1 /**********************************************************************
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
6 * Implementation of RFC 4490/4491 ASN1 method *
8 * Requires OpenSSL 0.9.9 for compilation *
9 **********************************************************************/
11 #include <openssl/crypto.h>
12 #include <openssl/err.h>
13 #include <openssl/engine.h>
14 #include <openssl/evp.h>
15 #include <openssl/asn1.h>
16 #ifndef OPENSSL_NO_CMS
17 # include <openssl/cms.h>
19 #include "gost_params.h"
21 #include "e_gost_err.h"
23 static int pkey_bits_gost(const EVP_PKEY *pk);
25 int gost94_nid_by_params(DSA *p)
27 R3410_params *gost_params;
29 for (gost_params = R3410_paramset; gost_params->nid != NID_undef;
31 BN_dec2bn(&q, gost_params->q);
36 return gost_params->nid;
39 static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key)
41 ASN1_STRING *params = ASN1_STRING_new();
42 GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
43 int pkey_param_nid = NID_undef;
44 void *key_ptr = EVP_PKEY_get0((EVP_PKEY *)key);
47 if (!params || !gkp) {
48 GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE);
51 switch (EVP_PKEY_base_id(key)) {
52 case NID_id_GostR3410_2012_256:
53 pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr));
54 gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_256);
56 case NID_id_GostR3410_2012_512:
57 pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr));
58 gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_512);
60 case NID_id_GostR3410_2001:
61 pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr));
62 gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet);
64 case NID_id_GostR3410_94:
65 pkey_param_nid = (int)gost94_nid_by_params(key_ptr);
66 gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet);
70 if (pkey_param_nid == NID_undef) {
71 GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, GOST_R_INVALID_PARAMSET);
75 gkp->key_params = OBJ_nid2obj(pkey_param_nid);
77 * gkp->cipher_params = OBJ_nid2obj(cipher_param_nid);
79 params->length = i2d_GOST_KEY_PARAMS(gkp, ¶ms->data);
80 if (params->length <= 0) {
81 GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE);
84 params->type = V_ASN1_SEQUENCE;
88 GOST_KEY_PARAMS_free(gkp);
89 if (result == 0) { /* if error */
91 ASN1_STRING_free(params);
97 static int gost_decode_nid_params(EVP_PKEY *pkey, int pkey_nid, int param_nid)
99 void *key_ptr = EVP_PKEY_get0(pkey);
102 case NID_id_GostR3410_2012_256:
103 case NID_id_GostR3410_2012_512:
104 case NID_id_GostR3410_2001:
106 key_ptr = EC_KEY_new();
107 if (!EVP_PKEY_assign(pkey, pkey_nid, key_ptr)) {
108 EC_KEY_free(key_ptr);
112 return fill_GOST_EC_params(key_ptr, param_nid);
114 case NID_id_GostR3410_94:
117 if (!EVP_PKEY_assign(pkey, pkey_nid, key_ptr)) {
122 return fill_GOST94_params(key_ptr, param_nid);
129 * Parses GOST algorithm parameters from X509_ALGOR and modifies pkey setting
132 static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg)
134 ASN1_OBJECT *palg_obj = NULL;
135 int ptype = V_ASN1_UNDEF;
136 int pkey_nid = NID_undef, param_nid = NID_undef;
137 ASN1_STRING *pval = NULL;
138 const unsigned char *p;
139 GOST_KEY_PARAMS *gkp = NULL;
143 X509_ALGOR_get0(&palg_obj, &ptype, (void **)&pval, palg);
144 if (ptype != V_ASN1_SEQUENCE) {
