Initial commit

author: Dmitry Belyavsky <beldmit@manul.localdomain> 2015-08-14 20:50:01 +0300
committer: Dmitry Belyavsky <beldmit@manul.localdomain> 2015-08-14 20:50:01 +0300
commit: c98ba9d03213d0c63d6874539d59f7b55fbc3fae (patch)
tree: a27387a57d4bce07cc89f18a00687e7c24fa7ea2 /gost_keywrap.c
parent: 6bae2877d22e1bb30b20a7b09d6e5f8399e0e98b (diff)
download: gost-engine-c98ba9d03213d0c63d6874539d59f7b55fbc3fae.zip
gost-engine-c98ba9d03213d0c63d6874539d59f7b55fbc3fae.tar.gz
gost-engine-c98ba9d03213d0c63d6874539d59f7b55fbc3fae.tar.bz2
1 files changed, 106 insertions, 0 deletions
diff --git a/gost_keywrap.c b/gost_keywrap.c
new file mode 100644
index 0000000..502a83c
--- /dev/null
+++ b/gost_keywrap.c
@@ -0,0 +1,106 @@
+/**********************************************************************
+ *                          keywrap.c                                 *
+ *             Copyright (c) 2005-2006 Cryptocom LTD                  *
+ *         This file is distributed under the same license as OpenSSL *
+ *                                                                    *
+ * Implementation of CryptoPro key wrap algorithm, as defined in      *
+ *               RFC 4357 p 6.3 and 6.4                               *
+ *                  Doesn't need OpenSSL                              *
+ **********************************************************************/
+#include <string.h>
+#include "gost89.h"
+#include "gost_keywrap.h"
+
+/*-
+ * Diversifies key using random UserKey Material
+ * Implements RFC 4357 p 6.5 key diversification algorithm
+ *
+ * inputKey - 32byte key to be diversified
+ * ukm - 8byte user key material
+ * outputKey - 32byte buffer to store diversified key
+ *
+ */
+void keyDiversifyCryptoPro(gost_ctx * ctx, const unsigned char *inputKey,
+                           const unsigned char *ukm, unsigned char *outputKey)
+{
+
+    u4 k, s1, s2;
+    int i, j, mask;
+    unsigned char S[8];
+    memcpy(outputKey, inputKey, 32);
+    for (i = 0; i < 8; i++) {
+        /* Make array of integers from key */
+        /* Compute IV S */
+        s1 = 0, s2 = 0;
+        for (j = 0, mask = 1; j < 8; j++, mask <<= 1) {
+            k = ((u4) outputKey[4 * j]) | (outputKey[4 * j + 1] << 8) |
+                (outputKey[4 * j + 2] << 16) | (outputKey[4 * j + 3] << 24);
+            if (mask & ukm[i]) {
+                s1 += k;
+            } else {
+                s2 += k;
+            }
+        }
+        S[0] = (unsigned char)(s1 & 0xff);
+        S[1] = (unsigned char)((s1 >> 8) & 0xff);
+        S[2] = (unsigned char)((s1 >> 16) & 0xff);
+        S[3] = (unsigned char)((s1 >> 24) & 0xff);
+        S[4] = (unsigned char)(s2 & 0xff);
+        S[5] = (unsigned char)((s2 >> 8) & 0xff);
+        S[6] = (unsigned char)((s2 >> 16) & 0xff);
+        S[7] = (unsigned char)((s2 >> 24) & 0xff);
+        gost_key(ctx, outputKey);
+        gost_enc_cfb(ctx, S, outputKey, outputKey, 4);
+    }
+}
+
+/*-
+ * Wraps key using RFC 4357 6.3
+ * ctx - gost encryption context, initialized with some S-boxes
+ * keyExchangeKey (KEK) 32-byte (256-bit) shared key
+ * ukm - 8 byte (64 bit) user key material,
+ * sessionKey - 32-byte (256-bit) key to be wrapped
+ * wrappedKey - 44-byte buffer to store wrapped key
+ */
+
+int keyWrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey,
+                     const unsigned char *ukm,
+                     const unsigned char *sessionKey,
+                     unsigned char *wrappedKey)
+{
+    unsigned char kek_ukm[32];
+    keyDiversifyCryptoPro(ctx, keyExchangeKey, ukm, kek_ukm);
+    gost_key(ctx, kek_ukm);
+    memcpy(wrappedKey, ukm, 8);
+    gost_enc(ctx, sessionKey, wrappedKey + 8, 4);
+    gost_mac_iv(ctx, 32, ukm, sessionKey, 32, wrappedKey + 40);
+    return 1;
+}
+
+/*-
+ * Unwraps key using RFC 4357 6.4
+ * ctx - gost encryption context, initialized with some S-boxes
+ * keyExchangeKey 32-byte shared key
+ * wrappedKey  44 byte key to be unwrapped (concatenation of 8-byte UKM,
+ * 32 byte  encrypted key and 4 byte MAC
+ *
+ * sessionKEy - 32byte buffer to store sessionKey in
+ * Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match
+ */
+
+int keyUnwrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey,
+                       const unsigned char *wrappedKey,
+                       unsigned char *sessionKey)
+{
+    unsigned char kek_ukm[32], cek_mac[4];
+    keyDiversifyCryptoPro(ctx, keyExchangeKey, wrappedKey
+                          /* First 8 bytes of wrapped Key is ukm */
+                          , kek_ukm);
+    gost_key(ctx, kek_ukm);
+    gost_dec(ctx, wrappedKey + 8, sessionKey, 4);
+    gost_mac_iv(ctx, 32, wrappedKey, sessionKey, 32, cek_mac);
+    if (memcmp(cek_mac, wrappedKey + 40, 4)) {
+        return 0;
+    }
+    return 1;
+}
author	Dmitry Belyavsky <beldmit@manul.localdomain>	2015-08-14 20:50:01 +0300
committer	Dmitry Belyavsky <beldmit@manul.localdomain>	2015-08-14 20:50:01 +0300
commit	c98ba9d03213d0c63d6874539d59f7b55fbc3fae (patch)
tree	a27387a57d4bce07cc89f18a00687e7c24fa7ea2 /gost_keywrap.c
parent	6bae2877d22e1bb30b20a7b09d6e5f8399e0e98b (diff)
download	gost-engine-c98ba9d03213d0c63d6874539d59f7b55fbc3fae.zip gost-engine-c98ba9d03213d0c63d6874539d59f7b55fbc3fae.tar.gz gost-engine-c98ba9d03213d0c63d6874539d59f7b55fbc3fae.tar.bz2