1 /**********************************************************************
3 * Copyright (c) 2005-2013 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
6 * Implementation of RFC 4357 (GOST R 34.10) Publick key method *
8 * Requires OpenSSL 1.0.0+ for compilation *
9 **********************************************************************/
10 #include <openssl/evp.h>
11 #include <openssl/objects.h>
12 #include <openssl/ec.h>
13 #include <openssl/err.h>
14 #include <openssl/x509v3.h> /* For string_to_hex */
15 #include <openssl/opensslv.h> /* For OPENSSL_VERSION_MAJOR */
20 #include "e_gost_err.h"
23 #ifdef OPENSSL_VERSION_MAJOR
25 #define ossl3_const const
28 /* -----init, cleanup, copy - uniform for all algs --------------*/
29 /* Allocates new gost_pmeth_data structure and assigns it as data */
30 static int pkey_gost_init(EVP_PKEY_CTX *ctx)
32 struct gost_pmeth_data *data;
33 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
35 data = OPENSSL_malloc(sizeof(*data));
38 memset(data, 0, sizeof(*data));
39 if (pkey && EVP_PKEY_get0(pkey)) {
40 switch (EVP_PKEY_base_id(pkey)) {
41 case NID_id_GostR3410_2001:
42 case NID_id_GostR3410_2001DH:
43 case NID_id_GostR3410_2012_256:
44 case NID_id_GostR3410_2012_512:
46 const EC_GROUP *group =
47 EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey));
49 data->sign_param_nid = EC_GROUP_get_curve_name(group);
59 EVP_PKEY_CTX_set_data(ctx, data);
63 /* Copies contents of gost_pmeth_data structure */
64 static int pkey_gost_copy(EVP_PKEY_CTX *dst, ossl3_const EVP_PKEY_CTX *src)
66 struct gost_pmeth_data *dst_data, *src_data;
67 if (!pkey_gost_init(dst)) {
70 src_data = EVP_PKEY_CTX_get_data(src);
71 dst_data = EVP_PKEY_CTX_get_data(dst);
72 if (!src_data || !dst_data)
75 *dst_data = *src_data;
80 /* Frees up gost_pmeth_data structure */
81 static void pkey_gost_cleanup(EVP_PKEY_CTX *ctx)
83 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
89 /* --------------------- control functions ------------------------------*/
90 static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
92 struct gost_pmeth_data *pctx =
93 (struct gost_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
98 case EVP_PKEY_CTRL_MD:
100 EVP_PKEY *key = EVP_PKEY_CTX_get0_pkey(ctx);
101 int pkey_nid = (key == NULL) ? NID_undef : EVP_PKEY_base_id(key);
103 OPENSSL_assert(p2 != NULL);
105 switch (EVP_MD_type((const EVP_MD *)p2)) {
106 case NID_id_GostR3411_94:
107 if (pkey_nid == NID_id_GostR3410_2001
108 || pkey_nid == NID_id_GostR3410_2001DH
109 || pkey_nid == NID_id_GostR3410_94) {
110 pctx->md = (EVP_MD *)p2;
115 case NID_id_GostR3411_2012_256:
116 if (pkey_nid == NID_id_GostR3410_2012_256) {
117 pctx->md = (EVP_MD *)p2;
122 case NID_id_GostR3411_2012_512:
123 if (pkey_nid == NID_id_GostR3410_2012_512) {
124 pctx->md = (EVP_MD *)p2;
130 GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE);
134 case EVP_PKEY_CTRL_GET_MD:
135 *(const EVP_MD **)p2 = pctx->md;
138 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
139 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
140 case EVP_PKEY_CTRL_PKCS7_SIGN:
141 case EVP_PKEY_CTRL_DIGESTINIT:
142 #ifndef OPENSSL_NO_CMS
143 case EVP_PKEY_CTRL_CMS_ENCRYPT:
144 case EVP_PKEY_CTRL_CMS_DECRYPT:
145 case EVP_PKEY_CTRL_CMS_SIGN:
149 case EVP_PKEY_CTRL_GOST_PARAMSET:
150 pctx->sign_param_nid = (int)p1;
152 case EVP_PKEY_CTRL_SET_IV:
153 if (p1 > sizeof(pctx->shared_ukm) || !p2) {
154 GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_UKM_NOT_SET);
157 memcpy(pctx->shared_ukm, p2, (int)p1);
158 pctx->shared_ukm_size = p1;
160 case EVP_PKEY_CTRL_SET_VKO:
162 case 0: /* switch to KEG */
163 case NID_id_GostR3411_2012_256:
164 case NID_id_GostR3411_2012_512:
167 GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE);
170 pctx->vko_dgst_nid = p1;
172 case EVP_PKEY_CTRL_CIPHER:
174 case NID_magma_ctr_acpkm:
175 case NID_magma_ctr_acpkm_omac:
177 pctx->cipher_nid = NID_magma_ctr;
179 case NID_kuznyechik_ctr_acpkm:
180 case NID_kuznyechik_ctr_acpkm_omac:
181 case NID_kuznyechik_ctr:
