From: tb Date: Sat, 2 Mar 2024 11:17:27 +0000 (+0000) Subject: Unhook and remove GOST and STREEBOG X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=9c1150c2d47b6bc9ca96d03146d30a4fd6718824;p=openbsd Unhook and remove GOST and STREEBOG This stops compiling the GOST source. The current implementation is low quality and got in the way, especially in libssl. While we would be open for GOST support, it needs to be significantly better than what we have had and it also needs a maintainer. Add OPENSSL_NO_GOST to opensslfeatures and stop installing gost.h. Some code wrapped in #ifndef OPENSSL_NO_GOST will be removed later. ok jsing --- diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile index 0e4c783d9e8..5ef55c6b6cf 100644 --- a/lib/libcrypto/Makefile +++ b/lib/libcrypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.172 2024/03/02 11:11:11 tb Exp $ +# $OpenBSD: Makefile,v 1.173 2024/03/02 11:17:27 tb Exp $ LIB= crypto LIBREBUILD=y @@ -357,7 +357,6 @@ SRCS+= e_chacha.c SRCS+= e_chacha20poly1305.c SRCS+= e_des.c SRCS+= e_des3.c -SRCS+= e_gost2814789.c SRCS+= e_idea.c SRCS+= e_null.c SRCS+= e_rc2.c @@ -373,8 +372,6 @@ SRCS+= evp_key.c SRCS+= evp_names.c SRCS+= evp_pbe.c SRCS+= evp_pkey.c -SRCS+= m_gost2814789.c -SRCS+= m_gostr341194.c SRCS+= m_md4.c SRCS+= m_md5.c SRCS+= m_md5_sha1.c @@ -394,22 +391,6 @@ SRCS+= pmeth_fn.c SRCS+= pmeth_gn.c SRCS+= pmeth_lib.c -# gost/ -SRCS+= gost2814789.c -SRCS+= gost89_keywrap.c -SRCS+= gost89_params.c -SRCS+= gost89imit_ameth.c -SRCS+= gost89imit_pmeth.c -SRCS+= gost_asn1.c -SRCS+= gost_err.c -SRCS+= gostr341001.c -SRCS+= gostr341001_ameth.c -SRCS+= gostr341001_key.c -SRCS+= gostr341001_params.c -SRCS+= gostr341001_pmeth.c -SRCS+= gostr341194.c -SRCS+= streebog.c - # hkdf/ SRCS+= hkdf.c @@ -728,7 +709,6 @@ HDRS=\ ${LCRYPTO_SRC}/engine/engine.h \ ${LCRYPTO_SRC}/err/err.h \ ${LCRYPTO_SRC}/evp/evp.h \ - ${LCRYPTO_SRC}/gost/gost.h \ ${LCRYPTO_SRC}/hkdf/hkdf.h \ ${LCRYPTO_SRC}/hmac/hmac.h \ ${LCRYPTO_SRC}/idea/idea.h \ diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list index f14233f6496..ac82746c2a2 100644 --- a/lib/libcrypto/Symbols.list +++ b/lib/libcrypto/Symbols.list @@ -1099,7 +1099,6 @@ ERR_load_DSA_strings ERR_load_EC_strings ERR_load_ERR_strings ERR_load_EVP_strings -ERR_load_GOST_strings ERR_load_OBJ_strings ERR_load_OCSP_strings ERR_load_PEM_strings @@ -1453,11 +1452,6 @@ EVP_enc_null EVP_get_cipherbyname EVP_get_digestbyname EVP_get_pw_prompt -EVP_gost2814789_cfb64 -EVP_gost2814789_cnt -EVP_gost2814789_ecb -EVP_gost2814789imit -EVP_gostr341194 EVP_idea_cbc EVP_idea_cfb64 EVP_idea_ecb @@ -1495,8 +1489,6 @@ EVP_sm4_cfb128 EVP_sm4_ctr EVP_sm4_ecb EVP_sm4_ofb -EVP_streebog256 -EVP_streebog512 EVP_whirlpool EXTENDED_KEY_USAGE_free EXTENDED_KEY_USAGE_it @@ -1519,37 +1511,6 @@ GENERAL_NAME_set0_value GENERAL_SUBTREE_free GENERAL_SUBTREE_it GENERAL_SUBTREE_new -GOST2814789IMIT -GOST2814789IMIT_Final -GOST2814789IMIT_Init -GOST2814789IMIT_Transform -GOST2814789IMIT_Update -GOSTR341194 -GOSTR341194_Final -GOSTR341194_Init -GOSTR341194_Transform -GOSTR341194_Update -GOST_CIPHER_PARAMS_free -GOST_CIPHER_PARAMS_it -GOST_CIPHER_PARAMS_new -GOST_KEY_check_key -GOST_KEY_free -GOST_KEY_get0_group -GOST_KEY_get0_private_key -GOST_KEY_get0_public_key -GOST_KEY_get_digest -GOST_KEY_get_size -GOST_KEY_new -GOST_KEY_set_digest -GOST_KEY_set_group -GOST_KEY_set_private_key -GOST_KEY_set_public_key -GOST_KEY_set_public_key_affine_coordinates -Gost2814789_cfb64_encrypt -Gost2814789_cnt_encrypt -Gost2814789_ecb_encrypt -Gost2814789_set_key -Gost2814789_set_sbox HKDF HKDF_expand HKDF_extract @@ -2262,15 +2223,6 @@ SMIME_write_CMS SMIME_write_PKCS7 SSLeay SSLeay_version -STREEBOG256 -STREEBOG256_Final -STREEBOG256_Init -STREEBOG256_Update -STREEBOG512 -STREEBOG512_Final -STREEBOG512_Init -STREEBOG512_Transform -STREEBOG512_Update TS_ACCURACY_dup TS_ACCURACY_free TS_ACCURACY_get_micros @@ -3103,7 +3055,6 @@ d2i_ESS_SIGNING_CERT d2i_EXTENDED_KEY_USAGE d2i_GENERAL_NAME d2i_GENERAL_NAMES -d2i_GOST_CIPHER_PARAMS d2i_IPAddressChoice d2i_IPAddressFamily d2i_IPAddressOrRange @@ -3294,7 +3245,6 @@ i2d_ESS_SIGNING_CERT i2d_EXTENDED_KEY_USAGE i2d_GENERAL_NAME i2d_GENERAL_NAMES -i2d_GOST_CIPHER_PARAMS i2d_IPAddressChoice i2d_IPAddressFamily i2d_IPAddressOrRange diff --git a/lib/libcrypto/evp/e_gost2814789.c b/lib/libcrypto/evp/e_gost2814789.c deleted file mode 100644 index 48619d109dc..00000000000 --- a/lib/libcrypto/evp/e_gost2814789.c +++ /dev/null @@ -1,312 +0,0 @@ -/* $OpenBSD: e_gost2814789.c,v 1.14 2024/01/04 17:38:36 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include - -#include "evp_local.h" - -typedef struct { - GOST2814789_KEY ks; - int param_nid; -} EVP_GOST2814789_CTX; - -static int -gost2814789_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_GOST2814789_CTX *c = ctx->cipher_data; - - return Gost2814789_set_key(&c->ks, key, ctx->key_len * 8); -} - -static int -gost2814789_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -{ - EVP_GOST2814789_CTX *c = ctx->cipher_data; - - switch (type) { - case EVP_CTRL_PBE_PRF_NID: - if (ptr != NULL) { - *((int *)ptr) = NID_id_HMACGostR3411_94; - return 1; - } else { - return 0; - } - case EVP_CTRL_INIT: - /* Default value to have any s-box set at all */ - c->param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; - return Gost2814789_set_sbox(&c->ks, c->param_nid); - case EVP_CTRL_GOST_SET_SBOX: - return Gost2814789_set_sbox(&c->ks, arg); - default: - return -1; - } -} - -int -gost2814789_set_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) -{ - int len = 0; - unsigned char *buf = NULL; - unsigned char *p = NULL; - EVP_GOST2814789_CTX *c = ctx->cipher_data; - ASN1_OCTET_STRING *os = NULL; - GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new(); - - if (gcp == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - if (ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len) == 0) { - GOST_CIPHER_PARAMS_free(gcp); - GOSTerror(ERR_R_ASN1_LIB); - return 0; - } - ASN1_OBJECT_free(gcp->enc_param_set); - gcp->enc_param_set = OBJ_nid2obj(c->param_nid); - - len = i2d_GOST_CIPHER_PARAMS(gcp, NULL); - p = buf = malloc(len); - if (buf == NULL) { - GOST_CIPHER_PARAMS_free(gcp); - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - i2d_GOST_CIPHER_PARAMS(gcp, &p); - GOST_CIPHER_PARAMS_free(gcp); - - os = ASN1_OCTET_STRING_new(); - if (os == NULL) { - free(buf); - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - if (ASN1_OCTET_STRING_set(os, buf, len) == 0) { - ASN1_OCTET_STRING_free(os); - free(buf); - GOSTerror(ERR_R_ASN1_LIB); - return 0; - } - free(buf); - - ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os); - return 1; -} - -int -gost2814789_get_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) -{ - int ret = -1; - int len; - GOST_CIPHER_PARAMS *gcp = NULL; - EVP_GOST2814789_CTX *c = ctx->cipher_data; - unsigned char *p; - - if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) - return ret; - - p = params->value.sequence->data; - - gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p, - params->value.sequence->length); - - len = gcp->iv->length; - if (len != ctx->cipher->iv_len) { - GOST_CIPHER_PARAMS_free(gcp); - GOSTerror(GOST_R_INVALID_IV_LENGTH); - return -1; - } - - if (!Gost2814789_set_sbox(&c->ks, OBJ_obj2nid(gcp->enc_param_set))) { - GOST_CIPHER_PARAMS_free(gcp); - return -1; - } - c->param_nid = OBJ_obj2nid(gcp->enc_param_set); - - memcpy(ctx->oiv, gcp->iv->data, len); - memcpy(ctx->iv, gcp->iv->data, len); - - GOST_CIPHER_PARAMS_free(gcp); - - return 1; -} - -static int -gost2814789_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) -{ - size_t i, bl; - - bl = ctx->cipher->block_size; - - if (inl < bl) - return 1; - - inl -= bl; - - for (i = 0; i <= inl; i += bl) - Gost2814789_ecb_encrypt(in + i, out + i, &((EVP_GOST2814789_CTX *)ctx->cipher_data)->ks, ctx->encrypt); - - return 1; -} - -static int -gost2814789_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) -{ - size_t chunk = EVP_MAXCHUNK; - - if (inl < chunk) - chunk = inl; - - while (inl && inl >= chunk) { - Gost2814789_cfb64_encrypt(in, out, chunk, &((EVP_GOST2814789_CTX *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); - inl -= chunk; - in += chunk; - out += chunk; - if (inl < chunk) - chunk = inl; - } - - return 1; -} - -static int -gost2814789_cnt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - EVP_GOST2814789_CTX *c = ctx->cipher_data; - - while (inl >= EVP_MAXCHUNK) { - Gost2814789_cnt_encrypt(in, out, EVP_MAXCHUNK, &c->ks, - ctx->iv, ctx->buf, &ctx->num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - - if (inl) - Gost2814789_cnt_encrypt(in, out, inl, &c->ks, ctx->iv, ctx->buf, - &ctx->num); - return 1; -} - -/* gost89 is CFB-64 */ -#define NID_gost89_cfb64 NID_id_Gost28147_89 - -static const EVP_CIPHER gost2814789_ecb = { - .nid = NID_gost89_ecb, - .block_size = 8, - .key_len = 32, - .iv_len = 0, - .flags = EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT | EVP_CIPH_ECB_MODE, - .init = gost2814789_init_key, - .do_cipher = gost2814789_ecb_cipher, - .cleanup = NULL, - .ctx_size = sizeof(EVP_GOST2814789_CTX), - .set_asn1_parameters = gost2814789_set_asn1_params, - .get_asn1_parameters = gost2814789_get_asn1_params, - .ctrl = gost2814789_ctl, -}; - -const EVP_CIPHER * -EVP_gost2814789_ecb(void) -{ - return &gost2814789_ecb; -} - -static const EVP_CIPHER gost2814789_cfb64 = { - .nid = NID_gost89_cfb64, - .block_size = 1, - .key_len = 32, - .iv_len = 8, - .flags = EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT | EVP_CIPH_CFB_MODE, - .init = gost2814789_init_key, - .do_cipher = gost2814789_cfb64_cipher, - .cleanup = NULL, - .ctx_size = sizeof(EVP_GOST2814789_CTX), - .set_asn1_parameters = gost2814789_set_asn1_params, - .get_asn1_parameters = gost2814789_get_asn1_params, - .ctrl = gost2814789_ctl, -}; - -const EVP_CIPHER * -EVP_gost2814789_cfb64(void) -{ - return &gost2814789_cfb64; -} - -static const EVP_CIPHER gost2814789_cnt = { - .nid = NID_gost89_cnt, - .block_size = 1, - .key_len = 32, - .iv_len = 8, - .flags = EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT | EVP_CIPH_OFB_MODE, - .init = gost2814789_init_key, - .do_cipher = gost2814789_cnt_cipher, - .cleanup = NULL, - .ctx_size = sizeof(EVP_GOST2814789_CTX), - .set_asn1_parameters = gost2814789_set_asn1_params, - .get_asn1_parameters = gost2814789_get_asn1_params, - .ctrl = gost2814789_ctl, -}; - -const EVP_CIPHER * -EVP_gost2814789_cnt(void) -{ - return &gost2814789_cnt; -} -#endif diff --git a/lib/libcrypto/evp/m_gost2814789.c b/lib/libcrypto/evp/m_gost2814789.c deleted file mode 100644 index 9b8a09e5a4d..00000000000 --- a/lib/libcrypto/evp/m_gost2814789.c +++ /dev/null @@ -1,113 +0,0 @@ -/* $OpenBSD: m_gost2814789.c,v 1.6 2023/07/07 19:37:53 beck Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#ifndef OPENSSL_NO_GOST - -#include -#include -#include - -#include "evp_local.h" - -static int -gost2814789_init(EVP_MD_CTX *ctx) -{ - return GOST2814789IMIT_Init(ctx->md_data, - NID_id_Gost28147_89_CryptoPro_A_ParamSet); -} - -static int -gost2814789_update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return GOST2814789IMIT_Update(ctx->md_data, data, count); -} - -static int -gost2814789_final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return GOST2814789IMIT_Final(md, ctx->md_data); -} - -static int -gost2814789_md_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) -{ - GOST2814789IMIT_CTX *gctx = ctx->md_data; - - switch (cmd) { - case EVP_MD_CTRL_SET_KEY: - return Gost2814789_set_key(&gctx->cipher, p2, p1); - case EVP_MD_CTRL_GOST_SET_SBOX: - return Gost2814789_set_sbox(&gctx->cipher, p1); - } - return -2; -} - -static const EVP_MD gost2814789imit_md = { - .type = NID_id_Gost28147_89_MAC, - .pkey_type = NID_undef, - .md_size = GOST2814789IMIT_LENGTH, - .flags = 0, - .init = gost2814789_init, - .update = gost2814789_update, - .final = gost2814789_final, - .block_size = GOST2814789IMIT_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(GOST2814789IMIT_CTX), - .md_ctrl = gost2814789_md_ctrl, -}; - -const EVP_MD * -EVP_gost2814789imit(void) -{ - return (&gost2814789imit_md); -} -#endif diff --git a/lib/libcrypto/evp/m_gostr341194.c b/lib/libcrypto/evp/m_gostr341194.c deleted file mode 100644 index 723349a0d8a..00000000000 --- a/lib/libcrypto/evp/m_gostr341194.c +++ /dev/null @@ -1,100 +0,0 @@ -/* $OpenBSD: m_gostr341194.c,v 1.7 2023/07/07 19:37:53 beck Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST - -#include -#include -#include - -#include "evp_local.h" - -static int -gostr341194_init(EVP_MD_CTX *ctx) -{ - return GOSTR341194_Init(ctx->md_data, - NID_id_GostR3411_94_CryptoProParamSet); -} - -static int -gostr341194_update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return GOSTR341194_Update(ctx->md_data, data, count); -} - -static int -gostr341194_final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return GOSTR341194_Final(md, ctx->md_data); -} - -static const EVP_MD gostr341194_md = { - .type = NID_id_GostR3411_94, - .pkey_type = NID_undef, - .md_size = GOSTR341194_LENGTH, - .flags = 0, - .init = gostr341194_init, - .update = gostr341194_update, - .final = gostr341194_final, - .block_size = GOSTR341194_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(GOSTR341194_CTX), -}; - -const EVP_MD * -EVP_gostr341194(void) -{ - return (&gostr341194_md); -} -#endif diff --git a/lib/libcrypto/evp/p_lib.c b/lib/libcrypto/evp/p_lib.c index 558c89d4277..8bf820560cb 100644 --- a/lib/libcrypto/evp/p_lib.c +++ b/lib/libcrypto/evp/p_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_lib.c,v 1.58 2024/01/05 21:22:01 tb Exp $ */ +/* $OpenBSD: p_lib.c,v 1.59 2024/03/02 11:17:27 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -140,10 +140,6 @@ extern const EVP_PKEY_ASN1_METHOD dsa3_asn1_meth; extern const EVP_PKEY_ASN1_METHOD dsa4_asn1_meth; extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD gostr12_256_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD gostr12_512_asn1_meth; extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth; extern const EVP_PKEY_ASN1_METHOD rsa2_asn1_meth; @@ -160,10 +156,6 @@ static const EVP_PKEY_ASN1_METHOD *asn1_methods[] = { &dsa4_asn1_meth, &eckey_asn1_meth, &ed25519_asn1_meth, - &gostimit_asn1_meth, - &gostr01_asn1_meth, - &gostr12_256_asn1_meth, - &gostr12_512_asn1_meth, &hmac_asn1_meth, &rsa_asn1_meth, &rsa2_asn1_meth, diff --git a/lib/libcrypto/evp/pmeth_lib.c b/lib/libcrypto/evp/pmeth_lib.c index a0d57594d8d..a2a9ad9c7bb 100644 --- a/lib/libcrypto/evp/pmeth_lib.c +++ b/lib/libcrypto/evp/pmeth_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmeth_lib.c,v 1.38 2024/03/02 10:04:40 tb Exp $ */ +/* $OpenBSD: pmeth_lib.c,v 1.39 2024/03/02 11:17:27 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -76,8 +76,6 @@ extern const EVP_PKEY_METHOD dh_pkey_meth; extern const EVP_PKEY_METHOD dsa_pkey_meth; extern const EVP_PKEY_METHOD ec_pkey_meth; extern const EVP_PKEY_METHOD ed25519_pkey_meth; -extern const EVP_PKEY_METHOD gostimit_pkey_meth; -extern const EVP_PKEY_METHOD gostr01_pkey_meth; extern const EVP_PKEY_METHOD hkdf_pkey_meth; extern const EVP_PKEY_METHOD hmac_pkey_meth; extern const EVP_PKEY_METHOD rsa_pkey_meth; @@ -90,8 +88,6 @@ static const EVP_PKEY_METHOD *pkey_methods[] = { &dsa_pkey_meth, &ec_pkey_meth, &ed25519_pkey_meth, - &gostimit_pkey_meth, - &gostr01_pkey_meth, &hkdf_pkey_meth, &hmac_pkey_meth, &rsa_pkey_meth, diff --git a/lib/libcrypto/gost/gost.h b/lib/libcrypto/gost/gost.h deleted file mode 100644 index c7d9d25b2bc..00000000000 --- a/lib/libcrypto/gost/gost.h +++ /dev/null @@ -1,262 +0,0 @@ -/* $OpenBSD: gost.h,v 1.4 2022/07/12 14:42:49 kn Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#ifndef HEADER_GOST_H -#define HEADER_GOST_H - -#include - -#ifdef OPENSSL_NO_GOST -#error GOST is disabled. -#endif - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct gost2814789_key_st { - unsigned int key[8]; - unsigned int k87[256],k65[256],k43[256],k21[256]; - unsigned int count; - unsigned key_meshing : 1; -} GOST2814789_KEY; - -int Gost2814789_set_sbox(GOST2814789_KEY *key, int nid); -int Gost2814789_set_key(GOST2814789_KEY *key, - const unsigned char *userKey, const int bits); -void Gost2814789_ecb_encrypt(const unsigned char *in, unsigned char *out, - GOST2814789_KEY *key, const int enc); -void Gost2814789_cfb64_encrypt(const unsigned char *in, unsigned char *out, - size_t length, GOST2814789_KEY *key, - unsigned char *ivec, int *num, const int enc); -void Gost2814789_cnt_encrypt(const unsigned char *in, unsigned char *out, - size_t length, GOST2814789_KEY *key, - unsigned char *ivec, unsigned char *cnt_buf, int *num); - -typedef struct { - ASN1_OCTET_STRING *iv; - ASN1_OBJECT *enc_param_set; -} GOST_CIPHER_PARAMS; - -GOST_CIPHER_PARAMS *GOST_CIPHER_PARAMS_new(void); -void GOST_CIPHER_PARAMS_free(GOST_CIPHER_PARAMS *a); -GOST_CIPHER_PARAMS *d2i_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS **a, const unsigned char **in, long len); -int i2d_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS *a, unsigned char **out); -extern const ASN1_ITEM GOST_CIPHER_PARAMS_it; - -#define GOST2814789IMIT_LENGTH 4 -#define GOST2814789IMIT_CBLOCK 8 -#define GOST2814789IMIT_LONG unsigned int - -typedef struct GOST2814789IMITstate_st { - GOST2814789IMIT_LONG Nl, Nh; - unsigned char data[GOST2814789IMIT_CBLOCK]; - unsigned int num; - - GOST2814789_KEY cipher; - unsigned char mac[GOST2814789IMIT_CBLOCK]; -} GOST2814789IMIT_CTX; - -/* Note, also removed second parameter and removed dctx->cipher setting */ -int GOST2814789IMIT_Init(GOST2814789IMIT_CTX *c, int nid); -int GOST2814789IMIT_Update(GOST2814789IMIT_CTX *c, const void *data, size_t len); -int GOST2814789IMIT_Final(unsigned char *md, GOST2814789IMIT_CTX *c); -void GOST2814789IMIT_Transform(GOST2814789IMIT_CTX *c, const unsigned char *data); -unsigned char *GOST2814789IMIT(const unsigned char *d, size_t n, - unsigned char *md, int nid, - const unsigned char *key, const unsigned char *iv); - -#define GOSTR341194_LONG unsigned int - -#define GOSTR341194_LENGTH 32 -#define GOSTR341194_CBLOCK 32 -#define GOSTR341194_LBLOCK (GOSTR341194_CBLOCK/4) - -typedef struct GOSTR341194state_st { - GOSTR341194_LONG Nl, Nh; - GOSTR341194_LONG data[GOSTR341194_LBLOCK]; - unsigned int num; - - GOST2814789_KEY cipher; - unsigned char H[GOSTR341194_CBLOCK]; - unsigned char S[GOSTR341194_CBLOCK]; -} GOSTR341194_CTX; - -/* Note, also removed second parameter and removed dctx->cipher setting */ -int GOSTR341194_Init(GOSTR341194_CTX *c, int nid); -int GOSTR341194_Update(GOSTR341194_CTX *c, const void *data, size_t len); -int GOSTR341194_Final(unsigned char *md, GOSTR341194_CTX *c); -void GOSTR341194_Transform(GOSTR341194_CTX *c, const unsigned char *data); -unsigned char *GOSTR341194(const unsigned char *d, size_t n,unsigned char *md, int nid); - -#if defined(_LP64) -#define STREEBOG_LONG64 unsigned long -#define U64(C) C##UL -#else -#define STREEBOG_LONG64 unsigned long long -#define U64(C) C##ULL -#endif - -#define STREEBOG_LBLOCK 8 -#define STREEBOG_CBLOCK 64 -#define STREEBOG256_LENGTH 32 -#define STREEBOG512_LENGTH 64 - -typedef struct STREEBOGstate_st { - STREEBOG_LONG64 data[STREEBOG_LBLOCK]; - unsigned int num; - unsigned int md_len; - STREEBOG_LONG64 h[STREEBOG_LBLOCK]; - STREEBOG_LONG64 N[STREEBOG_LBLOCK]; - STREEBOG_LONG64 Sigma[STREEBOG_LBLOCK]; -} STREEBOG_CTX; - -int STREEBOG256_Init(STREEBOG_CTX *c); -int STREEBOG256_Update(STREEBOG_CTX *c, const void *data, size_t len); -int STREEBOG256_Final(unsigned char *md, STREEBOG_CTX *c); -void STREEBOG256_Transform(STREEBOG_CTX *c, const unsigned char *data); -unsigned char *STREEBOG256(const unsigned char *d, size_t n,unsigned char *md); - -int STREEBOG512_Init(STREEBOG_CTX *c); -int STREEBOG512_Update(STREEBOG_CTX *c, const void *data, size_t len); -int STREEBOG512_Final(unsigned char *md, STREEBOG_CTX *c); -void STREEBOG512_Transform(STREEBOG_CTX *c, const unsigned char *data); -unsigned char *STREEBOG512(const unsigned char *d, size_t n,unsigned char *md); - -typedef struct gost_key_st GOST_KEY; -GOST_KEY *GOST_KEY_new(void); -void GOST_KEY_free(GOST_KEY * r); -int GOST_KEY_check_key(const GOST_KEY * eckey); -int GOST_KEY_set_public_key_affine_coordinates(GOST_KEY * key, BIGNUM * x, BIGNUM * y); -const EC_GROUP * GOST_KEY_get0_group(const GOST_KEY * key); -int GOST_KEY_set_group(GOST_KEY * key, const EC_GROUP * group); -int GOST_KEY_get_digest(const GOST_KEY * key); -int GOST_KEY_set_digest(GOST_KEY * key, int digest_nid); -const BIGNUM * GOST_KEY_get0_private_key(const GOST_KEY * key); -int GOST_KEY_set_private_key(GOST_KEY * key, const BIGNUM * priv_key); -const EC_POINT * GOST_KEY_get0_public_key(const GOST_KEY * key); -int GOST_KEY_set_public_key(GOST_KEY * key, const EC_POINT * pub_key); -size_t GOST_KEY_get_size(const GOST_KEY * r); - -/* Gost-specific pmeth control-function parameters */ -/* For GOST R34.10 parameters */ -#define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL+1) -#define EVP_PKEY_CTRL_GOST_SIG_FORMAT (EVP_PKEY_ALG_CTRL+2) -#define EVP_PKEY_CTRL_GOST_SET_DIGEST (EVP_PKEY_ALG_CTRL+3) -#define EVP_PKEY_CTRL_GOST_GET_DIGEST (EVP_PKEY_ALG_CTRL+4) - -#define GOST_SIG_FORMAT_SR_BE 0 -#define GOST_SIG_FORMAT_RS_LE 1 - -void ERR_load_GOST_strings(void); - -/* Error codes for the GOST functions. */ - -/* Function codes. */ -#define GOST_F_DECODE_GOST01_ALGOR_PARAMS 104 -#define GOST_F_ENCODE_GOST01_ALGOR_PARAMS 105 -#define GOST_F_GOST2001_COMPUTE_PUBLIC 106 -#define GOST_F_GOST2001_DO_SIGN 107 -#define GOST_F_GOST2001_DO_VERIFY 108 -#define GOST_F_GOST2001_KEYGEN 109 -#define GOST_F_GOST89_GET_ASN1_PARAMETERS 102 -#define GOST_F_GOST89_SET_ASN1_PARAMETERS 103 -#define GOST_F_GOST_KEY_CHECK_KEY 124 -#define GOST_F_GOST_KEY_NEW 125 -#define GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 126 -#define GOST_F_PARAM_COPY_GOST01 110 -#define GOST_F_PARAM_DECODE_GOST01 111 -#define GOST_F_PKEY_GOST01_CTRL 116 -#define GOST_F_PKEY_GOST01_DECRYPT 112 -#define GOST_F_PKEY_GOST01_DERIVE 113 -#define GOST_F_PKEY_GOST01_ENCRYPT 114 -#define GOST_F_PKEY_GOST01_PARAMGEN 115 -#define GOST_F_PKEY_GOST01_SIGN 123 -#define GOST_F_PKEY_GOST_MAC_CTRL 100 -#define GOST_F_PKEY_GOST_MAC_KEYGEN 101 -#define GOST_F_PRIV_DECODE_GOST01 117 -#define GOST_F_PUB_DECODE_GOST01 118 -#define GOST_F_PUB_ENCODE_GOST01 119 -#define GOST_F_PUB_PRINT_GOST01 120 -#define GOST_F_UNPACK_SIGNATURE_CP 121 -#define GOST_F_UNPACK_SIGNATURE_LE 122 - -/* Reason codes. */ -#define GOST_R_BAD_KEY_PARAMETERS_FORMAT 104 -#define GOST_R_BAD_PKEY_PARAMETERS_FORMAT 105 -#define GOST_R_CANNOT_PACK_EPHEMERAL_KEY 106 -#define GOST_R_CTRL_CALL_FAILED 107 -#define GOST_R_ERROR_COMPUTING_SHARED_KEY 108 -#define GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO 109 -#define GOST_R_INCOMPATIBLE_ALGORITHMS 110 -#define GOST_R_INCOMPATIBLE_PEER_KEY 111 -#define GOST_R_INVALID_DIGEST_TYPE 100 -#define GOST_R_INVALID_IV_LENGTH 103 -#define GOST_R_INVALID_MAC_KEY_LENGTH 101 -#define GOST_R_KEY_IS_NOT_INITIALIZED 112 -#define GOST_R_KEY_PARAMETERS_MISSING 113 -#define GOST_R_MAC_KEY_NOT_SET 102 -#define GOST_R_NO_PARAMETERS_SET 115 -#define GOST_R_NO_PEER_KEY 116 -#define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR 117 -#define GOST_R_PUBLIC_KEY_UNDEFINED 118 -#define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED 120 -#define GOST_R_SIGNATURE_MISMATCH 121 -#define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q 122 -#define GOST_R_UKM_NOT_SET 123 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/lib/libcrypto/gost/gost2814789.c b/lib/libcrypto/gost/gost2814789.c deleted file mode 100644 index dac3a8eab82..00000000000 --- a/lib/libcrypto/gost/gost2814789.c +++ /dev/null @@ -1,480 +0,0 @@ -/* $OpenBSD: gost2814789.c,v 1.9 2023/07/08 14:30:44 beck Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include - -#include "gost_local.h" - -static inline unsigned int -f(const GOST2814789_KEY *c, unsigned int x) -{ - return c->k87[(x>>24) & 255] | c->k65[(x>>16) & 255]| - c->k43[(x>> 8) & 255] | c->k21[(x ) & 255]; -} - -void -Gost2814789_encrypt(const unsigned char *in, unsigned char *out, - const GOST2814789_KEY *key) -{ - unsigned int n1, n2; /* As named in the GOST */ - - c2l(in, n1); - c2l(in, n2); - - /* Instead of swapping halves, swap names each round */ - n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); - n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); - n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); - n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); - - n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); - n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); - n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); - n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); - - n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); - n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); - n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); - n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); - - n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]); - n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]); - n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]); - n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]); - - l2c(n2, out); - l2c(n1, out); -} - -void -Gost2814789_decrypt(const unsigned char *in, unsigned char *out, - const GOST2814789_KEY *key) -{ - unsigned int n1, n2; /* As named in the GOST */ - - c2l(in, n1); - c2l(in, n2); - - /* Instead of swapping halves, swap names each round */ - n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); - n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); - n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); - n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); - - n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]); - n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]); - n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]); - n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]); - - n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]); - n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]); - n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]); - n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]); - - n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]); - n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]); - n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]); - n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]); - - l2c(n2, out); - l2c(n1, out); -} - -static void -Gost2814789_mac(const unsigned char *in, unsigned char *mac, - GOST2814789_KEY *key) -{ - unsigned int n1, n2; /* As named in the GOST */ - unsigned char *p; - int i; - - for (i = 0; i < 8; i++) - mac[i] ^= in[i]; - - p = mac; - c2l(p, n1); - c2l(p, n2); - - /* Instead of swapping halves, swap names each round */ - n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); - n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); - n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); - n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); - - n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); - n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); - n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); - n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); - - p = mac; - l2c(n1, p); - l2c(n2, p); -} - -void -Gost2814789_ecb_encrypt(const unsigned char *in, unsigned char *out, - GOST2814789_KEY *key, const int enc) -{ - if (key->key_meshing && key->count == 1024) { - Gost2814789_cryptopro_key_mesh(key); - key->count = 0; - } - - if (enc) - Gost2814789_encrypt(in, out, key); - else - Gost2814789_decrypt(in, out, key); -} -LCRYPTO_ALIAS(Gost2814789_ecb_encrypt); - -static inline void -Gost2814789_encrypt_mesh(unsigned char *iv, GOST2814789_KEY *key) -{ - if (key->key_meshing && key->count == 1024) { - Gost2814789_cryptopro_key_mesh(key); - Gost2814789_encrypt(iv, iv, key); - key->count = 0; - } - Gost2814789_encrypt(iv, iv, key); - key->count += 8; -} - -static inline void -Gost2814789_mac_mesh(const unsigned char *data, unsigned char *mac, - GOST2814789_KEY *key) -{ - if (key->key_meshing && key->count == 1024) { - Gost2814789_cryptopro_key_mesh(key); - key->count = 0; - } - Gost2814789_mac(data, mac, key); - key->count += 8; -} - -void -Gost2814789_cfb64_encrypt(const unsigned char *in, unsigned char *out, - size_t len, GOST2814789_KEY *key, unsigned char *ivec, int *num, - const int enc) -{ - unsigned int n; - size_t l = 0; - - n = *num; - - if (enc) { -#if !defined(OPENSSL_SMALL_FOOTPRINT) - if (8 % sizeof(size_t) == 0) do { /* always true actually */ - while (n && len) { - *(out++) = ivec[n] ^= *(in++); - --len; - n = (n + 1) % 8; - } -#ifdef __STRICT_ALIGNMENT - if (((size_t)in | (size_t)out | (size_t)ivec) % - sizeof(size_t) != 0) - break; -#endif - while (len >= 8) { - Gost2814789_encrypt_mesh(ivec, key); - for (; n < 8; n += sizeof(size_t)) { - *(size_t*)(out + n) = - *(size_t*)(ivec + n) ^= - *(size_t*)(in + n); - } - len -= 8; - out += 8; - in += 8; - n = 0; - } - if (len) { - Gost2814789_encrypt_mesh(ivec, key); - while (len--) { - out[n] = ivec[n] ^= in[n]; - ++n; - } - } - *num = n; - return; - } while (0); - /* the rest would be commonly eliminated by x86* compiler */ -#endif - while (l= 8) { - Gost2814789_encrypt_mesh(ivec, key); - for (; n < 8; n += sizeof(size_t)) { - size_t t = *(size_t*)(in + n); - *(size_t*)(out + n) = - *(size_t*)(ivec + n) ^ t; - *(size_t*)(ivec + n) = t; - } - len -= 8; - out += 8; - in += 8; - n = 0; - } - if (len) { - Gost2814789_encrypt_mesh(ivec, key); - while (len--) { - unsigned char c; - - out[n] = ivec[n] ^ (c = in[n]); - ivec[n] = c; - ++n; - } - } - *num = n; - return; - } while (0); - /* the rest would be commonly eliminated by x86* compiler */ -#endif - while (l < len) { - unsigned char c; - - if (n == 0) { - Gost2814789_encrypt_mesh(ivec, key); - } - out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c; - ++l; - n = (n + 1) % 8; - } - *num = n; - } -} -LCRYPTO_ALIAS(Gost2814789_cfb64_encrypt); - -static inline void -Gost2814789_cnt_next(unsigned char *ivec, unsigned char *out, - GOST2814789_KEY *key) -{ - unsigned char *p = ivec, *p2 = ivec; - unsigned int val, val2; - - if (key->count == 0) - Gost2814789_encrypt(ivec, ivec, key); - - if (key->key_meshing && key->count == 1024) { - Gost2814789_cryptopro_key_mesh(key); - Gost2814789_encrypt(ivec, ivec, key); - key->count = 0; - } - - c2l(p, val); - val2 = val + 0x01010101; - l2c(val2, p2); - - c2l(p, val); - val2 = val + 0x01010104; - if (val > val2) /* overflow */ - val2++; - l2c(val2, p2); - - Gost2814789_encrypt(ivec, out, key); - key->count += 8; -} - -void -Gost2814789_cnt_encrypt(const unsigned char *in, unsigned char *out, size_t len, - GOST2814789_KEY *key, unsigned char *ivec, unsigned char *cnt_buf, int *num) -{ - unsigned int n; - size_t l = 0; - - n = *num; - -#if !defined(OPENSSL_SMALL_FOOTPRINT) - if (8 % sizeof(size_t) == 0) do { /* always true actually */ - while (n && len) { - *(out++) = *(in++) ^ cnt_buf[n]; - --len; - n = (n + 1) % 8; - } - -#ifdef __STRICT_ALIGNMENT - if (((size_t)in | (size_t)out | (size_t)ivec) % - sizeof(size_t) != 0) - break; -#endif - while (len >= 8) { - Gost2814789_cnt_next(ivec, cnt_buf, key); - for (; n < 8; n += sizeof(size_t)) - *(size_t *)(out + n) = *(size_t *)(in + n) ^ - *(size_t *)(cnt_buf + n); - len -= 8; - out += 8; - in += 8; - n = 0; - } - if (len) { - Gost2814789_cnt_next(ivec, cnt_buf, key); - while (len--) { - out[n] = in[n] ^ cnt_buf[n]; - ++n; - } - } - *num = n; - return; - } while(0); - /* the rest would be commonly eliminated by x86* compiler */ -#endif - while (l < len) { - if (n==0) - Gost2814789_cnt_next(ivec, cnt_buf, key); - out[l] = in[l] ^ cnt_buf[n]; - ++l; - n = (n + 1) % 8; - } - - *num=n; -} -LCRYPTO_ALIAS(Gost2814789_cnt_encrypt); - -int -GOST2814789IMIT_Init(GOST2814789IMIT_CTX *c, int nid) -{ - c->Nl = c->Nh = c->num = 0; - memset(c->mac, 0, 8); - return Gost2814789_set_sbox(&c->cipher, nid); -} -LCRYPTO_ALIAS(GOST2814789IMIT_Init); - -static void -GOST2814789IMIT_block_data_order(GOST2814789IMIT_CTX *ctx, - const unsigned char *p, size_t num) -{ - int i; - - for (i = 0; i < num; i++) { - Gost2814789_mac_mesh(p, ctx->mac, &ctx->cipher); - p += 8; - } -} - -#define DATA_ORDER_IS_LITTLE_ENDIAN - -#define HASH_CBLOCK GOST2814789IMIT_CBLOCK -#define HASH_LONG GOST2814789IMIT_LONG -#define HASH_CTX GOST2814789IMIT_CTX -#define HASH_UPDATE GOST2814789IMIT_Update -#define HASH_TRANSFORM GOST2814789IMIT_Transform -#define HASH_NO_FINAL 1 -#define HASH_BLOCK_DATA_ORDER GOST2814789IMIT_block_data_order - -#include "md32_common.h" -LCRYPTO_ALIAS(GOST2814789IMIT_Update); -LCRYPTO_ALIAS(GOST2814789IMIT_Transform); - -int -GOST2814789IMIT_Final(unsigned char *md, GOST2814789IMIT_CTX *c) -{ - if (c->num) { - memset(c->data + c->num, 0, 8 - c->num); - Gost2814789_mac_mesh(c->data, c->mac, &c->cipher); - } - if (c->Nl <= 8 * 8 && c->Nl > 0 && c->Nh == 0) { - memset(c->data, 0, 8); - Gost2814789_mac_mesh(c->data, c->mac, &c->cipher); - } - memcpy(md, c->mac, 4); - return 1; -} -LCRYPTO_ALIAS(GOST2814789IMIT_Final); - -unsigned char * -GOST2814789IMIT(const unsigned char *d, size_t n, unsigned char *md, int nid, - const unsigned char *key, const unsigned char *iv) -{ - GOST2814789IMIT_CTX c; - static unsigned char m[GOST2814789IMIT_LENGTH]; - - if (md == NULL) - md = m; - GOST2814789IMIT_Init(&c, nid); - memcpy(c.mac, iv, 8); - Gost2814789_set_key(&c.cipher, key, 256); - GOST2814789IMIT_Update(&c, d, n); - GOST2814789IMIT_Final(md, &c); - explicit_bzero(&c, sizeof(c)); - return (md); -} -LCRYPTO_ALIAS(GOST2814789IMIT); - -#endif diff --git a/lib/libcrypto/gost/gost89_keywrap.c b/lib/libcrypto/gost/gost89_keywrap.c deleted file mode 100644 index 9bfc5b4ce8f..00000000000 --- a/lib/libcrypto/gost/gost89_keywrap.c +++ /dev/null @@ -1,138 +0,0 @@ -/* $OpenBSD: gost89_keywrap.c,v 1.4 2022/11/26 16:08:53 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST - -#include - -#include "gost_local.h" - -static void -key_diversify_crypto_pro(GOST2814789_KEY *ctx, const unsigned char *inputKey, - const unsigned char *ukm, unsigned char *outputKey) -{ - unsigned long k, s1, s2; - int i, mask; - unsigned char S[8]; - unsigned char *p; - - memcpy(outputKey, inputKey, 32); - for (i = 0; i < 8; i++) { - /* Make array of integers from key */ - /* Compute IV S */ - s1 = 0, s2 = 0; - p = outputKey; - for (mask = 1; mask < 256; mask <<= 1) { - c2l(p, k); - if (mask & ukm[i]) { - s1 += k; - } else { - s2 += k; - } - } - p = S; - l2c (s1, p); - l2c (s2, p); - Gost2814789_set_key(ctx, outputKey, 256); - mask = 0; - Gost2814789_cfb64_encrypt(outputKey, outputKey, 32, ctx, S, - &mask, 1); - } -} - -int -gost_key_wrap_crypto_pro(int nid, const unsigned char *keyExchangeKey, - const unsigned char *ukm, const unsigned char *sessionKey, - unsigned char *wrappedKey) -{ - GOST2814789_KEY ctx; - unsigned char kek_ukm[32]; - - Gost2814789_set_sbox(&ctx, nid); - key_diversify_crypto_pro(&ctx, keyExchangeKey, ukm, kek_ukm); - Gost2814789_set_key(&ctx, kek_ukm, 256); - memcpy(wrappedKey, ukm, 8); - Gost2814789_encrypt(sessionKey + 0, wrappedKey + 8 + 0, &ctx); - Gost2814789_encrypt(sessionKey + 8, wrappedKey + 8 + 8, &ctx); - Gost2814789_encrypt(sessionKey + 16, wrappedKey + 8 + 16, &ctx); - Gost2814789_encrypt(sessionKey + 24, wrappedKey + 8 + 24, &ctx); - GOST2814789IMIT(sessionKey, 32, wrappedKey + 40, nid, kek_ukm, ukm); - return 1; -} - -int -gost_key_unwrap_crypto_pro(int nid, const unsigned char *keyExchangeKey, - const unsigned char *wrappedKey, unsigned char *sessionKey) -{ - unsigned char kek_ukm[32], cek_mac[4]; - GOST2814789_KEY ctx; - - Gost2814789_set_sbox(&ctx, nid); - /* First 8 bytes of wrapped Key is ukm */ - key_diversify_crypto_pro(&ctx, keyExchangeKey, wrappedKey, kek_ukm); - Gost2814789_set_key(&ctx, kek_ukm, 256); - Gost2814789_decrypt(wrappedKey + 8 + 0, sessionKey + 0, &ctx); - Gost2814789_decrypt(wrappedKey + 8 + 8, sessionKey + 8, &ctx); - Gost2814789_decrypt(wrappedKey + 8 + 16, sessionKey + 16, &ctx); - Gost2814789_decrypt(wrappedKey + 8 + 24, sessionKey + 24, &ctx); - - GOST2814789IMIT(sessionKey, 32, cek_mac, nid, kek_ukm, wrappedKey); - if (memcmp(cek_mac, wrappedKey + 40, 4)) - return 0; - - return 1; -} - -#endif diff --git a/lib/libcrypto/gost/gost89_params.c b/lib/libcrypto/gost/gost89_params.c deleted file mode 100644 index ef9c9cde6b0..00000000000 --- a/lib/libcrypto/gost/gost89_params.c +++ /dev/null @@ -1,246 +0,0 @@ -/* $OpenBSD: gost89_params.c,v 1.4 2023/07/08 14:30:44 beck Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include - -#include "gost_local.h" - -/* Substitution blocks from test examples for GOST R 34.11-94*/ -static const gost_subst_block GostR3411_94_TestParamSet = { - {0x1,0xF,0xD,0x0,0x5,0x7,0xA,0x4,0x9,0x2,0x3,0xE,0x6,0xB,0x8,0xC}, - {0xD,0xB,0x4,0x1,0x3,0xF,0x5,0x9,0x0,0xA,0xE,0x7,0x6,0x8,0x2,0xC}, - {0x4,0xB,0xA,0x0,0x7,0x2,0x1,0xD,0x3,0x6,0x8,0x5,0x9,0xC,0xF,0xE}, - {0x6,0xC,0x7,0x1,0x5,0xF,0xD,0x8,0x4,0xA,0x9,0xE,0x0,0x3,0xB,0x2}, - {0x7,0xD,0xA,0x1,0x0,0x8,0x9,0xF,0xE,0x4,0x6,0xC,0xB,0x2,0x5,0x3}, - {0x5,0x8,0x1,0xD,0xA,0x3,0x4,0x2,0xE,0xF,0xC,0x7,0x6,0x0,0x9,0xB}, - {0xE,0xB,0x4,0xC,0x6,0xD,0xF,0xA,0x2,0x3,0x8,0x1,0x0,0x7,0x5,0x9}, - {0x4,0xA,0x9,0x2,0xD,0x8,0x0,0xE,0x6,0xB,0x1,0xC,0x7,0xF,0x5,0x3} -}; - -/* Substitution blocks for hash function 1.2.643.2.9.1.6.1 */ -static const gost_subst_block GostR3411_94_CryptoProParamSet = { - {0x1,0x3,0xA,0x9,0x5,0xB,0x4,0xF,0x8,0x6,0x7,0xE,0xD,0x0,0x2,0xC}, - {0xD,0xE,0x4,0x1,0x7,0x0,0x5,0xA,0x3,0xC,0x8,0xF,0x6,0x2,0x9,0xB}, - {0x7,0x6,0x2,0x4,0xD,0x9,0xF,0x0,0xA,0x1,0x5,0xB,0x8,0xE,0xC,0x3}, - {0x7,0x6,0x4,0xB,0x9,0xC,0x2,0xA,0x1,0x8,0x0,0xE,0xF,0xD,0x3,0x5}, - {0x4,0xA,0x7,0xC,0x0,0xF,0x2,0x8,0xE,0x1,0x6,0x5,0xD,0xB,0x9,0x3}, - {0x7,0xF,0xC,0xE,0x9,0x4,0x1,0x0,0x3,0xB,0x5,0x2,0x6,0xA,0x8,0xD}, - {0x5,0xF,0x4,0x0,0x2,0xD,0xB,0x9,0x1,0x7,0x6,0x3,0xC,0xE,0xA,0x8}, - {0xA,0x4,0x5,0x6,0x8,0x1,0x3,0x7,0xD,0xC,0xE,0x0,0x9,0x2,0xB,0xF} -}; - -/* Test paramset from GOST 28147 */ -gost_subst_block Gost28147_TestParamSet = { - {0xC,0x6,0x5,0x2,0xB,0x0,0x9,0xD,0x3,0xE,0x7,0xA,0xF,0x4,0x1,0x8}, - {0x9,0xB,0xC,0x0,0x3,0x6,0x7,0x5,0x4,0x8,0xE,0xF,0x1,0xA,0x2,0xD}, - {0x8,0xF,0x6,0xB,0x1,0x9,0xC,0x5,0xD,0x3,0x7,0xA,0x0,0xE,0x2,0x4}, - {0x3,0xE,0x5,0x9,0x6,0x8,0x0,0xD,0xA,0xB,0x7,0xC,0x2,0x1,0xF,0x4}, - {0xE,0x9,0xB,0x2,0x5,0xF,0x7,0x1,0x0,0xD,0xC,0x6,0xA,0x4,0x3,0x8}, - {0xD,0x8,0xE,0xC,0x7,0x3,0x9,0xA,0x1,0x5,0x2,0x4,0x6,0xF,0x0,0xB}, - {0xC,0x9,0xF,0xE,0x8,0x1,0x3,0xA,0x2,0x7,0x4,0xD,0x6,0x0,0xB,0x5}, - {0x4,0x2,0xF,0x5,0x9,0x1,0x0,0x8,0xE,0x3,0xB,0xC,0xD,0x7,0xA,0x6} -}; - - -/* 1.2.643.2.2.31.1 */ -static const gost_subst_block Gost28147_CryptoProParamSetA = { - {0xB,0xA,0xF,0x5,0x0,0xC,0xE,0x8,0x6,0x2,0x3,0x9,0x1,0x7,0xD,0x4}, - {0x1,0xD,0x2,0x9,0x7,0xA,0x6,0x0,0x8,0xC,0x4,0x5,0xF,0x3,0xB,0xE}, - {0x3,0xA,0xD,0xC,0x1,0x2,0x0,0xB,0x7,0x5,0x9,0x4,0x8,0xF,0xE,0x6}, - {0xB,0x5,0x1,0x9,0x8,0xD,0xF,0x0,0xE,0x4,0x2,0x3,0xC,0x7,0xA,0x6}, - {0xE,0x7,0xA,0xC,0xD,0x1,0x3,0x9,0x0,0x2,0xB,0x4,0xF,0x8,0x5,0x6}, - {0xE,0x4,0x6,0x2,0xB,0x3,0xD,0x8,0xC,0xF,0x5,0xA,0x0,0x7,0x1,0x9}, - {0x3,0x7,0xE,0x9,0x8,0xA,0xF,0x0,0x5,0x2,0x6,0xC,0xB,0x4,0xD,0x1}, - {0x9,0x6,0x3,0x2,0x8,0xB,0x1,0x7,0xA,0x4,0xE,0xF,0xC,0x0,0xD,0x5} -}; - -/* 1.2.643.2.2.31.2 */ -static const gost_subst_block Gost28147_CryptoProParamSetB = { - {0x0,0x4,0xB,0xE,0x8,0x3,0x7,0x1,0xA,0x2,0x9,0x6,0xF,0xD,0x5,0xC}, - {0x5,0x2,0xA,0xB,0x9,0x1,0xC,0x3,0x7,0x4,0xD,0x0,0x6,0xF,0x8,0xE}, - {0x8,0x3,0x2,0x6,0x4,0xD,0xE,0xB,0xC,0x1,0x7,0xF,0xA,0x0,0x9,0x5}, - {0x2,0x7,0xC,0xF,0x9,0x5,0xA,0xB,0x1,0x4,0x0,0xD,0x6,0x8,0xE,0x3}, - {0x7,0x5,0x0,0xD,0xB,0x6,0x1,0x2,0x3,0xA,0xC,0xF,0x4,0xE,0x9,0x8}, - {0xE,0xC,0x0,0xA,0x9,0x2,0xD,0xB,0x7,0x5,0x8,0xF,0x3,0x6,0x1,0x4}, - {0x0,0x1,0x2,0xA,0x4,0xD,0x5,0xC,0x9,0x7,0x3,0xF,0xB,0x8,0x6,0xE}, - {0x8,0x4,0xB,0x1,0x3,0x5,0x0,0x9,0x2,0xE,0xA,0xC,0xD,0x6,0x7,0xF} -}; - -/* 1.2.643.2.2.31.3 */ -static const gost_subst_block Gost28147_CryptoProParamSetC = { - {0x7,0x4,0x0,0x5,0xA,0x2,0xF,0xE,0xC,0x6,0x1,0xB,0xD,0x9,0x3,0x8}, - {0xA,0x9,0x6,0x8,0xD,0xE,0x2,0x0,0xF,0x3,0x5,0xB,0x4,0x1,0xC,0x7}, - {0xC,0x9,0xB,0x1,0x8,0xE,0x2,0x4,0x7,0x3,0x6,0x5,0xA,0x0,0xF,0xD}, - {0x8,0xD,0xB,0x0,0x4,0x5,0x1,0x2,0x9,0x3,0xC,0xE,0x6,0xF,0xA,0x7}, - {0x3,0x6,0x0,0x1,0x5,0xD,0xA,0x8,0xB,0x2,0x9,0x7,0xE,0xF,0xC,0x4}, - {0x8,0x2,0x5,0x0,0x4,0x9,0xF,0xA,0x3,0x7,0xC,0xD,0x6,0xE,0x1,0xB}, - {0x0,0x1,0x7,0xD,0xB,0x4,0x5,0x2,0x8,0xE,0xF,0xC,0x9,0xA,0x6,0x3}, - {0x1,0xB,0xC,0x2,0x9,0xD,0x0,0xF,0x4,0x5,0x8,0xE,0xA,0x7,0x6,0x3} -}; - -/* 1.2.643.2.2.31.4 */ -static const gost_subst_block Gost28147_CryptoProParamSetD = { - {0x1,0xA,0x6,0x8,0xF,0xB,0x0,0x4,0xC,0x3,0x5,0x9,0x7,0xD,0x2,0xE}, - {0x3,0x0,0x6,0xF,0x1,0xE,0x9,0x2,0xD,0x8,0xC,0x4,0xB,0xA,0x5,0x7}, - {0x8,0x0,0xF,0x3,0x2,0x5,0xE,0xB,0x1,0xA,0x4,0x7,0xC,0x9,0xD,0x6}, - {0x0,0xC,0x8,0x9,0xD,0x2,0xA,0xB,0x7,0x3,0x6,0x5,0x4,0xE,0xF,0x1}, - {0x1,0x5,0xE,0xC,0xA,0x7,0x0,0xD,0x6,0x2,0xB,0x4,0x9,0x3,0xF,0x8}, - {0x1,0xC,0xB,0x0,0xF,0xE,0x6,0x5,0xA,0xD,0x4,0x8,0x9,0x3,0x7,0x2}, - {0xB,0x6,0x3,0x4,0xC,0xF,0xE,0x2,0x7,0xD,0x8,0x0,0x5,0xA,0x9,0x1}, - {0xF,0xC,0x2,0xA,0x6,0x4,0x5,0x0,0x7,0x9,0xE,0xD,0x1,0xB,0x8,0x3} -}; - -static const gost_subst_block Gost28147_TC26ParamSetZ = { - {0x1,0x7,0xe,0xd,0x0,0x5,0x8,0x3,0x4,0xf,0xa,0x6,0x9,0xc,0xb,0x2}, - {0x8,0xe,0x2,0x5,0x6,0x9,0x1,0xc,0xf,0x4,0xb,0x0,0xd,0xa,0x3,0x7}, - {0x5,0xd,0xf,0x6,0x9,0x2,0xc,0xa,0xb,0x7,0x8,0x1,0x4,0x3,0xe,0x0}, - {0x7,0xf,0x5,0xa,0x8,0x1,0x6,0xd,0x0,0x9,0x3,0xe,0xb,0x4,0x2,0xc}, - {0xc,0x8,0x2,0x1,0xd,0x4,0xf,0x6,0x7,0x0,0xa,0x5,0x3,0xe,0x9,0xb}, - {0xb,0x3,0x5,0x8,0x2,0xf,0xa,0xd,0xe,0x1,0x7,0x4,0xc,0x9,0x6,0x0}, - {0x6,0x8,0x2,0x3,0x9,0xa,0x5,0xc,0x1,0xe,0x4,0x7,0xb,0xd,0x0,0xf}, - {0xc,0x4,0x6,0x2,0xa,0x5,0xb,0x9,0xe,0x8,0xd,0x7,0x0,0x3,0xf,0x1} -}; - -static const unsigned char CryptoProKeyMeshingKey[] = { - 0x69, 0x00, 0x72, 0x22, 0x64, 0xC9, 0x04, 0x23, - 0x8D, 0x3A, 0xDB, 0x96, 0x46, 0xE9, 0x2A, 0xC4, - 0x18, 0xFE, 0xAC, 0x94, 0x00, 0xED, 0x07, 0x12, - 0xC0, 0x86, 0xDC, 0xC2, 0xEF, 0x4C, 0xA9, 0x2B -}; - -static const struct gost89_parameters_info { - int nid; - const gost_subst_block *sblock; - int key_meshing; -} gost_cipher_list[] = -{ - {NID_id_Gost28147_89_CryptoPro_A_ParamSet,&Gost28147_CryptoProParamSetA,1}, - {NID_id_Gost28147_89_CryptoPro_B_ParamSet,&Gost28147_CryptoProParamSetB,1}, - {NID_id_Gost28147_89_CryptoPro_C_ParamSet,&Gost28147_CryptoProParamSetC,1}, - {NID_id_Gost28147_89_CryptoPro_D_ParamSet,&Gost28147_CryptoProParamSetD,1}, - {NID_id_tc26_gost_28147_param_Z,&Gost28147_TC26ParamSetZ,1}, - {NID_id_Gost28147_89_TestParamSet,&Gost28147_TestParamSet,0}, - {NID_id_GostR3411_94_TestParamSet,&GostR3411_94_TestParamSet,0}, - {NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0}, - {NID_undef,NULL,0} -}; - -int -Gost2814789_set_sbox(GOST2814789_KEY *key, int nid) -{ - int i; - const gost_subst_block *b = NULL; - unsigned int t; - - for (i = 0; gost_cipher_list[i].nid != NID_undef; i++) { - if (gost_cipher_list[i].nid != nid) - continue; - - b = gost_cipher_list[i].sblock; - key->key_meshing = gost_cipher_list[i].key_meshing; - break; - } - - if (b == NULL) - return 0; - - for (i = 0; i < 256; i++) { - t = (unsigned int)(b->k8[i >> 4] <<4 | b->k7 [i & 15]) << 24; - key->k87[i] = (t << 11) | (t >> 21); - t = (unsigned int)(b->k6[i >> 4] <<4 | b->k5 [i & 15]) << 16; - key->k65[i] = (t << 11) | (t >> 21); - t = (unsigned int)(b->k4[i >> 4] <<4 | b->k3 [i & 15]) << 8; - key->k43[i] = (t << 11) | (t >> 21); - t = (unsigned int)(b->k2[i >> 4] <<4 | b->k1 [i & 15]) << 0; - key->k21[i] = (t << 11) | (t >> 21); - } - - return 1; -} -LCRYPTO_ALIAS(Gost2814789_set_sbox); - -int -Gost2814789_set_key(GOST2814789_KEY *key, const unsigned char *userKey, - const int bits) -{ - int i; - - if (bits != 256) - return 0; - - for (i = 0; i < 8; i++) - c2l(userKey, key->key[i]); - - key->count = 0; - - return 1; -} -LCRYPTO_ALIAS(Gost2814789_set_key); - -void -Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key) -{ - unsigned char newkey[32]; - - Gost2814789_decrypt(CryptoProKeyMeshingKey + 0, newkey + 0, key); - Gost2814789_decrypt(CryptoProKeyMeshingKey + 8, newkey + 8, key); - Gost2814789_decrypt(CryptoProKeyMeshingKey + 16, newkey + 16, key); - Gost2814789_decrypt(CryptoProKeyMeshingKey + 24, newkey + 24, key); - - Gost2814789_set_key(key, newkey, 256); -} -#endif diff --git a/lib/libcrypto/gost/gost89imit_ameth.c b/lib/libcrypto/gost/gost89imit_ameth.c deleted file mode 100644 index 76e285b2d8d..00000000000 --- a/lib/libcrypto/gost/gost89imit_ameth.c +++ /dev/null @@ -1,89 +0,0 @@ -/* $OpenBSD: gost89imit_ameth.c,v 1.5 2024/01/04 17:01:26 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#ifndef OPENSSL_NO_GOST -#include - -#include "asn1_local.h" -#include "evp_local.h" - -static void -mackey_free_gost(EVP_PKEY *pk) -{ - free(pk->pkey.ptr); -} - -static int -mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2) -{ - switch (op) { - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_id_Gost28147_89_MAC; - return 2; - } - return -2; -} - -const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth = { - .base_method = &gostimit_asn1_meth, - .pkey_id = EVP_PKEY_GOSTIMIT, - .pkey_flags = ASN1_PKEY_SIGPARAM_NULL, - - .pem_str = "GOST-MAC", - .info = "GOST 28147-89 MAC", - - .pkey_free = mackey_free_gost, - .pkey_ctrl = mac_ctrl_gost, -}; - -#endif diff --git a/lib/libcrypto/gost/gost89imit_pmeth.c b/lib/libcrypto/gost/gost89imit_pmeth.c deleted file mode 100644 index 3caa58ac863..00000000000 --- a/lib/libcrypto/gost/gost89imit_pmeth.c +++ /dev/null @@ -1,255 +0,0 @@ -/* $OpenBSD: gost89imit_pmeth.c,v 1.6 2023/12/28 21:47:17 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include -#include /* For string_to_hex */ - -#include "evp_local.h" -#include "gost_local.h" - -struct gost_mac_pmeth_data { - EVP_MD *md; - unsigned char key[32]; - unsigned key_set :1; -}; - -static int -pkey_gost_mac_init(EVP_PKEY_CTX *ctx) -{ - struct gost_mac_pmeth_data *data; - - data = calloc(1, sizeof(struct gost_mac_pmeth_data)); - if (data == NULL) - return 0; - EVP_PKEY_CTX_set_data(ctx, data); - return 1; -} - -static void -pkey_gost_mac_cleanup(EVP_PKEY_CTX *ctx) -{ - struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); - free(data); -} - -static int -pkey_gost_mac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) -{ - struct gost_mac_pmeth_data *dst_data, *src_data; - - if (pkey_gost_mac_init(dst) == 0) - return 0; - - src_data = EVP_PKEY_CTX_get_data(src); - dst_data = EVP_PKEY_CTX_get_data(dst); - - *dst_data = *src_data; - - return 1; -} - -static int -pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); - unsigned char *keydata = NULL; - int ret = 0; - - if (!data->key_set) { - GOSTerror(GOST_R_MAC_KEY_NOT_SET); - goto err; - } - - if ((keydata = malloc(32)) == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - goto err; - } - memcpy(keydata, data->key, 32); - if (!EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata)) - goto err; - keydata = NULL; - - ret = 1; - - err: - freezero(keydata, 32); - - return ret; -} - -static int -pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -{ - struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); - - switch (type) { - case EVP_PKEY_CTRL_MD: - if (EVP_MD_type(p2) != NID_id_Gost28147_89_MAC) { - GOSTerror(GOST_R_INVALID_DIGEST_TYPE); - return 0; - } - data->md = p2; - return 1; - - case EVP_PKEY_CTRL_SET_MAC_KEY: - if (p1 != 32) { - GOSTerror(GOST_R_INVALID_MAC_KEY_LENGTH); - return 0; - } - - memcpy(data->key, p2, 32); - data->key_set = 1; - return 1; - - case EVP_PKEY_CTRL_DIGESTINIT: - { - EVP_MD_CTX *mctx = p2; - void *key; - - if (!data->key_set) { - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); - if (pkey == NULL) { - GOSTerror(GOST_R_MAC_KEY_NOT_SET); - return 0; - } - key = EVP_PKEY_get0(pkey); - if (key == NULL) { - GOSTerror(GOST_R_MAC_KEY_NOT_SET); - return 0; - } - } else { - key = &(data->key); - } - if (mctx->digest->md_ctrl == NULL) - return 0; - return mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY, 32 * 8, - key); - } - - } - - return -2; -} - -static int -pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) -{ - if (value == NULL) - return 0; - if (strcmp(type, "key") == 0) { - void *p = (void *)value; - return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, - strlen(value), p); - } - if (strcmp(type, "hexkey") == 0) { - unsigned char *key; - int r; - long keylen; - - key = string_to_hex(value, &keylen); - if (key == NULL) - return 0; - r = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, - key); - free(key); - return r; - } - return -2; -} - -static int -pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) -{ - return 1; -} - -static int -pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx) -{ - /* for platforms where sizeof(int) != sizeof(size_t)*/ - unsigned int tmpsiglen = *siglen; - int ret; - - if (sig == NULL) { - *siglen = 4; - return 1; - } - - ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen); - *siglen = tmpsiglen; - return ret; -} - -const EVP_PKEY_METHOD gostimit_pkey_meth = { - .pkey_id = EVP_PKEY_GOSTIMIT, - - .init = pkey_gost_mac_init, - .cleanup = pkey_gost_mac_cleanup, - .copy = pkey_gost_mac_copy, - - .keygen = pkey_gost_mac_keygen, - - .signctx_init = pkey_gost_mac_signctx_init, - .signctx = pkey_gost_mac_signctx, - - .ctrl = pkey_gost_mac_ctrl, - .ctrl_str = pkey_gost_mac_ctrl_str, -}; - -#endif diff --git a/lib/libcrypto/gost/gost_asn1.c b/lib/libcrypto/gost/gost_asn1.c deleted file mode 100644 index 28e3a58e53c..00000000000 --- a/lib/libcrypto/gost/gost_asn1.c +++ /dev/null @@ -1,299 +0,0 @@ -/********************************************************************** - * gost_keytrans.c * - * Copyright (c) 2005-2006 Cryptocom LTD * - * This file is distributed under the same license as OpenSSL * - * * - * ASN1 structure definition for GOST key transport * - * Requires OpenSSL 0.9.9 for compilation * - **********************************************************************/ - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include - -#include "gost_local.h" -#include "gost_asn1.h" - -static const ASN1_TEMPLATE GOST_KEY_TRANSPORT_seq_tt[] = { - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_KEY_TRANSPORT, key_info), - .field_name = "key_info", - .item = &GOST_KEY_INFO_it, - }, - { - .flags = ASN1_TFLG_IMPLICIT, - .tag = 0, - .offset = offsetof(GOST_KEY_TRANSPORT, key_agreement_info), - .field_name = "key_agreement_info", - .item = &GOST_KEY_AGREEMENT_INFO_it, - }, -}; - -const ASN1_ITEM GOST_KEY_TRANSPORT_it = { - .itype = ASN1_ITYPE_NDEF_SEQUENCE, - .utype = V_ASN1_SEQUENCE, - .templates = GOST_KEY_TRANSPORT_seq_tt, - .tcount = sizeof(GOST_KEY_TRANSPORT_seq_tt) / sizeof(ASN1_TEMPLATE), - .funcs = NULL, - .size = sizeof(GOST_KEY_TRANSPORT), - .sname = "GOST_KEY_TRANSPORT", -}; - -GOST_KEY_TRANSPORT * -d2i_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT **a, const unsigned char **in, long len) -{ - return (GOST_KEY_TRANSPORT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &GOST_KEY_TRANSPORT_it); -} - -int -i2d_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_TRANSPORT_it); -} - -GOST_KEY_TRANSPORT * -GOST_KEY_TRANSPORT_new(void) -{ - return (GOST_KEY_TRANSPORT *)ASN1_item_new(&GOST_KEY_TRANSPORT_it); -} - -void -GOST_KEY_TRANSPORT_free(GOST_KEY_TRANSPORT *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_TRANSPORT_it); -} - -static const ASN1_TEMPLATE GOST_KEY_INFO_seq_tt[] = { - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_KEY_INFO, encrypted_key), - .field_name = "encrypted_key", - .item = &ASN1_OCTET_STRING_it, - }, - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_KEY_INFO, imit), - .field_name = "imit", - .item = &ASN1_OCTET_STRING_it, - }, -}; - -const ASN1_ITEM GOST_KEY_INFO_it = { - .itype = ASN1_ITYPE_NDEF_SEQUENCE, - .utype = V_ASN1_SEQUENCE, - .templates = GOST_KEY_INFO_seq_tt, - .tcount = sizeof(GOST_KEY_INFO_seq_tt) / sizeof(ASN1_TEMPLATE), - .funcs = NULL, - .size = sizeof(GOST_KEY_INFO), - .sname = "GOST_KEY_INFO", -}; - -GOST_KEY_INFO * -d2i_GOST_KEY_INFO(GOST_KEY_INFO **a, const unsigned char **in, long len) -{ - return (GOST_KEY_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &GOST_KEY_INFO_it); -} - -int -i2d_GOST_KEY_INFO(GOST_KEY_INFO *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_INFO_it); -} - -GOST_KEY_INFO * -GOST_KEY_INFO_new(void) -{ - return (GOST_KEY_INFO *)ASN1_item_new(&GOST_KEY_INFO_it); -} - -void -GOST_KEY_INFO_free(GOST_KEY_INFO *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_INFO_it); -} - -static const ASN1_TEMPLATE GOST_KEY_AGREEMENT_INFO_seq_tt[] = { - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_KEY_AGREEMENT_INFO, cipher), - .field_name = "cipher", - .item = &ASN1_OBJECT_it, - }, - { - .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, - .tag = 0, - .offset = offsetof(GOST_KEY_AGREEMENT_INFO, ephem_key), - .field_name = "ephem_key", - .item = &X509_PUBKEY_it, - }, - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_KEY_AGREEMENT_INFO, eph_iv), - .field_name = "eph_iv", - .item = &ASN1_OCTET_STRING_it, - }, -}; - -const ASN1_ITEM GOST_KEY_AGREEMENT_INFO_it = { - .itype = ASN1_ITYPE_NDEF_SEQUENCE, - .utype = V_ASN1_SEQUENCE, - .templates = GOST_KEY_AGREEMENT_INFO_seq_tt, - .tcount = sizeof(GOST_KEY_AGREEMENT_INFO_seq_tt) / sizeof(ASN1_TEMPLATE), - .funcs = NULL, - .size = sizeof(GOST_KEY_AGREEMENT_INFO), - .sname = "GOST_KEY_AGREEMENT_INFO", -}; - -GOST_KEY_AGREEMENT_INFO * -d2i_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO **a, const unsigned char **in, long len) -{ - return (GOST_KEY_AGREEMENT_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &GOST_KEY_AGREEMENT_INFO_it); -} - -int -i2d_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_AGREEMENT_INFO_it); -} - -GOST_KEY_AGREEMENT_INFO * -GOST_KEY_AGREEMENT_INFO_new(void) -{ - return (GOST_KEY_AGREEMENT_INFO *)ASN1_item_new(&GOST_KEY_AGREEMENT_INFO_it); -} - -void -GOST_KEY_AGREEMENT_INFO_free(GOST_KEY_AGREEMENT_INFO *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_AGREEMENT_INFO_it); -} - - -static const ASN1_TEMPLATE GOST_KEY_PARAMS_seq_tt[] = { - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_KEY_PARAMS, key_params), - .field_name = "key_params", - .item = &ASN1_OBJECT_it, - }, - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_KEY_PARAMS, hash_params), - .field_name = "hash_params", - .item = &ASN1_OBJECT_it, - }, - { - .flags = ASN1_TFLG_OPTIONAL, - .tag = 0, - .offset = offsetof(GOST_KEY_PARAMS, cipher_params), - .field_name = "cipher_params", - .item = &ASN1_OBJECT_it, - }, -}; - -const ASN1_ITEM GOST_KEY_PARAMS_it = { - .itype = ASN1_ITYPE_NDEF_SEQUENCE, - .utype = V_ASN1_SEQUENCE, - .templates = GOST_KEY_PARAMS_seq_tt, - .tcount = sizeof(GOST_KEY_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE), - .funcs = NULL, - .size = sizeof(GOST_KEY_PARAMS), - .sname = "GOST_KEY_PARAMS", -}; - -GOST_KEY_PARAMS * -d2i_GOST_KEY_PARAMS(GOST_KEY_PARAMS **a, const unsigned char **in, long len) -{ - return (GOST_KEY_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &GOST_KEY_PARAMS_it); -} - -int -i2d_GOST_KEY_PARAMS(GOST_KEY_PARAMS *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_PARAMS_it); -} - -GOST_KEY_PARAMS * -GOST_KEY_PARAMS_new(void) -{ - return (GOST_KEY_PARAMS *)ASN1_item_new(&GOST_KEY_PARAMS_it); -} - -void -GOST_KEY_PARAMS_free(GOST_KEY_PARAMS *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_PARAMS_it); -} - -static const ASN1_TEMPLATE GOST_CIPHER_PARAMS_seq_tt[] = { - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_CIPHER_PARAMS, iv), - .field_name = "iv", - .item = &ASN1_OCTET_STRING_it, - }, - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_CIPHER_PARAMS, enc_param_set), - .field_name = "enc_param_set", - .item = &ASN1_OBJECT_it, - }, -}; - -const ASN1_ITEM GOST_CIPHER_PARAMS_it = { - .itype = ASN1_ITYPE_NDEF_SEQUENCE, - .utype = V_ASN1_SEQUENCE, - .templates = GOST_CIPHER_PARAMS_seq_tt, - .tcount = sizeof(GOST_CIPHER_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE), - .funcs = NULL, - .size = sizeof(GOST_CIPHER_PARAMS), - .sname = "GOST_CIPHER_PARAMS", -}; - -GOST_CIPHER_PARAMS * -d2i_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS **a, const unsigned char **in, long len) -{ - return (GOST_CIPHER_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &GOST_CIPHER_PARAMS_it); -} -LCRYPTO_ALIAS(d2i_GOST_CIPHER_PARAMS); - -int -i2d_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_CIPHER_PARAMS_it); -} -LCRYPTO_ALIAS(i2d_GOST_CIPHER_PARAMS); - -GOST_CIPHER_PARAMS * -GOST_CIPHER_PARAMS_new(void) -{ - return (GOST_CIPHER_PARAMS *)ASN1_item_new(&GOST_CIPHER_PARAMS_it); -} -LCRYPTO_ALIAS(GOST_CIPHER_PARAMS_new); - -void -GOST_CIPHER_PARAMS_free(GOST_CIPHER_PARAMS *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &GOST_CIPHER_PARAMS_it); -} -LCRYPTO_ALIAS(GOST_CIPHER_PARAMS_free); - -#endif diff --git a/lib/libcrypto/gost/gost_asn1.h b/lib/libcrypto/gost/gost_asn1.h deleted file mode 100644 index 7cabfc79c96..00000000000 --- a/lib/libcrypto/gost/gost_asn1.h +++ /dev/null @@ -1,107 +0,0 @@ -/* $OpenBSD: gost_asn1.h,v 1.3 2016/12/21 15:49:29 jsing Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#ifndef HEADER_GOST_ASN1_H -#define HEADER_GOST_ASN1_H - -#include - -__BEGIN_HIDDEN_DECLS - -typedef struct { - ASN1_OCTET_STRING *encrypted_key; - ASN1_OCTET_STRING *imit; -} GOST_KEY_INFO; - -GOST_KEY_INFO *GOST_KEY_INFO_new(void); -void GOST_KEY_INFO_free(GOST_KEY_INFO *a); -GOST_KEY_INFO *d2i_GOST_KEY_INFO(GOST_KEY_INFO **a, const unsigned char **in, long len); -int i2d_GOST_KEY_INFO(GOST_KEY_INFO *a, unsigned char **out); -extern const ASN1_ITEM GOST_KEY_INFO_it; - -typedef struct { - ASN1_OBJECT *cipher; - X509_PUBKEY *ephem_key; - ASN1_OCTET_STRING *eph_iv; -} GOST_KEY_AGREEMENT_INFO; - -GOST_KEY_AGREEMENT_INFO *GOST_KEY_AGREEMENT_INFO_new(void); -void GOST_KEY_AGREEMENT_INFO_free(GOST_KEY_AGREEMENT_INFO *a); -GOST_KEY_AGREEMENT_INFO *d2i_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO **a, const unsigned char **in, long len); -int i2d_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO *a, unsigned char **out); -extern const ASN1_ITEM GOST_KEY_AGREEMENT_INFO_it; - -typedef struct { - GOST_KEY_INFO *key_info; - GOST_KEY_AGREEMENT_INFO *key_agreement_info; -} GOST_KEY_TRANSPORT; - -GOST_KEY_TRANSPORT *GOST_KEY_TRANSPORT_new(void); -void GOST_KEY_TRANSPORT_free(GOST_KEY_TRANSPORT *a); -GOST_KEY_TRANSPORT *d2i_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT **a, const unsigned char **in, long len); -int i2d_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT *a, unsigned char **out); -extern const ASN1_ITEM GOST_KEY_TRANSPORT_it; - -typedef struct { - ASN1_OBJECT *key_params; - ASN1_OBJECT *hash_params; - ASN1_OBJECT *cipher_params; -} GOST_KEY_PARAMS; - -GOST_KEY_PARAMS *GOST_KEY_PARAMS_new(void); -void GOST_KEY_PARAMS_free(GOST_KEY_PARAMS *a); -GOST_KEY_PARAMS *d2i_GOST_KEY_PARAMS(GOST_KEY_PARAMS **a, const unsigned char **in, long len); -int i2d_GOST_KEY_PARAMS(GOST_KEY_PARAMS *a, unsigned char **out); -extern const ASN1_ITEM GOST_KEY_PARAMS_it; - -__END_HIDDEN_DECLS - -#endif diff --git a/lib/libcrypto/gost/gost_err.c b/lib/libcrypto/gost/gost_err.c deleted file mode 100644 index 380f60289e1..00000000000 --- a/lib/libcrypto/gost/gost_err.c +++ /dev/null @@ -1,106 +0,0 @@ -/* crypto/gost/gost_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include - -#ifndef OPENSSL_NO_ERR - -#define ERR_FUNC(func) ERR_PACK(ERR_LIB_GOST,func,0) -#define ERR_REASON(reason) ERR_PACK(ERR_LIB_GOST,0,reason) - -static ERR_STRING_DATA GOST_str_functs[]= { - {ERR_FUNC(0xfff), "CRYPTO_internal"}, - {0, NULL} -}; - -static ERR_STRING_DATA GOST_str_reasons[] = { - {ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT),"bad key parameters format"}, - {ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"}, - {ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"}, - {ERR_REASON(GOST_R_CTRL_CALL_FAILED) ,"ctrl call failed"}, - {ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),"error computing shared key"}, - {ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),"error parsing key transport info"}, - {ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS),"incompatible algorithms"}, - {ERR_REASON(GOST_R_INCOMPATIBLE_PEER_KEY),"incompatible peer key"}, - {ERR_REASON(GOST_R_INVALID_DIGEST_TYPE) ,"invalid digest type"}, - {ERR_REASON(GOST_R_INVALID_IV_LENGTH) ,"invalid iv length"}, - {ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH),"invalid mac key length"}, - {ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED),"key is not initialized"}, - {ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING),"key parameters missing"}, - {ERR_REASON(GOST_R_MAC_KEY_NOT_SET) ,"mac key not set"}, - {ERR_REASON(GOST_R_NO_PARAMETERS_SET) ,"no parameters set"}, - {ERR_REASON(GOST_R_NO_PEER_KEY) ,"no peer key"}, - {ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),"no private part of non ephemeral keypair"}, - {ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED) ,"public key undefined"}, - {ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),"random number generator failed"}, - {ERR_REASON(GOST_R_SIGNATURE_MISMATCH) ,"signature mismatch"}, - {ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),"signature parts greater than q"}, - {ERR_REASON(GOST_R_UKM_NOT_SET) ,"ukm not set"}, - {0, NULL} -}; -#endif - -void -ERR_load_GOST_strings(void) { -#ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(GOST_str_functs[0].error) == NULL) { - ERR_load_strings(0,GOST_str_functs); - ERR_load_strings(0,GOST_str_reasons); - } -#endif -} -LCRYPTO_ALIAS(ERR_load_GOST_strings); diff --git a/lib/libcrypto/gost/gost_local.h b/lib/libcrypto/gost/gost_local.h deleted file mode 100644 index db07d06f04a..00000000000 --- a/lib/libcrypto/gost/gost_local.h +++ /dev/null @@ -1,116 +0,0 @@ -/* $OpenBSD: gost_local.h,v 1.3 2023/07/28 15:50:33 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#ifndef HEADER_GOST_LOCAL_H -#define HEADER_GOST_LOCAL_H - -#include - -__BEGIN_HIDDEN_DECLS - -/* Internal representation of GOST substitution blocks */ -typedef struct { - unsigned char k8[16]; - unsigned char k7[16]; - unsigned char k6[16]; - unsigned char k5[16]; - unsigned char k4[16]; - unsigned char k3[16]; - unsigned char k2[16]; - unsigned char k1[16]; -} gost_subst_block; - -#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -# define c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4) -# define l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4) -#else -#define c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<<24)) -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff)) -#endif - -extern void Gost2814789_encrypt(const unsigned char *in, unsigned char *out, - const GOST2814789_KEY *key); -extern void Gost2814789_decrypt(const unsigned char *in, unsigned char *out, - const GOST2814789_KEY *key); -extern void Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key); - -/* GOST 28147-89 key wrapping */ -extern int gost_key_unwrap_crypto_pro(int nid, - const unsigned char *keyExchangeKey, const unsigned char *wrappedKey, - unsigned char *sessionKey); -extern int gost_key_wrap_crypto_pro(int nid, - const unsigned char *keyExchangeKey, const unsigned char *ukm, - const unsigned char *sessionKey, unsigned char *wrappedKey); -/* Pkey part */ -extern int gost2001_compute_public(GOST_KEY *ec); -extern ECDSA_SIG *gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey); -extern int gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec); -extern int gost2001_keygen(GOST_KEY *ec); -extern int VKO_compute_key(BIGNUM *X, BIGNUM *Y, const GOST_KEY *pkey, - GOST_KEY *priv_key, const BIGNUM *ukm); -extern BIGNUM *GOST_le2bn(const unsigned char *buf, size_t len, BIGNUM *bn); -extern int GOST_bn2le(BIGNUM *bn, unsigned char *buf, int len); - -/* GOST R 34.10 parameters */ -extern int GostR3410_get_md_digest(int nid); -extern int GostR3410_get_pk_digest(int nid); -extern int GostR3410_256_param_id(const char *value); -extern int GostR3410_512_param_id(const char *value); - -__END_HIDDEN_DECLS - -#endif /* !HEADER_GOST_LOCAL_H */ diff --git a/lib/libcrypto/gost/gostr341001.c b/lib/libcrypto/gost/gostr341001.c deleted file mode 100644 index 1c34626a435..00000000000 --- a/lib/libcrypto/gost/gostr341001.c +++ /dev/null @@ -1,403 +0,0 @@ -/* $OpenBSD: gostr341001.c,v 1.12 2023/07/05 11:37:45 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include - -#include "bn_local.h" -#include "ecdsa_local.h" -#include "gost_local.h" - -/* Convert little-endian byte array into bignum */ -BIGNUM * -GOST_le2bn(const unsigned char *buf, size_t len, BIGNUM *bn) -{ - unsigned char temp[64]; - int i; - - if (len > 64) - return NULL; - - for (i = 0; i < len; i++) { - temp[len - 1 - i] = buf[i]; - } - - return BN_bin2bn(temp, len, bn); -} - -int -GOST_bn2le(BIGNUM *bn, unsigned char *buf, int len) -{ - unsigned char temp[64]; - int i, bytes; - - bytes = BN_num_bytes(bn); - if (len > 64 || bytes > len) - return 0; - - BN_bn2bin(bn, temp); - - for (i = 0; i < bytes; i++) { - buf[bytes - 1 - i] = temp[i]; - } - - memset(buf + bytes, 0, len - bytes); - - return 1; -} - -int -gost2001_compute_public(GOST_KEY *ec) -{ - const EC_GROUP *group = GOST_KEY_get0_group(ec); - EC_POINT *pub_key = NULL; - const BIGNUM *priv_key = NULL; - BN_CTX *ctx = NULL; - int ok = 0; - - if (group == NULL) { - GOSTerror(GOST_R_KEY_IS_NOT_INITIALIZED); - return 0; - } - ctx = BN_CTX_new(); - if (ctx == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - BN_CTX_start(ctx); - if ((priv_key = GOST_KEY_get0_private_key(ec)) == NULL) - goto err; - - pub_key = EC_POINT_new(group); - if (pub_key == NULL) - goto err; - if (EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx) == 0) - goto err; - if (GOST_KEY_set_public_key(ec, pub_key) == 0) - goto err; - ok = 1; - - if (ok == 0) { -err: - GOSTerror(ERR_R_EC_LIB); - } - EC_POINT_free(pub_key); - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return ok; -} - -ECDSA_SIG * -gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey) -{ - ECDSA_SIG *newsig = NULL; - BIGNUM *order = NULL; - const EC_GROUP *group; - const BIGNUM *priv_key; - BIGNUM *r = NULL, *s = NULL, *X = NULL, *tmp = NULL, *tmp2 = NULL, *k = - NULL, *e = NULL; - EC_POINT *C = NULL; - BN_CTX *ctx = BN_CTX_new(); - int ok = 0; - - if (ctx == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return NULL; - } - BN_CTX_start(ctx); - newsig = ECDSA_SIG_new(); - if (newsig == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - goto err; - } - s = newsig->s; - r = newsig->r; - group = GOST_KEY_get0_group(eckey); - if ((order = BN_CTX_get(ctx)) == NULL) - goto err; - if (EC_GROUP_get_order(group, order, ctx) == 0) - goto err; - priv_key = GOST_KEY_get0_private_key(eckey); - if ((e = BN_CTX_get(ctx)) == NULL) - goto err; - if (BN_mod_ct(e, md, order, ctx) == 0) - goto err; - if (BN_is_zero(e)) { - if (!BN_one(e)) - goto err; - } - if ((k = BN_CTX_get(ctx)) == NULL) - goto err; - if ((X = BN_CTX_get(ctx)) == NULL) - goto err; - if ((C = EC_POINT_new(group)) == NULL) - goto err; - do { - do { - if (!BN_rand_range(k, order)) { - GOSTerror(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED); - goto err; - } - /* - * We do not want timing information to leak the length - * of k, so we compute G*k using an equivalent scalar - * of fixed bit-length. - */ - if (BN_add(k, k, order) == 0) - goto err; - if (BN_num_bits(k) <= BN_num_bits(order)) - if (BN_add(k, k, order) == 0) - goto err; - - if (EC_POINT_mul(group, C, k, NULL, NULL, ctx) == 0) { - GOSTerror(ERR_R_EC_LIB); - goto err; - } - if (EC_POINT_get_affine_coordinates(group, C, X, - NULL, ctx) == 0) { - GOSTerror(ERR_R_EC_LIB); - goto err; - } - if (BN_nnmod(r, X, order, ctx) == 0) - goto err; - } while (BN_is_zero(r)); - /* s = (r*priv_key+k*e) mod order */ - if (tmp == NULL) { - if ((tmp = BN_CTX_get(ctx)) == NULL) - goto err; - } - if (BN_mod_mul(tmp, priv_key, r, order, ctx) == 0) - goto err; - if (tmp2 == NULL) { - if ((tmp2 = BN_CTX_get(ctx)) == NULL) - goto err; - } - if (BN_mod_mul(tmp2, k, e, order, ctx) == 0) - goto err; - if (BN_mod_add(s, tmp, tmp2, order, ctx) == 0) - goto err; - } while (BN_is_zero(s)); - ok = 1; - -err: - EC_POINT_free(C); - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - if (ok == 0) { - ECDSA_SIG_free(newsig); - newsig = NULL; - } - return newsig; -} - -int -gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec) -{ - BN_CTX *ctx = BN_CTX_new(); - const EC_GROUP *group = GOST_KEY_get0_group(ec); - BIGNUM *order; - BIGNUM *e = NULL, *R = NULL, *v = NULL, *z1 = NULL, *z2 = NULL; - BIGNUM *X = NULL, *tmp = NULL; - EC_POINT *C = NULL; - const EC_POINT *pub_key = NULL; - int ok = 0; - - if (ctx == NULL) - goto err; - BN_CTX_start(ctx); - if ((order = BN_CTX_get(ctx)) == NULL) - goto err; - if ((e = BN_CTX_get(ctx)) == NULL) - goto err; - if ((z1 = BN_CTX_get(ctx)) == NULL) - goto err; - if ((z2 = BN_CTX_get(ctx)) == NULL) - goto err; - if ((tmp = BN_CTX_get(ctx)) == NULL) - goto err; - if ((X = BN_CTX_get(ctx)) == NULL) - goto err; - if ((R = BN_CTX_get(ctx)) == NULL) - goto err; - if ((v = BN_CTX_get(ctx)) == NULL) - goto err; - - if (EC_GROUP_get_order(group, order, ctx) == 0) - goto err; - pub_key = GOST_KEY_get0_public_key(ec); - if (BN_is_zero(sig->s) || BN_is_zero(sig->r) || - BN_cmp(sig->s, order) >= 1 || BN_cmp(sig->r, order) >= 1) { - GOSTerror(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q); - goto err; - } - - if (BN_mod_ct(e, md, order, ctx) == 0) - goto err; - if (BN_is_zero(e)) { - if (!BN_one(e)) - goto err; - } - if ((v = BN_mod_inverse_ct(v, e, order, ctx)) == NULL) - goto err; - if (BN_mod_mul(z1, sig->s, v, order, ctx) == 0) - goto err; - if (BN_sub(tmp, order, sig->r) == 0) - goto err; - if (BN_mod_mul(z2, tmp, v, order, ctx) == 0) - goto err; - if ((C = EC_POINT_new(group)) == NULL) - goto err; - if (EC_POINT_mul(group, C, z1, pub_key, z2, ctx) == 0) { - GOSTerror(ERR_R_EC_LIB); - goto err; - } - if (EC_POINT_get_affine_coordinates(group, C, X, NULL, ctx) == 0) { - GOSTerror(ERR_R_EC_LIB); - goto err; - } - if (BN_mod_ct(R, X, order, ctx) == 0) - goto err; - if (BN_cmp(R, sig->r) != 0) { - GOSTerror(GOST_R_SIGNATURE_MISMATCH); - } else { - ok = 1; - } -err: - EC_POINT_free(C); - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return ok; -} - -/* Implementation of CryptoPro VKO 34.10-2001 algorithm */ -int -VKO_compute_key(BIGNUM *X, BIGNUM *Y, const GOST_KEY *pkey, GOST_KEY *priv_key, - const BIGNUM *ukm) -{ - BIGNUM *p = NULL, *order = NULL; - const BIGNUM *key = GOST_KEY_get0_private_key(priv_key); - const EC_GROUP *group = GOST_KEY_get0_group(priv_key); - const EC_POINT *pub_key = GOST_KEY_get0_public_key(pkey); - EC_POINT *pnt; - BN_CTX *ctx = NULL; - int ok = 0; - - pnt = EC_POINT_new(group); - if (pnt == NULL) - goto err; - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - BN_CTX_start(ctx); - if ((p = BN_CTX_get(ctx)) == NULL) - goto err; - if ((order = BN_CTX_get(ctx)) == NULL) - goto err; - if (EC_GROUP_get_order(group, order, ctx) == 0) - goto err; - if (BN_mod_mul(p, key, ukm, order, ctx) == 0) - goto err; - if (EC_POINT_mul(group, pnt, NULL, pub_key, p, ctx) == 0) - goto err; - if (EC_POINT_get_affine_coordinates(group, pnt, X, Y, ctx) == 0) - goto err; - ok = 1; - -err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - EC_POINT_free(pnt); - return ok; -} - -int -gost2001_keygen(GOST_KEY *ec) -{ - BIGNUM *order = BN_new(), *d = BN_new(); - const EC_GROUP *group = GOST_KEY_get0_group(ec); - int rc = 0; - - if (order == NULL || d == NULL) - goto err; - if (EC_GROUP_get_order(group, order, NULL) == 0) - goto err; - - do { - if (BN_rand_range(d, order) == 0) { - GOSTerror(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED); - goto err; - } - } while (BN_is_zero(d)); - - if (GOST_KEY_set_private_key(ec, d) == 0) - goto err; - rc = gost2001_compute_public(ec); - -err: - BN_free(d); - BN_free(order); - return rc; -} -#endif diff --git a/lib/libcrypto/gost/gostr341001_ameth.c b/lib/libcrypto/gost/gostr341001_ameth.c deleted file mode 100644 index e8e8c8aa821..00000000000 --- a/lib/libcrypto/gost/gostr341001_ameth.c +++ /dev/null @@ -1,727 +0,0 @@ -/* $OpenBSD: gostr341001_ameth.c,v 1.24 2024/01/04 17:01:26 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include -#include -#include -#include - - -#include "asn1_local.h" -#include "evp_local.h" -#include "gost_local.h" -#include "gost_asn1.h" - -static void -pkey_free_gost01(EVP_PKEY *key) -{ - GOST_KEY_free(key->pkey.gost); -} - -/* - * Parses GOST algorithm parameters from X509_ALGOR and - * modifies pkey setting NID and parameters - */ -static int -decode_gost01_algor_params(EVP_PKEY *pkey, const unsigned char **p, int len) -{ - int param_nid = NID_undef, digest_nid = NID_undef; - GOST_KEY_PARAMS *gkp = NULL; - EC_GROUP *group; - GOST_KEY *ec; - - gkp = d2i_GOST_KEY_PARAMS(NULL, p, len); - if (gkp == NULL) { - GOSTerror(GOST_R_BAD_PKEY_PARAMETERS_FORMAT); - return 0; - } - param_nid = OBJ_obj2nid(gkp->key_params); - digest_nid = OBJ_obj2nid(gkp->hash_params); - GOST_KEY_PARAMS_free(gkp); - - ec = pkey->pkey.gost; - if (ec == NULL) { - ec = GOST_KEY_new(); - if (ec == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - if (EVP_PKEY_assign_GOST(pkey, ec) == 0) { - GOST_KEY_free(ec); - return 0; - } - } - - group = EC_GROUP_new_by_curve_name(param_nid); - if (group == NULL) { - GOSTerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); - return 0; - } - EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); - if (GOST_KEY_set_group(ec, group) == 0) { - EC_GROUP_free(group); - return 0; - } - EC_GROUP_free(group); - if (GOST_KEY_set_digest(ec, digest_nid) == 0) - return 0; - return 1; -} - -static ASN1_STRING * -encode_gost01_algor_params(const EVP_PKEY *key) -{ - ASN1_STRING *params = ASN1_STRING_new(); - GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new(); - int pkey_param_nid = NID_undef; - - if (params == NULL || gkp == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - ASN1_STRING_free(params); - params = NULL; - goto err; - } - - pkey_param_nid = - EC_GROUP_get_curve_name(GOST_KEY_get0_group(key->pkey.gost)); - gkp->key_params = OBJ_nid2obj(pkey_param_nid); - gkp->hash_params = OBJ_nid2obj(GOST_KEY_get_digest(key->pkey.gost)); - /*gkp->cipher_params = OBJ_nid2obj(cipher_param_nid); */ - params->length = i2d_GOST_KEY_PARAMS(gkp, ¶ms->data); - if (params->length <= 0) { - GOSTerror(ERR_R_MALLOC_FAILURE); - ASN1_STRING_free(params); - params = NULL; - goto err; - } - params->type = V_ASN1_SEQUENCE; -err: - GOST_KEY_PARAMS_free(gkp); - return params; -} - -static int -pub_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b) -{ - const GOST_KEY *ea = a->pkey.gost; - const GOST_KEY *eb = b->pkey.gost; - const EC_POINT *ka, *kb; - int ret = 0; - - if (ea == NULL || eb == NULL) - return 0; - ka = GOST_KEY_get0_public_key(ea); - kb = GOST_KEY_get0_public_key(eb); - if (ka == NULL || kb == NULL) - return 0; - ret = (0 == EC_POINT_cmp(GOST_KEY_get0_group(ea), ka, kb, NULL)); - return ret; -} - -static int -pkey_size_gost01(const EVP_PKEY *pk) -{ - if (GOST_KEY_get_digest(pk->pkey.gost) == NID_id_tc26_gost3411_2012_512) - return 128; - return 64; -} - -static int -pkey_bits_gost01(const EVP_PKEY *pk) -{ - if (GOST_KEY_get_digest(pk->pkey.gost) == NID_id_tc26_gost3411_2012_512) - return 512; - return 256; -} - -static int -pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub) -{ - X509_ALGOR *palg = NULL; - const unsigned char *pubkey_buf = NULL; - const unsigned char *p; - ASN1_OBJECT *palgobj = NULL; - int pub_len; - BIGNUM *X, *Y; - ASN1_OCTET_STRING *octet = NULL; - int len; - int ret; - int ptype = V_ASN1_UNDEF; - ASN1_STRING *pval = NULL; - - if (X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub) - == 0) - return 0; - /* Called for the side effect of freeing pk->pkey. */ - if (!EVP_PKEY_set_type(pk, EVP_PKEY_GOSTR01)) - return 0; - X509_ALGOR_get0(NULL, &ptype, (const void **)&pval, palg); - if (ptype != V_ASN1_SEQUENCE) { - GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT); - return 0; - } - p = pval->data; - if (decode_gost01_algor_params(pk, &p, pval->length) == 0) { - GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT); - return 0; - } - - octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len); - if (octet == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - len = octet->length / 2; - - X = GOST_le2bn(octet->data, len, NULL); - Y = GOST_le2bn(octet->data + len, len, NULL); - - ASN1_OCTET_STRING_free(octet); - - ret = GOST_KEY_set_public_key_affine_coordinates(pk->pkey.gost, X, Y); - if (ret == 0) - GOSTerror(ERR_R_EC_LIB); - - BN_free(X); - BN_free(Y); - - return ret; -} - -static int -pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk) -{ - ASN1_OBJECT *algobj = NULL; - ASN1_OCTET_STRING *octet = NULL; - ASN1_STRING *params = NULL; - void *pval = NULL; - unsigned char *buf = NULL, *sptr; - int key_size, ret = 0; - const EC_POINT *pub_key; - BIGNUM *X = NULL, *Y = NULL; - const GOST_KEY *ec = pk->pkey.gost; - int ptype = V_ASN1_UNDEF; - - algobj = OBJ_nid2obj(GostR3410_get_pk_digest(GOST_KEY_get_digest(ec))); - if (pk->save_parameters) { - params = encode_gost01_algor_params(pk); - if (params == NULL) - return 0; - pval = params; - ptype = V_ASN1_SEQUENCE; - } - - key_size = GOST_KEY_get_size(ec); - - pub_key = GOST_KEY_get0_public_key(ec); - if (pub_key == NULL) { - GOSTerror(GOST_R_PUBLIC_KEY_UNDEFINED); - goto err; - } - - octet = ASN1_OCTET_STRING_new(); - if (octet == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - goto err; - } - - ret = ASN1_STRING_set(octet, NULL, 2 * key_size); - if (ret == 0) { - GOSTerror(ERR_R_INTERNAL_ERROR); - goto err; - } - - sptr = ASN1_STRING_data(octet); - - X = BN_new(); - Y = BN_new(); - if (X == NULL || Y == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - goto err; - } - - if (EC_POINT_get_affine_coordinates(GOST_KEY_get0_group(ec), - pub_key, X, Y, NULL) == 0) { - GOSTerror(ERR_R_EC_LIB); - goto err; - } - - GOST_bn2le(X, sptr, key_size); - GOST_bn2le(Y, sptr + key_size, key_size); - - BN_free(Y); - BN_free(X); - - ret = i2d_ASN1_OCTET_STRING(octet, &buf); - ASN1_BIT_STRING_free(octet); - if (ret < 0) - return 0; - - return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret); - -err: - BN_free(Y); - BN_free(X); - ASN1_BIT_STRING_free(octet); - ASN1_STRING_free(params); - return 0; -} - -static int -param_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) -{ - int param_nid = - EC_GROUP_get_curve_name(GOST_KEY_get0_group(pkey->pkey.gost)); - - if (BIO_indent(out, indent, 128) == 0) - return 0; - BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid)); - if (BIO_indent(out, indent, 128) == 0) - return 0; - BIO_printf(out, "Digest Algorithm: %s\n", - OBJ_nid2ln(GOST_KEY_get_digest(pkey->pkey.gost))); - return 1; -} - -static int -pub_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) -{ - BN_CTX *ctx = BN_CTX_new(); - BIGNUM *X, *Y; - const EC_POINT *pubkey; - const EC_GROUP *group; - - if (ctx == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - BN_CTX_start(ctx); - if ((X = BN_CTX_get(ctx)) == NULL) - goto err; - if ((Y = BN_CTX_get(ctx)) == NULL) - goto err; - pubkey = GOST_KEY_get0_public_key(pkey->pkey.gost); - group = GOST_KEY_get0_group(pkey->pkey.gost); - if (EC_POINT_get_affine_coordinates(group, pubkey, X, Y, ctx) == 0) { - GOSTerror(ERR_R_EC_LIB); - goto err; - } - if (BIO_indent(out, indent, 128) == 0) - goto err; - BIO_printf(out, "Public key:\n"); - if (BIO_indent(out, indent + 3, 128) == 0) - goto err; - BIO_printf(out, "X:"); - BN_print(out, X); - BIO_printf(out, "\n"); - if (BIO_indent(out, indent + 3, 128) == 0) - goto err; - BIO_printf(out, "Y:"); - BN_print(out, Y); - BIO_printf(out, "\n"); - - BN_CTX_end(ctx); - BN_CTX_free(ctx); - - return param_print_gost01(out, pkey, indent, pctx); - -err: - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return 0; -} - -static int -priv_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) -{ - const BIGNUM *key; - - if (BIO_indent(out, indent, 128) == 0) - return 0; - BIO_printf(out, "Private key: "); - key = GOST_KEY_get0_private_key(pkey->pkey.gost); - if (key == NULL) - BIO_printf(out, "pkey. */ - if (!EVP_PKEY_set_type(pk, EVP_PKEY_GOSTR01)) - return 0; - X509_ALGOR_get0(NULL, &ptype, (const void **)&pval, palg); - if (ptype != V_ASN1_SEQUENCE) { - GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT); - return 0; - } - p = pval->data; - if (decode_gost01_algor_params(pk, &p, pval->length) == 0) { - GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT); - return 0; - } - p = pkey_buf; - if (V_ASN1_OCTET_STRING == *p) { - /* New format - Little endian octet string */ - ASN1_OCTET_STRING *s = - d2i_ASN1_OCTET_STRING(NULL, &p, priv_len); - - if (s == NULL) { - GOSTerror(EVP_R_DECODE_ERROR); - ASN1_STRING_free(s); - return 0; - } - - pk_num = GOST_le2bn(s->data, s->length, NULL); - ASN1_STRING_free(s); - } else { - priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len); - if (priv_key == NULL) - return 0; - ret = ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL)) != NULL); - ASN1_INTEGER_free(priv_key); - if (ret == 0) { - GOSTerror(EVP_R_DECODE_ERROR); - return 0; - } - } - - ec = pk->pkey.gost; - if (ec == NULL) { - ec = GOST_KEY_new(); - if (ec == NULL) { - BN_free(pk_num); - return 0; - } - if (EVP_PKEY_assign_GOST(pk, ec) == 0) { - BN_free(pk_num); - GOST_KEY_free(ec); - return 0; - } - } - if (GOST_KEY_set_private_key(ec, pk_num) == 0) { - BN_free(pk_num); - return 0; - } - ret = 0; - if (EVP_PKEY_missing_parameters(pk) == 0) - ret = gost2001_compute_public(ec) != 0; - BN_free(pk_num); - - return ret; -} - -static int -priv_encode_gost01(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk) -{ - ASN1_OBJECT *algobj = - OBJ_nid2obj(GostR3410_get_pk_digest(GOST_KEY_get_digest(pk->pkey.gost))); - ASN1_STRING *params = encode_gost01_algor_params(pk); - unsigned char *priv_buf = NULL; - int priv_len; - ASN1_INTEGER *asn1key = NULL; - - if (params == NULL) - return 0; - - asn1key = BN_to_ASN1_INTEGER(GOST_KEY_get0_private_key(pk->pkey.gost), - NULL); - if (asn1key == NULL) { - ASN1_STRING_free(params); - return 0; - } - priv_len = i2d_ASN1_INTEGER(asn1key, &priv_buf); - ASN1_INTEGER_free(asn1key); - return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params, priv_buf, - priv_len); -} - -static int -param_encode_gost01(const EVP_PKEY *pkey, unsigned char **pder) -{ - ASN1_STRING *params = encode_gost01_algor_params(pkey); - int len; - - if (params == NULL) - return 0; - len = params->length; - if (pder != NULL) - memcpy(*pder, params->data, params->length); - ASN1_STRING_free(params); - return len; -} - -static int -param_decode_gost01(EVP_PKEY *pkey, const unsigned char **pder, int derlen) -{ - ASN1_OBJECT *obj = NULL; - int nid; - GOST_KEY *ec; - EC_GROUP *group; - int ret; - - /* New format */ - if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == **pder) - return decode_gost01_algor_params(pkey, pder, derlen); - - /* Compatibility */ - if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - nid = OBJ_obj2nid(obj); - ASN1_OBJECT_free(obj); - - ec = GOST_KEY_new(); - if (ec == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - group = EC_GROUP_new_by_curve_name(nid); - if (group == NULL) { - GOSTerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); - GOST_KEY_free(ec); - return 0; - } - - EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); - if (GOST_KEY_set_group(ec, group) == 0) { - GOSTerror(ERR_R_EC_LIB); - EC_GROUP_free(group); - GOST_KEY_free(ec); - return 0; - } - EC_GROUP_free(group); - if (GOST_KEY_set_digest(ec, - NID_id_GostR3411_94_CryptoProParamSet) == 0) { - GOSTerror(GOST_R_INVALID_DIGEST_TYPE); - GOST_KEY_free(ec); - return 0; - } - ret = EVP_PKEY_assign_GOST(pkey, ec); - if (ret == 0) - GOST_KEY_free(ec); - return ret; -} - -static int -param_missing_gost01(const EVP_PKEY *pk) -{ - const GOST_KEY *ec = pk->pkey.gost; - - if (ec == NULL) - return 1; - if (GOST_KEY_get0_group(ec) == NULL) - return 1; - if (GOST_KEY_get_digest(ec) == NID_undef) - return 1; - return 0; -} - -static int -param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from) -{ - GOST_KEY *eto = to->pkey.gost; - const GOST_KEY *efrom = from->pkey.gost; - int ret = 1; - - if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) { - GOSTerror(GOST_R_INCOMPATIBLE_ALGORITHMS); - return 0; - } - if (efrom == NULL) { - GOSTerror(GOST_R_KEY_PARAMETERS_MISSING); - return 0; - } - if (eto == NULL) { - eto = GOST_KEY_new(); - if (eto == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - if (EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto) == 0) { - GOST_KEY_free(eto); - return 0; - } - } - GOST_KEY_set_group(eto, GOST_KEY_get0_group(efrom)); - GOST_KEY_set_digest(eto, GOST_KEY_get_digest(efrom)); - if (GOST_KEY_get0_private_key(eto) != NULL) - ret = gost2001_compute_public(eto); - - return ret; -} - -static int -param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b) -{ - if (EC_GROUP_get_curve_name(GOST_KEY_get0_group(a->pkey.gost)) != - EC_GROUP_get_curve_name(GOST_KEY_get0_group(b->pkey.gost))) - return 0; - - if (GOST_KEY_get_digest(a->pkey.gost) != - GOST_KEY_get_digest(b->pkey.gost)) - return 0; - - return 1; -} - -static int -pkey_ctrl_gost01(EVP_PKEY *pkey, int op, long arg1, void *arg2) -{ - X509_ALGOR *alg1 = NULL, *alg2 = NULL, *alg3 = NULL; - int digest = GOST_KEY_get_digest(pkey->pkey.gost); - - switch (op) { - case ASN1_PKEY_CTRL_PKCS7_SIGN: - if (arg1 == 0) - PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); - break; - - case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: - if (arg1 == 0) - PKCS7_RECIP_INFO_get0_alg(arg2, &alg3); - break; - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = GostR3410_get_md_digest(digest); - return 2; - - default: - return -2; - } - - if (alg1) - X509_ALGOR_set0(alg1, OBJ_nid2obj(GostR3410_get_md_digest(digest)), V_ASN1_NULL, 0); - if (alg2) - X509_ALGOR_set0(alg2, OBJ_nid2obj(GostR3410_get_pk_digest(digest)), V_ASN1_NULL, 0); - if (alg3) { - ASN1_STRING *params = encode_gost01_algor_params(pkey); - if (params == NULL) { - return -1; - } - X509_ALGOR_set0(alg3, - OBJ_nid2obj(GostR3410_get_pk_digest(digest)), - V_ASN1_SEQUENCE, params); - } - - return 1; -} - -const EVP_PKEY_ASN1_METHOD gostr01_asn1_meth = { - .base_method = &gostr01_asn1_meth, - .pkey_id = EVP_PKEY_GOSTR01, - .pkey_flags = ASN1_PKEY_SIGPARAM_NULL, - - .pem_str = "GOST2001", - .info = "GOST R 34.10-2001", - - .pkey_free = pkey_free_gost01, - .pkey_ctrl = pkey_ctrl_gost01, - - .priv_decode = priv_decode_gost01, - .priv_encode = priv_encode_gost01, - .priv_print = priv_print_gost01, - - .param_decode = param_decode_gost01, - .param_encode = param_encode_gost01, - .param_missing = param_missing_gost01, - .param_copy = param_copy_gost01, - .param_cmp = param_cmp_gost01, - .param_print = param_print_gost01, - - .pub_decode = pub_decode_gost01, - .pub_encode = pub_encode_gost01, - .pub_cmp = pub_cmp_gost01, - .pub_print = pub_print_gost01, - .pkey_size = pkey_size_gost01, - .pkey_bits = pkey_bits_gost01, -}; - -const EVP_PKEY_ASN1_METHOD gostr12_256_asn1_meth = { - .base_method = &gostr01_asn1_meth, - .pkey_id = EVP_PKEY_GOSTR12_256, - .pkey_flags = ASN1_PKEY_ALIAS, -}; - -const EVP_PKEY_ASN1_METHOD gostr12_512_asn1_meth = { - .base_method = &gostr01_asn1_meth, - .pkey_id = EVP_PKEY_GOSTR12_512, - .pkey_flags = ASN1_PKEY_ALIAS, -}; - -#endif diff --git a/lib/libcrypto/gost/gostr341001_key.c b/lib/libcrypto/gost/gostr341001_key.c deleted file mode 100644 index 0170ab44ba6..00000000000 --- a/lib/libcrypto/gost/gostr341001_key.c +++ /dev/null @@ -1,334 +0,0 @@ -/* $OpenBSD: gostr341001_key.c,v 1.14 2023/07/24 17:08:53 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include -#include -#include "gost_local.h" - -struct gost_key_st { - EC_GROUP *group; - - EC_POINT *pub_key; - BIGNUM *priv_key; - - int references; - - int digest_nid; -}; - -GOST_KEY * -GOST_KEY_new(void) -{ - GOST_KEY *ret; - - ret = malloc(sizeof(GOST_KEY)); - if (ret == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return (NULL); - } - ret->group = NULL; - ret->pub_key = NULL; - ret->priv_key = NULL; - ret->references = 1; - ret->digest_nid = NID_undef; - return (ret); -} -LCRYPTO_ALIAS(GOST_KEY_new); - -void -GOST_KEY_free(GOST_KEY *r) -{ - int i; - - if (r == NULL) - return; - - i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC); - if (i > 0) - return; - - EC_GROUP_free(r->group); - EC_POINT_free(r->pub_key); - BN_free(r->priv_key); - - freezero(r, sizeof(GOST_KEY)); -} -LCRYPTO_ALIAS(GOST_KEY_free); - -int -GOST_KEY_check_key(const GOST_KEY *key) -{ - int ok = 0; - BN_CTX *ctx = NULL; - BIGNUM *order = NULL; - EC_POINT *point = NULL; - - if (key == NULL || key->group == NULL || key->pub_key == NULL) { - GOSTerror(ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (EC_POINT_is_at_infinity(key->group, key->pub_key) != 0) { - GOSTerror(EC_R_POINT_AT_INFINITY); - goto err; - } - if ((ctx = BN_CTX_new()) == NULL) - goto err; - if ((point = EC_POINT_new(key->group)) == NULL) - goto err; - - /* testing whether the pub_key is on the elliptic curve */ - if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) <= 0) { - GOSTerror(EC_R_POINT_IS_NOT_ON_CURVE); - goto err; - } - /* testing whether pub_key * order is the point at infinity */ - if ((order = BN_new()) == NULL) - goto err; - if (EC_GROUP_get_order(key->group, order, ctx) == 0) { - GOSTerror(EC_R_INVALID_GROUP_ORDER); - goto err; - } - if (EC_POINT_mul(key->group, point, NULL, key->pub_key, order, - ctx) == 0) { - GOSTerror(ERR_R_EC_LIB); - goto err; - } - if (EC_POINT_is_at_infinity(key->group, point) == 0) { - GOSTerror(EC_R_WRONG_ORDER); - goto err; - } - /* - * in case the priv_key is present : check if generator * priv_key == - * pub_key - */ - if (key->priv_key != NULL) { - if (BN_cmp(key->priv_key, order) >= 0) { - GOSTerror(EC_R_WRONG_ORDER); - goto err; - } - if (EC_POINT_mul(key->group, point, key->priv_key, NULL, NULL, - ctx) == 0) { - GOSTerror(ERR_R_EC_LIB); - goto err; - } - if (EC_POINT_cmp(key->group, point, key->pub_key, ctx) != 0) { - GOSTerror(EC_R_INVALID_PRIVATE_KEY); - goto err; - } - } - ok = 1; -err: - BN_free(order); - BN_CTX_free(ctx); - EC_POINT_free(point); - return (ok); -} -LCRYPTO_ALIAS(GOST_KEY_check_key); - -int -GOST_KEY_set_public_key_affine_coordinates(GOST_KEY *key, BIGNUM *x, BIGNUM *y) -{ - BN_CTX *ctx = NULL; - BIGNUM *tx, *ty; - EC_POINT *point = NULL; - int ok = 0; - - if (key == NULL || key->group == NULL || x == NULL || y == NULL) { - GOSTerror(ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - - BN_CTX_start(ctx); - - point = EC_POINT_new(key->group); - if (point == NULL) - goto err; - - if ((tx = BN_CTX_get(ctx)) == NULL) - goto err; - if ((ty = BN_CTX_get(ctx)) == NULL) - goto err; - if (EC_POINT_set_affine_coordinates(key->group, point, x, y, - ctx) == 0) - goto err; - if (EC_POINT_get_affine_coordinates(key->group, point, tx, ty, - ctx) == 0) - goto err; - /* - * Check if retrieved coordinates match originals: if not, values are - * out of range. - */ - if (BN_cmp(x, tx) != 0 || BN_cmp(y, ty) != 0) { - GOSTerror(EC_R_COORDINATES_OUT_OF_RANGE); - goto err; - } - if (GOST_KEY_set_public_key(key, point) == 0) - goto err; - - if (GOST_KEY_check_key(key) == 0) - goto err; - - ok = 1; - -err: - EC_POINT_free(point); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return ok; - -} -LCRYPTO_ALIAS(GOST_KEY_set_public_key_affine_coordinates); - -const EC_GROUP * -GOST_KEY_get0_group(const GOST_KEY *key) -{ - return key->group; -} -LCRYPTO_ALIAS(GOST_KEY_get0_group); - -int -GOST_KEY_set_group(GOST_KEY *key, const EC_GROUP *group) -{ - EC_GROUP_free(key->group); - key->group = EC_GROUP_dup(group); - return (key->group == NULL) ? 