diff --git a/.clang-format b/.clang-format new file mode 100644 index 000000000..e2979eede --- /dev/null +++ b/.clang-format @@ -0,0 +1,99 @@ +# 1 +IndentWidth: 4 +TabWidth: 4 +UseTab: Never +IndentPPDirectives: AfterHash # Unknown to clang-format-5.0 +PPIndentWidth: 1 +AccessModifierOffset: -4 + +# 2 +AllowShortBlocksOnASingleLine: false +AllowShortCaseLabelsOnASingleLine: false +AllowShortFunctionsOnASingleLine: None +AllowShortIfStatementsOnASingleLine: false +AllowShortLoopsOnASingleLine: false +ColumnLimit: 80 +BreakStringLiterals: false +AlignAfterOpenBracket: Align +BinPackArguments: true +BinPackParameters: true +#InsertTrailingCommas: Wrapped +ExperimentalAutoDetectBinPacking: false +AllowAllParametersOfDeclarationOnNextLine: true +ContinuationIndentWidth: 4 + +# 3 +BreakBeforeBraces: Linux +MaxEmptyLinesToKeep: 1 +KeepEmptyLinesAtTheStartOfBlocks: false +IndentCaseBlocks: false +IndentCaseLabels: false +Cpp11BracedListStyle: false + +# 3.1 +SpaceBeforeParens: Custom +SpaceBeforeParensOptions: + AfterControlStatements: true + AfterFunctionDefinitionName: false +SpaceAfterCStyleCast: false +SpaceAfterTemplateKeyword: true +SpaceBeforeAssignmentOperators: true +SpaceInEmptyParentheses: false +SpacesBeforeTrailingComments: 1 +SpacesInAngles: false +SpacesInContainerLiterals: false +SpacesInCStyleCastParentheses: false +SpacesInParentheses: false +SpacesInSquareBrackets: false +AlignArrayOfStructures: None +AlignConsecutiveAssignments: false +AlignConsecutiveDeclarations: false +AlignConsecutiveMacros: Consecutive +AlignEscapedNewlines: Left # Unknown to clang-format-4.0 +AlignOperands: Align +BreakBeforeBinaryOperators: NonAssignment +AlignTrailingComments: true + +# 7 +PointerAlignment: Right +DerivePointerAlignment: false + +# 14 +Standard: Cpp03 + +# unsorted + +AlwaysBreakAfterDefinitionReturnType: None +AlwaysBreakAfterReturnType: None +AlwaysBreakBeforeMultilineStrings: false +AlwaysBreakTemplateDeclarations: false +BreakBeforeTernaryOperators: true +DisableFormat: false +#FixNamespaceComments: false # Unknown to clang-format-4.0 + +IncludeBlocks: Regroup # Unknown to clang-format-5.0 +IndentWrappedFunctionNames: false +MacroBlockBegin: '' +MacroBlockEnd: '' +NamespaceIndentation: None +#ObjCBinPackProtocolList: Auto # Unknown to clang-format-5.0 +ObjCBlockIndentWidth: 4 +ObjCSpaceAfterProperty: true +ObjCSpaceBeforeProtocolList: true + +#PenaltyBreakAssignment: 10 # Unknown to clang-format-4.0 +PenaltyBreakBeforeFirstCallParameter: 30 +PenaltyBreakComment: 10 +PenaltyBreakFirstLessLess: 0 +PenaltyBreakString: 10 +PenaltyExcessCharacter: 100 +PenaltyReturnTypeOnItsOwnLine: 60 + +ReflowComments: false +SeparateDefinitionBlocks: Always +SortIncludes: CaseInsensitive +#SortUsingDeclarations: false # Unknown to clang-format-4.0 + +Cpp11BracedListStyle: true # bad but reduces initial diff +IndentExternBlock: NoIndent +PenaltyIndentedWhitespace: 3 diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs new file mode 100644 index 000000000..00514a379 --- /dev/null +++ b/.git-blame-ignore-revs @@ -0,0 +1,11 @@ +297599693eb23e47377d65408bbafc64584da09f +12aeacd1571ef59dfa76e70cf78ac22d8c9e56bf +5a4f74d2148f0a36c364cf6aa2af4e9bc0492d3e +5a587fc4a072fa6a8ab819cb6071bd1c3d34b31d +ba47e42472bc5352dd73da24bc14e0f25cabc5dc +044f3597f1ce2e59047cfa1fcad5a7504292ecf4 +a8a461e9f8cbef8808c18220921396e46def04b6 +16ea890afa1622b757c3b148bfb8a91d4963a9b6 +cf83bf3cb9108370bef19284278152e14acb115a +390d81c8b7247afe28c4316174d6fba2d617f25b + diff --git a/.github/format.sh b/.github/format.sh new file mode 100755 index 000000000..261478218 --- /dev/null +++ b/.github/format.sh @@ -0,0 +1,9 @@ +#!/bin/bash -efux + +PREFIX=$HOME/opt +PATH=$PREFIX/bin:$PATH + +list=$(git ls-tree --name-only -r HEAD | grep -v ecp_id_.* | grep -v gost_grasshopper_precompiled.c | grep -v ^e_gost_err | grep '[.][ch]$') +clang-format -i $list +diffLen=$(git diff | wc -l) +test 0 -eq $diffLen || exit 1 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8baf3ba1b..47693947b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -99,3 +99,11 @@ jobs: - run: .github/before_script.sh - run: .github/script.sh + clang-format: + runs-on: ubuntu-22.04 + env: + APT_INSTALL: clang-format + steps: + - uses: actions/checkout@v2 + - run: .github/format.sh + diff --git a/benchmark/sign.c b/benchmark/sign.c index d9b08bb72..861f54ee6 100644 --- a/benchmark/sign.c +++ b/benchmark/sign.c @@ -7,181 +7,201 @@ **********************************************************************/ #define _GNU_SOURCE -#include -#include -#include -#include #include -#include #include +#include #include #include #include -#include +#include +#include +#include +#include +#include const char *tests[] = { - "md_gost12_256", "gost2012_256", "A", - "md_gost12_256", "gost2012_256", "B", - "md_gost12_256", "gost2012_256", "C", - "md_gost12_256", "gost2012_256", "TCA", - "md_gost12_256", "gost2012_256", "TCB", - "md_gost12_256", "gost2012_256", "TCC", - "md_gost12_256", "gost2012_256", "TCD", - - "md_gost12_512", "gost2012_512", "A", - "md_gost12_512", "gost2012_512", "B", - "md_gost12_512", "gost2012_512", "C", - + "md_gost12_256", + "gost2012_256", + "A", + "md_gost12_256", + "gost2012_256", + "B", + "md_gost12_256", + "gost2012_256", + "C", + "md_gost12_256", + "gost2012_256", + "TCA", + "md_gost12_256", + "gost2012_256", + "TCB", + "md_gost12_256", + "gost2012_256", + "TCC", + "md_gost12_256", + "gost2012_256", + "TCD", + "md_gost12_512", + "gost2012_512", + "A", + "md_gost12_512", + "gost2012_512", + "B", + "md_gost12_512", + "gost2012_512", + "C", NULL, }; static EVP_PKEY *create_key(const char *algname, const char *param) { - EVP_PKEY *key1 = EVP_PKEY_new(), *newkey = NULL; - EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *key1 = EVP_PKEY_new(), *newkey = NULL; + EVP_PKEY_CTX *ctx = NULL; - if (EVP_PKEY_set_type_str(key1, algname, strlen(algname)) <= 0) - goto err; + if (EVP_PKEY_set_type_str(key1, algname, strlen(algname)) <= 0) + goto err; - if (!(ctx = EVP_PKEY_CTX_new(key1, NULL))) - goto err; + if (!(ctx = EVP_PKEY_CTX_new(key1, NULL))) + goto err; - if (EVP_PKEY_keygen_init(ctx) == 0) - goto err; + if (EVP_PKEY_keygen_init(ctx) == 0) + goto err; - if (ERR_peek_last_error()) - goto err; + if (ERR_peek_last_error()) + goto err; - if (EVP_PKEY_CTX_ctrl_str(ctx, "paramset", param) <= 0) - goto err; + if (EVP_PKEY_CTX_ctrl_str(ctx, "paramset", param) <= 0) + goto err; - if (EVP_PKEY_keygen(ctx, &newkey) <= 0) - goto err; + if (EVP_PKEY_keygen(ctx, &newkey) <= 0) + goto err; err: - if(ctx) - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(key1); - return newkey; + if (ctx) + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(key1); + return newkey; } void usage(char *name) { - fprintf(stderr, "usage: %s [-l data_len] [-c cycles]\n", name); - exit(1); + fprintf(stderr, "usage: %s [-l data_len] [-c cycles]\n", name); + exit(1); } int main(int argc, char **argv) { - unsigned int data_len = 1; - unsigned int cycles = 100; - int option; - clockid_t clock_type = CLOCK_MONOTONIC; - int test, test_count = 0; - - opterr = 0; - while((option = getopt(argc, argv, "l:c:C")) >= 0) - { - switch (option) - { - case 'l': - data_len = atoi(optarg); - break; - case 'c': - cycles = atoi(optarg); - break; - case 'C': - clock_type = CLOCK_PROCESS_CPUTIME_ID; - break; - default: - usage(argv[0]); - break; - } - } - if (optind < argc) usage(argv[0]); - if (cycles < 100) { printf("cycles too low\n"); exit(1); } - - OPENSSL_add_all_algorithms_conf(); - ERR_load_crypto_strings(); - - for (test = 0; tests[test]; test += 3) { - double diff[2]; /* sign, verify */ - const char *digest = tests[test]; - const char *algo = tests[test + 1]; - const char *param = tests[test + 2]; - const EVP_MD *mdtype; - EVP_MD_CTX *md_ctx; - unsigned int siglen; - unsigned char *sigbuf; - EVP_PKEY *pkey; - unsigned char *data; - int pass; - - md_ctx = EVP_MD_CTX_new(); - mdtype = EVP_get_digestbyname(digest); - if (!mdtype) - continue; - pkey = create_key(algo, param); - data = (unsigned char *) malloc(data_len); - if (!pkey) - continue; - - test_count++; - printf("wait..."); - fflush(stdout); - siglen = EVP_PKEY_size(pkey); - sigbuf = malloc(siglen * cycles); - if (!sigbuf) { - fprintf(stderr, "No tests were run, malloc failure.\n"); - exit(1); - } - - for (pass = 0; pass < 2; pass++) { - struct timespec ts; - struct timeval debut, fin, delta; - int err; - unsigned int i; - - clock_gettime(clock_type, &ts); - TIMESPEC_TO_TIMEVAL(&debut, &ts); - - if (pass == 0) { /* sign */ - for (i = 0; i < cycles; i++) { - EVP_SignInit(md_ctx, mdtype); - err = EVP_SignUpdate(md_ctx, data, data_len) - && EVP_SignFinal(md_ctx, &sigbuf[siglen * i], - (unsigned int *)&siglen, pkey); - if (err != 1) - printf("!"); - EVP_MD_CTX_reset(md_ctx); - } - } else { /* verify */ - for (i = 0; i < cycles; i++) { - EVP_VerifyInit(md_ctx, mdtype); - err = EVP_VerifyUpdate(md_ctx, data, data_len) - && EVP_VerifyFinal(md_ctx, &sigbuf[siglen * i], - siglen, pkey); - EVP_MD_CTX_reset(md_ctx); - if (err != 1) - printf("!"); - } - } - - clock_gettime(clock_type, &ts); - TIMESPEC_TO_TIMEVAL(&fin, &ts); - timersub(&fin, &debut, &delta); - diff[pass] = (double)delta.tv_sec + (double)delta.tv_usec / 1000000; - } - printf("\r%s %s: sign: %.1f/s, verify: %.1f/s\n", algo, param, - (double)cycles / diff[0], (double)cycles / diff[1]); - EVP_PKEY_free(pkey); - free(sigbuf); - free(data); - } - - if (!test_count) { - fprintf(stderr, "No tests were run, something is wrong.\n"); - exit(1); - } - exit(0); + unsigned int data_len = 1; + unsigned int cycles = 100; + int option; + clockid_t clock_type = CLOCK_MONOTONIC; + int test, test_count = 0; + + opterr = 0; + while ((option = getopt(argc, argv, "l:c:C")) >= 0) { + switch (option) { + case 'l': + data_len = atoi(optarg); + break; + case 'c': + cycles = atoi(optarg); + break; + case 'C': + clock_type = CLOCK_PROCESS_CPUTIME_ID; + break; + default: + usage(argv[0]); + break; + } + } + if (optind < argc) + usage(argv[0]); + if (cycles < 100) { + printf("cycles too low\n"); + exit(1); + } + + OPENSSL_add_all_algorithms_conf(); + ERR_load_crypto_strings(); + + for (test = 0; tests[test]; test += 3) { + double diff[2]; /* sign, verify */ + const char *digest = tests[test]; + const char *algo = tests[test + 1]; + const char *param = tests[test + 2]; + const EVP_MD *mdtype; + EVP_MD_CTX *md_ctx; + unsigned int siglen; + unsigned char *sigbuf; + EVP_PKEY *pkey; + unsigned char *data; + int pass; + + md_ctx = EVP_MD_CTX_new(); + mdtype = EVP_get_digestbyname(digest); + if (!mdtype) + continue; + pkey = create_key(algo, param); + data = (unsigned char *)malloc(data_len); + if (!pkey) + continue; + + test_count++; + printf("wait..."); + fflush(stdout); + siglen = EVP_PKEY_size(pkey); + sigbuf = malloc((size_t)siglen * cycles); + if (!sigbuf) { + fprintf(stderr, "No tests were run, malloc failure.\n"); + exit(1); + } + + for (pass = 0; pass < 2; pass++) { + struct timespec ts; + struct timeval debut, fin, delta; + int err; + unsigned int i; + + clock_gettime(clock_type, &ts); + TIMESPEC_TO_TIMEVAL(&debut, &ts); + + if (pass == 0) { /* sign */ + for (i = 0; i < cycles; i++) { + EVP_SignInit(md_ctx, mdtype); + err = EVP_SignUpdate(md_ctx, data, data_len) + && EVP_SignFinal(md_ctx, &sigbuf[siglen * i], + (unsigned int *)&siglen, pkey); + if (err != 1) + printf("!"); + EVP_MD_CTX_reset(md_ctx); + } + } else { /* verify */ + for (i = 0; i < cycles; i++) { + EVP_VerifyInit(md_ctx, mdtype); + err = EVP_VerifyUpdate(md_ctx, data, data_len) + && EVP_VerifyFinal( + md_ctx, &sigbuf[siglen * i], siglen, pkey); + EVP_MD_CTX_reset(md_ctx); + if (err != 1) + printf("!"); + } + } + + clock_gettime(clock_type, &ts); + TIMESPEC_TO_TIMEVAL(&fin, &ts); + timersub(&fin, &debut, &delta); + diff[pass] = (double)delta.tv_sec + (double)delta.tv_usec / 1000000; + } + printf("\r%s %s: sign: %.1f/s, verify: %.1f/s\n", algo, param, + (double)cycles / diff[0], (double)cycles / diff[1]); + EVP_PKEY_free(pkey); + free(sigbuf); + free(data); + } + + if (!test_count) { + fprintf(stderr, "No tests were run, something is wrong.\n"); + exit(1); + } + exit(0); } diff --git a/getopt.h b/getopt.h index aea89a0a2..4900972e5 100644 --- a/getopt.h +++ b/getopt.h @@ -8,7 +8,7 @@ * IMPLIED ARE HEREBY DISCLAIMED. This includes but is not limited to * warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ - /* +/* * Copyright (c) 2002 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -56,33 +56,33 @@ * POSSIBILITY OF SUCH DAMAGE. */ -#pragma warning(disable:4996) +#pragma warning(disable : 4996) #define __GETOPT_H__ /* All the headers include this file. */ #include #include -#include -#include #include #include +#include +#include #include #ifdef __cplusplus extern "C" { #endif -#define REPLACE_GETOPT /* use this getopt as the system getopt(3) */ +#define REPLACE_GETOPT /* use this getopt as the system getopt(3) */ #ifdef REPLACE_GETOPT -int opterr = 1; /* if error message should be printed */ -int optind = 1; /* index into parent argv vector */ -int optopt = '?'; /* character checked for validity */ -#undef optreset /* see getopt.h */ -#define optreset __mingw_optreset -int optreset; /* reset getopt */ -char *optarg; /* argument associated with option */ +int opterr = 1; /* if error message should be printed */ +int optind = 1; /* index into parent argv vector */ +int optopt = '?'; /* character checked for validity */ +# undef optreset /* see getopt.h */ +# define optreset __mingw_optreset +int optreset; /* reset getopt */ +char *optarg; /* argument associated with option */ #endif //extern int optind; /* index of first non-option in argv */ @@ -92,35 +92,35 @@ char *optarg; /* argument associated with option */ // //extern char *optarg; /* pointer to argument of current option */ -#define PRINT_ERROR ((opterr) && (*options != ':')) +#define PRINT_ERROR ((opterr) && (*options != ':')) -#define FLAG_PERMUTE 0x01 /* permute non-options to the end of argv */ -#define FLAG_ALLARGS 0x02 /* treat non-options as args to option "-1" */ -#define FLAG_LONGONLY 0x04 /* operate as getopt_long_only */ +#define FLAG_PERMUTE 0x01 /* permute non-options to the end of argv */ +#define FLAG_ALLARGS 0x02 /* treat non-options as args to option "-1" */ +#define FLAG_LONGONLY 0x04 /* operate as getopt_long_only */ /* return values */ -#define BADCH (int)'?' -#define BADARG ((*options == ':') ? (int)':' : (int)'?') -#define INORDER (int)1 +#define BADCH (int)'?' +#define BADARG ((*options == ':') ? (int)':' : (int)'?') +#define INORDER (int)1 #ifndef __CYGWIN__ -#define __progname __argv[0] +# define __progname __argv[0] #else -extern char __declspec(dllimport) *__progname; +extern char __declspec(dllimport) * __progname; #endif #ifdef __CYGWIN__ static char EMSG[] = ""; #else -#define EMSG "" +# define EMSG "" #endif -static int getopt_internal(int, char * const *, const char *, - const struct option *, int *, int); -static int parse_long_options(char * const *, const char *, - const struct option *, int *, int); +static int getopt_internal(int, char *const *, const char *, + const struct option *, int *, int); +static int parse_long_options(char *const *, const char *, + const struct option *, int *, int); static int gcd(int, int); -static void permute_args(int, int, int, char * const *); +static void permute_args(int, int, int, char *const *); static char *place = EMSG; /* option letter processing */ @@ -136,40 +136,37 @@ static const char noarg[] = "option doesn't take an argument -- %.*s"; static const char illoptchar[] = "unknown option -- %c"; static const char illoptstring[] = "unknown option -- %s"; -static void -_vwarnx(const char *fmt,va_list ap) +static void _vwarnx(const char *fmt, va_list ap) { - (void)fprintf(stderr,"%s: ",__progname); - if (fmt != NULL) - (void)vfprintf(stderr,fmt,ap); - (void)fprintf(stderr,"\n"); + (void)fprintf(stderr, "%s: ", __progname); + if (fmt != NULL) + (void)vfprintf(stderr, fmt, ap); + (void)fprintf(stderr, "\n"); } -static void -warnx(const char *fmt,...) +static void warnx(const char *fmt, ...) { - va_list ap; - va_start(ap,fmt); - _vwarnx(fmt,ap); - va_end(ap); + va_list ap; + va_start(ap, fmt); + _vwarnx(fmt, ap); + va_end(ap); } /* * Compute the greatest common divisor of a and b. */ -static int -gcd(int a, int b) +static int gcd(int a, int b) { - int c; + int c; - c = a % b; - while (c != 0) { - a = b; - b = c; - c = a % b; - } + c = a % b; + while (c != 0) { + a = b; + b = c; + c = a % b; + } - return (b); + return (b); } /* @@ -177,36 +174,35 @@ gcd(int a, int b) * from nonopt_end to opt_end (keeping the same order of arguments * in each block). */ -static void -permute_args(int panonopt_start, int panonopt_end, int opt_end, - char * const *nargv) +static void permute_args(int panonopt_start, int panonopt_end, int opt_end, + char *const *nargv) { - int cyclelen, i, j, ncycle, nnonopts, nopts; - char *swap; + int cyclelen, i, j, ncycle, nnonopts, nopts; + char *swap; - /* + /* * compute lengths of blocks and number and size of cycles */ - nnonopts = panonopt_end - panonopt_start; - nopts = opt_end - panonopt_end; - ncycle = gcd(nnonopts, nopts); - cyclelen = (opt_end - panonopt_start) / ncycle; - - for (i = 0; i < ncycle; i++) { - int cstart = panonopt_end+i; - int pos = cstart; - for (j = 0; j < cyclelen; j++) { - if (pos >= panonopt_end) - pos -= nnonopts; - else - pos += nopts; - swap = nargv[pos]; - /* LINTED const cast */ - ((char **) nargv)[pos] = nargv[cstart]; - /* LINTED const cast */ - ((char **)nargv)[cstart] = swap; - } - } + nnonopts = panonopt_end - panonopt_start; + nopts = opt_end - panonopt_end; + ncycle = gcd(nnonopts, nopts); + cyclelen = (opt_end - panonopt_start) / ncycle; + + for (i = 0; i < ncycle; i++) { + int cstart = panonopt_end + i; + int pos = cstart; + for (j = 0; j < cyclelen; j++) { + if (pos >= panonopt_end) + pos -= nnonopts; + else + pos += nopts; + swap = nargv[pos]; + /* LINTED const cast */ + ((char **)nargv)[pos] = nargv[cstart]; + /* LINTED const cast */ + ((char **)nargv)[cstart] = swap; + } + } } #ifdef REPLACE_GETOPT @@ -216,11 +212,9 @@ permute_args(int panonopt_start, int panonopt_end, int opt_end, * * [eventually this will replace the BSD getopt] */ -int -getopt(int nargc, char * const *nargv, const char *options) +int getopt(int nargc, char *const *nargv, const char *options) { - - /* + /* * We don't pass FLAG_PERMUTE to getopt_internal() since * the BSD getopt(3) (unlike GNU) has never done this. * @@ -228,7 +222,7 @@ getopt(int nargc, char * const *nargv, const char *options) * before dropping privileges it makes sense to keep things * as simple (and bug-free) as possible. */ - return (getopt_internal(nargc, nargv, options, NULL, NULL, 0)); + return (getopt_internal(nargc, nargv, options, NULL, NULL, 0)); } #endif /* REPLACE_GETOPT */ @@ -241,7 +235,7 @@ getopt(int nargc, char * const *nargv, const char *options) * proclaim their BSD heritage, before including this header; however, * to maintain portability, developers are advised to avoid it. */ -# define optreset __mingw_optreset +# define optreset __mingw_optreset extern int optreset; #endif #ifdef __cplusplus @@ -265,19 +259,19 @@ extern int optreset; extern "C" { #endif -struct option /* specification for a long form option... */ +struct option /* specification for a long form option... */ { - const char *name; /* option name, without leading hyphens */ - int has_arg; /* does it take an argument? */ - int *flag; /* where to save its status, or NULL */ - int val; /* its associated status value */ + const char *name; /* option name, without leading hyphens */ + int has_arg; /* does it take an argument? */ + int *flag; /* where to save its status, or NULL */ + int val; /* its associated status value */ }; -enum /* permitted values for its `has_arg' field... */ +enum /* permitted values for its `has_arg' field... */ { - no_argument = 0, /* option never takes an argument */ - required_argument, /* option always requires an argument */ - optional_argument /* option may take an argument */ + no_argument = 0, /* option never takes an argument */ + required_argument, /* option always requires an argument */ + optional_argument /* option may take an argument */ }; /* @@ -286,126 +280,120 @@ enum /* permitted values for its `has_arg' field... */ * Returns -1 if short_too is set and the option does not match long_options. */ static int -parse_long_options(char * const *nargv, const char *options, - const struct option *long_options, int *idx, int short_too) +parse_long_options(char *const *nargv, const char *options, + const struct option *long_options, int *idx, int short_too) { - char *current_argv, *has_equal; - size_t current_argv_len; - int i, ambiguous, match; - -#define IDENTICAL_INTERPRETATION(_x, _y) \ - (long_options[(_x)].has_arg == long_options[(_y)].has_arg && \ - long_options[(_x)].flag == long_options[(_y)].flag && \ - long_options[(_x)].val == long_options[(_y)].val) - - current_argv = place; - match = -1; - ambiguous = 0; - - optind++; - - if ((has_equal = strchr(current_argv, '=')) != NULL) { - /* argument found (--option=arg) */ - current_argv_len = has_equal - current_argv; - has_equal++; - } else - current_argv_len = strlen(current_argv); - - for (i = 0; long_options[i].name; i++) { - /* find matching long option */ - if (strncmp(current_argv, long_options[i].name, - current_argv_len)) - continue; - - if (strlen(long_options[i].name) == current_argv_len) { - /* exact match */ - match = i; - ambiguous = 0; - break; - } - /* + char *current_argv, *has_equal; + size_t current_argv_len; + int i, ambiguous, match; + +#define IDENTICAL_INTERPRETATION(_x, _y) \ + (long_options[(_x)].has_arg == long_options[(_y)].has_arg \ + && long_options[(_x)].flag == long_options[(_y)].flag \ + && long_options[(_x)].val == long_options[(_y)].val) + + current_argv = place; + match = -1; + ambiguous = 0; + + optind++; + + if ((has_equal = strchr(current_argv, '=')) != NULL) { + /* argument found (--option=arg) */ + current_argv_len = has_equal - current_argv; + has_equal++; + } else + current_argv_len = strlen(current_argv); + + for (i = 0; long_options[i].name; i++) { + /* find matching long option */ + if (strncmp(current_argv, long_options[i].name, current_argv_len)) + continue; + + if (strlen(long_options[i].name) == current_argv_len) { + /* exact match */ + match = i; + ambiguous = 0; + break; + } + /* * If this is a known short option, don't allow * a partial match of a single character. */ - if (short_too && current_argv_len == 1) - continue; - - if (match == -1) /* partial match */ - match = i; - else if (!IDENTICAL_INTERPRETATION(i, match)) - ambiguous = 1; - } - if (ambiguous) { - /* ambiguous abbreviation */ - if (PRINT_ERROR) - warnx(ambig, (int)current_argv_len, - current_argv); - optopt = 0; - return (BADCH); - } - if (match != -1) { /* option found */ - if (long_options[match].has_arg == no_argument - && has_equal) { - if (PRINT_ERROR) - warnx(noarg, (int)current_argv_len, - current_argv); - /* + if (short_too && current_argv_len == 1) + continue; + + if (match == -1) /* partial match */ + match = i; + else if (!IDENTICAL_INTERPRETATION(i, match)) + ambiguous = 1; + } + if (ambiguous) { + /* ambiguous abbreviation */ + if (PRINT_ERROR) + warnx(ambig, (int)current_argv_len, current_argv); + optopt = 0; + return (BADCH); + } + if (match != -1) { /* option found */ + if (long_options[match].has_arg == no_argument && has_equal) { + if (PRINT_ERROR) + warnx(noarg, (int)current_argv_len, current_argv); + /* * XXX: GNU sets optopt to val regardless of flag */ - if (long_options[match].flag == NULL) - optopt = long_options[match].val; - else - optopt = 0; - return (BADARG); - } - if (long_options[match].has_arg == required_argument || - long_options[match].has_arg == optional_argument) { - if (has_equal) - optarg = has_equal; - else if (long_options[match].has_arg == - required_argument) { - /* + if (long_options[match].flag == NULL) + optopt = long_options[match].val; + else + optopt = 0; + return (BADARG); + } + if (long_options[match].has_arg == required_argument + || long_options[match].has_arg == optional_argument) { + if (has_equal) + optarg = has_equal; + else if (long_options[match].has_arg == required_argument) { + /* * optional argument doesn't use next nargv */ - optarg = nargv[optind++]; - } - } - if ((long_options[match].has_arg == required_argument) - && (optarg == NULL)) { - /* + optarg = nargv[optind++]; + } + } + if ((long_options[match].has_arg == required_argument) + && (optarg == NULL)) { + /* * Missing argument; leading ':' indicates no error * should be generated. */ - if (PRINT_ERROR) - warnx(recargstring, - current_argv); - /* + if (PRINT_ERROR) + warnx(recargstring, current_argv); + /* * XXX: GNU sets optopt to val regardless of flag */ - if (long_options[match].flag == NULL) - optopt = long_options[match].val; - else - optopt = 0; - --optind; - return (BADARG); - } - } else { /* unknown option */ - if (short_too) { - --optind; - return (-1); - } - if (PRINT_ERROR) - warnx(illoptstring, current_argv); - optopt = 0; - return (BADCH); - } - if (idx) - *idx = match; - if (long_options[match].flag) { - *long_options[match].flag = long_options[match].val; - return (0); - } else - return (long_options[match].val); + if (long_options[match].flag == NULL) + optopt = long_options[match].val; + else + optopt = 0; + --optind; + return (BADARG); + } + } else { /* unknown option */ + if (short_too) { + --optind; + return (-1); + } + if (PRINT_ERROR) + warnx(illoptstring, current_argv); + optopt = 0; + return (BADCH); + } + if (idx) + *idx = match; + if (long_options[match].flag) { + *long_options[match].flag = long_options[match].val; + return (0); + } else + return (long_options[match].val); #undef IDENTICAL_INTERPRETATION } @@ -414,222 +402,212 @@ parse_long_options(char * const *nargv, const char *options, * Parse argc/argv argument vector. Called by user level routines. */ static int -getopt_internal(int nargc, char * const *nargv, const char *options, - const struct option *long_options, int *idx, int flags) +getopt_internal(int nargc, char *const *nargv, const char *options, + const struct option *long_options, int *idx, int flags) { - char *oli; /* option letter list index */ - int optchar, short_too; - static int posixly_correct = -1; + char *oli; /* option letter list index */ + int optchar, short_too; + static int posixly_correct = -1; - if (options == NULL) - return (-1); + if (options == NULL) + return (-1); - /* + /* * XXX Some GNU programs (like cvs) set optind to 0 instead of * XXX using optreset. Work around this braindamage. */ - if (optind == 0) - optind = optreset = 1; + if (optind == 0) + optind = optreset = 1; - /* + /* * Disable GNU extensions if POSIXLY_CORRECT is set or options * string begins with a '+'. * * CV, 2009-12-14: Check POSIXLY_CORRECT anew if optind == 0 or * optreset != 0 for GNU compatibility. */ - if (posixly_correct == -1 || optreset != 0) - posixly_correct = (getenv("POSIXLY_CORRECT") != NULL); - if (*options == '-') - flags |= FLAG_ALLARGS; - else if (posixly_correct || *options == '+') - flags &= ~FLAG_PERMUTE; - if (*options == '+' || *options == '-') - options++; - - optarg = NULL; - if (optreset) - nonopt_start = nonopt_end = -1; + if (posixly_correct == -1 || optreset != 0) + posixly_correct = (getenv("POSIXLY_CORRECT") != NULL); + if (*options == '-') + flags |= FLAG_ALLARGS; + else if (posixly_correct || *options == '+') + flags &= ~FLAG_PERMUTE; + if (*options == '+' || *options == '-') + options++; + + optarg = NULL; + if (optreset) + nonopt_start = nonopt_end = -1; start: - if (optreset || !*place) { /* update scanning pointer */ - optreset = 0; - if (optind >= nargc) { /* end of argument vector */ - place = EMSG; - if (nonopt_end != -1) { - /* do permutation, if we have to */ - permute_args(nonopt_start, nonopt_end, - optind, nargv); - optind -= nonopt_end - nonopt_start; - } - else if (nonopt_start != -1) { - /* + if (optreset || !*place) { /* update scanning pointer */ + optreset = 0; + if (optind >= nargc) { /* end of argument vector */ + place = EMSG; + if (nonopt_end != -1) { + /* do permutation, if we have to */ + permute_args(nonopt_start, nonopt_end, optind, nargv); + optind -= nonopt_end - nonopt_start; + } else if (nonopt_start != -1) { + /* * If we skipped non-options, set optind * to the first of them. */ - optind = nonopt_start; - } - nonopt_start = nonopt_end = -1; - return (-1); - } - if (*(place = nargv[optind]) != '-' || - (place[1] == '\0' && strchr(options, '-') == NULL)) { - place = EMSG; /* found non-option */ - if (flags & FLAG_ALLARGS) { - /* + optind = nonopt_start; + } + nonopt_start = nonopt_end = -1; + return (-1); + } + if (*(place = nargv[optind]) != '-' + || (place[1] == '\0' && strchr(options, '-') == NULL)) { + place = EMSG; /* found non-option */ + if (flags & FLAG_ALLARGS) { + /* * GNU extension: * return non-option as argument to option 1 */ - optarg = nargv[optind++]; - return (INORDER); - } - if (!(flags & FLAG_PERMUTE)) { - /* + optarg = nargv[optind++]; + return (INORDER); + } + if (!(flags & FLAG_PERMUTE)) { + /* * If no permutation wanted, stop parsing * at first non-option. */ - return (-1); - } - /* do permutation */ - if (nonopt_start == -1) - nonopt_start = optind; - else if (nonopt_end != -1) { - permute_args(nonopt_start, nonopt_end, - optind, nargv); - nonopt_start = optind - - (nonopt_end - nonopt_start); - nonopt_end = -1; - } - optind++; - /* process next argument */ - goto start; - } - if (nonopt_start != -1 && nonopt_end == -1) - nonopt_end = optind; - - /* + return (-1); + } + /* do permutation */ + if (nonopt_start == -1) + nonopt_start = optind; + else if (nonopt_end != -1) { + permute_args(nonopt_start, nonopt_end, optind, nargv); + nonopt_start = optind - (nonopt_end - nonopt_start); + nonopt_end = -1; + } + optind++; + /* process next argument */ + goto start; + } + if (nonopt_start != -1 && nonopt_end == -1) + nonopt_end = optind; + + /* * If we have "-" do nothing, if "--" we are done. */ - if (place[1] != '\0' && *++place == '-' && place[1] == '\0') { - optind++; - place = EMSG; - /* + if (place[1] != '\0' && *++place == '-' && place[1] == '\0') { + optind++; + place = EMSG; + /* * We found an option (--), so if we skipped * non-options, we have to permute. */ - if (nonopt_end != -1) { - permute_args(nonopt_start, nonopt_end, - optind, nargv); - optind -= nonopt_end - nonopt_start; - } - nonopt_start = nonopt_end = -1; - return (-1); - } - } - - /* + if (nonopt_end != -1) { + permute_args(nonopt_start, nonopt_end, optind, nargv); + optind -= nonopt_end - nonopt_start; + } + nonopt_start = nonopt_end = -1; + return (-1); + } + } + + /* * Check long options if: * 1) we were passed some * 2) the arg is not just "-" * 3) either the arg starts with -- we are getopt_long_only() */ - if (long_options != NULL && place != nargv[optind] && - (*place == '-' || (flags & FLAG_LONGONLY))) { - short_too = 0; - if (*place == '-') - place++; /* --foo long option */ - else if (*place != ':' && strchr(options, *place) != NULL) - short_too = 1; /* could be short option too */ - - optchar = parse_long_options(nargv, options, long_options, - idx, short_too); - if (optchar != -1) { - place = EMSG; - return (optchar); - } - } - - if ((optchar = (int)*place++) == (int)':' || - (optchar == (int)'-' && *place != '\0') || - (oli = (char*)strchr(options, optchar)) == NULL) { - /* + if (long_options != NULL && place != nargv[optind] + && (*place == '-' || (flags & FLAG_LONGONLY))) { + short_too = 0; + if (*place == '-') + place++; /* --foo long option */ + else if (*place != ':' && strchr(options, *place) != NULL) + short_too = 1; /* could be short option too */ + + optchar = + parse_long_options(nargv, options, long_options, idx, short_too); + if (optchar != -1) { + place = EMSG; + return (optchar); + } + } + + if ((optchar = (int)*place++) == (int)':' + || (optchar == (int)'-' && *place != '\0') + || (oli = (char *)strchr(options, optchar)) == NULL) { + /* * If the user specified "-" and '-' isn't listed in * options, return -1 (non-option) as per POSIX. * Otherwise, it is an unknown option character (or ':'). */ - if (optchar == (int)'-' && *place == '\0') - return (-1); - if (!*place) - ++optind; - if (PRINT_ERROR) - warnx(illoptchar, optchar); - optopt = optchar; - return (BADCH); - } - if (long_options != NULL && optchar == 'W' && oli[1] == ';') { - /* -W long-option */ - if (*place) /* no space */ - /* NOTHING */; - else if (++optind >= nargc) { /* no arg */ - place = EMSG; - if (PRINT_ERROR) - warnx(recargchar, optchar); - optopt = optchar; - return (BADARG); - } else /* white space */ - place = nargv[optind]; - optchar = parse_long_options(nargv, options, long_options, - idx, 0); - place = EMSG; - return (optchar); - } - if (*++oli != ':') { /* doesn't take argument */ - if (!*place) - ++optind; - } else { /* takes (optional) argument */ - optarg = NULL; - if (*place) /* no white space */ - optarg = place; - else if (oli[1] != ':') { /* arg not optional */ - if (++optind >= nargc) { /* no arg */ - place = EMSG; - if (PRINT_ERROR) - warnx(recargchar, optchar); - optopt = optchar; - return (BADARG); - } else - optarg = nargv[optind]; - } - place = EMSG; - ++optind; - } - /* dump back option letter */ - return (optchar); + if (optchar == (int)'-' && *place == '\0') + return (-1); + if (!*place) + ++optind; + if (PRINT_ERROR) + warnx(illoptchar, optchar); + optopt = optchar; + return (BADCH); + } + if (long_options != NULL && optchar == 'W' && oli[1] == ';') { + /* -W long-option */ + if (*place) /* no space */ + /* NOTHING */; + else if (++optind >= nargc) { /* no arg */ + place = EMSG; + if (PRINT_ERROR) + warnx(recargchar, optchar); + optopt = optchar; + return (BADARG); + } else /* white space */ + place = nargv[optind]; + optchar = parse_long_options(nargv, options, long_options, idx, 0); + place = EMSG; + return (optchar); + } + if (*++oli != ':') { /* doesn't take argument */ + if (!*place) + ++optind; + } else { /* takes (optional) argument */ + optarg = NULL; + if (*place) /* no white space */ + optarg = place; + else if (oli[1] != ':') { /* arg not optional */ + if (++optind >= nargc) { /* no arg */ + place = EMSG; + if (PRINT_ERROR) + warnx(recargchar, optchar); + optopt = optchar; + return (BADARG); + } else + optarg = nargv[optind]; + } + place = EMSG; + ++optind; + } + /* dump back option letter */ + return (optchar); } /* * getopt_long -- * Parse argc/argv argument vector. */ -int -getopt_long(int nargc, char * const *nargv, const char *options, - const struct option *long_options, int *idx) +int getopt_long(int nargc, char *const *nargv, const char *options, + const struct option *long_options, int *idx) { - - return (getopt_internal(nargc, nargv, options, long_options, idx, - FLAG_PERMUTE)); + return (getopt_internal( + nargc, nargv, options, long_options, idx, FLAG_PERMUTE)); } /* * getopt_long_only -- * Parse argc/argv argument vector. */ -int -getopt_long_only(int nargc, char * const *nargv, const char *options, - const struct option *long_options, int *idx) +int getopt_long_only(int nargc, char *const *nargv, const char *options, + const struct option *long_options, int *idx) { - - return (getopt_internal(nargc, nargv, options, long_options, idx, - FLAG_PERMUTE|FLAG_LONGONLY)); + return (getopt_internal(nargc, nargv, options, long_options, idx, + FLAG_PERMUTE | FLAG_LONGONLY)); } //extern int getopt_long(int nargc, char * const *nargv, const char *options, @@ -643,7 +621,7 @@ getopt_long_only(int nargc, char * const *nargv, const char *options, /* * ...for the long form API only; keep this for compatibility. */ -# define HAVE_DECL_GETOPT 1 +# define HAVE_DECL_GETOPT 1 #endif #ifdef __cplusplus diff --git a/gost-engine.h b/gost-engine.h index da292c3aa..1558c8845 100644 --- a/gost-engine.h +++ b/gost-engine.h @@ -7,7 +7,7 @@ * * **********************************************************************/ #ifndef GOST_ENGINE_H -# define GOST_ENGINE_H +#define GOST_ENGINE_H void ENGINE_load_gost(void); diff --git a/gost12sum.c b/gost12sum.c index e644a613b..a9656f033 100644 --- a/gost12sum.c +++ b/gost12sum.c @@ -11,43 +11,46 @@ #include #include #ifdef _MSC_VER -#include "getopt.h" +# include "getopt.h" # ifndef PATH_MAX # define PATH_MAX _MAX_PATH # endif -#include +# include typedef SSIZE_T ssize_t; #else -#include +# include #endif -#include #include +#include #ifdef _WIN32 # include #endif -#include #include "gosthash2012.h" -#define BUF_SIZE 262144 + +#include +#define BUF_SIZE 262144 #define MAX_HASH_TXT_BYTES 128 -#define gost_hash_ctx gost2012_hash_ctx +#define gost_hash_ctx gost2012_hash_ctx typedef unsigned char byte; -int hash_file(gost_hash_ctx * ctx, char *filename, char *sum, int mode, +int hash_file(gost_hash_ctx *ctx, char *filename, char *sum, int mode, int hashsize); -int hash_stream(gost_hash_ctx * ctx, int fd, char *sum, int hashsize); +int hash_stream(gost_hash_ctx *ctx, int fd, char *sum, int hashsize); int get_line(FILE *f, char *hash, char *filename, int verbose, int *size); void help() { fprintf(stderr, "Calculates GOST R 34.11-2012 hash function\n\n"); - fprintf(stderr, "gost12sum [-vl] [-c [file]]| [files]|-x\n" - "\t-c check message digests (default is generate)\n" - "\t-v verbose, print file names when checking\n" - "\t-l use 512 bit hash (default 256 bit)\n" - "\t-x read filenames from stdin rather than from arguments (256 bit only)\n" - "\t-h print this help\n" - "The input for -c should be the list of message digests and file names\n" - "that is printed on stdout by this program when it generates digests.\n"); + fprintf( + stderr, + "gost12sum [-vl] [-c [file]]| [files]|-x\n" + "\t-c check message digests (default is generate)\n" + "\t-v verbose, print file names when checking\n" + "\t-l use 512 bit hash (default 256 bit)\n" + "\t-x read filenames from stdin rather than from arguments (256 bit only)\n" + "\t-h print this help\n" + "The input for -c should be the list of message digests and file names\n" + "that is printed on stdout by this program when it generates digests.\n"); exit(3); } @@ -55,19 +58,19 @@ void help() # define O_BINARY 0 #endif -int start_hash(gost_hash_ctx * ctx, int hashsize) +int start_hash(gost_hash_ctx *ctx, int hashsize) { init_gost2012_hash_ctx(ctx, hashsize); return 1; } -int hash_block(gost_hash_ctx * ctx, const byte * block, size_t length) +int hash_block(gost_hash_ctx *ctx, const byte *block, size_t length) { gost2012_hash_block(ctx, block, length); return 1; } -int finish_hash(gost_hash_ctx * ctx, byte * hashval) +int finish_hash(gost_hash_ctx *ctx, byte *hashval) { gost2012_finish_hash(ctx, hashval); return 1; @@ -128,8 +131,8 @@ int main(int argc, char **argv) exit(2); } } - while (get_line - (check_file, inhash, filename, verbose, &expected_hash_size)) { + while (get_line( + check_file, inhash, filename, verbose, &expected_hash_size)) { int error = 0; if (expected_hash_size == 0) { fprintf(stderr, "%s: invalid hash length\n", filename); @@ -138,8 +141,8 @@ int main(int argc, char **argv) continue; } - if (!hash_file - (&ctx, filename, calcsum, open_mode, expected_hash_size)) { + if (!hash_file(&ctx, filename, calcsum, open_mode, + expected_hash_size)) { errors++; error = 1; } @@ -165,12 +168,12 @@ int main(int argc, char **argv) fprintf(stderr, "%s: WARNING %d of %d file(s) cannot be processed\n", argv[0], errors, count); - } if (failcount) { - fprintf(stderr, - "%s: WARNING %d of %d processed file(s) failed GOST hash sum check\n", - argv[0], failcount, count - errors); + fprintf( + stderr, + "%s: WARNING %d of %d processed file(s) failed GOST hash sum check\n", + argv[0], failcount, count - errors); } exit((failcount || errors) ? 1 : 0); } else if (filenames_from_stdin) { @@ -179,7 +182,8 @@ int main(int argc, char **argv) while (!feof(stdin)) { if (!fgets(filename, PATH_MAX, stdin)) break; - for (end = filename; *end; end++) ; + for (end = filename; *end; end++) + ; end--; for (; *end == '\n' || *end == '\r'; end--) *end = 0; @@ -211,7 +215,7 @@ int main(int argc, char **argv) exit(errors ? 1 : 0); } -int hash_file(gost_hash_ctx * ctx, char *filename, char *sum, int mode, +int hash_file(gost_hash_ctx *ctx, char *filename, char *sum, int mode, int hashsize) { int fd; @@ -228,7 +232,7 @@ int hash_file(gost_hash_ctx * ctx, char *filename, char *sum, int mode, return 1; } -int hash_stream(gost_hash_ctx * ctx, int fd, char *sum, int hashsize) +int hash_stream(gost_hash_ctx *ctx, int fd, char *sum, int hashsize) { unsigned char buffer[BUF_SIZE]; ssize_t bytes; @@ -274,8 +278,8 @@ int get_line(FILE *f, char *hash, char *filename, int verbose, int *size) *size = spacepos - ptr; for (i = 0; i < *size; i++) { - if (ptr[i] < '0' || (ptr[i] > '9' && ptr[i] < 'A') || - (ptr[i] > 'F' && ptr[i] < 'a') || ptr[i] > 'f') { + if (ptr[i] < '0' || (ptr[i] > '9' && ptr[i] < 'A') + || (ptr[i] > 'F' && ptr[i] < 'a') || ptr[i] > 'f') { goto nextline; } } @@ -291,7 +295,7 @@ int get_line(FILE *f, char *hash, char *filename, int verbose, int *size) *size /= 2; return 1; - nextline: + nextline: if (verbose) printf("Skipping line %s\n", filename); } diff --git a/gost89.c b/gost89.c index c103e7284..b42cb7a1e 100644 --- a/gost89.c +++ b/gost89.c @@ -7,10 +7,11 @@ * No OpenSSL libraries required to compile and use * * this code * **********************************************************************/ -#include +#include "gost89.h" + #include #include -#include "gost89.h" +#include /*- Substitution blocks from RFC 4357 @@ -23,263 +24,195 @@ /* Substitution blocks from test examples for GOST R 34.11-94*/ gost_subst_block GostR3411_94_TestParamSet = { - {0X1, 0XF, 0XD, 0X0, 0X5, 0X7, 0XA, 0X4, 0X9, 0X2, 0X3, 0XE, 0X6, 0XB, - 0X8, 0XC} - , - {0XD, 0XB, 0X4, 0X1, 0X3, 0XF, 0X5, 0X9, 0X0, 0XA, 0XE, 0X7, 0X6, 0X8, - 0X2, 0XC} - , - {0X4, 0XB, 0XA, 0X0, 0X7, 0X2, 0X1, 0XD, 0X3, 0X6, 0X8, 0X5, 0X9, 0XC, - 0XF, 0XE} - , - {0X6, 0XC, 0X7, 0X1, 0X5, 0XF, 0XD, 0X8, 0X4, 0XA, 0X9, 0XE, 0X0, 0X3, - 0XB, 0X2} - , - {0X7, 0XD, 0XA, 0X1, 0X0, 0X8, 0X9, 0XF, 0XE, 0X4, 0X6, 0XC, 0XB, 0X2, - 0X5, 0X3} - , - {0X5, 0X8, 0X1, 0XD, 0XA, 0X3, 0X4, 0X2, 0XE, 0XF, 0XC, 0X7, 0X6, 0X0, - 0X9, 0XB} - , - {0XE, 0XB, 0X4, 0XC, 0X6, 0XD, 0XF, 0XA, 0X2, 0X3, 0X8, 0X1, 0X0, 0X7, - 0X5, 0X9} - , - {0X4, 0XA, 0X9, 0X2, 0XD, 0X8, 0X0, 0XE, 0X6, 0XB, 0X1, 0XC, 0X7, 0XF, - 0X5, 0X3} -}; + {0X1, 0XF, 0XD, 0X0, 0X5, 0X7, 0XA, 0X4, 0X9, 0X2, 0X3, 0XE, 0X6, 0XB, 0X8, + 0XC}, + {0XD, 0XB, 0X4, 0X1, 0X3, 0XF, 0X5, 0X9, 0X0, 0XA, 0XE, 0X7, 0X6, 0X8, 0X2, + 0XC}, + {0X4, 0XB, 0XA, 0X0, 0X7, 0X2, 0X1, 0XD, 0X3, 0X6, 0X8, 0X5, 0X9, 0XC, 0XF, + 0XE}, + {0X6, 0XC, 0X7, 0X1, 0X5, 0XF, 0XD, 0X8, 0X4, 0XA, 0X9, 0XE, 0X0, 0X3, 0XB, + 0X2}, + {0X7, 0XD, 0XA, 0X1, 0X0, 0X8, 0X9, 0XF, 0XE, 0X4, 0X6, 0XC, 0XB, 0X2, 0X5, + 0X3}, + {0X5, 0X8, 0X1, 0XD, 0XA, 0X3, 0X4, 0X2, 0XE, 0XF, 0XC, 0X7, 0X6, 0X0, 0X9, + 0XB}, + {0XE, 0XB, 0X4, 0XC, 0X6, 0XD, 0XF, 0XA, 0X2, 0X3, 0X8, 0X1, 0X0, 0X7, 0X5, + 0X9}, + {0X4, 0XA, 0X9, 0X2, 0XD, 0X8, 0X0, 0XE, 0X6, 0XB, 0X1, 0XC, 0X7, 0XF, 0X5, + 0X3}}; /* Substitution blocks for hash function 1.2.643.2.9.1.6.1 */ gost_subst_block GostR3411_94_CryptoProParamSet = { - {0x1, 0x3, 0xA, 0x9, 0x5, 0xB, 0x4, 0xF, 0x8, 0x6, 0x7, 0xE, 0xD, 0x0, - 0x2, 0xC} - , - {0xD, 0xE, 0x4, 0x1, 0x7, 0x0, 0x5, 0xA, 0x3, 0xC, 0x8, 0xF, 0x6, 0x2, - 0x9, 0xB} - , - {0x7, 0x6, 0x2, 0x4, 0xD, 0x9, 0xF, 0x0, 0xA, 0x1, 0x5, 0xB, 0x8, 0xE, - 0xC, 0x3} - , - {0x7, 0x6, 0x4, 0xB, 0x9, 0xC, 0x2, 0xA, 0x1, 0x8, 0x0, 0xE, 0xF, 0xD, - 0x3, 0x5} - , - {0x4, 0xA, 0x7, 0xC, 0x0, 0xF, 0x2, 0x8, 0xE, 0x1, 0x6, 0x5, 0xD, 0xB, - 0x9, 0x3} - , - {0x7, 0xF, 0xC, 0xE, 0x9, 0x4, 0x1, 0x0, 0x3, 0xB, 0x5, 0x2, 0x6, 0xA, - 0x8, 0xD} - , - {0x5, 0xF, 0x4, 0x0, 0x2, 0xD, 0xB, 0x9, 0x1, 0x7, 0x6, 0x3, 0xC, 0xE, - 0xA, 0x8} - , - {0xA, 0x4, 0x5, 0x6, 0x8, 0x1, 0x3, 0x7, 0xD, 0xC, 0xE, 0x0, 0x9, 0x2, - 0xB, 0xF} -}; + {0x1, 0x3, 0xA, 0x9, 0x5, 0xB, 0x4, 0xF, 0x8, 0x6, 0x7, 0xE, 0xD, 0x0, 0x2, + 0xC}, + {0xD, 0xE, 0x4, 0x1, 0x7, 0x0, 0x5, 0xA, 0x3, 0xC, 0x8, 0xF, 0x6, 0x2, 0x9, + 0xB}, + {0x7, 0x6, 0x2, 0x4, 0xD, 0x9, 0xF, 0x0, 0xA, 0x1, 0x5, 0xB, 0x8, 0xE, 0xC, + 0x3}, + {0x7, 0x6, 0x4, 0xB, 0x9, 0xC, 0x2, 0xA, 0x1, 0x8, 0x0, 0xE, 0xF, 0xD, 0x3, + 0x5}, + {0x4, 0xA, 0x7, 0xC, 0x0, 0xF, 0x2, 0x8, 0xE, 0x1, 0x6, 0x5, 0xD, 0xB, 0x9, + 0x3}, + {0x7, 0xF, 0xC, 0xE, 0x9, 0x4, 0x1, 0x0, 0x3, 0xB, 0x5, 0x2, 0x6, 0xA, 0x8, + 0xD}, + {0x5, 0xF, 0x4, 0x0, 0x2, 0xD, 0xB, 0x9, 0x1, 0x7, 0x6, 0x3, 0xC, 0xE, 0xA, + 0x8}, + {0xA, 0x4, 0x5, 0x6, 0x8, 0x1, 0x3, 0x7, 0xD, 0xC, 0xE, 0x0, 0x9, 0x2, 0xB, + 0xF}}; /* Test paramset from GOST 28147 */ gost_subst_block Gost28147_TestParamSet = { - {0xC, 0x6, 0x5, 0x2, 0xB, 0x0, 0x9, 0xD, 0x3, 0xE, 0x7, 0xA, 0xF, 0x4, - 0x1, 0x8} - , - {0x9, 0xB, 0xC, 0x0, 0x3, 0x6, 0x7, 0x5, 0x4, 0x8, 0xE, 0xF, 0x1, 0xA, - 0x2, 0xD} - , - {0x8, 0xF, 0x6, 0xB, 0x1, 0x9, 0xC, 0x5, 0xD, 0x3, 0x7, 0xA, 0x0, 0xE, - 0x2, 0x4} - , - {0x3, 0xE, 0x5, 0x9, 0x6, 0x8, 0x0, 0xD, 0xA, 0xB, 0x7, 0xC, 0x2, 0x1, - 0xF, 0x4} - , - {0xE, 0x9, 0xB, 0x2, 0x5, 0xF, 0x7, 0x1, 0x0, 0xD, 0xC, 0x6, 0xA, 0x4, - 0x3, 0x8} - , - {0xD, 0x8, 0xE, 0xC, 0x7, 0x3, 0x9, 0xA, 0x1, 0x5, 0x2, 0x4, 0x6, 0xF, - 0x0, 0xB} - , - {0xC, 0x9, 0xF, 0xE, 0x8, 0x1, 0x3, 0xA, 0x2, 0x7, 0x4, 0xD, 0x6, 0x0, - 0xB, 0x5} - , - {0x4, 0x2, 0xF, 0x5, 0x9, 0x1, 0x0, 0x8, 0xE, 0x3, 0xB, 0xC, 0xD, 0x7, - 0xA, 0x6} -}; + {0xC, 0x6, 0x5, 0x2, 0xB, 0x0, 0x9, 0xD, 0x3, 0xE, 0x7, 0xA, 0xF, 0x4, 0x1, + 0x8}, + {0x9, 0xB, 0xC, 0x0, 0x3, 0x6, 0x7, 0x5, 0x4, 0x8, 0xE, 0xF, 0x1, 0xA, 0x2, + 0xD}, + {0x8, 0xF, 0x6, 0xB, 0x1, 0x9, 0xC, 0x5, 0xD, 0x3, 0x7, 0xA, 0x0, 0xE, 0x2, + 0x4}, + {0x3, 0xE, 0x5, 0x9, 0x6, 0x8, 0x0, 0xD, 0xA, 0xB, 0x7, 0xC, 0x2, 0x1, 0xF, + 0x4}, + {0xE, 0x9, 0xB, 0x2, 0x5, 0xF, 0x7, 0x1, 0x0, 0xD, 0xC, 0x6, 0xA, 0x4, 0x3, + 0x8}, + {0xD, 0x8, 0xE, 0xC, 0x7, 0x3, 0x9, 0xA, 0x1, 0x5, 0x2, 0x4, 0x6, 0xF, 0x0, + 0xB}, + {0xC, 0x9, 0xF, 0xE, 0x8, 0x1, 0x3, 0xA, 0x2, 0x7, 0x4, 0xD, 0x6, 0x0, 0xB, + 0x5}, + {0x4, 0x2, 0xF, 0x5, 0x9, 0x1, 0x0, 0x8, 0xE, 0x3, 0xB, 0xC, 0xD, 0x7, 0xA, + 0x6}}; /* 1.2.643.2.2.31.1 */ gost_subst_block Gost28147_CryptoProParamSetA = { - {0xB, 0xA, 0xF, 0x5, 0x0, 0xC, 0xE, 0x8, 0x6, 0x2, 0x3, 0x9, 0x1, 0x7, - 0xD, 0x4} - , - {0x1, 0xD, 0x2, 0x9, 0x7, 0xA, 0x6, 0x0, 0x8, 0xC, 0x4, 0x5, 0xF, 0x3, - 0xB, 0xE} - , - {0x3, 0xA, 0xD, 0xC, 0x1, 0x2, 0x0, 0xB, 0x7, 0x5, 0x9, 0x4, 0x8, 0xF, - 0xE, 0x6} - , - {0xB, 0x5, 0x1, 0x9, 0x8, 0xD, 0xF, 0x0, 0xE, 0x4, 0x2, 0x3, 0xC, 0x7, - 0xA, 0x6} - , - {0xE, 0x7, 0xA, 0xC, 0xD, 0x1, 0x3, 0x9, 0x0, 0x2, 0xB, 0x4, 0xF, 0x8, - 0x5, 0x6} - , - {0xE, 0x4, 0x6, 0x2, 0xB, 0x3, 0xD, 0x8, 0xC, 0xF, 0x5, 0xA, 0x0, 0x7, - 0x1, 0x9} - , - {0x3, 0x7, 0xE, 0x9, 0x8, 0xA, 0xF, 0x0, 0x5, 0x2, 0x6, 0xC, 0xB, 0x4, - 0xD, 0x1} - , - {0x9, 0x6, 0x3, 0x2, 0x8, 0xB, 0x1, 0x7, 0xA, 0x4, 0xE, 0xF, 0xC, 0x0, - 0xD, 0x5} -}; + {0xB, 0xA, 0xF, 0x5, 0x0, 0xC, 0xE, 0x8, 0x6, 0x2, 0x3, 0x9, 0x1, 0x7, 0xD, + 0x4}, + {0x1, 0xD, 0x2, 0x9, 0x7, 0xA, 0x6, 0x0, 0x8, 0xC, 0x4, 0x5, 0xF, 0x3, 0xB, + 0xE}, + {0x3, 0xA, 0xD, 0xC, 0x1, 0x2, 0x0, 0xB, 0x7, 0x5, 0x9, 0x4, 0x8, 0xF, 0xE, + 0x6}, + {0xB, 0x5, 0x1, 0x9, 0x8, 0xD, 0xF, 0x0, 0xE, 0x4, 0x2, 0x3, 0xC, 0x7, 0xA, + 0x6}, + {0xE, 0x7, 0xA, 0xC, 0xD, 0x1, 0x3, 0x9, 0x0, 0x2, 0xB, 0x4, 0xF, 0x8, 0x5, + 0x6}, + {0xE, 0x4, 0x6, 0x2, 0xB, 0x3, 0xD, 0x8, 0xC, 0xF, 0x5, 0xA, 0x0, 0x7, 0x1, + 0x9}, + {0x3, 0x7, 0xE, 0x9, 0x8, 0xA, 0xF, 0x0, 0x5, 0x2, 0x6, 0xC, 0xB, 0x4, 0xD, + 0x1}, + {0x9, 0x6, 0x3, 0x2, 0x8, 0xB, 0x1, 0x7, 0xA, 0x4, 0xE, 0xF, 0xC, 0x0, 0xD, + 0x5}}; /* 1.2.643.2.2.31.2 */ gost_subst_block Gost28147_CryptoProParamSetB = { - {0x0, 0x4, 0xB, 0xE, 0x8, 0x3, 0x7, 0x1, 0xA, 0x2, 0x9, 0x6, 0xF, 0xD, - 0x5, 0xC} - , - {0x5, 0x2, 0xA, 0xB, 0x9, 0x1, 0xC, 0x3, 0x7, 0x4, 0xD, 0x0, 0x6, 0xF, - 0x8, 0xE} - , - {0x8, 0x3, 0x2, 0x6, 0x4, 0xD, 0xE, 0xB, 0xC, 0x1, 0x7, 0xF, 0xA, 0x0, - 0x9, 0x5} - , - {0x2, 0x7, 0xC, 0xF, 0x9, 0x5, 0xA, 0xB, 0x1, 0x4, 0x0, 0xD, 0x6, 0x8, - 0xE, 0x3} - , - {0x7, 0x5, 0x0, 0xD, 0xB, 0x6, 0x1, 0x2, 0x3, 0xA, 0xC, 0xF, 0x4, 0xE, - 0x9, 0x8} - , - {0xE, 0xC, 0x0, 0xA, 0x9, 0x2, 0xD, 0xB, 0x7, 0x5, 0x8, 0xF, 0x3, 0x6, - 0x1, 0x4} - , - {0x0, 0x1, 0x2, 0xA, 0x4, 0xD, 0x5, 0xC, 0x9, 0x7, 0x3, 0xF, 0xB, 0x8, - 0x6, 0xE} - , - {0x8, 0x4, 0xB, 0x1, 0x3, 0x5, 0x0, 0x9, 0x2, 0xE, 0xA, 0xC, 0xD, 0x6, - 0x7, 0xF} -}; + {0x0, 0x4, 0xB, 0xE, 0x8, 0x3, 0x7, 0x1, 0xA, 0x2, 0x9, 0x6, 0xF, 0xD, 0x5, + 0xC}, + {0x5, 0x2, 0xA, 0xB, 0x9, 0x1, 0xC, 0x3, 0x7, 0x4, 0xD, 0x0, 0x6, 0xF, 0x8, + 0xE}, + {0x8, 0x3, 0x2, 0x6, 0x4, 0xD, 0xE, 0xB, 0xC, 0x1, 0x7, 0xF, 0xA, 0x0, 0x9, + 0x5}, + {0x2, 0x7, 0xC, 0xF, 0x9, 0x5, 0xA, 0xB, 0x1, 0x4, 0x0, 0xD, 0x6, 0x8, 0xE, + 0x3}, + {0x7, 0x5, 0x0, 0xD, 0xB, 0x6, 0x1, 0x2, 0x3, 0xA, 0xC, 0xF, 0x4, 0xE, 0x9, + 0x8}, + {0xE, 0xC, 0x0, 0xA, 0x9, 0x2, 0xD, 0xB, 0x7, 0x5, 0x8, 0xF, 0x3, 0x6, 0x1, + 0x4}, + {0x0, 0x1, 0x2, 0xA, 0x4, 0xD, 0x5, 0xC, 0x9, 0x7, 0x3, 0xF, 0xB, 0x8, 0x6, + 0xE}, + {0x8, 0x4, 0xB, 0x1, 0x3, 0x5, 0x0, 0x9, 0x2, 0xE, 0xA, 0xC, 0xD, 0x6, 0x7, + 0xF}}; /* 1.2.643.2.2.31.3 */ gost_subst_block Gost28147_CryptoProParamSetC = { - {0x7, 0x4, 0x0, 0x5, 0xA, 0x2, 0xF, 0xE, 0xC, 0x6, 0x1, 0xB, 0xD, 0x9, - 0x3, 0x8} - , - {0xA, 0x9, 0x6, 0x8, 0xD, 0xE, 0x2, 0x0, 0xF, 0x3, 0x5, 0xB, 0x4, 0x1, - 0xC, 0x7} - , - {0xC, 0x9, 0xB, 0x1, 0x8, 0xE, 0x2, 0x4, 0x7, 0x3, 0x6, 0x5, 0xA, 0x0, - 0xF, 0xD} - , - {0x8, 0xD, 0xB, 0x0, 0x4, 0x5, 0x1, 0x2, 0x9, 0x3, 0xC, 0xE, 0x6, 0xF, - 0xA, 0x7} - , - {0x3, 0x6, 0x0, 0x1, 0x5, 0xD, 0xA, 0x8, 0xB, 0x2, 0x9, 0x7, 0xE, 0xF, - 0xC, 0x4} - , - {0x8, 0x2, 0x5, 0x0, 0x4, 0x9, 0xF, 0xA, 0x3, 0x7, 0xC, 0xD, 0x6, 0xE, - 0x1, 0xB} - , - {0x0, 0x1, 0x7, 0xD, 0xB, 0x4, 0x5, 0x2, 0x8, 0xE, 0xF, 0xC, 0x9, 0xA, - 0x6, 0x3} - , - {0x1, 0xB, 0xC, 0x2, 0x9, 0xD, 0x0, 0xF, 0x4, 0x5, 0x8, 0xE, 0xA, 0x7, - 0x6, 0x3} -}; + {0x7, 0x4, 0x0, 0x5, 0xA, 0x2, 0xF, 0xE, 0xC, 0x6, 0x1, 0xB, 0xD, 0x9, 0x3, + 0x8}, + {0xA, 0x9, 0x6, 0x8, 0xD, 0xE, 0x2, 0x0, 0xF, 0x3, 0x5, 0xB, 0x4, 0x1, 0xC, + 0x7}, + {0xC, 0x9, 0xB, 0x1, 0x8, 0xE, 0x2, 0x4, 0x7, 0x3, 0x6, 0x5, 0xA, 0x0, 0xF, + 0xD}, + {0x8, 0xD, 0xB, 0x0, 0x4, 0x5, 0x1, 0x2, 0x9, 0x3, 0xC, 0xE, 0x6, 0xF, 0xA, + 0x7}, + {0x3, 0x6, 0x0, 0x1, 0x5, 0xD, 0xA, 0x8, 0xB, 0x2, 0x9, 0x7, 0xE, 0xF, 0xC, + 0x4}, + {0x8, 0x2, 0x5, 0x0, 0x4, 0x9, 0xF, 0xA, 0x3, 0x7, 0xC, 0xD, 0x6, 0xE, 0x1, + 0xB}, + {0x0, 0x1, 0x7, 0xD, 0xB, 0x4, 0x5, 0x2, 0x8, 0xE, 0xF, 0xC, 0x9, 0xA, 0x6, + 0x3}, + {0x1, 0xB, 0xC, 0x2, 0x9, 0xD, 0x0, 0xF, 0x4, 0x5, 0x8, 0xE, 0xA, 0x7, 0x6, + 0x3}}; /* 1.2.643.2.2.31.4 */ gost_subst_block Gost28147_CryptoProParamSetD = { - {0x1, 0xA, 0x6, 0x8, 0xF, 0xB, 0x0, 0x4, 0xC, 0x3, 0x5, 0x9, 0x7, 0xD, - 0x2, 0xE} - , - {0x3, 0x0, 0x6, 0xF, 0x1, 0xE, 0x9, 0x2, 0xD, 0x8, 0xC, 0x4, 0xB, 0xA, - 0x5, 0x7} - , - {0x8, 0x0, 0xF, 0x3, 0x2, 0x5, 0xE, 0xB, 0x1, 0xA, 0x4, 0x7, 0xC, 0x9, - 0xD, 0x6} - , - {0x0, 0xC, 0x8, 0x9, 0xD, 0x2, 0xA, 0xB, 0x7, 0x3, 0x6, 0x5, 0x4, 0xE, - 0xF, 0x1} - , - {0x1, 0x5, 0xE, 0xC, 0xA, 0x7, 0x0, 0xD, 0x6, 0x2, 0xB, 0x4, 0x9, 0x3, - 0xF, 0x8} - , - {0x1, 0xC, 0xB, 0x0, 0xF, 0xE, 0x6, 0x5, 0xA, 0xD, 0x4, 0x8, 0x9, 0x3, - 0x7, 0x2} - , - {0xB, 0x6, 0x3, 0x4, 0xC, 0xF, 0xE, 0x2, 0x7, 0xD, 0x8, 0x0, 0x5, 0xA, - 0x9, 0x1} - , - {0xF, 0xC, 0x2, 0xA, 0x6, 0x4, 0x5, 0x0, 0x7, 0x9, 0xE, 0xD, 0x1, 0xB, - 0x8, 0x3} -}; + {0x1, 0xA, 0x6, 0x8, 0xF, 0xB, 0x0, 0x4, 0xC, 0x3, 0x5, 0x9, 0x7, 0xD, 0x2, + 0xE}, + {0x3, 0x0, 0x6, 0xF, 0x1, 0xE, 0x9, 0x2, 0xD, 0x8, 0xC, 0x4, 0xB, 0xA, 0x5, + 0x7}, + {0x8, 0x0, 0xF, 0x3, 0x2, 0x5, 0xE, 0xB, 0x1, 0xA, 0x4, 0x7, 0xC, 0x9, 0xD, + 0x6}, + {0x0, 0xC, 0x8, 0x9, 0xD, 0x2, 0xA, 0xB, 0x7, 0x3, 0x6, 0x5, 0x4, 0xE, 0xF, + 0x1}, + {0x1, 0x5, 0xE, 0xC, 0xA, 0x7, 0x0, 0xD, 0x6, 0x2, 0xB, 0x4, 0x9, 0x3, 0xF, + 0x8}, + {0x1, 0xC, 0xB, 0x0, 0xF, 0xE, 0x6, 0x5, 0xA, 0xD, 0x4, 0x8, 0x9, 0x3, 0x7, + 0x2}, + {0xB, 0x6, 0x3, 0x4, 0xC, 0xF, 0xE, 0x2, 0x7, 0xD, 0x8, 0x0, 0x5, 0xA, 0x9, + 0x1}, + {0xF, 0xC, 0x2, 0xA, 0x6, 0x4, 0x5, 0x0, 0x7, 0x9, 0xE, 0xD, 0x1, 0xB, 0x8, + 0x3}}; /* 1.2.643.7.1.2.5.1.1 */ gost_subst_block Gost28147_TC26ParamSetZ = { - {0x1, 0x7, 0xe, 0xd, 0x0, 0x5, 0x8, 0x3, 0x4, 0xf, 0xa, 0x6, 0x9, 0xc, - 0xb, 0x2} - , - {0x8, 0xe, 0x2, 0x5, 0x6, 0x9, 0x1, 0xc, 0xf, 0x4, 0xb, 0x0, 0xd, 0xa, - 0x3, 0x7} - , - {0x5, 0xd, 0xf, 0x6, 0x9, 0x2, 0xc, 0xa, 0xb, 0x7, 0x8, 0x1, 0x4, 0x3, - 0xe, 0x0} - , - {0x7, 0xf, 0x5, 0xa, 0x8, 0x1, 0x6, 0xd, 0x0, 0x9, 0x3, 0xe, 0xb, 0x4, - 0x2, 0xc} - , - {0xc, 0x8, 0x2, 0x1, 0xd, 0x4, 0xf, 0x6, 0x7, 0x0, 0xa, 0x5, 0x3, 0xe, - 0x9, 0xb} - , - {0xb, 0x3, 0x5, 0x8, 0x2, 0xf, 0xa, 0xd, 0xe, 0x1, 0x7, 0x4, 0xc, 0x9, - 0x6, 0x0} - , - {0x6, 0x8, 0x2, 0x3, 0x9, 0xa, 0x5, 0xc, 0x1, 0xe, 0x4, 0x7, 0xb, 0xd, - 0x0, 0xf} - , - {0xc, 0x4, 0x6, 0x2, 0xa, 0x5, 0xb, 0x9, 0xe, 0x8, 0xd, 0x7, 0x0, 0x3, - 0xf, 0x1} -}; + {0x1, 0x7, 0xe, 0xd, 0x0, 0x5, 0x8, 0x3, 0x4, 0xf, 0xa, 0x6, 0x9, 0xc, 0xb, + 0x2}, + {0x8, 0xe, 0x2, 0x5, 0x6, 0x9, 0x1, 0xc, 0xf, 0x4, 0xb, 0x0, 0xd, 0xa, 0x3, + 0x7}, + {0x5, 0xd, 0xf, 0x6, 0x9, 0x2, 0xc, 0xa, 0xb, 0x7, 0x8, 0x1, 0x4, 0x3, 0xe, + 0x0}, + {0x7, 0xf, 0x5, 0xa, 0x8, 0x1, 0x6, 0xd, 0x0, 0x9, 0x3, 0xe, 0xb, 0x4, 0x2, + 0xc}, + {0xc, 0x8, 0x2, 0x1, 0xd, 0x4, 0xf, 0x6, 0x7, 0x0, 0xa, 0x5, 0x3, 0xe, 0x9, + 0xb}, + {0xb, 0x3, 0x5, 0x8, 0x2, 0xf, 0xa, 0xd, 0xe, 0x1, 0x7, 0x4, 0xc, 0x9, 0x6, + 0x0}, + {0x6, 0x8, 0x2, 0x3, 0x9, 0xa, 0x5, 0xc, 0x1, 0xe, 0x4, 0x7, 0xb, 0xd, 0x0, + 0xf}, + {0xc, 0x4, 0x6, 0x2, 0xa, 0x5, 0xb, 0x9, 0xe, 0x8, 0xd, 0x7, 0x0, 0x3, 0xf, + 0x1}}; const byte CryptoProKeyMeshingKey[] = { - 0x69, 0x00, 0x72, 0x22, 0x64, 0xC9, 0x04, 0x23, - 0x8D, 0x3A, 0xDB, 0x96, 0x46, 0xE9, 0x2A, 0xC4, - 0x18, 0xFE, 0xAC, 0x94, 0x00, 0xED, 0x07, 0x12, - 0xC0, 0x86, 0xDC, 0xC2, 0xEF, 0x4C, 0xA9, 0x2B -}; + 0x69, 0x00, 0x72, 0x22, 0x64, 0xC9, 0x04, 0x23, 0x8D, 0x3A, 0xDB, + 0x96, 0x46, 0xE9, 0x2A, 0xC4, 0x18, 0xFE, 0xAC, 0x94, 0x00, 0xED, + 0x07, 0x12, 0xC0, 0x86, 0xDC, 0xC2, 0xEF, 0x4C, 0xA9, 0x2B}; const byte ACPKM_D_const[] = { - 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, - 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x8D, 0x8E, 0x8F, - 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, - 0x98, 0x99, 0x9A, 0x9B, 0x9C, 0x9D, 0x9E, 0x9F, + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8A, + 0x8B, 0x8C, 0x8D, 0x8E, 0x8F, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9A, 0x9B, 0x9C, 0x9D, 0x9E, 0x9F, }; /* Initialization of gost_ctx subst blocks*/ -void kboxinit(gost_ctx * c, const gost_subst_block * b) +void kboxinit(gost_ctx *c, const gost_subst_block *b) { int i; for (i = 0; i < 256; i++) { - c->k87[i] = (word32) (b->k8[i >> 4] << 4 | b->k7[i & 15]) << 24; + c->k87[i] = (word32)(b->k8[i >> 4] << 4 | b->k7[i & 15]) << 24; c->k65[i] = (b->k6[i >> 4] << 4 | b->k5[i & 15]) << 16; c->k43[i] = (b->k4[i >> 4] << 4 | b->k3[i & 15]) << 8; c->k21[i] = b->k2[i >> 4] << 4 | b->k1[i & 15]; - } } /* Part of GOST 28147 algorithm moved into separate function */ -static word32 f(gost_ctx * c, word32 x) +static word32 f(gost_ctx *c, word32 x) { - x = c->k87[x >> 24 & 255] | c->k65[x >> 16 & 255] | - c->k43[x >> 8 & 255] | c->k21[x & 255]; + x = c->k87[x >> 24 & 255] | c->k65[x >> 16 & 255] | c->k43[x >> 8 & 255] + | c->k21[x & 255]; /* Rotate left 11 bits */ return x << 11 | x >> (32 - 11); } /* Low-level encryption routine - encrypts one 64 bit block*/ -void gostcrypt(gost_ctx * c, const byte * in, byte * out) +void gostcrypt(gost_ctx *c, const byte *in, byte *out) { - register word32 n1, n2; /* As named in the GOST */ - n1 = in[0] | (in[1] << 8) | (in[2] << 16) | ((word32) in[3] << 24); - n2 = in[4] | (in[5] << 8) | (in[6] << 16) | ((word32) in[7] << 24); + register word32 n1, n2; /* As named in the GOST */ + n1 = in[0] | (in[1] << 8) | (in[2] << 16) | ((word32)in[3] << 24); + n2 = in[4] | (in[5] << 8) | (in[6] << 16) | ((word32)in[7] << 24); /* Instead of swapping halves, swap names each round */ n2 ^= f(c, n1 + c->key[0] + c->mask[0]); @@ -318,22 +251,24 @@ void gostcrypt(gost_ctx * c, const byte * in, byte * out) n2 ^= f(c, n1 + c->key[1] + c->mask[1]); n1 ^= f(c, n2 + c->key[0] + c->mask[0]); - out[0] = (byte) (n2 & 0xff); - out[1] = (byte) ((n2 >> 8) & 0xff); - out[2] = (byte) ((n2 >> 16) & 0xff); - out[3] = (byte) (n2 >> 24); - out[4] = (byte) (n1 & 0xff); - out[5] = (byte) ((n1 >> 8) & 0xff); - out[6] = (byte) ((n1 >> 16) & 0xff); - out[7] = (byte) (n1 >> 24); + out[0] = (byte)(n2 & 0xff); + out[1] = (byte)((n2 >> 8) & 0xff); + out[2] = (byte)((n2 >> 16) & 0xff); + out[3] = (byte)(n2 >> 24); + out[4] = (byte)(n1 & 0xff); + out[5] = (byte)((n1 >> 8) & 0xff); + out[6] = (byte)((n1 >> 16) & 0xff); + out[7] = (byte)(n1 >> 24); } /* Low-level encryption routine - encrypts one 64 bit block*/ -void magmacrypt(gost_ctx * c, const byte * in, byte * out) +void magmacrypt(gost_ctx *c, const byte *in, byte *out) { - register word32 n1, n2; /* As named in the GOST */ - n1 = in[7-0] | (in[7-1] << 8) | (in[7-2] << 16) | ((word32) in[7-3] << 24); - n2 = in[7-4] | (in[7-5] << 8) | (in[7-6] << 16) | ((word32) in[7-7] << 24); + register word32 n1, n2; /* As named in the GOST */ + n1 = in[7 - 0] | (in[7 - 1] << 8) | (in[7 - 2] << 16) + | ((word32)in[7 - 3] << 24); + n2 = in[7 - 4] | (in[7 - 5] << 8) | (in[7 - 6] << 16) + | ((word32)in[7 - 7] << 24); /* Instead of swapping halves, swap names each round */ n2 ^= f(c, n1 + c->key[0] + c->mask[0]); @@ -372,22 +307,22 @@ void magmacrypt(gost_ctx * c, const byte * in, byte * out) n2 ^= f(c, n1 + c->key[1] + c->mask[1]); n1 ^= f(c, n2 + c->key[0] + c->mask[0]); - out[7-0] = (byte) (n2 & 0xff); - out[7-1] = (byte) ((n2 >> 8) & 0xff); - out[7-2] = (byte) ((n2 >> 16) & 0xff); - out[7-3] = (byte) (n2 >> 24); - out[7-4] = (byte) (n1 & 0xff); - out[7-5] = (byte) ((n1 >> 8) & 0xff); - out[7-6] = (byte) ((n1 >> 16) & 0xff); - out[7-7] = (byte) (n1 >> 24); + out[7 - 0] = (byte)(n2 & 0xff); + out[7 - 1] = (byte)((n2 >> 8) & 0xff); + out[7 - 2] = (byte)((n2 >> 16) & 0xff); + out[7 - 3] = (byte)(n2 >> 24); + out[7 - 4] = (byte)(n1 & 0xff); + out[7 - 5] = (byte)((n1 >> 8) & 0xff); + out[7 - 6] = (byte)((n1 >> 16) & 0xff); + out[7 - 7] = (byte)(n1 >> 24); } /* Low-level decryption routine. Decrypts one 64-bit block */ -void gostdecrypt(gost_ctx * c, const byte * in, byte * out) +void gostdecrypt(gost_ctx *c, const byte *in, byte *out) { - register word32 n1, n2; /* As named in the GOST */ - n1 = in[0] | (in[1] << 8) | (in[2] << 16) | ((word32) in[3] << 24); - n2 = in[4] | (in[5] << 8) | (in[6] << 16) | ((word32) in[7] << 24); + register word32 n1, n2; /* As named in the GOST */ + n1 = in[0] | (in[1] << 8) | (in[2] << 16) | ((word32)in[3] << 24); + n2 = in[4] | (in[5] << 8) | (in[6] << 16) | ((word32)in[7] << 24); n2 ^= f(c, n1 + c->key[0] + c->mask[0]); n1 ^= f(c, n2 + c->key[1] + c->mask[1]); @@ -425,22 +360,24 @@ void gostdecrypt(gost_ctx * c, const byte * in, byte * out) n2 ^= f(c, n1 + c->key[1] + c->mask[1]); n1 ^= f(c, n2 + c->key[0] + c->mask[0]); - out[0] = (byte) (n2 & 0xff); - out[1] = (byte) ((n2 >> 8) & 0xff); - out[2] = (byte) ((n2 >> 16) & 0xff); - out[3] = (byte) (n2 >> 24); - out[4] = (byte) (n1 & 0xff); - out[5] = (byte) ((n1 >> 8) & 0xff); - out[6] = (byte) ((n1 >> 16) & 0xff); - out[7] = (byte) (n1 >> 24); + out[0] = (byte)(n2 & 0xff); + out[1] = (byte)((n2 >> 8) & 0xff); + out[2] = (byte)((n2 >> 16) & 0xff); + out[3] = (byte)(n2 >> 24); + out[4] = (byte)(n1 & 0xff); + out[5] = (byte)((n1 >> 8) & 0xff); + out[6] = (byte)((n1 >> 16) & 0xff); + out[7] = (byte)(n1 >> 24); } /* Low-level decryption routine. Decrypts one 64-bit block */ -void magmadecrypt(gost_ctx * c, const byte * in, byte * out) +void magmadecrypt(gost_ctx *c, const byte *in, byte *out) { - register word32 n1, n2; /* As named in the GOST */ - n1 = in[7-0] | (in[7-1] << 8) | (in[7-2] << 16) | ((word32) in[7-3] << 24); - n2 = in[7-4] | (in[7-5] << 8) | (in[7-6] << 16) | ((word32) in[7-7] << 24); + register word32 n1, n2; /* As named in the GOST */ + n1 = in[7 - 0] | (in[7 - 1] << 8) | (in[7 - 2] << 16) + | ((word32)in[7 - 3] << 24); + n2 = in[7 - 4] | (in[7 - 5] << 8) | (in[7 - 6] << 16) + | ((word32)in[7 - 7] << 24); n2 ^= f(c, n1 + c->key[0] + c->mask[0]); n1 ^= f(c, n2 + c->key[1] + c->mask[1]); @@ -478,19 +415,18 @@ void magmadecrypt(gost_ctx * c, const byte * in, byte * out) n2 ^= f(c, n1 + c->key[1] + c->mask[1]); n1 ^= f(c, n2 + c->key[0] + c->mask[0]); - out[7-0] = (byte) (n2 & 0xff); - out[7-1] = (byte) ((n2 >> 8) & 0xff); - out[7-2] = (byte) ((n2 >> 16) & 0xff); - out[7-3] = (byte) (n2 >> 24); - out[7-4] = (byte) (n1 & 0xff); - out[7-5] = (byte) ((n1 >> 8) & 0xff); - out[7-6] = (byte) ((n1 >> 16) & 0xff); - out[7-7] = (byte) (n1 >> 24); + out[7 - 0] = (byte)(n2 & 0xff); + out[7 - 1] = (byte)((n2 >> 8) & 0xff); + out[7 - 2] = (byte)((n2 >> 16) & 0xff); + out[7 - 3] = (byte)(n2 >> 24); + out[7 - 4] = (byte)(n1 & 0xff); + out[7 - 5] = (byte)((n1 >> 8) & 0xff); + out[7 - 6] = (byte)((n1 >> 16) & 0xff); + out[7 - 7] = (byte)(n1 >> 24); } - /* Encrypts several blocks in ECB mode */ -void gost_enc(gost_ctx * c, const byte * clear, byte * cipher, int blocks) +void gost_enc(gost_ctx *c, const byte *clear, byte *cipher, int blocks) { int i; for (i = 0; i < blocks; i++) { @@ -501,7 +437,7 @@ void gost_enc(gost_ctx * c, const byte * clear, byte * cipher, int blocks) } /* Decrypts several blocks in ECB mode */ -void gost_dec(gost_ctx * c, const byte * cipher, byte * clear, int blocks) +void gost_dec(gost_ctx *c, const byte *cipher, byte *clear, int blocks) { int i; for (i = 0; i < blocks; i++) { @@ -512,8 +448,8 @@ void gost_dec(gost_ctx * c, const byte * cipher, byte * clear, int blocks) } /* Encrypts several full blocks in CFB mode using 8byte IV */ -void gost_enc_cfb(gost_ctx * ctx, const byte * iv, const byte * clear, - byte * cipher, int blocks) +void gost_enc_cfb(gost_ctx *ctx, const byte *iv, const byte *clear, + byte *cipher, int blocks) { byte cur_iv[8]; byte gamma[8]; @@ -530,8 +466,8 @@ void gost_enc_cfb(gost_ctx * ctx, const byte * iv, const byte * clear, } /* Decrypts several full blocks in CFB mode using 8byte IV */ -void gost_dec_cfb(gost_ctx * ctx, const byte * iv, const byte * cipher, - byte * clear, int blocks) +void gost_dec_cfb(gost_ctx *ctx, const byte *iv, const byte *cipher, + byte *clear, int blocks) { byte cur_iv[8]; byte gamma[8]; @@ -548,79 +484,79 @@ void gost_dec_cfb(gost_ctx * ctx, const byte * iv, const byte * cipher, } /* Encrypts one block using specified key */ -void gost_enc_with_key(gost_ctx * c, byte * key, byte * inblock, - byte * outblock) +void gost_enc_with_key(gost_ctx *c, byte *key, byte *inblock, byte *outblock) { gost_key_nomask(c, key); gostcrypt(c, inblock, outblock); } -static void gost_key_impl(gost_ctx * c, const byte * k) +static void gost_key_impl(gost_ctx *c, const byte *k) { int i, j; for (i = 0, j = 0; i < 8; ++i, j += 4) { - c->key[i] = - (k[j] | (k[j + 1] << 8) | (k[j + 2] << 16) | ((word32) k[j + 3] << - 24)) - c->mask[i]; + c->key[i] = (k[j] | (k[j + 1] << 8) | (k[j + 2] << 16) + | ((word32)k[j + 3] << 24)) + - c->mask[i]; } } /* Set 256 bit gost89 key into context */ -void gost_key(gost_ctx * c, const byte * k) +void gost_key(gost_ctx *c, const byte *k) { RAND_priv_bytes((unsigned char *)c->mask, sizeof(c->mask)); gost_key_impl(c, k); } /* Set 256 bit gost89 key into context without key mask */ -void gost_key_nomask(gost_ctx * c, const byte * k) +void gost_key_nomask(gost_ctx *c, const byte *k) { memset(c->mask, 0, sizeof(c->mask)); gost_key_impl(c, k); } /* Set 256 bit Magma key into context */ -void magma_key(gost_ctx * c, const byte * k) +void magma_key(gost_ctx *c, const byte *k) { int i, j; RAND_priv_bytes((unsigned char *)c->mask, sizeof(c->mask)); for (i = 0, j = 0; i < 8; ++i, j += 4) { - c->key[i] = - (k[j + 3] | (k[j + 2] << 8) | (k[j + 1] << 16) | ((word32) k[j] << - 24)) - c->mask[i]; + c->key[i] = (k[j + 3] | (k[j + 2] << 8) | (k[j + 1] << 16) + | ((word32)k[j] << 24)) + - c->mask[i]; } } -void magma_master_key(gost_ctx *c, const byte *k) { +void magma_master_key(gost_ctx *c, const byte *k) +{ memcpy(c->master_key, k, sizeof(c->master_key)); } /* Retrieve 256-bit gost89 key from context */ -void gost_get_key(gost_ctx * c, byte * k) +void gost_get_key(gost_ctx *c, byte *k) { int i, j; for (i = 0, j = 0; i < 8; i++, j += 4) { k[j] = (byte)((c->key[i] + c->mask[i]) & 0xFF); - k[j+1] = (byte)(((c->key[i] + c->mask[i]) >> 8 )& 0xFF); - k[j+2] = (byte)(((c->key[i] + c->mask[i]) >> 16) & 0xFF); - k[j+3] = (byte)(((c->key[i] + c->mask[i]) >> 24) & 0xFF); + k[j + 1] = (byte)(((c->key[i] + c->mask[i]) >> 8) & 0xFF); + k[j + 2] = (byte)(((c->key[i] + c->mask[i]) >> 16) & 0xFF); + k[j + 3] = (byte)(((c->key[i] + c->mask[i]) >> 24) & 0xFF); } } /* Retrieve 256-bit magma key from context */ -void magma_get_key(gost_ctx * c, byte * k) +void magma_get_key(gost_ctx *c, byte *k) { int i, j; for (i = 0, j = 0; i < 8; i++, j += 4) { - k[j + 3] = (byte) ((c->key[i] + c->mask[i]) & 0xFF); - k[j + 2] = (byte) (((c->key[i] + c->mask[i]) >> 8) & 0xFF); - k[j + 1] = (byte) (((c->key[i] + c->mask[i]) >> 16) & 0xFF); - k[j + 0] = (byte) (((c->key[i] + c->mask[i]) >> 24) & 0xFF); + k[j + 3] = (byte)((c->key[i] + c->mask[i]) & 0xFF); + k[j + 2] = (byte)(((c->key[i] + c->mask[i]) >> 8) & 0xFF); + k[j + 1] = (byte)(((c->key[i] + c->mask[i]) >> 16) & 0xFF); + k[j + 0] = (byte)(((c->key[i] + c->mask[i]) >> 24) & 0xFF); } } /* Initalize context. Provides default value for subst_block */ -void gost_init(gost_ctx * c, const gost_subst_block * b) +void gost_init(gost_ctx *c, const gost_subst_block *b) { if (!b) { b = &GostR3411_94_TestParamSet; @@ -629,7 +565,7 @@ void gost_init(gost_ctx * c, const gost_subst_block * b) } /* Cleans up key from context */ -void gost_destroy(gost_ctx * c) +void gost_destroy(gost_ctx *c) { OPENSSL_cleanse(c->master_key, sizeof(c->master_key)); OPENSSL_cleanse(c->key, sizeof(c->key)); @@ -641,17 +577,17 @@ void gost_destroy(gost_ctx * c) * with substitution blocks and key buffer - 8-byte mac state buffer block * 8-byte block to process. */ -void mac_block(gost_ctx * c, byte * buffer, const byte * block) +void mac_block(gost_ctx *c, byte *buffer, const byte *block) { - register word32 n1, n2; /* As named in the GOST */ + register word32 n1, n2; /* As named in the GOST */ int i; for (i = 0; i < 8; i++) { buffer[i] ^= block[i]; } - n1 = buffer[0] | (buffer[1] << 8) | (buffer[2] << 16) | ((word32) - buffer[3] << 24); - n2 = buffer[4] | (buffer[5] << 8) | (buffer[6] << 16) | ((word32) - buffer[7] << 24); + n1 = buffer[0] | (buffer[1] << 8) | (buffer[2] << 16) + | ((word32)buffer[3] << 24); + n2 = buffer[4] | (buffer[5] << 8) | (buffer[6] << 16) + | ((word32)buffer[7] << 24); /* Instead of swapping halves, swap names each round */ n2 ^= f(c, n1 + c->key[0] + c->mask[0]); @@ -672,18 +608,18 @@ void mac_block(gost_ctx * c, byte * buffer, const byte * block) n2 ^= f(c, n1 + c->key[6] + c->mask[6]); n1 ^= f(c, n2 + c->key[7] + c->mask[7]); - buffer[0] = (byte) (n1 & 0xff); - buffer[1] = (byte) ((n1 >> 8) & 0xff); - buffer[2] = (byte) ((n1 >> 16) & 0xff); - buffer[3] = (byte) (n1 >> 24); - buffer[4] = (byte) (n2 & 0xff); - buffer[5] = (byte) ((n2 >> 8) & 0xff); - buffer[6] = (byte) ((n2 >> 16) & 0xff); - buffer[7] = (byte) (n2 >> 24); + buffer[0] = (byte)(n1 & 0xff); + buffer[1] = (byte)((n1 >> 8) & 0xff); + buffer[2] = (byte)((n1 >> 16) & 0xff); + buffer[3] = (byte)(n1 >> 24); + buffer[4] = (byte)(n2 & 0xff); + buffer[5] = (byte)((n2 >> 8) & 0xff); + buffer[6] = (byte)((n2 >> 16) & 0xff); + buffer[7] = (byte)(n2 >> 24); } /* Get mac with specified number of bits from MAC state buffer */ -void get_mac(byte * buffer, int nbits, byte * out) +void get_mac(byte *buffer, int nbits, byte *out) { int nbytes = nbits >> 3; int rembits = nbits & 7; @@ -699,10 +635,10 @@ void get_mac(byte * buffer, int nbits, byte * out) * Compute mac of specified length (in bits) from data. Context should be * initialized with key and subst blocks */ -int gost_mac(gost_ctx * ctx, int mac_len, const unsigned char *data, +int gost_mac(gost_ctx *ctx, int mac_len, const unsigned char *data, unsigned int data_len, unsigned char *mac) { - byte buffer[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; + byte buffer[8] = {0, 0, 0, 0, 0, 0, 0, 0}; byte buf2[8]; unsigned int i; for (i = 0; i + 8 <= data_len; i += 8) @@ -722,7 +658,7 @@ int gost_mac(gost_ctx * ctx, int mac_len, const unsigned char *data, } /* Compute MAC with non-zero IV. Used in some RFC 4357 algorithms */ -int gost_mac_iv(gost_ctx * ctx, int mac_len, const unsigned char *iv, +int gost_mac_iv(gost_ctx *ctx, int mac_len, const unsigned char *iv, const unsigned char *data, unsigned int data_len, unsigned char *mac) { @@ -747,7 +683,7 @@ int gost_mac_iv(gost_ctx * ctx, int mac_len, const unsigned char *iv, } /* Implements key meshing algorithm by modifing ctx and IV in place */ -void cryptopro_key_meshing(gost_ctx * ctx, unsigned char *iv) +void cryptopro_key_meshing(gost_ctx *ctx, unsigned char *iv) { unsigned char newkey[32]; /* Set static keymeshing key */ @@ -757,7 +693,7 @@ void cryptopro_key_meshing(gost_ctx * ctx, unsigned char *iv) gost_key(ctx, newkey); OPENSSL_cleanse(newkey, sizeof(newkey)); /* Encrypt iv with new key */ - if (iv != NULL ) { + if (iv != NULL) { unsigned char newiv[8]; gostcrypt(ctx, iv, newiv); memcpy(iv, newiv, 8); @@ -765,7 +701,7 @@ void cryptopro_key_meshing(gost_ctx * ctx, unsigned char *iv) } } -void acpkm_magma_key_meshing(gost_ctx * ctx) +void acpkm_magma_key_meshing(gost_ctx *ctx) { unsigned char newkey[32]; int i; diff --git a/gost89.h b/gost89.h index f8a83bbb9..0f420088e 100644 --- a/gost89.h +++ b/gost89.h @@ -8,14 +8,14 @@ * this code * **********************************************************************/ #ifndef GOST89_H -# define GOST89_H +#define GOST89_H /* Typedef for unsigned 32-bit integer */ -# if __LONG_MAX__ > 2147483647L +#if __LONG_MAX__ > 2147483647L typedef unsigned int u4; -# else +#else typedef unsigned long u4; -# endif +#endif /* Typedef for unsigned 8-bit integer */ typedef unsigned char byte; @@ -39,63 +39,63 @@ typedef struct { /* Constant s-boxes -- set up in gost_init(). */ u4 k87[256], k65[256], k43[256], k21[256]; } gost_ctx; + /* * Note: encrypt and decrypt expect full blocks--padding blocks is caller's * responsibility. All bulk encryption is done in ECB mode by these calls. * Other modes may be added easily enough. */ /* Encrypt several full blocks in ECB mode */ -void gost_enc(gost_ctx * c, const byte * clear, byte * cipher, int blocks); +void gost_enc(gost_ctx *c, const byte *clear, byte *cipher, int blocks); /* Decrypt several full blocks in ECB mode */ -void gost_dec(gost_ctx * c, const byte * cipher, byte * clear, int blocks); +void gost_dec(gost_ctx *c, const byte *cipher, byte *clear, int blocks); /* Encrypts several full blocks in CFB mode using 8byte IV */ -void gost_enc_cfb(gost_ctx * ctx, const byte * iv, const byte * clear, - byte * cipher, int blocks); +void gost_enc_cfb(gost_ctx *ctx, const byte *iv, const byte *clear, + byte *cipher, int blocks); /* Decrypts several full blocks in CFB mode using 8byte IV */ -void gost_dec_cfb(gost_ctx * ctx, const byte * iv, const byte * cipher, - byte * clear, int blocks); +void gost_dec_cfb(gost_ctx *ctx, const byte *iv, const byte *cipher, + byte *clear, int blocks); /* Encrypt one block */ -void gostcrypt(gost_ctx * c, const byte * in, byte * out); +void gostcrypt(gost_ctx *c, const byte *in, byte *out); /* Decrypt one block */ -void gostdecrypt(gost_ctx * c, const byte * in, byte * out); +void gostdecrypt(gost_ctx *c, const byte *in, byte *out); /* Encrypt one block */ -void magmacrypt(gost_ctx * c, const byte * in, byte * out); +void magmacrypt(gost_ctx *c, const byte *in, byte *out); /* Decrypt one block */ -void magmadecrypt(gost_ctx * c, const byte * in, byte * out); +void magmadecrypt(gost_ctx *c, const byte *in, byte *out); /* Set key into context */ -void gost_key(gost_ctx * c, const byte * k); +void gost_key(gost_ctx *c, const byte *k); /* Set key into context without key mask */ -void gost_key_nomask(gost_ctx * c, const byte * k); +void gost_key_nomask(gost_ctx *c, const byte *k); /* Set key into context */ -void magma_key(gost_ctx * c, const byte * k); +void magma_key(gost_ctx *c, const byte *k); /* Set master 256-bit key to be used in TLSTREE calculation into context */ void magma_master_key(gost_ctx *c, const byte *k); /* Get key from context */ -void gost_get_key(gost_ctx * c, byte * k); +void gost_get_key(gost_ctx *c, byte *k); /* Set S-blocks into context */ -void gost_init(gost_ctx * c, const gost_subst_block * b); +void gost_init(gost_ctx *c, const gost_subst_block *b); /* Clean up context */ -void gost_destroy(gost_ctx * c); +void gost_destroy(gost_ctx *c); /* Intermediate function used for calculate hash */ -void gost_enc_with_key(gost_ctx *, byte * key, byte * inblock, - byte * outblock); +void gost_enc_with_key(gost_ctx *, byte *key, byte *inblock, byte *outblock); /* Compute MAC of given length in bits from data */ -int gost_mac(gost_ctx * ctx, int mac_len, const unsigned char *data, +int gost_mac(gost_ctx *ctx, int mac_len, const unsigned char *data, unsigned int data_len, unsigned char *mac); /* * Compute MAC of given length in bits from data, using non-zero 8-byte IV * (non-standard, for use in CryptoPro key transport only */ -int gost_mac_iv(gost_ctx * ctx, int mac_len, const unsigned char *iv, +int gost_mac_iv(gost_ctx *ctx, int mac_len, const unsigned char *iv, const unsigned char *data, unsigned int data_len, unsigned char *mac); /* Perform one step of MAC calculation like gostcrypt */ -void mac_block(gost_ctx * c, byte * buffer, const byte * block); +void mac_block(gost_ctx *c, byte *buffer, const byte *block); /* Extracts MAC value from mac state buffer */ -void get_mac(byte * buffer, int nbits, byte * out); +void get_mac(byte *buffer, int nbits, byte *out); /* Implements cryptopro key meshing algorithm. Expect IV to be 8-byte size*/ -void cryptopro_key_meshing(gost_ctx * ctx, unsigned char *iv); +void cryptopro_key_meshing(gost_ctx *ctx, unsigned char *iv); /* Parameter sets specified in RFC 4357 */ extern gost_subst_block GostR3411_94_TestParamSet; extern gost_subst_block GostR3411_94_CryptoProParamSet; @@ -108,7 +108,7 @@ extern gost_subst_block Gost28147_TC26ParamSetZ; extern const byte CryptoProKeyMeshingKey[]; typedef unsigned int word32; /* For tests. */ -void kboxinit(gost_ctx * c, const gost_subst_block * b); -void magma_get_key(gost_ctx * c, byte * k); -void acpkm_magma_key_meshing(gost_ctx * ctx); +void kboxinit(gost_ctx *c, const gost_subst_block *b); +void magma_get_key(gost_ctx *c, byte *k); +void acpkm_magma_key_meshing(gost_ctx *ctx); #endif diff --git a/gost_ameth.c b/gost_ameth.c index 8e02a15c2..bcb0d6f5b 100644 --- a/gost_ameth.c +++ b/gost_ameth.c @@ -7,17 +7,17 @@ * for OpenSSL * * Requires OpenSSL 0.9.9 for compilation * **********************************************************************/ -#include +#include #include -#include #include +#include #include -#include +#include #ifndef OPENSSL_NO_CMS # include #endif -#include "gost_lcl.h" #include "e_gost_err.h" +#include "gost_lcl.h" #define PK_WRAP_PARAM "LEGACY_PK_WRAP" @@ -68,24 +68,24 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key) switch (EVP_PKEY_base_id(key)) { case NID_id_GostR3410_2012_256: pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr)); - switch (pkey_param_nid) { - case NID_id_GostR3410_2001_TestParamSet: - case NID_id_GostR3410_2001_CryptoPro_A_ParamSet: - case NID_id_GostR3410_2001_CryptoPro_B_ParamSet: - case NID_id_GostR3410_2001_CryptoPro_C_ParamSet: - case NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet: - case NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet: - gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_256); - } + switch (pkey_param_nid) { + case NID_id_GostR3410_2001_TestParamSet: + case NID_id_GostR3410_2001_CryptoPro_A_ParamSet: + case NID_id_GostR3410_2001_CryptoPro_B_ParamSet: + case NID_id_GostR3410_2001_CryptoPro_C_ParamSet: + case NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet: + case NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet: + gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_256); + } break; case NID_id_GostR3410_2012_512: pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr)); - switch (pkey_param_nid) { - case NID_id_tc26_gost_3410_2012_512_paramSetTest: - case NID_id_tc26_gost_3410_2012_512_paramSetA: - case NID_id_tc26_gost_3410_2012_512_paramSetB: - gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_512); - } + switch (pkey_param_nid) { + case NID_id_tc26_gost_3410_2012_512_paramSetTest: + case NID_id_tc26_gost_3410_2012_512_paramSetA: + case NID_id_tc26_gost_3410_2012_512_paramSetB: + gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_512); + } break; case NID_id_GostR3410_2001: case NID_id_GostR3410_2001DH: @@ -110,10 +110,10 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key) } params->type = V_ASN1_SEQUENCE; result = 1; - err: +err: if (gkp) GOST_KEY_PARAMS_free(gkp); - if (result == 0) { /* if error */ + if (result == 0) { /* if error */ if (params) ASN1_STRING_free(params); return NULL; @@ -147,8 +147,7 @@ static int gost_decode_nid_params(EVP_PKEY *pkey, int pkey_nid, int param_nid) * Parses GOST algorithm parameters from X509_ALGOR and modifies pkey setting * NID and parameters */ -static int decode_gost_algor_params(EVP_PKEY *pkey, - const X509_ALGOR *palg) +static int decode_gost_algor_params(EVP_PKEY *pkey, const X509_ALGOR *palg) { const ASN1_OBJECT *palg_obj = NULL; int ptype = V_ASN1_UNDEF; @@ -189,19 +188,18 @@ static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv) case NID_id_GostR3410_2012_512: case NID_id_GostR3410_2012_256: case NID_id_GostR3410_2001: - case NID_id_GostR3410_2001DH: - { - EC_KEY *ec = EVP_PKEY_get0(pkey); - if (!ec) { - ec = EC_KEY_new(); - EVP_PKEY_assign(pkey, EVP_PKEY_base_id(pkey), ec); - } - if (!EC_KEY_set_private_key(ec, priv)) - return 0; - if (!EVP_PKEY_missing_parameters(pkey)) - return gost_ec_compute_public(ec); - break; + case NID_id_GostR3410_2001DH: { + EC_KEY *ec = EVP_PKEY_get0(pkey); + if (!ec) { + ec = EC_KEY_new(); + EVP_PKEY_assign(pkey, EVP_PKEY_base_id(pkey), ec); } + if (!EC_KEY_set_private_key(ec, priv)) + return 0; + if (!EVP_PKEY_missing_parameters(pkey)) + return gost_ec_compute_public(ec); + break; + } default: return 0; } @@ -214,13 +212,12 @@ BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey) case NID_id_GostR3410_2012_512: case NID_id_GostR3410_2012_256: case NID_id_GostR3410_2001: - case NID_id_GostR3410_2001DH: - { - EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey); - if (ec) - return (BIGNUM *)EC_KEY_get0_private_key(ec); - break; - } + case NID_id_GostR3410_2001DH: { + EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey); + if (ec) + return (BIGNUM *)EC_KEY_get0_private_key(ec); + break; + } } return NULL; } @@ -231,183 +228,197 @@ BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey) /* FIXME reaarange declarations */ static int pub_decode_gost_ec(EVP_PKEY *pk, const X509_PUBKEY *pub); -static int gost_cms_set_kari_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) +static int +gost_cms_set_kari_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) { - int ret = 0; - X509_ALGOR *alg; - ASN1_OCTET_STRING *ukm; - - /* Deal with originator */ - X509_ALGOR *pubalg = NULL; - ASN1_BIT_STRING *pubkey = NULL; - - EVP_PKEY *peer_key = NULL; - X509_PUBKEY *tmp = NULL; - - int nid; - unsigned char shared_key[64]; - size_t shared_key_size = 64; - const EVP_CIPHER *cipher = NULL; - - if (CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm) == 0) - goto err; - - if (CMS_RecipientInfo_kari_get0_orig_id(ri, &pubalg, &pubkey, NULL, NULL, NULL) == 0) - goto err; - - nid = OBJ_obj2nid(alg->algorithm); - if (alg->parameter->type != V_ASN1_SEQUENCE) - goto err; - - switch (nid) { - case NID_kuznyechik_kexp15: - case NID_magma_kexp15: - cipher = EVP_get_cipherbynid(nid); - break; - } - - if (cipher == NULL) { - GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, GOST_R_CIPHER_NOT_FOUND); - goto err; - } - - if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_SET_IV, - ASN1_STRING_length(ukm), (void *)ASN1_STRING_get0_data(ukm)) <= 0) - goto err; - - if (pubkey != NULL && pubalg != NULL) { - const ASN1_OBJECT *paobj = NULL; - int ptype = 0; - const void *param = NULL; - - peer_key = EVP_PKEY_new(); - tmp = X509_PUBKEY_new(); - - if ((peer_key == NULL) || (tmp == NULL)) { - GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, ERR_R_MALLOC_FAILURE); - goto err; - } - - X509_ALGOR_get0(&paobj, &ptype, ¶m, pubalg); - - if (X509_PUBKEY_set0_param(tmp, (ASN1_OBJECT *)paobj, - ptype, (void *)param, - (unsigned char *)ASN1_STRING_get0_data(pubkey), - ASN1_STRING_length(pubkey) ) == 0) { - GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, GOST_R_PUBLIC_KEY_UNDEFINED); - goto err; - } - - if (pub_decode_gost_ec(peer_key, tmp) <= 0) { - GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, GOST_R_ERROR_DECODING_PUBLIC_KEY); - goto err; - } - - if (EVP_PKEY_derive_set_peer(pctx, peer_key) <= 0) { - GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, GOST_R_ERROR_SETTING_PEER_KEY); - goto err; - } - } - - if (EVP_PKEY_derive(pctx, shared_key, &shared_key_size) <= 0) { - GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, GOST_R_ERROR_COMPUTING_SHARED_KEY); - goto err; - } - - EVP_CIPHER_CTX_set_flags(CMS_RecipientInfo_kari_get0_ctx(ri), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); - if (EVP_DecryptInit_ex(CMS_RecipientInfo_kari_get0_ctx(ri), cipher, NULL, - shared_key, ukm->data+24) == 0) - goto err; - - ret = 1; + int ret = 0; + X509_ALGOR *alg; + ASN1_OCTET_STRING *ukm; + + /* Deal with originator */ + X509_ALGOR *pubalg = NULL; + ASN1_BIT_STRING *pubkey = NULL; + + EVP_PKEY *peer_key = NULL; + X509_PUBKEY *tmp = NULL; + + int nid; + unsigned char shared_key[64]; + size_t shared_key_size = 64; + const EVP_CIPHER *cipher = NULL; + + if (CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm) == 0) + goto err; + + if (CMS_RecipientInfo_kari_get0_orig_id( + ri, &pubalg, &pubkey, NULL, NULL, NULL) + == 0) + goto err; + + nid = OBJ_obj2nid(alg->algorithm); + if (alg->parameter->type != V_ASN1_SEQUENCE) + goto err; + + switch (nid) { + case NID_kuznyechik_kexp15: + case NID_magma_kexp15: + cipher = EVP_get_cipherbynid(nid); + break; + } + + if (cipher == NULL) { + GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, GOST_R_CIPHER_NOT_FOUND); + goto err; + } + + if (EVP_PKEY_CTX_ctrl( + pctx, -1, -1, EVP_PKEY_CTRL_SET_IV, ASN1_STRING_length(ukm), + (void *)ASN1_STRING_get0_data(ukm)) + <= 0) + goto err; + + if (pubkey != NULL && pubalg != NULL) { + const ASN1_OBJECT *paobj = NULL; + int ptype = 0; + const void *param = NULL; + + peer_key = EVP_PKEY_new(); + tmp = X509_PUBKEY_new(); + + if ((peer_key == NULL) || (tmp == NULL)) { + GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, ERR_R_MALLOC_FAILURE); + goto err; + } + + X509_ALGOR_get0(&paobj, &ptype, ¶m, pubalg); + + if (X509_PUBKEY_set0_param( + tmp, (ASN1_OBJECT *)paobj, ptype, (void *)param, + (unsigned char *)ASN1_STRING_get0_data(pubkey), + ASN1_STRING_length(pubkey)) + == 0) { + GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, + GOST_R_PUBLIC_KEY_UNDEFINED); + goto err; + } + + if (pub_decode_gost_ec(peer_key, tmp) <= 0) { + GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, + GOST_R_ERROR_DECODING_PUBLIC_KEY); + goto err; + } + + if (EVP_PKEY_derive_set_peer(pctx, peer_key) <= 0) { + GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, + GOST_R_ERROR_SETTING_PEER_KEY); + goto err; + } + } + + if (EVP_PKEY_derive(pctx, shared_key, &shared_key_size) <= 0) { + GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, + GOST_R_ERROR_COMPUTING_SHARED_KEY); + goto err; + } + + EVP_CIPHER_CTX_set_flags( + CMS_RecipientInfo_kari_get0_ctx(ri), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); + if (EVP_DecryptInit_ex(CMS_RecipientInfo_kari_get0_ctx(ri), cipher, NULL, + shared_key, ukm->data + 24) + == 0) + goto err; + + ret = 1; err: - EVP_PKEY_free(peer_key); - if (ret == 0) { - X509_PUBKEY_free(tmp); - } + EVP_PKEY_free(peer_key); + if (ret == 0) { + X509_PUBKEY_free(tmp); + } - return ret; + return ret; } -static int gost_cms_set_ktri_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) +static int +gost_cms_set_ktri_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) { - X509_ALGOR *alg; - struct gost_pmeth_data *gctx = EVP_PKEY_CTX_get_data(pctx); + X509_ALGOR *alg; + struct gost_pmeth_data *gctx = EVP_PKEY_CTX_get_data(pctx); - CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg); + CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg); - switch (OBJ_obj2nid(alg->algorithm)) { - case NID_kuznyechik_kexp15: - gctx->cipher_nid = NID_kuznyechik_ctr; - break; + switch (OBJ_obj2nid(alg->algorithm)) { + case NID_kuznyechik_kexp15: + gctx->cipher_nid = NID_kuznyechik_ctr; + break; - case NID_magma_kexp15: - gctx->cipher_nid = NID_magma_ctr; - break; + case NID_magma_kexp15: + gctx->cipher_nid = NID_magma_ctr; + break; - case NID_id_GostR3410_2001: - case NID_id_GostR3410_2001DH: - case NID_id_GostR3410_2012_256: - case NID_id_GostR3410_2012_512: - gctx->cipher_nid = NID_id_Gost28147_89; - break; + case NID_id_GostR3410_2001: + case NID_id_GostR3410_2001DH: + case NID_id_GostR3410_2012_256: + case NID_id_GostR3410_2012_512: + gctx->cipher_nid = NID_id_Gost28147_89; + break; - default: - GOSTerr(GOST_F_GOST_CMS_SET_KTRI_SHARED_INFO, GOST_R_UNSUPPORTED_RECIPIENT_INFO); - return 0; - } + default: + GOSTerr(GOST_F_GOST_CMS_SET_KTRI_SHARED_INFO, + GOST_R_UNSUPPORTED_RECIPIENT_INFO); + return 0; + } - return 1; + return 1; } static int gost_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) { - switch(CMS_RecipientInfo_type(ri)) { - case CMS_RECIPINFO_AGREE: - return gost_cms_set_kari_shared_info(pctx, ri); - break; - case CMS_RECIPINFO_TRANS: - return gost_cms_set_ktri_shared_info(pctx, ri); - break; - } - - GOSTerr(GOST_F_GOST_CMS_SET_SHARED_INFO, GOST_R_UNSUPPORTED_RECIPIENT_INFO); - return 0; + switch (CMS_RecipientInfo_type(ri)) { + case CMS_RECIPINFO_AGREE: + return gost_cms_set_kari_shared_info(pctx, ri); + break; + case CMS_RECIPINFO_TRANS: + return gost_cms_set_ktri_shared_info(pctx, ri); + break; + } + + GOSTerr(GOST_F_GOST_CMS_SET_SHARED_INFO, GOST_R_UNSUPPORTED_RECIPIENT_INFO); + return 0; } static ASN1_STRING *gost_encode_cms_params(int ka_nid) { - ASN1_STRING *ret = NULL; - ASN1_STRING *params = ASN1_STRING_new(); + ASN1_STRING *ret = NULL; + ASN1_STRING *params = ASN1_STRING_new(); - /* It's a hack. We have only one OID here, so we can use + /* It's a hack. We have only one OID here, so we can use * GOST_KEY_PARAMS which is a sequence of 3 OIDs, * the 1st one is mandatory and the rest are optional */ - GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new(); + GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new(); - if (params == NULL || gkp == NULL) { - GOSTerr(GOST_F_GOST_ENCODE_CMS_PARAMS, ERR_R_MALLOC_FAILURE); - goto end; - } + if (params == NULL || gkp == NULL) { + GOSTerr(GOST_F_GOST_ENCODE_CMS_PARAMS, ERR_R_MALLOC_FAILURE); + goto end; + } - gkp->key_params = OBJ_nid2obj(ka_nid); - params->length = i2d_GOST_KEY_PARAMS(gkp, ¶ms->data); + gkp->key_params = OBJ_nid2obj(ka_nid); + params->length = i2d_GOST_KEY_PARAMS(gkp, ¶ms->data); - if (params->length < 0) { - GOSTerr(GOST_F_GOST_ENCODE_CMS_PARAMS, ERR_R_MALLOC_FAILURE); - goto end; - } + if (params->length < 0) { + GOSTerr(GOST_F_GOST_ENCODE_CMS_PARAMS, ERR_R_MALLOC_FAILURE); + goto end; + } - params->type = V_ASN1_SEQUENCE; - ret = params; + params->type = V_ASN1_SEQUENCE; + ret = params; end: - GOST_KEY_PARAMS_free(gkp); + GOST_KEY_PARAMS_free(gkp); - if (ret == NULL) - ASN1_STRING_free(params); + if (ret == NULL) + ASN1_STRING_free(params); - return ret; + return ret; } /* @@ -437,8 +448,8 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2) switch (op) { case ASN1_PKEY_CTRL_PKCS7_SIGN: if (arg1 == 0) { - PKCS7_SIGNER_INFO_get0_algs((PKCS7_SIGNER_INFO *)arg2, NULL, - &alg1, &alg2); + PKCS7_SIGNER_INFO_get0_algs( + (PKCS7_SIGNER_INFO *)arg2, NULL, &alg1, &alg2); X509_ALGOR_set0(alg1, OBJ_nid2obj(md_nid), V_ASN1_NULL, 0); X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0); } @@ -446,8 +457,8 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2) #ifndef OPENSSL_NO_CMS case ASN1_PKEY_CTRL_CMS_SIGN: if (arg1 == 0) { - CMS_SignerInfo_get0_algs((CMS_SignerInfo *)arg2, NULL, NULL, - &alg1, &alg2); + CMS_SignerInfo_get0_algs( + (CMS_SignerInfo *)arg2, NULL, NULL, &alg1, &alg2); X509_ALGOR_set0(alg1, OBJ_nid2obj(md_nid), V_ASN1_NULL, 0); X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0); } @@ -460,73 +471,72 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2) return -1; } PKCS7_RECIP_INFO_get0_alg((PKCS7_RECIP_INFO *)arg2, &alg1); - X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_id(pkey)), - V_ASN1_SEQUENCE, params); - } + X509_ALGOR_set0( + alg1, OBJ_nid2obj(EVP_PKEY_id(pkey)), V_ASN1_SEQUENCE, params); + } return 1; #ifndef OPENSSL_NO_CMS case ASN1_PKEY_CTRL_CMS_ENVELOPE: if (arg1 == 0) { - EVP_PKEY_CTX *pctx; - CMS_RecipientInfo *ri = arg2; + EVP_PKEY_CTX *pctx; + CMS_RecipientInfo *ri = arg2; - struct gost_pmeth_data *gctx = NULL; - ASN1_STRING *params = NULL; + struct gost_pmeth_data *gctx = NULL; + ASN1_STRING *params = NULL; - pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - if (!pctx) - return 0; + pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); + if (!pctx) + return 0; - gctx = EVP_PKEY_CTX_get_data(pctx); + gctx = EVP_PKEY_CTX_get_data(pctx); - switch (gctx->cipher_nid) { + switch (gctx->cipher_nid) { case NID_magma_ctr: - case NID_kuznyechik_ctr: - { + case NID_kuznyechik_ctr: { int ka_nid; - nid = (gctx->cipher_nid == NID_magma_ctr) ? NID_magma_kexp15 : - NID_kuznyechik_kexp15; + nid = (gctx->cipher_nid == NID_magma_ctr) + ? NID_magma_kexp15 + : NID_kuznyechik_kexp15; - ka_nid = (EVP_PKEY_base_id(pkey) == NID_id_GostR3410_2012_256) ? - NID_id_tc26_agreement_gost_3410_2012_256 : NID_id_tc26_agreement_gost_3410_2012_512; + ka_nid = (EVP_PKEY_base_id(pkey) == NID_id_GostR3410_2012_256) + ? NID_id_tc26_agreement_gost_3410_2012_256 + : NID_id_tc26_agreement_gost_3410_2012_512; params = gost_encode_cms_params(ka_nid); - } - break; + } break; default: params = encode_gost_algor_params(pkey); - break; - } + break; + } - if (params == NULL) - return -1; + if (params == NULL) + return -1; - CMS_RecipientInfo_ktri_get0_algs((CMS_RecipientInfo *)arg2, NULL, - NULL, &alg1); - X509_ALGOR_set0(alg1, OBJ_nid2obj(nid), V_ASN1_SEQUENCE, params); + CMS_RecipientInfo_ktri_get0_algs( + (CMS_RecipientInfo *)arg2, NULL, NULL, &alg1); + X509_ALGOR_set0(alg1, OBJ_nid2obj(nid), V_ASN1_SEQUENCE, params); } else { - EVP_PKEY_CTX *pctx; - CMS_RecipientInfo *ri = arg2; - pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - if (!pctx) - return 0; - return gost_cms_set_shared_info(pctx, ri); + EVP_PKEY_CTX *pctx; + CMS_RecipientInfo *ri = arg2; + pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); + if (!pctx) + return 0; + return gost_cms_set_shared_info(pctx, ri); } return 1; -#ifdef ASN1_PKEY_CTRL_CMS_RI_TYPE - case ASN1_PKEY_CTRL_CMS_RI_TYPE: +# ifdef ASN1_PKEY_CTRL_CMS_RI_TYPE + case ASN1_PKEY_CTRL_CMS_RI_TYPE: *(int *)arg2 = CMS_RECIPINFO_TRANS; return 1; - case ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED: - if (arg1 == CMS_RECIPINFO_AGREE || arg1 == CMS_RECIPINFO_TRANS) { - *(int *)arg2 = 1; - return 1; - } - else - return 0; - break; -#endif + case ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED: + if (arg1 == CMS_RECIPINFO_AGREE || arg1 == CMS_RECIPINFO_TRANS) { + *(int *)arg2 = 1; + return 1; + } else + return 0; + break; +# endif #endif case ASN1_PKEY_CTRL_DEFAULT_MD_NID: *(int *)arg2 = md_nid; @@ -544,8 +554,8 @@ static void pkey_free_gost_ec(EVP_PKEY *key) /* ------------------ private key functions -----------------------------*/ -static BIGNUM *unmask_priv_key(EVP_PKEY *pk, - const unsigned char *buf, int len, int num_masks) +static BIGNUM * +unmask_priv_key(EVP_PKEY *pk, const unsigned char *buf, int len, int num_masks) { BIGNUM *pknum_masked = NULL, *q = NULL; const EC_KEY *key_ptr = (pk) ? EVP_PKEY_get0(pk) : NULL; @@ -579,14 +589,13 @@ static BIGNUM *unmask_priv_key(EVP_PKEY *pk, } } - end: +end: if (q) BN_free(q); return pknum_masked; } -static int priv_decode_gost(EVP_PKEY *pk, - const PKCS8_PRIV_KEY_INFO *p8inf) +static int priv_decode_gost(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf) { const unsigned char *pkey_buf = NULL, *p = NULL; int priv_len = 0; @@ -612,8 +621,8 @@ static int priv_decode_gost(EVP_PKEY *pk, if (priv_len % expected_key_len == 0) { /* Key is not wrapped but masked */ - pk_num = unmask_priv_key(pk, pkey_buf, expected_key_len, - priv_len / expected_key_len - 1); + pk_num = unmask_priv_key( + pk, pkey_buf, expected_key_len, priv_len / expected_key_len - 1); } else if (V_ASN1_OCTET_STRING == *p) { /* New format - Little endian octet string */ ASN1_OCTET_STRING *s = d2i_ASN1_OCTET_STRING(NULL, &p, priv_len); @@ -647,9 +656,9 @@ static int priv_decode_gost(EVP_PKEY *pk, return 0; } - pk_num = unmask_priv_key(pk, mgk->masked_priv_key->data, - expected_key_len, - priv_len / expected_key_len - 1); + pk_num = + unmask_priv_key(pk, mgk->masked_priv_key->data, expected_key_len, + priv_len / expected_key_len - 1); MASKED_GOST_KEY_free(mgk); } else { GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); @@ -713,12 +722,12 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk) ASN1_STRING_free(octet); OPENSSL_secure_free(buf); - return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params, - priv_buf, priv_len); + return PKCS8_pkey_set0( + p8, algobj, 0, V_ASN1_SEQUENCE, params, priv_buf, priv_len); } - return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params, - buf, key_len); + return PKCS8_pkey_set0( + p8, algobj, 0, V_ASN1_SEQUENCE, params, buf, key_len); } /* --------- printing keys --------------------------------*/ @@ -780,7 +789,7 @@ static int print_gost_ec_pub(BIO *out, const EVP_PKEY *pkey, int indent) BN_print(out, Y); BIO_printf(out, "\n"); ok = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(ctx); @@ -819,20 +828,20 @@ static int print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent, return print_gost_ec_param(out, pkey, indent); } -static int param_print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx) +static int +param_print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) { return print_gost_ec(out, pkey, indent, pctx, 0); } -static int pub_print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx) +static int +pub_print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) { return print_gost_ec(out, pkey, indent, pctx, 1); } -static int priv_print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx) +static int +priv_print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) { return print_gost_ec(out, pkey, indent, pctx, 2); } @@ -980,7 +989,8 @@ static int pub_encode_gost_ec(X509_PUBKEY *pub, const EVP_PKEY *pk) pval = params; order = BN_new(); - if (order == NULL || EC_GROUP_get_order(EC_KEY_get0_group(ec), order, NULL) == 0) { + if (order == NULL + || EC_GROUP_get_order(EC_KEY_get0_group(ec), order, NULL) == 0) { GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE); goto err; } @@ -999,8 +1009,8 @@ static int pub_encode_gost_ec(X509_PUBKEY *pub, const EVP_PKEY *pk) GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE); goto err; } - if (!EC_POINT_get_affine_coordinates(EC_KEY_get0_group(ec), - pub_key, X, Y, NULL)) { + if (!EC_POINT_get_affine_coordinates( + EC_KEY_get0_group(ec), pub_key, X, Y, NULL)) { GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_INTERNAL_ERROR); goto err; } @@ -1028,7 +1038,7 @@ static int pub_encode_gost_ec(X509_PUBKEY *pub, const EVP_PKEY *pk) } ret = i2d_ASN1_OCTET_STRING(octet, &buf); - err: +err: ASN1_BIT_STRING_free(octet); if (X) BN_free(X); @@ -1132,14 +1142,13 @@ static int mac_ctrl_grasshopper(EVP_PKEY *pkey, int op, long arg1, void *arg2) static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder) { - int nid = - EC_GROUP_get_curve_name(EC_KEY_get0_group - (EVP_PKEY_get0((EVP_PKEY *)pkey))); + int nid = EC_GROUP_get_curve_name( + EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey))); return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder); } -static int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder, - int derlen) +static int +gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { ASN1_OBJECT *obj = NULL; int nid; @@ -1163,18 +1172,16 @@ int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth, case NID_id_GostR3410_2001: case NID_id_GostR3410_2001DH: EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost_ec); - EVP_PKEY_asn1_set_private(*ameth, - priv_decode_gost, priv_encode_gost, - priv_print_gost_ec); - - EVP_PKEY_asn1_set_param(*ameth, - gost2001_param_decode, gost2001_param_encode, - param_missing_gost_ec, param_copy_gost_ec, - param_cmp_gost_ec, param_print_gost_ec); - EVP_PKEY_asn1_set_public(*ameth, - pub_decode_gost_ec, pub_encode_gost_ec, - pub_cmp_gost_ec, pub_print_gost_ec, - pkey_size_gost, pkey_bits_gost); + EVP_PKEY_asn1_set_private( + *ameth, priv_decode_gost, priv_encode_gost, priv_print_gost_ec); + + EVP_PKEY_asn1_set_param( + *ameth, gost2001_param_decode, gost2001_param_encode, + param_missing_gost_ec, param_copy_gost_ec, param_cmp_gost_ec, + param_print_gost_ec); + EVP_PKEY_asn1_set_public( + *ameth, pub_decode_gost_ec, pub_encode_gost_ec, pub_cmp_gost_ec, + pub_print_gost_ec, pkey_size_gost, pkey_bits_gost); EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost); EVP_PKEY_asn1_set_security_bits(*ameth, pkey_bits_gost); @@ -1182,19 +1189,15 @@ int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth, case NID_id_GostR3410_2012_256: case NID_id_GostR3410_2012_512: EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost_ec); - EVP_PKEY_asn1_set_private(*ameth, - priv_decode_gost, priv_encode_gost, - priv_print_gost_ec); - - EVP_PKEY_asn1_set_param(*ameth, - NULL, NULL, - param_missing_gost_ec, param_copy_gost_ec, - param_cmp_gost_ec, NULL); - - EVP_PKEY_asn1_set_public(*ameth, - pub_decode_gost_ec, pub_encode_gost_ec, - pub_cmp_gost_ec, pub_print_gost_ec, - pkey_size_gost, pkey_bits_gost); + EVP_PKEY_asn1_set_private( + *ameth, priv_decode_gost, priv_encode_gost, priv_print_gost_ec); + + EVP_PKEY_asn1_set_param(*ameth, NULL, NULL, param_missing_gost_ec, + param_copy_gost_ec, param_cmp_gost_ec, NULL); + + EVP_PKEY_asn1_set_public( + *ameth, pub_decode_gost_ec, pub_encode_gost_ec, pub_cmp_gost_ec, + pub_print_gost_ec, pkey_size_gost, pkey_bits_gost); EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost); EVP_PKEY_asn1_set_security_bits(*ameth, pkey_bits_gost); diff --git a/gost_asn1.c b/gost_asn1.c index cb8883eb5..dc0c86dd5 100644 --- a/gost_asn1.c +++ b/gost_asn1.c @@ -6,71 +6,94 @@ * ASN1 structure definition for GOST key transport * * Requires OpenSSL 0.9.9 for compilation * **********************************************************************/ -#include +#include "gost_lcl.h" + #include #include -#include "gost_lcl.h" +#include -ASN1_NDEF_SEQUENCE(GOST_KEY_TRANSPORT) = { - ASN1_SIMPLE(GOST_KEY_TRANSPORT, key_info, GOST_KEY_INFO), - ASN1_IMP(GOST_KEY_TRANSPORT, key_agreement_info, - GOST_KEY_AGREEMENT_INFO, 0) -} ASN1_NDEF_SEQUENCE_END(GOST_KEY_TRANSPORT) -IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT) +ASN1_NDEF_SEQUENCE( + GOST_KEY_TRANSPORT) = {ASN1_SIMPLE(GOST_KEY_TRANSPORT, key_info, + GOST_KEY_INFO), + ASN1_IMP( + GOST_KEY_TRANSPORT, key_agreement_info, + GOST_KEY_AGREEMENT_INFO, + 0)} ASN1_NDEF_SEQUENCE_END(GOST_KEY_TRANSPORT) + IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT) -ASN1_NDEF_SEQUENCE(GOST_KEY_INFO) = -{ - ASN1_SIMPLE(GOST_KEY_INFO, encrypted_key, ASN1_OCTET_STRING), - ASN1_SIMPLE(GOST_KEY_INFO, imit, ASN1_OCTET_STRING) -} ASN1_NDEF_SEQUENCE_END(GOST_KEY_INFO) -IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_INFO) + ASN1_NDEF_SEQUENCE( + GOST_KEY_INFO) = {ASN1_SIMPLE(GOST_KEY_INFO, encrypted_key, + ASN1_OCTET_STRING), + ASN1_SIMPLE( + GOST_KEY_INFO, imit, + ASN1_OCTET_STRING)} ASN1_NDEF_SEQUENCE_END(GOST_KEY_INFO) + IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_INFO) -ASN1_NDEF_SEQUENCE(GOST_KEY_AGREEMENT_INFO) = -{ - ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, cipher, ASN1_OBJECT), - ASN1_IMP_OPT(GOST_KEY_AGREEMENT_INFO, ephem_key, X509_PUBKEY, 0), - ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, eph_iv, ASN1_OCTET_STRING) -} ASN1_NDEF_SEQUENCE_END(GOST_KEY_AGREEMENT_INFO) -IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO) + ASN1_NDEF_SEQUENCE( + GOST_KEY_AGREEMENT_INFO) = {ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, + cipher, ASN1_OBJECT), + ASN1_IMP_OPT( + GOST_KEY_AGREEMENT_INFO, + ephem_key, X509_PUBKEY, 0), + ASN1_SIMPLE( + GOST_KEY_AGREEMENT_INFO, + eph_iv, + ASN1_OCTET_STRING)} ASN1_NDEF_SEQUENCE_END(GOST_KEY_AGREEMENT_INFO) + IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO) -ASN1_NDEF_SEQUENCE(GOST_KEY_PARAMS) = -{ - ASN1_SIMPLE(GOST_KEY_PARAMS, key_params, ASN1_OBJECT), - ASN1_OPT(GOST_KEY_PARAMS, hash_params, ASN1_OBJECT), - ASN1_OPT(GOST_KEY_PARAMS, cipher_params, ASN1_OBJECT), -} ASN1_NDEF_SEQUENCE_END(GOST_KEY_PARAMS) -IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_PARAMS) + ASN1_NDEF_SEQUENCE(GOST_KEY_PARAMS) = + { + ASN1_SIMPLE(GOST_KEY_PARAMS, key_params, + ASN1_OBJECT), + ASN1_OPT(GOST_KEY_PARAMS, hash_params, + ASN1_OBJECT), + ASN1_OPT(GOST_KEY_PARAMS, cipher_params, + ASN1_OBJECT), +} ASN1_NDEF_SEQUENCE_END(GOST_KEY_PARAMS) IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_PARAMS) -ASN1_NDEF_SEQUENCE(GOST_CIPHER_PARAMS) = -{ - ASN1_SIMPLE(GOST_CIPHER_PARAMS, iv, ASN1_OCTET_STRING), - ASN1_SIMPLE(GOST_CIPHER_PARAMS, enc_param_set, ASN1_OBJECT), -} ASN1_NDEF_SEQUENCE_END(GOST_CIPHER_PARAMS) -IMPLEMENT_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS) + ASN1_NDEF_SEQUENCE(GOST_CIPHER_PARAMS) = + { + ASN1_SIMPLE(GOST_CIPHER_PARAMS, iv, + ASN1_OCTET_STRING), + ASN1_SIMPLE(GOST_CIPHER_PARAMS, + enc_param_set, ASN1_OBJECT), +} ASN1_NDEF_SEQUENCE_END(GOST_CIPHER_PARAMS) IMPLEMENT_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS) -ASN1_NDEF_SEQUENCE(GOST2015_CIPHER_PARAMS) = { - ASN1_SIMPLE(GOST2015_CIPHER_PARAMS, ukm, ASN1_OCTET_STRING), -} ASN1_NDEF_SEQUENCE_END(GOST2015_CIPHER_PARAMS) -IMPLEMENT_ASN1_FUNCTIONS(GOST2015_CIPHER_PARAMS) + ASN1_NDEF_SEQUENCE( + GOST2015_CIPHER_PARAMS) = + { + ASN1_SIMPLE( + GOST2015_CIPHER_PARAMS, ukm, + ASN1_OCTET_STRING), +} ASN1_NDEF_SEQUENCE_END(GOST2015_CIPHER_PARAMS) IMPLEMENT_ASN1_FUNCTIONS(GOST2015_CIPHER_PARAMS) -ASN1_NDEF_SEQUENCE(GOST_CLIENT_KEY_EXCHANGE_PARAMS) = -{ /* FIXME incomplete */ - ASN1_SIMPLE(GOST_CLIENT_KEY_EXCHANGE_PARAMS, gkt, GOST_KEY_TRANSPORT) -} ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS) -IMPLEMENT_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS) + ASN1_NDEF_SEQUENCE( + GOST_CLIENT_KEY_EXCHANGE_PARAMS) = + {/* FIXME incomplete */ + ASN1_SIMPLE( + GOST_CLIENT_KEY_EXCHANGE_PARAMS, + gkt, + GOST_KEY_TRANSPORT)} ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS) + IMPLEMENT_ASN1_FUNCTIONS( + GOST_CLIENT_KEY_EXCHANGE_PARAMS) -ASN1_NDEF_SEQUENCE(MASKED_GOST_KEY) = -{ - ASN1_SIMPLE(MASKED_GOST_KEY, masked_priv_key, ASN1_OCTET_STRING), - ASN1_SIMPLE(MASKED_GOST_KEY, public_key, ASN1_OCTET_STRING) -} ASN1_NDEF_SEQUENCE_END(MASKED_GOST_KEY) -IMPLEMENT_ASN1_FUNCTIONS(MASKED_GOST_KEY) + ASN1_NDEF_SEQUENCE( + MASKED_GOST_KEY) = + {ASN1_SIMPLE( + MASKED_GOST_KEY, + masked_priv_key, + ASN1_OCTET_STRING), + ASN1_SIMPLE( + MASKED_GOST_KEY, + public_key, + ASN1_OCTET_STRING)} ASN1_NDEF_SEQUENCE_END(MASKED_GOST_KEY) + IMPLEMENT_ASN1_FUNCTIONS( + MASKED_GOST_KEY) -/* draft-smyshlyaev-tls12-gost-suites */ -ASN1_NDEF_SEQUENCE(PSKeyTransport_gost) = -{ - ASN1_SIMPLE(PSKeyTransport_gost, psexp, ASN1_OCTET_STRING), - ASN1_SIMPLE(PSKeyTransport_gost, ephem_key, X509_PUBKEY), - ASN1_OPT(PSKeyTransport_gost, ukm, ASN1_OCTET_STRING) -} ASN1_NDEF_SEQUENCE_END(PSKeyTransport_gost) -IMPLEMENT_ASN1_FUNCTIONS(PSKeyTransport_gost) + /* draft-smyshlyaev-tls12-gost-suites */ + ASN1_NDEF_SEQUENCE(PSKeyTransport_gost) = + {ASN1_SIMPLE(PSKeyTransport_gost, psexp, ASN1_OCTET_STRING), + ASN1_SIMPLE(PSKeyTransport_gost, ephem_key, X509_PUBKEY), + ASN1_OPT(PSKeyTransport_gost, ukm, + ASN1_OCTET_STRING)} ASN1_NDEF_SEQUENCE_END(PSKeyTransport_gost) + IMPLEMENT_ASN1_FUNCTIONS(PSKeyTransport_gost) diff --git a/gost_crypt.c b/gost_crypt.c index 516e598d4..489a6efa6 100644 --- a/gost_crypt.c +++ b/gost_crypt.c @@ -8,13 +8,14 @@ * OpenSSL interface to GOST 28147-89 cipher functions * * Requires OpenSSL 0.9.9 for compilation * **********************************************************************/ -#include +#include "e_gost_err.h" #include "gost89.h" +#include "gost_gost2015.h" +#include "gost_lcl.h" + #include #include -#include "e_gost_err.h" -#include "gost_lcl.h" -#include "gost_gost2015.h" +#include #if !defined(CCGOST_DEBUG) && !defined(DEBUG) # ifndef NDEBUG @@ -29,8 +30,7 @@ static int gost_cipher_init_cbc(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); -static int gost_cipher_init_cp_12(EVP_CIPHER_CTX *ctx, - const unsigned char *key, +static int gost_cipher_init_cp_12(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); /* Handles block of data in CFB mode */ static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, @@ -52,10 +52,12 @@ static int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); static int magma_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); -static int magma_cipher_init_ctr_acpkm_omac(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int gost_magma_cipher_init_mgm(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); +static int magma_cipher_init_ctr_acpkm_omac( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc); +static int +gost_magma_cipher_init_mgm(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); /* Handles block of data in CBC mode */ static int magma_cipher_do_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl); @@ -64,29 +66,27 @@ static int magma_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, static int magma_cipher_do_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl); -static int magma_cipher_do_ctr_acpkm_omac(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); +static int magma_cipher_do_ctr_acpkm_omac( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl); static int gost_magma_cipher_do_mgm(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); /* set/get cipher parameters */ static int magma_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params); static int magma_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params); /* Control function */ static int magma_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); -static int magma_cipher_ctl_acpkm_omac(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +static int +magma_cipher_ctl_acpkm_omac(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); static int gost_magma_mgm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); /* * Single level template accessor. * Note: that you cannot template 0 value. */ -#define TPL(st,field) ( \ - ((st)->field) ? ((st)->field) : TPL_VAL(st,field) \ -) +#define TPL(st, field) (((st)->field) ? ((st)->field) : TPL_VAL(st, field)) -#define TPL_VAL(st,field) ( \ - ((st)->template ? (st)->template->field : 0) \ -) +#define TPL_VAL(st, field) (((st)->template ? (st)->template->field : 0)) EVP_CIPHER *GOST_init_cipher(GOST_cipher *c) { @@ -121,8 +121,10 @@ EVP_CIPHER *GOST_init_cipher(GOST_cipher *c) || !EVP_CIPHER_meth_set_do_cipher(cipher, TPL(c, do_cipher)) || !EVP_CIPHER_meth_set_cleanup(cipher, TPL(c, cleanup)) || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, TPL(c, ctx_size)) - || !EVP_CIPHER_meth_set_set_asn1_params(cipher, TPL(c, set_asn1_parameters)) - || !EVP_CIPHER_meth_set_get_asn1_params(cipher, TPL(c, get_asn1_parameters)) + || !EVP_CIPHER_meth_set_set_asn1_params( + cipher, TPL(c, set_asn1_parameters)) + || !EVP_CIPHER_meth_set_get_asn1_params( + cipher, TPL(c, get_asn1_parameters)) || !EVP_CIPHER_meth_set_ctrl(cipher, TPL(c, ctrl))) { EVP_CIPHER_meth_free(cipher); cipher = NULL; @@ -143,9 +145,7 @@ static GOST_cipher gost_template_cipher = { .block_size = 8, .key_len = 32, .iv_len = 8, - .flags = EVP_CIPH_CUSTOM_IV | - EVP_CIPH_RAND_KEY | - EVP_CIPH_ALWAYS_CALL_INIT, + .flags = EVP_CIPH_CUSTOM_IV | EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT, .cleanup = gost_cipher_cleanup, .ctx_size = sizeof(struct ossl_gost_cipher_ctx), .set_asn1_parameters = gost89_set_asn1_parameters, @@ -157,8 +157,7 @@ GOST_cipher Gost28147_89_cipher = { .nid = NID_id_Gost28147_89, .template = &gost_template_cipher, .block_size = 1, - .flags = EVP_CIPH_CFB_MODE | - EVP_CIPH_NO_PADDING, + .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_NO_PADDING, .init = gost_cipher_init, .do_cipher = gost_cipher_do_cfb, }; @@ -175,8 +174,7 @@ GOST_cipher Gost28147_89_cnt_cipher = { .nid = NID_gost89_cnt, .template = &gost_template_cipher, .block_size = 1, - .flags = EVP_CIPH_OFB_MODE | - EVP_CIPH_NO_PADDING, + .flags = EVP_CIPH_OFB_MODE | EVP_CIPH_NO_PADDING, .init = gost_cipher_init_cpa, .do_cipher = gost_cipher_do_cnt, }; @@ -185,8 +183,7 @@ GOST_cipher Gost28147_89_cnt_12_cipher = { .nid = NID_gost89_cnt_12, .template = &gost_template_cipher, .block_size = 1, - .flags = EVP_CIPH_OFB_MODE | - EVP_CIPH_NO_PADDING, + .flags = EVP_CIPH_OFB_MODE | EVP_CIPH_NO_PADDING, .init = gost_cipher_init_cp_12, .do_cipher = gost_cipher_do_cnt, }; @@ -194,9 +191,7 @@ GOST_cipher Gost28147_89_cnt_12_cipher = { static GOST_cipher magma_template_cipher = { .block_size = 8, .key_len = 32, - .flags = - EVP_CIPH_RAND_KEY | - EVP_CIPH_ALWAYS_CALL_INIT, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT, .cleanup = gost_cipher_cleanup, .ctx_size = sizeof(struct ossl_gost_cipher_ctx), .set_asn1_parameters = magma_set_asn1_parameters, @@ -210,9 +205,7 @@ GOST_cipher magma_ctr_cipher = { .template = &magma_template_cipher, .block_size = 1, .iv_len = 4, - .flags = EVP_CIPH_CTR_MODE | - EVP_CIPH_CUSTOM_IV | - EVP_CIPH_NO_PADDING, + .flags = EVP_CIPH_CTR_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_NO_PADDING, .init = magma_cipher_init, }; @@ -221,9 +214,7 @@ GOST_cipher magma_ctr_acpkm_cipher = { .template = &magma_template_cipher, .block_size = 1, .iv_len = 4, - .flags = EVP_CIPH_CTR_MODE | - EVP_CIPH_CUSTOM_IV | - EVP_CIPH_NO_PADDING, + .flags = EVP_CIPH_CTR_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_NO_PADDING, .init = magma_cipher_init, }; @@ -232,12 +223,9 @@ GOST_cipher magma_ctr_acpkm_omac_cipher = { .template = &magma_template_cipher, .block_size = 1, .iv_len = 4, - .flags = EVP_CIPH_CTR_MODE | - EVP_CIPH_CUSTOM_IV | - EVP_CIPH_NO_PADDING | - EVP_CIPH_CUSTOM_COPY | - EVP_CIPH_FLAG_CUSTOM_CIPHER | - EVP_CIPH_FLAG_CIPHER_WITH_MAC, + .flags = EVP_CIPH_CTR_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_NO_PADDING + | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER + | EVP_CIPH_FLAG_CIPHER_WITH_MAC, .init = magma_cipher_init_ctr_acpkm_omac, .do_cipher = magma_cipher_do_ctr_acpkm_omac, .ctrl = magma_cipher_ctl_acpkm_omac, @@ -251,22 +239,21 @@ GOST_cipher magma_ecb_cipher = { .do_cipher = magma_cipher_do_ecb, }; - GOST_cipher magma_mgm_cipher = { +GOST_cipher magma_mgm_cipher = { .nid = NID_undef, .template = &magma_template_cipher, .block_size = 1, .iv_len = 8, - .flags = EVP_CIPH_NO_PADDING | - EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER | - EVP_CIPH_CTRL_INIT | EVP_CIPH_FLAG_AEAD_CIPHER, + .flags = + EVP_CIPH_NO_PADDING | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER + | EVP_CIPH_CTRL_INIT | EVP_CIPH_FLAG_AEAD_CIPHER, .init = gost_magma_cipher_init_mgm, .do_cipher = gost_magma_cipher_do_mgm, .ctrl = gost_magma_mgm_ctrl, .cleanup = gost_magma_mgm_cleanup, - .ctx_size = sizeof(gost_mgm_ctx) - }; + .ctx_size = sizeof(gost_mgm_ctx)}; -static void magma_NID_callback (int nid) +static void magma_NID_callback(int nid) { magma_mgm_cipher.nid = nid; } @@ -281,8 +268,7 @@ GOST_cipher magma_cbc_cipher = { .nid = NID_magma_cbc, .template = &gost_template_cipher, .iv_len = 8, - .flags = EVP_CIPH_CBC_MODE | - EVP_CIPH_CUSTOM_IV, + .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_CUSTOM_IV, .init = magma_cipher_init, .do_cipher = magma_cipher_do_cbc, }; @@ -381,15 +367,16 @@ const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj) if (nid == NID_undef) { GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS, GOST_R_INVALID_CIPHER_PARAM_OID); - ERR_add_error_data(3, "Unsupported CRYPT_PARAMS='", - params, "' specified in environment or in config"); + ERR_add_error_data(3, "Unsupported CRYPT_PARAMS='", params, + "' specified in environment or in config"); return NULL; } } else { nid = OBJ_obj2nid(obj); } for (param = gost_cipher_list; param->sblock != NULL && param->nid != nid; - param++) ; + param++) + ; if (!param->sblock) { GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS, GOST_R_INVALID_CIPHER_PARAMS); return NULL; @@ -413,10 +400,9 @@ static int gost_cipher_set_param(struct ossl_gost_cipher_ctx *c, int nid) } /* Initializes EVP_CIPHER_CTX by paramset NID */ -static int gost_cipher_init_param(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc, - int paramNID, int mode) +static int +gost_cipher_init_param(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc, int paramNID, int mode) { struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); if (EVP_CIPHER_CTX_get_app_data(ctx) == NULL) { @@ -430,15 +416,14 @@ static int gost_cipher_init_param(EVP_CIPHER_CTX *ctx, memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv, EVP_CIPHER_CTX_iv_length(ctx)); } - memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), - EVP_CIPHER_CTX_original_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx)); + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_original_iv(ctx), + EVP_CIPHER_CTX_iv_length(ctx)); return 1; } -static int gost_cipher_init_cnt(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, - gost_subst_block * block) +static int +gost_cipher_init_cnt(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, gost_subst_block *block) { struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); gost_init(&(c->cctx), block); @@ -450,8 +435,8 @@ static int gost_cipher_init_cnt(EVP_CIPHER_CTX *ctx, memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv, EVP_CIPHER_CTX_iv_length(ctx)); } - memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), - EVP_CIPHER_CTX_original_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx)); + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_original_iv(ctx), + EVP_CIPHER_CTX_iv_length(ctx)); return 1; } @@ -461,8 +446,7 @@ static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key, return gost_cipher_init_cnt(ctx, key, iv, &Gost28147_CryptoProParamSetA); } -static int gost_cipher_init_cp_12(EVP_CIPHER_CTX *ctx, - const unsigned char *key, +static int gost_cipher_init_cp_12(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { return gost_cipher_init_cnt(ctx, key, iv, &Gost28147_TC26ParamSetZ); @@ -470,23 +454,23 @@ static int gost_cipher_init_cp_12(EVP_CIPHER_CTX *ctx, /* Initializes EVP_CIPHER_CTX with default values */ static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - return gost_cipher_init_param(ctx, key, iv, enc, NID_undef, - EVP_CIPH_CFB_MODE); + return gost_cipher_init_param( + ctx, key, iv, enc, NID_undef, EVP_CIPH_CFB_MODE); } /* Initializes EVP_CIPHER_CTX with default values */ static int gost_cipher_init_cbc(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - return gost_cipher_init_param(ctx, key, iv, enc, NID_undef, - EVP_CIPH_CBC_MODE); + return gost_cipher_init_param( + ctx, key, iv, enc, NID_undef, EVP_CIPH_CBC_MODE); } /* Initializes EVP_CIPHER_CTX with default values */ static int magma_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); /* FIXME this is just initializtion check */ @@ -509,48 +493,52 @@ static int magma_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv, EVP_CIPHER_CTX_iv_length(ctx)); } - memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), - EVP_CIPHER_CTX_original_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx)); + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_original_iv(ctx), + EVP_CIPHER_CTX_iv_length(ctx)); if (EVP_CIPHER_CTX_nid(ctx) == NID_magma_ctr_acpkm - || EVP_CIPHER_CTX_nid(ctx) == NID_magma_ctr_acpkm_omac) { - c->key_meshing = 1024; + || EVP_CIPHER_CTX_nid(ctx) == NID_magma_ctr_acpkm_omac) { + c->key_meshing = 1024; } else { - c->key_meshing = 0; + c->key_meshing = 0; } return 1; } /* Initializes EVP_CIPHER_CTX with default values */ -static int magma_cipher_init_ctr_acpkm_omac(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) +static int magma_cipher_init_ctr_acpkm_omac( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc) { - if (key) { - struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); - unsigned char cipher_key[32]; - c->omac_ctx = EVP_MD_CTX_new(); + if (key) { + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + unsigned char cipher_key[32]; + c->omac_ctx = EVP_MD_CTX_new(); - if (c->omac_ctx == NULL) { - GOSTerr(GOST_F_MAGMA_CIPHER_INIT_CTR_ACPKM_OMAC, ERR_R_MALLOC_FAILURE); - return 0; - } + if (c->omac_ctx == NULL) { + GOSTerr(GOST_F_MAGMA_CIPHER_INIT_CTR_ACPKM_OMAC, + ERR_R_MALLOC_FAILURE); + return 0; + } - if (gost2015_acpkm_omac_init(NID_magma_mac, enc, key, - c->omac_ctx, cipher_key, c->kdf_seed) != 1) { - EVP_MD_CTX_free(c->omac_ctx); - c->omac_ctx = NULL; - return 0; - } + if (gost2015_acpkm_omac_init( + NID_magma_mac, enc, key, c->omac_ctx, cipher_key, c->kdf_seed) + != 1) { + EVP_MD_CTX_free(c->omac_ctx); + c->omac_ctx = NULL; + return 0; + } - return magma_cipher_init(ctx, cipher_key, iv, enc); - } + return magma_cipher_init(ctx, cipher_key, iv, enc); + } - return magma_cipher_init(ctx, key, iv, enc); + return magma_cipher_init(ctx, key, iv, enc); } void gost_magma_encrypt_wrap(unsigned char *in, unsigned char *out, - struct ossl_gost_cipher_ctx *c) { + struct ossl_gost_cipher_ctx *c) +{ int i; unsigned char b[8]; unsigned char d[8]; @@ -569,65 +557,65 @@ void gost_magma_encrypt_wrap(unsigned char *in, unsigned char *out, \f$ f(x) = x^{64} + x^4 + x^3 + x + 1 \in \mathbb F_2[x]\f$. Для умножения используется простейшая реализация, основанная на приведении по модулю после каждого шага алгоритма. */ /* ----------------------------------------------------------------------------------------------- */ -static void gf64_mul (uint64_t *result, uint64_t *arg1, uint64_t *arg2) +static void gf64_mul(uint64_t *result, uint64_t *arg1, uint64_t *arg2) { - int i = 0; - register uint64_t t, X0; - uint64_t Z0 = 0; + int i = 0; + register uint64_t t, X0; + uint64_t Z0 = 0; #ifdef L_ENDIAN - X0 = BSWAP64(*arg1); + X0 = BSWAP64(*arg1); #else - X0 = *arg1; + X0 = *arg1; #endif #ifdef L_ENDIAN - t = BSWAP64(*(arg2)); + t = BSWAP64(*(arg2)); #else - t = *(arg2); + t = *(arg2); #endif - for (i = 0; i < 63; i++) { - if (t & 0x1) { - Z0 ^= X0; - } - t >>= 1; - if (X0 & 0x8000000000000000) { - X0 <<= 1; - X0 ^= 0x1b; - } - else { - X0 <<= 1; - } - } - - if (t & 0x1) { - Z0 ^= X0; - } + for (i = 0; i < 63; i++) { + if (t & 0x1) { + Z0 ^= X0; + } + t >>= 1; + if (X0 & 0x8000000000000000) { + X0 <<= 1; + X0 ^= 0x1b; + } else { + X0 <<= 1; + } + } + + if (t & 0x1) { + Z0 ^= X0; + } #ifdef L_ENDIAN - *(result) = BSWAP64(Z0); + *(result) = BSWAP64(Z0); #else - *(result) = Z0; + *(result) = Z0; #endif } -static int gost_magma_cipher_init_mgm(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) +static int +gost_magma_cipher_init_mgm(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) { - gost_mgm_ctx *mctx = - (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + gost_mgm_ctx *mctx = (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); int bl; if (!iv && !key) return 1; if (key) { bl = EVP_CIPHER_CTX_iv_length(ctx); - if (!gost_cipher_set_param(&mctx->ks.g_ks, NID_id_tc26_gost_28147_param_Z)) + if (!gost_cipher_set_param( + &mctx->ks.g_ks, NID_id_tc26_gost_28147_param_Z)) return 0; magma_key(&(mctx->ks.g_ks.cctx), key); gost_mgm128_init(&mctx->mgm, &mctx->ks, - (block128_f) gost_magma_encrypt_wrap, gf64_mul, bl); + (block128_f)gost_magma_encrypt_wrap, gf64_mul, bl); /* * If we have an iv can set it directly, otherwise use saved IV. @@ -645,8 +633,7 @@ static int gost_magma_cipher_init_mgm(EVP_CIPHER_CTX *ctx, const unsigned char * if (mctx->key_set) { if (gost_mgm128_setiv(&mctx->mgm, iv, mctx->ivlen) != 1) return 0; - } - else + } else memcpy(mctx->iv, iv, mctx->ivlen); mctx->iv_set = 1; } @@ -682,16 +669,16 @@ static void gost_cnt_next(void *ctx, unsigned char *iv, unsigned char *buf) } else { memcpy(buf1, iv, 8); } - g = buf1[0] | (buf1[1] << 8) | (buf1[2] << 16) | ((word32) buf1[3] << 24); + g = buf1[0] | (buf1[1] << 8) | (buf1[2] << 16) | ((word32)buf1[3] << 24); g += 0x01010101; buf1[0] = (unsigned char)(g & 0xff); buf1[1] = (unsigned char)((g >> 8) & 0xff); buf1[2] = (unsigned char)((g >> 16) & 0xff); buf1[3] = (unsigned char)((g >> 24) & 0xff); - g = buf1[4] | (buf1[5] << 8) | (buf1[6] << 16) | ((word32) buf1[7] << 24); + g = buf1[4] | (buf1[5] << 8) | (buf1[6] << 16) | ((word32)buf1[7] << 24); go = g; g += 0x01010104; - if (go > g) /* overflow */ + if (go > g) /* overflow */ g++; buf1[4] = (unsigned char)(g & 0xff); buf1[5] = (unsigned char)((g >> 8) & 0xff); @@ -704,7 +691,7 @@ static void gost_cnt_next(void *ctx, unsigned char *iv, unsigned char *buf) /* GOST encryption in CBC mode */ static int gost_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { unsigned char b[8]; const unsigned char *in_ptr = in; @@ -714,7 +701,6 @@ static int gost_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); if (EVP_CIPHER_CTX_encrypting(ctx)) { while (inl > 0) { - for (i = 0; i < 8; i++) { b[i] = iv[i] ^ in_ptr[i]; } @@ -743,7 +729,7 @@ static int gost_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, /* MAGMA encryption in ECB mode */ static int magma_cipher_do_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); if (EVP_CIPHER_CTX_encrypting(ctx)) { @@ -766,7 +752,7 @@ static int magma_cipher_do_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, /* MAGMA encryption in CBC mode */ static int magma_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { unsigned char b[8]; unsigned char d[8]; @@ -777,7 +763,6 @@ static int magma_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); if (EVP_CIPHER_CTX_encrypting(ctx)) { while (inl > 0) { - for (i = 0; i < 8; i++) { out_ptr[i] = iv[i] ^ in_ptr[i]; } @@ -811,8 +796,9 @@ static void ctr64_inc(unsigned char *counter) #define MAGMA_BLOCK_SIZE 8 #define MAGMA_BLOCK_MASK (MAGMA_BLOCK_SIZE - 1) -static inline void apply_acpkm_magma(struct ossl_gost_cipher_ctx * - ctx, unsigned int *num) + +static inline void +apply_acpkm_magma(struct ossl_gost_cipher_ctx *ctx, unsigned int *num) { if (!ctx->key_meshing || (*num < (unsigned int)ctx->key_meshing)) return; @@ -832,7 +818,7 @@ static int magma_cipher_do_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); unsigned int num = EVP_CIPHER_CTX_num(ctx); size_t blocks, i, lasted = inl; -/* Process partial blocks */ + /* Process partial blocks */ while ((num & MAGMA_BLOCK_MASK) && lasted) { *out_ptr++ = *in_ptr++ ^ buf[num & MAGMA_BLOCK_MASK]; --lasted; @@ -840,7 +826,7 @@ static int magma_cipher_do_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, } blocks = lasted / MAGMA_BLOCK_SIZE; -/* Process full blocks */ + /* Process full blocks */ for (i = 0; i < blocks; i++) { apply_acpkm_magma(c, &num); magmacrypt(&(c->cctx), iv, buf); @@ -855,7 +841,7 @@ static int magma_cipher_do_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, lasted -= MAGMA_BLOCK_SIZE; } -/* Process the rest of plaintext */ + /* Process the rest of plaintext */ if (lasted > 0) { apply_acpkm_magma(c, &num); magmacrypt(&(c->cctx), iv, buf); @@ -872,48 +858,47 @@ static int magma_cipher_do_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, } /* MAGMA encryption in CTR mode */ -static int magma_cipher_do_ctr_acpkm_omac(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) +static int magma_cipher_do_ctr_acpkm_omac( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl) { - struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); - if (in == NULL && inl == 0) /* Final call */ - return gost2015_final_call(ctx, c->omac_ctx, MAGMA_MAC_MAX_SIZE, c->tag, magma_cipher_do_ctr); + if (in == NULL && inl == 0) /* Final call */ + return gost2015_final_call( + ctx, c->omac_ctx, MAGMA_MAC_MAX_SIZE, c->tag, magma_cipher_do_ctr); - if (in == NULL) - return -1; + if (in == NULL) + return -1; - /* As in and out can be the same pointer, process unencrypted here */ - if (EVP_CIPHER_CTX_encrypting(ctx)) - EVP_DigestSignUpdate(c->omac_ctx, in, inl); + /* As in and out can be the same pointer, process unencrypted here */ + if (EVP_CIPHER_CTX_encrypting(ctx)) + EVP_DigestSignUpdate(c->omac_ctx, in, inl); - if (magma_cipher_do_ctr(ctx, out, in, inl) != inl) - return -1; + if (magma_cipher_do_ctr(ctx, out, in, inl) != inl) + return -1; - /* As in and out can be the same pointer, process decrypted here */ - if (!EVP_CIPHER_CTX_encrypting(ctx)) - EVP_DigestSignUpdate(c->omac_ctx, out, inl); + /* As in and out can be the same pointer, process decrypted here */ + if (!EVP_CIPHER_CTX_encrypting(ctx)) + EVP_DigestSignUpdate(c->omac_ctx, out, inl); - return inl; + return inl; } static int gost_magma_cipher_do_mgm(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - gost_mgm_ctx *mctx = - (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + gost_mgm_ctx *mctx = (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); int enc = EVP_CIPHER_CTX_encrypting(ctx); /* If not set up, return error */ if (!mctx->key_set) { - GOSTerr(GOST_F_GOST_MAGMA_CIPHER_DO_MGM, - GOST_R_BAD_ORDER); + GOSTerr(GOST_F_GOST_MAGMA_CIPHER_DO_MGM, GOST_R_BAD_ORDER); return -1; } if (!mctx->iv_set) { - GOSTerr(GOST_F_GOST_MAGMA_CIPHER_DO_MGM, - GOST_R_BAD_ORDER); + GOSTerr(GOST_F_GOST_MAGMA_CIPHER_DO_MGM, GOST_R_BAD_ORDER); return -1; } if (in) { @@ -932,9 +917,9 @@ static int gost_magma_cipher_do_mgm(EVP_CIPHER_CTX *ctx, unsigned char *out, if (!enc) { if (mctx->taglen < 0) return -1; - if (gost_mgm128_finish(&mctx->mgm, - EVP_CIPHER_CTX_buf_noconst(ctx), - mctx->taglen) != 0) + if (gost_mgm128_finish( + &mctx->mgm, EVP_CIPHER_CTX_buf_noconst(ctx), mctx->taglen) + != 0) return -1; mctx->iv_set = 0; return 0; @@ -945,12 +930,11 @@ static int gost_magma_cipher_do_mgm(EVP_CIPHER_CTX *ctx, unsigned char *out, mctx->iv_set = 0; return 0; } - } /* GOST encryption in CFB mode */ static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { const unsigned char *in_ptr = in; unsigned char *out_ptr = out; @@ -958,10 +942,10 @@ static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, size_t j = 0; unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); -/* process partial block if any */ + /* process partial block if any */ if (EVP_CIPHER_CTX_num(ctx)) { - for (j = EVP_CIPHER_CTX_num(ctx), i = 0; j < 8 && i < inl; - j++, i++, in_ptr++, out_ptr++) { + for (j = EVP_CIPHER_CTX_num(ctx), i = 0; j < 8 && i < inl; j++, i++, + in_ptr++, out_ptr++) { if (!EVP_CIPHER_CTX_encrypting(ctx)) buf[j + 8] = *in_ptr; *out_ptr = buf[j] ^ (*in_ptr); @@ -998,7 +982,7 @@ static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, if (EVP_CIPHER_CTX_encrypting(ctx)) memcpy(iv, out_ptr, 8); } -/* Process rest of buffer */ + /* Process rest of buffer */ if (i < inl) { gost_crypt_mesh(EVP_CIPHER_CTX_get_cipher_data(ctx), iv, buf); if (!EVP_CIPHER_CTX_encrypting(ctx)) @@ -1024,10 +1008,10 @@ static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out, size_t j; unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); -/* process partial block if any */ + /* process partial block if any */ if (EVP_CIPHER_CTX_num(ctx)) { - for (j = EVP_CIPHER_CTX_num(ctx), i = 0; j < 8 && i < inl; - j++, i++, in_ptr++, out_ptr++) { + for (j = EVP_CIPHER_CTX_num(ctx), i = 0; j < 8 && i < inl; j++, i++, + in_ptr++, out_ptr++) { *out_ptr = buf[j] ^ (*in_ptr); } if (j == 8) { @@ -1054,7 +1038,7 @@ static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out, out_ptr[j] = buf[j] ^ in_ptr[j]; } } -/* Process rest of buffer */ + /* Process rest of buffer */ if (i < inl) { gost_cnt_next(EVP_CIPHER_CTX_get_cipher_data(ctx), iv, buf); for (j = 0; i < inl; j++, i++) { @@ -1071,7 +1055,7 @@ static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out, static int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx) { struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); - EVP_MD_CTX_free(c->omac_ctx); + EVP_MD_CTX_free(c->omac_ctx); gost_destroy(&(c->cctx)); EVP_CIPHER_CTX_set_app_data(ctx, NULL); return 1; @@ -1079,8 +1063,7 @@ static int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx) static int gost_magma_mgm_cleanup(EVP_CIPHER_CTX *c) { - gost_mgm_ctx *mctx = - (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(c); + gost_mgm_ctx *mctx = (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(c); if (mctx == NULL) return 0; gost_destroy(&mctx->ks.g_ks.cctx); @@ -1091,8 +1074,7 @@ static int gost_magma_mgm_cleanup(EVP_CIPHER_CTX *c) static int gost_magma_mgm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { - gost_mgm_ctx *mctx = - (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(c); + gost_mgm_ctx *mctx = (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(c); unsigned char *buf, *iv; int ivlen, enc; @@ -1125,8 +1107,7 @@ static int gost_magma_mgm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) buf = EVP_CIPHER_CTX_buf_noconst(c); enc = EVP_CIPHER_CTX_encrypting(c); if (arg <= 0 || arg != 8 || enc) { - GOSTerr(GOST_F_GOST_MAGMA_MGM_CTRL, - GOST_R_INVALID_TAG_LENGTH); + GOSTerr(GOST_F_GOST_MAGMA_MGM_CTRL, GOST_R_INVALID_TAG_LENGTH); return 0; } memcpy(buf, ptr, arg); @@ -1137,8 +1118,7 @@ static int gost_magma_mgm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) buf = EVP_CIPHER_CTX_buf_noconst(c); enc = EVP_CIPHER_CTX_encrypting(c); if (arg <= 0 || arg > 8 || !enc || mctx->taglen < 0) { - GOSTerr(GOST_F_GOST_MAGMA_MGM_CTRL, - GOST_R_INVALID_TAG_LENGTH); + GOSTerr(GOST_F_GOST_MAGMA_MGM_CTRL, GOST_R_INVALID_TAG_LENGTH); return 0; } memcpy(ptr, buf, arg); @@ -1153,15 +1133,14 @@ static int gost_magma_mgm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) static int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { switch (type) { - case EVP_CTRL_RAND_KEY: - { - if (RAND_priv_bytes - ((unsigned char *)ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0) { - GOSTerr(GOST_F_GOST_CIPHER_CTL, GOST_R_RNG_ERROR); - return -1; - } - break; + case EVP_CTRL_RAND_KEY: { + if (RAND_priv_bytes((unsigned char *)ptr, EVP_CIPHER_CTX_key_length(ctx)) + <= 0) { + GOSTerr(GOST_F_GOST_CIPHER_CTL, GOST_R_RNG_ERROR); + return -1; } + break; + } case EVP_CTRL_PBE_PRF_NID: if (ptr) { const char *params = get_gost_engine_param(GOST_PARAM_PBE_PARAMS); @@ -1209,22 +1188,20 @@ static int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) } else { return 0; } - case EVP_CTRL_KEY_MESH: - { - struct ossl_gost_cipher_ctx *c = - EVP_CIPHER_CTX_get_cipher_data(ctx); - - if (c == NULL) { - return -1; - } + case EVP_CTRL_KEY_MESH: { + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); - if (c->count != 0) { - return -1; - } + if (c == NULL) { + return -1; + } - c->key_meshing = arg; - return 1; + if (c->count != 0) { + return -1; } + + c->key_meshing = arg; + return 1; + } default: GOSTerr(GOST_F_GOST_CIPHER_CTL, GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND); return -1; @@ -1233,22 +1210,20 @@ static int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) } /* Decrement 8-byte sequence if needed */ -int decrement_sequence(unsigned char *seq, int decrement) { +int decrement_sequence(unsigned char *seq, int decrement) +{ if (decrement < 0 || decrement > 1) - return 0; - + return 0; + int j; if (decrement) { - for (j = 7; j >= 0; j--) - { - if (seq[j] != 0) - { - seq[j]--; - break; - } - else - seq[j] = 0xFF; - } + for (j = 7; j >= 0; j--) { + if (seq[j] != 0) { + seq[j]--; + break; + } else + seq[j] = 0xFF; + } } return 1; } @@ -1258,75 +1233,73 @@ static int magma_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { switch (type) { case EVP_CTRL_RAND_KEY: - if (RAND_priv_bytes - ((unsigned char *)ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0) { - GOSTerr(GOST_F_MAGMA_CIPHER_CTL, GOST_R_RNG_ERROR); - return -1; - } - break; - case EVP_CTRL_KEY_MESH: - { - struct ossl_gost_cipher_ctx *c = - EVP_CIPHER_CTX_get_cipher_data(ctx); - - if (c == NULL) { - return -1; - } + if (RAND_priv_bytes((unsigned char *)ptr, EVP_CIPHER_CTX_key_length(ctx)) + <= 0) { + GOSTerr(GOST_F_MAGMA_CIPHER_CTL, GOST_R_RNG_ERROR); + return -1; + } + break; + case EVP_CTRL_KEY_MESH: { + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); - if (c->count != 0) { - return -1; - } + if (c == NULL) { + return -1; + } - c->key_meshing = arg; - return 1; + if (c->count != 0) { + return -1; } - case EVP_CTRL_TLSTREE: - { - unsigned char newkey[32]; - int mode = EVP_CIPHER_CTX_mode(ctx); - struct ossl_gost_cipher_ctx *ctr_ctx = NULL; - gost_ctx *c = NULL; - - unsigned char adjusted_iv[8]; - unsigned char seq[8]; - int j, carry, decrement_arg; - if (mode != EVP_CIPH_CTR_MODE) - return -1; - ctr_ctx = (struct ossl_gost_cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); - c = &(ctr_ctx->cctx); + c->key_meshing = arg; + return 1; + } + case EVP_CTRL_TLSTREE: { + unsigned char newkey[32]; + int mode = EVP_CIPHER_CTX_mode(ctx); + struct ossl_gost_cipher_ctx *ctr_ctx = NULL; + gost_ctx *c = NULL; + + unsigned char adjusted_iv[8]; + unsigned char seq[8]; + int j, carry, decrement_arg; + if (mode != EVP_CIPH_CTR_MODE) + return -1; + + ctr_ctx = + (struct ossl_gost_cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + c = &(ctr_ctx->cctx); - /* + /* * 'arg' parameter indicates what we should do with sequence value. * * When function called, seq is incremented after MAC calculation. * In ETM mode, we use seq 'as is' in the ctrl-function (arg = 0) * Otherwise we have to decrease it in the implementation (arg = 1). */ - memcpy(seq, ptr, 8); - decrement_arg = arg; - if(!decrement_sequence(seq, decrement_arg)) { - GOSTerr(GOST_F_MAGMA_CIPHER_CTL, GOST_R_CTRL_CALL_FAILED); - return -1; - } + memcpy(seq, ptr, 8); + decrement_arg = arg; + if (!decrement_sequence(seq, decrement_arg)) { + GOSTerr(GOST_F_MAGMA_CIPHER_CTL, GOST_R_CTRL_CALL_FAILED); + return -1; + } - if (gost_tlstree(NID_magma_cbc, (const unsigned char *)c->master_key, newkey, - (const unsigned char *)seq) > 0) { - memset(adjusted_iv, 0, 8); - memcpy(adjusted_iv, EVP_CIPHER_CTX_original_iv(ctx), 4); - for (j = 3, carry = 0; j >= 0; j--) - { - int adj_byte = adjusted_iv[j] + seq[j+4] + carry; - carry = (adj_byte > 255) ? 1 : 0; - adjusted_iv[j] = adj_byte & 0xFF; - } - EVP_CIPHER_CTX_set_num(ctx, 0); - memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), adjusted_iv, 8); + if (gost_tlstree(NID_magma_cbc, (const unsigned char *)c->master_key, + newkey, (const unsigned char *)seq) + > 0) { + memset(adjusted_iv, 0, 8); + memcpy(adjusted_iv, EVP_CIPHER_CTX_original_iv(ctx), 4); + for (j = 3, carry = 0; j >= 0; j--) { + int adj_byte = adjusted_iv[j] + seq[j + 4] + carry; + carry = (adj_byte > 255) ? 1 : 0; + adjusted_iv[j] = adj_byte & 0xFF; + } + EVP_CIPHER_CTX_set_num(ctx, 0); + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), adjusted_iv, 8); - magma_key(c, newkey); - return 1; - } + magma_key(c, newkey); + return 1; } + } return -1; default: GOSTerr(GOST_F_MAGMA_CIPHER_CTL, GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND); @@ -1335,34 +1308,37 @@ static int magma_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) return 1; } -static int magma_cipher_ctl_acpkm_omac(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +static int +magma_cipher_ctl_acpkm_omac(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { - switch (type) - { - case EVP_CTRL_PROCESS_UNPROTECTED: - { - struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); - STACK_OF(X509_ATTRIBUTE) *x = ptr; - return gost2015_process_unprotected_attributes(x, arg, MAGMA_MAC_MAX_SIZE, c->tag); - } + switch (type) { + case EVP_CTRL_PROCESS_UNPROTECTED: { + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + STACK_OF(X509_ATTRIBUTE) *x = ptr; + return gost2015_process_unprotected_attributes( + x, arg, MAGMA_MAC_MAX_SIZE, c->tag); + } case EVP_CTRL_COPY: { - EVP_CIPHER_CTX *out = ptr; - struct ossl_gost_cipher_ctx *in_cctx = EVP_CIPHER_CTX_get_cipher_data(ctx); - struct ossl_gost_cipher_ctx *out_cctx = EVP_CIPHER_CTX_get_cipher_data(out); - - if (in_cctx->omac_ctx == out_cctx->omac_ctx) { - out_cctx->omac_ctx = EVP_MD_CTX_new(); - if (out_cctx->omac_ctx == NULL) { - GOSTerr(GOST_F_MAGMA_CIPHER_CTL_ACPKM_OMAC, ERR_R_MALLOC_FAILURE); - return -1; - } - } - return EVP_MD_CTX_copy(out_cctx->omac_ctx, in_cctx->omac_ctx); - } - default: - return magma_cipher_ctl(ctx, type, arg, ptr); - break; - } + EVP_CIPHER_CTX *out = ptr; + struct ossl_gost_cipher_ctx *in_cctx = + EVP_CIPHER_CTX_get_cipher_data(ctx); + struct ossl_gost_cipher_ctx *out_cctx = + EVP_CIPHER_CTX_get_cipher_data(out); + + if (in_cctx->omac_ctx == out_cctx->omac_ctx) { + out_cctx->omac_ctx = EVP_MD_CTX_new(); + if (out_cctx->omac_ctx == NULL) { + GOSTerr(GOST_F_MAGMA_CIPHER_CTL_ACPKM_OMAC, + ERR_R_MALLOC_FAILURE); + return -1; + } + } + return EVP_MD_CTX_copy(out_cctx->omac_ctx, in_cctx->omac_ctx); + } + default: + return magma_cipher_ctl(ctx, type, arg, ptr); + break; + } } /* Set cipher parameters from ASN1 structure */ @@ -1378,8 +1354,8 @@ static int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE); return 0; } - if (!ASN1_OCTET_STRING_set - (gcp->iv, EVP_CIPHER_CTX_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx))) { + if (!ASN1_OCTET_STRING_set( + gcp->iv, EVP_CIPHER_CTX_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx))) { GOST_CIPHER_PARAMS_free(gcp); GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE); return 0; @@ -1425,8 +1401,8 @@ static int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) p = params->value.sequence->data; - gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p, - params->value.sequence->length); + gcp = d2i_GOST_CIPHER_PARAMS( + NULL, (const unsigned char **)&p, params->value.sequence->length); len = gcp->iv->length; if (len != EVP_CIPHER_CTX_iv_length(ctx)) { @@ -1457,34 +1433,35 @@ static int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) } #define MAGMA_UKM_LEN 12 -static int magma_set_asn1_parameters (EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) + +static int magma_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) { - struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); - c->key_meshing = 8192; + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + c->key_meshing = 8192; - return gost2015_set_asn1_params(params, EVP_CIPHER_CTX_original_iv(ctx), 4, - c->kdf_seed); + return gost2015_set_asn1_params( + params, EVP_CIPHER_CTX_original_iv(ctx), 4, c->kdf_seed); } static int magma_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) { - struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); - unsigned char iv[16]; + struct ossl_gost_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + unsigned char iv[16]; - c->key_meshing = 8192; + c->key_meshing = 8192; - if (gost2015_get_asn1_params(params, MAGMA_UKM_LEN, iv, 4, c->kdf_seed) < 0) - return -1; + if (gost2015_get_asn1_params(params, MAGMA_UKM_LEN, iv, 4, c->kdf_seed) < 0) + return -1; - memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, sizeof(iv)); - memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv, sizeof(iv)); - /* Key meshing 8 kb*/ - c->key_meshing = 8192; + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, sizeof(iv)); + memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv, sizeof(iv)); + /* Key meshing 8 kb*/ + c->key_meshing = 8192; - return 1; + return 1; } -static int gost_imit_init(EVP_MD_CTX *ctx, gost_subst_block * block) +static int gost_imit_init(EVP_MD_CTX *ctx, gost_subst_block *block) { struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx); memset(c->buffer, 0, sizeof(c->buffer)); @@ -1507,8 +1484,8 @@ static int gost_imit_init_cp_12(EVP_MD_CTX *ctx) return gost_imit_init(ctx, &Gost28147_TC26ParamSetZ); } -static void mac_block_mesh(struct ossl_gost_imit_ctx *c, - const unsigned char *data) +static void +mac_block_mesh(struct ossl_gost_imit_ctx *c, const unsigned char *data) { /* * We are using NULL for iv because CryptoPro doesn't interpret @@ -1585,50 +1562,47 @@ static int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) case EVP_MD_CTRL_KEY_LEN: *((unsigned int *)(ptr)) = 32; return 1; - case EVP_MD_CTRL_SET_KEY: - { - struct ossl_gost_imit_ctx *gost_imit_ctx = EVP_MD_CTX_md_data(ctx); + case EVP_MD_CTRL_SET_KEY: { + struct ossl_gost_imit_ctx *gost_imit_ctx = EVP_MD_CTX_md_data(ctx); - if (EVP_MD_meth_get_init(EVP_MD_CTX_md(ctx)) (ctx) <= 0) { - GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_MAC_KEY_NOT_SET); - return 0; - } - EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NO_INIT); - - if (arg == 0) { - struct gost_mac_key *key = (struct gost_mac_key *)ptr; - if (key->mac_param_nid != NID_undef) { - const struct gost_cipher_info *param = - get_encryption_params(OBJ_nid2obj(key->mac_param_nid)); - if (param == NULL) { - GOSTerr(GOST_F_GOST_IMIT_CTRL, - GOST_R_INVALID_MAC_PARAMS); - return 0; - } - gost_init(&(gost_imit_ctx->cctx), param->sblock); - } - gost_key(&(gost_imit_ctx->cctx), key->key); - gost_imit_ctx->key_set = 1; - - return 1; - } else if (arg == 32) { - gost_key(&(gost_imit_ctx->cctx), ptr); - gost_imit_ctx->key_set = 1; - return 1; - } - GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_SIZE); + if (EVP_MD_meth_get_init(EVP_MD_CTX_md(ctx))(ctx) <= 0) { + GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_MAC_KEY_NOT_SET); return 0; } - case EVP_MD_CTRL_XOF_LEN: - { - struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx); - if (arg < 1 || arg > 8) { - GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_SIZE); - return 0; + EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NO_INIT); + + if (arg == 0) { + struct gost_mac_key *key = (struct gost_mac_key *)ptr; + if (key->mac_param_nid != NID_undef) { + const struct gost_cipher_info *param = + get_encryption_params(OBJ_nid2obj(key->mac_param_nid)); + if (param == NULL) { + GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_PARAMS); + return 0; + } + gost_init(&(gost_imit_ctx->cctx), param->sblock); } - c->dgst_size = arg; + gost_key(&(gost_imit_ctx->cctx), key->key); + gost_imit_ctx->key_set = 1; + + return 1; + } else if (arg == 32) { + gost_key(&(gost_imit_ctx->cctx), ptr); + gost_imit_ctx->key_set = 1; return 1; } + GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_SIZE); + return 0; + } + case EVP_MD_CTRL_XOF_LEN: { + struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx); + if (arg < 1 || arg > 8) { + GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_SIZE); + return 0; + } + c->dgst_size = arg; + return 1; + } default: return 0; @@ -1650,4 +1624,5 @@ static int gost_imit_cleanup(EVP_MD_CTX *ctx) memset(EVP_MD_CTX_md_data(ctx), 0, sizeof(struct ossl_gost_imit_ctx)); return 1; } + /* vim: set expandtab cinoptions=\:0,l1,t0,g0,(0 sw=4 : */ diff --git a/gost_ctl.c b/gost_ctl.c index 60280b1c1..05e119bc4 100644 --- a/gost_ctl.c +++ b/gost_ctl.c @@ -6,17 +6,18 @@ * Implementation of control commands for GOST engine * * OpenSSL 0.9.9 libraries required * **********************************************************************/ -#include -#include +#include "gost_lcl.h" + +#include #include -#include #include -#include -#include "gost_lcl.h" +#include +#include +#include -static char *gost_params[GOST_PARAM_MAX + 1] = { NULL }; -static const char *gost_envnames[] = - { "CRYPT_PARAMS", "GOST_PBE_HMAC", "GOST_PK_FORMAT" }; +static char *gost_params[GOST_PARAM_MAX + 1] = {NULL}; +static const char *gost_envnames[] = { + "CRYPT_PARAMS", "GOST_PBE_HMAC", "GOST_PK_FORMAT"}; void gost_param_free() { @@ -26,10 +27,9 @@ void gost_param_free() OPENSSL_free(gost_params[i]); gost_params[i] = NULL; } - } -int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) +int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int param = cmd - ENGINE_CMD_BASE; int ret = 0; diff --git a/gost_ec_keyx.c b/gost_ec_keyx.c index 8839c4ac8..d1bbb27e1 100644 --- a/gost_ec_keyx.c +++ b/gost_ec_keyx.c @@ -13,21 +13,21 @@ * based PKCS7/SMIME support * * Requires OpenSSL 0.9.9 for compilation * **********************************************************************/ -#include -#include -#include -#include -#include -#include "gost89.h" #include "e_gost_err.h" +#include "gost89.h" #include "gost_keywrap.h" #include "gost_lcl.h" +#include +#include +#include +#include +#include + /* Implementation of CryptoPro VKO 34.10-2001/2012 algorithm */ -int VKO_compute_key(unsigned char *shared_key, - const EC_POINT *pub_key, const EC_KEY *priv_key, - const unsigned char *ukm, const size_t ukm_size, - const int vko_dgst_nid) +int VKO_compute_key(unsigned char *shared_key, const EC_POINT *pub_key, + const EC_KEY *priv_key, const unsigned char *ukm, + const size_t ukm_size, const int vko_dgst_nid) { unsigned char *databuf = NULL; BIGNUM *scalar = NULL, *X = NULL, *Y = NULL; @@ -55,8 +55,7 @@ int VKO_compute_key(unsigned char *shared_key, scalar = BN_CTX_get(ctx); X = BN_CTX_get(ctx); - if ((Y = BN_CTX_get(ctx)) == NULL - || (pnt = EC_POINT_new(grp)) == NULL + if ((Y = BN_CTX_get(ctx)) == NULL || (pnt = EC_POINT_new(grp)) == NULL || BN_lebin2bn(ukm, ukm_size, scalar) == NULL || !BN_mod_mul(scalar, scalar, EC_KEY_get0_private_key(priv_key), EC_GROUP_get0_order(grp), ctx)) @@ -105,8 +104,7 @@ int VKO_compute_key(unsigned char *shared_key, goto err; } - if (EVP_MD_CTX_init(mdctx) == 0 - || EVP_DigestInit_ex(mdctx, md, NULL) == 0 + if (EVP_MD_CTX_init(mdctx) == 0 || EVP_DigestInit_ex(mdctx, md, NULL) == 0 || EVP_DigestUpdate(mdctx, databuf, buf_len) == 0 || EVP_DigestFinal_ex(mdctx, shared_key, NULL) == 0) { GOSTerr(GOST_F_VKO_COMPUTE_KEY, ERR_R_EVP_LIB); @@ -115,7 +113,7 @@ int VKO_compute_key(unsigned char *shared_key, ret = (EVP_MD_size(md) > 0) ? EVP_MD_size(md) : 0; - err: +err: BN_CTX_end(ctx); BN_CTX_free(ctx); EC_POINT_free(pnt); @@ -129,11 +127,11 @@ int VKO_compute_key(unsigned char *shared_key, * KEG Algorithm described in R 1323565.1.020-2018 6.4.5.1. * keyout expected to be 64 bytes * */ -static int gost_keg(const unsigned char *ukm_source, int pkey_nid, - const EC_POINT *pub_key, const EC_KEY *priv_key, - unsigned char *keyout) +static int +gost_keg(const unsigned char *ukm_source, int pkey_nid, const EC_POINT *pub_key, + const EC_KEY *priv_key, unsigned char *keyout) { -/* Adjust UKM */ + /* Adjust UKM */ unsigned char real_ukm[16]; size_t keylen = 0; @@ -147,32 +145,30 @@ static int gost_keg(const unsigned char *ukm_source, int pkey_nid, switch (pkey_nid) { case NID_id_GostR3410_2012_512: - keylen = - VKO_compute_key(keyout, pub_key, priv_key, real_ukm, 16, - NID_id_GostR3411_2012_512); + keylen = VKO_compute_key( + keyout, pub_key, priv_key, real_ukm, 16, NID_id_GostR3411_2012_512); return (keylen) ? keylen : 0; break; - case NID_id_GostR3410_2012_256: - { - unsigned char tmpkey[32]; - keylen = - VKO_compute_key(tmpkey, pub_key, priv_key, real_ukm, 16, - NID_id_GostR3411_2012_256); - - if (keylen == 0) - return 0; - - if (gost_kdftree2012_256 - (keyout, 64, tmpkey, 32, (const unsigned char *)"kdf tree", 8, - ukm_source + 16, 8, 1) > 0) - keylen = 64; - else - keylen = 0; - - OPENSSL_cleanse(tmpkey, 32); - return (keylen) ? keylen : 0; - } + case NID_id_GostR3410_2012_256: { + unsigned char tmpkey[32]; + keylen = VKO_compute_key( + tmpkey, pub_key, priv_key, real_ukm, 16, NID_id_GostR3411_2012_256); + + if (keylen == 0) + return 0; + + if (gost_kdftree2012_256( + keyout, 64, tmpkey, 32, (const unsigned char *)"kdf tree", 8, + ukm_source + 16, 8, 1) + > 0) + keylen = 64; + else + keylen = 0; + + OPENSSL_cleanse(tmpkey, 32); + return (keylen) ? keylen : 0; + } default: return 0; } @@ -206,14 +202,13 @@ int pkey_gost_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) /* VKO */ if (data->vko_dgst_nid) { if (!key) { - *keylen = data->vko_dgst_nid == NID_id_GostR3411_2012_256? 32 : 64; + *keylen = data->vko_dgst_nid == NID_id_GostR3411_2012_256 ? 32 : 64; return 1; } - *keylen = VKO_compute_key(key, - EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)), - (EC_KEY *)EVP_PKEY_get0(my_key), - data->shared_ukm, data->shared_ukm_size, - data->vko_dgst_nid); + *keylen = VKO_compute_key( + key, EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)), + (EC_KEY *)EVP_PKEY_get0(my_key), data->shared_ukm, + data->shared_ukm_size, data->vko_dgst_nid); return (*keylen) ? 1 : 0; } @@ -227,38 +222,33 @@ int pkey_gost_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) * */ switch (data->shared_ukm_size) { - case 8: - { - if (key == NULL) { - *keylen = 32; - return 1; - } - EVP_PKEY_get_default_digest_nid(my_key, &dgst_nid); - if (dgst_nid == NID_id_GostR3411_2012_512) - dgst_nid = NID_id_GostR3411_2012_256; - - *keylen = - VKO_compute_key(key, - EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)), - (EC_KEY *)EVP_PKEY_get0(my_key), - data->shared_ukm, 8, dgst_nid); - return (*keylen) ? 1 : 0; + case 8: { + if (key == NULL) { + *keylen = 32; + return 1; } - break; - case 32: - { - if (key == NULL) { - *keylen = 64; - return 1; - } + EVP_PKEY_get_default_digest_nid(my_key, &dgst_nid); + if (dgst_nid == NID_id_GostR3411_2012_512) + dgst_nid = NID_id_GostR3411_2012_256; - *keylen = gost_keg(data->shared_ukm, EVP_PKEY_id(my_key), - EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)), - (EC_KEY *)EVP_PKEY_get0(my_key), key); - return (*keylen) ? 1 : 0; + *keylen = VKO_compute_key( + key, EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)), + (EC_KEY *)EVP_PKEY_get0(my_key), data->shared_ukm, 8, dgst_nid); + return (*keylen) ? 1 : 0; + } break; + case 32: { + if (key == NULL) { + *keylen = 64; + return 1; } - break; + *keylen = gost_keg(data->shared_ukm, EVP_PKEY_id(my_key), + EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)), + (EC_KEY *)EVP_PKEY_get0(my_key), key); + return (*keylen) ? 1 : 0; + } + + break; default: return 0; } @@ -274,17 +264,19 @@ int pkey_gost_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) * Implementation of GOST2001/12 key transport, cryptopro variation */ -static int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, - size_t *out_len, const unsigned char *key, - size_t key_len) +static int +pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len, + const unsigned char *key, size_t key_len) { GOST_KEY_TRANSPORT *gkt = NULL; EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx); struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx); int pkey_nid = EVP_PKEY_base_id(pubk); - ASN1_OBJECT *crypt_params_obj = (pkey_nid == NID_id_GostR3410_2001 || pkey_nid == NID_id_GostR3410_2001DH) ? - OBJ_nid2obj(NID_id_Gost28147_89_CryptoPro_A_ParamSet) : - OBJ_nid2obj(NID_id_tc26_gost_28147_param_Z); + ASN1_OBJECT *crypt_params_obj = + (pkey_nid == NID_id_GostR3410_2001 + || pkey_nid == NID_id_GostR3410_2001DH) + ? OBJ_nid2obj(NID_id_Gost28147_89_CryptoPro_A_ParamSet) + : OBJ_nid2obj(NID_id_tc26_gost_28147_param_Z); const struct gost_cipher_info *param = get_encryption_params(crypt_params_obj); unsigned char ukm[8], shared_key[32], crypted_key[44]; @@ -331,9 +323,9 @@ static int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, if (dgst_nid == NID_id_GostR3411_2012_512) dgst_nid = NID_id_GostR3411_2012_256; - if (!VKO_compute_key(shared_key, - EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)), - EVP_PKEY_get0(sec_key), ukm, 8, dgst_nid)) { + if (!VKO_compute_key( + shared_key, EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)), + EVP_PKEY_get0(sec_key), ukm, 8, dgst_nid)) { GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT, GOST_R_ERROR_COMPUTING_SHARED_KEY); goto err; @@ -351,13 +343,13 @@ static int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) { goto err; } - if (!ASN1_OCTET_STRING_set - (gkt->key_info->encrypted_key, crypted_key + 8, 32)) { + if (!ASN1_OCTET_STRING_set( + gkt->key_info->encrypted_key, crypted_key + 8, 32)) { goto err; } if (key_is_ephemeral) { - if (!X509_PUBKEY_set - (&gkt->key_agreement_info->ephem_key, out ? sec_key : pubk)) { + if (!X509_PUBKEY_set( + &gkt->key_agreement_info->ephem_key, out ? sec_key : pubk)) { GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT, GOST_R_CANNOT_PACK_EPHEMERAL_KEY); goto err; @@ -398,7 +390,7 @@ static int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, OPENSSL_cleanse(shared_key, sizeof(shared_key)); GOST_KEY_TRANSPORT_free(gkt); return ret; - err: +err: OPENSSL_cleanse(shared_key, sizeof(shared_key)); if (key_is_ephemeral) EVP_PKEY_free(sec_key); @@ -410,9 +402,9 @@ static int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, * EVP_PKEY_METHOD callback decrypt * Implementation of GOST2018 key transport */ -static int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, - size_t *out_len, const unsigned char *key, - size_t key_len) +static int +pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len, + const unsigned char *key, size_t key_len) { PSKeyTransport_gost *pst = NULL; EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx); @@ -452,22 +444,21 @@ static int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, } sec_key = EVP_PKEY_CTX_get0_peerkey(pctx); - if (!sec_key) - { - sec_key = EVP_PKEY_new(); - if (sec_key == NULL) { - GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_MALLOC_FAILURE ); - goto err; - } + if (!sec_key) { + sec_key = EVP_PKEY_new(); + if (sec_key == NULL) { + GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_MALLOC_FAILURE); + goto err; + } - if (!EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new()) - || !EVP_PKEY_copy_parameters(sec_key, pubk) - || !gost_ec_keygen(EVP_PKEY_get0(sec_key))) { - GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, - GOST_R_ERROR_COMPUTING_SHARED_KEY); - goto err; - } - key_is_ephemeral = 1; + if (!EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new()) + || !EVP_PKEY_copy_parameters(sec_key, pubk) + || !gost_ec_keygen(EVP_PKEY_get0(sec_key))) { + GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, + GOST_R_ERROR_COMPUTING_SHARED_KEY); + goto err; + } + key_is_ephemeral = 1; } if (data->shared_ukm_size == 0) { @@ -480,15 +471,17 @@ static int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, if (gost_keg(data->shared_ukm, pkey_nid, EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)), - EVP_PKEY_get0(sec_key), expkeys) <= 0) { + EVP_PKEY_get0(sec_key), expkeys) + <= 0) { GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, GOST_R_ERROR_COMPUTING_EXPORT_KEYS); goto err; } - if (gost_kexp15(key, key_len, data->cipher_nid, expkeys + 32, - mac_nid, expkeys + 0, data->shared_ukm + 24, iv_len, - exp_buf, &exp_len) <= 0) { + if (gost_kexp15( + key, key_len, data->cipher_nid, expkeys + 32, mac_nid, expkeys + 0, + data->shared_ukm + 24, iv_len, exp_buf, &exp_len) + <= 0) { GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, GOST_R_CANNOT_PACK_EPHEMERAL_KEY); goto err; } @@ -505,7 +498,8 @@ static int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, goto err; } - if (!ASN1_OCTET_STRING_set(pst->ukm, data->shared_ukm, data->shared_ukm_size)) { + if (!ASN1_OCTET_STRING_set( + pst->ukm, data->shared_ukm, data->shared_ukm_size)) { GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -540,7 +534,7 @@ static int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_ASN1_LIB); } - err: +err: OPENSSL_cleanse(expkeys, sizeof(expkeys)); if (key_is_ephemeral) EVP_PKEY_free(sec_key); @@ -550,33 +544,32 @@ static int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, return ret; } -int pkey_gost_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, - size_t *out_len, const unsigned char *key, size_t key_len) +int pkey_gost_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len, + const unsigned char *key, size_t key_len) { - struct gost_pmeth_data *gctx = EVP_PKEY_CTX_get_data(pctx); - switch (gctx->cipher_nid) - { + struct gost_pmeth_data *gctx = EVP_PKEY_CTX_get_data(pctx); + switch (gctx->cipher_nid) { case NID_id_Gost28147_89: case NID_undef: /* FIXME */ - return pkey_GOST_ECcp_encrypt(pctx, out, out_len, key, key_len); - break; + return pkey_GOST_ECcp_encrypt(pctx, out, out_len, key, key_len); + break; case NID_kuznyechik_ctr: case NID_magma_ctr: - return pkey_gost2018_encrypt(pctx, out, out_len, key, key_len); - break; + return pkey_gost2018_encrypt(pctx, out, out_len, key, key_len); + break; default: - GOSTerr(GOST_F_PKEY_GOST_ENCRYPT, ERR_R_INTERNAL_ERROR); - return -1; - } + GOSTerr(GOST_F_PKEY_GOST_ENCRYPT, ERR_R_INTERNAL_ERROR); + return -1; + } } /* * EVP_PKEY_METHOD callback decrypt * Implementation of GOST2001/12 key transport, cryptopro variation */ -static int pkey_GOST_ECcp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, - size_t *key_len, const unsigned char *in, - size_t in_len) +static int +pkey_GOST_ECcp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len, + const unsigned char *in, size_t in_len) { const unsigned char *p = in; EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx); @@ -635,9 +628,9 @@ static int pkey_GOST_ECcp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, if (dgst_nid == NID_id_GostR3411_2012_512) dgst_nid = NID_id_GostR3411_2012_256; - if (!VKO_compute_key(sharedKey, - EC_KEY_get0_public_key(EVP_PKEY_get0(peerkey)), - EVP_PKEY_get0(priv), wrappedKey, 8, dgst_nid)) { + if (!VKO_compute_key( + sharedKey, EC_KEY_get0_public_key(EVP_PKEY_get0(peerkey)), + EVP_PKEY_get0(priv), wrappedKey, 8, dgst_nid)) { GOSTerr(GOST_F_PKEY_GOST_ECCP_DECRYPT, GOST_R_ERROR_COMPUTING_SHARED_KEY); goto err; @@ -650,7 +643,7 @@ static int pkey_GOST_ECcp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, *key_len = 32; ret = 1; - err: +err: OPENSSL_cleanse(sharedKey, sizeof(sharedKey)); EVP_PKEY_free(eph_key); GOST_KEY_TRANSPORT_free(gkt); @@ -661,9 +654,9 @@ static int pkey_GOST_ECcp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, * EVP_PKEY_METHOD callback decrypt * Implementation of GOST2018 key transport */ -static int pkey_gost2018_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, - size_t *key_len, const unsigned char *in, - size_t in_len) +static int +pkey_gost2018_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len, + const unsigned char *in, size_t in_len) { const unsigned char *p = in; struct gost_pmeth_data *data; @@ -676,11 +669,12 @@ static int pkey_gost2018_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, int mac_nid = NID_undef; int iv_len = 0; - if (!(data = EVP_PKEY_CTX_get_data(pctx)) || - !(priv = EVP_PKEY_CTX_get0_pkey(pctx))) { - GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, GOST_R_ERROR_COMPUTING_EXPORT_KEYS); - ret = 0; - goto err; + if (!(data = EVP_PKEY_CTX_get_data(pctx)) + || !(priv = EVP_PKEY_CTX_get0_pkey(pctx))) { + GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, + GOST_R_ERROR_COMPUTING_EXPORT_KEYS); + ret = 0; + goto err; } pkey_nid = EVP_PKEY_base_id(priv); @@ -707,7 +701,7 @@ static int pkey_gost2018_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, } eph_key = X509_PUBKEY_get(pst->ephem_key); -/* + /* * TODO beldmit 1. Checks the next three conditions fulfilling and terminates the connection with fatal error if not. @@ -719,15 +713,17 @@ static int pkey_gost2018_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, o q * Q_eph is not equal to zero point. */ if (eph_key == NULL) { - GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, - GOST_R_ERROR_COMPUTING_EXPORT_KEYS); - ret = 0; - goto err; + GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, + GOST_R_ERROR_COMPUTING_EXPORT_KEYS); + ret = 0; + goto err; } if (data->shared_ukm_size == 0 && pst->ukm != NULL) { if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_SET_IV, - ASN1_STRING_length(pst->ukm), (void *)ASN1_STRING_get0_data(pst->ukm)) < 0) { + ASN1_STRING_length(pst->ukm), + (void *)ASN1_STRING_get0_data(pst->ukm)) + < 0) { GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, GOST_R_UKM_NOT_SET); goto err; } @@ -735,31 +731,34 @@ static int pkey_gost2018_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, if (gost_keg(data->shared_ukm, pkey_nid, EC_KEY_get0_public_key(EVP_PKEY_get0(eph_key)), - EVP_PKEY_get0(priv), expkeys) <= 0) { + EVP_PKEY_get0(priv), expkeys) + <= 0) { GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, GOST_R_ERROR_COMPUTING_EXPORT_KEYS); goto err; } - if (gost_kimp15(ASN1_STRING_get0_data(pst->psexp), - ASN1_STRING_length(pst->psexp), data->cipher_nid, - expkeys + 32, mac_nid, expkeys + 0, data->shared_ukm + 24, - iv_len, key) <= 0) { - GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, GOST_R_CANNOT_UNPACK_EPHEMERAL_KEY); + if (gost_kimp15( + ASN1_STRING_get0_data(pst->psexp), ASN1_STRING_length(pst->psexp), + data->cipher_nid, expkeys + 32, mac_nid, expkeys + 0, + data->shared_ukm + 24, iv_len, key) + <= 0) { + GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, + GOST_R_CANNOT_UNPACK_EPHEMERAL_KEY); goto err; } *key_len = 32; ret = 1; - err: +err: OPENSSL_cleanse(expkeys, sizeof(expkeys)); EVP_PKEY_free(eph_key); PSKeyTransport_gost_free(pst); return ret; } -int pkey_gost_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, - size_t *key_len, const unsigned char *in, size_t in_len) +int pkey_gost_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len, + const unsigned char *in, size_t in_len) { struct gost_pmeth_data *gctx = EVP_PKEY_CTX_get_data(pctx); @@ -773,17 +772,17 @@ int pkey_gost_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, return 0; } - switch (gctx->cipher_nid) - { - case NID_id_Gost28147_89: - case NID_undef: /* FIXME */ - return pkey_GOST_ECcp_decrypt(pctx, key, key_len, in, in_len); - case NID_kuznyechik_ctr: - case NID_magma_ctr: - return pkey_gost2018_decrypt(pctx, key, key_len, in, in_len); - default: - GOSTerr(GOST_F_PKEY_GOST_DECRYPT, ERR_R_INTERNAL_ERROR); - return -1; + switch (gctx->cipher_nid) { + case NID_id_Gost28147_89: + case NID_undef: /* FIXME */ + return pkey_GOST_ECcp_decrypt(pctx, key, key_len, in, in_len); + case NID_kuznyechik_ctr: + case NID_magma_ctr: + return pkey_gost2018_decrypt(pctx, key, key_len, in, in_len); + default: + GOSTerr(GOST_F_PKEY_GOST_DECRYPT, ERR_R_INTERNAL_ERROR); + return -1; } } + /* vim: set expandtab cinoptions=\:0,l1,t0,g0,(0 sw=4 : */ diff --git a/gost_ec_sign.c b/gost_ec_sign.c index a825dbaba..019885fe5 100644 --- a/gost_ec_sign.c +++ b/gost_ec_sign.c @@ -6,21 +6,21 @@ * Implementation of GOST R 34.10-2001 * * Requires OpenSSL 1.0.0+ for compilation * **********************************************************************/ +#include "e_gost_err.h" #include "gost_lcl.h" -#include -#include + #include #include -#include "e_gost_err.h" +#include +#include #ifdef DEBUG_SIGN -extern -void dump_signature(const char *message, const unsigned char *buffer, - size_t len); +extern void +dump_signature(const char *message, const unsigned char *buffer, size_t len); void dump_dsa_sig(const char *message, ECDSA_SIG *sig); #else -# define dump_signature(a,b,c) -# define dump_dsa_sig(a,b) +# define dump_signature(a, b, c) +# define dump_dsa_sig(a, b) #endif static R3410_ec_params *gost_nid2params(int nid) @@ -65,16 +65,16 @@ void free_cached_groups() /* Search nid in 2012 paramset */ params = R3410_2012_512_paramset; while (params->nid != NID_undef) { - EC_GROUP_free(params->group); - params->group = NULL; + EC_GROUP_free(params->group); + params->group = NULL; params++; } /* Search nid in 2001 paramset */ params = R3410_2001_paramset; while (params->nid != NID_undef) { - EC_GROUP_free(params->group); - params->group = NULL; + EC_GROUP_free(params->group); + params->group = NULL; params++; } } @@ -92,8 +92,8 @@ int fill_GOST_EC_params(EC_KEY *eckey, int nid) R3410_ec_params *params = gost_nid2params(nid); EC_GROUP *grp = NULL; EC_POINT *P = NULL; - BIGNUM *p = NULL, *q = NULL, *a = NULL, *b = NULL, *x = NULL, *y = - NULL, *cofactor = NULL; + BIGNUM *p = NULL, *q = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, + *cofactor = NULL; BN_CTX *ctx = NULL; int ok = 0; @@ -129,8 +129,7 @@ int fill_GOST_EC_params(EC_KEY *eckey, int nid) goto end; } - if (!BN_hex2bn(&p, params->p) - || !BN_hex2bn(&a, params->a) + if (!BN_hex2bn(&p, params->p) || !BN_hex2bn(&a, params->a) || !BN_hex2bn(&b, params->b) || !BN_hex2bn(&cofactor, params->cofactor)) { GOSTerr(GOST_F_FILL_GOST_EC_PARAMS, ERR_R_INTERNAL_ERROR); @@ -149,8 +148,7 @@ int fill_GOST_EC_params(EC_KEY *eckey, int nid) goto end; } - if (!BN_hex2bn(&x, params->x) - || !BN_hex2bn(&y, params->y) + if (!BN_hex2bn(&x, params->x) || !BN_hex2bn(&y, params->y) || !EC_POINT_set_affine_coordinates(grp, P, x, y, ctx) || !BN_hex2bn(&q, params->q)) { GOSTerr(GOST_F_FILL_GOST_EC_PARAMS, ERR_R_INTERNAL_ERROR); @@ -168,7 +166,7 @@ int fill_GOST_EC_params(EC_KEY *eckey, int nid) goto end; } ok = 1; - end: +end: EC_POINT_free(P); BN_CTX_end(ctx); BN_CTX_free(ctx); @@ -187,7 +185,7 @@ ECDSA_SIG *gost_ec_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) const EC_GROUP *group; const BIGNUM *priv_key; BIGNUM *r = NULL, *s = NULL, *X = NULL, *tmp = NULL, *tmp2 = NULL, - *k = NULL, *e = NULL; + *k = NULL, *e = NULL; BIGNUM *new_r = NULL, *new_s = NULL; @@ -273,8 +271,7 @@ ECDSA_SIG *gost_ec_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_INTERNAL_ERROR); goto err; } - } - while (BN_is_zero(r)); + } while (BN_is_zero(r)); /* s = (r*priv_key+k*e) mod order */ if (!tmp) tmp = BN_CTX_get(ctx); @@ -293,8 +290,7 @@ ECDSA_SIG *gost_ec_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_INTERNAL_ERROR); goto err; } - } - while (BN_is_zero(s)); + } while (BN_is_zero(s)); new_s = BN_dup(s); new_r = BN_dup(r); @@ -305,7 +301,7 @@ ECDSA_SIG *gost_ec_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) ECDSA_SIG_set0(newsig, new_r, new_s); ret = newsig; - err: +err: BN_CTX_end(ctx); BN_CTX_free(ctx); if (C) @@ -322,8 +318,8 @@ ECDSA_SIG *gost_ec_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) * Verifies gost ec signature * */ -int gost_ec_verify(const unsigned char *dgst, int dgst_len, - ECDSA_SIG *sig, EC_KEY *ec) +int gost_ec_verify(const unsigned char *dgst, int dgst_len, ECDSA_SIG *sig, + EC_KEY *ec) { BN_CTX *ctx; const EC_GROUP *group = (ec) ? EC_KEY_get0_group(ec) : NULL; @@ -364,9 +360,9 @@ int gost_ec_verify(const unsigned char *dgst, int dgst_len, ECDSA_SIG_get0(sig, &sig_r, &sig_s); - if (BN_is_zero(sig_s) || BN_is_zero(sig_r) || - BN_is_negative(sig_s) || BN_is_negative(sig_r) || - BN_ucmp(sig_s, order) >= 0 || BN_ucmp(sig_r, order) >= 0) { + if (BN_is_zero(sig_s) || BN_is_zero(sig_r) || BN_is_negative(sig_s) + || BN_is_negative(sig_r) || BN_ucmp(sig_s, order) >= 0 + || BN_ucmp(sig_r, order) >= 0) { GOSTerr(GOST_F_GOST_EC_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q); goto err; } @@ -389,8 +385,7 @@ int gost_ec_verify(const unsigned char *dgst, int dgst_len, } v = BN_mod_inverse(v, e, order, ctx); if (!v || !BN_mod_mul(z1, sig_s, v, order, ctx) - || !BN_sub(tmp, order, sig_r) - || !BN_mod_mul(z2, tmp, v, order, ctx)) { + || !BN_sub(tmp, order, sig_r) || !BN_mod_mul(z2, tmp, v, order, ctx)) { GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_INTERNAL_ERROR); goto err; } @@ -431,7 +426,7 @@ int gost_ec_verify(const unsigned char *dgst, int dgst_len, } else { ok = 1; } - err: +err: if (C) EC_POINT_free(C); BN_CTX_end(ctx); @@ -487,7 +482,7 @@ int gost_ec_compute_public(EC_KEY *ec) goto err; } ok = 1; - err: +err: if (pub_key) EC_POINT_free(pub_key); BN_CTX_end(ctx); @@ -505,86 +500,109 @@ int gost_ec_point_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, /* verification */ if (q == NULL) return 0; - switch(EC_GROUP_get_curve_name(group)) { - case NID_id_GostR3410_2001_CryptoPro_A_ParamSet: - case NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet: - case NID_id_tc26_gost_3410_2012_256_paramSetB: - return point_mul_two_id_GostR3410_2001_CryptoPro_A_ParamSet(group, r, n, q, m, ctx); - case NID_id_GostR3410_2001_CryptoPro_B_ParamSet: - case NID_id_tc26_gost_3410_2012_256_paramSetC: - return point_mul_two_id_GostR3410_2001_CryptoPro_B_ParamSet(group, r, n, q, m, ctx); - case NID_id_GostR3410_2001_CryptoPro_C_ParamSet: - case NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet: - case NID_id_tc26_gost_3410_2012_256_paramSetD: - return point_mul_two_id_GostR3410_2001_CryptoPro_C_ParamSet(group, r, n, q, m, ctx); - case NID_id_GostR3410_2001_TestParamSet: - return point_mul_two_id_GostR3410_2001_TestParamSet(group, r, n, q, m, ctx); - case NID_id_tc26_gost_3410_2012_256_paramSetA: - return point_mul_two_id_tc26_gost_3410_2012_256_paramSetA(group, r, n, q, m, ctx); - case NID_id_tc26_gost_3410_2012_512_paramSetA: - return point_mul_two_id_tc26_gost_3410_2012_512_paramSetA(group, r, n, q, m, ctx); - case NID_id_tc26_gost_3410_2012_512_paramSetB: - return point_mul_two_id_tc26_gost_3410_2012_512_paramSetB(group, r, n, q, m, ctx); - case NID_id_tc26_gost_3410_2012_512_paramSetC: - return point_mul_two_id_tc26_gost_3410_2012_512_paramSetC(group, r, n, q, m, ctx); - default: - return EC_POINT_mul(group, r, n, q, m, ctx); + switch (EC_GROUP_get_curve_name(group)) { + case NID_id_GostR3410_2001_CryptoPro_A_ParamSet: + case NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet: + case NID_id_tc26_gost_3410_2012_256_paramSetB: + return point_mul_two_id_GostR3410_2001_CryptoPro_A_ParamSet( + group, r, n, q, m, ctx); + case NID_id_GostR3410_2001_CryptoPro_B_ParamSet: + case NID_id_tc26_gost_3410_2012_256_paramSetC: + return point_mul_two_id_GostR3410_2001_CryptoPro_B_ParamSet( + group, r, n, q, m, ctx); + case NID_id_GostR3410_2001_CryptoPro_C_ParamSet: + case NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet: + case NID_id_tc26_gost_3410_2012_256_paramSetD: + return point_mul_two_id_GostR3410_2001_CryptoPro_C_ParamSet( + group, r, n, q, m, ctx); + case NID_id_GostR3410_2001_TestParamSet: + return point_mul_two_id_GostR3410_2001_TestParamSet( + group, r, n, q, m, ctx); + case NID_id_tc26_gost_3410_2012_256_paramSetA: + return point_mul_two_id_tc26_gost_3410_2012_256_paramSetA( + group, r, n, q, m, ctx); + case NID_id_tc26_gost_3410_2012_512_paramSetA: + return point_mul_two_id_tc26_gost_3410_2012_512_paramSetA( + group, r, n, q, m, ctx); + case NID_id_tc26_gost_3410_2012_512_paramSetB: + return point_mul_two_id_tc26_gost_3410_2012_512_paramSetB( + group, r, n, q, m, ctx); + case NID_id_tc26_gost_3410_2012_512_paramSetC: + return point_mul_two_id_tc26_gost_3410_2012_512_paramSetC( + group, r, n, q, m, ctx); + default: + return EC_POINT_mul(group, r, n, q, m, ctx); } } else if (n != NULL) { /* mul g */ - switch(EC_GROUP_get_curve_name(group)) { - case NID_id_GostR3410_2001_CryptoPro_A_ParamSet: - case NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet: - case NID_id_tc26_gost_3410_2012_256_paramSetB: - return point_mul_g_id_GostR3410_2001_CryptoPro_A_ParamSet(group, r, n, ctx); - case NID_id_GostR3410_2001_CryptoPro_B_ParamSet: - case NID_id_tc26_gost_3410_2012_256_paramSetC: - return point_mul_g_id_GostR3410_2001_CryptoPro_B_ParamSet(group, r, n, ctx); - case NID_id_GostR3410_2001_CryptoPro_C_ParamSet: - case NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet: - case NID_id_tc26_gost_3410_2012_256_paramSetD: - return point_mul_g_id_GostR3410_2001_CryptoPro_C_ParamSet(group, r, n, ctx); - case NID_id_GostR3410_2001_TestParamSet: - return point_mul_g_id_GostR3410_2001_TestParamSet(group, r, n, ctx); - case NID_id_tc26_gost_3410_2012_256_paramSetA: - return point_mul_g_id_tc26_gost_3410_2012_256_paramSetA(group, r, n, ctx); - case NID_id_tc26_gost_3410_2012_512_paramSetA: - return point_mul_g_id_tc26_gost_3410_2012_512_paramSetA(group, r, n, ctx); - case NID_id_tc26_gost_3410_2012_512_paramSetB: - return point_mul_g_id_tc26_gost_3410_2012_512_paramSetB(group, r, n, ctx); - case NID_id_tc26_gost_3410_2012_512_paramSetC: - return point_mul_g_id_tc26_gost_3410_2012_512_paramSetC(group, r, n, ctx); - default: - return EC_POINT_mul(group, r, n, q, m, ctx); + switch (EC_GROUP_get_curve_name(group)) { + case NID_id_GostR3410_2001_CryptoPro_A_ParamSet: + case NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet: + case NID_id_tc26_gost_3410_2012_256_paramSetB: + return point_mul_g_id_GostR3410_2001_CryptoPro_A_ParamSet( + group, r, n, ctx); + case NID_id_GostR3410_2001_CryptoPro_B_ParamSet: + case NID_id_tc26_gost_3410_2012_256_paramSetC: + return point_mul_g_id_GostR3410_2001_CryptoPro_B_ParamSet( + group, r, n, ctx); + case NID_id_GostR3410_2001_CryptoPro_C_ParamSet: + case NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet: + case NID_id_tc26_gost_3410_2012_256_paramSetD: + return point_mul_g_id_GostR3410_2001_CryptoPro_C_ParamSet( + group, r, n, ctx); + case NID_id_GostR3410_2001_TestParamSet: + return point_mul_g_id_GostR3410_2001_TestParamSet(group, r, n, ctx); + case NID_id_tc26_gost_3410_2012_256_paramSetA: + return point_mul_g_id_tc26_gost_3410_2012_256_paramSetA( + group, r, n, ctx); + case NID_id_tc26_gost_3410_2012_512_paramSetA: + return point_mul_g_id_tc26_gost_3410_2012_512_paramSetA( + group, r, n, ctx); + case NID_id_tc26_gost_3410_2012_512_paramSetB: + return point_mul_g_id_tc26_gost_3410_2012_512_paramSetB( + group, r, n, ctx); + case NID_id_tc26_gost_3410_2012_512_paramSetC: + return point_mul_g_id_tc26_gost_3410_2012_512_paramSetC( + group, r, n, ctx); + default: + return EC_POINT_mul(group, r, n, q, m, ctx); } } else if (m != NULL) { if (q == NULL) return 0; /* mul */ - switch(EC_GROUP_get_curve_name(group)) { - case NID_id_GostR3410_2001_CryptoPro_A_ParamSet: - case NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet: - case NID_id_tc26_gost_3410_2012_256_paramSetB: - return point_mul_id_GostR3410_2001_CryptoPro_A_ParamSet(group, r, q, m, ctx); - case NID_id_GostR3410_2001_CryptoPro_B_ParamSet: - case NID_id_tc26_gost_3410_2012_256_paramSetC: - return point_mul_id_GostR3410_2001_CryptoPro_B_ParamSet(group, r, q, m, ctx); - case NID_id_GostR3410_2001_CryptoPro_C_ParamSet: - case NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet: - case NID_id_tc26_gost_3410_2012_256_paramSetD: - return point_mul_id_GostR3410_2001_CryptoPro_C_ParamSet(group, r, q, m, ctx); - case NID_id_GostR3410_2001_TestParamSet: - return point_mul_id_GostR3410_2001_TestParamSet(group, r, q, m, ctx); - case NID_id_tc26_gost_3410_2012_256_paramSetA: - return point_mul_id_tc26_gost_3410_2012_256_paramSetA(group, r, q, m, ctx); - case NID_id_tc26_gost_3410_2012_512_paramSetA: - return point_mul_id_tc26_gost_3410_2012_512_paramSetA(group, r, q, m, ctx); - case NID_id_tc26_gost_3410_2012_512_paramSetB: - return point_mul_id_tc26_gost_3410_2012_512_paramSetB(group, r, q, m, ctx); - case NID_id_tc26_gost_3410_2012_512_paramSetC: - return point_mul_id_tc26_gost_3410_2012_512_paramSetC(group, r, q, m, ctx); - default: - return EC_POINT_mul(group, r, n, q, m, ctx); + switch (EC_GROUP_get_curve_name(group)) { + case NID_id_GostR3410_2001_CryptoPro_A_ParamSet: + case NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet: + case NID_id_tc26_gost_3410_2012_256_paramSetB: + return point_mul_id_GostR3410_2001_CryptoPro_A_ParamSet( + group, r, q, m, ctx); + case NID_id_GostR3410_2001_CryptoPro_B_ParamSet: + case NID_id_tc26_gost_3410_2012_256_paramSetC: + return point_mul_id_GostR3410_2001_CryptoPro_B_ParamSet( + group, r, q, m, ctx); + case NID_id_GostR3410_2001_CryptoPro_C_ParamSet: + case NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet: + case NID_id_tc26_gost_3410_2012_256_paramSetD: + return point_mul_id_GostR3410_2001_CryptoPro_C_ParamSet( + group, r, q, m, ctx); + case NID_id_GostR3410_2001_TestParamSet: + return point_mul_id_GostR3410_2001_TestParamSet( + group, r, q, m, ctx); + case NID_id_tc26_gost_3410_2012_256_paramSetA: + return point_mul_id_tc26_gost_3410_2012_256_paramSetA( + group, r, q, m, ctx); + case NID_id_tc26_gost_3410_2012_512_paramSetA: + return point_mul_id_tc26_gost_3410_2012_512_paramSetA( + group, r, q, m, ctx); + case NID_id_tc26_gost_3410_2012_512_paramSetB: + return point_mul_id_tc26_gost_3410_2012_512_paramSetB( + group, r, q, m, ctx); + case NID_id_tc26_gost_3410_2012_512_paramSetC: + return point_mul_id_tc26_gost_3410_2012_512_paramSetC( + group, r, q, m, ctx); + default: + return EC_POINT_mul(group, r, n, q, m, ctx); } } return 0; @@ -624,8 +642,7 @@ int gost_ec_keygen(EC_KEY *ec) GOSTerr(GOST_F_GOST_EC_KEYGEN, GOST_R_RNG_ERROR); goto end; } - } - while (BN_is_zero(d)); + } while (BN_is_zero(d)); if (!EC_KEY_set_private_key(ec, d)) { GOSTerr(GOST_F_GOST_EC_KEYGEN, ERR_R_INTERNAL_ERROR); @@ -633,7 +650,7 @@ int gost_ec_keygen(EC_KEY *ec) } ok = 1; - end: +end: if (d) BN_free(d); if (order) diff --git a/gost_eng.c b/gost_eng.c index 7ca552372..655102f2a 100644 --- a/gost_eng.c +++ b/gost_eng.c @@ -8,78 +8,66 @@ * This file is distributed under the same license as OpenSSL * * * **********************************************************************/ -#include +#include "e_gost_err.h" +#include "gost-engine.h" +#include "gost_grasshopper_cipher.h" +#include "gost_lcl.h" + #include +#include #include #include -#include #include -#include "e_gost_err.h" -#include "gost_lcl.h" -#include "gost-engine.h" - -#include "gost_grasshopper_cipher.h" +#include -static const char* engine_gost_id = "gost"; +static const char *engine_gost_id = "gost"; -static const char* engine_gost_name = - "Reference implementation of GOST engine"; +static const char *engine_gost_name = "Reference implementation of GOST engine"; const ENGINE_CMD_DEFN gost_cmds[] = { - {GOST_CTRL_CRYPT_PARAMS, - "CRYPT_PARAMS", - "OID of default GOST 28147-89 parameters", - ENGINE_CMD_FLAG_STRING}, - {GOST_CTRL_PBE_PARAMS, - "PBE_PARAMS", - "Shortname of default digest alg for PBE", + {GOST_CTRL_CRYPT_PARAMS, "CRYPT_PARAMS", + "OID of default GOST 28147-89 parameters", ENGINE_CMD_FLAG_STRING}, + {GOST_CTRL_PBE_PARAMS, "PBE_PARAMS", + "Shortname of default digest alg for PBE", ENGINE_CMD_FLAG_STRING}, + {GOST_CTRL_PK_FORMAT, "GOST_PK_FORMAT", "Private key format params", ENGINE_CMD_FLAG_STRING}, - {GOST_CTRL_PK_FORMAT, - "GOST_PK_FORMAT", - "Private key format params", - ENGINE_CMD_FLAG_STRING}, - {0, NULL, NULL, 0} -}; + {0, NULL, NULL, 0}}; /* Symmetric cipher and digest function registrar */ -static int gost_ciphers(ENGINE* e, const EVP_CIPHER** cipher, - const int** nids, int nid); - -static int gost_digests(ENGINE* e, const EVP_MD** digest, - const int** nids, int nid); - -static int gost_pkey_meths(ENGINE* e, EVP_PKEY_METHOD** pmeth, - const int** nids, int nid); +static int +gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); -static int gost_pkey_asn1_meths(ENGINE* e, EVP_PKEY_ASN1_METHOD** ameth, - const int** nids, int nid); +static int +gost_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); -static EVP_PKEY_METHOD* pmeth_GostR3410_2001 = NULL, - * pmeth_GostR3410_2001DH = NULL, - * pmeth_GostR3410_2012_256 = NULL, - * pmeth_GostR3410_2012_512 = NULL, - * pmeth_Gost28147_MAC = NULL, * pmeth_Gost28147_MAC_12 = NULL, - * pmeth_magma_mac = NULL, * pmeth_grasshopper_mac = NULL, - * pmeth_magma_mac_acpkm = NULL, * pmeth_grasshopper_mac_acpkm = NULL; +static int +gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, const int **nids, int nid); -static EVP_PKEY_ASN1_METHOD* ameth_GostR3410_2001 = NULL, - * ameth_GostR3410_2001DH = NULL, - * ameth_GostR3410_2012_256 = NULL, - * ameth_GostR3410_2012_512 = NULL, - * ameth_Gost28147_MAC = NULL, * ameth_Gost28147_MAC_12 = NULL, - * ameth_magma_mac = NULL, * ameth_grasshopper_mac = NULL, - * ameth_magma_mac_acpkm = NULL, * ameth_grasshopper_mac_acpkm = NULL; +static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth, + const int **nids, int nid); + +static EVP_PKEY_METHOD * + pmeth_GostR3410_2001 = NULL, + *pmeth_GostR3410_2001DH = NULL, *pmeth_GostR3410_2012_256 = NULL, + *pmeth_GostR3410_2012_512 = NULL, *pmeth_Gost28147_MAC = NULL, + *pmeth_Gost28147_MAC_12 = NULL, *pmeth_magma_mac = NULL, + *pmeth_grasshopper_mac = NULL, *pmeth_magma_mac_acpkm = NULL, + *pmeth_grasshopper_mac_acpkm = NULL; + +static EVP_PKEY_ASN1_METHOD * + ameth_GostR3410_2001 = NULL, + *ameth_GostR3410_2001DH = NULL, *ameth_GostR3410_2012_256 = NULL, + *ameth_GostR3410_2012_512 = NULL, *ameth_Gost28147_MAC = NULL, + *ameth_Gost28147_MAC_12 = NULL, *ameth_magma_mac = NULL, + *ameth_grasshopper_mac = NULL, *ameth_magma_mac_acpkm = NULL, + *ameth_grasshopper_mac_acpkm = NULL; GOST_digest *gost_digest_array[] = { - &GostR3411_94_digest, - &Gost28147_89_MAC_digest, - &GostR3411_2012_256_digest, - &GostR3411_2012_512_digest, - &Gost28147_89_mac_12_digest, - &magma_mac_digest, - &grasshopper_mac_digest, - &kuznyechik_ctracpkm_omac_digest, + &GostR3411_94_digest, &Gost28147_89_MAC_digest, + &GostR3411_2012_256_digest, &GostR3411_2012_512_digest, + &Gost28147_89_mac_12_digest, &magma_mac_digest, + &grasshopper_mac_digest, &kuznyechik_ctracpkm_omac_digest, }; GOST_cipher *gost_cipher_array[] = { @@ -182,11 +170,11 @@ static struct gost_meth_minfo { "ID-TC26-CIPHER-GOSTR3412-2015-KUZNYECHIK-CTRACPKM-OMAC", "GOST R 34.13-2015 Grasshopper MAC ACPKM", }, - { 0 }, + {0}, }; #ifndef OSSL_NELEM -# define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0])) +# define OSSL_NELEM(x) (sizeof(x) / sizeof((x)[0])) #endif static int known_digest_nids[OSSL_NELEM(gost_digest_array)]; @@ -195,8 +183,8 @@ static int known_cipher_nids[OSSL_NELEM(gost_cipher_array)]; static int known_meths_nids[OSSL_NELEM(gost_meth_array) - 1]; /* ENGINE_DIGESTS_PTR callback installed by ENGINE_set_digests */ -static int