Commit b708992f authored by Dmitry Baryshkov's avatar Dmitry Baryshkov Committed by Niels Möller
Browse files

Add support for GOSTHASH94CP: GOST R 34.11-94 hash with CryptoPro S-box

Hash gosthash94 implements GOST R 34.11-94 standard using S-Box defined
in the standard 'for testing purposes only'. RFC 4357 defines S-Box
(CryptoPro one) for GOST R 34.11-94 hash function that is widely used in
applications. Add separate hash function algorithm (gosthash94cp)
implementing GOST R 34.11-94 hashing using that S-Box.

Signed-off-by: Dmitry Baryshkov's avatarDmitry Eremin-Solenikov <>
parent 946d45d2
......@@ -918,6 +918,7 @@ main(int argc, char **argv)
&nettle_sha3_224, &nettle_sha3_256,
&nettle_sha3_384, &nettle_sha3_512,
&nettle_ripemd160, &nettle_gosthash94,
......@@ -304,6 +304,273 @@ const struct gost28147_param gost28147_param_test_3411 =
const struct gost28147_param gost28147_param_CryptoPro_3411 =
{ /* 0 */
0x0002d000, 0x0002a000, 0x0002a800, 0x0002b000,
0x0002c000, 0x00028800, 0x00029800, 0x0002b800,
0x0002e800, 0x0002e000, 0x0002f000, 0x00028000,
0x0002c800, 0x00029000, 0x0002d800, 0x0002f800,
0x0007d000, 0x0007a000, 0x0007a800, 0x0007b000,
0x0007c000, 0x00078800, 0x00079800, 0x0007b800,
0x0007e800, 0x0007e000, 0x0007f000, 0x00078000,
0x0007c800, 0x00079000, 0x0007d800, 0x0007f800,
0x00025000, 0x00022000, 0x00022800, 0x00023000,
0x00024000, 0x00020800, 0x00021800, 0x00023800,
0x00026800, 0x00026000, 0x00027000, 0x00020000,
0x00024800, 0x00021000, 0x00025800, 0x00027800,
0x00005000, 0x00002000, 0x00002800, 0x00003000,
0x00004000, 0x00000800, 0x00001800, 0x00003800,
0x00006800, 0x00006000, 0x00007000, 0x00000000,
0x00004800, 0x00001000, 0x00005800, 0x00007800,
0x00015000, 0x00012000, 0x00012800, 0x00013000,
0x00014000, 0x00010800, 0x00011800, 0x00013800,
0x00016800, 0x00016000, 0x00017000, 0x00010000,
0x00014800, 0x00011000, 0x00015800, 0x00017800,
0x0006d000, 0x0006a000, 0x0006a800, 0x0006b000,
0x0006c000, 0x00068800, 0x00069800, 0x0006b800,
0x0006e800, 0x0006e000, 0x0006f000, 0x00068000,
0x0006c800, 0x00069000, 0x0006d800, 0x0006f800,
0x0005d000, 0x0005a000, 0x0005a800, 0x0005b000,
0x0005c000, 0x00058800, 0x00059800, 0x0005b800,
0x0005e800, 0x0005e000, 0x0005f000, 0x00058000,
0x0005c800, 0x00059000, 0x0005d800, 0x0005f800,
0x0004d000, 0x0004a000, 0x0004a800, 0x0004b000,
0x0004c000, 0x00048800, 0x00049800, 0x0004b800,
0x0004e800, 0x0004e000, 0x0004f000, 0x00048000,
0x0004c800, 0x00049000, 0x0004d800, 0x0004f800,
0x0000d000, 0x0000a000, 0x0000a800, 0x0000b000,
0x0000c000, 0x00008800, 0x00009800, 0x0000b800,
0x0000e800, 0x0000e000, 0x0000f000, 0x00008000,
0x0000c800, 0x00009000, 0x0000d800, 0x0000f800,
