]>
git.ipfire.org Git - thirdparty/openssl.git/blob - engines/ccgost/gost_keywrap.c
1 /**********************************************************************
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
6 * Implementation of CryptoPro key wrap algorithm, as defined in *
7 * RFC 4357 p 6.3 and 6.4 *
8 * Doesn't need OpenSSL *
9 **********************************************************************/
12 #include "gost_keywrap.h"
15 * Diversifies key using random UserKey Material
16 * Implements RFC 4357 p 6.5 key diversification algorithm
18 * inputKey - 32byte key to be diversified
19 * ukm - 8byte user key material
20 * outputKey - 32byte buffer to store diversified key
23 void keyDiversifyCryptoPro(gost_ctx
*ctx
,const unsigned char *inputKey
, const unsigned char *ukm
, unsigned char *outputKey
)
29 memcpy(outputKey
,inputKey
,32);
32 /* Make array of integers from key */
35 for (j
=0,mask
=1;j
<8;j
++,mask
<<=1)
37 k
=((u4
)outputKey
[4*j
])|(outputKey
[4*j
+1]<<8)|
38 (outputKey
[4*j
+2]<<16)|(outputKey
[4*j
+3]<<24);
48 S
[0]=(unsigned char)(s1
&0xff);
49 S
[1]=(unsigned char)((s1
>>8)&0xff);
50 S
[2]=(unsigned char)((s1
>>16)&0xff);
51 S
[3]=(unsigned char)((s1
>>24)&0xff);
52 S
[4]=(unsigned char)(s2
&0xff);
53 S
[5]=(unsigned char)((s2
>>8)&0xff);
54 S
[6]=(unsigned char)((s2
>>16)&0xff);
55 S
[7]=(unsigned char)((s2
>>24)&0xff);
56 gost_key(ctx
,outputKey
);
57 gost_enc_cfb(ctx
,S
,outputKey
,outputKey
,4);
63 * Wraps key using RFC 4357 6.3
64 * ctx - gost encryption context, initialized with some S-boxes
65 * keyExchangeKey (KEK) 32-byte (256-bit) shared key
66 * ukm - 8 byte (64 bit) user key material,
67 * sessionKey - 32-byte (256-bit) key to be wrapped
68 * wrappedKey - 44-byte buffer to store wrapped key
71 int keyWrapCryptoPro(gost_ctx
*ctx
,const unsigned char *keyExchangeKey
, const unsigned char *ukm
,
72 const unsigned char *sessionKey
, unsigned char *wrappedKey
)
74 unsigned char kek_ukm
[32];
75 keyDiversifyCryptoPro(ctx
,keyExchangeKey
,ukm
,kek_ukm
);
76 gost_key(ctx
,kek_ukm
);
77 memcpy(wrappedKey
,ukm
,8);
78 gost_enc(ctx
,sessionKey
,wrappedKey
+8,4);
79 gost_mac_iv(ctx
,32,ukm
,sessionKey
,32,wrappedKey
+40);
83 * Unwraps key using RFC 4357 6.4
84 * ctx - gost encryption context, initialized with some S-boxes
85 * keyExchangeKey 32-byte shared key
86 * wrappedKey 44 byte key to be unwrapped (concatenation of 8-byte UKM,
87 * 32 byte encrypted key and 4 byte MAC
89 * sessionKEy - 32byte buffer to store sessionKey in
90 * Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match
93 int keyUnwrapCryptoPro(gost_ctx
*ctx
,const unsigned char *keyExchangeKey
,
94 const unsigned char *wrappedKey
, unsigned char *sessionKey
)
96 unsigned char kek_ukm
[32],cek_mac
[4];
97 keyDiversifyCryptoPro(ctx
,keyExchangeKey
,wrappedKey
98 /* First 8 bytes of wrapped Key is ukm */
100 gost_key(ctx
,kek_ukm
);
101 gost_dec(ctx
,wrappedKey
+8,sessionKey
,4);
102 gost_mac_iv(ctx
,32,wrappedKey
,sessionKey
,32,cek_mac
);
103 if (memcmp(cek_mac
,wrappedKey
+40,4))