Hash function GOST R 34.11-94 (gosthash94) in its compression function uses Russian block cipher (GOST 28147-89, Magma). Start separating block cipher code from hash function code. For now there is no public interface for this cipher, it will be added later.
Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- Makefile.in | 7 +- gost28147-internal.h | 42 ++++++ gost28147.c | 350 +++++++++++++++++++++++++++++++++++++++++++ gost28147.h | 56 +++++++ gosthash94.c | 246 +----------------------------- 5 files changed, 458 insertions(+), 243 deletions(-) create mode 100644 gost28147-internal.h create mode 100644 gost28147.c create mode 100644 gost28147.h
diff --git a/Makefile.in b/Makefile.in index b54e64b053c3..f583981c4367 100644 --- a/Makefile.in +++ b/Makefile.in @@ -103,7 +103,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ gcm-camellia128.c gcm-camellia128-meta.c \ gcm-camellia256.c gcm-camellia256-meta.c \ cmac.c cmac-aes128.c cmac-aes256.c \ - gosthash94.c gosthash94-meta.c \ + gost28147.c gosthash94.c gosthash94-meta.c \ hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \ hmac-sha224.c hmac-sha256.c hmac-sha384.c hmac-sha512.c \ knuth-lfib.c hkdf.c \ @@ -196,7 +196,7 @@ HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h \ cbc.h ccm.h cfb.h chacha.h chacha-poly1305.h ctr.h \ curve25519.h des.h dsa.h dsa-compat.h eax.h \ ecc-curve.h ecc.h ecdsa.h eddsa.h \ - gcm.h gosthash94.h hmac.h \ + gcm.h gost28147.h gosthash94.h hmac.h \ knuth-lfib.h hkdf.h \ macros.h \ cmac.h siv-cmac.h \ @@ -230,7 +230,8 @@ DISTFILES = $(SOURCES) $(HEADERS) getopt.h getopt_int.h \ INSTALL NEWS ChangeLog \ nettle.pc.in hogweed.pc.in \ $(des_headers) descore.README desdata.stamp \ - aes-internal.h camellia-internal.h cmac-internal.h serpent-internal.h \ + aes-internal.h camellia-internal.h cmac-internal.h \ + gost28147-internal.h serpent-internal.h \ cast128_sboxes.h desinfo.h desCode.h \ ripemd160-internal.h sha2-internal.h \ memxor-internal.h nettle-internal.h nettle-write.h \ diff --git a/gost28147-internal.h b/gost28147-internal.h new file mode 100644 index 000000000000..7f5c6f8c63c0 --- /dev/null +++ b/gost28147-internal.h @@ -0,0 +1,42 @@ +/* gost28147-internal.h + + The GOST 28147-89 cipher function, described in RFC 5831. + + Copyright (C) 2019 Dmitry Eremin-Solenikov + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifndef NETTLE_GOST28147_INTERNAL_H_INCLUDED +#define NETTLE_GOST28147_INTERNAL_H_INCLUDED + +#define _gost28147_encrypt_block _nettle_gost28147_encrypt_block + +void _gost28147_encrypt_block (const uint32_t *key, const uint32_t sbox[4][256], + const uint32_t *in, uint32_t *out); + +#endif /* NETTLE_GOST28147_INTERNAL_H_INCLUDED */ diff --git a/gost28147.c b/gost28147.c new file mode 100644 index 000000000000..419cb943084d --- /dev/null +++ b/gost28147.c @@ -0,0 +1,350 @@ +/* gost28147.c - GOST 28147-89 cipher implementation + * + * based on Russian standard GOST 28147-89 + * For English description, check RFC 5830. + * S-Boxes are expanded from the tables defined in RFC4357: + * https://tools.ietf.org/html/rfc4357 + * + * Copyright: 2019 Dmitry Eremin-Solenikov dbaryshkov@gmail.com + * Copyright: 2009-2012 Aleksey Kravchenko rhash.admin@gmail.com + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be included + * in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +#if HAVE_CONFIG_H +#include "config.h" +#endif + +#include "macros.h" +#include "gost28147.h" +#include "gost28147-internal.h" + +/* pre-initialized GOST lookup tables based on rotated S-Box */ +const struct gost28147_param gost28147_param_test_3411 = +{ + { + { /* 0 */ + 0x00072000, 0x00075000, 0x00074800, 0x00071000, + 0x00076800, 0x00074000, 0x00070000, 0x00077000, + 0x00073000, 0x00075800, 0x00070800, 0x00076000, + 0x00073800, 0x00077800, 0x00072800, 0x00071800, + 0x0005a000, 0x0005d000, 0x0005c800, 0x00059000, + 0x0005e800, 0x0005c000, 0x00058000, 0x0005f000, + 0x0005b000, 0x0005d800, 0x00058800, 0x0005e000, + 0x0005b800, 0x0005f800, 0x0005a800, 0x00059800, + 0x00022000, 0x00025000, 0x00024800, 0x00021000, + 0x00026800, 0x00024000, 0x00020000, 0x00027000, + 0x00023000, 0x00025800, 0x00020800, 0x00026000, + 0x00023800, 0x00027800, 0x00022800, 0x00021800, + 0x00062000, 0x00065000, 0x00064800, 0x00061000, + 0x00066800, 0x00064000, 0x00060000, 0x00067000, + 0x00063000, 0x00065800, 0x00060800, 0x00066000, + 0x00063800, 0x00067800, 0x00062800, 0x00061800, + 0x00032000, 0x00035000, 0x00034800, 0x00031000, + 0x00036800, 0x00034000, 0x00030000, 0x00037000, + 0x00033000, 0x00035800, 0x00030800, 0x00036000, + 0x00033800, 0x00037800, 0x00032800, 0x00031800, + 0x0006a000, 0x0006d000, 0x0006c800, 0x00069000, + 0x0006e800, 0x0006c000, 0x00068000, 0x0006f000, + 0x0006b000, 0x0006d800, 0x00068800, 0x0006e000, + 0x0006b800, 0x0006f800, 0x0006a800, 0x00069800, + 0x0007a000, 0x0007d000, 0x0007c800, 0x00079000, + 0x0007e800, 0x0007c000, 0x00078000, 0x0007f000, + 0x0007b000, 0x0007d800, 0x00078800, 0x0007e000, + 0x0007b800, 0x0007f800, 0x0007a800, 0x00079800, + 0x00052000, 0x00055000, 0x00054800, 0x00051000, + 0x00056800, 0x00054000, 0x00050000, 0x00057000, + 0x00053000, 0x00055800, 0x00050800, 0x00056000, + 0x00053800, 0x00057800, 0x00052800, 0x00051800, + 0x00012000, 0x00015000, 0x00014800, 0x00011000, + 0x00016800, 0x00014000, 0x00010000, 0x00017000, + 0x00013000, 0x00015800, 0x00010800, 0x00016000, + 0x00013800, 0x00017800, 0x00012800, 0x00011800, + 0x0001a000, 0x0001d000, 0x0001c800, 0x00019000, + 0x0001e800, 0x0001c000, 0x00018000, 0x0001f000, + 0x0001b000, 0x0001d800, 0x00018800, 0x0001e000, + 0x0001b800, 0x0001f800, 0x0001a800, 0x00019800, + 0x00042000, 0x00045000, 0x00044800, 0x00041000, + 0x00046800, 0x00044000, 0x00040000, 0x00047000, + 0x00043000, 0x00045800, 0x00040800, 0x00046000, + 0x00043800, 0x00047800, 0x00042800, 0x00041800, + 0x0000a000, 0x0000d000, 0x0000c800, 0x00009000, + 0x0000e800, 0x0000c000, 0x00008000, 0x0000f000, + 0x0000b000, 0x0000d800, 0x00008800, 0x0000e000, + 0x0000b800, 0x0000f800, 0x0000a800, 0x00009800, + 0x00002000, 0x00005000, 0x00004800, 0x00001000, + 0x00006800, 0x00004000, 0x00000000, 0x00007000, + 0x00003000, 0x00005800, 0x00000800, 0x00006000, + 0x00003800, 0x00007800, 0x00002800, 0x00001800, + 0x0003a000, 0x0003d000, 0x0003c800, 0x00039000, + 0x0003e800, 0x0003c000, 0x00038000, 0x0003f000, + 0x0003b000, 0x0003d800, 0x00038800, 0x0003e000, + 0x0003b800, 0x0003f800, 0x0003a800, 0x00039800, + 0x0002a000, 0x0002d000, 0x0002c800, 0x00029000, + 0x0002e800, 0x0002c000, 0x00028000, 0x0002f000, + 0x0002b000, 0x0002d800, 0x00028800, 0x0002e000, + 0x0002b800, 0x0002f800, 0x0002a800, 0x00029800, + 0x0004a000, 0x0004d000, 0x0004c800, 0x00049000, + 0x0004e800, 0x0004c000, 0x00048000, 0x0004f000, + 0x0004b000, 0x0004d800, 0x00048800, 0x0004e000, + 0x0004b800, 0x0004f800, 0x0004a800, 0x00049800, + }, { /* 1 */ + 0x03a80000, 0x03c00000, 0x03880000, 0x03e80000, + 0x03d00000, 0x03980000, 0x03a00000, 0x03900000, + 0x03f00000, 0x03f80000, 0x03e00000, 0x03b80000, + 0x03b00000, 0x03800000, 0x03c80000, 0x03d80000, + 0x06a80000, 0x06c00000, 0x06880000, 0x06e80000, + 0x06d00000, 0x06980000, 0x06a00000, 0x06900000, + 0x06f00000, 0x06f80000, 0x06e00000, 0x06b80000, + 0x06b00000, 0x06800000, 0x06c80000, 0x06d80000, + 0x05280000, 0x05400000, 0x05080000, 0x05680000, + 0x05500000, 0x05180000, 0x05200000, 0x05100000, + 0x05700000, 0x05780000, 0x05600000, 0x05380000, + 0x05300000, 0x05000000, 0x05480000, 0x05580000, + 0x00a80000, 0x00c00000, 0x00880000, 0x00e80000, + 0x00d00000, 0x00980000, 0x00a00000, 0x00900000, + 0x00f00000, 0x00f80000, 0x00e00000, 0x00b80000, + 0x00b00000, 0x00800000, 0x00c80000, 0x00d80000, + 0x00280000, 0x00400000, 0x00080000, 0x00680000, + 0x00500000, 0x00180000, 0x00200000, 0x00100000, + 0x00700000, 0x00780000, 0x00600000, 0x00380000, + 0x00300000, 0x00000000, 0x00480000, 0x00580000, + 0x04280000, 0x04400000, 0x04080000, 0x04680000, + 0x04500000, 0x04180000, 0x04200000, 0x04100000, + 0x04700000, 0x04780000, 0x04600000, 0x04380000, + 0x04300000, 0x04000000, 0x04480000, 0x04580000, + 0x04a80000, 0x04c00000, 