182 pctx->cipher_nid = NID_kuznyechik_ctr;
185 pctx->cipher_nid = p1;
188 case EVP_PKEY_CTRL_PEER_KEY:
189 if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */
191 if (p1 == 2) /* TLS: peer key used? */
192 return pctx->peer_key_used;
193 if (p1 == 3) /* TLS: peer key used! */
194 return (pctx->peer_key_used = 1);
198 GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_CTRL_CALL_FAILED);
202 static int pkey_gost_ec_ctrl_str_common(EVP_PKEY_CTX *ctx,
203 const char *type, const char *value)
205 if (0 == strcmp(type, ukm_ctrl_string)) {
206 unsigned char ukm_buf[32], *tmp = NULL;
208 tmp = OPENSSL_hexstr2buf(value, &len);
214 GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_COMMON, GOST_R_CTRL_CALL_FAILED);
217 memcpy(ukm_buf, tmp, len);
220 return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_SET_IV, len, ukm_buf);
221 } else if (strcmp(type, vko_ctrl_string) == 0) {
222 int bits = atoi(value);
223 int vko_dgst_nid = 0;
226 vko_dgst_nid = NID_id_GostR3411_2012_256;
227 else if (bits == 512)
228 vko_dgst_nid = NID_id_GostR3411_2012_512;
229 else if (bits != 0) {
230 GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_COMMON, GOST_R_INVALID_DIGEST_TYPE);
233 return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_SET_VKO, vko_dgst_nid, NULL);
238 static int pkey_gost_ec_ctrl_str_256(EVP_PKEY_CTX *ctx,
239 const char *type, const char *value)
241 if (strcmp(type, param_ctrl_string) == 0) {
247 if (strlen(value) == 1) {
248 switch (toupper((unsigned char)value[0])) {
250 param_nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet;
253 param_nid = NID_id_GostR3410_2001_CryptoPro_B_ParamSet;
256 param_nid = NID_id_GostR3410_2001_CryptoPro_C_ParamSet;
259 param_nid = NID_id_GostR3410_2001_TestParamSet;
264 } else if ((strlen(value) == 2)
265 && (toupper((unsigned char)value[0]) == 'X')) {
266 switch (toupper((unsigned char)value[1])) {
268 param_nid = NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet;
271 param_nid = NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet;
276 } else if ((strlen(value) == 3)
277 && (toupper((unsigned char)value[0]) == 'T')
278 && (toupper((unsigned char)value[1]) == 'C')) {
279 switch (toupper((unsigned char)value[2])) {
281 param_nid = NID_id_tc26_gost_3410_2012_256_paramSetA;
284 param_nid = NID_id_tc26_gost_3410_2012_256_paramSetB;
287 param_nid = NID_id_tc26_gost_3410_2012_256_paramSetC;
290 param_nid = NID_id_tc26_gost_3410_2012_256_paramSetD;
296 R3410_ec_params *p = R3410_2001_paramset;
297 param_nid = OBJ_txt2nid(value);
298 if (param_nid == NID_undef) {
301 for (; p->nid != NID_undef; p++) {
302 if (p->nid == param_nid)
305 if (p->nid == NID_undef) {
306 GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_256,
307 GOST_R_INVALID_PARAMSET);
312 return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
316 return pkey_gost_ec_ctrl_str_common(ctx, type, value);
319 static int pkey_gost_ec_ctrl_str_512(EVP_PKEY_CTX *ctx,
320 const char *type, const char *value)
322 int param_nid = NID_undef;
324 if (strcmp(type, param_ctrl_string))
325 return pkey_gost_ec_ctrl_str_common(ctx, type, value);
330 if (strlen(value) == 1) {
331 switch (toupper((unsigned char)value[0])) {
333 param_nid = NID_id_tc26_gost_3410_2012_512_paramSetA;
337 param_nid = NID_id_tc26_gost_3410_2012_512_paramSetB;
341 param_nid = NID_id_tc26_gost_3410_2012_512_paramSetC;
348 R3410_ec_params *p = R3410_2012_512_paramset;
349 param_nid = OBJ_txt2nid(value);
350 if (param_nid == NID_undef)
353 while (p->nid != NID_undef && p->nid != param_nid)
356 if (p->nid == NID_undef) {
357 GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_512,
358 GOST_R_INVALID_PARAMSET);
363 return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, param_nid, NULL);
366 /* --------------------- key generation --------------------------------*/
368 static int pkey_gost_paramgen_init(EVP_PKEY_CTX *ctx)
373 static int pkey_gost2001_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
375 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
