From 7e78d8dc6bbdbc28dff29ec506244f6cc93410b8 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Fri, 1 May 2020 03:18:59 +0300 Subject: [PATCH] pkeyutl -derive support Support of pkeyutl -pkeyopt ukmhex:0102030405060708 syntax --- e_gost_err.c | 77 ++------------------------------ e_gost_err.h | 124 +++++++++++++++++++++++++++------------------------ gost.txt | 3 +- gost_lcl.h | 1 + gost_pmeth.c | 27 ++++++++++- 5 files changed, 97 insertions(+), 135 deletions(-) diff --git a/e_gost_err.c b/e_gost_err.c index 00cdd87..d3cee85 100644 --- a/e_gost_err.c +++ b/e_gost_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,76 +13,6 @@ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA GOST_str_functs[] = { - {ERR_PACK(0, GOST_F_DECODE_GOST_ALGOR_PARAMS, 0), - "decode_gost_algor_params"}, - {ERR_PACK(0, GOST_F_ENCODE_GOST_ALGOR_PARAMS, 0), - "encode_gost_algor_params"}, - {ERR_PACK(0, GOST_F_FILL_GOST_EC_PARAMS, 0), "fill_GOST_EC_params"}, - {ERR_PACK(0, GOST_F_GET_ENCRYPTION_PARAMS, 0), "get_encryption_params"}, - {ERR_PACK(0, GOST_F_GOST89_GET_ASN1_PARAMETERS, 0), - "gost89_get_asn1_parameters"}, - {ERR_PACK(0, GOST_F_GOST89_SET_ASN1_PARAMETERS, 0), - "gost89_set_asn1_parameters"}, - {ERR_PACK(0, GOST_F_GOST_CIPHER_CTL, 0), "gost_cipher_ctl"}, - {ERR_PACK(0, GOST_F_GOST_EC_COMPUTE_PUBLIC, 0), "gost_ec_compute_public"}, - {ERR_PACK(0, GOST_F_GOST_EC_KEYGEN, 0), "gost_ec_keygen"}, - {ERR_PACK(0, GOST_F_GOST_EC_SIGN, 0), "gost_ec_sign"}, - {ERR_PACK(0, GOST_F_GOST_EC_VERIFY, 0), "gost_ec_verify"}, - {ERR_PACK(0, GOST_F_GOST_GRASSHOPPER_CIPHER_CTL, 0), - "gost_grasshopper_cipher_ctl"}, - {ERR_PACK(0, GOST_F_GOST_GRASSHOPPER_SET_ASN1_PARAMETERS, 0), - "gost_grasshopper_set_asn1_parameters"}, - {ERR_PACK(0, GOST_F_GOST_IMIT_CTRL, 0), "gost_imit_ctrl"}, - {ERR_PACK(0, GOST_F_GOST_IMIT_FINAL, 0), "gost_imit_final"}, - {ERR_PACK(0, GOST_F_GOST_IMIT_UPDATE, 0), "gost_imit_update"}, - {ERR_PACK(0, GOST_F_GOST_KDFTREE2012_256, 0), "gost_kdftree2012_256"}, - {ERR_PACK(0, GOST_F_GOST_KEXP15, 0), "gost_kexp15"}, - {ERR_PACK(0, GOST_F_GOST_KIMP15, 0), "gost_kimp15"}, - {ERR_PACK(0, GOST_F_OMAC_ACPKM_IMIT_CTRL, 0), "omac_acpkm_imit_ctrl"}, - {ERR_PACK(0, GOST_F_OMAC_ACPKM_IMIT_FINAL, 0), "omac_acpkm_imit_final"}, - {ERR_PACK(0, GOST_F_OMAC_ACPKM_IMIT_UPDATE, 0), "omac_acpkm_imit_update"}, - {ERR_PACK(0, GOST_F_OMAC_ACPKM_KEY, 0), "omac_acpkm_key"}, - {ERR_PACK(0, GOST_F_OMAC_IMIT_CTRL, 0), "omac_imit_ctrl"}, - {ERR_PACK(0, GOST_F_OMAC_IMIT_FINAL, 0), "omac_imit_final"}, - {ERR_PACK(0, GOST_F_OMAC_IMIT_UPDATE, 0), "omac_imit_update"}, - {ERR_PACK(0, GOST_F_OMAC_KEY, 0), "omac_key"}, - {ERR_PACK(0, GOST_F_PARAM_COPY_GOST_EC, 