/********************************************************************** * keywrap.c * * Copyright (c) 2005-2006 Cryptocom LTD * * This file is distributed under the same license as OpenSSL * * * * Implementation of CryptoPro key wrap algorithm, as defined in * * RFC 4357 p 6.3 and 6.4 * * Doesn't need OpenSSL * **********************************************************************/ #include #include "gost89.h" #include "gost_keywrap.h" /*- * Diversifies key using random UserKey Material * Implements RFC 4357 p 6.5 key diversification algorithm * * inputKey - 32byte key to be diversified * ukm - 8byte user key material * outputKey - 32byte buffer to store diversified key * */ void keyDiversifyCryptoPro(gost_ctx *ctx,const unsigned char *inputKey, const unsigned char *ukm, unsigned char *outputKey) { u4 k,s1,s2; int i,j,mask; unsigned char S[8]; memcpy(outputKey,inputKey,32); for (i=0;i<8;i++) { /* Make array of integers from key */ /* Compute IV S*/ s1=0,s2=0; for (j=0,mask=1;j<8;j++,mask<<=1) { k=((u4)outputKey[4*j])|(outputKey[4*j+1]<<8)| (outputKey[4*j+2]<<16)|(outputKey[4*j+3]<<24); if (mask & ukm[i]) { s1+=k; } else { s2+=k; } } S[0]=(unsigned char)(s1&0xff); S[1]=(unsigned char)((s1>>8)&0xff); S[2]=(unsigned char)((s1>>16)&0xff); S[3]=(unsigned char)((s1>>24)&0xff); S[4]=(unsigned char)(s2&0xff); S[5]=(unsigned char)((s2>>8)&0xff); S[6]=(unsigned char)((s2>>16)&0xff); S[7]=(unsigned char)((s2>>24)&0xff); gost_key(ctx,outputKey); gost_enc_cfb(ctx,S,outputKey,outputKey,4); } } /*- * Wraps key using RFC 4357 6.3 * ctx - gost encryption context, initialized with some S-boxes * keyExchangeKey (KEK) 32-byte (256-bit) shared key * ukm - 8 byte (64 bit) user key material, * sessionKey - 32-byte (256-bit) key to be wrapped * wrappedKey - 44-byte buffer to store wrapped key */ int keyWrapCryptoPro(gost_ctx *ctx,const unsigned char *keyExchangeKey, const unsigned char *ukm, const unsigned char *sessionKey, unsigned char *wrappedKey) { unsigned char kek_ukm[32]; keyDiversifyCryptoPro(ctx,keyExchangeKey,ukm,kek_ukm); gost_key(ctx,kek_ukm); memcpy(wrappedKey,ukm,8); gost_enc(ctx,sessionKey,wrappedKey+8,4); gost_mac_iv(ctx,32,ukm,sessionKey,32,wrappedKey+40); return 1; } /*- * Unwraps key using RFC 4357 6.4 * ctx - gost encryption context, initialized with some S-boxes * keyExchangeKey 32-byte shared key * wrappedKey 44 byte key to be unwrapped (concatenation of 8-byte UKM, * 32 byte encrypted key and 4 byte MAC * * sessionKEy - 32byte buffer to store sessionKey in * Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match */ int keyUnwrapCryptoPro(gost_ctx *ctx,const unsigned char *keyExchangeKey, const unsigned char *wrappedKey, unsigned char *sessionKey) { unsigned char kek_ukm[32],cek_mac[4]; keyDiversifyCryptoPro(ctx,keyExchangeKey,wrappedKey /* First 8 bytes of wrapped Key is ukm */ ,kek_ukm); gost_key(ctx,kek_ukm); gost_dec(ctx,wrappedKey+8,sessionKey,4); gost_mac_iv(ctx,32,wrappedKey,sessionKey,32,cek_mac); if (memcmp(cek_mac,wrappedKey+40,4)) { return 0; } return 1; }