378 if (!data || data->sign_param_nid == NID_undef) {
379 GOSTerr(GOST_F_PKEY_GOST2001_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
384 if (!fill_GOST_EC_params(ec, data->sign_param_nid)
385 || !EVP_PKEY_assign(pkey, NID_id_GostR3410_2001, ec)) {
392 static int pkey_gost2012_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
394 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
398 if (!data || data->sign_param_nid == NID_undef) {
399 GOSTerr(GOST_F_PKEY_GOST2012_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
404 if (!fill_GOST_EC_params(ec, data->sign_param_nid)) {
409 switch (data->sign_param_nid) {
410 case NID_id_tc26_gost_3410_2012_512_paramSetA:
411 case NID_id_tc26_gost_3410_2012_512_paramSetB:
412 case NID_id_tc26_gost_3410_2012_512_paramSetC:
413 case NID_id_tc26_gost_3410_2012_512_paramSetTest:
415 (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_512, ec)) ? 1 : 0;
418 case NID_id_GostR3410_2001_CryptoPro_A_ParamSet:
419 case NID_id_GostR3410_2001_CryptoPro_B_ParamSet:
420 case NID_id_GostR3410_2001_CryptoPro_C_ParamSet:
421 case NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet:
422 case NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet:
423 case NID_id_GostR3410_2001_TestParamSet:
424 case NID_id_tc26_gost_3410_2012_256_paramSetA:
425 case NID_id_tc26_gost_3410_2012_256_paramSetB:
426 case NID_id_tc26_gost_3410_2012_256_paramSetC:
427 case NID_id_tc26_gost_3410_2012_256_paramSetD:
429 (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_256, ec)) ? 1 : 0;
442 /* ----------- keygen callbacks --------------------------------------*/
443 /* Generates GOST_R3410 2001 key and assigns it using specified type */
444 static int pkey_gost2001cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
447 if (!pkey_gost2001_paramgen(ctx, pkey))
449 ec = EVP_PKEY_get0(pkey);
454 /* Generates GOST_R3410 2012 key and assigns it using specified type */
455 static int pkey_gost2012cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
457 if (!pkey_gost2012_paramgen(ctx, pkey))
460 gost_ec_keygen(EVP_PKEY_get0(pkey));
464 /* ----------- sign callbacks --------------------------------------*/
466 * Packs signature according to Cryptopro rules
467 * and frees up ECDSA_SIG structure
469 int pack_sign_cp(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
471 const BIGNUM *sig_r = NULL, *sig_s = NULL;
472 ECDSA_SIG_get0(s, &sig_r, &sig_s);
474 memset(sig, 0, *siglen);
475 store_bignum(sig_s, sig, order);
476 store_bignum(sig_r, sig + order, order);
481 static int pkey_gost_ec_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
482 size_t *siglen, const unsigned char *tbs,
485 ECDSA_SIG *unpacked_sig = NULL;
486 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
494 switch (EVP_PKEY_base_id(pkey)) {
495 case NID_id_GostR3410_2001:
496 case NID_id_GostR3410_2001DH:
497 case NID_id_GostR3410_2012_256:
500 case NID_id_GostR3410_2012_512:
511 unpacked_sig = gost_ec_sign(tbs, tbs_len, EVP_PKEY_get0(pkey));
515 return pack_sign_cp(unpacked_sig, order / 2, sig, siglen);
518 /* ------------------- verify callbacks ---------------------------*/
519 /* Unpack signature according to cryptopro rules */
520 ECDSA_SIG *unpack_cp_signature(const unsigned char *sigbuf, size_t siglen)
523 BIGNUM *r = NULL, *s = NULL;
525 sig = ECDSA_SIG_new();
527 GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE);
530 s = BN_bin2bn(sigbuf, siglen / 2, NULL);
531 r = BN_bin2bn(sigbuf + siglen / 2, siglen / 2, NULL);
532 ECDSA_SIG_set0(sig, r, s);
536 static int pkey_gost_ec_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
537 size_t siglen, const unsigned char *tbs,
541 EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
542 ECDSA_SIG *s = (sig) ? unpack_cp_signature(sig, siglen) : NULL;
546 fprintf(stderr, "R=");
547 BN_print_fp(stderr, ECDSA_SIG_get0_r(s));
548 fprintf(stderr, "\nS=");
549 BN_print_fp(stderr, ECDSA_SIG_get0_s(s));
550 fprintf(stderr, "\n");
553 ok = gost_ec_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