0x0003d000, 0x0003a000, 0x0003a800, 0x0003b000,
0x0003c000, 0x00038800, 0x00039800, 0x0003b800,
0x0003e800, 0x0003e000, 0x0003f000, 0x00038000,
0x0003c800, 0x00039000, 0x0003d800, 0x0003f800,
0x00035000, 0x00032000, 0x00032800, 0x00033000,
0x00034000, 0x00030800, 0x00031800, 0x00033800,
0x00036800, 0x00036000, 0x00037000, 0x00030000,
0x00034800, 0x00031000, 0x00035800, 0x00037800,
0x0001d000, 0x0001a000, 0x0001a800, 0x0001b000,
0x0001c000, 0x00018800, 0x00019800, 0x0001b800,
0x0001e800, 0x0001e000, 0x0001f000, 0x00018000,
0x0001c800, 0x00019000, 0x0001d800, 0x0001f800,
0x00065000, 0x00062000, 0x00062800, 0x00063000,
0x00064000, 0x00060800, 0x00061800, 0x00063800,
0x00066800, 0x00066000, 0x00067000, 0x00060000,
0x00064800, 0x00061000, 0x00065800, 0x00067800,
0x00075000, 0x00072000, 0x00072800, 0x00073000,
0x00074000, 0x00070800, 0x00071800, 0x00073800,
0x00076800, 0x00076000, 0x00077000, 0x00070000,
0x00074800, 0x00071000, 0x00075800, 0x00077800,
0x00055000, 0x00052000, 0x00052800, 0x00053000,
0x00054000, 0x00050800, 0x00051800, 0x00053800,
0x00056800, 0x00056000, 0x00057000, 0x00050000,
0x00054800, 0x00051000, 0x00055800, 0x00057800,
0x00045000, 0x00042000, 0x00042800, 0x00043000,
0x00044000, 0x00040800, 0x00041800, 0x00043800,
0x00046800, 0x00046000, 0x00047000, 0x00040000,
0x00044800, 0x00041000, 0x00045800, 0x00047800,
}, { /* 1 */
0x02380000, 0x02780000, 0x02600000, 0x02700000,
0x02480000, 0x02200000, 0x02080000, 0x02000000,
0x02180000, 0x02580000, 0x02280000, 0x02100000,
0x02300000, 0x02500000, 0x02400000, 0x02680000,
0x05380000, 0x05780000, 0x05600000, 0x05700000,
0x05480000, 0x05200000, 0x05080000, 0x05000000,
0x05180000, 0x05580000, 0x05280000, 0x05100000,
0x05300000, 0x05500000, 0x05400000, 0x05680000,
0x03b80000, 0x03f80000, 0x03e00000, 0x03f00000,
0x03c80000, 0x03a00000, 0x03880000, 0x03800000,
0x03980000, 0x03d80000, 0x03a80000, 0x03900000,
0x03b00000, 0x03d00000, 0x03c00000, 0x03e80000,
0x06380000, 0x06780000, 0x06600000, 0x06700000,
0x06480000, 0x06200000, 0x06080000, 0x06000000,
0x06180000, 0x06580000, 0x06280000, 0x06100000,
0x06300000, 0x06500000, 0x06400000, 0x06680000,
0x00380000, 0x00780000, 0x00600000, 0x00700000,
0x00480000, 0x00200000, 0x00080000, 0x00000000,
0x00180000, 0x00580000, 0x00280000, 0x00100000,
0x00300000, 0x00500000, 0x00400000, 0x00680000,
0x07b80000, 0x07f80000, 0x07e00000, 0x07f00000,
0x07c80000, 0x07a00000, 0x07880000, 0x07800000,
0x07980000, 0x07d80000, 0x07a80000, 0x07900000,
0x07b00000, 0x07d00000, 0x07c00000, 0x07e80000,
0x01380000, 0x01780000, 0x01600000, 0x01700000,
0x01480000, 0x01200000, 0x01080000, 0x01000000,
0x01180000, 0x01580000, 0x01280000, 0x01100000,
