[PATCH 04/13] Add support for GOSTHASH94CP: GOST R 34.11-94 hash with CryptoPro S-box

Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- examples/nettle-benchmark.c | 1 + gost28147.c | 267 ++++++++++++++++++++++++++++++++++++++++++++ gost28147.h | 2 + gosthash94-meta.c | 3 + gosthash94.c | 82 +++++++++++--- gosthash94.h | 13 +++ hmac-gosthash94.c | 20 ++++ hmac.h | 17 +++ nettle-meta-hashes.c | 1 + nettle-meta.h | 1 + nettle.texinfo | 41 ++++++- testsuite/gosthash94-test.c | 12 ++ testsuite/hmac-test.c | 7 ++ testsuite/meta-hash-test.c | 1 + testsuite/pbkdf2-test.c | 22 ++++ 15 files changed, 472 insertions(+), 18 deletions(-)

diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c index c00486cc..f5508f19 100644 --- a/examples/nettle-benchmark.c +++ b/examples/nettle-benchmark.c @@ -734,6 +734,7 @@ main(int argc, char **argv) &nettle_sha3_224, &nettle_sha3_256, &nettle_sha3_384, &nettle_sha3_512, &nettle_ripemd160, &nettle_gosthash94, + &nettle_gosthash94cp, NULL };

diff --git a/gost28147.c b/gost28147.c index 5d019a90..ff1aca59 100644 --- a/gost28147.c +++ b/gost28147.c @@ -298,6 +298,273 @@ const struct gost28147_param gost28147_param_test_3411 = } };

