From 9981a51e426b5b346848163ff89e8a63d0916097 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 23 Mar 2007 17:04:05 +0000 Subject: Stage 1 GOST ciphersuite support. Submitted by: ran@cryptocom.ru Reviewed by: steve@openssl.org --- engines/ccgost/gost_crypt.c | 35 +++++++++++++++-------------------- engines/ccgost/gost_eng.c | 11 ++++++++--- engines/ccgost/gost_lcl.h | 1 + 3 files changed, 24 insertions(+), 23 deletions(-) (limited to 'engines') diff --git a/engines/ccgost/gost_crypt.c b/engines/ccgost/gost_crypt.c index fca7b2d9d5..04b1e555c2 100644 --- a/engines/ccgost/gost_crypt.c +++ b/engines/ccgost/gost_crypt.c @@ -13,21 +13,19 @@ #include "gost_lcl.h" static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); +static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); #ifdef USE_SSL /* Specialized init functions which set specific parameters */ static int gost_cipher_init_vizir(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); -static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); #endif /* Handles block of data in CFB mode */ static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl); -#if 0 /* Handles block of data in CNT mode */ static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl); -#endif /* Cleanup function */ static int gost_cipher_cleanup(EVP_CIPHER_CTX *); /* set/get cipher parameters */ @@ -54,17 +52,16 @@ EVP_CIPHER cipher_gost = NULL, }; -#ifdef USE_SSL -static EVP_CIPHER cipher_gost_vizircfb = +EVP_CIPHER cipher_gost_cpacnt = { - NID_undef, + NID_gost89_cnt, 1,/*block_size*/ 32,/*key_size*/ 8,/*iv_len - синхропосылка*/ - EVP_CIPH_CFB_MODE| EVP_CIPH_NO_PADDING | + EVP_CIPH_OFB_MODE| EVP_CIPH_NO_PADDING | EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT, - gost_cipher_init_vizir, - gost_cipher_do_cfb, + gost_cipher_init_cpa, + gost_cipher_do_cnt, gost_cipher_cleanup, sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */ gost89_set_asn1_parameters, @@ -73,16 +70,17 @@ static EVP_CIPHER cipher_gost_vizircfb = NULL, }; -static EVP_CIPHER cipher_gost_cpacnt = +#ifdef USE_SSL +static EVP_CIPHER cipher_gost_vizircfb = { NID_undef, 1,/*block_size*/ 32,/*key_size*/ 8,/*iv_len - синхропосылка*/ - EVP_CIPH_OFB_MODE| EVP_CIPH_NO_PADDING | + EVP_CIPH_CFB_MODE| EVP_CIPH_NO_PADDING | EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT, - gost_cipher_init_cpa, - gost_cipher_do_cnt, + gost_cipher_init_vizir, + gost_cipher_do_cfb, gost_cipher_cleanup, sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */ gost89_set_asn1_parameters, @@ -90,6 +88,7 @@ static EVP_CIPHER cipher_gost_cpacnt = gost_cipher_ctl, NULL, }; + /* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */ /* Init functions which set specific parameters */ static int gost_imit_init_vizir(EVP_MD_CTX *ctx); @@ -227,8 +226,6 @@ static int gost_cipher_init_param(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } -#ifdef USE_SSL -/* Initializes EVP_CIPHER_CTX with fixed cryptopro A paramset */ static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { @@ -241,6 +238,8 @@ static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key, memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); return 1; } +#ifdef USE_SSL +/* Initializes EVP_CIPHER_CTX with fixed cryptopro A paramset */ /* Initializes EVP_CIPHER_CTX with fixed vizir paramset */ static int gost_cipher_init_vizir(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -278,7 +277,6 @@ static void gost_crypt_mesh (void *ctx,unsigned char *iv,unsigned char *buf) c->count+=8; } -#ifdef USE_SSL static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf) { struct ossl_gost_cipher_ctx *c = ctx; @@ -309,7 +307,6 @@ static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf) gostcrypt(&(c->cctx),buf1,buf); c->count +=8; } -#endif /* def USE_SSL */ /* GOST encryption in CFB mode */ int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, @@ -374,7 +371,6 @@ int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -#if USE_SSL static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { @@ -428,7 +424,6 @@ static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out, } return 1; } -#endif /* def USE_SSL */ /* Cleaning up of EVP_CIPHER_CTX */ int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx) diff --git a/engines/ccgost/gost_eng.c b/engines/ccgost/gost_eng.c index 0c47253e2a..1c5a493df6 100644 --- a/engines/ccgost/gost_eng.c +++ b/engines/ccgost/gost_eng.c @@ -31,7 +31,7 @@ static int gost_pkey_asn1_meths (ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth, const int **nids, int nid); static int gost_cipher_nids[] = - {NID_id_Gost28147_89, 0}; + {NID_id_Gost28147_89, NID_gost89_cnt,0}; static int gost_digest_nids[] = {NID_id_GostR3411_94, 0}; @@ -129,6 +129,7 @@ static int bind_gost (ENGINE *e,const char *id) || ! ENGINE_register_pkey_meths(e) /* These two actually should go in LIST_ADD command */ || ! EVP_add_cipher(&cipher_gost) + || ! EVP_add_cipher(&cipher_gost_cpacnt) || ! EVP_add_digest(&digest_gost) ) { @@ -175,14 +176,18 @@ static int gost_ciphers (ENGINE *e,const EVP_CIPHER **cipher, if (!cipher) { *nids = gost_cipher_nids; - return 1; /* Only one cipher supported */ + return 2; /* two ciphers are supported */ } if(nid == NID_id_Gost28147_89) { *cipher = &cipher_gost; } - else + else if (nid == NID_gost89_cnt) + { + *cipher = &cipher_gost_cpacnt; + } + else { ok = 0; *cipher = NULL; diff --git a/engines/ccgost/gost_lcl.h b/engines/ccgost/gost_lcl.h index b40b88463c..5904eeb834 100644 --- a/engines/ccgost/gost_lcl.h +++ b/engines/ccgost/gost_lcl.h @@ -135,6 +135,7 @@ extern struct gost_cipher_info gost_cipher_list[]; const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj); /* Implementation of GOST 28147-89 cipher in CFB and CNT modes */ extern EVP_CIPHER cipher_gost; +extern EVP_CIPHER cipher_gost_cpacnt; #ifdef USE_SSL #define EVP_MD_FLAG_NEEDS_KEY 0x20 #define EVP_MD_CTRL_GET_TLS_MAC_KEY_LENGTH (EVP_MD_CTRL_ALG_CTRL+1) -- cgit v1.2.3