This was obsolete in 2001. This is not the same as Gost94 digest.
Thanks to Dmitry Belyavsky <beldmit@gmail.com> for review and advice.
Reviewed-by: Matt Caswell <matt@openssl.org>
{"ECDSA sign", TLS_CT_ECDSA_SIGN},
{"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH},
{"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH},
- {"GOST94 Sign", TLS_CT_GOST94_SIGN},
{"GOST01 Sign", TLS_CT_GOST01_SIGN},
{NULL}
};
case EVP_PKEY_DH:
ret = EVP_PK_DH | EVP_PKT_EXCH;
break;
- case NID_id_GostR3410_94:
case NID_id_GostR3410_2001:
ret = EVP_PKT_EXCH | EVP_PKT_SIGN;
break;
cipher suites using GOST R 34.10-2001 authentication.
-=item B<aGOST94>
-
-cipher suites using GOST R 34.10-94 authentication (note that R 34.10-94
-standard has been expired so use GOST R 34.10-2001)
-
=item B<kGOST>
cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.
CFLAGS= $(INCLUDES) $(CFLAG)
LIB=$(TOP)/libcrypto.a
-LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost94_keyx.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c gost_sign.c
+LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_pmeth.c gost_params.c
-LIBOBJ= e_gost_err.o gost2001_keyx.o gost2001.o gost89.o gost94_keyx.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_params.o gost_pmeth.o gost_sign.o
+LIBOBJ= e_gost_err.o gost2001_keyx.o gost2001.o gost89.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_pmeth.o gost_params.o
SRC=$(LIBSRC)
gost2001.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
gost2001.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
gost2001.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-gost2001.o: e_gost_err.h gost2001.c gost89.h gost_lcl.h gost_params.h
-gost2001.o: gosthash.h
+gost2001.o: e_gost_err.h gost2001.c gost89.h gost_lcl.h gosthash.h
gost2001_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost2001_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost2001_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost2001_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost2001_keyx.c
gost2001_keyx.o: gost2001_keyx.h gost89.h gost_keywrap.h gost_lcl.h gosthash.h
gost89.o: gost89.c gost89.h
-gost94_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost94_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost94_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost94_keyx.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-gost94_keyx.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-gost94_keyx.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-gost94_keyx.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-gost94_keyx.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-gost94_keyx.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-gost94_keyx.o: ../../include/openssl/opensslconf.h
-gost94_keyx.o: ../../include/openssl/opensslv.h
-gost94_keyx.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-gost94_keyx.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-gost94_keyx.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-gost94_keyx.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-gost94_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h
-gost94_keyx.o: gost94_keyx.c gost_keywrap.h gost_lcl.h gosthash.h
gost_ameth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
gost_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
gost_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost_ameth.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h
-gost_ameth.o: gost_ameth.c gost_lcl.h gost_params.h gosthash.h
+gost_ameth.o: gost_ameth.c gost_lcl.h gosthash.h
gost_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
gost_md.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
gost_md.o: e_gost_err.h gost89.h gost_lcl.h gost_md.c gosthash.h
-gost_params.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-gost_params.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+gost_params.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+gost_params.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+gost_params.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+gost_params.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+gost_params.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+gost_params.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+gost_params.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
gost_params.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost_params.o: ../../include/openssl/opensslconf.h
gost_params.o: ../../include/openssl/opensslv.h
-gost_params.o: ../../include/openssl/ossl_typ.h
-gost_params.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-gost_params.o: ../../include/openssl/symhacks.h gost_params.c gost_params.h
+gost_params.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+gost_params.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+gost_params.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+gost_params.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+gost_params.o: gost89.h gost_lcl.h gost_params.c gosthash.h
gost_pmeth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
gost_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
gost_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-gost_pmeth.o: e_gost_err.h gost89.h gost_lcl.h gost_params.h gost_pmeth.c
-gost_pmeth.o: gosthash.h
-gost_sign.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-gost_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-gost_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-gost_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-gost_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-gost_sign.o: ../../include/openssl/objects.h
-gost_sign.o: ../../include/openssl/opensslconf.h
-gost_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-gost_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-gost_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-gost_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-gost_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-gost_sign.o: e_gost_err.h gost89.h gost_lcl.h gost_params.h gost_sign.c
-gost_sign.o: gosthash.h
+gost_pmeth.o: e_gost_err.h gost89.h gost_lcl.h gost_pmeth.c gosthash.h
gosthash.o: gost89.h gosthash.c gosthash.h
{ERR_FUNC(GOST_F_DECODE_GOST_ALGOR_PARAMS), "DECODE_GOST_ALGOR_PARAMS"},
{ERR_FUNC(GOST_F_ENCODE_GOST_ALGOR_PARAMS), "ENCODE_GOST_ALGOR_PARAMS"},
{ERR_FUNC(GOST_F_FILL_GOST2001_PARAMS), "FILL_GOST2001_PARAMS"},
- {ERR_FUNC(GOST_F_FILL_GOST94_PARAMS), "FILL_GOST94_PARAMS"},
{ERR_FUNC(GOST_F_GET_ENCRYPTION_PARAMS), "GET_ENCRYPTION_PARAMS"},
{ERR_FUNC(GOST_F_GOST2001_COMPUTE_PUBLIC), "GOST2001_COMPUTE_PUBLIC"},
{ERR_FUNC(GOST_F_GOST2001_DO_SIGN), "GOST2001_DO_SIGN"},
"GOST89_GET_ASN1_PARAMETERS"},
{ERR_FUNC(GOST_F_GOST89_SET_ASN1_PARAMETERS),
"GOST89_SET_ASN1_PARAMETERS"},
- {ERR_FUNC(GOST_F_GOST94_COMPUTE_PUBLIC), "GOST94_COMPUTE_PUBLIC"},
{ERR_FUNC(GOST_F_GOST_CIPHER_CTL), "GOST_CIPHER_CTL"},
- {ERR_FUNC(GOST_F_GOST_DO_SIGN), "GOST_DO_SIGN"},
- {ERR_FUNC(GOST_F_GOST_DO_VERIFY), "GOST_DO_VERIFY"},
{ERR_FUNC(GOST_F_GOST_IMIT_CTRL), "GOST_IMIT_CTRL"},
{ERR_FUNC(GOST_F_GOST_IMIT_FINAL), "GOST_IMIT_FINAL"},
{ERR_FUNC(GOST_F_GOST_IMIT_UPDATE), "GOST_IMIT_UPDATE"},
- {ERR_FUNC(GOST_F_GOST_SIGN_KEYGEN), "GOST_SIGN_KEYGEN"},
{ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"},
- {ERR_FUNC(GOST_F_PARAM_COPY_GOST94), "PARAM_COPY_GOST94"},
{ERR_FUNC(GOST_F_PKEY_GOST01CP_DECRYPT), "PKEY_GOST01CP_DECRYPT"},
{ERR_FUNC(GOST_F_PKEY_GOST01CP_ENCRYPT), "PKEY_GOST01CP_ENCRYPT"},
- {ERR_FUNC(GOST_F_PKEY_GOST01CP_KEYGEN), "PKEY_GOST01CP_KEYGEN"},