gost_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid) +static int +gost_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid) { int i; @@ -219,8 +207,8 @@ static int gost_digests(ENGINE *e, const EVP_MD **digest, } /* ENGINE_CIPHERS_PTR callback installed by ENGINE_set_ciphers */ -static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) +static int +gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid) { int i; @@ -254,8 +242,8 @@ static int gost_meth_nids(const int **nids) } /* ENGINE_PKEY_METHS_PTR installed by ENGINE_set_pkey_meths */ -static int gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, - const int **nids, int nid) +static int +gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, const int **nids, int nid) { struct gost_meth_minfo *info; @@ -289,17 +277,20 @@ static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth, return 0; } -static int gost_engine_init(ENGINE* e) { +static int gost_engine_init(ENGINE *e) +{ return 1; } -static int gost_engine_finish(ENGINE* e) { +static int gost_engine_finish(ENGINE *e) +{ return 1; } static void free_NIDs(); -static int gost_engine_destroy(ENGINE* e) { +static int gost_engine_destroy(ENGINE *e) +{ int i; for (i = 0; i < OSSL_NELEM(gost_digest_array); i++) @@ -318,9 +309,9 @@ static int gost_engine_destroy(ENGINE* e) { free_cached_groups(); free_NIDs(); -# ifndef BUILDING_GOST_PROVIDER +#ifndef BUILDING_GOST_PROVIDER ERR_unload_GOST_strings(); -# endif +#endif return 1; } @@ -335,7 +326,8 @@ static GOST_NID_JOB *missing_NIDs[] = { &magma_mgm_NID, }; -static int create_NIDs() { +static int create_NIDs() +{ int i; int new_nid = OBJ_new_nid(OSSL_NELEM(missing_NIDs)); for (i = 0; i < OSSL_NELEM(missing_NIDs); i++) { @@ -352,17 +344,20 @@ static int create_NIDs() { return 1; } -static void free_NIDs() { +static void free_NIDs() +{ int i; for (i = 0; i < OSSL_NELEM(missing_NIDs); i++) { ASN1_OBJECT_free(missing_NIDs[i]->asn1); } } -# ifndef BUILDING_GOST_PROVIDER +#ifndef BUILDING_GOST_PROVIDER static -# endif -int populate_gost_engine(ENGINE* e) { +#endif + int + populate_gost_engine(ENGINE *e) +{ int ret = 0; if (e == NULL) @@ -418,29 +413,28 @@ int populate_gost_engine(ENGINE* e) { */ struct gost_meth_minfo *minfo = gost_meth_array; for (; minfo->nid; minfo++) { - /* This skip looks temporary. */ if (minfo->nid == NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac) continue; - if (!register_ameth_gost(minfo->nid, minfo->ameth, minfo->pemstr, - minfo->info)) + if (!register_ameth_gost( + minfo->nid, minfo->ameth, minfo->pemstr, minfo->info)) goto end; if (!register_pmeth_gost(minfo->nid, minfo->pmeth, 0)) goto end; } ret = 1; - end: +end: return ret; } #ifndef BUILDING_GOST_PROVIDER -static int bind_gost_engine(ENGINE* e) { +static int bind_gost_engine(ENGINE *e) +{ int ret = 0; - if (!ENGINE_register_ciphers(e) - || !ENGINE_register_digests(e) + if (!ENGINE_register_ciphers(e) || !ENGINE_register_digests(e) || !ENGINE_register_pkey_meths(e)) goto end; @@ -459,11 +453,11 @@ static int bind_gost_engine(ENGINE* e) { ERR_load_GOST_strings(); ret = 1; - end: +end: return ret; } -static int check_gost_engine(ENGINE* e, const char* id) +static int check_gost_engine(ENGINE *e, const char *id) { if (id != NULL && strcmp(id, engine_gost_id) != 0) return 0; @@ -474,14 +468,13 @@ static int check_gost_engine(ENGINE* e, const char* id) return 1; } -static int make_gost_engine(ENGINE* e, const char* id) +static int make_gost_engine(ENGINE *e, const char *id) { - return check_gost_engine(e, id) - && populate_gost_engine(e) - && bind_gost_engine(e); + return check_gost_engine(e, id) && populate_gost_engine(e) + && bind_gost_engine(e); } -#ifndef BUILDING_ENGINE_AS_LIBRARY +# ifndef BUILDING_ENGINE_AS_LIBRARY /* * When building gost-engine as a dynamically loadable module, these two @@ -492,15 +485,16 @@ static int make_gost_engine(ENGINE* e, const char* id) IMPLEMENT_DYNAMIC_BIND_FN(make_gost_engine) IMPLEMENT_DYNAMIC_CHECK_FN() -#else +# else /* * When building gost-engine as a shared library, the application that uses * it must manually call ENGINE_load_gost() for it to bind itself into the * libcrypto libraries. */ -void ENGINE_load_gost(void) { - ENGINE* toadd; +void ENGINE_load_gost(void) +{ + ENGINE *toadd; int ret = 0; if ((toadd = ENGINE_new()) != NULL @@ -510,6 +504,6 @@ void ENGINE_load_gost(void) { if (ret > 0) ERR_clear_error(); } -#endif +# endif #endif /* vim: set expandtab cinoptions=\:0,l1,t0,g0,(0 sw=4 : */ diff --git a/gost_gost2015.c b/gost_gost2015.c index 7d207d02a..baa6f8bff 100644 --- a/gost_gost2015.c +++ b/gost_gost2015.c @@ -4,20 +4,21 @@ * Contents licensed under the terms of the OpenSSL license * See https://www.openssl.org/source/license.html for details */ -#include "gost_lcl.h" #include "gost_gost2015.h" + +#include "e_gost_err.h" #include "gost_grasshopper_defines.h" #include "gost_grasshopper_math.h" -#include "e_gost_err.h" -#include +#include "gost_lcl.h" + #include +#include -int gost2015_final_call(EVP_CIPHER_CTX *ctx, EVP_MD_CTX *omac_ctx, size_t mac_size, +int gost2015_final_call( + EVP_CIPHER_CTX *ctx, EVP_MD_CTX *omac_ctx, size_t mac_size, unsigned char *encrypted_mac, - int (*do_cipher) (EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl)) + int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl)) { unsigned char calculated_mac[KUZNYECHIK_MAC_MAX_SIZE]; memset(calculated_mac, 0, KUZNYECHIK_MAC_MAX_SIZE); @@ -48,9 +49,11 @@ int gost2015_final_call(EVP_CIPHER_CTX *ctx, EVP_MD_CTX *omac_ctx, size_t mac_si * UKM = iv|kdf_seed * */ #define MAX_GOST2015_UKM_SIZE 16 -#define KDF_SEED_SIZE 8 -int gost2015_get_asn1_params(const ASN1_TYPE *params, size_t ukm_size, - unsigned char *iv, size_t ukm_offset, unsigned char *kdf_seed) +#define KDF_SEED_SIZE 8 + +int gost2015_get_asn1_params( + const ASN1_TYPE *params, size_t ukm_size, unsigned char *iv, + size_t ukm_offset, unsigned char *kdf_seed) { int iv_len = 16; GOST2015_CIPHER_PARAMS *gcp = NULL; @@ -67,7 +70,8 @@ int gost2015_get_asn1_params(const ASN1_TYPE *params, size_t ukm_size, p = params->value.sequence->data; /* Извлекаем структуру параметров */ - gcp = d2i_GOST2015_CIPHER_PARAMS(NULL, (const unsigned char **)&p, params->value.sequence->length); + gcp = d2i_GOST2015_CIPHER_PARAMS( + NULL, (const unsigned char **)&p, params->value.sequence->length); if (gcp == NULL) { GOSTerr(GOST_F_GOST2015_GET_ASN1_PARAMS, GOST_R_INVALID_CIPHER_PARAMS); return 0; @@ -81,14 +85,14 @@ int gost2015_get_asn1_params(const ASN1_TYPE *params, size_t ukm_size, } memcpy(iv, gcp->ukm->data, ukm_offset); - memcpy(kdf_seed, gcp->ukm->data+ukm_offset, KDF_SEED_SIZE); + memcpy(kdf_seed, gcp->ukm->data + ukm_offset, KDF_SEED_SIZE); GOST2015_CIPHER_PARAMS_free(gcp); return 1; } -int gost2015_set_asn1_params(ASN1_TYPE *params, - const unsigned char *iv, size_t iv_size, const unsigned char *kdf_seed) +int gost2015_set_asn1_params(ASN1_TYPE *params, const unsigned char *iv, + size_t iv_size, const unsigned char *kdf_seed) { GOST2015_CIPHER_PARAMS *gcp = GOST2015_CIPHER_PARAMS_new(); int ret = 0, len = 0; @@ -103,7 +107,7 @@ int gost2015_set_asn1_params(ASN1_TYPE *params, } memcpy(ukm_buf, iv, iv_size); - memcpy(ukm_buf+iv_size, kdf_seed, KDF_SEED_SIZE); + memcpy(ukm_buf + iv_size, kdf_seed, KDF_SEED_SIZE); if (ASN1_STRING_set(gcp->ukm, ukm_buf, iv_size + KDF_SEED_SIZE) == 0) { GOSTerr(GOST_F_GOST2015_SET_ASN1_PARAMS, ERR_R_MALLOC_FAILURE); @@ -112,11 +116,10 @@ int gost2015_set_asn1_params(ASN1_TYPE *params, len = i2d_GOST2015_CIPHER_PARAMS(gcp, &buf); - if (len <= 0 - || (os = ASN1_OCTET_STRING_new()) == NULL - || ASN1_OCTET_STRING_set(os, buf, len) == 0) { + if (len <= 0 || (os = ASN1_OCTET_STRING_new()) == NULL + || ASN1_OCTET_STRING_set(os, buf, len) == 0) { goto end; - } + } ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os); ret = 1; @@ -131,12 +134,12 @@ int gost2015_set_asn1_params(ASN1_TYPE *params, } int gost2015_process_unprotected_attributes( - STACK_OF(X509_ATTRIBUTE) *attrs, - int encryption, size_t mac_len, unsigned char *final_tag) + STACK_OF(X509_ATTRIBUTE) * attrs, int encryption, size_t mac_len, + unsigned char *final_tag) { if (encryption == 0) /*Decrypting*/ { - ASN1_OCTET_STRING *osExpectedMac = X509at_get0_data_by_OBJ(attrs, - OBJ_txt2obj(OID_GOST_CMS_MAC, 1), -3, V_ASN1_OCTET_STRING); + ASN1_OCTET_STRING *osExpectedMac = X509at_get0_data_by_OBJ( + attrs, OBJ_txt2obj(OID_GOST_CMS_MAC, 1), -3, V_ASN1_OCTET_STRING); if (!osExpectedMac || osExpectedMac->length != (int)mac_len) return -1; @@ -145,17 +148,19 @@ int gost2015_process_unprotected_attributes( } else { if (attrs == NULL) return -1; - return (X509at_add1_attr_by_OBJ(&attrs, - OBJ_txt2obj(OID_GOST_CMS_MAC, 1), - V_ASN1_OCTET_STRING, final_tag, - mac_len) == NULL) ? -1 : 1; + return (X509at_add1_attr_by_OBJ( + &attrs, OBJ_txt2obj(OID_GOST_CMS_MAC, 1), + V_ASN1_OCTET_STRING, final_tag, mac_len) + == NULL) + ? -1 + : 1; } return 1; } -int gost2015_acpkm_omac_init(int nid, int enc, const unsigned char *inkey, - EVP_MD_CTX *omac_ctx, - unsigned char *outkey, unsigned char *kdf_seed) +int gost2015_acpkm_omac_init( + int nid, int enc, const unsigned char *inkey, EVP_MD_CTX *omac_ctx, + unsigned char *outkey, unsigned char *kdf_seed) { int ret = 0; unsigned char keys[64]; @@ -170,17 +175,19 @@ int gost2015_acpkm_omac_init(int nid, int enc, const unsigned char *inkey, return 0; } - if (gost_kdftree2012_256(keys, 64, inkey, 32, - (const unsigned char *)"kdf tree", 8, kdf_seed, 8, 1) <= 0) + if (gost_kdftree2012_256( + keys, 64, inkey, 32, (const unsigned char *)"kdf tree", 8, kdf_seed, + 8, 1) + <= 0) return 0; - mac_key = EVP_PKEY_new_mac_key(nid, NULL, keys+32, 32); + mac_key = EVP_PKEY_new_mac_key(nid, NULL, keys + 32, 32); if (mac_key == NULL) goto end; - if (EVP_DigestInit_ex(omac_ctx, md, NULL) <= 0 || - EVP_DigestSignInit(omac_ctx, NULL, md, NULL, mac_key) <= 0) + if (EVP_DigestInit_ex(omac_ctx, md, NULL) <= 0 + || EVP_DigestSignInit(omac_ctx, NULL, md, NULL, mac_key) <= 0) goto end; memcpy(outkey, keys, 32); @@ -204,7 +211,8 @@ int init_zero_kdf_seed(unsigned char *kdf_seed) return is_zero_kdfseed ? RAND_bytes(kdf_seed, 8) : 1; } -void gost_mgm128_init(mgm128_context *ctx, void *key, block128_f block, mul128_f mul_gf, int blen) +void gost_mgm128_init(mgm128_context *ctx, void *key, block128_f block, + mul128_f mul_gf, int blen) { memset(ctx, 0, sizeof(*ctx)); ctx->block = block; @@ -217,11 +225,10 @@ void gost_mgm128_init(mgm128_context *ctx, void *key, block128_f block, mul128_f */ } -int gost_mgm128_setiv(mgm128_context *ctx, const unsigned char *iv, - size_t len) +int gost_mgm128_setiv(mgm128_context *ctx, const unsigned char *iv, size_t len) { - ctx->len.u[0] = 0; /* AAD length */ - ctx->len.u[1] = 0; /* message length */ + ctx->len.u[0] = 0; /* AAD length */ + ctx->len.u[1] = 0; /* message length */ ctx->ares = 0; ctx->mres = 0; @@ -231,12 +238,11 @@ int gost_mgm128_setiv(mgm128_context *ctx, const unsigned char *iv, ctx->sum.u[1] = 0; memcpy(ctx->nonce.c, iv, ctx->blocklen); - ctx->nonce.c[0] &= 0x7f; /* IV - random vector, but 1st bit should be 0 */ + ctx->nonce.c[0] &= 0x7f; /* IV - random vector, but 1st bit should be 0 */ return 1; } -int gost_mgm128_aad(mgm128_context *ctx, const unsigned char *aad, - size_t len) +int gost_mgm128_aad(mgm128_context *ctx, const unsigned char *aad, size_t len) { size_t i; unsigned int n; @@ -247,23 +253,22 @@ int gost_mgm128_aad(mgm128_context *ctx, const unsigned char *aad, int bl = ctx->blocklen; if (ctx->len.u[1]) { - GOSTerr(GOST_F_GOST_MGM128_AAD, - GOST_R_BAD_ORDER); + GOSTerr(GOST_F_GOST_MGM128_AAD, GOST_R_BAD_ORDER); return -2; } if (alen == 0) { ctx->nonce.c[0] |= 0x80; - (*block) (ctx->nonce.c, ctx->Zi.c, key); // Z_1 = E_K(1 || nonce) + (*block)(ctx->nonce.c, ctx->Zi.c, key); // Z_1 = E_K(1 || nonce) } alen += len; - if (alen > ((ossl_uintmax_t)(1) << (bl * 4 - 3)) || // < 2^(n/2) (len stores in bytes) + if (alen > ((ossl_uintmax_t)(1) << (bl * 4 - 3)) + || // < 2^(n/2) (len stores in bytes) (sizeof(len) == 8 && alen < len)) { - GOSTerr(GOST_F_GOST_MGM128_AAD, - GOST_R_DATA_TOO_LARGE); - return -1; - } + GOSTerr(GOST_F_GOST_MGM128_AAD, GOST_R_DATA_TOO_LARGE); + return -1; + } ctx->len.u[0] = alen; n = ctx->ares; @@ -275,22 +280,24 @@ int gost_mgm128_aad(mgm128_context *ctx, const unsigned char *aad, n = (n + 1) % bl; } if (n == 0) { - (*block) (ctx->Zi.c, ctx->Hi.c, key); // H_i = E_K(Z_i) - mul_gf(ctx->mul.u, ctx->Hi.u, ctx->ACi.u); // H_i (x) A_i - grasshopper_plus128((grasshopper_w128_t*)ctx->sum.u, // acc XOR - (grasshopper_w128_t*)ctx->sum.u, (grasshopper_w128_t*)ctx->mul.u); - inc_counter(ctx->Zi.c, bl / 2); // Z_{i+1} = incr_l(Z_i) + (*block)(ctx->Zi.c, ctx->Hi.c, key); // H_i = E_K(Z_i) + mul_gf(ctx->mul.u, ctx->Hi.u, ctx->ACi.u); // H_i (x) A_i + grasshopper_plus128((grasshopper_w128_t *)ctx->sum.u, // acc XOR + (grasshopper_w128_t *)ctx->sum.u, + (grasshopper_w128_t *)ctx->mul.u); + inc_counter(ctx->Zi.c, bl / 2); // Z_{i+1} = incr_l(Z_i) } else { ctx->ares = n; return 0; } } while (len >= bl) { - (*block) (ctx->Zi.c, ctx->Hi.c, key); // H_i = E_K(Z_i) - mul_gf(ctx->mul.u, ctx->Hi.u, (uint64_t *)aad); // H_i (x) A_i - grasshopper_plus128((grasshopper_w128_t*)ctx->sum.u, // acc XOR - (grasshopper_w128_t*)ctx->sum.u, (grasshopper_w128_t*)ctx->mul.u); - inc_counter(ctx->Zi.c, bl / 2); // Z_{i+1} = incr_l(Z_i) + (*block)(ctx->Zi.c, ctx->Hi.c, key); // H_i = E_K(Z_i) + mul_gf(ctx->mul.u, ctx->Hi.u, (uint64_t *)aad); // H_i (x) A_i + grasshopper_plus128( + (grasshopper_w128_t *)ctx->sum.u, // acc XOR + (grasshopper_w128_t *)ctx->sum.u, (grasshopper_w128_t *)ctx->mul.u); + inc_counter(ctx->Zi.c, bl / 2); // Z_{i+1} = incr_l(Z_i) aad += bl; len -= bl; } @@ -305,7 +312,7 @@ int gost_mgm128_aad(mgm128_context *ctx, const unsigned char *aad, } int gost_mgm128_encrypt(mgm128_context *ctx, const unsigned char *in, - unsigned char *out, size_t len) + unsigned char *out, size_t len) { size_t i; unsigned int n, mres; @@ -319,21 +326,21 @@ int gost_mgm128_encrypt(mgm128_context *ctx, const unsigned char *in, if (mlen == 0) { if (alen == 0) { ctx->nonce.c[0] |= 0x80; - (*block) (ctx->nonce.c, ctx->Zi.c, key); // Z_1 = E_K(1 || nonce) + (*block)(ctx->nonce.c, ctx->Zi.c, key); // Z_1 = E_K(1 || nonce) } ctx->nonce.c[0] &= 0x7f; - (*block) (ctx->nonce.c, ctx->Yi.c, key); // Y_1 = E_K(0 || nonce) + (*block)(ctx->nonce.c, ctx->Yi.c, key); // Y_1 = E_K(0 || nonce) } mlen += len; - if (mlen > ((ossl_uintmax_t)(1) << (bl * 4 - 3)) || // < 2^(n/2) (len stores in bytes) - (sizeof(len) == 8 && mlen < len) || - (mlen + alen) > ((ossl_uintmax_t)(1) << (bl * 4 - 3))) { - GOSTerr(GOST_F_GOST_MGM128_ENCRYPT, - GOST_R_DATA_TOO_LARGE); - return -1; - } + if (mlen > ((ossl_uintmax_t)(1) << (bl * 4 - 3)) + || // < 2^(n/2) (len stores in bytes) + (sizeof(len) == 8 && mlen < len) + || (mlen + alen) > ((ossl_uintmax_t)(1) << (bl * 4 - 3))) { + GOSTerr(GOST_F_GOST_MGM128_ENCRYPT, GOST_R_DATA_TOO_LARGE); + return -1; + } ctx->len.u[1] = mlen; mres = ctx->mres; @@ -341,11 +348,12 @@ int gost_mgm128_encrypt(mgm128_context *ctx, const unsigned char *in, if (ctx->ares) { /* First call to encrypt finalizes AAD */ memset(ctx->ACi.c + ctx->ares, 0, bl - ctx->ares); - (*block) (ctx->Zi.c, ctx->Hi.c, key); // H_i = E_K(Z_i) - mul_gf(ctx->mul.u, ctx->Hi.u, ctx->ACi.u); // H_i (x) A_i - grasshopper_plus128((grasshopper_w128_t*)ctx->sum.u, // acc XOR - (grasshopper_w128_t*)ctx->sum.u, (grasshopper_w128_t*)ctx->mul.u); - inc_counter(ctx->Zi.c, bl / 2); // Z_{i+1} = incr_l(Z_i) + (*block)(ctx->Zi.c, ctx->Hi.c, key); // H_i = E_K(Z_i) + mul_gf(ctx->mul.u, ctx->Hi.u, ctx->ACi.u); // H_i (x) A_i + grasshopper_plus128( + (grasshopper_w128_t *)ctx->sum.u, // acc XOR + (grasshopper_w128_t *)ctx->sum.u, (grasshopper_w128_t *)ctx->mul.u); + inc_counter(ctx->Zi.c, bl / 2); // Z_{i+1} = incr_l(Z_i) ctx->ares = 0; } @@ -354,17 +362,19 @@ int gost_mgm128_encrypt(mgm128_context *ctx, const unsigned char *in, // TODO: replace with full blocks processing for (i = 0; i < len; ++i) { if (n == 0) { - (*block) (ctx->Yi.c, ctx->EKi.c, key); // E_K(Y_i) - inc_counter(ctx->Yi.c + bl / 2, bl / 2); // Y_i = incr_r(Y_{i-1}) + (*block)(ctx->Yi.c, ctx->EKi.c, key); // E_K(Y_i) + inc_counter(ctx->Yi.c + bl / 2, bl / 2); // Y_i = incr_r(Y_{i-1}) } - ctx->ACi.c[n] = out[i] = in[i] ^ ctx->EKi.c[n]; // C_i = P_i (xor) E_K(Y_i) + ctx->ACi.c[n] = out[i] = + in[i] ^ ctx->EKi.c[n]; // C_i = P_i (xor) E_K(Y_i) mres = n = (n + 1) % bl; if (n == 0) { - (*block) (ctx->Zi.c, ctx->Hi.c, key); // H_i = E_K(Z_i) - mul_gf(ctx->mul.u, ctx->Hi.u, ctx->ACi.u); // H_i (x) C_i - grasshopper_plus128((grasshopper_w128_t*)ctx->sum.u, // acc XOR - (grasshopper_w128_t*)ctx->sum.u, (grasshopper_w128_t*)ctx->mul.u); - inc_counter(ctx->Zi.c, bl / 2); // Z_{i+1} = incr_l(Z_i) + (*block)(ctx->Zi.c, ctx->Hi.c, key); // H_i = E_K(Z_i) + mul_gf(ctx->mul.u, ctx->Hi.u, ctx->ACi.u); // H_i (x) C_i + grasshopper_plus128((grasshopper_w128_t *)ctx->sum.u, // acc XOR + (grasshopper_w128_t *)ctx->sum.u, + (grasshopper_w128_t *)ctx->mul.u); + inc_counter(ctx->Zi.c, bl / 2); // Z_{i+1} = incr_l(Z_i) } } @@ -373,7 +383,7 @@ int gost_mgm128_encrypt(mgm128_context *ctx, const unsigned char *in, } int gost_mgm128_decrypt(mgm128_context *ctx, const unsigned char *in, - unsigned char *out, size_t len) + unsigned char *out, size_t len) { size_t i; unsigned int n, mres; @@ -386,17 +396,17 @@ int gost_mgm128_decrypt(mgm128_context *ctx, const unsigned char *in, if (mlen == 0) { ctx->nonce.c[0] &= 0x7f; - (*block) (ctx->nonce.c, ctx->Yi.c, key); // Y_1 = E_K(0 || nonce) + (*block)(ctx->nonce.c, ctx->Yi.c, key); // Y_1 = E_K(0 || nonce) } mlen += len; - if (mlen > ((ossl_uintmax_t)(1) << (bl * 4 - 3)) || // < 2^(n/2) (len stores in bytes) - (sizeof(len) == 8 && mlen < len) || - (mlen + alen) > ((ossl_uintmax_t)(1) << (bl * 4 - 3))) { - GOSTerr(GOST_F_GOST_MGM128_DECRYPT, - GOST_R_DATA_TOO_LARGE); - return -1; - } + if (mlen > ((ossl_uintmax_t)(1) << (bl * 4 - 3)) + || // < 2^(n/2) (len stores in bytes) + (sizeof(len) == 8 && mlen < len) + || (mlen + alen) > ((ossl_uintmax_t)(1) << (bl * 4 - 3))) { + GOSTerr(GOST_F_GOST_MGM128_DECRYPT, GOST_R_DATA_TOO_LARGE); + return -1; + } ctx->len.u[1] = mlen; mres = ctx->mres; @@ -404,11 +414,12 @@ int gost_mgm128_decrypt(mgm128_context *ctx, const unsigned char *in, if (ctx->ares) { /* First call to encrypt finalizes AAD */ memset(ctx->ACi.c + ctx->ares, 0, bl - ctx->ares); - (*block) (ctx->Zi.c, ctx->Hi.c, key); // H_i = E_K(Z_i) - mul_gf(ctx->mul.u, ctx->Hi.u, ctx->ACi.u); // H_i (x) A_i - grasshopper_plus128((grasshopper_w128_t*)ctx->sum.u, // acc XOR - (grasshopper_w128_t*)ctx->sum.u, (grasshopper_w128_t*)ctx->mul.u); - inc_counter(ctx->Zi.c, bl / 2); // Z_{i+1} = incr_l(Z_i) + (*block)(ctx->Zi.c, ctx->Hi.c, key); // H_i = E_K(Z_i) + mul_gf(ctx->mul.u, ctx->Hi.u, ctx->ACi.u); // H_i (x) A_i + grasshopper_plus128( + (grasshopper_w128_t *)ctx->sum.u, // acc XOR + (grasshopper_w128_t *)ctx->sum.u, (grasshopper_w128_t *)ctx->mul.u); + inc_counter(ctx->Zi.c, bl / 2); // Z_{i+1} = incr_l(Z_i) ctx->ares = 0; } @@ -418,18 +429,19 @@ int gost_mgm128_decrypt(mgm128_context *ctx, const unsigned char *in, for (i = 0; i < len; ++i) { uint8_t c; if (n == 0) { - (*block) (ctx->Yi.c, ctx->EKi.c, key); // E_K(Y_i) - inc_counter(ctx->Yi.c + bl / 2, bl / 2); // Y_i = incr_r(Y_{i-1}) + (*block)(ctx->Yi.c, ctx->EKi.c, key); // E_K(Y_i) + inc_counter(ctx->Yi.c + bl / 2, bl / 2); // Y_i = incr_r(Y_{i-1}) } ctx->ACi.c[n] = c = in[i]; - out[i] = c ^ ctx->EKi.c[n]; // P_i = C_i (xor) E_K(Y_i) + out[i] = c ^ ctx->EKi.c[n]; // P_i = C_i (xor) E_K(Y_i) mres = n = (n + 1) % bl; if (n == 0) { - (*block) (ctx->Zi.c, ctx->Hi.c, key); // H_i = E_K(Z_i) - mul_gf(ctx->mul.u, ctx->Hi.u, ctx->ACi.u); // H_i (x) C_i - grasshopper_plus128((grasshopper_w128_t*)ctx->sum.u, // acc XOR - (grasshopper_w128_t*)ctx->sum.u, (grasshopper_w128_t*)ctx->mul.u); - inc_counter(ctx->Zi.c, bl / 2); // Z_{i+1} = incr_l(Z_i) + (*block)(ctx->Zi.c, ctx->Hi.c, key); // H_i = E_K(Z_i) + mul_gf(ctx->mul.u, ctx->Hi.u, ctx->ACi.u); // H_i (x) C_i + grasshopper_plus128((grasshopper_w128_t *)ctx->sum.u, // acc XOR + (grasshopper_w128_t *)ctx->sum.u, + (grasshopper_w128_t *)ctx->mul.u); + inc_counter(ctx->Zi.c, bl / 2); // Z_{i+1} = incr_l(Z_i) } } @@ -437,8 +449,7 @@ int gost_mgm128_decrypt(mgm128_context *ctx, const unsigned char *in, return 0; } -int gost_mgm128_finish(mgm128_context *ctx, const unsigned char *tag, - size_t len) +int gost_mgm128_finish(mgm128_context *ctx, const unsigned char *tag, size_t len) { uint64_t alen = ctx->len.u[0] << 3; uint64_t clen = ctx->len.u[1] << 3; @@ -449,12 +460,14 @@ int gost_mgm128_finish(mgm128_context *ctx, const unsigned char *tag, if (ctx->mres || ctx->ares) { /* First call to encrypt finalizes AAD/ENC */ - memset(ctx->ACi.c + ctx->ares + ctx->mres, 0, bl - (ctx->ares + ctx->mres)); - (*block) (ctx->Zi.c, ctx->Hi.c, key); // H_i = E_K(Z_i) - mul_gf(ctx->mul.u, ctx->Hi.u, ctx->ACi.u); // H_i (x) [A_i or C_i] - grasshopper_plus128((grasshopper_w128_t*)ctx->sum.u, // acc XOR - (grasshopper_w128_t*)ctx->sum.u, (grasshopper_w128_t*)ctx->mul.u); - inc_counter(ctx->Zi.c, bl / 2); // Z_{i+1} = incr_l(Z_i) + memset(ctx->ACi.c + ctx->ares + ctx->mres, 0, + bl - (ctx->ares + ctx->mres)); + (*block)(ctx->Zi.c, ctx->Hi.c, key); // H_i = E_K(Z_i) + mul_gf(ctx->mul.u, ctx->Hi.u, ctx->ACi.u); // H_i (x) [A_i or C_i] + grasshopper_plus128( + (grasshopper_w128_t *)ctx->sum.u, // acc XOR + (grasshopper_w128_t *)ctx->sum.u, (grasshopper_w128_t *)ctx->mul.u); + inc_counter(ctx->Zi.c, bl / 2); // Z_{i+1} = incr_l(Z_i) } #ifdef L_ENDIAN @@ -470,14 +483,15 @@ int gost_mgm128_finish(mgm128_context *ctx, const unsigned char *tag, ctx->len.u[1] = 0; } - (*block) (ctx->Zi.c, ctx->Hi.c, key); // H_i = E_K(Z_i) - mul_gf(ctx->mul.u, ctx->Hi.u, ctx->len.u); // H_i (x) (len(A) || len(C)) - grasshopper_plus128((grasshopper_w128_t*)ctx->sum.u, // acc XOR - (grasshopper_w128_t*)ctx->sum.u, (grasshopper_w128_t*)ctx->mul.u); - (*block) (ctx->sum.c, ctx->tag.c, key); // E_K(sum) + (*block)(ctx->Zi.c, ctx->Hi.c, key); // H_i = E_K(Z_i) + mul_gf(ctx->mul.u, ctx->Hi.u, ctx->len.u); // H_i (x) (len(A) || len(C)) + grasshopper_plus128( + (grasshopper_w128_t *)ctx->sum.u, // acc XOR + (grasshopper_w128_t *)ctx->sum.u, (grasshopper_w128_t *)ctx->mul.u); + (*block)(ctx->sum.c, ctx->tag.c, key); // E_K(sum) if (tag && len <= sizeof(ctx->tag)) - return CRYPTO_memcmp(ctx->tag.c, tag, len); // MSB_S(E_K(sum)) + return CRYPTO_memcmp(ctx->tag.c, tag, len); // MSB_S(E_K(sum)) else return -1; } diff --git a/gost_gost2015.h b/gost_gost2015.h index 37b94d087..d8665c448 100644 --- a/gost_gost2015.h +++ b/gost_gost2015.h @@ -10,26 +10,22 @@ #include "gost_grasshopper_cipher.h" #include -#include #include +#include -#define MAGMA_MAC_MAX_SIZE 8 +#define MAGMA_MAC_MAX_SIZE 8 #define KUZNYECHIK_MAC_MAX_SIZE 16 -#define OID_GOST_CMS_MAC "1.2.643.7.1.0.6.1.1" +#define OID_GOST_CMS_MAC "1.2.643.7.1.0.6.1.1" -#define SN_magma_mgm "magma-mgm" +#define SN_magma_mgm "magma-mgm" -#define BSWAP64(x) \ - (((x & 0xFF00000000000000ULL) >> 56) | \ - ((x & 0x00FF000000000000ULL) >> 40) | \ - ((x & 0x0000FF0000000000ULL) >> 24) | \ - ((x & 0x000000FF00000000ULL) >> 8) | \ - ((x & 0x00000000FF000000ULL) << 8) | \ - ((x & 0x0000000000FF0000ULL) << 24) | \ - ((x & 0x000000000000FF00ULL) << 40) | \ - ((x & 0x00000000000000FFULL) << 56)) +#define BSWAP64(x) \ + (((x & 0xFF00000000000000ULL) >> 56) | ((x & 0x00FF000000000000ULL) >> 40) \ + | ((x & 0x0000FF0000000000ULL) >> 24) | ((x & 0x000000FF00000000ULL) >> 8) \ + | ((x & 0x00000000FF000000ULL) << 8) | ((x & 0x0000000000FF0000ULL) << 24) \ + | ((x & 0x000000000000FF00ULL) << 40) | ((x & 0x00000000000000FFULL) << 56)) -typedef void (*mul128_f) (uint64_t *result, uint64_t *arg1, uint64_t *arg2); +typedef void (*mul128_f)(uint64_t *result, uint64_t *arg1, uint64_t *arg2); typedef struct { union { @@ -50,6 +46,7 @@ typedef struct { struct ossl_gost_cipher_ctx g_ks; gost_grasshopper_cipher_ctx gh_ks; } ks; + int key_set; int iv_set; mgm128_context mgm; @@ -59,45 +56,46 @@ typedef struct { int tlstree_mode; } gost_mgm_ctx; -int gost2015_final_call(EVP_CIPHER_CTX *ctx, EVP_MD_CTX *omac_ctx, size_t mac_size, - unsigned char *encrypted_mac, - int (*do_cipher) (EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl)); +int gost2015_final_call( + EVP_CIPHER_CTX *ctx, EVP_MD_CTX *omac_ctx, size_t mac_size, + unsigned char *encrypted_mac, + int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl)); /* IV is expected to be 16 bytes*/ -int gost2015_get_asn1_params(const ASN1_TYPE *params, size_t ukm_size, - unsigned char *iv, size_t ukm_offset, unsigned char *kdf_seed); +int gost2015_get_asn1_params( + const ASN1_TYPE *params, size_t ukm_size, unsigned char *iv, + size_t ukm_offset, unsigned char *kdf_seed); -int gost2015_set_asn1_params(ASN1_TYPE *params, - const unsigned char *iv, size_t iv_size, const unsigned char *kdf_seed); +int gost2015_set_asn1_params(ASN1_TYPE *params, const unsigned char *iv, + size_t iv_size, const unsigned char *kdf_seed); -int gost2015_process_unprotected_attributes(STACK_OF(X509_ATTRIBUTE) *attrs, - int encryption, size_t mac_len, unsigned char *final_tag); +int gost2015_process_unprotected_attributes( + STACK_OF(X509_ATTRIBUTE) * attrs, int encryption, size_t mac_len, + unsigned char *final_tag); -int gost2015_acpkm_omac_init(int nid, int enc, const unsigned char *inkey, - EVP_MD_CTX *omac_ctx, - unsigned char *outkey, unsigned char *kdf_seed); +int gost2015_acpkm_omac_init( + int nid, int enc, const unsigned char *inkey, EVP_MD_CTX *omac_ctx, + unsigned char *outkey, unsigned char *kdf_seed); int init_zero_kdf_seed(unsigned char *kdf_seed); - /* enc/dec mgm mode */ void gost_mgm128_init(mgm128_context *ctx, void *key, block128_f block, - mul128_f mul_gf, int blen); + mul128_f mul_gf, int blen); int gost_mgm128_setiv(mgm128_context *ctx, const unsigned char *iv, size_t len); int gost_mgm128_aad(mgm128_context *ctx, const unsigned char *aad, size_t len); int gost_mgm128_encrypt(mgm128_context *ctx, const unsigned char *in, - unsigned char *out, size_t len); + unsigned char *out, size_t len); int gost_mgm128_decrypt(mgm128_context *ctx, const unsigned char *in, - unsigned char *out, size_t len); + unsigned char *out, size_t len); -int gost_mgm128_finish(mgm128_context *ctx, const unsigned char *tag, size_t len); +int gost_mgm128_finish(mgm128_context *ctx, const unsigned char *tag, + size_t len); void gost_mgm128_tag(mgm128_context *ctx, unsigned char *tag, size_t len); diff --git a/gost_grasshopper.h b/gost_grasshopper.h index eb3304f0b..0c4edac9d 100644 --- a/gost_grasshopper.h +++ b/gost_grasshopper.h @@ -10,11 +10,11 @@ extern "C" { #endif +#include "gost_grasshopper_cipher.h" +#include "gost_grasshopper_core.h" #include "gost_grasshopper_defines.h" #include "gost_grasshopper_math.h" -#include "gost_grasshopper_cipher.h" #include "gost_grasshopper_precompiled.h" -#include "gost_grasshopper_core.h" #if defined(__cplusplus) } diff --git a/gost_grasshopper_cipher.c b/gost_grasshopper_cipher.c index ef06e2d3f..cc68d4a18 100644 --- a/gost_grasshopper_cipher.c +++ b/gost_grasshopper_cipher.c @@ -5,19 +5,19 @@ */ #include "gost_grasshopper_cipher.h" + +#include "e_gost_err.h" +#include "gost_gost2015.h" +#include "gost_grasshopper_core.h" #include "gost_grasshopper_defines.h" #include "gost_grasshopper_math.h" -#include "gost_grasshopper_core.h" -#include "gost_gost2015.h" +#include "gost_lcl.h" +#include #include #include -#include #include -#include "gost_lcl.h" -#include "e_gost_err.h" - enum GRASSHOPPER_CIPHER_TYPE { GRASSHOPPER_CIPHER_ECB = 0, GRASSHOPPER_CIPHER_CBC, @@ -32,8 +32,7 @@ enum GRASSHOPPER_CIPHER_TYPE { static GOST_cipher grasshopper_template_cipher = { .block_size = GRASSHOPPER_BLOCK_SIZE, .key_len = GRASSHOPPER_KEY_SIZE, - .flags = EVP_CIPH_RAND_KEY | - EVP_CIPH_ALWAYS_CALL_INIT, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT, .cleanup = gost_grasshopper_cipher_cleanup, .ctx_size = sizeof(gost_grasshopper_cipher_ctx), .set_asn1_parameters = gost_grasshopper_set_asn1_parameters, @@ -53,8 +52,7 @@ GOST_cipher grasshopper_cbc_cipher = { .nid = NID_grasshopper_cbc, .template = &grasshopper_template_cipher, .iv_len = 16, - .flags = EVP_CIPH_CBC_MODE | - EVP_CIPH_CUSTOM_IV, + .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_CUSTOM_IV, .init = gost_grasshopper_cipher_init_cbc, .do_cipher = gost_grasshopper_cipher_do_cbc, }; @@ -64,9 +62,7 @@ GOST_cipher grasshopper_ofb_cipher = { .template = &grasshopper_template_cipher, .block_size = 1, .iv_len = 16, - .flags = EVP_CIPH_OFB_MODE | - EVP_CIPH_NO_PADDING | - EVP_CIPH_CUSTOM_IV, + .flags = EVP_CIPH_OFB_MODE | EVP_CIPH_NO_PADDING | EVP_CIPH_CUSTOM_IV, .init = gost_grasshopper_cipher_init_ofb, .do_cipher = gost_grasshopper_cipher_do_ofb, }; @@ -76,9 +72,7 @@ GOST_cipher grasshopper_cfb_cipher = { .template = &grasshopper_template_cipher, .block_size = 1, .iv_len = 16, - .flags = EVP_CIPH_CFB_MODE | - EVP_CIPH_NO_PADDING | - EVP_CIPH_CUSTOM_IV, + .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_NO_PADDING | EVP_CIPH_CUSTOM_IV, .init = gost_grasshopper_cipher_init_cfb, .do_cipher = gost_grasshopper_cipher_do_cfb, }; @@ -88,9 +82,7 @@ GOST_cipher grasshopper_ctr_cipher = { .template = &grasshopper_template_cipher, .block_size = 1, .iv_len = 8, - .flags = EVP_CIPH_CTR_MODE | - EVP_CIPH_NO_PADDING | - EVP_CIPH_CUSTOM_IV, + .flags = EVP_CIPH_CTR_MODE | EVP_CIPH_NO_PADDING | EVP_CIPH_CUSTOM_IV, .init = gost_grasshopper_cipher_init_ctr, .do_cipher = gost_grasshopper_cipher_do_ctr, .ctx_size = sizeof(gost_grasshopper_cipher_ctx_ctr), @@ -101,9 +93,7 @@ GOST_cipher grasshopper_ctr_acpkm_cipher = { .template = &grasshopper_template_cipher, .block_size = 1, .iv_len = 8, - .flags = EVP_CIPH_CTR_MODE | - EVP_CIPH_NO_PADDING | - EVP_CIPH_CUSTOM_IV, + .flags = EVP_CIPH_CTR_MODE | EVP_CIPH_NO_PADDING | EVP_CIPH_CUSTOM_IV, .init = gost_grasshopper_cipher_init_ctracpkm, .do_cipher = gost_grasshopper_cipher_do_ctracpkm, .ctx_size = sizeof(gost_grasshopper_cipher_ctx_ctr), @@ -114,12 +104,9 @@ GOST_cipher grasshopper_ctr_acpkm_omac_cipher = { .template = &grasshopper_template_cipher, .block_size = 1, .iv_len = 8, - .flags = EVP_CIPH_CTR_MODE | - EVP_CIPH_NO_PADDING | - EVP_CIPH_CUSTOM_IV | - EVP_CIPH_FLAG_CUSTOM_CIPHER | - EVP_CIPH_FLAG_CIPHER_WITH_MAC | - EVP_CIPH_CUSTOM_COPY, + .flags = EVP_CIPH_CTR_MODE | EVP_CIPH_NO_PADDING | EVP_CIPH_CUSTOM_IV + | EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_FLAG_CIPHER_WITH_MAC + | EVP_CIPH_CUSTOM_COPY, .init = gost_grasshopper_cipher_init_ctracpkm_omac, .do_cipher = gost_grasshopper_cipher_do_ctracpkm_omac, .ctx_size = sizeof(gost_grasshopper_cipher_ctx_ctr), @@ -130,17 +117,16 @@ GOST_cipher grasshopper_mgm_cipher = { .template = &grasshopper_template_cipher, .block_size = 1, .iv_len = 16, - .flags = EVP_CIPH_NO_PADDING | - EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER | - EVP_CIPH_CTRL_INIT | EVP_CIPH_FLAG_AEAD_CIPHER, + .flags = + EVP_CIPH_NO_PADDING | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER + | EVP_CIPH_CTRL_INIT | EVP_CIPH_FLAG_AEAD_CIPHER, .cleanup = gost_grasshopper_mgm_cleanup, .ctrl = gost_grasshopper_mgm_ctrl, .init = gost_grasshopper_cipher_init_mgm, .do_cipher = gost_grasshopper_cipher_do_mgm, - .ctx_size = sizeof(gost_mgm_ctx) -}; + .ctx_size = sizeof(gost_mgm_ctx)}; -static void kuznyechik_NID_callback (int nid) +static void kuznyechik_NID_callback(int nid) { grasshopper_mgm_cipher.nid = nid; } @@ -159,7 +145,7 @@ static const unsigned char ACPKM_D_2018[] = { 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, /* 256 bit */ }; -static void acpkm_next(gost_grasshopper_cipher_ctx * c) +static void acpkm_next(gost_grasshopper_cipher_ctx *c) { unsigned char newkey[GRASSHOPPER_KEY_SIZE]; const int J = GRASSHOPPER_KEY_SIZE / GRASSHOPPER_BLOCK_SIZE; @@ -168,23 +154,22 @@ static void acpkm_next(gost_grasshopper_cipher_ctx * c) for (n = 0; n < J; n++) { const unsigned char *D_n = &ACPKM_D_2018[n * GRASSHOPPER_BLOCK_SIZE]; - grasshopper_encrypt_block(&c->encrypt_round_keys, - (grasshopper_w128_t *) D_n, - (grasshopper_w128_t *) & newkey[n * - GRASSHOPPER_BLOCK_SIZE], - &c->buffer); + grasshopper_encrypt_block( + &c->encrypt_round_keys, (grasshopper_w128_t *)D_n, + (grasshopper_w128_t *)&newkey[n * GRASSHOPPER_BLOCK_SIZE], + &c->buffer); } gost_grasshopper_cipher_key(c, newkey); } /* Set 256 bit key into context */ static GRASSHOPPER_INLINE void -gost_grasshopper_cipher_key(gost_grasshopper_cipher_ctx * c, const uint8_t *k) +gost_grasshopper_cipher_key(gost_grasshopper_cipher_ctx *c, const uint8_t *k) { int i; for (i = 0; i < 2; i++) { - grasshopper_copy128(&c->key.k.k[i], - (const grasshopper_w128_t *)(k + i * 16)); + grasshopper_copy128( + &c->key.k.k[i], (const grasshopper_w128_t *)(k + i * 16)); } grasshopper_set_encrypt_key(&c->encrypt_round_keys, &c->key); @@ -193,18 +178,18 @@ gost_grasshopper_cipher_key(gost_grasshopper_cipher_ctx * c, const uint8_t *k) /* Set master 256-bit key to be used in TLSTREE calculation into context */ static GRASSHOPPER_INLINE void -gost_grasshopper_master_key(gost_grasshopper_cipher_ctx * c, const uint8_t *k) +gost_grasshopper_master_key(gost_grasshopper_cipher_ctx *c, const uint8_t *k) { int i; for (i = 0; i < 2; i++) { - grasshopper_copy128(&c->master_key.k.k[i], - (const grasshopper_w128_t *)(k + i * 16)); + grasshopper_copy128( + &c->master_key.k.k[i], (const grasshopper_w128_t *)(k + i * 16)); } } /* Cleans up key from context */ static GRASSHOPPER_INLINE void -gost_grasshopper_cipher_destroy(gost_grasshopper_cipher_ctx * c) +gost_grasshopper_cipher_destroy(gost_grasshopper_cipher_ctx *c) { int i; for (i = 0; i < 2; i++) { @@ -221,10 +206,9 @@ gost_grasshopper_cipher_destroy(gost_grasshopper_cipher_ctx * c) } static GRASSHOPPER_INLINE void -gost_grasshopper_cipher_destroy_ctr(gost_grasshopper_cipher_ctx * c) +gost_grasshopper_cipher_destroy_ctr(gost_grasshopper_cipher_ctx *c) { - gost_grasshopper_cipher_ctx_ctr *ctx = - (gost_grasshopper_cipher_ctx_ctr *) c; + gost_grasshopper_cipher_ctx_ctr *ctx = (gost_grasshopper_cipher_ctx_ctr *)c; if (ctx->omac_ctx) EVP_MD_CTX_free(ctx->omac_ctx); @@ -232,16 +216,17 @@ gost_grasshopper_cipher_destroy_ctr(gost_grasshopper_cipher_ctx * c) grasshopper_zero128(&ctx->partial_buffer); } -static int gost_grasshopper_cipher_init(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc) +static int gost_grasshopper_cipher_init( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc) { gost_grasshopper_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); if (EVP_CIPHER_CTX_get_app_data(ctx) == NULL) { EVP_CIPHER_CTX_set_app_data(ctx, EVP_CIPHER_CTX_get_cipher_data(ctx)); if (enc && c->type == GRASSHOPPER_CIPHER_CTRACPKM) { - gost_grasshopper_cipher_ctx_ctr *ctr = EVP_CIPHER_CTX_get_cipher_data(ctx); + gost_grasshopper_cipher_ctx_ctr *ctr = + EVP_CIPHER_CTX_get_cipher_data(ctx); if (init_zero_kdf_seed(ctr->kdf_seed) == 0) return -1; } @@ -257,58 +242,53 @@ static int gost_grasshopper_cipher_init(EVP_CIPHER_CTX *ctx, EVP_CIPHER_CTX_iv_length(ctx)); } - memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), - EVP_CIPHER_CTX_original_iv(ctx), EVP_CIPHER_CTX_iv_length(ctx)); + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_original_iv(ctx), + EVP_CIPHER_CTX_iv_length(ctx)); grasshopper_zero128(&c->buffer); return 1; } -static GRASSHOPPER_INLINE int -gost_grasshopper_cipher_init_ecb(EVP_CIPHER_CTX *ctx, const unsigned char - *key, const unsigned char - *iv, int enc) +static GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ecb( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc) { gost_grasshopper_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); c->type = GRASSHOPPER_CIPHER_ECB; return gost_grasshopper_cipher_init(ctx, key, iv, enc); } -static GRASSHOPPER_INLINE int -gost_grasshopper_cipher_init_cbc(EVP_CIPHER_CTX *ctx, const unsigned char - *key, const unsigned char - *iv, int enc) +static GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_cbc( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc) { gost_grasshopper_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); c->type = GRASSHOPPER_CIPHER_CBC; return gost_grasshopper_cipher_init(ctx, key, iv, enc); } -static GRASSHOPPER_INLINE -int gost_grasshopper_cipher_init_ofb(EVP_CIPHER_CTX *ctx, const unsigned char - *key, const unsigned char - *iv, int enc) +static GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ofb( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc) { gost_grasshopper_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); c->type = GRASSHOPPER_CIPHER_OFB; return gost_grasshopper_cipher_init(ctx, key, iv, enc); } -static GRASSHOPPER_INLINE int -gost_grasshopper_cipher_init_cfb(EVP_CIPHER_CTX *ctx, const unsigned char - *key, const unsigned char - *iv, int enc) +static GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_cfb( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc) { gost_grasshopper_cipher_ctx *c = EVP_CIPHER_CTX_get_cipher_data(ctx); c->type = GRASSHOPPER_CIPHER_CFB; return gost_grasshopper_cipher_init(ctx, key, iv, enc); } -static GRASSHOPPER_INLINE int -gost_grasshopper_cipher_init_ctr(EVP_CIPHER_CTX *ctx, const unsigned char - *key, const unsigned char - *iv, int enc) +static GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ctr( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc) { gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx); @@ -320,11 +300,9 @@ gost_grasshopper_cipher_init_ctr(EVP_CIPHER_CTX *ctx, const unsigned char return gost_grasshopper_cipher_init(ctx, key, iv, enc); } -static GRASSHOPPER_INLINE int -gost_grasshopper_cipher_init_ctracpkm(EVP_CIPHER_CTX - *ctx, const unsigned - char *key, const unsigned - char *iv, int enc) +static GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ctracpkm( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc) { gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx); @@ -336,11 +314,9 @@ gost_grasshopper_cipher_init_ctracpkm(EVP_CIPHER_CTX return gost_grasshopper_cipher_init(ctx, key, iv, enc); } -static GRASSHOPPER_INLINE int -gost_grasshopper_cipher_init_ctracpkm_omac(EVP_CIPHER_CTX - *ctx, const unsigned - char *key, const unsigned - char *iv, int enc) +static GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ctracpkm_omac( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc) { gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx); @@ -354,12 +330,14 @@ gost_grasshopper_cipher_init_ctracpkm_omac(EVP_CIPHER_CTX c->omac_ctx = EVP_MD_CTX_new(); if (c->omac_ctx == NULL) { - GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_INIT_CTRACPKM_OMAC, ERR_R_MALLOC_FAILURE); + GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_INIT_CTRACPKM_OMAC, + ERR_R_MALLOC_FAILURE); return 0; } - if (gost2015_acpkm_omac_init(NID_kuznyechik_mac, enc, key, - c->omac_ctx, cipher_key, c->kdf_seed) != 1) { + if (gost2015_acpkm_omac_init(NID_kuznyechik_mac, enc, key, c->omac_ctx, + cipher_key, c->kdf_seed) + != 1) { EVP_MD_CTX_free(c->omac_ctx); c->omac_ctx = NULL; return 0; @@ -373,107 +351,101 @@ gost_grasshopper_cipher_init_ctracpkm_omac(EVP_CIPHER_CTX // TODO: const *in, const *c void gost_grasshopper_encrypt_wrap(unsigned char *in, unsigned char *out, - gost_grasshopper_cipher_ctx *c) { - grasshopper_encrypt_block(&c->encrypt_round_keys, - (grasshopper_w128_t *) in, - (grasshopper_w128_t *) out, - &c->buffer); + gost_grasshopper_cipher_ctx *c) +{ + grasshopper_encrypt_block(&c->encrypt_round_keys, (grasshopper_w128_t *)in, + (grasshopper_w128_t *)out, &c->buffer); } - - /* ----------------------------------------------------------------------------------------------- */ /*! Функция реализует операцию умножения двух элементов конечного поля \f$ \mathbb F_{2^{128}}\f$, порожденного неприводимым многочленом \f$ f(x) = x^{128} + x^7 + x^2 + x + 1 \in \mathbb F_2[x]\f$. Для умножения используется простейшая реализация, основанная на приведении по модулю после каждого шага алгоритма. */ /* ----------------------------------------------------------------------------------------------- */ -static void gf128_mul_uint64 (uint64_t *result, uint64_t *arg1, uint64_t *arg2) +static void gf128_mul_uint64(uint64_t *result, uint64_t *arg1, uint64_t *arg2) { - int i = 0; - register uint64_t t, X0, X1; - uint64_t Z0 = 0, Z1 = 0; + int i = 0; + register uint64_t t, X0, X1; + uint64_t Z0 = 0, Z1 = 0; #ifdef L_ENDIAN - X0 = BSWAP64(*(arg1 + 1)); - X1 = BSWAP64(*arg1); + X0 = BSWAP64(*(arg1 + 1)); + X1 = BSWAP64(*arg1); #else - X0 = *(arg1 + 1); - X1 = *arg1; + X0 = *(arg1 + 1); + X1 = *arg1; #endif - //first 64 bits of arg1 + //first 64 bits of arg1 #ifdef L_ENDIAN - t = BSWAP64(*(arg2 + 1)); + t = BSWAP64(*(arg2 + 1)); #else - t = *(arg2 + 1); + t = *(arg2 + 1); #endif - for (i = 0; i < 64; i++) { - if (t & 0x1) { - Z0 ^= X0; - Z1 ^= X1; - } - t >>= 1; - if (X1 & 0x8000000000000000) { - X1 <<= 1; - X1 ^= X0>>63; - X0 <<= 1; - X0 ^= 0x87; - } - else { - X1 <<= 1; - X1 ^= X0>>63; - X0 <<= 1; - } - } - - //second 64 bits of arg2 + for (i = 0; i < 64; i++) { + if (t & 0x1) { + Z0 ^= X0; + Z1 ^= X1; + } + t >>= 1; + if (X1 & 0x8000000000000000) { + X1 <<= 1; + X1 ^= X0 >> 63; + X0 <<= 1; + X0 ^= 0x87; + } else { + X1 <<= 1; + X1 ^= X0 >> 63; + X0 <<= 1; + } + } + + //second 64 bits of arg2 #ifdef L_ENDIAN - t = BSWAP64(*arg2); + t = BSWAP64(*arg2); #else - t = *arg2; + t = *arg2; #endif - for (i = 0; i < 63; i++) { - if (t & 0x1) { - Z0 ^= X0; - Z1 ^= X1; - } - t >>= 1; - if (X1 & 0x8000000000000000) { - X1 <<= 1; - X1 ^= X0>>63; - X0 <<= 1; - X0 ^= 0x87; - } - else { - X1 <<= 1; - X1 ^= X0>>63; - X0 <<= 1; - } - } - - if (t & 0x1) { - Z0 ^= X0; - Z1 ^= X1; - } + for (i = 0; i < 63; i++) { + if (t & 0x1) { + Z0 ^= X0; + Z1 ^= X1; + } + t >>= 1; + if (X1 & 0x8000000000000000) { + X1 <<= 1; + X1 ^= X0 >> 63; + X0 <<= 1; + X0 ^= 0x87; + } else { + X1 <<= 1; + X1 ^= X0 >> 63; + X0 <<= 1; + } + } + + if (t & 0x1) { + Z0 ^= X0; + Z1 ^= X1; + } #ifdef L_ENDIAN - result[0] = BSWAP64(Z1); - result[1] = BSWAP64(Z0); + result[0] = BSWAP64(Z1); + result[1] = BSWAP64(Z0); #else - result[0] = Z1; - result[1] = Z0; + result[0] = Z1; + result[1] = Z0; #endif } -static GRASSHOPPER_INLINE int -gost_grasshopper_cipher_init_mgm(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) +static GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_mgm( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc) { - gost_mgm_ctx *mctx = - (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + gost_mgm_ctx *mctx = (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); int bl; if (!iv && !key) @@ -481,8 +453,9 @@ gost_grasshopper_cipher_init_mgm(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (key) { bl = EVP_CIPHER_CTX_iv_length(ctx); gost_grasshopper_cipher_key(&mctx->ks.gh_ks, key); - gost_mgm128_init(&mctx->mgm, &mctx->ks, - (block128_f) gost_grasshopper_encrypt_wrap, gf128_mul_uint64, bl); + gost_mgm128_init( + &mctx->mgm, &mctx->ks, (block128_f)gost_grasshopper_encrypt_wrap, + gf128_mul_uint64, bl); /* * If we have an iv can set it directly, otherwise use saved IV. @@ -500,64 +473,63 @@ gost_grasshopper_cipher_init_mgm(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (mctx->key_set) { if (gost_mgm128_setiv(&mctx->mgm, iv, mctx->ivlen) != 1) return 0; - } - else + } else memcpy(mctx->iv, iv, mctx->ivlen); mctx->iv_set = 1; } return 1; } -static int gost_grasshopper_cipher_do_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) +static int gost_grasshopper_cipher_do_ecb( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl) { gost_grasshopper_cipher_ctx *c = - (gost_grasshopper_cipher_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx); - bool encrypting = (bool) EVP_CIPHER_CTX_encrypting(ctx); + (gost_grasshopper_cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + bool encrypting = (bool)EVP_CIPHER_CTX_encrypting(ctx); const unsigned char *current_in = in; unsigned char *current_out = out; size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE; size_t i; - for (i = 0; i < blocks; - i++, current_in += GRASSHOPPER_BLOCK_SIZE, current_out += - GRASSHOPPER_BLOCK_SIZE) { + for (i = 0; i < blocks; i++, current_in += GRASSHOPPER_BLOCK_SIZE, + current_out += GRASSHOPPER_BLOCK_SIZE) { if (encrypting) { - grasshopper_encrypt_block(&c->encrypt_round_keys, - (grasshopper_w128_t *) current_in, - (grasshopper_w128_t *) current_out, - &c->buffer); + grasshopper_encrypt_block( + &c->encrypt_round_keys, (grasshopper_w128_t *)current_in, + (grasshopper_w128_t *)current_out, &c->buffer); } else { - grasshopper_decrypt_block(&c->decrypt_round_keys, - (grasshopper_w128_t *) current_in, - (grasshopper_w128_t *) current_out, - &c->buffer); + grasshopper_decrypt_block( + &c->decrypt_round_keys, (grasshopper_w128_t *)current_in, + (grasshopper_w128_t *)current_out, &c->buffer); } } return 1; } -static int gost_grasshopper_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) +static int gost_grasshopper_cipher_do_cbc( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl) { gost_grasshopper_cipher_ctx *c = - (gost_grasshopper_cipher_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx); + (gost_grasshopper_cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); - bool encrypting = (bool) EVP_CIPHER_CTX_encrypting(ctx); + bool encrypting = (bool)EVP_CIPHER_CTX_encrypting(ctx); const unsigned char *current_in = in; unsigned char *current_out = out; size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE; size_t i; grasshopper_w128_t *currentBlock; - currentBlock = (grasshopper_w128_t *) iv; + currentBlock = (grasshopper_w128_t *)iv; - for (i = 0; i < blocks; - i++, current_in += GRASSHOPPER_BLOCK_SIZE, current_out += - GRASSHOPPER_BLOCK_SIZE) { - grasshopper_w128_t *currentInputBlock = (grasshopper_w128_t *) current_in; - grasshopper_w128_t *currentOutputBlock = (grasshopper_w128_t *) current_out; + for (i = 0; i < blocks; i++, current_in += GRASSHOPPER_BLOCK_SIZE, + current_out += GRASSHOPPER_BLOCK_SIZE) { + grasshopper_w128_t *currentInputBlock = + (grasshopper_w128_t *)current_in; + grasshopper_w128_t *currentOutputBlock = + (grasshopper_w128_t *)current_out; if (encrypting) { grasshopper_append128(currentBlock, currentInputBlock); grasshopper_encrypt_block(&c->encrypt_round_keys, currentBlock, @@ -567,9 +539,8 @@ static int gost_grasshopper_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *ou grasshopper_w128_t tmp; grasshopper_copy128(&tmp, currentInputBlock); - grasshopper_decrypt_block(&c->decrypt_round_keys, - currentInputBlock, currentOutputBlock, - &c->buffer); + grasshopper_decrypt_block(&c->decrypt_round_keys, currentInputBlock, + currentOutputBlock, &c->buffer); grasshopper_append128(currentOutputBlock, currentBlock); grasshopper_copy128(currentBlock, &tmp); } @@ -599,11 +570,12 @@ static void ctr128_inc(unsigned char *counter) inc_counter(counter, 16); } -static int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) +static int gost_grasshopper_cipher_do_ctr( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl) { - gost_grasshopper_cipher_ctx_ctr *c = (gost_grasshopper_cipher_ctx_ctr *) - EVP_CIPHER_CTX_get_cipher_data(ctx); + gost_grasshopper_cipher_ctx_ctr *c = + (gost_grasshopper_cipher_ctx_ctr *)EVP_CIPHER_CTX_get_cipher_data(ctx); unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); const unsigned char *current_in = in; unsigned char *current_out = out; @@ -624,12 +596,12 @@ static int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX *ctx, unsigned char *ou EVP_CIPHER_CTX_set_num(ctx, n); blocks = lasted / GRASSHOPPER_BLOCK_SIZE; - iv_buffer = (grasshopper_w128_t *) iv; + iv_buffer = (grasshopper_w128_t *)iv; // full parts for (i = 0; i < blocks; i++) { - currentInputBlock = (grasshopper_w128_t *) current_in; - currentOutputBlock = (grasshopper_w128_t *) current_out; + currentInputBlock = (grasshopper_w128_t *)current_in; + currentOutputBlock = (grasshopper_w128_t *)current_out; grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer, &c->partial_buffer, &c->c.buffer); grasshopper_plus128(&tmp, &c->partial_buffer, currentInputBlock); @@ -641,8 +613,8 @@ static int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX *ctx, unsigned char *ou } if (lasted > 0) { - currentInputBlock = (grasshopper_w128_t *) current_in; - currentOutputBlock = (grasshopper_w128_t *) current_out; + currentInputBlock = (grasshopper_w128_t *)current_in; + currentOutputBlock = (grasshopper_w128_t *)current_out; grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer, &c->partial_buffer, &c->c.buffer); for (i = 0; i < lasted; i++) { @@ -657,8 +629,9 @@ static int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX *ctx, unsigned char *ou } #define GRASSHOPPER_BLOCK_MASK (GRASSHOPPER_BLOCK_SIZE - 1) -static inline void apply_acpkm_grasshopper(gost_grasshopper_cipher_ctx_ctr * - ctx, unsigned int *num) + +static inline void +apply_acpkm_grasshopper(gost_grasshopper_cipher_ctx_ctr *ctx, unsigned int *num) { if (!ctx->section_size || (*num < ctx->section_size)) return; @@ -668,10 +641,9 @@ static inline void apply_acpkm_grasshopper(gost_grasshopper_cipher_ctx_ctr * /* If meshing is not configured via ctrl (setting section_size) * this function works exactly like plain ctr */ -static int gost_grasshopper_cipher_do_ctracpkm(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl) +static int gost_grasshopper_cipher_do_ctracpkm( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl) { gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx); unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); @@ -689,13 +661,11 @@ static int gost_grasshopper_cipher_do_ctracpkm(EVP_CIPHER_CTX *ctx, // full parts for (i = 0; i < blocks; i++) { apply_acpkm_grasshopper(c, &num); - grasshopper_encrypt_block(&c->c.encrypt_round_keys, - (grasshopper_w128_t *) iv, - (grasshopper_w128_t *) & c->partial_buffer, - &c->c.buffer); - grasshopper_plus128(&tmp, &c->partial_buffer, - (grasshopper_w128_t *) in); - grasshopper_copy128((grasshopper_w128_t *) out, &tmp); + grasshopper_encrypt_block( + &c->c.encrypt_round_keys, (grasshopper_w128_t *)iv, + (grasshopper_w128_t *)&c->partial_buffer, &c->c.buffer); + grasshopper_plus128(&tmp, &c->partial_buffer, (grasshopper_w128_t *)in); + grasshopper_copy128((grasshopper_w128_t *)out, &tmp); ctr128_inc(iv); in += GRASSHOPPER_BLOCK_SIZE; out += GRASSHOPPER_BLOCK_SIZE; @@ -706,9 +676,9 @@ static int gost_grasshopper_cipher_do_ctracpkm(EVP_CIPHER_CTX *ctx, // last part if (lasted > 0) { apply_acpkm_grasshopper(c, &num); - grasshopper_encrypt_block(&c->c.encrypt_round_keys, - (grasshopper_w128_t *) iv, - &c->partial_buffer, &c->c.buffer); + grasshopper_encrypt_block( + &c->c.encrypt_round_keys, (grasshopper_w128_t *)iv, + &c->partial_buffer, &c->c.buffer); for (i = 0; i < lasted; i++) out[i] = c->partial_buffer.b[i] ^ in[i]; ctr128_inc(iv); @@ -719,10 +689,9 @@ static int gost_grasshopper_cipher_do_ctracpkm(EVP_CIPHER_CTX *ctx, return inl; } -static int gost_grasshopper_cipher_do_ctracpkm_omac(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl) +static int gost_grasshopper_cipher_do_ctracpkm_omac( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl) { int result; gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx); @@ -731,7 +700,8 @@ static int gost_grasshopper_cipher_do_ctracpkm_omac(EVP_CIPHER_CTX *ctx, EVP_DigestSignUpdate(c->omac_ctx, in, inl); if (in == NULL && inl == 0) { /* Final call */ - return gost2015_final_call(ctx, c->omac_ctx, KUZNYECHIK_MAC_MAX_SIZE, c->tag, gost_grasshopper_cipher_do_ctracpkm); + return gost2015_final_call(ctx, c->omac_ctx, KUZNYECHIK_MAC_MAX_SIZE, + c->tag, gost_grasshopper_cipher_do_ctracpkm); } if (in == NULL) { @@ -747,25 +717,21 @@ static int gost_grasshopper_cipher_do_ctracpkm_omac(EVP_CIPHER_CTX *ctx, return result; } - - -static int gost_grasshopper_cipher_do_mgm(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) +static int gost_grasshopper_cipher_do_mgm( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t len) { - gost_mgm_ctx *mctx = - (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + gost_mgm_ctx *mctx = (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); int enc = EVP_CIPHER_CTX_encrypting(ctx); /* If not set up, return error */ if (!mctx->key_set) { - GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_DO_MGM, - GOST_R_BAD_ORDER); + GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_DO_MGM, GOST_R_BAD_ORDER); return -1; } if (!mctx->iv_set) { - GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_DO_MGM, - GOST_R_BAD_ORDER); + GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_DO_MGM, GOST_R_BAD_ORDER); return -1; } if (in) { @@ -784,9 +750,9 @@ static int gost_grasshopper_cipher_do_mgm(EVP_CIPHER_CTX *ctx, unsigned char *ou if (!enc) { if (mctx->taglen < 0) return -1; - if (gost_mgm128_finish(&mctx->mgm, - EVP_CIPHER_CTX_buf_noconst(ctx), - mctx->taglen) != 0) + if (gost_mgm128_finish( + &mctx->mgm, EVP_CIPHER_CTX_buf_noconst(ctx), mctx->taglen) + != 0) return -1; mctx->iv_set = 0; return 0; @@ -797,28 +763,28 @@ static int gost_grasshopper_cipher_do_mgm(EVP_CIPHER_CTX *ctx, unsigned char *ou mctx->iv_set = 0; return 0; } - } /* * Fixed 128-bit IV implementation make shift regiser redundant. */ -static void gost_grasshopper_cnt_next(gost_grasshopper_cipher_ctx * ctx, - grasshopper_w128_t * iv, - grasshopper_w128_t * buf) +static void +gost_grasshopper_cnt_next(gost_grasshopper_cipher_ctx *ctx, + grasshopper_w128_t *iv, grasshopper_w128_t *buf) { grasshopper_w128_t tmp; memcpy(&tmp, iv, 16); - grasshopper_encrypt_block(&ctx->encrypt_round_keys, &tmp, - buf, &ctx->buffer); + grasshopper_encrypt_block( + &ctx->encrypt_round_keys, &tmp, buf, &ctx->buffer); memcpy(iv, buf, 16); } -static int gost_grasshopper_cipher_do_ofb(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) +static int gost_grasshopper_cipher_do_ofb( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl) { - gost_grasshopper_cipher_ctx *c = (gost_grasshopper_cipher_ctx *) - EVP_CIPHER_CTX_get_cipher_data(ctx); + gost_grasshopper_cipher_ctx *c = + (gost_grasshopper_cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); const unsigned char *in_ptr = in; unsigned char *out_ptr = out; unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); @@ -829,8 +795,8 @@ static int gost_grasshopper_cipher_do_ofb(EVP_CIPHER_CTX *ctx, unsigned char *ou /* process partial block if any */ if (num > 0) { - for (j = (size_t)num, i = 0; j < GRASSHOPPER_BLOCK_SIZE && i < inl; - j++, i++, in_ptr++, out_ptr++) { + for (j = (size_t)num, i = 0; j < GRASSHOPPER_BLOCK_SIZE && i < inl; j++, + i++, in_ptr++, out_ptr++) { *out_ptr = buf[j] ^ (*in_ptr); } if (j == GRASSHOPPER_BLOCK_SIZE) { @@ -841,16 +807,15 @@ static int gost_grasshopper_cipher_do_ofb(EVP_CIPHER_CTX *ctx, unsigned char *ou } } - for (; i + GRASSHOPPER_BLOCK_SIZE < - inl; - i += GRASSHOPPER_BLOCK_SIZE, in_ptr += - GRASSHOPPER_BLOCK_SIZE, out_ptr += GRASSHOPPER_BLOCK_SIZE) { + for (; i + GRASSHOPPER_BLOCK_SIZE < inl; + i += GRASSHOPPER_BLOCK_SIZE, in_ptr += GRASSHOPPER_BLOCK_SIZE, + out_ptr += GRASSHOPPER_BLOCK_SIZE) { /* * block cipher current iv */ /* Encrypt */ - gost_grasshopper_cnt_next(c, (grasshopper_w128_t *) iv, - (grasshopper_w128_t *) buf); + gost_grasshopper_cnt_next( + c, (grasshopper_w128_t *)iv, (grasshopper_w128_t *)buf); /* * xor next block of input text with it and output it @@ -865,8 +830,8 @@ static int gost_grasshopper_cipher_do_ofb(EVP_CIPHER_CTX *ctx, unsigned char *ou /* Process rest of buffer */ if (i < inl) { - gost_grasshopper_cnt_next(c, (grasshopper_w128_t *) iv, - (grasshopper_w128_t *) buf); + gost_grasshopper_cnt_next( + c, (grasshopper_w128_t *)iv, (grasshopper_w128_t *)buf); for (j = 0; i < inl; j++, i++) { out_ptr[j] = buf[j] ^ in_ptr[j]; } @@ -878,24 +843,25 @@ static int gost_grasshopper_cipher_do_ofb(EVP_CIPHER_CTX *ctx, unsigned char *ou return 1; } -static int gost_grasshopper_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) +static int gost_grasshopper_cipher_do_cfb( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl) { gost_grasshopper_cipher_ctx *c = - (gost_grasshopper_cipher_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx); + (gost_grasshopper_cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); const unsigned char *in_ptr = in; unsigned char *out_ptr = out; unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); - bool encrypting = (bool) EVP_CIPHER_CTX_encrypting(ctx); + bool encrypting = (bool)EVP_CIPHER_CTX_encrypting(ctx); int num = EVP_CIPHER_CTX_num(ctx); size_t i = 0; size_t j = 0; /* process partial block if any */ if (num > 0) { - for (j = (size_t)num, i = 0; j < GRASSHOPPER_BLOCK_SIZE && i < inl; - j++, i++, in_ptr++, out_ptr++) { + for (j = (size_t)num, i = 0; j < GRASSHOPPER_BLOCK_SIZE && i < inl; j++, + i++, in_ptr++, out_ptr++) { if (!encrypting) { buf[j + GRASSHOPPER_BLOCK_SIZE] = *in_ptr; } @@ -913,16 +879,15 @@ static int gost_grasshopper_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *ou } } - for (; i + GRASSHOPPER_BLOCK_SIZE < - inl; - i += GRASSHOPPER_BLOCK_SIZE, in_ptr += - GRASSHOPPER_BLOCK_SIZE, out_ptr += GRASSHOPPER_BLOCK_SIZE) { + for (; i + GRASSHOPPER_BLOCK_SIZE < inl; + i += GRASSHOPPER_BLOCK_SIZE, in_ptr += GRASSHOPPER_BLOCK_SIZE, + out_ptr += GRASSHOPPER_BLOCK_SIZE) { /* * block cipher current iv */ - grasshopper_encrypt_block(&c->encrypt_round_keys, - (grasshopper_w128_t *) iv, - (grasshopper_w128_t *) buf, &c->buffer); + grasshopper_encrypt_block( + &c->encrypt_round_keys, (grasshopper_w128_t *)iv, + (grasshopper_w128_t *)buf, &c->buffer); /* * xor next block of input text with it and output it */ @@ -944,9 +909,9 @@ static int gost_grasshopper_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *ou /* Process rest of buffer */ if (i < inl) { - grasshopper_encrypt_block(&c->encrypt_round_keys, - (grasshopper_w128_t *) iv, - (grasshopper_w128_t *) buf, &c->buffer); + grasshopper_encrypt_block( + &c->encrypt_round_keys, (grasshopper_w128_t *)iv, + (grasshopper_w128_t *)buf, &c->buffer); if (!encrypting) { memcpy(buf + GRASSHOPPER_BLOCK_SIZE, in_ptr, inl - i); } @@ -967,7 +932,7 @@ static int gost_grasshopper_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *ou static int gost_grasshopper_cipher_cleanup(EVP_CIPHER_CTX *ctx) { gost_grasshopper_cipher_ctx *c = - (gost_grasshopper_cipher_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx); + (gost_grasshopper_cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); if (!c) return 1; @@ -980,16 +945,18 @@ static int gost_grasshopper_cipher_cleanup(EVP_CIPHER_CTX *ctx) return 1; } -static int gost_grasshopper_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) +static int +gost_grasshopper_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) { if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CTR_MODE) { - gost_grasshopper_cipher_ctx_ctr *ctr = EVP_CIPHER_CTX_get_cipher_data(ctx); + gost_grasshopper_cipher_ctx_ctr *ctr = + EVP_CIPHER_CTX_get_cipher_data(ctx); /* CMS implies 256kb section_size */ - ctr->section_size = 256*1024; + ctr->section_size = 256 * 1024; - return gost2015_set_asn1_params(params, - EVP_CIPHER_CTX_original_iv(ctx), 8, ctr->kdf_seed); + return gost2015_set_asn1_params( + params, EVP_CIPHER_CTX_original_iv(ctx), 8, ctr->kdf_seed); } return 0; } @@ -998,7 +965,8 @@ static GRASSHOPPER_INLINE int gost_grasshopper_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) { if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CTR_MODE) { - gost_grasshopper_cipher_ctx_ctr *ctr = EVP_CIPHER_CTX_get_cipher_data(ctx); + gost_grasshopper_cipher_ctx_ctr *ctr = + EVP_CIPHER_CTX_get_cipher_data(ctx); int iv_len = 16; unsigned char iv[16]; @@ -1011,7 +979,7 @@ gost_grasshopper_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) memcpy((unsigned char *)EVP_CIPHER_CTX_original_iv(ctx), iv, iv_len); /* CMS implies 256kb section_size */ - ctr->section_size = 256*1024; + ctr->section_size = 256 * 1024; return 1; } return 0; @@ -1019,8 +987,7 @@ gost_grasshopper_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) static int gost_grasshopper_mgm_cleanup(EVP_CIPHER_CTX *c) { - gost_mgm_ctx *mctx = - (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(c); + gost_mgm_ctx *mctx = (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(c); if (mctx == NULL) return 0; gost_grasshopper_cipher_destroy(&mctx->ks.gh_ks); @@ -1030,10 +997,10 @@ static int gost_grasshopper_mgm_cleanup(EVP_CIPHER_CTX *c) return 1; } -static int gost_grasshopper_mgm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +static int +gost_grasshopper_mgm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { - gost_mgm_ctx *mctx = - (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(c); + gost_mgm_ctx *mctx = (gost_mgm_ctx *)EVP_CIPHER_CTX_get_cipher_data(c); unsigned char *buf, *iv; int ivlen, enc; @@ -1090,77 +1057,77 @@ static int gost_grasshopper_mgm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void } } -static int gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +static int +gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { switch (type) { - case EVP_CTRL_RAND_KEY:{ - if (RAND_priv_bytes - ((unsigned char *)ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0) { - GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL, GOST_R_RNG_ERROR); - return -1; - } - break; - } - case EVP_CTRL_KEY_MESH:{ - gost_grasshopper_cipher_ctx_ctr *c = - EVP_CIPHER_CTX_get_cipher_data(ctx); - if ((c->c.type != GRASSHOPPER_CIPHER_CTRACPKM && - c->c.type != GRASSHOPPER_CIPHER_CTRACPKMOMAC) - || (arg == 0) - || (arg % GRASSHOPPER_BLOCK_SIZE)) - return -1; - c->section_size = arg; - break; + case EVP_CTRL_RAND_KEY: { + if (RAND_priv_bytes((unsigned char *)ptr, EVP_CIPHER_CTX_key_length(ctx)) + <= 0) { + GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL, GOST_R_RNG_ERROR); + return -1; } - case EVP_CTRL_TLSTREE: - { - unsigned char newkey[32]; - int mode = EVP_CIPHER_CTX_mode(ctx); - gost_grasshopper_cipher_ctx_ctr *ctr_ctx = NULL; - gost_grasshopper_cipher_ctx *c = NULL; - - unsigned char adjusted_iv[16]; - unsigned char seq[8]; - int j, carry, decrement_arg; - if (mode != EVP_CIPH_CTR_MODE) - return -1; - - ctr_ctx = (gost_grasshopper_cipher_ctx_ctr *) - EVP_CIPHER_CTX_get_cipher_data(ctx); - c = &(ctr_ctx->c); - - /* + break; + } + case EVP_CTRL_KEY_MESH: { + gost_grasshopper_cipher_ctx_ctr *c = + EVP_CIPHER_CTX_get_cipher_data(ctx); + if ((c->c.type != GRASSHOPPER_CIPHER_CTRACPKM + && c->c.type != GRASSHOPPER_CIPHER_CTRACPKMOMAC) + || (arg == 0) || (arg % GRASSHOPPER_BLOCK_SIZE)) + return -1; + c->section_size = arg; + break; + } + case EVP_CTRL_TLSTREE: { + unsigned char newkey[32]; + int mode = EVP_CIPHER_CTX_mode(ctx); + gost_grasshopper_cipher_ctx_ctr *ctr_ctx = NULL; + gost_grasshopper_cipher_ctx *c = NULL; + + unsigned char adjusted_iv[16]; + unsigned char seq[8]; + int j, carry, decrement_arg; + if (mode != EVP_CIPH_CTR_MODE) + return -1; + + ctr_ctx = + (gost_grasshopper_cipher_ctx_ctr *)EVP_CIPHER_CTX_get_cipher_data( + ctx); + c = &(ctr_ctx->c); + + /* * 'arg' parameter indicates what we should do with sequence value. * * When function called, seq is incremented after MAC calculation. * In ETM mode, we use seq 'as is' in the ctrl-function (arg = 0) * Otherwise we have to decrease it in the implementation (arg = 1). */ - memcpy(seq, ptr, 8); - decrement_arg = arg; - if (!decrement_sequence(seq, decrement_arg)) - { - GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL, GOST_R_CTRL_CALL_FAILED); - return -1; - } - - if (gost_tlstree(NID_grasshopper_cbc, c->master_key.k.b, newkey, - (const unsigned char *)seq) > 0) { + memcpy(seq, ptr, 8); + decrement_arg = arg; + if (!decrement_sequence(seq, decrement_arg)) { + GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL, + GOST_R_CTRL_CALL_FAILED); + return -1; + } + + if (gost_tlstree(NID_grasshopper_cbc, c->master_key.k.b, newkey, + (const unsigned char *)seq) + > 0) { memset(adjusted_iv, 0, 16); memcpy(adjusted_iv, EVP_CIPHER_CTX_original_iv(ctx), 8); - for(j=7,carry=0; j>=0; j--) - { - int adj_byte = adjusted_iv[j]+seq[j]+carry; - carry = (adj_byte > 255) ? 1 : 0; - adjusted_iv[j] = adj_byte & 0xFF; + for (j = 7, carry = 0; j >= 0; j--) { + int adj_byte = adjusted_iv[j] + seq[j] + carry; + carry = (adj_byte > 255) ? 1 : 0; + adjusted_iv[j] = adj_byte & 0xFF; } EVP_CIPHER_CTX_set_num(ctx, 0); memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), adjusted_iv, 16); gost_grasshopper_cipher_key(c, newkey); return 1; - } } + } return -1; #if 0 case EVP_CTRL_AEAD_GET_TAG: @@ -1187,21 +1154,24 @@ static int gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, v return 1; } #endif - case EVP_CTRL_PROCESS_UNPROTECTED: - { - STACK_OF(X509_ATTRIBUTE) *x = ptr; - gost_grasshopper_cipher_ctx_ctr *c = EVP_CIPHER_CTX_get_cipher_data(ctx); + case EVP_CTRL_PROCESS_UNPROTECTED: { + STACK_OF(X509_ATTRIBUTE) *x = ptr; + gost_grasshopper_cipher_ctx_ctr *c = + EVP_CIPHER_CTX_get_cipher_data(ctx); - if (c->c.type != GRASSHOPPER_CIPHER_CTRACPKMOMAC) - return -1; + if (c->c.type != GRASSHOPPER_CIPHER_CTRACPKMOMAC) + return -1; - return gost2015_process_unprotected_attributes(x, arg, KUZNYECHIK_MAC_MAX_SIZE, c->tag); + return gost2015_process_unprotected_attributes( + x, arg, KUZNYECHIK_MAC_MAX_SIZE, c->tag); } case EVP_CTRL_COPY: { EVP_CIPHER_CTX *out = ptr; - gost_grasshopper_cipher_ctx_ctr *out_cctx = EVP_CIPHER_CTX_get_cipher_data(out); - gost_grasshopper_cipher_ctx_ctr *in_cctx = EVP_CIPHER_CTX_get_cipher_data(ctx); + gost_grasshopper_cipher_ctx_ctr *out_cctx = + EVP_CIPHER_CTX_get_cipher_data(out); + gost_grasshopper_cipher_ctx_ctr *in_cctx = + EVP_CIPHER_CTX_get_cipher_data(ctx); if (in_cctx->c.type != GRASSHOPPER_CIPHER_CTRACPKMOMAC) return -1; @@ -1209,7 +1179,8 @@ static int gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, v if (in_cctx->omac_ctx == out_cctx->omac_ctx) { out_cctx->omac_ctx = EVP_MD_CTX_new(); if (out_cctx->omac_ctx == NULL) { - GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL, ERR_R_MALLOC_FAILURE); + GOSTerr(GOST_F_GOST_GRASSHOPPER_CIPHER_CTL, + ERR_R_MALLOC_FAILURE); return -1; } } @@ -1228,4 +1199,5 @@ const EVP_CIPHER *cipher_gost_grasshopper_ctracpkm() { return GOST_init_cipher(&grasshopper_ctr_acpkm_cipher); } + /* vim: set expandtab cinoptions=\:0,l1,t0,g0,(0 sw=4 : */ diff --git a/gost_grasshopper_cipher.h b/gost_grasshopper_cipher.h index a3a647089..682c23f04 100644 --- a/gost_grasshopper_cipher.h +++ b/gost_grasshopper_cipher.h @@ -6,15 +6,15 @@ #ifndef GOST_GRASSHOPPER_CIPHER_H #define GOST_GRASSHOPPER_CIPHER_H -#define SN_kuznyechik_mgm "kuznyechik-mgm" +#define SN_kuznyechik_mgm "kuznyechik-mgm" #if defined(__cplusplus) extern "C" { #endif #include "gost_grasshopper_defines.h" - #include "gost_lcl.h" + #include // not thread safe @@ -31,84 +31,106 @@ typedef struct { typedef struct { gost_grasshopper_cipher_ctx c; grasshopper_w128_t partial_buffer; - unsigned int section_size; /* After how much bytes mesh the key, + unsigned int section_size; /* After how much bytes mesh the key, if 0 never mesh and work like plain ctr. */ unsigned char kdf_seed[8]; - unsigned char tag[16]; - EVP_MD_CTX *omac_ctx; + unsigned char tag[16]; + EVP_MD_CTX *omac_ctx; } gost_grasshopper_cipher_ctx_ctr; -static void gost_grasshopper_cipher_key(gost_grasshopper_cipher_ctx* c, const uint8_t* k); +static void +gost_grasshopper_cipher_key(gost_grasshopper_cipher_ctx *c, const uint8_t *k); -static void gost_grasshopper_cipher_destroy(gost_grasshopper_cipher_ctx* c); +static void gost_grasshopper_cipher_destroy(gost_grasshopper_cipher_ctx *c); -static int gost_grasshopper_cipher_init_ecb(EVP_CIPHER_CTX* ctx, - const unsigned char* key, const unsigned char* iv, int enc); +static int gost_grasshopper_cipher_init_ecb( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc); -static int gost_grasshopper_cipher_init_cbc(EVP_CIPHER_CTX* ctx, - const unsigned char* key, const unsigned char* iv, int enc); +static int gost_grasshopper_cipher_init_cbc( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc); -static int gost_grasshopper_cipher_init_ofb(EVP_CIPHER_CTX* ctx, - const unsigned char* key, const unsigned char* iv, int enc); +static int gost_grasshopper_cipher_init_ofb( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc); -static int gost_grasshopper_cipher_init_cfb(EVP_CIPHER_CTX* ctx, - const unsigned char* key, const unsigned char* iv, int enc); +static int gost_grasshopper_cipher_init_cfb( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc); -static int gost_grasshopper_cipher_init_ctr(EVP_CIPHER_CTX* ctx, - const unsigned char* key, const unsigned char* iv, int enc); +static int gost_grasshopper_cipher_init_ctr( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc); -static int gost_grasshopper_cipher_init_ctracpkm(EVP_CIPHER_CTX* ctx, - const unsigned char* key, const unsigned char* iv, int enc); +static int gost_grasshopper_cipher_init_ctracpkm( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc); -static int gost_grasshopper_cipher_init_ctracpkm_omac(EVP_CIPHER_CTX* ctx, - const unsigned char* key, const unsigned char* iv, int enc); +static int gost_grasshopper_cipher_init_ctracpkm_omac( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc); -static int gost_grasshopper_cipher_init_mgm(EVP_CIPHER_CTX* ctx, - const unsigned char* key, const unsigned char* iv, int enc); +static int gost_grasshopper_cipher_init_mgm( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc); -static int gost_grasshopper_cipher_init(EVP_CIPHER_CTX* ctx, const unsigned char* key, - const unsigned char* iv, int enc); +static int gost_grasshopper_cipher_init( + EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, + int enc); -static int gost_grasshopper_cipher_do(EVP_CIPHER_CTX* ctx, unsigned char* out, - const unsigned char* in, size_t inl); +static int gost_grasshopper_cipher_do(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); -static int gost_grasshopper_cipher_do_ecb(EVP_CIPHER_CTX* ctx, unsigned char* out, - const unsigned char* in, size_t inl); +static int gost_grasshopper_cipher_do_ecb( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl); -static int gost_grasshopper_cipher_do_cbc(EVP_CIPHER_CTX* ctx, unsigned char* out, - const unsigned char* in, size_t inl); +static int gost_grasshopper_cipher_do_cbc( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl); -static int gost_grasshopper_cipher_do_ofb(EVP_CIPHER_CTX* ctx, unsigned char* out, - const unsigned char* in, size_t inl); +static int gost_grasshopper_cipher_do_ofb( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl); -static int gost_grasshopper_cipher_do_cfb(EVP_CIPHER_CTX* ctx, unsigned char* out, - const unsigned char* in, size_t inl); +static int gost_grasshopper_cipher_do_cfb( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl); -static int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX* ctx, unsigned char* out, - const unsigned char* in, size_t inl); +static int gost_grasshopper_cipher_do_ctr( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl); -static int gost_grasshopper_cipher_do_ctracpkm(EVP_CIPHER_CTX* ctx, unsigned char* out, - const unsigned char* in, size_t inl); +static int gost_grasshopper_cipher_do_ctracpkm( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl); -static int gost_grasshopper_cipher_do_ctracpkm_omac(EVP_CIPHER_CTX* ctx, unsigned char* out, - const unsigned char* in, size_t inl); +static int gost_grasshopper_cipher_do_ctracpkm_omac( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl); -static int gost_grasshopper_cipher_do_mgm(EVP_CIPHER_CTX* ctx, unsigned char* out, - const unsigned char* in, size_t inl); +static int gost_grasshopper_cipher_do_mgm( + EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl); -static int gost_grasshopper_cipher_cleanup(EVP_CIPHER_CTX* ctx); +static int gost_grasshopper_cipher_cleanup(EVP_CIPHER_CTX *ctx); static int gost_grasshopper_mgm_cleanup(EVP_CIPHER_CTX *c); -static int gost_grasshopper_set_asn1_parameters(EVP_CIPHER_CTX* ctx, ASN1_TYPE* params); +static int +gost_grasshopper_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params); -static int gost_grasshopper_get_asn1_parameters(EVP_CIPHER_CTX* ctx, ASN1_TYPE* params); +static int +gost_grasshopper_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params); -static int gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX* ctx, int type, int arg, void* ptr); +static int +gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); -static int gost_grasshopper_mgm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +static int +gost_grasshopper_mgm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); -const EVP_CIPHER* cipher_gost_grasshopper_ctracpkm(); +const EVP_CIPHER *cipher_gost_grasshopper_ctracpkm(); #if defined(__cplusplus) } diff --git a/gost_grasshopper_core.c b/gost_grasshopper_core.c index 19c6567a4..fe0fd0e82 100644 --- a/gost_grasshopper_core.c +++ b/gost_grasshopper_core.c @@ -8,20 +8,23 @@ extern "C" { #endif #include "gost_grasshopper_core.h" + +#include "gost_grasshopper_defines.h" #include "gost_grasshopper_math.h" #include "gost_grasshopper_precompiled.h" -#include "gost_grasshopper_defines.h" -static GRASSHOPPER_INLINE void grasshopper_l(grasshopper_w128_t* w) { +static GRASSHOPPER_INLINE void grasshopper_l(grasshopper_w128_t *w) +{ unsigned int j; int i; // 16 rounds - for (j = 0; j < sizeof(grasshopper_lvec) / sizeof(grasshopper_lvec[0]); j++) { + for (j = 0; j < sizeof(grasshopper_lvec) / sizeof(grasshopper_lvec[0]); + j++) { uint8_t x; // An LFSR with 16 elements from GF(2^8) - x = w->b[15]; // since lvec[15] = 1 + x = w->b[15]; // since lvec[15] = 1 for (i = 14; i >= 0; i--) { w->b[i + 1] = w->b[i]; @@ -31,12 +34,14 @@ static GRASSHOPPER_INLINE void grasshopper_l(grasshopper_w128_t* w) { } } -static GRASSHOPPER_INLINE void grasshopper_l_inv(grasshopper_w128_t* w) { +static GRASSHOPPER_INLINE void grasshopper_l_inv(grasshopper_w128_t *w) +{ unsigned int j; int i; // 16 rounds - for (j = 0; j < sizeof(grasshopper_lvec) / sizeof(grasshopper_lvec[0]); j++) { + for (j = 0; j < sizeof(grasshopper_lvec) / sizeof(grasshopper_lvec[0]); + j++) { uint8_t x = w->b[0]; for (i = 0; i < 15; i++) { w->b[i] = w->b[i + 1]; @@ -48,7 +53,9 @@ static GRASSHOPPER_INLINE void grasshopper_l_inv(grasshopper_w128_t* w) { // key setup -void grasshopper_set_encrypt_key(grasshopper_round_keys_t* subkeys, const grasshopper_key_t* key) { +void grasshopper_set_encrypt_key(grasshopper_round_keys_t *subkeys, + const grasshopper_key_t *key) +{ grasshopper_w128_t c, x, y, z; int i; @@ -62,10 +69,9 @@ void grasshopper_set_encrypt_key(grasshopper_round_keys_t* subkeys, const grassh grasshopper_copy128(&subkeys->k[1], &y); for (i = 1; i <= 32; i++) { - // C Value grasshopper_zero128(&c); - c.b[15] = (uint8_t) i; // load round in lsb + c.b[15] = (uint8_t)i; // load round in lsb grasshopper_l(&c); grasshopper_plus128(&z, &x, &c); @@ -90,8 +96,10 @@ void grasshopper_set_encrypt_key(grasshopper_round_keys_t* subkeys, const grassh grasshopper_zero128(&z); } -void grasshopper_set_decrypt_key(grasshopper_round_keys_t* subkeys, const grasshopper_key_t* key) { - int i; +void grasshopper_set_decrypt_key(grasshopper_round_keys_t *subkeys, + const grasshopper_key_t *key) +{ + int i; grasshopper_set_encrypt_key(subkeys, key); for (i = 1; i < 10; i++) { @@ -99,8 +107,10 @@ void grasshopper_set_decrypt_key(grasshopper_round_keys_t* subkeys, const grassh } } -void grasshopper_encrypt_block(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source, - grasshopper_w128_t* target, grasshopper_w128_t* buffer) { +void grasshopper_encrypt_block( + grasshopper_round_keys_t *subkeys, grasshopper_w128_t *source, + grasshopper_w128_t *target, grasshopper_w128_t *buffer) +{ int i; grasshopper_copy128(target, source); @@ -112,8 +122,10 @@ void grasshopper_encrypt_block(grasshopper_round_keys_t* subkeys, grasshopper_w1 grasshopper_append128(target, &subkeys->k[9]); } -void grasshopper_decrypt_block(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source, - grasshopper_w128_t* target, grasshopper_w128_t* buffer) { +void grasshopper_decrypt_block( + grasshopper_round_keys_t *subkeys, grasshopper_w128_t *source, + grasshopper_w128_t *target, grasshopper_w128_t *buffer) +{ int i; grasshopper_copy128(target, source); diff --git a/gost_grasshopper_core.h b/gost_grasshopper_core.h index a5d3df622..6246d7458 100644 --- a/gost_grasshopper_core.h +++ b/gost_grasshopper_core.h @@ -12,16 +12,22 @@ extern "C" { #include "gost_grasshopper_defines.h" -static void grasshopper_l(grasshopper_w128_t* w); -static void grasshopper_l_inv(grasshopper_w128_t* w); +static void grasshopper_l(grasshopper_w128_t *w); +static void grasshopper_l_inv(grasshopper_w128_t *w); // key setup -extern void grasshopper_set_encrypt_key(grasshopper_round_keys_t* subkeys, const grasshopper_key_t* key); -extern void grasshopper_set_decrypt_key(grasshopper_round_keys_t* subkeys, const grasshopper_key_t* key); +extern void grasshopper_set_encrypt_key( + grasshopper_round_keys_t *subkeys, const grasshopper_key_t *key); +extern void grasshopper_set_decrypt_key( + grasshopper_round_keys_t *subkeys, const grasshopper_key_t *key); // single-block ecp ops -extern void grasshopper_encrypt_block(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source, grasshopper_w128_t* target, grasshopper_w128_t* buffer); -extern void grasshopper_decrypt_block(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source, grasshopper_w128_t* target, grasshopper_w128_t* buffer); +extern void grasshopper_encrypt_block( + grasshopper_round_keys_t *subkeys, grasshopper_w128_t *source, + grasshopper_w128_t *target, grasshopper_w128_t *buffer); +extern void grasshopper_decrypt_block( + grasshopper_round_keys_t *subkeys, grasshopper_w128_t *source, + grasshopper_w128_t *target, grasshopper_w128_t *buffer); #if defined(__cplusplus) } diff --git a/gost_grasshopper_defines.c b/gost_grasshopper_defines.c index 4722f91c2..19a22ebed 100644 --- a/gost_grasshopper_defines.c +++ b/gost_grasshopper_defines.c @@ -12,83 +12,82 @@ extern "C" { // The S-Box from section 5.1.1 const uint8_t grasshopper_pi[0x100] = { - 0xFC, 0xEE, 0xDD, 0x11, 0xCF, 0x6E, 0x31, 0x16, // 00..07 - 0xFB, 0xC4, 0xFA, 0xDA, 0x23, 0xC5, 0x04, 0x4D, // 08..0F - 0xE9, 0x77, 0xF0, 0xDB, 0x93, 0x2E, 0x99, 0xBA, // 10..17 - 0x17, 0x36, 0xF1, 0xBB, 0x14, 0xCD, 0x5F, 0xC1, // 18..1F - 0xF9, 0x18, 0x65, 0x5A, 0xE2, 0x5C, 0xEF, 0x21, // 20..27 - 0x81, 0x1C, 0x3C, 0x42, 0x8B, 0x01, 0x8E, 0x4F, // 28..2F - 0x05, 0x84, 0x02, 0xAE, 0xE3, 0x6A, 0x8F, 0xA0, // 30..37 - 0x06, 0x0B, 0xED, 0x98, 0x7F, 0xD4, 0xD3, 0x1F, // 38..3F - 0xEB, 0x34, 0x2C, 0x51, 0xEA, 0xC8, 0x48, 0xAB, // 40..47 - 0xF2, 0x2A, 0x68, 0xA2, 0xFD, 0x3A, 0xCE, 0xCC, // 48..4F - 0xB5, 0x70, 0x0E, 0x56, 0x08, 0x0C, 0x76, 0x12, // 50..57 - 0xBF, 0x72, 0x13, 0x47, 0x9C, 0xB7, 0x5D, 0x87, // 58..5F - 0x15, 0xA1, 0x96, 0x29, 0x10, 0x7B, 0x9A, 0xC7, // 60..67 - 0xF3, 0x91, 0x78, 0x6F, 0x9D, 0x9E, 0xB2, 0xB1, // 68..6F - 0x32, 0x75, 0x19, 0x3D, 0xFF, 0x35, 0x8A, 0x7E, // 70..77 - 0x6D, 0x54, 0xC6, 0x80, 0xC3, 0xBD, 0x0D, 0x57, // 78..7F - 0xDF, 0xF5, 0x24, 0xA9, 0x3E, 0xA8, 0x43, 0xC9, // 80..87 - 0xD7, 0x79, 0xD6, 0xF6, 0x7C, 0x22, 0xB9, 0x03, // 88..8F - 0xE0, 0x0F, 0xEC, 0xDE, 0x7A, 0x94, 0xB0, 0xBC, // 90..97 - 0xDC, 0xE8, 0x28, 0x50, 0x4E, 0x33, 0x0A, 0x4A, // 98..9F - 0xA7, 0x97, 0x60, 0x73, 0x1E, 0x00, 0x62, 0x44, // A0..A7 - 0x1A, 0xB8, 0x38, 0x82, 0x64, 0x9F, 0x26, 0x41, // A8..AF - 0xAD, 0x45, 0x46, 0x92, 0x27, 0x5E, 0x55, 0x2F, // B0..B7 - 0x8C, 0xA3, 0xA5, 0x7D, 0x69, 0xD5, 0x95, 0x3B, // B8..BF - 0x07, 0x58, 0xB3, 0x40, 0x86, 0xAC, 0x1D, 0xF7, // C0..C7 - 0x30, 0x37, 0x6B, 0xE4, 0x88, 0xD9, 0xE7, 0x89, // C8..CF - 0xE1, 0x1B, 0x83, 0x49, 0x4C, 0x3F, 0xF8, 0xFE, // D0..D7 - 0x8D, 0x53, 0xAA, 0x90, 0xCA, 0xD8, 0x85, 0x61, // D8..DF - 0x20, 0x71, 0x67, 0xA4, 0x2D, 0x2B, 0x09, 0x5B, // E0..E7 - 0xCB, 0x9B, 0x25, 0xD0, 0xBE, 0xE5, 0x6C, 0x52, // E8..EF - 0x59, 0xA6, 0x74, 0xD2, 0xE6, 0xF4, 0xB4, 0xC0, // F0..F7 - 0xD1, 0x66, 0xAF, 0xC2, 0x39, 0x4B, 0x63, 0xB6, // F8..FF + 0xFC, 0xEE, 0xDD, 0x11, 0xCF, 0x6E, 0x31, 0x16, // 00..07 + 0xFB, 0xC4, 0xFA, 0xDA, 0x23, 0xC5, 0x04, 0x4D, // 08..0F + 0xE9, 0x77, 0xF0, 0xDB, 0x93, 0x2E, 0x99, 0xBA, // 10..17 + 0x17, 0x36, 0xF1, 0xBB, 0x14, 0xCD, 0x5F, 0xC1, // 18..1F + 0xF9, 0x18, 0x65, 0x5A, 0xE2, 0x5C, 0xEF, 0x21, // 20..27 + 0x81, 0x1C, 0x3C, 0x42, 0x8B, 0x01, 0x8E, 0x4F, // 28..2F + 0x05, 0x84, 0x02, 0xAE, 0xE3, 0x6A, 0x8F, 0xA0, // 30..37 + 0x06, 0x0B, 0xED, 0x98, 0x7F, 0xD4, 0xD3, 0x1F, // 38..3F + 0xEB, 0x34, 0x2C, 0x51, 0xEA, 0xC8, 0x48, 0xAB, // 40..47 + 0xF2, 0x2A, 0x68, 0xA2, 0xFD, 0x3A, 0xCE, 0xCC, // 48..4F + 0xB5, 0x70, 0x0E, 0x56, 0x08, 0x0C, 0x76, 0x12, // 50..57 + 0xBF, 0x72, 0x13, 0x47, 0x9C, 0xB7, 0x5D, 0x87, // 58..5F + 0x15, 0xA1, 0x96, 0x29, 0x10, 0x7B, 0x9A, 0xC7, // 60..67 + 0xF3, 0x91, 0x78, 0x6F, 0x9D, 0x9E, 0xB2, 0xB1, // 68..6F + 0x32, 0x75, 0x19, 0x3D, 0xFF, 0x35, 0x8A, 0x7E, // 70..77 + 0x6D, 0x54, 0xC6, 0x80, 0xC3, 0xBD, 0x0D, 0x57, // 78..7F + 0xDF, 0xF5, 0x24, 0xA9, 0x3E, 0xA8, 0x43, 0xC9, // 80..87 + 0xD7, 0x79, 0xD6, 0xF6, 0x7C, 0x22, 0xB9, 0x03, // 88..8F + 0xE0, 0x0F, 0xEC, 0xDE, 0x7A, 0x94, 0xB0, 0xBC, // 90..97 + 0xDC, 0xE8, 0x28, 0x50, 0x4E, 0x33, 0x0A, 0x4A, // 98..9F + 0xA7, 0x97, 0x60, 0x73, 0x1E, 0x00, 0x62, 0x44, // A0..A7 + 0x1A, 0xB8, 0x38, 0x82, 0x64, 0x9F, 0x26, 0x41, // A8..AF + 0xAD, 0x45, 0x46, 0x92, 0x27, 0x5E, 0x55, 0x2F, // B0..B7 + 0x8C, 0xA3, 0xA5, 0x7D, 0x69, 0xD5, 0x95, 0x3B, // B8..BF + 0x07, 0x58, 0xB3, 0x40, 0x86, 0xAC, 0x1D, 0xF7, // C0..C7 + 0x30, 0x37, 0x6B, 0xE4, 0x88, 0xD9, 0xE7, 0x89, // C8..CF + 0xE1, 0x1B, 0x83, 0x49, 0x4C, 0x3F, 0xF8, 0xFE, // D0..D7 + 0x8D, 0x53, 0xAA, 0x90, 0xCA, 0xD8, 0x85, 0x61, // D8..DF + 0x20, 0x71, 0x67, 0xA4, 0x2D, 0x2B, 0x09, 0x5B, // E0..E7 + 0xCB, 0x9B, 0x25, 0xD0, 0xBE, 0xE5, 0x6C, 0x52, // E8..EF + 0x59, 0xA6, 0x74, 0xD2, 0xE6, 0xF4, 0xB4, 0xC0, // F0..F7 + 0xD1, 0x66, 0xAF, 0xC2, 0x39, 0x4B, 0x63, 0xB6, // F8..FF }; // Inverse S-Box const uint8_t grasshopper_pi_inv[0x100] = { - 0xA5, 0x2D, 0x32, 0x8F, 0x0E, 0x30, 0x38, 0xC0, // 00..07 - 0x54, 0xE6, 0x9E, 0x39, 0x55, 0x7E, 0x52, 0x91, // 08..0F - 0x64, 0x03, 0x57, 0x5A, 0x1C, 0x60, 0x07, 0x18, // 10..17 - 0x21, 0x72, 0xA8, 0xD1, 0x29, 0xC6, 0xA4, 0x3F, // 18..1F - 0xE0, 0x27, 0x8D, 0x0C, 0x82, 0xEA, 0xAE, 0xB4, // 20..27 - 0x9A, 0x63, 0x49, 0xE5, 0x42, 0xE4, 0x15, 0xB7, // 28..2F - 0xC8, 0x06, 0x70, 0x9D, 0x41, 0x75, 0x19, 0xC9, // 30..37 - 0xAA, 0xFC, 0x4D, 0xBF, 0x2A, 0x73, 0x84, 0xD5, // 38..3F - 0xC3, 0xAF, 0x2B, 0x86, 0xA7, 0xB1, 0xB2, 0x5B, // 40..47 - 0x46, 0xD3, 0x9F, 0xFD, 0xD4, 0x0F, 0x9C, 0x2F, // 48..4F - 0x9B, 0x43, 0xEF, 0xD9, 0x79, 0xB6, 0x53, 0x7F, // 50..57 - 0xC1, 0xF0, 0x23, 0xE7, 0x25, 0x5E, 0xB5, 0x1E, // 58..5F - 0xA2, 0xDF, 0xA6, 0xFE, 0xAC, 0x22, 0xF9, 0xE2, // 60..67 - 0x4A, 0xBC, 0x35, 0xCA, 0xEE, 0x78, 0x05, 0x6B, // 68..6F - 0x51, 0xE1, 0x59, 0xA3, 0xF2, 0x71, 0x56, 0x11, // 70..77 - 0x6A, 0x89, 0x94, 0x65, 0x8C, 0xBB, 0x77, 0x3C, // 78..7F - 0x7B, 0x28, 0xAB, 0xD2, 0x31, 0xDE, 0xC4, 0x5F, // 80..87 - 0xCC, 0xCF, 0x76, 0x2C, 0xB8, 0xD8, 0x2E, 0x36, // 88..8F - 0xDB, 0x69, 0xB3, 0x14, 0x95, 0xBE, 0x62, 0xA1, // 90..97 - 0x3B, 0x16, 0x66, 0xE9, 0x5C, 0x6C, 0x6D, 0xAD, // 98..9F - 0x37, 0x61, 0x4B, 0xB9, 0xE3, 0xBA, 0xF1, 0xA0, // A0..A7 - 0x85, 0x83, 0xDA, 0x47, 0xC5, 0xB0, 0x33, 0xFA, // A8..AF - 0x96, 0x6F, 0x6E, 0xC2, 0xF6, 0x50, 0xFF, 0x5D, // B0..B7 - 0xA9, 0x8E, 0x17, 0x1B, 0x97, 0x7D, 0xEC, 0x58, // B8..BF - 0xF7, 0x1F, 0xFB, 0x7C, 0x09, 0x0D, 0x7A, 0x67, // C0..C7 - 0x45, 0x87, 0xDC, 0xE8, 0x4F, 0x1D, 0x4E, 0x04, // C8..CF - 0xEB, 0xF8, 0xF3, 0x3E, 0x3D, 0xBD, 0x8A, 0x88, // D0..D7 - 0xDD, 0xCD, 0x0B, 0x13, 0x98, 0x02, 0x93, 0x80, // D8..DF - 0x90, 0xD0, 0x24, 0x34, 0xCB, 0xED, 0xF4, 0xCE, // E0..E7 - 0x99, 0x10, 0x44, 0x40, 0x92, 0x3A, 0x01, 0x26, // E8..EF - 0x12, 0x1A, 0x48, 0x68, 0xF5, 0x81, 0x8B, 0xC7, // F0..F7 - 0xD6, 0x20, 0x0A, 0x08, 0x00, 0x4C, 0xD7, 0x74 // F8..FF + 0xA5, 0x2D, 0x32, 0x8F, 0x0E, 0x30, 0x38, 0xC0, // 00..07 + 0x54, 0xE6, 0x9E, 0x39, 0x55, 0x7E, 0x52, 0x91, // 08..0F + 0x64, 0x03, 0x57, 0x5A, 0x1C, 0x60, 0x07, 0x18, // 10..17 + 0x21, 0x72, 0xA8, 0xD1, 0x29, 0xC6, 0xA4, 0x3F, // 18..1F + 0xE0, 0x27, 0x8D, 0x0C, 0x82, 0xEA, 0xAE, 0xB4, // 20..27 + 0x9A, 0x63, 0x49, 0xE5, 0x42, 0xE4, 0x15, 0xB7, // 28..2F + 0xC8, 0x06, 0x70, 0x9D, 0x41, 0x75, 0x19, 0xC9, // 30..37 + 0xAA, 0xFC, 0x4D, 0xBF, 0x2A, 0x73, 0x84, 0xD5, // 38..3F + 0xC3, 0xAF, 0x2B, 0x86, 0xA7, 0xB1, 0xB2, 0x5B, // 40..47 + 0x46, 0xD3, 0x9F, 0xFD, 0xD4, 0x0F, 0x9C, 0x2F, // 48..4F + 0x9B, 0x43, 0xEF, 0xD9, 0x79, 0xB6, 0x53, 0x7F, // 50..57 + 0xC1, 0xF0, 0x23, 0xE7, 0x25, 0x5E, 0xB5, 0x1E, // 58..5F + 0xA2, 0xDF, 0xA6, 0xFE, 0xAC, 0x22, 0xF9, 0xE2, // 60..67 + 0x4A, 0xBC, 0x35, 0xCA, 0xEE, 0x78, 0x05, 0x6B, // 68..6F + 0x51, 0xE1, 0x59, 0xA3, 0xF2, 0x71, 0x56, 0x11, // 70..77 + 0x6A, 0x89, 0x94, 0x65, 0x8C, 0xBB, 0x77, 0x3C, // 78..7F + 0x7B, 0x28, 0xAB, 0xD2, 0x31, 0xDE, 0xC4, 0x5F, // 80..87 + 0xCC, 0xCF, 0x76, 0x2C, 0xB8, 0xD8, 0x2E, 0x36, // 88..8F + 0xDB, 0x69, 0xB3, 0x14, 0x95, 0xBE, 0x62, 0xA1, // 90..97 + 0x3B, 0x16, 0x66, 0xE9, 0x5C, 0x6C, 0x6D, 0xAD, // 98..9F + 0x37, 0x61, 0x4B, 0xB9, 0xE3, 0xBA, 0xF1, 0xA0, // A0..A7 + 0x85, 0x83, 0xDA, 0x47, 0xC5, 0xB0, 0x33, 0xFA, // A8..AF + 0x96, 0x6F, 0x6E, 0xC2, 0xF6, 0x50, 0xFF, 0x5D, // B0..B7 + 0xA9, 0x8E, 0x17, 0x1B, 0x97, 0x7D, 0xEC, 0x58, // B8..BF + 0xF7, 0x1F, 0xFB, 0x7C, 0x09, 0x0D, 0x7A, 0x67, // C0..C7 + 0x45, 0x87, 0xDC, 0xE8, 0x4F, 0x1D, 0x4E, 0x04, // C8..CF + 0xEB, 0xF8, 0xF3, 0x3E, 0x3D, 0xBD, 0x8A, 0x88, // D0..D7 + 0xDD, 0xCD, 0x0B, 0x13, 0x98, 0x02, 0x93, 0x80, // D8..DF + 0x90, 0xD0, 0x24, 0x34, 0xCB, 0xED, 0xF4, 0xCE, // E0..E7 + 0x99, 0x10, 0x44, 0x40, 0x92, 0x3A, 0x01, 0x26, // E8..EF + 0x12, 0x1A, 0x48, 0x68, 0xF5, 0x81, 0x8B, 0xC7, // F0..F7 + 0xD6, 0x20, 0x0A, 0x08, 0x00, 0x4C, 0xD7, 0x74 // F8..FF }; // Linear vector from sect 5.1.2 const uint8_t grasshopper_lvec[16] = { - 0x94, 0x20, 0x85, 0x10, 0xC2, 0xC0, 0x01, 0xFB, - 0x01, 0xC0, 0xC2, 0x10, 0x85, 0x20, 0x94, 0x01 -}; + 0x94, 0x20, 0x85, 0x10, 0xC2, 0xC0, 0x01, 0xFB, + 0x01, 0xC0, 0xC2, 0x10, 0x85, 0x20, 0x94, 0x01}; #if defined(__cplusplus) } diff --git a/gost_grasshopper_defines.h b/gost_grasshopper_defines.h index 79922045c..3965ff8f6 100644 --- a/gost_grasshopper_defines.h +++ b/gost_grasshopper_defines.h @@ -13,24 +13,24 @@ extern "C" { #include #include -# if !defined(inline) && !defined(__cplusplus) -# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L -# define GRASSHOPPER_INLINE inline -# elif defined(__GNUC__) && __GNUC__ >= 2 -# define GRASSHOPPER_INLINE __inline__ -# define likely(x) __builtin_expect(!!(x), 1) -# elif defined(_MSC_VER) -# define GRASSHOPPER_INLINE __inline -# else -# define GRASSHOPPER_INLINE -# endif -# else +#if !defined(inline) && !defined(__cplusplus) +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L # define GRASSHOPPER_INLINE inline +# elif defined(__GNUC__) && __GNUC__ >= 2 +# define GRASSHOPPER_INLINE __inline__ +# define likely(x) __builtin_expect(!!