Browse Source

Добавил ГОСТ 2012

master
Vitaliy Filippov 2 months ago
parent
commit
e6962307dd
  1. 713
      decrypto-pro.c
  2. 66
      gosthash2012.h
  3. 352
      gosthash2012_const.h
  4. 1411
      gosthash2012_precalc.h
  5. 63
      gosthash2012_ref.h
  6. 204
      gosthash2012_sse2.h

713
decrypto-pro.c

@ -1,4 +1,6 @@
// https://habrahabr.ru/post/275039/
// https://github.com/kulikan/privkey
// MIT license
// Требуется либо OpenSSL 1.0.x (ГОСТ в составе), либо https://github.com/gost-engine/engine
// Сборка:
// 1) apt-get install libengine-gost-openssl1.1
@ -13,336 +15,463 @@
#include <openssl/err.h>
#include "gost_lcl.h"
#if OPENSSL_VERSION_NUMBER >= 0x10100000
#define fill_GOST2001_params fill_GOST_EC_params
#define gost2001_compute_public gost_ec_compute_public
#endif
#include "gosthash2012.h"
#define MAX_HEADER 20000
char header_buf[MAX_HEADER];
int header_len;
int find_public8_in_header_buf(char *pub)
{
int i;
char buf[10];
buf[0]=0x8a;
buf[1]=0x08;
memcpy(buf+2, pub, 8);
for(i=0;i<header_len-10;i++)
{
if (memcmp(header_buf+i, buf, 10)==0) return 0; //found public8 in header.key
}
return 1; //error
}
//remove the function if link failed
void inc_counter(unsigned char *counter, size_t counter_bytes)
{
unsigned char c;
unsigned int n = counter_bytes;
do {
--n;
c = counter[n];
++c;
counter[n] = c;
if (c)
return;
} while (n);
}
/* Convert little-endian byte array into bignum */
BIGNUM *reverse32bn(char *b, BN_CTX *ctx)
BIGNUM *reverse_bn(char *b, int len, BN_CTX *ctx)
{
BIGNUM *res;
char buf[32];
BUF_reverse(buf, b, 32);
res = BN_bin2bn(buf, 32, BN_CTX_get(ctx));
OPENSSL_cleanse(buf, sizeof(buf));
return res;
BIGNUM *res;
char buf[64];
BUF_reverse(buf, b, len);
res = BN_bin2bn(buf, len, BN_CTX_get(ctx));
OPENSSL_cleanse(buf, sizeof(buf));
return res;
}
void xor_material(char *buf36, char *buf5C, char *src)
void xor_material(char *buf36, char *buf5C, char *src, int len_material)
{
int i;
for(i = 0; i < 32; i++)
{
buf36[i] = src[i] ^ 0x36;
buf5C[i] = src[i] ^ 0x5C;
}
int i;
for(i = 0; i < len_material; i++)
{
buf36[i] = src[i] ^ 0x36;
buf5C[i] = src[i] ^ 0x5C;
}
}
int make_pwd_key64(char *result_key, char *start12, int start12_len, char *passw)
{
int result;
int i;
char pincode4[1024];
int pin_len;
char current[64];
char material36[64];
char material5C[64];
char hash_result[32];
gost2012_hash_ctx ctx;
memset(pincode4, 0, sizeof(pincode4));
pin_len = strlen(passw);
if (pin_len*4 > sizeof(pincode4)) { result = 1; goto err; }
for(i = 0; i < pin_len; i++)
pincode4[i*4] = passw[i];
init_gost2012_hash_ctx(&ctx, 256);
gost2012_hash_block(&ctx, start12, start12_len);
if (pin_len)
gost2012_hash_block(&ctx, pincode4, pin_len * 4);
gost2012_finish_hash(&ctx, hash_result);
memcpy(current, (char*)"DENEFH028.760246785.IUEFHWUIO.EF", 32);
memset(current+32, 0, 32);
for(i = 0; i < (pin_len?2000:2); i++)
{
xor_material(material36, material5C, current, 64);
init_gost2012_hash_ctx(&ctx, 256);
gost2012_hash_block(&ctx, material36, 64);
gost2012_hash_block(&ctx, hash_result, 32);
gost2012_hash_block(&ctx, material5C, 64);
gost2012_hash_block(&ctx, hash_result, 32);
gost2012_finish_hash(&ctx, current);
}
xor_material(material36, material5C, current, 64);
init_gost2012_hash_ctx(&ctx, 256);
gost2012_hash_block(&ctx, material36, 32);
gost2012_hash_block(&ctx, start12, start12_len);
gost2012_hash_block(&ctx, material5C, 32);
if (pin_len)
gost2012_hash_block(&ctx, pincode4, pin_len * 4);
gost2012_finish_hash(&ctx, current);
init_gost2012_hash_ctx(&ctx, 256);
gost2012_hash_block(&ctx, current, 32);
gost2012_finish_hash(&ctx, result_key);
result = 0; //ok
err:
return result;
}
int make_pwd_key(char *result_key, char *start12, int start12_len, char *passw)
{
int result;
int i;
char pincode4[1024];
int pin_len;
char current[32];
char material36[32];
char material5C[32];
char hash_result[32];
gost_hash_ctx ctx;
init_gost_hash_ctx(&ctx, &GostR3411_94_CryptoProParamSet);
memset(pincode4, 0, sizeof(pincode4));
pin_len = strlen(passw);
if (pin_len*4 > sizeof(pincode4)) { result = 1; goto err; }
for(i = 0; i < pin_len; i++)
pincode4[i*4] = passw[i];
start_hash(&ctx);
hash_block(&ctx, start12, start12_len);
if (pin_len)
hash_block(&ctx, pincode4, pin_len * 4);
finish_hash(&ctx, hash_result);
memcpy(current, (char*)"DENEFH028.760246785.IUEFHWUIO.EF", 32);
for(i = 0; i < (pin_len?2000:2); i++)
{
xor_material(material36, material5C, current);
start_hash(&ctx);
hash_block(&ctx, material36, 32);
hash_block(&ctx, hash_result, 32);
hash_block(&ctx, material5C, 32);
hash_block(&ctx, hash_result, 32);
finish_hash(&ctx, current);
}
xor_material(material36, material5C, current);
start_hash(&ctx);
hash_block(&ctx, material36, 32);
hash_block(&ctx, start12, start12_len);
hash_block(&ctx, material5C, 32);
if (pin_len)
hash_block(&ctx, pincode4, pin_len * 4);
finish_hash(&ctx, current);
start_hash(&ctx);
hash_block(&ctx, current, 32);
finish_hash(&ctx, result_key);
result = 0; //ok
int result;
int i;
char pincode4[1024];
int pin_len;
char current[32];
char material36[32];
char material5C[32];
char hash_result[32];
gost_hash_ctx ctx;
init_gost_hash_ctx(&ctx, &GostR3411_94_CryptoProParamSet);
memset(pincode4, 0, sizeof(pincode4));
pin_len = strlen(passw);
if (pin_len*4 > sizeof(pincode4)) { result = 1; goto err; }
for(i = 0; i < pin_len; i++)
pincode4[i*4] = passw[i];
start_hash(&ctx);
hash_block(&ctx, start12, start12_len);
if (pin_len)
hash_block(&ctx, pincode4, pin_len * 4);
finish_hash(&ctx, hash_result);
memcpy(current, (char*)"DENEFH028.760246785.IUEFHWUIO.EF", 32);
for(i = 0; i < (pin_len?2000:2); i++)
{
xor_material(material36, material5C, current, 32);
start_hash(&ctx);
hash_block(&ctx, material36, 32);
hash_block(&ctx, hash_result, 32);
hash_block(&ctx, material5C, 32);
hash_block(&ctx, hash_result, 32);
finish_hash(&ctx, current);
}
xor_material(material36, material5C, current, 32);