0x04880000, 0x04e80000, + 0x04d00000, 0x04980000, 0x04a00000, 0x04900000, + 0x04f00000, 0x04f80000, 0x04e00000, 0x04b80000, + 0x04b00000, 0x04800000, 0x04c80000, 0x04d80000, + 0x07a80000, 0x07c00000, 0x07880000, 0x07e80000, + 0x07d00000, 0x07980000, 0x07a00000, 0x07900000, + 0x07f00000, 0x07f80000, 0x07e00000, 0x07b80000, + 0x07b00000, 0x07800000, 0x07c80000, 0x07d80000, + 0x07280000, 0x07400000, 0x07080000, 0x07680000, + 0x07500000, 0x07180000, 0x07200000, 0x07100000, + 0x07700000, 0x07780000, 0x07600000, 0x07380000, + 0x07300000, 0x07000000, 0x07480000, 0x07580000, + 0x02280000, 0x02400000, 0x02080000, 0x02680000, + 0x02500000, 0x02180000, 0x02200000, 0x02100000, + 0x02700000, 0x02780000, 0x02600000, 0x02380000, + 0x02300000, 0x02000000, 0x02480000, 0x02580000, + 0x03280000, 0x03400000, 0x03080000, 0x03680000, + 0x03500000, 0x03180000, 0x03200000, 0x03100000, + 0x03700000, 0x03780000, 0x03600000, 0x03380000, + 0x03300000, 0x03000000, 0x03480000, 0x03580000, + 0x06280000, 0x06400000, 0x06080000, 0x06680000, + 0x06500000, 0x06180000, 0x06200000, 0x06100000, + 0x06700000, 0x06780000, 0x06600000, 0x06380000, + 0x06300000, 0x06000000, 0x06480000, 0x06580000, + 0x05a80000, 0x05c00000, 0x05880000, 0x05e80000, + 0x05d00000, 0x05980000, 0x05a00000, 0x05900000, + 0x05f00000, 0x05f80000, 0x05e00000, 0x05b80000, + 0x05b00000, 0x05800000, 0x05c80000, 0x05d80000, + 0x01280000, 0x01400000, 0x01080000, 0x01680000, + 0x01500000, 0x01180000, 0x01200000, 0x01100000, + 0x01700000, 0x01780000, 0x01600000, 0x01380000, + 0x01300000, 0x01000000, 0x01480000, 0x01580000, + 0x02a80000, 0x02c00000, 0x02880000, 0x02e80000, + 0x02d00000, 0x02980000, 0x02a00000, 0x02900000, + 0x02f00000, 0x02f80000, 0x02e00000, 0x02b80000, + 0x02b00000, 0x02800000, 0x02c80000, 0x02d80000, + 0x01a80000, 0x01c00000, 0x01880000, 0x01e80000, + 0x01d00000, 0x01980000, 0x01a00000, 0x01900000, + 0x01f00000, 0x01f80000, 0x01e00000, 0x01b80000, + 0x01b00000, 0x01800000, 0x01c80000, 0x01d80000, + }, { /* 2 */ + 0x30000002, 0x60000002, 0x38000002, 0x08000002, + 0x28000002, 0x78000002, 0x68000002, 0x40000002, + 0x20000002, 0x50000002, 0x48000002, 0x70000002, + 0x00000002, 0x18000002, 0x58000002, 0x10000002, + 0xb0000005, 0xe0000005, 0xb8000005, 0x88000005, + 0xa8000005, 0xf8000005, 0xe8000005, 0xc0000005, + 0xa0000005, 0xd0000005, 0xc8000005, 0xf0000005, + 0x80000005, 0x98000005, 0xd8000005, 0x90000005, + 0x30000005, 0x60000005, 0x38000005, 0x08000005, + 0x28000005, 0x78000005, 0x68000005, 0x40000005, + 0x20000005, 0x50000005, 0x48000005, 0x70000005, + 0x00000005, 0x18000005, 0x58000005, 0x10000005, + 0x30000000, 0x60000000, 0x38000000, 0x08000000, + 0x28000000, 0x78000000, 0x68000000, 0x40000000, + 0x20000000, 0x50000000, 0x48000000, 0x70000000, + 0x00000000, 0x18000000, 0x58000000, 0x10000000, + 0xb0000003, 0xe0000003, 0xb8000003, 0x88000003, + 0xa8000003, 0xf8000003, 0xe8000003, 0xc0000003, + 0xa0000003, 0xd0000003, 0xc8000003, 0xf0000003, + 0x80000003, 0x98000003, 0xd8000003, 0x90000003, + 0x30000001, 0x60000001, 0x38000001, 0x08000001, + 0x28000001, 0x78000001, 0x68000001, 0x40000001, + 0x20000001, 0x50000001, 0x48000001, 0x70000001, + 0x00000001, 0x18000001, 0x58000001, 0x10000001, + 0xb0000000, 0xe0000000, 0xb8000000, 0x88000000, + 0xa8000000, 0xf8000000, 0xe8000000, 0xc0000000, + 0xa0000000, 0xd0000000, 0xc8000000, 0xf0000000, + 0x80000000, 0x98000000, 0xd8000000, 0x90000000, + 0xb0000006, 0xe0000006, 0xb8000006, 0x88000006, + 0xa8000006, 0xf8000006, 0xe8000006, 0xc0000006, + 0xa0000006, 0xd0000006, 0xc8000006, 0xf0000006, + 0x80000006, 0x98000006, 0xd8000006, 0x90000006, + 0xb0000001, 0xe0000001, 0xb8000001, 0x88000001, + 0xa8000001, 0xf8000001, 0xe8000001, 0xc0000001, + 0xa0000001, 0xd0000001, 0xc8000001, 0xf0000001, + 0x80000001, 0x98000001, 0xd8000001, 0x90000001, + 0x30000003, 0x60000003, 0x38000003, 0x08000003, + 0x28000003, 0x78000003, 0x68000003, 0x40000003, + 0x20000003, 0x50000003, 0x48000003, 0x70000003, + 0x00000003, 0x18000003, 0x58000003, 0x10000003, + 0x30000004, 0x60000004, 0x38000004, 0x08000004, + 0x28000004, 0x78000004, 0x68000004, 0x40000004, + 0x20000004, 0x50000004, 0x48000004, 0x70000004, + 0x00000004, 0x18000004, 0x58000004, 0x10000004, + 0xb0000002, 0xe0000002, 0xb8000002, 0x88000002, + 0xa8000002, 0xf8000002, 0xe8000002, 0xc0000002, + 0xa0000002, 0xd0000002, 0xc8000002, 0xf0000002, + 0x80000002, 0x98000002, 0xd8000002, 0x90000002, + 0xb0000004, 0xe0000004, 0xb8000004, 0x88000004, + 0xa8000004, 0xf8000004, 0xe8000004, 0xc0000004, + 0xa0000004, 0xd0000004, 0xc8000004, 0xf0000004, + 0x80000004, 0x98000004, 0xd8000004, 0x90000004, + 0x30000006, 0x60000006, 0x38000006, 0x08000006, + 0x28000006, 0x78000006, 0x68000006, 0x40000006, + 0x20000006, 0x50000006, 0x48000006, 0x70000006, + 0x00000006, 0x18000006, 0x58000006, 0x10000006, + 0xb0000007, 0xe0000007, 0xb8000007, 0x88000007, + 0xa8000007, 0xf8000007, 0xe8000007, 0xc0000007, + 0xa0000007, 0xd0000007, 0xc8000007, 0xf0000007, + 0x80000007, 0x98000007, 0xd8000007, 0x90000007, + 0x30000007, 0x60000007, 0x38000007, 0x08000007, + 0x28000007, 0x78000007, 0x68000007, 0x40000007, + 0x20000007, 0x50000007, 0x48000007, 0x70000007, + 0x00000007, 0x18000007, 0x58000007, 0x10000007, + }, { /* 3 */ + 0x000000e8, 0x000000d8, 0x000000a0, 0x00000088, + 0x00000098, 0x000000f8, 0x000000a8, 0x000000c8, + 0x00000080, 0x000000d0, 0x000000f0, 0x000000b8, + 0x000000b0, 0x000000c0, 0x00000090, 0x000000e0, + 0x000007e8, 0x000007d8, 0x000007a0, 0x00000788, + 0x00000798, 0x000007f8, 0x000007a8, 0x000007c8, + 0x00000780, 0x000007d0, 0x000007f0, 0x000007b8, + 0x000007b0, 0x000007c0, 0x00000790, 0x000007e0, + 0x000006e8, 0x000006d8, 0x000006a0, 0x00000688, + 0x00000698, 0x000006f8, 0x000006a8, 0x000006c8, + 0x00000680, 0x000006d0, 0x000006f0, 0x000006b8, + 0x000006b0, 0x000006c0, 0x00000690, 0x000006e0, + 0x00000068, 0x00000058, 0x00000020, 0x00000008, + 0x00000018, 0x00000078, 0x00000028, 0x00000048, + 0x00000000, 0x00000050, 0x00000070, 0x00000038, + 0x00000030, 0x00000040, 0x00000010, 0x00000060, + 0x000002e8, 0x000002d8, 0x000002a0, 0x00000288, + 0x00000298, 0x000002f8, 0x000002a8, 0x000002c8, + 0x00000280, 0x000002d0, 0x000002f0, 0x000002b8, + 0x000002b0, 0x000002c0, 0x00000290, 0x000002e0, + 0x000003e8, 0x000003d8, 0x000003a0, 0x00000388, + 0x00000398, 0x000003f8, 0x000003a8, 0x000003c8, + 0x00000380, 0x000003d0, 0x000003f0, 0x000003b8, + 0x000003b0, 0x000003c0, 0x00000390, 0x000003e0, + 0x00000568, 0x00000558, 0x00000520, 0x00000508, + 0x00000518, 0x00000578, 0x00000528, 0x00000548, + 0x00000500, 0x00000550, 0x00000570, 0x00000538, + 0x00000530, 0x00000540, 0x00000510, 0x00000560, + 0x00000268, 0x00000258, 0x00000220, 0x00000208, + 0x00000218, 0x00000278, 0x00000228, 0x00000248, + 0x00000200, 0x00000250, 0x00000270, 0x00000238, + 0x00000230, 0x00000240, 0x00000210, 0x00000260, + 0x000004e8, 0x000004d8, 0x000004a0, 0x00000488, + 0x00000498, 0x000004f8, 0x000004a8, 0x000004c8, + 0x00000480, 0x000004d0, 0x000004f0, 0x000004b8, + 0x000004b0, 0x000004c0, 0x00000490, 0x000004e0, + 0x00000168, 0x00000158, 0x00000120, 0x00000108, + 0x00000118, 0x00000178, 0x00000128, 0x00000148, + 0x00000100, 0x00000150, 0x00000170, 0x00000138, + 0x00000130, 0x00000140, 0x00000110, 0x00000160, + 0x000001e8, 0x000001d8, 0x000001a0, 0x00000188, + 0x00000198, 0x000001f8, 0x000001a8, 0x000001c8, + 0x00000180, 0x000001d0, 0x000001f0, 0x000001b8, + 0x000001b0, 0x000001c0, 0x00000190, 0x000001e0, + 0x00000768, 0x00000758, 0x00000720, 0x00000708, + 0x00000718, 0x00000778, 0x00000728, 0x00000748, + 0x00000700, 0x00000750, 0x00000770, 0x00000738, + 0x00000730, 0x00000740, 0x00000710, 0x00000760, + 0x00000368, 0x00000358, 0x00000320, 0x00000308, + 0x00000318, 0x00000378, 0x00000328, 0x00000348, + 0x00000300, 0x00000350, 0x00000370, 0x00000338, + 0x00000330, 0x00000340, 0x00000310, 0x00000360, + 0x000005e8, 0x000005d8, 0x000005a0, 0x00000588, + 0x00000598, 0x000005f8, 0x000005a8, 0x000005c8, + 0x00000580, 0x000005d0, 0x000005f0, 0x000005b8, + 0x000005b0, 0x000005c0, 0x00000590, 0x000005e0, + 0x00000468, 0x00000458, 0x00000420, 0x00000408, + 0x00000418, 