0 : 1; -} -LCRYPTO_ALIAS(GOST_KEY_set_group); - -const BIGNUM * -GOST_KEY_get0_private_key(const GOST_KEY *key) -{ - return key->priv_key; -} -LCRYPTO_ALIAS(GOST_KEY_get0_private_key); - -int -GOST_KEY_set_private_key(GOST_KEY *key, const BIGNUM *priv_key) -{ - BN_free(key->priv_key); - key->priv_key = BN_dup(priv_key); - return (key->priv_key == NULL) ? 0 : 1; -} -LCRYPTO_ALIAS(GOST_KEY_set_private_key); - -const EC_POINT * -GOST_KEY_get0_public_key(const GOST_KEY *key) -{ - return key->pub_key; -} -LCRYPTO_ALIAS(GOST_KEY_get0_public_key); - -int -GOST_KEY_set_public_key(GOST_KEY *key, const EC_POINT *pub_key) -{ - EC_POINT_free(key->pub_key); - key->pub_key = EC_POINT_dup(pub_key, key->group); - return (key->pub_key == NULL) ? 0 : 1; -} -LCRYPTO_ALIAS(GOST_KEY_set_public_key); - -int -GOST_KEY_get_digest(const GOST_KEY *key) -{ - return key->digest_nid; -} -LCRYPTO_ALIAS(GOST_KEY_get_digest); -int -GOST_KEY_set_digest(GOST_KEY *key, int digest_nid) -{ - if (digest_nid == NID_id_GostR3411_94_CryptoProParamSet || - digest_nid == NID_id_tc26_gost3411_2012_256 || - digest_nid == NID_id_tc26_gost3411_2012_512) { - key->digest_nid = digest_nid; - return 1; - } - - return 0; -} -LCRYPTO_ALIAS(GOST_KEY_set_digest); - -size_t -GOST_KEY_get_size(const GOST_KEY *r) -{ - int i; - BIGNUM *order = NULL; - const EC_GROUP *group; - - if (r == NULL) - return 0; - group = GOST_KEY_get0_group(r); - if (group == NULL) - return 0; - - if ((order = BN_new()) == NULL) - return 0; - - if (EC_GROUP_get_order(group, order, NULL) == 0) { - BN_free(order); - return 0; - } - - i = BN_num_bytes(order); - BN_free(order); - return (i); -} -LCRYPTO_ALIAS(GOST_KEY_get_size); -#endif diff --git a/lib/libcrypto/gost/gostr341001_params.c b/lib/libcrypto/gost/gostr341001_params.c deleted file mode 100644 index ca8a27d7126..00000000000 --- a/lib/libcrypto/gost/gostr341001_params.c +++ /dev/null @@ -1,132 +0,0 @@ -/* $OpenBSD: gostr341001_params.c,v 1.5 2022/11/26 16:08:53 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include - -#include "gost_local.h" - -int -GostR3410_get_md_digest(int nid) -{ - if (nid == NID_id_GostR3411_94_CryptoProParamSet) - return NID_id_GostR3411_94; - return nid; -} - -int -GostR3410_get_pk_digest(int nid) -{ - switch (nid) { - case NID_id_GostR3411_94_CryptoProParamSet: - return NID_id_GostR3410_2001; - case NID_id_tc26_gost3411_2012_256: - return NID_id_tc26_gost3410_2012_256; - case NID_id_tc26_gost3411_2012_512: - return NID_id_tc26_gost3410_2012_512; - default: - return NID_undef; - } -} - -typedef struct GostR3410_params { - const char *name; - int nid; -} GostR3410_params; - -static const GostR3410_params GostR3410_256_params[] = { - { "A", NID_id_GostR3410_2001_CryptoPro_A_ParamSet }, - { "B", NID_id_GostR3410_2001_CryptoPro_B_ParamSet }, - { "C", NID_id_GostR3410_2001_CryptoPro_C_ParamSet }, - { "0", NID_id_GostR3410_2001_TestParamSet }, - { "XA", NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet }, - { "XB", NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet }, - { NULL, NID_undef }, -}; - -static const GostR3410_params GostR3410_512_params[] = { - { "A", NID_id_tc26_gost_3410_12_512_paramSetA }, - { "B", NID_id_tc26_gost_3410_12_512_paramSetB }, - { NULL, NID_undef }, -}; - -int -GostR3410_256_param_id(const char *value) -{ - int i; - - for (i = 0; GostR3410_256_params[i].nid != NID_undef; i++) { - if (strcasecmp(GostR3410_256_params[i].name, value) == 0) - return GostR3410_256_params[i].nid; - } - - return NID_undef; -} - -int -GostR3410_512_param_id(const char *value) -{ - int i; - - for (i = 0; GostR3410_512_params[i].nid != NID_undef; i++) { - if (strcasecmp(GostR3410_512_params[i].name, value) == 0) - return GostR3410_512_params[i].nid; - } - - return NID_undef; -} - -#endif diff --git a/lib/libcrypto/gost/gostr341001_pmeth.c b/lib/libcrypto/gost/gostr341001_pmeth.c deleted file mode 100644 index c5e05bec602..00000000000 --- a/lib/libcrypto/gost/gostr341001_pmeth.c +++ /dev/null @@ -1,705 +0,0 @@ -/* $OpenBSD: gostr341001_pmeth.c,v 1.19 2023/07/28 15:50:33 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include -#include -#include -#include - -#include "ecdsa_local.h" -#include "evp_local.h" -#include "gost_local.h" -#include "gost_asn1.h" - -static ECDSA_SIG * -unpack_signature_cp(const unsigned char *sig, size_t siglen) -{ - ECDSA_SIG *s; - - s = ECDSA_SIG_new(); - if (s == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return NULL; - } - BN_bin2bn(sig, siglen / 2, s->s); - BN_bin2bn(sig + siglen / 2, siglen / 2, s->r); - return s; -} - -static int -pack_signature_cp(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen) -{ - int r_len = BN_num_bytes(s->r); - int s_len = BN_num_bytes(s->s); - - if (r_len > order || s_len > order) - return 0; - - *siglen = 2 * order; - - memset(sig, 0, *siglen); - BN_bn2bin(s->s, sig + order - s_len); - BN_bn2bin(s->r, sig + 2 * order - r_len); - ECDSA_SIG_free(s); - return 1; -} - -static ECDSA_SIG * -unpack_signature_le(const unsigned char *sig, size_t siglen) -{ - ECDSA_SIG *s; - - s = ECDSA_SIG_new(); - if (s == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return NULL; - } - GOST_le2bn(sig, siglen / 2, s->r); - GOST_le2bn(sig + siglen / 2, siglen / 2, s->s); - return s; -} - -static int -pack_signature_le(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen) -{ - *siglen = 2 * order; - memset(sig, 0, *siglen); - GOST_bn2le(s->r, sig, order); - GOST_bn2le(s->s, sig + order, order); - ECDSA_SIG_free(s); - return 1; -} - -struct gost_pmeth_data { - int sign_param_nid; /* Should be set whenever parameters are filled */ - int digest_nid; - EVP_MD *md; - unsigned char *shared_ukm; - int peer_key_used; - int sig_format; -}; - -static int -pkey_gost01_init(EVP_PKEY_CTX *ctx) -{ - struct gost_pmeth_data *data; - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); - - data = calloc(1, sizeof(struct gost_pmeth_data)); - if (data == NULL) - return 0; - - if (pkey != NULL && pkey->pkey.gost != NULL) { - data->sign_param_nid = - EC_GROUP_get_curve_name(GOST_KEY_get0_group(pkey->pkey.gost)); - data->digest_nid = GOST_KEY_get_digest(pkey->pkey.gost); - } - EVP_PKEY_CTX_set_data(ctx, data); - return 1; -} - -/* Copies contents of gost_pmeth_data structure */ -static int -pkey_gost01_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) -{ - struct gost_pmeth_data *dst_data, *src_data; - - if (pkey_gost01_init(dst) == 0) - return 0; - - src_data = EVP_PKEY_CTX_get_data(src); - dst_data = EVP_PKEY_CTX_get_data(dst); - *dst_data = *src_data; - if (src_data->shared_ukm != NULL) - dst_data->shared_ukm = NULL; - return 1; -} - -/* Frees up gost_pmeth_data structure */ -static void -pkey_gost01_cleanup(EVP_PKEY_CTX *ctx) -{ - struct gost_pmeth_data *data; - - if ((data = EVP_PKEY_CTX_get_data(ctx)) == NULL) - return; - - free(data->shared_ukm); - free(data); -} - -static int -pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); - EC_GROUP *group = NULL; - GOST_KEY *gost = NULL; - int ret = 0; - - if (data->sign_param_nid == NID_undef || - data->digest_nid == NID_undef) { - GOSTerror(GOST_R_NO_PARAMETERS_SET); - return 0; - } - - group = EC_GROUP_new_by_curve_name(data->sign_param_nid); - if (group == NULL) - goto done; - - EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); - - gost = GOST_KEY_new(); - if (gost == NULL) - goto done; - - if (GOST_KEY_set_digest(gost, data->digest_nid) == 0) - goto done; - - if (GOST_KEY_set_group(gost, group) != 0) - ret = EVP_PKEY_assign_GOST(pkey, gost); - -done: - if (ret == 0) - GOST_KEY_free(gost); - EC_GROUP_free(group); - return ret; -} - -static int -pkey_gost01_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - if (pkey_gost01_paramgen(ctx, pkey) == 0) - return 0; - return gost2001_keygen(pkey->pkey.gost) != 0; -} - -static int -pkey_gost01_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbs_len) -{ - ECDSA_SIG *unpacked_sig = NULL; - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); - struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx); - BIGNUM *md; - size_t size; - int ret; - - if (pkey == NULL || pkey->pkey.gost == NULL) - return 0; - size = GOST_KEY_get_size(pkey->pkey.gost); - - if (siglen == NULL) - return 0; - if (sig == NULL) { - *siglen = 2 * size; - return 1; - } else if (*siglen < 2 * size) { - GOSTerror(EC_R_BUFFER_TOO_SMALL); - return 0; - } - if (tbs_len != 32 && tbs_len != 64) { - GOSTerror(EVP_R_BAD_BLOCK_LENGTH); - return 0; - } - md = GOST_le2bn(tbs, tbs_len, NULL); - if (md == NULL) - return 0; - unpacked_sig = gost2001_do_sign(md, pkey->pkey.gost); - BN_free(md); - if (unpacked_sig == NULL) { - return 0; - } - switch (pctx->sig_format) { - case GOST_SIG_FORMAT_SR_BE: - ret = pack_signature_cp(unpacked_sig, size, sig, siglen); - break; - case GOST_SIG_FORMAT_RS_LE: - ret = pack_signature_le(unpacked_sig, size, sig, siglen); - break; - default: - ret = -1; - break; - } - if (ret <= 0) - ECDSA_SIG_free(unpacked_sig); - return ret; -} - -static int -pkey_gost01_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbs_len) -{ - int ok = 0; - EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx); - struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx); - ECDSA_SIG *s = NULL; - BIGNUM *md; - - if (pub_key == NULL) - return 0; - switch (pctx->sig_format) { - case GOST_SIG_FORMAT_SR_BE: - s = unpack_signature_cp(sig, siglen); - break; - case GOST_SIG_FORMAT_RS_LE: - s = unpack_signature_le(sig, siglen); - break; - } - if (s == NULL) - return 0; - md = GOST_le2bn(tbs, tbs_len, NULL); - if (md == NULL) - goto err; - ok = gost2001_do_verify(md, s, pub_key->pkey.gost); - -err: - BN_free(md); - ECDSA_SIG_free(s); - return ok; -} - -static int -gost01_VKO_key(EVP_PKEY *pub_key, EVP_PKEY *priv_key, const unsigned char *ukm, - unsigned char *key) -{ - unsigned char hashbuf[128]; - int digest_nid; - int ret = 0; - BN_CTX *ctx = BN_CTX_new(); - BIGNUM *UKM, *X, *Y; - - if (ctx == NULL) - return 0; - - BN_CTX_start(ctx); - if ((UKM = BN_CTX_get(ctx)) == NULL) - goto err; - if ((X = BN_CTX_get(ctx)) == NULL) - goto err; - if ((Y = BN_CTX_get(ctx)) == NULL) - goto err; - - GOST_le2bn(ukm, 8, UKM); - - digest_nid = GOST_KEY_get_digest(priv_key->pkey.gost); - if (VKO_compute_key(X, Y, pub_key->pkey.gost, priv_key->pkey.gost, - UKM) == 0) - goto err; - - switch (digest_nid) { - case NID_id_GostR3411_94_CryptoProParamSet: - GOST_bn2le(X, hashbuf, 32); - GOST_bn2le(Y, hashbuf + 32, 32); - GOSTR341194(hashbuf, 64, key, digest_nid); - ret = 1; - break; - case NID_id_tc26_gost3411_2012_256: - GOST_bn2le(X, hashbuf, 32); - GOST_bn2le(Y, hashbuf + 32, 32); - STREEBOG256(hashbuf, 64, key); - ret = 1; - break; - case NID_id_tc26_gost3411_2012_512: - GOST_bn2le(X, hashbuf, 64); - GOST_bn2le(Y, hashbuf + 64, 64); - STREEBOG256(hashbuf, 128, key); - ret = 1; - break; - default: - ret = -2; - break; - } -err: - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return ret; -} - -int -pkey_gost01_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len, - const unsigned char *in, size_t in_len) -{ - const unsigned char *p = in; - EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx); - GOST_KEY_TRANSPORT *gkt = NULL; - int ret = 0; - unsigned char wrappedKey[44]; - unsigned char sharedKey[32]; - EVP_PKEY *eph_key = NULL, *peerkey = NULL; - int nid; - - if (key == NULL) { - *key_len = 32; - return 1; - } - gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len); - if (gkt == NULL) { - GOSTerror(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO); - return -1; - } - - /* If key transport structure contains public key, use it */ - eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key); - if (eph_key != NULL) { - if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) { - GOSTerror(GOST_R_INCOMPATIBLE_PEER_KEY); - goto err; - } - } else { - /* Set control "public key from client certificate used" */ - if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, - NULL) <= 0) { - GOSTerror(GOST_R_CTRL_CALL_FAILED); - goto err; - } - } - peerkey = EVP_PKEY_CTX_get0_peerkey(pctx); - if (peerkey == NULL) { - GOSTerror(GOST_R_NO_PEER_KEY); - goto err; - } - - nid = OBJ_obj2nid(gkt->key_agreement_info->cipher); - - if (gkt->key_agreement_info->eph_iv->length != 8) { - GOSTerror(GOST_R_INVALID_IV_LENGTH); - goto err; - } - memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8); - if (gkt->key_info->encrypted_key->length != 32) { - GOSTerror(EVP_R_BAD_KEY_LENGTH); - goto err; - } - memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32); - if (gkt->key_info->imit->length != 4) { - GOSTerror(ERR_R_INTERNAL_ERROR); - goto err; - } - memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4); - if (gost01_VKO_key(peerkey, priv, wrappedKey, sharedKey) <= 0) - goto err; - if (gost_key_unwrap_crypto_pro(nid, sharedKey, wrappedKey, key) == 0) { - GOSTerror(GOST_R_ERROR_COMPUTING_SHARED_KEY); - goto err; - } - - ret = 1; -err: - EVP_PKEY_free(eph_key); - GOST_KEY_TRANSPORT_free(gkt); - return ret; -} - -int -pkey_gost01_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) -{ - /* - * Public key of peer in the ctx field peerkey - * Our private key in the ctx pkey - * ukm is in the algorithm specific context data - */ - EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx); - EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx); - struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); - - if (data->shared_ukm == NULL) { - GOSTerror(GOST_R_UKM_NOT_SET); - return 0; - } - - if (key == NULL) { - *keylen = 32; - return 32; - } - - if (gost01_VKO_key(peer_key, my_key, data->shared_ukm, key) <= 0) - return 0; - - *keylen = 32; - return 1; -} - -int -pkey_gost01_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len, - const unsigned char *key, size_t key_len) -{ - GOST_KEY_TRANSPORT *gkt = NULL; - EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx); - struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx); - unsigned char ukm[8], shared_key[32], crypted_key[44]; - int ret = 0; - int key_is_ephemeral; - EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx); - int nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; - - if (data->shared_ukm != NULL) { - memcpy(ukm, data->shared_ukm, 8); - } else /* if (out != NULL) */ { - arc4random_buf(ukm, 8); - } - /* Check for private key in the peer_key of context */ - if (sec_key) { - key_is_ephemeral = 0; - if (GOST_KEY_get0_private_key(sec_key->pkey.gost) == 0) { - GOSTerror(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR); - goto err; - } - } else { - key_is_ephemeral = 1; - if (out != NULL) { - GOST_KEY *tmp_key; - - sec_key = EVP_PKEY_new(); - if (sec_key == NULL) - goto err; - tmp_key = GOST_KEY_new(); - if (tmp_key == NULL) - goto err; - if (EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), - tmp_key) == 0) { - GOST_KEY_free(tmp_key); - goto err; - } - if (EVP_PKEY_copy_parameters(sec_key, pubk) == 0) - goto err; - if (gost2001_keygen(sec_key->pkey.gost) == 0) { - goto err; - } - } - } - - if (out != NULL) { - if (gost01_VKO_key(pubk, sec_key, ukm, shared_key) <= 0) - goto err; - gost_key_wrap_crypto_pro(nid, shared_key, ukm, key, - crypted_key); - } - gkt = GOST_KEY_TRANSPORT_new(); - if (gkt == NULL) - goto err; - if (ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8) == 0) - goto err; - if (ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, - 4) == 0) - goto err; - if (ASN1_OCTET_STRING_set(gkt->key_info->encrypted_key, crypted_key + 8, - 32) == 0) - goto err; - if (key_is_ephemeral) { - if (X509_PUBKEY_set(&gkt->key_agreement_info->ephem_key, - out != NULL ? sec_key : pubk) == 0) { - GOSTerror(GOST_R_CANNOT_PACK_EPHEMERAL_KEY); - goto err; - } - } - ASN1_OBJECT_free(gkt->key_agreement_info->cipher); - gkt->key_agreement_info->cipher = OBJ_nid2obj(nid); - if (key_is_ephemeral) - EVP_PKEY_free(sec_key); - else { - /* Set control "public key from client certificate used" */ - if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, - NULL) <= 0) { - GOSTerror(GOST_R_CTRL_CALL_FAILED); - goto err; - } - } - if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0) - ret = 1; - GOST_KEY_TRANSPORT_free(gkt); - return ret; - -err: - if (key_is_ephemeral) - EVP_PKEY_free(sec_key); - GOST_KEY_TRANSPORT_free(gkt); - return -1; -} - - -static int -pkey_gost01_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -{ - struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx); - - switch (type) { - case EVP_PKEY_CTRL_MD: - if (EVP_MD_type(p2) != - GostR3410_get_md_digest(pctx->digest_nid)) { - GOSTerror(GOST_R_INVALID_DIGEST_TYPE); - return 0; - } - pctx->md = p2; - return 1; - case EVP_PKEY_CTRL_PKCS7_ENCRYPT: - case EVP_PKEY_CTRL_PKCS7_DECRYPT: - case EVP_PKEY_CTRL_PKCS7_SIGN: - case EVP_PKEY_CTRL_DIGESTINIT: - return 1; - - case EVP_PKEY_CTRL_GOST_PARAMSET: - pctx->sign_param_nid = (int)p1; - return 1; - - case EVP_PKEY_CTRL_SET_IV: - { - char *ukm = malloc(p1); - - if (ukm == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(ukm, p2, p1); - free(pctx->shared_ukm); - pctx->shared_ukm = ukm; - return 1; - } - - case EVP_PKEY_CTRL_PEER_KEY: - if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */ - return 1; - if (p1 == 2) /* TLS: peer key used? */ - return pctx->peer_key_used; - if (p1 == 3) /* TLS: peer key used! */ - return (pctx->peer_key_used = 1); - return -2; - case EVP_PKEY_CTRL_GOST_SIG_FORMAT: - switch (p1) { - case GOST_SIG_FORMAT_SR_BE: - case GOST_SIG_FORMAT_RS_LE: - pctx->sig_format = p1; - return 1; - default: - return 0; - } - break; - case EVP_PKEY_CTRL_GOST_SET_DIGEST: - pctx->digest_nid = (int)p1; - return 1; - case EVP_PKEY_CTRL_GOST_GET_DIGEST: - *(int *)p2 = pctx->digest_nid; - return 1; - default: - return -2; - } -} - -static int -pkey_gost01_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) -{ - int param_nid = NID_undef; - int digest_nid = NID_undef; - - if (strcmp(type, "paramset") == 0) { - if (value == NULL) - return 0; - if (pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_GET_DIGEST, 0, - &digest_nid) == 0) - return 0; - if (digest_nid == NID_id_tc26_gost3411_2012_512) - param_nid = GostR3410_512_param_id(value); - else - param_nid = GostR3410_256_param_id(value); - if (param_nid == NID_undef) - param_nid = OBJ_txt2nid(value); - if (param_nid == NID_undef) - return 0; - - return pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, - param_nid, NULL); - } - if (strcmp(type, "dgst") == 0) { - if (value == NULL) - return 0; - else if (strcmp(value, "gost94") == 0 || - strcmp(value, "md_gost94") == 0) - digest_nid = NID_id_GostR3411_94_CryptoProParamSet; - else if (strcmp(value, "streebog256") == 0) - digest_nid = NID_id_tc26_gost3411_2012_256; - else if (strcmp(value, "streebog512") == 0) - digest_nid = NID_id_tc26_gost3411_2012_512; - - if (digest_nid == NID_undef) - return 0; - - return pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_SET_DIGEST, - digest_nid, NULL); - } - return -2; -} - -const EVP_PKEY_METHOD gostr01_pkey_meth = { - .pkey_id = EVP_PKEY_GOSTR01, - - .init = pkey_gost01_init, - .copy = pkey_gost01_copy, - .cleanup = pkey_gost01_cleanup, - - .paramgen = pkey_gost01_paramgen, - .keygen = pkey_gost01_keygen, - .sign = pkey_gost01_sign, - .verify = pkey_gost01_verify, - - .encrypt = pkey_gost01_encrypt, - .decrypt = pkey_gost01_decrypt, - .derive = pkey_gost01_derive, - - .ctrl = pkey_gost01_ctrl, - .ctrl_str = pkey_gost01_ctrl_str, -}; -#endif diff --git a/lib/libcrypto/gost/gostr341194.c b/lib/libcrypto/gost/gostr341194.c deleted file mode 100644 index 311c304539d..00000000000 --- a/lib/libcrypto/gost/gostr341194.c +++ /dev/null @@ -1,278 +0,0 @@ -/* $OpenBSD: gostr341194.c,v 1.7 2023/07/08 14:30:44 beck Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include - -#include "gost_local.h" - -/* Following functions are various bit meshing routines used in - * GOST R 34.11-94 algorithms */ -static void -swap_bytes(unsigned char *w, unsigned char *k) -{ - int i, j; - - for (i = 0; i < 4; i++) - for (j = 0; j < 8; j++) - k[i + 4 * j] = w[8 * i + j]; -} - -/* was A_A */ -static void -circle_xor8(const unsigned char *w, unsigned char *k) -{ - unsigned char buf[8]; - int i; - - memcpy(buf, w, 8); - memmove(k, w + 8, 24); - for (i = 0; i < 8; i++) - k[i + 24] = buf[i] ^ k[i]; -} - -/* was R_R */ -static void -transform_3(unsigned char *data) -{ - unsigned short int acc; - - acc = (data[0] ^ data[2] ^ data[4] ^ data[6] ^ data[24] ^ data[30]) | - ((data[1] ^ data[3] ^ data[5] ^ data[7] ^ data[25] ^ data[31]) << 8); - memmove(data, data + 2, 30); - data[30] = acc & 0xff; - data[31] = acc >> 8; -} - -/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/ -static int -add_blocks(int n, unsigned char *left, const unsigned char *right) -{ - int i; - int carry = 0; - int sum; - - for (i = 0; i < n; i++) { - sum = (int)left[i] + (int)right[i] + carry; - left[i] = sum & 0xff; - carry = sum >> 8; - } - return carry; -} - -/* Xor two sequences of bytes */ -static void -xor_blocks(unsigned char *result, const unsigned char *a, - const unsigned char *b, size_t len) -{ - size_t i; - - for (i = 0; i < len; i++) - result[i] = a[i] ^ b[i]; -} - -/* - * Calculate