/src/openssl/engines/ccgost/gost_keywrap.c

Source (jump to first uncovered line)
/**********************************************************************
 *                          keywrap.c                                 *
 *             Copyright (c) 2005-2006 Cryptocom LTD                  *
 *         This file is distributed under the same license as OpenSSL *
 *                                                                    *
 * Implementation of CryptoPro key wrap algorithm, as defined in      *
 *               RFC 4357 p 6.3 and 6.4                               *
 *                  Doesn't need OpenSSL                              *
 **********************************************************************/
#include <string.h>
#include "gost89.h"
#include "gost_keywrap.h"

/*-
 * Diversifies key using random UserKey Material
 * Implements RFC 4357 p 6.5 key diversification algorithm
 *
 * inputKey - 32byte key to be diversified
 * ukm - 8byte user key material
 * outputKey - 32byte buffer to store diversified key
 *
 */
void keyDiversifyCryptoPro(gost_ctx * ctx, const unsigned char *inputKey,
                           const unsigned char *ukm, unsigned char *outputKey)
{

    u4 k, s1, s2;
    int i, j, mask;
    unsigned char S[8];
    memcpy(outputKey, inputKey, 32);
    for (i = 0; i < 8; i++) {
        /* Make array of integers from key */
        /* Compute IV S */
        s1 = 0, s2 = 0;
        for (j = 0, mask = 1; j < 8; j++, mask <<= 1) {
            k = ((u4) outputKey[4 * j]) | (outputKey[4 * j + 1] << 8) |
                (outputKey[4 * j + 2] << 16) | (outputKey[4 * j + 3] << 24);
            if (mask & ukm[i]) {
                s1 += k;
            } else {
                s2 += k;
            }
        }
        S[0] = (unsigned char)(s1 & 0xff);
        S[1] = (unsigned char)((s1 >> 8) & 0xff);
        S[2] = (unsigned char)((s1 >> 16) & 0xff);
        S[3] = (unsigned char)((s1 >> 24) & 0xff);
        S[4] = (unsigned char)(s2 & 0xff);
        S[5] = (unsigned char)((s2 >> 8) & 0xff);
        S[6] = (unsigned char)((s2 >> 16) & 0xff);
        S[7] = (unsigned char)((s2 >> 24) & 0xff);
        gost_key(ctx, outputKey);
        gost_enc_cfb(ctx, S, outputKey, outputKey, 4);
    }
}

/*-
 * Wraps key using RFC 4357 6.3
 * ctx - gost encryption context, initialized with some S-boxes
 * keyExchangeKey (KEK) 32-byte (256-bit) shared key
 * ukm - 8 byte (64 bit) user key material,
 * sessionKey - 32-byte (256-bit) key to be wrapped
 * wrappedKey - 44-byte buffer to store wrapped key
 */

int keyWrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey,
                     const unsigned char *ukm,
                     const unsigned char *sessionKey,
                     unsigned char *wrappedKey)
{
    unsigned char kek_ukm[32];
    keyDiversifyCryptoPro(ctx, keyExchangeKey, ukm, kek_ukm);
    gost_key(ctx, kek_ukm);
    memcpy(wrappedKey, ukm, 8);
    gost_enc(ctx, sessionKey, wrappedKey + 8, 4);
    gost_mac_iv(ctx, 32, ukm, sessionKey, 32, wrappedKey + 40);
    return 1;
}

/*-
 * Unwraps key using RFC 4357 6.4
 * ctx - gost encryption context, initialized with some S-boxes
 * keyExchangeKey 32-byte shared key
 * wrappedKey  44 byte key to be unwrapped (concatenation of 8-byte UKM,
 * 32 byte  encrypted key and 4 byte MAC
 *
 * sessionKEy - 32byte buffer to store sessionKey in
 * Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match
 */

int keyUnwrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey,
                       const unsigned char *wrappedKey,
                       unsigned char *sessionKey)
{
    unsigned char kek_ukm[32], cek_mac[4];
    keyDiversifyCryptoPro(ctx, keyExchangeKey, wrappedKey
                          /* First 8 bytes of wrapped Key is ukm */
                          , kek_ukm);
    gost_key(ctx, kek_ukm);
    gost_dec(ctx, wrappedKey + 8, sessionKey, 4);
    gost_mac_iv(ctx, 32, wrappedKey, sessionKey, 32, cek_mac);
    if (memcmp(cek_mac, wrappedKey + 40, 4)) {
        return 0;
    }
    return 1;
}

