Dr. Stephen Henson
parent
a4346646f1
commit
ec06417d52
@ -238,19 +238,21 @@ gost_params.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
|||||||
gost_params.o: ../../include/openssl/symhacks.h gost_params.c gost_params.h
|
gost_params.o: ../../include/openssl/symhacks.h gost_params.c gost_params.h
|
||||||
gost_pmeth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
|
gost_pmeth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
|
||||||
gost_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
|
gost_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
gost_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
gost_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
|
||||||
gost_pmeth.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
|
gost_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
|
||||||
gost_pmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
|
gost_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
|
||||||
gost_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
|
gost_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
|
||||||
gost_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
|
gost_pmeth.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
|
||||||
gost_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
|
gost_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
|
||||||
|
gost_pmeth.o: ../../include/openssl/objects.h
|
||||||
gost_pmeth.o: ../../include/openssl/opensslconf.h
|
gost_pmeth.o: ../../include/openssl/opensslconf.h
|
||||||
gost_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
gost_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
gost_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
|
gost_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
|
||||||
gost_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
|
gost_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
|
||||||
gost_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
|
gost_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
|
||||||
gost_pmeth.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h gost_lcl.h
|
gost_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
|
||||||
gost_pmeth.o: gost_params.h gost_pmeth.c gosthash.h
|
gost_pmeth.o: e_gost_err.h gost89.h gost_lcl.h gost_params.h gost_pmeth.c
|
||||||
|
gost_pmeth.o: gosthash.h
|
||||||
gost_sign.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
|
gost_sign.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
|
||||||
gost_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
|
gost_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
gost_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
gost_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
|
|||||||
@ -86,6 +86,8 @@ static ERR_STRING_DATA GOST_str_functs[]=
|
|||||||
{ERR_FUNC(GOST_F_GOST_COMPUTE_PUBLIC), "GOST_COMPUTE_PUBLIC"},
|
{ERR_FUNC(GOST_F_GOST_COMPUTE_PUBLIC), "GOST_COMPUTE_PUBLIC"},
|
||||||
{ERR_FUNC(GOST_F_GOST_DO_SIGN), "GOST_DO_SIGN"},
|
{ERR_FUNC(GOST_F_GOST_DO_SIGN), "GOST_DO_SIGN"},
|
||||||
{ERR_FUNC(GOST_F_GOST_DO_VERIFY), "GOST_DO_VERIFY"},
|
{ERR_FUNC(GOST_F_GOST_DO_VERIFY), "GOST_DO_VERIFY"},
|
||||||
|
{ERR_FUNC(GOST_F_GOST_IMIT_CTRL), "GOST_IMIT_CTRL"},
|
||||||
|
{ERR_FUNC(GOST_F_GOST_IMIT_UPDATE), "GOST_IMIT_UPDATE"},
|
||||||
{ERR_FUNC(GOST_F_MAKE_RFC4490_KEYTRANSPORT_2001), "MAKE_RFC4490_KEYTRANSPORT_2001"},
|
{ERR_FUNC(GOST_F_MAKE_RFC4490_KEYTRANSPORT_2001), "MAKE_RFC4490_KEYTRANSPORT_2001"},
|
||||||
{ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"},
|
{ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"},
|
||||||