145 GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS,
146 GOST_R_BAD_KEY_PARAMETERS_FORMAT);
150 pkey_nid = OBJ_obj2nid(palg_obj);
152 gkp = d2i_GOST_KEY_PARAMS(NULL, &p, pval->length);
154 GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS,
155 GOST_R_BAD_PKEY_PARAMETERS_FORMAT);
158 param_nid = OBJ_obj2nid(gkp->key_params);
159 GOST_KEY_PARAMS_free(gkp);
160 if (!EVP_PKEY_set_type(pkey, pkey_nid)) {
161 GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS, ERR_R_INTERNAL_ERROR);
165 return gost_decode_nid_params(pkey, pkey_nid, param_nid);
168 static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv)
170 switch (EVP_PKEY_base_id(pkey)) {
171 case NID_id_GostR3410_94:
173 DSA *dsa = EVP_PKEY_get0(pkey);
176 EVP_PKEY_assign(pkey, EVP_PKEY_base_id(pkey), dsa);
178 dsa->priv_key = BN_dup(priv);
179 if (!EVP_PKEY_missing_parameters(pkey))
180 gost94_compute_public(dsa);
183 case NID_id_GostR3410_2012_512:
184 case NID_id_GostR3410_2012_256:
185 case NID_id_GostR3410_2001:
187 EC_KEY *ec = EVP_PKEY_get0(pkey);
190 EVP_PKEY_assign(pkey, EVP_PKEY_base_id(pkey), ec);
192 if (!EC_KEY_set_private_key(ec, priv))
194 if (!EVP_PKEY_missing_parameters(pkey))
195 gost_ec_compute_public(ec);
204 BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey)
206 switch (EVP_PKEY_base_id(pkey)) {
207 case NID_id_GostR3410_94:
209 DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pkey);
211 return dsa->priv_key;
214 case NID_id_GostR3410_2012_512:
215 case NID_id_GostR3410_2012_256:
216 case NID_id_GostR3410_2001:
218 EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
220 return (BIGNUM *)EC_KEY_get0_private_key(ec);
230 static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
232 int nid = EVP_PKEY_base_id(pkey), md_nid = NID_undef;
233 X509_ALGOR *alg1 = NULL, *alg2 = NULL;
236 case NID_id_GostR3410_2012_512:
237 md_nid = NID_id_GostR3411_2012_512;
239 case NID_id_GostR3410_2012_256:
240 md_nid = NID_id_GostR3411_2012_256;
242 case NID_id_GostR3410_2001:
243 case NID_id_GostR3410_94:
244 md_nid = NID_id_GostR3411_94;
251 case ASN1_PKEY_CTRL_PKCS7_SIGN:
253 PKCS7_SIGNER_INFO_get0_algs((PKCS7_SIGNER_INFO *)arg2, NULL,
255 X509_ALGOR_set0(alg1, OBJ_nid2obj(md_nid), V_ASN1_NULL, 0);
256 X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
259 #ifndef OPENSSL_NO_CMS
260 case ASN1_PKEY_CTRL_CMS_SIGN:
262 CMS_SignerInfo_get0_algs((CMS_SignerInfo *)arg2, NULL, NULL,
264 X509_ALGOR_set0(alg1, OBJ_nid2obj(md_nid), V_ASN1_NULL, 0);
265 X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
269 case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
271 ASN1_STRING *params = encode_gost_algor_params(pkey);
275 PKCS7_RECIP_INFO_get0_alg((PKCS7_RECIP_INFO *)arg2, &alg1);
276 X509_ALGOR_set0(alg1, OBJ_nid2obj(pkey->type),
277 V_ASN1_SEQUENCE, params);
280 #ifndef OPENSSL_NO_CMS
281 case ASN1_PKEY_CTRL_CMS_ENVELOPE:
283 ASN1_STRING *params = encode_gost_algor_params(pkey);
287 CMS_RecipientInfo_ktri_get0_algs((CMS_RecipientInfo *)arg2, NULL,
289 X509_ALGOR_set0(alg1, OBJ_nid2obj(pkey->type), V_ASN1_SEQUENCE,
294 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
295 *(int *)arg2 = md_nid;
302 /* --------------------- free functions * ------------------------------*/
303 static void pkey_free_gost94(EVP_PKEY *key)
