Hash function GOST R 34.11-94 (gosthash94) in its compression function uses Russian block cipher (GOST 28147-89, Magma). Start separating block cipher code from hash function code. For now there is no public interface for this cipher, it will be added later.
Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- Makefile.in | 4 +- gost28147.c | 342 +++++++++++++++++++++++++++++++++++++++++++++++++++ gost28147.h | 63 ++++++++++ gosthash94.c | 245 +----------------------------------- 4 files changed, 412 insertions(+), 242 deletions(-) create mode 100644 gost28147.c create mode 100644 gost28147.h
diff --git a/Makefile.in b/Makefile.in index 537e97d19bea..795d66edb2c8 100644 --- a/Makefile.in +++ b/Makefile.in @@ -102,7 +102,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ gcm-camellia128.c gcm-camellia128-meta.c \ gcm-camellia256.c gcm-camellia256-meta.c \ cmac.c cmac-aes128.c cmac-aes256.c \ - gosthash94.c gosthash94-meta.c \ + gost28147.c gosthash94.c gosthash94-meta.c \ hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \ hmac-sha224.c hmac-sha256.c hmac-sha384.c hmac-sha512.c \ knuth-lfib.c hkdf.c \ @@ -195,7 +195,7 @@ HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h \ cbc.h ccm.h cfb.h chacha.h chacha-poly1305.h ctr.h \ curve25519.h des.h dsa.h dsa-compat.h eax.h \ ecc-curve.h ecc.h ecdsa.h eddsa.h \ - gcm.h gosthash94.h hmac.h \ + gcm.h gost28147.h gosthash94.h hmac.h \ knuth-lfib.h hkdf.h \ macros.h \ cmac.h \ diff --git a/gost28147.c b/gost28147.c new file mode 100644 index 000000000000..c734c4365fa7 --- /dev/null +++ b/gost28147.c @@ -0,0 +1,342 @@ +/* gost28147.c - GOST 28147-89 cipher implementation + * + * based on Russian standard GOST 28147-89 + * For English description, check RFC 5830. + * S-Boxes are expanded from the tables defined in RFC4357: + * https://tools.ietf.org/html/rfc4357 + * + * Copyright: 2019 Dmitry Eremin-Solenikov dbaryshkov@gmail.com + * Copyright: 2009-2012 Aleksey Kravchenko rhash.admin@gmail.com + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be included + * in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +#if HAVE_CONFIG_H +#include "config.h" +#endif + +#include "macros.h" +#include "gost28147.h" + +/* pre-initialized GOST lookup tables based on rotated S-Box */ +const struct gost28147_param gost28147_param_test_3411 = +{ + { + /* 0 */ + 0x00072000, 0x00075000, 0x00074800, 0x00071000, + 0x00076800, 0x00074000, 0x00070000, 0x00077000, + 0x00073000, 0x00075800, 0x00070800, 0x00076000, + 0x00073800, 0x00077800, 0x00072800, 0x00071800, + 0x0005a000, 0x0005d000, 0x0005c800, 0x00059000, + 0x0005e800, 0x0005c000, 0x00058000, 0x0005f000, + 0x0005b000, 0x0005d800, 0x00058800, 0x0005e000, + 0x0005b800, 0x0005f800, 0x0005a800, 0x00059800, + 0x00022000, 0x00025000, 0x00024800, 0x00021000, + 0x00026800, 0x00024000, 0x00020000, 0x00027000, + 0x00023000, 0x00025800, 0x00020800, 0x00026000, + 0x00023800, 0x00027800, 0x00022800, 0x00021800, + 0x00062000, 0x00065000, 0x00064800, 0x00061000, + 0x00066800, 0x00064000, 0x00060000, 0x00067000, + 0x00063000, 0x00065800, 0x00060800, 0x00066000, + 0x00063800, 0x00067800, 0x00062800, 0x00061800, + 0x00032000, 0x00035000, 0x00034800, 0x00031000, + 0x00036800, 0x00034000, 0x00030000, 0x00037000, + 0x00033000, 0x00035800, 0x00030800, 0x00036000, + 0x00033800, 0x00037800, 0x00032800, 0x00031800, + 0x0006a000, 0x0006d000, 0x0006c800, 0x00069000, + 0x0006e800, 0x0006c000, 0x00068000, 0x0006f000, + 0x0006b000, 0x0006d800, 0x00068800, 0x0006e000, + 0x0006b800, 0x0006f800, 0x0006a800, 0x00069800, + 0x0007a000, 0x0007d000, 0x0007c800, 0x00079000, + 0x0007e800, 0x0007c000, 0x00078000, 0x0007f000, + 0x0007b000, 0x0007d800, 0x00078800, 0x0007e000, + 0x0007b800, 0x0007f800, 0x0007a800, 0x00079800, + 0x00052000, 0x00055000, 0x00054800, 0x00051000, + 0x00056800, 0x00054000, 0x00050000, 0x00057000, + 0x00053000, 0x00055800, 0x00050800, 0x00056000, + 0x00053800, 0x00057800, 0x00052800, 0x00051800, + 0x00012000, 0x00015000, 0x00014800, 0x00011000, + 0x00016800, 0x00014000, 0x00010000, 0x00017000, + 0x00013000, 0x00015800, 0x00010800, 0x00016000, + 0x00013800, 0x00017800, 0x00012800, 0x00011800, + 0x0001a000, 0x0001d000, 0x0001c800, 0x00019000, + 0x0001e800, 0x0001c000, 0x00018000, 0x0001f000, + 0x0001b000, 0x0001d800, 0x00018800, 0x0001e000, + 0x0001b800, 0x0001f800, 0x0001a800, 0x00019800, + 0x00042000, 0x00045000, 0x00044800, 0x00041000, + 0x00046800, 0x00044000, 0x00040000, 0x00047000, + 0x00043000, 0x00045800, 0x00040800, 0x00046000, + 0x00043800, 0x00047800, 0x00042800, 0x00041800, + 0x0000a000, 0x0000d000, 0x0000c800, 0x00009000, + 0x0000e800, 0x0000c000, 0x00008000, 0x0000f000, + 0x0000b000, 0x0000d800, 0x00008800, 0x0000e000, + 0x0000b800, 0x0000f800, 0x0000a800, 0x00009800, + 0x00002000, 0x00005000, 0x00004800, 0x00001000, + 0x00006800, 0x00004000, 0x00000000, 0x00007000, + 0x00003000, 0x00005800, 0x00000800, 0x00006000, + 0x00003800, 0x00007800, 0x00002800, 0x00001800, + 0x0003a000, 0x0003d000, 0x0003c800, 0x00039000, + 0x0003e800, 0x0003c000, 0x00038000, 0x0003f000, + 0x0003b000, 0x0003d800, 0x00038800, 0x0003e000, + 0x0003b800, 0x0003f800, 0x0003a800, 0x00039800, + 0x0002a000, 0x0002d000, 0x0002c800, 0x00029000, + 0x0002e800, 0x0002c000, 0x00028000, 0x0002f000, + 0x0002b000, 0x0002d800, 0x00028800, 0x0002e000, + 0x0002b800, 0x0002f800, 0x0002a800, 0x00029800, + 0x0004a000, 0x0004d000, 0x0004c800, 0x00049000, + 0x0004e800, 0x0004c000, 0x00048000, 0x0004f000, + 0x0004b000, 0x0004d800, 0x00048800, 0x0004e000, + 0x0004b800, 0x0004f800, 0x0004a800, 0x00049800, + /* 1 */ + 0x03a80000, 0x03c00000, 0x03880000, 0x03e80000, + 0x03d00000, 0x03980000, 0x03a00000, 0x03900000, + 0x03f00000, 0x03f80000, 0x03e00000, 0x03b80000, + 0x03b00000, 0x03800000, 0x03c80000, 0x03d80000, + 0x06a80000, 0x06c00000, 0x06880000, 0x06e80000, + 0x06d00000, 0x06980000, 0x06a00000, 0x06900000, + 0x06f00000, 0x06f80000, 0x06e00000, 0x06b80000, + 0x06b00000, 0x06800000, 0x06c80000, 0x06d80000, + 0x05280000, 0x05400000, 0x05080000, 0x05680000, + 0x05500000, 0x05180000, 0x05200000, 0x05100000, + 0x05700000, 0x05780000, 0x05600000, 0x05380000, + 0x05300000, 0x05000000, 0x05480000, 0x05580000, + 0x00a80000, 0x00c00000, 0x00880000, 0x00e80000, + 0x00d00000, 0x00980000, 0x00a00000, 0x00900000, + 0x00f00000, 0x00f80000, 0x00e00000, 0x00b80000, + 0x00b00000, 0x00800000, 0x00c80000, 0x00d80000, + 0x00280000, 0x00400000, 0x00080000, 0x00680000, + 0x00500000, 0x00180000, 0x00200000, 0x00100000, + 0x00700000, 0x00780000, 0x00600000, 0x00380000, + 0x00300000, 0x00000000, 0x00480000, 0x00580000, + 0x04280000, 0x04400000, 0x04080000, 0x04680000, + 0x04500000, 0x04180000, 0x04200000, 0x04100000, + 0x04700000, 0x04780000, 0x04600000, 0x04380000, + 0x04300000, 0x04000000, 0x04480000, 0x04580000, + 0x04a80000, 0x04c00000, 0x04880000, 0x04e80000, + 0x04d00000, 0x04980000, 0x04a00000, 0x04900000, + 0x04f00000, 0x04f80000, 0x04e00000, 0x04b80000, + 0x04b00000, 0x04800000, 0x04c80000, 0x04d80000, + 0x07a80000, 0x07c00000, 0x07880000, 0x07e80000, + 0x07d00000, 0x07980000, 0x07a00000, 0x07900000, + 0x07f00000, 0x07f80000, 0x07e00000, 0x07b80000, + 0x07b00000, 0x07800000, 0x07c80000, 0x07d80000, + 0x07280000, 0x07400000, 0x07080000, 0x07680000, + 0x07500000, 0x07180000, 0x07200000, 0x07100000, + 0x07700000, 0x07780000, 0x07600000, 0x07380000, + 0x07300000, 0x07000000, 0x07480000, 0x07580000, + 0x02280000, 0x02400000, 0x02080000, 0x02680000, + 0x02500000, 0x02180000, 0x02200000, 0x02100000, + 0x02700000, 0x02780000, 0x02600000, 0x02380000, + 0x02300000, 0x02000000, 0x02480000, 0x02580000, + 0x03280000, 0x03400000, 0x03080000, 0x03680000, + 0x03500000, 0x03180000, 0x03200000, 0x03100000, + 0x03700000, 0x03780000, 0x03600000, 0x03380000, + 0x03300000, 0x03000000, 0x03480000, 0x03580000, + 0x06280000, 0x06400000, 0x06080000, 0x06680000, + 0x06500000, 0x06180000, 0x06200000, 0x06100000, + 0x06700000, 0x06780000, 0x06600000, 0x06380000, + 0x06300000, 0x06000000, 0x06480000, 0x06580000, + 0x05a80000, 0x05c00000, 0x05880000, 0x05e80000, + 0x05d00000, 0x05980000, 0x05a00000, 0x05900000, + 0x05f00000, 0x05f80000, 0x05e00000, 0x05b80000, + 0x05b00000, 0x05800000, 0x05c80000, 0x05d80000, + 0x01280000, 0x01400000, 0x01080000, 0x01680000, + 0x01500000, 0x01180000, 0x01200000, 0x01100000, + 0x01700000, 0x01780000, 0x01600000, 0x01380000, + 0x01300000, 0x01000000, 0x01480000, 0x01580000, + 0x02a80000, 0x02c00000, 0x02880000, 0x02e80000, + 0x02d00000, 0x02980000, 0x02a00000, 0x02900000, + 0x02f00000, 0x02f80000, 0x02e00000, 0x02b80000, + 0x02b00000, 0x02800000, 0x02c80000, 0x02d80000, + 0x01a80000, 0x01c00000, 0x01880000, 0x01e80000, + 0x01d00000, 0x01980000, 0x01a00000, 0x01900000, + 0x01f00000, 0x01f80000, 0x01e00000, 0x01b80000, + 0x01b00000, 0x01800000, 0x01c80000, 0x01d80000, + /* 2 */ + 0x30000002, 0x60000002, 0x38000002, 0x08000002, + 0x28000002, 0x78000002, 0x68000002, 0x40000002, + 0x20000002, 0x50000002, 0x48000002, 0x70000002, + 0x00000002, 0x18000002, 0x58000002, 0x10000002, + 0xb0000005, 0xe0000005, 0xb8000005, 0x88000005, + 0xa8000005, 0xf8000005, 0xe8000005, 0xc0000005, + 0xa0000005, 0xd0000005, 0xc8000005, 0xf0000005, + 0x80000005, 0x98000005, 0xd8000005, 0x90000005, + 0x30000005, 