[PATCH 00/13] GOST cipher/MAC/hash algorithms support

List overview All Threads
Download

newer

older

[PATCH] Avoid assertion failure in...

RSA OAEP Support

Dmitry Eremin-Solenikov

17 May 2017 17 May '17

11:27 p.m.

This is the first round of patches expanding GOST algorithms support in Nettle cryptographic library. They are implemented according to published RFCs and GOST standards and serve the base of GOST ciphersuites implementation for GnuTLS.

Dmitry Eremin-Solenikov (13): Add GOST R 34.11 to nettle_hashes Add HMAC functions for GOSTHASH94 Start separating GOST 28147-89 from GOST R 34.11-94 Add support for GOSTHASH94CP: GOST R 34.11-94 hash with CryptoPro S-box Implement PBKDF2 shortcut function for GOSTHASH94CP Add the rest of sboxes for GOST 28147 Add GOST 28147-89 ECB encryption and decryption support Add CFB block mode support Add CFB mode support for GOST 28147-89 Add special CNT mode for GOST 28147-89 cipher Add GOST 28147-89 IMIT support Implement GOST R 34.11-2012 (Streebog) hash function Implement PBKDF2 shortcut function for Streebog256/512

-- 2.11.0

Show replies by date

Dmitry Eremin-Solenikov

17 May 17 May

11:27 p.m.

New subject: [PATCH 01/13] Add GOST R 34.11 to nettle_hashes

Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- nettle-meta-hashes.c | 1 + testsuite/meta-hash-test.c | 1 + 2 files changed, 2 insertions(+)

diff --git a/nettle-meta-hashes.c b/nettle-meta-hashes.c index 2220968c..df668539 100644 --- a/nettle-meta-hashes.c +++ b/nettle-meta-hashes.c @@ -40,6 +40,7 @@ const struct nettle_hash * const nettle_hashes[] = { &nettle_md2, &nettle_md4, &nettle_md5, + &nettle_gosthash94, &nettle_ripemd160, &nettle_sha1, &nettle_sha224, diff --git a/testsuite/meta-hash-test.c b/testsuite/meta-hash-test.c index f7fa5369..b0dc8147 100644 --- a/testsuite/meta-hash-test.c +++ b/testsuite/meta-hash-test.c @@ -8,6 +8,7 @@ const char* hashes[] = { "md2", "md4", "md5", + "gosthash94", "ripemd160", "sha1", "sha224",

-- 2.11.0

Dmitry Eremin-Solenikov

11:27 p.m.

New subject: [PATCH 02/13] Add HMAC functions for GOSTHASH94

Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- Makefile.in | 1 + hmac-gosthash94.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++ hmac.h | 20 +++++++++++++++++ testsuite/hmac-test.c | 7 ++++++ 4 files changed, 87 insertions(+) create mode 100644 hmac-gosthash94.c

diff --git a/Makefile.in b/Makefile.in index 7e8f29c2..4fe2d6e3 100644 --- a/Makefile.in +++ b/Makefile.in @@ -106,6 +106,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ gosthash94.c gosthash94-meta.c \ hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \ hmac-sha224.c hmac-sha256.c hmac-sha384.c hmac-sha512.c \ + hmac-gosthash94.c \ knuth-lfib.c \ md2.c md2-meta.c md4.c md4-meta.c \ md5.c md5-compress.c md5-compat.c md5-meta.c \ diff --git a/hmac-gosthash94.c b/hmac-gosthash94.c new file mode 100644 index 00000000..e5be545c --- /dev/null +++ b/hmac-gosthash94.c @@ -0,0 +1,59 @@ +/* hmac-gosthash94.c + + HMAC-GOSTHASH94 message authentication code. + + Copyright (C) 2016 Dmitry Eremin-Solenikov + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "hmac.h" + +void +hmac_gosthash94_set_key(struct hmac_gosthash94_ctx *ctx, + size_t key_length, const uint8_t *key) +{ + HMAC_SET_KEY(ctx, &nettle_gosthash94, key_length, key); +} + +void +hmac_gosthash94_update(struct hmac_gosthash94_ctx *ctx, + size_t length, const uint8_t *data) +{ + gosthash94_update(&ctx->state, length, data); +} + +void +hmac_gosthash94_digest(struct hmac_gosthash94_ctx *ctx, + size_t length, uint8_t *digest) +{ + HMAC_DIGEST(ctx, &nettle_gosthash94, length, digest); +} diff --git a/hmac.h b/hmac.h index 40a8e77a..dac2943e 100644 --- a/hmac.h +++ b/hmac.h @@ -36,6 +36,7 @@

#include "nettle-meta.h"

+#include "gosthash94.h" #include "md5.h" #include "ripemd160.h" #include "sha1.h" @@ -68,6 +69,9 @@ extern "C" { #define hmac_sha512_set_key nettle_hmac_sha512_set_key #define hmac_sha512_update nettle_hmac_sha512_update #define hmac_sha512_digest nettle_hmac_sha512_digest +#define hmac_gosthash94_set_key nettle_hmac_gosthash94_set_key +#define hmac_gosthash94_update nettle_hmac_gosthash94_update +#define hmac_gosthash94_digest nettle_hmac_gosthash94_digest

void hmac_set_key(void *outer, void *inner, void *state, @@ -203,6 +207,22 @@ void hmac_sha384_digest(struct hmac_sha512_ctx *ctx, size_t length, uint8_t *digest);

+/* hmac-gosthash94 */ +struct hmac_gosthash94_ctx HMAC_CTX(struct gosthash94_ctx); + +void +hmac_gosthash94_set_key(struct hmac_gosthash94_ctx *ctx, + size_t key_length, const uint8_t *key); + +void +hmac_gosthash94_update(struct hmac_gosthash94_ctx *ctx, + size_t length, const uint8_t *data); + + void +hmac_gosthash94_digest(struct hmac_gosthash94_ctx *ctx, + size_t length, uint8_t *digest); + + #ifdef __cplusplus } #endif diff --git a/testsuite/hmac-test.c b/testsuite/hmac-test.c index 9156cc40..4a0e35ba 100644 --- a/testsuite/hmac-test.c +++ b/testsuite/hmac-test.c @@ -894,4 +894,11 @@ test_main(void) "b1ff68a1de45509fbe4da9a433922655"));

/* Test case AUTH512-3 from same document seems broken. */ + + HMAC_TEST(gosthash94, + SHEX("000102030405060708090a0b0c0d0e0f" + "101112131415161718191a1b1c1d1e1f"), + SHEX("0126bdb87800af214341456563780100"), + SHEX("bfebe25f051bfef6ac858babb0abc409" + "bfd2e334ab847bc0b0d056517c7d94c5")); }

-- 2.11.0

Dmitry Eremin-Solenikov

11:27 p.m.

New subject: [PATCH 03/13] Start separating GOST 28147-89 from GOST R 34.11-94

Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- Makefile.in | 4 +- gost28147.c | 338 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ gost28147.h | 64 +++++++++++ gosthash94.c | 241 +----------------------------------------- 4 files changed, 406 insertions(+), 241 deletions(-) create mode 100644 gost28147.c create mode 100644 gost28147.h

diff --git a/Makefile.in b/Makefile.in index 4fe2d6e3..881f4ef4 100644 --- a/Makefile.in +++ b/Makefile.in @@ -103,7 +103,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ gcm-aes256.c gcm-aes256-meta.c \ gcm-camellia128.c gcm-camellia128-meta.c \ gcm-camellia256.c gcm-camellia256-meta.c \ - gosthash94.c gosthash94-meta.c \ + gost28147.c gosthash94.c gosthash94-meta.c \ hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \ hmac-sha224.c hmac-sha256.c hmac-sha384.c hmac-sha512.c \ hmac-gosthash94.c \ @@ -192,7 +192,7 @@ HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h \ cbc.h ccm.h chacha.h chacha-poly1305.h ctr.h \ curve25519.h des.h des-compat.h dsa.h dsa-compat.h eax.h \ ecc-curve.h ecc.h ecdsa.h eddsa.h \ - gcm.h gosthash94.h hmac.h \ + gcm.h gost28147.h gosthash94.h hmac.h \ knuth-lfib.h \ macros.h \ md2.h md4.h \ diff --git a/gost28147.c b/gost28147.c new file mode 100644 index 00000000..5d019a90 --- /dev/null +++ b/gost28147.c @@ -0,0 +1,338 @@ +/* GOST 28147-89 (Magma) implementation + * + * Copyright: 2015, 2016 Dmitry Eremin-Solenikov dbaryshkov@gmail.com + * Copyright: 2009-2012 Aleksey Kravchenko rhash.admin@gmail.com + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be included + * in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +#if HAVE_CONFIG_H +#include "config.h" +#endif + +#include "macros.h" +#include "gost28147.h" + +/* pre-initialized GOST lookup tables based on rotated S-Box */ +const struct gost28147_param gost28147_param_test_3411 = +{ + 0, + { + /* 0 */ + 0x00072000, 0x00075000, 0x00074800, 0x00071000, + 0x00076800, 0x00074000, 0x00070000, 0x00077000, + 0x00073000, 0x00075800, 0x00070800, 0x00076000, + 0x00073800, 0x00077800, 0x00072800, 0x00071800, + 0x0005a000, 0x0005d000, 0x0005c800, 0x00059000, + 0x0005e800, 0x0005c000, 0x00058000, 0x0005f000, + 0x0005b000, 0x0005d800, 0x00058800, 0x0005e000, + 0x0005b800, 0x0005f800, 0x0005a800, 0x00059800, + 0x00022000, 0x00025000, 0x00024800, 0x00021000, + 0x00026800, 0x00024000, 0x00020000, 0x00027000, + 0x00023000, 0x00025800, 0x00020800, 0x00026000, + 0x00023800, 0x00027800, 0x00022800, 0x00021800, + 0x00062000, 0x00065000, 0x00064800, 0x00061000, + 0x00066800, 0x00064000, 0x00060000, 0x00067000, + 0x00063000, 0x00065800, 0x00060800, 0x00066000, + 0x00063800, 0x00067800, 0x00062800, 0x00061800, + 0x00032000, 0x00035000, 0x00034800, 0x00031000, + 0x00036800, 0x00034000, 0x00030000, 0x00037000, + 0x00033000, 0x00035800, 0x00030800, 0x00036000, + 0x00033800, 0x00037800, 0x00032800, 0x00031800, + 0x0006a000, 0x0006d000, 0x0006c800, 0x00069000, + 0x0006e800, 0x0006c000, 0x00068000, 0x0006f000, + 0x0006b000, 0x0006d800, 0x00068800, 0x0006e000, + 0x0006b800, 0x0006f800, 0x0006a800, 0x00069800, + 0x0007a000, 0x0007d000, 0x0007c800, 0x00079000, + 0x0007e800, 0x0007c000, 0x00078000, 0x0007f000, + 0x0007b000, 0x0007d800, 0x00078800, 0x0007e000, + 0x0007b800, 0x0007f800, 0x0007a800, 0x00079800, + 0x00052000, 0x00055000, 0x00054800, 0x00051000, + 0x00056800, 0x00054000, 0x00050000, 0x00057000, + 0x00053000, 0x00055800, 0x00050800, 0x00056000, + 0x00053800, 0x00057800, 0x00052800, 0x00051800, + 0x00012000, 0x00015000, 0x00014800, 0x00011000, + 0x00016800, 0x00014000, 0x00010000, 0x00017000, + 0x00013000, 0x00015800, 0x00010800, 0x00016000, + 0x00013800, 0x00017800, 0x00012800, 0x00011800, + 0x0001a000, 0x0001d000, 0x0001c800, 0x00019000, + 0x0001e800, 0x0001c000, 0x00018000, 0x0001f000, + 0x0001b000, 0x0001d800, 0x00018800, 0x0001e000, + 0x0001b800, 0x0001f800, 0x0001a800, 0x00019800, + 0x00042000, 0x00045000, 0x00044800, 0x00041000, + 0x00046800, 0x00044000, 0x00040000, 0x00047000, + 0x00043000, 0x00045800, 0x00040800, 0x00046000, + 0x00043800, 0x00047800, 0x00042800, 0x00041800, + 0x0000a000, 0x0000d000, 0x0000c800, 0x00009000, + 0x0000e800, 0x0000c000, 0x00008000, 0x0000f000, + 0x0000b000, 0x0000d800, 0x00008800, 0x0000e000, + 0x0000b800, 0x0000f800, 0x0000a800, 0x00009800, + 0x00002000, 0x00005000, 0x00004800, 0x00001000, + 0x00006800, 0x00004000, 0x00000000, 0x00007000, + 0x00003000, 0x00005800, 0x00000800, 0x00006000, + 0x00003800, 0x00007800, 0x00002800, 0x00001800, + 0x0003a000, 0x0003d000, 0x0003c800, 0x00039000, + 0x0003e800, 0x0003c000, 0x00038000, 0x0003f000, + 0x0003b000, 0x0003d800, 0x00038800, 0x0003e000, + 0x0003b800, 0x0003f800, 0x0003a800, 0x00039800, + 0x0002a000, 0x0002d000, 0x0002c800, 0x00029000, + 0x0002e800, 0x0002c000, 0x00028000, 0x0002f000, + 0x0002b000, 0x0002d800, 0x00028800, 0x0002e000, + 0x0002b800, 0x0002f800, 0x0002a800, 0x00029800, + 0x0004a000, 0x0004d000, 0x0004c800, 0x00049000, + 0x0004e800, 0x0004c000, 0x00048000, 0x0004f000, + 0x0004b000, 0x0004d800, 0x00048800, 0x0004e000, + 0x0004b800, 0x0004f800, 0x0004a800, 0x00049800, + /* 1 */ + 0x03a80000, 0x03c00000, 0x03880000, 0x03e80000, + 0x03d00000, 0x03980000, 0x03a00000, 0x03900000, + 0x03f00000, 0x03f80000, 0x03e00000, 0x03b80000, + 0x03b00000, 0x03800000, 0x03c80000, 0x03d80000, + 0x06a80000, 0x06c00000, 0x06880000, 0x06e80000, + 0x06d00000, 0x06980000, 0x06a00000, 0x06900000, + 0x06f00000, 0x06f80000, 0x06e00000, 0x06b80000, + 0x06b00000, 0x06800000, 0x06c80000, 0x06d80000, + 0x05280000, 0x05400000, 0x05080000, 0x05680000, + 0x05500000, 0x05180000, 0x05200000, 0x05100000, + 0x05700000, 0x05780000, 0x05600000, 0x05380000, + 0x05300000, 0x05000000, 0x05480000, 0x05580000, + 0x00a80000, 0x00c00000, 0x00880000, 0x00e80000, + 0x00d00000, 0x00980000, 0x00a00000, 0x00900000, + 0x00f00000, 0x00f80000, 0x00e00000, 0x00b80000, + 0x00b00000, 0x00800000, 0x00c80000, 0x00d80000, + 0x00280000, 0x00400000, 0x00080000, 0x00680000, + 0x00500000, 0x00180000, 0x00200000, 0x00100000, + 0x00700000, 0x00780000, 0x00600000, 0x00380000, + 0x00300000, 0x00000000, 0x00480000, 0x00580000, + 0x04280000, 0x04400000, 0x04080000, 0x04680000, + 0x04500000, 0x04180000, 0x04200000, 0x04100000, + 0x04700000, 0x04780000, 0x04600000, 0x04380000, + 0x04300000, 0x04000000, 0x04480000, 0x04580000, + 0x04a80000, 0x04c00000, 0x04880000, 0x04e80000, + 0x04d00000, 0x04980000, 0x04a00000, 0x04900000, + 0x04f00000, 0x04f80000, 0x04e00000, 0x04b80000, + 0x04b00000, 0x04800000, 0x04c80000, 0x04d80000, + 0x07a80000, 0x07c00000, 0x07880000, 0x07e80000, + 0x07d00000, 0x07980000, 0x07a00000, 0x07900000, + 0x07f00000, 0x07f80000, 0x07e00000, 0x07b80000, + 0x07b00000, 0x07800000, 0x07c80000, 0x07d80000, + 0x07280000, 0x07400000, 0x07080000, 0x07680000, + 0x07500000, 0x07180000, 0x07200000, 0x07100000, + 0x07700000, 0x07780000, 0x07600000, 0x07380000, + 0x07300000, 0x07000000, 0x07480000, 0x07580000, + 0x02280000, 0x02400000, 0x02080000, 0x02680000, + 0x02500000, 0x02180000, 0x02200000, 0x02100000, + 0x02700000, 0x02780000, 0x02600000, 0x02380000, + 0x02300000, 0x02000000, 0x02480000, 0x02580000, + 0x03280000, 0x03400000, 0x03080000, 0x03680000, + 0x03500000, 0x03180000, 0x03200000, 0x03100000, + 0x03700000, 0x03780000, 0x03600000, 0x03380000, + 0x03300000, 0x03000000, 0x03480000, 0x03580000, + 0x06280000, 0x06400000, 0x06080000, 0x06680000, + 0x06500000, 0x06180000, 0x06200000, 0x06100000, + 0x06700000, 0x06780000, 0x06600000, 0x06380000, + 0x06300000, 0x06000000, 0x06480000, 0x06580000, + 0x05a80000, 0x05c00000, 0x05880000, 0x05e80000, + 0x05d00000, 0x05980000, 0x05a00000, 0x05900000, + 0x05f00000, 0x05f80000, 0x05e00000, 0x05b80000, + 0x05b00000, 0x05800000, 0x05c80000, 0x05d80000, + 0x01280000, 0x01400000, 0x01080000, 0x01680000, + 0x01500000, 0x01180000, 0x01200000, 0x01100000, + 0x01700000, 0x01780000, 0x01600000, 0x01380000, + 0x01300000, 0x01000000, 0x01480000, 0x01580000, + 0x02a80000, 0x02c00000, 0x02880000, 0x02e80000, + 0x02d00000, 0x02980000, 0x02a00000, 0x02900000, + 0x02f00000, 0x02f80000, 0x02e00000, 0x02b80000, + 0x02b00000, 0x02800000, 0x02c80000, 0x02d80000, + 0x01a80000, 0x01c00000, 0x01880000, 0x01e80000, + 0x01d00000, 0x01980000, 0x01a00000, 0x01900000, + 0x01f00000, 0x01f80000, 0x01e00000, 0x01b80000, + 0x01b00000, 0x01800000, 0x01c80000, 0x01d80000, + /* 2 */ + 0x30000002, 0x60000002, 0x38000002, 0x08000002, + 0x28000002, 0x78000002, 0x68000002, 0x40000002, + 0x20000002, 0x50000002, 0x48000002, 0x70000002, + 0x00000002, 0x18000002, 0x58000002, 0x10000002, + 0xb0000005, 0xe0000005, 0xb8000005, 0x88000005, + 0xa8000005, 0xf8000005, 0xe8000005, 0xc0000005, + 0xa0000005, 0xd0000005, 0xc8000005, 0xf0000005, + 0x80000005, 0x98000005, 0xd8000005, 0x90000005, + 0x30000005, 0x60000005, 0x38000005, 0x08000005, + 0x28000005, 0x78000005, 0x68000005, 0x40000005, + 0x20000005, 0x50000005, 0x48000005, 0x70000005, + 0x00000005, 0x18000005, 0x58000005, 0x10000005, + 0x30000000, 0x60000000, 0x38000000, 0x08000000, + 0x28000000, 0x78000000, 0x68000000, 0x40000000, + 0x20000000, 0x50000000, 0x48000000, 0x70000000, + 0x00000000, 0x18000000, 0x58000000, 0x10000000, + 0xb0000003, 0xe0000003, 0xb8000003, 0x88000003, + 0xa8000003, 0xf8000003, 0xe8000003, 0xc0000003, + 0xa0000003, 0xd0000003, 0xc8000003, 0xf0000003, + 0x80000003, 0x98000003, 0xd8000003, 0x90000003, + 0x30000001, 0x60000001, 0x38000001, 0x08000001, + 0x28000001, 0x78000001, 0x68000001, 0x40000001, + 0x20000001, 0x50000001, 0x48000001, 0x70000001, + 0x00000001, 0x18000001, 0x58000001, 0x10000001, + 0xb0000000, 0xe0000000, 0xb8000000, 0x88000000, + 0xa8000000, 0xf8000000, 0xe8000000, 0xc0000000, + 0xa0000000, 0xd0000000, 0xc8000000, 0xf0000000, + 0x80000000, 0x98000000, 0xd8000000, 0x90000000, + 0xb0000006, 0xe0000006, 0xb8000006, 0x88000006, + 0xa8000006, 0xf8000006, 0xe8000006, 0xc0000006, + 0xa0000006, 0xd0000006, 0xc8000006, 0xf0000006, + 0x80000006, 0x98000006, 0xd8000006, 0x90000006, + 0xb0000001, 0xe0000001, 0xb8000001, 0x88000001, + 0xa8000001, 0xf8000001, 0xe8000001, 0xc0000001, + 0xa0000001, 0xd0000001, 0xc8000001, 0xf0000001, + 0x80000001, 0x98000001, 0xd8000001, 0x90000001, + 0x30000003, 0x60000003, 0x38000003, 0x08000003, + 0x28000003, 0x78000003, 0x68000003, 0x40000003, + 0x20000003, 0x50000003, 0x48000003, 0x70000003, + 0x00000003, 0x18000003, 0x58000003, 0x10000003, + 0x30000004, 0x60000004, 0x38000004, 0x08000004, + 0x28000004, 0x78000004, 0x68000004, 0x40000004, + 0x20000004, 0x50000004, 0x48000004, 0x70000004, + 0x00000004, 0x18000004, 0x58000004, 0x10000004, + 0xb0000002, 0xe0000002, 0xb8000002, 0x88000002, + 0xa8000002, 0xf8000002, 0xe8000002, 0xc0000002, + 0xa0000002, 0xd0000002, 0xc8000002, 0xf0000002, + 0x80000002, 0x98000002, 0xd8000002, 0x90000002, + 0xb0000004, 0xe0000004, 0xb8000004, 0x88000004, + 0xa8000004, 0xf8000004, 0xe8000004, 0xc0000004, + 0xa0000004, 0xd0000004, 0xc8000004, 0xf0000004, + 0x80000004, 0x98000004, 0xd8000004, 0x90000004, + 0x30000006, 0x60000006, 0x38000006, 0x08000006, + 0x28000006, 0x78000006, 0x68000006, 0x40000006, + 0x20000006, 0x50000006, 0x48000006, 0x70000006, + 0x00000006, 0x18000006, 0x58000006, 0x10000006, + 0xb0000007, 0xe0000007, 0xb8000007, 0x88000007, + 0xa8000007, 0xf8000007, 0xe8000007, 0xc0000007, + 0xa0000007, 0xd0000007, 0xc8000007, 0xf0000007, + 0x80000007, 0x98000007, 0xd8000007, 0x90000007, + 0x30000007, 0x60000007, 0x38000007, 0x08000007, + 0x28000007, 0x78000007, 0x68000007, 0x40000007, + 0x20000007, 0x50000007, 0x48000007, 0x70000007, + 0x00000007, 0x18000007, 0x58000007, 0x10000007, + /* 3 */ + 0x000000e8, 0x000000d8, 0x000000a0, 0x00000088, + 0x00000098, 0x000000f8, 0x000000a8, 0x000000c8, + 0x00000080, 0x000000d0, 0x000000f0, 0x000000b8, + 0x000000b0, 0x000000c0, 0x00000090, 0x000000e0, + 0x000007e8, 0x000007d8, 0x000007a0, 0x00000788, + 0x00000798, 0x000007f8, 0x000007a8, 0x000007c8, + 0x00000780, 0x000007d0, 0x000007f0, 0x000007b8, + 0x000007b0, 0x000007c0, 0x00000790, 0x000007e0, + 0x000006e8, 0x000006d8, 0x000006a0, 0x00000688, + 0x00000698, 0x000006f8, 0x000006a8, 0x000006c8, + 0x00000680, 0x000006d0, 0x000006f0, 0x000006b8, + 0x000006b0, 0x000006c0, 0x00000690, 0x000006e0, + 0x00000068, 0x00000058, 0x00000020, 0x00000008, + 0x00000018, 0x00000078, 0x00000028, 0x00000048, + 0x00000000, 0x00000050, 0x00000070, 0x00000038, + 0x00000030, 0x00000040, 0x00000010, 0x00000060, + 0x000002e8, 0x000002d8, 0x000002a0, 0x00000288, + 0x00000298, 0x000002f8, 0x000002a8, 0x000002c8, + 0x00000280, 0x000002d0, 0x000002f0, 0x000002b8, + 0x000002b0, 0x000002c0, 0x00000290, 0x000002e0, + 0x000003e8, 0x000003d8, 0x000003a0, 0x00000388, + 0x00000398, 0x000003f8, 0x000003a8, 0x000003c8, + 0x00000380, 0x000003d0, 0x000003f0, 0x000003b8, + 0x000003b0, 0x000003c0, 0x00000390, 0x000003e0, + 0x00000568, 0x00000558, 0x00000520, 0x00000508, + 0x00000518, 0x00000578, 0x00000528, 0x00000548, + 0x00000500, 0x00000550, 0x00000570, 0x00000538, + 0x00000530, 0x00000540, 0x00000510, 0x00000560, + 0x00000268, 0x00000258, 0x00000220, 0x00000208, + 0x00000218, 0x00000278, 0x00000228, 0x00000248, + 0x00000200, 0x00000250, 0x00000270, 0x00000238, + 0x00000230, 0x00000240, 0x00000210, 0x00000260, + 0x000004e8, 0x000004d8, 0x000004a0, 0x00000488, + 0x00000498, 0x000004f8, 0x000004a8, 0x000004c8, + 0x00000480, 0x000004d0, 0x000004f0, 0x000004b8, + 0x000004b0, 0x000004c0, 0x00000490, 0x000004e0, + 0x00000168, 0x00000158, 0x00000120, 0x00000108, + 0x00000118, 0x00000178, 0x00000128, 0x00000148, + 0x00000100, 0x00000150, 0x00000170, 0x00000138, + 0x00000130, 0x00000140, 0x00000110, 0x00000160, + 0x000001e8, 0x000001d8, 0x000001a0, 0x00000188, + 0x00000198, 0x000001f8, 0x000001a8, 0x000001c8, + 0x00000180, 0x000001d0, 0x000001f0, 0x000001b8, + 0x000001b0, 0x000001c0, 0x00000190, 0x000001e0, + 0x00000768, 0x00000758, 0x00000720, 0x00000708, + 0x00000718, 0x00000778, 0x00000728, 0x00000748, + 0x00000700, 0x00000750, 0x00000770, 0x00000738, + 0x00000730, 0x00000740, 0x00000710, 0x00000760, + 0x00000368, 0x00000358, 0x00000320, 0x00000308, + 0x00000318, 0x00000378, 0x00000328, 0x00000348, + 0x00000300, 0x00000350, 0x00000370, 0x00000338, + 0x00000330, 0x00000340, 0x00000310, 0x00000360, + 0x000005e8, 0x000005d8, 0x000005a0, 0x00000588, + 0x00000598, 0x000005f8, 0x000005a8, 0x000005c8, + 0x00000580, 0x000005d0, 0x000005f0, 0x000005b8, + 0x000005b0, 0x000005c0, 0x00000590, 0x000005e0, + 0x00000468, 0x00000458, 0x00000420, 0x00000408, + 0x00000418, 0x00000478, 0x00000428, 0x00000448, + 0x00000400, 0x00000450, 0x00000470, 0x00000438, + 0x00000430, 0x00000440, 0x00000410, 0x00000460, + 0x00000668, 0x00000658, 0x00000620, 0x00000608, + 0x00000618, 0x00000678, 0x00000628, 0x00000648, + 0x00000600, 0x00000650, 0x00000670, 0x00000638, + 0x00000630, 0x00000640, 0x00000610, 0x00000660, + } +}; + +/* + * A macro that performs a full encryption round of GOST 28147-89. + * Temporary variables tmp assumed and variables r and l for left and right + * blocks. + */ +#define GOST_ENCRYPT_ROUND(key1, key2, sbox) \ + tmp = (key1) + r; \ + l ^= (sbox)[0*256 + (tmp & 0xff)] ^ (sbox)[1*256 + ((tmp >> 8) & 0xff)] ^ \ + (sbox)[2*256 + ((tmp >> 16) & 0xff)] ^ (sbox)[3*256 + (tmp >> 24)]; \ + tmp = (key2) + l; \ + r ^= (sbox)[0*256 + (tmp & 0xff)] ^ (sbox)[1*256 + ((tmp >> 8) & 0xff)] ^ \ + (sbox)[2*256 + ((tmp >> 16) & 0xff)] ^ (sbox)[3*256 + (tmp >> 24)]; + +/* encrypt a block with the given key */ +void gost28147_encrypt_simple (const uint32_t *key, const uint32_t *sbox, + const uint32_t *in, uint32_t *out) +{ + uint32_t l, r, tmp; + + r = in[0], l = in[1]; + GOST_ENCRYPT_ROUND(key[0], key[1], sbox) + GOST_ENCRYPT_ROUND(key[2], key[3], sbox) + GOST_ENCRYPT_ROUND(key[4], key[5], sbox) + GOST_ENCRYPT_ROUND(key[6], key[7], sbox) + GOST_ENCRYPT_ROUND(key[0], key[1], sbox) + GOST_ENCRYPT_ROUND(key[2], key[3], sbox) + GOST_ENCRYPT_ROUND(key[4], key[5], sbox) + GOST_ENCRYPT_ROUND(key[6], key[7], sbox) + GOST_ENCRYPT_ROUND(key[0], key[1], sbox) + GOST_ENCRYPT_ROUND(key[2], key[3], sbox) + GOST_ENCRYPT_ROUND(key[4], key[5], sbox) + GOST_ENCRYPT_ROUND(key[6], key[7], sbox) + GOST_ENCRYPT_ROUND(key[7], key[6], sbox) + GOST_ENCRYPT_ROUND(key[5], key[4], sbox) + GOST_ENCRYPT_ROUND(key[3], key[2], sbox) + GOST_ENCRYPT_ROUND(key[1], key[0], sbox) + *out = l, *(out + 1) = r; +} diff --git a/gost28147.h b/gost28147.h new file mode 100644 index 00000000..ecdbc0f7 --- /dev/null +++ b/gost28147.h @@ -0,0 +1,64 @@ +/* gost28147.h + + The GOST 28147-89 (MAGMA) cipher function, described in RFC 5831. + + Copyright (C) 2015 Dmitry Eremin-Solenikov + Copyright (C) 2012 Nikos Mavrogiannopoulos, Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifndef NETTLE_GOST28147_H_INCLUDED +#define NETTLE_GOST28147_H_INCLUDED + +#include "nettle-types.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define gost28147_param_test_3411 nettle_gost28147_param_test_3411 + +#define gost28147_encrypt_simple nettle_gost28147_encrypt_simple + +struct gost28147_param +{ + int key_meshing; + uint32_t sbox[4*256]; +}; + +extern const struct gost28147_param gost28147_param_test_3411; + +/* Internal interface for use by GOST R 34.11-94 */ +void gost28147_encrypt_simple (const uint32_t *key, const uint32_t *sbox, + const uint32_t *in, uint32_t *out); + +#ifdef __cplusplus +} +#endif + +#endif /* NETTLE_GOST28147_H_INCLUDED */ diff --git a/gosthash94.c b/gosthash94.c index e60c9ae5..d87e4c02 100644 --- a/gosthash94.c +++ b/gosthash94.c @@ -38,209 +38,7 @@ #include "macros.h" #include "nettle-write.h" #include "gosthash94.h" - -/* pre-initialized GOST lookup tables based on rotated S-Box */ -static const uint32_t gosthash94_sbox[4][256] = { - { - 0x72000, 0x75000, 0x74800, 0x71000, 0x76800, - 0x74000, 0x70000, 0x77000, 0x73000, 0x75800, - 0x70800, 0x76000, 0x73800, 0x77800, 0x72800, - 0x71800, 0x5A000, 0x5D000, 0x5C800, 0x59000, - 0x5E800, 0x5C000, 0x58000, 0x5F000, 0x5B000, - 0x5D800, 0x58800, 0x5E000, 0x5B800, 0x5F800, - 0x5A800, 0x59800, 0x22000, 0x25000, 0x24800, - 0x21000, 0x26800, 0x24000, 0x20000, 0x27000, - 0x23000, 0x25800, 0x20800, 0x26000, 0x23800, - 0x27800, 0x22800, 0x21800, 0x62000, 0x65000, - 0x64800, 0x61000, 0x66800, 0x64000, 0x60000, - 0x67000, 0x63000, 0x65800, 0x60800, 0x66000, - 0x63800, 0x67800, 0x62800, 0x61800, 0x32000, - 0x35000, 0x34800, 0x31000, 0x36800, 0x34000, - 0x30000, 0x37000, 0x33000, 0x35800, 0x30800, - 0x36000, 0x33800, 0x37800, 0x32800, 0x31800, - 0x6A000, 0x6D000, 0x6C800, 0x69000, 0x6E800, - 0x6C000, 0x68000, 0x6F000, 0x6B000, 0x6D800, - 0x68800, 0x6E000, 0x6B800, 0x6F800, 0x6A800, - 0x69800, 0x7A000, 0x7D000, 0x7C800, 0x79000, - 0x7E800, 0x7C000, 0x78000, 0x7F000, 0x7B000, - 0x7D800, 0x78800, 0x7E000, 0x7B800, 0x7F800, - 0x7A800, 0x79800, 0x52000, 0x55000, 0x54800, - 0x51000, 0x56800, 0x54000, 0x50000, 0x57000, - 0x53000, 0x55800, 0x50800, 0x56000, 0x53800, - 0x57800, 0x52800, 0x51800, 0x12000, 0x15000, - 0x14800, 0x11000, 0x16800, 0x14000, 0x10000, - 0x17000, 0x13000, 0x15800, 0x10800, 0x16000, - 0x13800, 0x17800, 0x12800, 0x11800, 0x1A000, - 0x1D000, 0x1C800, 0x19000, 0x1E800, 0x1C000, - 0x18000, 0x1F000, 0x1B000, 0x1D800, 0x18800, - 0x1E000, 0x1B800, 0x1F800, 0x1A800, 0x19800, - 0x42000, 0x45000, 0x44800, 0x41000, 0x46800, - 0x44000, 0x40000, 0x47000, 0x43000, 0x45800, - 0x40800, 0x46000, 0x43800, 0x47800, 0x42800, - 0x41800, 0xA000, 0xD000, 0xC800, 0x9000, - 0xE800, 0xC000, 0x8000, 0xF000, 0xB000, - 0xD800, 0x8800, 0xE000, 0xB800, 0xF800, - 0xA800, 0x9800, 0x2000, 0x5000, 0x4800, - 0x1000, 0x6800, 0x4000, 0x0, 0x7000, - 0x3000, 0x5800, 0x800, 0x6000, 0x3800, - 0x7800, 0x2800, 0x1800, 0x3A000, 0x3D000, - 0x3C800, 0x39000, 0x3E800, 0x3C000, 0x38000, - 0x3F000, 0x3B000, 0x3D800, 0x38800, 0x3E000, - 0x3B800, 0x3F800, 0x3A800, 0x39800, 0x2A000, - 0x2D000, 0x2C800, 0x29000, 0x2E800, 0x2C000, - 0x28000, 0x2F000, 0x2B000, 0x2D800, 0x28800, - 0x2E000, 0x2B800, 0x2F800, 0x2A800, 0x29800, - 0x4A000, 0x4D000, 0x4C800, 0x49000, 0x4E800, - 0x4C000, 0x48000, 0x4F000, 0x4B000, 0x4D800, - 0x48800, 0x4E000, 0x4B800, 0x4F800, 0x4A800, - 0x49800 - }, { - 0x3A80000, 0x3C00000, 0x3880000, 0x3E80000, 0x3D00000, - 0x3980000, 0x3A00000, 0x3900000, 0x3F00000, 0x3F80000, - 0x3E00000, 0x3B80000, 0x3B00000, 0x3800000, 0x3C80000, - 0x3D80000, 0x6A80000, 0x6C00000, 0x6880000, 0x6E80000, - 0x6D00000, 0x6980000, 0x6A00000, 0x6900000, 0x6F00000, - 0x6F80000, 0x6E00000, 0x6B80000, 0x6B00000, 0x6800000, - 0x6C80000, 0x6D80000, 0x5280000, 0x5400000, 0x5080000, - 0x5680000, 0x5500000, 0x5180000, 0x5200000, 0x5100000, - 0x5700000, 0x5780000, 0x5600000, 0x5380000, 0x5300000, - 0x5000000, 0x5480000, 0x5580000, 0xA80000, 0xC00000, - 0x880000, 0xE80000, 0xD00000, 0x980000, 0xA00000, - 0x900000, 0xF00000, 0xF80000, 0xE00000, 0xB80000, - 0xB00000, 0x800000, 0xC80000, 0xD80000, 0x280000, - 0x400000, 0x80000, 0x680000, 0x500000, 0x180000, - 0x200000, 0x100000, 0x700000, 0x780000, 0x600000, - 0x380000, 0x300000, 0x0, 0x480000, 0x580000, - 0x4280000, 0x4400000, 0x4080000, 0x4680000, 0x4500000, - 0x4180000, 0x4200000, 0x4100000, 0x4700000, 0x4780000, - 0x4600000, 0x4380000, 0x4300000, 0x4000000, 0x4480000, - 0x4580000, 0x4A80000, 0x4C00000, 0x4880000, 0x4E80000, - 0x4D00000, 0x4980000, 0x4A00000, 0x4900000, 0x4F00000, - 0x4F80000, 0x4E00000, 0x4B80000, 0x4B00000, 0x4800000, - 0x4C80000, 0x4D80000, 0x7A80000, 0x7C00000, 0x7880000, - 0x7E80000, 0x7D00000, 0x7980000, 0x7A00000, 0x7900000, - 0x7F00000, 0x7F80000, 0x7E00000, 0x7B80000, 0x7B00000, - 0x7800000, 0x7C80000, 0x7D80000, 0x7280000, 0x7400000, - 0x7080000, 0x7680000, 0x7500000, 0x7180000, 0x7200000, - 0x7100000, 0x7700000, 0x7780000, 0x7600000, 0x7380000, - 0x7300000, 0x7000000, 0x7480000, 0x7580000, 0x2280000, - 0x2400000, 0x2080000, 0x2680000, 0x2500000, 0x2180000, - 0x2200000, 0x2100000, 0x2700000, 0x2780000, 0x2600000, - 0x2380000, 0x2300000, 0x2000000, 0x2480000, 0x2580000, - 0x3280000, 0x3400000, 0x3080000, 0x3680000, 0x3500000, - 0x3180000, 0x3200000, 0x3100000, 0x3700000, 0x3780000, - 0x3600000, 0x3380000, 0x3300000, 0x3000000, 0x3480000, - 0x3580000, 0x6280000, 0x6400000, 0x6080000, 0x6680000, - 0x6500000, 0x6180000, 0x6200000, 0x6100000, 0x6700000, - 0x6780000, 0x6600000, 0x6380000, 0x6300000, 0x6000000, - 0x6480000, 0x6580000, 0x5A80000, 0x5C00000, 0x5880000, - 0x5E80000, 0x5D00000, 0x5980000, 0x5A00000, 0x5900000, - 0x5F00000, 0x5F80000, 0x5E00000, 0x5B80000, 0x5B00000, - 0x5800000, 0x5C80000, 0x5D80000, 0x1280000, 0x1400000, - 0x1080000, 0x1680000, 0x1500000, 0x1180000, 0x1200000, - 0x1100000, 0x1700000, 0x1780000, 0x1600000, 0x1380000, - 0x1300000, 0x1000000, 0x1480000, 0x1580000, 0x2A80000, - 0x2C00000, 0x2880000, 0x2E80000, 0x2D00000, 0x2980000, - 0x2A00000, 0x2900000, 0x2F00000, 0x2F80000, 0x2E00000, - 0x2B80000, 0x2B00000, 0x2800000, 0x2C80000, 0x2D80000, - 0x1A80000, 0x1C00000, 0x1880000, 0x1E80000, 0x1D00000, - 0x1980000, 0x1A00000, 0x1900000, 0x1F00000, 0x1F80000, - 0x1E00000, 0x1B80000, 0x1B00000, 0x1800000, 0x1C80000, - 0x1D80000 - }, { - 0x30000002, 0x60000002, 0x38000002, 0x8000002, - 0x28000002, 0x78000002, 0x68000002, 0x40000002, - 0x20000002, 0x50000002, 0x48000002, 0x70000002, - 0x2, 0x18000002, 0x58000002, 0x10000002, - 0xB0000005, 0xE0000005, 0xB8000005, 0x88000005, - 0xA8000005, 0xF8000005, 0xE8000005, 0xC0000005, - 0xA0000005, 0xD0000005, 0xC8000005, 0xF0000005, - 0x80000005, 0x98000005, 0xD8000005, 0x90000005, - 0x30000005, 0x60000005, 0x38000005, 0x8000005, - 0x28000005, 0x78000005, 0x68000005, 0x40000005, - 0x20000005, 0x50000005, 0x48000005, 0x70000005, - 0x5, 0x18000005, 0x58000005, 0x10000005, - 0x30000000, 0x60000000, 0x38000000, 0x8000000, - 0x28000000, 0x78000000, 0x68000000, 0x40000000, - 0x20000000, 0x50000000, 0x48000000, 0x70000000, - 0x0, 0x18000000, 0x58000000, 0x10000000, - 0xB0000003, 0xE0000003, 0xB8000003, 0x88000003, - 0xA8000003, 0xF8000003, 0xE8000003, 0xC0000003, - 0xA0000003, 0xD0000003, 0xC8000003, 0xF0000003, - 0x80000003, 0x98000003, 0xD8000003, 0x90000003, - 0x30000001, 0x60000001, 0x38000001, 0x8000001, - 0x28000001, 0x78000001, 0x68000001, 0x40000001, - 0x20000001, 0x50000001, 0x48000001, 0x70000001, - 0x1, 0x18000001, 0x58000001, 0x10000001, - 0xB0000000, 0xE0000000, 0xB8000000, 0x88000000, - 0xA8000000, 0xF8000000, 0xE8000000, 0xC0000000, - 0xA0000000, 0xD0000000, 0xC8000000, 0xF0000000, - 0x80000000, 0x98000000, 0xD8000000, 0x90000000, - 0xB0000006, 0xE0000006, 0xB8000006, 0x88000006, - 0xA8000006, 0xF8000006, 0xE8000006, 0xC0000006, - 0xA0000006, 0xD0000006, 0xC8000006, 0xF0000006, - 0x80000006, 0x98000006, 0xD8000006, 0x90000006, - 0xB0000001, 0xE0000001, 0xB8000001, 0x88000001, - 0xA8000001, 0xF8000001, 0xE8000001, 0xC0000001, - 0xA0000001, 0xD0000001, 0xC8000001, 0xF0000001, - 0x80000001, 0x98000001, 0xD8000001, 0x90000001, - 0x30000003, 0x60000003, 0x38000003, 0x8000003, - 0x28000003, 0x78000003, 0x68000003, 0x40000003, - 0x20000003, 0x50000003, 0x48000003, 0x70000003, - 0x3, 0x18000003, 0x58000003, 0x10000003, - 0x30000004, 0x60000004, 0x38000004, 0x8000004, - 0x28000004, 0x78000004, 0x68000004, 0x40000004, - 0x20000004, 0x50000004, 0x48000004, 0x70000004, - 0x4, 0x18000004, 0x58000004, 0x10000004, - 0xB0000002, 0xE0000002, 0xB8000002, 0x88000002, - 0xA8000002, 0xF8000002, 0xE8000002, 0xC0000002, - 0xA0000002, 0xD0000002, 0xC8000002, 0xF0000002, - 0x80000002, 0x98000002, 0xD8000002, 0x90000002, - 0xB0000004, 0xE0000004, 0xB8000004, 0x88000004, - 0xA8000004, 0xF8000004, 0xE8000004, 0xC0000004, - 0xA0000004, 0xD0000004, 0xC8000004, 0xF0000004, - 0x80000004, 0x98000004, 0xD8000004, 0x90000004, - 0x30000006, 0x60000006, 0x38000006, 0x8000006, - 0x28000006, 0x78000006, 0x68000006, 0x40000006, - 0x20000006, 0x50000006, 0x48000006, 0x70000006, - 0x6, 0x18000006, 0x58000006, 0x10000006, - 0xB0000007, 0xE0000007, 0xB8000007, 0x88000007, - 0xA8000007, 0xF8000007, 0xE8000007, 0xC0000007, - 0xA0000007, 0xD0000007, 0xC8000007, 0xF0000007, - 0x80000007, 0x98000007, 0xD8000007, 0x90000007, - 0x30000007, 0x60000007, 0x38000007, 0x8000007, - 0x28000007, 0x78000007, 0x68000007, 0x40000007, - 0x20000007, 0x50000007, 0x48000007, 0x70000007, - 0x7, 0x18000007, 0x58000007, 0x10000007 - }, { - 0xE8, 0xD8, 0xA0, 0x88, 0x98, 0xF8, 0xA8, 0xC8, 0x80, 0xD0, - 0xF0, 0xB8, 0xB0, 0xC0, 0x90, 0xE0, 0x7E8, 0x7D8, 0x7A0, 0x788, - 0x798, 0x7F8, 0x7A8, 0x7C8, 0x780, 0x7D0, 0x7F0, 0x7B8, 0x7B0, 0x7C0, - 0x790, 0x7E0, 0x6E8, 0x6D8, 0x6A0, 0x688, 0x698, 0x6F8, 0x6A8, 0x6C8, - 0x680, 0x6D0, 0x6F0, 0x6B8, 0x6B0, 0x6C0, 0x690, 0x6E0, 0x68, 0x58, - 0x20, 0x8, 0x18, 0x78, 0x28, 0x48, 0x0, 0x50, 0x70, 0x38, - 0x30, 0x40, 0x10, 0x60, 0x2E8, 0x2D8, 0x2A0, 0x288, 0x298, 0x2F8, - 0x2A8, 0x2C8, 0x280, 0x2D0, 0x2F0, 0x2B8, 0x2B0, 0x2C0, 0x290, 0x2E0, - 0x3E8, 0x3D8, 0x3A0, 0x388, 0x398, 0x3F8, 0x3A8, 0x3C8, 0x380, 0x3D0, - 0x3F0, 0x3B8, 0x3B0, 0x3C0, 0x390, 0x3E0, 0x568, 0x558, 0x520, 0x508, - 0x518, 0x578, 0x528, 0x548, 0x500, 0x550, 0x570, 0x538, 0x530, 0x540, - 0x510, 0x560, 0x268, 0x258, 0x220, 0x208, 0x218, 0x278, 0x228, 0x248, - 0x200, 0x250, 0x270, 0x238, 0x230, 0x240, 0x210, 0x260, 0x4E8, 0x4D8, - 0x4A0, 0x488, 0x498, 0x4F8, 0x4A8, 0x4C8, 0x480, 0x4D0, 0x4F0, 0x4B8, - 0x4B0, 0x4C0, 0x490, 0x4E0, 0x168, 0x158, 0x120, 0x108, 0x118, 0x178, - 0x128, 0x148, 0x100, 0x150, 0x170, 0x138, 0x130, 0x140, 0x110, 0x160, - 0x1E8, 0x1D8, 0x1A0, 0x188, 0x198, 0x1F8, 0x1A8, 0x1C8, 0x180, 0x1D0, - 0x1F0, 0x1B8, 0x1B0, 0x1C0, 0x190, 0x1E0, 0x768, 0x758, 0x720, 0x708, - 0x718, 0x778, 0x728, 0x748, 0x700, 0x750, 0x770, 0x738, 0x730, 0x740, - 0x710, 0x760, 0x368, 0x358, 0x320, 0x308, 0x318, 0x378, 0x328, 0x348, - 0x300, 0x350, 0x370, 0x338, 0x330, 0x340, 0x310, 0x360, 0x5E8, 0x5D8, - 0x5A0, 0x588, 0x598, 0x5F8, 0x5A8, 0x5C8, 0x580, 0x5D0, 0x5F0, 0x5B8, - 0x5B0, 0x5C0, 0x590, 0x5E0, 0x468, 0x458, 0x420, 0x408, 0x418, 0x478, - 0x428, 0x448, 0x400, 0x450, 0x470, 0x438, 0x430, 0x440, 0x410, 0x460, - 0x668, 0x658, 0x620, 0x608, 0x618, 0x678, 0x628, 0x648, 0x600, 0x650, - 0x670, 0x638, 0x630, 0x640, 0x610, 0x660 - } -}; +#include "gost28147.h"

/** * Initialize algorithm context before calculating hash @@ -254,40 +52,6 @@ gosthash94_init (struct gosthash94_ctx *ctx) memset (ctx, 0, sizeof (struct gosthash94_ctx)); }

-/* - * A macro that performs a full encryption round of GOST 28147-89. - * Temporary variables tmp assumed and variables r and l for left and right - * blocks. - */ -#define GOST_ENCRYPT_ROUND(key1, key2, sbox) \ - tmp = (key1) + r; \ - l ^= (sbox)[0][tmp & 0xff] ^ (sbox)[1][(tmp >> 8) & 0xff] ^ \ - (sbox)[2][(tmp >> 16) & 0xff] ^ (sbox)[3][tmp >> 24]; \ - tmp = (key2) + l; \ - r ^= (sbox)[0][tmp & 0xff] ^ (sbox)[1][(tmp >> 8) & 0xff] ^ \ - (sbox)[2][(tmp >> 16) & 0xff] ^ (sbox)[3][tmp >> 24]; - -/* encrypt a block with the given key */ -#define GOST_ENCRYPT(result, i, key, hash, sbox) \ - r = hash[i], l = hash[i + 1]; \ - GOST_ENCRYPT_ROUND(key[0], key[1], sbox) \ - GOST_ENCRYPT_ROUND(key[2], key[3], sbox) \ - GOST_ENCRYPT_ROUND(key[4], key[5], sbox) \ - GOST_ENCRYPT_ROUND(key[6], key[7], sbox) \ - GOST_ENCRYPT_ROUND(key[0], key[1], sbox) \ - GOST_ENCRYPT_ROUND(key[2], key[3], sbox) \ - GOST_ENCRYPT_ROUND(key[4], key[5], sbox) \ - GOST_ENCRYPT_ROUND(key[6], key[7], sbox) \ - GOST_ENCRYPT_ROUND(key[0], key[1], sbox) \ - GOST_ENCRYPT_ROUND(key[2], key[3], sbox) \ - GOST_ENCRYPT_ROUND(key[4], key[5], sbox) \ - GOST_ENCRYPT_ROUND(key[6], key[7], sbox) \ - GOST_ENCRYPT_ROUND(key[7], key[6], sbox) \ - GOST_ENCRYPT_ROUND(key[5], key[4], sbox) \ - GOST_ENCRYPT_ROUND(key[3], key[2], sbox) \ - GOST_ENCRYPT_ROUND(key[1], key[0], sbox) \ - result[i] = l, result[i + 1] = r; - /** * The core transformation. Process a 512-bit block. * @@ -299,7 +63,6 @@ gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) { unsigned i; uint32_t key[8], u[8], v[8], w[8], s[8]; - uint32_t l, r, tmp;

/* u := hash, v := <256-bit message block> */ memcpy (u, ctx->hash, sizeof (u)); @@ -341,7 +104,7 @@ gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) ((w[5] & 0xff000000) >> 8) | (w[7] & 0xff000000);

/* encryption: s_i := E_{key_i} (h_i) */ - GOST_ENCRYPT (s, i, key, ctx->hash, gosthash94_sbox); + gost28147_encrypt_simple (key, gost28147_param_test_3411.sbox, &ctx->hash[i], &s[i]);

if (i == 0) {

-- 2.11.0

Dmitry Eremin-Solenikov

11:27 p.m.