+const struct gost28147_param gost28147_param_CryptoPro_3411 = +{ + 0, + { + /* 0 */ + 0x0002d000, 0x0002a000, 0x0002a800, 0x0002b000, + 0x0002c000, 0x00028800, 0x00029800, 0x0002b800, + 0x0002e800, 0x0002e000, 0x0002f000, 0x00028000, + 0x0002c800, 0x00029000, 0x0002d800, 0x0002f800, + 0x0007d000, 0x0007a000, 0x0007a800, 0x0007b000, + 0x0007c000, 0x00078800, 0x00079800, 0x0007b800, + 0x0007e800, 0x0007e000, 0x0007f000, 0x00078000, + 0x0007c800, 0x00079000, 0x0007d800, 0x0007f800, + 0x00025000, 0x00022000, 0x00022800, 0x00023000, + 0x00024000, 0x00020800, 0x00021800, 0x00023800, + 0x00026800, 0x00026000, 0x00027000, 0x00020000, + 0x00024800, 0x00021000, 0x00025800, 0x00027800, + 0x00005000, 0x00002000, 0x00002800, 0x00003000, + 0x00004000, 0x00000800, 0x00001800, 0x00003800, + 0x00006800, 0x00006000, 0x00007000, 0x00000000, + 0x00004800, 0x00001000, 0x00005800, 0x00007800, + 0x00015000, 0x00012000, 0x00012800, 0x00013000, + 0x00014000, 0x00010800, 0x00011800, 0x00013800, + 0x00016800, 0x00016000, 0x00017000, 0x00010000, + 0x00014800, 0x00011000, 0x00015800, 0x00017800, + 0x0006d000, 0x0006a000, 0x0006a800, 0x0006b000, + 0x0006c000, 0x00068800, 0x00069800, 0x0006b800, + 0x0006e800, 0x0006e000, 0x0006f000, 0x00068000, + 0x0006c800, 0x00069000, 0x0006d800, 0x0006f800, + 0x0005d000, 0x0005a000, 0x0005a800, 0x0005b000, + 0x0005c000, 0x00058800, 0x00059800, 0x0005b800, + 0x0005e800, 0x0005e000, 0x0005f000, 0x00058000, + 0x0005c800, 0x00059000, 0x0005d800, 0x0005f800, + 0x0004d000, 0x0004a000, 0x0004a800, 0x0004b000, + 0x0004c000, 0x00048800, 0x00049800, 0x0004b800, + 0x0004e800, 0x0004e000, 0x0004f000, 0x00048000, + 0x0004c800, 0x00049000, 0x0004d800, 0x0004f800, + 0x0000d000, 0x0000a000, 0x0000a800, 0x0000b000, + 0x0000c000, 0x00008800, 0x00009800, 0x0000b800, + 0x0000e800, 0x0000e000, 0x0000f000, 0x00008000, + 0x0000c800, 0x00009000, 0x0000d800, 0x0000f800, + 0x0003d000, 0x0003a000, 0x0003a800, 0x0003b000, + 0x0003c000, 0x00038800, 0x00039800, 0x0003b800, + 0x0003e800, 0x0003e000, 0x0003f000, 0x00038000, + 0x0003c800, 0x00039000, 0x0003d800, 0x0003f800, + 0x00035000, 0x00032000, 0x00032800, 0x00033000, + 0x00034000, 0x00030800, 0x00031800, 0x00033800, + 0x00036800, 0x00036000, 0x00037000, 0x00030000, + 0x00034800, 0x00031000, 0x00035800, 0x00037800, + 0x0001d000, 0x0001a000, 0x0001a800, 0x0001b000, + 0x0001c000, 0x00018800, 0x00019800, 0x0001b800, + 0x0001e800, 0x0001e000, 0x0001f000, 0x00018000, + 0x0001c800, 0x00019000, 0x0001d800, 0x0001f800, + 0x00065000, 0x00062000, 0x00062800, 0x00063000, + 0x00064000, 0x00060800, 0x00061800, 0x00063800, + 0x00066800, 0x00066000, 0x00067000, 0x00060000, + 0x00064800, 0x00061000, 0x00065800, 0x00067800, + 0x00075000, 0x00072000, 0x00072800, 0x00073000, + 0x00074000, 0x00070800, 0x00071800, 0x00073800, + 0x00076800, 0x00076000, 0x00077000, 0x00070000, + 0x00074800, 0x00071000, 0x00075800, 0x00077800, + 0x00055000, 0x00052000, 0x00052800, 0x00053000, + 0x00054000, 0x00050800, 0x00051800, 0x00053800, + 0x00056800, 0x00056000, 0x00057000, 0x00050000, + 0x00054800, 0x00051000, 0x00055800, 0x00057800, + 0x00045000, 0x00042000, 0x00042800, 0x00043000, + 0x00044000, 0x00040800, 0x00041800, 0x00043800, + 0x00046800, 0x00046000, 0x00047000, 0x00040000, + 0x00044800, 0x00041000, 0x00045800, 0x00047800, + /* 1 */ + 0x02380000, 0x02780000, 0x02600000, 0x02700000, + 0x02480000, 0x02200000, 0x02080000, 0x02000000, + 0x02180000, 0x02580000, 0x02280000, 0x02100000, + 0x02300000, 0x02500000, 0x02400000, 0x02680000, + 0x05380000, 0x05780000, 0x05600000, 0x05700000, + 0x05480000, 0x05200000, 0x05080000, 0x05000000, + 0x05180000, 0x05580000, 0x05280000, 0x05100000, + 0x05300000, 0x05500000, 0x05400000, 0x05680000, + 0x03b80000, 0x03f80000, 0x03e00000, 0x03f00000, + 0x03c80000, 0x03a00000, 0x03880000, 0x03800000, + 0x03980000, 0x03d80000, 0x03a80000, 0x03900000, + 0x03b00000, 0x03d00000, 0x03c00000, 0x03e80000, + 0x06380000, 0x06780000, 0x06600000, 0x06700000, + 0x06480000, 0x06200000, 0x06080000, 0x06000000, + 0x06180000, 0x06580000, 0x06280000, 0x06100000, + 0x06300000, 0x06500000, 0x06400000, 0x06680000, + 0x00380000, 0x00780000, 0x00600000, 0x00700000, + 0x00480000, 0x00200000, 0x00080000, 0x00000000, + 0x00180000, 0x00580000, 0x00280000, 0x00100000, + 0x00300000, 0x00500000, 0x00400000, 0x00680000, + 0x07b80000, 0x07f80000, 0x07e00000, 0x07f00000, + 0x07c80000, 0x07a00000, 0x07880000, 0x07800000, + 0x07980000, 