0), "param_copy_gost_ec"}, - {ERR_PACK(0, GOST_F_PKEY_GOST2001_PARAMGEN, 0), "pkey_gost2001_paramgen"}, - {ERR_PACK(0, GOST_F_PKEY_GOST2012_PARAMGEN, 0), "pkey_gost2012_paramgen"}, - {ERR_PACK(0, GOST_F_PKEY_GOST2018_DECRYPT, 0), "pkey_gost2018_decrypt"}, - {ERR_PACK(0, GOST_F_PKEY_GOST2018_ENCRYPT, 0), "pkey_gost2018_encrypt"}, - {ERR_PACK(0, GOST_F_PKEY_GOST_CTRL, 0), "pkey_gost_ctrl"}, - {ERR_PACK(0, GOST_F_PKEY_GOST_DECRYPT, 0), "pkey_gost_decrypt"}, - {ERR_PACK(0, GOST_F_PKEY_GOST_ECCP_DECRYPT, 0), "pkey_GOST_ECcp_decrypt"}, - {ERR_PACK(0, GOST_F_PKEY_GOST_ECCP_ENCRYPT, 0), "pkey_GOST_ECcp_encrypt"}, - {ERR_PACK(0, GOST_F_PKEY_GOST_EC_CTRL_STR_256, 0), - "pkey_gost_ec_ctrl_str_256"}, - {ERR_PACK(0, GOST_F_PKEY_GOST_EC_CTRL_STR_512, 0), - "pkey_gost_ec_ctrl_str_512"}, - {ERR_PACK(0, GOST_F_PKEY_GOST_EC_DERIVE, 0), "pkey_gost_ec_derive"}, - {ERR_PACK(0, GOST_F_PKEY_GOST_ENCRYPT, 0), "pkey_gost_encrypt"}, - {ERR_PACK(0, GOST_F_PKEY_GOST_GRASSHOPPER_MAC_SIGNCTX_INIT, 0), - "pkey_gost_grasshopper_mac_signctx_init"}, - {ERR_PACK(0, GOST_F_PKEY_GOST_MAC_CTRL, 0), "pkey_gost_mac_ctrl"}, - {ERR_PACK(0, GOST_F_PKEY_GOST_MAC_CTRL_STR, 0), "pkey_gost_mac_ctrl_str"}, - {ERR_PACK(0, GOST_F_PKEY_GOST_MAC_KEYGEN_BASE, 0), - "pkey_gost_mac_keygen_base"}, - {ERR_PACK(0, GOST_F_PKEY_GOST_MAC_SIGNCTX_INIT, 0), - "pkey_gost_mac_signctx_init"}, - {ERR_PACK(0, GOST_F_PKEY_GOST_MAGMA_MAC_SIGNCTX_INIT, 0), - "pkey_gost_magma_mac_signctx_init"}, - {ERR_PACK(0, GOST_F_PKEY_GOST_OMAC_CTRL, 0), "pkey_gost_omac_ctrl"}, - {ERR_PACK(0, GOST_F_PKEY_GOST_OMAC_CTRL_STR, 0), "pkey_gost_omac_ctrl_str"}, - {ERR_PACK(0, GOST_F_PRINT_GOST_EC_PUB, 0), "print_gost_ec_pub"}, - {ERR_PACK(0, GOST_F_PRIV_DECODE_GOST, 0), "priv_decode_gost"}, - {ERR_PACK(0, GOST_F_PUB_DECODE_GOST_EC, 0), "pub_decode_gost_ec"}, - {ERR_PACK(0, GOST_F_PUB_ENCODE_GOST_EC, 0), "pub_encode_gost_ec"}, - {ERR_PACK(0, GOST_F_UNPACK_CP_SIGNATURE, 0), "unpack_cp_signature"}, - {ERR_PACK(0, GOST_F_VKO_COMPUTE_KEY, 0), "VKO_compute_key"}, - {0, NULL} -}; - static ERR_STRING_DATA GOST_str_reasons[] = { {ERR_PACK(0, 0, GOST_R_BAD_KEY_PARAMETERS_FORMAT), "bad key parameters format"}, @@ -148,7 +78,6 @@ int ERR_load_GOST_strings(void) if (!error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_load_strings(lib_code, GOST_str_functs); ERR_load_strings(lib_code, GOST_str_reasons); #endif error_loaded = 1; @@ -160,7 +89,6 @@ void ERR_unload_GOST_strings(void) { if (error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(lib_code, GOST_str_functs); ERR_unload_strings(lib_code, GOST_str_reasons); #endif error_loaded = 0; @@ -171,5 +99,6 @@ void ERR_GOST_error(int function, int reason, char *file, int line) { if (lib_code == 0) lib_code = ERR_get_next_error_library(); - ERR_PUT_error(lib_code, function, reason, file, line); + ERR_raise(lib_code, reason); + ERR_set_debug(file, line, NULL); } diff --git a/e_gost_err.h b/e_gost_err.h index c5c9733..fe1f365 100644 --- a/e_gost_err.h +++ b/e_gost_err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,10 +8,15 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_GOSTERR_H -# define HEADER_GOSTERR_H +#ifndef OPENSSL_GOSTERR_H +# define OPENSSL_GOSTERR_H +# pragma once -# define GOSTerr(f, r) ERR_GOST_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) +# include +# include + + +# define GOSTerr(f, r) ERR_GOST_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) # ifdef __cplusplus @@ -27,60 +32,63 @@ void ERR_GOST_error(int function, int reason, char *file, int line); /* * GOST function codes. */ -# define GOST_F_DECODE_GOST_ALGOR_PARAMS 100 -# define GOST_F_ENCODE_GOST_ALGOR_PARAMS 101 -# define GOST_F_FILL_GOST_EC_PARAMS 102 -# define GOST_F_GET_ENCRYPTION_PARAMS 103 -# define GOST_F_GOST89_GET_ASN1_PARAMETERS 104 -# define GOST_F_GOST89_SET_ASN1_PARAMETERS 105 -# define GOST_F_GOST_CIPHER_CTL 106 -# define GOST_F_GOST_EC_COMPUTE_PUBLIC 107 -# define GOST_F_GOST_EC_KEYGEN 108 -# define GOST_F_GOST_EC_SIGN 109 -# define GOST_F_GOST_EC_VERIFY 110 -# define GOST_F_GOST_GRASSHOPPER_CIPHER_CTL 111 -# define GOST_F_GOST_GRASSHOPPER_SET_ASN1_PARAMETERS 112 -# define GOST_F_GOST_IMIT_CTRL 113 -# define GOST_F_GOST_IMIT_FINAL 114 -# define GOST_F_GOST_IMIT_UPDATE 115 -# define GOST_F_GOST_KDFTREE2012_256 149 -# define GOST_F_GOST_KEXP15 143 -# define GOST_F_GOST_KIMP15 148 -# define GOST_F_OMAC_ACPKM_IMIT_CTRL 144 -# define GOST_F_OMAC_ACPKM_IMIT_FINAL 145 -# define GOST_F_OMAC_ACPKM_IMIT_UPDATE 146 -# define GOST_F_OMAC_ACPKM_KEY 147 -# define GOST_F_OMAC_IMIT_CTRL 116 -# define GOST_F_OMAC_IMIT_FINAL 117 -# define GOST_F_OMAC_IMIT_UPDATE 118 -# define GOST_F_OMAC_KEY 138 -# define GOST_F_PARAM_COPY_GOST_EC 119 -# define GOST_F_PKEY_GOST2001_PARAMGEN 120 -# define GOST_F_PKEY_GOST2012_PARAMGEN 121 -# define GOST_F_PKEY_GOST2018_DECRYPT 150 -# define GOST_F_PKEY_GOST2018_ENCRYPT 151 -# define GOST_F_PKEY_GOST_CTRL 122 -# define GOST_F_PKEY_GOST_DECRYPT 153 -# define GOST_F_PKEY_GOST_ECCP_DECRYPT 123 -# define GOST_F_PKEY_GOST_ECCP_ENCRYPT 124 -# define GOST_F_PKEY_GOST_EC_CTRL_STR_256 125 -# define GOST_F_PKEY_GOST_EC_CTRL_STR_512 126 -# define GOST_F_PKEY_GOST_EC_DERIVE 127 -# define GOST_F_PKEY_GOST_ENCRYPT 152 -# define GOST_F_PKEY_GOST_GRASSHOPPER_MAC_SIGNCTX_INIT 141 -# define