start_hash(&ctx);
hash_block(&ctx, material36, 32);
hash_block(&ctx, start12, start12_len);
hash_block(&ctx, material5C, 32);
if (pin_len)
hash_block(&ctx, pincode4, pin_len * 4);
finish_hash(&ctx, current);
start_hash(&ctx);
hash_block(&ctx, current, 32);
finish_hash(&ctx, result_key);
result = 0; //ok
err:
return result;
return result;
}
BIGNUM *decode_primary_key(char *pwd_key, char *primary_key, BN_CTX *bn_ctx)
extern gost_subst_block Gost28147_CryptoProParamSetA;
extern gost_subst_block Gost28147_TC26ParamSetZ;
BIGNUM *decode_primary_key(char *pwd_key, char *primary_key, BN_CTX *bn_ctx, int len_material, int flag_Z)
{
BIGNUM *res;
char buf[32];
gost_ctx ctx;
gost_init(&ctx, gost_cipher_list->sblock);
gost_key(&ctx, pwd_key);
gost_dec(&ctx, primary_key, buf, 4);
res = reverse32bn(buf, bn_ctx);
OPENSSL_cleanse(buf, sizeof(buf));
return res;
BIGNUM *res;
char buf[64];
gost_ctx ctx;
if (flag_Z==0)
gost_init(&ctx, &Gost28147_CryptoProParamSetA);
else
gost_init(&ctx, &Gost28147_TC26ParamSetZ);
gost_key(&ctx, pwd_key);
gost_dec(&ctx, primary_key, buf, len_material/8);
res = reverse_bn(buf, len_material, bn_ctx);
OPENSSL_cleanse(buf, sizeof(buf));
return res;
}
BIGNUM *remove_mask_and_check_public(char *oid_param_set8, BIGNUM *key_with_mask, BIGNUM *mask, char *public8, BN_CTX *ctx)
BIGNUM *remove_mask_and_check_public(unsigned char *oid_param_set8, BIGNUM *key_with_mask, BIGNUM *mask, char *public8, BN_CTX *ctx)
{
int result;
EC_KEY *eckey = NULL;
const EC_POINT *pubkey;
const EC_GROUP *group;
BIGNUM *X, *Y, *order, *raw_secret, *mask_inv;
char outbuf[32], public_X[32];
ASN1_OBJECT *obj;
int nid;
order = BN_CTX_get(ctx);
mask_inv = BN_CTX_get(ctx);
raw_secret = BN_CTX_get(ctx);
X = BN_CTX_get(ctx);
Y = BN_CTX_get(ctx);
if (!order || !mask_inv || !raw_secret || !X || !Y) { result = 1; goto err; }
obj = ASN1_OBJECT_create(0, oid_param_set8+1, *oid_param_set8, NULL, NULL);
nid = OBJ_obj2nid(obj);
ASN1_OBJECT_free(obj);
if (!(eckey = EC_KEY_new())) { result = 1; goto err; }
if (!fill_GOST2001_params(eckey, nid)) { result = 1; goto err; }
if (!(group = EC_KEY_get0_group(eckey))) { result = 1; goto err; }
if (!EC_GROUP_get_order(group, order, ctx)) { result = 1; goto err; }
if (!BN_mod_inverse(mask_inv, mask, order, ctx)) { result = 1; goto err; }
if (!BN_mod_mul(raw_secret, key_with_mask, mask_inv, order, ctx)) { result = 1; goto err; }
if (!EC_KEY_set_private_key(eckey, raw_secret)) { result = 1; goto err; }
if (!gost2001_compute_public(eckey)) { result = 1; goto err; }
if (!(pubkey = EC_KEY_get0_public_key(eckey))) { result = 1; goto err; }
if (!EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y, ctx)) { result = 1; goto err; }
store_bignum(X, outbuf, sizeof(outbuf));
BUF_reverse(public_X, outbuf, sizeof(outbuf));
if (memcmp(public_X, public8, 8) != 0) { result = 1; goto err; }
result = 0; //ok
int result;
EC_KEY *eckey = NULL;
const EC_POINT *pubkey;
const EC_GROUP *group;
BIGNUM *X, *Y, *order, *raw_secret, *mask_inv;
char outbuf[64], public_X[64];
ASN1_OBJECT *obj;
int nid;
order = BN_CTX_get(ctx);
mask_inv = BN_CTX_get(ctx);
raw_secret = BN_CTX_get(ctx);
X = BN_CTX_get(ctx);
Y = BN_CTX_get(ctx);
if (!order || !mask_inv || !raw_secret || !X || !Y) { result = 1; goto err; }
obj = ASN1_OBJECT_create(0, oid_param_set8+1, *oid_param_set8, NULL, NULL);
nid = OBJ_obj2nid(obj);
ASN1_OBJECT_free(obj);
if (!(eckey = EC_KEY_new())) { result = 1; goto err; }
if (!fill_GOST_EC_params(eckey, nid)) { result = 1; goto err; }
if (!(group = EC_KEY_get0_group(eckey))) { result = 1; goto err; }
if (!EC_GROUP_get_order(group, order, ctx)) { result = 1; goto err; }
if (!BN_is_word(EC_GROUP_get0_cofactor(group), 1)) BN_rshift(order, order, 2); //get q from m
if (!BN_mod_inverse(mask_inv, mask, order, ctx)) { result = 1; goto err; }
if (!BN_mod_mul(raw_secret, key_with_mask, mask_inv, order, ctx)) { result = 1; goto err; }
if (!EC_KEY_set_private_key(eckey, raw_secret)) { result = 1; goto err; }
if (!gost_ec_compute_public(eckey)) { result = 1; goto err; }
if (!(pubkey = EC_KEY_get0_public_key(eckey))) { result = 1; goto err; }
if (!EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y, ctx)) { result = 1; goto err; }
store_bignum(X, outbuf, sizeof(outbuf));
BUF_reverse(public_X, outbuf, sizeof(outbuf));
// if (memcmp(public_X, public8, 8) != 0) { result = 1; goto err; }
if (find_public8_in_header_buf(public_X)) { result = 1; goto err; }
result = 0; //ok
err:
if (eckey) EC_KEY_free(eckey);
if (result == 0) return raw_secret;
return NULL;
if (eckey) EC_KEY_free(eckey);
if (result == 0) return raw_secret;
return NULL;
}
int file_length(char *fname)
{
int len;
FILE *f = fopen(fname, "rb");
if (f == NULL) return -1;
fseek(f, 0, SEEK_END);
len = ftell(f);
fclose(f);
return len;
int len;
FILE *f = fopen(fname, "rb");
if (f == NULL) return -1;
fseek(f, 0, SEEK_END);
len = ftell(f);
fclose(f);
return len;
}
int read_file(char *fname, int start_pos, char *buf, int len)
{
int read_len;
FILE *f = fopen(fname, "rb");
if (f == NULL) return 1;
if (start_pos) fseek(f, start_pos, SEEK_SET);
read_len = fread(buf, 1, len, f);
fclose(f);
if (read_len != len) return 1;
return 0; //ok
int read_len;
FILE *f = fopen(fname, "rb");
if (f == NULL) return 1;
if (start_pos) fseek(f, start_pos, SEEK_SET);
read_len = fread(buf, 1, len, f);
fclose(f);
if (read_len != len) return 1;
return 0; //ok
}
int get_asn1_len(unsigned char *buf, int *size_hdr)
#define OID_LIST 14
static unsigned char oid_list[OID_LIST][35] = {
{0x30,0x21,6,8,0x2a,0x85,3,7,1,1,1,1,0x30,0x15,6,9,0x2a,0x85,3,7,1,2,1,1,1,6,8,0x2a,0x85,3,7,1,1,2,2},
{0x30,0x1c,6,6,0x2a,0x85,3,2,2,0x13,0x30,0x12,6,7,0x2a,0x85,3,2,2,0x23,1,6,7,0x2a,0x85,3,2,2,0x1e,1},
{0x30,0x1c,6,6,0x2a,0x85,3,2,2,0x13,0x30,0x12,6,7,0x2a,0x85,3,2,2,0x23,2,6,7,0x2a,0x85,3,2,2,0x1e,1},