H(i+1) = Hash(Hi,Mi) - * Where H and M are 32 bytes long - */ -static int -hash_step(GOSTR341194_CTX *c, unsigned char *H, const unsigned char *M) -{ - unsigned char U[32], W[32], V[32], S[32], Key[32]; - int i; - - /* Compute first key */ - xor_blocks(W, H, M, 32); - swap_bytes(W, Key); - /* Encrypt first 8 bytes of H with first key */ - Gost2814789_set_key(&c->cipher, Key, 256); - Gost2814789_encrypt(H, S, &c->cipher); - - /* Compute second key */ - circle_xor8(H, U); - circle_xor8(M, V); - circle_xor8(V, V); - xor_blocks(W, U, V, 32); - swap_bytes(W, Key); - /* encrypt second 8 bytes of H with second key */ - Gost2814789_set_key(&c->cipher, Key, 256); - Gost2814789_encrypt(H+8, S+8, &c->cipher); - - /* compute third key */ - circle_xor8(U, U); - U[31] = ~U[31]; - U[29] = ~U[29]; - U[28] = ~U[28]; - U[24] = ~U[24]; - U[23] = ~U[23]; - U[20] = ~U[20]; - U[18] = ~U[18]; - U[17] = ~U[17]; - U[14] = ~U[14]; - U[12] = ~U[12]; - U[10] = ~U[10]; - U[8] = ~U[8]; - U[7] = ~U[7]; - U[5] = ~U[5]; - U[3] = ~U[3]; - U[1] = ~U[1]; - circle_xor8(V, V); - circle_xor8(V, V); - xor_blocks(W, U, V, 32); - swap_bytes(W, Key); - /* encrypt third 8 bytes of H with third key */ - Gost2814789_set_key(&c->cipher, Key, 256); - Gost2814789_encrypt(H+16, S+16, &c->cipher); - - /* Compute fourth key */ - circle_xor8(U, U); - circle_xor8(V, V); - circle_xor8(V, V); - xor_blocks(W, U, V, 32); - swap_bytes(W, Key); - /* Encrypt last 8 bytes with fourth key */ - Gost2814789_set_key(&c->cipher, Key, 256); - Gost2814789_encrypt(H+24, S+24, &c->cipher); - - for (i = 0; i < 12; i++) - transform_3(S); - xor_blocks(S, S, M, 32); - transform_3(S); - xor_blocks(S, S, H, 32); - for (i = 0; i < 61; i++) - transform_3(S); - memcpy(H, S, 32); - return 1; -} - -int -GOSTR341194_Init(GOSTR341194_CTX *c, int nid) -{ - memset(c, 0, sizeof(*c)); - return Gost2814789_set_sbox(&c->cipher, nid); -} -LCRYPTO_ALIAS(GOSTR341194_Init); - -static void -GOSTR341194_block_data_order(GOSTR341194_CTX *ctx, const unsigned char *p, - size_t num) -{ - int i; - - for (i = 0; i < num; i++) { - hash_step(ctx, ctx->H, p); - add_blocks(32, ctx->S, p); - p += 32; - } -} - -#define DATA_ORDER_IS_LITTLE_ENDIAN - -#define HASH_CBLOCK GOSTR341194_CBLOCK -#define HASH_LONG GOSTR341194_LONG -#define HASH_CTX GOSTR341194_CTX -#define HASH_UPDATE GOSTR341194_Update -#define HASH_TRANSFORM GOSTR341194_Transform -#define HASH_NO_FINAL 1 -#define HASH_BLOCK_DATA_ORDER GOSTR341194_block_data_order - -#include "md32_common.h" -LCRYPTO_ALIAS(GOSTR341194_Update); -LCRYPTO_ALIAS(GOSTR341194_Transform); - -int -GOSTR341194_Final(unsigned char *md, GOSTR341194_CTX * c) -{ - unsigned char *p = (unsigned char *)c->data; - unsigned char T[32]; - - if (c->num > 0) { - memset(p + c->num, 0, 32 - c->num); - hash_step(c, c->H, p); - add_blocks(32, c->S, p); - } - - p = T; - HOST_l2c(c->Nl, p); - HOST_l2c(c->Nh, p); - memset(p, 0, 32 - 8); - hash_step(c, c->H, T); - hash_step(c, c->H, c->S); - - memcpy(md, c->H, 32); - - return 1; -} -LCRYPTO_ALIAS(GOSTR341194_Final); - -unsigned char * -GOSTR341194(const unsigned char *d, size_t n, unsigned char *md, int nid) -{ - GOSTR341194_CTX c; - static unsigned char m[GOSTR341194_LENGTH]; - - if (md == NULL) - md = m; - if (!GOSTR341194_Init(&c, nid)) - return 0; - GOSTR341194_Update(&c, d, n); - GOSTR341194_Final(md, &c); - explicit_bzero(&c, sizeof(c)); - return (md); -} -LCRYPTO_ALIAS(GOSTR341194); -#endif diff --git a/lib/libcrypto/gost/streebog.c b/lib/libcrypto/gost/streebog.c deleted file mode 100644 index 60c575794cb..00000000000 --- a/lib/libcrypto/gost/streebog.c +++ /dev/null @@ -1,1487 +0,0 @@ -/* $OpenBSD: streebog.c,v 1.9 2023/07/08 14:30:44 beck Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include - -#include "gost_local.h" - -static const STREEBOG_LONG64 A_PI_table[8][256] = { - { /* 0 */ - U64(0xd01f715b5c7ef8e6), U64(0x16fa240980778325), - U64(0xa8a42e857ee049c8), U64(0x6ac1068fa186465b), - U64(0x6e417bd7a2e9320b), U64(0x665c8167a437daab), - U64(0x7666681aa89617f6), U64(0x4b959163700bdcf5), - U64(0xf14be6b78df36248), U64(0xc585bd689a625cff), - U64(0x9557d7fca67d82cb), U64(0x89f0b969af6dd366), - U64(0xb0833d48749f6c35), U64(0xa1998c23b1ecbc7c), - U64(0x8d70c431ac02a736), U64(0xd6dfbc2fd0a8b69e), - U64(0x37aeb3e551fa198b), U64(0x0b7d128a40b5cf9c), - U64(0x5a8f2008b5780cbc), U64(0xedec882284e333e5), - U64(0xd25fc177d3c7c2ce), U64(0x5e0f5d50b61778ec), - U64(0x1d873683c0c24cb9), U64(0xad040bcbb45d208c), - U64(0x2f89a0285b853c76), U64(0x5732fff6791b8d58), - U64(0x3e9311439ef6ec3f), U64(0xc9183a809fd3c00f), - U64(0x83adf3f5260a01ee), U64(0xa6791941f4e8ef10), - U64(0x103ae97d0ca1cd5d), U64(0x2ce948121dee1b4a), - U64(0x39738421dbf2bf53), U64(0x093da2a6cf0cf5b4), - U64(0xcd9847d89cbcb45f), U64(0xf9561c078b2d8ae8), - U64(0x9c6a755a6971777f), U64(0xbc1ebaa0712ef0c5), - U64(0x72e61542abf963a6), U64(0x78bb5fde229eb12e), - U64(0x14ba94250fceb90d), U64(0x844d6697630e5282), - U64(0x98ea08026a1e032f), U64(0xf06bbea144217f5c), - U64(0xdb6263d11ccb377a), U64(0x641c314b2b8ee083), - U64(0x320e96ab9b4770cf), U64(0x1ee7deb986a96b85), - U64(0xe96cf57a878c47b5), U64(0xfdd6615f8842feb8), - U64(0xc83862965601dd1b), U64(0x2ea9f83e92572162), - U64(0xf876441142ff97fc), U64(0xeb2c455608357d9d), - U64(0x5612a7e0b0c9904c), U64(0x6c01cbfb2d500823), - U64(0x4548a6a7fa037a2d), U64(0xabc4c6bf388b6ef4), - U64(0xbade77d4fdf8bebd), U64(0x799b07c8eb4cac3a), - U64(0x0c9d87e805b19cf0), U64(0xcb588aac106afa27), - U64(0xea0c1d40c1e76089), U64(0x2869354a1e816f1a), - U64(0xff96d17307fbc490), U64(0x9f0a9d602f1a5043), - U64(0x96373fc6e016a5f7), U64(0x5292dab8b3a6e41c), - U64(0x9b8ae0382c752413), U64(0x4f15ec3b7364a8a5), - U64(0x3fb349555724f12b), U64(0xc7c50d4415db66d7), - U64(0x92b7429ee379d1a7), U64(0xd37f99611a15dfda), - U64(0x231427c05e34a086), U64(0xa439a96d7b51d538), - U64(0xb403401077f01865), U64(0xdda2aea5901d7902), - U64(0x0a5d4a9c8967d288), U64(0xc265280adf660f93), - U64(0x8bb0094520d4e94e), U64(0x2a29856691385532), - U64(0x42a833c5bf072941), U64(0x73c64d54622b7eb2), - U64(0x07e095624504536c), U64(0x8a905153e906f45a), - U64(0x6f6123c16b3b2f1f), U64(0xc6e55552dc097bc3), - U64(0x4468feb133d16739), U64(0xe211e7f0c7398829), - U64(0xa2f96419f7879b40), U64(0x19074bdbc3ad38e9), - U64(0xf4ebc3f9474e0b0c), U64(0x43886bd376d53455), - U64(0xd8028beb5aa01046), U64(0x51f23282f5cdc320), - U64(0xe7b1c2be0d84e16d), U64(0x081dfab006dee8a0), - U64(0x3b33340d544b857b), U64(0x7f5bcabc679ae242), - U64(0x0edd37c48a08a6d8), U64(0x81ed43d9a9b33bc6), - U64(0xb1a3655ebd4d7121), U64(0x69a1eeb5e7ed6167), - U64(0xf6ab73d5c8f73124), U64(0x1a67a3e185c61fd5), - U64(0x2dc91004d43c065e), U64(0x0240b02c8fb93a28), - U64(0x90f7f2b26cc0eb8f), U64(0x3cd3a16f114fd617), - U64(0xaae49ea9f15973e0), U64(0x06c0cd748cd64e78), - U64(0xda423bc7d5192a6e), U64(0xc345701c16b41287), - U64(0x6d2193ede4821537), U64(0xfcf639494190e3ac), - U64(0x7c3b228621f1c57e), U64(0xfb16ac2b0494b0c0), - U64(0xbf7e529a3745d7f9), U64(0x6881b6a32e3f7c73), - U64(0xca78d2bad9b8e733), U64(0xbbfe2fc2342aa3a9), - U64(0x0dbddffecc6381e4), U64(0x70a6a56e2440598e), - U64(0xe4d12a844befc651), U64(0x8c509c2765d0ba22), - U64(0xee8c6018c28814d9), U64(0x17da7c1f49a59e31), - U64(0x609c4c1328e194d3), U64(0xb3e3d57232f44b09), - U64(0x91d7aaa4a512f69b), U64(0x0ffd6fd243dabbcc), - U64(0x50d26a943c1fde34), U64(0x6be15e9968545b4f), - U64(0x94778fea6faf9fdf), U64(0x2b09dd7058ea4826), - U64(0x677cd9716de5c7bf), U64(0x49d5214fffb2e6dd), - U64(0x0360e83a466b273c), U64(0x1fc786af4f7b7691), - U64(0xa0b9d435783ea168), U64(0xd49f0c035f118cb6), - U64(0x01205816c9d21d14), U64(0xac2453dd7d8f3d98), - U64(0x545217cc3f70aa64), U64(0x26b4028e9489c9c2), - U64(0xdec2469fd6765e3e), U64(0x04807d58036f7450), - U64(0xe5f17292823ddb45), U64(0xf30b569b024a5860), - U64(0x62dcfc3fa758aefb), U64(0xe84cad6c4e5e5aa1), - U64(0xccb81fce556ea94b), U64(0x53b282ae7a74f908), - U64(0x1b47fbf74c1402c1), U64(0x368eebf39828049f), - U64(0x7afbeff2ad278b06), U64(0xbe5e0a8cfe97caed), - U64(0xcfd8f7f413058e77), U64(0xf78b2bc301252c30), - U64(0x4d555c17fcdd928d), U64(0x5f2f05467fc565f8), - U64(0x24f4b2a21b30f3ea), U64(0x860dd6bbecb768aa), - U64(0x4c750401350f8f99), U64(0x0000000000000000), - U64(0xecccd0344d312ef1), U64(0xb5231806be220571), - U64(0xc105c030990d28af), U64(0x653c695de25cfd97), - U64(0x159acc33c61ca419), U64(0xb89ec7f872418495), - U64(0xa9847693b73254dc), U64(0x58cf90243ac13694), - U64(0x59efc832f3132b80), U64(0x5c4fed7c39ae42c4), - U64(0x828dabe3efd81cfa), U64(0xd13f294d95ace5f2), - U64(0x7d1b7a90e823d86a), U64(0xb643f03cf849224d), - U64(0x3df3f979d89dcb03), U64(0x7426d836272f2dde), - U64(0xdfe21e891fa4432a), U64(0x3a136c1b9d99986f), - U64(0xfa36f43dcd46add4), U64(0xc025982650df35bb), - U64(0x856d3e81aadc4f96), U64(0xc4a5e57e53b041eb), - U64(0x4708168b75ba4005), U64(0xaf44bbe73be41aa4), - U64(0x971767d029c4b8e3), U64(0xb9be9feebb939981), - U64(0x215497ecd18d9aae), U64(0x316e7e91dd2c57f3), - U64(0xcef8afe2dad79363), U64(0x3853dc371220a247), - U64(0x35ee03c9de4323a3), U64(0xe6919aa8c456fc79), - U64(0xe05157dc4880b201), U64(0x7bdbb7e464f59612), - U64(0x127a59518318f775), U64(0x332ecebd52956ddb), - U64(0x8f30741d23bb9d1e), U64(0xd922d3fd93720d52), - U64(0x7746300c61440ae2), U64(0x25d4eab4d2e2eefe), - U64(0x75068020eefd30ca), U64(0x135a01474acaea61), - U64(0x304e268714fe4ae7), U64(0xa519f17bb283c82c), - U64(0xdc82f6b359cf6416), U64(0x5baf781e7caa11a8), - U64(0xb2c38d64fb26561d), U64(0x34ce5bdf17913eb7), - U64(0x5d6fb56af07c5fd0), U64(0x182713cd0a7f25fd), - U64(0x9e2ac576e6c84d57), U64(0x9aaab82ee5a73907), - U64(0xa3d93c0f3e558654), U64(0x7e7b92aaae48ff56), - U64(0x872d8ead256575be), U64(0x41c8dbfff96c0e7d), - U64(0x99ca5014a3cc1e3b), U64(0x40e883e930be1369), - U64(0x1ca76e95091051ad), U64(0x4e35b42dbab6b5b1), - U64(0x05a0254ecabd6944), U64(0xe1710fca8152af15), - U64(0xf22b0e8dcb984574), U64(0xb763a82a319b3f59), - U64(0x63fca4296e8ab3ef), U64(0x9d4a2d4ca0a36a6b), - U64(0xe331bfe60eeb953d), U64(0xd5bf541596c391a2), - U64(0xf5cb9bef8e9c1618), U64(0x46284e9dbc685d11), - U64(0x2074cffa185f87ba), U64(0xbd3ee2b6b8fcedd1), - U64(0xae64e3f1f23607b0), U64(0xfeb68965ce29d984), - U64(0x55724fdaf6a2b770), U64(0x29496d5cd753720e), - U64(0xa75941573d3af204), U64(0x8e102c0bea69800a), - U64(0x111ab16bc573d049), U64(0xd7ffe439197aab8a), - U64(0xefac380e0b5a09cd), U64(0x48f579593660fbc9), - U64(0x22347fd697e6bd92), U64(0x61bc1405e13389c7), - U64(0x4ab5c975b9d9c1e1), U64(0x80cd1bcf606126d2), - U64(0x7186fd78ed92449a), U64(0x93971a882aabccb3), - U64(0x88d0e17f66bfce72), U64(0x27945a985d5bd4d6) - }, { /* 1 */ - U64(0xde553f8c05a811c8), U64(0x1906b59631b4f565), - U64(0x436e70d6b1964ff7), U64(0x36d343cb8b1e9d85), - U64(0x843dfacc858aab5a), U64(0xfdfc95c299bfc7f9), - U64(0x0f634bdea1d51fa2), U64(0x6d458b3b76efb3cd), - U64(0x85c3f77cf8593f80), U64(0x3c91315fbe737cb2), - U64(0x2148b03366ace398), U64(0x18f8b8264c6761bf), - U64(0xc830c1c495c9fb0f), U64(0x981a76102086a0aa), - U64(0xaa16012142f35760), U64(0x35cc54060c763cf6), - U64(0x42907d66cc45db2d), U64(0x8203d44b965af4bc), - U64(0x3d6f3cefc3a0e868), U64(0xbc73ff69d292bda7), - U64(0x8722ed0102e20a29), U64(0x8f8185e8cd34deb7), - U64(0x9b0561dda7ee01d9), U64(0x5335a0193227fad6), - U64(0xc9cecc74e81a6fd5), U64(0x54f5832e5c2431ea), - U64(0x99e47ba05d553470), U64(0xf7bee756acd226ce), - U64(0x384e05a5571816fd), U64(0xd1367452a47d0e6a), - U64(0xf29fde1c386ad85b), U64(0x320c77316275f7ca), - U64(0xd0c879e2d9ae9ab0), U64(0xdb7406c69110ef5d), - U64(0x45505e51a2461011), U64(0xfc029872e46c5323), - U64(0xfa3cb6f5f7bc0cc5), U64(0x031f17cd8768a173), - U64(0xbd8df2d9af41297d), U64(0x9d3b4f5ab43e5e3f), - U64(0x4071671b36feee84), U64(0x716207e7d3e3b83d), - U64(0x48d20ff2f9283a1a), U64(0x27769eb4757cbc7e), - U64(0x5c56ebc793f2e574), U64(0xa48b474f9ef5dc18), - U64(0x52cbada94ff46e0c), U64(0x60c7da982d8199c6), - U64(0x0e9d466edc068b78), U64(0x4eec2175eaf865fc), - U64(0x550b8e9e21f7a530), U64(0x6b7ba5bc653fec2b), - U64(0x5eb7f1ba6949d0dd), U64(0x57ea94e3db4c9099), - U64(0xf640eae6d101b214), U64(0xdd4a284182c0b0bb), - U64(0xff1d8fbf6304f250), U64(0xb8accb933bf9d7e8), - U64(0xe8867c478eb68c4d), U64(0x3f8e2692391bddc1), - U64(0xcb2fd60912a15a7c), U64(0xaec935dbab983d2f), - U64(0xf55ffd2b56691367), U64(0x80e2ce366ce1c115), - U64(0x179bf3f8edb27e1d), U64(0x01fe0db07dd394da), - U64(0xda8a0b76ecc37b87), U64(0x44ae53e1df9584cb), - U64(0xb310b4b77347a205), U64(0xdfab323c787b8512), - U64(0x3b511268d070b78e), U64(0x65e6e3d2b9396753), - U64(0x6864b271e2574d58), U64(0x259784c98fc789d7), - U64(0x02e11a7dfabb35a9), U64(0x8841a6dfa337158b), - U64(0x7ade78c39b5dcdd0), U64(0xb7cf804d9a2cc84a), - U64(0x20b6bd831b7f7742), U64(0x75bd331d3a88d272), - U64(0x418f6aab4b2d7a5e), U64(0xd9951cbb6babdaf4), - U64(0xb6318dfde7ff5c90), U64(0x1f389b112264aa83), - U64(0x492c024284fbaec0), U64(0xe33a0363c608f9a0), - U64(0x2688930408af28a4), U64(0xc7538a1a341ce4ad), - U64(0x5da8e677ee2171ae), U64(0x8c9e92254a5c7fc4), - U64(0x63d8cd55aae938b5), U64(0x29ebd8daa97a3706), - U64(0x959827b37be88aa1), U64(0x1484e4356adadf6e), - U64(0xa7945082199d7d6b), U64(0xbf6ce8a455fa1cd4), - U64(0x9cc542eac9edcae5), U64(0x79c16f0e1c356ca3), - U64(0x89bfab6fdee48151), U64(0xd4174d1830c5f0ff), - U64(0x9258048415eb419d), U64(0x6139d72850520d1c), - U64(0x6a85a80c18ec78f1), U64(0xcd11f88e0171059a), - U64(0xcceff53e7ca29140), U64(0xd229639f2315af19), - U64(0x90b91ef9ef507434), U64(0x5977d28d074a1be1), - U64(0x311360fce51d56b9), U64(0xc093a92d5a1f2f91), - U64(0x1a19a25bb6dc5416), U64(0xeb996b8a09de2d3e), - U64(0xfee3820f1ed7668a), U64(0xd7085ad5b7ad518c), - U64(0x7fff41890fe53345), U64(0xec5948bd67dde602), - U64(0x2fd5f65dbaaa68e0), U64(0xa5754affe32648c2), - U64(0xf8ddac880d07396c), U64(0x6fa491468c548664), - U64(0x0c7c5c1326bdbed1), U64(0x4a33158f03930fb3), - U64(0x699abfc19f84d982), U64(0xe4fa2054a80b329c), - U64(0x6707f9af438252fa), U64(0x08a368e9cfd6d49e), - U64(0x47b1442c58fd25b8), U64(0xbbb3dc5ebc91769b), - U64(0x1665fe489061eac7), U64(0x33f27a811fa66310), - U64(0x93a609346838d547), U64(0x30ed6d4c98cec263), - U64(0x1dd9816cd8df9f2a), U64(0x94662a03063b1e7b), - U64(0x83fdd9fbeb896066), U64(0x7b207573e68e590a), - U64(0x5f49fc0a149a4407), U64(0x343259b671a5a82c), - U64(0xfbc2bb458a6f981f), U64(0xc272b350a0a41a38), - U64(0x3aaf1fd8ada32354), U64(0x6cbb868b0b3c2717), - U64(0xa2b569c88d2583fe), U64(0xf180c9d1bf027928), - U64(0xaf37386bd64ba9f5), U64(0x12bacab2790a8088), - U64(0x4c0d3b0810435055), U64(0xb2eeb9070e9436df), - U64(0xc5b29067cea7d104), U64(0xdcb425f1ff132461), - U64(0x4f122cc5972bf126), U64(0xac282fa651230886), - U64(0xe7e537992f6393ef), U64(0xe61b3a2952b00735), - U64(0x709c0a57ae302ce7), U64(0xe02514ae416058d3), - U64(0xc44c9dd7b37445de), U64(0x5a68c5408022ba92), - U64(0x1c278cdca50c0bf0), U64(0x6e5a9cf6f18712be), - U64(0x86dce0b17f319ef3), U64(0x2d34ec2040115d49), - U64(0x4bcd183f7e409b69), U64(0x2815d56ad4a9a3dc), - U64(0x24698979f2141d0d), U64(0x0000000000000000), - U64(0x1ec696a15fb73e59), U64(0xd86b110b16784e2e), - U64(0x8e7f8858b0e74a6d), U64(0x063e2e8713d05fe6), - U64(0xe2c40ed3bbdb6d7a), U64(0xb1f1aeca89fc97ac), - U64(0xe1db191e3cb3cc09), U64(0x6418ee62c4eaf389), - U64(0xc6ad87aa49cf7077), U64(0xd6f65765ca7ec556), - U64(0x9afb6c6dda3d9503), U64(0x7ce05644888d9236), - U64(0x8d609f95378feb1e), U64(0x23a9aa4e9c17d631), - U64(0x6226c0e5d73aac6f), U64(0x56149953a69f0443), - U64(0xeeb852c09d66d3ab), U64(0x2b0ac2a753c102af), - U64(0x07c023376e03cb3c), U64(0x2ccae1903dc2c993), - U64(0xd3d76e2f5ec63bc3), U64(0x9e2458973356ff4c), - U64(0xa66a5d32644ee9b1), U64(0x0a427294356de137), - U64(0x783f62be61e6f879), U64(0x1344c70204d91452), - U64(0x5b96c8f0fdf12e48), U64(0xa90916ecc59bf613), - U64(0xbe92e5142829880e), U64(0x727d102a548b194e), - U64(0x1be7afebcb0fc0cc), U64(0x3e702b2244c8491b), - U64(0xd5e940a84d166425), U64(0x66f9f41f3e51c620), - U64(0xabe80c913f20c3ba), U64(0xf07ec461c2d1edf2), - U64(0xf361d3ac45b94c81), U64(0x0521394a94b8fe95), - U64(0xadd622162cf09c5c), U64(0xe97871f7f3651897), - U64(0xf4a1f09b2bba87bd), U64(0x095d6559b2054044), - U64(0x0bbc7f2448be75ed), U64(0x2af4cf172e129675), - U64(0x157ae98517094bb4), U64(0x9fda55274e856b96), - U64(0x914713499283e0ee), U64(0xb952c623462a4332), - U64(0x74433ead475b46a8), U64(0x8b5eb112245fb4f8), - U64(0xa34b6478f0f61724), U64(0x11a5dd7ffe6221fb), - U64(0xc16da49d27ccbb4b), U64(0x76a224d0bde07301), - U64(0x8aa0bca2598c2022), U64(0x4df336b86d90c48f), - U64(0xea67663a740db9e4), U64(0xef465f70e0b54771), - U64(0x39b008152acb8227), U64(0x7d1e5bf4f55e06ec), - U64(0x105bd0cf83b1b521), U64(0x775c2960c033e7db), - U64(0x7e014c397236a79f), U64(0x811cc386113255cf), - U64(0xeda7450d1a0e72d8), U64(0x5889df3d7a998f3b), - U64(0x2e2bfbedc779fc3a), U64(0xce0eef438619a4e9), - U64(0x372d4e7bf6cd095f), U64(0x04df34fae96b6a4f), - U64(0xf923a13870d4adb6), U64(0xa1aa7e050a4d228d), - U64(0xa8f71b5cb84862c9), U64(0xb52e9a306097fde3), - U64(0x0d8251a35b6e2a0b), U64(0x2257a7fee1c442eb), - U64(0x73831d9a29588d94), U64(0x51d4ba64c89ccf7f), - U64(0x502ab7d4b54f5ba5), U64(0x97793dce8153bf08), - U64(0xe5042de4d5d8a646), U64(0x9687307efc802bd2), - U64(0xa05473b5779eb657), U64(0xb4d097801d446939), - U64(0xcff0e2f3fbca3033), U64(0xc38cbee0dd778ee2), - U64(0x464f499c252eb162), U64(0xcad1dbb96f72cea6), - U64(0xba4dd1eec142e241), U64(0xb00fa37af42f0376) - }, { /* 2 */ - U64(0xcce4cd3aa968b245), U64(0x089d5484e80b7faf), - U64(0x638246c1b3548304), U64(0xd2fe0ec8c2355492), - U64(0xa7fbdf7ff2374eee), U64(0x4df1600c92337a16), - U64(0x84e503ea523b12fb), U64(0x0790bbfd53ab0c4a), - U64(0x198a780f38f6ea9d), U64(0x2ab30c8f55ec48cb), - U64(0xe0f7fed6b2c49db5), U64(0xb6ecf3f422cadbdc), - U64(0x409c9a541358df11), U64(0xd3ce8a56dfde3fe3), - U64(0xc3e9224312c8c1a0), U64(0x0d6dfa58816ba507), - U64(0xddf3e1b179952777), U64(0x04c02a42748bb1d9), - U64(0x94c2abff9f2decb8), U64(0x4f91752da8f8acf4), - U64(0x78682befb169bf7b), U64(0xe1c77a48af2ff6c4), - U64(0x0c5d7ec69c80ce76), U64(0x4cc1e4928fd81167), - U64(0xfeed3d24d9997b62), U64(0x518bb6dfc3a54a23), - U64(0x6dbf2d26151f9b90), U64(0xb5bc624b05ea664f), - U64(0xe86aaa525acfe21a), U64(0x4801ced0fb53a0be), - U64(0xc91463e6c00868ed), U64(0x1027a815cd16fe43), - U64(0xf67069a0319204cd), U64(0xb04ccc976c8abce7), - U64(0xc0b9b3fc35e87c33), U64(0xf380c77c58f2de65), - U64(0x50bb3241de4e2152), U64(0xdf93f490435ef195), - U64(0xf1e0d25d62390887), U64(0xaf668bfb1a3c3141), - U64(0xbc11b251f00a7291), U64(0x73a5eed47e427d47), - U64(0x25bee3f6ee4c3b2e), U64(0x43cc0beb34786282), - U64(0xc824e778dde3039c), U64(0xf97d86d98a327728), - U64(0xf2b043e24519b514), U64(0xe297ebf7880f4b57), - U64(0x3a94a49a98fab688), U64(0x868516cb68f0c419), - U64(0xeffa11af0964ee50), U64(0xa4ab4ec0d517f37d), - U64(0xa9c6b498547c567a), U64(0x8e18424f80fbbbb6), - U64(0x0bcdc53bcf2bc23c), U64(0x137739aaea3643d0), - U64(0x2c1333ec1bac2ff0), U64(0x8d48d3f0a7db0625), - U64(0x1e1ac3f26b5de6d7), U64(0xf520f81f16b2b95e), - U64(0x9f0f6ec450062e84), U64(0x0130849e1deb6b71), - U64(0xd45e31ab8c7533a9), U64(0x652279a2fd14e43f), - U64(0x3209f01e70f1c927), U64(0xbe71a770cac1a473), - U64(0x0e3d6be7a64b1894), U64(0x7ec8148cff29d840), - U64(0xcb7476c7fac3be0f), U64(0x72956a4a63a91636), - U64(0x37f95ec21991138f), U64(0x9e3fea5a4ded45f5), - U64(0x7b38ba50964902e8), U64(0x222e580bbde73764), - U64(0x61e253e0899f55e6), U64(0xfc8d2805e352ad80), - U64(0x35994be3235ac56d), U64(0x09add01af5e014de), - U64(0x5e8659a6780539c6), U64(0xb17c48097161d796), - U64(0x026015213acbd6e2), U64(0xd1ae9f77e515e901), - U64(0xb7dc776a3f21b0ad), U64(0xaba6a1b96eb78098), - U64(0x9bcf4486248d9f5d), U64(0x582666c536455efd), - U64(0xfdbdac9bfeb9c6f1), U64(0xc47999be4163cdea), - U64(0x765540081722a7ef), U64(0x3e548ed8ec710751), - U64(0x3d041f67cb51bac2), U64(0x7958af71ac82d40a), - U64(0x36c9da5c047a78fe), U64(0xed9a048e33af38b2), - U64(0x26ee7249c96c86bd), U64(0x900281bdeba65d61), - U64(0x11172c8bd0fd9532), U64(0xea0abf73600434f8), - U64(0x42fc8f75299309f3), U64(0x34a9cf7d3eb1ae1c), - U64(0x2b838811480723ba), U64(0x5ce64c8742ceef24), - U64(0x1adae9b01fd6570e), U64(0x3c349bf9d6bad1b3), - U64(0x82453c891c7b75c0), U64(0x97923a40b80d512b), - U64(0x4a61dbf1c198765c), U64(0xb48ce6d518010d3e), - U64(0xcfb45c858e480fd6), U64(0xd933cbf30d1e96ae), - U64(0xd70ea014ab558e3a), U64(0xc189376228031742), - U64(0x9262949cd16d8b83), U64(0xeb3a3bed7def5f89), - U64(0x49314a4ee6b8cbcf), U64(0xdcc3652f647e4c06), - U64(0xda635a4c2a3e2b3d), U64(0x470c21a940f3d35b), - U64(0x315961a157d174b4), U64(0x6672e81dda3459ac), - U64(0x5b76f77a1165e36e), U64(0x445cb01667d36ec8), - U64(0xc5491d205c88a69b), U64(0x456c34887a3805b9), - U64(0xffddb9bac4721013), U64(0x99af51a71e4649bf), - U64(0xa15be01cbc7729d5), U64(0x52db2760e485f7b0), - U64(0x8c78576eba306d54), U64(0xae560f6507d75a30), - U64(0x95f22f6182c687c9), U64(0x71c5fbf54489aba5), - U64(0xca44f259e728d57e), U64(0x88b87d2ccebbdc8d), - U64(0xbab18d32be4a15aa), U64(0x8be8ec93e99b611e), - U64(0x17b713e89ebdf209), U64(0xb31c5d284baa0174), - U64(0xeeca9531148f8521), U64(0xb8d198138481c348), - U64(0x8988f9b2d350b7fc), U64(0xb9e11c8d996aa839), - U64(0x5a4673e40c8e881f), U64(0x1687977683569978), - U64(0xbf4123eed72acf02), U64(0x4ea1f1b3b513c785), - U64(0xe767452be16f91ff), U64(0x7505d1b730021a7c), - U64(0xa59bca5ec8fc980c), U64(0xad069eda20f7e7a3), - U64(0x38f4b1bba231606a), U64(0x60d2d77e94743e97), - U64(0x9affc0183966f42c), U64(0x248e6768f3a7505f), - U64(0xcdd449a4b483d934), U64(0x87b59255751baf68), - U64(0x1bea6d2e023d3c7f), U64(0x6b1f12455b5ffcab), - U64(0x743555292de9710d), U64(0xd8034f6d10f5fddf), - U64(0xc6198c9f7ba81b08), U64(0xbb8109aca3a17edb), - U64(0xfa2d1766ad12cabb), U64(0xc729080166437079), - U64(0x9c5fff7b77269317), U64(0x0000000000000000), - U64(0x15d706c9a47624eb), U64(0x6fdf38072fd44d72), - U64(0x5fb6dd3865ee52b7), U64(0xa33bf53d86bcff37), - U64(0xe657c1b5fc84fa8e), U64(0xaa962527735cebe9), - U64(0x39c43525bfda0b1b), U64(0x204e4d2a872ce186), - U64(0x7a083ece8ba26999), U64(0x554b9c9db72efbfa), - U64(0xb22cd9b656416a05), U64(0x96a2bedea5e63a5a), - U64(0x802529a826b0a322), U64(0x8115ad363b5bc853), - U64(0x8375b81701901eb1), U64(0x3069e53f4a3a1fc5), - U64(0xbd2136cfede119e0), U64(0x18bafc91251d81ec), - U64(0x1d4a524d4c7d5b44), U64(0x05f0aedc6960daa8), - U64(0x29e39d3072ccf558), U64(0x70f57f6b5962c0d4), - U64(0x989fd53903ad22ce), U64(0xf84d024797d91c59), - U64(0x547b1803aac5908b), U64(0xf0d056c37fd263f6), - U64(0xd56eb535919e58d8), U64(0x1c7ad6d351963035), - U64(0x2e7326cd2167f912), U64(0xac361a443d1c8cd2), - U64(0x697f076461942a49), U64(0x4b515f6fdc731d2d), - U64(0x8ad8680df4700a6f), U64(0x41ac1eca0eb3b460), - U64(0x7d988533d80965d3), U64(0xa8f6300649973d0b), - U64(0x7765c4960ac9cc9e), U64(0x7ca801adc5e20ea2), - U64(0xdea3700e5eb59ae4), U64(0xa06b6482a19c42a4), - U64(0x6a2f96db46b497da), U64(0x27def6d7d487edcc), - U64(0x463ca5375d18b82a), U64(0xa6cb5be1efdc259f), - U64(0x53eba3fef96e9cc1), U64(0xce84d81b93a364a7), - U64(0xf4107c810b59d22f), U64(0x333974806d1aa256), - U64(0x0f0def79bba073e5), U64(0x231edc95a00c5c15), - U64(0xe437d494c64f2c6c), U64(0x91320523f64d3610), - U64(0x67426c83c7df32dd), U64(0x6eefbc99323f2603), - U64(0x9d6f7be56acdf866), U64(0x5916e25b2bae358c), - U64(0x7ff89012e2c2b331), U64(0x035091bf2720bd93), - U64(0x561b0d22900e4669), U64(0x28d319ae6f279e29), - U64(0x2f43a2533c8c9263), U64(0xd09e1be9f8fe8270), - U64(0xf740ed3e2c796fbc), U64(0xdb53ded237d5404c), - U64(0x62b2c25faebfe875), U64(0x0afd41a5d2c0a94d), - U64(0x6412fd3ce0ff8f4e), U64(0xe3a76f6995e42026), - U64(0x6c8fa9b808f4f0e1), U64(0xc2d9a6dd0f23aad1), - U64(0x8f28c6d19d10d0c7), U64(0x85d587744fd0798a), - U64(0xa20b71a39b579446), U64(0x684f83fa7c7f4138), - U64(0xe507500adba4471d), U64(0x3f640a46f19a6c20), - U64(0x1247bd34f7dd28a1), U64(0x2d23b77206474481), - U64(0x93521002cc86e0f2), U64(0x572b89bc8de52d18), - U64(0xfb1d93f8b0f9a1ca), U64(0xe95a2ecc4724896b), - U64(0x3ba420048511ddf9), U64(0xd63e248ab6bee54b), - U64(0x5dd6c8195f258455), U64(0x06a03f634e40673b), - U64(0x1f2a476c76b68da6), U64(0x217ec9b49ac78af7), - U64(0xecaa80102e4453c3), U64(0x14e78257b99d4f9a) - }, { /* 