558 /* ------------- encrypt init -------------------------------------*/
559 /* Generates ephermeral key */
560 static int pkey_gost_encrypt_init(EVP_PKEY_CTX *ctx)
565 /* --------------- Derive init ------------------------------------*/
566 static int pkey_gost_derive_init(EVP_PKEY_CTX *ctx)
571 /* -------- PKEY_METHOD for GOST MAC algorithm --------------------*/
572 static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx)
574 struct gost_mac_pmeth_data *data = OPENSSL_malloc(sizeof(*data));
575 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
579 memset(data, 0, sizeof(*data));
581 data->mac_param_nid = NID_undef;
584 struct gost_mac_key *key = EVP_PKEY_get0(pkey);
586 data->mac_param_nid = key->mac_param_nid;
587 data->mac_size = key->mac_size;
591 EVP_PKEY_CTX_set_data(ctx, data);
595 static int pkey_gost_omac_init(EVP_PKEY_CTX *ctx, size_t mac_size)
597 struct gost_mac_pmeth_data *data = OPENSSL_malloc(sizeof(*data));
598 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
602 memset(data, 0, sizeof(*data));
603 data->mac_size = mac_size;
604 data->mac_param_nid = NID_undef;
607 struct gost_mac_key *key = EVP_PKEY_get0(pkey);
609 data->mac_param_nid = key->mac_param_nid;
610 data->mac_size = key->mac_size;
614 EVP_PKEY_CTX_set_data(ctx, data);
618 static int pkey_gost_magma_mac_init(EVP_PKEY_CTX *ctx)
620 return pkey_gost_omac_init(ctx, 8);
623 static int pkey_gost_grasshopper_mac_init(EVP_PKEY_CTX *ctx)
625 return pkey_gost_omac_init(ctx, 16);
628 static void pkey_gost_mac_cleanup(EVP_PKEY_CTX *ctx)
630 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
635 static int pkey_gost_mac_copy(EVP_PKEY_CTX *dst, ossl3_const EVP_PKEY_CTX *src)
637 struct gost_mac_pmeth_data *dst_data, *src_data;
638 if (!pkey_gost_mac_init(dst)) {
641 src_data = EVP_PKEY_CTX_get_data(src);
642 dst_data = EVP_PKEY_CTX_get_data(dst);
643 if (!src_data || !dst_data)
646 *dst_data = *src_data;
650 static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
652 struct gost_mac_pmeth_data *data =
653 (struct gost_mac_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
656 case EVP_PKEY_CTRL_MD:
658 int nid = EVP_MD_type((const EVP_MD *)p2);
659 if (nid != NID_id_Gost28147_89_MAC && nid != NID_gost_mac_12) {
660 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
661 GOST_R_INVALID_DIGEST_TYPE);
664 data->md = (EVP_MD *)p2;
668 case EVP_PKEY_CTRL_GET_MD:
669 *(const EVP_MD **)p2 = data->md;
672 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
673 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
674 case EVP_PKEY_CTRL_PKCS7_SIGN:
676 case EVP_PKEY_CTRL_SET_MAC_KEY:
678 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
682 memcpy(data->key, p2, 32);
685 case EVP_PKEY_CTRL_GOST_PARAMSET:
687 struct gost_cipher_info *param = p2;
688 data->mac_param_nid = param->nid;
691 case EVP_PKEY_CTRL_DIGESTINIT:
693 EVP_MD_CTX *mctx = p2;
694 if (!data->key_set) {
695 struct gost_mac_key *key;
696 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
698 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
699 GOST_R_MAC_KEY_NOT_SET);
702 key = EVP_PKEY_get0(pkey);
704 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
705 GOST_R_MAC_KEY_NOT_SET);
708 return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
709 (mctx, EVP_MD_CTRL_SET_KEY, 0, key);
711 return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
712 (mctx, EVP_MD_CTRL_SET_KEY, 32, &(data->key));
715 case EVP_PKEY_CTRL_MAC_LEN:
717 if (p1 < 1 || p1 > 8) {
719 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_MAC_SIZE);
729 static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx,
730 const char *type, const char *value)
732 if (strcmp(type, key_ctrl_string) == 0) {
733 if (strlen(value) != 32) {
734 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
735 GOST_R_INVALID_MAC_KEY_LENGTH);
738 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
741 if (strcmp(type, hexkey_ctrl_string) == 0) {
744 unsigned char *keybuf = string_to_hex(value, &keylen);