0x60000005, 0x38000005, 0x08000005, + 0x28000005, 0x78000005, 0x68000005, 0x40000005, + 0x20000005, 0x50000005, 0x48000005, 0x70000005, + 0x00000005, 0x18000005, 0x58000005, 0x10000005, + 0x30000000, 0x60000000, 0x38000000, 0x08000000, + 0x28000000, 0x78000000, 0x68000000, 0x40000000, + 0x20000000, 0x50000000, 0x48000000, 0x70000000, + 0x00000000, 0x18000000, 0x58000000, 0x10000000, + 0xb0000003, 0xe0000003, 0xb8000003, 0x88000003, + 0xa8000003, 0xf8000003, 0xe8000003, 0xc0000003, + 0xa0000003, 0xd0000003, 0xc8000003, 0xf0000003, + 0x80000003, 0x98000003, 0xd8000003, 0x90000003, + 0x30000001, 0x60000001, 0x38000001, 0x08000001, + 0x28000001, 0x78000001, 0x68000001, 0x40000001, + 0x20000001, 0x50000001, 0x48000001, 0x70000001, + 0x00000001, 0x18000001, 0x58000001, 0x10000001, + 0xb0000000, 0xe0000000, 0xb8000000, 0x88000000, + 0xa8000000, 0xf8000000, 0xe8000000, 0xc0000000, + 0xa0000000, 0xd0000000, 0xc8000000, 0xf0000000, + 0x80000000, 0x98000000, 0xd8000000, 0x90000000, + 0xb0000006, 0xe0000006, 0xb8000006, 0x88000006, + 0xa8000006, 0xf8000006, 0xe8000006, 0xc0000006, + 0xa0000006, 0xd0000006, 0xc8000006, 0xf0000006, + 0x80000006, 0x98000006, 0xd8000006, 0x90000006, + 0xb0000001, 0xe0000001, 0xb8000001, 0x88000001, + 0xa8000001, 0xf8000001, 0xe8000001, 0xc0000001, + 0xa0000001, 0xd0000001, 0xc8000001, 0xf0000001, + 0x80000001, 0x98000001, 0xd8000001, 0x90000001, + 0x30000003, 0x60000003, 0x38000003, 0x08000003, + 0x28000003, 0x78000003, 0x68000003, 0x40000003, + 0x20000003, 0x50000003, 0x48000003, 0x70000003, + 0x00000003, 0x18000003, 0x58000003, 0x10000003, + 0x30000004, 0x60000004, 0x38000004, 0x08000004, + 0x28000004, 0x78000004, 0x68000004, 0x40000004, + 0x20000004, 0x50000004, 0x48000004, 0x70000004, + 0x00000004, 0x18000004, 0x58000004, 0x10000004, + 0xb0000002, 0xe0000002, 0xb8000002, 0x88000002, + 0xa8000002, 0xf8000002, 0xe8000002, 0xc0000002, + 0xa0000002, 0xd0000002, 0xc8000002, 0xf0000002, + 0x80000002, 0x98000002, 0xd8000002, 0x90000002, + 0xb0000004, 0xe0000004, 0xb8000004, 0x88000004, + 0xa8000004, 0xf8000004, 0xe8000004, 0xc0000004, + 0xa0000004, 0xd0000004, 0xc8000004, 0xf0000004, + 0x80000004, 0x98000004, 0xd8000004, 0x90000004, + 0x30000006, 0x60000006, 0x38000006, 0x08000006, + 0x28000006, 0x78000006, 0x68000006, 0x40000006, + 0x20000006, 0x50000006, 0x48000006, 0x70000006, + 0x00000006, 0x18000006, 0x58000006, 0x10000006, + 0xb0000007, 0xe0000007, 0xb8000007, 0x88000007, + 0xa8000007, 0xf8000007, 0xe8000007, 0xc0000007, + 0xa0000007, 0xd0000007, 0xc8000007, 0xf0000007, + 0x80000007, 0x98000007, 0xd8000007, 0x90000007, + 0x30000007, 0x60000007, 0x38000007, 0x08000007, + 0x28000007, 0x78000007, 0x68000007, 0x40000007, + 0x20000007, 0x50000007, 0x48000007, 0x70000007, + 0x00000007, 0x18000007, 0x58000007, 0x10000007, + /* 3 */ + 0x000000e8, 0x000000d8, 0x000000a0, 0x00000088, + 0x00000098, 0x000000f8, 0x000000a8, 0x000000c8, + 0x00000080, 0x000000d0, 0x000000f0, 0x000000b8, + 0x000000b0, 0x000000c0, 0x00000090, 0x000000e0, + 0x000007e8, 0x000007d8, 0x000007a0, 0x00000788, + 0x00000798, 0x000007f8, 0x000007a8, 0x000007c8, + 0x00000780, 0x000007d0, 0x000007f0, 0x000007b8, + 0x000007b0, 0x000007c0, 0x00000790, 0x000007e0, + 0x000006e8, 0x000006d8, 0x000006a0, 0x00000688, + 0x00000698, 0x000006f8, 0x000006a8, 0x000006c8, + 0x00000680, 0x000006d0, 0x000006f0, 0x000006b8, + 0x000006b0, 0x000006c0, 0x00000690, 0x000006e0, + 0x00000068, 0x00000058, 0x00000020, 0x00000008, + 0x00000018, 0x00000078, 0x00000028, 0x00000048, + 0x00000000, 0x00000050, 0x00000070, 0x00000038, + 0x00000030, 0x00000040, 0x00000010, 0x00000060, + 0x000002e8, 0x000002d8, 0x000002a0, 0x00000288, + 0x00000298, 0x000002f8, 0x000002a8, 0x000002c8, + 0x00000280, 0x000002d0, 0x000002f0, 0x000002b8, + 0x000002b0, 0x000002c0, 0x00000290, 0x000002e0, + 0x000003e8, 0x000003d8, 0x000003a0, 0x00000388, + 0x00000398, 0x000003f8, 0x000003a8, 0x000003c8, + 0x00000380, 0x000003d0, 0x000003f0, 0x000003b8, + 0x000003b0, 0x000003c0, 0x00000390, 0x000003e0, + 0x00000568, 0x00000558, 0x00000520, 0x00000508, + 0x00000518, 0x00000578, 0x00000528, 0x00000548, + 0x00000500, 0x00000550, 0x00000570, 0x00000538, + 0x00000530, 0x00000540, 0x00000510, 0x00000560, + 0x00000268, 0x00000258, 0x00000220, 0x00000208, + 0x00000218, 0x00000278, 0x00000228, 0x00000248, + 0x00000200, 0x00000250, 0x00000270, 0x00000238, + 0x00000230, 0x00000240, 0x00000210, 0x00000260, + 0x000004e8, 0x000004d8, 0x000004a0, 0x00000488, + 0x00000498, 0x000004f8, 0x000004a8, 0x000004c8, + 0x00000480, 0x000004d0, 0x000004f0, 0x000004b8, + 0x000004b0, 0x000004c0, 0x00000490, 0x000004e0, + 0x00000168, 0x00000158, 0x00000120, 0x00000108, + 0x00000118, 0x00000178, 0x00000128, 0x00000148, + 0x00000100, 0x00000150, 0x00000170, 0x00000138, + 0x00000130, 0x00000140, 0x00000110, 0x00000160, + 0x000001e8, 0x000001d8, 0x000001a0, 0x00000188, + 0x00000198, 0x000001f8, 0x000001a8, 0x000001c8, + 0x00000180, 0x000001d0, 0x000001f0, 0x000001b8, + 0x000001b0, 0x000001c0, 0x00000190, 0x000001e0, + 0x00000768, 0x00000758, 0x00000720, 0x00000708, + 0x00000718, 0x00000778, 0x00000728, 0x00000748, + 0x00000700, 0x00000750, 0x00000770, 0x00000738, + 0x00000730, 0x00000740, 0x00000710, 0x00000760, + 0x00000368, 0x00000358, 0x00000320, 0x00000308, + 0x00000318, 0x00000378, 0x00000328, 0x00000348, + 0x00000300, 0x00000350, 0x00000370, 0x00000338, + 0x00000330, 0x00000340, 0x00000310, 0x00000360, + 0x000005e8, 0x000005d8, 0x000005a0, 0x00000588, + 0x00000598, 0x000005f8, 0x000005a8, 0x000005c8, + 0x00000580, 0x000005d0, 0x000005f0, 0x000005b8, + 0x000005b0, 0x000005c0, 0x00000590, 0x000005e0, + 0x00000468, 0x00000458, 0x00000420, 0x00000408, + 0x00000418, 0x00000478, 0x00000428, 0x00000448, + 0x00000400, 0x00000450, 0x00000470, 0x00000438, + 0x00000430, 0x00000440, 0x00000410, 0x00000460, + 0x00000668, 0x00000658, 0x00000620, 0x00000608, + 0x00000618, 0x00000678, 0x00000628, 0x00000648, + 0x00000600, 0x00000650, 0x00000670, 0x00000638, + 0x00000630, 0x00000640, 0x00000610, 0x00000660, + } +}; + +/* + * A macro that performs a full encryption round of GOST 28147-89. + * Temporary variables tmp assumed and variables r and l for left and right + * blocks. + */ +#define GOST_ENCRYPT_ROUND(key1, key2, sbox) \ + tmp = (key1) + r; \ + l ^= (sbox)[0*256 + (tmp & 0xff)] ^ (sbox)[1*256 + ((tmp >> 8) & 0xff)] ^ \ + (sbox)[2*256 + ((tmp >> 16) & 0xff)] ^ (sbox)[3*256 + (tmp >> 24)]; \ + tmp = (key2) + l; \ + r ^= (sbox)[0*256 + (tmp & 0xff)] ^ (sbox)[1*256 + ((tmp >> 8) & 0xff)] ^ \ + (sbox)[2*256 + ((tmp >> 16) & 0xff)] ^ (sbox)[3*256 + (tmp >> 24)]; + +/* encrypt a block with the given key */ +void gost28147_encrypt_simple (const uint32_t *key, const uint32_t *sbox, + const uint32_t *in, uint32_t *out) +{ + uint32_t l, r, tmp; + + r = in[0], l = in[1]; + GOST_ENCRYPT_ROUND(key[0], key[1], sbox) + GOST_ENCRYPT_ROUND(key[2], key[3], sbox) + GOST_ENCRYPT_ROUND(key[4], key[5], sbox) + GOST_ENCRYPT_ROUND(key[6], key[7], sbox) + GOST_ENCRYPT_ROUND(key[0], key[1], sbox) + GOST_ENCRYPT_ROUND(key[2], key[3], sbox) + GOST_ENCRYPT_ROUND(key[4], key[5], sbox) + GOST_ENCRYPT_ROUND(key[6], key[7], sbox) + GOST_ENCRYPT_ROUND(key[0], key[1], sbox) + GOST_ENCRYPT_ROUND(key[2], key[3], sbox) + GOST_ENCRYPT_ROUND(key[4], key[5], sbox) + GOST_ENCRYPT_ROUND(key[6], key[7], sbox) + GOST_ENCRYPT_ROUND(key[7], key[6], sbox) + GOST_ENCRYPT_ROUND(key[5], key[4], sbox) + GOST_ENCRYPT_ROUND(key[3], key[2], sbox) + GOST_ENCRYPT_ROUND(key[1], key[0], sbox) + *out = l, *(out + 1) = r; +} diff --git a/gost28147.h b/gost28147.h new file mode 100644 index 000000000000..83d8915b9d38 --- /dev/null +++ b/gost28147.h @@ -0,0 +1,63 @@ +/* gost28147.h + + The GOST 28147-89 cipher function, described in RFC 5831. + + Copyright (C) 2019 Dmitry Eremin-Solenikov + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifndef NETTLE_GOST28147_H_INCLUDED +#define NETTLE_GOST28147_H_INCLUDED + +#include "nettle-types.