New subject: [PATCH 04/13] Add support for GOSTHASH94CP: GOST R 34.11-94 hash with CryptoPro S-box

diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c index c00486cc..f5508f19 100644 --- a/examples/nettle-benchmark.c +++ b/examples/nettle-benchmark.c @@ -734,6 +734,7 @@ main(int argc, char **argv) &nettle_sha3_224, &nettle_sha3_256, &nettle_sha3_384, &nettle_sha3_512, &nettle_ripemd160, &nettle_gosthash94, + &nettle_gosthash94cp, NULL };

diff --git a/gost28147.c b/gost28147.c index 5d019a90..ff1aca59 100644 --- a/gost28147.c +++ b/gost28147.c @@ -298,6 +298,273 @@ const struct gost28147_param gost28147_param_test_3411 = } };

+const struct gost28147_param gost28147_param_CryptoPro_3411 = +{ + 0, + { + /* 0 */ + 0x0002d000, 0x0002a000, 0x0002a800, 0x0002b000, + 0x0002c000, 0x00028800, 0x00029800, 0x0002b800, + 0x0002e800, 0x0002e000, 0x0002f000, 0x00028000, + 0x0002c800, 0x00029000, 0x0002d800, 0x0002f800, + 0x0007d000, 0x0007a000, 0x0007a800, 0x0007b000, + 0x0007c000, 0x00078800, 0x00079800, 0x0007b800, + 0x0007e800, 0x0007e000, 0x0007f000, 0x00078000, + 0x0007c800, 0x00079000, 0x0007d800, 0x0007f800, + 0x00025000, 0x00022000, 0x00022800, 0x00023000, + 0x00024000, 0x00020800, 0x00021800, 0x00023800, + 0x00026800, 0x00026000, 0x00027000, 0x00020000, + 0x00024800, 0x00021000, 0x00025800, 0x00027800, + 0x00005000, 0x00002000, 0x00002800, 0x00003000, + 0x00004000, 0x00000800, 0x00001800, 0x00003800, + 0x00006800, 0x00006000, 0x00007000, 0x00000000, + 0x00004800, 0x00001000, 0x00005800, 0x00007800, + 0x00015000, 0x00012000, 0x00012800, 0x00013000, + 0x00014000, 0x00010800, 0x00011800, 0x00013800, + 0x00016800, 0x00016000, 0x00017000, 0x00010000, + 0x00014800, 0x00011000, 0x00015800, 0x00017800, + 0x0006d000, 0x0006a000, 0x0006a800, 0x0006b000, + 0x0006c000, 0x00068800, 0x00069800, 0x0006b800, + 0x0006e800, 0x0006e000, 0x0006f000, 0x00068000, + 0x0006c800, 0x00069000, 0x0006d800, 0x0006f800, + 0x0005d000, 0x0005a000, 0x0005a800, 0x0005b000, + 0x0005c000, 0x00058800, 0x00059800, 0x0005b800, + 0x0005e800, 0x0005e000, 0x0005f000, 0x00058000, + 0x0005c800, 0x00059000, 0x0005d800, 0x0005f800, + 0x0004d000, 0x0004a000, 0x0004a800, 0x0004b000, + 0x0004c000, 0x00048800, 0x00049800, 0x0004b800, + 0x0004e800, 0x0004e000, 0x0004f000, 0x00048000, + 0x0004c800, 0x00049000, 0x0004d800, 0x0004f800, + 0x0000d000, 0x0000a000, 0x0000a800, 0x0000b000, + 0x0000c000, 0x00008800, 0x00009800, 0x0000b800, + 0x0000e800, 0x0000e000, 0x0000f000, 0x00008000, + 0x0000c800, 0x00009000, 0x0000d800, 0x0000f800, + 0x0003d000, 0x0003a000, 0x0003a800, 0x0003b000, + 0x0003c000, 0x00038800, 0x00039800, 0x0003b800, + 0x0003e800, 0x0003e000, 0x0003f000, 0x00038000, + 0x0003c800, 0x00039000, 0x0003d800, 0x0003f800, + 0x00035000, 0x00032000, 0x00032800, 0x00033000, + 0x00034000, 0x00030800, 0x00031800, 0x00033800, + 0x00036800, 0x00036000, 0x00037000, 0x00030000, + 0x00034800, 0x00031000, 0x00035800, 0x00037800, + 0x0001d000, 0x0001a000, 0x0001a800, 0x0001b000, + 0x0001c000, 0x00018800, 0x00019800, 0x0001b800, + 0x0001e800, 0x0001e000, 0x0001f000, 0x00018000, + 0x0001c800, 0x00019000, 0x0001d800, 0x0001f800, + 0x00065000, 0x00062000, 0x00062800, 0x00063000, + 0x00064000, 0x00060800, 0x00061800, 0x00063800, + 0x00066800, 0x00066000, 0x00067000, 0x00060000, + 0x00064800, 0x00061000, 0x00065800, 0x00067800, + 0x00075000, 0x00072000, 0x00072800, 0x00073000, + 0x00074000, 0x00070800, 0x00071800, 0x00073800, + 0x00076800, 0x00076000, 0x00077000, 0x00070000, + 0x00074800, 0x00071000, 0x00075800, 0x00077800, + 0x00055000, 0x00052000, 0x00052800, 0x00053000, + 0x00054000, 0x00050800, 0x00051800, 0x00053800, + 0x00056800, 0x00056000, 0x00057000, 0x00050000, + 0x00054800, 0x00051000, 0x00055800, 0x00057800, + 0x00045000, 0x00042000, 0x00042800, 0x00043000, + 0x00044000, 0x00040800, 0x00041800, 0x00043800, + 0x00046800, 0x00046000, 0x00047000, 0x00040000, + 0x00044800, 0x00041000, 0x00045800, 0x00047800, + /* 1 */ + 0x02380000, 0x02780000, 0x02600000, 0x02700000, + 0x02480000, 0x02200000, 0x02080000, 0x02000000, + 0x02180000, 0x02580000, 0x02280000, 0x02100000, + 0x02300000, 0x02500000, 0x02400000, 0x02680000, + 0x05380000, 0x05780000, 0x05600000, 0x05700000, + 0x05480000, 0x05200000, 0x05080000, 0x05000000, + 0x05180000, 0x05580000, 0x05280000, 0x05100000, + 0x05300000, 0x05500000, 0x05400000, 0x05680000, + 0x03b80000, 0x03f80000, 0x03e00000, 0x03f00000, + 0x03c80000, 0x03a00000, 0x03880000, 0x03800000, + 0x03980000, 0x03d80000, 0x03a80000, 0x03900000, + 0x03b00000, 0x03d00000, 0x03c00000, 0x03e80000, + 0x06380000, 0x06780000, 0x06600000, 0x06700000, + 0x06480000, 0x06200000, 0x06080000, 0x06000000, + 0x06180000, 0x06580000, 0x06280000, 0x06100000, + 0x06300000, 0x06500000, 0x06400000, 0x06680000, + 0x00380000, 0x00780000, 0x00600000, 0x00700000, + 0x00480000, 0x00200000, 0x00080000, 0x00000000, + 0x00180000, 0x00580000, 0x00280000, 0x00100000, + 0x00300000, 0x00500000, 0x00400000, 0x00680000, + 0x07b80000, 0x07f80000, 0x07e00000, 0x07f00000, + 0x07c80000, 0x07a00000, 0x07880000, 0x07800000, + 0x07980000, 0x07d80000, 0x07a80000, 0x07900000, + 0x07b00000, 0x07d00000, 0x07c00000, 0x07e80000, + 0x01380000, 0x01780000, 0x01600000, 0x01700000, + 0x01480000, 0x01200000, 0x01080000, 0x01000000, + 0x01180000, 0x01580000, 0x01280000, 0x01100000, + 0x01300000, 0x01500000, 0x01400000, 0x01680000, + 0x04380000, 0x04780000, 0x04600000, 0x04700000, + 0x04480000, 0x04200000, 0x04080000, 0x04000000, + 0x04180000, 0x04580000, 0x04280000, 0x04100000, + 0x04300000, 0x04500000, 0x04400000, 0x04680000, + 0x07380000, 0x07780000, 0x07600000, 0x07700000, + 0x07480000, 0x07200000, 0x07080000, 0x07000000, + 0x07180000, 0x07580000, 0x07280000, 0x07100000, + 0x07300000, 0x07500000, 0x07400000, 0x07680000, + 0x00b80000, 0x00f80000, 0x00e00000, 0x00f00000, + 0x00c80000, 0x00a00000, 0x00880000, 0x00800000, + 0x00980000, 0x00d80000, 0x00a80000, 0x00900000, + 0x00b00000, 0x00d00000, 0x00c00000, 0x00e80000, + 0x03380000, 0x03780000, 0x03600000, 0x03700000, + 0x03480000, 0x03200000, 0x03080000, 0x03000000, + 0x03180000, 0x03580000, 0x03280000, 0x03100000, + 0x03300000, 0x03500000, 0x03400000, 0x03680000, + 0x02b80000, 0x02f80000, 0x02e00000, 0x02f00000, + 0x02c80000, 0x02a00000, 0x02880000, 0x02800000, + 0x02980000, 0x02d80000, 0x02a80000, 0x02900000, + 0x02b00000, 0x02d00000, 0x02c00000, 0x02e80000, + 0x06b80000, 0x06f80000, 0x06e00000, 0x06f00000, + 0x06c80000, 0x06a00000, 0x06880000, 0x06800000, + 0x06980000, 0x06d80000, 0x06a80000, 0x06900000, + 0x06b00000, 0x06d00000, 0x06c00000, 0x06e80000, + 0x05b80000, 0x05f80000, 0x05e00000, 0x05f00000, + 0x05c80000, 0x05a00000, 0x05880000, 0x05800000, + 0x05980000, 0x05d80000, 0x05a80000, 0x05900000, + 0x05b00000, 0x05d00000, 0x05c00000, 0x05e80000, + 0x04b80000, 0x04f80000, 0x04e00000, 0x04f00000, + 0x04c80000, 0x04a00000, 0x04880000, 0x04800000, + 0x04980000, 0x04d80000, 0x04a80000, 0x04900000, + 0x04b00000, 0x04d00000, 0x04c00000, 0x04e80000, + 0x01b80000, 0x01f80000, 0x01e00000, 0x01f00000, + 0x01c80000, 0x01a00000, 0x01880000, 0x01800000, + 0x01980000, 0x01d80000, 0x01a80000, 0x01900000, + 0x01b00000, 0x01d00000, 0x01c00000, 0x01e80000, + /* 2 */ + 0xb8000003, 0xb0000003, 0xa0000003, 0xd8000003, + 0xc8000003, 0xe0000003, 0x90000003, 0xd0000003, + 0x88000003, 0xc0000003, 0x80000003, 0xf0000003, + 0xf8000003, 0xe8000003, 0x98000003, 0xa8000003, + 0x38000003, 0x30000003, 0x20000003, 0x58000003, + 0x48000003, 0x60000003, 0x10000003, 0x50000003, + 0x08000003, 0x40000003, 0x00000003, 0x70000003, + 0x78000003, 0x68000003, 0x18000003, 0x28000003, + 0x38000001, 0x30000001, 0x20000001, 0x58000001, + 0x48000001, 0x60000001, 0x10000001, 0x50000001, + 0x08000001, 0x40000001, 0x00000001, 0x70000001, + 0x78000001, 0x68000001, 0x18000001, 0x28000001, + 0x38000002, 0x30000002, 0x20000002, 0x58000002, + 0x48000002, 0x60000002, 0x10000002, 0x50000002, + 0x08000002, 0x40000002, 0x00000002, 0x70000002, + 0x78000002, 0x68000002, 0x18000002, 0x28000002, + 0xb8000006, 0xb0000006, 0xa0000006, 0xd8000006, + 0xc8000006, 0xe0000006, 0x90000006, 0xd0000006, + 0x88000006, 0xc0000006, 0x80000006, 0xf0000006, + 0xf8000006, 0xe8000006, 0x98000006, 0xa8000006, + 0xb8000004, 0xb0000004, 0xa0000004, 0xd8000004, + 0xc8000004, 0xe0000004, 0x90000004, 0xd0000004, + 0x88000004, 0xc0000004, 0x80000004, 0xf0000004, + 0xf8000004, 0xe8000004, 0x98000004, 0xa8000004, + 0xb8000007, 0xb0000007, 0xa0000007, 0xd8000007, + 0xc8000007, 0xe0000007, 0x90000007, 0xd0000007, + 0x88000007, 0xc0000007, 0x80000007, 0xf0000007, + 0xf8000007, 0xe8000007, 0x98000007, 0xa8000007, + 0x38000000, 0x30000000, 0x20000000, 0x58000000, + 0x48000000, 0x60000000, 0x10000000, 0x50000000, + 0x08000000, 0x40000000, 0x00000000, 0x70000000, + 0x78000000, 0x68000000, 0x18000000, 0x28000000, + 0x38000005, 0x30000005, 0x20000005, 0x58000005, + 0x48000005, 0x60000005, 0x10000005, 0x50000005, + 0x08000005, 0x40000005, 0x00000005, 0x70000005, + 0x78000005, 0x68000005, 0x18000005, 0x28000005, + 0xb8000000, 0xb0000000, 0xa0000000, 0xd8000000, + 0xc8000000, 0xe0000000, 0x90000000, 0xd0000000, + 0x88000000, 0xc0000000, 0x80000000, 0xf0000000, + 0xf8000000, 0xe8000000, 0x98000000, 0xa8000000, + 0xb8000002, 0xb0000002, 0xa0000002, 0xd8000002, + 0xc8000002, 0xe0000002, 0x90000002, 0xd0000002, + 0x88000002, 0xc0000002, 0x80000002, 0xf0000002, + 0xf8000002, 0xe8000002, 0x98000002, 0xa8000002, + 0xb8000005, 0xb0000005, 0xa0000005, 0xd8000005, + 0xc8000005, 0xe0000005, 0x90000005, 0xd0000005, + 0x88000005, 0xc0000005, 0x80000005, 0xf0000005, + 0xf8000005, 0xe8000005, 0x98000005, 0xa8000005, + 0x38000004, 0x30000004, 0x20000004, 0x58000004, + 0x48000004, 0x60000004, 0x10000004, 0x50000004, + 0x08000004, 0x40000004, 0x00000004, 0x70000004, + 0x78000004, 0x68000004, 0x18000004, 0x28000004, + 0x38000007, 0x30000007, 0x20000007, 0x58000007, + 0x48000007, 0x60000007, 0x10000007, 0x50000007, + 0x08000007, 0x40000007, 0x00000007, 0x70000007, + 0x78000007, 0x68000007, 0x18000007, 0x28000007, + 0x38000006, 0x30000006, 0x20000006, 0x58000006, + 0x48000006, 0x60000006, 0x10000006, 0x50000006, + 0x08000006, 0x40000006, 0x00000006, 0x70000006, + 0x78000006, 0x68000006, 0x18000006, 0x28000006, + 0xb8000001, 0xb0000001, 0xa0000001, 0xd8000001, + 0xc8000001, 0xe0000001, 0x90000001, 0xd0000001, + 0x88000001, 0xc0000001, 0x80000001, 0xf0000001, + 0xf8000001, 0xe8000001, 0x98000001, 0xa8000001, + /* 3 */ + 0x000000e8, 0x000000f0, 0x000000a0, 0x00000088, + 0x000000b8, 0x00000080, 0x000000a8, 0x000000d0, + 0x00000098, 0x000000e0, 0x000000c0, 0x000000f8, + 0x000000b0, 0x00000090, 0x000000c8, 0x000000d8, + 0x000001e8, 0x000001f0, 0x000001a0, 0x00000188, + 0x000001b8, 0x00000180, 0x000001a8, 0x000001d0, + 0x00000198, 0x000001e0, 0x000001c0, 0x000001f8, + 0x000001b0, 0x00000190, 0x000001c8, 0x000001d8, + 0x00000568, 0x00000570, 0x00000520, 0x00000508, + 0x00000538, 0x00000500, 0x00000528, 0x00000550, + 0x00000518, 0x00000560, 0x00000540, 0x00000578, + 0x00000530, 0x00000510, 0x00000548, 0x00000558, + 0x000004e8, 0x000004f0, 0x000004a0, 0x00000488, + 0x000004b8, 0x00000480, 0x000004a8, 0x000004d0, + 0x00000498, 0x000004e0, 0x000004c0, 0x000004f8, + 0x000004b0, 0x00000490, 0x000004c8, 0x000004d8, + 0x000002e8, 0x000002f0, 0x000002a0, 0x00000288, + 0x000002b8, 0x00000280, 0x000002a8, 0x000002d0, + 0x00000298, 0x000002e0, 0x000002c0, 0x000002f8, + 0x000002b0, 0x00000290, 0x000002c8, 0x000002d8, + 0x000005e8, 0x000005f0, 0x000005a0, 0x00000588, + 0x000005b8, 0x00000580, 0x000005a8, 0x000005d0, + 0x00000598, 0x000005e0, 0x000005c0, 0x000005f8, + 0x000005b0, 0x00000590, 0x000005c8, 0x000005d8, + 0x00000268, 0x00000270, 0x00000220, 0x00000208, + 0x00000238, 0x00000200, 0x00000228, 0x00000250, + 0x00000218, 0x00000260, 0x00000240, 0x00000278, + 0x00000230, 0x00000210, 0x00000248, 0x00000258, + 0x000007e8, 0x000007f0, 0x000007a0, 0x00000788, + 0x000007b8, 0x00000780, 0x000007a8, 0x000007d0, + 0x00000798, 0x000007e0, 0x000007c0, 0x000007f8, + 0x000007b0, 0x00000790, 0x000007c8, 0x000007d8, + 0x00000468, 0x00000470, 0x00000420, 0x00000408, + 0x00000438, 0x00000400, 0x00000428, 0x00000450, + 0x00000418, 0x00000460, 0x00000440, 0x00000478, + 0x00000430, 0x00000410, 0x00000448, 0x00000458, + 0x00000368, 0x00000370, 0x00000320, 0x00000308, + 0x00000338, 0x00000300, 0x00000328, 0x00000350, + 0x00000318, 0x00000360, 0x00000340, 0x00000378, + 0x00000330, 0x00000310, 0x00000348, 0x00000358, + 0x000003e8, 0x000003f0, 0x000003a0, 0x00000388, + 0x000003b8, 0x00000380, 0x000003a8, 0x000003d0, + 0x00000398, 0x000003e0, 0x000003c0, 0x000003f8, + 0x000003b0, 0x00000390, 0x000003c8, 0x000003d8, + 0x00000768, 0x00000770, 0x00000720, 0x00000708, + 0x00000738, 0x00000700, 0x00000728, 0x00000750, + 0x00000718, 0x00000760, 0x00000740, 0x00000778, + 0x00000730, 0x00000710, 0x00000748, 0x00000758, + 0x000006e8, 0x000006f0, 0x000006a0, 0x00000688, + 0x000006b8, 0x00000680, 0x000006a8, 0x000006d0, + 0x00000698, 0x000006e0, 0x000006c0, 0x000006f8, + 0x000006b0, 0x00000690, 0x000006c8, 0x000006d8, + 0x00000068, 0x00000070, 0x00000020, 0x00000008, + 0x00000038, 0x00000000, 0x00000028, 0x00000050, + 0x00000018, 0x00000060, 0x00000040, 0x00000078, + 0x00000030, 0x00000010, 0x00000048, 0x00000058, + 0x00000168, 0x00000170, 0x00000120, 0x00000108, + 0x00000138, 0x00000100, 0x00000128, 0x00000150, + 0x00000118, 0x00000160, 0x00000140, 0x00000178, + 0x00000130, 0x00000110, 0x00000148, 0x00000158, + 0x00000668, 0x00000670, 0x00000620, 0x00000608, + 0x00000638, 0x00000600, 0x00000628, 0x00000650, + 0x00000618, 0x00000660, 0x00000640, 0x00000678, + 0x00000630, 0x00000610, 0x00000648, 0x00000658, + } +}; + /* * A macro that performs a full encryption round of GOST 28147-89. * Temporary variables tmp assumed and variables r and l for left and right diff --git a/gost28147.h b/gost28147.h index ecdbc0f7..cc25dbe3 100644 --- a/gost28147.h +++ b/gost28147.h @@ -42,6 +42,7 @@ extern "C" { #endif

#define gost28147_param_test_3411 nettle_gost28147_param_test_3411 +#define gost28147_param_CryptoPro_3411 nettle_gost28147_param_CryptoPro_3411

#define gost28147_encrypt_simple nettle_gost28147_encrypt_simple

@@ -52,6 +53,7 @@ struct gost28147_param };

extern const struct gost28147_param gost28147_param_test_3411; +extern const struct gost28147_param gost28147_param_CryptoPro_3411;

/* Internal interface for use by GOST R 34.11-94 */ void gost28147_encrypt_simple (const uint32_t *key, const uint32_t *sbox, diff --git a/gosthash94-meta.c b/gosthash94-meta.c index 42b05562..ad203bfd 100644 --- a/gosthash94-meta.c +++ b/gosthash94-meta.c @@ -39,3 +39,6 @@

const struct nettle_hash nettle_gosthash94 = _NETTLE_HASH(gosthash94, GOSTHASH94); + +const struct nettle_hash nettle_gosthash94cp += _NETTLE_HASH(gosthash94cp, GOSTHASH94CP); diff --git a/gosthash94.c b/gosthash94.c index d87e4c02..e3801ef1 100644 --- a/gosthash94.c +++ b/gosthash94.c @@ -59,7 +59,8 @@ gosthash94_init (struct gosthash94_ctx *ctx) * @param block the message block to process */ static void -gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) +gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block, + const uint32_t *sbox) { unsigned i; uint32_t key[8], u[8], v[8], w[8], s[8]; @@ -104,7 +105,7 @@ gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) ((w[5] & 0xff000000) >> 8) | (w[7] & 0xff000000);

/* encryption: s_i := E_{key_i} (h_i) */ - gost28147_encrypt_simple (key, gost28147_param_test_3411.sbox, &ctx->hash[i], &s[i]); + gost28147_encrypt_simple (key, sbox, &ctx->hash[i], &s[i]);

if (i == 0) { @@ -259,7 +260,8 @@ gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block) * @param block the 256-bit message block to process */ static void -gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block) +gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block, + const uint32_t *sbox) { uint32_t block_le[8]; unsigned i, carry; @@ -275,7 +277,7 @@ gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block) }

/* update message hash */ - gost_block_compress (ctx, block_le); + gost_block_compress (ctx, block_le, sbox); }

/** @@ -286,9 +288,10 @@ gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block) * @param msg message chunk * @param size length of the message chunk */ -void -gosthash94_update (struct gosthash94_ctx *ctx, - size_t length, const uint8_t *msg) +static void +gosthash94_update_int (struct gosthash94_ctx *ctx, + size_t length, const uint8_t *msg, + const uint32_t *sbox) { unsigned index = (unsigned) ctx->length & 31; ctx->length += length; @@ -302,13 +305,13 @@ gosthash94_update (struct gosthash94_ctx *ctx, return;

/* process partial block */ - gost_compute_sum_and_hash (ctx, ctx->message); + gost_compute_sum_and_hash (ctx, ctx->message, sbox); msg += left; length -= left; } while (length >= GOSTHASH94_BLOCK_SIZE) { - gost_compute_sum_and_hash (ctx, msg); + gost_compute_sum_and_hash (ctx, msg, sbox); msg += GOSTHASH94_BLOCK_SIZE; length -= GOSTHASH94_BLOCK_SIZE; } @@ -320,14 +323,47 @@ gosthash94_update (struct gosthash94_ctx *ctx, }

/** + * Calculate message hash. + * Can be called repeatedly with chunks of the message to be hashed. + * + * @param ctx the algorithm context containing current hashing state + * @param msg message chunk + * @param size length of the message chunk + */ +void +gosthash94_update (struct gosthash94_ctx *ctx, + size_t length, const uint8_t *msg) +{ + gosthash94_update_int (ctx, length, msg, + gost28147_param_test_3411.sbox); +} + +/** + * Calculate message hash. + * Can be called repeatedly with chunks of the message to be hashed. + * + * @param ctx the algorithm context containing current hashing state + * @param msg message chunk + * @param size length of the message chunk + */ +void +gosthash94cp_update (struct gosthash94_ctx *ctx, + size_t length, const uint8_t *msg) +{ + gosthash94_update_int (ctx, length, msg, + gost28147_param_CryptoPro_3411.sbox); +} + +/** * Finish hashing and store message digest into given array. * * @param ctx the algorithm context containing current hashing state * @param result calculated hash in binary form */ -void -gosthash94_digest (struct gosthash94_ctx *ctx, - size_t length, uint8_t *result) +static void +gosthash94_write_digest (struct gosthash94_ctx *ctx, + size_t length, uint8_t *result, + const uint32_t *sbox) { unsigned index = ctx->length & 31; uint32_t msg32[8]; @@ -338,7 +374,7 @@ gosthash94_digest (struct gosthash94_ctx *ctx, if (index > 0) { memset (ctx->message + index, 0, 32 - index); - gost_compute_sum_and_hash (ctx, ctx->message); + gost_compute_sum_and_hash (ctx, ctx->message, sbox); }

/* hash the message length and the sum */ @@ -346,10 +382,26 @@ gosthash94_digest (struct gosthash94_ctx *ctx, msg32[1] = ctx->length >> 29; memset (msg32 + 2, 0, sizeof (uint32_t) * 6);

- gost_block_compress (ctx, msg32); - gost_block_compress (ctx, ctx->sum); + gost_block_compress (ctx, msg32, sbox); + gost_block_compress (ctx, ctx->sum, sbox);

/* convert hash state to result bytes */ _nettle_write_le32(length, result, ctx->hash); gosthash94_init (ctx); } + +void +gosthash94_digest (struct gosthash94_ctx *ctx, + size_t length, uint8_t *result) +{ + gosthash94_write_digest (ctx, length, result, + gost28147_param_test_3411.sbox); +} + +void +gosthash94cp_digest (struct gosthash94_ctx *ctx, + size_t length, uint8_t *result) +{ + gosthash94_write_digest (ctx, length, result, + gost28147_param_CryptoPro_3411.sbox); +} diff --git a/gosthash94.h b/gosthash94.h index 8e9d49fe..c0fdad11 100644 --- a/gosthash94.h +++ b/gosthash94.h @@ -72,11 +72,17 @@ extern "C" { #define gosthash94_update nettle_gosthash94_update #define gosthash94_digest nettle_gosthash94_digest

+#define gosthash94cp_update nettle_gosthash94cp_update +#define gosthash94cp_digest nettle_gosthash94cp_digest + #define GOSTHASH94_BLOCK_SIZE 32 #define GOSTHASH94_DIGEST_SIZE 32 /* For backwards compatibility */ #define GOSTHASH94_DATA_SIZE GOSTHASH94_BLOCK_SIZE

+#define GOSTHASH94CP_BLOCK_SIZE GOSTHASH94_BLOCK_SIZE +#define GOSTHASH94CP_DIGEST_SIZE GOSTHASH94_DIGEST_SIZE + struct gosthash94_ctx { uint32_t hash[8]; /* algorithm 256-bit state */ @@ -84,6 +90,7 @@ struct gosthash94_ctx uint8_t message[GOSTHASH94_BLOCK_SIZE]; /* 256-bit buffer for leftovers */ uint64_t length; /* number of processed bytes */ }; +#define gosthash94cp_ctx gosthash94_ctx

void gosthash94_init(struct gosthash94_ctx *ctx); void gosthash94_update(struct gosthash94_ctx *ctx, @@ -91,6 +98,12 @@ void gosthash94_update(struct gosthash94_ctx *ctx, void gosthash94_digest(struct gosthash94_ctx *ctx, size_t length, uint8_t *result);

+#define gosthash94cp_init gosthash94_init +void gosthash94cp_update(struct gosthash94_ctx *ctx, + size_t length, const uint8_t *msg); +void gosthash94cp_digest(struct gosthash94_ctx *ctx, + size_t length, uint8_t *result); + #ifdef __cplusplus } #endif diff --git a/hmac-gosthash94.c b/hmac-gosthash94.c index e5be545c..66b62854 100644 --- a/hmac-gosthash94.c +++ b/hmac-gosthash94.c @@ -57,3 +57,23 @@ hmac_gosthash94_digest(struct hmac_gosthash94_ctx *ctx, { HMAC_DIGEST(ctx, &nettle_gosthash94, length, digest); } + +void +hmac_gosthash94cp_set_key(struct hmac_gosthash94cp_ctx *ctx, + size_t key_length, const uint8_t *key) +{ + HMAC_SET_KEY(ctx, &nettle_gosthash94cp, key_length, key); +} + +void +hmac_gosthash94cp_update(struct hmac_gosthash94cp_ctx *ctx, + size_t length, const uint8_t *data) +{ + gosthash94cp_update(&ctx->state, length, data); +} +void +hmac_gosthash94cp_digest(struct hmac_gosthash94cp_ctx *ctx, + size_t length, uint8_t *digest) +{ + HMAC_DIGEST(ctx, &nettle_gosthash94cp, length, digest); +} diff --git a/hmac.h b/hmac.h index dac2943e..d9ee3400 100644 --- a/hmac.h +++ b/hmac.h @@ -72,6 +72,9 @@ extern "C" { #define hmac_gosthash94_set_key nettle_hmac_gosthash94_set_key #define hmac_gosthash94_update nettle_hmac_gosthash94_update #define hmac_gosthash94_digest nettle_hmac_gosthash94_digest +#define hmac_gosthash94cp_set_key nettle_hmac_gosthash94cp_set_key +#define hmac_gosthash94cp_update nettle_hmac_gosthash94cp_update +#define hmac_gosthash94cp_digest nettle_hmac_gosthash94cp_digest

void hmac_set_key(void *outer, void *inner, void *state, @@ -222,6 +225,20 @@ hmac_gosthash94_update(struct hmac_gosthash94_ctx *ctx, hmac_gosthash94_digest(struct hmac_gosthash94_ctx *ctx, size_t length, uint8_t *digest);

+struct hmac_gosthash94cp_ctx HMAC_CTX(struct gosthash94cp_ctx); + +void +hmac_gosthash94cp_set_key(struct hmac_gosthash94cp_ctx *ctx, + size_t key_length, const uint8_t *key); + +void +hmac_gosthash94cp_update(struct hmac_gosthash94cp_ctx *ctx, + size_t length, const uint8_t *data); + +void +hmac_gosthash94cp_digest(struct hmac_gosthash94cp_ctx *ctx, + size_t length, uint8_t *digest); +

#ifdef __cplusplus } diff --git a/nettle-meta-hashes.c b/nettle-meta-hashes.c index df668539..bf61fb11 100644 --- a/nettle-meta-hashes.c +++ b/nettle-meta-hashes.c @@ -41,6 +41,7 @@ const struct nettle_hash * const nettle_hashes[] = { &nettle_md4, &nettle_md5, &nettle_gosthash94, + &nettle_gosthash94cp, &nettle_ripemd160, &nettle_sha1, &nettle_sha224, diff --git a/nettle-meta.h b/nettle-meta.h index 14b5e48e..5a1f85bc 100644 --- a/nettle-meta.h +++ b/nettle-meta.h @@ -121,6 +121,7 @@ extern const struct nettle_hash nettle_md2; extern const struct nettle_hash nettle_md4; extern const struct nettle_hash nettle_md5; extern const struct nettle_hash nettle_gosthash94; +extern const struct nettle_hash nettle_gosthash94cp; extern const struct nettle_hash nettle_ripemd160; extern const struct nettle_hash nettle_sha1; extern const struct nettle_hash nettle_sha224; diff --git a/nettle.texinfo b/nettle.texinfo index 1d7e4e3e..e012b989 100644 --- a/nettle.texinfo +++ b/nettle.texinfo @@ -967,12 +967,17 @@ This function also resets the context in the same way as @end deftypefun

-@subsubsection @acronym{GOSTHASH94} +@subsubsection @acronym{GOSTHASH94 and GOSTHASH94CP}

The GOST94 or GOST R 34.11-94 hash algorithm is a Soviet-era algorithm used in Russian government standards (see @cite{RFC 4357}). -It outputs message digests of 256 bits, or 32 octets. -Nettle defines GOSTHASH94 in @file{<nettle/gosthash94.h>}. +It outputs message digests of 256 bits, or 32 octets. The standard itself +does not fix the s-box used by the hash algorith, so there are two popular +variants (the testing s-box from the standard itself and the s-box defined +by CryptoPro company). Nettle provides support for the former s-box in +the form of GOSTHASH94 hash algorithm and for the latter in the form of +GOSTHASH94CP hash algorithm. +Nettle defines GOSTHASH94 and GOSTHASH94CP in @file{<nettle/gosthash94.h>}.

@deftp {Context struct} {struct gosthash94_ctx} @end deftp @@ -1003,6 +1008,35 @@ This function also resets the context in the same way as @code{gosthash94_init}. @end deftypefun

+@deftp {Context struct} {struct gosthash94cp_ctx} +@end deftp + +@defvr Constant GOSTHASH94CP_DIGEST_SIZE +The size of a GOSTHASH94CP digest, i.e. 32. +@end defvr + +@defvr Constant GOSTHASH94CP_BLOCK_SIZE +The internal block size of GOSTHASH94CP, i.e., 32. +@end defvr + +@deftypefun void gosthash94cp_init (struct gosthash94cp_ctx *@var{ctx}) +Initialize the GOSTHASH94CP state. +@end deftypefun + +@deftypefun void gosthash94cp_update (struct gosthash94cp_ctx *@var{ctx}, size_t @var{length}, const uint8_t *@var{data}) +Hash some more data. +@end deftypefun + +@deftypefun void gosthash94cp_digest (struct gosthash94cp_ctx *@var{ctx}, size_t @var{length}, uint8_t *@var{digest}) +Performs final processing and extracts the message digest, writing it +to @var{digest}. @var{length} may be smaller than +@code{GOSTHASH94CP_DIGEST_SIZE}, in which case only the first @var{length} +octets of the digest are written. + +This function also resets the context in the same way as +@code{gosthash94cp_init}. +@end deftypefun + @node nettle_hash abstraction,, Legacy hash functions, Hash functions @comment node-name, next, previous, up @subsection The @code{struct nettle_hash} abstraction @@ -1033,6 +1067,7 @@ The last three attributes are function pointers, of types @deftypevrx {Constant Struct} {struct nettle_hash} nettle_sha512 @deftypevrx {Constant Struct} {struct nettle_hash} nettle_sha3_256 @deftypevrx {Constant Struct} {struct nettle_hash} nettle_gosthash94 +@deftypevrx {Constant Struct} {struct nettle_hash} nettle_gosthash94cp These are all the hash functions that Nettle implements. @end deftypevr

diff --git a/testsuite/gosthash94-test.c b/testsuite/gosthash94-test.c index 77fb8bef..d4e50158 100644 --- a/testsuite/gosthash94-test.c +++ b/testsuite/gosthash94-test.c @@ -17,4 +17,16 @@ test_main(void)

test_hash(&nettle_gosthash94, SDATA(""), SHEX("ce85b99cc46752fffee35cab9a7b0278abb4c2d2055cff685af4912c49490f8d")); + + test_hash(&nettle_gosthash94cp, SDATA("The quick brown fox jumps over the lazy dog"), + SHEX("9004294a361a508c586fe53d1f1b02746765e71b765472786e4770d565830a76")); + + test_hash(&nettle_gosthash94cp, SDATA("message digest"), + SHEX("bc6041dd2aa401ebfa6e9886734174febdb4729aa972d60f549ac39b29721ba0")); + + test_hash(&nettle_gosthash94cp, SDATA("a"), + SHEX("e74c52dd282183bf37af0079c9f78055715a103f17e3133ceff1aacf2f403011")); + + test_hash(&nettle_gosthash94cp, SDATA(""), + SHEX("981e5f3ca30c841487830f84fb433e13ac1101569b9c13584ac483234cd656c0")); } diff --git a/testsuite/hmac-test.c b/testsuite/hmac-test.c index 4a0e35ba..f009c800 100644 --- a/testsuite/hmac-test.c +++ b/testsuite/hmac-test.c @@ -901,4 +901,11 @@ test_main(void) SHEX("0126bdb87800af214341456563780100"), SHEX("bfebe25f051bfef6ac858babb0abc409" "bfd2e334ab847bc0b0d056517c7d94c5")); + + HMAC_TEST(gosthash94cp, + SHEX("000102030405060708090a0b0c0d0e0f" + "101112131415161718191a1b1c1d1e1f"), + SHEX("0126bdb87800af214341456563780100"), + SHEX("bad70b61c41095bc47e1141cfaed4272" + "6a5ceebd62ce75dbbb9ad76cda9f72f7")); } diff --git a/testsuite/meta-hash-test.c b/testsuite/meta-hash-test.c index b0dc8147..b81f09ea 100644 --- a/testsuite/meta-hash-test.c +++ b/testsuite/meta-hash-test.c @@ -9,6 +9,7 @@ const char* hashes[] = { "md4", "md5", "gosthash94", + "gosthash94cp", "ripemd160", "sha1", "sha224", diff --git a/testsuite/pbkdf2-test.c b/testsuite/pbkdf2-test.c index bb8da57f..1a21b651 100644 --- a/testsuite/pbkdf2-test.c +++ b/testsuite/pbkdf2-test.c @@ -28,6 +28,7 @@ test_main (void) struct hmac_sha1_ctx sha1ctx; struct hmac_sha256_ctx sha256ctx; struct hmac_sha512_ctx sha512ctx; + struct hmac_gosthash94cp_ctx gosthash94cpctx;

/* Test vectors for PBKDF2 from RFC 6070. */

@@ -110,4 +111,25 @@ test_main (void) PBKDF2_HMAC_TEST(pbkdf2_hmac_sha256, LDATA("passwd"), 1, LDATA("salt"), SHEX("55ac046e56e3089fec1691c22544b605"));

+ /* From TC26 documents. */ + + hmac_gosthash94cp_set_key (&gosthash94cpctx, LDATA("password")); + PBKDF2_TEST (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, 1, LDATA("salt"), + SHEX("7314e7c04fb2e662c543674253f68bd0b73445d07f241bed872882da21662d58")); + + PBKDF2_TEST (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, 4096, LDATA("salt"), + SHEX("1f1829a94bdff5be10d0aeb36af498e7a97467f3b31116a5a7c1afff9deadafe")); + + hmac_gosthash94cp_set_key (&gosthash94cpctx, LDATA("passwordPASSWORDpassword")); + PBKDF2_TEST (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, 4096, LDATA("saltSALTsaltSALTsaltSALTsaltSALTsalt"), + SHEX("788358c69cb2dbe251a7bb17d5f4241f265a792a35becde8d56f326b49c85047b7638acb4764b1fd")); + + hmac_gosthash94cp_set_key (&gosthash94cpctx, LDATA("pass\0word")); + PBKDF2_TEST (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, 4096, LDATA("sa\0lt"), + SHEX("43e06c5590b08c0225242373127edf9c8e9c3291")); + }

-- 2.11.0

Dmitry Eremin-Solenikov

11:27 p.m.

New subject: [PATCH 05/13] Implement PBKDF2 shortcut function for GOSTHASH94CP

Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- Makefile.in | 3 ++- pbkdf2-hmac-gosthash94.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++ pbkdf2.h | 7 +++++++ testsuite/pbkdf2-test.c | 2 ++ 4 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 pbkdf2-hmac-gosthash94.c

diff --git a/Makefile.in b/Makefile.in index 881f4ef4..21f7d742 100644 --- a/Makefile.in +++ b/Makefile.in @@ -113,7 +113,8 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ memeql-sec.c memxor.c memxor3.c \ nettle-meta-aeads.c nettle-meta-armors.c \ nettle-meta-ciphers.c nettle-meta-hashes.c \ - pbkdf2.c pbkdf2-hmac-sha1.c pbkdf2-hmac-sha256.c \ + pbkdf2.c pbkdf2-hmac-gosthash94.c pbkdf2-hmac-sha1.c \ + pbkdf2-hmac-sha256.c \ poly1305-aes.c poly1305-internal.c \ realloc.c \ ripemd160.c ripemd160-compress.c ripemd160-meta.c \ diff --git a/pbkdf2-hmac-gosthash94.c b/pbkdf2-hmac-gosthash94.c new file mode 100644 index 00000000..ff34ba1b --- /dev/null +++ b/pbkdf2-hmac-gosthash94.c @@ -0,0 +1,54 @@ +/* pbkdf2-hmac-gosthash94.c + + PKCS #5 PBKDF2 used with HMAC-GOSTHASH94CP. + + Copyright (C) 2016 Dmitry Eremin-Solenikov + Copyright (C) 2012 Simon Josefsson + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "pbkdf2.h" + +#include "hmac.h" + +void +pbkdf2_hmac_gosthash94cp (size_t key_length, const uint8_t *key, + unsigned iterations, + size_t salt_length, const uint8_t *salt, + size_t length, uint8_t *dst) +{ + struct hmac_gosthash94cp_ctx gosthash94cpctx; + + hmac_gosthash94cp_set_key (&gosthash94cpctx, key_length, key); + PBKDF2 (&gosthash94cpctx, hmac_gosthash94cp_update, hmac_gosthash94cp_digest, + GOSTHASH94CP_DIGEST_SIZE, iterations, salt_length, salt, length, dst); +} diff --git a/pbkdf2.h b/pbkdf2.h index 7b1c4c9c..a36dfdba 100644 --- a/pbkdf2.h +++ b/pbkdf2.h @@ -45,6 +45,7 @@ extern "C" #define pbkdf2 nettle_pbkdf2 #define pbkdf2_hmac_sha1 nettle_pbkdf2_hmac_sha1 #define pbkdf2_hmac_sha256 nettle_pbkdf2_hmac_sha256 +#define pbkdf2_hmac_gosthash94cp nettle_pbkdf2_hmac_gosthash94cp

void pbkdf2 (void *mac_ctx, @@ -78,6 +79,12 @@ pbkdf2_hmac_sha256 (size_t key_length, const uint8_t *key, size_t salt_length, const uint8_t *salt, size_t length, uint8_t *dst);

+void +pbkdf2_hmac_gosthash94cp (size_t key_length, const uint8_t *key, + unsigned iterations, + size_t salt_length, const uint8_t *salt, + size_t length, uint8_t *dst); + #ifdef __cplusplus } #endif diff --git a/testsuite/pbkdf2-test.c b/testsuite/pbkdf2-test.c index 1a21b651..536108f7 100644 --- a/testsuite/pbkdf2-test.c +++ b/testsuite/pbkdf2-test.c @@ -132,4 +132,6 @@ test_main (void) GOSTHASH94CP_DIGEST_SIZE, 4096, LDATA("sa\0lt"), SHEX("43e06c5590b08c0225242373127edf9c8e9c3291"));

+ PBKDF2_HMAC_TEST (pbkdf2_hmac_gosthash94cp, LDATA("password"), 1, LDATA("salt"), + SHEX("7314e7c04fb2e662c543674253f68bd0b73445d07f241bed872882da21662d58")); }

-- 2.11.0

Dmitry Eremin-Solenikov

11:27 p.m.

New subject: [PATCH 06/13] Add the rest of sboxes for GOST 28147

Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- gost28147.c | 1602 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ gost28147.h | 13 + 2 files changed, 1615 insertions(+)

diff --git a/gost28147.c b/gost28147.c index ff1aca59..d916276a 100644 --- a/gost28147.c +++ b/gost28147.c @@ -565,6 +565,1608 @@ const struct gost28147_param gost28147_param_CryptoPro_3411 = } };