0x01300000, 0x01500000, 0x01400000, 0x01680000,
0x04380000, 0x04780000, 0x04600000, 0x04700000,
0x04480000, 0x04200000, 0x04080000, 0x04000000,
0x04180000, 0x04580000, 0x04280000, 0x04100000,
0x04300000, 0x04500000, 0x04400000, 0x04680000,
0x07380000, 0x07780000, 0x07600000, 0x07700000,
0x07480000, 0x07200000, 0x07080000, 0x07000000,
0x07180000, 0x07580000, 0x07280000, 0x07100000,
0x07300000, 0x07500000, 0x07400000, 0x07680000,
0x00b80000, 0x00f80000, 0x00e00000, 0x00f00000,
0x00c80000, 0x00a00000, 0x00880000, 0x00800000,
0x00980000, 0x00d80000, 0x00a80000, 0x00900000,
0x00b00000, 0x00d00000, 0x00c00000, 0x00e80000,
0x03380000, 0x03780000, 0x03600000, 0x03700000,
0x03480000, 0x03200000, 0x03080000, 0x03000000,
0x03180000, 0x03580000, 0x03280000, 0x03100000,
0x03300000, 0x03500000, 0x03400000, 0x03680000,
0x02b80000, 0x02f80000, 0x02e00000, 0x02f00000,
0x02c80000, 0x02a00000, 0x02880000, 0x02800000,
0x02980000, 0x02d80000, 0x02a80000, 0x02900000,
0x02b00000, 0x02d00000, 0x02c00000, 0x02e80000,
0x06b80000, 0x06f80000, 0x06e00000, 0x06f00000,
0x06c80000, 0x06a00000, 0x06880000, 0x06800000,
0x06980000, 0x06d80000, 0x06a80000, 0x06900000,
0x06b00000, 0x06d00000, 0x06c00000, 0x06e80000,
0x05b80000, 0x05f80000, 0x05e00000, 0x05f00000,
0x05c80000, 0x05a00000, 0x05880000, 0x05800000,
0x05980000, 0x05d80000, 0x05a80000, 0x05900000,
0x05b00000, 0x05d00000, 0x05c00000, 0x05e80000,
0x04b80000, 0x04f80000, 0x04e00000, 0x04f00000,
0x04c80000, 0x04a00000, 0x04880000, 0x04800000,
0x04980000, 0x04d80000, 0x04a80000, 0x04900000,
0x04b00000, 0x04d00000, 0x04c00000, 0x04e80000,
0x01b80000, 0x01f80000, 0x01e00000, 0x01f00000,
0x01c80000, 0x01a00000, 0x01880000, 0x01800000,
0x01980000, 0x01d80000, 0x01a80000, 0x01900000,
0x01b00000, 0x01d00000, 0x01c00000, 0x01e80000,
}, { /* 2 */
0xb8000003, 0xb0000003, 0xa0000003, 0xd8000003,
0xc8000003, 0xe0000003, 0x90000003, 0xd0000003,
0x88000003, 0xc0000003, 0x80000003, 0xf0000003,
0xf8000003, 0xe8000003, 0x98000003, 0xa8000003,
0x38000003, 0x30000003, 0x20000003, 0x58000003,
0x48000003, 0x60000003, 0x10000003, 0x50000003,
0x08000003, 0x40000003, 0x00000003, 0x70000003,
0x78000003, 0x68000003, 0x18000003, 0x28000003,
0x38000001, 0x30000001, 0x20000001, 0x58000001,
0x48000001, 0x60000001, 0x10000001, 0x50000001,
0x08000001, 0x40000001, 0x00000001, 0x70000001,
0x78000001, 0x68000001, 0x18000001, 0x28000001,
0x38000002, 0x30000002, 0x20000002, 0x58000002,
0x48000002, 0x60000002, 0x10000002, 0x50000002,
0x08000002, 0x40000002, 0x00000002, 0x70000002,
0x78000002, 0x68000002, 0x18000002, 0x28000002,
0xb8000006, 0xb0000006, 0xa0000006, 0xd8000006,
0xc8000006, 0xe0000006, 0x90000006, 0xd0000006,
0x88000006, 0xc0000006, 0x80000006, 0xf0000006,
