1 /**********************************************************************
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
6 * Implementation of RFC 4490/4491 ASN1 method *
8 * Requires OpenSSL 0.9.9 for compilation *
9 **********************************************************************/
11 #include <openssl/crypto.h>
12 #include <openssl/err.h>
13 #include <openssl/engine.h>
14 #include <openssl/evp.h>
15 #include <openssl/asn1.h>
16 #ifndef OPENSSL_NO_CMS
17 # include <openssl/cms.h>
20 #include "e_gost_err.h"
22 #define PK_WRAP_PARAM "LEGACY_PK_WRAP"
25 * Pack bignum into byte buffer of given size, filling all leading bytes by
28 int store_bignum(const BIGNUM *bn, unsigned char *buf, int len)
30 int bytes = BN_num_bytes(bn);
35 BN_bn2bin(bn, buf + len - bytes);
39 static int pkey_bits_gost(const EVP_PKEY *pk)
44 switch (EVP_PKEY_base_id(pk)) {
45 case NID_id_GostR3410_2001:
46 case NID_id_GostR3410_2012_256:
48 case NID_id_GostR3410_2012_512:
55 static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key)
57 ASN1_STRING *params = ASN1_STRING_new();
58 GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
59 int pkey_param_nid = NID_undef;
60 void *key_ptr = EVP_PKEY_get0((EVP_PKEY *)key);
63 if (!params || !gkp) {
64 GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE);
67 switch (EVP_PKEY_base_id(key)) {
68 case NID_id_GostR3410_2012_256:
69 pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr));
70 switch (pkey_param_nid) {
71 case NID_id_GostR3410_2001_TestParamSet:
72 case NID_id_GostR3410_2001_CryptoPro_A_ParamSet:
73 case NID_id_GostR3410_2001_CryptoPro_B_ParamSet:
74 case NID_id_GostR3410_2001_CryptoPro_C_ParamSet:
75 case NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet:
76 case NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet:
77 gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_256);
80 case NID_id_GostR3410_2012_512:
81 pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr));
82 switch (pkey_param_nid) {
83 case NID_id_tc26_gost_3410_2012_512_paramSetTest:
84 case NID_id_tc26_gost_3410_2012_512_paramSetA:
85 case NID_id_tc26_gost_3410_2012_512_paramSetB:
86 gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_512);
89 case NID_id_GostR3410_2001:
90 pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr));
91 gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet);
95 if (pkey_param_nid == NID_undef) {
96 GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, GOST_R_INVALID_PARAMSET);
100 gkp->key_params = OBJ_nid2obj(pkey_param_nid);
102 * gkp->cipher_params = OBJ_nid2obj(cipher_param_nid);
104 params->length = i2d_GOST_KEY_PARAMS(gkp, ¶ms->data);
105 if (params->length <= 0) {
106 GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE);
109 params->type = V_ASN1_SEQUENCE;
113 GOST_KEY_PARAMS_free(gkp);
114 if (result == 0) { /* if error */
116 ASN1_STRING_free(params);
122 static int gost_decode_nid_params(EVP_PKEY *pkey, int pkey_nid, int param_nid)
124 void *key_ptr = EVP_PKEY_get0(pkey);
127 case NID_id_GostR3410_2012_256:
128 case NID_id_GostR3410_2012_512:
129 case NID_id_GostR3410_2001:
131 key_ptr = EC_KEY_new();
132 if (!EVP_PKEY_assign(pkey, pkey_nid, key_ptr)) {
133 EC_KEY_free(key_ptr);
137 return fill_GOST_EC_params(key_ptr, param_nid);
144 * Parses GOST algorithm parameters from X509_ALGOR and modifies pkey setting
147 static int decode_gost_algor_params(EVP_PKEY *pkey,