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define gost28147_param_test_3411 nettle_gost28147_param_test_3411 + +/* Private */ +#define gost28147_encrypt_simple nettle_gost28147_encrypt_simple + +struct gost28147_param +{ + uint32_t sbox[4*256]; +}; + +extern const struct gost28147_param gost28147_param_test_3411; + +/* Internal interface for use by GOST R 34.11-94 */ +void gost28147_encrypt_simple (const uint32_t *key, const uint32_t *sbox, + const uint32_t *in, uint32_t *out); + +#ifdef __cplusplus +} +#endif + +#endif /* NETTLE_GOST28147_H_INCLUDED */ diff --git a/gosthash94.c b/gosthash94.c index e60c9ae5cddf..870235eefa34 100644 --- a/gosthash94.c +++ b/gosthash94.c @@ -1,5 +1,7 @@ -/* gost.c - an implementation of GOST Hash Function +/* gosthash94.c - an implementation of GOST Hash Function + * * based on the Russian Standard GOST R 34.11-94. + * English description in RFC 5831. * See also RFC 4357. * * Copyright: 2009-2012 Aleksey Kravchenko rhash.admin@gmail.com @@ -38,209 +40,7 @@ #include "macros.h" #include "nettle-write.h" #include "gosthash94.h" - -/* pre-initialized GOST lookup tables based on rotated S-Box */ -static const uint32_t gosthash94_sbox[4][256] = { - { - 0x72000, 0x75000, 0x74800, 0x71000, 0x76800, - 0x74000, 0x70000, 0x77000, 0x73000, 0x75800, - 0x70800, 0x76000, 0x73800, 0x77800, 0x72800, - 0x71800, 0x5A000, 0x5D000, 0x5C800, 0x59000, - 0x5E800, 0x5C000, 0x58000, 0x5F000, 0x5B000, - 0x5D800, 0x58800, 0x5E000, 0x5B800, 0x5F800, - 0x5A800, 0x59800, 0x22000, 0x25000, 0x24800, - 0x21000, 0x26800, 0x24000, 0x20000, 0x27000, - 0x23000, 0x25800, 0x20800, 0x26000, 0x23800, - 0x27800, 0x22800, 0x21800, 0x62000, 0x65000, - 0x64800, 0x61000, 0x66800, 0x64000, 0x60000, - 0x67000, 0x63000, 0x65800, 0x60800, 0x66000, - 0x63800, 0x67800, 0x62800, 0x61800, 0x32000, - 0x35000, 0x34800, 0x31000, 0x36800, 0x34000, - 0x30000, 0x37000, 0x33000, 0x35800, 0x30800, - 0x36000, 0x33800, 0x37800, 0x32800, 0x31800, - 0x6A000, 0x6D000, 0x6C800, 0x69000, 0x6E800, - 0x6C000, 0x68000, 0x6F000, 0x6B000, 0x6D800, - 0x68800, 0x6E000, 0x6B800, 0x6F800, 0x6A800, - 0x69800, 0x7A000, 0x7D000, 0x7C800, 0x79000, - 0x7E800, 0x7C000, 0x78000, 0x7F000, 0x7B000, - 0x7D800, 0x78800, 0x7E000, 0x7B800, 0x7F800, - 0x7A800, 0x79800, 0x52000, 0x55000, 0x54800, - 0x51000, 0x56800, 0x54000, 0x50000, 0x57000, - 0x53000, 0x55800, 0x50800, 0x56000, 0x53800, - 0x57800, 0x52800, 0x51800, 0x12000, 0x15000, - 0x14800, 0x11000, 0x16800, 0x14000, 0x10000, - 0x17000, 0x13000, 0x15800, 0x10800, 0x16000, - 0x13800, 0x17800, 0x12800, 0x11800, 0x1A000, - 0x1D000, 0x1C800, 0x19000, 0x1E800, 0x1C000, - 0x18000, 0x1F000, 0x1B000, 0x1D800, 0x18800, - 0x1E000, 0x1B800, 0x1F800, 0x1A800, 0x19800, - 0x42000, 0x45000, 0x44800, 0x41000, 0x46800, - 0x44000, 0x40000, 0x47000, 0x43000, 0x45800, - 0x40800, 0x46000, 0x43800, 0x47800, 0x42800, - 0x41800, 0xA000, 0xD000, 0xC800, 0x9000, - 0xE800, 0xC000, 0x8000, 0xF000, 0xB000, - 0xD800, 0x8800, 0xE000, 0xB800, 0xF800, - 0xA800, 0x9800, 0x2000, 0x5000, 0x4800, - 0x1000, 0x6800, 0x4000, 0x0, 0x7000, - 0x3000, 0x5800, 0x800, 0x6000, 0x3800, - 0x7800, 0x2800, 0x1800, 0x3A000, 0x3D000, - 0x3C800, 0x39000, 0x3E800, 0x3C000, 0x38000, - 0x3F000, 0x3B000, 0x3D800, 0x38800, 0x3E000, - 0x3B800, 0x3F800, 0x3A800, 0x39800, 0x2A000, - 0x2D000, 0x2C800, 0x29000, 0x2E800, 0x2C000, - 0x28000, 0x2F000, 0x2B000, 0x2D800, 0x28800, - 0x2E000, 0x2B800, 0x2F800, 0x2A800, 0x29800, - 0x4A000, 0x4D000, 0x4C800, 0x49000, 0x4E800, - 0x4C000, 0x48000, 0x4F000, 0x4B000, 0x4D800, - 0x48800, 0x4E000, 0x4B800, 0x4F800, 0x4A800, - 0x49800 - }, { - 0x3A80000, 0x3C00000, 0x3880000, 0x3E80000, 0x3D00000, - 0x3980000, 0x3A00000, 0x3900000, 0x3F00000, 0x3F80000, - 0x3E00000, 0x3B80000, 0x3B00000, 0x3800000, 0x3C80000, - 0x3D80000, 0x6A80000, 0x6C00000, 0x6880000, 0x6E80000, - 0x6D00000, 0x6980000, 0x6A00000, 0x6900000, 0x6F00000, - 0x6F80000, 0x6E00000, 0x6B80000, 0x6B00000, 0x6800000, - 0x6C80000, 0x6D80000, 0x5280000, 0x5400000, 0x5080000, - 0x5680000, 0x5500000, 0x5180000, 0x5200000, 0x5100000, - 0x5700000, 0x5780000, 0x5600000, 0x5380000, 0x5300000, - 0x5000000, 0x5480000, 0x5580000, 0xA80000, 0xC00000, - 0x880000, 0xE80000, 0xD00000, 0x980000, 0xA00000, - 0x900000, 0xF00000, 0xF80000, 0xE00000, 0xB80000, - 0xB00000, 0x800000, 0xC80000, 0xD80000, 0x280000, - 0x400000, 0x80000, 0x680000, 0x500000, 0x180000, - 0x200000, 0x100000, 0x700000, 0x780000, 0x600000, - 0x380000, 0x300000, 0x0, 0x480000, 0x580000, - 0x4280000, 0x4400000, 0x4080000, 0x4680000, 0x4500000, - 0x4180000, 0x4200000, 0x4100000, 0x4700000, 0x4780000, - 0x4600000, 0x4380000, 0x4300000, 0x4000000, 0x4480000, - 0x4580000, 0x4A80000, 0x4C00000, 0x4880000, 0x4E80000, - 0x4D00000, 0x4980000, 0x4A00000, 0x4900000, 0x4F00000, - 0x4F80000, 0x4E00000, 0x4B80000, 0x4B00000, 0x4800000, - 0x4C80000, 0x4D80000, 0x7A80000, 0x7C00000, 0x7880000, - 0x7E80000, 0x7D00000, 0x7980000, 0x7A00000, 0x7900000, - 0x7F00000, 0x7F80000, 0x7E00000, 0x7B80000, 0x7B00000, - 0x7800000, 0x7C80000, 0x7D80000, 0x7280000, 0x7400000, - 0x7080000, 0x7680000, 0x7500000, 0x7180000, 0x7200000, - 0x7100000, 0x7700000, 0x7780000, 0x7600000, 0x7380000, - 0x7300000, 0x7000000, 0x7480000, 0x7580000, 0x2280000, - 0x2400000, 0x2080000, 0x2680000, 0x2500000, 0x2180000, - 0x2200000, 0x2100000, 0x2700000, 0x2780000, 0x2600000, - 0x2380000, 0x2300000, 0x2000000, 0x2480000, 0x2580000, - 0x3280000, 0x3400000, 0x3080000, 0x3680000, 0x3500000, - 0x3180000, 0x3200000, 0x3100000, 0x3700000, 0x3780000, - 0x3600000, 0x3380000, 0x3300000, 0x3000000, 0x3480000, - 0x3580000, 0x6280000, 0x6400000, 0x6080000, 0x6680000, - 0x6500000, 0x6180000, 0x6200000, 0x6100000, 0x6700000, - 0x6780000, 0x6600000, 0x6380000, 0x6300000, 0x6000000, - 0x6480000, 0x6580000, 0x5A80000, 0x5C00000, 0x5880000, - 0x5E80000, 0x5D00000, 0x5980000, 0x5A00000, 0x5900000, - 0x5F00000, 0x5F80000, 0x5E00000, 0x5B80000, 0x5B00000, - 0x5800000, 0x5C80000, 0x5D80000, 0x1280000, 0x1400000, - 0x1080000, 0x1680000, 0x1500000, 0x1180000, 0x1200000, - 0x1100000, 0x1700000, 0x1780000, 0x1600000, 0x1380000, - 0x1300000, 0x1000000, 0x1480000, 0x1580000, 0x2A80000, - 0x2C00000, 0x2880000, 0x2E80000, 0x2D00000, 0x2980000, - 0x2A00000, 0x2900000, 0x2F00000, 0x2F80000, 0x2E00000, - 0x2B80000, 0x2B00000, 0x2800000, 0x2C80000, 0x2D80000, - 0x1A80000, 0x1C00000, 0x1880000, 0x1E80000, 0x1D00000, - 0x1980000, 0x1A00000, 0x1900000, 0x1F00000, 0x1F80000, - 0x1E00000, 0x1B80000, 0x1B00000, 0x1800000, 0x1C80000, - 0x1D80000 - }, { - 0x30000002, 0x60000002, 0x38000002, 0x8000002, - 0x28000002, 0x78000002, 0x68000002, 0x40000002, - 0x20000002, 0x50000002, 0x48000002, 0x70000002, - 0x2, 0x18000002, 0x58000002, 0x10000002, - 0xB0000005, 0xE0000005, 0xB8000005, 0x88000005, - 0xA8000005, 0xF8000005, 0xE8000005, 0xC0000005, - 0xA0000005, 0xD0000005, 0xC8000005, 0xF0000005, - 0x80000005, 0x98000005, 0xD8000005, 0x90000005, - 0x30000005, 0x60000005, 0x38000005, 0x8000005, - 0x28000005, 0x78000005, 0x68000005, 0x40000005, - 0x20000005, 0x50000005, 0x48000005, 0x70000005, - 0x5, 0x18000005, 0x58000005, 0x10000005, - 0x30000000, 0x60000000, 0x38000000, 0x8000000, - 0x28000000, 0x78000000, 0x68000000, 0x40000000, - 0x20000000, 0x50000000, 0x48000000, 0x70000000, - 0x0, 0x18000000, 0x58000000, 0x10000000, - 0xB0000003, 0xE0000003, 0xB8000003, 0x88000003, - 0xA8000003, 0xF8000003, 0xE8000003, 0xC0000003, - 0xA0000003, 0xD0000003, 0xC8000003, 0xF0000003, - 0x80000003, 0x98000003, 0xD8000003, 0x90000003, - 0x30000001, 0x60000001, 0x38000001, 0x8000001, - 0x28000001, 0x78000001, 0x68000001, 0x40000001, - 0x20000001, 0x50000001, 0x48000001, 0x70000001, - 0x1, 0x18000001, 0x58000001, 0x10000001, - 0xB0000000, 0xE0000000, 0xB8000000, 0x88000000, - 0xA8000000, 0xF8000000, 0xE8000000, 0xC0000000, - 0xA0000000, 0xD0000000, 0xC8000000, 0xF0000000, - 0x80000000, 0x98000000, 0xD8000000, 0x90000000, - 0xB0000006, 0xE0000006, 0xB8000006, 0x88000006, - 0xA8000006, 0xF8000006, 0xE8000006, 0xC0000006, - 0xA0000006, 0xD0000006, 0xC8000006, 0xF0000006, - 0x80000006, 0x98000006, 0xD8000006, 0x90000006, - 0xB0000001, 0xE0000001, 0xB8000001, 0x88000001, - 0xA8000001, 0xF8000001, 0xE8000001, 0xC0000001, - 0xA0000001, 0xD0000001, 0xC8000001, 0xF0000001, - 0x80000001, 0x98000001, 0xD8000001, 0x90000001, - 0x30000003, 0x60000003, 0x38000003, 0x8000003, - 0x28000003, 0x78000003, 0x68000003, 0x40000003, - 0x20000003, 0x50000003, 0x48000003, 0x70000003, - 0x3, 0x18000003, 0x58000003, 0x10000003, - 0x30000004, 0x60000004, 0x38000004, 0x8000004, - 0x28000004, 0x78000004, 0x68000004, 0x40000004, - 0x20000004, 0x50000004, 0x48000004, 0x70000004, - 0x4, 0x18000004, 0x58000004, 0x10000004, - 0xB0000002, 0xE0000002, 0xB8000002, 0x88000002, - 0xA8000002, 0xF8000002, 0xE8000002, 0xC0000002, - 0xA0000002, 0xD0000002, 0xC8000002, 0xF0000002, - 0x80000002, 0x98000002, 0xD8000002, 0x90000002, - 0xB0000004, 0xE0000004, 0xB8000004, 0x88000004, - 0xA8000004, 0xF8000004, 0xE8000004, 0xC0000004, - 0xA0000004, 0xD0000004, 0xC8000004, 0xF0000004, - 0x80000004, 0x98000004, 0xD8000004, 0x90000004, - 0x30000006, 0x60000006, 0x38000006, 0x8000006, - 0x28000006, 0x78000006, 0x68000006, 0x40000006, - 0x20000006, 0x50000006, 0x48000006, 0x70000006, - 0x6, 0x18000006, 0x58000006, 0x10000006, - 0xB0000007, 0xE0000007, 0xB8000007, 0x88000007, - 0xA8000007, 0xF8000007, 0xE8000007, 0xC0000007, - 0xA0000007, 0xD0000007, 0xC8000007, 0xF0000007, - 0x80000007, 0x98000007, 0xD8000007, 0x90000007, - 0x30000007, 0x60000007, 0x38000007, 0x8000007, - 0x28000007, 0x78000007, 0x68000007, 0x40000007, - 0x20000007, 0x50000007, 0x48000007, 0x70000007, - 0x7, 0x18000007, 0x58000007, 0x10000007 - }, { - 0xE8, 0xD8, 0xA0, 0x88, 0x98, 0xF8, 0xA8, 0xC8, 0x80, 0xD0, - 0xF0, 0xB8, 0xB0, 0xC0, 0x90, 0xE0, 0x7E8, 0x7D8, 0x7A0, 0x788, - 0x798, 0x7F8, 0x7A8, 0x7C8, 0x780, 0x7D0, 0x7F0, 0x7B8, 0x7B0, 0x7C0, - 0x790, 0x7E0, 0x6E8, 0x6D8, 0x6A0, 0x688, 0x698, 0x6F8, 0x6A8, 0x6C8, - 0x680, 0x6D0, 0x6F0, 0x6B8, 0x6B0, 0x6C0, 0x690, 0x6E0, 0x68, 0x58, - 0x20, 0x8, 0x18, 0x78, 0x28, 0x48, 0x0, 0x50, 0x70, 0x38, - 0x30, 0x40, 0x10, 0x60, 0x2E8, 0x2D8, 0x2A0, 0x288, 0x298, 0x2F8, - 0x2A8, 0x2C8, 0x280, 0x2D0, 0x2F0, 0x2B8, 0x2B0, 0x2C0, 0x290, 0x2E0, - 0x3E8, 0x3D8, 0x3A0, 0x388, 0x398, 0x3F8, 0x3A8, 0x3C8, 0x380, 0x3D0, - 0x3F0, 0x3B8, 0x3B0, 0x3C0, 0x390, 0x3E0, 0x568, 0x558, 0x520, 0x508, - 0x518, 0x578, 0x528, 0x548, 0x500, 0x550, 0x570, 0x538, 0x530, 0x540, - 0x510, 0x560, 0x268, 0x258, 0x220, 0x208, 0x218, 0x278, 0x228, 0x248, - 0x200, 0x250, 0x270, 0x238, 0x230, 0x240, 0x210, 0x260, 0x4E8, 0x4D8, - 0x4A0, 0x488, 0x498, 0x4F8, 0x4A8, 0x4C8, 0x480, 0x4D0, 0x4F0, 0x4B8, - 0x4B0, 0x4C0, 0x490, 0x4E0, 0x168, 0x158, 0x120, 0x108, 0x118, 0x178, - 0x128, 0x148, 0x100, 0x150, 0x170, 0x138, 0x130, 0x140, 0x110, 0x160, - 0x1E8, 0x1D8, 0x1A0, 0x188, 0x198, 0x1F8, 0x1A8, 0x1C8, 0x180, 0x1D0, - 0x1F0, 0x1B8, 0x1B0, 0x1C0, 0x190, 0x1E0, 0x768, 0x758, 0x720, 0x708, - 0x718, 0x778, 0x728, 0x748, 0x700, 0x750, 0x770, 0x738, 0x730, 0x740, - 0x710, 0x760, 0x368, 0x358, 0x320, 0x308, 0x318, 0x378, 0x328, 0x348, - 0x300, 0x350, 0x370, 0x338, 0x330, 0x340, 0x310, 0x360, 0x5E8, 0x5D8, - 0x5A0, 0x588, 0x598, 0x5F8, 0x5A8, 0x5C8, 0x580, 0x5D0, 0x5F0, 0x5B8, - 0x5B0, 0x5C0, 0x590, 0x5E0, 0x468, 0x458, 0x420, 0x408, 0x418, 0x478, - 0x428, 0x448, 0x400, 0x450, 0x470, 0x438, 0x430, 0x440, 0x410, 0x460, - 0x668, 0x658, 0x620, 0x608, 0x618, 0x678, 0x628, 0x648, 0x600, 0x650, - 0x670, 0x638, 0x630, 0x640, 0x610, 0x660 - } -}; +#include "gost28147.h"
