diff options
Diffstat (limited to 'openssl/engines/ccgost/gost_keywrap.c')
-rw-r--r-- | openssl/engines/ccgost/gost_keywrap.c | 155 |
1 files changed, 76 insertions, 79 deletions
diff --git a/openssl/engines/ccgost/gost_keywrap.c b/openssl/engines/ccgost/gost_keywrap.c index c618f6da2..502a83c62 100644 --- a/openssl/engines/ccgost/gost_keywrap.c +++ b/openssl/engines/ccgost/gost_keywrap.c @@ -11,99 +11,96 @@ #include "gost89.h" #include "gost_keywrap.h" -/* Diversifies key using random UserKey Material - * Implements RFC 4357 p 6.5 key diversification algorithm - * +/*- + * Diversifies key using random UserKey Material + * Implements RFC 4357 p 6.5 key diversification algorithm + * * inputKey - 32byte key to be diversified * ukm - 8byte user key material - * outputKey - 32byte buffer to store diversified key + * outputKey - 32byte buffer to store diversified key * */ -void keyDiversifyCryptoPro(gost_ctx *ctx,const unsigned char *inputKey, const unsigned char *ukm, unsigned char *outputKey) - { +void keyDiversifyCryptoPro(gost_ctx * ctx, const unsigned char *inputKey, + const unsigned char *ukm, unsigned char *outputKey) +{ - u4 k,s1,s2; - int i,j,mask; - unsigned char S[8]; - memcpy(outputKey,inputKey,32); - for (i=0;i<8;i++) - { - /* Make array of integers from key */ - /* Compute IV S*/ - s1=0,s2=0; - for (j=0,mask=1;j<8;j++,mask<<=1) - { - k=((u4)outputKey[4*j])|(outputKey[4*j+1]<<8)| - (outputKey[4*j+2]<<16)|(outputKey[4*j+3]<<24); - if (mask & ukm[i]) - { - s1+=k; - } - else - { - s2+=k; - } - } - S[0]=(unsigned char)(s1&0xff); - S[1]=(unsigned char)((s1>>8)&0xff); - S[2]=(unsigned char)((s1>>16)&0xff); - S[3]=(unsigned char)((s1>>24)&0xff); - S[4]=(unsigned char)(s2&0xff); - S[5]=(unsigned char)((s2>>8)&0xff); - S[6]=(unsigned char)((s2>>16)&0xff); - S[7]=(unsigned char)((s2>>24)&0xff); - gost_key(ctx,outputKey); - gost_enc_cfb(ctx,S,outputKey,outputKey,4); - } - } - + u4 k, s1, s2; + int i, j, mask; + unsigned char S[8]; + memcpy(outputKey, inputKey, 32); + for (i = 0; i < 8; i++) { + /* Make array of integers from key */ + /* Compute IV S */ + s1 = 0, s2 = 0; + for (j = 0, mask = 1; j < 8; j++, mask <<= 1) { + k = ((u4) outputKey[4 * j]) | (outputKey[4 * j + 1] << 8) | + (outputKey[4 * j + 2] << 16) | (outputKey[4 * j + 3] << 24); + if (mask & ukm[i]) { + s1 += k; + } else { + s2 += k; + } + } + S[0] = (unsigned char)(s1 & 0xff); + S[1] = (unsigned char)((s1 >> 8) & 0xff); + S[2] = (unsigned char)((s1 >> 16) & 0xff); + S[3] = (unsigned char)((s1 >> 24) & 0xff); + S[4] = (unsigned char)(s2 & 0xff); + S[5] = (unsigned char)((s2 >> 8) & 0xff); + S[6] = (unsigned char)((s2 >> 16) & 0xff); + S[7] = (unsigned char)((s2 >> 24) & 0xff); + gost_key(ctx, outputKey); + gost_enc_cfb(ctx, S, outputKey, outputKey, 4); + } +} -/* +/*- * Wraps key using RFC 4357 6.3 - * ctx - gost encryption context, initialized with some S-boxes + * ctx - gost encryption context, initialized with some S-boxes * keyExchangeKey (KEK) 32-byte (256-bit) shared key - * ukm - 8 byte (64 bit) user key material, + * ukm - 8 byte (64 bit) user key material, * sessionKey - 32-byte (256-bit) key to be wrapped * wrappedKey - 44-byte buffer to store wrapped key - */ + */ -int keyWrapCryptoPro(gost_ctx *ctx,const unsigned char *keyExchangeKey, const unsigned char *ukm, - const unsigned char *sessionKey, unsigned char *wrappedKey) - { - unsigned char kek_ukm[32]; - keyDiversifyCryptoPro(ctx,keyExchangeKey,ukm,kek_ukm); - gost_key(ctx,kek_ukm); - memcpy(wrappedKey,ukm,8); - gost_enc(ctx,sessionKey,wrappedKey+8,4); - gost_mac_iv(ctx,32,ukm,sessionKey,32,wrappedKey+40); - return 1; - } -/* +int keyWrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey, + const unsigned char *ukm, + const unsigned char *sessionKey, + unsigned char *wrappedKey) +{ + unsigned char kek_ukm[32]; + keyDiversifyCryptoPro(ctx, keyExchangeKey, ukm, kek_ukm); + gost_key(ctx, kek_ukm); + memcpy(wrappedKey, ukm, 8); + gost_enc(ctx, sessionKey, wrappedKey + 8, 4); + gost_mac_iv(ctx, 32, ukm, sessionKey, 32, wrappedKey + 40); + return 1; +} + +/*- * Unwraps key using RFC 4357 6.4 - * ctx - gost encryption context, initialized with some S-boxes + * ctx - gost encryption context, initialized with some S-boxes * keyExchangeKey 32-byte shared key * wrappedKey 44 byte key to be unwrapped (concatenation of 8-byte UKM, - * 32 byte encrypted key and 4 byte MAC - * + * 32 byte encrypted key and 4 byte MAC + * * sessionKEy - 32byte buffer to store sessionKey in * Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match - */ - -int keyUnwrapCryptoPro(gost_ctx *ctx,const unsigned char *keyExchangeKey, - const unsigned char *wrappedKey, unsigned char *sessionKey) - { - unsigned char kek_ukm[32],cek_mac[4]; - keyDiversifyCryptoPro(ctx,keyExchangeKey,wrappedKey - /* First 8 bytes of wrapped Key is ukm */ - ,kek_ukm); - gost_key(ctx,kek_ukm); - gost_dec(ctx,wrappedKey+8,sessionKey,4); - gost_mac_iv(ctx,32,wrappedKey,sessionKey,32,cek_mac); - if (memcmp(cek_mac,wrappedKey+40,4)) - { - return 0; - } - return 1; - } - + */ +int keyUnwrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey, + const unsigned char *wrappedKey, + unsigned char *sessionKey) +{ + unsigned char kek_ukm[32], cek_mac[4]; + keyDiversifyCryptoPro(ctx, keyExchangeKey, wrappedKey + /* First 8 bytes of wrapped Key is ukm */ + , kek_ukm); + gost_key(ctx, kek_ukm); + gost_dec(ctx, wrappedKey + 8, sessionKey, 4); + gost_mac_iv(ctx, 32, wrappedKey, sessionKey, 32, cek_mac); + if (memcmp(cek_mac, wrappedKey + 40, 4)) { + return 0; + } + return 1; +} |