0x07d80000, 0x07a80000, 0x07900000, + 0x07b00000, 0x07d00000, 0x07c00000, 0x07e80000, + 0x01380000, 0x01780000, 0x01600000, 0x01700000, + 0x01480000, 0x01200000, 0x01080000, 0x01000000, + 0x01180000, 0x01580000, 0x01280000, 0x01100000, + 0x01300000, 0x01500000, 0x01400000, 0x01680000, + 0x04380000, 0x04780000, 0x04600000, 0x04700000, + 0x04480000, 0x04200000, 0x04080000, 0x04000000, + 0x04180000, 0x04580000, 0x04280000, 0x04100000, + 0x04300000, 0x04500000, 0x04400000, 0x04680000, + 0x07380000, 0x07780000, 0x07600000, 0x07700000, + 0x07480000, 0x07200000, 0x07080000, 0x07000000, + 0x07180000, 0x07580000, 0x07280000, 0x07100000, + 0x07300000, 0x07500000, 0x07400000, 0x07680000, + 0x00b80000, 0x00f80000, 0x00e00000, 0x00f00000, + 0x00c80000, 0x00a00000, 0x00880000, 0x00800000, + 0x00980000, 0x00d80000, 0x00a80000, 0x00900000, + 0x00b00000, 0x00d00000, 0x00c00000, 0x00e80000, + 0x03380000, 0x03780000, 0x03600000, 0x03700000, + 0x03480000, 0x03200000, 0x03080000, 0x03000000, + 0x03180000, 0x03580000, 0x03280000, 0x03100000, + 0x03300000, 0x03500000, 0x03400000, 0x03680000, + 0x02b80000, 0x02f80000, 0x02e00000, 0x02f00000, + 0x02c80000, 0x02a00000, 0x02880000, 0x02800000, + 0x02980000, 0x02d80000, 0x02a80000, 0x02900000, + 0x02b00000, 0x02d00000, 0x02c00000, 0x02e80000, + 0x06b80000, 0x06f80000, 0x06e00000, 0x06f00000, + 0x06c80000, 0x06a00000, 0x06880000, 0x06800000, + 0x06980000, 0x06d80000, 0x06a80000, 0x06900000, + 0x06b00000, 0x06d00000, 0x06c00000, 0x06e80000, + 0x05b80000, 0x05f80000, 0x05e00000, 0x05f00000, + 0x05c80000, 0x05a00000, 0x05880000, 0x05800000, + 0x05980000, 0x05d80000, 0x05a80000, 0x05900000, + 0x05b00000, 0x05d00000, 0x05c00000, 0x05e80000, + 0x04b80000, 0x04f80000, 0x04e00000, 0x04f00000, + 0x04c80000, 0x04a00000, 0x04880000, 0x04800000, + 0x04980000, 0x04d80000, 0x04a80000, 0x04900000, + 0x04b00000, 0x04d00000, 0x04c00000, 0x04e80000, + 0x01b80000, 0x01f80000, 0x01e00000, 0x01f00000, + 0x01c80000, 0x01a00000, 0x01880000, 0x01800000, + 0x01980000, 0x01d80000, 0x01a80000, 0x01900000, + 0x01b00000, 0x01d00000, 0x01c00000, 0x01e80000, + /* 2 */ + 0xb8000003, 0xb0000003, 0xa0000003, 0xd8000003, + 0xc8000003, 0xe0000003, 0x90000003, 0xd0000003, + 0x88000003, 0xc0000003, 0x80000003, 0xf0000003, + 0xf8000003, 0xe8000003, 0x98000003, 0xa8000003, + 0x38000003, 0x30000003, 0x20000003, 0x58000003, + 0x48000003, 0x60000003, 0x10000003, 0x50000003, + 0x08000003, 0x40000003, 0x00000003, 0x70000003, + 0x78000003, 0x68000003, 0x18000003, 0x28000003, + 0x38000001, 0x30000001, 0x20000001, 0x58000001, + 0x48000001, 0x60000001, 0x10000001, 0x50000001, + 0x08000001, 0x40000001, 0x00000001, 0x70000001, + 0x78000001, 0x68000001, 0x18000001, 0x28000001, + 0x38000002, 0x30000002, 0x20000002, 0x58000002, + 0x48000002, 0x60000002, 0x10000002, 0x50000002, + 0x08000002, 0x40000002, 0x00000002, 0x70000002, + 0x78000002, 0x68000002, 0x18000002, 0x28000002, + 0xb8000006, 0xb0000006, 0xa0000006, 0xd8000006, + 0xc8000006, 0xe0000006, 0x90000006, 0xd0000006, + 0x88000006, 0xc0000006, 0x80000006, 0xf0000006, + 0xf8000006, 0xe8000006, 0x98000006, 0xa8000006, + 0xb8000004, 0xb0000004, 0xa0000004, 0xd8000004, + 0xc8000004, 0xe0000004, 0x90000004, 0xd0000004, + 0x88000004, 0xc0000004, 0x80000004, 0xf0000004, + 0xf8000004, 0xe8000004, 0x98000004, 0xa8000004, + 0xb8000007, 0xb0000007, 0xa0000007, 0xd8000007, + 0xc8000007, 0xe0000007, 0x90000007, 0xd0000007, + 0x88000007, 0xc0000007, 0x80000007, 0xf0000007, + 0xf8000007, 0xe8000007, 0x98000007, 0xa8000007, + 0x38000000, 0x30000000, 0x20000000, 0x58000000, + 0x48000000, 0x60000000, 0x10000000, 0x50000000, + 0x08000000, 0x40000000, 0x00000000, 0x70000000, + 0x78000000, 0x68000000, 0x18000000, 0x28000000, + 0x38000005, 0x30000005, 0x20000005, 0x58000005, + 0x48000005, 0x60000005, 0x10000005, 0x50000005, + 0x08000005, 0x40000005, 0x00000005, 0x70000005, + 0x78000005, 0x68000005, 0x18000005, 0x28000005, + 0xb8000000, 0xb0000000, 0xa0000000, 0xd8000000, + 0xc8000000, 0xe0000000, 0x90000000, 0xd0000000, + 0x88000000, 0xc0000000, 0x80000000, 0xf0000000, + 0xf8000000, 0xe8000000, 0x98000000, 0xa8000000, + 0xb8000002, 0xb0000002, 0xa0000002, 0xd8000002, + 0xc8000002, 0xe0000002, 0x90000002, 0xd0000002, + 0x88000002, 0xc0000002, 0x80000002, 0xf0000002, + 0xf8000002, 0xe8000002, 0x98000002, 0xa8000002, + 0xb8000005, 0xb0000005, 0xa0000005, 0xd8000005, + 0xc8000005, 0xe0000005, 0x90000005, 0xd0000005, + 