0x00000478, 0x00000428, 0x00000448, + 0x00000400, 0x00000450, 0x00000470, 0x00000438, + 0x00000430, 0x00000440, 0x00000410, 0x00000460, + 0x00000668, 0x00000658, 0x00000620, 0x00000608, + 0x00000618, 0x00000678, 0x00000628, 0x00000648, + 0x00000600, 0x00000650, 0x00000670, 0x00000638, + 0x00000630, 0x00000640, 0x00000610, 0x00000660, + } + } +}; + +/* + * A macro that performs a full encryption round of GOST 28147-89. + */ +#define GOST_ENCRYPT_ROUND(l, r, key1, key2, sbox) \ + do { \ + uint32_t round_tmp; \ + \ + round_tmp = (key1) + r; \ + l ^= (sbox)[0][(round_tmp & 0xff)] ^ \ + (sbox)[1][((round_tmp >> 8) & 0xff)] ^ \ + (sbox)[2][((round_tmp >> 16) & 0xff)] ^ \ + (sbox)[3][(round_tmp >> 24)]; \ + round_tmp = (key2) + l; \ + r ^= (sbox)[0][(round_tmp & 0xff)] ^ \ + (sbox)[1][((round_tmp >> 8) & 0xff)] ^ \ + (sbox)[2][((round_tmp >> 16) & 0xff)] ^ \ + (sbox)[3][(round_tmp >> 24)]; \ + } while (0) + +/* encrypt a block with the given key */ +void _gost28147_encrypt_block (const uint32_t *key, const uint32_t sbox[4][256], + const uint32_t *in, uint32_t *out) +{ + uint32_t l, r; + + r = in[0], l = in[1]; + GOST_ENCRYPT_ROUND(l, r, key[0], key[1], sbox); + GOST_ENCRYPT_ROUND(l, r, key[2], key[3], sbox); + GOST_ENCRYPT_ROUND(l, r, key[4], key[5], sbox); + GOST_ENCRYPT_ROUND(l, r, key[6], key[7], sbox); + GOST_ENCRYPT_ROUND(l, r, key[0], key[1], sbox); + GOST_ENCRYPT_ROUND(l, r, key[2], key[3], sbox); + GOST_ENCRYPT_ROUND(l, r, key[4], key[5], sbox); + GOST_ENCRYPT_ROUND(l, r, key[6], key[7], sbox); + GOST_ENCRYPT_ROUND(l, r, key[0], key[1], sbox); + GOST_ENCRYPT_ROUND(l, r, key[2], key[3], sbox); + GOST_ENCRYPT_ROUND(l, r, key[4], key[5], sbox); + GOST_ENCRYPT_ROUND(l, r, key[6], key[7], sbox); + GOST_ENCRYPT_ROUND(l, r, key[7], key[6], sbox); + GOST_ENCRYPT_ROUND(l, r, key[5], key[4], sbox); + GOST_ENCRYPT_ROUND(l, r, key[3], key[2], sbox); + GOST_ENCRYPT_ROUND(l, r, key[1], key[0], sbox); + *out = l, *(out + 1) = r; +} diff --git a/gost28147.h b/gost28147.h new file mode 100644 index 000000000000..d403c4329f13 --- /dev/null +++ b/gost28147.h @@ -0,0 +1,56 @@ +/* gost28147.h + + The GOST 28147-89 cipher function, described in RFC 5831. + + Copyright (C) 2019 Dmitry Eremin-Solenikov + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifndef NETTLE_GOST28147_H_INCLUDED +#define NETTLE_GOST28147_H_INCLUDED + +#include "nettle-types.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define gost28147_param_test_3411 nettle_gost28147_param_test_3411 + +struct gost28147_param +{ + uint32_t sbox[4][256]; +}; + +extern const struct gost28147_param gost28147_param_test_3411; + +#ifdef __cplusplus +} +#endif + +#endif /* NETTLE_GOST28147_H_INCLUDED */ diff --git a/gosthash94.c b/gosthash94.c index e60c9ae5cddf..53716ca744a2 100644 --- a/gosthash94.c +++ b/gosthash94.c @@ -1,5 +1,7 @@ -/* gost.c - an implementation of GOST Hash Function +/* gosthash94.c - an implementation of GOST Hash Function + * * based on the Russian Standard GOST R 34.11-94. + * English description in RFC 5831. * See also RFC 4357. * * Copyright: 2009-2012 Aleksey Kravchenko rhash.admin@gmail.com @@ -38,209 +40,8 @@ #include "macros.h" #include "nettle-write.h" #include "gosthash94.h" - -/* pre-initialized GOST lookup tables based on rotated S-Box */ -static const uint32_t gosthash94_sbox[4][256] = { - { - 0x72000, 0x75000, 0x74800, 0x71000, 0x76800, - 0x74000, 0x70000, 0x77000, 0x73000, 0x75800, - 0x70800, 0x76000, 0x73800, 0x77800, 0x72800, - 0x71800, 0x5A000, 0x5D000, 0x5C800, 0x59000, - 0x5E800, 0x5C000, 0x58000, 0x5F000, 0x5B000, - 0x5D800, 0x58800, 0x5E000, 0x5B800, 0x5F800, - 0x5A800, 0x59800, 0x22000, 0x25000, 0x24800, - 0x21000, 0x26800, 0x24000, 0x20000, 0x27000, - 0x23000, 0x25800, 0x20800, 0x26000, 0x23800, - 0x27800, 0x22800, 0x21800, 0x62000, 0x65000, - 0x64800, 0x61000, 0x66800, 0x64000, 0x60000, - 0x67000, 0x63000, 0x65800, 0x60800, 0x66000, - 0x63800, 0x67800, 0x62800, 0x61800, 0x32000, - 0x35000, 0x34800, 0x31000, 0x36800, 0x34000, - 0x30000, 0x37000, 0x33000, 0x35800, 0x30800, - 0x36000, 0x33800, 0x37800, 0x32800, 0x31800, - 0x6A000, 0x6D000, 0x6C800, 0x69000, 0x6E800, - 0x6C000, 0x68000, 0x6F000, 0x6B000, 0x6D800, - 0x68800, 0x6E000, 0x6B800, 0x6F800, 0x6A800, - 0x69800, 0x7A000, 0x7D000, 0x7C800, 0x79000, - 0x7E800, 0x7C000, 0x78000, 0x7F000, 0x7B000, - 0x7D800, 0x78800, 0x7E000, 0x7B800, 0x7F800, - 0x7A800, 0x79800, 0x52000, 0x55000, 0x54800, - 0x51000, 0x56800, 0x54000, 0x50000, 0x57000, - 0x53000, 0x55800, 0x50800, 0x56000, 0x53800, - 0x57800, 0x52800, 0x51800, 0x12000, 0x15000, - 0x14800, 0x11000, 0x16800, 0x14000, 0x10000, - 0x17000, 0x13000, 0x15800, 0x10800, 0x16000, - 0x13800, 0x17800, 0x12800, 0x11800, 0x1A000, - 0x1D000, 0x1C800, 0x19000, 0x1E800, 0x1C000, - 0x18000, 0x1F000, 0x1B000, 0x1D800, 0x18800, - 0x1E000, 0x1B800, 0x1F800, 0x1A800, 0x19800, - 0x42000, 0x45000, 0x44800, 0x41000, 0x46800, - 0x44000, 0x40000, 0x47000, 0x43000, 0x45800, - 0x40800, 0x46000, 0x43800, 0x47800, 0x42800, - 0x41800, 0xA000, 0xD000, 0xC800, 0x9000, - 0xE800, 0xC000, 0x8000, 0xF000, 0xB000, - 0xD800, 0x8800, 0xE000, 0xB800, 0xF800, - 0xA800, 0x9800, 0x2000, 0x5000, 0x4800, - 0x1000, 0x6800, 0x4000, 0x0, 0x7000, - 0x3000, 0x5800, 0x800, 0x6000, 0x3800, - 0x7800, 0x2800, 0x1800, 0x3A000, 0x3D000, - 0x3C800, 0x39000, 0x3E800, 0x3C000, 0x38000, - 0x3F000, 0x3B000, 0x3D800, 0x38800, 0x3E000, - 0x3B800, 0x3F800, 0x3A800, 0x39800, 0x2A000, - 0x2D000, 0x2C800, 0x29000, 0x2E800, 0x2C000, - 0x28000, 0x2F000, 0x2B000, 0x2D800, 0x28800, - 0x2E000, 0x2B800, 0x2F800, 0x2A800, 0x29800, - 0x4A000, 0x4D000, 0x4C800, 0x49000, 0x4E800, - 0x4C000, 0x48000, 0x4F000, 0x4B000, 0x4D800, - 0x48800, 0x4E000, 0x4B800, 0x4F800, 0x4A800, - 0x49800 - }, { - 0x3A80000, 0x3C00000, 0x3880000, 0x3E80000, 0x3D00000, - 0x3980000, 0x3A00000, 0x3900000, 0x3F00000, 0x3F80000, - 0x3E00000, 0x3B80000, 0x3B00000, 0x3800000, 0x3C80000, - 0x3D80000, 0x6A80000, 0x6C00000, 0x6880000, 0x6E80000, - 0x6D00000, 0x6980000, 0x6A00000, 0x6900000, 0x6F00000, - 0x6F80000, 0x6E00000, 0x6B80000, 0x6B00000, 0x6800000, - 0x6C80000, 0x6D80000, 0x5280000, 0x5400000, 0x5080000, - 0x5680000, 0x5500000, 0x5180000, 0x5200000, 0x5100000, - 0x5700000, 0x5780000, 0x5600000, 0x5380000, 0x5300000, - 0x5000000, 0x5480000, 0x5580000, 0xA80000, 0xC00000, - 0x880000, 0xE80000, 0xD00000, 0x980000, 0xA00000, - 0x900000, 0xF00000, 0xF80000, 0xE00000, 0xB80000, - 0xB00000, 0x800000, 0xC80000, 0xD80000, 0x280000, - 0x400000, 0x80000, 0x680000, 0x500000, 0x180000, - 0x200000, 0x100000, 0x700000, 0x780000, 0x600000, - 0x380000, 0x300000, 0x0, 0x480000, 0x580000, - 0x4280000, 0x4400000, 0x4080000, 0x4680000, 0x4500000, - 0x4180000, 0x4200000, 0x4100000, 0x4700000, 0x4780000, - 0x4600000, 0x4380000, 0x4300000, 0x4000000, 0x4480000, - 0x4580000, 0x4A80000, 0x4C00000, 0x4880000, 0x4E80000, - 0x4D00000, 0x4980000, 0x4A00000, 0x4900000, 0x4F00000, - 0x4F80000, 0x4E00000, 0x4B80000, 0x4B00000, 0x4800000, - 0x4C80000, 0x4D80000, 0x7A80000, 0x7C00000, 0x7880000, - 0x7E80000, 0x7D00000, 0x7980000, 0x7A00000, 0x7900000, - 0x7F00000, 0x7F80000, 0x7E00000, 0x7B80000, 0x7B00000, - 0x7800000, 0x7C80000, 0x7D80000, 0x7280000, 0x7400000, - 0x7080000, 0x7680000, 0x7500000, 0x7180000, 0x7200000, - 0x7100000, 0x7700000, 0x7780000, 0x7600000, 0x7380000, - 0x7300000, 0x7000000, 0x7480000, 0x7580000, 0x2280000, - 0x2400000, 0x2080000, 0x2680000, 0x2500000, 0x2180000, - 0x2200000, 0x2100000, 0x2700000, 0x2780000, 0x2600000, - 0x2380000, 0x2300000, 0x2000000, 0x2480000, 0x2580000, - 0x3280000, 0x3400000, 0x3080000, 0x3680000, 0x3500000, - 0x3180000, 0x3200000, 0x3100000, 0x3700000, 0x3780000, - 0x3600000, 0x3380000, 0x3300000, 0x3000000, 0x3480000, - 0x3580000, 0x6280000, 0x6400000, 0x6080000, 0x6680000, - 0x6500000, 0x6180000, 0x6200000, 0x6100000, 0x6700000, - 0x6780000, 0x6600000, 0x6380000, 0x6300000, 0x6000000, - 0x6480000, 0x6580000, 0x5A80000, 0x5C00000, 0x5880000, - 0x5E80000, 0x5D00000, 0x5980000, 0x5A00000, 0x5900000, - 0x5F00000, 0x5F80000, 0x5E00000, 0x5B80000, 0x5B00000, - 0x5800000, 0x5C80000, 0x5D80000, 0x1280000, 0x1400000, - 