0xf8000006, 0xe8000006, 0x98000006, 0xa8000006,
0xb8000004, 0xb0000004, 0xa0000004, 0xd8000004,
0xc8000004, 0xe0000004, 0x90000004, 0xd0000004,
0x88000004, 0xc0000004, 0x80000004, 0xf0000004,
0xf8000004, 0xe8000004, 0x98000004, 0xa8000004,
0xb8000007, 0xb0000007, 0xa0000007, 0xd8000007,
0xc8000007, 0xe0000007, 0x90000007, 0xd0000007,
0x88000007, 0xc0000007, 0x80000007, 0xf0000007,
0xf8000007, 0xe8000007, 0x98000007, 0xa8000007,
0x38000000, 0x30000000, 0x20000000, 0x58000000,
0x48000000, 0x60000000, 0x10000000, 0x50000000,
0x08000000, 0x40000000, 0x00000000, 0x70000000,
0x78000000, 0x68000000, 0x18000000, 0x28000000,
0x38000005, 0x30000005, 0x20000005, 0x58000005,
0x48000005, 0x60000005, 0x10000005, 0x50000005,
0x08000005, 0x40000005, 0x00000005, 0x70000005,
0x78000005, 0x68000005, 0x18000005, 0x28000005,
0xb8000000, 0xb0000000, 0xa0000000, 0xd8000000,
0xc8000000, 0xe0000000, 0x90000000, 0xd0000000,
0x88000000, 0xc0000000, 0x80000000, 0xf0000000,
0xf8000000, 0xe8000000, 0x98000000, 0xa8000000,
0xb8000002, 0xb0000002, 0xa0000002, 0xd8000002,
0xc8000002, 0xe0000002, 0x90000002, 0xd0000002,
0x88000002, 0xc0000002, 0x80000002, 0xf0000002,
0xf8000002, 0xe8000002, 0x98000002, 0xa8000002,
0xb8000005, 0xb0000005, 0xa0000005, 0xd8000005,
0xc8000005, 0xe0000005, 0x90000005, 0xd0000005,
0x88000005, 0xc0000005, 0x80000005, 0xf0000005,
0xf8000005, 0xe8000005, 0x98000005, 0xa8000005,
0x38000004, 0x30000004, 0x20000004, 0x58000004,
0x48000004, 0x60000004, 0x10000004, 0x50000004,
0x08000004, 0x40000004, 0x00000004, 0x70000004,
0x78000004, 0x68000004, 0x18000004, 0x28000004,
0x38000007, 0x30000007, 0x20000007, 0x58000007,
0x48000007, 0x60000007, 0x10000007, 0x50000007,
0x08000007, 0x40000007, 0x00000007, 0x70000007,
0x78000007, 0x68000007, 0x18000007, 0x28000007,
0x38000006, 0x30000006, 0x20000006, 0x58000006,
0x48000006, 0x60000006, 0x10000006, 0x50000006,
0x08000006, 0x40000006, 0x00000006, 0x70000006,
0x78000006, 0x68000006, 0x18000006, 0x28000006,
0xb8000001, 0xb0000001, 0xa0000001, 0xd8000001,
0xc8000001, 0xe0000001, 0x90000001, 0xd0000001,
0x88000001, 0xc0000001, 0x80000001, 0xf0000001,
0xf8000001, 0xe8000001, 0x98000001, 0xa8000001,
}, { /* 3 */
0x000000e8, 0x000000f0, 0x000000a0, 0x00000088,
0x000000b8, 0x00000080, 0x000000a8, 0x000000d0,
0x00000098, 0x000000e0, 0x000000c0, 0x000000f8,
0x000000b0, 0x00000090, 0x000000c8, 0x000000d8,
0x000001e8, 0x000001f0, 0x000001a0, 0x00000188,
0x000001b8, 0x00000180, 0x000001a8, 0x000001d0,
0x00000198, 0x000001e0, 0x000001c0, 0x000001f8,
0x000001b0, 0x00000190, 0x000001c8, 0x000001d8,
0x00000568, 0x00000570, 0x00000520, 0x00000508,
0x00000538, 0x00000500, 0x00000528, 0x00000550,