{0x30,0x1c,6,6,0x2a,0x85,3,2,2,0x13,0x30,0x12,6,7,0x2a,0x85,3,2,2,0x23,3,6,7,0x2a,0x85,3,2,2,0x1e,1},
{0x30,0x1c,6,6,0x2a,0x85,3,2,2,0x13,0x30,0x12,6,7,0x2a,0x85,3,2,2,0x24,0,6,7,0x2a,0x85,3,2,2,0x1e,1},
{0x30,0x1c,6,6,0x2a,0x85,3,2,2,0x13,0x30,0x12,6,7,0x2a,0x85,3,2,2,0x24,1,6,7,0x2a,0x85,3,2,2,0x1e,1},
{0x30,0x1f,6,8,0x2a,0x85,3,7,1,1,1,1,0x30,0x13,6,7,0x2a,0x85,3,2,2,0x23,1,6,8,0x2a,0x85,3,7,1,1,2,2},
{0x30,0x1f,6,8,0x2a,0x85,3,7,1,1,1,1,0x30,0x13,6,7,0x2a,0x85,3,2,2,0x23,2,6,8,0x2a,0x85,3,7,1,1,2,2},
{0x30,0x1f,6,8,0x2a,0x85,3,7,1,1,1,1,0x30,0x13,6,7,0x2a,0x85,3,2,2,0x23,3,6,8,0x2a,0x85,3,7,1,1,2,2},
{0x30,0x1f,6,8,0x2a,0x85,3,7,1,1,1,1,0x30,0x13,6,7,0x2a,0x85,3,2,2,0x24,0,6,8,0x2a,0x85,3,7,1,1,2,2},
{0x30,0x1f,6,8,0x2a,0x85,3,7,1,1,1,1,0x30,0x13,6,7,0x2a,0x85,3,2,2,0x24,1,6,8,0x2a,0x85,3,7,1,1,2,2},
{0x30,0x21,6,8,0x2a,0x85,3,7,1,1,1,2,0x30,0x15,6,9,0x2a,0x85,3,7,1,2,1,2,1,6,8,0x2a,0x85,3,7,1,1,2,3},
{0x30,0x21,6,8,0x2a,0x85,3,7,1,1,1,2,0x30,0x15,6,9,0x2a,0x85,3,7,1,2,1,2,2,6,8,0x2a,0x85,3,7,1,1,2,3},
{0x30,0x21,6,8,0x2a,0x85,3,7,1,1,1,2,0x30,0x15,6,9,0x2a,0x85,3,7,1,2,1,2,3,6,8,0x2a,0x85,3,7,1,1,2,3}
};
static unsigned char oid_list_header[OID_LIST][35] = {
{0xa0,0x21,6,8,0x2a,0x85,3,7,1,1,6,1,0x30,0x15,6,9,0x2a,0x85,3,7,1,2,1,1,1,6,8,0x2a,0x85,3,7,1,1,2,2},
{0xa0,0x1c,6,6,0x2a,0x85,3,2,2,0x62,0x30,0x12,6,7,0x2a,0x85,3,2,2,0x23,1,6,7,0x2a,0x85,3,2,2,0x1e,1},
{0xa0,0x1c,6,6,0x2a,0x85,3,2,2,0x62,0x30,0x12,6,7,0x2a,0x85,3,2,2,0x23,2,6,7,0x2a,0x85,3,2,2,0x1e,1},
{0xa0,0x1c,6,6,0x2a,0x85,3,2,2,0x62,0x30,0x12,6,7,0x2a,0x85,3,2,2,0x23,3,6,7,0x2a,0x85,3,2,2,0x1e,1},
{0xa0,0x1c,6,6,0x2a,0x85,3,2,2,0x62,0x30,0x12,6,7,0x2a,0x85,3,2,2,0x24,0,6,7,0x2a,0x85,3,2,2,0x1e,1},
{0xa0,0x1c,6,6,0x2a,0x85,3,2,2,0x62,0x30,0x12,6,7,0x2a,0x85,3,2,2,0x24,1,6,7,0x2a,0x85,3,2,2,0x1e,1},
{0xa0,0x1f,6,8,0x2a,0x85,3,7,1,1,6,1,0x30,0x13,6,7,0x2a,0x85,3,2,2,0x23,1,6,8,0x2a,0x85,3,7,1,1,2,2},
{0xa0,0x1f,6,8,0x2a,0x85,3,7,1,1,6,1,0x30,0x13,6,7,0x2a,0x85,3,2,2,0x23,2,6,8,0x2a,0x85,3,7,1,1,2,2},
{0xa0,0x1f,6,8,0x2a,0x85,3,7,1,1,6,1,0x30,0x13,6,7,0x2a,0x85,3,2,2,0x23,3,6,8,0x2a,0x85,3,7,1,1,2,2},
{0xa0,0x1f,6,8,0x2a,0x85,3,7,1,1,6,1,0x30,0x13,6,7,0x2a,0x85,3,2,2,0x24,0,6,8,0x2a,0x85,3,7,1,1,2,2},
{0xa0,0x1f,6,8,0x2a,0x85,3,7,1,1,6,1,0x30,0x13,6,7,0x2a,0x85,3,2,2,0x24,1,6,8,0x2a,0x85,3,7,1,1,2,2},
{0xa0,0x21,6,8,0x2a,0x85,3,7,1,1,6,2,0x30,0x15,6,9,0x2a,0x85,3,7,1,2,1,2,1,6,8,0x2a,0x85,3,7,1,1,2,3},
{0xa0,0x21,6,8,0x2a,0x85,3,7,1,1,6,2,0x30,0x15,6,9,0x2a,0x85,3,7,1,2,1,2,2,6,8,0x2a,0x85,3,7,1,1,2,3},
{0xa0,0x21,6,8,0x2a,0x85,3,7,1,1,6,2,0x30,0x15,6,9,0x2a,0x85,3,7,1,2,1,2,3,6,8,0x2a,0x85,3,7,1,1,2,3}
};
static int flag_z_list[OID_LIST] = {1,0,0,0,0,0,1,1,1,1,1,1,1,1};
static int len_material_list[OID_LIST] = {32,32,32,32,32,32,32,32,32,32,32,64,64,64};
static int len_material_pwd_list[OID_LIST] = {64,32,32,32,32,32,64,64,64,64,64,64,64,64};
#define OID_LEN 1
int check_oid(unsigned char *str1, int str1_len, unsigned char *str2)
{
int n, i, res;
int pos = 0;
if ((buf[pos]&0x80) == 0) {
*size_hdr = 1;
return buf[pos];
}
n = buf[pos++]&0x7f;
res = 0;
for(i = 0; i < n; i++) {
res = res*256 + buf[pos++];
}
*size_hdr = n+1;
return res;
int i,j;
int str2_len = str2[OID_LEN]+2; //oid len
for(i=0;i<str1_len-str2_len;i++)
{
for(j=0;;j++)
{
if (j==str2_len) return 0; //ok
if (str1[i+j]!=str2[j]) break;
}
}
return 1; //not found
}
#define MAX_HEADER 20000
int read_container(char *fpath, int flag2, char *salt12, char *primary_key, char *masks_key, char *public8, char *oid_param_set8)
int read_container(char *fpath, int flag2, char *salt12, char *primary_key, char *masks_key, char *public8, int *param_set)
{
int result;
char primary_path[1024+30];
char masks_path[1024+30];
char header_path[1024+30];
char header_buf[MAX_HEADER];
int header_len;
int i, len, pos, size_hdr;
if (strlen(fpath)>1024) { result = 1; goto err; }
sprintf(header_path, "%s/header.key", fpath);
if (flag2 == 0)
{
sprintf(primary_path, "%s/primary.key", fpath);
sprintf(masks_path, "%s/masks.key", fpath);
}
else
{
sprintf(primary_path, "%s/primary2.key", fpath);
sprintf(masks_path, "%s/masks2.key", fpath);
}
if (read_file(primary_path, 4, primary_key, 32)) { result = 1; goto err; }
if (read_file(masks_path, 4, masks_key, 32)) { result = 1; goto err; }
if (read_file(masks_path, 0x26, salt12, 12)) { result = 1; goto err; }
header_len = file_length(header_path);
if (header_len < 0x42 || header_len > MAX_HEADER) { result = 1; goto err; }
if (read_file(header_path, 0, header_buf, header_len)) { result = 1; goto err; }
//------------- skip certificate ---------------------------
pos = 0;
for(i = 0; i < 2; i++)
{
get_asn1_len(header_buf+pos+1, &size_hdr);
pos += size_hdr+1;
if (pos > header_len-8) { result = 2; goto err; }
}
//------------------ get oid_param_set8 -----------------------
#define PARAM_SET_POS 34
if (memcmp(header_buf+pos+PARAM_SET_POS, "\x6\x7", 2) != 0) { result = 2; goto err; }
memcpy(oid_param_set8, header_buf+pos+PARAM_SET_POS+1, 8);
int result=0;
char primary_path[1024+30];
char masks_path[1024+30];
char header_path[1024+30];
int i, len, pos, size_hdr;
if (strlen(fpath)>1024) { result = 1; goto err; }
sprintf(header_path, "%s/header.key", fpath);
if (flag2 == 0)
{
sprintf(primary_path, "%s/primary.key", fpath);
sprintf(masks_path, "%s/masks.key", fpath);
}
else
{
sprintf(primary_path, "%s/primary2.key", fpath);
sprintf(masks_path, "%s/masks2.key", fpath);
}
header_len = file_length(header_path);
if (header_len < 0x42 || header_len > MAX_HEADER) { result = 1; goto err; }
if (read_file(header_path, 0, header_buf, header_len)) { result = 1; goto err; }
//------------- get param set ---------------------------
for(i=0;i<OID_LIST;i++) if (check_oid(header_buf, header_len, oid_list_header[i])==0) break;
if (i==OID_LIST) { result = 2; goto err; }; //not found
*param_set = i; //param set found
if (read_file(primary_path, 4, primary_key, len_material_list[i])) { result = 1; goto err; }