{ERR_FUNC(GOST_F_PKEY_GOST01_PARAMGEN), "PKEY_GOST01_PARAMGEN"},
{ERR_FUNC(GOST_F_PKEY_GOST2001_DERIVE), "PKEY_GOST2001_DERIVE"},
- {ERR_FUNC(GOST_F_PKEY_GOST94CP_DECRYPT), "PKEY_GOST94CP_DECRYPT"},
- {ERR_FUNC(GOST_F_PKEY_GOST94CP_ENCRYPT), "PKEY_GOST94CP_ENCRYPT"},
- {ERR_FUNC(GOST_F_PKEY_GOST94CP_KEYGEN), "PKEY_GOST94CP_KEYGEN"},
- {ERR_FUNC(GOST_F_PKEY_GOST94_PARAMGEN), "PKEY_GOST94_PARAMGEN"},
{ERR_FUNC(GOST_F_PKEY_GOST_CTRL), "PKEY_GOST_CTRL"},
{ERR_FUNC(GOST_F_PKEY_GOST_CTRL01_STR), "PKEY_GOST_CTRL01_STR"},
- {ERR_FUNC(GOST_F_PKEY_GOST_CTRL94_STR), "PKEY_GOST_CTRL94_STR"},
{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL), "PKEY_GOST_MAC_CTRL"},
{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL_STR), "PKEY_GOST_MAC_CTRL_STR"},
{ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN), "PKEY_GOST_MAC_KEYGEN"},
{ERR_FUNC(GOST_F_PRINT_GOST_01), "PRINT_GOST_01"},
{ERR_FUNC(GOST_F_PRIV_DECODE_GOST), "PRIV_DECODE_GOST"},
{ERR_FUNC(GOST_F_PUB_DECODE_GOST01), "PUB_DECODE_GOST01"},
- {ERR_FUNC(GOST_F_PUB_DECODE_GOST94), "PUB_DECODE_GOST94"},
{ERR_FUNC(GOST_F_PUB_ENCODE_GOST01), "PUB_ENCODE_GOST01"},
- {ERR_FUNC(GOST_F_UNPACK_CC_SIGNATURE), "UNPACK_CC_SIGNATURE"},
{ERR_FUNC(GOST_F_UNPACK_CP_SIGNATURE), "UNPACK_CP_SIGNATURE"},
{0, NULL}
};
{ERR_REASON(GOST_R_CTRL_CALL_FAILED), "ctrl call failed"},
{ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),
"error computing shared key"},
- {ERR_REASON(GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO),
- "error packing key transport info"},
{ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),
"error parsing key transport info"},
{ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS), "incompatible algorithms"},
{ERR_REASON(GOST_R_INVALID_CIPHER_PARAMS), "invalid cipher params"},
{ERR_REASON(GOST_R_INVALID_CIPHER_PARAM_OID), "invalid cipher param oid"},
{ERR_REASON(GOST_R_INVALID_DIGEST_TYPE), "invalid digest type"},
- {ERR_REASON(GOST_R_INVALID_GOST94_PARMSET), "invalid gost94 parmset"},
{ERR_REASON(GOST_R_INVALID_IV_LENGTH), "invalid iv length"},
{ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH), "invalid mac key length"},
{ERR_REASON(GOST_R_INVALID_PARAMSET), "invalid paramset"},
- {ERR_REASON(GOST_R_KEY_IS_NOT_INITALIZED), "key is not initalized"},
{ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED), "key is not initialized"},
{ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING), "key parameters missing"},
{ERR_REASON(GOST_R_MAC_KEY_NOT_SET), "mac key not set"},
* Requires OpenSSL 0.9.9 for compilation *
**********************************************************************/
#include "gost_lcl.h"
-#include "gost_params.h"
#include <string.h>
#include <openssl/rand.h>
#include <openssl/ecdsa.h>
+++ /dev/null
-/**********************************************************************
- * gost94_keyx.c *
- * Copyright (c) 2005-2006 Cryptocom LTD *
- * This file is distributed under the same license as OpenSSL *
- * *
- * Implements generation and parsing of GOST_KEY_TRANSPORT for *
- * GOST R 34.10-94 algorithms *
- * *
- * Requires OpenSSL 0.9.9 for compilation *
- **********************************************************************/
-#include <string.h>
-#include <openssl/dh.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-#include "gost89.h"
-#include "gosthash.h"
-#include "e_gost_err.h"
-#include "gost_keywrap.h"
-#include "gost_lcl.h"
-/* Common functions for both 94 and 2001 key exchange schemes */
-/*
- * Implementation of the Diffi-Hellman key agreement scheme based on GOST-94
- * keys
- */
-
-/*
- * Computes Diffie-Hellman key and stores it into buffer in little-endian
- * byte order as expected by both versions of GOST 94 algorithm
- */
-static int compute_pair_key_le(unsigned char *pair_key, BIGNUM *pub_key,
- DH *dh)
-{
- unsigned char be_key[128];
- int i, key_size;
- key_size = DH_compute_key(be_key, pub_key, dh);
- if (!key_size)
- return 0;
- memset(pair_key, 0, 128);
- for (i = 0; i < key_size; i++) {
- pair_key[i] = be_key[key_size - 1 - i];
- }
- return key_size;
-}
-
-/*
- * Computes 256 bit Key exchange key as specified in RFC 4357
- */
-static int make_cp_exchange_key(BIGNUM *priv_key, EVP_PKEY *pubk,
- unsigned char *shared_key)
-{
- unsigned char dh_key[128];
- int ret;
- gost_hash_ctx hash_ctx;
- DH *dh = DH_new();
-
- if (!dh)
- return 0;
- memset(dh_key, 0, 128);
- dh->g = BN_dup(pubk->pkey.dsa->g);
- dh->p = BN_dup(pubk->pkey.dsa->p);
- dh->priv_key = BN_dup(priv_key);
- ret =
- compute_pair_key_le(dh_key, ((DSA *)(EVP_PKEY_get0(pubk)))->pub_key,
- dh);
- DH_free(dh);
- if (!ret)
- return 0;
- init_gost_hash_ctx(&hash_ctx, &GostR3411_94_CryptoProParamSet);
- start_hash(&hash_ctx);
- hash_block(&hash_ctx, dh_key, 128);
- finish_hash(&hash_ctx, shared_key);
- done_gost_hash_ctx(&hash_ctx);
- return 1;
-}
-
-/* EVP_PKEY_METHOD callback derive. Implements VKO R 34.10-94 */
-
-int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
-{
- EVP_PKEY *pubk = EVP_PKEY_CTX_get0_peerkey(ctx);
- EVP_PKEY *mykey = EVP_PKEY_CTX_get0_pkey(ctx);
- *keylen = 32;
- if (key == NULL)
- return 1;
-
- return make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, key);
-}
-
-/*
- * EVP_PKEY_METHOD callback encrypt for GOST R 34.10-94 cryptopro
- * modification
- */
-
-int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
- size_t *outlen, const unsigned char *key,
- size_t key_len)
-{
- GOST_KEY_TRANSPORT *gkt = NULL;
- unsigned char shared_key[32], ukm[8], crypted_key[44];
- const struct gost_cipher_info *param = get_encryption_params(NULL);
- EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(ctx);
- struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
- gost_ctx cctx;
- int key_is_ephemeral = 1;
- int tmp_outlen;
- EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx);
-
- /* Do not use vizir cipher parameters with cryptopro */
- if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS)
- && param == gost_cipher_list) {
- param = gost_cipher_list + 1;
- }
-
- if (mykey) {
- /* If key already set, it is not ephemeral */
- key_is_ephemeral = 0;
- if (!gost_get0_priv_key(mykey)) {
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
- GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
- goto err;
- }
- } else {
- /* Otherwise generate ephemeral key */
- key_is_ephemeral = 1;
- if (out) {
- mykey = EVP_PKEY_new();
- EVP_PKEY_assign(mykey, EVP_PKEY_base_id(pubk), DSA_new());
- EVP_PKEY_copy_parameters(mykey, pubk);
- if (!gost_sign_keygen(EVP_PKEY_get0(mykey))) {
- goto err;
- }
- }
- }
- if (out)
- make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, shared_key);
- if (data->shared_ukm) {
- memcpy(ukm, data->shared_ukm, 8);
- } else if (out) {
- if (RAND_bytes(ukm, 8) <= 0) {
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
- GOST_R_RANDOM_GENERATOR_FAILURE);
- goto err;
- }
- }
-
- if (out) {
- gost_init(&cctx, param->sblock);
- keyWrapCryptoPro(&cctx, shared_key, ukm, key, crypted_key);
- }
- gkt = GOST_KEY_TRANSPORT_new();
- if (!gkt) {
- goto memerr;
- }
- if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) {
- goto memerr;
- }
- if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) {
- goto memerr;
- }
- if (!ASN1_OCTET_STRING_set
- (gkt->key_info->encrypted_key, crypted_key + 8, 32)) {
- goto memerr;
- }
- if (key_is_ephemeral) {
- if (!X509_PUBKEY_set
- (&gkt->key_agreement_info->ephem_key, out ? mykey : pubk)) {
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
- GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
- goto err;
- }
- if (out)
