Line data Source code
1 : /* gost28147.c - GOST 28147-89 implementation for Libgcrypt
2 : * Copyright (C) 2012 Free Software Foundation, Inc.
3 : *
4 : * This file is part of Libgcrypt.
5 : *
6 : * Libgcrypt is free software; you can redistribute it and/or modify
7 : * it under the terms of the GNU Lesser General Public License as
8 : * published by the Free Software Foundation; either version 2.1 of
9 : * the License, or (at your option) any later version.
10 : *
11 : * Libgcrypt is distributed in the hope that it will be useful,
12 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : * GNU Lesser General Public License for more details.
15 : *
16 : * You should have received a copy of the GNU Lesser General Public
17 : * License along with this program; if not, see <http://www.gnu.org/licenses/>.
18 : */
19 :
20 : /* GOST 28147-89 defines several modes of encryption:
21 : * - ECB which should be used only for key transfer
22 : * - CFB mode
23 : * - OFB-like mode with additional transformation on keystream
24 : * RFC 5830 names this 'counter encryption' mode
25 : * Original GOST text uses the term 'gammirovanie'
26 : * - MAC mode
27 : *
28 : * This implementation handles ECB and CFB modes via usual libgcrypt handling.
29 : * OFB-like and MAC modes are unsupported.
30 : */
31 :
32 : #include <config.h>
33 : #include "types.h"
34 : #include "g10lib.h"
35 : #include "cipher.h"
36 : #include "bufhelp.h"
37 :
38 : #include "gost.h"
39 : #include "gost-sb.h"
40 :
41 : static gcry_err_code_t
42 278 : gost_setkey (void *c, const byte *key, unsigned keylen)
43 : {
44 : int i;
45 278 : GOST28147_context *ctx = c;
46 :
47 278 : if (keylen != 256 / 8)
48 0 : return GPG_ERR_INV_KEYLEN;
49 :
50 278 : if (!ctx->sbox)
51 278 : ctx->sbox = sbox_test_3411;
52 :
53 2502 : for (i = 0; i < 8; i++)
54 : {
55 2224 : ctx->key[i] = buf_get_le32(&key[4*i]);
56 : }
57 278 : return GPG_ERR_NO_ERROR;
58 : }
59 :
60 : static u32
61 245849024 : gost_val (GOST28147_context *ctx, u32 cm1, int subkey)
62 : {
63 245849024 : cm1 += ctx->key[subkey];
64 737547072 : cm1 = ctx->sbox[0*256 + ((cm1 >> 0) & 0xff)] |
65 491698048 : ctx->sbox[1*256 + ((cm1 >> 8) & 0xff)] |
66 245849024 : ctx->sbox[2*256 + ((cm1 >> 16) & 0xff)] |
67 245849024 : ctx->sbox[3*256 + ((cm1 >> 24) & 0xff)];
68 245849024 : return cm1;
69 : }
70 :
71 : static unsigned int
72 7007762 : _gost_encrypt_data (void *c, u32 *o1, u32 *o2, u32 n1, u32 n2)
73 : {
74 7007762 : GOST28147_context *ctx = c;
75 :
76 7007762 : n2 ^= gost_val (ctx, n1, 0); n1 ^= gost_val (ctx, n2, 1);
77 7007762 : n2 ^= gost_val (ctx, n1, 2); n1 ^= gost_val (ctx, n2, 3);
78 7007762 : n2 ^= gost_val (ctx, n1, 4); n1 ^= gost_val (ctx, n2, 5);