0x88000005, 0xc0000005, 0x80000005, 0xf0000005, + 0xf8000005, 0xe8000005, 0x98000005, 0xa8000005, + 0x38000004, 0x30000004, 0x20000004, 0x58000004, + 0x48000004, 0x60000004, 0x10000004, 0x50000004, + 0x08000004, 0x40000004, 0x00000004, 0x70000004, + 0x78000004, 0x68000004, 0x18000004, 0x28000004, + 0x38000007, 0x30000007, 0x20000007, 0x58000007, + 0x48000007, 0x60000007, 0x10000007, 0x50000007, + 0x08000007, 0x40000007, 0x00000007, 0x70000007, + 0x78000007, 0x68000007, 0x18000007, 0x28000007, + 0x38000006, 0x30000006, 0x20000006, 0x58000006, + 0x48000006, 0x60000006, 0x10000006, 0x50000006, + 0x08000006, 0x40000006, 0x00000006, 0x70000006, + 0x78000006, 0x68000006, 0x18000006, 0x28000006, + 0xb8000001, 0xb0000001, 0xa0000001, 0xd8000001, + 0xc8000001, 0xe0000001, 0x90000001, 0xd0000001, + 0x88000001, 0xc0000001, 0x80000001, 0xf0000001, + 0xf8000001, 0xe8000001, 0x98000001, 0xa8000001, + /* 3 */ + 0x000000e8, 0x000000f0, 0x000000a0, 0x00000088, + 0x000000b8, 0x00000080, 0x000000a8, 0x000000d0, + 0x00000098, 0x000000e0, 0x000000c0, 0x000000f8, + 0x000000b0, 0x00000090, 0x000000c8, 0x000000d8, + 0x000001e8, 0x000001f0, 0x000001a0, 0x00000188, + 0x000001b8, 0x00000180, 0x000001a8, 0x000001d0, + 0x00000198, 0x000001e0, 0x000001c0, 0x000001f8, + 0x000001b0, 0x00000190, 0x000001c8, 0x000001d8, + 0x00000568, 0x00000570, 0x00000520, 0x00000508, + 0x00000538, 0x00000500, 0x00000528, 0x00000550, + 0x00000518, 0x00000560, 0x00000540, 0x00000578, + 0x00000530, 0x00000510, 0x00000548, 0x00000558, + 0x000004e8, 0x000004f0, 0x000004a0, 0x00000488, + 0x000004b8, 0x00000480, 0x000004a8, 0x000004d0, + 0x00000498, 0x000004e0, 0x000004c0, 0x000004f8, + 0x000004b0, 0x00000490, 0x000004c8, 0x000004d8, + 0x000002e8, 0x000002f0, 0x000002a0, 0x00000288, + 0x000002b8, 0x00000280, 0x000002a8, 0x000002d0, + 0x00000298, 0x000002e0, 0x000002c0, 0x000002f8, + 0x000002b0, 0x00000290, 0x000002c8, 0x000002d8, + 0x000005e8, 0x000005f0, 0x000005a0, 0x00000588, + 0x000005b8, 0x00000580, 0x000005a8, 0x000005d0, + 0x00000598, 0x000005e0, 0x000005c0, 0x000005f8, + 0x000005b0, 0x00000590, 0x000005c8, 0x000005d8, + 0x00000268, 0x00000270, 0x00000220, 0x00000208, + 0x00000238, 0x00000200, 0x00000228, 0x00000250, + 0x00000218, 0x00000260, 0x00000240, 0x00000278, + 0x00000230, 0x00000210, 0x00000248, 0x00000258, + 0x000007e8, 0x000007f0, 0x000007a0, 0x00000788, + 0x000007b8, 0x00000780, 0x000007a8, 0x000007d0, + 0x00000798, 0x000007e0, 0x000007c0, 0x000007f8, + 0x000007b0, 0x00000790, 0x000007c8, 0x000007d8, + 0x00000468, 0x00000470, 0x00000420, 0x00000408, + 0x00000438, 0x00000400, 0x00000428, 0x00000450, + 0x00000418, 0x00000460, 0x00000440, 0x00000478, + 0x00000430, 0x00000410, 0x00000448, 0x00000458, + 0x00000368, 0x00000370, 0x00000320, 0x00000308, + 0x00000338, 0x00000300, 0x00000328, 0x00000350, + 0x00000318, 0x00000360, 0x00000340, 0x00000378, + 0x00000330, 0x00000310, 0x00000348, 0x00000358, + 0x000003e8, 0x000003f0, 0x000003a0, 0x00000388, + 0x000003b8, 0x00000380, 0x000003a8, 0x000003d0, + 0x00000398, 0x000003e0, 0x000003c0, 0x000003f8, + 0x000003b0, 0x00000390, 0x000003c8, 0x000003d8, + 0x00000768, 0x00000770, 0x00000720, 0x00000708, + 0x00000738, 0x00000700, 0x00000728, 0x00000750, + 0x00000718, 0x00000760, 0x00000740, 0x00000778, + 0x00000730, 0x00000710, 0x00000748, 0x00000758, + 0x000006e8, 0x000006f0, 0x000006a0, 0x00000688, + 0x000006b8, 0x00000680, 0x000006a8, 0x000006d0, + 0x00000698, 0x000006e0, 0x000006c0, 0x000006f8, + 0x000006b0, 0x00000690, 0x000006c8, 0x000006d8, + 0x00000068, 0x00000070, 0x00000020, 0x00000008, + 0x00000038, 0x00000000, 0x00000028, 0x00000050, + 0x00000018, 0x00000060, 0x00000040, 0x00000078, + 0x00000030, 0x00000010, 0x00000048, 0x00000058, + 0x00000168, 0x00000170, 0x00000120, 0x00000108, + 0x00000138, 0x00000100, 0x00000128, 0x00000150, + 0x00000118, 0x00000160, 0x00000140, 0x00000178, + 0x00000130, 0x00000110, 0x00000148, 0x00000158, + 0x00000668, 0x00000670, 0x00000620, 0x00000608, + 0x00000638, 0x00000600, 0x00000628, 0x00000650, + 0x00000618, 0x00000660, 0x00000640, 0x00000678, + 0x00000630, 0x00000610, 0x00000648, 0x00000658, + } +}; + /* * A macro that performs a full encryption round of GOST 28147-89. * Temporary variables tmp assumed and variables r and l for left and right diff --git a/gost28147.h b/gost28147.h index ecdbc0f7..cc25dbe3 100644 --- a/gost28147.h +++ b/gost28147.h @@ -42,6 +42,7 @@ extern "C" { #endif