if (read_file(masks_path, 4, masks_key, len_material_list[i])) { result = 1; goto err; }
if (read_file(masks_path, 0x26+len_material_list[i]-32, salt12, 12)) { result = 1; goto err; }
//------------------ get public8 -----------------------
result = 2; //not found
pos += 52;
for(i = 0; i < 3; i++)
{
len = get_asn1_len(header_buf+pos+1, &size_hdr);
if (len == 8 && memcmp(header_buf+pos, "\x8a\x8", 2) == 0)
{
memcpy(public8,header_buf+pos+2,8);
result = 0; //ok
break;
}
pos += len+size_hdr+1;
if (pos > header_len-8) { result = 2; goto err; }
}
// pos = header_len - 51;
// if (memcmp(header_buf+pos, "\x8a\x8", 2) == 0)
// {
// memcpy(public8,header_buf+pos+2,8);
// result = 0; //ok
// }
// else
// result = 2; //not found
err:
OPENSSL_cleanse(header_buf, sizeof(header_buf));
return result;
// OPENSSL_cleanse(header_buf, sizeof(header_buf));
return result;
}
#define START_OID 0x12
#define START_KEY 0x28
unsigned char asn1_private_key[72] = {
0x30,0x46,2,1,0,0x30,0x1c,6,6,0x2a,0x85,3,2,2,0x13,0x30,0x12,6,7,0x11,
0x11,0x11,0x11,0x11,0x11,0x11,6,7,0x2a,0x85,3,2,2,0x1e,1,4,0x23,2,0x21,0
};
int main(int argc, char **argv)
{
int result;
char *container_path;
char *passw;
char salt12[12];
char primary_key[32];
char masks_key[32];
char public8[8];
char oid_param_set8[8];
BN_CTX *ctx;
BIGNUM *key_with_mask;
BIGNUM *mask;
BIGNUM *raw_key;
char pwd_key[32];
char outbuf[32];
ctx = BN_CTX_new();
if (argc == 2)
{
container_path = argv[1];
passw = "";
}
else
if (argc == 3)
{
container_path = argv[1];
passw = argv[2];
}
else
{
printf("get_private container_path [passw]\n");
result = 1;
goto err;
}
if (read_container(container_path, 0, salt12, primary_key, masks_key, public8, oid_param_set8) != 0 &&
read_container(container_path, 1, salt12, primary_key, masks_key, public8, oid_param_set8) != 0)
{
printf("can not read container from %s\n", container_path);
result = 2;
goto err;
}
make_pwd_key(pwd_key, salt12, 12, passw);
key_with_mask = decode_primary_key(pwd_key, primary_key, ctx);
OPENSSL_cleanse(pwd_key, sizeof(pwd_key));
mask = reverse32bn(masks_key, ctx);
raw_key = remove_mask_and_check_public(oid_param_set8, key_with_mask, mask, public8, ctx);
if (raw_key)
{
BIO *bio;
store_bignum(raw_key, outbuf, sizeof(outbuf));
memcpy(asn1_private_key+START_OID, oid_param_set8, 8);
memcpy(asn1_private_key+START_KEY, outbuf, 32);
//bio = BIO_new_file("private.key", "w");
bio = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
PEM_write_bio(bio, "PRIVATE KEY", "", asn1_private_key, sizeof(asn1_private_key));
BIO_free(bio);
OPENSSL_cleanse(outbuf, sizeof(outbuf));
OPENSSL_cleanse(asn1_private_key, sizeof(asn1_private_key));
result = 0; //ok
}
else
{
printf("Error check public key\n");
result = 3;
}
int result;
char *container_path;
char *passw;
char salt12[12];
char primary_key[64];
char masks_key[64];
char public8[8];
unsigned char *oid_publ_key;
BN_CTX *ctx;
BIGNUM *key_with_mask;
BIGNUM *mask;
BIGNUM *raw_key;
char pwd_key[32];
char outbuf[64];
int param_set;
int len_material;
char asn1_private_key[5+50+5+50];
int len_private_key;
ctx = BN_CTX_new();
if (argc == 2)
{
container_path = argv[1];
passw = "";
}
else
if (argc == 3)
{
container_path = argv[1];
passw = argv[2];
}
else
{
printf("%s <path to cryptopro key container> [passw]\n", argv[0]);
result = 1;
goto err;
}
if (read_container(container_path, 0, salt12, primary_key, masks_key, public8, &param_set) != 0 &&
read_container(container_path, 1, salt12, primary_key, masks_key, public8, &param_set) != 0)
{
printf("cannot read container from %s\n", container_path);
result = 2;
goto err;
}
len_material = len_material_list[param_set];
oid_publ_key = oid_list[param_set]+3;
oid_publ_key += oid_publ_key[0]+4;
if (len_material_pwd_list[param_set]==64)
make_pwd_key64(pwd_key, salt12, 12, passw);
else
make_pwd_key(pwd_key, salt12, 12, passw);
key_with_mask = decode_primary_key(pwd_key, primary_key, ctx, len_material, flag_z_list[param_set]);
OPENSSL_cleanse(pwd_key, sizeof(pwd_key));
mask = reverse_bn(masks_key, len_material, ctx);
raw_key = remove_mask_and_check_public(oid_publ_key, key_with_mask, mask, public8, ctx);
if (raw_key)
{
BIO *bio;
int flag_pad=0;
int len_oid;
store_bignum(raw_key, outbuf, len_material);
if (outbuf[0]&0x80) flag_pad=1;
len_private_key=0;
asn1_private_key[len_private_key++]=0x30;
asn1_private_key[len_private_key++]=0x46;
asn1_private_key[len_private_key++]=2;
asn1_private_key[len_private_key++]=1;
asn1_private_key[len_private_key++]=0;
len_oid=oid_list[param_set][OID_LEN]+2;
memcpy(asn1_private_key+len_private_key, oid_list[param_set], len_oid); len_private_key+=len_oid;
asn1_private_key[len_private_key++]=0x4;
asn1_private_key[len_private_key++]=len_material+flag_pad+2;
asn1_private_key[len_private_key++]=0x2;
asn1_private_key[len_private_key++]=len_material+flag_pad;
if (flag_pad) asn1_private_key[len_private_key++]=0;
memcpy(asn1_private_key+len_private_key, outbuf, len_material); len_private_key+=len_material;
asn1_private_key[1]=len_private_key-2;
//bio = BIO_new_file("private.key", "w");
bio = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
PEM_write_bio(bio, "PRIVATE KEY", "", asn1_private_key, len_private_key);
BIO_free(bio);
OPENSSL_cleanse(outbuf, sizeof(outbuf));
OPENSSL_cleanse(asn1_private_key, sizeof(asn1_private_key));
result = 0; //ok
}
else
{
printf("Error check public key\n");
result = 3;
}
err:
BN_CTX_free(ctx);
OPENSSL_cleanse(salt12, sizeof(salt12));
OPENSSL_cleanse(primary_key, sizeof(primary_key));
OPENSSL_cleanse(masks_key, sizeof(masks_key));
return result;
BN_CTX_free(ctx);
OPENSSL_cleanse(salt12, sizeof(salt12));
OPENSSL_cleanse(primary_key, sizeof(primary_key));
OPENSSL_cleanse(masks_key, sizeof(masks_key));
return result;
}

66
gosthash2012.h

@ -0,0 +1,66 @@
/*
* GOST R 34.11-2012 core functions definitions.