+const struct gost28147_param gost28147_param_Test_89 = +{ + 0, + { + /* 0 */ + 0x00062000, 0x00061000, 0x00067800, 0x00062800, + 0x00064800, 0x00060800, 0x00060000, 0x00064000, + 0x00067000, 0x00061800, 0x00065800, 0x00066000, + 0x00066800, 0x00063800, 0x00065000, 0x00063000, + 0x0004a000, 0x00049000, 0x0004f800, 0x0004a800, + 0x0004c800, 0x00048800, 0x00048000, 0x0004c000, + 0x0004f000, 0x00049800, 0x0004d800, 0x0004e000, + 0x0004e800, 0x0004b800, 0x0004d000, 0x0004b000, + 0x0007a000, 0x00079000, 0x0007f800, 0x0007a800, + 0x0007c800, 0x00078800, 0x00078000, 0x0007c000, + 0x0007f000, 0x00079800, 0x0007d800, 0x0007e000, + 0x0007e800, 0x0007b800, 0x0007d000, 0x0007b000, + 0x00072000, 0x00071000, 0x00077800, 0x00072800, + 0x00074800, 0x00070800, 0x00070000, 0x00074000, + 0x00077000, 0x00071800, 0x00075800, 0x00076000, + 0x00076800, 0x00073800, 0x00075000, 0x00073000, + 0x00042000, 0x00041000, 0x00047800, 0x00042800, + 0x00044800, 0x00040800, 0x00040000, 0x00044000, + 0x00047000, 0x00041800, 0x00045800, 0x00046000, + 0x00046800, 0x00043800, 0x00045000, 0x00043000, + 0x0000a000, 0x00009000, 0x0000f800, 0x0000a800, + 0x0000c800, 0x00008800, 0x00008000, 0x0000c000, + 0x0000f000, 0x00009800, 0x0000d800, 0x0000e000, + 0x0000e800, 0x0000b800, 0x0000d000, 0x0000b000, + 0x0001a000, 0x00019000, 0x0001f800, 0x0001a800, + 0x0001c800, 0x00018800, 0x00018000, 0x0001c000, + 0x0001f000, 0x00019800, 0x0001d800, 0x0001e000, + 0x0001e800, 0x0001b800, 0x0001d000, 0x0001b000, + 0x00052000, 0x00051000, 0x00057800, 0x00052800, + 0x00054800, 0x00050800, 0x00050000, 0x00054000, + 0x00057000, 0x00051800, 0x00055800, 0x00056000, + 0x00056800, 0x00053800, 0x00055000, 0x00053000, + 0x00012000, 0x00011000, 0x00017800, 0x00012800, + 0x00014800, 0x00010800, 0x00010000, 0x00014000, + 0x00017000, 0x00011800, 0x00015800, 0x00016000, + 0x00016800, 0x00013800, 0x00015000, 0x00013000, + 0x0003a000, 0x00039000, 0x0003f800, 0x0003a800, + 0x0003c800, 0x00038800, 0x00038000, 0x0003c000, + 0x0003f000, 0x00039800, 0x0003d800, 0x0003e000, + 0x0003e800, 0x0003b800, 0x0003d000, 0x0003b000, + 0x00022000, 0x00021000, 0x00027800, 0x00022800, + 0x00024800, 0x00020800, 0x00020000, 0x00024000, + 0x00027000, 0x00021800, 0x00025800, 0x00026000, + 0x00026800, 0x00023800, 0x00025000, 0x00023000, + 0x0006a000, 0x00069000, 0x0006f800, 0x0006a800, + 0x0006c800, 0x00068800, 0x00068000, 0x0006c000, + 0x0006f000, 0x00069800, 0x0006d800, 0x0006e000, + 0x0006e800, 0x0006b800, 0x0006d000, 0x0006b000, + 0x00032000, 0x00031000, 0x00037800, 0x00032800, + 0x00034800, 0x00030800, 0x00030000, 0x00034000, + 0x00037000, 0x00031800, 0x00035800, 0x00036000, + 0x00036800, 0x00033800, 0x00035000, 0x00033000, + 0x00002000, 0x00001000, 0x00007800, 0x00002800, + 0x00004800, 0x00000800, 0x00000000, 0x00004000, + 0x00007000, 0x00001800, 0x00005800, 0x00006000, + 0x00006800, 0x00003800, 0x00005000, 0x00003000, + 0x0005a000, 0x00059000, 0x0005f800, 0x0005a800, + 0x0005c800, 0x00058800, 0x00058000, 0x0005c000, + 0x0005f000, 0x00059800, 0x0005d800, 0x0005e000, + 0x0005e800, 0x0005b800, 0x0005d000, 0x0005b000, + 0x0002a000, 0x00029000, 0x0002f800, 0x0002a800, + 0x0002c800, 0x00028800, 0x00028000, 0x0002c000, + 0x0002f000, 0x00029800, 0x0002d800, 0x0002e000, + 0x0002e800, 0x0002b800, 0x0002d000, 0x0002b000, + /* 1 */ + 0x07680000, 0x07400000, 0x07700000, 0x07600000, + 0x07380000, 0x07180000, 0x07480000, 0x07500000, + 0x07080000, 0x07280000, 0x07100000, 0x07200000, + 0x07300000, 0x07780000, 0x07000000, 0x07580000, + 0x04e80000, 0x04c00000, 0x04f00000, 0x04e00000, + 0x04b80000, 0x04980000, 0x04c80000, 0x04d00000, + 0x04880000, 0x04a80000, 0x04900000, 0x04a00000, + 0x04b00000, 0x04f80000, 0x04800000, 0x04d80000, + 0x05e80000, 0x05c00000, 0x05f00000, 0x05e00000, + 0x05b80000, 0x05980000, 0x05c80000, 0x05d00000, + 0x05880000, 0x05a80000, 0x05900000, 0x05a00000, + 0x05b00000, 0x05f80000, 0x05800000, 0x05d80000, + 0x01680000, 0x01400000, 0x01700000, 0x01600000, + 0x01380000, 0x01180000, 0x01480000, 0x01500000, + 0x01080000, 0x01280000, 0x01100000, 0x01200000, + 0x01300000, 0x01780000, 0x01000000, 0x01580000, + 0x02e80000, 0x02c00000, 0x02f00000, 0x02e00000, + 0x02b80000, 0x02980000, 0x02c80000, 0x02d00000, + 0x02880000, 0x02a80000, 0x02900000, 0x02a00000, + 0x02b00000, 0x02f80000, 0x02800000, 0x02d80000, + 0x07e80000, 0x07c00000, 0x07f00000, 0x07e00000, + 0x07b80000, 0x07980000, 0x07c80000, 0x07d00000, + 0x07880000, 0x07a80000, 0x07900000, 0x07a00000, + 0x07b00000, 0x07f80000, 0x07800000, 0x07d80000, + 0x03e80000, 0x03c00000, 0x03f00000, 0x03e00000, + 0x03b80000, 0x03980000, 0x03c80000, 0x03d00000, + 0x03880000, 0x03a80000, 0x03900000, 0x03a00000, + 0x03b00000, 0x03f80000, 0x03800000, 0x03d80000, + 0x00e80000, 0x00c00000, 0x00f00000, 0x00e00000, + 0x00b80000, 0x00980000, 0x00c80000, 0x00d00000, + 0x00880000, 0x00a80000, 0x00900000, 0x00a00000, + 0x00b00000, 0x00f80000, 0x00800000, 0x00d80000, + 0x00680000, 0x00400000, 0x00700000, 0x00600000, + 0x00380000, 0x00180000, 0x00480000, 0x00500000, + 0x00080000, 0x00280000, 0x00100000, 0x00200000, + 0x00300000, 0x00780000, 0x00000000, 0x00580000, + 0x06e80000, 0x06c00000, 0x06f00000, 0x06e00000, + 0x06b80000, 0x06980000, 0x06c80000, 0x06d00000, + 0x06880000, 0x06a80000, 0x06900000, 0x06a00000, + 0x06b00000, 0x06f80000, 0x06800000, 0x06d80000, + 0x06680000, 0x06400000, 0x06700000, 0x06600000, + 0x06380000, 0x06180000, 0x06480000, 0x06500000, + 0x06080000, 0x06280000, 0x06100000, 0x06200000, + 0x06300000, 0x06780000, 0x06000000, 0x06580000, + 0x03680000, 0x03400000, 0x03700000, 0x03600000, + 0x03380000, 0x03180000, 0x03480000, 0x03500000, + 0x03080000, 0x03280000, 0x03100000, 0x03200000, + 0x03300000, 0x03780000, 0x03000000, 0x03580000, + 0x05680000, 0x05400000, 0x05700000, 0x05600000, + 0x05380000, 0x05180000, 0x05480000, 0x05500000, + 0x05080000, 0x05280000, 0x05100000, 0x05200000, + 0x05300000, 0x05780000, 0x05000000, 0x05580000, + 0x02680000, 0x02400000, 0x02700000, 0x02600000, + 0x02380000, 0x02180000, 0x02480000, 0x02500000, + 0x02080000, 0x02280000, 0x02100000, 0x02200000, + 0x02300000, 0x02780000, 0x02000000, 0x02580000, + 0x01e80000, 0x01c00000, 0x01f00000, 0x01e00000, + 0x01b80000, 0x01980000, 0x01c80000, 0x01d00000, + 0x01880000, 0x01a80000, 0x01900000, 0x01a00000, + 0x01b00000, 0x01f80000, 0x01800000, 0x01d80000, + 0x04680000, 0x04400000, 0x04700000, 0x04600000, + 0x04380000, 0x04180000, 0x04480000, 0x04500000, + 0x04080000, 0x04280000, 0x04100000, 0x04200000, + 0x04300000, 0x04780000, 0x04000000, 0x04580000, + /* 2 */ + 0x18000004, 0x70000004, 0x28000004, 0x48000004, + 0x30000004, 0x40000004, 0x00000004, 0x68000004, + 0x50000004, 0x58000004, 0x38000004, 0x60000004, + 0x10000004, 0x08000004, 0x78000004, 0x20000004, + 0x98000007, 0xf0000007, 0xa8000007, 0xc8000007, + 0xb0000007, 0xc0000007, 0x80000007, 0xe8000007, + 0xd0000007, 0xd8000007, 0xb8000007, 0xe0000007, + 0x90000007, 0x88000007, 0xf8000007, 0xa0000007, + 0x18000003, 0x70000003, 0x28000003, 0x48000003, + 0x30000003, 0x40000003, 0x00000003, 0x68000003, + 0x50000003, 0x58000003, 0x38000003, 0x60000003, + 0x10000003, 0x08000003, 0x78000003, 0x20000003, + 0x98000005, 0xf0000005, 0xa8000005, 0xc8000005, + 0xb0000005, 0xc0000005, 0x80000005, 0xe8000005, + 0xd0000005, 0xd8000005, 0xb8000005, 0xe0000005, + 0x90000005, 0x88000005, 0xf8000005, 0xa0000005, + 0x98000000, 0xf0000000, 0xa8000000, 0xc8000000, + 0xb0000000, 0xc0000000, 0x80000000, 0xe8000000, + 0xd0000000, 0xd8000000, 0xb8000000, 0xe0000000, + 0x90000000, 0x88000000, 0xf8000000, 0xa0000000, + 0x98000004, 0xf0000004, 0xa8000004, 0xc8000004, + 0xb0000004, 0xc0000004, 0x80000004, 0xe8000004, + 0xd0000004, 0xd8000004, 0xb8000004, 0xe0000004, + 0x90000004, 0x88000004, 0xf8000004, 0xa0000004, + 0x18000006, 0x70000006, 0x28000006, 0x48000006, + 0x30000006, 0x40000006, 0x00000006, 0x68000006, + 0x50000006, 0x58000006, 0x38000006, 0x60000006, + 0x10000006, 0x08000006, 0x78000006, 0x20000006, + 0x98000002, 0xf0000002, 0xa8000002, 0xc8000002, + 0xb0000002, 0xc0000002, 0x80000002, 0xe8000002, + 0xd0000002, 0xd8000002, 0xb8000002, 0xe0000002, + 0x90000002, 0x88000002, 0xf8000002, 0xa0000002, + 0x98000006, 0xf0000006, 0xa8000006, 0xc8000006, + 0xb0000006, 0xc0000006, 0x80000006, 0xe8000006, + 0xd0000006, 0xd8000006, 0xb8000006, 0xe0000006, + 0x90000006, 0x88000006, 0xf8000006, 0xa0000006, + 0x98000001, 0xf0000001, 0xa8000001, 0xc8000001, + 0xb0000001, 0xc0000001, 0x80000001, 0xe8000001, + 0xd0000001, 0xd8000001, 0xb8000001, 0xe0000001, + 0x90000001, 0x88000001, 0xf8000001, 0xa0000001, + 0x98000003, 0xf0000003, 0xa8000003, 0xc8000003, + 0xb0000003, 0xc0000003, 0x80000003, 0xe8000003, + 0xd0000003, 0xd8000003, 0xb8000003, 0xe0000003, + 0x90000003, 0x88000003, 0xf8000003, 0xa0000003, + 0x18000005, 0x70000005, 0x28000005, 0x48000005, + 0x30000005, 0x40000005, 0x00000005, 0x68000005, + 0x50000005, 0x58000005, 0x38000005, 0x60000005, + 0x10000005, 0x08000005, 0x78000005, 0x20000005, + 0x18000000, 0x70000000, 0x28000000, 0x48000000, + 0x30000000, 0x40000000, 0x00000000, 0x68000000, + 0x50000000, 0x58000000, 0x38000000, 0x60000000, + 0x10000000, 0x08000000, 0x78000000, 0x20000000, + 0x18000007, 0x70000007, 0x28000007, 0x48000007, + 0x30000007, 0x40000007, 0x00000007, 0x68000007, + 0x50000007, 0x58000007, 0x38000007, 0x60000007, + 0x10000007, 0x08000007, 0x78000007, 0x20000007, + 0x18000001, 0x70000001, 0x28000001, 0x48000001, + 0x30000001, 0x40000001, 0x00000001, 0x68000001, + 0x50000001, 0x58000001, 0x38000001, 0x60000001, + 0x10000001, 0x08000001, 0x78000001, 0x20000001, + 0x18000002, 0x70000002, 0x28000002, 0x48000002, + 0x30000002, 0x40000002, 0x00000002, 0x68000002, + 0x50000002, 0x58000002, 0x38000002, 0x60000002, + 0x10000002, 0x08000002, 0x78000002, 0x20000002, + /* 3 */ + 0x00000648, 0x00000658, 0x00000660, 0x00000600, + 0x00000618, 0x00000630, 0x00000638, 0x00000628, + 0x00000620, 0x00000640, 0x00000670, 0x00000678, + 0x00000608, 0x00000650, 0x00000610, 0x00000668, + 0x00000348, 0x00000358, 0x00000360, 0x00000300, + 0x00000318, 0x00000330, 0x00000338, 0x00000328, + 0x00000320, 0x00000340, 0x00000370, 0x00000378, + 0x00000308, 0x00000350, 0x00000310, 0x00000368, + 0x000002c8, 0x000002d8, 0x000002e0, 0x00000280, + 0x00000298, 0x000002b0, 0x000002b8, 0x000002a8, + 0x000002a0, 0x000002c0, 0x000002f0, 0x000002f8, + 0x00000288, 0x000002d0, 0x00000290, 0x000002e8, + 0x00000148, 0x00000158, 0x00000160, 0x00000100, + 0x00000118, 0x00000130, 0x00000138, 0x00000128, + 0x00000120, 0x00000140, 0x00000170, 0x00000178, + 0x00000108, 0x00000150, 0x00000110, 0x00000168, + 0x000005c8, 0x000005d8, 0x000005e0, 0x00000580, + 0x00000598, 0x000005b0, 0x000005b8, 0x000005a8, + 0x000005a0, 0x000005c0, 0x000005f0, 0x000005f8, + 0x00000588, 0x000005d0, 0x00000590, 0x000005e8, + 0x00000048, 0x00000058, 0x00000060, 0x00000000, + 0x00000018, 0x00000030, 0x00000038, 0x00000028, + 0x00000020, 0x00000040, 0x00000070, 0x00000078, + 0x00000008, 0x00000050, 0x00000010, 0x00000068, + 0x000004c8, 0x000004d8, 0x000004e0, 0x00000480, + 0x00000498, 0x000004b0, 0x000004b8, 0x000004a8, + 0x000004a0, 0x000004c0, 0x000004f0, 0x000004f8, + 0x00000488, 0x000004d0, 0x00000490, 0x000004e8, + 0x000006c8, 0x000006d8, 0x000006e0, 0x00000680, + 0x00000698, 0x000006b0, 0x000006b8, 0x000006a8, + 0x000006a0, 0x000006c0, 0x000006f0, 0x000006f8, + 0x00000688, 0x000006d0, 0x00000690, 0x000006e8, + 0x000001c8, 0x000001d8, 0x000001e0, 0x00000180, + 0x00000198, 0x000001b0, 0x000001b8, 0x000001a8, + 0x000001a0, 0x000001c0, 0x000001f0, 0x000001f8, + 0x00000188, 0x000001d0, 0x00000190, 0x000001e8, + 0x00000748, 0x00000758, 0x00000760, 0x00000700, + 0x00000718, 0x00000730, 0x00000738, 0x00000728, + 0x00000720, 0x00000740, 0x00000770, 0x00000778, + 0x00000708, 0x00000750, 0x00000710, 0x00000768, + 0x000003c8, 0x000003d8, 0x000003e0, 0x00000380, + 0x00000398, 0x000003b0, 0x000003b8, 0x000003a8, + 0x000003a0, 0x000003c0, 0x000003f0, 0x000003f8, + 0x00000388, 0x000003d0, 0x00000390, 0x000003e8, + 0x00000548, 0x00000558, 0x00000560, 0x00000500, + 0x00000518, 0x00000530, 0x00000538, 0x00000528, + 0x00000520, 0x00000540, 0x00000570, 0x00000578, + 0x00000508, 0x00000550, 0x00000510, 0x00000568, + 0x000007c8, 0x000007d8, 0x000007e0, 0x00000780, + 0x00000798, 0x000007b0, 0x000007b8, 0x000007a8, + 0x000007a0, 0x000007c0, 0x000007f0, 0x000007f8, + 0x00000788, 0x000007d0, 0x00000790, 0x000007e8, + 0x00000248, 0x00000258, 0x00000260, 0x00000200, + 0x00000218, 0x00000230, 0x00000238, 0x00000228, + 0x00000220, 0x00000240, 0x00000270, 0x00000278, + 0x00000208, 0x00000250, 0x00000210, 0x00000268, + 0x000000c8, 0x000000d8, 0x000000e0, 0x00000080, + 0x00000098, 0x000000b0, 0x000000b8, 0x000000a8, + 0x000000a0, 0x000000c0, 0x000000f0, 0x000000f8, + 0x00000088, 0x000000d0, 0x00000090, 0x000000e8, + 0x00000448, 0x00000458, 0x00000460, 0x00000400, + 0x00000418, 0x00000430, 0x00000438, 0x00000428, + 0x00000420, 0x00000440, 0x00000470, 0x00000478, + 0x00000408, 0x00000450, 0x00000410, 0x00000468, + } +}; + +const struct gost28147_param gost28147_param_CryptoPro_A = +{ + 1, + { + /* 0 */ + 0x0001c800, 0x0001b000, 0x00019800, 0x00019000, + 0x0001c000, 0x0001d800, 0x00018800, 0x0001b800, + 0x0001d000, 0x0001a000, 0x0001f000, 0x0001f800, + 0x0001e000, 0x00018000, 0x0001e800, 0x0001a800, + 0x0003c800, 0x0003b000, 0x00039800, 0x00039000, + 0x0003c000, 0x0003d800, 0x00038800, 0x0003b800, + 0x0003d000, 0x0003a000, 0x0003f000, 0x0003f800, + 0x0003e000, 0x00038000, 0x0003e800, 0x0003a800, + 0x00074800, 0x00073000, 0x00071800, 0x00071000, + 0x00074000, 0x00075800, 0x00070800, 0x00073800, + 0x00075000, 0x00072000, 0x00077000, 0x00077800, + 0x00076000, 0x00070000, 0x00076800, 0x00072800, + 0x0004c800, 0x0004b000, 0x00049800, 0x00049000, + 0x0004c000, 0x0004d800, 0x00048800, 0x0004b800, + 0x0004d000, 0x0004a000, 0x0004f000, 0x0004f800, + 0x0004e000, 0x00048000, 0x0004e800, 0x0004a800, + 0x00044800, 0x00043000, 0x00041800, 0x00041000, + 0x00044000, 0x00045800, 0x00040800, 0x00043800, + 0x00045000, 0x00042000, 0x00047000, 0x00047800, + 0x00046000, 0x00040000, 0x00046800, 0x00042800, + 0x00054800, 0x00053000, 0x00051800, 0x00051000, + 0x00054000, 0x00055800, 0x00050800, 0x00053800, + 0x00055000, 0x00052000, 0x00057000, 0x00057800, + 0x00056000, 0x00050000, 0x00056800, 0x00052800, + 0x0007c800, 0x0007b000, 0x00079800, 0x00079000, + 0x0007c000, 0x0007d800, 0x00078800, 0x0007b800, + 0x0007d000, 0x0007a000, 0x0007f000, 0x0007f800, + 0x0007e000, 0x00078000, 0x0007e800, 0x0007a800, + 0x00004800, 0x00003000, 0x00001800, 0x00001000, + 0x00004000, 0x00005800, 0x00000800, 0x00003800, + 0x00005000, 0x00002000, 0x00007000, 0x00007800, + 0x00006000, 0x00000000, 0x00006800, 0x00002800, + 0x0002c800, 0x0002b000, 0x00029800, 0x00029000, + 0x0002c000, 0x0002d800, 0x00028800, 0x0002b800, + 0x0002d000, 0x0002a000, 0x0002f000, 0x0002f800, + 0x0002e000, 0x00028000, 0x0002e800, 0x0002a800, + 0x00014800, 0x00013000, 0x00011800, 0x00011000, + 0x00014000, 0x00015800, 0x00010800, 0x00013800, + 0x00015000, 0x00012000, 0x00017000, 0x00017800, + 0x00016000, 0x00010000, 0x00016800, 0x00012800, + 0x00034800, 0x00033000, 0x00031800, 0x00031000, + 0x00034000, 0x00035800, 0x00030800, 0x00033800, + 0x00035000, 0x00032000, 0x00037000, 0x00037800, + 0x00036000, 0x00030000, 0x00036800, 0x00032800, + 0x00064800, 0x00063000, 0x00061800, 0x00061000, + 0x00064000, 0x00065800, 0x00060800, 0x00063800, + 0x00065000, 0x00062000, 0x00067000, 0x00067800, + 0x00066000, 0x00060000, 0x00066800, 0x00062800, + 0x0005c800, 0x0005b000, 0x00059800, 0x00059000, + 0x0005c000, 0x0005d800, 0x00058800, 0x0005b800, + 0x0005d000, 0x0005a000, 0x0005f000, 0x0005f800, + 0x0005e000, 0x00058000, 0x0005e800, 0x0005a800, + 0x00024800, 0x00023000, 0x00021800, 0x00021000, + 0x00024000, 0x00025800, 0x00020800, 0x00023800, + 0x00025000, 0x00022000, 0x00027000, 0x00027800, + 0x00026000, 0x00020000, 0x00026800, 0x00022800, + 0x0006c800, 0x0006b000, 0x00069800, 0x00069000, + 0x0006c000, 0x0006d800, 0x00068800, 0x0006b800, + 0x0006d000, 0x0006a000, 0x0006f000, 0x0006f800, + 0x0006e000, 0x00068000, 0x0006e800, 0x0006a800, + 0x0000c800, 0x0000b000, 0x00009800, 0x00009000, + 0x0000c000, 0x0000d800, 0x00008800, 0x0000b800, + 0x0000d000, 0x0000a000, 0x0000f000, 0x0000f800, + 0x0000e000, 0x00008000, 0x0000e800, 0x0000a800, + /* 1 */ + 0x07700000, 0x07200000, 0x07300000, 0x07100000, + 0x07580000, 0x07180000, 0x07680000, 0x07400000, + 0x07600000, 0x07780000, 0x07280000, 0x07500000, + 0x07000000, 0x07380000, 0x07080000, 0x07480000, + 0x03f00000, 0x03a00000, 0x03b00000, 0x03900000, + 0x03d80000, 0x03980000, 0x03e80000, 0x03c00000, + 0x03e00000, 0x03f80000, 0x03a80000, 0x03d00000, + 0x03800000, 0x03b80000, 0x03880000, 0x03c80000, + 0x05700000, 0x05200000, 0x05300000, 0x05100000, + 0x05580000, 0x05180000, 0x05680000, 0x05400000, + 0x05600000, 0x05780000, 0x05280000, 0x05500000, + 0x05000000, 0x05380000, 0x05080000, 0x05480000, + 0x06700000, 0x06200000, 0x06300000, 0x06100000, + 0x06580000, 0x06180000, 0x06680000, 0x06400000, + 0x06600000, 0x06780000, 0x06280000, 0x06500000, + 0x06000000, 0x06380000, 0x06080000, 0x06480000, + 0x06f00000, 0x06a00000, 0x06b00000, 0x06900000, + 0x06d80000, 0x06980000, 0x06e80000, 0x06c00000, + 0x06e00000, 0x06f80000, 0x06a80000, 0x06d00000, + 0x06800000, 0x06b80000, 0x06880000, 0x06c80000, + 0x00f00000, 0x00a00000, 0x00b00000, 0x00900000, + 0x00d80000, 0x00980000, 0x00e80000, 0x00c00000, + 0x00e00000, 0x00f80000, 0x00a80000, 0x00d00000, + 0x00800000, 0x00b80000, 0x00880000, 0x00c80000, + 0x01f00000, 0x01a00000, 0x01b00000, 0x01900000, + 0x01d80000, 0x01980000, 0x01e80000, 0x01c00000, + 0x01e00000, 0x01f80000, 0x01a80000, 0x01d00000, + 0x01800000, 0x01b80000, 0x01880000, 0x01c80000, + 0x04f00000, 0x04a00000, 0x04b00000, 0x04900000, + 0x04d80000, 0x04980000, 0x04e80000, 0x04c00000, + 0x04e00000, 0x04f80000, 0x04a80000, 0x04d00000, + 0x04800000, 0x04b80000, 0x04880000, 0x04c80000, + 0x00700000, 0x00200000, 0x00300000, 0x00100000, + 0x00580000, 0x00180000, 0x00680000, 0x00400000, + 0x00600000, 0x00780000, 0x00280000, 0x00500000, + 0x00000000, 0x00380000, 0x00080000, 0x00480000, + 0x01700000, 0x01200000, 0x01300000, 0x01100000, + 0x01580000, 0x01180000, 0x01680000, 0x01400000, + 0x01600000, 0x01780000, 0x01280000, 0x01500000, + 0x01000000, 0x01380000, 0x01080000, 0x01480000, + 0x05f00000, 0x05a00000, 0x05b00000, 0x05900000, + 0x05d80000, 0x05980000, 0x05e80000, 0x05c00000, + 0x05e00000, 0x05f80000, 0x05a80000, 0x05d00000, + 0x05800000, 0x05b80000, 0x05880000, 0x05c80000, + 0x02700000, 0x02200000, 0x02300000, 0x02100000, + 0x02580000, 0x02180000, 0x02680000, 0x02400000, + 0x02600000, 0x02780000, 0x02280000, 0x02500000, + 0x02000000, 0x02380000, 0x02080000, 0x02480000, + 0x07f00000, 0x07a00000, 0x07b00000, 0x07900000, + 0x07d80000, 0x07980000, 0x07e80000, 0x07c00000, + 0x07e00000, 0x07f80000, 0x07a80000, 0x07d00000, + 0x07800000, 0x07b80000, 0x07880000, 0x07c80000, + 0x04700000, 0x04200000, 0x04300000, 0x04100000, + 0x04580000, 0x04180000, 0x04680000, 0x04400000, + 0x04600000, 0x04780000, 0x04280000, 0x04500000, + 0x04000000, 0x04380000, 0x04080000, 0x04480000, + 0x02f00000, 0x02a00000, 0x02b00000, 0x02900000, + 0x02d80000, 0x02980000, 0x02e80000, 0x02c00000, + 0x02e00000, 0x02f80000, 0x02a80000, 0x02d00000, + 0x02800000, 0x02b80000, 0x02880000, 0x02c80000, + 0x03700000, 0x03200000, 0x03300000, 0x03100000, + 0x03580000, 0x03180000, 0x03680000, 0x03400000, + 0x03600000, 0x03780000, 0x03280000, 0x03500000, + 0x03000000, 0x03380000, 0x03080000, 0x03480000, + /* 2 */ + 0xd8000001, 0xa8000001, 0x88000001, 0xc8000001, + 0xc0000001, 0xe8000001, 0xf8000001, 0x80000001, + 0xf0000001, 0xa0000001, 0x90000001, 0x98000001, + 0xe0000001, 0xb8000001, 0xd0000001, 0xb0000001, + 0x58000005, 0x28000005, 0x08000005, 0x48000005, + 0x40000005, 0x68000005, 0x78000005, 0x00000005, + 0x70000005, 0x20000005, 0x10000005, 0x18000005, + 0x60000005, 0x38000005, 0x50000005, 0x30000005, + 0xd8000006, 0xa8000006, 0x88000006, 0xc8000006, + 0xc0000006, 0xe8000006, 0xf8000006, 0x80000006, + 0xf0000006, 0xa0000006, 0x90000006, 0x98000006, + 0xe0000006, 0xb8000006, 0xd0000006, 0xb0000006, + 0x58000006, 0x28000006, 0x08000006, 0x48000006, + 0x40000006, 0x68000006, 0x78000006, 0x00000006, + 0x70000006, 0x20000006, 0x10000006, 0x18000006, + 0x60000006, 0x38000006, 0x50000006, 0x30000006, + 0xd8000000, 0xa8000000, 0x88000000, 0xc8000000, + 0xc0000000, 0xe8000000, 0xf8000000, 0x80000000, + 0xf0000000, 0xa0000000, 0x90000000, 0x98000000, + 0xe0000000, 0xb8000000, 0xd0000000, 0xb0000000, + 0x58000001, 0x28000001, 0x08000001, 0x48000001, + 0x40000001, 0x68000001, 0x78000001, 0x00000001, + 0x70000001, 0x20000001, 0x10000001, 0x18000001, + 0x60000001, 0x38000001, 0x50000001, 0x30000001, + 0x58000000, 0x28000000, 0x08000000, 0x48000000, + 0x40000000, 0x68000000, 0x78000000, 0x00000000, + 0x70000000, 0x20000000, 0x10000000, 0x18000000, + 0x60000000, 0x38000000, 0x50000000, 0x30000000, + 0xd8000005, 0xa8000005, 0x88000005, 0xc8000005, + 0xc0000005, 0xe8000005, 0xf8000005, 0x80000005, + 0xf0000005, 0xa0000005, 0x90000005, 0x98000005, + 0xe0000005, 0xb8000005, 0xd0000005, 0xb0000005, + 0xd8000003, 0xa8000003, 0x88000003, 0xc8000003, + 0xc0000003, 0xe8000003, 0xf8000003, 0x80000003, + 0xf0000003, 0xa0000003, 0x90000003, 0x98000003, + 0xe0000003, 0xb8000003, 0xd0000003, 0xb0000003, + 0xd8000002, 0xa8000002, 0x88000002, 0xc8000002, + 0xc0000002, 0xe8000002, 0xf8000002, 0x80000002, + 0xf0000002, 0xa0000002, 0x90000002, 0x98000002, + 0xe0000002, 0xb8000002, 0xd0000002, 0xb0000002, + 0xd8000004, 0xa8000004, 0x88000004, 0xc8000004, + 0xc0000004, 0xe8000004, 0xf8000004, 0x80000004, + 0xf0000004, 0xa0000004, 0x90000004, 0x98000004, + 0xe0000004, 0xb8000004, 0xd0000004, 0xb0000004, + 0x58000002, 0x28000002, 0x08000002, 0x48000002, + 0x40000002, 0x68000002, 0x78000002, 0x00000002, + 0x70000002, 0x20000002, 0x10000002, 0x18000002, + 0x60000002, 0x38000002, 0x50000002, 0x30000002, + 0x58000004, 0x28000004, 0x08000004, 0x48000004, + 0x40000004, 0x68000004, 0x78000004, 0x00000004, + 0x70000004, 0x20000004, 0x10000004, 0x18000004, + 0x60000004, 0x38000004, 0x50000004, 0x30000004, + 0xd8000007, 0xa8000007, 0x88000007, 0xc8000007, + 0xc0000007, 0xe8000007, 0xf8000007, 0x80000007, + 0xf0000007, 0xa0000007, 0x90000007, 0x98000007, + 0xe0000007, 0xb8000007, 0xd0000007, 0xb0000007, + 0x58000007, 0x28000007, 0x08000007, 0x48000007, + 0x40000007, 0x68000007, 0x78000007, 0x00000007, + 0x70000007, 0x20000007, 0x10000007, 0x18000007, + 0x60000007, 0x38000007, 0x50000007, 0x30000007, + 0x58000003, 0x28000003, 0x08000003, 0x48000003, + 0x40000003, 0x68000003, 0x78000003, 0x00000003, + 0x70000003, 0x20000003, 0x10000003, 0x18000003, + 0x60000003, 0x38000003, 0x50000003, 0x30000003, + /* 3 */ + 0x00000588, 0x000005e8, 0x00000590, 0x000005c8, + 0x000005b8, 0x000005d0, 0x000005b0, 0x00000580, + 0x000005c0, 0x000005e0, 0x000005a0, 0x000005a8, + 0x000005f8, 0x00000598, 0x000005d8, 0x000005f0, + 0x00000508, 0x00000568, 0x00000510, 0x00000548, + 0x00000538, 0x00000550, 0x00000530, 0x00000500, + 0x00000540, 0x00000560, 0x00000520, 0x00000528, + 0x00000578, 0x00000518, 0x00000558, 0x00000570, + 0x00000788, 0x000007e8, 0x00000790, 0x000007c8, + 0x000007b8, 0x000007d0, 0x000007b0, 0x00000780, + 0x000007c0, 0x000007e0, 0x000007a0, 0x000007a8, + 0x000007f8, 0x00000798, 0x000007d8, 0x000007f0, + 0x00000288, 0x000002e8, 0x00000290, 0x000002c8, + 0x000002b8, 0x000002d0, 0x000002b0, 0x00000280, + 0x000002c0, 0x000002e0, 0x000002a0, 0x000002a8, + 0x000002f8, 0x00000298, 0x000002d8, 0x000002f0, + 0x00000008, 0x00000068, 0x00000010, 0x00000048, + 0x00000038, 0x00000050, 0x00000030, 0x00000000, + 0x00000040, 0x00000060, 0x00000020, 0x00000028, + 0x00000078, 0x00000018, 0x00000058, 0x00000070, + 0x00000608, 0x00000668, 0x00000610, 0x00000648, + 0x00000638, 0x00000650, 0x00000630, 0x00000600, + 0x00000640, 0x00000660, 0x00000620, 0x00000628, + 0x00000678, 0x00000618, 0x00000658, 0x00000670, + 0x00000708, 0x00000768, 0x00000710, 0x00000748, + 0x00000738, 0x00000750, 0x00000730, 0x00000700, + 0x00000740, 0x00000760, 0x00000720, 0x00000728, + 0x00000778, 0x00000718, 0x00000758, 0x00000770, + 0x00000408, 0x00000468, 0x00000410, 0x00000448, + 0x00000438, 0x00000450, 0x00000430, 0x00000400, + 0x00000440, 0x00000460, 0x00000420, 0x00000428, + 0x00000478, 0x00000418, 0x00000458, 0x00000470, + 0x00000308, 0x00000368, 0x00000310, 0x00000348, + 0x00000338, 0x00000350, 0x00000330, 0x00000300, + 0x00000340, 0x00000360, 0x00000320, 0x00000328, + 0x00000378, 0x00000318, 0x00000358, 0x00000370, + 0x00000108, 0x00000168, 0x00000110, 0x00000148, + 0x00000138, 0x00000150, 0x00000130, 0x00000100, + 0x00000140, 0x00000160, 0x00000120, 0x00000128, + 0x00000178, 0x00000118, 0x00000158, 0x00000170, + 0x00000188, 0x000001e8, 0x00000190, 0x000001c8, + 0x000001b8, 0x000001d0, 0x000001b0, 0x00000180, + 0x000001c0, 0x000001e0, 0x000001a0, 0x000001a8, + 0x000001f8, 0x00000198, 0x000001d8, 0x000001f0, + 0x00000488, 0x000004e8, 0x00000490, 0x000004c8, + 0x000004b8, 0x000004d0, 0x000004b0, 0x00000480, + 0x000004c0, 0x000004e0, 0x000004a0, 0x000004a8, + 0x000004f8, 0x00000498, 0x000004d8, 0x000004f0, + 0x00000088, 0x000000e8, 0x00000090, 0x000000c8, + 0x000000b8, 0x000000d0, 0x000000b0, 0x00000080, + 0x000000c0, 0x000000e0, 0x000000a0, 0x000000a8, + 0x000000f8, 0x00000098, 0x000000d8, 0x000000f0, + 0x00000388, 0x000003e8, 0x00000390, 0x000003c8, + 0x000003b8, 0x000003d0, 0x000003b0, 0x00000380, + 0x000003c0, 0x000003e0, 0x000003a0, 0x000003a8, + 0x000003f8, 0x00000398, 0x000003d8, 0x000003f0, + 0x00000688, 0x000006e8, 0x00000690, 0x000006c8, + 0x000006b8, 0x000006d0, 0x000006b0, 0x00000680, + 0x000006c0, 0x000006e0, 0x000006a0, 0x000006a8, + 0x000006f8, 0x00000698, 0x000006d8, 0x000006f0, + 0x00000208, 0x00000268, 0x00000210, 0x00000248, + 0x00000238, 0x00000250, 0x00000230, 0x00000200, + 0x00000240, 0x00000260, 0x00000220, 0x00000228, + 0x00000278, 0x00000218, 0x00000258, 0x00000270, + } +}; + +const struct gost28147_param gost28147_param_CryptoPro_B = +{ + 1, + { + /* 0 */ + 0x00004000, 0x00002000, 0x00005800, 0x00000800, + 0x00001800, 0x00002800, 0x00000000, 0x00004800, + 0x00001000, 0x00007000, 0x00005000, 0x00006000, + 0x00006800, 0x00003000, 0x00003800, 0x00007800, + 0x0000c000, 0x0000a000, 0x0000d800, 0x00008800, + 0x00009800, 0x0000a800, 0x00008000, 0x0000c800, + 0x00009000, 0x0000f000, 0x0000d000, 0x0000e000, + 0x0000e800, 0x0000b000, 0x0000b800, 0x0000f800, + 0x00014000, 0x00012000, 0x00015800, 0x00010800, + 0x00011800, 0x00012800, 0x00010000, 0x00014800, + 0x00011000, 0x00017000, 0x00015000, 0x00016000, + 0x00016800, 0x00013000, 0x00013800, 0x00017800, + 0x00054000, 0x00052000, 0x00055800, 0x00050800, + 0x00051800, 0x00052800, 0x00050000, 0x00054800, + 0x00051000, 0x00057000, 0x00055000, 0x00056000, + 0x00056800, 0x00053000, 0x00053800, 0x00057800, + 0x00024000, 0x00022000, 0x00025800, 0x00020800, + 0x00021800, 0x00022800, 0x00020000, 0x00024800, + 0x00021000, 0x00027000, 0x00025000, 0x00026000, + 0x00026800, 0x00023000, 0x00023800, 0x00027800, + 0x0006c000, 0x0006a000, 0x0006d800, 0x00068800, + 0x00069800, 0x0006a800, 0x00068000, 0x0006c800, + 0x00069000, 0x0006f000, 0x0006d000, 0x0006e000, + 0x0006e800, 0x0006b000, 0x0006b800, 0x0006f800, + 0x0002c000, 0x0002a000, 0x0002d800, 0x00028800, + 0x00029800, 0x0002a800, 0x00028000, 0x0002c800, + 0x00029000, 0x0002f000, 0x0002d000, 0x0002e000, + 0x0002e800, 0x0002b000, 0x0002b800, 0x0002f800, + 0x00064000, 0x00062000, 0x00065800, 0x00060800, + 0x00061800, 0x00062800, 0x00060000, 0x00064800, + 0x00061000, 0x00067000, 0x00065000, 0x00066000, + 0x00066800, 0x00063000, 0x00063800, 0x00067800, + 0x0004c000, 0x0004a000, 0x0004d800, 0x00048800, + 0x00049800, 0x0004a800, 0x00048000, 0x0004c800, + 0x00049000, 0x0004f000, 0x0004d000, 0x0004e000, + 0x0004e800, 0x0004b000, 0x0004b800, 0x0004f800, + 0x0003c000, 0x0003a000, 0x0003d800, 0x00038800, + 0x00039800, 0x0003a800, 0x00038000, 0x0003c800, + 0x00039000, 0x0003f000, 0x0003d000, 0x0003e000, + 0x0003e800, 0x0003b000, 0x0003b800, 0x0003f800, + 0x0001c000, 0x0001a000, 0x0001d800, 0x00018800, + 0x00019800, 0x0001a800, 0x00018000, 0x0001c800, + 0x00019000, 0x0001f000, 0x0001d000, 0x0001e000, + 0x0001e800, 0x0001b000, 0x0001b800, 0x0001f800, + 0x0007c000, 0x0007a000, 0x0007d800, 0x00078800, + 0x00079800, 0x0007a800, 0x00078000, 0x0007c800, + 0x00079000, 0x0007f000, 0x0007d000, 0x0007e000, + 0x0007e800, 0x0007b000, 0x0007b800, 0x0007f800, + 0x0005c000, 0x0005a000, 0x0005d800, 0x00058800, + 0x00059800, 0x0005a800, 0x00058000, 0x0005c800, + 0x00059000, 0x0005f000, 0x0005d000, 0x0005e000, + 0x0005e800, 0x0005b000, 0x0005b800, 0x0005f800, + 0x00044000, 0x00042000, 0x00045800, 0x00040800, + 0x00041800, 0x00042800, 0x00040000, 0x00044800, + 0x00041000, 0x00047000, 0x00045000, 0x00046000, + 0x00046800, 0x00043000, 0x00043800, 0x00047800, + 0x00034000, 0x00032000, 0x00035800, 0x00030800, + 0x00031800, 0x00032800, 0x00030000, 0x00034800, + 0x00031000, 0x00037000, 0x00035000, 0x00036000, + 0x00036800, 0x00033000, 0x00033800, 0x00037800, + 0x00074000, 0x00072000, 0x00075800, 0x00070800, + 0x00071800, 0x00072800, 0x00070000, 0x00074800, + 0x00071000, 0x00077000, 0x00075000, 0x00076000, + 0x00076800, 0x00073000, 0x00073800, 0x00077800, + /* 1 */ + 0x03f00000, 0x03e00000, 0x03800000, 0x03d00000, + 0x03c80000, 0x03900000, 0x03e80000, 0x03d80000, + 0x03b80000, 0x03a80000, 0x03c00000, 0x03f80000, + 0x03980000, 0x03b00000, 0x03880000, 0x03a00000, + 0x02f00000, 0x02e00000, 0x02800000, 0x02d00000, + 0x02c80000, 0x02900000, 0x02e80000, 0x02d80000, + 0x02b80000, 0x02a80000, 0x02c00000, 0x02f80000, + 0x02980000, 0x02b00000, 0x02880000, 0x02a00000, + 0x00700000, 0x00600000, 0x00000000, 0x00500000, + 0x00480000, 0x00100000, 0x00680000, 0x00580000, + 0x00380000, 0x00280000, 0x00400000, 0x00780000, + 0x00180000, 0x00300000, 0x00080000, 0x00200000, + 0x06f00000, 0x06e00000, 0x06800000, 0x06d00000, + 0x06c80000, 0x06900000, 0x06e80000, 0x06d80000, + 0x06b80000, 0x06a80000, 0x06c00000, 0x06f80000, + 0x06980000, 0x06b00000, 0x06880000, 0x06a00000, + 0x05f00000, 0x05e00000, 0x05800000, 0x05d00000, + 0x05c80000, 0x05900000, 0x05e80000, 0x05d80000, + 0x05b80000, 0x05a80000, 0x05c00000, 0x05f80000, + 0x05980000, 0x05b00000, 0x05880000, 0x05a00000, + 0x03700000, 0x03600000, 0x03000000, 0x03500000, + 0x03480000, 0x03100000, 0x03680000, 0x03580000, + 0x03380000, 0x03280000, 0x03400000, 0x03780000, + 0x03180000, 0x03300000, 0x03080000, 0x03200000, + 0x00f00000, 0x00e00000, 0x00800000, 0x00d00000, + 0x00c80000, 0x00900000, 0x00e80000, 0x00d80000, + 0x00b80000, 0x00a80000, 0x00c00000, 0x00f80000, + 0x00980000, 0x00b00000, 0x00880000, 0x00a00000, + 0x01700000, 0x01600000, 0x01000000, 0x01500000, + 0x01480000, 0x01100000, 0x01680000, 0x01580000, + 0x01380000, 0x01280000, 0x01400000, 0x01780000, + 0x01180000, 0x01300000, 0x01080000, 0x01200000, + 0x01f00000, 0x01e00000, 0x01800000, 0x01d00000, + 0x01c80000, 0x01900000, 0x01e80000, 0x01d80000, + 0x01b80000, 0x01a80000, 0x01c00000, 0x01f80000, + 0x01980000, 0x01b00000, 0x01880000, 0x01a00000, + 0x05700000, 0x05600000, 0x05000000, 0x05500000, + 0x05480000, 0x05100000, 0x05680000, 0x05580000, + 0x05380000, 0x05280000, 0x05400000, 0x05780000, + 0x05180000, 0x05300000, 0x05080000, 0x05200000, + 0x06700000, 0x06600000, 0x06000000, 0x06500000, + 0x06480000, 0x06100000, 0x06680000, 0x06580000, + 0x06380000, 0x06280000, 0x06400000, 0x06780000, + 0x06180000, 0x06300000, 0x06080000, 0x06200000, + 0x07f00000, 0x07e00000, 0x07800000, 0x07d00000, + 0x07c80000, 0x07900000, 0x07e80000, 0x07d80000, + 0x07b80000, 0x07a80000, 0x07c00000, 0x07f80000, + 0x07980000, 0x07b00000, 0x07880000, 0x07a00000, + 0x02700000, 0x02600000, 0x02000000, 0x02500000, + 0x02480000, 0x02100000, 0x02680000, 0x02580000, + 0x02380000, 0x02280000, 0x02400000, 0x02780000, + 0x02180000, 0x02300000, 0x02080000, 0x02200000, + 0x07700000, 0x07600000, 0x07000000, 0x07500000, + 0x07480000, 0x07100000, 0x07680000, 0x07580000, + 0x07380000, 0x07280000, 0x07400000, 0x07780000, + 0x07180000, 0x07300000, 0x07080000, 0x07200000, + 0x04f00000, 0x04e00000, 0x04800000, 0x04d00000, + 0x04c80000, 0x04900000, 0x04e80000, 0x04d80000, + 0x04b80000, 0x04a80000, 0x04c00000, 0x04f80000, + 0x04980000, 0x04b00000, 0x04880000, 0x04a00000, + 0x04700000, 0x04600000, 0x04000000, 0x04500000, + 0x04480000, 0x04100000, 0x04680000, 0x04580000, + 0x04380000, 0x04280000, 0x04400000, 0x04780000, + 0x04180000, 0x04300000, 0x04080000, 0x04200000, + /* 2 */ + 0x10000004, 0x38000004, 0x60000004, 0x78000004, + 0x48000004, 0x28000004, 0x50000004, 0x58000004, + 0x08000004, 0x20000004, 0x00000004, 0x68000004, + 0x30000004, 0x40000004, 0x70000004, 0x18000004, + 0x90000001, 0xb8000001, 0xe0000001, 0xf8000001, + 0xc8000001, 0xa8000001, 0xd0000001, 0xd8000001, + 0x88000001, 0xa0000001, 0x80000001, 0xe8000001, + 0xb0000001, 0xc0000001, 0xf0000001, 0x98000001, + 0x10000001, 0x38000001, 0x60000001, 0x78000001, + 0x48000001, 0x28000001, 0x50000001, 0x58000001, + 0x08000001, 0x20000001, 0x00000001, 0x68000001, + 0x30000001, 0x40000001, 0x70000001, 0x18000001, + 0x10000003, 0x38000003, 0x60000003, 0x78000003, + 0x48000003, 0x28000003, 0x50000003, 0x58000003, + 0x08000003, 0x20000003, 0x00000003, 0x68000003, + 0x30000003, 0x40000003, 0x70000003, 0x18000003, + 0x10000002, 0x38000002, 0x60000002, 0x78000002, + 0x48000002, 0x28000002, 0x50000002, 0x58000002, + 0x08000002, 0x20000002, 0x00000002, 0x68000002, + 0x30000002, 0x40000002, 0x70000002, 0x18000002, + 0x90000006, 0xb8000006, 0xe0000006, 0xf8000006, + 0xc8000006, 0xa8000006, 0xd0000006, 0xd8000006, + 0x88000006, 0xa0000006, 0x80000006, 0xe8000006, + 0xb0000006, 0xc0000006, 0xf0000006, 0x98000006, + 0x10000007, 0x38000007, 0x60000007, 0x78000007, + 0x48000007, 0x28000007, 0x50000007, 0x58000007, + 0x08000007, 0x20000007, 0x00000007, 0x68000007, + 0x30000007, 0x40000007, 0x70000007, 0x18000007, + 0x90000005, 0xb8000005, 0xe0000005, 0xf8000005, + 0xc8000005, 0xa8000005, 0xd0000005, 0xd8000005, + 0x88000005, 0xa0000005, 0x80000005, 0xe8000005, + 0xb0000005, 0xc0000005, 0xf0000005, 0x98000005, + 0x10000006, 0x38000006, 0x60000006, 0x78000006, + 0x48000006, 0x28000006, 0x50000006, 0x58000006, + 0x08000006, 0x20000006, 0x00000006, 0x68000006, + 0x30000006, 0x40000006, 0x70000006, 0x18000006, + 0x90000000, 0xb8000000, 0xe0000000, 0xf8000000, + 0xc8000000, 0xa8000000, 0xd0000000, 0xd8000000, + 0x88000000, 0xa0000000, 0x80000000, 0xe8000000, + 0xb0000000, 0xc0000000, 0xf0000000, 0x98000000, + 0x90000003, 0xb8000003, 0xe0000003, 0xf8000003, + 0xc8000003, 0xa8000003, 0xd0000003, 0xd8000003, + 0x88000003, 0xa0000003, 0x80000003, 0xe8000003, + 0xb0000003, 0xc0000003, 0xf0000003, 0x98000003, + 0x90000007, 0xb8000007, 0xe0000007, 0xf8000007, + 0xc8000007, 0xa8000007, 0xd0000007, 0xd8000007, + 0x88000007, 0xa0000007, 0x80000007, 0xe8000007, + 0xb0000007, 0xc0000007, 0xf0000007, 0x98000007, + 0x10000005, 0x38000005, 0x60000005, 0x78000005, + 0x48000005, 0x28000005, 0x50000005, 0x58000005, + 0x08000005, 0x20000005, 0x00000005, 0x68000005, + 0x30000005, 0x40000005, 0x70000005, 0x18000005, + 0x10000000, 0x38000000, 0x60000000, 0x78000000, + 0x48000000, 0x28000000, 0x50000000, 0x58000000, + 0x08000000, 0x20000000, 0x00000000, 0x68000000, + 0x30000000, 0x40000000, 0x70000000, 0x18000000, + 0x90000004, 0xb8000004, 0xe0000004, 0xf8000004, + 0xc8000004, 0xa8000004, 0xd0000004, 0xd8000004, + 0x88000004, 0xa0000004, 0x80000004, 0xe8000004, + 0xb0000004, 0xc0000004, 0xf0000004, 0x98000004, + 0x90000002, 0xb8000002, 0xe0000002, 0xf8000002, + 0xc8000002, 0xa8000002, 0xd0000002, 0xd8000002, + 0x88000002, 0xa0000002, 0x80000002, 0xe8000002, + 0xb0000002, 0xc0000002, 0xf0000002, 0x98000002, + /* 3 */ + 0x00000028, 0x00000010, 0x00000050, 0x00000058, + 0x00000048, 0x00000008, 0x00000060, 0x00000018, + 0x00000038, 0x00000020, 0x00000068, 0x00000000, + 0x00000030, 0x00000078, 0x00000040, 0x00000070, + 0x00000228, 0x00000210, 0x00000250, 0x00000258, + 0x00000248, 0x00000208, 0x00000260, 0x00000218, + 0x00000238, 0x00000220, 0x00000268, 0x00000200, + 0x00000230, 0x00000278, 0x00000240, 0x00000270, + 0x000005a8, 0x00000590, 0x000005d0, 0x000005d8, + 0x000005c8, 0x00000588, 0x000005e0, 0x00000598, + 0x000005b8, 0x000005a0, 0x000005e8, 0x00000580, + 0x000005b0, 0x000005f8, 0x000005c0, 0x000005f0, + 0x00000728, 0x00000710, 0x00000750, 0x00000758, + 0x00000748, 0x00000708, 0x00000760, 0x00000718, + 0x00000738, 0x00000720, 0x00000768, 0x00000700, + 0x00000730, 0x00000778, 0x00000740, 0x00000770, + 0x00000428, 0x00000410, 0x00000450, 0x00000458, + 0x00000448, 0x00000408, 0x00000460, 0x00000418, + 0x00000438, 0x00000420, 0x00000468, 0x00000400, + 0x00000430, 0x00000478, 0x00000440, 0x00000470, + 0x000001a8, 0x00000190, 0x000001d0, 0x000001d8, + 0x000001c8, 0x00000188, 0x000001e0, 0x00000198, + 0x000001b8, 0x000001a0, 0x000001e8, 0x00000180, + 0x000001b0, 0x000001f8, 0x000001c0, 0x000001f0, + 0x000003a8, 0x00000390, 0x000003d0, 0x000003d8, + 0x000003c8, 0x00000388, 0x000003e0, 0x00000398, + 0x000003b8, 0x000003a0, 0x000003e8, 0x00000380, + 0x000003b0, 0x000003f8, 0x000003c0, 0x000003f0, + 0x000000a8, 0x00000090, 0x000000d0, 0x000000d8, + 0x000000c8, 0x00000088, 0x000000e0, 0x00000098, + 0x000000b8, 0x000000a0, 0x000000e8, 0x00000080, + 0x000000b0, 0x000000f8, 0x000000c0, 0x000000f0, + 0x00000528, 0x00000510, 0x00000550, 0x00000558, + 0x00000548, 0x00000508, 0x00000560, 0x00000518, + 0x00000538, 0x00000520, 0x00000568, 0x00000500, + 0x00000530, 0x00000578, 0x00000540, 0x00000570, + 0x00000128, 0x00000110, 0x00000150, 0x00000158, + 0x00000148, 0x00000108, 0x00000160, 0x00000118, + 0x00000138, 0x00000120, 0x00000168, 0x00000100, + 0x00000130, 0x00000178, 0x00000140, 0x00000170, + 0x000004a8, 0x00000490, 0x000004d0, 0x000004d8, + 0x000004c8, 0x00000488, 0x000004e0, 0x00000498, + 0x000004b8, 0x000004a0, 0x000004e8, 0x00000480, + 0x000004b0, 0x000004f8, 0x000004c0, 0x000004f0, + 0x00000328, 0x00000310, 0x00000350, 0x00000358, + 0x00000348, 0x00000308, 0x00000360, 0x00000318, + 0x00000338, 0x00000320, 0x00000368, 0x00000300, + 0x00000330, 0x00000378, 0x00000340, 0x00000370, + 0x000007a8, 0x00000790, 0x000007d0, 0x000007d8, + 0x000007c8, 0x00000788, 0x000007e0, 0x00000798, + 0x000007b8, 0x000007a0, 0x000007e8, 0x00000780, + 0x000007b0, 0x000007f8, 0x000007c0, 0x000007f0, + 0x000006a8, 0x00000690, 0x000006d0, 0x000006d8, + 0x000006c8, 0x00000688, 0x000006e0, 0x00000698, + 0x000006b8, 0x000006a0, 0x000006e8, 0x00000680, + 0x000006b0, 0x000006f8, 0x000006c0, 0x000006f0, + 0x000002a8, 0x00000290, 0x000002d0, 0x000002d8, + 0x000002c8, 0x00000288, 0x000002e0, 0x00000298, + 0x000002b8, 0x000002a0, 0x000002e8, 0x00000280, + 0x000002b0, 0x000002f8, 0x000002c0, 0x000002f0, + 0x00000628, 0x00000610, 0x00000650, 0x00000658, + 0x00000648, 0x00000608, 0x00000660, 0x00000618, + 0x00000638, 0x00000620, 0x00000668, 0x00000600, + 0x00000630, 0x00000678, 0x00000640, 0x00000670, + } +}; + +const struct gost28147_param gost28147_param_CryptoPro_C = +{ + 1, + { + /* 0 */ + 0x00000800, 0x00005800, 0x00006000, 0x00001000, + 0x00004800, 0x00006800, 0x00000000, 0x00007800, + 0x00002000, 0x00002800, 0x00004000, 0x00007000, + 0x00005000, 0x00003800, 0x00003000, 0x00001800, + 0x00008800, 0x0000d800, 0x0000e000, 0x00009000, + 0x0000c800, 0x0000e800, 0x00008000, 0x0000f800, + 0x0000a000, 0x0000a800, 0x0000c000, 0x0000f000, + 0x0000d000, 0x0000b800, 0x0000b000, 0x00009800, + 0x00038800, 0x0003d800, 0x0003e000, 0x00039000, + 0x0003c800, 0x0003e800, 0x00038000, 0x0003f800, + 0x0003a000, 0x0003a800, 0x0003c000, 0x0003f000, + 0x0003d000, 0x0003b800, 0x0003b000, 0x00039800, + 0x00068800, 0x0006d800, 0x0006e000, 0x00069000, + 0x0006c800, 0x0006e800, 0x00068000, 0x0006f800, + 0x0006a000, 0x0006a800, 0x0006c000, 0x0006f000, + 0x0006d000, 0x0006b800, 0x0006b000, 0x00069800, + 0x00058800, 0x0005d800, 0x0005e000, 0x00059000, + 0x0005c800, 0x0005e800, 0x00058000, 0x0005f800, + 0x0005a000, 0x0005a800, 0x0005c000, 0x0005f000, + 0x0005d000, 0x0005b800, 0x0005b000, 0x00059800, + 0x00020800, 0x00025800, 0x00026000, 0x00021000, + 0x00024800, 0x00026800, 0x00020000, 0x00027800, + 0x00022000, 0x00022800, 0x00024000, 0x00027000, + 0x00025000, 0x00023800, 0x00023000, 0x00021800, + 0x00028800, 0x0002d800, 0x0002e000, 0x00029000, + 0x0002c800, 0x0002e800, 0x00028000, 0x0002f800, + 0x0002a000, 0x0002a800, 0x0002c000, 0x0002f000, + 0x0002d000, 0x0002b800, 0x0002b000, 0x00029800, + 0x00010800, 0x00015800, 0x00016000, 0x00011000, + 0x00014800, 0x00016800, 0x00010000, 0x00017800, + 0x00012000, 0x00012800, 0x00014000, 0x00017000, + 0x00015000, 0x00013800, 0x00013000, 0x00011800, + 0x00040800, 0x00045800, 0x00046000, 0x00041000, + 0x00044800, 0x00046800, 0x00040000, 0x00047800, + 0x00042000, 0x00042800, 0x00044000, 0x00047000, + 0x00045000, 0x00043800, 0x00043000, 0x00041800, + 0x00070800, 0x00075800, 0x00076000, 0x00071000, + 0x00074800, 0x00076800, 0x00070000, 0x00077800, + 0x00072000, 0x00072800, 0x00074000, 0x00077000, + 0x00075000, 0x00073800, 0x00073000, 0x00071800, + 0x00078800, 0x0007d800, 0x0007e000, 0x00079000, + 0x0007c800, 0x0007e800, 0x00078000, 0x0007f800, + 0x0007a000, 0x0007a800, 0x0007c000, 0x0007f000, + 0x0007d000, 0x0007b800, 0x0007b000, 0x00079800, + 0x00060800, 0x00065800, 0x00066000, 0x00061000, + 0x00064800, 0x00066800, 0x00060000, 0x00067800, + 0x00062000, 0x00062800, 0x00064000, 0x00067000, + 0x00065000, 0x00063800, 0x00063000, 0x00061800, + 0x00048800, 0x0004d800, 0x0004e000, 0x00049000, + 0x0004c800, 0x0004e800, 0x00048000, 0x0004f800, + 0x0004a000, 0x0004a800, 0x0004c000, 0x0004f000, + 0x0004d000, 0x0004b800, 0x0004b000, 0x00049800, + 0x00050800, 0x00055800, 0x00056000, 0x00051000, + 0x00054800, 0x00056800, 0x00050000, 0x00057800, + 0x00052000, 0x00052800, 0x00054000, 0x00057000, + 0x00055000, 0x00053800, 0x00053000, 0x00051800, + 0x00030800, 0x00035800, 0x00036000, 0x00031000, + 0x00034800, 0x00036800, 0x00030000, 0x00037800, + 0x00032000, 0x00032800, 0x00034000, 0x00037000, + 0x00035000, 0x00033800, 0x00033000, 0x00031800, + 0x00018800, 0x0001d800, 0x0001e000, 0x00019000, + 0x0001c800, 0x0001e800, 0x00018000, 0x0001f800, + 0x0001a000, 0x0001a800, 0x0001c000, 0x0001f000, + 0x0001d000, 0x0001b800, 0x0001b000, 0x00019800, + /* 1 */ + 0x01c00000, 0x01900000, 0x01a80000, 0x01800000, + 0x01a00000, 0x01c80000, 0x01f80000, 0x01d00000, + 0x01980000, 0x01b80000, 0x01e00000, 0x01e80000, + 0x01b00000, 0x01f00000, 0x01880000, 0x01d80000, + 0x03400000, 0x03100000, 0x03280000, 0x03000000, + 0x03200000, 0x03480000, 0x03780000, 0x03500000, + 0x03180000, 0x03380000, 0x03600000, 0x03680000, + 0x03300000, 0x03700000, 0x03080000, 0x03580000, + 0x00400000, 0x00100000, 0x00280000, 0x00000000, + 0x00200000, 0x00480000, 0x00780000, 0x00500000, + 0x00180000, 0x00380000, 0x00600000, 0x00680000, + 0x00300000, 0x00700000, 0x00080000, 0x00580000, + 0x00c00000, 0x00900000, 0x00a80000, 0x00800000, + 0x00a00000, 0x00c80000, 0x00f80000, 0x00d00000, + 0x00980000, 0x00b80000, 0x00e00000, 0x00e80000, + 0x00b00000, 0x00f00000, 0x00880000, 0x00d80000, + 0x02c00000, 0x02900000, 0x02a80000, 0x02800000, + 0x02a00000, 0x02c80000, 0x02f80000, 0x02d00000, + 0x02980000, 0x02b80000, 0x02e00000, 0x02e80000, + 0x02b00000, 0x02f00000, 0x02880000, 0x02d80000, + 0x06c00000, 0x06900000, 0x06a80000, 0x06800000, + 0x06a00000, 0x06c80000, 0x06f80000, 0x06d00000, + 0x06980000, 0x06b80000, 0x06e00000, 0x06e80000, + 0x06b00000, 0x06f00000, 0x06880000, 0x06d80000, + 0x05400000, 0x05100000, 0x05280000, 0x05000000, + 0x05200000, 0x05480000, 0x05780000, 0x05500000, + 0x05180000, 0x05380000, 0x05600000, 0x05680000, + 0x05300000, 0x05700000, 0x05080000, 0x05580000, + 0x04400000, 0x04100000, 0x04280000, 0x04000000, + 0x04200000, 0x04480000, 0x04780000, 0x04500000, + 0x04180000, 0x04380000, 0x04600000, 0x04680000, + 0x04300000, 0x04700000, 0x04080000, 0x04580000, + 0x05c00000, 0x05900000, 0x05a80000, 0x05800000, + 0x05a00000, 0x05c80000, 0x05f80000, 0x05d00000, + 0x05980000, 0x05b80000, 0x05e00000, 0x05e80000, + 0x05b00000, 0x05f00000, 0x05880000, 0x05d80000, + 0x01400000, 0x01100000, 0x01280000, 0x01000000, + 0x01200000, 0x01480000, 0x01780000, 0x01500000, + 0x01180000, 0x01380000, 0x01600000, 0x01680000, + 0x01300000, 0x01700000, 0x01080000, 0x01580000, + 0x04c00000, 0x04900000, 0x04a80000, 0x04800000, + 0x04a00000, 0x04c80000, 0x04f80000, 0x04d00000, + 0x04980000, 0x04b80000, 0x04e00000, 0x04e80000, + 0x04b00000, 0x04f00000, 0x04880000, 0x04d80000, + 0x03c00000, 0x03900000, 0x03a80000, 0x03800000, + 0x03a00000, 0x03c80000, 0x03f80000, 0x03d00000, + 0x03980000, 0x03b80000, 0x03e00000, 0x03e80000, + 0x03b00000, 0x03f00000, 0x03880000, 0x03d80000, + 0x07400000, 0x07100000, 0x07280000, 0x07000000, + 0x07200000, 0x07480000, 0x07780000, 0x07500000, + 0x07180000, 0x07380000, 0x07600000, 0x07680000, + 0x07300000, 0x07700000, 0x07080000, 0x07580000, + 0x07c00000, 0x07900000, 0x07a80000, 0x07800000, + 0x07a00000, 0x07c80000, 0x07f80000, 0x07d00000, + 0x07980000, 0x07b80000, 0x07e00000, 0x07e80000, + 0x07b00000, 0x07f00000, 0x07880000, 0x07d80000, + 0x06400000, 0x06100000, 0x06280000, 0x06000000, + 0x06200000, 0x06480000, 0x06780000, 0x06500000, + 0x06180000, 0x06380000, 0x06600000, 0x06680000, + 0x06300000, 0x06700000, 0x06080000, 0x06580000, + 0x02400000, 0x02100000, 0x02280000, 0x02000000, + 0x02200000, 0x02480000, 0x02780000, 0x02500000, + 0x02180000, 0x02380000, 0x02600000, 0x02680000, + 0x02300000, 0x02700000, 0x02080000, 0x02580000, + /* 2 */ + 0x40000006, 0x68000006, 0x58000006, 0x00000006, + 0x20000006, 0x28000006, 0x08000006, 0x10000006, + 0x48000006, 0x18000006, 0x60000006, 0x70000006, + 0x30000006, 0x78000006, 0x50000006, 0x38000006, + 0xc0000004, 0xe8000004, 0xd8000004, 0x80000004, + 0xa0000004, 0xa8000004, 0x88000004, 0x90000004, + 0xc8000004, 0x98000004, 0xe0000004, 0xf0000004, + 0xb0000004, 0xf8000004, 0xd0000004, 0xb8000004, + 0xc0000005, 0xe8000005, 0xd8000005, 0x80000005, + 0xa0000005, 0xa8000005, 0x88000005, 0x90000005, + 0xc8000005, 0x98000005, 0xe0000005, 0xf0000005, + 0xb0000005, 0xf8000005, 0xd0000005, 0xb8000005, + 0xc0000000, 0xe8000000, 0xd8000000, 0x80000000, + 0xa0000000, 0xa8000000, 0x88000000, 0x90000000, + 0xc8000000, 0x98000000, 0xe0000000, 0xf0000000, + 0xb0000000, 0xf8000000, 0xd0000000, 0xb8000000, + 0x40000004, 0x68000004, 0x58000004, 0x00000004, + 0x20000004, 0x28000004, 0x08000004, 0x10000004, + 0x48000004, 0x18000004, 0x60000004, 0x70000004, + 0x30000004, 0x78000004, 0x50000004, 0x38000004, + 0x40000007, 0x68000007, 0x58000007, 0x00000007, + 0x20000007, 0x28000007, 0x08000007, 0x10000007, + 0x48000007, 0x18000007, 0x60000007, 0x70000007, + 0x30000007, 0x78000007, 0x50000007, 0x38000007, + 0x40000001, 0x68000001, 0x58000001, 0x00000001, + 0x20000001, 0x28000001, 0x08000001, 0x10000001, + 0x48000001, 0x18000001, 0x60000001, 0x70000001, + 0x30000001, 0x78000001, 0x50000001, 0x38000001, + 0x40000002, 0x68000002, 0x58000002, 0x00000002, + 0x20000002, 0x28000002, 0x08000002, 0x10000002, + 0x48000002, 0x18000002, 0x60000002, 0x70000002, + 0x30000002, 0x78000002, 0x50000002, 0x38000002, + 0xc0000003, 0xe8000003, 0xd8000003, 0x80000003, + 0xa0000003, 0xa8000003, 0x88000003, 0x90000003, + 0xc8000003, 0x98000003, 0xe0000003, 0xf0000003, + 0xb0000003, 0xf8000003, 0xd0000003, 0xb8000003, + 0xc0000001, 0xe8000001, 0xd8000001, 0x80000001, + 0xa0000001, 0xa8000001, 0x88000001, 0x90000001, + 0xc8000001, 0x98000001, 0xe0000001, 0xf0000001, + 0xb0000001, 0xf8000001, 0xd0000001, 0xb8000001, + 0x40000003, 0x68000003, 0x58000003, 0x00000003, + 0x20000003, 0x28000003, 0x08000003, 0x10000003, + 0x48000003, 0x18000003, 0x60000003, 0x70000003, + 0x30000003, 0x78000003, 0x50000003, 0x38000003, + 0xc0000002, 0xe8000002, 0xd8000002, 0x80000002, + 0xa0000002, 0xa8000002, 0x88000002, 0x90000002, + 0xc8000002, 0x98000002, 0xe0000002, 0xf0000002, + 0xb0000002, 0xf8000002, 0xd0000002, 0xb8000002, + 0x40000005, 0x68000005, 0x58000005, 0x00000005, + 0x20000005, 0x28000005, 0x08000005, 0x10000005, + 0x48000005, 0x18000005, 0x60000005, 0x70000005, + 0x30000005, 0x78000005, 0x50000005, 0x38000005, + 0x40000000, 0x68000000, 0x58000000, 0x00000000, + 0x20000000, 0x28000000, 0x08000000, 0x10000000, + 0x48000000, 0x18000000, 0x60000000, 0x70000000, + 0x30000000, 0x78000000, 0x50000000, 0x38000000, + 0xc0000007, 0xe8000007, 0xd8000007, 0x80000007, + 0xa0000007, 0xa8000007, 0x88000007, 0x90000007, + 0xc8000007, 0x98000007, 0xe0000007, 0xf0000007, + 0xb0000007, 0xf8000007, 0xd0000007, 0xb8000007, + 0xc0000006, 0xe8000006, 0xd8000006, 0x80000006, + 0xa0000006, 0xa8000006, 0x88000006, 0x90000006, + 0xc8000006, 0x98000006, 0xe0000006, 0xf0000006, + 0xb0000006, 0xf8000006, 0xd0000006, 0xb8000006, + /* 3 */ + 0x000003d0, 0x000003c8, 0x000003b0, 0x000003c0, + 0x000003e8, 0x000003f0, 0x00000390, 0x00000380, + 0x000003f8, 0x00000398, 0x000003a8, 0x000003d8, + 0x000003a0, 0x00000388, 0x000003e0, 0x000003b8, + 0x00000250, 0x00000248, 0x00000230, 0x00000240, + 0x00000268, 0x00000270, 0x00000210, 0x00000200, + 0x00000278, 0x00000218, 0x00000228, 0x00000258, + 0x00000220, 0x00000208, 0x00000260, 0x00000238, + 0x00000050, 0x00000048, 0x00000030, 0x00000040, + 0x00000068, 0x00000070, 0x00000010, 0x00000000, + 0x00000078, 0x00000018, 0x00000028, 0x00000058, + 0x00000020, 0x00000008, 0x00000060, 0x00000038, + 0x000002d0, 0x000002c8, 0x000002b0, 0x000002c0, + 0x000002e8, 0x000002f0, 0x00000290, 0x00000280, + 0x000002f8, 0x00000298, 0x000002a8, 0x000002d8, + 0x000002a0, 0x00000288, 0x000002e0, 0x000002b8, + 0x00000550, 0x00000548, 0x00000530, 0x00000540, + 0x00000568, 0x00000570, 0x00000510, 0x00000500, + 0x00000578, 0x00000518, 0x00000528, 0x00000558, + 0x00000520, 0x00000508, 0x00000560, 0x00000538, + 0x00000150, 0x00000148, 0x00000130, 0x00000140, + 0x00000168, 0x00000170, 0x00000110, 0x00000100, + 0x00000178, 0x00000118, 0x00000128, 0x00000158, + 0x00000120, 0x00000108, 0x00000160, 0x00000138, + 0x000007d0, 0x000007c8, 0x000007b0, 0x000007c0, + 0x000007e8, 0x000007f0, 0x00000790, 0x00000780, + 0x000007f8, 0x00000798, 0x000007a8, 0x000007d8, + 0x000007a0, 0x00000788, 0x000007e0, 0x000007b8, + 0x00000750, 0x00000748, 0x00000730, 0x00000740, + 0x00000768, 0x00000770, 0x00000710, 0x00000700, + 0x00000778, 0x00000718, 0x00000728, 0x00000758, + 0x00000720, 0x00000708, 0x00000760, 0x00000738, + 0x00000650, 0x00000648, 0x00000630, 0x00000640, + 0x00000668, 0x00000670, 0x00000610, 0x00000600, + 0x00000678, 0x00000618, 0x00000628, 0x00000658, + 0x00000620, 0x00000608, 0x00000660, 0x00000638, + 0x00000350, 0x00000348, 0x00000330, 0x00000340, + 0x00000368, 0x00000370, 0x00000310, 0x00000300, + 0x00000378, 0x00000318, 0x00000328, 0x00000358, + 0x00000320, 0x00000308, 0x00000360, 0x00000338, + 0x000000d0, 0x000000c8, 0x000000b0, 0x000000c0, + 0x000000e8, 0x000000f0, 0x00000090, 0x00000080, + 0x000000f8, 0x00000098, 0x000000a8, 0x000000d8, + 0x000000a0, 0x00000088, 0x000000e0, 0x000000b8, + 0x000005d0, 0x000005c8, 0x000005b0, 0x000005c0, + 0x000005e8, 0x000005f0, 0x00000590, 0x00000580, + 0x000005f8, 0x00000598, 0x000005a8, 0x000005d8, + 0x000005a0, 0x00000588, 0x000005e0, 0x000005b8, + 0x000006d0, 0x000006c8, 0x000006b0, 0x000006c0, + 0x000006e8, 0x000006f0, 0x00000690, 0x00000680, + 0x000006f8, 0x00000698, 0x000006a8, 0x000006d8, + 0x000006a0, 0x00000688, 0x000006e0, 0x000006b8, + 0x000004d0, 0x000004c8, 0x000004b0, 0x000004c0, + 0x000004e8, 0x000004f0, 0x00000490, 0x00000480, + 0x000004f8, 0x00000498, 0x000004a8, 0x000004d8, + 0x000004a0, 0x00000488, 0x000004e0, 0x000004b8, + 0x000001d0, 0x000001c8, 0x000001b0, 0x000001c0, + 0x000001e8, 0x000001f0, 0x00000190, 0x00000180, + 0x000001f8, 0x00000198, 0x000001a8, 0x000001d8, + 0x000001a0, 0x00000188, 0x000001e0, 0x000001b8, + 0x00000450, 0x00000448, 0x00000430, 0x00000440, + 0x00000468, 0x00000470, 0x00000410, 0x00000400, + 0x00000478, 0x00000418, 0x00000428, 0x00000458, + 0x00000420, 0x00000408, 0x00000460, 0x00000438, + } +}; + +const struct gost28147_param gost28147_param_CryptoPro_D = +{ + 1, + { + /* 0 */ + 0x0005f800, 0x0005e000, 0x00059000, 0x0005d000, + 0x0005b000, 0x0005a000, 0x0005a800, 0x00058000, + 0x0005b800, 0x0005c800, 0x0005f000, 0x0005e800, + 0x00058800, 0x0005d800, 0x0005c000, 0x00059800, + 0x00037800, 0x00036000, 0x00031000, 0x00035000, + 0x00033000, 0x00032000, 0x00032800, 0x00030000, + 0x00033800, 0x00034800, 0x00037000, 0x00036800, + 0x00030800, 0x00035800, 0x00034000, 0x00031800, + 0x0001f800, 0x0001e000, 0x00019000, 0x0001d000, + 0x0001b000, 0x0001a000, 0x0001a800, 0x00018000, + 0x0001b800, 0x0001c800, 0x0001f000, 0x0001e800, + 0x00018800, 0x0001d800, 0x0001c000, 0x00019800, + 0x00027800, 0x00026000, 0x00021000, 0x00025000, + 0x00023000, 0x00022000, 0x00022800, 0x00020000, + 0x00023800, 0x00024800, 0x00027000, 0x00026800, + 0x00020800, 0x00025800, 0x00024000, 0x00021800, + 0x00067800, 0x00066000, 0x00061000, 0x00065000, + 0x00063000, 0x00062000, 0x00062800, 0x00060000, + 0x00063800, 0x00064800, 0x00067000, 0x00066800, + 0x00060800, 0x00065800, 0x00064000, 0x00061800, + 0x0007f800, 0x0007e000, 0x00079000, 0x0007d000, + 0x0007b000, 0x0007a000, 0x0007a800, 0x00078000, + 0x0007b800, 0x0007c800, 0x0007f000, 0x0007e800, + 0x00078800, 0x0007d800, 0x0007c000, 0x00079800, + 0x00077800, 0x00076000, 0x00071000, 0x00075000, + 0x00073000, 0x00072000, 0x00072800, 0x00070000, + 0x00073800, 0x00074800, 0x00077000, 0x00076800, + 0x00070800, 0x00075800, 0x00074000, 0x00071800, + 0x00017800, 0x00016000, 0x00011000, 0x00015000, + 0x00013000, 0x00012000, 0x00012800, 0x00010000, + 0x00013800, 0x00014800, 0x00017000, 0x00016800, + 0x00010800, 0x00015800, 0x00014000, 0x00011800, + 0x0003f800, 0x0003e000, 0x00039000, 0x0003d000, + 0x0003b000, 0x0003a000, 0x0003a800, 0x00038000, + 0x0003b800, 0x0003c800, 0x0003f000, 0x0003e800, + 0x00038800, 0x0003d800, 0x0003c000, 0x00039800, + 0x0006f800, 0x0006e000, 0x00069000, 0x0006d000, + 0x0006b000, 0x0006a000, 0x0006a800, 0x00068000, + 0x0006b800, 0x0006c800, 0x0006f000, 0x0006e800, + 0x00068800, 0x0006d800, 0x0006c000, 0x00069800, + 0x00047800, 0x00046000, 0x00041000, 0x00045000, + 0x00043000, 0x00042000, 0x00042800, 0x00040000, + 0x00043800, 0x00044800, 0x00047000, 0x00046800, + 0x00040800, 0x00045800, 0x00044000, 0x00041800, + 0x00007800, 0x00006000, 0x00001000, 0x00005000, + 0x00003000, 0x00002000, 0x00002800, 0x00000000, + 0x00003800, 0x00004800, 0x00007000, 0x00006800, + 0x00000800, 0x00005800, 0x00004000, 0x00001800, + 0x0002f800, 0x0002e000, 0x00029000, 0x0002d000, + 0x0002b000, 0x0002a000, 0x0002a800, 0x00028000, + 0x0002b800, 0x0002c800, 0x0002f000, 0x0002e800, + 0x00028800, 0x0002d800, 0x0002c000, 0x00029800, + 0x00057800, 0x00056000, 0x00051000, 0x00055000, + 0x00053000, 0x00052000, 0x00052800, 0x00050000, + 0x00053800, 0x00054800, 0x00057000, 0x00056800, + 0x00050800, 0x00055800, 0x00054000, 0x00051800, + 0x0004f800, 0x0004e000, 0x00049000, 0x0004d000, + 0x0004b000, 0x0004a000, 0x0004a800, 0x00048000, + 0x0004b800, 0x0004c800, 0x0004f000, 0x0004e800, + 0x00048800, 0x0004d800, 0x0004c000, 0x00049800, + 0x0000f800, 0x0000e000, 0x00009000, 0x0000d000, + 0x0000b000, 0x0000a000, 0x0000a800, 0x00008000, + 0x0000b800, 0x0000c800, 0x0000f000, 0x0000e800, + 0x00008800, 0x0000d800, 0x0000c000, 0x00009800, + /* 1 */ + 0x00880000, 0x00e00000, 0x00d80000, 0x00800000, + 0x00f80000, 0x00f00000, 0x00b00000, 0x00a80000, + 0x00d00000, 0x00e80000, 0x00a00000, 0x00c00000, + 0x00c80000, 0x00980000, 0x00b80000, 0x00900000, + 0x02880000, 0x02e00000, 0x02d80000, 0x02800000, + 0x02f80000, 0x02f00000, 0x02b00000, 0x02a80000, + 0x02d00000, 0x02e80000, 0x02a00000, 0x02c00000, + 0x02c80000, 0x02980000, 0x02b80000, 0x02900000, + 0x07080000, 0x07600000, 0x07580000, 0x07000000, + 0x07780000, 0x07700000, 0x07300000, 0x07280000, + 0x07500000, 0x07680000, 0x07200000, 0x07400000, + 0x07480000, 0x07180000, 0x07380000, 0x07100000, + 0x06080000, 0x06600000, 0x06580000, 0x06000000, + 0x06780000, 0x06700000, 0x06300000, 0x06280000, + 0x06500000, 0x06680000, 0x06200000, 0x06400000, + 0x06480000, 0x06180000, 0x06380000, 0x06100000, + 0x05080000, 0x05600000, 0x05580000, 0x05000000, + 0x05780000, 0x05700000, 0x05300000, 0x05280000, + 0x05500000, 0x05680000, 0x05200000, 0x05400000, + 0x05480000, 0x05180000, 0x05380000, 0x05100000, + 0x03880000, 0x03e00000, 0x03d80000, 0x03800000, + 0x03f80000, 0x03f00000, 0x03b00000, 0x03a80000, + 0x03d00000, 0x03e80000, 0x03a00000, 0x03c00000, + 0x03c80000, 0x03980000, 0x03b80000, 0x03900000, + 0x00080000, 0x00600000, 0x00580000, 0x00000000, + 0x00780000, 0x00700000, 0x00300000, 0x00280000, + 0x00500000, 0x00680000, 0x00200000, 0x00400000, + 0x00480000, 0x00180000, 0x00380000, 0x00100000, + 0x06880000, 0x06e00000, 0x06d80000, 0x06800000, + 0x06f80000, 0x06f00000, 0x06b00000, 0x06a80000, + 0x06d00000, 0x06e80000, 0x06a00000, 0x06c00000, + 0x06c80000, 0x06980000, 0x06b80000, 0x06900000, + 0x03080000, 0x03600000, 0x03580000, 0x03000000, + 0x03780000, 0x03700000, 0x03300000, 0x03280000, + 0x03500000, 0x03680000, 0x03200000, 0x03400000, + 0x03480000, 0x03180000, 0x03380000, 0x03100000, + 0x01080000, 0x01600000, 0x01580000, 0x01000000, + 0x01780000, 0x01700000, 0x01300000, 0x01280000, + 0x01500000, 0x01680000, 0x01200000, 0x01400000, + 0x01480000, 0x01180000, 0x01380000, 0x01100000, + 0x05880000, 0x05e00000, 0x05d80000, 0x05800000, + 0x05f80000, 0x05f00000, 0x05b00000, 0x05a80000, + 0x05d00000, 0x05e80000, 0x05a00000, 0x05c00000, + 0x05c80000, 0x05980000, 0x05b80000, 0x05900000, + 0x02080000, 0x02600000, 0x02580000, 0x02000000, + 0x02780000, 0x02700000, 0x02300000, 0x02280000, + 0x02500000, 0x02680000, 0x02200000, 0x02400000, + 0x02480000, 0x02180000, 0x02380000, 0x02100000, + 0x04880000, 0x04e00000, 0x04d80000, 0x04800000, + 0x04f80000, 0x04f00000, 0x04b00000, 0x04a80000, + 0x04d00000, 0x04e80000, 0x04a00000, 0x04c00000, + 0x04c80000, 0x04980000, 0x04b80000, 0x04900000, + 0x01880000, 0x01e00000, 0x01d80000, 0x01800000, + 0x01f80000, 0x01f00000, 0x01b00000, 0x01a80000, + 0x01d00000, 0x01e80000, 0x01a00000, 0x01c00000, + 0x01c80000, 0x01980000, 0x01b80000, 0x01900000, + 0x07880000, 0x07e00000, 0x07d80000, 0x07800000, + 0x07f80000, 0x07f00000, 0x07b00000, 0x07a80000, + 0x07d00000, 0x07e80000, 0x07a00000, 0x07c00000, + 0x07c80000, 0x07980000, 0x07b80000, 0x07900000, + 0x04080000, 0x04600000, 0x04580000, 0x04000000, + 0x04780000, 0x04700000, 0x04300000, 0x04280000, + 0x04500000, 0x04680000, 0x04200000, 0x04400000, + 0x04480000, 0x04180000, 0x04380000, 0x04100000, + /* 2 */ + 0x00000004, 0x60000004, 0x40000004, 0x48000004, + 0x68000004, 0x10000004, 0x50000004, 0x58000004, + 0x38000004, 0x18000004, 0x30000004, 0x28000004, + 0x20000004, 0x70000004, 0x78000004, 0x08000004, + 0x00000000, 0x60000000, 0x40000000, 0x48000000, + 0x68000000, 0x10000000, 0x50000000, 0x58000000, + 0x38000000, 0x18000000, 0x30000000, 0x28000000, + 0x20000000, 0x70000000, 0x78000000, 0x08000000, + 0x80000007, 0xe0000007, 0xc0000007, 0xc8000007, + 0xe8000007, 0x90000007, 0xd0000007, 0xd8000007, + 0xb8000007, 0x98000007, 0xb0000007, 0xa8000007, + 0xa0000007, 0xf0000007, 0xf8000007, 0x88000007, + 0x80000001, 0xe0000001, 0xc0000001, 0xc8000001, + 0xe8000001, 0x90000001, 0xd0000001, 0xd8000001, + 0xb8000001, 0x98000001, 0xb0000001, 0xa8000001, + 0xa0000001, 0xf0000001, 0xf8000001, 0x88000001, + 0x00000001, 0x60000001, 0x40000001, 0x48000001, + 0x68000001, 0x10000001, 0x50000001, 0x58000001, + 0x38000001, 0x18000001, 0x30000001, 0x28000001, + 0x20000001, 0x70000001, 0x78000001, 0x08000001, + 0x80000002, 0xe0000002, 0xc0000002, 0xc8000002, + 0xe8000002, 0x90000002, 0xd0000002, 0xd8000002, + 0xb8000002, 0x98000002, 0xb0000002, 0xa8000002, + 0xa0000002, 0xf0000002, 0xf8000002, 0x88000002, + 0x00000007, 0x60000007, 0x40000007, 0x48000007, + 0x68000007, 0x10000007, 0x50000007, 0x58000007, + 0x38000007, 0x18000007, 0x30000007, 0x28000007, + 0x20000007, 0x70000007, 0x78000007, 0x08000007, + 0x80000005, 0xe0000005, 0xc0000005, 0xc8000005, + 0xe8000005, 0x90000005, 0xd0000005, 0xd8000005, + 0xb8000005, 0x98000005, 0xb0000005, 0xa8000005, + 0xa0000005, 0xf0000005, 0xf8000005, 0x88000005, + 0x80000000, 0xe0000000, 0xc0000000, 0xc8000000, + 0xe8000000, 0x90000000, 0xd0000000, 0xd8000000, + 0xb8000000, 0x98000000, 0xb0000000, 0xa8000000, + 0xa0000000, 0xf0000000, 0xf8000000, 0x88000000, + 0x00000005, 0x60000005, 0x40000005, 0x48000005, + 0x68000005, 0x10000005, 0x50000005, 0x58000005, + 0x38000005, 0x18000005, 0x30000005, 0x28000005, + 0x20000005, 0x70000005, 0x78000005, 0x08000005, + 0x00000002, 0x60000002, 0x40000002, 0x48000002, + 0x68000002, 0x10000002, 0x50000002, 0x58000002, + 0x38000002, 0x18000002, 0x30000002, 0x28000002, + 0x20000002, 0x70000002, 0x78000002, 0x08000002, + 0x80000003, 0xe0000003, 0xc0000003, 0xc8000003, + 0xe8000003, 0x90000003, 0xd0000003, 0xd8000003, + 0xb8000003, 0x98000003, 0xb0000003, 0xa8000003, + 0xa0000003, 0xf0000003, 0xf8000003, 0x88000003, + 0x00000006, 0x60000006, 0x40000006, 0x48000006, + 0x68000006, 0x10000006, 0x50000006, 0x58000006, + 0x38000006, 0x18000006, 0x30000006, 0x28000006, + 0x20000006, 0x70000006, 0x78000006, 0x08000006, + 0x80000004, 0xe0000004, 0xc0000004, 0xc8000004, + 0xe8000004, 0x90000004, 0xd0000004, 0xd8000004, + 0xb8000004, 0x98000004, 0xb0000004, 0xa8000004, + 0xa0000004, 0xf0000004, 0xf8000004, 0x88000004, + 0x80000006, 0xe0000006, 0xc0000006, 0xc8000006, + 0xe8000006, 0x90000006, 0xd0000006, 0xd8000006, + 0xb8000006, 0x98000006, 0xb0000006, 0xa8000006, + 0xa0000006, 0xf0000006, 0xf8000006, 0x88000006, + 0x00000003, 0x60000003, 0x40000003, 0x48000003, + 0x68000003, 0x10000003, 0x50000003, 0x58000003, + 0x38000003, 0x18000003, 0x30000003, 0x28000003, + 0x20000003, 0x70000003, 0x78000003, 0x08000003, + /* 3 */ + 0x00000098, 0x00000080, 0x000000b0, 0x000000f8, + 0x00000088, 0x000000f0, 0x000000c8, 0x00000090, + 0x000000e8, 0x000000c0, 0x000000e0, 0x000000a0, + 0x000000d8, 0x000000d0, 0x000000a8, 0x000000b8, + 0x00000518, 0x00000500, 0x00000530, 0x00000578, + 0x00000508, 0x00000570, 0x00000548, 0x00000510, + 0x00000568, 0x00000540, 0x00000560, 0x00000520, + 0x00000558, 0x00000550, 0x00000528, 0x00000538, + 0x00000318, 0x00000300, 0x00000330, 0x00000378, + 0x00000308, 0x00000370, 0x00000348, 0x00000310, + 0x00000368, 0x00000340, 0x00000360, 0x00000320, + 0x00000358, 0x00000350, 0x00000328, 0x00000338, + 0x00000418, 0x00000400, 0x00000430, 0x00000478, + 0x00000408, 0x00000470, 0x00000448, 0x00000410, + 0x00000468, 0x00000440, 0x00000460, 0x00000420, + 0x00000458, 0x00000450, 0x00000428, 0x00000438, + 0x00000798, 0x00000780, 0x000007b0, 0x000007f8, + 0x00000788, 0x000007f0, 0x000007c8, 0x00000790, + 0x000007e8, 0x000007c0, 0x000007e0, 0x000007a0, + 0x000007d8, 0x000007d0, 0x000007a8, 0x000007b8, + 0x00000598, 0x00000580, 0x000005b0, 0x000005f8, + 0x00000588, 0x000005f0, 0x000005c8, 0x00000590, + 0x000005e8, 0x000005c0, 0x000005e0, 0x000005a0, + 0x000005d8, 0x000005d0, 0x000005a8, 0x000005b8, + 0x00000018, 0x00000000, 0x00000030, 0x00000078, + 0x00000008, 0x00000070, 0x00000048, 0x00000010, + 0x00000068, 0x00000040, 0x00000060, 0x00000020, + 0x00000058, 0x00000050, 0x00000028, 0x00000038, + 0x00000218, 0x00000200, 0x00000230, 0x00000278, + 0x00000208, 0x00000270, 0x00000248, 0x00000210, + 0x00000268, 0x00000240, 0x00000260, 0x00000220, + 0x00000258, 0x00000250, 0x00000228, 0x00000238, + 0x00000618, 0x00000600, 0x00000630, 0x00000678, + 0x00000608, 0x00000670, 0x00000648, 0x00000610, + 0x00000668, 0x00000640, 0x00000660, 0x00000620, + 0x00000658, 0x00000650, 0x00000628, 0x00000638, + 0x00000198, 0x00000180, 0x000001b0, 0x000001f8, + 0x00000188, 0x000001f0, 0x000001c8, 0x00000190, + 0x000001e8, 0x000001c0, 0x000001e0, 0x000001a0, + 0x000001d8, 0x000001d0, 0x000001a8, 0x000001b8, + 0x00000298, 0x00000280, 0x000002b0, 0x000002f8, + 0x00000288, 0x000002f0, 0x000002c8, 0x00000290, + 0x000002e8, 0x000002c0, 0x000002e0, 0x000002a0, + 0x000002d8, 0x000002d0, 0x000002a8, 0x000002b8, + 0x00000498, 0x00000480, 0x000004b0, 0x000004f8, + 0x00000488, 0x000004f0, 0x000004c8, 0x00000490, + 0x000004e8, 0x000004c0, 0x000004e0, 0x000004a0, + 0x000004d8, 0x000004d0, 0x000004a8, 0x000004b8, + 0x00000398, 0x00000380, 0x000003b0, 0x000003f8, + 0x00000388, 0x000003f0, 0x000003c8, 0x00000390, + 0x000003e8, 0x000003c0, 0x000003e0, 0x000003a0, + 0x000003d8, 0x000003d0, 0x000003a8, 0x000003b8, + 0x00000698, 0x00000680, 0x000006b0, 0x000006f8, + 0x00000688, 0x000006f0, 0x000006c8, 0x00000690, + 0x000006e8, 0x000006c0, 0x000006e0, 0x000006a0, + 0x000006d8, 0x000006d0, 0x000006a8, 0x000006b8, + 0x00000118, 0x00000100, 0x00000130, 0x00000178, + 0x00000108, 0x00000170, 0x00000148, 0x00000110, + 0x00000168, 0x00000140, 0x00000160, 0x00000120, + 0x00000158, 0x00000150, 0x00000128, 0x00000138, + 0x00000718, 0x00000700, 0x00000730, 0x00000778, + 0x00000708, 0x00000770, 0x00000748, 0x00000710, + 0x00000768, 0x00000740, 0x00000760, 0x00000720, + 0x00000758, 0x00000750, 0x00000728, 0x00000738, + } +}; + +const struct gost28147_param gost28147_param_TC26_Z = +{ + 1, + { + /* 0 */ + 0x00036000, 0x00032000, 0x00033000, 0x00031000, + 0x00035000, 0x00032800, 0x00035800, 0x00034800, + 0x00037000, 0x00034000, 0x00036800, 0x00033800, + 0x00030000, 0x00031800, 0x00037800, 0x00030800, + 0x00046000, 0x00042000, 0x00043000, 0x00041000, + 0x00045000, 0x00042800, 0x00045800, 0x00044800, + 0x00047000, 0x00044000, 0x00046800, 0x00043800, + 0x00040000, 0x00041800, 0x00047800, 0x00040800, + 0x00016000, 0x00012000, 0x00013000, 0x00011000, + 0x00015000, 0x00012800, 0x00015800, 0x00014800, + 0x00017000, 0x00014000, 0x00016800, 0x00013800, + 0x00010000, 0x00011800, 0x00017800, 0x00010800, + 0x0001e000, 0x0001a000, 0x0001b000, 0x00019000, + 0x0001d000, 0x0001a800, 0x0001d800, 0x0001c800, + 0x0001f000, 0x0001c000, 0x0001e800, 0x0001b800, + 0x00018000, 0x00019800, 0x0001f800, 0x00018800, + 0x0004e000, 0x0004a000, 0x0004b000, 0x00049000, + 0x0004d000, 0x0004a800, 0x0004d800, 0x0004c800, + 0x0004f000, 0x0004c000, 0x0004e800, 0x0004b800, + 0x00048000, 0x00049800, 0x0004f800, 0x00048800, + 0x00056000, 0x00052000, 0x00053000, 0x00051000, + 0x00055000, 0x00052800, 0x00055800, 0x00054800, + 0x00057000, 0x00054000, 0x00056800, 0x00053800, + 0x00050000, 0x00051800, 0x00057800, 0x00050800, + 0x0002e000, 0x0002a000, 0x0002b000, 0x00029000, + 0x0002d000, 0x0002a800, 0x0002d800, 0x0002c800, + 0x0002f000, 0x0002c000, 0x0002e800, 0x0002b800, + 0x00028000, 0x00029800, 0x0002f800, 0x00028800, + 0x00066000, 0x00062000, 0x00063000, 0x00061000, + 0x00065000, 0x00062800, 0x00065800, 0x00064800, + 0x00067000, 0x00064000, 0x00066800, 0x00063800, + 0x00060000, 0x00061800, 0x00067800, 0x00060800, + 0x0000e000, 0x0000a000, 0x0000b000, 0x00009000, + 0x0000d000, 0x0000a800, 0x0000d800, 0x0000c800, + 0x0000f000, 0x0000c000, 0x0000e800, 0x0000b800, + 0x00008000, 0x00009800, 0x0000f800, 0x00008800, + 0x00076000, 0x00072000, 0x00073000, 0x00071000, + 0x00075000, 0x00072800, 0x00075800, 0x00074800, + 0x00077000, 0x00074000, 0x00076800, 0x00073800, + 0x00070000, 0x00071800, 0x00077800, 0x00070800, + 0x00026000, 0x00022000, 0x00023000, 0x00021000, + 0x00025000, 0x00022800, 0x00025800, 0x00024800, + 0x00027000, 0x00024000, 0x00026800, 0x00023800, + 0x00020000, 0x00021800, 0x00027800, 0x00020800, + 0x0003e000, 0x0003a000, 0x0003b000, 0x00039000, + 0x0003d000, 0x0003a800, 0x0003d800, 0x0003c800, + 0x0003f000, 0x0003c000, 0x0003e800, 0x0003b800, + 0x00038000, 0x00039800, 0x0003f800, 0x00038800, + 0x0005e000, 0x0005a000, 0x0005b000, 0x00059000, + 0x0005d000, 0x0005a800, 0x0005d800, 0x0005c800, + 0x0005f000, 0x0005c000, 0x0005e800, 0x0005b800, + 0x00058000, 0x00059800, 0x0005f800, 0x00058800, + 0x0006e000, 0x0006a000, 0x0006b000, 0x00069000, + 0x0006d000, 0x0006a800, 0x0006d800, 0x0006c800, + 0x0006f000, 0x0006c000, 0x0006e800, 0x0006b800, + 0x00068000, 0x00069800, 0x0006f800, 0x00068800, + 0x00006000, 0x00002000, 0x00003000, 0x00001000, + 0x00005000, 0x00002800, 0x00005800, 0x00004800, + 0x00007000, 0x00004000, 0x00006800, 0x00003800, + 0x00000000, 0x00001800, 0x00007800, 0x00000800, + 0x0007e000, 0x0007a000, 0x0007b000, 0x00079000, + 0x0007d000, 0x0007a800, 0x0007d800, 0x0007c800, + 0x0007f000, 0x0007c000, 0x0007e800, 0x0007b800, + 0x00078000, 0x00079800, 0x0007f800, 0x00078800, + /* 1 */ + 0x06580000, 0x06180000, 0x06280000, 0x06400000, + 0x06100000, 0x06780000, 0x06500000, 0x06680000, + 0x06700000, 0x06080000, 0x06380000, 0x06200000, + 0x06600000, 0x06480000, 0x06300000, 0x06000000, + 0x04580000, 0x04180000, 0x04280000, 0x04400000, + 0x04100000, 0x04780000, 0x04500000, 0x04680000, + 0x04700000, 0x04080000, 0x04380000, 0x04200000, + 0x04600000, 0x04480000, 0x04300000, 0x04000000, + 0x01580000, 0x01180000, 0x01280000, 0x01400000, + 0x01100000, 0x01780000, 0x01500000, 0x01680000, + 0x01700000, 0x01080000, 0x01380000, 0x01200000, + 0x01600000, 0x01480000, 0x01300000, 0x01000000, + 0x00d80000, 0x00980000, 0x00a80000, 0x00c00000, + 0x00900000, 0x00f80000, 0x00d00000, 0x00e80000, + 0x00f00000, 0x00880000, 0x00b80000, 0x00a00000, + 0x00e00000, 0x00c80000, 0x00b00000, 0x00800000, + 0x06d80000, 0x06980000, 0x06a80000, 0x06c00000, + 0x06900000, 0x06f80000, 0x06d00000, 0x06e80000, + 0x06f00000, 0x06880000, 0x06b80000, 0x06a00000, + 0x06e00000, 0x06c80000, 0x06b00000, 0x06800000, + 0x02580000, 0x02180000, 0x02280000, 0x02400000, + 0x02100000, 0x02780000, 0x02500000, 0x02680000, + 0x02700000, 0x02080000, 0x02380000, 0x02200000, + 0x02600000, 0x02480000, 0x02300000, 0x02000000, + 0x07d80000, 0x07980000, 0x07a80000, 0x07c00000, + 0x07900000, 0x07f80000, 0x07d00000, 0x07e80000, + 0x07f00000, 0x07880000, 0x07b80000, 0x07a00000, + 0x07e00000, 0x07c80000, 0x07b00000, 0x07800000, + 0x03580000, 0x03180000, 0x03280000, 0x03400000, + 0x03100000, 0x03780000, 0x03500000, 0x03680000, + 0x03700000, 0x03080000, 0x03380000, 0x03200000, + 0x03600000, 0x03480000, 0x03300000, 0x03000000, + 0x03d80000, 0x03980000, 0x03a80000, 0x03c00000, + 0x03900000, 0x03f80000, 0x03d00000, 0x03e80000, + 0x03f00000, 0x03880000, 0x03b80000, 0x03a00000, + 0x03e00000, 0x03c80000, 0x03b00000, 0x03800000, + 0x00580000, 0x00180000, 0x00280000, 0x00400000, + 0x00100000, 0x00780000, 0x00500000, 0x00680000, + 0x00700000, 0x00080000, 0x00380000, 0x00200000, + 0x00600000, 0x00480000, 0x00300000, 0x00000000, + 0x05580000, 0x05180000, 0x05280000, 0x05400000, + 0x05100000, 0x05780000, 0x05500000, 0x05680000, + 0x05700000, 0x05080000, 0x05380000, 0x05200000, + 0x05600000, 0x05480000, 0x05300000, 0x05000000, + 0x02d80000, 0x02980000, 0x02a80000, 0x02c00000, + 0x02900000, 0x02f80000, 0x02d00000, 0x02e80000, + 0x02f00000, 0x02880000, 0x02b80000, 0x02a00000, + 0x02e00000, 0x02c80000, 0x02b00000, 0x02800000, + 0x01d80000, 0x01980000, 0x01a80000, 0x01c00000, + 0x01900000, 0x01f80000, 0x01d00000, 0x01e80000, + 0x01f00000, 0x01880000, 0x01b80000, 0x01a00000, + 0x01e00000, 0x01c80000, 0x01b00000, 0x01800000, + 0x07580000, 0x07180000, 0x07280000, 0x07400000, + 0x07100000, 0x07780000, 0x07500000, 0x07680000, + 0x07700000, 0x07080000, 0x07380000, 0x07200000, + 0x07600000, 0x07480000, 0x07300000, 0x07000000, + 0x04d80000, 0x04980000, 0x04a80000, 0x04c00000, + 0x04900000, 0x04f80000, 0x04d00000, 0x04e80000, + 0x04f00000, 0x04880000, 0x04b80000, 0x04a00000, + 0x04e00000, 0x04c80000, 0x04b00000, 0x04800000, + 0x05d80000, 0x05980000, 0x05a80000, 0x05c00000, + 0x05900000, 0x05f80000, 0x05d00000, 0x05e80000, + 0x05f00000, 0x05880000, 0x05b80000, 0x05a00000, + 0x05e00000, 0x05c80000, 0x05b00000, 0x05800000, + /* 2 */ + 0xb8000002, 0xf8000002, 0xa8000002, 0xd0000002, + 0xc0000002, 0x88000002, 0xb0000002, 0xe8000002, + 0x80000002, 0xc8000002, 0x98000002, 0xf0000002, + 0xd8000002, 0xa0000002, 0x90000002, 0xe0000002, + 0xb8000006, 0xf8000006, 0xa8000006, 0xd0000006, + 0xc0000006, 0x88000006, 0xb0000006, 0xe8000006, + 0x80000006, 0xc8000006, 0x98000006, 0xf0000006, + 0xd8000006, 0xa0000006, 0x90000006, 0xe0000006, + 0xb8000007, 0xf8000007, 0xa8000007, 0xd0000007, + 0xc0000007, 0x88000007, 0xb0000007, 0xe8000007, + 0x80000007, 0xc8000007, 0x98000007, 0xf0000007, + 0xd8000007, 0xa0000007, 0x90000007, 0xe0000007, + 0x38000003, 0x78000003, 0x28000003, 0x50000003, + 0x40000003, 0x08000003, 0x30000003, 0x68000003, + 0x00000003, 0x48000003, 0x18000003, 0x70000003, + 0x58000003, 0x20000003, 0x10000003, 0x60000003, + 0xb8000004, 0xf8000004, 0xa8000004, 0xd0000004, + 0xc0000004, 0x88000004, 0xb0000004, 0xe8000004, + 0x80000004, 0xc8000004, 0x98000004, 0xf0000004, + 0xd8000004, 0xa0000004, 0x90000004, 0xe0000004, + 0x38000001, 0x78000001, 0x28000001, 0x50000001, + 0x40000001, 0x08000001, 0x30000001, 0x68000001, + 0x00000001, 0x48000001, 0x18000001, 0x70000001, + 0x58000001, 0x20000001, 0x10000001, 0x60000001, + 0x38000006, 0x78000006, 0x28000006, 0x50000006, + 0x40000006, 0x08000006, 0x30000006, 0x68000006, + 0x00000006, 0x48000006, 0x18000006, 0x70000006, + 0x58000006, 0x20000006, 0x10000006, 0x60000006, + 0x38000005, 0x78000005, 0x28000005, 0x50000005, + 0x40000005, 0x08000005, 0x30000005, 0x68000005, + 0x00000005, 0x48000005, 0x18000005, 0x70000005, + 0x58000005, 0x20000005, 0x10000005, 0x60000005, + 0xb8000005, 0xf8000005, 0xa8000005, 0xd0000005, + 0xc0000005, 0x88000005, 0xb0000005, 0xe8000005, + 0x80000005, 0xc8000005, 0x98000005, 0xf0000005, + 0xd8000005, 0xa0000005, 0x90000005, 0xe0000005, + 0xb8000003, 0xf8000003, 0xa8000003, 0xd0000003, + 0xc0000003, 0x88000003, 0xb0000003, 0xe8000003, + 0x80000003, 0xc8000003, 0x98000003, 0xf0000003, + 0xd8000003, 0xa0000003, 0x90000003, 0xe0000003, + 0x38000004, 0x78000004, 0x28000004, 0x50000004, + 0x40000004, 0x08000004, 0x30000004, 0x68000004, + 0x00000004, 0x48000004, 0x18000004, 0x70000004, + 0x58000004, 0x20000004, 0x10000004, 0x60000004, + 0xb8000000, 0xf8000000, 0xa8000000, 0xd0000000, + 0xc0000000, 0x88000000, 0xb0000000, 0xe8000000, + 0x80000000, 0xc8000000, 0x98000000, 0xf0000000, + 0xd8000000, 0xa0000000, 0x90000000, 0xe0000000, + 0x38000002, 0x78000002, 0x28000002, 0x50000002, + 0x40000002, 0x08000002, 0x30000002, 0x68000002, + 0x00000002, 0x48000002, 0x18000002, 0x70000002, + 0x58000002, 0x20000002, 0x10000002, 0x60000002, + 0xb8000001, 0xf8000001, 0xa8000001, 0xd0000001, + 0xc0000001, 0x88000001, 0xb0000001, 0xe8000001, + 0x80000001, 0xc8000001, 0x98000001, 0xf0000001, + 0xd8000001, 0xa0000001, 0x90000001, 0xe0000001, + 0x38000007, 0x78000007, 0x28000007, 0x50000007, + 0x40000007, 0x08000007, 0x30000007, 0x68000007, + 0x00000007, 0x48000007, 0x18000007, 0x70000007, + 0x58000007, 0x20000007, 0x10000007, 0x60000007, + 0x38000000, 0x78000000, 0x28000000, 0x50000000, + 0x40000000, 0x08000000, 0x30000000, 0x68000000, + 0x00000000, 0x48000000, 0x18000000, 0x70000000, + 0x58000000, 0x20000000, 0x10000000, 0x60000000, + /* 3 */ + 0x000000c0, 0x000000f0, 0x00000090, 0x000000a8, + 0x000000b0, 0x000000c8, 0x00000088, 0x000000e0, + 0x000000f8, 0x000000a0, 0x000000d8, 0x00000080, + 0x000000e8, 0x000000d0, 0x00000098, 0x000000b8, + 0x000003c0, 0x000003f0, 0x00000390, 0x000003a8, + 0x000003b0, 0x000003c8, 0x00000388, 0x000003e0, + 0x000003f8, 0x000003a0, 0x000003d8, 0x00000380, + 0x000003e8, 0x000003d0, 0x00000398, 0x000003b8, + 0x00000740, 0x00000770, 0x00000710, 0x00000728, + 0x00000730, 0x00000748, 0x00000708, 0x00000760, + 0x00000778, 0x00000720, 0x00000758, 0x00000700, + 0x00000768, 0x00000750, 0x00000718, 0x00000738, + 0x000006c0, 0x000006f0, 0x00000690, 0x000006a8, + 0x000006b0, 0x000006c8, 0x00000688, 0x000006e0, + 0x000006f8, 0x000006a0, 0x000006d8, 0x00000680, + 0x000006e8, 0x000006d0, 0x00000698, 0x000006b8, + 0x00000040, 0x00000070, 0x00000010, 0x00000028, + 0x00000030, 0x00000048, 0x00000008, 0x00000060, + 0x00000078, 0x00000020, 0x00000058, 0x00000000, + 0x00000068, 0x00000050, 0x00000018, 0x00000038, + 0x000002c0, 0x000002f0, 0x00000290, 0x000002a8, + 0x000002b0, 0x000002c8, 0x00000288, 0x000002e0, + 0x000002f8, 0x000002a0, 0x000002d8, 0x00000280, + 0x000002e8, 0x000002d0, 0x00000298, 0x000002b8, + 0x00000440, 0x00000470, 0x00000410, 0x00000428, + 0x00000430, 0x00000448, 0x00000408, 0x00000460, + 0x00000478, 0x00000420, 0x00000458, 0x00000400, + 0x00000468, 0x00000450, 0x00000418, 0x00000438, + 0x000001c0, 0x000001f0, 0x00000190, 0x000001a8, + 0x000001b0, 0x000001c8, 0x00000188, 0x000001e0, + 0x000001f8, 0x000001a0, 0x000001d8, 0x00000180, + 0x000001e8, 0x000001d0, 0x00000198, 0x000001b8, + 0x00000240, 0x00000270, 0x00000210, 0x00000228, + 0x00000230, 0x00000248, 0x00000208, 0x00000260, + 0x00000278, 0x00000220, 0x00000258, 0x00000200, + 0x00000268, 0x00000250, 0x00000218, 0x00000238, + 0x000007c0, 0x000007f0, 0x00000790, 0x000007a8, + 0x000007b0, 0x000007c8, 0x00000788, 0x000007e0, + 0x000007f8, 0x000007a0, 0x000007d8, 0x00000780, + 0x000007e8, 0x000007d0, 0x00000798, 0x000007b8, + 0x00000540, 0x00000570, 0x00000510, 0x00000528, + 0x00000530, 0x00000548, 0x00000508, 0x00000560, + 0x00000578, 0x00000520, 0x00000558, 0x00000500, + 0x00000568, 0x00000550, 0x00000518, 0x00000538, + 0x00000340, 0x00000370, 0x00000310, 0x00000328, + 0x00000330, 0x00000348, 0x00000308, 0x00000360, + 0x00000378, 0x00000320, 0x00000358, 0x00000300, + 0x00000368, 0x00000350, 0x00000318, 0x00000338, + 0x000004c0, 0x000004f0, 0x00000490, 0x000004a8, + 0x000004b0, 0x000004c8, 0x00000488, 0x000004e0, + 0x000004f8, 0x000004a0, 0x000004d8, 0x00000480, + 0x000004e8, 0x000004d0, 0x00000498, 0x000004b8, + 0x00000640, 0x00000670, 0x00000610, 0x00000628, + 0x00000630, 0x00000648, 0x00000608, 0x00000660, + 0x00000678, 0x00000620, 0x00000658, 0x00000600, + 0x00000668, 0x00000650, 0x00000618, 0x00000638, + 0x000005c0, 0x000005f0, 0x00000590, 0x000005a8, + 0x000005b0, 0x000005c8, 0x00000588, 0x000005e0, + 0x000005f8, 0x000005a0, 0x000005d8, 0x00000580, + 0x000005e8, 0x000005d0, 0x00000598, 0x000005b8, + 0x00000140, 0x00000170, 0x00000110, 0x00000128, + 0x00000130, 0x00000148, 0x00000108, 0x00000160, + 0x00000178, 0x00000120, 0x00000158, 0x00000100, + 0x00000168, 0x00000150, 0x00000118, 0x00000138, + } +}; + /* * A macro that performs a full encryption round of GOST 28147-89. * Temporary variables tmp assumed and variables r and l for left and right diff --git a/gost28147.h b/gost28147.h index cc25dbe3..f38543f2 100644 --- a/gost28147.h +++ b/gost28147.h @@ -41,8 +41,15 @@ extern "C" { #endif

