]> git.ipfire.org Git - thirdparty/openssl.git/blob - engines/ccgost/gost_keywrap.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
mark all block comments that need format preserving so that
[thirdparty/openssl.git] / engines / ccgost / gost_keywrap.c
1 /**********************************************************************
2 * keywrap.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Implementation of CryptoPro key wrap algorithm, as defined in *
7 * RFC 4357 p 6.3 and 6.4 *
8 * Doesn't need OpenSSL *
9 **********************************************************************/
10 #include <string.h>
11 #include "gost89.h"
12 #include "gost_keywrap.h"
13
14 /*-
15 * Diversifies key using random UserKey Material
16 * Implements RFC 4357 p 6.5 key diversification algorithm
17 *
18 * inputKey - 32byte key to be diversified
19 * ukm - 8byte user key material
20 * outputKey - 32byte buffer to store diversified key
21 *
22 */
23 void keyDiversifyCryptoPro(gost_ctx *ctx,const unsigned char *inputKey, const unsigned char *ukm, unsigned char *outputKey)
24 {
25
26 u4 k,s1,s2;
27 int i,j,mask;
28 unsigned char S[8];
29 memcpy(outputKey,inputKey,32);
30 for (i=0;i<8;i++)
31 {
32 /* Make array of integers from key */
33 /* Compute IV S*/
34 s1=0,s2=0;
35 for (j=0,mask=1;j<8;j++,mask<<=1)
36 {
37 k=((u4)outputKey[4*j])|(outputKey[4*j+1]<<8)|
38 (outputKey[4*j+2]<<16)|(outputKey[4*j+3]<<24);
39 if (mask & ukm[i])
40 {
41 s1+=k;
42 }
43 else
44 {
45 s2+=k;
46 }
47 }
48 S[0]=(unsigned char)(s1&0xff);
49 S[1]=(unsigned char)((s1>>8)&0xff);
50 S[2]=(unsigned char)((s1>>16)&0xff);
51 S[3]=(unsigned char)((s1>>24)&0xff);
52 S[4]=(unsigned char)(s2&0xff);
53 S[5]=(unsigned char)((s2>>8)&0xff);
54 S[6]=(unsigned char)((s2>>16)&0xff);
55 S[7]=(unsigned char)((s2>>24)&0xff);
56 gost_key(ctx,outputKey);
57 gost_enc_cfb(ctx,S,outputKey,outputKey,4);
58 }
59 }
60
61
62 /*-
63 * Wraps key using RFC 4357 6.3
64 * ctx - gost encryption context, initialized with some S-boxes
65 * keyExchangeKey (KEK) 32-byte (256-bit) shared key
66 * ukm - 8 byte (64 bit) user key material,
67 * sessionKey - 32-byte (256-bit) key to be wrapped
68 * wrappedKey - 44-byte buffer to store wrapped key
69 */
70
71 int keyWrapCryptoPro(gost_ctx *ctx,const unsigned char *keyExchangeKey, const unsigned char *ukm,
72 const unsigned char *sessionKey, unsigned char *wrappedKey)
73 {
74 unsigned char kek_ukm[32];
75 keyDiversifyCryptoPro(ctx,keyExchangeKey,ukm,kek_ukm);
76 gost_key(ctx,kek_ukm);
77 memcpy(wrappedKey,ukm,8);
78 gost_enc(ctx,sessionKey,wrappedKey+8,4);
79 gost_mac_iv(ctx,32,ukm,sessionKey,32,wrappedKey+40);
80 return 1;
81 }
82 /*-
83 * Unwraps key using RFC 4357 6.4
84 * ctx - gost encryption context, initialized with some S-boxes
85 * keyExchangeKey 32-byte shared key
86 * wrappedKey 44 byte key to be unwrapped (concatenation of 8-byte UKM,
87 * 32 byte encrypted key and 4 byte MAC
88 *
89 * sessionKEy - 32byte buffer to store sessionKey in
90 * Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match
91 */
92
93 int keyUnwrapCryptoPro(gost_ctx *ctx,const unsigned char *keyExchangeKey,
94 const unsigned char *wrappedKey, unsigned char *sessionKey)
95 {
96 unsigned char kek_ukm[32],cek_mac[4];
97 keyDiversifyCryptoPro(ctx,keyExchangeKey,wrappedKey
98 /* First 8 bytes of wrapped Key is ukm */
99 ,kek_ukm);
100 gost_key(ctx,kek_ukm);
101 gost_dec(ctx,wrappedKey+8,sessionKey,4);
102 gost_mac_iv(ctx,32,wrappedKey,sessionKey,32,cek_mac);
103 if (memcmp(cek_mac,wrappedKey+40,4))
104 {
105 return 0;
106 }
107 return 1;
108 }
109
110
A mirror of the official openssl repository