745 if (!keybuf || keylen != 32) {
746 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
747 GOST_R_INVALID_MAC_KEY_LENGTH);
748 OPENSSL_free(keybuf);
751 ret = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, 32, keybuf);
752 OPENSSL_free(keybuf);
756 if (!strcmp(type, maclen_ctrl_string)) {
758 long size = strtol(value, &endptr, 10);
759 if (*endptr != '\0') {
760 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_SIZE);
763 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_MAC_LEN, size, NULL);
765 if (strcmp(type, param_ctrl_string) == 0) {
766 ASN1_OBJECT *obj = OBJ_txt2obj(value, 0);
767 const struct gost_cipher_info *param = NULL;
769 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_PARAMS);
773 param = get_encryption_params(obj);
774 ASN1_OBJECT_free(obj);
776 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_PARAMS);
781 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, 0,
787 static int pkey_gost_omac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2, size_t max_size)
789 struct gost_mac_pmeth_data *data =
790 (struct gost_mac_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
793 case EVP_PKEY_CTRL_MD:
795 int nid = EVP_MD_type((const EVP_MD *)p2);
796 if (nid != NID_magma_mac && nid != NID_grasshopper_mac
797 && nid != NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac /* FIXME beldmit */
798 && nid != NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac) {
799 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL,
800 GOST_R_INVALID_DIGEST_TYPE);
803 data->md = (EVP_MD *)p2;
807 case EVP_PKEY_CTRL_GET_MD:
808 *(const EVP_MD **)p2 = data->md;
811 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
812 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
813 case EVP_PKEY_CTRL_PKCS7_SIGN:
815 case EVP_PKEY_CTRL_SET_MAC_KEY:
817 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
821 memcpy(data->key, p2, 32);
824 case EVP_PKEY_CTRL_DIGESTINIT:
826 EVP_MD_CTX *mctx = p2;
827 if (!data->key_set) {
828 struct gost_mac_key *key;
829 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
831 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL,
832 GOST_R_MAC_KEY_NOT_SET);
835 key = EVP_PKEY_get0(pkey);
837 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL,
838 GOST_R_MAC_KEY_NOT_SET);
841 return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
842 (mctx, EVP_MD_CTRL_SET_KEY, 0, key);
844 return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
845 (mctx, EVP_MD_CTRL_SET_KEY, 32, &(data->key));
848 case EVP_PKEY_CTRL_MAC_LEN:
850 if (p1 < 1 || p1 > max_size) {
852 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL, GOST_R_INVALID_MAC_SIZE);
862 static int pkey_gost_magma_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
864 return pkey_gost_omac_ctrl(ctx, type, p1, p2, 8);
867 static int pkey_gost_grasshopper_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
869 return pkey_gost_omac_ctrl(ctx, type, p1, p2, 16);
872 static int pkey_gost_omac_ctrl_str(EVP_PKEY_CTX *ctx,
873 const char *type, const char *value, size_t max_size)
875 if (strcmp(type, key_ctrl_string) == 0) {
876 if (strlen(value) != 32) {
877 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL_STR,
878 GOST_R_INVALID_MAC_KEY_LENGTH);
881 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
884 if (strcmp(type, hexkey_ctrl_string) == 0) {
887 unsigned char *keybuf = string_to_hex(value, &keylen);
888 if (!keybuf || keylen != 32) {
889 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL_STR,
890 GOST_R_INVALID_MAC_KEY_LENGTH);
891 OPENSSL_free(keybuf);
894 ret = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, 32, keybuf);
895 OPENSSL_free(keybuf);
899 if (!strcmp(type, maclen_ctrl_string)) {
901 long size = strtol(value, &endptr, 10);
902 if (*endptr != '\0') {
903 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL_STR, GOST_R_INVALID_MAC_SIZE);
906 return pkey_gost_omac_ctrl(ctx, EVP_PKEY_CTRL_MAC_LEN, size, NULL, max_size);
911 static int pkey_gost_magma_mac_ctrl_str(EVP_PKEY_CTX *ctx,