306 DSA_free(key->pkey.dsa);
310 static void pkey_free_gost_ec(EVP_PKEY *key)
313 EC_KEY_free(key->pkey.ec);
317 /* ------------------ private key functions -----------------------------*/
319 static BIGNUM *unmask_priv_key(EVP_PKEY *pk,
320 const unsigned char *buf, int len,
323 BIGNUM *pknum_masked = NULL, *q = NULL;
324 const EC_KEY *key_ptr = (pk) ? EVP_PKEY_get0(pk) : NULL;
325 const EC_GROUP *group = (key_ptr) ? EC_KEY_get0_group(key_ptr) : NULL;
327 pknum_masked = hashsum2bn(buf, len);
333 * XXX Remove sign by gost94
335 const unsigned char *p = buf + num_masks * len;
338 if (!q || !group || EC_GROUP_get_order(group, q, NULL) <= 0) {
339 BN_free(pknum_masked);
344 for (; p != buf; p -= len) {
345 BIGNUM *mask = hashsum2bn(p, len);
346 BN_CTX *ctx = BN_CTX_new();
348 BN_mod_mul(pknum_masked, pknum_masked, mask, q, ctx);
361 static int priv_decode_gost(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
363 const unsigned char *pkey_buf = NULL, *p = NULL;
365 BIGNUM *pk_num = NULL;
367 X509_ALGOR *palg = NULL;
368 ASN1_OBJECT *palg_obj = NULL;
369 ASN1_INTEGER *priv_key = NULL;
370 int expected_key_len = 32;
372 if (!PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf))
375 if (!decode_gost_algor_params(pk, palg)) {
379 expected_key_len = pkey_bits_gost(pk) > 0 ? pkey_bits_gost(pk) / 8 : 0;
380 if (expected_key_len == 0) {
381 GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
385 if (priv_len % expected_key_len == 0) {
386 /* Key is not wrapped but masked */
387 pk_num = unmask_priv_key(pk, pkey_buf, expected_key_len,
388 priv_len / expected_key_len - 1);
389 } else if (V_ASN1_OCTET_STRING == *p) {
390 /* New format - Little endian octet string */
391 ASN1_OCTET_STRING *s = d2i_ASN1_OCTET_STRING(NULL, &p, priv_len);
392 if (!s || ((s->length != 32) && (s->length != 64))) {
394 GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
397 pk_num = hashsum2bn(s->data, s->length);
399 } else if (V_ASN1_INTEGER == *p) {
400 priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
402 GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
405 pk_num = ASN1_INTEGER_to_BN(priv_key, NULL);
406 ASN1_INTEGER_free(priv_key);
407 } else if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == *p) {
408 MASKED_GOST_KEY *mgk = NULL;
409 mgk = d2i_MASKED_GOST_KEY(NULL, &p, priv_len);
412 GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
416 priv_len = mgk->masked_priv_key->length;
417 if (priv_len % expected_key_len) {
418 MASKED_GOST_KEY_free(mgk);
419 GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
423 pk_num = unmask_priv_key(pk, mgk->masked_priv_key->data,
425 priv_len / expected_key_len - 1);
426 MASKED_GOST_KEY_free(mgk);
428 GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
432 if (pk_num == NULL) {
433 GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
437 ret = gost_set_priv_key(pk, pk_num);
442 /* ----------------------------------------------------------------------*/
443 static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
445 ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
446 ASN1_STRING *params = encode_gost_algor_params(pk);
447 unsigned char *priv_buf = NULL, *buf = NULL;
448 int key_len = pkey_bits_gost(pk), priv_len = 0, i = 0;
450 ASN1_STRING *octet = NULL;
