summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/gost/gost2814789.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/gost/gost2814789.c')
-rw-r--r--src/lib/libcrypto/gost/gost2814789.c480
1 files changed, 0 insertions, 480 deletions
diff --git a/src/lib/libcrypto/gost/gost2814789.c b/src/lib/libcrypto/gost/gost2814789.c
deleted file mode 100644
index dac3a8eab8..0000000000
--- a/src/lib/libcrypto/gost/gost2814789.c
+++ /dev/null
@@ -1,480 +0,0 @@
1/* $OpenBSD: gost2814789.c,v 1.9 2023/07/08 14:30:44 beck Exp $ */
2/*
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 */
51
52#include <endian.h>
53#include <string.h>
54
55#include <openssl/opensslconf.h>
56
57#ifndef OPENSSL_NO_GOST
58#include <openssl/objects.h>
59#include <openssl/gost.h>
60
61#include "gost_local.h"
62
63static inline unsigned int
64f(const GOST2814789_KEY *c, unsigned int x)
65{
66 return c->k87[(x>>24) & 255] | c->k65[(x>>16) & 255]|
67 c->k43[(x>> 8) & 255] | c->k21[(x ) & 255];
68}
69
70void
71Gost2814789_encrypt(const unsigned char *in, unsigned char *out,
72 const GOST2814789_KEY *key)
73{
74 unsigned int n1, n2; /* As named in the GOST */
75
76 c2l(in, n1);
77 c2l(in, n2);
78
79 /* Instead of swapping halves, swap names each round */
80 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
81 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
82 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
83 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
84
85 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
86 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
87 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
88 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
89
90 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
91 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
92 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
93 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
94
95 n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
96 n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
97 n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
98 n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
99
100 l2c(n2, out);
101 l2c(n1, out);
102}
103
104void
105Gost2814789_decrypt(const unsigned char *in, unsigned char *out,
106 const GOST2814789_KEY *key)
107{
108 unsigned int n1, n2; /* As named in the GOST */
109
110 c2l(in, n1);
111 c2l(in, n2);
112
113 /* Instead of swapping halves, swap names each round */
114 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
115 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
116 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
117 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
118
119 n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
120 n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
121 n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
122 n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
123
124 n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
125 n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
126 n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
127 n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
128
129 n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
130 n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
131 n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
132 n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
133
134 l2c(n2, out);
135 l2c(n1, out);
136}
137
138static void
139Gost2814789_mac(const unsigned char *in, unsigned char *mac,
140 GOST2814789_KEY *key)
141{
142 unsigned int n1, n2; /* As named in the GOST */
143 unsigned char *p;
144 int i;
145
146 for (i = 0; i < 8; i++)
147 mac[i] ^= in[i];
148
149 p = mac;
150 c2l(p, n1);
151 c2l(p, n2);
152
153 /* Instead of swapping halves, swap names each round */
154 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
155 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