{ERR_FUNC(GOST_F_PARAM_COPY_GOST94), "PARAM_COPY_GOST94"},
|
{ERR_FUNC(GOST_F_PARAM_COPY_GOST94), "PARAM_COPY_GOST94"},
|
||||||
@ -122,7 +124,6 @@ static ERR_STRING_DATA GOST_str_reasons[]=
|
|||||||
{ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"},
|
{ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"},
|
||||||
{ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"},
|
{ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"},
|
||||||
{ERR_REASON(GOST_R_CTX_NOT_INITIALIZED_FOR_ENCRYPT),"ctx not initialized for encrypt"},
|
{ERR_REASON(GOST_R_CTX_NOT_INITIALIZED_FOR_ENCRYPT),"ctx not initialized for encrypt"},
|
||||||
{ERR_REASON(GOST_R_DECODE_ERROR) ,"decode error"},
|
|
||||||
{ERR_REASON(GOST_R_ERROR_COMPUTING_MAC) ,"error computing mac"},
|
{ERR_REASON(GOST_R_ERROR_COMPUTING_MAC) ,"error computing mac"},
|
||||||
{ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),"error computing shared key"},
|
{ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),"error computing shared key"},
|
||||||
{ERR_REASON(GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO),"error packing key transport info"},
|
{ERR_REASON(GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO),"error packing key transport info"},
|
||||||
|
|||||||
@ -83,6 +83,8 @@ void ERR_GOST_error(int function, int reason, char *file, int line);
|
|||||||
#define GOST_F_GOST_COMPUTE_PUBLIC 109
|
#define GOST_F_GOST_COMPUTE_PUBLIC 109
|
||||||
#define GOST_F_GOST_DO_SIGN 110
|
#define GOST_F_GOST_DO_SIGN 110
|
||||||
#define GOST_F_GOST_DO_VERIFY 111
|
#define GOST_F_GOST_DO_VERIFY 111
|
||||||
|
#define GOST_F_GOST_IMIT_CTRL 138
|
||||||
|
#define GOST_F_GOST_IMIT_UPDATE 139
|
||||||
#define GOST_F_MAKE_RFC4490_KEYTRANSPORT_2001 127
|
#define GOST_F_MAKE_RFC4490_KEYTRANSPORT_2001 127
|
||||||
#define GOST_F_PARAM_COPY_GOST01 132
|
#define GOST_F_PARAM_COPY_GOST01 132
|
||||||
#define GOST_F_PARAM_COPY_GOST94 133
|
#define GOST_F_PARAM_COPY_GOST94 133
|
||||||
@ -100,11 +102,11 @@ void ERR_GOST_error(int function, int reason, char *file, int line);
|
|||||||
#define GOST_F_PKEY_GOST_CTRL 114
|
#define GOST_F_PKEY_GOST_CTRL 114
|
||||||
#define GOST_F_PKEY_GOST_CTRL01_STR 115
|
#define GOST_F_PKEY_GOST_CTRL01_STR 115
|
||||||
#define GOST_F_PKEY_GOST_CTRL94_STR 116
|
#define GOST_F_PKEY_GOST_CTRL94_STR 116
|
||||||
#define GOST_F_PKEY_GOST_MAC_CTRL 138
|
#define GOST_F_PKEY_GOST_MAC_CTRL 140
|
||||||
#define GOST_F_PKEY_GOST_MAC_CTRL_STR 139
|
#define GOST_F_PKEY_GOST_MAC_CTRL_STR 141
|
||||||
#define GOST_F_PKEY_GOST_MAC_KEYGEN 140
|
#define GOST_F_PKEY_GOST_MAC_KEYGEN 142
|
||||||
#define GOST_F_PRIV_DECODE_GOST_94 117
|
#define GOST_F_PRIV_DECODE_GOST_94 117
|
||||||
#define GOST_F_PRIV_DECODE_MAC 141
|
#define GOST_F_PRIV_DECODE_MAC 143
|
||||||
#define GOST_F_PUB_DECODE_GOST01 136
|
#define GOST_F_PUB_DECODE_GOST01 136
|
||||||
#define GOST_F_PUB_DECODE_GOST94 134
|
#define GOST_F_PUB_DECODE_GOST94 134
|
||||||
#define GOST_F_PUB_ENCODE_GOST01 135
|
#define GOST_F_PUB_ENCODE_GOST01 135
|
||||||
@ -116,7 +118,6 @@ void ERR_GOST_error(int function, int reason, char *file, int line);
|
|||||||
#define GOST_R_BAD_PKEY_PARAMETERS_FORMAT 129
|
#define GOST_R_BAD_PKEY_PARAMETERS_FORMAT 129
|
||||||
#define GOST_R_CANNOT_PACK_EPHEMERAL_KEY 114
|
#define GOST_R_CANNOT_PACK_EPHEMERAL_KEY 114
|
||||||
#define GOST_R_CTX_NOT_INITIALIZED_FOR_ENCRYPT 115
|
#define GOST_R_CTX_NOT_INITIALIZED_FOR_ENCRYPT 115
|
||||||
#define GOST_R_DECODE_ERROR 134
|
|
||||||
#define GOST_R_ERROR_COMPUTING_MAC 116
|
#define GOST_R_ERROR_COMPUTING_MAC 116
|
||||||
#define GOST_R_ERROR_COMPUTING_SHARED_KEY 117
