gosthash.c revision 279264
1/********************************************************************** 2 * gosthash.c * 3 * Copyright (c) 2005-2006 Cryptocom LTD * 4 * This file is distributed under the same license as OpenSSL * 5 * * 6 * Implementation of GOST R 34.11-94 hash function * 7 * uses on gost89.c and gost89.h Doesn't need OpenSSL * 8 **********************************************************************/ 9#include <string.h> 10 11#include "gost89.h" 12#include "gosthash.h" 13 14 15/* Use OPENSSL_malloc for memory allocation if compiled with 16 * -DOPENSSL_BUILD, and libc malloc otherwise 17 */ 18#ifndef MYALLOC 19# ifdef OPENSSL_BUILD 20# include <openssl/crypto.h> 21# define MYALLOC(size) OPENSSL_malloc(size) 22# define MYFREE(ptr) OPENSSL_free(ptr) 23# else 24# define MYALLOC(size) malloc(size) 25# define MYFREE(ptr) free(ptr) 26# endif 27#endif 28/* Following functions are various bit meshing routines used in 29 * GOST R 34.11-94 algorithms */ 30static void swap_bytes (byte *w, byte *k) 31 { 32 int i,j; 33 for (i=0;i<4;i++) 34 for (j=0;j<8;j++) 35 k[i+4*j]=w[8*i+j]; 36 37 } 38 39/* was A_A */ 40static void circle_xor8 (const byte *w, byte *k) 41 { 42 byte buf[8]; 43 int i; 44 memcpy(buf,w,8); 45 memmove(k,w+8,24); 46 for(i=0;i<8;i++) 47 k[i+24]=buf[i]^k[i]; 48 } 49 50/* was R_R */ 51static void transform_3 (byte *data) 52 { 53 unsigned short int acc; 54 acc=(data[0]^data[2]^data[4]^data[6]^data[24]^data[30])| 55 ((data[1]^data[3]^data[5]^data[7]^data[25]^data[31])<<8); 56 memmove(data,data+2,30); 57 data[30]=acc&0xff; 58 data[31]=acc>>8; 59 } 60 61/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/ 62static int add_blocks(int n,byte *left, const byte *right) 63 { 64 int i; 65 int carry=0; 66 int sum; 67 for (i=0;i<n;i++) 68 { 69 sum=(int)left[i]+(int)right[i]+carry; 70 left[i]=sum & 0xff; 71 carry=sum>>8; 72 } 73 return carry; 74 } 75 76/* Xor two sequences of bytes */ 77static void xor_blocks (byte *result,const byte *a,const byte *b,size_t len) 78 { 79 size_t i; 80 for (i=0;i<len;i++) result[i]=a[i]^b[i]; 81 } 82 83/* 84 * Calculate H(i+1) = Hash(Hi,Mi) 85 * Where H and M are 32 bytes long 86 */ 87static int hash_step(gost_ctx *c,byte *H,const byte *M) 88 { 89 byte U[32],W[32],V[32],S[32],Key[32]; 90 int i; 91 /* Compute first key */ 92 xor_blocks(W,H,M,32); 93 swap_bytes(W,Key); 94 /* Encrypt first 8 bytes of H with first key*/ 95 gost_enc_with_key(c,Key,H,S); 96 /* Compute second key*/ 97 circle_xor8(H,U); 98 circle_xor8(M,V); 99 circle_xor8(V,V); 100 xor_blocks(W,U,V,32); 101 swap_bytes(W,Key); 102 /* encrypt second 8 bytes of H with second key*/ 103 gost_enc_with_key(c,Key,H+8,S+8); 104 /* compute third key */ 105 circle_xor8(U,U); 106 U[31]=~U[31]; U[29]=~U[29]; U[28]=~U[28]; U[24]=~U[24]; 107 U[23]=~U[23]; U[20]=~U[20]; U[18]=~U[18]; U[17]=~U[17]; 108 U[14]=~U[14]; U[12]=~U[12]; U[10]=~U[10]; U[ 8]=~U[ 8]; 109 U[ 7]=~U[ 7]; U[ 5]=~U[ 5]; U[ 3]=~U[ 3]; U[ 1]=~U[ 1]; 110 circle_xor8(V,V); 111 circle_xor8(V,V); 112 xor_blocks(W,U,V,32); 113 swap_bytes(W,Key); 114 /* encrypt third 8 bytes of H with third key*/ 115 gost_enc_with_key(c,Key,H+16,S+16); 116 /* Compute fourth key */ 117 circle_xor8(U,U); 118 