/src/gnutls/lib/nettle/gost/gost-wrap.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* GOST 28147-89 (Magma) implementation |
2 | | * |
3 | | * Copyright: 2015, 2016 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> |
4 | | * Copyright: 2009-2012 Aleksey Kravchenko <rhash.admin@gmail.com> |
5 | | * |
6 | | * Permission is hereby granted, free of charge, to any person obtaining a |
7 | | * copy of this software and associated documentation files (the |
8 | | * "Software"), to deal in the Software without restriction, including |
9 | | * without limitation the rights to use, copy, modify, merge, publish, |
10 | | * distribute, sublicense, and/or sell copies of the Software, and to |
11 | | * permit persons to whom the Software is furnished to do so, subject to |
12 | | * the following conditions: |
13 | | * |
14 | | * The above copyright notice and this permission notice shall be included |
15 | | * in all copies or substantial portions of the Software. |
16 | | * |
17 | | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
18 | | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
19 | | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
20 | | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY |
21 | | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
22 | | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE |
23 | | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
24 | | */ |
25 | | |
26 | | #if HAVE_CONFIG_H |
27 | | #include "config.h" |
28 | | #endif |
29 | | |
30 | | #include "gnutls_int.h" |
31 | | |
32 | | #include <string.h> |
33 | | |
34 | | #include <nettle/macros.h> |
35 | | #include "gost28147.h" |
36 | | #include <nettle/cfb.h> |
37 | | #include <nettle/memops.h> |
38 | | |
39 | | void gost28147_kdf_cryptopro(const struct gost28147_param *param, |
40 | | const uint8_t *in, const uint8_t *ukm, |
41 | | uint8_t *out) |
42 | 0 | { |
43 | 0 | struct gost28147_ctx ctx; |
44 | 0 | int i; |
45 | |
|
46 | 0 | memcpy(out, in, GOST28147_KEY_SIZE); |
47 | 0 | for (i = 0; i < 8; i++) { |
48 | 0 | uint8_t mask; |
49 | 0 | uint8_t *p; |
50 | 0 | uint8_t iv[GOST28147_BLOCK_SIZE]; |
51 | 0 | uint32_t block[2] = { 0, 0 }; |
52 | 0 | uint32_t t; |
53 | |
|
54 | 0 | for (p = out, mask = 1; mask; mask <<= 1) { |
55 | 0 | t = LE_READ_UINT32(p); |
56 | 0 | p += 4; |
57 | 0 | if (mask & ukm[i]) |
58 | 0 | block[0] += t; |
59 | 0 | else |
60 | 0 | block[1] += t; |
61 | 0 | } |
62 | |
|
63 | 0 | LE_WRITE_UINT32(iv + 0, block[0]); |
64 | 0 | LE_WRITE_UINT32(iv + 4, block[1]); |
65 | |
|
66 | 0 | gost28147_set_key(&ctx, out); |
67 | 0 | gost28147_set_param(&ctx, param); |
68 | 0 | cfb_encrypt(&ctx, |
69 | 0 | (nettle_cipher_func *)gost28147_encrypt_for_cfb, |
70 | 0 | GOST28147_BLOCK_SIZE, iv, GOST28147_KEY_SIZE, out, |
71 | 0 | out); |
72 | 0 | } |
73 | 0 | } |
74 | | |
75 | | void gost28147_key_wrap_cryptopro(const struct gost28147_param *param, |
76 | | const uint8_t *kek, const uint8_t *ukm, |
77 | | size_t ukm_size, const uint8_t *cek, |
78 | | uint8_t *enc, uint8_t *imit) |
79 | 0 | { |
80 | 0 | uint8_t kd[GOST28147_KEY_SIZE]; |
81 | 0 | struct gost28147_ctx ctx; |
82 | 0 | struct gost28147_imit_ctx ictx; |
83 | |
|
84 | 0 | assert(ukm_size >= GOST28147_IMIT_BLOCK_SIZE); |
85 | | |
86 | 0 | gost28147_kdf_cryptopro(param, kek, ukm, kd); |
87 | 0 | gost28147_set_key(&ctx, kd); |
88 | 0 | gost28147_set_param(&ctx, param); |
89 | 0 | gost28147_encrypt(&ctx, GOST28147_KEY_SIZE, enc, cek); |
90 | |
|
91 | 0 | gost28147_imit_set_key(&ictx, GOST28147_KEY_SIZE, kd); |
92 | 0 | gost28147_imit_set_param(&ictx, param); |
93 | 0 | gost28147_imit_set_nonce(&ictx, ukm); |
94 | 0 | gost28147_imit_update(&ictx, GOST28147_KEY_SIZE, cek); |
95 | 0 | gost28147_imit_digest(&ictx, GOST28147_IMIT_DIGEST_SIZE, imit); |
96 | 0 | } |
97 | | |
98 | | int gost28147_key_unwrap_cryptopro(const struct gost28147_param *param, |
99 | | const uint8_t *kek, const uint8_t *ukm, |
100 | | size_t ukm_size, const uint8_t *enc, |
101 | | const uint8_t *imit, uint8_t *cek) |
102 | 0 | { |
103 | 0 | uint8_t kd[GOST28147_KEY_SIZE]; |
104 | 0 | uint8_t mac[GOST28147_IMIT_DIGEST_SIZE]; |
105 | 0 | struct gost28147_ctx ctx; |
106 | 0 | struct gost28147_imit_ctx ictx; |
107 | |
|
108 | 0 | assert(ukm_size >= GOST28147_IMIT_BLOCK_SIZE); |
109 | | |
110 | 0 | gost28147_kdf_cryptopro(param, kek, ukm, kd); |
111 | 0 | gost28147_set_key(&ctx, kd); |
112 | 0 | gost28147_set_param(&ctx, param); |
113 | 0 | gost28147_decrypt(&ctx, GOST28147_KEY_SIZE, cek, enc); |
114 | |
|
115 | 0 | gost28147_imit_set_key(&ictx, GOST28147_KEY_SIZE, kd); |
116 | 0 | gost28147_imit_set_param(&ictx, param); |
117 | 0 | gost28147_imit_set_nonce(&ictx, ukm); |
118 | 0 | gost28147_imit_update(&ictx, GOST28147_KEY_SIZE, cek); |
119 | 0 | gost28147_imit_digest(&ictx, GOST28147_IMIT_DIGEST_SIZE, mac); |
120 | |
|
121 | 0 | return memeql_sec(mac, imit, GOST28147_IMIT_DIGEST_SIZE); |
122 | 0 | } |