|
#define GOST_R_ERROR_COMPUTING_SHARED_KEY 117
|
||||||
#define GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO 118
|
#define GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO 118
|
||||||
@ -131,12 +132,12 @@ void ERR_GOST_error(int function, int reason, char *file, int line);
|
|||||||
#define GOST_R_INVALID_ENCRYPTED_KEY_SIZE 123
|
#define GOST_R_INVALID_ENCRYPTED_KEY_SIZE 123
|
||||||
#define GOST_R_INVALID_GOST94_PARMSET 127
|
#define GOST_R_INVALID_GOST94_PARMSET 127
|
||||||
#define GOST_R_INVALID_IV_LENGTH 102
|
#define GOST_R_INVALID_IV_LENGTH 102
|
||||||
#define GOST_R_INVALID_MAC_KEY_LENGTH 135
|
#define GOST_R_INVALID_MAC_KEY_LENGTH 134
|
||||||
#define GOST_R_INVALID_PARAMSET 103
|
#define GOST_R_INVALID_PARAMSET 103
|
||||||
#define GOST_R_KEY_IS_NOT_INITALIZED 104
|
#define GOST_R_KEY_IS_NOT_INITALIZED 104
|
||||||
#define GOST_R_KEY_IS_NOT_INITIALIZED 105
|
#define GOST_R_KEY_IS_NOT_INITIALIZED 105
|
||||||
#define GOST_R_KEY_PARAMETERS_MISSING 131
|
#define GOST_R_KEY_PARAMETERS_MISSING 131
|
||||||
#define GOST_R_MAC_KEY_NOT_SET 136
|
#define GOST_R_MAC_KEY_NOT_SET 135
|
||||||
#define GOST_R_MALLOC_FAILURE 124
|
#define GOST_R_MALLOC_FAILURE 124
|
||||||
#define GOST_R_NOT_ENOUGH_SPACE_FOR_KEY 125
|
#define GOST_R_NOT_ENOUGH_SPACE_FOR_KEY 125
|
||||||
#define GOST_R_NO_MEMORY 106
|
#define GOST_R_NO_MEMORY 106
|
||||||
|
|||||||
@ -69,6 +69,7 @@ int pkey_GOST01cc_encrypt (EVP_PKEY_CTX *pctx,unsigned char *out,
|
|||||||
struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
|
struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
|
||||||
GOST_KEY_TRANSPORT *gkt = NULL;
|
GOST_KEY_TRANSPORT *gkt = NULL;
|
||||||
int ret=0;
|
int ret=0;
|
||||||
|
const struct gost_cipher_info *cipher_info;
|
||||||
gost_ctx ctx;
|
gost_ctx ctx;
|
||||||
EC_KEY *ephemeral=NULL;
|
EC_KEY *ephemeral=NULL;
|
||||||
const EC_POINT *pub_key_point=NULL;
|
const EC_POINT *pub_key_point=NULL;
|
||||||
@ -84,7 +85,8 @@ int pkey_GOST01cc_encrypt (EVP_PKEY_CTX *pctx,unsigned char *out,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
/* encrypt session key */
|
/* encrypt session key */
|
||||||
gost_init(&ctx, &GostR3411_94_CryptoProParamSet);
|
cipher_info = get_encryption_params(NULL);
|
||||||
|
gost_init(&ctx, cipher_info->sblock);
|
||||||
gost_key(&ctx,shared_key);
|
gost_key(&ctx,shared_key);
|
||||||
encrypt_cryptocom_key(key,key_len,encrypted_key,&ctx);
|
encrypt_cryptocom_key(key,key_len,encrypted_key,&ctx);
|
||||||
/* compute hmac of session key */
|
/* compute hmac of session key */
|
||||||
@ -122,7 +124,7 @@ int pkey_GOST01cc_encrypt (EVP_PKEY_CTX *pctx,unsigned char *out,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
|
ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
|
||||||
gkt->key_agreement_info->cipher = OBJ_nid2obj(NID_id_Gost28147_89_cc);
|
gkt->key_agreement_info->cipher = OBJ_nid2obj(cipher_info->nid);
|
||||||
if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt,&out))>0) ret = 1;
|
if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt,&out))>0) ret = 1;
|
||||||
;
|
;
|
||||||
err:
|
err:
|
||||||
@ -143,6 +145,7 @@ int pkey_GOST01cc_decrypt (EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_l
|
|||||||
unsigned char hmac[4],hmac_comp[4];
|
unsigned char hmac[4],hmac_comp[4];
|
||||||
unsigned char iv[8];
|
unsigned char iv[8];
|
||||||
int i;
|
int i;
|
||||||
|
const struct gost_cipher_info *cipher_info;
|
||||||
gost_ctx ctx;
|
gost_ctx ctx;
|
||||||
const EC_POINT *pub_key_point;
|
const EC_POINT *pub_key_point;
|
||||||
EVP_PKEY *eph_key;
|