148 const X509_ALGOR *palg)
150 const ASN1_OBJECT *palg_obj = NULL;
151 int ptype = V_ASN1_UNDEF;
152 int pkey_nid = NID_undef, param_nid = NID_undef;
153 ASN1_STRING *pval = NULL;
154 const unsigned char *p;
155 GOST_KEY_PARAMS *gkp = NULL;
159 X509_ALGOR_get0(&palg_obj, &ptype, (const void **)&pval, palg);
160 if (ptype != V_ASN1_SEQUENCE) {
161 GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS,
162 GOST_R_BAD_KEY_PARAMETERS_FORMAT);
166 pkey_nid = OBJ_obj2nid(palg_obj);
168 gkp = d2i_GOST_KEY_PARAMS(NULL, &p, pval->length);
170 GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS,
171 GOST_R_BAD_PKEY_PARAMETERS_FORMAT);
174 param_nid = OBJ_obj2nid(gkp->key_params);
175 GOST_KEY_PARAMS_free(gkp);
176 if (!EVP_PKEY_set_type(pkey, pkey_nid)) {
177 GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS, ERR_R_INTERNAL_ERROR);
180 return gost_decode_nid_params(pkey, pkey_nid, param_nid);
183 static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv)
185 switch (EVP_PKEY_base_id(pkey)) {
186 case NID_id_GostR3410_2012_512:
187 case NID_id_GostR3410_2012_256:
188 case NID_id_GostR3410_2001:
190 EC_KEY *ec = EVP_PKEY_get0(pkey);
193 EVP_PKEY_assign(pkey, EVP_PKEY_base_id(pkey), ec);
195 if (!EC_KEY_set_private_key(ec, priv))
197 if (!EVP_PKEY_missing_parameters(pkey))
198 return gost_ec_compute_public(ec);
207 BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey)
209 switch (EVP_PKEY_base_id(pkey)) {
210 case NID_id_GostR3410_2012_512:
211 case NID_id_GostR3410_2012_256:
212 case NID_id_GostR3410_2001:
214 EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
216 return (BIGNUM *)EC_KEY_get0_private_key(ec);
224 * GOST CMS processing functions
226 /* FIXME reaarange declarations */
227 static int pub_decode_gost_ec(EVP_PKEY *pk, const X509_PUBKEY *pub);
229 static int gost_cms_set_kari_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
233 ASN1_OCTET_STRING *ukm;
235 /* Deal with originator */
236 X509_ALGOR *pubalg = NULL;
237 ASN1_BIT_STRING *pubkey = NULL;
239 EVP_PKEY *peer_key = NULL;
240 X509_PUBKEY *tmp = NULL;
243 unsigned char shared_key[64];
244 size_t shared_key_size = 64;
245 const EVP_CIPHER *cipher = NULL;
247 if (CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm) == 0)
250 if (CMS_RecipientInfo_kari_get0_orig_id(ri, &pubalg, &pubkey, NULL, NULL, NULL) == 0)
253 nid = OBJ_obj2nid(alg->algorithm);
254 if (alg->parameter->type != V_ASN1_SEQUENCE)
258 case NID_kuznyechik_kexp15:
259 case NID_magma_kexp15:
260 cipher = EVP_get_cipherbynid(nid);
264 if (cipher == NULL) {
265 GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, GOST_R_CIPHER_NOT_FOUND);
269 if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_SET_IV,
270 ASN1_STRING_length(ukm), (void *)ASN1_STRING_get0_data(ukm)) <= 0)
273 if (pubkey != NULL && pubalg != NULL) {
274 const ASN1_OBJECT *paobj = NULL;
276 const void *param = NULL;
278 peer_key = EVP_PKEY_new();
279 tmp = X509_PUBKEY_new();
281 if ((peer_key == NULL) || (tmp == NULL)) {
282 GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, ERR_R_MALLOC_FAILURE);
286 X509_ALGOR_get0(&paobj, &ptype, ¶m, pubalg);
288 if (X509_PUBKEY_set0_param(tmp, (ASN1_OBJECT *)paobj,
289 ptype, (void *)param,
290 (unsigned char *)ASN1_STRING_get0_data(pubkey),
291 ASN1_STRING_length(pubkey) ) == 0) {
292 GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, GOST_R_PUBLIC_KEY_UNDEFINED);