912 const char *type, const char *value)
914 return pkey_gost_omac_ctrl_str(ctx, type, value, 8);
917 static int pkey_gost_grasshopper_mac_ctrl_str(EVP_PKEY_CTX *ctx,
918 const char *type, const char *value)
920 return pkey_gost_omac_ctrl_str(ctx, type, value, 8);
923 static int pkey_gost_mac_keygen_base(EVP_PKEY_CTX *ctx,
924 EVP_PKEY *pkey, int mac_nid)
926 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
927 struct gost_mac_key *keydata;
928 if (!data || !data->key_set) {
929 GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN_BASE, GOST_R_MAC_KEY_NOT_SET);
932 keydata = OPENSSL_malloc(sizeof(struct gost_mac_key));
935 memcpy(keydata->key, data->key, 32);
936 keydata->mac_param_nid = data->mac_param_nid;
937 keydata->mac_size = data->mac_size;
938 EVP_PKEY_assign(pkey, mac_nid, keydata);
942 static int pkey_gost_mac_keygen_12(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
944 return pkey_gost_mac_keygen_base(ctx, pkey, NID_gost_mac_12);
947 static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
949 return pkey_gost_mac_keygen_base(ctx, pkey, NID_id_Gost28147_89_MAC);
952 static int pkey_gost_magma_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
954 return pkey_gost_mac_keygen_base(ctx, pkey, NID_magma_mac);
957 static int pkey_gost_grasshopper_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
959 return pkey_gost_mac_keygen_base(ctx, pkey, NID_grasshopper_mac);
962 static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
964 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
967 pkey_gost_mac_init(ctx);
970 data = EVP_PKEY_CTX_get_data(ctx);
972 GOSTerr(GOST_F_PKEY_GOST_MAC_SIGNCTX_INIT, GOST_R_MAC_KEY_NOT_SET);
979 static int pkey_gost_magma_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
981 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
984 pkey_gost_omac_init(ctx, 4);
987 data = EVP_PKEY_CTX_get_data(ctx);
989 GOSTerr(GOST_F_PKEY_GOST_MAGMA_MAC_SIGNCTX_INIT, GOST_R_MAC_KEY_NOT_SET);
996 static int pkey_gost_grasshopper_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
998 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
1001 pkey_gost_omac_init(ctx, 8);
1004 data = EVP_PKEY_CTX_get_data(ctx);
1006 GOSTerr(GOST_F_PKEY_GOST_GRASSHOPPER_MAC_SIGNCTX_INIT, GOST_R_MAC_KEY_NOT_SET);
1013 static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
1014 size_t *siglen, EVP_MD_CTX *mctx)
1016 unsigned int tmpsiglen;
1018 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
1022 tmpsiglen = *siglen; /* for platforms where sizeof(int) !=
1026 *siglen = data->mac_size;
1030 EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
1031 (mctx, EVP_MD_CTRL_XOF_LEN, data->mac_size, NULL);
1032 ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen);
1033 *siglen = data->mac_size;
1037 /* ----------- misc callbacks -------------------------------------*/
1039 /* Callback for both EVP_PKEY_check() and EVP_PKEY_public_check. */
1040 static int pkey_gost_check(EVP_PKEY *pkey)
1042 return EC_KEY_check_key(EVP_PKEY_get0(pkey));
1045 /* ----------------------------------------------------------------*/
1046 int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags)
1048 *pmeth = EVP_PKEY_meth_new(id, flags);
1053 case NID_id_GostR3410_2001:
1054 case NID_id_GostR3410_2001DH:
1055 EVP_PKEY_meth_set_ctrl(*pmeth,
1056 pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256);
1057 EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
1058 EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify);
1060 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2001cp_keygen);
1062 EVP_PKEY_meth_set_encrypt(*pmeth,
1063 pkey_gost_encrypt_init,
1065 EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_gost_decrypt);
1066 EVP_PKEY_meth_set_derive(*pmeth,
1067 pkey_gost_derive_init, pkey_gost_ec_derive);
1068 EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,
1069 pkey_gost2001_paramgen);
1070 EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check);
1071 EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check);