0x1080000, 0x1680000, 0x1500000, 0x1180000, 0x1200000, - 0x1100000, 0x1700000, 0x1780000, 0x1600000, 0x1380000, - 0x1300000, 0x1000000, 0x1480000, 0x1580000, 0x2A80000, - 0x2C00000, 0x2880000, 0x2E80000, 0x2D00000, 0x2980000, - 0x2A00000, 0x2900000, 0x2F00000, 0x2F80000, 0x2E00000, - 0x2B80000, 0x2B00000, 0x2800000, 0x2C80000, 0x2D80000, - 0x1A80000, 0x1C00000, 0x1880000, 0x1E80000, 0x1D00000, - 0x1980000, 0x1A00000, 0x1900000, 0x1F00000, 0x1F80000, - 0x1E00000, 0x1B80000, 0x1B00000, 0x1800000, 0x1C80000, - 0x1D80000 - }, { - 0x30000002, 0x60000002, 0x38000002, 0x8000002, - 0x28000002, 0x78000002, 0x68000002, 0x40000002, - 0x20000002, 0x50000002, 0x48000002, 0x70000002, - 0x2, 0x18000002, 0x58000002, 0x10000002, - 0xB0000005, 0xE0000005, 0xB8000005, 0x88000005, - 0xA8000005, 0xF8000005, 0xE8000005, 0xC0000005, - 0xA0000005, 0xD0000005, 0xC8000005, 0xF0000005, - 0x80000005, 0x98000005, 0xD8000005, 0x90000005, - 0x30000005, 0x60000005, 0x38000005, 0x8000005, - 0x28000005, 0x78000005, 0x68000005, 0x40000005, - 0x20000005, 0x50000005, 0x48000005, 0x70000005, - 0x5, 0x18000005, 0x58000005, 0x10000005, - 0x30000000, 0x60000000, 0x38000000, 0x8000000, - 0x28000000, 0x78000000, 0x68000000, 0x40000000, - 0x20000000, 0x50000000, 0x48000000, 0x70000000, - 0x0, 0x18000000, 0x58000000, 0x10000000, - 0xB0000003, 0xE0000003, 0xB8000003, 0x88000003, - 0xA8000003, 0xF8000003, 0xE8000003, 0xC0000003, - 0xA0000003, 0xD0000003, 0xC8000003, 0xF0000003, - 0x80000003, 0x98000003, 0xD8000003, 0x90000003, - 0x30000001, 0x60000001, 0x38000001, 0x8000001, - 0x28000001, 0x78000001, 0x68000001, 0x40000001, - 0x20000001, 0x50000001, 0x48000001, 0x70000001, - 0x1, 0x18000001, 0x58000001, 0x10000001, - 0xB0000000, 0xE0000000, 0xB8000000, 0x88000000, - 0xA8000000, 0xF8000000, 0xE8000000, 0xC0000000, - 0xA0000000, 0xD0000000, 0xC8000000, 0xF0000000, - 0x80000000, 0x98000000, 0xD8000000, 0x90000000, - 0xB0000006, 0xE0000006, 0xB8000006, 0x88000006, - 0xA8000006, 0xF8000006, 0xE8000006, 0xC0000006, - 0xA0000006, 0xD0000006, 0xC8000006, 0xF0000006, - 0x80000006, 0x98000006, 0xD8000006, 0x90000006, - 0xB0000001, 0xE0000001, 0xB8000001, 0x88000001, - 0xA8000001, 0xF8000001, 0xE8000001, 0xC0000001, - 0xA0000001, 0xD0000001, 0xC8000001, 0xF0000001, - 0x80000001, 0x98000001, 0xD8000001, 0x90000001, - 0x30000003, 0x60000003, 0x38000003, 0x8000003, - 0x28000003, 0x78000003, 0x68000003, 0x40000003, - 0x20000003, 0x50000003, 0x48000003, 0x70000003, - 0x3, 0x18000003, 0x58000003, 0x10000003, - 0x30000004, 0x60000004, 0x38000004, 0x8000004, - 0x28000004, 0x78000004, 0x68000004, 0x40000004, - 0x20000004, 0x50000004, 0x48000004, 0x70000004, - 0x4, 0x18000004, 0x58000004, 0x10000004, - 0xB0000002, 0xE0000002, 0xB8000002, 0x88000002, - 0xA8000002, 0xF8000002, 0xE8000002, 0xC0000002, - 0xA0000002, 0xD0000002, 0xC8000002, 0xF0000002, - 0x80000002, 0x98000002, 0xD8000002, 0x90000002, - 0xB0000004, 0xE0000004, 0xB8000004, 0x88000004, - 0xA8000004, 0xF8000004, 0xE8000004, 0xC0000004, - 0xA0000004, 0xD0000004, 0xC8000004, 0xF0000004, - 0x80000004, 0x98000004, 0xD8000004, 0x90000004, - 0x30000006, 0x60000006, 0x38000006, 0x8000006, - 0x28000006, 0x78000006, 0x68000006, 0x40000006, - 0x20000006, 0x50000006, 0x48000006, 0x70000006, - 0x6, 0x18000006, 0x58000006, 0x10000006, - 0xB0000007, 0xE0000007, 0xB8000007, 0x88000007, - 0xA8000007, 0xF8000007, 0xE8000007, 0xC0000007, - 0xA0000007, 0xD0000007, 0xC8000007, 0xF0000007, - 0x80000007, 0x98000007, 0xD8000007, 0x90000007, - 0x30000007, 0x60000007, 0x38000007, 0x8000007, - 0x28000007, 0x78000007, 0x68000007, 0x40000007, - 0x20000007, 0x50000007, 0x48000007, 0x70000007, - 0x7, 0x18000007, 0x58000007, 0x10000007 - }, { - 0xE8, 0xD8, 0xA0, 0x88, 0x98, 0xF8, 0xA8, 0xC8, 0x80, 0xD0, - 0xF0, 0xB8, 0xB0, 0xC0, 0x90, 0xE0, 0x7E8, 0x7D8, 0x7A0, 0x788, - 0x798, 0x7F8, 0x7A8, 0x7C8, 0x780, 0x7D0, 0x7F0, 0x7B8, 0x7B0, 0x7C0, - 0x790, 0x7E0, 0x6E8, 0x6D8, 0x6A0, 0x688, 0x698, 0x6F8, 0x6A8, 0x6C8, - 0x680, 0x6D0, 0x6F0, 0x6B8, 0x6B0, 0x6C0, 0x690, 0x6E0, 0x68, 0x58, - 0x20, 0x8, 0x18, 0x78, 0x28, 0x48, 0x0, 0x50, 0x70, 0x38, - 0x30, 0x40, 0x10, 0x60, 0x2E8, 0x2D8, 0x2A0, 0x288, 0x298, 0x2F8, - 0x2A8, 0x2C8, 0x280, 0x2D0, 0x2F0, 0x2B8, 0x2B0, 0x2C0, 0x290, 0x2E0, - 0x3E8, 0x3D8, 0x3A0, 0x388, 0x398, 0x3F8, 0x3A8, 0x3C8, 0x380, 0x3D0, - 0x3F0, 0x3B8, 0x3B0, 0x3C0, 0x390, 0x3E0, 0x568, 0x558, 0x520, 0x508, - 0x518, 0x578, 0x528, 0x548, 0x500, 0x550, 0x570, 0x538, 0x530, 0x540, - 0x510, 0x560, 0x268, 0x258, 0x220, 0x208, 0x218, 0x278, 0x228, 0x248, - 0x200, 0x250, 0x270, 0x238, 0x230, 0x240, 0x210, 0x260, 0x4E8, 0x4D8, - 0x4A0, 0x488, 0x498, 0x4F8, 0x4A8, 0x4C8, 0x480, 0x4D0, 0x4F0, 0x4B8, - 0x4B0, 0x4C0, 0x490, 0x4E0, 0x168, 0x158, 0x120, 0x108, 0x118, 0x178, - 0x128, 0x148, 0x100, 0x150, 0x170, 0x138, 0x130, 0x140, 0x110, 0x160, - 0x1E8, 0x1D8, 0x1A0, 0x188, 0x198, 0x1F8, 0x1A8, 0x1C8, 0x180, 0x1D0, - 0x1F0, 0x1B8, 0x1B0, 0x1C0, 0x190, 0x1E0, 0x768, 0x758, 0x720, 0x708, - 0x718, 0x778, 0x728, 0x748, 0x700, 0x750, 0x770, 0x738, 0x730, 0x740, - 0x710, 0x760, 0x368, 0x358, 0x320, 0x308, 0x318, 0x378, 0x328, 0x348, - 0x300, 0x350, 0x370, 0x338, 0x330, 0x340, 0x310, 0x360, 0x5E8, 0x5D8, - 0x5A0, 0x588, 0x598, 0x5F8, 0x5A8, 0x5C8, 0x580, 0x5D0, 0x5F0, 0x5B8, - 0x5B0, 0x5C0, 0x590, 0x5E0, 0x468, 0x458, 0x420, 0x408, 0x418, 0x478, - 0x428, 0x448, 0x400, 0x450, 0x470, 0x438, 0x430, 0x440, 0x410, 0x460, - 0x668, 0x658, 0x620, 0x608, 0x618, 0x678, 0x628, 0x648, 0x600, 0x650, - 0x670, 0x638, 0x630, 0x640, 0x610, 0x660 - } -}; +#include "gost28147.h" +#include "gost28147-internal.h"
/** * Initialize algorithm context before calculating hash @@ -254,40 +55,6 @@ gosthash94_init (struct gosthash94_ctx *ctx) memset (ctx, 0, sizeof (struct gosthash94_ctx)); }
-/* - * A macro that performs a full encryption round of GOST 28147-89. - * Temporary variables tmp assumed and variables r and l for left and right - * blocks. - */ -#define GOST_ENCRYPT_ROUND(key1, key2, sbox) \ - tmp = (key1) + r; \ - l ^= (sbox)[0][tmp & 0xff] ^ (sbox)[1][(tmp >> 8) & 0xff] ^ \ - (sbox)[2][(tmp >> 16) & 0xff] ^ (sbox)[3][tmp >> 24]; \ - tmp = (key2) + l; \ - r ^= (sbox)[0][tmp & 0xff] ^ (sbox)[1][(tmp >> 8) & 0xff] ^ \ - (sbox)[2][(tmp >> 16) & 0xff] ^ (sbox)[3][tmp >> 24]; - -/* encrypt a block with the given key */ -#define GOST_ENCRYPT(result, i, key, hash, sbox) \ - r = hash[i], l = hash[i + 1]; \ - GOST_ENCRYPT_ROUND(key[0], key[1], sbox) \ - GOST_ENCRYPT_ROUND(key[2], key[3], sbox) \ - GOST_ENCRYPT_ROUND(key[4], key[5], sbox) \ - GOST_ENCRYPT_ROUND(key[6], key[7], sbox) \ - GOST_ENCRYPT_ROUND(key[0], key[1], sbox) \ - GOST_ENCRYPT_ROUND(key[2], key[3], sbox) \ - GOST_ENCRYPT_ROUND(key[4], key[5], sbox) \ - GOST_ENCRYPT_ROUND(key[6], key[7], sbox) \ - GOST_ENCRYPT_ROUND(key[0], key[1], sbox) \ - GOST_ENCRYPT_ROUND(key[2], key[3], sbox) \ - GOST_ENCRYPT_ROUND(key[4], key[5], sbox) \ - GOST_ENCRYPT_ROUND(key[6], key[7], sbox) \ - GOST_ENCRYPT_ROUND(key[7], key[6], sbox) \ - GOST_ENCRYPT_ROUND(key[5], key[4], sbox) \ - GOST_ENCRYPT_ROUND(key[3], key[2], sbox) \ - GOST_ENCRYPT_ROUND(key[1], key[0], sbox) \ - result[i] = l, result[i + 1] = r; - /** * The core transformation. Process a 512-bit block. * @@ -299,7 +66,6 @@ gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) { unsigned i; uint32_t key[8], u[8], v[8], w[8], s[8]; - uint32_t l, r, tmp;
/* u := hash, v := <256-bit message block> */ memcpy (u, ctx->hash, sizeof (u)); @@ -341,7 +107,7 @@ gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) ((w[5] & 0xff000000) >> 8) | (w[7] & 0xff000000);
/* encryption: s_i := E_{key_i} (h_i) */ - GOST_ENCRYPT (s, i, key, ctx->hash, gosthash94_sbox); + _gost28147_encrypt_block (key, gost28147_param_test_3411.sbox, &ctx->hash[i], &s[i]);
if (i == 0) {
Hash gosthash94 implements GOST R 34.11-94 standard using S-Box defined in the standard 'for testing purposes only'. RFC 4357 defines S-Box (CryptoPro one) for GOST R 34.11-94 hash function that is widely used in applications. Add separate hash function algorithm (gosthash94cp) implementing GOST R 34.11-94 hashing using that S-Box.
Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- examples/nettle-benchmark.c | 1 + gost28147.c | 267 ++++++++++++++++++++++++++++++++++++ gost28147.h | 2 + gosthash94-meta.c | 3 + gosthash94.c | 83 +++++++++-- gosthash94.h | 13 ++ nettle-meta.h | 1 + nettle.texinfo | 41 +++++- testsuite/gosthash94-test.c | 12 ++ 9 files changed, 405 insertions(+), 18 deletions(-)
diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c index 6e0f560b6bdc..5d0e649ea726 100644 --- a/examples/nettle-benchmark.c +++ b/examples/nettle-benchmark.c @@ -918,6 +918,7 @@ main(int argc, char **argv) &nettle_sha3_224, &nettle_sha3_256, &nettle_sha3_384, &nettle_sha3_512, &nettle_ripemd160, &nettle_gosthash94, + &nettle_gosthash94cp, NULL };
diff --git a/gost28147.c b/gost28147.c index 419cb943084d..15d314c86c17 100644 --- a/gost28147.c +++ b/gost28147.c @@ -304,6 +304,273 @@ const struct gost28147_param gost28147_param_test_3411 = } };
+const struct gost28147_param gost28147_param_CryptoPro_3411 = +{ + { + { /* 0 */ + 0x0002d000, 0x0002a000, 0x0002a800, 0x0002b000, + 0x0002c000, 0x00028800, 0x00029800, 0x0002b800, + 0x0002e800, 0x0002e000, 0x0002f000, 0x00028000, + 0x0002c800, 0x00029000, 0x0002d800, 0x0002f800, + 0x0007d000, 0x0007a000, 0x0007a800, 0x0007b000, + 0x0007c000, 0x00078800, 0x00079800, 0x0007b800, + 0x0007e800, 0x0007e000, 0x0007f000, 0x00078000, + 0x0007c800, 0x00079000, 0x0007d800, 0x0007f800, + 0x00025000, 0x00022000, 0x00022800, 0x00023000, + 0x00024000, 0x00020800, 0x00021800, 0x00023800, + 0x00026800, 0x00026000, 0x00027000, 0x00020000, + 0x00024800, 0x00021000, 0x00025800, 0x00027800, + 0x00005000, 0x00002000, 0x00002800, 0x00003000, + 0x00004000, 0x00000800, 0x00001800, 0x00003800, + 0x00006800, 0x00006000, 0x00007000, 0x00000000, + 0x00004800, 0x00001000, 0x00005800, 0x00007800, + 0x00015000, 0x00012000, 0x00012800, 0x00013000, + 0x00014000, 0x00010800, 0x00011800, 0x00013800, + 0x00016800, 0x00016000, 0x00017000, 0x00010000, + 0x00014800, 0x00011000, 0x00015800, 0x00017800, + 0x0006d000, 0x0006a000, 0x0006a800, 0x0006b000, + 0x0006c000, 0x00068800, 0x00069800, 0x0006b800, + 0x0006e800, 0x0006e000, 0x0006f000, 0x00068000, + 0x0006c800, 0x00069000, 0x0006d800, 0x0006f800, + 0x0005d000, 0x0005a000, 0x0005a800, 0x0005b000, + 0x0005c000, 0x00058800, 0x00059800, 0x0005b800, + 0x0005e800, 0x0005e000, 0x0005f000, 0x00058000, + 0x0005c800, 0x00059000, 0x0005d800, 0x0005f800, + 0x0004d000, 0x0004a000, 0x0004a800, 0x0004b000, + 0x0004c000, 0x00048800, 0x00049800, 0x0004b800, + 0x0004e800, 0x0004e000, 0x0004f000, 0x00048000, + 0x0004c800, 0x00049000, 0x0004d800, 0x0004f800, + 0x0000d000, 0x0000a000, 0x0000a800, 0x0000b000, + 0x0000c000, 0x00008800, 0x00009800, 0x0000b800, + 0x0000e800, 0x0000e000, 0x0000f000, 0x00008000, + 0x0000c800, 0x00009000, 0x0000d800, 0x0000f800, + 0x0003d000, 0x0003a000, 0x0003a800, 0x0003b000, + 0x0003c000, 0x00038800, 0x00039800, 0x0003b800, + 0x0003e800, 0x0003e000, 0x0003f000, 0x00038000, + 0x0003c800, 0x00039000, 0x0003d800, 0x0003f800, + 0x00035000, 0x00032000, 0x00032800, 0x00033000, + 0x00034000, 0x00030800, 0x00031800, 0x00033800, + 0x00036800, 0x00036000, 0x00037000, 0x00030000, + 0x00034800, 0x00031000, 0x00035800, 0x00037800, + 0x0001d000, 0x0001a000, 0x0001a800, 0x0001b000, + 0x0001c000, 0x00018800, 0x00019800, 0x0001b800, + 0x0001e800, 0x0001e000, 0x0001f000, 0x00018000, + 0x0001c800, 0x00019000, 0x0001d800, 0x0001f800, + 0x00065000, 0x00062000, 0x00062800, 0x00063000, + 0x00064000, 0x00060800, 0x00061800, 0x00063800, + 0x00066800, 0x00066000, 0x00067000, 0x00060000, + 0x00064800, 0x00061000, 0x00065800, 0x00067800, + 0x00075000, 0x00072000, 0x00072800, 0x00073000, + 0x00074000, 0x00070800, 0x00071800, 0x00073800, + 0x00076800, 0x00076000, 0x00077000, 0x00070000, + 0x00074800, 0x00071000, 0x00075800, 0x00077800, + 0x00055000, 0x00052000, 0x00052800, 0x00053000, + 0x00054000, 0x00050800, 0x00051800, 0x00053800, + 0x00056800, 0x00056000, 0x00057000, 0x00050000, + 0x00054800, 0x00051000, 0x00055800, 0x00057800, + 0x00045000, 0x00042000, 0x00042800, 0x00043000, + 0x00044000, 0x00040800, 0x00041800, 0x00043800, + 0x00046800, 0x00046000, 0x00047000, 0x00040000, + 0x00044800, 0x00041000, 0x00045800, 0x00047800, + }, { /* 1 */ + 0x02380000, 0x02780000, 0x02600000, 0x02700000, + 0x02480000, 0x02200000, 0x02080000, 0x02000000, + 0x02180000, 0x02580000, 0x02280000, 0x02100000, + 0x02300000, 0x02500000, 0x02400000, 0x02680000, + 0x05380000, 0x05780000, 0x05600000, 0x05700000, + 0x05480000, 0x05200000, 0x05080000, 0x05000000, + 0x05180000, 0x05580000, 0x05280000, 0x05100000, + 0x05300000, 0x05500000, 0x05400000, 0x05680000, + 0x03b80000, 0x03f80000, 0x03e00000, 0x03f00000, + 0x03c80000, 0x03a00000, 0x03880000, 0x03800000, + 0x03980000, 0x03d80000, 0x03a80000, 0x03900000, + 0x03b00000, 0x03d00000, 0x03c00000, 0x03e80000, + 0x06380000, 0x06780000, 0x06600000, 0x06700000, + 0x06480000, 0x06200000, 0x06080000, 0x06000000, + 0x06180000, 0x06580000, 0x06280000, 0x06100000, + 0x06300000, 0x06500000, 0x06400000, 0x06680000, + 0x00380000, 0x00780000, 0x00600000, 0x00700000, + 0x00480000, 0x00200000, 0x00080000, 0x00000000, + 0x00180000, 0x00580000, 0x00280000, 0x00100000, + 0x00300000, 0x00500000, 0x00400000, 0x00680000, + 0x07b80000, 0x07f80000, 0x07e00000, 0x07f00000, + 0x07c80000, 0x07a00000, 0x07880000, 0x07800000, + 0x07980000, 0x07d80000, 0x07a80000, 0x07900000, + 0x07b00000, 0x07d00000, 0x07c00000, 0x07e80000, + 0x01380000, 0x01780000, 0x01600000, 0x01700000, + 0x01480000, 0x01200000, 0x01080000, 0x01000000, + 0x01180000, 0x01580000, 0x01280000, 0x01100000, + 0x01300000, 0x01500000, 0x01400000, 0x01680000, + 0x04380000, 0x04780000, 0x04600000, 0x04700000, + 0x04480000, 0x04200000, 0x04080000, 0x04000000, + 0x04180000, 0x04580000, 0x04280000, 0x04100000, + 0x04300000, 0x04500000, 0x04400000, 0x04680000, + 0x07380000, 0x07780000, 0x07600000, 0x07700000, + 0x07480000, 0x07200000, 0x07080000, 0x07000000, + 0x07180000, 0x07580000, 0x07280000, 0x07100000, + 0x07300000, 0x07500000, 0x07400000, 0x07680000, + 0x00b80000, 0x00f80000, 0x00e00000, 0x00f00000, + 0x00c80000, 0x00a00000, 0x00880000, 0x00800000, + 0x00980000, 0x00d80000, 0x00a80000, 0x00900000, + 0x00b00000, 0x00d00000, 0x00c00000, 0x00e80000, + 0x03380000, 0x03780000, 0x03600000, 0x03700000, + 0x03480000, 0x03200000, 0x03080000, 0x03000000, + 0x03180000, 0x03580000, 0x03280000, 0x03100000, + 0x03300000, 0x03500000, 0x03400000, 0x03680000, + 0x02b80000, 0x02f80000, 0x02e00000, 0x02f00000, + 0x02c80000, 0x02a00000, 0x02880000, 0x02800000, + 0x02980000, 0x02d80000, 0x02a80000, 0x02900000, + 0x02b00000, 0x02d00000, 0x02c00000, 0x02e80000, + 0x06b80000, 0x06f80000, 0x06e00000, 0x06f00000, + 0x06c80000, 0x06a00000, 0x06880000, 0x06800000, + 0x06980000, 0x06d80000, 0x06a80000, 0x06900000, + 0x06b00000, 0x06d00000, 0x06c00000, 0x06e80000, + 0x05b80000, 0x05f80000, 0x05e00000, 0x05f00000, + 0x05c80000, 0x05a00000, 0x05880000, 0x05800000, + 0x05980000, 0x05d80000, 0x05a80000, 0x05900000, + 0x05b00000, 0x05d00000, 0x05c00000, 0x05e80000, + 0x04b80000, 0x04f80000, 0x04e00000, 0x04f00000, + 0x04c80000, 0x04a00000, 0x04880000, 0x04800000, + 0x04980000, 0x04d80000, 0x04a80000, 0x04900000, + 0x04b00000, 0x04d00000, 0x04c00000, 0x04e80000, + 0x01b80000, 0x01f80000, 0x01e00000, 0x01f00000, + 0x01c80000, 0x01a00000, 0x01880000, 0x01800000, + 0x01980000, 0x01d80000, 0x01a80000, 0x01900000, + 0x01b00000, 0x01d00000, 0x01c00000, 0x01e80000, + }, { /* 2 */ + 0xb8000003, 0xb0000003, 0xa0000003, 0xd8000003, + 0xc8000003, 0xe0000003, 0x90000003, 0xd0000003, + 0x88000003, 0xc0000003, 0x80000003, 0xf0000003, + 0xf8000003, 0xe8000003, 0x98000003, 0xa8000003, + 0x38000003, 0x30000003, 0x20000003, 0x58000003, + 0x48000003, 0x60000003, 0x10000003, 0x50000003, + 0x08000003, 0x40000003, 0x00000003, 0x70000003, + 0x78000003, 0x68000003, 0x18000003, 0x28000003, + 0x38000001, 0x30000001, 0x20000001, 0x58000001, + 0x48000001, 0x60000001, 0x10000001, 0x50000001, + 0x08000001, 0x40000001, 0x00000001, 0x70000001, + 0x78000001, 0x68000001, 0x18000001, 0x28000001, + 0x38000002, 0x30000002, 0x20000002, 0x58000002, + 0x48000002, 0x60000002, 0x10000002, 0x50000002, + 0x08000002, 0x40000002, 0x00000002, 0x70000002, + 0x78000002, 0x68000002, 0x18000002, 0x28000002, + 0xb8000006, 0xb0000006, 0xa0000006, 0xd8000006, + 0xc8000006, 0xe0000006, 0x90000006, 0xd0000006, + 0x88000006, 0xc0000006, 0x80000006, 0xf0000006, + 0xf8000006, 0xe8000006, 0x98000006, 0xa8000006, + 0xb8000004, 0xb0000004, 0xa0000004, 0xd8000004, + 0xc8000004, 0xe0000004, 0x90000004, 0xd0000004, + 0x88000004, 0xc0000004, 0x80000004, 0xf0000004, + 0xf8000004, 0xe8000004, 0x98000004, 0xa8000004, + 0xb8000007, 0xb0000007, 0xa0000007, 0xd8000007, + 0xc8000007, 0xe0000007, 0x90000007, 0xd0000007, + 0x88000007, 0xc0000007, 0x80000007, 0xf0000007, + 0xf8000007, 0xe8000007, 0x98000007, 0xa8000007, + 0x38000000, 0x30000000, 0x20000000, 0x58000000, + 0x48000000, 0x60000000, 0x10000000, 0x50000000, + 0x08000000, 0x40000000, 0x00000000, 0x70000000, + 0x78000000, 0x68000000, 0x18000000, 0x28000000, + 0x38000005, 0x30000005, 0x20000005, 0x58000005, + 0x48000005, 0x60000005, 0x10000005, 0x50000005, + 0x08000005, 0x40000005, 0x00000005, 0x70000005, + 0x78000005, 0x68000005, 0x18000005, 0x28000005, + 0xb8000000, 0xb0000000, 0xa0000000, 0xd8000000, + 0xc8000000, 0xe0000000, 0x90000000, 0xd0000000, + 0x88000000, 0xc0000000, 0x80000000, 0xf0000000, + 0xf8000000, 0xe8000000, 0x98000000, 0xa8000000, + 0xb8000002, 0xb0000002, 0xa0000002, 0xd8000002, + 0xc8000002, 0xe0000002, 0x90000002, 0xd0000002, + 0x88000002, 0xc0000002, 0x80000002, 0xf0000002, + 0xf8000002, 0xe8000002, 0x98000002, 0xa8000002, + 0xb8000005, 0xb0000005, 0xa0000005, 0xd8000005, + 0xc8000005, 0xe0000005, 0x90000005, 0xd0000005, + 0x88000005, 0xc0000005, 0x80000005, 0xf0000005, + 0xf8000005, 0xe8000005, 0x98000005, 0xa8000005, + 0x38000004, 0x30000004, 0x20000004, 0x58000004, + 0x48000004, 0x60000004, 0x10000004, 0x50000004, + 0x08000004, 0x40000004, 0x00000004, 0x70000004, + 0x78000004, 0x68000004, 0x18000004, 0x28000004, + 0x38000007, 0x30000007, 0x20000007, 0x58000007, + 0x48000007, 0x60000007, 0x10000007, 0x50000007, + 0x08000007, 0x40000007, 0x00000007, 0x70000007, + 0x78000007, 0x68000007, 0x18000007, 0x28000007, + 0x38000006, 0x30000006, 0x20000006, 0x58000006, + 0x48000006, 0x60000006, 0x10000006, 0x50000006, + 0x08000006, 0x40000006, 0x00000006, 0x70000006, + 0x78000006, 0x68000006, 0x18000006, 0x28000006, + 0xb8000001, 0xb0000001, 0xa0000001, 0xd8000001, + 0xc8000001, 0xe0000001, 0x90000001, 0xd0000001, + 0x88000001, 0xc0000001, 0x80000001, 0xf0000001, + 0xf8000001, 0xe8000001, 0x98000001, 0xa8000001, + }, { /* 3 */ + 0x000000e8, 0x000000f0, 0x000000a0, 0x00000088, + 0x000000b8, 0x00000080, 0x000000a8, 0x000000d0, + 0x00000098, 0x000000e0, 0x000000c0, 0x000000f8, + 0x000000b0, 0x00000090, 0x000000c8, 0x000000d8, + 0x000001e8, 0x000001f0, 0x000001a0, 0x00000188, + 0x000001b8, 0x00000180, 0x000001a8, 0x000001d0, + 0x00000198, 0x000001e0, 0x000001c0, 0x000001f8, + 0x000001b0, 0x00000190, 0x000001c8, 0x000001d8, + 0x00000568, 0x00000570, 0x00000520, 0x00000508, + 0x00000538, 0x00000500, 0x00000528, 0x00000550, + 0x00000518, 0x00000560, 0x00000540, 0x00000578, + 0x00000530, 0x00000510, 0x00000548, 0x00000558, + 0x000004e8, 0x000004f0, 0x000004a0, 0x00000488, + 0x000004b8, 0x00000480, 0x000004a8, 