/** * Initialize algorithm context before calculating hash @@ -254,40 +54,6 @@ gosthash94_init (struct gosthash94_ctx *ctx) memset (ctx, 0, sizeof (struct gosthash94_ctx)); }
-/* - * A macro that performs a full encryption round of GOST 28147-89. - * Temporary variables tmp assumed and variables r and l for left and right - * blocks. - */ -#define GOST_ENCRYPT_ROUND(key1, key2, sbox) \ - tmp = (key1) + r; \ - l ^= (sbox)[0][tmp & 0xff] ^ (sbox)[1][(tmp >> 8) & 0xff] ^ \ - (sbox)[2][(tmp >> 16) & 0xff] ^ (sbox)[3][tmp >> 24]; \ - tmp = (key2) + l; \ - r ^= (sbox)[0][tmp & 0xff] ^ (sbox)[1][(tmp >> 8) & 0xff] ^ \ - (sbox)[2][(tmp >> 16) & 0xff] ^ (sbox)[3][tmp >> 24]; - -/* encrypt a block with the given key */ -#define GOST_ENCRYPT(result, i, key, hash, sbox) \ - r = hash[i], l = hash[i + 1]; \ - GOST_ENCRYPT_ROUND(key[0], key[1], sbox) \ - GOST_ENCRYPT_ROUND(key[2], key[3], sbox) \ - GOST_ENCRYPT_ROUND(key[4], key[5], sbox) \ - GOST_ENCRYPT_ROUND(key[6], key[7], sbox) \ - GOST_ENCRYPT_ROUND(key[0], key[1], sbox) \ - GOST_ENCRYPT_ROUND(key[2], key[3], sbox) \ - GOST_ENCRYPT_ROUND(key[4], key[5], sbox) \ - GOST_ENCRYPT_ROUND(key[6], key[7], sbox) \ - GOST_ENCRYPT_ROUND(key[0], key[1], sbox) \ - GOST_ENCRYPT_ROUND(key[2], key[3], sbox) \ - GOST_ENCRYPT_ROUND(key[4], key[5], sbox) \ - GOST_ENCRYPT_ROUND(key[6], key[7], sbox) \ - GOST_ENCRYPT_ROUND(key[7], key[6], sbox) \ - GOST_ENCRYPT_ROUND(key[5], key[4], sbox) \ - GOST_ENCRYPT_ROUND(key[3], key[2], sbox) \ - GOST_ENCRYPT_ROUND(key[1], key[0], sbox) \ - result[i] = l, result[i + 1] = r; - /** * The core transformation. Process a 512-bit block. * @@ -299,7 +65,6 @@ gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) { unsigned i; uint32_t key[8], u[8], v[8], w[8], s[8]; - uint32_t l, r, tmp;
/* u := hash, v := <256-bit message block> */ memcpy (u, ctx->hash, sizeof (u)); @@ -341,7 +106,7 @@ gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) ((w[5] & 0xff000000) >> 8) | (w[7] & 0xff000000);
/* encryption: s_i := E_{key_i} (h_i) */ - GOST_ENCRYPT (s, i, key, ctx->hash, gosthash94_sbox); + gost28147_encrypt_simple (key, gost28147_param_test_3411.sbox, &ctx->hash[i], &s[i]);
if (i == 0) {
Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- nettle-meta-hashes.c | 1 + testsuite/meta-hash-test.c | 1 + 2 files changed, 2 insertions(+)
diff --git a/nettle-meta-hashes.c b/nettle-meta-hashes.c index 37552edec5ca..f0ef026d359f 100644 --- a/nettle-meta-hashes.c +++ b/nettle-meta-hashes.c @@ -41,6 +41,7 @@ const struct nettle_hash * const _nettle_hashes[] = { &nettle_md2, &nettle_md4, &nettle_md5, + &nettle_gosthash94, &nettle_ripemd160, &nettle_sha1, &nettle_sha224, diff --git a/testsuite/meta-hash-test.c b/testsuite/meta-hash-test.c index 4754f66596ee..5b6258889e5d 100644 --- a/testsuite/meta-hash-test.c +++ b/testsuite/meta-hash-test.c @@ -8,6 +8,7 @@ const char* hashes[] = { "md2", "md4", "md5", + "gosthash94", "ripemd160", "sha1", "sha224",
Hash gosthash94 implements GOST R 34.11-94 standard using S-Box defined in the standard 'for testing purposes only'. RFC 4357 defines S-Box (CryptoPro one) for GOST R 34.11-94 hash function that is widely used in applications. Add separate hash function algorithm (gosthash94cp) implementing GOST R 34.11-94 hashing using that S-Box.
Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- examples/nettle-benchmark.c | 1 + gost28147.c | 266 ++++++++++++++++++++++++++++++++++++ gost28147.h | 2 + gosthash94-meta.c | 3 + gosthash94.c | 83 +++++++++-- gosthash94.h | 13 ++ nettle-meta-hashes.c | 1 + nettle-meta.h | 1 + nettle.texinfo | 41 +++++- testsuite/gosthash94-test.c | 12 ++ testsuite/meta-hash-test.c | 1 + 11 files changed, 406 insertions(+), 18 deletions(-)
diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c index 6e0f560b6bdc..5d0e649ea726 100644 --- a/examples/nettle-benchmark.c +++ b/examples/nettle-benchmark.c @@ -918,6 +918,7 @@ main(int argc, char **argv) &nettle_sha3_224, &nettle_sha3_256, &nettle_sha3_384, &nettle_sha3_512, &nettle_ripemd160, &nettle_gosthash94, + &nettle_gosthash94cp, NULL };
diff --git a/gost28147.c b/gost28147.c index c734c4365fa7..cbe6b0d9b3df 100644 --- a/gost28147.c +++ b/gost28147.c @@ -302,6 +302,272 @@ const struct gost28147_param gost28147_param_test_3411 = } };
+const struct gost28147_param gost28147_param_CryptoPro_3411 = +{ + { + /* 0 */ + 0x0002d000, 0x0002a000, 0x0002a800, 0x0002b000, + 0x0002c000, 0x00028800, 0x00029800, 0x0002b800, + 0x0002e800, 0x0002e000, 0x0002f000, 0x00028000, + 0x0002c800, 0x00029000, 0x0002d800, 0x0002f800, + 0x0007d000, 0x0007a000, 0x0007a800, 0x0007b000, + 0x0007c000, 0x00078800, 0x00079800, 0x0007b800, + 0x0007e800, 0x0007e000, 0x0007f000, 0x00078000, + 0x0007c800, 0x00079000, 0x0007d800, 0x0007f800, + 0x00025000, 0x00022000, 0x00022800, 0x00023000, + 0x00024000, 0x00020800, 0x00021800, 0x00023800, + 0x00026800, 0x00026000, 0x00027000, 0x00020000, + 0x00024800, 0x00021000, 0x00025800, 0x00027800, + 0x00005000, 0x00002000, 0x00002800, 0x00003000, + 0x00004000, 0x00000800, 0x00001800, 0x00003800, + 0x00006800, 0x00006000, 0x00007000, 0x00000000, + 0x00004800, 0x00001000, 0x00005800, 0x00007800, + 0x00015000, 0x00012000, 0x00012800, 0x00013000, + 0x00014000, 0x00010800, 0x00011800, 0x00013800, + 0x00016800, 0x00016000, 0x00017000, 0x00010000, + 0x00014800, 0x00011000, 0x00015800, 0x00017800, + 0x0006d000, 0x0006a000, 0x0006a800, 0x0006b000, + 0x0006c000, 0x00068800, 0x00069800, 0x0006b800, + 0x0006e800, 0x0006e000, 0x0006f000, 0x00068000, + 0x0006c800, 0x00069000, 0x0006d800, 0x0006f800, + 0x0005d000, 0x0005a000, 0x0005a800, 0x0005b000, + 0x0005c000, 0x00058800, 0x00059800, 0x0005b800, + 0x0005e800, 0x0005e000, 0x0005f000, 0x00058000, + 0x0005c800, 0x00059000, 0x0005d800, 0x0005f800, + 0x0004d000, 0x0004a000, 0x0004a800, 0x0004b000, + 0x0004c000, 0x00048800, 0x00049800, 0x0004b800, + 0x0004e800, 0x0004e000, 0x0004f000, 0x00048000, + 0x0004c800, 0x00049000, 0x0004d800, 0x0004f800, + 0x0000d000, 0x0000a000, 0x0000a800, 0x0000b000, + 0x0000c000, 0x00008800, 0x00009800, 0x0000b800, + 0x0000e800, 0x0000e000, 0x0000f000, 0x00008000, + 0x0000c800, 0x00009000, 0x0000d800, 0x0000f800, + 0x0003d000, 0x0003a000, 0x0003a800, 0x0003b000, + 0x0003c000, 0x00038800, 0x00039800, 0x0003b800, + 0x0003e800, 0x0003e000, 0x0003f000, 0x00038000, + 0x0003c800, 0x00039000, 0x0003d800, 0x0003f800, + 0x00035000, 0x00032000, 0x00032800, 0x00033000, + 0x00034000, 0x00030800, 0x00031800, 0x00033800, + 0x00036800, 0x00036000, 0x00037000, 0x00030000, + 0x00034800, 0x00031000, 0x00035800, 0x00037800, + 0x0001d000, 0x0001a000, 0x0001a800, 0x0001b000, + 0x0001c000, 0x00018800, 0x00019800, 0x0001b800, + 0x0001e800, 0x0001e000, 0x0001f000, 0x00018000, + 0x0001c800, 0x00019000, 0x0001d800, 0x0001f800, + 0x00065000, 0x00062000, 0x00062800, 0x00063000, + 0x00064000, 0x00060800, 0x00061800, 0x00063800, + 0x00066800, 0x00066000, 0x00067000, 0x00060000, + 0x00064800, 0x00061000, 0x00065800, 0x00067800, + 0x00075000, 0x00072000, 0x00072800, 0x00073000, + 0x00074000, 0x00070800, 0x00071800, 0x00073800, + 0x00076800, 0x00076000, 0x00077000, 0x00070000, + 0x00074800, 0x00071000, 0x00075800, 0x00077800, + 0x00055000, 0x00052000, 0x00052800, 0x00053000, + 0x00054000, 0x00050800, 0x00051800, 0x00053800, + 0x00056800, 0x00056000, 0x00057000, 0x00050000, + 0x00054800, 0x00051000, 0x00055800, 0x00057800, + 0x00045000, 0x00042000, 0x00042800, 0x00043000, + 0x00044000, 0x00040800, 0x00041800, 0x00043800, + 0x00046800, 0x00046000, 0x00047000, 0x00040000, + 0x00044800, 0x00041000, 0x00045800, 0x00047800, + /* 1 */ + 0x02380000, 0x02780000, 0x02600000, 0x02700000, + 0x02480000, 0x02200000, 0x02080000, 0x02000000, + 0x02180000, 0x02580000, 0x02280000, 0x02100000, + 0x02300000, 0x02500000, 0x02400000, 0x02680000, + 0x05380000, 0x05780000, 0x05600000, 0x05700000, + 0x05480000, 0x05200000, 0x05080000, 0x05000000, + 0x05180000, 0x05580000, 0x05280000, 0x05100000, + 0x05300000, 0x05500000, 0x05400000, 0x05680000, + 0x03b80000, 0x03f80000, 0x03e00000, 0x03f00000, + 0x03c80000, 0x03a00000, 0x03880000, 0x03800000, + 0x03980000, 0x03d80000, 0x03a80000, 0x03900000, + 0x03b00000, 0x03d00000, 0x03c00000, 0x03e80000, + 0x06380000, 0x06780000, 