Coverage Report

Created: 2022-11-30 06:20

Line	Count	Source (jump to first uncovered line)
1		/**********************************************************************
2		* keywrap.c *
3		* Copyright (c) 2005-2006 Cryptocom LTD *
4		* This file is distributed under the same license as OpenSSL *
5		* *
6		* Implementation of CryptoPro key wrap algorithm, as defined in *
7		* RFC 4357 p 6.3 and 6.4 *
8		* Doesn't need OpenSSL *
9		**********************************************************************/
10		#include <string.h>
11		#include "gost89.h"
12		#include "gost_keywrap.h"
13
14		/*-
15		* Diversifies key using random UserKey Material
16		* Implements RFC 4357 p 6.5 key diversification algorithm
17		*
18		* inputKey - 32byte key to be diversified
19		* ukm - 8byte user key material
20		* outputKey - 32byte buffer to store diversified key
21		*
22		*/
23		void keyDiversifyCryptoPro(gost_ctx * ctx, const unsigned char *inputKey,
24		const unsigned char ukm, unsigned char outputKey)
25	0	{
26
27	0	u4 k, s1, s2;
28	0	int i, j, mask;
29	0	unsigned char S[8];
30	0	memcpy(outputKey, inputKey, 32);
31	0	for (i = 0; i < 8; i++) {
32		/* Make array of integers from key */
33		/* Compute IV S */
34	0	s1 = 0, s2 = 0;
35	0	for (j = 0, mask = 1; j < 8; j++, mask <<= 1) {
36	0	k = ((u4) outputKey[4 * j]) \| (outputKey[4 * j + 1] << 8) \|
37	0	(outputKey[4 * j + 2] << 16) \| (outputKey[4 * j + 3] << 24);
38	0	if (mask & ukm[i]) {
39	0	s1 += k;
40	0	} else {
41	0	s2 += k;
42	0	}
43	0	}
44	0	S[0] = (unsigned char)(s1 & 0xff);
45	0	S[1] = (unsigned char)((s1 >> 8) & 0xff);
46	0	S[2] = (unsigned char)((s1 >> 16) & 0xff);
47	0	S[3] = (unsigned char)((s1 >> 24) & 0xff);
48	0	S[4] = (unsigned char)(s2 & 0xff);
49	0	S[5] = (unsigned char)((s2 >> 8) & 0xff);
50	0	S[6] = (unsigned char)((s2 >> 16) & 0xff);
51	0	S[7] = (unsigned char)((s2 >> 24) & 0xff);
52	0	gost_key(ctx, outputKey);
53	0	gost_enc_cfb(ctx, S, outputKey, outputKey, 4);
54	0	}
55	0	}
56
57		/*-
58		* Wraps key using RFC 4357 6.3
59		* ctx - gost encryption context, initialized with some S-boxes
60		* keyExchangeKey (KEK) 32-byte (256-bit) shared key
61		* ukm - 8 byte (64 bit) user key material,
62		* sessionKey - 32-byte (256-bit) key to be wrapped
63		* wrappedKey - 44-byte buffer to store wrapped key
64		*/
65
66		int keyWrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey,
67		const unsigned char *ukm,
68		const unsigned char *sessionKey,
69		unsigned char *wrappedKey)
70	0	{
71	0	unsigned char kek_ukm[32];
72	0	keyDiversifyCryptoPro(ctx, keyExchangeKey, ukm, kek_ukm);
73	0	gost_key(ctx, kek_ukm);
74	0	memcpy(wrappedKey, ukm, 8);
75	0	gost_enc(ctx, sessionKey, wrappedKey + 8, 4);
76	0	gost_mac_iv(ctx, 32, ukm, sessionKey, 32, wrappedKey + 40);
77	0	return 1;
78	0	}
79
80		/*-
81		* Unwraps key using RFC 4357 6.4
82		* ctx - gost encryption context, initialized with some S-boxes
83		* keyExchangeKey 32-byte shared key
84		* wrappedKey 44 byte key to be unwrapped (concatenation of 8-byte UKM,
85		* 32 byte encrypted key and 4 byte MAC
86		*
87		* sessionKEy - 32byte buffer to store sessionKey in
88		* Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match
89		*/
90
91		int keyUnwrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey,
92		const unsigned char *wrappedKey,
93		unsigned char *sessionKey)
94	0	{
95	0	unsigned char kek_ukm[32], cek_mac[4];
96	0	keyDiversifyCryptoPro(ctx, keyExchangeKey, wrappedKey
97		/* First 8 bytes of wrapped Key is ukm */
98	0	, kek_ukm);
99	0	gost_key(ctx, kek_ukm);
100	0	gost_dec(ctx, wrappedKey + 8, sessionKey, 4);
101	0	gost_mac_iv(ctx, 32, wrappedKey, sessionKey, 32, cek_mac);
102	0	if (memcmp(cek_mac, wrappedKey + 40, 4)) {
103	0	return 0;
104	0	}
105	0	return 1;
106	0	}