455 key_len = (key_len < 0) ? 0 : key_len / 8;
456 if (key_len == 0 || !(buf = OPENSSL_malloc(key_len))) {
460 if (!store_bignum(gost_get0_priv_key(pk), buf, key_len)) {
465 /* Convert buf to Little-endian */
466 for (i = 0; i < key_len / 2; i++) {
467 unsigned char tmp = buf[i];
468 buf[i] = buf[key_len - 1 - i];
469 buf[key_len - 1 - i] = tmp;
472 octet = ASN1_STRING_new();
473 M_ASN1_OCTET_STRING_set(octet, buf, key_len);
475 priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf);
476 ASN1_STRING_free(octet);
479 return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params,
483 /* --------- printing keys --------------------------------*/
484 static int print_gost_priv(BIO *out, const EVP_PKEY *pkey, int indent)
488 if (!BIO_indent(out, indent, 128))
490 BIO_printf(out, "Private key: ");
491 key = gost_get0_priv_key(pkey);
493 BIO_printf(out, "<undefined>");
496 BIO_printf(out, "\n");
501 static int print_gost_ec_pub(BIO *out, const EVP_PKEY *pkey, int indent)
505 const EC_POINT *pubkey;
506 const EC_GROUP *group;
507 EC_KEY *key = (EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey);
512 GOSTerr(GOST_F_PRINT_GOST_EC_PUB, ERR_R_MALLOC_FAILURE);
519 pubkey = (key) ? EC_KEY_get0_public_key(key) : NULL;
520 group = (key) ? EC_KEY_get0_group(key) : NULL;
521 if (!pubkey || !group)
524 if (!EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y, ctx)) {
525 GOSTerr(GOST_F_PRINT_GOST_EC_PUB, ERR_R_EC_LIB);
528 if (!BIO_indent(out, indent, 128))
530 BIO_printf(out, "Public key:\n");
531 if (!BIO_indent(out, indent + 3, 128))
533 BIO_printf(out, "X:");
535 BIO_printf(out, "\n");
536 if (!BIO_indent(out, indent + 3, 128))
538 BIO_printf(out, "Y:");
540 BIO_printf(out, "\n");
549 static int print_gost_ec_param(BIO *out, const EVP_PKEY *pkey, int indent)
551 EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
552 const EC_GROUP *group = (ec) ? EC_KEY_get0_group(ec) : NULL;
558 param_nid = EC_GROUP_get_curve_name(group);
559 if (!BIO_indent(out, indent, 128))
561 BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
566 static int print_gost_94(BIO *out, const EVP_PKEY *pkey, int indent,
567 ASN1_PCTX *pctx, int type)
569 int param_nid = NID_undef;
572 if (print_gost_priv(out, pkey, indent) == 0)
578 pubkey = ((DSA *)EVP_PKEY_get0((EVP_PKEY *)pkey))->pub_key;
579 BIO_indent(out, indent, 128);
580 BIO_printf(out, "Public key: ");
581 BN_print(out, pubkey);
582 BIO_printf(out, "\n");
585 param_nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
586 BIO_indent(out, indent, 128);
587 BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
591 static int param_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
594 return print_gost_94(out, pkey, indent, pctx, 0);
597 static int pub_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
600 return print_gost_94(out, pkey, indent, pctx, 1);
603 static int priv_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
606 return print_gost_94(out, pkey, indent, pctx, 2);
609 static int print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent,
610 ASN1_PCTX *pctx, int type)
613 if (print_gost_priv(out, pkey, indent) == 0)
617 if (print_gost_ec_pub(out, pkey, indent) == 0)
621 return print_gost_ec_param(out, pkey, indent);