(x), 1) +# elif defined(_MSC_VER) +# define GRASSHOPPER_INLINE __inline +# else +# define GRASSHOPPER_INLINE # endif +#else +# define GRASSHOPPER_INLINE inline +#endif -# if !defined(likely) -# define likely(x) x -# endif +#if !defined(likely) +# define likely(x) x +#endif typedef union { uint8_t b[16]; @@ -63,8 +63,8 @@ extern const uint8_t grasshopper_pi_inv[0x100]; extern const uint8_t grasshopper_lvec[16]; -#define GRASSHOPPER_BLOCK_SIZE (128/8) -#define GRASSHOPPER_KEY_SIZE (256/8) +#define GRASSHOPPER_BLOCK_SIZE (128 / 8) +#define GRASSHOPPER_KEY_SIZE (256 / 8) #if defined(__cplusplus) } diff --git a/gost_grasshopper_galois_precompiled.c b/gost_grasshopper_galois_precompiled.c index f8c0f80ef..31f26ceb9 100644 --- a/gost_grasshopper_galois_precompiled.c +++ b/gost_grasshopper_galois_precompiled.c @@ -3,12 +3,46 @@ * This file is distributed under the same license as OpenSSL */ -#include "gost_grasshopper_precompiled.h" #include "gost_grasshopper_defines.h" +#include "gost_grasshopper_precompiled.h" uint8_t grasshopper_galois_alpha_to[256] = { - 1, 2, 4, 8, 16, 32, 64, 128, 195, 69, 138, 215, 109, 218, 119, 238, 31, 62, 124, 248, 51, 102, 204, 91, 182, 175, 157, 249, 49, 98, 196, 75, 150, 239, 29, 58, 116, 232, 19, 38, 76, 152, 243, 37, 74, 148, 235, 21, 42, 84, 168, 147, 229, 9, 18, 36, 72, 144, 227, 5, 10, 20, 40, 80, 160, 131, 197, 73, 146, 231, 13, 26, 52, 104, 208, 99, 198, 79, 158, 255, 61, 122, 244, 43, 86, 172, 155, 245, 41, 82, 164, 139, 213, 105, 210, 103, 206, 95, 190, 191, 189, 185, 177, 161, 129, 193, 65, 130, 199, 77, 154, 247, 45, 90, 180, 171, 149, 233, 17, 34, 68, 136, 211, 101, 202, 87, 174, 159, 253, 57, 114, 228, 11, 22, 44, 88, 176, 163, 133, 201, 81, 162, 135, 205, 89, 178, 167, 141, 217, 113, 226, 7, 14, 28, 56, 112, 224, 3, 6, 12, 24, 48, 96, 192, 67, 134, 207, 93, 186, 183, 173, 153, 241, 33, 66, 132, 203, 85, 170, 151, 237, 25, 50, 100, 200, 83, 166, 143, 221, 121, 242, 39, 78, 156, 251, 53, 106, 212, 107, 214, 111, 222, 127, 254, 63, 126, 252, 59, 118, 236, 27, 54, 108, 216, 115, 230, 15, 30, 60, 120, 240, 35, 70, 140, 219, 117, 234, 23, 46, 92, 184, 179, 165, 137, 209, 97, 194, 71, 142, 223, 125, 250, 55, 110, 220, 123, 246, 47, 94, 188, 187, 181, 169, 145, 225, 1, + 1, 2, 4, 8, 16, 32, 64, 128, 195, 69, 138, 215, 109, 218, 119, + 238, 31, 62, 124, 248, 51, 102, 204, 91, 182, 175, 157, 249, 49, 98, + 196, 75, 150, 239, 29, 58, 116, 232, 19, 38, 76, 152, 243, 37, 74, + 148, 235, 21, 42, 84, 168, 147, 229, 9, 18, 36, 72, 144, 227, 5, + 10, 20, 40, 80, 160, 131, 197, 73, 146, 231, 13, 26, 52, 104, 208, + 99, 198, 79, 158, 255, 61, 122, 244, 43, 86, 172, 155, 245, 41, 82, + 164, 139, 213, 105, 210, 103, 206, 95, 190, 191, 189, 185, 177, 161, 129, + 193, 65, 130, 199, 77, 154, 247, 45, 90, 180, 171, 149, 233, 17, 34, + 68, 136, 211, 101, 202, 87, 174, 159, 253, 57, 114, 228, 11, 22, 44, + 88, 176, 163, 133, 201, 81, 162, 135, 205, 89, 178, 167, 141, 217, 113, + 226, 7, 14, 28, 56, 112, 224, 3, 6, 12, 24, 48, 96, 192, 67, + 134, 207, 93, 186, 183, 173, 153, 241, 33, 66, 132, 203, 85, 170, 151, + 237, 25, 50, 100, 200, 83, 166, 143, 221, 121, 242, 39, 78, 156, 251, + 53, 106, 212, 107, 214, 111, 222, 127, 254, 63, 126, 252, 59, 118, 236, + 27, 54, 108, 216, 115, 230, 15, 30, 60, 120, 240, 35, 70, 140, 219, + 117, 234, 23, 46, 92, 184, 179, 165, 137, 209, 97, 194, 71, 142, 223, + 125, 250, 55, 110, 220, 123, 246, 47, 94, 188, 187, 181, 169, 145, 225, + 1, }; uint8_t grasshopper_galois_index_of[256] = { - 255, 0, 1, 157, 2, 59, 158, 151, 3, 53, 60, 132, 159, 70, 152, 216, 4, 118, 54, 38, 61, 47, 133, 227, 160, 181, 71, 210, 153, 34, 217, 16, 5, 173, 119, 221, 55, 43, 39, 191, 62, 88, 48, 83, 134, 112, 228, 247, 161, 28, 182, 20, 72, 195, 211, 242, 154, 129, 35, 207, 218, 80, 17, 204, 6, 106, 174, 164, 120, 9, 222, 237, 56, 67, 44, 31, 40, 109, 192, 77, 63, 140, 89, 185, 49, 177, 84, 125, 135, 144, 113, 23, 229, 167, 248, 97, 162, 235, 29, 75, 183, 123, 21, 95, 73, 93, 196, 198, 212, 12, 243, 200, 155, 149, 130, 214, 36, 225, 208, 14, 219, 189, 81, 245, 18, 240, 205, 202, 7, 104, 107, 65, 175, 138, 165, 142, 121, 233, 10, 91, 223, 147, 238, 187, 57, 253, 68, 51, 45, 116, 32, 179, 41, 171, 110, 86, 193, 26, 78, 127, 64, 103, 141, 137, 90, 232, 186, 146, 50, 252, 178, 115, 85, 170, 126, 25, 136, 102, 145, 231, 114, 251, 24, 169, 230, 101, 168, 250, 249, 100, 98, 99, 163, 105, 236, 8, 30, 66, 76, 108, 184, 139, 124, 176, 22, 143, 96, 166, 74, 234, 94, 122, 197, 92, 199, 11, 213, 148, 13, 224, 244, 188, 201, 239, 156, 254, 150, 58, 131, 52, 215, 69, 37, 117, 226, 46, 209, 180, 15, 33, 220, 172, 190, 42, 82, 87, 246, 111, 19, 27, 241, 194, 206, 128, 203, 79, + 255, 0, 1, 157, 2, 59, 158, 151, 3, 53, 60, 132, 159, 70, 152, + 216, 4, 118, 54, 38, 61, 47, 133, 227, 160, 181, 71, 210, 153, 34, + 217, 16, 5, 173, 119, 221, 55, 43, 39, 191, 62, 88, 48, 83, 134, + 112, 228, 247, 161, 28, 182, 20, 72, 195, 211, 242, 154, 129, 35, 207, + 218, 80, 17, 204, 6, 106, 174, 164, 120, 9, 222, 237, 56, 67, 44, + 31, 40, 109, 192, 77, 63, 140, 89, 185, 49, 177, 84, 125, 135, 144, + 113, 23, 229, 167, 248, 97, 162, 235, 29, 75, 183, 123, 21, 95, 73, + 93, 196, 198, 212, 12, 243, 200, 155, 149, 130, 214, 36, 225, 208, 14, + 219, 189, 81, 245, 18, 240, 205, 202, 7, 104, 107, 65, 175, 138, 165, + 142, 121, 233, 10, 91, 223, 147, 238, 187, 57, 253, 68, 51, 45, 116, + 32, 179, 41, 171, 110, 86, 193, 26, 78, 127, 64, 103, 141, 137, 90, + 232, 186, 146, 50, 252, 178, 115, 85, 170, 126, 25, 136, 102, 145, 231, + 114, 251, 24, 169, 230, 101, 168, 250, 249, 100, 98, 99, 163, 105, 236, + 8, 30, 66, 76, 108, 184, 139, 124, 176, 22, 143, 96, 166, 74, 234, + 94, 122, 197, 92, 199, 11, 213, 148, 13, 224, 244, 188, 201, 239, 156, + 254, 150, 58, 131, 52, 215, 69, 37, 117, 226, 46, 209, 180, 15, 33, + 220, 172, 190, 42, 82, 87, 246, 111, 19, 27, 241, 194, 206, 128, 203, + 79, }; diff --git a/gost_grasshopper_math.h b/gost_grasshopper_math.h index 91f276fd3..3a9302eaa 100644 --- a/gost_grasshopper_math.h +++ b/gost_grasshopper_math.h @@ -12,108 +12,127 @@ extern "C" { #include "gost_grasshopper_defines.h" -#if defined(__SSE__) || defined(__SSE2__) || defined(__SSE2_MATH__) || defined(__SSE3__) || defined(__SSE_MATH__) \ - || defined(__SSE4_1__)|| defined(__SSE4_2__)|| defined(__SSSE3__) -#define GRASSHOPPER_SSE_SUPPORTED +#if defined(__SSE__) || defined(__SSE2__) || defined(__SSE2_MATH__) \ + || defined(__SSE3__) || defined(__SSE_MATH__) || defined(__SSE4_1__) \ + || defined(__SSE4_2__) || defined(__SSSE3__) +# define GRASSHOPPER_SSE_SUPPORTED #endif #define GRASSHOPPER_MIN_BITS 8 #define GRASSHOPPER_MAX_BITS 128 #if UINTPTR_MAX == 0xff -#define GRASSHOPPER_BITS 8 +# define GRASSHOPPER_BITS 8 #elif UINTPTR_MAX == 0xffff -#define GRASSHOPPER_BITS 16 +# define GRASSHOPPER_BITS 16 #elif UINTPTR_MAX == 0xffffffff -#define GRASSHOPPER_BITS 32 +# define GRASSHOPPER_BITS 32 #elif UINTPTR_MAX == 0xffffffffffffffff -#define GRASSHOPPER_BITS 64 +# define GRASSHOPPER_BITS 64 #endif -#define GRASSHOPPER_BIT_PARTS_8 (GRASSHOPPER_MAX_BITS / 8) +#define GRASSHOPPER_BIT_PARTS_8 (GRASSHOPPER_MAX_BITS / 8) #define GRASSHOPPER_BIT_PARTS_16 (GRASSHOPPER_MAX_BITS / 16) #define GRASSHOPPER_BIT_PARTS_32 (GRASSHOPPER_MAX_BITS / 32) #define GRASSHOPPER_BIT_PARTS_64 (GRASSHOPPER_MAX_BITS / 64) -#define GRASSHOPPER_BIT_PARTS (GRASSHOPPER_MAX_BITS / GRASSHOPPER_BITS) +#define GRASSHOPPER_BIT_PARTS (GRASSHOPPER_MAX_BITS / GRASSHOPPER_BITS) #define GRASSHOPPER_MAX_BIT_PARTS (GRASSHOPPER_MAX_BITS / GRASSHOPPER_MIN_BITS) -#define GRASSHOPPER_ACCESS_128_VALUE_8(key, part) ((key).b[(part)]) +#define GRASSHOPPER_ACCESS_128_VALUE_8(key, part) ((key).b[(part)]) #define GRASSHOPPER_ACCESS_128_VALUE_16(key, part) ((key).w[(part)]) #define GRASSHOPPER_ACCESS_128_VALUE_32(key, part) ((key).d[(part)]) #define GRASSHOPPER_ACCESS_128_VALUE_64(key, part) ((key).q[(part)]) -#if(GRASSHOPPER_BITS == 8) -#define GRASSHOPPER_ACCESS_128_VALUE GRASSHOPPER_ACCESS_128_VALUE_8 -#elif(GRASSHOPPER_BITS == 16) -#define GRASSHOPPER_ACCESS_128_VALUE GRASSHOPPER_ACCESS_128_VALUE_16 -#elif(GRASSHOPPER_BITS == 32) -#define GRASSHOPPER_ACCESS_128_VALUE GRASSHOPPER_ACCESS_128_VALUE_32 -#elif(GRASSHOPPER_BITS == 64) -#define GRASSHOPPER_ACCESS_128_VALUE GRASSHOPPER_ACCESS_128_VALUE_64 +#if (GRASSHOPPER_BITS == 8) +# define GRASSHOPPER_ACCESS_128_VALUE GRASSHOPPER_ACCESS_128_VALUE_8 +#elif (GRASSHOPPER_BITS == 16) +# define GRASSHOPPER_ACCESS_128_VALUE GRASSHOPPER_ACCESS_128_VALUE_16 +#elif (GRASSHOPPER_BITS == 32) +# define GRASSHOPPER_ACCESS_128_VALUE GRASSHOPPER_ACCESS_128_VALUE_32 +#elif (GRASSHOPPER_BITS == 64) +# define GRASSHOPPER_ACCESS_128_VALUE GRASSHOPPER_ACCESS_128_VALUE_64 #endif -static GRASSHOPPER_INLINE void grasshopper_zero128(grasshopper_w128_t* x) { -#if(GRASSHOPPER_BITS == 8 || GRASSHOPPER_BITS == 16) +static GRASSHOPPER_INLINE void grasshopper_zero128(grasshopper_w128_t *x) +{ +#if (GRASSHOPPER_BITS == 8 || GRASSHOPPER_BITS == 16) memset(&x, 0, sizeof(x)); #else - int i; + int i; for (i = 0; i < GRASSHOPPER_BIT_PARTS; i++) { GRASSHOPPER_ACCESS_128_VALUE(*x, i) = 0; } #endif } -static GRASSHOPPER_INLINE void grasshopper_copy128(grasshopper_w128_t* to, const grasshopper_w128_t* from) { -#if(GRASSHOPPER_BITS == 8 || GRASSHOPPER_BITS == 16) +static GRASSHOPPER_INLINE void +grasshopper_copy128(grasshopper_w128_t *to, const grasshopper_w128_t *from) +{ +#if (GRASSHOPPER_BITS == 8 || GRASSHOPPER_BITS == 16) __builtin_memcpy(&to, &from, sizeof(grasshopper_w128_t)); #else - int i; + int i; for (i = 0; i < GRASSHOPPER_BIT_PARTS; i++) { - GRASSHOPPER_ACCESS_128_VALUE(*to, i) = GRASSHOPPER_ACCESS_128_VALUE(*from, i); + GRASSHOPPER_ACCESS_128_VALUE(*to, i) = + GRASSHOPPER_ACCESS_128_VALUE(*from, i); } #endif } -static GRASSHOPPER_INLINE void grasshopper_append128(grasshopper_w128_t* x, const grasshopper_w128_t* y) { - int i; +static GRASSHOPPER_INLINE void +grasshopper_append128(grasshopper_w128_t *x, const grasshopper_w128_t *y) +{ + int i; #ifdef STRICT_ALIGNMENT for (i = 0; i < 16; i++) { - GRASSHOPPER_ACCESS_128_VALUE_8(*x, i) ^= GRASSHOPPER_ACCESS_128_VALUE_8(*y, i); + GRASSHOPPER_ACCESS_128_VALUE_8(*x, i) ^= + GRASSHOPPER_ACCESS_128_VALUE_8(*y, i); } #else for (i = 0; i < GRASSHOPPER_BIT_PARTS; i++) { - GRASSHOPPER_ACCESS_128_VALUE(*x, i) ^= GRASSHOPPER_ACCESS_128_VALUE(*y, i); + GRASSHOPPER_ACCESS_128_VALUE(*x, i) ^= + GRASSHOPPER_ACCESS_128_VALUE(*y, i); } #endif } -static GRASSHOPPER_INLINE void grasshopper_plus128(grasshopper_w128_t* result, const grasshopper_w128_t* x, - const grasshopper_w128_t* y) { +static GRASSHOPPER_INLINE void +grasshopper_plus128(grasshopper_w128_t *result, const grasshopper_w128_t *x, + const grasshopper_w128_t *y) +{ grasshopper_copy128(result, x); grasshopper_append128(result, y); } // result & x must be different -static GRASSHOPPER_INLINE void grasshopper_plus128multi(grasshopper_w128_t* result, const grasshopper_w128_t* x, - const grasshopper_w128_t array[][256]) { - int i; +static GRASSHOPPER_INLINE void grasshopper_plus128multi( + grasshopper_w128_t *result, const grasshopper_w128_t *x, + const grasshopper_w128_t array[][256]) +{ + int i; grasshopper_zero128(result); for (i = 0; i < GRASSHOPPER_MAX_BIT_PARTS; i++) { - grasshopper_append128(result, &array[i][GRASSHOPPER_ACCESS_128_VALUE_8(*x, i)]); + grasshopper_append128( + result, &array[i][GRASSHOPPER_ACCESS_128_VALUE_8(*x, i)]); } } -static GRASSHOPPER_INLINE void grasshopper_append128multi(grasshopper_w128_t* result, grasshopper_w128_t* x, - const grasshopper_w128_t array[][256]) { +static GRASSHOPPER_INLINE void +grasshopper_append128multi(grasshopper_w128_t *result, grasshopper_w128_t *x, + const grasshopper_w128_t array[][256]) +{ grasshopper_plus128multi(result, x, array); grasshopper_copy128(x, result); } -static GRASSHOPPER_INLINE void grasshopper_convert128(grasshopper_w128_t* x, const uint8_t* array) { - int i; +static GRASSHOPPER_INLINE void +grasshopper_convert128(grasshopper_w128_t *x, const uint8_t *array) +{ + int i; for (i = 0; i < GRASSHOPPER_MAX_BIT_PARTS; i++) { - GRASSHOPPER_ACCESS_128_VALUE_8(*x, i) = array[GRASSHOPPER_ACCESS_128_VALUE_8(*x, i)]; + GRASSHOPPER_ACCESS_128_VALUE_8(*x, i) = + array[GRASSHOPPER_ACCESS_128_VALUE_8(*x, i)]; } } @@ -124,10 +143,12 @@ static GRASSHOPPER_INLINE void grasshopper_convert128(grasshopper_w128_t* x, con extern uint8_t grasshopper_galois_alpha_to[256]; extern uint8_t grasshopper_galois_index_of[256]; -static GRASSHOPPER_INLINE uint8_t grasshopper_galois_mul(uint8_t x, uint8_t y) { +static GRASSHOPPER_INLINE uint8_t grasshopper_galois_mul(uint8_t x, uint8_t y) +{ if (likely(x != 0 && y != 0)) { - return grasshopper_galois_alpha_to[(grasshopper_galois_index_of[x] + grasshopper_galois_index_of[y]) % - GRASSHOPPER_GALOIS_FIELD_SIZE]; + return grasshopper_galois_alpha_to[(grasshopper_galois_index_of[x] + + grasshopper_galois_index_of[y]) + % GRASSHOPPER_GALOIS_FIELD_SIZE]; } else { return 0; } diff --git a/gost_grasshopper_precompiled.h b/gost_grasshopper_precompiled.h index eb1d7f8b5..c2da29aa7 100644 --- a/gost_grasshopper_precompiled.h +++ b/gost_grasshopper_precompiled.h @@ -9,10 +9,13 @@ #include "gost_grasshopper_defines.h" #include "gost_grasshopper_math.h" -extern const grasshopper_w128_t grasshopper_pil_enc128[GRASSHOPPER_MAX_BIT_PARTS][256]; +extern const grasshopper_w128_t + grasshopper_pil_enc128[GRASSHOPPER_MAX_BIT_PARTS][256]; -extern const grasshopper_w128_t grasshopper_l_dec128[GRASSHOPPER_MAX_BIT_PARTS][256]; +extern const grasshopper_w128_t + grasshopper_l_dec128[GRASSHOPPER_MAX_BIT_PARTS][256]; -extern const grasshopper_w128_t grasshopper_pil_dec128[GRASSHOPPER_MAX_BIT_PARTS][256]; +extern const grasshopper_w128_t + grasshopper_pil_dec128[GRASSHOPPER_MAX_BIT_PARTS][256]; #endif diff --git a/gost_keyexpimp.c b/gost_keyexpimp.c index 481d5b5c6..73917037f 100644 --- a/gost_keyexpimp.c +++ b/gost_keyexpimp.c @@ -6,36 +6,34 @@ * See https://www.openssl.org/source/license.html for details */ -#include +#include "e_gost_err.h" +#include "gost_lcl.h" + +#include #include #include -#include - -#include "gost_lcl.h" -#include "e_gost_err.h" +#include static uint32_t be32(uint32_t host) { #ifdef L_ENDIAN - return (host & 0xff000000) >> 24 | - (host & 0x00ff0000) >> 8 | - (host & 0x0000ff00) << 8 | - (host & 0x000000ff) << 24; + return (host & 0xff000000) >> 24 | (host & 0x00ff0000) >> 8 + | (host & 0x0000ff00) << 8 | (host & 0x000000ff) << 24; #else return host; #endif } int omac_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr); + /* * Function expects that out is a preallocated buffer of length * defined as sum of shared_len and mac length defined by mac_nid * */ int gost_kexp15(const unsigned char *shared_key, const int shared_len, - int cipher_nid, const unsigned char *cipher_key, - int mac_nid, unsigned char *mac_key, - const unsigned char *iv, const size_t ivlen, - unsigned char *out, int *out_len) + int cipher_nid, const unsigned char *cipher_key, int mac_nid, + unsigned char *mac_key, const unsigned char *iv, + const size_t ivlen, unsigned char *out, int *out_len) { unsigned char iv_full[16], mac_buf[16]; unsigned int mac_len; @@ -46,8 +44,11 @@ int gost_kexp15(const unsigned char *shared_key, const int shared_len, int ret = 0; int len; - mac_len = (cipher_nid == NID_magma_ctr) ? 8 : - (cipher_nid == NID_grasshopper_ctr) ? 16 : 0; + mac_len = + (cipher_nid == NID_magma_ctr) ? 8 + : (cipher_nid == NID_grasshopper_ctr) + ? 16 + : 0; if (mac_len == 0) { GOSTerr(GOST_F_GOST_KEXP15, GOST_R_INVALID_CIPHER); @@ -86,8 +87,9 @@ int gost_kexp15(const unsigned char *shared_key, const int shared_len, goto err; } - if (EVP_CipherInit_ex - (ciph, EVP_get_cipherbynid(cipher_nid), NULL, NULL, NULL, 1) <= 0 + if (EVP_CipherInit_ex( + ciph, EVP_get_cipherbynid(cipher_nid), NULL, NULL, NULL, 1) + <= 0 || EVP_CipherInit_ex(ciph, NULL, NULL, cipher_key, iv_full, 1) <= 0 || EVP_CipherUpdate(ciph, out, &len, shared_key, shared_len) <= 0 || EVP_CipherUpdate(ciph, out + shared_len, &len, mac_buf, mac_len) <= 0 @@ -100,7 +102,7 @@ int gost_kexp15(const unsigned char *shared_key, const int shared_len, ret = 1; - err: +err: OPENSSL_cleanse(mac_buf, mac_len); EVP_MD_CTX_free(mac); EVP_CIPHER_CTX_free(ciph); @@ -113,10 +115,9 @@ int gost_kexp15(const unsigned char *shared_key, const int shared_len, * with length defined as expkeylen + mac_len defined by mac_nid * */ int gost_kimp15(const unsigned char *expkey, const size_t expkeylen, - int cipher_nid, const unsigned char *cipher_key, - int mac_nid, unsigned char *mac_key, - const unsigned char *iv, const size_t ivlen, - unsigned char *shared_key) + int cipher_nid, const unsigned char *cipher_key, int mac_nid, + unsigned char *mac_key, const unsigned char *iv, + const size_t ivlen, unsigned char *shared_key) { unsigned char iv_full[16], out[48], mac_buf[16]; unsigned int mac_len; @@ -128,8 +129,11 @@ int gost_kimp15(const unsigned char *expkey, const size_t expkeylen, int ret = 0; int len; - mac_len = (cipher_nid == NID_magma_ctr) ? 8 : - (cipher_nid == NID_grasshopper_ctr) ? 16 : 0; + mac_len = + (cipher_nid == NID_magma_ctr) ? 8 + : (cipher_nid == NID_grasshopper_ctr) + ? 16 + : 0; if (mac_len == 0) { GOSTerr(GOST_F_GOST_KIMP15, GOST_R_INVALID_CIPHER); @@ -156,8 +160,9 @@ int gost_kimp15(const unsigned char *expkey, const size_t expkeylen, goto err; } - if (EVP_CipherInit_ex - (ciph, EVP_get_cipherbynid(cipher_nid), NULL, NULL, NULL, 0) <= 0 + if (EVP_CipherInit_ex( + ciph, EVP_get_cipherbynid(cipher_nid), NULL, NULL, NULL, 0) + <= 0 || EVP_CipherInit_ex(ciph, NULL, NULL, cipher_key, iv_full, 0) <= 0 || EVP_CipherUpdate(ciph, out, &len, expkey, expkeylen) <= 0 || EVP_CipherFinal_ex(ciph, out + len, &len) <= 0) { @@ -191,18 +196,17 @@ int gost_kimp15(const unsigned char *expkey, const size_t expkeylen, memcpy(shared_key, out, shared_len); ret = 1; - err: +err: OPENSSL_cleanse(out, sizeof(out)); EVP_MD_CTX_free(mac); EVP_CIPHER_CTX_free(ciph); return ret; } -int gost_kdftree2012_256(unsigned char *keyout, size_t keyout_len, - const unsigned char *key, size_t keylen, - const unsigned char *label, size_t label_len, - const unsigned char *seed, size_t seed_len, - const size_t representation) +int gost_kdftree2012_256( + unsigned char *keyout, size_t keyout_len, const unsigned char *key, + size_t keylen, const unsigned char *label, size_t label_len, + const unsigned char *seed, size_t seed_len, const size_t representation) { int iters, i = 0; unsigned char zero = 0; @@ -236,8 +240,8 @@ int gost_kdftree2012_256(unsigned char *keyout, size_t keyout_len, ((unsigned char *)&iter_net) + (4 - representation); if (HMAC_Init_ex(ctx, key, keylen, - EVP_get_digestbynid(NID_id_GostR3411_2012_256), - NULL) <= 0 + EVP_get_digestbynid(NID_id_GostR3411_2012_256), NULL) + <= 0 || HMAC_Update(ctx, rep_ptr, representation) <= 0 || HMAC_Update(ctx, label, label_len) <= 0 || HMAC_Update(ctx, &zero, 1) <= 0 @@ -262,9 +266,9 @@ int gost_tlstree(int cipher_nid, const unsigned char *in, unsigned char *out, const unsigned char *tlsseq) { uint64_t gh_c1 = 0x00000000FFFFFFFF, gh_c2 = 0x0000F8FFFFFFFFFF, - gh_c3 = 0xC0FFFFFFFFFFFFFF; + gh_c3 = 0xC0FFFFFFFFFFFFFF; uint64_t mg_c1 = 0x00000000C0FFFFFF, mg_c2 = 0x000000FEFFFFFFFF, - mg_c3 = 0x00F0FFFFFFFFFFFF; + mg_c3 = 0x00F0FFFFFFFFFFFF; uint64_t c1, c2, c3; uint64_t seed1, seed2, seed3; uint64_t seq; @@ -293,150 +297,162 @@ int gost_tlstree(int cipher_nid, const unsigned char *in, unsigned char *out, seed2 = seq & c2; seed3 = seq & c3; - if (gost_kdftree2012_256(ko1, 32, in, 32, (const unsigned char *)"level1", 6, - (const unsigned char *)&seed1, 8, 1) <= 0 - || gost_kdftree2012_256(ko2, 32, ko1, 32, (const unsigned char *)"level2", 6, - (const unsigned char *)&seed2, 8, 1) <= 0 - || gost_kdftree2012_256(out, 32, ko2, 32, (const unsigned char *)"level3", 6, - (const unsigned char *)&seed3, 8, 1) <= 0) - return 0; + if (gost_kdftree2012_256(ko1, 32, in, 32, (const unsigned char *)"level1", + 6, (const unsigned char *)&seed1, 8, 1) + <= 0 + || gost_kdftree2012_256( + ko2, 32, ko1, 32, (const unsigned char *)"level2", 6, + (const unsigned char *)&seed2, 8, 1) + <= 0 + || gost_kdftree2012_256( + out, 32, ko2, 32, (const unsigned char *)"level3", 6, + (const unsigned char *)&seed3, 8, 1) + <= 0) + return 0; return 1; } -#define GOST_WRAP_FLAGS EVP_CIPH_CTRL_INIT | EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 +#define GOST_WRAP_FLAGS \ + EVP_CIPH_CTRL_INIT | EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV \ + | EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 -#define MAGMA_MAC_WRAP_LEN 8 -#define KUZNYECHIK_MAC_WRAP_LEN 16 -#define MAX_MAC_WRAP_LEN KUZNYECHIK_MAC_WRAP_LEN -#define GOSTKEYLEN 32 -#define MAGMA_WRAPPED_KEY_LEN GOSTKEYLEN + MAGMA_MAC_WRAP_LEN +#define MAGMA_MAC_WRAP_LEN 8 +#define KUZNYECHIK_MAC_WRAP_LEN 16 +#define MAX_MAC_WRAP_LEN KUZNYECHIK_MAC_WRAP_LEN +#define GOSTKEYLEN 32 +#define MAGMA_WRAPPED_KEY_LEN GOSTKEYLEN + MAGMA_MAC_WRAP_LEN #define KUZNYECHIK_WRAPPED_KEY_LEN GOSTKEYLEN + KUZNYECHIK_MAC_WRAP_LEN -#define MAX_WRAPPED_KEY_LEN KUZNYECHIK_WRAPPED_KEY_LEN +#define MAX_WRAPPED_KEY_LEN KUZNYECHIK_WRAPPED_KEY_LEN typedef struct { - unsigned char iv[8]; /* Max IV size is half of base cipher block length */ - unsigned char key[GOSTKEYLEN*2]; /* Combined cipher and mac keys */ - unsigned char wrapped[MAX_WRAPPED_KEY_LEN]; /* Max size */ - size_t wrap_count; + unsigned char iv[8]; /* Max IV size is half of base cipher block length */ + unsigned char key[GOSTKEYLEN * 2]; /* Combined cipher and mac keys */ + unsigned char wrapped[MAX_WRAPPED_KEY_LEN]; /* Max size */ + size_t wrap_count; } GOST_WRAP_CTX; static int magma_wrap_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - GOST_WRAP_CTX *cctx = EVP_CIPHER_CTX_get_cipher_data(ctx); - memset(cctx->wrapped, 0, MAX_WRAPPED_KEY_LEN); - cctx->wrap_count = 0; - - if (iv) { - memset(cctx->iv, 0, 8); - memcpy(cctx->iv, iv, 4); - } - - if (key) { - memcpy(cctx->key, key, GOSTKEYLEN*2); - } - return 1; + GOST_WRAP_CTX *cctx = EVP_CIPHER_CTX_get_cipher_data(ctx); + memset(cctx->wrapped, 0, MAX_WRAPPED_KEY_LEN); + cctx->wrap_count = 0; + + if (iv) { + memset(cctx->iv, 0, 8); + memcpy(cctx->iv, iv, 4); + } + + if (key) { + memcpy(cctx->key, key, GOSTKEYLEN * 2); + } + return 1; } static int magma_wrap_do(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { - GOST_WRAP_CTX *cctx = EVP_CIPHER_CTX_get_cipher_data(ctx); - int enc = EVP_CIPHER_CTX_encrypting(ctx) ? 1 : 0; + GOST_WRAP_CTX *cctx = EVP_CIPHER_CTX_get_cipher_data(ctx); + int enc = EVP_CIPHER_CTX_encrypting(ctx) ? 1 : 0; - if (out == NULL) - return GOSTKEYLEN; + if (out == NULL) + return GOSTKEYLEN; - if (inl <= MAGMA_WRAPPED_KEY_LEN) { - if (cctx->wrap_count + inl > MAGMA_WRAPPED_KEY_LEN) - return -1; + if (inl <= MAGMA_WRAPPED_KEY_LEN) { + if (cctx->wrap_count + inl > MAGMA_WRAPPED_KEY_LEN) + return -1; - if (cctx->wrap_count + inl <= MAGMA_WRAPPED_KEY_LEN) - { - memcpy(cctx->wrapped+cctx->wrap_count, in, inl); - cctx->wrap_count += inl; - } - } + if (cctx->wrap_count + inl <= MAGMA_WRAPPED_KEY_LEN) { + memcpy(cctx->wrapped + cctx->wrap_count, in, inl); + cctx->wrap_count += inl; + } + } - if (cctx->wrap_count < MAGMA_WRAPPED_KEY_LEN) - return 0; + if (cctx->wrap_count < MAGMA_WRAPPED_KEY_LEN) + return 0; - if (enc) { + if (enc) { #if 0 return gost_kexp15(cctx->key, 32, NID_magma_ctr, in, NID_magma_mac, cctx->key, /* FIXME mac_key, */ cctx->iv, 4, out, &outl); #endif - return -1; - } else { - return gost_kimp15(cctx->wrapped, cctx->wrap_count, NID_magma_ctr, - cctx->key+GOSTKEYLEN, NID_magma_mac, cctx->key, cctx->iv, 4, out) > 0 ? GOSTKEYLEN : 0; - } + return -1; + } else { + return gost_kimp15(cctx->wrapped, cctx->wrap_count, NID_magma_ctr, + cctx->key + GOSTKEYLEN, NID_magma_mac, cctx->key, + cctx->iv, 4, out) + > 0 + ? GOSTKEYLEN + : 0; + } } static int kuznyechik_wrap_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - GOST_WRAP_CTX *cctx = EVP_CIPHER_CTX_get_cipher_data(ctx); - memset(cctx->wrapped, 0, KUZNYECHIK_WRAPPED_KEY_LEN); - cctx->wrap_count = 0; - - if (iv) { - memset(cctx->iv, 0, 8); - memcpy(cctx->iv, iv, 8); - } - - if (key) { - memcpy(cctx->key, key, GOSTKEYLEN*2); - } - return 1; + GOST_WRAP_CTX *cctx = EVP_CIPHER_CTX_get_cipher_data(ctx); + memset(cctx->wrapped, 0, KUZNYECHIK_WRAPPED_KEY_LEN); + cctx->wrap_count = 0; + + if (iv) { + memset(cctx->iv, 0, 8); + memcpy(cctx->iv, iv, 8); + } + + if (key) { + memcpy(cctx->key, key, GOSTKEYLEN * 2); + } + return 1; } static int kuznyechik_wrap_do(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { - GOST_WRAP_CTX *cctx = EVP_CIPHER_CTX_get_cipher_data(ctx); - int enc = EVP_CIPHER_CTX_encrypting(ctx) ? 1 : 0; + GOST_WRAP_CTX *cctx = EVP_CIPHER_CTX_get_cipher_data(ctx); + int enc = EVP_CIPHER_CTX_encrypting(ctx) ? 1 : 0; - if (out == NULL) - return GOSTKEYLEN; + if (out == NULL) + return GOSTKEYLEN; - if (inl <= KUZNYECHIK_WRAPPED_KEY_LEN) { - if (cctx->wrap_count + inl > KUZNYECHIK_WRAPPED_KEY_LEN) - return -1; + if (inl <= KUZNYECHIK_WRAPPED_KEY_LEN) { + if (cctx->wrap_count + inl > KUZNYECHIK_WRAPPED_KEY_LEN) + return -1; - if (cctx->wrap_count + inl <= KUZNYECHIK_WRAPPED_KEY_LEN) - { - memcpy(cctx->wrapped+cctx->wrap_count, in, inl); - cctx->wrap_count += inl; - } - } + if (cctx->wrap_count + inl <= KUZNYECHIK_WRAPPED_KEY_LEN) { + memcpy(cctx->wrapped + cctx->wrap_count, in, inl); + cctx->wrap_count += inl; + } + } - if (cctx->wrap_count < KUZNYECHIK_WRAPPED_KEY_LEN) - return 0; + if (cctx->wrap_count < KUZNYECHIK_WRAPPED_KEY_LEN) + return 0; - if (enc) { + if (enc) { #if 0 return gost_kexp15(cctx->key, 32, NID_magma_ctr, in, NID_magma_mac, cctx->key, /* FIXME mac_key, */ cctx->iv, 4, out, &outl); #endif - return -1; - } else { - return gost_kimp15(cctx->wrapped, cctx->wrap_count, NID_kuznyechik_ctr, - cctx->key+GOSTKEYLEN, NID_kuznyechik_mac, cctx->key, cctx->iv, 8, out) > 0 ? GOSTKEYLEN : 0; - } + return -1; + } else { + return gost_kimp15(cctx->wrapped, cctx->wrap_count, NID_kuznyechik_ctr, + cctx->key + GOSTKEYLEN, NID_kuznyechik_mac, + cctx->key, cctx->iv, 8, out) + > 0 + ? GOSTKEYLEN + : 0; + } } -static int wrap_ctrl (EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +static int wrap_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { - switch(type) - { - case EVP_CTRL_INIT: - EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); - return 1; - default: - return -2; - } + switch (type) { + case EVP_CTRL_INIT: + EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); + return 1; + default: + return -2; + } } static GOST_cipher wrap_template_cipher = { diff --git a/gost_keywrap.c b/gost_keywrap.c index a2134c2e3..ca2a4c8c6 100644 --- a/gost_keywrap.c +++ b/gost_keywrap.c @@ -7,10 +7,12 @@ * RFC 4357 p 6.3 and 6.4 * * Doesn't need OpenSSL * **********************************************************************/ -#include -#include "gost89.h" #include "gost_keywrap.h" +#include "gost89.h" + +#include + /*- * Diversifies key using random UserKey Material * Implements RFC 4357 p 6.5 key diversification algorithm @@ -20,7 +22,7 @@ * outputKey - 32byte buffer to store diversified key * */ -void keyDiversifyCryptoPro(gost_ctx * ctx, const unsigned char *inputKey, +void keyDiversifyCryptoPro(gost_ctx *ctx, const unsigned char *inputKey, const unsigned char *ukm, unsigned char *outputKey) { int i; @@ -34,8 +36,8 @@ void keyDiversifyCryptoPro(gost_ctx * ctx, const unsigned char *inputKey, /* Compute IV S */ for (j = 0, mask = 1; j < 8; j++, mask <<= 1) { u4 k; - k = ((u4) outputKey[4 * j]) | (outputKey[4 * j + 1] << 8) | - (outputKey[4 * j + 2] << 16) | (outputKey[4 * j + 3] << 24); + k = ((u4)outputKey[4 * j]) | (outputKey[4 * j + 1] << 8) + | (outputKey[4 * j + 2] << 16) | (outputKey[4 * j + 3] << 24); if (mask & ukm[i]) { s1 += k; } else { @@ -64,9 +66,8 @@ void keyDiversifyCryptoPro(gost_ctx * ctx, const unsigned char *inputKey, * wrappedKey - 44-byte buffer to store wrapped key */ -int keyWrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey, - const unsigned char *ukm, - const unsigned char *sessionKey, +int keyWrapCryptoPro(gost_ctx *ctx, const unsigned char *keyExchangeKey, + const unsigned char *ukm, const unsigned char *sessionKey, unsigned char *wrappedKey) { unsigned char kek_ukm[32]; @@ -89,14 +90,17 @@ int keyWrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey, * Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match */ -int keyUnwrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey, +int keyUnwrapCryptoPro(gost_ctx *ctx, const unsigned char *keyExchangeKey, const unsigned char *wrappedKey, unsigned char *sessionKey) { unsigned char kek_ukm[32], cek_mac[4]; - keyDiversifyCryptoPro(ctx, keyExchangeKey, wrappedKey - /* First 8 bytes of wrapped Key is ukm */ - , kek_ukm); + keyDiversifyCryptoPro( + ctx, keyExchangeKey, + wrappedKey + /* First 8 bytes of wrapped Key is ukm */ + , + kek_ukm); gost_key(ctx, kek_ukm); gost_dec(ctx, wrappedKey + 8, sessionKey, 4); gost_mac_iv(ctx, 32, wrappedKey, sessionKey, 32, cek_mac); diff --git a/gost_keywrap.h b/gost_keywrap.h index 7def4c9fe..cfbe5ab72 100644 --- a/gost_keywrap.h +++ b/gost_keywrap.h @@ -8,9 +8,10 @@ * Doesn't need OpenSSL * **********************************************************************/ #ifndef GOST_KEYWRAP_H -# define GOST_KEYWRAP_H -# include -# include "gost89.h" +#define GOST_KEYWRAP_H +#include "gost89.h" + +#include /*- * Diversifies key using random UserKey Material * Implements RFC 4357 p 6.5 key diversification algorithm @@ -20,10 +21,8 @@ * outputKey - 32byte buffer to store diversified key * */ -void keyDiversifyCryptoPro(gost_ctx * ctx, - const unsigned char *inputKey, - const unsigned char *ukm, - unsigned char *outputKey); +void keyDiversifyCryptoPro(gost_ctx *ctx, const unsigned char *inputKey, + const unsigned char *ukm, unsigned char *outputKey); /*- * Wraps key using RFC 4357 6.3 * ctx - gost encryption context, initialized with some S-boxes @@ -33,10 +32,8 @@ void keyDiversifyCryptoPro(gost_ctx * ctx, * wrappedKey - 44-byte buffer to store wrapped key */ -int keyWrapCryptoPro(gost_ctx * ctx, - const unsigned char *keyExchangeKey, - const unsigned char *ukm, - const unsigned char *sessionKey, +int keyWrapCryptoPro(gost_ctx *ctx, const unsigned char *keyExchangeKey, + const unsigned char *ukm, const unsigned char *sessionKey, unsigned char *wrappedKey); /*- * Unwraps key using RFC 4357 6.4 @@ -49,8 +46,7 @@ int keyWrapCryptoPro(gost_ctx * ctx, * Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match */ -int keyUnwrapCryptoPro(gost_ctx * ctx, - const unsigned char *keyExchangeKey, +int keyUnwrapCryptoPro(gost_ctx *ctx, const unsigned char *keyExchangeKey, const unsigned char *wrappedKey, unsigned char *sessionKey); #endif diff --git a/gost_lcl.h b/gost_lcl.h index ffa8c76d1..c31de89ba 100644 --- a/gost_lcl.h +++ b/gost_lcl.h @@ -10,24 +10,25 @@ * OpenSSL 0.9.9 libraries required to compile and use * * this code * **********************************************************************/ -# include +# include "gost89.h" +# include "gosthash.h" + +# include +# include # include +# include +# include +# include # include -# include # include -# include -# include -# include -# include "gost89.h" -# include "gosthash.h" /* Control commands */ # define GOST_PARAM_CRYPT_PARAMS 0 -# define GOST_PARAM_PBE_PARAMS 1 -# define GOST_PARAM_PK_FORMAT 2 -# define GOST_PARAM_MAX 3 -# define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_CRYPT_PARAMS) -# define GOST_CTRL_PBE_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_PBE_PARAMS) -# define GOST_CTRL_PK_FORMAT (ENGINE_CMD_BASE+GOST_PARAM_PK_FORMAT) +# define GOST_PARAM_PBE_PARAMS 1 +# define GOST_PARAM_PK_FORMAT 2 +# define GOST_PARAM_MAX 3 +# define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE + GOST_PARAM_CRYPT_PARAMS) +# define GOST_CTRL_PBE_PARAMS (ENGINE_CMD_BASE + GOST_PARAM_PBE_PARAMS) +# define GOST_CTRL_PK_FORMAT (ENGINE_CMD_BASE + GOST_PARAM_PK_FORMAT) typedef struct R3410_ec { int nid; @@ -41,13 +42,13 @@ typedef struct R3410_ec { EC_GROUP *group; } R3410_ec_params; -extern R3410_ec_params R3410_2001_paramset[], - *R3410_2012_256_paramset, R3410_2012_512_paramset[]; +extern R3410_ec_params R3410_2001_paramset[], *R3410_2012_256_paramset, + R3410_2012_512_paramset[]; void free_cached_groups(void); extern const ENGINE_CMD_DEFN gost_cmds[]; -int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); +int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); const char *get_gost_engine_param(int param); int gost_set_default_param(int param, const char *value); void gost_param_free(void); @@ -64,26 +65,27 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags); /* Gost-specific pmeth control-function parameters */ /* For GOST R34.10 parameters */ -# define param_ctrl_string "paramset" -# define ukm_ctrl_string "ukmhex" -# define vko_ctrl_string "vko" -# define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL+1) +# define param_ctrl_string "paramset" +# define ukm_ctrl_string "ukmhex" +# define vko_ctrl_string "vko" +# define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL + 1) /* For GOST 28147 MAC */ -# define key_ctrl_string "key" -# define hexkey_ctrl_string "hexkey" -# define maclen_ctrl_string "size" -# define EVP_PKEY_CTRL_GOST_MAC_HEXKEY (EVP_PKEY_ALG_CTRL+3) -# define EVP_PKEY_CTRL_MAC_LEN (EVP_PKEY_ALG_CTRL+5) -# define EVP_PKEY_CTRL_SET_VKO (EVP_PKEY_ALG_CTRL+11) +# define key_ctrl_string "key" +# define hexkey_ctrl_string "hexkey" +# define maclen_ctrl_string "size" +# define EVP_PKEY_CTRL_GOST_MAC_HEXKEY (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_MAC_LEN (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_SET_VKO (EVP_PKEY_ALG_CTRL + 11) + /* Pmeth internal representation */ struct gost_pmeth_data { - int sign_param_nid; /* Should be set whenever parameters are + int sign_param_nid; /* Should be set whenever parameters are * filled */ EVP_MD *md; unsigned char shared_ukm[32]; size_t shared_ukm_size; int peer_key_used; - int cipher_nid; /* KExp15/KImp15 algs */ + int cipher_nid; /* KExp15/KImp15 algs */ int vko_dgst_nid; }; @@ -100,6 +102,7 @@ struct gost_mac_key { unsigned char key[32]; short int mac_size; }; + /* GOST-specific ASN1 structures */ typedef struct { @@ -124,7 +127,7 @@ typedef struct { DECLARE_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT) -typedef struct { /* FIXME incomplete */ +typedef struct { /* FIXME incomplete */ GOST_KEY_TRANSPORT *gkt; } GOST_CLIENT_KEY_EXCHANGE_PARAMS; @@ -142,7 +145,7 @@ typedef struct { /* FIXME incomplete */ }*/ typedef struct PSKeyTransport_st { ASN1_OCTET_STRING *psexp; - X509_PUBKEY *ephem_key; + X509_PUBKEY *ephem_key; ASN1_OCTET_STRING *ukm; } PSKeyTransport_gost; @@ -154,17 +157,18 @@ DECLARE_ASN1_FUNCTIONS(PSKeyTransport_gost) */ # ifdef OPENSSL_SYS_VMS # undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_it -# define GOST_CLIENT_KEY_EXCHANGE_PARAMS_it GOST_CLIENT_KEY_EXC_PARAMS_it +# define GOST_CLIENT_KEY_EXCHANGE_PARAMS_it GOST_CLIENT_KEY_EXC_PARAMS_it # undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_new -# define GOST_CLIENT_KEY_EXCHANGE_PARAMS_new GOST_CLIENT_KEY_EXC_PARAMS_new +# define GOST_CLIENT_KEY_EXCHANGE_PARAMS_new GOST_CLIENT_KEY_EXC_PARAMS_new # undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_free -# define GOST_CLIENT_KEY_EXCHANGE_PARAMS_free GOST_CLIENT_KEY_EXC_PARAMS_free +# define GOST_CLIENT_KEY_EXCHANGE_PARAMS_free GOST_CLIENT_KEY_EXC_PARAMS_free # undef d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS -# define d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS d2i_GOST_CLIENT_KEY_EXC_PARAMS +# define d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS d2i_GOST_CLIENT_KEY_EXC_PARAMS # undef i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS -# define i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS i2d_GOST_CLIENT_KEY_EXC_PARAMS -# endif /* End of hack */ +# define i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS i2d_GOST_CLIENT_KEY_EXC_PARAMS +# endif /* End of hack */ DECLARE_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS) + typedef struct { ASN1_OBJECT *key_params; ASN1_OBJECT *hash_params; @@ -181,8 +185,8 @@ typedef struct { DECLARE_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS) typedef struct { - ASN1_OCTET_STRING *ukm; - } GOST2015_CIPHER_PARAMS; + ASN1_OCTET_STRING *ukm; +} GOST2015_CIPHER_PARAMS; DECLARE_ASN1_FUNCTIONS(GOST2015_CIPHER_PARAMS) @@ -194,7 +198,7 @@ typedef struct { DECLARE_ASN1_FUNCTIONS(MASKED_GOST_KEY) /*============== Message digest and cipher related structures ==========*/ - /* +/* * Structure used as EVP_MD_CTX-md_data. It allows to avoid storing * in the md-data pointers to dynamically allocated memory. I * cannot invent better way to avoid memory leaks, because openssl @@ -206,6 +210,7 @@ struct ossl_gost_digest_ctx { gost_hash_ctx dctx; gost_ctx cctx; }; + /* Cipher context used for EVP_CIPHER operation */ struct ossl_gost_cipher_ctx { int paramNID; @@ -216,12 +221,14 @@ struct ossl_gost_cipher_ctx { gost_ctx cctx; EVP_MD_CTX *omac_ctx; }; + /* Structure to map parameter NID to S-block */ struct gost_cipher_info { int nid; gost_subst_block *sblock; int key_meshing; }; + /* Context for MAC */ struct ossl_gost_imit_ctx { gost_ctx cctx; @@ -238,17 +245,15 @@ const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj); void inc_counter(unsigned char *counter, size_t counter_bytes); -# define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3) -# define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4) +# define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL + 3) +# define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL + 4) /* EVP_PKEY_METHOD key encryption callbacks */ /* From gost_ec_keyx.c */ -int pkey_gost_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, - size_t *out_len, const unsigned char *key, - size_t key_len); +int pkey_gost_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len, + const unsigned char *key, size_t key_len); -int pkey_gost_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, - size_t *key_len, const unsigned char *in, - size_t in_len); +int pkey_gost_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len, + const unsigned char *in, size_t in_len); /* derive functions */ /* From gost_ec_keyx.c */ int pkey_gost_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); @@ -256,16 +261,19 @@ int fill_GOST_EC_params(EC_KEY *eckey, int nid); int gost_ec_keygen(EC_KEY *ec); ECDSA_SIG *gost_ec_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey); -int gost_ec_verify(const unsigned char *dgst, int dgst_len, - ECDSA_SIG *sig, EC_KEY *ec); +int gost_ec_verify(const unsigned char *dgst, int dgst_len, ECDSA_SIG *sig, + EC_KEY *ec); int gost_ec_compute_public(EC_KEY *ec); int gost_ec_point_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); -#define CURVEDEF(a) \ -int point_mul_##a(const EC_GROUP *group, EC_POINT *r, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);\ -int point_mul_g_##a(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, BN_CTX *ctx);\ -int point_mul_two_##a(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); +# define CURVEDEF(a) \ + int point_mul_##a(const EC_GROUP *group, EC_POINT *r, const EC_POINT *q, \ + const BIGNUM *m, BN_CTX *ctx); \ + int point_mul_g_##a( \ + const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, BN_CTX *ctx); \ + int point_mul_two_##a(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, \ + const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); CURVEDEF(id_GostR3410_2001_CryptoPro_A_ParamSet) CURVEDEF(id_GostR3410_2001_CryptoPro_B_ParamSet) @@ -277,31 +285,27 @@ CURVEDEF(id_tc26_gost_3410_2012_512_paramSetB) CURVEDEF(id_tc26_gost_3410_2012_512_paramSetC) /* VKO */ -int VKO_compute_key(unsigned char *shared_key, - const EC_POINT *pub_key, const EC_KEY *priv_key, - const unsigned char *ukm, const size_t ukm_size, - const int vko_dgst_nid); +int VKO_compute_key(unsigned char *shared_key, const EC_POINT *pub_key, + const EC_KEY *priv_key, const unsigned char *ukm, + const size_t ukm_size, const int vko_dgst_nid); /* KDF TREE */ -int gost_kdftree2012_256(unsigned char *keyout, size_t keyout_len, - const unsigned char *key, size_t keylen, - const unsigned char *label, size_t label_len, - const unsigned char *seed, size_t seed_len, - const size_t representation); +int gost_kdftree2012_256( + unsigned char *keyout, size_t keyout_len, const unsigned char *key, + size_t keylen, const unsigned char *label, size_t label_len, + const unsigned char *seed, size_t seed_len, const size_t representation); int gost_tlstree(int cipher_nid, const unsigned char *in, unsigned char *out, const unsigned char *tlsseq); /* KExp/KImp */ int gost_kexp15(const unsigned char *shared_key, const int shared_len, - int cipher_nid, const unsigned char *cipher_key, - int mac_nid, unsigned char *mac_key, - const unsigned char *iv, const size_t ivlen, - unsigned char *out, int *out_len); + int cipher_nid, const unsigned char *cipher_key, int mac_nid, + unsigned char *mac_key, const unsigned char *iv, + const size_t ivlen, unsigned char *out, int *out_len); int gost_kimp15(const unsigned char *expkey, const size_t expkeylen, - int cipher_nid, const unsigned char *cipher_key, - int mac_nid, unsigned char *mac_key, - const unsigned char *iv, const size_t ivlen, - unsigned char *shared_key); + int cipher_nid, const unsigned char *cipher_key, int mac_nid, + unsigned char *mac_key, const unsigned char *iv, + const size_t ivlen, unsigned char *shared_key); /*============== miscellaneous functions============================= */ /* * Store bignum in byte array of given length, prepending by zeros if @@ -315,7 +319,7 @@ int pack_sign_cp(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen); /* Returns pointer into EVP_PKEY structure */ BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey); /* from gost_crypt.c */ -/* Decrements 8-byte sequence */ +/* Decrements 8-byte sequence */ int decrement_sequence(unsigned char *seq, int decrement); /* Struct describing cipher and used for init/deinit.*/ @@ -323,12 +327,12 @@ struct gost_cipher_st { struct gost_cipher_st *template; /* template struct */ int nid; EVP_CIPHER *cipher; - int block_size; /* (bytes) */ - int key_len; /* (bytes) */ + int block_size; /* (bytes) */ + int key_len; /* (bytes) */ int iv_len; int flags; - int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl); int (*cleanup)(EVP_CIPHER_CTX *); diff --git a/gost_md.c b/gost_md.c index b8824eb48..16de9afb6 100644 --- a/gost_md.c +++ b/gost_md.c @@ -7,15 +7,15 @@ * OpenSSL interface to GOST R 34.11-94 hash functions * * Requires OpenSSL 0.9.9 for compilation * **********************************************************************/ -#include +#include "e_gost_err.h" #include "gost_lcl.h" #include "gosthash.h" -#include "e_gost_err.h" + +#include /* implementation of GOST 34.11 hash function See gost_md.c*/ static int gost_digest_init(EVP_MD_CTX *ctx); -static int gost_digest_update(EVP_MD_CTX *ctx, const void *data, - size_t count); +static int gost_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count); static int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md); static int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from); static int gost_digest_cleanup(EVP_MD_CTX *ctx); @@ -36,13 +36,9 @@ GOST_digest GostR3411_94_digest = { * Single level template accessor. * Note: that you cannot template 0 value. */ -#define TPL(st,field) ( \ - ((st)->field) ? ((st)->field) : TPL_VAL(st,field) \ -) +#define TPL(st, field) (((st)->field) ? ((st)->field) : TPL_VAL(st, field)) -#define TPL_VAL(st,field) ( \ - ((st)->template ? (st)->template->field : 0) \ -) +#define TPL_VAL(st, field) (((st)->template ? (st)->template->field : 0)) EVP_MD *GOST_init_digest(GOST_digest *d) { @@ -89,13 +85,12 @@ static int gost_digest_init(EVP_MD_CTX *ctx) static int gost_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return hash_block((gost_hash_ctx *) EVP_MD_CTX_md_data(ctx), data, count); + return hash_block((gost_hash_ctx *)EVP_MD_CTX_md_data(ctx), data, count); } static int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md) { - return finish_hash((gost_hash_ctx *) EVP_MD_CTX_md_data(ctx), md); - + return finish_hash((gost_hash_ctx *)EVP_MD_CTX_md_data(ctx), md); } static int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) @@ -112,8 +107,8 @@ static int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) static int gost_digest_cleanup(EVP_MD_CTX *ctx) { if (EVP_MD_CTX_md_data(ctx)) - memset(EVP_MD_CTX_md_data(ctx), 0, - sizeof(struct ossl_gost_digest_ctx)); + memset(EVP_MD_CTX_md_data(ctx), 0, sizeof(struct ossl_gost_digest_ctx)); return 1; } + /* vim: set expandtab cinoptions=\:0,l1,t0,g0,(0 sw=4 : */ diff --git a/gost_md2012.c b/gost_md2012.c index 3ea1e3642..09555c6a5 100644 --- a/gost_md2012.c +++ b/gost_md2012.c @@ -10,21 +10,19 @@ * * **********************************************************************/ -#include -#include "gosthash2012.h" #include "gost_lcl.h" +#include "gosthash2012.h" + +#include static int gost_digest_init512(EVP_MD_CTX *ctx); static int gost_digest_init256(EVP_MD_CTX *ctx); -static int gost_digest_update(EVP_MD_CTX *ctx, const void *data, - size_t count); +static int gost_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count); static int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md); static int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from); static int gost_digest_cleanup(EVP_MD_CTX *ctx); -static int gost_digest_ctrl_256(EVP_MD_CTX *ctx, int type, int arg, - void *ptr); -static int gost_digest_ctrl_512(EVP_MD_CTX *ctx, int type, int arg, - void *ptr); +static int gost_digest_ctrl_256(EVP_MD_CTX *ctx, int type, int arg, void *ptr); +static int gost_digest_ctrl_512(EVP_MD_CTX *ctx, int type, int arg, void *ptr); const char micalg_256[] = "gostr3411-2012-256"; const char micalg_512[] = "gostr3411-2012-512"; @@ -58,28 +56,26 @@ GOST_digest GostR3411_2012_512_digest = { static int gost_digest_init512(EVP_MD_CTX *ctx) { - init_gost2012_hash_ctx((gost2012_hash_ctx *) EVP_MD_CTX_md_data(ctx), - 512); + init_gost2012_hash_ctx((gost2012_hash_ctx *)EVP_MD_CTX_md_data(ctx), 512); return 1; } static int gost_digest_init256(EVP_MD_CTX *ctx) { - init_gost2012_hash_ctx((gost2012_hash_ctx *) EVP_MD_CTX_md_data(ctx), - 256); + init_gost2012_hash_ctx((gost2012_hash_ctx *)EVP_MD_CTX_md_data(ctx), 256); return 1; } static int gost_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - gost2012_hash_block((gost2012_hash_ctx *) EVP_MD_CTX_md_data(ctx), data, - count); + gost2012_hash_block( + (gost2012_hash_ctx *)EVP_MD_CTX_md_data(ctx), data, count); return 1; } static int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md) { - gost2012_finish_hash((gost2012_hash_ctx *) EVP_MD_CTX_md_data(ctx), md); + gost2012_finish_hash((gost2012_hash_ctx *)EVP_MD_CTX_md_data(ctx), md); return 1; } @@ -103,15 +99,14 @@ static int gost_digest_cleanup(EVP_MD_CTX *ctx) static int gost_digest_ctrl_256(EVP_MD_CTX *ctx, int type, int arg, void *ptr) { switch (type) { - case EVP_MD_CTRL_MICALG: - { - *((char **)ptr) = OPENSSL_malloc(strlen(micalg_256) + 1); - if (*((char **)ptr) != NULL) { - strcpy(*((char **)ptr), micalg_256); - return 1; - } - return 0; + case EVP_MD_CTRL_MICALG: { + *((char **)ptr) = OPENSSL_malloc(strlen(micalg_256) + 1); + if (*((char **)ptr) != NULL) { + strcpy(*((char **)ptr), micalg_256); + return 1; } + return 0; + } default: return 0; } @@ -120,14 +115,13 @@ static int gost_digest_ctrl_256(EVP_MD_CTX *ctx, int type, int arg, void *ptr) static int gost_digest_ctrl_512(EVP_MD_CTX *ctx, int type, int arg, void *ptr) { switch (type) { - case EVP_MD_CTRL_MICALG: - { - *((char **)ptr) = OPENSSL_malloc(strlen(micalg_512) + 1); - if (*((char **)ptr) != NULL) { - strcpy(*((char **)ptr), micalg_512); - return 1; - } + case EVP_MD_CTRL_MICALG: { + *((char **)ptr) = OPENSSL_malloc(strlen(micalg_512) + 1); + if (*((char **)ptr) != NULL) { + strcpy(*((char **)ptr), micalg_512); + return 1; } + } default: return 0; } diff --git a/gost_omac.c b/gost_omac.c index 648cd8f39..54fb5a478 100644 --- a/gost_omac.c +++ b/gost_omac.c @@ -5,29 +5,29 @@ * Contents licensed under the terms of the OpenSSL license * See https://www.openssl.org/source/license.html for details */ -#include +#include "e_gost_err.h" +#include "gost_lcl.h" + #include #include #include #include +#include -#include "e_gost_err.h" -#include "gost_lcl.h" - -#define min(a,b) (((a) < (b)) ? (a) : (b)) +#define min(a, b) (((a) < (b)) ? (a) : (b)) typedef struct omac_ctx { CMAC_CTX *cmac_ctx; size_t dgst_size; const char *cipher_name; int key_set; -/* + /* * Here begins stuff related to TLSTREE processing * We MUST store the original key to derive TLSTREE keys from it * and TLS seq no. * */ unsigned char key[32]; -/* + /* * TODO * TLSTREE intermediate values should be recalculated only when * C_i & (seq_no+1) != C_i & (seq_no) @@ -134,7 +134,7 @@ static int omac_imit_cleanup(EVP_MD_CTX *ctx) return 1; } -static int omac_key(OMAC_CTX * c, const EVP_CIPHER *cipher, +static int omac_key(OMAC_CTX *c, const EVP_CIPHER *cipher, const unsigned char *key, size_t key_size) { int ret = 0; @@ -160,101 +160,98 @@ int omac_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) case EVP_MD_CTRL_KEY_LEN: *((unsigned int *)(ptr)) = 32; return 1; - case EVP_MD_CTRL_SET_KEY: - { - OMAC_CTX *c = EVP_MD_CTX_md_data(ctx); - const EVP_MD *md = EVP_MD_CTX_md(ctx); - EVP_CIPHER *cipher = NULL; - int ret = 0; + case EVP_MD_CTRL_SET_KEY: { + OMAC_CTX *c = EVP_MD_CTX_md_data(ctx); + const EVP_MD *md = EVP_MD_CTX_md(ctx); + EVP_CIPHER *cipher = NULL; + int ret = 0; - if (c->cipher_name == NULL) { - if (EVP_MD_is_a(md, SN_magma_mac)) - c->cipher_name = SN_magma_cbc; - else if (EVP_MD_is_a(md, SN_grasshopper_mac)) - c->cipher_name = SN_grasshopper_cbc; - } - if ((cipher = - (EVP_CIPHER *)EVP_get_cipherbyname(c->cipher_name)) == NULL - && (cipher = - EVP_CIPHER_fetch(NULL, c->cipher_name, NULL)) == NULL) { - GOSTerr(GOST_F_OMAC_IMIT_CTRL, GOST_R_CIPHER_NOT_FOUND); - goto set_key_end; - } + if (c->cipher_name == NULL) { + if (EVP_MD_is_a(md, SN_magma_mac)) + c->cipher_name = SN_magma_cbc; + else if (EVP_MD_is_a(md, SN_grasshopper_mac)) + c->cipher_name = SN_grasshopper_cbc; + } + if ((cipher = (EVP_CIPHER *)EVP_get_cipherbyname(c->cipher_name)) + == NULL + && (cipher = EVP_CIPHER_fetch(NULL, c->cipher_name, NULL)) + == NULL) { + GOSTerr(GOST_F_OMAC_IMIT_CTRL, GOST_R_CIPHER_NOT_FOUND); + goto set_key_end; + } - if (EVP_MD_meth_get_init(EVP_MD_CTX_md(ctx)) (ctx) <= 0) { - GOSTerr(GOST_F_OMAC_IMIT_CTRL, GOST_R_MAC_KEY_NOT_SET); - goto set_key_end; - } - EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NO_INIT); + if (EVP_MD_meth_get_init(EVP_MD_CTX_md(ctx))(ctx) <= 0) { + GOSTerr(GOST_F_OMAC_IMIT_CTRL, GOST_R_MAC_KEY_NOT_SET); + goto set_key_end; + } + EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NO_INIT); - if (c->key_set) { - GOSTerr(GOST_F_OMAC_IMIT_CTRL, GOST_R_BAD_ORDER); - goto set_key_end; - } + if (c->key_set) { + GOSTerr(GOST_F_OMAC_IMIT_CTRL, GOST_R_BAD_ORDER); + goto set_key_end; + } - if (arg == 0) { - struct gost_mac_key *key = (struct gost_mac_key *)ptr; - ret = omac_key(c, cipher, key->key, 32); - if (ret > 0) - memcpy(c->key, key->key, 32); - goto set_key_end; - } else if (arg == 32) { - ret = omac_key(c, cipher, ptr, 32); - if (ret > 0) - memcpy(c->key, ptr, 32); - goto set_key_end; - } - GOSTerr(GOST_F_OMAC_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_SIZE); - set_key_end: - EVP_CIPHER_free(cipher); + if (arg == 0) { + struct gost_mac_key *key = (struct gost_mac_key *)ptr; + ret = omac_key(c, cipher, key->key, 32); if (ret > 0) - return ret; - return 0; + memcpy(c->key, key->key, 32); + goto set_key_end; + } else if (arg == 32) { + ret = omac_key(c, cipher, ptr, 32); + if (ret > 0) + memcpy(c->key, ptr, 32); + goto set_key_end; } - case EVP_MD_CTRL_XOF_LEN: /* Supported in OpenSSL */ - { - OMAC_CTX *c = EVP_MD_CTX_md_data(ctx); - switch (OBJ_txt2nid(c->cipher_name)) { - case NID_magma_cbc: - if (arg < 1 || arg > 8) { - GOSTerr(GOST_F_OMAC_IMIT_CTRL, GOST_R_INVALID_MAC_SIZE); - return 0; - } - c->dgst_size = arg; - break; - case NID_grasshopper_cbc: - if (arg < 1 || arg > 16) { - GOSTerr(GOST_F_OMAC_IMIT_CTRL, GOST_R_INVALID_MAC_SIZE); - return 0; - } - c->dgst_size = arg; - break; - default: + GOSTerr(GOST_F_OMAC_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_SIZE); + set_key_end: + EVP_CIPHER_free(cipher); + if (ret > 0) + return ret; + return 0; + } + case EVP_MD_CTRL_XOF_LEN: /* Supported in OpenSSL */ + { + OMAC_CTX *c = EVP_MD_CTX_md_data(ctx); + switch (OBJ_txt2nid(c->cipher_name)) { + case NID_magma_cbc: + if (arg < 1 || arg > 8) { + GOSTerr(GOST_F_OMAC_IMIT_CTRL, GOST_R_INVALID_MAC_SIZE); + return 0; + } + c->dgst_size = arg; + break; + case NID_grasshopper_cbc: + if (arg < 1 || arg > 16) { + GOSTerr(GOST_F_OMAC_IMIT_CTRL, GOST_R_INVALID_MAC_SIZE); return 0; } - return 1; + c->dgst_size = arg; + break; + default: + return 0; } + return 1; + } #ifdef EVP_MD_CTRL_TLSTREE - case EVP_MD_CTRL_TLSTREE: - { - OMAC_CTX *c = EVP_MD_CTX_md_data(ctx); - if (c->key_set) { - unsigned char diversed_key[32]; - int ret = 0; - if (gost_tlstree(OBJ_txt2nid(c->cipher_name), - c->key, diversed_key, - (const unsigned char *)ptr)) { - EVP_CIPHER *cipher; - if ((cipher = (EVP_CIPHER *)EVP_get_cipherbyname(c->cipher_name)) - || (cipher = EVP_CIPHER_fetch(NULL, c->cipher_name, NULL))) - ret = omac_key(c, cipher, diversed_key, 32); - EVP_CIPHER_free(cipher); - } - return ret; + case EVP_MD_CTRL_TLSTREE: { + OMAC_CTX *c = EVP_MD_CTX_md_data(ctx); + if (c->key_set) { + unsigned char diversed_key[32]; + int ret = 0; + if (gost_tlstree(OBJ_txt2nid(c->cipher_name), c->key, diversed_key, + (const unsigned char *)ptr)) { + EVP_CIPHER *cipher; + if ((cipher = (EVP_CIPHER *)EVP_get_cipherbyname(c->cipher_name)) + || (cipher = EVP_CIPHER_fetch(NULL, c->cipher_name, NULL))) + ret = omac_key(c, cipher, diversed_key, 32); + EVP_CIPHER_free(cipher); } - GOSTerr(GOST_F_OMAC_IMIT_CTRL, GOST_R_BAD_ORDER); - return 0; + return ret; } + GOSTerr(GOST_F_OMAC_IMIT_CTRL, GOST_R_BAD_ORDER); + return 0; + } #endif default: return 0; diff --git a/gost_omac_acpkm.c b/gost_omac_acpkm.c index 8e2c4df38..4ffafff97 100644 --- a/gost_omac_acpkm.c +++ b/gost_omac_acpkm.c @@ -5,18 +5,19 @@ * Contents licensed under the terms of the OpenSSL license * See https://www.openssl.org/source/license.html for details */ -#include +#include "e_gost_err.h" +#include "gost_grasshopper_cipher.h" +#include "gost_grasshopper_defines.h" +#include "gost_lcl.h" + #include #include #include #include - -#include "e_gost_err.h" -#include "gost_lcl.h" -#include "gost_grasshopper_defines.h" -#include "gost_grasshopper_cipher.h" +#include #define ACPKM_T_MAX (GRASSHOPPER_KEY_SIZE + GRASSHOPPER_BLOCK_SIZE) + /* * CMAC code from crypto/cmac/cmac.c with ACPKM tweaks */ @@ -33,7 +34,7 @@ struct CMAC_ACPKM_CTX_st { /* Number of bytes in last block: -1 means context not initialised */ int nlast_block; unsigned int section_size; /* N */ - unsigned int num; /* processed bytes until section_size */ + unsigned int num; /* processed bytes until section_size */ }; typedef struct CMAC_ACPKM_CTX_st CMAC_ACPKM_CTX; @@ -169,8 +170,8 @@ static int CMAC_ACPKM_Init(CMAC_ACPKM_CTX *ctx, const void *key, size_t keylen, return 0; /* Initialize cbc for CMAC */ - if (!EVP_CIPHER_CTX_cipher(ctx->cctx) || - !EVP_CIPHER_CTX_set_key_length(ctx->cctx, key_len)) + if (!EVP_CIPHER_CTX_cipher(ctx->cctx) + || !EVP_CIPHER_CTX_set_key_length(ctx->cctx, key_len)) return 0; /* set CBC key to K^1 */ if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, ctx->km, zero_iv)) @@ -185,8 +186,8 @@ static int CMAC_ACPKM_Init(CMAC_ACPKM_CTX *ctx, const void *key, size_t keylen, static int CMAC_ACPKM_Master(CMAC_ACPKM_CTX *ctx) { return EVP_Cipher(ctx->actx, ctx->km, zero_iv, - EVP_CIPHER_key_length(EVP_CIPHER_CTX_cipher(ctx->actx)) + - EVP_CIPHER_CTX_block_size(ctx->cctx)); + EVP_CIPHER_key_length(EVP_CIPHER_CTX_cipher(ctx->actx)) + + EVP_CIPHER_CTX_block_size(ctx->cctx)); } static int CMAC_ACPKM_Mesh(CMAC_ACPKM_CTX *ctx) @@ -197,8 +198,8 @@ static int CMAC_ACPKM_Mesh(CMAC_ACPKM_CTX *ctx) if (!CMAC_ACPKM_Master(ctx)) return 0; /* Restart cbc with new key */ - if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, ctx->km, - EVP_CIPHER_CTX_iv(ctx->cctx))) + if (!EVP_EncryptInit_ex( + ctx->cctx, NULL, NULL, ctx->km, EVP_CIPHER_CTX_iv(ctx->cctx))) return 0; return 1; } @@ -246,18 +247,17 @@ static int CMAC_ACPKM_Update(CMAC_ACPKM_CTX *ctx, const void *in, size_t dlen) memcpy(ctx->last_block, data, dlen); ctx->nlast_block = dlen; return 1; - } -static int CMAC_ACPKM_Final(CMAC_ACPKM_CTX *ctx, unsigned char *out, - size_t *poutlen) +static int +CMAC_ACPKM_Final(CMAC_ACPKM_CTX *ctx, unsigned char *out, size_t *poutlen) { int i, bl, lb, key_len; unsigned char *k1, k2[EVP_MAX_BLOCK_LENGTH]; if (ctx->nlast_block == -1) return 0; bl = EVP_CIPHER_CTX_block_size(ctx->cctx); - *poutlen = (size_t) bl; + *poutlen = (size_t)bl; if (!out) return 1; lb = ctx->nlast_block; @@ -324,8 +324,8 @@ static int grasshopper_omac_acpkm_init(EVP_MD_CTX *ctx) return omac_acpkm_init(ctx, SN_grasshopper_cbc); } -static int omac_acpkm_imit_update(EVP_MD_CTX *ctx, const void *data, - size_t count) +static int +omac_acpkm_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count) { OMAC_ACPKM_CTX *c = EVP_MD_CTX_md_data(ctx); if (!c->key_set) { @@ -372,11 +372,13 @@ static int omac_acpkm_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) } return 1; } - if ((c_to->cmac_ctx == c_from->cmac_ctx) || (c_to->cmac_ctx == NULL)) { + if ((c_to->cmac_ctx == c_from->cmac_ctx) || (c_to->cmac_ctx == NULL)) { c_to->cmac_ctx = CMAC_ACPKM_CTX_new(); } - return (c_to->cmac_ctx) ? CMAC_ACPKM_CTX_copy(c_to->cmac_ctx, c_from->cmac_ctx) : 0; + return (c_to->cmac_ctx) + ? CMAC_ACPKM_CTX_copy(c_to->cmac_ctx, c_from->cmac_ctx) + : 0; } /* Clean up imit ctx */ @@ -415,93 +417,94 @@ int omac_acpkm_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) case EVP_MD_CTRL_KEY_LEN: *((unsigned int *)(ptr)) = 32; return 1; - case EVP_MD_CTRL_SET_KEY: - { - OMAC_ACPKM_CTX *c = EVP_MD_CTX_md_data(ctx); - const EVP_MD *md = EVP_MD_CTX_md(ctx); - EVP_CIPHER *cipher = NULL; - int ret = 0; - - if (c->cipher_name == NULL) { - if (EVP_MD_is_a(md, SN_grasshopper_mac) - || EVP_MD_is_a(md, SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac)) - c->cipher_name = SN_grasshopper_cbc; - } - if ((cipher = - (EVP_CIPHER *)EVP_get_cipherbyname(c->cipher_name)) == NULL - && (cipher = - EVP_CIPHER_fetch(NULL, c->cipher_name, NULL)) == NULL) { - GOSTerr(GOST_F_OMAC_ACPKM_IMIT_CTRL, GOST_R_CIPHER_NOT_FOUND); - } - if (EVP_MD_meth_get_init(EVP_MD_CTX_md(ctx)) (ctx) <= 0) { - GOSTerr(GOST_F_OMAC_ACPKM_IMIT_CTRL, GOST_R_MAC_KEY_NOT_SET); - goto set_key_end; - } - EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NO_INIT); - if (c->key_set) { - GOSTerr(GOST_F_OMAC_ACPKM_IMIT_CTRL, GOST_R_BAD_ORDER); - goto set_key_end; - } - if (arg == 0) { - struct gost_mac_key *key = (struct gost_mac_key *)ptr; - ret = omac_acpkm_key(c, cipher, key->key, 32); - goto set_key_end; - } else if (arg == 32) { - ret = omac_acpkm_key(c, cipher, ptr, 32); - goto set_key_end; - } - GOSTerr(GOST_F_OMAC_ACPKM_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_SIZE); - set_key_end: - EVP_CIPHER_free(cipher); - return ret; + case EVP_MD_CTRL_SET_KEY: { + OMAC_ACPKM_CTX *c = EVP_MD_CTX_md_data(ctx); + const EVP_MD *md = EVP_MD_CTX_md(ctx); + EVP_CIPHER *cipher = NULL; + int ret = 0; + + if (c->cipher_name == NULL) { + if (EVP_MD_is_a(md, SN_grasshopper_mac) + || EVP_MD_is_a( + md, + SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac)) + c->cipher_name = SN_grasshopper_cbc; } - case EVP_CTRL_KEY_MESH: - { - OMAC_ACPKM_CTX *c = EVP_MD_CTX_md_data(ctx); - if (!arg || (arg % EVP_MD_block_size(EVP_MD_CTX_md(ctx)))) - return -1; - c->cmac_ctx->section_size = arg; - if (ptr && *(int *)ptr) { - /* Set parameter T */ - if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_cipher(c->cmac_ctx->actx)) - == NULL) { - if (!EVP_CIPHER_CTX_ctrl(c->cmac_ctx->actx, EVP_CTRL_KEY_MESH, - *(int *)ptr, NULL)) - return 0; - } else { - size_t cipher_key_mesh = (size_t)*(int *)ptr; - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - params[0] = OSSL_PARAM_construct_size_t("key-mesh", - &cipher_key_mesh); - if (!EVP_CIPHER_CTX_set_params(c->cmac_ctx->actx, params)) - return 0; - } - } - return 1; + if ((cipher = (EVP_CIPHER *)EVP_get_cipherbyname(c->cipher_name)) + == NULL + && (cipher = EVP_CIPHER_fetch(NULL, c->cipher_name, NULL)) + == NULL) { + GOSTerr(GOST_F_OMAC_ACPKM_IMIT_CTRL, GOST_R_CIPHER_NOT_FOUND); + } + if (EVP_MD_meth_get_init(EVP_MD_CTX_md(ctx))(ctx) <= 0) { + GOSTerr(GOST_F_OMAC_ACPKM_IMIT_CTRL, GOST_R_MAC_KEY_NOT_SET); + goto set_key_end; + } + EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NO_INIT); + if (c->key_set) { + GOSTerr(GOST_F_OMAC_ACPKM_IMIT_CTRL, GOST_R_BAD_ORDER); + goto set_key_end; } - case EVP_MD_CTRL_XOF_LEN: /* Supported in OpenSSL */ - { - OMAC_ACPKM_CTX *c = EVP_MD_CTX_md_data(ctx); - switch (OBJ_txt2nid(c->cipher_name)) { - case NID_grasshopper_cbc: - if (arg < 1 || arg > 16) { - GOSTerr(GOST_F_OMAC_ACPKM_IMIT_CTRL, GOST_R_INVALID_MAC_SIZE); + if (arg == 0) { + struct gost_mac_key *key = (struct gost_mac_key *)ptr; + ret = omac_acpkm_key(c, cipher, key->key, 32); + goto set_key_end; + } else if (arg == 32) { + ret = omac_acpkm_key(c, cipher, ptr, 32); + goto set_key_end; + } + GOSTerr(GOST_F_OMAC_ACPKM_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_SIZE); + set_key_end: + EVP_CIPHER_free(cipher); + return ret; + } + case EVP_CTRL_KEY_MESH: { + OMAC_ACPKM_CTX *c = EVP_MD_CTX_md_data(ctx); + if (!arg || (arg % EVP_MD_block_size(EVP_MD_CTX_md(ctx)))) + return -1; + c->cmac_ctx->section_size = arg; + if (ptr && *(int *)ptr) { + /* Set parameter T */ + if (EVP_CIPHER_get0_provider( + EVP_CIPHER_CTX_cipher(c->cmac_ctx->actx)) + == NULL) { + if (!EVP_CIPHER_CTX_ctrl(c->cmac_ctx->actx, EVP_CTRL_KEY_MESH, + *(int *)ptr, NULL)) return 0; - } - c->dgst_size = arg; - break; - case NID_magma_cbc: - if (arg < 1 || arg > 8) { - GOSTerr(GOST_F_OMAC_ACPKM_IMIT_CTRL, GOST_R_INVALID_MAC_SIZE); + } else { + size_t cipher_key_mesh = (size_t) * (int *)ptr; + OSSL_PARAM params[] = {OSSL_PARAM_END, OSSL_PARAM_END}; + params[0] = + OSSL_PARAM_construct_size_t("key-mesh", &cipher_key_mesh); + if (!EVP_CIPHER_CTX_set_params(c->cmac_ctx->actx, params)) return 0; - } - c->dgst_size = arg; - break; - default: + } + } + return 1; + } + case EVP_MD_CTRL_XOF_LEN: /* Supported in OpenSSL */ + { + OMAC_ACPKM_CTX *c = EVP_MD_CTX_md_data(ctx); + switch (OBJ_txt2nid(c->cipher_name)) { + case NID_grasshopper_cbc: + if (arg < 1 || arg > 16) { + GOSTerr(GOST_F_OMAC_ACPKM_IMIT_CTRL, GOST_R_INVALID_MAC_SIZE); return 0; } - return 1; + c->dgst_size = arg; + break; + case NID_magma_cbc: + if (arg < 1 || arg > 8) { + GOSTerr(GOST_F_OMAC_ACPKM_IMIT_CTRL, GOST_R_INVALID_MAC_SIZE); + return 0; + } + c->dgst_size = arg; + break; + default: + return 0; } + return 1; + } default: return 0; diff --git a/gost_params.c b/gost_params.c index 5b00221f1..3558b5462 100644 --- a/gost_params.c +++ b/gost_params.c @@ -8,32 +8,27 @@ * this code * **********************************************************************/ #include "gost_lcl.h" + #include /* Parameters of GOST 34.10 */ R3410_ec_params R3410_2001_paramset[] = { /* 1.2.643.2.2.35.0 */ - {NID_id_GostR3410_2001_TestParamSet, - "7", + {NID_id_GostR3410_2001_TestParamSet, "7", "5FBFF498AA938CE739B8E022FBAFEF40563F6E6A3472FC2A514C0CE9DAE23B7E", "8000000000000000000000000000000000000000000000000000000000000431", - "8000000000000000000000000000000150FE8A1892976154C59CFC193ACCF5B3", - "2", - "08E2A8A0E65147D4BD6316030E16D19C85C97F0A9CA267122B96ABBCEA7E8FC8", - "1", NULL} - , + "8000000000000000000000000000000150FE8A1892976154C59CFC193ACCF5B3", "2", + "08E2A8A0E65147D4BD6316030E16D19C85C97F0A9CA267122B96ABBCEA7E8FC8", "1", + NULL}, /* * 1.2.643.2.2.35.1 */ {NID_id_GostR3410_2001_CryptoPro_A_ParamSet, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94", - "a6", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94", "a6", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893", - "1", - "8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14", - "1", NULL} - , + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893", "1", + "8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14", "1", + NULL}, /* * 1.2.643.2.2.35.2 */ @@ -41,47 +36,36 @@ R3410_ec_params R3410_2001_paramset[] = { "8000000000000000000000000000000000000000000000000000000000000C96", "3E1AF419A269A5F866A7D3C25C3DF80AE979259373FF2B182F49D4CE7E1BBC8B", "8000000000000000000000000000000000000000000000000000000000000C99", - "800000000000000000000000000000015F700CFFF1A624E5E497161BCC8A198F", - "1", - "3FA8124359F96680B83D1C3EB2C070E5C545C9858D03ECFB744BF8D717717EFC", - "1", NULL} - , + "800000000000000000000000000000015F700CFFF1A624E5E497161BCC8A198F", "1", + "3FA8124359F96680B83D1C3EB2C070E5C545C9858D03ECFB744BF8D717717EFC", "1", + NULL}, /* * 1.2.643.2.2.35.3 */ {NID_id_GostR3410_2001_CryptoPro_C_ParamSet, - "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D7598", - "805a", + "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D7598", "805a", "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D759B", - "9B9F605F5A858107AB1EC85E6B41C8AA582CA3511EDDFB74F02F3A6598980BB9", - "0", - "41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67", - "1", NULL} - , + "9B9F605F5A858107AB1EC85E6B41C8AA582CA3511EDDFB74F02F3A6598980BB9", "0", + "41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67", "1", + NULL}, /* * 1.2.643.2.2.36.0 */ {NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94", - "a6", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94", "a6", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893", - "1", - "8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14", - "1", NULL} - , + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893", "1", + "8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14", "1", + NULL}, /* * 1.2.643.2.2.36.1 */ {NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet, - "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D7598", - "805a", + "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D7598", "805a", "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D759B", - "9B9F605F5A858107AB1EC85E6B41C8AA582CA3511EDDFB74F02F3A6598980BB9", - "0", - "41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67", - "1", NULL} - , + "9B9F605F5A858107AB1EC85E6B41C8AA582CA3511EDDFB74F02F3A6598980BB9", "0", + "41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67", "1", + NULL}, /* * 1.2.643.7.1.2.1.1.1 Edvards */ @@ -99,10 +83,8 @@ R3410_ec_params R3410_2001_paramset[] = { /* y */ "32879423AB1A0375895786C4BB46E9565FDE0B5344766740AF268ADB32322E5C", /* cofactor */ - "4", NULL} - , - {NID_undef, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL} -}; + "4", NULL}, + {NID_undef, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL}}; /* Parameters of GOST 34.10-2012 */ @@ -127,8 +109,7 @@ R3410_ec_params R3410_2012_512_paramset[] = { /* y */ "2BB312A43BD2CE6E0D020613C857ACDDCFBF061E91E5F2C3F32447C259F39B2C" "83AB156D77F1496BF7EB3351E1EE4E43DC1A18B91B24640B6DBB92CB1ADD371E", - "1", NULL} - , + "1", NULL}, {NID_id_tc26_gost_3410_2012_512_paramSetA, /* a */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" @@ -147,8 +128,7 @@ R3410_ec_params R3410_2012_512_paramset[] = { /* y */ "7503CFE87A836AE3A61B8816E25450E6CE5E1C93ACF1ABC1778064FDCBEFA921DF16" "26BE4FD036E93D75E6A50E3A41E98028FE5FC235F5B889A589CB5215F2A4", - "1", NULL} - , + "1", NULL}, {NID_id_tc26_gost_3410_2012_512_paramSetB, /* a */ "8000000000000000000000000000000000000000000000000000000000000000" @@ -167,8 +147,7 @@ R3410_ec_params R3410_2012_512_paramset[] = { /* y */ "1A8F7EDA389B094C2C071E3647A8940F3C123B697578C213BE6DD9E6C8EC7335" "DCB228FD1EDF4A39152CBCAAF8C0398828041055F94CEEEC7E21340780FE41BD", - "1", NULL} - , + "1", NULL}, {NID_id_tc26_gost_3410_2012_512_paramSetC, /* a */ "DC9203E514A721875485A529D2C722FB187BC8980EB866644DE41C68E1430645" @@ -188,7 +167,5 @@ R3410_ec_params R3410_2012_512_paramset[] = { /* y */ "F5CE40D95B5EB899ABBCCFF5911CB8577939804D6527378B8C108C3D2090FF9B" "E18E2D33E3021ED2EF32D85822423B6304F726AA854BAE07D0396E9A9ADDC40F", - "4", NULL} - , - {NID_undef, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL} -}; + "4", NULL}, + {NID_undef, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL}}; diff --git a/gost_pmeth.c b/gost_pmeth.c index 44bfc75ff..030385a87 100644 --- a/gost_pmeth.c +++ b/gost_pmeth.c @@ -7,22 +7,23 @@ * for OpenSSL * * Requires OpenSSL 1.0.0+ for compilation * **********************************************************************/ -#include -#include +#include "e_gost_err.h" +#include "gost_lcl.h" + +#include #include #include -#include /* For string_to_hex */ -#include /* For OPENSSL_VERSION_MAJOR */ +#include +#include +#include /* For OPENSSL_VERSION_MAJOR */ +#include /* For string_to_hex */ #include #include -#include -#include "gost_lcl.h" -#include "e_gost_err.h" #define ossl3_const #ifdef OPENSSL_VERSION_MAJOR -#undef ossl3_const -#define ossl3_const const +# undef ossl3_const +# define ossl3_const const #endif /* -----init, cleanup, copy - uniform for all algs --------------*/ @@ -41,16 +42,15 @@ static int pkey_gost_init(EVP_PKEY_CTX *ctx) case NID_id_GostR3410_2001: case NID_id_GostR3410_2001DH: case NID_id_GostR3410_2012_256: - case NID_id_GostR3410_2012_512: - { - const EC_GROUP *group = - EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey)); - if (group != NULL) { - data->sign_param_nid = EC_GROUP_get_curve_name(group); - break; - } - /* else */ + case NID_id_GostR3410_2012_512: { + const EC_GROUP *group = + EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey)); + if (group != NULL) { + data->sign_param_nid = EC_GROUP_get_curve_name(group); + break; } + /* else */ + } default: OPENSSL_free(data); return 0; @@ -95,42 +95,41 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 0; switch (type) { - case EVP_PKEY_CTRL_MD: - { - EVP_PKEY *key = EVP_PKEY_CTX_get0_pkey(ctx); - int pkey_nid = (key == NULL) ? NID_undef : EVP_PKEY_base_id(key); - - OPENSSL_assert(p2 != NULL); - - switch (EVP_MD_type((const EVP_MD *)p2)) { - case NID_id_GostR3411_94: - if (pkey_nid == NID_id_GostR3410_2001 - || pkey_nid == NID_id_GostR3410_2001DH - || pkey_nid == NID_id_GostR3410_94) { - pctx->md = (EVP_MD *)p2; - return 1; - } - break; - - case NID_id_GostR3411_2012_256: - if (pkey_nid == NID_id_GostR3410_2012_256) { - pctx->md = (EVP_MD *)p2; - return 1; - } - break; + case EVP_PKEY_CTRL_MD: { + EVP_PKEY *key = EVP_PKEY_CTX_get0_pkey(ctx); + int pkey_nid = (key == NULL) ? NID_undef : EVP_PKEY_base_id(key); + + OPENSSL_assert(p2 != NULL); + + switch (EVP_MD_type((const EVP_MD *)p2)) { + case NID_id_GostR3411_94: + if (pkey_nid == NID_id_GostR3410_2001 + || pkey_nid == NID_id_GostR3410_2001DH + || pkey_nid == NID_id_GostR3410_94) { + pctx->md = (EVP_MD *)p2; + return 1; + } + break; - case NID_id_GostR3411_2012_512: - if (pkey_nid == NID_id_GostR3410_2012_512) { - pctx->md = (EVP_MD *)p2; - return 1; - } - break; + case NID_id_GostR3411_2012_256: + if (pkey_nid == NID_id_GostR3410_2012_256) { + pctx->md = (EVP_MD *)p2; + return 1; } + break; - GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE); - return 0; + case NID_id_GostR3411_2012_512: + if (pkey_nid == NID_id_GostR3410_2012_512) { + pctx->md = (EVP_MD *)p2; + return 1; + } + break; } + GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE); + return 0; + } + case EVP_PKEY_CTRL_GET_MD: *(const EVP_MD **)p2 = pctx->md; return 1; @@ -150,47 +149,47 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) pctx->sign_param_nid = (int)p1; return 1; case EVP_PKEY_CTRL_SET_IV: - if (p1 > sizeof(pctx->shared_ukm) || !p2) { - GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_UKM_NOT_SET); - return 0; - } + if (p1 > sizeof(pctx->shared_ukm) || !p2) { + GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_UKM_NOT_SET); + return 0; + } memcpy(pctx->shared_ukm, p2, (int)p1); pctx->shared_ukm_size = p1; return 1; case EVP_PKEY_CTRL_SET_VKO: - switch (p1) { - case 0: /* switch to KEG */ - case NID_id_GostR3411_2012_256: - case NID_id_GostR3411_2012_512: - break; - default: - GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE); - return 0; - } + switch (p1) { + case 0: /* switch to KEG */ + case NID_id_GostR3411_2012_256: + case NID_id_GostR3411_2012_512: + break; + default: + GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE); + return 0; + } pctx->vko_dgst_nid = p1; return 1; - case EVP_PKEY_CTRL_CIPHER: + case EVP_PKEY_CTRL_CIPHER: switch (p1) { - case NID_magma_ctr_acpkm: - case NID_magma_ctr_acpkm_omac: - case NID_magma_ctr: + case NID_magma_ctr_acpkm: + case NID_magma_ctr_acpkm_omac: + case NID_magma_ctr: pctx->cipher_nid = NID_magma_ctr; return 1; - case NID_kuznyechik_ctr_acpkm: - case NID_kuznyechik_ctr_acpkm_omac: - case NID_kuznyechik_ctr: + case NID_kuznyechik_ctr_acpkm: + case NID_kuznyechik_ctr_acpkm_omac: + case NID_kuznyechik_ctr: pctx->cipher_nid = NID_kuznyechik_ctr; return 1; - default: + default: pctx->cipher_nid = p1; return 1; } case EVP_PKEY_CTRL_PEER_KEY: if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */ return 1; - if (p1 == 2) /* TLS: peer key used? */ + if (p1 == 2) /* TLS: peer key used? */ return pctx->peer_key_used; - if (p1 == 3) /* TLS: peer key used! */ + if (p1 == 3) /* TLS: peer key used! */ return (pctx->peer_key_used = 1); break; } @@ -199,44 +198,46 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return -2; } -static int pkey_gost_ec_ctrl_str_common(EVP_PKEY_CTX *ctx, - const char *type, const char *value) +static int pkey_gost_ec_ctrl_str_common( + EVP_PKEY_CTX *ctx, const char *type, const char *value) { - if (0 == strcmp(type, ukm_ctrl_string)) { - unsigned char ukm_buf[32], *tmp = NULL; - long len = 0; - tmp = OPENSSL_hexstr2buf(value, &len); - if (tmp == NULL) - return 0; - - if (len > 32) { - OPENSSL_free(tmp); - GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_COMMON, GOST_R_CTRL_CALL_FAILED); - return 0; + if (0 == strcmp(type, ukm_ctrl_string)) { + unsigned char ukm_buf[32], *tmp = NULL; + long len = 0; + tmp = OPENSSL_hexstr2buf(value, &len); + if (tmp == NULL) + return 0; + + if (len > 32) { + OPENSSL_free(tmp); + GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_COMMON, + GOST_R_CTRL_CALL_FAILED); + return 0; + } + memcpy(ukm_buf, tmp, len); + OPENSSL_free(tmp); + + return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_SET_IV, len, ukm_buf); + } else if (strcmp(type, vko_ctrl_string) == 0) { + int bits = atoi(value); + int vko_dgst_nid = 0; + + if (bits == 256) + vko_dgst_nid = NID_id_GostR3411_2012_256; + else if (bits == 512) + vko_dgst_nid = NID_id_GostR3411_2012_512; + else if (bits != 0) { + GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_COMMON, + GOST_R_INVALID_DIGEST_TYPE); + return 0; + } + return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_SET_VKO, vko_dgst_nid, NULL); } - memcpy(ukm_buf, tmp, len); - OPENSSL_free(tmp); - - return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_SET_IV, len, ukm_buf); - } else if (strcmp(type, vko_ctrl_string) == 0) { - int bits = atoi(value); - int vko_dgst_nid = 0; - - if (bits == 256) - vko_dgst_nid = NID_id_GostR3411_2012_256; - else if (bits == 512) - vko_dgst_nid = NID_id_GostR3411_2012_512; - else if (bits != 0) { - GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_COMMON, GOST_R_INVALID_DIGEST_TYPE); - return 0; - } - return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_SET_VKO, vko_dgst_nid, NULL); - } - return -2; + return -2; } -static int pkey_gost_ec_ctrl_str_256(EVP_PKEY_CTX *ctx, - const char *type, const char *value) +static int pkey_gost_ec_ctrl_str_256(EVP_PKEY_CTX *ctx, const char *type, + const char *value) { if (strcmp(type, param_ctrl_string) == 0) { int param_nid = 0; @@ -273,9 +274,9 @@ static int pkey_gost_ec_ctrl_str_256(EVP_PKEY_CTX *ctx, default: return 0; } - } else if ((strlen(value) == 3) - && (toupper((unsigned char)value[0]) == 'T') - && (toupper((unsigned char)value[1]) == 'C')) { + } else if ((strlen(value) == 3) + && (toupper((unsigned char)value[0]) == 'T') + && (toupper((unsigned char)value[1]) == 'C')) { switch (toupper((unsigned char)value[2])) { case 'A': param_nid = NID_id_tc26_gost_3410_2012_256_paramSetA; @@ -309,20 +310,20 @@ static int pkey_gost_ec_ctrl_str_256(EVP_PKEY_CTX *ctx, } } - return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, - param_nid, NULL); + return pkey_gost_ctrl( + ctx, EVP_PKEY_CTRL_GOST_PARAMSET, param_nid, NULL); } return pkey_gost_ec_ctrl_str_common(ctx, type, value); } -static int pkey_gost_ec_ctrl_str_512(EVP_PKEY_CTX *ctx, - const char *type, const char *value) +static int pkey_gost_ec_ctrl_str_512(EVP_PKEY_CTX *ctx, const char *type, + const char *value) { int param_nid = NID_undef; if (strcmp(type, param_ctrl_string)) - return pkey_gost_ec_ctrl_str_common(ctx, type, value); + return pkey_gost_ec_ctrl_str_common(ctx, type, value); if (!value) return 0; @@ -354,8 +355,7 @@ static int pkey_gost_ec_ctrl_str_512(EVP_PKEY_CTX *ctx, p++; if (p->nid == NID_undef) { - GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_512, - GOST_R_INVALID_PARAMSET); + GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_512, GOST_R_INVALID_PARAMSET); return 0; } } @@ -411,8 +411,7 @@ static int pkey_gost2012_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) case NID_id_tc26_gost_3410_2012_512_paramSetB: case NID_id_tc26_gost_3410_2012_512_paramSetC: case NID_id_tc26_gost_3410_2012_512_paramSetTest: - result = - (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_512, ec)) ? 1 : 0; + result = (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_512, ec)) ? 1 : 0; break; case NID_id_GostR3410_2001_CryptoPro_A_ParamSet: @@ -425,8 +424,7 @@ static int pkey_gost2012_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) case NID_id_tc26_gost_3410_2012_256_paramSetB: case NID_id_tc26_gost_3410_2012_256_paramSetC: case NID_id_tc26_gost_3410_2012_256_paramSetD: - result = - (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_256, ec)) ? 1 : 0; + result = (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_256, ec)) ? 1 : 0; break; default: result = 0; @@ -478,9 +476,9 @@ int pack_sign_cp(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen) return 1; } -static int pkey_gost_ec_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbs_len) +static int +pkey_gost_ec_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbs_len) { ECDSA_SIG *unpacked_sig = NULL; EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); @@ -533,9 +531,9 @@ ECDSA_SIG *unpack_cp_signature(const unsigned char *sigbuf, size_t siglen) return sig; } -static int pkey_gost_ec_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbs_len) +static int +pkey_gost_ec_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, size_t tbs_len) { int ok = 0; EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx); @@ -653,17 +651,15 @@ static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) (struct gost_mac_pmeth_data *)EVP_PKEY_CTX_get_data(ctx); switch (type) { - case EVP_PKEY_CTRL_MD: - { - int nid = EVP_MD_type((const EVP_MD *)p2); - if (nid != NID_id_Gost28147_89_MAC && nid != NID_gost_mac_12) { - GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, - GOST_R_INVALID_DIGEST_TYPE); - return 0; - } - data->md = (EVP_MD *)p2; - return 1; + case EVP_PKEY_CTRL_MD: { + int nid = EVP_MD_type((const EVP_MD *)p2); + if (nid != NID_id_Gost28147_89_MAC && nid != NID_gost_mac_12) { + GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_DIGEST_TYPE); + return 0; } + data->md = (EVP_MD *)p2; + return 1; + } case EVP_PKEY_CTRL_GET_MD: *(const EVP_MD **)p2 = data->md; @@ -682,52 +678,46 @@ static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) memcpy(data->key, p2, 32); data->key_set = 1; return 1; - case EVP_PKEY_CTRL_GOST_PARAMSET: - { - struct gost_cipher_info *param = p2; - data->mac_param_nid = param->nid; - return 1; - } - case EVP_PKEY_CTRL_DIGESTINIT: - { - EVP_MD_CTX *mctx = p2; - if (!data->key_set) { - struct gost_mac_key *key; - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); - if (!pkey) { - GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, - GOST_R_MAC_KEY_NOT_SET); - return 0; - } - key = EVP_PKEY_get0(pkey); - if (!key) { - GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, - GOST_R_MAC_KEY_NOT_SET); - return 0; - } - return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx)) - (mctx, EVP_MD_CTRL_SET_KEY, 0, key); - } else { - return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx)) - (mctx, EVP_MD_CTRL_SET_KEY, 32, &(data->key)); + case EVP_PKEY_CTRL_GOST_PARAMSET: { + struct gost_cipher_info *param = p2; + data->mac_param_nid = param->nid; + return 1; + } + case EVP_PKEY_CTRL_DIGESTINIT: { + EVP_MD_CTX *mctx = p2; + if (!data->key_set) { + struct gost_mac_key *key; + EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); + if (!pkey) { + GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_MAC_KEY_NOT_SET); + return 0; } - } - case EVP_PKEY_CTRL_MAC_LEN: - { - if (p1 < 1 || p1 > 8) { - - GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_MAC_SIZE); + key = EVP_PKEY_get0(pkey); + if (!key) { + GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_MAC_KEY_NOT_SET); return 0; } - data->mac_size = p1; - return 1; + return EVP_MD_meth_get_ctrl( + EVP_MD_CTX_md(mctx))(mctx, EVP_MD_CTRL_SET_KEY, 0, key); + } else { + return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))( + mctx, EVP_MD_CTRL_SET_KEY, 32, &(data->key)); } } + case EVP_PKEY_CTRL_MAC_LEN: { + if (p1 < 1 || p1 > 8) { + GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_MAC_SIZE); + return 0; + } + data->mac_size = p1; + return 1; + } + } return -2; } -static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) +static int +pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { if (strcmp(type, key_ctrl_string) == 0) { if (strlen(value) != 32) { @@ -735,8 +725,8 @@ static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx, GOST_R_INVALID_MAC_KEY_LENGTH); return 0; } - return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, - 32, (char *)value); + return pkey_gost_mac_ctrl( + ctx, EVP_PKEY_CTRL_SET_MAC_KEY, 32, (char *)value); } if (strcmp(type, hexkey_ctrl_string) == 0) { long keylen; @@ -751,7 +741,6 @@ static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx, ret = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, 32, keybuf); OPENSSL_free(keybuf); return ret; - } if (!strcmp(type, maclen_ctrl_string)) { char *endptr; @@ -777,32 +766,30 @@ static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx, return 0; } - - return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, 0, - (void *)param); + return pkey_gost_mac_ctrl( + ctx, EVP_PKEY_CTRL_GOST_PARAMSET, 0, (void *)param); } return -2; } -static int pkey_gost_omac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2, size_t max_size) +static int pkey_gost_omac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2, + size_t max_size) { struct gost_mac_pmeth_data *data = (struct gost_mac_pmeth_data *)EVP_PKEY_CTX_get_data(ctx); switch (type) { - case EVP_PKEY_CTRL_MD: - { - int nid = EVP_MD_type((const EVP_MD *)p2); - if (nid != NID_magma_mac && nid != NID_grasshopper_mac - && nid != NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac /* FIXME beldmit */ - && nid != NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac) { - GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL, - GOST_R_INVALID_DIGEST_TYPE); - return 0; - } - data->md = (EVP_MD *)p2; - return 1; + case EVP_PKEY_CTRL_MD: { + int nid = EVP_MD_type((const EVP_MD *)p2); + if (nid != NID_magma_mac && nid != NID_grasshopper_mac + && nid != NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac /* FIXME beldmit */ + && nid != NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac) { + GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL, GOST_R_INVALID_DIGEST_TYPE); + return 0; } + data->md = (EVP_MD *)p2; + return 1; + } case EVP_PKEY_CTRL_GET_MD: *(const EVP_MD **)p2 = data->md; @@ -821,56 +808,53 @@ static int pkey_gost_omac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2, si memcpy(data->key, p2, 32); data->key_set = 1; return 1; - case EVP_PKEY_CTRL_DIGESTINIT: - { - EVP_MD_CTX *mctx = p2; - if (!data->key_set) { - struct gost_mac_key *key; - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); - if (!pkey) { - GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL, - GOST_R_MAC_KEY_NOT_SET); - return 0; - } - key = EVP_PKEY_get0(pkey); - if (!key) { - GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL, - GOST_R_MAC_KEY_NOT_SET); - return 0; - } - return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx)) - (mctx, EVP_MD_CTRL_SET_KEY, 0, key); - } else { - return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx)) - (mctx, EVP_MD_CTRL_SET_KEY, 32, &(data->key)); + case EVP_PKEY_CTRL_DIGESTINIT: { + EVP_MD_CTX *mctx = p2; + if (!data->key_set) { + struct gost_mac_key *key; + EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); + if (!pkey) { + GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL, GOST_R_MAC_KEY_NOT_SET); + return 0; } - } - case EVP_PKEY_CTRL_MAC_LEN: - { - if (p1 < 1 || p1 > max_size) { - - GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL, GOST_R_INVALID_MAC_SIZE); + key = EVP_PKEY_get0(pkey); + if (!key) { + GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL, GOST_R_MAC_KEY_NOT_SET); return 0; } - data->mac_size = p1; - return 1; + return EVP_MD_meth_get_ctrl( + EVP_MD_CTX_md(mctx))(mctx, EVP_MD_CTRL_SET_KEY, 0, key); + } else { + return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))( + mctx, EVP_MD_CTRL_SET_KEY, 32, &(data->key)); + } + } + case EVP_PKEY_CTRL_MAC_LEN: { + if (p1 < 1 || p1 > max_size) { + GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL, GOST_R_INVALID_MAC_SIZE); + return 0; } + data->mac_size = p1; + return 1; + } } return -2; } -static int pkey_gost_magma_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +static int +pkey_gost_magma_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { return pkey_gost_omac_ctrl(ctx, type, p1, p2, 8); } -static int pkey_gost_grasshopper_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +static int +pkey_gost_grasshopper_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { return pkey_gost_omac_ctrl(ctx, type, p1, p2, 16); } -static int pkey_gost_omac_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value, size_t max_size) +static int pkey_gost_omac_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value, size_t max_size) { if (strcmp(type, key_ctrl_string) == 0) { if (strlen(value) != 32) { @@ -878,8 +862,8 @@ static int pkey_gost_omac_ctrl_str(EVP_PKEY_CTX *ctx, GOST_R_INVALID_MAC_KEY_LENGTH); return 0; } - return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, - 32, (char *)value); + return pkey_gost_mac_ctrl( + ctx, EVP_PKEY_CTRL_SET_MAC_KEY, 32, (char *)value); } if (strcmp(type, hexkey_ctrl_string) == 0) { long keylen; @@ -894,7 +878,6 @@ static int pkey_gost_omac_ctrl_str(EVP_PKEY_CTX *ctx, ret = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, 32, keybuf); OPENSSL_free(keybuf); return ret; - } if (!strcmp(type, maclen_ctrl_string)) { char *endptr; @@ -903,25 +886,26 @@ static int pkey_gost_omac_ctrl_str(EVP_PKEY_CTX *ctx, GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL_STR, GOST_R_INVALID_MAC_SIZE); return 0; } - return pkey_gost_omac_ctrl(ctx, EVP_PKEY_CTRL_MAC_LEN, size, NULL, max_size); + return pkey_gost_omac_ctrl( + ctx, EVP_PKEY_CTRL_MAC_LEN, size, NULL, max_size); } return -2; } -static int pkey_gost_magma_mac_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) +static int pkey_gost_magma_mac_ctrl_str( + EVP_PKEY_CTX *ctx, const char *type, const char *value) { return pkey_gost_omac_ctrl_str(ctx, type, value, 8); } -static int pkey_gost_grasshopper_mac_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) +static int pkey_gost_grasshopper_mac_ctrl_str( + EVP_PKEY_CTX *ctx, const char *type, const char *value) { return pkey_gost_omac_ctrl_str(ctx, type, value, 8); } -static int pkey_gost_mac_keygen_base(EVP_PKEY_CTX *ctx, - EVP_PKEY *pkey, int mac_nid) +static int +pkey_gost_mac_keygen_base(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey, int mac_nid) { struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); struct gost_mac_key *keydata; @@ -986,14 +970,16 @@ static int pkey_gost_magma_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) data = EVP_PKEY_CTX_get_data(ctx); if (!data) { - GOSTerr(GOST_F_PKEY_GOST_MAGMA_MAC_SIGNCTX_INIT, GOST_R_MAC_KEY_NOT_SET); + GOSTerr(GOST_F_PKEY_GOST_MAGMA_MAC_SIGNCTX_INIT, + GOST_R_MAC_KEY_NOT_SET); return 0; } return 1; } -static int pkey_gost_grasshopper_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) +static int +pkey_gost_grasshopper_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); @@ -1003,7 +989,8 @@ static int pkey_gost_grasshopper_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX data = EVP_PKEY_CTX_get_data(ctx); if (!data) { - GOSTerr(GOST_F_PKEY_GOST_GRASSHOPPER_MAC_SIGNCTX_INIT, GOST_R_MAC_KEY_NOT_SET); + GOSTerr(GOST_F_PKEY_GOST_GRASSHOPPER_MAC_SIGNCTX_INIT, + GOST_R_MAC_KEY_NOT_SET); return 0; } @@ -1019,7 +1006,7 @@ static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, if (!siglen) return 0; - tmpsiglen = *siglen; /* for platforms where sizeof(int) != + tmpsiglen = *siglen; /* for platforms where sizeof(int) != * sizeof(size_t) */ if (!sig) { @@ -1027,8 +1014,8 @@ static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, return 1; } - EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx)) - (mctx, EVP_MD_CTRL_XOF_LEN, data->mac_size, NULL); + EVP_MD_meth_get_ctrl( + EVP_MD_CTX_md(mctx))(mctx, EVP_MD_CTRL_XOF_LEN, data->mac_size, NULL); ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen); *siglen = data->mac_size; return ret; @@ -1052,89 +1039,84 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags) switch (id) { case NID_id_GostR3410_2001: case NID_id_GostR3410_2001DH: - EVP_PKEY_meth_set_ctrl(*pmeth, - pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256); + EVP_PKEY_meth_set_ctrl( + *pmeth, pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256); EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign); EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify); EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2001cp_keygen); - EVP_PKEY_meth_set_encrypt(*pmeth, - pkey_gost_encrypt_init, - pkey_gost_encrypt); + EVP_PKEY_meth_set_encrypt( + *pmeth, pkey_gost_encrypt_init, pkey_gost_encrypt); EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_gost_decrypt); - EVP_PKEY_meth_set_derive(*pmeth, - pkey_gost_derive_init, pkey_gost_ec_derive); - EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init, - pkey_gost2001_paramgen); - EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check); - EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check); + EVP_PKEY_meth_set_derive( + *pmeth, pkey_gost_derive_init, pkey_gost_ec_derive); + EVP_PKEY_meth_set_paramgen( + *pmeth, pkey_gost_paramgen_init, pkey_gost2001_paramgen); + EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check); + EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check); break; case NID_id_GostR3410_2012_256: - EVP_PKEY_meth_set_ctrl(*pmeth, - pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256); + EVP_PKEY_meth_set_ctrl( + *pmeth, pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256); EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign); EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify); EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2012cp_keygen); - EVP_PKEY_meth_set_encrypt(*pmeth, - pkey_gost_encrypt_init, - pkey_gost_encrypt); + EVP_PKEY_meth_set_encrypt( + *pmeth, pkey_gost_encrypt_init, pkey_gost_encrypt); EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_gost_decrypt); - EVP_PKEY_meth_set_derive(*pmeth, - pkey_gost_derive_init, pkey_gost_ec_derive); - EVP_PKEY_meth_set_paramgen(*pmeth, - pkey_gost_paramgen_init, - pkey_gost2012_paramgen); - EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check); - EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check); + EVP_PKEY_meth_set_derive( + *pmeth, pkey_gost_derive_init, pkey_gost_ec_derive); + EVP_PKEY_meth_set_paramgen( + *pmeth, pkey_gost_paramgen_init, pkey_gost2012_paramgen); + EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check); + EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check); break; case NID_id_GostR3410_2012_512: - EVP_PKEY_meth_set_ctrl(*pmeth, - pkey_gost_ctrl, pkey_gost_ec_ctrl_str_512); + EVP_PKEY_meth_set_ctrl( + *pmeth, pkey_gost_ctrl, pkey_gost_ec_ctrl_str_512); EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign); EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify); EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2012cp_keygen); - EVP_PKEY_meth_set_encrypt(*pmeth, - pkey_gost_encrypt_init, - pkey_gost_encrypt); + EVP_PKEY_meth_set_encrypt( + *pmeth, pkey_gost_encrypt_init, pkey_gost_encrypt); EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_gost_decrypt); - EVP_PKEY_meth_set_derive(*pmeth, - pkey_gost_derive_init, pkey_gost_ec_derive); - EVP_PKEY_meth_set_paramgen(*pmeth, - pkey_gost_paramgen_init, - pkey_gost2012_paramgen); - EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check); - EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check); + EVP_PKEY_meth_set_derive( + *pmeth, pkey_gost_derive_init, pkey_gost_ec_derive); + EVP_PKEY_meth_set_paramgen( + *pmeth, pkey_gost_paramgen_init, pkey_gost2012_paramgen); + EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check); + EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check); break; case NID_id_Gost28147_89_MAC: - EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl, - pkey_gost_mac_ctrl_str); - EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init, - pkey_gost_mac_signctx); + EVP_PKEY_meth_set_ctrl( + *pmeth, pkey_gost_mac_ctrl, pkey_gost_mac_ctrl_str); + EVP_PKEY_meth_set_signctx( + *pmeth, pkey_gost_mac_signctx_init, pkey_gost_mac_signctx); EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_mac_keygen); EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init); EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup); EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy); return 1; case NID_gost_mac_12: - EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl, - pkey_gost_mac_ctrl_str); - EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init, - pkey_gost_mac_signctx); + EVP_PKEY_meth_set_ctrl( + *pmeth, pkey_gost_mac_ctrl, pkey_gost_mac_ctrl_str); + EVP_PKEY_meth_set_signctx( + *pmeth, pkey_gost_mac_signctx_init, pkey_gost_mac_signctx); EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_mac_keygen_12); EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init); EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup); EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy); return 1; case NID_magma_mac: - EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_magma_mac_ctrl, - pkey_gost_magma_mac_ctrl_str); - EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_magma_mac_signctx_init, - pkey_gost_mac_signctx); + EVP_PKEY_meth_set_ctrl( + *pmeth, pkey_gost_magma_mac_ctrl, pkey_gost_magma_mac_ctrl_str); + EVP_PKEY_meth_set_signctx( + *pmeth, pkey_gost_magma_mac_signctx_init, pkey_gost_mac_signctx); EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_magma_mac_keygen); EVP_PKEY_meth_set_init(*pmeth, pkey_gost_magma_mac_init); EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup); @@ -1144,14 +1126,16 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags) case NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac: /* FIXME beldmit */ EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_grasshopper_mac_ctrl, pkey_gost_grasshopper_mac_ctrl_str); - EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_grasshopper_mac_signctx_init, - pkey_gost_mac_signctx); - EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_grasshopper_mac_keygen); + EVP_PKEY_meth_set_signctx( + *pmeth, pkey_gost_grasshopper_mac_signctx_init, + pkey_gost_mac_signctx); + EVP_PKEY_meth_set_keygen( + *pmeth, NULL, pkey_gost_grasshopper_mac_keygen); EVP_PKEY_meth_set_init(*pmeth, pkey_gost_grasshopper_mac_init); EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup); EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy); return 1; - default: /* Unsupported method */ + default: /* Unsupported method */ return 0; } EVP_PKEY_meth_set_init(*pmeth, pkey_gost_init); diff --git a/gost_prov.c b/gost_prov.c index eab5918ac..6d76571fa 100644 --- a/gost_prov.c +++ b/gost_prov.c @@ -7,11 +7,13 @@ * Requires OpenSSL 3.0 for compilation * **********************************************************************/ -#include -#include #include "gost_prov.h" + #include "gost_lcl.h" -#include "prov/err.h" /* libprov err functions */ +#include "prov/err.h" /* libprov err functions */ + +#include +#include /********************************************************************* * @@ -29,6 +31,7 @@ static struct proverr_functions_st *err_handle; #define GOST_PROV #include "e_gost_err.c" + void ERR_GOST_error(int function, int reason, char *file, int line) { proverr_new_error(err_handle); @@ -53,16 +56,16 @@ static void provider_ctx_free(PROV_CTX *ctx) } extern int populate_gost_engine(ENGINE *e); -static PROV_CTX *provider_ctx_new(const OSSL_CORE_HANDLE *core, - const OSSL_DISPATCH *in) + +static PROV_CTX * +provider_ctx_new(const OSSL_CORE_HANDLE *core, const OSSL_DISPATCH *in) { PROV_CTX *ctx; if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) != NULL && (ctx->proverr_handle = proverr_new_handle(core, in)) != NULL && (ctx->libctx = OSSL_LIB_CTX_new()) != NULL - && (ctx->e = ENGINE_new()) != NULL - && populate_gost_engine(ctx->e)) { + && (ctx->e = ENGINE_new()) != NULL && populate_gost_engine(ctx->e)) { ctx->core_handle = core; /* Ugly hack */ @@ -83,9 +86,8 @@ static PROV_CTX *provider_ctx_new(const OSSL_CORE_HANDLE *core, typedef void (*fptr_t)(void); /* The function that returns the appropriate algorithm table per operation */ -static const OSSL_ALGORITHM *gost_operation(void *vprovctx, - int operation_id, - const int *no_cache) +static const OSSL_ALGORITHM * +gost_operation(void *vprovctx, int operation_id, const int *no_cache) { switch (operation_id) { case OSSL_OP_CIPHER: @@ -131,12 +133,11 @@ static void gost_teardown(void *vprovctx) /* The base dispatch table */ static const OSSL_DISPATCH provider_functions[] = { - { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (fptr_t)gost_operation }, - { OSSL_FUNC_PROVIDER_GET_REASON_STRINGS, (fptr_t)gost_get_reason_strings }, - { OSSL_FUNC_PROVIDER_GET_PARAMS, (fptr_t)gost_get_params }, - { OSSL_FUNC_PROVIDER_TEARDOWN, (fptr_t)gost_teardown }, - { 0, NULL } -}; + {OSSL_FUNC_PROVIDER_QUERY_OPERATION, (fptr_t)gost_operation}, + {OSSL_FUNC_PROVIDER_GET_REASON_STRINGS, (fptr_t)gost_get_reason_strings}, + {OSSL_FUNC_PROVIDER_GET_PARAMS, (fptr_t)gost_get_params}, + {OSSL_FUNC_PROVIDER_TEARDOWN, (fptr_t)gost_teardown}, + {0, NULL}}; struct prov_ctx_st { void *core_handle; @@ -154,10 +155,8 @@ struct prov_ctx_st { #endif OPENSSL_EXPORT -int OSSL_provider_init(const OSSL_CORE_HANDLE *core, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, - void **vprovctx) +int OSSL_provider_init(const OSSL_CORE_HANDLE *core, const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, void **vprovctx) { if ((*vprovctx = provider_ctx_new(core, in)) == NULL) return 0; diff --git a/gost_prov_cipher.c b/gost_prov_cipher.c index ce9665ea4..d58cb20f3 100644 --- a/gost_prov_cipher.c +++ b/gost_prov_cipher.c @@ -8,11 +8,12 @@ * Requires OpenSSL 3.0 for compilation * **********************************************************************/ +#include "gost_lcl.h" +#include "gost_prov.h" + #include #include #include -#include "gost_prov.h" -#include "gost_lcl.h" /* * Forward declarations of all generic OSSL_DISPATCH functions, to make sure @@ -65,7 +66,7 @@ static void cipher_freectx(void *vgctx) } static GOST_CTX *cipher_newctx(void *provctx, GOST_cipher *descriptor, - const OSSL_PARAM *known_params) + const OSSL_PARAM *known_params) { GOST_CTX *gctx = NULL; @@ -125,9 +126,9 @@ static int cipher_get_ctx_params(void *vgctx, OSSL_PARAM params[]) int ret; ret = (algidparam = ASN1_TYPE_new()) != NULL - && EVP_CIPHER_param_to_asn1(gctx->cctx, algidparam) > 0 - && (derlen = i2d_ASN1_TYPE(algidparam, &der)) >= 0 - && OSSL_PARAM_set_octet_string(p, &der, (size_t)derlen); + && EVP_CIPHER_param_to_asn1(gctx->cctx, algidparam) > 0 + && (derlen = i2d_ASN1_TYPE(algidparam, &der)) >= 0 + && OSSL_PARAM_set_octet_string(p, &der, (size_t)derlen); OPENSSL_free(der); ASN1_TYPE_free(algidparam); @@ -145,9 +146,10 @@ static int cipher_get_ctx_params(void *vgctx, OSSL_PARAM params[]) void *tag = NULL; size_t taglen = 0; - if (!OSSL_PARAM_get_octet_string_ptr(p, (const void**)&tag, &taglen) - || EVP_CIPHER_CTX_ctrl(gctx->cctx, EVP_CTRL_AEAD_GET_TAG, - taglen, tag) <= 0) + if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&tag, &taglen) + || EVP_CIPHER_CTX_ctrl( + gctx->cctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag) + <= 0) return 0; } return 1; @@ -165,8 +167,8 @@ static int cipher_set_ctx_params(void *vgctx, const OSSL_PARAM params[]) int ret; ret = OSSL_PARAM_get_octet_string_ptr(p, (const void **)&der, &derlen) - && (algidparam = d2i_ASN1_TYPE(NULL, &der, (long)derlen)) != NULL - && EVP_CIPHER_asn1_to_param(gctx->cctx, algidparam) > 0; + && (algidparam = d2i_ASN1_TYPE(NULL, &der, (long)derlen)) != NULL + && EVP_CIPHER_asn1_to_param(gctx->cctx, algidparam) > 0; ASN1_TYPE_free(algidparam); return ret; @@ -182,35 +184,38 @@ static int cipher_set_ctx_params(void *vgctx, const OSSL_PARAM params[]) size_t key_mesh = 0; if (!OSSL_PARAM_get_size_t(p, &key_mesh) - || EVP_CIPHER_CTX_ctrl(gctx->cctx, EVP_CTRL_KEY_MESH, - key_mesh, NULL) <= 0) + || EVP_CIPHER_CTX_ctrl(gctx->cctx, EVP_CTRL_KEY_MESH, key_mesh, NULL) + <= 0) return 0; } - if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN)) != NULL) { + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN)) + != NULL) { size_t ivlen = 0; if (!OSSL_PARAM_get_size_t(p, &ivlen) - || EVP_CIPHER_CTX_ctrl(gctx->cctx, EVP_CTRL_AEAD_SET_IVLEN, - ivlen, NULL) <= 0) + || EVP_CIPHER_CTX_ctrl( + gctx->cctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) + <= 0) return 0; } - if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG)) != NULL) { + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG)) + != NULL) { char tag[1024]; - void *val = (void *) tag; + void *val = (void *)tag; size_t taglen = 0; if (!OSSL_PARAM_get_octet_string(p, &val, 1024, &taglen) - || EVP_CIPHER_CTX_ctrl(gctx->cctx, EVP_CTRL_AEAD_SET_TAG, - taglen, &tag) <= 0) + || EVP_CIPHER_CTX_ctrl( + gctx->cctx, EVP_CTRL_AEAD_SET_TAG, taglen, &tag) + <= 0) return 0; } return 1; } -static int cipher_encrypt_init(void *vgctx, - const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) +static int cipher_encrypt_init( + void *vgctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen, const OSSL_PARAM params[]) { GOST_CTX *gctx = vgctx; @@ -219,14 +224,13 @@ static int cipher_encrypt_init(void *vgctx, || ivlen > EVP_CIPHER_iv_length(gctx->cipher)) return 0; - return EVP_CipherInit_ex(gctx->cctx, gctx->cipher, gctx->provctx->e, - key, iv, 1); + return EVP_CipherInit_ex( + gctx->cctx, gctx->cipher, gctx->provctx->e, key, iv, 1); } -static int cipher_decrypt_init(void *vgctx, - const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) +static int cipher_decrypt_init( + void *vgctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen, const OSSL_PARAM params[]) { GOST_CTX *gctx = vgctx; @@ -234,13 +238,13 @@ static int cipher_decrypt_init(void *vgctx, || keylen > EVP_CIPHER_key_length(gctx->cipher) || ivlen > EVP_CIPHER_iv_length(gctx->cipher)) return 0; - return EVP_CipherInit_ex(gctx->cctx, gctx->cipher, gctx->provctx->e, - key, iv, 0) > 0; + return EVP_CipherInit_ex( + gctx->cctx, gctx->cipher, gctx->provctx->e, key, iv, 0) + > 0; } -static int cipher_update(void *vgctx, - unsigned char *out, size_t *outl, size_t outsize, - const unsigned char *in, size_t inl) +static int cipher_update(void *vgctx, unsigned char *out, size_t *outl, + size_t outsize, const unsigned char *in, size_t inl) { GOST_CTX *gctx = vgctx; int int_outl = outl != NULL ? *outl : 0; @@ -251,8 +255,8 @@ static int cipher_update(void *vgctx, return res > 0; } -static int cipher_final(void *vgctx, - unsigned char *out, size_t *outl, size_t outsize) +static int +cipher_final(void *vgctx, unsigned char *out, size_t *outl, size_t outsize) { GOST_CTX *gctx = vgctx; int int_outl = outl != NULL ? *outl : 0; @@ -286,30 +290,30 @@ static const OSSL_PARAM *known_grasshopper_mgm_cipher_params; * actual implementation. */ typedef void (*fptr_t)(void); -#define MAKE_FUNCTIONS(name) \ - static OSSL_FUNC_cipher_get_params_fn name##_get_params; \ - static int name##_get_params(OSSL_PARAM *params) \ - { \ - return cipher_get_params(GOST_init_cipher(&name), params); \ - } \ - static OSSL_FUNC_cipher_newctx_fn name##_newctx; \ - static void *name##_newctx(void *provctx) \ - { \ - return cipher_newctx(provctx, &name, known_##name##_params); \ - } \ - static const OSSL_DISPATCH name##_functions[] = { \ - { OSSL_FUNC_CIPHER_GET_PARAMS, (fptr_t)name##_get_params }, \ - { OSSL_FUNC_CIPHER_NEWCTX, (fptr_t)name##_newctx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (fptr_t)cipher_dupctx }, \ - { OSSL_FUNC_CIPHER_FREECTX, (fptr_t)cipher_freectx }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (fptr_t)cipher_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, (fptr_t)cipher_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (fptr_t)cipher_encrypt_init }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (fptr_t)cipher_decrypt_init }, \ - { OSSL_FUNC_CIPHER_UPDATE, (fptr_t)cipher_update }, \ - { OSSL_FUNC_CIPHER_FINAL, (fptr_t)cipher_final }, \ - { 0, NULL }, \ - } +#define MAKE_FUNCTIONS(name) \ + static OSSL_FUNC_cipher_get_params_fn name##_get_params; \ + static int name##_get_params(OSSL_PARAM *params) \ + { \ + return cipher_get_params(GOST_init_cipher(&name), params); \ + } \ + static OSSL_FUNC_cipher_newctx_fn name##_newctx; \ + static void *name##_newctx(void *provctx) \ + { \ + return cipher_newctx(provctx, &name, known_##name##_params); \ + } \ + static const OSSL_DISPATCH name##_functions[] = { \ + {OSSL_FUNC_CIPHER_GET_PARAMS, (fptr_t)name##_get_params}, \ + {OSSL_FUNC_CIPHER_NEWCTX, (fptr_t)name##_newctx}, \ + {OSSL_FUNC_CIPHER_DUPCTX, (fptr_t)cipher_dupctx}, \ + {OSSL_FUNC_CIPHER_FREECTX, (fptr_t)cipher_freectx}, \ + {OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (fptr_t)cipher_get_ctx_params}, \ + {OSSL_FUNC_CIPHER_SET_CTX_PARAMS, (fptr_t)cipher_set_ctx_params}, \ + {OSSL_FUNC_CIPHER_ENCRYPT_INIT, (fptr_t)cipher_encrypt_init}, \ + {OSSL_FUNC_CIPHER_DECRYPT_INIT, (fptr_t)cipher_decrypt_init}, \ + {OSSL_FUNC_CIPHER_UPDATE, (fptr_t)cipher_update}, \ + {OSSL_FUNC_CIPHER_FINAL, (fptr_t)cipher_final}, \ + {0, NULL}, \ + } MAKE_FUNCTIONS(Gost28147_89_cipher); MAKE_FUNCTIONS(Gost28147_89_cnt_cipher); @@ -331,38 +335,38 @@ MAKE_FUNCTIONS(grasshopper_mgm_cipher); /* The OSSL_ALGORITHM for the provider's operation query function */ const OSSL_ALGORITHM GOST_prov_ciphers[] = { - { SN_id_Gost28147_89 ":gost89:GOST 28147-89:1.2.643.2.2.21", NULL, - Gost28147_89_cipher_functions }, - { SN_gost89_cnt, NULL, Gost28147_89_cnt_cipher_functions }, - { SN_gost89_cnt_12, NULL, Gost28147_89_cnt_12_cipher_functions }, - { SN_gost89_cbc, NULL, Gost28147_89_cbc_cipher_functions }, - { SN_grasshopper_ecb, NULL, grasshopper_ecb_cipher_functions }, - { SN_grasshopper_cbc, NULL, grasshopper_cbc_cipher_functions }, - { SN_grasshopper_cfb, NULL, grasshopper_cfb_cipher_functions }, - { SN_grasshopper_ofb, NULL, grasshopper_ofb_cipher_functions }, - { SN_grasshopper_ctr, NULL, grasshopper_ctr_cipher_functions }, - { SN_magma_cbc, NULL, magma_cbc_cipher_functions }, - { SN_magma_ctr, NULL, magma_ctr_cipher_functions }, - { SN_magma_ctr_acpkm ":1.2.643.7.1.1.5.1.1", NULL, - magma_ctr_acpkm_cipher_functions }, - { SN_magma_ctr_acpkm_omac ":1.2.643.7.1.1.5.1.2", NULL, - magma_ctr_acpkm_omac_cipher_functions }, - { "magma-mgm", NULL, magma_mgm_cipher_functions }, - { SN_kuznyechik_ctr_acpkm ":1.2.643.7.1.1.5.2.1", NULL, - grasshopper_ctr_acpkm_cipher_functions }, - { SN_kuznyechik_ctr_acpkm_omac ":1.2.643.7.1.1.5.2.2", NULL, - grasshopper_ctr_acpkm_omac_cipher_functions }, - { "kuznyechik-mgm", NULL, grasshopper_mgm_cipher_functions }, -#if 0 /* Not yet implemented */ + {SN_id_Gost28147_89 ":gost89:GOST 28147-89:1.2.643.2.2.21", NULL, + Gost28147_89_cipher_functions}, + {SN_gost89_cnt, NULL, Gost28147_89_cnt_cipher_functions}, + {SN_gost89_cnt_12, NULL, Gost28147_89_cnt_12_cipher_functions}, + {SN_gost89_cbc, NULL, Gost28147_89_cbc_cipher_functions}, + {SN_grasshopper_ecb, NULL, grasshopper_ecb_cipher_functions}, + {SN_grasshopper_cbc, NULL, grasshopper_cbc_cipher_functions}, + {SN_grasshopper_cfb, NULL, grasshopper_cfb_cipher_functions}, + {SN_grasshopper_ofb, NULL, grasshopper_ofb_cipher_functions}, + {SN_grasshopper_ctr, NULL, grasshopper_ctr_cipher_functions}, + {SN_magma_cbc, NULL, magma_cbc_cipher_functions}, + {SN_magma_ctr, NULL, magma_ctr_cipher_functions}, + {SN_magma_ctr_acpkm ":1.2.643.7.1.1.5.1.1", NULL, + magma_ctr_acpkm_cipher_functions}, + {SN_magma_ctr_acpkm_omac ":1.2.643.7.1.1.5.1.2", NULL, + magma_ctr_acpkm_omac_cipher_functions}, + {"magma-mgm", NULL, magma_mgm_cipher_functions}, + {SN_kuznyechik_ctr_acpkm ":1.2.643.7.1.1.5.2.1", NULL, + grasshopper_ctr_acpkm_cipher_functions}, + {SN_kuznyechik_ctr_acpkm_omac ":1.2.643.7.1.1.5.2.2", NULL, + grasshopper_ctr_acpkm_omac_cipher_functions}, + {"kuznyechik-mgm", NULL, grasshopper_mgm_cipher_functions}, +#if 0 /* Not yet implemented */ { SN_magma_kexp15 ":1.2.643.7.1.1.7.1.1", NULL, magma_kexp15_cipher_functions }, { SN_kuznyechik_kexp15 ":1.2.643.7.1.1.7.2.1", NULL, kuznyechik_kexp15_cipher_functions }, #endif - { NULL , NULL, NULL } -}; + {NULL, NULL, NULL}}; -void GOST_prov_deinit_ciphers(void) { +void GOST_prov_deinit_ciphers(void) +{ static GOST_cipher *list[] = { &Gost28147_89_cipher, &Gost28147_89_cnt_cipher, diff --git a/gost_prov_digest.c b/gost_prov_digest.c index 79eb5a30a..1f83cd1e2 100644 --- a/gost_prov_digest.c +++ b/gost_prov_digest.c @@ -8,10 +8,11 @@ * Requires OpenSSL 3.0 for compilation * **********************************************************************/ +#include "gost_lcl.h" +#include "gost_prov.h" + #include #include -#include "gost_prov.h" -#include "gost_lcl.h" /* * Forward declarations of all OSSL_DISPATCH functions, to make sure they @@ -23,7 +24,6 @@ static OSSL_FUNC_digest_init_fn digest_init; static OSSL_FUNC_digest_update_fn digest_update; static OSSL_FUNC_digest_final_fn digest_final; - struct gost_prov_crypt_ctx_st { /* Provider context */ PROV_CTX *provctx; @@ -119,8 +119,8 @@ static int digest_update(void *vgctx, const unsigned char *in, size_t inl) return EVP_DigestUpdate(gctx->dctx, in, (int)inl) > 0; } -static int digest_final(void *vgctx, - unsigned char *out, size_t *outl, size_t outsize) +static int +digest_final(void *vgctx, unsigned char *out, size_t *outl, size_t outsize) { GOST_CTX *gctx = vgctx; unsigned int int_outl = outl != NULL ? *outl : 0; @@ -141,26 +141,26 @@ static const OSSL_PARAM *known_GostR3411_2012_512_digest_params; * actual implementation. */ typedef void (*fptr_t)(void); -#define MAKE_FUNCTIONS(name) \ - static OSSL_FUNC_digest_get_params_fn name##_get_params; \ - static int name##_get_params(OSSL_PARAM *params) \ - { \ - return digest_get_params(GOST_init_digest(&name), params); \ - } \ - static OSSL_FUNC_digest_newctx_fn name##_newctx; \ - static void *name##_newctx(void *provctx) \ - { \ - return digest_newctx(provctx, &name, known_##name##_params); \ - } \ - static const OSSL_DISPATCH name##_functions[] = { \ - { OSSL_FUNC_DIGEST_GET_PARAMS, (fptr_t)name##_get_params }, \ - { OSSL_FUNC_DIGEST_NEWCTX, (fptr_t)name##_newctx }, \ - { OSSL_FUNC_DIGEST_DUPCTX, (fptr_t)digest_dupctx }, \ - { OSSL_FUNC_DIGEST_FREECTX, (fptr_t)digest_freectx }, \ - { OSSL_FUNC_DIGEST_INIT, (fptr_t)digest_init }, \ - { OSSL_FUNC_DIGEST_UPDATE, (fptr_t)digest_update }, \ - { OSSL_FUNC_DIGEST_FINAL, (fptr_t)digest_final }, \ - } +#define MAKE_FUNCTIONS(name) \ + static OSSL_FUNC_digest_get_params_fn name##_get_params; \ + static int name##_get_params(OSSL_PARAM *params) \ + { \ + return digest_get_params(GOST_init_digest(&name), params); \ + } \ + static OSSL_FUNC_digest_newctx_fn name##_newctx; \ + static void *name##_newctx(void *provctx) \ + { \ + return digest_newctx(provctx, &name, known_##name##_params); \ + } \ + static const OSSL_DISPATCH name##_functions[] = { \ + {OSSL_FUNC_DIGEST_GET_PARAMS, (fptr_t)name##_get_params}, \ + {OSSL_FUNC_DIGEST_NEWCTX, (fptr_t)name##_newctx}, \ + {OSSL_FUNC_DIGEST_DUPCTX, (fptr_t)digest_dupctx}, \ + {OSSL_FUNC_DIGEST_FREECTX, (fptr_t)digest_freectx}, \ + {OSSL_FUNC_DIGEST_INIT, (fptr_t)digest_init}, \ + {OSSL_FUNC_DIGEST_UPDATE, (fptr_t)digest_update}, \ + {OSSL_FUNC_DIGEST_FINAL, (fptr_t)digest_final}, \ + } MAKE_FUNCTIONS(GostR3411_94_digest); MAKE_FUNCTIONS(GostR3411_2012_256_digest); @@ -173,20 +173,20 @@ const OSSL_ALGORITHM GOST_prov_digests[] = { * https://www.ietf.org/archive/id/draft-deremin-rfc4491-bis-06.txt * (is there not an RFC namming these?) */ - { "id-tc26-gost3411-12-256:md_gost12_256:1.2.643.7.1.1.2.2", NULL, - GostR3411_2012_256_digest_functions, - "GOST R 34.11-2012 with 256 bit hash" }, - { "id-tc26-gost3411-12-512:md_gost12_512:1.2.643.7.1.1.2.3", NULL, - GostR3411_2012_512_digest_functions, - "GOST R 34.11-2012 with 512 bit hash" }, + {"id-tc26-gost3411-12-256:md_gost12_256:1.2.643.7.1.1.2.2", NULL, + GostR3411_2012_256_digest_functions, + "GOST R 34.11-2012 with 256 bit hash"}, + {"id-tc26-gost3411-12-512:md_gost12_512:1.2.643.7.1.1.2.3", NULL, + GostR3411_2012_512_digest_functions, + "GOST R 34.11-2012 with 512 bit hash"}, /* Described in RFC 5831, first name from RFC 4357, section 10.4 */ - { "id-GostR3411-94:md_gost94:1.2.643.2.2.9", NULL, - GostR3411_94_digest_functions, "GOST R 34.11-94" }, - { NULL , NULL, NULL } -}; + {"id-GostR3411-94:md_gost94:1.2.643.2.2.9", NULL, + GostR3411_94_digest_functions, "GOST R 34.11-94"}, + {NULL, NULL, NULL}}; -void GOST_prov_deinit_digests(void) { +void GOST_prov_deinit_digests(void) +{ static GOST_digest *list[] = { &GostR3411_94_digest, &GostR3411_2012_256_digest, diff --git a/gost_prov_mac.c b/gost_prov_mac.c index ab04a9c24..de48cc2af 100644 --- a/gost_prov_mac.c +++ b/gost_prov_mac.c @@ -8,10 +8,11 @@ * Requires OpenSSL 3.0 for compilation * **********************************************************************/ +#include "gost_lcl.h" +#include "gost_prov.h" + #include #include -#include "gost_prov.h" -#include "gost_lcl.h" /* * Forward declarations of all generic OSSL_DISPATCH functions, to make sure @@ -86,10 +87,9 @@ static GOST_CTX *mac_newctx(void *provctx, const GOST_DESC *descriptor) gctx->digest = GOST_init_digest(descriptor->digest_desc); gctx->dctx = EVP_MD_CTX_new(); - if (gctx->digest == NULL - || gctx->dctx == NULL - || EVP_DigestInit_ex(gctx->dctx, gctx->digest, - gctx->provctx->e) <= 0) { + if (gctx->digest == NULL || gctx->dctx == NULL + || EVP_DigestInit_ex(gctx->dctx, gctx->digest, gctx->provctx->e) + <= 0) { mac_freectx(gctx); gctx = NULL; } @@ -100,23 +100,23 @@ static GOST_CTX *mac_newctx(void *provctx, const GOST_DESC *descriptor) static void *mac_dupctx(void *vsrc) { GOST_CTX *src = vsrc; - GOST_CTX *dst = - mac_newctx(src->provctx, src->descriptor); + GOST_CTX *dst = mac_newctx(src->provctx, src->descriptor); if (dst != NULL) EVP_MD_CTX_copy(dst->dctx, src->dctx); return dst; } -static int mac_init(void *mctx, const unsigned char *key, - size_t keylen, const OSSL_PARAM params[]) +static int mac_init(void *mctx, const unsigned char *key, size_t keylen, + const OSSL_PARAM params[]) { GOST_CTX *gctx = mctx; return mac_set_ctx_params(gctx, params) - && (key == NULL - || EVP_MD_CTX_ctrl(gctx->dctx, EVP_MD_CTRL_SET_KEY, - (int)keylen, (void *)key) > 0); + && (key == NULL + || EVP_MD_CTX_ctrl( + gctx->dctx, EVP_MD_CTRL_SET_KEY, (int)keylen, (void *)key) + > 0); } static int mac_update(void *mctx, const unsigned char *in, size_t inl) @@ -126,8 +126,8 @@ static int mac_update(void *mctx, const unsigned char *in, size_t inl) return EVP_DigestUpdate(gctx->dctx, in, inl) > 0; } -static int mac_final(void *mctx, unsigned char *out, size_t *outl, - size_t outsize) +static int +mac_final(void *mctx, unsigned char *out, size_t *outl, size_t outsize) { GOST_CTX *gctx = mctx; unsigned int tmpoutl; @@ -152,14 +152,12 @@ static int mac_final(void *mctx, unsigned char *out, size_t *outl, return ret; } -static const OSSL_PARAM *mac_gettable_params(void *provctx, - const GOST_DESC * descriptor) +static const OSSL_PARAM * +mac_gettable_params(void *provctx, const GOST_DESC *descriptor) { static const OSSL_PARAM params[] = { - OSSL_PARAM_size_t("size", NULL), - OSSL_PARAM_size_t("keylen", NULL), - OSSL_PARAM_END - }; + OSSL_PARAM_size_t("size", NULL), OSSL_PARAM_size_t("keylen", NULL), + OSSL_PARAM_END}; return params; } @@ -167,10 +165,8 @@ static const OSSL_PARAM *mac_gettable_params(void *provctx, static const OSSL_PARAM *mac_gettable_ctx_params(void *mctx, void *provctx) { static const OSSL_PARAM params[] = { - OSSL_PARAM_size_t("size", NULL), - OSSL_PARAM_size_t("keylen", NULL), - OSSL_PARAM_END - }; + OSSL_PARAM_size_t("size", NULL), OSSL_PARAM_size_t("keylen", NULL), + OSSL_PARAM_END}; return params; } @@ -179,14 +175,12 @@ static const OSSL_PARAM *mac_settable_ctx_params(void *mctx, void *provctx) { static const OSSL_PARAM params[] = { OSSL_PARAM_size_t("size", NULL), - OSSL_PARAM_octet_string("key", NULL, 0), - OSSL_PARAM_END - }; + OSSL_PARAM_octet_string("key", NULL, 0), OSSL_PARAM_END}; return params; } -static int mac_get_params(const GOST_DESC * descriptor, OSSL_PARAM params[]) +static int mac_get_params(const GOST_DESC *descriptor, OSSL_PARAM params[]) { OSSL_PARAM *p = NULL; @@ -239,8 +233,8 @@ static int mac_set_ctx_params(void *mctx, const OSSL_PARAM params[]) if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&key, &keylen)) return 0; - ret = EVP_MD_CTX_ctrl(gctx->dctx, EVP_MD_CTRL_SET_KEY, - (int)keylen, (void *)key); + ret = EVP_MD_CTX_ctrl( + gctx->dctx, EVP_MD_CTRL_SET_KEY, (int)keylen, (void *)key); if (ret <= 0 && ret != -2) return 0; } @@ -266,8 +260,9 @@ static int mac_set_ctx_params(void *mctx, const OSSL_PARAM params[]) } } - if (EVP_MD_CTX_ctrl(gctx->dctx, EVP_CTRL_KEY_MESH, - key_mesh, p_cipher_key_mesh) <= 0) + if (EVP_MD_CTX_ctrl( + gctx->dctx, EVP_CTRL_KEY_MESH, key_mesh, p_cipher_key_mesh) + <= 0) return 0; } return 1; @@ -278,49 +273,46 @@ static int mac_set_ctx_params(void *mctx, const OSSL_PARAM params[]) * implementation where necessary. Not needed for magma and grasshopper, as * they already have fitting names. */ -#define id_Gost28147_89_MAC_digest Gost28147_89_MAC_digest -#define gost_mac_12_digest Gost28147_89_mac_12_digest +#define id_Gost28147_89_MAC_digest Gost28147_89_MAC_digest +#define gost_mac_12_digest Gost28147_89_mac_12_digest #define id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac_digest \ - kuznyechik_ctracpkm_omac_digest + kuznyechik_ctracpkm_omac_digest typedef void (*fptr_t)(void); -#define MAKE_FUNCTIONS(name, macsize) \ - const GOST_DESC name##_desc = { \ - &name##_digest, \ - macsize, \ - }; \ - static OSSL_FUNC_mac_newctx_fn name##_newctx; \ - static void *name##_newctx(void *provctx) \ - { \ - return mac_newctx(provctx, &name##_desc); \ - } \ - static OSSL_FUNC_mac_gettable_params_fn name##_gettable_params; \ - static const OSSL_PARAM *name##_gettable_params(void *provctx) \ - { \ - return mac_gettable_params(provctx, &name##_desc); \ - } \ - static OSSL_FUNC_mac_get_params_fn name##_get_params; \ - static int name##_get_params(OSSL_PARAM *params) \ - { \ - return mac_get_params(&name##_desc, params); \ - } \ - static const OSSL_DISPATCH name##_functions[] = { \ - { OSSL_FUNC_MAC_GETTABLE_PARAMS, \ - (fptr_t)name##_gettable_params }, \ - { OSSL_FUNC_MAC_GET_PARAMS, (fptr_t)name##_get_params }, \ - { OSSL_FUNC_MAC_NEWCTX, (fptr_t)name##_newctx }, \ - { OSSL_FUNC_MAC_DUPCTX, (fptr_t)mac_dupctx }, \ - { OSSL_FUNC_MAC_FREECTX, (fptr_t)mac_freectx }, \ - { OSSL_FUNC_MAC_INIT, (fptr_t)mac_init }, \ - { OSSL_FUNC_MAC_UPDATE, (fptr_t)mac_update }, \ - { OSSL_FUNC_MAC_FINAL, (fptr_t)mac_final }, \ - { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, \ - (fptr_t)mac_gettable_ctx_params }, \ - { OSSL_FUNC_MAC_GET_CTX_PARAMS, (fptr_t)mac_get_ctx_params }, \ - { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, \ - (fptr_t)mac_settable_ctx_params }, \ - { OSSL_FUNC_MAC_SET_CTX_PARAMS, (fptr_t)mac_set_ctx_params }, \ - } +#define MAKE_FUNCTIONS(name, macsize) \ + const GOST_DESC name##_desc = { \ + &name##_digest, \ + macsize, \ + }; \ + static OSSL_FUNC_mac_newctx_fn name##_newctx; \ + static void *name##_newctx(void *provctx) \ + { \ + return mac_newctx(provctx, &name##_desc); \ + } \ + static OSSL_FUNC_mac_gettable_params_fn name##_gettable_params; \ + static const OSSL_PARAM *name##_gettable_params(void *provctx) \ + { \ + return mac_gettable_params(provctx, &name##_desc); \ + } \ + static OSSL_FUNC_mac_get_params_fn name##_get_params; \ + static int name##_get_params(OSSL_PARAM *params) \ + { \ + return mac_get_params(&name##_desc, params); \ + } \ + static const OSSL_DISPATCH name##_functions[] = { \ + {OSSL_FUNC_MAC_GETTABLE_PARAMS, (fptr_t)name##_gettable_params}, \ + {OSSL_FUNC_MAC_GET_PARAMS, (fptr_t)name##_get_params}, \ + {OSSL_FUNC_MAC_NEWCTX, (fptr_t)name##_newctx}, \ + {OSSL_FUNC_MAC_DUPCTX, (fptr_t)mac_dupctx}, \ + {OSSL_FUNC_MAC_FREECTX, (fptr_t)mac_freectx}, \ + {OSSL_FUNC_MAC_INIT, (fptr_t)mac_init}, \ + {OSSL_FUNC_MAC_UPDATE, (fptr_t)mac_update}, \ + {OSSL_FUNC_MAC_FINAL, (fptr_t)mac_final}, \ + {OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, (fptr_t)mac_gettable_ctx_params}, \ + {OSSL_FUNC_MAC_GET_CTX_PARAMS, (fptr_t)mac_get_ctx_params}, \ + {OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, (fptr_t)mac_settable_ctx_params}, \ + {OSSL_FUNC_MAC_SET_CTX_PARAMS, (fptr_t)mac_set_ctx_params}, \ + } /* * The name used here is the same as the NID name. Some of the names are @@ -334,25 +326,22 @@ MAKE_FUNCTIONS(id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, 16); /* The OSSL_ALGORITHM for the provider's operation query function */ const OSSL_ALGORITHM GOST_prov_macs[] = { - { SN_id_Gost28147_89_MAC ":1.2.643.2.2.22", NULL, - id_Gost28147_89_MAC_functions, "GOST 28147-89 MAC" }, - { SN_gost_mac_12, NULL, gost_mac_12_functions }, - { SN_magma_mac, NULL, magma_mac_functions }, - { SN_grasshopper_mac, NULL, grasshopper_mac_functions }, - { SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac - ":1.2.643.7.1.1.5.2.2", NULL, - id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac_functions }, - { NULL , NULL, NULL } -}; - -void GOST_prov_deinit_mac_digests(void) { + {SN_id_Gost28147_89_MAC ":1.2.643.2.2.22", NULL, + id_Gost28147_89_MAC_functions, "GOST 28147-89 MAC"}, + {SN_gost_mac_12, NULL, gost_mac_12_functions}, + {SN_magma_mac, NULL, magma_mac_functions}, + {SN_grasshopper_mac, NULL, grasshopper_mac_functions}, + {SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac + ":1.2.643.7.1.1.5.2.2", + NULL, id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac_functions}, + {NULL, NULL, NULL}}; + +void GOST_prov_deinit_mac_digests(void) +{ static GOST_digest *list[] = { - &Gost28147_89_MAC_digest, - &Gost28147_89_mac_12_digest, - &magma_mac_digest, - &grasshopper_mac_digest, - &kuznyechik_ctracpkm_omac_digest - }; + &Gost28147_89_MAC_digest, &Gost28147_89_mac_12_digest, + &magma_mac_digest, &grasshopper_mac_digest, + &kuznyechik_ctracpkm_omac_digest}; size_t i; #define elems(l) (sizeof(l) / sizeof(l[0])) diff --git a/gosthash.c b/gosthash.c index 7fd3cb058..8c0ed416e 100644 --- a/gosthash.c +++ b/gosthash.c @@ -6,10 +6,11 @@ * Implementation of GOST R 34.11-94 hash function * * uses on gost89.c and gost89.h Doesn't need OpenSSL * **********************************************************************/ -#include +#include "gosthash.h" #include "gost89.h" -#include "gosthash.h" + +#include /* * Use OPENSSL_malloc for memory allocation if compiled with @@ -19,27 +20,26 @@ # ifdef OPENSSL_BUILD # include # define MYALLOC(size) OPENSSL_malloc(size) -# define MYFREE(ptr) OPENSSL_free(ptr) +# define MYFREE(ptr) OPENSSL_free(ptr) # else # define MYALLOC(size) malloc(size) -# define MYFREE(ptr) free(ptr) +# define MYFREE(ptr) free(ptr) # endif #endif /* * Following functions are various bit meshing routines used in GOST R * 34.11-94 algorithms */ -static void swap_bytes(byte * w, byte * k) +static void swap_bytes(byte *w, byte *k) { int i, j; for (i = 0; i < 4; i++) for (j = 0; j < 8; j++) k[i + 4 * j] = w[8 * i + j]; - } /* was A_A */ -static void circle_xor8(const byte * w, byte * k) +static void circle_xor8(const byte *w, byte *k) { byte buf[8]; int i; @@ -50,18 +50,19 @@ static void circle_xor8(const byte * w, byte * k) } /* was R_R */ -static void transform_3(byte * data) +static void transform_3(byte *data) { unsigned short int acc; - acc = (data[0] ^ data[2] ^ data[4] ^ data[6] ^ data[24] ^ data[30]) | - ((data[1] ^ data[3] ^ data[5] ^ data[7] ^ data[25] ^ data[31]) << 8); + acc = + (data[0] ^ data[2] ^ data[4] ^ data[6] ^ data[24] ^ data[30]) + | ((data[1] ^ data[3] ^ data[5] ^ data[7] ^ data[25] ^ data[31]) << 8); memmove(data, data + 2, 30); data[30] = acc & 0xff; data[31] = acc >> 8; } /* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/ -static int add_blocks(int n, byte * left, const byte * right) +static int add_blocks(int n, byte *left, const byte *right) { int i; int carry = 0; @@ -74,8 +75,7 @@ static int add_blocks(int n, byte * left, const byte * right) } /* Xor two sequences of bytes */ -static void xor_blocks(byte * result, const byte * a, const byte * b, - size_t len) +static void xor_blocks(byte *result, const byte *a, const byte *b, size_t len) { size_t i; for (i = 0; i < len; i++) @@ -86,7 +86,7 @@ static void xor_blocks(byte * result, const byte * a, const byte * b, * Calculate H(i+1) = Hash(Hi,Mi) * Where H and M are 32 bytes long */ -static int hash_step(gost_ctx * c, byte * H, const byte * M) +static int hash_step(gost_ctx *c, byte *H, const byte *M) { byte U[32], W[32], V[32], S[32], Key[32]; int i; @@ -150,11 +150,10 @@ static int hash_step(gost_ctx * c, byte * H, const byte * M) * Initialize gost_hash ctx - cleans up temporary structures and set up * substitution blocks */ -int init_gost_hash_ctx(gost_hash_ctx * ctx, - const gost_subst_block * subst_block) +int init_gost_hash_ctx(gost_hash_ctx *ctx, const gost_subst_block *subst_block) { memset(ctx, 0, sizeof(*ctx)); - ctx->cipher_ctx = (gost_ctx *) MYALLOC(sizeof(gost_ctx)); + ctx->cipher_ctx = (gost_ctx *)MYALLOC(sizeof(gost_ctx)); if (!ctx->cipher_ctx) { return 0; } @@ -168,7 +167,7 @@ int init_gost_hash_ctx(gost_hash_ctx * ctx, * GOST hash algroritm * */ -void done_gost_hash_ctx(gost_hash_ctx * ctx) +void done_gost_hash_ctx(gost_hash_ctx *ctx) { /* * No need to use gost_destroy, because cipher keys are not really secret @@ -180,7 +179,7 @@ void done_gost_hash_ctx(gost_hash_ctx * ctx) /* * reset state of hash context to begin hashing new message */ -int start_hash(gost_hash_ctx * ctx) +int start_hash(gost_hash_ctx *ctx) { if (!ctx->cipher_ctx) return 0; @@ -196,7 +195,7 @@ int start_hash(gost_hash_ctx * ctx) * * */ -int hash_block(gost_hash_ctx * ctx, const byte * block, size_t length) +int hash_block(gost_hash_ctx *ctx, const byte *block, size_t length) { if (ctx->left) { /* @@ -237,7 +236,7 @@ int hash_block(gost_hash_ctx * ctx, const byte * block, size_t length) * state of hash ctx becomes invalid and cannot be used for further * hashing. */ -int finish_hash(gost_hash_ctx * ctx, byte * hashval) +int finish_hash(gost_hash_ctx *ctx, byte *hashval) { byte buf[32]; byte H[32]; @@ -257,9 +256,9 @@ int finish_hash(gost_hash_ctx * ctx, byte * hashval) if (fin_len == 0) hash_step(ctx->cipher_ctx, H, buf); bptr = buf; - fin_len <<= 3; /* Hash length in BITS!! */ + fin_len <<= 3; /* Hash length in BITS!! */ while (fin_len > 0) { - *(bptr++) = (byte) (fin_len & 0xFF); + *(bptr++) = (byte)(fin_len & 0xFF); fin_len >>= 8; }; hash_step(ctx->cipher_ctx, H, buf); diff --git a/gosthash.h b/gosthash.h index 003e668e0..9d44ec233 100644 --- a/gosthash.h +++ b/gosthash.h @@ -7,17 +7,18 @@ * uses and gost89.h Doesn't need OpenSSL * **********************************************************************/ #ifndef GOSTHASH_H -# define GOSTHASH_H -# include "gost89.h" -# include +#define GOSTHASH_H +#include "gost89.h" -# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +#include + +#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) typedef __int64 ghosthash_len; -# elif defined(__arch64__) +#elif defined(__arch64__) typedef long ghosthash_len; -# else +#else typedef long long ghosthash_len; -# endif +#endif typedef struct gost_hash_ctx { ghosthash_len len; @@ -30,23 +31,22 @@ typedef struct gost_hash_ctx { /* Initalizes gost hash ctx, including creation of gost cipher ctx */ -int init_gost_hash_ctx(gost_hash_ctx * ctx, - const gost_subst_block * subst_block); -void done_gost_hash_ctx(gost_hash_ctx * ctx); +int init_gost_hash_ctx(gost_hash_ctx *ctx, const gost_subst_block *subst_block); +void done_gost_hash_ctx(gost_hash_ctx *ctx); /* * Cleans up all fields, except cipher ctx preparing ctx for computing of new * hash value */ -int start_hash(gost_hash_ctx * ctx); +int start_hash(gost_hash_ctx *ctx); /* Hashes block of data */ -int hash_block(gost_hash_ctx * ctx, const byte * block, size_t length); +int hash_block(gost_hash_ctx *ctx, const byte *block, size_t length); /* * Finalizes computation of hash and fills buffer (which should be at least * 32 bytes long) with value of computed hash. */ -int finish_hash(gost_hash_ctx * ctx, byte * hashval); +int finish_hash(gost_hash_ctx *ctx, byte *hashval); #endif diff --git a/gosthash2012.c b/gosthash2012.c index 91c2c9462..94c04a44b 100644 --- a/gosthash2012.c +++ b/gosthash2012.c @@ -23,20 +23,16 @@ # define INLINE inline #endif -#define BSWAP64(x) \ - (((x & 0xFF00000000000000ULL) >> 56) | \ - ((x & 0x00FF000000000000ULL) >> 40) | \ - ((x & 0x0000FF0000000000ULL) >> 24) | \ - ((x & 0x000000FF00000000ULL) >> 8) | \ - ((x & 0x00000000FF000000ULL) << 8) | \ - ((x & 0x0000000000FF0000ULL) << 24) | \ - ((x & 0x000000000000FF00ULL) << 40) | \ - ((x & 0x00000000000000FFULL) << 56)) +#define BSWAP64(x) \ + (((x & 0xFF00000000000000ULL) >> 56) | ((x & 0x00FF000000000000ULL) >> 40) \ + | ((x & 0x0000FF0000000000ULL) >> 24) | ((x & 0x000000FF00000000ULL) >> 8) \ + | ((x & 0x00000000FF000000ULL) << 8) | ((x & 0x0000000000FF0000ULL) << 24) \ + | ((x & 0x000000000000FF00ULL) << 40) | ((x & 0x00000000000000FFULL) << 56)) /* * Initialize gost2012 hash context structure */ -void init_gost2012_hash_ctx(gost2012_hash_ctx * CTX, +void init_gost2012_hash_ctx(gost2012_hash_ctx *CTX, const unsigned int digest_size) { memset(CTX, 0, sizeof(gost2012_hash_ctx)); @@ -53,15 +49,15 @@ void init_gost2012_hash_ctx(gost2012_hash_ctx * CTX, memset(&CTX->h, 0x01, sizeof(uint512_u)); } -static INLINE void pad(gost2012_hash_ctx * CTX) +static INLINE void pad(gost2012_hash_ctx *CTX) { - memset(&(CTX->buffer.B[CTX->bufsize]), 0, sizeof(CTX->buffer) - CTX->bufsize); + memset(&(CTX->buffer.B[CTX->bufsize]), 0, + sizeof(CTX->buffer) - CTX->bufsize); CTX->buffer.B[CTX->bufsize] = 1; - } -static INLINE void add512(union uint512_u * RESTRICT x, - const union uint512_u * RESTRICT y) +static INLINE void +add512(union uint512_u *RESTRICT x, const union uint512_u *RESTRICT y) { #ifndef __GOST3411_BIG_ENDIAN__ unsigned int CF = 0; @@ -69,7 +65,7 @@ static INLINE void add512(union uint512_u * RESTRICT x, # ifdef HAVE_ADDCARRY_U64 for (i = 0; i < 8; i++) - CF = _addcarry_u64(CF, x->QWORD[i] , y->QWORD[i], &(x->QWORD[i])); + CF = _addcarry_u64(CF, x->QWORD[i], y->QWORD[i], &(x->QWORD[i])); # else for (i = 0; i < 8; i++) { const unsigned long long left = x->QWORD[i]; @@ -93,7 +89,7 @@ static INLINE void add512(union uint512_u * RESTRICT x, x->QWORD[i] = sum; } # endif /* !__x86_64__ */ -#else /* __GOST3411_BIG_ENDIAN__ */ +#else /* __GOST3411_BIG_ENDIAN__ */ const unsigned char *yp; unsigned char *xp; unsigned int i; @@ -107,11 +103,11 @@ static INLINE void add512(union uint512_u * RESTRICT x, buf = xp[i] + yp[i] + (buf >> 8); xp[i] = (unsigned char)buf & 0xFF; } -#endif /* __GOST3411_BIG_ENDIAN__ */ +#endif /* __GOST3411_BIG_ENDIAN__ */ } -static void g(union uint512_u *h, const union uint512_u * RESTRICT N, - const union uint512_u * RESTRICT m) +static void g(union uint512_u *h, const union uint512_u *RESTRICT N, + const union uint512_u *RESTRICT m) { #ifdef __GOST3411_HAS_SSE2__ __m128i xmm0, xmm2, xmm4, xmm6; /* XMMR0-quadruple */ @@ -162,7 +158,7 @@ static void g(union uint512_u *h, const union uint512_u * RESTRICT N, #endif } -static INLINE void stage2(gost2012_hash_ctx * CTX, const union uint512_u *data) +static INLINE void stage2(gost2012_hash_ctx *CTX, const union uint512_u *data) { g(&(CTX->h), &(CTX->N), data); @@ -170,7 +166,7 @@ static INLINE void stage2(gost2012_hash_ctx * CTX, const union uint512_u *data) add512(&(CTX->Sigma), data); } -static INLINE void stage3(gost2012_hash_ctx * CTX) +static INLINE void stage3(gost2012_hash_ctx *CTX) { pad(CTX); g(&(CTX->h), &(CTX->N), &(CTX->buffer)); @@ -192,8 +188,8 @@ static INLINE void stage3(gost2012_hash_ctx * CTX) * Hash block of arbitrary length * */ -void gost2012_hash_block(gost2012_hash_ctx * CTX, - const unsigned char *data, size_t len) +void gost2012_hash_block(gost2012_hash_ctx *CTX, const unsigned char *data, + size_t len) { register size_t bufsize = CTX->bufsize; @@ -218,7 +214,7 @@ void gost2012_hash_block(gost2012_hash_ctx * CTX, data += chunksize; if (bufsize == 64) { - stage2(CTX, &(CTX->buffer) ); + stage2(CTX, &(CTX->buffer)); bufsize = 0; } } @@ -230,7 +226,7 @@ void gost2012_hash_block(gost2012_hash_ctx * CTX, * state of hash ctx becomes invalid and cannot be used for further * hashing. */ -void gost2012_finish_hash(gost2012_hash_ctx * CTX, unsigned char *digest) +void gost2012_finish_hash(gost2012_hash_ctx *CTX, unsigned char *digest) { stage3(CTX); diff --git a/gosthash2012.h b/gosthash2012.h index 99c9e3d69..9e43ab214 100644 --- a/gosthash2012.h +++ b/gosthash2012.h @@ -41,19 +41,20 @@ # include "gosthash2012_ref.h" #endif -# if defined(__GNUC__) || defined(__clang__) -# define RESTRICT __restrict__ -# else -# define RESTRICT -# endif +#if defined(__GNUC__) || defined(__clang__) +# define RESTRICT __restrict__ +#else +# define RESTRICT +#endif #ifdef _MSC_VER # define ALIGN(x) __declspec(align(x)) #else -# define ALIGN(x) __attribute__ ((__aligned__(x))) +# define ALIGN(x) __attribute__((__aligned__(x))) #endif ALIGN(16) + typedef union uint512_u { unsigned long long QWORD[8]; unsigned char B[64]; @@ -72,8 +73,8 @@ typedef struct gost2012_hash_ctx { unsigned int digest_size; } gost2012_hash_ctx; -void init_gost2012_hash_ctx(gost2012_hash_ctx * CTX, +void init_gost2012_hash_ctx(gost2012_hash_ctx *CTX, const unsigned int digest_size); -void gost2012_hash_block(gost2012_hash_ctx * CTX, - const unsigned char *data, size_t len); -void gost2012_finish_hash(gost2012_hash_ctx * CTX, unsigned char *digest); +void gost2012_hash_block(gost2012_hash_ctx *CTX, const unsigned char *data, + size_t len); +void gost2012_finish_hash(gost2012_hash_ctx *CTX, unsigned char *digest); diff --git a/gosthash2012_const.h b/gosthash2012_const.h index af4327107..89d0ac8cd 100644 --- a/gosthash2012_const.h +++ b/gosthash2012_const.h @@ -10,245 +10,96 @@ ALIGN(16) static const union uint512_u buffer0 = { - {0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL} -}; + {0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL}}; #ifndef __GOST3411_BIG_ENDIAN__ ALIGN(16) static const union uint512_u buffer512 = { {0x0000000000000200ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, - 0x0ULL} -}; + 0x0ULL}}; #else ALIGN(16) static const union uint512_u buffer512 = { {0x0002000000000000ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, - 0x0ULL} -}; + 0x0ULL}}; #endif #ifndef __GOST3411_BIG_ENDIAN__ ALIGN(16) static const union uint512_u C[12] = { - {{ - 0xdd806559f2a64507ULL, - 0x05767436cc744d23ULL, - 0xa2422a08a460d315ULL, - 0x4b7ce09192676901ULL, - 0x714eb88d7585c4fcULL, - 0x2f6a76432e45d016ULL, - 0xebcb2f81c0657c1fULL, - 0xb1085bda1ecadae9ULL}}, - {{ - 0xe679047021b19bb7ULL, - 0x55dda21bd7cbcd56ULL, - 0x5cb561c2db0aa7caULL, - 0x9ab5176b12d69958ULL, - 0x61d55e0f16b50131ULL, - 0xf3feea720a232b98ULL, - 0x4fe39d460f70b5d7ULL, - 0x6fa3b58aa99d2f1aULL}}, - {{ - 0x991e96f50aba0ab2ULL, - 0xc2b6f443867adb31ULL, - 0xc1c93a376062db09ULL, - 0xd3e20fe490359eb1ULL, - 0xf2ea7514b1297b7bULL, - 0x06f15e5f529c1f8bULL, - 0x0a39fc286a3d8435ULL, - 0xf574dcac2bce2fc7ULL}}, - {{ - 0x220cbebc84e3d12eULL, - 0x3453eaa193e837f1ULL, - 0xd8b71333935203beULL, - 0xa9d72c82ed03d675ULL, - 0x9d721cad685e353fULL, - 0x488e857e335c3c7dULL, - 0xf948e1a05d71e4ddULL, - 0xef1fdfb3e81566d2ULL}}, - {{ - 0x601758fd7c6cfe57ULL, - 0x7a56a27ea9ea63f5ULL, - 0xdfff00b723271a16ULL, - 0xbfcd1747253af5a3ULL, - 0x359e35d7800fffbdULL, - 0x7f151c1f1686104aULL, - 0x9a3f410c6ca92363ULL, - 0x4bea6bacad474799ULL}}, - {{ - 0xfa68407a46647d6eULL, - 0xbf71c57236904f35ULL, - 0x0af21f66c2bec6b6ULL, - 0xcffaa6b71c9ab7b4ULL, - 0x187f9ab49af08ec6ULL, - 0x2d66c4f95142a46cULL, - 0x6fa4c33b7a3039c0ULL, - 0xae4faeae1d3ad3d9ULL}}, - {{ - 0x8886564d3a14d493ULL, - 0x3517454ca23c4af3ULL, - 0x06476983284a0504ULL, - 0x0992abc52d822c37ULL, - 0xd3473e33197a93c9ULL, - 0x399ec6c7e6bf87c9ULL, - 0x51ac86febf240954ULL, - 0xf4c70e16eeaac5ecULL}}, - {{ - 0xa47f0dd4bf02e71eULL, - 0x36acc2355951a8d9ULL, - 0x69d18d2bd1a5c42fULL, - 0xf4892bcb929b0690ULL, - 0x89b4443b4ddbc49aULL, - 0x4eb7f8719c36de1eULL, - 0x03e7aa020c6e4141ULL, - 0x9b1f5b424d93c9a7ULL}}, - {{ - 0x7261445183235adbULL, - 0x0e38dc92cb1f2a60ULL, - 0x7b2b8a9aa6079c54ULL, - 0x800a440bdbb2ceb1ULL, - 0x3cd955b7e00d0984ULL, - 0x3a7d3a1b25894224ULL, - 0x944c9ad8ec165fdeULL, - 0x378f5a541631229bULL}}, - {{ - 0x74b4c7fb98459cedULL, - 0x3698fad1153bb6c3ULL, - 0x7a1e6c303b7652f4ULL, - 0x9fe76702af69334bULL, - 0x1fffe18a1b336103ULL, - 0x8941e71cff8a78dbULL, - 0x382ae548b2e4f3f3ULL, - 0xabbedea680056f52ULL}}, - {{ - 0x6bcaa4cd81f32d1bULL, - 0xdea2594ac06fd85dULL, - 0xefbacd1d7d476e98ULL, - 0x8a1d71efea48b9caULL, - 0x2001802114846679ULL, - 0xd8fa6bbbebab0761ULL, - 0x3002c6cd635afe94ULL, - 0x7bcd9ed0efc889fbULL}}, - {{ - 0x48bc924af11bd720ULL, - 0xfaf417d5d9b21b99ULL, - 0xe71da4aa88e12852ULL, - 0x5d80ef9d1891cc86ULL, - 0xf82012d430219f9bULL, - 0xcda43c32bcdf1d77ULL, - 0xd21380b00449b17aULL, - 0x378ee767f11631baULL}} -}; + {{0xdd806559f2a64507ULL, 0x05767436cc744d23ULL, 0xa2422a08a460d315ULL, + 0x4b7ce09192676901ULL, 0x714eb88d7585c4fcULL, 0x2f6a76432e45d016ULL, + 0xebcb2f81c0657c1fULL, 0xb1085bda1ecadae9ULL}}, + {{0xe679047021b19bb7ULL, 0x55dda21bd7cbcd56ULL, 0x5cb561c2db0aa7caULL, + 0x9ab5176b12d69958ULL, 0x61d55e0f16b50131ULL, 0xf3feea720a232b98ULL, + 0x4fe39d460f70b5d7ULL, 0x6fa3b58aa99d2f1aULL}}, + {{0x991e96f50aba0ab2ULL, 0xc2b6f443867adb31ULL, 0xc1c93a376062db09ULL, + 0xd3e20fe490359eb1ULL, 0xf2ea7514b1297b7bULL, 0x06f15e5f529c1f8bULL, + 0x0a39fc286a3d8435ULL, 0xf574dcac2bce2fc7ULL}}, + {{0x220cbebc84e3d12eULL, 0x3453eaa193e837f1ULL, 0xd8b71333935203beULL, + 0xa9d72c82ed03d675ULL, 0x9d721cad685e353fULL, 0x488e857e335c3c7dULL, + 0xf948e1a05d71e4ddULL, 0xef1fdfb3e81566d2ULL}}, + {{0x601758fd7c6cfe57ULL, 0x7a56a27ea9ea63f5ULL, 0xdfff00b723271a16ULL, + 0xbfcd1747253af5a3ULL, 0x359e35d7800fffbdULL, 0x7f151c1f1686104aULL, + 0x9a3f410c6ca92363ULL, 0x4bea6bacad474799ULL}}, + {{0xfa68407a46647d6eULL, 0xbf71c57236904f35ULL, 0x0af21f66c2bec6b6ULL, + 0xcffaa6b71c9ab7b4ULL, 0x187f9ab49af08ec6ULL, 0x2d66c4f95142a46cULL, + 0x6fa4c33b7a3039c0ULL, 0xae4faeae1d3ad3d9ULL}}, + {{0x8886564d3a14d493ULL, 0x3517454ca23c4af3ULL, 0x06476983284a0504ULL, + 0x0992abc52d822c37ULL, 0xd3473e33197a93c9ULL, 0x399ec6c7e6bf87c9ULL, + 0x51ac86febf240954ULL, 0xf4c70e16eeaac5ecULL}}, + {{0xa47f0dd4bf02e71eULL, 0x36acc2355951a8d9ULL, 0x69d18d2bd1a5c42fULL, + 0xf4892bcb929b0690ULL, 0x89b4443b4ddbc49aULL, 0x4eb7f8719c36de1eULL, + 0x03e7aa020c6e4141ULL, 0x9b1f5b424d93c9a7ULL}}, + {{0x7261445183235adbULL, 0x0e38dc92cb1f2a60ULL, 0x7b2b8a9aa6079c54ULL, + 0x800a440bdbb2ceb1ULL, 0x3cd955b7e00d0984ULL, 0x3a7d3a1b25894224ULL, + 0x944c9ad8ec165fdeULL, 0x378f5a541631229bULL}}, + {{0x74b4c7fb98459cedULL, 0x3698fad1153bb6c3ULL, 0x7a1e6c303b7652f4ULL, + 0x9fe76702af69334bULL, 0x1fffe18a1b336103ULL, 0x8941e71cff8a78dbULL, + 0x382ae548b2e4f3f3ULL, 0xabbedea680056f52ULL}}, + {{0x6bcaa4cd81f32d1bULL, 0xdea2594ac06fd85dULL, 0xefbacd1d7d476e98ULL, + 0x8a1d71efea48b9caULL, 0x2001802114846679ULL, 0xd8fa6bbbebab0761ULL, + 0x3002c6cd635afe94ULL, 0x7bcd9ed0efc889fbULL}}, + {{0x48bc924af11bd720ULL, 0xfaf417d5d9b21b99ULL, 0xe71da4aa88e12852ULL, + 0x5d80ef9d1891cc86ULL, 0xf82012d430219f9bULL, 0xcda43c32bcdf1d77ULL, + 0xd21380b00449b17aULL, 0x378ee767f11631baULL}}}; #else ALIGN(16) static const union uint512_u C[12] = { - {{ - 0x0745a6f2596580ddULL, - 0x234d74cc36747605ULL, - 0x15d360a4082a42a2ULL, - 0x0169679291e07c4bULL, - 0xfcc485758db84e71ULL, - 0x16d0452e43766a2fULL, - 0x1f7c65c0812fcbebULL, - 0xe9daca1eda5b08b1ULL}}, - {{ - 0xb79bb121700479e6ULL, - 0x56cdcbd71ba2dd55ULL, - 0xcaa70adbc261b55cULL, - 0x5899d6126b17b59aULL, - 0x3101b5160f5ed561ULL, - 0x982b230a72eafef3ULL, - 0xd7b5700f469de34fULL, - 0x1a2f9da98ab5a36fULL}}, - {{ - 0xb20aba0af5961e99ULL, - 0x31db7a8643f4b6c2ULL, - 0x09db6260373ac9c1ULL, - 0xb19e3590e40fe2d3ULL, - 0x7b7b29b11475eaf2ULL, - 0x8b1f9c525f5ef106ULL, - 0x35843d6a28fc390aULL, - 0xc72fce2bacdc74f5ULL}}, - {{ - 0x2ed1e384bcbe0c22ULL, - 0xf137e893a1ea5334ULL, - 0xbe0352933313b7d8ULL, - 0x75d603ed822cd7a9ULL, - 0x3f355e68ad1c729dULL, - 0x7d3c5c337e858e48ULL, - 0xdde4715da0e148f9ULL, - 0xd26615e8b3df1fefULL}}, - {{ - 0x57fe6c7cfd581760ULL, - 0xf563eaa97ea2567aULL, - 0x161a2723b700ffdfULL, - 0xa3f53a254717cdbfULL, - 0xbdff0f80d7359e35ULL, - 0x4a1086161f1c157fULL, - 0x6323a96c0c413f9aULL, - 0x994747adac6bea4bULL}}, - {{ - 0x6e7d64467a4068faULL, - 0x354f903672c571bfULL, - 0xb6c6bec2661ff20aULL, - 0xb4b79a1cb7a6facfULL, - 0xc68ef09ab49a7f18ULL, - 0x6ca44251f9c4662dULL, - 0xc039307a3bc3a46fULL, - 0xd9d33a1daeae4faeULL}}, - {{ - 0x93d4143a4d568688ULL, - 0xf34a3ca24c451735ULL, - 0x04054a2883694706ULL, - 0x372c822dc5ab9209ULL, - 0xc9937a19333e47d3ULL, - 0xc987bfe6c7c69e39ULL, - 0x540924bffe86ac51ULL, - 0xecc5aaee160ec7f4ULL}}, - {{ - 0x1ee702bfd40d7fa4ULL, - 0xd9a8515935c2ac36ULL, - 0x2fc4a5d12b8dd169ULL, - 0x90069b92cb2b89f4ULL, - 0x9ac4db4d3b44b489ULL, - 0x1ede369c71f8b74eULL, - 0x41416e0c02aae703ULL, - 0xa7c9934d425b1f9bULL}}, - {{ - 0xdb5a238351446172ULL, - 0x602a1fcb92dc380eULL, - 0x549c07a69a8a2b7bULL, - 0xb1ceb2db0b440a80ULL, - 0x84090de0b755d93cULL, - 0x244289251b3a7d3aULL, - 0xde5f16ecd89a4c94ULL, - 0x9b223116545a8f37ULL}}, - {{ - 0xed9c4598fbc7b474ULL, - 0xc3b63b15d1fa9836ULL, - 0xf452763b306c1e7aULL, - 0x4b3369af0267e79fULL, - 0x0361331b8ae1ff1fULL, - 0xdb788aff1ce74189ULL, - 0xf3f3e4b248e52a38ULL, - 0x526f0580a6debeabULL}}, - {{ - 0x1b2df381cda4ca6bULL, - 0x5dd86fc04a59a2deULL, - 0x986e477d1dcdbaefULL, - 0xcab948eaef711d8aULL, - 0x7966841421800120ULL, - 0x6107abebbb6bfad8ULL, - 0x94fe5a63cdc60230ULL, - 0xfb89c8efd09ecd7bULL}}, - {{ - 0x20d71bf14a92bc48ULL, - 0x991bb2d9d517f4faULL, - 0x5228e188aaa41de7ULL, - 0x86cc91189def805dULL, - 0x9b9f2130d41220f8ULL, - 0x771ddfbc323ca4cdULL, - 0x7ab14904b08013d2ULL, - 0xba3116f167e78e37ULL}} -}; + {{0x0745a6f2596580ddULL, 0x234d74cc36747605ULL, 0x15d360a4082a42a2ULL, + 0x0169679291e07c4bULL, 0xfcc485758db84e71ULL, 0x16d0452e43766a2fULL, + 0x1f7c65c0812fcbebULL, 0xe9daca1eda5b08b1ULL}}, + {{0xb79bb121700479e6ULL, 0x56cdcbd71ba2dd55ULL, 0xcaa70adbc261b55cULL, + 0x5899d6126b17b59aULL, 0x3101b5160f5ed561ULL, 0x982b230a72eafef3ULL, + 0xd7b5700f469de34fULL, 0x1a2f9da98ab5a36fULL}}, + {{0xb20aba0af5961e99ULL, 0x31db7a8643f4b6c2ULL, 0x09db6260373ac9c1ULL, + 0xb19e3590e40fe2d3ULL, 0x7b7b29b11475eaf2ULL, 0x8b1f9c525f5ef106ULL, + 0x35843d6a28fc390aULL, 0xc72fce2bacdc74f5ULL}}, + {{0x2ed1e384bcbe0c22ULL, 0xf137e893a1ea5334ULL, 0xbe0352933313b7d8ULL, + 0x75d603ed822cd7a9ULL, 0x3f355e68ad1c729dULL, 0x7d3c5c337e858e48ULL, + 0xdde4715da0e148f9ULL, 0xd26615e8b3df1fefULL}}, + {{0x57fe6c7cfd581760ULL, 0xf563eaa97ea2567aULL, 0x161a2723b700ffdfULL, + 0xa3f53a254717cdbfULL, 0xbdff0f80d7359e35ULL, 0x4a1086161f1c157fULL, + 0x6323a96c0c413f9aULL, 0x994747adac6bea4bULL}}, + {{0x6e7d64467a4068faULL, 0x354f903672c571bfULL, 0xb6c6bec2661ff20aULL, + 0xb4b79a1cb7a6facfULL, 0xc68ef09ab49a7f18ULL, 0x6ca44251f9c4662dULL, + 0xc039307a3bc3a46fULL, 0xd9d33a1daeae4faeULL}}, + {{0x93d4143a4d568688ULL, 0xf34a3ca24c451735ULL, 0x04054a2883694706ULL, + 0x372c822dc5ab9209ULL, 0xc9937a19333e47d3ULL, 0xc987bfe6c7c69e39ULL, + 0x540924bffe86ac51ULL, 0xecc5aaee160ec7f4ULL}}, + {{0x1ee702bfd40d7fa4ULL, 0xd9a8515935c2ac36ULL, 0x2fc4a5d12b8dd169ULL, + 0x90069b92cb2b89f4ULL, 0x9ac4db4d3b44b489ULL, 0x1ede369c71f8b74eULL, + 0x41416e0c02aae703ULL, 0xa7c9934d425b1f9bULL}}, + {{0xdb5a238351446172ULL, 0x602a1fcb92dc380eULL, 0x549c07a69a8a2b7bULL, + 0xb1ceb2db0b440a80ULL, 0x84090de0b755d93cULL, 0x244289251b3a7d3aULL, + 0xde5f16ecd89a4c94ULL, 0x9b223116545a8f37ULL}}, + {{0xed9c4598fbc7b474ULL, 0xc3b63b15d1fa9836ULL, 0xf452763b306c1e7aULL, + 0x4b3369af0267e79fULL, 0x0361331b8ae1ff1fULL, 0xdb788aff1ce74189ULL, + 0xf3f3e4b248e52a38ULL, 0x526f0580a6debeabULL}}, + {{0x1b2df381cda4ca6bULL, 0x5dd86fc04a59a2deULL, 0x986e477d1dcdbaefULL, + 0xcab948eaef711d8aULL, 0x7966841421800120ULL, 0x6107abebbb6bfad8ULL, + 0x94fe5a63cdc60230ULL, 0xfb89c8efd09ecd7bULL}}, + {{0x20d71bf14a92bc48ULL, 0x991bb2d9d517f4faULL, 0x5228e188aaa41de7ULL, + 0x86cc91189def805dULL, 0x9b9f2130d41220f8ULL, 0x771ddfbc323ca4cdULL, + 0x7ab14904b08013d2ULL, 0xba3116f167e78e37ULL}}}; #endif diff --git a/gosthash2012_precalc.h b/gosthash2012_precalc.h index 55e9e206c..263d1bb01 100644 --- a/gosthash2012_precalc.h +++ b/gosthash2012_precalc.h @@ -11,8 +11,7 @@ #ifndef __GOST3411_BIG_ENDIAN__ ALIGN(16) static const unsigned long long Ax[8][256] = { - { - 0xd01f715b5c7ef8e6ULL, 0x16fa240980778325ULL, 0xa8a42e857ee049c8ULL, + {0xd01f715b5c7ef8e6ULL, 0x16fa240980778325ULL, 0xa8a42e857ee049c8ULL, 0x6ac1068fa186465bULL, 0x6e417bd7a2e9320bULL, 0x665c8167a437daabULL, 0x7666681aa89617f6ULL, 0x4b959163700bdcf5ULL, 0xf14be6b78df36248ULL, 0xc585bd689a625cffULL, 0x9557d7fca67d82cbULL, 0x89f0b969af6dd366ULL, @@ -98,8 +97,7 @@ static const unsigned long long Ax[8][256] = { 0x61bc1405e13389c7ULL, 0x4ab5c975b9d9c1e1ULL, 0x80cd1bcf606126d2ULL, 0x7186fd78ed92449aULL, 0x93971a882aabccb3ULL, 0x88d0e17f66bfce72ULL, 0x27945a985d5bd4d6ULL}, - { - 0xde553f8c05a811c8ULL, 0x1906b59631b4f565ULL, 0x436e70d6b1964ff7ULL, + {0xde553f8c05a811c8ULL, 0x1906b59631b4f565ULL, 0x436e70d6b1964ff7ULL, 0x36d343cb8b1e9d85ULL, 0x843dfacc858aab5aULL, 0xfdfc95c299bfc7f9ULL, 0x0f634bdea1d51fa2ULL, 0x6d458b3b76efb3cdULL, 0x85c3f77cf8593f80ULL, 0x3c91315fbe737cb2ULL, 0x2148b03366ace398ULL, 0x18f8b8264c6761bfULL, @@ -185,8 +183,7 @@ static const unsigned long long Ax[8][256] = { 0xb4d097801d446939ULL, 0xcff0e2f3fbca3033ULL, 0xc38cbee0dd778ee2ULL, 0x464f499c252eb162ULL, 0xcad1dbb96f72cea6ULL, 0xba4dd1eec142e241ULL, 0xb00fa37af42f0376ULL}, - { - 0xcce4cd3aa968b245ULL, 0x089d5484e80b7fafULL, 0x638246c1b3548304ULL, + {0xcce4cd3aa968b245ULL, 0x089d5484e80b7fafULL, 0x638246c1b3548304ULL, 0xd2fe0ec8c2355492ULL, 0xa7fbdf7ff2374eeeULL, 0x4df1600c92337a16ULL, 0x84e503ea523b12fbULL, 0x0790bbfd53ab0c4aULL, 0x198a780f38f6ea9dULL, 0x2ab30c8f55ec48cbULL, 0xe0f7fed6b2c49db5ULL, 0xb6ecf3f422cadbdcULL, @@ -272,8 +269,7 @@ static const unsigned long long Ax[8][256] = { 0xd63e248ab6bee54bULL, 0x5dd6c8195f258455ULL, 0x06a03f634e40673bULL, 0x1f2a476c76b68da6ULL, 0x217ec9b49ac78af7ULL, 0xecaa80102e4453c3ULL, 0x14e78257b99d4f9aULL}, - { - 0x20329b2cc87bba05ULL, 0x4f5eb6f86546a531ULL, 0xd4f44775f751b6b1ULL, + {0x20329b2cc87bba05ULL, 0x4f5eb6f86546a531ULL, 0xd4f44775f751b6b1ULL, 0x8266a47b850dfa8bULL, 0xbb986aa15a6ca985ULL, 0xc979eb08f9ae0f99ULL, 0x2da6f447a2375ea1ULL, 0x1e74275dcd7d8576ULL, 0xbc20180a800bc5f8ULL, 0xb4a2f701b2dc65beULL, 0xe726946f981b6d66ULL, 0x48e6c453bf21c94cULL, @@ -359,8 +355,7 @@ static const unsigned long long Ax[8][256] = { 0x2b49ff07392e261dULL, 0x57c59ae5332258fbULL, 0x73b6f842e2bcb2ddULL, 0xcf96e04862b77725ULL, 0x4ca73dd8a6c4996fULL, 0x015779eb417e14c1ULL, 0x37932a9176af8bf4ULL}, - { - 0x190a2c9b249df23eULL, 0x2f62f8b62263e1e9ULL, 0x7a7f754740993655ULL, + {0x190a2c9b249df23eULL, 0x2f62f8b62263e1e9ULL, 0x7a7f754740993655ULL, 0x330b7ba4d5564d9fULL, 0x4c17a16a46672582ULL, 0xb22f08eb7d05f5b8ULL, 0x535f47f40bc148ccULL, 0x3aec5d27d4883037ULL, 0x10ed0a1825438f96ULL, 0x516101f72c233d17ULL, 0x13cc6f949fd04eaeULL, 0x739853c441474bfdULL, @@ -446,8 +441,7 @@ static const unsigned long long Ax[8][256] = { 0xaa3a07ffc4e9b365ULL, 0xecebe59a39c32a77ULL, 0x5ba742f8976e8187ULL, 0x4b4a48e0b22d0e11ULL, 0xddded83dcb771233ULL, 0xa59feb79ac0c51bdULL, 0xc7f5912a55792135ULL}, - { - 0x6d6ae04668a9b08aULL, 0x3ab3f04b0be8c743ULL, 0xe51e166b54b3c908ULL, + {0x6d6ae04668a9b08aULL, 0x3ab3f04b0be8c743ULL, 0xe51e166b54b3c908ULL, 0xbe90a9eb35c2f139ULL, 0xb2c7066637f2bec1ULL, 0xaa6945613392202cULL, 0x9a28c36f3b5201ebULL, 0xddce5a93ab536994ULL, 0x0e34133ef6382827ULL, 0x52a02ba1ec55048bULL, 0xa2f88f97c4b2a177ULL, 0x8640e513ca2251a5ULL, @@ -533,8 +527,7 @@ static const unsigned long long Ax[8][256] = { 0xa347d140beb61c96ULL, 0xde12b8f7255fb3aaULL, 0x9d324470404e1576ULL, 0x9306574eb6763d51ULL, 0xa80af9d2c79a47f3ULL, 0x859c0777442e8b9bULL, 0x69ac853d9db97e29ULL}, - { - 0xc3407dfc2de6377eULL, 0x5b9e93eea4256f77ULL, 0xadb58fdd50c845e0ULL, + {0xc3407dfc2de6377eULL, 0x5b9e93eea4256f77ULL, 0xadb58fdd50c845e0ULL, 0x5219ff11a75bed86ULL, 0x356b61cfd90b1de9ULL, 0xfb8f406e25abe037ULL, 0x7a5a0231c0f60796ULL, 0x9d3cd216e1f5020bULL, 0x0c6550fb6b48d8f3ULL, 0xf57508c427ff1c62ULL, 0x4ad35ffa71cb407dULL, 0x6290a2da1666aa6dULL, @@ -620,8 +613,7 @@ static const unsigned long long Ax[8][256] = { 0xf1563866f5c75433ULL, 0x4dae7baf70e13ed9ULL, 0x7ce62ac27bd26b61ULL, 0x70837a39109ab392ULL, 0x90988e4b30b3c8abULL, 0xb2020b63877296bfULL, 0x156efcb607d6675bULL}, - { - 0xe63f55ce97c331d0ULL, 0x25b506b0015bba16ULL, 0xc8706e29e6ad9ba8ULL, + {0xe63f55ce97c331d0ULL, 0x25b506b0015bba16ULL, 0xc8706e29e6ad9ba8ULL, 0x5b43d3775d521f6aULL, 0x0bfa3d577035106eULL, 0xab95fc172afb0e66ULL, 0xf64b63979e7a3276ULL, 0xf58b4562649dad4bULL, 0x48f7c3dbae0c83f1ULL, 0xff31916642f5c8c5ULL, 0xcbb048dc1c4a0495ULL, 0x66b8f83cdf622989ULL, @@ -706,13 +698,11 @@ static const unsigned long long Ax[8][256] = { 0xcd2d042bf59927efULL, 0xc930877ab0f0ee48ULL, 0x9273540deda2f122ULL, 0xc797d02fd3f14261ULL, 0xe1e2f06a284d674aULL, 0xd2be8c74c97cfd80ULL, 0x9a494faf67707e71ULL, 0xb3dbd1eca9908293ULL, 0x72d14d3493b2e388ULL, - 0xd6a30f258c153427ULL} -}; + 0xd6a30f258c153427ULL}}; #else ALIGN(16) static const unsigned long long Ax[8][256] = { - { - 0xe6f87e5c5b711fd0ULL, 0x258377800924fa16ULL, 0xc849e07e852ea4a8ULL, + {0xe6f87e5c5b711fd0ULL, 0x258377800924fa16ULL, 0xc849e07e852ea4a8ULL, 0x5b4686a18f06c16aULL, 0x0b32e9a2d77b416eULL, 0xabda37a467815c66ULL, 0xf61796a81a686676ULL, 0xf5dc0b706391954bULL, 0x4862f38db7e64bf1ULL, 0xff5c629a68bd85c5ULL, 0xcb827da6fcd75795ULL, 0x66d36daf69b9f089ULL, @@ -798,8 +788,7 @@ static const unsigned long long Ax[8][256] = { 0xc78933e10514bc61ULL, 0xe1c1d9b975c9b54aULL, 0xd2266160cf1bcd80ULL, 0x9a4492ed78fd8671ULL, 0xb3ccab2a881a9793ULL, 0x72cebf667fe1d088ULL, 0xd6d45b5d985a9427ULL}, - { - 0xc811a8058c3f55deULL, 0x65f5b43196b50619ULL, 0xf74f96b1d6706e43ULL, + {0xc811a8058c3f55deULL, 0x65f5b43196b50619ULL, 0xf74f96b1d6706e43ULL, 0x859d1e8bcb43d336ULL, 0x5aab8a85ccfa3d84ULL, 0xf9c7bf99c295fcfdULL, 0xa21fd5a1de4b630fULL, 0xcdb3ef763b8b456dULL, 0x803f59f87cf7c385ULL, 0xb27c73be5f31913cULL, 0x98e3ac6633b04821ULL, 0xbf61674c26b8f818ULL, @@ -885,8 +874,7 @@ static const unsigned long long Ax[8][256] = { 0x3969441d8097d0b4ULL, 0x3330cafbf3e2f0cfULL, 0xe28e77dde0be8cc3ULL, 0x62b12e259c494f46ULL, 0xa6ce726fb9dbd1caULL, 0x41e242c1eed14dbaULL, 0x76032ff47aa30fb0ULL}, - { - 0x45b268a93acde4ccULL, 0xaf7f0be884549d08ULL, 0x048354b3c1468263ULL, + {0x45b268a93acde4ccULL, 0xaf7f0be884549d08ULL, 0x048354b3c1468263ULL, 0x925435c2c80efed2ULL, 0xee4e37f27fdffba7ULL, 0x167a33920c60f14dULL, 0xfb123b52ea03e584ULL, 0x4a0cab53fdbb9007ULL, 0x9deaf6380f788a19ULL, 0xcb48ec558f0cb32aULL, 0xb59dc4b2d6fef7e0ULL, 0xdcdbca22f4f3ecb6ULL, @@ -972,8 +960,7 @@ static const unsigned long long Ax[8][256] = { 0x4be5beb68a243ed6ULL, 0x5584255f19c8d65dULL, 0x3b67404e633fa006ULL, 0xa68db6766c472a1fULL, 0xf78ac79ab4c97e21ULL, 0xc353442e1080aaecULL, 0x9a4f9db95782e714ULL}, - { - 0x05ba7bc82c9b3220ULL, 0x31a54665f8b65e4fULL, 0xb1b651f77547f4d4ULL, + {0x05ba7bc82c9b3220ULL, 0x31a54665f8b65e4fULL, 0xb1b651f77547f4d4ULL, 0x8bfa0d857ba46682ULL, 0x85a96c5aa16a98bbULL, 0x990faef908eb79c9ULL, 0xa15e37a247f4a62dULL, 0x76857dcd5d27741eULL, 0xf8c50b800a1820bcULL, 0xbe65dcb201f7a2b4ULL, 0x666d1b986f9426e7ULL, 0x4cc921bf53c4e648ULL, @@ -1059,8 +1046,7 @@ static const unsigned long long Ax[8][256] = { 0x1d262e3907ff492bULL, 0xfb582233e59ac557ULL, 0xddb2bce242f8b673ULL, 0x2577b76248e096cfULL, 0x6f99c4a6d83da74cULL, 0xc1147e41eb795701ULL, 0xf48baf76912a9337ULL}, - { - 0x3ef29d249b2c0a19ULL, 0xe9e16322b6f8622fULL, 0x5536994047757f7aULL, + {0x3ef29d249b2c0a19ULL, 0xe9e16322b6f8622fULL, 0x5536994047757f7aULL, 0x9f4d56d5a47b0b33ULL, 0x822567466aa1174cULL, 0xb8f5057deb082fb2ULL, 0xcc48c10bf4475f53ULL, 0x373088d4275dec3aULL, 0x968f4325180aed10ULL, 0x173d232cf7016151ULL, 0xae4ed09f946fcc13ULL, 0xfd4b4741c4539873ULL, @@ -1146,8 +1132,7 @@ static const unsigned long long Ax[8][256] = { 0x65b3e9c4ff073aaaULL, 0x772ac3399ae5ebecULL, 0x87816e97f842a75bULL, 0x110e2db2e0484a4bULL, 0x331277cb3dd8deddULL, 0xbd510cac79eb9fa5ULL, 0x352179552a91f5c7ULL}, - { - 0x8ab0a96846e06a6dULL, 0x43c7e80b4bf0b33aULL, 0x08c9b3546b161ee5ULL, + {0x8ab0a96846e06a6dULL, 0x43c7e80b4bf0b33aULL, 0x08c9b3546b161ee5ULL, 0x39f1c235eba990beULL, 0xc1bef2376606c7b2ULL, 0x2c209233614569aaULL, 0xeb01523b6fc3289aULL, 0x946953ab935aceddULL, 0x272838f63e13340eULL, 0x8b0455eca12ba052ULL, 0x77a1b2c4978ff8a2ULL, 0xa55122ca13e54086ULL, @@ -1233,8 +1218,7 @@ static const unsigned long long Ax[8][256] = { 0x961cb6be40d147a3ULL, 0xaab35f25f7b812deULL, 0x76154e407044329dULL, 0x513d76b64e570693ULL, 0xf3479ac7d2f90aa8ULL, 0x9b8b2e4477079c85ULL, 0x297eb99d3d85ac69ULL}, - { - 0x7e37e62dfc7d40c3ULL, 0x776f25a4ee939e5bULL, 0xe045c850dd8fb5adULL, + {0x7e37e62dfc7d40c3ULL, 0x776f25a4ee939e5bULL, 0xe045c850dd8fb5adULL, 0x86ed5ba711ff1952ULL, 0xe91d0bd9cf616b35ULL, 0x37e0ab256e408ffbULL, 0x9607f6c031025a7aULL, 0x0b02f5e116d23c9dULL, 0xf3d8486bfb50650cULL, 0x621cff27c40875f5ULL, 0x7d40cb71fa5fd34aULL, 0x6daa6616daa29062ULL, @@ -1320,8 +1304,7 @@ static const unsigned long long Ax[8][256] = { 0x3354c7f5663856f1ULL, 0xd93ee170af7bae4dULL, 0x616bd27bc22ae67cULL, 0x92b39a10397a8370ULL, 0xabc8b3304b8e9890ULL, 0xbf967287630b02b2ULL, 0x5b67d607b6fc6e15ULL}, - { - 0xd031c397ce553fe6ULL, 0x16ba5b01b006b525ULL, 0xa89bade6296e70c8ULL, + {0xd031c397ce553fe6ULL, 0x16ba5b01b006b525ULL, 0xa89bade6296e70c8ULL, 0x6a1f525d77d3435bULL, 0x6e103570573dfa0bULL, 0x660efb2a17fc95abULL, 0x76327a9e97634bf6ULL, 0x4bad9d6462458bf5ULL, 0xf1830caedbc3f748ULL, 0xc5c8f542669131ffULL, 0x95044a1cdc48b0cbULL, 0x892962df3cf8b866ULL, @@ -1406,6 +1389,5 @@ static const unsigned long long Ax[8][256] = { 0xef2799f52b042dcdULL, 0x48eef0b07a8730c9ULL, 0x22f1a2ed0d547392ULL, 0x6142f1d32fd097c7ULL, 0x4a674d286af0e2e1ULL, 0x80fd7cc9748cbed2ULL, 0x717e7067af4f499aULL, 0x938290a9ecd1dbb3ULL, 0x88e3b293344dd172ULL, - 0x2734158c250fa3d6ULL} -}; + 0x2734158c250fa3d6ULL}}; #endif diff --git a/gosthash2012_ref.h b/gosthash2012_ref.h index f2383ea89..ee64209e2 100644 --- a/gosthash2012_ref.h +++ b/gosthash2012_ref.h @@ -12,59 +12,62 @@ # error "GOST R 34.11-2012: portable implementation disabled in config.h" #endif -#define X(x, y, z) { \ - z->QWORD[0] = x->QWORD[0] ^ y->QWORD[0]; \ - z->QWORD[1] = x->QWORD[1] ^ y->QWORD[1]; \ - z->QWORD[2] = x->QWORD[2] ^ y->QWORD[2]; \ - z->QWORD[3] = x->QWORD[3] ^ y->QWORD[3]; \ - z->QWORD[4] = x->QWORD[4] ^ y->QWORD[4]; \ - z->QWORD[5] = x->QWORD[5] ^ y->QWORD[5]; \ - z->QWORD[6] = x->QWORD[6] ^ y->QWORD[6]; \ - z->QWORD[7] = x->QWORD[7] ^ y->QWORD[7]; \ -} +#define X(x, y, z) \ + { \ + z->QWORD[0] = x->QWORD[0] ^ y->QWORD[0]; \ + z->QWORD[1] = x->QWORD[1] ^ y->QWORD[1]; \ + z->QWORD[2] = x->QWORD[2] ^ y->QWORD[2]; \ + z->QWORD[3] = x->QWORD[3] ^ y->QWORD[3]; \ + z->QWORD[4] = x->QWORD[4] ^ y->QWORD[4]; \ + z->QWORD[5] = x->QWORD[5] ^ y->QWORD[5]; \ + z->QWORD[6] = x->QWORD[6] ^ y->QWORD[6]; \ + z->QWORD[7] = x->QWORD[7] ^ y->QWORD[7]; \ + } -# define __XLPS_FOR for (_i = 0; _i <= 7; _i++) +#define __XLPS_FOR for (_i = 0; _i <= 7; _i++) #ifndef __GOST3411_BIG_ENDIAN__ # define _datai _i #else # define _datai 7 - _i #endif -#define XLPS(x, y, data) { \ - register unsigned long long r0, r1, r2, r3, r4, r5, r6, r7; \ - int _i; \ - \ - r0 = x->QWORD[0] ^ y->QWORD[0]; \ - r1 = x->QWORD[1] ^ y->QWORD[1]; \ - r2 = x->QWORD[2] ^ y->QWORD[2]; \ - r3 = x->QWORD[3] ^ y->QWORD[3]; \ - r4 = x->QWORD[4] ^ y->QWORD[4]; \ - r5 = x->QWORD[5] ^ y->QWORD[5]; \ - r6 = x->QWORD[6] ^ y->QWORD[6]; \ - r7 = x->QWORD[7] ^ y->QWORD[7]; \ - \ - \ - __XLPS_FOR {\ - data->QWORD[_datai] = Ax[0][r0 & 0xFF]; \ - data->QWORD[_datai] ^= Ax[1][r1 & 0xFF]; \ - data->QWORD[_datai] ^= Ax[2][r2 & 0xFF]; \ - data->QWORD[_datai] ^= Ax[3][r3 & 0xFF]; \ - data->QWORD[_datai] ^= Ax[4][r4 & 0xFF]; \ - data->QWORD[_datai] ^= Ax[5][r5 & 0xFF]; \ - data->QWORD[_datai] ^= Ax[6][r6 & 0xFF]; \ - data->QWORD[_datai] ^= Ax[7][r7 & 0xFF]; \ - r0 >>= 8; \ - r1 >>= 8; \ - r2 >>= 8; \ - r3 >>= 8; \ - r4 >>= 8; \ - r5 >>= 8; \ - r6 >>= 8; \ - r7 >>= 8; \ - }\ -} +#define XLPS(x, y, data) \ + { \ + register unsigned long long r0, r1, r2, r3, r4, r5, r6, r7; \ + int _i; \ + \ + r0 = x->QWORD[0] ^ y->QWORD[0]; \ + r1 = x->QWORD[1] ^ y->QWORD[1]; \ + r2 = x->QWORD[2] ^ y->QWORD[2]; \ + r3 = x->QWORD[3] ^ y->QWORD[3]; \ + r4 = x->QWORD[4] ^ y->QWORD[4]; \ + r5 = x->QWORD[5] ^ y->QWORD[5]; \ + r6 = x->QWORD[6] ^ y->QWORD[6]; \ + r7 = x->QWORD[7] ^ y->QWORD[7]; \ + \ + __XLPS_FOR \ + { \ + data->QWORD[_datai] = Ax[0][r0 & 0xFF]; \ + data->QWORD[_datai] ^= Ax[1][r1 & 0xFF]; \ + data->QWORD[_datai] ^= Ax[2][r2 & 0xFF]; \ + data->QWORD[_datai] ^= Ax[3][r3 & 0xFF]; \ + data->QWORD[_datai] ^= Ax[4][r4 & 0xFF]; \ + data->QWORD[_datai] ^= Ax[5][r5 & 0xFF]; \ + data->QWORD[_datai] ^= Ax[6][r6 & 0xFF]; \ + data->QWORD[_datai] ^= Ax[7][r7 & 0xFF]; \ + r0 >>= 8; \ + r1 >>= 8; \ + r2 >>= 8; \ + r3 >>= 8; \ + r4 >>= 8; \ + r5 >>= 8; \ + r6 >>= 8; \ + r7 >>= 8; \ + } \ + } -#define ROUND(i, Ki, data) { \ - XLPS(Ki, (&C[i]), Ki); \ - XLPS(Ki, data, data); \ -} +#define ROUND(i, Ki, data) \ + { \ + XLPS(Ki, (&C[i]), Ki); \ + XLPS(Ki, data, data); \ + } diff --git a/gosthash2012_sse2.h b/gosthash2012_sse2.h index 07e2ec007..5789c3133 100644 --- a/gosthash2012_sse2.h +++ b/gosthash2012_sse2.h @@ -12,14 +12,14 @@ # error "GOST R 34.11-2012: SSE2 not enabled" #endif -#include #include +#include #ifdef __SSE3__ # include #endif -#define LO(v) ((unsigned char) (v)) -#define HI(v) ((unsigned char) (((unsigned int) (v)) >> 8)) +#define LO(v) ((unsigned char)(v)) +#define HI(v) ((unsigned char)(((unsigned int)(v)) >> 8)) #ifdef __i386__ # define EXTRACT EXTRACT32 @@ -29,7 +29,7 @@ #ifndef __ICC # define _mm_cvtsi64_m64(v) (__m64) v -# define _mm_cvtm64_si64(v) (long long) v +# define _mm_cvtm64_si64(v) (long long)v #endif #ifdef __SSE3__ @@ -43,170 +43,180 @@ #endif /* load 512bit from unaligned memory */ -#define ULOAD(P, xmm0, xmm1, xmm2, xmm3) { \ - const __m128i *__m128p = (const __m128i *) P; \ - xmm0 = UMEM_READ_I128(&__m128p[0]); \ - xmm1 = UMEM_READ_I128(&__m128p[1]); \ - xmm2 = UMEM_READ_I128(&__m128p[2]); \ - xmm3 = UMEM_READ_I128(&__m128p[3]); \ -} +#define ULOAD(P, xmm0, xmm1, xmm2, xmm3) \ + { \ + const __m128i *__m128p = (const __m128i *)P; \ + xmm0 = UMEM_READ_I128(&__m128p[0]); \ + xmm1 = UMEM_READ_I128(&__m128p[1]); \ + xmm2 = UMEM_READ_I128(&__m128p[2]); \ + xmm3 = UMEM_READ_I128(&__m128p[3]); \ + } #ifdef UNALIGNED_SIMD_ACCESS -# define MEM_WRITE_I128 _mm_storeu_si128 -# define MEM_READ_I128 UMEM_READ_I128 -# define LOAD ULOAD +# define MEM_WRITE_I128 _mm_storeu_si128 +# define MEM_READ_I128 UMEM_READ_I128 +# define LOAD ULOAD #else /* !UNALIGNED_SIMD_ACCESS */ -# define MEM_WRITE_I128 _mm_store_si128 -# define MEM_READ_I128 _mm_load_si128 -#define LOAD(P, xmm0, xmm1, xmm2, xmm3) { \ - const __m128i *__m128p = (const __m128i *) P; \ - xmm0 = MEM_READ_I128(&__m128p[0]); \ - xmm1 = MEM_READ_I128(&__m128p[1]); \ - xmm2 = MEM_READ_I128(&__m128p[2]); \ - xmm3 = MEM_READ_I128(&__m128p[3]); \ -} +# define MEM_WRITE_I128 _mm_store_si128 +# define MEM_READ_I128 _mm_load_si128 +# define LOAD(P, xmm0, xmm1, xmm2, xmm3) \ + { \ + const __m128i *__m128p = (const __m128i *)P; \ + xmm0 = MEM_READ_I128(&__m128p[0]); \ + xmm1 = MEM_READ_I128(&__m128p[1]); \ + xmm2 = MEM_READ_I128(&__m128p[2]); \ + xmm3 = MEM_READ_I128(&__m128p[3]); \ + } #endif /* !UNALIGNED_SIMD_ACCESS */ -#define STORE(P, xmm0, xmm1, xmm2, xmm3) { \ - __m128i *__m128p = (__m128i *) &P[0]; \ - MEM_WRITE_I128(&__m128p[0], xmm0); \ - MEM_WRITE_I128(&__m128p[1], xmm1); \ - MEM_WRITE_I128(&__m128p[2], xmm2); \ - MEM_WRITE_I128(&__m128p[3], xmm3); \ -} - -#define X128R(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7) { \ - xmm0 = _mm_xor_si128(xmm0, xmm4); \ - xmm1 = _mm_xor_si128(xmm1, xmm5); \ - xmm2 = _mm_xor_si128(xmm2, xmm6); \ - xmm3 = _mm_xor_si128(xmm3, xmm7); \ -} - -#define X128M(P, xmm0, xmm1, xmm2, xmm3) { \ - const __m128i *__m128p = (const __m128i *) &P[0]; \ - xmm0 = _mm_xor_si128(xmm0, MEM_READ_I128(&__m128p[0])); \ - xmm1 = _mm_xor_si128(xmm1, MEM_READ_I128(&__m128p[1])); \ - xmm2 = _mm_xor_si128(xmm2, MEM_READ_I128(&__m128p[2])); \ - xmm3 = _mm_xor_si128(xmm3, MEM_READ_I128(&__m128p[3])); \ -} +#define STORE(P, xmm0, xmm1, xmm2, xmm3) \ + { \ + __m128i *__m128p = (__m128i *)&P[0]; \ + MEM_WRITE_I128(&__m128p[0], xmm0); \ + MEM_WRITE_I128(&__m128p[1], xmm1); \ + MEM_WRITE_I128(&__m128p[2], xmm2); \ + MEM_WRITE_I128(&__m128p[3], xmm3); \ + } + +#define X128R(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7) \ + { \ + xmm0 = _mm_xor_si128(xmm0, xmm4); \ + xmm1 = _mm_xor_si128(xmm1, xmm5); \ + xmm2 = _mm_xor_si128(xmm2, xmm6); \ + xmm3 = _mm_xor_si128(xmm3, xmm7); \ + } + +#define X128M(P, xmm0, xmm1, xmm2, xmm3) \ + { \ + const __m128i *__m128p = (const __m128i *)&P[0]; \ + xmm0 = _mm_xor_si128(xmm0, MEM_READ_I128(&__m128p[0])); \ + xmm1 = _mm_xor_si128(xmm1, MEM_READ_I128(&__m128p[1])); \ + xmm2 = _mm_xor_si128(xmm2, MEM_READ_I128(&__m128p[2])); \ + xmm3 = _mm_xor_si128(xmm3, MEM_READ_I128(&__m128p[3])); \ + } #define _mm_xor_64(mm0, mm1) _mm_xor_si64(mm0, _mm_cvtsi64_m64(mm1)) -#define EXTRACT32(row, xmm0, xmm1, xmm2, xmm3, xmm4) { \ - register unsigned short ax; \ - __m64 mm0, mm1; \ - \ - ax = (unsigned short) _mm_extract_epi16(xmm0, row + 0); \ - mm0 = _mm_cvtsi64_m64(Ax[0][LO(ax)]); \ - mm1 = _mm_cvtsi64_m64(Ax[0][HI(ax)]); \ - \ - ax = (unsigned short) _mm_extract_epi16(xmm0, row + 4); \ - mm0 = _mm_xor_64(mm0, Ax[1][LO(ax)]); \ - mm1 = _mm_xor_64(mm1, Ax[1][HI(ax)]); \ - \ - ax = (unsigned short) _mm_extract_epi16(xmm1, row + 0); \ - mm0 = _mm_xor_64(mm0, Ax[2][LO(ax)]); \ - mm1 = _mm_xor_64(mm1, Ax[2][HI(ax)]); \ - \ - ax = (unsigned short) _mm_extract_epi16(xmm1, row + 4); \ - mm0 = _mm_xor_64(mm0, Ax[3][LO(ax)]); \ - mm1 = _mm_xor_64(mm1, Ax[3][HI(ax)]); \ - \ - ax = (unsigned short) _mm_extract_epi16(xmm2, row + 0); \ - mm0 = _mm_xor_64(mm0, Ax[4][LO(ax)]); \ - mm1 = _mm_xor_64(mm1, Ax[4][HI(ax)]); \ - \ - ax = (unsigned short) _mm_extract_epi16(xmm2, row + 4); \ - mm0 = _mm_xor_64(mm0, Ax[5][LO(ax)]); \ - mm1 = _mm_xor_64(mm1, Ax[5][HI(ax)]); \ - \ - ax = (unsigned short) _mm_extract_epi16(xmm3, row + 0); \ - mm0 = _mm_xor_64(mm0, Ax[6][LO(ax)]); \ - mm1 = _mm_xor_64(mm1, Ax[6][HI(ax)]); \ - \ - ax = (unsigned short) _mm_extract_epi16(xmm3, row + 4); \ - mm0 = _mm_xor_64(mm0, Ax[7][LO(ax)]); \ - mm1 = _mm_xor_64(mm1, Ax[7][HI(ax)]); \ - \ - xmm4 = _mm_set_epi64(mm1, mm0); \ -} - -#define EXTRACT64(row, xmm0, xmm1, xmm2, xmm3, xmm4) { \ - __m128i tmm4; \ - register unsigned short ax; \ - register unsigned long long r0, r1; \ - \ - ax = (unsigned short) _mm_extract_epi16(xmm0, row + 0); \ - r0 = Ax[0][LO(ax)]; \ - r1 = Ax[0][HI(ax)]; \ - \ - ax = (unsigned short) _mm_extract_epi16(xmm0, row + 4); \ - r0 ^= Ax[1][LO(ax)]; \ - r1 ^= Ax[1][HI(ax)]; \ - \ - ax = (unsigned short) _mm_extract_epi16(xmm1, row + 0); \ - r0 ^= Ax[2][LO(ax)]; \ - r1 ^= Ax[2][HI(ax)]; \ - \ - ax = (unsigned short) _mm_extract_epi16(xmm1, row + 4); \ - r0 ^= Ax[3][LO(ax)]; \ - r1 ^= Ax[3][HI(ax)]; \ - \ - ax = (unsigned short) _mm_extract_epi16(xmm2, row + 0); \ - r0 ^= Ax[4][LO(ax)]; \ - r1 ^= Ax[4][HI(ax)]; \ - \ - ax = (unsigned short) _mm_extract_epi16(xmm2, row + 4); \ - r0 ^= Ax[5][LO(ax)]; \ - r1 ^= Ax[5][HI(ax)]; \ - \ - ax = (unsigned short) _mm_extract_epi16(xmm3, row + 0); \ - r0 ^= Ax[6][LO(ax)]; \ - r1 ^= Ax[6][HI(ax)]; \ - \ - ax = (unsigned short) _mm_extract_epi16(xmm3, row + 4); \ - r0 ^= Ax[7][LO(ax)]; \ - r1 ^= Ax[7][HI(ax)]; \ - \ - xmm4 = _mm_cvtsi64_si128((long long) r0); \ - tmm4 = _mm_cvtsi64_si128((long long) r1); \ - xmm4 = _mm_unpacklo_epi64(xmm4, tmm4); \ -} - -#define XLPS128M(P, xmm0, xmm1, xmm2, xmm3) { \ - __m128i tmm0, tmm1, tmm2, tmm3; \ - X128M(P, xmm0, xmm1, xmm2, xmm3); \ - \ - EXTRACT(0, xmm0, xmm1, xmm2, xmm3, tmm0); \ - EXTRACT(1, xmm0, xmm1, xmm2, xmm3, tmm1); \ - EXTRACT(2, xmm0, xmm1, xmm2, xmm3, tmm2); \ - EXTRACT(3, xmm0, xmm1, xmm2, xmm3, tmm3); \ - \ - xmm0 = tmm0; \ - xmm1 = tmm1; \ - xmm2 = tmm2; \ - xmm3 = tmm3; \ -} - -#define XLPS128R(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7) { \ - __m128i tmm0, tmm1, tmm2, tmm3; \ - X128R(xmm4, xmm5, xmm6, xmm7, xmm0, xmm1, xmm2, xmm3); \ - \ - EXTRACT(0, xmm4, xmm5, xmm6, xmm7, tmm0); \ - EXTRACT(1, xmm4, xmm5, xmm6, xmm7, tmm1); \ - EXTRACT(2, xmm4, xmm5, xmm6, xmm7, tmm2); \ - EXTRACT(3, xmm4, xmm5, xmm6, xmm7, tmm3); \ - \ - xmm4 = tmm0; \ - xmm5 = tmm1; \ - xmm6 = tmm2; \ - xmm7 = tmm3; \ -} - -#define ROUND128(i, xmm0, xmm2, xmm4, xmm6, xmm1, xmm3, xmm5, xmm7) { \ - XLPS128M((&C[i]), xmm0, xmm2, xmm4, xmm6); \ - XLPS128R(xmm0, xmm2, xmm4, xmm6, xmm1, xmm3, xmm5, xmm7); \ -} +#define EXTRACT32(row, xmm0, xmm1, xmm2, xmm3, xmm4) \ + { \ + register unsigned short ax; \ + __m64 mm0, mm1; \ + \ + ax = (unsigned short)_mm_extract_epi16(xmm0, row + 0); \ + mm0 = _mm_cvtsi64_m64(Ax[0][LO(ax)]); \ + mm1 = _mm_cvtsi64_m64(Ax[0][HI(ax)]); \ + \ + ax = (unsigned short)_mm_extract_epi16(xmm0, row + 4); \ + mm0 = _mm_xor_64(mm0, Ax[1][LO(ax)]); \ + mm1 = _mm_xor_64(mm1, Ax[1][HI(ax)]); \ + \ + ax = (unsigned short)_mm_extract_epi16(xmm1, row + 0); \ + mm0 = _mm_xor_64(mm0, Ax[2][LO(ax)]); \ + mm1 = _mm_xor_64(mm1, Ax[2][HI(ax)]); \ + \ + ax = (unsigned short)_mm_extract_epi16(xmm1, row + 4); \ + mm0 = _mm_xor_64(mm0, Ax[3][LO(ax)]); \ + mm1 = _mm_xor_64(mm1, Ax[3][HI(ax)]); \ + \ + ax = (unsigned short)_mm_extract_epi16(xmm2, row + 0); \ + mm0 = _mm_xor_64(mm0, Ax[4][LO(ax)]); \ + mm1 = _mm_xor_64(mm1, Ax[4][HI(ax)]); \ + \ + ax = (unsigned short)_mm_extract_epi16(xmm2, row + 4); \ + mm0 = _mm_xor_64(mm0, Ax[5][LO(ax)]); \ + mm1 = _mm_xor_64(mm1, Ax[5][HI(ax)]); \ + \ + ax = (unsigned short)_mm_extract_epi16(xmm3, row + 0); \ + mm0 = _mm_xor_64(mm0, Ax[6][LO(ax)]); \ + mm1 = _mm_xor_64(mm1, Ax[6][HI(ax)]); \ + \ + ax = (unsigned short)_mm_extract_epi16(xmm3, row + 4); \ + mm0 = _mm_xor_64(mm0, Ax[7][LO(ax)]); \ + mm1 = _mm_xor_64(mm1, Ax[7][HI(ax)]); \ + \ + xmm4 = _mm_set_epi64(mm1, mm0); \ + } + +#define EXTRACT64(row, xmm0, xmm1, xmm2, xmm3, xmm4) \ + { \ + __m128i tmm4; \ + register unsigned short ax; \ + register unsigned long long r0, r1; \ + \ + ax = (unsigned short)_mm_extract_epi16(xmm0, row + 0); \ + r0 = Ax[0][LO(ax)]; \ + r1 = Ax[0][HI(ax)]; \ + \ + ax = (unsigned short)_mm_extract_epi16(xmm0, row + 4); \ + r0 ^= Ax[1][LO(ax)]; \ + r1 ^= Ax[1][HI(ax)]; \ + \ + ax = (unsigned short)_mm_extract_epi16(xmm1, row + 0); \ + r0 ^= Ax[2][LO(ax)]; \ + r1 ^= Ax[2][HI(ax)]; \ + \ + ax = (unsigned short)_mm_extract_epi16(xmm1, row + 4); \ + r0 ^= Ax[3][LO(ax)]; \ + r1 ^= Ax[3][HI(ax)]; \ + \ + ax = (unsigned short)_mm_extract_epi16(xmm2, row + 0); \ + r0 ^= Ax[4][LO(ax)]; \ + r1 ^= Ax[4][HI(ax)]; \ + \ + ax = (unsigned short)_mm_extract_epi16(xmm2, row + 4); \ + r0 ^= Ax[5][LO(ax)]; \ + r1 ^= Ax[5][HI(ax)]; \ + \ + ax = (unsigned short)_mm_extract_epi16(xmm3, row + 0); \ + r0 ^= Ax[6][LO(ax)]; \ + r1 ^= Ax[6][HI(ax)]; \ + \ + ax = (unsigned short)_mm_extract_epi16(xmm3, row + 4); \ + r0 ^= Ax[7][LO(ax)]; \ + r1 ^= Ax[7][HI(ax)]; \ + \ + xmm4 = _mm_cvtsi64_si128((long long)r0); \ + tmm4 = _mm_cvtsi64_si128((long long)r1); \ + xmm4 = _mm_unpacklo_epi64(xmm4, tmm4); \ + } + +#define XLPS128M(P, xmm0, xmm1, xmm2, xmm3) \ + { \ + __m128i tmm0, tmm1, tmm2, tmm3; \ + X128M(P, xmm0, xmm1, xmm2, xmm3); \ + \ + EXTRACT(0, xmm0, xmm1, xmm2, xmm3, tmm0); \ + EXTRACT(1, xmm0, xmm1, xmm2, xmm3, tmm1); \ + EXTRACT(2, xmm0, xmm1, xmm2, xmm3, tmm2); \ + EXTRACT(3, xmm0, xmm1, xmm2, xmm3, tmm3); \ + \ + xmm0 = tmm0; \ + xmm1 = tmm1; \ + xmm2 = tmm2; \ + xmm3 = tmm3; \ + } + +#define XLPS128R(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7) \ + { \ + __m128i tmm0, tmm1, tmm2, tmm3; \ + X128R(xmm4, xmm5, xmm6, xmm7, xmm0, xmm1, xmm2, xmm3); \ + \ + EXTRACT(0, xmm4, xmm5, xmm6, xmm7, tmm0); \ + EXTRACT(1, xmm4, xmm5, xmm6, xmm7, tmm1); \ + EXTRACT(2, xmm4, xmm5, xmm6, xmm7, tmm2); \ + EXTRACT(3, xmm4, xmm5, xmm6, xmm7, tmm3); \ + \ + xmm4 = tmm0; \ + xmm5 = tmm1; \ + xmm6 = tmm2; \ + xmm7 = tmm3; \ + } + +#define ROUND128(i, xmm0, xmm2, xmm4, xmm6, xmm1, xmm3, xmm5, xmm7) \ + { \ + XLPS128M((&C[i]), xmm0, xmm2, xmm4, xmm6); \ + XLPS128R(xmm0, xmm2, xmm4, xmm6, xmm1, xmm3, xmm5, xmm7); \ + } diff --git a/gostsum.c b/gostsum.c index b61215c9f..3062ce584 100644 --- a/gostsum.c +++ b/gostsum.c @@ -10,35 +10,39 @@ #include #include #ifdef _MSC_VER -#include "getopt.h" +# include "getopt.h" # ifndef PATH_MAX # define PATH_MAX _MAX_PATH # endif -#include +# include typedef SSIZE_T ssize_t; #else -#include +# include #endif -#include #include +#include #ifdef _WIN32 # include #endif -#include #include "gosthash.h" + +#include #define BUF_SIZE 262144 -int hash_file(gost_hash_ctx * ctx, char *filename, char *sum, int mode); -int hash_stream(gost_hash_ctx * ctx, int fd, char *sum); +int hash_file(gost_hash_ctx *ctx, char *filename, char *sum, int mode); +int hash_stream(gost_hash_ctx *ctx, int fd, char *sum); int get_line(FILE *f, char *hash, char *filename); + void help() { - fprintf(stderr, "gostsum [-bvt] [-c [file]]| [files]\n" - "\t-c check message digests (default is generate)\n" - "\t-v verbose, print file names when checking\n" - "\t-b read files in binary mode\n" - "\t-t use test GOST paramset (default is CryptoPro paramset)\n" - "The input for -c should be the list of message digests and file names\n" - "that is printed on stdout by this program when it generates digests.\n"); + fprintf( + stderr, + "gostsum [-bvt] [-c [file]]| [files]\n" + "\t-c check message digests (default is generate)\n" + "\t-v verbose, print file names when checking\n" + "\t-b read files in binary mode\n" + "\t-t use test GOST paramset (default is CryptoPro paramset)\n" + "The input for -c should be the list of message digests and file names\n" + "that is printed on stdout by this program when it generates digests.\n"); exit(3); } @@ -109,8 +113,7 @@ int main(int argc, char **argv) if (verbose) { fprintf(stderr, "%s\tFAILED\n", filename); } else { - fprintf(stderr, - "%s: GOST hash sum check failed for '%s'\n", + fprintf(stderr, "%s: GOST hash sum check failed for '%s'\n", argv[0], filename); } failcount++; @@ -120,11 +123,9 @@ int main(int argc, char **argv) fprintf(stderr, "%s: WARNING %d of %d file(s) cannot be processed\n", argv[0], errors, count); - } if (verbose && failcount) { - fprintf(stderr, - "%s: %d of %d file(f) failed GOST hash sum check\n", + fprintf(stderr, "%s: %d of %d file(f) failed GOST hash sum check\n", argv[0], failcount, count); } exit((failcount || errors) ? 1 : 0); @@ -154,7 +155,7 @@ int main(int argc, char **argv) exit(errors ? 1 : 0); } -int hash_file(gost_hash_ctx * ctx, char *filename, char *sum, int mode) +int hash_file(gost_hash_ctx *ctx, char *filename, char *sum, int mode) { int fd; if ((fd = open(filename, mode)) < 0) { @@ -170,7 +171,7 @@ int hash_file(gost_hash_ctx * ctx, char *filename, char *sum, int mode) return 1; } -int hash_stream(gost_hash_ctx * ctx, int fd, char *sum) +int hash_stream(gost_hash_ctx *ctx, int fd, char *sum) { unsigned char buffer[BUF_SIZE]; ssize_t bytes; diff --git a/test_ciphers.c b/test_ciphers.c index 60384988e..4974c0d36 100644 --- a/test_ciphers.c +++ b/test_ciphers.c @@ -10,12 +10,12 @@ # include # pragma warning(pop) #endif +#include #include -#include +#include #include +#include #include -#include -#include #include #if defined _MSC_VER @@ -26,24 +26,27 @@ #endif #include -#define T(e) \ - if (!(e)) { \ - ERR_print_errors_fp(stderr); \ - OpenSSLDie(__FILE__, __LINE__, #e); \ - } - -#define cRED "\033[1;31m" -#define cDRED "\033[0;31m" -#define cGREEN "\033[1;32m" -#define cDGREEN "\033[0;32m" -#define cBLUE "\033[1;34m" +#define T(e) \ + if (!