xcrypt 0.1.0

data/ext/libxcrypt/lib/alg-gost3411-2012-core.c

@@ -0,0 +1,238 @@
+/*
+ * Copyright (c) 2013, Alexey Degtyarev <alexey@renatasystems.org>.
+ * All rights reserved.
+ *
+ * GOST R 34.11-2012 core and API functions.
+ *
+ * $Id$
+ */
+
+#include "crypt-port.h"
+
+#if INCLUDE_gost_yescrypt
+
+#include "alg-gost3411-2012-core.h"
+
+#pragma GCC diagnostic ignored "-Wcast-align"
+
+#define BSWAP64(x) \
+    (((x & 0xFF00000000000000ULL) >> 56) | \
+     ((x & 0x00FF000000000000ULL) >> 40) | \
+     ((x & 0x0000FF0000000000ULL) >> 24) | \
+     ((x & 0x000000FF00000000ULL) >>  8) | \
+     ((x & 0x00000000FF000000ULL) <<  8) | \
+     ((x & 0x0000000000FF0000ULL) << 24) | \
+     ((x & 0x000000000000FF00ULL) << 40) | \
+     ((x & 0x00000000000000FFULL) << 56))
+
+void
+GOST34112012Cleanup(GOST34112012Context *CTX)
+{
+    explicit_bzero(CTX, sizeof (GOST34112012Context));
+}
+
+void
+GOST34112012Init(GOST34112012Context *CTX, const unsigned int digest_size)
+{
+    unsigned int i;
+
+    memset(CTX, 0, sizeof (GOST34112012Context));
+    CTX->digest_size = digest_size;
+
+    for (i = 0; i < 8; i++)
+    {
+        if (digest_size == 256)
+            CTX->h.QWORD[i] = 0x0101010101010101ULL;
+        else
+            CTX->h.QWORD[i] = 0x00ULL;
+    }
+}
+
+static inline void
+pad(GOST34112012Context *CTX)
+{
+    if (CTX->bufsize < sizeof CTX->buffer)
+    {
+        memset (CTX->buffer + CTX->bufsize, 0,
+                sizeof(CTX->buffer) - CTX->bufsize);
+        CTX->buffer[CTX->bufsize] = 0x01;
+    }
+}
+
+static inline void
+add512(const uint512_u *x, const uint512_u *y, uint512_u *r)
+{
+#ifndef __GOST3411_BIG_ENDIAN__
+    unsigned int CF;
+    unsigned int i;
+
+    CF = 0;
+    for (i = 0; i < 8; i++)
+    {
+        const unsigned long long left = x->QWORD[i];
+        unsigned long long sum;
+
+        sum = left + y->QWORD[i] + CF;
+        if (sum != left)
+            CF = (sum < left);
+        r->QWORD[i] = sum;
+    }
+#else
+    const unsigned char *xp, *yp;
+    unsigned char *rp;
+    unsigned int i;
+    int buf;
+
+    xp = (const unsigned char *) &x[0];
+    yp = (const unsigned char *) &y[0];
+    rp = (unsigned char *) &r[0];
+
+    buf = 0;
+    for (i = 0; i < 64; i++)
+    {
+        buf = xp[i] + yp[i] + (buf >> 8);
+        rp[i] = (unsigned char) (buf & 0xFF);
+    }
+#endif
+}
+
+static void
+g(uint512_u *h, const uint512_u *N, const unsigned char *m)
+{
+#ifdef __GOST3411_HAS_SSE2__
+    __m128i xmm0, xmm2, xmm4, xmm6; /* XMMR0-quadruple */
+    __m128i xmm1, xmm3, xmm5, xmm7; /* XMMR1-quadruple */
+    unsigned int i;
+
+    LOAD(N, xmm0, xmm2, xmm4, xmm6);
+    XLPS128M(h, xmm0, xmm2, xmm4, xmm6);
+
+    LOAD(m, xmm1, xmm3, xmm5, xmm7);
+    XLPS128R(xmm0, xmm2, xmm4, xmm6, xmm1, xmm3, xmm5, xmm7);
+
+    for (i = 0; i < 11; i++)
+        ROUND128(i, xmm0, xmm2, xmm4, xmm6, xmm1, xmm3, xmm5, xmm7);
+
+    XLPS128M((&C[11]), xmm0, xmm2, xmm4, xmm6);
+    X128R(xmm0, xmm2, xmm4, xmm6, xmm1, xmm3, xmm5, xmm7);
+
+    X128M(h, xmm0, xmm2, xmm4, xmm6);
+    X128M(m, xmm0, xmm2, xmm4, xmm6);
+
+    UNLOAD(h, xmm0, xmm2, xmm4, xmm6);
+
+    /* Restore the Floating-point status on the CPU */
+    _mm_empty();
+#else
+    uint512_u Ki, data;
+    unsigned int i;
+
+    XLPS(h, N, (&data));
+
+    /* Starting E() */
+    Ki = data;
+    XLPS((&Ki), ((const uint512_u *) &m[0]), (&data));
+
+    for (i = 0; i < 11; i++)
+        ROUND(i, (&Ki), (&data));
+
+    XLPS((&Ki), (&C[11]), (&Ki));
+    X((&Ki), (&data), (&data));
+    /* E() done */
+
+    X((&data), h, (&data));
+    X((&data), ((const uint512_u *) &m[0]), h);
+#endif
+}
+
+static inline void
+stage2(GOST34112012Context *CTX, const unsigned char *data)
+{
+    uint512_u m;
+
+    memcpy(&m, data, sizeof(m));
+    g(&(CTX->h), &(CTX->N), (const unsigned char *)&m);
+
+    add512(&(CTX->N), &buffer512, &(CTX->N));
+    add512(&(CTX->Sigma), &m, &(CTX->Sigma));
+}
+
+static inline void
+stage3(GOST34112012Context *CTX)
+{
+    uint512_u buf = {{ 0 }};
+
+#ifndef __GOST3411_BIG_ENDIAN__
+    buf.QWORD[0] = CTX->bufsize << 3;
+#else
+    buf.QWORD[0] = BSWAP64(CTX->bufsize << 3);
+#endif
+
+    pad(CTX);
+
+    g(&(CTX->h), &(CTX->N), (const unsigned char *) &(CTX->buffer));
+
+    add512(&(CTX->N), &buf, &(CTX->N));
+    add512(&(CTX->Sigma), (const uint512_u *) &CTX->buffer[0],
+           &(CTX->Sigma));
+
+    g(&(CTX->h), &buffer0, (const unsigned char *) &(CTX->N));
+
+    g(&(CTX->h), &buffer0, (const unsigned char *) &(CTX->Sigma));
+    memcpy(&(CTX->hash), &(CTX->h), sizeof (uint512_u));
+}
+
+void
+GOST34112012Update(GOST34112012Context *CTX, const unsigned char *data, size_t len)
+{
+    size_t chunksize;
+
+    if (CTX->bufsize) {
+        chunksize = 64 - CTX->bufsize;
+        if (chunksize > len)
+            chunksize = len;
+
+        memcpy(&CTX->buffer[CTX->bufsize], data, chunksize);
+
+        CTX->bufsize += chunksize;
+        len -= chunksize;
+        data += chunksize;
+
+        if (CTX->bufsize == 64)
+        {
+            stage2(CTX, CTX->buffer);
+
+            CTX->bufsize = 0;
+        }
+    }
+
+    while (len > 63)
+    {
+        stage2(CTX, data);
+
+        data += 64;
+        len  -= 64;
+    }
+
+    if (len) {
+        memcpy(&CTX->buffer, data, len);
+        CTX->bufsize = len;
+    }
+}
+
+void
+GOST34112012Final(GOST34112012Context *CTX, unsigned char *digest)
+{
+    stage3(CTX);
+
+    CTX->bufsize = 0;
+
+    if (CTX->digest_size == 256)
+        memcpy(digest, &(CTX->hash.QWORD[4]), 32);
+    else
+        memcpy(digest, &(CTX->hash.QWORD[0]), 64);
+
+    GOST34112012Cleanup(CTX);
+}
+
+#endif /* INCLUDE_gost_yescrypt */