#define gost28147_param_test_3411 nettle_gost28147_param_test_3411 +#define gost28147_param_CryptoPro_3411 nettle_gost28147_param_CryptoPro_3411

#define gost28147_encrypt_simple nettle_gost28147_encrypt_simple

@@ -52,6 +53,7 @@ struct gost28147_param };

extern const struct gost28147_param gost28147_param_test_3411; +extern const struct gost28147_param gost28147_param_CryptoPro_3411;

/* Internal interface for use by GOST R 34.11-94 */ void gost28147_encrypt_simple (const uint32_t *key, const uint32_t *sbox, diff --git a/gosthash94-meta.c b/gosthash94-meta.c index 42b05562..ad203bfd 100644 --- a/gosthash94-meta.c +++ b/gosthash94-meta.c @@ -39,3 +39,6 @@

const struct nettle_hash nettle_gosthash94 = _NETTLE_HASH(gosthash94, GOSTHASH94); + +const struct nettle_hash nettle_gosthash94cp += _NETTLE_HASH(gosthash94cp, GOSTHASH94CP); diff --git a/gosthash94.c b/gosthash94.c index d87e4c02..e3801ef1 100644 --- a/gosthash94.c +++ b/gosthash94.c @@ -59,7 +59,8 @@ gosthash94_init (struct gosthash94_ctx *ctx) * @param block the message block to process */ static void -gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) +gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block, + const uint32_t *sbox) { unsigned i; uint32_t key[8], u[8], v[8], w[8], s[8]; @@ -104,7 +105,7 @@ gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) ((w[5] & 0xff000000) >> 8) | (w[7] & 0xff000000);

/* encryption: s_i := E_{key_i} (h_i) */ - gost28147_encrypt_simple (key, gost28147_param_test_3411.sbox, &ctx->hash[i], &s[i]); + gost28147_encrypt_simple (key, sbox, &ctx->hash[i], &s[i]);

if (i == 0) { @@ -259,7 +260,8 @@ gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) * @param block the 256-bit message block to process */ static void -gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block) +gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block, + const uint32_t *sbox) { uint32_t block_le[8]; unsigned i, carry; @@ -275,7 +277,7 @@ gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block) }

/* update message hash */ - gost_block_compress (ctx, block_le); + gost_block_compress (ctx, block_le, sbox); }

/** @@ -286,9 +288,10 @@ gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block) * @param msg message chunk * @param size length of the message chunk */ -void -gosthash94_update (struct gosthash94_ctx *ctx, - size_t length, const uint8_t *msg) +static void +gosthash94_update_int (struct gosthash94_ctx *ctx, + size_t length, const uint8_t *msg, + const uint32_t *sbox) { unsigned index = (unsigned) ctx->length & 31; ctx->length += length; @@ -302,13 +305,13 @@ gosthash94_update (struct gosthash94_ctx *ctx, return;

/* process partial block */ - gost_compute_sum_and_hash (ctx, ctx->message); + gost_compute_sum_and_hash (ctx, ctx->message, sbox); msg += left; length -= left; } while (length >= GOSTHASH94_BLOCK_SIZE) { - gost_compute_sum_and_hash (ctx, msg); + gost_compute_sum_and_hash (ctx, msg, sbox); msg += GOSTHASH94_BLOCK_SIZE; length -= GOSTHASH94_BLOCK_SIZE; } @@ -320,14 +323,47 @@ gosthash94_update (struct gosthash94_ctx *ctx, }