(e)) { \ + ERR_print_errors_fp(stderr); \ + OpenSSLDie(__FILE__, __LINE__, #e); \ + } + +#define cRED "\033[1;31m" +#define cDRED "\033[0;31m" +#define cGREEN "\033[1;32m" +#define cDGREEN "\033[0;32m" +#define cBLUE "\033[1;34m" #define cMAGENT "\033[1;35m" -#define cDBLUE "\033[0;34m" -#define cNORM "\033[m" -#define TEST_ASSERT(e) {if ((test = (e))) \ - printf(cRED "Test FAILED" cNORM "\n"); \ - else \ - printf(cGREEN "Test passed" cNORM "\n");} +#define cDBLUE "\033[0;34m" +#define cNORM "\033[m" +#define TEST_ASSERT(e) \ + { \ + if ((test = (e))) \ + printf(cRED "Test FAILED" cNORM "\n"); \ + else \ + printf(cGREEN "Test passed" cNORM "\n"); \ + } #ifdef __GNUC__ /* Pragma to allow commenting out some tests. */ @@ -55,16 +58,18 @@ * for 128-bit cipher (A.1). */ static const unsigned char K[32] = { - 0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77, - 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, + 0x33, 0x44, 0x55, 0x66, 0x77, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, + 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, }; /* * Key for 64-bit cipher (A.2). */ static const unsigned char Km[32] = { - 0xff,0xee,0xdd,0xcc,0xbb,0xaa,0x99,0x88,0x77,0x66,0x55,0x44,0x33,0x22,0x11,0x00, - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff, + 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 0x77, 0x66, 0x55, + 0x44, 0x33, 0x22, 0x11, 0x00, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, + 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, }; /* @@ -72,71 +77,88 @@ static const unsigned char Km[32] = { * First 16 bytes is vector (a) from GOST R 34.12-2015 A.1. */ static const unsigned char P[] = { - 0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x00,0xff,0xee,0xdd,0xcc,0xbb,0xaa,0x99,0x88, - 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xee,0xff,0x0a, - 0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xee,0xff,0x0a,0x00, - 0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xee,0xff,0x0a,0x00,0x11, + 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x00, 0xff, 0xee, 0xdd, + 0xcc, 0xbb, 0xaa, 0x99, 0x88, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xee, 0xff, 0x0a, 0x11, + 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, + 0xee, 0xff, 0x0a, 0x00, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, + 0x99, 0xaa, 0xbb, 0xcc, 0xee, 0xff, 0x0a, 0x00, 0x11, }; /* Plaintext for 64-bit cipher (A.2) */ static const unsigned char Pm[] = { - 0x92,0xde,0xf0,0x6b,0x3c,0x13,0x0a,0x59,0xdb,0x54,0xc7,0x04,0xf8,0x18,0x9d,0x20, - 0x4a,0x98,0xfb,0x2e,0x67,0xa8,0x02,0x4c,0x89,0x12,0x40,0x9b,0x17,0xb5,0x7e,0x41, + 0x92, 0xde, 0xf0, 0x6b, 0x3c, 0x13, 0x0a, 0x59, 0xdb, 0x54, 0xc7, + 0x04, 0xf8, 0x18, 0x9d, 0x20, 0x4a, 0x98, 0xfb, 0x2e, 0x67, 0xa8, + 0x02, 0x4c, 0x89, 0x12, 0x40, 0x9b, 0x17, 0xb5, 0x7e, 0x41, }; /* Extended plaintext from tc26 acpkm Kuznyechik test vector */ static const unsigned char P_acpkm[] = { - 0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x00,0xFF,0xEE,0xDD,0xCC,0xBB,0xAA,0x99,0x88, - 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xEE,0xFF,0x0A, - 0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xEE,0xFF,0x0A,0x00, - 0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xEE,0xFF,0x0A,0x00,0x11, - 0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xEE,0xFF,0x0A,0x00,0x11,0x22, - 0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xEE,0xFF,0x0A,0x00,0x11,0x22,0x33, - 0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xEE,0xFF,0x0A,0x00,0x11,0x22,0x33,0x44, + 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x00, 0xFF, 0xEE, 0xDD, 0xCC, + 0xBB, 0xAA, 0x99, 0x88, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x11, 0x22, 0x33, 0x44, + 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00, + 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, + 0xFF, 0x0A, 0x00, 0x11, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, + 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00, 0x11, 0x22, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00, 0x11, 0x22, 0x33, + 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00, + 0x11, 0x22, 0x33, 0x44, }; static const unsigned char E_ecb[] = { /* ECB test vectors from GOST R 34.13-2015 A.1.1 */ /* first 16 bytes is vector (b) from GOST R 34.12-2015 A.1 */ - 0x7f,0x67,0x9d,0x90,0xbe,0xbc,0x24,0x30,0x5a,0x46,0x8d,0x42,0xb9,0xd4,0xed,0xcd, - 0xb4,0x29,0x91,0x2c,0x6e,0x00,0x32,0xf9,0x28,0x54,0x52,0xd7,0x67,0x18,0xd0,0x8b, - 0xf0,0xca,0x33,0x54,0x9d,0x24,0x7c,0xee,0xf3,0xf5,0xa5,0x31,0x3b,0xd4,0xb1,0x57, - 0xd0,0xb0,0x9c,0xcd,0xe8,0x30,0xb9,0xeb,0x3a,0x02,0xc4,0xc5,0xaa,0x8a,0xda,0x98, + 0x7f, 0x67, 0x9d, 0x90, 0xbe, 0xbc, 0x24, 0x30, 0x5a, 0x46, 0x8d, + 0x42, 0xb9, 0xd4, 0xed, 0xcd, 0xb4, 0x29, 0x91, 0x2c, 0x6e, 0x00, + 0x32, 0xf9, 0x28, 0x54, 0x52, 0xd7, 0x67, 0x18, 0xd0, 0x8b, 0xf0, + 0xca, 0x33, 0x54, 0x9d, 0x24, 0x7c, 0xee, 0xf3, 0xf5, 0xa5, 0x31, + 0x3b, 0xd4, 0xb1, 0x57, 0xd0, 0xb0, 0x9c, 0xcd, 0xe8, 0x30, 0xb9, + 0xeb, 0x3a, 0x02, 0xc4, 0xc5, 0xaa, 0x8a, 0xda, 0x98, }; static const unsigned char E_ctr[] = { /* CTR test vectors from GOST R 34.13-2015 A.1.2 */ - 0xf1,0x95,0xd8,0xbe,0xc1,0x0e,0xd1,0xdb,0xd5,0x7b,0x5f,0xa2,0x40,0xbd,0xa1,0xb8, - 0x85,0xee,0xe7,0x33,0xf6,0xa1,0x3e,0x5d,0xf3,0x3c,0xe4,0xb3,0x3c,0x45,0xde,0xe4, - 0xa5,0xea,0xe8,0x8b,0xe6,0x35,0x6e,0xd3,0xd5,0xe8,0x77,0xf1,0x35,0x64,0xa3,0xa5, - 0xcb,0x91,0xfa,0xb1,0xf2,0x0c,0xba,0xb6,0xd1,0xc6,0xd1,0x58,0x20,0xbd,0xba,0x73, + 0xf1, 0x95, 0xd8, 0xbe, 0xc1, 0x0e, 0xd1, 0xdb, 0xd5, 0x7b, 0x5f, + 0xa2, 0x40, 0xbd, 0xa1, 0xb8, 0x85, 0xee, 0xe7, 0x33, 0xf6, 0xa1, + 0x3e, 0x5d, 0xf3, 0x3c, 0xe4, 0xb3, 0x3c, 0x45, 0xde, 0xe4, 0xa5, + 0xea, 0xe8, 0x8b, 0xe6, 0x35, 0x6e, 0xd3, 0xd5, 0xe8, 0x77, 0xf1, + 0x35, 0x64, 0xa3, 0xa5, 0xcb, 0x91, 0xfa, 0xb1, 0xf2, 0x0c, 0xba, + 0xb6, 0xd1, 0xc6, 0xd1, 0x58, 0x20, 0xbd, 0xba, 0x73, }; static const unsigned char Em_ctr[] = { /* CTR test vectors from GOST R 34.13-2015 A.2.2 */ - 0x4e,0x98,0x11,0x0c,0x97,0xb7,0xb9,0x3c,0x3e,0x25,0x0d,0x93,0xd6,0xe8,0x5d,0x69, - 0x13,0x6d,0x86,0x88,0x07,0xb2,0xdb,0xef,0x56,0x8e,0xb6,0x80,0xab,0x52,0xa1,0x2d, + 0x4e, 0x98, 0x11, 0x0c, 0x97, 0xb7, 0xb9, 0x3c, 0x3e, 0x25, 0x0d, + 0x93, 0xd6, 0xe8, 0x5d, 0x69, 0x13, 0x6d, 0x86, 0x88, 0x07, 0xb2, + 0xdb, 0xef, 0x56, 0x8e, 0xb6, 0x80, 0xab, 0x52, 0xa1, 0x2d, }; static const unsigned char E_acpkm[] = { - 0xF1,0x95,0xD8,0xBE,0xC1,0x0E,0xD1,0xDB,0xD5,0x7B,0x5F,0xA2,0x40,0xBD,0xA1,0xB8, - 0x85,0xEE,0xE7,0x33,0xF6,0xA1,0x3E,0x5D,0xF3,0x3C,0xE4,0xB3,0x3C,0x45,0xDE,0xE4, - 0x4B,0xCE,0xEB,0x8F,0x64,0x6F,0x4C,0x55,0x00,0x17,0x06,0x27,0x5E,0x85,0xE8,0x00, - 0x58,0x7C,0x4D,0xF5,0x68,0xD0,0x94,0x39,0x3E,0x48,0x34,0xAF,0xD0,0x80,0x50,0x46, - 0xCF,0x30,0xF5,0x76,0x86,0xAE,0xEC,0xE1,0x1C,0xFC,0x6C,0x31,0x6B,0x8A,0x89,0x6E, - 0xDF,0xFD,0x07,0xEC,0x81,0x36,0x36,0x46,0x0C,0x4F,0x3B,0x74,0x34,0x23,0x16,0x3E, - 0x64,0x09,0xA9,0xC2,0x82,0xFA,0xC8,0xD4,0x69,0xD2,0x21,0xE7,0xFB,0xD6,0xDE,0x5D, + 0xF1, 0x95, 0xD8, 0xBE, 0xC1, 0x0E, 0xD1, 0xDB, 0xD5, 0x7B, 0x5F, 0xA2, + 0x40, 0xBD, 0xA1, 0xB8, 0x85, 0xEE, 0xE7, 0x33, 0xF6, 0xA1, 0x3E, 0x5D, + 0xF3, 0x3C, 0xE4, 0xB3, 0x3C, 0x45, 0xDE, 0xE4, 0x4B, 0xCE, 0xEB, 0x8F, + 0x64, 0x6F, 0x4C, 0x55, 0x00, 0x17, 0x06, 0x27, 0x5E, 0x85, 0xE8, 0x00, + 0x58, 0x7C, 0x4D, 0xF5, 0x68, 0xD0, 0x94, 0x39, 0x3E, 0x48, 0x34, 0xAF, + 0xD0, 0x80, 0x50, 0x46, 0xCF, 0x30, 0xF5, 0x76, 0x86, 0xAE, 0xEC, 0xE1, + 0x1C, 0xFC, 0x6C, 0x31, 0x6B, 0x8A, 0x89, 0x6E, 0xDF, 0xFD, 0x07, 0xEC, + 0x81, 0x36, 0x36, 0x46, 0x0C, 0x4F, 0x3B, 0x74, 0x34, 0x23, 0x16, 0x3E, + 0x64, 0x09, 0xA9, 0xC2, 0x82, 0xFA, 0xC8, 0xD4, 0x69, 0xD2, 0x21, 0xE7, + 0xFB, 0xD6, 0xDE, 0x5D, }; /* Test vector from R 23565.1.017-2018 A.4.2. * Key material from ACPKM-Master(K,768,3) for OMAC-ACPKM. */ static const unsigned char E_acpkm_master[] = { - 0x0C,0xAB,0xF1,0xF2,0xEF,0xBC,0x4A,0xC1,0x60,0x48,0xDF,0x1A,0x24,0xC6,0x05,0xB2, - 0xC0,0xD1,0x67,0x3D,0x75,0x86,0xA8,0xEC,0x0D,0xD4,0x2C,0x45,0xA4,0xF9,0x5B,0xAE, - 0x0F,0x2E,0x26,0x17,0xE4,0x71,0x48,0x68,0x0F,0xC3,0xE6,0x17,0x8D,0xF2,0xC1,0x37, - 0xC9,0xDD,0xA8,0x9C,0xFF,0xA4,0x91,0xFE,0xAD,0xD9,0xB3,0xEA,0xB7,0x03,0xBB,0x31, - 0xBC,0x7E,0x92,0x7F,0x04,0x94,0x72,0x9F,0x51,0xB4,0x9D,0x3D,0xF9,0xC9,0x46,0x08, - 0x00,0xFB,0xBC,0xF5,0xED,0xEE,0x61,0x0E,0xA0,0x2F,0x01,0x09,0x3C,0x7B,0xC7,0x42, - 0xD7,0xD6,0x27,0x15,0x01,0xB1,0x77,0x77,0x52,0x63,0xC2,0xA3,0x49,0x5A,0x83,0x18, - 0xA8,0x1C,0x79,0xA0,0x4F,0x29,0x66,0x0E,0xA3,0xFD,0xA8,0x74,0xC6,0x30,0x79,0x9E, - 0x14,0x2C,0x57,0x79,0x14,0xFE,0xA9,0x0D,0x3B,0xC2,0x50,0x2E,0x83,0x36,0x85,0xD9, + 0x0C, 0xAB, 0xF1, 0xF2, 0xEF, 0xBC, 0x4A, 0xC1, 0x60, 0x48, 0xDF, 0x1A, + 0x24, 0xC6, 0x05, 0xB2, 0xC0, 0xD1, 0x67, 0x3D, 0x75, 0x86, 0xA8, 0xEC, + 0x0D, 0xD4, 0x2C, 0x45, 0xA4, 0xF9, 0x5B, 0xAE, 0x0F, 0x2E, 0x26, 0x17, + 0xE4, 0x71, 0x48, 0x68, 0x0F, 0xC3, 0xE6, 0x17, 0x8D, 0xF2, 0xC1, 0x37, + 0xC9, 0xDD, 0xA8, 0x9C, 0xFF, 0xA4, 0x91, 0xFE, 0xAD, 0xD9, 0xB3, 0xEA, + 0xB7, 0x03, 0xBB, 0x31, 0xBC, 0x7E, 0x92, 0x7F, 0x04, 0x94, 0x72, 0x9F, + 0x51, 0xB4, 0x9D, 0x3D, 0xF9, 0xC9, 0x46, 0x08, 0x00, 0xFB, 0xBC, 0xF5, + 0xED, 0xEE, 0x61, 0x0E, 0xA0, 0x2F, 0x01, 0x09, 0x3C, 0x7B, 0xC7, 0x42, + 0xD7, 0xD6, 0x27, 0x15, 0x01, 0xB1, 0x77, 0x77, 0x52, 0x63, 0xC2, 0xA3, + 0x49, 0x5A, 0x83, 0x18, 0xA8, 0x1C, 0x79, 0xA0, 0x4F, 0x29, 0x66, 0x0E, + 0xA3, 0xFD, 0xA8, 0x74, 0xC6, 0x30, 0x79, 0x9E, 0x14, 0x2C, 0x57, 0x79, + 0x14, 0xFE, 0xA9, 0x0D, 0x3B, 0xC2, 0x50, 0x2E, 0x83, 0x36, 0x85, 0xD9, }; -static const unsigned char P_acpkm_master[sizeof(E_acpkm_master)] = { 0 }; +static const unsigned char P_acpkm_master[sizeof(E_acpkm_master)] = {0}; /* * Other modes (ofb, cbc, cfb) is impossible to test to match GOST R * 34.13-2015 test vectors exactly, due to these vectors having exceeding @@ -149,44 +171,55 @@ static const unsigned char P_acpkm_master[sizeof(E_acpkm_master)] = { 0 }; */ static const unsigned char E_ofb[] = { /* OFB test vector generated from canonical implementation */ - 0x81,0x80,0x0a,0x59,0xb1,0x84,0x2b,0x24,0xff,0x1f,0x79,0x5e,0x89,0x7a,0xbd,0x95, - 0x77,0x91,0x46,0xdb,0x2d,0x93,0xa9,0x4e,0xd9,0x3c,0xf6,0x8b,0x32,0x39,0x7f,0x19, - 0xe9,0x3c,0x9e,0x57,0x44,0x1d,0x87,0x05,0x45,0xf2,0x40,0x36,0xa5,0x8c,0xee,0xa3, - 0xcf,0x3f,0x00,0x61,0xd5,0x64,0x23,0x54,0x5b,0x96,0x0d,0x86,0x4c,0xc8,0x68,0xda, + 0x81, 0x80, 0x0a, 0x59, 0xb1, 0x84, 0x2b, 0x24, 0xff, 0x1f, 0x79, + 0x5e, 0x89, 0x7a, 0xbd, 0x95, 0x77, 0x91, 0x46, 0xdb, 0x2d, 0x93, + 0xa9, 0x4e, 0xd9, 0x3c, 0xf6, 0x8b, 0x32, 0x39, 0x7f, 0x19, 0xe9, + 0x3c, 0x9e, 0x57, 0x44, 0x1d, 0x87, 0x05, 0x45, 0xf2, 0x40, 0x36, + 0xa5, 0x8c, 0xee, 0xa3, 0xcf, 0x3f, 0x00, 0x61, 0xd5, 0x64, 0x23, + 0x54, 0x5b, 0x96, 0x0d, 0x86, 0x4c, 0xc8, 0x68, 0xda, }; static const unsigned char E_cbc[] = { /* CBC test vector generated from canonical implementation */ - 0x68,0x99,0x72,0xd4,0xa0,0x85,0xfa,0x4d,0x90,0xe5,0x2e,0x3d,0x6d,0x7d,0xcc,0x27, - 0xab,0xf1,0x70,0xb2,0xb2,0x26,0xc3,0x01,0x0c,0xcf,0xa1,0x36,0xd6,0x59,0xcd,0xaa, - 0xca,0x71,0x92,0x72,0xab,0x1d,0x43,0x8e,0x15,0x50,0x7d,0x52,0x1e,0xcd,0x55,0x22, - 0xe0,0x11,0x08,0xff,0x8d,0x9d,0x3a,0x6d,0x8c,0xa2,0xa5,0x33,0xfa,0x61,0x4e,0x71, + 0x68, 0x99, 0x72, 0xd4, 0xa0, 0x85, 0xfa, 0x4d, 0x90, 0xe5, 0x2e, + 0x3d, 0x6d, 0x7d, 0xcc, 0x27, 0xab, 0xf1, 0x70, 0xb2, 0xb2, 0x26, + 0xc3, 0x01, 0x0c, 0xcf, 0xa1, 0x36, 0xd6, 0x59, 0xcd, 0xaa, 0xca, + 0x71, 0x92, 0x72, 0xab, 0x1d, 0x43, 0x8e, 0x15, 0x50, 0x7d, 0x52, + 0x1e, 0xcd, 0x55, 0x22, 0xe0, 0x11, 0x08, 0xff, 0x8d, 0x9d, 0x3a, + 0x6d, 0x8c, 0xa2, 0xa5, 0x33, 0xfa, 0x61, 0x4e, 0x71, }; static const unsigned char E_cfb[] = { /* CFB test vector generated from canonical implementation */ - 0x81,0x80,0x0a,0x59,0xb1,0x84,0x2b,0x24,0xff,0x1f,0x79,0x5e,0x89,0x7a,0xbd,0x95, - 0x68,0xc1,0xb9,0x9c,0x4d,0xf5,0x9c,0xc7,0x95,0x1e,0x37,0x39,0xb5,0xb3,0xcd,0xbf, - 0x07,0x3f,0x4d,0xd2,0xd6,0xde,0xb3,0xcf,0xb0,0x26,0x54,0x5f,0x7a,0xf1,0xd8,0xe8, - 0xe1,0xc8,0x52,0xe9,0xa8,0x56,0x71,0x62,0xdb,0xb5,0xda,0x7f,0x66,0xde,0xa9,0x26, + 0x81, 0x80, 0x0a, 0x59, 0xb1, 0x84, 0x2b, 0x24, 0xff, 0x1f, 0x79, + 0x5e, 0x89, 0x7a, 0xbd, 0x95, 0x68, 0xc1, 0xb9, 0x9c, 0x4d, 0xf5, + 0x9c, 0xc7, 0x95, 0x1e, 0x37, 0x39, 0xb5, 0xb3, 0xcd, 0xbf, 0x07, + 0x3f, 0x4d, 0xd2, 0xd6, 0xde, 0xb3, 0xcf, 0xb0, 0x26, 0x54, 0x5f, + 0x7a, 0xf1, 0xd8, 0xe8, 0xe1, 0xc8, 0x52, 0xe9, 0xa8, 0x56, 0x71, + 0x62, 0xdb, 0xb5, 0xda, 0x7f, 0x66, 0xde, 0xa9, 0x26, }; static const unsigned char Em_cbc[] = { /* 28147-89 CBC test vector generated from canonical implementation */ - 0x96,0xd1,0xb0,0x5e,0xea,0x68,0x39,0x19,0xf3,0x96,0xb7,0x8c,0x1d,0x47,0xbb,0x61, - 0x61,0x83,0xe2,0xcc,0xa9,0x76,0xa4,0xba,0xbe,0x9c,0xe8,0x7d,0x6f,0xa7,0x3c,0xf2, + 0x96, 0xd1, 0xb0, 0x5e, 0xea, 0x68, 0x39, 0x19, 0xf3, 0x96, 0xb7, + 0x8c, 0x1d, 0x47, 0xbb, 0x61, 0x61, 0x83, 0xe2, 0xcc, 0xa9, 0x76, + 0xa4, 0xba, 0xbe, 0x9c, 0xe8, 0x7d, 0x6f, 0xa7, 0x3c, 0xf2, }; /* IV is half CNT size. */ -static const unsigned char iv_ctr[] = { 0x12,0x34,0x56,0x78,0x90,0xab,0xce,0xf0 }; +static const unsigned char iv_ctr[] = { + 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xce, 0xf0}; /* Third of IV from GOST R 34.13-2015 А.2.4 (Impossible to use full 192-bit IV.) */ -static const unsigned char iv_cbc[] = { 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef }; +static const unsigned char iv_cbc[] = { + 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef}; /* Truncated to 128-bits IV from GOST examples. */ -static const unsigned char iv_128bit[] = { 0x12,0x34,0x56,0x78,0x90,0xab,0xce,0xf0, - 0xa1,0xb2,0xc3,0xd4,0xe5,0xf0,0x01,0x12 }; +static const unsigned char iv_128bit[] = { + 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xce, 0xf0, + 0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0xf0, 0x01, 0x12}; /* Universal IV for ACPKM-Master. */ -static const unsigned char iv_acpkm_m[] = { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff }; +static const unsigned char iv_acpkm_m[] = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; static struct testcase { const char *algname; - int block; /* Actual underlying block size (bytes). */ + int block; /* Actual underlying block size (bytes). */ int stream; /* Stream cipher. */ const unsigned char *plaintext; const unsigned char *key; @@ -197,112 +230,109 @@ static struct testcase { int acpkm; } testcases[] = { { - .algname = SN_grasshopper_ecb, - .block = 16, - .plaintext = P, - .key = K, - .expected = E_ecb, - .size = sizeof(P), + .algname = SN_grasshopper_ecb, + .block = 16, + .plaintext = P, + .key = K, + .expected = E_ecb, + .size = sizeof(P), }, { - .algname = SN_grasshopper_ctr, - .block = 16, - .stream = 1, - .plaintext = P, - .key = K, - .expected = E_ctr, - .size = sizeof(P), - .iv = iv_ctr, - .iv_size = sizeof(iv_ctr), + .algname = SN_grasshopper_ctr, + .block = 16, + .stream = 1, + .plaintext = P, + .key = K, + .expected = E_ctr, + .size = sizeof(P), + .iv = iv_ctr, + .iv_size = sizeof(iv_ctr), }, { - .algname = SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, - .block = 16, - .stream = 1, - .plaintext = P, - .key = K, - .expected = E_ctr, - .size = sizeof(P), - .iv = iv_ctr, - .iv_size = sizeof(iv_ctr), - /* no acpkm works same as ctr */ + .algname = SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, + .block = 16, + .stream = 1, + .plaintext = P, + .key = K, + .expected = E_ctr, + .size = sizeof(P), + .iv = iv_ctr, + .iv_size = sizeof(iv_ctr), + /* no acpkm works same as ctr */ }, { - .algname = SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, - .block = 16, - .stream = 1, - .plaintext = P_acpkm, - .key = K, - .expected = E_acpkm, - .size = sizeof(P_acpkm), - .iv = iv_ctr, - .iv_size = sizeof(iv_ctr), - .acpkm = 256 / 8, + .algname = SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, + .block = 16, + .stream = 1, + .plaintext = P_acpkm, + .key = K, + .expected = E_acpkm, + .size = sizeof(P_acpkm), + .iv = iv_ctr, + .iv_size = sizeof(iv_ctr), + .acpkm = 256 / 8, }, + {.algname = SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, + .block = 16, + .plaintext = P_acpkm_master, + .key = K, + .expected = E_acpkm_master, + .size = sizeof(P_acpkm_master), + .iv = iv_acpkm_m, + .iv_size = sizeof(iv_acpkm_m), + .acpkm = 768 / 8}, { - .algname = SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, - .block = 16, - .plaintext = P_acpkm_master, - .key = K, - .expected = E_acpkm_master, - .size = sizeof(P_acpkm_master), - .iv = iv_acpkm_m, - .iv_size = sizeof(iv_acpkm_m), - .acpkm = 768 / 8 + .algname = SN_grasshopper_ofb, + .block = 16, + .stream = 1, + .plaintext = P, + .key = K, + .expected = E_ofb, + .size = sizeof(P), + .iv = iv_128bit, + .iv_size = sizeof(iv_128bit), }, { - .algname = SN_grasshopper_ofb, - .block = 16, - .stream = 1, - .plaintext = P, - .key = K, - .expected = E_ofb, - .size = sizeof(P), - .iv = iv_128bit, - .iv_size = sizeof(iv_128bit), + .algname = SN_grasshopper_cbc, + .block = 16, + .plaintext = P, + .key = K, + .expected = E_cbc, + .size = sizeof(P), + .iv = iv_128bit, + .iv_size = sizeof(iv_128bit), }, { - .algname = SN_grasshopper_cbc, - .block = 16, - .plaintext = P, - .key = K, - .expected = E_cbc, - .size = sizeof(P), - .iv = iv_128bit, - .iv_size = sizeof(iv_128bit), + .algname = SN_grasshopper_cfb, + .block = 16, + .plaintext = P, + .key = K, + .expected = E_cfb, + .size = sizeof(P), + .iv = iv_128bit, + .iv_size = sizeof(iv_128bit), }, { - .algname = SN_grasshopper_cfb, - .block = 16, - .plaintext = P, - .key = K, - .expected = E_cfb, - .size = sizeof(P), - .iv = iv_128bit, - .iv_size = sizeof(iv_128bit), + .algname = SN_magma_ctr, + .block = 8, + .plaintext = Pm, + .key = Km, + .expected = Em_ctr, + .size = sizeof(Pm), + .iv = iv_ctr, + .iv_size = sizeof(iv_ctr) / 2, }, { - .algname = SN_magma_ctr, - .block = 8, - .plaintext = Pm, - .key = Km, - .expected = Em_ctr, - .size = sizeof(Pm), - .iv = iv_ctr, - .iv_size = sizeof(iv_ctr) / 2, + .algname = SN_magma_cbc, + .block = 8, + .plaintext = Pm, + .key = Km, + .expected = Em_cbc, + .size = sizeof(Pm), + .iv = iv_cbc, + .iv_size = sizeof(iv_cbc), }, - { - .algname = SN_magma_cbc, - .block = 8, - .plaintext = Pm, - .key = Km, - .expected = Em_cbc, - .size = sizeof(Pm), - .iv = iv_cbc, - .iv_size = sizeof(iv_cbc), - }, - { 0 } -}; + {0}}; static void hexdump(const void *ptr, size_t len) { @@ -310,93 +340,95 @@ static void hexdump(const void *ptr, size_t len) size_t i, j; for (i = 0; i < len; i += j) { - for (j = 0; j < 16 && i + j < len; j++) - printf("%s%02x", j? "" : " ", p[i + j]); + for (j = 0; j < 16 && i + j < len; j++) + printf("%s%02x", j ? "" : " ", p[i + j]); } printf("\n"); } -static int test_block(const EVP_CIPHER *type, const char *name, int block_size, - const unsigned char *pt, const unsigned char *key, const unsigned char *exp, - const size_t size, const unsigned char *iv, size_t iv_size, int acpkm, - int inplace) +static int +test_block(const EVP_CIPHER *type, const char *name, int block_size, + const unsigned char *pt, const unsigned char *key, + const unsigned char *exp, const size_t size, const unsigned char *iv, + size_t iv_size, int acpkm, int inplace) { EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); - const char *standard = acpkm? "R 23565.1.017-2018" : "GOST R 34.13-2015"; + const char *standard = acpkm ? "R 23565.1.017-2018" : "GOST R 34.13-2015"; unsigned char *c = alloca(size); int outlen, tmplen; int ret = 0, test; OPENSSL_assert(ctx); printf("Encryption test from %s [%s] %s: ", standard, name, - inplace ? "in-place" : "out-of-place"); + inplace ? "in-place" : "out-of-place"); T(EVP_CIPHER_iv_length(type) == iv_size); if (EVP_CIPHER_block_size(type) == 1) { - /* Cannot test block size, but can report it's stream cipher. */ - printf("stream: "); + /* Cannot test block size, but can report it's stream cipher. */ + printf("stream: "); } else - T(EVP_CIPHER_block_size(type) == block_size); + T(EVP_CIPHER_block_size(type) == block_size); /* test with single big chunk */ EVP_CIPHER_CTX_init(ctx); T(EVP_CipherInit_ex(ctx, type, NULL, key, iv, 1)); T(EVP_CIPHER_CTX_set_padding(ctx, 0)); if (inplace) - memcpy(c, pt, size); + memcpy(c, pt, size); else - memset(c, 0, size); + memset(c, 0, size); if (acpkm) { - if (EVP_CIPHER_get0_provider(type) != NULL) { - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - size_t v = (size_t)acpkm; - - params[0] = OSSL_PARAM_construct_size_t("key-mesh", &v); - T(EVP_CIPHER_CTX_set_params(ctx, params)); - } else { - T(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_KEY_MESH, acpkm, NULL)); - } + if (EVP_CIPHER_get0_provider(type) != NULL) { + OSSL_PARAM params[] = {OSSL_PARAM_END, OSSL_PARAM_END}; + size_t v = (size_t)acpkm; + + params[0] = OSSL_PARAM_construct_size_t("key-mesh", &v); + T(EVP_CIPHER_CTX_set_params(ctx, params)); + } else { + T(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_KEY_MESH, acpkm, NULL)); + } } - T(EVP_CipherUpdate(ctx, c, &outlen, inplace? c : pt, size)); + T(EVP_CipherUpdate(ctx, c, &outlen, inplace ? c : pt, size)); T(EVP_CipherFinal_ex(ctx, c + outlen, &tmplen)); EVP_CIPHER_CTX_cleanup(ctx); TEST_ASSERT(outlen != size || memcmp(c, exp, size)); if (test) { - printf(" c[%d] = ", outlen); - hexdump(c, outlen); + printf(" c[%d] = ", outlen); + hexdump(c, outlen); } ret |= test; /* test with small chunks of block size */ printf("Chunked encryption test from %s [%s] %s: ", standard, name, - inplace ? "in-place" : "out-of-place"); + inplace ? "in-place" : "out-of-place"); int blocks = size / block_size; int z; EVP_CIPHER_CTX_init(ctx); T(EVP_CipherInit_ex(ctx, type, NULL, key, iv, 1)); T(EVP_CIPHER_CTX_set_padding(ctx, 0)); if (inplace) - memcpy(c, pt, size); + memcpy(c, pt, size); else - memset(c, 0, size); + memset(c, 0, size); if (acpkm) { - if (EVP_CIPHER_get0_provider(type) != NULL) { - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - size_t v = (size_t)acpkm; - - params[0] = OSSL_PARAM_construct_size_t("key-mesh", &v); - T(EVP_CIPHER_CTX_set_params(ctx, params)); - } else { - T(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_KEY_MESH, acpkm, NULL)); - } + if (EVP_CIPHER_get0_provider(type) != NULL) { + OSSL_PARAM params[] = {OSSL_PARAM_END, OSSL_PARAM_END}; + size_t v = (size_t)acpkm; + + params[0] = OSSL_PARAM_construct_size_t("key-mesh", &v); + T(EVP_CIPHER_CTX_set_params(ctx, params)); + } else { + T(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_KEY_MESH, acpkm, NULL)); + } } for (z = 0; z < blocks; z++) { - int offset = z * block_size; - int sz = block_size; + int offset = z * block_size; + int sz = block_size; - T(EVP_CipherUpdate(ctx, c + offset, &outlen, (inplace ? c : pt) + offset, sz)); + T(EVP_CipherUpdate( + ctx, c + offset, &outlen, (inplace ? c : pt) + offset, sz)); } outlen = z * block_size; T(EVP_CipherFinal_ex(ctx, c + outlen, &tmplen)); @@ -404,31 +436,31 @@ static int test_block(const EVP_CIPHER *type, const char *name, int block_size, TEST_ASSERT(outlen != size || memcmp(c, exp, size)); if (test) { - printf(" c[%d] = ", outlen); - hexdump(c, outlen); + printf(" c[%d] = ", outlen); + hexdump(c, outlen); } ret |= test; /* test with single big chunk */ printf("Decryption test from %s [%s] %s: ", standard, name, - inplace ? "in-place" : "out-of-place"); + inplace ? "in-place" : "out-of-place"); EVP_CIPHER_CTX_init(ctx); T(EVP_CipherInit_ex(ctx, type, NULL, key, iv, 0)); T(EVP_CIPHER_CTX_set_padding(ctx, 0)); if (inplace) - memcpy(c, exp, size); + memcpy(c, exp, size); else - memset(c, 0, size); + memset(c, 0, size); if (acpkm) { - if (EVP_CIPHER_get0_provider(type) != NULL) { - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - size_t v = (size_t)acpkm; - - params[0] = OSSL_PARAM_construct_size_t("key-mesh", &v); - T(EVP_CIPHER_CTX_set_params(ctx, params)); - } else { - T(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_KEY_MESH, acpkm, NULL)); - } + if (EVP_CIPHER_get0_provider(type) != NULL) { + OSSL_PARAM params[] = {OSSL_PARAM_END, OSSL_PARAM_END}; + size_t v = (size_t)acpkm; + + params[0] = OSSL_PARAM_construct_size_t("key-mesh", &v); + T(EVP_CIPHER_CTX_set_params(ctx, params)); + } else { + T(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_KEY_MESH, acpkm, NULL)); + } } T(EVP_CipherUpdate(ctx, c, &outlen, inplace ? c : exp, size)); T(EVP_CipherFinal_ex(ctx, c + outlen, &tmplen)); @@ -437,20 +469,21 @@ static int test_block(const EVP_CIPHER *type, const char *name, int block_size, TEST_ASSERT(outlen != size || memcmp(c, pt, size)); if (test) { - printf(" d[%d] = ", outlen); - hexdump(c, outlen); + printf(" d[%d] = ", outlen); + hexdump(c, outlen); } ret |= test; return ret; } -static int test_stream(const EVP_CIPHER *type, const char *name, - const unsigned char *pt, const unsigned char *key, const unsigned char *exp, - const size_t size, const unsigned char *iv, size_t iv_size, int acpkm) +static int test_stream( + const EVP_CIPHER *type, const char *name, const unsigned char *pt, + const unsigned char *key, const unsigned char *exp, const size_t size, + const unsigned char *iv, size_t iv_size, int acpkm) { EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); - const char *standard = acpkm? "R 23565.1.017-2018" : "GOST R 34.13-2015"; + const char *standard = acpkm ? "R 23565.1.017-2018" : "GOST R 34.13-2015"; unsigned char *c = alloca(size); int ret = 0, test; int z; @@ -463,40 +496,40 @@ static int test_stream(const EVP_CIPHER *type, const char *name, T(EVP_CIPHER_block_size(type) == 1); for (z = 1; z <= size; z++) { - int outlen, tmplen; - int sz = 0; - int i; - - EVP_CIPHER_CTX_init(ctx); - T(EVP_CipherInit_ex(ctx, type, NULL, key, iv, 1)); - T(EVP_CIPHER_CTX_set_padding(ctx, 0)); - memset(c, 0xff, size); - if (acpkm) { - if (EVP_CIPHER_get0_provider(type) != NULL) { - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - size_t v = (size_t)acpkm; - - params[0] = OSSL_PARAM_construct_size_t("key-mesh", &v); - T(EVP_CIPHER_CTX_set_params(ctx, params)); - } else { - T(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_KEY_MESH, acpkm, NULL)); - } - } - for (i = 0; i < size; i += z) { - if (i + z > size) - sz = size - i; - else - sz = z; - T(EVP_CipherUpdate(ctx, c + i, &outlen, pt + i, sz)); - OPENSSL_assert(outlen == sz); - } - outlen = i - z + sz; - T(EVP_CipherFinal_ex(ctx, c + outlen, &tmplen)); - EVP_CIPHER_CTX_cleanup(ctx); - - test = outlen != size || memcmp(c, exp, size); - printf("%c", test ? 'E' : '+'); - ret |= test; + int outlen, tmplen; + int sz = 0; + int i; + + EVP_CIPHER_CTX_init(ctx); + T(EVP_CipherInit_ex(ctx, type, NULL, key, iv, 1)); + T(EVP_CIPHER_CTX_set_padding(ctx, 0)); + memset(c, 0xff, size); + if (acpkm) { + if (EVP_CIPHER_get0_provider(type) != NULL) { + OSSL_PARAM params[] = {OSSL_PARAM_END, OSSL_PARAM_END}; + size_t v = (size_t)acpkm; + + params[0] = OSSL_PARAM_construct_size_t("key-mesh", &v); + T(EVP_CIPHER_CTX_set_params(ctx, params)); + } else { + T(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_KEY_MESH, acpkm, NULL)); + } + } + for (i = 0; i < size; i += z) { + if (i + z > size) + sz = size - i; + else + sz = z; + T(EVP_CipherUpdate(ctx, c + i, &outlen, pt + i, sz)); + OPENSSL_assert(outlen == sz); + } + outlen = i - z + sz; + T(EVP_CipherFinal_ex(ctx, c + outlen, &tmplen)); + EVP_CIPHER_CTX_cleanup(ctx); + + test = outlen != size || memcmp(c, exp, size); + printf("%c", test ? 'E' : '+'); + ret |= test; } printf("\n"); TEST_ASSERT(ret); @@ -530,7 +563,8 @@ void warn_if_untested(const EVP_CIPHER *ciph, void *provider) if (EVP_CIPHER_is_a(ciph, t->algname)) break; if (!t->algname) - printf(cMAGENT "Cipher %s is untested!" cNORM "\n", EVP_CIPHER_name(ciph)); + printf(cMAGENT "Cipher %s is untested!" cNORM "\n", + EVP_CIPHER_name(ciph)); } void warn_all_untested(void) @@ -555,9 +589,8 @@ void warn_all_untested(void) OSSL_PROVIDER *prov; T(prov = OSSL_PROVIDER_load(NULL, "gostprov")); - EVP_CIPHER_do_all_provided(NULL, - (void (*)(EVP_CIPHER *, void *))warn_if_untested, - prov); + EVP_CIPHER_do_all_provided( + NULL, (void (*)(EVP_CIPHER *, void *))warn_if_untested, prov); OSSL_PROVIDER_unload(prov); } @@ -575,34 +608,35 @@ int main(int argc, char **argv) OPENSSL_add_all_algorithms_conf(); for (t = testcases; t->algname; t++) { - int inplace; - const char *standard = t->acpkm? "R 23565.1.017-2018" : "GOST R 34.13-2015"; - - EVP_CIPHER *ciph; - - ERR_set_mark(); - T((ciph = (EVP_CIPHER *)EVP_get_cipherbyname(t->algname)) - || (ciph = EVP_CIPHER_fetch(NULL, t->algname, NULL))); - ERR_pop_to_mark(); - - printf(cBLUE "# Tests for %s [%s]" cNORM "\n", t->algname, standard); - for (inplace = 0; inplace <= 1; inplace++) - ret |= test_block(ciph, t->algname, t->block, - t->plaintext, t->key, t->expected, t->size, - t->iv, t->iv_size, t->acpkm, inplace); - if (t->stream) - ret |= test_stream(ciph, t->algname, - t->plaintext, t->key, t->expected, t->size, - t->iv, t->iv_size, t->acpkm); - - EVP_CIPHER_free(ciph); + int inplace; + const char *standard = + t->acpkm ? "R 23565.1.017-2018" : "GOST R 34.13-2015"; + + EVP_CIPHER *ciph; + + ERR_set_mark(); + T((ciph = (EVP_CIPHER *)EVP_get_cipherbyname(t->algname)) + || (ciph = EVP_CIPHER_fetch(NULL, t->algname, NULL))); + ERR_pop_to_mark(); + + printf(cBLUE "# Tests for %s [%s]" cNORM "\n", t->algname, standard); + for (inplace = 0; inplace <= 1; inplace++) + ret |= test_block( + ciph, t->algname, t->block, t->plaintext, t->key, t->expected, + t->size, t->iv, t->iv_size, t->acpkm, inplace); + if (t->stream) + ret |= + test_stream(ciph, t->algname, t->plaintext, t->key, t->expected, + t->size, t->iv, t->iv_size, t->acpkm); + + EVP_CIPHER_free(ciph); } warn_all_untested(); if (ret) - printf(cDRED "= Some tests FAILED!" cNORM "\n"); + printf(cDRED "= Some tests FAILED!" cNORM "\n"); else - printf(cDGREEN "= All tests passed!" cNORM "\n"); + printf(cDGREEN "= All tests passed!" cNORM "\n"); return ret; } diff --git a/test_context.c b/test_context.c index d9ef57926..3a502cdb9 100644 --- a/test_context.c +++ b/test_context.c @@ -10,33 +10,36 @@ # include # pragma warning(pop) #endif +#include #include +#include #include #include -#include -#include #include #ifndef EVP_MD_CTRL_SET_KEY # include "gost_lcl.h" #endif -#define T(e) \ - if (!(e)) { \ - ERR_print_errors_fp(stderr); \ - OpenSSLDie(__FILE__, __LINE__, #e); \ - } - -#define cRED "\033[1;31m" -#define cDRED "\033[0;31m" -#define cGREEN "\033[1;32m" -#define cDGREEN "\033[0;32m" -#define cBLUE "\033[1;34m" -#define cDBLUE "\033[0;34m" -#define cNORM "\033[m" -#define TEST_ASSERT(e) {if ((test = (e))) \ - printf(cRED " Test FAILED" cNORM "\n"); \ - else \ - printf(cGREEN " Test passed" cNORM "\n");} +#define T(e) \ + if (!(e)) { \ + ERR_print_errors_fp(stderr); \ + OpenSSLDie(__FILE__, __LINE__, #e); \ + } + +#define cRED "\033[1;31m" +#define cDRED "\033[0;31m" +#define cGREEN "\033[1;32m" +#define cDGREEN "\033[0;32m" +#define cBLUE "\033[1;34m" +#define cDBLUE "\033[0;34m" +#define cNORM "\033[m" +#define TEST_ASSERT(e) \ + { \ + if ((test = (e))) \ + printf(cRED " Test FAILED" cNORM "\n"); \ + else \ + printf(cGREEN " Test passed" cNORM "\n"); \ + } static void hexdump(const void *ptr, size_t len) { @@ -44,8 +47,8 @@ static void hexdump(const void *ptr, size_t len) size_t i, j; for (i = 0; i < len; i += j) { - for (j = 0; j < 16 && i + j < len; j++) - printf("%s%02x", j? "" : " ", p[i + j]); + for (j = 0; j < 16 && i + j < len; j++) + printf("%s%02x", j ? "" : " ", p[i + j]); } printf("\n"); } @@ -70,23 +73,23 @@ static int test_contexts_cipher(const char *name, const int enc, int acpkm) || (type = EVP_CIPHER_fetch(NULL, name, NULL))); ERR_pop_to_mark(); - printf(cBLUE "%s test for %s" cNORM "\n", - enc ? "Encryption" : "Decryption", name); + printf(cBLUE "%s test for %s" cNORM "\n", enc ? "Encryption" : "Decryption", + name); /* produce base encryption */ ctx = EVP_CIPHER_CTX_new(); T(ctx); T(EVP_CipherInit_ex(ctx, type, NULL, K, iv, enc)); if (acpkm) { - if (EVP_CIPHER_get0_provider(type) != NULL) { - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - size_t v = (size_t)acpkm; - - params[0] = OSSL_PARAM_construct_size_t("key-mesh", &v); - T(EVP_CIPHER_CTX_set_params(ctx, params)); - } else { - T(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_KEY_MESH, acpkm, NULL)); - } + if (EVP_CIPHER_get0_provider(type) != NULL) { + OSSL_PARAM params[] = {OSSL_PARAM_END, OSSL_PARAM_END}; + size_t v = (size_t)acpkm; + + params[0] = OSSL_PARAM_construct_size_t("key-mesh", &v); + T(EVP_CIPHER_CTX_set_params(ctx, params)); + } else { + T(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_KEY_MESH, acpkm, NULL)); + } } T(EVP_CIPHER_CTX_set_padding(ctx, 0)); T(EVP_CipherUpdate(ctx, b, &outlen, pt, sizeof(b))); @@ -98,15 +101,15 @@ static int test_contexts_cipher(const char *name, const int enc, int acpkm) T(EVP_CipherInit_ex(ctx, type, NULL, K, iv, enc)); T(EVP_CIPHER_CTX_set_padding(ctx, 0)); if (acpkm) { - if (EVP_CIPHER_get0_provider(type) != NULL) { - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - size_t v = (size_t)acpkm; - - params[0] = OSSL_PARAM_construct_size_t("key-mesh", &v); - T(EVP_CIPHER_CTX_set_params(ctx, params)); - } else { - T(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_KEY_MESH, acpkm, NULL)); - } + if (EVP_CIPHER_get0_provider(type) != NULL) { + OSSL_PARAM params[] = {OSSL_PARAM_END, OSSL_PARAM_END}; + size_t v = (size_t)acpkm; + + params[0] = OSSL_PARAM_construct_size_t("key-mesh", &v); + T(EVP_CIPHER_CTX_set_params(ctx, params)); + } else { + T(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_KEY_MESH, acpkm, NULL)); + } } save = ctx; @@ -114,15 +117,15 @@ static int test_contexts_cipher(const char *name, const int enc, int acpkm) int i; memset(c, 0, sizeof(c)); for (i = 0; i < TEST_SIZE / STEP_SIZE; i++) { - EVP_CIPHER_CTX *copy = EVP_CIPHER_CTX_new(); - T(copy); - T(EVP_CIPHER_CTX_copy(copy, ctx)); - if (save != ctx) /* else original context */ - EVP_CIPHER_CTX_free(ctx); - ctx = copy; - - T(EVP_CipherUpdate(ctx, c + STEP_SIZE * i, &outlen, - pt + STEP_SIZE * i, STEP_SIZE)); + EVP_CIPHER_CTX *copy = EVP_CIPHER_CTX_new(); + T(copy); + T(EVP_CIPHER_CTX_copy(copy, ctx)); + if (save != ctx) /* else original context */ + EVP_CIPHER_CTX_free(ctx); + ctx = copy; + + T(EVP_CipherUpdate( + ctx, c + STEP_SIZE * i, &outlen, pt + STEP_SIZE * i, STEP_SIZE)); } outlen = i * STEP_SIZE; @@ -130,10 +133,10 @@ static int test_contexts_cipher(const char *name, const int enc, int acpkm) TEST_ASSERT(outlen != TEST_SIZE || memcmp(c, b, TEST_SIZE)); EVP_CIPHER_CTX_free(ctx); if (test) { - printf(" b[%d] = ", outlen); - hexdump(b, outlen); - printf(" c[%d] = ", outlen); - hexdump(c, outlen); + printf(" b[%d] = ", outlen); + hexdump(b, outlen); + printf(" c[%d] = ", outlen); + hexdump(c, outlen); } ret |= test; @@ -148,10 +151,10 @@ static int test_contexts_cipher(const char *name, const int enc, int acpkm) EVP_CIPHER_CTX_free(save); EVP_CIPHER_free(type); if (test) { - printf(" b[%d] = ", outlen); - hexdump(b, outlen); - printf(" c[%d] = ", outlen); - hexdump(c, outlen); + printf(" b[%d] = ", outlen); + hexdump(b, outlen); + printf(" c[%d] = ", outlen); + hexdump(c, outlen); } ret |= test; @@ -174,7 +177,7 @@ static int test_contexts_digest_or_legacy_mac(const EVP_MD *type, int mac) T(ctx = EVP_MD_CTX_new()); T(EVP_DigestInit_ex(ctx, type, NULL)); if (mac) - T(EVP_MD_CTX_ctrl(ctx, EVP_MD_CTRL_SET_KEY, sizeof(K), (void *)K)); + T(EVP_MD_CTX_ctrl(ctx, EVP_MD_CTRL_SET_KEY, sizeof(K), (void *)K)); T(EVP_DigestUpdate(ctx, pt, sizeof(pt))); T(EVP_DigestFinal_ex(ctx, b, &tmplen)); save = ctx; /* will be not freed while cloning */ @@ -184,22 +187,22 @@ static int test_contexts_digest_or_legacy_mac(const EVP_MD *type, int mac) EVP_MD_CTX_reset(ctx); T(EVP_DigestInit_ex(ctx, type, NULL)); if (mac) - T(EVP_MD_CTX_ctrl(ctx, EVP_MD_CTRL_SET_KEY, sizeof(K), (void *)K)); + T(EVP_MD_CTX_ctrl(ctx, EVP_MD_CTRL_SET_KEY, sizeof(K), (void *)K)); printf(" cloned contexts: "); memset(c, 0, sizeof(c)); int i; for (i = 0; i < TEST_SIZE / STEP_SIZE; i++) { - /* Clone and continue digesting next part of input. */ - EVP_MD_CTX *copy; - T(copy = EVP_MD_CTX_new()); - T(EVP_MD_CTX_copy_ex(copy, ctx)); + /* Clone and continue digesting next part of input. */ + EVP_MD_CTX *copy; + T(copy = EVP_MD_CTX_new()); + T(EVP_MD_CTX_copy_ex(copy, ctx)); - /* rolling */ - if (save != ctx) - EVP_MD_CTX_free(ctx); - ctx = copy; + /* rolling */ + if (save != ctx) + EVP_MD_CTX_free(ctx); + ctx = copy; - T(EVP_DigestUpdate(ctx, pt + STEP_SIZE * i, STEP_SIZE)); + T(EVP_DigestUpdate(ctx, pt + STEP_SIZE * i, STEP_SIZE)); } outlen = i * STEP_SIZE; T(EVP_DigestFinal_ex(ctx, c, &tmplen)); @@ -207,10 +210,10 @@ static int test_contexts_digest_or_legacy_mac(const EVP_MD *type, int mac) TEST_ASSERT(outlen != TEST_SIZE || memcmp(c, b, EVP_MAX_MD_SIZE)); EVP_MD_CTX_free(ctx); if (test) { - printf(" b[%d] = ", outlen); - hexdump(b, outlen); - printf(" c[%d] = ", outlen); - hexdump(c, outlen); + printf(" b[%d] = ", outlen); + hexdump(b, outlen); + printf(" c[%d] = ", outlen); + hexdump(c, outlen); } ret |= test; @@ -222,10 +225,10 @@ static int test_contexts_digest_or_legacy_mac(const EVP_MD *type, int mac) TEST_ASSERT(outlen != TEST_SIZE || memcmp(c, b, EVP_MAX_MD_SIZE)); EVP_MD_CTX_free(save); if (test) { - printf(" b[%d] = ", outlen); - hexdump(b, outlen); - printf(" c[%d] = ", outlen); - hexdump(c, outlen); + printf(" b[%d] = ", outlen); + hexdump(b, outlen); + printf(" c[%d] = ", outlen); + hexdump(c, outlen); } ret |= test; @@ -281,7 +284,7 @@ static int test_contexts_mac(const char *name) T(EVP_MAC_init(ctx, K, sizeof(K), NULL)); int i; for (i = 0; i < TEST_SIZE / STEP_SIZE; i++) { - T(EVP_MAC_update(ctx, pt + STEP_SIZE * i, STEP_SIZE)); + T(EVP_MAC_update(ctx, pt + STEP_SIZE * i, STEP_SIZE)); } outlen = i * STEP_SIZE; T(EVP_MAC_final(ctx, c, &tmplen, sizeof(c))); @@ -293,9 +296,9 @@ static int test_contexts_mac(const char *name) if (test) { printf(" b[%d] = ", (int)outlen); - hexdump(b, outlen); + hexdump(b, outlen); printf(" c[%d] = ", (int)outlen); - hexdump(c, outlen); + hexdump(c, outlen); } ret |= test; @@ -306,35 +309,64 @@ static struct testcase_cipher { const char *name; int acpkm; } testcases_ciphers[] = { - { SN_id_Gost28147_89, }, - { SN_gost89_cnt, }, - { SN_gost89_cnt_12, }, - { SN_gost89_cbc, }, - { SN_grasshopper_ecb, }, - { SN_grasshopper_cbc, }, - { SN_grasshopper_cfb, }, - { SN_grasshopper_ofb, }, - { SN_grasshopper_ctr, }, - { SN_magma_cbc, }, - { SN_magma_ctr, }, - { SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, 256 / 8 }, - { 0 }, + { + SN_id_Gost28147_89, + }, + { + SN_gost89_cnt, + }, + { + SN_gost89_cnt_12, + }, + { + SN_gost89_cbc, + }, + { + SN_grasshopper_ecb, + }, + { + SN_grasshopper_cbc, + }, + { + SN_grasshopper_cfb, + }, + { + SN_grasshopper_ofb, + }, + { + SN_grasshopper_ctr, + }, + { + SN_magma_cbc, + }, + { + SN_magma_ctr, + }, + {SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, 256 / 8}, + {0}, }; static struct testcase_digest { const char *name; int mac; } testcases_digests[] = { - { SN_id_GostR3411_94, }, - { SN_id_Gost28147_89_MAC, 1 }, - { SN_id_GostR3411_2012_256, }, - { SN_id_GostR3411_2012_512, }, - { SN_gost_mac_12, 1 }, - { SN_magma_mac, 1 }, - { SN_grasshopper_mac, 1 }, - { SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, 1 }, - { 0 }, + { + SN_id_GostR3411_94, + }, + {SN_id_Gost28147_89_MAC, 1}, + { + SN_id_GostR3411_2012_256, + }, + { + SN_id_GostR3411_2012_512, + }, + {SN_gost_mac_12, 1}, + {SN_magma_mac, 1}, + {SN_grasshopper_mac, 1}, + {SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, 1}, + {0}, }; + int main(int argc, char **argv) { int ret = 0; @@ -343,8 +375,8 @@ int main(int argc, char **argv) const struct testcase_cipher *tc; for (tc = testcases_ciphers; tc->name; tc++) { - ret |= test_contexts_cipher(tc->name, 1, tc->acpkm); - ret |= test_contexts_cipher(tc->name, 0, tc->acpkm); + ret |= test_contexts_cipher(tc->name, 1, tc->acpkm); + ret |= test_contexts_cipher(tc->name, 0, tc->acpkm); } const struct testcase_digest *td; for (td = testcases_digests; td->name; td++) { @@ -355,8 +387,8 @@ int main(int argc, char **argv) } if (ret) - printf(cDRED "= Some tests FAILED!" cNORM "\n"); + printf(cDRED "= Some tests FAILED!" cNORM "\n"); else - printf(cDGREEN "= All tests passed!" cNORM "\n"); + printf(cDGREEN "= All tests passed!" cNORM "\n"); return ret; } diff --git a/test_curves.c b/test_curves.c index 865ee8d2d..c346491cf 100644 --- a/test_curves.c +++ b/test_curves.c @@ -11,35 +11,37 @@ # pragma warning(pop) #endif #include "gost_lcl.h" -#include -#include -#include + #include -#include -#include #include +#include +#include +#include +#include +#include #include -#define T(e) \ - if (!(e)) { \ - ERR_print_errors_fp(stderr); \ - OpenSSLDie(__FILE__, __LINE__, #e); \ - } +#define T(e) \ + if (!(e)) { \ + ERR_print_errors_fp(stderr); \ + OpenSSLDie(__FILE__, __LINE__, #e); \ + } -#define cRED "\033[1;31m" -#define cDRED "\033[0;31m" -#define cGREEN "\033[1;32m" -#define cDGREEN "\033[0;32m" -#define cBLUE "\033[1;34m" -#define cDBLUE "\033[0;34m" -#define cNORM "\033[m" -#define TEST_ASSERT(e) { \ - test = e; \ - if (test) \ - printf(cRED " Test FAILED" cNORM "\n"); \ - else \ - printf(cGREEN " Test passed" cNORM "\n"); \ -} +#define cRED "\033[1;31m" +#define cDRED "\033[0;31m" +#define cGREEN "\033[1;32m" +#define cDGREEN "\033[0;32m" +#define cBLUE "\033[1;34m" +#define cDBLUE "\033[0;34m" +#define cNORM "\033[m" +#define TEST_ASSERT(e) \ + { \ + test = e; \ + if (test) \ + printf(cRED " Test FAILED" cNORM "\n"); \ + else \ + printf(cGREEN " Test passed" cNORM "\n"); \ + } struct test_curve { int nid; @@ -49,20 +51,43 @@ struct test_curve { static struct test_curve test_curves[] = { #if 2001 - { NID_id_GostR3410_2001_TestParamSet, }, + { + NID_id_GostR3410_2001_TestParamSet, + }, #endif - { NID_id_GostR3410_2001_CryptoPro_A_ParamSet }, - { NID_id_GostR3410_2001_CryptoPro_B_ParamSet }, - { NID_id_GostR3410_2001_CryptoPro_C_ParamSet }, - { NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet }, - { NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet }, - { NID_id_tc26_gost_3410_2012_512_paramSetA, "id-tc26-gost-3410-2012-512-paramSetA", }, - { NID_id_tc26_gost_3410_2012_512_paramSetB, "id-tc26-gost-3410-2012-512-paramSetB", }, - { NID_id_tc26_gost_3410_2012_512_paramSetC, "id-tc26-gost-3410-2012-512-paramSetC", }, - { NID_id_tc26_gost_3410_2012_256_paramSetA, "id-tc26-gost-3410-2012-256-paramSetA", }, - { NID_id_tc26_gost_3410_2012_256_paramSetB, "id-tc26-gost-3410-2012-256-paramSetB", }, - { NID_id_tc26_gost_3410_2012_256_paramSetC, "id-tc26-gost-3410-2012-256-paramSetC", }, - { NID_id_tc26_gost_3410_2012_256_paramSetD, "id-tc26-gost-3410-2012-256-paramSetD", }, + {NID_id_GostR3410_2001_CryptoPro_A_ParamSet}, + {NID_id_GostR3410_2001_CryptoPro_B_ParamSet}, + {NID_id_GostR3410_2001_CryptoPro_C_ParamSet}, + {NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet}, + {NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet}, + { + NID_id_tc26_gost_3410_2012_512_paramSetA, + "id-tc26-gost-3410-2012-512-paramSetA", + }, + { + NID_id_tc26_gost_3410_2012_512_paramSetB, + "id-tc26-gost-3410-2012-512-paramSetB", + }, + { + NID_id_tc26_gost_3410_2012_512_paramSetC, + "id-tc26-gost-3410-2012-512-paramSetC", + }, + { + NID_id_tc26_gost_3410_2012_256_paramSetA, + "id-tc26-gost-3410-2012-256-paramSetA", + }, + { + NID_id_tc26_gost_3410_2012_256_paramSetB, + "id-tc26-gost-3410-2012-256-paramSetB", + }, + { + NID_id_tc26_gost_3410_2012_256_paramSetC, + "id-tc26-gost-3410-2012-256-paramSetC", + }, + { + NID_id_tc26_gost_3410_2012_256_paramSetD, + "id-tc26-gost-3410-2012-256-paramSetD", + }, 0, }; @@ -71,8 +96,8 @@ static struct test_curve *get_test_curve(int nid) int i; for (i = 0; test_curves[i].nid; i++) - if (test_curves[i].nid == nid) - return &test_curves[i]; + if (test_curves[i].nid == nid) + return &test_curves[i]; return NULL; } @@ -91,14 +116,14 @@ static int parameter_test(struct test_curve *tc) printf(cBLUE "Test curve NID %d" cNORM, nid); if (tc->name) - printf(cBLUE ": %s" cNORM, tc->name); + printf(cBLUE ": %s" cNORM, tc->name); else if (OBJ_nid2sn(nid)) - printf(cBLUE ": %s" cNORM, OBJ_nid2sn(nid)); + printf(cBLUE ": %s" cNORM, OBJ_nid2sn(nid)); printf("\n"); if (!OBJ_nid2obj(nid)) { - printf(cRED "NID %d not found" cNORM "\n", nid); - return 1; + printf(cRED "NID %d not found" cNORM "\n", nid); + return 1; } /* nid resolves in both directions */ @@ -106,16 +131,16 @@ static int parameter_test(struct test_curve *tc) T(sn = OBJ_nid2sn(nid)); T(ln = OBJ_nid2ln(nid)); if (tc->name) - T(!strcmp(tc->name, OBJ_nid2sn(nid))); + T(!strcmp(tc->name, OBJ_nid2sn(nid))); T(nid == OBJ_sn2nid(sn)); T(nid == OBJ_ln2nid(ln)); EC_KEY *ec; T(ec = EC_KEY_new()); if (!fill_GOST_EC_params(ec, nid)) { - printf(cRED "fill_GOST_EC_params FAIL" cNORM "\n"); - ERR_print_errors_fp(stderr); - return 1; + printf(cRED "fill_GOST_EC_params FAIL" cNORM "\n"); + ERR_print_errors_fp(stderr); + return 1; } const EC_GROUP *group; @@ -162,10 +187,10 @@ static int parameter_test(struct test_curve *tc) /* y^2 == (x^3 + ax + b) mod p * Should be same as EC_POINT_is_on_curve(generator), * but, let's calculate it manually. */ - BIGNUM *yy = BN_new(); - BIGNUM *r = BN_new(); + BIGNUM *yy = BN_new(); + BIGNUM *r = BN_new(); BIGNUM *xxx = BN_new(); - BIGNUM *ax = BN_new(); + BIGNUM *ax = BN_new(); T(yy && r && xxx && ax); BN_set_word(r, 2); BN_mod_exp(yy, y, r, p, ctx); @@ -231,12 +256,12 @@ int main(int argc, char **argv) struct test_curve *tc; for (tc = test_curves; tc->nid; tc++) { - ret |= parameter_test(tc); + ret |= parameter_test(tc); } if (ret) - printf(cDRED "= Some tests FAILED!" cNORM "\n"); + printf(cDRED "= Some tests FAILED!" cNORM "\n"); else - printf(cDGREEN "= All tests passed!" cNORM "\n"); + printf(cDGREEN "= All tests passed!" cNORM "\n"); return ret; } diff --git a/test_derive.c b/test_derive.c index 08577cda5..e899e3dab 100644 --- a/test_derive.c +++ b/test_derive.c @@ -12,19 +12,20 @@ # include # pragma warning(pop) #endif +#include "gost_lcl.h" + #include #include #include #include #include #include -#include "gost_lcl.h" -#define T(e) \ - if (!(e)) { \ - ERR_print_errors_fp(stderr); \ - OpenSSLDie(__FILE__, __LINE__, #e); \ - } +#define T(e) \ + if (!(e)) { \ + ERR_print_errors_fp(stderr); \ + OpenSSLDie(__FILE__, __LINE__, #e); \ + } #define cRED "\033[1;31m" #define cDRED "\033[0;31m" @@ -34,13 +35,16 @@ #define cDBLUE "\033[0;34m" #define cCYAN "\033[1;36m" #define cNORM "\033[m" -#define TEST_ASSERT(e) {if ((test = (e))) \ - printf(cRED " Test FAILED" cNORM "\n"); \ - else \ - printf(cGREEN " Test passed" cNORM "\n");} +#define TEST_ASSERT(e) \ + { \ + if ((test = (e))) \ + printf(cRED " Test FAILED" cNORM "\n"); \ + else \ + printf(cGREEN " Test passed" cNORM "\n"); \ + } #ifndef OSSL_NELEM -# define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0])) +# define OSSL_NELEM(x) (sizeof(x) / sizeof((x)[0])) #endif const char party_a_priv[] = @@ -76,43 +80,43 @@ struct test_derive { const char *descr; /* Source of test vector. */ int dgst_nid; /* VKO mode */ int key_nid; - int param_nid; /* Curve id. */ - const char *ukm; /* User Keying Material. */ + int param_nid; /* Curve id. */ + const char *ukm; /* User Keying Material. */ int ukm_len; const char *key_a_priv; const char *key_a_pub; const char *key_b_priv; const char *key_b_pub; - const char *kek; /* Key Encryption Key. Output. */ + const char *kek; /* Key Encryption Key. Output. */ int kek_len; } derive_tests[] = { { - .descr = "VKO_GOSTR3410_2012_256 from R 50.1.113-2016 A.9 (p.18)", - .dgst_nid = NID_id_GostR3411_2012_256, - .key_nid = NID_id_GostR3410_2012_512, - .param_nid = NID_id_tc26_gost_3410_2012_512_paramSetA, + .descr = "VKO_GOSTR3410_2012_256 from R 50.1.113-2016 A.9 (p.18)", + .dgst_nid = NID_id_GostR3411_2012_256, + .key_nid = NID_id_GostR3410_2012_512, + .param_nid = NID_id_tc26_gost_3410_2012_512_paramSetA, .key_a_priv = party_a_priv, - .key_a_pub = party_a_pub, + .key_a_pub = party_a_pub, .key_b_priv = party_b_priv, - .key_b_pub = party_b_pub, - .ukm = "\x1d\x80\x60\x3c\x85\x44\xc7\x27", - .ukm_len = 8, + .key_b_pub = party_b_pub, + .ukm = "\x1d\x80\x60\x3c\x85\x44\xc7\x27", + .ukm_len = 8, .kek = "\xc9\xa9\xa7\x73\x20\xe2\xcc\x55\x9e\xd7\x2d\xce\x6f\x47\xe2\x19" "\x2c\xce\xa9\x5f\xa6\x48\x67\x05\x82\xc0\x54\xc0\xef\x36\xc2\x21", .kek_len = 32, }, { - .descr = "VKO_GOSTR3410_2012_512 from R 50.1.113-2016 A.10 (p.19)", - .dgst_nid = NID_id_GostR3411_2012_512, - .key_nid = NID_id_GostR3410_2012_512, - .param_nid = NID_id_tc26_gost_3410_2012_512_paramSetA, + .descr = "VKO_GOSTR3410_2012_512 from R 50.1.113-2016 A.10 (p.19)", + .dgst_nid = NID_id_GostR3411_2012_512, + .key_nid = NID_id_GostR3410_2012_512, + .param_nid = NID_id_tc26_gost_3410_2012_512_paramSetA, .key_a_priv = party_a_priv, - .key_a_pub = party_a_pub, + .key_a_pub = party_a_pub, .key_b_priv = party_b_priv, - .key_b_pub = party_b_pub, - .ukm = "\x1d\x80\x60\x3c\x85\x44\xc7\x27", - .ukm_len = 8, + .key_b_pub = party_b_pub, + .ukm = "\x1d\x80\x60\x3c\x85\x44\xc7\x27", + .ukm_len = 8, .kek = "\x79\xf0\x02\xa9\x69\x40\xce\x7b\xde\x32\x59\xa5\x2e\x01\x52\x97" "\xad\xaa\xd8\x45\x97\xa0\xd2\x05\xb5\x0e\x3e\x17\x19\xf9\x7b\xfa" @@ -122,15 +126,14 @@ struct test_derive { }, }; -static EVP_PKEY *load_private_key(int key_nid, int param_nid, const char *pk, - const char *pub) +static EVP_PKEY * +load_private_key(int key_nid, int param_nid, const char *pk, const char *pub) { - EVP_PKEY_CTX *ctx; T(ctx = EVP_PKEY_CTX_new_id(key_nid, NULL)); T(EVP_PKEY_paramgen_init(ctx)); - T(EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_GOST_PARAMSET, param_nid, - NULL)); + T(EVP_PKEY_CTX_ctrl( + ctx, -1, -1, EVP_PKEY_CTRL_GOST_PARAMSET, param_nid, NULL)); EVP_PKEY *key = NULL; T((EVP_PKEY_paramgen(ctx, &key)) == 1); EVP_PKEY_CTX_free(ctx); @@ -186,8 +189,8 @@ static EVP_PKEY *load_private_key(int key_nid, int param_nid, const char *pk, BN_free(x); BN_free(y); if (EC_POINT_cmp(group, pkey, xy, bc) == 0) - printf("Public key %08x matches private key %08x\n", - *(int *)pub, *(int *)pk); + printf("Public key %08x matches private key %08x\n", *(int *)pub, + *(int *)pk); else { printf(cRED "Public key mismatch!" cNORM "\n"); exit(1); @@ -207,20 +210,20 @@ int test_derive(struct test_derive *t, const char *name) printf(cBLUE "Test %s" cNORM " for %s\n", t->descr, name); - EVP_PKEY *keyA = load_private_key(t->key_nid, t->param_nid, - t->key_a_priv, t->key_a_pub); - EVP_PKEY *keyB = load_private_key(t->key_nid, t->param_nid, - NULL, t->key_b_pub); + EVP_PKEY *keyA = + load_private_key(t->key_nid, t->param_nid, t->key_a_priv, t->key_a_pub); + EVP_PKEY *keyB = + load_private_key(t->key_nid, t->param_nid, NULL, t->key_b_pub); EVP_PKEY_CTX *ctx; T(ctx = EVP_PKEY_CTX_new(keyA, NULL)); T(EVP_PKEY_derive_init(ctx)); T(EVP_PKEY_derive_set_peer(ctx, keyB)); if (t->dgst_nid) - T(EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_SET_VKO, - t->dgst_nid, NULL)); - T(EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_SET_IV, - t->ukm_len, (unsigned char *)t->ukm)); + T(EVP_PKEY_CTX_ctrl( + ctx, -1, -1, EVP_PKEY_CTRL_SET_VKO, t->dgst_nid, NULL)); + T(EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_SET_IV, t->ukm_len, + (unsigned char *)t->ukm)); size_t skeylen; unsigned char *skey; @@ -255,9 +258,9 @@ int test_derive_pair(struct test_derive *t) ret |= test_derive(&tt, "A"); /* Test swapped keys. */ tt.key_a_priv = t->key_b_priv; - tt.key_a_pub = t->key_b_pub; + tt.key_a_pub = t->key_b_pub; tt.key_b_priv = NULL; - tt.key_b_pub = t->key_a_pub; + tt.key_b_pub = t->key_a_pub; ret |= test_derive(&tt, "B"); return ret; } @@ -280,22 +283,20 @@ static EVP_PKEY *keygen(const char *algo, const char *param) return key; } -unsigned char *derive(EVP_PKEY *keyA, EVP_PKEY *keyB, int dgst_nid, - int ukm_len, size_t *len) +unsigned char * +derive(EVP_PKEY *keyA, EVP_PKEY *keyB, int dgst_nid, int ukm_len, size_t *len) { EVP_PKEY_CTX *ctx; T(ctx = EVP_PKEY_CTX_new(keyA, NULL)); T(EVP_PKEY_derive_init(ctx)); T(EVP_PKEY_derive_set_peer(ctx, keyB)); if (dgst_nid) - T(EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_SET_VKO, - dgst_nid, NULL)); + T(EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_SET_VKO, dgst_nid, NULL)); if (ukm_len) { - unsigned char ukm[32] = { 1 }; + unsigned char ukm[32] = {1}; OPENSSL_assert(ukm_len <= sizeof(ukm)); - T(EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_SET_IV, - ukm_len, ukm)); + T(EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_SET_IV, ukm_len, ukm)); } T(EVP_PKEY_derive(ctx, NULL, len)); @@ -393,4 +394,5 @@ int main(int argc, char **argv) printf(cDGREEN "= All tests passed!" cNORM "\n"); return ret; } + /* vim: set expandtab cinoptions=\:0,l1,t0,g0,(0 sw=4 : */ diff --git a/test_digest.c b/test_digest.c index 68c0e3253..abd9d7e01 100644 --- a/test_digest.c +++ b/test_digest.c @@ -12,20 +12,20 @@ # include # pragma warning(pop) #endif -#include +#include #include -#include +#include #include +#include +#include +#include #include -#include -#include -# include #if OPENSSL_VERSION_MAJOR >= 3 # include #endif #include -#include #include +#include #if MIPSEL # include #endif @@ -34,30 +34,33 @@ #endif /* Helpers to test OpenSSL API calls. */ -#define T(e) \ - if (!(e)) { \ - ERR_print_errors_fp(stderr); \ - OpenSSLDie(__FILE__, __LINE__, #e); \ - } -#define TE(e) \ - if (!(e)) { \ - ERR_print_errors_fp(stderr); \ - fprintf(stderr, "Error at %s:%d %s\n", __FILE__, __LINE__, #e); \ - return -1; \ - } - -#define cRED "\033[1;31m" -#define cDRED "\033[0;31m" -#define cGREEN "\033[1;32m" -#define cDGREEN "\033[0;32m" -#define cBLUE "\033[1;34m" -#define cDBLUE "\033[0;34m" +#define T(e) \ + if (!(e)) { \ + ERR_print_errors_fp(stderr); \ + OpenSSLDie(__FILE__, __LINE__, #e); \ + } +#define TE(e) \ + if (!(e)) { \ + ERR_print_errors_fp(stderr); \ + fprintf(stderr, "Error at %s:%d %s\n", __FILE__, __LINE__, #e); \ + return -1; \ + } + +#define cRED "\033[1;31m" +#define cDRED "\033[0;31m" +#define cGREEN "\033[1;32m" +#define cDGREEN "\033[0;32m" +#define cBLUE "\033[1;34m" +#define cDBLUE "\033[0;34m" #define cMAGENT "\033[1;35m" -#define cNORM "\033[m" -#define TEST_ASSERT(e) {if ((test = (e))) \ - printf(cRED " Test FAILED" cNORM "\n"); \ - else \ - printf(cGREEN " Test passed" cNORM "\n");} +#define cNORM "\033[m" +#define TEST_ASSERT(e) \ + { \ + if ((test = (e))) \ + printf(cRED " Test FAILED" cNORM "\n"); \ + else \ + printf(cGREEN " Test passed" cNORM "\n"); \ + } #ifdef __GNUC__ /* To test older APIs. */ @@ -69,16 +72,18 @@ * for 128-bit cipher (A.1). */ static const char K[32] = { - 0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77, - 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, + 0x33, 0x44, 0x55, 0x66, 0x77, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, + 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, }; /* * Key for 64-bit cipher (A.2). */ static const char Km[32] = { - 0xff,0xee,0xdd,0xcc,0xbb,0xaa,0x99,0x88,0x77,0x66,0x55,0x44,0x33,0x22,0x11,0x00, - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff, + 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 0x77, 0x66, 0x55, + 0x44, 0x33, 0x22, 0x11, 0x00, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, + 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, }; /* @@ -86,406 +91,405 @@ static const char Km[32] = { * First 16 bytes is vector (a) from GOST R 34.12-2015 A.1. */ static const char P[] = { - 0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x00,0xff,0xee,0xdd,0xcc,0xbb,0xaa,0x99,0x88, - 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xee,0xff,0x0a, - 0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xee,0xff,0x0a,0x00, - 0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xee,0xff,0x0a,0x00,0x11, + 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x00, 0xff, 0xee, 0xdd, + 0xcc, 0xbb, 0xaa, 0x99, 0x88, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xee, 0xff, 0x0a, 0x11, + 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, + 0xee, 0xff, 0x0a, 0x00, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, + 0x99, 0xaa, 0xbb, 0xcc, 0xee, 0xff, 0x0a, 0x00, 0x11, }; /* Plaintext for 64-bit cipher (A.2) */ static const char Pm[] = { - 0x92,0xde,0xf0,0x6b,0x3c,0x13,0x0a,0x59,0xdb,0x54,0xc7,0x04,0xf8,0x18,0x9d,0x20, - 0x4a,0x98,0xfb,0x2e,0x67,0xa8,0x02,0x4c,0x89,0x12,0x40,0x9b,0x17,0xb5,0x7e,0x41, + 0x92, 0xde, 0xf0, 0x6b, 0x3c, 0x13, 0x0a, 0x59, 0xdb, 0x54, 0xc7, + 0x04, 0xf8, 0x18, 0x9d, 0x20, 0x4a, 0x98, 0xfb, 0x2e, 0x67, 0xa8, + 0x02, 0x4c, 0x89, 0x12, 0x40, 0x9b, 0x17, 0xb5, 0x7e, 0x41, }; /* * Kuznyechik OMAC1/CMAC test vector from GOST R 34.13-2015 А.1.6 */ -static const char MAC_omac[] = { 0x33,0x6f,0x4d,0x29,0x60,0x59,0xfb,0xe3 }; +static const char MAC_omac[] = {0x33, 0x6f, 0x4d, 0x29, 0x60, 0x59, 0xfb, 0xe3}; /* * Magma OMAC1/CMAC test vector from GOST R 34.13-2015 А.2.6 */ -static const char MAC_magma_omac[] = { 0x15,0x4e,0x72,0x10 }; +static const char MAC_magma_omac[] = {0x15, 0x4e, 0x72, 0x10}; /* * OMAC-ACPKM test vector from R 1323565.1.017-2018 A.4.1 */ static const char P_omac_acpkm1[] = { - 0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x00,0xFF,0xEE,0xDD,0xCC,0xBB,0xAA,0x99,0x88, - 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77, + 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x00, 0xFF, 0xEE, 0xDD, 0xCC, + 0xBB, 0xAA, 0x99, 0x88, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, }; static const char MAC_omac_acpkm1[] = { - 0xB5,0x36,0x7F,0x47,0xB6,0x2B,0x99,0x5E,0xEB,0x2A,0x64,0x8C,0x58,0x43,0x14,0x5E, + 0xB5, 0x36, 0x7F, 0x47, 0xB6, 0x2B, 0x99, 0x5E, + 0xEB, 0x2A, 0x64, 0x8C, 0x58, 0x43, 0x14, 0x5E, }; /* * OMAC-ACPKM test vector from R 1323565.1.017-2018 A.4.2 */ static const char P_omac_acpkm2[] = { - 0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x00,0xFF,0xEE,0xDD,0xCC,0xBB,0xAA,0x99,0x88, - 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xEE,0xFF,0x0A, - 0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xEE,0xFF,0x0A,0x00, - 0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xEE,0xFF,0x0A,0x00,0x11, - 0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xEE,0xFF,0x0A,0x00,0x11,0x22, + 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x00, 0xFF, 0xEE, 0xDD, 0xCC, + 0xBB, 0xAA, 0x99, 0x88, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x11, 0x22, 0x33, 0x44, + 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00, + 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, + 0xFF, 0x0A, 0x00, 0x11, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, + 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00, 0x11, 0x22, }; static const char MAC_omac_acpkm2[] = { - 0xFB,0xB8,0xDC,0xEE,0x45,0xBE,0xA6,0x7C,0x35,0xF5,0x8C,0x57,0x00,0x89,0x8E,0x5D, + 0xFB, 0xB8, 0xDC, 0xEE, 0x45, 0xBE, 0xA6, 0x7C, + 0x35, 0xF5, 0x8C, 0x57, 0x00, 0x89, 0x8E, 0x5D, }; /* Some other test vectors. */ -static const char etalon_M4[64] = { 0 }; +static const char etalon_M4[64] = {0}; static const char etalon_M5[] = { - 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,0x31,0x32,0x33,0x34,0x35,0x36, - 0x37,0x38,0x39,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,0x20,0x0a, - 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,0x31,0x32,0x33,0x34,0x35,0x36, - 0x37,0x38,0x39,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,0x20,0x0a, + 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, + 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, + 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x20, 0x0a, 0x31, + 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, + 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33, + 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x20, 0x0a, }; static const char etalon_M6[] = { - 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,0x31,0x32,0x33,0x34,0x35,0x36, - 0x37,0x38,0x39,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,0x20,0x0a, - 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,0x31,0x32,0x33,0x34,0x35,0x36, - 0x37,0x38,0x39,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,0x20,0x0a, - 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,0x31,0x32,0x33,0x34,0x35,0x36, - 0x37,0x38,0x39,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,0x20,0x0a, - 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,0x31,0x32,0x33,0x34,0x35,0x36, - 0x37,0x38,0x39,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,0x20,0x0a, - 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,0x31,0x32,0x33,0x34,0x35,0x36, - 0x37,0x38,0x39,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,0x20,0x0a, - 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,0x31,0x32,0x33,0x34,0x35,0x36, - 0x37,0x38,0x39,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,0x20,0x0a, + 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, + 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x20, 0x0a, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, + 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, + 0x39, 0x30, 0x20, 0x0a, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, + 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, + 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x20, 0x0a, + 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, + 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x20, 0x0a, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, + 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, + 0x39, 0x30, 0x20, 0x0a, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, + 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, + 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x20, 0x0a, }; static const char etalon_carry[] = { - 0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee, - 0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee, - 0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee, - 0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee,0xee, - 0x16,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11, - 0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11, - 0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11, - 0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x16, + 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, + 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, + 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, + 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, + 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, + 0xee, 0xee, 0xee, 0xee, 0x16, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x16, }; /* This is another carry test. */ static const char ff[] = { - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff -}; + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; struct hash_testvec { const char *algname; /* Algorithm name */ - const char *name; /* Test name and source. */ + const char *name; /* Test name and source. */ const char *plaintext; /* Input (of psize), NULL for synthetic test. */ - const char *digest; /* Expected output (of EVP_MD_size or truncate). */ - const char *hmac; /* Expected output for HMAC tests. */ - const char *key; /* MAC key.*/ - int psize; /* Input (plaintext) size. */ - size_t outsize; /* Compare to EVP_MD_size() / EVP_MAC_size() if non-zero. */ - int truncate; /* Truncated output (digest) size. */ - int key_size; /* MAC key size. */ - int block_size; /* Internal block size. */ - int acpkm; /* The section size N (the number of bits that are + const char *digest; /* Expected output (of EVP_MD_size or truncate). */ + const char *hmac; /* Expected output for HMAC tests. */ + const char *key; /* MAC key.*/ + int psize; /* Input (plaintext) size. */ + size_t outsize; /* Compare to EVP_MD_size() / EVP_MAC_size() if non-zero. */ + int truncate; /* Truncated output (digest) size. */ + int key_size; /* MAC key size. */ + int block_size; /* Internal block size. */ + int acpkm; /* The section size N (the number of bits that are processed with one section key before this key is transformed) (bytes) */ - int acpkm_t; /* Master key (change) frequency T* (bytes) */ + int acpkm_t; /* Master key (change) frequency T* (bytes) */ }; static const struct hash_testvec testvecs[] = { - { /* Test vectors from standards. */ - .algname = SN_id_GostR3411_2012_512, - .name = "M1 from RFC 6986 (10.1.1) and GOST R 34.11-2012 (А.1.1)", - .plaintext = - "012345678901234567890123456789012345678901234567890123456789012", - .psize = 63, - .digest = - "\x1b\x54\xd0\x1a\x4a\xf5\xb9\xd5\xcc\x3d\x86\xd6\x8d\x28\x54\x62" - "\xb1\x9a\xbc\x24\x75\x22\x2f\x35\xc0\x85\x12\x2b\xe4\xba\x1f\xfa" - "\x00\xad\x30\xf8\x76\x7b\x3a\x82\x38\x4c\x65\x74\xf0\x24\xc3\x11" - "\xe2\xa4\x81\x33\x2b\x08\xef\x7f\x41\x79\x78\x91\xc1\x64\x6f\x48", - .outsize = 512 / 8, - .block_size = 512 / 8, - }, - { - .algname = SN_id_GostR3411_2012_256, - .name = "M1 from RFC 6986 (10.1.2) and GOST R 34.11-2012 (А.1.2)", - .plaintext = - "012345678901234567890123456789012345678901234567890123456789012", - .psize = 63, - .digest = - "\x9d\x15\x1e\xef\xd8\x59\x0b\x89\xda\xa6\xba\x6c\xb7\x4a\xf9\x27" - "\x5d\xd0\x51\x02\x6b\xb1\x49\xa4\x52\xfd\x84\xe5\xe5\x7b\x55\x00", - .outsize = 256 / 8, - .block_size = 512 / 8, - }, { - .algname = SN_id_GostR3411_2012_512, - .name = "M2 from RFC 6986 (10.2.1) and GOST R 34.11-2012 (А.2.1)", - .plaintext = - "\xd1\xe5\x20\xe2\xe5\xf2\xf0\xe8\x2c\x20\xd1\xf2\xf0\xe8\xe1\xee" - "\xe6\xe8\x20\xe2\xed\xf3\xf6\xe8\x2c\x20\xe2\xe5\xfe\xf2\xfa\x20" - "\xf1\x20\xec\xee\xf0\xff\x20\xf1\xf2\xf0\xe5\xeb\xe0\xec\xe8\x20" - "\xed\xe0\x20\xf5\xf0\xe0\xe1\xf0\xfb\xff\x20\xef\xeb\xfa\xea\xfb" - "\x20\xc8\xe3\xee\xf0\xe5\xe2\xfb", - .psize = 72, - .digest = - "\x1e\x88\xe6\x22\x26\xbf\xca\x6f\x99\x94\xf1\xf2\xd5\x15\x69\xe0" - "\xda\xf8\x47\x5a\x3b\x0f\xe6\x1a\x53\x00\xee\xe4\x6d\x96\x13\x76" - "\x03\x5f\xe8\x35\x49\xad\xa2\xb8\x62\x0f\xcd\x7c\x49\x6c\xe5\xb3" - "\x3f\x0c\xb9\xdd\xdc\x2b\x64\x60\x14\x3b\x03\xda\xba\xc9\xfb\x28", + /* Test vectors from standards. */ + .algname = SN_id_GostR3411_2012_512, + .name = "M1 from RFC 6986 (10.1.1) and GOST R 34.11-2012 (А.1.1)", + .plaintext = + "012345678901234567890123456789012345678901234567890123456789012", + .psize = 63, + .digest = + "\x1b\x54\xd0\x1a\x4a\xf5\xb9\xd5\xcc\x3d\x86\xd6\x8d\x28\x54\x62" + "\xb1\x9a\xbc\x24\x75\x22\x2f\x35\xc0\x85\x12\x2b\xe4\xba\x1f\xfa" + "\x00\xad\x30\xf8\x76\x7b\x3a\x82\x38\x4c\x65\x74\xf0\x24\xc3\x11" + "\xe2\xa4\x81\x33\x2b\x08\xef\x7f\x41\x79\x78\x91\xc1\x64\x6f\x48", + .outsize = 512 / 8, + .block_size = 512 / 8, }, { - .algname = SN_id_GostR3411_2012_256, - .name = "M2 from RFC 6986 (10.2.2) and GOST R 34.11-2012 (А.2.2)", - .plaintext = - "\xd1\xe5\x20\xe2\xe5\xf2\xf0\xe8\x2c\x20\xd1\xf2\xf0\xe8\xe1\xee" - "\xe6\xe8\x20\xe2\xed\xf3\xf6\xe8\x2c\x20\xe2\xe5\xfe\xf2\xfa\x20" - "\xf1\x20\xec\xee\xf0\xff\x20\xf1\xf2\xf0\xe5\xeb\xe0\xec\xe8\x20" - "\xed\xe0\x20\xf5\xf0\xe0\xe1\xf0\xfb\xff\x20\xef\xeb\xfa\xea\xfb" - "\x20\xc8\xe3\xee\xf0\xe5\xe2\xfb", - .psize = 72, - .digest = - "\x9d\xd2\xfe\x4e\x90\x40\x9e\x5d\xa8\x7f\x53\x97\x6d\x74\x05\xb0" - "\xc0\xca\xc6\x28\xfc\x66\x9a\x74\x1d\x50\x06\x3c\x55\x7e\x8f\x50", + .algname = SN_id_GostR3411_2012_256, + .name = "M1 from RFC 6986 (10.1.2) and GOST R 34.11-2012 (А.1.2)", + .plaintext = + "012345678901234567890123456789012345678901234567890123456789012", + .psize = 63, + .digest = + "\x9d\x15\x1e\xef\xd8\x59\x0b\x89\xda\xa6\xba\x6c\xb7\x4a\xf9\x27" + "\x5d\xd0\x51\x02\x6b\xb1\x49\xa4\x52\xfd\x84\xe5\xe5\x7b\x55\x00", + .outsize = 256 / 8, + .block_size = 512 / 8, }, - /* OMAC tests */ { - .algname = SN_grasshopper_mac, - .name = "P from GOST R 34.13-2015 (А.1.6)", - .plaintext = P, - .psize = sizeof(P), - .key = K, - .key_size = sizeof(K), - .digest = MAC_omac, - .outsize = 128 / 8, - .truncate = sizeof(MAC_omac), + .algname = SN_id_GostR3411_2012_512, + .name = "M2 from RFC 6986 (10.2.1) and GOST R 34.11-2012 (А.2.1)", + .plaintext = + "\xd1\xe5\x20\xe2\xe5\xf2\xf0\xe8\x2c\x20\xd1\xf2\xf0\xe8\xe1\xee" + "\xe6\xe8\x20\xe2\xed\xf3\xf6\xe8\x2c\x20\xe2\xe5\xfe\xf2\xfa\x20" + "\xf1\x20\xec\xee\xf0\xff\x20\xf1\xf2\xf0\xe5\xeb\xe0\xec\xe8\x20" + "\xed\xe0\x20\xf5\xf0\xe0\xe1\xf0\xfb\xff\x20\xef\xeb\xfa\xea\xfb" + "\x20\xc8\xe3\xee\xf0\xe5\xe2\xfb", + .psize = 72, + .digest = + "\x1e\x88\xe6\x22\x26\xbf\xca\x6f\x99\x94\xf1\xf2\xd5\x15\x69\xe0" + "\xda\xf8\x47\x5a\x3b\x0f\xe6\x1a\x53\x00\xee\xe4\x6d\x96\x13\x76" + "\x03\x5f\xe8\x35\x49\xad\xa2\xb8\x62\x0f\xcd\x7c\x49\x6c\xe5\xb3" + "\x3f\x0c\xb9\xdd\xdc\x2b\x64\x60\x14\x3b\x03\xda\xba\xc9\xfb\x28", }, { - .algname = SN_magma_mac, - .name = "P from GOST R 34.13-2015 (А.2.6)", - .plaintext = Pm, - .psize = sizeof(Pm), - .key = Km, - .key_size = sizeof(Km), - .digest = MAC_magma_omac, - .outsize = 64 / 8, - .truncate = sizeof(MAC_magma_omac), + .algname = SN_id_GostR3411_2012_256, + .name = "M2 from RFC 6986 (10.2.2) and GOST R 34.11-2012 (А.2.2)", + .plaintext = + "\xd1\xe5\x20\xe2\xe5\xf2\xf0\xe8\x2c\x20\xd1\xf2\xf0\xe8\xe1\xee" + "\xe6\xe8\x20\xe2\xed\xf3\xf6\xe8\x2c\x20\xe2\xe5\xfe\xf2\xfa\x20" + "\xf1\x20\xec\xee\xf0\xff\x20\xf1\xf2\xf0\xe5\xeb\xe0\xec\xe8\x20" + "\xed\xe0\x20\xf5\xf0\xe0\xe1\xf0\xfb\xff\x20\xef\xeb\xfa\xea\xfb" + "\x20\xc8\xe3\xee\xf0\xe5\xe2\xfb", + .psize = 72, + .digest = + "\x9d\xd2\xfe\x4e\x90\x40\x9e\x5d\xa8\x7f\x53\x97\x6d\x74\x05\xb0" + "\xc0\xca\xc6\x28\xfc\x66\x9a\x74\x1d\x50\x06\x3c\x55\x7e\x8f\x50", }, + /* OMAC tests */ { - .algname = SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, - .name = "M from R 1323565.1.017-2018 (A.4.1)", - .plaintext = P_omac_acpkm1, - .psize = sizeof(P_omac_acpkm1), - .key = K, - .key_size = sizeof(K), - .acpkm = 32, - .acpkm_t = 768 / 8, - .digest = MAC_omac_acpkm1, - .outsize = sizeof(MAC_omac_acpkm1), - }, - { - .algname = SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, - .name = "M from R 1323565.1.017-2018 (A.4.2)", - .plaintext = P_omac_acpkm2, - .psize = sizeof(P_omac_acpkm2), - .key = K, - .key_size = sizeof(K), - .acpkm = 32, - .acpkm_t = 768 / 8, - .digest = MAC_omac_acpkm2, - .outsize = sizeof(MAC_omac_acpkm2), - }, - { /* HMAC tests. */ - .algname = SN_id_GostR3411_2012_512, - .name = "HMAC_GOSTR3411_2012_512 from RFC 7836 (B) and R 50.1.113-2016 (A)", - .plaintext = - "\x01\x26\xbd\xb8\x78\x00\xaf\x21\x43\x41\x45\x65\x63\x78\x01\x00", - .psize = 16, - .key = - "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .key_size = 32, - .hmac = - "\xa5\x9b\xab\x22\xec\xae\x19\xc6\x5f\xbd\xe6\xe5\xf4\xe9\xf5\xd8" - "\x54\x9d\x31\xf0\x37\xf9\xdf\x9b\x90\x55\x00\xe1\x71\x92\x3a\x77" - "\x3d\x5f\x15\x30\xf2\xed\x7e\x96\x4c\xb2\xee\xdc\x29\xe9\xad\x2f" - "\x3a\xfe\x93\xb2\x81\x4f\x79\xf5\x00\x0f\xfc\x03\x66\xc2\x51\xe6", - }, - { - .algname = SN_id_GostR3411_2012_256, - .name = "HMAC_GOSTR3411_2012_256 from RFC 7836 (B) and R 50.1.113-2016 (A)", - .plaintext = - "\x01\x26\xbd\xb8\x78\x00\xaf\x21\x43\x41\x45\x65\x63\x78\x01\x00", - .psize = 16, - .key = - "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .key_size = 32, - .hmac = - "\xa1\xaa\x5f\x7d\xe4\x02\xd7\xb3\xd3\x23\xf2\x99\x1c\x8d\x45\x34" - "\x01\x31\x37\x01\x0a\x83\x75\x4f\xd0\xaf\x6d\x7c\xd4\x92\x2e\xd9", - }, - /* Other KATs. */ - { - .algname = SN_id_GostR3411_2012_512, - .name = "Zero length string (M3)", - .plaintext = "", - .psize = 0, - .digest = - "\x8e\x94\x5d\xa2\x09\xaa\x86\x9f\x04\x55\x92\x85\x29\xbc\xae\x46" - "\x79\xe9\x87\x3a\xb7\x07\xb5\x53\x15\xf5\x6c\xeb\x98\xbe\xf0\xa7" - "\x36\x2f\x71\x55\x28\x35\x6e\xe8\x3c\xda\x5f\x2a\xac\x4c\x6a\xd2" - "\xba\x3a\x71\x5c\x1b\xcd\x81\xcb\x8e\x9f\x90\xbf\x4c\x1c\x1a\x8a", - .outsize = 512 / 8, + .algname = SN_grasshopper_mac, + .name = "P from GOST R 34.13-2015 (А.1.6)", + .plaintext = P, + .psize = sizeof(P), + .key = K, + .key_size = sizeof(K), + .digest = MAC_omac, + .outsize = 128 / 8, + .truncate = sizeof(MAC_omac), }, { - .algname = SN_id_GostR3411_2012_256, - .name = "Zero length string (M3)", - .plaintext = "", - .psize = 0, - .digest = - "\x3f\x53\x9a\x21\x3e\x97\xc8\x02\xcc\x22\x9d\x47\x4c\x6a\xa3\x2a" - "\x82\x5a\x36\x0b\x2a\x93\x3a\x94\x9f\xd9\x25\x20\x8d\x9c\xe1\xbb", - .outsize = 256 / 8, - }, - { /* M4 */ - .algname = SN_id_GostR3411_2012_512, - .name = "64 bytes of zero (M4)", - .plaintext = etalon_M4, - .psize = sizeof(etalon_M4), - .digest = - "\xb0\xfd\x29\xac\x1b\x0d\xf4\x41\x76\x9f\xf3\xfd\xb8\xdc\x56\x4d" - "\xf6\x77\x21\xd6\xac\x06\xfb\x28\xce\xff\xb7\xbb\xaa\x79\x48\xc6" - "\xc0\x14\xac\x99\x92\x35\xb5\x8c\xb2\x6f\xb6\x0f\xb1\x12\xa1\x45" - "\xd7\xb4\xad\xe9\xae\x56\x6b\xf2\x61\x14\x02\xc5\x52\xd2\x0d\xb7" + .algname = SN_magma_mac, + .name = "P from GOST R 34.13-2015 (А.2.6)", + .plaintext = Pm, + .psize = sizeof(Pm), + .key = Km, + .key_size = sizeof(Km), + .digest = MAC_magma_omac, + .outsize = 64 / 8, + .truncate = sizeof(MAC_magma_omac), }, { - .algname = SN_id_GostR3411_2012_256, - .name = "64 bytes of zero (M4)", - .plaintext = etalon_M4, - .psize = sizeof(etalon_M4), - .digest = - "\xdf\x1f\xda\x9c\xe8\x31\x91\x39\x05\x37\x35\x80\x31\xdb\x2e\xca" - "\xa6\xaa\x54\xcd\x0e\xda\x24\x1d\xc1\x07\x10\x5e\x13\x63\x6b\x95" - }, - { /* M5 */ - .algname = SN_id_GostR3411_2012_512, - .name = "64 bytes of (M5)", - .plaintext = etalon_M5, - .psize = sizeof(etalon_M5), - .digest = - "\x36\x3b\x44\x9e\xc8\x1a\xe4\x0b\x3a\x40\x7b\x12\x5c\x3b\x1c\x2b" - "\x76\x8b\x50\x49\x6b\xcb\x5f\x69\x0b\x89\xe9\x00\x7b\x06\xe4\x08" - "\x41\x82\xed\x45\xd4\x07\x2a\x67\xfe\xc9\xd3\x42\x1d\xab\x01\x3d" - "\xa2\xaa\xbc\x1d\x65\x28\xe8\xe7\x75\xae\xc7\xb3\x45\x7a\xc6\x75" + .algname = SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, + .name = "M from R 1323565.1.017-2018 (A.4.1)", + .plaintext = P_omac_acpkm1, + .psize = sizeof(P_omac_acpkm1), + .key = K, + .key_size = sizeof(K), + .acpkm = 32, + .acpkm_t = 768 / 8, + .digest = MAC_omac_acpkm1, + .outsize = sizeof(MAC_omac_acpkm1), }, { - .algname = SN_id_GostR3411_2012_256, - .name = "64 bytes of (M5)", - .plaintext = etalon_M5, - .psize = sizeof(etalon_M5), - .digest = - "\xf0\xa5\x57\xf6\xa0\x4a\x90\xab\x18\x11\xc1\xb6\xe9\xb0\x78\xe4" - "\x16\x3b\x74\x03\x7c\x6c\xf5\x9f\x52\x44\x4a\x37\xf4\x8e\x11\xd8" - }, - { /* M6 */ - .algname = SN_id_GostR3411_2012_512, - .name = "(M6)", - .plaintext = etalon_M6, - .psize = sizeof(etalon_M6), - .digest = - "\x87\x81\xdf\xc8\x1d\x2d\xb6\xa4\x1d\x18\x57\xf3\x23\x0b\x3f\xfe" - "\x2b\xda\x57\x42\x73\xea\x19\x47\x18\x9a\xaa\x54\x68\x47\x0d\xf1" - "\xc4\xb3\x74\xb1\xa2\xb5\x6e\x59\xd1\x1d\x21\x3f\xea\x57\xe3\x51" - "\x45\x43\xb0\xce\xd9\xb2\x0e\x55\x3a\xe6\x64\x25\xec\x90\x9c\xfd" + .algname = SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, + .name = "M from R 1323565.1.017-2018 (A.4.2)", + .plaintext = P_omac_acpkm2, + .psize = sizeof(P_omac_acpkm2), + .key = K, + .key_size = sizeof(K), + .acpkm = 32, + .acpkm_t = 768 / 8, + .digest = MAC_omac_acpkm2, + .outsize = sizeof(MAC_omac_acpkm2), }, { - .algname = SN_id_GostR3411_2012_256, - .name = "(M6)", - .plaintext = etalon_M6, - .psize = sizeof(etalon_M6), - .digest = - "\x2f\x4f\x65\x1f\xe8\x8f\xea\x46\xec\x6f\x22\x23\x72\x8d\x8d\xff" - "\x39\x68\x89\x35\x58\xef\x00\xa3\x10\xc2\x3e\x7d\x19\x23\xba\x0c" - }, - { /* Carry */ - .algname = SN_id_GostR3411_2012_512, - .name = "(carry)", - .plaintext = etalon_carry, - .psize = sizeof(etalon_carry), - .digest = - "\x8b\x06\xf4\x1e\x59\x90\x7d\x96\x36\xe8\x92\xca\xf5\x94\x2f\xcd" - "\xfb\x71\xfa\x31\x16\x9a\x5e\x70\xf0\xed\xb8\x73\x66\x4d\xf4\x1c" - "\x2c\xce\x6e\x06\xdc\x67\x55\xd1\x5a\x61\xcd\xeb\x92\xbd\x60\x7c" - "\xc4\xaa\xca\x67\x32\xbf\x35\x68\xa2\x3a\x21\x0d\xd5\x20\xfd\x41" + /* HMAC tests. */ + .algname = SN_id_GostR3411_2012_512, + .name = + "HMAC_GOSTR3411_2012_512 from RFC 7836 (B) and R 50.1.113-2016 (A)", + .plaintext = + "\x01\x26\xbd\xb8\x78\x00\xaf\x21\x43\x41\x45\x65\x63\x78\x01\x00", + .psize = 16, + .key = + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", + .key_size = 32, + .hmac = + "\xa5\x9b\xab\x22\xec\xae\x19\xc6\x5f\xbd\xe6\xe5\xf4\xe9\xf5\xd8" + "\x54\x9d\x31\xf0\x37\xf9\xdf\x9b\x90\x55\x00\xe1\x71\x92\x3a\x77" + "\x3d\x5f\x15\x30\xf2\xed\x7e\x96\x4c\xb2\xee\xdc\x29\xe9\xad\x2f" + "\x3a\xfe\x93\xb2\x81\x4f\x79\xf5\x00\x0f\xfc\x03\x66\xc2\x51\xe6", }, { - .algname = SN_id_GostR3411_2012_256, - .name = "(carry)", - .plaintext = etalon_carry, - .psize = sizeof(etalon_carry), - .digest = - "\x81\xbb\x63\x2f\xa3\x1f\xcc\x38\xb4\xc3\x79\xa6\x62\xdb\xc5\x8b" - "\x9b\xed\x83\xf5\x0d\x3a\x1b\x2c\xe7\x27\x1a\xb0\x2d\x25\xba\xbb" - }, - { /* ff (Better carry test). */ - .algname = SN_id_GostR3411_2012_512, - .name = "64 bytes of FF", - .plaintext = ff, - .psize = sizeof(ff), - .digest = - "\x41\x62\x9d\xe6\x77\xd7\xe8\x09\x0c\x3c\xd7\x0a\xff\xe3\x30\x0d" - "\x1e\x1c\xfb\xa2\xdb\x97\x94\x5e\xc3\x7f\xeb\x4e\x13\x75\xbc\x02" - "\xa5\x3f\x00\x37\x0b\x7d\x71\x5b\x07\xf3\x7f\x93\xca\xc8\x44\xef" - "\xad\xbf\xd1\xb8\x5f\x9d\xda\xe3\xde\x96\x56\xc0\xe9\x5a\xff\xc7" + .algname = SN_id_GostR3411_2012_256, + .name = + "HMAC_GOSTR3411_2012_256 from RFC 7836 (B) and R 50.1.113-2016 (A)", + .plaintext = + "\x01\x26\xbd\xb8\x78\x00\xaf\x21\x43\x41\x45\x65\x63\x78\x01\x00", + .psize = 16, + .key = + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", + .key_size = 32, + .hmac = + "\xa1\xaa\x5f\x7d\xe4\x02\xd7\xb3\xd3\x23\xf2\x99\x1c\x8d\x45\x34" + "\x01\x31\x37\x01\x0a\x83\x75\x4f\xd0\xaf\x6d\x7c\xd4\x92\x2e\xd9", }, + /* Other KATs. */ { - .algname = SN_id_GostR3411_2012_256, - .name = "64 bytes of FF", - .plaintext = ff, - .psize = sizeof(ff), - .digest = - "\x96\x4a\x5a\xb6\x02\x86\xf1\x06\x28\x87\x43\xe2\xfe\x1a\x42\x2d" - "\x16\x08\x98\xca\x1b\xd5\x35\xe8\x31\xaa\x50\x0c\xfe\x34\xd7\xe8" + .algname = SN_id_GostR3411_2012_512, + .name = "Zero length string (M3)", + .plaintext = "", + .psize = 0, + .digest = + "\x8e\x94\x5d\xa2\x09\xaa\x86\x9f\x04\x55\x92\x85\x29\xbc\xae\x46" + "\x79\xe9\x87\x3a\xb7\x07\xb5\x53\x15\xf5\x6c\xeb\x98\xbe\xf0\xa7" + "\x36\x2f\x71\x55\x28\x35\x6e\xe8\x3c\xda\x5f\x2a\xac\x4c\x6a\xd2" + "\xba\x3a\x71\x5c\x1b\xcd\x81\xcb\x8e\x9f\x90\xbf\x4c\x1c\x1a\x8a", + .outsize = 512 / 8, }, { - .algname = SN_id_GostR3411_94, - .name = "64 bytes of FF", - .plaintext = ff, - .psize = sizeof(ff), - .digest = - "\x58\x50\x4d\x26\xb3\x67\x7e\x75\x6b\xa3\xf4\xa9\xfd\x2f\x14\xb3" - "\xba\x54\x57\x06\x6a\x4a\xa1\xd7\x00\x65\x9b\x90\xdc\xdd\xd3\xc6" + .algname = SN_id_GostR3411_2012_256, + .name = "Zero length string (M3)", + .plaintext = "", + .psize = 0, + .digest = + "\x3f\x53\x9a\x21\x3e\x97\xc8\x02\xcc\x22\x9d\x47\x4c\x6a\xa3\x2a" + "\x82\x5a\x36\x0b\x2a\x93\x3a\x94\x9f\xd9\x25\x20\x8d\x9c\xe1\xbb", + .outsize = 256 / 8, }, + {/* M4 */ + .algname = SN_id_GostR3411_2012_512, + .name = "64 bytes of zero (M4)", + .plaintext = etalon_M4, + .psize = sizeof(etalon_M4), + .digest = + "\xb0\xfd\x29\xac\x1b\x0d\xf4\x41\x76\x9f\xf3\xfd\xb8\xdc\x56\x4d" + "\xf6\x77\x21\xd6\xac\x06\xfb\x28\xce\xff\xb7\xbb\xaa\x79\x48\xc6" + "\xc0\x14\xac\x99\x92\x35\xb5\x8c\xb2\x6f\xb6\x0f\xb1\x12\xa1\x45" + "\xd7\xb4\xad\xe9\xae\x56\x6b\xf2\x61\x14\x02\xc5\x52\xd2\x0d\xb7"}, + {.algname = SN_id_GostR3411_2012_256, + .name = "64 bytes of zero (M4)", + .plaintext = etalon_M4, + .psize = sizeof(etalon_M4), + .digest = + "\xdf\x1f\xda\x9c\xe8\x31\x91\x39\x05\x37\x35\x80\x31\xdb\x2e\xca" + "\xa6\xaa\x54\xcd\x0e\xda\x24\x1d\xc1\x07\x10\x5e\x13\x63\x6b\x95"}, + {/* M5 */ + .algname = SN_id_GostR3411_2012_512, + .name = "64 bytes of (M5)", + .plaintext = etalon_M5, + .psize = sizeof(etalon_M5), + .digest = + "\x36\x3b\x44\x9e\xc8\x1a\xe4\x0b\x3a\x40\x7b\x12\x5c\x3b\x1c\x2b" + "\x76\x8b\x50\x49\x6b\xcb\x5f\x69\x0b\x89\xe9\x00\x7b\x06\xe4\x08" + "\x41\x82\xed\x45\xd4\x07\x2a\x67\xfe\xc9\xd3\x42\x1d\xab\x01\x3d" + "\xa2\xaa\xbc\x1d\x65\x28\xe8\xe7\x75\xae\xc7\xb3\x45\x7a\xc6\x75"}, + {.algname = SN_id_GostR3411_2012_256, + .name = "64 bytes of (M5)", + .plaintext = etalon_M5, + .psize = sizeof(etalon_M5), + .digest = + "\xf0\xa5\x57\xf6\xa0\x4a\x90\xab\x18\x11\xc1\xb6\xe9\xb0\x78\xe4" + "\x16\x3b\x74\x03\x7c\x6c\xf5\x9f\x52\x44\x4a\x37\xf4\x8e\x11\xd8"}, + {/* M6 */ + .algname = SN_id_GostR3411_2012_512, + .name = "(M6)", + .plaintext = etalon_M6, + .psize = sizeof(etalon_M6), + .digest = + "\x87\x81\xdf\xc8\x1d\x2d\xb6\xa4\x1d\x18\x57\xf3\x23\x0b\x3f\xfe" + "\x2b\xda\x57\x42\x73\xea\x19\x47\x18\x9a\xaa\x54\x68\x47\x0d\xf1" + "\xc4\xb3\x74\xb1\xa2\xb5\x6e\x59\xd1\x1d\x21\x3f\xea\x57\xe3\x51" + "\x45\x43\xb0\xce\xd9\xb2\x0e\x55\x3a\xe6\x64\x25\xec\x90\x9c\xfd"}, + {.algname = SN_id_GostR3411_2012_256, + .name = "(M6)", + .plaintext = etalon_M6, + .psize = sizeof(etalon_M6), + .digest = + "\x2f\x4f\x65\x1f\xe8\x8f\xea\x46\xec\x6f\x22\x23\x72\x8d\x8d\xff" + "\x39\x68\x89\x35\x58\xef\x00\xa3\x10\xc2\x3e\x7d\x19\x23\xba\x0c"}, + {/* Carry */ + .algname = SN_id_GostR3411_2012_512, + .name = "(carry)", + .plaintext = etalon_carry, + .psize = sizeof(etalon_carry), + .digest = + "\x8b\x06\xf4\x1e\x59\x90\x7d\x96\x36\xe8\x92\xca\xf5\x94\x2f\xcd" + "\xfb\x71\xfa\x31\x16\x9a\x5e\x70\xf0\xed\xb8\x73\x66\x4d\xf4\x1c" + "\x2c\xce\x6e\x06\xdc\x67\x55\xd1\x5a\x61\xcd\xeb\x92\xbd\x60\x7c" + "\xc4\xaa\xca\x67\x32\xbf\x35\x68\xa2\x3a\x21\x0d\xd5\x20\xfd\x41"}, + {.algname = SN_id_GostR3411_2012_256, + .name = "(carry)", + .plaintext = etalon_carry, + .psize = sizeof(etalon_carry), + .digest = + "\x81\xbb\x63\x2f\xa3\x1f\xcc\x38\xb4\xc3\x79\xa6\x62\xdb\xc5\x8b" + "\x9b\xed\x83\xf5\x0d\x3a\x1b\x2c\xe7\x27\x1a\xb0\x2d\x25\xba\xbb"}, + {/* ff (Better carry test). */ + .algname = SN_id_GostR3411_2012_512, + .name = "64 bytes of FF", + .plaintext = ff, + .psize = sizeof(ff), + .digest = + "\x41\x62\x9d\xe6\x77\xd7\xe8\x09\x0c\x3c\xd7\x0a\xff\xe3\x30\x0d" + "\x1e\x1c\xfb\xa2\xdb\x97\x94\x5e\xc3\x7f\xeb\x4e\x13\x75\xbc\x02" + "\xa5\x3f\x00\x37\x0b\x7d\x71\x5b\x07\xf3\x7f\x93\xca\xc8\x44\xef" + "\xad\xbf\xd1\xb8\x5f\x9d\xda\xe3\xde\x96\x56\xc0\xe9\x5a\xff\xc7"}, + {.algname = SN_id_GostR3411_2012_256, + .name = "64 bytes of FF", + .plaintext = ff, + .psize = sizeof(ff), + .digest = + "\x96\x4a\x5a\xb6\x02\x86\xf1\x06\x28\x87\x43\xe2\xfe\x1a\x42\x2d" + "\x16\x08\x98\xca\x1b\xd5\x35\xe8\x31\xaa\x50\x0c\xfe\x34\xd7\xe8"}, + {.algname = SN_id_GostR3411_94, + .name = "64 bytes of FF", + .plaintext = ff, + .psize = sizeof(ff), + .digest = + "\x58\x50\x4d\x26\xb3\x67\x7e\x75\x6b\xa3\xf4\xa9\xfd\x2f\x14\xb3" + "\xba\x54\x57\x06\x6a\x4a\xa1\xd7\x00\x65\x9b\x90\xdc\xdd\xd3\xc6"}, /* Synthetic tests. */ - { - .algname = SN_id_GostR3411_2012_256, - .name = "streebog256 synthetic test", - .outsize = 32, - .block_size = 64, - .digest = - "\xa2\xf3\x6d\x9c\x42\xa1\x1e\xad\xe3\xc1\xfe\x99\xf9\x99\xc3\x84" - "\xe7\x98\xae\x24\x50\x75\x73\xd7\xfc\x99\x81\xa0\x45\x85\x41\xf6" - }, - { - .algname = SN_id_GostR3411_2012_512, - .name = "streebog512 synthetic test", - .outsize = 64, - .block_size = 64, - .digest = - "\x1d\x14\x4d\xd8\xb8\x27\xfb\x55\x1a\x5a\x7d\x03\xbb\xdb\xfa\xcb" - "\x43\x6b\x5b\xc5\x77\x59\xfd\x5f\xf2\x3b\x8e\xf9\xc4\xdd\x6f\x79" - "\x45\xd8\x16\x59\x9e\xaa\xbc\xf2\xb1\x4f\xd0\xe4\xf6\xad\x46\x60" - "\x90\x89\xf7\x2f\x93\xd8\x85\x0c\xb0\x43\xff\x5a\xb6\xe3\x69\xbd" - }, - { 0 } -}; + {.algname = SN_id_GostR3411_2012_256, + .name = "streebog256 synthetic test", + .outsize = 32, + .block_size = 64, + .digest = + "\xa2\xf3\x6d\x9c\x42\xa1\x1e\xad\xe3\xc1\xfe\x99\xf9\x99\xc3\x84" + "\xe7\x98\xae\x24\x50\x75\x73\xd7\xfc\x99\x81\xa0\x45\x85\x41\xf6"}, + {.algname = SN_id_GostR3411_2012_512, + .name = "streebog512 synthetic test", + .outsize = 64, + .block_size = 64, + .digest = + "\x1d\x14\x4d\xd8\xb8\x27\xfb\x55\x1a\x5a\x7d\x03\xbb\xdb\xfa\xcb" + "\x43\x6b\x5b\xc5\x77\x59\xfd\x5f\xf2\x3b\x8e\xf9\xc4\xdd\x6f\x79" + "\x45\xd8\x16\x59\x9e\xaa\xbc\xf2\xb1\x4f\xd0\xe4\xf6\xad\x46\x60" + "\x90\x89\xf7\x2f\x93\xd8\x85\x0c\xb0\x43\xff\x5a\xb6\xe3\x69\xbd"}, + {0}}; static void hexdump(const void *ptr, size_t len) { @@ -493,19 +497,19 @@ static void hexdump(const void *ptr, size_t len) size_t i, j; for (i = 0; i < len; i += j) { - for (j = 0; j < 16 && i + j < len; j++) - printf("%s%02x", j? "" : " ", p[i + j]); + for (j = 0; j < 16 && i + j < len; j++) + printf("%s%02x", j ? "" : " ", p[i + j]); } printf("\n"); } static int do_hmac_old(int iter, const EVP_MD *type, const char *plaintext, - const struct hash_testvec *t) + const struct hash_testvec *t) { unsigned int len; unsigned char md[EVP_MAX_MD_SIZE]; if (!iter) - printf("[HMAC] "); + printf("[HMAC] "); HMAC_CTX *ctx; T(ctx = HMAC_CTX_new()); @@ -515,34 +519,33 @@ static int do_hmac_old(int iter, const EVP_MD *type, const char *plaintext, HMAC_CTX_free(ctx); if (t->outsize) - T(len == t->outsize); + T(len == t->outsize); if (memcmp(md, t->hmac, len) != 0) { - printf(cRED "hmac mismatch (iter %d)" cNORM "\n", iter); - hexdump(t->hmac, len); - hexdump(md, len); - return 1; + printf(cRED "hmac mismatch (iter %d)" cNORM "\n", iter); + hexdump(t->hmac, len); + hexdump(md, len); + return 1; } return 0; } #if OPENSSL_VERSION_MAJOR >= 3 static int do_hmac_prov(int iter, const EVP_MD *md, const char *plaintext, - const struct hash_testvec *t) + const struct hash_testvec *t) { size_t len; unsigned char out[EVP_MAX_MD_SIZE]; if (!iter) - printf("[HMAC by EVP_MAC] "); + printf("[HMAC by EVP_MAC] "); EVP_MAC *hmac; T(hmac = EVP_MAC_fetch(NULL, "HMAC", NULL)); EVP_MAC_CTX *ctx; T(ctx = EVP_MAC_CTX_new(hmac)); OSSL_PARAM params[] = { - OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_DIGEST, - (char *)EVP_MD_name(md), 0), - OSSL_PARAM_END - }; + OSSL_PARAM_utf8_string( + OSSL_MAC_PARAM_DIGEST, (char *)EVP_MD_name(md), 0), + OSSL_PARAM_END}; T(EVP_MAC_init(ctx, (const unsigned char *)t->key, t->key_size, params)); T(EVP_MAC_update(ctx, (unsigned char *)plaintext, t->psize)); T(EVP_MAC_final(ctx, out, &len, sizeof(out))); @@ -550,19 +553,19 @@ static int do_hmac_prov(int iter, const EVP_MD *md, const char *plaintext, EVP_MAC_free(hmac); if (t->outsize) - T(len == t->outsize); + T(len == t->outsize); if (memcmp(out, t->hmac, len) != 0) { - printf(cRED "hmac mismatch (iter %d)" cNORM "\n", iter); - hexdump(t->hmac, len); - hexdump(out, len); - return 1; + printf(cRED "hmac mismatch (iter %d)" cNORM "\n", iter); + hexdump(t->hmac, len); + hexdump(out, len); + return 1; } return 0; } #endif static int do_hmac(int iter, const EVP_MD *type, const char *plaintext, - const struct hash_testvec *t) + const struct hash_testvec *t) { int ret; @@ -579,8 +582,8 @@ static int do_hmac(int iter, const EVP_MD *type, const char *plaintext, * If we have OMAC1/CMAC test vector, * use CMAC provider to test it. */ -static int do_cmac_prov(int iter, const char *plaintext, - const struct hash_testvec *t) +static int +do_cmac_prov(int iter, const char *plaintext, const struct hash_testvec *t) { #if OPENSSL_VERSION_MAJOR >= 3 char *ciphername = NULL; @@ -600,22 +603,21 @@ static int do_cmac_prov(int iter, const char *plaintext, } if (!iter) - printf("[CMAC(%s)] ", ciphername); + printf("[CMAC(%s)] ", ciphername); size_t len; unsigned char out[EVP_MAX_MD_SIZE]; size_t outsize = t->outsize; if (t->truncate) - outsize = t->truncate; + outsize = t->truncate; EVP_MAC *cmac; T(cmac = EVP_MAC_fetch(NULL, "CMAC", NULL)); EVP_MAC_CTX *ctx; T(ctx = EVP_MAC_CTX_new(cmac)); OSSL_PARAM params[] = { - OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_CIPHER, ciphername, 0), - OSSL_PARAM_END - }; + OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_CIPHER, ciphername, 0), + OSSL_PARAM_END}; T(EVP_MAC_CTX_set_params(ctx, params)); T(EVP_MAC_init(ctx, (const unsigned char *)t->key, t->key_size, params)); T(EVP_MAC_update(ctx, (unsigned char *)plaintext, t->psize)); @@ -627,10 +629,10 @@ static int do_cmac_prov(int iter, const char *plaintext, * So, just compare until what we need. */ T(outsize <= len); if (memcmp(out, t->digest, outsize) != 0) { - printf(cRED "cmac mismatch (iter %d)" cNORM "\n", iter); - hexdump(t->digest, outsize); - hexdump(out, len); - return 1; + printf(cRED "cmac mismatch (iter %d)" cNORM "\n", iter); + hexdump(t->digest, outsize); + hexdump(out, len); + return 1; } #endif return 0; @@ -644,7 +646,8 @@ static int do_mac(int iter, EVP_MAC *mac, const char *plaintext, size_t acpkm = (size_t)t->acpkm; size_t acpkm_t = (size_t)t->acpkm_t; - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; + OSSL_PARAM params[] = { + OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END}; OSSL_PARAM *p = params; if (acpkm) { *p++ = OSSL_PARAM_construct_size_t("key-mesh", &acpkm); @@ -659,9 +662,8 @@ static int do_mac(int iter, EVP_MAC *mac, const char *plaintext, size_t outsize; if (t->truncate) { outsize = t->truncate; - *p++ = OSSL_PARAM_construct_size_t("size", &outsize); - } - else + *p++ = OSSL_PARAM_construct_size_t("size", &outsize); + } else outsize = EVP_MAC_CTX_get_mac_size(ctx); T(EVP_MAC_init(ctx, (const unsigned char *)t->key, t->key_size, NULL)); @@ -682,8 +684,8 @@ static int do_mac(int iter, EVP_MAC *mac, const char *plaintext, EVP_MAC_CTX_free(ctx); T(len == outsize); if (memcmp(out, t->digest, outsize) != 0) { - printf(cRED "mac mismatch (iter %d, outsize %d)" cNORM "\n", - iter, (int)outsize); + printf(cRED "mac mismatch (iter %d, outsize %d)" cNORM "\n", iter, + (int)outsize); hexdump(t->digest, outsize); hexdump(out, outsize); return 1; @@ -696,47 +698,47 @@ static int do_digest(int iter, const EVP_MD *type, const char *plaintext, const struct hash_testvec *t) { if (!iter) - printf("[MD %zu] ", t->outsize); + printf("[MD %zu] ", t->outsize); if (t->outsize) - T(EVP_MD_size(type) == t->outsize); + T(EVP_MD_size(type) == t->outsize); size_t outsize; if (t->truncate) - outsize = t->truncate; + outsize = t->truncate; else - outsize = EVP_MD_size(type); + outsize = EVP_MD_size(type); if (t->block_size) - T(EVP_MD_block_size(type) == t->block_size); + T(EVP_MD_block_size(type) == t->block_size); EVP_MD_CTX *ctx; T(ctx = EVP_MD_CTX_new()); T(EVP_MD_CTX_init(ctx)); T(EVP_DigestInit_ex(ctx, type, NULL)); if (t->key) - T(EVP_MD_CTX_ctrl(ctx, EVP_MD_CTRL_SET_KEY, t->key_size, - (void *)t->key)); + T(EVP_MD_CTX_ctrl( + ctx, EVP_MD_CTRL_SET_KEY, t->key_size, (void *)t->key)); if (t->acpkm) - T(EVP_MD_CTX_ctrl(ctx, EVP_CTRL_KEY_MESH, t->acpkm, - t->acpkm_t? (void *)&t->acpkm_t : NULL)); + T(EVP_MD_CTX_ctrl(ctx, EVP_CTRL_KEY_MESH, t->acpkm, + t->acpkm_t ? (void *)&t->acpkm_t : NULL)); T(EVP_DigestUpdate(ctx, plaintext, t->psize)); unsigned int len; unsigned char out[EVP_MAX_MD_SIZE]; if (EVP_MD_flags(EVP_MD_CTX_md(ctx)) & EVP_MD_FLAG_XOF) { - T(EVP_DigestFinalXOF(ctx, out, outsize)); - len = outsize; + T(EVP_DigestFinalXOF(ctx, out, outsize)); + len = outsize; } else { - T(EVP_MD_CTX_size(ctx) == outsize); - T(EVP_DigestFinal_ex(ctx, out, &len)); + T(EVP_MD_CTX_size(ctx) == outsize); + T(EVP_DigestFinal_ex(ctx, out, &len)); } EVP_MD_CTX_free(ctx); T(len == outsize); if (memcmp(out, t->digest, outsize) != 0) { - printf(cRED "digest mismatch (iter %d, outsize %d)" cNORM "\n", - iter, (int)outsize); - hexdump(t->digest, outsize); - hexdump(out, outsize); - return 1; + printf(cRED "digest mismatch (iter %d, outsize %d)" cNORM "\n", iter, + (int)outsize); + hexdump(t->digest, outsize); + hexdump(out, outsize); + return 1; } return 0; @@ -762,36 +764,36 @@ static int do_test(const struct hash_testvec *tv) char *buf; T(buf = OPENSSL_malloc(tv->psize + shifts)); for (i = 0; i < shifts; i++) { - memcpy(buf + i, tv->plaintext, tv->psize); - if (mac) { - ret |= do_mac(i, mac, buf + i, tv); - } - if (md) { - if (tv->hmac) - ret |= do_hmac(i, md, buf + i, tv); - else - ret |= do_digest(i, md, buf + i, tv); - - } - /* Test CMAC provider for applicable entries. */ - ret |= do_cmac_prov(i, buf + i, tv); - - /* No need to continue loop on failure. */ - if (ret) - break; + memcpy(buf + i, tv->plaintext, tv->psize); + if (mac) { + ret |= do_mac(i, mac, buf + i, tv); + } + if (md) { + if (tv->hmac) + ret |= do_hmac(i, md, buf + i, tv); + else + ret |= do_digest(i, md, buf + i, tv); + } + /* Test CMAC provider for applicable entries. */ + ret |= do_cmac_prov(i, buf + i, tv); + + /* No need to continue loop on failure. */ + if (ret) + break; } OPENSSL_free(buf); EVP_MAC_free(mac); EVP_MD_free(md); if (!ret) - printf(cGREEN "success" cNORM "\n"); + printf(cGREEN "success" cNORM "\n"); else - printf(cRED "fail" cNORM "\n"); + printf(cRED "fail" cNORM "\n"); return ret; } #define SUPER_SIZE 256 + /* * For 256-byte buffer filled with 256 bytes from 0 to 255; * Digest them 256 times from the buffer end with lengths from 0 to 256, @@ -806,14 +808,14 @@ static int do_synthetic_once(const struct hash_testvec *tv, unsigned int shifts) /* fill with pattern */ unsigned int len; for (len = 0; len < SUPER_SIZE; len++) - ibuf[shifts + len] = len & 0xff; + ibuf[shifts + len] = len & 0xff; EVP_MD *dgst; T((dgst = (EVP_MD *)EVP_get_digestbyname(tv->algname)) || (dgst = EVP_MD_fetch(NULL, tv->algname, NULL))); OPENSSL_assert(EVP_MD_is_a(dgst, tv->algname)); EVP_MD_CTX *ctx, *ctx2; - T(ctx = EVP_MD_CTX_new()); + T(ctx = EVP_MD_CTX_new()); T(ctx2 = EVP_MD_CTX_new()); T(EVP_DigestInit(ctx2, dgst)); OPENSSL_assert(EVP_MD_is_a(EVP_MD_CTX_md(ctx2), tv->algname)); @@ -828,19 +830,19 @@ static int do_synthetic_once(const struct hash_testvec *tv, unsigned int shifts) /* digest cycles */ for (len = 0; len < SUPER_SIZE; len++) { - /* for each len digest len bytes from the end of buf */ - T(EVP_DigestInit(ctx, dgst)); - T(EVP_DigestUpdate(ctx, ibuf + shifts + SUPER_SIZE - len, len)); - T(EVP_DigestFinal(ctx, md, NULL)); - T(EVP_DigestUpdate(ctx2, md, mdlen)); + /* for each len digest len bytes from the end of buf */ + T(EVP_DigestInit(ctx, dgst)); + T(EVP_DigestUpdate(ctx, ibuf + shifts + SUPER_SIZE - len, len)); + T(EVP_DigestFinal(ctx, md, NULL)); + T(EVP_DigestUpdate(ctx2, md, mdlen)); } for (len = 0; len < SUPER_SIZE; len++) { - /* for each len digest len bytes from the beginning of buf */ - T(EVP_DigestInit(ctx, dgst)); - T(EVP_DigestUpdate(ctx, ibuf + shifts, len)); - T(EVP_DigestFinal(ctx, md, NULL)); - T(EVP_DigestUpdate(ctx2, md, mdlen)); + /* for each len digest len bytes from the beginning of buf */ + T(EVP_DigestInit(ctx, dgst)); + T(EVP_DigestUpdate(ctx, ibuf + shifts, len)); + T(EVP_DigestFinal(ctx, md, NULL)); + T(EVP_DigestUpdate(ctx2, md, mdlen)); } OPENSSL_free(ibuf); @@ -852,20 +854,20 @@ static int do_synthetic_once(const struct hash_testvec *tv, unsigned int shifts) EVP_MD_free(dgst); if (len != mdlen) { - printf(cRED "digest output len mismatch %u != %u (expected)" cNORM "\n", - len, mdlen); - goto err; + printf(cRED "digest output len mismatch %u != %u (expected)" cNORM "\n", + len, mdlen); + goto err; } if (memcmp(md, tv->digest, mdlen) != 0) { - printf(cRED "digest mismatch" cNORM "\n"); - - unsigned int i; - printf(" Expected value is: "); - for (i = 0; i < mdlen; i++) - printf("\\x%02x", md[i]); - printf("\n"); - goto err; + printf(cRED "digest mismatch" cNORM "\n"); + + unsigned int i; + printf(" Expected value is: "); + for (i = 0; i < mdlen; i++) + printf("\\x%02x", md[i]); + printf("\n"); + goto err; } OPENSSL_free(md - shifts); @@ -886,12 +888,12 @@ static int do_synthetic_test(const struct hash_testvec *tv) unsigned int shifts; for (shifts = 0; shifts < 16 && !ret; shifts++) - ret |= do_synthetic_once(tv, shifts); + ret |= do_synthetic_once(tv, shifts); if (!ret) - printf(cGREEN "success" cNORM "\n"); + printf(cGREEN "success" cNORM "\n"); else - printf(cRED "fail" cNORM "\n"); + printf(cRED "fail" cNORM "\n"); return 0; } @@ -945,9 +947,8 @@ void warn_all_untested(void) OSSL_PROVIDER *prov; T(prov = OSSL_PROVIDER_load(NULL, "gostprov")); - EVP_MD_do_all_provided(NULL, - (void (*)(EVP_MD *, void *))warn_if_untested, - prov); + EVP_MD_do_all_provided( + NULL, (void (*)(EVP_MD *, void *))warn_if_untested, prov); OSSL_PROVIDER_unload(prov); } @@ -965,17 +966,17 @@ int main(int argc, char **argv) const struct hash_testvec *tv; for (tv = testvecs; tv->algname; tv++) { - if (tv->plaintext) - ret |= do_test(tv); - else - ret |= do_synthetic_test(tv); + if (tv->plaintext) + ret |= do_test(tv); + else + ret |= do_synthetic_test(tv); } warn_all_untested(); if (ret) - printf(cDRED "= Some tests FAILED!" cNORM "\n"); + printf(cDRED "= Some tests FAILED!" cNORM "\n"); else - printf(cDGREEN "= All tests passed!" cNORM "\n"); + printf(cDGREEN "= All tests passed!" cNORM "\n"); return ret; } diff --git a/test_gost2814789.c b/test_gost2814789.c index 211e57723..a34ed4b28 100644 --- a/test_gost2814789.c +++ b/test_gost2814789.c @@ -12,1230 +12,795 @@ # include # pragma warning(pop) #endif -#include - -#include -#include #include #include #include #include #include #include +#include +#include +#include -#define CCGOST_ID "gost" +#define CCGOST_ID "gost" #define CCGOST_DIR "." #include "gost89.h" -#define G89_MAX_TC_LEN (2048) -#define G89_BLOCK_LEN (8) +#define G89_MAX_TC_LEN (2048) +#define G89_BLOCK_LEN (8) -typedef enum g89_mode_ { - G89_ECB, - G89_CFB, - G89_CNT, - G89_IMIT -} g89_mode; +typedef enum g89_mode_ { G89_ECB, G89_CFB, G89_CNT, G89_IMIT } g89_mode; typedef struct g89_tc_ { - unsigned long long ullLen; // ullLen > G89_MAX_TC_LEN - // Clear text ullLen - // of zero bytes - const byte bIn[G89_MAX_TC_LEN]; // Clear text, when - // ullLen <= G89_MAX_TC_LEN - const char *szParamSet; // S-Box ID - const char *szDerive; // String for derive bRawKey + unsigned long long ullLen; // ullLen > G89_MAX_TC_LEN + // Clear text ullLen + // of zero bytes + const byte bIn[G89_MAX_TC_LEN]; // Clear text, when + // ullLen <= G89_MAX_TC_LEN + const char *szParamSet; // S-Box ID + const char *szDerive; // String for derive bRawKey const byte bRawKey[EVP_MAX_KEY_LENGTH]; - g89_mode gMode; // Mode of encryption or MAC - const byte bIV[EVP_MAX_IV_LENGTH]; // IV for CFB or CNT mode - const byte bOut[G89_MAX_TC_LEN]; // Cipher text for ECB/CFB/CNT - // mode, when ullLen <= G89_MAX_TC_LEN; - // Last 16 byte of cipher text for - // ECB/CFB/CNT, when ullLen > - // G89_MAX_TC_LEN; - // 4 byte MAC for imitovstavka -} g89_tc; + g89_mode gMode; // Mode of encryption or MAC + const byte bIV[EVP_MAX_IV_LENGTH]; // IV for CFB or CNT mode + const byte bOut[G89_MAX_TC_LEN]; // Cipher text for ECB/CFB/CNT + // mode, when ullLen <= G89_MAX_TC_LEN; + // Last 16 byte of cipher text for + // ECB/CFB/CNT, when ullLen > + // G89_MAX_TC_LEN; + // 4 byte MAC for imitovstavka +} g89_tc; const g89_tc tcs[] = { - /* + /* * GOST R 34.11-94 Test cases */ - { /* see p. A.3.1 [GOSTR341194], p. 7.3.1 [ENG-GOSTR341194] */ - /* */ - /* Iteration 1, K[1], see Errata for RFC 5831 */ - 8, - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }, - "id-GostR3410-94-TestParamSet", - NULL, - { - 0x54, 0x6d, 0x20, 0x33, 0x68, 0x65, 0x6c, 0x32, - 0x69, 0x73, 0x65, 0x20, 0x73, 0x73, 0x6e, 0x62, - 0x20, 0x61, 0x67, 0x79, 0x69, 0x67, 0x74, 0x74, - 0x73, 0x65, 0x68, 0x65, 0x20, 0x2c, 0x3d, 0x73 - }, - G89_ECB, - { 0 }, - { - 0x1b, 0x0b, 0xbc, 0x32, 0xce, 0xbc, 0xab, 0x42 - } - }, - { /* see p. A.3.1 [GOSTR341194], p. 7.3.1 [ENG-GOSTR341194] */ - /* */ - /* Iteration 1, K[4] */ - 8, - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }, - "id-GostR3410-94-TestParamSet", - NULL, - { - 0xec, 0x0a, 0x8b, 0xa1, 0x5e, 0xc0, 0x04, 0xa8, - 0xba, 0xc5, 0x0c, 0xac, 0x0c, 0x62, 0x1d, 0xee, - 0xe1, 0xc7, 0xb8, 0xe7, 0x00, 0x7a, 0xe2, 0xec, - 0xf2, 0x73, 0x1b, 0xff, 0x4e, 0x80, 0xe2, 0xa0 - }, - G89_ECB, - { 0 }, - { - 0x2d, 0x56, 0x2a, 0x0d, 0x19, 0x04, 0x86, 0xe7 - } - }, - { /* see p. A.3.1 [GOSTR341194], p. 7.3.1 [ENG-GOSTR341194] */ - /* */ - /* Iteration 2, K[1] */ - 8, - { - 0x34, 0xc0, 0x15, 0x33, 0xe3, 0x7d, 0x1c, 0x56 - }, - "id-GostR3410-94-TestParamSet", - NULL, - { - 0x34, 0x87, 0x24, 0xa4, 0xc1, 0xa6, 0x76, 0x67, - 0x15, 0x3d, 0xde, 0x59, 0x33, 0x88, 0x42, 0x50, - 0xe3, 0x24, 0x8c, 0x65, 0x7d, 0x41, 0x3b, 0x8c, - 0x1c, 0x9c, 0xa0, 0x9a, 0x56, 0xd9, 0x68, 0xcf - }, - G89_ECB, - { 0 }, - { - 0x86, 0x3e, 0x78, 0xdd, 0x2d, 0x60, 0xd1, 0x3c - } - }, - /* + {/* see p. A.3.1 [GOSTR341194], p. 7.3.1 [ENG-GOSTR341194] */ + /* */ + /* Iteration 1, K[1], see Errata for RFC 5831 */ + 8, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + "id-GostR3410-94-TestParamSet", + NULL, + {0x54, 0x6d, 0x20, 0x33, 0x68, 0x65, 0x6c, 0x32, 0x69, 0x73, 0x65, + 0x20, 0x73, 0x73, 0x6e, 0x62, 0x20, 0x61, 0x67, 0x79, 0x69, 0x67, + 0x74, 0x74, 0x73, 0x65, 0x68, 0x65, 0x20, 0x2c, 0x3d, 0x73}, + G89_ECB, + {0}, + {0x1b, 0x0b, 0xbc, 0x32, 0xce, 0xbc, 0xab, 0x42}}, + {/* see p. A.3.1 [GOSTR341194], p. 7.3.1 [ENG-GOSTR341194] */ + /* */ + /* Iteration 1, K[4] */ + 8, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + "id-GostR3410-94-TestParamSet", + NULL, + {0xec, 0x0a, 0x8b, 0xa1, 0x5e, 0xc0, 0x04, 0xa8, 0xba, 0xc5, 0x0c, + 0xac, 0x0c, 0x62, 0x1d, 0xee, 0xe1, 0xc7, 0xb8, 0xe7, 0x00, 0x7a, + 0xe2, 0xec, 0xf2, 0x73, 0x1b, 0xff, 0x4e, 0x80, 0xe2, 0xa0}, + G89_ECB, + {0}, + {0x2d, 0x56, 0x2a, 0x0d, 0x19, 0x04, 0x86, 0xe7}}, + {/* see p. A.3.1 [GOSTR341194], p. 7.3.1 [ENG-GOSTR341194] */ + /* */ + /* Iteration 2, K[1] */ + 8, + {0x34, 0xc0, 0x15, 0x33, 0xe3, 0x7d, 0x1c, 0x56}, + "id-GostR3410-94-TestParamSet", + NULL, + {0x34, 0x87, 0x24, 0xa4, 0xc1, 0xa6, 0x76, 0x67, 0x15, 0x3d, 0xde, + 0x59, 0x33, 0x88, 0x42, 0x50, 0xe3, 0x24, 0x8c, 0x65, 0x7d, 0x41, + 0x3b, 0x8c, 0x1c, 0x9c, 0xa0, 0x9a, 0x56, 0xd9, 0x68, 0xcf}, + G89_ECB, + {0}, + {0x86, 0x3e, 0x78, 0xdd, 0x2d, 0x60, 0xd1, 0x3c}}, + /* * id-Gost28147-89-CryptoPro-A-ParamSet (1.2.643.2.2.31.1) * Test cases */ - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 16, - { - 0x74, 0x3d, 0x76, 0xf9, 0x1b, 0xee, 0x35, 0x3c, - 0xa2, 0x5c, 0x3b, 0x10, 0xeb, 0x64, 0xcf, 0xf5 - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testecb1", - { - 0xbb, 0xf1, 0xed, 0xd3, 0x20, 0xaf, 0x8a, 0x62, - 0x8e, 0x11, 0xc8, 0xa9, 0x51, 0xcc, 0xbe, 0x81, - 0x47, 0x7b, 0x41, 0xa1, 0x6a, 0xf6, 0x7f, 0x05, - 0xe8, 0x51, 0x2f, 0x9e, 0x01, 0xf8, 0xcf, 0x49 - }, - G89_ECB, - { 0 }, - { - 0xc3, 0x73, 0x90, 0x95, 0x35, 0x58, 0x08, 0x63, - 0xcb, 0x68, 0x85, 0x96, 0x77, 0xe8, 0xfb, 0xa9 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 16, - { - 0xd2, 0xfd, 0xf8, 0x3a, 0xc1, 0xb4, 0x39, 0x23, - 0x2e, 0xaa, 0xcc, 0x98, 0x0a, 0x02, 0xda, 0x33 - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testcfb1", - { - 0x8d, 0x5a, 0x2c, 0x83, 0xa7, 0xc7, 0x0a, 0x61, - 0xd6, 0x1b, 0x34, 0xb5, 0x1f, 0xdf, 0x42, 0x68, - 0x66, 0x71, 0xa3, 0x5d, 0x87, 0x4c, 0xfd, 0x84, - 0x99, 0x36, 0x63, 0xb6, 0x1e, 0xd6, 0x0d, 0xad - }, - G89_CFB, - { - 0x46, 0x60, 0x6f, 0x0d, 0x88, 0x34, 0x23, 0x5a - }, - { - 0x88, 0xb7, 0x75, 0x16, 0x74, 0xa5, 0xee, 0x2d, - 0x14, 0xfe, 0x91, 0x67, 0xd0, 0x5c, 0xcc, 0x40 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 16, - { - 0x90, 0xa2, 0x39, 0x66, 0xae, 0x01, 0xb9, 0xa3, - 0x52, 0x4e, 0xc8, 0xed, 0x6c, 0xdd, 0x88, 0x30 - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testcnt1", - { - 0x59, 0x9f, 0x84, 0xba, 0xc3, 0xf3, 0xd2, 0xf1, - 0x60, 0xe1, 0xe3, 0xf2, 0x6a, 0x96, 0x1a, 0xf9, - 0x9c, 0x48, 0xb2, 0x4e, 0xbc, 0xbb, 0xbf, 0x7c, - 0xd8, 0xf3, 0xac, 0xcd, 0x96, 0x8d, 0x28, 0x6a - }, - G89_CNT, - { - 0x8d, 0xaf, 0xa8, 0xd1, 0x58, 0xed, 0x05, 0x8d - }, - { - 0x6e, 0x72, 0x62, 0xcc, 0xe3, 0x59, 0x36, 0x90, - 0x83, 0x3a, 0xfe, 0xa9, 0x1b, 0xc9, 0xbe, 0xce - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 16, - { - 