624 static int param_print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent,
627 return print_gost_ec(out, pkey, indent, pctx, 0);
630 static int pub_print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent,
633 return print_gost_ec(out, pkey, indent, pctx, 1);
636 static int priv_print_gost_ec(BIO *out, const EVP_PKEY *pkey, int indent,
639 return print_gost_ec(out, pkey, indent, pctx, 2);
642 /* ---------------------------------------------------------------------*/
643 static int param_missing_gost94(const EVP_PKEY *pk)
645 const DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
653 static int param_missing_gost_ec(const EVP_PKEY *pk)
655 const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
658 if (!EC_KEY_get0_group(ec))
663 static int param_copy_gost94(EVP_PKEY *to, const EVP_PKEY *from)
665 const DSA *dfrom = EVP_PKEY_get0((EVP_PKEY *)from);
666 DSA *dto = EVP_PKEY_get0(to);
667 if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
668 GOSTerr(GOST_F_PARAM_COPY_GOST94, GOST_R_INCOMPATIBLE_ALGORITHMS);
672 GOSTerr(GOST_F_PARAM_COPY_GOST94, GOST_R_KEY_PARAMETERS_MISSING);
677 EVP_PKEY_assign(to, EVP_PKEY_base_id(from), dto);
679 #define COPYBIGNUM(a,b,x) if (a->x) BN_free(a->x); a->x=BN_dup(b->x);
680 COPYBIGNUM(dto, dfrom, p)
681 COPYBIGNUM(dto, dfrom, q)
682 COPYBIGNUM(dto, dfrom, g)
685 gost94_compute_public(dto);
689 static int param_copy_gost_ec(EVP_PKEY *to, const EVP_PKEY *from)
691 EC_KEY *eto = EVP_PKEY_get0(to);
692 const EC_KEY *efrom = EVP_PKEY_get0((EVP_PKEY *)from);
693 if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
694 GOSTerr(GOST_F_PARAM_COPY_GOST_EC, GOST_R_INCOMPATIBLE_ALGORITHMS);
698 GOSTerr(GOST_F_PARAM_COPY_GOST_EC, GOST_R_KEY_PARAMETERS_MISSING);
704 GOSTerr(GOST_F_PARAM_COPY_GOST_EC, ERR_R_MALLOC_FAILURE);
707 if (!EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto)) {
708 GOSTerr(GOST_F_PARAM_COPY_GOST_EC, ERR_R_INTERNAL_ERROR);
713 if (!EC_KEY_set_group(eto, EC_KEY_get0_group(efrom))) {
714 GOSTerr(GOST_F_PARAM_COPY_GOST_EC, ERR_R_INTERNAL_ERROR);
717 if (EC_KEY_get0_private_key(eto)) {
718 return gost_ec_compute_public(eto);
723 static int param_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
725 const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
726 const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
729 return (BN_cmp(da->q, db->q) == 0) ? 1 : 0;
732 static int param_cmp_gost_ec(const EVP_PKEY *a, const EVP_PKEY *b)
734 const EC_GROUP *group_a, *group_b;
735 EC_KEY *ec_a = EVP_PKEY_get0((EVP_PKEY *)a);
736 EC_KEY *ec_b = EVP_PKEY_get0((EVP_PKEY *)b);
740 group_a = EC_KEY_get0_group(ec_a);
741 group_b = EC_KEY_get0_group(ec_b);
742 if (!group_a || !group_b)
745 if (EC_GROUP_get_curve_name(group_a) == EC_GROUP_get_curve_name(group_b)) {
751 /* ---------- Public key functions * --------------------------------------*/
752 static int pub_decode_gost94(EVP_PKEY *pk, X509_PUBKEY *pub)
754 X509_ALGOR *palg = NULL;
755 const unsigned char *pubkey_buf = NULL;
756 unsigned char *databuf;
757 ASN1_OBJECT *palgobj = NULL;
760 ASN1_OCTET_STRING *octet = NULL;
762 if (!X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub))
764 EVP_PKEY_assign(pk, OBJ_obj2nid(palgobj), NULL);
765 if (!decode_gost_algor_params(pk, palg))