EVP_PKEY *eph_key;
|
||||||
@ -178,7 +181,8 @@ int pkey_GOST01cc_decrypt (EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_l
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
/* Decrypt session key */
|
/* Decrypt session key */
|
||||||
gost_init(&ctx, &GostR3411_94_CryptoProParamSet);
|
cipher_info = get_encryption_params(gkt->key_agreement_info->cipher);
|
||||||
|
gost_init(&ctx, cipher_info->sblock);
|
||||||
gost_key(&ctx,shared_key);
|
gost_key(&ctx,shared_key);
|
||||||
|
|
||||||
if (!decrypt_cryptocom_key(key,*key_len,gkt->key_info->encrypted_key->data,
|
if (!decrypt_cryptocom_key(key,*key_len,gkt->key_info->encrypted_key->data,
|
||||||
|
|||||||
@ -234,6 +234,7 @@ int pkey_GOST94cc_encrypt (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen
|
|||||||
/* create DH structure filling parameters from passed pub_key */
|
/* create DH structure filling parameters from passed pub_key */
|
||||||
DH *dh = NULL;
|
DH *dh = NULL;
|
||||||
GOST_KEY_TRANSPORT *gkt = NULL;
|
GOST_KEY_TRANSPORT *gkt = NULL;
|
||||||
|
const struct gost_cipher_info *cipher_info;
|
||||||
gost_ctx cctx;
|
gost_ctx cctx;
|
||||||
EVP_PKEY *newkey=NULL;
|
EVP_PKEY *newkey=NULL;
|
||||||
unsigned char shared_key[32],encrypted_key[32],hmac[4],
|
unsigned char shared_key[32],encrypted_key[32],hmac[4],
|
||||||
@ -254,7 +255,8 @@ int pkey_GOST94cc_encrypt (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
/* encrypt session key */
|
/* encrypt session key */
|
||||||
gost_init(&cctx, &GostR3411_94_CryptoProParamSet);
|
cipher_info = get_encryption_params(NULL);
|
||||||
|
gost_init(&cctx, cipher_info->sblock);
|
||||||
gost_key(&cctx,shared_key);
|
gost_key(&cctx,shared_key);
|
||||||
encrypt_cryptocom_key(key,key_len,encrypted_key,&cctx);
|
encrypt_cryptocom_key(key,key_len,encrypted_key,&cctx);
|
||||||
/* compute hmac of session key */
|
/* compute hmac of session key */
|
||||||
@ -293,7 +295,7 @@ int pkey_GOST94cc_encrypt (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
|
ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
|
||||||
gkt->key_agreement_info->cipher = OBJ_nid2obj(NID_id_Gost28147_89_cc);
|
gkt->key_agreement_info->cipher = OBJ_nid2obj(cipher_info->nid);
|
||||||
*outlen = i2d_GOST_KEY_TRANSPORT(gkt,&out);
|
*outlen = i2d_GOST_KEY_TRANSPORT(gkt,&out);
|
||||||
err:
|
err:
|
||||||
if (gkt) GOST_KEY_TRANSPORT_free(gkt);
|
if (gkt) GOST_KEY_TRANSPORT_free(gkt);
|
||||||
@ -374,6 +376,7 @@ int pkey_GOST94cc_decrypt (EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_l
|
|||||||
unsigned char hmac[4],hmac_comp[4];
|
unsigned char hmac[4],hmac_comp[4];
|
||||||
unsigned char iv[8];
|
unsigned char iv[8];
|
||||||
int i;
|
int i;
|
||||||
|
const struct gost_cipher_info *cipher_info;
|
||||||
gost_ctx ctx;
|
gost_ctx ctx;
|
||||||
DH *dh = DH_new();
|
DH *dh = DH_new();
|
||||||
EVP_PKEY *eph_key;
|
EVP_PKEY *eph_key;
|
||||||
@ -415,7 +418,8 @@ int pkey_GOST94cc_decrypt (EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_l
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
/* Decrypt session key */
|
/* Decrypt session key */
|
||||||
gost_init(&ctx, &GostR3411_94_CryptoProParamSet);
|
cipher_info = get_encryption_params(gkt->key_agreement_info->cipher);
|
||||||
|
gost_init(&ctx, cipher_info->sblock);
|
||||||
gost_key(&ctx,shared_key);
|
gost_key(&ctx,shared_key);
|
||||||
|
|
||||||
if (!decrypt_cryptocom_key(key,*key_len,gkt->key_info->encrypted_key->data,
|
if (!decrypt_cryptocom_key(key,*key_len,gkt->key_info->encrypted_key->data,
|
||||||
|
|||||||
@ -714,69 +714,12 @@ static void mackey_free_gost(EVP_PKEY *pk)
|
|||||||