0xb5, 0xa1, 0xf0, 0xe3, 0xce, 0x2f, 0x02, 0x1d, - 0x67, 0x61, 0x94, 0x34, 0x5c, 0x41, 0xe3, 0x6e - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testimit1", - { - 0x9d, 0x05, 0xb7, 0x9e, 0x90, 0xca, 0xd0, 0x0a, - 0x2c, 0xda, 0xd2, 0x2e, 0xf4, 0xe8, 0x6f, 0x5c, - 0xf5, 0xdc, 0x37, 0x68, 0x19, 0x85, 0xb3, 0xbf, - 0xaa, 0x18, 0xc1, 0xc3, 0x05, 0x0a, 0x91, 0xa2 - }, - G89_IMIT, - { 0 }, - { - 0xf8, 0x1f, 0x08, 0xa3 - } - }, - /* + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 16, + {0x74, 0x3d, 0x76, 0xf9, 0x1b, 0xee, 0x35, 0x3c, 0xa2, 0x5c, 0x3b, 0x10, + 0xeb, 0x64, 0xcf, 0xf5}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testecb1", + {0xbb, 0xf1, 0xed, 0xd3, 0x20, 0xaf, 0x8a, 0x62, 0x8e, 0x11, 0xc8, + 0xa9, 0x51, 0xcc, 0xbe, 0x81, 0x47, 0x7b, 0x41, 0xa1, 0x6a, 0xf6, + 0x7f, 0x05, 0xe8, 0x51, 0x2f, 0x9e, 0x01, 0xf8, 0xcf, 0x49}, + G89_ECB, + {0}, + {0xc3, 0x73, 0x90, 0x95, 0x35, 0x58, 0x08, 0x63, 0xcb, 0x68, 0x85, 0x96, + 0x77, 0xe8, 0xfb, 0xa9}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 16, + {0xd2, 0xfd, 0xf8, 0x3a, 0xc1, 0xb4, 0x39, 0x23, 0x2e, 0xaa, 0xcc, 0x98, + 0x0a, 0x02, 0xda, 0x33}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testcfb1", + {0x8d, 0x5a, 0x2c, 0x83, 0xa7, 0xc7, 0x0a, 0x61, 0xd6, 0x1b, 0x34, + 0xb5, 0x1f, 0xdf, 0x42, 0x68, 0x66, 0x71, 0xa3, 0x5d, 0x87, 0x4c, + 0xfd, 0x84, 0x99, 0x36, 0x63, 0xb6, 0x1e, 0xd6, 0x0d, 0xad}, + G89_CFB, + {0x46, 0x60, 0x6f, 0x0d, 0x88, 0x34, 0x23, 0x5a}, + {0x88, 0xb7, 0x75, 0x16, 0x74, 0xa5, 0xee, 0x2d, 0x14, 0xfe, 0x91, 0x67, + 0xd0, 0x5c, 0xcc, 0x40}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 16, + {0x90, 0xa2, 0x39, 0x66, 0xae, 0x01, 0xb9, 0xa3, 0x52, 0x4e, 0xc8, 0xed, + 0x6c, 0xdd, 0x88, 0x30}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testcnt1", + {0x59, 0x9f, 0x84, 0xba, 0xc3, 0xf3, 0xd2, 0xf1, 0x60, 0xe1, 0xe3, + 0xf2, 0x6a, 0x96, 0x1a, 0xf9, 0x9c, 0x48, 0xb2, 0x4e, 0xbc, 0xbb, + 0xbf, 0x7c, 0xd8, 0xf3, 0xac, 0xcd, 0x96, 0x8d, 0x28, 0x6a}, + G89_CNT, + {0x8d, 0xaf, 0xa8, 0xd1, 0x58, 0xed, 0x05, 0x8d}, + {0x6e, 0x72, 0x62, 0xcc, 0xe3, 0x59, 0x36, 0x90, 0x83, 0x3a, 0xfe, 0xa9, + 0x1b, 0xc9, 0xbe, 0xce}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 16, + {0xb5, 0xa1, 0xf0, 0xe3, 0xce, 0x2f, 0x02, 0x1d, 0x67, 0x61, 0x94, 0x34, + 0x5c, 0x41, 0xe3, 0x6e}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testimit1", + {0x9d, 0x05, 0xb7, 0x9e, 0x90, 0xca, 0xd0, 0x0a, 0x2c, 0xda, 0xd2, + 0x2e, 0xf4, 0xe8, 0x6f, 0x5c, 0xf5, 0xdc, 0x37, 0x68, 0x19, 0x85, + 0xb3, 0xbf, 0xaa, 0x18, 0xc1, 0xc3, 0x05, 0x0a, 0x91, 0xa2}, + G89_IMIT, + {0}, + {0xf8, 0x1f, 0x08, 0xa3}}, + /* * Other paramsets and key meshing test cases. */ - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 1039, - { - 0x8c, 0x9c, 0x44, 0x35, 0xfb, 0xe9, 0xa5, 0xa3, - 0xa0, 0xae, 0x28, 0x56, 0x91, 0x10, 0x8e, 0x1e , - 0xd2, 0xbb, 0x18, 0x53, 0x81, 0x27, 0x0d, 0xa6, - 0x68, 0x59, 0x36, 0xc5, 0x81, 0x62, 0x9a, 0x8e, - 0x7d, 0x50, 0xf1, 0x6f, 0x97, 0x62, 0x29, 0xec, - 0x80, 0x51, 0xe3, 0x7d, 0x6c, 0xc4, 0x07, 0x95, - 0x28, 0x63, 0xdc, 0xb4, 0xb9, 0x2d, 0xb8, 0x13, - 0xb1, 0x05, 0xb5, 0xf9, 0xeb, 0x75, 0x37, 0x4e, - 0xf7, 0xbf, 0x51, 0xf1, 0x98, 0x86, 0x43, 0xc4, - 0xe4, 0x3d, 0x3e, 0xa7, 0x62, 0xec, 0x41, 0x59, - 0xe0, 0xbd, 0xfb, 0xb6, 0xfd, 0xec, 0xe0, 0x77, - 0x13, 0xd2, 0x59, 0x90, 0xa1, 0xb8, 0x97, 0x6b, - 0x3d, 0x8b, 0x7d, 0xfc, 0x9d, 0xca, 0x82, 0x73, - 0x32, 0x70, 0x0a, 0x74, 0x03, 0xc6, 0x0c, 0x26, - 0x7f, 0x56, 0xf0, 0x9d, 0xb2, 0xeb, 0x71, 0x40, - 0xd7, 0xc3, 0xb1, 0xa7, 0xc5, 0x1e, 0x20, 0x17, - 0xb3, 0x50, 0x1d, 0x8a, 0x6e, 0x19, 0xcb, 0xbe, - 0x20, 0x86, 0x2b, 0xd6, 0x1c, 0xfd, 0xb4, 0xb7, - 0x5d, 0x9a, 0xb3, 0xe3, 0x7d, 0x15, 0x7a, 0x35, - 0x01, 0x9f, 0x5d, 0x65, 0x89, 0x4b, 0x34, 0xc6, - 0xf4, 0x81, 0x3f, 0x78, 0x30, 0xcf, 0xe9, 0x15, - 0x90, 0x9a, 0xf9, 0xde, 0xba, 0x63, 0xd0, 0x19, - 0x14, 0x66, 0x3c, 0xb9, 0xa4, 0xb2, 0x84, 0x94, - 0x02, 0xcf, 0xce, 0x20, 0xcf, 0x76, 0xe7, 0xc5, - 0x48, 0xf7, 0x69, 0x3a, 0x5d, 0xec, 0xaf, 0x41, - 0xa7, 0x12, 0x64, 0x83, 0xf5, 0x99, 0x1e, 0x9e, - 0xb2, 0xab, 0x86, 0x16, 0x00, 0x23, 0x8e, 0xe6, - 0xd9, 0x80, 0x0b, 0x6d, 0xc5, 0x93, 0xe2, 0x5c, - 0x8c, 0xd8, 0x5e, 0x5a, 0xae, 0x4a, 0x85, 0xfd, - 0x76, 0x01, 0xea, 0x30, 0xf3, 0x78, 0x34, 0x10, - 0x72, 0x51, 0xbc, 0x9f, 0x76, 0xce, 0x1f, 0xd4, - 0x8f, 0x33, 0x50, 0x34, 0xc7, 0x4d, 0x7b, 0xcf, - 0x91, 0x63, 0x7d, 0x82, 0x9e, 0xa1, 0x23, 0x45, - 0xf5, 0x45, 0xac, 0x98, 0x7a, 0x48, 0xff, 0x64, - 0xd5, 0x59, 0x47, 0xde, 0x2b, 0x3f, 0xfa, 0xec, - 0x50, 0xe0, 0x81, 0x60, 0x8b, 0xc3, 0xfc, 0x80, - 0x98, 0x17, 0xc7, 0xa3, 0xc2, 0x57, 0x3d, 0xab, - 0x91, 0x67, 0xf5, 0xc4, 0xab, 0x92, 0xc8, 0xd6, - 0x3b, 0x6b, 0x3f, 0xff, 0x15, 0x6b, 0xcf, 0x53, - 0x65, 0x02, 0xf1, 0x74, 0xca, 0xa9, 0xbe, 0x24, - 0xd2, 0xf0, 0xb7, 0x26, 0xa8, 0xd7, 0x6d, 0xed, - 0x90, 0x36, 0x7b, 0x3e, 0x41, 0xa9, 0x7f, 0xa3, - 0x1b, 0xf4, 0x43, 0xc5, 0x51, 0xbe, 0x28, 0x59, - 0xe9, 0x45, 0x26, 0x49, 0x38, 0x32, 0xf8, 0xf3, - 0x92, 0x6e, 0x30, 0xcc, 0xb0, 0xa0, 0xf9, 0x01, - 0x14, 0xc8, 0xba, 0xd9, 0xf0, 0x2a, 0x29, 0xe2, - 0x52, 0x9a, 0x76, 0x95, 0x3a, 0x16, 0x32, 0xec, - 0xf4, 0x10, 0xec, 0xee, 0x47, 0x00, 0x70, 0x19, - 0xe4, 0x72, 0x35, 0x66, 0x44, 0x53, 0x2d, 0xa2, - 0xf3, 0xaa, 0x7e, 0x8a, 0x33, 0x13, 0xcd, 0xc8, - 0xbf, 0x0e, 0x40, 0x90, 0x00, 0xe4, 0x42, 0xc3, - 0x09, 0x84, 0xe1, 0x66, 0x17, 0xa2, 0xaf, 0x03, - 0xab, 0x6b, 0xa1, 0xec, 0xfb, 0x17, 0x72, 0x81, - 0xfe, 0x9a, 0x9f, 0xf4, 0xb2, 0x33, 0x1f, 0xae, - 0x0c, 0xd1, 0x6a, 0xae, 0x19, 0xb8, 0xaf, 0xec, - 0xe3, 0xea, 0x00, 0xf8, 0xac, 0x87, 0x07, 0x5f, - 0x6d, 0xb0, 0xac, 0x6b, 0x22, 0x48, 0x36, 0xbf, - 0x22, 0x18, 0xb0, 0x03, 0x9f, 0x6c, 0x70, 0x45, - 0x36, 0xf0, 0x6b, 0xc6, 0xc2, 0xa5, 0x72, 0x2c, - 0xd8, 0xe0, 0x27, 0x3d, 0xec, 0x56, 0x07, 0x05, - 0x7d, 0x83, 0xa1, 0x65, 0x7d, 0x41, 0x5b, 0xcd, - 0x77, 0x24, 0xe5, 0xaa, 0x76, 0x47, 0xd0, 0x50, - 0xf6, 0xe7, 0xb5, 0x59, 0x75, 0x31, 0x27, 0xef, - 0xd8, 0xa6, 0x4e, 0x7f, 0xb8, 0x40, 0xb1, 0xdf, - 0x53, 0x14, 0xed, 0xf1, 0x68, 0x5f, 0xfc, 0x3f, - 0x02, 0xdb, 0x05, 0xeb, 0x31, 0xe4, 0x2c, 0x7f, - 0x32, 0xb5, 0x70, 0x8e, 0x75, 0x85, 0xa4, 0x5c, - 0x16, 0x23, 0x37, 0xf2, 0x10, 0x79, 0xcb, 0xdc, - 0xf8, 0x1c, 0x25, 0xc2, 0xa1, 0x3d, 0x9c, 0x33, - 0x6c, 0xed, 0xc3, 0xe7, 0xf3, 0x02, 0x87, 0x82, - 0x4e, 0xfb, 0xac, 0xb3, 0x2d, 0xfc, 0xf8, 0x0d, - 0x1d, 0x4a, 0x39, 0xd4, 0xb3, 0x09, 0xbb, 0xe9, - 0x25, 0xc7, 0xec, 0x6a, 0x87, 0x72, 0x84, 0xed, - 0x12, 0x60, 0x19, 0x64, 0xeb, 0x16, 0x2a, 0x5b, - 0x10, 0x76, 0x27, 0xff, 0x7b, 0xe4, 0xae, 0xe5, - 0xa4, 0x04, 0x02, 0x7f, 0xbb, 0x0a, 0xb5, 0xf4, - 0x05, 0xa5, 0x56, 0x1c, 0x53, 0x31, 0x7a, 0x93, - 0xba, 0x16, 0x15, 0xab, 0x62, 0x60, 0xfc, 0xde, - 0x72, 0x36, 0x6e, 0x28, 0xaf, 0x98, 0x0d, 0xe6, - 0xf4, 0xde, 0x60, 0xa7, 0x7e, 0x06, 0x07, 0x86, - 0xf3, 0x94, 0xb6, 0x6d, 0x0d, 0x93, 0xa6, 0xbc, - 0x60, 0x70, 0x33, 0xac, 0x3f, 0xa1, 0xa8, 0x4a, - 0x20, 0x61, 0xb6, 0xb5, 0x43, 0xa3, 0x15, 0x5a, - 0x00, 0xbe, 0x76, 0x98, 0x57, 0x72, 0xab, 0x7a, - 0x0e, 0x18, 0x93, 0x82, 0x3a, 0x18, 0x78, 0x6e, - 0x71, 0x7b, 0x78, 0x4f, 0x7e, 0x8c, 0xde, 0x7a, - 0x62, 0xb5, 0x0a, 0x7c, 0x45, 0x1d, 0x16, 0xd5, - 0xc3, 0x8c, 0x9b, 0x25, 0xb4, 0x50, 0x90, 0xcd, - 0x96, 0x93, 0xad, 0x0f, 0xd4, 0x43, 0xcb, 0x49, - 0x0f, 0xfc, 0x5a, 0x31, 0xf4, 0x19, 0xb7, 0xd4, - 0xeb, 0x4d, 0x40, 0x58, 0xd0, 0x3b, 0xc8, 0xe0, - 0x4a, 0x54, 0x2f, 0xdb, 0x22, 0xc3, 0x29, 0x7b, - 0x40, 0x90, 0x61, 0x43, 0xd3, 0x7e, 0xe2, 0x30, - 0x2b, 0x48, 0x3c, 0xce, 0x90, 0x93, 0xb1, 0x8b, - 0x31, 0x96, 0x65, 0x6d, 0x57, 0x8b, 0x9d, 0x4d, - 0x53, 0xf0, 0x83, 0x1c, 0xe5, 0xa1, 0x9d, 0x55, - 0xe3, 0xbf, 0x7e, 0xca, 0x1a, 0x74, 0x66, 0x14, - 0xcc, 0x47, 0x43, 0xd9, 0xbb, 0xef, 0x97, 0x7d, - 0xb7, 0x6e, 0xff, 0xf1, 0x22, 0xf8, 0x10, 0x2d, - 0x3f, 0xcd, 0x49, 0x96, 0xd9, 0x09, 0x11, 0xb8, - 0x33, 0xd0, 0x23, 0x9a, 0xfa, 0x16, 0xcb, 0x50, - 0x26, 0x57, 0x24, 0x5c, 0x0e, 0xba, 0xf0, 0x3f, - 0x37, 0x2f, 0xa3, 0xf7, 0x18, 0x57, 0x48, 0x48, - 0x95, 0xcf, 0xef, 0x87, 0x67, 0x2a, 0xe9, 0xb6, - 0x8a, 0x21, 0x36, 0x7f, 0xff, 0x48, 0x6c, 0x46, - 0x35, 0x57, 0xf2, 0xbc, 0x48, 0x67, 0x8f, 0x63, - 0x23, 0x78, 0x11, 0x2b, 0xc2, 0x08, 0xde, 0x51, - 0xe8, 0x8b, 0x92, 0x29, 0xf9, 0x9a, 0x9e, 0xad, - 0xed, 0x0f, 0xeb, 0xa2, 0xd2, 0x40, 0x92, 0xd4, - 0xde, 0x62, 0x95, 0x76, 0xfd, 0x6e, 0x3c, 0xbf, - 0xc0, 0xd7, 0x0d, 0xe5, 0x1b, 0xa4, 0xc7, 0x18, - 0xe1, 0x58, 0xa4, 0x56, 0xef, 0x2e, 0x17, 0x1b, - 0x75, 0xcb, 0xbc, 0xf9, 0x2a, 0x95, 0x71, 0xa7, - 0x1d, 0x7f, 0xe7, 0x73, 0x63, 0x05, 0x6b, 0x19, - 0x4c, 0xf4, 0x22, 0x14, 0xc4, 0x59, 0x88, 0x66, - 0x92, 0x86, 0x61, 0x5c, 0x6a, 0xae, 0xec, 0x58, - 0xff, 0xc9, 0xf2, 0x44, 0xd4, 0xa2, 0xf5, 0x98, - 0xeb, 0x5f, 0x09, 0xbc, 0x8a, 0xbf, 0x3c, 0xb4, - 0x3e, 0xb1, 0x20, 0x05, 0x44, 0x96, 0x79, 0x0a, - 0x40, 0x92, 0x7f, 0x9d, 0xd1, 0xaf, 0xbc, 0x90, - 0x95, 0x0a, 0x81, 0xd4, 0xa7, 0xc6, 0xb8, 0xe0, - 0xe4, 0x39, 0x30, 0x1d, 0x79, 0xc0, 0xe5, 0xfa, - 0xb4, 0xe9, 0x63, 0xb4, 0x09, 0x72, 0x3b, 0x3e, - 0xd9, 0xf6, 0xd9, 0x10, 0x21, 0x18, 0x7e, 0xe5, - 0xad, 0x81, 0xd7, 0xd5, 0x82, 0xd0, 0x8c, 0x3b, - 0x38, 0x95, 0xf8, 0x92, 0x01, 0xa9, 0x92, 0x00, - 0x70, 0xd1, 0xa7, 0x88, 0x77, 0x1f, 0x3a, 0xeb, - 0xb5, 0xe4, 0xf5, 0x9d, 0xc7, 0x37, 0x86, 0xb2, - 0x12, 0x46, 0x34, 0x19, 0x72, 0x8c, 0xf5, 0x8c, - 0xf6, 0x78, 0x98, 0xe0, 0x7c, 0xd3, 0xf4 - }, - "id-Gost28147-89-CryptoPro-B-ParamSet", - "testcfb2", - { - 0x48, 0x0c, 0x74, 0x1b, 0x02, 0x6b, 0x55, 0xd5, - 0xb6, 0x6d, 0xd7, 0x1d, 0x40, 0x48, 0x05, 0x6b, - 0x6d, 0xeb, 0x3c, 0x29, 0x0f, 0x84, 0x80, 0x23, - 0xee, 0x0d, 0x47, 0x77, 0xe3, 0xfe, 0x61, 0xc9 - }, - G89_CFB, - { - 0x1f, 0x3f, 0x82, 0x1e, 0x0d, 0xd8, 0x1e, 0x22 - }, - { - 0x23, 0xc6, 0x7f, 0x20, 0xa1, 0x23, 0x58, 0xbc, - 0x7b, 0x05, 0xdb, 0x21, 0x15, 0xcf, 0x96, 0x41, - 0xc7, 0x88, 0xef, 0x76, 0x5c, 0x49, 0xdb, 0x42, - 0xbf, 0xf3, 0xc0, 0xf5, 0xbd, 0x5d, 0xd9, 0x8e, - 0xaf, 0x3d, 0xf4, 0xe4, 0xda, 0x88, 0xbd, 0xbc, - 0x47, 0x5d, 0x76, 0x07, 0xc9, 0x5f, 0x54, 0x1d, - 0x1d, 0x6a, 0xa1, 0x2e, 0x18, 0xd6, 0x60, 0x84, - 0x02, 0x18, 0x37, 0x92, 0x92, 0x15, 0xab, 0x21, - 0xee, 0x21, 0xcc, 0x71, 0x6e, 0x51, 0xd9, 0x2b, - 0xcc, 0x81, 0x97, 0x3f, 0xeb, 0x45, 0x99, 0xb8, - 0x1b, 0xda, 0xff, 0x90, 0xd3, 0x41, 0x06, 0x9c, - 0x3f, 0xfb, 0xe4, 0xb2, 0xdc, 0xc9, 0x03, 0x0d, - 0xa7, 0xae, 0xd7, 0x7d, 0x02, 0xb8, 0x32, 0xab, - 0xf3, 0x65, 0xa3, 0x65, 0x6c, 0x4e, 0xe4, 0xa2, - 0x5e, 0x9e, 0xee, 0xcd, 0xde, 0x79, 0x36, 0x6b, - 0x1b, 0xe1, 0x3c, 0xdf, 0x10, 0xad, 0x4f, 0x02, - 0xe1, 0x14, 0xaa, 0x09, 0xb4, 0x0b, 0x76, 0xeb, - 0x69, 0x38, 0x20, 0x02, 0xcb, 0x8e, 0xc0, 0xdf, - 0xca, 0x48, 0x74, 0xc3, 0x31, 0xad, 0x42, 0x2c, - 0x51, 0x9b, 0xd0, 0x6a, 0xc1, 0x36, 0xd7, 0x21, - 0xdf, 0xb0, 0x45, 0xba, 0xca, 0x7f, 0x35, 0x20, - 0x28, 0xbb, 0xc1, 0x76, 0xfd, 0x43, 0x5d, 0x23, - 0x7d, 0x31, 0x84, 0x1a, 0x97, 0x4d, 0x83, 0xaa, - 0x7e, 0xf1, 0xc4, 0xe6, 0x83, 0xac, 0x0d, 0xef, - 0xef, 0x3c, 0xa4, 0x7c, 0x48, 0xe4, 0xc8, 0xca, - 0x0d, 0x7d, 0xea, 0x7c, 0x45, 0xd7, 0x73, 0x50, - 0x25, 0x1d, 0x01, 0xc4, 0x02, 0x1a, 0xcd, 0xe0, - 0x38, 0x5b, 0xa8, 0x5a, 0x16, 0x9a, 0x10, 0x59, - 0x74, 0xd7, 0x19, 0xc6, 0xf3, 0xb5, 0x17, 0xf6, - 0x59, 0x8d, 0x62, 0xaf, 0x44, 0xe8, 0xdc, 0xe9, - 0xc1, 0x76, 0xf1, 0xd0, 0xbd, 0x29, 0xd7, 0xec, - 0x1d, 0xac, 0x57, 0xdb, 0x1a, 0x3f, 0xd8, 0xf6, - 0x6e, 0xb6, 0xe6, 0xdf, 0x36, 0xe7, 0x89, 0xce, - 0x56, 0x35, 0x43, 0x1c, 0x7d, 0x57, 0x79, 0x0e, - 0xd8, 0xf4, 0xd7, 0xa7, 0x0d, 0xc6, 0x8f, 0x91, - 0x66, 0x67, 0x82, 0x0f, 0x49, 0xc9, 0xc5, 0x65, - 0x81, 0xa1, 0x39, 0x5a, 0x53, 0x9f, 0x02, 0xa5, - 0xd5, 0x36, 0x22, 0xa8, 0xa8, 0x1c, 0x37, 0x0e, - 0x76, 0x46, 0xdf, 0xbd, 0x6a, 0xdb, 0xfc, 0x1b, - 0xbd, 0x10, 0xb8, 0xb1, 0xbc, 0x72, 0x4c, 0x58, - 0x4a, 0xda, 0x6d, 0x66, 0x00, 0xda, 0x7a, 0x66, - 0xa0, 0xe7, 0x3b, 0x39, 0xa3, 0xf7, 0x05, 0x07, - 0xfa, 0x21, 0x4b, 0xc7, 0x94, 0xc0, 0xd3, 0x7b, - 0x19, 0x02, 0x5d, 0x4a, 0x10, 0xf1, 0xc2, 0x0f, - 0x19, 0x68, 0x27, 0xc7, 0x7d, 0xbf, 0x55, 0x03, - 0x57, 0x7d, 0xaf, 0x77, 0xae, 0x80, 0x2f, 0x7a, - 0xe6, 0x1f, 0x4b, 0xdc, 0x15, 0x18, 0xc0, 0x62, - 0xa1, 0xe8, 0xd9, 0x1c, 0x9e, 0x8c, 0x96, 0x39, - 0xc1, 0xc4, 0x88, 0xf7, 0x0c, 0xe1, 0x04, 0x84, - 0x68, 0x51, 0xce, 0xf1, 0x90, 0xda, 0x7f, 0x76, - 0xc8, 0xc0, 0x88, 0xef, 0x8e, 0x15, 0x25, 0x3e, - 0x7b, 0xe4, 0x79, 0xb5, 0x66, 0x2d, 0x9c, 0xd1, - 0x13, 0xda, 0xd0, 0xd5, 0x46, 0xd5, 0x8d, 0x46, - 0x18, 0x07, 0xee, 0xd8, 0xc9, 0x64, 0xe3, 0xbe, - 0x0e, 0x68, 0x27, 0x09, 0x96, 0x26, 0xf6, 0xe2, - 0x19, 0x61, 0x3f, 0xf4, 0x58, 0x27, 0x0a, 0xeb, - 0xce, 0x7c, 0xb6, 0x68, 0x92, 0xe7, 0x12, 0x3b, - 0x31, 0xd4, 0x48, 0xdf, 0x35, 0x8d, 0xf4, 0x86, - 0x42, 0x2a, 0x15, 0x4b, 0xe8, 0x19, 0x1f, 0x26, - 0x65, 0x9b, 0xa8, 0xda, 0x4b, 0x79, 0x1f, 0x8e, - 0xe6, 0x13, 0x7e, 0x49, 0x8f, 0xc1, 0xce, 0xdc, - 0x5e, 0x64, 0x74, 0xce, 0x02, 0x78, 0xe0, 0xcf, - 0xa0, 0xed, 0x5e, 0x31, 0x74, 0xd1, 0xd0, 0xb4, - 0xee, 0x70, 0x19, 0x14, 0x3c, 0x8f, 0x16, 0xa6, - 0xcf, 0x12, 0x93, 0x15, 0x88, 0xeb, 0x91, 0x65, - 0x76, 0x98, 0xfd, 0xa1, 0x94, 0x30, 0xba, 0x43, - 0x62, 0x65, 0x40, 0x04, 0x77, 0x9e, 0xd6, 0xab, - 0x8b, 0x0d, 0x93, 0x80, 0x50, 0x5f, 0xa2, 0x76, - 0x20, 0xa7, 0xd6, 0x9c, 0x27, 0x15, 0x27, 0xbc, - 0xa5, 0x5a, 0xbf, 0xe9, 0x92, 0x82, 0x05, 0xa8, - 0x41, 0xe9, 0xb5, 0x60, 0xd5, 0xc0, 0xd7, 0x4b, - 0xad, 0x38, 0xb2, 0xe9, 0xd1, 0xe5, 0x51, 0x5f, - 0x24, 0x78, 0x24, 0x9a, 0x23, 0xd2, 0xc2, 0x48, - 0xbd, 0x0e, 0xf1, 0x37, 0x72, 0x91, 0x87, 0xb0, - 0x4e, 0xbd, 0x99, 0x6b, 0x2c, 0x01, 0xb6, 0x79, - 0x69, 0xec, 0x0c, 0xed, 0xe5, 0x3f, 0x50, 0x64, - 0x7c, 0xb9, 0xdd, 0xe1, 0x92, 0x81, 0xb5, 0xd0, - 0xcb, 0x17, 0x83, 0x86, 0x8b, 0xea, 0x4f, 0x93, - 0x08, 0xbc, 0x22, 0x0c, 0xef, 0xe8, 0x0d, 0xf5, - 0x9e, 0x23, 0xe1, 0xf9, 0xb7, 0x6b, 0x45, 0x0b, - 0xcb, 0xa9, 0xb6, 0x4d, 0x28, 0x25, 0xba, 0x3e, - 0x86, 0xf2, 0x75, 0x47, 0x5d, 0x9d, 0x6b, 0xf6, - 0x8a, 0x05, 0x58, 0x73, 0x3d, 0x00, 0xde, 0xfd, - 0x69, 0xb1, 0x61, 0x16, 0xf5, 0x2e, 0xb0, 0x9f, - 0x31, 0x6a, 0x00, 0xb9, 0xef, 0x71, 0x63, 0x47, - 0xa3, 0xca, 0xe0, 0x40, 0xa8, 0x7e, 0x02, 0x04, - 0xfe, 0xe5, 0xce, 0x48, 0x73, 0xe3, 0x94, 0xcf, - 0xe2, 0xff, 0x29, 0x7e, 0xf6, 0x32, 0xbb, 0xb7, - 0x55, 0x12, 0x21, 0x7a, 0x9c, 0x75, 0x04, 0x0c, - 0xb4, 0x7c, 0xb0, 0x3d, 0x40, 0xb3, 0x11, 0x9a, - 0x7a, 0x9a, 0x13, 0xfb, 0x77, 0xa7, 0x51, 0x68, - 0xf7, 0x05, 0x47, 0x3b, 0x0f, 0x52, 0x5c, 0xe6, - 0xc2, 0x99, 0x3a, 0x37, 0x54, 0x5c, 0x4f, 0x2b, - 0xa7, 0x01, 0x08, 0x74, 0xbc, 0x91, 0xe3, 0xe2, - 0xfe, 0x65, 0x94, 0xfd, 0x3d, 0x18, 0xe0, 0xf0, - 0x62, 0xed, 0xc2, 0x10, 0x82, 0x9c, 0x58, 0x7f, - 0xb2, 0xa3, 0x87, 0x8a, 0x74, 0xd9, 0xc1, 0xfb, - 0x84, 0x28, 0x17, 0xc7, 0x2b, 0xcb, 0x53, 0x1f, - 0x4e, 0x8a, 0x82, 0xfc, 0xb4, 0x3f, 0xc1, 0x47, - 0x25, 0xf3, 0x21, 0xdc, 0x4c, 0x2d, 0x08, 0xfa, - 0xe7, 0x0f, 0x03, 0xa9, 0x68, 0xde, 0x6b, 0x41, - 0xa0, 0xf9, 0x41, 0x6c, 0x57, 0x4d, 0x3a, 0x0e, - 0xea, 0x51, 0xca, 0x9f, 0x97, 0x11, 0x7d, 0xf6, - 0x8e, 0x88, 0x63, 0x67, 0xc9, 0x65, 0x13, 0xca, - 0x38, 0xed, 0x35, 0xbe, 0xf4, 0x27, 0xa9, 0xfc, - 0xa9, 0xe6, 0xc3, 0x40, 0x86, 0x08, 0x39, 0x72, - 0x37, 0xee, 0xb2, 0x87, 0x09, 0x96, 0xb7, 0x40, - 0x87, 0x36, 0x92, 0xc1, 0x5d, 0x6a, 0x2c, 0x43, - 0xca, 0x25, 0xc8, 0x35, 0x37, 0x2d, 0xb5, 0xa9, - 0x27, 0x44, 0x50, 0xf2, 0x6d, 0x22, 0x75, 0x41, - 0x77, 0x2a, 0xdb, 0xb1, 0x8c, 0x6d, 0x05, 0xe8, - 0xc9, 0x99, 0xc7, 0x08, 0xf9, 0x14, 0x8f, 0x78, - 0xa9, 0x8f, 0xc2, 0x5a, 0x7a, 0x65, 0xc5, 0xd8, - 0x86, 0xbb, 0x72, 0x69, 0x6b, 0x6b, 0x45, 0x83, - 0x5b, 0xb1, 0xf7, 0xcd, 0x16, 0x73, 0xee, 0xe9, - 0x80, 0x85, 0xfe, 0x8e, 0xe1, 0xae, 0x53, 0x8f, - 0xde, 0xbe, 0x48, 0x8b, 0x59, 0xef, 0xf6, 0x7e, - 0xd8, 0xb5, 0xa8, 0x47, 0xc0, 0x4e, 0x15, 0x58, - 0xca, 0xd3, 0x2f, 0xf8, 0x6c, 0xa6, 0x3d, 0x78, - 0x4d, 0x7a, 0x54, 0xd6, 0x10, 0xe5, 0xcc, 0x05, - 0xe2, 0x29, 0xb5, 0x86, 0x07, 0x39, 0x7d, 0x78, - 0x8e, 0x5a, 0x8f, 0x83, 0x4c, 0xe7, 0x3d, 0x68, - 0x3e, 0xe5, 0x02, 0xe6, 0x64, 0x4f, 0x5e, 0xb4, - 0x49, 0x77, 0xf0, 0xc0, 0xfa, 0x6f, 0xc8, 0xfb, - 0x9f, 0x84, 0x6f, 0x55, 0xfb, 0x30, 0x5e, 0x89, - 0x93, 0xa9, 0xf3, 0xa6, 0xa3, 0xd7, 0x26, 0xbb, - 0xd8, 0xa8, 0xd9, 0x95, 0x1d, 0xfe, 0xfc, 0xd7, - 0xa8, 0x93, 0x66, 0x2f, 0x04, 0x53, 0x06, 0x64, - 0x7f, 0x31, 0x29, 0xae, 0xb7, 0x9f, 0xba, 0xc4, - 0x6d, 0x68, 0xd1, 0x24, 0x32, 0xf4, 0x11 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 4, - { - 0x07, 0x9c, 0x91, 0xbe - }, - "id-Gost28147-89-CryptoPro-C-ParamSet", - "testcfb3", - { - 0x77, 0xc3, 0x45, 0x8e, 0xf6, 0x42, 0xe7, 0x04, - 0x8e, 0xfc, 0x08, 0xe4, 0x70, 0x96, 0xd6, 0x05, - 0x93, 0x59, 0x02, 0x6d, 0x6f, 0x97, 0xca, 0xe9, - 0xcf, 0x89, 0x44, 0x4b, 0xde, 0x6c, 0x22, 0x1d - }, - G89_CFB, - { - 0x43, 0x7c, 0x3e, 0x8e, 0x2f, 0x2a, 0x00, 0x98 - }, - { - 0x19, 0x35, 0x81, 0x34 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 9, - { - 0x2f, 0x31, 0xd8, 0x83, 0xb4, 0x20, 0xe8, 0x6e, - 0xda - }, - "id-Gost28147-89-CryptoPro-D-ParamSet", - "testcfb4", - { - 0x38, 0x9f, 0xe8, 0x37, 0xff, 0x9c, 0x5d, 0x29, - 0xfc, 0x48, 0x55, 0xa0, 0x87, 0xea, 0xe8, 0x40, - 0x20, 0x87, 0x5b, 0xb2, 0x01, 0x15, 0x55, 0xa7, - 0xe3, 0x2d, 0xcb, 0x3d, 0xd6, 0x59, 0x04, 0x73 - }, - G89_CFB, - { - 0xc5, 0xa2, 0xd2, 0x1f, 0x2f, 0xdf, 0xb8, 0xeb - }, - { - 0x6d, 0xa4, 0xed, 0x40, 0x08, 0x88, 0x71, 0xad, - 0x16 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 5242880+8, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test5Mcfb", - { - 0x61, 0x58, 0x44, 0x5a, 0x41, 0xf6, 0xc7, 0x0f, - 0x6b, 0xdb, 0x51, 0x91, 0x6a, 0xf6, 0x81, 0x30, - 0x8c, 0xa7, 0x98, 0xdd, 0x38, 0x35, 0x8a, 0x60, - 0x85, 0xb4, 0xf0, 0xf9, 0x43, 0xa2, 0x7d, 0x9a - }, - G89_CFB, - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }, - { - 0x1c, 0x16, 0xa0, 0xe9, 0x63, 0x94, 0xfe, 0x38, - 0x37, 0xa7, 0x9b, 0x70, 0x25, 0x2e, 0xd6, 0x00 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 4294967296ULL+16, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test4Gcfb", - { - 0xae, 0x57, 0xa2, 0xdd, 0xa4, 0xef, 0x4f, 0x96, - 0xb8, 0x94, 0xa5, 0xd1, 0x1b, 0xc8, 0x9b, 0x42, - 0xa5, 0x24, 0xcc, 0x89, 0x5c, 0xb8, 0x92, 0x52, - 0xc1, 0x12, 0x6a, 0xb0, 0x9a, 0x26, 0xe8, 0x06 - }, - G89_CFB, - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }, - { - 0x2e, 0x62, 0xb0, 0x2e, 0xc7, 0x87, 0x4b, 0x29, - 0x33, 0x16, 0x6b, 0xb4, 0xd6, 0x61, 0x66, 0xd9 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 1037, - { - 0x3d, 0x0b, 0x69, 0xf7, 0xa8, 0xe4, 0xfc, 0x99, - 0x22, 0x2e, 0xee, 0xd1, 0x63, 0x12, 0xfe, 0xa8, - 0x9d, 0xcb, 0x6c, 0x4d, 0x48, 0x8c, 0xe8, 0xbd, - 0x8b, 0x60, 0xf1, 0xbf, 0x7b, 0xe3, 0x79, 0xd5, - 0x2b, 0x25, 0x97, 0x13, 0xef, 0x35, 0xda, 0xf4, - 0xbc, 0x77, 0xce, 0xea, 0xe9, 0x3f, 0xa4, 0xb6, - 0x01, 0xd5, 0x73, 0x29, 0x58, 0xda, 0xd7, 0x67, - 0x17, 0xac, 0xe4, 0x75, 0x2f, 0x57, 0x23, 0xac, - 0x96, 0x21, 0xc7, 0x62, 0x2d, 0xf7, 0x32, 0xb5, - 0x44, 0x5f, 0x72, 0xb1, 0x5f, 0xba, 0x1b, 0x1e, - 0xdb, 0x4a, 0x09, 0x8c, 0x92, 0x61, 0xa2, 0xb0, - 0x49, 0x68, 0xe5, 0xb3, 0xa2, 0x8f, 0x13, 0x4b, - 0xf5, 0x4d, 0x84, 0xda, 0xab, 0xa0, 0xb6, 0xd1, - 0x5a, 0x63, 0x19, 0xe8, 0xa2, 0x09, 0xf6, 0x76, - 0x6f, 0x9b, 0x48, 0x0a, 0x15, 0x5d, 0xb7, 0x20, - 0x21, 0x9a, 0x2e, 0xb9, 0x6d, 0xfa, 0x1e, 0xc2, - 0x0e, 0xef, 0x15, 0xab, 0x59, 0x01, 0xfe, 0x43, - 0x90, 0xf2, 0x62, 0xca, 0x4a, 0x9a, 0x48, 0x38, - 0xab, 0x6f, 0x9d, 0x21, 0xb3, 0xad, 0xa7, 0x60, - 0x46, 0xe3, 0xef, 0xd0, 0xe3, 0x1d, 0xc5, 0xe1, - 0xb8, 0xa1, 0xe2, 0x99, 0x20, 0xc5, 0x76, 0xcc, - 0xaa, 0x8a, 0xa9, 0x45, 0x55, 0xa0, 0x78, 0x00, - 0x64, 0xde, 0xcf, 0x5b, 0xdf, 0x26, 0x48, 0xcd, - 0xba, 0x8a, 0xb5, 0xfb, 0xfd, 0x4a, 0xd5, 0xc4, - 0xe0, 0x43, 0xa6, 0x71, 0x90, 0xa4, 0x8b, 0xca, - 0x2e, 0x88, 0x7b, 0xac, 0xb2, 0xdc, 0xf2, 0x01, - 0xcb, 0xda, 0x6e, 0x91, 0x27, 0x28, 0x44, 0x88, - 0x9a, 0xd2, 0x12, 0xf1, 0xa6, 0xf5, 0xb7, 0x61, - 0xce, 0x79, 0x62, 0x52, 0x3c, 0xe6, 0x14, 0x73, - 0xd1, 0x41, 0x92, 0x50, 0xbd, 0xdc, 0x3b, 0xd0, - 0xa7, 0x11, 0x8c, 0x3a, 0xe4, 0x2d, 0xf2, 0x52, - 0xd3, 0x2f, 0x7c, 0x8e, 0x54, 0x90, 0x4e, 0x23, - 0xae, 0xb3, 0xa0, 0xf3, 0x25, 0x7e, 0x66, 0xaa, - 0x0f, 0x6f, 0x81, 0x72, 0x77, 0xbb, 0xd3, 0x47, - 0xe8, 0x05, 0xff, 0xe1, 0x5b, 0xc9, 0x37, 0x50, - 0x33, 0x49, 0x17, 0xaf, 0xab, 0x1d, 0xe1, 0x15, - 0xf2, 0xe5, 0x98, 0x5e, 0x2d, 0x05, 0x1f, 0x0d, - 0x55, 0x97, 0xed, 0xff, 0x5e, 0xe0, 0x0f, 0xc3, - 0x9c, 0xbd, 0x82, 0xc2, 0x06, 0xbe, 0x45, 0x66, - 0xae, 0x33, 0xbe, 0x28, 0x48, 0xe9, 0x2d, 0x1a, - 0xe6, 0x65, 0x8e, 0xdf, 0x76, 0x03, 0x73, 0x4b, - 0xc0, 0x80, 0x71, 0xf9, 0xac, 0xba, 0xa0, 0xb0, - 0x19, 0x1a, 0x0a, 0xd4, 0x35, 0x12, 0x88, 0x76, - 0x05, 0x75, 0x8f, 0x7c, 0xb5, 0xf0, 0x19, 0x75, - 0x6d, 0x05, 0xcb, 0x0d, 0xbc, 0x8d, 0xe9, 0xf0, - 0xd4, 0xdb, 0x3c, 0x3c, 0x29, 0x8e, 0x2c, 0x32, - 0x1d, 0xf7, 0xb6, 0x49, 0xcf, 0xdb, 0x63, 0xee, - 0x3c, 0xfa, 0x33, 0x73, 0x6f, 0xe4, 0x97, 0x4e, - 0x2f, 0xc9, 0x4c, 0x5c, 0x65, 0xfe, 0xea, 0xfb, - 0xc6, 0xdd, 0xc1, 0x1c, 0x47, 0x3f, 0xf4, 0x50, - 0x2f, 0xde, 0x1b, 0x5b, 0x0b, 0x16, 0xca, 0xb6, - 0x46, 0x44, 0xf2, 0xc1, 0x0d, 0xa1, 0x1d, 0xa6, - 0xdb, 0xf0, 0x3d, 0xb1, 0x6c, 0x05, 0x31, 0x85, - 0x8e, 0x74, 0xae, 0xf2, 0x39, 0x26, 0xf7, 0xc1, - 0xe7, 0x4c, 0xdd, 0x9d, 0x40, 0xb8, 0xf3, 0xc5, - 0xc2, 0x16, 0x64, 0x6b, 0xaa, 0xdb, 0x4b, 0x82, - 0x5c, 0xd3, 0x02, 0xd3, 0x8f, 0x26, 0x79, 0x8d, - 0xb0, 0x78, 0x70, 0x19, 0x58, 0x0c, 0xb4, 0x31, - 0x88, 0x44, 0x1c, 0x91, 0x6f, 0xf4, 0x52, 0x39, - 0xa8, 0xf5, 0xc0, 0x1b, 0xfe, 0xf2, 0x0e, 0x4b, - 0xac, 0x0a, 0xc2, 0x7e, 0x9c, 0x9b, 0xeb, 0x5d, - 0x4e, 0x4f, 0x42, 0xd8, 0x71, 0x0a, 0x97, 0x27, - 0x03, 0x14, 0x96, 0xa6, 0x3d, 0x04, 0xea, 0x9f, - 0x14, 0x14, 0x27, 0x4c, 0xd9, 0xa2, 0x89, 0x5f, - 0x65, 0x4a, 0xe1, 0x9d, 0x2c, 0xb8, 0xf8, 0xd4, - 0x8f, 0x2a, 0x57, 0x36, 0xcc, 0x06, 0x9c, 0x2c, - 0xc5, 0x13, 0x16, 0xdf, 0xfc, 0xae, 0x22, 0x16, - 0xa8, 0x2b, 0x71, 0x6f, 0x1d, 0xb3, 0x47, 0x54, - 0x3f, 0x2d, 0x0a, 0x68, 0x9f, 0x2e, 0xf6, 0x90, - 0xd8, 0xa1, 0x21, 0x09, 0xd4, 0x97, 0xb9, 0x7b, - 0x7f, 0x9b, 0x6a, 0xed, 0xd1, 0xf0, 0xe3, 0xb6, - 0x28, 0xc7, 0x62, 0x82, 0x00, 0xc9, 0x38, 0xa1, - 0x82, 0x78, 0xce, 0x87, 0xc8, 0x53, 0xac, 0x4f, - 0x2e, 0x31, 0xb9, 0x50, 0x7f, 0x36, 0x00, 0x4a, - 0x32, 0xe6, 0xd8, 0xbb, 0x59, 0x45, 0x0e, 0x91, - 0x1b, 0x38, 0xa9, 0xbc, 0xb9, 0x5e, 0x6c, 0x6a, - 0x9c, 0x03, 0x01, 0x1c, 0xde, 0xe8, 0x1f, 0x1e, - 0xe3, 0xde, 0x25, 0xa2, 0x56, 0x79, 0xe1, 0xbd, - 0x58, 0xc4, 0x93, 0xe6, 0xd0, 0x8a, 0x4d, 0x08, - 0xab, 0xf7, 0xaa, 0xc3, 0x7d, 0xc1, 0xee, 0x68, - 0x37, 0xbc, 0x78, 0x0b, 0x19, 0x68, 0x2b, 0x2b, - 0x2e, 0x6d, 0xc4, 0x6f, 0xaa, 0x3b, 0xc6, 0x19, - 0xcb, 0xf1, 0x58, 0xb9, 0x60, 0x85, 0x45, 0xae, - 0x52, 0x97, 0xba, 0x24, 0x32, 0x13, 0x72, 0x16, - 0x6e, 0x7b, 0xc1, 0x98, 0xac, 0xb1, 0xed, 0xb4, - 0xcc, 0x6c, 0xcf, 0x45, 0xfc, 0x50, 0x89, 0x80, - 0x8e, 0x7a, 0xa4, 0xd3, 0x64, 0x50, 0x63, 0x37, - 0xc9, 0x6c, 0xf1, 0xc4, 0x3d, 0xfb, 0xde, 0x5a, - 0x5c, 0xa8, 0x21, 0x35, 0xe6, 0x2e, 0x8c, 0x2a, - 0x3c, 0x12, 0x17, 0x79, 0x9a, 0x0d, 0x2e, 0x79, - 0xeb, 0x67, 0x1f, 0x2b, 0xf8, 0x6e, 0xca, 0xc1, - 0xfa, 0x45, 0x18, 0x9e, 0xdf, 0x6a, 0xe6, 0xcb, - 0xe9, 0x5c, 0xc3, 0x09, 0xaf, 0x93, 0x58, 0x13, - 0xbf, 0x90, 0x84, 0x87, 0x75, 0xd6, 0x82, 0x28, - 0x8d, 0xe7, 0x2f, 0xa3, 0xfb, 0x97, 0x74, 0x2a, - 0x73, 0x04, 0x82, 0x06, 0x76, 0x69, 0xb1, 0x0b, - 0x19, 0xfc, 0xae, 0xb3, 0xdd, 0x2a, 0xe5, 0xc1, - 0x05, 0xd8, 0x80, 0x95, 0x22, 0x90, 0x71, 0xfc, - 0xc2, 0x92, 0x42, 0xfd, 0xf1, 0x70, 0xb4, 0x68, - 0x88, 0xa4, 0x9e, 0x0a, 0x24, 0x40, 0x13, 0xc8, - 0xa2, 0x56, 0x4f, 0x39, 0xe6, 0x06, 0xf1, 0xdc, - 0xf5, 0x13, 0x0e, 0xad, 0x9c, 0x8b, 0xaf, 0xe9, - 0xe3, 0x88, 0x72, 0xff, 0xa0, 0x6d, 0xda, 0x08, - 0x70, 0xb9, 0x2e, 0x83, 0xc5, 0xbb, 0x32, 0xa5, - 0x74, 0xc7, 0xfb, 0x7b, 0x76, 0xaf, 0x02, 0xbb, - 0x2b, 0xb8, 0x5e, 0x65, 0x02, 0xfe, 0x0e, 0xa0, - 0x99, 0xce, 0x01, 0x3b, 0x35, 0xe1, 0xb0, 0x22, - 0xe5, 0x94, 0xbd, 0xdd, 0x8e, 0xbb, 0xf6, 0x75, - 0xbf, 0xbf, 0xee, 0x7a, 0xb1, 0x58, 0xb4, 0x81, - 0xb8, 0x39, 0x3e, 0xb6, 0x1e, 0xde, 0xda, 0x1b, - 0xd5, 0xf7, 0xdd, 0x7d, 0x65, 0x9c, 0xaa, 0x56, - 0x93, 0xb8, 0xaf, 0x48, 0x53, 0xc7, 0x22, 0xe4, - 0x1c, 0xdf, 0xe9, 0x79, 0xb4, 0x20, 0x89, 0xcc, - 0x2a, 0x79, 0x2c, 0x09, 0xbe, 0x78, 0xcf, 0xcc, - 0xf2, 0x90, 0xd6, 0x65, 0xc5, 0x29, 0xfc, 0xda, - 0x69, 0xfc, 0xc0, 0xd6, 0x70, 0x99, 0x61, 0x3f, - 0x60, 0x02, 0xd8, 0x12, 0x22, 0xc8, 0x34, 0xc6, - 0x3b, 0xb3, 0xc2, 0x33, 0xa1, 0x5c, 0x8f, 0x4c, - 0xd1, 0x52, 0x72, 0xf2, 0x42, 0x05, 0x8e, 0x18, - 0x1f, 0x16, 0xda, 0xb8, 0x53, 0xa1, 0x5f, 0x01, - 0x32, 0x1b, 0x90, 0xb3, 0x53, 0x9b, 0xd0, 0x85, - 0x61, 0x2d, 0x17, 0xed, 0x0a, 0xa4, 0xa5, 0x27, - 0x09, 0x75, 0x7c, 0xbc, 0x30, 0xf7, 0x5e, 0x59, - 0x9a, 0x07, 0x96, 0x84, 0x28, 0x86, 0x4b, 0xa7, - 0x22, 0x35, 0x28, 0xc7, 0xed, 0x0d, 0xc3, 0xce, - 0x98, 0xcc, 0x2d, 0xec, 0xd4, 0x98, 0x09, 0x8e, - 0x52, 0x5f, 0x2b, 0x9a, 0x13, 0xbe, 0x99, 0x16, - 0x73, 0xd1, 0x1f, 0x81, 0xe5, 0xa2, 0x08, 0x78, - 0xcb, 0x0c, 0x20, 0xd4, 0xa5, 0xea, 0x4b, 0x5b, - 0x95, 0x5a, 0x92, 0x9a, 0x52 - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testcnt2", - { - 0x1b, 0x5d, 0xdb, 0x77, 0xcf, 0xf9, 0xec, 0x95, - 0x5e, 0xcc, 0x67, 0x9f, 0x5d, 0x28, 0xad, 0x4a, - 0x27, 0xf4, 0x32, 0xc6, 0xb2, 0xcb, 0xb1, 0x45, - 0x6a, 0x88, 0x14, 0x0c, 0x9b, 0x9b, 0x5f, 0x48 - }, - G89_CNT, - { - 0x71, 0x58, 0x8c, 0xe1, 0x55, 0xf4, 0xf6, 0xb3 - }, - { - 0x8e, 0xcd, 0x8f, 0xc8, 0xac, 0xe1, 0x15, 0x48, - 0x2d, 0xae, 0x24, 0x8a, 0xc7, 0xfb, 0xba, 0x0f, - 0x1d, 0x8a, 0x95, 0xa2, 0x43, 0xef, 0xcb, 0xdc, - 0x59, 0x57, 0xa7, 0xc7, 0x0e, 0xe3, 0xe2, 0xb9, - 0x0d, 0x86, 0x29, 0x62, 0xcb, 0x83, 0x4d, 0x07, - 0x0c, 0x40, 0xd4, 0x7b, 0x2e, 0xca, 0xba, 0xbf, - 0x4a, 0x60, 0x3b, 0x31, 0x98, 0xc8, 0x88, 0x47, - 0xd9, 0x82, 0xab, 0xfc, 0x8f, 0x48, 0xe2, 0x46, - 0xab, 0xd3, 0xa1, 0xab, 0x8a, 0x05, 0x22, 0x8c, - 0xf4, 0xec, 0x9a, 0x1e, 0x76, 0xab, 0x1a, 0x60, - 0xd9, 0x25, 0x6b, 0xb8, 0x56, 0xe5, 0xb2, 0xea, - 0x10, 0xf3, 0x62, 0x04, 0x32, 0x5e, 0xaa, 0x3b, - 0x7b, 0x57, 0xbc, 0x3b, 0x8b, 0x43, 0x47, 0xf2, - 0xd5, 0x03, 0x7e, 0x51, 0x01, 0xff, 0x77, 0x28, - 0xca, 0x90, 0xa3, 0xfe, 0x7e, 0x2e, 0x70, 0x16, - 0x75, 0x18, 0x44, 0xf0, 0x1b, 0x85, 0x05, 0xea, - 0xe3, 0x21, 0xf7, 0x26, 0x86, 0x76, 0x3c, 0x67, - 0x9d, 0xfc, 0xbc, 0x10, 0x7f, 0x77, 0xe4, 0xed, - 0xd3, 0x12, 0xf8, 0x83, 0x00, 0x1f, 0x4b, 0x92, - 0x95, 0x92, 0x5c, 0xf3, 0x5a, 0xf3, 0xb7, 0xd0, - 0xa9, 0x5f, 0xf2, 0x18, 0xc4, 0x66, 0x62, 0xc1, - 0x84, 0x0e, 0x66, 0xe8, 0x80, 0x7d, 0x1f, 0xf0, - 0xba, 0x01, 0x9b, 0x71, 0xae, 0x93, 0xcc, 0x27, - 0x54, 0x34, 0x9a, 0xbd, 0xca, 0xee, 0x52, 0x09, - 0x92, 0x9d, 0xb0, 0xd5, 0xd9, 0xba, 0x2f, 0xb9, - 0x96, 0xdc, 0xfa, 0xbd, 0xce, 0xea, 0x1a, 0x7b, - 0x9a, 0x1d, 0x13, 0xa7, 0x11, 0xe2, 0x9a, 0x64, - 0xf6, 0xd3, 0xee, 0xc6, 0x33, 0xb7, 0x6e, 0xef, - 0x25, 0x9e, 0x1e, 0x7c, 0xe3, 0x1f, 0x2c, 0x6e, - 0xa9, 0xc0, 0xf8, 0xc1, 0xbf, 0x3b, 0xf8, 0x34, - 0x03, 0x9b, 0xa1, 0x40, 0x5b, 0x0c, 0x3c, 0x09, - 0x66, 0x9d, 0x63, 0xe2, 0xe2, 0x04, 0x8f, 0x06, - 0x84, 0x74, 0x68, 0xb2, 0x5c, 0x3b, 0x4c, 0xad, - 0x0b, 0x3f, 0x03, 0xb3, 0x07, 0x8a, 0x64, 0xa7, - 0x36, 0x56, 0x26, 0x39, 0x66, 0xda, 0xe9, 0x6d, - 0x1b, 0xd5, 0x88, 0xe8, 0x5c, 0xaf, 0x5a, 0x4c, - 0x49, 0xf7, 0xf5, 0xb7, 0x78, 0xf0, 0xde, 0xec, - 0xcd, 0x16, 0x23, 0x9e, 0x8c, 0x13, 0xbe, 0x6b, - 0x6f, 0x9b, 0x07, 0xe5, 0xbb, 0xcc, 0x3a, 0x1b, - 0x6f, 0x43, 0xdf, 0xff, 0x46, 0x2a, 0xae, 0x47, - 0x19, 0x18, 0x9a, 0x25, 0x09, 0xc9, 0x24, 0x40, - 0x0c, 0x4b, 0xa7, 0xda, 0x5e, 0x0d, 0xee, 0xfa, - 0x62, 0x45, 0x8e, 0xcc, 0x2f, 0x23, 0x08, 0x1d, - 0x92, 0xf0, 0xfe, 0x82, 0x0f, 0xd7, 0x11, 0x60, - 0x7e, 0x0b, 0x0b, 0x75, 0xf4, 0xf5, 0x3b, 0xc0, - 0xa4, 0xe8, 0x72, 0xa5, 0xb6, 0xfa, 0x5a, 0xad, - 0x5a, 0x4f, 0x39, 0xb5, 0xa2, 0x12, 0x96, 0x0a, - 0x32, 0x84, 0xb2, 0xa1, 0x06, 0x68, 0x56, 0x57, - 0x97, 0xa3, 0x7b, 0x22, 0x61, 0x76, 0x5d, 0x30, - 0x1a, 0x31, 0xab, 0x99, 0x06, 0xc5, 0x1a, 0x96, - 0xcf, 0xcf, 0x14, 0xff, 0xb2, 0xc4, 0xcc, 0x2b, - 0xbf, 0x0c, 0x9d, 0x91, 0x8f, 0x79, 0x5b, 0xbc, - 0xa9, 0x6b, 0x91, 0x6a, 0xb4, 0x93, 0x5c, 0x7b, - 0x5d, 0xc2, 0x8a, 0x75, 0xc0, 0xc1, 0x08, 0xfa, - 0x99, 0xf9, 0x4d, 0x5e, 0x0c, 0x06, 0x64, 0x60, - 0xa9, 0x01, 0x4a, 0x34, 0x0f, 0x33, 0x84, 0x95, - 0x69, 0x30, 0xc1, 0x1c, 0x36, 0xf8, 0xfc, 0x30, - 0x23, 0xb2, 0x71, 0xe5, 0x52, 0x4d, 0x12, 0x1a, - 0xc9, 0xbe, 0xee, 0xc9, 0xcb, 0x01, 0x85, 0xf3, - 0xdb, 0x30, 0xf9, 0x41, 0xa9, 0x40, 0xb0, 0x06, - 0x29, 0x77, 0xcd, 0xc5, 0xec, 0x58, 0x02, 0x48, - 0x83, 0x53, 0x44, 0x6a, 0xd2, 0xca, 0x05, 0xd8, - 0x5a, 0x08, 0xeb, 0xa9, 0xf4, 0xe6, 0xc7, 0x9d, - 0xd5, 0x7b, 0x74, 0x0b, 0x31, 0xb7, 0xa5, 0x57, - 0x7c, 0x7a, 0xfd, 0x1a, 0x0e, 0xd7, 0x97, 0x41, - 0xbf, 0xdd, 0xc6, 0x19, 0x6c, 0x77, 0x8c, 0x18, - 0x52, 0x57, 0x83, 0xba, 0x71, 0x25, 0xee, 0x39, - 0xbb, 0xe2, 0x43, 0xa0, 0x14, 0xdc, 0x0e, 0x84, - 0xb4, 0x2b, 0xde, 0x3e, 0xe5, 0x36, 0xb7, 0xa2, - 0x92, 0x98, 0x05, 0xb8, 0x96, 0xe5, 0xd0, 0x8c, - 0x08, 0x93, 0x35, 0xc2, 0x81, 0xe0, 0xfc, 0x59, - 0x71, 0xe2, 0x44, 0x49, 0x5d, 0xda, 0xfb, 0x9c, - 0xaa, 0x70, 0x9f, 0x43, 0xa8, 0xa5, 0xd9, 0x67, - 0xd9, 0x8f, 0xa3, 0x1e, 0xbe, 0x0e, 0xec, 0xdf, - 0x12, 0x2b, 0x6a, 0xe7, 0x1c, 0x12, 0x17, 0xe7, - 0xc4, 0x6d, 0x50, 0xc9, 0x52, 0x7a, 0xd5, 0xe8, - 0x7f, 0xbc, 0x07, 0x15, 0xac, 0xdb, 0x93, 0x66, - 0xb1, 0xf0, 0xa7, 0x7b, 0x2f, 0xe9, 0xec, 0xd0, - 0x47, 0x69, 0x59, 0x87, 0xf1, 0x4c, 0x3e, 0x4b, - 0x9b, 0x11, 0x79, 0x13, 0xe4, 0x96, 0xf6, 0x56, - 0x04, 0x6e, 0x0b, 0x33, 0xfc, 0x40, 0xf6, 0xc7, - 0xc1, 0x43, 0xb1, 0xbf, 0x0e, 0xb3, 0x87, 0xfd, - 0x0b, 0x1c, 0x63, 0x46, 0x3a, 0xd3, 0xa0, 0x17, - 0x59, 0x25, 0x94, 0x6c, 0x9c, 0x3d, 0x0c, 0x81, - 0xce, 0x82, 0x72, 0x42, 0x28, 0xf9, 0x37, 0x6a, - 0x6d, 0xe4, 0x12, 0xf4, 0x21, 0xaa, 0xf7, 0xfe, - 0x27, 0x55, 0x40, 0x1a, 0x14, 0xc3, 0x39, 0x5b, - 0xbf, 0x63, 0xc2, 0x5f, 0x10, 0x1f, 0x14, 0x25, - 0xd0, 0xce, 0xf3, 0x14, 0x48, 0x13, 0xa5, 0x0b, - 0x4d, 0x38, 0xcf, 0x0d, 0x34, 0xc0, 0x0a, 0x11, - 0xb4, 0xb5, 0x72, 0xc8, 0x4b, 0xc2, 0x6f, 0xe7, - 0x9d, 0x93, 0xf7, 0xdf, 0xb8, 0x43, 0x72, 0x7e, - 0xda, 0x3e, 0x20, 0x1f, 0xbc, 0x21, 0x2a, 0xce, - 0x00, 0xfa, 0x96, 0x9f, 0x3d, 0xe5, 0x88, 0x96, - 0xef, 0x29, 0x84, 0xdf, 0x6c, 0x1c, 0x96, 0xd8, - 0x58, 0x47, 0xaa, 0x92, 0xf3, 0x07, 0xe5, 0xfb, - 0xaf, 0xea, 0x95, 0x7e, 0x0b, 0x71, 0xcd, 0x81, - 0x0f, 0xb7, 0x0a, 0x59, 0x8f, 0x31, 0x4d, 0xd1, - 0xc3, 0xf3, 0x2f, 0x70, 0x5c, 0x59, 0x18, 0x97, - 0xaf, 0x77, 0x95, 0x5e, 0xaf, 0x40, 0x06, 0x12, - 0x81, 0x61, 0x86, 0x08, 0x4e, 0xbc, 0x89, 0x46, - 0x07, 0x2e, 0x5b, 0x10, 0xaa, 0x12, 0xf0, 0xa7, - 0x84, 0xe2, 0x9a, 0x08, 0xf1, 0xde, 0x59, 0xe3, - 0x0e, 0x47, 0x4b, 0xff, 0xc3, 0xc9, 0x18, 0xaf, - 0x95, 0x9c, 0x67, 0x2a, 0xde, 0x8a, 0x7a, 0x99, - 0x04, 0xc4, 0xb8, 0x97, 0x4c, 0x04, 0x29, 0x71, - 0x05, 0xda, 0xb3, 0xd6, 0xdb, 0x6c, 0x71, 0xe6, - 0xe8, 0x03, 0xbf, 0x94, 0x7d, 0xde, 0x3d, 0xc8, - 0x44, 0xfa, 0x7d, 0x62, 0xb4, 0x36, 0x03, 0xee, - 0x36, 0x52, 0x64, 0xb4, 0x85, 0x6d, 0xd5, 0x78, - 0xf0, 0x6f, 0x67, 0x2d, 0x0e, 0xe0, 0x2c, 0x88, - 0x9b, 0x55, 0x19, 0x29, 0x40, 0xf6, 0x8c, 0x12, - 0xbb, 0x2c, 0x83, 0x96, 0x40, 0xc0, 0x36, 0xf5, - 0x77, 0xff, 0x70, 0x8c, 0x75, 0x92, 0x0b, 0xad, - 0x05, 0x9b, 0x7e, 0xa2, 0xfc, 0xa9, 0xd1, 0x64, - 0x76, 0x82, 0x13, 0xba, 0x22, 0x5e, 0x33, 0x0e, - 0x26, 0x70, 0xa9, 0xbe, 0x74, 0x28, 0xf5, 0xe2, - 0xc4, 0x96, 0xee, 0x3a, 0xbc, 0x97, 0xa6, 0x2c, - 0x2a, 0xe0, 0x64, 0x8d, 0x35, 0xc6, 0x1a, 0xca, - 0xf4, 0x92, 0xfa, 0xc3, 0xf1, 0x1f, 0x98, 0xe4, - 0x43, 0x88, 0x69, 0x3a, 0x09, 0xbf, 0x63, 0xe5, - 0x96, 0x29, 0x0b, 0x9b, 0x62, 0x23, 0x14, 0x8a, - 0x95, 0xe4, 0x1c, 0x5c, 0x0a, 0xa9, 0xc5, 0xb9, - 0x6f, 0x4f, 0x2b, 0x25, 0x6f, 0x74, 0x1e, 0x18, - 0xd5, 0xfe, 0x27, 0x7d, 0x3f, 0x6e, 0x55, 0x2c, - 0x67, 0xe6, 0xde, 0xb5, 0xcc, 0xc0, 0x2d, 0xff, - 0xc4, 0xe4, 0x06, 0x21, 0xa5, 0xc8, 0xd3, 0xd6, - 0x6c, 0xa1, 0xc3, 0xfb, 0x88, 0x92, 0xb1, 0x1d, - 0x90, 0xe1, 0x35, 0x05, 0x9b, 0x29, 0x6d, 0xba, - 0xf1, 0xf4, 0x1e, 0x23, 0x2e - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 5242880+8, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test5Mcnt", - { - 0x07, 0x52, 0x65, 0xe7, 0xca, 0xa3, 0xca, 0x45, - 0xcf, 0x3a, 0x05, 0x1d, 0x38, 0x03, 0x53, 0x0c, - 0x22, 0x31, 0xba, 0x99, 0x4f, 0x9b, 0x6a, 0x1b, - 0x7e, 0x09, 0x9d, 0x4e, 0xb5, 0xc9, 0x84, 0x2e - }, - G89_CNT, - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }, - { - 0x3d, 0x05, 0x07, 0x57, 0xc0, 0x75, 0x89, 0x97, - 0xd6, 0x94, 0x49, 0x11, 0x1d, 0xd0, 0x91, 0xee - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 4294967296ULL+16, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test4Gcnt", - { - 0x75, 0xa3, 0x3c, 0xae, 0x03, 0x6b, 0x10, 0xdb, - 0xc1, 0x56, 0x50, 0x89, 0x03, 0xd2, 0x9f, 0x91, - 0xee, 0xe8, 0x64, 0x1d, 0x43, 0xf2, 0x4e, 0xf8, - 0xf2, 0x6c, 0xed, 0xda, 0x8f, 0xe4, 0x88, 0xe9 - }, - G89_CNT, - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }, - { - 0xfa, 0x6c, 0x96, 0x78, 0xe2, 0xf8, 0xdd, 0xaa, - 0x67, 0x5a, 0xc9, 0x5d, 0x57, 0xf1, 0xbd, 0x99 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 1035, - { - 0xd6, 0xcf, 0x31, 0x96, 0x9c, 0xa1, 0xfb, 0xd6, - 0x8d, 0xa3, 0xdd, 0x01, 0xd9, 0x88, 0xc0, 0x2f, - 0xbc, 0x46, 0xc7, 0x3a, 0xe4, 0x21, 0x86, 0x96, - 0x8d, 0xe2, 0xca, 0xb6, 0x37, 0xa2, 0xe1, 0xa8, - 0x7e, 0xa7, 0x79, 0x2e, 0xa4, 0x56, 0x75, 0x7f, - 0x3e, 0x55, 0x8b, 0x43, 0xae, 0x65, 0xdf, 0xaa, - 0x42, 0xb6, 0x00, 0xa6, 0x61, 0x03, 0x0d, 0xd3, - 0x41, 0x02, 0x27, 0x23, 0x95, 0x79, 0x9b, 0x34, - 0x81, 0xa9, 0x86, 0xb5, 0xa7, 0x90, 0xe2, 0xae, - 0xc4, 0x2f, 0xc3, 0x8e, 0x32, 0x56, 0x13, 0xfa, - 0x4d, 0x4e, 0x9f, 0x15, 0x75, 0x7e, 0x74, 0xdc, - 0x32, 0x2d, 0xee, 0x4d, 0x67, 0x70, 0x9f, 0x62, - 0xb9, 0xc4, 0xdb, 0x24, 0x84, 0xcc, 0x16, 0x7b, - 0xda, 0x22, 0xf7, 0xc5, 0xf3, 0x93, 0x35, 0x73, - 0xc6, 0x03, 0x1c, 0x77, 0xa5, 0xf2, 0x76, 0x56, - 0xb4, 0x95, 0xd4, 0x7e, 0x0d, 0x20, 0xc6, 0x6e, - 0xee, 0x8f, 0x25, 0x48, 0xff, 0x7e, 0x01, 0x3a, - 0xb4, 0x1f, 0xaa, 0x35, 0xc0, 0x33, 0x58, 0x9c, - 0xb5, 0xba, 0x65, 0x4b, 0xd3, 0x51, 0x14, 0xec, - 0x61, 0xce, 0xe4, 0xba, 0x49, 0xba, 0x39, 0x32, - 0xab, 0xce, 0x81, 0x72, 0xce, 0xab, 0xed, 0xd4, - 0xd2, 0x19, 0x87, 0x85, 0x92, 0xfa, 0x64, 0x34, - 0xd8, 0x86, 0xf4, 0x8a, 0x08, 0x3c, 0xde, 0xee, - 0x97, 0x92, 0x92, 0x69, 0xba, 0x9b, 0x5f, 0x7a, - 0x03, 0xc1, 0x5d, 0x43, 0x02, 0x8c, 0xbe, 0xd2, - 0x46, 0x72, 0x81, 0x40, 0x7d, 0x68, 0x98, 0x45, - 0x0b, 0x54, 0x27, 0x1c, 0xaf, 0x80, 0x42, 0xe4, - 0xd5, 0xd4, 0xe4, 0xa2, 0x98, 0x07, 0x8f, 0x03, - 0xf5, 0x2c, 0x8c, 0x88, 0xca, 0x5a, 0xde, 0xe4, - 0x9f, 0xb1, 0x5f, 0x82, 0xff, 0x20, 0x67, 0x52, - 0x85, 0x84, 0x4f, 0xc8, 0xfe, 0xa7, 0x9e, 0xae, - 0x1c, 0xfa, 0xb8, 0x75, 0xd3, 0xf7, 0x9f, 0x0d, - 0xda, 0x2d, 0xe6, 0xcc, 0x86, 0x6b, 0xa4, 0x14, - 0x65, 0xc3, 0xf9, 0x15, 0xbc, 0x87, 0xf5, 0xae, - 0x8c, 0x10, 0xd4, 0xce, 0x5b, 0x9c, 0xe2, 0xdd, - 0x42, 0x03, 0x09, 0x87, 0x47, 0xed, 0x5d, 0xd0, - 0x7a, 0x69, 0x4c, 0xfa, 0x43, 0x7d, 0xbf, 0x07, - 0x85, 0x6a, 0xee, 0x68, 0xe6, 0x7a, 0x57, 0xb2, - 0x20, 0x8d, 0x80, 0xf2, 0x91, 0x6f, 0x5c, 0x07, - 0x8c, 0xe4, 0x6a, 0x49, 0x90, 0x85, 0x8b, 0x77, - 0x29, 0x56, 0x1c, 0x5e, 0xa9, 0x3f, 0xab, 0x8b, - 0x79, 0xa3, 0x6f, 0x6b, 0x34, 0xcb, 0x61, 0xf6, - 0xe6, 0x92, 0xd1, 0x48, 0x9e, 0x11, 0xa2, 0x82, - 0xc0, 0x4e, 0x23, 0xd2, 0x15, 0x0d, 0x8d, 0xff, - 0xfa, 0x17, 0x9d, 0x81, 0xb8, 0xbc, 0xd7, 0x5b, - 0x08, 0x81, 0x20, 0x40, 0xc0, 0x3c, 0x06, 0x8b, - 0x1a, 0x88, 0x0b, 0x4b, 0x7b, 0x31, 0xf5, 0xd4, - 0x4e, 0x09, 0xd1, 0x4d, 0x0d, 0x7f, 0x45, 0xd1, - 0x09, 0x35, 0xba, 0xce, 0x65, 0xdd, 0xf2, 0xb8, - 0xfb, 0x7a, 0xbc, 0xc4, 0x4b, 0xc8, 0x75, 0xda, - 0x6b, 0xce, 0x3d, 0xe8, 0x94, 0xcc, 0x23, 0x6f, - 0xb0, 0x3b, 0x4f, 0x7d, 0x07, 0xb9, 0x0f, 0x62, - 0x92, 0x7e, 0xda, 0x70, 0x50, 0xce, 0xd3, 0x28, - 0x12, 0x11, 0x00, 0xeb, 0x8d, 0x63, 0x70, 0x78, - 0xa8, 0x7b, 0x76, 0xab, 0xc6, 0x40, 0xc0, 0x4e, - 0x80, 0xdd, 0xf0, 0xfe, 0x83, 0x72, 0x56, 0x4c, - 0x09, 0x4c, 0xf1, 0x72, 0x72, 0x86, 0x26, 0x31, - 0xc3, 0xc2, 0xdc, 0x8e, 0xc7, 0xf4, 0x35, 0xec, - 0x17, 0x06, 0x63, 0x47, 0x49, 0x88, 0x47, 0xaf, - 0xb3, 0x38, 0x4f, 0x7e, 0x44, 0x95, 0xb5, 0xbb, - 0x1d, 0xbd, 0x5a, 0x91, 0x5b, 0xd0, 0x1a, 0xdf, - 0x0d, 0x0b, 0x50, 0xd8, 0xe2, 0x0e, 0xc5, 0x00, - 0x2d, 0x5b, 0x29, 0x19, 0xaa, 0x2b, 0x64, 0xc5, - 0x40, 0x31, 0x48, 0x11, 0xbc, 0x04, 0xd1, 0xcf, - 0x6d, 0xf9, 0xa5, 0x2f, 0x4a, 0xc9, 0x82, 0xfa, - 0x59, 0xe1, 0xfc, 0xab, 0x1c, 0x33, 0x26, 0x0a, - 0x5f, 0xef, 0xf2, 0x06, 0xd8, 0xd3, 0x7e, 0x16, - 0x58, 0x16, 0x78, 0x73, 0xae, 0xba, 0xeb, 0xe5, - 0x3d, 0xb2, 0x0a, 0xb3, 0x32, 0x2d, 0x14, 0xa4, - 0xfa, 0x3f, 0x1f, 0x43, 0xf9, 0x7b, 0xa9, 0x43, - 0x98, 0x18, 0x94, 0x07, 0x07, 0xe5, 0x19, 0x34, - 0xa8, 0x16, 0x5f, 0x71, 0x67, 0xaa, 0x29, 0xe5, - 0xfa, 0xf0, 0x83, 0x06, 0x1d, 0x9d, 0xfc, 0xfe, - 0xfe, 0x8c, 0xb5, 0xb2, 0xa9, 0xe7, 0xa0, 0x40, - 0x60, 0xb6, 0x71, 0x9e, 0xab, 0x5b, 0x83, 0xb9, - 0x0c, 0x2b, 0x58, 0x23, 0x80, 0x09, 0x9e, 0x5d, - 0x94, 0x7d, 0x40, 0x76, 0xa9, 0x16, 0x96, 0x9e, - 0x83, 0xe0, 0x0d, 0xec, 0xa0, 0xec, 0x76, 0x2a, - 0xb7, 0xa0, 0xff, 0xb8, 0x50, 0x4c, 0x5b, 0xc6, - 0x8b, 0x0a, 0x65, 0x2e, 0xfe, 0xb4, 0x40, 0x9a, - 0x01, 0xd8, 0xc6, 0xa3, 0xab, 0x99, 0xa2, 0xc5, - 0x0c, 0x08, 0xc4, 0xb7, 0xee, 0x4d, 0x1d, 0xc4, - 0x08, 0x15, 0xd0, 0xdb, 0xaa, 0x63, 0x4f, 0x31, - 0xeb, 0x14, 0x97, 0x43, 0xbd, 0xc1, 0x94, 0x08, - 0xe6, 0xde, 0x43, 0x9f, 0x95, 0x0b, 0x96, 0x7e, - 0x7f, 0x3c, 0x68, 0xba, 0x6f, 0xc4, 0xc9, 0x35, - 0x2b, 0xc4, 0x0e, 0xda, 0x1f, 0x91, 0x68, 0x64, - 0x63, 0x34, 0x73, 0xbe, 0x57, 0x75, 0xb9, 0xed, - 0xf7, 0x2d, 0x3b, 0x05, 0x21, 0x93, 0x28, 0x48, - 0x96, 0x95, 0x97, 0xa0, 0xd2, 0x7d, 0x78, 0xbb, - 0x6a, 0x49, 0x8f, 0x76, 0x55, 0x74, 0x63, 0xb9, - 0xc5, 0x36, 0x12, 0x25, 0xbf, 0x03, 0x82, 0x8f, - 0xf0, 0xf6, 0x80, 0xbb, 0x33, 0xb4, 0xf4, 0x17, - 0x27, 0x1c, 0xf3, 0x4c, 0x10, 0xa3, 0xe4, 0xd1, - 0x55, 0xd9, 0x68, 0x21, 0x4e, 0x5a, 0x83, 0x67, - 0xbf, 0xf8, 0x3c, 0x7d, 0x4e, 0x62, 0xd3, 0x28, - 0xa7, 0x26, 0x6f, 0xe9, 0xee, 0xc2, 0x0b, 0x2d, - 0x03, 0x84, 0xb1, 0xff, 0xd6, 0x68, 0x1f, 0xb6, - 0xf2, 0xe4, 0x0f, 0xda, 0x2d, 0xee, 0x5f, 0x6e, - 0x21, 0xc8, 0xe1, 0xfc, 0xad, 0x6b, 0x0e, 0x04, - 0x7d, 0xaf, 0xc2, 0x3b, 0xa5, 0x68, 0x9b, 0x0c, - 0xf3, 0x56, 0xf3, 0xda, 0x8d, 0xc8, 0x7d, 0x39, - 0xdc, 0xd5, 0x99, 0xc6, 0x01, 0x10, 0xce, 0x42, - 0x1b, 0xac, 0x48, 0xdc, 0x97, 0x78, 0x0a, 0xec, - 0xb3, 0x8f, 0x47, 0x35, 0xa3, 0x6a, 0x64, 0xb2, - 0x8e, 0x63, 0x69, 0x22, 0x66, 0xae, 0x2e, 0xe0, - 0x88, 0xf9, 0x40, 0x3c, 0xc9, 0xa2, 0x57, 0x61, - 0xf6, 0xad, 0xf0, 0xdc, 0x90, 0x56, 0x3f, 0x06, - 0x9b, 0x7d, 0xbd, 0xc2, 0x81, 0x02, 0xab, 0xb8, - 0x15, 0x09, 0x88, 0x4a, 0xff, 0x2f, 0x31, 0xbf, - 0x5e, 0xfa, 0x6a, 0x7e, 0xf6, 0xc5, 0xa7, 0xf7, - 0xd5, 0xab, 0x55, 0xac, 0xae, 0x0d, 0x8c, 0x8d, - 0x7f, 0x4b, 0x25, 0xbb, 0x32, 0xff, 0x11, 0x33, - 0x2e, 0x37, 0x37, 0x69, 0x96, 0x15, 0x17, 0xb1, - 0x17, 0x49, 0xe0, 0x9a, 0x9c, 0xd9, 0x5b, 0x8d, - 0x58, 0xa3, 0x1d, 0x92, 0x87, 0xf8, 0x80, 0xb9, - 0xbd, 0x5a, 0xec, 0x40, 0xe1, 0x00, 0x33, 0x60, - 0xe4, 0x86, 0x16, 0x6d, 0x61, 0x81, 0xf2, 0x28, - 0x6a, 0xa7, 0xce, 0x3f, 0x95, 0xae, 0x43, 0xca, - 0xe1, 0x3f, 0x81, 0x74, 0x7e, 0x1c, 0x47, 0x17, - 0x95, 0xc6, 0x60, 0xda, 0x74, 0x77, 0xd9, 0x9f, - 0xfa, 0x92, 0xb4, 0xbe, 0xe1, 0x23, 0x98, 0x18, - 0x95, 0x63, 0x03, 0x13, 0x4c, 0x1a, 0x2d, 0x41, - 0xcd, 0xe4, 0x84, 0xf7, 0xe6, 0x38, 0xef, 0xff, - 0x95, 0xb2, 0xe8, 0x7c, 0x8f, 0x58, 0xb5, 0xb5, - 0xed, 0x27, 0x7f, 0x3c, 0x18, 0xab, 0xbe, 0x7f, - 0x4f, 0xe2, 0x35, 0x15, 0x71, 0xb7, 0x6f, 0x85, - 0x38, 0x9b, 0x88, 0xf6, 0x9c, 0x8d, 0x43, 0xb5, - 0x58, 0x9e, 0xf2, 0xd1, 0x96, 0xbe, 0xb7, 0xad, - 0x1a, 0xa0, 0x98 - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testimit2", - { - 0x80, 0xd9, 0xa0, 0xdc, 0x21, 0xf9, 0x30, 0x40, - 0x75, 0xfe, 0x49, 0x1b, 0x9e, 0x71, 0x90, 0x91, - 0x78, 0x88, 0x21, 0x60, 0x39, 0xe7, 0xc9, 0x2b, - 0xfb, 0x55, 0x1d, 0xf4, 0xdd, 0x2b, 0x0a, 0x01 - }, - G89_IMIT, - { 0 }, - { - 0x90, 0xf2, 0x11, 0x9a - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 10, - { - 0x1d, 0xeb, 0xe6, 0x79, 0x0a, 0x59, 0x00, 0xe6, - 0x8e, 0x5c - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testimit3", - { - 0xa9, 0xb6, 0x37, 0xcc, 0x6d, 0x9b, 0x2f, 0x25, - 0xb0, 0xdf, 0x47, 0x04, 0x50, 0x68, 0xb0, 0x27, - 0x41, 0x27, 0x58, 0x6a, 0xbd, 0x0a, 0x6e, 0x50, - 0x2f, 0xc6, 0xfc, 0xc0, 0x3e, 0x29, 0x42, 0xa5 - }, - G89_IMIT, - { 0 }, - { - 0x31, 0x7c, 0x16, 0xe4 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 6, - { - 0xef, 0x06, 0x8f, 0x14, 0xc9, 0x04 - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testimit4", - { - 0xb0, 0x6c, 0x48, 0x23, 0x0a, 0x6e, 0xf4, 0xec, - 0x27, 0x98, 0x01, 0x23, 0xa7, 0xd8, 0xbf, 0x60, - 0x89, 0xef, 0xad, 0xe8, 0x8f, 0x79, 0x14, 0x8c, - 0x18, 0x5c, 0x9a, 0xda, 0xef, 0x0b, 0xdd, 0xa0 - }, - G89_IMIT, - { 0 }, - { - 0xe9, 0x72, 0xae, 0xbf - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 16, - { - 0x02, 0xf8, 0xec, 0x2b, 0x4d, 0x1f, 0xbc, 0x7c, - 0x6e, 0x47, 0xe3, 0x87, 0x22, 0x75, 0x41, 0xa7 - }, - "id-Gost28147-89-CryptoPro-B-ParamSet", - "testimit5", - { - 0x33, 0xd3, 0xef, 0x01, 0x19, 0x95, 0x0e, 0x15, - 0xa1, 0x69, 0x75, 0xae, 0x56, 0x27, 0x17, 0x79, - 0x63, 0x47, 0xab, 0x62, 0x9d, 0x4a, 0xf0, 0x34, - 0xd3, 0x1e, 0x69, 0x74, 0xec, 0x31, 0x48, 0xfc - }, - G89_IMIT, - { 0 }, - { - 0xf5, 0x55, 0x1f, 0x28 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 8, - { - 0xf3, 0xb2, 0x29, 0xd2, 0x7a, 0x37, 0x03, 0x12 - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testimit6", - { - 0x42, 0x35, 0x81, 0x91, 0x0b, 0xa9, 0x99, 0xff, - 0xd9, 0x43, 0xf8, 0xc6, 0x19, 0x55, 0x1f, 0x2f, - 0x2d, 0x45, 0x40, 0x20, 0x1e, 0x1d, 0x32, 0x7a, - 0xb1, 0x07, 0x6b, 0x4f, 0x45, 0x90, 0xd9, 0x80 - }, - G89_IMIT, - { 0 }, - { - 0x6e, 0x15, 0xfa, 0xe8 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 0, - { - 0 - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testimit7", - { - 0x26, 0xcb, 0xb9, 0xf0, 0x0c, 0x62, 0x9f, 0xaa, - 0x4a, 0x1d, 0xb6, 0x30, 0x09, 0x01, 0x56, 0x89, - 0x66, 0xd4, 0xe4, 0x0e, 0xfe, 0xf6, 0x10, 0x6b, - 0x6c, 0xe8, 0x04, 0x3a, 0xe3, 0x61, 0x4b, 0x19 - }, - G89_IMIT, - { 0 }, - { - 0x00, 0x00, 0x00, 0x00 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 5242880, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test5Mimit", - { - 0xaa, 0x85, 0x84, 0xcd, 0x65, 0x28, 0xe1, 0xdb, - 0xb8, 0x20, 0x19, 0x43, 0xe0, 0x36, 0x35, 0x10, - 0x19, 0xc3, 0x70, 0x5b, 0x27, 0xc1, 0x9d, 0x84, - 0x75, 0xa3, 0xc6, 0x49, 0x46, 0x8f, 0x7c, 0x4e - }, - G89_IMIT, - { 0 }, - { - 0x2a, 0xe6, 0x23, 0xc6 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 3221225472ULL + 16, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test3Gimit1", - { - 0xd5, 0xda, 0xfe, 0x06, 0x60, 0xdc, 0xf0, 0xb3, - 0x49, 0x5a, 0x02, 0x59, 0xc8, 0x2e, 0x4a, 0x2b, - 0xcc, 0x9b, 0x98, 0x04, 0xb7, 0xf2, 0x78, 0xb7, - 0xce, 0xa3, 0xf2, 0xdb, 0x9e, 0xa8, 0x49, 0x1d - }, - G89_IMIT, - { 0 }, - { - 0xcc, 0x46, 0x67, 0xe4 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 4ULL*1024*1024*1024ULL, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test4Gimit3", - { - 0x0d, 0xf1, 0xa8, 0x7f, 0x57, 0x03, 0x44, 0xcc, - 0xdb, 0x20, 0xde, 0xed, 0x85, 0x50, 0x38, 0xda, - 0xc9, 0x44, 0xec, 0x2c, 0x0d, 0x66, 0xb7, 0xdc, - 0x17, 0x14, 0x55, 0x95, 0x33, 0x6e, 0x43, 0x3e - }, - G89_IMIT, - { 0 }, - { - 0xb7, 0x21, 0x2e, 0x48 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 4ULL*1024*1024*1024+4ULL, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test4Gimit1", - { - 0x0c, 0xf3, 0xe9, 0xb0, 0x28, 0x3b, 0x9f, 0x8b, - 0xe3, 0x82, 0xb9, 0xa2, 0xa6, 0xbd, 0x80, 0xd2, - 0xcd, 0xfa, 0x3f, 0xf7, 0x90, 0xa7, 0x55, 0x06, - 0x9b, 0x7a, 0x58, 0xee, 0xe7, 0xf1, 0x9d, 0xbe - }, - G89_IMIT, - { 0 }, - { - 0xda, 0x15, 0x10, 0x73 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 4ULL*1024*1024*1024+10ULL, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test4Gimit2", - { - 0x97, 0x1a, 0x42, 0x22, 0xfa, 0x07, 0xb2, 0xca, - 0xf9, 0xd2, 0x34, 0x5a, 0x92, 0xb1, 0x1f, 0x6b, - 0x53, 0xf8, 0xaf, 0xed, 0x9a, 0x73, 0xc4, 0x38, - 0xd7, 0x7d, 0x25, 0x81, 0x00, 0x0d, 0xd4, 0x29 - }, - G89_IMIT, - { 0 }, - { - 0x52, 0xaa, 0x22, 0xb4 - } - } -}; + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 1039, + {0x8c, 0x9c, 0x44, 0x35, 0xfb, 0xe9, 0xa5, 0xa3, 0xa0, 0xae, 0x28, 0x56, + 0x91, 0x10, 0x8e, 0x1e, 0xd2, 0xbb, 0x18, 0x53, 0x81, 0x27, 0x0d, 0xa6, + 0x68, 0x59, 0x36, 0xc5, 0x81, 0x62, 0x9a, 0x8e, 0x7d, 0x50, 0xf1, 0x6f, + 0x97, 0x62, 0x29, 0xec, 0x80, 0x51, 0xe3, 0x7d, 0x6c, 0xc4, 0x07, 0x95, + 0x28, 0x63, 0xdc, 0xb4, 0xb9, 0x2d, 0xb8, 0x13, 0xb1, 0x05, 0xb5, 0xf9, + 0xeb, 0x75, 0x37, 0x4e, 0xf7, 0xbf, 0x51, 0xf1, 0x98, 0x86, 0x43, 0xc4, + 0xe4, 0x3d, 0x3e, 0xa7, 0x62, 0xec, 0x41, 0x59, 0xe0, 0xbd, 0xfb, 0xb6, + 0xfd, 0xec, 0xe0, 0x77, 0x13, 0xd2, 0x59, 0x90, 0xa1, 0xb8, 0x97, 0x6b, + 0x3d, 0x8b, 0x7d, 0xfc, 0x9d, 0xca, 0x82, 0x73, 0x32, 0x70, 0x0a, 0x74, + 0x03, 0xc6, 0x0c, 0x26, 0x7f, 0x56, 0xf0, 0x9d, 0xb2, 0xeb, 0x71, 0x40, + 0xd7, 0xc3, 0xb1, 0xa7, 0xc5, 0x1e, 0x20, 0x17, 0xb3, 0x50, 0x1d, 0x8a, + 0x6e, 0x19, 0xcb, 0xbe, 0x20, 0x86, 0x2b, 0xd6, 0x1c, 0xfd, 0xb4, 0xb7, + 0x5d, 0x9a, 0xb3, 0xe3, 0x7d, 0x15, 0x7a, 0x35, 0x01, 0x9f, 0x5d, 0x65, + 0x89, 0x4b, 0x34, 0xc6, 0xf4, 0x81, 0x3f, 0x78, 0x30, 0xcf, 0xe9, 0x15, + 0x90, 0x9a, 0xf9, 0xde, 0xba, 0x63, 0xd0, 0x19, 0x14, 0x66, 0x3c, 0xb9, + 0xa4, 0xb2, 0x84, 0x94, 0x02, 0xcf, 0xce, 0x20, 0xcf, 0x76, 0xe7, 0xc5, + 0x48, 0xf7, 0x69, 0x3a, 0x5d, 0xec, 0xaf, 0x41, 0xa7, 0x12, 0x64, 0x83, + 0xf5, 0x99, 0x1e, 0x9e, 0xb2, 0xab, 0x86, 0x16, 0x00, 0x23, 0x8e, 0xe6, + 0xd9, 0x80, 0x0b, 0x6d, 0xc5, 0x93, 0xe2, 0x5c, 0x8c, 0xd8, 0x5e, 0x5a, + 0xae, 0x4a, 0x85, 0xfd, 0x76, 0x01, 0xea, 0x30, 0xf3, 0x78, 0x34, 0x10, + 0x72, 0x51, 0xbc, 0x9f, 0x76, 0xce, 0x1f, 0xd4, 0x8f, 0x33, 0x50, 0x34, + 0xc7, 0x4d, 0x7b, 0xcf, 0x91, 0x63, 0x7d, 0x82, 0x9e, 0xa1, 0x23, 0x45, + 0xf5, 0x45, 0xac, 0x98, 0x7a, 0x48, 0xff, 0x64, 0xd5, 0x59, 0x47, 0xde, + 0x2b, 0x3f, 0xfa, 0xec, 0x50, 0xe0, 0x81, 0x60, 0x8b, 0xc3, 0xfc, 0x80, + 0x98, 0x17, 0xc7, 0xa3, 0xc2, 0x57, 0x3d, 0xab, 0x91, 0x67, 0xf5, 0xc4, + 0xab, 0x92, 0xc8, 0xd6, 0x3b, 0x6b, 0x3f, 0xff, 0x15, 0x6b, 0xcf, 0x53, + 0x65, 0x02, 0xf1, 0x74, 0xca, 0xa9, 0xbe, 0x24, 0xd2, 0xf0, 0xb7, 0x26, + 0xa8, 0xd7, 0x6d, 0xed, 0x90, 0x36, 0x7b, 0x3e, 0x41, 0xa9, 0x7f, 0xa3, + 0x1b, 0xf4, 0x43, 0xc5, 0x51, 0xbe, 0x28, 0x59, 0xe9, 0x45, 0x26, 0x49, + 0x38, 0x32, 0xf8, 0xf3, 0x92, 0x6e, 0x30, 0xcc, 0xb0, 0xa0, 0xf9, 0x01, + 0x14, 0xc8, 0xba, 0xd9, 0xf0, 0x2a, 0x29, 0xe2, 0x52, 0x9a, 0x76, 0x95, + 0x3a, 0x16, 0x32, 0xec, 0xf4, 0x10, 0xec, 0xee, 0x47, 0x00, 0x70, 0x19, + 0xe4, 0x72, 0x35, 0x66, 0x44, 0x53, 0x2d, 0xa2, 0xf3, 0xaa, 0x7e, 0x8a, + 0x33, 0x13, 0xcd, 0xc8, 0xbf, 0x0e, 0x40, 0x90, 0x00, 0xe4, 0x42, 0xc3, + 0x09, 0x84, 0xe1, 0x66, 0x17, 0xa2, 0xaf, 0x03, 0xab, 0x6b, 0xa1, 0xec, + 0xfb, 0x17, 0x72, 0x81, 0xfe, 0x9a, 0x9f, 0xf4, 0xb2, 0x33, 0x1f, 0xae, + 0x0c, 0xd1, 0x6a, 0xae, 0x19, 0xb8, 0xaf, 0xec, 0xe3, 0xea, 0x00, 0xf8, + 0xac, 0x87, 0x07, 0x5f, 0x6d, 0xb0, 0xac, 0x6b, 0x22, 0x48, 0x36, 0xbf, + 0x22, 0x18, 0xb0, 0x03, 0x9f, 0x6c, 0x70, 0x45, 0x36, 0xf0, 0x6b, 0xc6, + 0xc2, 0xa5, 0x72, 0x2c, 0xd8, 0xe0, 0x27, 0x3d, 0xec, 0x56, 0x07, 0x05, + 0x7d, 0x83, 0xa1, 0x65, 0x7d, 0x41, 0x5b, 0xcd, 0x77, 0x24, 0xe5, 0xaa, + 0x76, 0x47, 0xd0, 0x50, 0xf6, 0xe7, 0xb5, 0x59, 0x75, 0x31, 0x27, 0xef, + 0xd8, 0xa6, 0x4e, 0x7f, 0xb8, 0x40, 0xb1, 0xdf, 0x53, 0x14, 0xed, 0xf1, + 0x68, 0x5f, 0xfc, 0x3f, 0x02, 0xdb, 0x05, 0xeb, 0x31, 0xe4, 0x2c, 0x7f, + 0x32, 0xb5, 0x70, 0x8e, 0x75, 0x85, 0xa4, 0x5c, 0x16, 0x23, 0x37, 0xf2, + 0x10, 0x79, 0xcb, 0xdc, 0xf8, 0x1c, 0x25, 0xc2, 0xa1, 0x3d, 0x9c, 0x33, + 0x6c, 0xed, 0xc3, 0xe7, 0xf3, 0x02, 0x87, 0x82, 0x4e, 0xfb, 0xac, 0xb3, + 0x2d, 0xfc, 0xf8, 0x0d, 0x1d, 0x4a, 0x39, 0xd4, 0xb3, 0x09, 0xbb, 0xe9, + 0x25, 0xc7, 0xec, 0x6a, 0x87, 0x72, 0x84, 0xed, 0x12, 0x60, 0x19, 0x64, + 0xeb, 0x16, 0x2a, 0x5b, 0x10, 0x76, 0x27, 0xff, 0x7b, 0xe4, 0xae, 0xe5, + 0xa4, 0x04, 0x02, 0x7f, 0xbb, 0x0a, 0xb5, 0xf4, 0x05, 0xa5, 0x56, 0x1c, + 0x53, 0x31, 0x7a, 0x93, 0xba, 0x16, 0x15, 0xab, 0x62, 0x60, 0xfc, 0xde, + 0x72, 0x36, 0x6e, 0x28, 0xaf, 0x98, 0x0d, 0xe6, 0xf4, 0xde, 0x60, 0xa7, + 0x7e, 0x06, 0x07, 0x86, 0xf3, 0x94, 0xb6, 0x6d, 0x0d, 0x93, 0xa6, 0xbc, + 0x60, 0x70, 0x33, 0xac, 0x3f, 0xa1, 0xa8, 0x4a, 0x20, 0x61, 0xb6, 0xb5, + 0x43, 0xa3, 0x15, 0x5a, 0x00, 0xbe, 0x76, 0x98, 0x57, 0x72, 0xab, 0x7a, + 0x0e, 0x18, 0x93, 0x82, 0x3a, 0x18, 0x78, 0x6e, 0x71, 0x7b, 0x78, 0x4f, + 0x7e, 0x8c, 0xde, 0x7a, 0x62, 0xb5, 0x0a, 0x7c, 0x45, 0x1d, 0x16, 0xd5, + 0xc3, 0x8c, 0x9b, 0x25, 0xb4, 0x50, 0x90, 0xcd, 0x96, 0x93, 0xad, 0x0f, + 0xd4, 0x43, 0xcb, 0x49, 0x0f, 0xfc, 0x5a, 0x31, 0xf4, 0x19, 0xb7, 0xd4, + 0xeb, 0x4d, 0x40, 0x58, 0xd0, 0x3b, 0xc8, 0xe0, 0x4a, 0x54, 0x2f, 0xdb, + 0x22, 0xc3, 0x29, 0x7b, 0x40, 0x90, 0x61, 0x43, 0xd3, 0x7e, 0xe2, 0x30, + 0x2b, 0x48, 0x3c, 0xce, 0x90, 0x93, 0xb1, 0x8b, 0x31, 0x96, 0x65, 0x6d, + 0x57, 0x8b, 0x9d, 0x4d, 0x53, 0xf0, 0x83, 0x1c, 0xe5, 0xa1, 0x9d, 0x55, + 0xe3, 0xbf, 0x7e, 0xca, 0x1a, 0x74, 0x66, 0x14, 0xcc, 0x47, 0x43, 0xd9, + 0xbb, 0xef, 0x97, 0x7d, 0xb7, 0x6e, 0xff, 0xf1, 0x22, 0xf8, 0x10, 0x2d, + 0x3f, 0xcd, 0x49, 0x96, 0xd9, 0x09, 0x11, 0xb8, 0x33, 0xd0, 0x23, 0x9a, + 0xfa, 0x16, 0xcb, 0x50, 0x26, 0x57, 0x24, 0x5c, 0x0e, 0xba, 0xf0, 0x3f, + 0x37, 0x2f, 0xa3, 0xf7, 0x18, 0x57, 0x48, 0x48, 0x95, 0xcf, 0xef, 0x87, + 0x67, 0x2a, 0xe9, 0xb6, 0x8a, 0x21, 0x36, 0x7f, 0xff, 0x48, 0x6c, 0x46, + 0x35, 0x57, 0xf2, 0xbc, 0x48, 0x67, 0x8f, 0x63, 0x23, 0x78, 0x11, 0x2b, + 0xc2, 0x08, 0xde, 0x51, 0xe8, 0x8b, 0x92, 0x29, 0xf9, 0x9a, 0x9e, 0xad, + 0xed, 0x0f, 0xeb, 0xa2, 0xd2, 0x40, 0x92, 0xd4, 0xde, 0x62, 0x95, 0x76, + 0xfd, 0x6e, 0x3c, 0xbf, 0xc0, 0xd7, 0x0d, 0xe5, 0x1b, 0xa4, 0xc7, 0x18, + 0xe1, 0x58, 0xa4, 0x56, 0xef, 0x2e, 0x17, 0x1b, 0x75, 0xcb, 0xbc, 0xf9, + 0x2a, 0x95, 0x71, 0xa7, 0x1d, 0x7f, 0xe7, 0x73, 0x63, 0x05, 0x6b, 0x19, + 0x4c, 0xf4, 0x22, 0x14, 0xc4, 0x59, 0x88, 0x66, 0x92, 0x86, 0x61, 0x5c, + 0x6a, 0xae, 0xec, 0x58, 0xff, 0xc9, 0xf2, 0x44, 0xd4, 0xa2, 0xf5, 0x98, + 0xeb, 0x5f, 0x09, 0xbc, 0x8a, 0xbf, 0x3c, 0xb4, 0x3e, 0xb1, 0x20, 0x05, + 0x44, 0x96, 0x79, 0x0a, 0x40, 0x92, 0x7f, 0x9d, 0xd1, 0xaf, 0xbc, 0x90, + 0x95, 0x0a, 0x81, 0xd4, 0xa7, 0xc6, 0xb8, 0xe0, 0xe4, 0x39, 0x30, 0x1d, + 0x79, 0xc0, 0xe5, 0xfa, 0xb4, 0xe9, 0x63, 0xb4, 0x09, 0x72, 0x3b, 0x3e, + 0xd9, 0xf6, 0xd9, 0x10, 0x21, 0x18, 0x7e, 0xe5, 0xad, 0x81, 0xd7, 0xd5, + 0x82, 0xd0, 0x8c, 0x3b, 0x38, 0x95, 0xf8, 0x92, 0x01, 0xa9, 0x92, 0x00, + 0x70, 0xd1, 0xa7, 0x88, 0x77, 0x1f, 0x3a, 0xeb, 0xb5, 0xe4, 0xf5, 0x9d, + 0xc7, 0x37, 0x86, 0xb2, 0x12, 0x46, 0x34, 0x19, 0x72, 0x8c, 0xf5, 0x8c, + 0xf6, 0x78, 0x98, 0xe0, 0x7c, 0xd3, 0xf4}, + "id-Gost28147-89-CryptoPro-B-ParamSet", + "testcfb2", + {0x48, 0x0c, 0x74, 0x1b, 0x02, 0x6b, 0x55, 0xd5, 0xb6, 0x6d, 0xd7, + 0x1d, 0x40, 0x48, 0x05, 0x6b, 0x6d, 0xeb, 0x3c, 0x29, 0x0f, 0x84, + 0x80, 0x23, 0xee, 0x0d, 0x47, 0x77, 0xe3, 0xfe, 0x61, 0xc9}, + G89_CFB, + {0x1f, 0x3f, 0x82, 0x1e, 0x0d, 0xd8, 0x1e, 0x22}, + {0x23, 0xc6, 0x7f, 0x20, 0xa1, 0x23, 0x58, 0xbc, 0x7b, 0x05, 0xdb, 0x21, + 0x15, 0xcf, 0x96, 0x41, 0xc7, 0x88, 0xef, 0x76, 0x5c, 0x49, 0xdb, 0x42, + 0xbf, 0xf3, 0xc0, 0xf5, 0xbd, 0x5d, 0xd9, 0x8e, 0xaf, 0x3d, 0xf4, 0xe4, + 0xda, 0x88, 0xbd, 0xbc, 0x47, 0x5d, 0x76, 0x07, 0xc9, 0x5f, 0x54, 0x1d, + 0x1d, 0x6a, 0xa1, 0x2e, 0x18, 0xd6, 0x60, 0x84, 0x02, 0x18, 0x37, 0x92, + 0x92, 0x15, 0xab, 0x21, 0xee, 0x21, 0xcc, 0x71, 0x6e, 0x51, 0xd9, 0x2b, + 0xcc, 0x81, 0x97, 0x3f, 0xeb, 0x45, 0x99, 0xb8, 0x1b, 0xda, 0xff, 0x90, + 0xd3, 0x41, 0x06, 0x9c, 0x3f, 0xfb, 0xe4, 0xb2, 0xdc, 0xc9, 0x03, 0x0d, + 0xa7, 0xae, 0xd7, 0x7d, 0x02, 0xb8, 0x32, 0xab, 0xf3, 0x65, 0xa3, 0x65, + 0x6c, 0x4e, 0xe4, 0xa2, 0x5e, 0x9e, 0xee, 0xcd, 0xde, 0x79, 0x36, 0x6b, + 0x1b, 0xe1, 0x3c, 0xdf, 0x10, 0xad, 0x4f, 0x02, 0xe1, 0x14, 0xaa, 0x09, + 0xb4, 0x0b, 0x76, 0xeb, 0x69, 0x38, 0x20, 0x02, 0xcb, 0x8e, 0xc0, 0xdf, + 0xca, 0x48, 0x74, 0xc3, 0x31, 0xad, 0x42, 0x2c, 0x51, 0x9b, 0xd0, 0x6a, + 0xc1, 0x36, 0xd7, 0x21, 0xdf, 0xb0, 0x45, 0xba, 0xca, 0x7f, 0x35, 0x20, + 0x28, 0xbb, 0xc1, 0x76, 0xfd, 0x43, 0x5d, 0x23, 0x7d, 0x31, 0x84, 0x1a, + 0x97, 0x4d, 0x83, 0xaa, 0x7e, 0xf1, 0xc4, 0xe6, 0x83, 0xac, 0x0d, 0xef, + 0xef, 0x3c, 0xa4, 0x7c, 0x48, 0xe4, 0xc8, 0xca, 0x0d, 0x7d, 0xea, 0x7c, + 0x45, 0xd7, 0x73, 0x50, 0x25, 0x1d, 0x01, 0xc4, 0x02, 0x1a, 0xcd, 0xe0, + 0x38, 0x5b, 0xa8, 0x5a, 0x16, 0x9a, 0x10, 0x59, 0x74, 0xd7, 0x19, 0xc6, + 0xf3, 0xb5, 0x17, 0xf6, 0x59, 0x8d, 0x62, 0xaf, 0x44, 0xe8, 0xdc, 0xe9, + 0xc1, 0x76, 0xf1, 0xd0, 0xbd, 0x29, 0xd7, 0xec, 0x1d, 0xac, 0x57, 0xdb, + 0x1a, 0x3f, 0xd8, 0xf6, 0x6e, 0xb6, 0xe6, 0xdf, 0x36, 0xe7, 0x89, 0xce, + 0x56, 0x35, 0x43, 0x1c, 0x7d, 0x57, 0x79, 0x0e, 0xd8, 0xf4, 0xd7, 0xa7, + 0x0d, 0xc6, 0x8f, 0x91, 0x66, 0x67, 0x82, 0x0f, 0x49, 0xc9, 0xc5, 0x65, + 0x81, 0xa1, 0x39, 0x5a, 0x53, 0x9f, 0x02, 0xa5, 0xd5, 0x36, 0x22, 0xa8, + 0xa8, 0x1c, 0x37, 0x0e, 0x76, 0x46, 0xdf, 0xbd, 0x6a, 0xdb, 0xfc, 0x1b, + 0xbd, 0x10, 0xb8, 0xb1, 0xbc, 0x72, 0x4c, 0x58, 0x4a, 0xda, 0x6d, 0x66, + 0x00, 0xda, 0x7a, 0x66, 0xa0, 0xe7, 0x3b, 0x39, 0xa3, 0xf7, 0x05, 0x07, + 0xfa, 0x21, 0x4b, 0xc7, 0x94, 0xc0, 0xd3, 0x7b, 0x19, 0x02, 0x5d, 0x4a, + 0x10, 0xf1, 0xc2, 0x0f, 0x19, 0x68, 0x27, 0xc7, 0x7d, 0xbf, 0x55, 0x03, + 0x57, 0x7d, 0xaf, 0x77, 0xae, 0x80, 0x2f, 0x7a, 0xe6, 0x1f, 0x4b, 0xdc, + 0x15, 0x18, 0xc0, 0x62, 0xa1, 0xe8, 0xd9, 0x1c, 0x9e, 0x8c, 0x96, 0x39, + 0xc1, 0xc4, 0x88, 0xf7, 0x0c, 0xe1, 0x04, 0x84, 0x68, 0x51, 0xce, 0xf1, + 0x90, 0xda, 0x7f, 0x76, 0xc8, 0xc0, 0x88, 0xef, 0x8e, 0x15, 0x25, 0x3e, + 0x7b, 0xe4, 0x79, 0xb5, 0x66, 0x2d, 0x9c, 0xd1, 0x13, 0xda, 0xd0, 0xd5, + 0x46, 0xd5, 0x8d, 0x46, 0x18, 0x07, 0xee, 0xd8, 0xc9, 0x64, 0xe3, 0xbe, + 0x0e, 0x68, 0x27, 0x09, 0x96, 0x26, 0xf6, 0xe2, 0x19, 0x61, 0x3f, 0xf4, + 0x58, 0x27, 0x0a, 0xeb, 0xce, 0x7c, 0xb6, 0x68, 0x92, 0xe7, 0x12, 0x3b, + 0x31, 0xd4, 0x48, 0xdf, 0x35, 0x8d, 0xf4, 0x86, 0x42, 0x2a, 0x15, 0x4b, + 0xe8, 0x19, 0x1f, 0x26, 0x65, 0x9b, 0xa8, 0xda, 0x4b, 0x79, 0x1f, 0x8e, + 0xe6, 0x13, 0x7e, 0x49, 0x8f, 0xc1, 0xce, 0xdc, 0x5e, 0x64, 0x74, 0xce, + 0x02, 0x78, 0xe0, 0xcf, 0xa0, 0xed, 0x5e, 0x31, 0x74, 0xd1, 0xd0, 0xb4, + 0xee, 0x70, 0x19, 0x14, 0x3c, 0x8f, 0x16, 0xa6, 0xcf, 0x12, 0x93, 0x15, + 0x88, 0xeb, 0x91, 0x65, 0x76, 0x98, 0xfd, 0xa1, 0x94, 0x30, 0xba, 0x43, + 0x62, 0x65, 0x40, 0x04, 0x77, 0x9e, 0xd6, 0xab, 0x8b, 0x0d, 0x93, 0x80, + 0x50, 0x5f, 0xa2, 0x76, 0x20, 0xa7, 0xd6, 0x9c, 0x27, 0x15, 0x27, 0xbc, + 0xa5, 0x5a, 0xbf, 0xe9, 0x92, 0x82, 0x05, 0xa8, 0x41, 0xe9, 0xb5, 0x60, + 0xd5, 0xc0, 0xd7, 0x4b, 0xad, 0x38, 0xb2, 0xe9, 0xd1, 0xe5, 0x51, 0x5f, + 0x24, 0x78, 0x24, 0x9a, 0x23, 0xd2, 0xc2, 0x48, 0xbd, 0x0e, 0xf1, 0x37, + 0x72, 0x91, 0x87, 0xb0, 0x4e, 0xbd, 0x99, 0x6b, 0x2c, 0x01, 0xb6, 0x79, + 0x69, 0xec, 0x0c, 0xed, 0xe5, 0x3f, 0x50, 0x64, 0x7c, 0xb9, 0xdd, 0xe1, + 0x92, 0x81, 0xb5, 0xd0, 0xcb, 0x17, 0x83, 0x86, 0x8b, 0xea, 0x4f, 0x93, + 0x08, 0xbc, 0x22, 0x0c, 0xef, 0xe8, 0x0d, 0xf5, 0x9e, 0x23, 0xe1, 0xf9, + 0xb7, 0x6b, 0x45, 0x0b, 0xcb, 0xa9, 0xb6, 0x4d, 0x28, 0x25, 0xba, 0x3e, + 0x86, 0xf2, 0x75, 0x47, 0x5d, 0x9d, 0x6b, 0xf6, 0x8a, 0x05, 0x58, 0x73, + 0x3d, 0x00, 0xde, 0xfd, 0x69, 0xb1, 0x61, 0x16, 0xf5, 0x2e, 0xb0, 0x9f, + 0x31, 0x6a, 0x00, 0xb9, 0xef, 0x71, 0x63, 0x47, 0xa3, 0xca, 0xe0, 0x40, + 0xa8, 0x7e, 0x02, 0x04, 0xfe, 0xe5, 0xce, 0x48, 0x73, 0xe3, 0x94, 0xcf, + 0xe2, 0xff, 0x29, 0x7e, 0xf6, 0x32, 0xbb, 0xb7, 0x55, 0x12, 0x21, 0x7a, + 0x9c, 0x75, 0x04, 0x0c, 0xb4, 0x7c, 0xb0, 0x3d, 0x40, 0xb3, 0x11, 0x9a, + 0x7a, 0x9a, 0x13, 0xfb, 0x77, 0xa7, 0x51, 0x68, 0xf7, 0x05, 0x47, 0x3b, + 0x0f, 0x52, 0x5c, 0xe6, 0xc2, 0x99, 0x3a, 0x37, 0x54, 0x5c, 0x4f, 0x2b, + 0xa7, 0x01, 0x08, 0x74, 0xbc, 0x91, 0xe3, 0xe2, 0xfe, 0x65, 0x94, 0xfd, + 0x3d, 0x18, 0xe0, 0xf0, 0x62, 0xed, 0xc2, 0x10, 0x82, 0x9c, 0x58, 0x7f, + 0xb2, 0xa3, 0x87, 0x8a, 0x74, 0xd9, 0xc1, 0xfb, 0x84, 0x28, 0x17, 0xc7, + 0x2b, 0xcb, 0x53, 0x1f, 0x4e, 0x8a, 0x82, 0xfc, 0xb4, 0x3f, 0xc1, 0x47, + 0x25, 0xf3, 0x21, 0xdc, 0x4c, 0x2d, 0x08, 0xfa, 0xe7, 0x0f, 0x03, 0xa9, + 0x68, 0xde, 0x6b, 0x41, 0xa0, 0xf9, 0x41, 0x6c, 0x57, 0x4d, 0x3a, 0x0e, + 0xea, 0x51, 0xca, 0x9f, 0x97, 0x11, 0x7d, 0xf6, 0x8e, 0x88, 0x63, 0x67, + 0xc9, 0x65, 0x13, 0xca, 0x38, 0xed, 0x35, 0xbe, 0xf4, 0x27, 0xa9, 0xfc, + 0xa9, 0xe6, 0xc3, 0x40, 0x86, 0x08, 0x39, 0x72, 0x37, 0xee, 0xb2, 0x87, + 0x09, 0x96, 0xb7, 0x40, 0x87, 0x36, 0x92, 0xc1, 0x5d, 0x6a, 0x2c, 0x43, + 0xca, 0x25, 0xc8, 0x35, 0x37, 0x2d, 0xb5, 0xa9, 0x27, 0x44, 0x50, 0xf2, + 0x6d, 0x22, 0x75, 0x41, 0x77, 0x2a, 0xdb, 0xb1, 0x8c, 0x6d, 0x05, 0xe8, + 0xc9, 0x99, 0xc7, 0x08, 0xf9, 0x14, 0x8f, 0x78, 0xa9, 0x8f, 0xc2, 0x5a, + 0x7a, 0x65, 0xc5, 0xd8, 0x86, 0xbb, 0x72, 0x69, 0x6b, 0x6b, 0x45, 0x83, + 0x5b, 0xb1, 0xf7, 0xcd, 0x16, 0x73, 0xee, 0xe9, 0x80, 0x85, 0xfe, 0x8e, + 0xe1, 0xae, 0x53, 0x8f, 0xde, 0xbe, 0x48, 0x8b, 0x59, 0xef, 0xf6, 0x7e, + 0xd8, 0xb5, 0xa8, 0x47, 0xc0, 0x4e, 0x15, 0x58, 0xca, 0xd3, 0x2f, 0xf8, + 0x6c, 0xa6, 0x3d, 0x78, 0x4d, 0x7a, 0x54, 0xd6, 0x10, 0xe5, 0xcc, 0x05, + 0xe2, 0x29, 0xb5, 0x86, 0x07, 0x39, 0x7d, 0x78, 0x8e, 0x5a, 0x8f, 0x83, + 0x4c, 0xe7, 0x3d, 0x68, 0x3e, 0xe5, 0x02, 0xe6, 0x64, 0x4f, 0x5e, 0xb4, + 0x49, 0x77, 0xf0, 0xc0, 0xfa, 0x6f, 0xc8, 0xfb, 0x9f, 0x84, 0x6f, 0x55, + 0xfb, 0x30, 0x5e, 0x89, 0x93, 0xa9, 0xf3, 0xa6, 0xa3, 0xd7, 0x26, 0xbb, + 0xd8, 0xa8, 0xd9, 0x95, 0x1d, 0xfe, 0xfc, 0xd7, 0xa8, 0x93, 0x66, 0x2f, + 0x04, 0x53, 0x06, 0x64, 0x7f, 0x31, 0x29, 0xae, 0xb7, 0x9f, 0xba, 0xc4, + 0x6d, 0x68, 0xd1, 0x24, 0x32, 0xf4, 0x11}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 4, + {0x07, 0x9c, 0x91, 0xbe}, + "id-Gost28147-89-CryptoPro-C-ParamSet", + "testcfb3", + {0x77, 0xc3, 0x45, 0x8e, 0xf6, 0x42, 0xe7, 0x04, 0x8e, 0xfc, 0x08, + 0xe4, 0x70, 0x96, 0xd6, 0x05, 0x93, 0x59, 0x02, 0x6d, 0x6f, 0x97, + 0xca, 0xe9, 0xcf, 0x89, 0x44, 0x4b, 0xde, 0x6c, 0x22, 0x1d}, + G89_CFB, + {0x43, 0x7c, 0x3e, 0x8e, 0x2f, 0x2a, 0x00, 0x98}, + {0x19, 0x35, 0x81, 0x34}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 9, + {0x2f, 0x31, 0xd8, 0x83, 0xb4, 0x20, 0xe8, 0x6e, 0xda}, + "id-Gost28147-89-CryptoPro-D-ParamSet", + "testcfb4", + {0x38, 0x9f, 0xe8, 0x37, 0xff, 0x9c, 0x5d, 0x29, 0xfc, 0x48, 0x55, + 0xa0, 0x87, 0xea, 0xe8, 0x40, 0x20, 0x87, 0x5b, 0xb2, 0x01, 0x15, + 0x55, 0xa7, 0xe3, 0x2d, 0xcb, 0x3d, 0xd6, 0x59, 0x04, 0x73}, + G89_CFB, + {0xc5, 0xa2, 0xd2, 0x1f, 0x2f, 0xdf, 0xb8, 0xeb}, + {0x6d, 0xa4, 0xed, 0x40, 0x08, 0x88, 0x71, 0xad, 0x16}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 5242880 + 8, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test5Mcfb", + {0x61, 0x58, 0x44, 0x5a, 0x41, 0xf6, 0xc7, 0x0f, 0x6b, 0xdb, 0x51, + 0x91, 0x6a, 0xf6, 0x81, 0x30, 0x8c, 0xa7, 0x98, 0xdd, 0x38, 0x35, + 0x8a, 0x60, 0x85, 0xb4, 0xf0, 0xf9, 0x43, 0xa2, 0x7d, 0x9a}, + G89_CFB, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x1c, 0x16, 0xa0, 0xe9, 0x63, 0x94, 0xfe, 0x38, 0x37, 0xa7, 0x9b, 0x70, + 0x25, 0x2e, 0xd6, 0x00}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 4294967296ULL + 16, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test4Gcfb", + {0xae, 0x57, 0xa2, 0xdd, 0xa4, 0xef, 0x4f, 0x96, 0xb8, 0x94, 0xa5, + 0xd1, 0x1b, 0xc8, 0x9b, 0x42, 0xa5, 0x24, 0xcc, 0x89, 0x5c, 0xb8, + 0x92, 0x52, 0xc1, 0x12, 0x6a, 0xb0, 0x9a, 0x26, 0xe8, 0x06}, + G89_CFB, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x2e, 0x62, 0xb0, 0x2e, 0xc7, 0x87, 0x4b, 0x29, 0x33, 0x16, 0x6b, 0xb4, + 0xd6, 0x61, 0x66, 0xd9}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 1037, + {0x3d, 0x0b, 0x69, 0xf7, 0xa8, 0xe4, 0xfc, 0x99, 0x22, 0x2e, 0xee, 0xd1, + 0x63, 0x12, 0xfe, 0xa8, 0x9d, 0xcb, 0x6c, 0x4d, 0x48, 0x8c, 0xe8, 0xbd, + 0x8b, 0x60, 0xf1, 0xbf, 0x7b, 0xe3, 0x79, 0xd5, 0x2b, 0x25, 0x97, 0x13, + 0xef, 0x35, 0xda, 0xf4, 0xbc, 0x77, 0xce, 0xea, 0xe9, 0x3f, 0xa4, 0xb6, + 0x01, 0xd5, 0x73, 0x29, 0x58, 0xda, 0xd7, 0x67, 0x17, 0xac, 0xe4, 0x75, + 0x2f, 0x57, 0x23, 0xac, 0x96, 0x21, 0xc7, 0x62, 0x2d, 0xf7, 0x32, 0xb5, + 0x44, 0x5f, 0x72, 0xb1, 0x5f, 0xba, 0x1b, 0x1e, 0xdb, 0x4a, 0x09, 0x8c, + 0x92, 0x61, 0xa2, 0xb0, 0x49, 0x68, 0xe5, 0xb3, 0xa2, 0x8f, 0x13, 0x4b, + 0xf5, 0x4d, 0x84, 0xda, 0xab, 0xa0, 0xb6, 0xd1, 0x5a, 0x63, 0x19, 0xe8, + 0xa2, 0x09, 0xf6, 0x76, 0x6f, 0x9b, 0x48, 0x0a, 0x15, 0x5d, 0xb7, 0x20, + 0x21, 0x9a, 0x2e, 0xb9, 0x6d, 0xfa, 0x1e, 0xc2, 0x0e, 0xef, 0x15, 0xab, + 0x59, 0x01, 0xfe, 0x43, 0x90, 0xf2, 0x62, 0xca, 0x4a, 0x9a, 0x48, 0x38, + 0xab, 0x6f, 0x9d, 0x21, 0xb3, 0xad, 0xa7, 0x60, 0x46, 0xe3, 0xef, 0xd0, + 0xe3, 0x1d, 0xc5, 0xe1, 0xb8, 0xa1, 0xe2, 0x99, 0x20, 0xc5, 0x76, 0xcc, + 0xaa, 0x8a, 0xa9, 0x45, 0x55, 0xa0, 0x78, 0x00, 0x64, 0xde, 0xcf, 0x5b, + 0xdf, 0x26, 0x48, 0xcd, 0xba, 0x8a, 0xb5, 0xfb, 0xfd, 0x4a, 0xd5, 0xc4, + 0xe0, 0x43, 0xa6, 0x71, 0x90, 0xa4, 0x8b, 0xca, 0x2e, 0x88, 0x7b, 0xac, + 0xb2, 0xdc, 0xf2, 0x01, 0xcb, 0xda, 0x6e, 0x91, 0x27, 0x28, 0x44, 0x88, + 0x9a, 0xd2, 0x12, 0xf1, 0xa6, 0xf5, 0xb7, 0x61, 0xce, 0x79, 0x62, 0x52, + 0x3c, 0xe6, 0x14, 0x73, 0xd1, 0x41, 0x92, 0x50, 0xbd, 0xdc, 0x3b, 0xd0, + 0xa7, 0x11, 0x8c, 0x3a, 0xe4, 0x2d, 0xf2, 0x52, 0xd3, 0x2f, 0x7c, 0x8e, + 0x54, 0x90, 0x4e, 0x23, 0xae, 0xb3, 0xa0, 0xf3, 0x25, 0x7e, 0x66, 0xaa, + 0x0f, 0x6f, 0x81, 0x72, 0x77, 0xbb, 0xd3, 0x47, 0xe8, 0x05, 0xff, 0xe1, + 0x5b, 0xc9, 0x37, 0x50, 0x33, 0x49, 0x17, 0xaf, 0xab, 0x1d, 0xe1, 0x15, + 0xf2, 0xe5, 0x98, 0x5e, 0x2d, 0x05, 0x1f, 0x0d, 0x55, 0x97, 0xed, 0xff, + 0x5e, 0xe0, 0x0f, 0xc3, 0x9c, 0xbd, 0x82, 0xc2, 0x06, 0xbe, 0x45, 0x66, + 0xae, 0x33, 0xbe, 0x28, 0x48, 0xe9, 0x2d, 0x1a, 0xe6, 0x65, 0x8e, 0xdf, + 0x76, 0x03, 0x73, 0x4b, 0xc0, 0x80, 0x71, 0xf9, 0xac, 0xba, 0xa0, 0xb0, + 0x19, 0x1a, 0x0a, 0xd4, 0x35, 0x12, 0x88, 0x76, 0x05, 0x75, 0x8f, 0x7c, + 0xb5, 0xf0, 0x19, 0x75, 0x6d, 0x05, 0xcb, 0x0d, 0xbc, 0x8d, 0xe9, 0xf0, + 0xd4, 0xdb, 0x3c, 0x3c, 0x29, 0x8e, 0x2c, 0x32, 0x1d, 0xf7, 0xb6, 0x49, + 0xcf, 0xdb, 0x63, 0xee, 0x3c, 0xfa, 0x33, 0x73, 0x6f, 0xe4, 0x97, 0x4e, + 0x2f, 0xc9, 0x4c, 0x5c, 0x65, 0xfe, 0xea, 0xfb, 0xc6, 0xdd, 0xc1, 0x1c, + 0x47, 0x3f, 0xf4, 0x50, 0x2f, 0xde, 0x1b, 0x5b, 0x0b, 0x16, 0xca, 0xb6, + 0x46, 0x44, 0xf2, 0xc1, 0x0d, 0xa1, 0x1d, 0xa6, 0xdb, 0xf0, 0x3d, 0xb1, + 0x6c, 0x05, 0x31, 0x85, 0x8e, 0x74, 0xae, 0xf2, 0x39, 0x26, 0xf7, 0xc1, + 0xe7, 0x4c, 0xdd, 0x9d, 0x40, 0xb8, 0xf3, 0xc5, 0xc2, 0x16, 0x64, 0x6b, + 0xaa, 0xdb, 0x4b, 0x82, 0x5c, 0xd3, 0x02, 0xd3, 0x8f, 0x26, 0x79, 0x8d, + 0xb0, 0x78, 0x70, 0x19, 0x58, 0x0c, 0xb4, 0x31, 0x88, 0x44, 0x1c, 0x91, + 0x6f, 0xf4, 0x52, 0x39, 0xa8, 0xf5, 0xc0, 0x1b, 0xfe, 0xf2, 0x0e, 0x4b, + 0xac, 0x0a, 0xc2, 0x7e, 0x9c, 0x9b, 0xeb, 0x5d, 0x4e, 0x4f, 0x42, 0xd8, + 0x71, 0x0a, 0x97, 0x27, 0x03, 0x14, 0x96, 0xa6, 0x3d, 0x04, 0xea, 0x9f, + 0x14, 0x14, 0x27, 0x4c, 0xd9, 0xa2, 0x89, 0x5f, 0x65, 0x4a, 0xe1, 0x9d, + 0x2c, 0xb8, 0xf8, 0xd4, 0x8f, 0x2a, 0x57, 0x36, 0xcc, 0x06, 0x9c, 0x2c, + 0xc5, 0x13, 0x16, 0xdf, 0xfc, 0xae, 0x22, 0x16, 0xa8, 0x2b, 0x71, 0x6f, + 0x1d, 0xb3, 0x47, 0x54, 0x3f, 0x2d, 0x0a, 0x68, 0x9f, 0x2e, 0xf6, 0x90, + 0xd8, 0xa1, 0x21, 0x09, 0xd4, 0x97, 0xb9, 0x7b, 0x7f, 0x9b, 0x6a, 0xed, + 0xd1, 0xf0, 0xe3, 0xb6, 0x28, 0xc7, 0x62, 0x82, 0x00, 0xc9, 0x38, 0xa1, + 0x82, 0x78, 0xce, 0x87, 0xc8, 0x53, 0xac, 0x4f, 0x2e, 0x31, 0xb9, 0x50, + 0x7f, 0x36, 0x00, 0x4a, 0x32, 0xe6, 0xd8, 0xbb, 0x59, 0x45, 0x0e, 0x91, + 0x1b, 0x38, 0xa9, 0xbc, 0xb9, 0x5e, 0x6c, 0x6a, 0x9c, 0x03, 0x01, 0x1c, + 0xde, 0xe8, 0x1f, 0x1e, 0xe3, 0xde, 0x25, 0xa2, 0x56, 0x79, 0xe1, 0xbd, + 0x58, 0xc4, 0x93, 0xe6, 0xd0, 0x8a, 0x4d, 0x08, 0xab, 0xf7, 0xaa, 0xc3, + 0x7d, 0xc1, 0xee, 0x68, 0x37, 0xbc, 0x78, 0x0b, 0x19, 0x68, 0x2b, 0x2b, + 0x2e, 0x6d, 0xc4, 0x6f, 0xaa, 0x3b, 0xc6, 0x19, 0xcb, 0xf1, 0x58, 0xb9, + 0x60, 0x85, 0x45, 0xae, 0x52, 0x97, 0xba, 0x24, 0x32, 0x13, 0x72, 0x16, + 0x6e, 0x7b, 0xc1, 0x98, 0xac, 0xb1, 0xed, 0xb4, 0xcc, 0x6c, 0xcf, 0x45, + 0xfc, 0x50, 0x89, 0x80, 0x8e, 0x7a, 0xa4, 0xd3, 0x64, 0x50, 0x63, 0x37, + 0xc9, 0x6c, 0xf1, 0xc4, 0x3d, 0xfb, 0xde, 0x5a, 0x5c, 0xa8, 0x21, 0x35, + 0xe6, 0x2e, 0x8c, 0x2a, 0x3c, 0x12, 0x17, 0x79, 0x9a, 0x0d, 0x2e, 0x79, + 0xeb, 0x67, 0x1f, 0x2b, 0xf8, 0x6e, 0xca, 0xc1, 0xfa, 0x45, 0x18, 0x9e, + 0xdf, 0x6a, 0xe6, 0xcb, 0xe9, 0x5c, 0xc3, 0x09, 0xaf, 0x93, 0x58, 0x13, + 0xbf, 0x90, 0x84, 0x87, 0x75, 0xd6, 0x82, 0x28, 0x8d, 0xe7, 0x2f, 0xa3, + 0xfb, 0x97, 0x74, 0x2a, 0x73, 0x04, 0x82, 0x06, 0x76, 0x69, 0xb1, 0x0b, + 0x19, 0xfc, 0xae, 0xb3, 0xdd, 0x2a, 0xe5, 0xc1, 0x05, 0xd8, 0x80, 0x95, + 0x22, 0x90, 0x71, 0xfc, 0xc2, 0x92, 0x42, 0xfd, 0xf1, 0x70, 0xb4, 0x68, + 0x88, 0xa4, 0x9e, 0x0a, 0x24, 0x40, 0x13, 0xc8, 0xa2, 0x56, 0x4f, 0x39, + 0xe6, 0x06, 0xf1, 0xdc, 0xf5, 0x13, 0x0e, 0xad, 0x9c, 0x8b, 0xaf, 0xe9, + 0xe3, 0x88, 0x72, 0xff, 0xa0, 0x6d, 0xda, 0x08, 0x70, 0xb9, 0x2e, 0x83, + 0xc5, 0xbb, 0x32, 0xa5, 0x74, 0xc7, 0xfb, 0x7b, 0x76, 0xaf, 0x02, 0xbb, + 0x2b, 0xb8, 0x5e, 0x65, 0x02, 0xfe, 0x0e, 0xa0, 0x99, 0xce, 0x01, 0x3b, + 0x35, 0xe1, 0xb0, 0x22, 0xe5, 0x94, 0xbd, 0xdd, 0x8e, 0xbb, 0xf6, 0x75, + 0xbf, 0xbf, 0xee, 0x7a, 0xb1, 0x58, 0xb4, 0x81, 0xb8, 0x39, 0x3e, 0xb6, + 0x1e, 0xde, 0xda, 0x1b, 0xd5, 0xf7, 0xdd, 0x7d, 0x65, 0x9c, 0xaa, 0x56, + 0x93, 0xb8, 0xaf, 0x48, 0x53, 0xc7, 0x22, 0xe4, 0x1c, 0xdf, 0xe9, 0x79, + 0xb4, 0x20, 0x89, 0xcc, 0x2a, 0x79, 0x2c, 0x09, 0xbe, 0x78, 0xcf, 0xcc, + 0xf2, 0x90, 0xd6, 0x65, 0xc5, 0x29, 0xfc, 0xda, 0x69, 0xfc, 0xc0, 0xd6, + 0x70, 0x99, 0x61, 0x3f, 0x60, 0x02, 0xd8, 0x12, 0x22, 0xc8, 0x34, 0xc6, + 0x3b, 0xb3, 0xc2, 0x33, 0xa1, 0x5c, 0x8f, 0x4c, 0xd1, 0x52, 0x72, 0xf2, + 0x42, 0x05, 0x8e, 0x18, 0x1f, 0x16, 0xda, 0xb8, 0x53, 0xa1, 0x5f, 0x01, + 0x32, 0x1b, 0x90, 0xb3, 0x53, 0x9b, 0xd0, 0x85, 0x61, 0x2d, 0x17, 0xed, + 0x0a, 0xa4, 0xa5, 0x27, 0x09, 0x75, 0x7c, 0xbc, 0x30, 0xf7, 0x5e, 0x59, + 0x9a, 0x07, 0x96, 0x84, 0x28, 0x86, 0x4b, 0xa7, 0x22, 0x35, 0x28, 0xc7, + 0xed, 0x0d, 0xc3, 0xce, 0x98, 0xcc, 0x2d, 0xec, 0xd4, 0x98, 0x09, 0x8e, + 0x52, 0x5f, 0x2b, 0x9a, 0x13, 0xbe, 0x99, 0x16, 0x73, 0xd1, 0x1f, 0x81, + 0xe5, 0xa2, 0x08, 0x78, 0xcb, 0x0c, 0x20, 0xd4, 0xa5, 0xea, 0x4b, 0x5b, + 0x95, 0x5a, 0x92, 0x9a, 0x52}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testcnt2", + {0x1b, 0x5d, 0xdb, 0x77, 0xcf, 0xf9, 0xec, 0x95, 0x5e, 0xcc, 0x67, + 0x9f, 0x5d, 0x28, 0xad, 0x4a, 0x27, 0xf4, 0x32, 0xc6, 0xb2, 0xcb, + 0xb1, 0x45, 0x6a, 0x88, 0x14, 0x0c, 0x9b, 0x9b, 0x5f, 0x48}, + G89_CNT, + {0x71, 0x58, 0x8c, 0xe1, 0x55, 0xf4, 0xf6, 0xb3}, + {0x8e, 0xcd, 0x8f, 0xc8, 0xac, 0xe1, 0x15, 0x48, 0x2d, 0xae, 0x24, 0x8a, + 0xc7, 0xfb, 0xba, 0x0f, 0x1d, 0x8a, 0x95, 0xa2, 0x43, 0xef, 0xcb, 0xdc, + 0x59, 0x57, 0xa7, 0xc7, 0x0e, 0xe3, 0xe2, 0xb9, 0x0d, 0x86, 0x29, 0x62, + 0xcb, 0x83, 0x4d, 0x07, 0x0c, 0x40, 0xd4, 0x7b, 0x2e, 0xca, 0xba, 0xbf, + 0x4a, 0x60, 0x3b, 0x31, 0x98, 0xc8, 0x88, 0x47, 0xd9, 0x82, 0xab, 0xfc, + 0x8f, 0x48, 0xe2, 0x46, 0xab, 0xd3, 0xa1, 0xab, 0x8a, 0x05, 0x22, 0x8c, + 0xf4, 0xec, 0x9a, 0x1e, 0x76, 0xab, 0x1a, 0x60, 0xd9, 0x25, 0x6b, 0xb8, + 0x56, 0xe5, 0xb2, 0xea, 0x10, 0xf3, 0x62, 0x04, 0x32, 0x5e, 0xaa, 0x3b, + 0x7b, 0x57, 0xbc, 0x3b, 0x8b, 0x43, 0x47, 0xf2, 0xd5, 0x03, 0x7e, 0x51, + 0x01, 0xff, 0x77, 0x28, 0xca, 0x90, 0xa3, 0xfe, 0x7e, 0x2e, 0x70, 0x16, + 0x75, 0x18, 0x44, 0xf0, 0x1b, 0x85, 0x05, 0xea, 0xe3, 0x21, 0xf7, 0x26, + 0x86, 0x76, 0x3c, 0x67, 0x9d, 0xfc, 0xbc, 0x10, 0x7f, 0x77, 0xe4, 0xed, + 0xd3, 0x12, 0xf8, 0x83, 0x00, 0x1f, 0x4b, 0x92, 0x95, 0x92, 0x5c, 0xf3, + 0x5a, 0xf3, 0xb7, 0xd0, 0xa9, 0x5f, 0xf2, 0x18, 0xc4, 0x66, 0x62, 0xc1, + 0x84, 0x0e, 0x66, 0xe8, 0x80, 0x7d, 0x1f, 0xf0, 0xba, 0x01, 0x9b, 0x71, + 0xae, 0x93, 0xcc, 0x27, 0x54, 0x34, 0x9a, 0xbd, 0xca, 0xee, 0x52, 0x09, + 0x92, 0x9d, 0xb0, 0xd5, 0xd9, 0xba, 0x2f, 0xb9, 0x96, 0xdc, 0xfa, 0xbd, + 0xce, 0xea, 0x1a, 0x7b, 0x9a, 0x1d, 0x13, 0xa7, 0x11, 0xe2, 0x9a, 0x64, + 0xf6, 0xd3, 0xee, 0xc6, 0x33, 0xb7, 0x6e, 0xef, 0x25, 0x9e, 0x1e, 0x7c, + 0xe3, 0x1f, 0x2c, 0x6e, 0xa9, 0xc0, 0xf8, 0xc1, 0xbf, 0x3b, 0xf8, 0x34, + 0x03, 0x9b, 0xa1, 0x40, 0x5b, 0x0c, 0x3c, 0x09, 0x66, 0x9d, 0x63, 0xe2, + 0xe2, 0x04, 0x8f, 0x06, 0x84, 0x74, 0x68, 0xb2, 0x5c, 0x3b, 0x4c, 0xad, + 0x0b, 0x3f, 0x03, 0xb3, 0x07, 0x8a, 0x64, 0xa7, 0x36, 0x56, 0x26, 0x39, + 0x66, 0xda, 0xe9, 0x6d, 0x1b, 0xd5, 0x88, 0xe8, 0x5c, 0xaf, 0x5a, 0x4c, + 0x49, 0xf7, 0xf5, 0xb7, 0x78, 0xf0, 0xde, 0xec, 0xcd, 0x16, 0x23, 0x9e, + 0x8c, 0x13, 0xbe, 0x6b, 0x6f, 0x9b, 0x07, 0xe5, 0xbb, 0xcc, 0x3a, 0x1b, + 0x6f, 0x43, 0xdf, 0xff, 0x46, 0x2a, 0xae, 0x47, 0x19, 0x18, 0x9a, 0x25, + 0x09, 0xc9, 0x24, 0x40, 0x0c, 0x4b, 0xa7, 0xda, 0x5e, 0x0d, 0xee, 0xfa, + 0x62, 0x45, 0x8e, 0xcc, 0x2f, 0x23, 0x08, 0x1d, 0x92, 0xf0, 0xfe, 0x82, + 0x0f, 0xd7, 0x11, 0x60, 0x7e, 0x0b, 0x0b, 0x75, 0xf4, 0xf5, 0x3b, 0xc0, + 0xa4, 0xe8, 0x72, 0xa5, 0xb6, 0xfa, 0x5a, 0xad, 0x5a, 0x4f, 0x39, 0xb5, + 0xa2, 0x12, 0x96, 0x0a, 0x32, 0x84, 0xb2, 0xa1, 0x06, 0x68, 0x56, 0x57, + 0x97, 0xa3, 0x7b, 0x22, 0x61, 0x76, 0x5d, 0x30, 0x1a, 0x31, 0xab, 0x99, + 0x06, 0xc5, 0x1a, 0x96, 0xcf, 0xcf, 0x14, 0xff, 0xb2, 0xc4, 0xcc, 0x2b, + 0xbf, 0x0c, 0x9d, 0x91, 0x8f, 0x79, 0x5b, 0xbc, 0xa9, 0x6b, 0x91, 0x6a, + 0xb4, 0x93, 0x5c, 0x7b, 0x5d, 0xc2, 0x8a, 0x75, 0xc0, 0xc1, 0x08, 0xfa, + 0x99, 0xf9, 0x4d, 0x5e, 0x0c, 0x06, 0x64, 0x60, 0xa9, 0x01, 0x4a, 0x34, + 0x0f, 0x33, 0x84, 0x95, 0x69, 0x30, 0xc1, 0x1c, 0x36, 0xf8, 0xfc, 0x30, + 0x23, 0xb2, 0x71, 0xe5, 0x52, 0x4d, 0x12, 0x1a, 0xc9, 0xbe, 0xee, 0xc9, + 0xcb, 0x01, 0x85, 0xf3, 0xdb, 0x30, 0xf9, 0x41, 0xa9, 0x40, 0xb0, 0x06, + 0x29, 0x77, 0xcd, 0xc5, 0xec, 0x58, 0x02, 0x48, 0x83, 0x53, 0x44, 0x6a, + 0xd2, 0xca, 0x05, 0xd8, 0x5a, 0x08, 0xeb, 0xa9, 0xf4, 0xe6, 0xc7, 0x9d, + 0xd5, 0x7b, 0x74, 0x0b, 0x31, 0xb7, 0xa5, 0x57, 0x7c, 0x7a, 0xfd, 0x1a, + 0x0e, 0xd7, 0x97, 0x41, 0xbf, 0xdd, 0xc6, 0x19, 0x6c, 0x77, 0x8c, 0x18, + 0x52, 0x57, 0x83, 0xba, 0x71, 0x25, 0xee, 0x39, 0xbb, 0xe2, 0x43, 0xa0, + 0x14, 0xdc, 0x0e, 0x84, 0xb4, 0x2b, 0xde, 0x3e, 0xe5, 0x36, 0xb7, 0xa2, + 0x92, 0x98, 0x05, 0xb8, 0x96, 0xe5, 0xd0, 0x8c, 0x08, 0x93, 0x35, 0xc2, + 0x81, 0xe0, 0xfc, 0x59, 0x71, 0xe2, 0x44, 0x49, 0x5d, 0xda, 0xfb, 0x9c, + 0xaa, 0x70, 0x9f, 0x43, 0xa8, 0xa5, 0xd9, 0x67, 0xd9, 0x8f, 0xa3, 0x1e, + 0xbe, 0x0e, 0xec, 0xdf, 0x12, 0x2b, 0x6a, 0xe7, 0x1c, 0x12, 0x17, 0xe7, + 0xc4, 0x6d, 0x50, 0xc9, 0x52, 0x7a, 0xd5, 0xe8, 0x7f, 0xbc, 0x07, 0x15, + 0xac, 0xdb, 0x93, 0x66, 0xb1, 0xf0, 0xa7, 0x7b, 0x2f, 0xe9, 0xec, 0xd0, + 0x47, 0x69, 0x59, 0x87, 0xf1, 0x4c, 0x3e, 0x4b, 0x9b, 0x11, 0x79, 0x13, + 0xe4, 0x96, 0xf6, 0x56, 0x04, 0x6e, 0x0b, 0x33, 0xfc, 0x40, 0xf6, 0xc7, + 0xc1, 0x43, 0xb1, 0xbf, 0x0e, 0xb3, 0x87, 0xfd, 0x0b, 0x1c, 0x63, 0x46, + 0x3a, 0xd3, 0xa0, 0x17, 0x59, 0x25, 0x94, 0x6c, 0x9c, 0x3d, 0x0c, 0x81, + 0xce, 0x82, 0x72, 0x42, 0x28, 0xf9, 0x37, 0x6a, 0x6d, 0xe4, 0x12, 0xf4, + 0x21, 0xaa, 0xf7, 0xfe, 0x27, 0x55, 0x40, 0x1a, 0x14, 0xc3, 0x39, 0x5b, + 0xbf, 0x63, 0xc2, 0x5f, 0x10, 0x1f, 0x14, 0x25, 0xd0, 0xce, 0xf3, 0x14, + 0x48, 0x13, 0xa5, 0x0b, 0x4d, 0x38, 0xcf, 0x0d, 0x34, 0xc0, 0x0a, 0x11, + 0xb4, 0xb5, 0x72, 0xc8, 0x4b, 0xc2, 0x6f, 0xe7, 0x9d, 0x93, 0xf7, 0xdf, + 0xb8, 0x43, 0x72, 0x7e, 0xda, 0x3e, 0x20, 0x1f, 0xbc, 0x21, 0x2a, 0xce, + 0x00, 0xfa, 0x96, 0x9f, 0x3d, 0xe5, 0x88, 0x96, 0xef, 0x29, 0x84, 0xdf, + 0x6c, 0x1c, 0x96, 0xd8, 0x58, 0x47, 0xaa, 0x92, 0xf3, 0x07, 0xe5, 0xfb, + 0xaf, 0xea, 0x95, 0x7e, 0x0b, 0x71, 0xcd, 0x81, 0x0f, 0xb7, 0x0a, 0x59, + 0x8f, 0x31, 0x4d, 0xd1, 0xc3, 0xf3, 0x2f, 0x70, 0x5c, 0x59, 0x18, 0x97, + 0xaf, 0x77, 0x95, 0x5e, 0xaf, 0x40, 0x06, 0x12, 0x81, 0x61, 0x86, 0x08, + 0x4e, 0xbc, 0x89, 0x46, 0x07, 0x2e, 0x5b, 0x10, 0xaa, 0x12, 0xf0, 0xa7, + 0x84, 0xe2, 0x9a, 0x08, 0xf1, 0xde, 0x59, 0xe3, 0x0e, 0x47, 0x4b, 0xff, + 0xc3, 0xc9, 0x18, 0xaf, 0x95, 0x9c, 0x67, 0x2a, 0xde, 0x8a, 0x7a, 0x99, + 0x04, 0xc4, 0xb8, 0x97, 0x4c, 0x04, 0x29, 0x71, 0x05, 0xda, 0xb3, 0xd6, + 0xdb, 0x6c, 0x71, 0xe6, 0xe8, 0x03, 0xbf, 0x94, 0x7d, 0xde, 0x3d, 0xc8, + 0x44, 0xfa, 0x7d, 0x62, 0xb4, 0x36, 0x03, 0xee, 0x36, 0x52, 0x64, 0xb4, + 0x85, 0x6d, 0xd5, 0x78, 0xf0, 0x6f, 0x67, 0x2d, 0x0e, 0xe0, 0x2c, 0x88, + 0x9b, 0x55, 0x19, 0x29, 0x40, 0xf6, 0x8c, 0x12, 0xbb, 0x2c, 0x83, 0x96, + 0x40, 0xc0, 0x36, 0xf5, 0x77, 0xff, 0x70, 0x8c, 0x75, 0x92, 0x0b, 0xad, + 0x05, 0x9b, 0x7e, 0xa2, 0xfc, 0xa9, 0xd1, 0x64, 0x76, 0x82, 0x13, 0xba, + 0x22, 0x5e, 0x33, 0x0e, 0x26, 0x70, 0xa9, 0xbe, 0x74, 0x28, 0xf5, 0xe2, + 0xc4, 0x96, 0xee, 0x3a, 0xbc, 0x97, 0xa6, 0x2c, 0x2a, 0xe0, 0x64, 0x8d, + 0x35, 0xc6, 0x1a, 0xca, 0xf4, 0x92, 0xfa, 0xc3, 0xf1, 0x1f, 0x98, 0xe4, + 0x43, 0x88, 0x69, 0x3a, 0x09, 0xbf, 0x63, 0xe5, 0x96, 0x29, 0x0b, 0x9b, + 0x62, 0x23, 0x14, 0x8a, 0x95, 0xe4, 0x1c, 0x5c, 0x0a, 0xa9, 0xc5, 0xb9, + 0x6f, 0x4f, 0x2b, 0x25, 0x6f, 0x74, 0x1e, 0x18, 0xd5, 0xfe, 0x27, 0x7d, + 0x3f, 0x6e, 0x55, 0x2c, 0x67, 0xe6, 0xde, 0xb5, 0xcc, 0xc0, 0x2d, 0xff, + 0xc4, 0xe4, 0x06, 0x21, 0xa5, 0xc8, 0xd3, 0xd6, 0x6c, 0xa1, 0xc3, 0xfb, + 0x88, 0x92, 0xb1, 0x1d, 0x90, 0xe1, 0x35, 0x05, 0x9b, 0x29, 0x6d, 0xba, + 0xf1, 0xf4, 0x1e, 0x23, 0x2e}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 5242880 + 8, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test5Mcnt", + {0x07, 0x52, 0x65, 0xe7, 0xca, 0xa3, 0xca, 0x45, 0xcf, 0x3a, 0x05, + 0x1d, 0x38, 0x03, 0x53, 0x0c, 0x22, 0x31, 0xba, 0x99, 0x4f, 0x9b, + 0x6a, 0x1b, 0x7e, 0x09, 0x9d, 0x4e, 0xb5, 0xc9, 0x84, 0x2e}, + G89_CNT, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x3d, 0x05, 0x07, 0x57, 0xc0, 0x75, 0x89, 0x97, 0xd6, 0x94, 0x49, 0x11, + 0x1d, 0xd0, 0x91, 0xee}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 4294967296ULL + 16, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test4Gcnt", + {0x75, 0xa3, 0x3c, 0xae, 0x03, 0x6b, 0x10, 0xdb, 0xc1, 0x56, 0x50, + 0x89, 0x03, 0xd2, 0x9f, 0x91, 0xee, 0xe8, 0x64, 0x1d, 0x43, 0xf2, + 0x4e, 0xf8, 0xf2, 0x6c, 0xed, 0xda, 0x8f, 0xe4, 0x88, 0xe9}, + G89_CNT, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xfa, 0x6c, 0x96, 0x78, 0xe2, 0xf8, 0xdd, 0xaa, 0x67, 0x5a, 0xc9, 0x5d, + 0x57, 0xf1, 0xbd, 0x99}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 1035, + {0xd6, 0xcf, 0x31, 0x96, 0x9c, 0xa1, 0xfb, 0xd6, 0x8d, 0xa3, 0xdd, 0x01, + 0xd9, 0x88, 0xc0, 0x2f, 0xbc, 0x46, 0xc7, 0x3a, 0xe4, 0x21, 0x86, 0x96, + 0x8d, 0xe2, 0xca, 0xb6, 0x37, 0xa2, 0xe1, 0xa8, 0x7e, 0xa7, 0x79, 0x2e, + 0xa4, 0x56, 0x75, 0x7f, 0x3e, 0x55, 0x8b, 0x43, 0xae, 0x65, 0xdf, 0xaa, + 0x42, 0xb6, 0x00, 0xa6, 0x61, 0x03, 0x0d, 0xd3, 0x41, 0x02, 0x27, 0x23, + 0x95, 0x79, 0x9b, 0x34, 0x81, 0xa9, 0x86, 0xb5, 0xa7, 0x90, 0xe2, 0xae, + 0xc4, 0x2f, 0xc3, 0x8e, 0x32, 0x56, 0x13, 0xfa, 0x4d, 0x4e, 0x9f, 0x15, + 0x75, 0x7e, 0x74, 0xdc, 0x32, 0x2d, 0xee, 0x4d, 0x67, 0x70, 0x9f, 0x62, + 0xb9, 0xc4, 0xdb, 0x24, 0x84, 0xcc, 0x16, 0x7b, 0xda, 0x22, 0xf7, 0xc5, + 0xf3, 0x93, 0x35, 0x73, 0xc6, 0x03, 0x1c, 0x77, 0xa5, 0xf2, 0x76, 0x56, + 0xb4, 0x95, 0xd4, 0x7e, 0x0d, 0x20, 0xc6, 0x6e, 0xee, 0x8f, 0x25, 0x48, + 0xff, 0x7e, 0x01, 0x3a, 0xb4, 0x1f, 0xaa, 0x35, 0xc0, 0x33, 0x58, 0x9c, + 0xb5, 0xba, 0x65, 0x4b, 0xd3, 0x51, 0x14, 0xec, 0x61, 0xce, 0xe4, 0xba, + 0x49, 0xba, 0x39, 0x32, 0xab, 0xce, 0x81, 0x72, 0xce, 0xab, 0xed, 0xd4, + 0xd2, 0x19, 0x87, 0x85, 0x92, 0xfa, 0x64, 0x34, 0xd8, 0x86, 0xf4, 0x8a, + 0x08, 0x3c, 0xde, 0xee, 0x97, 0x92, 0x92, 0x69, 0xba, 0x9b, 0x5f, 0x7a, + 0x03, 0xc1, 0x5d, 0x43, 0x02, 0x8c, 0xbe, 0xd2, 0x46, 0x72, 0x81, 0x40, + 0x7d, 0x68, 0x98, 0x45, 0x0b, 0x54, 0x27, 0x1c, 0xaf, 0x80, 0x42, 0xe4, + 0xd5, 0xd4, 0xe4, 0xa2, 0x98, 0x07, 0x8f, 0x03, 0xf5, 0x2c, 0x8c, 0x88, + 0xca, 0x5a, 0xde, 0xe4, 0x9f, 0xb1, 0x5f, 0x82, 0xff, 0x20, 0x67, 0x52, + 0x85, 0x84, 0x4f, 0xc8, 0xfe, 0xa7, 0x9e, 0xae, 0x1c, 0xfa, 0xb8, 0x75, + 0xd3, 0xf7, 0x9f, 0x0d, 0xda, 0x2d, 0xe6, 0xcc, 0x86, 0x6b, 0xa4, 0x14, + 0x65, 0xc3, 0xf9, 0x15, 0xbc, 0x87, 0xf5, 0xae, 0x8c, 0x10, 0xd4, 0xce, + 0x5b, 0x9c, 0xe2, 0xdd, 0x42, 0x03, 0x09, 0x87, 0x47, 0xed, 0x5d, 0xd0, + 0x7a, 0x69, 0x4c, 0xfa, 0x43, 0x7d, 0xbf, 0x07, 0x85, 0x6a, 0xee, 0x68, + 0xe6, 0x7a, 0x57, 0xb2, 0x20, 0x8d, 0x80, 0xf2, 0x91, 0x6f, 0x5c, 0x07, + 0x8c, 0xe4, 0x6a, 0x49, 0x90, 0x85, 0x8b, 0x77, 0x29, 0x56, 0x1c, 0x5e, + 0xa9, 0x3f, 0xab, 0x8b, 0x79, 0xa3, 0x6f, 0x6b, 0x34, 0xcb, 0x61, 0xf6, + 0xe6, 0x92, 0xd1, 0x48, 0x9e, 0x11, 0xa2, 0x82, 0xc0, 0x4e, 0x23, 0xd2, + 0x15, 0x0d, 0x8d, 0xff, 0xfa, 0x17, 0x9d, 0x81, 0xb8, 0xbc, 0xd7, 0x5b, + 0x08, 0x81, 0x20, 0x40, 0xc0, 0x3c, 0x06, 0x8b, 0x1a, 0x88, 0x0b, 0x4b, + 0x7b, 0x31, 0xf5, 0xd4, 0x4e, 0x09, 0xd1, 0x4d, 0x0d, 0x7f, 0x45, 0xd1, + 0x09, 0x35, 0xba, 0xce, 0x65, 0xdd, 0xf2, 0xb8, 0xfb, 0x7a, 0xbc, 0xc4, + 0x4b, 0xc8, 0x75, 0xda, 0x6b, 0xce, 0x3d, 0xe8, 0x94, 0xcc, 0x23, 0x6f, + 0xb0, 0x3b, 0x4f, 0x7d, 0x07, 0xb9, 0x0f, 0x62, 0x92, 0x7e, 0xda, 0x70, + 0x50, 0xce, 0xd3, 0x28, 0x12, 0x11, 0x00, 0xeb, 0x8d, 0x63, 0x70, 0x78, + 0xa8, 0x7b, 0x76, 0xab, 0xc6, 0x40, 0xc0, 0x4e, 0x80, 0xdd, 0xf0, 0xfe, + 0x83, 0x72, 0x56, 0x4c, 0x09, 0x4c, 0xf1, 0x72, 0x72, 0x86, 0x26, 0x31, + 0xc3, 0xc2, 0xdc, 0x8e, 0xc7, 0xf4, 0x35, 0xec, 0x17, 0x06, 0x63, 0x47, + 0x49, 0x88, 0x47, 0xaf, 0xb3, 0x38, 0x4f, 0x7e, 0x44, 0x95, 0xb5, 0xbb, + 0x1d, 0xbd, 0x5a, 0x91, 0x5b, 0xd0, 0x1a, 0xdf, 0x0d, 0x0b, 0x50, 0xd8, + 0xe2, 0x0e, 0xc5, 0x00, 0x2d, 0x5b, 0x29, 0x19, 0xaa, 0x2b, 0x64, 0xc5, + 0x40, 0x31, 0x48, 0x11, 0xbc, 0x04, 0xd1, 0xcf, 0x6d, 0xf9, 0xa5, 0x2f, + 0x4a, 0xc9, 0x82, 0xfa, 0x59, 0xe1, 0xfc, 0xab, 0x1c, 0x33, 0x26, 0x0a, + 0x5f, 0xef, 0xf2, 0x06, 0xd8, 0xd3, 0x7e, 0x16, 0x58, 0x16, 0x78, 0x73, + 0xae, 0xba, 0xeb, 0xe5, 0x3d, 0xb2, 0x0a, 0xb3, 0x32, 0x2d, 0x14, 0xa4, + 0xfa, 0x3f, 0x1f, 0x43, 0xf9, 0x7b, 0xa9, 0x43, 0x98, 0x18, 0x94, 0x07, + 0x07, 0xe5, 0x19, 0x34, 0xa8, 0x16, 0x5f, 0x71, 0x67, 0xaa, 0x29, 0xe5, + 0xfa, 0xf0, 0x83, 0x06, 0x1d, 0x9d, 0xfc, 0xfe, 0xfe, 0x8c, 0xb5, 0xb2, + 0xa9, 0xe7, 0xa0, 0x40, 0x60, 0xb6, 0x71, 0x9e, 0xab, 0x5b, 0x83, 0xb9, + 0x0c, 0x2b, 0x58, 0x23, 0x80, 0x09, 0x9e, 0x5d, 0x94, 0x7d, 0x40, 0x76, + 0xa9, 0x16, 0x96, 0x9e, 0x83, 0xe0, 0x0d, 0xec, 0xa0, 0xec, 0x76, 0x2a, + 0xb7, 0xa0, 0xff, 0xb8, 0x50, 0x4c, 0x5b, 0xc6, 0x8b, 0x0a, 0x65, 0x2e, + 0xfe, 0xb4, 0x40, 0x9a, 0x01, 0xd8, 0xc6, 0xa3, 0xab, 0x99, 0xa2, 0xc5, + 0x0c, 0x08, 0xc4, 0xb7, 0xee, 0x4d, 0x1d, 0xc4, 0x08, 0x15, 0xd0, 0xdb, + 0xaa, 0x63, 0x4f, 0x31, 0xeb, 0x14, 0x97, 0x43, 0xbd, 0xc1, 0x94, 0x08, + 0xe6, 0xde, 0x43, 0x9f, 0x95, 0x0b, 0x96, 0x7e, 0x7f, 0x3c, 0x68, 0xba, + 0x6f, 0xc4, 0xc9, 0x35, 0x2b, 0xc4, 0x0e, 0xda, 0x1f, 0x91, 0x68, 0x64, + 0x63, 0x34, 0x73, 0xbe, 0x57, 0x75, 0xb9, 0xed, 0xf7, 0x2d, 0x3b, 0x05, + 0x21, 0x93, 0x28, 0x48, 0x96, 0x95, 0x97, 0xa0, 0xd2, 0x7d, 0x78, 0xbb, + 0x6a, 0x49, 0x8f, 0x76, 0x55, 0x74, 0x63, 0xb9, 0xc5, 0x36, 0x12, 0x25, + 0xbf, 0x03, 0x82, 0x8f, 0xf0, 0xf6, 0x80, 0xbb, 0x33, 0xb4, 0xf4, 0x17, + 0x27, 0x1c, 0xf3, 0x4c, 0x10, 0xa3, 0xe4, 0xd1, 0x55, 0xd9, 0x68, 0x21, + 0x4e, 0x5a, 0x83, 0x67, 0xbf, 0xf8, 0x3c, 0x7d, 0x4e, 0x62, 0xd3, 0x28, + 0xa7, 0x26, 0x6f, 0xe9, 0xee, 0xc2, 0x0b, 0x2d, 0x03, 0x84, 0xb1, 0xff, + 0xd6, 0x68, 0x1f, 0xb6, 0xf2, 0xe4, 0x0f, 0xda, 0x2d, 0xee, 0x5f, 0x6e, + 0x21, 0xc8, 0xe1, 0xfc, 0xad, 0x6b, 0x0e, 0x04, 0x7d, 0xaf, 0xc2, 0x3b, + 0xa5, 0x68, 0x9b, 0x0c, 0xf3, 0x56, 0xf3, 0xda, 0x8d, 0xc8, 0x7d, 0x39, + 0xdc, 0xd5, 0x99, 0xc6, 0x01, 0x10, 0xce, 0x42, 0x1b, 0xac, 0x48, 0xdc, + 0x97, 0x78, 0x0a, 0xec, 0xb3, 0x8f, 0x47, 0x35, 0xa3, 0x6a, 0x64, 0xb2, + 0x8e, 0x63, 0x69, 0x22, 0x66, 0xae, 0x2e, 0xe0, 0x88, 0xf9, 0x40, 0x3c, + 0xc9, 0xa2, 0x57, 0x61, 0xf6, 0xad, 0xf0, 0xdc, 0x90, 0x56, 0x3f, 0x06, + 0x9b, 0x7d, 0xbd, 0xc2, 0x81, 0x02, 0xab, 0xb8, 0x15, 0x09, 0x88, 0x4a, + 0xff, 0x2f, 0x31, 0xbf, 0x5e, 0xfa, 0x6a, 0x7e, 0xf6, 0xc5, 0xa7, 0xf7, + 0xd5, 0xab, 0x55, 0xac, 0xae, 0x0d, 0x8c, 0x8d, 0x7f, 0x4b, 0x25, 0xbb, + 0x32, 0xff, 0x11, 0x33, 0x2e, 0x37, 0x37, 0x69, 0x96, 0x15, 0x17, 0xb1, + 0x17, 0x49, 0xe0, 0x9a, 0x9c, 0xd9, 0x5b, 0x8d, 0x58, 0xa3, 0x1d, 0x92, + 0x87, 0xf8, 0x80, 0xb9, 0xbd, 0x5a, 0xec, 0x40, 0xe1, 0x00, 0x33, 0x60, + 0xe4, 0x86, 0x16, 0x6d, 0x61, 0x81, 0xf2, 0x28, 0x6a, 0xa7, 0xce, 0x3f, + 0x95, 0xae, 0x43, 0xca, 0xe1, 0x3f, 0x81, 0x74, 0x7e, 0x1c, 0x47, 0x17, + 0x95, 0xc6, 0x60, 0xda, 0x74, 0x77, 0xd9, 0x9f, 0xfa, 0x92, 0xb4, 0xbe, + 0xe1, 0x23, 0x98, 0x18, 0x95, 0x63, 0x03, 0x13, 0x4c, 0x1a, 0x2d, 0x41, + 0xcd, 0xe4, 0x84, 0xf7, 0xe6, 0x38, 0xef, 0xff, 0x95, 0xb2, 0xe8, 0x7c, + 0x8f, 0x58, 0xb5, 0xb5, 0xed, 0x27, 0x7f, 0x3c, 0x18, 0xab, 0xbe, 0x7f, + 0x4f, 0xe2, 0x35, 0x15, 0x71, 0xb7, 0x6f, 0x85, 0x38, 0x9b, 0x88, 0xf6, + 0x9c, 0x8d, 0x43, 0xb5, 0x58, 0x9e, 0xf2, 0xd1, 0x96, 0xbe, 0xb7, 0xad, + 0x1a, 0xa0, 0x98}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testimit2", + {0x80, 0xd9, 0xa0, 0xdc, 0x21, 0xf9, 0x30, 0x40, 0x75, 0xfe, 0x49, + 0x1b, 0x9e, 0x71, 0x90, 0x91, 0x78, 0x88, 0x21, 0x60, 0x39, 0xe7, + 0xc9, 0x2b, 0xfb, 0x55, 0x1d, 0xf4, 0xdd, 0x2b, 0x0a, 0x01}, + G89_IMIT, + {0}, + {0x90, 0xf2, 0x11, 0x9a}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 10, + {0x1d, 0xeb, 0xe6, 0x79, 0x0a, 0x59, 0x00, 0xe6, 0x8e, 0x5c}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testimit3", + {0xa9, 0xb6, 0x37, 0xcc, 0x6d, 0x9b, 0x2f, 0x25, 0xb0, 0xdf, 0x47, + 0x04, 0x50, 0x68, 0xb0, 0x27, 0x41, 0x27, 0x58, 0x6a, 0xbd, 0x0a, + 0x6e, 0x50, 0x2f, 0xc6, 0xfc, 0xc0, 0x3e, 0x29, 0x42, 0xa5}, + G89_IMIT, + {0}, + {0x31, 0x7c, 0x16, 0xe4}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 6, + {0xef, 0x06, 0x8f, 0x14, 0xc9, 0x04}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testimit4", + {0xb0, 0x6c, 0x48, 0x23, 0x0a, 0x6e, 0xf4, 0xec, 0x27, 0x98, 0x01, + 0x23, 0xa7, 0xd8, 0xbf, 0x60, 0x89, 0xef, 0xad, 0xe8, 0x8f, 0x79, + 0x14, 0x8c, 0x18, 0x5c, 0x9a, 0xda, 0xef, 0x0b, 0xdd, 0xa0}, + G89_IMIT, + {0}, + {0xe9, 0x72, 0xae, 0xbf}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 16, + {0x02, 0xf8, 0xec, 0x2b, 0x4d, 0x1f, 0xbc, 0x7c, 0x6e, 0x47, 0xe3, 0x87, + 0x22, 0x75, 0x41, 0xa7}, + "id-Gost28147-89-CryptoPro-B-ParamSet", + "testimit5", + {0x33, 0xd3, 0xef, 0x01, 0x19, 0x95, 0x0e, 0x15, 0xa1, 0x69, 0x75, + 0xae, 0x56, 0x27, 0x17, 0x79, 0x63, 0x47, 0xab, 0x62, 0x9d, 0x4a, + 0xf0, 0x34, 0xd3, 0x1e, 0x69, 0x74, 0xec, 0x31, 0x48, 0xfc}, + G89_IMIT, + {0}, + {0xf5, 0x55, 0x1f, 0x28}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 8, + {0xf3, 0xb2, 0x29, 0xd2, 0x7a, 0x37, 0x03, 0x12}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testimit6", + {0x42, 0x35, 0x81, 0x91, 0x0b, 0xa9, 0x99, 0xff, 0xd9, 0x43, 0xf8, + 0xc6, 0x19, 0x55, 0x1f, 0x2f, 0x2d, 0x45, 0x40, 0x20, 0x1e, 0x1d, + 0x32, 0x7a, 0xb1, 0x07, 0x6b, 0x4f, 0x45, 0x90, 0xd9, 0x80}, + G89_IMIT, + {0}, + {0x6e, 0x15, 0xfa, 0xe8}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 0, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testimit7", + {0x26, 0xcb, 0xb9, 0xf0, 0x0c, 0x62, 0x9f, 0xaa, 0x4a, 0x1d, 0xb6, + 0x30, 0x09, 0x01, 0x56, 0x89, 0x66, 0xd4, 0xe4, 0x0e, 0xfe, 0xf6, + 0x10, 0x6b, 0x6c, 0xe8, 0x04, 0x3a, 0xe3, 0x61, 0x4b, 0x19}, + G89_IMIT, + {0}, + {0x00, 0x00, 0x00, 0x00}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 5242880, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test5Mimit", + {0xaa, 0x85, 0x84, 0xcd, 0x65, 0x28, 0xe1, 0xdb, 0xb8, 0x20, 0x19, + 0x43, 0xe0, 0x36, 0x35, 0x10, 0x19, 0xc3, 0x70, 0x5b, 0x27, 0xc1, + 0x9d, 0x84, 0x75, 0xa3, 0xc6, 0x49, 0x46, 0x8f, 0x7c, 0x4e}, + G89_IMIT, + {0}, + {0x2a, 0xe6, 0x23, 0xc6}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 3221225472ULL + 16, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test3Gimit1", + {0xd5, 0xda, 0xfe, 0x06, 0x60, 0xdc, 0xf0, 0xb3, 0x49, 0x5a, 0x02, + 0x59, 0xc8, 0x2e, 0x4a, 0x2b, 0xcc, 0x9b, 0x98, 0x04, 0xb7, 0xf2, + 0x78, 0xb7, 0xce, 0xa3, 0xf2, 0xdb, 0x9e, 0xa8, 0x49, 0x1d}, + G89_IMIT, + {0}, + {0xcc, 0x46, 0x67, 0xe4}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 4ULL * 1024 * 1024 * 1024ULL, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test4Gimit3", + {0x0d, 0xf1, 0xa8, 0x7f, 0x57, 0x03, 0x44, 0xcc, 0xdb, 0x20, 0xde, + 0xed, 0x85, 0x50, 0x38, 0xda, 0xc9, 0x44, 0xec, 0x2c, 0x0d, 0x66, + 0xb7, 0xdc, 0x17, 0x14, 0x55, 0x95, 0x33, 0x6e, 0x43, 0x3e}, + G89_IMIT, + {0}, + {0xb7, 0x21, 0x2e, 0x48}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 4ULL * 1024 * 1024 * 1024 + 4ULL, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test4Gimit1", + {0x0c, 0xf3, 0xe9, 0xb0, 0x28, 0x3b, 0x9f, 0x8b, 0xe3, 0x82, 0xb9, + 0xa2, 0xa6, 0xbd, 0x80, 0xd2, 0xcd, 0xfa, 0x3f, 0xf7, 0x90, 0xa7, + 0x55, 0x06, 0x9b, 0x7a, 0x58, 0xee, 0xe7, 0xf1, 0x9d, 0xbe}, + G89_IMIT, + {0}, + {0xda, 0x15, 0x10, 0x73}}, + {/* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ + 4ULL * 1024 * 1024 * 1024 + 10ULL, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test4Gimit2", + {0x97, 0x1a, 0x42, 0x22, 0xfa, 0x07, 0xb2, 0xca, 0xf9, 0xd2, 0x34, + 0x5a, 0x92, 0xb1, 0x1f, 0x6b, 0x53, 0xf8, 0xaf, 0xed, 0x9a, 0x73, + 0xc4, 0x38, 0xd7, 0x7d, 0x25, 0x81, 0x00, 0x0d, 0xd4, 0x29}, + G89_IMIT, + {0}, + {0x52, 0xaa, 0x22, 0xb4}}}; int main(int argc, char *argv[]) { int t; - unsigned long long ullMaxLen = 6*1000*1000; + unsigned long long ullMaxLen = 6 * 1000 * 1000; int ignore = 0; ENGINE *impl = NULL; EVP_MD_CTX *mctx = NULL; @@ -1245,8 +810,8 @@ int main(int argc, char *argv[]) byte bTest[G89_MAX_TC_LEN]; byte bTest1[G89_MAX_TC_LEN]; unsigned long long ullLeft; - static const byte bZB[40*1024*1024] = { 0 }; - static byte bTS[40*1024*1024] = { 0 }; + static const byte bZB[40 * 1024 * 1024] = {0}; + static byte bTS[40 * 1024 * 1024] = {0}; unsigned int mdl = 0; int enlu = 0; int enlf = 0; @@ -1263,313 +828,308 @@ int main(int argc, char *argv[]) CONF *pConfig = NCONF_new(NULL); BIO *bpConf; char sConf[] = - "openssl_conf = openssl_def\n" - "\n" - "[openssl_def]\n" - "engines = engine_section\n" - "\n" - "[engine_section]\n" - "gost = gost_section\n" - "\n" - "[gost_section]\n" - "default_algorithms = ALL\n" - "\n" - ; + "openssl_conf = openssl_def\n" + "\n" + "[openssl_def]\n" + "engines = engine_section\n" + "\n" + "[engine_section]\n" + "gost = gost_section\n" + "\n" + "[gost_section]\n" + "default_algorithms = ALL\n" + "\n"; printf("Testing GOST 28147-89 "); - if(1 < argc) { - if(1 != sscanf(argv[1], "%llu", &ullMaxLen) || - ( 2 < argc ? - 1 != sscanf(argv[2], "%d", &ignore) : 0)) { - fflush(NULL); - fprintf(stderr, "Usage: %s [maxlen [ignore-error]]\n", - argv[0]); - return 1; - } + if (1 < argc) { + if (1 != sscanf(argv[1], "%llu", &ullMaxLen) + || (2 < argc ? 1 != sscanf(argv[2], "%d", &ignore) : 0)) { + fflush(NULL); + fprintf(stderr, "Usage: %s [maxlen [ignore-error]]\n", argv[0]); + return 1; + } } - /* +/* * Internal function test on GostR3411_94_TestParamSet */ - #ifdef OPENSSL_NO_DYNAMIC_ENGINE +#ifdef OPENSSL_NO_DYNAMIC_ENGINE { - gost_ctx ctx; + gost_ctx ctx; - for(t = 0; t < sizeof(tcs)/sizeof(tcs[0]); t++) { - const gost_subst_block *pSubst = NULL; + for (t = 0; t < sizeof(tcs) / sizeof(tcs[0]); t++) { + const gost_subst_block *pSubst = NULL; - if(1024 < tcs[t].ullLen) { - /* Key meshing check by engine tests */ - continue; - } - memset(bTest, 0xc3, sizeof(bTest)); - if(0 == strcmp(tcs[t].szParamSet, - "id-GostR3410-94-TestParamSet")) { - pSubst = &GostR3411_94_TestParamSet; - } else if(0 == strcmp(tcs[t].szParamSet, - "id-Gost28147-89-CryptoPro-A-ParamSet")) { - pSubst = &Gost28147_CryptoProParamSetA; - } else if(0 == strcmp(tcs[t].szParamSet, - "id-Gost28147-89-CryptoPro-B-ParamSet")) { - pSubst = &Gost28147_CryptoProParamSetB; - } else if(0 == strcmp(tcs[t].szParamSet, - "id-Gost28147-89-CryptoPro-C-ParamSet")) { - pSubst = &Gost28147_CryptoProParamSetC; - } else if(0 == strcmp(tcs[t].szParamSet, - "id-Gost28147-89-CryptoPro-D-ParamSet")) { - pSubst = &Gost28147_CryptoProParamSetD; - } - gost_init(&ctx, pSubst); - gost_key(&ctx, tcs[t].bRawKey); - switch(tcs[t].gMode) { - case G89_ECB: - gost_enc(&ctx, tcs[t].bIn, bTest, - (int)((tcs[t].ullLen + G89_BLOCK_LEN - 1)/ - G89_BLOCK_LEN)); - l = (size_t)tcs[t].ullLen; - break; - case G89_CFB: - gost_enc_cfb(&ctx, tcs[t].bIV, tcs[t].bIn, - bTest, - (int)((tcs[t].ullLen + G89_BLOCK_LEN - 1)/ - G89_BLOCK_LEN)); - l = (size_t)tcs[t].ullLen; - break; - case G89_CNT: - /* GOST 28147-89 cipher CNT mode check by engine + if (1024 < tcs[t].ullLen) { + /* Key meshing check by engine tests */ + continue; + } + memset(bTest, 0xc3, sizeof(bTest)); + if (0 + == strcmp(tcs[t].szParamSet, "id-GostR3410-94-TestParamSet")) { + pSubst = &GostR3411_94_TestParamSet; + } else if (0 + == strcmp(tcs[t].szParamSet, + "id-Gost28147-89-CryptoPro-A-ParamSet")) { + pSubst = &Gost28147_CryptoProParamSetA; + } else if (0 + == strcmp(tcs[t].szParamSet, + "id-Gost28147-89-CryptoPro-B-ParamSet")) { + pSubst = &Gost28147_CryptoProParamSetB; + } else if (0 + == strcmp(tcs[t].szParamSet, + "id-Gost28147-89-CryptoPro-C-ParamSet")) { + pSubst = &Gost28147_CryptoProParamSetC; + } else if (0 + == strcmp(tcs[t].szParamSet, + "id-Gost28147-89-CryptoPro-D-ParamSet")) { + pSubst = &Gost28147_CryptoProParamSetD; + } + gost_init(&ctx, pSubst); + gost_key(&ctx, tcs[t].bRawKey); + switch (tcs[t].gMode) { + case G89_ECB: + gost_enc( + &ctx, tcs[t].bIn, bTest, + (int)((tcs[t].ullLen + G89_BLOCK_LEN - 1) / G89_BLOCK_LEN)); + l = (size_t)tcs[t].ullLen; + break; + case G89_CFB: + gost_enc_cfb( + &ctx, tcs[t].bIV, tcs[t].bIn, bTest, + (int)((tcs[t].ullLen + G89_BLOCK_LEN - 1) / G89_BLOCK_LEN)); + l = (size_t)tcs[t].ullLen; + break; + case G89_CNT: + /* GOST 28147-89 cipher CNT mode check by engine * tests */ - continue; - case G89_IMIT: - gost_mac(&ctx, 32, tcs[t].bIn, - (unsigned int)tcs[t].ullLen, - bTest); - gost_mac_iv(&ctx, 32, tcs[t].bIV, tcs[t].bIn, - (unsigned int)tcs[t].ullLen, - bTest1); - if(0 != memcmp(bTest, bTest1, 4)) { - fflush(NULL); - fprintf(stderr, "\nInternal test t=%d len=%llu " - "failed (gost_mac_iv).\n", t, - tcs[t].ullLen); - if(!ignore) { - return 2; - } - } - l = 4; - break; - } - gost_destroy(&ctx); + continue; + case G89_IMIT: + gost_mac(&ctx, 32, tcs[t].bIn, (unsigned int)tcs[t].ullLen, + bTest); + gost_mac_iv(&ctx, 32, tcs[t].bIV, tcs[t].bIn, + (unsigned int)tcs[t].ullLen, bTest1); + if (0 != memcmp(bTest, bTest1, 4)) { + fflush(NULL); + fprintf(stderr, + "\nInternal test t=%d len=%llu " + "failed (gost_mac_iv).\n", + t, tcs[t].ullLen); + if (!ignore) { + return 2; + } + } + l = 4; + break; + } + gost_destroy(&ctx); - if(0 != memcmp(tcs[t].bOut, bTest, l)) { - fflush(NULL); - fprintf(stderr, "\nInternal test t=%d len=%llu " - "failed.\n", t, - tcs[t].ullLen); - if(!ignore) { - return 3; - } - } else { - printf(","); - fflush(NULL); - } - } + if (0 != memcmp(tcs[t].bOut, bTest, l)) { + fflush(NULL); + fprintf(stderr, + "\nInternal test t=%d len=%llu " + "failed.\n", + t, tcs[t].ullLen); + if (!ignore) { + return 3; + } + } else { + printf(","); + fflush(NULL); + } + } } - #endif +#endif - /* +/* * ccgost engine test on GostR3411_94_CryptoProParamSet */ - #ifndef OPENSSL_NO_DYNAMIC_ENGINE - setenv("OPENSSL_ENGINES", CCGOST_DIR, 1); - #endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE + setenv("OPENSSL_ENGINES", CCGOST_DIR, 1); +#endif ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); OPENSSL_load_builtin_modules(); bpConf = BIO_new_mem_buf(sConf, -1); - if(!NCONF_load_bio(pConfig, bpConf, &lErrLine)) { - fflush(NULL); - fprintf(stderr, "NCONF_load_bio: ErrLine=%ld: %s\n", - lErrLine, - ERR_error_string(ERR_get_error(), NULL)); - return 4; + if (!NCONF_load_bio(pConfig, bpConf, &lErrLine)) { + fflush(NULL); + fprintf(stderr, "NCONF_load_bio: ErrLine=%ld: %s\n", lErrLine, + ERR_error_string(ERR_get_error(), NULL)); + return 4; } BIO_free(bpConf); - if(!CONF_modules_load(pConfig, NULL, 0)) { - fflush(NULL); - fprintf(stderr, "CONF_modules_load: %s\n", - ERR_error_string(ERR_get_error(), NULL)); - return 5; + if (!CONF_modules_load(pConfig, NULL, 0)) { + fflush(NULL); + fprintf(stderr, "CONF_modules_load: %s\n", + ERR_error_string(ERR_get_error(), NULL)); + return 5; } - /* Test load engine */ - if(NULL == (impl = ENGINE_by_id(CCGOST_ID))) { - fflush(NULL); - fprintf(stderr, "Can't load engine id \"" CCGOST_ID "\"\n"); - if(!ignore) { - return 6; - } + /* Test load engine */ + if (NULL == (impl = ENGINE_by_id(CCGOST_ID))) { + fflush(NULL); + fprintf(stderr, "Can't load engine id \"" CCGOST_ID "\"\n"); + if (!ignore) { + return 6; + } } - if(NULL == (md_gost94 = EVP_get_digestbyname(SN_id_GostR3411_94))) { - fflush(NULL); - fprintf(stderr, "\"" SN_id_GostR3411_94 "\" - not found\n"); - if(!ignore) { - return 7; - } + if (NULL == (md_gost94 = EVP_get_digestbyname(SN_id_GostR3411_94))) { + fflush(NULL); + fprintf(stderr, "\"" SN_id_GostR3411_94 "\" - not found\n"); + if (!ignore) { + return 7; + } } - if(NULL == (cp_g89cfb = EVP_get_cipherbyname(SN_id_Gost28147_89))) { - fflush(NULL); - fprintf(stderr, "\"" SN_id_Gost28147_89 "\" - not found\n"); - if(!ignore) { - return 8; - } + if (NULL == (cp_g89cfb = EVP_get_cipherbyname(SN_id_Gost28147_89))) { + fflush(NULL); + fprintf(stderr, "\"" SN_id_Gost28147_89 "\" - not found\n"); + if (!ignore) { + return 8; + } } - if(NULL == (cp_g89cnt = EVP_get_cipherbyname(SN_gost89_cnt))) { - fflush(NULL); - fprintf(stderr, "\"" SN_gost89_cnt "\" - not found\n"); - if(!ignore) { - return 9; - } + if (NULL == (cp_g89cnt = EVP_get_cipherbyname(SN_gost89_cnt))) { + fflush(NULL); + fprintf(stderr, "\"" SN_gost89_cnt "\" - not found\n"); + if (!ignore) { + return 9; + } } - if(NULL == (md_g89imit = EVP_get_digestbyname(SN_id_Gost28147_89_MAC))) { - fflush(NULL); - fprintf(stderr, "\"" SN_id_Gost28147_89_MAC "\" - not found\n"); - if(!ignore) { - return 10; - } + if (NULL == (md_g89imit = EVP_get_digestbyname(SN_id_Gost28147_89_MAC))) { + fflush(NULL); + fprintf(stderr, "\"" SN_id_Gost28147_89_MAC "\" - not found\n"); + if (!ignore) { + return 10; + } } - /* Test cases */ - for(t = 0; t < sizeof(tcs)/sizeof(tcs[0]); t++) { - if(NULL == tcs[t].szDerive) { - continue; - } - memset(bDerive, 0x3c, sizeof(bDerive)); - mdl = sizeof(bDerive); - EVP_Digest(tcs[t].szDerive, strlen(tcs[t].szDerive), - bDerive, &mdl, - md_gost94, impl); - if(0 != memcmp(tcs[t].bRawKey, bDerive, mdl)) { - fflush(NULL); - fprintf(stderr, "Engine test t=%d " - "derive key error.