+/* S-Boxes & parameters */ #define gost28147_param_test_3411 nettle_gost28147_param_test_3411 #define gost28147_param_CryptoPro_3411 nettle_gost28147_param_CryptoPro_3411 +#define gost28147_param_Test_89 nettle_gost28147_param_Test_89 +#define gost28147_param_CryptoPro_A nettle_gost28147_param_CryptoPro_A +#define gost28147_param_CryptoPro_B nettle_gost28147_param_CryptoPro_B +#define gost28147_param_CryptoPro_C nettle_gost28147_param_CryptoPro_C +#define gost28147_param_CryptoPro_D nettle_gost28147_param_CryptoPro_D +#define gost28147_param_TC26_Z nettle_gost28147_param_TC26_Z

#define gost28147_encrypt_simple nettle_gost28147_encrypt_simple

@@ -54,6 +61,12 @@ struct gost28147_param

extern const struct gost28147_param gost28147_param_test_3411; extern const struct gost28147_param gost28147_param_CryptoPro_3411; +extern const struct gost28147_param gost28147_param_Test_89; +extern const struct gost28147_param gost28147_param_CryptoPro_A; +extern const struct gost28147_param gost28147_param_CryptoPro_B; +extern const struct gost28147_param gost28147_param_CryptoPro_C; +extern const struct gost28147_param gost28147_param_CryptoPro_D; +extern const struct gost28147_param gost28147_param_TC26_Z;

/* Internal interface for use by GOST R 34.11-94 */ void gost28147_encrypt_simple (const uint32_t *key, const uint32_t *sbox,

-- 2.11.0

Dmitry Eremin-Solenikov

11:27 p.m.

New subject: [PATCH 07/13] Add GOST 28147-89 ECB encryption and decryption support

Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- Makefile.in | 3 +- gost28147-meta.c | 49 ++++++++++++++++++ gost28147.c | 87 +++++++++++++++++++++++++++++++ gost28147.h | 34 +++++++++++++ nettle-meta-ciphers.c | 1 + nettle-meta.h | 2 + nettle.texinfo | 38 ++++++++++++++ testsuite/.gitignore | 1 + testsuite/.test-rules.make | 3 ++ testsuite/Makefile.in | 1 + testsuite/gost28147-test.c | 119 +++++++++++++++++++++++++++++++++++++++++++ testsuite/meta-cipher-test.c | 1 + 12 files changed, 338 insertions(+), 1 deletion(-) create mode 100644 gost28147-meta.c create mode 100644 testsuite/gost28147-test.c

diff --git a/Makefile.in b/Makefile.in index 21f7d742..2ff11c91 100644 --- a/Makefile.in +++ b/Makefile.in @@ -103,7 +103,8 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ gcm-aes256.c gcm-aes256-meta.c \ gcm-camellia128.c gcm-camellia128-meta.c \ gcm-camellia256.c gcm-camellia256-meta.c \ - gost28147.c gosthash94.c gosthash94-meta.c \ + gost28147.c gost28147-meta.c \ + gosthash94.c gosthash94-meta.c \ hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \ hmac-sha224.c hmac-sha256.c hmac-sha384.c hmac-sha512.c \ hmac-gosthash94.c \ diff --git a/gost28147-meta.c b/gost28147-meta.c new file mode 100644 index 00000000..69e4d265 --- /dev/null +++ b/gost28147-meta.c @@ -0,0 +1,49 @@ +/* gost28147-meta.c + + Copyright (C) 2016 Dmitry Eremin-Solenikov + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> + +#include "nettle-meta.h" + +#include "gost28147.h" + +const struct nettle_cipher nettle_gost28147 = + { "gost28147", sizeof(struct gost28147_ctx), + GOST28147_BLOCK_SIZE, GOST28147_KEY_SIZE, + (nettle_set_key_func *) gost28147_set_key, + (nettle_set_key_func *) gost28147_set_key, + (nettle_cipher_func *) gost28147_encrypt, + (nettle_cipher_func *) gost28147_decrypt + }; diff --git a/gost28147.c b/gost28147.c index d916276a..89e16ed5 100644 --- a/gost28147.c +++ b/gost28147.c @@ -27,6 +27,8 @@ #include "config.h" #endif

+#include <assert.h> + #include "macros.h" #include "gost28147.h"

@@ -2205,3 +2207,88 @@ void gost28147_encrypt_simple (const uint32_t *key, const uint32_t *sbox, GOST_ENCRYPT_ROUND(key[1], key[0], sbox) *out = l, *(out + 1) = r; } + +static void gost28147_decrypt_simple (const uint32_t *key, const uint32_t *sbox, + const uint32_t *in, uint32_t *out) +{ + uint32_t l, r, tmp; + + r = in[0], l = in[1]; + GOST_ENCRYPT_ROUND(key[0], key[1], sbox) + GOST_ENCRYPT_ROUND(key[2], key[3], sbox) + GOST_ENCRYPT_ROUND(key[4], key[5], sbox) + GOST_ENCRYPT_ROUND(key[6], key[7], sbox) + GOST_ENCRYPT_ROUND(key[7], key[6], sbox) + GOST_ENCRYPT_ROUND(key[5], key[4], sbox) + GOST_ENCRYPT_ROUND(key[3], key[2], sbox) + GOST_ENCRYPT_ROUND(key[1], key[0], sbox) + GOST_ENCRYPT_ROUND(key[7], key[6], sbox) + GOST_ENCRYPT_ROUND(key[5], key[4], sbox) + GOST_ENCRYPT_ROUND(key[3], key[2], sbox) + GOST_ENCRYPT_ROUND(key[1], key[0], sbox) + GOST_ENCRYPT_ROUND(key[7], key[6], sbox) + GOST_ENCRYPT_ROUND(key[5], key[4], sbox) + GOST_ENCRYPT_ROUND(key[3], key[2], sbox) + GOST_ENCRYPT_ROUND(key[1], key[0], sbox) + *out = l, *(out + 1) = r; +} + +void +gost28147_set_key(struct gost28147_ctx *ctx, const uint8_t *key) +{ + unsigned i; + + assert(key); + for (i = 0; i < 8; i++, key += 4) + ctx->key[i] = LE_READ_UINT32(key); + ctx->key_count = 0; + gost28147_set_param(ctx, &gost28147_param_TC26_Z); +} + +void +gost28147_set_param(struct gost28147_ctx *ctx, const struct gost28147_param *param) +{ + assert(param); + ctx->sbox = param->sbox; + ctx->key_meshing = param->key_meshing; +} + +void +gost28147_encrypt(const struct gost28147_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src) +{ + uint32_t block[2]; + + assert(!(length % GOST28147_BLOCK_SIZE)); + + while (length) + { + block[0] = LE_READ_UINT32(src); src += 4; + block[1] = LE_READ_UINT32(src); src += 4; + gost28147_encrypt_simple(ctx->key, ctx->sbox, block, block); + LE_WRITE_UINT32(dst, block[0]); dst += 4; + LE_WRITE_UINT32(dst, block[1]); dst += 4; + length -= GOST28147_BLOCK_SIZE; + } +} + +void +gost28147_decrypt(const struct gost28147_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src) +{ + uint32_t block[2]; + + assert(!(length % GOST28147_BLOCK_SIZE)); + + while (length) + { + block[0] = LE_READ_UINT32(src); src += 4; + block[1] = LE_READ_UINT32(src); src += 4; + gost28147_decrypt_simple(ctx->key, ctx->sbox, block, block); + LE_WRITE_UINT32(dst, block[0]); dst += 4; + LE_WRITE_UINT32(dst, block[1]); dst += 4; + length -= GOST28147_BLOCK_SIZE; + } +} diff --git a/gost28147.h b/gost28147.h index f38543f2..21cf0390 100644 --- a/gost28147.h +++ b/gost28147.h @@ -51,8 +51,26 @@ extern "C" { #define gost28147_param_CryptoPro_D nettle_gost28147_param_CryptoPro_D #define gost28147_param_TC26_Z nettle_gost28147_param_TC26_Z

+/* Private */ #define gost28147_encrypt_simple nettle_gost28147_encrypt_simple

+/* Public functions */ +#define gost28147_set_key nettle_gost28147_set_key +#define gost28147_set_param nettle_gost28147_set_param +#define gost28147_encrypt nettle_gost28147_encrypt +#define gost28147_decrypt nettle_gost28147_decrypt + +#define GOST28147_KEY_SIZE 32 +#define GOST28147_BLOCK_SIZE 8 + +struct gost28147_ctx +{ + uint32_t key[GOST28147_KEY_SIZE/4]; + const uint32_t *sbox; + int key_meshing; + int key_count; /* Used for key meshing */ +}; + struct gost28147_param { int key_meshing; @@ -72,6 +90,22 @@ extern const struct gost28147_param gost28147_param_TC26_Z; void gost28147_encrypt_simple (const uint32_t *key, const uint32_t *sbox, const uint32_t *in, uint32_t *out);

+void +gost28147_set_key(struct gost28147_ctx *ctx, const uint8_t *key); + +void +gost28147_set_param(struct gost28147_ctx *ctx, + const struct gost28147_param *param); + +void +gost28147_encrypt(const struct gost28147_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +void +gost28147_decrypt(const struct gost28147_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); + #ifdef __cplusplus } #endif diff --git a/nettle-meta-ciphers.c b/nettle-meta-ciphers.c index 802fa141..97d0270b 100644 --- a/nettle-meta-ciphers.c +++ b/nettle-meta-ciphers.c @@ -54,5 +54,6 @@ const struct nettle_cipher * const nettle_ciphers[] = { &nettle_arctwo64, &nettle_arctwo128, &nettle_arctwo_gutmann128, + &nettle_gost28147, NULL }; diff --git a/nettle-meta.h b/nettle-meta.h index 5a1f85bc..3e775720 100644 --- a/nettle-meta.h +++ b/nettle-meta.h @@ -86,6 +86,8 @@ extern const struct nettle_cipher nettle_arctwo64; extern const struct nettle_cipher nettle_arctwo128; extern const struct nettle_cipher nettle_arctwo_gutmann128;

+extern const struct nettle_cipher nettle_gost28147; + struct nettle_hash { const char *name; diff --git a/nettle.texinfo b/nettle.texinfo index e012b989..b5f2701f 100644 --- a/nettle.texinfo +++ b/nettle.texinfo @@ -1687,6 +1687,44 @@ in any other way. Analogous to @code{des_encrypt} @end deftypefun

+@subsection GOST 28147-89 (Magma) +GOST 28147-89 (also called Magma) is the Russian standard cipher. It uses a +block size of 64 bits (8 octets), and a key size of 256 bits. Nettle defines +GOST28147 in @file{<nettle/gost28147.h>}. + +@deftp {Context struct} {struct gost28147_ctx} +@end deftp + +@defvr Constant GOST28147_BLOCK_SIZE +The GOST28147 block-size, 8. +@end defvr + +@defvr Constant GOST28147_KEY_SIZE +GOST28147 key size, 32. +@end defvr + +@deftypefun void gost28147_set_key (struct gost28147_ctx *@var{ctx}, const uint8_t *@var{key}) +Initialize the cipher. The same function is used for both encryption and +decryption. +@end deftypefun + +@deftypefun void gost28147_set_sbox (struct gost28147_ctx *@var{ctx}, const uint32_t *@var{sbox}) +Initialize the cipher S-BOX. The same function is used for both encryption and +decryption. +@end deftypefun + +@deftypefun void gost28147_encrypt (struct gost28147_ctx *@var{ctx}, size_t @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src}) +Encryption function. @var{length} must be an integral multiple of the +block size. If it is more than one block, the data is processed in ECB +mode. @code{src} and @code{dst} may be equal, but they must not overlap +in any other way. +@end deftypefun + +@deftypefun void gost28147_decrypt (struct gost28147_ctx *@var{ctx}, size_t @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src}) +Analogous to @code{gost28147_encrypt} +@end deftypefun + + @subsection Salsa20 Salsa20 is a fairly recent stream cipher designed by D. J. Bernstein. It is built on the observation that a cryptographic hash function can be diff --git a/testsuite/.gitignore b/testsuite/.gitignore index 8e5521b4..e688a9c8 100644 --- a/testsuite/.gitignore +++ b/testsuite/.gitignore @@ -28,6 +28,7 @@ /ecdsa-sign-test /ecdsa-verify-test /gcm-test +/gost28147-test /gosthash94-test /hmac-test /knuth-lfib-test diff --git a/testsuite/.test-rules.make b/testsuite/.test-rules.make index 1b9c3fae..d665330f 100644 --- a/testsuite/.test-rules.make +++ b/testsuite/.test-rules.make @@ -34,6 +34,9 @@ des3-test$(EXEEXT): des3-test.$(OBJEXT) des-compat-test$(EXEEXT): des-compat-test.$(OBJEXT) $(LINK) des-compat-test.$(OBJEXT) $(TEST_OBJS) -o des-compat-test$(EXEEXT)

+gost28147-test$(EXEEXT): gost28147-test.$(OBJEXT) + $(LINK) gost28147-test.$(OBJEXT) $(TEST_OBJS) -o gost28147-test$(EXEEXT) + md2-test$(EXEEXT): md2-test.$(OBJEXT) $(LINK) md2-test.$(OBJEXT) $(TEST_OBJS) -o md2-test$(EXEEXT)

diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in index 590691ca..d07268bd 100644 --- a/testsuite/Makefile.in +++ b/testsuite/Makefile.in @@ -15,6 +15,7 @@ TS_NETTLE_SOURCES = aes-test.c arcfour-test.c arctwo-test.c \ base16-test.c base64-test.c \ camellia-test.c chacha-test.c \ des-test.c des3-test.c des-compat-test.c \ + gost28147-test.c \ md2-test.c md4-test.c md5-test.c md5-compat-test.c \ memeql-test.c memxor-test.c gosthash94-test.c \ ripemd160-test.c \ diff --git a/testsuite/gost28147-test.c b/testsuite/gost28147-test.c new file mode 100644 index 00000000..3f8046e1 --- /dev/null +++ b/testsuite/gost28147-test.c @@ -0,0 +1,119 @@ +#include "testutils.h" +#include "gost28147.h" + +static void +test_gost28147(const struct gost28147_param *param, + const struct tstring *key, + const struct tstring *cleartext, + const struct tstring *ciphertext) +{ + struct gost28147_ctx ctx; + uint8_t *data = xalloc(cleartext->length); + size_t length; + + ASSERT (cleartext->length == ciphertext->length); + length = cleartext->length; + + gost28147_set_key(&ctx, key->data); + gost28147_set_param(&ctx, param); + gost28147_encrypt(&ctx, length, data, cleartext->data); + + if (!MEMEQ(length, data, ciphertext->data)) + { + fprintf(stderr, "Encrypt failed:\nInput:"); + tstring_print_hex(cleartext); + fprintf(stderr, "\nOutput: "); + print_hex(length, data); + fprintf(stderr, "\nExpected:"); + tstring_print_hex(ciphertext); + fprintf(stderr, "\n"); + FAIL(); + } + + gost28147_set_key(&ctx, key->data); + gost28147_set_param(&ctx, param); + gost28147_decrypt(&ctx, length, data, data); + + if (!MEMEQ(length, data, cleartext->data)) + { + fprintf(stderr, "Decrypt failed:\nInput:"); + tstring_print_hex(ciphertext); + fprintf(stderr, "\nOutput: "); + print_hex(length, data); + fprintf(stderr, "\nExpected:"); + tstring_print_hex(cleartext); + fprintf(stderr, "\n"); + FAIL(); + } + + free(data); +} + +void test_main(void) +{ + /* Examples from GOST R 34.11-94 standard */ + test_gost28147(&gost28147_param_test_3411, + SHEX("546D2033 68656C32 69736520 73736E62 20616779 69677474 73656865 202C3D73"), + SHEX("00000000 00000000"), + SHEX("1B0BBC32 CEBCAB42")); + + test_gost28147(&gost28147_param_test_3411, + SHEX("2033394D 6C320D09 65201A16 6E62001D 67794106 74740E13 6865160D 3D730C11"), + SHEX("00000000 00000000"), + SHEX("FDCF9B5D C8EB0352")); + + test_gost28147(&gost28147_param_test_3411, + SHEX("39B213F5 F209A13F 1AE9BA3A FF1D0C62 41F9E1C7 F1130085 16F20D73 F311B180"), + SHEX("00000000 00000000"), + SHEX("280EFF00 9958348D")); + + test_gost28147(&gost28147_param_test_3411, + SHEX("EC0A8BA1 5EC004A8 BAC50CAC 0C621DEE E1C7B8E7 007AE2EC F2731BFF 4E80E2A0 "), + SHEX("00000000 00000000"), + SHEX("2D562A0D 190486E7 ")); + + test_gost28147(&gost28147_param_test_3411, + SHEX("8182838485868788 898a8b8c8d8e8f80 d1d2d3d4d5d6d7d8 d9dadbdcdddedfd0"), + SHEX("0102030405060708 f1f2f3f4f5f6f7f8"), + SHEX("ced52a7ff7f260d5 bc81a80bb5e65976")); + + test_gost28147(&gost28147_param_CryptoPro_3411, + SHEX("8182838485868788 898a8b8c8d8e8f80 d1d2d3d4d5d6d7d8 d9dadbdcdddedfd0"), + SHEX("0102030405060708 f1f2f3f4f5f6f7f8"), + SHEX("e42175e16922d0a8 48e59157d7106518")); + + test_gost28147(&gost28147_param_Test_89, + SHEX("8182838485868788 898a8b8c8d8e8f80 d1d2d3d4d5d6d7d8 d9dadbdcdddedfd0"), + SHEX("0102030405060708 f1f2f3f4f5f6f7f8"), + SHEX("9856cf8bfcc282f4 3f465801c6539a5c")); + + test_gost28147(&gost28147_param_CryptoPro_A, + SHEX("8182838485868788 898a8b8c8d8e8f80 d1d2d3d4d5d6d7d8 d9dadbdcdddedfd0"), + SHEX("0102030405060708 f1f2f3f4f5f6f7f8"), + SHEX("668184aedc48c917 4164347058845cac")); + + test_gost28147(&gost28147_param_CryptoPro_B, + SHEX("8182838485868788 898a8b8c8d8e8f80 d1d2d3d4d5d6d7d8 d9dadbdcdddedfd0"), + SHEX("0102030405060708 f1f2f3f4f5f6f7f8"), + SHEX("dbee81147b74b0f2 db5ef00eff4bd528")); + + test_gost28147(&gost28147_param_CryptoPro_C, + SHEX("8182838485868788 898a8b8c8d8e8f80 d1d2d3d4d5d6d7d8 d9dadbdcdddedfd0"), + SHEX("0102030405060708 f1f2f3f4f5f6f7f8"), + SHEX("31a3859d0aeeb80e 4afbd6ce7798ffa9")); + + test_gost28147(&gost28147_param_CryptoPro_D, + SHEX("8182838485868788 898a8b8c8d8e8f80 d1d2d3d4d5d6d7d8 d9dadbdcdddedfd0"), + SHEX("0102030405060708 f1f2f3f4f5f6f7f8"), + SHEX("b1323e0b2173cbd1 c5282f2461e97aa8")); + + test_gost28147(&gost28147_param_TC26_Z, + SHEX("8182838485868788 898a8b8c8d8e8f80 d1d2d3d4d5d6d7d8 d9dadbdcdddedfd0"), + SHEX("0102030405060708 f1f2f3f4f5f6f7f8"), + SHEX("ce5a5ed7e0577a5f d0cc85ce31635b8b")); + + test_gost28147(&gost28147_param_TC26_Z, + SHEX("ccddeeff8899aabb4455667700112233f3f2f1f0f7f6f5f4fbfaf9f8fffefdfc"), + SHEX("1032547698badcfe"), + SHEX("3dcad8c2e501e94e")); +} diff --git a/testsuite/meta-cipher-test.c b/testsuite/meta-cipher-test.c index f949fd76..8c435cb5 100644 --- a/testsuite/meta-cipher-test.c +++ b/testsuite/meta-cipher-test.c @@ -13,6 +13,7 @@ const char* ciphers[] = { "camellia192", "camellia256", "cast128", + "gost28147", "serpent128", "serpent192", "serpent256",

-- 2.11.0

Dmitry Eremin-Solenikov

11:27 p.m.