296 if (pub_decode_gost_ec(peer_key, tmp) <= 0) {
297 GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, GOST_R_ERROR_DECODING_PUBLIC_KEY);
301 if (EVP_PKEY_derive_set_peer(pctx, peer_key) <= 0) {
302 GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, GOST_R_ERROR_SETTING_PEER_KEY);
307 if (EVP_PKEY_derive(pctx, shared_key, &shared_key_size) <= 0) {
308 GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, GOST_R_ERROR_COMPUTING_SHARED_KEY);
312 EVP_CIPHER_CTX_set_flags(CMS_RecipientInfo_kari_get0_ctx(ri), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
313 if (EVP_DecryptInit_ex(CMS_RecipientInfo_kari_get0_ctx(ri), cipher, NULL,
314 shared_key, ukm->data+24) == 0)
319 EVP_PKEY_free(peer_key);
321 X509_PUBKEY_free(tmp);
327 static int gost_cms_set_ktri_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
330 struct gost_pmeth_data *gctx = EVP_PKEY_CTX_get_data(pctx);
332 CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg);
334 switch (OBJ_obj2nid(alg->algorithm)) {
335 case NID_kuznyechik_kexp15:
336 gctx->cipher_nid = NID_kuznyechik_ctr;
339 case NID_magma_kexp15:
340 gctx->cipher_nid = NID_magma_ctr;
343 case NID_id_GostR3410_2001:
344 case NID_id_GostR3410_2001DH:
345 case NID_id_GostR3410_2012_256:
346 case NID_id_GostR3410_2012_512:
347 gctx->cipher_nid = NID_id_Gost28147_89;
351 GOSTerr(GOST_F_GOST_CMS_SET_KTRI_SHARED_INFO, GOST_R_UNSUPPORTED_RECIPIENT_INFO);
358 static int gost_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
360 switch(CMS_RecipientInfo_type(ri)) {
361 case CMS_RECIPINFO_AGREE:
362 return gost_cms_set_kari_shared_info(pctx, ri);
364 case CMS_RECIPINFO_TRANS:
365 return gost_cms_set_ktri_shared_info(pctx, ri);
369 GOSTerr(GOST_F_GOST_CMS_SET_SHARED_INFO, GOST_R_UNSUPPORTED_RECIPIENT_INFO);
373 static ASN1_STRING *gost_encode_cms_params(int ka_nid)
375 ASN1_STRING *ret = NULL;
376 ASN1_STRING *params = ASN1_STRING_new();
378 /* It's a hack. We have only one OID here, so we can use
379 * GOST_KEY_PARAMS which is a sequence of 3 OIDs,
380 * the 1st one is mandatory and the rest are optional */
381 GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
383 if (params == NULL || gkp == NULL) {
384 GOSTerr(GOST_F_GOST_ENCODE_CMS_PARAMS, ERR_R_MALLOC_FAILURE);
388 gkp->key_params = OBJ_nid2obj(ka_nid);
389 params->length = i2d_GOST_KEY_PARAMS(gkp, ¶ms->data);
391 if (params->length < 0) {
392 GOSTerr(GOST_F_GOST_ENCODE_CMS_PARAMS, ERR_R_MALLOC_FAILURE);
396 params->type = V_ASN1_SEQUENCE;
400 GOST_KEY_PARAMS_free(gkp);
403 ASN1_STRING_free(params);
411 static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
413 int nid = EVP_PKEY_base_id(pkey), md_nid = NID_undef;
414 X509_ALGOR *alg1 = NULL, *alg2 = NULL;
417 case NID_id_GostR3410_2012_512:
418 md_nid = NID_id_GostR3411_2012_512;
420 case NID_id_GostR3410_2012_256:
421 md_nid = NID_id_GostR3411_2012_256;
423 case NID_id_GostR3410_2001:
424 case NID_id_GostR3410_94:
425 md_nid = NID_id_GostR3411_94;
432 case ASN1_PKEY_CTRL_PKCS7_SIGN:
434 PKCS7_SIGNER_INFO_get0_algs((PKCS7_SIGNER_INFO *)arg2, NULL,
436 X509_ALGOR_set0(alg1, OBJ_nid2obj(md_nid), V_ASN1_NULL, 0);
437 X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
440 #ifndef OPENSSL_NO_CMS
441 case ASN1_PKEY_CTRL_CMS_SIGN:
443 CMS_SignerInfo_get0_algs((CMS_SignerInfo *)arg2, NULL, NULL,
445 X509_ALGOR_set0(alg1, OBJ_nid2obj(md_nid), V_ASN1_NULL, 0);