GOST_F_PKEY_GOST_MAC_CTRL 128 -# define GOST_F_PKEY_GOST_MAC_CTRL_STR 129 -# define GOST_F_PKEY_GOST_MAC_KEYGEN_BASE 130 -# define GOST_F_PKEY_GOST_MAC_SIGNCTX_INIT 131 -# define GOST_F_PKEY_GOST_MAGMA_MAC_SIGNCTX_INIT 142 -# define GOST_F_PKEY_GOST_OMAC_CTRL 139 -# define GOST_F_PKEY_GOST_OMAC_CTRL_STR 140 -# define GOST_F_PRINT_GOST_EC_PUB 132 -# define GOST_F_PRIV_DECODE_GOST 133 -# define GOST_F_PUB_DECODE_GOST_EC 134 -# define GOST_F_PUB_ENCODE_GOST_EC 135 -# define GOST_F_UNPACK_CP_SIGNATURE 136 -# define GOST_F_VKO_COMPUTE_KEY 137 +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define GOST_F_DECODE_GOST_ALGOR_PARAMS 0 +# define GOST_F_ENCODE_GOST_ALGOR_PARAMS 0 +# define GOST_F_FILL_GOST_EC_PARAMS 0 +# define GOST_F_GET_ENCRYPTION_PARAMS 0 +# define GOST_F_GOST89_GET_ASN1_PARAMETERS 0 +# define GOST_F_GOST89_SET_ASN1_PARAMETERS 0 +# define GOST_F_GOST_CIPHER_CTL 0 +# define GOST_F_GOST_EC_COMPUTE_PUBLIC 0 +# define GOST_F_GOST_EC_KEYGEN 0 +# define GOST_F_GOST_EC_SIGN 0 +# define GOST_F_GOST_EC_VERIFY 0 +# define GOST_F_GOST_GRASSHOPPER_CIPHER_CTL 0 +# define GOST_F_GOST_GRASSHOPPER_SET_ASN1_PARAMETERS 0 +# define GOST_F_GOST_IMIT_CTRL 0 +# define GOST_F_GOST_IMIT_FINAL 0 +# define GOST_F_GOST_IMIT_UPDATE 0 +# define GOST_F_GOST_KDFTREE2012_256 0 +# define GOST_F_GOST_KEXP15 0 +# define GOST_F_GOST_KIMP15 0 +# define GOST_F_OMAC_ACPKM_IMIT_CTRL 0 +# define GOST_F_OMAC_ACPKM_IMIT_FINAL 0 +# define GOST_F_OMAC_ACPKM_IMIT_UPDATE 0 +# define GOST_F_OMAC_ACPKM_KEY 0 +# define GOST_F_OMAC_IMIT_CTRL 0 +# define GOST_F_OMAC_IMIT_FINAL 0 +# define GOST_F_OMAC_IMIT_UPDATE 0 +# define GOST_F_OMAC_KEY 0 +# define GOST_F_PARAM_COPY_GOST_EC 0 +# define GOST_F_PKEY_GOST2001_PARAMGEN 0 +# define GOST_F_PKEY_GOST2012_PARAMGEN 0 +# define GOST_F_PKEY_GOST2018_DECRYPT 0 +# define GOST_F_PKEY_GOST2018_ENCRYPT 0 +# define GOST_F_PKEY_GOST_CTRL 0 +# define GOST_F_PKEY_GOST_DECRYPT 0 +# define GOST_F_PKEY_GOST_ECCP_DECRYPT 0 +# define GOST_F_PKEY_GOST_ECCP_ENCRYPT 0 +# define GOST_F_PKEY_GOST_EC_CTRL_STR_256 0 +# define GOST_F_PKEY_GOST_EC_CTRL_STR_512 0 +# define GOST_F_PKEY_GOST_EC_CTRL_STR_COMMON 0 +# define GOST_F_PKEY_GOST_EC_DERIVE 0 +# define GOST_F_PKEY_GOST_ENCRYPT 0 +# define GOST_F_PKEY_GOST_GRASSHOPPER_MAC_SIGNCTX_INIT 0 +# define GOST_F_PKEY_GOST_MAC_CTRL 0 +# define GOST_F_PKEY_GOST_MAC_CTRL_STR 0 +# define GOST_F_PKEY_GOST_MAC_KEYGEN_BASE 0 +# define GOST_F_PKEY_GOST_MAC_SIGNCTX_INIT 0 +# define GOST_F_PKEY_GOST_MAGMA_MAC_SIGNCTX_INIT 0 +# define GOST_F_PKEY_GOST_OMAC_CTRL 0 +# define GOST_F_PKEY_GOST_OMAC_CTRL_STR 0 +# define GOST_F_PRINT_GOST_EC_PUB 0 +# define GOST_F_PRIV_DECODE_GOST 