data/ext/libxcrypt/lib/alg-gost3411-2012-core.h

@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2013, Alexey Degtyarev <alexey@renatasystems.org>.
+ * All rights reserved.
+ *
+ * $Id$
+ */
+
+#ifndef _CRYPT_ALG_GOST3411_2012_CORE_H
+#define _CRYPT_ALG_GOST3411_2012_CORE_H
+
+#if defined   __GOST3411_HAS_SSE41__
+#include "alg-gost3411-2012-sse41.h"
+#elif defined __GOST3411_HAS_SSE2__
+#include "alg-gost3411-2012-sse2.h"
+#elif defined __GOST3411_HAS_MMX__
+#include "alg-gost3411-2012-mmx.h"
+#else
+#include "alg-gost3411-2012-ref.h"
+#endif
+
+typedef union uint512_u
+{
+    unsigned long long QWORD[8];
+} uint512_u;
+
+#include "alg-gost3411-2012-const.h"
+#include "alg-gost3411-2012-precalc.h"
+
+typedef struct GOST34112012Context
+{
+    unsigned char buffer[64];
+    uint512_u hash;
+    uint512_u h;
+    uint512_u N;
+    uint512_u Sigma;
+    size_t bufsize;
+    unsigned int digest_size;
+} GOST34112012Context;
+
+extern void GOST34112012Init(GOST34112012Context *CTX,
+               const unsigned int digest_size);
+
+extern void GOST34112012Update(GOST34112012Context *CTX,
+               const unsigned char *data, size_t len);
+
+extern void GOST34112012Final(GOST34112012Context *CTX,
+               unsigned char *digest);
+
+extern void GOST34112012Cleanup(GOST34112012Context *CTX);
+
+#endif /* alg-gost3411-2012-core.h */