446 X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
450 case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
451 if (arg1 == 0) { /* Encryption */
452 ASN1_STRING *params = encode_gost_algor_params(pkey);
456 PKCS7_RECIP_INFO_get0_alg((PKCS7_RECIP_INFO *)arg2, &alg1);
457 X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_id(pkey)),
458 V_ASN1_SEQUENCE, params);
461 #ifndef OPENSSL_NO_CMS
462 case ASN1_PKEY_CTRL_CMS_ENVELOPE:
465 CMS_RecipientInfo *ri = arg2;
467 struct gost_pmeth_data *gctx = NULL;
468 ASN1_STRING *params = NULL;
470 pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
474 gctx = EVP_PKEY_CTX_get_data(pctx);
476 switch (gctx->cipher_nid) {
478 case NID_kuznyechik_ctr:
482 nid = (gctx->cipher_nid == NID_magma_ctr) ? NID_magma_kexp15 :
483 NID_kuznyechik_kexp15;
485 ka_nid = (EVP_PKEY_base_id(pkey) == NID_id_GostR3410_2012_256) ?
486 NID_id_tc26_agreement_gost_3410_2012_256 : NID_id_tc26_agreement_gost_3410_2012_512;
488 params = gost_encode_cms_params(ka_nid);
492 params = encode_gost_algor_params(pkey);
499 CMS_RecipientInfo_ktri_get0_algs((CMS_RecipientInfo *)arg2, NULL,
501 X509_ALGOR_set0(alg1, OBJ_nid2obj(nid), V_ASN1_SEQUENCE, params);
504 CMS_RecipientInfo *ri = arg2;
505 pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
508 return gost_cms_set_shared_info(pctx, ri);
511 #ifdef ASN1_PKEY_CTRL_CMS_RI_TYPE
512 case ASN1_PKEY_CTRL_CMS_RI_TYPE:
513 *(int *)arg2 = CMS_RECIPINFO_TRANS;
515 case ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED:
516 if (arg1 == CMS_RECIPINFO_AGREE || arg1 == CMS_RECIPINFO_TRANS) {
525 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
526 *(int *)arg2 = md_nid;
533 /* --------------------- free functions * ------------------------------*/
534 static void pkey_free_gost_ec(EVP_PKEY *key)
536 EC_KEY_free((EC_KEY *)EVP_PKEY_get0(key));
539 /* ------------------ private key functions -----------------------------*/
541 static BIGNUM *unmask_priv_key(EVP_PKEY *pk,
542 const unsigned char *buf, int len, int num_masks)
544 BIGNUM *pknum_masked = NULL, *q = NULL;
545 const EC_KEY *key_ptr = (pk) ? EVP_PKEY_get0(pk) : NULL;
546 const EC_GROUP *group = (key_ptr) ? EC_KEY_get0_group(key_ptr) : NULL;
548 pknum_masked = BN_lebin2bn(buf, len, BN_secure_new());
554 * XXX Remove sign by gost94
556 const unsigned char *p = buf + num_masks * len;
559 if (!q || !group || EC_GROUP_get_order(group, q, NULL) <= 0) {
560 BN_free(pknum_masked);
565 for (; p != buf; p -= len) {
566 BIGNUM *mask = BN_lebin2bn(p, len, BN_secure_new());
567 BN_CTX *ctx = BN_CTX_secure_new();
569 BN_mod_mul(pknum_masked, pknum_masked, mask, q, ctx);
582 static int priv_decode_gost(EVP_PKEY *pk,
583 const PKCS8_PRIV_KEY_INFO *p8inf)
585 const unsigned char *pkey_buf = NULL, *p = NULL;
587 BIGNUM *pk_num = NULL;
589 const X509_ALGOR *palg = NULL;
590 const ASN1_OBJECT *palg_obj = NULL;
591 ASN1_INTEGER *priv_key = NULL;
592 int expected_key_len;
594 if (!PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf))
597 if (!decode_gost_algor_params(pk, palg)) {
601 expected_key_len = pkey_bits_gost(pk) > 0 ? pkey_bits_gost(pk) / 8 : 0;
602 if (expected_key_len == 0) {
603 GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
607 if (priv_len % expected_key_len == 0) {
608 /* Key is not wrapped but masked */
609 pk_num = unmask_priv_key(pk, pkey_buf, expected_key_len,
610 priv_len / expected_key_len - 1);
611 } else if (V_ASN1_OCTET_STRING == *p) {