79 7007762 : n2 ^= gost_val (ctx, n1, 6); n1 ^= gost_val (ctx, n2, 7);
80 :
81 7007762 : n2 ^= gost_val (ctx, n1, 0); n1 ^= gost_val (ctx, n2, 1);
82 7007762 : n2 ^= gost_val (ctx, n1, 2); n1 ^= gost_val (ctx, n2, 3);
83 7007762 : n2 ^= gost_val (ctx, n1, 4); n1 ^= gost_val (ctx, n2, 5);
84 7007762 : n2 ^= gost_val (ctx, n1, 6); n1 ^= gost_val (ctx, n2, 7);
85 :
86 7007762 : n2 ^= gost_val (ctx, n1, 0); n1 ^= gost_val (ctx, n2, 1);
87 7007762 : n2 ^= gost_val (ctx, n1, 2); n1 ^= gost_val (ctx, n2, 3);
88 7007762 : n2 ^= gost_val (ctx, n1, 4); n1 ^= gost_val (ctx, n2, 5);
89 7007762 : n2 ^= gost_val (ctx, n1, 6); n1 ^= gost_val (ctx, n2, 7);
90 :
91 7007762 : n2 ^= gost_val (ctx, n1, 7); n1 ^= gost_val (ctx, n2, 6);
92 7007762 : n2 ^= gost_val (ctx, n1, 5); n1 ^= gost_val (ctx, n2, 4);
93 7007762 : n2 ^= gost_val (ctx, n1, 3); n1 ^= gost_val (ctx, n2, 2);
94 7007762 : n2 ^= gost_val (ctx, n1, 1); n1 ^= gost_val (ctx, n2, 0);
95 :
96 7007762 : *o1 = n2;
97 7007762 : *o2 = n1;
98 :
99 7007762 : return /* burn_stack */ 4*sizeof(void*) /* func call */ +
100 : 3*sizeof(void*) /* stack */ +
101 : 4*sizeof(void*) /* gost_val call */;
102 : }
103 :
104 : static unsigned int
105 3794942 : gost_encrypt_block (void *c, byte *outbuf, const byte *inbuf)
106 : {
107 3794942 : GOST28147_context *ctx = c;
108 : u32 n1, n2;
109 : unsigned int burn;
110 :
111 3794942 : n1 = buf_get_le32 (inbuf);
112 3794942 : n2 = buf_get_le32 (inbuf+4);
113 :
114 3794942 : burn = _gost_encrypt_data(ctx, &n1, &n2, n1, n2);
115 :
116 3794942 : buf_put_le32 (outbuf+0, n1);
117 3794942 : buf_put_le32 (outbuf+4, n2);
118 :
119 3794942 : return /* burn_stack */ burn + 6*sizeof(void*) /* func call */;
120 : }
121 :
122 3212820 : unsigned int _gcry_gost_enc_data (GOST28147_context *c, const u32 *key,
123 : u32 *o1, u32 *o2, u32 n1, u32 n2, int cryptopro)
124 : {
125 3212820 : if (cryptopro)
126 1364800 : c->sbox = sbox_CryptoPro_3411;
127 : else
128 1848020 : c->sbox = sbox_test_3411;
129 3212820 : memcpy (c->key, key, 8*4);
130 3212820 : return _gost_encrypt_data (c, o1, o2, n1, n2) + 7 * sizeof(void *);
131 : }
132 :
133 : static unsigned int
134 675020 : gost_decrypt_block (void *c, byte *outbuf, const byte *inbuf)
135 : {
136 675020 : GOST28147_context *ctx = c;
137 : u32 n1, n2;
138 :
139 675020 : n1 = buf_get_le32 (inbuf);
140 675020 : n2 = buf_get_le32 (inbuf+4);
141 :
142 675020 : n2 ^= gost_val (ctx, n1, 0); n1 ^= gost_val (ctx, n2, 1);
143 675020 : n2 ^= gost_val (ctx, n1, 2); n1 ^= gost_val (ctx, n2, 3);
144 675020 : n2 ^= gost_val (ctx, n1, 4); n1 ^= gost_val (ctx, n2, 5);
145 675020 : n2 ^= gost_val (ctx, n1, 6); n1 ^= gost_val (ctx, n2, 7);