767 octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
769 GOSTerr(GOST_F_PUB_DECODE_GOST94, ERR_R_MALLOC_FAILURE);
772 databuf = OPENSSL_malloc(octet->length);
773 if (databuf == NULL) {
774 GOSTerr(GOST_F_PUB_DECODE_GOST94, ERR_R_MALLOC_FAILURE);
775 ASN1_OCTET_STRING_free(octet);
778 for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) {
779 databuf[j] = octet->data[i];
781 dsa = EVP_PKEY_get0(pk);
782 dsa->pub_key = BN_bin2bn(databuf, octet->length, NULL);
783 ASN1_OCTET_STRING_free(octet);
784 OPENSSL_free(databuf);
789 static int pub_encode_gost94(X509_PUBKEY *pub, const EVP_PKEY *pk)
791 ASN1_OBJECT *algobj = NULL;
792 ASN1_OCTET_STRING *octet = NULL;
794 unsigned char *buf = NULL, *databuf, *sptr;
795 int i, j, data_len, ret = 0;
797 int ptype = V_ASN1_UNDEF;
798 DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
799 algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
800 if (pk->save_parameters) {
801 ASN1_STRING *params = encode_gost_algor_params(pk);
803 ptype = V_ASN1_SEQUENCE;
805 data_len = BN_num_bytes(dsa->pub_key);
806 databuf = OPENSSL_malloc(data_len);
807 if (databuf == NULL) {
808 GOSTerr(GOST_F_PUB_ENCODE_GOST94, ERR_R_MALLOC_FAILURE);
811 BN_bn2bin(dsa->pub_key, databuf);
812 octet = ASN1_OCTET_STRING_new();
814 GOSTerr(GOST_F_PUB_ENCODE_GOST94, ERR_R_MALLOC_FAILURE);
815 OPENSSL_free(databuf);
818 ASN1_STRING_set(octet, NULL, data_len);
819 sptr = ASN1_STRING_data(octet);
820 for (i = 0, j = data_len - 1; i < data_len; i++, j--) {
821 sptr[i] = databuf[j];
823 OPENSSL_free(databuf);
824 ret = i2d_ASN1_OCTET_STRING(octet, &buf);
825 ASN1_BIT_STRING_free(octet);
828 return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
831 static int pub_decode_gost_ec(EVP_PKEY *pk, X509_PUBKEY *pub)
833 X509_ALGOR *palg = NULL;
834 const unsigned char *pubkey_buf = NULL;
835 unsigned char *databuf;
836 ASN1_OBJECT *palgobj = NULL;
840 ASN1_OCTET_STRING *octet = NULL;
842 const EC_GROUP *group;
844 if (!X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub))
846 EVP_PKEY_assign(pk, OBJ_obj2nid(palgobj), NULL);
847 if (!decode_gost_algor_params(pk, palg))
849 group = EC_KEY_get0_group(EVP_PKEY_get0(pk));
850 octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
852 GOSTerr(GOST_F_PUB_DECODE_GOST_EC, ERR_R_MALLOC_FAILURE);
855 databuf = OPENSSL_malloc(octet->length);
856 if (databuf == NULL) {
857 GOSTerr(GOST_F_PUB_DECODE_GOST_EC, ERR_R_MALLOC_FAILURE);
858 ASN1_OCTET_STRING_free(octet);
861 for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) {
862 databuf[j] = octet->data[i];
864 len = octet->length / 2;
865 ASN1_OCTET_STRING_free(octet);
867 Y = getbnfrombuf(databuf, len);
868 X = getbnfrombuf(databuf + len, len);
869 OPENSSL_free(databuf);
870 pub_key = EC_POINT_new(group);
871 if (!EC_POINT_set_affine_coordinates_GFp(group, pub_key, X, Y, NULL)) {
872 GOSTerr(GOST_F_PUB_DECODE_GOST_EC, ERR_R_EC_LIB);
873 EC_POINT_free(pub_key);
880 if (!EC_KEY_set_public_key(EVP_PKEY_get0(pk), pub_key)) {
881 GOSTerr(GOST_F_PUB_DECODE_GOST_EC, ERR_R_EC_LIB);
882 EC_POINT_free(pub_key);
885 EC_POINT_free(pub_key);
890 static int pub_encode_gost_ec(X509_PUBKEY *pub, const EVP_PKEY *pk)
892 ASN1_OBJECT *algobj = NULL;
893 ASN1_OCTET_STRING *octet = NULL;
895 unsigned char *buf = NULL, *databuf = NULL, *sptr;