156 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
157 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
158
159 n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
160 n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
161 n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
162 n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
163
164 p = mac;
165 l2c(n1, p);
166 l2c(n2, p);
167}
168
169void
170Gost2814789_ecb_encrypt(const unsigned char *in, unsigned char *out,
171 GOST2814789_KEY *key, const int enc)
172{
173 if (key->key_meshing && key->count == 1024) {
174 Gost2814789_cryptopro_key_mesh(key);
175 key->count = 0;
176 }
177
178 if (enc)
179 Gost2814789_encrypt(in, out, key);
180 else
181 Gost2814789_decrypt(in, out, key);
182}
183LCRYPTO_ALIAS(Gost2814789_ecb_encrypt);
184
185static inline void
186Gost2814789_encrypt_mesh(unsigned char *iv, GOST2814789_KEY *key)
187{
188 if (key->key_meshing && key->count == 1024) {
189 Gost2814789_cryptopro_key_mesh(key);
190 Gost2814789_encrypt(iv, iv, key);
191 key->count = 0;
192 }
193 Gost2814789_encrypt(iv, iv, key);
194 key->count += 8;
195}
196
197static inline void
198Gost2814789_mac_mesh(const unsigned char *data, unsigned char *mac,
199 GOST2814789_KEY *key)
200{
201 if (key->key_meshing && key->count == 1024) {
202 Gost2814789_cryptopro_key_mesh(key);
203 key->count = 0;
204 }
205 Gost2814789_mac(data, mac, key);
206 key->count += 8;
207}
208
209void
210Gost2814789_cfb64_encrypt(const unsigned char *in, unsigned char *out,
211 size_t len, GOST2814789_KEY *key, unsigned char *ivec, int *num,
212 const int enc)
213{
214 unsigned int n;
215 size_t l = 0;
216
217 n = *num;
218
219 if (enc) {
220#if !defined(OPENSSL_SMALL_FOOTPRINT)
221 if (8 % sizeof(size_t) == 0) do { /* always true actually */
222 while (n && len) {
223 *(out++) = ivec[n] ^= *(in++);
224 --len;
225 n = (n + 1) % 8;
226 }
227#ifdef __STRICT_ALIGNMENT
228 if (((size_t)in | (size_t)out | (size_t)ivec) %
229 sizeof(size_t) != 0)
230 break;
231#endif
232 while (len >= 8) {
233 Gost2814789_encrypt_mesh(ivec, key);
234 for (; n < 8; n += sizeof(size_t)) {
235 *(size_t*)(out + n) =
236 *(size_t*)(ivec + n) ^=
237 *(size_t*)(in + n);
238 }
239 len -= 8;
240 out += 8;
241 in += 8;
242 n = 0;
243 }
244 if (len) {
245 Gost2814789_encrypt_mesh(ivec, key);
246 while (len--) {
247 out[n] = ivec[n] ^= in[n];
248 ++n;
249 }
250 }
251 *num = n;
252 return;
253 } while (0);
254 /* the rest would be commonly eliminated by x86* compiler */
255#endif
256 while (l<len) {
257 if (n == 0) {
258 Gost2814789_encrypt_mesh(ivec, key);
259 }
260 out[l] = ivec[n] ^= in[l];
261 ++l;
262 n = (n + 1) % 8;
263 }
264 *num = n;
265 } else {
266#if !defined(OPENSSL_SMALL_FOOTPRINT)
267 if (8 % sizeof(size_t) == 0) do { /* always true actually */
268 while (n && len) {
269 unsigned char c;
270
271 *(out++) = ivec[n] ^ (c = *(in++));
272 ivec[n] = c;
273 --len;
274 n = (n + 1) % 8;
275 }
276#ifdef __STRICT_ALIGNMENT
277 if (((size_t)in | (size_t)out | (size_t)ivec) %
278 sizeof(size_t) != 0)
279 break;
280#endif
281 while (len >= 8) {
282 Gost2814789_encrypt_mesh(ivec, key);
283 for (; n < 8; n += sizeof(size_t)) {
284 size_t t = *(size_t*)(in + n);
285 *(size_t*)(out + n) =
286 *(size_t*)(ivec + n) ^ t;
287 *(size_t*)(ivec + n) = t;
288 }
289 len -= 8;
290 out += 8;
291 in += 8;
292 n = 0;
293 }
294 if (len) {
295 Gost2814789_encrypt_mesh(ivec, key);
296 while (len--) {
297 unsigned char c;
298
299 out[n] = ivec[n] ^ (c = in[n]);
300 ivec[n] = c;
301 ++n;
302 }
303 }
304 *num = n;
305 return;
306 } while (0);
307 /* the rest would be commonly eliminated by x86* compiler */
308#endif
309 while (l < len) {
310 unsigned char c;
311
312 if (n == 0) {
313 Gost2814789_encrypt_mesh(ivec, key);
314 }
315 out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c;
316 ++l;
317 n = (n + 1) % 8;
318 }
319 *num = n;
320 }
321}
322LCRYPTO_ALIAS(Gost2814789_cfb64_encrypt);