0x00000518, 0x00000560, 0x00000540, 0x00000578,
0x00000530, 0x00000510, 0x00000548, 0x00000558,
0x000004e8, 0x000004f0, 0x000004a0, 0x00000488,
0x000004b8, 0x00000480, 0x000004a8, 0x000004d0,
0x00000498, 0x000004e0, 0x000004c0, 0x000004f8,
0x000004b0, 0x00000490, 0x000004c8, 0x000004d8,
0x000002e8, 0x000002f0, 0x000002a0, 0x00000288,
0x000002b8, 0x00000280, 0x000002a8, 0x000002d0,
0x00000298, 0x000002e0, 0x000002c0, 0x000002f8,
0x000002b0, 0x00000290, 0x000002c8, 0x000002d8,
0x000005e8, 0x000005f0, 0x000005a0, 0x00000588,
0x000005b8, 0x00000580, 0x000005a8, 0x000005d0,
0x00000598, 0x000005e0, 0x000005c0, 0x000005f8,
0x000005b0, 0x00000590, 0x000005c8, 0x000005d8,
0x00000268, 0x00000270, 0x00000220, 0x00000208,
0x00000238, 0x00000200, 0x00000228, 0x00000250,
0x00000218, 0x00000260, 0x00000240, 0x00000278,
0x00000230, 0x00000210, 0x00000248, 0x00000258,
0x000007e8, 0x000007f0, 0x000007a0, 0x00000788,
0x000007b8, 0x00000780, 0x000007a8, 0x000007d0,
0x00000798, 0x000007e0, 0x000007c0, 0x000007f8,
0x000007b0, 0x00000790, 0x000007c8, 0x000007d8,
0x00000468, 0x00000470, 0x00000420, 0x00000408,
0x00000438, 0x00000400, 0x00000428, 0x00000450,
0x00000418, 0x00000460, 0x00000440, 0x00000478,
0x00000430, 0x00000410, 0x00000448, 0x00000458,
0x00000368, 0x00000370, 0x00000320, 0x00000308,
0x00000338, 0x00000300, 0x00000328, 0x00000350,
0x00000318, 0x00000360, 0x00000340, 0x00000378,
0x00000330, 0x00000310, 0x00000348, 0x00000358,
0x000003e8, 0x000003f0, 0x000003a0, 0x00000388,
0x000003b8, 0x00000380, 0x000003a8, 0x000003d0,
0x00000398, 0x000003e0, 0x000003c0, 0x000003f8,
0x000003b0, 0x00000390, 0x000003c8, 0x000003d8,
0x00000768, 0x00000770, 0x00000720, 0x00000708,
0x00000738, 0x00000700, 0x00000728, 0x00000750,
0x00000718, 0x00000760, 0x00000740, 0x00000778,
0x00000730, 0x00000710, 0x00000748, 0x00000758,
0x000006e8, 0x000006f0, 0x000006a0, 0x00000688,
0x000006b8, 0x00000680, 0x000006a8, 0x000006d0,
0x00000698, 0x000006e0, 0x000006c0, 0x000006f8,
0x000006b0, 0x00000690, 0x000006c8, 0x000006d8,
0x00000068, 0x00000070, 0x00000020, 0x00000008,
0x00000038, 0x00000000, 0x00000028, 0x00000050,
0x00000018, 0x00000060, 0x00000040, 0x00000078,
0x00000030, 0x00000010, 0x00000048, 0x00000058,
0x00000168, 0x00000170, 0x00000120, 0x00000108,
0x00000138, 0x00000100, 0x00000128, 0x00000150,
0x00000118, 0x00000160, 0x00000140, 0x00000178,
0x00000130, 0x00000110, 0x00000148, 0x00000158,
0x00000668, 0x00000670, 0x00000620, 0x00000608,
0x00000638, 0x00000600, 0x00000628, 0x00000650,
0x00000618, 0x00000660, 0x00000640, 0x00000678,
0x00000630, 0x00000610, 0x00000648, 0x00000658,
* A macro that performs a full encryption round of GOST 28147-89.