612 /* New format - Little endian octet string */
613 ASN1_OCTET_STRING *s = d2i_ASN1_OCTET_STRING(NULL, &p, priv_len);
614 if (!s || ((s->length != 32) && (s->length != 64))) {
616 GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
619 pk_num = BN_lebin2bn(s->data, s->length, BN_secure_new());
621 } else if (V_ASN1_INTEGER == *p) {
622 priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
624 GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
627 pk_num = ASN1_INTEGER_to_BN(priv_key, BN_secure_new());
628 ASN1_INTEGER_free(priv_key);
629 } else if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == *p) {
630 MASKED_GOST_KEY *mgk = d2i_MASKED_GOST_KEY(NULL, &p, priv_len);
633 GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
637 priv_len = mgk->masked_priv_key->length;
638 if (priv_len % expected_key_len) {
639 MASKED_GOST_KEY_free(mgk);
640 GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
644 pk_num = unmask_priv_key(pk, mgk->masked_priv_key->data,
646 priv_len / expected_key_len - 1);
647 MASKED_GOST_KEY_free(mgk);
649 GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
653 if (pk_num == NULL) {
654 GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
658 ret = gost_set_priv_key(pk, pk_num);
663 /* ----------------------------------------------------------------------*/
664 static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
666 ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
667 ASN1_STRING *params = NULL;
668 unsigned char *buf = NULL;
669 int key_len = pkey_bits_gost(pk), i = 0;
670 /* unmasked private key */
671 const char *pk_format = get_gost_engine_param(GOST_PARAM_PK_FORMAT);
673 key_len = (key_len < 0) ? 0 : key_len / 8;
674 if (key_len == 0 || !(buf = OPENSSL_secure_malloc(key_len))) {
678 if (!store_bignum(gost_get0_priv_key(pk), buf, key_len)) {
679 OPENSSL_secure_free(buf);
683 params = encode_gost_algor_params(pk);
685 OPENSSL_secure_free(buf);
689 /* Convert buf to Little-endian */
690 for (i = 0; i < key_len / 2; i++) {
691 unsigned char tmp = buf[i];
692 buf[i] = buf[key_len - 1 - i];
693 buf[key_len - 1 - i] = tmp;
696 if (pk_format != NULL && strcmp(pk_format, PK_WRAP_PARAM) == 0) {
697 ASN1_STRING *octet = ASN1_STRING_new();
699 unsigned char *priv_buf = NULL;
700 if (!octet || !ASN1_OCTET_STRING_set(octet, buf, key_len)) {
701 ASN1_STRING_free(octet);
702 ASN1_STRING_free(params);
703 OPENSSL_secure_free(buf);
706 priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf);
707 ASN1_STRING_free(octet);
708 OPENSSL_secure_free(buf);
710 return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params,
714 return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params,
718 /* --------- printing keys --------------------------------*/
719 static int print_gost_priv(BIO *out, const EVP_PKEY *pkey, int indent)
723 if (!BIO_indent(out, indent, 128))
725 BIO_printf(out, "Private key: ");
726 key = gost_get0_priv_key(pkey);
728 BIO_printf(out, "<undefined>");
731 BIO_printf(out, "\n");
736 static int print_gost_ec_pub(BIO *out, const EVP_PKEY *pkey, int indent)
740 const EC_POINT *pubkey;
741 const EC_GROUP *group;
742 EC_KEY *key = (EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey);
747 GOSTerr(GOST_F_PRINT_GOST_EC_PUB, ERR_R_MALLOC_FAILURE);
754 pubkey = (key) ? EC_KEY_get0_public_key(key) : NULL;
755 group = (key) ? EC_KEY_get0_group(key) : NULL;