0x000004d0, + 0x00000498, 0x000004e0, 0x000004c0, 0x000004f8, + 0x000004b0, 0x00000490, 0x000004c8, 0x000004d8, + 0x000002e8, 0x000002f0, 0x000002a0, 0x00000288, + 0x000002b8, 0x00000280, 0x000002a8, 0x000002d0, + 0x00000298, 0x000002e0, 0x000002c0, 0x000002f8, + 0x000002b0, 0x00000290, 0x000002c8, 0x000002d8, + 0x000005e8, 0x000005f0, 0x000005a0, 0x00000588, + 0x000005b8, 0x00000580, 0x000005a8, 0x000005d0, + 0x00000598, 0x000005e0, 0x000005c0, 0x000005f8, + 0x000005b0, 0x00000590, 0x000005c8, 0x000005d8, + 0x00000268, 0x00000270, 0x00000220, 0x00000208, + 0x00000238, 0x00000200, 0x00000228, 0x00000250, + 0x00000218, 0x00000260, 0x00000240, 0x00000278, + 0x00000230, 0x00000210, 0x00000248, 0x00000258, + 0x000007e8, 0x000007f0, 0x000007a0, 0x00000788, + 0x000007b8, 0x00000780, 0x000007a8, 0x000007d0, + 0x00000798, 0x000007e0, 0x000007c0, 0x000007f8, + 0x000007b0, 0x00000790, 0x000007c8, 0x000007d8, + 0x00000468, 0x00000470, 0x00000420, 0x00000408, + 0x00000438, 0x00000400, 0x00000428, 0x00000450, + 0x00000418, 0x00000460, 0x00000440, 0x00000478, + 0x00000430, 0x00000410, 0x00000448, 0x00000458, + 0x00000368, 0x00000370, 0x00000320, 0x00000308, + 0x00000338, 0x00000300, 0x00000328, 0x00000350, + 0x00000318, 0x00000360, 0x00000340, 0x00000378, + 0x00000330, 0x00000310, 0x00000348, 0x00000358, + 0x000003e8, 0x000003f0, 0x000003a0, 0x00000388, + 0x000003b8, 0x00000380, 0x000003a8, 0x000003d0, + 0x00000398, 0x000003e0, 0x000003c0, 0x000003f8, + 0x000003b0, 0x00000390, 0x000003c8, 0x000003d8, + 0x00000768, 0x00000770, 0x00000720, 0x00000708, + 0x00000738, 0x00000700, 0x00000728, 0x00000750, + 0x00000718, 0x00000760, 0x00000740, 0x00000778, + 0x00000730, 0x00000710, 0x00000748, 0x00000758, + 0x000006e8, 0x000006f0, 0x000006a0, 0x00000688, + 0x000006b8, 0x00000680, 0x000006a8, 0x000006d0, + 0x00000698, 0x000006e0, 0x000006c0, 0x000006f8, + 0x000006b0, 0x00000690, 0x000006c8, 0x000006d8, + 0x00000068, 0x00000070, 0x00000020, 0x00000008, + 0x00000038, 0x00000000, 0x00000028, 0x00000050, + 0x00000018, 0x00000060, 0x00000040, 0x00000078, + 0x00000030, 0x00000010, 0x00000048, 0x00000058, + 0x00000168, 0x00000170, 0x00000120, 0x00000108, + 0x00000138, 0x00000100, 0x00000128, 0x00000150, + 0x00000118, 0x00000160, 0x00000140, 0x00000178, + 0x00000130, 0x00000110, 0x00000148, 0x00000158, + 0x00000668, 0x00000670, 0x00000620, 0x00000608, + 0x00000638, 0x00000600, 0x00000628, 0x00000650, + 0x00000618, 0x00000660, 0x00000640, 0x00000678, + 0x00000630, 0x00000610, 0x00000648, 0x00000658, + } + } +}; + /* * A macro that performs a full encryption round of GOST 28147-89. */ diff --git a/gost28147.h b/gost28147.h index d403c4329f13..32e7d5e81eb8 100644 --- a/gost28147.h +++ b/gost28147.h @@ -41,6 +41,7 @@ extern "C" { #endif
#define gost28147_param_test_3411 nettle_gost28147_param_test_3411 +#define gost28147_param_CryptoPro_3411 nettle_gost28147_param_CryptoPro_3411
struct gost28147_param { @@ -48,6 +49,7 @@ struct gost28147_param };
extern const struct gost28147_param gost28147_param_test_3411; +extern const struct gost28147_param gost28147_param_CryptoPro_3411;
#ifdef __cplusplus } diff --git a/gosthash94-meta.c b/gosthash94-meta.c index 42b05562b7f8..ad203bfd6c18 100644 --- a/gosthash94-meta.c +++ b/gosthash94-meta.c @@ -39,3 +39,6 @@
const struct nettle_hash nettle_gosthash94 = _NETTLE_HASH(gosthash94, GOSTHASH94); + +const struct nettle_hash nettle_gosthash94cp += _NETTLE_HASH(gosthash94cp, GOSTHASH94CP); diff --git a/gosthash94.c b/gosthash94.c index 53716ca744a2..954130f741e9 100644 --- a/gosthash94.c +++ b/gosthash94.c @@ -5,6 +5,7 @@ * See also RFC 4357. * * Copyright: 2009-2012 Aleksey Kravchenko rhash.admin@gmail.com + * Copyright: 2019 Dmitry Eremin-Solenikov dbaryshkov@gmail.com * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -62,7 +63,8 @@ gosthash94_init (struct gosthash94_ctx *ctx) * @param block the message block to process */ static void -gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) +gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block, + const uint32_t sbox[4][256]) { unsigned i; uint32_t key[8], u[8], v[8], w[8], s[8]; @@ -107,7 +109,7 @@ gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) ((w[5] & 0xff000000) >> 8) | (w[7] & 0xff000000);
/* encryption: s_i := E_{key_i} (h_i) */ - _gost28147_encrypt_block (key, gost28147_param_test_3411.sbox, &ctx->hash[i], &s[i]); + _gost28147_encrypt_block (key, sbox, &ctx->hash[i], &s[i]);
if (i == 0) { @@ -262,7 +264,8 @@ gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) * @param block the 256-bit message block to process */ static void -gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block) +gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block, + const uint32_t sbox[4][256]) { uint32_t block_le[8]; unsigned i, carry; @@ -278,7 +281,7 @@ gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block) }
/* update message hash */ - gost_block_compress (ctx, block_le); + gost_block_compress (ctx, block_le, sbox); }
/** @@ -289,9 +292,10 @@ gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block) * @param msg message chunk * @param size length of the message chunk */ -void -gosthash94_update (struct gosthash94_ctx *ctx, - size_t length, const uint8_t *msg) +static void +gosthash94_update_int (struct gosthash94_ctx *ctx, + size_t length, const uint8_t *msg, + const uint32_t sbox[4][256]) { unsigned index = (unsigned) ctx->length & 31; ctx->length += length; @@ -305,13 +309,13 @@ gosthash94_update (struct gosthash94_ctx *ctx, return;
/* process partial block */ - gost_compute_sum_and_hash (ctx, ctx->message); + gost_compute_sum_and_hash (ctx, ctx->message, sbox); msg += left; length -= left; } while (length >= GOSTHASH94_BLOCK_SIZE) { - gost_compute_sum_and_hash (ctx, msg); + gost_compute_sum_and_hash (ctx, msg, sbox); msg += GOSTHASH94_BLOCK_SIZE; length -= GOSTHASH94_BLOCK_SIZE; } @@ -322,15 +326,48 @@ gosthash94_update (struct gosthash94_ctx *ctx, } }
+/** + * Calculate message hash. + * Can be called repeatedly with chunks of the message to be hashed. + * + * @param ctx the algorithm context containing current hashing state + * @param msg message chunk + * @param size length of the message chunk + */ +void +gosthash94_update (struct gosthash94_ctx *ctx, + size_t length, const uint8_t *msg) +{ + gosthash94_update_int (ctx, length, msg, + gost28147_param_test_3411.sbox); +} + +/** + * Calculate message hash. + * Can be called repeatedly with chunks of the message to be hashed. + * + * @param ctx the algorithm context containing current hashing state + * @param msg message chunk + * @param size length of the message chunk + */ +void +gosthash94cp_update (struct gosthash94_ctx *ctx, + size_t length, const uint8_t *msg) +{ + gosthash94_update_int (ctx, length, msg, + gost28147_param_CryptoPro_3411.sbox); +} + /** * Finish hashing and store message digest into given array. * * @param ctx the algorithm context containing current hashing state * @param result calculated hash in binary form */ -void -gosthash94_digest (struct gosthash94_ctx *ctx, - size_t length, uint8_t *result) +static void +gosthash94_write_digest (struct gosthash94_ctx *ctx, + size_t length, uint8_t *result, + const uint32_t sbox[4][256]) { unsigned index = ctx->length & 31; uint32_t msg32[8]; @@ -341,7 +378,7 @@ gosthash94_digest (struct gosthash94_ctx *ctx, if (index > 0) { memset (ctx->message + index, 0, 32 - index); - gost_compute_sum_and_hash (ctx, ctx->message); + gost_compute_sum_and_hash (ctx, ctx->message, sbox); }
/* hash the message length and the sum */ @@ -349,10 +386,26 @@ gosthash94_digest (struct gosthash94_ctx *ctx, msg32[1] = ctx->length >> 29; memset (msg32 + 2, 0, sizeof (uint32_t) * 6);
- gost_block_compress (ctx, msg32); - gost_block_compress (ctx, ctx->sum); + gost_block_compress (ctx, msg32, sbox); + gost_block_compress (ctx, ctx->sum, sbox);
/* convert hash state to result bytes */ _nettle_write_le32(length, result, ctx->hash); gosthash94_init (ctx); } + +void +gosthash94_digest (struct gosthash94_ctx *ctx, + size_t length, uint8_t *result) +{ + gosthash94_write_digest (ctx, length, result, + gost28147_param_test_3411.sbox); +} + +void +gosthash94cp_digest (struct gosthash94_ctx *ctx, + size_t length, uint8_t *result) +{ + gosthash94_write_digest (ctx, length, result, + gost28147_param_CryptoPro_3411.sbox); +} diff --git a/gosthash94.h b/gosthash94.h index 60b2bef2837f..dfa97f61de6e 100644 --- a/gosthash94.h +++ b/gosthash94.h @@ -72,11 +72,17 @@ extern "C" { #define gosthash94_update nettle_gosthash94_update #define gosthash94_digest nettle_gosthash94_digest
+#define gosthash94cp_update nettle_gosthash94cp_update +#define gosthash94cp_digest nettle_gosthash94cp_digest + #define GOSTHASH94_BLOCK_SIZE 32 #define GOSTHASH94_DIGEST_SIZE 32 /* For backwards compatibility */ #define GOSTHASH94_DATA_SIZE GOSTHASH94_BLOCK_SIZE
+#define GOSTHASH94CP_BLOCK_SIZE GOSTHASH94_BLOCK_SIZE +#define GOSTHASH94CP_DIGEST_SIZE GOSTHASH94_DIGEST_SIZE + struct gosthash94_ctx { uint32_t hash[8]; /* algorithm 256-bit state */ @@ -84,6 +90,7 @@ struct gosthash94_ctx uint64_t length; /* number of processed bytes */ uint8_t message[GOSTHASH94_BLOCK_SIZE]; /* 256-bit buffer for leftovers */ }; +#define gosthash94cp_ctx gosthash94_ctx
void gosthash94_init(struct gosthash94_ctx *ctx); void gosthash94_update(struct gosthash94_ctx *ctx, @@ -91,6 +98,12 @@ void gosthash94_update(struct gosthash94_ctx *ctx, void gosthash94_digest(struct gosthash94_ctx *ctx, size_t length, uint8_t *result);
+#define gosthash94cp_init gosthash94_init +void gosthash94cp_update(struct gosthash94_ctx *ctx, + size_t length, const uint8_t *msg); +void gosthash94cp_digest(struct gosthash94_ctx *ctx, + size_t length, uint8_t *result); + #ifdef __cplusplus } #endif diff --git a/nettle-meta.h b/nettle-meta.h index 74e50e59cd2e..b4cdb8f3e378 100644 --- a/nettle-meta.h +++ b/nettle-meta.h @@ -130,6 +130,7 @@ extern const struct nettle_hash nettle_md2; extern const struct nettle_hash nettle_md4; extern const struct nettle_hash nettle_md5; extern const struct nettle_hash nettle_gosthash94; +extern const struct nettle_hash nettle_gosthash94cp; extern const struct nettle_hash nettle_ripemd160; extern const struct nettle_hash nettle_sha1; extern const struct nettle_hash nettle_sha224; diff --git a/nettle.texinfo b/nettle.texinfo index 9cdec4806214..422bd7c8ecf0 100644 --- a/nettle.texinfo +++ b/nettle.texinfo @@ -1039,12 +1039,17 @@ This function also resets the context in the same way as @end deftypefun
-@subsubsection @acronym{GOSTHASH94} +@subsubsection @acronym{GOSTHASH94 and GOSTHASH94CP}
The GOST94 or GOST R 34.11-94 hash algorithm is a Soviet-era algorithm used in Russian government standards (see @cite{RFC 4357}). -It outputs message digests of 256 bits, or 32 octets. -Nettle defines GOSTHASH94 in @file{<nettle/gosthash94.h>}. +It outputs message digests of 256 bits, or 32 octets. The standard itself +does not fix the S-box used by the hash algorith, so there are two popular +variants (the testing S-box from the standard itself and the S-box defined +by CryptoPro company, see RFC 4357). Nettle provides support for the former +S-box in the form of GOSTHASH94 hash algorithm and for the latter in the +form of GOSTHASH94CP hash algorithm. +Nettle defines GOSTHASH94 and GOSTHASH94CP in @file{<nettle/gosthash94.h>}.