0x06600000, 0x06700000, + 0x06480000, 0x06200000, 0x06080000, 0x06000000, + 0x06180000, 0x06580000, 0x06280000, 0x06100000, + 0x06300000, 0x06500000, 0x06400000, 0x06680000, + 0x00380000, 0x00780000, 0x00600000, 0x00700000, + 0x00480000, 0x00200000, 0x00080000, 0x00000000, + 0x00180000, 0x00580000, 0x00280000, 0x00100000, + 0x00300000, 0x00500000, 0x00400000, 0x00680000, + 0x07b80000, 0x07f80000, 0x07e00000, 0x07f00000, + 0x07c80000, 0x07a00000, 0x07880000, 0x07800000, + 0x07980000, 0x07d80000, 0x07a80000, 0x07900000, + 0x07b00000, 0x07d00000, 0x07c00000, 0x07e80000, + 0x01380000, 0x01780000, 0x01600000, 0x01700000, + 0x01480000, 0x01200000, 0x01080000, 0x01000000, + 0x01180000, 0x01580000, 0x01280000, 0x01100000, + 0x01300000, 0x01500000, 0x01400000, 0x01680000, + 0x04380000, 0x04780000, 0x04600000, 0x04700000, + 0x04480000, 0x04200000, 0x04080000, 0x04000000, + 0x04180000, 0x04580000, 0x04280000, 0x04100000, + 0x04300000, 0x04500000, 0x04400000, 0x04680000, + 0x07380000, 0x07780000, 0x07600000, 0x07700000, + 0x07480000, 0x07200000, 0x07080000, 0x07000000, + 0x07180000, 0x07580000, 0x07280000, 0x07100000, + 0x07300000, 0x07500000, 0x07400000, 0x07680000, + 0x00b80000, 0x00f80000, 0x00e00000, 0x00f00000, + 0x00c80000, 0x00a00000, 0x00880000, 0x00800000, + 0x00980000, 0x00d80000, 0x00a80000, 0x00900000, + 0x00b00000, 0x00d00000, 0x00c00000, 0x00e80000, + 0x03380000, 0x03780000, 0x03600000, 0x03700000, + 0x03480000, 0x03200000, 0x03080000, 0x03000000, + 0x03180000, 0x03580000, 0x03280000, 0x03100000, + 0x03300000, 0x03500000, 0x03400000, 0x03680000, + 0x02b80000, 0x02f80000, 0x02e00000, 0x02f00000, + 0x02c80000, 0x02a00000, 0x02880000, 0x02800000, + 0x02980000, 0x02d80000, 0x02a80000, 0x02900000, + 0x02b00000, 0x02d00000, 0x02c00000, 0x02e80000, + 0x06b80000, 0x06f80000, 0x06e00000, 0x06f00000, + 0x06c80000, 0x06a00000, 0x06880000, 0x06800000, + 0x06980000, 0x06d80000, 0x06a80000, 0x06900000, + 0x06b00000, 0x06d00000, 0x06c00000, 0x06e80000, + 0x05b80000, 0x05f80000, 0x05e00000, 0x05f00000, + 0x05c80000, 0x05a00000, 0x05880000, 0x05800000, + 0x05980000, 0x05d80000, 0x05a80000, 0x05900000, + 0x05b00000, 0x05d00000, 0x05c00000, 0x05e80000, + 0x04b80000, 0x04f80000, 0x04e00000, 0x04f00000, + 0x04c80000, 0x04a00000, 0x04880000, 0x04800000, + 0x04980000, 0x04d80000, 0x04a80000, 0x04900000, + 0x04b00000, 0x04d00000, 0x04c00000, 0x04e80000, + 0x01b80000, 0x01f80000, 0x01e00000, 0x01f00000, + 0x01c80000, 0x01a00000, 0x01880000, 0x01800000, + 0x01980000, 0x01d80000, 0x01a80000, 0x01900000, + 0x01b00000, 0x01d00000, 0x01c00000, 0x01e80000, + /* 2 */ + 0xb8000003, 0xb0000003, 0xa0000003, 0xd8000003, + 0xc8000003, 0xe0000003, 0x90000003, 0xd0000003, + 0x88000003, 0xc0000003, 0x80000003, 0xf0000003, + 0xf8000003, 0xe8000003, 0x98000003, 0xa8000003, + 0x38000003, 0x30000003, 0x20000003, 0x58000003, + 0x48000003, 0x60000003, 0x10000003, 0x50000003, + 0x08000003, 0x40000003, 0x00000003, 0x70000003, + 0x78000003, 0x68000003, 0x18000003, 0x28000003, + 0x38000001, 0x30000001, 0x20000001, 0x58000001, + 0x48000001, 0x60000001, 0x10000001, 0x50000001, + 0x08000001, 0x40000001, 0x00000001, 0x70000001, + 0x78000001, 0x68000001, 0x18000001, 0x28000001, + 0x38000002, 0x30000002, 0x20000002, 0x58000002, + 0x48000002, 0x60000002, 0x10000002, 0x50000002, + 0x08000002, 0x40000002, 0x00000002, 0x70000002, + 0x78000002, 0x68000002, 0x18000002, 0x28000002, + 0xb8000006, 0xb0000006, 0xa0000006, 0xd8000006, + 0xc8000006, 0xe0000006, 0x90000006, 0xd0000006, + 0x88000006, 0xc0000006, 0x80000006, 0xf0000006, + 0xf8000006, 0xe8000006, 0x98000006, 0xa8000006, + 0xb8000004, 0xb0000004, 0xa0000004, 0xd8000004, + 0xc8000004, 0xe0000004, 0x90000004, 0xd0000004, + 0x88000004, 0xc0000004, 0x80000004, 0xf0000004, + 0xf8000004, 0xe8000004, 0x98000004, 0xa8000004, + 0xb8000007, 0xb0000007, 0xa0000007, 0xd8000007, + 0xc8000007, 0xe0000007, 0x90000007, 0xd0000007, + 0x88000007, 0xc0000007, 0x80000007, 0xf0000007, + 0xf8000007, 0xe8000007, 0x98000007, 0xa8000007, + 0x38000000, 0x30000000, 0x20000000, 0x58000000, + 0x48000000, 0x60000000, 0x10000000, 0x50000000, + 0x08000000, 0x40000000, 0x00000000, 0x70000000, + 0x78000000, 0x68000000, 0x18000000, 0x28000000, + 0x38000005, 0x30000005, 0x20000005, 0x58000005, + 0x48000005, 0x60000005, 0x10000005, 0x50000005, + 0x08000005, 0x40000005, 0x00000005, 0x70000005, + 0x78000005, 0x68000005, 0x18000005, 0x28000005, + 0xb8000000, 0xb0000000, 0xa0000000, 0xd8000000, + 0xc8000000, 0xe0000000, 0x90000000, 0xd0000000, + 0x88000000, 0xc0000000, 0x80000000, 0xf0000000, + 0xf8000000, 0xe8000000, 0x98000000, 0xa8000000, + 0xb8000002, 0xb0000002, 0xa0000002, 0xd8000002, + 0xc8000002, 0xe0000002, 0x90000002, 0xd0000002, + 0x88000002, 0xc0000002, 0x80000002, 0xf0000002, + 0xf8000002, 0xe8000002, 0x98000002, 0xa8000002, + 0xb8000005, 0xb0000005, 0xa0000005, 0xd8000005, + 0xc8000005, 0xe0000005, 0x90000005, 0xd0000005, + 0x88000005, 0xc0000005, 0x80000005, 0xf0000005, + 0xf8000005, 0xe8000005, 0x98000005, 0xa8000005, + 0x38000004, 0x30000004, 0x20000004, 0x58000004, + 0x48000004, 0x60000004, 0x10000004, 0x50000004, + 0x08000004, 0x40000004, 0x00000004, 0x70000004, + 0x78000004, 0x68000004, 0x18000004, 0x28000004, + 0x38000007, 0x30000007, 0x20000007, 0x58000007, + 0x48000007, 0x60000007, 0x10000007, 0x50000007, + 0x08000007, 0x40000007, 0x00000007, 0x70000007, + 0x78000007, 0x68000007, 0x18000007, 0x28000007, + 0x38000006, 0x30000006, 0x20000006, 0x58000006, + 0x48000006, 0x60000006, 0x10000006, 0x50000006, + 0x08000006, 0x40000006, 0x00000006, 0x70000006, + 0x78000006, 0x68000006, 0x18000006, 0x28000006, + 0xb8000001, 0xb0000001, 0xa0000001, 0xd8000001, + 0xc8000001, 0xe0000001, 0x90000001, 0xd0000001, + 0x88000001, 0xc0000001, 0x80000001, 0xf0000001, + 0xf8000001, 0xe8000001, 0x98000001, 0xa8000001, + /* 3 */ + 0x000000e8, 0x000000f0, 0x000000a0, 0x00000088, + 0x000000b8, 0x00000080, 0x000000a8, 0x000000d0, + 0x00000098, 0x000000e0, 0x000000c0, 0x000000f8, + 0x000000b0, 0x00000090, 0x000000c8, 0x000000d8, + 0x000001e8, 0x000001f0, 0x000001a0, 0x00000188, + 0x000001b8, 0x00000180, 0x000001a8, 0x000001d0, + 0x00000198, 0x000001e0, 0x000001c0, 0x000001f8, + 0x000001b0, 0x00000190, 0x000001c8, 0x000001d8, + 0x00000568, 0x00000570, 0x00000520, 0x00000508, + 0x00000538, 0x00000500, 0x00000528, 0x00000550, + 0x00000518, 0x00000560, 0x00000540, 0x00000578, + 0x00000530, 0x00000510, 0x00000548, 0x00000558, + 0x000004e8, 0x000004f0, 0x000004a0, 0x00000488, + 0x000004b8, 0x00000480, 0x000004a8, 0x000004d0, + 0x00000498, 0x000004e0, 0x000004c0, 0x000004f8, + 0x000004b0, 0x00000490, 0x000004c8, 0x000004d8, + 0x000002e8, 0x000002f0, 0x000002a0, 0x00000288, + 0x000002b8, 0x00000280, 0x000002a8, 0x000002d0, + 0x00000298, 0x000002e0, 0x000002c0, 0x000002f8, + 0x000002b0, 0x00000290, 0x000002c8, 0x000002d8, + 0x000005e8, 0x000005f0, 0x000005a0, 0x00000588, + 0x000005b8, 0x00000580, 0x000005a8, 0x000005d0, + 0x00000598, 0x000005e0, 0x000005c0, 0x000005f8, + 0x000005b0, 0x00000590, 0x000005c8, 0x000005d8, + 0x00000268, 0x00000270, 0x00000220, 0x00000208, + 0x00000238, 0x00000200, 0x00000228, 0x00000250, + 0x00000218, 0x00000260, 0x00000240, 0x00000278, + 0x00000230, 0x00000210, 0x00000248, 0x00000258, + 0x000007e8, 0x000007f0, 0x000007a0, 0x00000788, + 0x000007b8, 0x00000780, 0x000007a8, 0x000007d0, + 0x00000798, 0x000007e0, 0x000007c0, 0x000007f8, + 0x000007b0, 0x00000790, 0x000007c8, 0x000007d8, + 0x00000468, 0x00000470, 0x00000420, 0x00000408, + 0x00000438, 0x00000400, 0x00000428, 0x00000450, + 0x00000418, 0x00000460, 0x00000440, 0x00000478, + 0x00000430, 0x00000410, 0x00000448, 0x00000458, + 0x00000368, 0x00000370, 0x00000320, 0x00000308, + 0x00000338, 0x00000300, 0x00000328, 0x00000350, + 0x00000318, 0x00000360, 0x00000340, 0x00000378, + 0x00000330, 0x00000310, 0x00000348, 0x00000358, + 0x000003e8, 0x000003f0, 0x000003a0, 0x00000388, + 0x000003b8, 0x00000380, 0x000003a8, 0x000003d0, + 0x00000398, 0x000003e0, 0x000003c0, 0x000003f8, + 0x000003b0, 0x00000390, 0x000003c8, 0x000003d8, + 0x00000768, 0x00000770, 0x00000720, 0x00000708, + 0x00000738, 0x00000700, 0x00000728, 0x00000750, + 0x00000718, 0x00000760, 0x00000740, 0x00000778, + 0x00000730, 0x00000710, 0x00000748, 0x00000758, + 0x000006e8, 0x000006f0, 0x000006a0, 0x00000688, + 0x000006b8, 0x00000680, 0x000006a8, 0x000006d0, + 0x00000698, 0x000006e0, 0x000006c0, 0x000006f8, + 0x000006b0, 0x00000690, 0x000006c8, 0x000006d8, + 0x00000068, 0x00000070, 0x00000020, 0x00000008, + 0x00000038, 0x00000000, 0x00000028, 0x00000050, + 0x00000018, 0x00000060, 0x00000040, 0x00000078, + 0x00000030, 0x00000010, 0x00000048, 0x00000058, + 0x00000168, 0x00000170, 0x00000120, 0x00000108, + 0x00000138, 0x00000100, 0x00000128, 0x00000150, + 0x00000118, 0x00000160, 0x00000140, 0x00000178, + 0x00000130, 0x00000110, 0x00000148, 0x00000158, + 0x00000668, 0x00000670, 0x00000620, 0x00000608, + 0x00000638, 0x00000600, 0x00000628, 0x00000650, + 0x00000618, 0x00000660, 0x00000640, 0x00000678, + 0x00000630, 0x00000610, 0x00000648, 0x00000658, + } +}; + /* * A macro that performs a full encryption round of GOST 28147-89. * Temporary variables tmp assumed and variables r and l for left and right diff --git a/gost28147.h b/gost28147.h index 83d8915b9d38..8f6414ec8577 100644 --- a/gost28147.h +++ b/gost28147.h @@ -41,6 +41,7 @@ extern "C" { #endif