756 if (!pubkey || !group)
759 if (!EC_POINT_get_affine_coordinates(group, pubkey, X, Y, ctx)) {
760 GOSTerr(GOST_F_PRINT_GOST_EC_PUB, ERR_R_EC_LIB);
763 if (!BIO_indent(out, indent, 128))
765 BIO_printf(out, "Public key:\n");
766 if (!BIO_indent(out, indent + 3, 128))
768 BIO_printf(out, "X:");
770 BIO_printf(out, "\n");
771 if (!BIO_indent(out, indent + 3, 128))
773 BIO_printf(out, "Y:");
775 BIO_printf(out, "\n");
784 static int print_gost_ec_param(BIO *out, const EVP_PKEY *pkey, int indent)
786 EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
787 const EC_GROUP *group = (ec) ? EC_KEY_get0_group(ec) : NULL;
793 param_nid = EC_GROUP_get_curve_name(group);
794 if (!BIO_indent(out, indent, 128))
796 BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
801 static int print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent,
802 ASN1_PCTX *pctx, int type)
805 if (print_gost_priv(out, pkey, indent) == 0)
809 if (print_gost_ec_pub(out, pkey, indent) == 0)
813 return print_gost_ec_param(out, pkey, indent);
816 static int param_print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent,
819 return print_gost_ec(out, pkey, indent, pctx, 0);
822 static int pub_print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent,
825 return print_gost_ec(out, pkey, indent, pctx, 1);
828 static int priv_print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent,
831 return print_gost_ec(out, pkey, indent, pctx, 2);
834 /* ---------------------------------------------------------------------*/
835 static int param_missing_gost_ec(const EVP_PKEY *pk)
837 const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
840 if (!EC_KEY_get0_group(ec))
845 static int param_copy_gost_ec(EVP_PKEY *to, const EVP_PKEY *from)
847 EC_KEY *eto = EVP_PKEY_get0(to);
848 const EC_KEY *efrom = EVP_PKEY_get0((EVP_PKEY *)from);
849 if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
850 GOSTerr(GOST_F_PARAM_COPY_GOST_EC, GOST_R_INCOMPATIBLE_ALGORITHMS);
854 GOSTerr(GOST_F_PARAM_COPY_GOST_EC, GOST_R_KEY_PARAMETERS_MISSING);
860 GOSTerr(GOST_F_PARAM_COPY_GOST_EC, ERR_R_MALLOC_FAILURE);
863 if (!EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto)) {
864 GOSTerr(GOST_F_PARAM_COPY_GOST_EC, ERR_R_INTERNAL_ERROR);
869 if (!EC_KEY_set_group(eto, EC_KEY_get0_group(efrom))) {
870 GOSTerr(GOST_F_PARAM_COPY_GOST_EC, ERR_R_INTERNAL_ERROR);
873 if (EC_KEY_get0_private_key(eto)) {
874 return gost_ec_compute_public(eto);
879 static int param_cmp_gost_ec(const EVP_PKEY *a, const EVP_PKEY *b)
881 const EC_GROUP *group_a, *group_b;
882 EC_KEY *ec_a = EVP_PKEY_get0((EVP_PKEY *)a);
883 EC_KEY *ec_b = EVP_PKEY_get0((EVP_PKEY *)b);
887 group_a = EC_KEY_get0_group(ec_a);
888 group_b = EC_KEY_get0_group(ec_b);
889 if (!group_a || !group_b)
892 if (EC_GROUP_get_curve_name(group_a) == EC_GROUP_get_curve_name(group_b)) {
898 /* ---------- Public key functions * --------------------------------------*/
899 static int pub_decode_gost_ec(EVP_PKEY *pk, const X509_PUBKEY *pub)
901 X509_ALGOR *palg = NULL;
902 const unsigned char *pubkey_buf = NULL;
903 unsigned char *databuf;
904 ASN1_OBJECT *palgobj = NULL;
908 ASN1_OCTET_STRING *octet = NULL;
910 const EC_GROUP *group;
912 if (!X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub))
914 EVP_PKEY_assign(pk, OBJ_obj2nid(palgobj), NULL);
915 if (!decode_gost_algor_params(pk, palg))
917 group = EC_KEY_get0_group(EVP_PKEY_get0(pk));