......@@ -41,6 +41,7 @@ extern "C" {
#define gost28147_param_test_3411 nettle_gost28147_param_test_3411
#define gost28147_param_CryptoPro_3411 nettle_gost28147_param_CryptoPro_3411
struct gost28147_param
......@@ -48,6 +49,7 @@ struct gost28147_param
extern const struct gost28147_param gost28147_param_test_3411;
extern const struct gost28147_param gost28147_param_CryptoPro_3411;
#ifdef __cplusplus
......@@ -39,3 +39,6 @@
const struct nettle_hash nettle_gosthash94
= _NETTLE_HASH(gosthash94, GOSTHASH94);
const struct nettle_hash nettle_gosthash94cp
= _NETTLE_HASH(gosthash94cp, GOSTHASH94CP);
......@@ -5,6 +5,7 @@
* See also RFC 4357.
* Copyright: 2009-2012 Aleksey Kravchenko <>
* Copyright: 2019 Dmitry Eremin-Solenikov <>
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the
......@@ -62,7 +63,8 @@ gosthash94_init (struct gosthash94_ctx *ctx)
* @param block the message block to process
static void
gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block)
gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block,
const uint32_t sbox[4][256])
unsigned i;
uint32_t key[8], u[8], v[8], w[8], s[8];
......@@ -107,7 +109,7 @@ gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block)
((w[5] & 0xff000000) >> 8) | (w[7] & 0xff000000);
/* encryption: s_i := E_{key_i} (h_i) */
_gost28147_encrypt_block (key, gost28147_param_test_3411.sbox, &ctx->hash[i], &s[i]);
_gost28147_encrypt_block (key, sbox, &ctx->hash[i], &s[i]);
if (i == 0)
......@@ -262,7 +264,8 @@ gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block)
* @param block the 256-bit message block to process
static void
gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block)
gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block,
const uint32_t sbox[4][256])
uint32_t block_le[8];
unsigned i, carry;
......@@ -278,7 +281,7 @@ gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block)
/* update message hash */
gost_block_compress (ctx, block_le);
gost_block_compress (ctx, block_le, sbox);
......@@ -289,9 +292,10 @@ gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block)
* @param msg message chunk
* @param size length of the message chunk
gosthash94_update (struct gosthash94_ctx *ctx,
size_t length, const uint8_t *msg)
static void
gosthash94_update_int (struct gosthash94_ctx *ctx,
size_t length, const uint8_t *msg,
const uint32_t sbox[4][256])
unsigned index = (unsigned) ctx->length & 31;
ctx->length += length;
......@@ -305,13 +309,13 @@ gosthash94_update (struct gosthash94_ctx *ctx,
/* process partial block */
gost_compute_sum_and_hash (ctx, ctx->message);
gost_compute_sum_and_hash (ctx, ctx->message, sbox);
msg += left;
length -= left;
while (length >= GOSTHASH94_BLOCK_SIZE)
gost_compute_sum_and_hash (ctx, msg);
gost_compute_sum_and_hash (ctx, msg, sbox);
......@@ -322,15 +326,48 @@ gosthash94_update (struct gosthash94_ctx *ctx,
* Calculate message hash.