#define gost28147_param_test_3411 nettle_gost28147_param_test_3411 +#define gost28147_param_CryptoPro_3411 nettle_gost28147_param_CryptoPro_3411
/* Private */ #define gost28147_encrypt_simple nettle_gost28147_encrypt_simple @@ -51,6 +52,7 @@ struct gost28147_param };
extern const struct gost28147_param gost28147_param_test_3411; +extern const struct gost28147_param gost28147_param_CryptoPro_3411;
/* Internal interface for use by GOST R 34.11-94 */ void gost28147_encrypt_simple (const uint32_t *key, const uint32_t *sbox, diff --git a/gosthash94-meta.c b/gosthash94-meta.c index 42b05562b7f8..ad203bfd6c18 100644 --- a/gosthash94-meta.c +++ b/gosthash94-meta.c @@ -39,3 +39,6 @@
const struct nettle_hash nettle_gosthash94 = _NETTLE_HASH(gosthash94, GOSTHASH94); + +const struct nettle_hash nettle_gosthash94cp += _NETTLE_HASH(gosthash94cp, GOSTHASH94CP); diff --git a/gosthash94.c b/gosthash94.c index 870235eefa34..0e84553f9a03 100644 --- a/gosthash94.c +++ b/gosthash94.c @@ -5,6 +5,7 @@ * See also RFC 4357. * * Copyright: 2009-2012 Aleksey Kravchenko rhash.admin@gmail.com + * Copyright: 2019 Dmitry Eremin-Solenikov dbaryshkov@gmail.com * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -61,7 +62,8 @@ gosthash94_init (struct gosthash94_ctx *ctx) * @param block the message block to process */ static void -gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) +gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block, + const uint32_t *sbox) { unsigned i; uint32_t key[8], u[8], v[8], w[8], s[8]; @@ -106,7 +108,7 @@ gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) ((w[5] & 0xff000000) >> 8) | (w[7] & 0xff000000);
/* encryption: s_i := E_{key_i} (h_i) */ - gost28147_encrypt_simple (key, gost28147_param_test_3411.sbox, &ctx->hash[i], &s[i]); + gost28147_encrypt_simple (key, sbox, &ctx->hash[i], &s[i]);
if (i == 0) { @@ -261,7 +263,8 @@ gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) * @param block the 256-bit message block to process */ static void -gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block) +gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block, + const uint32_t *sbox) { uint32_t block_le[8]; unsigned i, carry; @@ -277,7 +280,7 @@ gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block) }
/* update message hash */ - gost_block_compress (ctx, block_le); + gost_block_compress (ctx, block_le, sbox); }
/** @@ -288,9 +291,10 @@ gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block) * @param msg message chunk * @param size length of the message chunk */ -void -gosthash94_update (struct gosthash94_ctx *ctx, - size_t length, const uint8_t *msg) +static void +gosthash94_update_int (struct gosthash94_ctx *ctx, + size_t length, const uint8_t *msg, + const uint32_t *sbox) { unsigned index = (unsigned) ctx->length & 31; ctx->length += length; @@ -304,13 +308,13 @@ gosthash94_update (struct gosthash94_ctx *ctx, return;
/* process partial block */ - gost_compute_sum_and_hash (ctx, ctx->message); + gost_compute_sum_and_hash (ctx, ctx->message, sbox); msg += left; length -= left; } while (length >= GOSTHASH94_BLOCK_SIZE) { - gost_compute_sum_and_hash (ctx, msg); + gost_compute_sum_and_hash (ctx, msg, sbox); msg += GOSTHASH94_BLOCK_SIZE; length -= GOSTHASH94_BLOCK_SIZE; } @@ -321,15 +325,48 @@ gosthash94_update (struct gosthash94_ctx *ctx, } }
+/** + * Calculate message hash. + * Can be called repeatedly with chunks of the message to be hashed. + * + * @param ctx the algorithm context containing current hashing state + * @param msg message chunk + * @param size length of the message chunk + */ +void +gosthash94_update (struct gosthash94_ctx *ctx, + size_t length, const uint8_t *msg) +{ + gosthash94_update_int (ctx, length, msg, + gost28147_param_test_3411.sbox); +} + +/** + * Calculate message hash. + * Can be called repeatedly with chunks of the message to be hashed. + * + * @param ctx the algorithm context containing current hashing state + * @param msg message chunk + * @param size length of the message chunk + */ +void +gosthash94cp_update (struct gosthash94_ctx *ctx, + size_t length, const uint8_t *msg) +{ + gosthash94_update_int (ctx, length, msg, + gost28147_param_CryptoPro_3411.sbox); +} + /** * Finish hashing and store message digest into given array. * * @param ctx the algorithm context containing current hashing state * @param result calculated hash in binary form */ -void -gosthash94_digest (struct gosthash94_ctx *ctx, - size_t length, uint8_t *result) +static void +gosthash94_write_digest (struct gosthash94_ctx *ctx, + size_t length, uint8_t *result, + const uint32_t *sbox) { unsigned index = ctx->length & 31; uint32_t msg32[8]; @@ -340,7 +377,7 @@ gosthash94_digest (struct gosthash94_ctx *ctx, if (index > 0) { memset (ctx->message + index, 0, 32 - index); - gost_compute_sum_and_hash (ctx, ctx->message); + gost_compute_sum_and_hash (ctx, ctx->message, sbox); }
/* hash the message length and the sum */ @@ -348,10 +385,26 @@ gosthash94_digest (struct gosthash94_ctx *ctx, msg32[1] = ctx->length >> 29; memset (msg32 + 2, 0, sizeof (uint32_t) * 6);
- gost_block_compress (ctx, msg32); - gost_block_compress (ctx, ctx->sum); + gost_block_compress (ctx, msg32, sbox); + gost_block_compress (ctx, ctx->sum, sbox);
/* convert hash state to result bytes */ _nettle_write_le32(length, result, ctx->hash); gosthash94_init (ctx); } + +void +gosthash94_digest (struct gosthash94_ctx *ctx, + size_t length, uint8_t *result) +{ + gosthash94_write_digest (ctx, length, result, + gost28147_param_test_3411.sbox); +} + +void +gosthash94cp_digest (struct gosthash94_ctx *ctx, + size_t length, uint8_t *result) +{ + gosthash94_write_digest (ctx, length, result, + gost28147_param_CryptoPro_3411.sbox); +} diff --git a/gosthash94.h b/gosthash94.h index 60b2bef2837f..dfa97f61de6e 100644 --- a/gosthash94.h +++ b/gosthash94.h @@ -72,11 +72,17 @@ extern "C" { #define gosthash94_update nettle_gosthash94_update #define gosthash94_digest nettle_gosthash94_digest
+#define gosthash94cp_update nettle_gosthash94cp_update +#define gosthash94cp_digest nettle_gosthash94cp_digest + #define GOSTHASH94_BLOCK_SIZE 32 #define GOSTHASH94_DIGEST_SIZE 32 /* For backwards compatibility */ #define GOSTHASH94_DATA_SIZE GOSTHASH94_BLOCK_SIZE
+#define GOSTHASH94CP_BLOCK_SIZE GOSTHASH94_BLOCK_SIZE +#define GOSTHASH94CP_DIGEST_SIZE GOSTHASH94_DIGEST_SIZE + struct gosthash94_ctx { uint32_t hash[8]; /* algorithm 256-bit state */ @@ -84,6 +90,7 @@ struct gosthash94_ctx uint64_t length; /* number of processed bytes */ uint8_t message[GOSTHASH94_BLOCK_SIZE]; /* 256-bit buffer for leftovers */ }; +#define gosthash94cp_ctx gosthash94_ctx
void gosthash94_init(struct gosthash94_ctx *ctx); void gosthash94_update(struct gosthash94_ctx *ctx, @@ -91,6 +98,12 @@ void gosthash94_update(struct gosthash94_ctx *ctx, void gosthash94_digest(struct gosthash94_ctx *ctx, size_t length, uint8_t *result);
+#define gosthash94cp_init gosthash94_init +void gosthash94cp_update(struct gosthash94_ctx *ctx, + size_t length, const uint8_t *msg); +void gosthash94cp_digest(struct gosthash94_ctx *ctx, + size_t length, uint8_t *result); + #ifdef __cplusplus } #endif diff --git a/nettle-meta-hashes.c b/nettle-meta-hashes.c index f0ef026d359f..0ea892c14714 100644 --- a/nettle-meta-hashes.c +++ b/nettle-meta-hashes.c @@ -42,6 +42,7 @@ const struct nettle_hash * const _nettle_hashes[] = { &nettle_md4, &nettle_md5, &nettle_gosthash94, + &nettle_gosthash94cp, &nettle_ripemd160, &nettle_sha1, &nettle_sha224, diff --git a/nettle-meta.h b/nettle-meta.h index 74e50e59cd2e..b4cdb8f3e378 100644 --- a/nettle-meta.h +++ b/nettle-meta.h @@ -130,6 +130,7 @@ extern const struct nettle_hash nettle_md2; extern const struct nettle_hash nettle_md4; extern const struct nettle_hash nettle_md5; extern const struct nettle_hash nettle_gosthash94; +extern const struct nettle_hash nettle_gosthash94cp; extern const struct nettle_hash nettle_ripemd160; extern const struct nettle_hash nettle_sha1; extern const struct nettle_hash nettle_sha224; diff --git a/nettle.texinfo b/nettle.texinfo index b8579a6ed59b..fbba7d81d6ec 100644 --- a/nettle.texinfo +++ b/nettle.texinfo @@ -1038,12 +1038,17 @@ This function also resets the context in the same way as @end deftypefun
-@subsubsection @acronym{GOSTHASH94} +@subsubsection @acronym{GOSTHASH94 and GOSTHASH94CP}
The GOST94 or GOST R 34.11-94 hash algorithm is a Soviet-era algorithm used in Russian government standards (see @cite{RFC 4357}). -It outputs message digests of 256 bits, or 32 octets. -Nettle defines GOSTHASH94 in @file{<nettle/gosthash94.h>}. +It outputs message digests of 256 bits, or 32 octets. The standard itself +does not fix the S-box used by the hash algorith, so there are two popular +variants (the testing S-box from the standard itself and the S-box defined +by CryptoPro company, see RFC 4357). Nettle provides support for the former +S-box in the form of GOSTHASH94 hash algorithm and for the latter in the +form of GOSTHASH94CP hash algorithm. +Nettle defines GOSTHASH94 and GOSTHASH94CP in @file{<nettle/gosthash94.h>}.