New subject: [PATCH 08/13] Add CFB block mode support

Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- Makefile.in | 4 +- cfb.c | 176 +++++++++++++++++++++++++++ cfb.h | 87 ++++++++++++++ nettle.texinfo | 106 +++++++++++++++-- testsuite/.gitignore | 1 + testsuite/.test-rules.make | 3 + testsuite/Makefile.in | 2 +- testsuite/cfb-test.c | 287 +++++++++++++++++++++++++++++++++++++++++++++ testsuite/testutils.c | 179 ++++++++++++++++++++++++++++ testsuite/testutils.h | 7 ++ 10 files changed, 840 insertions(+), 12 deletions(-) create mode 100644 cfb.c create mode 100644 cfb.h create mode 100644 testsuite/cfb-test.c

diff --git a/Makefile.in b/Makefile.in index 2ff11c91..3be828ed 100644 --- a/Makefile.in +++ b/Makefile.in @@ -91,7 +91,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ camellia256-set-decrypt-key.c \ camellia256-meta.c \ cast128.c cast128-meta.c cbc.c \ - ccm.c ccm-aes128.c ccm-aes192.c ccm-aes256.c \ + ccm.c ccm-aes128.c ccm-aes192.c ccm-aes256.c cfb.c \ chacha-crypt.c chacha-core-internal.c \ chacha-poly1305.c chacha-poly1305-meta.c \ chacha-set-key.c chacha-set-nonce.c \ @@ -191,7 +191,7 @@ OPT_SOURCES = fat-x86_64.c fat-arm.c mini-gmp.c

HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h \ base16.h base64.h bignum.h buffer.h camellia.h cast128.h \ - cbc.h ccm.h chacha.h chacha-poly1305.h ctr.h \ + cbc.h ccm.h cfb.h chacha.h chacha-poly1305.h ctr.h \ curve25519.h des.h des-compat.h dsa.h dsa-compat.h eax.h \ ecc-curve.h ecc.h ecdsa.h eddsa.h \ gcm.h gost28147.h gosthash94.h hmac.h \ diff --git a/cfb.c b/cfb.c new file mode 100644 index 00000000..705568e7 --- /dev/null +++ b/cfb.c @@ -0,0 +1,176 @@ +/* cfb.c + + Cipher feedback mode. + + Copyright (C) 2015 Dmitry Eremin-Solenikov + Copyright (C) 2001, 2011 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> +#include <stdlib.h> +#include <string.h> + +#include "cfb.h" + +#include "memxor.h" +#include "nettle-internal.h" + +void +cfb_encrypt(const void *ctx, nettle_cipher_func *f, + size_t block_size, uint8_t *iv, + size_t length, uint8_t *dst, + const uint8_t *src) +{ + if (src != dst) + { + uint8_t *p; + + for (p = iv; length >= block_size; p = dst, dst += block_size, src += block_size, length -= block_size) + { + f(ctx, block_size, dst, p); + memxor(dst, src, block_size); + } + + if (p != iv) + memcpy(iv, p, block_size); + + if (length) + { + TMP_DECL(buffer, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE); + TMP_ALLOC(buffer, block_size); + + f(ctx, block_size, buffer, iv); + memxor3(dst, buffer, src, length); + memcpy(iv, dst, length); + } + } + else + { + TMP_DECL(buffer, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE); + TMP_ALLOC(buffer, block_size); + uint8_t *p; + + for (p = iv; length >= block_size; p = dst, dst += block_size, length -= block_size) + { + f(ctx, block_size, buffer, p); + memxor(dst, buffer, block_size); + } + + if (p != iv) + memcpy(iv, p, block_size); + + if (length) + { + f(ctx, block_size, buffer, iv); + memxor(dst, buffer, length); + memcpy(iv, dst, length); + } + } +} + +/* Don't allocate any more space than this on the stack */ +#define CFB_BUFFER_LIMIT 512 + +void +cfb_decrypt(const void *ctx, nettle_cipher_func *f, + size_t block_size, uint8_t *iv, + size_t length, uint8_t *dst, + const uint8_t *src) +{ + if (!length) + return; + + if (src != dst) + { + size_t left = length % block_size; + + length -= left; + if (length >= block_size) + { + /* Decrypt in ECB mode */ + f(ctx, block_size, dst, iv); + f(ctx, length - block_size, dst + block_size, src); + memxor(dst, src, length); + memcpy(iv, src + length - block_size, block_size); + } + + if (left > 0) + { + TMP_DECL(buffer, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE); + TMP_ALLOC(buffer, block_size); + + f(ctx, block_size, buffer, iv); + memxor3(dst + length, src + length, buffer, left); + memcpy(iv, src + length, left); + } + } + else + { + /* For in-place CFB, we decrypt into a temporary buffer of size + * at most CFB_BUFFER_LIMIT, and process that amount of data at + * a time. */ + + /* NOTE: We assume that block_size <= CFB_BUFFER_LIMIT */ + + TMP_DECL(buffer, uint8_t, CFB_BUFFER_LIMIT); + TMP_DECL(initial_iv, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE); + + size_t buffer_size; + size_t left; + + buffer_size = CFB_BUFFER_LIMIT - (CFB_BUFFER_LIMIT % block_size); + + TMP_ALLOC(buffer, buffer_size); + TMP_ALLOC(initial_iv, block_size); + + for ( ; length >= buffer_size; + length -= buffer_size, src += buffer_size, dst += buffer_size) + { + f(ctx, block_size, buffer, iv); + f(ctx, buffer_size - block_size, buffer + block_size, src); + memcpy(iv, src + buffer_size - block_size, block_size); + memxor3(dst, buffer, src, buffer_size); + } + + if (length % block_size) + left = length % block_size; + else + left = block_size; + f(ctx, block_size, buffer, iv); + f(ctx, length - left, buffer + block_size, src); + memcpy(iv, src + length - left, left); + if (length - left >= block_size) + memcpy(iv + left, src + length - left - block_size, block_size - left); + memxor3(dst, buffer, src, length); + } +} diff --git a/cfb.h b/cfb.h new file mode 100644 index 00000000..76134eeb --- /dev/null +++ b/cfb.h @@ -0,0 +1,87 @@ +/* cfb.h + + Cipher feedback mode. + + Copyright (C) 2015 Dmitry Eremin-Solenikov + Copyright (C) 2001 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifndef NETTLE_CFB_H_INCLUDED +#define NETTLE_CFB_H_INCLUDED + +#include "nettle-types.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* Name mangling */ +#define cfb_encrypt nettle_cfb_encrypt +#define cfb_decrypt nettle_cfb_decrypt + +void +cfb_encrypt(const void *ctx, nettle_cipher_func *f, + size_t block_size, uint8_t *iv, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +cfb_decrypt(const void *ctx, nettle_cipher_func *f, + size_t block_size, uint8_t *iv, + size_t length, uint8_t *dst, + const uint8_t *src); + +#define CFB_CTX(type, size) \ +{ type ctx; uint8_t iv[size]; } + +#define CFB_SET_IV(ctx, data) \ +memcpy((ctx)->iv, (data), sizeof((ctx)->iv)) + +/* NOTE: Avoid using NULL, as we don't include anything defining it. */ +#define CFB_ENCRYPT(self, f, length, dst, src) \ + (0 ? ((f)(&(self)->ctx, ~(size_t) 0, \ + (uint8_t *) 0, (const uint8_t *) 0)) \ + : cfb_encrypt((void *) &(self)->ctx, \ + (nettle_cipher_func *) (f), \ + sizeof((self)->iv), (self)->iv, \ + (length), (dst), (src))) + +#define CFB_DECRYPT(self, f, length, dst, src) \ + (0 ? ((f)(&(self)->ctx, ~(size_t) 0, \ + (uint8_t *) 0, (const uint8_t *) 0)) \ + : cfb_decrypt((void *) &(self)->ctx, \ + (nettle_cipher_func *) (f), \ + sizeof((self)->iv), (self)->iv, \ + (length), (dst), (src))) + +#ifdef __cplusplus +} +#endif + +#endif /* NETTLE_CFB_H_INCLUDED */ diff --git a/nettle.texinfo b/nettle.texinfo index b5f2701f..2195030d 100644 --- a/nettle.texinfo +++ b/nettle.texinfo @@ -93,6 +93,7 @@ Cipher modes

* CBC:: * CTR:: +* CFB:: * GCM:: * CCM::

@@ -1957,21 +1958,23 @@ a message that is larger than the cipher's block size. As explained in processing them independently with the block cipher (Electronic Code Book mode, @acronym{ECB}), leaks information.

-Besides @acronym{ECB}, Nettle provides a two other modes of operation: -Cipher Block Chaining (@acronym{CBC}), Counter mode (@acronym{CTR}), and -a couple of @acronym{AEAD} modes (@pxref{Authenticated encryption}). -@acronym{CBC} is widely used, but there are a few subtle issues of -information leakage, see, e.g., +Besides @acronym{ECB}, Nettle provides several other modes of operation: +Cipher Block Chaining (@acronym{CBC}), Counter mode (@acronym{CTR}), Cipher +Feedback (@acronym{CFB}) and a couple of @acronym{AEAD} modes +(@pxref{Authenticated encryption}). @acronym{CBC} is widely used, but +there are a few subtle issues of information leakage, see, e.g., @uref{http://www.kb.cert.org/vuls/id/958563, @acronym{SSH} @acronym{CBC} vulnerability}. Today, @acronym{CTR} is usually preferred over @acronym{CBC}.

-Modes like @acronym{CBC} and @acronym{CTR} provide @emph{no} message -authentication, and should always be used together with a @acronym{MAC} -(@pxref{Keyed hash functions}) or signature to authenticate the message. +Modes like @acronym{CBC}, @acronym{CTR} and @acronym{CFB} provide @emph{no} +message authentication, and should always be used together with a +@acronym{MAC} (@pxref{Keyed hash functions}) or signature to authenticate +the message.

@menu * CBC:: * CTR:: +* CFB:: @end menu

@node CBC, CTR, Cipher modes, Cipher modes @@ -2067,7 +2070,7 @@ These macros use some tricks to make the compiler display a warning if the types of @var{f} and @var{ctx} don't match, e.g. if you try to use an @code{struct aes_ctx} context with the @code{des_encrypt} function.

-@node CTR, , CBC, Cipher modes +@node CTR, CFB, CBC, Cipher modes @comment node-name, next, previous, up @subsection Counter mode

@@ -2143,6 +2146,91 @@ last three arguments define the source and destination area for the operation. @end deffn

+@node CFB, , CTR, Cipher modes +@comment node-name, next, previous, up +@subsection Cipher Feedback mode + +@cindex Cipher Feedback Mode +@cindex CFB Mode + +Cipher Feedback mode (@acronym{CFB}) being a close relative to both +@acronym{CBC} mode and @acronym{CTR} mode transforms block cipher into a +stream cipher. + +The message is divided into @code{n} blocks @code{M_1},@dots{} +@code{M_n}, where @code{M_n} is of size @code{m} which may be smaller +than the block size. Except for the last block, all the message blocks +must be of size equal to the cipher's block size. + +If @code{E_k} is the encryption function of a block cipher, @code{IV} is +the initialization vector, then the @code{n} plaintext blocks are +transformed into @code{n} ciphertext blocks @code{C_1},@dots{} +@code{C_n} as follows: + +@example +C_1 = E_k(IV) XOR M_1 +C_2 = E_k(C_1) XOR M_2 + +@dots{} + +C_(n-1) = E_k(C_(n - 2)) XOR M_(n-1) +C_n = E_k(C_(n - 1)) [1..m] XOR M_n +@end example + +Nettle's includes two functions for applying a block cipher in Cipher +Feedback Mode (@acronym{CFB}) mode, one for encryption and one for +decryption. These functions uses @code{void *} to pass cipher contexts +around. + +@deftypefun {void} cbc_encrypt (const void *@var{ctx}, nettle_cipher_func *@var{f}, size_t @var{block_size}, uint8_t *@var{iv}, size_t @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src}) +@deftypefunx {void} cbc_decrypt (const void *@var{ctx}, nettle_cipher_func *@var{f}, size_t @var{block_size}, uint8_t *@var{iv}, size_t @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src}) + +Applies the encryption or decryption function @var{f} in @acronym{CBC} +mode. The final ciphertext block processed is copied into @var{iv} +before returning, so that a large message can be processed by a sequence of +calls to @code{cfb_encrypt}. Note that for @acronym{CFB} mode internally +uses encryption only function and hence @var{f} should always be the +encryption function for the underlying block cipher. + +When a message is encrypted using a sequence of calls to +@code{cfb_encrypt}, all but the last call @emph{must} use a length that is +a multiple of the block size. +@end deftypefun + +Like for @acronym{CFB}, there are also a couple of helper macros. + +@deffn Macro CFB_CTX (@var{context_type}, @var{block_size}) +Expands to +@example +@{ + context_type ctx; + uint8_t iv[block_size]; +@} +@end example +@end deffn + +@deffn Macro CFB_SET_IV(@var{ctx}, @var{iv}) +First argument is a pointer to a context struct as defined by +@code{CFB_CTX}, and the second is a pointer to an initialization vector +that is copied into that context. +@end deffn + +@deffn Macro CFB_ENCRYPT (@var{ctx}, @var{f}, @var{length}, @var{dst}, @var{src}) +A simpler way to invoke @code{cfb_encrypt}. The first argument is a +pointer to a context struct as defined by @code{CFB_CTX}, and the second +argument is an encryption function following Nettle's conventions. The +last three arguments define the source and destination area for the +operation. +@end deffn + +@deffn Macro CFB_DECRYPT (@var{ctx}, @var{f}, @var{length}, @var{dst}, @var{src}) +A simpler way to invoke @code{cfb_decrypt}. The first argument is a +pointer to a context struct as defined by @code{CFB_CTX}, and the second +argument is an encryption function following Nettle's conventions. The +last three arguments define the source and destination area for the +operation. +@end deffn + @node Authenticated encryption, Keyed hash functions, Cipher modes, Reference @comment node-name, next, previous, up

diff --git a/testsuite/.gitignore b/testsuite/.gitignore index e688a9c8..89d8c891 100644 --- a/testsuite/.gitignore +++ b/testsuite/.gitignore @@ -12,6 +12,7 @@ /cast128-test /cbc-test /ccm-test +/cfb-test /ctr-test /cxx-test /des-compat-test diff --git a/testsuite/.test-rules.make b/testsuite/.test-rules.make index d665330f..f6b3ebe2 100644 --- a/testsuite/.test-rules.make +++ b/testsuite/.test-rules.make @@ -115,6 +115,9 @@ knuth-lfib-test$(EXEEXT): knuth-lfib-test.$(OBJEXT) cbc-test$(EXEEXT): cbc-test.$(OBJEXT) $(LINK) cbc-test.$(OBJEXT) $(TEST_OBJS) -o cbc-test$(EXEEXT)

+cfb-test$(EXEEXT): cfb-test.$(OBJEXT) + $(LINK) cfb-test.$(OBJEXT) $(TEST_OBJS) -o cfb-test$(EXEEXT) + ctr-test$(EXEEXT): ctr-test.$(OBJEXT) $(LINK) ctr-test.$(OBJEXT) $(TEST_OBJS) -o ctr-test$(EXEEXT)

diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in index d07268bd..d7b359e3 100644 --- a/testsuite/Makefile.in +++ b/testsuite/Makefile.in @@ -26,7 +26,7 @@ TS_NETTLE_SOURCES = aes-test.c arcfour-test.c arctwo-test.c \ sha3-384-test.c sha3-512-test.c \ serpent-test.c twofish-test.c version-test.c \ knuth-lfib-test.c \ - cbc-test.c ctr-test.c gcm-test.c eax-test.c ccm-test.c \ + cbc-test.c ctr-test.c gcm-test.c eax-test.c ccm-test.c cfb-test.c \ poly1305-test.c chacha-poly1305-test.c \ hmac-test.c umac-test.c \ meta-hash-test.c meta-cipher-test.c\ diff --git a/testsuite/cfb-test.c b/testsuite/cfb-test.c new file mode 100644 index 00000000..37f0201f --- /dev/null +++ b/testsuite/cfb-test.c @@ -0,0 +1,287 @@ +#include "testutils.h" +#include "aes.h" +#include "cfb.h" +#include "knuth-lfib.h" + +/* Test with more data and inplace decryption, to check that the + * cfb_decrypt buffering works. */ +#define CFB_BULK_DATA 0x2710 /* 10000 */ + +static void +test_cfb_bulk(void) +{ + struct knuth_lfib_ctx random; + + uint8_t clear[CFB_BULK_DATA]; + + uint8_t cipher[CFB_BULK_DATA + 1]; + + const uint8_t *key = H("966c7bf00bebe6dc 8abd37912384958a" + "743008105a08657d dcaad4128eee38b3"); + + const uint8_t *start_iv = H("11adbff119749103 207619cfa0e8d13a"); + const uint8_t *end_iv = H("1fd0a9189b8480b7 b06a2b36ef5943ba"); + + struct CFB_CTX(struct aes_ctx, AES_BLOCK_SIZE) aes; + + knuth_lfib_init(&random, CFB_BULK_DATA); + knuth_lfib_random(&random, CFB_BULK_DATA, clear); + + /* Byte that should not be overwritten */ + cipher[CFB_BULK_DATA] = 17; + + aes_set_encrypt_key(&aes.ctx, 32, key); + CFB_SET_IV(&aes, start_iv); + + CFB_ENCRYPT(&aes, aes_encrypt, CFB_BULK_DATA, cipher, clear); + + ASSERT(cipher[CFB_BULK_DATA] == 17); + + if (verbose) + { + printf("IV after bulk encryption: "); + print_hex(AES_BLOCK_SIZE, aes.iv); + printf("\n"); + } + + ASSERT(MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv)); + + /* Decrypt, in place */ + aes_set_encrypt_key(&aes.ctx, 32, key); + CFB_SET_IV(&aes, start_iv); + CFB_DECRYPT(&aes, aes_encrypt, CFB_BULK_DATA, cipher, cipher); + + ASSERT(cipher[CFB_BULK_DATA] == 17); + + if (verbose) + { + printf("IV after bulk decryption: "); + print_hex(AES_BLOCK_SIZE, aes.iv); + printf("\n"); + } + + ASSERT (MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv)); + ASSERT (MEMEQ(CFB_BULK_DATA, clear, cipher)); +} + +void +test_main(void) +{ + /* From NIST spec 800-38a on AES modes. + * + * F.3 CFB Example Vectors + * F.3.13 CFB128-AES128.Encrypt + */ + + /* Intermediate values, blocks input to AES: + * + * 000102030405060708090a0b0c0d0e0f + * 3b3fd92eb72dad20333449f8e83cfb4a + * c8a64537a0b3a93fcde3cdad9f1ce58b + * 26751f67a3cbb140b1808cf187a4f4df + */ + test_cipher_cfb(&nettle_aes128, + SHEX("2b7e151628aed2a6abf7158809cf4f3c"), + SHEX("6bc1bee22e409f96e93d7e117393172a" + "ae2d8a571e03ac9c9eb76fac45af8e51" + "30c81c46a35ce411e5fbc1191a0a52ef" + "f69f2445df4f9b17ad2b417be66c3710"), + SHEX("3b3fd92eb72dad20333449f8e83cfb4a" + "c8a64537a0b3a93fcde3cdad9f1ce58b" + "26751f67a3cbb140b1808cf187a4f4df" + "c04b05357c5d1c0eeac4c66f9ff7f2e6"), + SHEX("000102030405060708090a0b0c0d0e0f")); + + /* F.2.3 CFB128-AES192.Encrypt */ + + /* Intermediate values, blocks input to AES: + * + * 000102030405060708090a0b0c0d0e0f + * cdc80d6fddf18cab34c25909c99a4174 + * 67ce7f7f81173621961a2b70171d3d7a + * 2e1e8a1dd59b88b1c8e60fed1efac4c9 + */ + + test_cipher_cfb(&nettle_aes192, + SHEX("8e73b0f7da0e6452c810f32b809079e5" + "62f8ead2522c6b7b"), + SHEX("6bc1bee22e409f96e93d7e117393172a" + "ae2d8a571e03ac9c9eb76fac45af8e51" + "30c81c46a35ce411e5fbc1191a0a52ef" + "f69f2445df4f9b17ad2b417be66c3710"), + SHEX("cdc80d6fddf18cab34c25909c99a4174" + "67ce7f7f81173621961a2b70171d3d7a" + "2e1e8a1dd59b88b1c8e60fed1efac4c9" + "c05f9f9ca9834fa042ae8fba584b09ff"), + SHEX("000102030405060708090a0b0c0d0e0f")); + + /* F.2.5 CFB128-AES256.Encrypt */ + + /* Intermediate values, blcoks input to AES: + * + * 000102030405060708090a0b0c0d0e0f + * dc7e84bfda79164b7ecd8486985d3860 + * 39ffed143b28b1c832113c6331e5407b + * df10132415e54b92a13ed0a8267ae2f9 + */ + + test_cipher_cfb(&nettle_aes256, + SHEX("603deb1015ca71be2b73aef0857d7781" + "1f352c073b6108d72d9810a30914dff4"), + SHEX("6bc1bee22e409f96e93d7e117393172a" + "ae2d8a571e03ac9c9eb76fac45af8e51" + "30c81c46a35ce411e5fbc1191a0a52ef" + "f69f2445df4f9b17ad2b417be66c3710"), + SHEX("dc7e84bfda79164b7ecd8486985d3860" + "39ffed143b28b1c832113c6331e5407b" + "df10132415e54b92a13ed0a8267ae2f9" + "75a385741ab9cef82031623d55b1e471"), + SHEX("000102030405060708090a0b0c0d0e0f")); + + test_cfb_bulk(); +} + +/* +F.3.13 CFB128-AES128.Encrypt +Key 2b7e151628aed2a6abf7158809cf4f3c +IV 000102030405060708090a0b0c0d0e0f +Segment #1 +Input Block 000102030405060708090a0b0c0d0e0f +Output Block 50fe67cc996d32b6da0937e99bafec60 +Plaintext 6bc1bee22e409f96e93d7e117393172a +Ciphertext 3b3fd92eb72dad20333449f8e83cfb4a +Segment #2 +Input Block 3b3fd92eb72dad20333449f8e83cfb4a +Output Block 668bcf60beb005a35354a201dab36bda +Plaintext ae2d8a571e03ac9c9eb76fac45af8e51 +Ciphertext c8a64537a0b3a93fcde3cdad9f1ce58b +Segment #3 +Input Block c8a64537a0b3a93fcde3cdad9f1ce58b +Output Block 16bd032100975551547b4de89daea630 +Plaintext 30c81c46a35ce411e5fbc1191a0a52ef +Ciphertext 26751f67a3cbb140b1808cf187a4f4df +Segment #4 +Input Block 26751f67a3cbb140b1808cf187a4f4df +Output Block 36d42170a312871947ef8714799bc5f6 +Plaintext f69f2445df4f9b17ad2b417be66c3710 +Ciphertext c04b05357c5d1c0eeac4c66f9ff7f2e6 +F.3.14 CFB128-AES128.Decrypt +Key 2b7e151628aed2a6abf7158809cf4f3c +IV 000102030405060708090a0b0c0d0e0f +Segment #1 +Input Block 000102030405060708090a0b0c0d0e0f +Output Block 50fe67cc996d32b6da0937e99bafec60 +Ciphertext 3b3fd92eb72dad20333449f8e83cfb4a +Plaintext 6bc1bee22e409f96e93d7e117393172a +Segment #2 +Input Block 3b3fd92eb72dad20333449f8e83cfb4a +Output Block 668bcf60beb005a35354a201dab36bda +Ciphertext c8a64537a0b3a93fcde3cdad9f1ce58b +Plaintext ae2d8a571e03ac9c9eb76fac45af8e51 +Segment #3 +Input Block c8a64537a0b3a93fcde3cdad9f1ce58b +Output Block 16bd032100975551547b4de89daea630 +Ciphertext 26751f67a3cbb140b1808cf187a4f4df +Plaintext 30c81c46a35ce411e5fbc1191a0a52ef +Segment #4 +Input Block 26751f67a3cbb140b1808cf187a4f4df +Output Block 36d42170a312871947ef8714799bc5f6 +Ciphertext c04b05357c5d1c0eeac4c66f9ff7f2e6 +Plaintext f69f2445df4f9b17ad2b417be66c3710 +F.3.15 CFB128-AES192.Encrypt +Key 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b +000102030405060708090a0b0c0d0e0f +Segment #1 +50 +IV +Input Block 000102030405060708090a0b0c0d0e0f +Output Block a609b38df3b1133dddff2718ba09565e +Plaintext 6bc1bee22e409f96e93d7e117393172a +Ciphertext cdc80d6fddf18cab34c25909c99a4174 +Segment #2 +Input Block cdc80d6fddf18cab34c25909c99a4174 +Output Block c9e3f5289f149abd08ad44dc52b2b32b +Plaintext ae2d8a571e03ac9c9eb76fac45af8e51 +Ciphertext 67ce7f7f81173621961a2b70171d3d7a +Segment #3 +Input Block 67ce7f7f81173621961a2b70171d3d7a +Output Block 1ed6965b76c76ca02d1dcef404f09626 +Plaintext 30c81c46a35ce411e5fbc1191a0a52ef +Ciphertext 2e1e8a1dd59b88b1c8e60fed1efac4c9 +Segment #4 +Input Block 2e1e8a1dd59b88b1c8e60fed1efac4c9 +Output Block 36c0bbd976ccd4b7ef85cec1be273eef +Plaintext f69f2445df4f9b17ad2b417be66c3710 +Ciphertext c05f9f9ca9834fa042ae8fba584b09ff +F.3.16 CFB128-AES192.Decrypt +Key 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b +IV 000102030405060708090a0b0c0d0e0f +Segment #1 +Input Block 000102030405060708090a0b0c0d0e0f +Output Block a609b38df3b1133dddff2718ba09565e +Ciphertext cdc80d6fddf18cab34c25909c99a4174 +Plaintext 6bc1bee22e409f96e93d7e117393172a +Segment #2 +Input Block cdc80d6fddf18cab34c25909c99a4174 +Output Block c9e3f5289f149abd08ad44dc52b2b32b +Ciphertext 67ce7f7f81173621961a2b70171d3d7a +Plaintext ae2d8a571e03ac9c9eb76fac45af8e51 +Segment #3 +Input Block 67ce7f7f81173621961a2b70171d3d7a +Output Block 1ed6965b76c76ca02d1dcef404f09626 +Ciphertext 2e1e8a1dd59b88b1c8e60fed1efac4c9 +Plaintext 30c81c46a35ce411e5fbc1191a0a52ef +Segment #4 +Input Block 2e1e8a1dd59b88b1c8e60fed1efac4c9 +Output Block 36c0bbd976ccd4b7ef85cec1be273eef +Ciphertext c05f9f9ca9834fa042ae8fba584b09ff +Plaintext f69f2445df4f9b17ad2b417be66c3710 +F.3.17 CFB128-AES256.Encrypt +Key 603deb1015ca71be2b73aef0857d7781 +1f352c073b6108d72d9810a30914dff4 +IV 000102030405060708090a0b0c0d0e0f +Segment #1 +Input Block 000102030405060708090a0b0c0d0e0f +Output Block b7bf3a5df43989dd97f0fa97ebce2f4a +Plaintext 6bc1bee22e409f96e93d7e117393172a +Ciphertext dc7e84bfda79164b7ecd8486985d3860 +Segment #2 +Input Block dc7e84bfda79164b7ecd8486985d3860 +Output Block 97d26743252b1d54aca653cf744ace2a +Plaintext ae2d8a571e03ac9c9eb76fac45af8e51 +Ciphertext 39ffed143b28b1c832113c6331e5407b +Segment #3 +Input Block 39ffed143b28b1c832113c6331e5407b +Output Block efd80f62b6b9af8344c511b13c70b016 +Plaintext 30c81c46a35ce411e5fbc1191a0a52ef +Ciphertext df10132415e54b92a13ed0a8267ae2f9 +Segment #4 +Input Block df10132415e54b92a13ed0a8267ae2f9 +Output Block 833ca131c5f655ef8d1a2346b3ddd361 +Plaintext f69f2445df4f9b17ad2b417be66c3710 +Ciphertext 75a385741ab9cef82031623d55b1e471 +F.3.18 CFB128-AES256.Decrypt +Key 603deb1015ca71be2b73aef0857d7781 +1f352c073b6108d72d9810a30914dff4 +IV 000102030405060708090a0b0c0d0e0f +Segment #1 +Input Block 000102030405060708090a0b0c0d0e0f +Output Block b7bf3a5df43989dd97f0fa97ebce2f4a +Ciphertext dc7e84bfda79164b7ecd8486985d3860 +Plaintext 6bc1bee22e409f96e93d7e117393172a +Segment #2 +Input Block dc7e84bfda79164b7ecd8486985d3860 +Output Block 97d26743252b1d54aca653cf744ace2a +Ciphertext 39ffed143b28b1c832113c6331e5407b +Plaintext ae2d8a571e03ac9c9eb76fac45af8e51 +Segment #3 +Input Block 39ffed143b28b1c832113c6331e5407b +Output Block efd80f62b6b9af8344c511b13c70b016 +Ciphertext df10132415e54b92a13ed0a8267ae2f9 +Plaintext 30c81c46a35ce411e5fbc1191a0a52ef +Segment #4 +Input Block df10132415e54b92a13ed0a8267ae2f9 +Output Block 833ca131c5f655ef8d1a2346b3ddd361 +Ciphertext 75a385741ab9cef82031623d55b1e471 +Plaintext f69f2445df4f9b17ad2b417be66c3710 +*/ diff --git a/testsuite/testutils.c b/testsuite/testutils.c index 6f897617..694298b7 100644 --- a/testsuite/testutils.c +++ b/testsuite/testutils.c @@ -4,6 +4,7 @@

#include "base16.h" #include "cbc.h" +#include "cfb.h" #include "ctr.h" #include "knuth-lfib.h" #include "macros.h" @@ -245,6 +246,184 @@ test_cipher_cbc(const struct nettle_cipher *cipher, }

void +test_cipher_cfb(const struct nettle_cipher *cipher, + const struct tstring *key, + const struct tstring *cleartext, + const struct tstring *ciphertext, + const struct tstring *iiv) +{ + void *ctx = xalloc(cipher->context_size); + uint8_t *data, *data2; + uint8_t *iv = xalloc(cipher->block_size); + size_t length; + + ASSERT (cleartext->length == ciphertext->length); + length = cleartext->length; + + ASSERT (key->length == cipher->key_size); + ASSERT (iiv->length == cipher->block_size); + + data = xalloc(length); + data2 = xalloc(length); + + cipher->set_encrypt_key(ctx, key->data); + memcpy(iv, iiv->data, cipher->block_size); + + cfb_encrypt(ctx, cipher->encrypt, + cipher->block_size, iv, + length, data, cleartext->data); + + if (!MEMEQ(length, data, ciphertext->data)) + { + fprintf(stderr, "CFB encrypt failed:\nInput:"); + tstring_print_hex(cleartext); + fprintf(stderr, "\nOutput: "); + print_hex(length, data); + fprintf(stderr, "\nExpected:"); + tstring_print_hex(ciphertext); + fprintf(stderr, "\n"); + FAIL(); + } + cipher->set_encrypt_key(ctx, key->data); + memcpy(iv, iiv->data, cipher->block_size); + + cfb_decrypt(ctx, cipher->encrypt, + cipher->block_size, iv, + length, data2, data); + + if (!MEMEQ(length, data2, cleartext->data)) + { + fprintf(stderr, "CFB decrypt failed:\nInput:"); + tstring_print_hex(ciphertext); + fprintf(stderr, "\nOutput: "); + print_hex(length, data2); + fprintf(stderr, "\nExpected:"); + tstring_print_hex(cleartext); + fprintf(stderr, "\n"); + FAIL(); + } + cipher->set_encrypt_key(ctx, key->data); + memcpy(iv, iiv->data, cipher->block_size); + memcpy(data, cleartext->data, length); + + cfb_encrypt(ctx, cipher->encrypt, + cipher->block_size, iv, + length, data, data); + + if (!MEMEQ(length, data, ciphertext->data)) + { + fprintf(stderr, "CFB inplace encrypt failed:\nInput:"); + tstring_print_hex(cleartext); + fprintf(stderr, "\nOutput: "); + print_hex(length, data); + fprintf(stderr, "\nExpected:"); + tstring_print_hex(ciphertext); + fprintf(stderr, "\n"); + FAIL(); + } + cipher->set_encrypt_key(ctx, key->data); + memcpy(iv, iiv->data, cipher->block_size); + + cfb_decrypt(ctx, cipher->encrypt, + cipher->block_size, iv, + length, data, data); + + if (!MEMEQ(length, data, cleartext->data)) + { + fprintf(stderr, "CFB inplace decrypt failed:\nInput:"); + tstring_print_hex(ciphertext); + fprintf(stderr, "\nOutput: "); + print_hex(length, data); + fprintf(stderr, "\nExpected:"); + tstring_print_hex(cleartext); + fprintf(stderr, "\n"); + FAIL(); + } + + /* Repeat all tests with incomplete last block */ + length -= 1; + + cipher->set_encrypt_key(ctx, key->data); + memcpy(iv, iiv->data, cipher->block_size); + + cfb_encrypt(ctx, cipher->encrypt, + cipher->block_size, iv, + length, data, cleartext->data); + + if (!MEMEQ(length, data, ciphertext->data)) + { + fprintf(stderr, "CFB encrypt failed:\nInput:"); + print_hex(length, cleartext->data); + fprintf(stderr, "\nOutput: "); + print_hex(length, data); + fprintf(stderr, "\nExpected:"); + print_hex(length, ciphertext->data); + fprintf(stderr, "\n"); + FAIL(); + } + cipher->set_encrypt_key(ctx, key->data); + memcpy(iv, iiv->data, cipher->block_size); + + cfb_decrypt(ctx, cipher->encrypt, + cipher->block_size, iv, + length, data2, data); + + if (!MEMEQ(length, data2, cleartext->data)) + { + fprintf(stderr, "CFB decrypt failed:\nInput:"); + print_hex(length, ciphertext->data); + fprintf(stderr, "\nOutput: "); + print_hex(length, data2); + fprintf(stderr, "\nExpected:"); + print_hex(length, cleartext->data); + fprintf(stderr, "\n"); + FAIL(); + } + cipher->set_encrypt_key(ctx, key->data); + memcpy(iv, iiv->data, cipher->block_size); + memcpy(data, cleartext->data, length); + + cfb_encrypt(ctx, cipher->encrypt, + cipher->block_size, iv, + length, data, data); + + if (!MEMEQ(length, data, ciphertext->data)) + { + fprintf(stderr, "CFB inplace encrypt failed:\nInput:"); + print_hex(length, cleartext->data); + fprintf(stderr, "\nOutput: "); + print_hex(length, data); + fprintf(stderr, "\nExpected:"); + print_hex(length, ciphertext->data); + fprintf(stderr, "\n"); + FAIL(); + } + cipher->set_encrypt_key(ctx, key->data); + memcpy(iv, iiv->data, cipher->block_size); + + cfb_decrypt(ctx, cipher->encrypt, + cipher->block_size, iv, + length, data, data); + + if (!MEMEQ(length, data, cleartext->data)) + { + fprintf(stderr, "CFB inplace decrypt failed:\nInput:"); + print_hex(length, ciphertext->data); + fprintf(stderr, "\nOutput: "); + print_hex(length, data); + fprintf(stderr, "\nExpected:"); + print_hex(length, cleartext->data); + fprintf(stderr, "\n"); + FAIL(); + } + + free(ctx); + free(data); + free(data2); + free(iv); +} + +void test_cipher_ctr(const struct nettle_cipher *cipher, const struct tstring *key, const struct tstring *cleartext, diff --git a/testsuite/testutils.h b/testsuite/testutils.h index 7c44772b..0a059557 100644 --- a/testsuite/testutils.h +++ b/testsuite/testutils.h @@ -123,6 +123,13 @@ test_cipher_cbc(const struct nettle_cipher *cipher, const struct tstring *iv);

-- 2.11.0

Dmitry Eremin-Solenikov

11:27 p.m.

New subject: [PATCH 09/13] Add CFB mode support for GOST 28147-89

Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- gost28147.c | 59 +++++++++++++++++++ gost28147.h | 5 ++ testsuite/gost28147-test.c | 143 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 207 insertions(+)

diff --git a/gost28147.c b/gost28147.c index 89e16ed5..e4d3ad30 100644 --- a/gost28147.c +++ b/gost28147.c @@ -28,6 +28,7 @@ #endif

#include <assert.h> +#include <string.h>

#include "macros.h" #include "gost28147.h" @@ -2233,6 +2234,37 @@ static void gost28147_decrypt_simple (const uint32_t *key, const uint32_t *sbox, *out = l, *(out + 1) = r; }

+static const uint32_t gost28147_key_mesh_cryptopro_data[GOST28147_KEY_SIZE / 4] = { + 0x22720069, 0x2304c964, + 0x96db3a8d, 0xc42ae946, + 0x94acfe18, 0x1207ed00, + 0xc2dc86c0, 0x2ba94cef, +}; + +static void gost28147_key_mesh_cryptopro(struct gost28147_ctx *ctx) +{ + uint32_t newkey[GOST28147_KEY_SIZE/4]; + + gost28147_decrypt_simple(ctx->key, ctx->sbox, + &gost28147_key_mesh_cryptopro_data[0], + &newkey[0]); + + gost28147_decrypt_simple(ctx->key, ctx->sbox, + &gost28147_key_mesh_cryptopro_data[2], + &newkey[2]); + + gost28147_decrypt_simple(ctx->key, ctx->sbox, + &gost28147_key_mesh_cryptopro_data[4], + &newkey[4]); + + gost28147_decrypt_simple(ctx->key, ctx->sbox, + &gost28147_key_mesh_cryptopro_data[6], + &newkey[6]); + + memcpy(ctx->key, newkey, sizeof(newkey)); + ctx->key_count = 0; +} + void gost28147_set_key(struct gost28147_ctx *ctx, const uint8_t *key) { @@ -2292,3 +2324,30 @@ gost28147_decrypt(const struct gost28147_ctx *ctx, length -= GOST28147_BLOCK_SIZE; } } + +void +gost28147_encrypt_for_cfb(struct gost28147_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src) +{ + uint32_t block[2]; + + assert(!(length % GOST28147_BLOCK_SIZE)); + + while (length) + { + block[0] = LE_READ_UINT32(src); src += 4; + block[1] = LE_READ_UINT32(src); src += 4; + if (ctx->key_meshing && ctx->key_count == 1024) + { + gost28147_key_mesh_cryptopro(ctx); + gost28147_encrypt_simple(ctx->key, ctx->sbox, block, block); + ctx->key_count = 0; + } + gost28147_encrypt_simple(ctx->key, ctx->sbox, block, block); + LE_WRITE_UINT32(dst, block[0]); dst += 4; + LE_WRITE_UINT32(dst, block[1]); dst += 4; + length -= GOST28147_BLOCK_SIZE; + ctx->key_count += GOST28147_BLOCK_SIZE; + } +} diff --git a/gost28147.h b/gost28147.h index 21cf0390..b7340428 100644 --- a/gost28147.h +++ b/gost28147.h @@ -58,6 +58,7 @@ extern "C" { #define gost28147_set_key nettle_gost28147_set_key #define gost28147_set_param nettle_gost28147_set_param #define gost28147_encrypt nettle_gost28147_encrypt +#define gost28147_encrypt_for_cfb nettle_gost28147_encrypt_for_cfb #define gost28147_decrypt nettle_gost28147_decrypt

#define GOST28147_KEY_SIZE 32 @@ -105,6 +106,10 @@ void gost28147_decrypt(const struct gost28147_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); +void +gost28147_encrypt_for_cfb(struct gost28147_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src);

#ifdef __cplusplus } diff --git a/testsuite/gost28147-test.c b/testsuite/gost28147-test.c index 3f8046e1..939bedee 100644 --- a/testsuite/gost28147-test.c +++ b/testsuite/gost28147-test.c @@ -1,5 +1,6 @@ #include "testutils.h" #include "gost28147.h" +#include "cfb.h"

static void test_gost28147(const struct gost28147_param *param, @@ -49,6 +50,60 @@ test_gost28147(const struct gost28147_param *param, free(data); }

+static void +test_gost28147_cfb(const struct gost28147_param *param, + const struct tstring *key, + const struct tstring *iv, + const struct tstring *cleartext, + const struct tstring *ciphertext) +{ + struct ctx CFB_CTX(struct gost28147_ctx, GOST28147_BLOCK_SIZE) ctx; + uint8_t *data = xalloc(cleartext->length); + size_t length; + + ASSERT (cleartext->length == ciphertext->length); + length = cleartext->length; + + gost28147_set_key(&ctx.ctx, key->data); + gost28147_set_param(&ctx.ctx, param); + CFB_SET_IV(&ctx, iv->data); + + CFB_ENCRYPT(&ctx, gost28147_encrypt_for_cfb, length, + data, cleartext->data); + + if (!MEMEQ(length, data, ciphertext->data)) + { + fprintf(stderr, "Encrypt failed:\nInput:"); + tstring_print_hex(cleartext); + fprintf(stderr, "\nOutput: "); + print_hex(length, data); + fprintf(stderr, "\nExpected:"); + tstring_print_hex(ciphertext); + fprintf(stderr, "\n"); + FAIL(); + } + + gost28147_set_key(&ctx.ctx, key->data); + gost28147_set_param(&ctx.ctx, param); + CFB_SET_IV(&ctx, iv->data); + CFB_DECRYPT(&ctx, gost28147_encrypt_for_cfb, length, + data, data); + + if (!MEMEQ(length, data, cleartext->data)) + { + fprintf(stderr, "Decrypt failed:\nInput:"); + tstring_print_hex(ciphertext); + fprintf(stderr, "\nOutput: "); + print_hex(length, data); + fprintf(stderr, "\nExpected:"); + tstring_print_hex(cleartext); + fprintf(stderr, "\n"); + FAIL(); + } + + free(data); +} + void test_main(void) { /* Examples from GOST R 34.11-94 standard */ @@ -116,4 +171,92 @@ void test_main(void) SHEX("ccddeeff8899aabb4455667700112233f3f2f1f0f7f6f5f4fbfaf9f8fffefdfc"), SHEX("1032547698badcfe"), SHEX("3dcad8c2e501e94e")); + + test_gost28147_cfb(&gost28147_param_CryptoPro_A, + SHEX("8d5a2c83a7c70a61 d61b34b51fdf4268 6671a35d874cfd84 993663b61ed60dad"), + SHEX("46606f0d8834235a"), + SHEX("d2fdf83ac1b43923 2eaacc980a02da33"), + SHEX("88b7751674a5ee2d 14fe9167d05ccc40")); + + test_gost28147_cfb(&gost28147_param_CryptoPro_C, + SHEX("77c3458ef642e704 8efc08e47096d605 9359026d6f97cae9 cf89444bde6c221d"), + SHEX("437c3e8e2f2a0098"), + SHEX("079c91be"), + SHEX("19358134")); + + test_gost28147_cfb(&gost28147_param_CryptoPro_D, + SHEX("389fe837ff9c5d29 fc4855a087eae840 20875bb2011555a7 e32dcb3dd6590473"), + SHEX("c5a2d21f2fdfb8eb"), + SHEX("2f31d883b420e86e da"), + SHEX("6da4ed40088871ad 16")); + + test_gost28147_cfb(&gost28147_param_CryptoPro_B, + SHEX("480c741b026b55d5 b66dd71d4048056b 6deb3c290f848023 ee0d4777e3fe61c9"), + SHEX("1f3f821e0dd81e22"), + SHEX("8c9c4435fbe9a5a3 a0ae285691108e1e d2bb185381270da6 685936c581629a8e" + "7d50f16f976229ec 8051e37d6cc40795 2863dcb4b92db813 b105b5f9eb75374e" + "f7bf51f1988643c4 e43d3ea762ec4159 e0bdfbb6fdece077 13d25990a1b8976b" + "3d8b7dfc9dca8273 32700a7403c60c26 7f56f09db2eb7140 d7c3b1a7c51e2017" + "b3501d8a6e19cbbe 20862bd61cfdb4b7 5d9ab3e37d157a35 019f5d65894b34c6" + "f4813f7830cfe915 909af9deba63d019 14663cb9a4b28494 02cfce20cf76e7c5" + "48f7693a5decaf41 a7126483f5991e9e b2ab861600238ee6 d9800b6dc593e25c" + "8cd85e5aae4a85fd 7601ea30f3783410 7251bc9f76ce1fd4 8f335034c74d7bcf" + "91637d829ea12345 f545ac987a48ff64 d55947de2b3ffaec 50e081608bc3fc80" + "9817c7a3c2573dab 9167f5c4ab92c8d6 3b6b3fff156bcf53 6502f174caa9be24" + "d2f0b726a8d76ded 90367b3e41a97fa3 1bf443c551be2859 e94526493832f8f3" + "926e30ccb0a0f901 14c8bad9f02a29e2 529a76953a1632ec f410ecee47007019" + "e472356644532da2 f3aa7e8a3313cdc8 bf0e409000e442c3 0984e16617a2af03" + "ab6ba1ecfb177281 fe9a9ff4b2331fae 0cd16aae19b8afec e3ea00f8ac87075f" + "6db0ac6b224836bf 2218b0039f6c7045 36f06bc6c2a5722c d8e0273dec560705" + "7d83a1657d415bcd 7724e5aa7647d050 f6e7b559753127ef d8a64e7fb840b1df" + "5314edf1685ffc3f 02db05eb31e42c7f 32b5708e7585a45c 162337f21079cbdc" + "f81c25c2a13d9c33 6cedc3e7f3028782 4efbacb32dfcf80d 1d4a39d4b309bbe9" + "25c7ec6a877284ed 12601964eb162a5b 107627ff7be4aee5 a404027fbb0ab5f4" + "05a5561c53317a93 ba1615ab6260fcde 72366e28af980de6 f4de60a77e060786" + "f394b66d0d93a6bc 607033ac3fa1a84a 2061b6b543a3155a 00be76985772ab7a" + "0e1893823a18786e 717b784f7e8cde7a 62b50a7c451d16d5 c38c9b25b45090cd" + "9693ad0fd443cb49 0ffc5a31f419b7d4 eb4d4058d03bc8e0 4a542fdb22c3297b" + "40906143d37ee230 2b483cce9093b18b 3196656d578b9d4d 53f0831ce5a19d55" + "e3bf7eca1a746614 cc4743d9bbef977d b76efff122f8102d 3fcd4996d90911b8" + "33d0239afa16cb50 2657245c0ebaf03f 372fa3f718574848 95cfef87672ae9b6" + "8a21367fff486c46 3557f2bc48678f63 2378112bc208de51 e88b9229f99a9ead" + "ed0feba2d24092d4 de629576fd6e3cbf c0d70de51ba4c718 e158a456ef2e171b" + "75cbbcf92a9571a7 1d7fe77363056b19 4cf42214c4598866 9286615c6aaeec58" + "ffc9f244d4a2f598 eb5f09bc8abf3cb4 3eb120054496790a 40927f9dd1afbc90" + "950a81d4a7c6b8e0 e439301d79c0e5fa b4e963b409723b3e d9f6d91021187ee5" + "ad81d7d582d08c3b 3895f89201a99200 70d1a788771f3aeb b5e4f59dc73786b2" + "12463419728cf58c f67898e07cd3f4"), + SHEX("23c67f20a12358bc 7b05db2115cf9641 c788ef765c49db42 bff3c0f5bd5dd98e" + "af3df4e4da88bdbc 475d7607c95f541d 1d6aa12e18d66084 021837929215ab21" + "ee21cc716e51d92b cc81973feb4599b8 1bdaff90d341069c 3ffbe4b2dcc9030d" + "a7aed77d02b832ab f365a3656c4ee4a2 5e9eeecdde79366b 1be13cdf10ad4f02" + "e114aa09b40b76eb 69382002cb8ec0df ca4874c331ad422c 519bd06ac136d721" + "dfb045baca7f3520 28bbc176fd435d23 7d31841a974d83aa 7ef1c4e683ac0def" + "ef3ca47c48e4c8ca 0d7dea7c45d77350 251d01c4021acde0 385ba85a169a1059" + "74d719c6f3b517f6 598d62af44e8dce9 c176f1d0bd29d7ec 1dac57db1a3fd8f6" + "6eb6e6df36e789ce 5635431c7d57790e d8f4d7a70dc68f91 6667820f49c9c565" + "81a1395a539f02a5 d53622a8a81c370e 7646dfbd6adbfc1b bd10b8b1bc724c58" + "4ada6d6600da7a66 a0e73b39a3f70507 fa214bc794c0d37b 19025d4a10f1c20f" + "196827c77dbf5503 577daf77ae802f7a e61f4bdc1518c062 a1e8d91c9e8c9639" + "c1c488f70ce10484 6851cef190da7f76 c8c088ef8e15253e 7be479b5662d9cd1" + "13dad0d546d58d46 1807eed8c964e3be 0e6827099626f6e2 19613ff458270aeb" + "ce7cb66892e7123b 31d448df358df486 422a154be8191f26 659ba8da4b791f8e" + "e6137e498fc1cedc 5e6474ce0278e0cf a0ed5e3174d1d0b4 ee7019143c8f16a6" + "cf12931588eb9165 7698fda19430ba43 62654004779ed6ab 8b0d9380505fa276" + "20a7d69c271527bc a55abfe9928205a8 41e9b560d5c0d74b ad38b2e9d1e5515f" + "2478249a23d2c248 bd0ef137729187b0 4ebd996b2c01b679 69ec0cede53f5064" + "7cb9dde19281b5d0 cb1783868bea4f93 08bc220cefe80df5 9e23e1f9b76b450b" + "cba9b64d2825ba3e 86f275475d9d6bf6 8a0558733d00defd 69b16116f52eb09f" + "316a00b9ef716347 a3cae040a87e0204 fee5ce4873e394cf e2ff297ef632bbb7" + "5512217a9c75040c b47cb03d40b3119a 7a9a13fb77a75168 f705473b0f525ce6" + "c2993a37545c4f2b a7010874bc91e3e2 fe6594fd3d18e0f0 62edc210829c587f" + "b2a3878a74d9c1fb 842817c72bcb531f 4e8a82fcb43fc147 25f321dc4c2d08fa" + "e70f03a968de6b41 a0f9416c574d3a0e ea51ca9f97117df6 8e886367c96513ca" + "38ed35bef427a9fc a9e6c34086083972 37eeb2870996b740 873692c15d6a2c43" + "ca25c835372db5a9 274450f26d227541 772adbb18c6d05e8 c999c708f9148f78" + "a98fc25a7a65c5d8 86bb72696b6b4583 5bb1f7cd1673eee9 8085fe8ee1ae538f" + "debe488b59eff67e d8b5a847c04e1558 cad32ff86ca63d78 4d7a54d610e5cc05" + "e229b58607397d78 8e5a8f834ce73d68 3ee502e6644f5eb4 4977f0c0fa6fc8fb" + "9f846f55fb305e89 93a9f3a6a3d726bb d8a8d9951dfefcd7 a893662f04530664" + "7f3129aeb79fbac4 6d68d12432f411")); }

-- 2.11.0

Dmitry Eremin-Solenikov

11:27 p.m.