* Can be called repeatedly with chunks of the message to be hashed.
* @param ctx the algorithm context containing current hashing state
* @param msg message chunk
* @param size length of the message chunk
gosthash94_update (struct gosthash94_ctx *ctx,
size_t length, const uint8_t *msg)
gosthash94_update_int (ctx, length, msg,
* Calculate message hash.
* Can be called repeatedly with chunks of the message to be hashed.
* @param ctx the algorithm context containing current hashing state
* @param msg message chunk
* @param size length of the message chunk
gosthash94cp_update (struct gosthash94_ctx *ctx,
size_t length, const uint8_t *msg)
gosthash94_update_int (ctx, length, msg,
* Finish hashing and store message digest into given array.
* @param ctx the algorithm context containing current hashing state
* @param result calculated hash in binary form
gosthash94_digest (struct gosthash94_ctx *ctx,
size_t length, uint8_t *result)
static void
gosthash94_write_digest (struct gosthash94_ctx *ctx,
size_t length, uint8_t *result,
const uint32_t sbox[4][256])
unsigned index = ctx->length & 31;
uint32_t msg32[8];
......@@ -341,7 +378,7 @@ gosthash94_digest (struct gosthash94_ctx *ctx,
if (index > 0)
memset (ctx->message + index, 0, 32 - index);
gost_compute_sum_and_hash (ctx, ctx->message);
gost_compute_sum_and_hash (ctx, ctx->message, sbox);
/* hash the message length and the sum */
......@@ -349,10 +386,26 @@ gosthash94_digest (struct gosthash94_ctx *ctx,
msg32[1] = ctx->length >> 29;
memset (msg32 + 2, 0, sizeof (uint32_t) * 6);
gost_block_compress (ctx, msg32);
gost_block_compress (ctx, ctx->sum);
gost_block_compress (ctx, msg32, sbox);
gost_block_compress (ctx, ctx->sum, sbox);
/* convert hash state to result bytes */
_nettle_write_le32(length, result, ctx->hash);
gosthash94_init (ctx);
gosthash94_digest (struct gosthash94_ctx *ctx,
size_t length, uint8_t *result)
gosthash94_write_digest (ctx, length, result,
gosthash94cp_digest (struct gosthash94_ctx *ctx,
size_t length, uint8_t *result)
gosthash94_write_digest (ctx, length, result,
......@@ -72,11 +72,17 @@ extern "C" {
#define gosthash94_update nettle_gosthash94_update
#define gosthash94_digest nettle_gosthash94_digest
#define gosthash94cp_update nettle_gosthash94cp_update
#define gosthash94cp_digest nettle_gosthash94cp_digest
/* For backwards compatibility */
struct gosthash94_ctx
uint32_t hash[8]; /* algorithm 256-bit state */
......@@ -84,6 +90,7 @@ struct gosthash94_ctx
uint64_t length; /* number of processed bytes */
uint8_t message[GOSTHASH94_BLOCK_SIZE]; /* 256-bit buffer for leftovers */
#define gosthash94cp_ctx gosthash94_ctx
void gosthash94_init(struct gosthash94_ctx *ctx);
void gosthash94_update(struct gosthash94_ctx *ctx,
......@@ -91,6 +98,12 @@ void gosthash94_update(struct gosthash94_ctx *ctx,
void gosthash94_digest(struct gosthash94_ctx *ctx,
size_t length, uint8_t *result);
#define gosthash94cp_init gosthash94_init
void gosthash94cp_update(struct gosthash94_ctx *ctx,
size_t length, const uint8_t *msg);
void gosthash94cp_digest(struct gosthash94_ctx *ctx,
size_t length, uint8_t *result);
#ifdef __cplusplus
......@@ -130,6 +130,7 @@ extern const struct nettle_hash nettle_md2;
extern const struct nettle_hash nettle_md4;
extern const struct nettle_hash nettle_md5;
extern const struct nettle_hash nettle_gosthash94;
extern const struct nettle_hash nettle_gosthash94cp;
extern const struct nettle_hash nettle_ripemd160;
extern const struct nettle_hash nettle_sha1;
extern const struct nettle_hash nettle_sha224;
......@@ -1039,12 +1039,17 @@ This function also resets the context in the same way as
@end deftypefun
@subsubsection @acronym{GOSTHASH94}
@subsubsection @acronym{GOSTHASH94 and GOSTHASH94CP}
The GOST94 or GOST R 34.11-94 hash algorithm is a Soviet-era algorithm
used in Russian government standards (see @cite{RFC 4357}).