*
* Copyright (c) 2013 Cryptocom LTD.
* This file is distributed under the same license as OpenSSL.
*
* Author: Alexey Degtyarev <alexey@renatasystems.org>
*
*/
#include <string.h>
#ifdef OPENSSL_IA32_SSE2
# ifdef __MMX__
# ifdef __SSE2__
# define __GOST3411_HAS_SSE2__
# endif
# endif
#endif
#ifdef __GOST3411_HAS_SSE2__
# if (__GNUC__ < 4) || (__GNUC__ == 4 && __GNUC_MINOR__ < 2)
# undef __GOST3411_HAS_SSE2__
# endif
#endif
#ifndef L_ENDIAN
# define __GOST3411_BIG_ENDIAN__
#endif
#if defined __GOST3411_HAS_SSE2__
# include "gosthash2012_sse2.h"
#else
# include "gosthash2012_ref.h"
#endif
#ifdef _MSC_VER
# define ALIGN(x) __declspec(align(x))
#else
# define ALIGN(x) __attribute__ ((__aligned__(x)))
#endif
ALIGN(16)
typedef union uint512_u {
unsigned long long QWORD[8];
} uint512_u;
#include "gosthash2012_const.h"
#include "gosthash2012_precalc.h"
/* GOST R 34.11-2012 hash context */
ALIGN(16)
typedef struct gost2012_hash_ctx {
ALIGN(16) unsigned char buffer[64];
union uint512_u hash;
union uint512_u h;
union uint512_u N;
union uint512_u Sigma;
size_t bufsize;
unsigned int digest_size;
} gost2012_hash_ctx;
void init_gost2012_hash_ctx(gost2012_hash_ctx * CTX,
const unsigned int digest_size);
void gost2012_hash_block(gost2012_hash_ctx * CTX,
const unsigned char *data, size_t len);
void gost2012_finish_hash(gost2012_hash_ctx * CTX, unsigned char *digest);

352
gosthash2012_const.h

@ -0,0 +1,352 @@
/*
* GOST R 34.11-2012 constants.
*
* Copyright (c) 2013 Cryptocom LTD.
* This file is distributed under the same license as OpenSSL.
*
* Author: Alexey Degtyarev <alexey@renatasystems.org>
*
*/
ALIGN(16)
static const union uint512_u buffer0 = {
{0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL}
};
#ifndef __GOST3411_BIG_ENDIAN__
ALIGN(16)
static const union uint512_u buffer512 = {
{0x0000000000000200ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL,
0x0ULL}
};
#else
ALIGN(16)
static const union uint512_u buffer512 = {
{0x0002000000000000ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL, 0x0ULL,
0x0ULL}
};
#endif
#ifndef __GOST3411_BIG_ENDIAN__
ALIGN(16)
static const union uint512_u C[12] = {
{{
0xdd806559f2a64507ULL,
0x05767436cc744d23ULL,
0xa2422a08a460d315ULL,
0x4b7ce09192676901ULL,
0x714eb88d7585c4fcULL,
0x2f6a76432e45d016ULL,
0xebcb2f81c0657c1fULL,
0xb1085bda1ecadae9ULL}},
{{
0xe679047021b19bb7ULL,
0x55dda21bd7cbcd56ULL,
0x5cb561c2db0aa7caULL,
0x9ab5176b12d69958ULL,
0x61d55e0f16b50131ULL,
0xf3feea720a232b98ULL,
0x4fe39d460f70b5d7ULL,
0x6fa3b58aa99d2f1aULL}},
{{
0x991e96f50aba0ab2ULL,
0xc2b6f443867adb31ULL,
0xc1c93a376062db09ULL,
0xd3e20fe490359eb1ULL,
0xf2ea7514b1297b7bULL,
0x06f15e5f529c1f8bULL,
0x0a39fc286a3d8435ULL,
0xf574dcac2bce2fc7ULL}},
{{
0x220cbebc84e3d12eULL,
0x3453eaa193e837f1ULL,
0xd8b71333935203beULL,
0xa9d72c82ed03d675ULL,
0x9d721cad685e353fULL,
0x488e857e335c3c7dULL,
0xf948e1a05d71e4ddULL,
0xef1fdfb3e81566d2ULL}},
{{
0x601758fd7c6cfe57ULL,
0x7a56a27ea9ea63f5ULL,
0xdfff00b723271a16ULL,
0xbfcd1747253af5a3ULL,
0x359e35d7800fffbdULL,
0x7f151c1f1686104aULL,
0x9a3f410c6ca92363ULL,
0x4bea6bacad474799ULL}},
{{
0xfa68407a46647d6eULL,
0xbf71c57236904f35ULL,
0x0af21f66c2bec6b6ULL,
0xcffaa6b71c9ab7b4ULL,
0x187f9ab49af08ec6ULL,
0x2d66c4f95142a46cULL,
0x6fa4c33b7a3039c0ULL,
0xae4faeae1d3ad3d9ULL}},
{{
0x8886564d3a14d493ULL,
0x3517454ca23c4af3ULL,
0x06476983284a0504ULL,
0x0992abc52d822c37ULL,
0xd3473e33197a93c9ULL,
0x399ec6c7e6bf87c9ULL,
0x51ac86febf240954ULL,
0xf4c70e16eeaac5ecULL}},
{{
0xa47f0dd4bf02e71eULL,
0x36acc2355951a8d9ULL,
0x69d18d2bd1a5c42fULL,
0xf4892bcb929b0690ULL,
0x89b4443b4ddbc49aULL,
0x4eb7f8719c36de1eULL,
0x03e7aa020c6e4141ULL,
0x9b1f5b424d93c9a7ULL}},
{{
0x7261445183235adbULL,
0x0e38dc92cb1f2a60ULL,
0x7b2b8a9aa6079c54ULL,
0x800a440bdbb2ceb1ULL,
0x3cd955b7e00d0984ULL,
0x3a7d3a1b25894224ULL,
0x944c9ad8ec165fdeULL,
0x378f5a541631229bULL}},
{{
0x74b4c7fb98459cedULL,
0x3698fad1153bb6c3ULL,
0x7a1e6c303b7652f4ULL,
0x9fe76702af69334bULL,
0x1fffe18a1b336103ULL,
0x8941e71cff8a78dbULL,
0x382ae548b2e4f3f3ULL,
0xabbedea680056f52ULL}},
{{
0x6bcaa4cd81f32d1bULL,
0xdea2594ac06fd85dULL,
0xefbacd1d7d476e98ULL,
0x8a1d71efea48b9caULL,
0x2001802114846679ULL,
0xd8fa6bbbebab0761ULL,
0x3002c6cd635afe94ULL,
0x7bcd9ed0efc889fbULL}},
{{
0x48bc924af11bd720ULL,
0xfaf417d5d9b21b99ULL,
0xe71da4aa88e12852ULL,
0x5d80ef9d1891cc86ULL,
0xf82012d430219f9bULL,
0xcda43c32bcdf1d77ULL,
0xd21380b00449b17aULL,
0x378ee767f11631baULL}}
};
#else
ALIGN(16)
static const union uint512_u C[12] = {
{{
0x0745a6f2596580ddULL,