/** + * Calculate message hash. + * Can be called repeatedly with chunks of the message to be hashed. + * + * @param ctx the algorithm context containing current hashing state + * @param msg message chunk + * @param size length of the message chunk + */ +void +gosthash94_update (struct gosthash94_ctx *ctx, + size_t length, const uint8_t *msg) +{ + gosthash94_update_int (ctx, length, msg, + gost28147_param_test_3411.sbox); +} + +/** + * Calculate message hash. + * Can be called repeatedly with chunks of the message to be hashed. + * + * @param ctx the algorithm context containing current hashing state + * @param msg message chunk + * @param size length of the message chunk + */ +void +gosthash94cp_update (struct gosthash94_ctx *ctx, + size_t length, const uint8_t *msg) +{ + gosthash94_update_int (ctx, length, msg, + gost28147_param_CryptoPro_3411.sbox); +} + +/** * Finish hashing and store message digest into given array. * * @param ctx the algorithm context containing current hashing state * @param result calculated hash in binary form */ -void -gosthash94_digest (struct gosthash94_ctx *ctx, - size_t length, uint8_t *result) +static void +gosthash94_write_digest (struct gosthash94_ctx *ctx, + size_t length, uint8_t *result, + const uint32_t *sbox) { unsigned index = ctx->length & 31; uint32_t msg32[8]; @@ -338,7 +374,7 @@ gosthash94_digest (struct gosthash94_ctx *ctx, if (index > 0) { memset (ctx->message + index, 0, 32 - index); - gost_compute_sum_and_hash (ctx, ctx->message); + gost_compute_sum_and_hash (ctx, ctx->message, sbox); }

/* hash the message length and the sum */ @@ -346,10 +382,26 @@ gosthash94_digest (struct gosthash94_ctx *ctx, msg32[1] = ctx->length >> 29; memset (msg32 + 2, 0, sizeof (uint32_t) * 6);

- gost_block_compress (ctx, msg32); - gost_block_compress (ctx, ctx->sum); + gost_block_compress (ctx, msg32, sbox); + gost_block_compress (ctx, ctx->sum, sbox);

/* convert hash state to result bytes */ _nettle_write_le32(length, result, ctx->hash); gosthash94_init (ctx); } + +void +gosthash94_digest (struct gosthash94_ctx *ctx, + size_t length, uint8_t *result) +{ + gosthash94_write_digest (ctx, length, result, + gost28147_param_test_3411.sbox); +} + +void +gosthash94cp_digest (struct gosthash94_ctx *ctx, + size_t length, uint8_t *result) +{ + gosthash94_write_digest (ctx, length, result, + gost28147_param_CryptoPro_3411.sbox); +} diff --git a/gosthash94.h b/gosthash94.h index 8e9d49fe..c0fdad11 100644 --- a/gosthash94.h +++ b/gosthash94.h @@ -72,11 +72,17 @@ extern "C" { #define gosthash94_update nettle_gosthash94_update #define gosthash94_digest nettle_gosthash94_digest

+#define gosthash94cp_update nettle_gosthash94cp_update +#define gosthash94cp_digest nettle_gosthash94cp_digest + #define GOSTHASH94_BLOCK_SIZE 32 #define GOSTHASH94_DIGEST_SIZE 32 /* For backwards compatibility */ #define GOSTHASH94_DATA_SIZE GOSTHASH94_BLOCK_SIZE

+#define GOSTHASH94CP_BLOCK_SIZE GOSTHASH94_BLOCK_SIZE +#define GOSTHASH94CP_DIGEST_SIZE GOSTHASH94_DIGEST_SIZE + struct gosthash94_ctx { uint32_t hash[8]; /* algorithm 256-bit state */ @@ -84,6 +90,7 @@ struct gosthash94_ctx uint8_t message[GOSTHASH94_BLOCK_SIZE]; /* 256-bit buffer for leftovers */ uint64_t length; /* number of processed bytes */ }; +#define gosthash94cp_ctx gosthash94_ctx

void gosthash94_init(struct gosthash94_ctx *ctx); void gosthash94_update(struct gosthash94_ctx *ctx, @@ -91,6 +98,12 @@ void gosthash94_update(struct gosthash94_ctx *ctx, void gosthash94_digest(struct gosthash94_ctx *ctx, size_t length, uint8_t *result);

+#define gosthash94cp_init gosthash94_init +void gosthash94cp_update(struct gosthash94_ctx *ctx, + size_t length, const uint8_t *msg); +void gosthash94cp_digest(struct gosthash94_ctx *ctx, + size_t length, uint8_t *result); + #ifdef __cplusplus } #endif diff --git a/hmac-gosthash94.c b/hmac-gosthash94.c index e5be545c..66b62854 100644 --- a/hmac-gosthash94.c +++ b/hmac-gosthash94.c @@ -57,3 +57,23 @@ hmac_gosthash94_digest(struct hmac_gosthash94_ctx *ctx, { HMAC_DIGEST(ctx, &nettle_gosthash94, length, digest); } + +void +hmac_gosthash94cp_set_key(struct hmac_gosthash94cp_ctx *ctx, + size_t key_length, const uint8_t *key) +{ + HMAC_SET_KEY(ctx, &nettle_gosthash94cp, key_length, key); +} + +void +hmac_gosthash94cp_update(struct hmac_gosthash94cp_ctx *ctx, + size_t length, const uint8_t *data) +{ + gosthash94cp_update(&ctx->state, length, data); +} +void +hmac_gosthash94cp_digest(struct hmac_gosthash94cp_ctx *ctx, + size_t length, uint8_t *digest) +{ + HMAC_DIGEST(ctx, &nettle_gosthash94cp, length, digest); +} diff --git a/hmac.h b/hmac.h index dac2943e..d9ee3400 100644 --- a/hmac.h +++ b/hmac.h @@ -72,6 +72,9 @@ extern "C" { #define hmac_gosthash94_set_key nettle_hmac_gosthash94_set_key #define hmac_gosthash94_update nettle_hmac_gosthash94_update #define hmac_gosthash94_digest nettle_hmac_gosthash94_digest +#define hmac_gosthash94cp_set_key nettle_hmac_gosthash94cp_set_key +#define hmac_gosthash94cp_update nettle_hmac_gosthash94cp_update +#define hmac_gosthash94cp_digest nettle_hmac_gosthash94cp_digest