\n", t); - if(!ignore) { - return 12; - } - } - if(ullMaxLen < tcs[t].ullLen) { - continue; - } - memset(bTest, 0xa5, sizeof(bTest)); - memset(bTest1, 0x5a, sizeof(bTest1)); - if(!ENGINE_ctrl_cmd_string(impl, - "CRYPT_PARAMS", - tcs[t].szParamSet, 0)) { - fflush(NULL); - fprintf(stderr, "ENGINE_ctrl_cmd_string: %s\n", - ERR_error_string(ERR_get_error(), NULL)); - return 11; - } - switch(tcs[t].gMode) { - case G89_ECB: - /* OpenSSL/ccgost not implemented GOST 28147-89 ECB */ - continue; - case G89_CFB: - ctype = cp_g89cfb; - goto engine_cipher_check; - case G89_CNT: - if(0 != strcmp("id-Gost28147-89-CryptoPro-A-ParamSet", - tcs[t].szParamSet)) { - /* + /* Test cases */ + for (t = 0; t < sizeof(tcs) / sizeof(tcs[0]); t++) { + if (NULL == tcs[t].szDerive) { + continue; + } + memset(bDerive, 0x3c, sizeof(bDerive)); + mdl = sizeof(bDerive); + EVP_Digest(tcs[t].szDerive, strlen(tcs[t].szDerive), bDerive, &mdl, + md_gost94, impl); + if (0 != memcmp(tcs[t].bRawKey, bDerive, mdl)) { + fflush(NULL); + fprintf(stderr, + "Engine test t=%d " + "derive key error.\n", + t); + if (!ignore) { + return 12; + } + } + if (ullMaxLen < tcs[t].ullLen) { + continue; + } + memset(bTest, 0xa5, sizeof(bTest)); + memset(bTest1, 0x5a, sizeof(bTest1)); + if (!ENGINE_ctrl_cmd_string( + impl, "CRYPT_PARAMS", tcs[t].szParamSet, 0)) { + fflush(NULL); + fprintf(stderr, "ENGINE_ctrl_cmd_string: %s\n", + ERR_error_string(ERR_get_error(), NULL)); + return 11; + } + switch (tcs[t].gMode) { + case G89_ECB: + /* OpenSSL/ccgost not implemented GOST 28147-89 ECB */ + continue; + case G89_CFB: + ctype = cp_g89cfb; + goto engine_cipher_check; + case G89_CNT: + if (0 + != strcmp("id-Gost28147-89-CryptoPro-A-ParamSet", + tcs[t].szParamSet)) { + /* * ccgost engine can't change S-Box for gost-cnt */ - continue; - } - ctype = cp_g89cnt; -engine_cipher_check: - EVP_CIPHER_CTX_init(ectx); - EVP_EncryptInit_ex(ectx, ctype, impl, - bDerive, tcs[t].bIV); - if(G89_MAX_TC_LEN >= tcs[t].ullLen) { - enlu = sizeof(bTest); - EVP_EncryptUpdate(ectx, bTest, &enlu, - tcs[t].bIn, (int)tcs[t].ullLen); - l = (size_t)tcs[t].ullLen; - } else { - for(ullLeft = tcs[t].ullLen; - ullLeft >= sizeof(bZB); - ullLeft -= sizeof(bZB)) { - printf("B"); - fflush(NULL); - enlu = sizeof(bTS); - EVP_EncryptUpdate(ectx, bTS, &enlu, - bZB, sizeof(bZB)); - } - printf("b%llu/%llu", ullLeft, tcs[t].ullLen); - fflush(NULL); - EVP_EncryptUpdate(ectx, bTS, &enlu, - bZB, (int)ullLeft); - memcpy(bTest, &bTS[enlu-16], 16); - enlu = (int)tcs[t].ullLen; - l = 16; - } - enlf = sizeof(bTest1); - EVP_EncryptFinal_ex(ectx, bTest1, &enlf); - EVP_CIPHER_CTX_cleanup(ectx); - break; - case G89_IMIT: - if(0 != strcmp("id-Gost28147-89-CryptoPro-A-ParamSet", - tcs[t].szParamSet)) { - /* + continue; + } + ctype = cp_g89cnt; + engine_cipher_check: + EVP_CIPHER_CTX_init(ectx); + EVP_EncryptInit_ex(ectx, ctype, impl, bDerive, tcs[t].bIV); + if (G89_MAX_TC_LEN >= tcs[t].ullLen) { + enlu = sizeof(bTest); + EVP_EncryptUpdate( + ectx, bTest, &enlu, tcs[t].bIn, (int)tcs[t].ullLen); + l = (size_t)tcs[t].ullLen; + } else { + for (ullLeft = tcs[t].ullLen; ullLeft >= sizeof(bZB); + ullLeft -= sizeof(bZB)) { + printf("B"); + fflush(NULL); + enlu = sizeof(bTS); + EVP_EncryptUpdate(ectx, bTS, &enlu, bZB, sizeof(bZB)); + } + printf("b%llu/%llu", ullLeft, tcs[t].ullLen); + fflush(NULL); + EVP_EncryptUpdate(ectx, bTS, &enlu, bZB, (int)ullLeft); + memcpy(bTest, &bTS[enlu - 16], 16); + enlu = (int)tcs[t].ullLen; + l = 16; + } + enlf = sizeof(bTest1); + EVP_EncryptFinal_ex(ectx, bTest1, &enlf); + EVP_CIPHER_CTX_cleanup(ectx); + break; + case G89_IMIT: + if (0 + != strcmp("id-Gost28147-89-CryptoPro-A-ParamSet", + tcs[t].szParamSet)) { + /* * ccgost engine can't change S-Box for gost-mac */ - continue; - } - EVP_MD_CTX_init(mctx); - mac_key = EVP_PKEY_new_mac_key( - NID_id_Gost28147_89_MAC, NULL, - bDerive, mdl); - EVP_DigestSignInit(mctx, NULL, - md_g89imit, impl, mac_key); - if(G89_MAX_TC_LEN >= tcs[t].ullLen) { - EVP_DigestSignUpdate(mctx, tcs[t].bIn, - (unsigned int)tcs[t].ullLen); - } else { - for(ullLeft = tcs[t].ullLen; - ullLeft >= sizeof(bZB); - ullLeft -= sizeof(bZB)) { - printf("B"); - fflush(NULL); - EVP_DigestSignUpdate(mctx, bZB, sizeof(bZB)); - } - printf("b%llu/%llu", ullLeft, tcs[t].ullLen); - fflush(NULL); - EVP_DigestSignUpdate(mctx, bZB, - (unsigned int)ullLeft); - } - siglen = 4; - EVP_DigestSignFinal(mctx, bTest, &siglen); - EVP_MD_CTX_free(mctx); - enlu = (int)tcs[t].ullLen; - enlf = 0; - l = siglen; - break; - } - if((int)tcs[t].ullLen != enlu || 0 != enlf || - 0 != memcmp(tcs[t].bOut, bTest, l)) { - fflush(NULL); - fprintf(stderr, "\nEngine test t=%d len=%llu " - "failed.\n", t, tcs[t].ullLen); - if(!ignore) { - return 13; - } - } else { - printf("."); - fflush(NULL); - } + continue; + } + EVP_MD_CTX_init(mctx); + mac_key = EVP_PKEY_new_mac_key( + NID_id_Gost28147_89_MAC, NULL, bDerive, mdl); + EVP_DigestSignInit(mctx, NULL, md_g89imit, impl, mac_key); + if (G89_MAX_TC_LEN >= tcs[t].ullLen) { + EVP_DigestSignUpdate( + mctx, tcs[t].bIn, (unsigned int)tcs[t].ullLen); + } else { + for (ullLeft = tcs[t].ullLen; ullLeft >= sizeof(bZB); + ullLeft -= sizeof(bZB)) { + printf("B"); + fflush(NULL); + EVP_DigestSignUpdate(mctx, bZB, sizeof(bZB)); + } + printf("b%llu/%llu", ullLeft, tcs[t].ullLen); + fflush(NULL); + EVP_DigestSignUpdate(mctx, bZB, (unsigned int)ullLeft); + } + siglen = 4; + EVP_DigestSignFinal(mctx, bTest, &siglen); + EVP_MD_CTX_free(mctx); + enlu = (int)tcs[t].ullLen; + enlf = 0; + l = siglen; + break; + } + if ((int)tcs[t].ullLen != enlu || 0 != enlf + || 0 != memcmp(tcs[t].bOut, bTest, l)) { + fflush(NULL); + fprintf(stderr, + "\nEngine test t=%d len=%llu " + "failed.\n", + t, tcs[t].ullLen); + if (!ignore) { + return 13; + } + } else { + printf("."); + fflush(NULL); + } } printf(" passed\n"); diff --git a/test_gost89.c b/test_gost89.c index b14d5e4e0..4d02cfccf 100644 --- a/test_gost89.c +++ b/test_gost89.c @@ -12,8 +12,8 @@ # include # pragma warning(pop) #endif -#include #include "gost89.h" + #include #include @@ -35,17 +35,14 @@ int main(void) int ret = 0; const unsigned char initial_key[] = { - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF - }; + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, + 0x33, 0x44, 0x55, 0x66, 0x77, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, + 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}; const unsigned char meshed_key[] = { - 0x86, 0x3E, 0xA0, 0x17, 0x84, 0x2C, 0x3D, 0x37, - 0x2B, 0x18, 0xA8, 0x5A, 0x28, 0xE2, 0x31, 0x7D, - 0x74, 0xBE, 0xFC, 0x10, 0x77, 0x20, 0xDE, 0x0C, - 0x9E, 0x8A, 0xB9, 0x74, 0xAB, 0xD0, 0x0C, 0xA0, + 0x86, 0x3E, 0xA0, 0x17, 0x84, 0x2C, 0x3D, 0x37, 0x2B, 0x18, 0xA8, + 0x5A, 0x28, 0xE2, 0x31, 0x7D, 0x74, 0xBE, 0xFC, 0x10, 0x77, 0x20, + 0xDE, 0x0C, 0x9E, 0x8A, 0xB9, 0x74, 0xAB, 0xD0, 0x0C, 0xA0, }; unsigned char buf[32]; diff --git a/test_keyexpimp.c b/test_keyexpimp.c index 0e61b6f43..934670a92 100644 --- a/test_keyexpimp.c +++ b/test_keyexpimp.c @@ -8,26 +8,26 @@ # pragma warning(push, 3) # include # pragma warning(pop) -# include # include +# include #else # include #endif -#include -#include -#include +#include "e_gost_err.h" +#include "gost_grasshopper_cipher.h" +#include "gost_lcl.h" + #include #include #include -#include "gost_lcl.h" -#include "e_gost_err.h" -#include "gost_grasshopper_cipher.h" +#include +#include -#define T(e) \ - if (!(e)) { \ - ERR_print_errors_fp(stderr); \ - OpenSSLDie(__FILE__, __LINE__, #e); \ - } +#define T(e) \ + if (!(e)) { \ + ERR_print_errors_fp(stderr); \ + OpenSSLDie(__FILE__, __LINE__, #e); \ + } static void hexdump(FILE *f, const char *title, const unsigned char *s, int l) { @@ -45,62 +45,50 @@ static void hexdump(FILE *f, const char *title, const unsigned char *s, int l) int main(void) { const unsigned char shared_key[] = { - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF - }; + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, + 0x33, 0x44, 0x55, 0x66, 0x77, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, + 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}; const unsigned char magma_key[] = { - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, - 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, + 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, + 0x3E, 0x3F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, }; unsigned char mac_magma_key[] = { - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x00, 0x01, 0x02, + 0x03, 0x04, 0x05, 0x06, 0x07, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, }; - const unsigned char magma_iv[] = { 0x67, 0xBE, 0xD6, 0x54 }; + const unsigned char magma_iv[] = {0x67, 0xBE, 0xD6, 0x54}; const unsigned char magma_export[] = { - 0xCF, 0xD5, 0xA1, 0x2D, 0x5B, 0x81, 0xB6, 0xE1, - 0xE9, 0x9C, 0x91, 0x6D, 0x07, 0x90, 0x0C, 0x6A, - 0xC1, 0x27, 0x03, 0xFB, 0x3A, 0xBD, 0xED, 0x55, - 0x56, 0x7B, 0xF3, 0x74, 0x2C, 0x89, 0x9C, 0x75, - 0x5D, 0xAF, 0xE7, 0xB4, 0x2E, 0x3A, 0x8B, 0xD9 - }; + 0xCF, 0xD5, 0xA1, 0x2D, 0x5B, 0x81, 0xB6, 0xE1, 0xE9, 0x9C, + 0x91, 0x6D, 0x07, 0x90, 0x0C, 0x6A, 0xC1, 0x27, 0x03, 0xFB, + 0x3A, 0xBD, 0xED, 0x55, 0x56, 0x7B, 0xF3, 0x74, 0x2C, 0x89, + 0x9C, 0x75, 0x5D, 0xAF, 0xE7, 0xB4, 0x2E, 0x3A, 0x8B, 0xD9}; unsigned char kdftree_key[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, + 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, }; - unsigned char kdf_label[] = { 0x26, 0xBD, 0xB8, 0x78 }; - unsigned char kdf_seed[] = - { 0xAF, 0x21, 0x43, 0x41, 0x45, 0x65, 0x63, 0x78 }; + unsigned char kdf_label[] = {0x26, 0xBD, 0xB8, 0x78}; + unsigned char kdf_seed[] = {0xAF, 0x21, 0x43, 0x41, 0x45, 0x65, 0x63, 0x78}; const unsigned char kdf_etalon[] = { - 0x22, 0xB6, 0x83, 0x78, 0x45, 0xC6, 0xBE, 0xF6, - 0x5E, 0xA7, 0x16, 0x72, 0xB2, 0x65, 0x83, 0x10, - 0x86, 0xD3, 0xC7, 0x6A, 0xEB, 0xE6, 0xDA, 0xE9, - 0x1C, 0xAD, 0x51, 0xD8, 0x3F, 0x79, 0xD1, 0x6B, - 0x07, 0x4C, 0x93, 0x30, 0x59, 0x9D, 0x7F, 0x8D, - 0x71, 0x2F, 0xCA, 0x54, 0x39, 0x2F, 0x4D, 0xDD, - 0xE9, 0x37, 0x51, 0x20, 0x6B, 0x35, 0x84, 0xC8, - 0xF4, 0x3F, 0x9E, 0x6D, 0xC5, 0x15, 0x31, 0xF9 - }; + 0x22, 0xB6, 0x83, 0x78, 0x45, 0xC6, 0xBE, 0xF6, 0x5E, 0xA7, 0x16, + 0x72, 0xB2, 0x65, 0x83, 0x10, 0x86, 0xD3, 0xC7, 0x6A, 0xEB, 0xE6, + 0xDA, 0xE9, 0x1C, 0xAD, 0x51, 0xD8, 0x3F, 0x79, 0xD1, 0x6B, 0x07, + 0x4C, 0x93, 0x30, 0x59, 0x9D, 0x7F, 0x8D, 0x71, 0x2F, 0xCA, 0x54, + 0x39, 0x2F, 0x4D, 0xDD, 0xE9, 0x37, 0x51, 0x20, 0x6B, 0x35, 0x84, + 0xC8, 0xF4, 0x3F, 0x9E, 0x6D, 0xC5, 0x15, 0x31, 0xF9}; const unsigned char tlstree_gh_etalon[] = { - 0x50, 0x76, 0x42, 0xd9, 0x58, 0xc5, 0x20, 0xc6, - 0xd7, 0xee, 0xf5, 0xca, 0x8a, 0x53, 0x16, 0xd4, - 0xf3, 0x4b, 0x85, 0x5d, 0x2d, 0xd4, 0xbc, 0xbf, - 0x4e, 0x5b, 0xf0, 0xff, 0x64, 0x1a, 0x19, 0xff, + 0x50, 0x76, 0x42, 0xd9, 0x58, 0xc5, 0x20, 0xc6, 0xd7, 0xee, 0xf5, + 0xca, 0x8a, 0x53, 0x16, 0xd4, 0xf3, 0x4b, 0x85, 0x5d, 0x2d, 0xd4, + 0xbc, 0xbf, 0x4e, 0x5b, 0xf0, 0xff, 0x64, 0x1a, 0x19, 0xff, }; unsigned char buf[32 + 16]; @@ -131,9 +119,8 @@ int main(void) tlsseq[7] = 63; memset(out, 0, 32); - ret = gost_kexp15(shared_key, 32, - NID_magma_ctr, magma_key, - NID_magma_mac, mac_magma_key, magma_iv, 4, buf, &outlen); + ret = gost_kexp15(shared_key, 32, NID_magma_ctr, magma_key, NID_magma_mac, + mac_magma_key, magma_iv, 4, buf, &outlen); if (ret <= 0) { ERR_print_errors_fp(stderr); @@ -146,9 +133,8 @@ int main(void) } } - ret = gost_kimp15(magma_export, 40, - NID_magma_ctr, magma_key, - NID_magma_mac, mac_magma_key, magma_iv, 4, buf); + ret = gost_kimp15(magma_export, 40, NID_magma_ctr, magma_key, NID_magma_mac, + mac_magma_key, magma_iv, 4, buf); if (ret <= 0) { ERR_print_errors_fp(stderr); @@ -161,8 +147,8 @@ int main(void) } } - ret = gost_kdftree2012_256(kdf_result, 64, kdftree_key, 32, kdf_label, 4, - kdf_seed, 8, 1); + ret = gost_kdftree2012_256( + kdf_result, 64, kdftree_key, 32, kdf_label, 4, kdf_seed, 8, 1); if (ret <= 0) { ERR_print_errors_fp(stderr); err = 5; diff --git a/test_mgm.c b/test_mgm.c index 31f8570e8..14b3fef2a 100644 --- a/test_mgm.c +++ b/test_mgm.c @@ -10,12 +10,12 @@ * See https://www.openssl.org/source/license.html for details */ +#include "gost_gost2015.h" +#include "gost_grasshopper_cipher.h" + #include #include #include - -#include "gost_grasshopper_cipher.h" -#include "gost_gost2015.h" #if defined _MSC_VER # include # define alloca _alloca @@ -23,91 +23,92 @@ # include #endif -#define T(e) ({ \ - if (!(e)) {\ - ERR_print_errors_fp(stderr);\ - OpenSSLDie(__FILE__, __LINE__, #e);\ - } \ -}) - -#define TEST_ASSERT(e) {if ((test = (e))) \ - printf("Test FAILED\n"); \ - else \ - printf("Test passed\n");} - +#define T(e) \ + ({ \ +if (!(e)) { \ +ERR_print_errors_fp(stderr); \ +OpenSSLDie(__FILE__, __LINE__, #e); \ +} \ + }) + +#define TEST_ASSERT(e) \ + { \ + if ((test = (e))) \ + printf("Test FAILED\n"); \ + else \ + printf("Test passed\n"); \ + } /* MGM-Encrypt/MGM-decrypt test data from "R 1323565.1.026-2019" */ const unsigned char gh_key[32] = { - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, + 0x33, 0x44, 0x55, 0x66, 0x77, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, + 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, }; const unsigned char gh_nonce[16] = { - 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x00, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88 -}; + 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x00, + 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88}; const unsigned char gh_adata[41] = { - 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, - 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, - 0xEA, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05 -}; + 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, + 0x04, 0x04, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0xEA, + 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05}; const unsigned char gh_pdata[67] = { - 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x00, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, - 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00, - 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00, 0x11, - 0xAA, 0xBB, 0xCC -}; + 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x00, 0xFF, 0xEE, 0xDD, 0xCC, + 0xBB, 0xAA, 0x99, 0x88, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x11, 0x22, 0x33, 0x44, + 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00, + 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, + 0xFF, 0x0A, 0x00, 0x11, 0xAA, 0xBB, 0xCC}; const unsigned char gh_e_cdata[67] = { - 0xA9, 0x75, 0x7B, 0x81, 0x47, 0x95, 0x6E, 0x90, 0x55, 0xB8, 0xA3, 0x3D, 0xE8, 0x9F, 0x42, 0xFC, - 0x80, 0x75, 0xD2, 0x21, 0x2B, 0xF9, 0xFD, 0x5B, 0xD3, 0xF7, 0x06, 0x9A, 0xAD, 0xC1, 0x6B, 0x39, - 0x49, 0x7A, 0xB1, 0x59, 0x15, 0xA6, 0xBA, 0x85, 0x93, 0x6B, 0x5D, 0x0E, 0xA9, 0xF6, 0x85, 0x1C, - 0xC6, 0x0C, 0x14, 0xD4, 0xD3, 0xF8, 0x83, 0xD0, 0xAB, 0x94, 0x42, 0x06, 0x95, 0xC7, 0x6D, 0xEB, - 0x2C, 0x75, 0x52 -}; + 0xA9, 0x75, 0x7B, 0x81, 0x47, 0x95, 0x6E, 0x90, 0x55, 0xB8, 0xA3, 0x3D, + 0xE8, 0x9F, 0x42, 0xFC, 0x80, 0x75, 0xD2, 0x21, 0x2B, 0xF9, 0xFD, 0x5B, + 0xD3, 0xF7, 0x06, 0x9A, 0xAD, 0xC1, 0x6B, 0x39, 0x49, 0x7A, 0xB1, 0x59, + 0x15, 0xA6, 0xBA, 0x85, 0x93, 0x6B, 0x5D, 0x0E, 0xA9, 0xF6, 0x85, 0x1C, + 0xC6, 0x0C, 0x14, 0xD4, 0xD3, 0xF8, 0x83, 0xD0, 0xAB, 0x94, 0x42, 0x06, + 0x95, 0xC7, 0x6D, 0xEB, 0x2C, 0x75, 0x52}; const unsigned char gh_e_tag[16] = { - 0xCF, 0x5D, 0x65, 0x6F, 0x40, 0xC3, 0x4F, 0x5C, 0x46, 0xE8, 0xBB, 0x0E, 0x29, 0xFC, 0xDB, 0x4C -}; + 0xCF, 0x5D, 0x65, 0x6F, 0x40, 0xC3, 0x4F, 0x5C, + 0x46, 0xE8, 0xBB, 0x0E, 0x29, 0xFC, 0xDB, 0x4C}; const unsigned char mg_key[32] = { - 0xFF, 0xee, 0xDD, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00, - 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xff -}; + 0xFF, 0xee, 0xDD, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 0x77, 0x66, 0x55, + 0x44, 0x33, 0x22, 0x11, 0x00, 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, + 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xff}; const unsigned char mg_nonce[8] = { - 0x12, 0xDE, 0xF0, 0x6B, 0x3C, 0x13, 0x0A, 0x59 -}; + 0x12, 0xDE, 0xF0, 0x6B, 0x3C, 0x13, 0x0A, 0x59}; const unsigned char mg_adata[41] = { - 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, - 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, - 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0xea -}; + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x02, 0x02, 0x02, + 0x02, 0x02, 0x02, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x05, + 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0xea}; const unsigned char mg_pdata[67] = { - 0xFF, 0xee, 0xDD, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x00, - 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xee, 0xFF, 0x0A, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x99, 0xaa, 0xbb, 0xcc, 0xee, 0xFF, 0x0a, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, - 0xaa, 0xbb, 0xcc, 0xee, 0xFF, 0x0a, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, - 0xaa, 0xbb, 0xcc -}; + 0xFF, 0xee, 0xDD, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 0x11, 0x22, 0x33, 0x44, + 0x55, 0x66, 0x77, 0x00, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xee, 0xFF, 0x0A, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x99, 0xaa, 0xbb, 0xcc, + 0xee, 0xFF, 0x0a, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, + 0xaa, 0xbb, 0xcc, 0xee, 0xFF, 0x0a, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc}; const unsigned char mg_e_cdata[67] = { - 0xc7, 0x95, 0x06, 0x6c, 0x5f, 0x9e, 0xa0, 0x3b, 0x85, 0x11, 0x33, 0x42, 0x45, 0x91, 0x85, 0xae, - 0x1f, 0x2e, 0x00, 0xd6, 0xbf, 0x2b, 0x78, 0x5d, 0x94, 0x04, 0x70, 0xb8, 0xbb, 0x9c, 0x8e, 0x7d, - 0x9a, 0x5d, 0xd3, 0x73, 0x1f, 0x7d, 0xdc, 0x70, 0xec, 0x27, 0xcb, 0x0a, 0xce, 0x6f, 0xa5, 0x76, - 0x70, 0xf6, 0x5c, 0x64, 0x6a, 0xbb, 0x75, 0xd5, 0x47, 0xaa, 0x37, 0xc3, 0xbc, 0xb5, 0xc3, 0x4e, - 0x03, 0xbb, 0x9c -}; + 0xc7, 0x95, 0x06, 0x6c, 0x5f, 0x9e, 0xa0, 0x3b, 0x85, 0x11, 0x33, 0x42, + 0x45, 0x91, 0x85, 0xae, 0x1f, 0x2e, 0x00, 0xd6, 0xbf, 0x2b, 0x78, 0x5d, + 0x94, 0x04, 0x70, 0xb8, 0xbb, 0x9c, 0x8e, 0x7d, 0x9a, 0x5d, 0xd3, 0x73, + 0x1f, 0x7d, 0xdc, 0x70, 0xec, 0x27, 0xcb, 0x0a, 0xce, 0x6f, 0xa5, 0x76, + 0x70, 0xf6, 0x5c, 0x64, 0x6a, 0xbb, 0x75, 0xd5, 0x47, 0xaa, 0x37, 0xc3, + 0xbc, 0xb5, 0xc3, 0x4e, 0x03, 0xbb, 0x9c}; const unsigned char mg_e_tag[8] = { - 0xa7, 0x92, 0x80, 0x69, 0xaa, 0x10, 0xfd, 0x10 -}; - + 0xa7, 0x92, 0x80, 0x69, 0xaa, 0x10, 0xfd, 0x10}; static struct testcase { const char *sn; @@ -121,37 +122,33 @@ static struct testcase { const unsigned char *expected; const unsigned char *expected_tag; } testcases[] = { - { - .sn = SN_kuznyechik_mgm, - .key = gh_key, - .nonce = gh_nonce, - .nonce_len = sizeof(gh_nonce), - .aad = gh_adata, - .aad_len = sizeof(gh_adata), - .plaintext = gh_pdata, - .ptext_len = sizeof(gh_pdata), - .expected = gh_e_cdata, - .expected_tag = gh_e_tag - }, - { - .sn = SN_magma_mgm, - .key = mg_key, - .nonce = mg_nonce, - .nonce_len = sizeof(mg_nonce), - .aad = mg_adata, - .aad_len = sizeof(mg_adata), - .plaintext = mg_pdata, - .ptext_len = sizeof(mg_pdata), - .expected = mg_e_cdata, - .expected_tag = mg_e_tag - }, - { 0 } -}; - -static int test_block(const EVP_CIPHER *ciph, const char *name, const unsigned char *nonce, size_t nlen, - const unsigned char *aad, size_t alen, const unsigned char *ptext, size_t plen, - const unsigned char *exp_ctext, const unsigned char *exp_tag, - const unsigned char * key, int small) + {.sn = SN_kuznyechik_mgm, + .key = gh_key, + .nonce = gh_nonce, + .nonce_len = sizeof(gh_nonce), + .aad = gh_adata, + .aad_len = sizeof(gh_adata), + .plaintext = gh_pdata, + .ptext_len = sizeof(gh_pdata), + .expected = gh_e_cdata, + .expected_tag = gh_e_tag}, + {.sn = SN_magma_mgm, + .key = mg_key, + .nonce = mg_nonce, + .nonce_len = sizeof(mg_nonce), + .aad = mg_adata, + .aad_len = sizeof(mg_adata), + .plaintext = mg_pdata, + .ptext_len = sizeof(mg_pdata), + .expected = mg_e_cdata, + .expected_tag = mg_e_tag}, + {0}}; + +static int test_block( + const EVP_CIPHER *ciph, const char *name, const unsigned char *nonce, + size_t nlen, const unsigned char *aad, size_t alen, + const unsigned char *ptext, size_t plen, const unsigned char *exp_ctext, + const unsigned char *exp_tag, const unsigned char *key, int small) { EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); unsigned char *c = alloca(plen); @@ -161,18 +158,21 @@ static int test_block(const EVP_CIPHER *ciph, const char *name, const unsigned c int ret = 0, rv, test, i; OPENSSL_assert(ctx); - printf("Encryption test %s [%s]: ", name, small ? "small chunks" : "big chunks"); + printf("Encryption test %s [%s]: ", name, + small ? "small chunks" : "big chunks"); // test encrypt EVP_CIPHER_CTX_init(ctx); - EVP_EncryptInit_ex(ctx, ciph, NULL, NULL, NULL); // Set cipher type and mode - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, nlen, NULL); // Set IV length - EVP_EncryptInit_ex(ctx, NULL, NULL, key, nonce); // Initialise key and IV + EVP_EncryptInit_ex(ctx, ciph, NULL, NULL, NULL); // Set cipher type and mode + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, nlen, + NULL); // Set IV length + EVP_EncryptInit_ex(ctx, NULL, NULL, key, nonce); // Initialise key and IV memset(c, 0, plen); if (!small) { // test big chunks - EVP_EncryptUpdate(ctx, NULL, &outlen1, aad, alen); // Zero or more calls to specify any AAD - EVP_EncryptUpdate(ctx, c, &outlen2, ptext, plen); // Encrypt plaintext + EVP_EncryptUpdate(ctx, NULL, &outlen1, aad, + alen); // Zero or more calls to specify any AAD + EVP_EncryptUpdate(ctx, c, &outlen2, ptext, plen); // Encrypt plaintext } else { // test small chunks outlen1 = outlen2 = 0; @@ -191,14 +191,13 @@ static int test_block(const EVP_CIPHER *ciph, const char *name, const unsigned c EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tag_len, t); EVP_CIPHER_CTX_cleanup(ctx); - TEST_ASSERT(outlen1 != alen || outlen2 != plen || - memcmp(c, exp_ctext, plen) || - memcmp(t, exp_tag, tag_len)); + TEST_ASSERT(outlen1 != alen || outlen2 != plen || memcmp(c, exp_ctext, plen) + || memcmp(t, exp_tag, tag_len)); ret |= test; - // test decrtypt - printf("Decryption test %s [%s]: ", name, small ? "small chunks" : "big chunks"); + printf("Decryption test %s [%s]: ", name, + small ? "small chunks" : "big chunks"); EVP_CIPHER_CTX_init(ctx); EVP_DecryptInit_ex(ctx, ciph, NULL, NULL, NULL); EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, nlen, NULL); @@ -227,8 +226,8 @@ static int test_block(const EVP_CIPHER *ciph, const char *name, const unsigned c EVP_CIPHER_CTX_cleanup(ctx); EVP_CIPHER_CTX_free(ctx); - TEST_ASSERT(outlen1 != alen || outlen2 != plen || - memcmp(c, ptext, plen) || rv != 1); + TEST_ASSERT(outlen1 != alen || outlen2 != plen || memcmp(c, ptext, plen) + || rv != 1); ret |= test; return ret; @@ -255,8 +254,8 @@ int main(void) printf("Tests for %s\n", name); for (small = 0; small <= 1; small++) - ret |= test_block(ciph, name, t->nonce, t->nonce_len, - t->aad, t->aad_len, t->plaintext, t->ptext_len, + ret |= test_block(ciph, name, t->nonce, t->nonce_len, t->aad, + t->aad_len, t->plaintext, t->ptext_len, t->expected, t->expected_tag, t->key, small); EVP_CIPHER_free(ciph_prov); } diff --git a/test_params.c b/test_params.c index 114193346..e492c7bfb 100644 --- a/test_params.c +++ b/test_params.c @@ -14,48 +14,52 @@ #endif #include "e_gost_err.h" #include "gost_lcl.h" -#include -#include -#include + #include -#include -#include #include +#include +#include +#include +#include +#include #include #include -#define T(e) \ - if (!(e)) { \ - ERR_print_errors_fp(stderr); \ - OpenSSLDie(__FILE__, __LINE__, #e); \ - } -#define TE(e) \ - if (!(e)) { \ - ERR_print_errors_fp(stderr); \ - fprintf(stderr, "Error at %s:%d %s\n", __FILE__, __LINE__, #e); \ - return -1; \ - } - -#define cRED "\033[1;31m" -#define cDRED "\033[0;31m" -#define cGREEN "\033[1;32m" -#define cDGREEN "\033[0;32m" -#define cBLUE "\033[1;34m" -#define cDBLUE "\033[0;34m" -#define cNORM "\033[m" -#define TEST_ASSERT(e) {if ((test = (e))) \ - printf(cRED " Test FAILED" cNORM "\n"); \ - else \ - printf(cGREEN " Test passed" cNORM "\n");} +#define T(e) \ + if (!(e)) { \ + ERR_print_errors_fp(stderr); \ + OpenSSLDie(__FILE__, __LINE__, #e); \ + } +#define TE(e) \ + if (!(e)) { \ + ERR_print_errors_fp(stderr); \ + fprintf(stderr, "Error at %s:%d %s\n", __FILE__, __LINE__, #e); \ + return -1; \ + } + +#define cRED "\033[1;31m" +#define cDRED "\033[0;31m" +#define cGREEN "\033[1;32m" +#define cDGREEN "\033[0;32m" +#define cBLUE "\033[1;34m" +#define cDBLUE "\033[0;34m" +#define cNORM "\033[m" +#define TEST_ASSERT(e) \ + { \ + if ((test = (e))) \ + printf(cRED " Test FAILED" cNORM "\n"); \ + else \ + printf(cGREEN " Test passed" cNORM "\n"); \ + } struct test_param { - unsigned int param; /* NID of EC parameters */ - unsigned int len; /* length of a digest or a half of the key */ - unsigned int data_len; /* length of @data */ - const uint8_t *data; /* data to hash (optional) */ - const uint8_t *hash; /* hash of data */ - const uint8_t *signature; /* raw signature */ - const uint8_t *pub_key; /* raw public key */ + unsigned int param; /* NID of EC parameters */ + unsigned int len; /* length of a digest or a half of the key */ + unsigned int data_len; /* length of @data */ + const uint8_t *data; /* data to hash (optional) */ + const uint8_t *hash; /* hash of data */ + const uint8_t *signature; /* raw signature */ + const uint8_t *pub_key; /* raw public key */ }; /* @@ -65,426 +69,328 @@ struct test_param { /* 1.2.643.2.2.35.1 - szOID_GostR3410_2001_CryptoPro_A_ParamSet */ const uint8_t data_2001_256_setA[] = { - 0xCB, 0x03, 0xB7, 0x57, 0xBC, 0xA7, 0xBC, 0xB6, - 0xB0, 0x37, 0xC5, 0xD4, 0xBB, 0x51, 0x52, 0x9A, - 0xEE, 0xF3, 0x28, 0x9B, 0x14, 0x11, 0xE2, 0xCB, - 0xAB, 0x82, 0x1A, 0xDF, 0x1D, 0x2A, 0x70, 0xE6, - 0x09, 0x1B, 0x7C, 0xE9, 0x6D, 0xAE, 0xAF, 0xF9, + 0xCB, 0x03, 0xB7, 0x57, 0xBC, 0xA7, 0xBC, 0xB6, 0xB0, 0x37, + 0xC5, 0xD4, 0xBB, 0x51, 0x52, 0x9A, 0xEE, 0xF3, 0x28, 0x9B, + 0x14, 0x11, 0xE2, 0xCB, 0xAB, 0x82, 0x1A, 0xDF, 0x1D, 0x2A, + 0x70, 0xE6, 0x09, 0x1B, 0x7C, 0xE9, 0x6D, 0xAE, 0xAF, 0xF9, }; static uint8_t hash_2001_256_setA[] = { - 0x4F, 0x49, 0xB3, 0x9E, 0xA0, 0x06, 0xD0, 0xDA, - 0x4D, 0x81, 0x50, 0x61, 0x08, 0x66, 0xA1, 0x18, - 0xA6, 0x04, 0x25, 0x98, 0xB9, 0x66, 0x00, 0x32, - 0xC5, 0x40, 0xD6, 0xEB, 0x1A, 0x85, 0x70, 0xEE, + 0x4F, 0x49, 0xB3, 0x9E, 0xA0, 0x06, 0xD0, 0xDA, 0x4D, 0x81, 0x50, + 0x61, 0x08, 0x66, 0xA1, 0x18, 0xA6, 0x04, 0x25, 0x98, 0xB9, 0x66, + 0x00, 0x32, 0xC5, 0x40, 0xD6, 0xEB, 0x1A, 0x85, 0x70, 0xEE, }; static uint8_t signature_2001_256_setA[] = { - 0x7E, 0xE2, 0x99, 0xB9, 0x50, 0x78, 0x1C, 0xE4, - 0xDC, 0xA6, 0x68, 0xCF, 0x6E, 0x88, 0xDC, 0x29, - 0x3F, 0x13, 0x8F, 0x12, 0x14, 0x1A, 0x03, 0x3A, - 0x09, 0x01, 0x78, 0x52, 0x82, 0x7D, 0xDC, 0x7B, - 0xF0, 0xE5, 0x49, 0x93, 0x9D, 0xBF, 0x95, 0x4B, - 0xB4, 0xB1, 0x40, 0x72, 0xDE, 0x15, 0x86, 0x11, - 0x1D, 0xF9, 0x63, 0xF2, 0xE7, 0xEF, 0xB7, 0xBD, - 0x73, 0xF7, 0xB7, 0xD1, 0x95, 0x61, 0xBA, 0x1C, + 0x7E, 0xE2, 0x99, 0xB9, 0x50, 0x78, 0x1C, 0xE4, 0xDC, 0xA6, 0x68, + 0xCF, 0x6E, 0x88, 0xDC, 0x29, 0x3F, 0x13, 0x8F, 0x12, 0x14, 0x1A, + 0x03, 0x3A, 0x09, 0x01, 0x78, 0x52, 0x82, 0x7D, 0xDC, 0x7B, 0xF0, + 0xE5, 0x49, 0x93, 0x9D, 0xBF, 0x95, 0x4B, 0xB4, 0xB1, 0x40, 0x72, + 0xDE, 0x15, 0x86, 0x11, 0x1D, 0xF9, 0x63, 0xF2, 0xE7, 0xEF, 0xB7, + 0xBD, 0x73, 0xF7, 0xB7, 0xD1, 0x95, 0x61, 0xBA, 0x1C, }; static uint8_t pubkey_2001_256_setA[] = { - 0xF0, 0x69, 0xAF, 0x90, 0xEE, 0xE4, 0xA3, 0x33, - 0x52, 0xA2, 0xE8, 0x0C, 0x72, 0xE6, 0x20, 0xAF, - 0xB7, 0x66, 0x03, 0xE5, 0xFF, 0x85, 0xF3, 0xAA, - 0x5F, 0x38, 0x2F, 0x8E, 0x44, 0xEF, 0x51, 0x0F, - 0x82, 0x59, 0x4A, 0x99, 0x10, 0xB8, 0x89, 0xCD, - 0x78, 0xD2, 0xBA, 0xF1, 0x97, 0xFE, 0xEB, 0xE6, - 0x74, 0xC1, 0x96, 0x90, 0x97, 0x71, 0xAD, 0x16, - 0x9F, 0x9B, 0x37, 0xDD, 0x2B, 0x44, 0xFF, 0x2D, + 0xF0, 0x69, 0xAF, 0x90, 0xEE, 0xE4, 0xA3, 0x33, 0x52, 0xA2, 0xE8, + 0x0C, 0x72, 0xE6, 0x20, 0xAF, 0xB7, 0x66, 0x03, 0xE5, 0xFF, 0x85, + 0xF3, 0xAA, 0x5F, 0x38, 0x2F, 0x8E, 0x44, 0xEF, 0x51, 0x0F, 0x82, + 0x59, 0x4A, 0x99, 0x10, 0xB8, 0x89, 0xCD, 0x78, 0xD2, 0xBA, 0xF1, + 0x97, 0xFE, 0xEB, 0xE6, 0x74, 0xC1, 0x96, 0x90, 0x97, 0x71, 0xAD, + 0x16, 0x9F, 0x9B, 0x37, 0xDD, 0x2B, 0x44, 0xFF, 0x2D, }; /* 1.2.643.2.2.35.2 - szOID_GostR3410_2001_CryptoPro_B_ParamSet */ const uint8_t data_2001_256_setB[] = { - 0x54, 0x7D, 0x31, 0xFE, 0x69, 0xD4, 0xB1, 0x58, - 0x7E, 0x34, 0x2D, 0xC9, 0x3D, 0xBD, 0x67, 0xAF, - 0xD8, 0x31, 0x90, 0xC4, 0xA9, 0x07, 0xCE, 0x34, - 0x3F, 0x90, 0x3A, 0xC4, 0xFC, 0xE4, 0x4E, 0xEA, - 0xF1, 0xE9, 0x04, 0xD0, 0x7E, 0x4B, 0xCF, 0x39 -}; + 0x54, 0x7D, 0x31, 0xFE, 0x69, 0xD4, 0xB1, 0x58, 0x7E, 0x34, + 0x2D, 0xC9, 0x3D, 0xBD, 0x67, 0xAF, 0xD8, 0x31, 0x90, 0xC4, + 0xA9, 0x07, 0xCE, 0x34, 0x3F, 0x90, 0x3A, 0xC4, 0xFC, 0xE4, + 0x4E, 0xEA, 0xF1, 0xE9, 0x04, 0xD0, 0x7E, 0x4B, 0xCF, 0x39}; const uint8_t hash_2001_256_setB[] = { - 0x10, 0xDE, 0x3D, 0x7A, 0xEE, 0x6E, 0xC0, 0x0D, - 0x57, 0x9B, 0x4B, 0xB2, 0x92, 0xB8, 0xE5, 0x4E, - 0x75, 0x19, 0x92, 0xFE, 0x71, 0x91, 0xF7, 0xF2, - 0x72, 0xE7, 0x77, 0x47, 0x51, 0xF7, 0xEC, 0x26, + 0x10, 0xDE, 0x3D, 0x7A, 0xEE, 0x6E, 0xC0, 0x0D, 0x57, 0x9B, 0x4B, + 0xB2, 0x92, 0xB8, 0xE5, 0x4E, 0x75, 0x19, 0x92, 0xFE, 0x71, 0x91, + 0xF7, 0xF2, 0x72, 0xE7, 0x77, 0x47, 0x51, 0xF7, 0xEC, 0x26, }; const uint8_t signature_2001_256_setB[] = { - 0x9C, 0x27, 0x76, 0x22, 0xB8, 0x4A, 0xB6, 0x2B, - 0xBA, 0x2E, 0xE3, 0xD5, 0x89, 0x72, 0x89, 0x53, - 0x7C, 0x2D, 0xB7, 0x70, 0x8A, 0xD5, 0x7B, 0x61, - 0xDF, 0xD1, 0xD6, 0x7F, 0x77, 0xFF, 0xDB, 0x4E, - 0xEE, 0x98, 0xFC, 0x2C, 0xDE, 0xAA, 0xC7, 0xDE, - 0x42, 0xEE, 0x40, 0x12, 0x5E, 0xC8, 0xFE, 0x0E, - 0x97, 0x80, 0xB9, 0x6A, 0xAC, 0x93, 0xAD, 0xEE, - 0x96, 0xE1, 0xDB, 0xC6, 0xF2, 0xAC, 0xF4, 0x22 -}; + 0x9C, 0x27, 0x76, 0x22, 0xB8, 0x4A, 0xB6, 0x2B, 0xBA, 0x2E, 0xE3, + 0xD5, 0x89, 0x72, 0x89, 0x53, 0x7C, 0x2D, 0xB7, 0x70, 0x8A, 0xD5, + 0x7B, 0x61, 0xDF, 0xD1, 0xD6, 0x7F, 0x77, 0xFF, 0xDB, 0x4E, 0xEE, + 0x98, 0xFC, 0x2C, 0xDE, 0xAA, 0xC7, 0xDE, 0x42, 0xEE, 0x40, 0x12, + 0x5E, 0xC8, 0xFE, 0x0E, 0x97, 0x80, 0xB9, 0x6A, 0xAC, 0x93, 0xAD, + 0xEE, 0x96, 0xE1, 0xDB, 0xC6, 0xF2, 0xAC, 0xF4, 0x22}; const uint8_t pubkey_2001_256_setB[] = { - 0x6A, 0x8A, 0x5E, 0x32, 0x00, 0xED, 0xD3, 0xA7, - 0x38, 0x83, 0x58, 0x7D, 0xBD, 0xE9, 0xFD, 0xA9, - 0x00, 0xAE, 0xE8, 0x4F, 0xFF, 0x71, 0xD2, 0xA0, - 0x79, 0x14, 0xD4, 0xB4, 0xB2, 0x00, 0x9A, 0x0A, - 0x51, 0x21, 0xD5, 0x19, 0x05, 0xF1, 0xB7, 0x6C, - 0x2E, 0x3A, 0x18, 0xDD, 0x82, 0x67, 0x7F, 0x96, - 0x0B, 0x1A, 0x76, 0x93, 0xF7, 0x6A, 0xCA, 0x15, - 0xCD, 0xEE, 0xA1, 0xD2, 0xDE, 0xD5, 0x56, 0x20 -}; + 0x6A, 0x8A, 0x5E, 0x32, 0x00, 0xED, 0xD3, 0xA7, 0x38, 0x83, 0x58, + 0x7D, 0xBD, 0xE9, 0xFD, 0xA9, 0x00, 0xAE, 0xE8, 0x4F, 0xFF, 0x71, + 0xD2, 0xA0, 0x79, 0x14, 0xD4, 0xB4, 0xB2, 0x00, 0x9A, 0x0A, 0x51, + 0x21, 0xD5, 0x19, 0x05, 0xF1, 0xB7, 0x6C, 0x2E, 0x3A, 0x18, 0xDD, + 0x82, 0x67, 0x7F, 0x96, 0x0B, 0x1A, 0x76, 0x93, 0xF7, 0x6A, 0xCA, + 0x15, 0xCD, 0xEE, 0xA1, 0xD2, 0xDE, 0xD5, 0x56, 0x20}; /* 1.2.643.2.2.35.3 - szOID_GostR3410_2001_CryptoPro_C_ParamSet */ const uint8_t data_2001_256_setC[] = { - 0x30, 0x26, 0xBB, 0x7C, 0xEE, 0x71, 0x15, 0xF6, - 0x01, 0x3B, 0x8E, 0xF9, 0x04, 0xA7, 0x02, 0x39, - 0xC7, 0xF2, 0xDC, 0x15, 0x2C, 0xB4, 0x95, 0x74, - 0x1B, 0x66, 0x78, 0x5A, 0x0F, 0xF1, 0x88, 0x5A, - 0x68, 0x7F, 0xD2, 0xE8, 0xF3, 0x85, 0xE2, 0xD5 -}; + 0x30, 0x26, 0xBB, 0x7C, 0xEE, 0x71, 0x15, 0xF6, 0x01, 0x3B, + 0x8E, 0xF9, 0x04, 0xA7, 0x02, 0x39, 0xC7, 0xF2, 0xDC, 0x15, + 0x2C, 0xB4, 0x95, 0x74, 0x1B, 0x66, 0x78, 0x5A, 0x0F, 0xF1, + 0x88, 0x5A, 0x68, 0x7F, 0xD2, 0xE8, 0xF3, 0x85, 0xE2, 0xD5}; const uint8_t hash_2001_256_setC[] = { - 0x8C, 0xFE, 0x45, 0xBD, 0x4F, 0x9D, 0xEB, 0x80, - 0x78, 0xA7, 0xA3, 0xFB, 0xB3, 0x06, 0x2A, 0xE4, - 0xD6, 0xF4, 0x1A, 0x0B, 0x31, 0xEB, 0x82, 0xB8, - 0x13, 0x32, 0xD6, 0xA2, 0xAE, 0x80, 0xF1, 0xF7 -}; + 0x8C, 0xFE, 0x45, 0xBD, 0x4F, 0x9D, 0xEB, 0x80, 0x78, 0xA7, 0xA3, + 0xFB, 0xB3, 0x06, 0x2A, 0xE4, 0xD6, 0xF4, 0x1A, 0x0B, 0x31, 0xEB, + 0x82, 0xB8, 0x13, 0x32, 0xD6, 0xA2, 0xAE, 0x80, 0xF1, 0xF7}; const uint8_t signature_2001_256_setC[] = { - 0xD3, 0x16, 0xBB, 0x65, 0x48, 0x6D, 0x2D, 0x55, - 0x14, 0x13, 0xAE, 0x20, 0x31, 0x2B, 0xA5, 0x6B, - 0x32, 0x56, 0x0C, 0xCF, 0xB3, 0x48, 0x59, 0x63, - 0x3C, 0x8F, 0xD6, 0x98, 0x9D, 0x88, 0xB1, 0x34, - 0xAB, 0xBD, 0x04, 0x39, 0x66, 0xE5, 0x9D, 0x63, - 0xAA, 0xAB, 0x63, 0x98, 0x6C, 0x06, 0x54, 0xC2, - 0xDB, 0xD0, 0x6A, 0x6E, 0x57, 0xB3, 0x23, 0x41, - 0xAB, 0x22, 0xBB, 0x13, 0x37, 0x18, 0x3E, 0x08 -}; + 0xD3, 0x16, 0xBB, 0x65, 0x48, 0x6D, 0x2D, 0x55, 0x14, 0x13, 0xAE, + 0x20, 0x31, 0x2B, 0xA5, 0x6B, 0x32, 0x56, 0x0C, 0xCF, 0xB3, 0x48, + 0x59, 0x63, 0x3C, 0x8F, 0xD6, 0x98, 0x9D, 0x88, 0xB1, 0x34, 0xAB, + 0xBD, 0x04, 0x39, 0x66, 0xE5, 0x9D, 0x63, 0xAA, 0xAB, 0x63, 0x98, + 0x6C, 0x06, 0x54, 0xC2, 0xDB, 0xD0, 0x6A, 0x6E, 0x57, 0xB3, 0x23, + 0x41, 0xAB, 0x22, 0xBB, 0x13, 0x37, 0x18, 0x3E, 0x08}; const uint8_t pubkey_2001_256_setC[] = { - 0xBA, 0x43, 0xE0, 0xF4, 0x0D, 0x3E, 0x50, 0x60, - 0xCE, 0xC7, 0xE7, 0x0C, 0x34, 0x8F, 0x21, 0x22, - 0xF4, 0x36, 0x7E, 0x0E, 0x35, 0x49, 0x92, 0x66, - 0x89, 0x92, 0x0B, 0x62, 0x37, 0xF8, 0x69, 0x82, - 0xB7, 0x0E, 0x32, 0x29, 0x5F, 0xD6, 0x44, 0x56, - 0xBB, 0x16, 0xD0, 0x8D, 0x3B, 0xE5, 0xC2, 0xB5, - 0xCE, 0x99, 0x4D, 0xDD, 0x41, 0xF9, 0xE7, 0x98, - 0x14, 0xBD, 0xC5, 0x87, 0xAE, 0x8D, 0xF1, 0x25 -}; + 0xBA, 0x43, 0xE0, 0xF4, 0x0D, 0x3E, 0x50, 0x60, 0xCE, 0xC7, 0xE7, + 0x0C, 0x34, 0x8F, 0x21, 0x22, 0xF4, 0x36, 0x7E, 0x0E, 0x35, 0x49, + 0x92, 0x66, 0x89, 0x92, 0x0B, 0x62, 0x37, 0xF8, 0x69, 0x82, 0xB7, + 0x0E, 0x32, 0x29, 0x5F, 0xD6, 0x44, 0x56, 0xBB, 0x16, 0xD0, 0x8D, + 0x3B, 0xE5, 0xC2, 0xB5, 0xCE, 0x99, 0x4D, 0xDD, 0x41, 0xF9, 0xE7, + 0x98, 0x14, 0xBD, 0xC5, 0x87, 0xAE, 0x8D, 0xF1, 0x25}; /* 1.2.643.7.1.2.1.1.1 - szOID_tc26_gost_3410_12_256_paramSetA */ const uint8_t data_tc26_gost_3410_12_256_setA[] = { - 0xBF, 0xA5, 0x7B, 0x70, 0x8F, 0x4D, 0xDE, 0x9A, - 0x38, 0x5A, 0x4A, 0xA5, 0xD9, 0xDB, 0x84, 0x6A, - 0x23, 0xD8, 0xB4, 0x73, 0x1E, 0x9A, 0x55, 0x42, - 0x32, 0x85, 0x28, 0xE8, 0x2B, 0x0D, 0x83, 0x0E, - 0x06, 0xBF, 0x46, 0x99, 0x38, 0xDF, 0xB4, 0xFA, - 0x08, 0x0D, 0x5B, 0x20, 0xEC, 0x0D, 0xD9, 0x7F, - 0x7C, 0x69, 0x51, 0xDA, 0xA5, 0x50, 0x2A, 0x65, - 0xFD, 0xB1, 0x1F, 0x88, 0xCB, 0xA6, 0xE2, 0x61 -}; + 0xBF, 0xA5, 0x7B, 0x70, 0x8F, 0x4D, 0xDE, 0x9A, 0x38, 0x5A, 0x4A, + 0xA5, 0xD9, 0xDB, 0x84, 0x6A, 0x23, 0xD8, 0xB4, 0x73, 0x1E, 0x9A, + 0x55, 0x42, 0x32, 0x85, 0x28, 0xE8, 0x2B, 0x0D, 0x83, 0x0E, 0x06, + 0xBF, 0x46, 0x99, 0x38, 0xDF, 0xB4, 0xFA, 0x08, 0x0D, 0x5B, 0x20, + 0xEC, 0x0D, 0xD9, 0x7F, 0x7C, 0x69, 0x51, 0xDA, 0xA5, 0x50, 0x2A, + 0x65, 0xFD, 0xB1, 0x1F, 0x88, 0xCB, 0xA6, 0xE2, 0x61}; const uint8_t hash_tc26_gost_3410_12_256_setA[] = { - 0xFD, 0x39, 0xEA, 0x88, 0x90, 0x89, 0xD8, 0x1E, - 0xE2, 0x49, 0x11, 0xDB, 0x51, 0x71, 0x48, 0x0A, - 0xD7, 0x27, 0xCC, 0xBA, 0xD2, 0x19, 0xF4, 0x9E, - 0x98, 0xC6, 0x3D, 0x1F, 0xB5, 0x7C, 0x24, 0x2F -}; + 0xFD, 0x39, 0xEA, 0x88, 0x90, 0x89, 0xD8, 0x1E, 0xE2, 0x49, 0x11, + 0xDB, 0x51, 0x71, 0x48, 0x0A, 0xD7, 0x27, 0xCC, 0xBA, 0xD2, 0x19, + 0xF4, 0x9E, 0x98, 0xC6, 0x3D, 0x1F, 0xB5, 0x7C, 0x24, 0x2F}; const uint8_t signature_tc26_gost_3410_12_256_setA[] = { - 0x0D, 0xC4, 0xCA, 0x98, 0x2B, 0x15, 0x51, 0xD4, - 0x74, 0x36, 0x24, 0x10, 0xEA, 0x21, 0x2D, 0x8E, - 0xBB, 0x6C, 0xBB, 0x5E, 0xE5, 0x26, 0x76, 0x3D, - 0x88, 0x62, 0xC5, 0x2B, 0x5F, 0x93, 0xF9, 0x01, - 0x46, 0x49, 0xD6, 0x0F, 0x30, 0x44, 0x45, 0x55, - 0x0B, 0xC6, 0x63, 0x60, 0x20, 0x26, 0x09, 0x08, - 0x85, 0x2E, 0x16, 0xBE, 0x14, 0x46, 0x31, 0x89, - 0xA6, 0xD3, 0x52, 0xBA, 0xD5, 0x51, 0x69, 0x24 -}; + 0x0D, 0xC4, 0xCA, 0x98, 0x2B, 0x15, 0x51, 0xD4, 0x74, 0x36, 0x24, + 0x10, 0xEA, 0x21, 0x2D, 0x8E, 0xBB, 0x6C, 0xBB, 0x5E, 0xE5, 0x26, + 0x76, 0x3D, 0x88, 0x62, 0xC5, 0x2B, 0x5F, 0x93, 0xF9, 0x01, 0x46, + 0x49, 0xD6, 0x0F, 0x30, 0x44, 0x45, 0x55, 0x0B, 0xC6, 0x63, 0x60, + 0x20, 0x26, 0x09, 0x08, 0x85, 0x2E, 0x16, 0xBE, 0x14, 0x46, 0x31, + 0x89, 0xA6, 0xD3, 0x52, 0xBA, 0xD5, 0x51, 0x69, 0x24}; const uint8_t pubkey_tc26_gost_3410_12_256_setA[] = { - 0x3B, 0x8A, 0x6A, 0x5E, 0xFE, 0x62, 0x30, 0x31, - 0x3A, 0x34, 0x9A, 0x6A, 0xF0, 0xC4, 0x92, 0x4E, - 0xF4, 0xF8, 0x0E, 0xF6, 0xE1, 0xF2, 0x3F, 0xE1, - 0x9A, 0xA9, 0x7A, 0x77, 0x97, 0x3A, 0x11, 0xE8, - 0xD2, 0xA8, 0x5F, 0xD1, 0x49, 0xE0, 0xBD, 0xAB, - 0x28, 0xD5, 0x2B, 0x02, 0x06, 0x99, 0x8E, 0x7E, - 0xFF, 0xDB, 0x2A, 0xDE, 0x92, 0x11, 0x34, 0x5D, - 0xCF, 0x40, 0xEE, 0x0B, 0xD0, 0x61, 0x89, 0x75 -}; + 0x3B, 0x8A, 0x6A, 0x5E, 0xFE, 0x62, 0x30, 0x31, 0x3A, 0x34, 0x9A, + 0x6A, 0xF0, 0xC4, 0x92, 0x4E, 0xF4, 0xF8, 0x0E, 0xF6, 0xE1, 0xF2, + 0x3F, 0xE1, 0x9A, 0xA9, 0x7A, 0x77, 0x97, 0x3A, 0x11, 0xE8, 0xD2, + 0xA8, 0x5F, 0xD1, 0x49, 0xE0, 0xBD, 0xAB, 0x28, 0xD5, 0x2B, 0x02, + 0x06, 0x99, 0x8E, 0x7E, 0xFF, 0xDB, 0x2A, 0xDE, 0x92, 0x11, 0x34, + 0x5D, 0xCF, 0x40, 0xEE, 0x0B, 0xD0, 0x61, 0x89, 0x75}; /* 1.2.643.7.1.2.1.2.1 - szOID_tc26_gost_3410_12_512_paramSetA */ const uint8_t data_tc26_gost_3410_12_512_setA[] = { - 0xEF, 0x15, 0x1E, 0x5B, 0xE9, 0x52, 0x35, 0x84, - 0x17, 0x07, 0x4B, 0xBD, 0x10, 0xEA, 0x7D, 0x77, - 0x1E, 0xBF, 0x95, 0x55, 0xA4, 0x2A, 0x8F, 0xA7, - 0xFF, 0x3F, 0xEC, 0x8F, 0xA2, 0x3C, 0x90, 0x65, - 0x4A, 0xB8, 0x59, 0x31, 0xE1, 0x97, 0xD5, 0xC4, - 0x26, 0x49, 0xCE, 0x81, 0x53, 0xBE, 0x79, 0xF7, - 0xA1, 0xB2, 0xE0, 0x7D, 0x44, 0xA4, 0x74, 0x64, - 0xB0, 0x09, 0x62, 0x35, 0xC5, 0x50, 0x7F, 0x36 -}; + 0xEF, 0x15, 0x1E, 0x5B, 0xE9, 0x52, 0x35, 0x84, 0x17, 0x07, 0x4B, + 0xBD, 0x10, 0xEA, 0x7D, 0x77, 0x1E, 0xBF, 0x95, 0x55, 0xA4, 0x2A, + 0x8F, 0xA7, 0xFF, 0x3F, 0xEC, 0x8F, 0xA2, 0x3C, 0x90, 0x65, 0x4A, + 0xB8, 0x59, 0x31, 0xE1, 0x97, 0xD5, 0xC4, 0x26, 0x49, 0xCE, 0x81, + 0x53, 0xBE, 0x79, 0xF7, 0xA1, 0xB2, 0xE0, 0x7D, 0x44, 0xA4, 0x74, + 0x64, 0xB0, 0x09, 0x62, 0x35, 0xC5, 0x50, 0x7F, 0x36}; const uint8_t hash_tc26_gost_3410_12_512_setA[] = { - 0xE9, 0x25, 0x04, 0x72, 0x12, 0xC3, 0x82, 0x06, - 0x00, 0xB6, 0x76, 0xF4, 0x4D, 0x71, 0xE4, 0x42, - 0x49, 0x3E, 0x57, 0x23, 0xBF, 0xBD, 0xBF, 0x94, - 0x7C, 0x0E, 0x2D, 0xAA, 0x48, 0x36, 0xF5, 0x9A, - 0x4D, 0x66, 0x02, 0x42, 0x0E, 0xCC, 0x94, 0xDF, - 0x7D, 0x21, 0xF8, 0x69, 0x1D, 0xFD, 0x45, 0x56, - 0x42, 0x4C, 0x69, 0x17, 0x8E, 0x21, 0xBE, 0x4F, - 0x2C, 0xC8, 0x61, 0xDB, 0xA7, 0x24, 0xEC, 0x48 -}; + 0xE9, 0x25, 0x04, 0x72, 0x12, 0xC3, 0x82, 0x06, 0x00, 0xB6, 0x76, + 0xF4, 0x4D, 0x71, 0xE4, 0x42, 0x49, 0x3E, 0x57, 0x23, 0xBF, 0xBD, + 0xBF, 0x94, 0x7C, 0x0E, 0x2D, 0xAA, 0x48, 0x36, 0xF5, 0x9A, 0x4D, + 0x66, 0x02, 0x42, 0x0E, 0xCC, 0x94, 0xDF, 0x7D, 0x21, 0xF8, 0x69, + 0x1D, 0xFD, 0x45, 0x56, 0x42, 0x4C, 0x69, 0x17, 0x8E, 0x21, 0xBE, + 0x4F, 0x2C, 0xC8, 0x61, 0xDB, 0xA7, 0x24, 0xEC, 0x48}; const uint8_t signature_tc26_gost_3410_12_512_setA[] = { - 0xC3, 0xE5, 0xFA, 0xE8, 0x5F, 0x35, 0x88, 0x13, - 0x49, 0x22, 0xC2, 0x1D, 0x5F, 0x73, 0xD4, 0x37, - 0x34, 0x1D, 0xEF, 0x56, 0x04, 0x6B, 0x17, 0x6D, - 0x00, 0x71, 0xC9, 0x14, 0xF0, 0x03, 0x3F, 0x64, - 0xCA, 0x67, 0x3A, 0x6E, 0xFE, 0x8B, 0x1D, 0x36, - 0xDD, 0x57, 0xE3, 0x28, 0x74, 0x64, 0xF1, 0xD0, - 0x89, 0x9A, 0x9B, 0xDD, 0xF6, 0xBB, 0x9B, 0x58, - 0xA4, 0x8F, 0x56, 0xB5, 0xDE, 0xF9, 0x9E, 0x70, - 0x62, 0xC8, 0xF3, 0x19, 0xE3, 0x4B, 0x73, 0x0F, - 0x95, 0x5D, 0x20, 0x97, 0x74, 0x5C, 0xAA, 0x02, - 0xB7, 0xFA, 0xFD, 0x33, 0xD5, 0xBC, 0xE4, 0xDD, - 0x9A, 0x66, 0x98, 0xEB, 0xE9, 0x51, 0x03, 0x66, - 0x25, 0x10, 0xF5, 0x8F, 0xB4, 0x45, 0x4F, 0xB5, - 0x3A, 0x61, 0x56, 0xCF, 0x8C, 0x1E, 0xD8, 0xAF, - 0x4B, 0xEC, 0x54, 0xDB, 0x43, 0x4E, 0xD6, 0x55, - 0x3F, 0xA3, 0x45, 0x15, 0x06, 0x74, 0xFA, 0x6C -}; + 0xC3, 0xE5, 0xFA, 0xE8, 0x5F, 0x35, 0x88, 0x13, 0x49, 0x22, 0xC2, 0x1D, + 0x5F, 0x73, 0xD4, 0x37, 0x34, 0x1D, 0xEF, 0x56, 0x04, 0x6B, 0x17, 0x6D, + 0x00, 0x71, 0xC9, 0x14, 0xF0, 0x03, 0x3F, 0x64, 0xCA, 0x67, 0x3A, 0x6E, + 0xFE, 0x8B, 0x1D, 0x36, 0xDD, 0x57, 0xE3, 0x28, 0x74, 0x64, 0xF1, 0xD0, + 0x89, 0x9A, 0x9B, 0xDD, 0xF6, 0xBB, 0x9B, 0x58, 0xA4, 0x8F, 0x56, 0xB5, + 0xDE, 0xF9, 0x9E, 0x70, 0x62, 0xC8, 0xF3, 0x19, 0xE3, 0x4B, 0x73, 0x0F, + 0x95, 0x5D, 0x20, 0x97, 0x74, 0x5C, 0xAA, 0x02, 0xB7, 0xFA, 0xFD, 0x33, + 0xD5, 0xBC, 0xE4, 0xDD, 0x9A, 0x66, 0x98, 0xEB, 0xE9, 0x51, 0x03, 0x66, + 0x25, 0x10, 0xF5, 0x8F, 0xB4, 0x45, 0x4F, 0xB5, 0x3A, 0x61, 0x56, 0xCF, + 0x8C, 0x1E, 0xD8, 0xAF, 0x4B, 0xEC, 0x54, 0xDB, 0x43, 0x4E, 0xD6, 0x55, + 0x3F, 0xA3, 0x45, 0x15, 0x06, 0x74, 0xFA, 0x6C}; const uint8_t pubkey_tc26_gost_3410_12_512_setA[] = { - 0xB2, 0xBF, 0x45, 0x23, 0x00, 0x57, 0x70, 0xAE, - 0xAB, 0x5B, 0x63, 0xEC, 0xA8, 0x5F, 0xCF, 0xD0, - 0xBA, 0x88, 0x64, 0x79, 0x3D, 0xB6, 0x70, 0x88, - 0xE8, 0xD8, 0xA4, 0x95, 0x9E, 0xB9, 0x78, 0x73, - 0x9F, 0x0A, 0x34, 0x74, 0xED, 0xFF, 0xB9, 0x7E, - 0x34, 0x1B, 0xE0, 0x2A, 0xE2, 0xD8, 0x07, 0xE9, - 0xC2, 0xD2, 0x84, 0x39, 0x9E, 0x36, 0x0F, 0x7A, - 0xE2, 0x56, 0x2A, 0x81, 0x6C, 0x94, 0x9D, 0x5E, - 0x6E, 0x68, 0x94, 0xFD, 0x75, 0x14, 0xE5, 0x07, - 0xED, 0x45, 0x2B, 0x07, 0xE1, 0xB2, 0x79, 0x2A, - 0x21, 0x34, 0x21, 0x95, 0x02, 0xF2, 0xAF, 0xDC, - 0x8A, 0xD7, 0xA3, 0x72, 0x4C, 0x02, 0xA2, 0xF8, - 0x59, 0xE2, 0x91, 0x58, 0x01, 0x1D, 0x55, 0xC6, - 0xEC, 0x73, 0xEA, 0x44, 0x5B, 0x35, 0x08, 0x5C, - 0xAC, 0xA0, 0xB9, 0x4B, 0x28, 0xE7, 0xBD, 0x8B, - 0xB2, 0x78, 0x9B, 0x4F, 0x46, 0xC9, 0xD6, 0x84 -}; + 0xB2, 0xBF, 0x45, 0x23, 0x00, 0x57, 0x70, 0xAE, 0xAB, 0x5B, 0x63, 0xEC, + 0xA8, 0x5F, 0xCF, 0xD0, 0xBA, 0x88, 0x64, 0x79, 0x3D, 0xB6, 0x70, 0x88, + 0xE8, 0xD8, 0xA4, 0x95, 0x9E, 0xB9, 0x78, 0x73, 0x9F, 0x0A, 0x34, 0x74, + 0xED, 0xFF, 0xB9, 0x7E, 0x34, 0x1B, 0xE0, 0x2A, 0xE2, 0xD8, 0x07, 0xE9, + 0xC2, 0xD2, 0x84, 0x39, 0x9E, 0x36, 0x0F, 0x7A, 0xE2, 0x56, 0x2A, 0x81, + 0x6C, 0x94, 0x9D, 0x5E, 0x6E, 0x68, 0x94, 0xFD, 0x75, 0x14, 0xE5, 0x07, + 0xED, 0x45, 0x2B, 0x07, 0xE1, 0xB2, 0x79, 0x2A, 0x21, 0x34, 0x21, 0x95, + 0x02, 0xF2, 0xAF, 0xDC, 0x8A, 0xD7, 0xA3, 0x72, 0x4C, 0x02, 0xA2, 0xF8, + 0x59, 0xE2, 0x91, 0x58, 0x01, 0x1D, 0x55, 0xC6, 0xEC, 0x73, 0xEA, 0x44, + 0x5B, 0x35, 0x08, 0x5C, 0xAC, 0xA0, 0xB9, 0x4B, 0x28, 0xE7, 0xBD, 0x8B, + 0xB2, 0x78, 0x9B, 0x4F, 0x46, 0xC9, 0xD6, 0x84}; /* 1.2.643.7.1.2.1.2.2 - szOID_tc26_gost_3410_12_512_paramSetB */ const uint8_t data_tc26_gost_3410_12_512_setB[] = { - 0x84, 0x66, 0x52, 0x16, 0xB7, 0x53, 0xC0, 0xBB, - 0xAE, 0xED, 0x2F, 0x37, 0x78, 0x43, 0x03, 0xCF, - 0x21, 0x5D, 0x36, 0x97, 0x55, 0x2B, 0x3B, 0xF3, - 0xFB, 0x9C, 0x18, 0x04, 0x81, 0x9B, 0x50, 0x9E, - 0xBE, 0xC1, 0x97, 0x53, 0xBC, 0xB1, 0x55, 0xDC, - 0x0C, 0xAB, 0x7D, 0xB3, 0x88, 0xBC, 0xB2, 0x9C, - 0x86, 0x16, 0x21, 0x0A, 0x95, 0x9F, 0x3D, 0xA6, - 0x0C, 0xB4, 0x33, 0x1B, 0x7B, 0x29, 0xA3, 0x70, - 0x1A, 0x67, 0xD1, 0xC7, 0x45, 0xE7, 0xF6, 0xC0, - 0x66 -}; + 0x84, 0x66, 0x52, 0x16, 0xB7, 0x53, 0xC0, 0xBB, 0xAE, 0xED, 0x2F, + 0x37, 0x78, 0x43, 0x03, 0xCF, 0x21, 0x5D, 0x36, 0x97, 0x55, 0x2B, + 0x3B, 0xF3, 0xFB, 0x9C, 0x18, 0x04, 0x81, 0x9B, 0x50, 0x9E, 0xBE, + 0xC1, 0x97, 0x53, 0xBC, 0xB1, 0x55, 0xDC, 0x0C, 0xAB, 0x7D, 0xB3, + 0x88, 0xBC, 0xB2, 0x9C, 0x86, 0x16, 0x21, 0x0A, 0x95, 0x9F, 0x3D, + 0xA6, 0x0C, 0xB4, 0x33, 0x1B, 0x7B, 0x29, 0xA3, 0x70, 0x1A, 0x67, + 0xD1, 0xC7, 0x45, 0xE7, 0xF6, 0xC0, 0x66}; const uint8_t hash_tc26_gost_3410_12_512_setB[] = { - 0x6A, 0x55, 0x15, 0x81, 0x50, 0x2A, 0x14, 0x22, - 0x6F, 0xD1, 0x4B, 0x50, 0xB1, 0xE2, 0x6C, 0x80, - 0xC4, 0x84, 0x21, 0xF9, 0x63, 0x46, 0xAF, 0xE8, - 0xE0, 0x2C, 0xFD, 0x41, 0x1E, 0x49, 0x01, 0x6B, - 0x00, 0x3C, 0xEB, 0x5F, 0x6B, 0x34, 0xA9, 0x93, - 0x2D, 0x86, 0x2F, 0xEA, 0x58, 0x83, 0x81, 0x51, - 0xF7, 0xA2, 0xCC, 0x0F, 0xAE, 0xAD, 0x40, 0x65, - 0x82, 0xC6, 0x53, 0x05, 0xAE, 0xEB, 0x22, 0xB8 -}; + 0x6A, 0x55, 0x15, 0x81, 0x50, 0x2A, 0x14, 0x22, 0x6F, 0xD1, 0x4B, + 0x50, 0xB1, 0xE2, 0x6C, 0x80, 0xC4, 0x84, 0x21, 0xF9, 0x63, 0x46, + 0xAF, 0xE8, 0xE0, 0x2C, 0xFD, 0x41, 0x1E, 0x49, 0x01, 0x6B, 0x00, + 0x3C, 0xEB, 0x5F, 0x6B, 0x34, 0xA9, 0x93, 0x2D, 0x86, 0x2F, 0xEA, + 0x58, 0x83, 0x81, 0x51, 0xF7, 0xA2, 0xCC, 0x0F, 0xAE, 0xAD, 0x40, + 0x65, 0x82, 0xC6, 0x53, 0x05, 0xAE, 0xEB, 0x22, 0xB8}; const uint8_t signature_tc26_gost_3410_12_512_setB[] = { - 0x15, 0xFD, 0xD4, 0x3B, 0x57, 0x5A, 0x97, 0x4E, - 0x0D, 0xE6, 0xBC, 0xB5, 0x1F, 0x91, 0x3F, 0x8B, - 0xEE, 0xE9, 0x88, 0xF3, 0x94, 0x3D, 0xB6, 0x09, - 0x6B, 0xD6, 0xBA, 0x85, 0x42, 0xE8, 0xF4, 0xCE, - 0x0D, 0xF5, 0x8D, 0xD1, 0xAF, 0xC9, 0xC4, 0xA7, - 0x82, 0x3E, 0xBB, 0x7F, 0x72, 0x50, 0xF5, 0x36, - 0x06, 0x54, 0x10, 0x31, 0x89, 0xA9, 0x80, 0x1A, - 0x55, 0x48, 0xB7, 0xEA, 0xB3, 0xAE, 0x77, 0x4E, - 0xC1, 0x45, 0x52, 0xDD, 0xBF, 0xA9, 0x8E, 0x02, - 0x10, 0x80, 0x8F, 0x9C, 0xD1, 0x85, 0x36, 0xBA, - 0x7C, 0x20, 0x86, 0x2E, 0xDB, 0x25, 0x0C, 0x1B, - 0x53, 0xBA, 0x26, 0x39, 0xE0, 0xD4, 0xE6, 0xE7, - 0x4B, 0xA1, 0x02, 0x7D, 0xD4, 0x74, 0x6B, 0x6E, - 0x82, 0xDD, 0x92, 0xA2, 0xA4, 0xBA, 0xD4, 0xB6, - 0xF9, 0x57, 0x57, 0x67, 0xB6, 0x5A, 0xA2, 0x72, - 0x96, 0xEA, 0xE9, 0x2E, 0xA9, 0x11, 0x73, 0x27 -}; + 0x15, 0xFD, 0xD4, 0x3B, 0x57, 0x5A, 0x97, 0x4E, 0x0D, 0xE6, 0xBC, 0xB5, + 0x1F, 0x91, 0x3F, 0x8B, 0xEE, 0xE9, 0x88, 0xF3, 0x94, 0x3D, 0xB6, 0x09, + 0x6B, 0xD6, 0xBA, 0x85, 0x42, 0xE8, 0xF4, 0xCE, 0x0D, 0xF5, 0x8D, 0xD1, + 0xAF, 0xC9, 0xC4, 0xA7, 0x82, 0x3E, 0xBB, 0x7F, 0x72, 0x50, 0xF5, 0x36, + 0x06, 0x54, 0x10, 0x31, 0x89, 0xA9, 0x80, 0x1A, 0x55, 0x48, 0xB7, 0xEA, + 0xB3, 0xAE, 0x77, 0x4E, 0xC1, 0x45, 0x52, 0xDD, 0xBF, 0xA9, 0x8E, 0x02, + 0x10, 0x80, 0x8F, 0x9C, 0xD1, 0x85, 0x36, 0xBA, 0x7C, 0x20, 0x86, 0x2E, + 0xDB, 0x25, 0x0C, 0x1B, 0x53, 0xBA, 0x26, 0x39, 0xE0, 0xD4, 0xE6, 0xE7, + 0x4B, 0xA1, 0x02, 0x7D, 0xD4, 0x74, 0x6B, 0x6E, 0x82, 0xDD, 0x92, 0xA2, + 0xA4, 0xBA, 0xD4, 0xB6, 0xF9, 0x57, 0x57, 0x67, 0xB6, 0x5A, 0xA2, 0x72, + 0x96, 0xEA, 0xE9, 0x2E, 0xA9, 0x11, 0x73, 0x27}; const uint8_t pubkey_tc26_gost_3410_12_512_setB[] = { - 0x86, 0x97, 0xE7, 0x19, 0x03, 0x5E, 0x54, 0xA6, - 0xE8, 0x7A, 0xEE, 0xD5, 0x76, 0xC4, 0xC4, 0x72, - 0x4A, 0x59, 0x55, 0xEB, 0x72, 0xF7, 0xE0, 0x62, - 0xB1, 0x0D, 0x1B, 0x79, 0x32, 0x72, 0x83, 0x0D, - 0x1F, 0x7B, 0x74, 0x12, 0x29, 0x20, 0xFD, 0x23, - 0xAA, 0x8C, 0x77, 0xA1, 0x23, 0x38, 0x7F, 0x73, - 0x07, 0x94, 0x8A, 0x34, 0x46, 0xDB, 0x7C, 0xFB, - 0x46, 0xF0, 0x63, 0xE9, 0xD3, 0xAF, 0xC8, 0x4B, - 0x78, 0x65, 0x99, 0xAE, 0x71, 0x7F, 0x45, 0xF8, - 0x7C, 0xF3, 0x0A, 0x2F, 0x97, 0xEB, 0x85, 0x1A, - 0x22, 0x67, 0x65, 0x78, 0xA5, 0xF8, 0xF2, 0x8C, - 0xE8, 0xF5, 0x9B, 0x75, 0xA8, 0x3D, 0x81, 0xC1, - 0x7F, 0x69, 0x23, 0x94, 0xDE, 0x89, 0xFC, 0x65, - 0xB3, 0xFE, 0x18, 0x91, 0xC0, 0x03, 0xBE, 0xDA, - 0xC8, 0x7D, 0x48, 0x12, 0x4F, 0x75, 0xC5, 0xAE, - 0xB4, 0x50, 0xA0, 0xFC, 0x27, 0xC1, 0xE7, 0x00 -}; + 0x86, 0x97, 0xE7, 0x19, 0x03, 0x5E, 0x54, 0xA6, 0xE8, 0x7A, 0xEE, 0xD5, + 0x76, 0xC4, 0xC4, 0x72, 0x4A, 0x59, 0x55, 0xEB, 0x72, 0xF7, 0xE0, 0x62, + 0xB1, 0x0D, 0x1B, 0x79, 0x32, 0x72, 0x83, 0x0D, 0x1F, 0x7B, 0x74, 0x12, + 0x29, 0x20, 0xFD, 0x23, 0xAA, 0x8C, 0x77, 0xA1, 0x23, 0x38, 0x7F, 0x73, + 0x07, 0x94, 0x8A, 0x34, 0x46, 0xDB, 0x7C, 0xFB, 0x46, 0xF0, 0x63, 0xE9, + 0xD3, 0xAF, 0xC8, 0x4B, 0x78, 0x65, 0x99, 0xAE, 0x71, 0x7F, 0x45, 0xF8, + 0x7C, 0xF3, 0x0A, 0x2F, 0x97, 0xEB, 0x85, 0x1A, 0x22, 0x67, 0x65, 0x78, + 0xA5, 0xF8, 0xF2, 0x8C, 0xE8, 0xF5, 0x9B, 0x75, 0xA8, 0x3D, 0x81, 0xC1, + 0x7F, 0x69, 0x23, 0x94, 0xDE, 0x89, 0xFC, 0x65, 0xB3, 0xFE, 0x18, 0x91, + 0xC0, 0x03, 0xBE, 0xDA, 0xC8, 0x7D, 0x48, 0x12, 0x4F, 0x75, 0xC5, 0xAE, + 0xB4, 0x50, 0xA0, 0xFC, 0x27, 0xC1, 0xE7, 0x00}; /* 1.2.643.7.1.2.1.2.3 - szOID_tc26_gost_3410_12_512_paramSetC */ const uint8_t data_tc26_gost_3410_12_512_setC[] = { - 0x40, 0xE2, 0xDD, 0x43, 0xF9, 0x59, 0x3C, 0xDC, - 0x9C, 0x8F, 0x2E, 0xBF, 0xA8, 0x0B, 0x2D, 0xD4, - 0xB5, 0x00, 0x56, 0x93, 0xFC, 0xCE, 0x73, 0x5B, - 0x99, 0x66, 0x24, 0x0A, 0x76, 0x52, 0x2E, 0xBC, - 0xBE, 0xEA, 0x8A, 0x52, 0xFC, 0x95, 0x02, 0x8F, - 0xB9, 0x8E, 0x23, 0x00, 0x47, 0x40, 0x28, 0xE4, - 0x92, 0x9C, 0x19, 0x99, 0xBD, 0x98, 0xF5, 0x3A, - 0xA0, 0xBE, 0xFB, 0xC7, 0xC1, 0xE3, 0x98, 0x6B, - 0x8D, 0x2F, 0x5A, 0x85, 0xB9, 0x46, 0x90, 0x83, - 0x6D -}; + 0x40, 0xE2, 0xDD, 0x43, 0xF9, 0x59, 0x3C, 0xDC, 0x9C, 0x8F, 0x2E, + 0xBF, 0xA8, 0x0B, 0x2D, 0xD4, 0xB5, 0x00, 0x56, 0x93, 0xFC, 0xCE, + 0x73, 0x5B, 0x99, 0x66, 0x24, 0x0A, 0x76, 0x52, 0x2E, 0xBC, 0xBE, + 0xEA, 0x8A, 0x52, 0xFC, 0x95, 0x02, 0x8F, 0xB9, 0x8E, 0x23, 0x00, + 0x47, 0x40, 0x28, 0xE4, 0x92, 0x9C, 0x19, 0x99, 0xBD, 0x98, 0xF5, + 0x3A, 0xA0, 0xBE, 0xFB, 0xC7, 0xC1, 0xE3, 0x98, 0x6B, 0x8D, 0x2F, + 0x5A, 0x85, 0xB9, 0x46, 0x90, 0x83, 0x6D}; const uint8_t hash_tc26_gost_3410_12_512_setC[] = { - 0xBD, 0x82, 0xF1, 0x34, 0x33, 0x74, 0x9C, 0xC2, - 0x9E, 0x95, 0x67, 0x57, 0x2C, 0x6D, 0x83, 0x3D, - 0xFD, 0xBD, 0x7C, 0xD7, 0xAA, 0xE7, 0x28, 0xF9, - 0x81, 0xB9, 0xCF, 0xAE, 0x4A, 0xAA, 0x17, 0x7D, - 0x84, 0x79, 0x25, 0xC5, 0x66, 0xAA, 0x9E, 0x28, - 0x66, 0x41, 0x95, 0xC4, 0xFF, 0xF6, 0x72, 0xEF, - 0x0E, 0x08, 0xC6, 0x0B, 0x2E, 0x0F, 0xCB, 0xC6, - 0x96, 0x4A, 0x77, 0x0D, 0x14, 0xE5, 0x35, 0xC0 -}; + 0xBD, 0x82, 0xF1, 0x34, 0x33, 0x74, 0x9C, 0xC2, 0x9E, 0x95, 0x67, + 0x57, 0x2C, 0x6D, 0x83, 0x3D, 0xFD, 0xBD, 0x7C, 0xD7, 0xAA, 0xE7, + 0x28, 0xF9, 0x81, 0xB9, 0xCF, 0xAE, 0x4A, 0xAA, 0x17, 0x7D, 0x84, + 0x79, 0x25, 0xC5, 0x66, 0xAA, 0x9E, 0x28, 0x66, 0x41, 0x95, 0xC4, + 0xFF, 0xF6, 0x72, 0xEF, 0x0E, 0x08, 0xC6, 0x0B, 0x2E, 0x0F, 0xCB, + 0xC6, 0x96, 0x4A, 0x77, 0x0D, 0x14, 0xE5, 0x35, 0xC0}; const uint8_t signature_tc26_gost_3410_12_512_setC[] = { - 0x35, 0x1E, 0x65, 0xAE, 0x90, 0xB0, 0x05, 0x04, - 0x02, 0xF5, 0x22, 0xAC, 0xE4, 0x5D, 0x8C, 0x35, - 0x17, 0x2B, 0xFF, 0xD7, 0xCA, 0x95, 0x0E, 0xF9, - 0x85, 0x2A, 0xD0, 0xA0, 0xE1, 0x04, 0x43, 0xCA, - 0x70, 0x9A, 0xDF, 0x35, 0xD7, 0xD8, 0x8D, 0xC2, - 0x78, 0x84, 0x4C, 0xCF, 0x58, 0x25, 0x9C, 0xD2, - 0x40, 0x5A, 0xEC, 0xB3, 0x9A, 0x77, 0x6B, 0x4F, - 0x63, 0x26, 0xDD, 0xB2, 0x19, 0x8E, 0x9C, 0x39, - 0x09, 0x55, 0x72, 0xD6, 0xDD, 0x69, 0x90, 0x1E, - 0xB6, 0x1D, 0x36, 0x97, 0x49, 0x98, 0x99, 0x67, - 0x4A, 0x3B, 0xCD, 0x2D, 0xEB, 0x32, 0xCA, 0x44, - 0x4F, 0xB6, 0xC0, 0x9C, 0x4B, 0xF9, 0x18, 0x2E, - 0x42, 0xAF, 0x8B, 0xE4, 0x45, 0xE8, 0x45, 0xEF, - 0xF4, 0x10, 0x96, 0xF4, 0x16, 0xCA, 0xEB, 0xD1, - 0x72, 0xCC, 0x32, 0x28, 0xA8, 0x46, 0x03, 0x34, - 0x65, 0x3E, 0x47, 0xB2, 0xC3, 0x99, 0xE2, 0x36 -}; + 0x35, 0x1E, 0x65, 0xAE, 0x90, 0xB0, 0x05, 0x04, 0x02, 0xF5, 0x22, 0xAC, + 0xE4, 0x5D, 0x8C, 0x35, 0x17, 0x2B, 0xFF, 0xD7, 0xCA, 0x95, 0x0E, 0xF9, + 0x85, 0x2A, 0xD0, 0xA0, 0xE1, 0x04, 0x43, 0xCA, 0x70, 0x9A, 0xDF, 0x35, + 0xD7, 0xD8, 0x8D, 0xC2, 0x78, 0x84, 0x4C, 0xCF, 0x58, 0x25, 0x9C, 0xD2, + 0x40, 0x5A, 0xEC, 0xB3, 0x9A, 0x77, 0x6B, 0x4F, 0x63, 0x26, 0xDD, 0xB2, + 0x19, 0x8E, 0x9C, 0x39, 0x09, 0x55, 0x72, 0xD6, 0xDD, 0x69, 0x90, 0x1E, + 0xB6, 0x1D, 0x36, 0x97, 0x49, 0x98, 0x99, 0x67, 0x4A, 0x3B, 0xCD, 0x2D, + 0xEB, 0x32, 0xCA, 0x44, 0x4F, 0xB6, 0xC0, 0x9C, 0x4B, 0xF9, 0x18, 0x2E, + 0x42, 0xAF, 0x8B, 0xE4, 0x45, 0xE8, 0x45, 0xEF, 0xF4, 0x10, 0x96, 0xF4, + 0x16, 0xCA, 0xEB, 0xD1, 0x72, 0xCC, 0x32, 0x28, 0xA8, 0x46, 0x03, 0x34, + 0x65, 0x3E, 0x47, 0xB2, 0xC3, 0x99, 0xE2, 0x36}; const uint8_t pubkey_tc26_gost_3410_12_512_setC[] = { - 0xA9, 0x85, 0x17, 0xF7, 0xFE, 0x1C, 0x43, 0x8A, - 0xBE, 0xDE, 0x79, 0xE8, 0x62, 0xFE, 0x51, 0x0E, - 0xA7, 0xEA, 0x05, 0x46, 0x34, 0xD9, 0x54, 0x5B, - 0xFD, 0xB4, 0xC5, 0xCB, 0xA6, 0x9C, 0xFC, 0x90, - 0x4B, 0x59, 0x14, 0xA1, 0xE7, 0x2A, 0xDE, 0x2B, - 0xB8, 0x86, 0x9E, 0xB5, 0xDB, 0xB3, 0xD3, 0xD7, - 0x95, 0x88, 0xCB, 0xEE, 0x33, 0x20, 0x82, 0xB2, - 0xAC, 0xBF, 0x79, 0xDF, 0x2E, 0x88, 0xF0, 0x5A, - 0x62, 0x90, 0x26, 0x52, 0xAD, 0x64, 0x67, 0x36, - 0x1B, 0xE6, 0xCA, 0x57, 0x09, 0xEF, 0xF5, 0x56, - 0x0E, 0x32, 0xDF, 0xB4, 0x6C, 0xC8, 0xA8, 0xBB, - 0xCB, 0x4C, 0xB4, 0xBA, 0x63, 0x41, 0xBA, 0x1D, - 0xAB, 0xB0, 0x12, 0x82, 0xFD, 0x50, 0x37, 0xDB, - 0x69, 0x08, 0xF2, 0x7D, 0x9E, 0xC0, 0xF7, 0xA6, - 0xE9, 0x50, 0x26, 0x94, 0x88, 0x08, 0x5E, 0xDD, - 0x34, 0xC5, 0xC1, 0x9D, 0x50, 0x50, 0x4A, 0xAE -}; + 0xA9, 0x85, 0x17, 0xF7, 0xFE, 0x1C, 0x43, 0x8A, 0xBE, 0xDE, 0x79, 0xE8, + 0x62, 0xFE, 0x51, 0x0E, 0xA7, 0xEA, 0x05, 0x46, 0x34, 0xD9, 0x54, 0x5B, + 0xFD, 0xB4, 0xC5, 0xCB, 0xA6, 0x9C, 0xFC, 0x90, 0x4B, 0x59, 0x14, 0xA1, + 0xE7, 0x2A, 0xDE, 0x2B, 0xB8, 0x86, 0x9E, 0xB5, 0xDB, 0xB3, 0xD3, 0xD7, + 0x95, 0x88, 0xCB, 0xEE, 0x33, 0x20, 0x82, 0xB2, 0xAC, 0xBF, 0x79, 0xDF, + 0x2E, 0x88, 0xF0, 0x5A, 0x62, 0x90, 0x26, 0x52, 0xAD, 0x64, 0x67, 0x36, + 0x1B, 0xE6, 0xCA, 0x57, 0x09, 0xEF, 0xF5, 0x56, 0x0E, 0x32, 0xDF, 0xB4, + 0x6C, 0xC8, 0xA8, 0xBB, 0xCB, 0x4C, 0xB4, 0xBA, 0x63, 0x41, 0xBA, 0x1D, + 0xAB, 0xB0, 0x12, 0x82, 0xFD, 0x50, 0x37, 0xDB, 0x69, 0x08, 0xF2, 0x7D, + 0x9E, 0xC0, 0xF7, 0xA6, 0xE9, 0x50, 0x26, 0x94, 0x88, 0x08, 0x5E, 0xDD, + 0x34, 0xC5, 0xC1, 0x9D, 0x50, 0x50, 0x4A, 0xAE}; /* end */ static struct test_param cp_2001_256_a = { - .param = NID_id_GostR3410_2001_CryptoPro_A_ParamSet, - .len = 256 / 8, - .data = data_2001_256_setA, - .data_len = sizeof(data_2001_256_setA), - .hash = hash_2001_256_setA, - .signature = signature_2001_256_setA, - .pub_key = pubkey_2001_256_setA, + .param = NID_id_GostR3410_2001_CryptoPro_A_ParamSet, + .len = 256 / 8, + .data = data_2001_256_setA, + .data_len = sizeof(data_2001_256_setA), + .hash = hash_2001_256_setA, + .signature = signature_2001_256_setA, + .pub_key = pubkey_2001_256_setA, }; static struct test_param cp_2001_256_b = { - .param = NID_id_GostR3410_2001_CryptoPro_B_ParamSet, - .len = 256 / 8, - .data = data_2001_256_setB, - .data_len = sizeof(data_2001_256_setB), - .hash = hash_2001_256_setB, - .signature = signature_2001_256_setB, - .pub_key = pubkey_2001_256_setB, + .param = NID_id_GostR3410_2001_CryptoPro_B_ParamSet, + .len = 256 / 8, + .data = data_2001_256_setB, + .data_len = sizeof(data_2001_256_setB), + .hash = hash_2001_256_setB, + .signature = signature_2001_256_setB, + .pub_key = pubkey_2001_256_setB, }; static struct test_param cp_2001_256_c = { - .param = NID_id_GostR3410_2001_CryptoPro_C_ParamSet, - .len = 256 / 8, - .data = data_2001_256_setC, - .data_len = sizeof(data_2001_256_setC), - .hash = hash_2001_256_setC, - .signature = signature_2001_256_setC, - .pub_key = pubkey_2001_256_setC, + .param = NID_id_GostR3410_2001_CryptoPro_C_ParamSet, + .len = 256 / 8, + .data = data_2001_256_setC, + .data_len = sizeof(data_2001_256_setC), + .hash = hash_2001_256_setC, + .signature = signature_2001_256_setC, + .pub_key = pubkey_2001_256_setC, }; static struct test_param tc_2012_256_a = { - .param = NID_id_tc26_gost_3410_2012_256_paramSetA, - .len = 256 / 8, - .data = data_tc26_gost_3410_12_256_setA, - .data_len = sizeof(data_tc26_gost_3410_12_256_setA), - .hash = hash_tc26_gost_3410_12_256_setA, - .signature = signature_tc26_gost_3410_12_256_setA, - .pub_key = pubkey_tc26_gost_3410_12_256_setA, + .param = NID_id_tc26_gost_3410_2012_256_paramSetA, + .len = 256 / 8, + .data = data_tc26_gost_3410_12_256_setA, + .data_len = sizeof(data_tc26_gost_3410_12_256_setA), + .hash = hash_tc26_gost_3410_12_256_setA, + .signature = signature_tc26_gost_3410_12_256_setA, + .pub_key = pubkey_tc26_gost_3410_12_256_setA, }; static struct test_param tc_2012_512_a = { - .param = NID_id_tc26_gost_3410_2012_512_paramSetA, - .len = 512 / 8, - .data = data_tc26_gost_3410_12_512_setA, - .data_len = sizeof(data_tc26_gost_3410_12_512_setA), - .hash = hash_tc26_gost_3410_12_512_setA, - .signature = signature_tc26_gost_3410_12_512_setA, - .pub_key = pubkey_tc26_gost_3410_12_512_setA, + .param = NID_id_tc26_gost_3410_2012_512_paramSetA, + .len = 512 / 8, + .data = data_tc26_gost_3410_12_512_setA, + .data_len = sizeof(data_tc26_gost_3410_12_512_setA), + .hash = hash_tc26_gost_3410_12_512_setA, + .signature = signature_tc26_gost_3410_12_512_setA, + .pub_key = pubkey_tc26_gost_3410_12_512_setA, }; static struct test_param tc_2012_512_b = { - .param = NID_id_tc26_gost_3410_2012_512_paramSetB, - .len = 512 / 8, - .data = data_tc26_gost_3410_12_512_setB, - .data_len = sizeof(data_tc26_gost_3410_12_512_setB), - .hash = hash_tc26_gost_3410_12_512_setB, - .signature = signature_tc26_gost_3410_12_512_setB, - .pub_key = pubkey_tc26_gost_3410_12_512_setB, + .param = NID_id_tc26_gost_3410_2012_512_paramSetB, + .len = 512 / 8, + .data = data_tc26_gost_3410_12_512_setB, + .data_len = sizeof(data_tc26_gost_3410_12_512_setB), + .hash = hash_tc26_gost_3410_12_512_setB, + .signature = signature_tc26_gost_3410_12_512_setB, + .pub_key = pubkey_tc26_gost_3410_12_512_setB, }; static struct test_param tc_2012_512_c = { - .param = NID_id_tc26_gost_3410_2012_512_paramSetC, - .len = 512 / 8, - .data = data_tc26_gost_3410_12_512_setC, - .data_len = sizeof(data_tc26_gost_3410_12_512_setC), - .hash = hash_tc26_gost_3410_12_512_setC, - .signature = signature_tc26_gost_3410_12_512_setC, - .pub_key = pubkey_tc26_gost_3410_12_512_setC, + .param = NID_id_tc26_gost_3410_2012_512_paramSetC, + .len = 512 / 8, + .data = data_tc26_gost_3410_12_512_setC, + .data_len = sizeof(data_tc26_gost_3410_12_512_setC), + .hash = hash_tc26_gost_3410_12_512_setC, + .signature = signature_tc26_gost_3410_12_512_setC, + .pub_key = pubkey_tc26_gost_3410_12_512_setC, }; static struct test_param *test_params[] = { - &cp_2001_256_a, - &cp_2001_256_b, - &cp_2001_256_c, - &tc_2012_256_a, - &tc_2012_512_a, - &tc_2012_512_b, - &tc_2012_512_c, - 0, + &cp_2001_256_a, &cp_2001_256_b, &cp_2001_256_c, &tc_2012_256_a, + &tc_2012_512_a, &tc_2012_512_b, &tc_2012_512_c, 0, }; /* @@ -521,8 +427,7 @@ unsigned char short_cp_a_cer[] = { 0x9f, 0x7b, 0xb9, 0x01, 0xc0, 0x13, 0x07, 0xbe, 0x40, 0x86, 0x96, 0x05, 0xfe, 0x35, 0xc2, 0xe4, 0xa3, 0xb4, 0xe5, 0x3f, 0xff, 0x25, 0x95, 0x21, 0x97, 0x14, 0x94, 0x03, 0x3a, 0x93, 0xdb, 0xec, 0xf1, 0xd5, 0x8b, 0xf8, - 0xcc, 0x85, 0xd4, 0xe3, 0x12, 0xea, 0x70, 0x38, 0xcf, 0x21, 0xd2 -}; + 0xcc, 0x85, 0xd4, 0xe3, 0x12, 0xea, 0x70, 0x38, 0xcf, 0x21, 0xd2}; unsigned char short_cp_b_cer[] = { 0x30, 0x82, 0x01, 0x57, 0x30, 0x82, 0x01, 0x04, 0xa0, 0x03, 0x02, 0x01, @@ -553,8 +458,7 @@ unsigned char short_cp_b_cer[] = { 0x5f, 0x5d, 0x48, 0x24, 0x07, 0x15, 0x8a, 0xf7, 0x0d, 0xb3, 0x97, 0x86, 0x55, 0xb3, 0xed, 0x57, 0x7b, 0xf2, 0x67, 0xef, 0x97, 0xd8, 0x8f, 0xc6, 0xb7, 0xcd, 0x98, 0x51, 0x48, 0xc5, 0x76, 0xf1, 0x48, 0x17, 0x1e, 0xcd, - 0x48, 0x4f, 0xd8, 0xe8, 0x5d, 0x2c, 0xa8, 0xc0, 0x45, 0xdf, 0x2d -}; + 0x48, 0x4f, 0xd8, 0xe8, 0x5d, 0x2c, 0xa8, 0xc0, 0x45, 0xdf, 0x2d}; unsigned char short_cp_c_cer[] = { 0x30, 0x82, 0x01, 0x57, 0x30, 0x82, 0x01, 0x04, 0xa0, 0x03, 0x02, 0x01, @@ -585,8 +489,7 @@ unsigned char short_cp_c_cer[] = { 0x2b, 0x58, 0x4e, 0x5b, 0x65, 0x34, 0xcb, 0x64, 0xc9, 0x72, 0xaf, 0xb7, 0xbe, 0x63, 0x6a, 0x51, 0x9a, 0x0b, 0xac, 0x09, 0xc3, 0x9e, 0xb9, 0xbe, 0x06, 0x5f, 0xe5, 0x30, 0x66, 0x20, 0xa2, 0x61, 0xe7, 0x93, 0x13, 0x6e, - 0xca, 0x0c, 0xbc, 0x3f, 0x49, 0x9f, 0x37, 0xef, 0x5d, 0xed, 0x80 -}; + 0xca, 0x0c, 0xbc, 0x3f, 0x49, 0x9f, 0x37, 0xef, 0x5d, 0xed, 0x80}; unsigned char short_tc_a_cer[] = { 0x30, 0x82, 0x01, 0x4e, 0x30, 0x81, 0xfc, 0xa0, 0x03, 0x02, 0x01, 0x02, @@ -617,8 +520,7 @@ unsigned char short_tc_a_cer[] = { 0xe9, 0x8b, 0x3b, 0x82, 0x0c, 0xb2, 0x2f, 0x8b, 0xb5, 0xd6, 0x38, 0xb1, 0x92, 0xb1, 0xc3, 0x74, 0x9a, 0x7c, 0x55, 0xb9, 0x5c, 0xfb, 0x8d, 0x1b, 0x00, 0x85, 0xad, 0x70, 0x9b, 0x6f, 0xb3, 0x32, 0x53, 0xc1, 0x85, 0x4b, - 0xd0, 0xe4 -}; + 0xd0, 0xe4}; unsigned char short_tc_b_cer[] = { 0x30, 0x82, 0x01, 0x4e, 0x30, 0x81, 0xfc, 0xa0, 0x03, 0x02, 0x01, 0x02, @@ -649,8 +551,7 @@ unsigned char short_tc_b_cer[] = { 0xc8, 0xc6, 0x97, 0x81, 0x40, 0x2f, 0xd8, 0xeb, 0xe3, 0xc0, 0x3d, 0xac, 0xbf, 0xb7, 0x8f, 0x27, 0xc3, 0xd0, 0x57, 0x49, 0x69, 0x35, 0x3c, 0xab, 0x49, 0xbc, 0xef, 0x3a, 0x0c, 0x0c, 0xc3, 0x92, 0xf8, 0x74, 0xba, 0xaf, - 0xa8, 0x15 -}; + 0xa8, 0x15}; unsigned char short_tc_c_cer[] = { 0x30, 0x82, 0x01, 0x4e, 0x30, 0x81, 0xfc, 0xa0, 0x03, 0x02, 0x01, 0x02, @@ -681,8 +582,7 @@ unsigned char short_tc_c_cer[] = { 0x37, 0x17, 0xac, 0x5f, 0x9a, 0x25, 0x56, 0x7c, 0xbd, 0x60, 0x60, 0xc1, 0xcd, 0xe1, 0x58, 0xf8, 0x49, 0x9e, 0x41, 0xab, 0xe5, 0x9e, 0xcd, 0xed, 0xf9, 0x74, 0x89, 0xc5, 0x1a, 0xc7, 0xa3, 0x88, 0x59, 0xcc, 0x79, 0x79, - 0x9a, 0x7f -}; + 0x9a, 0x7f}; unsigned char short_tc_d_cer[] = { 0x30, 0x82, 0x01, 0x4e, 0x30, 0x81, 0xfc, 0xa0, 0x03, 0x02, 0x01, 0x02, @@ -713,8 +613,7 @@ unsigned char short_tc_d_cer[] = { 0x2c, 0xde, 0xd4, 0x32, 0x06, 0x81, 0x75, 0x43, 0xe7, 0xca, 0xce, 0x1c, 0x3b, 0xa5, 0x43, 0xde, 0x44, 0x3e, 0x54, 0x35, 0x39, 0x3a, 0x80, 0x4b, 0x4f, 0xdb, 0x90, 0x09, 0x31, 0xa5, 0x8f, 0xf6, 0x66, 0xb6, 0xf1, 0x84, - 0x9c, 0x82 -}; + 0x9c, 0x82}; unsigned char long_tc_a_cer[] = { 0x30, 0x82, 0x01, 0xcf, 0x30, 0x82, 0x01, 0x3b, 0xa0, 0x03, 0x02, 0x01, @@ -755,8 +654,7 @@ unsigned char long_tc_a_cer[] = { 0xed, 0x34, 0x8e, 0xf5, 0xe7, 0x86, 0x7f, 0xec, 0x43, 0xff, 0x73, 0xd4, 0xc2, 0x67, 0xfe, 0xd8, 0x51, 0x99, 0x60, 0x76, 0x6f, 0xab, 0x85, 0x45, 0x92, 0xe9, 0x5c, 0xc5, 0x7d, 0x7f, 0x47, 0xf8, 0x46, 0xbe, 0x57, 0xdc, - 0x16, 0x90, 0x50, 0x90, 0x4c, 0x88, 0x94, 0x69, 0x4e, 0x07, 0x9b -}; + 0x16, 0x90, 0x50, 0x90, 0x4c, 0x88, 0x94, 0x69, 0x4e, 0x07, 0x9b}; unsigned char long_tc_b_cer[] = { 0x30, 0x82, 0x01, 0xcf, 0x30, 0x82, 0x01, 0x3b, 0xa0, 0x03, 0x02, 0x01, @@ -797,8 +695,7 @@ unsigned char long_tc_b_cer[] = { 0x01, 0xc4, 0x07, 0x47, 0x80, 0xe1, 0xb1, 0xdd, 0x25, 0xf4, 0x2a, 0x93, 0xff, 0x5e, 0x07, 0x19, 0xc3, 0xe8, 0xb4, 0xd1, 0x6c, 0xad, 0x6c, 0xa3, 0x25, 0xd4, 0x3d, 0xcb, 0x9c, 0xc7, 0x87, 0x14, 0xe0, 0x7d, 0x31, 0x9d, - 0xb6, 0x64, 0x94, 0xd1, 0x66, 0x3b, 0xb0, 0xe6, 0x3a, 0xa2, 0xa1 -}; + 0xb6, 0x64, 0x94, 0xd1, 0x66, 0x3b, 0xb0, 0xe6, 0x3a, 0xa2, 0xa1}; unsigned char long_tc_c_cer[] = { 0x30, 0x82, 0x01, 0xcf, 0x30, 0x82, 0x01, 0x3b, 0xa0, 0x03, 0x02, 0x01, @@ -839,11 +736,14 @@ unsigned char long_tc_c_cer[] = { 0x75, 0x12, 0x9a, 0x29, 0x3f, 0xe7, 0x5a, 0x90, 0xe6, 0x42, 0x82, 0x2a, 0xc2, 0xbf, 0x65, 0xf5, 0xe3, 0x10, 0xc6, 0x0b, 0xf3, 0x09, 0xaa, 0x66, 0xf9, 0xd7, 0x73, 0x8b, 0x28, 0x9c, 0x87, 0xd8, 0x35, 0x25, 0x8a, 0xd3, - 0x27, 0x08, 0x8c, 0xa9, 0x94, 0xeb, 0x34, 0xb3, 0x9b, 0x5a, 0xbe -}; + 0x27, 0x08, 0x8c, 0xa9, 0x94, 0xeb, 0x34, 0xb3, 0x9b, 0x5a, 0xbe}; /* end */ -#define D(y) { .name = #y, .cert = y, .len = sizeof(y) } +#define D(y) \ + { \ + .name = #y, .cert = y, .len = sizeof(y) \ + } + static struct test_cert { const char *name; const unsigned char *cert; @@ -859,8 +759,8 @@ static struct test_cert { D(long_tc_a_cer), D(long_tc_b_cer), D(long_tc_c_cer), - {0} -}; + {0}}; + #undef D static void hexdump(const void *ptr, size_t len) @@ -869,8 +769,8 @@ static void hexdump(const void *ptr, size_t len) size_t i, j; for (i = 0; i < len; i += j) { - for (j = 0; j < 16 && i + j < len; j++) - printf("%s %02x", j? "" : "\n", p[i + j]); + for (j = 0; j < 16 && i + j < len; j++) + printf("%s %02x", j ? "" : "\n", p[i + j]); } printf("\n"); } @@ -878,11 +778,11 @@ static void hexdump(const void *ptr, size_t len) static void print_test_result(int err) { if (err == 1) - printf(cGREEN "correct" cNORM "\n"); + printf(cGREEN "correct" cNORM "\n"); else if (err == 0) - printf(cRED "incorrect" cNORM "\n"); + printf(cRED "incorrect" cNORM "\n"); else - ERR_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); } /* copy-paste from crypto/crmf/crmf_lib.c */ @@ -892,15 +792,15 @@ static int X509_PUBKEY_cmp(X509_PUBKEY *a, X509_PUBKEY *b) int res = 0; if (a == b) - return 0; + return 0; if (a == NULL || !X509_PUBKEY_get0_param(NULL, NULL, NULL, &algA, a) - || algA == NULL) - return -1; + || algA == NULL) + return -1; if (b == NULL || !X509_PUBKEY_get0_param(NULL, NULL, NULL, &algB, b) - || algB == NULL) - return 1; + || algB == NULL) + return 1; if ((res = X509_ALGOR_cmp(algA, algB)) != 0) - return res; + return res; return !EVP_PKEY_cmp(X509_PUBKEY_get0(a), X509_PUBKEY_get0(b)); } @@ -929,7 +829,7 @@ static int test_cert(struct test_cert *tc) /* Low level access to parameters in case X509_get0_pubkey does not work. */ T(pptype == V_ASN1_SEQUENCE); - STACK_OF(ASN1_TYPE) *seq; + STACK_OF(ASN1_TYPE) * seq; p = pval->data; T(seq = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pval->length)); ASN1_TYPE *p1; /* First parameter is curve OID. */ @@ -1037,7 +937,8 @@ static int EC_KEY_create(int type, int param_nid, EC_KEY *dst) EVP_PKEY_CTX *ctx; T(ctx = EVP_PKEY_CTX_new(pkey, NULL)); T(EVP_PKEY_paramgen_init(ctx)); - T(EVP_PKEY_CTX_ctrl(ctx, type, -1, EVP_PKEY_CTRL_GOST_PARAMSET, param_nid, NULL)); + T(EVP_PKEY_CTX_ctrl( + ctx, type, -1, EVP_PKEY_CTRL_GOST_PARAMSET, param_nid, NULL)); EVP_PKEY *pkey2 = NULL; int err; TE((err = EVP_PKEY_paramgen(ctx, &pkey2)) == 1); @@ -1058,24 +959,24 @@ static int test_param(struct test_param *t) printf(cBLUE "Test %s (cp):" cNORM "\n", sn); switch (t->len) { - case 256 / 8: - type = NID_id_GostR3410_2012_256; - break; - case 512 / 8: - type = NID_id_GostR3410_2012_512; - break; - default: - OpenSSLDie(__FILE__, __LINE__, "invalid len"); + case 256 / 8: + type = NID_id_GostR3410_2012_256; + break; + case 512 / 8: + type = NID_id_GostR3410_2012_512; + break; + default: + OpenSSLDie(__FILE__, __LINE__, "invalid len"); } switch (type) { - case NID_id_GostR3410_2012_256: - hash_nid = NID_id_GostR3411_2012_256; - break; - case NID_id_GostR3410_2012_512: - hash_nid = NID_id_GostR3411_2012_512; - break; - default: - OpenSSLDie(__FILE__, __LINE__, "invalid type"); + case NID_id_GostR3410_2012_256: + hash_nid = NID_id_GostR3411_2012_256; + break; + case NID_id_GostR3410_2012_512: + hash_nid = NID_id_GostR3411_2012_512; + break; + default: + OpenSSLDie(__FILE__, __LINE__, "invalid type"); } /* Manually construct public key */ @@ -1125,35 +1026,35 @@ static int test_param(struct test_param *t) /* Verify using EVP_Verify API */ if (t->data) { - printf(" EVP_Verify API\t\t"); - EVP_MD_CTX *md_ctx; - T(md_ctx = EVP_MD_CTX_new()); - const EVP_MD *mdtype; - T(mdtype = EVP_get_digestbynid(hash_nid)); - T(EVP_VerifyInit(md_ctx, mdtype)); - /* Feed byte-by-byte. */ - size_t i; - for (i = 0; i < t->data_len; i++) - T(EVP_VerifyUpdate(md_ctx, &t->data[i], 1)); - err = EVP_VerifyFinal(md_ctx, sig, siglen, pkey); - print_test_result(err); - EVP_MD_CTX_free(md_ctx); - ret |= err != 1; + printf(" EVP_Verify API\t\t"); + EVP_MD_CTX *md_ctx; + T(md_ctx = EVP_MD_CTX_new()); + const EVP_MD *mdtype; + T(mdtype = EVP_get_digestbynid(hash_nid)); + T(EVP_VerifyInit(md_ctx, mdtype)); + /* Feed byte-by-byte. */ + size_t i; + for (i = 0; i < t->data_len; i++) + T(EVP_VerifyUpdate(md_ctx, &t->data[i], 1)); + err = EVP_VerifyFinal(md_ctx, sig, siglen, pkey); + print_test_result(err); + EVP_MD_CTX_free(md_ctx); + ret |= err != 1; } /* Verify using EVP_DigestVerifyInit API */ if (t->data) { - printf(" EVP_DigestVerifyInit API\t"); - EVP_MD_CTX *md_ctx; - T(md_ctx = EVP_MD_CTX_new()); - const EVP_MD *mdtype; - T(mdtype = EVP_get_digestbynid(hash_nid)); - T(EVP_DigestVerifyInit(md_ctx, NULL, mdtype, NULL, pkey)); - /* Verify in one step. */ - err = EVP_DigestVerify(md_ctx, sig, siglen, t->data, t->data_len); - print_test_result(err); - EVP_MD_CTX_free(md_ctx); - ret |= err != 1; + printf(" EVP_DigestVerifyInit API\t"); + EVP_MD_CTX *md_ctx; + T(md_ctx = EVP_MD_CTX_new()); + const EVP_MD *mdtype; + T(mdtype = EVP_get_digestbynid(hash_nid)); + T(EVP_DigestVerifyInit(md_ctx, NULL, mdtype, NULL, pkey)); + /* Verify in one step. */ + err = EVP_DigestVerify(md_ctx, sig, siglen, t->data, t->data_len); + print_test_result(err); + EVP_MD_CTX_free(md_ctx); + ret |= err != 1; } OPENSSL_free(sig); @@ -1169,15 +1070,15 @@ int main(int argc, char **argv) struct test_param **tpp; for (tpp = test_params; *tpp; tpp++) - ret |= test_param(*tpp); + ret |= test_param(*tpp); struct test_cert *tc; for (tc = test_certs; tc->cert; tc++) - ret |= test_cert(tc); + ret |= test_cert(tc); if (ret) - printf(cDRED "= Some tests FAILED!" cNORM "\n"); + printf(cDRED "= Some tests FAILED!" cNORM "\n"); else - printf(cDGREEN "= All tests passed!" cNORM "\n"); + printf(cDGREEN "= All tests passed!" cNORM "\n"); return ret; } diff --git a/test_sign.c b/test_sign.c index 63ae3b568..9b68ae15a 100644 --- a/test_sign.c +++ b/test_sign.c @@ -13,42 +13,46 @@ # pragma warning(pop) #endif #include "gost_lcl.h" -#include -#include -#include + #include -#include -#include #include -#include +#include #include -#include +#include +#include +#include +#include +#include #include +#include -#define T(e) \ - if (!(e)) { \ - ERR_print_errors_fp(stderr); \ - OpenSSLDie(__FILE__, __LINE__, #e); \ - } -#define TE(e) \ - if (!(e)) { \ - ERR_print_errors_fp(stderr); \ - fprintf(stderr, "Error at %s:%d %s\n", __FILE__, __LINE__, #e); \ - return -1; \ - } - -#define cRED "\033[1;31m" -#define cDRED "\033[0;31m" -#define cGREEN "\033[1;32m" -#define cDGREEN "\033[0;32m" -#define cBLUE "\033[1;34m" -#define cDBLUE "\033[0;34m" -#define cCYAN "\033[1;36m" -#define cNORM "\033[m" -#define TEST_ASSERT(e) {if ((test = (e))) \ - printf(cRED " Test FAILED" cNORM "\n"); \ - else \ - printf(cGREEN " Test passed" cNORM "\n");} +#define T(e) \ + if (!(e)) { \ + ERR_print_errors_fp(stderr); \ + OpenSSLDie(__FILE__, __LINE__, #e); \ + } +#define TE(e) \ + if (!(e)) { \ + ERR_print_errors_fp(stderr); \ + fprintf(stderr, "Error at %s:%d %s\n", __FILE__, __LINE__, #e); \ + return -1; \ + } + +#define cRED "\033[1;31m" +#define cDRED "\033[0;31m" +#define cGREEN "\033[1;32m" +#define cDGREEN "\033[0;32m" +#define cBLUE "\033[1;34m" +#define cDBLUE "\033[0;34m" +#define cCYAN "\033[1;36m" +#define cNORM "\033[m" +#define TEST_ASSERT(e) \ + { \ + if ((test = (e))) \ + printf(cRED " Test FAILED" cNORM "\n"); \ + else \ + printf(cGREEN " Test passed" cNORM "\n"); \ + } struct test_sign { const char *name; @@ -57,7 +61,10 @@ struct test_sign { const char *paramset; }; -#define D(x,y,z) { .name = #x, .nid = x, .bits = y, .paramset = z } +#define D(x, y, z) \ + { \ + .name = #x, .nid = x, .bits = y, .paramset = z \ + } static struct test_sign test_signs[] = { D(NID_id_GostR3410_2001_CryptoPro_A_ParamSet, 256, "A"), D(NID_id_GostR3410_2001_CryptoPro_B_ParamSet, 256, "B"), @@ -66,11 +73,10 @@ static struct test_sign test_signs[] = { D(NID_id_tc26_gost_3410_2012_256_paramSetB, 256, "TCB"), D(NID_id_tc26_gost_3410_2012_256_paramSetC, 256, "TCC"), D(NID_id_tc26_gost_3410_2012_256_paramSetD, 256, "TCD"), - D(NID_id_tc26_gost_3410_2012_512_paramSetA, 512, "A"), - D(NID_id_tc26_gost_3410_2012_512_paramSetB, 512, "B"), - D(NID_id_tc26_gost_3410_2012_512_paramSetC, 512, "C"), - 0 -}; + D(NID_id_tc26_gost_3410_2012_512_paramSetA, 512, "A"), + D(NID_id_tc26_gost_3410_2012_512_paramSetB, 512, "B"), + D(NID_id_tc26_gost_3410_2012_512_paramSetC, 512, "C"), + 0}; #undef D static void hexdump(const void *ptr, size_t len) @@ -79,8 +85,8 @@ static void hexdump(const void *ptr, size_t len) size_t i, j; for (i = 0; i < len; i += j) { - for (j = 0; j < 16 && i + j < len; j++) - printf("%s %02x", j? "" : "\n", p[i + j]); + for (j = 0; j < 16 && i + j < len; j++) + printf("%s %02x", j ? "" : "\n", p[i + j]); } printf("\n"); } @@ -88,19 +94,19 @@ static void hexdump(const void *ptr, size_t len) static void print_test_tf(int err, int val, const char *t, const char *f) { if (err == 1) - printf(cGREEN "%s" cNORM "\n", t); + printf(cGREEN "%s" cNORM "\n", t); else - printf(cRED "%s [%d]" cNORM "\n", f, val); + printf(cRED "%s [%d]" cNORM "\n", f, val); } static void print_test_result(int err) { if (err == 1) - printf(cGREEN "success" cNORM "\n"); + printf(cGREEN "success" cNORM "\n"); else if (err == 0) - printf(cRED "failure" cNORM "\n"); + printf(cRED "failure" cNORM "\n"); else - ERR_print_errors_fp(stderr); + ERR_print_errors_fp(stderr); } static int test_sign(struct test_sign *t) @@ -114,16 +120,16 @@ static int test_sign(struct test_sign *t) int type = 0; const char *algname = NULL; switch (t->bits) { - case 256: - type = NID_id_GostR3410_2012_256; - algname = "gost2012_256"; - break; - case 512: - type = NID_id_GostR3410_2012_512; - algname = "gost2012_512"; - break; - default: - return -1; + case 256: + type = NID_id_GostR3410_2012_256; + algname = "gost2012_256"; + break; + case 512: + type = NID_id_GostR3410_2012_512; + algname = "gost2012_512"; + break; + default: + return -1; } /* Keygen. */ @@ -133,7 +139,8 @@ static int test_sign(struct test_sign *t) EVP_PKEY_CTX *ctx; T(ctx = EVP_PKEY_CTX_new(pkey, NULL)); T(EVP_PKEY_keygen_init(ctx)); - T(EVP_PKEY_CTX_ctrl(ctx, type, -1, EVP_PKEY_CTRL_GOST_PARAMSET, t->nid, NULL)); + T(EVP_PKEY_CTX_ctrl( + ctx, type, -1, EVP_PKEY_CTRL_GOST_PARAMSET, t->nid, NULL)); EVP_PKEY *priv_key = NULL; err = EVP_PKEY_keygen(ctx, &priv_key); printf("\tEVP_PKEY_keygen:\t"); @@ -141,7 +148,7 @@ static int test_sign(struct test_sign *t) EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); if (err != 1) - return -1; + return -1; /* Convert to PEM and back. */ BIO *bp; @@ -185,27 +192,28 @@ static int test_sign(struct test_sign *t) fflush(stdout); pkey = NULL; OSSL_STORE_CTX *cts; - T(cts = OSSL_STORE_attach(bp, "file", NULL, NULL, NULL, NULL, NULL, NULL, NULL)); + T(cts = OSSL_STORE_attach( + bp, "file", NULL, NULL, NULL, NULL, NULL, NULL, NULL)); for (;;) { - OSSL_STORE_INFO *info = OSSL_STORE_load(cts); - if (!info) { - ERR_print_errors_fp(stderr); - T(OSSL_STORE_eof(cts)); - break; - } - if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) { - T((pkey = OSSL_STORE_INFO_get1_PKEY(info))); - } - OSSL_STORE_INFO_free(info); + OSSL_STORE_INFO *info = OSSL_STORE_load(cts); + if (!info) { + ERR_print_errors_fp(stderr); + T(OSSL_STORE_eof(cts)); + break; + } + if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) { + T((pkey = OSSL_STORE_INFO_get1_PKEY(info))); + } + OSSL_STORE_INFO_free(info); } OSSL_STORE_close(cts); if (pkey) { - err = !EVP_PKEY_cmp(priv_key, pkey); - print_test_result(!err); - ret |= err; - EVP_PKEY_free(pkey); + err = !EVP_PKEY_cmp(priv_key, pkey); + print_test_result(!err); + ret |= err; + EVP_PKEY_free(pkey); } else - printf(cCYAN "skipped" cNORM "\n"); + printf(cCYAN "skipped" cNORM "\n"); BIO_free(bp); /* Convert to DER and back, using memory API. */ @@ -330,11 +338,11 @@ int main(int argc, char **argv) struct test_sign *sp; for (sp = test_signs; sp->name; sp++) - ret |= test_sign(sp); + ret |= test_sign(sp); if (ret) - printf(cDRED "= Some tests FAILED!" cNORM "\n"); + printf(cDRED "= Some tests FAILED!" cNORM "\n"); else - printf(cDGREEN "= All tests passed!" cNORM "\n"); + printf(cDGREEN "= All tests passed!" cNORM "\n"); return ret; } diff --git a/test_tls.c b/test_tls.c index 77e628158..b47e585b2 100644 --- a/test_tls.c +++ b/test_tls.c @@ -15,18 +15,19 @@ #endif #include "e_gost_err.h" #include "gost_lcl.h" -#include -#include + +#include #include -#include +#include +#include #include -#include +#include #include +#include +#include #include -#include -#include -#include #include +#include #include #ifdef __GNUC__ @@ -34,29 +35,32 @@ # pragma GCC diagnostic ignored "-Wpointer-sign" #endif -#define T(e) \ - if (!(e)) { \ - ERR_print_errors_fp(stderr); \ - OpenSSLDie(__FILE__, __LINE__, #e); \ - } -#define TE(e) \ - if (!(e)) { \ - ERR_print_errors_fp(stderr); \ - fprintf(stderr, "Error at %s:%d %s\n", __FILE__, __LINE__, #e); \ - return -1; \ - } - -#define cRED "\033[1;31m" -#define cDRED "\033[0;31m" -#define cGREEN "\033[1;32m" -#define cDGREEN "\033[0;32m" -#define cBLUE "\033[1;34m" -#define cDBLUE "\033[0;34m" -#define cNORM "\033[m" -#define TEST_ASSERT(e) {if ((test = (e))) \ - printf(cRED " Test FAILED\n" cNORM); \ - else \ - printf(cGREEN " Test passed\n" cNORM);} +#define T(e) \ + if (!(e)) { \ + ERR_print_errors_fp(stderr); \ + OpenSSLDie(__FILE__, __LINE__, #e); \ + } +#define TE(e) \ + if (!(e)) { \ + ERR_print_errors_fp(stderr); \ + fprintf(stderr, "Error at %s:%d %s\n", __FILE__, __LINE__, #e); \ + return -1; \ + } + +#define cRED "\033[1;31m" +#define cDRED "\033[0;31m" +#define cGREEN "\033[1;32m" +#define cDGREEN "\033[0;32m" +#define cBLUE "\033[1;34m" +#define cDBLUE "\033[0;34m" +#define cNORM "\033[m" +#define TEST_ASSERT(e) \ + { \ + if ((test = (e))) \ + printf(cRED " Test FAILED\n" cNORM); \ + else \ + printf(cGREEN " Test passed\n" cNORM); \ + } struct certkey { EVP_PKEY *pkey; @@ -88,7 +92,7 @@ static struct certkey certgen(const char *algname, const char *paramset) T(ctx = EVP_PKEY_CTX_new(tkey, NULL)); T(EVP_PKEY_keygen_init(ctx)); if (paramset) - T(EVP_PKEY_CTX_ctrl_str(ctx, "paramset", paramset)); + T(EVP_PKEY_CTX_ctrl_str(ctx, "paramset", paramset)); EVP_PKEY *pkey = NULL; T((EVP_PKEY_keygen(ctx, &pkey)) == 1); EVP_PKEY_CTX_free(ctx); @@ -100,8 +104,10 @@ static struct certkey certgen(const char *algname, const char *paramset) T(X509_REQ_set_version(req, 0L)); X509_NAME *name; T(name = X509_NAME_new()); - T(X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned char *)"Test CA", -1, -1, 0)); - T(X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char *)"Test Key", -1, -1, 0)); + T(X509_NAME_add_entry_by_txt( + name, "O", MBSTRING_ASC, (unsigned char *)"Test CA", -1, -1, 0)); + T(X509_NAME_add_entry_by_txt( + name, "CN", MBSTRING_ASC, (unsigned char *)"Test Key", -1, -1, 0)); T(X509_REQ_set_subject_name(req, name)); T(X509_REQ_set_pubkey(req, pkey)); X509_NAME_free(name); @@ -125,13 +131,16 @@ static struct certkey certgen(const char *algname, const char *paramset) X509V3_set_ctx_nodb(&v3ctx); X509V3_set_ctx(&v3ctx, x509ss, x509ss, NULL, NULL, 0); X509_EXTENSION *ext; - T(ext = X509V3_EXT_conf_nid(NULL, &v3ctx, NID_basic_constraints, "critical,CA:TRUE")); + T(ext = X509V3_EXT_conf_nid( + NULL, &v3ctx, NID_basic_constraints, "critical,CA:TRUE")); T(X509_add_ext(x509ss, ext, 0)); X509_EXTENSION_free(ext); - T(ext = X509V3_EXT_conf_nid(NULL, &v3ctx, NID_subject_key_identifier, "hash")); + T(ext = X509V3_EXT_conf_nid( + NULL, &v3ctx, NID_subject_key_identifier, "hash")); T(X509_add_ext(x509ss, ext, 1)); X509_EXTENSION_free(ext); - T(ext = X509V3_EXT_conf_nid(NULL, &v3ctx, NID_authority_key_identifier, "keyid:always,issuer")); + T(ext = X509V3_EXT_conf_nid( + NULL, &v3ctx, NID_authority_key_identifier, "keyid:always,issuer")); T(X509_add_ext(x509ss, ext, 2)); X509_EXTENSION_free(ext); @@ -150,7 +159,7 @@ static struct certkey certgen(const char *algname, const char *paramset) PEM_write_bio_X509(out, x509ss); BIO_free_all(out); #endif - return (struct certkey){ .pkey = pkey, .cert = x509ss }; + return (struct certkey){.pkey = pkey, .cert = x509ss}; } /* Non-blocking BIO test mechanic is based on sslapitest.c */ @@ -160,7 +169,7 @@ int test(const char *algname, const char *paramset) printf(cBLUE "Test %s", algname); if (paramset) - printf(cBLUE ":%s", paramset); + printf(cBLUE ":%s", paramset); printf(cNORM "\n"); struct certkey ck; @@ -216,12 +225,12 @@ int test(const char *algname, const char *paramset) if (verbose) printf("SSL_accept: %d %d\n", rets, err); } - if (rets <= 0 && err != SSL_ERROR_WANT_READ && - err != SSL_ERROR_WANT_X509_LOOKUP) { + if (rets <= 0 && err != SSL_ERROR_WANT_READ + && err != SSL_ERROR_WANT_X509_LOOKUP) { ERR_print_errors_fp(stderr); OpenSSLDie(__FILE__, __LINE__, "SSL_accept"); } - } while (retc <=0 || rets <= 0); + } while (retc <= 0 || rets <= 0); /* Two SSL_read_ex should fail. */ unsigned char buf; @@ -276,7 +285,7 @@ int main(int argc, char **argv) char *p; if ((p = getenv("VERBOSE"))) - verbose = atoi(p); + verbose = atoi(p); ret |= test("rsa", NULL); cipher_list = "LEGACY-GOST2012-GOST8912-GOST8912"; @@ -289,8 +298,8 @@ int main(int argc, char **argv) ret |= test("gost2012_512", "C"); if (ret) - printf(cDRED "= Some tests FAILED!\n" cNORM); + printf(cDRED "= Some tests FAILED!\n" cNORM); else - printf(cDGREEN "= All tests passed!\n" cNORM); + printf(cDGREEN "= All tests passed!\n" cNORM); return ret; } diff --git a/test_tlstree.c b/test_tlstree.c index dece81485..74c0f9c3b 100644 --- a/test_tlstree.c +++ b/test_tlstree.c @@ -9,10 +9,10 @@ # include # pragma warning(pop) #endif -# include -# include -# include -# include +#include +#include +#include +#include static void hexdump(FILE *f, const char *title, const unsigned char *s, int l) { @@ -30,166 +30,167 @@ static void hexdump(FILE *f, const char *title, const unsigned char *s, int l) int main(void) { #ifdef EVP_MD_CTRL_TLSTREE - const unsigned char mac_secret[] = { -0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - }; - - const unsigned char enc_key[] = { -0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - }; - - const unsigned char full_iv[] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - }; - - - unsigned char seq0[] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - }; - - const unsigned char rec0_header[] = { -0x17, 0x03, 0x03, 0x00, 0x0F - }; - - const unsigned char data0[15] = { -0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }; - - const unsigned char mac0_etl[16] = { -0x75, 0x53, 0x09, 0xCB, 0xC7, 0x3B, 0xB9, 0x49, 0xC5, 0x0E, 0xBB, 0x86, 0x16, 0x0A, 0x0F, 0xEE - }; - - const unsigned char enc0_etl[31] = { -0xf3, 0x17, 0xa7, 0x1d, 0x3a, 0xce, 0x43, 0x3b, 0x01, 0xd4, 0xe7, 0xd4, 0xef, 0x61, 0xae, 0x00, -0xd5, 0x3b, 0x41, 0x52, 0x7a, 0x26, 0x1e, 0xdf, 0xc2, 0xba, 0x78, 0x57, 0xc1, 0x93, 0x2d - }; - - unsigned char data0_processed[31]; - unsigned char mac0[16]; - - unsigned char seq63[] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3F, - }; - - const unsigned char rec63_header[] = { -0x17, 0x03, 0x03, 0x10, 0x00 - }; - - unsigned char data63[4096]; - - const unsigned char mac63_etl[16] = { -0x0A, 0x3B, 0xFD, 0x43, 0x0F, 0xCD, 0xD8, 0xD8, 0x5C, 0x96, 0x46, 0x86, 0x81, 0x78, 0x4F, 0x7D - }; - - const unsigned char enc63_etl_head[32] = { -0x6A, 0x18, 0x38, 0xB0, 0xA0, 0xD5, 0xA0, 0x4D, 0x1F, 0x29, 0x64, 0x89, 0x6D, 0x08, 0x5F, 0xB7, -0xDA, 0x84, 0xD7, 0x76, 0xC3, 0x9F, 0x5C, 0xDC, 0x37, 0x20, 0xB7, 0xB5, 0x59, 0xEF, 0x13, 0x9D - }; - const unsigned char enc63_etl_tail[48] = { -0x0A, 0x81, 0x29, 0x9B, 0x35, 0x98, 0x19, 0x5D, 0xD4, 0x51, 0x68, 0xA6, 0x38, 0x50, 0xA7, 0x6E, -0x1A, 0x4F, 0x1E, 0x6D, 0xD5, 0xEF, 0x72, 0x59, 0x3F, 0xAE, 0x76, 0x55, 0x71, 0xEC, 0x37, 0xE7, -0x17, 0xF5, 0xB8, 0x62, 0x85, 0xBB, 0x5B, 0xFD, 0x83, 0xB6, 0x6A, 0xB7, 0x63, 0x86, 0x52, 0x08 - }; - - unsigned char data63_processed[4096+16]; - unsigned char mac63[16]; - - EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); - EVP_CIPHER_CTX *enc = NULL; - const EVP_MD *md; - const EVP_CIPHER *ciph; - EVP_PKEY *mac_key; - size_t mac_len; - int i; - - OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); - - memset(data63, 0, 4096); - - md = EVP_get_digestbynid(NID_grasshopper_mac); - - EVP_DigestInit_ex(mdctx, md, NULL); - mac_key = EVP_PKEY_new_mac_key(NID_grasshopper_mac, NULL, mac_secret, 32); - EVP_DigestSignInit(mdctx, NULL, md, NULL, mac_key); - EVP_PKEY_free(mac_key); - - EVP_MD_CTX_ctrl(mdctx, EVP_MD_CTRL_TLSTREE, 0, seq0); - EVP_DigestSignUpdate(mdctx, seq0, 8); - EVP_DigestSignUpdate(mdctx, rec0_header, 5); - EVP_DigestSignUpdate(mdctx, data0, 15); - EVP_DigestSignFinal(mdctx, mac0, &mac_len); - - EVP_MD_CTX_free(mdctx); - hexdump(stderr, "MAC0 result", mac0, mac_len); - if (memcmp(mac0, mac0_etl, 16) != 0) { - fprintf(stderr, "MAC0 mismatch"); - exit(1); - } - - ciph = EVP_get_cipherbynid(NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm); - enc = EVP_CIPHER_CTX_new(); - if (EVP_EncryptInit_ex(enc, ciph, NULL, enc_key, full_iv) <= 0) { - fprintf(stderr, "Internal error"); - exit(1); - } - - for (i = 7; i >= 0; i--) { - ++seq0[i]; - if (seq0[i] != 0) - break; - } - EVP_CIPHER_CTX_ctrl(enc, EVP_CTRL_TLSTREE, 0, seq0); - EVP_Cipher(enc, data0_processed, data0, sizeof(data0)); - EVP_Cipher(enc, data0_processed+sizeof(data0), mac0, 16); - - hexdump(stderr, "ENC0 result", data0_processed, 31); - if (memcmp(enc0_etl, data0_processed, sizeof(data0_processed)) != 0) { - fprintf(stderr, "ENC0 mismatch"); - exit(1); - } - - mdctx = EVP_MD_CTX_new(); - EVP_DigestInit_ex(mdctx, md, NULL); - mac_key = EVP_PKEY_new_mac_key(NID_grasshopper_mac, NULL, mac_secret, 32); - EVP_DigestSignInit(mdctx, NULL, md, NULL, mac_key); - EVP_PKEY_free(mac_key); - - EVP_MD_CTX_ctrl(mdctx, EVP_MD_CTRL_TLSTREE, 0, seq63); - EVP_DigestSignUpdate(mdctx, seq63, 8); - EVP_DigestSignUpdate(mdctx, rec63_header, 5); - EVP_DigestSignUpdate(mdctx, data63, 4096); - EVP_DigestSignFinal(mdctx, mac63, &mac_len); - - EVP_MD_CTX_free(mdctx); - hexdump(stderr, "MAC63 result", mac63, mac_len); - if (memcmp(mac63, mac63_etl, 16) != 0) { - fprintf(stderr, "MAC63 mismatch"); - exit(1); - } - - for (i = 7; i >= 0; i--) { - ++seq63[i]; - if (seq63[i] != 0) - break; - } - EVP_CIPHER_CTX_ctrl(enc, EVP_CTRL_TLSTREE, 0, seq63); - EVP_Cipher(enc, data63_processed, data63, sizeof(data63)); - EVP_Cipher(enc, data63_processed+sizeof(data63), mac63, 16); - - hexdump(stderr, "ENC63 result: head", data63_processed, 32); - if (memcmp(enc63_etl_head, data63_processed, sizeof(enc63_etl_head)) != 0) { - fprintf(stderr, "ENC63 mismatch: head"); - exit(1); - } - hexdump(stderr, "ENC63 result: tail", data63_processed+4096+16-48, 48); - if (memcmp(enc63_etl_tail, data63_processed+4096+16-48, sizeof(enc63_etl_tail)) != 0) { - fprintf(stderr, "ENC63 mismatch: tail"); - exit(1); - } + const unsigned char mac_secret[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + }; + + const unsigned char enc_key[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }; + + const unsigned char full_iv[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }; + + unsigned char seq0[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }; + + const unsigned char rec0_header[] = {0x17, 0x03, 0x03, 0x00, 0x0F}; + + const unsigned char data0[15] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + + const unsigned char mac0_etl[16] = { + 0x75, 0x53, 0x09, 0xCB, 0xC7, 0x3B, 0xB9, 0x49, + 0xC5, 0x0E, 0xBB, 0x86, 0x16, 0x0A, 0x0F, 0xEE}; + + const unsigned char enc0_etl[31] = { + 0xf3, 0x17, 0xa7, 0x1d, 0x3a, 0xce, 0x43, 0x3b, 0x01, 0xd4, 0xe7, + 0xd4, 0xef, 0x61, 0xae, 0x00, 0xd5, 0x3b, 0x41, 0x52, 0x7a, 0x26, + 0x1e, 0xdf, 0xc2, 0xba, 0x78, 0x57, 0xc1, 0x93, 0x2d}; + + unsigned char data0_processed[31]; + unsigned char mac0[16]; + + unsigned char seq63[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3F, + }; + + const unsigned char rec63_header[] = {0x17, 0x03, 0x03, 0x10, 0x00}; + + unsigned char data63[4096]; + + const unsigned char mac63_etl[16] = { + 0x0A, 0x3B, 0xFD, 0x43, 0x0F, 0xCD, 0xD8, 0xD8, + 0x5C, 0x96, 0x46, 0x86, 0x81, 0x78, 0x4F, 0x7D}; + + const unsigned char enc63_etl_head[32] = { + 0x6A, 0x18, 0x38, 0xB0, 0xA0, 0xD5, 0xA0, 0x4D, 0x1F, 0x29, 0x64, + 0x89, 0x6D, 0x08, 0x5F, 0xB7, 0xDA, 0x84, 0xD7, 0x76, 0xC3, 0x9F, + 0x5C, 0xDC, 0x37, 0x20, 0xB7, 0xB5, 0x59, 0xEF, 0x13, 0x9D}; + const unsigned char enc63_etl_tail[48] = { + 0x0A, 0x81, 0x29, 0x9B, 0x35, 0x98, 0x19, 0x5D, 0xD4, 0x51, 0x68, 0xA6, + 0x38, 0x50, 0xA7, 0x6E, 0x1A, 0x4F, 0x1E, 0x6D, 0xD5, 0xEF, 0x72, 0x59, + 0x3F, 0xAE, 0x76, 0x55, 0x71, 0xEC, 0x37, 0xE7, 0x17, 0xF5, 0xB8, 0x62, + 0x85, 0xBB, 0x5B, 0xFD, 0x83, 0xB6, 0x6A, 0xB7, 0x63, 0x86, 0x52, 0x08}; + + unsigned char data63_processed[4096 + 16]; + unsigned char mac63[16]; + + EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); + EVP_CIPHER_CTX *enc = NULL; + const EVP_MD *md; + const EVP_CIPHER *ciph; + EVP_PKEY *mac_key; + size_t mac_len; + int i; + + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); + + memset(data63, 0, 4096); + + md = EVP_get_digestbynid(NID_grasshopper_mac); + + EVP_DigestInit_ex(mdctx, md, NULL); + mac_key = EVP_PKEY_new_mac_key(NID_grasshopper_mac, NULL, mac_secret, 32); + EVP_DigestSignInit(mdctx, NULL, md, NULL, mac_key); + EVP_PKEY_free(mac_key); + + EVP_MD_CTX_ctrl(mdctx, EVP_MD_CTRL_TLSTREE, 0, seq0); + EVP_DigestSignUpdate(mdctx, seq0, 8); + EVP_DigestSignUpdate(mdctx, rec0_header, 5); + EVP_DigestSignUpdate(mdctx, data0, 15); + EVP_DigestSignFinal(mdctx, mac0, &mac_len); + + EVP_MD_CTX_free(mdctx); + hexdump(stderr, "MAC0 result", mac0, mac_len); + if (memcmp(mac0, mac0_etl, 16) != 0) { + fprintf(stderr, "MAC0 mismatch"); + exit(1); + } + + ciph = EVP_get_cipherbynid( + NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm); + enc = EVP_CIPHER_CTX_new(); + if (EVP_EncryptInit_ex(enc, ciph, NULL, enc_key, full_iv) <= 0) { + fprintf(stderr, "Internal error"); + exit(1); + } + + for (i = 7; i >= 0; i--) { + ++seq0[i]; + if (seq0[i] != 0) + break; + } + EVP_CIPHER_CTX_ctrl(enc, EVP_CTRL_TLSTREE, 0, seq0); + EVP_Cipher(enc, data0_processed, data0, sizeof(data0)); + EVP_Cipher(enc, data0_processed + sizeof(data0), mac0, 16); + + hexdump(stderr, "ENC0 result", data0_processed, 31); + if (memcmp(enc0_etl, data0_processed, sizeof(data0_processed)) != 0) { + fprintf(stderr, "ENC0 mismatch"); + exit(1); + } + + mdctx = EVP_MD_CTX_new(); + EVP_DigestInit_ex(mdctx, md, NULL); + mac_key = EVP_PKEY_new_mac_key(NID_grasshopper_mac, NULL, mac_secret, 32); + EVP_DigestSignInit(mdctx, NULL, md, NULL, mac_key); + EVP_PKEY_free(mac_key); + + EVP_MD_CTX_ctrl(mdctx, EVP_MD_CTRL_TLSTREE, 0, seq63); + EVP_DigestSignUpdate(mdctx, seq63, 8); + EVP_DigestSignUpdate(mdctx, rec63_header, 5); + EVP_DigestSignUpdate(mdctx, data63, 4096); + EVP_DigestSignFinal(mdctx, mac63, &mac_len); + + EVP_MD_CTX_free(mdctx); + hexdump(stderr, "MAC63 result", mac63, mac_len); + if (memcmp(mac63, mac63_etl, 16) != 0) { + fprintf(stderr, "MAC63 mismatch"); + exit(1); + } + + for (i = 7; i >= 0; i--) { + ++seq63[i]; + if (seq63[i] != 0) + break; + } + EVP_CIPHER_CTX_ctrl(enc, EVP_CTRL_TLSTREE, 0, seq63); + EVP_Cipher(enc, data63_processed, data63, sizeof(data63)); + EVP_Cipher(enc, data63_processed + sizeof(data63), mac63, 16); + + hexdump(stderr, "ENC63 result: head", data63_processed, 32); + if (memcmp(enc63_etl_head, data63_processed, sizeof(enc63_etl_head)) != 0) { + fprintf(stderr, "ENC63 mismatch: head"); + exit(1); + } + hexdump(stderr, "ENC63 result: tail", data63_processed + 4096 + 16 - 48, + 48); + if (memcmp(enc63_etl_tail, data63_processed + 4096 + 16 - 48, + sizeof(enc63_etl_tail)) + != 0) { + fprintf(stderr, "ENC63 mismatch: tail"); + exit(1); + } #endif - return 0; + return 0; }