0x234d74cc36747605ULL,
0x15d360a4082a42a2ULL,
0x0169679291e07c4bULL,
0xfcc485758db84e71ULL,
0x16d0452e43766a2fULL,
0x1f7c65c0812fcbebULL,
0xe9daca1eda5b08b1ULL}},
{{
0xb79bb121700479e6ULL,
0x56cdcbd71ba2dd55ULL,
0xcaa70adbc261b55cULL,
0x5899d6126b17b59aULL,
0x3101b5160f5ed561ULL,
0x982b230a72eafef3ULL,
0xd7b5700f469de34fULL,
0x1a2f9da98ab5a36fULL}},
{{
0xb20aba0af5961e99ULL,
0x31db7a8643f4b6c2ULL,
0x09db6260373ac9c1ULL,
0xb19e3590e40fe2d3ULL,
0x7b7b29b11475eaf2ULL,
0x8b1f9c525f5ef106ULL,
0x35843d6a28fc390aULL,
0xc72fce2bacdc74f5ULL}},
{{
0x2ed1e384bcbe0c22ULL,
0xf137e893a1ea5334ULL,
0xbe0352933313b7d8ULL,
0x75d603ed822cd7a9ULL,
0x3f355e68ad1c729dULL,
0x7d3c5c337e858e48ULL,
0xdde4715da0e148f9ULL,
0xd26615e8b3df1fefULL}},
{{
0x57fe6c7cfd581760ULL,
0xf563eaa97ea2567aULL,
0x161a2723b700ffdfULL,
0xa3f53a254717cdbfULL,
0xbdff0f80d7359e35ULL,
0x4a1086161f1c157fULL,
0x6323a96c0c413f9aULL,
0x994747adac6bea4bULL}},
{{
0x6e7d64467a4068faULL,
0x354f903672c571bfULL,
0xb6c6bec2661ff20aULL,
0xb4b79a1cb7a6facfULL,
0xc68ef09ab49a7f18ULL,
0x6ca44251f9c4662dULL,
0xc039307a3bc3a46fULL,
0xd9d33a1daeae4faeULL}},
{{
0x93d4143a4d568688ULL,
0xf34a3ca24c451735ULL,
0x04054a2883694706ULL,
0x372c822dc5ab9209ULL,
0xc9937a19333e47d3ULL,
0xc987bfe6c7c69e39ULL,
0x540924bffe86ac51ULL,
0xecc5aaee160ec7f4ULL}},
{{
0x1ee702bfd40d7fa4ULL,
0xd9a8515935c2ac36ULL,
0x2fc4a5d12b8dd169ULL,
0x90069b92cb2b89f4ULL,
0x9ac4db4d3b44b489ULL,
0x1ede369c71f8b74eULL,
0x41416e0c02aae703ULL,
0xa7c9934d425b1f9bULL}},
{{
0xdb5a238351446172ULL,
0x602a1fcb92dc380eULL,
0x549c07a69a8a2b7bULL,
0xb1ceb2db0b440a80ULL,
0x84090de0b755d93cULL,
0x244289251b3a7d3aULL,
0xde5f16ecd89a4c94ULL,
0x9b223116545a8f37ULL}},
{{
0xed9c4598fbc7b474ULL,
0xc3b63b15d1fa9836ULL,
0xf452763b306c1e7aULL,
0x4b3369af0267e79fULL,
0x0361331b8ae1ff1fULL,
0xdb788aff1ce74189ULL,
0xf3f3e4b248e52a38ULL,
0x526f0580a6debeabULL}},
{{
0x1b2df381cda4ca6bULL,
0x5dd86fc04a59a2deULL,
0x986e477d1dcdbaefULL,
0xcab948eaef711d8aULL,
0x7966841421800120ULL,
0x6107abebbb6bfad8ULL,
0x94fe5a63cdc60230ULL,
0xfb89c8efd09ecd7bULL}},
{{
0x20d71bf14a92bc48ULL,
0x991bb2d9d517f4faULL,
0x5228e188aaa41de7ULL,
0x86cc91189def805dULL,
0x9b9f2130d41220f8ULL,
0x771ddfbc323ca4cdULL,
0x7ab14904b08013d2ULL,
0xba3116f167e78e37ULL}}
};
#endif
#ifndef __GOST3411_BIG_ENDIAN__
static const unsigned long long A[64] = {
0x8e20faa72ba0b470ULL, 0x47107ddd9b505a38ULL, 0xad08b0e0c3282d1cULL,
0xd8045870ef14980eULL, 0x6c022c38f90a4c07ULL, 0x3601161cf205268dULL,
0x1b8e0b0e798c13c8ULL, 0x83478b07b2468764ULL, 0xa011d380818e8f40ULL,
0x5086e740ce47c920ULL, 0x2843fd2067adea10ULL, 0x14aff010bdd87508ULL,
0x0ad97808d06cb404ULL, 0x05e23c0468365a02ULL, 0x8c711e02341b2d01ULL,
0x46b60f011a83988eULL, 0x90dab52a387ae76fULL, 0x486dd4151c3dfdb9ULL,
0x24b86a840e90f0d2ULL, 0x125c354207487869ULL, 0x092e94218d243cbaULL,
0x8a174a9ec8121e5dULL, 0x4585254f64090fa0ULL, 0xaccc9ca9328a8950ULL,
0x9d4df05d5f661451ULL, 0xc0a878a0a1330aa6ULL, 0x60543c50de970553ULL,
0x302a1e286fc58ca7ULL, 0x18150f14b9ec46ddULL, 0x0c84890ad27623e0ULL,
0x0642ca05693b9f70ULL, 0x0321658cba93c138ULL, 0x86275df09ce8aaa8ULL,
0x439da0784e745554ULL, 0xafc0503c273aa42aULL, 0xd960281e9d1d5215ULL,
0xe230140fc0802984ULL, 0x71180a8960409a42ULL, 0xb60c05ca30204d21ULL,
0x5b068c651810a89eULL, 0x456c34887a3805b9ULL, 0xac361a443d1c8cd2ULL,
0x561b0d22900e4669ULL, 0x2b838811480723baULL, 0x9bcf4486248d9f5dULL,
0xc3e9224312c8c1a0ULL, 0xeffa11af0964ee50ULL, 0xf97d86d98a327728ULL,
0xe4fa2054a80b329cULL, 0x727d102a548b194eULL, 0x39b008152acb8227ULL,
0x9258048415eb419dULL, 0x492c024284fbaec0ULL, 0xaa16012142f35760ULL,
0x550b8e9e21f7a530ULL, 0xa48b474f9ef5dc18ULL, 0x70a6a56e2440598eULL,
0x3853dc371220a247ULL, 0x1ca76e95091051adULL, 0x0edd37c48a08a6d8ULL,
0x07e095624504536cULL, 0x8d70c431ac02a736ULL, 0xc83862965601dd1bULL,
0x641c314b2b8ee083ULL
};
#else
static const unsigned long long A[64] = {
0x70b4a02ba7fa208eULL, 0x385a509bdd7d1047ULL, 0x1c2d28c3e0b008adULL,
0x0e9814ef705804d8ULL, 0x074c0af9382c026cULL, 0x8d2605f21c160136ULL,
0xc8138c790e0b8e1bULL, 0x648746b2078b4783ULL, 0x408f8e8180d311a0ULL,
0x20c947ce40e78650ULL, 0x10eaad6720fd4328ULL, 0x0875d8bd10f0af14ULL,
0x04b46cd00878d90aULL, 0x025a3668043ce205ULL, 0x012d1b34021e718cULL,
0x8e98831a010fb646ULL, 0x6fe77a382ab5da90ULL, 0xb9fd3d1c15d46d48ULL,
0xd2f0900e846ab824ULL, 0x6978480742355c12ULL, 0xba3c248d21942e09ULL,
0x5d1e12c89e4a178aULL, 0xa00f09644f258545ULL, 0x50898a32a99cccacULL,
0x5114665f5df04d9dULL, 0xa60a33a1a078a8c0ULL, 0x530597de503c5460ULL,