918 octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
920 GOSTerr(GOST_F_PUB_DECODE_GOST_EC, ERR_R_MALLOC_FAILURE);
923 databuf = OPENSSL_malloc(octet->length);
924 if (databuf == NULL) {
925 GOSTerr(GOST_F_PUB_DECODE_GOST_EC, ERR_R_MALLOC_FAILURE);
926 ASN1_OCTET_STRING_free(octet);
930 BUF_reverse(databuf, octet->data, octet->length);
931 len = octet->length / 2;
932 ASN1_OCTET_STRING_free(octet);
934 Y = BN_bin2bn(databuf, len, NULL);
935 X = BN_bin2bn(databuf + len, len, NULL);
936 OPENSSL_free(databuf);
937 pub_key = EC_POINT_new(group);
938 if (!EC_POINT_set_affine_coordinates(group, pub_key, X, Y, NULL)) {
939 GOSTerr(GOST_F_PUB_DECODE_GOST_EC, ERR_R_EC_LIB);
940 EC_POINT_free(pub_key);
947 if (!EC_KEY_set_public_key(EVP_PKEY_get0(pk), pub_key)) {
948 GOSTerr(GOST_F_PUB_DECODE_GOST_EC, ERR_R_EC_LIB);
949 EC_POINT_free(pub_key);
952 EC_POINT_free(pub_key);
957 static int pub_encode_gost_ec(X509_PUBKEY *pub, const EVP_PKEY *pk)
960 ASN1_OCTET_STRING *octet = NULL;
962 unsigned char *buf = NULL, *databuf = NULL;
963 int data_len, ret = -1;
964 const EC_POINT *pub_key;
965 BIGNUM *X = NULL, *Y = NULL, *order;
966 const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
967 int ptype = V_ASN1_SEQUENCE;
970 algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
972 params = encode_gost_algor_params(pk);
976 if (order == NULL || EC_GROUP_get_order(EC_KEY_get0_group(ec), order, NULL) == 0) {
977 GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE);
980 EC_GROUP_get_order(EC_KEY_get0_group(ec), order, NULL);
981 pub_key = EC_KEY_get0_public_key(ec);
983 GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, GOST_R_PUBLIC_KEY_UNDEFINED);
989 GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE);
992 if (!EC_POINT_get_affine_coordinates(EC_KEY_get0_group(ec),
993 pub_key, X, Y, NULL)) {
994 GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_INTERNAL_ERROR);
997 data_len = 2 * BN_num_bytes(order);
998 databuf = OPENSSL_zalloc(data_len);
999 if (databuf == NULL) {
1000 GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE);
1004 store_bignum(X, databuf + data_len / 2, data_len / 2);
1005 store_bignum(Y, databuf, data_len / 2);
1007 BUF_reverse(databuf, NULL, data_len);
1009 octet = ASN1_OCTET_STRING_new();
1010 if (octet == NULL) {
1011 GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE);
1015 if (0 == ASN1_STRING_set(octet, databuf, data_len)) {
1016 GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE);
1020 ret = i2d_ASN1_OCTET_STRING(octet, &buf);
1022 ASN1_BIT_STRING_free(octet);
1030 OPENSSL_free(databuf);
1034 return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
1037 static int pub_cmp_gost_ec(const EVP_PKEY *a, const EVP_PKEY *b)
1039 const EC_KEY *ea = EVP_PKEY_get0((EVP_PKEY *)a);
1040 const EC_KEY *eb = EVP_PKEY_get0((EVP_PKEY *)b);
1041 const EC_POINT *ka, *kb;
1044 ka = EC_KEY_get0_public_key(ea);
1045 kb = EC_KEY_get0_public_key(eb);
1048 return (0 == EC_POINT_cmp(EC_KEY_get0_group(ea), ka, kb, NULL));
1051 static int pkey_size_gost(const EVP_PKEY *pk)
1056 switch (EVP_PKEY_base_id(pk)) {
1057 case NID_id_GostR3410_94:
1058 case NID_id_GostR3410_2001:
1059 case NID_id_GostR3410_2012_256:
1061 case NID_id_GostR3410_2012_512:
1068 /* ---------------------- ASN1 METHOD for GOST MAC -------------------*/
1069 static void mackey_free_gost(EVP_PKEY *pk)
1071 OPENSSL_free(EVP_PKEY_get0(pk));