0 +# define GOST_F_PUB_DECODE_GOST_EC 0 +# define GOST_F_PUB_ENCODE_GOST_EC 0 +# define GOST_F_UNPACK_CP_SIGNATURE 0 +# define GOST_F_VKO_COMPUTE_KEY 0 +# endif /* * GOST reason codes. diff --git a/gost.txt b/gost.txt index 15d986b..e57c000 100644 --- a/gost.txt +++ b/gost.txt @@ -1,4 +1,4 @@ -# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -45,6 +45,7 @@ GOST_F_PKEY_GOST_ECCP_DECRYPT:123:pkey_GOST_ECcp_decrypt GOST_F_PKEY_GOST_ECCP_ENCRYPT:124:pkey_GOST_ECcp_encrypt GOST_F_PKEY_GOST_EC_CTRL_STR_256:125:pkey_gost_ec_ctrl_str_256 GOST_F_PKEY_GOST_EC_CTRL_STR_512:126:pkey_gost_ec_ctrl_str_512 +GOST_F_PKEY_GOST_EC_CTRL_STR_COMMON:154: GOST_F_PKEY_GOST_EC_DERIVE:127:pkey_gost_ec_derive GOST_F_PKEY_GOST_ENCRYPT:152:pkey_gost_encrypt GOST_F_PKEY_GOST_GRASSHOPPER_MAC_SIGNCTX_INIT:141:\ diff --git a/gost_lcl.h b/gost_lcl.h index 08120b5..4322c4e 100644 --- a/gost_lcl.h +++ b/gost_lcl.h @@ -55,6 +55,7 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags); /* Gost-specific pmeth control-function parameters */ /* For GOST R34.10 parameters */ # define param_ctrl_string "paramset" +# define ukm_ctrl_string "ukmhex" # define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL+1) /* For GOST 28147 MAC */ # define key_ctrl_string "key" diff --git a/gost_pmeth.c b/gost_pmeth.c index 4713e3c..6442644 100644 --- a/gost_pmeth.c +++ b/gost_pmeth.c @@ -177,6 +177,28 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return -2; } +static int pkey_gost_ec_ctrl_str_common(EVP_PKEY_CTX *ctx, + const char *type, const char *value) +{ + if (0 == strcmp(type, ukm_ctrl_string)) { + unsigned char ukm_buf[32], *tmp = NULL; + long len = 0; + tmp = OPENSSL_hexstr2buf(value, &len); + if (tmp == NULL) + return 0; + + if (len > 32) { + OPENSSL_free(tmp); + GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_COMMON, GOST_R_CTRL_CALL_FAILED); + return 0; + } + memcpy(ukm_buf, tmp, len); + + return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_SET_IV, len, ukm_buf); + } + return -2; +} + static int pkey_gost_ec_ctrl_str_256(EVP_PKEY_CTX *ctx, const char *type, const char *value) { @@ -254,7 +276,8 @@ static int pkey_gost_ec_ctrl_str_256(EVP_PKEY_CTX *ctx, return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, param_nid, NULL); } - return -2; + + return pkey_gost_ec_ctrl_str_common(ctx, type, value); } static int pkey_gost_ec_ctrl_str_512(EVP_PKEY_CTX *ctx, @@ -263,7 +286,7 @@ static int pkey_gost_ec_ctrl_str_512(EVP_PKEY_CTX *ctx, int param_nid = NID_undef; if (strcmp(type, param_ctrl_string)) - return -2; + return pkey_gost_ec_ctrl_str_common(ctx, type, value); if (!value) return 0; -- 2.39.2