void hmac_set_key(void *outer, void *inner, void *state, @@ -222,6 +225,20 @@ hmac_gosthash94_update(struct hmac_gosthash94_ctx *ctx, hmac_gosthash94_digest(struct hmac_gosthash94_ctx *ctx, size_t length, uint8_t *digest);

+struct hmac_gosthash94cp_ctx HMAC_CTX(struct gosthash94cp_ctx); + +void +hmac_gosthash94cp_set_key(struct hmac_gosthash94cp_ctx *ctx, + size_t key_length, const uint8_t *key); + +void +hmac_gosthash94cp_update(struct hmac_gosthash94cp_ctx *ctx, + size_t length, const uint8_t *data); + +void +hmac_gosthash94cp_digest(struct hmac_gosthash94cp_ctx *ctx, + size_t length, uint8_t *digest); +

#ifdef __cplusplus } diff --git a/nettle-meta-hashes.c b/nettle-meta-hashes.c index df668539..bf61fb11 100644 --- a/nettle-meta-hashes.c +++ b/nettle-meta-hashes.c @@ -41,6 +41,7 @@ const struct nettle_hash * const nettle_hashes[] = { &nettle_md4, &nettle_md5, &nettle_gosthash94, + &nettle_gosthash94cp, &nettle_ripemd160, &nettle_sha1, &nettle_sha224, diff --git a/nettle-meta.h b/nettle-meta.h index 14b5e48e..5a1f85bc 100644 --- a/nettle-meta.h +++ b/nettle-meta.h @@ -121,6 +121,7 @@ extern const struct nettle_hash nettle_md2; extern const struct nettle_hash nettle_md4; extern const struct nettle_hash nettle_md5; extern const struct nettle_hash nettle_gosthash94; +extern const struct nettle_hash nettle_gosthash94cp; extern const struct nettle_hash nettle_ripemd160; extern const struct nettle_hash nettle_sha1; extern const struct nettle_hash nettle_sha224; diff --git a/nettle.texinfo b/nettle.texinfo index 1d7e4e3e..e012b989 100644 --- a/nettle.texinfo +++ b/nettle.texinfo @@ -967,12 +967,17 @@ This function also resets the context in the same way as @end deftypefun

-@subsubsection @acronym{GOSTHASH94} +@subsubsection @acronym{GOSTHASH94 and GOSTHASH94CP}

The GOST94 or GOST R 34.11-94 hash algorithm is a Soviet-era algorithm used in Russian government standards (see @cite{RFC 4357}). -It outputs message digests of 256 bits, or 32 octets. -Nettle defines GOSTHASH94 in @file{<nettle/gosthash94.h>}. +It outputs message digests of 256 bits, or 32 octets. The standard itself +does not fix the s-box used by the hash algorith, so there are two popular +variants (the testing s-box from the standard itself and the s-box defined +by CryptoPro company). Nettle provides support for the former s-box in +the form of GOSTHASH94 hash algorithm and for the latter in the form of +GOSTHASH94CP hash algorithm. +Nettle defines GOSTHASH94 and GOSTHASH94CP in @file{<nettle/gosthash94.h>}.

@deftp {Context struct} {struct gosthash94_ctx} @end deftp @@ -1003,6 +1008,35 @@ This function also resets the context in the same way as @code{gosthash94_init}. @end deftypefun

+@deftp {Context struct} {struct gosthash94cp_ctx} +@end deftp + +@defvr Constant GOSTHASH94CP_DIGEST_SIZE +The size of a GOSTHASH94CP digest, i.e. 32. +@end defvr + +@defvr Constant GOSTHASH94CP_BLOCK_SIZE +The internal block size of GOSTHASH94CP, i.e., 32. +@end defvr + +@deftypefun void gosthash94cp_init (struct gosthash94cp_ctx *@var{ctx}) +Initialize the GOSTHASH94CP state. +@end deftypefun + +@deftypefun void gosthash94cp_update (struct gosthash94cp_ctx *@var{ctx}, size_t @var{length}, const uint8_t *@var{data}) +Hash some more data. +@end deftypefun + +@deftypefun void gosthash94cp_digest (struct gosthash94cp_ctx *@var{ctx}, size_t @var{length}, uint8_t *@var{digest}) +Performs final processing and extracts the message digest, writing it +to @var{digest}. @var{length} may be smaller than +@code{GOSTHASH94CP_DIGEST_SIZE}, in which case only the first @var{length} +octets of the digest are written. + +This function also resets the context in the same way as +@code{gosthash94cp_init}. +@end deftypefun + @node nettle_hash abstraction,, Legacy hash functions, Hash functions @comment node-name, next, previous, up @subsection The @code{struct nettle_hash} abstraction @@ -1033,6 +1067,7 @@ The last three attributes are function pointers, of types @deftypevrx {Constant Struct} {struct nettle_hash} nettle_sha512 @deftypevrx {Constant Struct} {struct nettle_hash} nettle_sha3_256 @deftypevrx {Constant Struct} {struct nettle_hash} nettle_gosthash94 +@deftypevrx {Constant Struct} {struct nettle_hash} nettle_gosthash94cp These are all the hash functions that Nettle implements. @end deftypevr

