee4f2218),
1078 U64(0x57644b8492e9599e), U64(0x07dda5a4bf8e569a),
1079 U64(0x54a46d71680ec6a3), U64(0x5624a2d7c4b42c7e),
1080 U64(0xbebca04c3076b187), U64(0x7d36f332a6ee3a41),
1081 U64(0x3b6667bc6be31599), U64(0x695f463aea3ef040),
1082 U64(0xad08b0e0c3282d1c), U64(0xb15b1e4a052a684e),
1083 U64(0x44d05b2861b7c505), U64(0x15295c5b1a8dbfe1),
1084 U64(0x744c01c37a61c0f2), U64(0x59c31cd1f1e8f5b7),
1085 U64(0xef45a73f4b4ccb63), U64(0x6bdf899c46841a9d),
1086 U64(0x3dfb2b4b823036e3), U64(0xa2ef0ee6f674f4d5),
1087 U64(0x184e2dfb836b8cf5), U64(0x1134df0a5fe47646),
1088 U64(0xbaa1231d751f7820), U64(0xd17eaa81339b62bd),
1089 U64(0xb01bf71953771dae), U64(0x849a2ea30dc8d1fe),
1090 U64(0x705182923f080955), U64(0x0ea757556301ac29),
1091 U64(0x041d83514569c9a7), U64(0x0abad4042668658e),
1092 U64(0x49b72a88f851f611), U64(0x8a3d79f66ec97dd7),
1093 U64(0xcd2d042bf59927ef), U64(0xc930877ab0f0ee48),
1094 U64(0x9273540deda2f122), U64(0xc797d02fd3f14261),
1095 U64(0xe1e2f06a284d674a), U64(0xd2be8c74c97cfd80),
1096 U64(0x9a494faf67707e71), U64(0xb3dbd1eca9908293),
1097 U64(0x72d14d3493b2e388), U64(0xd6a30f258c153427)
1098 },
1099};
1100
1101static const STREEBOG_LONG64 C16[12][8] = {
1102 {
1103 U64(0xdd806559f2a64507), U64(0x05767436cc744d23),
1104 U64(0xa2422a08a460d315), U64(0x4b7ce09192676901),
1105 U64(0x714eb88d7585c4fc), U64(0x2f6a76432e45d016),
1106 U64(0xebcb2f81c0657c1f), U64(0xb1085bda1ecadae9)
1107 }, {
1108 U64(0xe679047021b19bb7), U64(0x55dda21bd7cbcd56),
1109 U64(0x5cb561c2db0aa7ca), U64(0x9ab5176b12d69958),
1110 U64(0x61d55e0f16b50131), U64(0xf3feea720a232b98),
1111 U64(0x4fe39d460f70b5d7), U64(0x6fa3b58aa99d2f1a)
1112 }, {
1113 U64(0x991e96f50aba0ab2), U64(0xc2b6f443867adb31),
1114 U64(0xc1c93a376062db09), U64(0xd3e20fe490359eb1),
1115 U64(0xf2ea7514b1297b7b), U64(0x06f15e5f529c1f8b),
1116 U64(0x0a39fc286a3d8435), U64(0xf574dcac2bce2fc7)
1117 }, {
1118 U64(0x220cbebc84e3d12e), U64(0x3453eaa193e837f1),
1119 U64(0xd8b71333935203be), U64(0xa9d72c82ed03d675),
1120 U64(0x9d721cad685e353f), U64(0x488e857e335c3c7d),
1121 U64(0xf948e1a05d71e4dd), U64(0xef1fdfb3e81566d2)
1122 }, {
1123 U64(0x601758fd7c6cfe57), U64(0x7a56a27ea9ea63f5),
1124 U64(0xdfff00b723271a16), U64(0xbfcd1747253af5a3),
1125 U64(0x359e35d7800fffbd), U64(0x7f151c1f1686104a),
1126 U64(0x9a3f410c6ca92363), U64(0x4bea6bacad474799)
1127 }, {
1128 U64(0xfa68407a46647d6e), U64(0xbf71c57236904f35),
1129 U64(0x0af21f66c2bec6b6), U64(0xcffaa6b71c9ab7b4),
1130 U64(0x187f9ab49af08ec6), U64(0x2d66c4f95142a46c),
1131 U64(0x6fa4c33b7a3039c0), U64(0xae4faeae1d3ad3d9)
1132 }, {
1133 U64(0x8886564d3a14d493), U64(0x3517454ca23c4af3),
1134 U64(0x06476983284a0504), U64(0x0992abc52d822c37),