- EVP_PKEY_free(mykey);
- }
- ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
- gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
- tmp_outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL);
- if (tmp_outlen <= 0) {
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
- GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO);
- goto err;
- }
- *outlen = tmp_outlen;
- if (!key_is_ephemeral) {
- /* Set control "public key from client certificate used" */
- if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <=
- 0) {
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_CTRL_CALL_FAILED);
- goto err;
- }
- }
- GOST_KEY_TRANSPORT_free(gkt);
- return 1;
- memerr:
- if (key_is_ephemeral) {
- EVP_PKEY_free(mykey);
- }
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, ERR_R_MALLOC_FAILURE);
- err:
- GOST_KEY_TRANSPORT_free(gkt);
- return -1;
-}
-
-/*
- * EVP_PLEY_METHOD callback decrypt for GOST R 34.10-94 cryptopro
- * modification
- */
-int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key,
- size_t *key_len, const unsigned char *in,
- size_t in_len)
-{
- const unsigned char *p = in;
- GOST_KEY_TRANSPORT *gkt = NULL;
- unsigned char wrappedKey[44];
- unsigned char sharedKey[32];
- gost_ctx cctx;
- const struct gost_cipher_info *param = NULL;
- EVP_PKEY *eph_key = NULL, *peerkey = NULL;
- EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(ctx);
-
- if (!key) {
- *key_len = 32;
- return 1;
- }
-
- gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
- if (!gkt) {
- GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
- GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
- return 0;
- }
- eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
- if (eph_key) {
- if (EVP_PKEY_derive_set_peer(ctx, eph_key) <= 0) {
- GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
- GOST_R_INCOMPATIBLE_PEER_KEY);
- goto err;
- }
- } else {
- /* Set control "public key from client certificate used" */
- if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <=
- 0) {
- GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_CTRL_CALL_FAILED);
- goto err;
- }
- }
- peerkey = EVP_PKEY_CTX_get0_peerkey(ctx);
- if (!peerkey) {
- GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_NO_PEER_KEY);
- goto err;
- }
-
- param = get_encryption_params(gkt->key_agreement_info->cipher);
- if (!param) {
- goto err;
- }
-
- gost_init(&cctx, param->sblock);
- OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8);
- memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
- OPENSSL_assert(gkt->key_info->encrypted_key->length == 32);
- memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
- OPENSSL_assert(gkt->key_info->imit->length == 4);
- memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
- make_cp_exchange_key(gost_get0_priv_key(priv), peerkey, sharedKey);
- if (!keyUnwrapCryptoPro(&cctx, sharedKey, wrappedKey, key)) {
- GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
- GOST_R_ERROR_COMPUTING_SHARED_KEY);
- goto err;
- }
-
- EVP_PKEY_free(eph_key);
- GOST_KEY_TRANSPORT_free(gkt);
- return 1;
- err:
- EVP_PKEY_free(eph_key);
- GOST_KEY_TRANSPORT_free(gkt);
- return -1;
-}
#ifndef OPENSSL_NO_CMS
# include <openssl/cms.h>
#endif
-#include "gost_params.h"
#include "gost_lcl.h"
#include "e_gost_err.h"
-int gost94_nid_by_params(DSA *p)
+
+/* Convert little-endian byte array into bignum */
+BIGNUM *hashsum2bn(const unsigned char *dgst)
{
- R3410_params *gost_params;
- BIGNUM *q = BN_new();
- for (gost_params = R3410_paramset; gost_params->q != NULL; gost_params++) {
- BN_dec2bn(&q, gost_params->q);
- if (!BN_cmp(q, p->q)) {
- BN_free(q);
- return gost_params->nid;
- }
- }
- BN_free(q);
- return NID_undef;
+ unsigned char buf[32];
+
+ BUF_reverse(buf, (unsigned char*)dgst, 32);
+ return BN_bin2bn(buf, 32, NULL);
+}
+
+/*
+ * Pack bignum into byte buffer of given size, filling all leading bytes by
+ * zeros
+ */
+int store_bignum(BIGNUM *bn, unsigned char *buf, int len)
+{
+ int bytes = BN_num_bytes(bn);
+
+ if (bytes > len)
+ return 0;
+ memset(buf, 0, len);
+ BN_bn2bin(bn, buf + len - bytes);
+ return 1;
}
static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key)
EC_GROUP_get_curve_name(EC_KEY_get0_group
(EVP_PKEY_get0((EVP_PKEY *)key)));
break;
- case NID_id_GostR3410_94:
- pkey_param_nid =
- (int)gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)key));
- if (pkey_param_nid == NID_undef) {
- GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,
- GOST_R_INVALID_GOST94_PARMSET);
- ASN1_STRING_free(params);
- params = NULL;
- goto err;
- }
- break;
}
gkp->key_params = OBJ_nid2obj(pkey_param_nid);
gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet);
return 0;
}
switch (pkey_nid) {
- case NID_id_GostR3410_94:
- {
- DSA *dsa = EVP_PKEY_get0(pkey);
- if (!dsa) {
- dsa = DSA_new();
- if (!EVP_PKEY_assign(pkey, pkey_nid, dsa))
- return 0;
- }
- if (!fill_GOST94_params(dsa, param_nid))
- return 0;
- break;
- }
case NID_id_GostR3410_2001:
{
EC_KEY *ec = EVP_PKEY_get0(pkey);
static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv)
{
switch (EVP_PKEY_base_id(pkey)) {
- case NID_id_GostR3410_94:
- {
- DSA *dsa = EVP_PKEY_get0(pkey);
- if (!dsa) {
- dsa = DSA_new();
- EVP_PKEY_assign(pkey, EVP_PKEY_base_id(pkey), dsa);
- }
- dsa->priv_key = BN_dup(priv);
- if (!EVP_PKEY_missing_parameters(pkey))
- gost94_compute_public(dsa);
- break;
- }
case NID_id_GostR3410_2001:
{
EC_KEY *ec = EVP_PKEY_get0(pkey);
BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey)
{
switch (EVP_PKEY_base_id(pkey)) {
- case NID_id_GostR3410_94:
- {
- DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pkey);
- if (!dsa) {
- return NULL;
- }
- if (!dsa->priv_key)
- return NULL;
- return dsa->priv_key;
- }
case NID_id_GostR3410_2001:
{
EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
}
/* --------------------- free functions * ------------------------------*/
-static void pkey_free_gost94(EVP_PKEY *key)
-{
- DSA_free(key->pkey.dsa);
-}
-
static void pkey_free_gost01(EVP_PKEY *key)
{
EC_KEY_free(key->pkey.ec);
}
/* --------- printing keys --------------------------------*/
-static int print_gost_94(BIO *out, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx, int type)
-{
- int param_nid = NID_undef;
-
- if (type == 2) {
- BIGNUM *key;
-
- if (!BIO_indent(out, indent, 128))
- return 0;
- BIO_printf(out, "Private key: ");
- key = gost_get0_priv_key(pkey);
- if (!key)
- BIO_printf(out, "<undefined>");
- else
- BN_print(out, key);
- BIO_printf(out, "\n");
- }
- if (type >= 1) {
- BIGNUM *pubkey;
-
- pubkey = ((DSA *)EVP_PKEY_get0((EVP_PKEY *)pkey))->pub_key;
- BIO_indent(out, indent, 128);
- BIO_printf(out, "Public key: ");
- BN_print(out, pubkey);
- BIO_printf(out, "\n");
- }
-
- param_nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
- BIO_indent(out, indent, 128);
- BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
- return 1;
-}
-
-static int param_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx)
-{
- return print_gost_94(out, pkey, indent, pctx, 0);
-}
-
-static int pub_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx)
-{
- return print_gost_94(out, pkey, indent, pctx, 1);
-}
-
-static int priv_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx)
-{
- return print_gost_94(out, pkey, indent, pctx, 2);
-}
-
static int print_gost_01(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx, int type)
{
}
/* ---------------------------------------------------------------------*/
-static int param_missing_gost94(const EVP_PKEY *pk)
-{
- const DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
