1/**********************************************************************
2 * gosthash.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Implementation of GOST R 34.11-94 hash function *
7 * uses on gost89.c and gost89.h Doesn't need OpenSSL *
8 **********************************************************************/
9#include <string.h>
10
11#include "gost89.h"
12#include "gosthash.h"
13
| 1/**********************************************************************
2 * gosthash.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Implementation of GOST R 34.11-94 hash function *
7 * uses on gost89.c and gost89.h Doesn't need OpenSSL *
8 **********************************************************************/
9#include <string.h>
10
11#include "gost89.h"
12#include "gosthash.h"
13
|
14
15/* Use OPENSSL_malloc for memory allocation if compiled with
| 14/*
15 * Use OPENSSL_malloc for memory allocation if compiled with
|
16 * -DOPENSSL_BUILD, and libc malloc otherwise
17 */
18#ifndef MYALLOC
19# ifdef OPENSSL_BUILD
20# include <openssl/crypto.h>
21# define MYALLOC(size) OPENSSL_malloc(size)
22# define MYFREE(ptr) OPENSSL_free(ptr)
23# else
24# define MYALLOC(size) malloc(size)
25# define MYFREE(ptr) free(ptr)
26# endif
27#endif
| 16 * -DOPENSSL_BUILD, and libc malloc otherwise
17 */
18#ifndef MYALLOC
19# ifdef OPENSSL_BUILD
20# include <openssl/crypto.h>
21# define MYALLOC(size) OPENSSL_malloc(size)
22# define MYFREE(ptr) OPENSSL_free(ptr)
23# else
24# define MYALLOC(size) malloc(size)
25# define MYFREE(ptr) free(ptr)
26# endif
27#endif
|
28/* Following functions are various bit meshing routines used in
29 * GOST R 34.11-94 algorithms */
30static void swap_bytes (byte *w, byte *k)
31 {
32 int i,j;
33 for (i=0;i<4;i++)
34 for (j=0;j<8;j++)
35 k[i+4*j]=w[8*i+j];
| 28/*
29 * Following functions are various bit meshing routines used in GOST R
30 * 34.11-94 algorithms
31 */
32static void swap_bytes(byte * w, byte * k)
33{
34 int i, j;
35 for (i = 0; i < 4; i++)
36 for (j = 0; j < 8; j++)
37 k[i + 4 * j] = w[8 * i + j];
|
36
| 38
|
37 }
| 39}
|
38
39/* was A_A */
| 40
41/* was A_A */
|
40static void circle_xor8 (const byte *w, byte *k)
41 {
42 byte buf[8];
43 int i;
44 memcpy(buf,w,8);
45 memmove(k,w+8,24);
46 for(i=0;i<8;i++)
47 k[i+24]=buf[i]^k[i];
48 }
| 42static void circle_xor8(const byte * w, byte * k)
43{
44 byte buf[8];
45 int i;
46 memcpy(buf, w, 8);
47 memmove(k, w + 8, 24);
48 for (i = 0; i < 8; i++)
49 k[i + 24] = buf[i] ^ k[i];
50}
|
49
50/* was R_R */
| 51
52/* was R_R */
|
51static void transform_3 (byte *data)
52 {
53 unsigned short int acc;
54 acc=(data[0]^data[2]^data[4]^data[6]^data[24]^data[30])|
55 ((data[1]^data[3]^data[5]^data[7]^data[25]^data[31])<<8);
56 memmove(data,data+2,30);
57 data[30]=acc&0xff;
58 data[31]=acc>>8;
59 }
| 53static void transform_3(byte * data)
54{
55 unsigned short int acc;
56 acc = (data[0] ^ data[2] ^ data[4] ^ data[6] ^ data[24] ^ data[30]) |
57 ((data[1] ^ data[3] ^ data[5] ^ data[7] ^ data[25] ^ data[31]) << 8);
58 memmove(data, data + 2, 30);
59 data[30] = acc & 0xff;
60 data[31] = acc >> 8;
61}
|
60
61/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/
| 62
63/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/
|
62static int add_blocks(int n,byte *left, const byte *right)