@deftp {Context struct} {struct gosthash94_ctx} @end deftp @@ -1075,6 +1080,35 @@ This function also resets the context in the same way as @code{gosthash94_init}. @end deftypefun
+@deftp {Context struct} {struct gosthash94cp_ctx} +@end deftp + +@defvr Constant GOSTHASH94CP_DIGEST_SIZE +The size of a GOSTHASH94CP digest, i.e. 32. +@end defvr + +@defvr Constant GOSTHASH94CP_BLOCK_SIZE +The internal block size of GOSTHASH94CP, i.e., 32. +@end defvr + +@deftypefun void gosthash94cp_init (struct gosthash94cp_ctx *@var{ctx}) +Initialize the GOSTHASH94CP state. +@end deftypefun + +@deftypefun void gosthash94cp_update (struct gosthash94cp_ctx *@var{ctx}, size_t @var{length}, const uint8_t *@var{data}) +Hash some more data. +@end deftypefun + +@deftypefun void gosthash94cp_digest (struct gosthash94cp_ctx *@var{ctx}, size_t @var{length}, uint8_t *@var{digest}) +Performs final processing and extracts the message digest, writing it +to @var{digest}. @var{length} may be smaller than +@code{GOSTHASH94CP_DIGEST_SIZE}, in which case only the first @var{length} +octets of the digest are written. + +This function also resets the context in the same way as +@code{gosthash94cp_init}. +@end deftypefun + @node nettle_hash abstraction,, Legacy hash functions, Hash functions @comment node-name, next, previous, up @subsection The @code{struct nettle_hash} abstraction @@ -1104,6 +1138,7 @@ The last three attributes are function pointers, of types @deftypevrx {Constant Struct} {struct nettle_hash} nettle_sha512 @deftypevrx {Constant Struct} {struct nettle_hash} nettle_sha3_256 @deftypevrx {Constant Struct} {struct nettle_hash} nettle_gosthash94 +@deftypevrx {Constant Struct} {struct nettle_hash} nettle_gosthash94cp These are all the hash functions that Nettle implements. @end deftypevr
diff --git a/testsuite/gosthash94-test.c b/testsuite/gosthash94-test.c index 77fb8befa9d8..d4e5015843d9 100644 --- a/testsuite/gosthash94-test.c +++ b/testsuite/gosthash94-test.c @@ -17,4 +17,16 @@ test_main(void)
test_hash(&nettle_gosthash94, SDATA(""), SHEX("ce85b99cc46752fffee35cab9a7b0278abb4c2d2055cff685af4912c49490f8d")); + + test_hash(&nettle_gosthash94cp, SDATA("The quick brown fox jumps over the lazy dog"), + SHEX("9004294a361a508c586fe53d1f1b02746765e71b765472786e4770d565830a76")); + + test_hash(&nettle_gosthash94cp, SDATA("message digest"), + SHEX("bc6041dd2aa401ebfa6e9886734174febdb4729aa972d60f549ac39b29721ba0")); + + test_hash(&nettle_gosthash94cp, SDATA("a"), + SHEX("e74c52dd282183bf37af0079c9f78055715a103f17e3133ceff1aacf2f403011")); + + test_hash(&nettle_gosthash94cp, SDATA(""), + SHEX("981e5f3ca30c841487830f84fb433e13ac1101569b9c13584ac483234cd656c0")); }
Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- gosthash94.c | 43 +++++++++---------------------------------- gosthash94.h | 5 +++-- 2 files changed, 12 insertions(+), 36 deletions(-)
diff --git a/gosthash94.c b/gosthash94.c index 954130f741e9..b1ea98736b0d 100644 --- a/gosthash94.c +++ b/gosthash94.c @@ -284,6 +284,8 @@ gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block, gost_block_compress (ctx, block_le, sbox); }
+#define COMPRESS(ctx, block) gost_compute_sum_and_hash((ctx), (block), sbox); + /** * Calculate message hash. * Can be called repeatedly with chunks of the message to be hashed. @@ -297,33 +299,7 @@ gosthash94_update_int (struct gosthash94_ctx *ctx, size_t length, const uint8_t *msg, const uint32_t sbox[4][256]) { - unsigned index = (unsigned) ctx->length & 31; - ctx->length += length; - - /* fill partial block */ - if (index) - { - unsigned left = GOSTHASH94_BLOCK_SIZE - index; - memcpy (ctx->message + index, msg, (length < left ? length : left)); - if (length < left) - return; - - /* process partial block */ - gost_compute_sum_and_hash (ctx, ctx->message, sbox); - msg += left; - length -= left; - } - while (length >= GOSTHASH94_BLOCK_SIZE) - { - gost_compute_sum_and_hash (ctx, msg, sbox); - msg += GOSTHASH94_BLOCK_SIZE; - length -= GOSTHASH94_BLOCK_SIZE; - } - if (length) - { - /* save leftovers */ - memcpy (ctx->message, msg, length); - } + MD_UPDATE(ctx, length, msg, COMPRESS, ctx->count++); }
/** @@ -369,21 +345,20 @@ gosthash94_write_digest (struct gosthash94_ctx *ctx, size_t length, uint8_t *result, const uint32_t sbox[4][256]) { - unsigned index = ctx->length & 31; - uint32_t msg32[8]; + uint32_t msg32[GOSTHASH94_BLOCK_SIZE / 4];
assert(length <= GOSTHASH94_DIGEST_SIZE);
/* pad the last block with zeroes and hash it */ - if (index > 0) + if (ctx->index > 0) { - memset (ctx->message + index, 0, 32 - index); - gost_compute_sum_and_hash (ctx, ctx->message, sbox); + memset (ctx->block + ctx->index, 0, GOSTHASH94_BLOCK_SIZE - ctx->index); + gost_compute_sum_and_hash (ctx, ctx->block, sbox); }
/* hash the message length and the sum */ - msg32[0] = ctx->length << 3; - msg32[1] = ctx->length >> 29; + msg32[0] = (ctx->count << 8) | (ctx->index << 3); + msg32[1] = ctx->count >> 24; memset (msg32 + 2, 0, sizeof (uint32_t) * 6);
gost_block_compress (ctx, msg32, sbox); diff --git a/gosthash94.h b/gosthash94.h index dfa97f61de6e..0efd6412e6a9 100644 --- a/gosthash94.h +++ b/gosthash94.h @@ -87,8 +87,9 @@ struct gosthash94_ctx { uint32_t hash[8]; /* algorithm 256-bit state */ uint32_t sum[8]; /* sum of processed message blocks */ - uint64_t length; /* number of processed bytes */ - uint8_t message[GOSTHASH94_BLOCK_SIZE]; /* 256-bit buffer for leftovers */ + uint64_t count; /* Block count */ + unsigned index; /* Into buffer */ + uint8_t block[GOSTHASH94_BLOCK_SIZE]; /* 256-bit buffer for leftovers */ }; #define gosthash94cp_ctx gosthash94_ctx
Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:
--- a/gosthash94.h +++ b/gosthash94.h @@ -87,8 +87,9 @@ struct gosthash94_ctx { uint32_t hash[8]; /* algorithm 256-bit state */ uint32_t sum[8]; /* sum of processed message blocks */
- uint64_t length; /* number of processed bytes */
- uint8_t message[GOSTHASH94_BLOCK_SIZE]; /* 256-bit buffer for leftovers */
- uint64_t count; /* Block count */
- unsigned index; /* Into buffer */
- uint8_t block[GOSTHASH94_BLOCK_SIZE]; /* 256-bit buffer for leftovers */
}; #define gosthash94cp_ctx gosthash94_ctx
This is a nice cleanup, but it's also both an ABI break, right? Since the size of this struct is changed.
Unfortunate I missed this one when I moved around fields in other hash contexts prior to the 3.5 release (which was an abi break), probably because I was guided by the findings of "git grep block".
Regards, /Niels
Add entries for gosthash94 and gosthash94cp in nettle_hashes array.
Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- nettle-meta-hashes.c | 2 ++ testsuite/meta-hash-test.c | 2 ++ 2 files changed, 4 insertions(+)
diff --git a/nettle-meta-hashes.c b/nettle-meta-hashes.c index 37552edec5ca..27b576cdc58c 100644 --- a/nettle-meta-hashes.c +++ b/nettle-meta-hashes.c @@ -38,6 +38,8 @@ #include "nettle-meta.h"
const struct nettle_hash * const _nettle_hashes[] = { + &nettle_gosthash94, + &nettle_gosthash94cp, &nettle_md2, &nettle_md4, &nettle_md5, diff --git a/testsuite/meta-hash-test.c b/testsuite/meta-hash-test.c index 4754f66596ee..7d863a7c386d 100644 --- a/testsuite/meta-hash-test.c +++ b/testsuite/meta-hash-test.c @@ -5,6 +5,8 @@ #include "sha3.h"
const char* hashes[] = { + "gosthash94", + "gosthash94cp", "md2", "md4", "md5",
GOST hash functions can be used to generate MAC using HMAC algorithm. Add functions implementing HMAC with GOSTHASH94/GOSTHASH94CP.
Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- Makefile.in | 5 +-- hmac-gosthash94.c | 79 +++++++++++++++++++++++++++++++++++++++++++ hmac.h | 37 ++++++++++++++++++++ testsuite/hmac-test.c | 14 ++++++++ 4 files changed, 133 insertions(+), 2 deletions(-) create mode 100644 hmac-gosthash94.c
diff --git a/Makefile.in b/Makefile.in index f583981c4367..0a1ca696dbaa 100644 --- a/Makefile.in +++ b/Makefile.in @@ -104,8 +104,9 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ gcm-camellia256.c gcm-camellia256-meta.c \ cmac.c cmac-aes128.c cmac-aes256.c \ gost28147.c gosthash94.c gosthash94-meta.c \ - hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \ - hmac-sha224.c hmac-sha256.c hmac-sha384.c hmac-sha512.c \ + hmac.c hmac-gosthash94.c hmac-md5.c hmac-ripemd160.c \ + hmac-sha1.c hmac-sha224.c hmac-sha256.c hmac-sha384.c \ + hmac-sha512.c \ knuth-lfib.c hkdf.c \ md2.c md2-meta.c md4.c md4-meta.c \ md5.c md5-compress.c md5-compat.c md5-meta.c \ diff --git a/hmac-gosthash94.c b/hmac-gosthash94.c new file mode 100644 index 000000000000..66b62854d25e --- /dev/null +++ b/hmac-gosthash94.c @@ -0,0 +1,79 @@ +/* hmac-gosthash94.c + + HMAC-GOSTHASH94 message authentication code. + + Copyright (C) 2016 Dmitry Eremin-Solenikov + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "hmac.h" + +void +hmac_gosthash94_set_key(struct hmac_gosthash94_ctx *ctx, + size_t key_length, const uint8_t *key) +{ + HMAC_SET_KEY(ctx, &nettle_gosthash94, key_length, key); +} + +void +hmac_gosthash94_update(struct hmac_gosthash94_ctx *ctx, + size_t length, const uint8_t *data) +{ + gosthash94_update(&ctx->state, length, data); +} + +void +hmac_gosthash94_digest(struct hmac_gosthash94_ctx *ctx, + size_t length, uint8_t *digest) +{ + HMAC_DIGEST(ctx, &nettle_gosthash94, length, digest); +} + +void +hmac_gosthash94cp_set_key(struct hmac_gosthash94cp_ctx *ctx, + size_t key_length, const uint8_t *key) +{ + HMAC_SET_KEY(ctx, &nettle_gosthash94cp, key_length, key); +} + +void +hmac_gosthash94cp_update(struct hmac_gosthash94cp_ctx *ctx, + size_t length, const uint8_t *data) +{ + gosthash94cp_update(&ctx->state, length, data); +} +void +hmac_gosthash94cp_digest(struct hmac_gosthash94cp_ctx *ctx, + size_t length, uint8_t *digest) +{ + HMAC_DIGEST(ctx, &nettle_gosthash94cp, length, digest); +} diff --git a/hmac.h b/hmac.h index 40a8e77aab6d..d9ee3400108d 100644 --- a/hmac.h +++ b/hmac.h @@ -36,6 +36,7 @@
#include "nettle-meta.h"
+#include "gosthash94.h" #include "md5.h" #include "ripemd160.h" #include "sha1.h" @@ -68,6 +69,12 @@ extern "C" { #define hmac_sha512_set_key nettle_hmac_sha512_set_key #define hmac_sha512_update nettle_hmac_sha512_update #define hmac_sha512_digest nettle_hmac_sha512_digest +#define hmac_gosthash94_set_key nettle_hmac_gosthash94_set_key +#define hmac_gosthash94_update nettle_hmac_gosthash94_update +#define hmac_gosthash94_digest nettle_hmac_gosthash94_digest +#define hmac_gosthash94cp_set_key nettle_hmac_gosthash94cp_set_key +#define hmac_gosthash94cp_update nettle_hmac_gosthash94cp_update +#define hmac_gosthash94cp_digest nettle_hmac_gosthash94cp_digest
void hmac_set_key(void *outer, void *inner, void *state, @@ -203,6 +210,36 @@ void hmac_sha384_digest(struct hmac_sha512_ctx *ctx, size_t length, uint8_t *digest);
+/* hmac-gosthash94 */ +struct hmac_gosthash94_ctx HMAC_CTX(struct gosthash94_ctx); + +void +hmac_gosthash94_set_key(struct hmac_gosthash94_ctx *ctx, + size_t key_length, const uint8_t *key); + +void +hmac_gosthash94_update(struct hmac_gosthash94_ctx *ctx, + size_t length, const uint8_t *data); + + void +hmac_gosthash94_digest(struct hmac_gosthash94_ctx *ctx, + size_t length, uint8_t *digest); + +struct hmac_gosthash94cp_ctx HMAC_CTX(struct gosthash94cp_ctx); + +void +hmac_gosthash94cp_set_key(struct hmac_gosthash94cp_ctx *ctx, + size_t key_length, const uint8_t *key); + +void +hmac_gosthash94cp_update(struct hmac_gosthash94cp_ctx *ctx, + size_t length, const uint8_t *data); + +void +hmac_gosthash94cp_digest(struct hmac_gosthash94cp_ctx *ctx, + size_t length, uint8_t *digest); + + #ifdef __cplusplus } #endif diff --git a/testsuite/hmac-test.c b/testsuite/hmac-test.c index 9156cc406d2c..f009c8003d34 100644 --- a/testsuite/hmac-test.c +++ b/testsuite/hmac-test.c @@ -894,4 +894,18 @@ test_main(void) "b1ff68a1de45509fbe4da9a433922655"));
/* Test case AUTH512-3 from same document seems broken. */ + + HMAC_TEST(gosthash94, + SHEX("000102030405060708090a0b0c0d0e0f" + "101112131415161718191a1b1c1d1e1f"), + SHEX("0126bdb87800af214341456563780100"), + SHEX("bfebe25f051bfef6ac858babb0abc409" + "bfd2e334ab847bc0b0d056517c7d94c5")); + + HMAC_TEST(gosthash94cp, + SHEX("000102030405060708090a0b0c0d0e0f" + "101112131415161718191a1b1c1d1e1f"), + SHEX("0126bdb87800af214341456563780100"), + SHEX("bad70b61c41095bc47e1141cfaed4272" + "6a5ceebd62ce75dbbb9ad76cda9f72f7")); }
Russian technical comitee working on standartization of cryptography algorithms has published the document describing usage of GOST R 34.11-94 hash function with PBKDF2 algorithm (MR 26.2.001-2012). Add test vectors from that document and a special function implementing Nettle interface for PBKDF2 using gosthash94cp.
Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- Makefile.in | 3 ++- pbkdf2-hmac-gosthash94.c | 53 ++++++++++++++++++++++++++++++++++++++++ pbkdf2.h | 7 ++++++ testsuite/pbkdf2-test.c | 24 ++++++++++++++++++ 4 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 pbkdf2-hmac-gosthash94.c
diff --git a/Makefile.in b/Makefile.in index 0a1ca696dbaa..d247f0988da1 100644 --- a/Makefile.in +++ b/Makefile.in @@ -114,7 +114,8 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ nettle-lookup-hash.c \ nettle-meta-aeads.c nettle-meta-armors.c \ nettle-meta-ciphers.c nettle-meta-hashes.c \ - pbkdf2.c pbkdf2-hmac-sha1.c pbkdf2-hmac-sha256.c \ + pbkdf2.c pbkdf2-hmac-gosthash94.c pbkdf2-hmac-sha1.c \ + pbkdf2-hmac-sha256.c \ poly1305-aes.c poly1305-internal.c \ realloc.c \ ripemd160.c ripemd160-compress.c ripemd160-meta.c \ diff --git a/pbkdf2-hmac-gosthash94.c b/pbkdf2-hmac-gosthash94.c new file mode 100644 index 000000000000..bf61659433c3 --- /dev/null +++ b/pbkdf2-hmac-gosthash94.c @@ -0,0 +1,53 @@ +/* pbkdf2-hmac-gosthash94.c + + PKCS #5 PBKDF2 used with HMAC-GOSTHASH94CP. + + Copyright (C) 2016 Dmitry Eremin-Solenikov + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "pbkdf2.h" + +#include "hmac.h" + +void +pbkdf2_hmac_gosthash94cp (size_t key_length, const uint8_t *key, + unsigned iterations, + size_t salt_length, const uint8_t *salt, + size_t length, uint8_t *dst) +{ + struct hmac_gosthash94cp_ctx gosthash94cpctx; + + hmac_gosthash94cp_set_key (&gosthash94cpctx, key_length, key); + PBKDF2 (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, iterations, salt_length, salt, length, dst); +} diff --git a/pbkdf2.h b/pbkdf2.h index 7b1c4c9c1881..a36dfdbaa437 100644 --- a/pbkdf2.h +++ b/pbkdf2.h @@ -45,6 +45,7 @@ extern "C" #define pbkdf2 nettle_pbkdf2 #define pbkdf2_hmac_sha1 nettle_pbkdf2_hmac_sha1 #define pbkdf2_hmac_sha256 nettle_pbkdf2_hmac_sha256 +#define pbkdf2_hmac_gosthash94cp nettle_pbkdf2_hmac_gosthash94cp
void pbkdf2 (void *mac_ctx, @@ -78,6 +79,12 @@ pbkdf2_hmac_sha256 (size_t key_length, const uint8_t *key, size_t salt_length, const uint8_t *salt, size_t length, uint8_t *dst);
+void +pbkdf2_hmac_gosthash94cp (size_t key_length, const uint8_t *key, + unsigned iterations, + size_t salt_length, const uint8_t *salt, + size_t length, uint8_t *dst); + #ifdef __cplusplus } #endif diff --git a/testsuite/pbkdf2-test.c b/testsuite/pbkdf2-test.c index bb8da57fbb73..e64a20d09dea 100644 --- a/testsuite/pbkdf2-test.c +++ b/testsuite/pbkdf2-test.c @@ -28,6 +28,7 @@ test_main (void) struct hmac_sha1_ctx sha1ctx; struct hmac_sha256_ctx sha256ctx; struct hmac_sha512_ctx sha512ctx; + struct hmac_gosthash94cp_ctx gosthash94cpctx;
/* Test vectors for PBKDF2 from RFC 6070. */
@@ -110,4 +111,27 @@ test_main (void) PBKDF2_HMAC_TEST(pbkdf2_hmac_sha256, LDATA("passwd"), 1, LDATA("salt"), SHEX("55ac046e56e3089fec1691c22544b605"));
+ /* From TC26 document, MR 26.2.001-2012 */ + + hmac_gosthash94cp_set_key (&gosthash94cpctx, LDATA("password")); + PBKDF2_TEST (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, 1, LDATA("salt"), + SHEX("7314e7c04fb2e662c543674253f68bd0b73445d07f241bed872882da21662d58")); + + PBKDF2_TEST (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, 4096, LDATA("salt"), + SHEX("1f1829a94bdff5be10d0aeb36af498e7a97467f3b31116a5a7c1afff9deadafe")); + + hmac_gosthash94cp_set_key (&gosthash94cpctx, LDATA("passwordPASSWORDpassword")); + PBKDF2_TEST (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, 4096, LDATA("saltSALTsaltSALTsaltSALTsaltSALTsalt"), + SHEX("788358c69cb2dbe251a7bb17d5f4241f265a792a35becde8d56f326b49c85047b7638acb4764b1fd")); + + hmac_gosthash94cp_set_key (&gosthash94cpctx, LDATA("pass\0word")); + PBKDF2_TEST (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, 4096, LDATA("sa\0lt"), + SHEX("43e06c5590b08c0225242373127edf9c8e9c3291")); + + PBKDF2_HMAC_TEST (pbkdf2_hmac_gosthash94cp, LDATA("password"), 1, LDATA("salt"), + SHEX("7314e7c04fb2e662c543674253f68bd0b73445d07f241bed872882da21662d58")); }
Hello,
чт, 11 июл. 2019 г. в 21:43, Dmitry Eremin-Solenikov dbaryshkov@gmail.com:
Hash function GOST R 34.11-94 (gosthash94) in its compression function uses Russian block cipher (GOST 28147-89, Magma). Start separating block cipher code from hash function code. For now there is no public interface for this cipher, it will be added later.
Any feedback on v2 of patchset?
Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com
Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:
Any feedback on v2 of patchset?
Looks good, merged onto a branch godthash94cp. Not sure what to do about the MD_UPDATE cleanup, though, maybe we need to revert that one out to not change the abi (unless we decide to do an abi change for other reasons).
Regards, /Niels
сб, 14 сент. 2019 г. в 13:33, Niels Möller nisse@lysator.liu.se:
Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:
Any feedback on v2 of patchset?
Looks good, merged onto a branch godthash94cp. Not sure what to do about the MD_UPDATE cleanup, though, maybe we need to revert that one out to not change the abi (unless we decide to do an abi change for other reasons).
I can live with the patch in question
Regards, /Niels
-- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject to wholesale government surveillance.
сб, 14 сент. 2019 г. в 13:33, Niels Möller nisse@lysator.liu.se:
Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:
Any feedback on v2 of patchset?
Looks good, merged onto a branch godthash94cp. Not sure what to do about the MD_UPDATE cleanup, though, maybe we need to revert that one out to not change the abi (unless we decide to do an abi change for other reasons).
I'm sorry, hit enter too soon.
I can live with the patch in question being left out for now. We can merge it later.
-- With best wishes Dmitry
Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:
I can live with the patch in question being left out for now. We can merge it later.
Merged to master now.
One more question: The gost28147.h header, do you intend to add any documented functions there soon? Otherwise, might be better to delete that file and move the declarations of gost28147_param_* over to gost28147-internal.h.
Regards, /Niels
вс, 15 сент. 2019 г. в 11:40, Niels Möller nisse@lysator.liu.se:
Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:
I can live with the patch in question being left out for now. We can merge it later.
Merged to master now.
Thank you!
One more question: The gost28147.h header, do you intend to add any documented functions there soon? Otherwise, might be better to delete that file and move the declarations of gost28147_param_* over to gost28147-internal.h.
Yes, I will provide next patchset in few days, which will make use of this header.
nettle-bugs@lists.lysator.liu.se