It outputs message digests of 256 bits, or 32 octets.
Nettle defines GOSTHASH94 in @file{<nettle/gosthash94.h>}.
It outputs message digests of 256 bits, or 32 octets. The standard itself
does not fix the S-box used by the hash algorith, so there are two popular
variants (the testing S-box from the standard itself and the S-box defined
by CryptoPro company, see RFC 4357). Nettle provides support for the former
S-box in the form of GOSTHASH94 hash algorithm and for the latter in the
form of GOSTHASH94CP hash algorithm.
Nettle defines GOSTHASH94 and GOSTHASH94CP in @file{<nettle/gosthash94.h>}.
@deftp {Context struct} {struct gosthash94_ctx}
@end deftp
......@@ -1075,6 +1080,35 @@ This function also resets the context in the same way as
@end deftypefun
@deftp {Context struct} {struct gosthash94cp_ctx}
@end deftp
The size of a GOSTHASH94CP digest, i.e. 32.
@end defvr
The internal block size of GOSTHASH94CP, i.e., 32.
@end defvr
@deftypefun void gosthash94cp_init (struct gosthash94cp_ctx *@var{ctx})
Initialize the GOSTHASH94CP state.
@end deftypefun
@deftypefun void gosthash94cp_update (struct gosthash94cp_ctx *@var{ctx}, size_t @var{length}, const uint8_t *@var{data})
Hash some more data.
@end deftypefun
@deftypefun void gosthash94cp_digest (struct gosthash94cp_ctx *@var{ctx}, size_t @var{length}, uint8_t *@var{digest})
Performs final processing and extracts the message digest, writing it
to @var{digest}. @var{length} may be smaller than
@code{GOSTHASH94CP_DIGEST_SIZE}, in which case only the first @var{length}
octets of the digest are written.
This function also resets the context in the same way as
@end deftypefun
@node nettle_hash abstraction,, Legacy hash functions, Hash functions
@comment node-name, next, previous, up
@subsection The @code{struct nettle_hash} abstraction
......@@ -1104,6 +1138,7 @@ The last three attributes are function pointers, of types
@deftypevrx {Constant Struct} {struct nettle_hash} nettle_sha512
@deftypevrx {Constant Struct} {struct nettle_hash} nettle_sha3_256
@deftypevrx {Constant Struct} {struct nettle_hash} nettle_gosthash94
@deftypevrx {Constant Struct} {struct nettle_hash} nettle_gosthash94cp
These are all the hash functions that Nettle implements.
@end deftypevr
......@@ -17,4 +17,16 @@ test_main(void)
test_hash(&nettle_gosthash94, SDATA(""),
test_hash(&nettle_gosthash94cp, SDATA("The quick brown fox jumps over the lazy dog"),
test_hash(&nettle_gosthash94cp, SDATA("message digest"),
test_hash(&nettle_gosthash94cp, SDATA("a"),
test_hash(&nettle_gosthash94cp, SDATA(""),
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment