From c982fe656b75adba6c64552d1657b842555cb887 Mon Sep 17 00:00:00 2001 From: Dmitry Baryshkov Date: Mon, 23 Mar 2020 23:58:00 +0300 Subject: [PATCH 37/87] gost: add support for ACPKM rekeying Add support for ACPKM internal rekeying (RFC 8645). Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/evp/evp.h | 2 ++ src/lib/libcrypto/gost/gost89_params.c | 38 ++++++++++++++++++++++++++ src/lib/libcrypto/gost/gost_locl.h | 5 ++++ 3 files changed, 45 insertions(+) diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index 26e025d09..77b3a4f8e 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h @@ -396,6 +396,8 @@ struct evp_cipher_st { #define EVP_CTRL_GCM_SET_IV_INV 0x18 /* Set the S-BOX NID for GOST ciphers */ #define EVP_CTRL_GOST_SET_SBOX 0x19 +/* Set the key meshing section for GOST ciphers */ +#define EVP_CTRL_GOST_SET_MESHING 0x1a /* GCM TLS constants */ /* Length of fixed part of IV derived from PRF */ diff --git a/src/lib/libcrypto/gost/gost89_params.c b/src/lib/libcrypto/gost/gost89_params.c index 7365f7a43..e02265389 100644 --- a/src/lib/libcrypto/gost/gost89_params.c +++ b/src/lib/libcrypto/gost/gost89_params.c @@ -50,6 +50,7 @@ */ #include +#include #include @@ -259,4 +260,41 @@ Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key) Gost2814789_set_key(key, newkey); } + +#define ACPKM_KEY_SIZE 128 +static unsigned char acpkm_mesh_data[ACPKM_KEY_SIZE] = +{ + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, + 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, + 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, + 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, + 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, + 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, + 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, +}; + + +void +acpkm_key_mesh(void *ctx, + acpkm_block *block, acpkm_set_key *set_key, + unsigned int block_size, unsigned int key_size) +{ + unsigned int i; + unsigned char new_key[ACPKM_KEY_SIZE]; + + for (i = 0; i < key_size; i += block_size) { + block(&acpkm_mesh_data[i], &new_key[i], ctx); + } + set_key(ctx, new_key); + explicit_bzero(new_key, i); +} #endif diff --git a/src/lib/libcrypto/gost/gost_locl.h b/src/lib/libcrypto/gost/gost_locl.h index 302a19c5c..f512029e1 100644 --- a/src/lib/libcrypto/gost/gost_locl.h +++ b/src/lib/libcrypto/gost/gost_locl.h @@ -97,6 +97,11 @@ extern void Gost2814789_encrypt(const unsigned char *in, unsigned char *out, extern void Gost2814789_decrypt(const unsigned char *in, unsigned char *out, const GOST2814789_KEY *key); extern void Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key); +typedef void acpkm_block(const unsigned char *in, unsigned char *out, void *ctx); +typedef void acpkm_set_key(void *ctx, const unsigned char *key); +extern void acpkm_key_mesh(void *ctx, + acpkm_block *block, acpkm_set_key *set_key, + unsigned int block_size, unsigned int key_size); void Magma_set_key_int(MAGMA_KEY *key, const unsigned char *userKey); -- 2.17.1