| Index: openssl/engines/ccgost/gosthash.c
|
| ===================================================================
|
| --- openssl/engines/ccgost/gosthash.c (revision 0)
|
| +++ openssl/engines/ccgost/gosthash.c (revision 0)
|
| @@ -0,0 +1,255 @@
|
| +/**********************************************************************
|
| + * gosthash.c *
|
| + * Copyright (c) 2005-2006 Cryptocom LTD *
|
| + * This file is distributed under the same license as OpenSSL *
|
| + * *
|
| + * Implementation of GOST R 34.11-94 hash function *
|
| + * uses on gost89.c and gost89.h Doesn't need OpenSSL *
|
| + **********************************************************************/
|
| +#include <string.h>
|
| +
|
| +#include "gost89.h"
|
| +#include "gosthash.h"
|
| +
|
| +
|
| +/* Use OPENSSL_malloc for memory allocation if compiled with
|
| + * -DOPENSSL_BUILD, and libc malloc otherwise
|
| + */
|
| +#ifndef MYALLOC
|
| +# ifdef OPENSSL_BUILD
|
| +# include <openssl/crypto.h>
|
| +# define MYALLOC(size) OPENSSL_malloc(size)
|
| +# define MYFREE(ptr) OPENSSL_free(ptr)
|
| +# else
|
| +# define MYALLOC(size) malloc(size)
|
| +# define MYFREE(ptr) free(ptr)
|
| +# endif
|
| +#endif
|
| +/* Following functions are various bit meshing routines used in
|
| + * GOST R 34.11-94 algorithms */
|
| +static void swap_bytes (byte *w, byte *k)
|
| + {
|
| + int i,j;
|
| + for (i=0;i<4;i++)
|
| + for (j=0;j<8;j++)
|
| + k[i+4*j]=w[8*i+j];
|
| +
|
| + }
|
| +
|
| +/* was A_A */
|
| +static void circle_xor8 (const byte *w, byte *k)
|
| + {
|
| + byte buf[8];
|
| + int i;
|
| + memcpy(buf,w,8);
|
| + memcpy(k,w+8,24);
|
| + for(i=0;i<8;i++)
|
| + k[i+24]=buf[i]^k[i];
|
| + }
|
| +
|
| +/* was R_R */
|
| +static void transform_3 (byte *data)
|
| + {
|
| + unsigned short int acc;
|
| + acc=(data[0]^data[2]^data[4]^data[6]^data[24]^data[30])|
|
| + ((data[1]^data[3]^data[5]^data[7]^data[25]^data[31])<<8);
|
| + memmove(data,data+2,30);
|
| + data[30]=acc&0xff;
|
| + data[31]=acc>>8;
|
| + }
|
| +
|
| +/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/
|
| +static int add_blocks(int n,byte *left, const byte *right)
|
| + {
|
| + int i;
|
| + int carry=0;
|
| + int sum;
|
| + for (i=0;i<n;i++)
|
| + {
|
| + sum=(int)left[i]+(int)right[i]+carry;
|
| + left[i]=sum & 0xff;
|
| + carry=sum>>8;
|
| + }
|
| + return carry;
|
| + }
|
| +
|
| +/* Xor two sequences of bytes */
|
| +static void xor_blocks (byte *result,const byte *a,const byte *b,size_t len)
|
| + {
|
| + size_t i;
|
| + for (i=0;i<len;i++) result[i]=a[i]^b[i];
|
| + }
|
| +
|
| +/*
|
| + * Calculate H(i+1) = Hash(Hi,Mi)
|
| + * Where H and M are 32 bytes long
|
| + */
|
| +static int hash_step(gost_ctx *c,byte *H,const byte *M)
|
| + {
|
| + byte U[32],W[32],V[32],S[32],Key[32];
|
| + int i;
|
| + /* Compute first key */
|
| + xor_blocks(W,H,M,32);
|
| + swap_bytes(W,Key);
|
| + /* Encrypt first 8 bytes of H with first key*/
|
| + gost_enc_with_key(c,Key,H,S);
|
| + /* Compute second key*/
|
| + circle_xor8(H,U);
|
| + circle_xor8(M,V);
|
| + circle_xor8(V,V);
|
| + xor_blocks(W,U,V,32);
|
| + swap_bytes(W,Key);
|
| + /* encrypt second 8 bytes of H with second key*/
|
| + gost_enc_with_key(c,Key,H+8,S+8);
|
| + /* compute third key */
|
| + circle_xor8(U,U);
|
| + U[31]=~U[31]; U[29]=~U[29]; U[28]=~U[28]; U[24]=~U[24];
|
| + U[23]=~U[23]; U[20]=~U[20]; U[18]=~U[18]; U[17]=~U[17];
|
| + U[14]=~U[14]; U[12]=~U[12]; U[10]=~U[10]; U[ 8]=~U[ 8];
|
| + U[ 7]=~U[ 7]; U[ 5]=~U[ 5]; U[ 3]=~U[ 3]; U[ 1]=~U[ 1];
|
| + circle_xor8(V,V);
|
| + circle_xor8(V,V);
|
| + xor_blocks(W,U,V,32);
|
| + swap_bytes(W,Key);
|
| + /* encrypt third 8 bytes of H with third key*/
|
| + gost_enc_with_key(c,Key,H+16,S+16);
|