896 int i, j, data_len, ret = -1;
897 const EC_POINT *pub_key;
898 BIGNUM *X = NULL, *Y = NULL, *order = NULL;
899 const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
900 int ptype = V_ASN1_UNDEF;
902 algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
903 if (pk->save_parameters) {
904 ASN1_STRING *params = encode_gost_algor_params(pk);
906 ptype = V_ASN1_SEQUENCE;
910 GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE);
913 EC_GROUP_get_order(EC_KEY_get0_group(ec), order, NULL);
914 pub_key = EC_KEY_get0_public_key(ec);
916 GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, GOST_R_PUBLIC_KEY_UNDEFINED);
922 GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE);
925 if (!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec),
926 pub_key, X, Y, NULL)) {
927 GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_INTERNAL_ERROR);
930 data_len = 2 * BN_num_bytes(order);
931 databuf = OPENSSL_malloc(data_len);
932 if (databuf == NULL) {
933 GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE);
936 memset(databuf, 0, data_len);
938 store_bignum(X, databuf + data_len / 2, data_len / 2);
939 store_bignum(Y, databuf, data_len / 2);
941 octet = ASN1_OCTET_STRING_new();
943 GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE);
946 ASN1_STRING_set(octet, NULL, data_len);
947 sptr = ASN1_STRING_data(octet);
948 for (i = 0, j = data_len - 1; i < data_len; i++, j--) {
949 sptr[i] = databuf[j];
952 ret = i2d_ASN1_OCTET_STRING(octet, &buf);
953 ASN1_BIT_STRING_free(octet);
962 OPENSSL_free(databuf);
966 return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
969 static int pub_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
971 const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
972 const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
976 if (!da->pub_key || !db->pub_key)
979 return (BN_cmp(da->pub_key, db->pub_key) == 0) ? 1 : 0;
982 static int pub_cmp_gost_ec(const EVP_PKEY *a, const EVP_PKEY *b)
984 const EC_KEY *ea = EVP_PKEY_get0((EVP_PKEY *)a);
985 const EC_KEY *eb = EVP_PKEY_get0((EVP_PKEY *)b);
986 const EC_POINT *ka, *kb;
989 ka = EC_KEY_get0_public_key(ea);
990 kb = EC_KEY_get0_public_key(eb);
993 return (0 == EC_POINT_cmp(EC_KEY_get0_group(ea), ka, kb, NULL));
996 static int pkey_size_gost(const EVP_PKEY *pk)
1001 switch (EVP_PKEY_base_id(pk)) {
1002 case NID_id_GostR3410_94:
1003 case NID_id_GostR3410_2001:
1004 case NID_id_GostR3410_2012_256:
1006 case NID_id_GostR3410_2012_512:
1013 static int pkey_bits_gost(const EVP_PKEY *pk)
1018 switch (EVP_PKEY_base_id(pk)) {
1019 case NID_id_GostR3410_94:
1020 case NID_id_GostR3410_2001:
1021 case NID_id_GostR3410_2012_256:
1023 case NID_id_GostR3410_2012_512:
1030 /* ---------------------- ASN1 METHOD for GOST MAC -------------------*/
1031 static void mackey_free_gost(EVP_PKEY *pk)
1034 OPENSSL_free(pk->pkey.ptr);
1038 static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
1041 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
1043 *(int *)arg2 = NID_id_Gost28147_89_MAC;
1050 static int mac_ctrl_gost_12(EVP_PKEY *pkey, int op, long arg1, void *arg2)
1053 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
1055 *(int *)arg2 = NID_gost_mac_12;
1062 static int gost94_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