@deftp {Context struct} {struct gosthash94_ctx} @end deftp @@ -1074,6 +1079,35 @@ This function also resets the context in the same way as @code{gosthash94_init}. @end deftypefun
+@deftp {Context struct} {struct gosthash94cp_ctx} +@end deftp + +@defvr Constant GOSTHASH94CP_DIGEST_SIZE +The size of a GOSTHASH94CP digest, i.e. 32. +@end defvr + +@defvr Constant GOSTHASH94CP_BLOCK_SIZE +The internal block size of GOSTHASH94CP, i.e., 32. +@end defvr + +@deftypefun void gosthash94cp_init (struct gosthash94cp_ctx *@var{ctx}) +Initialize the GOSTHASH94CP state. +@end deftypefun + +@deftypefun void gosthash94cp_update (struct gosthash94cp_ctx *@var{ctx}, size_t @var{length}, const uint8_t *@var{data}) +Hash some more data. +@end deftypefun + +@deftypefun void gosthash94cp_digest (struct gosthash94cp_ctx *@var{ctx}, size_t @var{length}, uint8_t *@var{digest}) +Performs final processing and extracts the message digest, writing it +to @var{digest}. @var{length} may be smaller than +@code{GOSTHASH94CP_DIGEST_SIZE}, in which case only the first @var{length} +octets of the digest are written. + +This function also resets the context in the same way as +@code{gosthash94cp_init}. +@end deftypefun + @node nettle_hash abstraction,, Legacy hash functions, Hash functions @comment node-name, next, previous, up @subsection The @code{struct nettle_hash} abstraction @@ -1103,6 +1137,7 @@ The last three attributes are function pointers, of types @deftypevrx {Constant Struct} {struct nettle_hash} nettle_sha512 @deftypevrx {Constant Struct} {struct nettle_hash} nettle_sha3_256 @deftypevrx {Constant Struct} {struct nettle_hash} nettle_gosthash94 +@deftypevrx {Constant Struct} {struct nettle_hash} nettle_gosthash94cp These are all the hash functions that Nettle implements. @end deftypevr
diff --git a/testsuite/gosthash94-test.c b/testsuite/gosthash94-test.c index 77fb8befa9d8..d4e5015843d9 100644 --- a/testsuite/gosthash94-test.c +++ b/testsuite/gosthash94-test.c @@ -17,4 +17,16 @@ test_main(void)
test_hash(&nettle_gosthash94, SDATA(""), SHEX("ce85b99cc46752fffee35cab9a7b0278abb4c2d2055cff685af4912c49490f8d")); + + test_hash(&nettle_gosthash94cp, SDATA("The quick brown fox jumps over the lazy dog"), + SHEX("9004294a361a508c586fe53d1f1b02746765e71b765472786e4770d565830a76")); + + test_hash(&nettle_gosthash94cp, SDATA("message digest"), + SHEX("bc6041dd2aa401ebfa6e9886734174febdb4729aa972d60f549ac39b29721ba0")); + + test_hash(&nettle_gosthash94cp, SDATA("a"), + SHEX("e74c52dd282183bf37af0079c9f78055715a103f17e3133ceff1aacf2f403011")); + + test_hash(&nettle_gosthash94cp, SDATA(""), + SHEX("981e5f3ca30c841487830f84fb433e13ac1101569b9c13584ac483234cd656c0")); } diff --git a/testsuite/meta-hash-test.c b/testsuite/meta-hash-test.c index 5b6258889e5d..42debe994c0a 100644 --- a/testsuite/meta-hash-test.c +++ b/testsuite/meta-hash-test.c @@ -9,6 +9,7 @@ const char* hashes[] = { "md4", "md5", "gosthash94", + "gosthash94cp", "ripemd160", "sha1", "sha224",
GOST hash functions can be used to generate MAC using HMAC algorithm. Add functions implementing HMAC with GOSTHASH94/GOSTHASH94CP.
Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- Makefile.in | 6 ++-- hmac-gosthash94.c | 79 +++++++++++++++++++++++++++++++++++++++++++ hmac.h | 37 ++++++++++++++++++++ testsuite/hmac-test.c | 14 ++++++++ 4 files changed, 133 insertions(+), 3 deletions(-) create mode 100644 hmac-gosthash94.c
diff --git a/Makefile.in b/Makefile.in index 795d66edb2c8..7d82d0d2c1aa 100644 --- a/Makefile.in +++ b/Makefile.in @@ -103,9 +103,9 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ gcm-camellia256.c gcm-camellia256-meta.c \ cmac.c cmac-aes128.c cmac-aes256.c \ gost28147.c gosthash94.c gosthash94-meta.c \ - hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \ - hmac-sha224.c hmac-sha256.c hmac-sha384.c hmac-sha512.c \ - knuth-lfib.c hkdf.c \ + hmac.c hmac-gosthash94.c hmac-md5.c hmac-ripemd160.c \ + hmac-sha1.c hmac-sha224.c hmac-sha256.c hmac-sha384.c \ + hmac-sha512.c knuth-lfib.c hkdf.c \ md2.c md2-meta.c md4.c md4-meta.c \ md5.c md5-compress.c md5-compat.c md5-meta.c \ memeql-sec.c memxor.c memxor3.c \ diff --git a/hmac-gosthash94.c b/hmac-gosthash94.c new file mode 100644 index 000000000000..66b62854d25e --- /dev/null +++ b/hmac-gosthash94.c @@ -0,0 +1,79 @@ +/* hmac-gosthash94.c + + HMAC-GOSTHASH94 message authentication code. + + Copyright (C) 2016 Dmitry Eremin-Solenikov + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "hmac.h" + +void +hmac_gosthash94_set_key(struct hmac_gosthash94_ctx *ctx, + size_t key_length, const uint8_t *key) +{ + HMAC_SET_KEY(ctx, &nettle_gosthash94, key_length, key); +} + +void +hmac_gosthash94_update(struct hmac_gosthash94_ctx *ctx, + size_t length, const uint8_t *data) +{ + gosthash94_update(&ctx->state, length, data); +} + +void +hmac_gosthash94_digest(struct hmac_gosthash94_ctx *ctx, + size_t length, uint8_t *digest) +{ + HMAC_DIGEST(ctx, &nettle_gosthash94, length, digest); +} + +void +hmac_gosthash94cp_set_key(struct hmac_gosthash94cp_ctx *ctx, + size_t key_length, const uint8_t *key) +{ + HMAC_SET_KEY(ctx, &nettle_gosthash94cp, key_length, key); +} + +void +hmac_gosthash94cp_update(struct hmac_gosthash94cp_ctx *ctx, + size_t length, const uint8_t *data) +{ + gosthash94cp_update(&ctx->state, length, data); +} +void +hmac_gosthash94cp_digest(struct hmac_gosthash94cp_ctx *ctx, + size_t length, uint8_t *digest) +{ + HMAC_DIGEST(ctx, &nettle_gosthash94cp, length, digest); +} diff --git a/hmac.h b/hmac.h index 40a8e77aab6d..d9ee3400108d 100644 --- a/hmac.h +++ b/hmac.h @@ -36,6 +36,7 @@
#include "nettle-meta.h"
+#include "gosthash94.h" #include "md5.h" #include "ripemd160.h" #include "sha1.h" @@ -68,6 +69,12 @@ extern "C" { #define hmac_sha512_set_key nettle_hmac_sha512_set_key #define hmac_sha512_update nettle_hmac_sha512_update #define hmac_sha512_digest nettle_hmac_sha512_digest +#define hmac_gosthash94_set_key nettle_hmac_gosthash94_set_key +#define hmac_gosthash94_update nettle_hmac_gosthash94_update +#define hmac_gosthash94_digest nettle_hmac_gosthash94_digest +#define hmac_gosthash94cp_set_key nettle_hmac_gosthash94cp_set_key +#define hmac_gosthash94cp_update nettle_hmac_gosthash94cp_update +#define hmac_gosthash94cp_digest nettle_hmac_gosthash94cp_digest
void hmac_set_key(void *outer, void *inner, void *state, @@ -203,6 +210,36 @@ void hmac_sha384_digest(struct hmac_sha512_ctx *ctx, size_t length, uint8_t *digest);
+/* hmac-gosthash94 */ +struct hmac_gosthash94_ctx HMAC_CTX(struct gosthash94_ctx); + +void +hmac_gosthash94_set_key(struct hmac_gosthash94_ctx *ctx, + size_t key_length, const uint8_t *key); + +void +hmac_gosthash94_update(struct hmac_gosthash94_ctx *ctx, + size_t length, const uint8_t *data); + + void +hmac_gosthash94_digest(struct hmac_gosthash94_ctx *ctx, + size_t length, uint8_t *digest); + +struct hmac_gosthash94cp_ctx HMAC_CTX(struct gosthash94cp_ctx); + +void +hmac_gosthash94cp_set_key(struct hmac_gosthash94cp_ctx *ctx, + size_t key_length, const uint8_t *key); + +void +hmac_gosthash94cp_update(struct hmac_gosthash94cp_ctx *ctx, + size_t length, const uint8_t *data); + +void +hmac_gosthash94cp_digest(struct hmac_gosthash94cp_ctx *ctx, + size_t length, uint8_t *digest); + + #ifdef __cplusplus } #endif diff --git a/testsuite/hmac-test.c b/testsuite/hmac-test.c index 9156cc406d2c..f009c8003d34 100644 --- a/testsuite/hmac-test.c +++ b/testsuite/hmac-test.c @@ -894,4 +894,18 @@ test_main(void) "b1ff68a1de45509fbe4da9a433922655"));
/* Test case AUTH512-3 from same document seems broken. */ + + HMAC_TEST(gosthash94, + SHEX("000102030405060708090a0b0c0d0e0f" + "101112131415161718191a1b1c1d1e1f"), + SHEX("0126bdb87800af214341456563780100"), + SHEX("bfebe25f051bfef6ac858babb0abc409" + "bfd2e334ab847bc0b0d056517c7d94c5")); + + HMAC_TEST(gosthash94cp, + SHEX("000102030405060708090a0b0c0d0e0f" + "101112131415161718191a1b1c1d1e1f"), + SHEX("0126bdb87800af214341456563780100"), + SHEX("bad70b61c41095bc47e1141cfaed4272" + "6a5ceebd62ce75dbbb9ad76cda9f72f7")); }
Russian technical comitee working on standartization of cryptography algorithms has published the document describing usage of GOST R 34.11-94 hash function with PBKDF2 algorithm (http://tc26.ru/methods/containers_v1/Addition_to_PKCS5_v1_0.pdf). Add test vectors from that document and a special function implementing Nettle interface for PBKDF2 using gosthash94cp.
Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- Makefile.in | 3 ++- pbkdf2-hmac-gosthash94.c | 53 ++++++++++++++++++++++++++++++++++++++++ pbkdf2.h | 7 ++++++ testsuite/pbkdf2-test.c | 24 ++++++++++++++++++ 4 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 pbkdf2-hmac-gosthash94.c
diff --git a/Makefile.in b/Makefile.in index 7d82d0d2c1aa..0674b96907b2 100644 --- a/Makefile.in +++ b/Makefile.in @@ -112,7 +112,8 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ nettle-lookup-hash.c \ nettle-meta-aeads.c nettle-meta-armors.c \ nettle-meta-ciphers.c nettle-meta-hashes.c \ - pbkdf2.c pbkdf2-hmac-sha1.c pbkdf2-hmac-sha256.c \ + pbkdf2.c pbkdf2-hmac-gosthash94.c pbkdf2-hmac-sha1.c \ + pbkdf2-hmac-sha256.c \ poly1305-aes.c poly1305-internal.c \ realloc.c \ ripemd160.c ripemd160-compress.c ripemd160-meta.c \ diff --git a/pbkdf2-hmac-gosthash94.c b/pbkdf2-hmac-gosthash94.c new file mode 100644 index 000000000000..bf61659433c3 --- /dev/null +++ b/pbkdf2-hmac-gosthash94.c @@ -0,0 +1,53 @@ +/* pbkdf2-hmac-gosthash94.c + + PKCS #5 PBKDF2 used with HMAC-GOSTHASH94CP. + + Copyright (C) 2016 Dmitry Eremin-Solenikov + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "pbkdf2.h" + +#include "hmac.h" + +void +pbkdf2_hmac_gosthash94cp (size_t key_length, const uint8_t *key, + unsigned iterations, + size_t salt_length, const uint8_t *salt, + size_t length, uint8_t *dst) +{ + struct hmac_gosthash94cp_ctx gosthash94cpctx; + + hmac_gosthash94cp_set_key (&gosthash94cpctx, key_length, key); + PBKDF2 (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, iterations, salt_length, salt, length, dst); +} diff --git a/pbkdf2.h b/pbkdf2.h index 7b1c4c9c1881..a36dfdbaa437 100644 --- a/pbkdf2.h +++ b/pbkdf2.h @@ -45,6 +45,7 @@ extern "C" #define pbkdf2 nettle_pbkdf2 #define pbkdf2_hmac_sha1 nettle_pbkdf2_hmac_sha1 #define pbkdf2_hmac_sha256 nettle_pbkdf2_hmac_sha256 +#define pbkdf2_hmac_gosthash94cp nettle_pbkdf2_hmac_gosthash94cp
void pbkdf2 (void *mac_ctx, @@ -78,6 +79,12 @@ pbkdf2_hmac_sha256 (size_t key_length, const uint8_t *key, size_t salt_length, const uint8_t *salt, size_t length, uint8_t *dst);
+void +pbkdf2_hmac_gosthash94cp (size_t key_length, const uint8_t *key, + unsigned iterations, + size_t salt_length, const uint8_t *salt, + size_t length, uint8_t *dst); + #ifdef __cplusplus } #endif diff --git a/testsuite/pbkdf2-test.c b/testsuite/pbkdf2-test.c index bb8da57fbb73..fe68ca6527c8 100644 --- a/testsuite/pbkdf2-test.c +++ b/testsuite/pbkdf2-test.c @@ -28,6 +28,7 @@ test_main (void) struct hmac_sha1_ctx sha1ctx; struct hmac_sha256_ctx sha256ctx; struct hmac_sha512_ctx sha512ctx; + struct hmac_gosthash94cp_ctx gosthash94cpctx;
/* Test vectors for PBKDF2 from RFC 6070. */
@@ -110,4 +111,27 @@ test_main (void) PBKDF2_HMAC_TEST(pbkdf2_hmac_sha256, LDATA("passwd"), 1, LDATA("salt"), SHEX("55ac046e56e3089fec1691c22544b605"));
+ /* From TC26 document, http://tc26.ru/methods/containers_v1/Addition_to_PKCS5_v1_0.pdf */ + + hmac_gosthash94cp_set_key (&gosthash94cpctx, LDATA("password")); + PBKDF2_TEST (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, 1, LDATA("salt"), + SHEX("7314e7c04fb2e662c543674253f68bd0b73445d07f241bed872882da21662d58")); + + PBKDF2_TEST (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, 4096, LDATA("salt"), + SHEX("1f1829a94bdff5be10d0aeb36af498e7a97467f3b31116a5a7c1afff9deadafe")); + + hmac_gosthash94cp_set_key (&gosthash94cpctx, LDATA("passwordPASSWORDpassword")); + PBKDF2_TEST (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, 4096, LDATA("saltSALTsaltSALTsaltSALTsaltSALTsalt"), + SHEX("788358c69cb2dbe251a7bb17d5f4241f265a792a35becde8d56f326b49c85047b7638acb4764b1fd")); + + hmac_gosthash94cp_set_key (&gosthash94cpctx, LDATA("pass\0word")); + PBKDF2_TEST (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, 4096, LDATA("sa\0lt"), + SHEX("43e06c5590b08c0225242373127edf9c8e9c3291")); + + PBKDF2_HMAC_TEST (pbkdf2_hmac_gosthash94cp, LDATA("password"), 1, LDATA("salt"), + SHEX("7314e7c04fb2e662c543674253f68bd0b73445d07f241bed872882da21662d58")); }
Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- gosthash94.c | 43 +++++++++---------------------------------- gosthash94.h | 5 +++-- 2 files changed, 12 insertions(+), 36 deletions(-)
diff --git a/gosthash94.c b/gosthash94.c index 0e84553f9a03..8105530516ee 100644 --- a/gosthash94.c +++ b/gosthash94.c @@ -283,6 +283,8 @@ gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block, gost_block_compress (ctx, block_le, sbox); }
+#define COMPRESS(ctx, block) gost_compute_sum_and_hash((ctx), (block), sbox); + /** * Calculate message hash. * Can be called repeatedly with chunks of the message to be hashed. @@ -296,33 +298,7 @@ gosthash94_update_int (struct gosthash94_ctx *ctx, size_t length, const uint8_t *msg, const uint32_t *sbox) { - unsigned index = (unsigned) ctx->length & 31; - ctx->length += length; - - /* fill partial block */ - if (index) - { - unsigned left = GOSTHASH94_BLOCK_SIZE - index; - memcpy (ctx->message + index, msg, (length < left ? length : left)); - if (length < left) - return; - - /* process partial block */ - gost_compute_sum_and_hash (ctx, ctx->message, sbox); - msg += left; - length -= left; - } - while (length >= GOSTHASH94_BLOCK_SIZE) - { - gost_compute_sum_and_hash (ctx, msg, sbox); - msg += GOSTHASH94_BLOCK_SIZE; - length -= GOSTHASH94_BLOCK_SIZE; - } - if (length) - { - /* save leftovers */ - memcpy (ctx->message, msg, length); - } + MD_UPDATE(ctx, length, msg, COMPRESS, ctx->count++); }
/** @@ -368,21 +344,20 @@ gosthash94_write_digest (struct gosthash94_ctx *ctx, size_t length, uint8_t *result, const uint32_t *sbox) { - unsigned index = ctx->length & 31; - uint32_t msg32[8]; + uint32_t msg32[GOSTHASH94_BLOCK_SIZE / 4];
assert(length <= GOSTHASH94_DIGEST_SIZE);
/* pad the last block with zeroes and hash it */ - if (index > 0) + if (ctx->index > 0) { - memset (ctx->message + index, 0, 32 - index); - gost_compute_sum_and_hash (ctx, ctx->message, sbox); + memset (ctx->block + ctx->index, 0, GOSTHASH94_BLOCK_SIZE - ctx->index); + gost_compute_sum_and_hash (ctx, ctx->block, sbox); }
/* hash the message length and the sum */ - msg32[0] = ctx->length << 3; - msg32[1] = ctx->length >> 29; + msg32[0] = (ctx->count << 8) | (ctx->index << 3); + msg32[1] = ctx->count >> 24; memset (msg32 + 2, 0, sizeof (uint32_t) * 6);
gost_block_compress (ctx, msg32, sbox); diff --git a/gosthash94.h b/gosthash94.h index dfa97f61de6e..0efd6412e6a9 100644 --- a/gosthash94.h +++ b/gosthash94.h @@ -87,8 +87,9 @@ struct gosthash94_ctx { uint32_t hash[8]; /* algorithm 256-bit state */ uint32_t sum[8]; /* sum of processed message blocks */ - uint64_t length; /* number of processed bytes */ - uint8_t message[GOSTHASH94_BLOCK_SIZE]; /* 256-bit buffer for leftovers */ + uint64_t count; /* Block count */ + unsigned index; /* Into buffer */ + uint8_t block[GOSTHASH94_BLOCK_SIZE]; /* 256-bit buffer for leftovers */ }; #define gosthash94cp_ctx gosthash94_ctx
Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:
Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com
gosthash94.c | 43 +++++++++---------------------------------- gosthash94.h | 5 +++-- 2 files changed, 12 insertions(+), 36 deletions(-)
Merged to master-updates branch (since we're going to bump the libnettle soname).
Regards, /Niels
Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:
Hash function GOST R 34.11-94 (gosthash94) in its compression function uses Russian block cipher (GOST 28147-89, Magma). Start separating block cipher code from hash function code. For now there is no public interface for this cipher, it will be added later.
I'm having an initial look at this, with a few comments.
--- /dev/null +++ b/gost28147.c +/*
- A macro that performs a full encryption round of GOST 28147-89.
- Temporary variables tmp assumed and variables r and l for left and right
- blocks.
- */
+#define GOST_ENCRYPT_ROUND(key1, key2, sbox) \
- tmp = (key1) + r; \
- l ^= (sbox)[0*256 + (tmp & 0xff)] ^ (sbox)[1*256 + ((tmp >> 8) & 0xff)] ^ \
- (sbox)[2*256 + ((tmp >> 16) & 0xff)] ^ (sbox)[3*256 + (tmp >> 24)]; \
- tmp = (key2) + l; \
- r ^= (sbox)[0*256 + (tmp & 0xff)] ^ (sbox)[1*256 + ((tmp >> 8) & 0xff)] ^ \
- (sbox)[2*256 + ((tmp >> 16) & 0xff)] ^ (sbox)[3*256 + (tmp >> 24)];
This code is just moved around in this patch, but I'd like to note that it's preferable to always wrap function-like macros like this in do { ... } while (0), and when used terminate with ;. And avoid using surrounding variables; r and l could be macro arguments, and tmp (with some likely unique prefix) could be a local in the do { ... } while block.
--- /dev/null +++ b/gost28147.h @@ -0,0 +1,63 @@
+struct gost28147_param +{
- uint32_t sbox[4*256];
+};
Why change to a flat array, and not keep it as
uint32_t sbox[4][256];
?
+extern const struct gost28147_param gost28147_param_test_3411;
I find "test" in the name a bit odd. Is there a reason for that? And declaration should probably not be in an installed header file, but in gost-internal.h or so.
+/* Internal interface for use by GOST R 34.11-94 */ +void gost28147_encrypt_simple (const uint32_t *key, const uint32_t *sbox,
const uint32_t *in, uint32_t *out);
Same here: if internal, shouldn't be in an installed header file. And "simple" looks a bit odd.
Should the sbox argument be of type const gost28147_param * ?
Regards, /Niels
Hello,
вт, 9 июл. 2019 г. в 01:17, Niels Möller nisse@lysator.liu.se:
Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:
Hash function GOST R 34.11-94 (gosthash94) in its compression function uses Russian block cipher (GOST 28147-89, Magma). Start separating block cipher code from hash function code. For now there is no public interface for this cipher, it will be added later.
I'm having an initial look at this, with a few comments.
--- /dev/null +++ b/gost28147.c +/*
- A macro that performs a full encryption round of GOST 28147-89.
- Temporary variables tmp assumed and variables r and l for left and right
- blocks.
- */
+#define GOST_ENCRYPT_ROUND(key1, key2, sbox) \
- tmp = (key1) + r; \
- l ^= (sbox)[0*256 + (tmp & 0xff)] ^ (sbox)[1*256 + ((tmp >> 8) & 0xff)] ^ \
- (sbox)[2*256 + ((tmp >> 16) & 0xff)] ^ (sbox)[3*256 + (tmp >> 24)]; \
- tmp = (key2) + l; \
- r ^= (sbox)[0*256 + (tmp & 0xff)] ^ (sbox)[1*256 + ((tmp >> 8) & 0xff)] ^ \
- (sbox)[2*256 + ((tmp >> 16) & 0xff)] ^ (sbox)[3*256 + (tmp >> 24)];
This code is just moved around in this patch, but I'd like to note that it's preferable to always wrap function-like macros like this in do { ... } while (0), and when used terminate with ;. And avoid using surrounding variables; r and l could be macro arguments, and tmp (with some likely unique prefix) could be a local in the do { ... } while block.
Fine, I will check if this doesn't lower the performance and redo the code.
--- /dev/null +++ b/gost28147.h @@ -0,0 +1,63 @@
+struct gost28147_param +{
- uint32_t sbox[4*256];
+};
Why change to a flat array, and not keep it as
uint32_t sbox[4][256];
?
I don't remember. I did this long ago. I'll try changing this back.
+extern const struct gost28147_param gost28147_param_test_3411;
I find "test" in the name a bit odd. Is there a reason for that? And declaration should probably not be in an installed header file, but in gost-internal.h or so.
It is called 'test' because it was declared so in the standard itself (for testing purposes only). Also see RFC 4357, Section 11.2 (id-GostR3411-94-TestParamSet).
+/* Internal interface for use by GOST R 34.11-94 */ +void gost28147_encrypt_simple (const uint32_t *key, const uint32_t *sbox,
const uint32_t *in, uint32_t *out);Same here: if internal, shouldn't be in an installed header file. And "simple" looks a bit odd.
gost-internal.h sounds like a good idea, thank you.
Should the sbox argument be of type const gost28147_param * ?
No. gost28147_param is a high-level item, comprising of S-BOX, requirement to use key meshing. They are exported for external usage (via pointers). gost28147_encrypt_simple is an internal API which uses S-BOX directly, as it doesn't use any other 'param' part.
nettle-bugs@lists.lysator.liu.se
-
Dmitry Eremin-Solenikov -
nisse@lysator.liu.se