| + /* Compute fourth key */
|
| + circle_xor8(U,U);
|
| + circle_xor8(V,V);
|
| + circle_xor8(V,V);
|
| + xor_blocks(W,U,V,32);
|
| + swap_bytes(W,Key);
|
| + /* Encrypt last 8 bytes with fourth key */
|
| + gost_enc_with_key(c,Key,H+24,S+24);
|
| + for (i=0;i<12;i++)
|
| + transform_3(S);
|
| + xor_blocks(S,S,M,32);
|
| + transform_3(S);
|
| + xor_blocks(S,S,H,32);
|
| + for (i=0;i<61;i++)
|
| + transform_3(S);
|
| + memcpy(H,S,32);
|
| + return 1;
|
| + }
|
| +
|
| +/* Initialize gost_hash ctx - cleans up temporary structures and
|
| + * set up substitution blocks
|
| + */
|
| +int init_gost_hash_ctx(gost_hash_ctx *ctx, const gost_subst_block *subst_block)
|
| + {
|
| + memset(ctx,0,sizeof(gost_hash_ctx));
|
| + ctx->cipher_ctx = (gost_ctx *)MYALLOC(sizeof(gost_ctx));
|
| + if (!ctx->cipher_ctx)
|
| + {
|
| + return 0;
|
| + }
|
| + gost_init(ctx->cipher_ctx,subst_block);
|
| + return 1;
|
| + }
|
| +
|
| +/*
|
| + * Free cipher CTX if it is dynamically allocated. Do not use
|
| + * if cipher ctx is statically allocated as in OpenSSL implementation of
|
| + * GOST hash algroritm
|
| + *
|
| + */
|
| +void done_gost_hash_ctx(gost_hash_ctx *ctx)
|
| + {
|
| + /* No need to use gost_destroy, because cipher keys are not really
|
| + * secret when hashing */
|
| + MYFREE(ctx->cipher_ctx);
|
| + }
|
| +
|
| +/*
|
| + * reset state of hash context to begin hashing new message
|
| + */
|
| +int start_hash(gost_hash_ctx *ctx)
|
| + {
|
| + if (!ctx->cipher_ctx) return 0;
|
| + memset(&(ctx->H),0,32);
|
| + memset(&(ctx->S),0,32);
|
| + ctx->len = 0L;
|
| + ctx->left=0;
|
| + return 1;
|
| + }
|
| +
|
| +/*
|
| + * Hash block of arbitrary length
|
| + *
|
| + *
|
| + */
|
| +int hash_block(gost_hash_ctx *ctx,const byte *block, size_t length)
|
| + {
|
| + const byte *curptr=block;
|
| + const byte *barrier=block+(length-32);/* Last byte we can safely hash*/
|
| + if (ctx->left)
|
| + {
|
| + /*There are some bytes from previous step*/
|
| + unsigned int add_bytes = 32-ctx->left;
|
| + if (add_bytes>length)
|
| + {
|
| + add_bytes = length;
|
| + }
|
| + memcpy(&(ctx->remainder[ctx->left]),block,add_bytes);
|
| + ctx->left+=add_bytes;
|
| + if (ctx->left<32)
|
| + {
|
| + return 1;
|
| + }
|
| + curptr=block+add_bytes;
|
| + hash_step(ctx->cipher_ctx,ctx->H,ctx->remainder);
|
| + add_blocks(32,ctx->S,ctx->remainder);
|
| + ctx->len+=32;
|
| + ctx->left=0;
|
| + }
|
| + while (curptr<=barrier)
|
| + {
|
| + hash_step(ctx->cipher_ctx,ctx->H,curptr);
|
| +
|
| + add_blocks(32,ctx->S,curptr);
|
| + ctx->len+=32;
|
| + curptr+=32;
|
| + }
|
| + if (curptr!=block+length)
|
| + {
|
| + ctx->left=block+length-curptr;
|
| + memcpy(ctx->remainder,curptr,ctx->left);
|
| + }
|
| + return 1;
|
| + }
|
| +
|
| +/*
|
| + * Compute hash value from current state of ctx
|
| + * state of hash ctx becomes invalid and cannot be used for further
|
| + * hashing.
|
| + */
|
| +int finish_hash(gost_hash_ctx *ctx,byte *hashval)
|
| + {
|
| + byte buf[32];
|
| + byte H[32];
|
| + byte S[32];
|
| + ghosthash_len fin_len=ctx->len;
|
| + byte *bptr;
|
| + memcpy(H,ctx->H,32);
|
| + memcpy(S,ctx->S,32);
|
| + if (ctx->left)
|
| + {
|
| + memset(buf,0,32);
|
| + memcpy(buf,ctx->remainder,ctx->left);
|
| + hash_step(ctx->cipher_ctx,H,buf);
|
| + add_blocks(32,S,buf);
|
| + fin_len+=ctx->left;
|
| + }
|
| + memset(buf,0,32);
|
| + bptr=buf;
|
| + fin_len<<=3; /* Hash length in BITS!!*/
|
| + while(fin_len>0)
|
| + {
|
| + *(bptr++)=(byte)(fin_len&0xFF);
|
| + fin_len>>=8;
|
| + };
|
| + hash_step(ctx->cipher_ctx,H,buf);
|
| + hash_step(ctx->cipher_ctx,H,S);
|
| + memcpy(hashval,H,32);
|
| + return 1;
|
| + }
|
|
|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/