- if (!dsa)
- return 1;
- if (!dsa->q)
- return 1;
- return 0;
-}
-
static int param_missing_gost01(const EVP_PKEY *pk)
{
const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
return 0;
}
-static int param_copy_gost94(EVP_PKEY *to, const EVP_PKEY *from)
-{
- const DSA *dfrom = EVP_PKEY_get0((EVP_PKEY *)from);
- DSA *dto = EVP_PKEY_get0(to);
- if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
- GOSTerr(GOST_F_PARAM_COPY_GOST94, GOST_R_INCOMPATIBLE_ALGORITHMS);
- return 0;
- }
- if (!dfrom) {
- GOSTerr(GOST_F_PARAM_COPY_GOST94, GOST_R_KEY_PARAMETERS_MISSING);
- return 0;
- }
- if (!dto) {
- dto = DSA_new();
- EVP_PKEY_assign(to, EVP_PKEY_base_id(from), dto);
- }
- BN_free(dto->p);
- dto->p = BN_dup(dfrom->p);
- BN_free(dto->q);
- dto->q = BN_dup(dfrom->q);
- BN_free(dto->g);
- dto->g = BN_dup(dfrom->g);
-
- if (dto->priv_key)
- gost94_compute_public(dto);
- return 1;
-}
static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
{
return 1;
}
-static int param_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
-{
- const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
- const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
- if (!BN_cmp(da->q, db->q))
- return 1;
- return 0;
-}
-
static int param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
{
if (EC_GROUP_get_curve_name
}
/* ---------- Public key functions * --------------------------------------*/
-static int pub_decode_gost94(EVP_PKEY *pk, X509_PUBKEY *pub)
-{
- X509_ALGOR *palg = NULL;
- const unsigned char *pubkey_buf = NULL;
- unsigned char *databuf;
- ASN1_OBJECT *palgobj = NULL;
- int pub_len, i, j;
- DSA *dsa;
- ASN1_OCTET_STRING *octet = NULL;
-
- if (!X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub))
- return 0;
- EVP_PKEY_assign(pk, OBJ_obj2nid(palgobj), NULL);
- if (!decode_gost_algor_params(pk, palg))
- return 0;
- octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
- if (!octet) {
- GOSTerr(GOST_F_PUB_DECODE_GOST94, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- databuf = OPENSSL_malloc(octet->length);
- if (databuf == NULL) {
- GOSTerr(GOST_F_PUB_DECODE_GOST94, ERR_R_MALLOC_FAILURE);
- ASN1_OCTET_STRING_free(octet);
- return 0;
- }
- for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) {
- databuf[j] = octet->data[i];
- }
- dsa = EVP_PKEY_get0(pk);
- dsa->pub_key = BN_bin2bn(databuf, octet->length, NULL);
- ASN1_OCTET_STRING_free(octet);
- OPENSSL_free(databuf);
- return 1;
-
-}
-
-static int pub_encode_gost94(X509_PUBKEY *pub, const EVP_PKEY *pk)
-{
- ASN1_OBJECT *algobj = NULL;
- ASN1_OCTET_STRING *octet = NULL;
- void *pval = NULL;
- unsigned char *buf = NULL, *databuf, *sptr;
- int i, j, data_len, ret = 0;
-
- int ptype = V_ASN1_UNDEF;
- DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
- algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
- if (pk->save_parameters) {
- ASN1_STRING *params = encode_gost_algor_params(pk);
- pval = params;
- ptype = V_ASN1_SEQUENCE;
- }
- data_len = BN_num_bytes(dsa->pub_key);
- databuf = OPENSSL_malloc(data_len);
- if (databuf == NULL) {
- GOSTerr(GOST_F_PUB_ENCODE_GOST94, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- BN_bn2bin(dsa->pub_key, databuf);
- octet = ASN1_OCTET_STRING_new();
- if (octet == NULL) {
- GOSTerr(GOST_F_PUB_ENCODE_GOST94, ERR_R_MALLOC_FAILURE);
- OPENSSL_free(databuf);
- return 0;
- }
- ASN1_STRING_set(octet, NULL, data_len);
- sptr = ASN1_STRING_data(octet);
- for (i = 0, j = data_len - 1; i < data_len; i++, j--) {
- sptr[i] = databuf[j];
- }
- OPENSSL_free(databuf);
- ret = i2d_ASN1_OCTET_STRING(octet, &buf);
- ASN1_BIT_STRING_free(octet);
- if (ret < 0)
- return 0;
- return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
-}
static int pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
{
return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
}
-static int pub_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
-{
- const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
- const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
- if (da && db && da->pub_key && db->pub_key
- && !BN_cmp(da->pub_key, db->pub_key)) {
- return 1;
- }
- return 0;
-}
-
static int pub_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
{
const EC_KEY *ea = EVP_PKEY_get0((EVP_PKEY *)a);
return -2;
}
-static int gost94_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
-{
- int nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
- return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder);
-}
-
static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
{
int nid =
return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder);
}
-static int gost94_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
- int derlen)
-{
- ASN1_OBJECT *obj = NULL;
- DSA *dsa = EVP_PKEY_get0(pkey);
- int nid;
- if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
- return 0;
- }
- nid = OBJ_obj2nid(obj);
- ASN1_OBJECT_free(obj);
- if (!dsa) {
- dsa = DSA_new();
- if (!EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa))
- return 0;
- }
- if (!fill_GOST94_params(dsa, nid))
- return 0;
- return 1;
-}
-
static int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
int derlen)
{
if (!*ameth)
return 0;
switch (nid) {
- case NID_id_GostR3410_94:
- EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost94);
- EVP_PKEY_asn1_set_private(*ameth,
- priv_decode_gost, priv_encode_gost,
- priv_print_gost94);
-
- EVP_PKEY_asn1_set_param(*ameth,
- gost94_param_decode, gost94_param_encode,
- param_missing_gost94, param_copy_gost94,
- param_cmp_gost94, param_print_gost94);
- EVP_PKEY_asn1_set_public(*ameth,
- pub_decode_gost94, pub_encode_gost94,
- pub_cmp_gost94, pub_print_gost94,
- pkey_size_gost, pkey_bits_gost);
-
- EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
- break;
case NID_id_GostR3410_2001:
EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost01);
EVP_PKEY_asn1_set_private(*ameth,
ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
IMPLEMENT_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
+
+/* Convert byte buffer to bignum, skipping leading zeros*/
+BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len)
+{
+ BIGNUM *b;
+
+ while (*buf == 0 && len > 0) {
+ buf++;
+ len--;
+ }
+ if (len)
+ return BN_bin2bn(buf, len, NULL);
+ b = BN_new();
+ BN_zero(b);
+ return b;
+}
/*
* {NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0},
*/
- {NID_id_Gost28147_89_cc, &GostR3411_94_CryptoProParamSet, 0},
{NID_id_Gost28147_89_CryptoPro_A_ParamSet, &Gost28147_CryptoProParamSetA,
1},
{NID_id_Gost28147_89_CryptoPro_B_ParamSet, &Gost28147_CryptoProParamSetB,
static const char *engine_gost_name =
"Reference implementation of GOST engine";
+static int gost_pkey_meth_nids[] = {
+ NID_id_GostR3410_2001, NID_id_Gost28147_89_MAC, 0
+};
+
/* Symmetric cipher and digest function registrar */
static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
static int gost_digest_nids[] =
{ NID_id_GostR3411_94, NID_id_Gost28147_89_MAC, 0 };
-static int gost_pkey_meth_nids[] = { NID_id_GostR3410_94,
- NID_id_GostR3410_2001, NID_id_Gost28147_89_MAC, 0
-};
-
-static EVP_PKEY_METHOD *pmeth_GostR3410_94 = NULL,
- *pmeth_GostR3410_2001 = NULL, *pmeth_Gost28147_MAC = NULL;
+static EVP_PKEY_METHOD *pmeth_GostR3410_2001 = NULL;
+static EVP_PKEY_METHOD *pmeth_Gost28147_MAC = NULL;
-static EVP_PKEY_ASN1_METHOD *ameth_GostR3410_94 = NULL,
- *ameth_GostR3410_2001 = NULL, *ameth_Gost28147_MAC = NULL;
+static EVP_PKEY_ASN1_METHOD *ameth_GostR3410_2001 = NULL;
+static EVP_PKEY_ASN1_METHOD *ameth_Gost28147_MAC = NULL;