1073 case NID_id_GostR3410_2012_256:
1074 EVP_PKEY_meth_set_ctrl(*pmeth,
1075 pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256);
1076 EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
1077 EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify);
1079 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2012cp_keygen);
1081 EVP_PKEY_meth_set_encrypt(*pmeth,
1082 pkey_gost_encrypt_init,
1084 EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_gost_decrypt);
1085 EVP_PKEY_meth_set_derive(*pmeth,
1086 pkey_gost_derive_init, pkey_gost_ec_derive);
1087 EVP_PKEY_meth_set_paramgen(*pmeth,
1088 pkey_gost_paramgen_init,
1089 pkey_gost2012_paramgen);
1090 EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check);
1091 EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check);
1093 case NID_id_GostR3410_2012_512:
1094 EVP_PKEY_meth_set_ctrl(*pmeth,
1095 pkey_gost_ctrl, pkey_gost_ec_ctrl_str_512);
1096 EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
1097 EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify);
1099 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2012cp_keygen);
1101 EVP_PKEY_meth_set_encrypt(*pmeth,
1102 pkey_gost_encrypt_init,
1104 EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_gost_decrypt);
1105 EVP_PKEY_meth_set_derive(*pmeth,
1106 pkey_gost_derive_init, pkey_gost_ec_derive);
1107 EVP_PKEY_meth_set_paramgen(*pmeth,
1108 pkey_gost_paramgen_init,
1109 pkey_gost2012_paramgen);
1110 EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check);
1111 EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check);
1113 case NID_id_Gost28147_89_MAC:
1114 EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl,
1115 pkey_gost_mac_ctrl_str);
1116 EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init,
1117 pkey_gost_mac_signctx);
1118 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_mac_keygen);
1119 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init);
1120 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
1121 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
1123 case NID_gost_mac_12:
1124 EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl,
1125 pkey_gost_mac_ctrl_str);
1126 EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init,
1127 pkey_gost_mac_signctx);
1128 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_mac_keygen_12);
1129 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init);
1130 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
1131 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
1134 EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_magma_mac_ctrl,
1135 pkey_gost_magma_mac_ctrl_str);
1136 EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_magma_mac_signctx_init,
1137 pkey_gost_mac_signctx);
1138 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_magma_mac_keygen);
1139 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_magma_mac_init);
1140 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
1141 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
1143 case NID_grasshopper_mac:
1144 case NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac: /* FIXME beldmit */
1145 EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_grasshopper_mac_ctrl,
1146 pkey_gost_grasshopper_mac_ctrl_str);
1147 EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_grasshopper_mac_signctx_init,
1148 pkey_gost_mac_signctx);
1149 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_grasshopper_mac_keygen);
1150 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_grasshopper_mac_init);
1151 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
1152 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
1154 default: /* Unsupported method */
1157 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_init);
1158 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_cleanup);
1160 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_copy);
1162 * FIXME derive etc...
projects / openssl-gost / engine.git / blob