1074 static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
1077 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
1079 *(int *)arg2 = NID_id_Gost28147_89_MAC;
1086 static int mac_ctrl_gost_12(EVP_PKEY *pkey, int op, long arg1, void *arg2)
1089 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
1091 *(int *)arg2 = NID_gost_mac_12;
1098 static int mac_ctrl_magma(EVP_PKEY *pkey, int op, long arg1, void *arg2)
1101 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
1103 *(int *)arg2 = NID_magma_mac;
1110 static int mac_ctrl_grasshopper(EVP_PKEY *pkey, int op, long arg1, void *arg2)
1113 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
1115 *(int *)arg2 = NID_grasshopper_mac;
1122 static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
1125 EC_GROUP_get_curve_name(EC_KEY_get0_group
1126 (EVP_PKEY_get0((EVP_PKEY *)pkey)));
1127 return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder);
1130 static int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
1133 ASN1_OBJECT *obj = NULL;
1135 if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
1138 nid = OBJ_obj2nid(obj);
1139 ASN1_OBJECT_free(obj);
1141 return gost_decode_nid_params(pkey, NID_id_GostR3410_2001, nid);
1144 /* ----------------------------------------------------------------------*/
1145 int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth,
1146 const char *pemstr, const char *info)
1148 *ameth = EVP_PKEY_asn1_new(nid, ASN1_PKEY_SIGPARAM_NULL, pemstr, info);
1152 case NID_id_GostR3410_2001:
1153 EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost_ec);
1154 EVP_PKEY_asn1_set_private(*ameth,
1155 priv_decode_gost, priv_encode_gost,
1156 priv_print_gost_ec);
1158 EVP_PKEY_asn1_set_param(*ameth,
1159 gost2001_param_decode, gost2001_param_encode,
1160 param_missing_gost_ec, param_copy_gost_ec,
1161 param_cmp_gost_ec, param_print_gost_ec);
1162 EVP_PKEY_asn1_set_public(*ameth,
1163 pub_decode_gost_ec, pub_encode_gost_ec,
1164 pub_cmp_gost_ec, pub_print_gost_ec,
1165 pkey_size_gost, pkey_bits_gost);
1167 EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
1168 EVP_PKEY_asn1_set_security_bits(*ameth, pkey_bits_gost);
1170 case NID_id_GostR3410_2012_256:
1171 case NID_id_GostR3410_2012_512:
1172 EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost_ec);
1173 EVP_PKEY_asn1_set_private(*ameth,
1174 priv_decode_gost, priv_encode_gost,
1175 priv_print_gost_ec);
1177 EVP_PKEY_asn1_set_param(*ameth,
1179 param_missing_gost_ec, param_copy_gost_ec,
1180 param_cmp_gost_ec, NULL);
1182 EVP_PKEY_asn1_set_public(*ameth,
1183 pub_decode_gost_ec, pub_encode_gost_ec,
1184 pub_cmp_gost_ec, pub_print_gost_ec,
1185 pkey_size_gost, pkey_bits_gost);
1187 EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
1188 EVP_PKEY_asn1_set_security_bits(*ameth, pkey_bits_gost);
1190 case NID_id_Gost28147_89_MAC:
1191 EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
1192 EVP_PKEY_asn1_set_ctrl(*ameth, mac_ctrl_gost);
1194 case NID_gost_mac_12:
1195 EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
1196 EVP_PKEY_asn1_set_ctrl(*ameth, mac_ctrl_gost_12);
1199 EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
1200 EVP_PKEY_asn1_set_ctrl(*ameth, mac_ctrl_magma);
1202 case NID_grasshopper_mac:
1203 EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
1204 EVP_PKEY_asn1_set_ctrl(*ameth, mac_ctrl_grasshopper);
projects / openssl-gost / engine.git / blob