323
324static inline void
325Gost2814789_cnt_next(unsigned char *ivec, unsigned char *out,
326 GOST2814789_KEY *key)
327{
328 unsigned char *p = ivec, *p2 = ivec;
329 unsigned int val, val2;
330
331 if (key->count == 0)
332 Gost2814789_encrypt(ivec, ivec, key);
333
334 if (key->key_meshing && key->count == 1024) {
335 Gost2814789_cryptopro_key_mesh(key);
336 Gost2814789_encrypt(ivec, ivec, key);
337 key->count = 0;
338 }
339
340 c2l(p, val);
341 val2 = val + 0x01010101;
342 l2c(val2, p2);
343
344 c2l(p, val);
345 val2 = val + 0x01010104;
346 if (val > val2) /* overflow */
347 val2++;
348 l2c(val2, p2);
349
350 Gost2814789_encrypt(ivec, out, key);
351 key->count += 8;
352}
353
354void
355Gost2814789_cnt_encrypt(const unsigned char *in, unsigned char *out, size_t len,
356 GOST2814789_KEY *key, unsigned char *ivec, unsigned char *cnt_buf, int *num)
357{
358 unsigned int n;
359 size_t l = 0;
360
361 n = *num;
362
363#if !defined(OPENSSL_SMALL_FOOTPRINT)
364 if (8 % sizeof(size_t) == 0) do { /* always true actually */
365 while (n && len) {
366 *(out++) = *(in++) ^ cnt_buf[n];
367 --len;
368 n = (n + 1) % 8;
369 }
370
371#ifdef __STRICT_ALIGNMENT
372 if (((size_t)in | (size_t)out | (size_t)ivec) %
373 sizeof(size_t) != 0)
374 break;
375#endif
376 while (len >= 8) {
377 Gost2814789_cnt_next(ivec, cnt_buf, key);
378 for (; n < 8; n += sizeof(size_t))
379 *(size_t *)(out + n) = *(size_t *)(in + n) ^
380 *(size_t *)(cnt_buf + n);
381 len -= 8;
382 out += 8;
383 in += 8;
384 n = 0;
385 }
386 if (len) {
387 Gost2814789_cnt_next(ivec, cnt_buf, key);
388 while (len--) {
389 out[n] = in[n] ^ cnt_buf[n];
390 ++n;
391 }
392 }
393 *num = n;
394 return;
395 } while(0);
396 /* the rest would be commonly eliminated by x86* compiler */
397#endif
398 while (l < len) {
399 if (n==0)
400 Gost2814789_cnt_next(ivec, cnt_buf, key);
401 out[l] = in[l] ^ cnt_buf[n];
402 ++l;
403 n = (n + 1) % 8;
404 }
405
406 *num=n;
407}
408LCRYPTO_ALIAS(Gost2814789_cnt_encrypt);
409
410int
411GOST2814789IMIT_Init(GOST2814789IMIT_CTX *c, int nid)
412{
413 c->Nl = c->Nh = c->num = 0;
414 memset(c->mac, 0, 8);
415 return Gost2814789_set_sbox(&c->cipher, nid);
416}
417LCRYPTO_ALIAS(GOST2814789IMIT_Init);
418
419static void
420GOST2814789IMIT_block_data_order(GOST2814789IMIT_CTX *ctx,
421 const unsigned char *p, size_t num)
422{
423 int i;
424
425 for (i = 0; i < num; i++) {
426 Gost2814789_mac_mesh(p, ctx->mac, &ctx->cipher);
427 p += 8;
428 }
429}
430
431#define DATA_ORDER_IS_LITTLE_ENDIAN
432
433#define HASH_CBLOCK GOST2814789IMIT_CBLOCK
434#define HASH_LONG GOST2814789IMIT_LONG
435#define HASH_CTX GOST2814789IMIT_CTX
436#define HASH_UPDATE GOST2814789IMIT_Update
437#define HASH_TRANSFORM GOST2814789IMIT_Transform
438#define HASH_NO_FINAL 1
439#define HASH_BLOCK_DATA_ORDER GOST2814789IMIT_block_data_order
440
441#include "md32_common.h"
442LCRYPTO_ALIAS(GOST2814789IMIT_Update);
443LCRYPTO_ALIAS(GOST2814789IMIT_Transform);
444
445int
446GOST2814789IMIT_Final(unsigned char *md, GOST2814789IMIT_CTX *c)
447{
448 if (c->num) {
449 memset(c->data + c->num, 0, 8 - c->num);
450 Gost2814789_mac_mesh(c->data, c->mac, &c->cipher);
451 }
452 if (c->Nl <= 8 * 8 && c->Nl > 0 && c->Nh == 0) {
453 memset(c->data, 0, 8);
454 Gost2814789_mac_mesh(c->data, c->mac, &c->cipher);
455 }
456 memcpy(md, c->mac, 4);
457 return 1;
458}
459LCRYPTO_ALIAS(GOST2814789IMIT_Final);
460
461unsigned char *
462GOST2814789IMIT(const unsigned char *d, size_t n, unsigned char *md, int nid,
463 const unsigned char *key, const unsigned char *iv)
464{
465 GOST2814789IMIT_CTX c;
466 static unsigned char m[GOST2814789IMIT_LENGTH];
467
468 if (md == NULL)
469 md = m;
470 GOST2814789IMIT_Init(&c, nid);
471 memcpy(c.mac, iv, 8);
472 Gost2814789_set_key(&c.cipher, key, 256);
473 GOST2814789IMIT_Update(&c, d, n);
474 GOST2814789IMIT_Final(md, &c);
475 explicit_bzero(&c, sizeof(c));
476 return (md);
477}
478LCRYPTO_ALIAS(GOST2814789IMIT);
479
480#endif