diff --git a/testsuite/gosthash94-test.c b/testsuite/gosthash94-test.c index 77fb8bef..d4e50158 100644 --- a/testsuite/gosthash94-test.c +++ b/testsuite/gosthash94-test.c @@ -17,4 +17,16 @@ test_main(void)

test_hash(&nettle_gosthash94, SDATA(""), SHEX("ce85b99cc46752fffee35cab9a7b0278abb4c2d2055cff685af4912c49490f8d")); + + test_hash(&nettle_gosthash94cp, SDATA("The quick brown fox jumps over the lazy dog"), + SHEX("9004294a361a508c586fe53d1f1b02746765e71b765472786e4770d565830a76")); + + test_hash(&nettle_gosthash94cp, SDATA("message digest"), + SHEX("bc6041dd2aa401ebfa6e9886734174febdb4729aa972d60f549ac39b29721ba0")); + + test_hash(&nettle_gosthash94cp, SDATA("a"), + SHEX("e74c52dd282183bf37af0079c9f78055715a103f17e3133ceff1aacf2f403011")); + + test_hash(&nettle_gosthash94cp, SDATA(""), + SHEX("981e5f3ca30c841487830f84fb433e13ac1101569b9c13584ac483234cd656c0")); } diff --git a/testsuite/hmac-test.c b/testsuite/hmac-test.c index 4a0e35ba..f009c800 100644 --- a/testsuite/hmac-test.c +++ b/testsuite/hmac-test.c @@ -901,4 +901,11 @@ test_main(void) SHEX("0126bdb87800af214341456563780100"), SHEX("bfebe25f051bfef6ac858babb0abc409" "bfd2e334ab847bc0b0d056517c7d94c5")); + + HMAC_TEST(gosthash94cp, + SHEX("000102030405060708090a0b0c0d0e0f" + "101112131415161718191a1b1c1d1e1f"), + SHEX("0126bdb87800af214341456563780100"), + SHEX("bad70b61c41095bc47e1141cfaed4272" + "6a5ceebd62ce75dbbb9ad76cda9f72f7")); } diff --git a/testsuite/meta-hash-test.c b/testsuite/meta-hash-test.c index b0dc8147..b81f09ea 100644 --- a/testsuite/meta-hash-test.c +++ b/testsuite/meta-hash-test.c @@ -9,6 +9,7 @@ const char* hashes[] = { "md4", "md5", "gosthash94", + "gosthash94cp", "ripemd160", "sha1", "sha224", diff --git a/testsuite/pbkdf2-test.c b/testsuite/pbkdf2-test.c index bb8da57f..1a21b651 100644 --- a/testsuite/pbkdf2-test.c +++ b/testsuite/pbkdf2-test.c @@ -28,6 +28,7 @@ test_main (void) struct hmac_sha1_ctx sha1ctx; struct hmac_sha256_ctx sha256ctx; struct hmac_sha512_ctx sha512ctx; + struct hmac_gosthash94cp_ctx gosthash94cpctx;

/* Test vectors for PBKDF2 from RFC 6070. */

@@ -110,4 +111,25 @@ test_main (void) PBKDF2_HMAC_TEST(pbkdf2_hmac_sha256, LDATA("passwd"), 1, LDATA("salt"), SHEX("55ac046e56e3089fec1691c22544b605"));

+ /* From TC26 documents. */ + + hmac_gosthash94cp_set_key (&gosthash94cpctx, LDATA("password")); + PBKDF2_TEST (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, 1, LDATA("salt"), + SHEX("7314e7c04fb2e662c543674253f68bd0b73445d07f241bed872882da21662d58")); + + PBKDF2_TEST (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, 4096, LDATA("salt"), + SHEX("1f1829a94bdff5be10d0aeb36af498e7a97467f3b31116a5a7c1afff9deadafe")); + + hmac_gosthash94cp_set_key (&gosthash94cpctx, LDATA("passwordPASSWORDpassword")); + PBKDF2_TEST (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, 4096, LDATA("saltSALTsaltSALTsaltSALTsaltSALTsalt"), + SHEX("788358c69cb2dbe251a7bb17d5f4241f265a792a35becde8d56f326b49c85047b7638acb4764b1fd")); + + hmac_gosthash94cp_set_key (&gosthash94cpctx, LDATA("pass\0word")); + PBKDF2_TEST (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, 4096, LDATA("sa\0lt"), + SHEX("43e06c5590b08c0225242373127edf9c8e9c3291")); + }