1135 U64(0xd3473e33197a93c9), U64(0x399ec6c7e6bf87c9),
1136 U64(0x51ac86febf240954), U64(0xf4c70e16eeaac5ec)
1137 }, {
1138 U64(0xa47f0dd4bf02e71e), U64(0x36acc2355951a8d9),
1139 U64(0x69d18d2bd1a5c42f), U64(0xf4892bcb929b0690),
1140 U64(0x89b4443b4ddbc49a), U64(0x4eb7f8719c36de1e),
1141 U64(0x03e7aa020c6e4141), U64(0x9b1f5b424d93c9a7)
1142 }, {
1143 U64(0x7261445183235adb), U64(0x0e38dc92cb1f2a60),
1144 U64(0x7b2b8a9aa6079c54), U64(0x800a440bdbb2ceb1),
1145 U64(0x3cd955b7e00d0984), U64(0x3a7d3a1b25894224),
1146 U64(0x944c9ad8ec165fde), U64(0x378f5a541631229b)
1147 }, {
1148 U64(0x74b4c7fb98459ced), U64(0x3698fad1153bb6c3),
1149 U64(0x7a1e6c303b7652f4), U64(0x9fe76702af69334b),
1150 U64(0x1fffe18a1b336103), U64(0x8941e71cff8a78db),
1151 U64(0x382ae548b2e4f3f3), U64(0xabbedea680056f52)
1152 }, {
1153 U64(0x6bcaa4cd81f32d1b), U64(0xdea2594ac06fd85d),
1154 U64(0xefbacd1d7d476e98), U64(0x8a1d71efea48b9ca),
1155 U64(0x2001802114846679), U64(0xd8fa6bbbebab0761),
1156 U64(0x3002c6cd635afe94), U64(0x7bcd9ed0efc889fb)
1157 }, {
1158 U64(0x48bc924af11bd720), U64(0xfaf417d5d9b21b99),
1159 U64(0xe71da4aa88e12852), U64(0x5d80ef9d1891cc86),
1160 U64(0xf82012d430219f9b), U64(0xcda43c32bcdf1d77),
1161 U64(0xd21380b00449b17a), U64(0x378ee767f11631ba)
1162 },
1163};
1164
1165#define B(x,i,j) (((STREEBOG_LONG64)(*(((const unsigned char *)(&x))+i)))<<(j*8))
1166#define PULL64(x) (B(x,0,0)|B(x,1,1)|B(x,2,2)|B(x,3,3)|B(x,4,4)|B(x,5,5)|B(x,6,6)|B(x,7,7))
1167#define SWAB64(x) (B(x,0,7)|B(x,1,6)|B(x,2,5)|B(x,3,4)|B(x,4,3)|B(x,5,2)|B(x,6,1)|B(x,7,0))
1168
1169static inline STREEBOG_LONG64
1170multipermute(const STREEBOG_LONG64 *in, int i)
1171{
1172 STREEBOG_LONG64 t = 0;
1173
1174 t ^= A_PI_table[0][(in[0] >> (i * 8)) & 0xff];
1175 t ^= A_PI_table[1][(in[1] >> (i * 8)) & 0xff];
1176 t ^= A_PI_table[2][(in[2] >> (i * 8)) & 0xff];
1177 t ^= A_PI_table[3][(in[3] >> (i * 8)) & 0xff];
1178 t ^= A_PI_table[4][(in[4] >> (i * 8)) & 0xff];
1179 t ^= A_PI_table[5][(in[5] >> (i * 8)) & 0xff];
1180 t ^= A_PI_table[6][(in[6] >> (i * 8)) & 0xff];
1181 t ^= A_PI_table[7][(in[7] >> (i * 8)) & 0xff];
1182
1183 return t;
1184}
1185
1186static void
1187transform(STREEBOG_LONG64 *out, const STREEBOG_LONG64 *a,
1188 const STREEBOG_LONG64 *b)
1189{
1190 STREEBOG_LONG64 tmp[8];
1191
1192 tmp[0] = a[0] ^ b[0];
1193 tmp[1] = a[1] ^ b[1];
1194 tmp[2] = a[2] ^ b[2];
1195 tmp[3] = a[3] ^ b[3];
1196 tmp[4] = a[4] ^ b[4];
1197 tmp[5] = a[5] ^ b[5];
1198 tmp[6] = a[6] ^ b[6];
1199 tmp[7] = a[7] ^ b[7];
1200
1201 out[0] = multipermute(tmp, 0);
1202 out[1] = multipermute(tmp, 1);
1203 out[2] = multipermute(tmp, 2);
1204 out[3] = multipermute(tmp, 3);
1205 out[4] = multipermute(tmp, 4);
1206 out[5] = multipermute(tmp, 5);