data/ext/libxcrypt/lib/alg-gost3411-2012-hmac.c

@@ -0,0 +1,78 @@
+/* Copyright (C) 2018 vt@altlinux.org
+ * Copyright (C) 2018 Björn Esser <besser82@fedoraproject.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+
+#include "crypt-port.h"
+
+#if INCLUDE_gost_yescrypt
+
+#include "alg-gost3411-2012-hmac.h"
+
+/* GOST2012_256 */
+void
+gost_hash256 (const uint8_t *t, size_t n, uint8_t *out32,
+              GOST34112012Context *ctx)
+{
+  GOST34112012Init (ctx, GOSTR3411_2012_BITS);
+  GOST34112012Update (ctx, t, n);
+  GOST34112012Final (ctx, out32);
+}
+
+/* HMAC_GOSTR3411_2012_256 */
+void
+gost_hmac256 (const uint8_t *k, size_t n, const uint8_t *t, size_t len,
+              uint8_t *out32, gost_hmac_256_t *gostbuf)
+{
+  size_t i;
+
+  /* R 50.1.113-2016 only allowed N to be in range 256..512 bits */
+  assert (n >= GOSTR3411_2012_L && n <= GOSTR3411_2012_B);
+
+  for (i = 0; i < sizeof (gostbuf->pad); i++)
+    gostbuf->kstar[i] = i < n ? k[i] : 0;
+
+  GOST34112012Init (&gostbuf->ctx, GOSTR3411_2012_BITS);
+
+  for (i = 0; i < sizeof (gostbuf->pad); i++)
+    gostbuf->pad[i] = gostbuf->kstar[i] ^ 0x36; /* ipad */
+
+  GOST34112012Update (&gostbuf->ctx, gostbuf->pad,
+                      sizeof (gostbuf->pad));
+  GOST34112012Update (&gostbuf->ctx, t, len);
+  GOST34112012Final (&gostbuf->ctx, gostbuf->digest);
+
+  /* Clear the context state. */
+  explicit_bzero (&gostbuf->ctx, sizeof (GOST34112012Context));
+
+  GOST34112012Init (&gostbuf->ctx, GOSTR3411_2012_BITS);
+
+  for (i = 0; i < sizeof (gostbuf->pad); i++)
+    gostbuf->pad[i] = gostbuf->kstar[i] ^ 0x5c; /* opad */
+
+  GOST34112012Update (&gostbuf->ctx, gostbuf->pad,
+                      sizeof (gostbuf->pad));
+  GOST34112012Update (&gostbuf->ctx, gostbuf->digest,
+                      sizeof (gostbuf->digest));
+  GOST34112012Final (&gostbuf->ctx, out32);
+
+  /* Clear the context state. */
+  explicit_bzero (gostbuf, sizeof (gost_hmac_256_t));
+}
+
+#endif /* INCLUDE_gost_yescrypt */

data/ext/libxcrypt/lib/alg-gost3411-2012-hmac.h

@@ -0,0 +1,46 @@
+/* Copyright (C) 2018 vt@altlinux.org
+ * Copyright (C) 2018 Björn Esser <besser82@fedoraproject.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef _CRYPT_ALG_GOST3411_2012_HMAC_H
+#define _CRYPT_ALG_GOST3411_2012_HMAC_H
+
+#include "alg-gost3411-2012-core.h"
+
+/* Constants for HMAC_GOSTR3411_2012_256 */
+#define GOSTR3411_2012_L 32 /* hash output len */
+#define GOSTR3411_2012_B 64 /* hash input len (512) */
+#define GOSTR3411_2012_BITS GOSTR3411_2012_L * 8 /* 256 */
+
+typedef struct
+{
+  GOST34112012Context ctx;
+  unsigned char pad[GOSTR3411_2012_B];   /* ipad and opad */
+  unsigned char kstar[GOSTR3411_2012_B]; /* derived key */
+  unsigned char digest[GOSTR3411_2012_L];
+} gost_hmac_256_t;
+
+extern void
+gost_hash256 (const uint8_t *t, size_t n, uint8_t *out32,
+              GOST34112012Context *ctx);
+
+extern void
+gost_hmac256 (const uint8_t *k, size_t n, const uint8_t *t, size_t len,
+              uint8_t *out32, gost_hmac_256_t *gostbuf);
+
+#endif /* alg-gost3411-2012-hmac.h */