146 :
147 675020 : n2 ^= gost_val (ctx, n1, 7); n1 ^= gost_val (ctx, n2, 6);
148 675020 : n2 ^= gost_val (ctx, n1, 5); n1 ^= gost_val (ctx, n2, 4);
149 675020 : n2 ^= gost_val (ctx, n1, 3); n1 ^= gost_val (ctx, n2, 2);
150 675020 : n2 ^= gost_val (ctx, n1, 1); n1 ^= gost_val (ctx, n2, 0);
151 :
152 675020 : n2 ^= gost_val (ctx, n1, 7); n1 ^= gost_val (ctx, n2, 6);
153 675020 : n2 ^= gost_val (ctx, n1, 5); n1 ^= gost_val (ctx, n2, 4);
154 675020 : n2 ^= gost_val (ctx, n1, 3); n1 ^= gost_val (ctx, n2, 2);
155 675020 : n2 ^= gost_val (ctx, n1, 1); n1 ^= gost_val (ctx, n2, 0);
156 :
157 675020 : n2 ^= gost_val (ctx, n1, 7); n1 ^= gost_val (ctx, n2, 6);
158 675020 : n2 ^= gost_val (ctx, n1, 5); n1 ^= gost_val (ctx, n2, 4);
159 675020 : n2 ^= gost_val (ctx, n1, 3); n1 ^= gost_val (ctx, n2, 2);
160 675020 : n2 ^= gost_val (ctx, n1, 1); n1 ^= gost_val (ctx, n2, 0);
161 :
162 675020 : buf_put_le32 (outbuf+0, n2);
163 675020 : buf_put_le32 (outbuf+4, n1);
164 :
165 675020 : return /* burn_stack */ 4*sizeof(void*) /* func call */ +
166 : 3*sizeof(void*) /* stack */ +
167 : 4*sizeof(void*) /* gost_val call */;
168 : }
169 :
170 : static gpg_err_code_t
171 32 : gost_set_sbox (GOST28147_context *ctx, const char *oid)
172 : {
173 : int i;
174 :
175 144 : for (i = 0; gost_oid_map[i].oid; i++)
176 : {
177 144 : if (!strcmp(gost_oid_map[i].oid, oid))
178 : {
179 32 : ctx->sbox = gost_oid_map[i].sbox;
180 32 : return 0;
181 : }
182 : }
183 0 : return GPG_ERR_VALUE_NOT_FOUND;
184 : }
185 :
186 : static gpg_err_code_t
187 32 : gost_set_extra_info (void *c, int what, const void *buffer, size_t buflen)
188 : {
189 32 : GOST28147_context *ctx = c;
190 32 : gpg_err_code_t ec = 0;
191 :
192 : (void)buffer;
193 : (void)buflen;
194 :
195 32 : switch (what)
196 : {
197 : case GCRYCTL_SET_SBOX:
198 32 : ec = gost_set_sbox (ctx, buffer);
199 32 : break;
200 :
201 : default:
202 0 : ec = GPG_ERR_INV_OP;
203 0 : break;
204 : }
205 32 : return ec;
206 : }
207 :
208 : static gcry_cipher_oid_spec_t oids_gost28147[] =
209 : {
210 : /* { "1.2.643.2.2.31.0", GCRY_CIPHER_MODE_CNTGOST }, */
211 : { "1.2.643.2.2.31.1", GCRY_CIPHER_MODE_CFB },
212 : { "1.2.643.2.2.31.2", GCRY_CIPHER_MODE_CFB },
213 : { "1.2.643.2.2.31.3", GCRY_CIPHER_MODE_CFB },
214 : { "1.2.643.2.2.31.4", GCRY_CIPHER_MODE_CFB },
215 : { NULL }
216 : };
217 :
218 : gcry_cipher_spec_t _gcry_cipher_spec_gost28147 =
219 : {
220 : GCRY_CIPHER_GOST28147, {0, 0},
221 : "GOST28147", NULL, oids_gost28147, 8, 256,
222 : sizeof (GOST28147_context),
223 : gost_setkey,
224 : gost_encrypt_block,
225 : gost_decrypt_block,
226 : NULL, NULL, NULL, gost_set_extra_info,
227 : };
|