OPENSSL_free(pk->pkey.ptr);
|
OPENSSL_free(pk->pkey.ptr);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
static int priv_decode_mac(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
|
|
||||||
{
|
|
||||||
X509_ALGOR *palg = NULL;
|
|
||||||
int priv_len = 0;
|
|
||||||
ASN1_OBJECT *palg_obj = NULL;
|
|
||||||
ASN1_OCTET_STRING *s=NULL;
|
|
||||||
const unsigned char *pkey_buf = NULL, *p = NULL;
|
|
||||||
unsigned char *keybuf=NULL;
|
|
||||||
if (!PKCS8_pkey_get0(&palg_obj,&pkey_buf,&priv_len,&palg,p8inf))
|
|
||||||
{
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
p = pkey_buf;
|
|
||||||
if (V_ASN1_OCTET_STRING != *p)
|
|
||||||
{
|
|
||||||
GOSTerr(GOST_F_PRIV_DECODE_MAC,
|
|
||||||
GOST_R_DECODE_ERROR);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
s = d2i_ASN1_OCTET_STRING(NULL,&p,priv_len);
|
|
||||||
if (!s || s->length!=32)
|
|
||||||
{
|
|
||||||
GOSTerr(GOST_F_PRIV_DECODE_MAC,
|
|
||||||
GOST_R_DECODE_ERROR);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
keybuf = OPENSSL_malloc(32);
|
|
||||||
memcpy(keybuf,s->data,32);
|
|
||||||
EVP_PKEY_assign(pk,EVP_PKEY_base_id(pk),keybuf);
|
|
||||||
ASN1_STRING_free(s);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int priv_encode_mac(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
|
|
||||||
{
|
|
||||||
ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
|
|
||||||
ASN1_STRING *key = ASN1_STRING_new();
|
|
||||||
unsigned char *priv_buf=NULL, *data = EVP_PKEY_get0((EVP_PKEY *)pk);
|
|
||||||
int priv_len;
|
|
||||||
|
|
||||||
ASN1_STRING_set(key, data, 32);
|
|
||||||
priv_len = i2d_ASN1_OCTET_STRING(key,&priv_buf);
|
|
||||||
ASN1_STRING_free(key);
|
|
||||||
return PKCS8_pkey_set0(p8,algobj,0,V_ASN1_NULL,NULL,priv_buf,priv_len);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int priv_print_mac(BIO *out,const EVP_PKEY *pkey, int indent,
|
|
||||||
ASN1_PCTX *pctx)
|
|
||||||
{
|
|
||||||
unsigned char *data = EVP_PKEY_get0((EVP_PKEY *)pkey);
|
|
||||||
int i;
|
|
||||||
if (!BIO_indent(out, indent,128)) return 0;
|
|
||||||
for (i=0; i<32;i++) {
|
|
||||||
BIO_printf(out,"%02x",data[i]);
|
|
||||||
}
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
|
static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
|
||||||
{
|
{
|
||||||
switch (op)
|
switch (op)
|
||||||
{
|
{
|
||||||
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
|
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
|
||||||
*(int *)arg2 = NID_id_Gost28147_89_MAC;
|
*(int *)arg2 = NID_undef;
|
||||||
return 2;
|
return 2;
|
||||||
}
|
}
|
||||||
return -2;
|
return -2;
|
||||||
@ -825,8 +768,6 @@ int register_ameth_gost (int nid, EVP_PKEY_ASN1_METHOD **ameth, const char* pems
|
|||||||
break;
|
break;
|
||||||
case NID_id_Gost28147_89_MAC:
|
case NID_id_Gost28147_89_MAC:
|
||||||
EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
|
EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
|
||||||
EVP_PKEY_asn1_set_private(*ameth, priv_decode_mac,
|
|
||||||
priv_encode_mac, priv_print_mac);
|
|
||||||
EVP_PKEY_asn1_set_ctrl(*ameth,mac_ctrl_gost);
|
EVP_PKEY_asn1_set_ctrl(*ameth,mac_ctrl_gost);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -88,10 +88,12 @@ static EVP_CIPHER cipher_gost_vizircfb =
|
|||||||
gost_cipher_ctl,
|
gost_cipher_ctl,
|
||||||
NULL,
|
NULL,
|
||||||
};
|
};
|
||||||
|
#endif
|
||||||
/* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */
|
/* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */
|
||||||
/* Init functions which set specific parameters */
|
/* Init functions which set specific parameters */
|
||||||
|