1207 out[6] = multipermute(tmp, 6);
1208 out[7] = multipermute(tmp, 7);
1209}
1210
1211static inline void
1212gN(STREEBOG_LONG64 *h, STREEBOG_LONG64 *m, STREEBOG_LONG64 *N)
1213{
1214 STREEBOG_LONG64 K[8];
1215 STREEBOG_LONG64 T[8];
1216 int i;
1217
1218 transform(K, h, N);
1219
1220 transform(T, K, m);
1221 transform(K, K, C16[0]);
1222 for (i = 1; i < 12; i++) {
1223 transform(T, K, T);
1224 transform(K, K, C16[i]);
1225 }
1226
1227 h[0] ^= T[0] ^ K[0] ^ m[0];
1228 h[1] ^= T[1] ^ K[1] ^ m[1];
1229 h[2] ^= T[2] ^ K[2] ^ m[2];
1230 h[3] ^= T[3] ^ K[3] ^ m[3];
1231 h[4] ^= T[4] ^ K[4] ^ m[4];
1232 h[5] ^= T[5] ^ K[5] ^ m[5];
1233 h[6] ^= T[6] ^ K[6] ^ m[6];
1234 h[7] ^= T[7] ^ K[7] ^ m[7];
1235}
1236
1237
1238static void
1239streebog_single_block(STREEBOG_CTX *ctx, const unsigned char *in, size_t num)
1240{
1241 STREEBOG_LONG64 M[8], l;
1242 STREEBOG_LONG64 CF;
1243 int i;
1244
1245 for (i = 0; i < 8; i++)
1246 M[i] = PULL64(in[i*8]);
1247
1248 gN(ctx->h, M, ctx->N);
1249
1250 l = ctx->N[0];
1251 ctx->N[0] += num;
1252
1253 if (ctx->N[0] < l || ctx->N[0] < num) {
1254 for (i = 1; i < 8; i++) {
1255 ctx->N[i]++;
1256 if (ctx->N[i] != 0)
1257 break;
1258 }
1259 }
1260
1261 CF = 0;
1262 ctx->Sigma[0] += M[0];
1263 for (i = 1; i < 8; i++) {
1264 if (ctx->Sigma[i-1] != M[i-1])
1265 CF = (ctx->Sigma[i-1] < M[i-1]);
1266 ctx->Sigma[i] += M[i] + CF;
1267 }
1268}
1269
1270
1271
1272static void
1273streebog_block_data_order(STREEBOG_CTX *ctx, const unsigned char *in,
1274 size_t num)
1275{
1276 int i;
1277
1278 for (i = 0; i < num; i++)
1279 streebog_single_block(ctx, in + i * STREEBOG_CBLOCK, 64 * 8);
1280}
1281
1282int
1283STREEBOG512_Final(unsigned char *md, STREEBOG_CTX *c)
1284{
1285 unsigned char *p = (unsigned char *)c->data;
1286 STREEBOG_LONG64 Z[STREEBOG_LBLOCK] = {0};
1287 int n;
1288
1289 if (c->num == STREEBOG_CBLOCK) {
1290 streebog_block_data_order(c, p, 1);
1291 c->num -= STREEBOG_CBLOCK;
1292 }
1293
1294 n = c->num;
1295 p[n++] = 1;
1296 memset(p + n, 0, STREEBOG_CBLOCK - n);
1297
1298 streebog_single_block(c, p, c->num * 8);
1299
1300 gN(c->h, c->N, Z);
1301 gN(c->h, c->Sigma, Z);
1302
1303 for (n = 0; n < STREEBOG_LBLOCK; n++)
1304 c->h[n] = SWAB64(c->h[n]);
1305
1306 if (md == NULL)
1307 return 0;
1308
1309 switch (c->md_len) {
1310 /* Let compiler decide if it's appropriate to unroll... */
1311 case STREEBOG256_LENGTH:
1312 for (n = 0; n < STREEBOG256_LENGTH / 8; n++) {
1313 STREEBOG_LONG64 t = c->h[4+n];
1314
1315#if BYTE_ORDER == BIG_ENDIAN
1316 *(md++) = (unsigned char)(t);
1317 *(md++) = (unsigned char)(t >> 8);
1318 *(md++) = (unsigned char)(t >> 16);
1319 *(md++) = (unsigned char)(t >> 24);
1320 *(md++) = (unsigned char)(t >> 32);
