/**********************************************************************
* gost_ec_keyx.c *
+ * *
* Copyright (c) 2005-2013 Cryptocom LTD *
+ * Copyright (c) 2018,2020 Dmitry Belyavskiy <beldmit@gmail.com> *
+ * Copyright (c) 2020 Billy Brumley <bbrumley@gmail.com> *
+ * *
* This file is distributed under the same license as OpenSSL *
* *
- * VK0 34.10-2001 key exchange and GOST R 34.10-2001 *
+ * VK0 R 50.1.113-2016 / RFC 7836 *
+ * KEG R 1323565.1.020-2018 *
+ * VK0 34.10-2001 key exchange and GOST R 34.10-2001 (RFC 4357) *
* based PKCS7/SMIME support *
* Requires OpenSSL 0.9.9 for compilation *
**********************************************************************/
EC_GROUP_get0_order(grp), ctx))
goto err;
- /* these two curves have cofactor 4; the rest have cofactor 1 */
+#if 0
+ /*-
+ * These two curves have cofactor 4; the rest have cofactor 1.
+ * But currently gost_ec_point_mul takes care of the cofactor clearing,
+ * hence this code is not needed.
+ */
switch (EC_GROUP_get_curve_name(grp)) {
case NID_id_tc26_gost_3410_2012_256_paramSetA:
case NID_id_tc26_gost_3410_2012_512_paramSetC:
goto err;
break;
}
+#endif
- if (!EC_POINT_mul(grp, pnt, NULL, pub_key, scalar, ctx)) {
+ if (!gost_ec_point_mul(grp, pnt, NULL, pub_key, scalar, ctx)) {
GOSTerr(GOST_F_VKO_COMPUTE_KEY, GOST_R_ERROR_POINT_MUL);
goto err;
}
}
/*
+ * KEG Algorithm described in R 1323565.1.020-2018 6.4.5.1.
* keyout expected to be 64 bytes
* */
static int gost_keg(const unsigned char *ukm_source, int pkey_nid,
* EVP_PKEY_METHOD callback derive.
* Implements VKO R 34.10-2001/2012 algorithms
*/
+/*
+ * Backend for EVP_PKEY_derive()
+ * It have KEG mode (default) and VKO mode (enable by EVP_PKEY_CTRL_SET_VKO).
+ */
int pkey_gost_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
{
/*
GOSTerr(GOST_F_PKEY_GOST_EC_DERIVE, GOST_R_UKM_NOT_SET);
return 0;
}
+
+ /* VKO */
+ if (data->vko_dgst_nid) {
+ if (!key) {
+ *keylen = data->vko_dgst_nid == NID_id_GostR3411_2012_256? 32 : 64;
+ return 1;
+ }
+ *keylen = VKO_compute_key(key,
+ EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)),
+ (EC_KEY *)EVP_PKEY_get0(my_key),
+ data->shared_ukm, data->shared_ukm_size,
+ data->vko_dgst_nid);
+ return (*keylen) ? 1 : 0;
+ }
+
/*
* shared_ukm_size = 8 stands for pre-2018 cipher suites
* It means 32 bytes of key length, 8 byte UKM, 32-bytes hash
*
- * shared_ukm_size = 32 stands for pre-2018 cipher suites
+ * shared_ukm_size = 32 stands for post-2018 cipher suites
* It means 64 bytes of shared_key, 16 bytes of UKM and either
* 64 bytes of hash or 64 bytes of TLSTREE output
* */
*keylen = 32;
return 1;
}
-
EVP_PKEY_get_default_digest_nid(my_key, &dgst_nid);
if (dgst_nid == NID_id_GostR3411_2012_512)
dgst_nid = NID_id_GostR3411_2012_256;
EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx);
struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
int pkey_nid = EVP_PKEY_base_id(pubk);
- ASN1_OBJECT *crypt_params_obj = (pkey_nid == NID_id_GostR3410_2001) ?
+ ASN1_OBJECT *crypt_params_obj = (pkey_nid == NID_id_GostR3410_2001 || pkey_nid == NID_id_GostR3410_2001DH) ?
OBJ_nid2obj(NID_id_Gost28147_89_CryptoPro_A_ParamSet) :
OBJ_nid2obj(NID_id_tc26_gost_28147_param_Z);
const struct gost_cipher_info *param =
o q * Q_eph is not equal to zero point.
*/
+ if (eph_key == NULL || priv == NULL || data == NULL) {
+ GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT,
+ GOST_R_ERROR_COMPUTING_EXPORT_KEYS);
+ ret = 0;
+ goto err;
+ }
+
if (data->shared_ukm_size == 0 && pst->ukm != NULL) {
if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_SET_IV,
ASN1_STRING_length(pst->ukm), (void *)ASN1_STRING_get0_data(pst->ukm)) < 0) {
return -1;
}
}
+/* vim: set expandtab cinoptions=\:0,l1,t0,g0,(0 sw=4 : */
projects / openssl-gost / engine.git / blobdiff