#ifdef USE_SSL
|
||||||
static int gost_imit_init_vizir(EVP_MD_CTX *ctx);
|
static int gost_imit_init_vizir(EVP_MD_CTX *ctx);
|
||||||
|
#endif
|
||||||
static int gost_imit_init_cpa(EVP_MD_CTX *ctx);
|
static int gost_imit_init_cpa(EVP_MD_CTX *ctx);
|
||||||
/* process block of data */
|
/* process block of data */
|
||||||
static int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count);
|
static int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count);
|
||||||
@ -103,6 +105,8 @@ static int gost_imit_cleanup(EVP_MD_CTX *ctx);
|
|||||||
/* Control function, knows how to set MAC key.*/
|
/* Control function, knows how to set MAC key.*/
|
||||||
static int gost_imit_ctrl(EVP_MD_CTX *ctx,int type, int arg, void *ptr);
|
static int gost_imit_ctrl(EVP_MD_CTX *ctx,int type, int arg, void *ptr);
|
||||||
|
|
||||||
|
#ifdef USE_SSL
|
||||||
|
|
||||||
EVP_MD imit_gost_vizir =
|
EVP_MD imit_gost_vizir =
|
||||||
{
|
{
|
||||||
NID_undef,
|
NID_undef,
|
||||||
@ -121,27 +125,26 @@ EVP_MD imit_gost_vizir =
|
|||||||
8,
|
8,
|
||||||
sizeof(struct ossl_gost_imit_ctx)
|
sizeof(struct ossl_gost_imit_ctx)
|
||||||
};
|
};
|
||||||
|
#endif
|
||||||
EVP_MD imit_gost_cpa =
|
EVP_MD imit_gost_cpa =
|
||||||
{
|
{
|
||||||
NID_undef,
|
NID_id_Gost28147_89_MAC,
|
||||||
NID_undef,
|
NID_undef,
|
||||||
4,
|
4,
|
||||||
EVP_MD_FLAG_NEEDS_KEY,
|
0,
|
||||||
gost_imit_init_cpa,
|
gost_imit_init_cpa,
|
||||||
gost_imit_update,
|
gost_imit_update,
|
||||||
gost_imit_final,
|
gost_imit_final,
|
||||||
gost_imit_copy,
|
gost_imit_copy,
|
||||||
gost_imit_cleanup,
|
gost_imit_cleanup,
|
||||||
gost_imit_ctrl,
|
|
||||||
NULL,
|
NULL,
|
||||||
NULL,
|
NULL,
|
||||||
{0,0,0,0,0},
|
{0,0,0,0,0},
|
||||||
8,
|
8,
|
||||||
sizeof(struct ossl_gost_imit_ctx)
|
sizeof(struct ossl_gost_imit_ctx),
|
||||||
|
gost_imit_ctrl
|
||||||
};
|
};
|
||||||
|
|
||||||
#endif
|
|
||||||
/*
|
/*
|
||||||
* Correspondence between gost parameter OIDs and substitution blocks
|
* Correspondence between gost parameter OIDs and substitution blocks
|
||||||
* NID field is filed by register_gost_NID function in engine.c
|
* NID field is filed by register_gost_NID function in engine.c
|
||||||
@ -233,7 +236,7 @@ static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
|||||||
gost_init(&(c->cctx),&Gost28147_CryptoProParamSetA);
|
gost_init(&(c->cctx),&Gost28147_CryptoProParamSetA);
|
||||||
c->key_meshing=1;
|
c->key_meshing=1;
|
||||||
c->count=0;
|
c->count=0;
|
||||||
gost_key(&(c->cctx),key);
|
if(key) gost_key(&(c->cctx),key);
|
||||||
if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
|
if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
|
||||||
memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
|
memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
|
||||||
return 1;
|
return 1;
|
||||||
@ -547,6 +550,7 @@ int gost_imit_init_vizir(EVP_MD_CTX *ctx)
|
|||||||
gost_init(&(c->cctx),&GostR3411_94_CryptoProParamSet);
|
gost_init(&(c->cctx),&GostR3411_94_CryptoProParamSet);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
int gost_imit_init_cpa(EVP_MD_CTX *ctx)
|
int gost_imit_init_cpa(EVP_MD_CTX *ctx)
|
||||||
{
|
{
|
||||||
@ -559,7 +563,7 @@ int gost_imit_init_cpa(EVP_MD_CTX *ctx)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void mac_block_mesh(struct ossl_gost_imit_ctx *c,unsigned char *data)
|
static void mac_block_mesh(struct ossl_gost_imit_ctx *c,const unsigned char *data)
|
||||||
{
|
{
|
||||||
char buffer[8];
|
char buffer[8];
|
||||||
/* We are using local buffer for iv because CryptoPro doesn't
|
/* We are using local buffer for iv because CryptoPro doesn't