1321 *(md++) = (unsigned char)(t >> 40);
1322 *(md++) = (unsigned char)(t >> 48);
1323 *(md++) = (unsigned char)(t >> 56);
1324#else
1325 *(md++) = (unsigned char)(t >> 56);
1326 *(md++) = (unsigned char)(t >> 48);
1327 *(md++) = (unsigned char)(t >> 40);
1328 *(md++) = (unsigned char)(t >> 32);
1329 *(md++) = (unsigned char)(t >> 24);
1330 *(md++) = (unsigned char)(t >> 16);
1331 *(md++) = (unsigned char)(t >> 8);
1332 *(md++) = (unsigned char)(t);
1333#endif
1334 }
1335 break;
1336 case STREEBOG512_LENGTH:
1337 for (n = 0; n < STREEBOG512_LENGTH / 8; n++) {
1338 STREEBOG_LONG64 t = c->h[n];
1339
1340#if BYTE_ORDER == BIG_ENDIAN
1341 *(md++) = (unsigned char)(t);
1342 *(md++) = (unsigned char)(t >> 8);
1343 *(md++) = (unsigned char)(t >> 16);
1344 *(md++) = (unsigned char)(t >> 24);
1345 *(md++) = (unsigned char)(t >> 32);
1346 *(md++) = (unsigned char)(t >> 40);
1347 *(md++) = (unsigned char)(t >> 48);
1348 *(md++) = (unsigned char)(t >> 56);
1349#else
1350 *(md++) = (unsigned char)(t >> 56);
1351 *(md++) = (unsigned char)(t >> 48);
1352 *(md++) = (unsigned char)(t >> 40);
1353 *(md++) = (unsigned char)(t >> 32);
1354 *(md++) = (unsigned char)(t >> 24);
1355 *(md++) = (unsigned char)(t >> 16);
1356 *(md++) = (unsigned char)(t >> 8);
1357 *(md++) = (unsigned char)(t);
1358#endif
1359 }
1360 break;
1361 /* ... as well as make sure md_len is not abused. */
1362 default:
1363 return 0;
1364 }
1365
1366 return 1;
1367}
1368LCRYPTO_ALIAS(STREEBOG512_Final);
1369
1370int
1371STREEBOG256_Final(unsigned char *md, STREEBOG_CTX * c)
1372{
1373 return STREEBOG512_Final(md, c);
1374}
1375LCRYPTO_ALIAS(STREEBOG256_Final);
1376
1377int
1378STREEBOG512_Update(STREEBOG_CTX *c, const void *_data, size_t len)
1379{
1380 unsigned char *p = (unsigned char *)c->data;
1381 const unsigned char *data = (const unsigned char *)_data;
1382
1383 if (len == 0)
1384 return 1;
1385
1386 if (c->num != 0) {
1387 size_t n = STREEBOG_CBLOCK - c->num;
1388
1389 if (len < n) {
1390 memcpy(p + c->num, data, len);
1391 c->num += (unsigned int)len;
1392 return 1;
1393 } else {
1394 memcpy(p + c->num, data, n);
1395 c->num = 0;
1396 len -= n;
1397 data += n;
1398 streebog_block_data_order(c, p, 1);
1399 }
1400 }
1401
1402 if (len >= STREEBOG_CBLOCK) {
1403 streebog_block_data_order(c, data, len / STREEBOG_CBLOCK);
1404 data += len;
1405 len %= STREEBOG_CBLOCK;
1406 data -= len;
1407 }
1408
1409 if (len != 0) {
1410 memcpy(p, data, len);
1411 c->num = (int)len;
1412 }
1413
1414 return 1;
1415}
1416LCRYPTO_ALIAS(STREEBOG512_Update);
1417
1418int
1419STREEBOG256_Update(STREEBOG_CTX *c, const void *data, size_t len)
1420{
1421 return STREEBOG512_Update(c, data, len);
1422}
1423LCRYPTO_ALIAS(STREEBOG256_Update);