3 */ - U64(0x20329b2cc87bba05), U64(0x4f5eb6f86546a531), - U64(0xd4f44775f751b6b1), U64(0x8266a47b850dfa8b), - U64(0xbb986aa15a6ca985), U64(0xc979eb08f9ae0f99), - U64(0x2da6f447a2375ea1), U64(0x1e74275dcd7d8576), - U64(0xbc20180a800bc5f8), U64(0xb4a2f701b2dc65be), - U64(0xe726946f981b6d66), U64(0x48e6c453bf21c94c), - U64(0x42cad9930f0a4195), U64(0xefa47b64aacccd20), - U64(0x71180a8960409a42), U64(0x8bb3329bf6a44e0c), - U64(0xd34c35de2d36dacc), U64(0xa92f5b7cbc23dc96), - U64(0xb31a85aa68bb09c3), U64(0x13e04836a73161d2), - U64(0xb24dfc4129c51d02), U64(0x8ae44b70b7da5acd), - U64(0xe671ed84d96579a7), U64(0xa4bb3417d66f3832), - U64(0x4572ab38d56d2de8), U64(0xb1b47761ea47215c), - U64(0xe81c09cf70aba15d), U64(0xffbdb872ce7f90ac), - U64(0xa8782297fd5dc857), U64(0x0d946f6b6a4ce4a4), - U64(0xe4df1f4f5b995138), U64(0x9ebc71edca8c5762), - U64(0x0a2c1dc0b02b88d9), U64(0x3b503c115d9d7b91), - U64(0xc64376a8111ec3a2), U64(0xcec199a323c963e4), - U64(0xdc76a87ec58616f7), U64(0x09d596e073a9b487), - U64(0x14583a9d7d560daf), U64(0xf4c6dc593f2a0cb4), - U64(0xdd21d19584f80236), U64(0x4a4836983ddde1d3), - U64(0xe58866a41ae745f9), U64(0xf591a5b27e541875), - U64(0x891dc05074586693), U64(0x5b068c651810a89e), - U64(0xa30346bc0c08544f), U64(0x3dbf3751c684032d), - U64(0x2a1e86ec785032dc), U64(0xf73f5779fca830ea), - U64(0xb60c05ca30204d21), U64(0x0cc316802b32f065), - U64(0x8770241bdd96be69), U64(0xb861e18199ee95db), - U64(0xf805cad91418fcd1), U64(0x29e70dccbbd20e82), - U64(0xc7140f435060d763), U64(0x0f3a9da0e8b0cc3b), - U64(0xa2543f574d76408e), U64(0xbd7761e1c175d139), - U64(0x4b1f4f737ca3f512), U64(0x6dc2df1f2fc137ab), - U64(0xf1d05c3967b14856), U64(0xa742bf3715ed046c), - U64(0x654030141d1697ed), U64(0x07b872abda676c7d), - U64(0x3ce84eba87fa17ec), U64(0xc1fb0403cb79afdf), - U64(0x3e46bc7105063f73), U64(0x278ae987121cd678), - U64(0xa1adb4778ef47cd0), U64(0x26dd906c5362c2b9), - U64(0x05168060589b44e2), U64(0xfbfc41f9d79ac08f), - U64(0x0e6de44ba9ced8fa), U64(0x9feb08068bf243a3), - U64(0x7b341749d06b129b), U64(0x229c69e74a87929a), - U64(0xe09ee6c4427c011b), U64(0x5692e30e725c4c3a), - U64(0xda99a33e5e9f6e4b), U64(0x353dd85af453a36b), - U64(0x25241b4c90e0fee7), U64(0x5de987258309d022), - U64(0xe230140fc0802984), U64(0x93281e86a0c0b3c6), - U64(0xf229d719a4337408), U64(0x6f6c2dd4ad3d1f34), - U64(0x8ea5b2fbae3f0aee), U64(0x8331dd90c473ee4a), - U64(0x346aa1b1b52db7aa), U64(0xdf8f235e06042aa9), - U64(0xcc6f6b68a1354b7b), U64(0x6c95a6f46ebf236a), - U64(0x52d31a856bb91c19), U64(0x1a35ded6d498d555), - U64(0xf37eaef2e54d60c9), U64(0x72e181a9a3c2a61c), - U64(0x98537aad51952fde), U64(0x16f6c856ffaa2530), - U64(0xd960281e9d1d5215), U64(0x3a0745fa1ce36f50), - U64(0x0b7b642bf1559c18), U64(0x59a87eae9aec8001), - U64(0x5e100c05408bec7c), U64(0x0441f98b19e55023), - U64(0xd70dcc5534d38aef), U64(0x927f676de1bea707), - U64(0x9769e70db925e3e5), U64(0x7a636ea29115065a), - U64(0x468b201816ef11b6), U64(0xab81a9b73edff409), - U64(0xc0ac7de88a07bb1e), U64(0x1f235eb68c0391b7), - U64(0x6056b074458dd30f), U64(0xbe8eeac102f7ed67), - U64(0xcd381283e04b5fba), U64(0x5cbefecec277c4e3), - U64(0xd21b4c356c48ce0d), U64(0x1019c31664b35d8c), - U64(0x247362a7d19eea26), U64(0xebe582efb3299d03), - U64(0x02aef2cb82fc289f), U64(0x86275df09ce8aaa8), - U64(0x28b07427faac1a43), U64(0x38a9b7319e1f47cf), - U64(0xc82e92e3b8d01b58), U64(0x06ef0b409b1978bc), - U64(0x62f842bfc771fb90), U64(0x9904034610eb3b1f), - U64(0xded85ab5477a3e68), U64(0x90d195a663428f98), - U64(0x5384636e2ac708d8), U64(0xcbd719c37b522706), - U64(0xae9729d76644b0eb), U64(0x7c8c65e20a0c7ee6), - U64(0x80c856b007f1d214), U64(0x8c0b40302cc32271), - U64(0xdbcedad51fe17a8a), U64(0x740e8ae938dbdea0), - U64(0xa615c6dc549310ad), U64(0x19cc55f6171ae90b), - U64(0x49b1bdb8fe5fdd8d), U64(0xed0a89af2830e5bf), - U64(0x6a7aadb4f5a65bd6), U64(0x7e22972988f05679), - U64(0xf952b3325566e810), U64(0x39fecedadf61530e), - U64(0x6101c99f04f3c7ce), U64(0x2e5f7f6761b562ff), - U64(0xf08725d226cf5c97), U64(0x63af3b54860fef51), - U64(0x8ff2cb10ef411e2f), U64(0x884ab9bb35267252), - U64(0x4df04433e7ba8dae), U64(0x9afd8866d3690741), - U64(0x66b9bb34de94abb3), U64(0x9baaf18d92171380), - U64(0x543c11c5f0a064a5), U64(0x17a1b1bdbed431f1), - U64(0xb5f58eeaf3a2717f), U64(0xc355f6c849858740), - U64(0xec5df044694ef17e), U64(0xd83751f5dc6346d4), - U64(0xfc4433520dfdacf2), U64(0x0000000000000000), - U64(0x5a51f58e596ebc5f), U64(0x3285aaf12e34cf16), - U64(0x8d5c39db6dbd36b0), U64(0x12b731dde64f7513), - U64(0x94906c2d7aa7dfbb), U64(0x302b583aacc8e789), - U64(0x9d45facd090e6b3c), U64(0x2165e2c78905aec4), - U64(0x68d45f7f775a7349), U64(0x189b2c1d5664fdca), - U64(0xe1c99f2f030215da), U64(0x6983269436246788), - U64(0x8489af3b1e148237), U64(0xe94b702431d5b59c), - U64(0x33d2d31a6f4adbd7), U64(0xbfd9932a4389f9a6), - U64(0xb0e30e8aab39359d), U64(0xd1e2c715afcaf253), - U64(0x150f43763c28196e), U64(0xc4ed846393e2eb3d), - U64(0x03f98b20c3823c5e), U64(0xfd134ab94c83b833), - U64(0x556b682eb1de7064), U64(0x36c4537a37d19f35), - U64(0x7559f30279a5ca61), U64(0x799ae58252973a04), - U64(0x9c12832648707ffd), U64(0x78cd9c6913e92ec5), - U64(0x1d8dac7d0effb928), U64(0x439da0784e745554), - U64(0x413352b3cc887dcb), U64(0xbacf134a1b12bd44), - U64(0x114ebafd25cd494d), U64(0x2f08068c20cb763e), - U64(0x76a07822ba27f63f), U64(0xeab2fb04f25789c2), - U64(0xe3676de481fe3d45), U64(0x1b62a73d95e6c194), - U64(0x641749ff5c68832c), U64(0xa5ec4dfc97112cf3), - U64(0xf6682e92bdd6242b), U64(0x3f11c59a44782bb2), - U64(0x317c21d1edb6f348), U64(0xd65ab5be75ad9e2e), - U64(0x6b2dd45fb4d84f17), U64(0xfaab381296e4d44e), - U64(0xd0b5befeeeb4e692), U64(0x0882ef0b32d7a046), - U64(0x512a91a5a83b2047), U64(0x963e9ee6f85bf724), - U64(0x4e09cf132438b1f0), U64(0x77f701c9fb59e2fe), - U64(0x7ddb1c094b726a27), U64(0x5f4775ee01f5f8bd), - U64(0x9186ec4d223c9b59), U64(0xfeeac1998f01846d), - U64(0xac39db1ce4b89874), U64(0xb75b7c21715e59e0), - U64(0xafc0503c273aa42a), U64(0x6e3b543fec430bf5), - U64(0x704f7362213e8e83), U64(0x58ff0745db9294c0), - U64(0x67eec2df9feabf72), U64(0xa0facd9ccf8a6811), - U64(0xb936986ad890811a), U64(0x95c715c63bd9cb7a), - U64(0xca8060283a2c33c7), U64(0x507de84ee9453486), - U64(0x85ded6d05f6a96f6), U64(0x1cdad5964f81ade9), - U64(0xd5a33e9eb62fa270), U64(0x40642b588df6690a), - U64(0x7f75eec2c98e42b8), U64(0x2cf18dace3494a60), - U64(0x23cb100c0bf9865b), U64(0xeef3028febb2d9e1), - U64(0x4425d2d394133929), U64(0xaad6d05c7fa1e0c8), - U64(0xad6ea2f7a5c68cb5), U64(0xc2028f2308fb9381), - U64(0x819f2f5b468fc6d5), U64(0xc5bafd88d29cfffc), - U64(0x47dc59f357910577), U64(0x2b49ff07392e261d), - U64(0x57c59ae5332258fb), U64(0x73b6f842e2bcb2dd), - U64(0xcf96e04862b77725), U64(0x4ca73dd8a6c4996f), - U64(0x015779eb417e14c1), U64(0x37932a9176af8bf4) - }, { /* 4 */ - U64(0x190a2c9b249df23e), U64(0x2f62f8b62263e1e9), - U64(0x7a7f754740993655), U64(0x330b7ba4d5564d9f), - U64(0x4c17a16a46672582), U64(0xb22f08eb7d05f5b8), - U64(0x535f47f40bc148cc), U64(0x3aec5d27d4883037), - U64(0x10ed0a1825438f96), U64(0x516101f72c233d17), - U64(0x13cc6f949fd04eae), U64(0x739853c441474bfd), - U64(0x653793d90d3f5b1b), U64(0x5240647b96b0fc2f), - U64(0x0c84890ad27623e0), U64(0xd7189b32703aaea3), - U64(0x2685de3523bd9c41), U64(0x99317c5b11bffefa), - U64(0x0d9baa854f079703), U64(0x70b93648fbd48ac5), - U64(0xa80441fce30bc6be), U64(0x7287704bdc36ff1e), - U64(0xb65384ed33dc1f13), U64(0xd36417343ee34408), - U64(0x39cd38ab6e1bf10f), U64(0x5ab861770a1f3564), - U64(0x0ebacf09f594563b), U64(0xd04572b884708530), - U64(0x3cae9722bdb3af47), U64(0x4a556b6f2f5cbaf2), - U64(0xe1704f1f76c4bd74), U64(0x5ec4ed7144c6dfcf), - U64(0x16afc01d4c7810e6), U64(0x283f113cd629ca7a), - U64(0xaf59a8761741ed2d), U64(0xeed5a3991e215fac), - U64(0x3bf37ea849f984d4), U64(0xe413e096a56ce33c), - U64(0x2c439d3a98f020d1), U64(0x637559dc6404c46b), - U64(0x9e6c95d1e5f5d569), U64(0x24bb9836045fe99a), - U64(0x44efa466dac8ecc9), U64(0xc6eab2a5c80895d6), - U64(0x803b50c035220cc4), U64(0x0321658cba93c138), - U64(0x8f9ebc465dc7ee1c), U64(0xd15a5137190131d3), - U64(0x0fa5ec8668e5e2d8), U64(0x91c979578d1037b1), - U64(0x0642ca05693b9f70), U64(0xefca80168350eb4f), - U64(0x38d21b24f36a45ec), U64(0xbeab81e1af73d658), - U64(0x8cbfd9cae7542f24), U64(0xfd19cc0d81f11102), - U64(0x0ac6430fbb4dbc90), U64(0x1d76a09d6a441895), - U64(0x2a01573ff1cbbfa1), U64(0xb572e161894fde2b), - U64(0x8124734fa853b827), U64(0x614b1fdf43e6b1b0), - U64(0x68ac395c4238cc18), U64(0x21d837bfd7f7b7d2), - U64(0x20c714304a860331), U64(0x5cfaab726324aa14), - U64(0x74c5ba4eb50d606e), U64(0xf3a3030474654739), - U64(0x23e671bcf015c209), U64(0x45f087e947b9582a), - U64(0xd8bd77b418df4c7b), U64(0xe06f6c90ebb50997), - U64(0x0bd96080263c0873), U64(0x7e03f9410e40dcfe), - U64(0xb8e94be4c6484928), U64(0xfb5b0608e8ca8e72), - U64(0x1a2b49179e0e3306), U64(0x4e29e76961855059), - U64(0x4f36c4e6fcf4e4ba), U64(0x49740ee395cf7bca), - U64(0xc2963ea386d17f7d), U64(0x90d65ad810618352), - U64(0x12d34c1b02a1fa4d), U64(0xfa44258775bb3a91), - U64(0x18150f14b9ec46dd), U64(0x1491861e6b9a653d), - U64(0x9a1019d7ab2c3fc2), U64(0x3668d42d06fe13d7), - U64(0xdcc1fbb25606a6d0), U64(0x969490dd795a1c22), - U64(0x3549b1a1bc6dd2ef), U64(0xc94f5e23a0ed770e), - U64(0xb9f6686b5b39fdcb), U64(0xc4d4f4a6efeae00d), - U64(0xe732851a1fff2204), U64(0x94aad6de5eb869f9), - U64(0x3f8ff2ae07206e7f), U64(0xfe38a9813b62d03a), - U64(0xa7a1ad7a8bee2466), U64(0x7b6056c8dde882b6), - U64(0x302a1e286fc58ca7), U64(0x8da0fa457a259bc7), - U64(0xb3302b64e074415b), U64(0x5402ae7eff8b635f), - U64(0x08f8050c9cafc94b), U64(0xae468bf98a3059ce), - U64(0x88c355cca98dc58f), U64(0xb10e6d67c7963480), - U64(0xbad70de7e1aa3cf3), U64(0xbfb4a26e320262bb), - U64(0xcb711820870f02d5), U64(0xce12b7a954a75c9d), - U64(0x563ce87dd8691684), U64(0x9f73b65e7884618a), - U64(0x2b1e74b06cba0b42), U64(0x47cec1ea605b2df1), - U64(0x1c698312f735ac76), U64(0x5fdbcefed9b76b2c), - U64(0x831a354c8fb1cdfc), U64(0x820516c312c0791f), - U64(0xb74ca762aeadabf0), U64(0xfc06ef821c80a5e1), - U64(0x5723cbf24518a267), U64(0x9d4df05d5f661451), - U64(0x588627742dfd40bf), U64(0xda8331b73f3d39a0), - U64(0x17b0e392d109a405), U64(0xf965400bcf28fba9), - U64(0x7c3dbf4229a2a925), U64(0x023e460327e275db), - U64(0x6cd0b55a0ce126b3), U64(0xe62da695828e96e7), - U64(0x42ad6e63b3f373b9), U64(0xe50cc319381d57df), - U64(0xc5cbd729729b54ee), U64(0x46d1e265fd2a9912), - U64(0x6428b056904eeff8), U64(0x8be23040131e04b7), - U64(0x6709d5da2add2ec0), U64(0x075de98af44a2b93), - U64(0x8447dcc67bfbe66f), U64(0x6616f655b7ac9a23), - U64(0xd607b8bded4b1a40), U64(0x0563af89d3a85e48), - U64(0x3db1b4ad20c21ba4), U64(0x11f22997b8323b75), - U64(0x292032b34b587e99), U64(0x7f1cdace9331681d), - U64(0x8e819fc9c0b65aff), U64(0xa1e3677fe2d5bb16), - U64(0xcd33d225ee349da5), U64(0xd9a2543b85aef898), - U64(0x795e10cbfa0af76d), U64(0x25a4bbb9992e5d79), - U64(0x78413344677b438e), U64(0xf0826688cef68601), - U64(0xd27b34bba392f0eb), U64(0x551d8df162fad7bc), - U64(0x1e57c511d0d7d9ad), U64(0xdeffbdb171e4d30b), - U64(0xf4feea8e802f6caa), U64(0xa480c8f6317de55e), - U64(0xa0fc44f07fa40ff5), U64(0x95b5f551c3c9dd1a), - U64(0x22f952336d6476ea), U64(0x0000000000000000), - U64(0xa6be8ef5169f9085), U64(0xcc2cf1aa73452946), - U64(0x2e7ddb39bf12550a), U64(0xd526dd3157d8db78), - U64(0x486b2d6c08becf29), U64(0x9b0f3a58365d8b21), - U64(0xac78cdfaadd22c15), U64(0xbc95c7e28891a383), - U64(0x6a927f5f65dab9c3), U64(0xc3891d2c1ba0cb9e), - U64(0xeaa92f9f50f8b507), U64(0xcf0d9426c9d6e87e), - U64(0xca6e3baf1a7eb636), U64(0xab25247059980786), - U64(0x69b31ad3df4978fb), U64(0xe2512a93cc577c4c), - U64(0xff278a0ea61364d9), U64(0x71a615c766a53e26), - U64(0x89dc764334fc716c), U64(0xf87a638452594f4a), - U64(0xf2bc208be914f3da), U64(0x8766b94ac1682757), - U64(0xbbc82e687cdb8810), U64(0x626a7a53f9757088), - U64(0xa2c202f358467a2e), U64(0x4d0882e5db169161), - U64(0x09e7268301de7da8), U64(0xe897699c771ac0dc), - U64(0xc8507dac3d9cc3ed), U64(0xc0a878a0a1330aa6), - U64(0x978bb352e42ba8c1), U64(0xe9884a13ea6b743f), - U64(0x279afdbabecc28a2), U64(0x047c8c064ed9eaab), - U64(0x507e2278b15289f4), U64(0x599904fbb08cf45c), - U64(0xbd8ae46d15e01760), U64(0x31353da7f2b43844), - U64(0x8558ff49e68a528c), U64(0x76fbfc4d92ef15b5), - U64(0x3456922e211c660c), U64(0x86799ac55c1993b4), - U64(0x3e90d1219a51da9c), U64(0x2d5cbeb505819432), - U64(0x982e5fd48cce4a19), U64(0xdb9c1238a24c8d43), - U64(0xd439febecaa96f9b), U64(0x418c0bef0960b281), - U64(0x158ea591f6ebd1de), U64(0x1f48e69e4da66d4e), - U64(0x8afd13cf8e6fb054), U64(0xf5e1c9011d5ed849), - U64(0xe34e091c5126c8af), U64(0xad67ee7530a398f6), - U64(0x43b24dec2e82c75a), U64(0x75da99c1287cd48d), - U64(0x92e81cdb3783f689), U64(0xa3dd217cc537cecd), - U64(0x60543c50de970553), U64(0x93f73f54aaf2426a), - U64(0xa91b62737e7a725d), U64(0xf19d4507538732e2), - U64(0x77e4dfc20f9ea156), U64(0x7d229ccdb4d31dc6), - U64(0x1b346a98037f87e5), U64(0xedf4c615a4b29e94), - U64(0x4093286094110662), U64(0xb0114ee85ae78063), - U64(0x6ff1d0d6b672e78b), U64(0x6dcf96d591909250), - U64(0xdfe09e3eec9567e8), U64(0x3214582b4827f97c), - U64(0xb46dc2ee143e6ac8), U64(0xf6c0ac8da7cd1971), - U64(0xebb60c10cd8901e4), U64(0xf7df8f023abcad92), - U64(0x9c52d3d2c217a0b2), U64(0x6b8d5cd0f8ab0d20), - U64(0x3777f7a29b8fa734), U64(0x011f238f9d71b4e3), - U64(0xc1b75b2f3c42be45), U64(0x5de588fdfe551ef7), - U64(0x6eeef3592b035368), U64(0xaa3a07ffc4e9b365), - U64(0xecebe59a39c32a77), U64(0x5ba742f8976e8187), - U64(0x4b4a48e0b22d0e11), U64(0xddded83dcb771233), - U64(0xa59feb79ac0c51bd), U64(0xc7f5912a55792135) - }, { /* 5 */ - U64(0x6d6ae04668a9b08a), U64(0x3ab3f04b0be8c743), - U64(0xe51e166b54b3c908), U64(0xbe90a9eb35c2f139), - U64(0xb2c7066637f2bec1), U64(0xaa6945613392202c), - U64(0x9a28c36f3b5201eb), U64(0xddce5a93ab536994), - U64(0x0e34133ef6382827), U64(0x52a02ba1ec55048b), - U64(0xa2f88f97c4b2a177), U64(0x8640e513ca2251a5), - U64(0xcdf1d36258137622), U64(0xfe6cb708dedf8ddb), - U64(0x8a174a9ec8121e5d), U64(0x679896036b81560e), - U64(0x59ed033395795fee), U64(0x1dd778ab8b74edaf), - U64(0xee533ef92d9f926d), U64(0x2a8c79baf8a8d8f5), - U64(0x6bcf398e69b119f6), U64(0xe20491742fafdd95), - U64(0x276488e0809c2aec), U64(0xea955b82d88f5cce), - U64(0x7102c63a99d9e0c4), U64(0xf9763017a5c39946), - U64(0x429fa2501f151b3d), U64(0x4659c72bea05d59e), - U64(0x984b7fdccf5a6634), U64(0xf742232953fbb161), - U64(0x3041860e08c021c7), U64(0x747bfd9616cd9386), - U64(0x4bb1367192312787), U64(0x1b72a1638a6c44d3), - U64(0x4a0e68a6e8359a66), U64(0x169a5039f258b6ca), - U64(0xb98a2ef44edee5a4), U64(0xd9083fe85e43a737), - U64(0x967f6ce239624e13), U64(0x8874f62d3c1a7982), - U64(0x3c1629830af06e3f), U64(0x9165ebfd427e5a8e), - U64(0xb5dd81794ceeaa5c), U64(0x0de8f15a7834f219), - U64(0x70bd98ede3dd5d25), U64(0xaccc9ca9328a8950), - U64(0x56664eda1945ca28), U64(0x221db34c0f8859ae), - U64(0x26dbd637fa98970d), U64(0x1acdffb4f068f932), - U64(0x4585254f64090fa0), U64(0x72de245e17d53afa), - U64(0x1546b25d7c546cf4), U64(0x207e0ffffb803e71), - U64(0xfaaad2732bcf4378), U64(0xb462dfae36ea17bd), - U64(0xcf926fd1ac1b11fd), U64(0xe0672dc7dba7ba4a), - U64(0xd3fa49ad5d6b41b3), U64(0x8ba81449b216a3bc), - U64(0x14f9ec8a0650d115), U64(0x40fc1ee3eb1d7ce2), - U64(0x23a2ed9b758ce44f), U64(0x782c521b14fddc7e), - U64(0x1c68267cf170504e), U64(0xbcf31558c1ca96e6), - U64(0xa781b43b4ba6d235), U64(0xf6fd7dfe29ff0c80), - U64(0xb0a4bad5c3fad91e), U64(0xd199f51ea963266c), - U64(0x414340349119c103), U64(0x5405f269ed4dadf7), - U64(0xabd61bb649969dcd), U64(0x6813dbeae7bdc3c8), - U64(0x65fb2ab09f8931d1), U64(0xf1e7fae152e3181d), - U64(0xc1a67cef5a2339da), U64(0x7a4feea8e0f5bba1), - U64(0x1e0b9acf05783791), U64(0x5b8ebf8061713831), - U64(0x80e53cdbcb3af8d9), U64(0x7e898bd315e57502), - U64(0xc6bcfbf0213f2d47), U64(0x95a38e86b76e942d), - U64(0x092e94218d243cba), U64(0x8339debf453622e7), - U64(0xb11be402b9fe64ff), U64(0x57d9100d634177c9), - U64(0xcc4e8db52217cbc3), U64(0x3b0cae9c71ec7aa2), - U64(0xfb158ca451cbfe99), U64(0x2b33276d82ac6514), - U64(0x01bf5ed77a04bde1), U64(0xc5601994af33f779), - U64(0x75c4a3416cc92e67), U64(0xf3844652a6eb7fc2), - U64(0x3487e375fdd0ef64), U64(0x18ae430704609eed), - U64(0x4d14efb993298efb), U64(0x815a620cb13e4538), - U64(0x125c354207487869), U64(0x9eeea614ce42cf48), - U64(0xce2d3106d61fac1c), U64(0xbbe99247bad6827b), - U64(0x071a871f7b1c149d), U64(0x2e4a1cc10db81656), - U64(0x77a71ff298c149b8), U64(0x06a5d9c80118a97c), - U64(0xad73c27e488e34b1), U64(0x443a7b981e0db241), - U64(0xe3bbcfa355ab6074), U64(0x0af276450328e684), - U64(0x73617a896dd1871b), U64(0x58525de4ef7de20f), - U64(0xb7be3dcab8e6cd83), U64(0x19111dd07e64230c), - U64(0x842359a03e2a367a), U64(0x103f89f1f3401fb6), - U64(0xdc710444d157d475), U64(0xb835702334da5845), - U64(0x4320fc876511a6dc), U64(0xd026abc9d3679b8d), - U64(0x17250eee885c0b2b), U64(0x90dab52a387ae76f), - U64(0x31fed8d972c49c26), U64(0x89cba8fa461ec463), - U64(0x2ff5421677bcabb7), U64(0x396f122f85e41d7d), - U64(0xa09b332430bac6a8), U64(0xc888e8ced7070560), - U64(0xaeaf201ac682ee8f), U64(0x1180d7268944a257), - U64(0xf058a43628e7a5fc), U64(0xbd4c4b8fbbce2b07), - U64(0xa1246df34abe7b49), U64(0x7d5569b79be9af3c), - U64(0xa9b5a705bd9efa12), U64(0xdb6b835baa4bc0e8), - U64(0x05793bac8f147342), U64(0x21c1512881848390), - U64(0xfdb0556c50d357e5), U64(0x613d4fcb6a99ff72), - U64(0x03dce2648e0cda3e), U64(0xe949b9e6568386f0), - U64(0xfc0f0bbb2ad7ea04), U64(0x6a70675913b5a417), - U64(0x7f36d5046fe1c8e3), U64(0x0c57af8d02304ff8), - U64(0x32223abdfcc84618), U64(0x0891caf6f720815b), - U64(0xa63eeaec31a26fd4), U64(0x2507345374944d33), - U64(0x49d28ac266394058), U64(0xf5219f9aa7f3d6be), - U64(0x2d96fea583b4cc68), U64(0x5a31e1571b7585d0), - U64(0x8ed12fe53d02d0fe), U64(0xdfade6205f5b0e4b), - U64(0x4cabb16ee92d331a), U64(0x04c6657bf510cea3), - U64(0xd73c2cd6a87b8f10), U64(0xe1d87310a1a307ab), - U64(0x6cd5be9112ad0d6b), U64(0x97c032354366f3f2), - U64(0xd4e0ceb22677552e), U64(0x0000000000000000), - U64(0x29509bde76a402cb), U64(0xc27a9e8bd42fe3e4), - U64(0x5ef7842cee654b73), U64(0xaf107ecdbc86536e), - U64(0x3fcacbe784fcb401), U64(0xd55f90655c73e8cf), - U64(0xe6c2f40fdabf1336), U64(0xe8f6e7312c873b11), - U64(0xeb2a0555a28be12f), U64(0xe4a148bc2eb774e9), - U64(0x9b979db84156bc0a), U64(0x6eb60222e6a56ab4), - U64(0x87ffbbc4b026ec44), U64(0xc703a5275b3b90a6), - U64(0x47e699fc9001687f), U64(0x9c8d1aa73a4aa897), - U64(0x7cea3760e1ed12dd), U64(0x4ec80ddd1d2554c5), - U64(0x13e36b957d4cc588), U64(0x5d2b66486069914d), - U64(0x92b90999cc7280b0), U64(0x517cc9c56259deb5), - U64(0xc937b619ad03b881), U64(0xec30824ad997f5b2), - U64(0xa45d565fc5aa080b), U64(0xd6837201d27f32f1), - U64(0x635ef3789e9198ad), U64(0x531f75769651b96a), - U64(0x4f77530a6721e924), U64(0x486dd4151c3dfdb9), - U64(0x5f48dafb9461f692), U64(0x375b011173dc355a), - U64(0x3da9775470f4d3de), U64(0x8d0dcd81b30e0ac0), - U64(0x36e45fc609d888bb), U64(0x55baacbe97491016), - U64(0x8cb29356c90ab721), U64(0x76184125e2c5f459), - U64(0x99f4210bb55edbd5), U64(0x6f095cf59ca1d755), - U64(0x9f51f8c3b44672a9), U64(0x3538bda287d45285), - U64(0x50c39712185d6354), U64(0xf23b1885dcefc223), - U64(0x79930ccc6ef9619f), U64(0xed8fdc9da3934853), - U64(0xcb540aaa590bdf5e), U64(0x5c94389f1a6d2cac), - U64(0xe77daad8a0bbaed7), U64(0x28efc5090ca0bf2a), - U64(0xbf2ff73c4fc64cd8), U64(0xb37858b14df60320), - U64(0xf8c96ec0dfc724a7), U64(0x828680683f329f06), - U64(0x941cd051cd6a29cc), U64(0xc3c5c05cae2b5e05), - U64(0xb601631dc2e27062), U64(0xc01922382027843b), - U64(0x24b86a840e90f0d2), U64(0xd245177a276ffc52), - U64(0x0f8b4de98c3c95c6), U64(0x3e759530fef809e0), - U64(0x0b4d2892792c5b65), U64(0xc4df4743d5374a98), - U64(0xa5e20888bfaeb5ea), U64(0xba56cc90c0d23f9a), - U64(0x38d04cf8ffe0a09c), U64(0x62e1adafe495254c), - U64(0x0263bcb3f40867df), U64(0xcaeb547d230f62bf), - U64(0x6082111c109d4293), U64(0xdad4dd8cd04f7d09), - U64(0xefec602e579b2f8c), U64(0x1fb4c4187f7c8a70), - U64(0xffd3e9dfa4db303a), U64(0x7bf0b07f9af10640), - U64(0xf49ec14dddf76b5f), U64(0x8f6e713247066d1f), - U64(0x339d646a86ccfbf9), U64(0x64447467e58d8c30), - U64(0x2c29a072f9b07189), U64(0xd8b7613f24471ad6), - U64(0x6627c8d41185ebef), U64(0xa347d140beb61c96), - U64(0xde12b8f7255fb3aa), U64(0x9d324470404e1576), - U64(0x9306574eb6763d51), U64(0xa80af9d2c79a47f3), - U64(0x859c0777442e8b9b), U64(0x69ac853d9db97e29) - }, { /* 6 */ - U64(0xc3407dfc2de6377e), U64(0x5b9e93eea4256f77), - U64(0xadb58fdd50c845e0), U64(0x5219ff11a75bed86), - U64(0x356b61cfd90b1de9), U64(0xfb8f406e25abe037), - U64(0x7a5a0231c0f60796), U64(0x9d3cd216e1f5020b), - U64(0x0c6550fb6b48d8f3), U64(0xf57508c427ff1c62), - U64(0x4ad35ffa71cb407d), U64(0x6290a2da1666aa6d), - U64(0xe284ec2349355f9f), U64(0xb3c307c53d7c84ec), - U64(0x05e23c0468365a02), U64(0x190bac4d6c9ebfa8), - U64(0x94bbbee9e28b80fa), U64(0xa34fc777529cb9b5), - U64(0xcc7b39f095bcd978), U64(0x2426addb0ce532e3), - U64(0x7e79329312ce4fc7), U64(0xab09a72eebec2917), - U64(0xf8d15499f6b9d6c2), U64(0x1a55b8babf8c895d), - U64(0xdb8add17fb769a85), U64(0xb57f2f368658e81b), - U64(0x8acd36f18f3f41f6), U64(0x5ce3b7bba50f11d3), - U64(0x114dcc14d5ee2f0a), U64(0xb91a7fcded1030e8), - U64(0x81d5425fe55de7a1), U64(0xb6213bc1554adeee), - U64(0x80144ef95f53f5f2), U64(0x1e7688186db4c10c), - U64(0x3b912965db5fe1bc), U64(0xc281715a97e8252d), - U64(0x54a5d7e21c7f8171), U64(0x4b12535ccbc5522e), - U64(0x1d289cefbea6f7f9), U64(0x6ef5f2217d2e729e), - U64(0xe6a7dc819b0d17ce), U64(0x1b94b41c05829b0e), - U64(0x33d7493c622f711e), U64(0xdcf7f942fa5ce421), - U64(0x600fba8b7f7a8ecb), U64(0x46b60f011a83988e), - U64(0x235b898e0dcf4c47), U64(0x957ab24f588592a9), - U64(0x4354330572b5c28c), U64(0xa5f3ef84e9b8d542), - U64(0x8c711e02341b2d01), U64(0x0b1874ae6a62a657), - U64(0x1213d8e306fc19ff), U64(0xfe6d7c6a4d9dba35), - U64(0x65ed868f174cd4c9), U64(0x88522ea0e6236550), - U64(0x899322065c2d7703), U64(0xc01e690bfef4018b), - U64(0x915982ed8abddaf8), U64(0xbe675b98ec3a4e4c), - U64(0xa996bf7f82f00db1), U64(0xe1daf8d49a27696a), - U64(0x2effd5d3dc8986e7), U64(0xd153a51f2b1a2e81), - U64(0x18caa0ebd690adfb), U64(0x390e3134b243c51a), - U64(0x2778b92cdff70416), U64(0x029f1851691c24a6), - U64(0x5e7cafeacc133575), U64(0xfa4e4cc89fa5f264), - U64(0x5a5f9f481e2b7d24), U64(0x484c47ab18d764db), - U64(0x400a27f2a1a7f479), U64(0xaeeb9b2a83da7315), - U64(0x721c626879869734), U64(0x042330a2d2384851), - U64(0x85f672fd3765aff0), U64(0xba446b3a3e02061d), - U64(0x73dd6ecec3888567), U64(0xffac70ccf793a866), - U64(0xdfa9edb5294ed2d4), U64(0x6c6aea7014325638), - U64(0x834a5a0e8c41c307), U64(0xcdba35562fb2cb2b), - U64(0x0ad97808d06cb404), U64(0x0f3b440cb85aee06), - U64(0xe5f9c876481f213b), U64(0x98deee1289c35809), - U64(0x59018bbfcd394bd1), U64(0xe01bf47220297b39), - U64(0xde68e1139340c087), U64(0x9fa3ca4788e926ad), - U64(0xbb85679c840c144e), U64(0x53d8f3b71d55ffd5), - U64(0x0da45c5dd146caa0), U64(0x6f34fe87c72060cd), - U64(0x57fbc315cf6db784), U64(0xcee421a1fca0fdde), - U64(0x3d2d0196607b8d4b), U64(0x642c8a29ad42c69a), - U64(0x14aff010bdd87508), U64(0xac74837beac657b3), - U64(0x3216459ad821634d), U64(0x3fb219c70967a9ed), - U64(0x06bc28f3bb246cf7), U64(0xf2082c9126d562c6), - U64(0x66b39278c45ee23c), U64(0xbd394f6f3f2878b9), - U64(0xfd33689d9e8f8cc0), U64(0x37f4799eb017394f), - U64(0x108cc0b26fe03d59), U64(0xda4bd1b1417888d6), - U64(0xb09d1332ee6eb219), U64(0x2f3ed975668794b4), - U64(0x58c0871977375982), U64(0x7561463d78ace990), - U64(0x09876cff037e82f1), U64(0x7fb83e35a8c05d94), - U64(0x26b9b58a65f91645), U64(0xef20b07e9873953f), - U64(0x3148516d0b3355b8), U64(0x41cb2b541ba9e62a), - U64(0x790416c613e43163), U64(0xa011d380818e8f40), - U64(0x3a5025c36151f3ef), U64(0xd57095bdf92266d0), - U64(0x498d4b0da2d97688), U64(0x8b0c3a57353153a5), - U64(0x21c491df64d368e1), U64(0x8f2f0af5e7091bf4), - U64(0x2da1c1240f9bb012), U64(0xc43d59a92ccc49da), - U64(0xbfa6573e56345c1f), U64(0x828b56a8364fd154), - U64(0x9a41f643e0df7caf), U64(0xbcf843c985266aea), - U64(0x2b1de9d7b4bfdce5), U64(0x20059d79dedd7ab2), - U64(0x6dabe6d6ae3c446b), U64(0x45e81bf6c991ae7b), - U64(0x6351ae7cac68b83e), U64(0xa432e32253b6c711), - U64(0xd092a9b991143cd2), U64(0xcac711032e98b58f), - U64(0xd8d4c9e02864ac70), U64(0xc5fc550f96c25b89), - U64(0xd7ef8dec903e4276), U64(0x67729ede7e50f06f), - U64(0xeac28c7af045cf3d), U64(0xb15c1f945460a04a), - U64(0x9cfddeb05bfb1058), U64(0x93c69abce3a1fe5e), - U64(0xeb0380dc4a4bdd6e), U64(0xd20db1e8f8081874), - U64(0x229a8528b7c15e14), U64(0x44291750739fbc28), - U64(0xd3ccbd4e42060a27), U64(0xf62b1c33f4ed2a97), - U64(0x86a8660ae4779905), U64(0xd62e814a2a305025), - U64(0x477703a7a08d8add), U64(0x7b9b0e977af815c5), - U64(0x78c51a60a9ea2330), U64(0xa6adfb733aaae3b7), - U64(0x97e5aa1e3199b60f), U64(0x0000000000000000), - U64(0xf4b404629df10e31), U64(0x5564db44a6719322), - U64(0x9207961a59afec0d), U64(0x9624a6b88b97a45c), - U64(0x363575380a192b1c), U64(0x2c60cd82b595a241), - U64(0x7d272664c1dc7932), U64(0x7142769faa94a1c1), - U64(0xa1d0df263b809d13), U64(0x1630e841d4c451ae), - U64(0xc1df65ad44fa13d8), U64(0x13d2d445bcf20bac), - U64(0xd915c546926abe23), U64(0x38cf3d92084dd749), - U64(0xe766d0272103059d), U64(0xc7634d5effde7f2f), - U64(0x077d2455012a7ea4), U64(0xedbfa82ff16fb199), - U64(0xaf2a978c39d46146), U64(0x42953fa3c8bbd0df), - U64(0xcb061da59496a7dc), U64(0x25e7a17db6eb20b0), - U64(0x34aa6d6963050fba), U64(0xa76cf7d580a4f1e4), - U64(0xf7ea10954ee338c4), U64(0xfcf2643b24819e93), - U64(0xcf252d0746aeef8d), U64(0x4ef06f58a3f3082c), - U64(0x563acfb37563a5d7), U64(0x5086e740ce47c920), - U64(0x2982f186dda3f843), U64(0x87696aac5e798b56), - U64(0x5d22bb1d1f010380), U64(0x035e14f7d31236f5), - U64(0x3cec0d30da759f18), U64(0xf3c920379cdb7095), - U64(0xb8db736b571e22bb), U64(0xdd36f5e44052f672), - U64(0xaac8ab8851e23b44), U64(0xa857b3d938fe1fe2), - U64(0x17f1e4e76eca43fd), U64(0xec7ea4894b61a3ca), - U64(0x9e62c6e132e734fe), U64(0xd4b1991b432c7483), - U64(0x6ad6c283af163acf), U64(0x1ce9904904a8e5aa), - U64(0x5fbda34c761d2726), U64(0xf910583f4cb7c491), - U64(0xc6a241f845d06d7c), U64(0x4f3163fe19fd1a7f), - U64(0xe99c988d2357f9c8), U64(0x8eee06535d0709a7), - U64(0x0efa48aa0254fc55), U64(0xb4be23903c56fa48), - U64(0x763f52caabbedf65), U64(0xeee1bcd8227d876c), - U64(0xe345e085f33b4dcc), U64(0x3e731561b369bbbe), - U64(0x2843fd2067adea10), U64(0x2adce5710eb1ceb6), - U64(0xb7e03767ef44ccbd), U64(0x8db012a48e153f52), - U64(0x61ceb62dc5749c98), U64(0xe85d942b9959eb9b), - U64(0x4c6f7709caef2c8a), U64(0x84377e5b8d6bbda3), - U64(0x30895dcbb13d47eb), U64(0x74a04a9bc2a2fbc3), - U64(0x6b17ce251518289c), U64(0xe438c4d0f2113368), - U64(0x1fb784bed7bad35f), U64(0x9b80fae55ad16efc), - U64(0x77fe5e6c11b0cd36), U64(0xc858095247849129), - U64(0x08466059b97090a2), U64(0x01c10ca6ba0e1253), - U64(0x6988d6747c040c3a), U64(0x6849dad2c60a1e69), - U64(0x5147ebe67449db73), U64(0xc99905f4fd8a837a), - U64(0x991fe2b433cd4a5a), U64(0xf09734c04fc94660), - U64(0xa28ecbd1e892abe6), U64(0xf1563866f5c75433), - U64(0x4dae7baf70e13ed9), U64(0x7ce62ac27bd26b61), - U64(0x70837a39109ab392), U64(0x90988e4b30b3c8ab), - U64(0xb2020b63877296bf), U64(0x156efcb607d6675b) - }, { /* 7 */ - U64(0xe63f55ce97c331d0), U64(0x25b506b0015bba16), - U64(0xc8706e29e6ad9ba8), U64(0x5b43d3775d521f6a), - U64(0x0bfa3d577035106e), U64(0xab95fc172afb0e66), - U64(0xf64b63979e7a3276), U64(0xf58b4562649dad4b), - U64(0x48f7c3dbae0c83f1), U64(0xff31916642f5c8c5), - U64(0xcbb048dc1c4a0495), U64(0x66b8f83cdf622989), - U64(0x35c130e908e2b9b0), U64(0x7c761a61f0b34fa1), - U64(0x3601161cf205268d), U64(0x9e54ccfe2219b7d6), - U64(0x8b7d90a538940837), U64(0x9cd403588ea35d0b), - U64(0xbc3c6fea9ccc5b5a), U64(0xe5ff733b6d24aeed), - U64(0xceed22de0f7eb8d2), U64(0xec8581cab1ab545e), - U64(0xb96105e88ff8e71d), U64(0x8ca03501871a5ead), - U64(0x76ccce65d6db2a2f), U64(0x5883f582a7b58057), - U64(0x3f7be4ed2e8adc3e), U64(0x0fe7be06355cd9c9), - U64(0xee054e6c1d11be83), U64(0x1074365909b903a6), - U64(0x5dde9f80b4813c10), U64(0x4a770c7d02b6692c), - U64(0x5379c8d5d7809039), U64(0xb4067448161ed409), - U64(0x5f5e5026183bd6cd), U64(0xe898029bf4c29df9), - U64(0x7fb63c940a54d09c), U64(0xc5171f897f4ba8bc), - U64(0xa6f28db7b31d3d72), U64(0x2e4f3be7716eaa78), - U64(0x0d6771a099e63314), U64(0x82076254e41bf284), - U64(0x2f0fd2b42733df98), U64(0x5c9e76d3e2dc49f0), - U64(0x7aeb569619606cdb), U64(0x83478b07b2468764), - U64(0xcfadcb8d5923cd32), U64(0x85dac7f05b95a41e), - U64(0xb5469d1b4043a1e9), U64(0xb821ecbbd9a592fd), - U64(0x1b8e0b0e798c13c8), U64(0x62a57b6d9a0be02e), - U64(0xfcf1b793b81257f8), U64(0x9d94ea0bd8fe28eb), - U64(0x4cea408aeb654a56), U64(0x23284a47e888996c), - U64(0x2d8f1d128b893545), U64(0xf4cbac3132c0d8ab), - U64(0xbd7c86b9ca912eba), U64(0x3a268eef3dbe6079), - U64(0xf0d62f6077a9110c), U64(0x2735c916ade150cb), - U64(0x89fd5f03942ee2ea), U64(0x1acee25d2fd16628), - U64(0x90f39bab41181bff), U64(0x430dfe8cde39939f), - U64(0xf70b8ac4c8274796), U64(0x1c53aeaac6024552), - U64(0x13b410acf35e9c9b), U64(0xa532ab4249faa24f), - U64(0x2b1251e5625a163f), U64(0xd7e3e676da4841c7), - U64(0xa7b264e4e5404892), U64(0xda8497d643ae72d3), - U64(0x861ae105a1723b23), U64(0x38a6414991048aa4), - U64(0x6578dec92585b6b4), U64(0x0280cfa6acbaeadd), - U64(0x88bdb650c273970a), U64(0x9333bd5ebbff84c2), - U64(0x4e6a8f2c47dfa08b), U64(0x321c954db76cef2a), - U64(0x418d312a72837942), U64(0xb29b38bfffcdf773), - U64(0x6c022c38f90a4c07), U64(0x5a033a240b0f6a8a), - U64(0x1f93885f3ce5da6f), U64(0xc38a537e96988bc6), - U64(0x39e6a81ac759ff44), U64(0x29929e43cee0fce2), - U64(0x40cdd87924de0ca2), U64(0xe9d8ebc8a29fe819), - U64(0x0c2798f3cfbb46f4), U64(0x55e484223e53b343), - U64(0x4650948ecd0d2fd8), U64(0x20e86cb2126f0651), - U64(0x6d42c56baf5739e7), U64(0xa06fc1405ace1e08), - U64(0x7babbfc54f3d193b), U64(0x424d17df8864e67f), - U64(0xd8045870ef14980e), U64(0xc6d7397c85ac3781), - U64(0x21a885e1443273b1), U64(0x67f8116f893f5c69), - U64(0x24f5efe35706cff6), U64(0xd56329d076f2ab1a), - U64(0x5e1eb9754e66a32d), U64(0x28d2771098bd8902), - U64(0x8f6013f47dfdc190), U64(0x17a993fdb637553c), - U64(0xe0a219397e1012aa), U64(0x786b9930b5da8606), - U64(0x6e82e39e55b0a6da), U64(0x875a0856f72f4ec3), - U64(0x3741ff4fa458536d), U64(0xac4859b3957558fc), - U64(0x7ef6d5c75c09a57c), U64(0xc04a758b6c7f14fb), - U64(0xf9acdd91ab26ebbf), U64(0x7391a467c5ef9668), - U64(0x335c7c1ee1319aca), U64(0xa91533b18641e4bb), - U64(0xe4bf9a683b79db0d), U64(0x8e20faa72ba0b470), - U64(0x51f907737b3a7ae4), U64(0x2268a314bed5ec8c), - U64(0xd944b123b949edee), U64(0x31dcb3b84d8b7017), - U64(0xd3fe65279f218860), U64(0x097af2f1dc8ffab3), - U64(0x9b09a6fc312d0b91), U64(0xcc6ded78a3c4520f), - U64(0x3481d9ba5ebfcc50), U64(0x4f2a667f1182d56b), - U64(0xdfd9fdd4509ace94), U64(0x26752045fbbc252b), - U64(0xbffc491f662bc467), U64(0xdd593272fc202449), - U64(0x3cbbc218d46d4303), U64(0x91b372f817456e1f), - U64(0x681faf69bc6385a0), U64(0xb686bbeebaa43ed4), - U64(0x1469b5084cd0ca01), U64(0x98c98009cbca94ac), - U64(0x6438379a73d8c354), U64(0xc2caba2dc0c5fe26), - U64(0x3e3b0dbe78d7a9de), U64(0x50b9ee202d670f04), - U64(0x4590b27b37eab0e5), U64(0x6025b4cb36b10af3), - U64(0xfb2c1237079c0162), U64(0xa12f28130c936be8), - U64(0x4b37e52e54eb1ccc), U64(0x083a1ba28ad28f53), - U64(0xc10a9cd83a22611b), U64(0x9f1425ad7444c236), - U64(0x069d4cf7e9d3237a), U64(0xedc56899e7f621be), - U64(0x778c273680865fcf), U64(0x309c5aeb1bd605f7), - U64(0x8de0dc52d1472b4d), U64(0xf8ec34c2fd7b9e5f), - U64(0xea18cd3d58787724), U64(0xaad515447ca67b86), - U64(0x9989695a9d97e14c), U64(0x0000000000000000), - U64(0xf196c63321f464ec), U64(0x71116bc169557cb5), - U64(0xaf887f466f92c7c1), U64(0x972e3e0ffe964d65), - U64(0x190ec4a8d536f915), U64(0x95aef1a9522ca7b8), - U64(0xdc19db21aa7d51a9), U64(0x94ee18fa0471d258), - U64(0x8087adf248a11859), U64(0xc457f6da2916dd5c), - U64(0xfa6cfb6451c17482), U64(0xf256e0c6db13fbd1), - U64(0x6a9f60cf10d96f7d), U64(0x4daaa9d9bd383fb6), - U64(0x03c026f5fae79f3d), U64(0xde99148706c7bb74), - U64(0x2a52b8b6340763df), U64(0x6fc20acd03edd33a), - U64(0xd423c08320afdefa), U64(0xbbe1ca4e23420dc0), - U64(0x966ed75ca8cb3885), U64(0xeb58246e0e2502c4), - U64(0x055d6a021334bc47), U64(0xa47242111fa7d7af), - U64(0xe3623fcc84f78d97), U64(0x81c744a11efc6db9), - U64(0xaec8961539cfb221), U64(0xf31609958d4e8e31), - U64(0x63e5923ecc5695ce), U64(0x47107ddd9b505a38), - U64(0xa3afe7b5a0298135), U64(0x792b7063e387f3e6), - U64(0x0140e953565d75e0), U64(0x12f4f9ffa503e97b), - U64(0x750ce8902c3cb512), U64(0xdbc47e8515f30733), - U64(0x1ed3610c6ab8af8f), U64(0x5239218681dde5d9), - U64(0xe222d69fd2aaf877), U64(0xfe71783514a8bd25), - U64(0xcaf0a18f4a177175), U64(0x61655d9860ec7f13), - U64(0xe77fbc9dc19e4430), U64(0x2ccff441ddd440a5), - U64(0x16e97aaee06a20dc), U64(0xa855dae2d01c915b), - U64(0x1d1347f9905f30b2), U64(0xb7c652bdecf94b34), - U64(0xd03e43d265c6175d), U64(0xfdb15ec0ee4f2218), - U64(0x57644b8492e9599e), U64(0x07dda5a4bf8e569a), - U64(0x54a46d71680ec6a3), U64(0x5624a2d7c4b42c7e), - U64(0xbebca04c3076b187), U64(0x7d36f332a6ee3a41), - U64(0x3b6667bc6be31599), U64(0x695f463aea3ef040), - U64(0xad08b0e0c3282d1c), U64(0xb15b1e4a052a684e), - U64(0x44d05b2861b7c505), U64(0x15295c5b1a8dbfe1), - U64(0x744c01c37a61c0f2), U64(0x59c31cd1f1e8f5b7), - U64(0xef45a73f4b4ccb63), U64(0x6bdf899c46841a9d), - U64(0x3dfb2b4b823036e3), U64(0xa2ef0ee6f674f4d5), - U64(0x184e2dfb836b8cf5), U64(0x1134df0a5fe47646), - U64(0xbaa1231d751f7820), U64(0xd17eaa81339b62bd), - U64(0xb01bf71953771dae), U64(0x849a2ea30dc8d1fe), - U64(0x705182923f080955), U64(0x0ea757556301ac29), - U64(0x041d83514569c9a7), U64(0x0abad4042668658e), - U64(0x49b72a88f851f611), U64(0x8a3d79f66ec97dd7), - U64(0xcd2d042bf59927ef), U64(0xc930877ab0f0ee48), - U64(0x9273540deda2f122), U64(0xc797d02fd3f14261), - U64(0xe1e2f06a284d674a), U64(0xd2be8c74c97cfd80), - U64(0x9a494faf67707e71), U64(0xb3dbd1eca9908293), - U64(0x72d14d3493b2e388), U64(0xd6a30f258c153427) - }, -}; - -static const STREEBOG_LONG64 C16[12][8] = { - { - U64(0xdd806559f2a64507), U64(0x05767436cc744d23), - U64(0xa2422a08a460d315), U64(0x4b7ce09192676901), - U64(0x714eb88d7585c4fc), U64(0x2f6a76432e45d016), - U64(0xebcb2f81c0657c1f), U64(0xb1085bda1ecadae9) - }, { - U64(0xe679047021b19bb7), U64(0x55dda21bd7cbcd56), - U64(0x5cb561c2db0aa7ca), U64(0x9ab5176b12d69958), - U64(0x61d55e0f16b50131), U64(0xf3feea720a232b98), - U64(0x4fe39d460f70b5d7), U64(0x6fa3b58aa99d2f1a) - }, { - U64(0x991e96f50aba0ab2), U64(0xc2b6f443867adb31), - U64(0xc1c93a376062db09), U64(0xd3e20fe490359eb1), - U64(0xf2ea7514b1297b7b), U64(0x06f15e5f529c1f8b), - U64(0x0a39fc286a3d8435), U64(0xf574dcac2bce2fc7) - }, { - U64(0x220cbebc84e3d12e), U64(0x3453eaa193e837f1), - U64(0xd8b71333935203be), U64(0xa9d72c82ed03d675), - U64(0x9d721cad685e353f), U64(0x488e857e335c3c7d), - U64(0xf948e1a05d71e4dd), U64(0xef1fdfb3e81566d2) - }, { - U64(0x601758fd7c6cfe57), U64(0x7a56a27ea9ea63f5), - U64(0xdfff00b723271a16), U64(0xbfcd1747253af5a3), - U64(0x359e35d7800fffbd), U64(0x7f151c1f1686104a), - U64(0x9a3f410c6ca92363), U64(0x4bea6bacad474799) - }, { - U64(0xfa68407a46647d6e), U64(0xbf71c57236904f35), - U64(0x0af21f66c2bec6b6), U64(0xcffaa6b71c9ab7b4), - U64(0x187f9ab49af08ec6), U64(0x2d66c4f95142a46c), - U64(0x6fa4c33b7a3039c0), U64(0xae4faeae1d3ad3d9) - }, { - U64(0x8886564d3a14d493), U64(0x3517454ca23c4af3), - U64(0x06476983284a0504), U64(0x0992abc52d822c37), - U64(0xd3473e33197a93c9), U64(0x399ec6c7e6bf87c9), - U64(0x51ac86febf240954), U64(0xf4c70e16eeaac5ec) - }, { - U64(0xa47f0dd4bf02e71e), U64(0x36acc2355951a8d9), - U64(0x69d18d2bd1a5c42f), U64(0xf4892bcb929b0690), - U64(0x89b4443b4ddbc49a), U64(0x4eb7f8719c36de1e), - U64(0x03e7aa020c6e4141), U64(0x9b1f5b424d93c9a7) - }, { - U64(0x7261445183235adb), U64(0x0e38dc92cb1f2a60), - U64(0x7b2b8a9aa6079c54), U64(0x800a440bdbb2ceb1), - U64(0x3cd955b7e00d0984), U64(0x3a7d3a1b25894224), - U64(0x944c9ad8ec165fde), U64(0x378f5a541631229b) - }, { - U64(0x74b4c7fb98459ced), U64(0x3698fad1153bb6c3), - U64(0x7a1e6c303b7652f4), U64(0x9fe76702af69334b), - U64(0x1fffe18a1b336103), U64(0x8941e71cff8a78db), - U64(0x382ae548b2e4f3f3), U64(0xabbedea680056f52) - }, { - U64(0x6bcaa4cd81f32d1b), U64(0xdea2594ac06fd85d), - U64(0xefbacd1d7d476e98), U64(0x8a1d71efea48b9ca), - U64(0x2001802114846679), U64(0xd8fa6bbbebab0761), - U64(0x3002c6cd635afe94), U64(0x7bcd9ed0efc889fb) - }, { - U64(0x48bc924af11bd720), U64(0xfaf417d5d9b21b99), - U64(0xe71da4aa88e12852), U64(0x5d80ef9d1891cc86), - U64(0xf82012d430219f9b), U64(0xcda43c32bcdf1d77), - U64(0xd21380b00449b17a), U64(0x378ee767f11631ba) - }, -}; - -#define B(x,i,j) (((STREEBOG_LONG64)(*(((const unsigned char *)(&x))+i)))<<(j*8)) -#define PULL64(x) (B(x,0,0)|B(x,1,1)|B(x,2,2)|B(x,3,3)|B(x,4,4)|B(x,5,5)|B(x,6,6)|B(x,7,7)) -#define SWAB64(x) (B(x,0,7)|B(x,1,6)|B(x,2,5)|B(x,3,4)|B(x,4,3)|B(x,5,2)|B(x,6,1)|B(x,7,0)) - -static inline STREEBOG_LONG64 -multipermute(const STREEBOG_LONG64 *in, int i) -{ - STREEBOG_LONG64 t = 0; - - t ^= A_PI_table[0][(in[0] >> (i * 8)) & 0xff]; - t ^= A_PI_table[1][(in[1] >> (i * 8)) & 0xff]; - t ^= A_PI_table[2][(in[2] >> (i * 8)) & 0xff]; - t ^= A_PI_table[3][(in[3] >> (i * 8)) & 0xff]; - t ^= A_PI_table[4][(in[4] >> (i * 8)) & 0xff]; - t ^= A_PI_table[5][(in[5] >> (i * 8)) & 0xff]; - t ^= A_PI_table[6][(in[6] >> (i * 8)) & 0xff]; - t ^= A_PI_table[7][(in[7] >> (i * 8)) & 0xff]; - - return t; -} - -static void -transform(STREEBOG_LONG64 *out, const STREEBOG_LONG64 *a, - const STREEBOG_LONG64 *b) -{ - STREEBOG_LONG64 tmp[8]; - - tmp[0] = a[0] ^ b[0]; - tmp[1] = a[1] ^ b[1]; - tmp[2] = a[2] ^ b[2]; - tmp[3] = a[3] ^ b[3]; - tmp[4] = a[4] ^ b[4]; - tmp[5] = a[5] ^ b[5]; - tmp[6] = a[6] ^ b[6]; - tmp[7] = a[7] ^ b[7]; - - out[0] = multipermute(tmp, 0); - out[1] = multipermute(tmp, 1); - out[2] = multipermute(tmp, 2); - out[3] = multipermute(tmp, 3); - out[4] = multipermute(tmp, 4); - out[5] = multipermute(tmp, 5); - out[6] = multipermute(tmp, 6); - out[7] = multipermute(tmp, 7); -} - -static inline void -gN(STREEBOG_LONG64 *h, STREEBOG_LONG64 *m, STREEBOG_LONG64 *N) -{ - STREEBOG_LONG64 K[8]; - STREEBOG_LONG64 T[8]; - int i; - - transform(K, h, N); - - transform(T, K, m); - transform(K, K, C16[0]); - for (i = 1; i < 12; i++) { - transform(T, K, T); - transform(K, K, C16[i]); - } - - h[0] ^= T[0] ^ K[0] ^ m[0]; - h[1] ^= T[1] ^ K[1] ^ m[1]; - h[2] ^= T[2] ^ K[2] ^ m[2]; - h[3] ^= T[3] ^ K[3] ^ m[3]; - h[4] ^= T[4] ^ K[4] ^ m[4]; - h[5] ^= T[5] ^ K[5] ^ m[5]; - h[6] ^= T[6] ^ K[6] ^ m[6]; - h[7] ^= T[7] ^ K[7] ^ m[7]; -} - - -static void -streebog_single_block(STREEBOG_CTX *ctx, const unsigned char *in, size_t num) -{ - STREEBOG_LONG64 M[8], l; - STREEBOG_LONG64 CF; - int i; - - for (i = 0; i < 8; i++) - M[i] = PULL64(in[i*8]); - - gN(ctx->h, M, ctx->N); - - l = ctx->N[0]; - ctx->N[0] += num; - - if (ctx->N[0] < l || ctx->N[0] < num) { - for (i = 1; i < 8; i++) { - ctx->N[i]++; - if (ctx->N[i] != 0) - break; - } - } - - CF = 0; - ctx->Sigma[0] += M[0]; - for (i = 1; i < 8; i++) { - if (ctx->Sigma[i-1] != M[i-1]) - CF = (ctx->Sigma[i-1] < M[i-1]); - ctx->Sigma[i] += M[i] + CF; - } -} - - - -static void -streebog_block_data_order(STREEBOG_CTX *ctx, const unsigned char *in, - size_t num) -{ - int i; - - for (i = 0; i < num; i++) - streebog_single_block(ctx, in + i * STREEBOG_CBLOCK, 64 * 8); -} - -int -STREEBOG512_Final(unsigned char *md, STREEBOG_CTX *c) -{ - unsigned char *p = (unsigned char *)c->data; - STREEBOG_LONG64 Z[STREEBOG_LBLOCK] = {0}; - int n; - - if (c->num == STREEBOG_CBLOCK) { - streebog_block_data_order(c, p, 1); - c->num -= STREEBOG_CBLOCK; - } - - n = c->num; - p[n++] = 1; - memset(p + n, 0, STREEBOG_CBLOCK - n); - - streebog_single_block(c, p, c->num * 8); - - gN(c->h, c->N, Z); - gN(c->h, c->Sigma, Z); - - for (n = 0; n < STREEBOG_LBLOCK; n++) - c->h[n] = SWAB64(c->h[n]); - - if (md == NULL) - return 0; - - switch (c->md_len) { - /* Let compiler decide if it's appropriate to unroll... */ - case STREEBOG256_LENGTH: - for (n = 0; n < STREEBOG256_LENGTH / 8; n++) { - STREEBOG_LONG64 t = c->h[4+n]; - -#if BYTE_ORDER == BIG_ENDIAN - *(md++) = (unsigned char)(t); - *(md++) = (unsigned char)(t >> 8); - *(md++) = (unsigned char)(t >> 16); - *(md++) = (unsigned char)(t >> 24); - *(md++) = (unsigned char)(t >> 32); - *(md++) = (unsigned char)(t >> 40); - *(md++) = (unsigned char)(t >> 48); - *(md++) = (unsigned char)(t >> 56); -#else - *(md++) = (unsigned char)(t >> 56); - *(md++) = (unsigned char)(t >> 48); - *(md++) = (unsigned char)(t >> 40); - *(md++) = (unsigned char)(t >> 32); - *(md++) = (unsigned char)(t >> 24); - *(md++) = (unsigned char)(t >> 16); - *(md++) = (unsigned char)(t >> 8); - *(md++) = (unsigned char)(t); -#endif - } - break; - case STREEBOG512_LENGTH: - for (n = 0; n < STREEBOG512_LENGTH / 8; n++) { - STREEBOG_LONG64 t = c->h[n]; - -#if BYTE_ORDER == BIG_ENDIAN - *(md++) = (unsigned char)(t); - *(md++) = (unsigned char)(t >> 8); - *(md++) = (unsigned char)(t >> 16); - *(md++) = (unsigned char)(t >> 24); - *(md++) = (unsigned char)(t >> 32); - *(md++) = (unsigned char)(t >> 40); - *(md++) = (unsigned char)(t >> 48); - *(md++) = (unsigned char)(t >> 56); -#else - *(md++) = (unsigned char)(t >> 56); - *(md++) = (unsigned char)(t >> 48); - *(md++) = (unsigned char)(t >> 40); - *(md++) = (unsigned char)(t >> 32); - *(md++) = (unsigned char)(t >> 24); - *(md++) = (unsigned char)(t >> 16); - *(md++) = (unsigned char)(t >> 8); - *(md++) = (unsigned char)(t); -#endif - } - break; - /* ... as well as make sure md_len is not abused. */ - default: - return 0; - } - - return 1; -} -LCRYPTO_ALIAS(STREEBOG512_Final); - -int -STREEBOG256_Final(unsigned char *md, STREEBOG_CTX * c) -{ - return STREEBOG512_Final(md, c); -} -LCRYPTO_ALIAS(STREEBOG256_Final); - -int -STREEBOG512_Update(STREEBOG_CTX *c, const void *_data, size_t len) -{ - unsigned char *p = (unsigned char *)c->data; - const unsigned char *data = (const unsigned char *)_data; - - if (len == 0) - return 1; - - if (c->num != 0) { - size_t n = STREEBOG_CBLOCK - c->num; - - if (len < n) { - memcpy(p + c->num, data, len); - c->num += (unsigned int)len; - return 1; - } else { - memcpy(p + c->num, data, n); - c->num = 0; - len -= n; - data += n; - streebog_block_data_order(c, p, 1); - } - } - - if (len >= STREEBOG_CBLOCK) { - streebog_block_data_order(c, data, len / STREEBOG_CBLOCK); - data += len; - len %= STREEBOG_CBLOCK; - data -= len; - } - - if (len != 0) { - memcpy(p, data, len); - c->num = (int)len; - } - - return 1; -} -LCRYPTO_ALIAS(STREEBOG512_Update); - -int -STREEBOG256_Update(STREEBOG_CTX *c, const void *data, size_t len) -{ - return STREEBOG512_Update(c, data, len); -} -LCRYPTO_ALIAS(STREEBOG256_Update); - -void -STREEBOG512_Transform(STREEBOG_CTX *c, const unsigned char *data) -{ - streebog_block_data_order(c, data, 1); -} -LCRYPTO_ALIAS(STREEBOG512_Transform); - -int -STREEBOG256_Init(STREEBOG_CTX *c) -{ - memset(c, 0, sizeof(*c)); - memset(c->h, 1, sizeof(c->h)); - - c->md_len = STREEBOG256_LENGTH; - return 1; -} -LCRYPTO_ALIAS(STREEBOG256_Init); - -int -STREEBOG512_Init(STREEBOG_CTX *c) -{ - memset(c, 0, sizeof(*c)); - memset(c->h, 0, sizeof(c->h)); - - c->num = 0; - c->md_len = STREEBOG512_LENGTH; - return 1; -} -LCRYPTO_ALIAS(STREEBOG512_Init); - -unsigned char * -STREEBOG256(const unsigned char *d, size_t n, unsigned char *md) -{ - STREEBOG_CTX c; - static unsigned char m[STREEBOG256_LENGTH]; - - if (md == NULL) - md = m; - STREEBOG256_Init(&c); - STREEBOG256_Update(&c, d, n); - STREEBOG256_Final(md, &c); - explicit_bzero(&c, sizeof(c)); - return (md); -} -LCRYPTO_ALIAS(STREEBOG256); - -unsigned char * -STREEBOG512(const unsigned char *d, size_t n, unsigned char *md) -{ - STREEBOG_CTX c; - static unsigned char m[STREEBOG512_LENGTH]; - - if (md == NULL) - md = m; - STREEBOG512_Init(&c); - STREEBOG512_Update(&c, d, n); - STREEBOG512_Final(md, &c); - explicit_bzero(&c, sizeof(c)); - return (md); -} -LCRYPTO_ALIAS(STREEBOG512); - -#endif diff --git a/lib/libcrypto/opensslfeatures.h b/lib/libcrypto/opensslfeatures.h index 02d52289537..faebb1f3450 100644 --- a/lib/libcrypto/opensslfeatures.h +++ b/lib/libcrypto/opensslfeatures.h @@ -1,4 +1,4 @@ -/* $OpenBSD: opensslfeatures.h,v 1.41 2023/07/28 09:53:55 tb Exp $ */ +/* $OpenBSD: opensslfeatures.h,v 1.42 2024/03/02 11:17:27 tb Exp $ */ /* * Feature flags for LibreSSL... so you can actually tell when things * are enabled, rather than not being able to tell when things are @@ -67,7 +67,7 @@ /* #define OPENSSL_NO_ERR */ /* #define OPENSSL_NO_FUZZ_AFL */ /* #define OPENSSL_NO_FUZZ_LIBFUZZER */ -/* #define OPENSSL_NO_GOST */ +#define OPENSSL_NO_GOST #define OPENSSL_NO_HEARTBEATS /* #define OPENSSL_NO_HW */ /* #define OPENSSL_NO_HW_PADLOCK */