|
||||||
@ -579,7 +583,10 @@ int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count)
|
|||||||
struct ossl_gost_imit_ctx *c = ctx->md_data;
|
struct ossl_gost_imit_ctx *c = ctx->md_data;
|
||||||
const unsigned char *p = data;
|
const unsigned char *p = data;
|
||||||
size_t bytes = count,i;
|
size_t bytes = count,i;
|
||||||
if (!(c->key_set)) return 0;
|
if (!(c->key_set)) {
|
||||||
|
GOSTerr(GOST_F_GOST_IMIT_UPDATE, GOST_R_MAC_KEY_NOT_SET);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
if (c->bytes_left)
|
if (c->bytes_left)
|
||||||
{
|
{
|
||||||
for (i=c->bytes_left;i<8&&bytes>0;bytes--,i++,p++)
|
for (i=c->bytes_left;i<8&&bytes>0;bytes--,i++,p++)
|
||||||
@ -623,6 +630,7 @@ int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md)
|
|||||||
mac_block_mesh(c,c->partial_block);
|
mac_block_mesh(c,c->partial_block);
|
||||||
}
|
}
|
||||||
get_mac(c->buffer,32,md);
|
get_mac(c->buffer,32,md);
|
||||||
|
if (!c->key_set) return 0;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -630,13 +638,19 @@ int gost_imit_ctrl(EVP_MD_CTX *ctx,int type, int arg, void *ptr)
|
|||||||
{
|
{
|
||||||
switch (type)
|
switch (type)
|
||||||
{
|
{
|
||||||
case EVP_MD_CTRL_GET_TLS_MAC_KEY_LENGTH:
|
case EVP_MD_CTRL_KEY_LEN:
|
||||||
*((unsigned int*)(ptr)) = 32;
|
*((unsigned int*)(ptr)) = 32;
|
||||||
return 1;
|
return 1;
|
||||||
case EVP_MD_CTRL_SET_KEY:
|
case EVP_MD_CTRL_SET_KEY:
|
||||||
{
|
{
|
||||||
|
if (arg!=32) {
|
||||||
|
GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
gost_key(&(((struct ossl_gost_imit_ctx*)(ctx->md_data))->cctx),ptr) ;
|
gost_key(&(((struct ossl_gost_imit_ctx*)(ctx->md_data))->cctx),ptr) ;
|
||||||
((struct ossl_gost_imit_ctx*)(ctx->md_data))->key_set = 1;
|
((struct ossl_gost_imit_ctx*)(ctx->md_data))->key_set = 1;
|
||||||
|
return 1;
|
||||||
|
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
@ -657,4 +671,3 @@ int gost_imit_cleanup(EVP_MD_CTX *ctx)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|||||||
@ -34,7 +34,7 @@ static int gost_cipher_nids[] =
|
|||||||
{NID_id_Gost28147_89, NID_gost89_cnt,0};
|
{NID_id_Gost28147_89, NID_gost89_cnt,0};
|
||||||
|
|
||||||
static int gost_digest_nids[] =
|
static int gost_digest_nids[] =
|
||||||
{NID_id_GostR3411_94, 0};
|
{NID_id_GostR3411_94,NID_id_Gost28147_89_MAC, 0};
|
||||||
|
|
||||||
static int gost_pkey_meth_nids[] =
|
static int gost_pkey_meth_nids[] =
|
||||||
{NID_id_GostR3410_94_cc, NID_id_GostR3410_94, NID_id_GostR3410_2001_cc,
|
{NID_id_GostR3410_94_cc, NID_id_GostR3410_94, NID_id_GostR3410_2001_cc,
|
||||||
@ -137,6 +137,7 @@ static int bind_gost (ENGINE *e,const char *id)
|
|||||||
|| ! EVP_add_cipher(&cipher_gost)
|
|| ! EVP_add_cipher(&cipher_gost)
|
||||||
|| ! EVP_add_cipher(&cipher_gost_cpacnt)
|
|| ! EVP_add_cipher(&cipher_gost_cpacnt)
|
||||||
|| ! EVP_add_digest(&digest_gost)
|
|| ! EVP_add_digest(&digest_gost)
|
||||||
|
|| ! EVP_add_digest(&imit_gost_cpa)
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
goto end;
|
goto end;
|
||||||
@ -160,14 +161,18 @@ static int gost_digests(ENGINE *e, const EVP_MD **digest,
|
|||||||
if (!digest)
|
if (!digest)
|
||||||
{
|
{
|
||||||
*nids = gost_digest_nids;
|
*nids = gost_digest_nids;
|
||||||
return 1;
|
return 2;
|
||||||
}
|
}
|
||||||
/*printf("Digest no %d requested\n",nid);*/
|
/*printf("Digest no %d requested\n",nid);*/
|
||||||
if(nid == NID_id_GostR3411_94)
|
if(nid == NID_id_GostR3411_94)
|
||||||
{
|
{
|
||||||
*digest = &digest_gost;
|
*digest = &digest_gost;
|
||||||
}
|
}
|
||||||
else
|
else if (nid == NID_id_Gost28147_89_MAC)
|
||||||
|
{
|