0xa78cc56f281e2a30ULL, 0xdd46ecb9140f1518ULL, 0xe02376d20a89840cULL,
0x709f3b6905ca4206ULL, 0x38c193ba8c652103ULL, 0xa8aae89cf05d2786ULL,
0x5455744e78a09d43ULL, 0x2aa43a273c50c0afULL, 0x15521d9d1e2860d9ULL,
0x842980c00f1430e2ULL, 0x429a4060890a1871ULL, 0x214d2030ca050cb6ULL,
0x9ea81018658c065bULL, 0xb905387a88346c45ULL, 0xd28c1c3d441a36acULL,
0x69460e90220d1b56ULL, 0xba2307481188832bULL, 0x5d9f8d248644cf9bULL,
0xa0c1c8124322e9c3ULL, 0x50ee6409af11faefULL, 0x2877328ad9867df9ULL,
0x9c320ba85420fae4ULL, 0x4e198b542a107d72ULL, 0x2782cb2a1508b039ULL,
0x9d41eb1584045892ULL, 0xc0aefb8442022c49ULL, 0x6057f342210116aaULL,
0x30a5f7219e8e0b55ULL, 0x18dcf59e4f478ba4ULL, 0x8e5940246ea5a670ULL,
0x47a2201237dc5338ULL, 0xad511009956ea71cULL, 0xd8a6088ac437dd0eULL,
0x6c5304456295e007ULL, 0x36a702ac31c4708dULL, 0x1bdd0156966238c8ULL,
0x83e08e2b4b311c64ULL
};
#endif
static const unsigned char Tau[64] = {
0, 8, 16, 24, 32, 40, 48, 56,
1, 9, 17, 25, 33, 41, 49, 57,
2, 10, 18, 26, 34, 42, 50, 58,
3, 11, 19, 27, 35, 43, 51, 59,
4, 12, 20, 28, 36, 44, 52, 60,
5, 13, 21, 29, 37, 45, 53, 61,
6, 14, 22, 30, 38, 46, 54, 62,
7, 15, 23, 31, 39, 47, 55, 63
};
static const unsigned char Pi[256] = {
252, 238, 221, 17, 207, 110, 49, 22,
251, 196, 250, 218, 35, 197, 4, 77,
233, 119, 240, 219, 147, 46, 153, 186,
23, 54, 241, 187, 20, 205, 95, 193,
249, 24, 101, 90, 226, 92, 239, 33,
129, 28, 60, 66, 139, 1, 142, 79,
5, 132, 2, 174, 227, 106, 143, 160,
6, 11, 237, 152, 127, 212, 211, 31,
235, 52, 44, 81, 234, 200, 72, 171,
242, 42, 104, 162, 253, 58, 206, 204,
181, 112, 14, 86, 8, 12, 118, 18,
191, 114, 19, 71, 156, 183, 93, 135,
21, 161, 150, 41, 16, 123, 154, 199,
243, 145, 120, 111, 157, 158, 178, 177,
50, 117, 25, 61, 255, 53, 138, 126,
109, 84, 198, 128, 195, 189, 13, 87,
223, 245, 36, 169, 62, 168, 67, 201,
215, 121, 214, 246, 124, 34, 185, 3,
224, 15, 236, 222, 122, 148, 176, 188,
220, 232, 40, 80, 78, 51, 10, 74,
167, 151, 96, 115, 30, 0, 98, 68,
26, 184, 56, 130, 100, 159, 38, 65,
173, 69, 70, 146, 39, 94, 85, 47,
140, 163, 165, 125, 105, 213, 149, 59,
7, 88, 179, 64, 134, 172, 29, 247,
48, 55, 107, 228, 136, 217, 231, 137,
225, 27, 131, 73, 76, 63, 248, 254,
141, 83, 170, 144, 202, 216, 133, 97,
32, 113, 103, 164, 45, 43, 9, 91,
203, 155, 37, 208, 190, 229, 108, 82,
89, 166, 116, 210, 230, 244, 180, 192,
209, 102, 175, 194, 57, 75, 99, 182
};

1411
gosthash2012_precalc.h

File diff suppressed because it is too large

63
gosthash2012_ref.h

@ -0,0 +1,63 @@
/*
* Portable implementation of core functions for GOST R 34.11-2012.
*
* Copyright (c) 2013 Cryptocom LTD.
* This file is distributed under the same license as OpenSSL.
*
* Author: Alexey Degtyarev <alexey@renatasystems.org>
*
*/
#ifdef __GOST3411_HAS_SSE2__
# error "GOST R 34.11-2012: portable implementation disabled in config.h"
#endif
#define X(x, y, z) { \
z->QWORD[0] = x->QWORD[0] ^ y->QWORD[0]; \
z->QWORD[1] = x->QWORD[1] ^ y->QWORD[1]; \
z->QWORD[2] = x->QWORD[2] ^ y->QWORD[2]; \
z->QWORD[3] = x->QWORD[3] ^ y->QWORD[3]; \
z->QWORD[4] = x->QWORD[4] ^ y->QWORD[4]; \
z->QWORD[5] = x->QWORD[5] ^ y->QWORD[5]; \
z->QWORD[6] = x->QWORD[6] ^ y->QWORD[6]; \
z->QWORD[7] = x->QWORD[7] ^ y->QWORD[7]; \
}
#ifndef __GOST3411_BIG_ENDIAN__
# define __XLPS_FOR for (_i = 0; _i <= 7; _i++)
# define _datai _i
#else
# define __XLPS_FOR for (_i = 7; _i >= 0; _i--)
# define _datai 7 - _i
#endif
#define XLPS(x, y, data) { \
register unsigned long long r0, r1, r2, r3, r4, r5, r6, r7; \
int _i; \
\
r0 = x->QWORD[0] ^ y->QWORD[0]; \
r1 = x->QWORD[1] ^ y->QWORD[1]; \
r2 = x->QWORD[2] ^ y->QWORD[2]; \
r3 = x->QWORD[3] ^ y->QWORD[3]; \
r4 = x->QWORD[4] ^ y->QWORD[4]; \
r5 = x->QWORD[5] ^ y->QWORD[5]; \
r6 = x->QWORD[6] ^ y->QWORD[6]; \
r7 = x->QWORD[7] ^ y->QWORD[7]; \
\
\
__XLPS_FOR {\
data->QWORD[_datai] = Ax[0][(r0 >> (_i << 3)) & 0xFF]; \
data->QWORD[_datai] ^= Ax[1][(r1 >> (_i << 3)) & 0xFF]; \
data->QWORD[_datai] ^= Ax[2][(r2 >> (_i << 3)) & 0xFF]; \
data->QWORD[_datai] ^= Ax[3][(r3 >> (_i << 3)) & 0xFF]; \
data->QWORD[_datai] ^= Ax[4][(r4 >> (_i << 3)) & 0xFF]; \
data->QWORD[_datai] ^= Ax[5][(r5 >> (_i << 3)) & 0xFF]; \
data->QWORD[_datai] ^= Ax[6][(r6 >> (_i << 3)) & 0xFF]; \
data->QWORD[_datai] ^= Ax[7][(r7 >> (_i << 3)) & 0xFF]; \
}\
}
#define ROUND(i, Ki, data) { \
XLPS(Ki, (&C[i]), Ki); \
XLPS(Ki, data, data); \
}

204
gosthash2012_sse2.h

@ -0,0 +1,204 @@
/*
* Implementation of core functions for GOST R 34.11-2012 using SSE2.
*
* Copyright (c) 2013 Cryptocom LTD.
* This file is distributed under the same license as OpenSSL.