63 {
64 int i;
65 int carry=0;
66 int sum;
67 for (i=0;i<n;i++)
68 {
69 sum=(int)left[i]+(int)right[i]+carry;
70 left[i]=sum & 0xff;
71 carry=sum>>8;
72 }
73 return carry;
74 }
| 64static int add_blocks(int n, byte * left, const byte * right)
65{
66 int i;
67 int carry = 0;
68 int sum;
69 for (i = 0; i < n; i++) {
70 sum = (int)left[i] + (int)right[i] + carry;
71 left[i] = sum & 0xff;
72 carry = sum >> 8;
73 }
74 return carry;
75}
|
75
76/* Xor two sequences of bytes */
| 76
77/* Xor two sequences of bytes */
|
77static void xor_blocks (byte *result,const byte *a,const byte *b,size_t len)
78 {
79 size_t i;
80 for (i=0;i<len;i++) result[i]=a[i]^b[i];
81 }
| 78static void xor_blocks(byte * result, const byte * a, const byte * b,
79 size_t len)
80{
81 size_t i;
82 for (i = 0; i < len; i++)
83 result[i] = a[i] ^ b[i];
84}
|
82
| 85
|
83/*
84 * Calculate H(i+1) = Hash(Hi,Mi)
85 * Where H and M are 32 bytes long
| 86/*
87 * Calculate H(i+1) = Hash(Hi,Mi)
88 * Where H and M are 32 bytes long
|
86 */
| 89 */
|
87static int hash_step(gost_ctx *c,byte *H,const byte *M)
88 {
89 byte U[32],W[32],V[32],S[32],Key[32];
90 int i;
91 /* Compute first key */
92 xor_blocks(W,H,M,32);
93 swap_bytes(W,Key);
94 /* Encrypt first 8 bytes of H with first key*/
95 gost_enc_with_key(c,Key,H,S);
96 /* Compute second key*/
97 circle_xor8(H,U);
98 circle_xor8(M,V);
99 circle_xor8(V,V);
100 xor_blocks(W,U,V,32);
101 swap_bytes(W,Key);
102 /* encrypt second 8 bytes of H with second key*/
103 gost_enc_with_key(c,Key,H+8,S+8);
104 /* compute third key */
105 circle_xor8(U,U);
106 U[31]=~U[31]; U[29]=~U[29]; U[28]=~U[28]; U[24]=~U[24];
107 U[23]=~U[23]; U[20]=~U[20]; U[18]=~U[18]; U[17]=~U[17];
108 U[14]=~U[14]; U[12]=~U[12]; U[10]=~U[10]; U[ 8]=~U[ 8];
109 U[ 7]=~U[ 7]; U[ 5]=~U[ 5]; U[ 3]=~U[ 3]; U[ 1]=~U[ 1];
110 circle_xor8(V,V);
111 circle_xor8(V,V);
112 xor_blocks(W,U,V,32);
113 swap_bytes(W,Key);
114 /* encrypt third 8 bytes of H with third key*/
115 gost_enc_with_key(c,Key,H+16,S+16);
116 /* Compute fourth key */
117 circle_xor8(U,U);
118 circle_xor8(V,V);
119 circle_xor8(V,V);
120 xor_blocks(W,U,V,32);
121 swap_bytes(W,Key);
122 /* Encrypt last 8 bytes with fourth key */
123 gost_enc_with_key(c,Key,H+24,S+24);
124 for (i=0;i<12;i++)
125 transform_3(S);
126 xor_blocks(S,S,M,32);
127 transform_3(S);
128 xor_blocks(S,S,H,32);
129 for (i=0;i<61;i++)
130 transform_3(S);
131 memcpy(H,S,32);
132 return 1;
133 }
| 90static int hash_step(gost_ctx * c, byte * H, const byte * M)
91{
92 byte U[32], W[32], V[32], S[32], Key[32];
93 int i;
94 /* Compute first key */
95 xor_blocks(W, H, M, 32);
96 swap_bytes(W, Key);
97 /* Encrypt first 8 bytes of H with first key */
98 gost_enc_with_key(c, Key, H, S);
99 /* Compute second key */
100 circle_xor8(H, U);
101 circle_xor8(M, V);
102 circle_xor8(V, V);
103 xor_blocks(W, U, V, 32);
104 swap_bytes(W, Key);
105 /* encrypt second 8 bytes of H with second key */
106 gost_enc_with_key(c, Key, H + 8, S + 8);
107 /* compute third key */
108 circle_xor8(U, U);
109 U[31] = ~U[31];
110 U[29] = ~U[29];
111 U[28] = ~U[28];
112 U[24] = ~U[24];
113 U[23] = ~U[23];
114 U[20] = ~U[20];
115 U[18] = ~U[18];
116 U[17] = ~U[17];
117 U[14] = ~U[14];
118 U[12] = ~U[12];
119 U[10] = ~U[10];