1064 int nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
1065 return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder);
1068 static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
1071 EC_GROUP_get_curve_name(EC_KEY_get0_group
1072 (EVP_PKEY_get0((EVP_PKEY *)pkey)));
1073 return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder);
1076 static int gost94_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
1079 ASN1_OBJECT *obj = NULL;
1081 if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
1084 nid = OBJ_obj2nid(obj);
1085 ASN1_OBJECT_free(obj);
1087 return gost_decode_nid_params(pkey, NID_id_GostR3410_94, nid);
1090 static int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
1093 ASN1_OBJECT *obj = NULL;
1095 if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
1098 nid = OBJ_obj2nid(obj);
1099 ASN1_OBJECT_free(obj);
1101 return gost_decode_nid_params(pkey, NID_id_GostR3410_2001, nid);
1104 /* ----------------------------------------------------------------------*/
1105 int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth,
1106 const char *pemstr, const char *info)
1108 *ameth = EVP_PKEY_asn1_new(nid, ASN1_PKEY_SIGPARAM_NULL, pemstr, info);
1112 case NID_id_GostR3410_94:
1113 EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost94);
1114 EVP_PKEY_asn1_set_private(*ameth,
1115 priv_decode_gost, priv_encode_gost,
1118 EVP_PKEY_asn1_set_param(*ameth,
1119 gost94_param_decode, gost94_param_encode,
1120 param_missing_gost94, param_copy_gost94,
1121 param_cmp_gost94, param_print_gost94);
1122 EVP_PKEY_asn1_set_public(*ameth,
1123 pub_decode_gost94, pub_encode_gost94,
1124 pub_cmp_gost94, pub_print_gost94,
1125 pkey_size_gost, pkey_bits_gost);
1127 EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
1129 case NID_id_GostR3410_2001:
1130 EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost_ec);
1131 EVP_PKEY_asn1_set_private(*ameth,
1132 priv_decode_gost, priv_encode_gost,
1133 priv_print_gost_ec);
1135 EVP_PKEY_asn1_set_param(*ameth,
1136 gost2001_param_decode, gost2001_param_encode,
1137 param_missing_gost_ec, param_copy_gost_ec,
1138 param_cmp_gost_ec, param_print_gost_ec);
1139 EVP_PKEY_asn1_set_public(*ameth,
1140 pub_decode_gost_ec, pub_encode_gost_ec,
1141 pub_cmp_gost_ec, pub_print_gost_ec,
1142 pkey_size_gost, pkey_bits_gost);
1144 EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
1146 case NID_id_GostR3410_2012_256:
1147 case NID_id_GostR3410_2012_512:
1148 EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost_ec);
1149 EVP_PKEY_asn1_set_private(*ameth,
1150 priv_decode_gost, priv_encode_gost,
1151 priv_print_gost_ec);
1153 EVP_PKEY_asn1_set_param(*ameth,
1155 param_missing_gost_ec, param_copy_gost_ec,
1156 param_cmp_gost_ec, NULL);
1158 EVP_PKEY_asn1_set_public(*ameth,
1159 pub_decode_gost_ec, pub_encode_gost_ec,
1160 pub_cmp_gost_ec, pub_print_gost_ec,
1161 pkey_size_gost, pkey_bits_gost);
1163 EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
1165 case NID_id_Gost28147_89_MAC:
1166 EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
1167 EVP_PKEY_asn1_set_ctrl(*ameth, mac_ctrl_gost);
1169 case NID_gost_mac_12:
1170 EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
1171 EVP_PKEY_asn1_set_ctrl(*ameth, mac_ctrl_gost_12);