New subject: [PATCH 10/13] Add special CNT mode for GOST 28147-89 cipher

Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- gost28147.c | 87 +++++++++++++++++++++++++++ gost28147.h | 18 ++++++ testsuite/gost28147-test.c | 147 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 252 insertions(+)

diff --git a/gost28147.c b/gost28147.c index e4d3ad30..1715ecaa 100644 --- a/gost28147.c +++ b/gost28147.c @@ -32,6 +32,7 @@

#include "macros.h" #include "gost28147.h" +#include "memxor.h"

/* pre-initialized GOST lookup tables based on rotated S-Box */ const struct gost28147_param gost28147_param_test_3411 = @@ -2351,3 +2352,89 @@ gost28147_encrypt_for_cfb(struct gost28147_ctx *ctx, ctx->key_count += GOST28147_BLOCK_SIZE; } } + +static void +gost28147_cnt_next_iv(struct gost28147_ctx *ctx, + uint8_t *iv, uint8_t *out) +{ + uint32_t block[2]; + uint32_t temp; + + block[0] = LE_READ_UINT32(iv + 0); + block[1] = LE_READ_UINT32(iv + 4); + if (ctx->key_count == 0) + { + gost28147_encrypt_simple(ctx->key, ctx->sbox, block, block); + } + if (ctx->key_meshing && ctx->key_count == 1024) + { + gost28147_key_mesh_cryptopro(ctx); + gost28147_encrypt_simple(ctx->key, ctx->sbox, block, block); + ctx->key_count = 0; + } + + LE_WRITE_UINT32(iv + 0, block[0]); + LE_WRITE_UINT32(iv + 4, block[1]); + + block[0] += 0x01010101; + temp = block[1] + 0x01010104; + if (temp < block[1]) + block[1] = temp + 1; /* Overflow */ + else + block[1] = temp; + + LE_WRITE_UINT32(iv + 0, block[0]); + LE_WRITE_UINT32(iv + 4, block[1]); + + gost28147_encrypt_simple(ctx->key, ctx->sbox, block, block); + + LE_WRITE_UINT32(out + 0, block[0]); + LE_WRITE_UINT32(out + 4, block[1]); + + ctx->key_count += GOST28147_BLOCK_SIZE; +} + +void +gost28147_cnt_init(struct gost28147_cnt_ctx *ctx, + const uint8_t *key, + const struct gost28147_param *param) +{ + gost28147_set_key(&ctx->ctx, key); + gost28147_set_param(&ctx->ctx, param); + ctx->bytes = 0; +} + +void +gost28147_cnt_crypt(struct gost28147_cnt_ctx *ctx, + uint8_t *iv, + size_t length, uint8_t *dst, + const uint8_t *src) +{ + size_t block_size = GOST28147_BLOCK_SIZE; + + if (ctx->bytes) + { + size_t part = ctx->bytes < length ? ctx->bytes : length; + memxor3(dst, src, ctx->buffer + block_size - ctx->bytes, part); + dst += part; + src += part; + length -= part; + ctx->bytes -= part; + ctx->bytes %= block_size; + } + while (length >= block_size) + { + gost28147_cnt_next_iv(&ctx->ctx, iv, ctx->buffer); + memxor3(dst, src, ctx->buffer, block_size); + length -= block_size; + src += block_size; + dst += block_size; + } + + if (length != 0) + { + gost28147_cnt_next_iv(&ctx->ctx, iv, ctx->buffer); + memxor3(dst, src, ctx->buffer, length); + ctx->bytes = block_size - length; + } +} diff --git a/gost28147.h b/gost28147.h index b7340428..3dd0e3bb 100644 --- a/gost28147.h +++ b/gost28147.h @@ -61,6 +61,9 @@ extern "C" { #define gost28147_encrypt_for_cfb nettle_gost28147_encrypt_for_cfb #define gost28147_decrypt nettle_gost28147_decrypt

+#define gost28147_cnt_init nettle_gost28147_cnt_init +#define gost28147_cnt_crypt nettle_gost28147_cnt_crypt + #define GOST28147_KEY_SIZE 32 #define GOST28147_BLOCK_SIZE 8

@@ -111,6 +114,21 @@ gost28147_encrypt_for_cfb(struct gost28147_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src);

+struct gost28147_cnt_ctx { + struct gost28147_ctx ctx; + size_t bytes; + uint8_t buffer[GOST28147_BLOCK_SIZE]; +}; + +void +gost28147_cnt_init(struct gost28147_cnt_ctx *ctx, + const uint8_t *key, + const struct gost28147_param *param); +void +gost28147_cnt_crypt(struct gost28147_cnt_ctx *ctx, + uint8_t *iv, + size_t length, uint8_t *dst, + const uint8_t *src); #ifdef __cplusplus } #endif diff --git a/testsuite/gost28147-test.c b/testsuite/gost28147-test.c index 939bedee..201e6ed6 100644 --- a/testsuite/gost28147-test.c +++ b/testsuite/gost28147-test.c @@ -104,6 +104,76 @@ test_gost28147_cfb(const struct gost28147_param *param, free(data); }

+static void +test_gost28147_cnt(const struct gost28147_param *param, + const struct tstring *key, + const struct tstring *start_iv, + const struct tstring *end_iv, + const struct tstring *cleartext, + const struct tstring *ciphertext) +{ + struct gost28147_cnt_ctx ctx; + uint8_t *data = xalloc(cleartext->length); + uint8_t iv[GOST28147_BLOCK_SIZE]; + size_t length; + + ASSERT (cleartext->length == ciphertext->length); + length = cleartext->length; + + gost28147_cnt_init(&ctx, key->data, param); + memcpy(iv, start_iv->data, GOST28147_BLOCK_SIZE); + gost28147_cnt_crypt(&ctx, iv, length, data, cleartext->data); + + if (!MEMEQ(length, data, ciphertext->data)) + { + fprintf(stderr, "Encrypt failed:\nInput:"); + tstring_print_hex(cleartext); + fprintf(stderr, "\nOutput: "); + print_hex(length, data); + fprintf(stderr, "\nExpected:"); + tstring_print_hex(ciphertext); + fprintf(stderr, "\n"); + FAIL(); + } + + if (!MEMEQ(GOST28147_BLOCK_SIZE, iv, end_iv->data)) + { + fprintf(stderr, "Encrypt failed IV check:\nOutput:"); + print_hex(GOST28147_BLOCK_SIZE, iv); + fprintf(stderr, "\nExpected:"); + tstring_print_hex(end_iv); + fprintf(stderr, "\n"); + FAIL(); + } + + gost28147_cnt_init(&ctx, key->data, param); + memcpy(iv, start_iv->data, GOST28147_BLOCK_SIZE); + gost28147_cnt_crypt(&ctx, iv, length, data, data); + + if (!MEMEQ(length, data, cleartext->data)) + { + fprintf(stderr, "Decrypt failed:\nOutput:"); + print_hex(length, data); + fprintf(stderr, "\nExpected:"); + tstring_print_hex(cleartext); + fprintf(stderr, "\n"); + FAIL(); + } + + if (!MEMEQ(GOST28147_BLOCK_SIZE, iv, end_iv->data)) + { + fprintf(stderr, "Decrypt failed IV check:\nInput:"); + fprintf(stderr, "\nOutput: "); + print_hex(GOST28147_BLOCK_SIZE, iv); + fprintf(stderr, "\nExpected:"); + tstring_print_hex(end_iv); + fprintf(stderr, "\n"); + FAIL(); + } + + free(data); +} + void test_main(void) { /* Examples from GOST R 34.11-94 standard */ @@ -259,4 +329,81 @@ void test_main(void) "e229b58607397d78 8e5a8f834ce73d68 3ee502e6644f5eb4 4977f0c0fa6fc8fb" "9f846f55fb305e89 93a9f3a6a3d726bb d8a8d9951dfefcd7 a893662f04530664" "7f3129aeb79fbac4 6d68d12432f411")); + + test_gost28147_cnt(&gost28147_param_CryptoPro_A, + SHEX("599f84bac3f3d2f1 60e1e3f26a961af9 9c48b24ebcbbbf7c d8f3accd968d286a"), + SHEX("8dafa8d158ed058d"), + SHEX("f1a0e3294f65be75"), + SHEX("90a23966ae01b9a3 524ec8ed6cdd8830"), + SHEX("6e7262cce3593690 833afea91bc9bece")); + test_gost28147_cnt(&gost28147_param_CryptoPro_A, + SHEX("1b5ddb77cff9ec95 5ecc679f5d28ad4a 27f432c6b2cbb145 6a88140c9b9b5f48"), + SHEX("71588ce155f4f6b3"), + SHEX("6aeaa0a59e10e0ce"), + SHEX("3d0b69f7a8e4fc99 222eeed16312fea8 9dcb6c4d488ce8bd 8b60f1bf7be379d5" + "2b259713ef35daf4 bc77ceeae93fa4b6 01d5732958dad767 17ace4752f5723ac" + "9621c7622df732b5 445f72b15fba1b1e db4a098c9261a2b0 4968e5b3a28f134b" + "f54d84daaba0b6d1 5a6319e8a209f676 6f9b480a155db720 219a2eb96dfa1ec2" + "0eef15ab5901fe43 90f262ca4a9a4838 ab6f9d21b3ada760 46e3efd0e31dc5e1" + "b8a1e29920c576cc aa8aa94555a07800 64decf5bdf2648cd ba8ab5fbfd4ad5c4" + "e043a67190a48bca 2e887bacb2dcf201 cbda6e9127284488 9ad212f1a6f5b761" + "ce7962523ce61473 d1419250bddc3bd0 a7118c3ae42df252 d32f7c8e54904e23" + "aeb3a0f3257e66aa 0f6f817277bbd347 e805ffe15bc93750 334917afab1de115" + "f2e5985e2d051f0d 5597edff5ee00fc3 9cbd82c206be4566 ae33be2848e92d1a" + "e6658edf7603734b c08071f9acbaa0b0 191a0ad435128876 05758f7cb5f01975" + "6d05cb0dbc8de9f0 d4db3c3c298e2c32 1df7b649cfdb63ee 3cfa33736fe4974e" + "2fc94c5c65feeafb c6ddc11c473ff450 2fde1b5b0b16cab6 4644f2c10da11da6" + "dbf03db16c053185 8e74aef23926f7c1 e74cdd9d40b8f3c5 c216646baadb4b82" + "5cd302d38f26798d b0787019580cb431 88441c916ff45239 a8f5c01bfef20e4b" + "ac0ac27e9c9beb5d 4e4f42d8710a9727 031496a63d04ea9f 1414274cd9a2895f" + "654ae19d2cb8f8d4 8f2a5736cc069c2c c51316dffcae2216 a82b716f1db34754" + "3f2d0a689f2ef690 d8a12109d497b97b 7f9b6aedd1f0e3b6 28c7628200c938a1" + "8278ce87c853ac4f 2e31b9507f36004a 32e6d8bb59450e91 1b38a9bcb95e6c6a" + "9c03011cdee81f1e e3de25a25679e1bd 58c493e6d08a4d08 abf7aac37dc1ee68" + "37bc780b19682b2b 2e6dc46faa3bc619 cbf158b9608545ae 5297ba2432137216" + "6e7bc198acb1edb4 cc6ccf45fc508980 8e7aa4d364506337 c96cf1c43dfbde5a" + "5ca82135e62e8c2a 3c1217799a0d2e79 eb671f2bf86ecac1 fa45189edf6ae6cb" + "e95cc309af935813 bf90848775d68228 8de72fa3fb97742a 730482067669b10b" + "19fcaeb3dd2ae5c1 05d88095229071fc c29242fdf170b468 88a49e0a244013c8" + "a2564f39e606f1dc f5130ead9c8bafe9 e38872ffa06dda08 70b92e83c5bb32a5" + "74c7fb7b76af02bb 2bb85e6502fe0ea0 99ce013b35e1b022 e594bddd8ebbf675" + "bfbfee7ab158b481 b8393eb61ededa1b d5f7dd7d659caa56 93b8af4853c722e4" + "1cdfe979b42089cc 2a792c09be78cfcc f290d665c529fcda 69fcc0d67099613f" + "6002d81222c834c6 3bb3c233a15c8f4c d15272f242058e18 1f16dab853a15f01" + "321b90b3539bd085 612d17ed0aa4a527 09757cbc30f75e59 9a07968428864ba7" + "223528c7ed0dc3ce 98cc2decd498098e 525f2b9a13be9916 73d11f81e5a20878" + "cb0c20d4a5ea4b5b 955a929a52"), + SHEX("8ecd8fc8ace11548 2dae248ac7fbba0f 1d8a95a243efcbdc 5957a7c70ee3e2b9" + "0d862962cb834d07 0c40d47b2ecababf 4a603b3198c88847 d982abfc8f48e246" + "abd3a1ab8a05228c f4ec9a1e76ab1a60 d9256bb856e5b2ea 10f36204325eaa3b" + "7b57bc3b8b4347f2 d5037e5101ff7728 ca90a3fe7e2e7016 751844f01b8505ea" + "e321f72686763c67 9dfcbc107f77e4ed d312f883001f4b92 95925cf35af3b7d0" + "a95ff218c46662c1 840e66e8807d1ff0 ba019b71ae93cc27 54349abdcaee5209" + "929db0d5d9ba2fb9 96dcfabdceea1a7b 9a1d13a711e29a64 f6d3eec633b76eef" + "259e1e7ce31f2c6e a9c0f8c1bf3bf834 039ba1405b0c3c09 669d63e2e2048f06" + "847468b25c3b4cad 0b3f03b3078a64a7 3656263966dae96d 1bd588e85caf5a4c" + "49f7f5b778f0deec cd16239e8c13be6b 6f9b07e5bbcc3a1b 6f43dfff462aae47" + "19189a2509c92440 0c4ba7da5e0deefa 62458ecc2f23081d 92f0fe820fd71160" + "7e0b0b75f4f53bc0 a4e872a5b6fa5aad 5a4f39b5a212960a 3284b2a106685657" + "97a37b2261765d30 1a31ab9906c51a96 cfcf14ffb2c4cc2b bf0c9d918f795bbc" + "a96b916ab4935c7b 5dc28a75c0c108fa 99f94d5e0c066460 a9014a340f338495" + "6930c11c36f8fc30 23b271e5524d121a c9beeec9cb0185f3 db30f941a940b006" + "2977cdc5ec580248 8353446ad2ca05d8 5a08eba9f4e6c79d d57b740b31b7a557" + "7c7afd1a0ed79741 bfddc6196c778c18 525783ba7125ee39 bbe243a014dc0e84" + "b42bde3ee536b7a2 929805b896e5d08c 089335c281e0fc59 71e244495ddafb9c" + "aa709f43a8a5d967 d98fa31ebe0eecdf 122b6ae71c1217e7 c46d50c9527ad5e8" + "7fbc0715acdb9366 b1f0a77b2fe9ecd0 47695987f14c3e4b 9b117913e496f656" + "046e0b33fc40f6c7 c143b1bf0eb387fd 0b1c63463ad3a017 5925946c9c3d0c81" + "ce82724228f9376a 6de412f421aaf7fe 2755401a14c3395b bf63c25f101f1425" + "d0cef3144813a50b 4d38cf0d34c00a11 b4b572c84bc26fe7 9d93f7dfb843727e" + "da3e201fbc212ace 00fa969f3de58896 ef2984df6c1c96d8 5847aa92f307e5fb" + "afea957e0b71cd81 0fb70a598f314dd1 c3f32f705c591897 af77955eaf400612" + "816186084ebc8946 072e5b10aa12f0a7 84e29a08f1de59e3 0e474bffc3c918af" + "959c672ade8a7a99 04c4b8974c042971 05dab3d6db6c71e6 e803bf947dde3dc8" + "44fa7d62b43603ee 365264b4856dd578 f06f672d0ee02c88 9b55192940f68c12" + "bb2c839640c036f5 77ff708c75920bad 059b7ea2fca9d164 768213ba225e330e" + "2670a9be7428f5e2 c496ee3abc97a62c 2ae0648d35c61aca f492fac3f11f98e4" + "4388693a09bf63e5 96290b9b6223148a 95e41c5c0aa9c5b9 6f4f2b256f741e18" + "d5fe277d3f6e552c 67e6deb5ccc02dff c4e40621a5c8d3d6 6ca1c3fb8892b11d" + "90e135059b296dba f1f41e232e")); }

-- 2.11.0

Dmitry Eremin-Solenikov

11:27 p.m.

New subject: [PATCH 11/13] Add GOST 28147-89 IMIT support

Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- gost28147.c | 112 +++++++++++++++++++++++++++++++++++++++++++-- gost28147.h | 47 +++++++++++++++++++ testsuite/gost28147-test.c | 96 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 252 insertions(+), 3 deletions(-)

diff --git a/gost28147.c b/gost28147.c index 1715ecaa..ea578059 100644 --- a/gost28147.c +++ b/gost28147.c @@ -31,6 +31,7 @@ #include <string.h>

#include "macros.h" +#include "nettle-write.h" #include "gost28147.h" #include "memxor.h"

@@ -2235,6 +2236,23 @@ static void gost28147_decrypt_simple (const uint32_t *key, const uint32_t *sbox, *out = l, *(out + 1) = r; }

+static void gost28147_imit_simple (const uint32_t *key, const uint32_t *sbox, + const uint32_t *in, uint32_t *out) +{ + uint32_t l, r, tmp; + + r = in[0], l = in[1]; + GOST_ENCRYPT_ROUND(key[0], key[1], sbox) + GOST_ENCRYPT_ROUND(key[2], key[3], sbox) + GOST_ENCRYPT_ROUND(key[4], key[5], sbox) + GOST_ENCRYPT_ROUND(key[6], key[7], sbox) + GOST_ENCRYPT_ROUND(key[0], key[1], sbox) + GOST_ENCRYPT_ROUND(key[2], key[3], sbox) + GOST_ENCRYPT_ROUND(key[4], key[5], sbox) + GOST_ENCRYPT_ROUND(key[6], key[7], sbox) + *out = r, *(out + 1) = l; +} + static const uint32_t gost28147_key_mesh_cryptopro_data[GOST28147_KEY_SIZE / 4] = { 0x22720069, 0x2304c964, 0x96db3a8d, 0xc42ae946, @@ -2266,15 +2284,21 @@ static void gost28147_key_mesh_cryptopro(struct gost28147_ctx *ctx) ctx->key_count = 0; }

-void -gost28147_set_key(struct gost28147_ctx *ctx, const uint8_t *key) +static void +_gost28147_set_key(struct gost28147_ctx *ctx, const uint8_t *key) { unsigned i;

- assert(key); for (i = 0; i < 8; i++, key += 4) ctx->key[i] = LE_READ_UINT32(key); ctx->key_count = 0; +} + +void +gost28147_set_key(struct gost28147_ctx *ctx, const uint8_t *key) +{ + assert(key); + _gost28147_set_key(ctx, key); gost28147_set_param(ctx, &gost28147_param_TC26_Z); }

@@ -2438,3 +2462,85 @@ gost28147_cnt_crypt(struct gost28147_cnt_ctx *ctx, ctx->bytes = block_size - length; } } + +void +gost28147_imit_init(struct gost28147_imit_ctx *ctx) +{ + memset(ctx->state, 0, GOST28147_BLOCK_SIZE); + ctx->index = 0; + ctx->count = 0; + gost28147_set_param(&ctx->cctx, &gost28147_param_TC26_Z); /* Default */ +} + +void +gost28147_imit_set_key(struct gost28147_imit_ctx *ctx, + size_t length, + const uint8_t *key) +{ + assert(length == GOST28147_IMIT_KEY_SIZE); + assert(key); + + _gost28147_set_key(&ctx->cctx, key); + /* Do not reset param here */ +} + +void +gost28147_imit_set_nonce(struct gost28147_imit_ctx *ctx, const uint8_t *nonce) +{ + ctx->state[0] = LE_READ_UINT32(nonce + 0); + ctx->state[1] = LE_READ_UINT32(nonce + 4); +} + +void +gost28147_imit_set_param(struct gost28147_imit_ctx *ctx, + const struct gost28147_param *param) +{ + assert(param); + gost28147_set_param(&ctx->cctx, param); +} + +static void +gost28147_imit_compress(struct gost28147_imit_ctx *ctx, + const uint8_t *data) +{ + uint32_t block[2]; + + if (ctx->cctx.key_meshing && ctx->cctx.key_count == 1024) + gost28147_key_mesh_cryptopro(&ctx->cctx); + + block[0] = LE_READ_UINT32(data + 0) ^ ctx->state[0]; + block[1] = LE_READ_UINT32(data + 4) ^ ctx->state[1]; + gost28147_imit_simple(ctx->cctx.key, ctx->cctx.sbox, block, ctx->state); + ctx->cctx.key_count += 8; +} + +void +gost28147_imit_update(struct gost28147_imit_ctx *ctx, + size_t length, + const uint8_t *data) +{ + MD_UPDATE(ctx, length, data, gost28147_imit_compress, ctx->count++); +} + +void +gost28147_imit_digest(struct gost28147_imit_ctx *ctx, + size_t length, + uint8_t *digest) +{ + assert(length <= GOST28147_IMIT_DIGEST_SIZE); + const uint8_t zero[GOST28147_IMIT_BLOCK_SIZE] = { 0 }; + + if (ctx->index) + { + assert(ctx->index < GOST28147_IMIT_BLOCK_SIZE); + gost28147_imit_update(ctx, GOST28147_IMIT_BLOCK_SIZE - ctx->index, zero); + } + + if (ctx->count == 1) + { + gost28147_imit_update(ctx, GOST28147_IMIT_BLOCK_SIZE, zero); + } + + _nettle_write_le32(length, digest, ctx->state); + gost28147_imit_init(ctx); +} diff --git a/gost28147.h b/gost28147.h index 3dd0e3bb..24203861 100644 --- a/gost28147.h +++ b/gost28147.h @@ -64,6 +64,13 @@ extern "C" { #define gost28147_cnt_init nettle_gost28147_cnt_init #define gost28147_cnt_crypt nettle_gost28147_cnt_crypt

+#define gost28147_imit_init nettle_gost28147_imit_init +#define gost28147_imit_set_key nettle_gost28147_imit_set_key +#define gost28147_imit_set_nonce nettle_gost28147_imit_set_nonce +#define gost28147_imit_set_param nettle_gost28147_imit_set_param +#define gost28147_imit_update nettle_gost28147_imit_update +#define gost28147_imit_digest nettle_gost28147_imit_digest + #define GOST28147_KEY_SIZE 32 #define GOST28147_BLOCK_SIZE 8

@@ -129,6 +136,46 @@ gost28147_cnt_crypt(struct gost28147_cnt_ctx *ctx, uint8_t *iv, size_t length, uint8_t *dst, const uint8_t *src); + +#define GOST28147_IMIT_DIGEST_SIZE 4 +#define GOST28147_IMIT_BLOCK_SIZE GOST28147_BLOCK_SIZE +#define GOST28147_IMIT_KEY_SIZE GOST28147_KEY_SIZE + +struct gost28147_imit_ctx +{ + struct gost28147_ctx cctx; + uint64_t count; /* Block count */ + uint8_t block[GOST28147_IMIT_BLOCK_SIZE]; /* Block buffer */ + unsigned index; /* Into buffer */ + uint32_t state[GOST28147_IMIT_BLOCK_SIZE/4]; +}; + +void +gost28147_imit_init(struct gost28147_imit_ctx *ctx); + +void +gost28147_imit_set_key(struct gost28147_imit_ctx *ctx, + size_t length, + const uint8_t *key); + +void +gost28147_imit_set_nonce(struct gost28147_imit_ctx *ctx, + const uint8_t *nonce); + +void +gost28147_imit_set_param(struct gost28147_imit_ctx *ctx, + const struct gost28147_param *param); + +void +gost28147_imit_update(struct gost28147_imit_ctx *ctx, + size_t length, + const uint8_t *data); + +void +gost28147_imit_digest(struct gost28147_imit_ctx *ctx, + size_t length, + uint8_t *digest); + #ifdef __cplusplus } #endif diff --git a/testsuite/gost28147-test.c b/testsuite/gost28147-test.c index 201e6ed6..3e593434 100644 --- a/testsuite/gost28147-test.c +++ b/testsuite/gost28147-test.c @@ -174,6 +174,34 @@ test_gost28147_cnt(const struct gost28147_param *param, free(data); }

+static void +test_gost28147_imit(const struct gost28147_param *param, + const struct tstring *key, + const struct tstring *cleartext, + const struct tstring *imit) +{ + struct gost28147_imit_ctx ctx; + uint8_t data[GOST28147_IMIT_DIGEST_SIZE]; + + gost28147_imit_init(&ctx); + gost28147_imit_set_key(&ctx, key->length, key->data); + gost28147_imit_set_param(&ctx, param); + gost28147_imit_update(&ctx, cleartext->length, cleartext->data); + gost28147_imit_digest(&ctx, imit->length, data); + + if (!MEMEQ(imit->length, data, imit->data)) + { + fprintf(stderr, "IMIT failed:\nInput:"); + tstring_print_hex(cleartext); + fprintf(stderr, "\nOutput: "); + print_hex(imit->length, data); + fprintf(stderr, "\nExpected:"); + tstring_print_hex(imit); + fprintf(stderr, "\n"); + FAIL(); + } +} + void test_main(void) { /* Examples from GOST R 34.11-94 standard */ @@ -406,4 +434,72 @@ void test_main(void) "4388693a09bf63e5 96290b9b6223148a 95e41c5c0aa9c5b9 6f4f2b256f741e18" "d5fe277d3f6e552c 67e6deb5ccc02dff c4e40621a5c8d3d6 6ca1c3fb8892b11d" "90e135059b296dba f1f41e232e")); + + /* From Open/LibreSSL testsuite */ + test_gost28147_imit(&gost28147_param_CryptoPro_A, + SHEX("9d05b79e90cad00a 2cdad22ef4e86f5c f5dc37681985b3bf aa18c1c3050a91a2"), + SHEX("b5a1f0e3 ce2f021d 67619434 5c41e36e"), + SHEX("f81f08a3")); + + test_gost28147_imit(&gost28147_param_CryptoPro_A, + SHEX("80d9a0dc21f93040 75fe491b9e719091 7888216039e7c92b fb551df4dd2b0a01"), + SHEX("d6cf31969ca1fbd6 8da3dd01d988c02f bc46c73ae4218696 8de2cab637a2e1a8" + "7ea7792ea456757f 3e558b43ae65dfaa 42b600a661030dd3 4102272395799b34" + "81a986b5a790e2ae c42fc38e325613fa 4d4e9f15757e74dc 322dee4d67709f62" + "b9c4db2484cc167b da22f7c5f3933573 c6031c77a5f27656 b495d47e0d20c66e" + "ee8f2548ff7e013a b41faa35c033589c b5ba654bd35114ec 61cee4ba49ba3932" + "abce8172ceabedd4 d219878592fa6434 d886f48a083cdeee 97929269ba9b5f7a" + "03c15d43028cbed2 467281407d689845 0b54271caf8042e4 d5d4e4a298078f03" + "f52c8c88ca5adee4 9fb15f82ff206752 85844fc8fea79eae 1cfab875d3f79f0d" + "da2de6cc866ba414 65c3f915bc87f5ae 8c10d4ce5b9ce2dd 4203098747ed5dd0" + "7a694cfa437dbf07 856aee68e67a57b2 208d80f2916f5c07 8ce46a4990858b77" + "29561c5ea93fab8b 79a36f6b34cb61f6 e692d1489e11a282 c04e23d2150d8dff" + "fa179d81b8bcd75b 08812040c03c068b 1a880b4b7b31f5d4 4e09d14d0d7f45d1" + "0935bace65ddf2b8 fb7abcc44bc875da 6bce3de894cc236f b03b4f7d07b90f62" + "927eda7050ced328 121100eb8d637078 a87b76abc640c04e 80ddf0fe8372564c" + "094cf17272862631 c3c2dc8ec7f435ec 17066347498847af b3384f7e4495b5bb" + "1dbd5a915bd01adf 0d0b50d8e20ec500 2d5b2919aa2b64c5 40314811bc04d1cf" + "6df9a52f4ac982fa 59e1fcab1c33260a 5feff206d8d37e16 58167873aebaebe5" + "3db20ab3322d14a4 fa3f1f43f97ba943 9818940707e51934 a8165f7167aa29e5" + "faf083061d9dfcfe fe8cb5b2a9e7a040 60b6719eab5b83b9 0c2b582380099e5d" + "947d4076a916969e 83e00deca0ec762a b7a0ffb8504c5bc6 8b0a652efeb4409a" + "01d8c6a3ab99a2c5 0c08c4b7ee4d1dc4 0815d0dbaa634f31 eb149743bdc19408" + "e6de439f950b967e 7f3c68ba6fc4c935 2bc40eda1f916864 633473be5775b9ed" + "f72d3b0521932848 969597a0d27d78bb 6a498f76557463b9 c5361225bf03828f" + "f0f680bb33b4f417 271cf34c10a3e4d1 55d968214e5a8367 bff83c7d4e62d328" + "a7266fe9eec20b2d 0384b1ffd6681fb6 f2e40fda2dee5f6e 21c8e1fcad6b0e04" + "7dafc23ba5689b0c f356f3da8dc87d39 dcd599c60110ce42 1bac48dc97780aec" + "b38f4735a36a64b2 8e63692266ae2ee0 88f9403cc9a25761 f6adf0dc90563f06" + "9b7dbdc28102abb8 1509884aff2f31bf 5efa6a7ef6c5a7f7 d5ab55acae0d8c8d" + "7f4b25bb32ff1133 2e373769961517b1 1749e09a9cd95b8d 58a31d9287f880b9" + "bd5aec40e1003360 e486166d6181f228 6aa7ce3f95ae43ca e13f81747e1c4717" + "95c660da7477d99f fa92b4bee1239818 956303134c1a2d41 cde484f7e638efff" + "95b2e87c8f58b5b5 ed277f3c18abbe7f 4fe2351571b76f85 389b88f69c8d43b5" + "589ef2d196beb7ad 1aa098"), + SHEX("90f2119a")); + + test_gost28147_imit(&gost28147_param_CryptoPro_A, + SHEX("a9b637cc6d9b2f25 b0df47045068b027 4127586abd0a6e50 2fc6fcc03e2942a5"), + SHEX("1debe6790a5900e6 8e5c"), + SHEX("317c16e4")); + + test_gost28147_imit(&gost28147_param_CryptoPro_A, + SHEX("b06c48230a6ef4ec 27980123a7d8bf60 89efade88f79148c 185c9adaef0bdda0"), + SHEX("ef068f14c904"), + SHEX("e972aebf")); + + test_gost28147_imit(&gost28147_param_CryptoPro_B, + SHEX("33d3ef0119950e15 a16975ae56271779 6347ab629d4af034 d31e6974ec3148fc"), + SHEX("02f8ec2b4d1fbc7c 6e47e387227541a7"), + SHEX("f5551f28")); + + test_gost28147_imit(&gost28147_param_CryptoPro_A, + SHEX("423581910ba999ff d943f8c619551f2f 2d4540201e1d327a b1076b4f4590d980"), + SHEX("f3b229d27a370312"), + SHEX("6e15fae8")); + + test_gost28147_imit(&gost28147_param_CryptoPro_A, + SHEX("26cbb9f00c629faa 4a1db63009015689 66d4e40efef6106b 6ce8043ae3614b19"), + SHEX(""), + SHEX("00000000")); }

-- 2.11.0

Dmitry Eremin-Solenikov

11:27 p.m.

New subject: [PATCH 12/13] Implement GOST R 34.11-2012 (Streebog) hash function

diff --git a/Makefile.in b/Makefile.in index 3be828ed..921a199f 100644 --- a/Makefile.in +++ b/Makefile.in @@ -107,7 +107,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ gosthash94.c gosthash94-meta.c \ hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \ hmac-sha224.c hmac-sha256.c hmac-sha384.c hmac-sha512.c \ - hmac-gosthash94.c \ + hmac-gosthash94.c hmac-streebog.c \ knuth-lfib.c \ md2.c md2-meta.c md4.c md4-meta.c \ md5.c md5-compress.c md5-compat.c md5-meta.c \ @@ -132,6 +132,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ sha3-384.c sha3-384-meta.c sha3-512.c sha3-512-meta.c\ serpent-set-key.c serpent-encrypt.c serpent-decrypt.c \ serpent-meta.c \ + streebog.c streebog-meta.c \ twofish.c twofish-meta.c \ umac-nh.c umac-nh-n.c umac-l2.c umac-l3.c \ umac-poly64.c umac-poly128.c umac-set-key.c \ @@ -204,7 +205,8 @@ HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h \ pbkdf2.h \ pgp.h pkcs1.h pss.h pss-mgf1.h realloc.h ripemd160.h rsa.h \ salsa20.h sexp.h \ - serpent.h sha.h sha1.h sha2.h sha3.h twofish.h \ + serpent.h sha.h sha1.h sha2.h sha3.h \ + streebog.h twofish.h \ umac.h yarrow.h poly1305.h

INSTALL_HEADERS = $(HEADERS) nettle-stdint.h version.h @IF_MINI_GMP@ mini-gmp.h diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c index f5508f19..8a1ed3b2 100644 --- a/examples/nettle-benchmark.c +++ b/examples/nettle-benchmark.c @@ -734,7 +734,8 @@ main(int argc, char **argv) &nettle_sha3_224, &nettle_sha3_256, &nettle_sha3_384, &nettle_sha3_512, &nettle_ripemd160, &nettle_gosthash94, - &nettle_gosthash94cp, + &nettle_gosthash94cp, &nettle_streebog256, + &nettle_streebog512, NULL };

diff --git a/hmac-streebog.c b/hmac-streebog.c new file mode 100644 index 00000000..8298364b --- /dev/null +++ b/hmac-streebog.c @@ -0,0 +1,73 @@ +/* hmac-streebog.c + + HMAC-Streebog message authentication code. + + Copyright (C) 2016 Dmitry Eremin-Solenikov + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "hmac.h" + +void +hmac_streebog512_set_key(struct hmac_streebog512_ctx *ctx, + size_t key_length, const uint8_t *key) +{ + HMAC_SET_KEY(ctx, &nettle_streebog512, key_length, key); +} + +void +hmac_streebog512_update(struct hmac_streebog512_ctx *ctx, + size_t length, const uint8_t *data) +{ + streebog512_update(&ctx->state, length, data); +} + +void +hmac_streebog512_digest(struct hmac_streebog512_ctx *ctx, + size_t length, uint8_t *digest) +{ + HMAC_DIGEST(ctx, &nettle_streebog512, length, digest); +} + +void +hmac_streebog256_set_key(struct hmac_streebog256_ctx *ctx, + size_t key_length, const uint8_t *key) +{ + HMAC_SET_KEY(ctx, &nettle_streebog256, key_length, key); +} + +void +hmac_streebog256_digest(struct hmac_streebog256_ctx *ctx, + size_t length, uint8_t *digest) +{ + HMAC_DIGEST(ctx, &nettle_streebog256, length, digest); +} diff --git a/hmac.h b/hmac.h index d9ee3400..72c8fd57 100644 --- a/hmac.h +++ b/hmac.h @@ -41,6 +41,7 @@ #include "ripemd160.h" #include "sha1.h" #include "sha2.h" +#include "streebog.h"

#ifdef __cplusplus extern "C" { @@ -75,6 +76,11 @@ extern "C" { #define hmac_gosthash94cp_set_key nettle_hmac_gosthash94cp_set_key #define hmac_gosthash94cp_update nettle_hmac_gosthash94cp_update #define hmac_gosthash94cp_digest nettle_hmac_gosthash94cp_digest +#define hmac_streebog256_set_key nettle_hmac_streebog256_set_key +#define hmac_streebog256_digest nettle_hmac_streebog256_digest +#define hmac_streebog512_set_key nettle_hmac_streebog512_set_key +#define hmac_streebog512_update nettle_hmac_streebog512_update +#define hmac_streebog512_digest nettle_hmac_streebog512_digest

void hmac_set_key(void *outer, void *inner, void *state, @@ -240,6 +246,33 @@ hmac_gosthash94cp_digest(struct hmac_gosthash94cp_ctx *ctx, size_t length, uint8_t *digest);

+/* hmac-streebog */ +struct hmac_streebog512_ctx HMAC_CTX(struct streebog512_ctx); + +void +hmac_streebog512_set_key(struct hmac_streebog512_ctx *ctx, + size_t key_length, const uint8_t *key); + +void +hmac_streebog512_update(struct hmac_streebog512_ctx *ctx, + size_t length, const uint8_t *data); + +void +hmac_streebog512_digest(struct hmac_streebog512_ctx *ctx, + size_t length, uint8_t *digest); + +#define hmac_streebog256_ctx hmac_streebog512_ctx + +void +hmac_streebog256_set_key(struct hmac_streebog256_ctx *ctx, + size_t key_length, const uint8_t *key); + +#define hmac_streebog256_update hmac_streebog512_update + +void +hmac_streebog256_digest(struct hmac_streebog256_ctx *ctx, + size_t length, uint8_t *digest); + #ifdef __cplusplus } #endif diff --git a/nettle-meta-hashes.c b/nettle-meta-hashes.c index bf61fb11..34b0dee0 100644 --- a/nettle-meta-hashes.c +++ b/nettle-meta-hashes.c @@ -52,5 +52,7 @@ const struct nettle_hash * const nettle_hashes[] = { &nettle_sha3_256, &nettle_sha3_384, &nettle_sha3_512, + &nettle_streebog256, + &nettle_streebog512, NULL }; diff --git a/nettle-meta.h b/nettle-meta.h index 3e775720..a814dc95 100644 --- a/nettle-meta.h +++ b/nettle-meta.h @@ -136,6 +136,8 @@ extern const struct nettle_hash nettle_sha3_224; extern const struct nettle_hash nettle_sha3_256; extern const struct nettle_hash nettle_sha3_384; extern const struct nettle_hash nettle_sha3_512; +extern const struct nettle_hash nettle_streebog256; +extern const struct nettle_hash nettle_streebog512;

struct nettle_aead { diff --git a/nettle.texinfo b/nettle.texinfo index 2195030d..b918b6ff 100644 --- a/nettle.texinfo +++ b/nettle.texinfo @@ -763,6 +763,78 @@ octets of the digest are written. This function also resets the context. @end deftypefun