120 U[8] = ~U[8];
121 U[7] = ~U[7];
122 U[5] = ~U[5];
123 U[3] = ~U[3];
124 U[1] = ~U[1];
125 circle_xor8(V, V);
126 circle_xor8(V, V);
127 xor_blocks(W, U, V, 32);
128 swap_bytes(W, Key);
129 /* encrypt third 8 bytes of H with third key */
130 gost_enc_with_key(c, Key, H + 16, S + 16);
131 /* Compute fourth key */
132 circle_xor8(U, U);
133 circle_xor8(V, V);
134 circle_xor8(V, V);
135 xor_blocks(W, U, V, 32);
136 swap_bytes(W, Key);
137 /* Encrypt last 8 bytes with fourth key */
138 gost_enc_with_key(c, Key, H + 24, S + 24);
139 for (i = 0; i < 12; i++)
140 transform_3(S);
141 xor_blocks(S, S, M, 32);
142 transform_3(S);
143 xor_blocks(S, S, H, 32);
144 for (i = 0; i < 61; i++)
145 transform_3(S);
146 memcpy(H, S, 32);
147 return 1;
148}
|
134
| 149
|
135/* Initialize gost_hash ctx - cleans up temporary structures and
136 * set up substitution blocks
| 150/*
151 * Initialize gost_hash ctx - cleans up temporary structures and set up
152 * substitution blocks
|
137 */
| 153 */
|
138int init_gost_hash_ctx(gost_hash_ctx *ctx, const gost_subst_block *subst_block)
139 {
140 memset(ctx,0,sizeof(gost_hash_ctx));
141 ctx->cipher_ctx = (gost_ctx *)MYALLOC(sizeof(gost_ctx));
142 if (!ctx->cipher_ctx)
143 {
144 return 0;
145 }
146 gost_init(ctx->cipher_ctx,subst_block);
147 return 1;
148 }
| 154int init_gost_hash_ctx(gost_hash_ctx * ctx,
155 const gost_subst_block * subst_block)
156{
157 memset(ctx, 0, sizeof(gost_hash_ctx));
158 ctx->cipher_ctx = (gost_ctx *) MYALLOC(sizeof(gost_ctx));
159 if (!ctx->cipher_ctx) {
160 return 0;
161 }
162 gost_init(ctx->cipher_ctx, subst_block);
163 return 1;
164}
|
149
150/*
151 * Free cipher CTX if it is dynamically allocated. Do not use
152 * if cipher ctx is statically allocated as in OpenSSL implementation of
153 * GOST hash algroritm
154 *
| 165
166/*
167 * Free cipher CTX if it is dynamically allocated. Do not use
168 * if cipher ctx is statically allocated as in OpenSSL implementation of
169 * GOST hash algroritm
170 *
|
155 */
156void done_gost_hash_ctx(gost_hash_ctx *ctx)
157 {
158 /* No need to use gost_destroy, because cipher keys are not really
159 * secret when hashing */
160 MYFREE(ctx->cipher_ctx);
161 }
| 171 */
172void done_gost_hash_ctx(gost_hash_ctx * ctx)
173{
174 /*
175 * No need to use gost_destroy, because cipher keys are not really secret
176 * when hashing
177 */
178 MYFREE(ctx->cipher_ctx);
179}
|
162
163/*
164 * reset state of hash context to begin hashing new message
165 */
| 180
181/*
182 * reset state of hash context to begin hashing new message
183 */
|
166int start_hash(gost_hash_ctx *ctx)
167 {
168 if (!ctx->cipher_ctx) return 0;
169 memset(&(ctx->H),0,32);
170 memset(&(ctx->S),0,32);
171 ctx->len = 0L;
172 ctx->left=0;
173 return 1;
174 }
| 184int start_hash(gost_hash_ctx * ctx)
185{
186 if (!ctx->cipher_ctx)
187 return 0;
188 memset(&(ctx->H), 0, 32);
189 memset(&(ctx->S), 0, 32);
190 ctx->len = 0L;
191 ctx->left = 0;
192 return 1;
193}
|
175
176/*
177 * Hash block of arbitrary length
178 *
179 *
180 */
| 194
195/*
196 * Hash block of arbitrary length
197 *
198 *
199 */
|
181int hash_block(gost_hash_ctx *ctx,const byte *block, size_t length)
182 {
183 if (ctx->left)
184 {
185 /*There are some bytes from previous step*/