1424
1425void
1426STREEBOG512_Transform(STREEBOG_CTX *c, const unsigned char *data)
1427{
1428 streebog_block_data_order(c, data, 1);
1429}
1430LCRYPTO_ALIAS(STREEBOG512_Transform);
1431
1432int
1433STREEBOG256_Init(STREEBOG_CTX *c)
1434{
1435 memset(c, 0, sizeof(*c));
1436 memset(c->h, 1, sizeof(c->h));
1437
1438 c->md_len = STREEBOG256_LENGTH;
1439 return 1;
1440}
1441LCRYPTO_ALIAS(STREEBOG256_Init);
1442
1443int
1444STREEBOG512_Init(STREEBOG_CTX *c)
1445{
1446 memset(c, 0, sizeof(*c));
1447 memset(c->h, 0, sizeof(c->h));
1448
1449 c->num = 0;
1450 c->md_len = STREEBOG512_LENGTH;
1451 return 1;
1452}
1453LCRYPTO_ALIAS(STREEBOG512_Init);
1454
1455unsigned char *
1456STREEBOG256(const unsigned char *d, size_t n, unsigned char *md)
1457{
1458 STREEBOG_CTX c;
1459 static unsigned char m[STREEBOG256_LENGTH];
1460
1461 if (md == NULL)
1462 md = m;
1463 STREEBOG256_Init(&c);
1464 STREEBOG256_Update(&c, d, n);
1465 STREEBOG256_Final(md, &c);
1466 explicit_bzero(&c, sizeof(c));
1467 return (md);
1468}
1469LCRYPTO_ALIAS(STREEBOG256);
1470
1471unsigned char *
1472STREEBOG512(const unsigned char *d, size_t n, unsigned char *md)
1473{
1474 STREEBOG_CTX c;
1475 static unsigned char m[STREEBOG512_LENGTH];
1476
1477 if (md == NULL)
1478 md = m;
1479 STREEBOG512_Init(&c);
1480 STREEBOG512_Update(&c, d, n);
1481 STREEBOG512_Final(md, &c);
1482 explicit_bzero(&c, sizeof(c));
1483 return (md);
1484}
1485LCRYPTO_ALIAS(STREEBOG512);
1486
1487#endif
diff --git a/src/lib/libcrypto/opensslfeatures.h b/src/lib/libcrypto/opensslfeatures.h
index 02d5228953..faebb1f345 100644
--- a/src/lib/libcrypto/opensslfeatures.h
+++ b/src/lib/libcrypto/opensslfeatures.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: opensslfeatures.h,v 1.41 2023/07/28 09:53:55 tb Exp $ */ 1/* $OpenBSD: opensslfeatures.h,v 1.42 2024/03/02 11:17:27 tb Exp $ */
2/* 2/*
3 * Feature flags for LibreSSL... so you can actually tell when things 3 * Feature flags for LibreSSL... so you can actually tell when things
4 * are enabled, rather than not being able to tell when things are 4 * are enabled, rather than not being able to tell when things are
@@ -67,7 +67,7 @@
67/* #define OPENSSL_NO_ERR */ 67/* #define OPENSSL_NO_ERR */
68/* #define OPENSSL_NO_FUZZ_AFL */ 68/* #define OPENSSL_NO_FUZZ_AFL */
69/* #define OPENSSL_NO_FUZZ_LIBFUZZER */ 69/* #define OPENSSL_NO_FUZZ_LIBFUZZER */
70/* #define OPENSSL_NO_GOST */ 70#define OPENSSL_NO_GOST
71#define OPENSSL_NO_HEARTBEATS 71#define OPENSSL_NO_HEARTBEATS
72/* #define OPENSSL_NO_HW */ 72/* #define OPENSSL_NO_HW */
73/* #define OPENSSL_NO_HW_PADLOCK */ 73/* #define OPENSSL_NO_HW_PADLOCK */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:38:52 +0000