circle_xor8(V,V); 119 circle_xor8(V,V); 120 xor_blocks(W,U,V,32); 121 swap_bytes(W,Key); 122 /* Encrypt last 8 bytes with fourth key */ 123 gost_enc_with_key(c,Key,H+24,S+24); 124 for (i=0;i<12;i++) 125 transform_3(S); 126 xor_blocks(S,S,M,32); 127 transform_3(S); 128 xor_blocks(S,S,H,32); 129 for (i=0;i<61;i++) 130 transform_3(S); 131 memcpy(H,S,32); 132 return 1; 133 } 134 135/* Initialize gost_hash ctx - cleans up temporary structures and 136 * set up substitution blocks 137 */ 138int init_gost_hash_ctx(gost_hash_ctx *ctx, const gost_subst_block *subst_block) 139 { 140 memset(ctx,0,sizeof(gost_hash_ctx)); 141 ctx->cipher_ctx = (gost_ctx *)MYALLOC(sizeof(gost_ctx)); 142 if (!ctx->cipher_ctx) 143 { 144 return 0; 145 } 146 gost_init(ctx->cipher_ctx,subst_block); 147 return 1; 148 } 149 150/* 151 * Free cipher CTX if it is dynamically allocated. Do not use 152 * if cipher ctx is statically allocated as in OpenSSL implementation of 153 * GOST hash algroritm 154 * 155 */ 156void done_gost_hash_ctx(gost_hash_ctx *ctx) 157 { 158 /* No need to use gost_destroy, because cipher keys are not really 159 * secret when hashing */ 160 MYFREE(ctx->cipher_ctx); 161 } 162 163/* 164 * reset state of hash context to begin hashing new message 165 */ 166int start_hash(gost_hash_ctx *ctx) 167 { 168 if (!ctx->cipher_ctx) return 0; 169 memset(&(ctx->H),0,32); 170 memset(&(ctx->S),0,32); 171 ctx->len = 0L; 172 ctx->left=0; 173 return 1; 174 } 175 176/* 177 * Hash block of arbitrary length 178 * 179 * 180 */ 181int hash_block(gost_hash_ctx *ctx,const byte *block, size_t length) 182 { 183 if (ctx->left) 184 { 185 /*There are some bytes from previous step*/ 186 unsigned int add_bytes = 32-ctx->left; 187 if (add_bytes>length) 188 { 189 add_bytes = length; 190 } 191 memcpy(&(ctx->remainder[ctx->left]),block,add_bytes); 192 ctx->left+=add_bytes; 193 if (ctx->left<32) 194 { 195 return 1; 196 } 197 block+=add_bytes; 198 length-=add_bytes; 199 hash_step(ctx->cipher_ctx,ctx->H,ctx->remainder); 200 add_blocks(32,ctx->S,ctx->remainder); 201 ctx->len+=32; 202 ctx->left=0; 203 } 204 while (length>=32) 205 { 206 hash_step(ctx->cipher_ctx,ctx->H,block); 207 208 add_blocks(32,ctx->S,block); 209 ctx->len+=32; 210 block+=32; 211 length-=32; 212 } 213 if (length) 214 { 215 memcpy(ctx->remainder,block,ctx->left=length); 216 } 217 return 1; 218 } 219 220/* 221 * Compute hash value from current state of ctx 222 * state of hash ctx becomes invalid and cannot be used for further 223 * hashing. 224 */ 225int finish_hash(gost_hash_ctx *ctx,byte *hashval) 226 { 227 byte buf[32]; 228 byte H[32]; 229 byte S[32]; 230 ghosthash_len fin_len=ctx->len; 231 byte *bptr; 232 memcpy(H,ctx->H,32); 233 memcpy(S,ctx->S,32); 234 if (ctx->left) 235 { 236 memset(buf,0,32); 237 memcpy(buf,ctx->remainder,ctx->left); 238 hash_step(ctx->cipher_ctx,H,buf); 239 add_blocks(32,S,buf); 240 fin_len+=ctx->left; 241 } 242 memset(buf,0,32); 243 bptr=buf; 244 fin_len<<=3; /* Hash length in BITS!!*/ 245 while(fin_len>0) 246 { 247 *(bptr++)=(byte)(fin_len&0xFF); 248 fin_len>>=8; 249 }; 250 hash_step(ctx->cipher_ctx,H,buf); 251 hash_step(ctx->cipher_ctx,H,S); 252 memcpy(hashval,H,32); 253 return 1; 254 } 255