+@subsubsection @acronym{STREEBOG512} + +STREEBOG512 is a member of the Streebog (GOST R 34.11-2012) family. It outputs +hash values of 512 bits, or 64 octets. Nettle defines STREEBOG512 in +@file{<nettle/streebog.h>}. + +@deftp {Context struct} {struct streebog512_ctx} +@end deftp + +@defvr Constant STREEBOG512_DIGEST_SIZE +The size of a STREEBOG512 digest, i.e. 64. +@end defvr + +@defvr Constant STREEBOG512_BLOCK_SIZE +The internal block size of STREEBOG512. Useful for some special constructions, +in particular HMAC-STREEBOG512. +@end defvr + +@deftypefun void streebog512_init (struct streebog512_ctx *@var{ctx}) +Initialize the STREEBOG512 state. +@end deftypefun + +@deftypefun void streebog512_update (struct streebog512_ctx *@var{ctx}, size_t @var{length}, const uint8_t *@var{data}) +Hash some more data. +@end deftypefun + +@deftypefun void streebog512_digest (struct streebog512_ctx *@var{ctx}, size_t @var{length}, uint8_t *@var{digest}) +Performs final processing and extracts the message digest, writing it +to @var{digest}. @var{length} may be smaller than +@code{STREEBOG512_DIGEST_SIZE}, in which case only the first @var{length} +octets of the digest are written. + +This function also resets the context in the same way as +@code{streebog512_init}. +@end deftypefun + +@subsubsection @acronym{STREEBOG256} + +STREEBOG256 is a variant of STREEBOG512, with a different initial state, and with +the output truncated to 256 bits, or 32 octets. Nettle defines STREEBOG256 in +@file{<nettle/streebog.h>}. + +@deftp {Context struct} {struct streebog256_ctx} +@end deftp + +@defvr Constant STREEBOG256_DIGEST_SIZE +The size of a STREEBOG256 digest, i.e. 32. +@end defvr + +@defvr Constant STREEBOG256_BLOCK_SIZE +The internal block size of STREEBOG256. Useful for some special constructions, +in particular HMAC-STREEBOG256. +@end defvr + +@deftypefun void streebog256_init (struct streebog256_ctx *@var{ctx}) +Initialize the STREEBOG256 state. +@end deftypefun + +@deftypefun void streebog256_update (struct streebog256_ctx *@var{ctx}, size_t @var{length}, const uint8_t *@var{data}) +Hash some more data. +@end deftypefun + +@deftypefun void streebog256_digest (struct streebog256_ctx *@var{ctx}, size_t @var{length}, uint8_t *@var{digest}) +Performs final processing and extracts the message digest, writing it +to @var{digest}. @var{length} may be smaller than +@code{STREEBOG256_DIGEST_SIZE}, in which case only the first @var{length} +octets of the digest are written. + +This function also resets the context in the same way as +@code{streebog256_init}. +@end deftypefun + @node Legacy hash functions, nettle_hash abstraction, Recommended hash functions, Hash functions @comment node-name, next, previous, up @subsection Legacy hash functions diff --git a/streebog-meta.c b/streebog-meta.c new file mode 100644 index 00000000..b8284d5c --- /dev/null +++ b/streebog-meta.c @@ -0,0 +1,44 @@ +/* streebog-meta.c + + Copyright (C) 2012 Nikos Mavrogiannopoulos, Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "nettle-meta.h" + +#include "streebog.h" + +const struct nettle_hash nettle_streebog512 += _NETTLE_HASH(streebog512, STREEBOG512); + +const struct nettle_hash nettle_streebog256 += _NETTLE_HASH(streebog256, STREEBOG256); diff --git a/streebog.c b/streebog.c new file mode 100644 index 00000000..3b4af71b --- /dev/null +++ b/streebog.c @@ -0,0 +1,1332 @@ +/* streebog.c - GOST R 34.11-2012 (Streebog) hash function + + Copyright (C) 2013-2015 Dmitry Eremin-Solenikov + + Based on my code in libgcrypt. + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. + */ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> +#include <stdlib.h> +#include <string.h> + +#include "streebog.h" + +#include "macros.h" +#include "nettle-write.h" + + +/* Pre-computed results of multiplication of bytes on A and reordered with + Pi[]. */ +static const uint64_t streebog_table[8][256] = +{ + /* 0 */ + { 0xd01f715b5c7ef8e6ULL, 0x16fa240980778325ULL, + 0xa8a42e857ee049c8ULL, 0x6ac1068fa186465bULL, + 0x6e417bd7a2e9320bULL, 0x665c8167a437daabULL, + 0x7666681aa89617f6ULL, 0x4b959163700bdcf5ULL, + 0xf14be6b78df36248ULL, 0xc585bd689a625cffULL, + 0x9557d7fca67d82cbULL, 0x89f0b969af6dd366ULL, + 0xb0833d48749f6c35ULL, 0xa1998c23b1ecbc7cULL, + 0x8d70c431ac02a736ULL, 0xd6dfbc2fd0a8b69eULL, + 0x37aeb3e551fa198bULL, 0x0b7d128a40b5cf9cULL, + 0x5a8f2008b5780cbcULL, 0xedec882284e333e5ULL, + 0xd25fc177d3c7c2ceULL, 0x5e0f5d50b61778ecULL, + 0x1d873683c0c24cb9ULL, 0xad040bcbb45d208cULL, + 0x2f89a0285b853c76ULL, 0x5732fff6791b8d58ULL, + 0x3e9311439ef6ec3fULL, 0xc9183a809fd3c00fULL, + 0x83adf3f5260a01eeULL, 0xa6791941f4e8ef10ULL, + 0x103ae97d0ca1cd5dULL, 0x2ce948121dee1b4aULL, + 0x39738421dbf2bf53ULL, 0x093da2a6cf0cf5b4ULL, + 0xcd9847d89cbcb45fULL, 0xf9561c078b2d8ae8ULL, + 0x9c6a755a6971777fULL, 0xbc1ebaa0712ef0c5ULL, + 0x72e61542abf963a6ULL, 0x78bb5fde229eb12eULL, + 0x14ba94250fceb90dULL, 0x844d6697630e5282ULL, + 0x98ea08026a1e032fULL, 0xf06bbea144217f5cULL, + 0xdb6263d11ccb377aULL, 0x641c314b2b8ee083ULL, + 0x320e96ab9b4770cfULL, 0x1ee7deb986a96b85ULL, + 0xe96cf57a878c47b5ULL, 0xfdd6615f8842feb8ULL, + 0xc83862965601dd1bULL, 0x2ea9f83e92572162ULL, + 0xf876441142ff97fcULL, 0xeb2c455608357d9dULL, + 0x5612a7e0b0c9904cULL, 0x6c01cbfb2d500823ULL, + 0x4548a6a7fa037a2dULL, 0xabc4c6bf388b6ef4ULL, + 0xbade77d4fdf8bebdULL, 0x799b07c8eb4cac3aULL, + 0x0c9d87e805b19cf0ULL, 0xcb588aac106afa27ULL, + 0xea0c1d40c1e76089ULL, 0x2869354a1e816f1aULL, + 0xff96d17307fbc490ULL, 0x9f0a9d602f1a5043ULL, + 0x96373fc6e016a5f7ULL, 0x5292dab8b3a6e41cULL, + 0x9b8ae0382c752413ULL, 0x4f15ec3b7364a8a5ULL, + 0x3fb349555724f12bULL, 0xc7c50d4415db66d7ULL, + 0x92b7429ee379d1a7ULL, 0xd37f99611a15dfdaULL, + 0x231427c05e34a086ULL, 0xa439a96d7b51d538ULL, + 0xb403401077f01865ULL, 0xdda2aea5901d7902ULL, + 0x0a5d4a9c8967d288ULL, 0xc265280adf660f93ULL, + 0x8bb0094520d4e94eULL, 0x2a29856691385532ULL, + 0x42a833c5bf072941ULL, 0x73c64d54622b7eb2ULL, + 0x07e095624504536cULL, 0x8a905153e906f45aULL, + 0x6f6123c16b3b2f1fULL, 0xc6e55552dc097bc3ULL, + 0x4468feb133d16739ULL, 0xe211e7f0c7398829ULL, + 0xa2f96419f7879b40ULL, 0x19074bdbc3ad38e9ULL, + 0xf4ebc3f9474e0b0cULL, 0x43886bd376d53455ULL, + 0xd8028beb5aa01046ULL, 0x51f23282f5cdc320ULL, + 0xe7b1c2be0d84e16dULL, 0x081dfab006dee8a0ULL, + 0x3b33340d544b857bULL, 0x7f5bcabc679ae242ULL, + 0x0edd37c48a08a6d8ULL, 0x81ed43d9a9b33bc6ULL, + 0xb1a3655ebd4d7121ULL, 0x69a1eeb5e7ed6167ULL, + 0xf6ab73d5c8f73124ULL, 0x1a67a3e185c61fd5ULL, + 0x2dc91004d43c065eULL, 0x0240b02c8fb93a28ULL, + 0x90f7f2b26cc0eb8fULL, 0x3cd3a16f114fd617ULL, + 0xaae49ea9f15973e0ULL, 0x06c0cd748cd64e78ULL, + 0xda423bc7d5192a6eULL, 0xc345701c16b41287ULL, + 0x6d2193ede4821537ULL, 0xfcf639494190e3acULL, + 0x7c3b228621f1c57eULL, 0xfb16ac2b0494b0c0ULL, + 0xbf7e529a3745d7f9ULL, 0x6881b6a32e3f7c73ULL, + 0xca78d2bad9b8e733ULL, 0xbbfe2fc2342aa3a9ULL, + 0x0dbddffecc6381e4ULL, 0x70a6a56e2440598eULL, + 0xe4d12a844befc651ULL, 0x8c509c2765d0ba22ULL, + 0xee8c6018c28814d9ULL, 0x17da7c1f49a59e31ULL, + 0x609c4c1328e194d3ULL, 0xb3e3d57232f44b09ULL, + 0x91d7aaa4a512f69bULL, 0x0ffd6fd243dabbccULL, + 0x50d26a943c1fde34ULL, 0x6be15e9968545b4fULL, + 0x94778fea6faf9fdfULL, 0x2b09dd7058ea4826ULL, + 0x677cd9716de5c7bfULL, 0x49d5214fffb2e6ddULL, + 0x0360e83a466b273cULL, 0x1fc786af4f7b7691ULL, + 0xa0b9d435783ea168ULL, 0xd49f0c035f118cb6ULL, + 0x01205816c9d21d14ULL, 0xac2453dd7d8f3d98ULL, + 0x545217cc3f70aa64ULL, 0x26b4028e9489c9c2ULL, + 0xdec2469fd6765e3eULL, 0x04807d58036f7450ULL, + 0xe5f17292823ddb45ULL, 0xf30b569b024a5860ULL, + 0x62dcfc3fa758aefbULL, 0xe84cad6c4e5e5aa1ULL, + 0xccb81fce556ea94bULL, 0x53b282ae7a74f908ULL, + 0x1b47fbf74c1402c1ULL, 0x368eebf39828049fULL, + 0x7afbeff2ad278b06ULL, 0xbe5e0a8cfe97caedULL, + 0xcfd8f7f413058e77ULL, 0xf78b2bc301252c30ULL, + 0x4d555c17fcdd928dULL, 0x5f2f05467fc565f8ULL, + 0x24f4b2a21b30f3eaULL, 0x860dd6bbecb768aaULL, + 0x4c750401350f8f99ULL, 0x0000000000000000ULL, + 0xecccd0344d312ef1ULL, 0xb5231806be220571ULL, + 0xc105c030990d28afULL, 0x653c695de25cfd97ULL, + 0x159acc33c61ca419ULL, 0xb89ec7f872418495ULL, + 0xa9847693b73254dcULL, 0x58cf90243ac13694ULL, + 0x59efc832f3132b80ULL, 0x5c4fed7c39ae42c4ULL, + 0x828dabe3efd81cfaULL, 0xd13f294d95ace5f2ULL, + 0x7d1b7a90e823d86aULL, 0xb643f03cf849224dULL, + 0x3df3f979d89dcb03ULL, 0x7426d836272f2ddeULL, + 0xdfe21e891fa4432aULL, 0x3a136c1b9d99986fULL, + 0xfa36f43dcd46add4ULL, 0xc025982650df35bbULL, + 0x856d3e81aadc4f96ULL, 0xc4a5e57e53b041ebULL, + 0x4708168b75ba4005ULL, 0xaf44bbe73be41aa4ULL, + 0x971767d029c4b8e3ULL, 0xb9be9feebb939981ULL, + 0x215497ecd18d9aaeULL, 0x316e7e91dd2c57f3ULL, + 0xcef8afe2dad79363ULL, 0x3853dc371220a247ULL, + 0x35ee03c9de4323a3ULL, 0xe6919aa8c456fc79ULL, + 0xe05157dc4880b201ULL, 0x7bdbb7e464f59612ULL, + 0x127a59518318f775ULL, 0x332ecebd52956ddbULL, + 0x8f30741d23bb9d1eULL, 0xd922d3fd93720d52ULL, + 0x7746300c61440ae2ULL, 0x25d4eab4d2e2eefeULL, + 0x75068020eefd30caULL, 0x135a01474acaea61ULL, + 0x304e268714fe4ae7ULL, 0xa519f17bb283c82cULL, + 0xdc82f6b359cf6416ULL, 0x5baf781e7caa11a8ULL, + 0xb2c38d64fb26561dULL, 0x34ce5bdf17913eb7ULL, + 0x5d6fb56af07c5fd0ULL, 0x182713cd0a7f25fdULL, + 0x9e2ac576e6c84d57ULL, 0x9aaab82ee5a73907ULL, + 0xa3d93c0f3e558654ULL, 0x7e7b92aaae48ff56ULL, + 0x872d8ead256575beULL, 0x41c8dbfff96c0e7dULL, + 0x99ca5014a3cc1e3bULL, 0x40e883e930be1369ULL, + 0x1ca76e95091051adULL, 0x4e35b42dbab6b5b1ULL, + 0x05a0254ecabd6944ULL, 0xe1710fca8152af15ULL, + 0xf22b0e8dcb984574ULL, 0xb763a82a319b3f59ULL, + 0x63fca4296e8ab3efULL, 0x9d4a2d4ca0a36a6bULL, + 0xe331bfe60eeb953dULL, 0xd5bf541596c391a2ULL, + 0xf5cb9bef8e9c1618ULL, 0x46284e9dbc685d11ULL, + 0x2074cffa185f87baULL, 0xbd3ee2b6b8fcedd1ULL, + 0xae64e3f1f23607b0ULL, 0xfeb68965ce29d984ULL, + 0x55724fdaf6a2b770ULL, 0x29496d5cd753720eULL, + 0xa75941573d3af204ULL, 0x8e102c0bea69800aULL, + 0x111ab16bc573d049ULL, 0xd7ffe439197aab8aULL, + 0xefac380e0b5a09cdULL, 0x48f579593660fbc9ULL, + 0x22347fd697e6bd92ULL, 0x61bc1405e13389c7ULL, + 0x4ab5c975b9d9c1e1ULL, 0x80cd1bcf606126d2ULL, + 0x7186fd78ed92449aULL, 0x93971a882aabccb3ULL, + 0x88d0e17f66bfce72ULL, 0x27945a985d5bd4d6ULL }, + /* 1 */ + { 0xde553f8c05a811c8ULL, 0x1906b59631b4f565ULL, + 0x436e70d6b1964ff7ULL, 0x36d343cb8b1e9d85ULL, + 0x843dfacc858aab5aULL, 0xfdfc95c299bfc7f9ULL, + 0x0f634bdea1d51fa2ULL, 0x6d458b3b76efb3cdULL, + 0x85c3f77cf8593f80ULL, 0x3c91315fbe737cb2ULL, + 0x2148b03366ace398ULL, 0x18f8b8264c6761bfULL, + 0xc830c1c495c9fb0fULL, 0x981a76102086a0aaULL, + 0xaa16012142f35760ULL, 0x35cc54060c763cf6ULL, + 0x42907d66cc45db2dULL, 0x8203d44b965af4bcULL, + 0x3d6f3cefc3a0e868ULL, 0xbc73ff69d292bda7ULL, + 0x8722ed0102e20a29ULL, 0x8f8185e8cd34deb7ULL, + 0x9b0561dda7ee01d9ULL, 0x5335a0193227fad6ULL, + 0xc9cecc74e81a6fd5ULL, 0x54f5832e5c2431eaULL, + 0x99e47ba05d553470ULL, 0xf7bee756acd226ceULL, + 0x384e05a5571816fdULL, 0xd1367452a47d0e6aULL, + 0xf29fde1c386ad85bULL, 0x320c77316275f7caULL, + 0xd0c879e2d9ae9ab0ULL, 0xdb7406c69110ef5dULL, + 0x45505e51a2461011ULL, 0xfc029872e46c5323ULL, + 0xfa3cb6f5f7bc0cc5ULL, 0x031f17cd8768a173ULL, + 0xbd8df2d9af41297dULL, 0x9d3b4f5ab43e5e3fULL, + 0x4071671b36feee84ULL, 0x716207e7d3e3b83dULL, + 0x48d20ff2f9283a1aULL, 0x27769eb4757cbc7eULL, + 0x5c56ebc793f2e574ULL, 0xa48b474f9ef5dc18ULL, + 0x52cbada94ff46e0cULL, 0x60c7da982d8199c6ULL, + 0x0e9d466edc068b78ULL, 0x4eec2175eaf865fcULL, + 0x550b8e9e21f7a530ULL, 0x6b7ba5bc653fec2bULL, + 0x5eb7f1ba6949d0ddULL, 0x57ea94e3db4c9099ULL, + 0xf640eae6d101b214ULL, 0xdd4a284182c0b0bbULL, + 0xff1d8fbf6304f250ULL, 0xb8accb933bf9d7e8ULL, + 0xe8867c478eb68c4dULL, 0x3f8e2692391bddc1ULL, + 0xcb2fd60912a15a7cULL, 0xaec935dbab983d2fULL, + 0xf55ffd2b56691367ULL, 0x80e2ce366ce1c115ULL, + 0x179bf3f8edb27e1dULL, 0x01fe0db07dd394daULL, + 0xda8a0b76ecc37b87ULL, 0x44ae53e1df9584cbULL, + 0xb310b4b77347a205ULL, 0xdfab323c787b8512ULL, + 0x3b511268d070b78eULL, 0x65e6e3d2b9396753ULL, + 0x6864b271e2574d58ULL, 0x259784c98fc789d7ULL, + 0x02e11a7dfabb35a9ULL, 0x8841a6dfa337158bULL, + 0x7ade78c39b5dcdd0ULL, 0xb7cf804d9a2cc84aULL, + 0x20b6bd831b7f7742ULL, 0x75bd331d3a88d272ULL, + 0x418f6aab4b2d7a5eULL, 0xd9951cbb6babdaf4ULL, + 0xb6318dfde7ff5c90ULL, 0x1f389b112264aa83ULL, + 0x492c024284fbaec0ULL, 0xe33a0363c608f9a0ULL, + 0x2688930408af28a4ULL, 0xc7538a1a341ce4adULL, + 0x5da8e677ee2171aeULL, 0x8c9e92254a5c7fc4ULL, + 0x63d8cd55aae938b5ULL, 0x29ebd8daa97a3706ULL, + 0x959827b37be88aa1ULL, 0x1484e4356adadf6eULL, + 0xa7945082199d7d6bULL, 0xbf6ce8a455fa1cd4ULL, + 0x9cc542eac9edcae5ULL, 0x79c16f0e1c356ca3ULL, + 0x89bfab6fdee48151ULL, 0xd4174d1830c5f0ffULL, + 0x9258048415eb419dULL, 0x6139d72850520d1cULL, + 0x6a85a80c18ec78f1ULL, 0xcd11f88e0171059aULL, + 0xcceff53e7ca29140ULL, 0xd229639f2315af19ULL, + 0x90b91ef9ef507434ULL, 0x5977d28d074a1be1ULL, + 0x311360fce51d56b9ULL, 0xc093a92d5a1f2f91ULL, + 0x1a19a25bb6dc5416ULL, 0xeb996b8a09de2d3eULL, + 0xfee3820f1ed7668aULL, 0xd7085ad5b7ad518cULL, + 0x7fff41890fe53345ULL, 0xec5948bd67dde602ULL, + 0x2fd5f65dbaaa68e0ULL, 0xa5754affe32648c2ULL, + 0xf8ddac880d07396cULL, 0x6fa491468c548664ULL, + 0x0c7c5c1326bdbed1ULL, 0x4a33158f03930fb3ULL, + 0x699abfc19f84d982ULL, 0xe4fa2054a80b329cULL, + 0x6707f9af438252faULL, 0x08a368e9cfd6d49eULL, + 0x47b1442c58fd25b8ULL, 0xbbb3dc5ebc91769bULL, + 0x1665fe489061eac7ULL, 0x33f27a811fa66310ULL, + 0x93a609346838d547ULL, 0x30ed6d4c98cec263ULL, + 0x1dd9816cd8df9f2aULL, 0x94662a03063b1e7bULL, + 0x83fdd9fbeb896066ULL, 0x7b207573e68e590aULL, + 0x5f49fc0a149a4407ULL, 0x343259b671a5a82cULL, + 0xfbc2bb458a6f981fULL, 0xc272b350a0a41a38ULL, + 0x3aaf1fd8ada32354ULL, 0x6cbb868b0b3c2717ULL, + 0xa2b569c88d2583feULL, 0xf180c9d1bf027928ULL, + 0xaf37386bd64ba9f5ULL, 0x12bacab2790a8088ULL, + 0x4c0d3b0810435055ULL, 0xb2eeb9070e9436dfULL, + 0xc5b29067cea7d104ULL, 0xdcb425f1ff132461ULL, + 0x4f122cc5972bf126ULL, 0xac282fa651230886ULL, + 0xe7e537992f6393efULL, 0xe61b3a2952b00735ULL, + 0x709c0a57ae302ce7ULL, 0xe02514ae416058d3ULL, + 0xc44c9dd7b37445deULL, 0x5a68c5408022ba92ULL, + 0x1c278cdca50c0bf0ULL, 0x6e5a9cf6f18712beULL, + 0x86dce0b17f319ef3ULL, 0x2d34ec2040115d49ULL, + 0x4bcd183f7e409b69ULL, 0x2815d56ad4a9a3dcULL, + 0x24698979f2141d0dULL, 0x0000000000000000ULL, + 0x1ec696a15fb73e59ULL, 0xd86b110b16784e2eULL, + 0x8e7f8858b0e74a6dULL, 0x063e2e8713d05fe6ULL, + 0xe2c40ed3bbdb6d7aULL, 0xb1f1aeca89fc97acULL, + 0xe1db191e3cb3cc09ULL, 0x6418ee62c4eaf389ULL, + 0xc6ad87aa49cf7077ULL, 0xd6f65765ca7ec556ULL, + 0x9afb6c6dda3d9503ULL, 0x7ce05644888d9236ULL, + 0x8d609f95378feb1eULL, 0x23a9aa4e9c17d631ULL, + 0x6226c0e5d73aac6fULL, 0x56149953a69f0443ULL, + 0xeeb852c09d66d3abULL, 0x2b0ac2a753c102afULL, + 0x07c023376e03cb3cULL, 0x2ccae1903dc2c993ULL, + 0xd3d76e2f5ec63bc3ULL, 0x9e2458973356ff4cULL, + 0xa66a5d32644ee9b1ULL, 0x0a427294356de137ULL, + 0x783f62be61e6f879ULL, 0x1344c70204d91452ULL, + 0x5b96c8f0fdf12e48ULL, 0xa90916ecc59bf613ULL, + 0xbe92e5142829880eULL, 0x727d102a548b194eULL, + 0x1be7afebcb0fc0ccULL, 0x3e702b2244c8491bULL, + 0xd5e940a84d166425ULL, 0x66f9f41f3e51c620ULL, + 0xabe80c913f20c3baULL, 0xf07ec461c2d1edf2ULL, + 0xf361d3ac45b94c81ULL, 0x0521394a94b8fe95ULL, + 0xadd622162cf09c5cULL, 0xe97871f7f3651897ULL, + 0xf4a1f09b2bba87bdULL, 0x095d6559b2054044ULL, + 0x0bbc7f2448be75edULL, 0x2af4cf172e129675ULL, + 0x157ae98517094bb4ULL, 0x9fda55274e856b96ULL, + 0x914713499283e0eeULL, 0xb952c623462a4332ULL, + 0x74433ead475b46a8ULL, 0x8b5eb112245fb4f8ULL, + 0xa34b6478f0f61724ULL, 0x11a5dd7ffe6221fbULL, + 0xc16da49d27ccbb4bULL, 0x76a224d0bde07301ULL, + 0x8aa0bca2598c2022ULL, 0x4df336b86d90c48fULL, + 0xea67663a740db9e4ULL, 0xef465f70e0b54771ULL, + 0x39b008152acb8227ULL, 0x7d1e5bf4f55e06ecULL, + 0x105bd0cf83b1b521ULL, 0x775c2960c033e7dbULL, + 0x7e014c397236a79fULL, 0x811cc386113255cfULL, + 0xeda7450d1a0e72d8ULL, 0x5889df3d7a998f3bULL, + 0x2e2bfbedc779fc3aULL, 0xce0eef438619a4e9ULL, + 0x372d4e7bf6cd095fULL, 0x04df34fae96b6a4fULL, + 0xf923a13870d4adb6ULL, 0xa1aa7e050a4d228dULL, + 0xa8f71b5cb84862c9ULL, 0xb52e9a306097fde3ULL, + 0x0d8251a35b6e2a0bULL, 0x2257a7fee1c442ebULL, + 0x73831d9a29588d94ULL, 0x51d4ba64c89ccf7fULL, + 0x502ab7d4b54f5ba5ULL, 0x97793dce8153bf08ULL, + 0xe5042de4d5d8a646ULL, 0x9687307efc802bd2ULL, + 0xa05473b5779eb657ULL, 0xb4d097801d446939ULL, + 0xcff0e2f3fbca3033ULL, 0xc38cbee0dd778ee2ULL, + 0x464f499c252eb162ULL, 0xcad1dbb96f72cea6ULL, + 0xba4dd1eec142e241ULL, 0xb00fa37af42f0376ULL }, + /* 2 */ + { 0xcce4cd3aa968b245ULL, 0x089d5484e80b7fafULL, + 0x638246c1b3548304ULL, 0xd2fe0ec8c2355492ULL, + 0xa7fbdf7ff2374eeeULL, 0x4df1600c92337a16ULL, + 0x84e503ea523b12fbULL, 0x0790bbfd53ab0c4aULL, + 0x198a780f38f6ea9dULL, 0x2ab30c8f55ec48cbULL, + 0xe0f7fed6b2c49db5ULL, 0xb6ecf3f422cadbdcULL, + 0x409c9a541358df11ULL, 0xd3ce8a56dfde3fe3ULL, + 0xc3e9224312c8c1a0ULL, 0x0d6dfa58816ba507ULL, + 0xddf3e1b179952777ULL, 0x04c02a42748bb1d9ULL, + 0x94c2abff9f2decb8ULL, 0x4f91752da8f8acf4ULL, + 0x78682befb169bf7bULL, 0xe1c77a48af2ff6c4ULL, + 0x0c5d7ec69c80ce76ULL, 0x4cc1e4928fd81167ULL, + 0xfeed3d24d9997b62ULL, 0x518bb6dfc3a54a23ULL, + 0x6dbf2d26151f9b90ULL, 0xb5bc624b05ea664fULL, + 0xe86aaa525acfe21aULL, 0x4801ced0fb53a0beULL, + 0xc91463e6c00868edULL, 0x1027a815cd16fe43ULL, + 0xf67069a0319204cdULL, 0xb04ccc976c8abce7ULL, + 0xc0b9b3fc35e87c33ULL, 0xf380c77c58f2de65ULL, + 0x50bb3241de4e2152ULL, 0xdf93f490435ef195ULL, + 0xf1e0d25d62390887ULL, 0xaf668bfb1a3c3141ULL, + 0xbc11b251f00a7291ULL, 0x73a5eed47e427d47ULL, + 0x25bee3f6ee4c3b2eULL, 0x43cc0beb34786282ULL, + 0xc824e778dde3039cULL, 0xf97d86d98a327728ULL, + 0xf2b043e24519b514ULL, 0xe297ebf7880f4b57ULL, + 0x3a94a49a98fab688ULL, 0x868516cb68f0c419ULL, + 0xeffa11af0964ee50ULL, 0xa4ab4ec0d517f37dULL, + 0xa9c6b498547c567aULL, 0x8e18424f80fbbbb6ULL, + 0x0bcdc53bcf2bc23cULL, 0x137739aaea3643d0ULL, + 0x2c1333ec1bac2ff0ULL, 0x8d48d3f0a7db0625ULL, + 0x1e1ac3f26b5de6d7ULL, 0xf520f81f16b2b95eULL, + 0x9f0f6ec450062e84ULL, 0x0130849e1deb6b71ULL, + 0xd45e31ab8c7533a9ULL, 0x652279a2fd14e43fULL, + 0x3209f01e70f1c927ULL, 0xbe71a770cac1a473ULL, + 0x0e3d6be7a64b1894ULL, 0x7ec8148cff29d840ULL, + 0xcb7476c7fac3be0fULL, 0x72956a4a63a91636ULL, + 0x37f95ec21991138fULL, 0x9e3fea5a4ded45f5ULL, + 0x7b38ba50964902e8ULL, 0x222e580bbde73764ULL, + 0x61e253e0899f55e6ULL, 0xfc8d2805e352ad80ULL, + 0x35994be3235ac56dULL, 0x09add01af5e014deULL, + 0x5e8659a6780539c6ULL, 0xb17c48097161d796ULL, + 0x026015213acbd6e2ULL, 0xd1ae9f77e515e901ULL, + 0xb7dc776a3f21b0adULL, 0xaba6a1b96eb78098ULL, + 0x9bcf4486248d9f5dULL, 0x582666c536455efdULL, + 0xfdbdac9bfeb9c6f1ULL, 0xc47999be4163cdeaULL, + 0x765540081722a7efULL, 0x3e548ed8ec710751ULL, + 0x3d041f67cb51bac2ULL, 0x7958af71ac82d40aULL, + 0x36c9da5c047a78feULL, 0xed9a048e33af38b2ULL, + 0x26ee7249c96c86bdULL, 0x900281bdeba65d61ULL, + 0x11172c8bd0fd9532ULL, 0xea0abf73600434f8ULL, + 0x42fc8f75299309f3ULL, 0x34a9cf7d3eb1ae1cULL, + 0x2b838811480723baULL, 0x5ce64c8742ceef24ULL, + 0x1adae9b01fd6570eULL, 0x3c349bf9d6bad1b3ULL, + 0x82453c891c7b75c0ULL, 0x97923a40b80d512bULL, + 0x4a61dbf1c198765cULL, 0xb48ce6d518010d3eULL, + 0xcfb45c858e480fd6ULL, 0xd933cbf30d1e96aeULL, + 0xd70ea014ab558e3aULL, 0xc189376228031742ULL, + 0x9262949cd16d8b83ULL, 0xeb3a3bed7def5f89ULL, + 0x49314a4ee6b8cbcfULL, 0xdcc3652f647e4c06ULL, + 0xda635a4c2a3e2b3dULL, 0x470c21a940f3d35bULL, + 0x315961a157d174b4ULL, 0x6672e81dda3459acULL, + 0x5b76f77a1165e36eULL, 0x445cb01667d36ec8ULL, + 0xc5491d205c88a69bULL, 0x456c34887a3805b9ULL, + 0xffddb9bac4721013ULL, 0x99af51a71e4649bfULL, + 0xa15be01cbc7729d5ULL, 0x52db2760e485f7b0ULL, + 0x8c78576eba306d54ULL, 0xae560f6507d75a30ULL, + 0x95f22f6182c687c9ULL, 0x71c5fbf54489aba5ULL, + 0xca44f259e728d57eULL, 0x88b87d2ccebbdc8dULL, + 0xbab18d32be4a15aaULL, 0x8be8ec93e99b611eULL, + 0x17b713e89ebdf209ULL, 0xb31c5d284baa0174ULL, + 0xeeca9531148f8521ULL, 0xb8d198138481c348ULL, + 0x8988f9b2d350b7fcULL, 0xb9e11c8d996aa839ULL, + 0x5a4673e40c8e881fULL, 0x1687977683569978ULL, + 0xbf4123eed72acf02ULL, 0x4ea1f1b3b513c785ULL, + 0xe767452be16f91ffULL, 0x7505d1b730021a7cULL, + 0xa59bca5ec8fc980cULL, 0xad069eda20f7e7a3ULL, + 0x38f4b1bba231606aULL, 0x60d2d77e94743e97ULL, + 0x9affc0183966f42cULL, 0x248e6768f3a7505fULL, + 0xcdd449a4b483d934ULL, 0x87b59255751baf68ULL, + 0x1bea6d2e023d3c7fULL, 0x6b1f12455b5ffcabULL, + 0x743555292de9710dULL, 0xd8034f6d10f5fddfULL, + 0xc6198c9f7ba81b08ULL, 0xbb8109aca3a17edbULL, + 0xfa2d1766ad12cabbULL, 0xc729080166437079ULL, + 0x9c5fff7b77269317ULL, 0x0000000000000000ULL, + 0x15d706c9a47624ebULL, 0x6fdf38072fd44d72ULL, + 0x5fb6dd3865ee52b7ULL, 0xa33bf53d86bcff37ULL, + 0xe657c1b5fc84fa8eULL, 0xaa962527735cebe9ULL, + 0x39c43525bfda0b1bULL, 0x204e4d2a872ce186ULL, + 0x7a083ece8ba26999ULL, 0x554b9c9db72efbfaULL, + 0xb22cd9b656416a05ULL, 0x96a2bedea5e63a5aULL, + 0x802529a826b0a322ULL, 0x8115ad363b5bc853ULL, + 0x8375b81701901eb1ULL, 0x3069e53f4a3a1fc5ULL, + 0xbd2136cfede119e0ULL, 0x18bafc91251d81ecULL, + 0x1d4a524d4c7d5b44ULL, 0x05f0aedc6960daa8ULL, + 0x29e39d3072ccf558ULL, 0x70f57f6b5962c0d4ULL, + 0x989fd53903ad22ceULL, 0xf84d024797d91c59ULL, + 0x547b1803aac5908bULL, 0xf0d056c37fd263f6ULL, + 0xd56eb535919e58d8ULL, 0x1c7ad6d351963035ULL, + 0x2e7326cd2167f912ULL, 0xac361a443d1c8cd2ULL, + 0x697f076461942a49ULL, 0x4b515f6fdc731d2dULL, + 0x8ad8680df4700a6fULL, 0x41ac1eca0eb3b460ULL, + 0x7d988533d80965d3ULL, 0xa8f6300649973d0bULL, + 0x7765c4960ac9cc9eULL, 0x7ca801adc5e20ea2ULL, + 0xdea3700e5eb59ae4ULL, 0xa06b6482a19c42a4ULL, + 0x6a2f96db46b497daULL, 0x27def6d7d487edccULL, + 0x463ca5375d18b82aULL, 0xa6cb5be1efdc259fULL, + 0x53eba3fef96e9cc1ULL, 0xce84d81b93a364a7ULL, + 0xf4107c810b59d22fULL, 0x333974806d1aa256ULL, + 0x0f0def79bba073e5ULL, 0x231edc95a00c5c15ULL, + 0xe437d494c64f2c6cULL, 0x91320523f64d3610ULL, + 0x67426c83c7df32ddULL, 0x6eefbc99323f2603ULL, + 0x9d6f7be56acdf866ULL, 0x5916e25b2bae358cULL, + 0x7ff89012e2c2b331ULL, 0x035091bf2720bd93ULL, + 0x561b0d22900e4669ULL, 0x28d319ae6f279e29ULL, + 0x2f43a2533c8c9263ULL, 0xd09e1be9f8fe8270ULL, + 0xf740ed3e2c796fbcULL, 0xdb53ded237d5404cULL, + 0x62b2c25faebfe875ULL, 0x0afd41a5d2c0a94dULL, + 0x6412fd3ce0ff8f4eULL, 0xe3a76f6995e42026ULL, + 0x6c8fa9b808f4f0e1ULL, 0xc2d9a6dd0f23aad1ULL, + 0x8f28c6d19d10d0c7ULL, 0x85d587744fd0798aULL, + 0xa20b71a39b579446ULL, 0x684f83fa7c7f4138ULL, + 0xe507500adba4471dULL, 0x3f640a46f19a6c20ULL, + 0x1247bd34f7dd28a1ULL, 0x2d23b77206474481ULL, + 0x93521002cc86e0f2ULL, 0x572b89bc8de52d18ULL, + 0xfb1d93f8b0f9a1caULL, 0xe95a2ecc4724896bULL, + 0x3ba420048511ddf9ULL, 0xd63e248ab6bee54bULL, + 0x5dd6c8195f258455ULL, 0x06a03f634e40673bULL, + 0x1f2a476c76b68da6ULL, 0x217ec9b49ac78af7ULL, + 0xecaa80102e4453c3ULL, 0x14e78257b99d4f9aULL }, + /* 3 */ + { 0x20329b2cc87bba05ULL, 0x4f5eb6f86546a531ULL, + 0xd4f44775f751b6b1ULL, 0x8266a47b850dfa8bULL, + 0xbb986aa15a6ca985ULL, 0xc979eb08f9ae0f99ULL, + 0x2da6f447a2375ea1ULL, 0x1e74275dcd7d8576ULL, + 0xbc20180a800bc5f8ULL, 0xb4a2f701b2dc65beULL, + 0xe726946f981b6d66ULL, 0x48e6c453bf21c94cULL, + 0x42cad9930f0a4195ULL, 0xefa47b64aacccd20ULL, + 0x71180a8960409a42ULL, 0x8bb3329bf6a44e0cULL, + 0xd34c35de2d36daccULL, 0xa92f5b7cbc23dc96ULL, + 0xb31a85aa68bb09c3ULL, 0x13e04836a73161d2ULL, + 0xb24dfc4129c51d02ULL, 0x8ae44b70b7da5acdULL, + 0xe671ed84d96579a7ULL, 0xa4bb3417d66f3832ULL, + 0x4572ab38d56d2de8ULL, 0xb1b47761ea47215cULL, + 0xe81c09cf70aba15dULL, 0xffbdb872ce7f90acULL, + 0xa8782297fd5dc857ULL, 0x0d946f6b6a4ce4a4ULL, + 0xe4df1f4f5b995138ULL, 0x9ebc71edca8c5762ULL, + 0x0a2c1dc0b02b88d9ULL, 0x3b503c115d9d7b91ULL, + 0xc64376a8111ec3a2ULL, 0xcec199a323c963e4ULL, + 0xdc76a87ec58616f7ULL, 0x09d596e073a9b487ULL, + 0x14583a9d7d560dafULL, 0xf4c6dc593f2a0cb4ULL, + 0xdd21d19584f80236ULL, 0x4a4836983ddde1d3ULL, + 0xe58866a41ae745f9ULL, 0xf591a5b27e541875ULL, + 0x891dc05074586693ULL, 0x5b068c651810a89eULL, + 0xa30346bc0c08544fULL, 0x3dbf3751c684032dULL, + 0x2a1e86ec785032dcULL, 0xf73f5779fca830eaULL, + 0xb60c05ca30204d21ULL, 0x0cc316802b32f065ULL, + 0x8770241bdd96be69ULL, 0xb861e18199ee95dbULL, + 0xf805cad91418fcd1ULL, 0x29e70dccbbd20e82ULL, + 0xc7140f435060d763ULL, 0x0f3a9da0e8b0cc3bULL, + 0xa2543f574d76408eULL, 0xbd7761e1c175d139ULL, + 0x4b1f4f737ca3f512ULL, 0x6dc2df1f2fc137abULL, + 0xf1d05c3967b14856ULL, 0xa742bf3715ed046cULL, + 0x654030141d1697edULL, 0x07b872abda676c7dULL, + 0x3ce84eba87fa17ecULL, 0xc1fb0403cb79afdfULL, + 0x3e46bc7105063f73ULL, 0x278ae987121cd678ULL, + 0xa1adb4778ef47cd0ULL, 0x26dd906c5362c2b9ULL, + 0x05168060589b44e2ULL, 0xfbfc41f9d79ac08fULL, + 0x0e6de44ba9ced8faULL, 0x9feb08068bf243a3ULL, + 0x7b341749d06b129bULL, 0x229c69e74a87929aULL, + 0xe09ee6c4427c011bULL, 0x5692e30e725c4c3aULL, + 0xda99a33e5e9f6e4bULL, 0x353dd85af453a36bULL, + 0x25241b4c90e0fee7ULL, 0x5de987258309d022ULL, + 0xe230140fc0802984ULL, 0x93281e86a0c0b3c6ULL, + 0xf229d719a4337408ULL, 0x6f6c2dd4ad3d1f34ULL, + 0x8ea5b2fbae3f0aeeULL, 0x8331dd90c473ee4aULL, + 0x346aa1b1b52db7aaULL, 0xdf8f235e06042aa9ULL, + 0xcc6f6b68a1354b7bULL, 0x6c95a6f46ebf236aULL, + 0x52d31a856bb91c19ULL, 0x1a35ded6d498d555ULL, + 0xf37eaef2e54d60c9ULL, 0x72e181a9a3c2a61cULL, + 0x98537aad51952fdeULL, 0x16f6c856ffaa2530ULL, + 0xd960281e9d1d5215ULL, 0x3a0745fa1ce36f50ULL, + 0x0b7b642bf1559c18ULL, 0x59a87eae9aec8001ULL, + 0x5e100c05408bec7cULL, 0x0441f98b19e55023ULL, + 0xd70dcc5534d38aefULL, 0x927f676de1bea707ULL, + 0x9769e70db925e3e5ULL, 0x7a636ea29115065aULL, + 0x468b201816ef11b6ULL, 0xab81a9b73edff409ULL, + 0xc0ac7de88a07bb1eULL, 0x1f235eb68c0391b7ULL, + 0x6056b074458dd30fULL, 0xbe8eeac102f7ed67ULL, + 0xcd381283e04b5fbaULL, 0x5cbefecec277c4e3ULL, + 0xd21b4c356c48ce0dULL, 0x1019c31664b35d8cULL, + 0x247362a7d19eea26ULL, 0xebe582efb3299d03ULL, + 0x02aef2cb82fc289fULL, 0x86275df09ce8aaa8ULL, + 0x28b07427faac1a43ULL, 0x38a9b7319e1f47cfULL, + 0xc82e92e3b8d01b58ULL, 0x06ef0b409b1978bcULL, + 0x62f842bfc771fb90ULL, 0x9904034610eb3b1fULL, + 0xded85ab5477a3e68ULL, 0x90d195a663428f98ULL, + 0x5384636e2ac708d8ULL, 0xcbd719c37b522706ULL, + 0xae9729d76644b0ebULL, 0x7c8c65e20a0c7ee6ULL, + 0x80c856b007f1d214ULL, 0x8c0b40302cc32271ULL, + 0xdbcedad51fe17a8aULL, 0x740e8ae938dbdea0ULL, + 0xa615c6dc549310adULL, 0x19cc55f6171ae90bULL, + 0x49b1bdb8fe5fdd8dULL, 0xed0a89af2830e5bfULL, + 0x6a7aadb4f5a65bd6ULL, 0x7e22972988f05679ULL, + 0xf952b3325566e810ULL, 0x39fecedadf61530eULL, + 0x6101c99f04f3c7ceULL, 0x2e5f7f6761b562ffULL, + 0xf08725d226cf5c97ULL, 0x63af3b54860fef51ULL, + 0x8ff2cb10ef411e2fULL, 0x884ab9bb35267252ULL, + 0x4df04433e7ba8daeULL, 0x9afd8866d3690741ULL, + 0x66b9bb34de94abb3ULL, 0x9baaf18d92171380ULL, + 0x543c11c5f0a064a5ULL, 0x17a1b1bdbed431f1ULL, + 0xb5f58eeaf3a2717fULL, 0xc355f6c849858740ULL, + 0xec5df044694ef17eULL, 0xd83751f5dc6346d4ULL, + 0xfc4433520dfdacf2ULL, 0x0000000000000000ULL, + 0x5a51f58e596ebc5fULL, 0x3285aaf12e34cf16ULL, + 0x8d5c39db6dbd36b0ULL, 0x12b731dde64f7513ULL, + 0x94906c2d7aa7dfbbULL, 0x302b583aacc8e789ULL, + 0x9d45facd090e6b3cULL, 0x2165e2c78905aec4ULL, + 0x68d45f7f775a7349ULL, 0x189b2c1d5664fdcaULL, + 0xe1c99f2f030215daULL, 0x6983269436246788ULL, + 0x8489af3b1e148237ULL, 0xe94b702431d5b59cULL, + 0x33d2d31a6f4adbd7ULL, 0xbfd9932a4389f9a6ULL, + 0xb0e30e8aab39359dULL, 0xd1e2c715afcaf253ULL, + 0x150f43763c28196eULL, 0xc4ed846393e2eb3dULL, + 0x03f98b20c3823c5eULL, 0xfd134ab94c83b833ULL, + 0x556b682eb1de7064ULL, 0x36c4537a37d19f35ULL, + 0x7559f30279a5ca61ULL, 0x799ae58252973a04ULL, + 0x9c12832648707ffdULL, 0x78cd9c6913e92ec5ULL, + 0x1d8dac7d0effb928ULL, 0x439da0784e745554ULL, + 0x413352b3cc887dcbULL, 0xbacf134a1b12bd44ULL, + 0x114ebafd25cd494dULL, 0x2f08068c20cb763eULL, + 0x76a07822ba27f63fULL, 0xeab2fb04f25789c2ULL, + 0xe3676de481fe3d45ULL, 0x1b62a73d95e6c194ULL, + 0x641749ff5c68832cULL, 0xa5ec4dfc97112cf3ULL, + 0xf6682e92bdd6242bULL, 0x3f11c59a44782bb2ULL, + 0x317c21d1edb6f348ULL, 0xd65ab5be75ad9e2eULL, + 0x6b2dd45fb4d84f17ULL, 0xfaab381296e4d44eULL, + 0xd0b5befeeeb4e692ULL, 0x0882ef0b32d7a046ULL, + 0x512a91a5a83b2047ULL, 0x963e9ee6f85bf724ULL, + 0x4e09cf132438b1f0ULL, 0x77f701c9fb59e2feULL, + 0x7ddb1c094b726a27ULL, 0x5f4775ee01f5f8bdULL, + 0x9186ec4d223c9b59ULL, 0xfeeac1998f01846dULL, + 0xac39db1ce4b89874ULL, 0xb75b7c21715e59e0ULL, + 0xafc0503c273aa42aULL, 0x6e3b543fec430bf5ULL, + 0x704f7362213e8e83ULL, 0x58ff0745db9294c0ULL, + 0x67eec2df9feabf72ULL, 0xa0facd9ccf8a6811ULL, + 0xb936986ad890811aULL, 0x95c715c63bd9cb7aULL, + 0xca8060283a2c33c7ULL, 0x507de84ee9453486ULL, + 0x85ded6d05f6a96f6ULL, 0x1cdad5964f81ade9ULL, + 0xd5a33e9eb62fa270ULL, 0x40642b588df6690aULL, + 0x7f75eec2c98e42b8ULL, 0x2cf18dace3494a60ULL, + 0x23cb100c0bf9865bULL, 0xeef3028febb2d9e1ULL, + 0x4425d2d394133929ULL, 0xaad6d05c7fa1e0c8ULL, + 0xad6ea2f7a5c68cb5ULL, 0xc2028f2308fb9381ULL, + 0x819f2f5b468fc6d5ULL, 0xc5bafd88d29cfffcULL, + 0x47dc59f357910577ULL, 0x2b49ff07392e261dULL, + 0x57c59ae5332258fbULL, 0x73b6f842e2bcb2ddULL, + 0xcf96e04862b77725ULL, 0x4ca73dd8a6c4996fULL, + 0x015779eb417e14c1ULL, 0x37932a9176af8bf4ULL }, + /* 4 */ + { 0x190a2c9b249df23eULL, 0x2f62f8b62263e1e9ULL, + 0x7a7f754740993655ULL, 0x330b7ba4d5564d9fULL, + 0x4c17a16a46672582ULL, 0xb22f08eb7d05f5b8ULL, + 0x535f47f40bc148ccULL, 0x3aec5d27d4883037ULL, + 0x10ed0a1825438f96ULL, 0x516101f72c233d17ULL, + 0x13cc6f949fd04eaeULL, 0x739853c441474bfdULL, + 0x653793d90d3f5b1bULL, 0x5240647b96b0fc2fULL, + 0x0c84890ad27623e0ULL, 0xd7189b32703aaea3ULL, + 0x2685de3523bd9c41ULL, 0x99317c5b11bffefaULL, + 0x0d9baa854f079703ULL, 0x70b93648fbd48ac5ULL, + 0xa80441fce30bc6beULL, 0x7287704bdc36ff1eULL, + 0xb65384ed33dc1f13ULL, 0xd36417343ee34408ULL, + 0x39cd38ab6e1bf10fULL, 0x5ab861770a1f3564ULL, + 0x0ebacf09f594563bULL, 0xd04572b884708530ULL, + 0x3cae9722bdb3af47ULL, 0x4a556b6f2f5cbaf2ULL, + 0xe1704f1f76c4bd74ULL, 0x5ec4ed7144c6dfcfULL, + 0x16afc01d4c7810e6ULL, 0x283f113cd629ca7aULL, + 0xaf59a8761741ed2dULL, 0xeed5a3991e215facULL, + 0x3bf37ea849f984d4ULL, 0xe413e096a56ce33cULL, + 0x2c439d3a98f020d1ULL, 0x637559dc6404c46bULL, + 0x9e6c95d1e5f5d569ULL, 0x24bb9836045fe99aULL, + 0x44efa466dac8ecc9ULL, 0xc6eab2a5c80895d6ULL, + 0x803b50c035220cc4ULL, 0x0321658cba93c138ULL, + 0x8f9ebc465dc7ee1cULL, 0xd15a5137190131d3ULL, + 0x0fa5ec8668e5e2d8ULL, 0x91c979578d1037b1ULL, + 0x0642ca05693b9f70ULL, 0xefca80168350eb4fULL, + 0x38d21b24f36a45ecULL, 0xbeab81e1af73d658ULL, + 0x8cbfd9cae7542f24ULL, 0xfd19cc0d81f11102ULL, + 0x0ac6430fbb4dbc90ULL, 0x1d76a09d6a441895ULL, + 0x2a01573ff1cbbfa1ULL, 0xb572e161894fde2bULL, + 0x8124734fa853b827ULL, 0x614b1fdf43e6b1b0ULL, + 0x68ac395c4238cc18ULL, 0x21d837bfd7f7b7d2ULL, + 0x20c714304a860331ULL, 0x5cfaab726324aa14ULL, + 0x74c5ba4eb50d606eULL, 0xf3a3030474654739ULL, + 0x23e671bcf015c209ULL, 0x45f087e947b9582aULL, + 0xd8bd77b418df4c7bULL, 0xe06f6c90ebb50997ULL, + 0x0bd96080263c0873ULL, 0x7e03f9410e40dcfeULL, + 0xb8e94be4c6484928ULL, 0xfb5b0608e8ca8e72ULL, + 0x1a2b49179e0e3306ULL, 0x4e29e76961855059ULL, + 0x4f36c4e6fcf4e4baULL, 0x49740ee395cf7bcaULL, + 0xc2963ea386d17f7dULL, 0x90d65ad810618352ULL, + 0x12d34c1b02a1fa4dULL, 0xfa44258775bb3a91ULL, + 0x18150f14b9ec46ddULL, 0x1491861e6b9a653dULL, + 0x9a1019d7ab2c3fc2ULL, 0x3668d42d06fe13d7ULL, + 0xdcc1fbb25606a6d0ULL, 0x969490dd795a1c22ULL, + 0x3549b1a1bc6dd2efULL, 0xc94f5e23a0ed770eULL, + 0xb9f6686b5b39fdcbULL, 0xc4d4f4a6efeae00dULL, + 0xe732851a1fff2204ULL, 0x94aad6de5eb869f9ULL, + 0x3f8ff2ae07206e7fULL, 0xfe38a9813b62d03aULL, + 0xa7a1ad7a8bee2466ULL, 0x7b6056c8dde882b6ULL, + 0x302a1e286fc58ca7ULL, 0x8da0fa457a259bc7ULL, + 0xb3302b64e074415bULL, 0x5402ae7eff8b635fULL, + 0x08f8050c9cafc94bULL, 0xae468bf98a3059ceULL, + 0x88c355cca98dc58fULL, 0xb10e6d67c7963480ULL, + 0xbad70de7e1aa3cf3ULL, 0xbfb4a26e320262bbULL, + 0xcb711820870f02d5ULL, 0xce12b7a954a75c9dULL, + 0x563ce87dd8691684ULL, 0x9f73b65e7884618aULL, + 0x2b1e74b06cba0b42ULL, 0x47cec1ea605b2df1ULL, + 0x1c698312f735ac76ULL, 0x5fdbcefed9b76b2cULL, + 0x831a354c8fb1cdfcULL, 0x820516c312c0791fULL, + 0xb74ca762aeadabf0ULL, 0xfc06ef821c80a5e1ULL, + 0x5723cbf24518a267ULL, 0x9d4df05d5f661451ULL, + 0x588627742dfd40bfULL, 0xda8331b73f3d39a0ULL, + 0x17b0e392d109a405ULL, 0xf965400bcf28fba9ULL, + 0x7c3dbf4229a2a925ULL, 0x023e460327e275dbULL, + 0x6cd0b55a0ce126b3ULL, 0xe62da695828e96e7ULL, + 0x42ad6e63b3f373b9ULL, 0xe50cc319381d57dfULL, + 0xc5cbd729729b54eeULL, 0x46d1e265fd2a9912ULL, + 0x6428b056904eeff8ULL, 0x8be23040131e04b7ULL, + 0x6709d5da2add2ec0ULL, 0x075de98af44a2b93ULL, + 0x8447dcc67bfbe66fULL, 0x6616f655b7ac9a23ULL, + 0xd607b8bded4b1a40ULL, 0x0563af89d3a85e48ULL, + 0x3db1b4ad20c21ba4ULL, 0x11f22997b8323b75ULL, + 0x292032b34b587e99ULL, 0x7f1cdace9331681dULL, + 0x8e819fc9c0b65affULL, 0xa1e3677fe2d5bb16ULL, + 0xcd33d225ee349da5ULL, 0xd9a2543b85aef898ULL, + 0x795e10cbfa0af76dULL, 0x25a4bbb9992e5d79ULL, + 0x78413344677b438eULL, 0xf0826688cef68601ULL, + 0xd27b34bba392f0ebULL, 0x551d8df162fad7bcULL, + 0x1e57c511d0d7d9adULL, 0xdeffbdb171e4d30bULL, + 0xf4feea8e802f6caaULL, 0xa480c8f6317de55eULL, + 0xa0fc44f07fa40ff5ULL, 0x95b5f551c3c9dd1aULL, + 0x22f952336d6476eaULL, 0x0000000000000000ULL, + 0xa6be8ef5169f9085ULL, 0xcc2cf1aa73452946ULL, + 0x2e7ddb39bf12550aULL, 0xd526dd3157d8db78ULL, + 0x486b2d6c08becf29ULL, 0x9b0f3a58365d8b21ULL, + 0xac78cdfaadd22c15ULL, 0xbc95c7e28891a383ULL, + 0x6a927f5f65dab9c3ULL, 0xc3891d2c1ba0cb9eULL, + 0xeaa92f9f50f8b507ULL, 0xcf0d9426c9d6e87eULL, + 0xca6e3baf1a7eb636ULL, 0xab25247059980786ULL, + 0x69b31ad3df4978fbULL, 0xe2512a93cc577c4cULL, + 0xff278a0ea61364d9ULL, 0x71a615c766a53e26ULL, + 0x89dc764334fc716cULL, 0xf87a638452594f4aULL, + 0xf2bc208be914f3daULL, 0x8766b94ac1682757ULL, + 0xbbc82e687cdb8810ULL, 0x626a7a53f9757088ULL, + 0xa2c202f358467a2eULL, 0x4d0882e5db169161ULL, + 0x09e7268301de7da8ULL, 0xe897699c771ac0dcULL, + 0xc8507dac3d9cc3edULL, 0xc0a878a0a1330aa6ULL, + 0x978bb352e42ba8c1ULL, 0xe9884a13ea6b743fULL, + 0x279afdbabecc28a2ULL, 0x047c8c064ed9eaabULL, + 0x507e2278b15289f4ULL, 0x599904fbb08cf45cULL, + 0xbd8ae46d15e01760ULL, 0x31353da7f2b43844ULL, + 0x8558ff49e68a528cULL, 0x76fbfc4d92ef15b5ULL, + 0x3456922e211c660cULL, 0x86799ac55c1993b4ULL, + 0x3e90d1219a51da9cULL, 0x2d5cbeb505819432ULL, + 0x982e5fd48cce4a19ULL, 0xdb9c1238a24c8d43ULL, + 0xd439febecaa96f9bULL, 0x418c0bef0960b281ULL, + 0x158ea591f6ebd1deULL, 0x1f48e69e4da66d4eULL, + 0x8afd13cf8e6fb054ULL, 0xf5e1c9011d5ed849ULL, + 0xe34e091c5126c8afULL, 0xad67ee7530a398f6ULL, + 0x43b24dec2e82c75aULL, 0x75da99c1287cd48dULL, + 0x92e81cdb3783f689ULL, 0xa3dd217cc537cecdULL, + 0x60543c50de970553ULL, 0x93f73f54aaf2426aULL, + 0xa91b62737e7a725dULL, 0xf19d4507538732e2ULL, + 0x77e4dfc20f9ea156ULL, 0x7d229ccdb4d31dc6ULL, + 0x1b346a98037f87e5ULL, 0xedf4c615a4b29e94ULL, + 0x4093286094110662ULL, 0xb0114ee85ae78063ULL, + 0x6ff1d0d6b672e78bULL, 0x6dcf96d591909250ULL, + 0xdfe09e3eec9567e8ULL, 0x3214582b4827f97cULL, + 0xb46dc2ee143e6ac8ULL, 0xf6c0ac8da7cd1971ULL, + 0xebb60c10cd8901e4ULL, 0xf7df8f023abcad92ULL, + 0x9c52d3d2c217a0b2ULL, 0x6b8d5cd0f8ab0d20ULL, + 0x3777f7a29b8fa734ULL, 0x011f238f9d71b4e3ULL, + 0xc1b75b2f3c42be45ULL, 0x5de588fdfe551ef7ULL, + 0x6eeef3592b035368ULL, 0xaa3a07ffc4e9b365ULL, + 0xecebe59a39c32a77ULL, 0x5ba742f8976e8187ULL, + 0x4b4a48e0b22d0e11ULL, 0xddded83dcb771233ULL, + 0xa59feb79ac0c51bdULL, 0xc7f5912a55792135ULL }, + /* 5 */ + { 0x6d6ae04668a9b08aULL, 0x3ab3f04b0be8c743ULL, + 0xe51e166b54b3c908ULL, 0xbe90a9eb35c2f139ULL, + 0xb2c7066637f2bec1ULL, 0xaa6945613392202cULL, + 0x9a28c36f3b5201ebULL, 0xddce5a93ab536994ULL, + 0x0e34133ef6382827ULL, 0x52a02ba1ec55048bULL, + 0xa2f88f97c4b2a177ULL, 0x8640e513ca2251a5ULL, + 0xcdf1d36258137622ULL, 0xfe6cb708dedf8ddbULL, + 0x8a174a9ec8121e5dULL, 0x679896036b81560eULL, + 0x59ed033395795feeULL, 0x1dd778ab8b74edafULL, + 0xee533ef92d9f926dULL, 0x2a8c79baf8a8d8f5ULL, + 0x6bcf398e69b119f6ULL, 0xe20491742fafdd95ULL, + 0x276488e0809c2aecULL, 0xea955b82d88f5cceULL, + 0x7102c63a99d9e0c4ULL, 0xf9763017a5c39946ULL, + 0x429fa2501f151b3dULL, 0x4659c72bea05d59eULL, + 0x984b7fdccf5a6634ULL, 0xf742232953fbb161ULL, + 0x3041860e08c021c7ULL, 0x747bfd9616cd9386ULL, + 0x4bb1367192312787ULL, 0x1b72a1638a6c44d3ULL, + 0x4a0e68a6e8359a66ULL, 0x169a5039f258b6caULL, + 0xb98a2ef44edee5a4ULL, 0xd9083fe85e43a737ULL, + 0x967f6ce239624e13ULL, 0x8874f62d3c1a7982ULL, + 0x3c1629830af06e3fULL, 0x9165ebfd427e5a8eULL, + 0xb5dd81794ceeaa5cULL, 0x0de8f15a7834f219ULL, + 0x70bd98ede3dd5d25ULL, 0xaccc9ca9328a8950ULL, + 0x56664eda1945ca28ULL, 0x221db34c0f8859aeULL, + 0x26dbd637fa98970dULL, 0x1acdffb4f068f932ULL, + 0x4585254f64090fa0ULL, 0x72de245e17d53afaULL, + 0x1546b25d7c546cf4ULL, 0x207e0ffffb803e71ULL, + 0xfaaad2732bcf4378ULL, 0xb462dfae36ea17bdULL, + 0xcf926fd1ac1b11fdULL, 0xe0672dc7dba7ba4aULL, + 0xd3fa49ad5d6b41b3ULL, 0x8ba81449b216a3bcULL, + 0x14f9ec8a0650d115ULL, 0x40fc1ee3eb1d7ce2ULL, + 0x23a2ed9b758ce44fULL, 0x782c521b14fddc7eULL, + 0x1c68267cf170504eULL, 0xbcf31558c1ca96e6ULL, + 0xa781b43b4ba6d235ULL, 0xf6fd7dfe29ff0c80ULL, + 0xb0a4bad5c3fad91eULL, 0xd199f51ea963266cULL, + 0x414340349119c103ULL, 0x5405f269ed4dadf7ULL, + 0xabd61bb649969dcdULL, 0x6813dbeae7bdc3c8ULL, + 0x65fb2ab09f8931d1ULL, 0xf1e7fae152e3181dULL, + 0xc1a67cef5a2339daULL, 0x7a4feea8e0f5bba1ULL, + 0x1e0b9acf05783791ULL, 0x5b8ebf8061713831ULL, + 0x80e53cdbcb3af8d9ULL, 0x7e898bd315e57502ULL, + 0xc6bcfbf0213f2d47ULL, 0x95a38e86b76e942dULL, + 0x092e94218d243cbaULL, 0x8339debf453622e7ULL, + 0xb11be402b9fe64ffULL, 0x57d9100d634177c9ULL, + 0xcc4e8db52217cbc3ULL, 0x3b0cae9c71ec7aa2ULL, + 0xfb158ca451cbfe99ULL, 0x2b33276d82ac6514ULL, + 0x01bf5ed77a04bde1ULL, 0xc5601994af33f779ULL, + 0x75c4a3416cc92e67ULL, 0xf3844652a6eb7fc2ULL, + 0x3487e375fdd0ef64ULL, 0x18ae430704609eedULL, + 0x4d14efb993298efbULL, 0x815a620cb13e4538ULL, + 0x125c354207487869ULL, 0x9eeea614ce42cf48ULL, + 0xce2d3106d61fac1cULL, 0xbbe99247bad6827bULL, + 0x071a871f7b1c149dULL, 0x2e4a1cc10db81656ULL, + 0x77a71ff298c149b8ULL, 0x06a5d9c80118a97cULL, + 0xad73c27e488e34b1ULL, 0x443a7b981e0db241ULL, + 0xe3bbcfa355ab6074ULL, 0x0af276450328e684ULL, + 0x73617a896dd1871bULL, 0x58525de4ef7de20fULL, + 0xb7be3dcab8e6cd83ULL, 0x19111dd07e64230cULL, + 0x842359a03e2a367aULL, 0x103f89f1f3401fb6ULL, + 0xdc710444d157d475ULL, 0xb835702334da5845ULL, + 0x4320fc876511a6dcULL, 0xd026abc9d3679b8dULL, + 0x17250eee885c0b2bULL, 0x90dab52a387ae76fULL, + 0x31fed8d972c49c26ULL, 0x89cba8fa461ec463ULL, + 0x2ff5421677bcabb7ULL, 0x396f122f85e41d7dULL, + 0xa09b332430bac6a8ULL, 0xc888e8ced7070560ULL, + 0xaeaf201ac682ee8fULL, 0x1180d7268944a257ULL, + 0xf058a43628e7a5fcULL, 0xbd4c4b8fbbce2b07ULL, + 0xa1246df34abe7b49ULL, 0x7d5569b79be9af3cULL, + 0xa9b5a705bd9efa12ULL, 0xdb6b835baa4bc0e8ULL, + 0x05793bac8f147342ULL, 0x21c1512881848390ULL, + 0xfdb0556c50d357e5ULL, 0x613d4fcb6a99ff72ULL, + 0x03dce2648e0cda3eULL, 0xe949b9e6568386f0ULL, + 0xfc0f0bbb2ad7ea04ULL, 0x6a70675913b5a417ULL, + 0x7f36d5046fe1c8e3ULL, 0x0c57af8d02304ff8ULL, + 0x32223abdfcc84618ULL, 0x0891caf6f720815bULL, + 0xa63eeaec31a26fd4ULL, 0x2507345374944d33ULL, + 0x49d28ac266394058ULL, 0xf5219f9aa7f3d6beULL, + 0x2d96fea583b4cc68ULL, 0x5a31e1571b7585d0ULL, + 0x8ed12fe53d02d0feULL, 0xdfade6205f5b0e4bULL, + 0x4cabb16ee92d331aULL, 0x04c6657bf510cea3ULL, + 0xd73c2cd6a87b8f10ULL, 0xe1d87310a1a307abULL, + 0x6cd5be9112ad0d6bULL, 0x97c032354366f3f2ULL, + 0xd4e0ceb22677552eULL, 0x0000000000000000ULL, + 0x29509bde76a402cbULL, 0xc27a9e8bd42fe3e4ULL, + 0x5ef7842cee654b73ULL, 0xaf107ecdbc86536eULL, + 0x3fcacbe784fcb401ULL, 0xd55f90655c73e8cfULL, + 0xe6c2f40fdabf1336ULL, 0xe8f6e7312c873b11ULL, + 0xeb2a0555a28be12fULL, 0xe4a148bc2eb774e9ULL, + 0x9b979db84156bc0aULL, 0x6eb60222e6a56ab4ULL, + 0x87ffbbc4b026ec44ULL, 0xc703a5275b3b90a6ULL, + 0x47e699fc9001687fULL, 0x9c8d1aa73a4aa897ULL, + 0x7cea3760e1ed12ddULL, 0x4ec80ddd1d2554c5ULL, + 0x13e36b957d4cc588ULL, 0x5d2b66486069914dULL, + 0x92b90999cc7280b0ULL, 0x517cc9c56259deb5ULL, + 0xc937b619ad03b881ULL, 0xec30824ad997f5b2ULL, + 0xa45d565fc5aa080bULL, 0xd6837201d27f32f1ULL, + 0x635ef3789e9198adULL, 0x531f75769651b96aULL, + 0x4f77530a6721e924ULL, 0x486dd4151c3dfdb9ULL, + 0x5f48dafb9461f692ULL, 0x375b011173dc355aULL, + 0x3da9775470f4d3deULL, 0x8d0dcd81b30e0ac0ULL, + 0x36e45fc609d888bbULL, 0x55baacbe97491016ULL, + 0x8cb29356c90ab721ULL, 0x76184125e2c5f459ULL, + 0x99f4210bb55edbd5ULL, 0x6f095cf59ca1d755ULL, + 0x9f51f8c3b44672a9ULL, 0x3538bda287d45285ULL, + 0x50c39712185d6354ULL, 0xf23b1885dcefc223ULL, + 0x79930ccc6ef9619fULL, 0xed8fdc9da3934853ULL, + 0xcb540aaa590bdf5eULL, 0x5c94389f1a6d2cacULL, + 0xe77daad8a0bbaed7ULL, 0x28efc5090ca0bf2aULL, + 0xbf2ff73c4fc64cd8ULL, 0xb37858b14df60320ULL, + 0xf8c96ec0dfc724a7ULL, 0x828680683f329f06ULL, + 0x941cd051cd6a29ccULL, 0xc3c5c05cae2b5e05ULL, + 0xb601631dc2e27062ULL, 0xc01922382027843bULL, + 0x24b86a840e90f0d2ULL, 0xd245177a276ffc52ULL, + 0x0f8b4de98c3c95c6ULL, 0x3e759530fef809e0ULL, + 0x0b4d2892792c5b65ULL, 0xc4df4743d5374a98ULL, + 0xa5e20888bfaeb5eaULL, 0xba56cc90c0d23f9aULL, + 0x38d04cf8ffe0a09cULL, 0x62e1adafe495254cULL, + 0x0263bcb3f40867dfULL, 0xcaeb547d230f62bfULL, + 0x6082111c109d4293ULL, 0xdad4dd8cd04f7d09ULL, + 0xefec602e579b2f8cULL, 0x1fb4c4187f7c8a70ULL, + 0xffd3e9dfa4db303aULL, 0x7bf0b07f9af10640ULL, + 0xf49ec14dddf76b5fULL, 0x8f6e713247066d1fULL, + 0x339d646a86ccfbf9ULL, 0x64447467e58d8c30ULL, + 0x2c29a072f9b07189ULL, 0xd8b7613f24471ad6ULL, + 0x6627c8d41185ebefULL, 0xa347d140beb61c96ULL, + 0xde12b8f7255fb3aaULL, 0x9d324470404e1576ULL, + 0x9306574eb6763d51ULL, 0xa80af9d2c79a47f3ULL, + 0x859c0777442e8b9bULL, 0x69ac853d9db97e29ULL }, + /* 6 */ + { 0xc3407dfc2de6377eULL, 0x5b9e93eea4256f77ULL, + 0xadb58fdd50c845e0ULL, 0x5219ff11a75bed86ULL, + 0x356b61cfd90b1de9ULL, 0xfb8f406e25abe037ULL, + 0x7a5a0231c0f60796ULL, 0x9d3cd216e1f5020bULL, + 0x0c6550fb6b48d8f3ULL, 0xf57508c427ff1c62ULL, + 0x4ad35ffa71cb407dULL, 0x6290a2da1666aa6dULL, + 0xe284ec2349355f9fULL, 0xb3c307c53d7c84ecULL, + 0x05e23c0468365a02ULL, 0x190bac4d6c9ebfa8ULL, + 0x94bbbee9e28b80faULL, 0xa34fc777529cb9b5ULL, + 0xcc7b39f095bcd978ULL, 0x2426addb0ce532e3ULL, + 0x7e79329312ce4fc7ULL, 0xab09a72eebec2917ULL, + 0xf8d15499f6b9d6c2ULL, 0x1a55b8babf8c895dULL, + 0xdb8add17fb769a85ULL, 0xb57f2f368658e81bULL, + 0x8acd36f18f3f41f6ULL, 0x5ce3b7bba50f11d3ULL, + 0x114dcc14d5ee2f0aULL, 0xb91a7fcded1030e8ULL, + 0x81d5425fe55de7a1ULL, 0xb6213bc1554adeeeULL, + 0x80144ef95f53f5f2ULL, 0x1e7688186db4c10cULL, + 0x3b912965db5fe1bcULL, 0xc281715a97e8252dULL, + 0x54a5d7e21c7f8171ULL, 0x4b12535ccbc5522eULL, + 0x1d289cefbea6f7f9ULL, 0x6ef5f2217d2e729eULL, + 0xe6a7dc819b0d17ceULL, 0x1b94b41c05829b0eULL, + 0x33d7493c622f711eULL, 0xdcf7f942fa5ce421ULL, + 0x600fba8b7f7a8ecbULL, 0x46b60f011a83988eULL, + 0x235b898e0dcf4c47ULL, 0x957ab24f588592a9ULL, + 0x4354330572b5c28cULL, 0xa5f3ef84e9b8d542ULL, + 0x8c711e02341b2d01ULL, 0x0b1874ae6a62a657ULL, + 0x1213d8e306fc19ffULL, 0xfe6d7c6a4d9dba35ULL, + 0x65ed868f174cd4c9ULL, 0x88522ea0e6236550ULL, + 0x899322065c2d7703ULL, 0xc01e690bfef4018bULL, + 0x915982ed8abddaf8ULL, 0xbe675b98ec3a4e4cULL, + 0xa996bf7f82f00db1ULL, 0xe1daf8d49a27696aULL, + 0x2effd5d3dc8986e7ULL, 0xd153a51f2b1a2e81ULL, + 0x18caa0ebd690adfbULL, 0x390e3134b243c51aULL, + 0x2778b92cdff70416ULL, 0x029f1851691c24a6ULL, + 0x5e7cafeacc133575ULL, 0xfa4e4cc89fa5f264ULL, + 0x5a5f9f481e2b7d24ULL, 0x484c47ab18d764dbULL, + 0x400a27f2a1a7f479ULL, 0xaeeb9b2a83da7315ULL, + 0x721c626879869734ULL, 0x042330a2d2384851ULL, + 0x85f672fd3765aff0ULL, 0xba446b3a3e02061dULL, + 0x73dd6ecec3888567ULL, 0xffac70ccf793a866ULL, + 0xdfa9edb5294ed2d4ULL, 0x6c6aea7014325638ULL, + 0x834a5a0e8c41c307ULL, 0xcdba35562fb2cb2bULL, + 0x0ad97808d06cb404ULL, 0x0f3b440cb85aee06ULL, + 0xe5f9c876481f213bULL, 0x98deee1289c35809ULL, + 0x59018bbfcd394bd1ULL, 0xe01bf47220297b39ULL, + 0xde68e1139340c087ULL, 0x9fa3ca4788e926adULL, + 0xbb85679c840c144eULL, 0x53d8f3b71d55ffd5ULL, + 0x0da45c5dd146caa0ULL, 0x6f34fe87c72060cdULL, + 0x57fbc315cf6db784ULL, 0xcee421a1fca0fddeULL, + 0x3d2d0196607b8d4bULL, 0x642c8a29ad42c69aULL, + 0x14aff010bdd87508ULL, 0xac74837beac657b3ULL, + 0x3216459ad821634dULL, 0x3fb219c70967a9edULL, + 0x06bc28f3bb246cf7ULL, 0xf2082c9126d562c6ULL, + 0x66b39278c45ee23cULL, 0xbd394f6f3f2878b9ULL, + 0xfd33689d9e8f8cc0ULL, 0x37f4799eb017394fULL, + 0x108cc0b26fe03d59ULL, 0xda4bd1b1417888d6ULL, + 0xb09d1332ee6eb219ULL, 0x2f3ed975668794b4ULL, + 0x58c0871977375982ULL, 0x7561463d78ace990ULL, + 0x09876cff037e82f1ULL, 0x7fb83e35a8c05d94ULL, + 0x26b9b58a65f91645ULL, 0xef20b07e9873953fULL, + 0x3148516d0b3355b8ULL, 0x41cb2b541ba9e62aULL, + 0x790416c613e43163ULL, 0xa011d380818e8f40ULL, + 0x3a5025c36151f3efULL, 0xd57095bdf92266d0ULL, + 0x498d4b0da2d97688ULL, 0x8b0c3a57353153a5ULL, + 0x21c491df64d368e1ULL, 0x8f2f0af5e7091bf4ULL, + 0x2da1c1240f9bb012ULL, 0xc43d59a92ccc49daULL, + 0xbfa6573e56345c1fULL, 0x828b56a8364fd154ULL, + 0x9a41f643e0df7cafULL, 0xbcf843c985266aeaULL, + 0x2b1de9d7b4bfdce5ULL, 0x20059d79dedd7ab2ULL, + 0x6dabe6d6ae3c446bULL, 0x45e81bf6c991ae7bULL, + 0x6351ae7cac68b83eULL, 0xa432e32253b6c711ULL, + 0xd092a9b991143cd2ULL, 0xcac711032e98b58fULL, + 0xd8d4c9e02864ac70ULL, 0xc5fc550f96c25b89ULL, + 0xd7ef8dec903e4276ULL, 0x67729ede7e50f06fULL, + 0xeac28c7af045cf3dULL, 0xb15c1f945460a04aULL, + 0x9cfddeb05bfb1058ULL, 0x93c69abce3a1fe5eULL, + 0xeb0380dc4a4bdd6eULL, 0xd20db1e8f8081874ULL, + 0x229a8528b7c15e14ULL, 0x44291750739fbc28ULL, + 0xd3ccbd4e42060a27ULL, 0xf62b1c33f4ed2a97ULL, + 0x86a8660ae4779905ULL, 0xd62e814a2a305025ULL, + 0x477703a7a08d8addULL, 0x7b9b0e977af815c5ULL, + 0x78c51a60a9ea2330ULL, 0xa6adfb733aaae3b7ULL, + 0x97e5aa1e3199b60fULL, 0x0000000000000000ULL, + 0xf4b404629df10e31ULL, 0x5564db44a6719322ULL, + 0x9207961a59afec0dULL, 0x9624a6b88b97a45cULL, + 0x363575380a192b1cULL, 0x2c60cd82b595a241ULL, + 0x7d272664c1dc7932ULL, 0x7142769faa94a1c1ULL, + 0xa1d0df263b809d13ULL, 0x1630e841d4c451aeULL, + 0xc1df65ad44fa13d8ULL, 0x13d2d445bcf20bacULL, + 0xd915c546926abe23ULL, 0x38cf3d92084dd749ULL, + 0xe766d0272103059dULL, 0xc7634d5effde7f2fULL, + 0x077d2455012a7ea4ULL, 0xedbfa82ff16fb199ULL, + 0xaf2a978c39d46146ULL, 0x42953fa3c8bbd0dfULL, + 0xcb061da59496a7dcULL, 0x25e7a17db6eb20b0ULL, + 0x34aa6d6963050fbaULL, 0xa76cf7d580a4f1e4ULL, + 0xf7ea10954ee338c4ULL, 0xfcf2643b24819e93ULL, + 0xcf252d0746aeef8dULL, 0x4ef06f58a3f3082cULL, + 0x563acfb37563a5d7ULL, 0x5086e740ce47c920ULL, + 0x2982f186dda3f843ULL, 0x87696aac5e798b56ULL, + 0x5d22bb1d1f010380ULL, 0x035e14f7d31236f5ULL, + 0x3cec0d30da759f18ULL, 0xf3c920379cdb7095ULL, + 0xb8db736b571e22bbULL, 0xdd36f5e44052f672ULL, + 0xaac8ab8851e23b44ULL, 0xa857b3d938fe1fe2ULL, + 0x17f1e4e76eca43fdULL, 0xec7ea4894b61a3caULL, + 0x9e62c6e132e734feULL, 0xd4b1991b432c7483ULL, + 0x6ad6c283af163acfULL, 0x1ce9904904a8e5aaULL, + 0x5fbda34c761d2726ULL, 0xf910583f4cb7c491ULL, + 0xc6a241f845d06d7cULL, 0x4f3163fe19fd1a7fULL, + 0xe99c988d2357f9c8ULL, 0x8eee06535d0709a7ULL, + 0x0efa48aa0254fc55ULL, 0xb4be23903c56fa48ULL, + 0x763f52caabbedf65ULL, 0xeee1bcd8227d876cULL, + 0xe345e085f33b4dccULL, 0x3e731561b369bbbeULL, + 0x2843fd2067adea10ULL, 0x2adce5710eb1ceb6ULL, + 0xb7e03767ef44ccbdULL, 0x8db012a48e153f52ULL, + 0x61ceb62dc5749c98ULL, 0xe85d942b9959eb9bULL, + 0x4c6f7709caef2c8aULL, 0x84377e5b8d6bbda3ULL, + 0x30895dcbb13d47ebULL, 0x74a04a9bc2a2fbc3ULL, + 0x6b17ce251518289cULL, 0xe438c4d0f2113368ULL, + 0x1fb784bed7bad35fULL, 0x9b80fae55ad16efcULL, + 0x77fe5e6c11b0cd36ULL, 0xc858095247849129ULL, + 0x08466059b97090a2ULL, 0x01c10ca6ba0e1253ULL, + 0x6988d6747c040c3aULL, 0x6849dad2c60a1e69ULL, + 0x5147ebe67449db73ULL, 0xc99905f4fd8a837aULL, + 0x991fe2b433cd4a5aULL, 0xf09734c04fc94660ULL, + 0xa28ecbd1e892abe6ULL, 0xf1563866f5c75433ULL, + 0x4dae7baf70e13ed9ULL, 0x7ce62ac27bd26b61ULL, + 0x70837a39109ab392ULL, 0x90988e4b30b3c8abULL, + 0xb2020b63877296bfULL, 0x156efcb607d6675bULL }, + /* 7 */ + { 0xe63f55ce97c331d0ULL, 0x25b506b0015bba16ULL, + 0xc8706e29e6ad9ba8ULL, 0x5b43d3775d521f6aULL, + 0x0bfa3d577035106eULL, 0xab95fc172afb0e66ULL, + 0xf64b63979e7a3276ULL, 0xf58b4562649dad4bULL, + 0x48f7c3dbae0c83f1ULL, 0xff31916642f5c8c5ULL, + 0xcbb048dc1c4a0495ULL, 0x66b8f83cdf622989ULL, + 0x35c130e908e2b9b0ULL, 0x7c761a61f0b34fa1ULL, + 0x3601161cf205268dULL, 0x9e54ccfe2219b7d6ULL, + 0x8b7d90a538940837ULL, 0x9cd403588ea35d0bULL, + 0xbc3c6fea9ccc5b5aULL, 0xe5ff733b6d24aeedULL, + 0xceed22de0f7eb8d2ULL, 0xec8581cab1ab545eULL, + 0xb96105e88ff8e71dULL, 0x8ca03501871a5eadULL, + 0x76ccce65d6db2a2fULL, 0x5883f582a7b58057ULL, + 0x3f7be4ed2e8adc3eULL, 0x0fe7be06355cd9c9ULL, + 0xee054e6c1d11be83ULL, 0x1074365909b903a6ULL, + 0x5dde9f80b4813c10ULL, 0x4a770c7d02b6692cULL, + 0x5379c8d5d7809039ULL, 0xb4067448161ed409ULL, + 0x5f5e5026183bd6cdULL, 0xe898029bf4c29df9ULL, + 0x7fb63c940a54d09cULL, 0xc5171f897f4ba8bcULL, + 0xa6f28db7b31d3d72ULL, 0x2e4f3be7716eaa78ULL, + 0x0d6771a099e63314ULL, 0x82076254e41bf284ULL, + 0x2f0fd2b42733df98ULL, 0x5c9e76d3e2dc49f0ULL, + 0x7aeb569619606cdbULL, 0x83478b07b2468764ULL, + 0xcfadcb8d5923cd32ULL, 0x85dac7f05b95a41eULL, + 0xb5469d1b4043a1e9ULL, 0xb821ecbbd9a592fdULL, + 0x1b8e0b0e798c13c8ULL, 0x62a57b6d9a0be02eULL, + 0xfcf1b793b81257f8ULL, 0x9d94ea0bd8fe28ebULL, + 0x4cea408aeb654a56ULL, 0x23284a47e888996cULL, + 0x2d8f1d128b893545ULL, 0xf4cbac3132c0d8abULL, + 0xbd7c86b9ca912ebaULL, 0x3a268eef3dbe6079ULL, + 0xf0d62f6077a9110cULL, 0x2735c916ade150cbULL, + 0x89fd5f03942ee2eaULL, 0x1acee25d2fd16628ULL, + 0x90f39bab41181bffULL, 0x430dfe8cde39939fULL, + 0xf70b8ac4c8274796ULL, 0x1c53aeaac6024552ULL, + 0x13b410acf35e9c9bULL, 0xa532ab4249faa24fULL, + 0x2b1251e5625a163fULL, 0xd7e3e676da4841c7ULL, + 0xa7b264e4e5404892ULL, 0xda8497d643ae72d3ULL, + 0x861ae105a1723b23ULL, 0x38a6414991048aa4ULL, + 0x6578dec92585b6b4ULL, 0x0280cfa6acbaeaddULL, + 0x88bdb650c273970aULL, 0x9333bd5ebbff84c2ULL, + 0x4e6a8f2c47dfa08bULL, 0x321c954db76cef2aULL, + 0x418d312a72837942ULL, 0xb29b38bfffcdf773ULL, + 0x6c022c38f90a4c07ULL, 0x5a033a240b0f6a8aULL, + 0x1f93885f3ce5da6fULL, 0xc38a537e96988bc6ULL, + 0x39e6a81ac759ff44ULL, 0x29929e43cee0fce2ULL, + 0x40cdd87924de0ca2ULL, 0xe9d8ebc8a29fe819ULL, + 0x0c2798f3cfbb46f4ULL, 0x55e484223e53b343ULL, + 0x4650948ecd0d2fd8ULL, 0x20e86cb2126f0651ULL, + 0x6d42c56baf5739e7ULL, 0xa06fc1405ace1e08ULL, + 0x7babbfc54f3d193bULL, 0x424d17df8864e67fULL, + 0xd8045870ef14980eULL, 0xc6d7397c85ac3781ULL, + 0x21a885e1443273b1ULL, 0x67f8116f893f5c69ULL, + 0x24f5efe35706cff6ULL, 0xd56329d076f2ab1aULL, + 0x5e1eb9754e66a32dULL, 0x28d2771098bd8902ULL, + 0x8f6013f47dfdc190ULL, 0x17a993fdb637553cULL, + 0xe0a219397e1012aaULL, 0x786b9930b5da8606ULL, + 0x6e82e39e55b0a6daULL, 0x875a0856f72f4ec3ULL, + 0x3741ff4fa458536dULL, 0xac4859b3957558fcULL, + 0x7ef6d5c75c09a57cULL, 0xc04a758b6c7f14fbULL, + 0xf9acdd91ab26ebbfULL, 0x7391a467c5ef9668ULL, + 0x335c7c1ee1319acaULL, 0xa91533b18641e4bbULL, + 0xe4bf9a683b79db0dULL, 0x8e20faa72ba0b470ULL, + 0x51f907737b3a7ae4ULL, 0x2268a314bed5ec8cULL, + 0xd944b123b949edeeULL, 0x31dcb3b84d8b7017ULL, + 0xd3fe65279f218860ULL, 0x097af2f1dc8ffab3ULL, + 0x9b09a6fc312d0b91ULL, 0xcc6ded78a3c4520fULL, + 0x3481d9ba5ebfcc50ULL, 0x4f2a667f1182d56bULL, + 0xdfd9fdd4509ace94ULL, 0x26752045fbbc252bULL, + 0xbffc491f662bc467ULL, 0xdd593272fc202449ULL, + 0x3cbbc218d46d4303ULL, 0x91b372f817456e1fULL, + 0x681faf69bc6385a0ULL, 0xb686bbeebaa43ed4ULL, + 0x1469b5084cd0ca01ULL, 0x98c98009cbca94acULL, + 0x6438379a73d8c354ULL, 0xc2caba2dc0c5fe26ULL, + 0x3e3b0dbe78d7a9deULL, 0x50b9ee202d670f04ULL, + 0x4590b27b37eab0e5ULL, 0x6025b4cb36b10af3ULL, + 0xfb2c1237079c0162ULL, 0xa12f28130c936be8ULL, + 0x4b37e52e54eb1cccULL, 0x083a1ba28ad28f53ULL, + 0xc10a9cd83a22611bULL, 0x9f1425ad7444c236ULL, + 0x069d4cf7e9d3237aULL, 0xedc56899e7f621beULL, + 0x778c273680865fcfULL, 0x309c5aeb1bd605f7ULL, + 0x8de0dc52d1472b4dULL, 0xf8ec34c2fd7b9e5fULL, + 0xea18cd3d58787724ULL, 0xaad515447ca67b86ULL, + 0x9989695a9d97e14cULL, 0x0000000000000000ULL, + 0xf196c63321f464ecULL, 0x71116bc169557cb5ULL, + 0xaf887f466f92c7c1ULL, 0x972e3e0ffe964d65ULL, + 0x190ec4a8d536f915ULL, 0x95aef1a9522ca7b8ULL, + 0xdc19db21aa7d51a9ULL, 0x94ee18fa0471d258ULL, + 0x8087adf248a11859ULL, 0xc457f6da2916dd5cULL, + 0xfa6cfb6451c17482ULL, 0xf256e0c6db13fbd1ULL, + 0x6a9f60cf10d96f7dULL, 0x4daaa9d9bd383fb6ULL, + 0x03c026f5fae79f3dULL, 0xde99148706c7bb74ULL, + 0x2a52b8b6340763dfULL, 0x6fc20acd03edd33aULL, + 0xd423c08320afdefaULL, 0xbbe1ca4e23420dc0ULL, + 0x966ed75ca8cb3885ULL, 0xeb58246e0e2502c4ULL, + 0x055d6a021334bc47ULL, 0xa47242111fa7d7afULL, + 0xe3623fcc84f78d97ULL, 0x81c744a11efc6db9ULL, + 0xaec8961539cfb221ULL, 0xf31609958d4e8e31ULL, + 0x63e5923ecc5695ceULL, 0x47107ddd9b505a38ULL, + 0xa3afe7b5a0298135ULL, 0x792b7063e387f3e6ULL, + 0x0140e953565d75e0ULL, 0x12f4f9ffa503e97bULL, + 0x750ce8902c3cb512ULL, 0xdbc47e8515f30733ULL, + 0x1ed3610c6ab8af8fULL, 0x5239218681dde5d9ULL, + 0xe222d69fd2aaf877ULL, 0xfe71783514a8bd25ULL, + 0xcaf0a18f4a177175ULL, 0x61655d9860ec7f13ULL, + 0xe77fbc9dc19e4430ULL, 0x2ccff441ddd440a5ULL, + 0x16e97aaee06a20dcULL, 0xa855dae2d01c915bULL, + 0x1d1347f9905f30b2ULL, 0xb7c652bdecf94b34ULL, + 0xd03e43d265c6175dULL, 0xfdb15ec0ee4f2218ULL, + 0x57644b8492e9599eULL, 0x07dda5a4bf8e569aULL, + 0x54a46d71680ec6a3ULL, 0x5624a2d7c4b42c7eULL, + 0xbebca04c3076b187ULL, 0x7d36f332a6ee3a41ULL, + 0x3b6667bc6be31599ULL, 0x695f463aea3ef040ULL, + 0xad08b0e0c3282d1cULL, 0xb15b1e4a052a684eULL, + 0x44d05b2861b7c505ULL, 0x15295c5b1a8dbfe1ULL, + 0x744c01c37a61c0f2ULL, 0x59c31cd1f1e8f5b7ULL, + 0xef45a73f4b4ccb63ULL, 0x6bdf899c46841a9dULL, + 0x3dfb2b4b823036e3ULL, 0xa2ef0ee6f674f4d5ULL, + 0x184e2dfb836b8cf5ULL, 0x1134df0a5fe47646ULL, + 0xbaa1231d751f7820ULL, 0xd17eaa81339b62bdULL, + 0xb01bf71953771daeULL, 0x849a2ea30dc8d1feULL, + 0x705182923f080955ULL, 0x0ea757556301ac29ULL, + 0x041d83514569c9a7ULL, 0x0abad4042668658eULL, + 0x49b72a88f851f611ULL, 0x8a3d79f66ec97dd7ULL, + 0xcd2d042bf59927efULL, 0xc930877ab0f0ee48ULL, + 0x9273540deda2f122ULL, 0xc797d02fd3f14261ULL, + 0xe1e2f06a284d674aULL, 0xd2be8c74c97cfd80ULL, + 0x9a494faf67707e71ULL, 0xb3dbd1eca9908293ULL, + 0x72d14d3493b2e388ULL, 0xd6a30f258c153427ULL }, +}; + +static const uint64_t C16[12][8] = +{ + { 0xdd806559f2a64507ULL, 0x05767436cc744d23ULL, + 0xa2422a08a460d315ULL, 0x4b7ce09192676901ULL, + 0x714eb88d7585c4fcULL, 0x2f6a76432e45d016ULL, + 0xebcb2f81c0657c1fULL, 0xb1085bda1ecadae9ULL }, + { 0xe679047021b19bb7ULL, 0x55dda21bd7cbcd56ULL, + 0x5cb561c2db0aa7caULL, 0x9ab5176b12d69958ULL, + 0x61d55e0f16b50131ULL, 0xf3feea720a232b98ULL, + 0x4fe39d460f70b5d7ULL, 0x6fa3b58aa99d2f1aULL }, + { 0x991e96f50aba0ab2ULL, 0xc2b6f443867adb31ULL, + 0xc1c93a376062db09ULL, 0xd3e20fe490359eb1ULL, + 0xf2ea7514b1297b7bULL, 0x06f15e5f529c1f8bULL, + 0x0a39fc286a3d8435ULL, 0xf574dcac2bce2fc7ULL }, + { 0x220cbebc84e3d12eULL, 0x3453eaa193e837f1ULL, + 0xd8b71333935203beULL, 0xa9d72c82ed03d675ULL, + 0x9d721cad685e353fULL, 0x488e857e335c3c7dULL, + 0xf948e1a05d71e4ddULL, 0xef1fdfb3e81566d2ULL }, + { 0x601758fd7c6cfe57ULL, 0x7a56a27ea9ea63f5ULL, + 0xdfff00b723271a16ULL, 0xbfcd1747253af5a3ULL, + 0x359e35d7800fffbdULL, 0x7f151c1f1686104aULL, + 0x9a3f410c6ca92363ULL, 0x4bea6bacad474799ULL }, + { 0xfa68407a46647d6eULL, 0xbf71c57236904f35ULL, + 0x0af21f66c2bec6b6ULL, 0xcffaa6b71c9ab7b4ULL, + 0x187f9ab49af08ec6ULL, 0x2d66c4f95142a46cULL, + 0x6fa4c33b7a3039c0ULL, 0xae4faeae1d3ad3d9ULL }, + { 0x8886564d3a14d493ULL, 0x3517454ca23c4af3ULL, + 0x06476983284a0504ULL, 0x0992abc52d822c37ULL, + 0xd3473e33197a93c9ULL, 0x399ec6c7e6bf87c9ULL, + 0x51ac86febf240954ULL, 0xf4c70e16eeaac5ecULL }, + { 0xa47f0dd4bf02e71eULL, 0x36acc2355951a8d9ULL, + 0x69d18d2bd1a5c42fULL, 0xf4892bcb929b0690ULL, + 0x89b4443b4ddbc49aULL, 0x4eb7f8719c36de1eULL, + 0x03e7aa020c6e4141ULL, 0x9b1f5b424d93c9a7ULL }, + { 0x7261445183235adbULL, 0x0e38dc92cb1f2a60ULL, + 0x7b2b8a9aa6079c54ULL, 0x800a440bdbb2ceb1ULL, + 0x3cd955b7e00d0984ULL, 0x3a7d3a1b25894224ULL, + 0x944c9ad8ec165fdeULL, 0x378f5a541631229bULL }, + { 0x74b4c7fb98459cedULL, 0x3698fad1153bb6c3ULL, + 0x7a1e6c303b7652f4ULL, 0x9fe76702af69334bULL, + 0x1fffe18a1b336103ULL, 0x8941e71cff8a78dbULL, + 0x382ae548b2e4f3f3ULL, 0xabbedea680056f52ULL }, + { 0x6bcaa4cd81f32d1bULL, 0xdea2594ac06fd85dULL, + 0xefbacd1d7d476e98ULL, 0x8a1d71efea48b9caULL, + 0x2001802114846679ULL, 0xd8fa6bbbebab0761ULL, + 0x3002c6cd635afe94ULL, 0x7bcd9ed0efc889fbULL }, + { 0x48bc924af11bd720ULL, 0xfaf417d5d9b21b99ULL, + 0xe71da4aa88e12852ULL, 0x5d80ef9d1891cc86ULL, + 0xf82012d430219f9bULL, 0xcda43c32bcdf1d77ULL, + 0xd21380b00449b17aULL, 0x378ee767f11631baULL }, +}; + +#define strido(out, temp, i) do { \ + uint64_t t; \ + t = streebog_table[0][(temp[0] >> (i * 8)) & 0xff]; \ + t ^= streebog_table[1][(temp[1] >> (i * 8)) & 0xff]; \ + t ^= streebog_table[2][(temp[2] >> (i * 8)) & 0xff]; \ + t ^= streebog_table[3][(temp[3] >> (i * 8)) & 0xff]; \ + t ^= streebog_table[4][(temp[4] >> (i * 8)) & 0xff]; \ + t ^= streebog_table[5][(temp[5] >> (i * 8)) & 0xff]; \ + t ^= streebog_table[6][(temp[6] >> (i * 8)) & 0xff]; \ + t ^= streebog_table[7][(temp[7] >> (i * 8)) & 0xff]; \ + out[i] = t; } while(0) + +static void LPSX (uint64_t *out, const uint64_t *a, const uint64_t *b) +{ + uint64_t temp[8]; + temp[0] = a[0] ^ b[0]; + temp[1] = a[1] ^ b[1]; + temp[2] = a[2] ^ b[2]; + temp[3] = a[3] ^ b[3]; + temp[4] = a[4] ^ b[4]; + temp[5] = a[5] ^ b[5]; + temp[6] = a[6] ^ b[6]; + temp[7] = a[7] ^ b[7]; + strido (out, temp, 0); + strido (out, temp, 1); + strido (out, temp, 2); + strido (out, temp, 3); + strido (out, temp, 4); + strido (out, temp, 5); + strido (out, temp, 6); + strido (out, temp, 7); +} + +static inline void g (uint64_t *h, uint64_t *m, uint64_t *N) +{ + uint64_t K[8]; + uint64_t T[8]; + int i; + + LPSX (K, h, N); + + LPSX (T, K, m); + LPSX (K, K, C16[0]); + for (i = 1; i < 12; i++) + { + LPSX (T, K, T); + LPSX (K, K, C16[i]); + } + + h[0] ^= T[0] ^ K[0] ^ m[0]; + h[1] ^= T[1] ^ K[1] ^ m[1]; + h[2] ^= T[2] ^ K[2] ^ m[2]; + h[3] ^= T[3] ^ K[3] ^ m[3]; + h[4] ^= T[4] ^ K[4] ^ m[4]; + h[5] ^= T[5] ^ K[5] ^ m[5]; + h[6] ^= T[6] ^ K[6] ^ m[6]; + h[7] ^= T[7] ^ K[7] ^ m[7]; +} + + +static void +_nettle_streebog512_compress (struct streebog512_ctx *ctx, const uint8_t *input, size_t count) +{ + uint64_t M[8]; + uint64_t l; + int i; + + for (i = 0; i < 8; i++, input += 8) + M[i] = LE_READ_UINT64(input); + + g (ctx->state, M, ctx->count); + l = ctx->count[0]; + ctx->count[0] += count; + if (ctx->count[0] < l) + { /* overflow */ + for (i = 1; i < 8; i++) + { + ctx->count[i]++; + if (ctx->count[i] != 0) + break; + } + } + + ctx->sigma[0] += M[0]; + for (i = 1; i < 8; i++) + if (ctx->sigma[i-1] < M[i-1]) + ctx->sigma[i] += M[i] + 1; + else + ctx->sigma[i] += M[i]; +} + +static void +streebog_final (struct streebog512_ctx *ctx) +{ + uint64_t Z[8] = {}; + unsigned int i; + + /* PAD. It does not count towards message length */ + i = ctx->index; + /* We have at least one byte free) */ + ctx->block[i++] = 1; + while (i < 64) + ctx->block[i++] = 0; + _nettle_streebog512_compress (ctx, ctx->block, ctx->index * 8); + + g (ctx->state, ctx->count, Z); + g (ctx->state, ctx->sigma, Z); +} + +#define COMPRESS(ctx, data) (_nettle_streebog512_compress((ctx), (data), 64 * 8)) + +void +streebog512_init(struct streebog512_ctx *ctx) +{ + memset(ctx->state, 0, sizeof(ctx->state)); + memset(ctx->count, 0, sizeof(ctx->count)); + memset(ctx->sigma, 0, sizeof(ctx->sigma)); + + /* Initialize buffer */ + ctx->index = 0; +} + +void +streebog512_update(struct streebog512_ctx *ctx, + size_t length, const uint8_t *data) +{ + MD_UPDATE (ctx, length, data, COMPRESS, (void)0); +} + +static void +streebog512_write_digest(struct streebog512_ctx *ctx, + size_t offset, size_t length, + uint8_t *digest) +{ + unsigned i; + unsigned words; + unsigned leftover; + + assert(offset + length <= STREEBOG512_DIGEST_SIZE); + + streebog_final(ctx); + + words = length / 8; + leftover = length % 8; + + for (i = 0; i < words; i++, digest += 8) + LE_WRITE_UINT64(digest, ctx->state[offset + i]); + + if (leftover) + { + /* Truncate to the right size */ + uint64_t word = ctx->state[offset + i] << (8*(8 - leftover)); + + do { + digest[--leftover] = (word >> 56) & 0xff; + word <<= 8; + } while (leftover); + } +} + +void +streebog512_digest(struct streebog512_ctx *ctx, + size_t length, + uint8_t *digest) +{ + assert(length <= STREEBOG512_DIGEST_SIZE); + + streebog512_write_digest(ctx, 0, length, digest); + streebog512_init(ctx); +} + +void +streebog256_init(struct streebog256_ctx *ctx) +{ + memset(ctx->state, 1, sizeof(ctx->state)); + memset(ctx->count, 0, sizeof(ctx->count)); + memset(ctx->sigma, 0, sizeof(ctx->sigma)); + + /* Initialize buffer */ + ctx->index = 0; +} + +void +streebog256_digest(struct streebog256_ctx *ctx, + size_t length, + uint8_t *digest) +{ + assert(length <= STREEBOG256_DIGEST_SIZE); + + streebog512_write_digest(ctx, + 4, + length, + digest); + streebog256_init(ctx); +} diff --git a/streebog.h b/streebog.h new file mode 100644 index 00000000..763cf89f --- /dev/null +++ b/streebog.h @@ -0,0 +1,99 @@ +/* streebog.h + + The Streebog family of hash functions. + + Copyright (C) 2015 Dmitry Eremin-Solenikov + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifndef NETTLE_STREEBOG_H_INCLUDED +#define NETTLE_STREEBOG_H_INCLUDED + +#include "nettle-types.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* Name mangling */ +#define streebog256_init nettle_streebog256_init +#define streebog256_digest nettle_streebog256_digest +#define streebog512_init nettle_streebog512_init +#define streebog512_update nettle_streebog512_update +#define streebog512_digest nettle_streebog512_digest + +/* STREEBOG512 */ + +#define STREEBOG512_DIGEST_SIZE 64 +#define STREEBOG512_BLOCK_SIZE 64 + +/* Digest is kept internally as 8 64-bit words. */ +#define _STREEBOG512_DIGEST_LENGTH 8 + +struct streebog512_ctx +{ + uint64_t state[_STREEBOG512_DIGEST_LENGTH]; /* State variables */ + uint64_t count[_STREEBOG512_DIGEST_LENGTH]; + uint64_t sigma[_STREEBOG512_DIGEST_LENGTH]; + uint8_t block[STREEBOG512_BLOCK_SIZE]; /* STREEBOG512 data buffer */ + unsigned int index; /* index into buffer */ +}; + +void +streebog512_init(struct streebog512_ctx *ctx); + +void +streebog512_update(struct streebog512_ctx *ctx, + size_t length, + const uint8_t *data); + +void +streebog512_digest(struct streebog512_ctx *ctx, + size_t length, + uint8_t *digest); + + +#define STREEBOG256_DIGEST_SIZE 32 +#define STREEBOG256_BLOCK_SIZE STREEBOG512_BLOCK_SIZE +#define streebog256_ctx streebog512_ctx + +void +streebog256_init(struct streebog256_ctx *ctx); + +#define streebog256_update nettle_streebog512_update + +void +streebog256_digest(struct streebog256_ctx *ctx, + size_t length, + uint8_t *digest); + +#ifdef __cplusplus +} +#endif + +#endif /* NETTLE_STREEBOG_H_INCLUDED */ diff --git a/testsuite/.gitignore b/testsuite/.gitignore index 89d8c891..ce670893 100644 --- a/testsuite/.gitignore +++ b/testsuite/.gitignore @@ -65,6 +65,7 @@ /sha3-permute-test /sha384-test /sha512-test +/streebog-test /twofish-test /umac-test /yarrow-test diff --git a/testsuite/.test-rules.make b/testsuite/.test-rules.make index f6b3ebe2..b7f9cd66 100644 --- a/testsuite/.test-rules.make +++ b/testsuite/.test-rules.make @@ -100,6 +100,9 @@ sha3-384-test$(EXEEXT): sha3-384-test.$(OBJEXT) sha3-512-test$(EXEEXT): sha3-512-test.$(OBJEXT) $(LINK) sha3-512-test.$(OBJEXT) $(TEST_OBJS) -o sha3-512-test$(EXEEXT)