||||||
|
*digest = &imit_gost_cpa;
|
||||||
|
}
|
||||||
|
else
|
||||||
{
|
{
|
||||||
ok =0;
|
ok =0;
|
||||||
*digest = NULL;
|
*digest = NULL;
|
||||||
|
|||||||
@ -114,7 +114,8 @@ struct ossl_gost_digest_ctx {
|
|||||||
};
|
};
|
||||||
/* EVP_MD structure for GOST R 34.11 */
|
/* EVP_MD structure for GOST R 34.11 */
|
||||||
extern EVP_MD digest_gost;
|
extern EVP_MD digest_gost;
|
||||||
|
/* EVP_MD structure for GOST 28147 in MAC mode */
|
||||||
|
extern EVP_MD imit_gost_cpa;
|
||||||
/* Cipher context used for EVP_CIPHER operation */
|
/* Cipher context used for EVP_CIPHER operation */
|
||||||
struct ossl_gost_cipher_ctx {
|
struct ossl_gost_cipher_ctx {
|
||||||
int paramNID;
|
int paramNID;
|
||||||
@ -128,7 +129,6 @@ struct gost_cipher_info {
|
|||||||
gost_subst_block *sblock;
|
gost_subst_block *sblock;
|
||||||
int key_meshing;
|
int key_meshing;
|
||||||
};
|
};
|
||||||
#ifdef USE_SSL
|
|
||||||
/* Context for MAC */
|
/* Context for MAC */
|
||||||
struct ossl_gost_imit_ctx {
|
struct ossl_gost_imit_ctx {
|
||||||
gost_ctx cctx;
|
gost_ctx cctx;
|
||||||
@ -139,7 +139,6 @@ struct ossl_gost_imit_ctx {
|
|||||||
int bytes_left;
|
int bytes_left;
|
||||||
int key_set;
|
int key_set;
|
||||||
};
|
};
|
||||||
#endif
|
|
||||||
/* Table which maps parameter NID to S-blocks */
|
/* Table which maps parameter NID to S-blocks */
|
||||||
extern struct gost_cipher_info gost_cipher_list[];
|
extern struct gost_cipher_info gost_cipher_list[];
|
||||||
/* Find encryption params from ASN1_OBJECT */
|
/* Find encryption params from ASN1_OBJECT */
|
||||||
|
|||||||
@ -545,7 +545,7 @@ static int pkey_gost_mac_ctrl (EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
|
|||||||
{
|
{
|
||||||
case EVP_PKEY_CTRL_MD:
|
case EVP_PKEY_CTRL_MD:
|
||||||
{
|
{
|
||||||
if (EVP_MD_type((const EVP_MD *)p2) != NID_id_Gost28147_89_MAC)
|
if (p2 != NULL)
|
||||||
{
|
{
|
||||||
GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_DIGEST_TYPE);
|
GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_DIGEST_TYPE);
|
||||||
return 0;
|
return 0;
|
||||||
@ -591,7 +591,7 @@ static int pkey_gost_mac_ctrl (EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
|
|||||||
} else {
|
} else {
|
||||||
key = &(data->key);
|
key = &(data->key);
|
||||||
}
|
}
|
||||||
return mctx->digest->md_ctrl(mctx,EVP_MD_CTRL_SET_KEY,32,key);
|
return imit_gost_vizir.md_ctrl(mctx,EVP_MD_CTRL_SET_KEY,32,key);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return -2;
|
return -2;
|
||||||
@ -646,27 +646,7 @@ static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
|
|||||||
|
|
||||||
static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
|
static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
|
||||||
{
|
{
|
||||||
void *key;
|
return 1;
|
||||||
struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
|
|
||||||
if (!mctx->digest) return 1;
|
|
||||||
if (!data->key_set)
|
|
||||||
{
|
|
||||||
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
|
|
||||||
if (!pkey)
|
|
||||||
{
|
|
||||||
GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,GOST_R_MAC_KEY_NOT_SET);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
key = EVP_PKEY_get0(pkey);
|
|
||||||
if (!key)
|
|
||||||
{
|
|
||||||
GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,GOST_R_MAC_KEY_NOT_SET);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
key = &(data->key);
|
|
||||||
}
|
|
||||||
return mctx->digest->md_ctrl(mctx,EVP_MD_CTRL_SET_KEY,32,key);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx)
|
static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user