186 unsigned int add_bytes = 32-ctx->left;
187 if (add_bytes>length)
188 {
189 add_bytes = length;
190 }
191 memcpy(&(ctx->remainder[ctx->left]),block,add_bytes);
192 ctx->left+=add_bytes;
193 if (ctx->left<32)
194 {
195 return 1;
196 }
197 block+=add_bytes;
198 length-=add_bytes;
199 hash_step(ctx->cipher_ctx,ctx->H,ctx->remainder);
200 add_blocks(32,ctx->S,ctx->remainder);
201 ctx->len+=32;
202 ctx->left=0;
203 }
204 while (length>=32)
205 {
206 hash_step(ctx->cipher_ctx,ctx->H,block);
207
208 add_blocks(32,ctx->S,block);
209 ctx->len+=32;
210 block+=32;
211 length-=32;
212 }
213 if (length)
214 {
215 memcpy(ctx->remainder,block,ctx->left=length);
216 }
217 return 1;
218 }
| 200int hash_block(gost_hash_ctx * ctx, const byte * block, size_t length)
201{
202 if (ctx->left) {
203 /*
204 * There are some bytes from previous step
205 */
206 unsigned int add_bytes = 32 - ctx->left;
207 if (add_bytes > length) {
208 add_bytes = length;
209 }
210 memcpy(&(ctx->remainder[ctx->left]), block, add_bytes);
211 ctx->left += add_bytes;
212 if (ctx->left < 32) {
213 return 1;
214 }
215 block += add_bytes;
216 length -= add_bytes;
217 hash_step(ctx->cipher_ctx, ctx->H, ctx->remainder);
218 add_blocks(32, ctx->S, ctx->remainder);
219 ctx->len += 32;
220 ctx->left = 0;
221 }
222 while (length >= 32) {
223 hash_step(ctx->cipher_ctx, ctx->H, block);
|
219
| 224
|
| 225 add_blocks(32, ctx->S, block);
226 ctx->len += 32;
227 block += 32;
228 length -= 32;
229 }
230 if (length) {
231 memcpy(ctx->remainder, block, ctx->left = length);
232 }
233 return 1;
234}
235
|
220/*
221 * Compute hash value from current state of ctx
222 * state of hash ctx becomes invalid and cannot be used for further
223 * hashing.
| 236/*
237 * Compute hash value from current state of ctx
238 * state of hash ctx becomes invalid and cannot be used for further
239 * hashing.
|
224 */
225int finish_hash(gost_hash_ctx *ctx,byte *hashval)
226 {
227 byte buf[32];
228 byte H[32];
229 byte S[32];
230 ghosthash_len fin_len=ctx->len;
231 byte *bptr;
232 memcpy(H,ctx->H,32);
233 memcpy(S,ctx->S,32);
234 if (ctx->left)
235 {
236 memset(buf,0,32);
237 memcpy(buf,ctx->remainder,ctx->left);
238 hash_step(ctx->cipher_ctx,H,buf);
239 add_blocks(32,S,buf);
240 fin_len+=ctx->left;
241 }
242 memset(buf,0,32);
243 bptr=buf;
244 fin_len<<=3; /* Hash length in BITS!!*/
245 while(fin_len>0)
246 {
247 *(bptr++)=(byte)(fin_len&0xFF);
248 fin_len>>=8;
249 };
250 hash_step(ctx->cipher_ctx,H,buf);
251 hash_step(ctx->cipher_ctx,H,S);
252 memcpy(hashval,H,32);
253 return 1;
254 }
| 240 */
241int finish_hash(gost_hash_ctx * ctx, byte * hashval)
242{
243 byte buf[32];
244 byte H[32];
245 byte S[32];
246 ghosthash_len fin_len = ctx->len;
247 byte *bptr;
248 memcpy(H, ctx->H, 32);
249 memcpy(S, ctx->S, 32);
250 if (ctx->left) {
251 memset(buf, 0, 32);
252 memcpy(buf, ctx->remainder, ctx->left);
253 hash_step(ctx->cipher_ctx, H, buf);
254 add_blocks(32, S, buf);
255 fin_len += ctx->left;
256 }
257 memset(buf, 0, 32);
258 bptr = buf;
259 fin_len <<= 3; /* Hash length in BITS!! */
260 while (fin_len > 0) {
261 *(bptr++) = (byte) (fin_len & 0xFF);
262 fin_len >>= 8;
263 };
264 hash_step(ctx->cipher_ctx, H, buf);
265 hash_step(ctx->cipher_ctx, H, S);
266 memcpy(hashval, H, 32);
267 return 1;
268}
|
| |