+streebog-test$(EXEEXT): streebog-test.$(OBJEXT) + $(LINK) streebog-test.$(OBJEXT) $(TEST_OBJS) -o streebog-test$(EXEEXT) + serpent-test$(EXEEXT): serpent-test.$(OBJEXT) $(LINK) serpent-test.$(OBJEXT) $(TEST_OBJS) -o serpent-test$(EXEEXT)

diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in index d7b359e3..35ae284b 100644 --- a/testsuite/Makefile.in +++ b/testsuite/Makefile.in @@ -24,6 +24,7 @@ TS_NETTLE_SOURCES = aes-test.c arcfour-test.c arctwo-test.c \ sha384-test.c sha512-test.c sha512-224-test.c sha512-256-test.c \ sha3-permute-test.c sha3-224-test.c sha3-256-test.c \ sha3-384-test.c sha3-512-test.c \ + streebog-test.c \ serpent-test.c twofish-test.c version-test.c \ knuth-lfib-test.c \ cbc-test.c ctr-test.c gcm-test.c eax-test.c ccm-test.c cfb-test.c \ diff --git a/testsuite/hmac-test.c b/testsuite/hmac-test.c index f009c800..618de75d 100644 --- a/testsuite/hmac-test.c +++ b/testsuite/hmac-test.c @@ -908,4 +908,21 @@ test_main(void) SHEX("0126bdb87800af214341456563780100"), SHEX("bad70b61c41095bc47e1141cfaed4272" "6a5ceebd62ce75dbbb9ad76cda9f72f7")); + + /* RFC 7836 */ + HMAC_TEST(streebog512, + SHEX("000102030405060708090a0b0c0d0e0f" + "101112131415161718191a1b1c1d1e1f"), + SHEX("0126bdb87800af214341456563780100"), + SHEX("a59bab22ecae19c65fbde6e5f4e9f5d8" + "549d31f037f9df9b905500e171923a77" + "3d5f1530f2ed7e964cb2eedc29e9ad2f" + "3afe93b2814f79f5000ffc0366c251e6")); + + HMAC_TEST(streebog256, + SHEX("000102030405060708090a0b0c0d0e0f" + "101112131415161718191a1b1c1d1e1f"), + SHEX("0126bdb87800af214341456563780100"), + SHEX("a1aa5f7de402d7b3d323f2991c8d4534" + "013137010a83754fd0af6d7cd4922ed9")); } diff --git a/testsuite/meta-hash-test.c b/testsuite/meta-hash-test.c index b81f09ea..083770ee 100644 --- a/testsuite/meta-hash-test.c +++ b/testsuite/meta-hash-test.c @@ -20,6 +20,8 @@ const char* hashes[] = { "sha3_256", "sha3_384", "sha3_512", + "streebog256", + "streebog512" };

void diff --git a/testsuite/pbkdf2-test.c b/testsuite/pbkdf2-test.c index 536108f7..f14eb2ee 100644 --- a/testsuite/pbkdf2-test.c +++ b/testsuite/pbkdf2-test.c @@ -19,7 +19,8 @@ ASSERT(dk[expect->length] == 17); \ } while (0)

-#define MAX_DKLEN SHA512_DIGEST_SIZE +/* Streebog test has particularly long testcase */ +#define MAX_DKLEN 100

void test_main (void) @@ -29,6 +30,8 @@ test_main (void) struct hmac_sha256_ctx sha256ctx; struct hmac_sha512_ctx sha512ctx; struct hmac_gosthash94cp_ctx gosthash94cpctx; + struct hmac_streebog512_ctx streebog512ctx; + struct hmac_streebog256_ctx streebog256ctx;

/* Test vectors for PBKDF2 from RFC 6070. */

@@ -134,4 +137,29 @@ test_main (void)

PBKDF2_HMAC_TEST (pbkdf2_hmac_gosthash94cp, LDATA("password"), 1, LDATA("salt"), SHEX("7314e7c04fb2e662c543674253f68bd0b73445d07f241bed872882da21662d58")); + + hmac_streebog512_set_key (&streebog512ctx, LDATA("password")); + PBKDF2_TEST (&streebog512ctx, hmac_streebog512_update, hmac_streebog512_digest, + STREEBOG512_DIGEST_SIZE, 1, LDATA("salt"), + SHEX("64770af7f748c3b1c9ac831dbcfd85c26111b30a8a657ddc3056b80ca73e040d2854fd36811f6d825cc4ab66ec0a68a490a9e5cf5156b3a2b7eecddbf9a16b47")); + PBKDF2_TEST (&streebog512ctx, hmac_streebog512_update, hmac_streebog512_digest, + STREEBOG512_DIGEST_SIZE, 4096, LDATA("salt"), + SHEX("e52deb9a2d2aaff4e2ac9d47a41f34c20376591c67807f0477e32549dc341bc7867c09841b6d58e29d0347c996301d55df0d34e47cf68f4e3c2cdaf1d9ab86c3")); + + hmac_streebog512_set_key (&streebog512ctx, LDATA("passwordPASSWORDpassword")); + PBKDF2_TEST (&streebog512ctx, hmac_streebog512_update, hmac_streebog512_digest, + STREEBOG512_DIGEST_SIZE, 4096, LDATA("saltSALTsaltSALTsaltSALTsaltSALTsalt"), + SHEX("b2d8f1245fc4d29274802057e4b54e0a0753aa22fc53760b301cf008679e58fe4bee9addcae99ba2b0b20f431a9c5e50f395" + "c89387d0945aedeca6eb4015dfc2bd2421ee9bb71183ba882ceebfef259f33f9e27dc6178cb89dc37428cf9cc52a2baa2d3a")); + + hmac_streebog512_set_key (&streebog512ctx, LDATA("pass\0word")); + PBKDF2_TEST (&streebog512ctx, hmac_streebog512_update, hmac_streebog512_digest, + STREEBOG512_DIGEST_SIZE, 4096, LDATA("sa\0lt"), + SHEX("50df062885b69801a3c10248eb0a27ab6e522ffeb20c991c660f001475d73a4e167f782c18e97e92976d9c1d970831ea78ccb879f67068cdac1910740844e830")); + + /* Generated */ + hmac_streebog256_set_key (&streebog256ctx, LDATA("password")); + PBKDF2_TEST (&streebog256ctx, hmac_streebog256_update, hmac_streebog256_digest, + STREEBOG256_DIGEST_SIZE, 1, LDATA("salt"), + SHEX("d789458d143b9abebc4ef63ca8e576c72b13c7d4289db23fc1e946f84cd605bc")); } diff --git a/testsuite/streebog-test.c b/testsuite/streebog-test.c new file mode 100644 index 00000000..cb6efeec --- /dev/null +++ b/testsuite/streebog-test.c @@ -0,0 +1,40 @@ +#include "testutils.h" +#include "streebog.h" + +/* Using test vectors from the standard itself */ + +void +test_main(void) +{ + test_hash(&nettle_streebog512, + SDATA("012345678901234567890123456789012345678901234567890123456789012"), + SHEX("1b54d01a4af5b9d5 cc3d86d68d285462" + "b19abc2475222f35 c085122be4ba1ffa" + "00ad30f8767b3a82 384c6574f024c311" + "e2a481332b08ef7f 41797891c1646f48")); + + test_hash(&nettle_streebog256, + SDATA("012345678901234567890123456789012345678901234567890123456789012"), + SHEX("9d151eefd8590b89 daa6ba6cb74af927" + "5dd051026bb149a4 52fd84e5e57b5500")); + + test_hash(&nettle_streebog512, + SHEX("d1e520e2e5f2f0e82c20d1f2f0e8e1ee" + "e6e820e2edf3f6e82c20e2e5fef2fa20" + "f120eceef0ff20f1f2f0e5ebe0ece820" + "ede020f5f0e0e1f0fbff20efebfaeafb" + "20c8e3eef0e5e2fb"), + SHEX("1e88e62226bfca6f 9994f1f2d51569e0" + "daf8475a3b0fe61a 5300eee46d961376" + "035fe83549ada2b8 620fcd7c496ce5b3" + "3f0cb9dddc2b6460 143b03dabac9fb28")); + + test_hash(&nettle_streebog256, + SHEX("d1e520e2e5f2f0e82c20d1f2f0e8e1ee" + "e6e820e2edf3f6e82c20e2e5fef2fa20" + "f120eceef0ff20f1f2f0e5ebe0ece820" + "ede020f5f0e0e1f0fbff20efebfaeafb" + "20c8e3eef0e5e2fb"), + SHEX("9dd2fe4e90409e5d a87f53976d7405b0" + "c0cac628fc669a74 1d50063c557e8f50")); +}

-- 2.11.0

Dmitry Eremin-Solenikov

11:27 p.m.

New subject: [PATCH 13/13] Implement PBKDF2 shortcut function for Streebog256/512

Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- Makefile.in | 2 +- pbkdf2-hmac-streebog.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++ pbkdf2.h | 14 +++++++++++ testsuite/pbkdf2-test.c | 7 ++++++ 4 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 pbkdf2-hmac-streebog.c

diff --git a/Makefile.in b/Makefile.in index 921a199f..3b287e05 100644 --- a/Makefile.in +++ b/Makefile.in @@ -115,7 +115,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ nettle-meta-aeads.c nettle-meta-armors.c \ nettle-meta-ciphers.c nettle-meta-hashes.c \ pbkdf2.c pbkdf2-hmac-gosthash94.c pbkdf2-hmac-sha1.c \ - pbkdf2-hmac-sha256.c \ + pbkdf2-hmac-sha256.c pbkdf2-hmac-streebog.c \ poly1305-aes.c poly1305-internal.c \ realloc.c \ ripemd160.c ripemd160-compress.c ripemd160-meta.c \ diff --git a/pbkdf2-hmac-streebog.c b/pbkdf2-hmac-streebog.c new file mode 100644 index 00000000..cc286f89 --- /dev/null +++ b/pbkdf2-hmac-streebog.c @@ -0,0 +1,67 @@ +/* pbkdf2-hmac-streebog.c + + PKCS #5 PBKDF2 used with HMAC-STREEBOG. + + Copyright (C) 2016 Dmitry Eremin-Solenikov + Copyright (C) 2012 Simon Josefsson + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "pbkdf2.h" + +#include "hmac.h" + +void +pbkdf2_hmac_streebog256 (size_t key_length, const uint8_t *key, + unsigned iterations, + size_t salt_length, const uint8_t *salt, + size_t length, uint8_t *dst) +{ + struct hmac_streebog256_ctx streebog256ctx; + + hmac_streebog256_set_key (&streebog256ctx, key_length, key); + PBKDF2 (&streebog256ctx, hmac_streebog256_update, hmac_streebog256_digest, + STREEBOG256_DIGEST_SIZE, iterations, salt_length, salt, length, dst); +} + +void +pbkdf2_hmac_streebog512 (size_t key_length, const uint8_t *key, + unsigned iterations, + size_t salt_length, const uint8_t *salt, + size_t length, uint8_t *dst) +{ + struct hmac_streebog512_ctx streebog512ctx; + + hmac_streebog512_set_key (&streebog512ctx, key_length, key); + PBKDF2 (&streebog512ctx, hmac_streebog512_update, hmac_streebog512_digest, + STREEBOG512_DIGEST_SIZE, iterations, salt_length, salt, length, dst); +} diff --git a/pbkdf2.h b/pbkdf2.h index a36dfdba..67583bce 100644 --- a/pbkdf2.h +++ b/pbkdf2.h @@ -46,6 +46,8 @@ extern "C" #define pbkdf2_hmac_sha1 nettle_pbkdf2_hmac_sha1 #define pbkdf2_hmac_sha256 nettle_pbkdf2_hmac_sha256 #define pbkdf2_hmac_gosthash94cp nettle_pbkdf2_hmac_gosthash94cp +#define pbkdf2_hmac_streebog256 nettle_pbkdf2_hmac_streebog256 +#define pbkdf2_hmac_streebog512 nettle_pbkdf2_hmac_streebog512

void pbkdf2 (void *mac_ctx, @@ -85,6 +87,18 @@ pbkdf2_hmac_gosthash94cp (size_t key_length, const uint8_t *key, size_t salt_length, const uint8_t *salt, size_t length, uint8_t *dst);

+void +pbkdf2_hmac_streebog256 (size_t key_length, const uint8_t *key, + unsigned iterations, + size_t salt_length, const uint8_t *salt, + size_t length, uint8_t *dst); + +void +pbkdf2_hmac_streebog512 (size_t key_length, const uint8_t *key, + unsigned iterations, + size_t salt_length, const uint8_t *salt, + size_t length, uint8_t *dst); + #ifdef __cplusplus } #endif diff --git a/testsuite/pbkdf2-test.c b/testsuite/pbkdf2-test.c index f14eb2ee..e89ba3b2 100644 --- a/testsuite/pbkdf2-test.c +++ b/testsuite/pbkdf2-test.c @@ -157,9 +157,16 @@ test_main (void) STREEBOG512_DIGEST_SIZE, 4096, LDATA("sa\0lt"), SHEX("50df062885b69801a3c10248eb0a27ab6e522ffeb20c991c660f001475d73a4e167f782c18e97e92976d9c1d970831ea78ccb879f67068cdac1910740844e830"));

+ PBKDF2_HMAC_TEST (pbkdf2_hmac_streebog512, LDATA("password"), 1, LDATA("salt"), + SHEX("64770af7f748c3b1c9ac831dbcfd85c26111b30a8a657ddc3056b80ca73e040d2854fd36811f6d825cc4ab66ec0a68a490a9e5cf5156b3a2b7eecddbf9a16b47")); + /* Generated */ hmac_streebog256_set_key (&streebog256ctx, LDATA("password")); PBKDF2_TEST (&streebog256ctx, hmac_streebog256_update, hmac_streebog256_digest, STREEBOG256_DIGEST_SIZE, 1, LDATA("salt"), SHEX("d789458d143b9abebc4ef63ca8e576c72b13c7d4289db23fc1e946f84cd605bc")); + + + PBKDF2_HMAC_TEST (pbkdf2_hmac_streebog256, LDATA("password"), 1, LDATA("salt"), + SHEX("d789458d143b9abebc4ef63ca8e576c72b13c7d4289db23fc1e946f84cd605bc")); }

-- 2.11.0

nisse＠lysator.liu.se

20 May 20 May

8:39 p.m.

Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:

...

This is the first round of patches expanding GOST algorithms support in Nettle cryptographic library. They are implemented according to published RFCs and GOST standards and serve the base of GOST ciphersuites implementation for GnuTLS.

It's good to know what the direction is, but it's a pretty large "first round". For context, where's the spec of these TLS ciphersuites? From a quick search, I only find this internet-draft with no recent activity: https://tools.ietf.org/html/draft-chudov-cryptopro-cptls-04, is that what you're implementing? Is it used in practice?

...

Dmitry Eremin-Solenikov (13): Add GOST R 34.11 to nettle_hashes Add HMAC functions for GOSTHASH94 Start separating GOST 28147-89 from GOST R 34.11-94 Add support for GOSTHASH94CP: GOST R 34.11-94 hash with CryptoPro S-box Implement PBKDF2 shortcut function for GOSTHASH94CP Add the rest of sboxes for GOST 28147 Add GOST 28147-89 ECB encryption and decryption support Add CFB block mode support Add CFB mode support for GOST 28147-89 Add special CNT mode for GOST 28147-89 cipher Add GOST 28147-89 IMIT support Implement GOST R 34.11-2012 (Streebog) hash function Implement PBKDF2 shortcut function for Streebog256/512

Just looking at this list, we have CFB support (seems generally useful), two additional GOST hash functions ("CryptoPro" S-boxes and Streebog), a GOST cipher, and a few wrappers for using these with hmac, pbkdf2, nettle-meta.h, etc.

I think we have to do this in smaller pieces. Which one should I start looking at?

(And then I'm not familiar with GOST, are the different algorithms with that name technically close, or are they just specified by the same government body?)

Regards, /Niels

-- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject to wholesale government surveillance.

Dmitry Eremin-Solenikov

22 May 22 May

7:59 a.m.

Hi,

2017-05-20 23:39 GMT+03:00 Niels Möller nisse@lysator.liu.se:

...

Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:

...
This is the first round of patches expanding GOST algorithms support in Nettle cryptographic library. They are implemented according to published RFCs and GOST standards and serve the base of GOST ciphersuites implementation for GnuTLS.

It's good to know what the direction is, but it's a pretty large "first round". For context, where's the spec of these TLS ciphersuites? From a quick search, I only find this internet-draft with no recent activity: https://tools.ietf.org/html/draft-chudov-cryptopro-cptls-04, is that what you're implementing? Is it used in practice?

Basically yes. That internet draft + version from GOST technical comitee that include newer hash function (Streebog) and longer keys support.

...

...
Dmitry Eremin-Solenikov (13): Add GOST R 34.11 to nettle_hashes Add HMAC functions for GOSTHASH94 Start separating GOST 28147-89 from GOST R 34.11-94 Add support for GOSTHASH94CP: GOST R 34.11-94 hash with CryptoPro S-box Implement PBKDF2 shortcut function for GOSTHASH94CP Add the rest of sboxes for GOST 28147 Add GOST 28147-89 ECB encryption and decryption support Add CFB block mode support Add CFB mode support for GOST 28147-89 Add special CNT mode for GOST 28147-89 cipher Add GOST 28147-89 IMIT support Implement GOST R 34.11-2012 (Streebog) hash function Implement PBKDF2 shortcut function for Streebog256/512

Just looking at this list, we have CFB support (seems generally useful), two additional GOST hash functions ("CryptoPro" S-boxes and Streebog), a GOST cipher, and a few wrappers for using these with hmac, pbkdf2, nettle-meta.h, etc.

I think we have to do this in smaller pieces. Which one should I start looking at?

I've mostly ordered patched in the way the should be looked.

...

(And then I'm not familiar with GOST, are the different algorithms with that name technically close, or are they just specified by the same government body?)

It is just a governmental body (like NIST).

Some references:

- symmetric encryption: RFC 5830 - old hash function (GOST R 34.11-94): RFC 5831 - new hash function (Streebog): RFC 6986 - digital signatures: RFC 5832 + RFC 7091 - additional algorithms and definitions: RFC 4357

-- With best wishes Dmitry

Dmitry Eremin-Solenikov

7 Jun 7 Jun

7:33 a.m.

Hello,

2017-05-20 23:39 GMT+03:00 Niels Möller nisse@lysator.liu.se:

...

...
Dmitry Eremin-Solenikov (13): Add GOST R 34.11 to nettle_hashes Add HMAC functions for GOSTHASH94 Start separating GOST 28147-89 from GOST R 34.11-94 Add support for GOSTHASH94CP: GOST R 34.11-94 hash with CryptoPro S-box Implement PBKDF2 shortcut function for GOSTHASH94CP Add the rest of sboxes for GOST 28147 Add GOST 28147-89 ECB encryption and decryption support Add CFB block mode support Add CFB mode support for GOST 28147-89 Add special CNT mode for GOST 28147-89 cipher Add GOST 28147-89 IMIT support Implement GOST R 34.11-2012 (Streebog) hash function Implement PBKDF2 shortcut function for Streebog256/512

Just looking at this list, we have CFB support (seems generally useful), two additional GOST hash functions ("CryptoPro" S-boxes and Streebog), a GOST cipher, and a few wrappers for using these with hmac, pbkdf2, nettle-meta.h, etc.

I think we have to do this in smaller pieces. Which one should I start looking at?

Would you like me to submit things in smaller batches? Or you just need additional time to review this patchset? Would you like me to provide more references? I'm just trying to understand current status of the patchset.

-- With best wishes Dmitry

2712

Age (days ago)

2733

Last active (days ago)

nettle-bugs@lists.lysator.liu.se

16 comments

2 participants

tags (0)

participants (2)

Dmitry Eremin-Solenikov
nisse＠lysator.liu.se