*
* Author: Alexey Degtyarev <alexey@renatasystems.org>
*
*/
#ifndef __GOST3411_HAS_SSE2__
# error "GOST R 34.11-2012: SSE2 not enabled"
#endif
#include <mmintrin.h>
#include <emmintrin.h>
#define LO(v) ((unsigned char) (v))
#define HI(v) ((unsigned char) (((unsigned int) (v)) >> 8))
#ifdef __i386__
# define EXTRACT EXTRACT32
#else
# define EXTRACT EXTRACT64
#endif
#ifndef __ICC
# define _mm_cvtsi64_m64(v) (__m64) v
# define _mm_cvtm64_si64(v) (long long) v
#endif
#define LOAD(P, xmm0, xmm1, xmm2, xmm3) { \
const __m128i *__m128p = (const __m128i *) &P[0]; \
xmm0 = _mm_load_si128(&__m128p[0]); \
xmm1 = _mm_load_si128(&__m128p[1]); \
xmm2 = _mm_load_si128(&__m128p[2]); \
xmm3 = _mm_load_si128(&__m128p[3]); \
}
#define UNLOAD(P, xmm0, xmm1, xmm2, xmm3) { \
__m128i *__m128p = (__m128i *) &P[0]; \
_mm_store_si128(&__m128p[0], xmm0); \
_mm_store_si128(&__m128p[1], xmm1); \
_mm_store_si128(&__m128p[2], xmm2); \
_mm_store_si128(&__m128p[3], xmm3); \
}
#define X128R(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7) { \
xmm0 = _mm_xor_si128(xmm0, xmm4); \
xmm1 = _mm_xor_si128(xmm1, xmm5); \
xmm2 = _mm_xor_si128(xmm2, xmm6); \
xmm3 = _mm_xor_si128(xmm3, xmm7); \
}
#define X128M(P, xmm0, xmm1, xmm2, xmm3) { \
const __m128i *__m128p = (const __m128i *) &P[0]; \
xmm0 = _mm_xor_si128(xmm0, _mm_load_si128(&__m128p[0])); \
xmm1 = _mm_xor_si128(xmm1, _mm_load_si128(&__m128p[1])); \
xmm2 = _mm_xor_si128(xmm2, _mm_load_si128(&__m128p[2])); \
xmm3 = _mm_xor_si128(xmm3, _mm_load_si128(&__m128p[3])); \
}
#define _mm_xor_64(mm0, mm1) _mm_xor_si64(mm0, _mm_cvtsi64_m64(mm1))
#define EXTRACT32(row, xmm0, xmm1, xmm2, xmm3, xmm4) { \
register unsigned short ax; \
__m64 mm0, mm1; \
\
ax = (unsigned short) _mm_extract_epi16(xmm0, row + 0); \
mm0 = _mm_cvtsi64_m64(Ax[0][LO(ax)]); \
mm1 = _mm_cvtsi64_m64(Ax[0][HI(ax)]); \
\
ax = (unsigned short) _mm_extract_epi16(xmm0, row + 4); \
mm0 = _mm_xor_64(mm0, Ax[1][LO(ax)]); \
mm1 = _mm_xor_64(mm1, Ax[1][HI(ax)]); \
\
ax = (unsigned short) _mm_extract_epi16(xmm1, row + 0); \
mm0 = _mm_xor_64(mm0, Ax[2][LO(ax)]); \
mm1 = _mm_xor_64(mm1, Ax[2][HI(ax)]); \
\
ax = (unsigned short) _mm_extract_epi16(xmm1, row + 4); \
mm0 = _mm_xor_64(mm0, Ax[3][LO(ax)]); \
mm1 = _mm_xor_64(mm1, Ax[3][HI(ax)]); \
\
ax = (unsigned short) _mm_extract_epi16(xmm2, row + 0); \
mm0 = _mm_xor_64(mm0, Ax[4][LO(ax)]); \
mm1 = _mm_xor_64(mm1, Ax[4][HI(ax)]); \
\
ax = (unsigned short) _mm_extract_epi16(xmm2, row + 4); \
mm0 = _mm_xor_64(mm0, Ax[5][LO(ax)]); \
mm1 = _mm_xor_64(mm1, Ax[5][HI(ax)]); \
\
ax = (unsigned short) _mm_extract_epi16(xmm3, row + 0); \
mm0 = _mm_xor_64(mm0, Ax[6][LO(ax)]); \
mm1 = _mm_xor_64(mm1, Ax[6][HI(ax)]); \
\
ax = (unsigned short) _mm_extract_epi16(xmm3, row + 4); \
mm0 = _mm_xor_64(mm0, Ax[7][LO(ax)]); \
mm1 = _mm_xor_64(mm1, Ax[7][HI(ax)]); \
\
xmm4 = _mm_set_epi64(mm1, mm0); \
}
#define __EXTRACT64(row, xmm0, xmm1, xmm2, xmm3, xmm4) { \
__m128i tmm4; \
register unsigned long long r0, r1; \
r0 = Ax[0][_mm_extract_epi8(xmm0, row + 0)]; \
r0 ^= Ax[1][_mm_extract_epi8(xmm0, row + 8)]; \
r0 ^= Ax[2][_mm_extract_epi8(xmm1, row + 0)]; \
r0 ^= Ax[3][_mm_extract_epi8(xmm1, row + 8)]; \
r0 ^= Ax[4][_mm_extract_epi8(xmm2, row + 0)]; \
r0 ^= Ax[5][_mm_extract_epi8(xmm2, row + 8)]; \
r0 ^= Ax[6][_mm_extract_epi8(xmm3, row + 0)]; \
r0 ^= Ax[7][_mm_extract_epi8(xmm3, row + 8)]; \
\
r1 = Ax[0][_mm_extract_epi8(xmm0, row + 1)]; \
r1 ^= Ax[1][_mm_extract_epi8(xmm0, row + 9)]; \
r1 ^= Ax[2][_mm_extract_epi8(xmm1, row + 1)]; \
r1 ^= Ax[3][_mm_extract_epi8(xmm1, row + 9)]; \
r1 ^= Ax[4][_mm_extract_epi8(xmm2, row + 1)]; \
r1 ^= Ax[5][_mm_extract_epi8(xmm2, row + 9)]; \
r1 ^= Ax[6][_mm_extract_epi8(xmm3, row + 1)]; \
r1 ^= Ax[7][_mm_extract_epi8(xmm3, row + 9)]; \
xmm4 = _mm_cvtsi64_si128((long long) r0); \
tmm4 = _mm_cvtsi64_si128((long long) r1); \
xmm4 = _mm_unpacklo_epi64(xmm4, tmm4); \
}
#define EXTRACT64(row, xmm0, xmm1, xmm2, xmm3, xmm4) { \
__m128i tmm4; \
register unsigned short ax; \
register unsigned long long r0, r1; \
\
ax = (unsigned short) _mm_extract_epi16(xmm0, row + 0); \
r0 = Ax[0][LO(ax)]; \
r1 = Ax[0][HI(ax)]; \
\
ax = (unsigned short) _mm_extract_epi16(xmm0, row + 4); \
r0 ^= Ax[1][LO(ax)]; \
r1 ^= Ax[1][HI(ax)]; \
\
ax = (unsigned short) _mm_extract_epi16(xmm1, row + 0); \
r0 ^= Ax[2][LO(ax)]; \
r1 ^= Ax[2][HI(ax)]; \
\
ax = (unsigned short) _mm_extract_epi16(xmm1, row + 4); \
r0 ^= Ax[3][LO(ax)]; \
r1 ^= Ax[3][HI(ax)]; \
\
ax = (unsigned short) _mm_extract_epi16(xmm2, row + 0); \
r0 ^= Ax[4][LO(ax)]; \
r1 ^= Ax[4][HI(ax)]; \
\
ax = (unsigned short) _mm_extract_epi16(xmm2, row + 4); \
r0 ^= Ax[5][LO(ax)]; \
r1 ^= Ax[5][HI(ax)]; \
\
ax = (unsigned short) _mm_extract_epi16(xmm3, row + 0); \
r0 ^= Ax[6][LO(ax)]; \
r1 ^= Ax[6][HI(ax)]; \
\
ax = (unsigned short) _mm_extract_epi16(xmm3, row + 4); \
r0 ^= Ax[7][LO(ax)]; \
r1 ^= Ax[7][HI(ax)]; \
\
xmm4 = _mm_cvtsi64_si128((long long) r0); \
tmm4 = _mm_cvtsi64_si128((long long) r1); \
xmm4 = _mm_unpacklo_epi64(xmm4, tmm4); \
}
#define XLPS128M(P, xmm0, xmm1, xmm2, xmm3) { \
__m128i tmm0, tmm1, tmm2, tmm3; \
X128M(P, xmm0, xmm1, xmm2, xmm3); \
\
EXTRACT(0, xmm0, xmm1, xmm2, xmm3, tmm0); \
EXTRACT(1, xmm0, xmm1, xmm2, xmm3, tmm1); \
EXTRACT(2, xmm0, xmm1, xmm2, xmm3, tmm2); \
EXTRACT(3, xmm0, xmm1, xmm2, xmm3, tmm3); \
\
xmm0 = tmm0; \
xmm1 = tmm1; \
xmm2 = tmm2; \
xmm3 = tmm3; \
}
#define XLPS128R(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7) { \
__m128i tmm0, tmm1, tmm2, tmm3; \
X128R(xmm4, xmm5, xmm6, xmm7, xmm0, xmm1, xmm2, xmm3); \
\
EXTRACT(0, xmm4, xmm5, xmm6, xmm7, tmm0); \
EXTRACT(1, xmm4, xmm5, xmm6, xmm7, tmm1); \
EXTRACT(2, xmm4, xmm5, xmm6, xmm7, tmm2); \
EXTRACT(3, xmm4, xmm5, xmm6, xmm7, tmm3); \