static int gost_engine_init(ENGINE *e)
{
{
gost_param_free();
- pmeth_GostR3410_94 = NULL;
pmeth_GostR3410_2001 = NULL;
pmeth_Gost28147_MAC = NULL;
- ameth_GostR3410_94 = NULL;
ameth_GostR3410_2001 = NULL;
ameth_Gost28147_MAC = NULL;
return 1;
int ret = 0;
if (id && strcmp(id, engine_gost_id))
return 0;
- if (ameth_GostR3410_94) {
+ if (ameth_GostR3410_2001) {
printf("GOST engine already loaded\n");
goto end;
}
goto end;
}
- if (!register_ameth_gost
- (NID_id_GostR3410_94, &ameth_GostR3410_94, "GOST94",
- "GOST R 34.10-94"))
- goto end;
if (!register_ameth_gost
(NID_id_GostR3410_2001, &ameth_GostR3410_2001, "GOST2001",
"GOST R 34.10-2001"))
"GOST-MAC", "GOST 28147-89 MAC"))
goto end;
- if (!register_pmeth_gost(NID_id_GostR3410_94, &pmeth_GostR3410_94, 0))
- goto end;
if (!register_pmeth_gost(NID_id_GostR3410_2001, &pmeth_GostR3410_2001, 0))
goto end;
- if (!register_pmeth_gost
- (NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0))
+ if (!register_pmeth_gost(NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0))
goto end;
if (!ENGINE_register_ciphers(e)
|| !ENGINE_register_digests(e)
{
if (!pmeth) {
*nids = gost_pkey_meth_nids;
- return 3;
+ return 2;
}
switch (nid) {
- case NID_id_GostR3410_94:
- *pmeth = pmeth_GostR3410_94;
- return 1;
case NID_id_GostR3410_2001:
*pmeth = pmeth_GostR3410_2001;
return 1;
{
if (!ameth) {
*nids = gost_pkey_meth_nids;
- return 3;
+ return 2;
}
switch (nid) {
- case NID_id_GostR3410_94:
- *ameth = ameth_GostR3410_94;
- return 1;
case NID_id_GostR3410_2001:
*ameth = ameth_GostR3410_2001;
return 1;
void ENGINE_load_gost(void)
{
ENGINE *toadd;
- if (pmeth_GostR3410_94)
+ if (pmeth_GostR3410_2001)
return;
toadd = engine_gost();
if (!toadd)
# define GOST_PARAM_MAX 0
# define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_CRYPT_PARAMS)
+typedef struct R3410_2001 {
+ int nid;
+ char *a;
+ char *b;
+ char *p;
+ char *q;
+ char *x;
+ char *y;
+} R3410_2001_params;
+
+extern R3410_2001_params R3410_2001_paramset[];
+
extern const ENGINE_CMD_DEFN gost_cmds[];
int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
const char *get_gost_engine_param(int param);
# define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3)
# define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4)
/* EVP_PKEY_METHOD key encryption callbacks */
-/* From gost94_keyx.c */
-int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
- size_t *outlen, const unsigned char *key,
- size_t key_len);
-
-int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
- size_t *outlen, const unsigned char *in,
- size_t in_len);
/* From gost2001_keyx.c */
int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
size_t *outlen, const unsigned char *key,
/* From gost2001_keyx.c */
int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen);
-/* From gost94_keyx.c */
-int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
/* Internal functions for signature algorithms */
-int fill_GOST94_params(DSA *dsa, int nid);
int fill_GOST2001_params(EC_KEY *eckey, int nid);
int gost_sign_keygen(DSA *dsa);
int gost2001_keygen(EC_KEY *ec);
int gost2001_do_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, EC_KEY *ec);
int gost2001_compute_public(EC_KEY *ec);
-int gost94_compute_public(DSA *dsa);
/*============== miscellaneous functions============================= */
/* from gost_sign.c */
/* Convert GOST R 34.11 hash sum to bignum according to standard */
/* Unpack GOST R 34.10 signature according to CryptoPro rules */
DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen);
/* from ameth.c */
-/* Get private key as BIGNUM from both R 34.10-94 and R 34.10-2001 keys*/
+/* Get private key as BIGNUM from both 34.10-2001 keys*/
/* Returns pointer into EVP_PKEY structure */
BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey);
-/* Find NID by GOST 94 parameters */
-int gost94_nid_by_params(DSA *p);
#endif
* OpenSSL 0.9.9 libraries required to compile and use *
* this code *
**********************************************************************/
-#include "gost_params.h"
+#include "gost_lcl.h"
#include <openssl/objects.h>
/* Parameters of GOST 34.10 */
-R3410_params R3410_paramset[] = {
-/* Paramset A */
- {NID_id_GostR3410_94_CryptoPro_A_ParamSet,
- "100997906755055304772081815535925224869"
- "8410825720534578748235158755771479905292727772441528526992987964833"
- "5669968284202797289605274717317548059048560713474685214192868091256"
- "1502802222185647539190902656116367847270145019066794290930185446216"
- "3997308722217328898303231940973554032134009725883228768509467406639"
- "62",
- "127021248288932417465907042777176443525"
- "7876535089165358128175072657050312609850984974231883334834011809259"
- "9999512098893413065920561499672425412104927434935707492031276956145"
- "1689224110579311248812610229678534638401693520013288995000362260684"
- "2227508135323070045173416336850045410625869714168836867788425378203"
- "83",
- "683631961449557007844441656118272528951"
- "02170888761442055095051287550314083023"}
- ,
- {NID_id_GostR3410_94_CryptoPro_B_ParamSet,
- "429418261486158041438734477379555023926"
- "7234596860714306679811299408947123142002706038521669956384871995765"
- "7284814898909770759462613437669456364882730370838934791080835932647"
- "9767786019153434744009610342313166725786869204821949328786333602033"
- "8479709268434224762105576023501613261478065276102850944540333865234"
- "1",
- "139454871199115825601409655107690713107"
- "0417070599280317977580014543757653577229840941243685222882398330391"
- "1468164807668823692122073732267216074074777170091113455043205380464"
- "7694904686120113087816240740184800477047157336662926249423571248823"
- "9685422217536601433914856808405203368594584948031873412885804895251"
- "63",
- "79885141663410976897627118935756323747307951916507639758300472692338873533959"}
- ,
- {NID_id_GostR3410_94_CryptoPro_C_ParamSet,
- "816552717970881016017893191415300348226"
- "2544051353358162468249467681876621283478212884286545844013955142622"
- "2087723485023722868022275009502224827866201744494021697716482008353"
- "6398202298024892620480898699335508064332313529725332208819456895108"
- "5155178100221003459370588291073071186553005962149936840737128710832"
- "3",
- "110624679233511963040518952417017040248"
- "5862954819831383774196396298584395948970608956170224210628525560327"
- "8638246716655439297654402921844747893079518669992827880792192992701"
- "1428546551433875806377110443534293554066712653034996277099320715774"
- "3542287621283671843703709141350171945045805050291770503634517804938"
- "01",
- "113468861199819350564868233378875198043"
- "267947776488510997961231672532899549103"}
- ,
- {NID_id_GostR3410_94_CryptoPro_D_ParamSet,
- "756976611021707301782128757801610628085"
- "5283803109571158829574281419208532589041660017017859858216341400371"
- "4687551412794400562878935266630754392677014598582103365983119173924"
- "4732511225464712252386803315902707727668715343476086350472025298282"
- "7271461690125050616858238384366331089777463541013033926723743254833"
- "7",
- "905457649621929965904290958774625315611"
- "3056083907389766971404812524422262512556054474620855996091570786713"
- "5849550236741915584185990627801066465809510095784713989819413820871"
- "5964648914493053407920737078890520482730623038837767710173664838239"
- "8574828787891286471201460474326612697849693665518073864436497893214"
- "9",
- "108988435796353506912374591498972192620"
- "190487557619582334771735390599299211593"}
- ,
-
- {NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,
- "1335318132727206734338595199483190012179423759678474868994823595993"
- "6964252873471246159040332773182141032801252925387191478859899310331"
- "0567744136196364803064721377826656898686468463277710150809401182608"
- "7702016153249904683329312949209127762411378780302243557466062839716"
- "59376426832674269780880061631528163475887",
- "14201174159756348119636828602231808974327613839524373876287257344192"
- "74593935127189736311660784676003608489466235676257952827747192122419"
- "29071046134208380636394084512691828894000571524625445295769349356752"
- "72895683154177544176313938445719175509684710784659566254794231229333"
- "8483924514339614727760681880609734239",
- "91771529896554605945588149018382750217296858393520724172743325725474"
- "374979801"}
- ,
- {NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,
- "8890864727828423151699995801875757891031463338652579140051973659"
- "3048131440685857067369829407947744496306656291505503608252399443"
- "7900272386749145996230867832228661977543992816745254823298629859"
- "8753575466286051738837854736167685769017780335804511440773337196"
- "2538423532919394477873664752824509986617878992443177",
- "1028946126624994859676552074360530315217970499989304888248413244"
- "8474923022758470167998871003604670704877377286176171227694098633"
- "1539089568784129110109512690503345393869871295783467257264868341"
- "7200196629860561193666752429682367397084815179752036423595736533"
- "68957392061769855284593965042530895046088067160269433",
- "9109671391802626916582318050603555673628769498182593088388796888"
- "5281641595199"}
- ,
- {NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,
- "4430618464297584182473135030809859326863990650118941756995270074"
- "8609973181426950235239623239110557450826919295792878938752101867"
- "7047181623251027516953100431855964837602657827828194249605561893"
- "6965865325513137194483136247773653468410118796740709840825496997"
- "9375560722345106704721086025979309968763193072908334",
- "1246996366993477513607147265794064436203408861395055989217248455"
- "7299870737698999651480662364723992859320868822848751165438350943"
- "3276647222625940615560580450040947211826027729977563540237169063"
- "0448079715771649447778447000597419032457722226253269698374446528"
- "35352729304393746106576383349151001715930924115499549",
- "6787876137336591234380295020065682527118129468050147943114675429"
- "4748422492761"}
- ,
-
- {NID_undef, NULL, NULL, NULL}
-};
-
R3410_2001_params R3410_2001_paramset[] = {
- /* default_cc_sign01_param 1.2.643.2.9.1.8.1 */
- {NID_id_GostR3410_2001_ParamSet_cc,
- /* A */
- "C0000000000000000000000000000000000000000000000000000000000003c4",
- /* B */
- "2d06B4265ebc749ff7d0f1f1f88232e81632e9088fd44b7787d5e407e955080c",
- /* P */
- "C0000000000000000000000000000000000000000000000000000000000003C7",
- /* Q */
- "5fffffffffffffffffffffffffffffff606117a2f4bde428b7458a54b6e87b85",
- /* X */
- "2",
- /* Y */
- "a20e034bf8813ef5c18d01105e726a17eb248b264ae9706f440bedc8ccb6b22c"}
- ,
/* 1.2.643.2.2.35.0 */
{NID_id_GostR3410_2001_TestParamSet,
"7",
+++ /dev/null
-/**********************************************************************
- * gost_params.h *
- * Copyright (c) 2005-2006 Cryptocom LTD *
- * This file is distributed under the same license as OpenSSL *
- * *
- * Declaration of structures used to represent GOST R 34.10 *
- * parameter sets, defined in RFC 4357 *
- * OpenSSL 0.9.9 libraries required to compile and use *
- * this code *
- **********************************************************************/
-#ifndef GOST_PARAMSET_H
-# define GOST_PARAMSET_H
-typedef struct R3410 {
- int nid;
- char *a;
- char *p;
- char *q;
-} R3410_params;
-
-extern R3410_params R3410_paramset[];
-
-typedef struct R3410_2001 {
- int nid;
- char *a;
- char *b;
- char *p;
- char *q;
- char *x;
- char *y;
-} R3410_2001_params;
-
-extern R3410_2001_params R3410_2001_paramset[];
-
-#endif
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
-#include "gost_params.h"
#include "gost_lcl.h"
#include "e_gost_err.h"
/* -----init, cleanup, copy - uniform for all algs ---------------*/
memset(data, 0, sizeof(*data));
if (pkey && EVP_PKEY_get0(pkey)) {
switch (EVP_PKEY_base_id(pkey)) {
- case NID_id_GostR3410_94:
- data->sign_param_nid = gost94_nid_by_params(EVP_PKEY_get0(pkey));
- break;
case NID_id_GostR3410_2001:
data->sign_param_nid =
EC_GROUP_get_curve_name(EC_KEY_get0_group
return -2;
}
-static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
- const char *type, const char *value)
-{
- int param_nid = 0;
-
- if (strcmp(type, param_ctrl_string) == 0) {
- if (!value) {
- return 0;
- }
- if (strlen(value) == 1) {
- switch (toupper((unsigned char)value[0])) {
- case 'A':
- param_nid = NID_id_GostR3410_94_CryptoPro_A_ParamSet;
- break;
- case 'B':
- param_nid = NID_id_GostR3410_94_CryptoPro_B_ParamSet;
- break;
- case 'C':
- param_nid = NID_id_GostR3410_94_CryptoPro_C_ParamSet;
- break;
- case 'D':
- param_nid = NID_id_GostR3410_94_CryptoPro_D_ParamSet;
- break;
- default:
- return 0;
- }
- } else if ((strlen(value) == 2)
- && (toupper((unsigned char)value[0]) == 'X')) {
- switch (toupper((unsigned char)value[1])) {
- case 'A':
- param_nid = NID_id_GostR3410_94_CryptoPro_XchA_ParamSet;
- break;
- case 'B':
- param_nid = NID_id_GostR3410_94_CryptoPro_XchB_ParamSet;
- break;
- case 'C':
- param_nid = NID_id_GostR3410_94_CryptoPro_XchC_ParamSet;
- break;
- default:
- return 0;
- }
- } else {
- R3410_params *p = R3410_paramset;
- param_nid = OBJ_txt2nid(value);
- if (param_nid == NID_undef) {
- return 0;
- }
- for (; p->nid != NID_undef; p++) {
- if (p->nid == param_nid)
- break;
- }
- if (p->nid == NID_undef) {
- GOSTerr(GOST_F_PKEY_GOST_CTRL94_STR, GOST_R_INVALID_PARAMSET);
- return 0;
- }
- }
-
- return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
- param_nid, NULL);
- }
- return -2;
-}
-
static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
const char *type, const char *value)
{
return 1;
}
-static int pkey_gost94_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
- struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
- DSA *dsa = NULL;
- if (data->sign_param_nid == NID_undef) {
- GOSTerr(GOST_F_PKEY_GOST94_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
- return 0;
- }
- dsa = DSA_new();
- if (!fill_GOST94_params(dsa, data->sign_param_nid)) {
- DSA_free(dsa);
- return 0;
- }
- EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa);
- return 1;
-}
-
static int pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
return 1;
}
-/* Generates Gost_R3410_94_cp key */
-static int pkey_gost94cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
- DSA *dsa;
- if (!pkey_gost94_paramgen(ctx, pkey))
- return 0;
- dsa = EVP_PKEY_get0(pkey);
- gost_sign_keygen(dsa);
- return 1;
-}
-
/* Generates GOST_R3410 2001 key and assigns it using specified type */
static int pkey_gost01cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
}
/* ----------- sign callbacks --------------------------------------*/
-
-static int pkey_gost94_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
- size_t *siglen, const unsigned char *tbs,
- size_t tbs_len)
+/*
+ * Packs signature according to Cryptopro rules
+ * and frees up DSA_SIG structure
+ */
+int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
{
- DSA_SIG *unpacked_sig = NULL;
- EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
- if (!siglen)
- return 0;
- if (!sig) {
- *siglen = 64; /* better to check size of pkey->pkey.dsa-q */
- return 1;
- }
- unpacked_sig = gost_do_sign(tbs, tbs_len, EVP_PKEY_get0(pkey));
- if (!unpacked_sig) {
- return 0;
- }
- return pack_sign_cp(unpacked_sig, 32, sig, siglen);
+ *siglen = 2 * order;
+ memset(sig, 0, *siglen);
+ store_bignum(s->s, sig, order);
+ store_bignum(s->r, sig + order, order);
+ DSA_SIG_free(s);
+ return 1;
}
+
static int pkey_gost01_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
size_t *siglen, const unsigned char *tbs,
size_t tbs_len)
}
/* ------------------- verify callbacks ---------------------------*/
-
-static int pkey_gost94_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
- size_t siglen, const unsigned char *tbs,
- size_t tbs_len)
+/* Unpack signature according to cryptopro rules */
+DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen)
{
- int ok = 0;
- EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
- DSA_SIG *s = unpack_cp_signature(sig, siglen);
- if (!s)
- return 0;
- if (pub_key)
- ok = gost_do_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
- DSA_SIG_free(s);
- return ok;
+ DSA_SIG *s;
+
+ s = DSA_SIG_new();
+ if (s == NULL) {
+ GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ s->s = BN_bin2bn(sig, siglen / 2, NULL);
+ s->r = BN_bin2bn(sig + siglen / 2, siglen / 2, NULL);
+ return s;
}
+
static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbs_len)
return 0;
switch (id) {
- case NID_id_GostR3410_94:
- EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ctrl94_str);
- EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost94cp_keygen);
- EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost94_cp_sign);
- EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost94_cp_verify);
- EVP_PKEY_meth_set_encrypt(*pmeth,
- pkey_gost_encrypt_init,
- pkey_GOST94cp_encrypt);
- EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST94cp_decrypt);
- EVP_PKEY_meth_set_derive(*pmeth,
- pkey_gost_derive_init, pkey_gost94_derive);
- EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,
- pkey_gost94_paramgen);
- break;
case NID_id_GostR3410_2001:
EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ctrl01_str);
EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost01_cp_sign);
+++ /dev/null
-/**********************************************************************
- * gost_sign.c *
- * Copyright (c) 2005-2006 Cryptocom LTD *
- * This file is distributed under the same license as OpenSSL *
- * *
- * Implementation of GOST R 34.10-94 signature algorithm *
- * for OpenSSL *
- * Requires OpenSSL 0.9.9 for compilation *
- **********************************************************************/
-#include <string.h>
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/err.h>
-
-#include "gost_params.h"
-#include "gost_lcl.h"
-#include "e_gost_err.h"
-
-#ifdef DEBUG_SIGN
-void dump_signature(const char *message, const unsigned char *buffer,
- size_t len)
-{
- size_t i;
- fprintf(stderr, "signature %s Length=%d", message, len);
- for (i = 0; i < len; i++) {
- if (i % 16 == 0)
- fputc('\n', stderr);
- fprintf(stderr, " %02x", buffer[i]);
- }
- fprintf(stderr, "\nEnd of signature\n");
-}
-
-void dump_dsa_sig(const char *message, DSA_SIG *sig)
-{
- fprintf(stderr, "%s\nR=", message);
- BN_print_fp(stderr, sig->r);
- fprintf(stderr, "\nS=");
- BN_print_fp(stderr, sig->s);
- fprintf(stderr, "\n");
-}
-
-#else
-
-# define dump_signature(a,b,c)
-# define dump_dsa_sig(a,b)
-#endif
-
-/*
- * Computes signature and returns it as DSA_SIG structure
- */
-DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-{
- BIGNUM *k = NULL, *tmp = NULL, *tmp2 = NULL;
- DSA_SIG *newsig = NULL, *ret = NULL;
- BIGNUM *md = hashsum2bn(dgst);
- /* check if H(M) mod q is zero */
- BN_CTX *ctx = BN_CTX_new();
- if (!ctx) {
- GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- BN_CTX_start(ctx);
- newsig = DSA_SIG_new();
- if (!newsig) {
- GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- tmp = BN_CTX_get(ctx);
- k = BN_CTX_get(ctx);
- tmp2 = BN_CTX_get(ctx);
- if (!tmp || !k || !tmp2) {
- GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- BN_mod(tmp, md, dsa->q, ctx);
- if (BN_is_zero(tmp)) {
- BN_one(md);
- }
- do {
- do {
- /*
- * Generate random number k less than q
- */
- BN_rand_range(k, dsa->q);
- /* generate r = (a^x mod p) mod q */
- BN_mod_exp(tmp, dsa->g, k, dsa->p, ctx);
- if (!(newsig->r)) {
- newsig->r = BN_new();
- if (!newsig->r) {
- GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- BN_mod(newsig->r, tmp, dsa->q, ctx);
- }
- while (BN_is_zero(newsig->r));
- /* generate s = (xr + k(Hm)) mod q */
- BN_mod_mul(tmp, dsa->priv_key, newsig->r, dsa->q, ctx);
- BN_mod_mul(tmp2, k, md, dsa->q, ctx);
- if (!newsig->s) {
- newsig->s = BN_new();
- if (!newsig->s) {
- GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- BN_mod_add(newsig->s, tmp, tmp2, dsa->q, ctx);
- }
- while (BN_is_zero(newsig->s));
-
- ret = newsig;
- err:
- BN_free(md);
- if (ctx)
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- if (!ret)
- DSA_SIG_free(newsig);
- return ret;
-}
-
-/*
- * Packs signature according to Cryptocom rules
- * and frees up DSA_SIG structure
- */
-/*-
-int pack_sign_cc(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen)
- {
- *siglen = 2*order;
- memset(sig,0,*siglen);
- store_bignum(s->r, sig,order);
- store_bignum(s->s, sig + order,order);
- dump_signature("serialized",sig,*siglen);
- DSA_SIG_free(s);
- return 1;
- }
-*/
-/*
- * Packs signature according to Cryptopro rules
- * and frees up DSA_SIG structure
- */
-int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
-{
- *siglen = 2 * order;
- memset(sig, 0, *siglen);
- store_bignum(s->s, sig, order);
- store_bignum(s->r, sig + order, order);
- dump_signature("serialized", sig, *siglen);
- DSA_SIG_free(s);
- return 1;
-}
-
-/*
- * Verifies signature passed as DSA_SIG structure
- *
- */
-
-int gost_do_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa)
-{
- BIGNUM *md = NULL, *tmp = NULL;
- BIGNUM *q2 = NULL;
- BIGNUM *u = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
- BIGNUM *tmp2 = NULL, *tmp3 = NULL;
- int ok = 0;
- BN_CTX *ctx = BN_CTX_new();
- if (!ctx) {
- GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- BN_CTX_start(ctx);
- if (BN_cmp(sig->s, dsa->q) >= 1 || BN_cmp(sig->r, dsa->q) >= 1) {
- GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
- goto err;
- }
- md = hashsum2bn(dgst);
-
- tmp = BN_CTX_get(ctx);
- v = BN_CTX_get(ctx);
- q2 = BN_CTX_get(ctx);
- z1 = BN_CTX_get(ctx);
- z2 = BN_CTX_get(ctx);
- tmp2 = BN_CTX_get(ctx);
- tmp3 = BN_CTX_get(ctx);
- u = BN_CTX_get(ctx);
- if (!tmp || !v || !q2 || !z1 || !z2 || !tmp2 || !tmp3 || !u) {
- GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- BN_mod(tmp, md, dsa->q, ctx);
- if (BN_is_zero(tmp)) {
- BN_one(md);
- }
- BN_copy(q2, dsa->q);
- BN_sub_word(q2, 2);
- BN_mod_exp(v, md, q2, dsa->q, ctx);
- BN_mod_mul(z1, sig->s, v, dsa->q, ctx);
- BN_sub(tmp, dsa->q, sig->r);
- BN_mod_mul(z2, tmp, v, dsa->p, ctx);
- BN_mod_exp(tmp, dsa->g, z1, dsa->p, ctx);
- BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx);
- BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx);
- BN_mod(u, tmp3, dsa->q, ctx);
- ok = (BN_cmp(u, sig->r) == 0);
-
- if (!ok) {
- GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
- }
-err:
- BN_free(md);
- if (ctx)
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- return (ok == 0);
-}
-
-/*
- * Computes public keys for GOST R 34.10-94 algorithm
- *
- */
-int gost94_compute_public(DSA *dsa)
-{
- /* Now fill algorithm parameters with correct values */
- BN_CTX *ctx;
- if (!dsa->g) {
- GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITALIZED);
- return 0;
- }
- ctx = BN_CTX_new();
- if (!ctx) {
- GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- dsa->pub_key = BN_new();
- if (!dsa->pub_key) {
- GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
- BN_CTX_free(ctx);
- return 0;
- }
- /* Compute public key y = a^x mod p */
- BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx);
- BN_CTX_free(ctx);
- return 1;
-}
-
-/*
- * Fill GOST 94 params, searching them in R3410_paramset array
- * by nid of paramset
- *
- */
-int fill_GOST94_params(DSA *dsa, int nid)
-{
- R3410_params *params = R3410_paramset;
- while (params->nid != NID_undef && params->nid != nid)
- params++;
- if (params->nid == NID_undef) {
- GOSTerr(GOST_F_FILL_GOST94_PARAMS, GOST_R_UNSUPPORTED_PARAMETER_SET);
- return 0;
- }
-#define dump_signature(a,b,c)
- BN_free(dsa->p);
- dsa->p = NULL;
- BN_dec2bn(&(dsa->p), params->p);
- BN_free(dsa->q);
- dsa->q = NULL;
- BN_dec2bn(&(dsa->q), params->q);
- BN_free(dsa->g);
- dsa->g = NULL;
- BN_dec2bn(&(dsa->g), params->a);
- return 1;
-}
-
-/*
- * Generate GOST R 34.10-94 keypair
- *
- *
- */
-int gost_sign_keygen(DSA *dsa)
-{
- dsa->priv_key = BN_new();
- if (!dsa->priv_key) {
- GOSTerr(GOST_F_GOST_SIGN_KEYGEN, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- BN_rand_range(dsa->priv_key, dsa->q);
- return gost94_compute_public(dsa);
-}
-
-/* Unpack signature according to cryptocom rules */
-/*-
-DSA_SIG *unpack_cc_signature(const unsigned char *sig,size_t siglen)
- {
- DSA_SIG *s;
- s = DSA_SIG_new();
- if (s == NULL)
- {
- GOSTerr(GOST_F_UNPACK_CC_SIGNATURE,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- s->r = getbnfrombuf(sig, siglen/2);
- s->s = getbnfrombuf(sig + siglen/2, siglen/2);
- return s;
- }
-*/
-/* Unpack signature according to cryptopro rules */
-DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen)
-{
- DSA_SIG *s;
-
- s = DSA_SIG_new();
- if (s == NULL) {
- GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- s->s = getbnfrombuf(sig, siglen / 2);
- s->r = getbnfrombuf(sig + siglen / 2, siglen / 2);
- return s;
-}
-
-/* Convert little-endian byte array into bignum */
-BIGNUM *hashsum2bn(const unsigned char *dgst)
-{
- unsigned char buf[32];
- int i;
- for (i = 0; i < 32; i++) {
- buf[31 - i] = dgst[i];
- }
- return getbnfrombuf(buf, 32);
-}
-
-/* Convert byte buffer to bignum, skipping leading zeros*/
-BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len)
-{
- while (*buf == 0 && len > 0) {
- buf++;
- len--;
- }
- if (len) {
- return BN_bin2bn(buf, len, NULL);
- } else {
- BIGNUM *b = BN_new();
- BN_zero(b);
- return b;
- }
-}
-
-/*
- * Pack bignum into byte buffer of given size, filling all leading bytes by
- * zeros
- */
-int store_bignum(BIGNUM *bn, unsigned char *buf, int len)
-{
- int bytes = BN_num_bytes(bn);
- if (bytes > len)
- return 0;
- memset(buf, 0, len);
- BN_bn2bin(bn, buf + len - bytes);
- return 1;
-}
# define TLS_CT_ECDSA_SIGN 64
# define TLS_CT_RSA_FIXED_ECDH 65
# define TLS_CT_ECDSA_FIXED_ECDH 66
-# define TLS_CT_GOST94_SIGN 21
# define TLS_CT_GOST01_SIGN 22
/*
* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
ret = SSL_PKEY_ECC;
}
#endif
- else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) {
- ret = SSL_PKEY_GOST94;
- } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
+ else if (i == NID_id_GostR3410_2001) {
ret = SSL_PKEY_GOST01;
} else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
/*
n = j + 2;
} else
#endif
- if (pkey->type == NID_id_GostR3410_94
- || pkey->type == NID_id_GostR3410_2001) {
+ if (pkey->type == NID_id_GostR3410_2001) {
unsigned char signbuf[64];
int i;
size_t sigsize = 64;
/* GOST Ciphersuites */
- {
- 1,
- "GOST94-GOST89-GOST89",
- 0x3000080,
- SSL_kGOST,
- SSL_aGOST94,
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
- 256,
- 256},
{
1,
"GOST2001-GOST89-GOST89",
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
256,
- 256},
- {
- 1,
- "GOST94-NULL-GOST94",
- 0x3000082,
- SSL_kGOST,
- SSL_aGOST94,
- SSL_eNULL,
- SSL_GOST94,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE,
- SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
- 0,
- 0},
+ 256
+ },
{
1,
"GOST2001-NULL-GOST94",
SSL_NOT_EXP | SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
0,
- 0},
+ 0
+ },
#ifndef OPENSSL_NO_CAMELLIA
/* Camellia ciphersuites from RFC4132 (256-bit portion) */
256},
#endif
-#ifdef TEMP_GOST_TLS
-/* Cipher FF00 */
- {
- 1,
- "GOST-MD5",
- 0x0300ff00,
- SSL_kRSA,
- SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_MD5,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 256,
- 256,
- },
- {
- 1,
- "GOST-GOST94",
- 0x0300ff01,
- SSL_kRSA,
- SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_GOST94,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 256,
- 256},
- {
- 1,
- "GOST-GOST89MAC",
- 0x0300ff02,
- SSL_kRSA,
- SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 256,
- 256},
- {
- 1,
- "GOST-GOST89STREAM",
- 0x0300ff03,
- SSL_kRSA,
- SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC,
- 256,
- 256},
-#endif
-
/* end of list */
};
#ifndef OPENSSL_NO_GOST
if (s->version >= TLS1_VERSION) {
if (alg_k & SSL_kGOST) {
- p[ret++] = TLS_CT_GOST94_SIGN;
p[ret++] = TLS_CT_GOST01_SIGN;
return (ret);
}
/* Get our certificate private key */
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
- if (alg_a & SSL_aGOST94)
- pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
- else if (alg_a & SSL_aGOST01)
+ if (alg_a & SSL_aGOST01)
pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
* If key is GOST and n is exactly 64, it is bare signature without
* length field
*/
- if (n == 64 && (pkey->type == NID_id_GostR3410_94 ||
- pkey->type == NID_id_GostR3410_2001)) {
+ if (n == 64 && pkey->type == NID_id_GostR3410_2001) {
len = 64;
} else {
if (SSL_USE_SIGALGS(s)) {
}
} else
#endif
- if (pkey->type == NID_id_GostR3410_94
- || pkey->type == NID_id_GostR3410_2001) {
+ if (pkey->type == NID_id_GostR3410_2001) {
unsigned char signature[64];
int idx;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
{0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94 | SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aSRP, 0, 0, SSL_aSRP, 0, 0, 0, 0, 0, 0, 0},
/* aliases combining key exchange and server authentication */
disabled_mac_mask |= SSL_GOST89MAC;
}
- if (!get_optional_pkey_id("gost94"))
- disabled_auth_mask |= SSL_aGOST94;
if (!get_optional_pkey_id("gost2001"))
disabled_auth_mask |= SSL_aGOST01;
/*
* Disable GOST key exchange if no GOST signature algs are available *
*/
- if ((disabled_auth_mask & (SSL_aGOST94 | SSL_aGOST01)) == (SSL_aGOST94 | SSL_aGOST01))
+ if ((disabled_auth_mask & SSL_aGOST01) == SSL_aGOST01)
disabled_mkey_mask |= SSL_kGOST;
}
case SSL_aSRP:
au = "SRP";
break;
- case SSL_aGOST94:
- au = "GOST94";
- break;
case SSL_aGOST01:
au = "GOST01";
break;
return SSL_PKEY_DSA_SIGN;
else if (alg_a & SSL_aRSA)
return SSL_PKEY_RSA_ENC;
- else if (alg_a & SSL_aGOST94)
- return SSL_PKEY_GOST94;
else if (alg_a & SSL_aGOST01)
return SSL_PKEY_GOST01;
return -1;
mask_k |= SSL_kGOST;
mask_a |= SSL_aGOST01;
}
- cpk = &(c->pkeys[SSL_PKEY_GOST94]);
- if (cpk->x509 != NULL && cpk->privatekey != NULL) {
- mask_k |= SSL_kGOST;
- mask_a |= SSL_aGOST94;
- }
if (rsa_enc || (rsa_tmp && rsa_sign))
mask_k |= SSL_kRSA;
# define SSL_aECDSA 0x00000040L
/* PSK auth */
# define SSL_aPSK 0x00000080L
-/* GOST R 34.10-94 signature auth */
-# define SSL_aGOST94 0x00000100L
/* GOST R 34.10-2001 signature auth */
# define SSL_aGOST01 0x00000200L
/* SRP auth */
# define SSL_PKEY_DH_RSA 3
# define SSL_PKEY_DH_DSA 4
# define SSL_PKEY_ECC 5
-# define SSL_PKEY_GOST94 6
# define SSL_PKEY_GOST01 7
# define SSL_PKEY_NUM 8