1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
/*
* Copyright (c) 2020 Dmitry Belyavskiy <beldmit@gmail.com>
*
* Contents licensed under the terms of the OpenSSL license
* See https://www.openssl.org/source/license.html for details
*/
#ifndef GOST_GOST2015_H
#define GOST_GOST2015_H
#include "gost_grasshopper_cipher.h"
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/modes.h>
#define MAGMA_MAC_MAX_SIZE 8
#define KUZNYECHIK_MAC_MAX_SIZE 16
#define OID_GOST_CMS_MAC "1.2.643.7.1.0.6.1.1"
#define SN_magma_mgm "magma-mgm"
#define BSWAP64(x) \
(((x & 0xFF00000000000000ULL) >> 56) | \
((x & 0x00FF000000000000ULL) >> 40) | \
((x & 0x0000FF0000000000ULL) >> 24) | \
((x & 0x000000FF00000000ULL) >> 8) | \
((x & 0x00000000FF000000ULL) << 8) | \
((x & 0x0000000000FF0000ULL) << 24) | \
((x & 0x000000000000FF00ULL) << 40) | \
((x & 0x00000000000000FFULL) << 56))
typedef void (*mul128_f) (uint64_t *result, uint64_t *arg1, uint64_t *arg2);
typedef struct {
union {
uint64_t u[2];
uint32_t d[4];
uint8_t c[16];
} nonce, Yi, Zi, EKi, Hi, len, ACi, mul, sum, tag;
unsigned int mres, ares;
block128_f block;
mul128_f mul_gf;
int blocklen;
void *key;
} mgm128_context;
typedef struct {
union {
struct ossl_gost_cipher_ctx g_ks;
gost_grasshopper_cipher_ctx gh_ks;
} ks;
int key_set;
int iv_set;
mgm128_context mgm;
unsigned char *iv;
int ivlen;
int taglen;
int tlstree_mode;
} gost_mgm_ctx;
int gost2015_final_call(EVP_CIPHER_CTX *ctx, EVP_MD_CTX *omac_ctx, size_t mac_size,
unsigned char *encrypted_mac,
int (*do_cipher) (EVP_CIPHER_CTX *ctx,
unsigned char *out,
const unsigned char *in,
size_t inl));
/* IV is expected to be 16 bytes*/
int gost2015_get_asn1_params(const ASN1_TYPE *params, size_t ukm_size,
unsigned char *iv, size_t ukm_offset, unsigned char *kdf_seed);
int gost2015_set_asn1_params(ASN1_TYPE *params,
const unsigned char *iv, size_t iv_size, const unsigned char *kdf_seed);
int gost2015_process_unprotected_attributes(STACK_OF(X509_ATTRIBUTE) *attrs,
int encryption, size_t mac_len, unsigned char *final_tag);
int gost2015_acpkm_omac_init(int nid, int enc, const unsigned char *inkey,
EVP_MD_CTX *omac_ctx,
unsigned char *outkey, unsigned char *kdf_seed);
int init_zero_kdf_seed(unsigned char *kdf_seed);
/* enc/dec mgm mode */
void gost_mgm128_init(mgm128_context *ctx, void *key, block128_f block,
mul128_f mul_gf, int blen);
int gost_mgm128_setiv(mgm128_context *ctx, const unsigned char *iv, size_t len);
int gost_mgm128_aad(mgm128_context *ctx, const unsigned char *aad, size_t len);
int gost_mgm128_encrypt(mgm128_context *ctx, const unsigned char *in,
unsigned char *out, size_t len);
int gost_mgm128_decrypt(mgm128_context *ctx, const unsigned char *in,
unsigned char *out, size_t len);
int gost_mgm128_finish(mgm128_context *ctx, const unsigned char *tag, size_t len);
void gost_mgm128_tag(mgm128_context *ctx, unsigned char *tag, size_t len);
#endif
|
